Merge 3.7-rc1 usb-linus

Sync up to a known-good point in Linus's tree to build on. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2012-10-14 18:37:29 -0400
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2012-10-14 18:37:29 -0400
commit: 1e91adf7cb0bea07c1e2548754ca5004e8da8544 (patch)
tree: 0fb2566bd25adc2a6c7123d00e3c80f63aeedaa5 /include/linux
parent: d40ce1708000fcf19c597e88c9074f442a557113 (diff)
parent: ddffeb8c4d0331609ef2581d84de4d763607bd37 (diff)
8 files changed, 344 insertions, 6 deletions
diff --git a/include/linux/asn1.h b/include/linux/asn1.h
new file mode 100644
index 000000000000..5c3f4e4b9a23
--- /dev/null
+++ b/include/linux/asn1.h
@@ -0,0 +1,67 @@
+/* ASN.1 BER/DER/CER encoding definitions
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+#ifndef _LINUX_ASN1_H
+#define _LINUX_ASN1_H
+/* Class */
+enum asn1_class {
+        ASN1_UNIV       = 0,    /* Universal */
+        ASN1_APPL       = 1,    /* Application */
+        ASN1_CONT       = 2,    /* Context */
+        ASN1_PRIV       = 3     /* Private */
+};
+#define ASN1_CLASS_BITS 0xc0
+enum asn1_method {
+        ASN1_PRIM       = 0,    /* Primitive */
+        ASN1_CONS       = 1     /* Constructed */
+};
+#define ASN1_CONS_BIT   0x20
+/* Tag */
+enum asn1_tag {
+        ASN1_EOC        = 0,    /* End Of Contents or N/A */
+        ASN1_BOOL       = 1,    /* Boolean */
+        ASN1_INT        = 2,    /* Integer */
+        ASN1_BTS        = 3,    /* Bit String */
+        ASN1_OTS        = 4,    /* Octet String */
+        ASN1_NULL       = 5,    /* Null */
+        ASN1_OID        = 6,    /* Object Identifier  */
+        ASN1_ODE        = 7,    /* Object Description */
+        ASN1_EXT        = 8,    /* External */
+        ASN1_REAL       = 9,    /* Real float */
+        ASN1_ENUM       = 10,   /* Enumerated */
+        ASN1_EPDV       = 11,   /* Embedded PDV */
+        ASN1_UTF8STR    = 12,   /* UTF8 String */
+        ASN1_RELOID     = 13,   /* Relative OID */
+        /* 14 - Reserved */
+        /* 15 - Reserved */
+        ASN1_SEQ        = 16,   /* Sequence and Sequence of */
+        ASN1_SET        = 17,   /* Set and Set of */
+        ASN1_NUMSTR     = 18,   /* Numerical String */
+        ASN1_PRNSTR     = 19,   /* Printable String */
+        ASN1_TEXSTR     = 20,   /* T61 String / Teletext String */
+        ASN1_VIDSTR     = 21,   /* Videotex String */
+        ASN1_IA5STR     = 22,   /* IA5 String */
+        ASN1_UNITIM     = 23,   /* Universal Time */
+        ASN1_GENTIM     = 24,   /* General Time */
+        ASN1_GRASTR     = 25,   /* Graphic String */
+        ASN1_VISSTR     = 26,   /* Visible String */
+        ASN1_GENSTR     = 27,   /* General String */
+        ASN1_UNISTR     = 28,   /* Universal String */
+        ASN1_CHRSTR     = 29,   /* Character String */
+        ASN1_BMPSTR     = 30,   /* BMP String */
+        ASN1_LONG_TAG   = 31    /* Long form tag */
+};
+#endif /* _LINUX_ASN1_H */
diff --git a/include/linux/asn1_ber_bytecode.h b/include/linux/asn1_ber_bytecode.h
new file mode 100644
index 000000000000..945d44ae529c
--- /dev/null
+++ b/include/linux/asn1_ber_bytecode.h
@@ -0,0 +1,87 @@
+/* ASN.1 BER/DER/CER parsing state machine internal definitions
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+#ifndef _LINUX_ASN1_BER_BYTECODE_H
+#define _LINUX_ASN1_BER_BYTECODE_H
+#ifdef __KERNEL__
+#include <linux/types.h>
+#endif
+#include <linux/asn1.h>
+typedef int (*asn1_action_t)(void *context,
+                             size_t hdrlen, /* In case of ANY type */
+                             unsigned char tag, /* In case of ANY type */
+                             const void *value, size_t vlen);
+struct asn1_decoder {
+        const unsigned char *machine;
+        size_t machlen;
+        const asn1_action_t *actions;
+};
+enum asn1_opcode {
+        /* The tag-matching ops come first and the odd-numbered slots
+         * are for OR_SKIP ops.
