mbox series

[v2,0/2] crypto: streebog - add Streebog hash function

Message ID 20181010121254.12220-1-vt@altlinux.org (mailing list archive)
Headers show
Series crypto: streebog - add Streebog hash function | expand

Message

Vitaly Chikunov Oct. 10, 2018, 12:12 p.m. UTC 
Add GOST/IETF Streebog hash function (GOST R 34.11-2012, RFC 6986)
generic hash transformation with appropriate testmgr and tcrypt
tests and vectors.

Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
cryptographic standard algorithms (called GOST algorithms).

References:
  https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
  https://tools.ietf.org/html/rfc6986

Tested using testmgr and tcrypt on x86_64, arm, arm64, and s390x on qemu.

Changes from v1:
- Fix of big-endian problem in add512.
- More architectures are tested, including big-endian and 32-bit.

Vitaly Chikunov (2):
  crypto: streebog - add Streebog hash function
  crypto: streebog - add Streebog test vectors

 crypto/Kconfig            |   12 +
 crypto/Makefile           |    1 +
 crypto/streebog_generic.c | 1142 +++++++++++++++++++++++++++++++++++++++++++++
 crypto/tcrypt.c           |   27 ++
 crypto/testmgr.c          |   12 +
 crypto/testmgr.h          |   71 +++
 include/crypto/streebog.h |   34 ++
 7 files changed, 1299 insertions(+)
 create mode 100644 crypto/streebog_generic.c
 create mode 100644 include/crypto/streebog.h

Comments

Herbert Xu Oct. 12, 2018, 6:16 a.m. UTC | #1 
On Wed, Oct 10, 2018 at 03:12:50PM +0300, Vitaly Chikunov wrote:
> Add GOST/IETF Streebog hash function (GOST R 34.11-2012, RFC 6986)
> generic hash transformation with appropriate testmgr and tcrypt
> tests and vectors.
> 
> Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
> cryptographic standard algorithms (called GOST algorithms).
> 
> References:
>   https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
>   https://tools.ietf.org/html/rfc6986
> 
> Tested using testmgr and tcrypt on x86_64, arm, arm64, and s390x on qemu.

We don't add algorithms purely used by user-space.

So please clarify who is going to be using this algorithm *within*
the kernel.

Thanks,
Vitaly Chikunov Oct. 12, 2018, 6:41 a.m. UTC | #2 
On Fri, Oct 12, 2018 at 02:16:59PM +0800, Herbert Xu wrote:
> On Wed, Oct 10, 2018 at 03:12:50PM +0300, Vitaly Chikunov wrote:
> > Add GOST/IETF Streebog hash function (GOST R 34.11-2012, RFC 6986)
> > generic hash transformation with appropriate testmgr and tcrypt
> > tests and vectors.
> > 
> > Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
> > cryptographic standard algorithms (called GOST algorithms).
> > 
> > References:
> >   https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
> >   https://tools.ietf.org/html/rfc6986
> > 
> > Tested using testmgr and tcrypt on x86_64, arm, arm64, and s390x on qemu.
> 
> We don't add algorithms purely used by user-space.
> 
> So please clarify who is going to be using this algorithm *within*
> the kernel.

It is the first part of attempts to add to the Integrity subsystem
ability of verifying file and module signatures by Russian GOST
algorithms.

Thanks,
Herbert Xu Oct. 17, 2018, 6:08 a.m. UTC | #3 
On Fri, Oct 12, 2018 at 09:41:05AM +0300, Vitaly Chikunov wrote:
>
> It is the first part of attempts to add to the Integrity subsystem
> ability of verifying file and module signatures by Russian GOST
> algorithms.

It would be better if these patches are posted together.  That
way we don't end up with a situation where the algorithm goes into
the kernel but the ultimate user is rejected.

Thanks,
Vitaly Chikunov Nov. 3, 2018, 5:51 a.m. UTC | #4 
Herbert,

On Wed, Oct 17, 2018 at 02:08:51PM +0800, Herbert Xu wrote:
> On Fri, Oct 12, 2018 at 09:41:05AM +0300, Vitaly Chikunov wrote:
> >
> > It is the first part of attempts to add to the Integrity subsystem
> > ability of verifying file and module signatures by Russian GOST
> > algorithms.
> 
> It would be better if these patches are posted together.  That
> way we don't end up with a situation where the algorithm goes into
> the kernel but the ultimate user is rejected.

