Merge branch 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux

Pull module signing support from Rusty Russell: "module signing is the highlight, but it's an all-over David Howells frenzy..." Hmm "Magrathea: Glacier signing key". Somebody has been reading too much HHGTTG. * 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: (37 commits) X.509: Fix indefinite length element skip error handling X.509: Convert some printk calls to pr_devel asymmetric keys: fix printk format warning MODSIGN: Fix 32-bit overflow in X.509 certificate validity date checking MODSIGN: Make mrproper should remove generated files. MODSIGN: Use utf8 strings in signer's name in autogenerated X.509 certs MODSIGN: Use the same digest for the autogen key sig as for the module sig MODSIGN: Sign modules during the build process MODSIGN: Provide a script for generating a key ID from an X.509 cert MODSIGN: Implement module signature checking MODSIGN: Provide module signing public keys to the kernel MODSIGN: Automatically generate module signing keys if missing MODSIGN: Provide Kconfig options MODSIGN: Provide gitignore and make clean rules for extra files MODSIGN: Add FIPS policy module: signature checking hook X.509: Add a crypto key parser for binary (DER) X.509 certificates MPILIB: Provide a function to read raw data into an MPI X.509: Add an ASN.1 decoder X.509: Add simple ASN.1 grammar compiler ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2012-10-14 13:39:34 -0700
committer: Linus Torvalds <torvalds@linux-foundation.org> 2012-10-14 13:39:34 -0700
commit: d25282d1c9b9bc4cda7f9d3c0205108e99aa7a9d (patch)
tree: f414482d768b015a609924293b779b4ad0b8f764 /include/crypto
parent: x86, boot: Explicitly include autoconf.h for hostprogs (diff)
parent: X.509: Fix indefinite length element skip error handling (diff)
download: linux-dev-d25282d1c9b9bc4cda7f9d3c0205108e99aa7a9d.tar.xz
linux-dev-d25282d1c9b9bc4cda7f9d3c0205108e99aa7a9d.zip
1 files changed, 108 insertions, 0 deletions
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
new file mode 100644
index 000000000000..f5b0224c9967
--- /dev/null
+++ b/include/crypto/public_key.h
@@ -0,0 +1,108 @@
+/* Asymmetric public-key algorithm definitions
+ *
+ * See Documentation/crypto/asymmetric-keys.txt
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+
+#ifndef _LINUX_PUBLIC_KEY_H
+#define _LINUX_PUBLIC_KEY_H
+
+#include <linux/mpi.h>
+
+enum pkey_algo {
+	PKEY_ALGO_DSA,
+	PKEY_ALGO_RSA,
+	PKEY_ALGO__LAST
+};
+
+extern const char *const pkey_algo[PKEY_ALGO__LAST];
+
+enum pkey_hash_algo {
+	PKEY_HASH_MD4,
+	PKEY_HASH_MD5,
+	PKEY_HASH_SHA1,
+	PKEY_HASH_RIPE_MD_160,
+	PKEY_HASH_SHA256,
+	PKEY_HASH_SHA384,
+	PKEY_HASH_SHA512,
+	PKEY_HASH_SHA224,
+	PKEY_HASH__LAST
+};
+
+extern const char *const pkey_hash_algo[PKEY_HASH__LAST];
+
+enum pkey_id_type {
+	PKEY_ID_PGP,		/* OpenPGP generated key ID */
+	PKEY_ID_X509,		/* X.509 arbitrary subjectKeyIdentifier */
+	PKEY_ID_TYPE__LAST
+};
+
+extern const char *const pkey_id_type[PKEY_ID_TYPE__LAST];
+
+/*
+ * Cryptographic data for the public-key subtype of the asymmetric key type.
+ *
+ * Note that this may include private part of the key as well as the public
+ * part.
+ */
+struct public_key {
+	const struct public_key_algorithm *algo;
+	u8	capabilities;
+#define PKEY_CAN_ENCRYPT	0x01
+#define PKEY_CAN_DECRYPT	0x02
+#define PKEY_CAN_SIGN		0x04
+#define PKEY_CAN_VERIFY		0x08
+	enum pkey_id_type id_type : 8;
+	union {
+		MPI	mpi[5];
+		struct {
+			MPI	p;	/* DSA prime */
+			MPI	q;	/* DSA group order */
+			MPI	g;	/* DSA group generator */
+			MPI	y;	/* DSA public-key value = g^x mod p */
+			MPI	x;	/* DSA secret exponent (if present) */
+		} dsa;
+		struct {
+			MPI	n;	/* RSA public modulus */
+			MPI	e;	/* RSA public encryption exponent */
+			MPI	d;	/* RSA secret encryption exponent (if present) */
+			MPI	p;	/* RSA secret prime (if present) */
+			MPI	q;	/* RSA secret prime (if present) */
+		} rsa;
+	};
+};
+
+extern void public_key_destroy(void *payload);
+
+/*
+ * Public key cryptography signature data
+ */
+struct public_key_signature {
+	u8 *digest;
+	u8 digest_size;			/* Number of bytes in digest */
+	u8 nr_mpi;			/* Occupancy of mpi[] */
+	enum pkey_hash_algo pkey_hash_algo : 8;
+	union {
+		MPI mpi[2];
+		struct {
+			MPI s;		/* m^d mod n */
+		} rsa;
+		struct {
+			MPI r;
+			MPI s;
+		} dsa;
+	};
+};
+
+struct key;
+extern int verify_signature(const struct key *key,
+			    const struct public_key_signature *sig);
+
+#endif /* _LINUX_PUBLIC_KEY_H */
author	Linus Torvalds <torvalds@linux-foundation.org>	2012-10-14 13:39:34 -0700
committer	Linus Torvalds <torvalds@linux-foundation.org>	2012-10-14 13:39:34 -0700
commit	d25282d1c9b9bc4cda7f9d3c0205108e99aa7a9d (patch)
tree	f414482d768b015a609924293b779b4ad0b8f764 /include/crypto
parent	x86, boot: Explicitly include autoconf.h for hostprogs (diff)
parent	X.509: Fix indefinite length element skip error handling (diff)
download	linux-dev-d25282d1c9b9bc4cda7f9d3c0205108e99aa7a9d.tar.xz linux-dev-d25282d1c9b9bc4cda7f9d3c0205108e99aa7a9d.zip