Re: [PATCH 0/6] Add support for ECDSA algorithm

2017-08-23 Thread Tudor Ambarus 

Hi, Sandy,

On 08/22/2017 08:22 PM, Sandy Harris wrote:

On Tue, Aug 22, 2017 at 12:14 PM, Tudor Ambarus
 wrote:

Hi, Herbert,

On 02/02/2017 03:57 PM, Herbert Xu wrote:


Yes but RSA had an in-kernel user in the form of module signature
verification.  We don't add algorithms to the kernel without
actual users.  So this patch-set needs to come with an actual
in-kernel user of ECDSA.



ECDSA can be used by the kernel module signing facility too. Is there
any interest in using ECDSA by the kernel module signing facility?


I'd say keep it simple wherever possible; adding an algorithm should
need "is required by" not just "can be used by".

Even then, there is room for questions. In particular, whether such a
fragile algorithm should be trusted at all, let alone for signatures
on infrastructure modules that the whole OS will trust.
https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm#Security



ECDSA is a better alternative to RSA for digital signatures assuming
that you don't have implementation bugs.

ECDSA requires a much smaller key length in order to provide the same
security strength as RSA (see [1]):

security strength | RSA key length (bits) | ECDSA key lengths (bits)
   112   2048224-255
   128   3072256-383

When comparing to RSA, ECDSA promises better computational efficiency,
signature size and bandwith (see [2]).

Cheers,
ta

[1] NIST.SP.800-57pt1r4, section 5.6.1,  table 2
[2] rfc4754, rfc6979

Re: Re: [PATCH 0/6] Add support for ECDSA algorithm

2017-08-22 Thread Sandy Harris 
On Tue, Aug 22, 2017 at 12:14 PM, Tudor Ambarus
 wrote:
> Hi, Herbert,
>
> On 02/02/2017 03:57 PM, Herbert Xu wrote:
>>
>> Yes but RSA had an in-kernel user in the form of module signature
>> verification.  We don't add algorithms to the kernel without
>> actual users.  So this patch-set needs to come with an actual
>> in-kernel user of ECDSA.
>
>
> ECDSA can be used by the kernel module signing facility too. Is there
> any interest in using ECDSA by the kernel module signing facility?

I'd say keep it simple wherever possible; adding an algorithm should
need "is required by" not just "can be used by".

Even then, there is room for questions. In particular, whether such a
fragile algorithm should be trusted at all, let alone for signatures
on infrastructure modules that the whole OS will trust.
https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm#Security

Re: Re: [PATCH 0/6] Add support for ECDSA algorithm

2017-08-22 Thread Tudor Ambarus 

Hi, Herbert,

On 02/02/2017 03:57 PM, Herbert Xu wrote:

Yes but RSA had an in-kernel user in the form of module signature
verification.  We don't add algorithms to the kernel without
actual users.  So this patch-set needs to come with an actual
in-kernel user of ECDSA.


ECDSA can be used by the kernel module signing facility too. Is there
any interest in using ECDSA by the kernel module signing facility?

Thanks,
ta

Re: [PATCH 0/6] Add support for ECDSA algorithm

2017-02-06 Thread Stephan Müller 
Am Donnerstag, 2. Februar 2017, 21:57:21 CET schrieb Herbert Xu:

Hi Herbert,

> On Thu, Jan 26, 2017 at 11:30:04AM +0530, Nitin Kumbhar wrote:
> > This ECDSA implementation is analogous to the RSA kernel implementation
> > for
> > signature generation / verification. It extends ECC family of algorithms
> > like ECDH to support signature verification using akcipher. This will be
> > used in a way similar to RSA.
> 
> Yes but RSA had an in-kernel user in the form of module signature
> verification.  We don't add algorithms to the kernel without
> actual users.  So this patch-set needs to come with an actual
> in-kernel user of ECDSA.

If I understood correctly, the crypto API should also provide device drivers 
for cryptographic accelerators to user space. This would be of special 
importance for asymmetric ciphers considering their resource intense 
operation.

As for each HW implementation there should be a SW fallback, shouldn't ECDSA 
therefore be added?

Please note that I am currently updating algif_akcipher to be en-par with 
algif_skcipher and algif_aead, including an AIO operation.

Ciao
Stephan

Re: [PATCH 0/6] Add support for ECDSA algorithm

2017-02-03 Thread Nitin Kumbhar 

Hello Herbert,

On 2/2/2017 7:27 PM, Herbert Xu wrote:

On Thu, Jan 26, 2017 at 11:30:04AM +0530, Nitin Kumbhar wrote:


This ECDSA implementation is analogous to the RSA kernel implementation for
signature generation / verification. It extends ECC family of algorithms
like ECDH to support signature verification using akcipher. This will be
used in a way similar to RSA.


