* [PATCH v2 00/19] Migrate to sig_alg and templatize ecdsa
@ 2024-09-10 14:30 Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 10/19] crypto: drivers - Drop sign/verify operations Lukas Wunner
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Lukas Wunner @ 2024-09-10 14:30 UTC (permalink / raw)
To: linux-aspeed
The original impetus of this series is to introduce P1363 signature
decoding for ecdsa (patch [18/19]), which is needed by the upcoming
SPDM library (Security Protocol and Data Model) for PCI device
authentication.
To facilitate that, move X9.62 signature decoding out of ecdsa.c and
into a template (patch [15/19]).
New in v2: Move the maximum signature size calculations for ecdsa
out of software_key_query() and into the X9.62 template so that
corresponding calculations can be added for P1363 without further
cluttering up software_key_query() (patch [16/19] - [17/19]).
New in v2: Avoid inefficient copying from kernel buffers to sglists
in the new templates by introducing a sig_alg backend and migrating
all algorithms to it, per Herbert's advice (patch [02/19] - [12/19]).
Clean up various smaller issues that caught my eye in ecdsa
(patch [01/19] and [14/19]), ecrdsa (patch [19/19]) and
ASN.1 headers (patch [13/19]).
I've also accumulated various cleanups for crypto virtio on my
development branch but will leave them for another day as this
series is already nearing the "too big to review" threshold. ;)
I've run selftests on every single commit, but further testing
would be appreciated to raise the confidence.
Link to v1:
https://lore.kernel.org/all/cover.1722260176.git.lukas at wunner.de/
Changes v1 -> v2:
* [PATCH 13/19] ASN.1: Clean up include statements in public headers
* Drop "#include <linux/bug.h>" from <linux/asn1_encoder.h> (Jonathan)
* [PATCH 14/19] crypto: ecdsa - Avoid signed integer overflow on signature
decoding
* Add code comment explaining why vlen may be larger than bufsize (Stefan)
* [PATCH 15/19] crypto: ecdsa - Move X9.62 signature decoding into template
* Drop unnecessary "params", "param_len" and "algo" definitions from
ecdsa_nist_p{192,256,384,521}_tv_template[].
* Introduce and use struct ecdsa_raw_sig in <crypto/internal/ecc.h>.
* [PATCH 18/19] crypto: ecdsa - Support P1363 signature decoding
* Drop unnecessary "params", "param_len" and "algo" definitions from
p1363_ecdsa_nist_p256_tv_template[].
Lukas Wunner (19):
crypto: ecdsa - Drop unused test vector elements
crypto: sig - Introduce sig_alg backend
crypto: ecdsa - Migrate to sig_alg backend
crypto: ecrdsa - Migrate to sig_alg backend
crypto: rsa-pkcs1pad - Deduplicate set_{pub,priv}_key callbacks
crypto: rsassa-pkcs1 - Migrate to sig_alg backend
crypto: rsassa-pkcs1 - Harden digest length verification
crypto: rsassa-pkcs1 - Avoid copying hash prefix
crypto: virtio - Drop sign/verify operations
crypto: drivers - Drop sign/verify operations
crypto: akcipher - Drop sign/verify operations
crypto: sig - Move crypto_sig_*() API calls to include file
ASN.1: Clean up include statements in public headers
crypto: ecdsa - Avoid signed integer overflow on signature decoding
crypto: ecdsa - Move X9.62 signature decoding into template
crypto: sig - Rename crypto_sig_maxsize() to crypto_sig_keysize()
crypto: ecdsa - Move X9.62 signature size calculation into template
crypto: ecdsa - Support P1363 signature decoding
crypto: ecrdsa - Fix signature size calculation
Documentation/crypto/api-akcipher.rst | 2 +-
Documentation/crypto/api-sig.rst | 15 +
Documentation/crypto/api.rst | 1 +
Documentation/crypto/architecture.rst | 2 +
crypto/Kconfig | 5 +-
crypto/Makefile | 5 +-
crypto/akcipher.c | 64 +-
crypto/asymmetric_keys/public_key.c | 58 +-
crypto/ecdsa-p1363.c | 159 ++++
crypto/ecdsa-x962.c | 237 +++++
crypto/ecdsa.c | 209 ++---
crypto/ecrdsa.c | 64 +-
crypto/internal.h | 19 -
crypto/rsa-pkcs1pad.c | 371 +-------
crypto/rsa.c | 17 +-
crypto/rsassa-pkcs1.c | 442 +++++++++
crypto/sig.c | 143 +--
crypto/testmgr.c | 320 +++++--
crypto/testmgr.h | 884 +++++++++++++++---
drivers/crypto/aspeed/aspeed-acry.c | 2 -
drivers/crypto/hisilicon/hpre/hpre_crypto.c | 2 -
drivers/crypto/starfive/jh7110-rsa.c | 2 -
.../virtio/virtio_crypto_akcipher_algs.c | 65 +-
include/crypto/akcipher.h | 69 +-
