From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B73EAC43461 for ; Wed, 16 Sep 2020 08:02:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 67A0A21D90 for ; Wed, 16 Sep 2020 08:02:38 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=benyossef-com.20150623.gappssmtp.com header.i=@benyossef-com.20150623.gappssmtp.com header.b="QC/a9gxI" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726474AbgIPIBu (ORCPT ); Wed, 16 Sep 2020 04:01:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56704 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726262AbgIPIBp (ORCPT ); Wed, 16 Sep 2020 04:01:45 -0400 Received: from mail-pf1-x442.google.com (mail-pf1-x442.google.com [IPv6:2607:f8b0:4864:20::442]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2C3BAC06178A for ; Wed, 16 Sep 2020 01:01:45 -0700 (PDT) Received: by mail-pf1-x442.google.com with SMTP id k15so3475815pfc.12 for ; Wed, 16 Sep 2020 01:01:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=benyossef-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Jzms5XAy0HxBD6ul+TJwAtKpEdXIIQEvIQXmembsOLs=; b=QC/a9gxIFQcQOJO+uA+vjVshZqDN8e+LFRdyf/aIAVoxC6nt6GyZMHOWcZvoME0w87 aSe0E7xu0+ZGXIE7WrAXn//6ydaMyNBCBc+QjStY7SIQBm1YCSo7xYtzW0RFzRgNXf1f 1yLhZ0g0VuKfw3IfLpoz0voPYrp9ZPxHjaAovtMHgeQVMKX9bVGNvpS/rRgm/9pv0ToS 0V6gf+vOX7w9japVUv1/b/bs6Ze4C4xX7YFaUhdfalPVuIoiVi88/RAMDRrSVn4FyHSJ rwDYrlp4PuzT/W5NxJEjng8q7U6zQwC8KQFZCIj1QyHKdfzL3/798HNVYEbVM8c7I2Wc ZG3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Jzms5XAy0HxBD6ul+TJwAtKpEdXIIQEvIQXmembsOLs=; b=KZMDseISA9GKoCHCA3GXbrM5Hg0o2TRv/beSqsE3qqyY6mdxUUN9vt0ngjn0uV3Djh V5b4Iaf6Sf/GFV6X4upjH74QNR2pJbMGeZFXY9ReQnwWA8KKbOQaEVNPfoIztXOqkK5b mNLYur3uXzyhFz3JACNNKC+tz8MpLt/5DaDNKEDaK+RyMWHIv4DEdhsfKXK65X+lnSXQ EOHI2u6/um2KVBwf1RDf7BVAm0y6acaFl4HB8MqBVg830nLemEHj28cH6xAmJc/xTYJI saRCQRVkJI4P7FvVwglHooAW7z+UeH8wlXNm8OAf4oPjaOnbvC4Sao8D4NZBwUQMABn1 NFrw== X-Gm-Message-State: AOAM530Wq2cO0xdOKmAfz3whT+A8otqRYVmZo2CmYtmLF2OR3eC9fam9 DglBCe8u3suDbKRa7/ncIC21bUGkM7n5rz82fRJN+w== X-Google-Smtp-Source: ABdhPJwN2QFGXNPzAZFIilK1Py2rGwqQ0bbheksG8Mxx6NCNiQuM7ZG8NklYYP87LUBNlsvMF6HpPVEL1Zj6OHCa7iw= X-Received: by 2002:aa7:941a:0:b029:142:2501:35d1 with SMTP id x26-20020aa7941a0000b0290142250135d1mr5277487pfo.49.1600243304416; Wed, 16 Sep 2020 01:01:44 -0700 (PDT) MIME-Version: 1.0 References: <20200903131242.128665-1-tianjia.zhang@linux.alibaba.com> <20200903131242.128665-8-tianjia.zhang@linux.alibaba.com> <6f251e1e-42a0-7e6c-e0cd-51fba3150d17@linux.alibaba.com> In-Reply-To: <6f251e1e-42a0-7e6c-e0cd-51fba3150d17@linux.alibaba.com> From: Gilad Ben-Yossef Date: Wed, 16 Sep 2020 11:01:34 +0300 Message-ID: Subject: Re: [PATCH v6 7/8] X.509: support OSCCA sm2-with-sm3 certificate verification To: Tianjia Zhang Cc: Herbert Xu , "David S. Miller" , David Howells , Maxime Coquelin , Alexandre Torgue , James Morris , "Serge E. Hallyn" , Stephan Mueller , Marcelo Henrique Cerri , "Steven Rostedt (VMware)" , Masahiro Yamada , Brendan Higgins , Andrew Morton , Johannes Weiner , Waiman Long , Mimi Zohar , Lakshmi Ramasubramanian , Colin Ian King , Tushar Sugandhi , Vitaly Chikunov , Pascal van Leeuwen , Linux Crypto Mailing List , Linux kernel mailing list , keyrings@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com, Linux ARM , linux-security-module@vger.kernel.org, Xufeng Zhang , Jia Zhang Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Mon, Sep 14, 2020 at 9:34 AM Tianjia Zhang wrote: > > Hi Gilad, > > On 9/13/20 3:12 PM, Gilad Ben-Yossef wrote: > > Hi, > > > > > > On Thu, Sep 3, 2020 at 4:13 PM Tianjia Zhang > > wrote: > >> > >> The digital certificate format based on SM2 crypto algorithm as > >> specified in GM/T 0015-2012. It