diff options
author | David Howells <dhowells@redhat.com> | 2012-09-21 23:24:55 +0100 |
---|---|---|
committer | Rusty Russell <rusty@rustcorp.com.au> | 2012-10-08 13:50:14 +1030 |
commit | a9681bf3dd7ccd2b32eba27d327ab76607429f7a (patch) | |
tree | 667676a21ec5f72e15d37c9db7fb3a77c10bc0cd /crypto/asymmetric_keys | |
parent | 46c6f1776e2f53eebb1fc361946877bab7533227 (diff) | |
download | talos-obmc-linux-a9681bf3dd7ccd2b32eba27d327ab76607429f7a.tar.gz talos-obmc-linux-a9681bf3dd7ccd2b32eba27d327ab76607429f7a.zip |
KEYS: Asymmetric public-key algorithm crypto key subtype
Add a subtype for supporting asymmetric public-key encryption algorithms such
as DSA (FIPS-186) and RSA (PKCS#1 / RFC1337).
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Diffstat (limited to 'crypto/asymmetric_keys')
-rw-r--r-- | crypto/asymmetric_keys/Kconfig | 8 | ||||
-rw-r--r-- | crypto/asymmetric_keys/Makefile | 2 | ||||
-rw-r--r-- | crypto/asymmetric_keys/public_key.c | 108 | ||||
-rw-r--r-- | crypto/asymmetric_keys/public_key.h | 28 |
4 files changed, 146 insertions, 0 deletions
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig index cad29b3efa0e..bbfccaa35293 100644 --- a/crypto/asymmetric_keys/Kconfig +++ b/crypto/asymmetric_keys/Kconfig @@ -9,5 +9,13 @@ menuconfig ASYMMETRIC_KEY_TYPE if ASYMMETRIC_KEY_TYPE +config ASYMMETRIC_PUBLIC_KEY_SUBTYPE + tristate "Asymmetric public-key crypto algorithm subtype" + select MPILIB + help + This option provides support for asymmetric public key type handling. + If signature generation and/or verification are to be used, + appropriate hash algorithms (such as SHA-1) must be available. + ENOPKG will be reported if the requisite algorithm is unavailable. endif # ASYMMETRIC_KEY_TYPE diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile index b725bcce4cfd..5ed46eecb299 100644 --- a/crypto/asymmetric_keys/Makefile +++ b/crypto/asymmetric_keys/Makefile @@ -5,3 +5,5 @@ obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o asymmetric_keys-y := asymmetric_type.o + +obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c new file mode 100644 index 000000000000..cb2e29180a87 --- /dev/null +++ b/crypto/asymmetric_keys/public_key.c @@ -0,0 +1,108 @@ +/* In-software asymmetric public-key crypto subtype + * + * See Documentation/crypto/asymmetric-keys.txt + * + * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. + * Written by David Howells (dhowells@redhat.com) + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public Licence + * as published by the Free Software Foundation; either version + * 2 of the Licence, or (at your option) any later version. + */ + +#define pr_fmt(fmt) "PKEY: "fmt +#include <linux/module.h> +#include <linux/export.h> +#include <linux/kernel.h> +#include <linux/slab.h> +#include <linux/seq_file.h> +#include <keys/asymmetric-subtype.h> +#include "public_key.h" + +MODULE_LICENSE("GPL"); + +const char *const pkey_algo[PKEY_ALGO__LAST] = { + [PKEY_ALGO_DSA] = "DSA", + [PKEY_ALGO_RSA] = "RSA", +}; +EXPORT_SYMBOL_GPL(pkey_algo); + +const char *const pkey_hash_algo[PKEY_HASH__LAST] = { + [PKEY_HASH_MD4] = "md4", + [PKEY_HASH_MD5] = "md5", + [PKEY_HASH_SHA1] = "sha1", + [PKEY_HASH_RIPE_MD_160] = "rmd160", + [PKEY_HASH_SHA256] = "sha256", + [PKEY_HASH_SHA384] = "sha384", + [PKEY_HASH_SHA512] = "sha512", + [PKEY_HASH_SHA224] = "sha224", +}; +EXPORT_SYMBOL_GPL(pkey_hash_algo); + +const char *const pkey_id_type[PKEY_ID_TYPE__LAST] = { + [PKEY_ID_PGP] = "PGP", + [PKEY_ID_X509] = "X509", +}; +EXPORT_SYMBOL_GPL(pkey_id_type); + +/* + * Provide a part of a description of the key for /proc/keys. + */ +static void public_key_describe(const struct key *asymmetric_key, + struct seq_file *m) +{ + struct public_key *key = asymmetric_key->payload.data; + + if (key) + seq_printf(m, "%s.%s", + pkey_id_type[key->id_type], key->algo->name); +} + +/* + * Destroy a public key algorithm key. + */ +void public_key_destroy(void *payload) +{ + struct public_key *key = payload; + int i; + + if (key) { + for (i = 0; i < ARRAY_SIZE(key->mpi); i++) + mpi_free(key->mpi[i]); + kfree(key); + } +} +EXPORT_SYMBOL_GPL(public_key_destroy); + +/* + * Verify a signature using a public key. + */ +static int public_key_verify_signature(const struct key *key, + const struct public_key_signature *sig) +{ + const struct public_key *pk = key->payload.data; + + if (!pk->algo->verify_signature) + return -ENOTSUPP; + + if (sig->nr_mpi != pk->algo->n_sig_mpi) { + pr_debug("Signature has %u MPI not %u\n", + sig->nr_mpi, pk->algo->n_sig_mpi); + return -EINVAL; + } + + return pk->algo->verify_signature(pk, sig); +} + +/* + * Public key algorithm asymmetric key subtype + */ +struct asymmetric_key_subtype public_key_subtype = { + .owner = THIS_MODULE, + .name = "public_key", + .describe = public_key_describe, + .destroy = public_key_destroy, + .verify_signature = public_key_verify_signature, +}; +EXPORT_SYMBOL_GPL(public_key_subtype); diff --git a/crypto/asymmetric_keys/public_key.h b/crypto/asymmetric_keys/public_key.h new file mode 100644 index 000000000000..1f86aad31003 --- /dev/null +++ b/crypto/asymmetric_keys/public_key.h @@ -0,0 +1,28 @@ +/* Public key algorithm internals + * + * See Documentation/crypto/asymmetric-keys.txt + * + * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. + * Written by David Howells (dhowells@redhat.com) + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public Licence + * as published by the Free Software Foundation; either version + * 2 of the Licence, or (at your option) any later version. + */ + +#include <crypto/public_key.h> + +extern struct asymmetric_key_subtype public_key_subtype; + +/* + * Public key algorithm definition. + */ +struct public_key_algorithm { + const char *name; + u8 n_pub_mpi; /* Number of MPIs in public key */ + u8 n_sec_mpi; /* Number of MPIs in secret key */ + u8 n_sig_mpi; /* Number of MPIs in a signature */ + int (*verify_signature)(const struct public_key *key, + const struct public_key_signature *sig); +}; |