Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp3569297iog; Mon, 27 Jun 2022 20:21:08 -0700 (PDT) X-Google-Smtp-Source: AGRyM1v8QK93oihJiPwkN4+GcT5vfDZX63QbG7KwZV+hbaL0SZc4Pp0COx6x2Ey6mfLQ/QhgaFa1 X-Received: by 2002:a05:6402:2047:b0:435:67e0:44fe with SMTP id bc7-20020a056402204700b0043567e044femr20225674edb.360.1656386468243; Mon, 27 Jun 2022 20:21:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1656386468; cv=none; d=google.com; s=arc-20160816; b=c/yB2MPUA8suNc7Dcd8HFtwTa4b0h6V8n66SXUIZ8PdGFgNfy5qRudKyIcXVAMPt3c Y6AVdbARkceK7uDbd2GCWV8WiTY41/PJ8XSNss6vWbmw8Cu/zCtAuGUD1S5Hr1NP2xQp 7DOhP66KWUr7OWfRutIpzv97z3SS183sSU5ZEqX272YM9Bx0V5M+qZla2NaczEE98w4n OrugfRK+eQnSfm6HmVo6Z7AGlfg5A9NkJ+JGYxYcAxk9p333zmeXS/AG4KWIOc4RMwBl 6s3BgJvB3+2b45NTaUCQUu5B0aT9nrEiQ9fyrhmuTT9Wiji5GK45c9wZpD0N9vLqHfNe pLbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=w015tRgI8QWd2Wp0IeTr551eFeq9k89P8klJP38vWG8=; b=EIC9C5bgI7XjB/s8uoBrvV2uAHs5nf8uC3aQBVw/w35yIyYLla9Q7N518jgqqGFaGc dffcIZsVsXWCcx6GzCMFRLUQInMgM2nSpRtLQl8ztBrxGg2SG7wjeVOwqdZJbOjAXbGH cNReFjwjejqaY3XF1dgSz3rV2xqiTy/fGmCTSKdlHQiJ8aANXqaU75tWXIg85VKyySNC 9SCbDgabVDK0QbkvmXROSW/u1PPcXCCOZM68j3qETKvT0TzS0jbDZjtD/yLJJMOypWjw 8hrP6HTkKpQoR9peX3bVXd+y9F+IrbiYEIG00z1Pa9u7g4egWaNyficsfbMIgurFtG0F pZHA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n25-20020aa7c459000000b00435802a2e93si13536556edr.504.2022.06.27.20.20.29; Mon, 27 Jun 2022 20:21:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229543AbiF1DQD (ORCPT + 99 others); Mon, 27 Jun 2022 23:16:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38196 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229872AbiF1DQC (ORCPT ); Mon, 27 Jun 2022 23:16:02 -0400 Received: from out30-45.freemail.mail.aliyun.com (out30-45.freemail.mail.aliyun.com [115.124.30.45]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E73661706F; Mon, 27 Jun 2022 20:15:58 -0700 (PDT) X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R181e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018045168;MF=tianjia.zhang@linux.alibaba.com;NM=1;PH=DS;RN=9;SR=0;TI=SMTPD_---0VHfHwgb_1656386154; Received: from 30.240.101.24(mailfrom:tianjia.zhang@linux.alibaba.com fp:SMTPD_---0VHfHwgb_1656386154) by smtp.aliyun-inc.com; Tue, 28 Jun 2022 11:15:55 +0800 Message-ID: Date: Tue, 28 Jun 2022 11:15:53 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.9.1 Subject: Re: [PATCH v2 RESEND] KEYS: asymmetric: enforce SM2 signature use pkey algo Content-Language: en-US To: Jarkko Sakkinen Cc: David Howells , Herbert Xu , "David S. Miller" , Gilad Ben-Yossef , Eric Biggers , keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org References: <20220627092027.20858-1-tianjia.zhang@linux.alibaba.com> From: Tianjia Zhang In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-9.9 required=5.0 tests=BAYES_00, ENV_AND_HDR_SPF_MATCH,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hi Jarkko, On 6/28/22 7:14 AM, Jarkko Sakkinen wrote: > On Mon, Jun 27, 2022 at 05:20:27PM +0800, Tianjia Zhang wrote: >> The signature verification of SM2 needs to add the Za value and >> recalculate sig->digest, which requires the detection of the pkey_algo >> in public_key_verify_signature(). As Eric Biggers said, the pkey_algo >> field in sig is attacker-controlled and should be use pkey->pkey_algo >> instead of sig->pkey_algo, and secondly, if sig->pkey_algo is NULL, it >> will also cause signature verification failure. >> >> The software_key_determine_akcipher() already forces the algorithms >> are matched, so the SM3 algorithm is enforced in the SM2 signature, >> although this has been checked, we still avoid using any algorithm >> information in the signature as input. >> >> Fixes: 215525639631 ("X.509: support OSCCA SM2-with-SM3 certificate verification") >> Reported-by: Eric Biggers >> Cc: stable@vger.kernel.org # v5.10+ >> Signed-off-by: Tianjia Zhang >> --- >> crypto/asymmetric_keys/public_key.c | 6 +++--- >> 1 file changed, 3 insertions(+), 3 deletions(-) >> >> diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c >> index 7c9e6be35c30..3f17ee860f89 100644 >> --- a/crypto/asymmetric_keys/public_key.c >> +++ b/crypto/asymmetric_keys/public_key.c >> @@ -309,7 +309,8 @@ static int cert_sig_digest_update(const struct public_key_signature *sig, >> if (ret) >> return ret; >> >> - tfm = crypto_alloc_shash(sig->hash_algo, 0, 0); >> + /* SM2 signatures always use the SM3 hash algorithm */ >> + tfm = crypto_alloc_shash("sm3", 0, 0); > > So, why this should not validate sig->hash_alog *to be* "sm3"? > > I.e. add instead guard before crypto_alloc_hash: > > if (strncmp(sig->hash_algo, "sm3") != 0) { > /* error */ > } > /* continue */ > Thanks, it's reasonable and I'll take your advice. Best regards, Tianjia