Received: by 2002:ab2:7a55:0:b0:1f4:4a7d:290d with SMTP id u21csp77499lqp; Thu, 4 Apr 2024 07:32:06 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWnfykmLyp6nwgZP87wmQVu4+WCH5dEXuNsLZ+Up1pHjWQwILzqoGkTAmdPknq+3AGvfOLjg4pNwigHyzG1eW72joCxIEibq0hm14wicQ== X-Google-Smtp-Source: AGHT+IFbPilLjoZXdvXJuXao4HPGSCgmUN2mytqIoi2NkfAlQGxuMX3yfkjK31o+4eYZ6mwcBtEw X-Received: by 2002:a05:6a00:2d89:b0:6ec:f869:34c with SMTP id fb9-20020a056a002d8900b006ecf869034cmr692743pfb.16.1712241125483; Thu, 04 Apr 2024 07:32:05 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712241125; cv=pass; d=google.com; s=arc-20160816; b=sPEHKme+/nkdAaMUt9xPWVBjAfnx+svG8nyaxC+p7dXk5NqBRzSm9+vnAMZzlqnv8u oHhujtTBff7GtZ6oydO+m6nt2R5SltkxvWfFz0CwFrF+NDeA+Xx20ZXjcLz169cYoCp0 PcUD4OgVfHuxIaRn9w9V/2B+d2+TM/j1B4+eDKLFM/20btRBA1FWa32OeWxrLDDfRERT cAxeKmF2L+eoKVydyGI9uVA7fo6kNxKhYnwCE1pMIRbPkf9FRDQVPNeXGsRQb8MoDfhD t4LZFx2YXTx1GyHsS5HsQcU+z9SXnOHvQgL4CTfZOt23yPXmjAMjnDZg3LN+zNUE73UQ Dchw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:list-unsubscribe:list-subscribe:list-id:precedence :content-transfer-encoding:message-id:date:subject:cc:to:from :dkim-signature; bh=nC4LM1YC9XZZrDEMUOi7ZLDOpXNISdt4owGoR3qHMQ8=; fh=ttd58PQB/9Jq7mprP/nc7Swd4f1ty4MwWMUAn54aZMY=; b=QZXG5vOiDcOo6MFS5IYujyQdGlNt4izkkb8XpYHrchOWSt/chbufMzfyB4uTfgJuVe QCcR5pNQvPtEEl7iCCQjTiSfo7ctZD80mENLGQYPQ0KM0Flo78m18DMGp4zz6XjF95he Rq/E/xwaIsuHpWMr9ckinOtNh5kAevRBimSzZzabVPuMwo+XBI3p6TkWlMU5p7VnY4am ctnF/c/FNMO1JQTT5ilVupr/1m3ewwGzDwrCryEAtgvU9iHKm+jDgIPK8MqcnRupdFeJ JMLCfGssVR3enbnfCN3QngU12u/lTWFc9YqsWwi5j2OFWj3zfB9ISc8D67+bV0ivfsGb ONeg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="Q+jF/OX7"; arc=pass (i=1 spf=pass spfdomain=linux.ibm.com dkim=pass dkdomain=ibm.com dmarc=pass fromdomain=linux.ibm.com); spf=pass (google.com: domain of linux-crypto+bounces-3318-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-crypto+bounces-3318-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id b15-20020a63714f000000b005db38f35248si15063809pgn.395.2024.04.04.07.32.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Apr 2024 07:32:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto+bounces-3318-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="Q+jF/OX7"; arc=pass (i=1 spf=pass spfdomain=linux.ibm.com dkim=pass dkdomain=ibm.com dmarc=pass fromdomain=linux.ibm.com); spf=pass (google.com: domain of linux-crypto+bounces-3318-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-crypto+bounces-3318-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 6251EB26FD1 for ; Thu, 4 Apr 2024 14:20:04 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 32EA8129E85; Thu, 4 Apr 2024 14:19:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="Q+jF/OX7" X-Original-To: linux-crypto@vger.kernel.org Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 33100126F11; Thu, 4 Apr 2024 