include/crypto/internal/akcipher.h | 4 +-
include/crypto/internal/ecc.h | 14 +
include/crypto/internal/rsa.h | 29 +
include/crypto/internal/sig.h | 80 ++
include/crypto/sig.h | 152 ++-
include/linux/asn1_decoder.h | 1 +
include/linux/asn1_encoder.h | 1 -
include/linux/slab.h | 1 +
include/uapi/linux/cryptouser.h | 5 +
include/uapi/linux/virtio_crypto.h | 1 +
security/integrity/ima/ima_main.c | 6 +-
35 files changed, 2398 insertions(+), 1053 deletions(-)
create mode 100644 Documentation/crypto/api-sig.rst
create mode 100644 crypto/ecdsa-p1363.c
create mode 100644 crypto/ecdsa-x962.c
create mode 100644 crypto/rsassa-pkcs1.c
--
2.43.0
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v2 10/19] crypto: drivers - Drop sign/verify operations
2024-09-10 14:30 [PATCH v2 00/19] Migrate to sig_alg and templatize ecdsa Lukas Wunner
@ 2024-09-10 14:30 ` Lukas Wunner
2024-10-01 9:17 ` [PATCH v2 00/19] Migrate to sig_alg and templatize ecdsa Lukas Wunner
2024-10-05 5:27 ` Herbert Xu
2 siblings, 0 replies; 4+ messages in thread
From: Lukas Wunner @ 2024-09-10 14:30 UTC (permalink / raw)
To: linux-aspeed
The drivers aspeed-acry.c, hpre_crypto.c and jh7110-rsa.c purport to
implement sign/verify operations for raw (unpadded) "rsa".
But there is no such thing as message digests generally need to be
padded according to a predefined scheme (such as PSS or PKCS#1) to
match the size of the usually much larger RSA keys.
The bogus sign/verify operations defined by these drivers are never
called but block removal of sign/verify from akcipher_alg. Drop them.
Signed-off-by: Lukas Wunner <lukas@wunner.de>
---
drivers/crypto/aspeed/aspeed-acry.c | 2 --
drivers/crypto/hisilicon/hpre/hpre_crypto.c | 2 --
drivers/crypto/starfive/jh7110-rsa.c | 2 --
3 files changed, 6 deletions(-)
diff --git a/drivers/crypto/aspeed/aspeed-acry.c b/drivers/crypto/aspeed/aspeed-acry.c
index b4613bd4ad96..7a1e153733e1 100644
--- a/drivers/crypto/aspeed/aspeed-acry.c
+++ b/drivers/crypto/aspeed/aspeed-acry.c
@@ -601,8 +601,6 @@ static struct aspeed_acry_alg aspeed_acry_akcipher_algs[] = {
.akcipher.base = {
.encrypt = aspeed_acry_rsa_enc,
.decrypt = aspeed_acry_rsa_dec,
- .sign = aspeed_acry_rsa_dec,
- .verify = aspeed_acry_rsa_enc,
.set_pub_key = aspeed_acry_rsa_set_pub_key,
.set_priv_key = aspeed_acry_rsa_set_priv_key,
.max_size = aspeed_acry_rsa_max_size,
diff --git a/drivers/crypto/hisilicon/hpre/hpre_crypto.c b/drivers/crypto/hisilicon/hpre/hpre_crypto.c
index 764532a6ca82..bdd7e1df8a06 100644
--- a/drivers/crypto/hisilicon/hpre/hpre_crypto.c
+++ b/drivers/crypto/hisilicon/hpre/hpre_crypto.c
@@ -2004,8 +2004,6 @@ static void hpre_curve25519_exit_tfm(struct crypto_kpp *tfm)
}
static struct akcipher_alg rsa = {
- .sign = hpre_rsa_dec,
- .verify = hpre_rsa_enc,
.encrypt = hpre_rsa_enc,
.decrypt = hpre_rsa_dec,
.set_pub_key = hpre_rsa_setpubkey,
diff --git a/drivers/crypto/starfive/jh7110-rsa.c b/drivers/crypto/starfive/jh7110-rsa.c
index a778c4846025..d109c743f076 100644
--- a/drivers/crypto/starfive/jh7110-rsa.c
+++ b/drivers/crypto/starfive/jh7110-rsa.c
@@ -565,8 +565,6 @@ static void starfive_rsa_exit_tfm(struct crypto_akcipher *tfm)
static struct akcipher_alg starfive_rsa = {
.encrypt = starfive_rsa_enc,
.decrypt = starfive_rsa_dec,
- .sign = starfive_rsa_dec,
- .verify = starfive_rsa_enc,
.set_pub_key = starfive_rsa_set_pub_key,
.set_priv_key = starfive_rsa_set_priv_key,
.max_size = starfive_rsa_max_size,
--
2.43.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v2 00/19] Migrate to sig_alg and templatize ecdsa
2024-09-10 14:30 [PATCH v2 00/19] Migrate to sig_alg and templatize ecdsa Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 10/19] crypto: drivers - Drop sign/verify operations Lukas Wunner
@ 2024-10-01 9:17 ` Lukas Wunner
2024-10-05 5:27 ` Herbert Xu
2 siblings, 0 replies; 4+ messages in thread
From: Lukas Wunner @ 2024-10-01 9:17 UTC (permalink / raw)
To: linux-aspeed
Hi Herbert,
On Tue, Sep 10, 2024 at 04:30:10PM +0200, Lukas Wunner wrote:
> The original impetus of this series is to introduce P1363 signature
> decoding for ecdsa (patch [18/19]), which is needed by the upcoming
> SPDM library (Security Protocol and Data Model) for PCI device
> authentication.
