LKML Archive on lore.kernel.org help / color / mirror / Atom feed
* [PATCH v2] X.509: unpack RSA signatureValue field from BIT STRING @ 2018-04-17 13:39 ` Maciej S. Szmigiero 2018-04-17 15:07 ` Kamil Konieczny 0 siblings, 1 reply; 3+ messages in thread From: Maciej S. Szmigiero @ 2018-04-17 13:39 UTC (permalink / raw) To: David Howells Cc: Herbert Xu, David S. Miller, Tom Lendacky, Gary Hook, James Morris, Serge E. Hallyn, keyrings, linux-security-module, linux-crypto, linux-kernel The signatureValue field of a X.509 certificate is encoded as a BIT STRING. For RSA signatures this BIT STRING is of so-called primitive subtype, which contains a u8 prefix indicating a count of unused bits in the encoding. We have to strip this prefix from signature data, just as we already do for key data in x509_extract_key_data() function. This wasn't noticed earlier because this prefix byte is zero for RSA key sizes divisible by 8. Since BIT STRING is a big-endian encoding adding zero prefixes has no bearing on its value. The signature length, however was incorrect, which is a problem for RSA implementations that need it to be exactly correct (like AMD CCP). Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name> Fixes: c26fd69fa009 ("X.509: Add a crypto key parser for binary (DER) X.509 certificates") Cc: stable@vger.kernel.org --- This is a resend of a patch that was previously submitted in one series with CCP driver changes since this particular patch should go through the security (rather than crypto) tree. Changes from v1: Change '!' to '== 0'. crypto/asymmetric_keys/x509_cert_parser.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c index 7d81e6bb461a..b6cabac4b62b 100644 --- a/crypto/asymmetric_keys/x509_cert_parser.c +++ b/crypto/asymmetric_keys/x509_cert_parser.c @@ -249,6 +249,15 @@ int x509_note_signature(void *context, size_t hdrlen, return -EINVAL; } + if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0) { + /* Discard the BIT STRING metadata */ + if (vlen < 1 || *(const u8 *)value != 0) + return -EBADMSG; + + value++; + vlen--; + } + ctx->cert->raw_sig = value; ctx->cert->raw_sig_size = vlen; return 0; ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v2] X.509: unpack RSA signatureValue field from BIT STRING 2018-04-17 13:39 ` [PATCH v2] X.509: unpack RSA signatureValue field from BIT STRING Maciej S. Szmigiero @ 2018-04-17 15:07 ` Kamil Konieczny 2018-04-17 15:11 ` Maciej S. Szmigiero 0 siblings, 1 reply; 3+ messages in thread From: Kamil Konieczny @ 2018-04-17 15:07 UTC (permalink / raw) To: Maciej S. Szmigiero, David Howells Cc: Herbert Xu, David S. Miller, Tom Lendacky, Gary Hook, James Morris, Serge E. Hallyn, keyrings, linux-security-module, linux-crypto, linux-kernel On 17.04.2018 15:39, Maciej S. Szmigiero wrote: > The signatureValue field of a X.509 certificate is encoded as a BIT STRING. > For RSA signatures this BIT STRING is of so-called primitive subtype, which > contains a u8 prefix indicating a count of unused bits in the encoding. > > We have to strip this prefix from signature data, just as we already do for > key data in x509_extract_key_data() function. > > This wasn't noticed earlier because this prefix byte is zero for RSA key > sizes divisible by 8. Since BIT STRING is a big-endian encoding adding zero > prefixes has no bearing on its value. > > The signature length, however was incorrect, which is a problem for RSA > implementations that need it to be exactly correct (like AMD CCP). > > Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name> your e-mail address looks incorrect [...] -- Best regards, Kamil Konieczny Samsung R&D Institute Poland ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v2] X.509: unpack RSA signatureValue field from BIT STRING 2018-04-17 15:07 ` Kamil Konieczny @ 2018-04-17 15:11 ` Maciej S. Szmigiero 0 siblings, 0 replies; 3+ messages in thread From: Maciej S. Szmigiero @ 2018-04-17 15:11 UTC (permalink / raw) To: Kamil Konieczny Cc: David Howells, Herbert Xu, David S. Miller, Tom Lendacky, Gary Hook, James Morris, Serge E. Hallyn, keyrings, linux-security-module, linux-crypto, linux-kernel On 17.04.2018 17:07, Kamil Konieczny wrote: > > > On 17.04.2018 15:39, Maciej S. Szmigiero wrote: >> The signatureValue field of a X.509 certificate is encoded as a BIT STRING. >> For RSA signatures this BIT STRING is of so-called primitive subtype, which >> contains a u8 prefix indicating a count of unused bits in the encoding. >> >> We have to strip this prefix from signature data, just as we already do for >> key data in x509_extract_key_data() function. >> >> This wasn't noticed earlier because this prefix byte is zero for RSA key >> sizes divisible by 8. Since BIT STRING is a big-endian encoding adding zero >> prefixes has no bearing on its value. >> >> The signature length, however was incorrect, which is a problem for RSA >> implementations that need it to be exactly correct (like AMD CCP). >> >> Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name> > > your e-mail address looks incorrect > > [...] > What's wrong with it? Maciej ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-04-17 15:12 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <CGME20180417134032epcas3p21dbb2d3a6d8650cd64e147d2ce89e6ea@epcas3p2.samsung.com>
2018-04-17 13:39 ` [PATCH v2] X.509: unpack RSA signatureValue field from BIT STRING Maciej S. Szmigiero
2018-04-17 15:07 ` Kamil Konieczny
2018-04-17 15:11 ` Maciej S. Szmigiero
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).