diff mbox series

[2/3] x509: Add support for NIST p192 keys in certificates and akcipher

Message ID 20210126170359.363969-3-stefanb@linux.vnet.ibm.com (mailing list archive)
State Not Applicable
Delegated to: Herbert Xu
Headers show
Series Add support for x509 certs with NIST p256 and p192 keys | expand

Commit Message

Stefan Berger Jan. 26, 2021, 5:03 p.m. UTC
From: Stefan Berger <stefanb@linux.ibm.com>

Add support for NIST p192 keys in x509 certificates and support it in
'akcipher'.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 crypto/asymmetric_keys/public_key.c       |  3 ++
 crypto/asymmetric_keys/x509_cert_parser.c |  1 +
 crypto/ecc.c                              | 36 ++++++++++++++++++++++-
 include/linux/oid_registry.h              |  1 +
 4 files changed, 40 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index 0fcbaec0ded0..bb4a7cc0e3c8 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -98,6 +98,9 @@  int software_key_determine_akcipher(const char *encoding,
 
 		oid = look_up_OID(pkey->params + 2, pkey->paramlen - 2);
 		switch (oid) {
+		case OID_id_prime192v1:
+			strcpy(alg_name, "nist_p192");
+			return 0;
 		case OID_id_prime256v1:
 			strcpy(alg_name, "nist_p256");
 			return 0;
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 44bae5ccb475..720cc7977077 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -501,6 +501,7 @@  int x509_extract_key_data(void *context, size_t hdrlen,
 			enum OID oid = look_up_OID(ctx->params + 2,
 						   ctx->params_size - 2);
 			switch (oid) {
+			case OID_id_prime192v1:
 			case OID_id_prime256v1:
 				ctx->cert->pub->pkey_algo = "ecdsa";
 				break;
diff --git a/crypto/ecc.c b/crypto/ecc.c
index fb8370720350..79df35a23a61 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -1826,13 +1826,47 @@  static struct akcipher_alg ecc_nist_p256 = {
 	},
 };
 
+static unsigned int ecc_nist_p192_max_size(struct crypto_akcipher *tfm)
+{
+	return NIST_P192_KEY_SIZE;
+}
+
+static int ecc_nist_p192_init_tfm(struct crypto_akcipher *tfm)
+{
+	struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm);
+
+	return ecc_ec_ctx_init(ctx, ECC_CURVE_NIST_P192);
+}
+
+static struct akcipher_alg ecc_nist_p192 = {
+	.verify = ecdsa_verify,
+	.set_pub_key = ecc_set_pub_key,
+	.max_size = ecc_nist_p192_max_size,
+	.init = ecc_nist_p192_init_tfm,
+	.exit = ecc_exit_tfm,
+	.base = {
+		.cra_name = "nist_p192",
+		.cra_driver_name = "ecc-nist-p192",
+		.cra_priority = 100,
+		.cra_module = THIS_MODULE,
+		.cra_ctxsize = sizeof(struct ecc_ctx),
+	},
+};
+
 static int ecc_init(void)
 {
-	return crypto_register_akcipher(&ecc_nist_p256);
+	int ret;
+
+	ret = crypto_register_akcipher(&ecc_nist_p256);
+	if (ret)
+		return ret;
+
+	return crypto_register_akcipher(&ecc_nist_p192);
 }
 
 static void ecc_exit(void)
 {
+	crypto_unregister_akcipher(&ecc_nist_p192);
 	crypto_unregister_akcipher(&ecc_nist_p256);
 }
 
diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
index 9060f19c80eb..e8071133d0e2 100644
--- a/include/linux/oid_registry.h
+++ b/include/linux/oid_registry.h
@@ -21,6 +21,7 @@  enum OID {
 	OID_id_dsa,			/* 1.2.840.10040.4.1 */
 	OID_id_ecdsa_with_sha1,		/* 1.2.840.10045.4.1 */
 	OID_id_ecPublicKey,		/* 1.2.840.10045.2.1 */
+	OID_id_prime192v1,		/* 1.2.840.10045.3.1.1 */
 	OID_id_prime256v1,		/* 1.2.840.10045.3.1.7 */
 	OID_id_ecdsa_with_sha224,	/* 1.2.840.10045.4.3.1 */
 	OID_id_ecdsa_with_sha256,	/* 1.2.840.10045.4.3.2 */