14:19:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712240391; cv=none; b=LwWqBMd7W6PKmzNu0ko0E/4Pj3d9VFQuD5mpaMwkKAGYfVgT44TxX3JDX2IqcWCIWqs/pEUETVJeI+aVwyFxQ7hXImf9E3Zj9OZ6ShC+y7/1XMvcxFwNg9GqA2HvOg1J4PEX+UPp/m41SeINjoK7nu5JkkjTLp7kM/DUg5Hujt4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712240391; c=relaxed/simple; bh=dDoRuXR0h/UtIUwsNQvukoc7HzlkJPZrSDTAfMTCPIo=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=a0xlCG3KOeLI2OcH89Tg3gfo5Km9Mlr1Ae141t3fEF8jY3QPRm3W8aqkzlMZwMBn9IpxZSue+3uQ/9/bDqkUzcrZJOKgWT58iVPiMaPu2397O4hhTxxy4trNOPEs5Exto+ozyufwQ07yafmZIrUGG/Z+TQ9qhKGS1Bgdfb537wo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=Q+jF/OX7; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 434DWku4009020; Thu, 4 Apr 2024 14:19:35 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : content-transfer-encoding : mime-version; s=pp1; bh=nC4LM1YC9XZZrDEMUOi7ZLDOpXNISdt4owGoR3qHMQ8=; b=Q+jF/OX7k091kTbijHJTkSYk9owSXmfVnvvGqBDlT5z8JvsSJiXbCxi442hEbbK11sfV QBRgK1B//XlviHvPOFbpO0u38Sg1Zw0/fudEtFbaNdxXzfC1lDzjVXU7zKz9BAjVfX1G WMEsHxnCGNtecP5n6u2UaMdKhuZWjdQWqvefguYn7b1RUMR/ZbLihvoIqJuxRFtwXuIc WgoQXKIOsFScnrDIkPxUZwbRPSS3RO62ZoMPw/NInssUrpVg1JxqPgXKE3e7fpS83Itj NSJ5ihcCh0E9Q2o5eu3Ez4X1UxPl1Pk9oxfRFFr4WUWNg55j/EG/OOarOUZ6cxNEizdk EA== Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3x9w65g4t6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 04 Apr 2024 14:19:34 +0000 Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 434Dsu5R003627; Thu, 4 Apr 2024 14:19:33 GMT Received: from smtprelay04.wdc07v.mail.ibm.com ([172.16.1.71]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 3x9epyck0a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 04 Apr 2024 14:19:33 +0000 Received: from smtpav06.wdc07v.mail.ibm.com (smtpav06.wdc07v.mail.ibm.com [10.39.53.233]) by smtprelay04.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 434EJU1258327462 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 4 Apr 2024 14:19:33 GMT Received: from smtpav06.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E08105803F; Thu, 4 Apr 2024 14:19:30 +0000 (GMT) Received: from smtpav06.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0CDF058056; Thu, 4 Apr 2024 14:19:30 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav06.wdc07v.mail.ibm.com (Postfix) with ESMTP; Thu, 4 Apr 2024 14:19:29 +0000 (GMT) From: Stefan Berger To: keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, herbert@gondor.apana.org.au, davem@davemloft.net Cc: linux-kernel@vger.kernel.org, saulo.alessandre@tse.jus.br, lukas@wunner.de, bbhushan2@marvell.com, jarkko@kernel.org, Stefan Berger Subject: [PATCH v8 00/13] Add support for NIST P521 to ecdsa Date: Thu, 4 Apr 2024 10:18:43 -0400 Message-ID: <20240404141856.2399142-1-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.44.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: ie4Z9mw2pqhOHgXIy7ssFXzNnWcoeRGM X-Proofpoint-GUID: ie4Z9mw2pqhOHgXIy7ssFXzNnWcoeRGM Content-Transfer-Encoding: 8bit X-Proofpoint-UnRewURL: 0 URL was un-rewritten Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-04-04_10,2024-04-04_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 mlxlogscore=999 priorityscore=1501 bulkscore=0 spamscore=0 clxscore=1011 malwarescore=0 adultscore=0 lowpriorityscore=0 impostorscore=0 phishscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2404010000 definitions=main-2404040098 This series adds support for the NIST P521 curve to the ecdsa module to