KEYS: Implement binary asymmetric key ID handling

Implement the first step in using binary key IDs for asymmetric keys rather than hex string keys. The previously added match data preparsing will be able to convert hex criterion strings into binary which can then be compared more rapidly. Further, we actually want more then one ID string per public key. The problem is that X.509 certs refer to other X.509 certs by matching Issuer + AuthKeyId to Subject + SubjKeyId, but PKCS#7 messages match against X.509 Issuer + SerialNumber. This patch just provides facilities for a later patch to make use of. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Vivek Goyal <vgoyal@redhat.com>
author: David Howells <dhowells@redhat.com> 2014-09-16 12:36:11 -0400
committer: David Howells <dhowells@redhat.com> 2014-09-16 12:36:11 -0400
commit: 7901c1a8effbe5f89673bfc09d6e37b8f334f1a7 (patch)
tree: d11b8945fe52a9973fa56d9d7aa99a5496a9115f /crypto/asymmetric_keys
parent: f93b3cc7b1e6f16aedd745a8edba64355383184c (diff)
2 files changed, 93 insertions, 0 deletions
diff --git a/crypto/asymmetric_keys/asymmetric_keys.h b/crypto/asymmetric_keys/asymmetric_keys.h
index a63c551c6557..917be6b985e7 100644
--- a/crypto/asymmetric_keys/asymmetric_keys.h
+++ b/crypto/asymmetric_keys/asymmetric_keys.h
@@ -10,6 +10,10 @@
 */
 int asymmetric_keyid_match(const char *kid, const char *id);
+extern bool asymmetric_match_key_ids(const struct asymmetric_key_ids *kids,
+                                     const struct asymmetric_key_id *match_id);
+extern struct asymmetric_key_id *asymmetric_key_hex_to_key_id(const char *id);
 static inline const char *asymmetric_key_id(const struct key *key)
 {
diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c
index 7755f918e8d9..92bfc438dd1d 100644
--- a/crypto/asymmetric_keys/asymmetric_type.c
+++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -15,6 +15,7 @@
 #include <linux/seq_file.h>
 #include <linux/module.h>
 #include <linux/slab.h>
+#include <linux/ctype.h>
 #include "asymmetric_keys.h"
 MODULE_LICENSE("GPL");
@@ -22,6 +23,94 @@ MODULE_LICENSE("GPL");
 static LIST_HEAD(asymmetric_key_parsers);
 static DECLARE_RWSEM(asymmetric_key_parsers_sem);
+/**
+ * asymmetric_key_generate_id: Construct an asymmetric key ID
+ * @val_1: First binary blob
+ * @len_1: Length of first binary blob
+ * @val_2: Second binary blob
+ * @len_2: Length of second binary blob
+ *
+ * Construct an asymmetric key ID from a pair of binary blobs.
+ */
+struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1,
+                                                     size_t len_1,
+                                                     const void *val_2,
+                                                     size_t len_2)
+{
+        struct asymmetric_key_id *kid;
+        kid = kmalloc(sizeof(struct asymmetric_key_id) + len_1 + len_2,
+                      GFP_KERNEL);
+        if (!kid)
+                return ERR_PTR(-ENOMEM);
+        kid->len = len_1 + len_2;
+        memcpy(kid->data, val_1, len_1);
+        memcpy(kid->data + len_1, val_2, len_2);
+        return kid;
+}
+EXPORT_SYMBOL_GPL(asymmetric_key_generate_id);
+/**
+ * asymmetric_key_id_same - Return true if two asymmetric keys IDs are the same.
