From: Denis Kenzior <denkenz@gmail.com>
To: ell@lists.linux.dev
Cc: Denis Kenzior <denkenz@gmail.com>
Subject: [PATCH v2 01/10] cert/key: Add support for EC based certificates
Date: Mon, 18 Jul 2022 13:00:36 -0500 [thread overview]
Message-ID: <20220718180045.5845-1-denkenz@gmail.com> (raw)
Mostly for use with Elliptic Curve (EC) Digital Signature
Algorithm (DSA) based certificates. Other combinations of EC +
signature algorithms are also possible.
This requires your kernel to be built with CRYPTO_ECDSA support.
---
NOTE: At the time this patch was created, kernel had to be patched with
the following fix in order for ECDSA support to function properly from
userspace:
https://lore.kernel.org/linux-crypto/20220715182810.30505-1-denkenz@gmail.com/
ell/cert.c | 18 ++++++++++++++++--
ell/cert.h | 1 +
ell/key.c | 1 +
ell/key.h | 1 +
4 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/ell/cert.c b/ell/cert.c
index 141ea1cec038..a158142445ec 100644
--- a/ell/cert.c
+++ b/ell/cert.c
@@ -77,7 +77,15 @@ static const struct pkcs1_encryption_oid {
} pkcs1_encryption_oids[] = {
{ /* rsaEncryption */
L_CERT_KEY_RSA,
- { 9, { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01 } },
+ { .asn1_len = 9, .asn1 = {
+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01 }
+ },
+ },
+ { /* ecPublicKey */
+ L_CERT_KEY_ECC,
+ { .asn1_len = 7, .asn1 = {
+ 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01 }
+ },
},
};
@@ -261,8 +269,14 @@ LIB_EXPORT struct l_key *l_cert_get_pubkey(struct l_cert *cert)
return NULL;
/* Use kernel's ASN.1 certificate parser to find the key data for us */
- if (cert->pubkey_type == L_CERT_KEY_RSA)
+ switch (cert->pubkey_type) {
+ case L_CERT_KEY_RSA:
return l_key_new(L_KEY_RSA, cert->asn1, cert->asn1_len);
+ case L_CERT_KEY_ECC:
+ return l_key_new(L_KEY_ECC, cert->asn1, cert->asn1_len);
+ case L_CERT_KEY_UNKNOWN:
+ break;
+ }
return NULL;
}
diff --git a/ell/cert.h b/ell/cert.h
index 605e427c3d05..f637588e6d66 100644
--- a/ell/cert.h
+++ b/ell/cert.h
@@ -36,6 +36,7 @@ struct l_certchain;
enum l_cert_key_type {
L_CERT_KEY_RSA,
+ L_CERT_KEY_ECC,
L_CERT_KEY_UNKNOWN,
};
diff --git a/ell/key.c b/ell/key.c
index b28bf4dbf085..73f38581f736 100644
--- a/ell/key.c
+++ b/ell/key.c
@@ -108,6 +108,7 @@ struct l_keyring {
static const char * const key_type_names[] = {
[L_KEY_RAW] = "user",
[L_KEY_RSA] = "asymmetric",
+ [L_KEY_ECC] = "asymmetric",
};
static long kernel_add_key(const char *type, const char *description,
diff --git a/ell/key.h b/ell/key.h
index d25d09385b6f..f26f7ecb26c3 100644
--- a/ell/key.h
+++ b/ell/key.h
@@ -45,6 +45,7 @@ enum l_key_feature {
enum l_key_type {
L_KEY_RAW = 0,
L_KEY_RSA,
+ L_KEY_ECC,
};
enum l_keyring_restriction {
--
2.35.1
next reply other threads:[~2022-07-18 18:07 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-18 18:00 Denis Kenzior [this message]
2022-07-18 18:00 ` [PATCH v2 02/10] unit: Add basic EC-DSA verification test Denis Kenzior
2022-07-18 19:07 ` Mat Martineau
2022-07-18 20:21 ` Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 03/10] key: ECDSA data is given in x962 format Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 04/10] tls: Support peer certificates that use ECDSA Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 05/10] tls: Add helper for DigitallySigned validation Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 06/10] tls: Add helper to find hash function by id Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 07/10] tls-suites: Add ECDSA suites from RFC 8422 Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 08/10] unit: Skip ECDSA cipher suite tests Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 09/10] useful: Add maxsize() Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 10/10] tls: Do not set verify_data_length unless needed Denis Kenzior
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220718180045.5845-1-denkenz@gmail.com \
--to=denkenz@gmail.com \
--cc=ell@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).