ping.
Thanks,
Tianjia
On 3/24/21 8:15 PM, Tianjia Zhang wrote:
The kernel module signature supports the option to use the SM3 secure
hash (OSCCA GM/T 0004-2012 SM3). SM2 and SM3 always appear in pairs.
The former is used for signing and the latter is used for hash
calculation.
To sign a
On 3/26/21 5:38 PM, Gilad Ben-Yossef wrote:
Hi,
Thank you for the patch!
On Fri, Mar 26, 2021 at 5:21 AM Tianjia Zhang
wrote:
In the process of calculating the hash, use the more accurate type
'u32' instead of the original 'unsigned int' to avoid ambiguity.
I don&
In the process of calculating the hash, use the more accurate type
'u32' instead of the original 'unsigned int' to avoid ambiguity.
Signed-off-by: Tianjia Zhang
---
crypto/sm3_generic.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/cr
cert.pem test.ko test.ko.signed
At this point, we should built the CA certificate into the kernel, and
then we can load the SM2-with-SM3 signed module normally.
Signed-off-by: Tianjia Zhang
---
Documentation/admin-guide/module-signing.rst | 5 +++--
init/Kconfig
rithm
sign-file sm3 private.pem cert.pem test.ko test.ko.signed
At this point, we should built the CA certificate into the kernel, and
then we can load the SM2-with-SM3 signed module normally.
---
v2 change:
- split one patch into twos.
- richer commit log.
Tianjia Zhang (2):
pkcs7: make parse
Support parsing the message signature of the SM2 and SM3 algorithm
combination. This group of algorithms has been well supported. One
of the main users is module signature verification.
Signed-off-by: Tianjia Zhang
---
crypto/asymmetric_keys/pkcs7_parser.c | 7 +++
1 file changed, 7
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: f33dece70e11ce82a09cb1ea2d7c32347b82c67e
Gitweb:
https://git.kernel.org/tip/f33dece70e11ce82a09cb1ea2d7c32347b82c67e
Author:Tianjia Zhang
AuthorDate:Sun, 14 Mar 2021 19:16:21 +08:00
Committer
Hi,
On 3/24/21 6:14 AM, Ard Biesheuvel wrote:
On Tue, 23 Mar 2021 at 09:36, Tianjia Zhang
wrote:
The kernel module signature supports the option to use the SM3
secure hash (OSCCA GM/T 0004-2012 SM3).
Signed-off-by: Tianjia Zhang
A secure hash is not the same as a signature. Looking at
Hi,
On 3/24/21 12:43 AM, Randy Dunlap wrote:
On 3/23/21 1:35 AM, Tianjia Zhang wrote:
The kernel module signature supports the option to use the SM3
secure hash (OSCCA GM/T 0004-2012 SM3).
Signed-off-by: Tianjia Zhang
---
Documentation/admin-guide/module-signing.rst | 5 +++--
crypto
Hi,
On 3/24/21 2:51 AM, Borislav Petkov wrote:
On Tue, Mar 23, 2021 at 11:08:25AM +0800, Tianjia Zhang wrote:
Take time to look at this.
A "please" wouldn't hurt.
I'm very sorry that my mistake caused your hurt. Please take time to
look at this, which tree this shou
The kernel module signature supports the option to use the SM3
secure hash (OSCCA GM/T 0004-2012 SM3).
Signed-off-by: Tianjia Zhang
---
Documentation/admin-guide/module-signing.rst | 5 +++--
crypto/asymmetric_keys/pkcs7_parser.c| 7 +++
init/Kconfig
Hi,
On 3/15/21 9:02 PM, Jarkko Sakkinen wrote:
On Sun, Mar 14, 2021 at 07:16:21PM +0800, Tianjia Zhang wrote:
Simplify the sgx code implemntation by using library function
getauxval() instead of a custom function to get the base address
of vDSO.
Signed-off-by: Tianjia Zhang
Reviewed-by
message will appear:
sign-file: CMS_add1_signer: Success
errx() ignores errno and does not cause such issue.
