KEYS: asymmetric: Fix ECDSA use via keyctl uapi
authorDenis Kenzior <denkenz@gmail.com>
Fri, 26 Aug 2022 14:51:19 +0000 (09:51 -0500)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 10 Mar 2023 08:32:45 +0000 (09:32 +0100)
[ Upstream commit 10de7b54293995368c52d9aa153f3e7a359f04a1 ]

When support for ECDSA keys was added, constraints for data & signature
sizes were never updated.  This makes it impossible to use such keys via
keyctl API from userspace.

Update constraint on max_data_size to 64 bytes in order to support
SHA512-based signatures. Also update the signature length constraints
per ECDSA signature encoding described in RFC 5480.

Fixes: 299f561a6693 ("x509: Add support for parsing x509 certs with ECDSA keys")
Signed-off-by: Denis Kenzior <denkenz@gmail.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto/asymmetric_keys/public_key.c

index 2f8352e8886022acf8e1d268299a235c2fb3b275..eca5671ad3f2288eefe2a07b31d50b1a5728a8ed 100644 (file)
@@ -186,8 +186,28 @@ static int software_key_query(const struct kernel_pkey_params *params,
 
        len = crypto_akcipher_maxsize(tfm);
        info->key_size = len * 8;
-       info->max_data_size = len;
-       info->max_sig_size = len;
+
+       if (strncmp(pkey->pkey_algo, "ecdsa", 5) == 0) {
+               /*
+                * ECDSA key sizes are much smaller than RSA, and thus could
+                * operate on (hashed) inputs that are larger than key size.
+                * For example SHA384-hashed input used with secp256r1
+                * based keys.  Set max_data_size to be at least as large as
+                * the largest supported hash size (SHA512)
+                */
+               info->max_data_size = 64;
+
+               /*
+                * Verify takes ECDSA-Sig (described in RFC 5480) as input,
+                * which is actually 2 'key_size'-bit integers encoded in
+                * ASN.1.  Account for the ASN.1 encoding overhead here.
+                */
+               info->max_sig_size = 2 * (len + 3) + 2;
+       } else {
+               info->max_data_size = len;
+               info->max_sig_size = len;
+       }
+
        info->max_enc_size = len;
        info->max_dec_size = len;
        info->supported_ops = (KEYCTL_SUPPORTS_ENCRYPT |