Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp939616pxb; Wed, 3 Mar 2021 21:50:51 -0800 (PST) X-Google-Smtp-Source: ABdhPJxLtGkMnt7RYMXzGM10uXpAz/tOOwLltStav9lHfFNn+rRDFvw2TFIL48dLvsJrvk/5HdE+ X-Received: by 2002:aa7:d4d2:: with SMTP id t18mr2562170edr.342.1614837051664; Wed, 03 Mar 2021 21:50:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614837051; cv=none; d=google.com; s=arc-20160816; b=gYVqN1z3hoIyUGI/KdCfGKbhr7FhS5nqMFqYpW66iay+VUQvGX8+29vtFpLiXxTbLN UF9rWAQAy0C62LJde2fEsoxh9Z0lSH6WRtnsyhaA+IuOcUCHmqnDSJC8gMVvZVeY8k3Z OJlzMAMglCmEuKb6X6+qkHxk+lx3ZtEigFkqJ5MF+15+YERndlMq+DtIy6X8mv7vUsxV dzP9gi36sxJQinUehSmQUQMi0Oa/6fcA+jKWA8RpMo47jBT/s0K6xCfPXXOFi3gUxeYR +geh6JSBcHnEsFwn/rgdSOY0FjkwfcWKmh86Nhvn3GaUjnHEY+ds1mIW2PQuHiBYebSn I2wQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=aE+beNEvjt+160qICUV7IW22PMXdqkQSosAMIz1xiew=; b=PRrRzJsG8V7wpxS/wC5Kh27FMLxFOCxmXl5iHhSvSxntMn3KtIBEoeiKY+jvTZiUdq khPb+QoXaRl+1xWJQA6OEcT+eGtRQMn/2e+kEjaQZO9NrcPWDKb3UrmqUVvHUipO/+N2 ML35an2iAp/J4tQRlfxa0iTRrcwcufZT7iETpxA9Rpf70/Ebw11i6XCU3ZW8GaPkF1/g FZZdK0I72JjuZXGgGY99nppvQQKFtOyrV3m8i89frUTfgjwclDOPxrXPK31au4w46iYZ 4PH5ZadB/7Qk8TJ/EdopGazsuUQ7L7mo/qIgKLHr6Ug98wjpTbE3jW6AmdJDIr82x3zy cD8A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=WXL+m7DR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id zc18si725016ejb.148.2021.03.03.21.50.29; Wed, 03 Mar 2021 21:50:51 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=WXL+m7DR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1836339AbhCBHBB (ORCPT + 99 others); Tue, 2 Mar 2021 02:01:01 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40422 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347733AbhCBFzi (ORCPT ); Tue, 2 Mar 2021 00:55:38 -0500 Received: from mail-ej1-x62a.google.com (mail-ej1-x62a.google.com [IPv6:2a00:1450:4864:20::62a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A0051C06178A for ; Mon, 1 Mar 2021 21:54:50 -0800 (PST) Received: by mail-ej1-x62a.google.com with SMTP id ci14so13939112ejc.7 for ; Mon, 01 Mar 2021 21:54:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=aE+beNEvjt+160qICUV7IW22PMXdqkQSosAMIz1xiew=; b=WXL+m7DRhhTeLqDdtfvsyVgKScs9OwWTmM/xgUe1SyOWhjUzhsDJTrwJgnKsw75Jn6 rtjD67UCYwKWCmc8PPl/ipC/XXRzZT43+wZclDZFNHQ67r9WBWIXh6Tj8h73YLm37uJ0 2yhEwxOqEjfinVj5VgHs1UEPPrNj4eIJhUzHsYNvLmW9Bp6oYIVU5LKQeJRReb3akX1m 7aKWpkdEPl80e5a7FTjDxsGmtRQYuniOjkqtYtItmtjkFtV4UwGx5nVC+fU5GZN6R4QY s8renkHa7QhI+BcnrvbcXFHgDxp3tAuBOlcI+Qlmbzxneh+0jZP3is0fvU6yt+2Z2jlN