aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDmitry Kasatkin <d.kasatkin@samsung.com>2013-05-06 08:58:15 -0400
committerMimi Zohar <zohar@linux.vnet.ibm.com>2013-10-25 17:15:18 -0400
commit3fe78ca2fb1d61ea598e63fcbf38aec76b36b3a8 (patch)
treed980cc80515b6ee7609de1e61583fa91cedaae83
parentee08997fee16f10be23c9748d609dbdf3baab8e4 (diff)
keys: change asymmetric keys to use common hash definitions
This patch makes use of the newly defined common hash algorithm info, replacing, for example, PKEY_HASH with HASH_ALGO. Changelog: - Lindent fixes - Mimi CC: David Howells <dhowells@redhat.com> Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-rw-r--r--crypto/asymmetric_keys/Kconfig1
-rw-r--r--crypto/asymmetric_keys/public_key.c12
-rw-r--r--crypto/asymmetric_keys/rsa.c14
-rw-r--r--crypto/asymmetric_keys/x509_cert_parser.c12
-rw-r--r--crypto/asymmetric_keys/x509_parser.h2
-rw-r--r--crypto/asymmetric_keys/x509_public_key.c9
-rw-r--r--include/crypto/public_key.h18
-rw-r--r--kernel/module_signing.c8
8 files changed, 28 insertions, 48 deletions
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index 862b01fe6172..82e7d6b0c276 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
@@ -13,6 +13,7 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
13 tristate "Asymmetric public-key crypto algorithm subtype" 13 tristate "Asymmetric public-key crypto algorithm subtype"
14 select MPILIB 14 select MPILIB
15 select PUBLIC_KEY_ALGO_RSA 15 select PUBLIC_KEY_ALGO_RSA
16 select CRYPTO_HASH_INFO
16 help 17 help
17 This option provides support for asymmetric public key type handling. 18 This option provides support for asymmetric public key type handling.
18 If signature generation and/or verification are to be used, 19 If signature generation and/or verification are to be used,
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index 49ac8d848ed1..97eb001960b9 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -36,18 +36,6 @@ const struct public_key_algorithm *pkey_algo[PKEY_ALGO__LAST] = {
36}; 36};
37EXPORT_SYMBOL_GPL(pkey_algo); 37EXPORT_SYMBOL_GPL(pkey_algo);
38 38
39const char *const pkey_hash_algo_name[PKEY_HASH__LAST] = {
40 [PKEY_HASH_MD4] = "md4",
41 [PKEY_HASH_MD5] = "md5",
42 [PKEY_HASH_SHA1] = "sha1",
43 [PKEY_HASH_RIPE_MD_160] = "rmd160",
44 [PKEY_HASH_SHA256] = "sha256",
45 [PKEY_HASH_SHA384] = "sha384",
46 [PKEY_HASH_SHA512] = "sha512",
47 [PKEY_HASH_SHA224] = "sha224",
48};
49EXPORT_SYMBOL_GPL(pkey_hash_algo_name);
50
51const char *const pkey_id_type_name[PKEY_ID_TYPE__LAST] = { 39const char *const pkey_id_type_name[PKEY_ID_TYPE__LAST] = {
52 [PKEY_ID_PGP] = "PGP", 40 [PKEY_ID_PGP] = "PGP",
53 [PKEY_ID_X509] = "X509", 41 [PKEY_ID_X509] = "X509",
diff --git a/crypto/asymmetric_keys/rsa.c b/crypto/asymmetric_keys/rsa.c
index 4a6a0696f8a3..90a17f59ba28 100644
--- a/crypto/asymmetric_keys/rsa.c
+++ b/crypto/asymmetric_keys/rsa.c
@@ -73,13 +73,13 @@ static const struct {
73 size_t size; 73 size_t size;
74} RSA_ASN1_templates[PKEY_HASH__LAST] = { 74} RSA_ASN1_templates[PKEY_HASH__LAST] = {
75#define _(X) { RSA_digest_info_##X, sizeof(RSA_digest_info_##X) } 75#define _(X) { RSA_digest_info_##X, sizeof(RSA_digest_info_##X) }
76 [PKEY_HASH_MD5] = _(MD5), 76 [HASH_ALGO_MD5] = _(MD5),
77 [PKEY_HASH_SHA1] = _(SHA1), 77 [HASH_ALGO_SHA1] = _(SHA1),
78 [PKEY_HASH_RIPE_MD_160] = _(RIPE_MD_160), 78 [HASH_ALGO_RIPE_MD_160] = _(RIPE_MD_160),
79 [PKEY_HASH_SHA256] = _(SHA256), 79 [HASH_ALGO_SHA256] = _(SHA256),
80 [PKEY_HASH_SHA384] = _(SHA384), 80 [HASH_ALGO_SHA384] = _(SHA384),
81 [PKEY_HASH_SHA512] = _(SHA512), 81 [HASH_ALGO_SHA512] = _(SHA512),
82 [PKEY_HASH_SHA224] = _(SHA224), 82 [HASH_ALGO_SHA224] = _(SHA224),
