Message ID | 20210511174744.4f3c6c59@msk1wst204 |
---|---|
State | Accepted |
Commit | d35f42ca0778ed41c7b5243502b454b89cd699be |
Headers | show |
Series | pkcs7: support EC-RDSA/streebog in SignerInfo | expand |
On Tue, May 11, 2021 at 05:47:44PM +0300, Elvira Khabirova wrote: > Allow using EC-RDSA/streebog in pkcs7 certificates in a similar way > to how it's done in the x509 parser. > > This is needed e.g. for loading kernel modules signed with EC-RDSA. > > Signed-off-by: Elvira Khabirova <e.khabirova@omp.ru> Reviewed-by: Vitaly Chikunov <vt@altlinux.org> Thanks, > --- > crypto/asymmetric_keys/pkcs7_parser.c | 11 +++++++++++ > 1 file changed, 11 insertions(+) > > diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c > index 967329e0a07b..39c260a04167 100644 > --- a/crypto/asymmetric_keys/pkcs7_parser.c > +++ b/crypto/asymmetric_keys/pkcs7_parser.c > @@ -248,6 +248,12 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen, > case OID_sha224: > ctx->sinfo->sig->hash_algo = "sha224"; > break; > + case OID_gost2012Digest256: > + ctx->sinfo->sig->hash_algo = "streebog256"; > + break; > + case OID_gost2012Digest512: > + ctx->sinfo->sig->hash_algo = "streebog512"; > + break; > default: > printk("Unsupported digest algo: %u\n", ctx->last_oid); > return -ENOPKG; > @@ -269,6 +275,11 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen, > ctx->sinfo->sig->pkey_algo = "rsa"; > ctx->sinfo->sig->encoding = "pkcs1"; > break; > + case OID_gost2012PKey256: > + case OID_gost2012PKey512: > + ctx->sinfo->sig->pkey_algo = "ecrdsa"; > + ctx->sinfo->sig->encoding = "raw"; > + break; > default: > printk("Unsupported pkey algo: %u\n", ctx->last_oid); > return -ENOPKG; > -- > 2.25.1
Hi Elvira, On 5/11/21 10:47 PM, Elvira Khabirova wrote: > Allow using EC-RDSA/streebog in pkcs7 certificates in a similar way > to how it's done in the x509 parser. > > This is needed e.g. for loading kernel modules signed with EC-RDSA. > > Signed-off-by: Elvira Khabirova <e.khabirova@omp.ru> Reviewed-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> I sent a similar patch to support the SM2/3 algorithm combination, which happened to conflict with your patch. https://lkml.org/lkml/2021/6/24/248 If possible and you agree, I will put these two patches in a series and then resend. Cheers, Tianjia > --- > crypto/asymmetric_keys/pkcs7_parser.c | 11 +++++++++++ > 1 file changed, 11 insertions(+) > > diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c > index 967329e0a07b..39c260a04167 100644 > --- a/crypto/asymmetric_keys/pkcs7_parser.c > +++ b/crypto/asymmetric_keys/pkcs7_parser.c > @@ -248,6 +248,12 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen, > case OID_sha224: > ctx->sinfo->sig->hash_algo = "sha224"; > break; > + case OID_gost2012Digest256: > + ctx->sinfo->sig->hash_algo = "streebog256"; > + break; > + case OID_gost2012Digest512: > + ctx->sinfo->sig->hash_algo = "streebog512"; > + break; > default: > printk("Unsupported digest algo: %u\n", ctx->last_oid); > return -ENOPKG; > @@ -269,6 +275,11 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen, > ctx->sinfo->sig->pkey_algo = "rsa"; > ctx->sinfo->sig->encoding = "pkcs1"; > break; > + case OID_gost2012PKey256: > + case OID_gost2012PKey512: > + ctx->sinfo->sig->pkey_algo = "ecrdsa"; > + ctx->sinfo->sig->encoding = "raw"; > + break; > default: > printk("Unsupported pkey algo: %u\n", ctx->last_oid); > return -ENOPKG; >
