bybrooklyn/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-04-18 06:44:00 -04:00
Code Issues Packages Projects Releases Wiki Activity

pkcs7, x509: Add ML-DSA support

Browse Source 
Add support for ML-DSA keys and signatures to the CMS/PKCS#7 and X.509
implementations.  ML-DSA-44, -65 and -87 are all supported.  For X.509
certificates, the TBSCertificate is required to be signed directly; for
CMS, direct signing of the data is preferred, though use of SHA512 (and
only that) as an intermediate hash of the content is permitted with
signedAttrs.

Signed-off-by: David Howells <dhowells@redhat.com>
cc: Lukas Wunner <lukas@wunner.de>
cc: Ignat Korchagin <ignat@cloudflare.com>
cc: Stephan Mueller <smueller@chronox.de>
cc: Eric Biggers <ebiggers@kernel.org>
cc: Herbert Xu <herbert@gondor.apana.org.au>
cc: keyrings@vger.kernel.org
cc: linux-crypto@vger.kernel.org
This commit is contained in:
David Howells
2025-10-17 08:46:43 +01:00
parent f3eccecd78
commit 8bbdeb7a25
4 changed files with 64 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
crypto/asymmetric_keys/pkcs7_parser.c
View File

@@ -95,11 +95,18 @@ static int pkcs7_check_authattrs(struct pkcs7_message *msg)
if (sinfo->authattrs) { if (sinfo->authattrs) {
want = true; want = true;
msg->have_authattrs = true; msg->have_authattrs = true;
} else if (sinfo->sig->algo_takes_data) {
sinfo->sig->hash_algo = "none";
} }
for (sinfo = sinfo->next; sinfo; sinfo = sinfo->next) for (sinfo = sinfo->next; sinfo; sinfo = sinfo->next) {
if (!!sinfo->authattrs != want) if (!!sinfo->authattrs != want)
goto inconsistent; goto inconsistent;
if (!sinfo->authattrs &&
sinfo->sig->algo_takes_data)
sinfo->sig->hash_algo = "none";
}
return 0; return 0;
inconsistent: inconsistent:
@@ -297,6 +304,21 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen,
ctx->sinfo->sig->pkey_algo = "ecrdsa"; ctx->sinfo->sig->pkey_algo = "ecrdsa";
ctx->sinfo->sig->encoding = "raw"; ctx->sinfo->sig->encoding = "raw";
break; break;
case OID_id_ml_dsa_44:
ctx->sinfo->sig->pkey_algo = "mldsa44";
ctx->sinfo->sig->encoding = "raw";
ctx->sinfo->sig->algo_takes_data = true;
break;
case OID_id_ml_dsa_65:
ctx->sinfo->sig->pkey_algo = "mldsa65";
ctx->sinfo->sig->encoding = "raw";
ctx->sinfo->sig->algo_takes_data = true;
break;
case OID_id_ml_dsa_87:
ctx->sinfo->sig->pkey_algo = "mldsa87";
ctx->sinfo->sig->encoding = "raw";
ctx->sinfo->sig->algo_takes_data = true;
break;
default: default:
printk("Unsupported pkey algo: %u\n", ctx->last_oid); printk("Unsupported pkey algo: %u\n", ctx->last_oid);
return -ENOPKG; return -ENOPKG;

10
crypto/asymmetric_keys/public_key.c
View File

@@ -142,6 +142,16 @@ software_key_determine_akcipher(const struct public_key *pkey,
if (strcmp(hash_algo, "streebog256") != 0 && if (strcmp(hash_algo, "streebog256") != 0 &&
strcmp(hash_algo, "streebog512") != 0) strcmp(hash_algo, "streebog512") != 0)
return -EINVAL; return -EINVAL;
} else if (strcmp(pkey->pkey_algo, "mldsa44") == 0 ||
strcmp(pkey->pkey_algo, "mldsa65") == 0 ||
strcmp(pkey->pkey_algo, "mldsa87") == 0) {
if (strcmp(encoding, "raw") != 0)
return -EINVAL;
if (!hash_algo)
return -EINVAL;
if (strcmp(hash_algo, "none") != 0 &&
strcmp(hash_algo, "sha512") != 0)
return -EINVAL;
} else { } else {
/* Unknown public key algorithm */ /* Unknown public key algorithm */
return -ENOPKG; return -ENOPKG;