83#undef _ 83#undef _
84}; 84};
85 85
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 144201ccba0c..29893162497c 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -154,32 +154,32 @@ int x509_note_pkey_algo(void *context, size_t hdrlen,
154 return -ENOPKG; /* Unsupported combination */ 154 return -ENOPKG; /* Unsupported combination */
155 155
156 case OID_md4WithRSAEncryption: 156 case OID_md4WithRSAEncryption:
157 ctx->cert->sig.pkey_hash_algo = PKEY_HASH_MD5; 157 ctx->cert->sig.pkey_hash_algo = HASH_ALGO_MD5;
158 ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA; 158 ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
159 break; 159 break;
160 160
161 case OID_sha1WithRSAEncryption: 161 case OID_sha1WithRSAEncryption:
162 ctx->cert->sig.pkey_hash_algo = PKEY_HASH_SHA1; 162 ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA1;
163 ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA; 163 ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
164 break; 164 break;
165 165
166 case OID_sha256WithRSAEncryption: 166 case OID_sha256WithRSAEncryption:
167 ctx->cert->sig.pkey_hash_algo = PKEY_HASH_SHA256; 167 ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA256;
168 ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA; 168 ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
169 break; 169 break;
170 170
171 case OID_sha384WithRSAEncryption: 171 case OID_sha384WithRSAEncryption:
172 ctx->cert->sig.pkey_hash_algo = PKEY_HASH_SHA384; 172 ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA384;
173 ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA; 173 ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
174 break; 174 break;
175 175
176 case OID_sha512WithRSAEncryption: 176 case OID_sha512WithRSAEncryption:
177 ctx->cert->sig.pkey_hash_algo = PKEY_HASH_SHA512; 177 ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA512;
178 ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA; 178 ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
179 break; 179 break;
180 180
181 case OID_sha224WithRSAEncryption: 181 case OID_sha224WithRSAEncryption:
182 ctx->cert->sig.pkey_hash_algo = PKEY_HASH_SHA224; 182 ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA224;
183 ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA; 183 ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
184 break; 184 break;
185 } 185 }
diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h
index 87d9cc26f630..04c81bd0f3f2 100644
--- a/crypto/asymmetric_keys/x509_parser.h
+++ b/crypto/asymmetric_keys/x509_parser.h
@@ -21,6 +21,8 @@ struct x509_certificate {
21 char *authority; /* Authority key fingerprint as hex */ 21 char *authority; /* Authority key fingerprint as hex */
22 struct tm valid_from; 22 struct tm valid_from;
23 struct tm valid_to; 23 struct tm valid_to;
24 enum pkey_algo pkey_algo : 8; /* Public key algorithm */
25 enum hash_algo sig_hash_algo : 8; /* Signature hash algorithm */
24 const void *tbs; /* Signed data */ 26 const void *tbs; /* Signed data */
25 unsigned tbs_size; /* Size of signed data */ 27 unsigned tbs_size; /* Size of signed data */
26 unsigned raw_sig_size; /* Size of sigature */ 28 unsigned raw_sig_size; /* Size of sigature */
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index 6abc27f2e8a5..0a6bfad54916 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -96,7 +96,7 @@ int x509_get_sig_params(struct x509_certificate *cert)
96 /* Allocate the hashing algorithm we're going to need and find out how 96 /* Allocate the hashing algorithm we're going to need and find out how
97 * big the hash operational data will be. 97 * big the hash operational data will be.
