2019-05-20 17:08:01 +00:00
|
|
|
// SPDX-License-Identifier: GPL-2.0-or-later
|
2012-09-24 16:11:48 +00:00
|
|
|
/* X.509 certificate parser
|
|
|
|
|
*
|
|
|
|
|
* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
|
|
|
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#define pr_fmt(fmt) "X.509: "fmt
|
|
|
|
|
#include <linux/kernel.h>
|
2014-07-01 15:40:19 +00:00
|
|
|
#include <linux/export.h>
|
2012-09-24 16:11:48 +00:00
|
|
|
#include <linux/slab.h>
|
|
|
|
|
#include <linux/err.h>
|
|
|
|
|
#include <linux/oid_registry.h>
|
2016-02-02 18:08:53 +00:00
|
|
|
#include <crypto/public_key.h>
|
2012-09-24 16:11:48 +00:00
|
|
|
#include "x509_parser.h"
|
2018-03-23 13:04:37 +00:00
|
|
|
#include "x509.asn1.h"
|
|
|
|
|
#include "x509_akid.asn1.h"
|
2012-09-24 16:11:48 +00:00
|
|
|
|
|
|
|
|
struct x509_parse_context {
|
|
|
|
|
struct x509_certificate *cert; /* Certificate being constructed */
|
|
|
|
|
unsigned long data; /* Start of data */
|
|
|
|
|
const void *key; /* Key data */
|
|
|
|
|
size_t key_size; /* Size of key data */
|
2019-04-11 15:51:17 +00:00
|
|
|
const void *params; /* Key parameters */
|
|
|
|
|
size_t params_size; /* Size of key parameters */
|
2022-01-19 00:54:33 +00:00
|
|
|
enum OID key_algo; /* Algorithm used by the cert's key */
|
2012-09-24 16:11:48 +00:00
|
|
|
enum OID last_oid; /* Last OID encountered */
|
2022-01-19 00:54:33 +00:00
|
|
|
enum OID sig_algo; /* Algorithm used to sign the cert */
|
2012-09-24 16:11:48 +00:00
|
|
|
u8 o_size; /* Size of organizationName (O) */
|
|
|
|
|
u8 cn_size; /* Size of commonName (CN) */
|
|
|
|
|
u8 email_size; /* Size of emailAddress */
|
|
|
|
|
u16 o_offset; /* Offset of organizationName (O) */
|
|
|
|
|
u16 cn_offset; /* Offset of commonName (CN) */
|
|
|
|
|
u16 email_offset; /* Offset of emailAddress */
|
2015-07-20 20:16:26 +00:00
|
|
|
unsigned raw_akid_size;
|
|
|
|
|
const void *raw_akid; /* Raw authorityKeyId in ASN.1 */
|
|
|
|
|
const void *akid_raw_issuer; /* Raw directoryName in authorityKeyId */
|
|
|
|
|
unsigned akid_raw_issuer_size;
|
2012-09-24 16:11:48 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Free an X.509 certificate
|
|
|
|
|
*/
|
|
|
|
|
void x509_free_certificate(struct x509_certificate *cert)
|
|
|
|
|
{
|
|
|
|
|
if (cert) {
|
2016-04-06 15:13:33 +00:00
|
|
|
public_key_free(cert->pub);
|
2016-04-06 15:13:33 +00:00
|
|
|
public_key_signature_free(cert->sig);
|
2012-09-24 16:11:48 +00:00
|
|
|
kfree(cert->issuer);
|
|
|
|
|
kfree(cert->subject);
|
2014-09-16 16:36:13 +00:00
|
|
|
kfree(cert->id);
|
|
|
|
|
kfree(cert->skid);
|
2012-09-24 16:11:48 +00:00
|
|
|
kfree(cert);
|
|
|
|
|
}
|
|
|
|
|
}
|
2014-07-01 15:40:19 +00:00
|
|
|
EXPORT_SYMBOL_GPL(x509_free_certificate);
|
2012-09-24 16:11:48 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Parse an X.509 certificate
|
|
|
|
|
*/
|
|
|
|
|
struct x509_certificate *x509_cert_parse(const void *data, size_t datalen)
|
|
|
|
|
{
|
2024-04-07 17:57:40 +00:00
|
|
|
struct x509_certificate *cert __free(x509_free_certificate);
|
|
|
|
|
struct x509_parse_context *ctx __free(kfree) = NULL;
|
2014-09-16 16:36:13 +00:00
|
|
|
struct asymmetric_key_id *kid;
|
2012-09-24 16:11:48 +00:00
|
|
|
long ret;
|
|
|
|
|
|
|
|
|
|
cert = kzalloc(sizeof(struct x509_certificate), GFP_KERNEL);
|
|
|
|
|
if (!cert)
|
2024-04-07 17:57:40 +00:00
|
|
|
return ERR_PTR(-ENOMEM);
|
2012-09-24 16:11:48 +00:00
|
|
|
cert->pub = kzalloc(sizeof(struct public_key), GFP_KERNEL);
|
|
|
|
|
if (!cert->pub)
|
2024-04-07 17:57:40 +00:00
|
|
|
return ERR_PTR(-ENOMEM);
|
2016-04-06 15:13:33 +00:00
|
|
|
cert->sig = kzalloc(sizeof(struct public_key_signature), GFP_KERNEL);
|
|
|
|
|
if (!cert->sig)
|
2024-04-07 17:57:40 +00:00
|
|
|
return ERR_PTR(-ENOMEM);
|
2012-09-24 16:11:48 +00:00
|
|
|
ctx = kzalloc(sizeof(struct x509_parse_context), GFP_KERNEL);
|
|
|
|
|
if (!ctx)
|
2024-04-07 17:57:40 +00:00
|
|
|
return ERR_PTR(-ENOMEM);
|
2012-09-24 16:11:48 +00:00
|
|
|
|
|
|
|
|
ctx->cert = cert;
|
|
|
|
|
ctx->data = (unsigned long)data;
|
|
|
|
|
|
|
|
|
|
/* Attempt to decode the certificate */
|
|
|
|
|
ret = asn1_ber_decoder(&x509_decoder, ctx, data, datalen);
|
|
|
|
|
if (ret < 0)
|
2024-04-07 17:57:40 +00:00
|
|
|
return ERR_PTR(ret);
|
2012-09-24 16:11:48 +00:00
|
|
|
|
2015-07-20 20:16:26 +00:00
|
|
|
/* Decode the AuthorityKeyIdentifier */
|
|
|
|
|
if (ctx->raw_akid) {
|
|
|
|
|
pr_devel("AKID: %u %*phN\n",
|
|
|
|
|
ctx->raw_akid_size, ctx->raw_akid_size, ctx->raw_akid);
|
|
|
|
|
ret = asn1_ber_decoder(&x509_akid_decoder, ctx,
|
|
|
|
|
ctx->raw_akid, ctx->raw_akid_size);
|
|
|
|
|
if (ret < 0) {
|
|
|
|
|
pr_warn("Couldn't decode AuthKeyIdentifier\n");
|
2024-04-07 17:57:40 +00:00
|
|
|
return ERR_PTR(ret);
|
2015-07-20 20:16:26 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-02 18:08:53 +00:00
|
|
|
cert->pub->key = kmemdup(ctx->key, ctx->key_size, GFP_KERNEL);
|
|
|
|
|
if (!cert->pub->key)
|
2024-04-07 17:57:40 +00:00
|
|
|
return ERR_PTR(-ENOMEM);
|
2012-09-24 16:11:48 +00:00
|
|
|
|
2016-02-02 18:08:53 +00:00
|
|
|
cert->pub->keylen = ctx->key_size;
|
|
|
|
|
|
2019-04-11 15:51:17 +00:00
|
|
|
cert->pub->params = kmemdup(ctx->params, ctx->params_size, GFP_KERNEL);
|
|
|
|
|
if (!cert->pub->params)
|
2024-04-07 17:57:40 +00:00
|
|
|
return ERR_PTR(-ENOMEM);
|
2019-04-11 15:51:17 +00:00
|
|
|
|
|
|
|
|
cert->pub->paramlen = ctx->params_size;
|
|
|
|
|
cert->pub->algo = ctx->key_algo;
|
|
|
|
|
|
2016-04-06 15:13:34 +00:00
|
|
|
/* Grab the signature bits */
|
|
|
|
|
ret = x509_get_sig_params(cert);
|
|
|
|
|
if (ret < 0)
|
2024-04-07 17:57:40 +00:00
|
|
|
return ERR_PTR(ret);
|
2016-04-06 15:13:34 +00:00
|
|
|
|
2014-09-16 16:36:13 +00:00
|
|
|
/* Generate cert issuer + serial number key ID */
|
|
|
|
|
kid = asymmetric_key_generate_id(cert->raw_serial,
|
|
|
|
|
cert->raw_serial_size,
|
|
|
|
|
cert->raw_issuer,
|
|
|
|
|
cert->raw_issuer_size);
|
2024-04-07 17:57:40 +00:00
|
|
|
if (IS_ERR(kid))
|
|
|
|
|
return ERR_CAST(kid);
|
2014-09-16 16:36:13 +00:00
|
|
|
cert->id = kid;
|
|
|
|
|
|
2016-04-06 15:13:34 +00:00
|
|
|
/* Detect self-signed certificates */
|
|
|
|
|
ret = x509_check_for_self_signed(cert);
|
|
|
|
|
if (ret < 0)
|
2024-04-07 17:57:40 +00:00
|
|
|
return ERR_PTR(ret);
|
2012-09-24 16:11:48 +00:00
|
|
|
|
2024-04-07 17:57:40 +00:00
|
|
|
return_ptr(cert);
|
2012-09-24 16:11:48 +00:00
|
|
|
}
|
2014-07-01 15:40:19 +00:00
|
|
|
EXPORT_SYMBOL_GPL(x509_cert_parse);
|
2012-09-24 16:11:48 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Note an OID when we find one for later processing when we know how
|
|
|
|
|
* to interpret it.
