subject:"\[PATCH 1\/2\] crypto\: KEYS\: convert public key to the akcipher API"

[PATCH 1/2] crypto: KEYS: convert public key to the akcipher api

2015-12-09 Thread Tadeusz Struk

This patch converts the module verification code to the new akcipher API.

Signed-off-by: Tadeusz Struk 
---
 crypto/asymmetric_keys/Kconfig|2 
 crypto/asymmetric_keys/Makefile   |7 -
 crypto/asymmetric_keys/pkcs7_parser.c |   12 +-
 crypto/asymmetric_keys/pkcs7_trust.c  |2 
 crypto/asymmetric_keys/pkcs7_verify.c |2 
 crypto/asymmetric_keys/public_key.c   |   64 +++--
 crypto/asymmetric_keys/public_key.h   |   36 -
 crypto/asymmetric_keys/rsa.c  |  211 +++--
 crypto/asymmetric_keys/x509_cert_parser.c |   37 +
 crypto/asymmetric_keys/x509_public_key.c  |   17 +-
 crypto/asymmetric_keys/x509_rsakey.asn1   |4 -
 include/crypto/public_key.h   |   49 ++-
 12 files changed, 135 insertions(+), 308 deletions(-)
 delete mode 100644 crypto/asymmetric_keys/public_key.h
 delete mode 100644 crypto/asymmetric_keys/x509_rsakey.asn1

diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index 4870f28..905d745 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
@@ -22,7 +22,7 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
 
 config PUBLIC_KEY_ALGO_RSA
tristate "RSA public-key algorithm"
-   select MPILIB
+   select CRYPTO_RSA
help
  This option enables support for the RSA algorithm (PKCS#1, RFC3447).
 
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
index cd1406f..b78a194 100644
--- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile
@@ -16,21 +16,18 @@ obj-$(CONFIG_X509_CERTIFICATE_PARSER) += x509_key_parser.o
 x509_key_parser-y := \
x509-asn1.o \
x509_akid-asn1.o \
-   x509_rsakey-asn1.o \
x509_cert_parser.o \
x509_public_key.o
 
 $(obj)/x509_cert_parser.o: \
$(obj)/x509-asn1.h \
-   $(obj)/x509_akid-asn1.h \
-   $(obj)/x509_rsakey-asn1.h
+   $(obj)/x509_akid-asn1.h
+
 $(obj)/x509-asn1.o: $(obj)/x509-asn1.c $(obj)/x509-asn1.h
 $(obj)/x509_akid-asn1.o: $(obj)/x509_akid-asn1.c $(obj)/x509_akid-asn1.h
-$(obj)/x509_rsakey-asn1.o: $(obj)/x509_rsakey-asn1.c $(obj)/x509_rsakey-asn1.h
 
 clean-files+= x509-asn1.c x509-asn1.h
 clean-files+= x509_akid-asn1.c x509_akid-asn1.h
-clean-files+= x509_rsakey-asn1.c x509_rsakey-asn1.h
 
 #
 # PKCS#7 message handling
diff --git a/crypto/asymmetric_keys/pkcs7_parser.c 
b/crypto/asymmetric_keys/pkcs7_parser.c
index 758acab..12912c1 100644
--- a/crypto/asymmetric_keys/pkcs7_parser.c
+++ b/crypto/asymmetric_keys/pkcs7_parser.c
@@ -15,7 +15,7 @@
 #include 
 #include 
 #include 
-#include "public_key.h"
+#include 
 #include "pkcs7_parser.h"
 #include "pkcs7-asn1.h"
 
@@ -44,7 +44,7 @@ struct pkcs7_parse_context {
 static void pkcs7_free_signed_info(struct pkcs7_signed_info *sinfo)
 {
if (sinfo) {
-   mpi_free(sinfo->sig.mpi[0]);
+   kfree(sinfo->sig.s);
kfree(sinfo->sig.digest);
kfree(sinfo->signing_cert_id);
kfree(sinfo);
@@ -616,16 +616,14 @@ int pkcs7_sig_note_signature(void *context, size_t hdrlen,
 const void *value, size_t vlen)
 {
struct pkcs7_parse_context *ctx = context;
-   MPI mpi;
 
BUG_ON(ctx->sinfo->sig.pkey_algo != PKEY_ALGO_RSA);
 
-   mpi = mpi_read_raw_data(value, vlen);
-   if (!mpi)
+   ctx->sinfo->sig.s = kmemdup(value, vlen, GFP_KERNEL);
+   if (!ctx->sinfo->sig.s)
return -ENOMEM;
 
-   ctx->sinfo->sig.mpi[0] = mpi;
-   ctx->sinfo->sig.nr_mpi = 1;
+   ctx->sinfo->sig.s_size = vlen;
return 0;
 }
 
diff --git a/crypto/asymmetric_keys/pkcs7_trust.c 
b/crypto/asymmetric_keys/pkcs7_trust.c
index 90d6d47..3bbdcc7 100644
--- a/crypto/asymmetric_keys/pkcs7_trust.c
+++ b/crypto/asymmetric_keys/pkcs7_trust.c
@@ -17,7 +17,7 @@
 #include 
 #include 
 #include 
-#include "public_key.h"
+#include 
 #include "pkcs7_parser.h"
 
 /**
diff --git a/crypto/asymmetric_keys/pkcs7_verify.c 
b/crypto/asymmetric_keys/pkcs7_verify.c
index 325575c..f5db137 100644
--- a/crypto/asymmetric_keys/pkcs7_verify.c
+++ b/crypto/asymmetric_keys/pkcs7_verify.c
@@ -16,7 +16,7 @@
 #include 
 #include 
 #include 
-#include "public_key.h"
+#include 
 #include "pkcs7_parser.h"
 
