diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2022-08-06 18:43:02 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2022-08-06 18:43:02 +0200 |
commit | f20c95b46b8fa3ad34b3ea2e134337f88591468b (patch) | |
tree | 54d6fece1c501f7fe3a082468c674430f790379f /crypto | |
parent | Merge tag 'perf-tools-for-v6.0-2022-08-04' of git://git.kernel.org/pub/scm/li... (diff) | |
parent | tpm: Add check for Failure mode for TPM2 modules (diff) | |
download | linux-f20c95b46b8fa3ad34b3ea2e134337f88591468b.tar.xz linux-f20c95b46b8fa3ad34b3ea2e134337f88591468b.zip |
Merge tag 'tpmdd-next-v5.20' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd
Pull tpm updates from Jarkko Sakkinen:
"Mostly TPM and also few keyring fixes"
* tag 'tpmdd-next-v5.20' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd:
tpm: Add check for Failure mode for TPM2 modules
tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH
tpm: fix platform_no_drv_owner.cocci warning
KEYS: asymmetric: enforce SM2 signature use pkey algo
pkcs7: support EC-RDSA/streebog in SignerInfo
pkcs7: parser support SM2 and SM3 algorithms combination
sign-file: Fix confusing error messages
X.509: Support parsing certificate using SM2 algorithm
tpm: Add tpm_tis_i2c backend for tpm_tis_core
tpm: Add tpm_tis_verify_crc to the tpm_tis_phy_ops protocol layer
dt-bindings: trivial-devices: Add Infineon SLB9673 TPM
tpm: Add upgrade/reduced mode support for TPM1.2 modules
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/asymmetric_keys/pkcs7_parser.c | 18 | ||||
-rw-r--r-- | crypto/asymmetric_keys/public_key.c | 7 | ||||
-rw-r--r-- | crypto/asymmetric_keys/x509_cert_parser.c | 3 |
3 files changed, 26 insertions, 2 deletions
diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c index 6592279d839a..277482bb1777 100644 --- a/crypto/asymmetric_keys/pkcs7_parser.c +++ b/crypto/asymmetric_keys/pkcs7_parser.c @@ -248,6 +248,15 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen, case OID_sha224: ctx->sinfo->sig->hash_algo = "sha224"; break; + case OID_sm3: + ctx->sinfo->sig->hash_algo = "sm3"; + break; + case OID_gost2012Digest256: + ctx->sinfo->sig->hash_algo = "streebog256"; + break; + case OID_gost2012Digest512: + ctx->sinfo->sig->hash_algo = "streebog512"; + break; default: printk("Unsupported digest algo: %u\n", ctx->last_oid); return -ENOPKG; @@ -277,6 +286,15 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen, ctx->sinfo->sig->pkey_algo = "ecdsa"; ctx->sinfo->sig->encoding = "x962"; break; + case OID_SM2_with_SM3: + ctx->sinfo->sig->pkey_algo = "sm2"; + ctx->sinfo->sig->encoding = "raw"; + break; + case OID_gost2012PKey256: + case OID_gost2012PKey512: + ctx->sinfo->sig->pkey_algo = "ecrdsa"; + ctx->sinfo->sig->encoding = "raw"; + break; default: printk("Unsupported pkey algo: %u\n", ctx->last_oid); return -ENOPKG; diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index 7c9e6be35c30..2f8352e88860 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -304,6 +304,10 @@ static int cert_sig_digest_update(const struct public_key_signature *sig, BUG_ON(!sig->data); + /* SM2 signatures always use the SM3 hash algorithm */ + if (!sig->hash_algo || strcmp(sig->hash_algo, "sm3") != 0) + return -EINVAL; + ret = sm2_compute_z_digest(tfm_pkey, SM2_DEFAULT_USERID, SM2_DEFAULT_USERID_LEN, dgst); if (ret) @@ -414,8 +418,7 @@ int public_key_verify_signature(const struct public_key *pkey, if (ret) goto error_free_key; - if (sig->pkey_algo && strcmp(sig->pkey_algo, "sm2") == 0 && - sig->data_size) { + if (strcmp(pkey->pkey_algo, "sm2") == 0 && sig->data_size) { ret = cert_sig_digest_update(sig, tfm); if (ret) goto error_free_key; diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c index 2899ed80bb18..7a9b084e2043 100644 --- a/crypto/asymmetric_keys/x509_cert_parser.c +++ b/crypto/asymmetric_keys/x509_cert_parser.c @@ -508,6 +508,9 @@ int x509_extract_key_data(void *context, size_t hdrlen, case OID_gost2012PKey512: ctx->cert->pub->pkey_algo = "ecrdsa"; break; + case OID_sm2: + ctx->cert->pub->pkey_algo = "sm2"; + break; case OID_id_ecPublicKey: if (parse_OID(ctx->params, ctx->params_size, &oid) != 0) return -EBADMSG; |