Skip to content

Commit

Permalink
crypto: KEYS: convert public key and digsig asym to the akcipher api
Browse files Browse the repository at this point in the history
This patch converts the module verification code to the new akcipher API.

Signed-off-by: Tadeusz Struk <[email protected]>
Acked-by: Herbert Xu <[email protected]>
Signed-off-by: David Howells <[email protected]>
  • Loading branch information
tstruk authored and dhowells committed Feb 10, 2016
1 parent 50d3501 commit db6c43b
Show file tree
Hide file tree
Showing 12 changed files with 134 additions and 295 deletions.
2 changes: 1 addition & 1 deletion crypto/asymmetric_keys/Kconfig
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE

config PUBLIC_KEY_ALGO_RSA
tristate "RSA public-key algorithm"
select MPILIB
select CRYPTO_RSA
help
This option enables support for the RSA algorithm (PKCS#1, RFC3447).

Expand Down
7 changes: 2 additions & 5 deletions crypto/asymmetric_keys/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -16,21 +16,18 @@ obj-$(CONFIG_X509_CERTIFICATE_PARSER) += x509_key_parser.o
x509_key_parser-y := \
x509-asn1.o \
x509_akid-asn1.o \
x509_rsakey-asn1.o \
x509_cert_parser.o \
x509_public_key.o

$(obj)/x509_cert_parser.o: \
$(obj)/x509-asn1.h \
$(obj)/x509_akid-asn1.h \
$(obj)/x509_rsakey-asn1.h
$(obj)/x509_akid-asn1.h

$(obj)/x509-asn1.o: $(obj)/x509-asn1.c $(obj)/x509-asn1.h
$(obj)/x509_akid-asn1.o: $(obj)/x509_akid-asn1.c $(obj)/x509_akid-asn1.h
$(obj)/x509_rsakey-asn1.o: $(obj)/x509_rsakey-asn1.c $(obj)/x509_rsakey-asn1.h

clean-files += x509-asn1.c x509-asn1.h
clean-files += x509_akid-asn1.c x509_akid-asn1.h
clean-files += x509_rsakey-asn1.c x509_rsakey-asn1.h

#
# PKCS#7 message handling
Expand Down
12 changes: 5 additions & 7 deletions crypto/asymmetric_keys/pkcs7_parser.c
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
#include <linux/slab.h>
#include <linux/err.h>
#include <linux/oid_registry.h>
#include "public_key.h"
#include <crypto/public_key.h>
#include "pkcs7_parser.h"
#include "pkcs7-asn1.h"

Expand Down Expand Up @@ -44,7 +44,7 @@ struct pkcs7_parse_context {
static void pkcs7_free_signed_info(struct pkcs7_signed_info *sinfo)
{
if (sinfo) {
mpi_free(sinfo->sig.mpi[0]);
kfree(sinfo->sig.s);
kfree(sinfo->sig.digest);
kfree(sinfo->signing_cert_id);
kfree(sinfo);
Expand Down Expand Up @@ -614,16 +614,14 @@ int pkcs7_sig_note_signature(void *context, size_t hdrlen,
const void *value, size_t vlen)
{
struct pkcs7_parse_context *ctx = context;
MPI mpi;

BUG_ON(ctx->sinfo->sig.pkey_algo != PKEY_ALGO_RSA);

mpi = mpi_read_raw_data(value, vlen);
if (!mpi)
ctx->sinfo->sig.s = kmemdup(value, vlen, GFP_KERNEL);
if (!ctx->sinfo->sig.s)
return -ENOMEM;

ctx->sinfo->sig.mpi[0] = mpi;
ctx->sinfo->sig.nr_mpi = 1;
ctx->sinfo->sig.s_size = vlen;
return 0;
}

Expand Down
2 changes: 1 addition & 1 deletion crypto/asymmetric_keys/pkcs7_trust.c
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
#include <linux/asn1.h>
#include <linux/key.h>
#include <keys/asymmetric-type.h>
#include "public_key.h"
#include <crypto/public_key.h>
#include "pkcs7_parser.h"

/**
Expand Down
2 changes: 1 addition & 1 deletion crypto/asymmetric_keys/pkcs7_verify.c
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
#include <linux/err.h>
#include <linux/asn1.h>
#include <crypto/hash.h>
#include "public_key.h"
#include <crypto/public_key.h>
#include "pkcs7_parser.h"

