From: Jarkko Sakkinen <jarkko@kernel.org>
To: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Cc: David Howells <dhowells@redhat.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
Elvira Khabirova <e.khabirova@omp.ru>,
Vitaly Chikunov <vt@altlinux.org>,
Stefan Berger <stefanb@linux.ibm.com>,
keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v4 2/2 RESEND] pkcs7: support EC-RDSA/streebog in SignerInfo
Date: Tue, 28 Jun 2022 02:17:02 +0300 [thread overview]
Message-ID: <Yro6btp1iF4plBk/@kernel.org> (raw)
In-Reply-To: <20220627092142.21095-3-tianjia.zhang@linux.alibaba.com>
On Mon, Jun 27, 2022 at 05:21:42PM +0800, Tianjia Zhang wrote:
> From: Elvira Khabirova <e.khabirova@omp.ru>
>
> Allow using EC-RDSA/streebog in pkcs7 certificates in a similar way
> to how it's done in the x509 parser.
>
> This is needed e.g. for loading kernel modules signed with EC-RDSA.
>
> Signed-off-by: Elvira Khabirova <e.khabirova@omp.ru>
> Reviewed-by: Vitaly Chikunov <vt@altlinux.org>
> Reviewed-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
> ---
> crypto/asymmetric_keys/pkcs7_parser.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c
> index 24e2e4a6d842..277482bb1777 100644
> --- a/crypto/asymmetric_keys/pkcs7_parser.c
> +++ b/crypto/asymmetric_keys/pkcs7_parser.c
> @@ -251,6 +251,12 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen,
> case OID_sm3:
> ctx->sinfo->sig->hash_algo = "sm3";
> break;
> + case OID_gost2012Digest256:
> + ctx->sinfo->sig->hash_algo = "streebog256";
> + break;
> + case OID_gost2012Digest512:
> + ctx->sinfo->sig->hash_algo = "streebog512";
> + break;
> default:
> printk("Unsupported digest algo: %u\n", ctx->last_oid);
> return -ENOPKG;
> @@ -284,6 +290,11 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen,
> ctx->sinfo->sig->pkey_algo = "sm2";
> ctx->sinfo->sig->encoding = "raw";
> break;
> + case OID_gost2012PKey256:
> + case OID_gost2012PKey512:
> + ctx->sinfo->sig->pkey_algo = "ecrdsa";
> + ctx->sinfo->sig->encoding = "raw";
> + break;
> default:
> printk("Unsupported pkey algo: %u\n", ctx->last_oid);
> return -ENOPKG;
> --
> 2.24.3 (Apple Git-128)
>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
BR, Jarkko
next prev parent reply other threads:[~2022-06-27 23:19 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-27 9:21 [PATCH v4 0/2 RESEND] pkcs7: support SM2/SM3 and EC-RDSA/streebog algorithms Tianjia Zhang
2022-06-27 9:21 ` [PATCH v4 1/2 RESEND] pkcs7: parser support SM2 and SM3 algorithms combination Tianjia Zhang
2022-06-27 9:21 ` [PATCH v4 2/2 RESEND] pkcs7: support EC-RDSA/streebog in SignerInfo Tianjia Zhang
2022-06-27 23:17 ` Jarkko Sakkinen [this message]
2022-06-29 2:31 ` Jarkko Sakkinen
2022-06-29 4:12 ` Tianjia Zhang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yro6btp1iF4plBk/@kernel.org \
--to=jarkko@kernel.org \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=e.khabirova@omp.ru \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stefanb@linux.ibm.com \
--cc=tianjia.zhang@linux.alibaba.com \
--cc=vt@altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.