krb5 commit: Add ecdsa-with-sha512/256 to supportedCMSTypes

ghudson at mit.edu ghudson at mit.edu
Mon Jul 24 14:40:41 EDT 2023 

https://github.com/krb5/krb5/commit/9913e5c92c4e5cb76d6ae58386f744766d2e6454
commit 9913e5c92c4e5cb76d6ae58386f744766d2e6454
Author: Julien Rische <jrische at redhat.com>
Date:   Wed Jun 21 18:27:11 2023 +0200

    Add ecdsa-with-sha512/256 to supportedCMSTypes
    
    Elliptic curve certificates are already supported for PKINIT
    pre-authentication, but their associated signature types aren't
    advertized.  Add ecdsa-with-sha512 and ecdsa-with-sha256 OIDs to the
    supportedCMSTypes list sent by the client.
    
    [ghudson at mit.edu: edited commit message]
    
    ticket: 9100 (new)

 src/plugins/preauth/pkinit/pkinit_constants.c | 38 +++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/src/plugins/preauth/pkinit/pkinit_constants.c b/src/plugins/preauth/pkinit/pkinit_constants.c
index 10f8688ec..905e90d29 100644
--- a/src/plugins/preauth/pkinit/pkinit_constants.c
+++ b/src/plugins/preauth/pkinit/pkinit_constants.c
@@ -64,14 +64,52 @@ static char sha512WithRSAEncr_oid[9] = {
     0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d
 };
 
+/* RFC 3279 ecdsa-with-SHA1: iso(1) member-body(2) us(840) ansi-X9-62(10045)
+ * signatures(4) 1 */
+static char ecdsaWithSha1_oid[] = {
+    0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01
+};
+
+/* RFC 5758 ecdsa-with-SHA256: iso(1) member-body(2) us(840) ansi-X9-62(10045)
+ * signatures(4) ecdsa-with-SHA2(3) 2 */
+static char ecdsaWithSha256_oid[] = {
+    0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02
+};
+
+/* RFC 5758 ecdsa-with-SHA384: iso(1) member-body(2) us(840) ansi-X9-62(10045)
+ * signatures(4) ecdsa-with-SHA2(3) 3 */
+static char ecdsaWithSha384_oid[] = {
+    0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03
+};
+
+/* RFC 5758 ecdsa-with-SHA512: iso(1) member-body(2) us(840) ansi-X9-62(10045)
+ * signatures(4) ecdsa-with-SHA2(3) 4 */
+static char ecdsaWithSha512_oid[] = {
+    0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04
+};
+
 const krb5_data sha256WithRSAEncr_id = {
     KV5M_DATA, sizeof(sha256WithRSAEncr_oid), sha256WithRSAEncr_oid
 };
 const krb5_data sha512WithRSAEncr_id = {
     KV5M_DATA, sizeof(sha512WithRSAEncr_oid), sha512WithRSAEncr_oid
 };
+const krb5_data ecdsaWithSha1_id = {
+    KV5M_DATA, sizeof(ecdsaWithSha1_oid), ecdsaWithSha1_oid
+};
+const krb5_data ecdsaWithSha256_id = {
+    KV5M_DATA, sizeof(ecdsaWithSha256_oid), ecdsaWithSha256_oid
+};
+const krb5_data ecdsaWithSha384_id = {
+    KV5M_DATA, sizeof(ecdsaWithSha384_oid), ecdsaWithSha384_oid
+};
+const krb5_data ecdsaWithSha512_id = {
+    KV5M_DATA, sizeof(ecdsaWithSha512_oid), ecdsaWithSha512_oid
+};
 
 krb5_data const * const supported_cms_algs[] = {
+    &ecdsaWithSha512_id,
+    &ecdsaWithSha256_id,
     &sha512WithRSAEncr_id,
     &sha256WithRSAEncr_id,
     NULL

More information about the cvs-krb5 mailing list