Re: [PATCH RESEND v2 1/2] crypto: ecdsa - Fix enc/dec size reported by KEYCTL_PKEY_QUERY

Ignat Korchagin <ignat@xxxxxxxxxxxxxx> · Fri, 11 Apr 2025 20:54:48 +0100



On Mon, Apr 7, 2025 at 8:42 PM Lukas Wunner <lukas@xxxxxxxxx> wrote:
>
> KEYCTL_PKEY_QUERY system calls for ecdsa keys return the key size as
> max_enc_size and max_dec_size, even though such keys cannot be used for
> encryption/decryption.  They're exclusively for signature generation or
> verification.
>
> Only rsa keys with pkcs1 encoding can also be used for encryption or
> decryption.
>
> Return 0 instead for ecdsa keys (as well as ecrdsa keys).
>
> Signed-off-by: Lukas Wunner <lukas@xxxxxxxxx>
> Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>

Reviewed-by: Ignat Korchagin <ignat@xxxxxxxxxxxxxx>

> ---
>  crypto/asymmetric_keys/public_key.c | 9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
> index bf165d3..dd44a96 100644
> --- a/crypto/asymmetric_keys/public_key.c
> +++ b/crypto/asymmetric_keys/public_key.c
> @@ -188,6 +188,8 @@ static int software_key_query(const struct kernel_pkey_params *params,
>         ptr = pkey_pack_u32(ptr, pkey->paramlen);
>         memcpy(ptr, pkey->params, pkey->paramlen);
>
> +       memset(info, 0, sizeof(*info));
> +
>         if (issig) {
>                 sig = crypto_alloc_sig(alg_name, 0, 0);
>                 if (IS_ERR(sig)) {
> @@ -211,6 +213,9 @@ static int software_key_query(const struct kernel_pkey_params *params,
>                         info->supported_ops |= KEYCTL_SUPPORTS_SIGN;
>
>                 if (strcmp(params->encoding, "pkcs1") == 0) {
> +                       info->max_enc_size = len;
> +                       info->max_dec_size = len;
> +
>                         info->supported_ops |= KEYCTL_SUPPORTS_ENCRYPT;
>                         if (pkey->key_is_private)
>                                 info->supported_ops |= KEYCTL_SUPPORTS_DECRYPT;
> @@ -232,6 +237,8 @@ static int software_key_query(const struct kernel_pkey_params *params,
>                 len = crypto_akcipher_maxsize(tfm);
>                 info->max_sig_size = len;
>                 info->max_data_size = len;
> +               info->max_enc_size = len;
> +               info->max_dec_size = len;
>
>                 info->supported_ops = KEYCTL_SUPPORTS_ENCRYPT;
>                 if (pkey->key_is_private)
> @@ -239,8 +246,6 @@ static int software_key_query(const struct kernel_pkey_params *params,
>         }
>
>         info->key_size = len * 8;
> -       info->max_enc_size = len;
> -       info->max_dec_size = len;
>
>         ret = 0;
>
> --
> 2.43.0
>