+         */
+#define ASN1_OP_MATCH__SKIP               0x01
+#define ASN1_OP_MATCH__ACT                0x02
+#define ASN1_OP_MATCH__JUMP               0x04
+#define ASN1_OP_MATCH__ANY                0x08
+#define ASN1_OP_MATCH__COND               0x10
+        ASN1_OP_MATCH                   = 0x00,
+        ASN1_OP_MATCH_OR_SKIP           = 0x01,
+        ASN1_OP_MATCH_ACT               = 0x02,
+        ASN1_OP_MATCH_ACT_OR_SKIP       = 0x03,
+        ASN1_OP_MATCH_JUMP              = 0x04,
+        ASN1_OP_MATCH_JUMP_OR_SKIP      = 0x05,
+        ASN1_OP_MATCH_ANY               = 0x08,
+        ASN1_OP_MATCH_ANY_ACT           = 0x0a,
+        /* Everything before here matches unconditionally */
+        ASN1_OP_COND_MATCH_OR_SKIP      = 0x11,
+        ASN1_OP_COND_MATCH_ACT_OR_SKIP  = 0x13,
+        ASN1_OP_COND_MATCH_JUMP_OR_SKIP = 0x15,
+        ASN1_OP_COND_MATCH_ANY          = 0x18,
+        ASN1_OP_COND_MATCH_ANY_ACT      = 0x1a,
+        /* Everything before here will want a tag from the data */
+#define ASN1_OP__MATCHES_TAG ASN1_OP_COND_MATCH_ANY_ACT
+        /* These are here to help fill up space */
+        ASN1_OP_COND_FAIL               = 0x1b,
+        ASN1_OP_COMPLETE                = 0x1c,
+        ASN1_OP_ACT                     = 0x1d,
+        ASN1_OP_RETURN                  = 0x1e,
+        /* The following eight have bit 0 -> SET, 1 -> OF, 2 -> ACT */
+        ASN1_OP_END_SEQ                 = 0x20,
+        ASN1_OP_END_SET                 = 0x21,
+        ASN1_OP_END_SEQ_OF              = 0x22,
+        ASN1_OP_END_SET_OF              = 0x23,
+        ASN1_OP_END_SEQ_ACT             = 0x24,
+        ASN1_OP_END_SET_ACT             = 0x25,
+        ASN1_OP_END_SEQ_OF_ACT          = 0x26,
+        ASN1_OP_END_SET_OF_ACT          = 0x27,
+#define ASN1_OP_END__SET                  0x01
+#define ASN1_OP_END__OF                   0x02
+#define ASN1_OP_END__ACT                  0x04
+        ASN1_OP__NR
+};
+#define _tag(CLASS, CP, TAG) ((ASN1_##CLASS << 6) | (ASN1_##CP << 5) | ASN1_##TAG)
+#define _tagn(CLASS, CP, TAG) ((ASN1_##CLASS << 6) | (ASN1_##CP << 5) | TAG)
+#define _jump_target(N) (N)
+#define _action(N) (N)
+#endif /* _LINUX_ASN1_BER_BYTECODE_H */
diff --git a/include/linux/asn1_decoder.h b/include/linux/asn1_decoder.h
new file mode 100644
index 000000000000..fa2ff5bc0483
--- /dev/null
+++ b/include/linux/asn1_decoder.h
@@ -0,0 +1,24 @@
+/* ASN.1 decoder
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+#ifndef _LINUX_ASN1_DECODER_H
+#define _LINUX_ASN1_DECODER_H
+#include <linux/asn1.h>
+struct asn1_decoder;
+extern int asn1_ber_decoder(const struct asn1_decoder *decoder,
+                            void *context,
+                            const unsigned char *data,
+                            size_t datalen);
+#endif /* _LINUX_ASN1_DECODER_H */
diff --git a/include/linux/key-type.h b/include/linux/key-type.h
index f0c651cda7b0..518a53afb9ea 100644
--- a/include/linux/key-type.h
+++ b/include/linux/key-type.h
@@ -26,6 +26,27 @@ struct key_construction {
        struct key      *authkey;/* authorisation for key being constructed */
 };
+/*
+ * Pre-parsed payload, used by key add, update and instantiate.
+ *
+ * This struct will be cleared and data and datalen will be set with the data
+ * and length parameters from the caller and quotalen will be set from
+ * def_datalen from the key type.  Then if the preparse() op is provided by the
+ * key type, that will be called.  Then the struct will be passed to the
+ * instantiate() or the update() op.
+ *
+ * If the preparse() op is given, the free_preparse() op will be called to
+ * clear the contents.
+ */
+struct key_preparsed_payload {
+        char            *description;   /* Proposed key description (or NULL) */
+        void            *type_data[2];  /* Private key-type data */
+        void            *payload;       /* Proposed payload */
+        const void      *data;          /* Raw data */
+        size_t          datalen;        /* Raw datalen */
+        size_t          quotalen;       /* Quota length for proposed payload */
+};
 typedef int (*request_key_actor_t)(struct key_construction *key,
                                   const char *op, void *aux);
@@ -45,18 +66,28 @@ struct key_type {
        /* vet a description */
        int (*vet_description)(const char *description);
+        /* Preparse the data blob from userspace that is to be the payload,
+         * generating a proposed description and payload that will be handed to
+         * the instantiate() and update() ops.
+         */
+        int (*preparse)(struct key_preparsed_payload *prep);
+        /* Free a preparse data structure.
+         */
+        void (*free_preparse)(struct key_preparsed_payload *prep);
        /* instantiate a key of this type
         * - this method should call key_payload_reserve() to determine if the
         *   user's quota will hold the payload
         */
-        int (*instantiate)(struct key *key, const void *data, size_t datalen);
+        int (*instantiate)(struct key *key, struct key_preparsed_payload *prep);
        /* update a key of this type (optional)
         * - this method should call key_payload_reserve() to recalculate the
         *   quota consumption
         * - the key must be locked against read when modifying
         */
-        int (*update)(struct key *key, const void *data, size_t datalen);
+        int (*update)(struct key *key, struct key_preparsed_payload *prep);
        /* match a key against a description */
        int (*match)(const struct key *key, const void *desc);
diff --git a/include/linux/module.h b/include/linux/module.h
index fbcafe2ee13e..7760c6d344a3 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -21,6 +21,9 @@
 #include <linux/percpu.h>
 #include <asm/module.h>
+/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
+#define MODULE_SIG_STRING "~Module signature appended~\n"
 /* Not Yet Implemented */
 #define MODULE_SUPPORTED_DEVICE(name)
@@ -260,6 +263,11 @@ struct module
        const unsigned long *unused_gpl_crcs;
 #endif
+#ifdef CONFIG_MODULE_SIG
+        /* Signature was verified. */
+        bool sig_ok;
+#endif
        /* symbols that will be GPL-only in the near future. */
        const struct kernel_symbol *gpl_future_syms;
        const unsigned long *gpl_future_crcs;
diff --git a/include/linux/moduleloader.h b/include/linux/moduleloader.h
index b2be02ebf453..560ca53a75fa 100644
--- a/include/linux/moduleloader.h
+++ b/include/linux/moduleloader.h
@@ -28,21 +28,49 @@ void *module_alloc(unsigned long size);
 /* Free memory returned from module_alloc. */
 void module_free(struct module *mod, void *module_region);
-/* Apply the given relocation to the (simplified) ELF.  Return -error
+/*
-   or 0. */
+ * Apply the given relocation to the (simplified) ELF.  Return -error
+ * or 0.
+ */
+#ifdef CONFIG_MODULES_USE_ELF_REL
 int apply_relocate(Elf_Shdr *sechdrs,
                   const char *strtab,
                   unsigned int symindex,
                   unsigned int relsec,
                   struct module *mod);
+#else
+static inline int apply_relocate(Elf_Shdr *sechdrs,
+                                 const char *strtab,
+                                 unsigned int symindex,
+                                 unsigned int relsec,
+                                 struct module *me)
+{
+        printk(KERN_ERR "module %s: REL relocation unsupported\n", me->name);
+        return -ENOEXEC;
+}
+#endif
-/* Apply the given add relocation to the (simplified) ELF.  Return
+/*
-   -error or 0 */
+ * Apply the given add relocation to the (simplified) ELF.  Return
+ * -error or 0
+ */
+#ifdef CONFIG_MODULES_USE_ELF_RELA
 int apply_relocate_add(Elf_Shdr *sechdrs,
                       const char *strtab,
                       unsigned int symindex,
                       unsigned int relsec,
                       struct module *mod);
+#else
+static inline int apply_relocate_add(Elf_Shdr *sechdrs,
+                                     const char *strtab,
+                                     unsigned int symindex,
+                                     unsigned int relsec,
+                                     struct module *me)
+{
+        printk(KERN_ERR "module %s: REL relocation unsupported\n", me->name);
+        return -ENOEXEC;
+}
+#endif
 /* Any final processing of module before access.  Return -error or 0. */
 int module_finalize(const Elf_Ehdr *hdr,
diff --git a/include/linux/mpi.h b/include/linux/mpi.h
index d02cca6cc8ce..5af1b81def49 100644
--- a/include/linux/mpi.h
+++ b/include/linux/mpi.h
@@ -76,6 +76,7 @@ void mpi_swap(MPI a, MPI b);
 /*-- mpicoder.c --*/
 MPI do_encode_md(const void *sha_buffer, unsigned nbits);
+MPI mpi_read_raw_data(const void *xbuffer, size_t nbytes);
 MPI mpi_read_from_buffer(const void *buffer, unsigned *ret_nread);
 int mpi_fromstr(MPI val, const char *str);
 u32 mpi_get_keyid(MPI a, u32 *keyid);
diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
new file mode 100644
index 000000000000..6926db724258
--- /dev/null
+++ b/include/linux/oid_registry.h
@@ -0,0 +1,92 @@
+/* ASN.1 Object identifier (OID) registry
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+#ifndef _LINUX_OID_REGISTRY_H
+#define _LINUX_OID_REGISTRY_H
+#include <linux/types.h>
+/*
+ * OIDs are turned into these values if possible, or OID__NR if not held here.
+ *
+ * NOTE!  Do not mess with the format of each line as this is read by
+ *        build_OID_registry.pl to generate the data for look_up_OID().
+ */
+enum OID {
+        OID_id_dsa_with_sha1,           /* 1.2.840.10030.4.3 */
+        OID_id_dsa,                     /* 1.2.840.10040.4.1 */
+        OID_id_ecdsa_with_sha1,         /* 1.2.840.10045.4.1 */
+        OID_id_ecPublicKey,             /* 1.2.840.10045.2.1 */
+        /* PKCS#1 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)} */
+        OID_rsaEncryption,              /* 1.2.840.113549.1.1.1 */
+        OID_md2WithRSAEncryption,       /* 1.2.840.113549.1.1.2 */
+        OID_md3WithRSAEncryption,       /* 1.2.840.113549.1.1.3 */
+        OID_md4WithRSAEncryption,       /* 1.2.840.113549.1.1.4 */
+        OID_sha1WithRSAEncryption,      /* 1.2.840.113549.1.1.5 */
+        OID_sha256WithRSAEncryption,    /* 1.2.840.113549.1.1.11 */
+        OID_sha384WithRSAEncryption,    /* 1.2.840.113549.1.1.12 */
+        OID_sha512WithRSAEncryption,    /* 1.2.840.113549.1.1.13 */
+        OID_sha224WithRSAEncryption,    /* 1.2.840.113549.1.1.14 */
+        /* PKCS#7 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-7(7)} */
+        OID_data,                       /* 1.2.840.113549.1.7.1 */
+        OID_signed_data,                /* 1.2.840.113549.1.7.2 */
+        /* PKCS#9 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)} */
+        OID_email_address,              /* 1.2.840.113549.1.9.1 */
+        OID_content_type,               /* 1.2.840.113549.1.9.3 */
+        OID_messageDigest,              /* 1.2.840.113549.1.9.4 */
+        OID_signingTime,                /* 1.2.840.113549.1.9.5 */
+        OID_smimeCapabilites,           /* 1.2.840.113549.1.9.15 */
+        OID_smimeAuthenticatedAttrs,    /* 1.2.840.113549.1.9.16.2.11 */
+        /* {iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2)} */
+        OID_md2,                        /* 1.2.840.113549.2.2 */
+        OID_md4,                        /* 1.2.840.113549.2.4 */
+        OID_md5,                        /* 1.2.840.113549.2.5 */
+        OID_certAuthInfoAccess,         /* 1.3.6.1.5.5.7.1.1 */
+        OID_msOutlookExpress,           /* 1.3.6.1.4.1.311.16.4 */
+        OID_sha1,                       /* 1.3.14.3.2.26 */
+        /* Distinguished Name attribute IDs [RFC 2256] */
+        OID_commonName,                 /* 2.5.4.3 */
+        OID_surname,                    /* 2.5.4.4 */
+        OID_countryName,                /* 2.5.4.6 */
+        OID_locality,                   /* 2.5.4.7 */
+        OID_stateOrProvinceName,        /* 2.5.4.8 */
+        OID_organizationName,           /* 2.5.4.10 */
+        OID_organizationUnitName,       /* 2.5.4.11 */
+        OID_title,                      /* 2.5.4.12 */
+        OID_description,                /* 2.5.4.13 */
+        OID_name,                       /* 2.5.4.41 */
+        OID_givenName,                  /* 2.5.4.42 */
+        OID_initials,                   /* 2.5.4.43 */
+        OID_generationalQualifier,      /* 2.5.4.44 */
+        /* Certificate extension IDs */
+        OID_subjectKeyIdentifier,       /* 2.5.29.14 */
+        OID_keyUsage,                   /* 2.5.29.15 */
+        OID_subjectAltName,             /* 2.5.29.17 */
+        OID_issuerAltName,              /* 2.5.29.18 */
+        OID_basicConstraints,           /* 2.5.29.19 */
+        OID_crlDistributionPoints,      /* 2.5.29.31 */
+        OID_certPolicies,               /* 2.5.29.32 */
+        OID_authorityKeyIdentifier,     /* 2.5.29.35 */
+        OID_extKeyUsage,                /* 2.5.29.37 */
+        OID__NR
+};
+extern enum OID look_up_OID(const void *data, size_t datasize);
+extern int sprint_oid(const void *, size_t, char *, size_t);
+extern int sprint_OID(enum OID, char *, size_t);
+#endif /* _LINUX_OID_REGISTRY_H */
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-10-14 18:37:29 -0400
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-10-14 18:37:29 -0400
commit	1e91adf7cb0bea07c1e2548754ca5004e8da8544 (patch)
tree	0fb2566bd25adc2a6c7123d00e3c80f63aeedaa5 /include/linux
parent	d40ce1708000fcf19c597e88c9074f442a557113 (diff)
parent	ddffeb8c4d0331609ef2581d84de4d763607bd37 (diff)

diff --git a/include/linux/asn1.h b/include/linux/asn1.h new file mode 100644 index 000000000000..5c3f4e4b9a23 --- /dev/null +++ b/include/linux/asn1.h
@@ -0,0 +1,67 @@
		1	/* ASN.1 BER/DER/CER encoding definitions
		2	*
		3	* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
		4	* Written by David Howells (dhowells@redhat.com)
		5	*
		6	* This program is free software; you can redistribute it and/or
		7	* modify it under the terms of the GNU General Public Licence
		8	* as published by the Free Software Foundation; either version
		9	* 2 of the Licence, or (at your option) any later version.