was published by State Encryption > >> Management Bureau, China. > >> > >> The method of generating Other User Information is defined as > >> ZA=3DH256(ENTLA || IDA || a || b || xG || yG || xA || yA), it also > >> specified in https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02. > >> > >> The x509 certificate supports sm2-with-sm3 type certificate > >> verification. Because certificate verification requires ZA > >> in addition to tbs data, ZA also depends on elliptic curve > >> parameters and public key data, so you need to access tbs in sig > >> and calculate ZA. Finally calculate the digest of the > >> signature and complete the verification work. The calculation > >> process of ZA is declared in specifications GM/T 0009-2012 > >> and GM/T 0003.2-2012. > >> > >> Signed-off-by: Tianjia Zhang > >> Tested-by: Xufeng Zhang > >> --- > >> crypto/asymmetric_keys/Makefile | 1 + > >> crypto/asymmetric_keys/public_key.c | 6 +++ > >> crypto/asymmetric_keys/public_key_sm2.c | 61 ++++++++++++++++++++++= ++ > >> crypto/asymmetric_keys/x509_public_key.c | 3 ++ > >> include/crypto/public_key.h | 15 ++++++ > >> 5 files changed, 86 insertions(+) > >> create mode 100644 crypto/asymmetric_keys/public_key_sm2.c > >> > >> diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/= Makefile > >> index 28b91adba2ae..1a99ea5acb6b 100644 > >> --- a/crypto/asymmetric_keys/Makefile > >> +++ b/crypto/asymmetric_keys/Makefile > >> @@ -11,6 +11,7 @@ asymmetric_keys-y :=3D \ > >> signature.o > >> > >> obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) +=3D public_key.o > >> +obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) +=3D public_key_sm2.o > >> obj-$(CONFIG_ASYMMETRIC_TPM_KEY_SUBTYPE) +=3D asym_tpm.o > >> > >> # > >> diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_k= eys/public_key.c > >> index d8410ffd7f12..1d0492098bbd 100644 > >> --- a/crypto/asymmetric_keys/public_key.c > >> +++ b/crypto/asymmetric_keys/public_key.c > >> @@ -299,6 +299,12 @@ int public_key_verify_signature(const struct publ= ic_key *pkey, > >> if (ret) > >> goto error_free_key; > >> > >> + if (strcmp(sig->pkey_algo, "sm2") =3D=3D 0 && sig->data_size) = { > >> + ret =3D cert_sig_digest_update(sig, tfm); > >> + if (ret) > >> + goto error_free_key; > >> + } > >> + > >> sg_init_table(src_sg, 2); > >> sg_set_buf(&src_sg[0], sig->s, sig->s_size); > >> sg_set_buf(&src_sg[1], sig->digest, sig->digest_size); > >> diff --git a/crypto/asymmetric_keys/public_key_sm2.c b/crypto/asymmetr= ic_keys/public_key_sm2.c > >> new file mode 100644 > >> index 000000000000..7325cf21dbb4 > >> --- /dev/null > >> +++ b/crypto/asymmetric_keys/public_key_sm2.c > >> @@ -0,0 +1,61 @@ > >> +/* SPDX-License-Identifier: GPL-2.0-or-later */ > >> +/* > >> + * asymmetric public-key algorithm for SM2-with-SM3 certificate > >> + * as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012 SM2 and > >> + * described at https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 > >> + * > >> + * Copyright (c) 2020, Alibaba Group. > >> + * Authors: Tianjia Zhang > >> + */ > >> + > >> +#include > >> +#include > >> +#include > >> + > >> +#if IS_REACHABLE(CONFIG_CRYPTO_SM2) > >> + > >> +int cert_sig_digest_update(const struct public_key_signature *sig, > >> + struct crypto_akcipher *tfm_pkey) > >> +{ > >> + struct crypto_shash *tfm; > >> + struct shash_desc *desc; > >> + size_t desc_size; > >> + unsigned char dgst[SM3_DIGEST_SIZE]; > >> + int ret; > >> + > >> + BUG_ON(!sig->data); > >> + > >> + ret =3D sm2_compute_z_digest(tfm_pkey, SM2_DEFAULT_USERID, > >> + SM2_DEFAULT_USERID_LEN, dgst); > >> + if (ret) > >> + return ret; > >> + > >> + tfm =3D crypto_alloc_shash(sig->hash_algo, 0, 0); > >> + if (IS_ERR(tfm)) > >> + return PTR_ERR(tfm); > >> + > >> + desc_size =3D crypto_shash_descsize(tfm) + sizeof(*desc); > >> + desc =3D kzalloc(desc_size, GFP_KERNEL); > >> + if (!desc) > >> + goto error_free_tfm; > >> + > >> + desc->tfm =3D tfm; > >> + > >> + ret =3D crypto_shash_init(desc); > >> + if (ret < 0) > >> + goto error_free_desc; > >> + > >> + ret =3D crypto_shash_update(desc, dgst, SM3_DIGEST_SIZE); > >> + if (ret < 0) > >> + goto error_free_desc; > >> + > >> + ret =3D crypto_shash_finup(desc, sig->data, sig->data_size, si= g->digest); > > > > It looks like you are doing a separate init, update, finup every time > > - I would consider using crypto_shash_digest() in one go. > > > > In fact, considering the fact that you are allocating a tfm just for > > this use and then releasing it, I would consider switching to > > crypto_shash_tfm_digest() and dropping the kzalloc all together. > > > > This should simplify the code a bit. > > > > Other than that I don't have anything smart to say :-) > > > > Gilad > > > > The hash calculation here includes two parts of data, 'dgst' and > 'sig->data'. The last call is 'finup()' not 'final()'. I understand that > it should not be possible to use 'crypto_shash_tfm_digest()' This kind > of function is simplified. > > If a new scope is added, the assignment of desc can be optimized, as > follows: > ``` > do { > SHASH_DESC_ON_STACK(desc, tfm); > desc->tfm =3D tfm; > > /* ... */ > } while (0); > ``` > However, the kernel code may not accept this style. What is your opinion? No, you are right. I've indeed missed that it's a finup() and not a final(). If the size of data was big enough it might have been worth going to the async. hash interface and creating a scatter list for this but I suspect it is not justified with the data sizes we are dealing with there. So: Reviewed-by: Gilad Ben-Yossef Thanks, Gilad --=20 Gilad Ben-Yossef Chief Coffee Drinker values of =CE=B2 will give rise to dom! From mboxrd@z Thu Jan 1 00:00:00 1970 From: Gilad Ben-Yossef Date: Wed, 16 Sep 2020 08:01:34 +0000 Subject: Re: [PATCH v6 7/8] X.509: support OSCCA sm2-with-sm3 certificate verification Message-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit List-Id: References: <20200903131242.128665-1-tianjia.zhang@linux.alibaba.com> <20200903131242.128665-8-tianjia.zhang@linux.alibaba.com> <6f251e1e-42a0-7e6c-e0cd-51fba3150d17@linux.alibaba.com> In-Reply-To: <6f251e1e-42a0-7e6c-e0cd-51fba3150d17@linux.alibaba.com> To: Tianjia Zhang Cc: Stephan Mueller , Brendan Higgins , Jia Zhang , Mimi Zohar , Vitaly Chikunov , keyrings@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com, Herbert Xu , Masahiro Yamada , James Morris , Lakshmi Ramasubramanian , Marcelo Henrique Cerri , Waiman Long , "Serge E. Hallyn" , Alexandre Torgue , "Steven Rostedt (VMware)" , Tushar Sugandhi , Linux ARM , David Howells , Pascal van Leeuwen , Linux kernel mailing list , Xufeng Zhang , linux-security-module@vger.kernel.org, Linux Crypto Mailing List , Maxime Coquelin , Johannes Weiner , Colin Ian King , Andrew Morton , "David S. Miller" On Mon, Sep 14, 2020 at 9:34 AM Tianjia Zhang wrote: > > Hi Gilad, > > On 9/13/20 3:12 PM, Gilad Ben-Yossef wrote: > > Hi, > > > > > > On Thu, Sep 3, 2020 at 4:13 PM Tianjia Zhang > > wrote: > >> > >> The digital certificate format based on SM2 crypto algorithm as > >> specified in GM/T 0015-2012. It was published by State Encryption > >> Management Bureau, China. > >> > >> The method of generating Other User Information is defined as > >> ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA), it also > >> specified in https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02. > >> > >> The