|
|
|
|
|
*/
|
|
|
|
|
int x509_note_OID(void *context, size_t hdrlen,
|
|
|
|
|
unsigned char tag,
|
|
|
|
|
const void *value, size_t vlen)
|
|
|
|
|
{
|
|
|
|
|
struct x509_parse_context *ctx = context;
|
|
|
|
|
|
|
|
|
|
ctx->last_oid = look_up_OID(value, vlen);
|
|
|
|
|
if (ctx->last_oid == OID__NR) {
|
|
|
|
|
char buffer[50];
|
|
|
|
|
sprint_oid(value, vlen, buffer, sizeof(buffer));
|
2012-10-03 23:04:46 +00:00
|
|
|
pr_debug("Unknown OID: [%lu] %s\n",
|
2012-09-24 16:11:48 +00:00
|
|
|
(unsigned long)value - ctx->data, buffer);
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Save the position of the TBS data so that we can check the signature over it
|
|
|
|
|
* later.
|
|
|
|
|
*/
|
|
|
|
|
int x509_note_tbs_certificate(void *context, size_t hdrlen,
|
|
|
|
|
unsigned char tag,
|
|
|
|
|
const void *value, size_t vlen)
|
|
|
|
|
{
|
|
|
|
|
struct x509_parse_context *ctx = context;
|
|
|
|
|
|
|
|
|
|
pr_debug("x509_note_tbs_certificate(,%zu,%02x,%ld,%zu)!\n",
|
|
|
|
|
hdrlen, tag, (unsigned long)value - ctx->data, vlen);
|
|
|
|
|
|
|
|
|
|
ctx->cert->tbs = value - hdrlen;
|
|
|
|
|
ctx->cert->tbs_size = vlen + hdrlen;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2022-01-19 00:54:33 +00:00
|
|
|
* Record the algorithm that was used to sign this certificate.
|
2012-09-24 16:11:48 +00:00
|
|
|
*/
|
2022-01-19 00:54:33 +00:00
|
|
|
int x509_note_sig_algo(void *context, size_t hdrlen, unsigned char tag,
|
|
|
|
|
const void *value, size_t vlen)
|
2012-09-24 16:11:48 +00:00
|
|
|
{
|
|
|
|
|
struct x509_parse_context *ctx = context;
|
|
|
|
|
|
|
|
|
|
pr_debug("PubKey Algo: %u\n", ctx->last_oid);
|
|
|
|
|
|
|
|
|
|
switch (ctx->last_oid) {
|
|
|
|
|
default:
|
|
|
|
|
return -ENOPKG; /* Unsupported combination */
|
|
|
|
|
|
2024-03-13 23:32:27 +00:00
|
|
|
case OID_sha1WithRSAEncryption:
|
|
|
|
|
ctx->cert->sig->hash_algo = "sha1";
|
|
|
|
|
goto rsa_pkcs1;
|
|
|
|
|
|
2012-09-24 16:11:48 +00:00
|
|
|
case OID_sha256WithRSAEncryption:
|
2016-04-06 15:13:33 +00:00
|
|
|
ctx->cert->sig->hash_algo = "sha256";
|
2018-10-09 16:47:15 +00:00
|
|
|
goto rsa_pkcs1;
|
2012-09-24 16:11:48 +00:00
|
|
|
|
|
|
|
|
case OID_sha384WithRSAEncryption:
|
2016-04-06 15:13:33 +00:00
|
|
|
ctx->cert->sig->hash_algo = "sha384";
|
2018-10-09 16:47:15 +00:00
|
|
|
goto rsa_pkcs1;
|
2012-09-24 16:11:48 +00:00
|
|
|
|
|
|
|
|
case OID_sha512WithRSAEncryption:
|
2016-04-06 15:13:33 +00:00
|
|
|
ctx->cert->sig->hash_algo = "sha512";
|
2018-10-09 16:47:15 +00:00
|
|
|
goto rsa_pkcs1;
|
2012-09-24 16:11:48 +00:00
|
|
|
|
|
|
|
|
case OID_sha224WithRSAEncryption:
|
2016-04-06 15:13:33 +00:00
|
|
|
ctx->cert->sig->hash_algo = "sha224";
|
2018-10-09 16:47:15 +00:00
|
|
|
goto rsa_pkcs1;
|
crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm
Add Elliptic Curve Russian Digital Signature Algorithm (GOST R
34.10-2012, RFC 7091, ISO/IEC 14888-3) is one of the Russian (and since
2018 the CIS countries) cryptographic standard algorithms (called GOST
algorithms). Only signature verification is supported, with intent to be
used in the IMA.
Summary of the changes:
* crypto/Kconfig:
- EC-RDSA is added into Public-key cryptography section.
* crypto/Makefile:
- ecrdsa objects are added.
* crypto/asymmetric_keys/x509_cert_parser.c:
- Recognize EC-RDSA and Streebog OIDs.
* include/linux/oid_registry.h:
- EC-RDSA OIDs are added to the enum. Also, a two currently not
implemented curve OIDs are added for possible extension later (to
not change numbering and grouping).
* crypto/ecc.c:
- Kenneth MacKay copyright date is updated to 2014, because
vli_mmod_slow, ecc_point_add, ecc_point_mult_shamir are based on his
code from micro-ecc.
- Functions needed for ecrdsa are EXPORT_SYMBOL'ed.
- New functions:
vli_is_negative - helper to determine sign of vli;
vli_from_be64 - unpack big-endian array into vli (used for
a signature);
vli_from_le64 - unpack little-endian array into vli (used for
a public key);
vli_uadd, vli_usub - add/sub u64 value to/from vli (used for
increment/decrement);
mul_64_64 - optimized to use __int128 where appropriate, this speeds
up point multiplication (and as a consequence signature
verification) by the factor of 1.5-2;
vli_umult - multiply vli by a small value (speeds up point
multiplication by another factor of 1.5-2, depending on vli sizes);
vli_mmod_special - module reduction for some form of Pseudo-Mersenne
primes (used for the curves A);
vli_mmod_special2 - module reduction for another form of
Pseudo-Mersenne primes (used for the curves B);
vli_mmod_barrett - module reduction using pre-computed value (used
for the curve C);
vli_mmod_slow - more general module reduction which is much slower
(used when the modulus is subgroup order);
vli_mod_mult_slow - modular multiplication;
ecc_point_add - add two points;
ecc_point_mult_shamir - add two points multiplied by scalars in one
combined multiplication (this gives speed up by another factor 2 in
compare to two separate multiplications).
ecc_is_pubkey_valid_partial - additional samity check is added.
- Updated vli_mmod_fast with non-strict heuristic to call optimal
module reduction function depending on the prime value;
- All computations for the previously defined (two NIST) curves should
not unaffected.
* crypto/ecc.h:
- Newly exported functions are documented.
* crypto/ecrdsa_defs.h
- Five curves are defined.
* crypto/ecrdsa.c:
- Signature verification is implemented.
* crypto/ecrdsa_params.asn1, crypto/ecrdsa_pub_key.asn1:
- Templates for BER decoder for EC-RDSA parameters and public key.
