On 10/23/2017 08:38 AM, Jarkko Sakkinen wrote:
The reasoning is simple and obvious. Since every call site passes the
value TPM_ANY_NUM (0x) the parameter does not have right to exist.
Refined the documentation of the corresponding functions.
Signed-off-by: Jarkko Sakkinen
---
drivers/char
From: Stefan Berger
Detect whether a key is a sm2 type of key by its OID in the parameters
array.
Signed-off-by: Stefan Berger
---
crypto/asymmetric_keys/x509_cert_parser.c | 27 +--
1 file changed, 15 insertions(+), 12 deletions(-)
diff --git a/crypto/asymmetric_keys
From: Stefan Berger
This series of patches adds support for x509 certificates signed by a CA
that uses NIST p256 or p192 keys for signing. It also adds support for
certificates where the public key is a NIST p256 or p192 key. The math
for ECDSA signature verification is also added.
Since self
From: Stefan Berger
This patch adds support for parsing of x509 certificates that contain
NIST P256 keys that have been signed by a CA using any of the current SHA
hash algorithms. Since self-signed certificates are verified, the ecc math
for signature verification is also added.
Signed-off-by
From: Stefan Berger
This patch adds support for parsing of x509 certificates that contain
NIST P256 keys that have been signed by a CA using any of the current SHA
hash algorithms. Since self-signed certificates are verified, the ecc math
for signature verification is also added.
Signed-off-by
From: Stefan Berger
This patch adds support for parsing of x509 certificates that contain
NIST P256 keys that have been signed by a CA using any of the current SHA
hash algorithms. Since self-signed certificates are verified, the ecc math
for signature verification is also added.
Signed-off-by
From: Stefan Berger
Detect whether a key is an sm2 type of key by its OID in the parameters
array rather than assuming that everything under OID_id_ecPublicKey
is sm2, which is not the case.
Signed-off-by: Stefan Berger
---
crypto/asymmetric_keys/x509_cert_parser.c | 13 -
1 file
From: Stefan Berger
Add support for NIST p192 keys in x509 certificates and support it in
'akcipher'.
Signed-off-by: Stefan Berger
---
crypto/asymmetric_keys/public_key.c | 3 ++
crypto/asymmetric_keys/x509_cert_parser.c | 1 +
crypto/ecc.c
From: Stefan Berger
This series of patches adds support for x509 certificates signed by a CA
that uses NIST p256 or p192 keys for signing. It also adds support for
certificates where the public key is a NIST p256 or p192 key. The math
for ECDSA signature verification is also added.
Since self
From: Stefan Berger
This series of patches adds support for x509 certificates signed by a CA
that uses NIST p256 or p192 keys for signing. It also adds support for
certificates where the public key is a NIST p256 or p192 key. The math
for ECDSA signature verification is also added.
Since self
From: Stefan Berger
Add support for NIST p192 keys in x509 certificates and support it in
'akcipher'.
Signed-off-by: Stefan Berger
---
crypto/asymmetric_keys/public_key.c | 3 ++
crypto/asymmetric_keys/x509_cert_parser.c | 1 +
crypto/ecc.c
From: Stefan Berger
Detect whether a key is an sm2 type of key by its OID in the parameters
array rather than assuming that everything under OID_id_ecPublicKey
is sm2, which is not the case.
Signed-off-by: Stefan Berger
---
crypto/asymmetric_keys/x509_cert_parser.c | 13 -
1 file
From: Stefan Berger
Add support for NIST p192 keys in x509 certificates and support it in
'akcipher'.