Signed-off-by: Tianjia Zhang
---
scripts/sign-file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index fbd34b8e8f57
Simplify the sgx code implemntation by using library function
getauxval() instead of a custom function to get the base address
of vDSO.
Signed-off-by: Tianjia Zhang
Reviewed-by: Jarkko Sakkinen
Acked-by: Shuah Khan
---
tools/testing/selftests/sgx/main.c | 24
1 file
-0800, Andy Lutomirski wrote:
On Mon, Mar 1, 2021 at 9:06 PM Tianjia Zhang
wrote:
On 3/1/21 5:54 PM, Jarkko Sakkinen wrote:
On Mon, Mar 01, 2021 at 01:18:36PM +0800, Tianjia Zhang wrote:
q2 is not always 384-byte length. Sometimes it only has 383-byte.
What does determine this?
In this
Hi,
On 3/5/21 11:04 PM, Stefan Berger wrote:
On 3/5/21 2:37 AM, Tianjia Zhang wrote:
Hi,
On 3/4/21 7:46 AM, Stefan Berger wrote:
Tianjia,
can you say whether SM2 support works for you before and after
applying this patch? I cannot verify it with an sm2 key I have
created using a
-off-by: Stefan Berger
Reviewed-by: Tianjia Zhang
---
crypto/asymmetric_keys/x509_cert_parser.c | 12 +++-
include/linux/oid_registry.h | 1 +
lib/oid_registry.c| 13 +
3 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/crypto
Sjd9GWIe98Ll9J0dquxgCktp9DrTAPBgNVHRMBAf8EBTADAQH/MAoG
CCqBHM9VAYN1A0cAMEQCIAvLWIfGFq85u/vVMLc5H1D/DnrNS0VhSkQA4daRO4tc
AiABbeWENcQZDZLWTuqG9P2KDPOoNqV/QV/+0XjMAVblhg==
-END CERTIFICATE-----
If you can, please add:
Tested-by: Tianjia Zhang
good luck!
Tianjia
On 3/2/21 8:51 PM, Jarkko Sakkinen wrote:
Nit: "due to"
Start with capital letter "Fix"
Will do in the next patch.
On Tue, Mar 02, 2021 at 01:06:52PM +0800, Tianjia Zhang wrote:
On 3/1/21 5:54 PM, Jarkko Sakkinen wrote:
On Mon, Mar 01, 2021 at 01:18:36PM +0800,
On 3/2/21 1:54 PM, Andy Lutomirski wrote:
On Mon, Mar 1, 2021 at 9:06 PM Tianjia Zhang
wrote:
On 3/1/21 5:54 PM, Jarkko Sakkinen wrote:
On Mon, Mar 01, 2021 at 01:18:36PM +0800, Tianjia Zhang wrote:
q2 is not always 384-byte length. Sometimes it only has 383-byte.
What does determine
On 3/1/21 5:54 PM, Jarkko Sakkinen wrote:
On Mon, Mar 01, 2021 at 01:18:36PM +0800, Tianjia Zhang wrote:
q2 is not always 384-byte length. Sometimes it only has 383-byte.
What does determine this?
In this case, the valid portion of q2 is reordered reversely for
little endian order, and
q2 is not always 384-byte length. Sometimes it only has 383-byte.
In this case, the valid portion of q2 is reordered reversely for
little endian order, and the remaining portion is filled with zero.
Signed-off-by: Tianjia Zhang
---
tools/testing/selftests/sgx/sigstruct.c | 41
On 2/16/21 4:29 PM, Jarkko Sakkinen wrote:
On Tue, Feb 16, 2021 at 11:31:33AM +0800, Tianjia Zhang wrote:
In this scenario, there is no case where va_page is NULL, and
the error has been checked. The if-condition statement here is
redundant, so remove the condition detection.
Signed-off-by
function sgx_create_enclave() has been moved to the function
sgx_open(), this will allow users to perform ioctl PROVISION
operations before ioctl CREATE, increase the flexibility of
the API and reduce restrictions.