Cc: linux-integrity@vger.kernel.org
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-04-11 15:51:20 +00:00
|
|
|
|
2024-03-13 23:32:27 +00:00
|
|
|
case OID_id_ecdsa_with_sha1:
|
|
|
|
|
ctx->cert->sig->hash_algo = "sha1";
|
|
|
|
|
goto ecdsa;
|
|
|
|
|
|
2023-10-22 18:22:06 +00:00
|
|
|
case OID_id_rsassa_pkcs1_v1_5_with_sha3_256:
|
|
|
|
|
ctx->cert->sig->hash_algo = "sha3-256";
|
|
|
|
|
goto rsa_pkcs1;
|
|
|
|
|
|
|
|
|
|
case OID_id_rsassa_pkcs1_v1_5_with_sha3_384:
|
|
|
|
|
ctx->cert->sig->hash_algo = "sha3-384";
|
|
|
|
|
goto rsa_pkcs1;
|
|
|
|
|
|
|
|
|
|
case OID_id_rsassa_pkcs1_v1_5_with_sha3_512:
|
|
|
|
|
ctx->cert->sig->hash_algo = "sha3-512";
|
|
|
|
|
goto rsa_pkcs1;
|
|
|
|
|
|
2021-03-16 21:07:37 +00:00
|
|
|
case OID_id_ecdsa_with_sha224:
|
|
|
|
|
ctx->cert->sig->hash_algo = "sha224";
|
|
|
|
|
goto ecdsa;
|
|
|
|
|
|
|
|
|
|
case OID_id_ecdsa_with_sha256:
|
|
|
|
|
ctx->cert->sig->hash_algo = "sha256";
|
|
|
|
|
goto ecdsa;
|
|
|
|
|
|
|
|
|
|
case OID_id_ecdsa_with_sha384:
|
|
|
|
|
ctx->cert->sig->hash_algo = "sha384";
|
|
|
|
|
goto ecdsa;
|
|
|
|
|
|
|
|
|
|
case OID_id_ecdsa_with_sha512:
|
|
|
|
|
ctx->cert->sig->hash_algo = "sha512";
|
|
|
|
|
goto ecdsa;
|
|
|
|
|
|
2023-10-22 18:22:06 +00:00
|
|
|
case OID_id_ecdsa_with_sha3_256:
|
|
|
|
|
ctx->cert->sig->hash_algo = "sha3-256";
|
|
|
|
|
goto ecdsa;
|
|
|
|
|
|
|
|
|
|
case OID_id_ecdsa_with_sha3_384:
|
|
|
|
|
ctx->cert->sig->hash_algo = "sha3-384";
|
|
|
|
|
goto ecdsa;
|
|
|
|
|
|
|
|
|
|
case OID_id_ecdsa_with_sha3_512:
|
|
|
|
|
ctx->cert->sig->hash_algo = "sha3-512";
|
|
|
|
|
goto ecdsa;
|
|
|
|
|
|
crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm
Add Elliptic Curve Russian Digital Signature Algorithm (GOST R
34.10-2012, RFC 7091, ISO/IEC 14888-3) is one of the Russian (and since
2018 the CIS countries) cryptographic standard algorithms (called GOST
algorithms). Only signature verification is supported, with intent to be
used in the IMA.
Summary of the changes:
* crypto/Kconfig:
- EC-RDSA is added into Public-key cryptography section.
* crypto/Makefile:
- ecrdsa objects are added.
* crypto/asymmetric_keys/x509_cert_parser.c:
- Recognize EC-RDSA and Streebog OIDs.
* include/linux/oid_registry.h:
- EC-RDSA OIDs are added to the enum. Also, a two currently not
implemented curve OIDs are added for possible extension later (to
not change numbering and grouping).
* crypto/ecc.c:
- Kenneth MacKay copyright date is updated to 2014, because
vli_mmod_slow, ecc_point_add, ecc_point_mult_shamir are based on his
code from micro-ecc.
- Functions needed for ecrdsa are EXPORT_SYMBOL'ed.
- New functions:
vli_is_negative - helper to determine sign of vli;
vli_from_be64 - unpack big-endian array into vli (used for
a signature);
vli_from_le64 - unpack little-endian array into vli (used for
a public key);
vli_uadd, vli_usub - add/sub u64 value to/from vli (used for
increment/decrement);
mul_64_64 - optimized to use __int128 where appropriate, this speeds
up point multiplication (and as a consequence signature
verification) by the factor of 1.5-2;
vli_umult - multiply vli by a small value (speeds up point
multiplication by another factor of 1.5-2, depending on vli sizes);
vli_mmod_special - module reduction for some form of Pseudo-Mersenne
primes (used for the curves A);
vli_mmod_special2 - module reduction for another form of
Pseudo-Mersenne primes (used for the curves B);
vli_mmod_barrett - module reduction using pre-computed value (used
for the curve C);
vli_mmod_slow - more general module reduction which is much slower
(used when the modulus is subgroup order);
vli_mod_mult_slow - modular multiplication;
ecc_point_add - add two points;
ecc_point_mult_shamir - add two points multiplied by scalars in one
combined multiplication (this gives speed up by another factor 2 in
compare to two separate multiplications).
ecc_is_pubkey_valid_partial - additional samity check is added.
- Updated vli_mmod_fast with non-strict heuristic to call optimal
module reduction function depending on the prime value;
- All computations for the previously defined (two NIST) curves should
not unaffected.
* crypto/ecc.h:
- Newly exported functions are documented.
* crypto/ecrdsa_defs.h
- Five curves are defined.
* crypto/ecrdsa.c:
- Signature verification is implemented.
* crypto/ecrdsa_params.asn1, crypto/ecrdsa_pub_key.asn1:
- Templates for BER decoder for EC-RDSA parameters and public key.
Cc: linux-integrity@vger.kernel.org
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-04-11 15:51:20 +00:00
|
|
|
case OID_gost2012Signature256:
|
|
|
|
|
ctx->cert->sig->hash_algo = "streebog256";
|
|
|
|
|
goto ecrdsa;
|
|
|
|
|
|
|
|
|
|
case OID_gost2012Signature512:
|
|
|
|
|
ctx->cert->sig->hash_algo = "streebog512";
|
|
|
|
|
goto ecrdsa;
|
2012-09-24 16:11:48 +00:00
|
|
|
}
|
|
|
|
|
|
2018-10-09 16:47:15 +00:00
|
|
|
rsa_pkcs1:
|
|
|
|
|
ctx->cert->sig->pkey_algo = "rsa";
|
|
|
|
|
ctx->cert->sig->encoding = "pkcs1";
|
2022-01-19 00:54:33 +00:00
|
|
|
ctx->sig_algo = ctx->last_oid;
|
2012-09-24 16:11:48 +00:00
|
|
|
return 0;
|
crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm
Add Elliptic Curve Russian Digital Signature Algorithm (GOST R
34.10-2012, RFC 7091, ISO/IEC 14888-3) is one of the Russian (and since
2018 the CIS countries) cryptographic standard algorithms (called GOST
algorithms). Only signature verification is supported, with intent to be
used in the IMA.
Summary of the changes:
* crypto/Kconfig:
- EC-RDSA is added into Public-key cryptography section.
* crypto/Makefile:
- ecrdsa objects are added.
* crypto/asymmetric_keys/x509_cert_parser.c:
- Recognize EC-RDSA and Streebog OIDs.
* include/linux/oid_registry.h:
- EC-RDSA OIDs are added to the enum. Also, a two currently not
implemented curve OIDs are added for possible extension later (to
not change numbering and grouping).
* crypto/ecc.c:
- Kenneth MacKay copyright date is updated to 2014, because
vli_mmod_slow, ecc_point_add, ecc_point_mult_shamir are based on his
code from micro-ecc.
- Functions needed for ecrdsa are EXPORT_SYMBOL'ed.
- New functions:
vli_is_negative - helper to determine sign of vli;
vli_from_be64 - unpack big-endian array into vli (used for
a signature);
vli_from_le64 - unpack little-endian array into vli (used for
a public key);
vli_uadd, vli_usub - add/sub u64 value to/from vli (used for
increment/decrement);
mul_64_64 - optimized to use __int128 where appropriate, this speeds
up point multiplication (and as a consequence signature
verification) by the factor of 1.5-2;
vli_umult - multiply vli by a small value (speeds up point
multiplication by another factor of 1.5-2, depending on vli sizes);
vli_mmod_special - module reduction for some form of Pseudo-Mersenne
primes (used for the curves A);
vli_mmod_special2 - module reduction for another form of
Pseudo-Mersenne primes (used for the curves B);
vli_mmod_barrett - module reduction using pre-computed value (used
for the curve C);
vli_mmod_slow - more general module reduction which is much slower
(used when the modulus is subgroup order);
vli_mod_mult_slow - modular multiplication;
ecc_point_add - add two points;
ecc_point_mult_shamir - add two points multiplied by scalars in one
combined multiplication (this gives speed up by another factor 2 in
compare to two separate multiplications).
ecc_is_pubkey_valid_partial - additional samity check is added.
- Updated vli_mmod_fast with non-strict heuristic to call optimal
module reduction function depending on the prime value;
- All computations for the previously defined (two NIST) curves should
not unaffected.
* crypto/ecc.h:
- Newly exported functions are documented.
* crypto/ecrdsa_defs.h
- Five curves are defined.
* crypto/ecrdsa.c:
- Signature verification is implemented.
* crypto/ecrdsa_params.asn1, crypto/ecrdsa_pub_key.asn1:
- Templates for BER decoder for EC-RDSA parameters and public key.
Cc: linux-integrity@vger.kernel.org
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-04-11 15:51:20 +00:00
|
|
|
ecrdsa:
|
|
|
|
|
ctx->cert->sig->pkey_algo = "ecrdsa";
|
|
|
|
|
ctx->cert->sig->encoding = "raw";
|
2022-01-19 00:54:33 +00:00
|
|
|
ctx->sig_algo = ctx->last_oid;
|
crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm
Add Elliptic Curve Russian Digital Signature Algorithm (GOST R
34.10-2012, RFC 7091, ISO/IEC 14888-3) is one of the Russian (and since
2018 the CIS countries) cryptographic standard algorithms (called GOST
algorithms). Only signature verification is supported, with intent to be
used in the IMA.
Summary of the changes:
* crypto/Kconfig:
- EC-RDSA is added into Public-key cryptography section.
* crypto/Makefile:
- ecrdsa objects are added.
