diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/asm-generic/bitops/count_zeros.h | 57 | ||||
-rw-r--r-- | include/asm-generic/module.h | 40 | ||||
-rw-r--r-- | include/crypto/public_key.h | 108 | ||||
-rw-r--r-- | include/keys/asymmetric-parser.h | 37 | ||||
-rw-r--r-- | include/keys/asymmetric-subtype.h | 55 | ||||
-rw-r--r-- | include/keys/asymmetric-type.h | 25 | ||||
-rw-r--r-- | include/keys/user-type.h | 6 | ||||
-rw-r--r-- | include/linux/asn1.h | 67 | ||||
-rw-r--r-- | include/linux/asn1_ber_bytecode.h | 87 | ||||
-rw-r--r-- | include/linux/asn1_decoder.h | 24 | ||||
-rw-r--r-- | include/linux/key-type.h | 35 | ||||
-rw-r--r-- | include/linux/module.h | 8 | ||||
-rw-r--r-- | include/linux/moduleloader.h | 36 | ||||
-rw-r--r-- | include/linux/mpi.h | 1 | ||||
-rw-r--r-- | include/linux/oid_registry.h | 92 |
15 files changed, 663 insertions, 15 deletions
diff --git a/include/asm-generic/bitops/count_zeros.h b/include/asm-generic/bitops/count_zeros.h new file mode 100644 index 000000000000..97520d21fe62 --- /dev/null +++ b/include/asm-generic/bitops/count_zeros.h | |||
@@ -0,0 +1,57 @@ | |||
1 | /* Count leading and trailing zeros functions | ||
2 | * | ||
3 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public Licence | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the Licence, or (at your option) any later version. | ||
10 | */ | ||
11 | |||
12 | #ifndef _ASM_GENERIC_BITOPS_COUNT_ZEROS_H_ | ||
13 | #define _ASM_GENERIC_BITOPS_COUNT_ZEROS_H_ | ||
14 | |||
15 | #include <asm/bitops.h> | ||
16 | |||
17 | /** | ||
18 | * count_leading_zeros - Count the number of zeros from the MSB back | ||
19 | * @x: The value | ||
20 | * | ||
21 | * Count the number of leading zeros from the MSB going towards the LSB in @x. | ||
22 | * | ||
23 | * If the MSB of @x is set, the result is 0. | ||
24 | * If only the LSB of @x is set, then the result is BITS_PER_LONG-1. | ||
25 | * If @x is 0 then the result is COUNT_LEADING_ZEROS_0. | ||
26 | */ | ||
27 | static inline int count_leading_zeros(unsigned long x) | ||
28 | { | ||
29 | if (sizeof(x) == 4) | ||
30 | return BITS_PER_LONG - fls(x); | ||
31 | else | ||
32 | return BITS_PER_LONG - fls64(x); | ||
33 | } | ||
34 | |||
35 | #define COUNT_LEADING_ZEROS_0 BITS_PER_LONG | ||
36 | |||
37 | /** | ||
38 | * count_trailing_zeros - Count the number of zeros from the LSB forwards | ||
39 | * @x: The value | ||
40 | * | ||
41 | * Count the number of trailing zeros from the LSB going towards the MSB in @x. | ||
42 | * | ||
43 | * If the LSB of @x is set, the result is 0. | ||
44 | * If only the MSB of @x is set, then the result is BITS_PER_LONG-1. | ||
45 | * If @x is 0 then the result is COUNT_TRAILING_ZEROS_0. | ||
46 | */ | ||
47 | static inline int count_trailing_zeros(unsigned long x) | ||
48 | { | ||
49 | #define COUNT_TRAILING_ZEROS_0 (-1) | ||
50 | |||
51 | if (sizeof(x) == 4) | ||
52 | return ffs(x); | ||
53 | else | ||
54 | return (x != 0) ? __ffs(x) : COUNT_TRAILING_ZEROS_0; | ||
55 | } | ||
56 | |||
57 | #endif /* _ASM_GENERIC_BITOPS_COUNT_ZEROS_H_ */ | ||
diff --git a/include/asm-generic/module.h b/include/asm-generic/module.h index ed5b44de4c91..14dc41d185a7 100644 --- a/include/asm-generic/module.h +++ b/include/asm-generic/module.h | |||
@@ -5,18 +5,44 @@ | |||
5 | * Many architectures just need a simple module | 5 | * Many architectures just need a simple module |
6 | * loader without arch specific data. | 6 | * loader without arch specific data. |
7 | */ | 7 | */ |
8 | #ifndef CONFIG_HAVE_MOD_ARCH_SPECIFIC | ||
8 | struct mod_arch_specific | 9 | struct mod_arch_specific |
9 | { | 10 | { |
10 | }; | 11 | }; |
12 | #endif | ||
11 | 13 | ||
12 | #ifdef CONFIG_64BIT | 14 | #ifdef CONFIG_64BIT |
13 | #define Elf_Shdr Elf64_Shdr | 15 | #define Elf_Shdr Elf64_Shdr |
14 | #define Elf_Sym Elf64_Sym | 16 | #define Elf_Phdr Elf64_Phdr |
15 | #define Elf_Ehdr Elf64_Ehdr | 17 | #define Elf_Sym Elf64_Sym |
16 | #else | 18 | #define Elf_Dyn Elf64_Dyn |
17 | #define Elf_Shdr Elf32_Shdr | 19 | #define Elf_Ehdr Elf64_Ehdr |
18 | #define Elf_Sym Elf32_Sym | 20 | #define Elf_Addr Elf64_Addr |
19 | #define Elf_Ehdr Elf32_Ehdr | 21 | #ifdef CONFIG_MODULES_USE_ELF_REL |
22 | #define Elf_Rel Elf64_Rel | ||
23 | #endif | ||
24 | #ifdef CONFIG_MODULES_USE_ELF_RELA | ||
