From: Gu Bowen <gubowen5@huawei.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
David Howells <dhowells@redhat.com>,
David Woodhouse <dwmw2@infradead.org>,
Lukas Wunner <lukas@wunner.de>,
Ignat Korchagin <ignat@cloudflare.com>,
"David S . Miller" <davem@davemloft.net>,
Jarkko Sakkinen <jarkko@kernel.org>,
Maxime Coquelin <mcoquelin.stm32@gmail.com>,
Alexandre Torgue <alexandre.torgue@foss.st.com>,
Eric Biggers <ebiggers@kernel.org>,
"Jason A . Donenfeld" <Jason@zx2c4.com>,
Ard Biesheuvel <ardb@kernel.org>,
Tianjia Zhang <tianjia.zhang@linux.alibaba.com>,
Dan Carpenter <dan.carpenter@linaro.org>
Cc: <keyrings@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<linux-crypto@vger.kernel.org>,
<linux-stm32@st-md-mailman.stormreply.com>,
<linux-arm-kernel@lists.infradead.org>,
Lu Jialin <lujialin4@huawei.com>,
GONG Ruiqi <gongruiqi1@huawei.com>,
Gu Bowen <gubowen5@huawei.com>
Subject: [PATCH RFC 4/4] crypto/sm2: support SM2-with-SM3 verification of X.509 certificates
Date: Mon, 30 Jun 2025 21:39:34 +0800 [thread overview]
Message-ID: <20250630133934.766646-5-gubowen5@huawei.com> (raw)
In-Reply-To: <20250630133934.766646-1-gubowen5@huawei.com>
The digest is calculated during certificate parsing, but the public key of
the signing certificate need to be obtained before calculating the digest
to correctly calculate the Z value.
By attempting to obtain the public key before computing the digest, the
feasibility of doing so was tested and verified.
Signed-off-by: Gu Bowen <gubowen5@huawei.com>
---
certs/system_keyring.c | 8 +++++++
crypto/asymmetric_keys/public_key.c | 7 ++++++
crypto/asymmetric_keys/x509_public_key.c | 27 +++++++++++++++++++++++-
include/keys/system_keyring.h | 13 ++++++++++++
4 files changed, 54 insertions(+), 1 deletion(-)
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 9de610bf1f4b..adceb3f0928c 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -32,6 +32,14 @@ extern __initconst const u8 system_certificate_list[];
extern __initconst const unsigned long system_certificate_list_size;
extern __initconst const unsigned long module_cert_size;
+struct key *find_asymmetric_pub_key(const struct asymmetric_key_id *id_0,
+ const struct asymmetric_key_id *id_1,
+ const struct asymmetric_key_id *id_2)
+{
+ return find_asymmetric_key(builtin_trusted_keys, id_0,
+ id_1, id_2, false);
+}
+
/**
* restrict_link_by_builtin_trusted - Restrict keyring addition by built-in CA
* @dest_keyring: Keyring being linked to.
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index e5b177c8e842..ca0bb32e093a 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -134,6 +134,13 @@ software_key_determine_akcipher(const struct public_key *pkey,
n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME, "%s(%s)",
encoding, pkey->pkey_algo);
return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0;
+ } else if (strcmp(pkey->pkey_algo, "sm2") == 0) {
+ if (strcmp(encoding, "raw") != 0)
+ return -EINVAL;
+ if (!hash_algo)
+ return -EINVAL;
+ if (strcmp(hash_algo, "sm3") != 0)
+ return -EINVAL;
} else if (strcmp(pkey->pkey_algo, "ecrdsa") == 0) {
if (strcmp(encoding, "raw") != 0)
return -EINVAL;
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index 8409d7d36cb4..62bbc423d632 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -7,6 +7,7 @@
#define pr_fmt(fmt) "X.509: "fmt
#include <crypto/hash.h>
+#include <crypto/sm2.h>
#include <keys/asymmetric-parser.h>
#include <keys/asymmetric-subtype.h>
#include <keys/system_keyring.h>
@@ -28,6 +29,8 @@ int x509_get_sig_params(struct x509_certificate *cert)
struct shash_desc *desc;
size_t desc_size;
