diff mbox series

[v7,13/13] crypto: x509 - Add OID for NIST P521 and extend parser for it

Message ID 20240320114725.1644921-14-stefanb@linux.ibm.com (mailing list archive)
State Changes Requested
Delegated to: Herbert Xu
Headers show
Series [v7,01/13] crypto: ecc - Use ECC_CURVE_NIST_P192/256/384_DIGITS where possible | expand

Commit Message

Stefan Berger March 20, 2024, 11:47 a.m. UTC
Enable the x509 parser to accept NIST P521 certificates and add the
OID for ansip521r1, which is the identifier for NIST P521.

Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Tested-by: Lukas Wunner <lukas@wunner.de>
---
 crypto/asymmetric_keys/x509_cert_parser.c | 3 +++
 include/linux/oid_registry.h              | 1 +
 2 files changed, 4 insertions(+)

Comments

Jarkko Sakkinen March 21, 2024, 5:20 p.m. UTC | #1
On Wed Mar 20, 2024 at 1:47 PM EET, Stefan Berger wrote:
> Enable the x509 parser to accept NIST P521 certificates and add the
> OID for ansip521r1, which is the identifier for NIST P521.
>
> Cc: David Howells <dhowells@redhat.com>
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> Tested-by: Lukas Wunner <lukas@wunner.de>
> ---
>  crypto/asymmetric_keys/x509_cert_parser.c | 3 +++
>  include/linux/oid_registry.h              | 1 +
>  2 files changed, 4 insertions(+)
>
> diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
> index 487204d39426..99f809b7910b 100644
> --- a/crypto/asymmetric_keys/x509_cert_parser.c
> +++ b/crypto/asymmetric_keys/x509_cert_parser.c
> @@ -538,6 +538,9 @@ int x509_extract_key_data(void *context, size_t hdrlen,
>  		case OID_id_ansip384r1:
>  			ctx->cert->pub->pkey_algo = "ecdsa-nist-p384";
>  			break;
> +		case OID_id_ansip521r1:
> +			ctx->cert->pub->pkey_algo = "ecdsa-nist-p521";
> +			break;
>  		default:
>  			return -ENOPKG;
>  		}
> diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
> index 3921fbed0b28..af16d96fbbf2 100644
> --- a/include/linux/oid_registry.h
> +++ b/include/linux/oid_registry.h
> @@ -65,6 +65,7 @@ enum OID {
>  	OID_Scram,			/* 1.3.6.1.5.5.14 */
>  	OID_certAuthInfoAccess,		/* 1.3.6.1.5.5.7.1.1 */
>  	OID_id_ansip384r1,		/* 1.3.132.0.34 */
> +	OID_id_ansip521r1,		/* 1.3.132.0.35 */
>  	OID_sha256,			/* 2.16.840.1.101.3.4.2.1 */
>  	OID_sha384,			/* 2.16.840.1.101.3.4.2.2 */
>  	OID_sha512,			/* 2.16.840.1.101.3.4.2.3 */

Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>

BR, Jarkko
Stefan Berger March 21, 2024, 5:42 p.m. UTC | #2
On 3/21/24 13:20, Jarkko Sakkinen wrote:
> On Wed Mar 20, 2024 at 1:47 PM EET, Stefan Berger wrote:
>> Enable the x509 parser to accept NIST P521 certificates and add the
>> OID for ansip521r1, which is the identifier for NIST P521.
>>
>> Cc: David Howells <dhowells@redhat.com>
>> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
>> Tested-by: Lukas Wunner <lukas@wunner.de>
>> ---
>>   crypto/asymmetric_keys/x509_cert_parser.c | 3 +++
>>   include/linux/oid_registry.h              | 1 +
>>   2 files changed, 4 insertions(+)
>>
>> diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
>> index 487204d39426..99f809b7910b 100644
>> --- a/crypto/asymmetric_keys/x509_cert_parser.c
>> +++ b/crypto/asymmetric_keys/x509_cert_parser.c
>> @@ -538,6 +538,9 @@ int x509_extract_key_data(void *context, size_t hdrlen,
>>   		case OID_id_ansip384r1:
>>   			ctx->cert->pub->pkey_algo = "ecdsa-nist-p384";
>>   			break;
>> +		case OID_id_ansip521r1:
>> +			ctx->cert->pub->pkey_algo = "ecdsa-nist-p521";
>> +			break;
>>   		default:
>>   			return -ENOPKG;
>>   		}
>> diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
>> index 3921fbed0b28..af16d96fbbf2 100644
>> --- a/include/linux/oid_registry.h
>> +++ b/include/linux/oid_registry.h
>> @@ -65,6 +65,7 @@ enum OID {
>>   	OID_Scram,			/* 1.3.6.1.5.5.14 */
>>   	OID_certAuthInfoAccess,		/* 1.3.6.1.5.5.7.1.1 */
>>   	OID_id_ansip384r1,		/* 1.3.132.0.34 */
>> +	OID_id_ansip521r1,		/* 1.3.132.0.35 */
>>   	OID_sha256,			/* 2.16.840.1.101.3.4.2.1 */
>>   	OID_sha384,			/* 2.16.840.1.101.3.4.2.2 */
>>   	OID_sha512,			/* 2.16.840.1.101.3.4.2.3 */
> 
> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
> 
> BR, Jarkko


Thanks for the tags.
>
Jarkko Sakkinen March 21, 2024, 6:25 p.m. UTC | #3
On Thu Mar 21, 2024 at 7:42 PM EET, Stefan Berger wrote:
>
>
> On 3/21/24 13:20, Jarkko Sakkinen wrote:
> > On Wed Mar 20, 2024 at 1:47 PM EET, Stefan Berger wrote:
> >> Enable the x509 parser to accept NIST P521 certificates and add the
> >> OID for ansip521r1, which is the identifier for NIST P521.
> >>
> >> Cc: David Howells <dhowells@redhat.com>
> >> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> >> Tested-by: Lukas Wunner <lukas@wunner.de>
> >> ---
> >>   crypto/asymmetric_keys/x509_cert_parser.c | 3 +++
> >>   include/linux/oid_registry.h              | 1 +
> >>   2 files changed, 4 insertions(+)
> >>
> >> diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
> >> index 487204d39426..99f809b7910b 100644
> >> --- a/crypto/asymmetric_keys/x509_cert_parser.c
> >> +++ b/crypto/asymmetric_keys/x509_cert_parser.c
> >> @@ -538,6 +538,9 @@ int x509_extract_key_data(void *context, size_t hdrlen,
> >>   		case OID_id_ansip384r1:
> >>   			ctx->cert->pub->pkey_algo = "ecdsa-nist-p384";
> >>   			break;
> >> +		case OID_id_ansip521r1:
> >> +			ctx->cert->pub->pkey_algo = "ecdsa-nist-p521";
> >> +			break;
> >>   		default:
> >>   			return -ENOPKG;
> >>   		}
> >> diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
> >> index 3921fbed0b28..af16d96fbbf2 100644
> >> --- a/include/linux/oid_registry.h
> >> +++ b/include/linux/oid_registry.h
> >> @@ -65,6 +65,7 @@ enum OID {
> >>   	OID_Scram,			/* 1.3.6.1.5.5.14 */
> >>   	OID_certAuthInfoAccess,		/* 1.3.6.1.5.5.7.1.1 */
> >>   	OID_id_ansip384r1,		/* 1.3.132.0.34 */
> >> +	OID_id_ansip521r1,		/* 1.3.132.0.35 */
> >>   	OID_sha256,			/* 2.16.840.1.101.3.4.2.1 */
> >>   	OID_sha384,			/* 2.16.840.1.101.3.4.2.2 */
> >>   	OID_sha512,			/* 2.16.840.1.101.3.4.2.3 */
> > 
> > Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
> > 
> > BR, Jarkko
>
>
> Thanks for the tags.

Sure, at least the noise I've made is the sign that someone actually did
read through all the code changes, right? :-)

BR, Jarkko
diff mbox series

Patch

diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 487204d39426..99f809b7910b 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -538,6 +538,9 @@  int x509_extract_key_data(void *context, size_t hdrlen,
 		case OID_id_ansip384r1:
 			ctx->cert->pub->pkey_algo = "ecdsa-nist-p384";
 			break;
+		case OID_id_ansip521r1:
+			ctx->cert->pub->pkey_algo = "ecdsa-nist-p521";
+			break;
 		default:
 			return -ENOPKG;
 		}
diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
index 3921fbed0b28..af16d96fbbf2 100644
--- a/include/linux/oid_registry.h
+++ b/include/linux/oid_registry.h
@@ -65,6 +65,7 @@  enum OID {
 	OID_Scram,			/* 1.3.6.1.5.5.14 */
 	OID_certAuthInfoAccess,		/* 1.3.6.1.5.5.7.1.1 */
 	OID_id_ansip384r1,		/* 1.3.132.0.34 */
+	OID_id_ansip521r1,		/* 1.3.132.0.35 */
 	OID_sha256,			/* 2.16.840.1.101.3.4.2.1 */
 	OID_sha384,			/* 2.16.840.1.101.3.4.2.2 */
 	OID_sha512,			/* 2.16.840.1.101.3.4.2.3 */