All of lore.kernel.org
 help / color / mirror / Atom feed
From: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
To: Eric Biggers <ebiggers@google.com>,
	Mimi Zohar <zohar@linux.ibm.com>,
	Vitaly Chikunov <vt@altlinux.org>,
	Stefan Berger <stefanb@linux.ibm.com>,
	Jarkko Sakkinen <jarkko@kernel.org>,
	"Gilad Ben-Yossef" <gilad@benyossef.com>,
	David Howells <dhowells@redhat.com>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	"David S. Miller" <davem@davemloft.net>,
	keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
	linux-integrity@vger.kernel.org
Cc: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Subject: [PATCH] KEYS: asymmetric: enforce SM2 signature use pkey algo
Date: Mon,  7 Feb 2022 19:43:27 +0800	[thread overview]
Message-ID: <20220207114327.7929-1-tianjia.zhang@linux.alibaba.com> (raw)
In-Reply-To: <20220201003414.55380-1-ebiggers@kernel.org>

The signature verification of SM2 needs to add the Za value and
recalculate sig->digest, which requires the detection of the pkey_algo
in public_key_verify_signature(). As Eric Biggers said, the pkey_algo
field in sig is attacker-controlled and should be use pkey->pkey_algo
instead of sig->pkey_algo, and secondly, if sig->pkey_algo is NULL, it
will also cause signature verification failure.

The software_key_determine_akcipher() already forces the algorithms
are matched, so the SM3 algorithm is enforced in the SM2 signature,
although this has been checked, we still avoid using any algorithm
information in the signature as input.

Reported-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
---
 crypto/asymmetric_keys/public_key.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index a603ee8afdb8..ea9a5501f87e 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -309,7 +309,8 @@ static int cert_sig_digest_update(const struct public_key_signature *sig,
 	if (ret)
 		return ret;
 
-	tfm = crypto_alloc_shash(sig->hash_algo, 0, 0);
+	/* SM2 signatures always use the SM3 hash algorithm */
+	tfm = crypto_alloc_shash("sm3", 0, 0);
 	if (IS_ERR(tfm))
 		return PTR_ERR(tfm);
 
@@ -414,8 +415,7 @@ int public_key_verify_signature(const struct public_key *pkey,
 	if (ret)
 		goto error_free_key;
 
-	if (sig->pkey_algo && strcmp(sig->pkey_algo, "sm2") == 0 &&
-	    sig->data_size) {
+	if (strcmp(pkey->pkey_algo, "sm2") == 0 && sig->data_size) {
 		ret = cert_sig_digest_update(sig, tfm);
 		if (ret)
 			goto error_free_key;
-- 
2.34.1


  parent reply	other threads:[~2022-02-07 13:00 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-02-01  0:34 [PATCH 0/2] Fix bugs in public_key_verify_signature() Eric Biggers
2022-02-01  0:34 ` [PATCH 1/2] KEYS: asymmetric: enforce that sig algo matches key algo Eric Biggers
2022-02-02  2:52   ` Vitaly Chikunov
2022-02-02  3:10     ` Eric Biggers
2022-02-02  3:22       ` Eric Biggers
2022-02-02  5:20       ` Vitaly Chikunov
2022-02-21  1:43   ` Jarkko Sakkinen
2022-03-04 19:26     ` Eric Biggers
2022-03-05  5:51       ` Jarkko Sakkinen
2022-02-01  0:34 ` [PATCH 2/2] KEYS: asymmetric: properly validate hash_algo and encoding Eric Biggers
2022-02-21  1:46   ` Jarkko Sakkinen
2022-02-21  2:21     ` Eric Biggers
2022-02-21 20:16       ` Jarkko Sakkinen
2022-02-01  2:38 ` [PATCH 0/2] Fix bugs in public_key_verify_signature() Stefan Berger
2022-02-07  7:45 ` Tianjia Zhang
2022-02-07 11:43 ` Tianjia Zhang [this message]
2022-02-08  5:35   ` [PATCH] KEYS: asymmetric: enforce SM2 signature use pkey algo Eric Biggers
2022-02-08  9:45     ` Tianjia Zhang
2022-02-21  1:49   ` Jarkko Sakkinen
2022-02-21  2:43     ` Tianjia Zhang
2022-02-21 20:17       ` Jarkko Sakkinen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220207114327.7929-1-tianjia.zhang@linux.alibaba.com \
    --to=tianjia.zhang@linux.alibaba.com \
    --cc=davem@davemloft.net \
    --cc=dhowells@redhat.com \
    --cc=ebiggers@google.com \
    --cc=gilad@benyossef.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=jarkko@kernel.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=stefanb@linux.ibm.com \
    --cc=vt@altlinux.org \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.