From: Stephan Mueller <smueller@chronox.de>
To: James Bottomley <jejb@linux.vnet.ibm.com>
Cc: Tudor Ambarus <tudor.ambarus@microchip.com>,
David Howells <dhowells@redhat.com>,
dwmw2@infradead.org, keyrings@vger.kernel.org,
"bluez mailin list (linux-bluetooth@vger.kernel.org)"
<linux-bluetooth@vger.kernel.org>,
linux-security-module@vger.kernel.org,
tpmdd-devel@lists.sourceforge.net,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Subject: Re: [tpmdd-devel] in-kernel user of ecdsa
Date: Mon, 12 Mar 2018 21:57:28 +0000 [thread overview]
Message-ID: <4913167.EB42K91l1O@tauon.chronox.de> (raw)
In-Reply-To: <1520891735.4522.45.camel@linux.vnet.ibm.com>
Am Montag, 12. März 2018, 22:55:35 CET schrieb James Bottomley:
Hi James,
> > ECDSA is not implemented currently in the kernel crypto API.
>
> an ECDSA signature is produced as a ECDH operation using the DSA
> algorithm instead of KDFe, so it's trivial with what we have; signature
> verification involves a separate point addition but we have all the
> primitives for this in crypto/ecc.c so adding it isn't really
> difficult, is it?
No, it is not. There even was a patch posted about a year ago to add ECDSA.
But it was rejected due to missing in-kernel users. I guess that patch could
be reactivated.
Ciao
Stephan
WARNING: multiple messages have this Message-ID (diff)
From: Stephan Mueller <smueller@chronox.de>
To: James Bottomley <jejb@linux.vnet.ibm.com>
Cc: Tudor Ambarus <tudor.ambarus@microchip.com>,
David Howells <dhowells@redhat.com>,
dwmw2@infradead.org, keyrings@vger.kernel.org,
"bluez mailin list (linux-bluetooth@vger.kernel.org)"
<linux-bluetooth@vger.kernel.org>,
linux-security-module@vger.kernel.org,
tpmdd-devel@lists.sourceforge.net,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Subject: Re: [tpmdd-devel] in-kernel user of ecdsa
Date: Mon, 12 Mar 2018 22:57:28 +0100 [thread overview]
Message-ID: <4913167.EB42K91l1O@tauon.chronox.de> (raw)
In-Reply-To: <1520891735.4522.45.camel@linux.vnet.ibm.com>
Am Montag, 12. M=E4rz 2018, 22:55:35 CET schrieb James Bottomley:
Hi James,
> > ECDSA is not implemented currently in the kernel crypto API.
>=20
> an ECDSA signature is produced as a ECDH operation using the DSA
> algorithm instead of KDFe, so it's trivial with what we have; signature
> verification involves a separate point addition but we have all the
> primitives for this in crypto/ecc.c so adding it isn't really
> difficult, is it?
No, it is not. There even was a patch posted about a year ago to add ECDSA.=
=20
But it was rejected due to missing in-kernel users. I guess that patch coul=
d=20
be reactivated.
Ciao
Stephan
WARNING: multiple messages have this Message-ID (diff)
From: smueller@chronox.de (Stephan Mueller)
To: linux-security-module@vger.kernel.org
Subject: [tpmdd-devel] in-kernel user of ecdsa
Date: Mon, 12 Mar 2018 22:57:28 +0100 [thread overview]
Message-ID: <4913167.EB42K91l1O@tauon.chronox.de> (raw)
In-Reply-To: <1520891735.4522.45.camel@linux.vnet.ibm.com>
Am Montag, 12. M?rz 2018, 22:55:35 CET schrieb James Bottomley:
Hi James,
> > ECDSA is not implemented currently in the kernel crypto API.
>
> an ECDSA signature is produced as a ECDH operation using the DSA
> algorithm instead of KDFe, so it's trivial with what we have; signature
> verification involves a separate point addition but we have all the
> primitives for this in crypto/ecc.c so adding it isn't really
> difficult, is it?
No, it is not. There even was a patch posted about a year ago to add ECDSA.
But it was rejected due to missing in-kernel users. I guess that patch could
be reactivated.
Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2018-03-12 21:57 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-12 17:07 in-kernel user of ecdsa Tudor Ambarus
2018-03-12 17:07 ` Tudor Ambarus
2018-03-12 17:07 ` Tudor Ambarus
2018-03-12 17:07 ` Tudor Ambarus
2018-03-12 17:07 ` Tudor Ambarus
2018-03-12 18:09 ` [tpmdd-devel] " James Bottomley
2018-03-12 18:09 ` James Bottomley
2018-03-12 18:09 ` [tpmdd-devel] " James Bottomley
2018-03-12 18:09 ` James Bottomley
2018-03-12 18:09 ` [tpmdd-devel] " James Bottomley
2018-03-12 19:56 ` Stephan Mueller
2018-03-12 19:56 ` Stephan Mueller
2018-03-12 19:56 ` Stephan Mueller
2018-03-12 21:55 ` James Bottomley
2018-03-12 21:55 ` James Bottomley
2018-03-12 21:55 ` [tpmdd-devel] " James Bottomley
2018-03-12 21:55 ` James Bottomley
2018-03-12 21:55 ` [tpmdd-devel] " James Bottomley
2018-03-12 21:57 ` Stephan Mueller [this message]
2018-03-12 21:57 ` Stephan Mueller
2018-03-12 21:57 ` Stephan Mueller
2018-03-26 14:59 ` Tudor Ambarus
2018-03-26 14:59 ` Tudor Ambarus
2018-03-26 14:59 ` Tudor Ambarus
2018-03-26 14:59 ` Tudor Ambarus
2018-03-26 14:59 ` Tudor Ambarus
2018-03-26 14:59 ` Tudor Ambarus
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4913167.EB42K91l1O@tauon.chronox.de \
--to=smueller@chronox.de \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=jejb@linux.vnet.ibm.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=tpmdd-devel@lists.sourceforge.net \
--cc=tudor.ambarus@microchip.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.