Z5eg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=aE+beNEvjt+160qICUV7IW22PMXdqkQSosAMIz1xiew=; b=jWatVbo8XDNROIYjE9tDr0pn1FB8az5WUW2kQYzoX5RK2P3SIc2S44KOysgHDvQcFz dwjkFUI9qiZpvOQ6XIgpfwJEE1+o0KRJi89BMqH+/cGGn0gbpXEM/ZaxYfL1CFq+inOi oZ995nzUF1kILDKDuSXveJmrkOevbNgZwZ1mdu5wHqfrmjAnm6YEj1xppP/jknvnkVS4 Vq1ZOXDTlLm0WKIrY01fuMubShzh0TBtHxlWD9fNY4BXbDdUocCFhjFkb4oWpcJR8xj8 KOa3QQJDq2u9hCcjw5WBRLPGQnVr7Y/71jsrtU4MP5XeBW5qsKFI/cJL/LBQXnHxywhW GZog== X-Gm-Message-State: AOAM533MvIUiDbZIsX4yufNRkmVMzjA2EWQkNKslFR3+664mJrtz9rK+ n0/m0u6vv380XZkDZ8Iq5OYBlUGNWC0lxeghs9TIpQ== X-Received: by 2002:a17:906:a896:: with SMTP id ha22mr19188137ejb.503.1614664489221; Mon, 01 Mar 2021 21:54:49 -0800 (PST) MIME-Version: 1.0 References: <20210301051836.30738-1-tianjia.zhang@linux.alibaba.com> <3bcdcf04-4bed-ed95-84b6-790675f18240@linux.alibaba.com> In-Reply-To: <3bcdcf04-4bed-ed95-84b6-790675f18240@linux.alibaba.com> From: Andy Lutomirski Date: Mon, 1 Mar 2021 21:54:37 -0800 Message-ID: Subject: Re: [PATCH] selftests/sgx: fix EINIT failure dueto SGX_INVALID_SIGNATURE To: Tianjia Zhang Cc: Jarkko Sakkinen , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Sean Christopherson , Shuah Khan , X86 ML , linux-sgx@vger.kernel.org, "open list:KERNEL SELFTEST FRAMEWORK" , LKML , Jia Zhang Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 1, 2021 at 9:06 PM Tianjia Zhang wrote: > > > > On 3/1/21 5:54 PM, Jarkko Sakkinen wrote: > > On Mon, Mar 01, 2021 at 01:18:36PM +0800, Tianjia Zhang wrote: > >> q2 is not always 384-byte length. Sometimes it only has 383-byte. > > > > What does determine this? > > > >> In this case, the valid portion of q2 is reordered reversely for > >> little endian order, and the remaining portion is filled with zero. > > > > I'm presuming that you want to say "In this case, q2 needs to be reversed because...". > > > > I'm lacking these details: > > > > 1. Why the length of Q2 can vary? > > 2. Why reversing the bytes is the correct measure to counter-measure > > this variation? > > > > /Jarkko > > > > When use openssl to generate a key instead of using the built-in > sign_key.pem, there is a probability that will encounter this problem. > > Here is a problematic key I encountered. The calculated q1 and q2 of > this key are both 383 bytes, If the length is not processed, the > hardware signature will fail. Presumably the issue is that some keys have parameters that have enough leading 0 bits to be effectively shorter. The openssl API (and, sadly, a bunch of the ASN.1 stuff) treats these parameters as variable-size integers. > > -----BEGIN RSA PRIVATE