diff options
author | Denis Kenzior <denkenz@gmail.com> | 2022-07-06 14:57:15 -0500 |
---|---|---|
committer | Denis Kenzior <denkenz@gmail.com> | 2022-07-26 20:44:00 -0500 |
commit | 16718a115de7655e8d16f56533a682f9a8927d7b (patch) | |
tree | c4dac859b5c9264afd1b172aafc22f6283b458b5 | |
parent | effd7dc86a52efe9f1c713fc6a76415f39877bce (diff) |
cert/key: Add support for EC based certificates
Mostly for use with Elliptic Curve (EC) Digital Signature
Algorithm (DSA) based certificates. Other combinations of EC +
signature algorithms are also possible.
This requires your kernel to be built with CRYPTO_ECDSA support.
-rw-r--r-- | ell/cert.c | 18 | ||||
-rw-r--r-- | ell/cert.h | 1 | ||||
-rw-r--r-- | ell/key.c | 1 | ||||
-rw-r--r-- | ell/key.h | 1 |
4 files changed, 19 insertions, 2 deletions
@@ -77,7 +77,15 @@ static const struct pkcs1_encryption_oid { } pkcs1_encryption_oids[] = { { /* rsaEncryption */ L_CERT_KEY_RSA, - { 9, { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01 } }, + { .asn1_len = 9, .asn1 = { + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01 } + }, + }, + { /* ecPublicKey */ + L_CERT_KEY_ECC, + { .asn1_len = 7, .asn1 = { + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01 } + }, }, }; @@ -261,8 +269,14 @@ LIB_EXPORT struct l_key *l_cert_get_pubkey(struct l_cert *cert) return NULL; /* Use kernel's ASN.1 certificate parser to find the key data for us */ - if (cert->pubkey_type == L_CERT_KEY_RSA) + switch (cert->pubkey_type) { + case L_CERT_KEY_RSA: return l_key_new(L_KEY_RSA, cert->asn1, cert->asn1_len); + case L_CERT_KEY_ECC: + return l_key_new(L_KEY_ECC, cert->asn1, cert->asn1_len); + case L_CERT_KEY_UNKNOWN: + break; + } return NULL; } @@ -36,6 +36,7 @@ struct l_certchain; enum l_cert_key_type { L_CERT_KEY_RSA, + L_CERT_KEY_ECC, L_CERT_KEY_UNKNOWN, }; @@ -108,6 +108,7 @@ struct l_keyring { static const char * const key_type_names[] = { [L_KEY_RAW] = "user", [L_KEY_RSA] = "asymmetric", + [L_KEY_ECC] = "asymmetric", }; static long kernel_add_key(const char *type, const char *description, @@ -45,6 +45,7 @@ enum l_key_feature { enum l_key_type { L_KEY_RAW = 0, L_KEY_RSA, + L_KEY_ECC, }; enum l_keyring_restriction { |