| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 Apr 2019 19:05:16 +0300
From: Vitaly Chikunov <vt@...linux.org>
To: Herbert Xu <herbert@...dor.apana.org.au>,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v8 00/10] crypto: add EC-RDSA (GOST 34.10) algorithm
Herbert,
On Tue, Mar 26, 2019 at 03:58:32PM +0300, Vitaly Chikunov wrote:
> This patchset changes akcipher API to support ECDSA style signature
> verification, augments x509 parser to make it work with EC-RDSA certificates,
> and, finally, implements EC-RDSA (GOST 34.10) signature verification and its
> integration with IMA.
Can you please explain what changes are requested?
Thanks,
>
> Special request to Mimi Zohar and David Howells to Ack relevant commits, please.
>
> ---
> This patchset should be applied over cryptodev tree commit 4e5180eb3d4f
>
> Changes since v7:
> - Do not check callback validity in akcipher requests, instead define default
> callbacks on register, suggested by Herbert Xu.
> - Sanity checks in crypto_akcipher_maxsize are removed (not needed).
> - Sanity checks for `dst' and `dst_len' are removed from verify op (not
> needed in akcipher API and should be checked by a driver).
> - Patch "KEYS: report to keyctl only actually supported key ops" is removed,
> as it would affect user-space API.
>
> Changes since (v5-v6):
> - set_params API is removed in favor of appending parameters into a key stream,
> as requested by Herbert Xu.
> - verify op signature de-kmemdup'ed (as requested by David Howells) in separate
> patch (as requested by Herbert Xu).
> - Add forgotten ASN.1 parser files to EC-RDSA patch.
> - Tested on x86_64.
>
> Changes since v5:
> - Comparison of hash algo by enum id instead of text name, as suggested by
> Thiago Jung Bauermann and Mimi Zohar.
>
> Changes since RFC (v1-v4):
> - akcipher set_max_size, encrypt, decrypt, sign, verify callbacks may be
> undefined by the drivers, so their crypto_akcipher_* frontends check for
> their presence before passing the call.
> - supported_ops flags are set for keyctl, based on the presence of implemented
> akcipher callbacks.
> - Transition to verify2 API is abandoned because raw RSA does not need
> sign/verify ops at all, and we can switch to the new verify in one step.
> For this RSA backends have sign/verify ops removed as they should only
> be used (and actually used only) via PKCS1 driver.
> - Verify callback requires digest as the input parameter in src SGL, as
> suggested by Herbert Xu, (instead of a separate parameter, as it was in
> verify2).
> - For verify op signature is moved into kmalloc'd memory as suggested by
> Herbert Xu.
> - set_params API should be called before set_{pub,priv}_key, thus set_*_key
> knows everything it needs to set they key properly. Also, set_params made
> optional for back compatibility with RSA drivers.
> - Public-key cryptography section is created in Kconfig.
> - ecc.c is made into separate module object, to be used together by ECDH and
> EC-RDSA.
> - EC-RDSA parameters and public key are parsed using asn1_ber_decoder as
> suggested by Stephan Mueller and David Howells.
> - Test vectors are added and tests are passing.
> - Curves/parameters definitions are split from ecrdsa.c into ecrdsa_defs.h.
> - Integration with IMA in asymmetric_verify(). Userspace ima-evm-utils already
> have a patch in the queue to support this. Tested on x86_64.
>
> Vitaly Chikunov (10):
> crypto: akcipher - default implementations for request callbacks
> crypto: rsa - unimplement sign/verify for raw RSA backends
> crypto: akcipher - new verify API for public key algorithms
> KEYS: do not kmemdup digest in {public,tpm}_key_verify_signature
> X.509: parse public key parameters from x509 for akcipher
> crypto: Kconfig - create Public-key cryptography section
> crypto: ecc - make ecc into separate module
> crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm
> crypto: ecrdsa - add EC-RDSA test vectors to testmgr
> integrity: support EC-RDSA signatures for asymmetric_verify
>
> crypto/Kconfig | 63 ++--
> crypto/Makefile | 10 +-
> crypto/akcipher.c | 14 +
> crypto/asymmetric_keys/asym_tpm.c | 77 +++--
> crypto/asymmetric_keys/public_key.c | 105 ++++---
> crypto/asymmetric_keys/x509.asn1 | 2 +-
> crypto/asymmetric_keys/x509_cert_parser.c | 57 +++-
> crypto/ecc.c | 417 +++++++++++++++++++++++++-
> crypto/ecc.h | 153 +++++++++-
> crypto/ecc_curve_defs.h | 15 -
> crypto/ecrdsa.c | 296 ++++++++++++++++++
> crypto/ecrdsa_defs.h | 225 ++++++++++++++
> crypto/ecrdsa_params.asn1 | 4 +
> crypto/ecrdsa_pub_key.asn1 | 1 +
> crypto/rsa-pkcs1pad.c | 33 +-
> crypto/rsa.c | 109 -------
> crypto/testmgr.c | 80 +++--
> crypto/testmgr.h | 159 ++++++++++
> drivers/crypto/caam/caampkc.c | 2 -
> drivers/crypto/ccp/ccp-crypto-rsa.c | 2 -
> drivers/crypto/qat/qat_common/qat_asym_algs.c | 2 -
> include/crypto/akcipher.h | 54 ++--
> include/crypto/public_key.h | 4 +
> include/linux/oid_registry.h | 18 ++
> security/integrity/digsig_asymmetric.c | 11 +-
> 25 files changed, 1606 insertions(+), 307 deletions(-)
> create mode 100644 crypto/ecrdsa.c
> create mode 100644 crypto/ecrdsa_defs.h
> create mode 100644 crypto/ecrdsa_params.asn1
> create mode 100644 crypto/ecrdsa_pub_key.asn1
>
> --
> 2.11.0
Powered by blists - more mailing lists