tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
keys: change asymmetric keys to use common hash definitions
This patch makes use of the newly defined common hash algorithm info,
replacing, for example, PKEY_HASH with HASH_ALGO.
Changelog:
- Lindent fixes - Mimi
CC: David Howells <dhowells@redhat.com>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
authored by
Dmitry Kasatkin
and committed by
Mimi Zohar
3fe78ca2
ee08997f
+28
-48
+1
crypto/asymmetric_keys/Kconfig
+1
crypto/asymmetric_keys/Kconfig
···
13
13
tristate "Asymmetric public-key crypto algorithm subtype"
14
14
select MPILIB
15
15
select PUBLIC_KEY_ALGO_RSA
16
+
select CRYPTO_HASH_INFO
16
17
help
17
18
This option provides support for asymmetric public key type handling.
18
19
If signature generation and/or verification are to be used,
-12
crypto/asymmetric_keys/public_key.c
-12
crypto/asymmetric_keys/public_key.c
···
36
36
};
37
37
EXPORT_SYMBOL_GPL(pkey_algo);
38
38
39
-
const char *const pkey_hash_algo_name[PKEY_HASH__LAST] = {
40
-
[PKEY_HASH_MD4] = "md4",
41
-
[PKEY_HASH_MD5] = "md5",
42
-
[PKEY_HASH_SHA1] = "sha1",
43
-
[PKEY_HASH_RIPE_MD_160] = "rmd160",
44
-
[PKEY_HASH_SHA256] = "sha256",
45
-
[PKEY_HASH_SHA384] = "sha384",
46
-
[PKEY_HASH_SHA512] = "sha512",
47
-
[PKEY_HASH_SHA224] = "sha224",
48
-
};
49
-
EXPORT_SYMBOL_GPL(pkey_hash_algo_name);
50
-
51
39
const char *const pkey_id_type_name[PKEY_ID_TYPE__LAST] = {
52
40
[PKEY_ID_PGP] = "PGP",
53
41
[PKEY_ID_X509] = "X509",
+7
-7
crypto/asymmetric_keys/rsa.c
+7
-7
crypto/asymmetric_keys/rsa.c
···
73
73
size_t size;
74
74
} RSA_ASN1_templates[PKEY_HASH__LAST] = {
75
75
#define _(X) { RSA_digest_info_##X, sizeof(RSA_digest_info_##X) }
76
-
[PKEY_HASH_MD5] = _(MD5),
77
-
[PKEY_HASH_SHA1] = _(SHA1),
78
-
[PKEY_HASH_RIPE_MD_160] = _(RIPE_MD_160),
79
-
[PKEY_HASH_SHA256] = _(SHA256),
80
-
[PKEY_HASH_SHA384] = _(SHA384),
81
-
[PKEY_HASH_SHA512] = _(SHA512),
82
-
[PKEY_HASH_SHA224] = _(SHA224),
76
+
[HASH_ALGO_MD5] = _(MD5),
77
+
[HASH_ALGO_SHA1] = _(SHA1),
78
+
[HASH_ALGO_RIPE_MD_160] = _(RIPE_MD_160),
79
+
[HASH_ALGO_SHA256] = _(SHA256),
80
+
[HASH_ALGO_SHA384] = _(SHA384),
81
+
[HASH_ALGO_SHA512] = _(SHA512),
82
+
[HASH_ALGO_SHA224] = _(SHA224),
83
83
#undef _
84
84
};
85
85
+6
-6
crypto/asymmetric_keys/x509_cert_parser.c
+6
-6
crypto/asymmetric_keys/x509_cert_parser.c
···
154
154
return -ENOPKG; /* Unsupported combination */
155
155
156
156
case OID_md4WithRSAEncryption:
157
-
ctx->cert->sig.pkey_hash_algo = PKEY_HASH_MD5;
157
+
ctx->cert->sig.pkey_hash_algo = HASH_ALGO_MD5;
158
158
ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
159
159
break;
160
160
161
161
case OID_sha1WithRSAEncryption:
162
-
ctx->cert->sig.pkey_hash_algo = PKEY_HASH_SHA1;
162
+
ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA1;
163
163
ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
164
164
break;
165
165
166
166
case OID_sha256WithRSAEncryption:
167
-
ctx->cert->sig.pkey_hash_algo = PKEY_HASH_SHA256;
167
+
ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA256;
168
168
ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
169
169
break;
170
170
171
171
case OID_sha384WithRSAEncryption:
172
-
ctx->cert->sig.pkey_hash_algo = PKEY_HASH_SHA384;
172
+
ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA384;
173
173
ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
174
174
break;
175
175
176
176
case OID_sha512WithRSAEncryption:
177
-
ctx->cert->sig.pkey_hash_algo = PKEY_HASH_SHA512;
177
+
ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA512;
178
178
ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
179
179
break;
180
180
181
181
case OID_sha224WithRSAEncryption:
182
-
ctx->cert->sig.pkey_hash_algo = PKEY_HASH_SHA224;
182
+
ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA224;
183
183
ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
184
184
break;
185
185
}
+2
crypto/asymmetric_keys/x509_parser.h
+2
crypto/asymmetric_keys/x509_parser.h
···
21
21
char *authority; /* Authority key fingerprint as hex */
22
22
struct tm valid_from;
23
23
struct tm valid_to;
24
+
enum pkey_algo pkey_algo : 8; /* Public key algorithm */
25
+
enum hash_algo sig_hash_algo : 8; /* Signature hash algorithm */
24
26
const void *tbs; /* Signed data */
25
27
unsigned tbs_size; /* Size of signed data */
26
28
unsigned raw_sig_size; /* Size of sigature */
+4
-5
crypto/asymmetric_keys/x509_public_key.c
+4
-5
crypto/asymmetric_keys/x509_public_key.c
···
96
96
/* Allocate the hashing algorithm we're going to need and find out how
97
97
* big the hash operational data will be.
