aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/asm-generic/bitops/count_zeros.h57
-rw-r--r--include/asm-generic/module.h40
-rw-r--r--include/crypto/public_key.h108
-rw-r--r--include/keys/asymmetric-parser.h37
-rw-r--r--include/keys/asymmetric-subtype.h55
-rw-r--r--include/keys/asymmetric-type.h25
-rw-r--r--include/keys/user-type.h6
-rw-r--r--include/linux/asn1.h67
-rw-r--r--include/linux/asn1_ber_bytecode.h87
-rw-r--r--include/linux/asn1_decoder.h24
-rw-r--r--include/linux/key-type.h35
-rw-r--r--include/linux/module.h8
-rw-r--r--include/linux/moduleloader.h36
-rw-r--r--include/linux/mpi.h1
-rw-r--r--include/linux/oid_registry.h92
15 files changed, 663 insertions, 15 deletions
diff --git a/include/asm-generic/bitops/count_zeros.h b/include/asm-generic/bitops/count_zeros.h
new file mode 100644
index 000000000000..97520d21fe62
--- /dev/null
+++ b/include/asm-generic/bitops/count_zeros.h
@@ -0,0 +1,57 @@
1/* Count leading and trailing zeros functions
2 *
3 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
10 */
11
12#ifndef _ASM_GENERIC_BITOPS_COUNT_ZEROS_H_
13#define _ASM_GENERIC_BITOPS_COUNT_ZEROS_H_
14
15#include <asm/bitops.h>
16
17/**
18 * count_leading_zeros - Count the number of zeros from the MSB back
19 * @x: The value
20 *
21 * Count the number of leading zeros from the MSB going towards the LSB in @x.
22 *
23 * If the MSB of @x is set, the result is 0.
24 * If only the LSB of @x is set, then the result is BITS_PER_LONG-1.
25 * If @x is 0 then the result is COUNT_LEADING_ZEROS_0.
26 */
27static inline int count_leading_zeros(unsigned long x)
28{
29 if (sizeof(x) == 4)
30 return BITS_PER_LONG - fls(x);
31 else
32 return BITS_PER_LONG - fls64(x);
33}
34
35#define COUNT_LEADING_ZEROS_0 BITS_PER_LONG
36
37/**
38 * count_trailing_zeros - Count the number of zeros from the LSB forwards
39 * @x: The value
40 *
41 * Count the number of trailing zeros from the LSB going towards the MSB in @x.
42 *
43 * If the LSB of @x is set, the result is 0.
44 * If only the MSB of @x is set, then the result is BITS_PER_LONG-1.
45 * If @x is 0 then the result is COUNT_TRAILING_ZEROS_0.
46 */
47static inline int count_trailing_zeros(unsigned long x)
48{
49#define COUNT_TRAILING_ZEROS_0 (-1)
50
51 if (sizeof(x) == 4)
52 return ffs(x);
53 else
54 return (x != 0) ? __ffs(x) : COUNT_TRAILING_ZEROS_0;
55}
56
57#endif /* _ASM_GENERIC_BITOPS_COUNT_ZEROS_H_ */
diff --git a/include/asm-generic/module.h b/include/asm-generic/module.h
index ed5b44de4c91..14dc41d185a7 100644
--- a/include/asm-generic/module.h
+++ b/include/asm-generic/module.h
@@ -5,18 +5,44 @@
5 * Many architectures just need a simple module 5 * Many architectures just need a simple module
6 * loader without arch specific data. 6 * loader without arch specific data.
