summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2022-08-06 09:43:02 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2022-08-06 09:43:02 -0700
commitf20c95b46b8fa3ad34b3ea2e134337f88591468b (patch)
tree54d6fece1c501f7fe3a082468c674430f790379f /crypto
parent48a577dc1b09c1d35f2b8b37e7fa9a7169d50f5d (diff)
parent863ed94c589fcd1984f4e3080f069d30508044bb (diff)
downloadlinux-f20c95b46b8fa3ad34b3ea2e134337f88591468b.tar.bz2
Merge tag 'tpmdd-next-v5.20' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd
Pull tpm updates from Jarkko Sakkinen: "Mostly TPM and also few keyring fixes" * tag 'tpmdd-next-v5.20' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd: tpm: Add check for Failure mode for TPM2 modules tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH tpm: fix platform_no_drv_owner.cocci warning KEYS: asymmetric: enforce SM2 signature use pkey algo pkcs7: support EC-RDSA/streebog in SignerInfo pkcs7: parser support SM2 and SM3 algorithms combination sign-file: Fix confusing error messages X.509: Support parsing certificate using SM2 algorithm tpm: Add tpm_tis_i2c backend for tpm_tis_core tpm: Add tpm_tis_verify_crc to the tpm_tis_phy_ops protocol layer dt-bindings: trivial-devices: Add Infineon SLB9673 TPM tpm: Add upgrade/reduced mode support for TPM1.2 modules
Diffstat (limited to 'crypto')
-rw-r--r--crypto/asymmetric_keys/pkcs7_parser.c18
-rw-r--r--crypto/asymmetric_keys/public_key.c7
-rw-r--r--crypto/asymmetric_keys/x509_cert_parser.c3
3 files changed, 26 insertions, 2 deletions
diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c
index 6592279d839a..277482bb1777 100644
--- a/crypto/asymmetric_keys/pkcs7_parser.c
+++ b/crypto/asymmetric_keys/pkcs7_parser.c
@@ -248,6 +248,15 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen,
case OID_sha224:
ctx->sinfo->sig->hash_algo = "sha224";
break;
+ case OID_sm3:
+ ctx->sinfo->sig->hash_algo = "sm3";
+ break;
+ case OID_gost2012Digest256:
+ ctx->sinfo->sig->hash_algo = "streebog256";
+ break;
+ case OID_gost2012Digest512:
+ ctx->sinfo->sig->hash_algo = "streebog512";
+ break;
default:
printk("Unsupported digest algo: %u\n", ctx->last_oid);
return -ENOPKG;
@@ -277,6 +286,15 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen,
ctx->sinfo->sig->pkey_algo = "ecdsa";
ctx->sinfo->sig->encoding = "x962";
break;
+ case OID_SM2_with_SM3:
+ ctx->sinfo->sig->pkey_algo = "sm2";
+ ctx->sinfo->sig->encoding = "raw";
+ break;
+ case OID_gost2012PKey256:
+ case OID_gost2012PKey512:
+ ctx->sinfo->sig->pkey_algo = "ecrdsa";
+ ctx->sinfo->sig->encoding = "raw";
+ break;
default:
printk("Unsupported pkey algo: %u\n", ctx->last_oid);
return -ENOPKG;
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index 7c9e6be35c30..2f8352e88860 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -304,6 +304,10 @@ static int cert_sig_digest_update(const struct public_key_signature *sig,
BUG_ON(!sig->data);
+ /* SM2 signatures always use the SM3 hash algorithm */
+ if (!sig->hash_algo || strcmp(sig->hash_algo, "sm3") != 0)
+ return -EINVAL;
+
ret = sm2_compute_z_digest(tfm_pkey, SM2_DEFAULT_USERID,
SM2_DEFAULT_USERID_LEN, dgst);
if (ret)
@@ -414,8 +418,7 @@ int public_key_verify_signature(const struct public_key *pkey,
if (ret)
goto error_free_key;
- if (sig->pkey_algo && strcmp(sig->pkey_algo, "sm2") == 0 &&
- sig->data_size) {
+ if (strcmp(pkey->pkey_algo, "sm2") == 0 && sig->data_size) {
ret = cert_sig_digest_update(sig, tfm);
if (ret)
goto error_free_key;
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 2899ed80bb18..7a9b084e2043 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -508,6 +508,9 @@ int x509_extract_key_data(void *context, size_t hdrlen,
case OID_gost2012PKey512:
ctx->cert->pub->pkey_algo = "ecrdsa";
break;
+ case OID_sm2:
+ ctx->cert->pub->pkey_algo = "sm2";
+ break;
case OID_id_ecPublicKey:
if (parse_OID(ctx->params, ctx->params_size, &oid) != 0)
return -EBADMSG;