diff options
author | David Howells <dhowells@redhat.com> | 2012-09-21 18:24:55 -0400 |
---|---|---|
committer | Rusty Russell <rusty@rustcorp.com.au> | 2012-10-07 23:20:14 -0400 |
commit | a9681bf3dd7ccd2b32eba27d327ab76607429f7a (patch) | |
tree | 667676a21ec5f72e15d37c9db7fb3a77c10bc0cd /crypto | |
parent | 46c6f1776e2f53eebb1fc361946877bab7533227 (diff) |
KEYS: Asymmetric public-key algorithm crypto key subtype
Add a subtype for supporting asymmetric public-key encryption algorithms such
as DSA (FIPS-186) and RSA (PKCS#1 / RFC1337).
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/asymmetric_keys/Kconfig | 8 | ||||
-rw-r--r-- | crypto/asymmetric_keys/Makefile | 2 | ||||
-rw-r--r-- | crypto/asymmetric_keys/public_key.c | 108 | ||||
-rw-r--r-- | crypto/asymmetric_keys/public_key.h | 28 |
4 files changed, 146 insertions, 0 deletions
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig index cad29b3efa0e..bbfccaa35293 100644 --- a/crypto/asymmetric_keys/Kconfig +++ b/crypto/asymmetric_keys/Kconfig | |||
@@ -9,5 +9,13 @@ menuconfig ASYMMETRIC_KEY_TYPE | |||
9 | 9 | ||
10 | if ASYMMETRIC_KEY_TYPE | 10 | if ASYMMETRIC_KEY_TYPE |
11 | 11 | ||
12 | config ASYMMETRIC_PUBLIC_KEY_SUBTYPE | ||
13 | tristate "Asymmetric public-key crypto algorithm subtype" | ||
14 | select MPILIB | ||
15 | help | ||
16 | This option provides support for asymmetric public key type handling. | ||
17 | If signature generation and/or verification are to be used, | ||
18 | appropriate hash algorithms (such as SHA-1) must be available. | ||
19 | ENOPKG will be reported if the requisite algorithm is unavailable. | ||
12 | 20 | ||
13 | endif # ASYMMETRIC_KEY_TYPE | 21 | endif # ASYMMETRIC_KEY_TYPE |
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile index b725bcce4cfd..5ed46eecb299 100644 --- a/crypto/asymmetric_keys/Makefile +++ b/crypto/asymmetric_keys/Makefile | |||
@@ -5,3 +5,5 @@ | |||
5 | obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o | 5 | obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o |
6 | 6 | ||
7 | asymmetric_keys-y := asymmetric_type.o | 7 | asymmetric_keys-y := asymmetric_type.o |
8 | |||
9 | obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o | ||
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c new file mode 100644 index 000000000000..cb2e29180a87 --- /dev/null +++ b/crypto/asymmetric_keys/public_key.c | |||
@@ -0,0 +1,108 @@ | |||
1 | /* In-software asymmetric public-key crypto subtype | ||
2 | * | ||
3 | * See Documentation/crypto/asymmetric-keys.txt | ||
4 | * | ||
5 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. | ||
6 | * Written by David Howells (dhowells@redhat.com) | ||
7 | * | ||
8 | * This program is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU General Public Licence | ||
10 | * as published by the Free Software Foundation; either version | ||
11 | * 2 of the Licence, or (at your option) any later version. | ||
12 | */ | ||
13 | |||
14 | #define pr_fmt(fmt) "PKEY: "fmt | ||
15 | #include <linux/module.h> | ||
16 | #include <linux/export.h> | ||
17 | #include <linux/kernel.h> | ||
18 | #include <linux/slab.h> | ||
19 | #include <linux/seq_file.h> | ||
20 | #include <keys/asymmetric-subtype.h> | ||
21 | #include "public_key.h" | ||
22 | |||
23 | MODULE_LICENSE("GPL"); | ||
24 | |||
25 | const char *const pkey_algo[PKEY_ALGO__LAST] = { | ||
26 | [PKEY_ALGO_DSA] = "DSA", | ||
27 | [PKEY_ALGO_RSA] = "RSA", | ||
28 | }; | ||
29 | EXPORT_SYMBOL_GPL(pkey_algo); | ||
30 | |||
31 | const char *const pkey_hash_algo[PKEY_HASH__LAST] = { | ||
32 | [PKEY_HASH_MD4] = "md4", | ||
33 | [PKEY_HASH_MD5] = "md5", | ||
34 | [PKEY_HASH_SHA1] = "sha1", | ||
