linux-crypto.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
To: herbert@gondor.apana.org.au, davem@davemloft.net,
	ebiggers@kernel.org, ebiggers@google.com, pvanleeuwen@rambus.com,
	zohar@linux.ibm.com, gilad@benyossef.com,
	jarkko.sakkinen@linux.intel.com, dmitry.kasatkin@intel.com,
	nicstange@gmail.com, tadeusz.struk@intel.com, jmorris@namei.org,
	serge@hallyn.com, zhang.jia@linux.alibaba.com
Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
	tianjia.zhang@linux.alibaba.com
Subject: [PATCH v2 0/7] crpyto: introduce OSCCA certificate and SM2 asymmetric algorithm
Date: Thu,  2 Apr 2020 20:34:57 +0800	[thread overview]
Message-ID: <20200402123504.84628-1-tianjia.zhang@linux.alibaba.com> (raw)

Hello all,

This new module implement the OSCCA certificate and SM2 public key
algorithm. It was published by State Encryption Management Bureau, China.
List of specifications for OSCCA certificate and SM2 elliptic curve
public key cryptography:

* GM/T 0003.1-2012
* GM/T 0003.2-2012
* GM/T 0003.3-2012
* GM/T 0003.4-2012
* GM/T 0003.5-2012
* GM/T 0015-2012
* GM/T 0009-2012 

IETF: https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
oscca: http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
scctc: http://www.gmbz.org.cn/main/bzlb.html

These patchs add the OID object identifier defined by OSCCA. The
x509 certificate supports sm2-with-sm3 type certificate parsing
and verification.

The sm2 algorithm is based on libgcrypt's mpi implementation, and has
made some additions to the kernel's original mpi library, and added the
implementation of ec to better support elliptic curve-like algorithms.

sm2 has good support in both openssl and gnupg projects, and sm3 and sm4
of the OSCCA algorithm family have also been implemented in the kernel.

Among them, sm3 and sm4 have been well implemented in the kernel.
This group of patches has newly introduced sm2. In order to implement
sm2 more perfectly, I expanded the mpi library and introduced the
ec implementation of the mpi library as the basic algorithm. Compared
to the kernel's crypto/ecc.c, the implementation of mpi/ec.c is more
complete and elegant, sm2 is implemented based on these algorithms.

---
v2 changes:
  1. simplify the sm2 algorithm and only retain the verify function
  2. extract the sm2 certificate code into a separate file

Tianjia Zhang (7):
  crypto: sm3 - export crypto_sm3_final function
  lib/mpi: Extend the MPI library
  lib/mpi: Introduce ec implementation to MPI library
  crypto: sm2 - introduce OSCCA SM2 asymmetric cipher algorithm
  crypto: testmgr - support test with different ciphertext per
    encryption
  X.509: support OSCCA certificate parse
  X.509: support OSCCA sm2-with-sm3 certificate verification

 crypto/Kconfig                            |   17 +
 crypto/Makefile                           |    8 +
 crypto/asymmetric_keys/Makefile           |    1 +
 crypto/asymmetric_keys/public_key.c       |    6 +
 crypto/asymmetric_keys/public_key_sm2.c   |   59 +
 crypto/asymmetric_keys/x509_cert_parser.c |   14 +-
 crypto/asymmetric_keys/x509_public_key.c  |    2 +
 crypto/sm2.c                              |  498 +++++++
 crypto/sm2signature.asn1                  |    4 +
 crypto/sm3_generic.c                      |    7 +-
 crypto/testmgr.c                          |    7 +-
 include/crypto/public_key.h               |   14 +
 include/crypto/sm2.h                      |   25 +
 include/crypto/sm3.h                      |    2 +
 include/linux/mpi.h                       |  193 +++
 include/linux/oid_registry.h              |    6 +
 lib/mpi/Makefile                          |    6 +
 lib/mpi/ec.c                              | 1538 +++++++++++++++++++++
 lib/mpi/mpi-add.c                         |  207 +++
 lib/mpi/mpi-bit.c                         |  251 ++++
 lib/mpi/mpi-cmp.c                         |   46 +-
 lib/mpi/mpi-div.c                         |  259 ++++
 lib/mpi/mpi-internal.h                    |   53 +
 lib/mpi/mpi-inv.c                         |  143 ++
 lib/mpi/mpi-mod.c                         |  155 +++
 lib/mpi/mpi-mul.c                         |  166 +++
 lib/mpi/mpicoder.c                        |  336 +++++
 lib/mpi/mpih-div.c                        |  294 ++++
 lib/mpi/mpih-mul.c                        |   25 +
 lib/mpi/mpiutil.c                         |  204 +++
 30 files changed, 4531 insertions(+), 15 deletions(-)
 create mode 100644 crypto/asymmetric_keys/public_key_sm2.c
 create mode 100644 crypto/sm2.c
 create mode 100644 crypto/sm2signature.asn1
 create mode 100644 include/crypto/sm2.h
 create mode 100644 lib/mpi/ec.c
 create mode 100644 lib/mpi/mpi-add.c
 create mode 100644 lib/mpi/mpi-div.c
 create mode 100644 lib/mpi/mpi-inv.c
 create mode 100644 lib/mpi/mpi-mod.c
 create mode 100644 lib/mpi/mpi-mul.c

-- 
2.17.1


             reply	other threads:[~2020-04-02 12:35 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-02 12:34 Tianjia Zhang [this message]
2020-04-02 12:34 ` [PATCH v2 1/7] crypto: sm3 - export crypto_sm3_final function Tianjia Zhang
2020-04-02 12:34 ` [PATCH v2 2/7] lib/mpi: Extend the MPI library Tianjia Zhang
2020-04-02 12:35 ` [PATCH v2 3/7] lib/mpi: Introduce ec implementation to " Tianjia Zhang
2020-04-02 12:35 ` [PATCH v2 4/7] crypto: sm2 - introduce OSCCA SM2 asymmetric cipher algorithm Tianjia Zhang
2020-04-02 12:35 ` [PATCH v2 5/7] crypto: testmgr - support test with different ciphertext per encryption Tianjia Zhang
2020-04-02 12:35 ` [PATCH v2 6/7] X.509: support OSCCA certificate parse Tianjia Zhang
2020-04-02 12:35 ` [PATCH v2 7/7] X.509: support OSCCA sm2-with-sm3 certificate verification Tianjia Zhang
2020-04-16  6:01 ` [PATCH v2 0/7] crpyto: introduce OSCCA certificate and SM2 asymmetric algorithm Herbert Xu
2020-04-16  6:37   ` Tianjia Zhang
2020-05-29 11:04   ` Tianjia Zhang
2020-05-29 11:52     ` Herbert Xu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200402123504.84628-1-tianjia.zhang@linux.alibaba.com \
    --to=tianjia.zhang@linux.alibaba.com \
    --cc=davem@davemloft.net \
    --cc=dmitry.kasatkin@intel.com \
    --cc=ebiggers@google.com \
    --cc=ebiggers@kernel.org \
    --cc=gilad@benyossef.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=jarkko.sakkinen@linux.intel.com \
    --cc=jmorris@namei.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=nicstange@gmail.com \
    --cc=pvanleeuwen@rambus.com \
    --cc=serge@hallyn.com \
    --cc=tadeusz.struk@intel.com \
    --cc=zhang.jia@linux.alibaba.com \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).