ping. On 5/11/21 10:47 PM, Elvira Khabirova wrote: > Allow using EC-RDSA/streebog in pkcs7 certificates in a similar way > to how it's done in the x509 parser. > > This is needed e.g. for loading kernel modules signed with EC-RDSA. > > Signed-off-by: Elvira Khabirova <e.khabirova@omp.ru> > --- > crypto/asymmetric_keys/pkcs7_parser.c | 11 +++++++++++ > 1 file changed, 11 insertions(+) > > diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c > index 967329e0a07b..39c260a04167 100644 > --- a/crypto/asymmetric_keys/pkcs7_parser.c > +++ b/crypto/asymmetric_keys/pkcs7_parser.c > @@ -248,6 +248,12 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen, > case OID_sha224: > ctx->sinfo->sig->hash_algo = "sha224"; > break; > + case OID_gost2012Digest256: > + ctx->sinfo->sig->hash_algo = "streebog256"; > + break; > + case OID_gost2012Digest512: > + ctx->sinfo->sig->hash_algo = "streebog512"; > + break; > default: > printk("Unsupported digest algo: %u\n", ctx->last_oid); > return -ENOPKG; > @@ -269,6 +275,11 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen, > ctx->sinfo->sig->pkey_algo = "rsa"; > ctx->sinfo->sig->encoding = "pkcs1"; > break; > + case OID_gost2012PKey256: > + case OID_gost2012PKey512: > + ctx->sinfo->sig->pkey_algo = "ecrdsa"; > + ctx->sinfo->sig->encoding = "raw"; > + break; > default: > printk("Unsupported pkey algo: %u\n", ctx->last_oid); > return -ENOPKG; >
On Sat, 2021-09-18 at 10:39 +0800, Tianjia Zhang wrote: > ping. > > On 5/11/21 10:47 PM, Elvira Khabirova wrote: > > Allow using EC-RDSA/streebog in pkcs7 certificates in a similar way > > to how it's done in the x509 parser. > > > > This is needed e.g. for loading kernel modules signed with EC-RDSA. > > > > Signed-off-by: Elvira Khabirova <e.khabirova@omp.ru> > > --- > > crypto/asymmetric_keys/pkcs7_parser.c | 11 +++++++++++ > > 1 file changed, 11 insertions(+) > > > > diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c > > index 967329e0a07b..39c260a04167 100644 > > --- a/crypto/asymmetric_keys/pkcs7_parser.c > > +++ b/crypto/asymmetric_keys/pkcs7_parser.c > > @@ -248,6 +248,12 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen, > > case OID_sha224: > > ctx->sinfo->sig->hash_algo = "sha224"; > > break; > > + case OID_gost2012Digest256: > > + ctx->sinfo->sig->hash_algo = "streebog256"; > > + break; > > + case OID_gost2012Digest512: > > + ctx->sinfo->sig->hash_algo = "streebog512"; > > + break; > > default: > > printk("Unsupported digest algo: %u\n", ctx->last_oid); > > return -ENOPKG; > > @@ -269,6 +275,11 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen, > > ctx->sinfo->sig->pkey_algo = "rsa"; > > ctx->sinfo->sig->encoding = "pkcs1"; > > break; > > + case OID_gost2012PKey256: > > + case OID_gost2012PKey512: > > + ctx->sinfo->sig->pkey_algo = "ecrdsa"; > > + ctx->sinfo->sig->encoding = "raw"; > > + break; > > default: > > printk("Unsupported pkey algo: %u\n", ctx->last_oid); > > return -ENOPKG; > > Acked-by: Jarkko Sakkinen <jarkko@kernel.org> /Jarkko
diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c index 967329e0a07b..39c260a04167 100644 --- a/crypto/asymmetric_keys/pkcs7_parser.c +++ b/crypto/asymmetric_keys/pkcs7_parser.c @@ -248,6 +248,12 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen, case OID_sha224: ctx->sinfo->sig->hash_algo = "sha224"; break; + case OID_gost2012Digest256: + ctx->sinfo->sig->hash_algo = "streebog256"; + break; + case OID_gost2012Digest512: + ctx->sinfo->sig->hash_algo = "streebog512"; + break; default: printk("Unsupported digest algo: %u\n", ctx->last_oid); return -ENOPKG; @@ -269,6 +275,11 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen, ctx->sinfo->sig->pkey_algo = "rsa"; ctx->sinfo->sig->encoding = "pkcs1"; break; + case OID_gost2012PKey256: + case OID_gost2012PKey512: + ctx->sinfo->sig->pkey_algo = "ecrdsa"; + ctx->sinfo->sig->encoding = "raw"; + break; default: printk("Unsupported pkey algo: %u\n", ctx->last_oid); return -ENOPKG;
Allow using EC-RDSA/streebog in pkcs7 certificates in a similar way to how it's done in the x509 parser. This is needed e.g. for loading kernel modules signed with EC-RDSA. Signed-off-by: Elvira Khabirova <e.khabirova@omp.ru> --- crypto/asymmetric_keys/pkcs7_parser.c | 11 +++++++++++ 1 file changed, 11 insertions(+)