X.509: support OSCCA SM2-with-SM3 certificate verification

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The digital certificate format based on SM2 crypto algorithm as
specified in GM/T 0015-2012. It was published by State Encryption
Management Bureau, China.

The method of generating Other User Information is defined as
ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA), it also
specified in https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02.

The x509 certificate supports SM2-with-SM3 type certificate
verification. Because certificate verification requires ZA
in addition to tbs data, ZA also depends on elliptic curve
parameters and public key data, so you need to access tbs in sig
and calculate ZA. Finally calculate the digest of the
signature and complete the verification work. The calculation
process of ZA is declared in specifications GM/T 0009-2012
and GM/T 0003.2-2012.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Tested-by: Xufeng Zhang <yunbo.xufeng@linux.alibaba.com>
Reviewed-by: Gilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Tianjia Zhang and committed by

Herbert Xu 5 years ago 21552563 254f84f5

+86

5 changed files

expand all

crypto

asymmetric_keys

Makefile

public_key.c

public_key_sm2.c

x509_public_key.c

include

crypto

public_key.h

crypto/asymmetric_keys/Makefile

··· 11 11 signature.o 12 12 13 13 obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o 14 + obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key_sm2.o 14 15 obj-$(CONFIG_ASYMMETRIC_TPM_KEY_SUBTYPE) += asym_tpm.o 15 16 16 17 #

crypto/asymmetric_keys/public_key.c

··· 299 299 if (ret) 300 300 goto error_free_key; 301 301 302 + if (strcmp(sig->pkey_algo, "sm2") == 0 && sig->data_size) { 303 + ret = cert_sig_digest_update(sig, tfm); 304 + if (ret) 305 + goto error_free_key; 306 + } 307 + 302 308 sg_init_table(src_sg, 2); 303 309 sg_set_buf(&src_sg[0], sig->s, sig->s_size); 304 310 sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);

+61

crypto/asymmetric_keys/public_key_sm2.c

··· 1 + /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 + /* 3 + * asymmetric public-key algorithm for SM2-with-SM3 certificate 4 + * as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012 SM2 and 5 + * described at https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 6 + * 7 + * Copyright (c) 2020, Alibaba Group. 8 + * Authors: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> 9 + */ 10 + 11 + #include <crypto/sm3_base.h> 12 + #include <crypto/sm2.h> 13 + #include <crypto/public_key.h> 14 + 15 + #if IS_REACHABLE(CONFIG_CRYPTO_SM2) 16 + 17 + int cert_sig_digest_update(const struct public_key_signature *sig, 18 + struct crypto_akcipher *tfm_pkey) 19 + { 20 + struct crypto_shash *tfm; 21 + struct shash_desc *desc; 22 + size_t desc_size; 23 + unsigned char dgst[SM3_DIGEST_SIZE]; 24 + int ret; 25 + 26 + BUG_ON(!sig->data); 27 + 28 + ret = sm2_compute_z_digest(tfm_pkey, SM2_DEFAULT_USERID, 29 + SM2_DEFAULT_USERID_LEN, dgst); 30 + if (ret) 31 + return ret; 32 + 33 + tfm = crypto_alloc_shash(sig->hash_algo, 0, 0); 34 + if (IS_ERR(tfm)) 35 + return PTR_ERR(tfm); 36 + 37 + desc_size = crypto_shash_descsize(tfm) + sizeof(*desc); 38 + desc = kzalloc(desc_size, GFP_KERNEL); 39 + if (!desc) 40 + goto error_free_tfm; 41 + 42 + desc->tfm = tfm; 43 + 44 + ret = crypto_shash_init(desc); 45 + if (ret < 0) 46 + goto error_free_desc; 47 + 48 + ret = crypto_shash_update(desc, dgst, SM3_DIGEST_SIZE); 49 + if (ret < 0) 50 + goto error_free_desc; 51 + 52 + ret = crypto_shash_finup(desc, sig->data, sig->data_size, sig->digest); 53 + 54 + error_free_desc: 55 + kfree(desc); 56 + error_free_tfm: 57 + crypto_free_shash(tfm); 58 + return ret; 59 + } 60 + 61 + #endif /* ! IS_REACHABLE(CONFIG_CRYPTO_SM2) */

crypto/asymmetric_keys/x509_public_key.c

··· 30 30 31 31 pr_devel("==>%s()\n", __func__); 32 32 33 + sig->data = cert->tbs; 34 + sig->data_size = cert->tbs_size; 35 + 33 36 if (!cert->pub->pkey_algo) 34 37 cert->unsupported_key = true; 35 38

+15

include/crypto/public_key.h

··· 12 12 13 13 #include <linux/keyctl.h> 14 14 #include <linux/oid_registry.h> 15 + #include <crypto/akcipher.h> 15 16 16 17 /* 17 18 * Cryptographic data for the public-key subtype of the asymmetric key type. ··· 45 44 const char *pkey_algo; 46 45 const char *hash_algo; 47 46 const char *encoding; 47 + const void *data; 48 + unsigned int data_size; 48 49 }; 49 50 50 51 extern void public_key_signature_free(struct public_key_signature *sig); ··· 83 80 84 81 int public_key_verify_signature(const struct public_key *pkey, 85 82 const struct public_key_signature *sig); 83 + 84 + #if IS_REACHABLE(CONFIG_CRYPTO_SM2) 85 + int cert_sig_digest_update(const struct public_key_signature *sig, 86 + struct crypto_akcipher *tfm_pkey); 87 + #else 88 + static inline 89 + int cert_sig_digest_update(const struct public_key_signature *sig, 90 + struct crypto_akcipher *tfm_pkey) 91 + { 92 + return -ENOTSUPP; 93 + } 94 + #endif 86 95 87 96 #endif /* _LINUX_PUBLIC_KEY_H */