linux-integrity.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Stefan Berger <stefanb@linux.ibm.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
	Saulo Alessandre <saulo.alessandre@gmail.com>
Cc: keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
	davem@davemloft.net, dhowells@redhat.com, zohar@linux.ibm.com,
	linux-kernel@vger.kernel.org, patrick@puiterwijk.org,
	linux-integrity@vger.kernel.org
Subject: Re: [PATCH v7 1/4] crypto: Add support for ECDSA signature verification
Date: Thu, 4 Feb 2021 00:43:43 -0500	[thread overview]
Message-ID: <652c922b-a231-b1ab-43ce-d4d670c90eef@linux.ibm.com> (raw)
In-Reply-To: <20210204052738.GA7086@gondor.apana.org.au>

On 2/4/21 12:27 AM, Herbert Xu wrote:
> On Mon, Feb 01, 2021 at 10:19:07AM -0500, Stefan Berger wrote:
>> Add support for parsing the parameters of a NIST P256 or NIST P192 key.
>> Enable signature verification using these keys. The new module is
>> enabled with CONFIG_ECDSA:
>>    Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.)
>>    is A NIST cryptographic standard algorithm. Only signature verification
>>    is implemented.
>>
>> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
>> Cc: Herbert Xu <herbert@gondor.apana.org.au>
>> Cc: "David S. Miller" <davem@davemloft.net>
>> Cc: linux-crypto@vger.kernel.org
>> ---
>>   crypto/Kconfig               |  10 +
>>   crypto/Makefile              |   6 +
>>   crypto/ecc.c                 |  13 +-
>>   crypto/ecc.h                 |  28 +++
>>   crypto/ecdsa.c               | 361 +++++++++++++++++++++++++++++++++++
>>   crypto/ecdsasignature.asn1   |   4 +
>>   crypto/testmgr.c             |  12 ++
>>   crypto/testmgr.h             | 267 ++++++++++++++++++++++++++
>>   include/linux/oid_registry.h |   4 +
>>   9 files changed, 694 insertions(+), 11 deletions(-)
>>   create mode 100644 crypto/ecdsa.c
>>   create mode 100644 crypto/ecdsasignature.asn1
> Saulo Alessandre is implementing ecdsa with signing so you two
> should coordinate on this.

Hello Saulo,

  so this series here supports NIST P256 and NIST P192 for usage by IMA 
for example. It looks like you want to support more elliptic curves than 
these: p384 and even p521. Do you have any suggestion on how to proceed? 
Would you want to add patches with your additional curves on top of this 
series?

I have a project here with some test scripts that may also be relevant 
for your case: https://github.com/stefanberger/eckey-testing


     Stefan


>
> Thanks,



  reply	other threads:[~2021-02-04  5:44 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-01 15:19 [PATCH v7 0/4] Add support for x509 certs with NIST p256 and p192 keys Stefan Berger
2021-02-01 15:19 ` [PATCH v7 1/4] crypto: Add support for ECDSA signature verification Stefan Berger
2021-02-04  5:27   ` Herbert Xu
2021-02-04  5:43     ` Stefan Berger [this message]
2021-02-04 14:58     ` Jarkko Sakkinen
2021-02-01 15:19 ` [PATCH v7 2/4] x509: Detect sm2 keys by their parameters OID Stefan Berger
2021-02-01 15:19 ` [PATCH v7 3/4] x509: Add support for parsing x509 certs with ECDSA keys Stefan Berger
2021-02-11  8:03   ` kernel test robot
2021-02-11 17:30     ` Stefan Berger
2021-02-11 18:18       ` Stefan Berger
2021-02-01 15:19 ` [PATCH v7 4/4] ima: Support EC keys for signature verification Stefan Berger
2021-02-05 12:24   ` Mimi Zohar
2021-02-01 16:13 ` [PATCH v7 0/4] Add support for x509 certs with NIST p256 and p192 keys David Howells
2021-02-01 16:28   ` Stefan Berger
2021-02-01 16:36   ` David Howells
2021-02-01 16:45     ` Stefan Berger
2021-02-02  3:59       ` Herbert Xu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=652c922b-a231-b1ab-43ce-d4d670c90eef@linux.ibm.com \
    --to=stefanb@linux.ibm.com \
    --cc=davem@davemloft.net \
    --cc=dhowells@redhat.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=patrick@puiterwijk.org \
    --cc=saulo.alessandre@gmail.com \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).