[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <CZX6LU6VWC48.1FA08R7TZJMRM@kernel.org>
Date: Mon, 18 Mar 2024 23:08:28 +0200
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "Stefan Berger" <stefanb@...ux.vnet.ibm.com>,
<keyrings@...r.kernel.org>, <linux-crypto@...r.kernel.org>,
<herbert@...dor.apana.org.au>, <davem@...emloft.net>
Cc: <linux-kernel@...r.kernel.org>, <saulo.alessandre@....jus.br>,
<lukas@...ner.de>, <bbhushan2@...vell.com>, "Stefan Berger"
<stefanb@...ux.ibm.com>
Subject: Re: [PATCH v6 11/13] crypto: ecdsa - Register NIST P521 and extend
test suite
On Tue Mar 12, 2024 at 8:36 PM EET, Stefan Berger wrote:
> From: Stefan Berger <stefanb@...ux.ibm.com>
>
> Register NIST P521 as an akcipher and extend the testmgr with
> NIST P521-specific test vectors.
>
> Signed-off-by: Stefan Berger <stefanb@...ux.ibm.com>
> Tested-by: Lukas Wunner <lukas@...ner.de>
> ---
> crypto/ecdsa.c | 30 ++++++++++
> crypto/testmgr.c | 7 +++
> crypto/testmgr.h | 146 +++++++++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 183 insertions(+)
>
> diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c
> index 4e847b59622a..894599f1885f 100644
> --- a/crypto/ecdsa.c
> +++ b/crypto/ecdsa.c
> @@ -269,6 +269,28 @@ static unsigned int ecdsa_max_size(struct crypto_akcipher *tfm)
> return DIV_ROUND_UP(ctx->curve->nbits, 8);
> }
>
> +static int ecdsa_nist_p521_init_tfm(struct crypto_akcipher *tfm)
> +{
> + struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm);
> +
> + return ecdsa_ecc_ctx_init(ctx, ECC_CURVE_NIST_P521);
> +}
> +
> +static struct akcipher_alg ecdsa_nist_p521 = {
> + .verify = ecdsa_verify,
> + .set_pub_key = ecdsa_set_pub_key,
> + .max_size = ecdsa_max_size,
> + .init = ecdsa_nist_p521_init_tfm,
> + .exit = ecdsa_exit_tfm,
> + .base = {
> + .cra_name = "ecdsa-nist-p521",
> + .cra_driver_name = "ecdsa-nist-p521-generic",
> + .cra_priority = 100,
> + .cra_module = THIS_MODULE,
> + .cra_ctxsize = sizeof(struct ecc_ctx),
> + },
> +};
> +
> static int ecdsa_nist_p384_init_tfm(struct crypto_akcipher *tfm)
> {
> struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm);
> @@ -352,8 +374,15 @@ static int __init ecdsa_init(void)
> if (ret)
> goto nist_p384_error;
>
> + ret = crypto_register_akcipher(&ecdsa_nist_p521);
> + if (ret)
> + goto nist_p521_error;
> +
> return 0;
>
> +nist_p521_error:
> + crypto_unregister_akcipher(&ecdsa_nist_p384);
> +
> nist_p384_error:
> crypto_unregister_akcipher(&ecdsa_nist_p256);
>
> @@ -369,6 +398,7 @@ static void __exit ecdsa_exit(void)
> crypto_unregister_akcipher(&ecdsa_nist_p192);
> crypto_unregister_akcipher(&ecdsa_nist_p256);
> crypto_unregister_akcipher(&ecdsa_nist_p384);
> + crypto_unregister_akcipher(&ecdsa_nist_p521);