7 */ 7 */
8#ifndef CONFIG_HAVE_MOD_ARCH_SPECIFIC
8struct mod_arch_specific 9struct mod_arch_specific
9{ 10{
10}; 11};
12#endif
11 13
12#ifdef CONFIG_64BIT 14#ifdef CONFIG_64BIT
13#define Elf_Shdr Elf64_Shdr 15#define Elf_Shdr Elf64_Shdr
14#define Elf_Sym Elf64_Sym 16#define Elf_Phdr Elf64_Phdr
15#define Elf_Ehdr Elf64_Ehdr 17#define Elf_Sym Elf64_Sym
16#else 18#define Elf_Dyn Elf64_Dyn
17#define Elf_Shdr Elf32_Shdr 19#define Elf_Ehdr Elf64_Ehdr
18#define Elf_Sym Elf32_Sym 20#define Elf_Addr Elf64_Addr
19#define Elf_Ehdr Elf32_Ehdr 21#ifdef CONFIG_MODULES_USE_ELF_REL
22#define Elf_Rel Elf64_Rel
23#endif
24#ifdef CONFIG_MODULES_USE_ELF_RELA
25#define Elf_Rela Elf64_Rela
26#endif
27#define ELF_R_TYPE(X) ELF64_R_TYPE(X)
28#define ELF_R_SYM(X) ELF64_R_SYM(X)
29
30#else /* CONFIG_64BIT */
31
32#define Elf_Shdr Elf32_Shdr
33#define Elf_Phdr Elf32_Phdr
34#define Elf_Sym Elf32_Sym
35#define Elf_Dyn Elf32_Dyn
36#define Elf_Ehdr Elf32_Ehdr
37#define Elf_Addr Elf32_Addr
38#ifdef CONFIG_MODULES_USE_ELF_REL
39#define Elf_Rel Elf32_Rel
40#endif
41#ifdef CONFIG_MODULES_USE_ELF_RELA
42#define Elf_Rela Elf32_Rela
43#endif
44#define ELF_R_TYPE(X) ELF32_R_TYPE(X)
45#define ELF_R_SYM(X) ELF32_R_SYM(X)
20#endif 46#endif
21 47
22#endif /* __ASM_GENERIC_MODULE_H */ 48#endif /* __ASM_GENERIC_MODULE_H */
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
new file mode 100644
index 000000000000..f5b0224c9967
--- /dev/null
+++ b/include/crypto/public_key.h
@@ -0,0 +1,108 @@
1/* Asymmetric public-key algorithm definitions
2 *
3 * See Documentation/crypto/asymmetric-keys.txt
4 *
5 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
6 * Written by David Howells (dhowells@redhat.com)
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public Licence
10 * as published by the Free Software Foundation; either version
11 * 2 of the Licence, or (at your option) any later version.
12 */
13
14#ifndef _LINUX_PUBLIC_KEY_H
15#define _LINUX_PUBLIC_KEY_H
16
17#include <linux/mpi.h>
18
19enum pkey_algo {
20 PKEY_ALGO_DSA,
21 PKEY_ALGO_RSA,
22 PKEY_ALGO__LAST
23};
24
25extern const char *const pkey_algo[PKEY_ALGO__LAST];
26
27enum pkey_hash_algo {
28 PKEY_HASH_MD4,
29 PKEY_HASH_MD5,
30 PKEY_HASH_SHA1,
31 PKEY_HASH_RIPE_MD_160,
32 PKEY_HASH_SHA256,
33 PKEY_HASH_SHA384,
34 PKEY_HASH_SHA512,
35 PKEY_HASH_SHA224,
36 PKEY_HASH__LAST
37};
38
39extern const char *const pkey_hash_algo[PKEY_HASH__LAST];
40
41enum pkey_id_type {
42 PKEY_ID_PGP, /* OpenPGP generated key ID */
43 PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */
44 PKEY_ID_TYPE__LAST
45};
46
47extern const char *const pkey_id_type[PKEY_ID_TYPE__LAST];
48
49/*
50 * Cryptographic data for the public-key subtype of the asymmetric key type.
51 *
52 * Note that this may include private part of the key as well as the public
53 * part.
54 */
55struct public_key {
56 const struct public_key_algorithm *algo;
57 u8 capabilities;
58#define PKEY_CAN_ENCRYPT 0x01
59#define PKEY_CAN_DECRYPT 0x02
60#define PKEY_CAN_SIGN 0x04
61#define PKEY_CAN_VERIFY 0x08
62 enum pkey_id_type id_type : 8;
63 union {
64 MPI mpi[5];
65 struct {
66 MPI p; /* DSA prime */
67 MPI q; /* DSA group order */
68 MPI g; /* DSA group generator */
69 MPI y; /* DSA public-key value = g^x mod p */
70 MPI x; /* DSA secret exponent (if present) */
71 } dsa;
72 struct {
73 MPI n; /* RSA public modulus */
74 MPI e; /* RSA public encryption exponent */
75 MPI d; /* RSA secret encryption exponent (if present) */
76 MPI p; /* RSA secret prime (if present) */
77 MPI q; /* RSA secret prime (if present) */
78 } rsa;
79 };
80};
81
82extern void public_key_destroy(void *payload);
83
84/*
85 * Public key cryptography signature data
86 */
87struct public_key_signature {
88 u8 *digest;
89 u8 digest_size; /* Number of bytes in digest */
90 u8 nr_mpi; /* Occupancy of mpi[] */
91 enum pkey_hash_algo pkey_hash_algo : 8;
92 union {
93 MPI mpi[2];
94 struct {
95 MPI s; /* m^d mod n */
96 } rsa;
97 struct {
98 MPI r;
99 MPI s;
100 } dsa;
101 };
102};
103
104struct key;
105extern int verify_signature(const struct key *key,
106 const struct public_key_signature *sig);
107
108#endif /* _LINUX_PUBLIC_KEY_H */
diff --git a/include/keys/asymmetric-parser.h b/include/keys/asymmetric-parser.h
new file mode 100644
index 000000000000..09b3b4807f5c
--- /dev/null
+++ b/include/keys/asymmetric-parser.h
@@ -0,0 +1,37 @@
1/* Asymmetric public-key cryptography data parser
2 *
3 * See Documentation/crypto/asymmetric-keys.txt
4 *
5 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
6 * Written by David Howells (dhowells@redhat.com)
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public Licence
10 * as published by the Free Software Foundation; either version
11 * 2 of the Licence, or (at your option) any later version.