 /*
diff --git a/crypto/asymmetric_keys/public_key.c 
b/crypto/asymmetric_keys/public_key.c
index 6db4c01..b383629 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -18,24 +18,16 @@
 #include 
 #include 
 #include 
-#include "public_key.h"
+#include 
 
 MODULE_LICENSE("GPL");
 
 const char *const pkey_algo_name[PKEY_ALGO__LAST] = {
-   [PKEY_ALGO_DSA] = "DSA",
-   [PKEY_ALGO_RSA] = "RSA",
+   [PKEY_ALGO_DSA] = "dsa",
+   [PKEY_ALGO_RSA] = "rsa",
 };
 EXPORT_SYMBOL_GPL(pkey_algo_name);
 
-const struct public_key_algorithm *pkey_algo[PKEY_ALGO__LAST] = {
-#if

[PATCH 1/2] crypto: KEYS: convert public key to the akcipher api

2015-12-09 Thread Tadeusz Struk

This patch converts the module verification code to the new akcipher API.

Signed-off-by: Tadeusz Struk 
---
 crypto/asymmetric_keys/Kconfig|2 
 crypto/asymmetric_keys/Makefile   |7 -
 crypto/asymmetric_keys/pkcs7_parser.c |   12 +-
 crypto/asymmetric_keys/pkcs7_trust.c  |2 
 crypto/asymmetric_keys/pkcs7_verify.c |2 
 crypto/asymmetric_keys/public_key.c   |   64 +++--
 crypto/asymmetric_keys/public_key.h   |   36 -
 crypto/asymmetric_keys/rsa.c  |  211 +++--
 crypto/asymmetric_keys/x509_cert_parser.c |   37 +
 crypto/asymmetric_keys/x509_public_key.c  |   17 +-
 crypto/asymmetric_keys/x509_rsakey.asn1   |4 -
 include/crypto/public_key.h   |   49 ++-
 12 files changed, 135 insertions(+), 308 deletions(-)
 delete mode 100644 crypto/asymmetric_keys/public_key.h
 delete mode 100644 crypto/asymmetric_keys/x509_rsakey.asn1

diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index 4870f28..905d745 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
@@ -22,7 +22,7 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
 
 config PUBLIC_KEY_ALGO_RSA
tristate "RSA public-key algorithm"
-   select MPILIB
+   select CRYPTO_RSA
help
  This option enables support for the RSA algorithm (PKCS#1, RFC3447).
 
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
index cd1406f..b78a194 100644
--- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile
@@ -16,21 +16,18 @@ obj-$(CONFIG_X509_CERTIFICATE_PARSER) += x509_key_parser.o
 x509_key_parser-y := \
x509-asn1.o \
x509_akid-asn1.o \
-   x509_rsakey-asn1.o \
x509_cert_parser.o \
x509_public_key.o
 
 $(obj)/x509_cert_parser.o: \
$(obj)/x509-asn1.h \
-   $(obj)/x509_akid-asn1.h \
-   $(obj)/x509_rsakey-asn1.h
+   $(obj)/x509_akid-asn1.h
+
 $(obj)/x509-asn1.o: $(obj)/x509-asn1.c $(obj)/x509-asn1.h
 $(obj)/x509_akid-asn1.o: $(obj)/x509_akid-asn1.c $(obj)/x509_akid-asn1.h
-$(obj)/x509_rsakey-asn1.o: $(obj)/x509_rsakey-asn1.c $(obj)/x509_rsakey-asn1.h
 
 clean-files+= x509-asn1.c x509-asn1.h
 clean-files+= x509_akid-asn1.c x509_akid-asn1.h
-clean-files+= x509_rsakey-asn1.c x509_rsakey-asn1.h
 
 #
 # PKCS#7 message handling
diff --git a/crypto/asymmetric_keys/pkcs7_parser.c 
b/crypto/asymmetric_keys/pkcs7_parser.c
index 758acab..12912c1 100644
--- a/crypto/asymmetric_keys/pkcs7_parser.c
+++ b/crypto/asymmetric_keys/pkcs7_parser.c
@@ -15,7 +15,7 @@
 #include 
 #include 
 #include 
-#include "public_key.h"
+#include 
 #include "pkcs7_parser.h"
 #include "pkcs7-asn1.h"
 
@@ -44,7 +44,7 @@ struct pkcs7_parse_context {
 static void pkcs7_free_signed_info(struct pkcs7_signed_info *sinfo)
 {
if (sinfo) {
-   mpi_free(sinfo->sig.mpi[0]);
+   kfree(sinfo->sig.s);
kfree(sinfo->sig.digest);
kfree(sinfo->signing_cert_id);
kfree(sinfo);
@@ -616,16 +616,14 @@ int pkcs7_sig_note_signature(void *context, size_t hdrlen,
 const void *value, size_t vlen)
 {
struct pkcs7_parse_context *ctx = context;
-   MPI mpi;
 
BUG_ON(ctx->sinfo->sig.pkey_algo != PKEY_ALGO_RSA);
 
-   mpi = mpi_read_raw_data(value, vlen);
-   if (!mpi)
+   ctx->sinfo->sig.s = kmemdup(value, vlen, GFP_KERNEL);
+   if (!ctx->sinfo->sig.s)
return -ENOMEM;
 
-   ctx->sinfo->sig.mpi[0] = mpi;
-   ctx->sinfo->sig.nr_mpi = 1;
+   ctx->sinfo->sig.s_size = vlen;
return 0;
 }
 
diff --git a/crypto/asymmetric_keys/pkcs7_trust.c 
b/crypto/asymmetric_keys/pkcs7_trust.c
index 90d6d47..3bbdcc7 100644
--- a/crypto/asymmetric_keys/pkcs7_trust.c
+++ b/crypto/asymmetric_keys/pkcs7_trust.c
@@ -17,7 +17,7 @@
 #include 
 #include 
 #include 
-#include "public_key.h"
+#include 
 #include "pkcs7_parser.h"
 
