aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorDmitry Kasatkin <dmitry.kasatkin@intel.com>2011-10-14 08:25:16 -0400
committerDmitry Kasatkin <dmitry.kasatkin@intel.com>2011-11-09 05:10:37 -0500
commit051dbb918c7fb7da8e64a2cd0d804ba73399709f (patch)
tree34d547e74ef6edb7feeda4a8291b221cc016c393 /include
parent7e8dec918ef8e0f68b4937c3c50fa57002077a4d (diff)
crypto: digital signature verification support
This patch implements RSA digital signature verification using GnuPG library. The format of the signature and the public key is defined by their respective headers. The signature header contains version information, algorithm, and keyid, which was used to generate the signature. The key header contains version and algorythim type. The payload of the signature and the key are multi-precision integers. The signing and key management utilities evm-utils provide functionality to generate signatures and load keys into the kernel keyring. When the key is added to the kernel keyring, the keyid defines the name of the key. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Acked-by: Mimi Zohar <zohar@us.ibm.com>
Diffstat (limited to 'include')
-rw-r--r--include/linux/digsig.h64
1 files changed, 64 insertions, 0 deletions
diff --git a/include/linux/digsig.h b/include/linux/digsig.h
new file mode 100644
index 000000000000..efae755017d7
--- /dev/null
+++ b/include/linux/digsig.h
@@ -0,0 +1,64 @@
1/*
2 * Copyright (C) 2011 Nokia Corporation
3 * Copyright (C) 2011 Intel Corporation
4 *
5 * Author:
6 * Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
7 * <dmitry.kasatkin@intel.com>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation, version 2 of the License.
12 *
13 */
14
15#ifndef _DIGSIG_H
16#define _DIGSIG_H
17
18#include <linux/key.h>
19
20enum pubkey_algo {
21 PUBKEY_ALGO_RSA,
22 PUBKEY_ALGO_MAX,
23};
24
25enum digest_algo {
26 DIGEST_ALGO_SHA1,
27 DIGEST_ALGO_SHA256,
28 DIGEST_ALGO_MAX
29};
30
31struct pubkey_hdr {
32 uint8_t version; /* key format version */
33 time_t timestamp; /* key made, always 0 for now */
34 uint8_t algo;
35 uint8_t nmpi;
36 char mpi[0];
37} __packed;
38
39struct signature_hdr {
40 uint8_t version; /* signature format version */
41 time_t timestamp; /* signature made */
42 uint8_t algo;
43 uint8_t hash;
44 uint8_t keyid[8];
45 uint8_t nmpi;
46 char mpi[0];
47} __packed;
48
49#if defined(CONFIG_DIGSIG) || defined(CONFIG_DIGSIG_MODULE)
50
51int digsig_verify(struct key *keyring, const char *sig, int siglen,
52 const char *digest, int digestlen);
53
54#else
55
56static inline int digsig_verify(struct key *keyring, const char *sig,
57 int siglen, const char *digest, int digestlen)
58{
59 return -EOPNOTSUPP;
60}
61
62#endif /* CONFIG_DIGSIG */
63
64#endif /* _DIGSIG_H */