* crypto/asymmetric_keys/x509_cert_parser.c:
- Recognize EC-RDSA and Streebog OIDs.
* include/linux/oid_registry.h:
- EC-RDSA OIDs are added to the enum. Also, a two currently not
implemented curve OIDs are added for possible extension later (to
not change numbering and grouping).
* crypto/ecc.c:
- Kenneth MacKay copyright date is updated to 2014, because
vli_mmod_slow, ecc_point_add, ecc_point_mult_shamir are based on his
code from micro-ecc.
- Functions needed for ecrdsa are EXPORT_SYMBOL'ed.
- New functions:
vli_is_negative - helper to determine sign of vli;
vli_from_be64 - unpack big-endian array into vli (used for
a signature);
vli_from_le64 - unpack little-endian array into vli (used for
a public key);
vli_uadd, vli_usub - add/sub u64 value to/from vli (used for
increment/decrement);
mul_64_64 - optimized to use __int128 where appropriate, this speeds
up point multiplication (and as a consequence signature
verification) by the factor of 1.5-2;
vli_umult - multiply vli by a small value (speeds up point
multiplication by another factor of 1.5-2, depending on vli sizes);
vli_mmod_special - module reduction for some form of Pseudo-Mersenne
primes (used for the curves A);
vli_mmod_special2 - module reduction for another form of
Pseudo-Mersenne primes (used for the curves B);
vli_mmod_barrett - module reduction using pre-computed value (used
for the curve C);
vli_mmod_slow - more general module reduction which is much slower
(used when the modulus is subgroup order);
vli_mod_mult_slow - modular multiplication;
ecc_point_add - add two points;
ecc_point_mult_shamir - add two points multiplied by scalars in one
combined multiplication (this gives speed up by another factor 2 in
compare to two separate multiplications).
ecc_is_pubkey_valid_partial - additional samity check is added.
- Updated vli_mmod_fast with non-strict heuristic to call optimal
module reduction function depending on the prime value;
- All computations for the previously defined (two NIST) curves should
not unaffected.
* crypto/ecc.h:
- Newly exported functions are documented.
* crypto/ecrdsa_defs.h
- Five curves are defined.
* crypto/ecrdsa.c:
- Signature verification is implemented.
* crypto/ecrdsa_params.asn1, crypto/ecrdsa_pub_key.asn1:
- Templates for BER decoder for EC-RDSA parameters and public key.
Cc: linux-integrity@vger.kernel.org
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-04-11 15:51:20 +00:00
|
|
|
return 0;
|
2021-03-16 21:07:37 +00:00
|
|
|
ecdsa:
|
|
|
|
|
ctx->cert->sig->pkey_algo = "ecdsa";
|
|
|
|
|
ctx->cert->sig->encoding = "x962";
|
2022-01-19 00:54:33 +00:00
|
|
|
ctx->sig_algo = ctx->last_oid;
|
2021-03-16 21:07:37 +00:00
|
|
|
return 0;
|
2012-09-24 16:11:48 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Note the whereabouts and type of the signature.
|
|
|
|
|
*/
|
|
|
|
|
int x509_note_signature(void *context, size_t hdrlen,
|
|
|
|
|
unsigned char tag,
|
|
|
|
|
const void *value, size_t vlen)
|
|
|
|
|
{
|
|
|
|
|
struct x509_parse_context *ctx = context;
|
|
|
|
|
|
2022-01-19 00:54:33 +00:00
|
|
|
pr_debug("Signature: alg=%u, size=%zu\n", ctx->last_oid, vlen);
|
2012-09-24 16:11:48 +00:00
|
|
|
|
2022-01-19 00:54:33 +00:00
|
|
|
/*
|
|
|
|
|
* In X.509 certificates, the signature's algorithm is stored in two
|
|
|
|
|
* places: inside the TBSCertificate (the data that is signed), and
|
|
|
|
|
* alongside the signature. These *must* match.
|
|
|
|
|
*/
|
|
|
|
|
if (ctx->last_oid != ctx->sig_algo) {
|
|
|
|
|
pr_warn("signatureAlgorithm (%u) differs from tbsCertificate.signature (%u)\n",
|
|
|
|
|
ctx->last_oid, ctx->sig_algo);
|
2012-09-24 16:11:48 +00:00
|
|
|
return -EINVAL;
|
|
|
|
|
}
|
|
|
|
|
|
crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm
Add Elliptic Curve Russian Digital Signature Algorithm (GOST R
34.10-2012, RFC 7091, ISO/IEC 14888-3) is one of the Russian (and since
2018 the CIS countries) cryptographic standard algorithms (called GOST
algorithms). Only signature verification is supported, with intent to be
used in the IMA.
Summary of the changes:
* crypto/Kconfig:
- EC-RDSA is added into Public-key cryptography section.
* crypto/Makefile:
- ecrdsa objects are added.
* crypto/asymmetric_keys/x509_cert_parser.c:
- Recognize EC-RDSA and Streebog OIDs.
* include/linux/oid_registry.h:
- EC-RDSA OIDs are added to the enum. Also, a two currently not
implemented curve OIDs are added for possible extension later (to
not change numbering and grouping).
* crypto/ecc.c:
- Kenneth MacKay copyright date is updated to 2014, because
vli_mmod_slow, ecc_point_add, ecc_point_mult_shamir are based on his
code from micro-ecc.
- Functions needed for ecrdsa are EXPORT_SYMBOL'ed.
- New functions:
vli_is_negative - helper to determine sign of vli;
vli_from_be64 - unpack big-endian array into vli (used for
a signature);
vli_from_le64 - unpack little-endian array into vli (used for
a public key);
vli_uadd, vli_usub - add/sub u64 value to/from vli (used for
increment/decrement);
mul_64_64 - optimized to use __int128 where appropriate, this speeds
up point multiplication (and as a consequence signature
verification) by the factor of 1.5-2;
vli_umult - multiply vli by a small value (speeds up point
multiplication by another factor of 1.5-2, depending on vli sizes);
vli_mmod_special - module reduction for some form of Pseudo-Mersenne
primes (used for the curves A);
vli_mmod_special2 - module reduction for another form of
Pseudo-Mersenne primes (used for the curves B);
vli_mmod_barrett - module reduction using pre-computed value (used
for the curve C);
vli_mmod_slow - more general module reduction which is much slower
(used when the modulus is subgroup order);
vli_mod_mult_slow - modular multiplication;
ecc_point_add - add two points;
ecc_point_mult_shamir - add two points multiplied by scalars in one
combined multiplication (this gives speed up by another factor 2 in
compare to two separate multiplications).
ecc_is_pubkey_valid_partial - additional samity check is added.
- Updated vli_mmod_fast with non-strict heuristic to call optimal
module reduction function depending on the prime value;
- All computations for the previously defined (two NIST) curves should
not unaffected.
* crypto/ecc.h:
- Newly exported functions are documented.
* crypto/ecrdsa_defs.h
- Five curves are defined.
* crypto/ecrdsa.c:
- Signature verification is implemented.
* crypto/ecrdsa_params.asn1, crypto/ecrdsa_pub_key.asn1:
- Templates for BER decoder for EC-RDSA parameters and public key.
Cc: linux-integrity@vger.kernel.org
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-04-11 15:51:20 +00:00
|
|
|
if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0 ||
|
2020-09-20 16:21:01 +00:00
|
|
|
strcmp(ctx->cert->sig->pkey_algo, "ecrdsa") == 0 ||
|
2021-03-16 21:07:37 +00:00
|
|
|
strcmp(ctx->cert->sig->pkey_algo, "ecdsa") == 0) {
|
2018-05-19 12:23:54 +00:00
|
|
|
/* Discard the BIT STRING metadata */
|
|
|
|
|
if (vlen < 1 || *(const u8 *)value != 0)
|
|
|
|
|
return -EBADMSG;
|
|
|
|
|
|
|
|
|
|
value++;
|
|
|
|
|
vlen--;
|
|
|
|
|
}
|
|
|
|
|
|
2013-08-30 15:18:02 +00:00
|
|
|
ctx->cert->raw_sig = value;
|
|
|
|
|
ctx->cert->raw_sig_size = vlen;
|
2012-09-24 16:11:48 +00:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2014-07-01 15:40:19 +00:00
|
|
|
/*
|
|
|
|
|
* Note the certificate serial number
|
|
|
|
|
*/
|
|
|
|
|
int x509_note_serial(void *context, size_t hdrlen,
|
|
|
|
|
unsigned char tag,
|
|
|
|
|
const void *value, size_t vlen)
|
|
|
|
|
{
|
|
|
|
|
struct x509_parse_context *ctx = context;
|
|
|
|
|
ctx->cert->raw_serial = value;
|
|
|
|
|
ctx->cert->raw_serial_size = vlen;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2012-09-24 16:11:48 +00:00
|
|
|
/*
|
|
|
|
|
* Note some of the name segments from which we'll fabricate a name.