		10	*/
		11
		12	#ifndef _LINUX_ASN1_H
		13	#define _LINUX_ASN1_H
		14
		15	/* Class */
		16	enum asn1_class {
		17	ASN1_UNIV = 0, /* Universal */
		18	ASN1_APPL = 1, /* Application */
		19	ASN1_CONT = 2, /* Context */
		20	ASN1_PRIV = 3 /* Private */
		21	};
		22	#define ASN1_CLASS_BITS 0xc0
		23
		24
		25	enum asn1_method {
		26	ASN1_PRIM = 0, /* Primitive */
		27	ASN1_CONS = 1 /* Constructed */
		28	};
		29	#define ASN1_CONS_BIT 0x20
		30
		31	/* Tag */
		32	enum asn1_tag {
		33	ASN1_EOC = 0, /* End Of Contents or N/A */
		34	ASN1_BOOL = 1, /* Boolean */
		35	ASN1_INT = 2, /* Integer */
		36	ASN1_BTS = 3, /* Bit String */
		37	ASN1_OTS = 4, /* Octet String */
		38	ASN1_NULL = 5, /* Null */
		39	ASN1_OID = 6, /* Object Identifier */
		40	ASN1_ODE = 7, /* Object Description */
		41	ASN1_EXT = 8, /* External */
		42	ASN1_REAL = 9, /* Real float */
		43	ASN1_ENUM = 10, /* Enumerated */
		44	ASN1_EPDV = 11, /* Embedded PDV */
		45	ASN1_UTF8STR = 12, /* UTF8 String */
		46	ASN1_RELOID = 13, /* Relative OID */
		47	/* 14 - Reserved */
		48	/* 15 - Reserved */
		49	ASN1_SEQ = 16, /* Sequence and Sequence of */
		50	ASN1_SET = 17, /* Set and Set of */
		51	ASN1_NUMSTR = 18, /* Numerical String */
		52	ASN1_PRNSTR = 19, /* Printable String */
		53	ASN1_TEXSTR = 20, /* T61 String / Teletext String */
		54	ASN1_VIDSTR = 21, /* Videotex String */
		55	ASN1_IA5STR = 22, /* IA5 String */
		56	ASN1_UNITIM = 23, /* Universal Time */
		57	ASN1_GENTIM = 24, /* General Time */
		58	ASN1_GRASTR = 25, /* Graphic String */
		59	ASN1_VISSTR = 26, /* Visible String */
		60	ASN1_GENSTR = 27, /* General String */
		61	ASN1_UNISTR = 28, /* Universal String */
		62	ASN1_CHRSTR = 29, /* Character String */
		63	ASN1_BMPSTR = 30, /* BMP String */
		64	ASN1_LONG_TAG = 31 /* Long form tag */
		65	};
		66
		67	#endif /* _LINUX_ASN1_H */


diff --git a/include/linux/asn1_ber_bytecode.h b/include/linux/asn1_ber_bytecode.h new file mode 100644 index 000000000000..945d44ae529c --- /dev/null +++ b/include/linux/asn1_ber_bytecode.h
@@ -0,0 +1,87 @@
		1	/* ASN.1 BER/DER/CER parsing state machine internal definitions
		2	*
		3	* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
		4	* Written by David Howells (dhowells@redhat.com)
		5	*
		6	* This program is free software; you can redistribute it and/or
		7	* modify it under the terms of the GNU General Public Licence
		8	* as published by the Free Software Foundation; either version
		9	* 2 of the Licence, or (at your option) any later version.
		10	*/
		11
		12	#ifndef _LINUX_ASN1_BER_BYTECODE_H
		13	#define _LINUX_ASN1_BER_BYTECODE_H
		14
		15	#ifdef __KERNEL__
		16	#include <linux/types.h>
		17	#endif
		18	#include <linux/asn1.h>
		19
		20	typedef int (asn1_action_t)(void context,
		21	size_t hdrlen, /* In case of ANY type */
		22	unsigned char tag, /* In case of ANY type */
		23	const void *value, size_t vlen);
		24
		25	struct asn1_decoder {
		26	const unsigned char *machine;
		27	size_t machlen;
		28	const asn1_action_t *actions;
		29	};
		30
		31	enum asn1_opcode {
		32	/* The tag-matching ops come first and the odd-numbered slots
		33	* are for OR_SKIP ops.
		34	*/
		35	#define ASN1_OP_MATCH__SKIP 0x01
		36	#define ASN1_OP_MATCH__ACT 0x02
		37	#define ASN1_OP_MATCH__JUMP 0x04
		38	#define ASN1_OP_MATCH__ANY 0x08
		39	#define ASN1_OP_MATCH__COND 0x10
		40
		41	ASN1_OP_MATCH = 0x00,
		42	ASN1_OP_MATCH_OR_SKIP = 0x01,
		43	ASN1_OP_MATCH_ACT = 0x02,
		44	ASN1_OP_MATCH_ACT_OR_SKIP = 0x03,
		45	ASN1_OP_MATCH_JUMP = 0x04,
		46	ASN1_OP_MATCH_JUMP_OR_SKIP = 0x05,
		47	ASN1_OP_MATCH_ANY = 0x08,
		48	ASN1_OP_MATCH_ANY_ACT = 0x0a,
		49	/* Everything before here matches unconditionally */
		50
		51	ASN1_OP_COND_MATCH_OR_SKIP = 0x11,
		52	ASN1_OP_COND_MATCH_ACT_OR_SKIP = 0x13,
		53	ASN1_OP_COND_MATCH_JUMP_OR_SKIP = 0x15,
		54	ASN1_OP_COND_MATCH_ANY = 0x18,
		55	ASN1_OP_COND_MATCH_ANY_ACT = 0x1a,
		56
		57	/* Everything before here will want a tag from the data */
