lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <652c922b-a231-b1ab-43ce-d4d670c90eef@linux.ibm.com>
Date:   Thu, 4 Feb 2021 00:43:43 -0500
From:   Stefan Berger <stefanb@...ux.ibm.com>
To:     Herbert Xu <herbert@...dor.apana.org.au>,
        Saulo Alessandre <saulo.alessandre@...il.com>
Cc:     keyrings@...r.kernel.org, linux-crypto@...r.kernel.org,
        davem@...emloft.net, dhowells@...hat.com, zohar@...ux.ibm.com,
        linux-kernel@...r.kernel.org, patrick@...terwijk.org,
        linux-integrity@...r.kernel.org
Subject: Re: [PATCH v7 1/4] crypto: Add support for ECDSA signature
 verification

On 2/4/21 12:27 AM, Herbert Xu wrote:
> On Mon, Feb 01, 2021 at 10:19:07AM -0500, Stefan Berger wrote:
>> Add support for parsing the parameters of a NIST P256 or NIST P192 key.
>> Enable signature verification using these keys. The new module is
>> enabled with CONFIG_ECDSA:
>>    Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.)
>>    is A NIST cryptographic standard algorithm. Only signature verification
>>    is implemented.
>>
>> Signed-off-by: Stefan Berger <stefanb@...ux.ibm.com>
>> Cc: Herbert Xu <herbert@...dor.apana.org.au>
>> Cc: "David S. Miller" <davem@...emloft.net>
>> Cc: linux-crypto@...r.kernel.org
>> ---
>>   crypto/Kconfig               |  10 +
>>   crypto/Makefile              |   6 +
>>   crypto/ecc.c                 |  13 +-
>>   crypto/ecc.h                 |  28 +++
>>   crypto/ecdsa.c               | 361 +++++++++++++++++++++++++++++++++++
>>   crypto/ecdsasignature.asn1   |   4 +
>>   crypto/testmgr.c             |  12 ++
>>   crypto/testmgr.h             | 267 ++++++++++++++++++++++++++
>>   include/linux/oid_registry.h |   4 +
>>   9 files changed, 694 insertions(+), 11 deletions(-)
>>   create mode 100644 crypto/ecdsa.c
>>   create mode 100644 crypto/ecdsasignature.asn1
> Saulo Alessandre is implementing ecdsa with signing so you two
> should coordinate on this.

Hello Saulo,

  so this series here supports NIST P256 and NIST P192 for usage by IMA 
for example. It looks like you want to support more elliptic curves than 
these: p384 and even p521. Do you have any suggestion on how to proceed? 
Would you want to add patches with your additional curves on top of this 
series?

I have a project here with some test scripts that may also be relevant 
for your case: https://github.com/stefanberger/eckey-testing


     Stefan


>
> Thanks,

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