/*
Expand Down
64 changes: 22 additions & 42 deletions crypto/asymmetric_keys/public_key.c
Original file line number Diff line number Diff line change
Expand Up @@ -18,31 +18,29 @@
#include <linux/slab.h>
#include <linux/seq_file.h>
#include <keys/asymmetric-subtype.h>
#include "public_key.h"
#include <crypto/public_key.h>

MODULE_LICENSE("GPL");

const char *const pkey_algo_name[PKEY_ALGO__LAST] = {
[PKEY_ALGO_DSA] = "DSA",
[PKEY_ALGO_RSA] = "RSA",
[PKEY_ALGO_DSA] = "dsa",
[PKEY_ALGO_RSA] = "rsa",
};
EXPORT_SYMBOL_GPL(pkey_algo_name);

const struct public_key_algorithm *pkey_algo[PKEY_ALGO__LAST] = {
#if defined(CONFIG_PUBLIC_KEY_ALGO_RSA) || \
defined(CONFIG_PUBLIC_KEY_ALGO_RSA_MODULE)
[PKEY_ALGO_RSA] = &RSA_public_key_algorithm,
#endif
};
EXPORT_SYMBOL_GPL(pkey_algo);

const char *const pkey_id_type_name[PKEY_ID_TYPE__LAST] = {
[PKEY_ID_PGP] = "PGP",
[PKEY_ID_X509] = "X509",
[PKEY_ID_PKCS7] = "PKCS#7",
};
EXPORT_SYMBOL_GPL(pkey_id_type_name);

static int (*alg_verify[PKEY_ALGO__LAST])(const struct public_key *pkey,
const struct public_key_signature *sig) = {
NULL,
rsa_verify_signature
};

/*
* Provide a part of a description of the key for /proc/keys.
*/
Expand All @@ -53,7 +51,8 @@ static void public_key_describe(const struct key *asymmetric_key,

if (key)
seq_printf(m, "%s.%s",
pkey_id_type_name[key->id_type], key->algo->name);
pkey_id_type_name[key->id_type],
pkey_algo_name[key->pkey_algo]);
}

/*
Expand All @@ -62,50 +61,31 @@ static void public_key_describe(const struct key *asymmetric_key,
void public_key_destroy(void *payload)
{
struct public_key *key = payload;
int i;

if (key) {
for (i = 0; i < ARRAY_SIZE(key->mpi); i++)
mpi_free(key->mpi[i]);
kfree(key);
}
if (key)
kfree(key->key);
kfree(key);
}
EXPORT_SYMBOL_GPL(public_key_destroy);

/*
* Verify a signature using a public key.
*/
int public_key_verify_signature(const struct public_key *pk,
int public_key_verify_signature(const struct public_key *pkey,
const struct public_key_signature *sig)
{
const struct public_key_algorithm *algo;

BUG_ON(!pk);
BUG_ON(!pk->mpi[0]);
BUG_ON(!pk->mpi[1]);
BUG_ON(!pkey);
BUG_ON(!sig);
BUG_ON(!sig->digest);
BUG_ON(!sig->mpi[0]);

algo = pk->algo;
if (!algo) {
if (pk->pkey_algo >= PKEY_ALGO__LAST)
return -ENOPKG;
algo = pkey_algo[pk->pkey_algo];
if (!algo)
return -ENOPKG;
}
BUG_ON(!sig->s);

if (!algo->verify_signature)
return -ENOTSUPP;
if (pkey->pkey_algo >= PKEY_ALGO__LAST)
return -ENOPKG;

if (sig->nr_mpi != algo->n_sig_mpi) {
pr_debug("Signature has %u MPI not %u\n",
sig->nr_mpi, algo->n_sig_mpi);
return -EINVAL;
}
if (!alg_verify[pkey->pkey_algo])
return -ENOPKG;

return algo->verify_signature(pk, sig);
return alg_verify[pkey->pkey_algo](pkey, sig);
}
EXPORT_SYMBOL_GPL(public_key_verify_signature);

Expand Down
36 changes: 0 additions & 36 deletions crypto/asymmetric_keys/public_key.h

This file was deleted.

Loading

0 comments on commit db6c43b

Please sign in to comment.