25 | #define Elf_Rela Elf64_Rela | ||
26 | #endif | ||
27 | #define ELF_R_TYPE(X) ELF64_R_TYPE(X) | ||
28 | #define ELF_R_SYM(X) ELF64_R_SYM(X) | ||
29 | |||
30 | #else /* CONFIG_64BIT */ | ||
31 | |||
32 | #define Elf_Shdr Elf32_Shdr | ||
33 | #define Elf_Phdr Elf32_Phdr | ||
34 | #define Elf_Sym Elf32_Sym | ||
35 | #define Elf_Dyn Elf32_Dyn | ||
36 | #define Elf_Ehdr Elf32_Ehdr | ||
37 | #define Elf_Addr Elf32_Addr | ||
38 | #ifdef CONFIG_MODULES_USE_ELF_REL | ||
39 | #define Elf_Rel Elf32_Rel | ||
40 | #endif | ||
41 | #ifdef CONFIG_MODULES_USE_ELF_RELA | ||
42 | #define Elf_Rela Elf32_Rela | ||
43 | #endif | ||
44 | #define ELF_R_TYPE(X) ELF32_R_TYPE(X) | ||
45 | #define ELF_R_SYM(X) ELF32_R_SYM(X) | ||
20 | #endif | 46 | #endif |
21 | 47 | ||
22 | #endif /* __ASM_GENERIC_MODULE_H */ | 48 | #endif /* __ASM_GENERIC_MODULE_H */ |
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h new file mode 100644 index 000000000000..f5b0224c9967 --- /dev/null +++ b/include/crypto/public_key.h | |||
@@ -0,0 +1,108 @@ | |||
1 | /* Asymmetric public-key algorithm definitions | ||
2 | * | ||
3 | * See Documentation/crypto/asymmetric-keys.txt | ||
4 | * | ||
5 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. | ||
6 | * Written by David Howells (dhowells@redhat.com) | ||
7 | * | ||
8 | * This program is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU General Public Licence | ||
10 | * as published by the Free Software Foundation; either version | ||
11 | * 2 of the Licence, or (at your option) any later version. | ||
12 | */ | ||
13 | |||
14 | #ifndef _LINUX_PUBLIC_KEY_H | ||
15 | #define _LINUX_PUBLIC_KEY_H | ||
16 | |||
17 | #include <linux/mpi.h> | ||
18 | |||
19 | enum pkey_algo { | ||
20 | PKEY_ALGO_DSA, | ||
21 | PKEY_ALGO_RSA, | ||
22 | PKEY_ALGO__LAST | ||
23 | }; | ||
24 | |||
25 | extern const char *const pkey_algo[PKEY_ALGO__LAST]; | ||
26 | |||
27 | enum pkey_hash_algo { | ||
28 | PKEY_HASH_MD4, | ||
29 | PKEY_HASH_MD5, | ||
30 | PKEY_HASH_SHA1, | ||
31 | PKEY_HASH_RIPE_MD_160, | ||
32 | PKEY_HASH_SHA256, | ||
33 | PKEY_HASH_SHA384, | ||
34 | PKEY_HASH_SHA512, | ||
35 | PKEY_HASH_SHA224, | ||
36 | PKEY_HASH__LAST | ||
37 | }; | ||
38 | |||
39 | extern const char *const pkey_hash_algo[PKEY_HASH__LAST]; | ||
40 | |||
41 | enum pkey_id_type { | ||
42 | PKEY_ID_PGP, /* OpenPGP generated key ID */ | ||
43 | PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */ | ||
44 | PKEY_ID_TYPE__LAST | ||
45 | }; | ||
46 | |||
47 | extern const char *const pkey_id_type[PKEY_ID_TYPE__LAST]; | ||
48 | |||
49 | /* | ||
50 | * Cryptographic data for the public-key subtype of the asymmetric key type. | ||
51 | * | ||
52 | * Note that this may include private part of the key as well as the public | ||
53 | * part. | ||
54 | */ | ||
55 | struct public_key { | ||
56 | const struct public_key_algorithm *algo; | ||
57 | u8 capabilities; | ||
58 | #define PKEY_CAN_ENCRYPT 0x01 | ||
59 | #define PKEY_CAN_DECRYPT 0x02 | ||
60 | #define PKEY_CAN_SIGN 0x04 | ||
61 | #define PKEY_CAN_VERIFY 0x08 | ||
62 | enum pkey_id_type id_type : 8; | ||
63 | union { | ||
64 | MPI mpi[5]; | ||
65 | struct { | ||
66 | MPI p; /* DSA prime */ | ||
67 | MPI q; /* DSA group order */ | ||
68 | MPI g; /* DSA group generator */ | ||
69 | MPI y; /* DSA public-key value = g^x mod p */ | ||
70 | MPI x; /* DSA secret exponent (if present) */ | ||
71 | } dsa; | ||
72 | struct { | ||
73 | MPI n; /* RSA public modulus */ | ||
74 | MPI e; /* RSA public encryption exponent */ | ||
75 | MPI d; /* RSA secret encryption exponent (if present) */ | ||
76 | MPI p; /* RSA secret prime (if present) */ | ||
77 | MPI q; /* RSA secret prime (if present) */ | ||
78 | } rsa; | ||
79 | }; | ||
80 | }; | ||
81 | |||
82 | extern void public_key_destroy(void *payload); | ||
83 | |||
84 | /* | ||
85 | * Public key cryptography signature data | ||
86 | */ | ||
87 | struct public_key_signature { | ||
88 | u8 *digest; | ||
89 | u8 digest_size; /* Number of bytes in digest */ | ||
90 | u8 nr_mpi; /* Occupancy of mpi[] */ | ||
91 | enum pkey_hash_algo pkey_hash_algo : 8; | ||
92 | union { | ||
93 | MPI mpi[2]; | ||
94 | struct { | ||
95 | MPI s; /* m^d mod n */ | ||
96 | } rsa; | ||
97 | struct { | ||
98 | MPI r; | ||
99 | MPI s; | ||
100 | } dsa; | ||
101 | }; | ||
102 | }; | ||
103 | |||
104 | struct key; | ||
105 | extern int verify_signature(const struct key *key, | ||
106 | const struct public_key_signature *sig); | ||
107 | |||
108 | #endif /* _LINUX_PUBLIC_KEY_H */ | ||
diff --git a/include/keys/asymmetric-parser.h b/include/keys/asymmetric-parser.h new file mode 100644 index 000000000000..09b3b4807f5c --- /dev/null +++ b/include/keys/asymmetric-parser.h | |||
@@ -0,0 +1,37 @@ | |||
1 | /* Asymmetric public-key cryptography data parser | ||
2 | * | ||
3 | * See Documentation/crypto/asymmetric-keys.txt | ||
4 | * | ||
5 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. | ||
6 | * Written by David Howells (dhowells@redhat.com) | ||
7 | * | ||
8 | * This program is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU General Public Licence | ||
10 | * as published by the Free Software Foundation; either version | ||
11 | * 2 of the Licence, or (at your option) any later version. | ||
12 | */ | ||
13 | |||
14 | #ifndef _KEYS_ASYMMETRIC_PARSER_H | ||
15 | #define _KEYS_ASYMMETRIC_PARSER_H | ||
16 | |||
17 | /* | ||
18 | * Key data parser. Called during key instantiation. | ||
19 | */ | ||
20 | struct asymmetric_key_parser { | ||
21 | struct list_head link; | ||
22 | struct module *owner; | ||
23 | const char *name; | ||
24 | |||
25 | /* Attempt to parse a key from the data blob passed to add_key() or | ||
26 | * keyctl_instantiate(). Should also generate a proposed description | ||
27 | * that the caller can optionally use for the key. | ||
28 | * | ||
29 | * Return EBADMSG if not recognised. | ||
30 | */ | ||
31 | int (*parse)(struct key_preparsed_payload *prep); | ||
32 | }; | ||
33 | |||
34 | extern int register_asymmetric_key_parser(struct asymmetric_key_parser *); | ||
35 | extern void unregister_asymmetric_key_parser(struct asymmetric_key_parser *); | ||
36 | |||
37 | #endif /* _KEYS_ASYMMETRIC_PARSER_H */ | ||
diff --git a/include/keys/asymmetric-subtype.h b/include/keys/asymmetric-subtype.h new file mode 100644 index 000000000000..4b840e822209 --- /dev/null +++ b/include/keys/asymmetric-subtype.h | |||
@@ -0,0 +1,55 @@ | |||
1 | /* Asymmetric public-key cryptography key subtype | ||
2 | * | ||
3 | * See Documentation/security/asymmetric-keys.txt | ||
4 | * | ||
5 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. | ||
6 | * Written by David Howells (dhowells@redhat.com) | ||
7 | * | ||
8 | * This program is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU General Public Licence | ||
10 | * as published by the Free Software Foundation; either version | ||
11 | * 2 of the Licence, or (at your option) any later version. | ||
12 | */ | ||
13 | |||
14 | #ifndef _KEYS_ASYMMETRIC_SUBTYPE_H | ||
15 | #define _KEYS_ASYMMETRIC_SUBTYPE_H | ||
16 | |||
17 | #include <linux/seq_file.h> | ||
18 | #include <keys/asymmetric-type.h> | ||
19 | |||
20 | struct public_key_signature; | ||
21 | |||
22 | /* | ||
23 | * Keys of this type declare a subtype that indicates the handlers and | ||
24 | * capabilities. | ||
25 | */ | ||
26 | struct asymmetric_key_subtype { | ||
27 | struct module *owner; | ||
28 | const char *name; | ||
29 | unsigned short name_len; /* length of name */ | ||
30 | |||
31 | /* Describe a key of this subtype for /proc/keys */ | ||
32 | void (*describe)(const struct key *key, struct seq_file *m); | ||
33 | |||
34 | /* Destroy a key of this subtype */ | ||
35 | void (*destroy)(void *payload); | ||
36 | |||
37 | /* Verify the signature on a key of this subtype (optional) */ | ||
38 | int (*verify_signature)(const struct key *key, | ||
39 | const struct public_key_signature *sig); | ||
40 | }; | ||
41 | |||
42 | /** | ||
43 | * asymmetric_key_subtype - Get the subtype from an asymmetric key | ||
44 | * @key: The key of interest. | ||
45 | * | ||
46 | * Retrieves and returns the subtype pointer of the asymmetric key from the | ||
47 | * type-specific data attached to the key. | ||
48 | */ | ||
49 | static inline | ||
50 | struct asymmetric_key_subtype *asymmetric_key_subtype(const struct key *key) | ||
51 | { | ||
52 | return key->type_data.p[0]; | ||
53 | } | ||
54 | |||
55 | #endif /* _KEYS_ASYMMETRIC_SUBTYPE_H */ | ||
diff --git a/include/keys/asymmetric-type.h b/include/keys/asymmetric-type.h new file mode 100644 index 000000000000..7dd473496180 --- /dev/null +++ b/include/keys/asymmetric-type.h | |||