12 */
13
14#ifndef _KEYS_ASYMMETRIC_PARSER_H
15#define _KEYS_ASYMMETRIC_PARSER_H
16
17/*
18 * Key data parser. Called during key instantiation.
19 */
20struct asymmetric_key_parser {
21 struct list_head link;
22 struct module *owner;
23 const char *name;
24
25 /* Attempt to parse a key from the data blob passed to add_key() or
26 * keyctl_instantiate(). Should also generate a proposed description
27 * that the caller can optionally use for the key.
28 *
29 * Return EBADMSG if not recognised.
30 */
31 int (*parse)(struct key_preparsed_payload *prep);
32};
33
34extern int register_asymmetric_key_parser(struct asymmetric_key_parser *);
35extern void unregister_asymmetric_key_parser(struct asymmetric_key_parser *);
36
37#endif /* _KEYS_ASYMMETRIC_PARSER_H */
diff --git a/include/keys/asymmetric-subtype.h b/include/keys/asymmetric-subtype.h
new file mode 100644
index 000000000000..4b840e822209
--- /dev/null
+++ b/include/keys/asymmetric-subtype.h
@@ -0,0 +1,55 @@
1/* Asymmetric public-key cryptography key subtype
2 *
3 * See Documentation/security/asymmetric-keys.txt
4 *
5 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
6 * Written by David Howells (dhowells@redhat.com)
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public Licence
10 * as published by the Free Software Foundation; either version
11 * 2 of the Licence, or (at your option) any later version.
12 */
13
14#ifndef _KEYS_ASYMMETRIC_SUBTYPE_H
15#define _KEYS_ASYMMETRIC_SUBTYPE_H
16
17#include <linux/seq_file.h>
18#include <keys/asymmetric-type.h>
19
20struct public_key_signature;
21
22/*
23 * Keys of this type declare a subtype that indicates the handlers and
24 * capabilities.
25 */
26struct asymmetric_key_subtype {
27 struct module *owner;
28 const char *name;
29 unsigned short name_len; /* length of name */
30
31 /* Describe a key of this subtype for /proc/keys */
32 void (*describe)(const struct key *key, struct seq_file *m);
33
34 /* Destroy a key of this subtype */
35 void (*destroy)(void *payload);
36
37 /* Verify the signature on a key of this subtype (optional) */
38 int (*verify_signature)(const struct key *key,
39 const struct public_key_signature *sig);
40};
41
42/**
43 * asymmetric_key_subtype - Get the subtype from an asymmetric key
44 * @key: The key of interest.
45 *
46 * Retrieves and returns the subtype pointer of the asymmetric key from the
47 * type-specific data attached to the key.
48 */
49static inline
50struct asymmetric_key_subtype *asymmetric_key_subtype(const struct key *key)
51{
52 return key->type_data.p[0];
53}
54
55#endif /* _KEYS_ASYMMETRIC_SUBTYPE_H */
diff --git a/include/keys/asymmetric-type.h b/include/keys/asymmetric-type.h
new file mode 100644
index 000000000000..7dd473496180
--- /dev/null
+++ b/include/keys/asymmetric-type.h
@@ -0,0 +1,25 @@
1/* Asymmetric Public-key cryptography key type interface
2 *
3 * See Documentation/security/asymmetric-keys.txt
4 *
5 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
6 * Written by David Howells (dhowells@redhat.com)
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public Licence
10 * as published by the Free Software Foundation; either version
11 * 2 of the Licence, or (at your option) any later version.