Signed-off-by: Tianjia Zhang
---
arch/x86/kernel/cpu/sgx/driver.c | 1 +
arch/x86
changes:
* Improvements suggested by review
v3 changes:
* split free_cnt count and spin lock optimization into two patches
v2 changes:
* review suggested changes
Tianjia Zhang (3):
selftests/x86: Use getauxval() to simplify the code in sgx
x86/sgx: Allows ioctl PROVISION to execute
In this scenario, there is no case where va_page is NULL, and
the error has been checked. The if-condition statement here is
redundant, so remove the condition detection.
Signed-off-by: Tianjia Zhang
Acked-by: Jarkko Sakkinen
---
arch/x86/kernel/cpu/sgx/ioctl.c | 7 ---
1 file changed, 4
Simplify the sgx code implemntation by using library function
getauxval() instead of a custom function to get the base address
of vDSO.
Signed-off-by: Tianjia Zhang
Reviewed-by: Jarkko Sakkinen
Acked-by: Shuah Khan
---
tools/testing/selftests/sgx/main.c | 24
1 file
On 2/12/21 8:19 PM, Jarkko Sakkinen wrote:
On Thu, Feb 11, 2021 at 02:04:12PM +0800, Tianjia Zhang wrote:
Hi,
Sorry for the late reply.
On 1/28/21 1:40 AM, Jarkko Sakkinen wrote:
I could bet some money that this does not bring any significant
performance gain.
Yes, this does not bring
On 2/3/21 6:04 AM, Jarkko Sakkinen wrote:
On Mon, Feb 01, 2021 at 09:26:53PM +0800, Tianjia Zhang wrote:
In this scenario, there is no case where va_page is NULL, and
the error has been checked. The if condition statement here is
if-condition, i.e. dash missing
Will do in the next patch
On 2/3/21 6:00 AM, Jarkko Sakkinen wrote:
On Mon, Feb 01, 2021 at 09:26:50PM +0800, Tianjia Zhang wrote:
The spin lock of sgx_epc_section only locks the page_list. The
EREMOVE operation and init_laundry_list is not necessary in the
protection range of the spin lock. This patch reduces the
On 2/3/21 5:57 AM, Jarkko Sakkinen wrote:
On Mon, Feb 01, 2021 at 09:26:52PM +0800, Tianjia Zhang wrote:
In the function sgx_create_enclave(), the direct assignment
operation of attributes_mask determines that the ioctl PROVISION
operation must be executed after the ioctl CREATE operation
On 2/3/21 5:54 AM, Jarkko Sakkinen wrote:
On Mon, Feb 01, 2021 at 09:26:51PM +0800, Tianjia Zhang wrote:
'section->free_cnt' represents the free page in sgx_epc_section,
which is assigned once after initialization. In fact, just after the
initialization is completed, the pag
accurate.
On Sun, Jan 24, 2021 at 02:29:05PM +0800, Tianjia Zhang wrote:
`section->free_cnt` represents the free page in sgx_epc_section,
which is assigned once after initialization. In fact, just after the
initialization is completed, the pages are in the `init_laundry_list`
list and cannot
lock optimization into two patches
v2 changes:
* review suggested changes
Tianjia Zhang (5):
selftests/x86: Use getauxval() to simplify the code in sgx
x86/sgx: Reduce the locking range in sgx_sanitize_section()
x86/sgx: Optimize the free_cnt count in sgx_epc_section
x86/sgx: Allows
nitize_section(), and then accumulates the count after the
successful execution of EREMOVE. This seems to be more reasonable,
free_cnt will also truly reflect the allocatable free pages in EPC.
Sined-off-by: Tianjia Zhang
Reviewed-by: Sean Christopherson
---
arch/x86/kernel/cpu/sgx/main.c | 2 +-
1
page_list.
Suggested-by: Sean Christopherson
Signed-off-by: Tianjia Zhang
---
arch/x86/kernel/cpu/sgx/main.c | 11 ---
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c
index c519fc5f6948..4465912174fd 100644
--- a/arch
function sgx_create_enclave() has been moved to the function
sgx_open(), this will allow users to perform ioctl PROVISION
operations before ioctl CREATE, increase the flexibility of
the API and reduce restrictions.
