lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e2369a9e-cd65-4375-8178-52fae3b8122e@linux.ibm.com>
Date: Fri, 15 Mar 2024 13:10:11 -0400
From: Stefan Berger <stefanb@...ux.ibm.com>
To: Stefan Berger <stefanb@...ux.vnet.ibm.com>, keyrings@...r.kernel.org,
        linux-crypto@...r.kernel.org, herbert@...dor.apana.org.au,
        davem@...emloft.net
Cc: linux-kernel@...r.kernel.org, saulo.alessandre@....jus.br, lukas@...ner.de,
        bbhushan2@...vell.com, jarkko@...nel.org
Subject: Re: [PATCH v6 00/13] Add support for NIST P521 to ecdsa



On 3/12/24 14:36, Stefan Berger wrote:
> From: Stefan Berger <stefanb@...ux.ibm.com>
> 
> This series adds support for the NIST P521 curve to the ecdsa module
> to enable signature verification with it.
> 
> An issue with the current code in ecdsa is that it assumes that input
> arrays providing key coordinates for example, are arrays of digits
> (a 'digit' is a 'u64'). This works well for all currently supported
> curves, such as NIST P192/256/384, but does not work for NIST P521 where
> coordinates are 8 digits + 2 bytes long. So some of the changes deal with
> converting byte arrays to digits and adjusting tests on input byte
> array lengths to tolerate arrays not providing multiples of 8 bytes.
> 

FYI: A test suite for the NIST ECC algorithms is here: 
https://github.com/stefanberger/eckey-testing

Script to test valid and invalid certs and signatures: 
test-ecc-kernel-keys.sh

> Regards,
>     Stefan
> 
> v6:
>   - Use existing #defines for number of digits rather than plain numbers
>     (1/13, 6/13) following Bharat's suggestion
>   - Initialize result from lowest 521 bits of product rather than going
>     through tmp variable (6/13)
> 
> v5:
>   - Simplified ecc_digits_from_bytes as suggested by Lukas (1/12)
>   - Using nbits == 521 to detect NIST P521 curve rather than strcmp()
>     (5,6/12)
>   - Nits in patch description and comments (11/12)
> 
> v4:
>   - Followed suggestions by Lukas Wummer (1,5,8/12)
>   - Use nbits rather than ndigits where needed (8/12)
>   - Renaming 'keylen' variablest to bufsize where necessary (9/12)
>   - Adjust signature size calculation for NIST P521 (11/12)
> 
> v3:
>   - Dropped ecdh support
>   - Use ecc_get_curve_nbits for getting number of bits in NIST P521 curve
>     in ecc_point_mult (7/10)
> 
> v2:
>   - Reformulated some patch descriptions
>   - Fixed issue detected by krobot
>   - Some other small changes to the code
> 
> 
> 
> Stefan Berger (13):
>    crypto: ecc - Use ECC_CURVE_NIST_P192/256/384_DIGITS where possible
>    crypto: ecdsa - Convert byte arrays with key coordinates to digits
>    crypto: ecdsa - Adjust tests on length of key parameters
>    crypto: ecdsa - Extend res.x mod n calculation for NIST P521
>    crypto: ecc - Add nbits field to ecc_curve structure
>    crypto: ecc - Implement vli_mmod_fast_521 for NIST p521
>    crypto: ecc - Add special case for NIST P521 in ecc_point_mult
>    crypto: ecc - Add NIST P521 curve parameters
>    crypto: ecdsa - Replace ndigits with nbits where precision is needed
>    crypto: ecdsa - Rename keylen to bufsize where necessary
>    crypto: ecdsa - Register NIST P521 and extend test suite
>    crypto: asymmetric_keys - Adjust signature size calculation for NIST
>      P521
>    crypto: x509 - Add OID for NIST P521 and extend parser for it
> 
>   crypto/asymmetric_keys/public_key.c       |  14 ++-
>   crypto/asymmetric_keys/x509_cert_parser.c |   3 +
>   crypto/ecc.c                              |  44 +++++--
>   crypto/ecc_curve_defs.h                   |  49 ++++++++
>   crypto/ecdsa.c                            |  62 ++++++---
>   crypto/ecrdsa_defs.h                      |   5 +
>   crypto/testmgr.c                          |   7 ++
>   crypto/testmgr.h                          | 146 ++++++++++++++++++++++
>   include/crypto/ecc_curve.h                |   2 +
>   include/crypto/ecdh.h                     |   1 +
>   include/crypto/internal/ecc.h             |  24 +++-
>   include/linux/oid_registry.h              |   1 +
>   12 files changed, 335 insertions(+), 23 deletions(-)
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