On Thu, Jan 02, 2025 at 12:45:47PM -0500, Stefan Berger wrote: > On 12/26/24 1:08 PM, Lukas Wunner wrote: > > When user space issues a KEYCTL_PKEY_QUERY system call for a NIST P521 > > key, the key_size is incorrectly reported as 528 bits instead of 521. > > Is there a way to query this with keyctl pkey_query? Yes, these are the commands I've used for testing: id=`keyctl padd asymmetric "" %:_uid.0 < end_responder.cert.der` keyctl pkey_query $id 0 enc=x962 hash=sha256 This is the certificate I've used: https://github.com/DMTF/libspdm/raw/refs/heads/main/unit_test/sample_key/ecp521/end_responder.cert.der Before: key_size=528 max_data_size=64 max_sig_size=139 max_enc_size=66 max_dec_size=66 encrypt=n decrypt=n sign=n verify=y After: key_size=521 max_data_size=64 max_sig_size=139 max_enc_size=0 max_dec_size=0 encrypt=n decrypt=n sign=n verify=y Thanks, Lukas