 /**
diff --git a/crypto/asymmetric_keys/pkcs7_verify.c 
b/crypto/asymmetric_keys/pkcs7_verify.c
index 325575c..f5db137 100644
--- a/crypto/asymmetric_keys/pkcs7_verify.c
+++ b/crypto/asymmetric_keys/pkcs7_verify.c
@@ -16,7 +16,7 @@
 #include 
 #include 
 #include 
-#include "public_key.h"
+#include 
 #include "pkcs7_parser.h"
 
 /*
diff --git a/crypto/asymmetric_keys/public_key.c 
b/crypto/asymmetric_keys/public_key.c
index 6db4c01..b383629 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -18,24 +18,16 @@
 #include 
 #include 
 #include 
-#include "public_key.h"
+#include 
 
 MODULE_LICENSE("GPL");
 
 const char *const pkey_algo_name[PKEY_ALGO__LAST] = {
-   [PKEY_ALGO_DSA] = "DSA",
-   [PKEY_ALGO_RSA] = "RSA",
+   [PKEY_ALGO_DSA] = "dsa",
+   [PKEY_ALGO_RSA] = "rsa",
 };
 EXPORT_SYMBOL_GPL(pkey_algo_name);
 
-const struct public_key_algorithm

Re: [PATCH 1/2] crypto: KEYS: convert public key to the akcipher API

2015-08-24 Thread Tadeusz Struk

Hi Stephan,

On 08/15/2015 11:08 AM, Stephan Mueller wrote:
> Am Mittwoch, 12. August 2015, 20:54:39 schrieb Tadeusz Struk:
> 
> Hi Tadeusz,
> 
>> @@ -41,7 +41,7 @@ struct pkcs7_parse_context {
>> static void pkcs7_free_signed_info(struct pkcs7_signed_info *sinfo)
>> {
>>  if (sinfo) {
>> -mpi_free(sinfo->sig.mpi[0]);
>> +kfree(sinfo->sig.s);
> 
> kzfree?
> 
>>  kfree(sinfo->sig.digest);
> 
> kzfree?
> 
>>  kfree(sinfo->signing_cert_id);
>>  kfree(sinfo);
> 
> kzfree (due to ->msdigest)?
> 

Sorry for late response. I was on vacation.
All these above are module signatures, which are not sensitive,
so no need to zero the buffers on free.
The only thing that is sensitive is the private key,
which is only used for signing modules on make modules_install
and never included in the kernel.
Thanks,
T
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] crypto: KEYS: convert public key to the akcipher API

2015-08-24 Thread Tadeusz Struk

Hi Stephan,

On 08/15/2015 11:08 AM, Stephan Mueller wrote:
 Am Mittwoch, 12. August 2015, 20:54:39 schrieb Tadeusz Struk:
 
 Hi Tadeusz,
 
 @@ -41,7 +41,7 @@ struct pkcs7_parse_context {
 static void pkcs7_free_signed_info(struct pkcs7_signed_info *sinfo)
 {
  if (sinfo) {
 -mpi_free(sinfo-sig.mpi[0]);
 +kfree(sinfo-sig.s);
 
 kzfree?
 
  kfree(sinfo-sig.digest);
 
 kzfree?
 
  kfree(sinfo-signing_cert_id);
  kfree(sinfo);
 
 kzfree (due to -msdigest)?
 

Sorry for late response. I was on vacation.
All these above are module signatures, which are not sensitive,
so no need to zero the buffers on free.
The only thing that is sensitive is the private key,
which is only used for signing modules on make modules_install
and never included in the kernel.
Thanks,
T
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] crypto: KEYS: convert public key to the akcipher API

2015-08-15 Thread Stephan Mueller

Am Mittwoch, 12. August 2015, 20:54:39 schrieb Tadeusz Struk:

Hi Tadeusz,

>@@ -41,7 +41,7 @@ struct pkcs7_parse_context {
> static void pkcs7_free_signed_info(struct pkcs7_signed_info *sinfo)
> {
>   if (sinfo) {
>-  mpi_free(sinfo->sig.mpi[0]);
>+  kfree(sinfo->sig.s);

kzfree?

>   kfree(sinfo->sig.digest);

kzfree?

>   kfree(sinfo->signing_cert_id);
>   kfree(sinfo);

kzfree (due to ->msdigest)?


Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] crypto: KEYS: convert public key to the akcipher API

2015-08-15 Thread Stephan Mueller

Am Mittwoch, 12. August 2015, 20:54:39 schrieb Tadeusz Struk:

Hi Tadeusz,

@@ -41,7 +41,7 @@ struct pkcs7_parse_context {
 static void pkcs7_free_signed_info(struct pkcs7_signed_info *sinfo)
 {
   if (sinfo) {
-  mpi_free(sinfo-sig.mpi[0]);
+  kfree(sinfo-sig.s);

kzfree?

   kfree(sinfo-sig.digest);

kzfree?

   kfree(sinfo-signing_cert_id);
   kfree(sinfo);

kzfree (due to -msdigest)?


Ciao
Stephan
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] crypto: KEYS: convert public key to the akcipher API

2015-08-13 Thread Herbert Xu

On Thu, Aug 13, 2015 at 03:23:16PM +0100, David Howells wrote:
> 
> > -   /* Decode the public key */
> > -   ret = asn1_ber_decoder(_rsakey_decoder, ctx,
> > -  ctx->key, ctx->key_size);
> > -   if (ret < 0)
> > +   cert->pub->key = kmemdup(ctx->key, ctx->key_size, GFP_KERNEL);
> > +   if (!cert->pub->key)
> > goto error_decode;
> 
> The generic public key code should *not* see the container wrappings (ASN.1
> from an X.509 cert in this case).  The public key could be supplied by OpenPGP
> instead, for example, or directly by a driver.

