From: Lukas Wunner <lukas@wunner.de>
To: Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
Stefan Berger <stefanb@linux.ibm.com>
Cc: David Howells <dhowells@redhat.com>,
Vitaly Chikunov <vt@altlinux.org>,
Tadeusz Struk <tstruk@gigaio.com>,
Andrew Zaborowski <andrew.zaborowski@intel.com>,
Saulo Alessandre <saulo.alessandre@tse.jus.br>,
Jonathan Cameron <Jonathan.Cameron@huawei.com>,
linux-crypto@vger.kernel.org, keyrings@vger.kernel.org
Subject: [PATCH 0/5] Templatize ecdsa signature decoding
Date: Mon, 29 Jul 2024 15:46:00 +0200 [thread overview]
Message-ID: <cover.1722260176.git.lukas@wunner.de> (raw)
Move X9.62 signature decoding out of the ecdsa driver and into a
template (patch [4/5]).
This allows introduction of P1363 signature decoding as another
template (patch [5/5]), which is needed by the upcoming SPDM library
(Security Protocol and Data Model) for PCI device authentication.
Drop usage of sglists for signature verification and use kernel
buffers instead (patch [2/5]) to avoid the overhead of extracting
from sglists into kernel buffers both in the templates and in the
ecdsa driver. This builds on Herbert's elimination of sglists
from the akcipher API with commit 63ba4d67594a ("KEYS: asymmetric:
Use new crypto interface without scatterlists").
I realize that P1363 support (patch [5/5]) might not be acceptable
standalone, but I'm hoping to get an ack for it so that I may
upstream the patch as part of PCI device authentication.
Patches [1/5] to [4/5] will hopefully be acceptable standalone.
Note that I've duplicated the ecdsa test vectors in their entirety
in patch [4/5]. If that is considered overzealous, I can reduce
them to one or a few for testing the "raw" internal encoding.
In patch [5/5] I've included just a single test vector for P1363.
I can add more if desired.
Link to Herbert's suggestion to use templates for X9.62 and P1363:
https://lore.kernel.org/all/ZoHXyGwRzVvYkcTP@gondor.apana.org.au/
Link to PCI device authentication v2 patches:
https://lore.kernel.org/all/cover.1719771133.git.lukas@wunner.de/
Please review and test -- thank you!
Lukas Wunner (5):
ASN.1: Add missing include <linux/types.h>
crypto: akcipher - Drop usage of sglists for verify op
crypto: ecdsa - Avoid signed integer overflow on signature decoding
crypto: ecdsa - Move X9.62 signature decoding into template
crypto: ecdsa - Support P1363 signature decoding
crypto/Makefile | 4 +-
crypto/akcipher.c | 11 +-
crypto/asymmetric_keys/public_key.c | 43 +-
crypto/ecdsa-p1363.c | 155 +++++
crypto/ecdsa-x962.c | 211 +++++++
crypto/ecdsa.c | 122 ++--
crypto/ecrdsa.c | 28 +-
crypto/rsa-pkcs1pad.c | 27 +-
crypto/sig.c | 24 +-
crypto/testmgr.c | 57 +-
crypto/testmgr.h | 847 +++++++++++++++++++++++++++-
include/crypto/akcipher.h | 53 +-
include/crypto/internal/ecc.h | 2 +
include/linux/asn1_decoder.h | 1 +
14 files changed, 1391 insertions(+), 194 deletions(-)
create mode 100644 crypto/ecdsa-p1363.c
create mode 100644 crypto/ecdsa-x962.c
--
2.43.0
next reply other threads:[~2024-07-29 13:54 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-29 13:46 Lukas Wunner [this message]
2024-07-29 13:47 ` [PATCH 1/5] ASN.1: Add missing include <linux/types.h> Lukas Wunner
2024-07-30 13:50 ` Stefan Berger
2024-08-01 14:42 ` Jonathan Cameron
2024-07-29 13:48 ` [PATCH 2/5] crypto: akcipher - Drop usage of sglists for verify op Lukas Wunner
2024-08-01 16:02 ` Jonathan Cameron
2024-08-02 21:40 ` Lukas Wunner
2024-08-06 5:55 ` Herbert Xu
2024-08-06 8:32 ` Lukas Wunner
2024-08-06 8:58 ` Herbert Xu
2024-08-22 12:25 ` Lukas Wunner
2024-09-06 6:59 ` Herbert Xu
2024-07-29 13:49 ` [PATCH 3/5] crypto: ecdsa - Avoid signed integer overflow on signature decoding Lukas Wunner
2024-07-30 13:50 ` Stefan Berger
2024-08-01 16:12 ` Jonathan Cameron
2024-07-29 13:50 ` [PATCH 4/5] crypto: ecdsa - Move X9.62 signature decoding into template Lukas Wunner
2024-08-01 16:58 ` Jonathan Cameron
2024-08-03 10:13 ` Lukas Wunner
2024-07-29 13:51 ` [PATCH 5/5] crypto: ecdsa - Support P1363 signature decoding Lukas Wunner
2024-08-01 17:06 ` Jonathan Cameron
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1722260176.git.lukas@wunner.de \
--to=lukas@wunner.de \
--cc=Jonathan.Cameron@huawei.com \
--cc=andrew.zaborowski@intel.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=saulo.alessandre@tse.jus.br \
--cc=stefanb@linux.ibm.com \
--cc=tstruk@gigaio.com \
--cc=vt@altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).