> }
>
> subsys_initcall(ecdsa_init);
> diff --git a/crypto/testmgr.c b/crypto/testmgr.c
> index c26aeda85787..a017b4ad119b 100644
> --- a/crypto/testmgr.c
> +++ b/crypto/testmgr.c
> @@ -5097,6 +5097,13 @@ static const struct alg_test_desc alg_test_descs[] = {
> .suite = {
> .akcipher = __VECS(ecdsa_nist_p384_tv_template)
> }
> + }, {
> + .alg = "ecdsa-nist-p521",
> + .test = alg_test_akcipher,
> + .fips_allowed = 1,
> + .suite = {
> + .akcipher = __VECS(ecdsa_nist_p521_tv_template)
> + }
> }, {
> .alg = "ecrdsa",
> .test = alg_test_akcipher,
> diff --git a/crypto/testmgr.h b/crypto/testmgr.h
> index 986f331a5fc2..9bde04be8df9 100644
> --- a/crypto/testmgr.h
> +++ b/crypto/testmgr.h
> @@ -991,6 +991,152 @@ static const struct akcipher_testvec ecdsa_nist_p384_tv_template[] = {
> },
> };
>
> +static const struct akcipher_testvec ecdsa_nist_p521_tv_template[] = {
> + {
> + .key = /* secp521r1(sha224) */
> + "\x04\x01\x4f\x43\x18\xb6\xa9\xc9\x5d\x68\xd3\xa9\x42\xf8\x98\xc0"
> + "\xd2\xd1\xa9\x50\x3b\xe8\xc4\x40\xe6\x11\x78\x88\x4b\xbd\x76\xa7"
> + "\x9a\xe0\xdd\x31\xa4\x67\x78\x45\x33\x9e\x8c\xd1\xc7\x44\xac\x61"
> + "\x68\xc8\x04\xe7\x5c\x79\xb1\xf1\x41\x0c\x71\xc0\x53\xa8\xbc\xfb"
> + "\xf5\xca\xd4\x01\x40\xfd\xa3\x45\xda\x08\xe0\xb4\xcb\x28\x3b\x0a"
> + "\x02\x35\x5f\x02\x9f\x3f\xcd\xef\x08\x22\x40\x97\x74\x65\xb7\x76"
> + "\x85\xc7\xc0\x5c\xfb\x81\xe1\xa5\xde\x0c\x4e\x8b\x12\x31\xb6\x47"
> + "\xed\x37\x0f\x99\x3f\x26\xba\xa3\x8e\xff\x79\x34\x7c\x3a\xfe\x1f"
> + "\x3b\x83\x82\x2f\x14",
> + .key_len = 133,
> + .params =
> + "\x30\x10\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x05\x2b\x81\x04"
> + "\x00\x23",
> + .param_len = 18,
> + .m =
> + "\xa2\x3a\x6a\x8c\x7b\x3c\xf2\x51\xf8\xbe\x5f\x4f\x3b\x15\x05\xc4"
> + "\xb5\xbc\x19\xe7\x21\x85\xe9\x23\x06\x33\x62\xfb",
> + .m_size = 28,
> + .algo = OID_id_ecdsa_with_sha224,
> + .c =
> + "\x30\x81\x86\x02\x41\x01\xd6\x43\xe7\xff\x42\xb2\xba\x74\x35\xf6"
> + "\xdc\x6d\x02\x7b\x22\xac\xe2\xef\x07\x92\xee\x60\x94\x06\xf8\x3f"
> + "\x59\x0f\x74\xf0\x3f\xd8\x18\xc6\x37\x8a\xcb\xa7\xd8\x7d\x98\x85"
> + "\x29\x88\xff\x0b\x94\x94\x6c\xa6\x9b\x89\x8b\x1e\xfd\x09\x46\x6b"
> + "\xc7\xaf\x7a\xb9\x19\x0a\x02\x41\x3a\x26\x0d\x55\xcd\x23\x1e\x7d"
> + "\xa0\x5e\xf9\x88\xf3\xd2\x32\x90\x57\x0f\xf8\x65\x97\x6b\x09\x4d"
> + "\x22\x26\x0b\x5f\x49\x32\x6b\x91\x99\x30\x90\x0f\x1c\x8f\x78\xd3"
> + "\x9f\x0e\x64\xcc\xc4\xe8\x43\xd9\x0e\x1c\xad\x22\xda\x82\x00\x35"
> + "\xa3\x50\xb1\xa5\x98\x92\x2a\xa5\x52",
> + .c_size = 137,
> + .public_key_vec = true,
> + .siggen_sigver_test = true,
> + },
> + {
> + .key = /* secp521r1(sha256) */
> + "\x04\x01\x05\x3a\x6b\x3b\x5a\x0f\xa7\xb9\xb7\x32\x53\x4e\xe2\xae"
