The callers of crypto_sig_sign() assume that the signature size is
always equivalent to the key size.
This happens to be true for RSA, which is currently the only algorithm
implementing the ->sign() callback. But it is false e.g. for X9.62
encoded ECDSA signatures because they have variable length.
Prepare for addition of a ->sign() callback to such algorithms by
letting the callback return the signature size (or a negative integer
on error). When testing the ->sign() callback in test_sig_one(),
use crypto_sig_maxsize() instead of crypto_sig_keysize() to verify that
the test vector's signature does not exceed an algorithm's maximum
signature size.
There has been a relatively recent effort to upstream ECDSA signature
generation support which may benefit from this change:
https://lore.kernel.org/linux-crypto/
20220908200036.2034-1-ignat@cloudflare.com/
However the main motivation for this commit is to reduce the number of
crypto_sig_keysize() callers: This function is about to be changed to
return the size in bits instead of bytes and that will require amending
most callers to divide the return value by 8.
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Cc: Ignat Korchagin <ignat@cloudflare.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
struct crypto_sig *sig;
char *key, *ptr;
bool issig;
- int ksz;
int ret;
pr_devel("==>%s()\n", __func__);
ret = crypto_sig_set_pubkey(sig, key, pkey->keylen);
if (ret)
goto error_free_tfm;
-
- ksz = crypto_sig_keysize(sig);
} else {
tfm = crypto_alloc_akcipher(alg_name, 0, 0);
if (IS_ERR(tfm)) {
ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen);
if (ret)
goto error_free_tfm;
-
- ksz = crypto_akcipher_maxsize(tfm);
}
ret = -EINVAL;
BUG();
}
- if (ret == 0)
- ret = ksz;
+ if (!issig && ret == 0)
+ ret = crypto_akcipher_maxsize(tfm);
error_free_tfm:
if (issig)
memset(dst, 0, pad_len);
}
- return 0;
+ return ctx->key_size;
}
static int rsassa_pkcs1_verify(struct crypto_sig *tfm,
if (vecs->public_key_vec)
return 0;
- sig_size = crypto_sig_keysize(tfm);
+ sig_size = crypto_sig_maxsize(tfm);
if (sig_size < vecs->c_size) {
pr_err("alg: sig: invalid maxsize %u\n", sig_size);
return -EINVAL;
/* Run asymmetric signature generation */
err = crypto_sig_sign(tfm, vecs->m, vecs->m_size, sig, sig_size);
- if (err) {
+ if (err < 0) {
pr_err("alg: sig: sign test failed: err %d\n", err);
return err;
}
/* Verify that generated signature equals cooked signature */
- if (memcmp(sig, vecs->c, vecs->c_size) ||
+ if (err != vecs->c_size ||
+ memcmp(sig, vecs->c, vecs->c_size) ||
memchr_inv(sig + vecs->c_size, 0, sig_size - vecs->c_size)) {
pr_err("alg: sig: sign test failed: invalid output\n");
hexdump(sig, sig_size);
* struct sig_alg - generic public key signature algorithm
*
* @sign: Function performs a sign operation as defined by public key
- * algorithm. Optional.
+ * algorithm. On success, the signature size is returned.
+ * Optional.
* @verify: Function performs a complete verify operation as defined by
* public key algorithm, returning verification status. Optional.
* @set_pub_key: Function invokes the algorithm specific set public key
* @dst: destination obuffer
* @dlen: destination length
*
- * Return: zero on success; error code in case of error
+ * Return: signature size on success; error code in case of error
*/
static inline int crypto_sig_sign(struct crypto_sig *tfm,
const void *src, unsigned int slen,
projects / thirdparty / kernel / linux.git / commitdiff
