Received: by 2002:a05:6500:1b8f:b0:1fa:5c73:8e2d with SMTP id df15csp338783lqb; Tue, 28 May 2024 18:15:08 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWYSHjk/WL1csoY2YvbGrxIEsEyr4bO9qQ5jcx1gm+98hoOZEScR7+Un0WVYK8cU04QKhKWLSB4X4BZhgLFLL5wfjB7VPYA+luc3NzSOg== X-Google-Smtp-Source: AGHT+IGt9YLhggBbz0DDePWHkJGis60wiwZxf4oba/Sve8a5/bqw3H2Qp6+WnRefzy3EENaVE9h+ X-Received: by 2002:a05:6358:99a9:b0:18f:6026:2d6a with SMTP id e5c5f4694b2df-197e54663e5mr1764667655d.21.1716945308551; Tue, 28 May 2024 18:15:08 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716945308; cv=pass; d=google.com; s=arc-20160816; b=KzJdiynHB6+smyIeBi+ofV/zaNZ5O8AJv8BD3uz9Rk6ldzPvY9LVZgEdvjJV+ljhvY yk0dRUJNpxFm7FP25Gr+wrGxfKzaHf01pwpmlcQ9dV7rs0lG/xQ733+nAb2wg3SCjBeV rwmZnCNoAJtRDbeXeP+TWbMwY3v1zlQkLCX0oBF6YKaiK0erBL9LPIpjvFPop+bOO+aT 1AkhLOqK5Dn4OI4tL5wSdt4DYPLw1d6X1bVyO4pvd6s+aNv4ZARUReblFvKfNZpIm14L BliSEBcgnIqrp/U8GHIJUfRtkp6CpqaBRU8dVE5StgD5D8R1qSrX/AyGTL0QEabL/qeu bjyg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:references:to:from:subject:cc:message-id:date :content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:dkim-signature; bh=pP9uJZ9osdS442gWQc1LTjLIEtPcLoSz6ogPV4e5JkQ=; fh=nIr8HDCIbmjsVHMVHej4ezbpTGYn1aIpRgVC3jFYH64=; b=cIHfbSXqUG9sjYi4EdxTAKbSBiAVWg3+cApXTvWxD/Oq/e3GEpsNxJ+aTdt8i8eTj1 GQZzxfJ/Ay5K7YmHILtc/1bfTmiyie+QX8LMhjqZw9tTwWjXexHCq5ChkPJ+3gL9qwVU st5DJ5VTW4L+mvhA5X8sf8/rHUJDSm4j3w/SCPj3P9xFtggXMtpidwnQkhon0G7Qi7dc ka9vR25ZFM1oWdfXaJfyx87skCRIFmyOyEukYM2z2TrhjBFLaP0yeMMw5qrnWAwkCm+S i0tZe1euQR/NLj4ucqV+mCTkQK10Qn9jl1XNcyZaqQxjI4tG2vWbGhvN0WD9VIzpxAW6 P6PA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="kGpROf/I"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-4487-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4487-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id 41be03b00d2f7-688e1e9655fsi7916674a12.666.2024.05.28.18.15.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 May 2024 18:15:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto+bounces-4487-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="kGpROf/I"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-4487-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4487-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id C9C322855A2 for ; Wed, 29 May 2024 01:15:07 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 5B4BC15A870; Wed, 29 May 2024 01:15:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="kGpROf/I" X-Original-To: linux-crypto@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0B26615A850; Wed, 29 May 2024 01:15:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716945305; cv=none; b=MZHg0un97r2vHJnYulmOqEOqvnzfD878ZoQDtChqWykJfa5klDrHmB4+AuRXH15fpPbXKdUrBvWqKPuR2oGH85mt7+V7H8pYMjkKfGXr6I/6SdUvTx+40Y/1Cl7K5W9IHFCWgprJPCgaXI2+tttYSZyv1bLQhNfm6XABdScNuXw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716945305; c=relaxed/simple; bh=/GfoeoRReOIcuGfxqsKcE/ssX+1CbriDPv2XiapiR74=; h=Mime-Version:Content-Type:Date:Message-Id:Cc:Subject:From:To: References:In-Reply-To; b=qENrCbMT04/mrMf2REBnQ0QKJ++W7zANR800aH2euPcxuCpRt0du9KN4fSdd5JD4E8wqTTbpzQBw7/iu2MYns0GG8zgfsp3hRhfPIlLtpUAJuPcB2QSwlVaanwQLdV5EwbEJPNTpiaX92wgIYf2ZybfPuV1m4NaPFgDaHkikez0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=kGpROf/I; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id E412EC3277B; Wed, 29 May 2024 01:15:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1716945304; bh=/GfoeoRReOIcuGfxqsKcE/ssX+1CbriDPv2XiapiR74=; h=Date:Cc:Subject:From:To:References:In-Reply-To:From; b=kGpROf/I0sN3dx/iNmVuHImgJXfDfwZBIR422JA711ML9z8bQffVQXre2gwdwVhne ZTaO0t0IJPgbG+JH1ylOornajxZYDZv1o3x7eHmHZye4dYNMhEspCsnIU38YoQfJ3c 3EiDqEAMry/ziID4lUCX/2IEH9vk6f7ApybGt7i58uoXK4PeCcdVSrC9nI8vLltVwB KFswRC1P7gWiKQnV99yMIdKjB9uhm+qrBJMAMzWP4LlO6LHhsCFoJnkZLvM3Wmmu+G NzvjOjXbb5HQgRDhD5t7VlftKbs4fbA97YKmaGlKx+S2cLNo2rcFnkNQGmIpKf+U6L 8G6VYRd40/FLw== Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Wed, 29 May 2024 04:14:58 +0300 Message-Id: Cc: , , , "James Prestwood" , "David Woodhouse" , "Eric Biggers" , "James Bottomley" , , "Lennart Poettering" , "David S. Miller" , "open list" , "David Howells" , "Peter Huewe" , "Jason Gunthorpe" , "Ard Biesheuvel" , "Mario Limonciello" Subject: Re: [PATCH v7 5/5] keys: asymmetric: Add tpm2_key_ecdsa From: "Jarkko Sakkinen" To: "Stefan Berger" , "Herbert Xu" X-Mailer: aerc 0.17.0 References: <20240528210823.28798-1-jarkko@kernel.org> <20240528210823.28798-6-jarkko@kernel.org> In-Reply-To: On Wed May 29, 2024 at 2:15 AM EEST, Stefan Berger wrote: > > + ptr[TPM2_KEY_ECDSA_SIG_R_TAG] =3D 0x02; /* INTEGER */ > > + ptr[TPM2_KEY_ECDSA_SIG_R_SIZE] =3D SHA256_DIGEST_SIZE + r_0; > > The size of the signature has nothing to do with the size of the hash.=20 > SHA256_DIGEST_SIZE (32) happens to match the number of bytes of a=20 > coordinate of prime256v1 / NIST p256 but should fail when you use=20 > secp521r1 / NIST p521 since then r or s may then be 66 or 67 bytes (if=20 > most sign. bit is set) long. First remark did not go unnoticed, so thanks for both. There was not just much to comment on it :-) I could just replace the constant with a (range checked) variable read from the response and overall structure woud be the same. This will also mean that in the case of P521 also prefix byte (0x81) is required but just for the sequence I think, not for the integers. Finally, I need to implement p521 smoke test for testing this patch set. One big letdown that I only now have consciously realized, is that TCG does not have p256k1 in their algorithm repository. It is the basis for quite a few blockchain technologies. I wonder why... BR, Jarkko