Skip to content

Commit

Permalink
KEYS: asymmetric: enforce SM2 signature use pkey algo
Browse files Browse the repository at this point in the history
The signature verification of SM2 needs to add the Za value and
recalculate sig->digest, which requires the detection of the pkey_algo
in public_key_verify_signature(). As Eric Biggers said, the pkey_algo
field in sig is attacker-controlled and should be use pkey->pkey_algo
instead of sig->pkey_algo, and secondly, if sig->pkey_algo is NULL, it
will also cause signature verification failure.

The software_key_determine_akcipher() already forces the algorithms
are matched, so the SM3 algorithm is enforced in the SM2 signature,
although this has been checked, we still avoid using any algorithm
information in the signature as input.

Fixes: 2155256 ("X.509: support OSCCA SM2-with-SM3 certificate verification")
Reported-by: Eric Biggers <[email protected]>
Cc: [email protected] # v5.10+
Signed-off-by: Tianjia Zhang <[email protected]>
Reviewed-by: Jarkko Sakkinen <[email protected]>
Signed-off-by: Jarkko Sakkinen <[email protected]>
  • Loading branch information
uudiin authored and jarkkojs committed Aug 3, 2022
1 parent d35f42c commit 0815291
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions crypto/asymmetric_keys/public_key.c
Original file line number Diff line number Diff line change
Expand Up @@ -304,6 +304,10 @@ static int cert_sig_digest_update(const struct public_key_signature *sig,

BUG_ON(!sig->data);

/* SM2 signatures always use the SM3 hash algorithm */
if (!sig->hash_algo || strcmp(sig->hash_algo, "sm3") != 0)
return -EINVAL;

ret = sm2_compute_z_digest(tfm_pkey, SM2_DEFAULT_USERID,
SM2_DEFAULT_USERID_LEN, dgst);
if (ret)
Expand Down Expand Up @@ -414,8 +418,7 @@ int public_key_verify_signature(const struct public_key *pkey,
if (ret)
goto error_free_key;

if (sig->pkey_algo && strcmp(sig->pkey_algo, "sm2") == 0 &&
sig->data_size) {
if (strcmp(pkey->pkey_algo, "sm2") == 0 && sig->data_size) {
ret = cert_sig_digest_update(sig, tfm);
if (ret)
goto error_free_key;
Expand Down

0 comments on commit 0815291

Please sign in to comment.