No in this case it's fine because the format of our key input
specification just happens to coincide with the input here.

Cheers,
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] crypto: KEYS: convert public key to the akcipher API

2015-08-13 Thread Tadeusz Struk

On 08/13/2015 07:23 AM, David Howells wrote:
> Tadeusz Struk  wrote:
> 
>>  const char *const pkey_algo_name[PKEY_ALGO__LAST] = {
>> -[PKEY_ALGO_DSA] = "DSA",
>> -[PKEY_ALGO_RSA] = "RSA",
>> +[PKEY_ALGO_DSA] = "dsa",
>> +[PKEY_ALGO_RSA] = "rsa",
>>  };
> 
> Be aware that these are exposed to userspace through /proc.  The change
> probably doesn't matter, but you might need to update the documentation.
> 
>> +int public_key_verify_signature(const struct public_key *pkey,
>>  const struct public_key_signature *sig)
>>  {
>> ...
>> -return algo->verify_signature(pk, sig);
>> +return rsa_pkcs1_v1_5_verify_signature(pkey, sig);
>>  }
> 
> No.  You can't assume RSA here.  It's quite likely we'll have to support ECDSA
> or similar soon.  This must be contingent on the algorithm selected.
> 
>>  {
>>  const struct public_key *pk = key->payload.data;
>> +
>>  return public_key_verify_signature(pk, sig);
>>  }
> 
> That's nothing to do with this patch.
> 
>> +static int rsa_signture_verify(const u8 *H, const u8 *EM, size_t k,
> 
> 'signture' -> 'signature'.
> 
>> +/*
>> + * Perform the RSA signature verification.
>> + * @H: Value of hash of data and metadata
>> + * @EM: The computed signature value
>> + * @k: The size of EM (EM[0] is an invalid location but should hold 0x00)
>> + * @hash_size: The size of H
>> + * @asn1_template: The DigestInfo ASN.1 template
>> + * @asn1_size: Size of asm1_template[]
>> + */
>> +static int rsa_signture_verify(const u8 *H, const u8 *EM, size_t k,
>> +   size_t hash_size, const u8 *asn1_template,
>> +   size_t asn1_size)
>> +{
> 
> Why is this here and not in crypto/rsa.c?
> 
>> +/* initlialzie out buf */
> 
> 'initialise'.
> 
>> -/* Decode the public key */
>> -ret = asn1_ber_decoder(_rsakey_decoder, ctx,
>> -   ctx->key, ctx->key_size);
>> -if (ret < 0)
>> +cert->pub->key = kmemdup(ctx->key, ctx->key_size, GFP_KERNEL);
>> +if (!cert->pub->key)
>>  goto error_decode;
> 
> The generic public key code should *not* see the container wrappings (ASN.1
> from an X.509 cert in this case).  The public key could be supplied by OpenPGP
> instead, for example, or directly by a driver.
> 
> Further, at this point, we need to make sure that the data we were given has
> the right bits and emit EBADMSG if it doesn't.
> 
> Okay, I can accept that the public_key struct might just have a list of void *
> and size_t fields that get filled in, one for each integer that we extract
> rather than MPIs, but we should not expose the generic code to the stuff we've
> parsed away.
> 
>>  struct public_key {
>> -const struct public_key_algorithm *algo;
>> -u8  capabilities;
>> -#define PKEY_CAN_ENCRYPT0x01
>> -#define PKEY_CAN_DECRYPT0x02
>> -#define PKEY_CAN_SIGN   0x04
>> -#define PKEY_CAN_VERIFY 0x08
> 
> You still need the capabilities.  The X.509 certificate and the OpenPGP
> message indicate restrictions on the key that we need to honour.

Thanks David for all your feedback. I'll rework it according to your comments.
Regards,
T 


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] crypto: KEYS: convert public key to the akcipher API

2015-08-13 Thread David Howells

Tadeusz Struk  wrote:

>  const char *const pkey_algo_name[PKEY_ALGO__LAST] = {
> - [PKEY_ALGO_DSA] = "DSA",
> - [PKEY_ALGO_RSA] = "RSA",
> + [PKEY_ALGO_DSA] = "dsa",
> + [PKEY_ALGO_RSA] = "rsa",
>  };

Be aware that these are exposed to userspace through /proc.  The change
probably doesn't matter, but you might need to update the documentation.

> +int public_key_verify_signature(const struct public_key *pkey,
>   const struct public_key_signature *sig)
>  {
> ...
> - return algo->verify_signature(pk, sig);
> + return rsa_pkcs1_v1_5_verify_signature(pkey, sig);
>  }

No.  You can't assume RSA here.  It's quite likely we'll have to support ECDSA
or similar soon.  This must be contingent on the algorithm selected.

>  {
>   const struct public_key *pk = key->payload.data;
> +
>   return public_key_verify_signature(pk, sig);
>  }

That's nothing to do with this patch.

> +static int rsa_signture_verify(const u8 *H, const u8 *EM, size_t k,

'signture' -> 'signature'.

> +/*
> + * Perform the RSA signature verification.
> + * @H: Value of hash of data and metadata
> + * @EM: The computed signature value
> + * @k: The size of EM (EM[0] is an invalid location but should hold 0x00)
> + * @hash_size: The size of H
> + * @asn1_template: The DigestInfo ASN.1 template
> + * @asn1_size: Size of asm1_template[]
> + */
> +static int rsa_signture_verify(const u8 *H, const u8 *EM, size_t k,
> +size_t hash_size, const u8 *asn1_template,
> +size_t asn1_size)
> +{

Why is this here and not in crypto/rsa.c?