KEY----- > MIIG4gIBAAKCAYEAnWxc9HyjCuLWtFVKm0xrkHimyeTEdx7LJpRzm07M/gLFxqwV > bFEFL1SdK912H8S0yRKGzCTqrEa0AKaBhIzw19OgW1jIQx9+ybENnIYh4O+YGwKH > ngTAw5Xfuw8iaPeLe3Pujg4h7ePI4cx6C98KM2tDHb0GeN35wM/2AxaWmuwMGosv > kbNN2EN9zQVLIkaUtCJHH8UlfZ+QQVO32Mij46wO4O4783Hgr7PUmI7LCkk31vBT > fzPch6LSgBy6UvtvBfJWo+t/Rk5aGm90JchY4+H1/23vwpkmKhRazBDbUeHVcX7f > ytwJkmODIjbiapB6gf0AxQooIwJaqdRKddn/BB/IAkanG0m6COuvgP2Z9256U262 > GvEWf+IHY2/DmoivAcc/koYHrRjNgcak8nPq9iTE4R9jPFj41+2r5k3AycCGlt75 > HdYP1oZ/F0nTKp8yGOsf61DXaQLXPnPyjQunKGjBQONJb7Kj/8TOJjSuh7cdRqRP > OXGZPwOEkhKU4QwtAgEDAoIBgGjy6KL9wgdB5Hg43GeIR7WlxIaYgvoUh28NomeJ > 3f6sg9nIDkg2A3TjE3KTpBUtzdthrzLDRx2EeABvAQMIoI/iaueQhYIU/zEgs72u > wUCfurysWmlYgIJj6ny0wZtPslJNSbQJa/PtMJaIUV0/XCJHghPTWaXpUSs1Tqy5 > ubydXWcHdQvM3pAs/oiuMhbZuHgW2hUuGP5qYCuNJTswbUJytJX0J/ehQHUijbsJ > 3LGGJTn1jP936FpsjFVofDdSSPgwF5a8TgxtIHNK8cuXq2gyblmo7afszujVJhib > VqbYtL9UYwg/oibI+hFGxMGgDUqQlZg9E7/1QnMNRsubm7sWBO+hTA+fdwVY7+zh > CtOLb7XDbHWF1+k+DDd2m4SibyBr7zsHkIO9DoDwHWvCSW+SICcfdTeCmxGPYfeZ > P8QDxWj25zjS8e93/zgyMuiQY8T6AEajFU0VIZfhoHKeOYs8Vg3T30z+SwSVsTLl > DDFq2PHkYg7dG14n3iFa0DXckwKBwQDOmlmLVVIVPQcDreS2sLkO/a44zzIyFwvA > eItWkBWSF/1nY8Nh0dDw7Hn8QRMHoxC4pLjTxsGMLD9f5YAXZueRcjOuhnDfalpB > 5M11A9QKQFB0ar/viq5Kyl6Jxv3PFdkszaRcwmxCdhjv/OL4kxfZ1gEvqeZLPLh5 > fWdyNQrXBhbGrfmDQfs/d+yMmHzvJJ7rO9VXKHhqMU1QkjQFh7AjOj6PI58oEE8F > eND4d+0Y5Mi4F+1jvBvshNbjcgPFjnMCgcEAww/Ztnu4Hm2iadEkvbQeuJiiQCFZ > FJ7kDFwWUJfDxYTI6xyH3KrFZ0mSDAuoQH1V2X9njOfI9uY3nVrgLQmt2gyM7E5E > JHAtPwF6KKg1r90CTl7Tex2kVzqWhnbchH8vJFe0XThCpQce0GGV2D1k9POTdsZN > HdhXxBkxgLLWTLTHsr6kxVepr9qTtmYJ3qH9hjhKKjO/CzHXig9N25agtFQBnQHb > VCTkc2tzYWUvJLIPI7XOv2nURULgfJhYyrLfAoHBAIm8O7I44WN+BK0emHnLJgn+ > dCXfdswPXSr7B48KuQwP/kTtLOvhNfXy+/2At1pstdBt0I0vK7LIKj/uVWTvRQuh > d8mu9epG5taYiPitOAbVivhHKp+xyYcxlFvZ/ooOkMiJGD3W8tb5ZfVTQfsMupE5 > Vh/GmYd90FD+RPbOBzoEDy8epleBUipP8whlqJ9tv0d9OOTFpZwg3jW2zVkFIBd8 > KbTCahq1igOl4KWlSLtDMHq6nkJ9Z/MDOez2rS5e9wKBwQCCCpEkUnq+88Gb4MMp > Ir8luxbVa5C4ae1dkrmLD9fZAzCcva/ocdjvhmFdXRrVqOPmVO+zRTCkmXpo50Ae > BnPmswidiYLC9XN/VlFwcCPKk1be6eJSE8Lk0bmu+ehYVMoYOng+JYHDWhSK67k6 > 05ijTQz52Yi+kDqCu3ZVzI7dzdp3KcMuOnEf5w0kRAaUa/5ZetwcIn9cy+UGtN6S > ZGsi4qu+ATziw0L3nPeWQ3TDIV9tI98qRo2Dger9uuXcdz8CgcA1J+UJh7WX9kT4 > OBIKkb1TftyT2LZyzBh2LcrueUIU3gka8IqI6X/B9lB6WTLCtuBGWZZLRAuuuWlL > nEm2TuTtU0Ir7/3lnZ/Fmc5/Ams4cGfxl1oXdiXoARSLR6HdvIIBZ8GdUqISR1M1 > IMMQtRIWomsRCfN0IUvgi0bTUkE5dZp8UFThZp22CahWgEq5h63pNF0K8hHdEyWb > aaMCoAFhIcU4UBUDUxREyY7y1eUCWKAl0B4xEvJoxolbYyTvQB4= > -----END RSA PRIVATE KEY----- > > good luck! > > Tianjia > -- Andy Lutomirski AMA Capital Management, LLC