Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp4243820img; Tue, 26 Mar 2019 05:59:45 -0700 (PDT) X-Google-Smtp-Source: APXvYqylD5HC/emhZbB1bAu5ZSrRBgYSD10+EuhxrsTGE5R0N2kPZwgdzYxlkSTlFuEk+Qhu69ch X-Received: by 2002:a62:168a:: with SMTP id 132mr29201575pfw.155.1553605185475; Tue, 26 Mar 2019 05:59:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553605185; cv=none; d=google.com; s=arc-20160816; b=Uu9lLwPDdap9Q3rEFQlbCCij9Q7eA+q+E7i20obZjKOulftJn8OtQY+reUymDbnRhC ia92JCKrcjy+NbE8Wu/w/Uc3agrDmJuGMY4TrneE4u8lpNobi7+spFFvZNd0uP9kYlyf kXLFT90lu8cv4duUCLHppXB5EEeKSIgdCcWoueIw2IKxLsBOgP5Q5c9Gy8O+kHmrmUlC x0CzX8kZXD8ahPB2yNn7duc6S1m1vbV8QtXlcXi4wTATsL+vwh6jdONqJHo1dKmS9voQ ZR9c/lrPC4kwWhICYPrBmWU5Zd/AC7K6Fq5UIFR8hsTZNIsLEtF4q4MxejPYg1embgh3 b6Dw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:to:from; bh=vKAL7GxOW3uaT2iFJrcfP5zkJsdFwZT4SJWhzhOxDBc=; b=Z0FO8kwWNda6PeMldnZcaz4riyBf/dCq6X0t4iYdUY1qMsxZYbyI3jZ7A/jHh2LTxg /aWixKJHg9Oh9+zJVaOdj2EdmAHWNa3AnVviJGLtsrrEKKOFk7TnITBpt/Y5nnuCk8cm rpdAY15YUZKB+DNwqrf8XSB0VYYrcS18A5gJqjGFl1RRPKPSNyxFIjkPCKBkxd/yfhAh SFtfsZtlKrBjdqg7DtftgGOWdPlE4Gw0HwC3JY6UDTbOTz3y0Sc2V1RIb0RIYFhHgBoz YKp+yNMn+Kskku1cLObcugu3NUvc8ruz5XfpNOTytMtF7TQB3IpEioRw/1i84UOqOxHr hdsw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z72si6372091pgd.401.2019.03.26.05.59.29; Tue, 26 Mar 2019 05:59:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731530AbfCZM6y (ORCPT + 99 others); Tue, 26 Mar 2019 08:58:54 -0400 Received: from vmicros1.altlinux.org ([194.107.17.57]:44348 "EHLO vmicros1.altlinux.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726258AbfCZM6v (ORCPT ); Tue, 26 Mar 2019 08:58:51 -0400 Received: from imap.altlinux.org (imap.altlinux.org [194.107.17.38]) by vmicros1.altlinux.org (Postfix) with ESMTP id 8BD3072CCAC; Tue, 26 Mar 2019 15:58:48 +0300 (MSK) Received: from beacon.altlinux.org (unknown [185.6.174.98]) by imap.altlinux.org (Postfix) with ESMTPSA id 3EFA64A4AF1; Tue, 26 Mar 2019 15:58:47 +0300 (MSK) From: Vitaly Chikunov To: Herbert Xu , David Howells , Mimi Zohar , Dmitry Kasatkin , linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v8 00/10] crypto: add EC-RDSA (GOST 34.10) algorithm Date: Tue, 26 Mar 2019 15:58:32 +0300 Message-Id: <20190326125842.24110-1-vt@altlinux.org> X-Mailer: git-send-email 2.11.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patchset changes akcipher API to support ECDSA style signature verification, augments x509 parser to make it work with EC-RDSA certificates, and, finally, implements EC-RDSA (GOST 34.10) signature verification and its integration with IMA. Special request to Mimi Zohar and David Howells to Ack relevant commits, please. --- This patchset should be applied over cryptodev tree commit 4e5180eb3d4f Changes since v7: - Do not check callback validity in akcipher requests, instead define default callbacks on register, suggested by Herbert Xu. - Sanity checks in crypto_akcipher_maxsize are removed (not needed). - Sanity checks for `dst' and `dst_len' are removed from verify op (not needed in akcipher API and should be checked by a driver). - Patch "KEYS: report to keyctl only actually supported key ops" is removed, as it would affect user-space API. Changes since (v5-v6): - set_params API is removed in favor of appending parameters into a key stream, as requested by Herbert Xu. - verify op signature de-kmemdup'ed (as requested by David Howells) in separate patch (as requested by Herbert Xu). - Add forgotten ASN.1 