On Mon May 27, 2024 at 11:28 PM EEST, Jarkko Sakkinen wrote: > Public key blob is not just x and y concatenated. It follows RFC5480 > section 2.2. Address this by re-documenting the function with the > correct description of the format. > > Link: https://datatracker.ietf.org/doc/html/rfc5480 > Fixes: 4e6602916bc6 ("crypto: ecdsa - Add support for ECDSA signature verification") > Signed-off-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx> > --- > It is a bug fix that does not really need a stable backport. Still > categorizes as a bug because by following the existing documentation > you end up with an error code. > crypto/ecdsa.c | 5 ++--- > 1 file changed, 2 insertions(+), 3 deletions(-) > > diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c > index 258fffbf623d..55114146ff84 100644 > --- a/crypto/ecdsa.c > +++ b/crypto/ecdsa.c > @@ -215,9 +215,8 @@ static int ecdsa_ecc_ctx_reset(struct ecc_ctx *ctx) > } > > /* > - * Set the public key given the raw uncompressed key data from an X509 > - * certificate. The key data contain the concatenated X and Y coordinates of > - * the public key. > + * Set the public ECC key as defined by RFC5480 section 2.2 "Subject Public > + * Key". Only the uncompressed format is supported. > */ > static int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsigned int keylen) > { Based on this, is this now along the lines of correct format": *ptr++ = 0x04; /* uncompressed */ ptr = asn1_encode_octet_string(&ptr[0], &in[sizeof(in)], &x[0], x_size); ptr = asn1_encode_octet_string(&ptr[0], &in[sizeof(in)], &x[x_size + 2], x_size); in_len = ptr - in; ret = crypto_akcipher_set_pub_key(tfm, in, in_len); Notes: - ptr points to the beginning of in (initially) - x: "u16, u8[x_size], u16, u8[x_size]" - x_size is length of ecc i.e. 32 in the case of p256. I actually did the snippet by reading the RFC so this is pretty good test for the patch. BR, Jarkko
