From: Vitaly Chikunov <vt@altlinux.org> To: Herbert Xu <herbert@gondor.apana.org.au>, David Howells <dhowells@redhat.com>, Mimi Zohar <zohar@linux.ibm.com>, Dmitry Kasatkin <dmitry.kasatkin@gmail.com>, linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v7 11/11] integrity: support EC-RDSA signatures for asymmetric_verify Date: Fri, 1 Mar 2019 20:59:18 +0300 [thread overview] Message-ID: <20190301175918.29694-12-vt@altlinux.org> (raw) In-Reply-To: <20190301175918.29694-1-vt@altlinux.org> Allow to use EC-RDSA signatures for IMA by determining signature type by the hash algorithm name. This works good for EC-RDSA since Streebog and EC-RDSA should always be used together. Cc: Mimi Zohar <zohar@linux.ibm.com> Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com> Cc: linux-integrity@vger.kernel.org Signed-off-by: Vitaly Chikunov <vt@altlinux.org> --- security/integrity/digsig_asymmetric.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c index d775e03fbbcc..99080871eb9f 100644 --- a/security/integrity/digsig_asymmetric.c +++ b/security/integrity/digsig_asymmetric.c @@ -104,9 +104,16 @@ int asymmetric_verify(struct key *keyring, const char *sig, memset(&pks, 0, sizeof(pks)); - pks.pkey_algo = "rsa"; pks.hash_algo = hash_algo_name[hdr->hash_algo]; - pks.encoding = "pkcs1"; + if (hdr->hash_algo == HASH_ALGO_STREEBOG_256 || + hdr->hash_algo == HASH_ALGO_STREEBOG_512) { + /* EC-RDSA and Streebog should go together. */ + pks.pkey_algo = "ecrdsa"; + pks.encoding = "raw"; + } else { + pks.pkey_algo = "rsa"; + pks.encoding = "pkcs1"; + } pks.digest = (u8 *)data; pks.digest_size = datalen; pks.s = hdr->sig; -- 2.11.0
WARNING: multiple messages have this Message-ID (diff)
From: Vitaly Chikunov <vt@altlinux.org> To: Herbert Xu <herbert@gondor.apana.org.au>, David Howells <dhowells@redhat.com>, Mimi Zohar <zohar@linux.ibm.com>, Dmitry Kasatkin <dmitry.kasatkin@gmail.com>, linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v7 11/11] integrity: support EC-RDSA signatures for asymmetric_verify Date: Fri, 01 Mar 2019 17:59:18 +0000 [thread overview] Message-ID: <20190301175918.29694-12-vt@altlinux.org> (raw) In-Reply-To: <20190301175918.29694-1-vt@altlinux.org> Allow to use EC-RDSA signatures for IMA by determining signature type by the hash algorithm name. This works good for EC-RDSA since Streebog and EC-RDSA should always be used together. Cc: Mimi Zohar <zohar@linux.ibm.com> Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com> Cc: linux-integrity@vger.kernel.org Signed-off-by: Vitaly Chikunov <vt@altlinux.org> --- security/integrity/digsig_asymmetric.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c index d775e03fbbcc..99080871eb9f 100644 --- a/security/integrity/digsig_asymmetric.c +++ b/security/integrity/digsig_asymmetric.c @@ -104,9 +104,16 @@ int asymmetric_verify(struct key *keyring, const char *sig, memset(&pks, 0, sizeof(pks)); - pks.pkey_algo = "rsa"; pks.hash_algo = hash_algo_name[hdr->hash_algo]; - pks.encoding = "pkcs1"; + if (hdr->hash_algo = HASH_ALGO_STREEBOG_256 || + hdr->hash_algo = HASH_ALGO_STREEBOG_512) { + /* EC-RDSA and Streebog should go together. */ + pks.pkey_algo = "ecrdsa"; + pks.encoding = "raw"; + } else { + pks.pkey_algo = "rsa"; + pks.encoding = "pkcs1"; + } pks.digest = (u8 *)data; pks.digest_size = datalen; pks.s = hdr->sig; -- 2.11.0
next prev parent reply other threads:[~2019-03-01 18:00 UTC|newest] Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-03-01 17:59 [PATCH v7 00/11] crypto: add EC-RDSA (GOST 34.10) algorithm Vitaly Chikunov 2019-03-01 17:59 ` Vitaly Chikunov 2019-03-01 17:59 ` [PATCH v7 01/11] KEYS: report to keyctl only actually supported key ops Vitaly Chikunov 2019-03-01 17:59 ` Vitaly Chikunov 2019-03-01 17:59 ` [PATCH v7 02/11] crypto: akcipher - check the presence of callback before the call Vitaly Chikunov 2019-03-01 17:59 ` Vitaly Chikunov 2019-03-21 11:19 ` Herbert Xu 2019-03-21 11:19 ` Herbert Xu 2019-03-21 11:42 ` Vitaly Chikunov 2019-03-21 11:42 ` Vitaly Chikunov 2019-03-21 12:11 ` Herbert Xu 2019-03-21 12:11 ` Herbert Xu 2019-03-01 17:59 ` [PATCH v7 03/11] crypto: rsa - unimplement sign/verify for raw RSA backends Vitaly Chikunov 2019-03-01 17:59 ` Vitaly Chikunov 2019-03-22 19:21 ` Vitaly Chikunov 2019-03-22 20:27 ` Gary R Hook 2019-03-22 22:41 ` Horia Geanta 2019-03-22 22:41 ` Horia Geanta 2019-03-01 17:59 ` [PATCH v7 04/11] crypto: akcipher - new verify API for public key algorithms Vitaly Chikunov 2019-03-01 17:59 ` Vitaly Chikunov 2019-03-01 17:59 ` [PATCH v7 05/11] KEYS: do not kmemdup digest in {public,tpm}_key_verify_signature Vitaly Chikunov 2019-03-01 17:59 ` Vitaly Chikunov 2019-03-22 19:49 ` Vitaly Chikunov 2019-03-22 19:49 ` Vitaly Chikunov 2019-03-01 17:59 ` [PATCH v7 06/11] X.509: parse public key parameters from x509 for akcipher Vitaly Chikunov 2019-03-01 17:59 ` Vitaly Chikunov 2019-03-22 19:42 ` Vitaly Chikunov 2019-03-22 19:42 ` Vitaly Chikunov 2019-03-01 17:59 ` [PATCH v7 07/11] crypto: Kconfig - create Public-key cryptography section Vitaly Chikunov 2019-03-01 17:59 ` Vitaly Chikunov 2019-03-01 17:59 ` [PATCH v7 08/11] crypto: ecc - make ecc into separate module Vitaly Chikunov 2019-03-01 17:59 ` Vitaly Chikunov 2019-03-01 17:59 ` [PATCH v7 09/11] crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm Vitaly Chikunov 2019-03-01 17:59 ` Vitaly Chikunov 2019-03-01 17:59 ` [PATCH v7 10/11] crypto: ecrdsa - add EC-RDSA test vectors to testmgr Vitaly Chikunov 2019-03-01 17:59 ` Vitaly Chikunov 2019-03-01 17:59 ` Vitaly Chikunov [this message] 2019-03-01 17:59 ` [PATCH v7 11/11] integrity: support EC-RDSA signatures for asymmetric_verify Vitaly Chikunov 2019-03-22 19:15 ` Vitaly Chikunov 2019-03-22 19:15 ` Vitaly Chikunov 2019-03-22 12:39 ` [PATCH v7 00/11] crypto: add EC-RDSA (GOST 34.10) algorithm Herbert Xu 2019-03-22 12:39 ` Herbert Xu
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20190301175918.29694-12-vt@altlinux.org \ --to=vt@altlinux.org \ --cc=dhowells@redhat.com \ --cc=dmitry.kasatkin@gmail.com \ --cc=herbert@gondor.apana.org.au \ --cc=keyrings@vger.kernel.org \ --cc=linux-crypto@vger.kernel.org \ --cc=linux-integrity@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=zohar@linux.ibm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.