12 */
13
14#ifndef _KEYS_ASYMMETRIC_TYPE_H
15#define _KEYS_ASYMMETRIC_TYPE_H
16
17#include <linux/key-type.h>
18
19extern struct key_type key_type_asymmetric;
20
21/*
22 * The payload is at the discretion of the subtype.
23 */
24
25#endif /* _KEYS_ASYMMETRIC_TYPE_H */
diff --git a/include/keys/user-type.h b/include/keys/user-type.h
index bc9ec1d7698c..5e452c84f1e6 100644
--- a/include/keys/user-type.h
+++ b/include/keys/user-type.h
@@ -35,8 +35,10 @@ struct user_key_payload {
35extern struct key_type key_type_user; 35extern struct key_type key_type_user;
36extern struct key_type key_type_logon; 36extern struct key_type key_type_logon;
37 37
38extern int user_instantiate(struct key *key, const void *data, size_t datalen); 38struct key_preparsed_payload;
39extern int user_update(struct key *key, const void *data, size_t datalen); 39
40extern int user_instantiate(struct key *key, struct key_preparsed_payload *prep);
41extern int user_update(struct key *key, struct key_preparsed_payload *prep);
40extern int user_match(const struct key *key, const void *criterion); 42extern int user_match(const struct key *key, const void *criterion);
41extern void user_revoke(struct key *key); 43extern void user_revoke(struct key *key);
42extern void user_destroy(struct key *key); 44extern void user_destroy(struct key *key);
diff --git a/include/linux/asn1.h b/include/linux/asn1.h
new file mode 100644
index 000000000000..5c3f4e4b9a23
--- /dev/null
+++ b/include/linux/asn1.h
@@ -0,0 +1,67 @@
1/* ASN.1 BER/DER/CER encoding definitions
2 *
3 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
10 */
11
12#ifndef _LINUX_ASN1_H
13#define _LINUX_ASN1_H
14
15/* Class */
16enum asn1_class {
17 ASN1_UNIV = 0, /* Universal */
18 ASN1_APPL = 1, /* Application */
19 ASN1_CONT = 2, /* Context */
20 ASN1_PRIV = 3 /* Private */
21};
22#define ASN1_CLASS_BITS 0xc0
23
24
25enum asn1_method {
26 ASN1_PRIM = 0, /* Primitive */
27 ASN1_CONS = 1 /* Constructed */
28};
29#define ASN1_CONS_BIT 0x20
30
31/* Tag */
32enum asn1_tag {
33 ASN1_EOC = 0, /* End Of Contents or N/A */
34 ASN1_BOOL = 1, /* Boolean */
35 ASN1_INT = 2, /* Integer */
36 ASN1_BTS = 3, /* Bit String */
37 ASN1_OTS = 4, /* Octet String */
38 ASN1_NULL = 5, /* Null */
39 ASN1_OID = 6, /* Object Identifier */
40 ASN1_ODE = 7, /* Object Description */
41 ASN1_EXT = 8, /* External */
42 ASN1_REAL = 9, /* Real float */
43 ASN1_ENUM = 10, /* Enumerated */
44 ASN1_EPDV = 11, /* Embedded PDV */
45 ASN1_UTF8STR = 12, /* UTF8 String */
46 ASN1_RELOID = 13, /* Relative OID */
47 /* 14 - Reserved */
48 /* 15 - Reserved */
49 ASN1_SEQ = 16, /* Sequence and Sequence of */
50 ASN1_SET = 17, /* Set and Set of */
51 ASN1_NUMSTR = 18, /* Numerical String */
52 ASN1_PRNSTR = 19, /* Printable String */
53 ASN1_TEXSTR = 20, /* T61 String / Teletext String */
54 ASN1_VIDSTR = 21, /* Videotex String */
55 ASN1_IA5STR = 22, /* IA5 String */
56 ASN1_UNITIM = 23, /* Universal Time */
57 ASN1_GENTIM = 24, /* General Time */
58 ASN1_GRASTR = 25, /* Graphic String */
59 ASN1_VISSTR = 26, /* Visible String */
60 ASN1_GENSTR = 27, /* General String */
61 ASN1_UNISTR = 28, /* Universal String */
62 ASN1_CHRSTR = 29, /* Character String */
63 ASN1_BMPSTR = 30, /* BMP String */
64 ASN1_LONG_TAG = 31 /* Long form tag */
65};
66
67#endif /* _LINUX_ASN1_H */
diff --git a/include/linux/asn1_ber_bytecode.h b/include/linux/asn1_ber_bytecode.h
new file mode 100644
index 000000000000..945d44ae529c
--- /dev/null
+++ b/include/linux/asn1_ber_bytecode.h
@@ -0,0 +1,87 @@
1/* ASN.1 BER/DER/CER parsing state machine internal definitions
2 *
3 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
10 */
11
12#ifndef _LINUX_ASN1_BER_BYTECODE_H
13#define _LINUX_ASN1_BER_BYTECODE_H
14
15#ifdef __KERNEL__
16#include <linux/types.h>
17#endif
18#include <linux/asn1.h>
19
20typedef int (*asn1_action_t)(void *context,
21 size_t hdrlen, /* In case of ANY type */
22 unsigned char tag, /* In case of ANY type */
23 const void *value, size_t vlen);
24
25struct asn1_decoder {
26 const unsigned char *machine;
27 size_t machlen;
28 const asn1_action_t *actions;
29};
30
31enum asn1_opcode {
32 /* The tag-matching ops come first and the odd-numbered slots
33 * are for OR_SKIP ops.
34 */
35#define ASN1_OP_MATCH__SKIP 0x01
36#define ASN1_OP_MATCH__ACT 0x02
37#define ASN1_OP_MATCH__JUMP 0x04
38#define ASN1_OP_MATCH__ANY 0x08
39#define ASN1_OP_MATCH__COND 0x10
40
41 ASN1_OP_MATCH = 0x00,
42 ASN1_OP_MATCH_OR_SKIP = 0x01,
43 ASN1_OP_MATCH_ACT = 0x02,
44 ASN1_OP_MATCH_ACT_OR_SKIP = 0x03,
45 ASN1_OP_MATCH_JUMP = 0x04,
46 ASN1_OP_MATCH_JUMP_OR_SKIP = 0x05,
47 ASN1_OP_MATCH_ANY = 0x08,
48 ASN1_OP_MATCH_ANY_ACT = 0x0a,
49 /* Everything before here matches unconditionally */
50
51 ASN1_OP_COND_MATCH_OR_SKIP = 0x11,
52 ASN1_OP_COND_MATCH_ACT_OR_SKIP = 0x13,
53 ASN1_OP_COND_MATCH_JUMP_OR_SKIP = 0x15,
54 ASN1_OP_COND_MATCH_ANY = 0x18,
55 ASN1_OP_COND_MATCH_ANY_ACT = 0x1a,
56
57 /* Everything before here will want a tag from the data */
58#define ASN1_OP__MATCHES_TAG ASN1_OP_COND_MATCH_ANY_ACT
59
60 /* These are here to help fill up space */
61 ASN1_OP_COND_FAIL = 0x1b,
62 ASN1_OP_COMPLETE = 0x1c,
63 ASN1_OP_ACT = 0x1d,
64 ASN1_OP_RETURN = 0x1e,
65
66 /* The following eight have bit 0 -> SET, 1 -> OF, 2 -> ACT */
67 ASN1_OP_END_SEQ = 0x20,
68 ASN1_OP_END_SET = 0x21,
69 ASN1_OP_END_SEQ_OF = 0x22,
70 ASN1_OP_END_SET_OF = 0x23,
71 ASN1_OP_END_SEQ_ACT = 0x24,
72 ASN1_OP_END_SET_ACT = 0x25,
73 ASN1_OP_END_SEQ_OF_ACT = 0x26,
74 ASN1_OP_END_SET_OF_ACT = 0x27,
75#define ASN1_OP_END__SET 0x01
76#define ASN1_OP_END__OF 0x02
77#define ASN1_OP_END__ACT 0x04
78
79 ASN1_OP__NR
80};
81
82#define _tag(CLASS, CP, TAG) ((ASN1_##CLASS << 6) | (ASN1_##CP << 5) | ASN1_##TAG)
83#define _tagn(CLASS, CP, TAG) ((ASN1_##CLASS << 6) | (ASN1_##CP << 5) | TAG)
84#define _jump_target(N) (N)
85#define _action(N) (N)
86
87#endif /* _LINUX_ASN1_BER_BYTECODE_H */
diff --git a/include/linux/asn1_decoder.h b/include/linux/asn1_decoder.h
new file mode 100644
index 000000000000..fa2ff5bc0483
--- /dev/null
+++ b/include/linux/asn1_decoder.h
@@ -0,0 +1,24 @@
1/* ASN.1 decoder
2 *
3 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
10 */
11
12#ifndef _LINUX_ASN1_DECODER_H
13#define _LINUX_ASN1_DECODER_H
14
15#include <linux/asn1.h>
16
17struct asn1_decoder;
18
19extern int asn1_ber_decoder(const struct asn1_decoder *decoder,
20 void *context,
21 const unsigned char *data,
22 size_t datalen);
23
24#endif /* _LINUX_ASN1_DECODER_H */
diff --git a/include/linux/key-type.h b/include/linux/key-type.h
index f0c651cda7b0..518a53afb9ea 100644
--- a/include/linux/key-type.h
+++ b/include/linux/key-type.h
@@ -26,6 +26,27 @@ struct key_construction {
26 struct key *authkey;/* authorisation for key being constructed */ 26 struct key *authkey;/* authorisation for key being constructed */
27}; 27};
28 28
29/*
30 * Pre-parsed payload, used by key add, update and instantiate.
31 *
32 * This struct will be cleared and data and datalen will be set with the data
33 * and length parameters from the caller and quotalen will be set from
34 * def_datalen from the key type. Then if the preparse() op is provided by the
35 * key type, that will be called. Then the struct will be passed to the
36 * instantiate() or the update() op.
37 *
38 * If the preparse() op is given, the free_preparse() op will be called to
39 * clear the contents.
40 */
41struct key_preparsed_payload {
42 char *description; /* Proposed key description (or NULL) */
43 void *type_data[2]; /* Private key-type data */
44 void *payload; /* Proposed payload */
45 const void *data; /* Raw data */
46 size_t datalen; /* Raw datalen */
47 size_t quotalen; /* Quota length for proposed payload */
48};
49
29typedef int (*request_key_actor_t)(struct key_construction *key, 50typedef int (*request_key_actor_t)(struct key_construction *key,
30 const char *op, void *aux); 51 const char *op, void *aux);
31 52
@@ -45,18 +66,28 @@ struct key_type {
45 /* vet a description */ 66 /* vet a description */
46 int (*vet_description)(const char *description); 67 int (*vet_description)(const char *description);
47 68
69 /* Preparse the data blob from userspace that is to be the payload,
70 * generating a proposed description and payload that will be handed to
71 * the instantiate() and update() ops.
72 */
73 int (*preparse)(struct key_preparsed_payload *prep);
74
75 /* Free a preparse data structure.
76 */
77 void (*free_preparse)(struct key_preparsed_payload *prep);
78
48 /* instantiate a key of this type 79 /* instantiate a key of this type
49 * - this method should call key_payload_reserve() to determine if the 80 * - this method should call key_payload_reserve() to determine if the
50 * user's quota will hold the payload 81 * user's quota will hold the payload
51 */ 82 */
52 int (*instantiate)(struct key *key, const void *data, size_t datalen); 83 int (*instantiate)(struct key *key, struct key_preparsed_payload *prep);
53 84
54 /* update a key of this type (optional) 85 /* update a key of this type (optional)
55 * - this method should call key_payload_reserve() to recalculate the 86 * - this method should call key_payload_reserve() to recalculate the
56 * quota consumption 87 * quota consumption
57 * - the key must be locked against read when modifying 88 * - the key must be locked against read when modifying
58 */ 89 */
59 int (*update)(struct key *key, const void *data, size_t datalen); 90 int (*update)(struct key *key, struct key_preparsed_payload *prep);
60 91
61 /* match a key against a description */ 92 /* match a key against a description */
62 int (*match)(const struct key *key, const void *desc); 93 int (*match)(const struct key *key, const void *desc);
diff --git a/include/linux/module.h b/include/linux/module.h
index fbcafe2ee13e..7760c6d344a3 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -21,6 +21,9 @@
21#include <linux/percpu.h> 21#include <linux/percpu.h>
22#include <asm/module.h> 22#include <asm/module.h>
23 23
24/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
25#define MODULE_SIG_STRING "~Module signature appended~\n"
26
24/* Not Yet Implemented */ 27/* Not Yet Implemented */
25#define MODULE_SUPPORTED_DEVICE(name) 28#define MODULE_SUPPORTED_DEVICE(name)
26 29
@@ -260,6 +263,11 @@ struct module
260 const unsigned long *unused_gpl_crcs; 263 const unsigned long *unused_gpl_crcs;
261#endif 264#endif
262 265
266#ifdef CONFIG_MODULE_SIG
267 /* Signature was verified. */
268 bool sig_ok;
269#endif
270
263 /* symbols that will be GPL-only in the near future. */ 271 /* symbols that will be GPL-only in the near future. */
264 const struct kernel_symbol *gpl_future_syms; 272 const struct kernel_symbol *gpl_future_syms;
265 const unsigned long *gpl_future_crcs; 273 const unsigned long *gpl_future_crcs;
diff --git a/include/linux/moduleloader.h b/include/linux/moduleloader.h
index b2be02ebf453..560ca53a75fa 100644
--- a/include/linux/moduleloader.h
+++ b/include/linux/moduleloader.h
@@ -28,21 +28,49 @@ void *module_alloc(unsigned long size);
28/* Free memory returned from module_alloc. */ 28/* Free memory returned from module_alloc. */
29void module_free(struct module *mod, void *module_region); 29void module_free(struct module *mod, void *module_region);
30 30
31/* Apply the given relocation to the (simplified) ELF. Return -error 31/*
32 or 0. */ 32 * Apply the given relocation to the (simplified) ELF. Return -error
33 * or 0.
