Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp1532936pxb; Tue, 8 Feb 2022 21:21:23 -0800 (PST) X-Google-Smtp-Source: ABdhPJzf8CdHNek4O0cgGQW9wXeuhwitZcZ3TACBji/0NPJ+7Jd678Y2NCsfxev6Jy7EWWQrR9DU X-Received: by 2002:a62:1643:: with SMTP id 64mr514243pfw.55.1644384083723; Tue, 08 Feb 2022 21:21:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1644384083; cv=none; d=google.com; s=arc-20160816; b=wJLR+RqBCkVjXPRREuadJ///+83mvcs+gfqqXmhHtK52h8MRrRjoLFAU28A6MrBE/E Ijn0oLQAjqt9oxuEMG/JTGQqlvY8vR4GIHtF10rtyhs9OBtfwCjJEu5ha++ZhJOl1i2N WrX/YJvkfgDByjlVQx+fZADfI+goLiwVK1paJuFU1PhBqfL8lAa7lcDS4I8AKFjju8yi bRV4p3MptoAfrHLZVggXUUtwdqhPK8ekakKQRTh8ohl5h/1rp0dVYuDIxika2AzE4jqW OMXICStkZkJaCeGr2qmOPrwlq9O+G4plBkeJKRdd4U/VXJ/Dt0rWgUcKFk0PeTyJMT3I bMLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=ZS5kOrZMvDTlTn6RZW65YR2/ruoih01xuAHw7P4+V7o=; b=s62gFUQx5KlqbO8R8/oBTPidfcINw4Z/l2dJ2jAhJltqN6JWykNlZQMmDgdDP/AhTz Xn6Sg8QO4/egacJCbSwHlK4v2g5zkjemnp4hzUa2eru1c1M8bGs5RpS/4x70E1GurkUc +7aPniSglLm6TOrqR1+0OYrtot3IruiOF0eEV1lTFYaaYT0RG3+NyPmaVF94xhlJKnpd Ous9nR2xLTtllvfWMjbFAHIeeBzW4aS8JX0na1mqGzIWJaCDSmADY8icTixokh8ovm5l uqNU/eaI61O5la0zEB0z2SbecZ2y1OCZwLObuA4kK0bpifwEMypFfq6FUWTozz/kOLn7 cSKA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id u10si2660647pfc.18.2022.02.08.21.21.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Feb 2022 21:21:23 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 25483C035441; Tue, 8 Feb 2022 21:20:58 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1358867AbiBGNAC (ORCPT + 99 others); Mon, 7 Feb 2022 08:00:02 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54696 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1388333AbiBGLnd (ORCPT ); Mon, 7 Feb 2022 06:43:33 -0500 Received: from out30-44.freemail.mail.aliyun.com (out30-44.freemail.mail.aliyun.com [115.124.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D1427C043181; Mon, 7 Feb 2022 03:43:31 -0800 (PST) X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R151e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e04400;MF=tianjia.zhang@linux.alibaba.com;NM=1;PH=DS;RN=13;SR=0;TI=SMTPD_---0V3r3syy_1644234208; Received: from localhost(mailfrom:tianjia.zhang@linux.alibaba.com fp:SMTPD_---0V3r3syy_1644234208) by smtp.aliyun-inc.com(127.0.0.1); Mon, 07 Feb 2022 19:43:28 +0800 From: Tianjia Zhang To: Eric Biggers , Mimi Zohar , Vitaly Chikunov , Stefan Berger , Jarkko Sakkinen , "Gilad Ben-Yossef" , David Howells , Herbert Xu , "David S. Miller" , keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org Cc: Tianjia Zhang Subject: [PATCH] KEYS: asymmetric: enforce SM2 signature use pkey algo Date: Mon, 7 Feb 2022 19:43:27 +0800 Message-Id: <20220207114327.7929-1-tianjia.zhang@linux.alibaba.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220201003414.55380-1-ebiggers@kernel.org> References: <20220201003414.55380-1-ebiggers@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI, SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The signature verification of SM2 needs to add the Za value and recalculate sig->digest, which requires the detection of the pkey_algo in public_key_verify_signature(). As Eric Biggers said, the pkey_algo field in sig is attacker-controlled and should be use pkey->pkey_algo instead of sig->pkey_algo, and secondly, if sig->pkey_algo is NULL, it will also cause signature verification failure. The software_key_determine_akcipher() already forces the algorithms are matched, so the SM3 algorithm is enforced in the SM2 signature, although this has been checked, we still avoid using any algorithm information in the signature as input. Reported-by: Eric Biggers Signed-off-by: Tianjia Zhang --- crypto/asymmetric_keys/public_key.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index a603ee8afdb8..ea9a5501f87e 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -309,7 +309,8 @@ static int cert_sig_digest_update(const struct public_key_signature *sig, if (ret) return ret; - tfm = crypto_alloc_shash(sig->hash_algo, 0, 0); + /* SM2 signatures always use the SM3 hash algorithm */ + tfm = crypto_alloc_shash("sm3", 0, 0); if (IS_ERR(tfm)) return PTR_ERR(tfm); @@ -414,8 +415,7 @@ int public_key_verify_signature(const struct public_key *pkey, if (ret) goto error_free_key; - if (sig->pkey_algo && strcmp(sig->pkey_algo, "sm2") == 0 && - sig->data_size) { + if (strcmp(pkey->pkey_algo, "sm2") == 0 && sig->data_size) { ret = cert_sig_digest_update(sig, tfm); if (ret) goto error_free_key; -- 2.34.1