Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp1383027pxk; Sun, 13 Sep 2020 00:13:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxpUklTOdARvSaX/tNQBfX0WzJl1l0M2+EcdXSmO8N1AMa6W4+6Pz7d43PUTSjB0GLwaGc6 X-Received: by 2002:a17:906:4cd6:: with SMTP id q22mr8975098ejt.139.1599981199945; Sun, 13 Sep 2020 00:13:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599981199; cv=none; d=google.com; s=arc-20160816; b=bdM9z3TIYLGwaIbEj8IzdvnOgj3ZcQL3Ee0dftz/4hs1VBFeu+SIC05hABv5vyZYA1 KATUiVwfWHpblqQlw84Po/TU6pytb4DzGWDUTtzeOPgAqU8yTXGLFSwAkVAVMEX7d834 7fmVKiJNCc+QqxKmKsf+/3EpCuIZuJpYkAzDKgTks6wo/lmnbm8RBybZIcY8qap1rdvE eQpQ6MIkjjl4QkBmzhLgRGdDwKDc/vWu3ql3vrzqETdbNFW9PfetUNy84aT4y7C9tNvN yhgCM/3ewvoPqEysE+QF/jB3Jh4/SwxCfmBThdy12r6h6yAdRVda84t5JoQ9KCGC7G62 3/ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=GvZM5rf5aV2Zc9VWGMundiwBvF5h3OlvoOB40Du6TQg=; b=wpLoWJr7LjDsmXfk8Mle+KoAUdoRevGl2ArMWl/XTH5r6eogBw7ypW7LohIcnm48xY 0xchDCK8gkLihlvTWTIO/JEbtdVXR+Ui7mVTyrBfKfaHeoG4Ccn+/wNGPT2ChA2GuA3r ooJ5cWT36EJ73wv7/6c84sCn1ynh+so+HYG44IPAiDZYjTyiFwWRQ3imEWatCSR8qbz5 WmW4znGked8vuZdMHapYseO5YANtIGDzcfw1p0SF00ez2ha8HLAg5F5WIUthN5lEmI41 LZD687xPWQ6o8LJf+mcHOoDh9v7S0QExlYi1uqdGrQuX+GCSk88KNWx6p2+9xS/2/UOC 1sfw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@benyossef-com.20150623.gappssmtp.com header.s=20150623 header.b=GBJWFNVx; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id jz13si859168ejb.120.2020.09.13.00.12.42; Sun, 13 Sep 2020 00:13:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@benyossef-com.20150623.gappssmtp.com header.s=20150623 header.b=GBJWFNVx; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725913AbgIMHMY (ORCPT + 99 others); Sun, 13 Sep 2020 03:12:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60926 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725902AbgIMHMU (ORCPT ); Sun, 13 Sep 2020 03:12:20 -0400 Received: from mail-pj1-x1044.google.com (mail-pj1-x1044.google.com [IPv6:2607:f8b0:4864:20::1044]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4EA06C061574 for ; Sun, 13 Sep 2020 00:12:20 -0700 (PDT) Received: by mail-pj1-x1044.google.com with SMTP id b17so3750591pji.1 for ; Sun, 13 Sep 2020 00:12:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=benyossef-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=GvZM5rf5aV2Zc9VWGMundiwBvF5h3OlvoOB40Du6TQg=; b=GBJWFNVxqHqk8jJElMjtWuriXVh3KdRKD5z/H0647c5ofUOkKOUvZPk7bXkwivl27h kHaEzoRCdHCaJiD1s32VXjF0WiBIZGmfcvxBDRXJsupT6WuH9y0ID5oNBeMEc8TAaiPu fUWNMO27vFop6ZrqR3d3GRwcJUdikIU8ONh+XwVlLe1M19I4KJHcBXFmC5sdHEz4WeLq YuHCfJjto3cY443Y5hiAAd/w3CfRXkAWIvf1mXcRM7MVfzfRMj9VY/LnOqlpl3UYGgZ7 RtMK3BO9f9KOM1Bf5MSkWI04pPKpjoHBQVNXdM67/60WBiC+q7ODpbKhMkcXazNdyDR1 Wqpw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=GvZM5rf5aV2Zc9VWGMundiwBvF5h3OlvoOB40Du6TQg=; b=KAqPt3PX30t/rvlmQDghmcGwh7/DBVX/qxsIR8e0gGB9adZspjPVUiTbQy9ruU2Y0z ML4FHAPGwA9NDI0yjutALe9IP5p7THYeKfk2p+CEsh7VrdqrOhPtJJ2NehZKbdrzcCCV DuSYBvovSIzZUxe9j8xv+nnd2NOR1Nx6224ggy3Smksgj16kOPQeR6AxyhNe85M1ozHu