Signed-off-by: Stefan Berger
---
crypto/asymmetric_keys/public_key.c | 3 ++
crypto/asymmetric_keys/x509_cert_parser.c | 1 +
crypto/ecc.c
On 1/27/21 2:31 PM, Herbert Xu wrote:
On Wed, Jan 27, 2021 at 07:33:49AM -0500, Stefan Berger wrote:
+static struct akcipher_alg ecc_nist_p256 = {
+ .verify = ecdsa_verify,
+ .set_pub_key = ecc_set_pub_key,
+ .max_size = ecc_nist_p256_max_size,
+ .init
On 1/27/21 11:12 AM, Nym Seddon wrote:
Hi Stefan,
In the recommendations from SafeCurves (https://safecurves.cr.yp.to/twist.html)
there are a number of attacks against ECC twists. Two of those attacks are
relevant against NIST P192: invalid-curve attacks and invalid-curve attacks
against ladd
From: Stefan Berger
Detect whether a key is an sm2 type of key by its OID in the parameters
array rather than assuming that everything under OID_id_ecPublicKey
is sm2, which is not the case.
Signed-off-by: Stefan Berger
Cc: David Howells
Cc: keyri...@vger.kernel.org
---
crypto
From: Stefan Berger
This patch adds support for parsing of x509 certificates that contain
ECDSA keys, such as NIST P256, that have been signed by a CA using any
of the current SHA hash algorithms.
Signed-off-by: Stefan Berger
Cc: David Howells
Cc: keyri...@vger.kernel.org
---
crypto
From: Stefan Berger
This series of patches adds support for x509 certificates signed by a CA
that uses NIST p256 or p192 keys for signing. It also adds support for
certificates where the public key is a NIST p256 or p192 key. The math
for ECDSA signature verification is also added.
Since self
From: Stefan Berger
Add support for parsing the parameters of a NIST P256 or NIST P192 key.
Enable signature verification using these keys.
Signed-off-by: Stefan Berger
Cc: Herbert Xu
Cc: "David S. Miller"
Cc: linux-crypto@vger.kernel.org
---
crypto/Makefile| 9
On 1/28/21 4:19 AM, David Howells wrote:
This (sub)set is intended to go through the keyrings tree or is it all going
through the crypto tree now?
Patch 1/3 should go through 'crypto', the other ones through 'keyrings'.
Stefan
David
On 1/28/21 8:54 AM, David Howells wrote:
Stefan Berger wrote:
This (sub)set is intended to go through the keyrings tree or is it all going
through the crypto tree now?
Patch 1/3 should go through 'crypto', the other ones through 'keyrings'.
Do 2 & 3 depend on 1?
On 1/28/21 5:30 AM, Ard Biesheuvel wrote:
On Thu, 28 Jan 2021 at 06:04, Herbert Xu wrote:
On Fri, Jan 22, 2021 at 03:09:52PM +0800, Meng Yu wrote:
1. Add ecc curves(P224, P384, P521) for ECDH;
OK I think this is getting unwieldy.
In light of the fact that we already have hardware that suppor
On 1/30/21 4:26 PM, Jarkko Sakkinen wrote:
On Wed, 2021-01-27 at 07:33 -0500, Stefan Berger wrote:
From: Stefan Berger
Detect whether a key is an sm2 type of key by its OID in the parameters
array rather than assuming that everything under OID_id_ecPublicKey
is sm2, which is not the case
->v2:
- using faster vli_sub rather than newly added vli_mod_fast to 'reduce'
result
- rearranged switch statements to follow after RSA
- 3rd patch from 1st posting is now 1st patch
Stefan Berger (4):
crypto: Add support for ECDSA signature verification
x509: Detect sm
This patch adds support for parsing of x509 certificates that contain
ECDSA keys, such as NIST P256, that have been signed by a CA using any
of the current SHA hash algorithms.
Signed-off-by: Stefan Berger
Cc: David Howells
Cc: keyri...@vger.kernel.org
---
crypto/asymmetric_keys/public_key.c
Detect whether a key is an sm2 type of key by its OID in the parameters
array rather than assuming that everything under OID_id_ecPublicKey
is sm2, which is not the case.
Signed-off-by: Stefan Berger
Cc: David Howells
Cc: keyri...@vger.kernel.org
---
crypto/asymmetric_keys/x509_cert_parser.c
type to be driven by the key's signature scheme rather
than by the hash type.