Signed-off-by: Tianjia Zhang
---
arch/x86/kernel/cpu/sgx/driver.c | 1 +
arch/x86
Simplify the sgx code implemntation by using library function
getauxval() instead of a custom function to get the base address
of vDSO.
Signed-off-by: Tianjia Zhang
---
tools/testing/selftests/sgx/main.c | 24
1 file changed, 4 insertions(+), 20 deletions(-)
diff --git
In this scenario, there is no case where va_page is NULL, and
the error has been checked. The if condition statement here is
redundant, so remove the condition detection.
Signed-off-by: Tianjia Zhang
---
arch/x86/kernel/cpu/sgx/ioctl.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions
On 1/30/21 9:26 PM, Jarkko Sakkinen wrote:
On Sun, Jan 24, 2021 at 02:29:06PM +0800, Tianjia Zhang wrote:
In the function sgx_create_enclave(), the direct assignment
operation of attributes_mask determines that the ioctl PROVISION
operation must be executed after the ioctl CREATE operation
On 1/30/21 10:33 PM, Jarkko Sakkinen wrote:
On Sun, Jan 24, 2021 at 02:29:07PM +0800, Tianjia Zhang wrote:
In this scenario, there is no case where va_page is NULL, and
the error has been checked. The if condition statement here is
redundant, so remove the condition detection.
Signed-off-by
operly use upper and lower case letter, e.g. vDSO
instead of vdso.
Reply-To:
In-Reply-To: <20210124062907.88229-2-tianjia.zh...@linux.alibaba.com>
On Sun, Jan 24, 2021 at 02:29:03PM +0800, Tianjia Zhang wrote:
This patch uses the library function `getauxval(AT_SYSINFO_EHDR)`
inst
);
+
/*
* sprint_OID - Print an Object Identifier into a buffer
* @data: The encoded OID to print
Great job, I'm just curious why we need to add a new function, this
seems unnecessary, if possible, please add
Reviewed-by: Tianjia Zhang
Best regards,
Tianjia
keys, we change the selection
of the encoding type to be driven by the key's signature scheme rather
than by the hash type.
Signed-off-by: Stefan Berger
Reviewed-by: Vitaly Chikunov
Cc: Mimi Zohar
Cc: Dmitry Kasatkin
Cc: linux-integr...@vger.kernel.org
Cc: Vitaly Chikunov
Cc: Tianjia Zhan
On 1/21/21 6:37 AM, Jarkko Sakkinen wrote:
On Thu, Jan 21, 2021 at 12:34:49AM +0200, Jarkko Sakkinen wrote:
On Wed, Jan 20, 2021 at 11:57:18AM +0800, Tianjia Zhang wrote:
Hi,
On 1/20/21 4:05 AM, Sean Christopherson wrote:
On Mon, Jan 18, 2021, Tianjia Zhang wrote:
In function
On 1/21/21 1:47 AM, Sean Christopherson wrote:
On Wed, Jan 20, 2021, Tianjia Zhang wrote:
In this scenario, there is no case where va_page is NULL, and
the error has been checked. The if condition statement here is
redundant, so remove the condition detection.
Reported-by: Jia Zhang
the
function sgx_create_enclave() has been moved to the function
sgx_open() to avoid this restriction.
Signed-off-by: Tianjia Zhang
---
arch/x86/kernel/cpu/sgx/driver.c | 1 +
arch/x86/kernel/cpu/sgx/ioctl.c | 1 -
2 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu
:
* review suggested changes
Tianjia Zhang (5):
selftests/x86: Simplify the code to get vdso base address in sgx
x86/sgx: Optimize the locking range in sgx_sanitize_section()
x86/sgx: Optimize the free_cnt count in sgx_epc_section
x86/sgx: Allows ioctl PROVISION to execute before CREATE
page_list.
Suggested-by: Sean Christopherson
Signed-off-by: Tianjia Zhang
---
arch/x86/kernel/cpu/sgx/main.c | 11 ---
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c
index c519fc5f6948..4465912174fd 100644
--- a/arch
`, and then accumulates the count after the
successful execution of EREMOVE. This seems to be more reasonable,
free_cnt will also truly reflect the allocatable free pages in EPC.
Sined-off-by: Tianjia Zhang
Reviewed-by: Sean Christopherson
---
arch/x86/kernel/cpu/sgx/main.c | 2 +-
1 file chan
In this scenario, there is no case where va_page is NULL, and
the error has been checked. The if condition statement here is
redundant, so remove the condition detection.
Signed-off-by: Tianjia Zhang
---
arch/x86/kernel/cpu/sgx/ioctl.c | 8 +---
1 file changed, 5 insertions(+), 3 deletions
This patch uses the library function `getauxval(AT_SYSINFO_EHDR)`
instead of the custom function `vdso_get_base_addr` to obtain the
base address of vDSO, which will simplify the code implementation.
Signed-off-by: Tianjia Zhang
---
tools/testing/selftests/sgx/main.c | 24
On 1/15/21 5:23 PM, Jarkko Sakkinen wrote:
On Thu, Jan 14, 2021 at 12:12:16PM +0800, Tianjia Zhang wrote:
On 1/14/21 10:51 AM, Jarkko Sakkinen wrote:
On Wed, Jan 13, 2021 at 08:00:21PM +0800, Tianjia Zhang wrote:
In tpm_tis_core_init(), tpm2_probe() will be called first, this
function
and more flexibly.
Reported-by: Jia Zhang
Suggested-by: Sean Christopherson
Signed-off-by: Tianjia Zhang
---
arch/x86/kernel/cpu/sgx/driver.c | 3 +++
arch/x86/kernel/cpu/sgx/ioctl.c | 1 -
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/sgx/driver.c b/arch
Hi,
On 1/20/21 4:05 AM, Sean Christopherson wrote:
On Mon, Jan 18, 2021, Tianjia Zhang wrote:
In function sgx_encl_create(), the logic of directly assigning
value to attributes_mask determines that the call to
SGX_IOC_ENCLAVE_PROVISION must be after the command of
SGX_IOC_ENCLAVE_CREATE. If
ggested-by: Sean Christopherson
Reviewed-by: Sean Christopherson
Signed-off-by: Tianjia Zhang
---
arch/x86/kernel/cpu/sgx/main.c | 13 +++--
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c
index c519fc5f6948..34a
In this scenario, there is no case where va_page is NULL, and
the error has been checked. The if condition statement here is
redundant, so remove the condition detection.
Reported-by: Jia Zhang
Suggested-by: Sean Christopherson
Signed-off-by: Tianjia Zhang
---
arch/x86/kernel/cpu/sgx/ioctl.c
Obviously, the error variable detection of the if statement is
for the mprotect callback function, so it is also put into the
scope of calling callbck.
Reported-by: Jia Zhang
Signed-off-by: Tianjia Zhang
---
mm/mprotect.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git
more flexibly.
Reported-by: Jia Zhang
Signed-off-by: Tianjia Zhang
---
arch/x86/kernel/cpu/sgx/ioctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c
index f45957c05f69..0ca3fc238bc2 100644
--- a/arch/x86
In this scenario, there is no case where va_page is NULL, and
the error has been checked. The if condition statement here is
redundant, so remove the condition detection.
Reported-by: Jia Zhang
Signed-off-by: Tianjia Zhang
---
arch/x86/kernel/cpu/sgx/ioctl.c | 5 ++---
1 file changed, 2
be reset by ksgxd.
Reported-by: Jia Zhang
Signed-off-by: Tianjia Zhang
---
arch/x86/kernel/cpu/sgx/main.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c
index c519fc5f6948..9e9a3cf7c00b 100644
--- a/arch/
The base address of vDSO can be obtained through the library function
`getauxval()`, so use `getauxval(AT_SYSINFO_EHDR)` instead of a custom
implementation to simplify the code.
