Re: [PATCH] Introduce OSCCA certificate and SM2 asymmetric algorithm

[Tianjia Zhang <tianjia.zhang@linux.alibaba.com>]

On 2020/2/16 16:59, Tianjia Zhang wrote:
> Hello all,
> 
> This new module implement the OSCCA certificate and SM2 public key
> algorithm. It was published by State Encryption Management Bureau, China.
> List of specifications for OSCCA certificate and SM2 elliptic curve
> public key cryptography:
> 
> * GM/T 0003.1-2012
> * GM/T 0003.2-2012
> * GM/T 0003.3-2012
> * GM/T 0003.4-2012
> * GM/T 0003.5-2012
> * GM/T 0015-2012
> * GM/T 0009-2012
> 
> IETF: https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
> oscca: http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
> scctc: http://www.gmbz.org.cn/main/bzlb.html
> 
> These patchs add the OID object identifier defined by OSCCA. The
> x509 certificate supports sm2-with-sm3 type certificate parsing
> and verification.
> 
> The sm2 algorithm is based on libgcrypt's mpi implementation, and has
> made some additions to the kernel's original mpi library, and added the
> implementation of ec to better support elliptic curve-like algorithms.
> 
> sm2 has good support in both openssl and gnupg projects, and sm3 and sm4
> of the OSCCA algorithm family have also been implemented in the kernel.
> 
> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
> 
> Thanks,
> Tianjia
> 

Hello all,

This is the review request.

The OSCCA certificate and related algorithms used to verify the 
certificate are newly introduced. Among them, sm3 and sm4 have been well 
implemented in the kernel. This group of patches has newly introduced sm2.
In order to implement sm2 more perfectly, I expanded the mpi library and 
introduced the ec implementation of the mpi library as the basic 
algorithm. Compared to the kernel's crypto/ecc.c, the implementation of 
mpi/ec.c is more complete and elegant, sm2 is implemented based on these 
algorithms.
At this point, the kernel can parse and verify sm2-with-sm3 certificates 
normally.

Thanks,
Tianjia