Changes from v1: * fixed code format Kernel Key Retention Service[1] is a useful building block to build secure production key management systems. One of its interesting features is support for asymmetric keys: we can allow a process to use a certain key (decrypt or sign data) without actually allowing the process to read the cryptographic key material. By doing so we protect our code from certain type of attacks, where a process memory memory leak actually leaks a potentially highly sensitive cryptographic material. But unfortunately only RSA algorithm was supported until now, because in-kernel ECDSA implementation supported signature verifications only. This patchset implements in-kernel ECDSA signature generation and adds support for ECDSA signing in the key retention service. The key retention service support was taken out of a previous unmerged patchset from Lei He[2] [1]: https://www.kernel.org/doc/html/latest/security/keys/core.html [2]: https://patchwork.kernel.org/project/linux-crypto/list/?series=653034&state=* Original posting: https://patchwork.kernel.org/project/keyrings/cover/20221014100737.94742-1-ignat@xxxxxxxxxxxxxx/ Ignat Korchagin (2): crypto: add ECDSA signature generation support crypto: add ECDSA test vectors from RFC 6979 lei he (2): crypto: pkcs8 parser support ECDSA private keys crypto: remove unused field in pkcs8_parse_context crypto/Kconfig | 3 +- crypto/Makefile | 4 +- crypto/asymmetric_keys/pkcs8.asn1 | 2 +- crypto/asymmetric_keys/pkcs8_parser.c | 46 +++- crypto/ecc.c | 19 +- crypto/ecdsa.c | 373 +++++++++++++++++++++++++- crypto/ecprivkey.asn1 | 6 + crypto/testmgr.c | 18 ++ crypto/testmgr.h | 333 +++++++++++++++++++++++ include/crypto/internal/ecc.h | 10 + 10 files changed, 792 insertions(+), 22 deletions(-) create mode 100644 crypto/ecprivkey.asn1 -- 2.30.2