Signed-off-by: Stefan Berger
Reviewed-by: Vitaly Chikunov
Cc: Mimi Zohar
Cc: Dmitry Kasatkin
Cc: linux-integr...@vger.kernel.org
Cc: Vitaly Chikunov
Cc: Tianjia Zhang
Cc: David Howells
Cc: keyri...@vger.kerne
verification
is implemented.
Signed-off-by: Stefan Berger
Cc: Herbert Xu
Cc: "David S. Miller"
Cc: linux-crypto@vger.kernel.org
---
crypto/Kconfig | 10 +
crypto/Makefile| 6 +
crypto/ecc.c | 13 +-
crypto/ecc.h | 28 +++
cryp
On 2/1/21 5:39 AM, Tianjia Zhang wrote:
index f7ad43f28579..508e0b34b5f0 100644
--- a/lib/oid_registry.c
+++ b/lib/oid_registry.c
@@ -11,6 +11,7 @@
#include
#include
#include
+#include
#include "oid_registry_data.c"
MODULE_DESCRIPTION("OID Registry");
@@ -92,6 +93,18 @@ enum OID
On 2/1/21 2:24 AM, yumeng wrote:
在 2021/2/1 7:32, Stefan Berger 写道:
+/**
+ * ecc_get_curve() - Get a curve given its curve_id
+ *
+ * @curve_id: Id of the curve
+ *
+ * Returns pointer to the curve data, NULL if curve is not available
+ */
+const struct ecc_curve *ecc_get_curve(unsigned int
On 2/1/21 8:23 AM, David Howells wrote:
Stefan Berger wrote:
From: Stefan Berger
Detect whether a key is an sm2 type of key by its OID in the parameters
array rather than assuming that everything under OID_id_ecPublicKey
is sm2, which is not the case.
Signed-off-by: Stefan Berger
Cc
Detect whether a key is an sm2 type of key by its OID in the parameters
array rather than assuming that everything under OID_id_ecPublicKey
is sm2, which is not the case.
Signed-off-by: Stefan Berger
Reviewed-by: Tianjia Zhang
Cc: David Howells
Cc: keyri...@vger.kernel.org
---
crypto
ed curve from digits in parsed key
v2->v3:
- patch 2 now includes linux/scatterlist.h
v1->v2:
- using faster vli_sub rather than newly added vli_mod_fast to 'reduce'
result
- rearranged switch statements to follow after RSA
- 3rd patch from 1st posting is now 1st patch
verification
is implemented.
Signed-off-by: Stefan Berger
Cc: Herbert Xu
Cc: "David S. Miller"
Cc: linux-crypto@vger.kernel.org
---
crypto/Kconfig | 10 +
crypto/Makefile | 6 +
crypto/ecc.c | 13 +-
crypto/ecc.h | 28 +
type to be driven by the key's signature scheme rather
than by the hash type.
Signed-off-by: Stefan Berger
Reviewed-by: Vitaly Chikunov
Reviewed-by: Tianjia Zhang
Cc: Mimi Zohar
Cc: Dmitry Kasatkin
Cc: linux-integr...@vger.kernel.org
Cc: Vitaly Chikunov
Cc: Tianjia Zhang
Cc: David Ho
This patch adds support for parsing of x509 certificates that contain
ECDSA keys, such as NIST P256, that have been signed by a CA using any
of the current SHA hash algorithms.
Signed-off-by: Stefan Berger
Cc: David Howells
Cc: keyri...@vger.kernel.org
---
crypto/asymmetric_keys/public_key.c
On 2/1/21 11:13 AM, David Howells wrote:
Stefan Berger wrote:
v6->v7:
- Moved some OID defintions to patch 1 for bisectability
- Applied R-b's
But I can't now apply 2-4 without patch 1.
Two possible solutions:
1) the whole series goes through the crypto tree
2) I
On 2/1/21 11:36 AM, David Howells wrote:
Stefan Berger wrote:
1) the whole series goes through the crypto tree
2) I make the OIDs addition patch 1 that both keyrings and crypto take
separately?