IMA does not need any particular patching inside of their subtree to
support new hash, because it is using any hash registered in Hash Info
which is still under crypto subtree. I added appropriate patch into v3
which is already posted a week ago, and tested it to work correctly with
ima_appraise=fix.

Thanks,
Mimi Zohar Nov. 5, 2018, 12:48 p.m. UTC | #5 
On Sat, 2018-11-03 at 08:51 +0300, Vitaly Chikunov wrote:
> Herbert,
> 
> On Wed, Oct 17, 2018 at 02:08:51PM +0800, Herbert Xu wrote:
> > On Fri, Oct 12, 2018 at 09:41:05AM +0300, Vitaly Chikunov wrote:
> > >
> > > It is the first part of attempts to add to the Integrity subsystem
> > > ability of verifying file and module signatures by Russian GOST
> > > algorithms.
> > 
> > It would be better if these patches are posted together.  That
> > way we don't end up with a situation where the algorithm goes into
> > the kernel but the ultimate user is rejected.
> 
> IMA does not need any particular patching inside of their subtree to
> support new hash, because it is using any hash registered in Hash Info
> which is still under crypto subtree. I added appropriate patch into v3
> which is already posted a week ago, and tested it to work correctly with
> ima_appraise=fix.

That's true, but the target subsystem should be made aware of the new
usage.

Thanks, Herbert.

Mimi
Vitaly Chikunov Nov. 5, 2018, 12:55 p.m. UTC | #6 
Mimi,

On Mon, Nov 05, 2018 at 07:48:33AM -0500, Mimi Zohar wrote:
> On Sat, 2018-11-03 at 08:51 +0300, Vitaly Chikunov wrote:
> > On Wed, Oct 17, 2018 at 02:08:51PM +0800, Herbert Xu wrote:
> > > On Fri, Oct 12, 2018 at 09:41:05AM +0300, Vitaly Chikunov wrote:
> > > >
> > > > It is the first part of attempts to add to the Integrity subsystem
> > > > ability of verifying file and module signatures by Russian GOST
> > > > algorithms.
> > > 
> > > It would be better if these patches are posted together.  That
> > > way we don't end up with a situation where the algorithm goes into
> > > the kernel but the ultimate user is rejected.
> > 
> > IMA does not need any particular patching inside of their subtree to
> > support new hash, because it is using any hash registered in Hash Info
> > which is still under crypto subtree. I added appropriate patch into v3
> > which is already posted a week ago, and tested it to work correctly with
> > ima_appraise=fix.
> 
> That's true, but the target subsystem should be made aware of the new
> usage.

Did you mean by re-sending the patch with Cc to linux-integrity? Or
something more?

Thanks,
Mimi Zohar Nov. 5, 2018, 1:01 p.m. UTC | #7 
On Mon, 2018-11-05 at 15:55 +0300, Vitaly Chikunov wrote:
> Mimi,
> 
> On Mon, Nov 05, 2018 at 07:48:33AM -0500, Mimi Zohar wrote:
> > On Sat, 2018-11-03 at 08:51 +0300, Vitaly Chikunov wrote:
> > > On Wed, Oct 17, 2018 at 02:08:51PM +0800, Herbert Xu wrote:
> > > > On Fri, Oct 12, 2018 at 09:41:05AM +0300, Vitaly Chikunov wrote:
> > > > >
> > > > > It is the first part of attempts to add to the Integrity subsystem
> > > > > ability of verifying file and module signatures by Russian GOST
> > > > > algorithms.
> > > > 
> > > > It would be better if these patches are posted together.  That
> > > > way we don't end up with a situation where the algorithm goes into
> > > > the kernel but the ultimate user is rejected.
> > > 
> > > IMA does not need any particular patching inside of their subtree to
> > > support new hash, because it is using any hash registered in Hash Info
> > > which is still under crypto subtree. I added appropriate patch into v3
> > > which is already posted a week ago, and tested it to work correctly with
> > > ima_appraise=fix.
> > 
> > That's true, but the target subsystem should be made aware of the new
> > usage.
> 
> Did you mean by re-sending the patch with Cc to linux-integrity? Or
> something more?

Just as future reference.  For now, please feel free to add my
Reviewed-by on the "crypto: streebog - register Streebog in hash info
for IMA" patch.

Mimi