diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-10-14 16:39:34 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-10-14 16:39:34 -0400 |
| commit | d25282d1c9b9bc4cda7f9d3c0205108e99aa7a9d (patch) | |
| tree | f414482d768b015a609924293b779b4ad0b8f764 /include/crypto | |
| parent | b6eea87fc6850d3531a64a27d2323a4498cd4e43 (diff) | |
| parent | dbadc17683e6c673a69b236c0f041b931cc55c42 (diff) | |
Merge branch 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux
Pull module signing support from Rusty Russell:
"module signing is the highlight, but it's an all-over David Howells frenzy..."
Hmm "Magrathea: Glacier signing key". Somebody has been reading too much HHGTTG.
* 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: (37 commits)
X.509: Fix indefinite length element skip error handling
X.509: Convert some printk calls to pr_devel
asymmetric keys: fix printk format warning
MODSIGN: Fix 32-bit overflow in X.509 certificate validity date checking
MODSIGN: Make mrproper should remove generated files.
MODSIGN: Use utf8 strings in signer's name in autogenerated X.509 certs
MODSIGN: Use the same digest for the autogen key sig as for the module sig
MODSIGN: Sign modules during the build process
MODSIGN: Provide a script for generating a key ID from an X.509 cert
MODSIGN: Implement module signature checking
MODSIGN: Provide module signing public keys to the kernel
MODSIGN: Automatically generate module signing keys if missing
MODSIGN: Provide Kconfig options
MODSIGN: Provide gitignore and make clean rules for extra files
MODSIGN: Add FIPS policy
module: signature checking hook
X.509: Add a crypto key parser for binary (DER) X.509 certificates
MPILIB: Provide a function to read raw data into an MPI
X.509: Add an ASN.1 decoder
X.509: Add simple ASN.1 grammar compiler
...
Diffstat (limited to 'include/crypto')
| -rw-r--r-- | include/crypto/public_key.h | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h new file mode 100644 index 000000000000..f5b0224c9967 --- /dev/null +++ b/include/crypto/public_key.h | |||
| @@ -0,0 +1,108 @@ | |||
| 1 | /* Asymmetric public-key algorithm definitions | ||
| 2 | * | ||
| 3 | * See Documentation/crypto/asymmetric-keys.txt | ||
| 4 | * | ||
| 5 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. | ||
| 6 | * Written by David Howells (dhowells@redhat.com) | ||
| 7 | * | ||
| 8 | * This program is free software; you can redistribute it and/or | ||
| 9 | * modify it under the terms of the GNU General Public Licence | ||
| 10 | * as published by the Free Software Foundation; either version | ||
| 11 | * 2 of the Licence, or (at your option) any later version. | ||
| 12 | */ | ||
| 13 | |||
| 14 | #ifndef _LINUX_PUBLIC_KEY_H | ||
| 15 | #define _LINUX_PUBLIC_KEY_H | ||
| 16 | |||
| 17 | #include <linux/mpi.h> | ||
| 18 | |||
| 19 | enum pkey_algo { | ||
| 20 | PKEY_ALGO_DSA, | ||
| 21 | PKEY_ALGO_RSA, | ||
| 22 | PKEY_ALGO__LAST | ||
| 23 | }; | ||
| 24 | |||
| 25 | extern const char *const pkey_algo[PKEY_ALGO__LAST]; | ||
| 26 | |||
| 27 | enum pkey_hash_algo { | ||
| 28 | PKEY_HASH_MD4, | ||
| 29 | PKEY_HASH_MD5, | ||
| 30 | PKEY_HASH_SHA1, | ||
| 31 | PKEY_HASH_RIPE_MD_160, | ||
| 32 | PKEY_HASH_SHA256, | ||
| 33 | PKEY_HASH_SHA384, | ||
| 34 | PKEY_HASH_SHA512, | ||
| 35 | PKEY_HASH_SHA224, | ||
| 36 | PKEY_HASH__LAST | ||
| 37 | }; | ||
| 38 | |||
| 39 | extern const char *const pkey_hash_algo[PKEY_HASH__LAST]; | ||
| 40 | |||
| 41 | enum pkey_id_type { | ||
| 42 | PKEY_ID_PGP, /* OpenPGP generated key ID */ | ||
| 43 | PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */ | ||
| 44 | PKEY_ID_TYPE__LAST | ||
| 45 | }; | ||
| 46 | |||
| 47 | extern const char *const pkey_id_type[PKEY_ID_TYPE__LAST]; | ||
| 48 | |||
| 49 | /* | ||
| 50 | * Cryptographic data for the public-key subtype of the asymmetric key type. | ||
| 51 | * | ||
| 52 | * Note that this may include private part of the key as well as the public | ||
| 53 | * part. | ||
| 54 | */ | ||
| 55 | struct public_key { | ||
| 56 | const struct public_key_algorithm *algo; | ||
| 57 | u8 capabilities; | ||
| 58 | #define PKEY_CAN_ENCRYPT 0x01 | ||
| 59 | #define PKEY_CAN_DECRYPT 0x02 | ||
| 60 | #define PKEY_CAN_SIGN 0x04 | ||
| 61 | #define PKEY_CAN_VERIFY 0x08 | ||
| 62 | enum pkey_id_type id_type : 8; | ||
| 63 | union { | ||
| 64 | MPI mpi[5]; | ||
| 65 | struct { | ||
| 66 | MPI p; /* DSA prime */ | ||
| 67 | MPI q; /* DSA group order */ | ||
| 68 | MPI g; /* DSA group generator */ | ||
| 69 | MPI y; /* DSA public-key value = g^x mod p */ | ||
| 70 | MPI x; /* DSA secret exponent (if present) */ | ||
| 71 | } dsa; | ||
| 72 | struct { | ||
| 73 | MPI n; /* RSA public modulus */ | ||
| 74 | MPI e; /* RSA public encryption exponent */ | ||
| 75 | MPI d; /* RSA secret encryption exponent (if present) */ | ||
| 76 | MPI p; /* RSA secret prime (if present) */ | ||
| 77 | MPI q; /* RSA secret prime (if present) */ | ||
| 78 | } rsa; | ||
| 79 | }; | ||
| 80 | }; | ||
| 81 | |||
| 82 | extern void public_key_destroy(void *payload); | ||
| 83 | |||
| 84 | /* | ||
| 85 | * Public key cryptography signature data | ||
| 86 | */ | ||
| 87 | struct public_key_signature { | ||
| 88 | u8 *digest; | ||
| 89 | u8 digest_size; /* Number of bytes in digest */ | ||
| 90 | u8 nr_mpi; /* Occupancy of mpi[] */ | ||
| 91 | enum pkey_hash_algo pkey_hash_algo : 8; | ||
| 92 | union { | ||
| 93 | MPI mpi[2]; | ||
| 94 | struct { | ||
| 95 | MPI s; /* m^d mod n */ | ||
| 96 | } rsa; | ||
| 97 | struct { | ||
| 98 | MPI r; | ||
| 99 | MPI s; | ||
| 100 | } dsa; | ||
| 101 | }; | ||
| 102 | }; | ||
| 103 | |||
| 104 | struct key; | ||
| 105 | extern int verify_signature(const struct key *key, | ||
| 106 | const struct public_key_signature *sig); | ||
| 107 | |||
| 108 | #endif /* _LINUX_PUBLIC_KEY_H */ | ||