x509 certificate supports sm2-with-sm3 type certificate > >> verification. Because certificate verification requires ZA > >> in addition to tbs data, ZA also depends on elliptic curve > >> parameters and public key data, so you need to access tbs in sig > >> and calculate ZA. Finally calculate the digest of the > >> signature and complete the verification work. The calculation > >> process of ZA is declared in specifications GM/T 0009-2012 > >> and GM/T 0003.2-2012. > >> > >> Signed-off-by: Tianjia Zhang > >> Tested-by: Xufeng Zhang > >> --- > >> crypto/asymmetric_keys/Makefile | 1 + > >> crypto/asymmetric_keys/public_key.c | 6 +++ > >> crypto/asymmetric_keys/public_key_sm2.c | 61 ++++++++++++++++++++++++ > >> crypto/asymmetric_keys/x509_public_key.c | 3 ++ > >> include/crypto/public_key.h | 15 ++++++ > >> 5 files changed, 86 insertions(+) > >> create mode 100644 crypto/asymmetric_keys/public_key_sm2.c > >> > >> diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile > >> index 28b91adba2ae..1a99ea5acb6b 100644 > >> --- a/crypto/asymmetric_keys/Makefile > >> +++ b/crypto/asymmetric_keys/Makefile > >> @@ -11,6 +11,7 @@ asymmetric_keys-y := \ > >> signature.o > >> > >> obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o > >> +obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key_sm2.o > >> obj-$(CONFIG_ASYMMETRIC_TPM_KEY_SUBTYPE) += asym_tpm.o > >> > >> # > >> diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c > >> index d8410ffd7f12..1d0492098bbd 100644 > >> --- a/crypto/asymmetric_keys/public_key.c > >> +++ b/crypto/asymmetric_keys/public_key.c > >> @@ -299,6 +299,12 @@ int public_key_verify_signature(const struct public_key *pkey, > >> if (ret) > >> goto error_free_key; > >> > >> + if (strcmp(sig->pkey_algo, "sm2") == 0 && sig->data_size) { > >> + ret = cert_sig_digest_update(sig, tfm); > >> + if (ret) > >> + goto error_free_key; > >> + } > >> + > >> sg_init_table(src_sg, 2); > >> sg_set_buf(&src_sg[0], sig->s, sig->s_size); > >> sg_set_buf(&src_sg[1], sig->digest, sig->digest_size); > >> diff --git a/crypto/asymmetric_keys/public_key_sm2.c b/crypto/asymmetric_keys/public_key_sm2.c > >> new file mode 100644 > >> index 000000000000..7325cf21dbb4 > >> --- /dev/null > >> +++ b/crypto/asymmetric_keys/public_key_sm2.c > >> @@ -0,0 +1,61 @@ > >> +/* SPDX-License-Identifier: GPL-2.0-or-later */ > >> +/* > >> + * asymmetric public-key algorithm for SM2-with-SM3 certificate > >> + * as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012 SM2 and > >> + * described at https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 > >> + * > >> + * Copyright (c) 2020, Alibaba Group. > >> + * Authors: Tianjia Zhang > >> + */ > >> + > >> +#include > >> +#include > >> +#include > >> + > >> +#if IS_REACHABLE(CONFIG_CRYPTO_SM2) > >> + > >> +int cert_sig_digest_update(const struct public_key_signature *sig, > >> + struct crypto_akcipher *tfm_pkey) > >> +{ > >> + struct crypto_shash *tfm; > >> + struct shash_desc *desc; > >> + size_t desc_size; > >> + unsigned char dgst[SM3_DIGEST_SIZE]; > >> + int ret; > >> + > >> + BUG_ON(!sig->data); > >> + > >> + ret = sm2_compute_z_digest(tfm_pkey, SM2_DEFAULT_USERID, > >> + SM2_DEFAULT_USERID_LEN, dgst); > >> + if (ret) > >> + return ret; > >> + > >> + tfm = crypto_alloc_shash(sig->hash_algo, 0, 0); > >> + if (IS_ERR(tfm)) > >> + return PTR_ERR(tfm); > >> + > >> + desc_size = crypto_shash_descsize(tfm) + sizeof(*desc); > >> + desc = kzalloc(desc_size, GFP_KERNEL); > >> + if (!desc) > >> + goto error_free_tfm; > >> + > >> + desc->tfm = tfm; > >> + > >> + ret = crypto_shash_init(desc); > >> + if (ret < 0) > >> + goto error_free_desc; > >> + > >> + ret = crypto_shash_update(desc, dgst, SM3_DIGEST_SIZE); > >> + if (ret < 0) > >> + goto error_free_desc; > >> + > >> + ret = crypto_shash_finup(desc, sig->data, sig->data_size, sig->digest); > > > > It looks like you are doing a separate init, update, finup every time > > - I would consider using crypto_shash_digest() in one go. > > > > In fact, considering the fact that you are allocating a tfm just for > > this use and then releasing it, I would consider switching to > > crypto_shash_tfm_digest() and dropping the kzalloc all together. > > > > This should simplify the code a bit. > > > > Other than that I don't have anything smart to say :-) > > > > Gilad > > > > The hash calculation here includes two parts of data, 'dgst' and > 'sig->data'. The last call is 'finup()' not 'final()'. I understand that > it should not be possible to use 'crypto_shash_tfm_digest()' This kind > of function is simplified. > > If a new scope is added, the assignment of desc can be optimized, as > follows: > ``` > do { > SHASH_DESC_ON_STACK(desc, tfm); > desc->tfm = tfm; > > /* ... */ > } while (0); > ``` > However, the kernel code may not accept this style. What is your opinion? No, you are right. I've indeed missed that it's a finup() and not a final(). If the size of data was big enough it might have been worth going to the async. hash interface and creating a scatter list for this but I suspect it is not justified with the data sizes we are dealing with there. So: Reviewed-by: Gilad Ben-Yossef Thanks, Gilad -- Gilad Ben-Yossef Chief Coffee Drinker values of β will give rise to dom! From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B95E5C433E2 for ; Wed, 16 Sep 2020 08:03:04 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4485521D24 for ; Wed, 16 Sep 2020 08:03:04 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="ai47h089"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=benyossef-com.20150623.gappssmtp.com header.i=@benyossef-com.20150623.gappssmtp.com header.b="QC/a9gxI" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4485521D24 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=benyossef.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=+M35KAdQiOmSLjQPt75eHxOgA5w3bGai+rAwVrI1eO8=; b=ai47h089pNrhd4XJKUEa+cZIb mCXfsvAabyw9fzwzf3vKyrXZOl9IhbT2EiXGGBtM/ahLvc3575QQlAv8DQpNTe9FGUaXL1wbZrA7q DWvrzde1YZZrg/7TXE6AlLBY33zBFNCbcGtWl90YyPBNw2EY9oqClHs4zgo9zcu6v9/x2T6lVokew h274BNRd4qElOrTeBoGfG8AKcH2IKlC0Jb60NSp+V2YJHvqpW25go6tVOzrljAWlzW1i98qA4EAwc SGB3knU62R84VrTDC0zduxMZ47qKgxUttTVFlumXcyujFHoSXykiiXBUKYt4Qj215m4CZFQqCBwCp un0xKdsCg==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kISNy-0004h4-8Z; Wed, 16 Sep 2020 08:01:50 +0000 Received: from mail-pf1-x444.google.com ([2607:f8b0:4864:20::444]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kISNv-0004fh-K5 for linux-arm-kernel@lists.infradead.org; Wed, 16 Sep 2020 08:01:48 +0000 Received: by mail-pf1-x444.google.com with SMTP id v196so3524499pfc.1 for ; Wed, 16 Sep 2020 01:01:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=benyossef-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Jzms5XAy0HxBD6ul+TJwAtKpEdXIIQEvIQXmembsOLs=; b=QC/a9gxIFQcQOJO+uA+vjVshZqDN8e+LFRdyf/aIAVoxC6nt6GyZMHOWcZvoME0w87 aSe0E7xu0+ZGXIE7WrAXn//6ydaMyNBCBc+QjStY7SIQBm1YCSo7xYtzW0RFzRgNXf1f 1yLhZ0g0VuKfw3IfLpoz0voPYrp9ZPxHjaAovtMHgeQVMKX9bVGNvpS/rRgm/9pv0ToS 0V6gf+vOX7w9japVUv1/b/bs6Ze4C4xX7YFaUhdfalPVuIoiVi88/RAMDRrSVn4FyHSJ rwDYrlp4PuzT/W5NxJEjng8q7U6zQwC8KQFZCIj1QyHKdfzL3/798HNVYEbVM8c7I2Wc ZG3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Jzms5XAy0HxBD6ul+TJwAtKpEdXIIQEvIQXmembsOLs=; b=FFd7N81N10aUQg7ldVKrQmtfEOrGBxYFWHWricgLWd2a/19uEnIB9hyNcJxkvLQbWS uAgHQVAR47RLALI9nXXzxwnq17eGOBNdNu2m9IsWalnQNWbyNwfPS0piC1KvMM+Gnfwp