Re: [PATCH v3 0/8] crpyto: introduce OSCCA certificate and SM2 asymmetric algorithm
From: Tianjia Zhang
Date: Tue Jun 16 2020 - 05:36:10 EST
On 2020/6/10 4:58, Vitaly Chikunov wrote:
Tianjia,
On Tue, Jun 09, 2020 at 09:48:47PM +0800, Tianjia Zhang wrote:
Hello all,
This new module implement the OSCCA certificate and SM2 public key
algorithm. It was published by State Encryption Management Bureau, China.
List of specifications for OSCCA certificate and SM2 elliptic curve
public key cryptography:
* GM/T 0003.1-2012
* GM/T 0003.2-2012
* GM/T 0003.3-2012
* GM/T 0003.4-2012
* GM/T 0003.5-2012
* GM/T 0015-2012
* GM/T 0009-2012
IETF: https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
oscca: http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
scctc: http://www.gmbz.org.cn/main/bzlb.html
These patchs add the OID object identifier defined by OSCCA. The
x509 certificate supports sm2-with-sm3 type certificate parsing
and verification.
The sm2 algorithm is based on libgcrypt's mpi implementation, and has
made some additions to the kernel's original mpi library, and added the
implementation of ec to better support elliptic curve-like algorithms.
sm2 has good support in both openssl and gnupg projects, and sm3 and sm4
of the OSCCA algorithm family have also been implemented in the kernel.
Among them, sm3 and sm4 have been well implemented in the kernel.
This group of patches has newly introduced sm2. In order to implement
sm2 more perfectly, I expanded the mpi library and introduced the
ec implementation of the mpi library as the basic algorithm. Compared
to the kernel's crypto/ecc.c, the implementation of mpi/ec.c is more
complete and elegant, sm2 is implemented based on these algorithms.
Does it use constant-time algorithms?
Thanks,
Sorry for not responding in time.
This algorithm is constant-time algorithms, and this logic is
implemented in ec_mul_point().
Will you consider implementing ecrdsa based on the mpi ec algorithm in
the future?
Thanks and best,
Tianjia