98
98
*/
99
-
tfm = crypto_alloc_shash(pkey_hash_algo_name[cert->sig.pkey_hash_algo], 0, 0);
99
+
tfm = crypto_alloc_shash(hash_algo_name[cert->sig.pkey_hash_algo], 0, 0);
100
100
if (IS_ERR(tfm))
101
101
return (PTR_ERR(tfm) == -ENOENT) ? -ENOPKG : PTR_ERR(tfm);
102
102
···
199
199
cert->sig.pkey_hash_algo >= PKEY_HASH__LAST ||
200
200
!pkey_algo[cert->pub->pkey_algo] ||
201
201
!pkey_algo[cert->sig.pkey_algo] ||
202
-
!pkey_hash_algo_name[cert->sig.pkey_hash_algo]) {
202
+
!hash_algo_name[cert->sig.pkey_hash_algo]) {
203
203
ret = -ENOPKG;
204
204
goto error_free_cert;
205
205
}
···
213
213
cert->valid_to.tm_year + 1900, cert->valid_to.tm_mon + 1,
214
214
cert->valid_to.tm_mday, cert->valid_to.tm_hour,
215
215
cert->valid_to.tm_min, cert->valid_to.tm_sec);
216
-
pr_devel("Cert Signature: %s + %s\n",
217
-
pkey_algo_name[cert->sig.pkey_algo],
218
-
pkey_hash_algo_name[cert->sig.pkey_hash_algo]);
216
+
pr_devel("Cert Signature: %s\n",
217
+
hash_algo_name[cert->sig.pkey_hash_algo]);
219
218
220
219
if (!cert->fingerprint) {
221
220
pr_warn("Cert for '%s' must have a SubjKeyId extension\n",
+4
-14
include/crypto/public_key.h
+4
-14
include/crypto/public_key.h
···
15
15
#define _LINUX_PUBLIC_KEY_H
16
16
17
17
#include <linux/mpi.h>
18
+
#include <crypto/hash_info.h>
18
19
19
20
enum pkey_algo {
20
21
PKEY_ALGO_DSA,
···
26
25
extern const char *const pkey_algo_name[PKEY_ALGO__LAST];
27
26
extern const struct public_key_algorithm *pkey_algo[PKEY_ALGO__LAST];
28
27
29
-
enum pkey_hash_algo {
30
-
PKEY_HASH_MD4,
31
-
PKEY_HASH_MD5,
32
-
PKEY_HASH_SHA1,
33
-
PKEY_HASH_RIPE_MD_160,
34
-
PKEY_HASH_SHA256,
35
-
PKEY_HASH_SHA384,
36
-
PKEY_HASH_SHA512,
37
-
PKEY_HASH_SHA224,
38
-
PKEY_HASH__LAST
39
-
};
40
-
41
-
extern const char *const pkey_hash_algo_name[PKEY_HASH__LAST];
28
+
/* asymmetric key implementation supports only up to SHA224 */
29
+
#define PKEY_HASH__LAST (HASH_ALGO_SHA224 + 1)
42
30
43
31
enum pkey_id_type {
44
32
PKEY_ID_PGP, /* OpenPGP generated key ID */
···
81
91
u8 digest_size; /* Number of bytes in digest */
82
92
u8 nr_mpi; /* Occupancy of mpi[] */
83
93
enum pkey_algo pkey_algo : 8;
84
-
enum pkey_hash_algo pkey_hash_algo : 8;
94
+
enum hash_algo pkey_hash_algo : 8;
85
95
union {
86
96
MPI mpi[2];
87
97
struct {
+4
-4
kernel/module_signing.c
+4
-4
kernel/module_signing.c
···
29
29
*/
30
30
struct module_signature {
31
31
u8 algo; /* Public-key crypto algorithm [enum pkey_algo] */
32
-
u8 hash; /* Digest algorithm [enum pkey_hash_algo] */
32
+
u8 hash; /* Digest algorithm [enum hash_algo] */
33
33
u8 id_type; /* Key identifier type [enum pkey_id_type] */
34
34
u8 signer_len; /* Length of signer's name */
35
35
u8 key_id_len; /* Length of key identifier */
···
40
40
/*
41
41
* Digest the module contents.
42
42
*/
43
-
static struct public_key_signature *mod_make_digest(enum pkey_hash_algo hash,
43
+
static struct public_key_signature *mod_make_digest(enum hash_algo hash,
44
44
const void *mod,
45
45
unsigned long modlen)
46
46
{
···
55
55
/* Allocate the hashing algorithm we're going to need and find out how
56
56
* big the hash operational data will be.
57
57
*/
58
-
tfm = crypto_alloc_shash(pkey_hash_algo_name[hash], 0, 0);
58
+
tfm = crypto_alloc_shash(hash_algo_name[hash], 0, 0);
59
59
if (IS_ERR(tfm))
60
60
return (PTR_ERR(tfm) == -ENOENT) ? ERR_PTR(-ENOPKG) : ERR_CAST(tfm);
61
61
···
218
218
return -ENOPKG;
219
219
220
220
if (ms.hash >= PKEY_HASH__LAST ||
221
-
!pkey_hash_algo_name[ms.hash])
221
+
!hash_algo_name[ms.hash])
222
222
return -ENOPKG;
223
223
224
224
key = request_asymmetric_key(sig, ms.signer_len,