gmrqcsSS8TFexdrd8w/idRDym5VZlwnXM0zU/81fSrSzNLhcv9Wiv22hBz5IAWZNBWsK cv+97R5WE5oDhmkQCLpW5Lx6ipKaSd1tXzb/hkMmrWyMk85uXkn/Tun/nUzvEJyTN9ob lh2JTZf3OfGVQLwg/KZbFAcFvnrK62Zo5QFZdmeqLR8JGbWo+bPY/Ub5phoxEMlRoxv6 nptw== X-Gm-Message-State: AOAM532UxZ6pagBjuMy9+F2cKOBHamaLBzT0yww95XOg5Bv1OmsWsjWl 5sCf1T6Lf/B2cUoAP39WwjzYcop8ja3P+KgXvPCM3Q== X-Google-Smtp-Source: ABdhPJwN2QFGXNPzAZFIilK1Py2rGwqQ0bbheksG8Mxx6NCNiQuM7ZG8NklYYP87LUBNlsvMF6HpPVEL1Zj6OHCa7iw= X-Received: by 2002:aa7:941a:0:b029:142:2501:35d1 with SMTP id x26-20020aa7941a0000b0290142250135d1mr5277487pfo.49.1600243304416; Wed, 16 Sep 2020 01:01:44 -0700 (PDT) MIME-Version: 1.0 References: <20200903131242.128665-1-tianjia.zhang@linux.alibaba.com> <20200903131242.128665-8-tianjia.zhang@linux.alibaba.com> <6f251e1e-42a0-7e6c-e0cd-51fba3150d17@linux.alibaba.com> In-Reply-To: <6f251e1e-42a0-7e6c-e0cd-51fba3150d17@linux.alibaba.com> From: Gilad Ben-Yossef Date: Wed, 16 Sep 2020 11:01:34 +0300 Message-ID: Subject: Re: [PATCH v6 7/8] X.509: support OSCCA sm2-with-sm3 certificate verification To: Tianjia Zhang X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200916_040147_776444_CE2E6E38 X-CRM114-Status: GOOD ( 40.61 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Stephan Mueller , Brendan Higgins , Jia Zhang , Mimi Zohar , Vitaly Chikunov , keyrings@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com, Herbert Xu , Masahiro Yamada , James Morris , Lakshmi Ramasubramanian , Marcelo Henrique Cerri , Waiman Long , "Serge E. Hallyn" , Alexandre Torgue , "Steven Rostedt \(VMware\)" , Tushar Sugandhi , Linux ARM , David Howells , Pascal van Leeuwen , Linux kernel mailing list , Xufeng Zhang , linux-security-module@vger.kernel.org, Linux Crypto Mailing List , Maxime Coquelin , Johannes Weiner , Colin Ian King , Andrew Morton , "David S. Miller" Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org T24gTW9uLCBTZXAgMTQsIDIwMjAgYXQgOTozNCBBTSBUaWFuamlhIFpoYW5nCjx0aWFuamlhLnpo YW5nQGxpbnV4LmFsaWJhYmEuY29tPiB3cm90ZToKPgo+IEhpIEdpbGFkLAo+Cj4gT24gOS8xMy8y MCAzOjEyIFBNLCBHaWxhZCBCZW4tWW9zc2VmIHdyb3RlOgo+ID4gSGksCj4gPgo+ID4KPiA+IE9u IFRodSwgU2VwIDMsIDIwMjAgYXQgNDoxMyBQTSBUaWFuamlhIFpoYW5nCj4gPiA8dGlhbmppYS56 aGFuZ0BsaW51eC5hbGliYWJhLmNvbT4gd3JvdGU6Cj4gPj4KPiA+PiBUaGUgZGlnaXRhbCBjZXJ0 aWZpY2F0ZSBmb3JtYXQgYmFzZWQgb24gU00yIGNyeXB0byBhbGdvcml0aG0gYXMKPiA+PiBzcGVj aWZpZWQgaW4gR00vVCAwMDE1LTIwMTIuIEl0IHdhcyBwdWJsaXNoZWQgYnkgU3RhdGUgRW5jcnlw dGlvbgo+ID4+IE1hbmFnZW1lbnQgQnVyZWF1LCBDaGluYS4KPiA+Pgo+ID4+IFRoZSBtZXRob2Qg b2YgZ2VuZXJhdGluZyBPdGhlciBVc2VyIEluZm9ybWF0aW9uIGlzIGRlZmluZWQgYXMKPiA+PiBa QT1IMjU2KEVOVExBIHx8IElEQSB8fCBhIHx8IGIgfHwgeEcgfHwgeUcgfHwgeEEgfHwgeUEpLCBp dCBhbHNvCj4gPj4gc3BlY2lmaWVkIGluIGh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFm dC1zaGVuLXNtMi1lY2RzYS0wMi4KPiA+Pgo+ID4+IFRoZSB4NTA5IGNlcnRpZmljYXRlIHN1cHBv cnRzIHNtMi13aXRoLXNtMyB0eXBlIGNlcnRpZmljYXRlCj4gPj4gdmVyaWZpY2F0aW9uLiAgQmVj YXVzZSBjZXJ0aWZpY2F0ZSB2ZXJpZmljYXRpb24gcmVxdWlyZXMgWkEKPiA+PiBpbiBhZGRpdGlv biB0byB0YnMgZGF0YSwgWkEgYWxzbyBkZXBlbmRzIG9uIGVsbGlwdGljIGN1cnZlCj4gPj4gcGFy YW1ldGVycyBhbmQgcHVibGljIGtleSBkYXRhLCBzbyB5b3UgbmVlZCB0byBhY2Nlc3MgdGJzIGlu IHNpZwo+ID4+IGFuZCBjYWxjdWxhdGUgWkEuIEZpbmFsbHkgY2FsY3VsYXRlIHRoZSBkaWdlc3Qg b2YgdGhlCj4gPj4gc2lnbmF0dXJlIGFuZCBjb21wbGV0ZSB0aGUgdmVyaWZpY2F0aW9uIHdvcmsu IFRoZSBjYWxjdWxhdGlvbgo+ID4+IHByb2Nlc3Mgb2YgWkEgaXMgZGVjbGFyZWQgaW4gc3BlY2lm aWNhdGlvbnMgR00vVCAwMDA5LTIwMTIKPiA+PiBhbmQgR00vVCAwMDAzLjItMjAxMi4KPiA+Pgo+ ID4+IFNpZ25lZC1vZmYtYnk6IFRpYW5qaWEgWmhhbmcgPHRpYW5qaWEuemhhbmdAbGludXguYWxp YmFiYS5jb20+Cj4gPj4gVGVzdGVkLWJ5OiBYdWZlbmcgWmhhbmcgPHl1bmJvLnh1ZmVuZ0BsaW51 eC5hbGliYWJhLmNvbT4KPiA+PiAtLS0KPiA+PiAgIGNyeXB0by9hc3ltbWV0cmljX2tleXMvTWFr