Message ID | 20210225160802.2478700-1-stefanb@linux.vnet.ibm.com |
---|---|
Headers | show |
Series | Add support for x509 certs with NIST P384/256/192 keys | expand |
Tianjia, can you say whether SM2 support works for you before and after applying this patch? I cannot verify it with an sm2 key I have created using a sequence of commands like this: > modprobe sm2_generic > id=$(keyctl newring test @u) > keyctl padd asymmetric "" $id < sm2.der add_key: Key was rejected by service > keyctl padd asymmetric "" $id < eckeys/cert-prime192v1-0.der 88506426 The sm2 key is reject but the pime192v1 key works just fine. SM2 support neither worked for me before nor after this patch here. The difference is that before it returned 'add_key: Package not installed'. This is my sm2 cert: > base64 < sm2.der MIIBbzCCARWgAwIBAgIUfqwndeAy7reymWLwvCHOgYPU2YUwCgYIKoZIzj0EAwIwDTELMAkGA1UE AwwCbWUwHhcNMjEwMTI0MTgwNjQ3WhcNMjIwMTI0MTgwNjQ3WjANMQswCQYDVQQDDAJtZTBZMBMG ByqGSM49AgEGCCqBHM9VAYItA0IABEtiMaczdk46MEugmOsY/u+puf5qoi7JdLd/w3VpdixvDd26 vrxLKL7lCTVn5w3a07G7QB1dgdMDpzIRgWrVXC6jUzBRMB0GA1UdDgQWBBSxOVnE7ihvTb6Nczb4 /mow+HIc9TAfBgNVHSMEGDAWgBSxOVnE7ihvTb6Nczb4/mow+HIc9TAPBgNVHRMBAf8EBTADAQH/ MAoGCCqGSM49BAMCA0gAMEUCIE1kiji2ABUy663NANe0iCPjCeeqg02Yk4b3K+Ci/Qh4AiEA/cFB eJEVklyveRMvuTP7BN7FG4U8iRdtedjiX+YrNio= Regards, Stefan On 2/25/21 11:07 AM, Stefan Berger wrote: > From: Stefan Berger <stefanb@linux.ibm.com> > > Detect whether a key is an sm2 type of key by its OID in the parameters > array rather than assuming that everything under OID_id_ecPublicKey > is sm2, which is not the case. > > Cc: David Howells <dhowells@redhat.com> > Cc: keyrings@vger.kernel.org > Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> > Reviewed-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> > --- > crypto/asymmetric_keys/x509_cert_parser.c | 12 +++++++++++- > include/linux/oid_registry.h | 1 + > lib/oid_registry.c | 13 +++++++++++++ > 3 files changed, 25 insertions(+), 1 deletion(-) > > diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c > index 52c9b455fc7d..1621ceaf5c95 100644 > --- a/crypto/asymmetric_keys/x509_cert_parser.c > +++ b/crypto/asymmetric_keys/x509_cert_parser.c > @@ -459,6 +459,7 @@ int x509_extract_key_data(void *context, size_t hdrlen, > const void *value, size_t vlen) > { > struct x509_parse_context *ctx = context; > + enum OID oid; > > ctx->key_algo = ctx->last_oid; > switch (ctx->last_oid) { > @@ -470,7 +471,16 @@ int x509_extract_key_data(void *context, size_t hdrlen, > ctx->cert->pub->pkey_algo = "ecrdsa"; > break; > case OID_id_ecPublicKey: > - ctx->cert->pub->pkey_algo = "sm2"; > + if (parse_OID(ctx->params, ctx->params_size, &oid) != 0) > + return -EBADMSG; > + > + switch (oid) { > + case OID_sm2: > + ctx->cert->pub->pkey_algo = "sm2"; > + break; > + default: > + return -ENOPKG; > + } > break; > default: > return -ENOPKG; > diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h > index b504e2f36b25..f32d91895e4d 100644 > --- a/include/linux/oid_registry.h > +++ b/include/linux/oid_registry.h > @@ -121,6 +121,7 @@ enum OID { > }; > > extern enum OID look_up_OID(const void *data, size_t datasize); > +extern int parse_OID(const void *data, size_t datasize, enum OID *oid); > extern int sprint_oid(const void *, size_t, char *, size_t); > extern int sprint_OID(enum OID, char *, size_t); > > diff --git a/lib/oid_registry.c b/lib/oid_registry.c > index f7ad43f28579..508e0b34b5f0 100644 > --- a/lib/oid_registry.c > +++ b/lib/oid_registry.c > @@ -11,6 +11,7 @@ > #include <linux/kernel.h> > #include <linux/errno.h> > #include <linux/bug.h> > +#include <linux/asn1.h> > #include "oid_registry_data.c" > > MODULE_DESCRIPTION("OID Registry"); > @@ -92,6 +93,18 @@ enum OID look_up_OID(const void *data, size_t datasize) > } > EXPORT_SYMBOL_GPL(look_up_OID); > > +int parse_OID(const void *data, size_t datasize, enum OID *oid) > +{ > + const unsigned char *v = data; > + > + if (datasize < 2 || v[0] != ASN1_OID || v[1] != datasize - 2) > + return -EBADMSG; > + > + *oid = look_up_OID(data + 2, datasize - 2); > + return 0; > +} > +EXPORT_SYMBOL_GPL(parse_OID); > + > /* > * sprint_OID - Print an Object Identifier into a buffer > * @data: The encoded OID to print
Hi, On 3/4/21 7:46 AM, Stefan Berger wrote: > Tianjia, > > can you say whether SM2 support works for you before and after > applying this patch? I cannot verify it with an sm2 key I have created > using a sequence of commands like this: > > > modprobe sm2_generic > > id=$(keyctl newring test @u) > > keyctl padd asymmetric "" $id < sm2.der > add_key: Key was rejected by service > > keyctl padd asymmetric "" $id < eckeys/cert-prime192v1-0.der > 88506426 > > The sm2 key is reject but the pime192v1 key works just fine. SM2 support > neither worked for me before nor after this patch here. The difference > is that before it returned 'add_key: Package not installed'. > > This is my sm2 cert: > > > base64 < sm2.der > MIIBbzCCARWgAwIBAgIUfqwndeAy7reymWLwvCHOgYPU2YUwCgYIKoZIzj0EAwIwDTELMAkGA1UE > > AwwCbWUwHhcNMjEwMTI0MTgwNjQ3WhcNMjIwMTI0MTgwNjQ3WjANMQswCQYDVQQDDAJtZTBZMBMG > > ByqGSM49AgEGCCqBHM9VAYItA0IABEtiMaczdk46MEugmOsY/u+puf5qoi7JdLd/w3VpdixvDd26 > > vrxLKL7lCTVn5w3a07G7QB1dgdMDpzIRgWrVXC6jUzBRMB0GA1UdDgQWBBSxOVnE7ihvTb6Nczb4 > > /mow+HIc9TAfBgNVHSMEGDAWgBSxOVnE7ihvTb6Nczb4/mow+HIc9TAPBgNVHRMBAf8EBTADAQH/ > > MAoGCCqGSM49BAMCA0gAMEUCIE1kiji2ABUy663NANe0iCPjCeeqg02Yk4b3K+Ci/Qh4AiEA/cFB > > eJEVklyveRMvuTP7BN7FG4U8iRdtedjiX+YrNio= > > Regards, > Stefan > Yes, it works fine here. Your test method may be wrong. First of all, the certificate looks wrong, I don’t know if it is not sent completely. Secondly, the SM2 algorithm must be compiled with builtin. There will be a problem when it is compiled into a module. This