Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp3593586ybv; Sun, 16 Feb 2020 01:01:59 -0800 (PST) X-Google-Smtp-Source: APXvYqxSdb/Q+29VExm8tLsSvStN529QKlAE00DsOUwE02kWnO/wOeSVNPtLVRW1q7lNccZnUAyC X-Received: by 2002:a05:6830:1d55:: with SMTP id p21mr8228656oth.145.1581843719139; Sun, 16 Feb 2020 01:01:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581843719; cv=none; d=google.com; s=arc-20160816; b=N4+L2/LVe2sBw0rKx9bCJLNA2G6iZAjECUOnpAETWZ8qzAES49YIzr5js4mThPf3Oe ucS2ufMuHWmjtGu25n46S+wwqhiA6rhxvQo92GCzynf3c7qS6v6QBKzJ8nhQFU7V3jnV ftK1NngeUXlpmosIvMopRQZ+vGrAKsHOqFgIkXAE/phBkbJjipVs6o68SO7KHgnHU+Zl Q837mMd/QX6AUWAiJNT3AInON0v4mbD2zhS/aWUvDBwSdTpJe53OO6FBPEA4bHJfW5nM H8cK8eA45hz2xZ8LMqhIbSfCMD8xOBBTm51FA6mzO2u8m6YLdvmPaKjgTNR6Tm2xdj0q 0jZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=dY3emaHphsKethEhYj+d3OHn6MUnUg+1zXEwO6qOekg=; b=ukji4ViSRjTMdXWO7x/Ht0t171EYs/VSlKK2of7mMgwbpy32kadUtXCn694WMchpku 3I4Pa3O7Z6UcJeaSfcG+8oOwmta1FgXa8ox89EFQ1nAMPGBo4wzQRBnmjQKSsim109U6 8bIbJan4eMVQ6JLk/vbLwSlrqnPKmEUZ/7oCmxnuorPdKZpxCYlxi7BJ0Y8Wi9AIwpdo 5jFmBN+f3h+giPb4iiCVLNsRlaTg3WD6fffdU7rtMZrAfDLK5dPh1oA5ET24mq39VGna c8EGVKjuUvOu7b0dXI+tjoKHIvnOgq1OmAJ1cvcoNkI1nRYMRLJ1msayF25ZZiOJWdVA X0cg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r22si5309299otn.192.2020.02.16.01.01.46; Sun, 16 Feb 2020 01:01:59 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726787AbgBPJAL (ORCPT + 99 others); Sun, 16 Feb 2020 04:00:11 -0500 Received: from out30-45.freemail.mail.aliyun.com ([115.124.30.45]:54952 "EHLO out30-45.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726222AbgBPJAK (ORCPT ); Sun, 16 Feb 2020 04:00:10 -0500 X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R221e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01f04455;MF=tianjia.zhang@linux.alibaba.com;NM=1;PH=DS;RN=7;SR=0;TI=SMTPD_---0Tq4XVIu_1581843596; Received: from localhost(mailfrom:tianjia.zhang@linux.alibaba.com fp:SMTPD_---0Tq4XVIu_1581843596) by smtp.aliyun-inc.com(127.0.0.1); Sun, 16 Feb 2020 16:59:57 +0800 From: Tianjia Zhang To: herbert@gondor.apana.org.au, davem@davemloft.net, ebiggers@kernel.org, pvanleeuwen@rambus.com, zohar@linux.ibm.com Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 7/7] X.509: support OSCCA sm2-with-sm3 certificate verification Date: Sun, 16 Feb 2020 16:59:28 +0800 Message-Id: <20200216085928.108838-8-tianjia.zhang@linux.alibaba.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200216085928.108838-1-tianjia.zhang@linux.alibaba.com> References: <20200216085928.108838-1-tianjia.zhang@linux.alibaba.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The digital certificate format based on SM2 crypto algorithm as specified in GM/T 0015-2012. It was published by State Encryption Management Bureau, China. The method of generating Other User Information is defined as ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA), it also specified in https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02. The x509 certificate supports sm2-with-sm3 type certificate verification. Because certificate verification requires ZA in addition to tbs data, ZA also depends on elliptic curve parameters and public key data, so you need