N0kx8lAU6N8YLRwJTXdBWydHVKsqpBwyZxrk/9Pwn0ntwcN6DxjaIbhrkDKryIbh2N8k YTYtTI3JHrIOoiFskh/0186fw5O0tK1zKpFNR8MzLER8N2TkCTwpFmclaiXfNKGV1Aon tToA== X-Gm-Message-State: AOAM532KLL2y4fehuDeka9uqpE/0Fk1UoHy6f3Lqx9Ns77EAsA/fIeSz eJ5FPTo7DqAetdP+vXs+xcPdEpaaBIPaWDC404djgA== X-Received: by 2002:a17:90a:e609:: with SMTP id j9mr8481445pjy.129.1599981139628; Sun, 13 Sep 2020 00:12:19 -0700 (PDT) MIME-Version: 1.0 References: <20200903131242.128665-1-tianjia.zhang@linux.alibaba.com> <20200903131242.128665-8-tianjia.zhang@linux.alibaba.com> In-Reply-To: <20200903131242.128665-8-tianjia.zhang@linux.alibaba.com> From: Gilad Ben-Yossef Date: Sun, 13 Sep 2020 10:12:09 +0300 Message-ID: Subject: Re: [PATCH v6 7/8] X.509: support OSCCA sm2-with-sm3 certificate verification To: Tianjia Zhang Cc: Herbert Xu , "David S. Miller" , David Howells , Maxime Coquelin , Alexandre Torgue , James Morris , "Serge E. Hallyn" , Stephan Mueller , Marcelo Henrique Cerri , "Steven Rostedt (VMware)" , Masahiro Yamada , Brendan Higgins , Andrew Morton , Johannes Weiner , Waiman Long , Mimi Zohar , Lakshmi Ramasubramanian , Colin Ian King , Tushar Sugandhi , Vitaly Chikunov , Pascal van Leeuwen , Linux Crypto Mailing List , Linux kernel mailing list , keyrings@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com, Linux ARM , linux-security-module@vger.kernel.org, Xufeng Zhang , Jia Zhang Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hi, On Thu, Sep 3, 2020 at 4:13 PM Tianjia Zhang wrote: > > The digital certificate format based on SM2 crypto algorithm as > specified in GM/T 0015-2012. It was published by State Encryption > Management Bureau, China. > > The method of generating Other User Information is defined as > ZA=3DH256(ENTLA || IDA || a || b || xG || yG || xA || yA), it also > specified in https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02. > > The x509 certificate supports sm2-with-sm3 type certificate > verification. Because certificate verification requires ZA > in addition to tbs data, ZA also depends on elliptic curve > parameters and public key data, so you need to access tbs in sig > and calculate ZA. Finally calculate the digest of the > signature and complete the verification work. The calculation > process of ZA is declared in specifications GM/T 0009-2012 > and GM/T 0003.2-2012. > > Signed-off-by: Tianjia Zhang > Tested-by: Xufeng Zhang > --- > crypto/asymmetric_keys/Makefile | 1 + > crypto/asymmetric_keys/public_key.c | 6 +++ > crypto/asymmetric_keys/public_key_sm2.c | 61 ++++++++++++++++++++++++ > crypto/asymmetric_keys/x509_public_key.c | 3 ++ > include/crypto/public_key.h | 15 ++++++ > 5 files changed, 86 insertions(+) > create mode 100644 crypto/asymmetric_keys/public_key_sm2.c > > diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Mak= efile > index 28b91adba2ae..1a99ea5acb6b 100644 > --- a/crypto/asymmetric_keys/Makefile > +++ b/crypto/asymmetric_keys/Makefile > @@ -11,6 +11,7 @@ asymmetric_keys-y :=3D \ > signature.o > > obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) +=3D public_key.o > +obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) +=3D public_key_sm2.o > obj-$(CONFIG_ASYMMETRIC_TPM_KEY_SUBTYPE) +=3D asym_tpm.o > > # > diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys= /public_key.c > index d8410ffd7f12..1d0492098bbd 100644 > --- a/crypto/asymmetric_keys/public_key.c > +++ b/crypto/asymmetric_keys/public_key.c > @@ -299,6 +299,12 @@ int public_key_verify_signature(const struct public_= key *pkey, > if (ret) > goto error_free_key; > > + if (strcmp(sig->pkey_algo, "sm2") =3D=3D 0 && sig->data_size) { > + ret =3D cert_sig_digest_update(sig, tfm); > + if (ret) > + goto error_free_key; > + } > + > sg_init_table(src_sg, 2); > sg_set_buf(&src_sg[0], sig->s, sig->s_size); > sg_set_buf(&src_sg[1], sig->digest, sig->digest_size); > diff --git a/crypto/asymmetric_keys/public_key_sm2.c b/crypto/asymmetric_= keys/public_key_sm2.c > new file mode 100644 > index 000000000000..7325cf21dbb4 > --- /dev/null > +++ b/crypto/asymmetric_keys/public_key_sm2.c > @@ -0,0 +1,61 @@ > +/* SPDX-License-Identifier: GPL-2.0-or-later */ > +/* > + * asymmetric public-key algorithm for SM2-with-SM3 certificate > + * as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012 SM2 and > + * described at https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 > + * > + * Copyright (c) 2020, Alibaba Group. > + * Authors: Tianjia Zhang > + */ > + > +#include > +#include > +#include > + > +#if IS_REACHABLE(CONFIG_CRYPTO_SM2) > + > +int cert_sig_digest_update(const struct public_key_signature *sig, > + struct crypto_akcipher *tfm_pkey) > +{ > + struct crypto_shash *tfm; > + struct shash_desc *desc; > + size_t desc_size; > + unsigned char dgst[SM3_DIGEST_SIZE]; > + int ret; > + > + BUG_ON(!sig->data); > + > + ret =3D sm2_compute_z_digest(tfm_pkey, SM2_DEFAULT_USERID, > + SM2_DEFAULT_USERID_LEN, dgst); > + if (ret) > + return ret; > + > + tfm =3D crypto_alloc_shash(sig->hash_algo, 0, 0); > + if (IS_ERR(tfm)) > + return PTR_ERR(tfm); > + > + desc_size =3D crypto_shash_descsize(tfm) + sizeof(*desc); > + desc =3D kzalloc(desc_size, GFP_KERNEL); > + if (!desc) > + goto error_free_tfm; > + > + desc->tfm =3D tfm; > + > + ret =3D crypto_shash_init(desc); > + if (ret < 0) > + goto error_free_desc; > + > + ret =3D crypto_shash_update(desc, dgst, SM3_DIGEST_SIZE); > + if (ret < 0) > + goto error_free_desc; > + > + ret =3D crypto_shash_finup(desc, sig->data, sig->data_size, sig->= digest); It looks like you are doing a separate init, update, finup every time - I would consider using crypto_shash_digest() in one go. In fact, considering the fact that you are allocating a tfm just for this use and then releasing it, I would consider switching to crypto_shash_tfm_digest() and dropping the kzalloc all together. This should simplify the code a bit. Other than that I don't have anything smart to say :-) Gilad --=20 Gilad Ben-Yossef Chief Coffee Drinker values of =CE=B2 will give rise to dom!