		58	#define ASN1_OP__MATCHES_TAG ASN1_OP_COND_MATCH_ANY_ACT
		59
		60	/* These are here to help fill up space */
		61	ASN1_OP_COND_FAIL = 0x1b,
		62	ASN1_OP_COMPLETE = 0x1c,
		63	ASN1_OP_ACT = 0x1d,
		64	ASN1_OP_RETURN = 0x1e,
		65
		66	/* The following eight have bit 0 -> SET, 1 -> OF, 2 -> ACT */
		67	ASN1_OP_END_SEQ = 0x20,
		68	ASN1_OP_END_SET = 0x21,
		69	ASN1_OP_END_SEQ_OF = 0x22,
		70	ASN1_OP_END_SET_OF = 0x23,
		71	ASN1_OP_END_SEQ_ACT = 0x24,
		72	ASN1_OP_END_SET_ACT = 0x25,
		73	ASN1_OP_END_SEQ_OF_ACT = 0x26,
		74	ASN1_OP_END_SET_OF_ACT = 0x27,
		75	#define ASN1_OP_END__SET 0x01
		76	#define ASN1_OP_END__OF 0x02
		77	#define ASN1_OP_END__ACT 0x04
		78
		79	ASN1_OP__NR
		80	};
		81
		82	#define _tag(CLASS, CP, TAG) ((ASN1_##CLASS << 6) \| (ASN1_##CP << 5) \| ASN1_##TAG)
		83	#define _tagn(CLASS, CP, TAG) ((ASN1_##CLASS << 6) \| (ASN1_##CP << 5) \| TAG)
		84	#define _jump_target(N) (N)
		85	#define _action(N) (N)
		86
		87	#endif /* _LINUX_ASN1_BER_BYTECODE_H */


diff --git a/include/linux/asn1_decoder.h b/include/linux/asn1_decoder.h new file mode 100644 index 000000000000..fa2ff5bc0483 --- /dev/null +++ b/include/linux/asn1_decoder.h
@@ -0,0 +1,24 @@
		1	/* ASN.1 decoder
		2	*
		3	* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
		4	* Written by David Howells (dhowells@redhat.com)
		5	*
		6	* This program is free software; you can redistribute it and/or
		7	* modify it under the terms of the GNU General Public Licence
		8	* as published by the Free Software Foundation; either version
		9	* 2 of the Licence, or (at your option) any later version.
		10	*/
		11
		12	#ifndef _LINUX_ASN1_DECODER_H
		13	#define _LINUX_ASN1_DECODER_H
		14
		15	#include <linux/asn1.h>
		16
		17	struct asn1_decoder;
		18
		19	extern int asn1_ber_decoder(const struct asn1_decoder *decoder,
		20	void *context,
		21	const unsigned char *data,
		22	size_t datalen);
		23
		24	#endif /* _LINUX_ASN1_DECODER_H */


diff --git a/include/linux/key-type.h b/include/linux/key-type.h index f0c651cda7b0..518a53afb9ea 100644 --- a/include/linux/key-type.h +++ b/include/linux/key-type.h
@@ -26,6 +26,27 @@ struct key_construction {
26	struct key authkey;/ authorisation for key being constructed */	26	struct key authkey;/ authorisation for key being constructed */
27	};	27	};
28		28
		29	/*
		30	* Pre-parsed payload, used by key add, update and instantiate.
		31	*
		32	* This struct will be cleared and data and datalen will be set with the data
		33	* and length parameters from the caller and quotalen will be set from
		34	* def_datalen from the key type. Then if the preparse() op is provided by the
		35	* key type, that will be called. Then the struct will be passed to the
		36	* instantiate() or the update() op.
		37	*
		38	* If the preparse() op is given, the free_preparse() op will be called to
		39	* clear the contents.
		40	*/
		41	struct key_preparsed_payload {
		42	char description; / Proposed key description (or NULL) */
		43	void type_data[2]; / Private key-type data */
		44	void payload; / Proposed payload */
		45	const void data; / Raw data */
		46	size_t datalen; /* Raw datalen */
		47	size_t quotalen; /* Quota length for proposed payload */
		48	};
		49
29	typedef int (request_key_actor_t)(struct key_construction key,	50	typedef int (request_key_actor_t)(struct key_construction key,
30	const char op, void aux);	51	const char op, void aux);
31		52
@@ -45,18 +66,28 @@ struct key_type {
45	/* vet a description */	66	/* vet a description */
46	int (vet_description)(const char description);	67	int (vet_description)(const char description);
47		68
		69	/* Preparse the data blob from userspace that is to be the payload,
		70	* generating a proposed description and payload that will be handed to
		71	* the instantiate() and update() ops.
		72	*/
		73	int (preparse)(struct key_preparsed_payload prep);
		74
		75	/* Free a preparse data structure.