@@ -0,0 +1,25 @@ | |||
1 | /* Asymmetric Public-key cryptography key type interface | ||
2 | * | ||
3 | * See Documentation/security/asymmetric-keys.txt | ||
4 | * | ||
5 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. | ||
6 | * Written by David Howells (dhowells@redhat.com) | ||
7 | * | ||
8 | * This program is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU General Public Licence | ||
10 | * as published by the Free Software Foundation; either version | ||
11 | * 2 of the Licence, or (at your option) any later version. | ||
12 | */ | ||
13 | |||
14 | #ifndef _KEYS_ASYMMETRIC_TYPE_H | ||
15 | #define _KEYS_ASYMMETRIC_TYPE_H | ||
16 | |||
17 | #include <linux/key-type.h> | ||
18 | |||
19 | extern struct key_type key_type_asymmetric; | ||
20 | |||
21 | /* | ||
22 | * The payload is at the discretion of the subtype. | ||
23 | */ | ||
24 | |||
25 | #endif /* _KEYS_ASYMMETRIC_TYPE_H */ | ||
diff --git a/include/keys/user-type.h b/include/keys/user-type.h index bc9ec1d7698c..5e452c84f1e6 100644 --- a/include/keys/user-type.h +++ b/include/keys/user-type.h | |||
@@ -35,8 +35,10 @@ struct user_key_payload { | |||
35 | extern struct key_type key_type_user; | 35 | extern struct key_type key_type_user; |
36 | extern struct key_type key_type_logon; | 36 | extern struct key_type key_type_logon; |
37 | 37 | ||
38 | extern int user_instantiate(struct key *key, const void *data, size_t datalen); | 38 | struct key_preparsed_payload; |
39 | extern int user_update(struct key *key, const void *data, size_t datalen); | 39 | |
40 | extern int user_instantiate(struct key *key, struct key_preparsed_payload *prep); | ||
41 | extern int user_update(struct key *key, struct key_preparsed_payload *prep); | ||
40 | extern int user_match(const struct key *key, const void *criterion); | 42 | extern int user_match(const struct key *key, const void *criterion); |
41 | extern void user_revoke(struct key *key); | 43 | extern void user_revoke(struct key *key); |
42 | extern void user_destroy(struct key *key); | 44 | extern void user_destroy(struct key *key); |
diff --git a/include/linux/asn1.h b/include/linux/asn1.h new file mode 100644 index 000000000000..5c3f4e4b9a23 --- /dev/null +++ b/include/linux/asn1.h | |||
@@ -0,0 +1,67 @@ | |||
1 | /* ASN.1 BER/DER/CER encoding definitions | ||
2 | * | ||
3 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public Licence | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the Licence, or (at your option) any later version. | ||
10 | */ | ||
11 | |||
12 | #ifndef _LINUX_ASN1_H | ||
13 | #define _LINUX_ASN1_H | ||
14 | |||
15 | /* Class */ | ||
16 | enum asn1_class { | ||
17 | ASN1_UNIV = 0, /* Universal */ | ||
18 | ASN1_APPL = 1, /* Application */ | ||
19 | ASN1_CONT = 2, /* Context */ | ||
20 | ASN1_PRIV = 3 /* Private */ | ||
21 | }; | ||
22 | #define ASN1_CLASS_BITS 0xc0 | ||
23 | |||
24 | |||
25 | enum asn1_method { | ||
26 | ASN1_PRIM = 0, /* Primitive */ | ||
27 | ASN1_CONS = 1 /* Constructed */ | ||
28 | }; | ||
29 | #define ASN1_CONS_BIT 0x20 | ||
30 | |||
31 | /* Tag */ | ||
32 | enum asn1_tag { | ||
33 | ASN1_EOC = 0, /* End Of Contents or N/A */ | ||
34 | ASN1_BOOL = 1, /* Boolean */ | ||
35 | ASN1_INT = 2, /* Integer */ | ||
36 | ASN1_BTS = 3, /* Bit String */ | ||
37 | ASN1_OTS = 4, /* Octet String */ | ||
38 | ASN1_NULL = 5, /* Null */ | ||
39 | ASN1_OID = 6, /* Object Identifier */ | ||
40 | ASN1_ODE = 7, /* Object Description */ | ||
41 | ASN1_EXT = 8, /* External */ | ||
42 | ASN1_REAL = 9, /* Real float */ | ||
43 | ASN1_ENUM = 10, /* Enumerated */ | ||
44 | ASN1_EPDV = 11, /* Embedded PDV */ | ||
45 | ASN1_UTF8STR = 12, /* UTF8 String */ | ||
46 | ASN1_RELOID = 13, /* Relative OID */ | ||
47 | /* 14 - Reserved */ | ||
48 | /* 15 - Reserved */ | ||
49 | ASN1_SEQ = 16, /* Sequence and Sequence of */ | ||
50 | ASN1_SET = 17, /* Set and Set of */ | ||
51 | ASN1_NUMSTR = 18, /* Numerical String */ | ||
52 | ASN1_PRNSTR = 19, /* Printable String */ | ||
53 | ASN1_TEXSTR = 20, /* T61 String / Teletext String */ | ||
54 | ASN1_VIDSTR = 21, /* Videotex String */ | ||
55 | ASN1_IA5STR = 22, /* IA5 String */ | ||
56 | ASN1_UNITIM = 23, /* Universal Time */ | ||
