| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 Mar 2024 13:10:11 -0400
From: Stefan Berger <stefanb@...ux.ibm.com>
To: Stefan Berger <stefanb@...ux.vnet.ibm.com>, keyrings@...r.kernel.org,
linux-crypto@...r.kernel.org, herbert@...dor.apana.org.au,
davem@...emloft.net
Cc: linux-kernel@...r.kernel.org, saulo.alessandre@....jus.br, lukas@...ner.de,
bbhushan2@...vell.com, jarkko@...nel.org
Subject: Re: [PATCH v6 00/13] Add support for NIST P521 to ecdsa
On 3/12/24 14:36, Stefan Berger wrote:
> From: Stefan Berger <stefanb@...ux.ibm.com>
>
> This series adds support for the NIST P521 curve to the ecdsa module
> to enable signature verification with it.
>
> An issue with the current code in ecdsa is that it assumes that input
> arrays providing key coordinates for example, are arrays of digits
> (a 'digit' is a 'u64'). This works well for all currently supported
> curves, such as NIST P192/256/384, but does not work for NIST P521 where
> coordinates are 8 digits + 2 bytes long. So some of the changes deal with
> converting byte arrays to digits and adjusting tests on input byte
> array lengths to tolerate arrays not providing multiples of 8 bytes.
>
FYI: A test suite for the NIST ECC algorithms is here:
https://github.com/stefanberger/eckey-testing
Script to test valid and invalid certs and signatures:
test-ecc-kernel-keys.sh
> Regards,
> Stefan
>
> v6:
> - Use existing #defines for number of digits rather than plain numbers
> (1/13, 6/13) following Bharat's suggestion
> - Initialize result from lowest 521 bits of product rather than going
> through tmp variable (6/13)
>
> v5:
> - Simplified ecc_digits_from_bytes as suggested by Lukas (1/12)
> - Using nbits == 521 to detect NIST P521 curve rather than strcmp()
> (5,6/12)
> - Nits in patch description and comments (11/12)
>
> v4:
> - Followed suggestions by Lukas Wummer (1,5,8/12)
> - Use nbits rather than ndigits where needed (8/12)
> - Renaming 'keylen' variablest to bufsize where necessary (9/12)
> - Adjust signature size calculation for NIST P521 (11/12)
>
> v3:
> - Dropped ecdh support
> - Use ecc_get_curve_nbits for getting number of bits in NIST P521 curve
> in ecc_point_mult (7/10)
>
> v2:
> - Reformulated some patch descriptions
> - Fixed issue detected by krobot
> - Some other small changes to the code
>
>
>
> Stefan Berger (13):
> crypto: ecc - Use ECC_CURVE_NIST_P192/256/384_DIGITS where possible
> crypto: ecdsa - Convert byte arrays with key coordinates to digits
> crypto: ecdsa - Adjust tests on length of key parameters
> crypto: ecdsa - Extend res.x mod n calculation for NIST P521
> crypto: ecc - Add nbits field to ecc_curve structure
> crypto: ecc - Implement vli_mmod_fast_521 for NIST p521
> crypto: ecc - Add special case for NIST P521 in ecc_point_mult
> crypto: ecc - Add NIST P521 curve parameters
> crypto: ecdsa - Replace ndigits with nbits where precision is needed
> crypto: ecdsa - Rename keylen to bufsize where necessary
> crypto: ecdsa - Register NIST P521 and extend test suite
> crypto: asymmetric_keys - Adjust signature size calculation for NIST
> P521
> crypto: x509 - Add OID for NIST P521 and extend parser for it
>
> crypto/asymmetric_keys/public_key.c | 14 ++-
> crypto/asymmetric_keys/x509_cert_parser.c | 3 +
> crypto/ecc.c | 44 +++++--
> crypto/ecc_curve_defs.h | 49 ++++++++
> crypto/ecdsa.c | 62 ++++++---
> crypto/ecrdsa_defs.h | 5 +
> crypto/testmgr.c | 7 ++
> crypto/testmgr.h | 146 ++++++++++++++++++++++
> include/crypto/ecc_curve.h | 2 +
> include/crypto/ecdh.h | 1 +
> include/crypto/internal/ecc.h | 24 +++-
> include/linux/oid_registry.h | 1 +
> 12 files changed, 335 insertions(+), 23 deletions(-)
>
Powered by blists - more mailing lists