		76	*/
		77	void (free_preparse)(struct key_preparsed_payload prep);
		78
48	/* instantiate a key of this type	79	/* instantiate a key of this type
49	* - this method should call key_payload_reserve() to determine if the	80	* - this method should call key_payload_reserve() to determine if the
50	* user's quota will hold the payload	81	* user's quota will hold the payload
51	*/	82	*/
52	int (instantiate)(struct key key, const void *data, size_t datalen);	83	int (instantiate)(struct key key, struct key_preparsed_payload *prep);
53		84
54	/* update a key of this type (optional)	85	/* update a key of this type (optional)
55	* - this method should call key_payload_reserve() to recalculate the	86	* - this method should call key_payload_reserve() to recalculate the
56	* quota consumption	87	* quota consumption
57	* - the key must be locked against read when modifying	88	* - the key must be locked against read when modifying
58	*/	89	*/
59	int (update)(struct key key, const void *data, size_t datalen);	90	int (update)(struct key key, struct key_preparsed_payload *prep);
60		91
61	/* match a key against a description */	92	/* match a key against a description */
62	int (match)(const struct key key, const void *desc);	93	int (match)(const struct key key, const void *desc);


diff --git a/include/linux/module.h b/include/linux/module.h index fbcafe2ee13e..7760c6d344a3 100644 --- a/include/linux/module.h +++ b/include/linux/module.h
@@ -21,6 +21,9 @@
21	#include <linux/percpu.h>	21	#include <linux/percpu.h>
22	#include <asm/module.h>	22	#include <asm/module.h>
23		23
		24	/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
		25	#define MODULE_SIG_STRING "~Module signature appended~\n"
		26
24	/* Not Yet Implemented */	27	/* Not Yet Implemented */
25	#define MODULE_SUPPORTED_DEVICE(name)	28	#define MODULE_SUPPORTED_DEVICE(name)
26		29
@@ -260,6 +263,11 @@ struct module
260	const unsigned long *unused_gpl_crcs;	263	const unsigned long *unused_gpl_crcs;
261	#endif	264	#endif
262		265
		266	#ifdef CONFIG_MODULE_SIG
		267	/* Signature was verified. */
		268	bool sig_ok;
		269	#endif
		270
263	/* symbols that will be GPL-only in the near future. */	271	/* symbols that will be GPL-only in the near future. */
264	const struct kernel_symbol *gpl_future_syms;	272	const struct kernel_symbol *gpl_future_syms;
265	const unsigned long *gpl_future_crcs;	273	const unsigned long *gpl_future_crcs;


diff --git a/include/linux/moduleloader.h b/include/linux/moduleloader.h index b2be02ebf453..560ca53a75fa 100644 --- a/include/linux/moduleloader.h +++ b/include/linux/moduleloader.h
@@ -28,21 +28,49 @@ void *module_alloc(unsigned long size);
28	/* Free memory returned from module_alloc. */	28	/* Free memory returned from module_alloc. */
29	void module_free(struct module mod, void module_region);	29	void module_free(struct module mod, void module_region);
30		30
31	/* Apply the given relocation to the (simplified) ELF. Return -error	31	/*
32	or 0. */	32	* Apply the given relocation to the (simplified) ELF. Return -error
		33	* or 0.
		34	*/
		35	#ifdef CONFIG_MODULES_USE_ELF_REL
33	int apply_relocate(Elf_Shdr *sechdrs,	36	int apply_relocate(Elf_Shdr *sechdrs,
34	const char *strtab,	37	const char *strtab,
35	unsigned int symindex,	38	unsigned int symindex,
36	unsigned int relsec,	39	unsigned int relsec,
37	struct module *mod);	40	struct module *mod);
		41	#else
		42	static inline int apply_relocate(Elf_Shdr *sechdrs,
		43	const char *strtab,
		44	unsigned int symindex,
		45	unsigned int relsec,
		46	struct module *me)
		47	{
		48	printk(KERN_ERR "module %s: REL relocation unsupported\n", me->name);
		49	return -ENOEXEC;
		50	}
		51	#endif
38		52
39	/* Apply the given add relocation to the (simplified) ELF. Return	53	/*
40	-error or 0 */	54	* Apply the given add relocation to the (simplified) ELF. Return
		55	* -error or 0
		56	*/
		57	#ifdef CONFIG_MODULES_USE_ELF_RELA
41	int apply_relocate_add(Elf_Shdr *sechdrs,	58	int apply_relocate_add(Elf_Shdr *sechdrs,
42	const char *strtab,	59	const char *strtab,
43	unsigned int symindex,	60	unsigned int symindex,
44	unsigned int relsec,	61	unsigned int relsec,
45	struct module *mod);	62	struct module *mod);
		63	#else
		64	static inline int apply_relocate_add(Elf_Shdr *sechdrs,
		65	const char *strtab,
		66	unsigned int symindex,
		67	unsigned int relsec,
		68	struct module *me)
		69	{
		70	printk(KERN_ERR "module %s: REL relocation unsupported\n", me->name);
		71	return -ENOEXEC;
		72	}
		73	#endif
46		74
47	/* Any final processing of module before access. Return -error or 0. */	75	/* Any final processing of module before access. Return -error or 0. */
48	int module_finalize(const Elf_Ehdr *hdr,	76	int module_finalize(const Elf_Ehdr *hdr,


diff --git a/include/linux/mpi.h b/include/linux/mpi.h index d02cca6cc8ce..5af1b81def49 100644 --- a/include/linux/mpi.h +++ b/include/linux/mpi.h
@@ -76,6 +76,7 @@ void mpi_swap(MPI a, MPI b);
76		76
77	/-- mpicoder.c --/	77	/-- mpicoder.c --/
78	MPI do_encode_md(const void *sha_buffer, unsigned nbits);	78	MPI do_encode_md(const void *sha_buffer, unsigned nbits);
		79	MPI mpi_read_raw_data(const void *xbuffer, size_t nbytes);
79	MPI mpi_read_from_buffer(const void buffer, unsigned ret_nread);	80	MPI mpi_read_from_buffer(const void buffer, unsigned ret_nread);
80	int mpi_fromstr(MPI val, const char *str);	81	int mpi_fromstr(MPI val, const char *str);
81	u32 mpi_get_keyid(MPI a, u32 *keyid);	82	u32 mpi_get_keyid(MPI a, u32 *keyid);


diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h new file mode 100644 index 000000000000..6926db724258 --- /dev/null +++ b/include/linux/oid_registry.h
@@ -0,0 +1,92 @@
		1	/* ASN.1 Object identifier (OID) registry
		2	*
		3	* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
		4	* Written by David Howells (dhowells@redhat.com)
		5	*
		6	* This program is free software; you can redistribute it and/or
		7	* modify it under the terms of the GNU General Public Licence
		8	* as published by the Free Software Foundation; either version
		9	* 2 of the Licence, or (at your option) any later version.
