From patchwork Thu Sep 3 13:12:40 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "tianjia.zhang" X-Patchwork-Id: 11753567 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DE3D0722 for ; Thu, 3 Sep 2020 13:15:00 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id B443820758 for ; Thu, 3 Sep 2020 13:15:00 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="zxOq58jh" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B443820758 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=ER1sTwAdPZPaY3qyAsDtjSDqs1zeMjIYbqzeGjHPUzo=; b=zxOq58jhtIC0EhizBPAq6KN6o iOjAeQJT7Hs1tMtLSHFTDgc7gWv9l/TdSMcCHnsP4luAuV65DSUKbq9KuwLAPlgEMsom9udIw37qF /7hA50q/AwLY9uWXVQKoJ7iXC8RsicVm2tD58DSmzIV4tM72BHteK5ry/aE3HBhFoNHkMH4SoOrhY TEh8d3anbmyRV7gZhUPkSgSVUpwp+s5/YiYPGq8ev1/qoTEdDANPhgzDbG9P34MlLOVRHcNfakoFt YURO7gWI41KEK4RpkCi4HenBwIX8kkHlIxj178b0bgNdIEwWgO2O2g8FJG/q/EDweVq4JAfzVv09Z XQw4N7v6w==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kDp3g-0003PD-Eo; Thu, 03 Sep 2020 13:13:44 +0000 Received: from out30-42.freemail.mail.aliyun.com ([115.124.30.42]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kDp3a-0003Kj-96 for linux-arm-kernel@lists.infradead.org; Thu, 03 Sep 2020 13:13:40 +0000 X-Alimail-AntiSpam: AC=PASS; BC=-1|-1; BR=01201311R341e4; CH=green; DM=||false|; DS=||; FP=0|-1|-1|-1|0|-1|-1|-1; HT=e01e07488; MF=tianjia.zhang@linux.alibaba.com; NM=1; PH=DS; RN=31; SR=0; TI=SMTPD_---0U7pNn5X_1599138766; Received: from localhost(mailfrom:tianjia.zhang@linux.alibaba.com fp:SMTPD_---0U7pNn5X_1599138766) by smtp.aliyun-inc.com(127.0.0.1); Thu, 03 Sep 2020 21:12:46 +0800 From: Tianjia Zhang To: Herbert Xu , "David S. Miller" , David Howells , Maxime Coquelin , Alexandre Torgue , James Morris , "Serge E. Hallyn" , Stephan Mueller , Marcelo Henrique Cerri , "Steven Rostedt (VMware)" , Masahiro Yamada , Brendan Higgins , Andrew Morton , Johannes Weiner , Waiman Long , Mimi Zohar , Lakshmi Ramasubramanian , Colin Ian King , Tushar Sugandhi , Vitaly Chikunov , "Gilad Ben-Yossef" , Pascal van Leeuwen , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, keyrings@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com, linux-arm-kernel@lists.infradead.org, linux-security-module@vger.kernel.org Subject: [PATCH v6 6/8] X.509: support OSCCA certificate parse Date: Thu, 3 Sep 2020 21:12:40 +0800 Message-Id: <20200903131242.128665-7-tianjia.zhang@linux.alibaba.com> X-Mailer: git-send-email 2.19.1.3.ge56e4f7 In-Reply-To: <20200903131242.128665-1-tianjia.zhang@linux.alibaba.com> References: <20200903131242.128665-1-tianjia.zhang@linux.alibaba.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200903_091338_598092_19369E7E X-CRM114-Status: GOOD ( 13.26 ) X-Spam-Score: -8.0 (--------) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-8.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [115.124.30.42 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -7.5 USER_IN_DEF_SPF_WL From: address is in the default SPF white-list 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines -0.5 ENV_AND_HDR_SPF_MATCH Env and Hdr From used in default SPF WL Match X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Xufeng Zhang , Tianjia Zhang , Jia Zhang Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org The digital certificate format based on SM2 crypto algorithm as specified in GM/T 0015-2012. It was published by State Encryption Management Bureau, China. This patch adds the OID object identifier defined by OSCCA. The x509 certificate supports sm2-with-sm3 type certificate parsing. It uses the standard elliptic curve public key, and the sm2 algorithm signs the hash generated by sm3. Signed-off-by: Tianjia Zhang Tested-by: Xufeng Zhang Reviewed-by: Vitaly Chikunov --- crypto/asymmetric_keys/x509_cert_parser.c | 14 +++++++++++++- include/linux/oid_registry.h | 6 ++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c index 26ec20ef4899..6a8aee22bfd4 100644 --- a/crypto/asymmetric_keys/x509_cert_parser.c +++ b/crypto/asymmetric_keys/x509_cert_parser.c @@ -234,6 +234,10 @@ int x509_note_pkey_algo(void *context, size_t hdrlen, case OID_gost2012Signature512: ctx->cert->sig->hash_algo = "streebog512"; goto ecrdsa; + + case OID_sm2_with_sm3: + ctx->cert->sig->hash_algo = "sm3"; + goto sm2; } rsa_pkcs1: @@ -246,6 +250,11 @@ int x509_note_pkey_algo(void *context, size_t hdrlen, ctx->cert->sig->encoding = "raw"; ctx->algo_oid = ctx->last_oid; return 0; +sm2: + ctx->cert->sig->pkey_algo = "sm2"; + ctx->cert->sig->encoding = "raw"; + ctx->algo_oid = ctx->last_oid; + return 0; } /* @@ -266,7 +275,8 @@ int x509_note_signature(void *context, size_t hdrlen, } if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0 || - strcmp(ctx->cert->sig->pkey_algo, "ecrdsa") == 0) { + strcmp(ctx->cert->sig->pkey_algo, "ecrdsa") == 0 || + strcmp(ctx->cert->sig->pkey_algo, "sm2") == 0) { /* Discard the BIT STRING metadata */ if (vlen < 1 || *(const u8 *)value != 0) return -EBADMSG; @@ -456,6 +466,8 @@ int x509_extract_key_data(void *context, size_t hdrlen, else if (ctx->last_oid == OID_gost2012PKey256 || ctx->last_oid == OID_gost2012PKey512) ctx->cert->pub->pkey_algo = "ecrdsa"; + else if (ctx->last_oid == OID_id_ecPublicKey) + ctx->cert->pub->pkey_algo = "sm2"; else return -ENOPKG; diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h index 657d6bf2c064..48fe3133ff39 100644 --- a/include/linux/oid_registry.h +++ b/include/linux/oid_registry.h @@ -107,6 +107,12 @@ enum OID { OID_gostTC26Sign512B, /* 1.2.643.7.1.2.1.2.2 */ OID_gostTC26Sign512C, /* 1.2.643.7.1.2.1.2.3 */ + /* OSCCA */ + OID_sm2, /* 1.2.156.10197.1.301 */ + OID_sm3, /* 1.2.156.10197.1.401 */ + OID_sm2_with_sm3, /* 1.2.156.10197.1.501 */ + OID_sm3WithRSAEncryption, /* 1.2.156.10197.1.504 */ + OID__NR };