int ret;
+ struct key *key;
+ struct public_key *pkey;
pr_devel("==>%s()\n", __func__);
@@ -63,8 +66,30 @@ int x509_get_sig_params(struct x509_certificate *cert)
desc->tfm = tfm;
- ret = crypto_shash_digest(desc, cert->tbs, cert->tbs_size,
+ if (strcmp(cert->pub->pkey_algo, "sm2") == 0) {
+ if (!sig->auth_ids[0] && !sig->auth_ids[1] && !sig->auth_ids[2])
+ return -ENOKEY;
+
+ key = find_asymmetric_pub_key(sig->auth_ids[0], sig->auth_ids[1],
+ sig->auth_ids[2]);
+ if (IS_ERR(key))
+ pkey = cert->pub;
+ else
+ pkey = key->payload.data[asym_crypto];
+
+ ret = strcmp(sig->hash_algo, "sm3") != 0 ? -EINVAL :
+ crypto_shash_init(desc) ?:
+ sm2_compute_z_digest(desc, pkey->key,
+ pkey->keylen, sig->digest) ?:
+ crypto_shash_init(desc) ?:
+ crypto_shash_update(desc, sig->digest,
+ sig->digest_size) ?:
+ crypto_shash_finup(desc, cert->tbs, cert->tbs_size,
+ sig->digest);
+ } else {
+ ret = crypto_shash_digest(desc, cert->tbs, cert->tbs_size,
sig->digest);
+ }
if (ret < 0)
goto error_2;
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index a6c2897bcc63..21b466e5d2f3 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -10,6 +10,8 @@
#include <linux/key.h>
+struct asymmetric_key_id;
+
enum blacklist_hash_type {
/* TBSCertificate hash */
BLACKLIST_HASH_X509_TBS = 1,
@@ -19,6 +21,10 @@ enum blacklist_hash_type {
#ifdef CONFIG_SYSTEM_TRUSTED_KEYRING
+extern struct key *find_asymmetric_pub_key(const struct asymmetric_key_id *id_0,
+ const struct asymmetric_key_id *id_1,
+ const struct asymmetric_key_id *id_2);
+
extern int restrict_link_by_builtin_trusted(struct key *keyring,
const struct key_type *type,
const union key_payload *payload,
@@ -30,6 +36,13 @@ int restrict_link_by_digsig_builtin(struct key *dest_keyring,
extern __init int load_module_cert(struct key *keyring);
#else
+static inline struct key *find_asymmetric_pub_key(const struct asymmetric_key_id *id_0,
+ const struct asymmetric_key_id *id_1,
+ const struct asymmetric_key_id *id_2)
+{
+ return NULL;
+}
+
#define restrict_link_by_builtin_trusted restrict_link_reject
#define restrict_link_by_digsig_builtin restrict_link_reject
--
2.25.1
next prev parent reply other threads:[~2025-06-30 13:27 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-30 13:39 [PATCH RFC 0/4] Reintroduce the sm2 algorithm Gu Bowen
2025-06-30 13:39 ` [PATCH RFC 1/4] Revert "Revert "lib/mpi: Extend the MPI library"" Gu Bowen
2025-07-03 9:18 ` Xi Ruoyao
2025-06-30 13:39 ` [PATCH RFC 2/4] Revert "Revert "lib/mpi: Introduce ec implementation to " Gu Bowen
2025-07-02 15:18 ` Ignat Korchagin
2025-06-30 13:39 ` [PATCH RFC 3/4] crypto/sm2: Rework sm2 alg with sig_alg backend Gu Bowen
2025-06-30 13:39 ` Gu Bowen [this message]
2025-06-30 19:41 ` [PATCH RFC 0/4] Reintroduce the sm2 algorithm Dan Carpenter
2025-07-01 3:49 ` Gu Bowen
2025-07-03 13:14 ` Jason A. Donenfeld
2025-07-03 13:29 ` Jason A. Donenfeld
2025-07-03 13:33 ` Ignat Korchagin
2025-07-11 2:14 ` Gu Bowen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250630133934.766646-5-gubowen5@huawei.com \
--to=gubowen5@huawei.com \
--cc=Jason@zx2c4.com \
--cc=alexandre.torgue@foss.st.com \
--cc=ardb@kernel.org \
--cc=dan.carpenter@linaro.org \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=ebiggers@kernel.org \
--cc=gongruiqi1@huawei.com \
--cc=herbert@gondor.apana.org.au \
--cc=ignat@cloudflare.com \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-stm32@st-md-mailman.stormreply.com \
--cc=lujialin4@huawei.com \
--cc=lukas@wunner.de \
--cc=mcoquelin.stm32@gmail.com \
--cc=tianjia.zhang@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).