|
|
|
|
|
*/
|
|
|
|
|
int x509_extract_name_segment(void *context, size_t hdrlen,
|
|
|
|
|
unsigned char tag,
|
|
|
|
|
const void *value, size_t vlen)
|
|
|
|
|
{
|
|
|
|
|
struct x509_parse_context *ctx = context;
|
|
|
|
|
|
|
|
|
|
switch (ctx->last_oid) {
|
|
|
|
|
case OID_commonName:
|
|
|
|
|
ctx->cn_size = vlen;
|
|
|
|
|
ctx->cn_offset = (unsigned long)value - ctx->data;
|
|
|
|
|
break;
|
|
|
|
|
case OID_organizationName:
|
|
|
|
|
ctx->o_size = vlen;
|
|
|
|
|
ctx->o_offset = (unsigned long)value - ctx->data;
|
|
|
|
|
break;
|
|
|
|
|
case OID_email_address:
|
|
|
|
|
ctx->email_size = vlen;
|
|
|
|
|
ctx->email_offset = (unsigned long)value - ctx->data;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Fabricate and save the issuer and subject names
|
|
|
|
|
*/
|
|
|
|
|
static int x509_fabricate_name(struct x509_parse_context *ctx, size_t hdrlen,
|
|
|
|
|
unsigned char tag,
|
|
|
|
|
char **_name, size_t vlen)
|
|
|
|
|
{
|
|
|
|
|
const void *name, *data = (const void *)ctx->data;
|
|
|
|
|
size_t namesize;
|
|
|
|
|
char *buffer;
|
|
|
|
|
|
|
|
|
|
if (*_name)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
/* Empty name string if no material */
|
|
|
|
|
if (!ctx->cn_size && !ctx->o_size && !ctx->email_size) {
|
|
|
|
|
buffer = kmalloc(1, GFP_KERNEL);
|
|
|
|
|
if (!buffer)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
buffer[0] = 0;
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ctx->cn_size && ctx->o_size) {
|
|
|
|
|
/* Consider combining O and CN, but use only the CN if it is
|
|
|
|
|
* prefixed by the O, or a significant portion thereof.
|
|
|
|
|
*/
|
|
|
|
|
namesize = ctx->cn_size;
|
|
|
|
|
name = data + ctx->cn_offset;
|
|
|
|
|
if (ctx->cn_size >= ctx->o_size &&
|
|
|
|
|
memcmp(data + ctx->cn_offset, data + ctx->o_offset,
|
|
|
|
|
ctx->o_size) == 0)
|
|
|
|
|
goto single_component;
|
|
|
|
|
if (ctx->cn_size >= 7 &&
|
|
|
|
|
ctx->o_size >= 7 &&
|
|
|
|
|
memcmp(data + ctx->cn_offset, data + ctx->o_offset, 7) == 0)
|
|
|
|
|
goto single_component;
|
|
|
|
|
|
|
|
|
|
buffer = kmalloc(ctx->o_size + 2 + ctx->cn_size + 1,
|
|
|
|
|
GFP_KERNEL);
|
|
|
|
|
if (!buffer)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
|
|
memcpy(buffer,
|
|
|
|
|
data + ctx->o_offset, ctx->o_size);
|
|
|
|
|
buffer[ctx->o_size + 0] = ':';
|
|
|
|
|
buffer[ctx->o_size + 1] = ' ';
|
|
|
|
|
memcpy(buffer + ctx->o_size + 2,
|
|
|
|
|
data + ctx->cn_offset, ctx->cn_size);
|
|
|
|
|
buffer[ctx->o_size + 2 + ctx->cn_size] = 0;
|
|
|
|
|
goto done;
|
|
|
|
|
|
|
|
|
|
} else if (ctx->cn_size) {
|
|
|
|
|
namesize = ctx->cn_size;
|
|
|
|
|
name = data + ctx->cn_offset;
|
|
|
|
|
} else if (ctx->o_size) {
|
|
|
|
|
namesize = ctx->o_size;
|
|
|
|
|
name = data + ctx->o_offset;
|
|
|
|
|
} else {
|
|
|
|
|
namesize = ctx->email_size;
|
|
|
|
|
name = data + ctx->email_offset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
single_component:
|
|
|
|
|
buffer = kmalloc(namesize + 1, GFP_KERNEL);
|
|
|
|
|
if (!buffer)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
memcpy(buffer, name, namesize);
|
|
|
|
|
buffer[namesize] = 0;
|
|
|
|
|
|
|
|
|
|
done:
|
|
|
|
|
*_name = buffer;
|
|
|
|
|
ctx->cn_size = 0;
|
|
|
|
|
ctx->o_size = 0;
|
|
|
|
|
ctx->email_size = 0;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int x509_note_issuer(void *context, size_t hdrlen,
|
|
|
|
|
unsigned char tag,
|
|
|
|
|
const void *value, size_t vlen)
|
|
|
|
|
{
|
|
|
|
|
struct x509_parse_context *ctx = context;
|
2021-11-09 15:16:49 +00:00
|
|
|
struct asymmetric_key_id *kid;
|
|
|
|
|
|
2014-07-01 15:40:19 +00:00
|
|
|
ctx->cert->raw_issuer = value;
|
|
|
|
|
ctx->cert->raw_issuer_size = vlen;
|
2021-11-09 15:16:49 +00:00
|
|
|
|
|
|
|
|
if (!ctx->cert->sig->auth_ids[2]) {
|
|
|
|
|
kid = asymmetric_key_generate_id(value, vlen, "", 0);
|
|
|
|
|
if (IS_ERR(kid))
|
|
|
|
|
return PTR_ERR(kid);
|
|
|
|
|
ctx->cert->sig->auth_ids[2] = kid;
|
|
|
|
|
}
|
|
|
|
|
|
2012-09-24 16:11:48 +00:00
|
|
|
return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->issuer, vlen);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int x509_note_subject(void *context, size_t hdrlen,
|
|
|
|
|
unsigned char tag,
|
|
|
|
|
const void *value, size_t vlen)
|
|
|
|
|
{
|
|
|
|
|
struct x509_parse_context *ctx = context;
|
2014-07-01 15:40:19 +00:00
|
|
|
ctx->cert->raw_subject = value;
|
|
|
|
|
ctx->cert->raw_subject_size = vlen;
|
2012-09-24 16:11:48 +00:00
|
|
|
return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->subject, vlen);
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-11 15:51:17 +00:00
|
|
|
/*
|
|
|
|
|
* Extract the parameters for the public key
|
|
|
|
|
*/
|
|
|
|
|
int x509_note_params(void *context, size_t hdrlen,
|
|
|
|
|
unsigned char tag,
|
|
|
|
|
const void *value, size_t vlen)
|
|
|
|
|
{
|
|
|
|
|
struct x509_parse_context *ctx = context;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* AlgorithmIdentifier is used three times in the x509, we should skip
|
|
|
|
|
* first and ignore third, using second one which is after subject and
|
|
|
|
|
* before subjectPublicKey.
|
|
|
|
|
*/
|
|
|
|
|
if (!ctx->cert->raw_subject || ctx->key)
|
|
|
|
|
return 0;
|
|
|
|
|
ctx->params = value - hdrlen;
|
|
|
|
|
ctx->params_size = vlen + hdrlen;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2012-09-24 16:11:48 +00:00
|
|
|
/*
|
|
|
|
|
* Extract the data for the public key algorithm
|
|
|
|
|
*/
|
|
|
|
|
int x509_extract_key_data(void *context, size_t hdrlen,
|
|
|
|
|
unsigned char tag,
|
|
|
|
|
const void *value, size_t vlen)
|
|
|
|
|
{
|
|
|
|
|
struct x509_parse_context *ctx = context;
|
2021-03-16 21:07:36 +00:00
|
|
|
enum OID oid;
|
2012-09-24 16:11:48 +00:00
|
|
|
|
crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm
Add Elliptic Curve Russian Digital Signature Algorithm (GOST R
34.10-2012, RFC 7091, ISO/IEC 14888-3) is one of the Russian (and since
2018 the CIS countries) cryptographic standard algorithms (called GOST
algorithms). Only signature verification is supported, with intent to be
used in the IMA.
Summary of the changes:
* crypto/Kconfig:
- EC-RDSA is added into Public-key cryptography section.
* crypto/Makefile:
- ecrdsa objects are added.
* crypto/asymmetric_keys/x509_cert_parser.c:
- Recognize EC-RDSA and Streebog OIDs.
* include/linux/oid_registry.h:
- EC-RDSA OIDs are added to the enum. Also, a two currently not
implemented curve OIDs are added for possible extension later (to
not change numbering and grouping).
* crypto/ecc.c:
- Kenneth MacKay copyright date is updated to 2014, because
vli_mmod_slow, ecc_point_add, ecc_point_mult_shamir are based on his
code from micro-ecc.
- Functions needed for ecrdsa are EXPORT_SYMBOL'ed.
