keys: change asymmetric keys to use common hash definitions
This patch makes use of the newly defined common hash algorithm info, replacing, for example, PKEY_HASH with HASH_ALGO. Changelog: - Lindent fixes - Mimi CC: David Howells <dhowells@redhat.com> Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
parent
ee08997fee
commit
3fe78ca2fb
8 changed files with 28 additions and 48 deletions
|
@ -13,6 +13,7 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
|
|||
tristate "Asymmetric public-key crypto algorithm subtype"
|
||||
select MPILIB
|
||||
select PUBLIC_KEY_ALGO_RSA
|
||||
select CRYPTO_HASH_INFO
|
||||
help
|
||||
This option provides support for asymmetric public key type handling.
|
||||
If signature generation and/or verification are to be used,
|
||||
|
|
|
@ -36,18 +36,6 @@ const struct public_key_algorithm *pkey_algo[PKEY_ALGO__LAST] = {
|
|||
};
|
||||
EXPORT_SYMBOL_GPL(pkey_algo);
|
||||
|
||||
const char *const pkey_hash_algo_name[PKEY_HASH__LAST] = {
|
||||
[PKEY_HASH_MD4] = "md4",
|
||||
[PKEY_HASH_MD5] = "md5",
|
||||
[PKEY_HASH_SHA1] = "sha1",
|
||||
[PKEY_HASH_RIPE_MD_160] = "rmd160",
|
||||
[PKEY_HASH_SHA256] = "sha256",
|
||||
[PKEY_HASH_SHA384] = "sha384",
|
||||
[PKEY_HASH_SHA512] = "sha512",
|
||||
[PKEY_HASH_SHA224] = "sha224",
|
||||
};
|
||||
EXPORT_SYMBOL_GPL(pkey_hash_algo_name);
|
||||
|
||||
const char *const pkey_id_type_name[PKEY_ID_TYPE__LAST] = {
|
||||
[PKEY_ID_PGP] = "PGP",
|
||||
[PKEY_ID_X509] = "X509",
|
||||
|
|
|
@ -73,13 +73,13 @@ static const struct {
|
|||
size_t size;
|
||||
} RSA_ASN1_templates[PKEY_HASH__LAST] = {
|
||||
#define _(X) { RSA_digest_info_##X, sizeof(RSA_digest_info_##X) }
|
||||
[PKEY_HASH_MD5] = _(MD5),
|
||||
[PKEY_HASH_SHA1] = _(SHA1),
|
||||
[PKEY_HASH_RIPE_MD_160] = _(RIPE_MD_160),
|
||||
[PKEY_HASH_SHA256] = _(SHA256),
|
||||
[PKEY_HASH_SHA384] = _(SHA384),
|
||||
[PKEY_HASH_SHA512] = _(SHA512),
|
||||
[PKEY_HASH_SHA224] = _(SHA224),
|
||||
[HASH_ALGO_MD5] = _(MD5),
|
||||
[HASH_ALGO_SHA1] = _(SHA1),
|
||||
[HASH_ALGO_RIPE_MD_160] = _(RIPE_MD_160),
|
||||
[HASH_ALGO_SHA256] = _(SHA256),
|
||||
[HASH_ALGO_SHA384] = _(SHA384),
|
||||
[HASH_ALGO_SHA512] = _(SHA512),
|
||||
[HASH_ALGO_SHA224] = _(SHA224),
|
||||
#undef _
|
||||
};
|
||||
|
||||
|
|
|
@ -154,32 +154,32 @@ int x509_note_pkey_algo(void *context, size_t hdrlen,
|
|||
return -ENOPKG; /* Unsupported combination */
|
||||
|
||||
case OID_md4WithRSAEncryption:
|
||||
ctx->cert->sig.pkey_hash_algo = PKEY_HASH_MD5;
|
||||
ctx->cert->sig.pkey_hash_algo = HASH_ALGO_MD5;
|
||||
ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
|
||||
break;
|
||||
|
||||
case OID_sha1WithRSAEncryption:
|
||||
ctx->cert->sig.pkey_hash_algo = PKEY_HASH_SHA1;
|
||||
ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA1;
|
||||
ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
|
||||
break;
|
||||
|
||||