to access tbs in sig and calculate ZA. Finally calculate the digest of the signature and complete the verification work. The calculation process of ZA is declared in specifications GM/T 0009-2012 and GM/T 0003.2-2012. Signed-off-by: Tianjia Zhang --- crypto/asymmetric_keys/public_key.c | 61 ++++++++++++++++++++++++ crypto/asymmetric_keys/x509_public_key.c | 2 + include/crypto/public_key.h | 1 + 3 files changed, 64 insertions(+) diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index d7f43d4ea925..a51b09ee484d 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -17,6 +17,11 @@ #include #include #include +#ifdef CONFIG_CRYPTO_SM2 +#include +#include +#include "x509_parser.h" +#endif MODULE_DESCRIPTION("In-software asymmetric public-key subtype"); MODULE_AUTHOR("Red Hat, Inc."); @@ -245,6 +250,54 @@ static int software_key_eds_op(struct kernel_pkey_params *params, return ret; } +#ifdef CONFIG_CRYPTO_SM2 +static int cert_sig_digest_update(const struct public_key_signature *sig, + struct crypto_akcipher *tfm_pkey) +{ + struct x509_certificate *cert = sig->cert; + struct crypto_shash *tfm; + struct shash_desc *desc; + size_t desc_size; + unsigned char dgst[SM3_DIGEST_SIZE]; + int ret; + + if (!cert) + return -EINVAL; + + ret = sm2_compute_z_digest(tfm_pkey, SM2_DEFAULT_USERID, + SM2_DEFAULT_USERID_LEN, dgst); + if (ret) + return ret; + + tfm = crypto_alloc_shash(sig->hash_algo, 0, 0); + if (IS_ERR(tfm)) + return PTR_ERR(tfm); + + desc_size = crypto_shash_descsize(tfm) + sizeof(*desc); + desc = kzalloc(desc_size, GFP_KERNEL); + if (!desc) + goto error_free_tfm; + + desc->tfm = tfm; + + ret = crypto_shash_init(desc); + if (ret < 0) + goto error_free_desc; + + ret = crypto_shash_update(desc, dgst, SM3_DIGEST_SIZE); + if (ret < 0) + goto error_free_desc; + + ret = crypto_shash_finup(desc, cert->tbs, cert->tbs_size, sig->digest); + +error_free_desc: + kfree(desc); +error_free_tfm: + crypto_free_shash(tfm); + return ret; +} +#endif + /* * Verify a signature using a public key. */ @@ -298,6 +351,14 @@ int public_key_verify_signature(const struct public_key *pkey, if (ret) goto error_free_key; +#ifdef CONFIG_CRYPTO_SM2 + if (strcmp(sig->pkey_algo, "sm2") == 0) { + ret = cert_sig_digest_update(sig, tfm); + if (ret) + goto error_free_key; + } +#endif + sg_init_table(src_sg, 2); sg_set_buf(&src_sg[0], sig->s, sig->s_size); sg_set_buf(&src_sg[1], sig->digest, sig->digest_size); diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c index d964cc82b69c..feccec08b244 100644 --- a/crypto/asymmetric_keys/x509_public_key.c +++ b/crypto/asymmetric_keys/x509_public_key.c @@ -30,6 +30,8 @@ int x509_get_sig_params(struct x509_certificate *cert) pr_devel("==>%s()\n", __func__); + sig->cert = cert; + if (!cert->pub->pkey_algo) cert->unsupported_key = true; diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h index 0588ef3bc6ff..27775e617e38 100644 --- a/include/crypto/public_key.h +++ b/include/crypto/public_key.h @@ -44,6 +44,7 @@ struct public_key_signature { const char *pkey_algo; const char *hash_algo; const char *encoding; + void *cert; /* For certificate */ }; extern void public_key_signature_free(struct public_key_signature *sig); -- 2.17.1