| Message ID | 20240301022007.344948-1-stefanb@linux.ibm.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Add support for NIST P521 to ecdsa | expand |
On Thu, Feb 29, 2024 at 09:19:55PM -0500, Stefan Berger wrote: > This series adds support for the NIST P521 curve to the ecdsa module > to enable signature verification with it. > > An issue with the current code in ecdsa is that it assumes that input > arrays providing key coordinates for example, are arrays of digits > (a 'digit' is a 'u64'). This works well for all currently supported > curves, such as NIST P192/256/384, but does not work for NIST P521 where > coordinates are 8 digits + 2 bytes long. So some of the changes deal with > converting byte arrays to digits and adjusting tests on input byte > array lengths to tolerate arrays not providing multiples of 8 bytes. When respinning this series as v5, feel free to add my Tested-by: Lukas Wunner <lukas@wunner.de> I cherry-picked the commits from your nist_p521.v5 branch... https://github.com/stefanberger/linux-ima-namespaces/commits/nist_p521.v5/ ...onto my development branch for PCI device authentication... https://github.com/l1k/linux/commits/doe ...and tested against qemu+libspdm that an emulated NVMe drive is able to present a valid signature using NIST P521 + SHA384 which can be verified correctly by the kernel. I needed to fix up two of my patches, one which adds P1363 signature format support to the kernel and another fixup to add NIST P521 support to the in-kernel SPDM library (two top-most commits on my above-linked development branch). I performed this test against your f81547267725 head and notice that you pushed a new version today (with "curve->nbits == 521" instead of strcmp), but I'm confident those two small changes wouldn't alter the outcone, hence my Tested-by stands. Thanks, Lukas
On 3/4/24 13:10, Lukas Wunner wrote: > On Thu, Feb 29, 2024 at 09:19:55PM -0500, Stefan Berger wrote: >> This series adds support for the NIST P521 curve to the ecdsa module >> to enable signature verification with it. >> >> An issue with the current code in ecdsa is that it assumes that input >> arrays providing key coordinates for example, are arrays of digits >> (a 'digit' is a 'u64'). This works well for all currently supported >> curves, such as NIST P192/256/384, but does not work for NIST P521 where >> coordinates are 8 digits + 2 bytes long. So some of the changes deal with >> converting byte arrays to digits and adjusting tests on input byte >> array lengths to tolerate arrays not providing multiples of 8 bytes. > > When respinning this series as v5, feel free to add my > > Tested-by: Lukas Wunner <lukas@wunner.de> Thanks. > > > I cherry-picked the commits from your nist_p521.v5 branch... > > https://github.com/stefanberger/linux-ima-namespaces/commits/nist_p521.v5/ > > ...onto my development branch for PCI device authentication... > > https://github.com/l1k/linux/commits/doe > > ...and tested against qemu+libspdm that an emulated NVMe drive > is able to present a valid signature using NIST P521 + SHA384 > which can be verified correctly by the kernel. FYI: I have a PR for a test suite here as well: https://github.com/stefanberger/eckey-testing/pull/1 > > I needed to fix up two of my patches, one which adds P1363 > signature format support to the kernel and another fixup to > add NIST P521 support to the in-kernel SPDM library > (two top-most commits on my above-linked development branch). > > I performed this test against your f81547267725 head and notice > that you pushed a new version today (with "curve->nbits == 521" > instead of strcmp), but I'm confident those two small changes > wouldn't alter the outcone, hence my Tested-by stands. > > Thanks, > > Lukas >
This series adds support for the NIST P521 curve to the ecdsa module to enable signature verification with it. An issue with the current code in ecdsa is that it assumes that input arrays providing key coordinates for example, are arrays of digits (a 'digit' is a 'u64'). This works well for all currently supported curves, such as NIST P192/256/384, but does not work for NIST P521 where coordinates are 8 digits + 2 bytes long. So some of the changes deal with converting byte arrays to digits and adjusting tests on input byte array lengths to tolerate arrays not providing multiples of 8 bytes. Regards, Stefan v4: - Followed suggestions by Lukas Wummer (1,5,8/12) - Use nbits rather than ndigits where needed (8/12) - Renaming 'keylen' variablest to bufsize where necessary (9/12) - Adjust signature size calculation for NIST P521 (11/12) v3: - Dropped ecdh support - Use ecc_get_curve_nbits for getting number of bits in NIST P521 curve in ecc_point_mult (7/10) v2: - Reformulated some patch descriptions - Fixed issue detected by krobot - Some other small changes to the code Stefan Berger (12): crypto: ecdsa - Convert byte arrays with key coordinates to digits crypto: ecdsa - Adjust tests on length of key parameters crypto: ecdsa - Extend res.x mod n calculation for NIST P521 crypto: ecc - Implement vli_mmod_fast_521 for NIST p521 crypto: ecc - Add nbits field to ecc_curve structure crypto: ecc - Add special case for NIST P521 in ecc_point_mult crypto: ecc - Add NIST P521 curve parameters crypto: ecdsa - Replace ndigits with nbits where precision is needed crypto: ecdsa - Rename keylen to bufsize where necessary crypto: ecdsa - Register NIST P521 and extend test suite crypto: asymmetric_keys - Adjust signature size calculation for NIST P521 crypto: x509 - Add OID for NIST P521 and extend parser for it crypto/asymmetric_keys/public_key.c | 14 ++- crypto/asymmetric_keys/x509_cert_parser.c | 3 + crypto/ecc.c | 38 +++++- crypto/ecc_curve_defs.h | 49 ++++++++ crypto/ecdsa.c | 62 ++++++--- crypto/ecrdsa_defs.h | 5 + crypto/testmgr.c | 7 ++ crypto/testmgr.h | 146 ++++++++++++++++++++++ include/crypto/ecc_curve.h | 3 + include/crypto/ecdh.h | 1 + include/crypto/internal/ecc.h | 27 +++- include/linux/oid_registry.h | 1 + 12 files changed, 339 insertions(+), 17 deletions(-)