From: Stefan Berger <stefanb@linux.ibm.com>
To: keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
davem@davemloft.net, herbert@gondor.apana.org.au,
dhowells@redhat.com, zohar@linux.ibm.com
Cc: linux-kernel@vger.kernel.org, patrick@puiterwijk.org,
linux-integrity@vger.kernel.org,
Stefan Berger <stefanb@linux.ibm.com>,
Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Subject: [PATCH v7 2/4] x509: Detect sm2 keys by their parameters OID
Date: Mon, 1 Feb 2021 10:19:08 -0500 [thread overview]
Message-ID: <20210201151910.1465705-3-stefanb@linux.ibm.com> (raw)
In-Reply-To: <20210201151910.1465705-1-stefanb@linux.ibm.com>
Detect whether a key is an sm2 type of key by its OID in the parameters
array rather than assuming that everything under OID_id_ecPublicKey
is sm2, which is not the case.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Cc: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
---
crypto/asymmetric_keys/x509_cert_parser.c | 12 +++++++++++-
include/linux/oid_registry.h | 1 +
lib/oid_registry.c | 13 +++++++++++++
3 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 52c9b455fc7d..1621ceaf5c95 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -459,6 +459,7 @@ int x509_extract_key_data(void *context, size_t hdrlen,
const void *value, size_t vlen)
{
struct x509_parse_context *ctx = context;
+ enum OID oid;
ctx->key_algo = ctx->last_oid;
switch (ctx->last_oid) {
@@ -470,7 +471,16 @@ int x509_extract_key_data(void *context, size_t hdrlen,
ctx->cert->pub->pkey_algo = "ecrdsa";
break;
case OID_id_ecPublicKey:
- ctx->cert->pub->pkey_algo = "sm2";
+ if (parse_OID(ctx->params, ctx->params_size, &oid) != 0)
+ return -EBADMSG;
+
+ switch (oid) {
+ case OID_sm2:
+ ctx->cert->pub->pkey_algo = "sm2";
+ break;
+ default:
+ return -ENOPKG;
+ }
break;
default:
return -ENOPKG;
diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
index 59ad6109f918..f3b2c097c886 100644
--- a/include/linux/oid_registry.h
+++ b/include/linux/oid_registry.h
@@ -121,6 +121,7 @@ enum OID {
};
extern enum OID look_up_OID(const void *data, size_t datasize);
+extern int parse_OID(const void *data, size_t datasize, enum OID *oid);
extern int sprint_oid(const void *, size_t, char *, size_t);
extern int sprint_OID(enum OID, char *, size_t);
diff --git a/lib/oid_registry.c b/lib/oid_registry.c
index f7ad43f28579..508e0b34b5f0 100644
--- a/lib/oid_registry.c
+++ b/lib/oid_registry.c
@@ -11,6 +11,7 @@
#include <linux/kernel.h>
#include <linux/errno.h>
#include <linux/bug.h>
+#include <linux/asn1.h>
#include "oid_registry_data.c"
MODULE_DESCRIPTION("OID Registry");
@@ -92,6 +93,18 @@ enum OID look_up_OID(const void *data, size_t datasize)
}
EXPORT_SYMBOL_GPL(look_up_OID);
+int parse_OID(const void *data, size_t datasize, enum OID *oid)
+{
+ const unsigned char *v = data;
+
+ if (datasize < 2 || v[0] != ASN1_OID || v[1] != datasize - 2)
+ return -EBADMSG;
+
+ *oid = look_up_OID(data + 2, datasize - 2);
+ return 0;
+}
+EXPORT_SYMBOL_GPL(parse_OID);
+
/*
* sprint_OID - Print an Object Identifier into a buffer
* @data: The encoded OID to print
--
2.29.2
next prev parent reply other threads:[~2021-02-01 15:23 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-01 15:19 [PATCH v7 0/4] Add support for x509 certs with NIST p256 and p192 keys Stefan Berger
2021-02-01 15:19 ` [PATCH v7 1/4] crypto: Add support for ECDSA signature verification Stefan Berger
2021-02-04 5:27 ` Herbert Xu
2021-02-04 5:43 ` Stefan Berger
2021-02-04 14:58 ` Jarkko Sakkinen
2021-02-01 15:19 ` Stefan Berger [this message]
2021-02-01 15:19 ` [PATCH v7 3/4] x509: Add support for parsing x509 certs with ECDSA keys Stefan Berger
2021-02-11 8:03 ` kernel test robot
2021-02-11 17:30 ` Stefan Berger
2021-02-11 18:18 ` Stefan Berger
2021-02-01 15:19 ` [PATCH v7 4/4] ima: Support EC keys for signature verification Stefan Berger
2021-02-05 12:24 ` Mimi Zohar
2021-02-01 16:13 ` [PATCH v7 0/4] Add support for x509 certs with NIST p256 and p192 keys David Howells
2021-02-01 16:28 ` Stefan Berger
2021-02-01 16:36 ` David Howells
2021-02-01 16:45 ` Stefan Berger
2021-02-02 3:59 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210201151910.1465705-3-stefanb@linux.ibm.com \
--to=stefanb@linux.ibm.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=patrick@puiterwijk.org \
--cc=tianjia.zhang@linux.alibaba.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).