Reported-by: Jia Zhang
Signed-off-by: Tianjia Zhang
---
tools/testing/selftests/sgx/main.c | 24
On 1/14/21 10:51 AM, Jarkko Sakkinen wrote:
On Wed, Jan 13, 2021 at 08:00:21PM +0800, Tianjia Zhang wrote:
In tpm_tis_core_init(), tpm2_probe() will be called first, this
function will eventually call tpm_tis_send(), and then
tpm_tis_probe_irq_single() will detect whether the interrupt is
tch solves this issue by introducing a new variable, which
is only used in interrupts, and irq_tested only marks whether the
interrupt test has been completed.
Signed-off-by: Tianjia Zhang
---
drivers/char/tpm/tpm_tis_core.c | 8
drivers/char/tpm/tpm_tis_core.h | 1 +
2 files changed
On 1/7/21 6:58 PM, David Howells wrote:
Tianjia Zhang wrote:
On the following call path, `sig->pkey_algo` is not assigned
in asymmetric_key_verify_signature(), which causes runtime
crash in public_key_verify_signature().
keyctl_pkey_verify
asymmetric_key_verify_signat
ply check this situation and fixes the crash
caused by NULL pointer.
Fixes: 215525639631 ("X.509: support OSCCA SM2-with-SM3 certificate
verification")
Cc: sta...@vger.kernel.org # v5.10+
Reported-by: Tobias Markus
Signed-off-by: Tianjia Zhang
---
crypto/asymmetric_keys/public_key.c |
On 11/30/20 10:24 AM, Herbert Xu wrote:
On Mon, Nov 30, 2020 at 10:21:56AM +0800, Tianjia Zhang wrote:
That is true only if there are non-generic implementations of
the algorithms, which is not the case here. Please explain the
real reason why this is needed.
This is a generic algorithm
Hi Herbert,
On 10/15/20 8:05 PM, Herbert Xu wrote:
On Thu, Oct 15, 2020 at 07:02:41PM +0800, Tianjia Zhang wrote:
All templates and generic algorithms have been registered in
subsys_initcall instead of module_init. The ecrdsa algorithm
happened to be missed. Here is a fix for it.
That is
The akcipher.h header file was originally introduced in SM2, and
then the definition of SM2 was moved to the existing code. This
header file is left and should be removed.
Signed-off-by: Tianjia Zhang
---
include/crypto/public_key.h | 1 -
1 file changed, 1 deletion(-)
diff --git a/include
All templates and generic algorithms have been registered in
subsys_initcall instead of module_init. The ecrdsa algorithm
happened to be missed. Here is a fix for it.
Cc: Vitaly Chikunov
Signed-off-by: Tianjia Zhang
---
crypto/ecrdsa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion
This is an algorithm optimization. The reset operation when
setting the public key is repeated and redundant, so remove it.
At the same time, `sm2_ecc_os2ec()` is optimized to make the
function more simpler and more in line with the Linux code style.
Signed-off-by: Tianjia Zhang
---
crypto/sm2
Original KVM_SET_CPUID has removed NX on non-NX hosts as it did
before. but KVM_SET_CPUID2 does not. The two should be consistent.
Signed-off-by: Tianjia Zhang
---
arch/x86/kvm/cpuid.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index
On an error exit path, a negative error code should be returned
instead of a positive return value.
Fixes: 90b2d4f15ff7 ("ipmi_si: Remove hacks for adding a dummy platform
devices")
Cc: Corey Minyard
Signed-off-by: Tianjia Zhang
---
drivers/char/ipmi/ipmi_si_intf.c | 2 +-
1 file
When memory allocation fails, an appropriate return value
should be set.
Fixes: 215525639631 ("X.509: support OSCCA SM2-with-SM3 certificate
verification")
Signed-off-by: Tianjia Zhang
---
crypto/asymmetric_keys/public_key_sm2.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletio
The following commit has been merged into the timers/urgent branch of tip:
Commit-ID: 400d033f5a599120089b5f0c54d14d198499af5a
Gitweb:
https://git.kernel.org/tip/400d033f5a599120089b5f0c54d14d198499af5a
Author:Tianjia Zhang
AuthorDate:Sun, 02 Aug 2020 19:15:41 +08:00
Hi Herbert,
Thanks for your patch, The changes look good.
