Hi Elvira,
On 5/11/21 10:47 PM, Elvira Khabirova wrote:
Allow using EC-RDSA/streebog in pkcs7 certificates in a similar way
to how it's done in the x509 parser.
This is needed e.g. for loading kernel modules signed with EC-RDSA.
Signed-off-by: Elvira Khabirova <e.khabirova@xxxxxx>
Reviewed-by: Tianjia Zhang <tianjia.zhang@xxxxxxxxxxxxxxxxx>
I sent a similar patch to support the SM2/3 algorithm combination, which
happened to conflict with your patch.
https://lkml.org/lkml/2021/6/24/248
If possible and you agree, I will put these two patches in a series and
then resend.
Cheers,
Tianjia
---
crypto/asymmetric_keys/pkcs7_parser.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c
index 967329e0a07b..39c260a04167 100644
--- a/crypto/asymmetric_keys/pkcs7_parser.c
+++ b/crypto/asymmetric_keys/pkcs7_parser.c
@@ -248,6 +248,12 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen,
case OID_sha224:
ctx->sinfo->sig->hash_algo = "sha224";
break;
+ case OID_gost2012Digest256:
+ ctx->sinfo->sig->hash_algo = "streebog256";
+ break;
+ case OID_gost2012Digest512:
+ ctx->sinfo->sig->hash_algo = "streebog512";
+ break;
default:
printk("Unsupported digest algo: %u\n", ctx->last_oid);
return -ENOPKG;
@@ -269,6 +275,11 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen,
ctx->sinfo->sig->pkey_algo = "rsa";
ctx->sinfo->sig->encoding = "pkcs1";
break;
+ case OID_gost2012PKey256:
+ case OID_gost2012PKey512:
+ ctx->sinfo->sig->pkey_algo = "ecrdsa";
+ ctx->sinfo->sig->encoding = "raw";
+ break;
default:
printk("Unsupported pkey algo: %u\n", ctx->last_oid);
return -ENOPKG;