Linux kernel source tree https://git.amat.us/linux/atom/include/crypto?h=v3.7-rc7 2012-10-14T20:39:34Z 2012-10-14T20:39:34Z Linus Torvalds torvalds@linux-foundation.org 2012-10-14T20:39:34Z urn:sha1:d25282d1c9b9bc4cda7f9d3c0205108e99aa7a9d Pull module signing support from Rusty Russell: "module signing is the highlight, but it's an all-over David Howells frenzy..." Hmm "Magrathea: Glacier signing key". Somebody has been reading too much HHGTTG. * 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: (37 commits) X.509: Fix indefinite length element skip error handling X.509: Convert some printk calls to pr_devel asymmetric keys: fix printk format warning MODSIGN: Fix 32-bit overflow in X.509 certificate validity date checking MODSIGN: Make mrproper should remove generated files. MODSIGN: Use utf8 strings in signer's name in autogenerated X.509 certs MODSIGN: Use the same digest for the autogen key sig as for the module sig MODSIGN: Sign modules during the build process MODSIGN: Provide a script for generating a key ID from an X.509 cert MODSIGN: Implement module signature checking MODSIGN: Provide module signing public keys to the kernel MODSIGN: Automatically generate module signing keys if missing MODSIGN: Provide Kconfig options MODSIGN: Provide gitignore and make clean rules for extra files MODSIGN: Add FIPS policy module: signature checking hook X.509: Add a crypto key parser for binary (DER) X.509 certificates MPILIB: Provide a function to read raw data into an MPI X.509: Add an ASN.1 decoder X.509: Add simple ASN.1 grammar compiler ... 2012-10-08T03:20:15Z David Howells dhowells@redhat.com 2012-09-21T22:25:04Z urn:sha1:4ae71c1dce1e3d2270a0755988033e236b8e45d6 Provide signature verification using an asymmetric-type key to indicate the public key to be used. The API is a single function that can be found in crypto/public_key.h: int verify_signature(const struct key *key, const struct public_key_signature *sig) The first argument is the appropriate key to be used and the second argument is the parsed signature data: struct public_key_signature { u8 *digest; u16 digest_size; enum pkey_hash_algo pkey_hash_algo : 8; union { MPI mpi[2]; struct { MPI s; /* m^d mod n */ } rsa; struct { MPI r; MPI s; } dsa; }; }; This should be filled in prior to calling the function. The hash algorithm should already have been called and the hash finalised and the output should be in a buffer pointed to by the 'digest' member. Any extra data to be added to the hash by the hash format (eg. PGP) should have been added by the caller prior to finalising the hash. It is assumed that the signature is made up of a number of MPI values. If an algorithm becomes available for which this is not the case, the above structure will have to change. It is also assumed that it will have been checked that the signature algorithm matches the key algorithm. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2012-10-08T03:20:14Z David Howells dhowells@redhat.com 2012-09-21T22:24:55Z urn:sha1:a9681bf3dd7ccd2b32eba27d327ab76607429f7a Add a subtype for supporting asymmetric public-key encryption algorithms such as DSA (FIPS-186) and RSA (PKCS#1 / RFC1337). Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2012-09-06T20:17:06Z Jussi Kivilinna jussi.kivilinna@mbnet.fi 2012-08-28T13:47:09Z urn:sha1:35434c5fb7919bbc1112d9da2c19b5ea79fb7850 Fix "symbol 'x' was not declared. Should it be static?" sparse warnings. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2012-09-06T20:17:05Z Jussi Kivilinna jussi.kivilinna@mbnet.fi 2012-08-28T13:47:04Z urn:sha1:3cfad0d03ccb0fa7932398caecf97d11ab654a77 Fix "symbol 'x' was not declared. Should it be static?" sparse warnings. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2012-08-01T09:47:30Z Johannes Goetzfried Johannes.Goetzfried@informatik.stud.uni-erlangen.de 2012-07-11T17:38:12Z urn:sha1:2b49b906729644dd4696b9291b7e2f6cd1266dc0 Rename cast6 module to cast6_generic to allow autoloading of optimized implementations. Generic functions and s-boxes are exported to be able to use them within optimized implementations. Signed-off-by: Johannes Goetzfried <Johannes.Goetzfried@informatik.stud.uni-erlangen.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2012-08-01T09:47:29Z Johannes Goetzfried Johannes.Goetzfried@informatik.stud.uni-erlangen.de 2012-07-11T17:37:04Z urn:sha1:270b0c6b406a0ae7673ee880d1d7cc6bd6c904de Rename cast5 module to cast5_generic to allow autoloading of optimized implementations. Generic functions and s-boxes are exported to be able to use them within optimized implementations. Signed-off-by: Johannes Goetzfried <Johannes.Goetzfried@informatik.stud.uni-erlangen.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2012-08-01T09:47:26Z Jussi Kivilinna jussi.kivilinna@mbnet.fi 2012-07-11T11:20:20Z urn:sha1:50fc3e8d2c9d1ee72c67b751e5ac5d76ebc5a12e Add crypto_[un]register_shashes() to allow simplifying init/exit code of shash crypto modules that register multiple algorithms. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2012-03-29T11:52:47Z Steffen Klassert steffen.klassert@secunet.com 2012-03-29T07:03:47Z urn:sha1:1e1229940045a537c61fb69f86010a8774e576d0 We lookup algorithms with crypto_alg_mod_lookup() when instantiating via crypto_add_alg(). However, algorithms that are wrapped by an IV genearator (e.g. aead or genicv type algorithms) need special care. The userspace process hangs until it gets a timeout when we use crypto_alg_mod_lookup() to lookup these algorithms. So export the lookup functions for these algorithms and use them in crypto_add_alg(). Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2012-03-20T13:48:16Z Cong Wang amwang@redhat.com 2011-11-25T15:14:17Z urn:sha1:f0dfc0b0b7f3d961da8a98bcfccc8be9107a848b Signed-off-by: Cong Wang <amwang@redhat.com>