98 */ 98 */
99 tfm = crypto_alloc_shash(pkey_hash_algo_name[cert->sig.pkey_hash_algo], 0, 0); 99 tfm = crypto_alloc_shash(hash_algo_name[cert->sig.pkey_hash_algo], 0, 0);
100 if (IS_ERR(tfm)) 100 if (IS_ERR(tfm))
101 return (PTR_ERR(tfm) == -ENOENT) ? -ENOPKG : PTR_ERR(tfm); 101 return (PTR_ERR(tfm) == -ENOENT) ? -ENOPKG : PTR_ERR(tfm);
102 102
@@ -199,7 +199,7 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
199 cert->sig.pkey_hash_algo >= PKEY_HASH__LAST || 199 cert->sig.pkey_hash_algo >= PKEY_HASH__LAST ||
200 !pkey_algo[cert->pub->pkey_algo] || 200 !pkey_algo[cert->pub->pkey_algo] ||
201 !pkey_algo[cert->sig.pkey_algo] || 201 !pkey_algo[cert->sig.pkey_algo] ||
202 !pkey_hash_algo_name[cert->sig.pkey_hash_algo]) { 202 !hash_algo_name[cert->sig.pkey_hash_algo]) {
203 ret = -ENOPKG; 203 ret = -ENOPKG;
204 goto error_free_cert; 204 goto error_free_cert;
205 } 205 }
@@ -213,9 +213,8 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
213 cert->valid_to.tm_year + 1900, cert->valid_to.tm_mon + 1, 213 cert->valid_to.tm_year + 1900, cert->valid_to.tm_mon + 1,
214 cert->valid_to.tm_mday, cert->valid_to.tm_hour, 214 cert->valid_to.tm_mday, cert->valid_to.tm_hour,
215 cert->valid_to.tm_min, cert->valid_to.tm_sec); 215 cert->valid_to.tm_min, cert->valid_to.tm_sec);
216 pr_devel("Cert Signature: %s + %s\n", 216 pr_devel("Cert Signature: %s\n",
217 pkey_algo_name[cert->sig.pkey_algo], 217 hash_algo_name[cert->sig.pkey_hash_algo]);
218 pkey_hash_algo_name[cert->sig.pkey_hash_algo]);
219 218
220 if (!cert->fingerprint) { 219 if (!cert->fingerprint) {
221 pr_warn("Cert for '%s' must have a SubjKeyId extension\n", 220 pr_warn("Cert for '%s' must have a SubjKeyId extension\n",
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
index b34fda4dcabf..fc09732613ad 100644
--- a/include/crypto/public_key.h
+++ b/include/crypto/public_key.h
@@ -15,6 +15,7 @@
15#define _LINUX_PUBLIC_KEY_H 15#define _LINUX_PUBLIC_KEY_H
16 16
17#include <linux/mpi.h> 17#include <linux/mpi.h>
18#include <crypto/hash_info.h>
18 19
19enum pkey_algo { 20enum pkey_algo {
20 PKEY_ALGO_DSA, 21 PKEY_ALGO_DSA,
@@ -25,19 +26,8 @@ enum pkey_algo {
25extern const char *const pkey_algo_name[PKEY_ALGO__LAST]; 26extern const char *const pkey_algo_name[PKEY_ALGO__LAST];
26extern const struct public_key_algorithm *pkey_algo[PKEY_ALGO__LAST]; 27extern const struct public_key_algorithm *pkey_algo[PKEY_ALGO__LAST];
27 28
28enum pkey_hash_algo { 29/* asymmetric key implementation supports only up to SHA224 */
29 PKEY_HASH_MD4, 30#define PKEY_HASH__LAST (HASH_ALGO_SHA224 + 1)
30 PKEY_HASH_MD5,
31 PKEY_HASH_SHA1,
32 PKEY_HASH_RIPE_MD_160,
33 PKEY_HASH_SHA256,
34 PKEY_HASH_SHA384,
35 PKEY_HASH_SHA512,
36 PKEY_HASH_SHA224,
37 PKEY_HASH__LAST
38};
39
40extern const char *const pkey_hash_algo_name[PKEY_HASH__LAST];
41 31
