[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1634005076-17534-1-git-send-email-herbert.tencent@gmail.com>
Date: Tue, 12 Oct 2021 10:17:51 +0800
From: Hongbo Li <herbert.tencent@...il.com>
To: linux-crypto@...r.kernel.org, herbert@...dor.apana.org.au,
herberthbli@...cent.com
Cc: linux-kernel@...r.kernel.org, Hongbo Li <herbert.tencent@...il.com>
Subject: [PATCH v3 0/5] crypto: add eddsa support for x509
This series of patches add support for x509 cert signed by eddsa,
which is described in RFC8032 [1], currently ed25519 only.
Curve25519 is an elliptic curve used for key agreement(ECDH).
It is a Montgomery curve.
Edwards25519 is a twisted Edwards curve and birationally equivalent
to Curve25519, the birational maps are described in rfc7748 section 4.1.[2]
Ed25519 is a Digital Signature Algorithm over Edwards25519.
The kernel's curve25519 code is used for ECDH, such as set_secret(),
generate_public_key() and compute_shared_secret(), these are useless
for eddsa, and can not be reused, eddsa do the verification on the
given public key and signature.
According to RFC8032 section 4 [3], there're two variants: PureEdDSA and
HashEdDSA. These patches support PureEdDSA which named Ed25519.
Patch1 exports some mpi common functions.
Patch2 makes x509 layer support eddsa.
Patch3 moves some common code in sm2 to separate files. These code is also
used by eddsa.
Patch4 is the implementation of eddsa verification according to RFC8032
section 5.1.7 [4].
Patch5 adds test vector for eddsa.
Test by the following script:
keyctl newring test @u
while :; do
certfile="cert.der"
openssl req \
-x509 \
-newkey ED25519 \
-keyout key.pem \
-days 365 \
-subj '/CN=test' \
-nodes \
-outform der \
-out ${certfile} 2>/dev/null
exp=0
id=$(keyctl padd asymmetric testkey %keyring:test < "${certfile}")
rc=$?
if [ $rc -ne $exp ]; then
case "$exp" in
0) echo "Error: Could not load ed25519 certificate $certfile!";
esac
exit 1
else
case "$rc" in
0) printf "load ed25519 cert keyid: %-10s\n" $id;
esac
fi
done
Best Regards
Hongbo
[1] https://datatracker.ietf.org/doc/html/rfc8032
[2] https://datatracker.ietf.org/doc/html/rfc7748#section-4.1
[3] https://datatracker.ietf.org/doc/html/rfc8032#section-4
[4] https://datatracker.ietf.org/doc/html/rfc8032#section-5.1.7
v1->v2:
-fix the warning "warning: no previous prototype"
reported-by: kernel test robot <lkp@...el.com>
-add more comments about these patches
v2->v3:
-remove the v2-0001-crypto-fix-a-memory-leak-in-sm2.patch and
v2-0002-lib-mpi-use-kcalloc-in-mpi_resize.patch from patch series,
because they have been merged into kernel.
Hongbo Li (5):
lib/mpi: export some common function
x509: add support for eddsa
crypto: move common code in sm2 to ec_mpi.c and ec_mpi.h
crypto: ed25519 cert verification
crypto: add eddsa test vector
crypto/Kconfig | 15 ++
crypto/Makefile | 4 +
crypto/asymmetric_keys/public_key.c | 73 ++++++-
crypto/asymmetric_keys/x509_cert_parser.c | 14 +-
crypto/asymmetric_keys/x509_public_key.c | 4 +-
crypto/ec_mpi.c | 82 ++++++++
crypto/ec_mpi.h | 37 ++++
crypto/eddsa.c | 326 ++++++++++++++++++++++++++++++
crypto/sm2.c | 98 +--------
crypto/testmgr.c | 6 +
crypto/testmgr.h | 32 +++
include/linux/oid_registry.h | 1 +
lib/mpi/mpi-add.c | 4 +-
13 files changed, 589 insertions(+), 107 deletions(-)
create mode 100644 crypto/ec_mpi.c
create mode 100644 crypto/ec_mpi.h
create mode 100644 crypto/eddsa.c
--
1.8.3.1
Powered by blists - more mailing lists