Message ID | 20220627092142.21095-3-tianjia.zhang@linux.alibaba.com |
---|---|
State | New |
Headers | show |
Series | pkcs7: support SM2/SM3 and EC-RDSA/streebog algorithms | expand |
On Mon, Jun 27, 2022 at 05:21:42PM +0800, Tianjia Zhang wrote: > From: Elvira Khabirova <e.khabirova@omp.ru> > > Allow using EC-RDSA/streebog in pkcs7 certificates in a similar way > to how it's done in the x509 parser. > > This is needed e.g. for loading kernel modules signed with EC-RDSA. > > Signed-off-by: Elvira Khabirova <e.khabirova@omp.ru> > Reviewed-by: Vitaly Chikunov <vt@altlinux.org> > Reviewed-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> > --- > crypto/asymmetric_keys/pkcs7_parser.c | 11 +++++++++++ > 1 file changed, 11 insertions(+) > > diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c > index 24e2e4a6d842..277482bb1777 100644 > --- a/crypto/asymmetric_keys/pkcs7_parser.c > +++ b/crypto/asymmetric_keys/pkcs7_parser.c > @@ -251,6 +251,12 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen, > case OID_sm3: > ctx->sinfo->sig->hash_algo = "sm3"; > break; > + case OID_gost2012Digest256: > + ctx->sinfo->sig->hash_algo = "streebog256"; > + break; > + case OID_gost2012Digest512: > + ctx->sinfo->sig->hash_algo = "streebog512"; > + break; > default: > printk("Unsupported digest algo: %u\n", ctx->last_oid); > return -ENOPKG; > @@ -284,6 +290,11 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen, > ctx->sinfo->sig->pkey_algo = "sm2"; > ctx->sinfo->sig->encoding = "raw"; > break; > + case OID_gost2012PKey256: > + case OID_gost2012PKey512: > + ctx->sinfo->sig->pkey_algo = "ecrdsa"; > + ctx->sinfo->sig->encoding = "raw"; > + break; > default: > printk("Unsupported pkey algo: %u\n", ctx->last_oid); > return -ENOPKG; > -- > 2.24.3 (Apple Git-128) > Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> BR, Jarkko
On Mon, Jun 27, 2022 at 05:21:42PM +0800, Tianjia Zhang wrote: > From: Elvira Khabirova <e.khabirova@omp.ru> > > Allow using EC-RDSA/streebog in pkcs7 certificates in a similar way > to how it's done in the x509 parser. > > This is needed e.g. for loading kernel modules signed with EC-RDSA. > > Signed-off-by: Elvira Khabirova <e.khabirova@omp.ru> > Reviewed-by: Vitaly Chikunov <vt@altlinux.org> > Reviewed-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> > --- > crypto/asymmetric_keys/pkcs7_parser.c | 11 +++++++++++ > 1 file changed, 11 insertions(+) > > diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c > index 24e2e4a6d842..277482bb1777 100644 > --- a/crypto/asymmetric_keys/pkcs7_parser.c > +++ b/crypto/asymmetric_keys/pkcs7_parser.c > @@ -251,6 +251,12 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen, > case OID_sm3: > ctx->sinfo->sig->hash_algo = "sm3"; > break; > + case OID_gost2012Digest256: > + ctx->sinfo->sig->hash_algo = "streebog256"; > + break; > + case OID_gost2012Digest512: > + ctx->sinfo->sig->hash_algo = "streebog512"; > + break; > default: > printk("Unsupported digest algo: %u\n", ctx->last_oid); > return -ENOPKG; > @@ -284,6 +290,11 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen, > ctx->sinfo->sig->pkey_algo = "sm2"; > ctx->sinfo->sig->encoding = "raw"; > break; > + case OID_gost2012PKey256: > + case OID_gost2012PKey512: > + ctx->sinfo->sig->pkey_algo = "ecrdsa"; > + ctx->sinfo->sig->encoding = "raw"; > + break; > default: > printk("Unsupported pkey algo: %u\n", ctx->last_oid); > return -ENOPKG; > -- > 2.24.3 (Apple Git-128) > Please, check: git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git BR, Jarkko
Hi Jarkko, On 6/29/22 10:31 AM, Jarkko Sakkinen wrote: > On Mon, Jun 27, 2022 at 05:21:42PM +0800, Tianjia Zhang wrote: >> From: Elvira Khabirova <e.khabirova@omp.ru> >> >> Allow using EC-RDSA/streebog in pkcs7 certificates in a similar way >> to how it's done in the x509 parser. >> >> This is needed e.g. for loading kernel modules signed with EC-RDSA. >> >> Signed-off-by: Elvira Khabirova <e.khabirova@omp.ru> >> Reviewed-by: Vitaly Chikunov <vt@altlinux.org> >> Reviewed-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> >> --- >> crypto/asymmetric_keys/pkcs7_parser.c | 11 +++++++++++ >> 1 file changed, 11 insertions(+) >> >> diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c >> index 24e2e4a6d842..277482bb1777 100644 >> --- a/crypto/asymmetric_keys/pkcs7_parser.c >> +++ b/crypto/asymmetric_keys/pkcs7_parser.c >> @@ -251,6 +251,12 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen, >> case OID_sm3: >> ctx->sinfo->sig->hash_algo = "sm3"; >> break; >> + case OID_gost2012Digest256: >> + ctx->sinfo->sig->hash_algo = "streebog256"; >> + break; >> + case OID_gost2012Digest512: >> + ctx->sinfo->sig->hash_algo = "streebog512"; >> + break; >> default: >> printk("Unsupported digest algo: %u\n", ctx->last_oid); >> return -ENOPKG; >> @@ -284,6 +290,11 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen, >> ctx->sinfo->sig->pkey_algo = "sm2"; >> ctx->sinfo->sig->encoding = "raw"; >> break; >> + case OID_gost2012PKey256: >> + case OID_gost2012PKey512: >> + ctx->sinfo->sig->pkey_algo = "ecrdsa"; >> + ctx->sinfo->sig->encoding = "raw"; >> + break; >> default: >> printk("Unsupported pkey algo: %u\n", ctx->last_oid); >> return -ENOPKG; >> -- >> 2.24.3 (Apple Git-128) >> > > Please, check: > > git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git > > BR, Jarkko Great work, thanks. Best regards, Tianjia
diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c index 24e2e4a6d842..277482bb1777 100644 --- a/crypto/asymmetric_keys/pkcs7_parser.c +++ b/crypto/asymmetric_keys/pkcs7_parser.c @@ -251,6 +251,12 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen, case OID_sm3: ctx->sinfo->sig->hash_algo = "sm3"; break; + case OID_gost2012Digest256: + ctx->sinfo->sig->hash_algo = "streebog256"; + break; + case OID_gost2012Digest512: + ctx->sinfo->sig->hash_algo = "streebog512"; + break; default: printk("Unsupported digest algo: %u\n", ctx->last_oid); return -ENOPKG; @@ -284,6 +290,11 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen, ctx->sinfo->sig->pkey_algo = "sm2"; ctx->sinfo->sig->encoding = "raw"; break; + case OID_gost2012PKey256: + case OID_gost2012PKey512: + ctx->sinfo->sig->pkey_algo = "ecrdsa"; + ctx->sinfo->sig->encoding = "raw"; + break; default: printk("Unsupported pkey algo: %u\n", ctx->last_oid); return -ENOPKG;