case OID_sha256WithRSAEncryption:
|
||||
ctx->cert->sig.pkey_hash_algo = PKEY_HASH_SHA256;
|
||||
ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA256;
|
||||
ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
|
||||
break;
|
||||
|
||||
case OID_sha384WithRSAEncryption:
|
||||
ctx->cert->sig.pkey_hash_algo = PKEY_HASH_SHA384;
|
||||
ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA384;
|
||||
ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
|
||||
break;
|
||||
|
||||
case OID_sha512WithRSAEncryption:
|
||||
ctx->cert->sig.pkey_hash_algo = PKEY_HASH_SHA512;
|
||||
ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA512;
|
||||
ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
|
||||
break;
|
||||
|
||||
case OID_sha224WithRSAEncryption:
|
||||
ctx->cert->sig.pkey_hash_algo = PKEY_HASH_SHA224;
|
||||
ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA224;
|
||||
ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
|
||||
break;
|
||||
}
|
||||
|
|
|
@ -21,6 +21,8 @@ struct x509_certificate {
|
|||
char *authority; /* Authority key fingerprint as hex */
|
||||
struct tm valid_from;
|
||||
struct tm valid_to;
|
||||
enum pkey_algo pkey_algo : 8; /* Public key algorithm */
|
||||
enum hash_algo sig_hash_algo : 8; /* Signature hash algorithm */
|
||||
const void *tbs; /* Signed data */
|
||||
unsigned tbs_size; /* Size of signed data */
|
||||
unsigned raw_sig_size; /* Size of sigature */
|
||||
|
|
|
@ -96,7 +96,7 @@ int x509_get_sig_params(struct x509_certificate *cert)
|
|||
/* Allocate the hashing algorithm we're going to need and find out how
|
||||
* big the hash operational data will be.
|
||||
*/
|
||||
tfm = crypto_alloc_shash(pkey_hash_algo_name[cert->sig.pkey_hash_algo], 0, 0);
|
||||
tfm = crypto_alloc_shash(hash_algo_name[cert->sig.pkey_hash_algo], 0, 0);
|
||||
if (IS_ERR(tfm))
|
||||
return (PTR_ERR(tfm) == -ENOENT) ? -ENOPKG : PTR_ERR(tfm);
|
||||
|
||||
|
@ -199,7 +199,7 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
|
|||
cert->sig.pkey_hash_algo >= PKEY_HASH__LAST ||
|
||||
!pkey_algo[cert->pub->pkey_algo] ||
|
||||
!pkey_algo[cert->sig.pkey_algo] ||
|
||||
!pkey_hash_algo_name[cert->sig.pkey_hash_algo]) {
|
||||
!hash_algo_name[cert->sig.pkey_hash_algo]) {
|
||||
ret = -ENOPKG;
|
||||
goto error_free_cert;
|
||||
}
|
||||
|
@ -213,9 +213,8 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
|
|||
cert->valid_to.tm_year + 1900, cert->valid_to.tm_mon + 1,
|
||||
cert->valid_to.tm_mday, cert->valid_to.tm_hour,
|
||||
cert->valid_to.tm_min, cert->valid_to.tm_sec);
|
||||
pr_devel("Cert Signature: %s + %s\n",
|
||||
pkey_algo_name[cert->sig.pkey_algo],
|
||||
pkey_hash_algo_name[cert->sig.pkey_hash_algo]);
|
||||
pr_devel("Cert Signature: %s\n",
|
||||
hash_algo_name[cert->sig.pkey_hash_algo]);
|
||||
|
||||
if (!cert->fingerprint) {
|
||||
pr_warn("Cert for '%s' must have a SubjKeyId extension\n",
|
||||
|
|
|
@ -15,6 +15,7 @@
|
|||
#define _LINUX_PUBLIC_KEY_H
|
||||
|
||||
#include <linux/mpi.h>
|
||||
#include <crypto/hash_info.h>
|
||||
|
||||
enum pkey_algo {
|
||||
PKEY_ALGO_DSA,
|
||||
|
@ -25,19 +26,8 @@ enum pkey_algo {
|
|||
extern const char *const pkey_algo_name[PKEY_ALGO__LAST];
|
||||
extern const struct public_key_algorithm *pkey_algo[PKEY_ALGO__LAST];
|
||||
|
||||
enum pkey_hash_algo {
|
||||
PKEY_HASH_MD4,
|
||||
PKEY_HASH_MD5,
|
||||
PKEY_HASH_SHA1,
|
||||
PKEY_HASH_RIPE_MD_160,
|
||||
PKEY_HASH_SHA256,
|
||||
PKEY_HASH_SHA384,
|
||||
PKEY_HASH_SHA512,
|
||||
PKEY_HASH_SHA224,
|
||||
PKEY_HASH__LAST
|
||||
};
|
||||
|
||||
extern const char *const pkey_hash_algo_name[PKEY_HASH__LAST];
|
||||
/* asymmetric key implementation supports only up to SHA224 */
|
||||
#define PKEY_HASH__LAST (HASH_ALGO_SHA224 + 1)
|
||||
|
||||
enum pkey_id_type {
|
||||
PKEY_ID_PGP, /* OpenPGP generated key ID */
|
||||
|
@ -91,7 +81,7 @@ struct public_key_signature {
|
|||
u8 digest_size; /* Number of bytes in digest */
|
||||
u8 nr_mpi; /* Occupancy of mpi[] */
|
||||
enum pkey_algo pkey_algo : 8;
|
||||
enum pkey_hash_algo pkey_hash_algo : 8;
|
||||
enum hash_algo pkey_hash_algo : 8;
|
||||
union {
|
||||
MPI mpi[2];
|
||||
struct {
|
||||
|
|
|
@ -29,7 +29,7 @@
|
|||
*/
|
||||
struct module_signature {
|
||||
u8 algo; /* Public-key crypto algorithm [enum pkey_algo] */
|
||||
u8 hash; /* Digest algorithm [enum pkey_hash_algo] */
|
||||
u8 hash; /* Digest algorithm [enum hash_algo] */
|
||||
u8 id_type; /* Key identifier type [enum pkey_id_type] */
|
||||
u8 signer_len; /* Length of signer's name */
|
||||
u8 key_id_len; /* Length of key identifier */
|
||||
|
@ -40,7 +40,7 @@ struct module_signature {
|
|||
/*
|
||||
* Digest the module contents.
|
||||
*/
|
||||
static struct public_key_signature *mod_make_digest(enum pkey_hash_algo hash,
|
||||
static struct public_key_signature *mod_make_digest(enum hash_algo hash,
|
||||
const void *mod,
|
||||
unsigned long modlen)
|
||||
{
|
||||
|
@ -55,7 +55,7 @@ static struct public_key_signature *mod_make_digest(enum pkey_hash_algo hash,
|
|||
/* Allocate the hashing algorithm we're going to need and find out how
|
||||
* big the hash operational data will be.
|
||||
*/
|
||||
tfm = crypto_alloc_shash(pkey_hash_algo_name[hash], 0, 0);
|
||||
tfm = crypto_alloc_shash(hash_algo_name[hash], 0, 0);
|
||||
if (IS_ERR(tfm))
|
||||
return (PTR_ERR(tfm) == -ENOENT) ? ERR_PTR(-ENOPKG) : ERR_CAST(tfm);
|
||||
|
||||
|
@ -218,7 +218,7 @@ int mod_verify_sig(const void *mod, unsigned long *_modlen)
|
|||
return -ENOPKG;
|
||||
|
||||
if (ms.hash >= PKEY_HASH__LAST ||
|
||||
!pkey_hash_algo_name[ms.hash])
|
||||
!hash_algo_name[ms.hash])
|
||||
return -ENOPKG;
|
||||
|
||||
key = request_asymmetric_key(sig, ms.signer_len,
|
||||
|
|
Loading…
Reference in a new issue