From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: linux-security-module@vger.kernel.org
Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
linux-crypto@vger.kernel.org, David Howells <dhowells@redhat.com>,
Dmitry Kasatkin <d.kasatkin@samsung.com>,
Mimi Zohar <zohar@linux.vnet.ibm.com>
Subject: [RFC][PATCH 02/20] keys: change asymmetric keys to use common hash definitions
Date: Wed, 17 Jul 2013 19:51:22 -0400 [thread overview]
Message-ID: <1374105100-25880-3-git-send-email-zohar@linux.vnet.ibm.com> (raw)
In-Reply-To: <1374105100-25880-1-git-send-email-zohar@linux.vnet.ibm.com>
From: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
This patch makes use of the newly defined common hash algorithm info,
replacing, for example, PKEY_HASH with HASH_ALGO.
Changelog:
- Lindent fixes - Mimi
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
crypto/asymmetric_keys/Kconfig | 1 +
crypto/asymmetric_keys/public_key.c | 12 ------------
crypto/asymmetric_keys/rsa.c | 14 +++++++-------
crypto/asymmetric_keys/x509_cert_parser.c | 12 ++++++------
crypto/asymmetric_keys/x509_parser.h | 2 +-
crypto/asymmetric_keys/x509_public_key.c | 4 ++--
include/crypto/public_key.h | 18 ++++--------------
kernel/module_signing.c | 8 ++++----
8 files changed, 25 insertions(+), 46 deletions(-)
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index 6d2c2ea..52a7f2c 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
@@ -12,6 +12,7 @@ if ASYMMETRIC_KEY_TYPE
config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
tristate "Asymmetric public-key crypto algorithm subtype"
select MPILIB
+ select CRYPTO_HASH_INFO
help
This option provides support for asymmetric public key type handling.
If signature generation and/or verification are to be used,
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index cb2e291..007396f 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -28,18 +28,6 @@ const char *const pkey_algo[PKEY_ALGO__LAST] = {
};
EXPORT_SYMBOL_GPL(pkey_algo);
-const char *const pkey_hash_algo[PKEY_HASH__LAST] = {
- [PKEY_HASH_MD4] = "md4",
- [PKEY_HASH_MD5] = "md5",
- [PKEY_HASH_SHA1] = "sha1",
- [PKEY_HASH_RIPE_MD_160] = "rmd160",
- [PKEY_HASH_SHA256] = "sha256",
- [PKEY_HASH_SHA384] = "sha384",
- [PKEY_HASH_SHA512] = "sha512",
- [PKEY_HASH_SHA224] = "sha224",
-};
-EXPORT_SYMBOL_GPL(pkey_hash_algo);
-
const char *const pkey_id_type[PKEY_ID_TYPE__LAST] = {
[PKEY_ID_PGP] = "PGP",
[PKEY_ID_X509] = "X509",
diff --git a/crypto/asymmetric_keys/rsa.c b/crypto/asymmetric_keys/rsa.c
index 4a6a069..90a17f5 100644
--- a/crypto/asymmetric_keys/rsa.c
+++ b/crypto/asymmetric_keys/rsa.c
@@ -73,13 +73,13 @@ static const struct {
size_t size;
} RSA_ASN1_templates[PKEY_HASH__LAST] = {
#define _(X) { RSA_digest_info_##X, sizeof(RSA_digest_info_##X) }
- [PKEY_HASH_MD5] = _(MD5),
- [PKEY_HASH_SHA1] = _(SHA1),
- [PKEY_HASH_RIPE_MD_160] = _(RIPE_MD_160),
- [PKEY_HASH_SHA256] = _(SHA256),
- [PKEY_HASH_SHA384] = _(SHA384),
- [PKEY_HASH_SHA512] = _(SHA512),
- [PKEY_HASH_SHA224] = _(SHA224),
+ [HASH_ALGO_MD5] = _(MD5),
+ [HASH_ALGO_SHA1] = _(SHA1),
+ [HASH_ALGO_RIPE_MD_160] = _(RIPE_MD_160),
+ [HASH_ALGO_SHA256] = _(SHA256),
+ [HASH_ALGO_SHA384] = _(SHA384),
+ [HASH_ALGO_SHA512] = _(SHA512),
+ [HASH_ALGO_SHA224] = _(SHA224),
#undef _
};
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index facbf26..0cefbe2 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -152,32 +152,32 @@ int x509_note_pkey_algo(void *context, size_t hdrlen,
return -ENOPKG; /* Unsupported combination */
case OID_md4WithRSAEncryption:
- ctx->cert->sig_hash_algo = PKEY_HASH_MD5;
+ ctx->cert->sig_hash_algo = HASH_ALGO_MD5;
ctx->cert->sig_pkey_algo = PKEY_ALGO_RSA;
break;
case OID_sha1WithRSAEncryption:
- ctx->cert->sig_hash_algo = PKEY_HASH_SHA1;
+ ctx->cert->sig_hash_algo = HASH_ALGO_SHA1;
ctx->cert->sig_pkey_algo = PKEY_ALGO_RSA;
break;
case OID_sha256WithRSAEncryption:
- ctx->cert->sig_hash_algo = PKEY_HASH_SHA256;
+ ctx->cert->sig_hash_algo = HASH_ALGO_SHA256;
ctx->cert->sig_pkey_algo = PKEY_ALGO_RSA;
break;
case OID_sha384WithRSAEncryption:
- ctx->cert->sig_hash_algo = PKEY_HASH_SHA384;
+ ctx->cert->sig_hash_algo = HASH_ALGO_SHA384;
ctx->cert->sig_pkey_algo = PKEY_ALGO_RSA;
break;
case OID_sha512WithRSAEncryption:
- ctx->cert->sig_hash_algo = PKEY_HASH_SHA512;
+ ctx->cert->sig_hash_algo = HASH_ALGO_SHA512;
ctx->cert->sig_pkey_algo = PKEY_ALGO_RSA;
break;
case OID_sha224WithRSAEncryption:
- ctx->cert->sig_hash_algo = PKEY_HASH_SHA224;
+ ctx->cert->sig_hash_algo = HASH_ALGO_SHA224;
ctx->cert->sig_pkey_algo = PKEY_ALGO_RSA;
break;
}
diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h
index f86dc5f..2a8bb66 100644
--- a/crypto/asymmetric_keys/x509_parser.h
+++ b/crypto/asymmetric_keys/x509_parser.h
@@ -22,7 +22,7 @@ struct x509_certificate {
struct tm valid_to;
enum pkey_algo pkey_algo : 8; /* Public key algorithm */
enum pkey_algo sig_pkey_algo : 8; /* Signature public key algorithm */
- enum pkey_hash_algo sig_hash_algo : 8; /* Signature hash algorithm */
+ enum hash_algo sig_hash_algo : 8; /* Signature hash algorithm */
const void *tbs; /* Signed data */
size_t tbs_size; /* Size of signed data */
const void *sig; /* Signature data */
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index 06007f0..312b408 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -49,7 +49,7 @@ static int x509_check_signature(const struct public_key *pub,
/* Allocate the hashing algorithm we're going to need and find out how
* big the hash operational data will be.
*/
- tfm = crypto_alloc_shash(pkey_hash_algo[cert->sig_hash_algo], 0, 0);
+ tfm = crypto_alloc_shash(hash_algo_name[cert->sig_hash_algo], 0, 0);
if (IS_ERR(tfm))
return (PTR_ERR(tfm) == -ENOENT) ? -ENOPKG : PTR_ERR(tfm);
@@ -128,7 +128,7 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
cert->valid_to.tm_min, cert->valid_to.tm_sec);
pr_devel("Cert Signature: %s + %s\n",
pkey_algo[cert->sig_pkey_algo],
- pkey_hash_algo[cert->sig_hash_algo]);
+ hash_algo_name[cert->sig_hash_algo]);
if (!cert->fingerprint || !cert->authority) {
pr_warn("Cert for '%s' must have SubjKeyId and AuthKeyId extensions\n",
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
index f5b0224..b4e5f27 100644
--- a/include/crypto/public_key.h
+++ b/include/crypto/public_key.h
@@ -15,6 +15,7 @@
#define _LINUX_PUBLIC_KEY_H
#include <linux/mpi.h>
+#include <crypto/hash_info.h>
enum pkey_algo {
PKEY_ALGO_DSA,
@@ -24,19 +25,8 @@ enum pkey_algo {
extern const char *const pkey_algo[PKEY_ALGO__LAST];
-enum pkey_hash_algo {
- PKEY_HASH_MD4,
- PKEY_HASH_MD5,
- PKEY_HASH_SHA1,
- PKEY_HASH_RIPE_MD_160,
- PKEY_HASH_SHA256,
- PKEY_HASH_SHA384,
- PKEY_HASH_SHA512,
- PKEY_HASH_SHA224,
- PKEY_HASH__LAST
-};
-
-extern const char *const pkey_hash_algo[PKEY_HASH__LAST];
+/* asymmetric key implementation supports only up to SHA224 */
+#define PKEY_HASH__LAST (HASH_ALGO_SHA224 + 1)
enum pkey_id_type {
PKEY_ID_PGP, /* OpenPGP generated key ID */
@@ -88,7 +78,7 @@ struct public_key_signature {
u8 *digest;
u8 digest_size; /* Number of bytes in digest */
u8 nr_mpi; /* Occupancy of mpi[] */
- enum pkey_hash_algo pkey_hash_algo : 8;
+ enum hash_algo pkey_hash_algo : 8;
union {
MPI mpi[2];
struct {
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
index f2970bd..ce1dfe8 100644
--- a/kernel/module_signing.c
+++ b/kernel/module_signing.c
@@ -28,7 +28,7 @@
*/
struct module_signature {
u8 algo; /* Public-key crypto algorithm [enum pkey_algo] */
- u8 hash; /* Digest algorithm [enum pkey_hash_algo] */
+ u8 hash; /* Digest algorithm [enum hash_algo] */
u8 id_type; /* Key identifier type [enum pkey_id_type] */
u8 signer_len; /* Length of signer's name */
u8 key_id_len; /* Length of key identifier */
@@ -39,7 +39,7 @@ struct module_signature {
/*
* Digest the module contents.
