[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3bdb1c9e0ac35c7dc3fbba1233bc7df80ac466a2.camel@redhat.com>
Date: Fri, 16 Feb 2024 14:27:52 -0500
From: Simo Sorce <simo@...hat.com>
To: Stefan Berger <stefanb@...ux.ibm.com>, keyrings@...r.kernel.org,
linux-crypto@...r.kernel.org, herbert@...dor.apana.org.au,
davem@...emloft.net
Cc: linux-kernel@...r.kernel.org, saulo.alessandre@....jus.br
Subject: Re: [PATCH v2 00/14] Add support for NIST P521 to ecdsa and ecdh
On Thu, 2024-02-15 at 18:13 -0500, Stefan Berger wrote:
> This series of patches adds support for the NIST P521 curve to ecdsa and
> ecdh. Test cases for NIST P521 are added to both modules.
>
> An issue with the current code in ecdsa and ecdh is that it assumes that
> input arrays providing key coordinates for example, are arrays of digits
> (a 'digit' is a 'u64'). This works well for all currently supported
> curves, such as NIST P192/256/384, but does not work for NIST P521 where
> coordinates are 8 digits + 2 bytes long. So some of the changes deal with
> converting byte arrays to digits and digits to byte arrays.
>
>
> Regards,
> Stefan
>
> v2:
> - Reformulated some patch descriptions
> - Fixed issue detected by krobot
> - Some other small changes to the code
>
> Stefan Berger (14):
> crypto: ecdsa - Convert byte arrays with key coordinates to digits
> crypto: ecdsa - Adjust tests on length of key parameters
> crypto: ecdsa - Extend res.x mod n calculation for NIST P521
> crypto: ecc - Implement vli_mmod_fast_521 for NIST p521
> crypto: ecc - For NIST P521 use vli_num_bits to get number of bits
> crypto: ecc - Add NIST P521 curve parameters
> crypto: ecdsa - Register NIST P521 and extend test suite
> x509: Add OID for NIST P521 and extend parser for it
> crypto: ecdh - Use properly formatted digits to check for valid key
> crypto: ecc - Implement ecc_digits_to_bytes to convert digits to byte
> array
> crypto: Add nbits field to ecc_curve structure
> crypto: ecc - Implement and use ecc_curve_get_nbytes to get curve's
> nbytes
> crypto: ecdh - Use functions to copy digits from and to byte array
> crypto: ecdh - Add support for NIST P521 and add test case
>
> crypto/asymmetric_keys/x509_cert_parser.c | 3 +
> crypto/ecc.c | 71 +++++--
> crypto/ecc_curve_defs.h | 45 +++++
> crypto/ecdh.c | 59 +++++-
> crypto/ecdsa.c | 48 ++++-
> crypto/testmgr.c | 14 ++
> crypto/testmgr.h | 225 ++++++++++++++++++++++
> include/crypto/ecc_curve.h | 3 +
> include/crypto/ecdh.h | 1 +
> include/crypto/internal/ecc.h | 61 +++++-
> include/linux/oid_registry.h | 1 +
> 11 files changed, 495 insertions(+), 36 deletions(-)
Hi Stefan,
what kind of side-channel testing was performed on this code?
And what is the use case you are adding it for?
Thanks,
Simo.
--
Simo Sorce
Distinguished Engineer
RHEL Crypto Team
Red Hat, Inc
Powered by blists - more mailing lists