57 | ASN1_GENTIM = 24, /* General Time */ | ||
58 | ASN1_GRASTR = 25, /* Graphic String */ | ||
59 | ASN1_VISSTR = 26, /* Visible String */ | ||
60 | ASN1_GENSTR = 27, /* General String */ | ||
61 | ASN1_UNISTR = 28, /* Universal String */ | ||
62 | ASN1_CHRSTR = 29, /* Character String */ | ||
63 | ASN1_BMPSTR = 30, /* BMP String */ | ||
64 | ASN1_LONG_TAG = 31 /* Long form tag */ | ||
65 | }; | ||
66 | |||
67 | #endif /* _LINUX_ASN1_H */ | ||
diff --git a/include/linux/asn1_ber_bytecode.h b/include/linux/asn1_ber_bytecode.h new file mode 100644 index 000000000000..945d44ae529c --- /dev/null +++ b/include/linux/asn1_ber_bytecode.h | |||
@@ -0,0 +1,87 @@ | |||
1 | /* ASN.1 BER/DER/CER parsing state machine internal definitions | ||
2 | * | ||
3 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public Licence | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the Licence, or (at your option) any later version. | ||
10 | */ | ||
11 | |||
12 | #ifndef _LINUX_ASN1_BER_BYTECODE_H | ||
13 | #define _LINUX_ASN1_BER_BYTECODE_H | ||
14 | |||
15 | #ifdef __KERNEL__ | ||
16 | #include <linux/types.h> | ||
17 | #endif | ||
18 | #include <linux/asn1.h> | ||
19 | |||
20 | typedef int (*asn1_action_t)(void *context, | ||
21 | size_t hdrlen, /* In case of ANY type */ | ||
22 | unsigned char tag, /* In case of ANY type */ | ||
23 | const void *value, size_t vlen); | ||
24 | |||
25 | struct asn1_decoder { | ||
26 | const unsigned char *machine; | ||
27 | size_t machlen; | ||
28 | const asn1_action_t *actions; | ||
29 | }; | ||
30 | |||
31 | enum asn1_opcode { | ||
32 | /* The tag-matching ops come first and the odd-numbered slots | ||
33 | * are for OR_SKIP ops. | ||
34 | */ | ||
35 | #define ASN1_OP_MATCH__SKIP 0x01 | ||
36 | #define ASN1_OP_MATCH__ACT 0x02 | ||
37 | #define ASN1_OP_MATCH__JUMP 0x04 | ||
38 | #define ASN1_OP_MATCH__ANY 0x08 | ||
39 | #define ASN1_OP_MATCH__COND 0x10 | ||
40 | |||
41 | ASN1_OP_MATCH = 0x00, | ||
42 | ASN1_OP_MATCH_OR_SKIP = 0x01, | ||
43 | ASN1_OP_MATCH_ACT = 0x02, | ||
44 | ASN1_OP_MATCH_ACT_OR_SKIP = 0x03, | ||
45 | ASN1_OP_MATCH_JUMP = 0x04, | ||
46 | ASN1_OP_MATCH_JUMP_OR_SKIP = 0x05, | ||
47 | ASN1_OP_MATCH_ANY = 0x08, | ||
48 | ASN1_OP_MATCH_ANY_ACT = 0x0a, | ||
49 | /* Everything before here matches unconditionally */ | ||
50 | |||
51 | ASN1_OP_COND_MATCH_OR_SKIP = 0x11, | ||
52 | ASN1_OP_COND_MATCH_ACT_OR_SKIP = 0x13, | ||
53 | ASN1_OP_COND_MATCH_JUMP_OR_SKIP = 0x15, | ||
54 | ASN1_OP_COND_MATCH_ANY = 0x18, | ||
55 | ASN1_OP_COND_MATCH_ANY_ACT = 0x1a, | ||
56 | |||
57 | /* Everything before here will want a tag from the data */ | ||
58 | #define ASN1_OP__MATCHES_TAG ASN1_OP_COND_MATCH_ANY_ACT | ||
59 | |||
60 | /* These are here to help fill up space */ | ||
61 | ASN1_OP_COND_FAIL = 0x1b, | ||
62 | ASN1_OP_COMPLETE = 0x1c, | ||
63 | ASN1_OP_ACT = 0x1d, | ||
64 | ASN1_OP_RETURN = 0x1e, | ||
65 | |||
66 | /* The following eight have bit 0 -> SET, 1 -> OF, 2 -> ACT */ | ||
67 | ASN1_OP_END_SEQ = 0x20, | ||
68 | ASN1_OP_END_SET = 0x21, | ||
69 | ASN1_OP_END_SEQ_OF = 0x22, | ||
70 | ASN1_OP_END_SET_OF = 0x23, | ||
71 | ASN1_OP_END_SEQ_ACT = 0x24, | ||
72 | ASN1_OP_END_SET_ACT = 0x25, | ||
73 | ASN1_OP_END_SEQ_OF_ACT = 0x26, | ||
74 | ASN1_OP_END_SET_OF_ACT = 0x27, | ||
75 | #define ASN1_OP_END__SET 0x01 | ||
76 | #define ASN1_OP_END__OF 0x02 | ||
77 | #define ASN1_OP_END__ACT 0x04 | ||
78 | |||
79 | ASN1_OP__NR | ||
80 | }; | ||
81 | |||
82 | #define _tag(CLASS, CP, TAG) ((ASN1_##CLASS << 6) | (ASN1_##CP << 5) | ASN1_##TAG) | ||
83 | #define _tagn(CLASS, CP, TAG) ((ASN1_##CLASS << 6) | (ASN1_##CP << 5) | TAG) | ||
84 | #define _jump_target(N) (N) | ||
85 | #define _action(N) (N) | ||
86 | |||
87 | #endif /* _LINUX_ASN1_BER_BYTECODE_H */ | ||
diff --git a/include/linux/asn1_decoder.h b/include/linux/asn1_decoder.h new file mode 100644 index 000000000000..fa2ff5bc0483 --- /dev/null +++ b/include/linux/asn1_decoder.h | |||
@@ -0,0 +1,24 @@ | |||
1 | /* ASN.1 decoder | ||
2 | * | ||
3 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public Licence | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the Licence, or (at your option) any later version. | ||
10 | */ | ||
11 | |||
12 | #ifndef _LINUX_ASN1_DECODER_H | ||
13 | #define _LINUX_ASN1_DECODER_H | ||
14 | |||