27
crypto/asymmetric_keys/x509_cert_parser.c
View File

@@ -257,6 +257,15 @@ int x509_note_sig_algo(void *context, size_t hdrlen, unsigned char tag,
case OID_gost2012Signature512: case OID_gost2012Signature512:
ctx->cert->sig->hash_algo = "streebog512"; ctx->cert->sig->hash_algo = "streebog512";
goto ecrdsa; goto ecrdsa;
case OID_id_ml_dsa_44:
ctx->cert->sig->pkey_algo = "mldsa44";
goto ml_dsa;
case OID_id_ml_dsa_65:
ctx->cert->sig->pkey_algo = "mldsa65";
goto ml_dsa;
case OID_id_ml_dsa_87:
ctx->cert->sig->pkey_algo = "mldsa87";
goto ml_dsa;
} }
rsa_pkcs1: rsa_pkcs1:
@@ -274,6 +283,12 @@ ecdsa:
ctx->cert->sig->encoding = "x962"; ctx->cert->sig->encoding = "x962";
ctx->sig_algo = ctx->last_oid; ctx->sig_algo = ctx->last_oid;
return 0; return 0;
ml_dsa:
ctx->cert->sig->algo_takes_data = true;
ctx->cert->sig->hash_algo = "none";
ctx->cert->sig->encoding = "raw";
ctx->sig_algo = ctx->last_oid;
return 0;
} }
/* /*
@@ -300,7 +315,8 @@ int x509_note_signature(void *context, size_t hdrlen,
if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0 || if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0 ||
strcmp(ctx->cert->sig->pkey_algo, "ecrdsa") == 0 || strcmp(ctx->cert->sig->pkey_algo, "ecrdsa") == 0 ||
strcmp(ctx->cert->sig->pkey_algo, "ecdsa") == 0) { strcmp(ctx->cert->sig->pkey_algo, "ecdsa") == 0 ||
strncmp(ctx->cert->sig->pkey_algo, "mldsa", 5) == 0) {
/* Discard the BIT STRING metadata */ /* Discard the BIT STRING metadata */
if (vlen < 1 || *(const u8 *)value != 0) if (vlen < 1 || *(const u8 *)value != 0)
return -EBADMSG; return -EBADMSG;
@@ -524,6 +540,15 @@ int x509_extract_key_data(void *context, size_t hdrlen,
return -ENOPKG; return -ENOPKG;
} }
break; break;
case OID_id_ml_dsa_44:
ctx->cert->pub->pkey_algo = "mldsa44";
break;
case OID_id_ml_dsa_65:
ctx->cert->pub->pkey_algo = "mldsa65";
break;
case OID_id_ml_dsa_87:
ctx->cert->pub->pkey_algo = "mldsa87";
break;
default: default:
return -ENOPKG; return -ENOPKG;
} }

5
include/linux/oid_registry.h
View File

@@ -145,6 +145,11 @@ enum OID {
OID_id_rsassa_pkcs1_v1_5_with_sha3_384, /* 2.16.840.1.101.3.4.3.15 */ OID_id_rsassa_pkcs1_v1_5_with_sha3_384, /* 2.16.840.1.101.3.4.3.15 */
OID_id_rsassa_pkcs1_v1_5_with_sha3_512, /* 2.16.840.1.101.3.4.3.16 */ OID_id_rsassa_pkcs1_v1_5_with_sha3_512, /* 2.16.840.1.101.3.4.3.16 */
/* NIST FIPS-204 ML-DSA */
OID_id_ml_dsa_44, /* 2.16.840.1.101.3.4.3.17 */
OID_id_ml_dsa_65, /* 2.16.840.1.101.3.4.3.18 */
OID_id_ml_dsa_87, /* 2.16.840.1.101.3.4.3.19 */
OID__NR OID__NR
}; };