diff options
| author | David Howells <dhowells@redhat.com> | 2025-10-17 08:46:43 +0100 |
|---|---|---|
| committer | David Howells <dhowells@redhat.com> | 2026-01-30 11:34:34 +0000 |
| commit | 8bbdeb7a25b4cd3d829136a2e12982b8ee7d7991 (patch) | |
| tree | ec11a5f67add7bd6883c43de2c38a764f3e1cd38 | |
| parent | f3eccecd782dbaf33d5ad0d1fd22ea277300acdb (diff) | |
pkcs7, x509: Add ML-DSA support
Add support for ML-DSA keys and signatures to the CMS/PKCS#7 and X.509
implementations. ML-DSA-44, -65 and -87 are all supported. For X.509
certificates, the TBSCertificate is required to be signed directly; for
CMS, direct signing of the data is preferred, though use of SHA512 (and
only that) as an intermediate hash of the content is permitted with
signedAttrs.
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Lukas Wunner <lukas@wunner.de>
cc: Ignat Korchagin <ignat@cloudflare.com>
cc: Stephan Mueller <smueller@chronox.de>
cc: Eric Biggers <ebiggers@kernel.org>
cc: Herbert Xu <herbert@gondor.apana.org.au>
cc: keyrings@vger.kernel.org
cc: linux-crypto@vger.kernel.org
| -rw-r--r-- | crypto/asymmetric_keys/pkcs7_parser.c | 24 | ||||
| -rw-r--r-- | crypto/asymmetric_keys/public_key.c | 10 | ||||
| -rw-r--r-- | crypto/asymmetric_keys/x509_cert_parser.c | 27 | ||||
| -rw-r--r-- | include/linux/oid_registry.h | 5 |
4 files changed, 64 insertions, 2 deletions
diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c index 3cdbab3b9f50..594a8f1d9dfb 100644 --- a/crypto/asymmetric_keys/pkcs7_parser.c +++ b/crypto/asymmetric_keys/pkcs7_parser.c @@ -95,11 +95,18 @@ static int pkcs7_check_authattrs(struct pkcs7_message *msg) if (sinfo->authattrs) { want = true; msg->have_authattrs = true; + } else if (sinfo->sig->algo_takes_data) { + sinfo->sig->hash_algo = "none"; } - for (sinfo = sinfo->next; sinfo; sinfo = sinfo->next) + for (sinfo = sinfo->next; sinfo; sinfo = sinfo->next) { if (!!sinfo->authattrs != want) goto inconsistent; + + if (!sinfo->authattrs && + sinfo->sig->algo_takes_data) + sinfo->sig->hash_algo = "none"; + } return 0; inconsistent: @@ -297,6 +304,21 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen, ctx->sinfo->sig->pkey_algo = "ecrdsa"; ctx->sinfo->sig->encoding = "raw"; break; + case OID_id_ml_dsa_44: + ctx->sinfo->sig->pkey_algo = "mldsa44"; + ctx->sinfo->sig->encoding = "raw"; + ctx->sinfo->sig->algo_takes_data = true; + break; + case OID_id_ml_dsa_65: + ctx->sinfo->sig->pkey_algo = "mldsa65"; + ctx->sinfo->sig->encoding = "raw"; + ctx->sinfo->sig->algo_takes_data = true; + break; + case OID_id_ml_dsa_87: + ctx->sinfo->sig->pkey_algo = "mldsa87"; + ctx->sinfo->sig->encoding = "raw"; + ctx->sinfo->sig->algo_takes_data = true; + break; default: printk("Unsupported pkey algo: %u\n", ctx->last_oid); return -ENOPKG; diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index a46356e0c08b..09a0b83d5d77 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -142,6 +142,16 @@ software_key_determine_akcipher(const struct public_key *pkey, if (strcmp(hash_algo, "streebog256") != 0 && strcmp(hash_algo, "streebog512") != 0) return -EINVAL; + } else if (strcmp(pkey->pkey_algo, "mldsa44") == 0 || + strcmp(pkey->pkey_algo, "mldsa65") == 0 || + strcmp(pkey->pkey_algo, "mldsa87") == 0) { + if (strcmp(encoding, "raw") != 0) + return -EINVAL; + if (!hash_algo) + return -EINVAL; + if (strcmp(hash_algo, "none") != 0 && + strcmp(hash_algo, "sha512") != 0) + return -EINVAL; } else { /* Unknown public key algorithm */ return -ENOPKG; diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c index b37cae914987..2fe094f5caf3 100644 --- a/crypto/asymmetric_keys/x509_cert_parser.c +++ b/crypto/asymmetric_keys/x509_cert_parser.c @@ -257,6 +257,15 @@ int x509_note_sig_algo(void *context, size_t hdrlen, unsigned char tag, case OID_gost2012Signature512: ctx->cert->sig->hash_algo = "streebog512"; goto ecrdsa; + case OID_id_ml_dsa_44: + ctx->cert->sig->pkey_algo = "mldsa44"; + goto ml_dsa; + case OID_id_ml_dsa_65: + ctx->cert->sig->pkey_algo = "mldsa65"; + goto ml_dsa; + case OID_id_ml_dsa_87: + ctx->cert->sig->pkey_algo = "mldsa87"; + goto ml_dsa; } rsa_pkcs1: @@ -274,6 +283,12 @@ ecdsa: ctx->cert->sig->encoding = "x962"; ctx->sig_algo = ctx->last_oid; return 0; +ml_dsa: + ctx->cert->sig->algo_takes_data = true; + ctx->cert->sig->hash_algo = "none"; + ctx->cert->sig->encoding = "raw"; + ctx->sig_algo = ctx->last_oid; + return 0; } /* @@ -300,7 +315,8 @@ int x509_note_signature(void *context, size_t hdrlen, if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0 || strcmp(ctx->cert->sig->pkey_algo, "ecrdsa") == 0 || - strcmp(ctx->cert->sig->pkey_algo, "ecdsa") == 0) { + strcmp(ctx->cert->sig->pkey_algo, "ecdsa") == 0 || + strncmp(ctx->cert->sig->pkey_algo, "mldsa", 5) == 0) { /* Discard the BIT STRING metadata */ if (vlen < 1 || *(const u8 *)value != 0) return -EBADMSG; @@ -524,6 +540,15 @@ int x509_extract_key_data(void *context, size_t hdrlen, return -ENOPKG; } break; + case OID_id_ml_dsa_44: + ctx->cert->pub->pkey_algo = "mldsa44"; + break; + case OID_id_ml_dsa_65: + ctx->cert->pub->pkey_algo = "mldsa65"; + break; + case OID_id_ml_dsa_87: + ctx->cert->pub->pkey_algo = "mldsa87"; + break; default: return -ENOPKG; } diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h index 6de479ebbe5d..ebce402854de 100644 --- a/include/linux/oid_registry.h +++ b/include/linux/oid_registry.h @@ -145,6 +145,11 @@ enum OID { OID_id_rsassa_pkcs1_v1_5_with_sha3_384, /* 2.16.840.1.101.3.4.3.15 */ OID_id_rsassa_pkcs1_v1_5_with_sha3_512, /* 2.16.840.1.101.3.4.3.16 */ + /* NIST FIPS-204 ML-DSA */ + OID_id_ml_dsa_44, /* 2.16.840.1.101.3.4.3.17 */ + OID_id_ml_dsa_65, /* 2.16.840.1.101.3.4.3.18 */ + OID_id_ml_dsa_87, /* 2.16.840.1.101.3.4.3.19 */ + OID__NR }; |