- New functions:
vli_is_negative - helper to determine sign of vli;
vli_from_be64 - unpack big-endian array into vli (used for
a signature);
vli_from_le64 - unpack little-endian array into vli (used for
a public key);
vli_uadd, vli_usub - add/sub u64 value to/from vli (used for
increment/decrement);
mul_64_64 - optimized to use __int128 where appropriate, this speeds
up point multiplication (and as a consequence signature
verification) by the factor of 1.5-2;
vli_umult - multiply vli by a small value (speeds up point
multiplication by another factor of 1.5-2, depending on vli sizes);
vli_mmod_special - module reduction for some form of Pseudo-Mersenne
primes (used for the curves A);
vli_mmod_special2 - module reduction for another form of
Pseudo-Mersenne primes (used for the curves B);
vli_mmod_barrett - module reduction using pre-computed value (used
for the curve C);
vli_mmod_slow - more general module reduction which is much slower
(used when the modulus is subgroup order);
vli_mod_mult_slow - modular multiplication;
ecc_point_add - add two points;
ecc_point_mult_shamir - add two points multiplied by scalars in one
combined multiplication (this gives speed up by another factor 2 in
compare to two separate multiplications).
ecc_is_pubkey_valid_partial - additional samity check is added.
- Updated vli_mmod_fast with non-strict heuristic to call optimal
module reduction function depending on the prime value;
- All computations for the previously defined (two NIST) curves should
not unaffected.
* crypto/ecc.h:
- Newly exported functions are documented.
* crypto/ecrdsa_defs.h
- Five curves are defined.
* crypto/ecrdsa.c:
- Signature verification is implemented.
* crypto/ecrdsa_params.asn1, crypto/ecrdsa_pub_key.asn1:
- Templates for BER decoder for EC-RDSA parameters and public key.
Cc: linux-integrity@vger.kernel.org
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-04-11 15:51:20 +00:00
|
|
|
ctx->key_algo = ctx->last_oid;
|
2020-09-20 16:21:01 +00:00
|
|
|
switch (ctx->last_oid) {
|
|
|
|
|
case OID_rsaEncryption:
|
crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm
Add Elliptic Curve Russian Digital Signature Algorithm (GOST R
34.10-2012, RFC 7091, ISO/IEC 14888-3) is one of the Russian (and since
2018 the CIS countries) cryptographic standard algorithms (called GOST
algorithms). Only signature verification is supported, with intent to be
used in the IMA.
Summary of the changes:
* crypto/Kconfig:
- EC-RDSA is added into Public-key cryptography section.
* crypto/Makefile:
- ecrdsa objects are added.
* crypto/asymmetric_keys/x509_cert_parser.c:
- Recognize EC-RDSA and Streebog OIDs.
* include/linux/oid_registry.h:
- EC-RDSA OIDs are added to the enum. Also, a two currently not
implemented curve OIDs are added for possible extension later (to
not change numbering and grouping).
* crypto/ecc.c:
- Kenneth MacKay copyright date is updated to 2014, because
vli_mmod_slow, ecc_point_add, ecc_point_mult_shamir are based on his
code from micro-ecc.
- Functions needed for ecrdsa are EXPORT_SYMBOL'ed.
- New functions:
vli_is_negative - helper to determine sign of vli;
vli_from_be64 - unpack big-endian array into vli (used for
a signature);
vli_from_le64 - unpack little-endian array into vli (used for
a public key);
vli_uadd, vli_usub - add/sub u64 value to/from vli (used for
increment/decrement);
mul_64_64 - optimized to use __int128 where appropriate, this speeds
up point multiplication (and as a consequence signature
verification) by the factor of 1.5-2;
vli_umult - multiply vli by a small value (speeds up point
multiplication by another factor of 1.5-2, depending on vli sizes);
vli_mmod_special - module reduction for some form of Pseudo-Mersenne
primes (used for the curves A);
vli_mmod_special2 - module reduction for another form of
Pseudo-Mersenne primes (used for the curves B);
vli_mmod_barrett - module reduction using pre-computed value (used
for the curve C);
vli_mmod_slow - more general module reduction which is much slower
(used when the modulus is subgroup order);
vli_mod_mult_slow - modular multiplication;
ecc_point_add - add two points;
ecc_point_mult_shamir - add two points multiplied by scalars in one
combined multiplication (this gives speed up by another factor 2 in
compare to two separate multiplications).
ecc_is_pubkey_valid_partial - additional samity check is added.
- Updated vli_mmod_fast with non-strict heuristic to call optimal
module reduction function depending on the prime value;
- All computations for the previously defined (two NIST) curves should
not unaffected.
* crypto/ecc.h:
- Newly exported functions are documented.
* crypto/ecrdsa_defs.h
- Five curves are defined.
* crypto/ecrdsa.c:
- Signature verification is implemented.
* crypto/ecrdsa_params.asn1, crypto/ecrdsa_pub_key.asn1:
- Templates for BER decoder for EC-RDSA parameters and public key.
Cc: linux-integrity@vger.kernel.org
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-04-11 15:51:20 +00:00
|
|
|
ctx->cert->pub->pkey_algo = "rsa";
|
2020-09-20 16:21:01 +00:00
|
|
|
break;
|
|
|
|
|
case OID_gost2012PKey256:
|
|
|
|
|
case OID_gost2012PKey512:
|
crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm
Add Elliptic Curve Russian Digital Signature Algorithm (GOST R
34.10-2012, RFC 7091, ISO/IEC 14888-3) is one of the Russian (and since
2018 the CIS countries) cryptographic standard algorithms (called GOST
algorithms). Only signature verification is supported, with intent to be
used in the IMA.
Summary of the changes:
* crypto/Kconfig:
- EC-RDSA is added into Public-key cryptography section.
* crypto/Makefile:
- ecrdsa objects are added.
* crypto/asymmetric_keys/x509_cert_parser.c:
- Recognize EC-RDSA and Streebog OIDs.
* include/linux/oid_registry.h:
- EC-RDSA OIDs are added to the enum. Also, a two currently not
implemented curve OIDs are added for possible extension later (to
not change numbering and grouping).
* crypto/ecc.c:
- Kenneth MacKay copyright date is updated to 2014, because
vli_mmod_slow, ecc_point_add, ecc_point_mult_shamir are based on his
code from micro-ecc.
- Functions needed for ecrdsa are EXPORT_SYMBOL'ed.
- New functions:
vli_is_negative - helper to determine sign of vli;
vli_from_be64 - unpack big-endian array into vli (used for
a signature);
vli_from_le64 - unpack little-endian array into vli (used for
a public key);
vli_uadd, vli_usub - add/sub u64 value to/from vli (used for
increment/decrement);
mul_64_64 - optimized to use __int128 where appropriate, this speeds
up point multiplication (and as a consequence signature
verification) by the factor of 1.5-2;
vli_umult - multiply vli by a small value (speeds up point
multiplication by another factor of 1.5-2, depending on vli sizes);
vli_mmod_special - module reduction for some form of Pseudo-Mersenne
primes (used for the curves A);
vli_mmod_special2 - module reduction for another form of
Pseudo-Mersenne primes (used for the curves B);
vli_mmod_barrett - module reduction using pre-computed value (used
for the curve C);
vli_mmod_slow - more general module reduction which is much slower
(used when the modulus is subgroup order);
vli_mod_mult_slow - modular multiplication;
ecc_point_add - add two points;
ecc_point_mult_shamir - add two points multiplied by scalars in one
combined multiplication (this gives speed up by another factor 2 in
compare to two separate multiplications).
ecc_is_pubkey_valid_partial - additional samity check is added.
- Updated vli_mmod_fast with non-strict heuristic to call optimal
module reduction function depending on the prime value;
- All computations for the previously defined (two NIST) curves should
not unaffected.
* crypto/ecc.h:
- Newly exported functions are documented.
* crypto/ecrdsa_defs.h
- Five curves are defined.
* crypto/ecrdsa.c:
- Signature verification is implemented.
* crypto/ecrdsa_params.asn1, crypto/ecrdsa_pub_key.asn1:
- Templates for BER decoder for EC-RDSA parameters and public key.
Cc: linux-integrity@vger.kernel.org
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-04-11 15:51:20 +00:00
|
|
|
ctx->cert->pub->pkey_algo = "ecrdsa";
|
2020-09-20 16:21:01 +00:00
|
|
|
break;
|
|
|
|
|
case OID_id_ecPublicKey:
|
2021-03-16 21:07:36 +00:00
|
|
|
if (parse_OID(ctx->params, ctx->params_size, &oid) != 0)
|
|
|
|
|
return -EBADMSG;
|
|
|
|
|
|
|
|
|
|
switch (oid) {
|
2021-03-16 21:07:37 +00:00
|
|
|
case OID_id_prime192v1:
|
|
|
|
|
ctx->cert->pub->pkey_algo = "ecdsa-nist-p192";
|
|
|
|
|
break;
|
|
|
|
|
case OID_id_prime256v1:
|
|
|
|
|
ctx->cert->pub->pkey_algo = "ecdsa-nist-p256";
|
|
|
|
|
break;
|
2021-03-16 21:07:39 +00:00
|
|
|
case OID_id_ansip384r1:
|
|
|
|
|
ctx->cert->pub->pkey_algo = "ecdsa-nist-p384";
|
|
|
|
|
break;
|
2024-04-04 14:18:56 +00:00
|
|
|
case OID_id_ansip521r1:
|
|
|
|
|
ctx->cert->pub->pkey_algo = "ecdsa-nist-p521";
|
|
|
|
|
break;
|
2021-03-16 21:07:36 +00:00
|
|
|
default:
|
|
|
|
|
return -ENOPKG;
|
|
|
|
|
}
|
2020-09-20 16:21:01 +00:00
|
|
|
break;
|
|
|
|
|
default:
|
2012-09-24 16:11:48 +00:00
|
|
|
return -ENOPKG;
|
2020-09-20 16:21:01 +00:00
|
|
|
}
|
2012-09-24 16:11:48 +00:00
|
|
|
|
2013-08-30 15:15:24 +00:00
|
|
|
/* Discard the BIT STRING metadata */
|
2017-12-08 15:13:27 +00:00
|
|
|
if (vlen < 1 || *(const u8 *)value != 0)
|
|
|
|
|
return -EBADMSG;
|
2012-09-24 16:11:48 +00:00
|
|
|
ctx->key = value + 1;
|
|
|
|
|
ctx->key_size = vlen - 1;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2013-04-22 01:26:55 +00:00
|
|
|
/* The keyIdentifier in AuthorityKeyIdentifier SEQUENCE is tag(CONT,PRIM,0) */
|
|
|
|
|
#define SEQ_TAG_KEYID (ASN1_CONT << 6)
|
|
|
|
|
|
2012-09-24 16:11:48 +00:00
|
|
|
/*
|
|
|
|
|
* Process certificate extensions that are used to qualify the certificate.