+ * @kid_1, @kid_2: The key IDs to compare
+ */
+bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
+                            const struct asymmetric_key_id *kid2)
+{
+        if (!kid1 || !kid2)
+                return false;
+        if (kid1->len != kid2->len)
+                return false;
+        return memcmp(kid1->data, kid2->data, kid1->len) == 0;
+}
+EXPORT_SYMBOL_GPL(asymmetric_key_id_same);
+/**
+ * asymmetric_match_key_ids - Search asymmetric key IDs
+ * @kids: The list of key IDs to check
+ * @match_id: The key ID we're looking for
+ */
+bool asymmetric_match_key_ids(const struct asymmetric_key_ids *kids,
+                              const struct asymmetric_key_id *match_id)
+{
+        if (!kids || !match_id)
+                return false;
+        if (asymmetric_key_id_same(kids->id[0], match_id))
+                return true;
+        if (asymmetric_key_id_same(kids->id[1], match_id))
+                return true;
+        return false;
+}
+EXPORT_SYMBOL_GPL(asymmetric_match_key_ids);
+/**
+ * asymmetric_key_hex_to_key_id - Convert a hex string into a key ID.
+ * @id: The ID as a hex string.
+ */
+struct asymmetric_key_id *asymmetric_key_hex_to_key_id(const char *id)
+{
+        struct asymmetric_key_id *match_id;
+        const char *p;
+        ptrdiff_t hexlen;
+        if (!*id)
+                return ERR_PTR(-EINVAL);
+        for (p = id; *p; p++)
+                if (!isxdigit(*p))
+                        return ERR_PTR(-EINVAL);
+        hexlen = p - id;
+        if (hexlen & 1)
+                return ERR_PTR(-EINVAL);
+        match_id = kmalloc(sizeof(struct asymmetric_key_id) + hexlen / 2,
+                           GFP_KERNEL);
+        if (!match_id)
+                return ERR_PTR(-ENOMEM);
+        match_id->len = hexlen / 2;
+        (void)hex2bin(match_id->data, id, hexlen / 2);
+        return match_id;
+}
 /*
 * Match asymmetric key id with partial match
 * @id:         key id to match in a form "id:<id>"
author	David Howells <dhowells@redhat.com>	2014-09-16 12:36:11 -0400
committer	David Howells <dhowells@redhat.com>	2014-09-16 12:36:11 -0400
commit	7901c1a8effbe5f89673bfc09d6e37b8f334f1a7 (patch)
tree	d11b8945fe52a9973fa56d9d7aa99a5496a9115f /crypto/asymmetric_keys
parent	f93b3cc7b1e6f16aedd745a8edba64355383184c (diff)

diff --git a/crypto/asymmetric_keys/asymmetric_keys.h b/crypto/asymmetric_keys/asymmetric_keys.h index a63c551c6557..917be6b985e7 100644 --- a/crypto/asymmetric_keys/asymmetric_keys.h +++ b/crypto/asymmetric_keys/asymmetric_keys.h
@@ -10,6 +10,10 @@
10	*/	10	*/
11		11
12	int asymmetric_keyid_match(const char kid, const char id);	12	int asymmetric_keyid_match(const char kid, const char id);
		13	extern bool asymmetric_match_key_ids(const struct asymmetric_key_ids *kids,
		14	const struct asymmetric_key_id *match_id);
		15
		16	extern struct asymmetric_key_id asymmetric_key_hex_to_key_id(const char id);
13		17
14	static inline const char asymmetric_key_id(const struct key key)	18	static inline const char asymmetric_key_id(const struct key key)
15	{	19	{


diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c index 7755f918e8d9..92bfc438dd1d 100644 --- a/crypto/asymmetric_keys/asymmetric_type.c +++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -15,6 +15,7 @@
15	#include <linux/seq_file.h>	15	#include <linux/seq_file.h>
16	#include <linux/module.h>	16	#include <linux/module.h>
17	#include <linux/slab.h>	17	#include <linux/slab.h>
		18	#include <linux/ctype.h>
18	#include "asymmetric_keys.h"	19	#include "asymmetric_keys.h"
19		20
20	MODULE_LICENSE("GPL");	21	MODULE_LICENSE("GPL");
@@ -22,6 +23,94 @@ MODULE_LICENSE("GPL");
22	static LIST_HEAD(asymmetric_key_parsers);	23	static LIST_HEAD(asymmetric_key_parsers);
23	static DECLARE_RWSEM(asymmetric_key_parsers_sem);	24	static DECLARE_RWSEM(asymmetric_key_parsers_sem);
24		25
		26	/**
		27	* asymmetric_key_generate_id: Construct an asymmetric key ID
		28	* @val_1: First binary blob
		29	* @len_1: Length of first binary blob
		30	* @val_2: Second binary blob
		31	* @len_2: Length of second binary blob
		32	*
		33	* Construct an asymmetric key ID from a pair of binary blobs.