> + "\x0a\x52\xc5\xda\xdd\x5a\x79\x1c\x30\x2d\x33\x07\x79\xd5\x70\x14"
> + "\x61\x0c\xec\x26\x4d\xd8\x35\x57\x04\x1d\x88\x33\x4d\xce\x05\x36"
> + "\xa5\xaf\x56\x84\xfa\x0b\x9e\xff\x7b\x30\x4b\x92\x1d\x06\xf8\x81"
> + "\x24\x1e\x51\x00\x09\x21\x51\xf7\x46\x0a\x77\xdb\xb5\x0c\xe7\x9c"
> + "\xff\x27\x3c\x02\x71\xd7\x85\x36\xf1\xaa\x11\x59\xd8\xb8\xdc\x09"
> + "\xdc\x6d\x5a\x6f\x63\x07\x6c\xe1\xe5\x4d\x6e\x0f\x6e\xfb\x7c\x05"
> + "\x8a\xe9\x53\xa8\xcf\xce\x43\x0e\x82\x20\x86\xbc\x88\x9c\xb7\xe3"
> + "\xe6\x77\x1e\x1f\x8a",
> + .key_len = 133,
> + .params =
> + "\x30\x10\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x05\x2b\x81\x04"
> + "\x00\x23",
> + .param_len = 18,
> + .m =
> + "\xcc\x97\x73\x0c\x73\xa2\x53\x2b\xfa\xd7\x83\x1d\x0c\x72\x1b\x39"
> + "\x80\x71\x8d\xdd\xc5\x9b\xff\x55\x32\x98\x25\xa2\x58\x2e\xb7\x73",
> + .m_size = 32,
> + .algo = OID_id_ecdsa_with_sha256,
> + .c =
> + "\x30\x81\x88\x02\x42\x00\xcd\xa5\x5f\x57\x52\x27\x78\x3a\xb5\x06"
> + "\x0f\xfd\x83\xfc\x0e\xd9\xce\x50\x9f\x7d\x1f\xca\x8b\xa8\x2d\x56"
> + "\x3c\xf6\xf0\xd8\xe1\xb7\x5d\x95\x35\x6f\x02\x0e\xaf\xe1\x4c\xae"
> + "\xce\x54\x76\x9a\xc2\x8f\xb8\x38\x1f\x46\x0b\x04\x64\x34\x79\xde"
> + "\x7e\xd7\x59\x10\xe9\xd9\xd5\x02\x42\x01\xcf\x50\x85\x38\xf9\x15"
> + "\x83\x18\x04\x6b\x35\xae\x65\xb5\x99\x12\x0a\xa9\x79\x24\xb9\x37"
> + "\x35\xdd\xa0\xe0\x87\x2c\x44\x4b\x5a\xee\xaf\xfa\x10\xdd\x9b\xfb"
> + "\x36\x1a\x31\x03\x42\x02\x5f\x50\xf0\xa2\x0d\x1c\x57\x56\x8f\x12"
> + "\xb7\x1d\x91\x55\x38\xb6\xf6\x34\x65\xc7\xbd",
> + .c_size = 139,
> + .public_key_vec = true,
> + .siggen_sigver_test = true,
> + },
> + {
> + .key = /* secp521r1(sha384) */
> + "\x04\x00\x2e\xd6\x21\x04\x75\xc3\xdc\x7d\xff\x0e\xf3\x70\x25\x2b"
> + "\xad\x72\xfc\x5a\x91\xf1\xd5\x9c\x64\xf3\x1f\x47\x11\x10\x62\x33"
> + "\xfd\x2e\xe8\x32\xca\x9e\x6f\x0a\x4c\x5b\x35\x9a\x46\xc5\xe7\xd4"
> + "\x38\xda\xb2\xf0\xf4\x87\xf3\x86\xf4\xea\x70\xad\x1e\xd4\x78\x8c"
> + "\x36\x18\x17\x00\xa2\xa0\x34\x1b\x2e\x6a\xdf\x06\xd6\x99\x2d\x47"
> + "\x50\x92\x1a\x8a\x72\x9c\x23\x44\xfa\xa7\xa9\xed\xa6\xef\x26\x14"
> + "\xb3\x9d\xfe\x5e\xa3\x8c\xd8\x29\xf8\xdf\xad\xa6\xab\xfc\xdd\x46"
> + "\x22\x6e\xd7\x35\xc7\x23\xb7\x13\xae\xb6\x34\xff\xd7\x80\xe5\x39"
> + "\xb3\x3b\x5b\x1b\x94",
> + .key_len = 133,
> + .params =
> + "\x30\x10\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x05\x2b\x81\x04"
> + "\x00\x23",
> + .param_len = 18,
> + .m =
> + "\x36\x98\xd6\x82\xfa\xad\xed\x3c\xb9\x40\xb6\x4d\x9e\xb7\x04\x26"
> + "\xad\x72\x34\x44\xd2\x81\xb4\x9b\xbe\x01\x04\x7a\xd8\x50\xf8\x59"
> + "\xba\xad\x23\x85\x6b\x59\xbe\xfb\xf6\x86\xd4\x67\xa8\x43\x28\x76",
> + .m_size = 48,
> + .algo = OID_id_ecdsa_with_sha384,
> + .c =