The first might be easiest, but 2 is okay also. You'll just need to give
myself and He
On 2/4/21 12:27 AM, Herbert Xu wrote:
On Mon, Feb 01, 2021 at 10:19:07AM -0500, Stefan Berger wrote:
Add support for parsing the parameters of a NIST P256 or NIST P192 key.
Enable signature verification using these keys. The new module is
enabled with CONFIG_ECDSA:
Elliptic Curve Digital
On 2/11/21 3:03 AM, kernel test robot wrote:
Hi Stefan,
Thank you for the patch! Yet something to improve:
crypto/asymmetric_keys/public_key.c:97: undefined reference to `parse_OID'
So the issue is that only ASYMMETRIC_PUBLIC_KEY_SUBTYPE is selected in
this config and the selection of OID
On 2/11/21 12:30 PM, Stefan Berger wrote:
On 2/11/21 3:03 AM, kernel test robot wrote:
Hi Stefan,
Thank you for the patch! Yet something to improve:
crypto/asymmetric_keys/public_key.c:97: undefined reference to
`parse_OID'
So the issue is that only ASYMMETRIC_PUBLIC_KEY_SUBTY
Detect whether a key is an sm2 type of key by its OID in the parameters
array rather than assuming that everything under OID_id_ecPublicKey
is sm2, which is not the case.
Cc: David Howells
Cc: keyri...@vger.kernel.org
Signed-off-by: Stefan Berger
Reviewed-by: Tianjia Zhang
---
crypto
curve from digits in parsed key
v2->v3:
- patch 2 now includes linux/scatterlist.h
v1->v2:
- using faster vli_sub rather than newly added vli_mod_fast to 'reduce'
result
- rearranged switch statements to follow after RSA
- 3rd patch from 1st posting is now 1st patch
Stef
type to be driven by the key's signature scheme rather
than by the hash type.
Cc: Dmitry Kasatkin
Cc: linux-integr...@vger.kernel.org
Cc: David Howells
Cc: keyri...@vger.kernel.org
Signed-off-by: Stefan Berger
Reviewed-by: Vitaly Chikunov
Reviewed-by: Tianjia Zhang
Acked-by: Mimi
This patch adds support for parsing of x509 certificates that contain
ECDSA keys, such as NIST P256, that have been signed by a CA using any
of the current SHA hash algorithms.
Cc: David Howells
Cc: keyri...@vger.kernel.org
Signed-off-by: Stefan Berger
---
v7->v8:
- do not detect key a
verification
is implemented.
Cc: Herbert Xu
Cc: "David S. Miller"
Cc: linux-crypto@vger.kernel.org
Signed-off-by: Stefan Berger
Acked-by: Jarkko Sakkinen
---
crypto/Kconfig | 10 +
crypto/Makefile | 6 +
crypto/ecc.c | 13 +-
cr
On 2/19/21 1:57 PM, Saulo Alessandre wrote:
From: Saulo Alessandre
* crypto/ecdsa.c
- add ecdsa_nist_p384_init_tfm
- register and unregister p384 tfm
* crypto/testmgr.c
- add test vector for p384 on vector of tests
* crypto/testmgr.h
- add test vector params for p384(sha1, sha224,
On 2/19/21 1:57 PM, Saulo Alessandre wrote:
From: Saulo Alessandre
* crypto/ecc.c
- change ecc_get_curve to accept nist_p384
- add vli_mmod_fast_384
- change some routines to pass ecc_curve forward until vli_mmod_fast
* crypto/ecc.h
- add ECC_CURVE_NIST_P384_DIGITS
- change ECC_
On 2/19/21 1:57 PM, Saulo Alessandre wrote:
From: Saulo Alessandre
* crypto/asymmetric_keys/x509_cert_parser.c
- prepare x509 parser to load nist_secpp384r1
* crypto/ecc_curve_defs.h
- add nist_p384 params
* include/crypto/ecdh.h
- add ECC_CURVE_NIST_P384
* include/linux/oid_registr
your patches over the weekend with my endless test tool
creating keys in user space and loading them into the kernel. It worked
fine for NIST p256 & p384. Also signing kernel modules with NIST p384 is
working fine.
So, for the series:
Tested-by: Stefan Berger
Regards,
Stefan
From: Stefan Berger
This series of patches adds support for x509 certificates signed by a CA
that uses NIST P384, P256 or P192 keys for signing. It also adds support for
certificates where the public key is one of this type of a key. The math
for ECDSA signature verification is also added as
From: Stefan Berger
This patch adds support for parsing of x509 certificates that contain
ECDSA keys, such as NIST P256, that have been signed by a CA using any
of the current SHA hash algorithms.
Cc: David Howells
Cc: keyri...@vger.kernel.org
Signed-off-by: Stefan Berger
---
v7->v8:
-
From: Stefan Berger
Detect whether a key is an sm2 type of key by its OID in the parameters
array rather than assuming that everything under OID_id_ecPublicKey
is sm2, which is not the case.
Cc: David Howells
Cc: keyri...@vger.kernel.org
Signed-off-by: Stefan Berger
Reviewed-by: Tianjia Zhang
From: Stefan Berger
Add support for IMA signature verification for EC keys. Since SHA type
of hashes can be used by RSA and ECDSA signature schemes we need to
look at the key and derive from the key which signature scheme to use.
Since this can be applied to all types of keys, we change the
From: Stefan Berger
This patch adds support for using elliptic curve keys for signing
modules. It uses a NIST P384 (secp384r1) key if the user chooses an
elliptic curve key and will have ECDSA support built into the kernel.
Note: A developer choosing an ECDSA key for signing modules has to
: Saulo Alessandre
Tested-by: Stefan Berger
---
crypto/ecdsa.c | 33 +-
crypto/testmgr.c | 6 ++
crypto/testmgr.h | 157 +++
3 files changed, 195 insertions(+), 1 deletion(-)
diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c
index 04fbb3d2abc5
From: Stefan Berger
Add support for parsing the parameters of a NIST P256 or NIST P192 key.
Enable signature verification using these keys. The new module is
enabled with CONFIG_ECDSA:
Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.)
is A NIST cryptographic standard
Alessandre
Tested-by: Stefan Berger
---
crypto/ecc.c | 268 +--
crypto/ecc.h | 3 +-
2 files changed, 196 insertions(+), 75 deletions(-)
diff --git a/crypto/ecc.c b/crypto/ecc.c
index 25e79fd70566..c125576cda6b 100644
--- a/crypto/ecc.c
+++ b/crypto
From: Saulo Alessandre
* crypto/ecc_curve_defs.h
- add nist_p384 params
* include/crypto/ecdh.h
- add ECC_CURVE_NIST_P384
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
---
crypto/ecc_curve_defs.h | 32
include/crypto/ecdh.h | 1 +
2 files
From: Saulo Alessandre
* crypto/asymmetric_keys/x509_cert_parser.c
- prepare x509 parser to load nist_secp384r1
* include/linux/oid_registry.h
- add OID_id_secp384r1
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
---
crypto/asymmetric_keys/x509_cert_parser.c | 3 +++
include
On 2/26/21 10:35 PM, yumeng wrote:
在 2021/2/26 0:08, Stefan Berger 写道:
From: Stefan Berger
diff --git a/certs/Makefile b/certs/Makefile
index 3fe6b73786fa..c487d7021c54 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -69,6 +69,18 @@ else
SIGNER = -signkey $(obj)/signing_key.key
djiX+YrNio=
Regards,
Stefan
On 2/25/21 11:07 AM, Stefan Berger wrote:
From: Stefan Berger
Detect whether a key is an sm2 type of key by its OID in the parameters
array rather than assuming that everything under OID_id_ecPublicKey
is sm2, which is not the case.