I have tested this patch, so,
Tested-by: Tianjia Zhang
Best regards,
Tianjia
On 9/25/20 4:19 PM, Herbert Xu wrote:
On Mon, Sep 21, 2020 at 12:20:55AM +0800, Tianjia Zhang wrote:
Expand the mpi library based on libgcrypt, and the ECC
Hi Herbert,
Thanks for your patch, I will do a test later.
By the way, did you add special compilation parameters? I compile
normally without warnings in gcc 6.5 and 9.3.
Best regards,
Tianjia
On 9/25/20 4:19 PM, Herbert Xu wrote:
On Mon, Sep 21, 2020 at 12:20:55AM +0800, Tianjia Zhang
On 9/21/20 2:49 AM, Hugh Dickins wrote:
On Mon, 21 Sep 2020, Tianjia Zhang wrote:
In function __shmem_file_setup(), shmem_unacct_size() is forgotten
on the failed path, so add it.
Fixes: 93dec2da7b234 ("... and switch shmem_file_setup() to
alloc_file_pseudo()")
Cc: Al Viro
Sig
In function __shmem_file_setup(), shmem_unacct_size() is forgotten
on the failed path, so add it.
Fixes: 93dec2da7b234 ("... and switch shmem_file_setup() to
alloc_file_pseudo()")
Cc: Al Viro
Signed-off-by: Tianjia Zhang
---
mm/shmem.c | 4 +++-
1 file changed, 3 insertions(+),
When the 'key' allocation fails, the 'req' will not be released,
which will cause memory leakage on this path. This patch adds a
'free_req' tag used to solve this problem, and two new err values
are added to reflect the real reason of the error.
Signed-off-by: Tianji
calculate ZA. Finally calculate the digest of the
signature and complete the verification work. The calculation
process of ZA is declared in specifications GM/T 0009-2012
and GM/T 0003.2-2012.
Signed-off-by: Tianjia Zhang
Tested-by: Xufeng Zhang
Reviewed-by: Gilad Ben-Yossef
---
crypto
achieve the test purpose.
Signed-off-by: Tianjia Zhang
Tested-by: Xufeng Zhang
---
crypto/testmgr.c | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 23c27fc96394..cd002a030af5 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
oscca: http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
scctc: http://www.gmbz.org.cn/main/bzlb.html
Signed-off-by: Tianjia Zhang
Tested-by: Xufeng Zhang
---
crypto/Kconfig | 17 ++
crypto/Makefile | 8
Expand the mpi library based on libgcrypt, and the ECC algorithm of
mpi based on libgcrypt requires these functions.
Some other algorithms will be developed based on mpi ecc, such as SM2.
Signed-off-by: Tianjia Zhang
Tested-by: Xufeng Zhang
---
include/linux/mpi.h| 87 +++
lib/mpi
Add testmgr test vectors for SM2 algorithm. These vectors come
from `openssl pkeyutl -sign` and libgcrypt.
Signed-off-by: Tianjia Zhang
Tested-by: Xufeng Zhang
---
crypto/testmgr.c | 6 +
crypto/testmgr.h | 59
2 files changed, 65
standard elliptic curve public key, and the sm2
algorithm signs the hash generated by sm3.
Signed-off-by: Tianjia Zhang
Tested-by: Xufeng Zhang
Reviewed-by: Vitaly Chikunov
---
crypto/asymmetric_keys/x509_cert_parser.c | 27 ++-
include/linux/oid_registry.h | 6
Both crypto_sm3_update and crypto_sm3_finup have been
exported, exporting crypto_sm3_final, to avoid having to
use crypto_sm3_finup(desc, NULL, 0, dgst) to calculate
the hash in some cases.
Signed-off-by: Tianjia Zhang
Tested-by: Xufeng Zhang
---
crypto/sm3_generic.c | 7 ---
include
Asymmetric digsig supports SM2-with-SM3 algorithm combination,
so that IMA can also verify SM2's signature data.
