From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.7 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 704BFC433E2 for ; Sat, 12 Sep 2020 08:50:26 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3C8CC21548 for ; Sat, 12 Sep 2020 08:50:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725880AbgILIuU (ORCPT ); Sat, 12 Sep 2020 04:50:20 -0400 Received: from vmicros1.altlinux.org ([194.107.17.57]:40718 "EHLO vmicros1.altlinux.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725833AbgILIuR (ORCPT ); Sat, 12 Sep 2020 04:50:17 -0400 Received: from imap.altlinux.org (imap.altlinux.org [194.107.17.38]) by vmicros1.altlinux.org (Postfix) with ESMTP id 6D69372CA54; Sat, 12 Sep 2020 11:50:13 +0300 (MSK) Received: from altlinux.org (sole.flsd.net [185.75.180.6]) by imap.altlinux.org (Postfix) with ESMTPSA id 2144F4A4A16; Sat, 12 Sep 2020 11:50:13 +0300 (MSK) Date: Sat, 12 Sep 2020 11:50:13 +0300 From: Vitaly Chikunov To: Tianjia Zhang Cc: Herbert Xu , "David S. Miller" , David Howells , Maxime Coquelin , Alexandre Torgue , James Morris , "Serge E. Hallyn" , Stephan Mueller , Marcelo Henrique Cerri , "Steven Rostedt (VMware)" , Masahiro Yamada , Brendan Higgins , Andrew Morton , Johannes Weiner , Waiman Long , Mimi Zohar , Lakshmi Ramasubramanian , Colin Ian King , Tushar Sugandhi , Gilad Ben-Yossef , Pascal van Leeuwen , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, keyrings@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com, linux-arm-kernel@lists.infradead.org, linux-security-module@vger.kernel.org, Xufeng Zhang , Jia Zhang Subject: Re: [PATCH v6 6/8] X.509: support OSCCA certificate parse Message-ID: <20200912085013.ugm2azs5xr7iirda@altlinux.org> References: <20200903131242.128665-1-tianjia.zhang@linux.alibaba.com> <20200903131242.128665-7-tianjia.zhang@linux.alibaba.com> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20200903131242.128665-7-tianjia.zhang@linux.alibaba.com> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, Sep 03, 2020 at 09:12:40PM +0800, Tianjia Zhang wrote: > The digital certificate format based on SM2 crypto algorithm as > specified in GM/T 0015-2012. It was published by State Encryption > Management Bureau, China. > > This patch adds the OID object identifier defined by OSCCA. The > x509 certificate supports sm2-with-sm3 type certificate parsing. > It uses the standard elliptic curve public key, and the sm2 > algorithm signs the hash generated by sm3. > > Signed-off-by: Tianjia Zhang > Tested-by: Xufeng Zhang > --- > crypto/asymmetric_keys/x509_cert_parser.c | 14 +++++++++++++- > include/linux/oid_registry.h | 6 ++++++ > 2 files changed, 19 insertions(+), 1 deletion(-) > > diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c > index 26ec20ef4899..6a8aee22bfd4 100644 > --- a/crypto/asymmetric_keys/x509_cert_parser.c > +++ b/crypto/asymmetric_keys/x509_cert_parser.c > @@ -234,6 +234,10 @@ int x509_note_pkey_algo(void *context, size_t hdrlen, > case OID_gost2012Signature512: > ctx->cert->sig->hash_algo = "streebog512"; > goto ecrdsa; > + > + case OID_sm2_with_sm3: > + ctx->cert->sig->hash_algo = "sm3"; > + goto sm2; > } > > rsa_pkcs1: > @@ -246,6 +250,11 @@ int x509_note_pkey_algo(void *context, size_t hdrlen, > ctx->cert->sig->encoding = "raw"; > ctx->algo_oid = ctx->last_oid; > return 0; > +sm2: > + ctx->cert->sig->pkey_algo = "sm2"; > + ctx->cert->sig->encoding = "raw"; > + ctx->algo_oid = ctx->last_oid; > + return 0; > } > > /* > @@ -266,7 +275,8 @@ int x509_note_signature(void *context, size_t hdrlen, > } > > if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0 || > - strcmp(ctx->cert->sig->pkey_algo, "ecrdsa") == 0) { > + strcmp(ctx->cert->sig->pkey_algo, "ecrdsa") == 0 || > + strcmp(ctx->cert->sig->pkey_algo, "sm2") == 0) { > /* Discard the BIT STRING metadata */ > if (vlen < 1 || *(const u8 *)value != 0) > return -EBADMSG; > @@ -456,6 +466,8 @@ int x509_extract_key_data(void *context, size_t hdrlen, > else if (ctx->last_oid == OID_gost2012PKey256 || > ctx->last_oid == OID_gost2012PKey512) > ctx->cert->pub->pkey_algo = "ecrdsa"; > + else if (ctx->last_oid == OID_id_ecPublicKey) > + ctx->cert->pub->pkey_algo = "sm2"; > else > return -ENOPKG; > > diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h > index 657d6bf2c064..48fe3133ff39 100644 > --- a/include/linux/oid_registry.h > +++ b/include/linux/oid_registry.h > @@ -107,6 +107,12 @@ enum OID { > OID_gostTC26Sign512B, /* 1.2.643.7.1.2.1.2.2 */ > OID_gostTC26Sign512C, /* 1.2.643.7.1.2.1.2.3 */ > > + /* OSCCA */ > + OID_sm2, /* 1.2.156.10197.1.301 */ > + OID_sm3, /* 1.2.156.10197.1.401 */ > + OID_sm2_with_sm3, /* 1.2.156.10197.1.501 */ > + OID_sm3WithRSAEncryption, /* 1.2.156.10197.1.504 */ OID_sm3WithRSAEncryption identifier is unused and this mode looks not implemented. But, this is probably ok for possible future extension. Reviewed-by: Vitaly Chikunov Thanks, > + > OID__NR > }; >