> + /* initlialzie out buf */

'initialise'.

> - /* Decode the public key */
> - ret = asn1_ber_decoder(_rsakey_decoder, ctx,
> -ctx->key, ctx->key_size);
> - if (ret < 0)
> + cert->pub->key = kmemdup(ctx->key, ctx->key_size, GFP_KERNEL);
> + if (!cert->pub->key)
>   goto error_decode;

The generic public key code should *not* see the container wrappings (ASN.1
from an X.509 cert in this case).  The public key could be supplied by OpenPGP
instead, for example, or directly by a driver.

Further, at this point, we need to make sure that the data we were given has
the right bits and emit EBADMSG if it doesn't.

Okay, I can accept that the public_key struct might just have a list of void *
and size_t fields that get filled in, one for each integer that we extract
rather than MPIs, but we should not expose the generic code to the stuff we've
parsed away.

>  struct public_key {
> - const struct public_key_algorithm *algo;
> - u8  capabilities;
> -#define PKEY_CAN_ENCRYPT 0x01
> -#define PKEY_CAN_DECRYPT 0x02
> -#define PKEY_CAN_SIGN0x04
> -#define PKEY_CAN_VERIFY  0x08

You still need the capabilities.  The X.509 certificate and the OpenPGP
message indicate restrictions on the key that we need to honour.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] crypto: KEYS: convert public key to the akcipher API

2015-08-13 Thread David Howells

Tadeusz Struk tadeusz.st...@intel.com wrote:

  const char *const pkey_algo_name[PKEY_ALGO__LAST] = {
 - [PKEY_ALGO_DSA] = DSA,
 - [PKEY_ALGO_RSA] = RSA,
 + [PKEY_ALGO_DSA] = dsa,
 + [PKEY_ALGO_RSA] = rsa,
  };

Be aware that these are exposed to userspace through /proc.  The change
probably doesn't matter, but you might need to update the documentation.

 +int public_key_verify_signature(const struct public_key *pkey,
   const struct public_key_signature *sig)
  {
 ...
 - return algo-verify_signature(pk, sig);
 + return rsa_pkcs1_v1_5_verify_signature(pkey, sig);
  }

No.  You can't assume RSA here.  It's quite likely we'll have to support ECDSA
or similar soon.  This must be contingent on the algorithm selected.

  {
   const struct public_key *pk = key-payload.data;
 +
   return public_key_verify_signature(pk, sig);
  }

That's nothing to do with this patch.

 +static int rsa_signture_verify(const u8 *H, const u8 *EM, size_t k,

'signture' - 'signature'.

 +/*
 + * Perform the RSA signature verification.
 + * @H: Value of hash of data and metadata
 + * @EM: The computed signature value
 + * @k: The size of EM (EM[0] is an invalid location but should hold 0x00)
 + * @hash_size: The size of H
 + * @asn1_template: The DigestInfo ASN.1 template
 + * @asn1_size: Size of asm1_template[]
 + */
 +static int rsa_signture_verify(const u8 *H, const u8 *EM, size_t k,
 +size_t hash_size, const u8 *asn1_template,
 +size_t asn1_size)
 +{

Why is this here and not in crypto/rsa.c?

 + /* initlialzie out buf */

'initialise'.

 - /* Decode the public key */
 - ret = asn1_ber_decoder(x509_rsakey_decoder, ctx,
 -ctx-key, ctx-key_size);
 - if (ret  0)
 + cert-pub-key = kmemdup(ctx-key, ctx-key_size, GFP_KERNEL);
 + if (!cert-pub-key)
   goto error_decode;

The generic public key code should *not* see the container wrappings (ASN.1
from an X.509 cert in this case).  The public key could be supplied by OpenPGP
instead, for example, or directly by a driver.

Further, at this point, we need to make sure that the data we were given has
the right bits and emit EBADMSG if it doesn't.

Okay, I can accept that the public_key struct might just have a list of void *
and size_t fields that get filled in, one for each integer that we extract
rather than MPIs, but we should not expose the generic code to the stuff we've
parsed away.

  struct public_key {
 - const struct public_key_algorithm *algo;
 - u8  capabilities;
 -#define PKEY_CAN_ENCRYPT 0x01
 -#define PKEY_CAN_DECRYPT 0x02
 -#define PKEY_CAN_SIGN0x04
 -#define PKEY_CAN_VERIFY  0x08

You still need the capabilities.  The X.509 certificate and the OpenPGP
message indicate restrictions on the key that we need to honour.

David
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] crypto: KEYS: convert public key to the akcipher API

2015-08-13 Thread Tadeusz Struk

On 08/13/2015 07:23 AM, David Howells wrote:
 Tadeusz Struk tadeusz.st...@intel.com wrote:
 
  const char *const pkey_algo_name[PKEY_ALGO__LAST] = {
 -[PKEY_ALGO_DSA] = DSA,
 -[PKEY_ALGO_RSA] = RSA,
 +[PKEY_ALGO_DSA] = dsa,
 +[PKEY_ALGO_RSA] = rsa,
  };
 
 Be aware that these are exposed to userspace through /proc.  The change
 probably doesn't matter, but you might need to update the documentation.
 
 +int public_key_verify_signature(const struct public_key *pkey,
  const struct public_key_signature *sig)
  {
 ...
 -return algo-verify_signature(pk, sig);
 +return rsa_pkcs1_v1_5_verify_signature(pkey, sig);
  }
 
 No.  You can't assume RSA here.  It's quite likely we'll have to support ECDSA
 or similar soon.  This must be contingent on the algorithm selected.
 