Signed-off-by: Tianjia Zhang
Tested-by: Xufeng Zhang
Reviewed-by: Mimi Zohar
Reviewed-by: Vitaly Chikunov
---
security/integrity/digsig_asymmetric.c | 14 +++---
1
3. rebase on mainline.
v2 changes:
1. simplify the sm2 algorithm and only retain the verify function.
2. extract the sm2 certificate code into a separate file.
Tianjia Zhang (10):
crypto: sm3 - export crypto_sm3_final function
lib/mpi: Extend the MPI library
lib/mpi: Introduce ec implem
The implementation of EC is introduced from libgcrypt as the
basic algorithm of elliptic curve, which can be more perfectly
integrated with MPI implementation.
Some other algorithms will be developed based on mpi ecc, such as SM2.
Signed-off-by: Tianjia Zhang
Tested-by: Xufeng Zhang
On 9/18/20 2:47 PM, Herbert Xu wrote:
On Thu, Sep 03, 2020 at 09:12:39PM +0800, Tianjia Zhang wrote:
Some asymmetric algorithms will get different ciphertext after
each encryption, such as SM2, and let testmgr support the testing
of such algorithms.
In struct akcipher_testvec, set c and
LGTM.
Reviewed-by: Tianjia Zhang
Thanks.
On 9/9/20 11:41 PM, Li Qiang wrote:
Free the 'page_list' when the 'npages' is zero.
Signed-off-by: Li Qiang
---
drivers/vhost/vdpa.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/vhost/vd
LGTM.
Reviewed-by: Tianjia Zhang
On 9/17/20 11:44 AM, Xiaoliang Pang wrote:
modify the return error value is -EDOM
Fixes: 2cac05dee6e30("drm/amd/powerplay: add the hw manager for vega12 (v4)")
Cc: Evan Quan
Signed-off-by: Xiaoliang Pang
---
.../staging/media/atomisp/pci/runtime
Hi,
On 9/11/20 12:24 PM, Herbert Xu wrote:
On Thu, Sep 03, 2020 at 09:12:34PM +0800, Tianjia Zhang wrote:
---
v6 changes:
1. remove mpi_sub_ui function from mpi library.
2. rebase on mainline.
This series is still missing acks for patches 6-8. Without them
it cannot proceed.
Thanks
Hi Gilad,
On 9/13/20 3:12 PM, Gilad Ben-Yossef wrote:
Hi,
On Thu, Sep 3, 2020 at 4:13 PM Tianjia Zhang
wrote:
The digital certificate format based on SM2 crypto algorithm as
specified in GM/T 0015-2012. It was published by State Encryption
Management Bureau, China.
The method of
standard elliptic curve public key, and the sm2
algorithm signs the hash generated by sm3.
Signed-off-by: Tianjia Zhang
Tested-by: Xufeng Zhang
---
crypto/asymmetric_keys/x509_cert_parser.c | 14 +-
include/linux/oid_registry.h | 6 ++
2 files changed, 19 insertions
://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
oscca: http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
scctc: http://www.gmbz.org.cn/main/bzlb.html
Signed-off-by: Tianjia Zhang
Tested-by: Xufeng Zhang
---
crypto/Kconfig | 17 ++
crypto/Makefile | 8
calculate ZA. Finally calculate the digest of the
signature and complete the verification work. The calculation
process of ZA is declared in specifications GM/T 0009-2012
and GM/T 0003.2-2012.
Signed-off-by: Tianjia Zhang
Tested-by: Xufeng Zhang
---
crypto/asymmetric_keys/Makefile | 1
achieve the test purpose.
Signed-off-by: Tianjia Zhang
Tested-by: Xufeng Zhang
---
crypto/testmgr.c | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 23c27fc96394..cd002a030af5 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
ate code into a separate file.
Tianjia Zhang (8):
crypto: sm3 - export crypto_sm3_final function
lib/mpi: Extend the MPI library
lib/mpi: Introduce ec implementation to MPI library
crypto: sm2 - introduce OSCCA SM2 asymmetric cipher algorithm
crypto: testmgr - support test with different
1 - 100 of 183 matches
Mail list logo