enable signature verification with it. An issue with the current code in ecdsa is that it assumes that input arrays providing key coordinates for example, are arrays of digits (a 'digit' is a 'u64'). This works well for all currently supported curves, such as NIST P192/256/384, but does not work for NIST P521 where coordinates are 8 digits + 2 bytes long. So some of the changes deal with converting byte arrays to digits and adjusting tests on input byte array lengths to tolerate arrays not providing multiples of 8 bytes. Regards, Stefan v8: - Changed nbits from unsigned int to u32 (5/13) - Added MODULE_ALIAS_CRYPTO("ecdsa-nist-p521") (11/13) - Applied R-b & T-b tags from Jarkko - Rebased on master branch at https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git v7: - Applied T-b tag from Christian to all patches - Applied R-b tag from Jarkko to some patches - Rephrased some patch descriptions per Jarkko's request v6: - Use existing #defines for number of digits rather than plain numbers (1/13, 6/13) following Bharat's suggestion - Initialize result from lowest 521 bits of product rather than going through tmp variable (6/13) v5: - Simplified ecc_digits_from_bytes as suggested by Lukas (1/12) - Using nbits == 521 to detect NIST P521 curve rather than strcmp() (5,6/12) - Nits in patch description and comments (11/12) v4: - Followed suggestions by Lukas Wummer (1,5,8/12) - Use nbits rather than ndigits where needed (8/12) - Renaming 'keylen' variablest to bufsize where necessary (9/12) - Adjust signature size calculation for NIST P521 (11/12) v3: - Dropped ecdh support - Use ecc_get_curve_nbits for getting number of bits in NIST P521 curve in ecc_point_mult (7/10) v2: - Reformulated some patch descriptions - Fixed issue detected by krobot - Some other small changes to the code Stefan Berger (13): crypto: ecc - Use ECC_CURVE_NIST_P192/256/384_DIGITS where possible crypto: ecdsa - Convert byte arrays with key coordinates to digits crypto: ecdsa - Adjust tests on length of key parameters crypto: ecdsa - Extend res.x mod n calculation for NIST P521 crypto: ecc - Add nbits field to ecc_curve structure crypto: ecc - Implement vli_mmod_fast_521 for NIST p521 crypto: ecc - Add special case for NIST P521 in ecc_point_mult crypto: ecc - Add NIST P521 curve parameters crypto: ecdsa - Replace ndigits with nbits where precision is needed crypto: ecdsa - Rename keylen to bufsize where necessary crypto: ecdsa - Register NIST P521 and extend test suite crypto: asymmetric_keys - Adjust signature size calculation for NIST P521 crypto: x509 - Add OID for NIST P521 and extend parser for it crypto/asymmetric_keys/public_key.c | 14 ++- crypto/asymmetric_keys/x509_cert_parser.c | 3 + crypto/ecc.c | 44 +++++-- crypto/ecc_curve_defs.h | 49 ++++++++ crypto/ecdsa.c | 63 +++++++--- crypto/ecrdsa_defs.h | 5 + crypto/testmgr.c | 7 ++ crypto/testmgr.h | 146 ++++++++++++++++++++++ include/crypto/ecc_curve.h | 2 + include/crypto/ecdh.h | 1 + include/crypto/internal/ecc.h | 24 +++- include/linux/oid_registry.h | 1 + 12 files changed, 336 insertions(+), 23 deletions(-) base-commit: a9a72140536fe02d98bce72a608ccf3ba9008a71 -- 2.43.0