|
|
|
|
|
*/
|
|
|
|
|
int x509_process_extension(void *context, size_t hdrlen,
|
|
|
|
|
unsigned char tag,
|
|
|
|
|
const void *value, size_t vlen)
|
|
|
|
|
{
|
|
|
|
|
struct x509_parse_context *ctx = context;
|
2014-09-16 16:36:13 +00:00
|
|
|
struct asymmetric_key_id *kid;
|
2012-09-24 16:11:48 +00:00
|
|
|
const unsigned char *v = value;
|
|
|
|
|
|
|
|
|
|
pr_debug("Extension: %u\n", ctx->last_oid);
|
|
|
|
|
|
|
|
|
|
if (ctx->last_oid == OID_subjectKeyIdentifier) {
|
|
|
|
|
/* Get hold of the key fingerprint */
|
2014-09-16 16:36:13 +00:00
|
|
|
if (ctx->cert->skid || vlen < 3)
|
2012-09-24 16:11:48 +00:00
|
|
|
return -EBADMSG;
|
|
|
|
|
if (v[0] != ASN1_OTS || v[1] != vlen - 2)
|
|
|
|
|
return -EBADMSG;
|
|
|
|
|
v += 2;
|
|
|
|
|
vlen -= 2;
|
|
|
|
|
|
2014-10-03 15:17:02 +00:00
|
|
|
ctx->cert->raw_skid_size = vlen;
|
|
|
|
|
ctx->cert->raw_skid = v;
|
2015-07-20 20:16:32 +00:00
|
|
|
kid = asymmetric_key_generate_id(v, vlen, "", 0);
|
2014-09-16 16:36:13 +00:00
|
|
|
if (IS_ERR(kid))
|
|
|
|
|
return PTR_ERR(kid);
|
|
|
|
|
ctx->cert->skid = kid;
|
|
|
|
|
pr_debug("subjkeyid %*phN\n", kid->len, kid->data);
|
2012-09-24 16:11:48 +00:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
KEYS: X.509: Parse Key Usage
Parse the X.509 Key Usage. The key usage extension defines the purpose of
the key contained in the certificate.
id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
KeyUsage ::= BIT STRING {
digitalSignature (0),
contentCommitment (1),
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5),
cRLSign (6),
encipherOnly (7),
decipherOnly (8) }
If the keyCertSign or digitalSignature is set, store it in the
public_key structure. Having the purpose of the key being stored
during parsing, allows enforcement on the usage field in the future.
This will be used in a follow on patch that requires knowing the
certificate key usage type.
Link: https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.3
Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
2023-03-02 16:46:50 +00:00
|
|
|
if (ctx->last_oid == OID_keyUsage) {
|
|
|
|
|
/*
|
|
|
|
|
* Get hold of the keyUsage bit string
|
|
|
|
|
* v[1] is the encoding size
|
|
|
|
|
* (Expect either 0x02 or 0x03, making it 1 or 2 bytes)
|
|
|
|
|
* v[2] is the number of unused bits in the bit string
|
|
|
|
|
* (If >= 3 keyCertSign is missing when v[1] = 0x02)
|
|
|
|
|
* v[3] and possibly v[4] contain the bit string
|
|
|
|
|
*
|
|
|
|
|
* From RFC 5280 4.2.1.3:
|
|
|
|
|
* 0x04 is where keyCertSign lands in this bit string
|
|
|
|
|
* 0x80 is where digitalSignature lands in this bit string
|
|
|
|
|
*/
|
|
|
|
|
if (v[0] != ASN1_BTS)
|
|
|
|
|
return -EBADMSG;
|
|
|
|
|
if (vlen < 4)
|
|
|
|
|
return -EBADMSG;
|
|
|
|
|
if (v[2] >= 8)
|
|
|
|
|
return -EBADMSG;
|
|
|
|
|
if (v[3] & 0x80)
|
|
|
|
|
ctx->cert->pub->key_eflags |= 1 << KEY_EFLAG_DIGITALSIG;
|
|
|
|
|
if (v[1] == 0x02 && v[2] <= 2 && (v[3] & 0x04))
|
|
|
|
|
ctx->cert->pub->key_eflags |= 1 << KEY_EFLAG_KEYCERTSIGN;
|
|
|
|
|
else if (vlen > 4 && v[1] == 0x03 && (v[3] & 0x04))
|
|
|
|
|
ctx->cert->pub->key_eflags |= 1 << KEY_EFLAG_KEYCERTSIGN;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2012-09-24 16:11:48 +00:00
|
|
|
if (ctx->last_oid == OID_authorityKeyIdentifier) {
|
|
|
|
|
/* Get hold of the CA key fingerprint */
|
2015-07-20 20:16:26 +00:00
|
|
|
ctx->raw_akid = v;
|
|
|
|
|
ctx->raw_akid_size = vlen;
|
2012-09-24 16:11:48 +00:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-02 16:46:49 +00:00
|
|
|
if (ctx->last_oid == OID_basicConstraints) {
|
|
|
|
|
/*
|
|
|
|
|
* Get hold of the basicConstraints
|
|
|
|
|
* v[1] is the encoding size
|
|
|
|
|
* (Expect 0x2 or greater, making it 1 or more bytes)
|
|
|
|
|
* v[2] is the encoding type
|
|
|
|
|
* (Expect an ASN1_BOOL for the CA)
|
|
|
|
|
* v[3] is the contents of the ASN1_BOOL
|
|
|
|
|
* (Expect 1 if the CA is TRUE)
|
|
|
|
|
* vlen should match the entire extension size
|
|
|
|
|
*/
|
|
|
|
|
if (v[0] != (ASN1_CONS_BIT | ASN1_SEQ))
|
|
|
|
|
return -EBADMSG;
|
|
|
|
|
if (vlen < 2)
|
|
|
|
|
return -EBADMSG;
|
|
|
|
|
if (v[1] != vlen - 2)
|
|
|
|
|
return -EBADMSG;
|
|
|
|
|
if (vlen >= 4 && v[1] != 0 && v[2] == ASN1_BOOL && v[3] == 1)
|
|
|
|
|
ctx->cert->pub->key_eflags |= 1 << KEY_EFLAG_CA;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2012-09-24 16:11:48 +00:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-29 15:58:32 +00:00
|
|
|
/**
|
|
|
|
|
* x509_decode_time - Decode an X.509 time ASN.1 object
|
|
|
|
|
* @_t: The time to fill in
|
|
|
|
|
* @hdrlen: The length of the object header
|
|
|
|
|
* @tag: The object tag
|
|
|
|
|
* @value: The object value
|
|
|
|
|
* @vlen: The size of the object value
|
|
|
|
|
*
|
|
|
|
|
* Decode an ASN.1 universal time or generalised time field into a struct the
|
|
|
|
|
* kernel can handle and check it for validity. The time is decoded thus:
|
|
|
|
|
*
|
|
|
|
|
* [RFC5280 §4.1.2.5]
|
|
|
|
|
* CAs conforming to this profile MUST always encode certificate validity
|
|
|
|
|
* dates through the year 2049 as UTCTime; certificate validity dates in
|
|
|
|
|
* 2050 or later MUST be encoded as GeneralizedTime. Conforming
|
|
|
|
|
* applications MUST be able to process validity dates that are encoded in
|
|
|
|
|
* either UTCTime or GeneralizedTime.
