Re: [PATCH 0/6] Add support for ECDSA algorithm

[Tudor Ambarus <tudor.ambarus@microchip.com>]

Hi, Sandy,

On 08/22/2017 08:22 PM, Sandy Harris wrote:
> On Tue, Aug 22, 2017 at 12:14 PM, Tudor Ambarus
> <tudor.ambarus@microchip.com> wrote:
>> Hi, Herbert,
>>
>> On 02/02/2017 03:57 PM, Herbert Xu wrote:
>>>
>>> Yes but RSA had an in-kernel user in the form of module signature
>>> verification.  We don't add algorithms to the kernel without
>>> actual users.  So this patch-set needs to come with an actual
>>> in-kernel user of ECDSA.
>>
>>
>> ECDSA can be used by the kernel module signing facility too. Is there
>> any interest in using ECDSA by the kernel module signing facility?
> 
> I'd say keep it simple wherever possible; adding an algorithm should
> need "is required by" not just "can be used by".
> 
> Even then, there is room for questions. In particular, whether such a
> fragile algorithm should be trusted at all, let alone for signatures
> on infrastructure modules that the whole OS will trust.
> https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm#Security
> 

ECDSA is a better alternative to RSA for digital signatures assuming
that you don't have implementation bugs.

ECDSA requires a much smaller key length in order to provide the same
security strength as RSA (see [1]):

security strength | RSA key length (bits) | ECDSA key lengths (bits)
        112                   2048                    224-255
        128                   3072                    256-383

When comparing to RSA, ECDSA promises better computational efficiency,
signature size and bandwith (see [2]).

Cheers,
ta

[1] NIST.SP.800-57pt1r4, section 5.6.1,  table 2
[2] rfc4754, rfc6979