Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp1952663ybf; Sun, 1 Mar 2020 22:28:29 -0800 (PST) X-Google-Smtp-Source: ADFU+vudqua73IVcu9IZTtkmnObWitnuWupzmwU0+0koAU3Suvstq7hVvaE8oXw1CNxelZw8sdtB X-Received: by 2002:a9d:7d04:: with SMTP id v4mr2421098otn.308.1583130509108; Sun, 01 Mar 2020 22:28:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583130509; cv=none; d=google.com; s=arc-20160816; b=ouFA9GotOJPX7HdWoomJDQdpAh9dgotkQiZtdK31U7sqQWlM0n2AY+u9lNfSqjxtyJ aJANkLZk+csaRjrmQkRZpp6aZtldTNQ0sW0dp9s9Bh5KlS8/l0KaA6/jP4/VsVu04Vq2 Jg6/fjI6LnPfw2nfjQTSdl8JV5hlLawKgVBWAYi1YSDrc5bWrUkcFHorHmiSmRi04nQq KekisPL5KHbY6vEeuwV13pCVE1mPnYTx93vG0LnV8vDXswmkCzXFdu1PnSvINBzEovmy u5VaJCyH3/sS0mnp7RJgoO95HioQjuei9ZpVUXp8XFGkkpr0nJRfw+KLTfoLy6TUoUjA czvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:in-reply-to :mime-version:user-agent:date:message-id:references:cc:to:from :subject; bh=TGF0c/HxvRIZtGkAmWlGeBFcMAPzH7Pn6uhXXUb2BeM=; b=XcA0SW9A0OmDW0gPCsB6fWsUilmX8rTwyrVwhZQ/e5bquDALigX0mwLh9NLuFsp7Ct xj/6sVoThFn9Y4r8E5h1UbKOoq/IEBb0Qfji/D5owLYcrMMwsxPRlpzHxFC7Lpa0bBoi +bjzPr7Pch79n0WNQz3H98An9ZfpFyaVGPqv9HOMv3sVARKY+FQpYwB5hKEs2E9rUxSd MVPsiR1JMjh170lK0ofADDVu/pkjJX7Y79XEwrcv6np1PiGBTIoTxH0XDolfp9CO6tTw 6YeyLDajE0WVFSz700YS/iieBl48oOdz8u2ay9LIMOxYi5qWHY5+JmJTJD3FYDdE0/CP xZaQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f18si6415642oti.289.2020.03.01.22.28.16; Sun, 01 Mar 2020 22:28:28 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726390AbgCBG2P (ORCPT + 99 others); Mon, 2 Mar 2020 01:28:15 -0500 Received: from out30-132.freemail.mail.aliyun.com ([115.124.30.132]:41503 "EHLO out30-132.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725446AbgCBG2P (ORCPT ); Mon, 2 Mar 2020 01:28:15 -0500 X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R481e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e04407;MF=tianjia.zhang@linux.alibaba.com;NM=1;PH=DS;RN=14;SR=0;TI=SMTPD_---0TrMqUGR_1583130473; Received: from 30.25.170.53(mailfrom:tianjia.zhang@linux.alibaba.com fp:SMTPD_---0TrMqUGR_1583130473) by smtp.aliyun-inc.com(127.0.0.1); Mon, 02 Mar 2020 14:28:10 +0800 Subject: Re: [PATCH] Introduce OSCCA certificate and SM2 asymmetric algorithm From: Tianjia Zhang To: herbert@gondor.apana.org.au, davem@davemloft.net, ebiggers@kernel.org, pvanleeuwen@rambus.com, zohar@linux.ibm.com, dmitry.kasatkin@intel.com, penguin-kernel@I-love.SAKURA.ne.jp, jmorris@namei.org, rusty@rustcorp.com.au, nicstange@gmail.com, tadeusz.struk@intel.com, gilad@benyossef.com Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org References: <20200216085928.108838-1-tianjia.zhang@linux.alibaba.com> Message-ID: Date: Mon, 2 Mar 2020 14:27:53 +0800 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 MIME-Version: 1.0 In-Reply-To: <20200216085928.108838-1-tianjia.zhang@linux.alibaba.com> Content-Type: text/plain; charset=gbk; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 2020/2/16 16:59, Tianjia Zhang wrote: > Hello all, > > This new module implement the OSCCA certificate and SM2 public key > algorithm. It was published by State Encryption Management Bureau, China. > List of specifications for OSCCA certificate and SM2 elliptic curve > public key cryptography: > > * GM/T 0003.1-2012 > * GM/T 0003.2-2012 > * GM/T 0003.3-2012 > * GM/T 0003.4-2012 > * GM/T 0003.5-2012 > * GM/T 0015-2012 > * GM/T 0009-2012 > > IETF: https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 > oscca: http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml > scctc: http://www.gmbz.org.cn/main/bzlb.html > > These patchs add the OID object identifier defined by OSCCA. The > x509 certificate supports sm2-with-sm3 type certificate parsing > and verification. > > The sm2 algorithm is based on libgcrypt's mpi implementation, and has > made some additions to the kernel's original mpi library, and added the > implementation of ec to better support elliptic curve-like algorithms. > > sm2 has good support in both openssl and gnupg projects, and sm3 and sm4 > of the OSCCA algorithm family have also been implemented in the kernel. > > Signed-off-by: Tianjia Zhang > > Thanks, > Tianjia > Hello all, This is the review request. The OSCCA certificate and related algorithms used to verify the certificate are newly introduced. Among them, sm3 and sm4 have been well implemented in the kernel. This group of patches has newly introduced sm2. In order to implement sm2 more perfectly, I expanded the mpi library and introduced the ec implementation of the mpi library as the basic algorithm. Compared to the kernel's crypto/ecc.c, the implementation of mpi/ec.c is more complete and elegant, sm2 is implemented based on these algorithms. At this point, the kernel can parse and verify sm2-with-sm3 certificates normally. Thanks, Tianjia