[PATCH 2/3] x509: Add support for NIST p192 keys in certificates and akcipher

Tue, 26 Jan 2021 16:19:43 -0800 

From: Stefan Berger <stef...@linux.ibm.com>

Add support for NIST p192 keys in x509 certificates and support it in
'akcipher'.

Signed-off-by: Stefan Berger <stef...@linux.ibm.com>
---
 crypto/asymmetric_keys/public_key.c       |  3 ++
 crypto/asymmetric_keys/x509_cert_parser.c |  1 +
 crypto/ecc.c                              | 36 ++++++++++++++++++++++-
 include/linux/oid_registry.h              |  1 +
 4 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/crypto/asymmetric_keys/public_key.c 
b/crypto/asymmetric_keys/public_key.c
index 0fcbaec0ded0..bb4a7cc0e3c8 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -98,6 +98,9 @@ int software_key_determine_akcipher(const char *encoding,
 
                oid = look_up_OID(pkey->params + 2, pkey->paramlen - 2);
                switch (oid) {
+               case OID_id_prime192v1:
+                       strcpy(alg_name, "nist_p192");
+                       return 0;
                case OID_id_prime256v1:
                        strcpy(alg_name, "nist_p256");
                        return 0;
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c 
b/crypto/asymmetric_keys/x509_cert_parser.c
index 44bae5ccb475..720cc7977077 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -501,6 +501,7 @@ int x509_extract_key_data(void *context, size_t hdrlen,
                        enum OID oid = look_up_OID(ctx->params + 2,
                                                   ctx->params_size - 2);
                        switch (oid) {
+                       case OID_id_prime192v1:
                        case OID_id_prime256v1:
                                ctx->cert->pub->pkey_algo = "ecdsa";
                                break;
diff --git a/crypto/ecc.c b/crypto/ecc.c
index fb8370720350..79df35a23a61 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -1826,13 +1826,47 @@ static struct akcipher_alg ecc_nist_p256 = {
        },
 };
 
+static unsigned int ecc_nist_p192_max_size(struct crypto_akcipher *tfm)
+{
+       return NIST_P192_KEY_SIZE;
+}
+
+static int ecc_nist_p192_init_tfm(struct crypto_akcipher *tfm)
+{
+       struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm);
+
+       return ecc_ec_ctx_init(ctx, ECC_CURVE_NIST_P192);
+}
+
+static struct akcipher_alg ecc_nist_p192 = {
+       .verify = ecdsa_verify,
+       .set_pub_key = ecc_set_pub_key,
+       .max_size = ecc_nist_p192_max_size,
+       .init = ecc_nist_p192_init_tfm,
+       .exit = ecc_exit_tfm,
+       .base = {
+               .cra_name = "nist_p192",
+               .cra_driver_name = "ecc-nist-p192",
+               .cra_priority = 100,
+               .cra_module = THIS_MODULE,
+               .cra_ctxsize = sizeof(struct ecc_ctx),
+       },
+};
+
 static int ecc_init(void)
 {
-       return crypto_register_akcipher(&ecc_nist_p256);
+       int ret;
+
+       ret = crypto_register_akcipher(&ecc_nist_p256);
+       if (ret)
+               return ret;
+
+       return crypto_register_akcipher(&ecc_nist_p192);
 }
 
 static void ecc_exit(void)
 {
+       crypto_unregister_akcipher(&ecc_nist_p192);
        crypto_unregister_akcipher(&ecc_nist_p256);
 }
 
diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
index 9060f19c80eb..e8071133d0e2 100644
--- a/include/linux/oid_registry.h
+++ b/include/linux/oid_registry.h
@@ -21,6 +21,7 @@ enum OID {
        OID_id_dsa,                     /* 1.2.840.10040.4.1 */
        OID_id_ecdsa_with_sha1,         /* 1.2.840.10045.4.1 */
        OID_id_ecPublicKey,             /* 1.2.840.10045.2.1 */
+       OID_id_prime192v1,              /* 1.2.840.10045.3.1.1 */
        OID_id_prime256v1,              /* 1.2.840.10045.3.1.7 */
        OID_id_ecdsa_with_sha224,       /* 1.2.840.10045.4.3.1 */
        OID_id_ecdsa_with_sha256,       /* 1.2.840.10045.4.3.2 */
-- 
2.25.4

Reply via email to