Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp1685479ybb; Thu, 2 Apr 2020 05:37:35 -0700 (PDT) X-Google-Smtp-Source: APiQypIw88xMvyNuw2XSx561kFZ54Cgn6/UV/HY8Mre1ySswflxvHOglhFTfzhaAq4s2IixvT4bR X-Received: by 2002:a05:6830:1aca:: with SMTP id r10mr1943632otc.330.1585831055600; Thu, 02 Apr 2020 05:37:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585831055; cv=none; d=google.com; s=arc-20160816; b=uAGSo9qKY/JJfPKt+NREZy1PLwWGdOXStRSfqJjeR0m4IebLLi5fUF9ddq/0+LFp8E FzXuF9sE1YW7ZgSU6DqfoaPDzi43zOUYAqJYKQ/P3oq/qzYBznQMei8o0IPTZFBGFJJT gx7l+83fOPnILw4OPBGu4GYyZFqiWTgxxWlPwXykL1QpmXd1a7eXG9yTm5Il2RbeAvJL 4k1uuR+sJNO1fFBAVSXTHKO190nY8my4MXHDwiuyfHepOXB8CX3OcL1zK6As561IkInh +NBHzZ3yKvGPrCtEJm62shakceMmlXtEFmcXiFiaomLHYGu6FP8O2jTascG+W9PVzYOe iQHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=+/RDhwZN1wyrhjqYsMq3HWpgEBcJv/KxonukEHhoo6g=; b=THUIwh4aE6Fjx57WZODGg/NEFT0xavjgP/UVpgPvmr+gz8ubKOHAtK9E/kTYH8Qxqe A0LowphD4NDZfYisWx7ZwA/tjDyyXtPeCrSlXAjPoRh2aF3LxiPiMFcBuPPVL2AqmT6X UktuBsA7hlKqwkeH82l7YVtI+9AbzukNuwBv8Q+3d+nZ0SdxxaxML/9zQwJpyNedlk/O yTsQgUWtTMRF35b2Zx5c6SQ26WzF3H/dv+uJhm8LHHuUk67yOTsWx5To3deyfa+dbp0Z gjwF9cwhOLsCEq2gZa2Nam2t8GIorf0sfPnJcjdzDHNlpGwXOUAORkPSnAe4897NpKol 04/w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z22si2233670oto.237.2020.04.02.05.37.23; Thu, 02 Apr 2020 05:37:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388277AbgDBMg5 (ORCPT + 99 others); Thu, 2 Apr 2020 08:36:57 -0400 Received: from out30-132.freemail.mail.aliyun.com ([115.124.30.132]:55866 "EHLO out30-132.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388199AbgDBMg4 (ORCPT ); Thu, 2 Apr 2020 08:36:56 -0400 X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R521e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e01419;MF=tianjia.zhang@linux.alibaba.com;NM=1;PH=DS;RN=17;SR=0;TI=SMTPD_---0TuQbXJR_1585830910; Received: from localhost(mailfrom:tianjia.zhang@linux.alibaba.com fp:SMTPD_---0TuQbXJR_1585830910) by smtp.aliyun-inc.com(127.0.0.1); Thu, 02 Apr 2020 20:35:10 +0800 From: Tianjia Zhang To: herbert@gondor.apana.org.au, davem@davemloft.net, ebiggers@kernel.org, ebiggers@google.com, pvanleeuwen@rambus.com, zohar@linux.ibm.com, gilad@benyossef.com, jarkko.sakkinen@linux.intel.com, dmitry.kasatkin@intel.com, nicstange@gmail.com, tadeusz.struk@intel.com, jmorris@namei.org, serge@hallyn.com, zhang.jia@linux.alibaba.com Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, tianjia.zhang@linux.alibaba.com Subject: [PATCH v2 7/7] X.509: support OSCCA sm2-with-sm3 certificate verification Date: Thu, 2 Apr 2020 20:35:04 +0800 Message-Id: <20200402123504.84628-8-tianjia.zhang@linux.alibaba.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200402123504.84628-1-tianjia.zhang@linux.alibaba.com> References: <20200402123504.84628-1-tianjia.zhang@linux.alibaba.com> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The digital certificate format based on SM2 crypto algorithm as specified in GM/T 0015-2012. It was published by State Encryption Management Bureau, China. The method of generating Other User Information is defined as ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA), it also specified in https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02. The x509 certificate supports sm2-with-sm3 type certificate verification. Because certificate verification requires ZA in addition to tbs data, ZA also depends on elliptic curve parameters and public key data, so you need to access tbs in sig and calculate ZA. Finally calculate the digest of the signature and complete the verification work. The calculation process of ZA is declared in specifications GM/T 0009-2012 and GM/T 0003.2-2012. Signed-off-by: Tianjia Zhang --- crypto/asymmetric_keys/Makefile | 1 + crypto/asymmetric_keys/public_key.c | 6 +++ crypto/asymmetric_keys/public_key_sm2.c | 59 ++++++++++++++++++++++++ crypto/asymmetric_keys/x509_public_key.c | 2 + include/crypto/public_key.h | 14 ++++++ 5 files changed, 82 insertions(+) create