42enum pkey_id_type { 32enum pkey_id_type {
43 PKEY_ID_PGP, /* OpenPGP generated key ID */ 33 PKEY_ID_PGP, /* OpenPGP generated key ID */
@@ -91,7 +81,7 @@ struct public_key_signature {
91 u8 digest_size; /* Number of bytes in digest */ 81 u8 digest_size; /* Number of bytes in digest */
92 u8 nr_mpi; /* Occupancy of mpi[] */ 82 u8 nr_mpi; /* Occupancy of mpi[] */
93 enum pkey_algo pkey_algo : 8; 83 enum pkey_algo pkey_algo : 8;
94 enum pkey_hash_algo pkey_hash_algo : 8; 84 enum hash_algo pkey_hash_algo : 8;
95 union { 85 union {
96 MPI mpi[2]; 86 MPI mpi[2];
97 struct { 87 struct {
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
index 0b6b870dc5e4..be5b8fac4bd0 100644
--- a/kernel/module_signing.c
+++ b/kernel/module_signing.c
@@ -29,7 +29,7 @@
29 */ 29 */
30struct module_signature { 30struct module_signature {
31 u8 algo; /* Public-key crypto algorithm [enum pkey_algo] */ 31 u8 algo; /* Public-key crypto algorithm [enum pkey_algo] */
32 u8 hash; /* Digest algorithm [enum pkey_hash_algo] */ 32 u8 hash; /* Digest algorithm [enum hash_algo] */
33 u8 id_type; /* Key identifier type [enum pkey_id_type] */ 33 u8 id_type; /* Key identifier type [enum pkey_id_type] */
34 u8 signer_len; /* Length of signer's name */ 34 u8 signer_len; /* Length of signer's name */
35 u8 key_id_len; /* Length of key identifier */ 35 u8 key_id_len; /* Length of key identifier */
@@ -40,7 +40,7 @@ struct module_signature {
40/* 40/*
41 * Digest the module contents. 41 * Digest the module contents.
42 */ 42 */
43static struct public_key_signature *mod_make_digest(enum pkey_hash_algo hash, 43static struct public_key_signature *mod_make_digest(enum hash_algo hash,
44 const void *mod, 44 const void *mod,
45 unsigned long modlen) 45 unsigned long modlen)
46{ 46{
@@ -55,7 +55,7 @@ static struct public_key_signature *mod_make_digest(enum pkey_hash_algo hash,
55 /* Allocate the hashing algorithm we're going to need and find out how 55 /* Allocate the hashing algorithm we're going to need and find out how
56 * big the hash operational data will be. 56 * big the hash operational data will be.
57 */ 57 */
58 tfm = crypto_alloc_shash(pkey_hash_algo_name[hash], 0, 0); 58 tfm = crypto_alloc_shash(hash_algo_name[hash], 0, 0);
59 if (IS_ERR(tfm)) 59 if (IS_ERR(tfm))
60 return (PTR_ERR(tfm) == -ENOENT) ? ERR_PTR(-ENOPKG) : ERR_CAST(tfm); 60 return (PTR_ERR(tfm) == -ENOENT) ? ERR_PTR(-ENOPKG) : ERR_CAST(tfm);
61 61
@@ -218,7 +218,7 @@ int mod_verify_sig(const void *mod, unsigned long *_modlen)
218 return -ENOPKG; 218 return -ENOPKG;
219 219
220 if (ms.hash >= PKEY_HASH__LAST || 220 if (ms.hash >= PKEY_HASH__LAST ||
221 !pkey_hash_algo_name[ms.hash]) 221 !hash_algo_name[ms.hash])
222 return -ENOPKG; 222 return -ENOPKG;
223 223
224 key = request_asymmetric_key(sig, ms.signer_len, 224 key = request_asymmetric_key(sig, ms.signer_len,