Re: [PATCH v7 00/13] Add support for NIST P521 to ecdsa

From: Stefan Berger
Date: Wed Mar 20 2024 - 08:45:20 EST


I apologize for the missing part in the title.

Stefan

On 3/20/24 07:47, Stefan Berger wrote:
This series adds support for the NIST P521 curve to the ecdsa module
to enable signature verification with it.

An issue with the current code in ecdsa is that it assumes that input
arrays providing key coordinates for example, are arrays of digits
(a 'digit' is a 'u64'). This works well for all currently supported
curves, such as NIST P192/256/384, but does not work for NIST P521 where
coordinates are 8 digits + 2 bytes long. So some of the changes deal with
converting byte arrays to digits and adjusting tests on input byte
array lengths to tolerate arrays not providing multiples of 8 bytes.

Regards,
Stefan

v7:
- Applied T-b tag from Christian to all patches
- Applied R-b tag from Jarkko to some patches
- Rephrased some patch descriptions per Jarkko's request

v6:
- Use existing #defines for number of digits rather than plain numbers
(1/13, 6/13) following Bharat's suggestion
- Initialize result from lowest 521 bits of product rather than going
through tmp variable (6/13)

v5:
- Simplified ecc_digits_from_bytes as suggested by Lukas (1/12)
- Using nbits == 521 to detect NIST P521 curve rather than strcmp()
(5,6/12)
- Nits in patch description and comments (11/12)

v4:
- Followed suggestions by Lukas Wummer (1,5,8/12)
- Use nbits rather than ndigits where needed (8/12)
- Renaming 'keylen' variablest to bufsize where necessary (9/12)
- Adjust signature size calculation for NIST P521 (11/12)

v3:
- Dropped ecdh support
- Use ecc_get_curve_nbits for getting number of bits in NIST P521 curve
in ecc_point_mult (7/10)

v2:
- Reformulated some patch descriptions
- Fixed issue detected by krobot
- Some other small changes to the code

Stefan Berger (13):
crypto: ecc - Use ECC_CURVE_NIST_P192/256/384_DIGITS where possible
crypto: ecdsa - Convert byte arrays with key coordinates to digits
crypto: ecdsa - Adjust tests on length of key parameters
crypto: ecdsa - Extend res.x mod n calculation for NIST P521
crypto: ecc - Add nbits field to ecc_curve structure
crypto: ecc - Implement vli_mmod_fast_521 for NIST p521
crypto: ecc - Add special case for NIST P521 in ecc_point_mult
crypto: ecc - Add NIST P521 curve parameters
crypto: ecdsa - Replace ndigits with nbits where precision is needed
crypto: ecdsa - Rename keylen to bufsize where necessary
crypto: ecdsa - Register NIST P521 and extend test suite
crypto: asymmetric_keys - Adjust signature size calculation for NIST
P521
crypto: x509 - Add OID for NIST P521 and extend parser for it

crypto/asymmetric_keys/public_key.c | 14 ++-
crypto/asymmetric_keys/x509_cert_parser.c | 3 +
crypto/ecc.c | 44 +++++--
crypto/ecc_curve_defs.h | 49 ++++++++
crypto/ecdsa.c | 62 ++++++---
crypto/ecrdsa_defs.h | 5 +
crypto/testmgr.c | 7 ++
crypto/testmgr.h | 146 ++++++++++++++++++++++
include/crypto/ecc_curve.h | 2 +
include/crypto/ecdh.h | 1 +
include/crypto/internal/ecc.h | 24 +++-
include/linux/oid_registry.h | 1 +
12 files changed, 335 insertions(+), 23 deletions(-)