loop-AES changes since previous release:
- Worked around block layer interface breakage on 3.2-rc kernels.
bzip2 compressed tarball is here:
http://loop-aes.sourceforge.net/loop-AES/loop-AES-v3.6e.tar.bz2
md5sum b8bf83f3d21a6ad1ea49ac30f9ec130d
Here are a set of patches that create a framework for using cryptographic keys
within the kernel. The patches can also be found at:
http://git.kernel.org/?p=linux/kernel/git/dhowells/linux-modsign.git;a=shortlog;h=refs/heads/devel
The basic crypto key has no requirements as to how the
Permit key_serial() to be called with a const key pointer.
Signed-off-by: David Howells dhowe...@redhat.com
---
include/linux/key.h |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/include/linux/key.h b/include/linux/key.h
index 183a6af..f87b51b 100644
---
Provide a function to load keys from a PGP keyring blob for use in initialising
the module signing key keyring:
int load_PGP_keys(const u8 *pgpdata, size_t pgpdatalen,
struct key *keyring, const char *descprefix);
The keys are labelled with descprefix plus a
Add a facility whereby a key subtype may be asked to verify a signature against
the data it is purported to have signed.
Signed-off-by: David Howells dhowe...@redhat.com
---
Documentation/security/keys-crypto.txt | 106 +++-
include/keys/crypto-subtype.h |
Signature verification routines for RSA crypto key subtype.
Signed-off-by: David Howells dhowe...@redhat.com
---
security/keys/Makefile |2
security/keys/crypto_rsa.h | 11 +
security/keys/crypto_rsa_subtype.c | 15 +
security/keys/crypto_rsa_verify.c | 519
Add a function by which crypto keys can be requested. A keyring is supplied
for the function to search (which can be, say, a system keyring containing keys
for kernel module signature checking). The function also provides a point at
which hardware key caches, such as a TPM, can be consulted.
Signature verification routines for DSA crypto key subtype.
Signed-off-by: David Howells dhowe...@redhat.com
---
security/keys/Makefile|2
security/keys/crypto_dsa.h| 11 +
security/keys/crypto_dsa_verify.c | 384 +
3 files
Add some PGP signature parsing helpers:
(1) A function to parse V4 signature subpackets and pass the desired ones to
a processor function:
int pgp_parse_sig_subpkts(const u8 *data, size_t datalen,
struct pgp_parse_sig_context *ctx);
(2) A
Add per-arch indications of module ELF types and relocation table entry types.
Signed-Off-By: David Howells dhowe...@redhat.com
---
arch/alpha/include/asm/module.h |3 +++
arch/arm/include/asm/module.h |5 +
arch/cris/include/asm/module.h|5 +
Create a key type that can be used for general cryptographic operations, such
as encryption, decryption, signature generation and signature verification.
The key type is crypto and can provide access to a variety of cryptographic
algorithms.
Signed-off-by: David Howells dhowe...@redhat.com
---
Add a missing ENOMEM check.
Signed-off-by: David Howells dhowe...@redhat.com
---
lib/mpi/mpicoder.c |2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/lib/mpi/mpicoder.c b/lib/mpi/mpicoder.c
index fe84bb9..6e225a8 100644
--- a/lib/mpi/mpicoder.c
+++ b/lib/mpi/mpicoder.c
Add a key subtype for handling DSA crypto keys. For the moment it only
provides a signature verification facility.
Signed-off-by: David Howells dhowe...@redhat.com
---
security/Kconfig | 10 +
security/keys/Makefile |2
security/keys/crypto_dsa.h |
Do preliminary verification of the ELF structure of a module. This is used to
make sure that the ELF structure can then be used to check the module signature
and access the module data without breaking the module loader.
If the module's ELF metadata is determined to be bad, then ELIBBAD will be
Add some useful PGP definitions from RFC 4880. These describe details of
public key crypto as used by crypto keys for things like signature
verification.
Also add a simple parser that extracts the packets from a PGP blob and passes
the desirous ones to the given processor function:
15 matches
Mail list logo
