lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 26 Mar 2019 15:58:32 +0300
From:   Vitaly Chikunov <>
To:     Herbert Xu <>,
        David Howells <>,
        Mimi Zohar <>,
        Dmitry Kasatkin <>,,,,
Subject: [PATCH v8 00/10] crypto: add EC-RDSA (GOST 34.10) algorithm

This patchset changes akcipher API to support ECDSA style signature
verification, augments x509 parser to make it work with EC-RDSA certificates,
and, finally, implements EC-RDSA (GOST 34.10) signature verification and its
integration with IMA.

Special request to Mimi Zohar and David Howells to Ack relevant commits, please.

This patchset should be applied over cryptodev tree commit 4e5180eb3d4f

Changes since v7:
- Do not check callback validity in akcipher requests, instead define default
  callbacks on register, suggested by Herbert Xu.
- Sanity checks in crypto_akcipher_maxsize are removed (not needed).
- Sanity checks for `dst' and `dst_len' are removed from verify op (not
  needed in akcipher API and should be checked by a driver).
- Patch "KEYS: report to keyctl only actually supported key ops" is removed,
  as it would affect user-space API.

Changes since (v5-v6):
- set_params API is removed in favor of appending parameters into a key stream,
  as requested by Herbert Xu.
- verify op signature de-kmemdup'ed (as requested by David Howells) in separate
  patch (as requested by Herbert Xu).
- Add forgotten ASN.1 parser files to EC-RDSA patch.
- Tested on x86_64.

Changes since v5:
- Comparison of hash algo by enum id instead of text name, as suggested by
  Thiago Jung Bauermann and Mimi Zohar.

Changes since RFC (v1-v4):
- akcipher set_max_size, encrypt, decrypt, sign, verify callbacks may be
  undefined by the drivers, so their crypto_akcipher_* frontends check for
  their presence before passing the call.
- supported_ops flags are set for keyctl, based on the presence of implemented
  akcipher callbacks.
- Transition to verify2 API is abandoned because raw RSA does not need
  sign/verify ops at all, and we can switch to the new verify in one step.
  For this RSA backends have sign/verify ops removed as they should only
  be used (and actually used only) via PKCS1 driver.
- Verify callback requires digest as the input parameter in src SGL, as
  suggested by Herbert Xu, (instead of a separate parameter, as it was in
- For verify op signature is moved into kmalloc'd memory as suggested by
  Herbert Xu.
- set_params API should be called before set_{pub,priv}_key, thus set_*_key
  knows everything it needs to set they key properly. Also, set_params made
  optional for back compatibility with RSA drivers.
- Public-key cryptography section is created in Kconfig.
- ecc.c is made into separate module object, to be used together by ECDH and
- EC-RDSA parameters and public key are parsed using asn1_ber_decoder as
  suggested by Stephan Mueller and David Howells.
- Test vectors are added and tests are passing.
- Curves/parameters definitions are split from ecrdsa.c into ecrdsa_defs.h.
- Integration with IMA in asymmetric_verify(). Userspace ima-evm-utils already
  have a patch in the queue to support this. Tested on x86_64.

Vitaly Chikunov (10):
  crypto: akcipher - default implementations for request callbacks
  crypto: rsa - unimplement sign/verify for raw RSA backends
  crypto: akcipher - new verify API for public key algorithms
  KEYS: do not kmemdup digest in {public,tpm}_key_verify_signature
  X.509: parse public key parameters from x509 for akcipher
  crypto: Kconfig - create Public-key cryptography section
  crypto: ecc - make ecc into separate module
  crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm
  crypto: ecrdsa - add EC-RDSA test vectors to testmgr
  integrity: support EC-RDSA signatures for asymmetric_verify

 crypto/Kconfig                                |  63 ++--
 crypto/Makefile                               |  10 +-
 crypto/akcipher.c                             |  14 +
 crypto/asymmetric_keys/asym_tpm.c             |  77 +++--
 crypto/asymmetric_keys/public_key.c           | 105 ++++---
 crypto/asymmetric_keys/x509.asn1              |   2 +-
 crypto/asymmetric_keys/x509_cert_parser.c     |  57 +++-
 crypto/ecc.c                                  | 417 +++++++++++++++++++++++++-
 crypto/ecc.h                                  | 153 +++++++++-
 crypto/ecc_curve_defs.h                       |  15 -
 crypto/ecrdsa.c                               | 296 ++++++++++++++++++
 crypto/ecrdsa_defs.h                          | 225 ++++++++++++++
 crypto/ecrdsa_params.asn1                     |   4 +
 crypto/ecrdsa_pub_key.asn1                    |   1 +
 crypto/rsa-pkcs1pad.c                         |  33 +-
 crypto/rsa.c                                  | 109 -------
 crypto/testmgr.c                              |  80 +++--
 crypto/testmgr.h                              | 159 ++++++++++
 drivers/crypto/caam/caampkc.c                 |   2 -
 drivers/crypto/ccp/ccp-crypto-rsa.c           |   2 -
 drivers/crypto/qat/qat_common/qat_asym_algs.c |   2 -
 include/crypto/akcipher.h                     |  54 ++--
 include/crypto/public_key.h                   |   4 +
 include/linux/oid_registry.h                  |  18 ++
 security/integrity/digsig_asymmetric.c        |  11 +-
 25 files changed, 1606 insertions(+), 307 deletions(-)
 create mode 100644 crypto/ecrdsa.c
 create mode 100644 crypto/ecrdsa_defs.h
 create mode 100644 crypto/ecrdsa_params.asn1
 create mode 100644 crypto/ecrdsa_pub_key.asn1


Powered by blists - more mailing lists