  {
  const struct public_key *pk = key-payload.data;
 +
  return public_key_verify_signature(pk, sig);
  }
 
 That's nothing to do with this patch.
 
 +static int rsa_signture_verify(const u8 *H, const u8 *EM, size_t k,
 
 'signture' - 'signature'.
 
 +/*
 + * Perform the RSA signature verification.
 + * @H: Value of hash of data and metadata
 + * @EM: The computed signature value
 + * @k: The size of EM (EM[0] is an invalid location but should hold 0x00)
 + * @hash_size: The size of H
 + * @asn1_template: The DigestInfo ASN.1 template
 + * @asn1_size: Size of asm1_template[]
 + */
 +static int rsa_signture_verify(const u8 *H, const u8 *EM, size_t k,
 +   size_t hash_size, const u8 *asn1_template,
 +   size_t asn1_size)
 +{
 
 Why is this here and not in crypto/rsa.c?
 
 +/* initlialzie out buf */
 
 'initialise'.
 
 -/* Decode the public key */
 -ret = asn1_ber_decoder(x509_rsakey_decoder, ctx,
 -   ctx-key, ctx-key_size);
 -if (ret  0)
 +cert-pub-key = kmemdup(ctx-key, ctx-key_size, GFP_KERNEL);
 +if (!cert-pub-key)
  goto error_decode;
 
 The generic public key code should *not* see the container wrappings (ASN.1
 from an X.509 cert in this case).  The public key could be supplied by OpenPGP
 instead, for example, or directly by a driver.
 
 Further, at this point, we need to make sure that the data we were given has
 the right bits and emit EBADMSG if it doesn't.
 
 Okay, I can accept that the public_key struct might just have a list of void *
 and size_t fields that get filled in, one for each integer that we extract
 rather than MPIs, but we should not expose the generic code to the stuff we've
 parsed away.
 
  struct public_key {
 -const struct public_key_algorithm *algo;
 -u8  capabilities;
 -#define PKEY_CAN_ENCRYPT0x01
 -#define PKEY_CAN_DECRYPT0x02
 -#define PKEY_CAN_SIGN   0x04
 -#define PKEY_CAN_VERIFY 0x08
 
 You still need the capabilities.  The X.509 certificate and the OpenPGP
 message indicate restrictions on the key that we need to honour.

Thanks David for all your feedback. I'll rework it according to your comments.
Regards,
T 


--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 1/2] crypto: KEYS: convert public key to the akcipher API

2015-08-13 Thread Herbert Xu

On Thu, Aug 13, 2015 at 03:23:16PM +0100, David Howells wrote:
 
  -   /* Decode the public key */
  -   ret = asn1_ber_decoder(x509_rsakey_decoder, ctx,
  -  ctx-key, ctx-key_size);
  -   if (ret  0)
  +   cert-pub-key = kmemdup(ctx-key, ctx-key_size, GFP_KERNEL);
  +   if (!cert-pub-key)
  goto error_decode;
 
 The generic public key code should *not* see the container wrappings (ASN.1
 from an X.509 cert in this case).  The public key could be supplied by OpenPGP
 instead, for example, or directly by a driver.

No in this case it's fine because the format of our key input
specification just happens to coincide with the input here.

Cheers,
-- 
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 1/2] crypto: KEYS: convert public key to the akcipher API

2015-08-12 Thread Tadeusz Struk

This patch converts the module verification code to the new akcipher API.
RSA implementation from crypto/asymmetric_keys has been removed and the
new API is used for cryptographic primitives. The signature verification
has been moved into a new crypto/asymmetric_keys/rsa_pkcs1_v1_5.c file.
There is no need for MPI above the API anymore.
Modules can be verified with software as well as HW rsa implementations.

Signed-off-by: Tadeusz Struk 
---
 crypto/asymmetric_keys/Kconfig|2 
 crypto/asymmetric_keys/Makefile   |7 -
 crypto/asymmetric_keys/pkcs7_parser.c |   12 +
 crypto/asymmetric_keys/pkcs7_trust.c  |2 
 crypto/asymmetric_keys/pkcs7_verify.c |2 
 crypto/asymmetric_keys/public_key.c   |   59 ++
 crypto/asymmetric_keys/public_key.h   |   36 
 crypto/asymmetric_keys/rsa.c  |  278 -
 crypto/asymmetric_keys/rsa_pkcs1_v1_5.c   |  229 
 crypto/asymmetric_keys/x509_cert_parser.c |   37 +---
 crypto/asymmetric_keys/x509_public_key.c  |   17 +-
 crypto/asymmetric_keys/x509_rsakey.asn1   |4 
 include/crypto/public_key.h   |   48 +
 kernel/module_signing.c   |   56 ++
 security/integrity/digsig_asymmetric.c|   11 -
 15 files changed, 301 insertions(+), 499 deletions(-)
 delete mode 100644 crypto/asymmetric_keys/public_key.h
 delete mode 100644 crypto/asymmetric_keys/rsa.c
 create mode 100644 crypto/asymmetric_keys/rsa_pkcs1_v1_5.c
 delete mode 100644 crypto/asymmetric_keys/x509_rsakey.asn1

diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index 4870f28..905d745 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
@@ -22,7 +22,7 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
 
 config PUBLIC_KEY_ALGO_RSA
tristate "RSA public-key algorithm"
-   select MPILIB
+   select CRYPTO_RSA
help
  This option enables support for the RSA algorithm (PKCS#1, RFC3447).
 