15 | #include <linux/asn1.h> | ||
16 | |||
17 | struct asn1_decoder; | ||
18 | |||
19 | extern int asn1_ber_decoder(const struct asn1_decoder *decoder, | ||
20 | void *context, | ||
21 | const unsigned char *data, | ||
22 | size_t datalen); | ||
23 | |||
24 | #endif /* _LINUX_ASN1_DECODER_H */ | ||
diff --git a/include/linux/key-type.h b/include/linux/key-type.h index f0c651cda7b0..518a53afb9ea 100644 --- a/include/linux/key-type.h +++ b/include/linux/key-type.h | |||
@@ -26,6 +26,27 @@ struct key_construction { | |||
26 | struct key *authkey;/* authorisation for key being constructed */ | 26 | struct key *authkey;/* authorisation for key being constructed */ |
27 | }; | 27 | }; |
28 | 28 | ||
29 | /* | ||
30 | * Pre-parsed payload, used by key add, update and instantiate. | ||
31 | * | ||
32 | * This struct will be cleared and data and datalen will be set with the data | ||
33 | * and length parameters from the caller and quotalen will be set from | ||
34 | * def_datalen from the key type. Then if the preparse() op is provided by the | ||
35 | * key type, that will be called. Then the struct will be passed to the | ||
36 | * instantiate() or the update() op. | ||
37 | * | ||
38 | * If the preparse() op is given, the free_preparse() op will be called to | ||
39 | * clear the contents. | ||
40 | */ | ||
41 | struct key_preparsed_payload { | ||
42 | char *description; /* Proposed key description (or NULL) */ | ||
43 | void *type_data[2]; /* Private key-type data */ | ||
44 | void *payload; /* Proposed payload */ | ||
45 | const void *data; /* Raw data */ | ||
46 | size_t datalen; /* Raw datalen */ | ||
47 | size_t quotalen; /* Quota length for proposed payload */ | ||
48 | }; | ||
49 | |||
29 | typedef int (*request_key_actor_t)(struct key_construction *key, | 50 | typedef int (*request_key_actor_t)(struct key_construction *key, |
30 | const char *op, void *aux); | 51 | const char *op, void *aux); |
31 | 52 | ||
@@ -45,18 +66,28 @@ struct key_type { | |||
45 | /* vet a description */ | 66 | /* vet a description */ |
46 | int (*vet_description)(const char *description); | 67 | int (*vet_description)(const char *description); |
47 | 68 | ||
69 | /* Preparse the data blob from userspace that is to be the payload, | ||
70 | * generating a proposed description and payload that will be handed to | ||
71 | * the instantiate() and update() ops. | ||
72 | */ | ||
73 | int (*preparse)(struct key_preparsed_payload *prep); | ||
74 | |||
75 | /* Free a preparse data structure. | ||
76 | */ | ||
77 | void (*free_preparse)(struct key_preparsed_payload *prep); | ||
78 | |||
48 | /* instantiate a key of this type | 79 | /* instantiate a key of this type |
49 | * - this method should call key_payload_reserve() to determine if the | 80 | * - this method should call key_payload_reserve() to determine if the |
50 | * user's quota will hold the payload | 81 | * user's quota will hold the payload |
51 | */ | 82 | */ |
52 | int (*instantiate)(struct key *key, const void *data, size_t datalen); | 83 | int (*instantiate)(struct key *key, struct key_preparsed_payload *prep); |
53 | 84 | ||
54 | /* update a key of this type (optional) | 85 | /* update a key of this type (optional) |
55 | * - this method should call key_payload_reserve() to recalculate the | 86 | * - this method should call key_payload_reserve() to recalculate the |
56 | * quota consumption | 87 | * quota consumption |
57 | * - the key must be locked against read when modifying | 88 | * - the key must be locked against read when modifying |
58 | */ | 89 | */ |
59 | int (*update)(struct key *key, const void *data, size_t datalen); | 90 | int (*update)(struct key *key, struct key_preparsed_payload *prep); |
60 | 91 | ||
61 | /* match a key against a description */ | 92 | /* match a key against a description */ |
62 | int (*match)(const struct key *key, const void *desc); | 93 | int (*match)(const struct key *key, const void *desc); |
diff --git a/include/linux/module.h b/include/linux/module.h index fbcafe2ee13e..7760c6d344a3 100644 --- a/include/linux/module.h +++ b/include/linux/module.h | |||
@@ -21,6 +21,9 @@ | |||
21 | #include <linux/percpu.h> | 21 | #include <linux/percpu.h> |
22 | #include <asm/module.h> | 22 | #include <asm/module.h> |
23 | 23 | ||