is a restriction for SM2 signature with Za. you may refer to this discussion: https://lkml.org/lkml/2021/1/12/1736 In addition, give you a self-signed root certificate for my test: -----BEGIN CERTIFICATE----- MIICLjCCAdWgAwIBAgIUEoozP6LzMYWh4gCpcWlzsUyfgsIwCgYIKoEcz1UBg3Uw bTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkdTMQswCQYDVQQHDAJHdDENMAsGA1UE CgwEYmFiYTELMAkGA1UECwwCT1MxCzAJBgNVBAMMAmNhMRswGQYJKoZIhvcNAQkB FgxjYUB3b3JsZC5jb20wHhcNMjAwNDE1MTE1NDA3WhcNMzAwNDEzMTE1NDA3WjBt MQswCQYDVQQGEwJDTjELMAkGA1UECAwCR1MxCzAJBgNVBAcMAkd0MQ0wCwYDVQQK DARiYWJhMQswCQYDVQQLDAJPUzELMAkGA1UEAwwCY2ExGzAZBgkqhkiG9w0BCQEW DGNhQHdvcmxkLmNvbTBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABMTGRiHezKm5 MiKHlyfa5Bv5jLxge/WRRG0nLNsZx1yf0XQTQBR/tFFjPGePEr7+Fa1CPgYpXExx i44coYMmQT6jUzBRMB0GA1UdDgQWBBSjd9GWIe98Ll9J0dquxgCktp9DrTAfBgNV HSMEGDAWgBSjd9GWIe98Ll9J0dquxgCktp9DrTAPBgNVHRMBAf8EBTADAQH/MAoG CCqBHM9VAYN1A0cAMEQCIAvLWIfGFq85u/vVMLc5H1D/DnrNS0VhSkQA4daRO4tc AiABbeWENcQZDZLWTuqG9P2KDPOoNqV/QV/+0XjMAVblhg== -----END CERTIFICATE----- If you can, please add: Tested-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> good luck! Tianjia
On 3/5/21 2:37 AM, Tianjia Zhang wrote: > Hi, > > On 3/4/21 7:46 AM, Stefan Berger wrote: >> Tianjia, >> >> can you say whether SM2 support works for you before and after >> applying this patch? I cannot verify it with an sm2 key I have >> created using a sequence of commands like this: >> >> > modprobe sm2_generic >> > id=$(keyctl newring test @u) >> > keyctl padd asymmetric "" $id < sm2.der >> add_key: Key was rejected by service >> > keyctl padd asymmetric "" $id < eckeys/cert-prime192v1-0.der >> 88506426 >> >> The sm2 key is reject but the pime192v1 key works just fine. SM2 >> support neither worked for me before nor after this patch here. The >> difference is that before it returned 'add_key: Package not installed'. >> >> This is my sm2 cert: >> >> > base64 < sm2.der >> MIIBbzCCARWgAwIBAgIUfqwndeAy7reymWLwvCHOgYPU2YUwCgYIKoZIzj0EAwIwDTELMAkGA1UE >> >> AwwCbWUwHhcNMjEwMTI0MTgwNjQ3WhcNMjIwMTI0MTgwNjQ3WjANMQswCQYDVQQDDAJtZTBZMBMG >> >> ByqGSM49AgEGCCqBHM9VAYItA0IABEtiMaczdk46MEugmOsY/u+puf5qoi7JdLd/w3VpdixvDd26 >> >> vrxLKL7lCTVn5w3a07G7QB1dgdMDpzIRgWrVXC6jUzBRMB0GA1UdDgQWBBSxOVnE7ihvTb6Nczb4 >> >> /mow+HIc9TAfBgNVHSMEGDAWgBSxOVnE7ihvTb6Nczb4/mow+HIc9TAPBgNVHRMBAf8EBTADAQH/ >> >> MAoGCCqGSM49BAMCA0gAMEUCIE1kiji2ABUy663NANe0iCPjCeeqg02Yk4b3K+Ci/Qh4AiEA/cFB >> >> eJEVklyveRMvuTP7BN7FG4U8iRdtedjiX+YrNio= >> >> Regards, >> Stefan >> > > Yes, it works fine here. Your test method may be wrong. First of all, > the certificate looks wrong, I don’t know if it is not sent > completely. Secondly, the SM2 algorithm must be compiled with builtin. > There will be a problem when it is compiled into a module. This is a > restriction for SM2 signature with Za. you may refer to this discussion: > > https://lkml.org/lkml/2021/1/12/1736 > > In addition, give you a self-signed root certificate for my test: > > -----BEGIN CERTIFICATE----- > MIICLjCCAdWgAwIBAgIUEoozP6LzMYWh4gCpcWlzsUyfgsIwCgYIKoEcz1UBg3Uw > bTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkdTMQswCQYDVQQHDAJHdDENMAsGA1UE > CgwEYmFiYTELMAkGA1UECwwCT1MxCzAJBgNVBAMMAmNhMRswGQYJKoZIhvcNAQkB > FgxjYUB3b3JsZC5jb20wHhcNMjAwNDE1MTE1NDA3WhcNMzAwNDEzMTE1NDA3WjBt > MQswCQYDVQQGEwJDTjELMAkGA1UECAwCR1MxCzAJBgNVBAcMAkd0MQ0wCwYDVQQK > DARiYWJhMQswCQYDVQQLDAJPUzELMAkGA1UEAwwCY2ExGzAZBgkqhkiG9w0BCQEW > DGNhQHdvcmxkLmNvbTBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABMTGRiHezKm5 > MiKHlyfa5Bv5jLxge/WRRG0nLNsZx1yf0XQTQBR/tFFjPGePEr7+Fa1CPgYpXExx > i44coYMmQT6jUzBRMB0GA1UdDgQWBBSjd9GWIe98Ll9J0dquxgCktp9DrTAfBgNV > HSMEGDAWgBSjd9GWIe98Ll9J0dquxgCktp9DrTAPBgNVHRMBAf8EBTADAQH/MAoG > CCqBHM9VAYN1A0cAMEQCIAvLWIfGFq85u/vVMLc5H1D/DnrNS0VhSkQA4daRO4tc > AiABbeWENcQZDZLWTuqG9P2KDPOoNqV/QV/+0XjMAVblhg== > -----END CERTIFICATE----- > > If you can, please add: > > Tested-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> > > good luck! It works with your certificate! When I create the sm2 with OpenSSL on Ubuntu, which seems to have sm2 support, or so one may think, I get this type of signature: I cannot create it with sm3, if that's how this is supposed to be signed: > # openssl req -x509 -sm3 -newkey ec -pkeyopt ec_paramgen_curve:sm2 -keyout sm2key.pem -days 365 -subj '/CN=test' -nodes -outform der -out sm2.der parameter error "ec_paramgen_curve:sm2" 140735899258064:error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown group:crypto/ec/ec_curve.c:418: 140735899258064:error:100C508D:elliptic curve routines:pkey_ec_ctrl:invalid curve:crypto/ec/ec_pmeth.c:231: Using sha256 instead, which is the mistake: > openssl req -x509 -sha256 -newkey ec -pkeyopt ec_paramgen_curve:sm2 -keyout sm2key.pem -days 365 -subj '/CN=test' -nodes -outform der -out sm2-2nd.der > openssl x509 -inform der -in sm2-2nd.der -noout -text [...] Signature Algorithm: ecdsa-with-SHA256 30:45:02:20:05:72:15:b0:e8:f5:5a:27:d2:fb:f9:de:de:35: 05:b2:76:8a:6f:84:c1:54:db:c2:38:8c:d2:64:8b:67:23:01: 02:21:00:97:77:9e:42:fa:41:3d:d4:81:5e:5b:ad:9e:56:ad: 46:fc:5e:94:92:a6:07:2d:af:62:d2:2d:39:7b:71:f1:4a Yours has this type of signature: Signature Algorithm: 1.2.156.10197.1.501 30:44:02:20:0b:cb:58:87:c6:16:af:39:bb:fb:d5:30:b7:39: 1f:50:ff:0e:7a:cd:4b:45:61:4a:44:00:e1:d6:91:3b:8b:5c: 02:20:01:6d:e5:84:35:c4:19:0d:92:d6:4e:ea:86:f4:fd:8a: 0c:f3:a8:36:a5:7f:41:5f:fe:d1:78:cc:01:56:e5:86 Thanks anyway! Stefan
