| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Jun 2022 15:07:52 +0800
From: Lei He <helei.sig11@...edance.com>
To: herbert@...dor.apana.org.au, davem@...emloft.net,
dhowells@...hat.com, mst@...hat.com
Cc: arei.gonglei@...wei.com, jasowang@...hat.com,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
pizhenwei@...edance.com, helei.sig11@...edance.com,
f4bug@...at.org, berrange@...hat.com
Subject: [PATCH 2/4] crypto: pkcs8 parser support ECDSA private keys
From: lei he <helei.sig11@...edance.com>
Make pkcs8_private_key_parser can identify ECDSA private keys.
Signed-off-by: lei he <helei.sig11@...edance.com>
---
crypto/akcipher.c | 10 ++++++
crypto/asymmetric_keys/pkcs8.asn1 | 2 +-
crypto/asymmetric_keys/pkcs8_parser.c | 45 +++++++++++++++++++++++++--
3 files changed, 53 insertions(+), 4 deletions(-)
diff --git a/crypto/akcipher.c b/crypto/akcipher.c
index f866085c8a4a..3adcdc6d48c2 100644
--- a/crypto/akcipher.c
+++ b/crypto/akcipher.c
@@ -120,6 +120,12 @@ static int akcipher_default_op(struct akcipher_request *req)
return -ENOSYS;
}
+static int akcipher_default_set_key(struct crypto_akcipher *tfm,
+ const void *key, unsigned int keylen)
+{
+ return -ENOSYS;
+}
+
int crypto_register_akcipher(struct akcipher_alg *alg)
{
struct crypto_alg *base = &alg->base;
@@ -132,6 +138,10 @@ int crypto_register_akcipher(struct akcipher_alg *alg)
alg->encrypt = akcipher_default_op;
if (!alg->decrypt)
alg->decrypt = akcipher_default_op;
+ if (!alg->set_pub_key)
+ alg->set_pub_key = akcipher_default_set_key;
+ if (!alg->set_priv_key)
+ alg->set_priv_key = akcipher_default_set_key;
akcipher_prepare_alg(alg);
return crypto_register_alg(base);
diff --git a/crypto/asymmetric_keys/pkcs8.asn1 b/crypto/asymmetric_keys/pkcs8.asn1
index 702c41a3c713..1791ddf4168a 100644
--- a/crypto/asymmetric_keys/pkcs8.asn1
+++ b/crypto/asymmetric_keys/pkcs8.asn1
@@ -20,5 +20,5 @@ Attribute ::= ANY
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER ({ pkcs8_note_OID }),
- parameters ANY OPTIONAL
+ parameters ANY OPTIONAL ({ pkcs8_note_algo_parameter })
}
diff --git a/crypto/asymmetric_keys/pkcs8_parser.c b/crypto/asymmetric_keys/pkcs8_parser.c
index 105dcce27f71..e507c635ead5 100644
--- a/crypto/asymmetric_keys/pkcs8_parser.c
+++ b/crypto/asymmetric_keys/pkcs8_parser.c
@@ -24,6 +24,8 @@ struct pkcs8_parse_context {
enum OID algo_oid; /* Algorithm OID */
u32 key_size;
const void *key;
+ const void *algo_param;
+ u32 algo_param_len;
};
/*
@@ -47,6 +49,17 @@ int pkcs8_note_OID(void *context, size_t hdrlen,
return 0;
}
+int pkcs8_note_algo_parameter(void *context, size_t hdrlen,
+ unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct pkcs8_parse_context *ctx = context;
+
+ ctx->algo_param = value;
+ ctx->algo_param_len = vlen;
+ return 0;
+}
+
/*
* Note the version number of the ASN.1 blob.
*/
@@ -69,11 +82,37 @@ int pkcs8_note_algo(void *context, size_t hdrlen,
const void *value, size_t vlen)
{
struct pkcs8_parse_context *ctx = context;
-
- if (ctx->last_oid != OID_rsaEncryption)
+ enum OID curve_id;
+
+ switch (ctx->last_oid) {
+ case OID_id_ecPublicKey:
+ if (!ctx->algo_param || ctx->algo_param_len == 0)
+ return -EBADMSG;
+ curve_id = look_up_OID(ctx->algo_param, ctx->algo_param_len);
+
+ switch (curve_id) {
+ case OID_id_prime192v1:
+ ctx->pub->pkey_algo = "ecdsa-nist-p192";
+ break;
+ case OID_id_prime256v1:
+ ctx->pub->pkey_algo = "ecdsa-nist-p256";
+ break;
+ case OID_id_ansip384r1:
+ ctx->pub->pkey_algo = "ecdsa-nist-p384";
+ break;
+ default:
+ return -ENOPKG;
+ }
+ break;
+
+ case OID_rsaEncryption:
+ ctx->pub->pkey_algo = "rsa";
+ break;
+
+ default:
return -ENOPKG;
+ }
- ctx->pub->pkey_algo = "rsa";
return 0;
}
--
2.20.1
Powered by blists - more mailing lists