ZWZpbGUgICAgICAgICAgfCAgMSArCj4gPj4gICBjcnlwdG8vYXN5bW1ldHJpY19rZXlzL3B1Ymxp Y19rZXkuYyAgICAgIHwgIDYgKysrCj4gPj4gICBjcnlwdG8vYXN5bW1ldHJpY19rZXlzL3B1Ymxp Y19rZXlfc20yLmMgIHwgNjEgKysrKysrKysrKysrKysrKysrKysrKysrCj4gPj4gICBjcnlwdG8v YXN5bW1ldHJpY19rZXlzL3g1MDlfcHVibGljX2tleS5jIHwgIDMgKysKPiA+PiAgIGluY2x1ZGUv Y3J5cHRvL3B1YmxpY19rZXkuaCAgICAgICAgICAgICAgfCAxNSArKysrKysKPiA+PiAgIDUgZmls ZXMgY2hhbmdlZCwgODYgaW5zZXJ0aW9ucygrKQo+ID4+ICAgY3JlYXRlIG1vZGUgMTAwNjQ0IGNy eXB0by9hc3ltbWV0cmljX2tleXMvcHVibGljX2tleV9zbTIuYwo+ID4+Cj4gPj4gZGlmZiAtLWdp dCBhL2NyeXB0by9hc3ltbWV0cmljX2tleXMvTWFrZWZpbGUgYi9jcnlwdG8vYXN5bW1ldHJpY19r ZXlzL01ha2VmaWxlCj4gPj4gaW5kZXggMjhiOTFhZGJhMmFlLi4xYTk5ZWE1YWNiNmIgMTAwNjQ0 Cj4gPj4gLS0tIGEvY3J5cHRvL2FzeW1tZXRyaWNfa2V5cy9NYWtlZmlsZQo+ID4+ICsrKyBiL2Ny eXB0by9hc3ltbWV0cmljX2tleXMvTWFrZWZpbGUKPiA+PiBAQCAtMTEsNiArMTEsNyBAQCBhc3lt bWV0cmljX2tleXMteSA6PSBcCj4gPj4gICAgICAgICAgc2lnbmF0dXJlLm8KPiA+Pgo+ID4+ICAg b2JqLSQoQ09ORklHX0FTWU1NRVRSSUNfUFVCTElDX0tFWV9TVUJUWVBFKSArPSBwdWJsaWNfa2V5 Lm8KPiA+PiArb2JqLSQoQ09ORklHX0FTWU1NRVRSSUNfUFVCTElDX0tFWV9TVUJUWVBFKSArPSBw dWJsaWNfa2V5X3NtMi5vCj4gPj4gICBvYmotJChDT05GSUdfQVNZTU1FVFJJQ19UUE1fS0VZX1NV QlRZUEUpICs9IGFzeW1fdHBtLm8KPiA+Pgo+ID4+ICAgIwo+ID4+IGRpZmYgLS1naXQgYS9jcnlw dG8vYXN5bW1ldHJpY19rZXlzL3B1YmxpY19rZXkuYyBiL2NyeXB0by9hc3ltbWV0cmljX2tleXMv cHVibGljX2tleS5jCj4gPj4gaW5kZXggZDg0MTBmZmQ3ZjEyLi4xZDA0OTIwOThiYmQgMTAwNjQ0 Cj4gPj4gLS0tIGEvY3J5cHRvL2FzeW1tZXRyaWNfa2V5cy9wdWJsaWNfa2V5LmMKPiA+PiArKysg Yi9jcnlwdG8vYXN5bW1ldHJpY19rZXlzL3B1YmxpY19rZXkuYwo+ID4+IEBAIC0yOTksNiArMjk5 LDEyIEBAIGludCBwdWJsaWNfa2V5X3ZlcmlmeV9zaWduYXR1cmUoY29uc3Qgc3RydWN0IHB1Ymxp Y19rZXkgKnBrZXksCj4gPj4gICAgICAgICAgaWYgKHJldCkKPiA+PiAgICAgICAgICAgICAgICAg IGdvdG8gZXJyb3JfZnJlZV9rZXk7Cj4gPj4KPiA+PiArICAgICAgIGlmIChzdHJjbXAoc2lnLT5w a2V5X2FsZ28sICJzbTIiKSA9PSAwICYmIHNpZy0+ZGF0YV9zaXplKSB7Cj4gPj4gKyAgICAgICAg ICAgICAgIHJldCA9IGNlcnRfc2lnX2RpZ2VzdF91cGRhdGUoc2lnLCB0Zm0pOwo+ID4+ICsgICAg ICAgICAgICAgICBpZiAocmV0KQo+ID4+ICsgICAgICAgICAgICAgICAgICAgICAgIGdvdG8gZXJy b3JfZnJlZV9rZXk7Cj4gPj4gKyAgICAgICB9Cj4gPj4gKwo+ID4+ICAgICAgICAgIHNnX2luaXRf dGFibGUoc3JjX3NnLCAyKTsKPiA+PiAgICAgICAgICBzZ19zZXRfYnVmKCZzcmNfc2dbMF0sIHNp Zy0+cywgc2lnLT5zX3NpemUpOwo+ID4+ICAgICAgICAgIHNnX3NldF9idWYoJnNyY19zZ1sxXSwg c2lnLT5kaWdlc3QsIHNpZy0+ZGlnZXN0X3NpemUpOwo+ID4+IGRpZmYgLS1naXQgYS9jcnlwdG8v YXN5bW1ldHJpY19rZXlzL3B1YmxpY19rZXlfc20yLmMgYi9jcnlwdG8vYXN5bW1ldHJpY19rZXlz L3B1YmxpY19rZXlfc20yLmMKPiA+PiBuZXcgZmlsZSBtb2RlIDEwMDY0NAo+ID4+IGluZGV4IDAw MDAwMDAwMDAwMC4uNzMyNWNmMjFkYmI0Cj4gPj4gLS0tIC9kZXYvbnVsbAo+ID4+ICsrKyBiL2Ny eXB0by9hc3ltbWV0cmljX2tleXMvcHVibGljX2tleV9zbTIuYwo+ID4+IEBAIC0wLDAgKzEsNjEg QEAKPiA+PiArLyogU1BEWC1MaWNlbnNlLUlkZW50aWZpZXI6IEdQTC0yLjAtb3ItbGF0ZXIgKi8K PiA+PiArLyoKPiA+PiArICogYXN5bW1ldHJpYyBwdWJsaWMta2V5IGFsZ29yaXRobSBmb3IgU00y LXdpdGgtU00zIGNlcnRpZmljYXRlCj4gPj4gKyAqIGFzIHNwZWNpZmllZCBieSBPU0NDQSBHTS9U IDAwMDMuMS0yMDEyIC0tIDAwMDMuNS0yMDEyIFNNMiBhbmQKPiA+PiArICogZGVzY3JpYmVkIGF0 IGh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1zaGVuLXNtMi1lY2RzYS0wMgo+ID4+ ICsgKgo+ID4+ICsgKiBDb3B5cmlnaHQgKGMpIDIwMjAsIEFsaWJhYmEgR3JvdXAuCj4gPj4gKyAq IEF1dGhvcnM6IFRpYW5qaWEgWmhhbmcgPHRpYW5qaWEuemhhbmdAbGludXguYWxpYmFiYS5jb20+ Cj4gPj4gKyAqLwo+ID4+ICsKPiA+PiArI2luY2x1ZGUgPGNyeXB0by9zbTNfYmFzZS5oPgo+ID4+ ICsjaW5jbHVkZSA8Y3J5cHRvL3NtMi5oPgo+ID4+ICsjaW5jbHVkZSA8Y3J5cHRvL3B1YmxpY19r ZXkuaD4KPiA+PiArCj4gPj4gKyNpZiBJU19SRUFDSEFCTEUoQ09ORklHX0NSWVBUT19TTTIpCj4g Pj4gKwo+ID4+ICtpbnQgY2VydF9zaWdfZGlnZXN0X3VwZGF0ZShjb25zdCBzdHJ1Y3QgcHVibGlj X2tleV9zaWduYXR1cmUgKnNpZywKPiA+PiArICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IHN0cnVjdCBjcnlwdG9fYWtjaXBoZXIgKnRmbV9wa2V5KQo+ID4+ICt7Cj4gPj4gKyAgICAgICBz