24 | /* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ | ||
25 | #define MODULE_SIG_STRING "~Module signature appended~\n" | ||
26 | |||
24 | /* Not Yet Implemented */ | 27 | /* Not Yet Implemented */ |
25 | #define MODULE_SUPPORTED_DEVICE(name) | 28 | #define MODULE_SUPPORTED_DEVICE(name) |
26 | 29 | ||
@@ -260,6 +263,11 @@ struct module | |||
260 | const unsigned long *unused_gpl_crcs; | 263 | const unsigned long *unused_gpl_crcs; |
261 | #endif | 264 | #endif |
262 | 265 | ||
266 | #ifdef CONFIG_MODULE_SIG | ||
267 | /* Signature was verified. */ | ||
268 | bool sig_ok; | ||
269 | #endif | ||
270 | |||
263 | /* symbols that will be GPL-only in the near future. */ | 271 | /* symbols that will be GPL-only in the near future. */ |
264 | const struct kernel_symbol *gpl_future_syms; | 272 | const struct kernel_symbol *gpl_future_syms; |
265 | const unsigned long *gpl_future_crcs; | 273 | const unsigned long *gpl_future_crcs; |
diff --git a/include/linux/moduleloader.h b/include/linux/moduleloader.h index b2be02ebf453..560ca53a75fa 100644 --- a/include/linux/moduleloader.h +++ b/include/linux/moduleloader.h | |||
@@ -28,21 +28,49 @@ void *module_alloc(unsigned long size); | |||
28 | /* Free memory returned from module_alloc. */ | 28 | /* Free memory returned from module_alloc. */ |
29 | void module_free(struct module *mod, void *module_region); | 29 | void module_free(struct module *mod, void *module_region); |
30 | 30 | ||
31 | /* Apply the given relocation to the (simplified) ELF. Return -error | 31 | /* |
32 | or 0. */ | 32 | * Apply the given relocation to the (simplified) ELF. Return -error |
33 | * or 0. | ||
34 | */ | ||
35 | #ifdef CONFIG_MODULES_USE_ELF_REL | ||
33 | int apply_relocate(Elf_Shdr *sechdrs, | 36 | int apply_relocate(Elf_Shdr *sechdrs, |
34 | const char *strtab, | 37 | const char *strtab, |
35 | unsigned int symindex, | 38 | unsigned int symindex, |
36 | unsigned int relsec, | 39 | unsigned int relsec, |
37 | struct module *mod); | 40 | struct module *mod); |
41 | #else | ||
42 | static inline int apply_relocate(Elf_Shdr *sechdrs, | ||
43 | const char *strtab, | ||
44 | unsigned int symindex, | ||
45 | unsigned int relsec, | ||
46 | struct module *me) | ||
47 | { | ||
48 | printk(KERN_ERR "module %s: REL relocation unsupported\n", me->name); | ||
49 | return -ENOEXEC; | ||
50 | } | ||
51 | #endif | ||
38 | 52 | ||
39 | /* Apply the given add relocation to the (simplified) ELF. Return | 53 | /* |
40 | -error or 0 */ | 54 | * Apply the given add relocation to the (simplified) ELF. Return |
55 | * -error or 0 | ||
56 | */ | ||
57 | #ifdef CONFIG_MODULES_USE_ELF_RELA | ||
41 | int apply_relocate_add(Elf_Shdr *sechdrs, | 58 | int apply_relocate_add(Elf_Shdr *sechdrs, |
42 | const char *strtab, | 59 | const char *strtab, |
43 | unsigned int symindex, | 60 | unsigned int symindex, |
44 | unsigned int relsec, | 61 | unsigned int relsec, |
45 | struct module *mod); | 62 | struct module *mod); |
63 | #else | ||
64 | static inline int apply_relocate_add(Elf_Shdr *sechdrs, | ||
65 | const char *strtab, | ||
66 | unsigned int symindex, | ||
67 | unsigned int relsec, | ||
68 | struct module *me) | ||
69 | { | ||
70 | printk(KERN_ERR "module %s: REL relocation unsupported\n", me->name); | ||
71 | return -ENOEXEC; | ||
72 | } | ||
73 | #endif | ||
46 | 74 | ||
47 | /* Any final processing of module before access. Return -error or 0. */ | 75 | /* Any final processing of module before access. Return -error or 0. */ |
48 | int module_finalize(const Elf_Ehdr *hdr, | 76 | int module_finalize(const Elf_Ehdr *hdr, |
diff --git a/include/linux/mpi.h b/include/linux/mpi.h index d02cca6cc8ce..5af1b81def49 100644 --- a/include/linux/mpi.h +++ b/include/linux/mpi.h | |||
@@ -76,6 +76,7 @@ void mpi_swap(MPI a, MPI b); | |||
76 | 76 | ||
77 | /*-- mpicoder.c --*/ | 77 | /*-- mpicoder.c --*/ |
78 | MPI do_encode_md(const void *sha_buffer, unsigned nbits); | 78 | MPI do_encode_md(const void *sha_buffer, unsigned nbits); |
79 | MPI mpi_read_raw_data(const void *xbuffer, size_t nbytes); | ||
79 | MPI mpi_read_from_buffer(const void *buffer, unsigned *ret_nread); | 80 | MPI mpi_read_from_buffer(const void *buffer, unsigned *ret_nread); |
80 | int mpi_fromstr(MPI val, const char *str); | 81 | int mpi_fromstr(MPI val, const char *str); |