Hi, On 3/5/21 11:04 PM, Stefan Berger wrote: > On 3/5/21 2:37 AM, Tianjia Zhang wrote: >> Hi, >> >> On 3/4/21 7:46 AM, Stefan Berger wrote: >>> Tianjia, >>> >>> can you say whether SM2 support works for you before and after >>> applying this patch? I cannot verify it with an sm2 key I have >>> created using a sequence of commands like this: >>> >>> > modprobe sm2_generic >>> > id=$(keyctl newring test @u) >>> > keyctl padd asymmetric "" $id < sm2.der >>> add_key: Key was rejected by service >>> > keyctl padd asymmetric "" $id < eckeys/cert-prime192v1-0.der >>> 88506426 >>> >>> The sm2 key is reject but the pime192v1 key works just fine. SM2 >>> support neither worked for me before nor after this patch here. The >>> difference is that before it returned 'add_key: Package not installed'. >>> >>> This is my sm2 cert: >>> >>> > base64 < sm2.der >>> MIIBbzCCARWgAwIBAgIUfqwndeAy7reymWLwvCHOgYPU2YUwCgYIKoZIzj0EAwIwDTELMAkGA1UE >>> >>> AwwCbWUwHhcNMjEwMTI0MTgwNjQ3WhcNMjIwMTI0MTgwNjQ3WjANMQswCQYDVQQDDAJtZTBZMBMG >>> >>> ByqGSM49AgEGCCqBHM9VAYItA0IABEtiMaczdk46MEugmOsY/u+puf5qoi7JdLd/w3VpdixvDd26 >>> >>> vrxLKL7lCTVn5w3a07G7QB1dgdMDpzIRgWrVXC6jUzBRMB0GA1UdDgQWBBSxOVnE7ihvTb6Nczb4 >>> >>> /mow+HIc9TAfBgNVHSMEGDAWgBSxOVnE7ihvTb6Nczb4/mow+HIc9TAPBgNVHRMBAf8EBTADAQH/ >>> >>> MAoGCCqGSM49BAMCA0gAMEUCIE1kiji2ABUy663NANe0iCPjCeeqg02Yk4b3K+Ci/Qh4AiEA/cFB >>> >>> eJEVklyveRMvuTP7BN7FG4U8iRdtedjiX+YrNio= >>> >>> Regards, >>> Stefan >>> >> >> Yes, it works fine here. Your test method may be wrong. First of all, >> the certificate looks wrong, I don’t know if it is not sent >> completely. Secondly, the SM2 algorithm must be compiled with builtin. >> There will be a problem when it is compiled into a module. This is a >> restriction for SM2 signature with Za. you may refer to this discussion: >> >> https://lkml.org/lkml/2021/1/12/1736 >> >> In addition, give you a self-signed root certificate for my test: >> >> -----BEGIN CERTIFICATE----- >> MIICLjCCAdWgAwIBAgIUEoozP6LzMYWh4gCpcWlzsUyfgsIwCgYIKoEcz1UBg3Uw >> bTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkdTMQswCQYDVQQHDAJHdDENMAsGA1UE >> CgwEYmFiYTELMAkGA1UECwwCT1MxCzAJBgNVBAMMAmNhMRswGQYJKoZIhvcNAQkB >> FgxjYUB3b3JsZC5jb20wHhcNMjAwNDE1MTE1NDA3WhcNMzAwNDEzMTE1NDA3WjBt >> MQswCQYDVQQGEwJDTjELMAkGA1UECAwCR1MxCzAJBgNVBAcMAkd0MQ0wCwYDVQQK >> DARiYWJhMQswCQYDVQQLDAJPUzELMAkGA1UEAwwCY2ExGzAZBgkqhkiG9w0BCQEW >> DGNhQHdvcmxkLmNvbTBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABMTGRiHezKm5 >> MiKHlyfa5Bv5jLxge/WRRG0nLNsZx1yf0XQTQBR/tFFjPGePEr7+Fa1CPgYpXExx >> i44coYMmQT6jUzBRMB0GA1UdDgQWBBSjd9GWIe98Ll9J0dquxgCktp9DrTAfBgNV >> HSMEGDAWgBSjd9GWIe98Ll9J0dquxgCktp9DrTAPBgNVHRMBAf8EBTADAQH/MAoG >> CCqBHM9VAYN1A0cAMEQCIAvLWIfGFq85u/vVMLc5H1D/DnrNS0VhSkQA4daRO4tc >> AiABbeWENcQZDZLWTuqG9P2KDPOoNqV/QV/+0XjMAVblhg== >> -----END CERTIFICATE----- >> >> If you can, please add: >> >> Tested-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> >> >> good luck! > > > It works with your certificate! When I create the sm2 with OpenSSL on > Ubuntu, which seems to have sm2 support, or so one may think, I get this > type of signature: > > > I cannot create it with sm3, if that's how this is supposed