dHJ1Y3QgY3J5cHRvX3NoYXNoICp0Zm07Cj4gPj4gKyAgICAgICBzdHJ1Y3Qgc2hhc2hfZGVzYyAq ZGVzYzsKPiA+PiArICAgICAgIHNpemVfdCBkZXNjX3NpemU7Cj4gPj4gKyAgICAgICB1bnNpZ25l ZCBjaGFyIGRnc3RbU00zX0RJR0VTVF9TSVpFXTsKPiA+PiArICAgICAgIGludCByZXQ7Cj4gPj4g Kwo+ID4+ICsgICAgICAgQlVHX09OKCFzaWctPmRhdGEpOwo+ID4+ICsKPiA+PiArICAgICAgIHJl dCA9IHNtMl9jb21wdXRlX3pfZGlnZXN0KHRmbV9wa2V5LCBTTTJfREVGQVVMVF9VU0VSSUQsCj4g Pj4gKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNNMl9ERUZBVUxUX1VT RVJJRF9MRU4sIGRnc3QpOwo+ID4+ICsgICAgICAgaWYgKHJldCkKPiA+PiArICAgICAgICAgICAg ICAgcmV0dXJuIHJldDsKPiA+PiArCj4gPj4gKyAgICAgICB0Zm0gPSBjcnlwdG9fYWxsb2Nfc2hh c2goc2lnLT5oYXNoX2FsZ28sIDAsIDApOwo+ID4+ICsgICAgICAgaWYgKElTX0VSUih0Zm0pKQo+ ID4+ICsgICAgICAgICAgICAgICByZXR1cm4gUFRSX0VSUih0Zm0pOwo+ID4+ICsKPiA+PiArICAg ICAgIGRlc2Nfc2l6ZSA9IGNyeXB0b19zaGFzaF9kZXNjc2l6ZSh0Zm0pICsgc2l6ZW9mKCpkZXNj KTsKPiA+PiArICAgICAgIGRlc2MgPSBremFsbG9jKGRlc2Nfc2l6ZSwgR0ZQX0tFUk5FTCk7Cj4g Pj4gKyAgICAgICBpZiAoIWRlc2MpCj4gPj4gKyAgICAgICAgICAgICAgIGdvdG8gZXJyb3JfZnJl ZV90Zm07Cj4gPj4gKwo+ID4+ICsgICAgICAgZGVzYy0+dGZtID0gdGZtOwo+ID4+ICsKPiA+PiAr ICAgICAgIHJldCA9IGNyeXB0b19zaGFzaF9pbml0KGRlc2MpOwo+ID4+ICsgICAgICAgaWYgKHJl dCA8IDApCj4gPj4gKyAgICAgICAgICAgICAgIGdvdG8gZXJyb3JfZnJlZV9kZXNjOwo+ID4+ICsK PiA+PiArICAgICAgIHJldCA9IGNyeXB0b19zaGFzaF91cGRhdGUoZGVzYywgZGdzdCwgU00zX0RJ R0VTVF9TSVpFKTsKPiA+PiArICAgICAgIGlmIChyZXQgPCAwKQo+ID4+ICsgICAgICAgICAgICAg ICBnb3RvIGVycm9yX2ZyZWVfZGVzYzsKPiA+PiArCj4gPj4gKyAgICAgICByZXQgPSBjcnlwdG9f c2hhc2hfZmludXAoZGVzYywgc2lnLT5kYXRhLCBzaWctPmRhdGFfc2l6ZSwgc2lnLT5kaWdlc3Qp Owo+ID4KPiA+IEl0IGxvb2tzIGxpa2UgeW91IGFyZSBkb2luZyBhIHNlcGFyYXRlIGluaXQsIHVw ZGF0ZSwgZmludXAgZXZlcnkgdGltZQo+ID4gLSBJIHdvdWxkIGNvbnNpZGVyIHVzaW5nIGNyeXB0 b19zaGFzaF9kaWdlc3QoKSBpbiBvbmUgZ28uCj4gPgo+ID4gSW4gZmFjdCwgY29uc2lkZXJpbmcg dGhlIGZhY3QgdGhhdCB5b3UgYXJlIGFsbG9jYXRpbmcgYSB0Zm0ganVzdCBmb3IKPiA+IHRoaXMg dXNlIGFuZCB0aGVuIHJlbGVhc2luZyBpdCwgSSB3b3VsZCBjb25zaWRlciBzd2l0Y2hpbmcgdG8K PiA+IGNyeXB0b19zaGFzaF90Zm1fZGlnZXN0KCkgYW5kIGRyb3BwaW5nIHRoZSBremFsbG9jIGFs bCB0b2dldGhlci4KPiA+Cj4gPiBUaGlzIHNob3VsZCBzaW1wbGlmeSB0aGUgY29kZSBhIGJpdC4K PiA+Cj4gPiBPdGhlciB0aGFuIHRoYXQgSSBkb24ndCBoYXZlIGFueXRoaW5nIHNtYXJ0IHRvIHNh eSA6LSkKPiA+Cj4gPiBHaWxhZAo+ID4KPgo+IFRoZSBoYXNoIGNhbGN1bGF0aW9uIGhlcmUgaW5j bHVkZXMgdHdvIHBhcnRzIG9mIGRhdGEsICdkZ3N0JyBhbmQKPiAnc2lnLT5kYXRhJy4gVGhlIGxh c3QgY2FsbCBpcyAnZmludXAoKScgbm90ICdmaW5hbCgpJy4gSSB1bmRlcnN0YW5kIHRoYXQKPiBp dCBzaG91bGQgbm90IGJlIHBvc3NpYmxlIHRvIHVzZSAnY3J5cHRvX3NoYXNoX3RmbV9kaWdlc3Qo KScgVGhpcyBraW5kCj4gb2YgZnVuY3Rpb24gaXMgc2ltcGxpZmllZC4KPgo+IElmIGEgbmV3IHNj b3BlIGlzIGFkZGVkLCB0aGUgYXNzaWdubWVudCBvZiBkZXNjIGNhbiBiZSBvcHRpbWl6ZWQsIGFz Cj4gZm9sbG93czoKPiBgYGAKPiBkbyB7Cj4gICAgICBTSEFTSF9ERVNDX09OX1NUQUNLKGRlc2Ms IHRmbSk7Cj4gICAgICBkZXNjLT50Zm0gPSB0Zm07Cj4KPiAgICAgIC8qIC4uLiAqLwo+IH0gd2hp bGUgKDApOwo+IGBgYAo+IEhvd2V2ZXIsIHRoZSBrZXJuZWwgY29kZSBtYXkgbm90IGFjY2VwdCB0 aGlzIHN0eWxlLiBXaGF0IGlzIHlvdXIgb3Bpbmlvbj8KCk5vLCB5b3UgYXJlIHJpZ2h0LiBJJ3Zl IGluZGVlZCBtaXNzZWQgdGhhdCBpdCdzIGEgZmludXAoKSBhbmQgbm90IGEKZmluYWwoKS4gSWYg dGhlIHNpemUgb2YgZGF0YSB3YXMgYmlnIGVub3VnaCBpdCBtaWdodCBoYXZlIGJlZW4gd29ydGgK Z29pbmcgdG8gdGhlIGFzeW5jLiBoYXNoIGludGVyZmFjZSBhbmQgY3JlYXRpbmcgYSBzY2F0dGVy IGxpc3QgZm9yCnRoaXMgYnV0IEkgc3VzcGVjdCBpdCBpcyBub3QganVzdGlmaWVkIHdpdGggdGhl IGRhdGEgc2l6ZXMgd2UgYXJlCmRlYWxpbmcgd2l0aCB0aGVyZS4KClNvOgoKUmV2aWV3ZWQtYnk6 IEdpbGFkIEJlbi1Zb3NzZWYgPGdpbGFkQGJlbnlvc3NlZi5jb20+CgpUaGFua3MsCkdpbGFkCgot LSAKR2lsYWQgQmVuLVlvc3NlZgpDaGllZiBDb2ZmZWUgRHJpbmtlcgoKdmFsdWVzIG9mIM6yIHdp bGwgZ2l2ZSByaXNlIHRvIGRvbSEKCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fCmxpbnV4LWFybS1rZXJuZWwgbWFpbGluZyBsaXN0CmxpbnV4LWFybS1rZXJu ZWxAbGlzdHMuaW5mcmFkZWFkLm9yZwpodHRwOi8vbGlzdHMuaW5mcmFkZWFkLm9yZy9tYWlsbWFu L2xpc3RpbmZvL2xpbnV4LWFybS1rZXJuZWwK