35 | [PKEY_HASH_RIPE_MD_160] = "rmd160", | ||
36 | [PKEY_HASH_SHA256] = "sha256", | ||
37 | [PKEY_HASH_SHA384] = "sha384", | ||
38 | [PKEY_HASH_SHA512] = "sha512", | ||
39 | [PKEY_HASH_SHA224] = "sha224", | ||
40 | }; | ||
41 | EXPORT_SYMBOL_GPL(pkey_hash_algo); | ||
42 | |||
43 | const char *const pkey_id_type[PKEY_ID_TYPE__LAST] = { | ||
44 | [PKEY_ID_PGP] = "PGP", | ||
45 | [PKEY_ID_X509] = "X509", | ||
46 | }; | ||
47 | EXPORT_SYMBOL_GPL(pkey_id_type); | ||
48 | |||
49 | /* | ||
50 | * Provide a part of a description of the key for /proc/keys. | ||
51 | */ | ||
52 | static void public_key_describe(const struct key *asymmetric_key, | ||
53 | struct seq_file *m) | ||
54 | { | ||
55 | struct public_key *key = asymmetric_key->payload.data; | ||
56 | |||
57 | if (key) | ||
58 | seq_printf(m, "%s.%s", | ||
59 | pkey_id_type[key->id_type], key->algo->name); | ||
60 | } | ||
61 | |||
62 | /* | ||
63 | * Destroy a public key algorithm key. | ||
64 | */ | ||
65 | void public_key_destroy(void *payload) | ||
66 | { | ||
67 | struct public_key *key = payload; | ||
68 | int i; | ||
69 | |||
70 | if (key) { | ||
71 | for (i = 0; i < ARRAY_SIZE(key->mpi); i++) | ||
72 | mpi_free(key->mpi[i]); | ||
73 | kfree(key); | ||
74 | } | ||
75 | } | ||
76 | EXPORT_SYMBOL_GPL(public_key_destroy); | ||
77 | |||
78 | /* | ||
79 | * Verify a signature using a public key. | ||
80 | */ | ||
81 | static int public_key_verify_signature(const struct key *key, | ||
82 | const struct public_key_signature *sig) | ||
83 | { | ||
84 | const struct public_key *pk = key->payload.data; | ||
85 | |||
86 | if (!pk->algo->verify_signature) | ||
87 | return -ENOTSUPP; | ||
88 | |||
89 | if (sig->nr_mpi != pk->algo->n_sig_mpi) { | ||
90 | pr_debug("Signature has %u MPI not %u\n", | ||
91 | sig->nr_mpi, pk->algo->n_sig_mpi); | ||
92 | return -EINVAL; | ||
93 | } | ||
94 | |||
95 | return pk->algo->verify_signature(pk, sig); | ||
96 | } | ||
97 | |||
98 | /* | ||
99 | * Public key algorithm asymmetric key subtype | ||
100 | */ | ||
101 | struct asymmetric_key_subtype public_key_subtype = { | ||
102 | .owner = THIS_MODULE, | ||
103 | .name = "public_key", | ||
104 | .describe = public_key_describe, | ||
105 | .destroy = public_key_destroy, | ||
106 | .verify_signature = public_key_verify_signature, | ||
107 | }; | ||
108 | EXPORT_SYMBOL_GPL(public_key_subtype); | ||
diff --git a/crypto/asymmetric_keys/public_key.h b/crypto/asymmetric_keys/public_key.h new file mode 100644 index 000000000000..1f86aad31003 --- /dev/null +++ b/crypto/asymmetric_keys/public_key.h | |||
@@ -0,0 +1,28 @@ | |||
1 | /* Public key algorithm internals | ||
2 | * | ||
3 | * See Documentation/crypto/asymmetric-keys.txt | ||
4 | * | ||
5 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. | ||
6 | * Written by David Howells (dhowells@redhat.com) | ||
7 | * | ||
8 | * This program is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU General Public Licence | ||
10 | * as published by the Free Software Foundation; either version | ||
11 | * 2 of the Licence, or (at your option) any later version. | ||
12 | */ | ||
13 | |||
14 | #include <crypto/public_key.h> | ||
15 | |||
16 | extern struct asymmetric_key_subtype public_key_subtype; | ||
17 | |||
18 | /* | ||
19 | * Public key algorithm definition. | ||
20 | */ | ||
21 | struct public_key_algorithm { | ||
22 | const char *name; | ||
23 | u8 n_pub_mpi; /* Number of MPIs in public key */ | ||
24 | u8 n_sec_mpi; /* Number of MPIs in secret key */ | ||
25 | u8 n_sig_mpi; /* Number of MPIs in a signature */ | ||
26 | int (*verify_signature)(const struct public_key *key, | ||
27 | const struct public_key_signature *sig); | ||
28 | }; | ||