Cc: David Howells
Cc: keyri...@
On 3/4/21 12:28 AM, Herbert Xu wrote:
On Thu, Feb 25, 2021 at 11:07:59AM -0500, Stefan Berger wrote:
From: Saulo Alessandre
* crypto/ecc_curve_defs.h
- add nist_p384 params
* include/crypto/ecdh.h
- add ECC_CURVE_NIST_P384
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
From: Stefan Berger
This series of patches adds support for x509 certificates signed by a CA
that uses NIST P384, P256 or P192 keys for signing. It also adds support for
certificates where the public key is one of this type of a key. The math
for ECDSA signature verification is also added as
From: Stefan Berger
Detect whether a key is an sm2 type of key by its OID in the parameters
array rather than assuming that everything under OID_id_ecPublicKey
is sm2, which is not the case.
Cc: David Howells
Cc: keyri...@vger.kernel.org
Signed-off-by: Stefan Berger
Reviewed-by: Tianjia Zhang
From: Stefan Berger
This patch adds support for parsing of x509 certificates that contain
ECDSA keys, such as NIST P256, that have been signed by a CA using any
of the current SHA hash algorithms.
Cc: David Howells
Cc: keyri...@vger.kernel.org
Signed-off-by: Stefan Berger
---
v7->v8:
-
From: Stefan Berger
Add support for IMA signature verification for EC keys. Since SHA type
of hashes can be used by RSA and ECDSA signature schemes we need to
look at the key and derive from the key which signature scheme to use.
Since this can be applied to all types of keys, we change the
From: Stefan Berger
This patch adds support for using elliptic curve keys for signing
modules. It uses a NIST P384 (secp384r1) key if the user chooses an
elliptic curve key and will have ECDSA support built into the kernel.
Note: A developer choosing an ECDSA key for signing modules has to
From: Saulo Alessandre
* crypto/ecc_curve_defs.h
- add nist_p384 params
* include/crypto/ecdh.h
- add ECC_CURVE_NIST_P384
* crypto/ecc.c
- change ecc_get_curve to accept nist_p384
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
---
crypto/ecc.c| 2 ++
crypto
From: Stefan Berger
Add support for parsing the parameters of a NIST P256 or NIST P192 key.
Enable signature verification using these keys. The new module is
enabled with CONFIG_ECDSA:
Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.)
is A NIST cryptographic standard
From: Saulo Alessandre
* crypto/ecc.c
- add vli_mmod_fast_384
- change some routines to pass ecc_curve forward until vli_mmod_fast
* crypto/ecc.h
- add ECC_CURVE_NIST_P384_DIGITS
- change ECC_MAX_DIGITS to P384 size
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
---
crypto
From: Saulo Alessandre
* crypto/asymmetric_keys/x509_cert_parser.c
- prepare x509 parser to load nist_secp384r1
* include/linux/oid_registry.h
- add OID_id_secp384r1
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
---
crypto/asymmetric_keys/x509_cert_parser.c | 3 +++
include
: Saulo Alessandre
Tested-by: Stefan Berger
---
crypto/ecdsa.c | 33 +-
crypto/testmgr.c | 6 ++
crypto/testmgr.h | 157 +++
3 files changed, 195 insertions(+), 1 deletion(-)
diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c
index 04fbb3d2abc5
Herbert,
you can take patches 1-8. 9 will not apply without Nayna's series as
mentioned in the patch.