|
2012-09-24 16:11:48 +00:00
|
|
|
*/
|
2015-07-29 15:58:32 +00:00
|
|
|
int x509_decode_time(time64_t *_t, size_t hdrlen,
|
|
|
|
|
unsigned char tag,
|
|
|
|
|
const unsigned char *value, size_t vlen)
|
2012-09-24 16:11:48 +00:00
|
|
|
{
|
2016-02-24 14:37:15 +00:00
|
|
|
static const unsigned char month_lengths[] = { 31, 28, 31, 30, 31, 30,
|
2015-07-29 15:58:32 +00:00
|
|
|
31, 31, 30, 31, 30, 31 };
|
2012-09-24 16:11:48 +00:00
|
|
|
const unsigned char *p = value;
|
2015-07-29 15:58:32 +00:00
|
|
|
unsigned year, mon, day, hour, min, sec, mon_len;
|
2012-09-24 16:11:48 +00:00
|
|
|
|
2015-07-29 15:58:32 +00:00
|
|
|
#define dec2bin(X) ({ unsigned char x = (X) - '0'; if (x > 9) goto invalid_time; x; })
|
2012-09-24 16:11:48 +00:00
|
|
|
#define DD2bin(P) ({ unsigned x = dec2bin(P[0]) * 10 + dec2bin(P[1]); P += 2; x; })
|
|
|
|
|
|
|
|
|
|
if (tag == ASN1_UNITIM) {
|
|
|
|
|
/* UTCTime: YYMMDDHHMMSSZ */
|
|
|
|
|
if (vlen != 13)
|
|
|
|
|
goto unsupported_time;
|
2015-07-29 15:58:32 +00:00
|
|
|
year = DD2bin(p);
|
|
|
|
|
if (year >= 50)
|
|
|
|
|
year += 1900;
|
2012-09-24 16:11:48 +00:00
|
|
|
else
|
2015-07-29 15:58:32 +00:00
|
|
|
year += 2000;
|
2012-09-24 16:11:48 +00:00
|
|
|
} else if (tag == ASN1_GENTIM) {
|
|
|
|
|
/* GenTime: YYYYMMDDHHMMSSZ */
|
|
|
|
|
if (vlen != 15)
|
|
|
|
|
goto unsupported_time;
|
2015-07-29 15:58:32 +00:00
|
|
|
year = DD2bin(p) * 100 + DD2bin(p);
|
|
|
|
|
if (year >= 1950 && year <= 2049)
|
|
|
|
|
goto invalid_time;
|
2012-09-24 16:11:48 +00:00
|
|
|
} else {
|
|
|
|
|
goto unsupported_time;
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-29 15:58:32 +00:00
|
|
|
mon = DD2bin(p);
|
|
|
|
|
day = DD2bin(p);
|
|
|
|
|
hour = DD2bin(p);
|
|
|
|
|
min = DD2bin(p);
|
|
|
|
|
sec = DD2bin(p);
|
2012-09-24 16:11:48 +00:00
|
|
|
|
|
|
|
|
if (*p != 'Z')
|
|
|
|
|
goto unsupported_time;
|
|
|
|
|
|
2015-11-12 09:36:40 +00:00
|
|
|
if (year < 1970 ||
|
|
|
|
|
mon < 1 || mon > 12)
|
|
|
|
|
goto invalid_time;
|
|
|
|
|
|
|
|
|
|
mon_len = month_lengths[mon - 1];
|
2015-07-29 15:58:32 +00:00
|
|
|
if (mon == 2) {
|
|
|
|
|
if (year % 4 == 0) {
|
|
|
|
|
mon_len = 29;
|
|
|
|
|
if (year % 100 == 0) {
|
2016-02-24 14:37:15 +00:00
|
|
|
mon_len = 28;
|
|
|
|
|
if (year % 400 == 0)
|
|
|
|
|
mon_len = 29;
|
2015-07-29 15:58:32 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-12 09:36:40 +00:00
|
|
|
if (day < 1 || day > mon_len ||
|
2016-02-24 14:37:54 +00:00
|
|
|
hour > 24 || /* ISO 8601 permits 24:00:00 as midnight tomorrow */
|
2015-09-17 07:42:51 +00:00
|
|
|
min > 59 ||
|
2016-02-24 14:37:53 +00:00
|
|
|
sec > 60) /* ISO 8601 permits leap seconds [X.680 46.3] */
|
2015-07-29 15:58:32 +00:00
|
|
|
goto invalid_time;
|
2015-11-12 09:36:40 +00:00
|
|
|
|
2015-07-29 15:58:32 +00:00
|
|
|
*_t = mktime64(year, mon, day, hour, min, sec);
|
2012-09-24 16:11:48 +00:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
unsupported_time:
|
2015-07-29 15:58:32 +00:00
|
|
|
pr_debug("Got unsupported time [tag %02x]: '%*phN'\n",
|
|
|
|
|
tag, (int)vlen, value);
|
|
|
|
|
return -EBADMSG;
|
|
|
|
|
invalid_time:
|
|
|
|
|
pr_debug("Got invalid time [tag %02x]: '%*phN'\n",
|
|
|
|
|
tag, (int)vlen, value);
|
2012-09-24 16:11:48 +00:00
|
|
|
return -EBADMSG;
|
|
|
|
|
}
|
2015-07-29 15:58:32 +00:00
|
|
|
EXPORT_SYMBOL_GPL(x509_decode_time);
|
2012-09-24 16:11:48 +00:00
|
|
|
|
|
|
|
|
int x509_note_not_before(void *context, size_t hdrlen,
|
|
|
|
|
unsigned char tag,
|
|
|
|
|
const void *value, size_t vlen)
|
|
|
|
|
{
|
|
|
|
|
struct x509_parse_context *ctx = context;
|
2015-07-29 15:58:32 +00:00
|
|
|
return x509_decode_time(&ctx->cert->valid_from, hdrlen, tag, value, vlen);
|
2012-09-24 16:11:48 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int x509_note_not_after(void *context, size_t hdrlen,
|
|
|
|
|
unsigned char tag,
|
|
|
|
|
const void *value, size_t vlen)
|
|
|
|
|
{
|
|
|
|
|
struct x509_parse_context *ctx = context;
|
2015-07-29 15:58:32 +00:00
|
|
|
return x509_decode_time(&ctx->cert->valid_to, hdrlen, tag, value, vlen);
|
2012-09-24 16:11:48 +00:00
|
|
|
}
|
2015-07-20 20:16:26 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Note a key identifier-based AuthorityKeyIdentifier
|
|
|
|
|
*/
|
|
|
|
|
int x509_akid_note_kid(void *context, size_t hdrlen,
|
|
|
|
|
unsigned char tag,
|
|
|
|
|
const void *value, size_t vlen)
|
|
|
|
|
{
|
|
|
|
|
struct x509_parse_context *ctx = context;
|
|
|
|
|
struct asymmetric_key_id *kid;
|
|
|
|
|
|
|
|
|
|
pr_debug("AKID: keyid: %*phN\n", (int)vlen, value);
|
|
|
|
|
|
2016-04-06 15:13:33 +00:00
|
|
|
if (ctx->cert->sig->auth_ids[1])
|
2015-07-20 20:16:26 +00:00
|
|
|
return 0;
|
|
|
|
|
|
2015-07-20 20:16:32 +00:00
|
|
|
kid = asymmetric_key_generate_id(value, vlen, "", 0);
|
2015-07-20 20:16:26 +00:00
|
|
|
if (IS_ERR(kid))
|
|
|
|
|
return PTR_ERR(kid);
|
|
|
|
|
pr_debug("authkeyid %*phN\n", kid->len, kid->data);
|
2016-04-06 15:13:33 +00:00
|
|
|
ctx->cert->sig->auth_ids[1] = kid;
|
2015-07-20 20:16:26 +00:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Note a directoryName in an AuthorityKeyIdentifier
|
|
|
|
|
*/
|
|
|
|
|
int x509_akid_note_name(void *context, size_t hdrlen,
|
|
|
|
|
unsigned char tag,
|
|
|
|
|
const void *value, size_t vlen)
|
|
|
|
|
{
|
|
|
|
|
struct x509_parse_context *ctx = context;
|
|
|
|
|
|
|
|
|
|
pr_debug("AKID: name: %*phN\n", (int)vlen, value);
|
|
|
|
|
|
|
|
|
|
ctx->akid_raw_issuer = value;
|
|
|
|
|
ctx->akid_raw_issuer_size = vlen;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Note a serial number in an AuthorityKeyIdentifier
|
|
|
|
|
*/
|
|
|
|
|
int x509_akid_note_serial(void *context, size_t hdrlen,
|
|
|
|
|
unsigned char tag,
|
|
|
|
|
const void *value, size_t vlen)
|
|
|
|
|
{
|
|
|
|
|
struct x509_parse_context *ctx = context;
|
|
|
|
|
struct asymmetric_key_id *kid;
|
|
|
|
|
|
|
|
|
|
pr_debug("AKID: serial: %*phN\n", (int)vlen, value);
|
|
|
|
|
|
2016-04-06 15:13:33 +00:00
|
|
|
if (!ctx->akid_raw_issuer || ctx->cert->sig->auth_ids[0])
|
2015-07-20 20:16:26 +00:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
kid = asymmetric_key_generate_id(value,
|
|
|
|
|
vlen,
|
|
|
|
|
ctx->akid_raw_issuer,
|
|
|
|
|
ctx->akid_raw_issuer_size);
|
|
|
|
|
if (IS_ERR(kid))
|
|
|
|
|
return PTR_ERR(kid);
|
|
|
|
|
|
|
|
|
|
pr_debug("authkeyid %*phN\n", kid->len, kid->data);
|
2016-04-06 15:13:33 +00:00
|
|
|
ctx->cert->sig->auth_ids[0] = kid;
|
2015-07-20 20:16:26 +00:00
|
|
|
return 0;
|
|
|
|
|
}
|