mode 100644 crypto/asymmetric_keys/public_key_sm2.c diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile index 28b91adba2ae..d499367dd253 100644 --- a/crypto/asymmetric_keys/Makefile +++ b/crypto/asymmetric_keys/Makefile @@ -11,6 +11,7 @@ asymmetric_keys-y := \ signature.o obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o +obj-$(CONFIG_CRYPTO_SM2) += public_key_sm2.o obj-$(CONFIG_ASYMMETRIC_TPM_KEY_SUBTYPE) += asym_tpm.o # diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index d7f43d4ea925..7283ddb7c5e2 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -298,6 +298,12 @@ int public_key_verify_signature(const struct public_key *pkey, if (ret) goto error_free_key; + if (strcmp(sig->pkey_algo, "sm2") == 0) { + ret = cert_sig_digest_update(sig, tfm); + if (ret) + goto error_free_key; + } + sg_init_table(src_sg, 2); sg_set_buf(&src_sg[0], sig->s, sig->s_size); sg_set_buf(&src_sg[1], sig->digest, sig->digest_size); diff --git a/crypto/asymmetric_keys/public_key_sm2.c b/crypto/asymmetric_keys/public_key_sm2.c new file mode 100644 index 000000000000..d7f144e53f41 --- /dev/null +++ b/crypto/asymmetric_keys/public_key_sm2.c @@ -0,0 +1,59 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * asymmetric public-key algorithm for SM2-with-SM3 certificate + * as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012 SM2 and + * described at https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 + * + * Copyright (c) 2020, Alibaba Group. + * Authors: Tianjia Zhang + */ + +#include +#include +#include "x509_parser.h" + +int cert_sig_digest_update(const struct public_key_signature *sig, + struct crypto_akcipher *tfm_pkey) +{ + struct x509_certificate *cert = sig->cert; + struct crypto_shash *tfm; + struct shash_desc *desc; + size_t desc_size; + unsigned char dgst[SM3_DIGEST_SIZE]; + int ret; + + if (!cert) + return -EINVAL; + + ret = sm2_compute_z_digest(tfm_pkey, SM2_DEFAULT_USERID, + SM2_DEFAULT_USERID_LEN, dgst); + if (ret) + return ret; + + tfm = crypto_alloc_shash(sig->hash_algo, 0, 0); + if (IS_ERR(tfm)) + return PTR_ERR(tfm); + + desc_size = crypto_shash_descsize(tfm) + sizeof(*desc); + desc = kzalloc(desc_size, GFP_KERNEL); + if (!desc) + goto error_free_tfm; + + desc->tfm = tfm; + + ret = crypto_shash_init(desc); + if (ret < 0) + goto error_free_desc; + + ret = crypto_shash_update(desc, dgst, SM3_DIGEST_SIZE); + if (ret < 0) + goto error_free_desc; + + ret = crypto_shash_finup(desc, cert->tbs, cert->tbs_size, sig->digest); + +error_free_desc: + kfree(desc); +error_free_tfm: + crypto_free_shash(tfm); + return ret; +} diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c index 7f0af584dc0c..4553619ea01d 100644 --- a/crypto/asymmetric_keys/x509_public_key.c +++ b/crypto/asymmetric_keys/x509_public_key.c @@ -30,6 +30,8 @@ int x509_get_sig_params(struct x509_certificate *cert) pr_devel("==>%s()\n", __func__); + sig->cert = cert; + if (!cert->pub->pkey_algo) cert->unsupported_key = true; diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h index 0588ef3bc6ff..4bf007424f56 100644 --- a/include/crypto/public_key.h +++ b/include/crypto/public_key.h @@ -12,6 +12,7 @@ #include #include +#include /* * Cryptographic data for the public-key subtype of the asymmetric key type. @@ -44,6 +45,7 @@ struct public_key_signature { const char *pkey_algo; const char *hash_algo; const char *encoding; + void *cert; /* For certificate */ }; extern void public_key_signature_free(struct public_key_signature *sig); @@ -81,4 +83,16 @@ extern int verify_signature(const struct key *, int public_key_verify_signature(const struct public_key *pkey, const struct public_key_signature *sig); +#ifdef CONFIG_CRYPTO_SM2 +int cert_sig_digest_update(const struct public_key_signature *sig, + struct crypto_akcipher *tfm_pkey); +#else +static inline +int cert_sig_digest_update(const struct public_key_signature *sig, + struct crypto_akcipher *tfm_pkey) +{ + return -ENOTSUPP; +} +#endif + #endif /* _LINUX_PUBLIC_KEY_H */ -- 2.17.1