On Tue, May 11, 2021 at 05:47:44PM +0300, Elvira Khabirova wrote:
> Allow using EC-RDSA/streebog in pkcs7 certificates in a similar way
> to how it's done in the x509 parser.
>
> This is needed e.g. for loading kernel modules signed with EC-RDSA.
>
> Signed-off-by: Elvira Khabirova <e.khabirova@xxxxxx>
Reviewed-by: Vitaly Chikunov <vt@xxxxxxxxxxxx>
Thanks,
> ---
> crypto/asymmetric_keys/pkcs7_parser.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c
> index 967329e0a07b..39c260a04167 100644
> --- a/crypto/asymmetric_keys/pkcs7_parser.c
> +++ b/crypto/asymmetric_keys/pkcs7_parser.c
> @@ -248,6 +248,12 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen,
> case OID_sha224:
> ctx->sinfo->sig->hash_algo = "sha224";
> break;
> + case OID_gost2012Digest256:
> + ctx->sinfo->sig->hash_algo = "streebog256";
> + break;
> + case OID_gost2012Digest512:
> + ctx->sinfo->sig->hash_algo = "streebog512";
> + break;
> default:
> printk("Unsupported digest algo: %u\n", ctx->last_oid);
> return -ENOPKG;
> @@ -269,6 +275,11 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen,
> ctx->sinfo->sig->pkey_algo = "rsa";
> ctx->sinfo->sig->encoding = "pkcs1";
> break;
> + case OID_gost2012PKey256:
> + case OID_gost2012PKey512:
> + ctx->sinfo->sig->pkey_algo = "ecrdsa";
> + ctx->sinfo->sig->encoding = "raw";
> + break;
> default:
> printk("Unsupported pkey algo: %u\n", ctx->last_oid);
> return -ENOPKG;
> --
> 2.25.1