>
> To facilitate that, move X9.62 signature decoding out of ecdsa.c and
> into a template (patch [15/19]).
>
> New in v2: Move the maximum signature size calculations for ecdsa
> out of software_key_query() and into the X9.62 template so that
> corresponding calculations can be added for P1363 without further
> cluttering up software_key_query() (patch [16/19] - [17/19]).
>
> New in v2: Avoid inefficient copying from kernel buffers to sglists
> in the new templates by introducing a sig_alg backend and migrating
> all algorithms to it, per Herbert's advice (patch [02/19] - [12/19]).
>
> Clean up various smaller issues that caught my eye in ecdsa
> (patch [01/19] and [14/19]), ecrdsa (patch [19/19]) and
> ASN.1 headers (patch [13/19]).
This series was submitted at the tail end of the v6.11 cycle.
It still applies cleanly to v6.12-rc1 though, so I'm not sure
whether to resubmit.
Is there anything you want me to change?
Thanks!
Lukas
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v2 00/19] Migrate to sig_alg and templatize ecdsa
2024-09-10 14:30 [PATCH v2 00/19] Migrate to sig_alg and templatize ecdsa Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 10/19] crypto: drivers - Drop sign/verify operations Lukas Wunner
2024-10-01 9:17 ` [PATCH v2 00/19] Migrate to sig_alg and templatize ecdsa Lukas Wunner
@ 2024-10-05 5:27 ` Herbert Xu
2 siblings, 0 replies; 4+ messages in thread
From: Herbert Xu @ 2024-10-05 5:27 UTC (permalink / raw)
To: linux-aspeed
On Tue, Sep 10, 2024 at 04:30:10PM +0200, Lukas Wunner wrote:
> The original impetus of this series is to introduce P1363 signature
> decoding for ecdsa (patch [18/19]), which is needed by the upcoming
> SPDM library (Security Protocol and Data Model) for PCI device
> authentication.
>
> To facilitate that, move X9.62 signature decoding out of ecdsa.c and
> into a template (patch [15/19]).
>
> New in v2: Move the maximum signature size calculations for ecdsa
> out of software_key_query() and into the X9.62 template so that
> corresponding calculations can be added for P1363 without further
> cluttering up software_key_query() (patch [16/19] - [17/19]).
>
> New in v2: Avoid inefficient copying from kernel buffers to sglists
> in the new templates by introducing a sig_alg backend and migrating
> all algorithms to it, per Herbert's advice (patch [02/19] - [12/19]).
>
> Clean up various smaller issues that caught my eye in ecdsa
> (patch [01/19] and [14/19]), ecrdsa (patch [19/19]) and
> ASN.1 headers (patch [13/19]).
>
> I've also accumulated various cleanups for crypto virtio on my
> development branch but will leave them for another day as this
> series is already nearing the "too big to review" threshold. ;)
>
> I've run selftests on every single commit, but further testing
> would be appreciated to raise the confidence.
>
>
> Link to v1:
>
> https://lore.kernel.org/all/cover.1722260176.git.lukas at wunner.de/
>
> Changes v1 -> v2:
>
> * [PATCH 13/19] ASN.1: Clean up include statements in public headers
> * Drop "#include <linux/bug.h>" from <linux/asn1_encoder.h> (Jonathan)
>
> * [PATCH 14/19] crypto: ecdsa - Avoid signed integer overflow on signature
> decoding
> * Add code comment explaining why vlen may be larger than bufsize (Stefan)
>
> * [PATCH 15/19] crypto: ecdsa - Move X9.62 signature decoding into template
> * Drop unnecessary "params", "param_len" and "algo" definitions from
> ecdsa_nist_p{192,256,384,521}_tv_template[].
