Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security layer updates from James Morris: "There are a bunch of fixes to the TPM, IMA, and Keys code, with minor fixes scattered across the subsystem. IMA now requires signed policy, and that policy is also now measured and appraised" * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (67 commits) X.509: Make algo identifiers text instead of enum akcipher: Move the RSA DER encoding check to the crypto layer crypto: Add hash param to pkcs1pad sign-file: fix build with CMS support disabled MAINTAINERS: update tpmdd urls MODSIGN: linux/string.h should be #included to get memcpy() certs: Fix misaligned data in extra certificate list X.509: Handle midnight alternative notation in GeneralizedTime X.509: Support leap seconds Handle ISO 8601 leap seconds and encodings of midnight in mktime64() X.509: Fix leap year handling again PKCS#7: fix unitialized boolean 'want' firmware: change kernel read fail to dev_dbg() KEYS: Use the symbol value for list size, updated by scripts/insert-sys-cert KEYS: Reserve an extra certificate symbol for inserting without recompiling modsign: hide openssl output in silent builds tpm_tis: fix build warning with tpm_tis_resume ima: require signed IMA policy ima: measure and appraise the IMA policy itself ima: load policy using path ...
This commit is contained in:
Linus Torvalds
@@ -14,30 +14,6 @@
|
||||
#ifndef _LINUX_PUBLIC_KEY_H
|
||||
#define _LINUX_PUBLIC_KEY_H
|
||||
|
||||
#include <linux/mpi.h>
|
||||
#include <crypto/hash_info.h>
|
||||
|
||||
enum pkey_algo {
|
||||
PKEY_ALGO_DSA,
|
||||
PKEY_ALGO_RSA,
|
||||
PKEY_ALGO__LAST
|
||||
};
|
||||
|
||||
extern const char *const pkey_algo_name[PKEY_ALGO__LAST];
|
||||
extern const struct public_key_algorithm *pkey_algo[PKEY_ALGO__LAST];
|
||||
|
||||
/* asymmetric key implementation supports only up to SHA224 */
|
||||
#define PKEY_HASH__LAST (HASH_ALGO_SHA224 + 1)
|
||||
|
||||
enum pkey_id_type {
|
||||
PKEY_ID_PGP, /* OpenPGP generated key ID */
|
||||
PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */
|
||||
PKEY_ID_PKCS7, /* Signature in PKCS#7 message */
|
||||
PKEY_ID_TYPE__LAST
|
||||
};
|
||||
|
||||
extern const char *const pkey_id_type_name[PKEY_ID_TYPE__LAST];
|
||||
|
||||
/*
|
||||
* The use to which an asymmetric key is being put.
|
||||
*/
|
||||
@@ -59,31 +35,10 @@ extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR];
|
||||
* part.
|
||||
*/
|
||||
struct public_key {
|
||||
const struct public_key_algorithm *algo;
|
||||
u8 capabilities;
|
||||
#define PKEY_CAN_ENCRYPT 0x01
|
||||
#define PKEY_CAN_DECRYPT 0x02
|
||||
#define PKEY_CAN_SIGN 0x04
|
||||
#define PKEY_CAN_VERIFY 0x08
|
||||
enum pkey_algo pkey_algo : 8;
|
||||
enum pkey_id_type id_type : 8;
|
||||
union {
|
||||
MPI mpi[5];
|
||||
struct {
|
||||
MPI p; /* DSA prime */
|
||||
MPI q; /* DSA group order */
|
||||
MPI g; /* DSA group generator */
|
||||
MPI y; /* DSA public-key value = g^x mod p */
|
||||
MPI x; /* DSA secret exponent (if present) */
|
||||
} dsa;
|
||||
struct {
|
||||
MPI n; /* RSA public modulus */
|
||||
MPI e; /* RSA public encryption exponent */
|
||||
MPI d; /* RSA secret encryption exponent (if present) */
|
||||
MPI p; /* RSA secret prime (if present) */
|
||||
MPI q; /* RSA secret prime (if present) */
|
||||
} rsa;
|
||||
};
|
||||
void *key;
|
||||
u32 keylen;
|
||||
const char *id_type;
|
||||
const char *pkey_algo;
|
||||
};
|
||||
|
||||
extern void public_key_destroy(void *payload);
|
||||
@@ -92,23 +47,15 @@ extern void public_key_destroy(void *payload);
|
||||
* Public key cryptography signature data
|
||||
*/
|
||||
struct public_key_signature {
|
||||
u8 *s; /* Signature */
|
||||
u32 s_size; /* Number of bytes in signature */
|
||||
u8 *digest;
|
||||
u8 digest_size; /* Number of bytes in digest */
|
||||
u8 nr_mpi; /* Occupancy of mpi[] */
|
||||
enum pkey_algo pkey_algo : 8;
|
||||
enum hash_algo pkey_hash_algo : 8;
|
||||
union {
|
||||
MPI mpi[2];
|
||||
struct {
|
||||
MPI s; /* m^d mod n */
|
||||
} rsa;
|
||||
struct {
|
||||
MPI r;
|
||||
MPI s;
|
||||
} dsa;
|
||||
};
|
||||
u8 digest_size; /* Number of bytes in digest */
|
||||
const char *pkey_algo;
|
||||
const char *hash_algo;
|
||||
};
|
||||
|
||||
extern struct asymmetric_key_subtype public_key_subtype;
|
||||
struct key;
|
||||
extern int verify_signature(const struct key *key,
|
||||
const struct public_key_signature *sig);
|
||||
@@ -119,4 +66,7 @@ extern struct key *x509_request_asymmetric_key(struct key *keyring,
|
||||
const struct asymmetric_key_id *skid,
|
||||
bool partial);
|
||||
|
||||
int public_key_verify_signature(const struct public_key *pkey,
|
||||
const struct public_key_signature *sig);
|
||||
|
||||
#endif /* _LINUX_PUBLIC_KEY_H */
|
||||
|
||||
Reference in New Issue
Block a user