Yes but RSA had an in-kernel user in the form of module signature
verification.  We don't add algorithms to the kernel without
actual users.  So this patch-set needs to come with an actual
in-kernel user of ECDSA.


If this is about ECC in kernel then ECDSA extends ECDH which is from ECC 
and already part of kernel.


If none of the above are sufficient for now then let these patches come 
along with a consumer or let kernel add ECDSA based on akcipher as part 
of a crypto engine.


Nonetheless, how about rest of the vli and ECC patches?


Thanks,



Regards,
- Nitin

---
This email message is for the sole use of the intended recipient(s) and may 
contain
confidential information.  Any unauthorized review, use, disclosure or 
distribution
is prohibited.  If you are not the intended recipient, please contact the 
sender by
reply email and destroy all copies of the original message.
---

Re: [PATCH 0/6] Add support for ECDSA algorithm

2017-02-02 Thread Herbert Xu 
On Thu, Jan 26, 2017 at 11:30:04AM +0530, Nitin Kumbhar wrote:
> 
> This ECDSA implementation is analogous to the RSA kernel implementation for
> signature generation / verification. It extends ECC family of algorithms
> like ECDH to support signature verification using akcipher. This will be
> used in a way similar to RSA.

Yes but RSA had an in-kernel user in the form of module signature
verification.  We don't add algorithms to the kernel without
actual users.  So this patch-set needs to come with an actual
in-kernel user of ECDSA.

Thanks,
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH 0/6] Add support for ECDSA algorithm

2017-01-25 Thread Stephan Müller 
Am Donnerstag, 26. Januar 2017, 11:30:04 CET schrieb Nitin Kumbhar:

Hi Nitin,

> > Who is going to use this in the kernel?
> 
> This ECDSA implementation is analogous to the RSA kernel implementation
> for signature generation / verification. It extends ECC family of
> algorithms like ECDH to support signature verification using akcipher.
> This will be used in a way similar to RSA.

So, I guess that I should dust off algif_akcipher now.

Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 0/6] Add support for ECDSA algorithm

2017-01-25 Thread Nitin Kumbhar 

Hello Herbert,

On 1/23/2017 7:54 PM, Herbert Xu wrote:

On Fri, Jan 20, 2017 at 05:05:55PM +0530, Nitin Kumbhar wrote:

Hello,

This patch series adds support for Elliptic Curve Digital Signature
Algorithm (ECDSA). To reuse existing ECC functionality, which is
added as part of ECDH, it separates out ECC and ECDH so that
only ECC functionality is available for ECDSA even when ECDH is in
a disabled state.

Patch #1 restructures ECC and ECDH code such that ECC is not
dependent on ECDH config.

Patches #2 & #3 add vli and ecc functions which are required
for other Elliptic curve algorithms like ECDSA and ECIES.

Patch #4 adds support for ECDSA. This has been validated for P192
and P256 elliptic curves.

Patches #5 and #6 add ECDSA tests to validate ECDSA functionality
and measure ECDSA performance.


Who is going to use this in the kernel?


This ECDSA implementation is analogous to the RSA kernel implementation 
for signature generation / verification. It extends ECC family of 
algorithms like ECDH to support signature verification using akcipher. 
This will be used in a way similar to RSA.




Thanks,



Regards,
- Nitin

---
This email message is for the sole use of the intended recipient(s) and may 
contain
confidential information.  Any unauthorized review, use, disclosure or 
distribution
is prohibited.  If you are not the intended recipient, please contact the 
sender by
reply email and destroy all copies of the original message.
---
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 0/6] Add support for ECDSA algorithm

2017-01-23 Thread Herbert Xu 
On Fri, Jan 20, 2017 at 05:05:55PM +0530, Nitin Kumbhar wrote:
> Hello,
> 
> This patch series adds support for Elliptic Curve Digital Signature
> Algorithm (ECDSA). To reuse existing ECC functionality, which is
> added as part of ECDH, it separates out ECC and ECDH so that
> only ECC functionality is available for ECDSA even when ECDH is in
> a disabled state.
> 
> Patch #1 restructures ECC and ECDH code such that ECC is not
> dependent on ECDH config.
> 
> Patches #2 & #3 add vli and ecc functions which are required
> for other Elliptic curve algorithms like ECDSA and ECIES.
> 
> Patch #4 adds support for ECDSA. This has been validated for P192
> and P256 elliptic curves.
> 
> Patches #5 and #6 add ECDSA tests to validate ECDSA functionality
> and measure ECDSA performance.

Who is going to use this in the kernel?

Thanks,
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html