> + "\x30\x81\x88\x02\x42\x00\x93\x96\x76\x3c\x27\xea\xaa\x9c\x26\xec"
> + "\x51\xdc\xe8\x35\x5e\xae\x16\xf2\x4b\x64\x98\xf7\xec\xda\xc7\x7e"
> + "\x42\x71\x86\x57\x2d\xf1\x7d\xe4\xdf\x9b\x7d\x9e\x47\xca\x33\x32"
> + "\x76\x06\xd0\xf9\xc0\xe4\xe6\x84\x59\xfd\x1a\xc4\x40\xdd\x43\xb8"
> + "\x6a\xdd\xfb\xe6\x63\x4e\x28\x02\x42\x00\xff\xc3\x6a\x87\x6e\xb5"
> + "\x13\x1f\x20\x55\xce\x37\x97\xc9\x05\x51\xe5\xe4\x3c\xbc\x93\x65"
> + "\x57\x1c\x30\xda\xa7\xcd\x26\x28\x76\x3b\x52\xdf\xc4\xc0\xdb\x54"
> + "\xdb\x8a\x0d\x6a\xc3\xf3\x7a\xd1\xfa\xe7\xa7\xe5\x5a\x94\x56\xcf"
> + "\x8f\xb4\x22\xc6\x4f\xab\x2b\x62\xc1\x42\xb1",
> + .c_size = 139,
> + .public_key_vec = true,
> + .siggen_sigver_test = true,
> + },
> + {
> + .key = /* secp521r1(sha512) */
> + "\x04\x00\xc7\x65\xee\x0b\x86\x7d\x8f\x02\xf1\x74\x5b\xb0\x4c\x3f"
> + "\xa6\x35\x60\x9f\x55\x23\x11\xcc\xdf\xb8\x42\x99\xee\x6c\x96\x6a"
> + "\x27\xa2\x56\xb2\x2b\x03\xad\x0f\xe7\x97\xde\x09\x5d\xb4\xc5\x5f"
> + "\xbd\x87\x37\xbf\x5a\x16\x35\x56\x08\xfd\x6f\x06\x1a\x1c\x84\xee"
> + "\xc3\x64\xb3\x00\x9e\xbd\x6e\x60\x76\xee\x69\xfd\x3a\xb8\xcd\x7e"
> + "\x91\x68\x53\x57\x44\x13\x2e\x77\x09\x2a\xbe\x48\xbd\x91\xd8\xf6"
> + "\x21\x16\x53\x99\xd5\xf0\x40\xad\xa6\xf8\x58\x26\xb6\x9a\xf8\x77"
> + "\xfe\x3a\x05\x1a\xdb\xa9\x0f\xc0\x6c\x76\x30\x8c\xd8\xde\x44\xae"
> + "\xd0\x17\xdf\x49\x6a",
> + .key_len = 133,
> + .params =
> + "\x30\x10\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x05\x2b\x81\x04"
> + "\x00\x23",
> + .param_len = 18,
> + .m =
> + "\x5c\xa6\xbc\x79\xb8\xa0\x1e\x11\x83\xf7\xe9\x05\xdf\xba\xf7\x69"
> + "\x97\x22\x32\xe4\x94\x7c\x65\xbd\x74\xc6\x9a\x8b\xbd\x0d\xdc\xed"
> + "\xf5\x9c\xeb\xe1\xc5\x68\x40\xf2\xc7\x04\xde\x9e\x0d\x76\xc5\xa3"
> + "\xf9\x3c\x6c\x98\x08\x31\xbd\x39\xe8\x42\x7f\x80\x39\x6f\xfe\x68",
> + .m_size = 64,
> + .algo = OID_id_ecdsa_with_sha512,
> + .c =
> + "\x30\x81\x88\x02\x42\x01\x5c\x71\x86\x96\xac\x21\x33\x7e\x4e\xaa"
> + "\x86\xec\xa8\x05\x03\x52\x56\x63\x0e\x02\xcc\x94\xa9\x05\xb9\xfb"
> + "\x62\x1e\x42\x03\x6c\x74\x8a\x1f\x12\x3e\xb7\x7e\x51\xff\x7f\x27"
> + "\x93\xe8\x6c\x49\x7d\x28\xfc\x80\xa6\x13\xfc\xb6\x90\xf7\xbb\x28"
> + "\xb5\x04\xb0\xb6\x33\x1c\x7e\x02\x42\x01\x70\x43\x52\x1d\xe3\xc6"
> + "\xbd\x5a\x40\x95\x35\x89\x4f\x41\x5f\x9e\x19\x88\x05\x3e\x43\x39"
> + "\x01\xbd\xb7\x7a\x76\x37\x51\x47\x49\x98\x12\x71\xd0\xe9\xca\xa7"
> + "\xc0\xcb\xaa\x00\x55\xbb\x6a\xb4\x73\x00\xd2\x72\x74\x13\x63\x39"
> + "\xa6\xe5\x25\x46\x1e\x77\x44\x78\xe0\xd1\x04",
> + .c_size = 139,
> + .public_key_vec = true,
> + .siggen_sigver_test = true,
> + },
> +};
> +
> /*
> * EC-RDSA test vectors are generated by gost-engine.
> */
Reviewed-by: Jarkko Sakkinen <jarkko@...nel.org>
BR, Jarkko
Powered by blists - more mailing lists