| Message ID | 20200609134855.21431-1-tianjia.zhang@linux.alibaba.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | crpyto: introduce OSCCA certificate and SM2 asymmetric algorithm | expand |
Tianjia, On Tue, Jun 09, 2020 at 09:48:47PM +0800, Tianjia Zhang wrote: > Hello all, > > This new module implement the OSCCA certificate and SM2 public key > algorithm. It was published by State Encryption Management Bureau, China. > List of specifications for OSCCA certificate and SM2 elliptic curve > public key cryptography: > > * GM/T 0003.1-2012 > * GM/T 0003.2-2012 > * GM/T 0003.3-2012 > * GM/T 0003.4-2012 > * GM/T 0003.5-2012 > * GM/T 0015-2012 > * GM/T 0009-2012 > > IETF: https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 > oscca: http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml > scctc: http://www.gmbz.org.cn/main/bzlb.html > > These patchs add the OID object identifier defined by OSCCA. The > x509 certificate supports sm2-with-sm3 type certificate parsing > and verification. > > The sm2 algorithm is based on libgcrypt's mpi implementation, and has > made some additions to the kernel's original mpi library, and added the > implementation of ec to better support elliptic curve-like algorithms. > > sm2 has good support in both openssl and gnupg projects, and sm3 and sm4 > of the OSCCA algorithm family have also been implemented in the kernel. > > Among them, sm3 and sm4 have been well implemented in the kernel. > This group of patches has newly introduced sm2. In order to implement > sm2 more perfectly, I expanded the mpi library and introduced the > ec implementation of the mpi library as the basic algorithm. Compared > to the kernel's crypto/ecc.c, the implementation of mpi/ec.c is more > complete and elegant, sm2 is implemented based on these algorithms. Does it use constant-time algorithms? Thanks, > > --- > v3 changes: > 1. integrity asymmetric digsig support sm2-with-sm3 algorithm. > 2. remove unused sm2_set_priv_key(). > 3. rebase on mainline. > > v2 changes: > 1. simplify the sm2 algorithm and only retain the verify function. > 2. extract the sm2 certificate code into a separate file. > > Tianjia Zhang (8): > crypto: sm3 - export crypto_sm3_final function > lib/mpi: Extend the MPI library > lib/mpi: Introduce ec implementation to MPI library > crypto: sm2 - introduce OSCCA SM2 asymmetric cipher algorithm > crypto: testmgr - support test with different ciphertext per > encryption > X.509: support OSCCA certificate parse > X.509: support OSCCA sm2-with-sm3 certificate verification > integrity: Asymmetric digsig supports SM2-with-SM3 algorithm > > crypto/Kconfig | 17 + > crypto/Makefile | 8 + > crypto/asymmetric_keys/Makefile | 1 + > crypto/asymmetric_keys/public_key.c | 6 + > crypto/asymmetric_keys/public_key_sm2.c | 59 + > crypto/asymmetric_keys/x509_cert_parser.c | 14 +- > crypto/asymmetric_keys/x509_public_key.c | 2 + > crypto/sm2.c | 473 +++++++ > crypto/sm2signature.asn1 | 4 + > crypto/sm3_generic.c | 7 +- > crypto/testmgr.c | 7 +- > include/crypto/public_key.h | 14 + > include/crypto/sm2.h | 25 + > include/crypto/sm3.h | 2 + > include/linux/mpi.h | 193 +++ > include/linux/oid_registry.h | 6 + > lib/mpi/Makefile | 6 + > lib/mpi/ec.c | 1538 +++++++++++++++++++++ > lib/mpi/mpi-add.c | 207 +++ > lib/mpi/mpi-bit.c | 251 ++++ > lib/mpi/mpi-cmp.c | 46 +- > lib/mpi/mpi-div.c | 259 ++++ > lib/mpi/mpi-internal.h | 53 + > lib/mpi/mpi-inv.c | 143 ++ > lib/mpi/mpi-mod.c | 155 +++ > lib/mpi/mpi-mul.c | 166 +++ > lib/mpi/mpicoder.c | 336 +++++ > lib/mpi/mpih-div.c | 294 ++++ > lib/mpi/mpih-mul.c | 25 + > lib/mpi/mpiutil.c | 204 +++ > security/integrity/digsig_asymmetric.c | 14 +- > 31 files changed, 4517 insertions(+), 18 deletions(-) > create mode 100644 crypto/asymmetric_keys/public_key_sm2.c > create mode 100644 crypto/sm2.c > create mode 100644 crypto/sm2signature.asn1 > create mode 100644 include/crypto/sm2.h > create mode 100644 lib/mpi/ec.c > create mode 100644 lib/mpi/mpi-add.c > create mode 100644 lib/mpi/mpi-div.c > create mode 100644 lib/mpi/mpi-inv.c > create mode 100644 lib/mpi/mpi-mod.c > create mode 100644 lib/mpi/mpi-mul.c > > -- > 2.17.1
