[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20210126170359.363969-3-stefanb@linux.vnet.ibm.com>
Date: Tue, 26 Jan 2021 12:03:58 -0500
From: Stefan Berger <stefanb@...ux.vnet.ibm.com>
To: dhowells@...hat.com, keyrings@...r.kernel.org
Cc: linux-kernel@...r.kernel.org, herbert@...dor.apana.org.au,
davem@...emloft.net, linux-crypto@...r.kernel.org,
patrick@...terwijk.org, Stefan Berger <stefanb@...ux.ibm.com>
Subject: [PATCH 2/3] x509: Add support for NIST p192 keys in certificates and akcipher
From: Stefan Berger <stefanb@...ux.ibm.com>
Add support for NIST p192 keys in x509 certificates and support it in
'akcipher'.
Signed-off-by: Stefan Berger <stefanb@...ux.ibm.com>
---
crypto/asymmetric_keys/public_key.c | 3 ++
crypto/asymmetric_keys/x509_cert_parser.c | 1 +
crypto/ecc.c | 36 ++++++++++++++++++++++-
include/linux/oid_registry.h | 1 +
4 files changed, 40 insertions(+), 1 deletion(-)
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index 0fcbaec0ded0..bb4a7cc0e3c8 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -98,6 +98,9 @@ int software_key_determine_akcipher(const char *encoding,
oid = look_up_OID(pkey->params + 2, pkey->paramlen - 2);
switch (oid) {
+ case OID_id_prime192v1:
+ strcpy(alg_name, "nist_p192");
+ return 0;
case OID_id_prime256v1:
strcpy(alg_name, "nist_p256");
return 0;
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 44bae5ccb475..720cc7977077 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -501,6 +501,7 @@ int x509_extract_key_data(void *context, size_t hdrlen,
enum OID oid = look_up_OID(ctx->params + 2,
ctx->params_size - 2);
switch (oid) {
+ case OID_id_prime192v1:
case OID_id_prime256v1:
ctx->cert->pub->pkey_algo = "ecdsa";
break;
diff --git a/crypto/ecc.c b/crypto/ecc.c
index fb8370720350..79df35a23a61 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -1826,13 +1826,47 @@ static struct akcipher_alg ecc_nist_p256 = {
},
};
+static unsigned int ecc_nist_p192_max_size(struct crypto_akcipher *tfm)
+{
+ return NIST_P192_KEY_SIZE;
+}
+
+static int ecc_nist_p192_init_tfm(struct crypto_akcipher *tfm)
+{
+ struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm);
+
+ return ecc_ec_ctx_init(ctx, ECC_CURVE_NIST_P192);
+}
+
+static struct akcipher_alg ecc_nist_p192 = {
+ .verify = ecdsa_verify,
+ .set_pub_key = ecc_set_pub_key,
+ .max_size = ecc_nist_p192_max_size,
+ .init = ecc_nist_p192_init_tfm,
+ .exit = ecc_exit_tfm,
+ .base = {
+ .cra_name = "nist_p192",
+ .cra_driver_name = "ecc-nist-p192",
+ .cra_priority = 100,
+ .cra_module = THIS_MODULE,
+ .cra_ctxsize = sizeof(struct ecc_ctx),
+ },
+};
+
static int ecc_init(void)
{
- return crypto_register_akcipher(&ecc_nist_p256);
+ int ret;
+
+ ret = crypto_register_akcipher(&ecc_nist_p256);
+ if (ret)
+ return ret;
+
+ return crypto_register_akcipher(&ecc_nist_p192);
}
static void ecc_exit(void)
{
+ crypto_unregister_akcipher(&ecc_nist_p192);
crypto_unregister_akcipher(&ecc_nist_p256);
}
diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
index 9060f19c80eb..e8071133d0e2 100644
--- a/include/linux/oid_registry.h
+++ b/include/linux/oid_registry.h
@@ -21,6 +21,7 @@ enum OID {
OID_id_dsa, /* 1.2.840.10040.4.1 */
OID_id_ecdsa_with_sha1, /* 1.2.840.10045.4.1 */
OID_id_ecPublicKey, /* 1.2.840.10045.2.1 */
+ OID_id_prime192v1, /* 1.2.840.10045.3.1.1 */
OID_id_prime256v1, /* 1.2.840.10045.3.1.7 */
OID_id_ecdsa_with_sha224, /* 1.2.840.10045.4.3.1 */
OID_id_ecdsa_with_sha256, /* 1.2.840.10045.4.3.2 */
--
2.25.4
Powered by blists - more mailing lists