> * Introduce and use struct ecdsa_raw_sig in <crypto/internal/ecc.h>.
>
> * [PATCH 18/19] crypto: ecdsa - Support P1363 signature decoding
> * Drop unnecessary "params", "param_len" and "algo" definitions from
> p1363_ecdsa_nist_p256_tv_template[].
>
>
> Lukas Wunner (19):
> crypto: ecdsa - Drop unused test vector elements
> crypto: sig - Introduce sig_alg backend
> crypto: ecdsa - Migrate to sig_alg backend
> crypto: ecrdsa - Migrate to sig_alg backend
> crypto: rsa-pkcs1pad - Deduplicate set_{pub,priv}_key callbacks
> crypto: rsassa-pkcs1 - Migrate to sig_alg backend
> crypto: rsassa-pkcs1 - Harden digest length verification
> crypto: rsassa-pkcs1 - Avoid copying hash prefix
> crypto: virtio - Drop sign/verify operations
> crypto: drivers - Drop sign/verify operations
> crypto: akcipher - Drop sign/verify operations
> crypto: sig - Move crypto_sig_*() API calls to include file
> ASN.1: Clean up include statements in public headers
> crypto: ecdsa - Avoid signed integer overflow on signature decoding
> crypto: ecdsa - Move X9.62 signature decoding into template
> crypto: sig - Rename crypto_sig_maxsize() to crypto_sig_keysize()
> crypto: ecdsa - Move X9.62 signature size calculation into template
> crypto: ecdsa - Support P1363 signature decoding
> crypto: ecrdsa - Fix signature size calculation
>
> Documentation/crypto/api-akcipher.rst | 2 +-
> Documentation/crypto/api-sig.rst | 15 +
> Documentation/crypto/api.rst | 1 +
> Documentation/crypto/architecture.rst | 2 +
> crypto/Kconfig | 5 +-
> crypto/Makefile | 5 +-
> crypto/akcipher.c | 64 +-
> crypto/asymmetric_keys/public_key.c | 58 +-
> crypto/ecdsa-p1363.c | 159 ++++
> crypto/ecdsa-x962.c | 237 +++++
> crypto/ecdsa.c | 209 ++---
> crypto/ecrdsa.c | 64 +-
> crypto/internal.h | 19 -
> crypto/rsa-pkcs1pad.c | 371 +-------
> crypto/rsa.c | 17 +-
> crypto/rsassa-pkcs1.c | 442 +++++++++
> crypto/sig.c | 143 +--
> crypto/testmgr.c | 320 +++++--
> crypto/testmgr.h | 884 +++++++++++++++---
> drivers/crypto/aspeed/aspeed-acry.c | 2 -
> drivers/crypto/hisilicon/hpre/hpre_crypto.c | 2 -
> drivers/crypto/starfive/jh7110-rsa.c | 2 -
> .../virtio/virtio_crypto_akcipher_algs.c | 65 +-
> include/crypto/akcipher.h | 69 +-
> include/crypto/internal/akcipher.h | 4 +-
> include/crypto/internal/ecc.h | 14 +
> include/crypto/internal/rsa.h | 29 +
> include/crypto/internal/sig.h | 80 ++
> include/crypto/sig.h | 152 ++-
> include/linux/asn1_decoder.h | 1 +
> include/linux/asn1_encoder.h | 1 -
> include/linux/slab.h | 1 +
> include/uapi/linux/cryptouser.h | 5 +
> include/uapi/linux/virtio_crypto.h | 1 +
> security/integrity/ima/ima_main.c | 6 +-
> 35 files changed, 2398 insertions(+), 1053 deletions(-)
> create mode 100644 Documentation/crypto/api-sig.rst
> create mode 100644 crypto/ecdsa-p1363.c
> create mode 100644 crypto/ecdsa-x962.c
> create mode 100644 crypto/rsassa-pkcs1.c
>
> --
> 2.43.0
All applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-10-05 5:27 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-09-10 14:30 [PATCH v2 00/19] Migrate to sig_alg and templatize ecdsa Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 10/19] crypto: drivers - Drop sign/verify operations Lukas Wunner
2024-10-01 9:17 ` [PATCH v2 00/19] Migrate to sig_alg and templatize ecdsa Lukas Wunner
2024-10-05 5:27 ` Herbert Xu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).