From: Vitaly Chikunov <vt@altlinux.org>
To: Elvira Khabirova <e.khabirova@omp.ru>
Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-crypto@vger.kernel.org, davem@davemloft.net,
herbert@gondor.apana.org.au, dhowells@redhat.com
Subject: Re: [PATCH] pkcs7: support EC-RDSA/streebog in SignerInfo
Date: Wed, 12 May 2021 17:23:46 +0300 [thread overview]
Message-ID: <20210512142346.kui3zeyheo7wlnwm@altlinux.org> (raw)
In-Reply-To: <20210511174744.4f3c6c59@msk1wst204>
On Tue, May 11, 2021 at 05:47:44PM +0300, Elvira Khabirova wrote:
> Allow using EC-RDSA/streebog in pkcs7 certificates in a similar way
> to how it's done in the x509 parser.
>
> This is needed e.g. for loading kernel modules signed with EC-RDSA.
>
> Signed-off-by: Elvira Khabirova <e.khabirova@omp.ru>
Reviewed-by: Vitaly Chikunov <vt@altlinux.org>
Thanks,
> ---
> crypto/asymmetric_keys/pkcs7_parser.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c
> index 967329e0a07b..39c260a04167 100644
> --- a/crypto/asymmetric_keys/pkcs7_parser.c
> +++ b/crypto/asymmetric_keys/pkcs7_parser.c
> @@ -248,6 +248,12 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen,
> case OID_sha224:
> ctx->sinfo->sig->hash_algo = "sha224";
> break;
> + case OID_gost2012Digest256:
> + ctx->sinfo->sig->hash_algo = "streebog256";
> + break;
> + case OID_gost2012Digest512:
> + ctx->sinfo->sig->hash_algo = "streebog512";
> + break;
> default:
> printk("Unsupported digest algo: %u\n", ctx->last_oid);
> return -ENOPKG;
> @@ -269,6 +275,11 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen,
> ctx->sinfo->sig->pkey_algo = "rsa";
> ctx->sinfo->sig->encoding = "pkcs1";
> break;
> + case OID_gost2012PKey256:
> + case OID_gost2012PKey512:
> + ctx->sinfo->sig->pkey_algo = "ecrdsa";
> + ctx->sinfo->sig->encoding = "raw";
> + break;
> default:
> printk("Unsupported pkey algo: %u\n", ctx->last_oid);
> return -ENOPKG;
> --
> 2.25.1
next prev parent reply other threads:[~2021-05-12 14:23 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-11 14:47 [PATCH] pkcs7: support EC-RDSA/streebog in SignerInfo Elvira Khabirova
2021-05-12 14:23 ` Vitaly Chikunov [this message]
2021-07-03 2:07 ` Tianjia Zhang
2021-09-18 2:39 ` Tianjia Zhang
2021-09-21 21:07 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210512142346.kui3zeyheo7wlnwm@altlinux.org \
--to=vt@altlinux.org \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=e.khabirova@omp.ru \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.