On Sun, Oct 22, 2023 at 07:09:28PM +0100, Dimitri John Ledkov wrote:
Add support for parsing FIPS 202 SHA-3 signature hashes. Separately,
it is not clear why explicit hashes are re-encoded here, instead of
trying to generically show any digest openssl supports.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@xxxxxxxxxxxxx>
---
libkmod/libkmod-signature.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
index b749a818f9..a39059cd7c 100644
--- a/libkmod/libkmod-signature.c
+++ b/libkmod/libkmod-signature.c
@@ -57,6 +57,9 @@ enum pkey_hash_algo {
PKEY_HASH_SHA512,
PKEY_HASH_SHA224,
PKEY_HASH_SM3,
+ PKEY_HASH_SHA3_256,
+ PKEY_HASH_SHA3_384,
+ PKEY_HASH_SHA3_512,
PKEY_HASH__LAST
};
@@ -70,6 +73,9 @@ const char *const pkey_hash_algo[PKEY_HASH__LAST] = {
[PKEY_HASH_SHA512] = "sha512",
[PKEY_HASH_SHA224] = "sha224",
[PKEY_HASH_SM3] = "sm3",
+ [PKEY_HASH_SHA3_256] = "sha3-256",
+ [PKEY_HASH_SHA3_384] = "sha3-384",
+ [PKEY_HASH_SHA3_512] = "sha3-512",
};
enum pkey_id_type {
@@ -167,6 +173,12 @@ static int obj_to_hash_algo(const ASN1_OBJECT *o)
case NID_sm3:
return PKEY_HASH_SM3;
# endif
+ case NID_sha3_256:
+ return PKEY_HASH_SHA3_256;
+ case NID_sha3_384:
+ return PKEY_HASH_SHA3_384;
+ case NID_sha3_512:
+ return PKEY_HASH_SHA3_512;
with your other patch, libkmod: remove pkcs7 obj_to_hash_algo(), this
hunk is not needed anymore. Do you want to send a new version of this
patch?
thanks
Lucas De Marchi
default:
return -1;
}
--
2.34.1