34 */
35#ifdef CONFIG_MODULES_USE_ELF_REL
33int apply_relocate(Elf_Shdr *sechdrs, 36int apply_relocate(Elf_Shdr *sechdrs,
34 const char *strtab, 37 const char *strtab,
35 unsigned int symindex, 38 unsigned int symindex,
36 unsigned int relsec, 39 unsigned int relsec,
37 struct module *mod); 40 struct module *mod);
41#else
42static inline int apply_relocate(Elf_Shdr *sechdrs,
43 const char *strtab,
44 unsigned int symindex,
45 unsigned int relsec,
46 struct module *me)
47{
48 printk(KERN_ERR "module %s: REL relocation unsupported\n", me->name);
49 return -ENOEXEC;
50}
51#endif
38 52
39/* Apply the given add relocation to the (simplified) ELF. Return 53/*
40 -error or 0 */ 54 * Apply the given add relocation to the (simplified) ELF. Return
55 * -error or 0
56 */
57#ifdef CONFIG_MODULES_USE_ELF_RELA
41int apply_relocate_add(Elf_Shdr *sechdrs, 58int apply_relocate_add(Elf_Shdr *sechdrs,
42 const char *strtab, 59 const char *strtab,
43 unsigned int symindex, 60 unsigned int symindex,
44 unsigned int relsec, 61 unsigned int relsec,
45 struct module *mod); 62 struct module *mod);
63#else
64static inline int apply_relocate_add(Elf_Shdr *sechdrs,
65 const char *strtab,
66 unsigned int symindex,
67 unsigned int relsec,
68 struct module *me)
69{
70 printk(KERN_ERR "module %s: REL relocation unsupported\n", me->name);
71 return -ENOEXEC;
72}
73#endif
46 74
47/* Any final processing of module before access. Return -error or 0. */ 75/* Any final processing of module before access. Return -error or 0. */
48int module_finalize(const Elf_Ehdr *hdr, 76int module_finalize(const Elf_Ehdr *hdr,
diff --git a/include/linux/mpi.h b/include/linux/mpi.h
index d02cca6cc8ce..5af1b81def49 100644
--- a/include/linux/mpi.h
+++ b/include/linux/mpi.h
@@ -76,6 +76,7 @@ void mpi_swap(MPI a, MPI b);
76 76
77/*-- mpicoder.c --*/ 77/*-- mpicoder.c --*/
78MPI do_encode_md(const void *sha_buffer, unsigned nbits); 78MPI do_encode_md(const void *sha_buffer, unsigned nbits);
79MPI mpi_read_raw_data(const void *xbuffer, size_t nbytes);
79MPI mpi_read_from_buffer(const void *buffer, unsigned *ret_nread); 80MPI mpi_read_from_buffer(const void *buffer, unsigned *ret_nread);
80int mpi_fromstr(MPI val, const char *str); 81int mpi_fromstr(MPI val, const char *str);
81u32 mpi_get_keyid(MPI a, u32 *keyid); 82u32 mpi_get_keyid(MPI a, u32 *keyid);
diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
new file mode 100644
index 000000000000..6926db724258
--- /dev/null
+++ b/include/linux/oid_registry.h
@@ -0,0 +1,92 @@
1/* ASN.1 Object identifier (OID) registry
2 *
3 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
10 */
11
12#ifndef _LINUX_OID_REGISTRY_H
13#define _LINUX_OID_REGISTRY_H
14
15#include <linux/types.h>
16
17/*
18 * OIDs are turned into these values if possible, or OID__NR if not held here.