to be signed: > > > # openssl req -x509 -sm3 -newkey ec -pkeyopt ec_paramgen_curve:sm2 > -keyout sm2key.pem -days 365 -subj '/CN=test' -nodes -outform der -out > sm2.der > parameter error "ec_paramgen_curve:sm2" > 140735899258064:error:100AE081:elliptic curve > routines:EC_GROUP_new_by_curve_name:unknown group:crypto/ec/ec_curve.c:418: > 140735899258064:error:100C508D:elliptic curve > routines:pkey_ec_ctrl:invalid curve:crypto/ec/ec_pmeth.c:231: > > > Using sha256 instead, which is the mistake: > > > openssl req -x509 -sha256 -newkey ec -pkeyopt ec_paramgen_curve:sm2 > -keyout sm2key.pem -days 365 -subj '/CN=test' -nodes -outform der -out > sm2-2nd.der > > > openssl x509 -inform der -in sm2-2nd.der -noout -text > > [...] > > Signature Algorithm: ecdsa-with-SHA256 > 30:45:02:20:05:72:15:b0:e8:f5:5a:27:d2:fb:f9:de:de:35: > 05:b2:76:8a:6f:84:c1:54:db:c2:38:8c:d2:64:8b:67:23:01: > 02:21:00:97:77:9e:42:fa:41:3d:d4:81:5e:5b:ad:9e:56:ad: > 46:fc:5e:94:92:a6:07:2d:af:62:d2:2d:39:7b:71:f1:4a > > > Yours has this type of signature: > > Signature Algorithm: 1.2.156.10197.1.501 > 30:44:02:20:0b:cb:58:87:c6:16:af:39:bb:fb:d5:30:b7:39: > 1f:50:ff:0e:7a:cd:4b:45:61:4a:44:00:e1:d6:91:3b:8b:5c: > 02:20:01:6d:e5:84:35:c4:19:0d:92:d6:4e:ea:86:f4:fd:8a: > 0c:f3:a8:36:a5:7f:41:5f:fe:d1:78:cc:01:56:e5:86 > > Thanks anyway! > > > Stefan > I guess it may be that your openssl version is too low. At present, only openssl 3.0.0 (still in the alpha stage and not yet officially released) can support the certificate of the SM2-with-SM3 algorithm combination. This is the command I used in openssl-3.0.0-alpha6: openssl ecparam -genkey -name SM2 -text -out ca.key openssl req -new \ -x509 -days 3650 \ -sm3 -sigopt "distid:1234567812345678" \ -key ca.key \ -out ca.crt \ -subj "/C=CN/ST=GS/L=Gt/O=baba/OU=OS/CN=ca/emailAddress=ca@world.com"
From: Stefan Berger <stefanb@linux.ibm.com> This series of patches adds support for x509 certificates signed by a CA that uses NIST P384, P256 or P192 keys for signing. It also adds support for certificates where the public key is one of this type of a key. The math for ECDSA signature verification is also added as well as the math for fast mmod operation for NIST P384. Since self-signed certificates are verified upon loading, the following script can be used for testing of NIST P256 keys: k=$(keyctl newring test @u) while :; do for hash in sha1 sha224 sha256 sha384 sha512; do openssl req \ -x509 \ -${hash} \ -newkey ec \ -pkeyopt ec_paramgen_curve:prime256v1 \ -keyout key.pem \ -days 365 \ -subj '/CN=test' \ -nodes \ -outform der \ -out cert.der keyctl padd asymmetric testkey $k < cert.der if [ $? -ne 0 ]; then echo "ERROR" exit 1 fi done done Ecdsa support also works with restricted keyrings where an RSA key is used to sign a NIST P384/256/192 key. Scripts for testing are here: https://github.com/stefanberger/eckey-testing