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
index e47fcd9..895d8ca 100644
--- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile
@@ -7,7 +7,7 @@ obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o
 asymmetric_keys-y := asymmetric_type.o signature.o
 
 obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
-obj-$(CONFIG_PUBLIC_KEY_ALGO_RSA) += rsa.o
+obj-$(CONFIG_PUBLIC_KEY_ALGO_RSA) += rsa_pkcs1_v1_5.o
 
 #
 # X.509 Certificate handling
@@ -15,16 +15,13 @@ obj-$(CONFIG_PUBLIC_KEY_ALGO_RSA) += rsa.o
 obj-$(CONFIG_X509_CERTIFICATE_PARSER) += x509_key_parser.o
 x509_key_parser-y := \
x509-asn1.o \
-   x509_rsakey-asn1.o \
x509_cert_parser.o \
x509_public_key.o
 
-$(obj)/x509_cert_parser.o: $(obj)/x509-asn1.h $(obj)/x509_rsakey-asn1.h
+$(obj)/x509_cert_parser.o: $(obj)/x509-asn1.h
 $(obj)/x509-asn1.o: $(obj)/x509-asn1.c $(obj)/x509-asn1.h
-$(obj)/x509_rsakey-asn1.o: $(obj)/x509_rsakey-asn1.c $(obj)/x509_rsakey-asn1.h
 
 clean-files+= x509-asn1.c x509-asn1.h
-clean-files+= x509_rsakey-asn1.c x509_rsakey-asn1.h
 
 #
 # PKCS#7 message handling
diff --git a/crypto/asymmetric_keys/pkcs7_parser.c 
b/crypto/asymmetric_keys/pkcs7_parser.c
index 3bd5a1e..8e3597a 100644
--- a/crypto/asymmetric_keys/pkcs7_parser.c
+++ b/crypto/asymmetric_keys/pkcs7_parser.c
@@ -15,7 +15,7 @@
 #include 
 #include 
 #include 
-#include "public_key.h"
+#include 
 #include "pkcs7_parser.h"
 #include "pkcs7-asn1.h"
 
@@ -41,7 +41,7 @@ struct pkcs7_parse_context {
 static void pkcs7_free_signed_info(struct pkcs7_signed_info *sinfo)
 {
if (sinfo) {
-   mpi_free(sinfo->sig.mpi[0]);
+   kfree(sinfo->sig.s);
kfree(sinfo->sig.digest);
kfree(sinfo->signing_cert_id);
kfree(sinfo);
@@ -374,16 +374,14 @@ int pkcs7_sig_note_signature(void *context, size_t hdrlen,
 const void *value, size_t vlen)
 {
struct pkcs7_parse_context *ctx = context;
-   MPI mpi;
 
BUG_ON(ctx->sinfo->sig.pkey_algo != PKEY_ALGO_RSA);
 
-   mpi = mpi_read_raw_data(value, vlen);
-   if (!mpi)
+   ctx->sinfo->sig.s = kmemdup(value, vlen, GFP_KERNEL);
+   if (!ctx->sinfo->sig.s)
return -ENOMEM;
 
-   ctx->sinfo->sig.mpi[0] = mpi;
-   ctx->sinfo->sig.nr_mpi = 1;
+   ctx->sinfo->sig.s_size = vlen;
return 0;
 }
 
diff --git a/crypto/asymmetric_keys/pkcs7_trust.c 
b/crypto/asymmetric_keys/pkcs7_trust.c
index 1d29376..68ebae2 100644
--- a/crypto/asymmetric_keys/pkcs7_trust.c
+++ b/crypto/asymmetric_keys/pkcs7_trust.c
@@ -17,7 +17,7 @@
 #include 
 #include 
 #include 
-#include "public_key.h"
+#include 
 #include "pkcs7_parser.h"
 
 /**
diff --git a/crypto/asymmetric_keys/pkcs7_verify.c 
b/crypto/asymmetric_keys/pkcs7_verify.c
index cd45545..c32a337 100644
--- a/crypto/asymmetric_keys/pkcs7_verify.c
+++

[PATCH 1/2] crypto: KEYS: convert public key to the akcipher API

2015-08-12 Thread Tadeusz Struk

This patch converts the module verification code to the new akcipher API.
RSA implementation from crypto/asymmetric_keys has been removed and the
new API is used for cryptographic primitives. The signature verification
has been moved into a new crypto/asymmetric_keys/rsa_pkcs1_v1_5.c file.
There is no need for MPI above the API anymore.
Modules can be verified with software as well as HW rsa implementations.

Signed-off-by: Tadeusz Struk tadeusz.st...@intel.com
---
 crypto/asymmetric_keys/Kconfig|2 
 crypto/asymmetric_keys/Makefile   |7 -
 crypto/asymmetric_keys/pkcs7_parser.c |   12 +
 crypto/asymmetric_keys/pkcs7_trust.c  |2 
 crypto/asymmetric_keys/pkcs7_verify.c |2 
 crypto/asymmetric_keys/public_key.c   |   59 ++
 crypto/asymmetric_keys/public_key.h   |   36 
 crypto/asymmetric_keys/rsa.c  |  278 -
 crypto/asymmetric_keys/rsa_pkcs1_v1_5.c   |  229 
 crypto/asymmetric_keys/x509_cert_parser.c |   37 +---
 crypto/asymmetric_keys/x509_public_key.c  |   17 +-
 crypto/asymmetric_keys/x509_rsakey.asn1   |4 
 include/crypto/public_key.h   |   48 +
 kernel/module_signing.c   |   56 ++
 security/integrity/digsig_asymmetric.c|   11 -
 15 files changed, 301 insertions(+), 499 deletions(-)
 delete mode 100644 crypto/asymmetric_keys/public_key.h
 delete mode 100644 crypto/asymmetric_keys/rsa.c
 create mode 100644 crypto/asymmetric_keys/rsa_pkcs1_v1_5.c
 delete mode 100644 crypto/asymmetric_keys/x509_rsakey.asn1

diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index 4870f28..905d745 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
@@ -22,7 +22,7 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
 
 config PUBLIC_KEY_ALGO_RSA
tristate RSA public-key algorithm
-   select MPILIB
+   select CRYPTO_RSA
help
  This option enables support for the RSA algorithm (PKCS#1, RFC3447).
 