On 2020/6/10 4:58, Vitaly Chikunov wrote: > Tianjia, > > On Tue, Jun 09, 2020 at 09:48:47PM +0800, Tianjia Zhang wrote: >> Hello all, >> >> This new module implement the OSCCA certificate and SM2 public key >> algorithm. It was published by State Encryption Management Bureau, China. >> List of specifications for OSCCA certificate and SM2 elliptic curve >> public key cryptography: >> >> * GM/T 0003.1-2012 >> * GM/T 0003.2-2012 >> * GM/T 0003.3-2012 >> * GM/T 0003.4-2012 >> * GM/T 0003.5-2012 >> * GM/T 0015-2012 >> * GM/T 0009-2012 >> >> IETF: https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 >> oscca: http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml >> scctc: http://www.gmbz.org.cn/main/bzlb.html >> >> These patchs add the OID object identifier defined by OSCCA. The >> x509 certificate supports sm2-with-sm3 type certificate parsing >> and verification. >> >> The sm2 algorithm is based on libgcrypt's mpi implementation, and has >> made some additions to the kernel's original mpi library, and added the >> implementation of ec to better support elliptic curve-like algorithms. >> >> sm2 has good support in both openssl and gnupg projects, and sm3 and sm4 >> of the OSCCA algorithm family have also been implemented in the kernel. >> >> Among them, sm3 and sm4 have been well implemented in the kernel. >> This group of patches has newly introduced sm2. In order to implement >> sm2 more perfectly, I expanded the mpi library and introduced the >> ec implementation of the mpi library as the basic algorithm. Compared >> to the kernel's crypto/ecc.c, the implementation of mpi/ec.c is more >> complete and elegant, sm2 is implemented based on these algorithms. > > Does it use constant-time algorithms? > > Thanks, > Sorry for not responding in time. This algorithm is constant-time algorithms, and this logic is implemented in ec_mul_point(). Will you consider implementing ecrdsa based on the mpi ec algorithm in the future? Thanks and best, Tianjia
Hello all, This new module implement the OSCCA certificate and SM2 public key algorithm. It was published by State Encryption Management Bureau, China. List of specifications for OSCCA certificate and SM2 elliptic curve public key cryptography: * GM/T 0003.1-2012 * GM/T 0003.2-2012 * GM/T 0003.3-2012 * GM/T 0003.4-2012 * GM/T 0003.5-2012 * GM/T 0015-2012 * GM/T 0009-2012 IETF: https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 oscca: http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml scctc: http://www.gmbz.org.cn/main/bzlb.html These patchs add the OID object identifier defined by OSCCA. The x509 certificate supports sm2-with-sm3 type certificate parsing and verification. The sm2 algorithm is based on libgcrypt's mpi implementation, and has made some additions to the kernel's original mpi library, and added the implementation of ec to better support elliptic curve-like algorithms. sm2 has good support in both openssl and gnupg projects, and sm3 and sm4 of the OSCCA algorithm family have also been implemented in the kernel. Among them, sm3 and sm4 have been well implemented in the kernel. This group of patches has newly introduced sm2. In order to implement sm2 more perfectly, I expanded the mpi library and introduced the ec implementation of the mpi library as the basic algorithm. Compared to the kernel's crypto/ecc.c, the implementation of mpi/ec.c is more complete and elegant, sm2 is implemented based on these algorithms. --- v3 changes: 1. integrity asymmetric digsig support sm2-with-sm3 algorithm. 2. remove unused sm2_set_priv_key(). 3. rebase on mainline. v2 changes: 1. simplify the sm2 algorithm and only retain the verify function. 2. extract the sm2 certificate code into a separate file. Tianjia Zhang (8): crypto: sm3 - export crypto_sm3_final function lib/mpi: Extend the MPI library lib/mpi: Introduce ec implementation to MPI library crypto: sm2 - introduce OSCCA SM2 asymmetric cipher algorithm crypto: testmgr - support test with different ciphertext per encryption X.509: support OSCCA certificate parse X.509: support OSCCA sm2-with-sm3 certificate verification integrity: Asymmetric digsig supports SM2-with-SM3 algorithm crypto/Kconfig | 17 + crypto/Makefile | 8 + crypto/asymmetric_keys/Makefile | 1 + crypto/asymmetric_keys/public_key.c | 6 + crypto/asymmetric_keys/public_key_sm2.c | 59 + crypto/asymmetric_keys/x509_cert_parser.c | 14 +- crypto/asymmetric_keys/x509_public_key.c | 2 + crypto/sm2.c | 473 +++++++ crypto/sm2signature.asn1 | 4 + crypto/sm3_generic.c | 7 +- crypto/testmgr.c | 7 +- include/crypto/public_key.h | 14 + include/crypto/sm2.h | 25 + include/crypto/sm3.h | 2 + include/linux/mpi.h | 193 +++ include/linux/oid_registry.h | 6 + lib/mpi/Makefile | 6 + lib/mpi/ec.c | 1538 +++++++++++++++++++++ lib/mpi/mpi-add.c | 207 +++ lib/mpi/mpi-bit.c | 251 ++++ lib/mpi/mpi-cmp.c | 46 +- lib/mpi/mpi-div.c | 259 ++++ lib/mpi/mpi-internal.h | 53 + lib/mpi/mpi-inv.c | 143 ++ lib/mpi/mpi-mod.c | 155 +++ lib/mpi/mpi-mul.c | 166 +++ lib/mpi/mpicoder.c | 336 +++++ lib/mpi/mpih-div.c | 294 ++++ lib/mpi/mpih-mul.c | 25 + lib/mpi/mpiutil.c | 204 +++ security/integrity/digsig_asymmetric.c | 14 +- 31 files changed, 4517 insertions(+), 18 deletions(-) create mode 100644 crypto/asymmetric_keys/public_key_sm2.c create mode 100644 crypto/sm2.c create mode 100644 crypto/sm2signature.asn1 create mode 100644 include/crypto/sm2.h create mode 100644 lib/mpi/ec.c create mode 100644 lib/mpi/mpi-add.c create mode 100644 lib/mpi/mpi-div.c create mode 100644 lib/mpi/mpi-inv.c create mode 100644 lib/mpi/mpi-mod.c create mode 100644 lib/mpi/mpi-mul.c