parser files to EC-RDSA patch. - Tested on x86_64. Changes since v5: - Comparison of hash algo by enum id instead of text name, as suggested by Thiago Jung Bauermann and Mimi Zohar. Changes since RFC (v1-v4): - akcipher set_max_size, encrypt, decrypt, sign, verify callbacks may be undefined by the drivers, so their crypto_akcipher_* frontends check for their presence before passing the call. - supported_ops flags are set for keyctl, based on the presence of implemented akcipher callbacks. - Transition to verify2 API is abandoned because raw RSA does not need sign/verify ops at all, and we can switch to the new verify in one step. For this RSA backends have sign/verify ops removed as they should only be used (and actually used only) via PKCS1 driver. - Verify callback requires digest as the input parameter in src SGL, as suggested by Herbert Xu, (instead of a separate parameter, as it was in verify2). - For verify op signature is moved into kmalloc'd memory as suggested by Herbert Xu. - set_params API should be called before set_{pub,priv}_key, thus set_*_key knows everything it needs to set they key properly. Also, set_params made optional for back compatibility with RSA drivers. - Public-key cryptography section is created in Kconfig. - ecc.c is made into separate module object, to be used together by ECDH and EC-RDSA. - EC-RDSA parameters and public key are parsed using asn1_ber_decoder as suggested by Stephan Mueller and David Howells. - Test vectors are added and tests are passing. - Curves/parameters definitions are split from ecrdsa.c into ecrdsa_defs.h. - Integration with IMA in asymmetric_verify(). Userspace ima-evm-utils already have a patch in the queue to support this. Tested on x86_64. Vitaly Chikunov (10): crypto: akcipher - default implementations for request callbacks crypto: rsa - unimplement sign/verify for raw RSA backends crypto: akcipher - new verify API for public key algorithms KEYS: do not kmemdup digest in {public,tpm}_key_verify_signature X.509: parse public key parameters from x509 for akcipher crypto: Kconfig - create Public-key cryptography section crypto: ecc - make ecc into separate module crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm crypto: ecrdsa - add EC-RDSA test vectors to testmgr integrity: support EC-RDSA signatures for asymmetric_verify crypto/Kconfig | 63 ++-- crypto/Makefile | 10 +- crypto/akcipher.c | 14 + crypto/asymmetric_keys/asym_tpm.c | 77 +++-- crypto/asymmetric_keys/public_key.c | 105 ++++--- crypto/asymmetric_keys/x509.asn1 | 2 +- crypto/asymmetric_keys/x509_cert_parser.c | 57 +++- crypto/ecc.c | 417 +++++++++++++++++++++++++- crypto/ecc.h | 153 +++++++++- crypto/ecc_curve_defs.h | 15 - crypto/ecrdsa.c | 296 ++++++++++++++++++ crypto/ecrdsa_defs.h | 225 ++++++++++++++ crypto/ecrdsa_params.asn1 | 4 + crypto/ecrdsa_pub_key.asn1 | 1 + crypto/rsa-pkcs1pad.c | 33 +- crypto/rsa.c | 109 ------- crypto/testmgr.c | 80 +++-- crypto/testmgr.h | 159 ++++++++++ drivers/crypto/caam/caampkc.c | 2 - drivers/crypto/ccp/ccp-crypto-rsa.c | 2 - drivers/crypto/qat/qat_common/qat_asym_algs.c | 2 - include/crypto/akcipher.h | 54 ++-- include/crypto/public_key.h | 4 + include/linux/oid_registry.h | 18 ++ security/integrity/digsig_asymmetric.c | 11 +- 25 files changed, 1606 insertions(+), 307 deletions(-) create mode 100644 crypto/ecrdsa.c create mode 100644 crypto/ecrdsa_defs.h create mode 100644 crypto/ecrdsa_params.asn1 create mode 100644 crypto/ecrdsa_pub_key.asn1 -- 2.11.0