On Thu, Sep 08, 2022 at 09:00:32PM +0100, Ignat Korchagin wrote: > Kernel Key Retention Service[1] is a useful building block to build secure > production key management systems. One of its interesting features is > support for asymmetric keys: we can allow a process to use a certain key > (decrypt or sign data) without actually allowing the process to read the > cryptographic key material. By doing so we protect our code from certain > type of attacks, where a process memory memory leak actually leaks a > potentially highly sensitive cryptographic material. > > But unfortunately only RSA algorithm was supported until now, because > in-kernel ECDSA implementation supported signature verifications only. > > This patchset implements in-kernel ECDSA signature generation and adds > support for ECDSA signing in the key retention service. The key retention > service support was taken out of a previous unmerged patchset from Lei He[2] > > [1]: https://www.kernel.org/doc/html/latest/security/keys/core.html > [2]: https://patchwork.kernel.org/project/linux-crypto/list/?series=653034&state=* > > Ignat Korchagin (2): > crypto: add ECDSA signature generation support > crypto: add ECDSA test vectors from RFC 6979 > > lei he (2): > crypto: pkcs8 parser support ECDSA private keys > crypto: remove unused field in pkcs8_parse_context > > crypto/Kconfig | 3 +- > crypto/Makefile | 4 +- > crypto/asymmetric_keys/pkcs8.asn1 | 2 +- > crypto/asymmetric_keys/pkcs8_parser.c | 46 +++- > crypto/ecc.c | 9 +- > crypto/ecdsa.c | 373 +++++++++++++++++++++++++- > crypto/ecprivkey.asn1 | 6 + > crypto/testmgr.c | 18 ++ > crypto/testmgr.h | 333 +++++++++++++++++++++++ > include/crypto/internal/ecc.h | 11 + > 10 files changed, 788 insertions(+), 17 deletions(-) > create mode 100644 crypto/ecprivkey.asn1 > > -- > 2.36.1 I need acks for patches 3-4 from David. Thanks! -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt