[PATCH v4 0/2 RESEND] pkcs7: support SM2/SM3 and EC-RDSA/streebog algorithms

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH v4 0/2 RESEND] pkcs7: support SM2/SM3 and EC-RDSA/streebog algorithms
@ 2022-06-27  9:21 Tianjia Zhang
  2022-06-27  9:21 ` [PATCH v4 1/2 RESEND] pkcs7: parser support SM2 and SM3 algorithms combination Tianjia Zhang
  2022-06-27  9:21 ` [PATCH v4 2/2 RESEND] pkcs7: support EC-RDSA/streebog in SignerInfo Tianjia Zhang
  0 siblings, 2 replies; 6+ messages in thread
From: Tianjia Zhang @ 2022-06-27  9:21 UTC (permalink / raw)
  To: Jarkko Sakkinen, David Howells, Herbert Xu, David S. Miller,
	Elvira Khabirova, Vitaly Chikunov, Stefan Berger, keyrings,
	linux-crypto, linux-kernel
  Cc: Tianjia Zhang

This series of patches integrates the two patches sended separately,
resolves the conflict, and rebases on the latest code.

The two patches respectively support the SM2/SM3 and EC-RDSA/streebog
algorithm combinations for the pkcs7 parser.

Elvira Khabirova (1):
  pkcs7: support EC-RDSA/streebog in SignerInfo

Tianjia Zhang (1):
  pkcs7: parser support SM2 and SM3 algorithms combination

 crypto/asymmetric_keys/pkcs7_parser.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

-- 
2.24.3 (Apple Git-128)


^ permalink raw reply	[flat|nested] 6+ messages in thread

* [PATCH v4 1/2 RESEND] pkcs7: parser support SM2 and SM3 algorithms combination
  2022-06-27  9:21 [PATCH v4 0/2 RESEND] pkcs7: support SM2/SM3 and EC-RDSA/streebog algorithms Tianjia Zhang
@ 2022-06-27  9:21 ` Tianjia Zhang
  2022-06-27  9:21 ` [PATCH v4 2/2 RESEND] pkcs7: support EC-RDSA/streebog in SignerInfo Tianjia Zhang
  1 sibling, 0 replies; 6+ messages in thread
From: Tianjia Zhang @ 2022-06-27  9:21 UTC (permalink / raw)
  To: Jarkko Sakkinen, David Howells, Herbert Xu, David S. Miller,
	Elvira Khabirova, Vitaly Chikunov, Stefan Berger, keyrings,
	linux-crypto, linux-kernel
  Cc: Tianjia Zhang

Support parsing the message signature of the SM2 and SM3 algorithm
combination. This group of algorithms has been well supported. One
of the main users is module signature verification.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Vitaly Chikunov <vt@altlinux.org>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
---
 crypto/asymmetric_keys/pkcs7_parser.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c
index 6592279d839a..24e2e4a6d842 100644
--- a/crypto/asymmetric_keys/pkcs7_parser.c
+++ b/crypto/asymmetric_keys/pkcs7_parser.c
@@ -248,6 +248,9 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen,
 	case OID_sha224:
 		ctx->sinfo->sig->hash_algo = "sha224";
 		break;
+	case OID_sm3:
+		ctx->sinfo->sig->hash_algo = "sm3";
+		break;
 	default:
 		printk("Unsupported digest algo: %u\n", ctx->last_oid);
 		return -ENOPKG;
@@ -277,6 +280,10 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen,
 		ctx->sinfo->sig->pkey_algo = "ecdsa";
 		ctx->sinfo->sig->encoding = "x962";
 		break;
+	case OID_SM2_with_SM3:
+		ctx->sinfo->sig->pkey_algo = "sm2";
+		ctx->sinfo->sig->encoding = "raw";
+		break;
 	default:
 		printk("Unsupported pkey algo: %u\n", ctx->last_oid);
 		return -ENOPKG;
-- 
2.24.3 (Apple Git-128)


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [PATCH v4 2/2 RESEND] pkcs7: support EC-RDSA/streebog in SignerInfo
  2022-06-27  9:21 [PATCH v4 0/2 RESEND] pkcs7: support SM2/SM3 and EC-RDSA/streebog algorithms Tianjia Zhang
  2022-06-27  9:21 ` [PATCH v4 1/2 RESEND] pkcs7: parser support SM2 and SM3 algorithms combination Tianjia Zhang
@ 2022-06-27  9:21 ` Tianjia Zhang
  2022-06-27 23:17   ` Jarkko Sakkinen
  2022-06-29  2:31   ` Jarkko Sakkinen
  1 sibling, 2 replies; 6+ messages in thread
From: Tianjia Zhang @ 2022-06-27  9:21 UTC (permalink / raw)
  To: Jarkko Sakkinen, David Howells, Herbert Xu, David S. Miller,
	Elvira Khabirova, Vitaly Chikunov, Stefan Berger, keyrings,
	linux-crypto, linux-kernel
  Cc: Tianjia Zhang

From: Elvira Khabirova <e.khabirova@omp.ru>

Allow using EC-RDSA/streebog in pkcs7 certificates in a similar way
to how it's done in the x509 parser.

This is needed e.g. for loading kernel modules signed with EC-RDSA.

Signed-off-by: Elvira Khabirova <e.khabirova@omp.ru>
Reviewed-by: Vitaly Chikunov <vt@altlinux.org>
Reviewed-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
---
 crypto/asymmetric_keys/pkcs7_parser.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c
index 24e2e4a6d842..277482bb1777 100644
--- a/crypto/asymmetric_keys/pkcs7_parser.c
+++ b/crypto/asymmetric_keys/pkcs7_parser.c
@@ -251,6 +251,12 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen,
 	case OID_sm3:
 		ctx->sinfo->sig->hash_algo = "sm3";
 		break;
+	case OID_gost2012Digest256:
+		ctx->sinfo->sig->hash_algo = "streebog256";
+		break;
+	case OID_gost2012Digest512:
+		ctx->sinfo->sig->hash_algo = "streebog512";
+		break;
 	default:
 		printk("Unsupported digest algo: %u\n", ctx->last_oid);
 		return -ENOPKG;
@@ -284,6 +290,11 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen,
 		ctx->sinfo->sig->pkey_algo = "sm2";
 		ctx->sinfo->sig->encoding = "raw";
 		break;
+	case OID_gost2012PKey256:
+	case OID_gost2012PKey512:
+		ctx->sinfo->sig->pkey_algo = "ecrdsa";
+		ctx->sinfo->sig->encoding = "raw";
+		break;
 	default:
 		printk("Unsupported pkey algo: %u\n", ctx->last_oid);
 		return -ENOPKG;
-- 
2.24.3 (Apple Git-128)


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH v4 2/2 RESEND] pkcs7: support EC-RDSA/streebog in SignerInfo
  2022-06-27  9:21 ` [PATCH v4 2/2 RESEND] pkcs7: support EC-RDSA/streebog in SignerInfo Tianjia Zhang
@ 2022-06-27 23:17   ` Jarkko Sakkinen
  2022-06-29  2:31   ` Jarkko Sakkinen
  1 sibling, 0 replies; 6+ messages in thread
From: Jarkko Sakkinen @ 2022-06-27 23:17 UTC (permalink / raw)
  To: Tianjia Zhang
  Cc: David Howells, Herbert Xu, David S. Miller, Elvira Khabirova,
	Vitaly Chikunov, Stefan Berger, keyrings, linux-crypto,
	linux-kernel

On Mon, Jun 27, 2022 at 05:21:42PM +0800, Tianjia Zhang wrote:
> From: Elvira Khabirova <e.khabirova@omp.ru>
> 
> Allow using EC-RDSA/streebog in pkcs7 certificates in a similar way
> to how it's done in the x509 parser.
> 
> This is needed e.g. for loading kernel modules signed with EC-RDSA.
> 
> Signed-off-by: Elvira Khabirova <e.khabirova@omp.ru>
> Reviewed-by: Vitaly Chikunov <vt@altlinux.org>
> Reviewed-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
> ---
>  crypto/asymmetric_keys/pkcs7_parser.c | 11 +++++++++++
>  1 file changed, 11 insertions(+)
> 
> diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c
> index 24e2e4a6d842..277482bb1777 100644
> --- a/crypto/asymmetric_keys/pkcs7_parser.c
> +++ b/crypto/asymmetric_keys/pkcs7_parser.c
> @@ -251,6 +251,12 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen,
>  	case OID_sm3:
>  		ctx->sinfo->sig->hash_algo = "sm3";
>  		break;
> +	case OID_gost2012Digest256:
> +		ctx->sinfo->sig->hash_algo = "streebog256";
> +		break;
> +	case OID_gost2012Digest512:
> +		ctx->sinfo->sig->hash_algo = "streebog512";
> +		break;
>  	default:
>  		printk("Unsupported digest algo: %u\n", ctx->last_oid);
>  		return -ENOPKG;
> @@ -284,6 +290,11 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen,
>  		ctx->sinfo->sig->pkey_algo = "sm2";
>  		ctx->sinfo->sig->encoding = "raw";
>  		break;
> +	case OID_gost2012PKey256:
> +	case OID_gost2012PKey512:
> +		ctx->sinfo->sig->pkey_algo = "ecrdsa";
> +		ctx->sinfo->sig->encoding = "raw";
> +		break;
>  	default:
>  		printk("Unsupported pkey algo: %u\n", ctx->last_oid);
>  		return -ENOPKG;
> -- 
> 2.24.3 (Apple Git-128)
> 


Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>

BR, Jarkko

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v4 2/2 RESEND] pkcs7: support EC-RDSA/streebog in SignerInfo
  2022-06-27  9:21 ` [PATCH v4 2/2 RESEND] pkcs7: support EC-RDSA/streebog in SignerInfo Tianjia Zhang
  2022-06-27 23:17   ` Jarkko Sakkinen
@ 2022-06-29  2:31   ` Jarkko Sakkinen
  2022-06-29  4:12     ` Tianjia Zhang
  1 sibling, 1 reply; 6+ messages in thread
From: Jarkko Sakkinen @ 2022-06-29  2:31 UTC (permalink / raw)
  To: Tianjia Zhang
  Cc: David Howells, Herbert Xu, David S. Miller, Elvira Khabirova,
	Vitaly Chikunov, Stefan Berger, keyrings, linux-crypto,
	linux-kernel

On Mon, Jun 27, 2022 at 05:21:42PM +0800, Tianjia Zhang wrote:
> From: Elvira Khabirova <e.khabirova@omp.ru>
> 
> Allow using EC-RDSA/streebog in pkcs7 certificates in a similar way
> to how it's done in the x509 parser.
> 
> This is needed e.g. for loading kernel modules signed with EC-RDSA.
> 
> Signed-off-by: Elvira Khabirova <e.khabirova@omp.ru>
> Reviewed-by: Vitaly Chikunov <vt@altlinux.org>
> Reviewed-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
> ---
>  crypto/asymmetric_keys/pkcs7_parser.c | 11 +++++++++++
>  1 file changed, 11 insertions(+)
> 
> diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c
> index 24e2e4a6d842..277482bb1777 100644
> --- a/crypto/asymmetric_keys/pkcs7_parser.c
> +++ b/crypto/asymmetric_keys/pkcs7_parser.c
> @@ -251,6 +251,12 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen,
>  	case OID_sm3:
>  		ctx->sinfo->sig->hash_algo = "sm3";
>  		break;
> +	case OID_gost2012Digest256:
> +		ctx->sinfo->sig->hash_algo = "streebog256";
> +		break;
> +	case OID_gost2012Digest512:
> +		ctx->sinfo->sig->hash_algo = "streebog512";
> +		break;
>  	default:
>  		printk("Unsupported digest algo: %u\n", ctx->last_oid);
>  		return -ENOPKG;
> @@ -284,6 +290,11 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen,
>  		ctx->sinfo->sig->pkey_algo = "sm2";
>  		ctx->sinfo->sig->encoding = "raw";
>  		break;
> +	case OID_gost2012PKey256:
> +	case OID_gost2012PKey512:
> +		ctx->sinfo->sig->pkey_algo = "ecrdsa";
> +		ctx->sinfo->sig->encoding = "raw";
> +		break;
>  	default:
>  		printk("Unsupported pkey algo: %u\n", ctx->last_oid);
>  		return -ENOPKG;
> -- 
> 2.24.3 (Apple Git-128)
> 

Please, check:

git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git

BR, Jarkko

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v4 2/2 RESEND] pkcs7: support EC-RDSA/streebog in SignerInfo
  2022-06-29  2:31   ` Jarkko Sakkinen
@ 2022-06-29  4:12     ` Tianjia Zhang
  0 siblings, 0 replies; 6+ messages in thread
From: Tianjia Zhang @ 2022-06-29  4:12 UTC (permalink / raw)
  To: Jarkko Sakkinen
  Cc: David Howells, Herbert Xu, David S. Miller, Elvira Khabirova,
	Vitaly Chikunov, Stefan Berger, keyrings, linux-crypto,
	linux-kernel

Hi Jarkko,

On 6/29/22 10:31 AM, Jarkko Sakkinen wrote:
> On Mon, Jun 27, 2022 at 05:21:42PM +0800, Tianjia Zhang wrote:
>> From: Elvira Khabirova <e.khabirova@omp.ru>
>>
>> Allow using EC-RDSA/streebog in pkcs7 certificates in a similar way
>> to how it's done in the x509 parser.
>>
>> This is needed e.g. for loading kernel modules signed with EC-RDSA.
>>
>> Signed-off-by: Elvira Khabirova <e.khabirova@omp.ru>
>> Reviewed-by: Vitaly Chikunov <vt@altlinux.org>
>> Reviewed-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
>> ---
>>   crypto/asymmetric_keys/pkcs7_parser.c | 11 +++++++++++
>>   1 file changed, 11 insertions(+)
>>
>> diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c
>> index 24e2e4a6d842..277482bb1777 100644
>> --- a/crypto/asymmetric_keys/pkcs7_parser.c
>> +++ b/crypto/asymmetric_keys/pkcs7_parser.c
>> @@ -251,6 +251,12 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen,
>>   	case OID_sm3:
>>   		ctx->sinfo->sig->hash_algo = "sm3";
>>   		break;
>> +	case OID_gost2012Digest256:
>> +		ctx->sinfo->sig->hash_algo = "streebog256";
>> +		break;
>> +	case OID_gost2012Digest512:
>> +		ctx->sinfo->sig->hash_algo = "streebog512";
>> +		break;
>>   	default:
>>   		printk("Unsupported digest algo: %u\n", ctx->last_oid);
>>   		return -ENOPKG;
>> @@ -284,6 +290,11 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen,
>>   		ctx->sinfo->sig->pkey_algo = "sm2";
>>   		ctx->sinfo->sig->encoding = "raw";
>>   		break;
>> +	case OID_gost2012PKey256:
>> +	case OID_gost2012PKey512:
>> +		ctx->sinfo->sig->pkey_algo = "ecrdsa";
>> +		ctx->sinfo->sig->encoding = "raw";
>> +		break;
>>   	default:
>>   		printk("Unsupported pkey algo: %u\n", ctx->last_oid);
>>   		return -ENOPKG;
>> -- 
>> 2.24.3 (Apple Git-128)
>>
> 
> Please, check:
> 
> git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git
> 
> BR, Jarkko

Great work, thanks.

Best regards,
Tianjia

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2022-06-29  4:13 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-27  9:21 [PATCH v4 0/2 RESEND] pkcs7: support SM2/SM3 and EC-RDSA/streebog algorithms Tianjia Zhang
2022-06-27  9:21 ` [PATCH v4 1/2 RESEND] pkcs7: parser support SM2 and SM3 algorithms combination Tianjia Zhang
2022-06-27  9:21 ` [PATCH v4 2/2 RESEND] pkcs7: support EC-RDSA/streebog in SignerInfo Tianjia Zhang
2022-06-27 23:17   ` Jarkko Sakkinen
2022-06-29  2:31   ` Jarkko Sakkinen
2022-06-29  4:12     ` Tianjia Zhang

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.