Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp2004896pxv; Fri, 2 Jul 2021 19:09:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzVyfN4C0yAVsixfuHDTH5QDTX8rDheB3E1cZvC1V+BoYCcvsooXDMQCvaCSYdomcebt7f8 X-Received: by 2002:a02:8546:: with SMTP id g64mr1956120jai.35.1625278149854; Fri, 02 Jul 2021 19:09:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1625278149; cv=none; d=google.com; s=arc-20160816; b=H9/9JnZWC4eTYxFVvkRYnSV8gtq3Nnf4sHsIak4CV/8toj+iQZ4s6Fojg4zD9enDKK Ygorcca5AgM1eTv3/cZJ5gWhB43y0AdMkA+eRtv35tdgfBUlhNNh7whlLNnUo9AUv8VU A5m5WZAavs9dTXLqR0oa55NuGKiK3UWexDBsRK22udxRPEeZRryUWsWbjMxC35A9tTH3 ZkohiPWYZH5DZos9mgG/jR8i8RuN8pb2kTrWG49mw5y/buUOibtU9ka06O3xneUYLtmy Pf55MSRovdegTe8QRyaLci1TbL0j4CJ2rzWHD07iCEQKcaSz2Dutv9Y7W5+80FfwgmP2 lgKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=ZZmzTdfcqCj50gUUAUDPd3tpXwbgQIz7yftnQggfaeY=; b=TOFE3bdtLQ3uJmJQnPhIB9RmXed+sprEIpaH7lQ2I4DWQzzG23JAqs4aAM2hP4u3FU z75cAoimBS39qBYL0Prpz3ZKcp7402oekg8SX3daJ7RP8qGO1HO7VJ1RXtSrRfNCYa5X AWynp00E30uNVnXkAeEHcgB/ro8ndhDM8uChv7VqFNUHtV433wJSTHb0rW08i/qogNu7 qOn5vVBTrR+wtJOgl5vPunF/DRE5atKFtS+A/ucp2Tbo67PVmdbMssOYmAFP8QnRnbkl LhrGAurUaTddXd2dM7fVXNBo294d5mZHCunCj/4MM3SrmPfvmNrF5bqx9JvFV42pNg29 /FyA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o13si4980809ilf.17.2021.07.02.19.08.37; Fri, 02 Jul 2021 19:09:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230157AbhGCCJp (ORCPT + 99 others); Fri, 2 Jul 2021 22:09:45 -0400 Received: from out30-132.freemail.mail.aliyun.com ([115.124.30.132]:54486 "EHLO out30-132.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230094AbhGCCJo (ORCPT ); Fri, 2 Jul 2021 22:09:44 -0400 X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R551e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e01424;MF=tianjia.zhang@linux.alibaba.com;NM=1;PH=DS;RN=8;SR=0;TI=SMTPD_---0UeWX25L_1625278028; Received: from 30.25.251.73(mailfrom:tianjia.zhang@linux.alibaba.com fp:SMTPD_---0UeWX25L_1625278028) by smtp.aliyun-inc.com(127.0.0.1); Sat, 03 Jul 2021 10:07:09 +0800 Subject: Re: [PATCH] pkcs7: support EC-RDSA/streebog in SignerInfo To: Elvira Khabirova , keyrings@vger.kernel.org, Vitaly Chikunov Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, davem@davemloft.net, herbert@gondor.apana.org.au, dhowells@redhat.com, vt@altlinux.org References: <20210511174744.4f3c6c59@msk1wst204> From: Tianjia Zhang Message-ID: <0091ddbc-a32d-848a-4f18-37b041a048f4@linux.alibaba.com> Date: Sat, 3 Jul 2021 10:07:08 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: <20210511174744.4f3c6c59@msk1wst204> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Elvira, On 5/11/21 10:47 PM, Elvira Khabirova wrote: > Allow using EC-RDSA/streebog in pkcs7 certificates in a similar way > to how it's done in the x509 parser. > > This is needed e.g. for loading kernel modules signed with EC-RDSA. > > Signed-off-by: Elvira Khabirova Reviewed-by: Tianjia Zhang I sent a similar patch to support the SM2/3 algorithm combination, which happened to conflict with your patch. https://lkml.org/lkml/2021/6/24/248 If possible and you agree, I will put these two patches in a series and then resend. Cheers, Tianjia > --- > crypto/asymmetric_keys/pkcs7_parser.c | 11 +++++++++++ > 1 file changed, 11 insertions(+) > > diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c > index 967329e0a07b..39c260a04167 100644 > --- a/crypto/asymmetric_keys/pkcs7_parser.c > +++ b/crypto/asymmetric_keys/pkcs7_parser.c > @@ -248,6 +248,12 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen, > case OID_sha224: > ctx->sinfo->sig->hash_algo = "sha224"; > break; > + case OID_gost2012Digest256: > + ctx->sinfo->sig->hash_algo = "streebog256"; > + break; > + case OID_gost2012Digest512: > + ctx->sinfo->sig->hash_algo = "streebog512"; > + break; > default: > printk("Unsupported digest algo: %u\n", ctx->last_oid); > return -ENOPKG; > @@ -269,6 +275,11 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen, > ctx->sinfo->sig->pkey_algo = "rsa"; > ctx->sinfo->sig->encoding = "pkcs1"; > break; > + case OID_gost2012PKey256: > + case OID_gost2012PKey512: > + ctx->sinfo->sig->pkey_algo = "ecrdsa"; > + ctx->sinfo->sig->encoding = "raw"; > + break; > default: > printk("Unsupported pkey algo: %u\n", ctx->last_oid); > return -ENOPKG; >