		34	*/
		35	struct asymmetric_key_id asymmetric_key_generate_id(const void val_1,
		36	size_t len_1,
		37	const void *val_2,
		38	size_t len_2)
		39	{
		40	struct asymmetric_key_id *kid;
		41
		42	kid = kmalloc(sizeof(struct asymmetric_key_id) + len_1 + len_2,
		43	GFP_KERNEL);
		44	if (!kid)
		45	return ERR_PTR(-ENOMEM);
		46	kid->len = len_1 + len_2;
		47	memcpy(kid->data, val_1, len_1);
		48	memcpy(kid->data + len_1, val_2, len_2);
		49	return kid;
		50	}
		51	EXPORT_SYMBOL_GPL(asymmetric_key_generate_id);
		52
		53	/**
		54	* asymmetric_key_id_same - Return true if two asymmetric keys IDs are the same.
		55	* @kid_1, @kid_2: The key IDs to compare
		56	*/
		57	bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
		58	const struct asymmetric_key_id *kid2)
		59	{
		60	if (!kid1 \|\| !kid2)
		61	return false;
		62	if (kid1->len != kid2->len)
		63	return false;
		64	return memcmp(kid1->data, kid2->data, kid1->len) == 0;
		65	}
		66	EXPORT_SYMBOL_GPL(asymmetric_key_id_same);
		67
		68	/**
		69	* asymmetric_match_key_ids - Search asymmetric key IDs
		70	* @kids: The list of key IDs to check
		71	* @match_id: The key ID we're looking for
		72	*/
		73	bool asymmetric_match_key_ids(const struct asymmetric_key_ids *kids,
		74	const struct asymmetric_key_id *match_id)
		75	{
		76	if (!kids \|\| !match_id)
		77	return false;
		78	if (asymmetric_key_id_same(kids->id[0], match_id))
		79	return true;
		80	if (asymmetric_key_id_same(kids->id[1], match_id))
		81	return true;
		82	return false;
		83	}
		84	EXPORT_SYMBOL_GPL(asymmetric_match_key_ids);
		85
		86	/**
		87	* asymmetric_key_hex_to_key_id - Convert a hex string into a key ID.
		88	* @id: The ID as a hex string.
		89	*/
		90	struct asymmetric_key_id asymmetric_key_hex_to_key_id(const char id)
		91	{
		92	struct asymmetric_key_id *match_id;
		93	const char *p;
		94	ptrdiff_t hexlen;
		95
		96	if (!*id)
		97	return ERR_PTR(-EINVAL);
		98	for (p = id; *p; p++)
		99	if (!isxdigit(*p))
		100	return ERR_PTR(-EINVAL);
		101	hexlen = p - id;
		102	if (hexlen & 1)
		103	return ERR_PTR(-EINVAL);
		104
		105	match_id = kmalloc(sizeof(struct asymmetric_key_id) + hexlen / 2,
		106	GFP_KERNEL);
		107	if (!match_id)
		108	return ERR_PTR(-ENOMEM);
		109	match_id->len = hexlen / 2;
		110	(void)hex2bin(match_id->data, id, hexlen / 2);
		111	return match_id;
		112	}
		113
25	/*	114	/*
26	* Match asymmetric key id with partial match	115	* Match asymmetric key id with partial match
27	* @id: key id to match in a form "id:<id>"	116	* @id: key id to match in a form "id:<id>"