Regards,
Stefan
On 3/4/21 7:51 PM, Stefan Berger wrote:
From: Stefan Berger
This series of patches adds support for x509 certificates signed by a CA
that uses NIST P384, P2
On 3/5/21 2:37 AM, Tianjia Zhang wrote:
Hi,
On 3/4/21 7:46 AM, Stefan Berger wrote:
Tianjia,
can you say whether SM2 support works for you before and after
applying this patch? I cannot verify it with an sm2 key I have
created using a sequence of commands like this:
> modpr
On 3/5/21 12:16 PM, Jarkko Sakkinen wrote:
On Thu, Mar 04, 2021 at 07:51:59PM -0500, Stefan Berger wrote:
From: Stefan Berger
Detect whether a key is an sm2 type of key by its OID in the parameters
array rather than assuming that everything under OID_id_ecPublicKey
is sm2, which is not the
On 3/5/21 12:10 PM, Jarkko Sakkinen wrote:
On Thu, Mar 04, 2021 at 07:51:58PM -0500, Stefan Berger wrote:
From: Saulo Alessandre
* crypto/ecdsa.c
- add ecdsa_nist_p384_init_tfm
- register and unregister P384 tfm
* crypto/testmgr.c
- add test vector for P384 on vector of tests
* crypto/testmgr.h
- add test vector params for P384(sha1, sha224, sha256, sha384
and sha512)
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
---
crypto/ecdsa.c | 33 +-
crypto/testmgr.c | 6 ++
crypto/testmgr.h | 157 +++
3
ecc_get_curve to accept nist_p384
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
---
crypto/ecc.c| 2 ++
crypto/ecc_curve_defs.h | 32
include/crypto/ecdh.h | 1 +
3 files changed, 35 insertions(+)
diff --git a/crypto/ecc.c b/crypto
anges:
* crypto/ecc.c
- add vli_mmod_fast_384
- change some routines to pass ecc_curve forward until vli_mmod_fast
* crypto/ecc.h
- add ECC_CURVE_NIST_P384_DIGITS
- change ECC_MAX_DIGITS to P384 size
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
---
crypto/ecc.c
From: Stefan Berger
Add support for using elliptic curve keys for signing modules. It uses
a NIST P384 (secp384r1) key if the user chooses an elliptic curve key
and will have ECDSA support built into the kernel.
Note: A developer choosing an ECDSA key for signing modules has to
manually delete
From: Stefan Berger
Add support for IMA signature verification for EC keys. Since SHA type
of hashes can be used by RSA and ECDSA signature schemes we need to
look at the key and derive from the key which signature scheme to use.
Since this can be applied to all types of keys, we change the
From: Stefan Berger
Add support for parsing of x509 certificates that contain ECDSA keys,
such as NIST P256, that have been signed by a CA using any of the
current SHA hash algorithms.
Cc: David Howells
Cc: keyri...@vger.kernel.org
Signed-off-by: Stefan Berger
---
v7->v8:
- do not det
From: Stefan Berger
Add support for parsing the parameters of a NIST P256 or NIST P192 key.
Enable signature verification using these keys. The new module is
enabled with CONFIG_ECDSA:
Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.)
is A NIST cryptographic standard
From: Stefan Berger
This series of patches adds support for x509 certificates signed by a CA
that uses NIST P384, P256 or P192 keys for signing. It also adds support for
certificates where the public key is one of this type of a key. The math
for ECDSA signature verification is also added as
From: Stefan Berger
Detect whether a key is an sm2 type of key by its OID in the parameters
array rather than assuming that everything under OID_id_ecPublicKey
is sm2, which is not the case.
Cc: David Howells
Cc: keyri...@vger.kernel.org
Signed-off-by: Stefan Berger
Reviewed-by: Tianjia Zhang
From: Stefan Berger
Add OIDs for ECDSA with sha224/256/384/512.
