Add some useful PGP definitions from RFC 4880. These describe details of
public key crypto as used by crypto keys for things like signature
verification.
Also add a simple parser that extracts the packets from a PGP blob and passes
the desirous ones to the given processor function:
struc
Do preliminary verification of the ELF structure of a module. This is used to
make sure that the ELF structure can then be used to check the module signature
and access the module data without breaking the module loader.
If the module's ELF metadata is determined to be bad, then ELIBBAD will be
r
Add a key subtype for handling DSA crypto keys. For the moment it only
provides a signature verification facility.
Signed-off-by: David Howells
---
security/Kconfig | 10 +
security/keys/Makefile |2
security/keys/crypto_dsa.h | 36
security/
Add a missing ENOMEM check.
Signed-off-by: David Howells
---
lib/mpi/mpicoder.c |2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/lib/mpi/mpicoder.c b/lib/mpi/mpicoder.c
index fe84bb9..6e225a8 100644
--- a/lib/mpi/mpicoder.c
+++ b/lib/mpi/mpicoder.c
@@ -255,6 +255,8 @@
Create a key type that can be used for general cryptographic operations, such
as encryption, decryption, signature generation and signature verification.
The key type is "crypto" and can provide access to a variety of cryptographic
algorithms.
Signed-off-by: David Howells
---
Documentation/sec
Add a key subtype for handling RSA crypto keys. For the moment it only
provides a signature verification facility.
Signed-off-by: David Howells
---
security/Kconfig |9 +
security/keys/Makefile |2
security/keys/crypto_rsa.h | 36 +++
security/k
Add per-arch indications of module ELF types and relocation table entry types.
Signed-Off-By: David Howells
---
arch/alpha/include/asm/module.h |3 +++
arch/arm/include/asm/module.h |5 +
arch/cris/include/asm/module.h|5 +
arch/h8300/include/asm/module.h |5
Add some PGP signature parsing helpers:
(1) A function to parse V4 signature subpackets and pass the desired ones to
a processor function:
int pgp_parse_sig_subpkts(const u8 *data, size_t datalen,
struct pgp_parse_sig_context *ctx);
(2) A function
Signature verification routines for DSA crypto key subtype.
Signed-off-by: David Howells
---
security/keys/Makefile|2
security/keys/crypto_dsa.h| 11 +
security/keys/crypto_dsa_verify.c | 384 +
3 files changed, 396 insertions(+),
Add a function by which crypto keys can be requested. A keyring is supplied
for the function to search (which can be, say, a system keyring containing keys
for kernel module signature checking). The function also provides a point at
which hardware key caches, such as a TPM, can be consulted.
Sig
Signature verification routines for RSA crypto key subtype.
Signed-off-by: David Howells
---
security/keys/Makefile |2
security/keys/crypto_rsa.h | 11 +
security/keys/crypto_rsa_subtype.c | 15 +
security/keys/crypto_rsa_verify.c | 519 ++
Export some more symbols for use by the DSA key subtype.
Signed-off-by: David Howells
---
lib/mpi/mpi-cmp.c |2 ++
lib/mpi/mpi-div.c |1 +
lib/mpi/mpi-inv.c |1 +
lib/mpi/mpi-mpow.c |1 +
lib/mpi/mpi-mul.c |1 +
5 files changed, 6 insertions(+), 0 deletions(-)
diff --g
Add a facility whereby a key subtype may be asked to verify a signature against
the data it is purported to have signed.
Signed-off-by: David Howells
---
Documentation/security/keys-crypto.txt | 106 +++-
include/keys/crypto-subtype.h | 15 +
include/
Provide a function to load keys from a PGP keyring blob for use in initialising
the module signing key keyring:
int load_PGP_keys(const u8 *pgpdata, size_t pgpdatalen,
struct key *keyring, const char *descprefix);
The keys are labelled with descprefix plus a numb
Permit key_serial() to be called with a const key pointer.
Signed-off-by: David Howells
---
include/linux/key.h |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/include/linux/key.h b/include/linux/key.h
index 183a6af..f87b51b 100644
--- a/include/linux/key.h
+++ b/incl
Here are a set of patches that create a framework for using cryptographic keys
within the kernel. The patches can also be found at:
http://git.kernel.org/?p=linux/kernel/git/dhowells/linux-modsign.git;a=shortlog;h=refs/heads/devel
The basic crypto key has no requirements as to how the
loop-AES changes since previous release:
- Worked around block layer interface breakage on 3.2-rc kernels.
bzip2 compressed tarball is here:
http://loop-aes.sourceforge.net/loop-AES/loop-AES-v3.6e.tar.bz2
md5sum b8bf83f3d21a6ad1ea49ac30f9ec130d
http://loop-aes.sourceforge.net/loop-AE
17 matches
Mail list logo