		10	*/
		11
		12	#ifndef _LINUX_OID_REGISTRY_H
		13	#define _LINUX_OID_REGISTRY_H
		14
		15	#include <linux/types.h>
		16
		17	/*
		18	* OIDs are turned into these values if possible, or OID__NR if not held here.
		19	*
		20	* NOTE! Do not mess with the format of each line as this is read by
		21	* build_OID_registry.pl to generate the data for look_up_OID().
		22	*/
		23	enum OID {
		24	OID_id_dsa_with_sha1, /* 1.2.840.10030.4.3 */
		25	OID_id_dsa, /* 1.2.840.10040.4.1 */
		26	OID_id_ecdsa_with_sha1, /* 1.2.840.10045.4.1 */
		27	OID_id_ecPublicKey, /* 1.2.840.10045.2.1 */
		28
		29	/* PKCS#1 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)} */
		30	OID_rsaEncryption, /* 1.2.840.113549.1.1.1 */
		31	OID_md2WithRSAEncryption, /* 1.2.840.113549.1.1.2 */
		32	OID_md3WithRSAEncryption, /* 1.2.840.113549.1.1.3 */
		33	OID_md4WithRSAEncryption, /* 1.2.840.113549.1.1.4 */
		34	OID_sha1WithRSAEncryption, /* 1.2.840.113549.1.1.5 */
		35	OID_sha256WithRSAEncryption, /* 1.2.840.113549.1.1.11 */
		36	OID_sha384WithRSAEncryption, /* 1.2.840.113549.1.1.12 */
		37	OID_sha512WithRSAEncryption, /* 1.2.840.113549.1.1.13 */
		38	OID_sha224WithRSAEncryption, /* 1.2.840.113549.1.1.14 */
		39	/* PKCS#7 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-7(7)} */
		40	OID_data, /* 1.2.840.113549.1.7.1 */
		41	OID_signed_data, /* 1.2.840.113549.1.7.2 */
		42	/* PKCS#9 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)} */
		43	OID_email_address, /* 1.2.840.113549.1.9.1 */
		44	OID_content_type, /* 1.2.840.113549.1.9.3 */
		45	OID_messageDigest, /* 1.2.840.113549.1.9.4 */
		46	OID_signingTime, /* 1.2.840.113549.1.9.5 */
		47	OID_smimeCapabilites, /* 1.2.840.113549.1.9.15 */
		48	OID_smimeAuthenticatedAttrs, /* 1.2.840.113549.1.9.16.2.11 */
		49
		50	/* {iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2)} */
		51	OID_md2, /* 1.2.840.113549.2.2 */
		52	OID_md4, /* 1.2.840.113549.2.4 */
		53	OID_md5, /* 1.2.840.113549.2.5 */
		54
		55	OID_certAuthInfoAccess, /* 1.3.6.1.5.5.7.1.1 */
		56	OID_msOutlookExpress, /* 1.3.6.1.4.1.311.16.4 */
		57	OID_sha1, /* 1.3.14.3.2.26 */
		58
		59	/* Distinguished Name attribute IDs [RFC 2256] */
		60	OID_commonName, /* 2.5.4.3 */
		61	OID_surname, /* 2.5.4.4 */
		62	OID_countryName, /* 2.5.4.6 */
		63	OID_locality, /* 2.5.4.7 */
		64	OID_stateOrProvinceName, /* 2.5.4.8 */
		65	OID_organizationName, /* 2.5.4.10 */
		66	OID_organizationUnitName, /* 2.5.4.11 */
		67	OID_title, /* 2.5.4.12 */
		68	OID_description, /* 2.5.4.13 */
		69	OID_name, /* 2.5.4.41 */
		70	OID_givenName, /* 2.5.4.42 */
		71	OID_initials, /* 2.5.4.43 */
		72	OID_generationalQualifier, /* 2.5.4.44 */
		73
		74	/* Certificate extension IDs */
		75	OID_subjectKeyIdentifier, /* 2.5.29.14 */
		76	OID_keyUsage, /* 2.5.29.15 */
		77	OID_subjectAltName, /* 2.5.29.17 */
		78	OID_issuerAltName, /* 2.5.29.18 */
		79	OID_basicConstraints, /* 2.5.29.19 */
		80	OID_crlDistributionPoints, /* 2.5.29.31 */
		81	OID_certPolicies, /* 2.5.29.32 */
		82	OID_authorityKeyIdentifier, /* 2.5.29.35 */
		83	OID_extKeyUsage, /* 2.5.29.37 */
		84
		85	OID__NR
		86	};
		87
		88	extern enum OID look_up_OID(const void *data, size_t datasize);
		89	extern int sprint_oid(const void , size_t, char , size_t);
		90	extern int sprint_OID(enum OID, char *, size_t);
		91
		92	#endif /* _LINUX_OID_REGISTRY_H */