Signed-off-by: Stefan Berger
---
include/linux/oid_registry.h | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
index 4462ed2c18cd..b504e2f36b25
- add OID_ansip384r1
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
---
v10->v11:
- renamed OID_id_secp384r1 to OID_id_ansip384r1 (spec name)
---
crypto/asymmetric_keys/x509_cert_parser.c | 3 +++
include/linux/oid_registry.h | 1 +
2 files changed, 4 insertions(+)
d
On 3/5/21 2:46 PM, Vitaly Chikunov wrote:
Jarkko,
On Fri, Mar 05, 2021 at 07:05:39PM +0200, Jarkko Sakkinen wrote:
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (c) 2021 IBM Corporation
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are pe
On 3/6/21 2:25 PM, Vitaly Chikunov wrote:
Stefan,
On Thu, Mar 04, 2021 at 07:51:57PM -0500, Stefan Berger wrote:
From: Saulo Alessandre
* crypto/ecc.c
- add vli_mmod_fast_384
- change some routines to pass ecc_curve forward until vli_mmod_fast
* crypto/ecc.h
- add
On 3/6/21 7:03 PM, Vitaly Chikunov wrote:
Stefan,
On Sat, Mar 06, 2021 at 06:29:18PM -0500, Stefan Berger wrote:
On 3/6/21 2:25 PM, Vitaly Chikunov wrote:
On Thu, Mar 04, 2021 at 07:51:57PM -0500, Stefan Berger wrote:
From: Saulo Alessandre
* crypto/ecc.c
- add vli_mmod_fast_384
On 3/5/21 3:59 PM, Stefan Berger wrote:
diff --git a/crypto/Kconfig b/crypto/Kconfig
index a367fcfeb5d4..a31df40591f5 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -247,6 +247,16 @@ config CRYPTO_ECDH
help
Generic implementation of the ECDH algorithm
@@ -70,6 +72,30
On 3/10/21 10:35 AM, Jarkko Sakkinen wrote:
On Fri, Mar 05, 2021 at 03:59:47PM -0500, Stefan Berger wrote:
From: Stefan Berger
Add OIDs for ECDSA with sha224/256/384/512.
Nit: SHA224/256/384/512 (sorry cannot help myself with these, have been
doing this way too much, consider me as a bot
Add support for parsing of x509 certificates that contain ECDSA keys,
such as NIST P256, that have been signed by a CA using any of the
current SHA hash algorithms.
Cc: David Howells
Cc: keyri...@vger.kernel.org
Signed-off-by: Stefan Berger
---
v7->v8:
- do not detect key algo us
Add OIDs for ECDSA with SHA224/256/384/512.
Signed-off-by: Stefan Berger
Acked-by: Jarkko Sakkinen
---
include/linux/oid_registry.h | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
index 4462ed2c18cd
Detect whether a key is an sm2 type of key by its OID in the parameters
array rather than assuming that everything under OID_id_ecPublicKey
is sm2, which is not the case.
Cc: David Howells
Cc: keyri...@vger.kernel.org
Signed-off-by: Stefan Berger
Reviewed-by: Tianjia Zhang
Tested-by: Tianjia
anges:
* crypto/ecc.c
- add vli_mmod_fast_384
- change some routines to pass ecc_curve forward until vli_mmod_fast
* crypto/ecc.h
- add ECC_CURVE_NIST_P384_DIGITS
- change ECC_MAX_DIGITS to P384 size
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
---
crypto/ecc.c
verification
is implemented.
Cc: Herbert Xu
Cc: "David S. Miller"
Cc: linux-crypto@vger.kernel.org
Signed-off-by: Stefan Berger
---
v10->v11:
- Split off OID definitions for ECDSA with sha224/256/384/512
- Addressed Jarkko's comments
v8->v9:
- unregister nist_p192 curv
* crypto/testmgr.h
- add test vector params for P384(sha1, sha224, sha256, sha384
and sha512)
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
Acked-by: Jarkko Sakkinen
---
crypto/ecdsa.c | 33 +-
crypto/testmgr.c | 6 ++
crypto/testmgr.h | 157
- add OID_ansip384r1
Signed-off-by: Saulo Alessandre
Tested-by: Stefan Berger
---
v10->v11:
- renamed OID_id_secp384r1 to OID_id_ansip384r1 (spec name)
---
crypto/asymmetric_keys/x509_cert_parser.c | 3 +++
include/linux/oid_registry.h | 1 +
2 files changed, 4 insertions(+)
d
1 - 100 of 112 matches
Mail list logo
