Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp3445761ybh; Mon, 16 Mar 2020 23:51:44 -0700 (PDT) X-Google-Smtp-Source: ADFU+vuCTYNsz4VfxdGZJ7v99qj+yf0akgqH2+OuM/YxUXH7drdnrgX+uRW8LSCovZ/A30FR9Pu5 X-Received: by 2002:aca:f183:: with SMTP id p125mr2514609oih.74.1584427904865; Mon, 16 Mar 2020 23:51:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584427904; cv=none; d=google.com; s=arc-20160816; b=TX6dQ5TMB2TuJgahgiY5IUolCTRlSQy9cWDQn/HK63pjSsDEMXYcEq+e8W8qycy+OL GWf6X9N7K537DoVMbQXaaHMaiEBmaOY6jNtStpDO8Lfuh9zJiBHV+m7d+YtPyP51ZtMM b+y4kOMWf/7EOdumvTgfsJ4HirNYzp9QpYxNSb29teAa/Sg8h7UZ5Kbuzbq5PgisZw/0 /PHZDrXkaWgv8S5St2S2bhfLmofHy9znivupu1p3XSJiLL9MFvlMsUhnjEvss/8cwov4 z5tZ/3rpy2/X2QTx79twOWBPXW+pc6mbfJ90ORqnX68uzMCUa/8f9MsR2QzwhbgOcV6F sgDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:in-reply-to :mime-version:user-agent:date:message-id:from:references:cc:to :subject; bh=c8YVXemlB/G+juhUu320DhzBuUSLR3xMBx4DnpF4o6s=; b=gUSRdhQkgHnjpfbVMCBd2m+meV8/6iCeKoqQ4A9CvQz4Pz4vBzxSIMLJro7nz2z+Is chz0Dmg+MWv32WG6IfTm3uU2iyxqahmLKYCWPhRsOvOTCII4WeKMS2cda1qIEaJCTmgn pdGq21BiY4PKl7S/MY78VyYKRfRFo30gAd/hMQd4j6jKyWbKxG0N7Fhk2Us8Hr8LPAkS jhJgHzlq3jkxLo4JAh4oIMJm9QuucajkxI2sM47j3DO2DuPab3/V9ltPsK4ceMJBhjuD SBIc3VWcEvZtrMWj4wRjVvKJDuajbuQtJNpCLk4u6xQzwZXsZDxXheIxd2bN9nHcbkg5 Xq9w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f18si1343451oti.289.2020.03.16.23.51.27; Mon, 16 Mar 2020 23:51:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725536AbgCQGvW (ORCPT + 99 others); Tue, 17 Mar 2020 02:51:22 -0400 Received: from out30-130.freemail.mail.aliyun.com ([115.124.30.130]:33049 "EHLO out30-130.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725928AbgCQGvW (ORCPT ); Tue, 17 Mar 2020 02:51:22 -0400 X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R721e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01f04391;MF=tianjia.zhang@linux.alibaba.com;NM=1;PH=DS;RN=8;SR=0;TI=SMTPD_---0TsrGYXe_1584427853; Received: from 30.27.116.176(mailfrom:tianjia.zhang@linux.alibaba.com fp:SMTPD_---0TsrGYXe_1584427853) by smtp.aliyun-inc.com(127.0.0.1); Tue, 17 Mar 2020 14:50:54 +0800 Subject: Re: [PATCH 7/7] X.509: support OSCCA sm2-with-sm3 certificate verification To: Gilad Ben-Yossef Cc: Herbert Xu , David Miller , Eric Biggers , "Van Leeuwen, Pascal" , zohar@linux.ibm.com, Linux Crypto Mailing List , Linux kernel mailing list References: <20200216085928.108838-1-tianjia.zhang@linux.alibaba.com> <20200216085928.108838-8-tianjia.zhang@linux.alibaba.com> From: Tianjia Zhang Message-ID: <40ed775a-064c-f483-4ab6-af2215e549e3@linux.alibaba.com> Date: Tue, 17 Mar 2020 14:50:53 +0800 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 2020/3/17 14:31, Gilad Ben-Yossef wrote: > Hi, > > On Sun, Feb 16, 2020 at 11:00 AM Tianjia Zhang > wrote: >> >> The digital certificate format based on SM2 crypto algorithm as >> specified in GM/T 0015-2012. It was published by State Encryption >> Management Bureau, China. >> >> The method of generating Other User Information is defined as >> ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA), it also >> specified in https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02. >> >> The x509 certificate supports sm2-with-sm3 type certificate >> verification. Because certificate verification requires ZA >> in addition to tbs data, ZA also depends on elliptic curve >> parameters and public key data, so you need to access tbs in sig >> and calculate ZA. Finally calculate the digest of the >> signature and complete the verification work. The calculation >> process of ZA is declared in specifications GM/T 0009-2012 >> and GM/T 0003.2-2012. >> >> Signed-off-by: Tianjia Zhang >> --- >> crypto/asymmetric_keys/public_key.c | 61 ++++++++++++++++++++++++ >> crypto/asymmetric_keys/x509_public_key.c | 2 + >> include/crypto/public_key.h | 1 + >> 3 files changed, 64 insertions(+) >> >> diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c >> index d7f43d4ea925..a51b09ee484d 100644 >> --- a/crypto/asymmetric_keys/public_key.c >> +++ b/crypto/asymmetric_keys/public_key.c >> @@ -17,6 +17,11 @@ >> #include >> #include >> #include > > hmmm... ifdefs like these are kind of ugly. > >> +#ifdef CONFIG_CRYPTO_SM2 >> +#include >> +#include >> +#include "x509_parser.h" >> +#endif >> >> MODULE_DESCRIPTION("In-software asymmetric public-key subtype"); >> MODULE_AUTHOR("Red Hat, Inc."); >> @@ -245,6 +250,54 @@ static int software_key_eds_op(struct kernel_pkey_params *params, >> return ret; >> } >> >> +#ifdef CONFIG_CRYPTO_SM2 >> +static int cert_sig_digest_update(const struct public_key_signature *sig, >> + struct crypto_akcipher *tfm_pkey) >> +{ >> + struct x509_certificate *cert = sig->cert; >> + struct crypto_shash *tfm; >> + struct shash_desc *desc; >> + size_t desc_size; >> + unsigned char dgst[SM3_DIGEST_SIZE]; >> + int ret; >> + >> + if (!cert) >> + return -EINVAL; >> + >> + ret = sm2_compute_z_digest(tfm_pkey, SM2_DEFAULT_USERID, >> + SM2_DEFAULT_USERID_LEN, dgst); >> + if (ret) >> + return ret; >> + >> + tfm = crypto_alloc_shash(sig->hash_algo, 0, 0); >> + if (IS_ERR(tfm)) >> + return PTR_ERR(tfm); >> + >> + desc_size = crypto_shash_descsize(tfm) + sizeof(*desc); >> + desc = kzalloc(desc_size, GFP_KERNEL); >> + if (!desc) >> + goto error_free_tfm; >> + >> + desc->tfm = tfm; >> + >> + ret = crypto_shash_init(desc); >> + if (ret < 0) >> + goto error_free_desc; >> + >> + ret = crypto_shash_update(desc, dgst, SM3_DIGEST_SIZE); >> + if (ret < 0) >> + goto error_free_desc; >> + >> + ret = crypto_shash_finup(desc, cert->tbs, cert->tbs_size, sig->digest); >> + >> +error_free_desc: >> + kfree(desc); >> +error_free_tfm: >> + crypto_free_shash(tfm); >> + return ret; >> +} >> +#endif >> + >> /* >> * Verify a signature using a public key. >> */ >> @@ -298,6 +351,14 @@ int public_key_verify_signature(const struct public_key *pkey, >> if (ret) >> goto error_free_key; >> > > OK, how about you put cert_sig_digest_update() in a separate file that > only gets compiled with CONFIG_CRYPTO_SM2 and have a static inline > version that returns -ENOTSUPP otherwise? > or at least something in this spirit. > Done right it will allow you to drop the ifdefs and make for a much > cleaner code. > >> +#ifdef CONFIG_CRYPTO_SM2 >> + if (strcmp(sig->pkey_algo, "sm2") == 0) { >> + ret = cert_sig_digest_update(sig, tfm); >> + if (ret) >> + goto error_free_key; >> + } >> +#endif >> + >> sg_init_table(src_sg, 2); >> sg_set_buf(&src_sg[0], sig->s, sig->s_size); >> sg_set_buf(&src_sg[1], sig->digest, sig->digest_size); >> diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c >> index d964cc82b69c..feccec08b244 100644 >> --- a/crypto/asymmetric_keys/x509_public_key.c >> +++ b/crypto/asymmetric_keys/x509_public_key.c >> @@ -30,6 +30,8 @@ int x509_get_sig_params(struct x509_certificate *cert) >> >> pr_devel("==>%s()\n", __func__); >> >> + sig->cert = cert; >> + >> if (!cert->pub->pkey_algo) >> cert->unsupported_key = true; >> >> diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h >> index 0588ef3bc6ff..27775e617e38 100644 >> --- a/include/crypto/public_key.h >> +++ b/include/crypto/public_key.h >> @@ -44,6 +44,7 @@ struct public_key_signature { >> const char *pkey_algo; >> const char *hash_algo; >> const char *encoding; >> + void *cert; /* For certificate */ >> }; >> >> extern void public_key_signature_free(struct public_key_signature *sig); >> -- >> 2.17.1 >> > > Hi, Thanks for your suggestion, it is indeed appropriate to unify the SM2 implementation with the public code, I will implement it. Thanks, Tianjia