*/
-static struct public_key_signature *mod_make_digest(enum pkey_hash_algo hash,
+static struct public_key_signature *mod_make_digest(enum hash_algo hash,
const void *mod,
unsigned long modlen)
{
@@ -54,7 +54,7 @@ static struct public_key_signature *mod_make_digest(enum pkey_hash_algo hash,
/* Allocate the hashing algorithm we're going to need and find out how
* big the hash operational data will be.
*/
- tfm = crypto_alloc_shash(pkey_hash_algo[hash], 0, 0);
+ tfm = crypto_alloc_shash(hash_algo_name[hash], 0, 0);
if (IS_ERR(tfm))
return (PTR_ERR(tfm) == -ENOENT) ? ERR_PTR(-ENOPKG) : ERR_CAST(tfm);
@@ -217,7 +217,7 @@ int mod_verify_sig(const void *mod, unsigned long *_modlen)
return -ENOPKG;
if (ms.hash >= PKEY_HASH__LAST ||
- !pkey_hash_algo[ms.hash])
+ !hash_algo_name[ms.hash])
return -ENOPKG;
key = request_asymmetric_key(sig, ms.signer_len,
--
1.8.1.4
next prev parent reply other threads:[~2013-07-17 23:51 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-17 23:51 [RFC][PATCH 00/20] ima: larger digests and template support Mimi Zohar
2013-07-17 23:51 ` [RFC][PATCH 01/20] crypto: provide single place for hash algo information Mimi Zohar
2013-07-17 23:51 ` Mimi Zohar [this message]
2013-07-17 23:51 ` [RFC][PATCH 03/20] ima: provide support for arbitrary hash algorithms Mimi Zohar
2013-07-17 23:51 ` [RFC][PATCH 04/20] ima: read and use signature hash algorithm Mimi Zohar
2013-07-17 23:51 ` [RFC][PATCH 05/20] ima: use dynamically allocated hash storage Mimi Zohar
2013-07-17 23:51 ` [RFC][PATCH 06/20] ima: differentiate between template hash and file data hash sizes Mimi Zohar
2013-07-17 23:51 ` [RFC][PATCH 07/20] ima: provide dedicated hash algo allocation function Mimi Zohar
2013-07-17 23:51 ` [RFC][PATCH 08/20] ima: support arbitrary hash algorithms in ima_calc_buffer_hash Mimi Zohar
2013-07-17 23:51 ` [RFC][PATCH 09/20] ima: ima_calc_boot_agregate must use SHA1 Mimi Zohar
2013-07-17 23:51 ` [RFC][PATCH 10/20] ima: pass the file descriptor to ima_add_violation() Mimi Zohar
2013-07-17 23:51 ` [RFC][PATCH 11/20] ima: pass the filename argument up to ima_add_template_entry() Mimi Zohar
2013-07-17 23:51 ` [RFC][PATCH 12/20] ima: define new function ima_alloc_init_template() to API Mimi Zohar
2013-07-17 23:51 ` [RFC][PATCH 13/20] ima: new templates management mechanism Mimi Zohar
2013-07-17 23:51 ` [RFC][PATCH 14/20] ima: define template fields library and new helpers Mimi Zohar
2013-07-17 23:51 ` [RFC][PATCH 15/20] ima: define new template ima-ng and template fields d-ng and n-ng Mimi Zohar
2013-07-17 23:51 ` [RFC][PATCH 16/20] ima: switch to new template management mechanism Mimi Zohar
2013-07-17 23:51 ` [RFC][PATCH 17/20] ima: defer determining the appraisal hash algorithm for 'ima' template Mimi Zohar
2013-07-17 23:51 ` [RFC][PATCH 18/20] ima: add Kconfig default measurement list template Mimi Zohar
2013-07-17 23:51 ` [RFC][PATCH 19/20] ima: define kernel parameter 'ima_template=' to change configured default Mimi Zohar
2013-07-17 23:51 ` [RFC][PATCH 20/20] ima: enable support for larger default filedata hash algorithms Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1374105100-25880-3-git-send-email-zohar@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=d.kasatkin@samsung.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox