From: Stefan Berger <stef...@linux.ibm.com> Add support for NIST p192 keys in x509 certificates and support it in 'akcipher'.
Signed-off-by: Stefan Berger <stef...@linux.ibm.com> --- crypto/asymmetric_keys/public_key.c | 3 ++ crypto/asymmetric_keys/x509_cert_parser.c | 1 + crypto/ecc.c | 36 ++++++++++++++++++++++- include/linux/oid_registry.h | 1 + 4 files changed, 40 insertions(+), 1 deletion(-) diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index 0fcbaec0ded0..bb4a7cc0e3c8 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -98,6 +98,9 @@ int software_key_determine_akcipher(const char *encoding, oid = look_up_OID(pkey->params + 2, pkey->paramlen - 2); switch (oid) { + case OID_id_prime192v1: + strcpy(alg_name, "nist_p192"); + return 0; case OID_id_prime256v1: strcpy(alg_name, "nist_p256"); return 0; diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c index 44bae5ccb475..720cc7977077 100644 --- a/crypto/asymmetric_keys/x509_cert_parser.c +++ b/crypto/asymmetric_keys/x509_cert_parser.c @@ -501,6 +501,7 @@ int x509_extract_key_data(void *context, size_t hdrlen, enum OID oid = look_up_OID(ctx->params + 2, ctx->params_size - 2); switch (oid) { + case OID_id_prime192v1: case OID_id_prime256v1: ctx->cert->pub->pkey_algo = "ecdsa"; break; diff --git a/crypto/ecc.c b/crypto/ecc.c index fb8370720350..79df35a23a61 100644 --- a/crypto/ecc.c +++ b/crypto/ecc.c @@ -1826,13 +1826,47 @@ static struct akcipher_alg ecc_nist_p256 = { }, }; +static unsigned int ecc_nist_p192_max_size(struct crypto_akcipher *tfm) +{ + return NIST_P192_KEY_SIZE; +} + +static int ecc_nist_p192_init_tfm(struct crypto_akcipher *tfm) +{ + struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm); + + return ecc_ec_ctx_init(ctx, ECC_CURVE_NIST_P192); +} + +static struct akcipher_alg ecc_nist_p192 = { + .verify = ecdsa_verify, + .set_pub_key = ecc_set_pub_key, + .max_size = ecc_nist_p192_max_size, + .init = ecc_nist_p192_init_tfm, + .exit = ecc_exit_tfm, + .base = { + .cra_name = "nist_p192", + .cra_driver_name = "ecc-nist-p192", + .cra_priority = 100, + .cra_module = THIS_MODULE, + .cra_ctxsize = sizeof(struct ecc_ctx), + }, +}; + static int ecc_init(void) { - return crypto_register_akcipher(&ecc_nist_p256); + int ret; + + ret = crypto_register_akcipher(&ecc_nist_p256); + if (ret) + return ret; + + return crypto_register_akcipher(&ecc_nist_p192); } static void ecc_exit(void) { + crypto_unregister_akcipher(&ecc_nist_p192); crypto_unregister_akcipher(&ecc_nist_p256); } diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h index 9060f19c80eb..e8071133d0e2 100644 --- a/include/linux/oid_registry.h +++ b/include/linux/oid_registry.h @@ -21,6 +21,7 @@ enum OID { OID_id_dsa, /* 1.2.840.10040.4.1 */ OID_id_ecdsa_with_sha1, /* 1.2.840.10045.4.1 */ OID_id_ecPublicKey, /* 1.2.840.10045.2.1 */ + OID_id_prime192v1, /* 1.2.840.10045.3.1.1 */ OID_id_prime256v1, /* 1.2.840.10045.3.1.7 */ OID_id_ecdsa_with_sha224, /* 1.2.840.10045.4.3.1 */ OID_id_ecdsa_with_sha256, /* 1.2.840.10045.4.3.2 */ -- 2.25.4