Commit fdb4f66c authored by Dimitri John Ledkov's avatar Dimitri John Ledkov Committed by Herbert Xu

crypto: asymmetric_keys - allow FIPS 202 SHA-3 signatures

Add FIPS 202 SHA-3 hash signature support in x509 certificates, pkcs7
signatures, and authenticode signatures. Supports hashes of size 256
and up, as 224 is too weak for any practical purposes.
Signed-off-by: default avatarDimitri John Ledkov <dimitri.ledkov@canonical.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent ee62afb9
......@@ -84,6 +84,15 @@ int mscode_note_digest_algo(void *context, size_t hdrlen,
case OID_sha512:
ctx->digest_algo = "sha512";
break;
case OID_sha3_256:
ctx->digest_algo = "sha3-256";
break;
case OID_sha3_384:
ctx->digest_algo = "sha3-384";
break;
case OID_sha3_512:
ctx->digest_algo = "sha3-512";
break;
case OID__NR:
sprint_oid(value, vlen, buffer, sizeof(buffer));
......
......@@ -248,6 +248,15 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen,
case OID_gost2012Digest512:
ctx->sinfo->sig->hash_algo = "streebog512";
break;
case OID_sha3_256:
ctx->sinfo->sig->hash_algo = "sha3-256";
break;
case OID_sha3_384:
ctx->sinfo->sig->hash_algo = "sha3-384";
break;
case OID_sha3_512:
ctx->sinfo->sig->hash_algo = "sha3-512";
break;
default:
printk("Unsupported digest algo: %u\n", ctx->last_oid);
return -ENOPKG;
......@@ -273,6 +282,9 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen,
case OID_id_ecdsa_with_sha256:
case OID_id_ecdsa_with_sha384:
case OID_id_ecdsa_with_sha512:
case OID_id_ecdsa_with_sha3_256:
case OID_id_ecdsa_with_sha3_384:
case OID_id_ecdsa_with_sha3_512:
ctx->sinfo->sig->pkey_algo = "ecdsa";
ctx->sinfo->sig->encoding = "x962";
break;
......
......@@ -119,7 +119,10 @@ software_key_determine_akcipher(const struct public_key *pkey,
if (strcmp(hash_algo, "sha224") != 0 &&
strcmp(hash_algo, "sha256") != 0 &&
strcmp(hash_algo, "sha384") != 0 &&
strcmp(hash_algo, "sha512") != 0)
strcmp(hash_algo, "sha512") != 0 &&
strcmp(hash_algo, "sha3-256") != 0 &&
strcmp(hash_algo, "sha3-384") != 0 &&
strcmp(hash_algo, "sha3-512") != 0)
return -EINVAL;
} else if (strcmp(pkey->pkey_algo, "sm2") == 0) {
if (strcmp(encoding, "raw") != 0)
......
......@@ -214,6 +214,18 @@ int x509_note_sig_algo(void *context, size_t hdrlen, unsigned char tag,
ctx->cert->sig->hash_algo = "sha224";
goto rsa_pkcs1;
case OID_id_rsassa_pkcs1_v1_5_with_sha3_256:
ctx->cert->sig->hash_algo = "sha3-256";
goto rsa_pkcs1;
case OID_id_rsassa_pkcs1_v1_5_with_sha3_384:
ctx->cert->sig->hash_algo = "sha3-384";
goto rsa_pkcs1;
case OID_id_rsassa_pkcs1_v1_5_with_sha3_512:
ctx->cert->sig->hash_algo = "sha3-512";
goto rsa_pkcs1;
case OID_id_ecdsa_with_sha224:
ctx->cert->sig->hash_algo = "sha224";
goto ecdsa;
......@@ -230,6 +242,18 @@ int x509_note_sig_algo(void *context, size_t hdrlen, unsigned char tag,
ctx->cert->sig->hash_algo = "sha512";
goto ecdsa;
case OID_id_ecdsa_with_sha3_256:
ctx->cert->sig->hash_algo = "sha3-256";
goto ecdsa;
case OID_id_ecdsa_with_sha3_384:
ctx->cert->sig->hash_algo = "sha3-384";
goto ecdsa;
case OID_id_ecdsa_with_sha3_512:
ctx->cert->sig->hash_algo = "sha3-512";
goto ecdsa;
case OID_gost2012Signature256:
ctx->cert->sig->hash_algo = "streebog256";
goto ecrdsa;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment