From patchwork Wed Jul 8 08:28:17 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "tianjia.zhang" X-Patchwork-Id: 11651069 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0B07F618 for ; Wed, 8 Jul 2020 08:31:12 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D448A21532 for ; Wed, 8 Jul 2020 08:31:11 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="WnW+whVj" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D448A21532 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:MIME-Version:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:References:In-Reply-To:Message-Id:Date:Subject:To: From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=FIeOFo2oaFuaibVc4/YilX/3nt0dEYcMIj15vpfFp2s=; b=WnW+whVj2RUT+L4MLMiGfSkwEU AWTmbPgBdJnJ52SEU/nwn7T5npfHrsyc1llQ4Oo9XuYDoyg4p9hj1cMdoHDDvWmeq8ZaRad3FVZRs fWvxy3YS3J+0gPBG5C0uHWu7usBXmEORMagoqWPoLkj9m23LU/NzaPbdo1GlIAwrL/JhbEt6YdnFG Lpa7Qj8XoSsyqNJkTsHj/7sygcAjDM+Cl9nKLFlOX0lUAyQ6A/wtuwKzGb8y6n1pqZId9pmf7ilUW bbKhGcAyxBAtSMP2edT3DpdaYvYoV/sTXtP8Vwdq+FXZeae15G6tXha2NIhngHanYNmT8BVEO9WWd VeLpi0cQ==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jt5S5-0000fs-Rk; Wed, 08 Jul 2020 08:29:13 +0000 Received: from out30-56.freemail.mail.aliyun.com ([115.124.30.56]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jt5RS-0000Ll-JI for linux-arm-kernel@lists.infradead.org; Wed, 08 Jul 2020 08:28:43 +0000 X-Alimail-AntiSpam: AC=PASS; BC=-1|-1; BR=01201311R791e4; CH=green; DM=||false|; DS=||; FP=0|-1|-1|-1|0|-1|-1|-1; HT=e01f04397; MF=tianjia.zhang@linux.alibaba.com; NM=1; PH=DS; RN=21; SR=0; TI=SMTPD_---0U26GEW2_1594196904; Received: from localhost(mailfrom:tianjia.zhang@linux.alibaba.com fp:SMTPD_---0U26GEW2_1594196904) by smtp.aliyun-inc.com(127.0.0.1); Wed, 08 Jul 2020 16:28:24 +0800 From: Tianjia Zhang To: herbert@gondor.apana.org.au, davem@davemloft.net, dhowells@redhat.com, mcoquelin.stm32@gmail.com, alexandre.torgue@st.com, jmorris@namei.org, serge@hallyn.com, nramas@linux.microsoft.com, tusharsu@linux.microsoft.com, zohar@linux.ibm.com, gilad@benyossef.com, pvanleeuwen@rambus.com Subject: [PATCH v4 7/8] X.509: support OSCCA sm2-with-sm3 certificate verification Date: Wed, 8 Jul 2020 16:28:17 +0800 Message-Id: <20200708082818.5511-8-tianjia.zhang@linux.alibaba.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200708082818.5511-1-tianjia.zhang@linux.alibaba.com> References: <20200708082818.5511-1-tianjia.zhang@linux.alibaba.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200708_042840_431456_A2CF98CB X-CRM114-Status: GOOD ( 17.46 ) X-Spam-Score: -8.0 (--------) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-8.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [115.124.30.56 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -7.5 USER_IN_DEF_SPF_WL From: address is in the default SPF white-list 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines -0.5 ENV_AND_HDR_SPF_MATCH Env and Hdr From used in default SPF WL Match X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: tianjia.zhang@linux.alibaba.com, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, zhang.jia@linux.alibaba.com, linux-integrity@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com, linux-arm-kernel@lists.infradead.org MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org The digital certificate format based on SM2 crypto algorithm as specified in GM/T 0015-2012. It was published by State Encryption Management Bureau, China. The method of generating Other User Information is defined as ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA), it also specified in https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02. The x509 certificate supports sm2-with-sm3 type certificate verification. Because certificate verification requires ZA in addition to tbs data, ZA also depends on elliptic curve parameters and public key data, so you need to access tbs in sig and calculate ZA. Finally calculate the digest of the signature and complete the verification work. The calculation process of ZA is declared in specifications GM/T 0009-2012 and GM/T 0003.2-2012. Signed-off-by: Tianjia Zhang --- crypto/asymmetric_keys/Makefile | 1 + crypto/asymmetric_keys/public_key.c | 6 +++ crypto/asymmetric_keys/public_key_sm2.c | 57 ++++++++++++++++++++++++ crypto/asymmetric_keys/x509_public_key.c | 3 ++ include/crypto/public_key.h | 15 +++++++ 5 files changed, 82 insertions(+) create mode 100644 crypto/asymmetric_keys/public_key_sm2.c diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile index 28b91adba2ae..d499367dd253 100644 --- a/crypto/asymmetric_keys/Makefile +++ b/crypto/asymmetric_keys/Makefile @@ -11,6 +11,7 @@ asymmetric_keys-y := \ signature.o obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o +obj-$(CONFIG_CRYPTO_SM2) += public_key_sm2.o obj-$(CONFIG_ASYMMETRIC_TPM_KEY_SUBTYPE) += asym_tpm.o # diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index d7f43d4ea925..6b7a6286d5fd 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -298,6 +298,12 @@ int public_key_verify_signature(const struct public_key *pkey, if (ret) goto error_free_key; + if (strcmp(sig->pkey_algo, "sm2") == 0 && sig->data_size) { + ret = cert_sig_digest_update(sig, tfm); + if (ret) + goto error_free_key; + } + sg_init_table(src_sg, 2); sg_set_buf(&src_sg[0], sig->s, sig->s_size); sg_set_buf(&src_sg[1], sig->digest, sig->digest_size); diff --git a/crypto/asymmetric_keys/public_key_sm2.c b/crypto/asymmetric_keys/public_key_sm2.c new file mode 100644 index 000000000000..b3df5c615b72 --- /dev/null +++ b/crypto/asymmetric_keys/public_key_sm2.c @@ -0,0 +1,57 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * asymmetric public-key algorithm for SM2-with-SM3 certificate + * as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012 SM2 and + * described at https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 + * + * Copyright (c) 2020, Alibaba Group. + * Authors: Tianjia Zhang + */ + +#include +#include +#include "x509_parser.h" + +int cert_sig_digest_update(const struct public_key_signature *sig, + struct crypto_akcipher *tfm_pkey) +{ + struct crypto_shash *tfm; + struct shash_desc *desc; + size_t desc_size; + unsigned char dgst[SM3_DIGEST_SIZE]; + int ret; + + BUG_ON(!sig->data); + + ret = sm2_compute_z_digest(tfm_pkey, SM2_DEFAULT_USERID, + SM2_DEFAULT_USERID_LEN, dgst); + if (ret) + return ret; + + tfm = crypto_alloc_shash(sig->hash_algo, 0, 0); + if (IS_ERR(tfm)) + return PTR_ERR(tfm); + + desc_size = crypto_shash_descsize(tfm) + sizeof(*desc); + desc = kzalloc(desc_size, GFP_KERNEL); + if (!desc) + goto error_free_tfm; + + desc->tfm = tfm; + + ret = crypto_shash_init(desc); + if (ret < 0) + goto error_free_desc; + + ret = crypto_shash_update(desc, dgst, SM3_DIGEST_SIZE); + if (ret < 0) + goto error_free_desc; + + ret = crypto_shash_finup(desc, sig->data, sig->data_size, sig->digest); + +error_free_desc: + kfree(desc); +error_free_tfm: + crypto_free_shash(tfm); + return ret; +} diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c index d964cc82b69c..ae450eb8be14 100644 --- a/crypto/asymmetric_keys/x509_public_key.c +++ b/crypto/asymmetric_keys/x509_public_key.c @@ -30,6 +30,9 @@ int x509_get_sig_params(struct x509_certificate *cert) pr_devel("==>%s()\n", __func__); + sig->data = cert->tbs; + sig->data_size = cert->tbs_size; + if (!cert->pub->pkey_algo) cert->unsupported_key = true; diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h index 0588ef3bc6ff..861348dccd68 100644 --- a/include/crypto/public_key.h +++ b/include/crypto/public_key.h @@ -12,6 +12,7 @@ #include #include +#include /* * Cryptographic data for the public-key subtype of the asymmetric key type. @@ -44,6 +45,8 @@ struct public_key_signature { const char *pkey_algo; const char *hash_algo; const char *encoding; + const void *data; + unsigned int data_size; }; extern void public_key_signature_free(struct public_key_signature *sig); @@ -81,4 +84,16 @@ extern int verify_signature(const struct key *, int public_key_verify_signature(const struct public_key *pkey, const struct public_key_signature *sig); +#ifdef CONFIG_CRYPTO_SM2 +int cert_sig_digest_update(const struct public_key_signature *sig, + struct crypto_akcipher *tfm_pkey); +#else +static inline +int cert_sig_digest_update(const struct public_key_signature *sig, + struct crypto_akcipher *tfm_pkey) +{ + return -ENOTSUPP; +} +#endif + #endif /* _LINUX_PUBLIC_KEY_H */