lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <b48a70cf-8f3d-011c-275e-0c508ca212f5@linux.alibaba.com>
Date:   Mon, 2 Mar 2020 14:27:53 +0800
From:   Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
To:     herbert@...dor.apana.org.au, davem@...emloft.net,
        ebiggers@...nel.org, pvanleeuwen@...bus.com, zohar@...ux.ibm.com,
        dmitry.kasatkin@...el.com, penguin-kernel@...ove.SAKURA.ne.jp,
        jmorris@...ei.org, rusty@...tcorp.com.au, nicstange@...il.com,
        tadeusz.struk@...el.com, gilad@...yossef.com
Cc:     linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Introduce OSCCA certificate and SM2 asymmetric algorithm



On 2020/2/16 16:59, Tianjia Zhang wrote:
> Hello all,
> 
> This new module implement the OSCCA certificate and SM2 public key
> algorithm. It was published by State Encryption Management Bureau, China.
> List of specifications for OSCCA certificate and SM2 elliptic curve
> public key cryptography:
> 
> * GM/T 0003.1-2012
> * GM/T 0003.2-2012
> * GM/T 0003.3-2012
> * GM/T 0003.4-2012
> * GM/T 0003.5-2012
> * GM/T 0015-2012
> * GM/T 0009-2012
> 
> IETF: https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
> oscca: http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
> scctc: http://www.gmbz.org.cn/main/bzlb.html
> 
> These patchs add the OID object identifier defined by OSCCA. The
> x509 certificate supports sm2-with-sm3 type certificate parsing
> and verification.
> 
> The sm2 algorithm is based on libgcrypt's mpi implementation, and has
> made some additions to the kernel's original mpi library, and added the
> implementation of ec to better support elliptic curve-like algorithms.
> 
> sm2 has good support in both openssl and gnupg projects, and sm3 and sm4
> of the OSCCA algorithm family have also been implemented in the kernel.
> 
> Signed-off-by: Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
> 
> Thanks,
> Tianjia
> 

Hello all,

This is the review request.

The OSCCA certificate and related algorithms used to verify the 
certificate are newly introduced. Among them, sm3 and sm4 have been well 
implemented in the kernel. This group of patches has newly introduced sm2.
In order to implement sm2 more perfectly, I expanded the mpi library and 
introduced the ec implementation of the mpi library as the basic 
algorithm. Compared to the kernel's crypto/ecc.c, the implementation of 
mpi/ec.c is more complete and elegant, sm2 is implemented based on these 
algorithms.
At this point, the kernel can parse and verify sm2-with-sm3 certificates 
normally.

Thanks,
Tianjia

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