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
index e47fcd9..895d8ca 100644
--- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile
@@ -7,7 +7,7 @@ obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o
 asymmetric_keys-y := asymmetric_type.o signature.o
 
 obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
-obj-$(CONFIG_PUBLIC_KEY_ALGO_RSA) += rsa.o
+obj-$(CONFIG_PUBLIC_KEY_ALGO_RSA) += rsa_pkcs1_v1_5.o
 
 #
 # X.509 Certificate handling
@@ -15,16 +15,13 @@ obj-$(CONFIG_PUBLIC_KEY_ALGO_RSA) += rsa.o
 obj-$(CONFIG_X509_CERTIFICATE_PARSER) += x509_key_parser.o
 x509_key_parser-y := \
x509-asn1.o \
-   x509_rsakey-asn1.o \
x509_cert_parser.o \
x509_public_key.o
 
-$(obj)/x509_cert_parser.o: $(obj)/x509-asn1.h $(obj)/x509_rsakey-asn1.h
+$(obj)/x509_cert_parser.o: $(obj)/x509-asn1.h
 $(obj)/x509-asn1.o: $(obj)/x509-asn1.c $(obj)/x509-asn1.h
-$(obj)/x509_rsakey-asn1.o: $(obj)/x509_rsakey-asn1.c $(obj)/x509_rsakey-asn1.h
 
 clean-files+= x509-asn1.c x509-asn1.h
-clean-files+= x509_rsakey-asn1.c x509_rsakey-asn1.h
 
 #
 # PKCS#7 message handling
diff --git a/crypto/asymmetric_keys/pkcs7_parser.c 
b/crypto/asymmetric_keys/pkcs7_parser.c
index 3bd5a1e..8e3597a 100644
--- a/crypto/asymmetric_keys/pkcs7_parser.c
+++ b/crypto/asymmetric_keys/pkcs7_parser.c
@@ -15,7 +15,7 @@
 #include linux/slab.h
 #include linux/err.h
 #include linux/oid_registry.h
-#include public_key.h
+#include crypto/public_key.h
 #include pkcs7_parser.h
 #include pkcs7-asn1.h
 
@@ -41,7 +41,7 @@ struct pkcs7_parse_context {
 static void pkcs7_free_signed_info(struct pkcs7_signed_info *sinfo)
 {
if (sinfo) {
-   mpi_free(sinfo-sig.mpi[0]);
+   kfree(sinfo-sig.s);
kfree(sinfo-sig.digest);
kfree(sinfo-signing_cert_id);
kfree(sinfo);
@@ -374,16 +374,14 @@ int pkcs7_sig_note_signature(void *context, size_t hdrlen,
 const void *value, size_t vlen)
 {
struct pkcs7_parse_context *ctx = context;
-   MPI mpi;
 
BUG_ON(ctx-sinfo-sig.pkey_algo != PKEY_ALGO_RSA);
 
-   mpi = mpi_read_raw_data(value, vlen);
-   if (!mpi)
+   ctx-sinfo-sig.s = kmemdup(value, vlen, GFP_KERNEL);
+   if (!ctx-sinfo-sig.s)
return -ENOMEM;
 
-   ctx-sinfo-sig.mpi[0] = mpi;
-   ctx-sinfo-sig.nr_mpi = 1;
+   ctx-sinfo-sig.s_size = vlen;
return 0;
 }
 
diff --git a/crypto/asymmetric_keys/pkcs7_trust.c 
b/crypto/asymmetric_keys/pkcs7_trust.c
index 1d29376..68ebae2 100644
--- a/crypto/asymmetric_keys/pkcs7_trust.c
+++ b/crypto/asymmetric_keys/pkcs7_trust.c
@@ -17,7 +17,7 @@
 #include linux/asn1.h
 #include linux/key.h
 #include keys/asymmetric-type.h
-#include public_key.h
+#include crypto/public_key.h
 #include pkcs7_parser.h
 
 /**
diff --git a/crypto/asymmetric_keys/pkcs7_verify.c

[PATCH 1/2] crypto: KEYS: convert public key to the akcipher api

[PATCH 1/2] crypto: KEYS: convert public key to the akcipher api

Re: [PATCH 1/2] crypto: KEYS: convert public key to the akcipher API

Re: [PATCH 1/2] crypto: KEYS: convert public key to the akcipher API

Re: [PATCH 1/2] crypto: KEYS: convert public key to the akcipher API

Re: [PATCH 1/2] crypto: KEYS: convert public key to the akcipher API

Re: [PATCH 1/2] crypto: KEYS: convert public key to the akcipher API

Re: [PATCH 1/2] crypto: KEYS: convert public key to the akcipher API

Re: [PATCH 1/2] crypto: KEYS: convert public key to the akcipher API

Re: [PATCH 1/2] crypto: KEYS: convert public key to the akcipher API

Re: [PATCH 1/2] crypto: KEYS: convert public key to the akcipher API

Re: [PATCH 1/2] crypto: KEYS: convert public key to the akcipher API

[PATCH 1/2] crypto: KEYS: convert public key to the akcipher API

[PATCH 1/2] crypto: KEYS: convert public key to the akcipher API

14 matches

Site Navigation

Mail list logo

Footer information