81 | u32 mpi_get_keyid(MPI a, u32 *keyid); | 82 | u32 mpi_get_keyid(MPI a, u32 *keyid); |
diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h new file mode 100644 index 000000000000..6926db724258 --- /dev/null +++ b/include/linux/oid_registry.h | |||
@@ -0,0 +1,92 @@ | |||
1 | /* ASN.1 Object identifier (OID) registry | ||
2 | * | ||
3 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public Licence | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the Licence, or (at your option) any later version. | ||
10 | */ | ||
11 | |||
12 | #ifndef _LINUX_OID_REGISTRY_H | ||
13 | #define _LINUX_OID_REGISTRY_H | ||
14 | |||
15 | #include <linux/types.h> | ||
16 | |||
17 | /* | ||
18 | * OIDs are turned into these values if possible, or OID__NR if not held here. | ||
19 | * | ||
20 | * NOTE! Do not mess with the format of each line as this is read by | ||
21 | * build_OID_registry.pl to generate the data for look_up_OID(). | ||
22 | */ | ||
23 | enum OID { | ||
24 | OID_id_dsa_with_sha1, /* 1.2.840.10030.4.3 */ | ||
25 | OID_id_dsa, /* 1.2.840.10040.4.1 */ | ||
26 | OID_id_ecdsa_with_sha1, /* 1.2.840.10045.4.1 */ | ||
27 | OID_id_ecPublicKey, /* 1.2.840.10045.2.1 */ | ||
28 | |||
29 | /* PKCS#1 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)} */ | ||
30 | OID_rsaEncryption, /* 1.2.840.113549.1.1.1 */ | ||
31 | OID_md2WithRSAEncryption, /* 1.2.840.113549.1.1.2 */ | ||
32 | OID_md3WithRSAEncryption, /* 1.2.840.113549.1.1.3 */ | ||
33 | OID_md4WithRSAEncryption, /* 1.2.840.113549.1.1.4 */ | ||
34 | OID_sha1WithRSAEncryption, /* 1.2.840.113549.1.1.5 */ | ||
35 | OID_sha256WithRSAEncryption, /* 1.2.840.113549.1.1.11 */ | ||
36 | OID_sha384WithRSAEncryption, /* 1.2.840.113549.1.1.12 */ | ||
37 | OID_sha512WithRSAEncryption, /* 1.2.840.113549.1.1.13 */ | ||
38 | OID_sha224WithRSAEncryption, /* 1.2.840.113549.1.1.14 */ | ||
39 | /* PKCS#7 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-7(7)} */ | ||
40 | OID_data, /* 1.2.840.113549.1.7.1 */ | ||
41 | OID_signed_data, /* 1.2.840.113549.1.7.2 */ | ||
42 | /* PKCS#9 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)} */ | ||
43 | OID_email_address, /* 1.2.840.113549.1.9.1 */ | ||
44 | OID_content_type, /* 1.2.840.113549.1.9.3 */ | ||
45 | OID_messageDigest, /* 1.2.840.113549.1.9.4 */ | ||
46 | OID_signingTime, /* 1.2.840.113549.1.9.5 */ | ||
47 | OID_smimeCapabilites, /* 1.2.840.113549.1.9.15 */ | ||
48 | OID_smimeAuthenticatedAttrs, /* 1.2.840.113549.1.9.16.2.11 */ | ||
49 | |||
50 | /* {iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2)} */ | ||
51 | OID_md2, /* 1.2.840.113549.2.2 */ | ||
52 | OID_md4, /* 1.2.840.113549.2.4 */ | ||
53 | OID_md5, /* 1.2.840.113549.2.5 */ | ||
54 | |||
55 | OID_certAuthInfoAccess, /* 1.3.6.1.5.5.7.1.1 */ | ||
56 | OID_msOutlookExpress, /* 1.3.6.1.4.1.311.16.4 */ | ||
57 | OID_sha1, /* 1.3.14.3.2.26 */ | ||
58 | |||
59 | /* Distinguished Name attribute IDs [RFC 2256] */ | ||
60 | OID_commonName, /* 2.5.4.3 */ | ||
61 | OID_surname, /* 2.5.4.4 */ | ||
62 | OID_countryName, /* 2.5.4.6 */ | ||
63 | OID_locality, /* 2.5.4.7 */ | ||
64 | OID_stateOrProvinceName, /* 2.5.4.8 */ | ||
65 | OID_organizationName, /* 2.5.4.10 */ | ||
66 | OID_organizationUnitName, /* 2.5.4.11 */ | ||
67 | OID_title, /* 2.5.4.12 */ | ||
68 | OID_description, /* 2.5.4.13 */ | ||
69 | OID_name, /* 2.5.4.41 */ | ||
70 | OID_givenName, /* 2.5.4.42 */ | ||
71 | OID_initials, /* 2.5.4.43 */ | ||
72 | OID_generationalQualifier, /* 2.5.4.44 */ | ||
73 | |||
74 | /* Certificate extension IDs */ | ||
75 | OID_subjectKeyIdentifier, /* 2.5.29.14 */ | ||
76 | OID_keyUsage, /* 2.5.29.15 */ | ||
77 | OID_subjectAltName, /* 2.5.29.17 */ | ||
78 | OID_issuerAltName, /* 2.5.29.18 */ | ||
79 | OID_basicConstraints, /* 2.5.29.19 */ | ||
80 | OID_crlDistributionPoints, /* 2.5.29.31 */ | ||
81 | OID_certPolicies, /* 2.5.29.32 */ | ||
82 | OID_authorityKeyIdentifier, /* 2.5.29.35 */ | ||
83 | OID_extKeyUsage, /* 2.5.29.37 */ | ||
84 | |||
85 | OID__NR | ||
86 | }; | ||
87 | |||
88 | extern enum OID look_up_OID(const void *data, size_t datasize); | ||
89 | extern int sprint_oid(const void *, size_t, char *, size_t); | ||
90 | extern int sprint_OID(enum OID, char *, size_t); | ||
91 | |||
92 | #endif /* _LINUX_OID_REGISTRY_H */ | ||