The ECDSA signature verification will be used by IMA Appraisal where ECDSA file signatures stored in RPM packages will use substantially less space than if RSA signatures were to be used. Further, a patch is added that allows kernel modules to be signed with a NIST p384 key. Stefan and Saulo v8->v9: - Appended Saulo's patches - Appended patch to support kernel modules signed with NIST p384 key. This patch requires Nayna's series here: https://lkml.org/lkml/2021/2/18/856 v7->v8: - patch 3/4: Do not determine key algo using parse_OID in public_key.c but do this when parsing the certificate. This addresses an issue with certain build configurations where OID_REGISTRY is not available as 'Reported-by: kernel test robot <lkp@intel.com>'. v6->v7: - Moved some OID defintions to patch 1 for bisectability - Applied R-b's v5->v6: - moved ecdsa code into its own module ecdsa_generic built from ecdsa.c - added script-generated test vectors for NIST P256 & P192 and all hashes - parsing of OID that contain header with new parse_oid() v4->v5: - registering crypto support under names ecdsa-nist-p256/p192 following Hubert Xu's suggestion in other thread - appended IMA ECDSA support patch v3->v4: - split off of ecdsa crypto part; registering akcipher as "ecdsa" and deriving used curve from digits in parsed key v2->v3: - patch 2 now includes linux/scatterlist.h v1->v2: - using faster vli_sub rather than newly added vli_mod_fast to 'reduce' result - rearranged switch statements to follow after RSA - 3rd patch from 1st posting is now 1st patch Saulo Alessandre (4): x509: Add OID for NIST P384 and extend parser for it crypto: Add NIST P384 curve parameters crypto: Add math to support fast NIST P384 ecdsa: Register NIST P384 and extend test suite Stefan Berger (5): crypto: Add support for ECDSA signature verification x509: Detect sm2 keys by their parameters OID x509: Add support for parsing x509 certs with ECDSA keys ima: Support EC keys for signature verification certs: Add support for using elliptic curve keys for signing modules certs/Kconfig | 22 ++ certs/Makefile | 14 + crypto/Kconfig | 10 + crypto/Makefile | 6 + crypto/asymmetric_keys/pkcs7_parser.c | 4 + crypto/asymmetric_keys/public_key.c | 4 +- crypto/asymmetric_keys/x509_cert_parser.c | 49 ++- crypto/asymmetric_keys/x509_public_key.c | 4 +- crypto/ecc.c | 281 +++++++++----- crypto/ecc.h | 31 +- crypto/ecc_curve_defs.h | 32 ++ crypto/ecdsa.c | 400 ++++++++++++++++++++ crypto/ecdsasignature.asn1 | 4 + crypto/testmgr.c | 18 + crypto/testmgr.h | 424 ++++++++++++++++++++++ include/crypto/ecdh.h | 1 + include/keys/asymmetric-type.h | 6 + include/linux/oid_registry.h | 10 +- lib/oid_registry.c | 13 + security/integrity/digsig_asymmetric.c | 30 +- 20 files changed, 1256 insertions(+), 107 deletions(-) create mode 100644 crypto/ecdsa.c create mode 100644 crypto/ecdsasignature.asn1