19 *
20 * NOTE! Do not mess with the format of each line as this is read by
21 * build_OID_registry.pl to generate the data for look_up_OID().
22 */
23enum OID {
24 OID_id_dsa_with_sha1, /* 1.2.840.10030.4.3 */
25 OID_id_dsa, /* 1.2.840.10040.4.1 */
26 OID_id_ecdsa_with_sha1, /* 1.2.840.10045.4.1 */
27 OID_id_ecPublicKey, /* 1.2.840.10045.2.1 */
28
29 /* PKCS#1 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)} */
30 OID_rsaEncryption, /* 1.2.840.113549.1.1.1 */
31 OID_md2WithRSAEncryption, /* 1.2.840.113549.1.1.2 */
32 OID_md3WithRSAEncryption, /* 1.2.840.113549.1.1.3 */
33 OID_md4WithRSAEncryption, /* 1.2.840.113549.1.1.4 */
34 OID_sha1WithRSAEncryption, /* 1.2.840.113549.1.1.5 */
35 OID_sha256WithRSAEncryption, /* 1.2.840.113549.1.1.11 */
36 OID_sha384WithRSAEncryption, /* 1.2.840.113549.1.1.12 */
37 OID_sha512WithRSAEncryption, /* 1.2.840.113549.1.1.13 */
38 OID_sha224WithRSAEncryption, /* 1.2.840.113549.1.1.14 */
39 /* PKCS#7 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-7(7)} */
40 OID_data, /* 1.2.840.113549.1.7.1 */
41 OID_signed_data, /* 1.2.840.113549.1.7.2 */
42 /* PKCS#9 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)} */
43 OID_email_address, /* 1.2.840.113549.1.9.1 */
44 OID_content_type, /* 1.2.840.113549.1.9.3 */
45 OID_messageDigest, /* 1.2.840.113549.1.9.4 */
46 OID_signingTime, /* 1.2.840.113549.1.9.5 */
47 OID_smimeCapabilites, /* 1.2.840.113549.1.9.15 */
48 OID_smimeAuthenticatedAttrs, /* 1.2.840.113549.1.9.16.2.11 */
49
50 /* {iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2)} */
51 OID_md2, /* 1.2.840.113549.2.2 */
52 OID_md4, /* 1.2.840.113549.2.4 */
53 OID_md5, /* 1.2.840.113549.2.5 */
54
55 OID_certAuthInfoAccess, /* 1.3.6.1.5.5.7.1.1 */
56 OID_msOutlookExpress, /* 1.3.6.1.4.1.311.16.4 */
57 OID_sha1, /* 1.3.14.3.2.26 */
58
59 /* Distinguished Name attribute IDs [RFC 2256] */
60 OID_commonName, /* 2.5.4.3 */
61 OID_surname, /* 2.5.4.4 */
62 OID_countryName, /* 2.5.4.6 */
63 OID_locality, /* 2.5.4.7 */
64 OID_stateOrProvinceName, /* 2.5.4.8 */
65 OID_organizationName, /* 2.5.4.10 */
66 OID_organizationUnitName, /* 2.5.4.11 */
67 OID_title, /* 2.5.4.12 */
68 OID_description, /* 2.5.4.13 */
69 OID_name, /* 2.5.4.41 */
70 OID_givenName, /* 2.5.4.42 */
71 OID_initials, /* 2.5.4.43 */
72 OID_generationalQualifier, /* 2.5.4.44 */
73
74 /* Certificate extension IDs */
75 OID_subjectKeyIdentifier, /* 2.5.29.14 */
76 OID_keyUsage, /* 2.5.29.15 */
77 OID_subjectAltName, /* 2.5.29.17 */
78 OID_issuerAltName, /* 2.5.29.18 */
79 OID_basicConstraints, /* 2.5.29.19 */
80 OID_crlDistributionPoints, /* 2.5.29.31 */
81 OID_certPolicies, /* 2.5.29.32 */
82 OID_authorityKeyIdentifier, /* 2.5.29.35 */
83 OID_extKeyUsage, /* 2.5.29.37 */
84
85 OID__NR
86};
87
88extern enum OID look_up_OID(const void *data, size_t datasize);
89extern int sprint_oid(const void *, size_t, char *, size_t);
90extern int sprint_OID(enum OID, char *, size_t);
91
92#endif /* _LINUX_OID_REGISTRY_H */