From: Roberto Sassu <roberto.sassu@huawei.com>
To: <dhowells@redhat.com>, <dwmw2@infradead.org>,
<herbert@gondor.apana.org.au>, <davem@davemloft.net>
Cc: <keyrings@vger.kernel.org>, <linux-crypto@vger.kernel.org>,
<linux-integrity@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<silviu.vlasceanu@huawei.com>
Subject: [RFC][PATCH 07/12] KEYS: Provide PGP key description autogeneration
Date: Mon, 12 Nov 2018 11:24:18 +0100 [thread overview]
Message-ID: <20181112102423.30415-8-roberto.sassu@huawei.com> (raw)
In-Reply-To: <20181112102423.30415-1-roberto.sassu@huawei.com>
From: David Howells <dhowells@redhat.com>
Provide a facility to autogenerate the name of PGP keys from the contents
of the payload. If add_key() is given a blank description, a description
is constructed from the last user ID packet in the payload data plus the
last 8 hex digits of the key ID. For instance:
keyctl padd asymmetric "" @s </tmp/key.pub
might create a key with a constructed description that can be seen in
/proc/keys:
2f674b96 I--Q--- 1 perm 39390000 0 0 crypto \
Sample kernel key 31f0ae93: PGP.RSA 31f0ae93 []
Changelog
v0:
- fix style issues (Roberto Sassu)
Signed-off-by: David Howells <dhowells@redhat.com>
Co-developed-by: Roberto Sassu <roberto.sassu@huawei.com>
---
crypto/asymmetric_keys/pgp_public_key.c | 46 ++++++++++++++++++++++++-
1 file changed, 45 insertions(+), 1 deletion(-)
diff --git a/crypto/asymmetric_keys/pgp_public_key.c b/crypto/asymmetric_keys/pgp_public_key.c
index a5ce146a1250..371a3e721f69 100644
--- a/crypto/asymmetric_keys/pgp_public_key.c
+++ b/crypto/asymmetric_keys/pgp_public_key.c
@@ -35,6 +35,9 @@ struct pgp_key_data_parse_context {
struct public_key *pub;
unsigned char *raw_fingerprint;
char *fingerprint;
+ const char *user_id;
+ size_t user_id_len;
+ size_t fingerprint_len;
};
/*
@@ -155,6 +158,7 @@ static int pgp_generate_fingerprint(struct pgp_key_data_parse_context *ctx,
if (ret < 0)
goto cleanup_raw_fingerprint;
+ ctx->fingerprint_len = digest_size * 2;
fingerprint = kmalloc(digest_size * 2 + 1, GFP_KERNEL);
if (!fingerprint)
goto cleanup_raw_fingerprint;
@@ -199,6 +203,13 @@ static int pgp_process_public_key(struct pgp_parse_context *context,
kenter(",%u,%u,,%zu", type, headerlen, datalen);
+ if (type == PGP_PKT_USER_ID) {
+ ctx->user_id = data;
+ ctx->user_id_len = datalen;
+ kleave(" = 0 [user ID]");
+ return 0;
+ }
+
if (ctx->fingerprint) {
kleave(" = -ENOKEY [already]");
return -EBADMSG;
@@ -291,13 +302,46 @@ static int pgp_key_parse(struct key_preparsed_payload *prep)
kenter("");
memset(&ctx, 0, sizeof(ctx));
- ctx.pgp.types_of_interest = (1 << PGP_PKT_PUBLIC_KEY);
+ ctx.pgp.types_of_interest = (1 << PGP_PKT_PUBLIC_KEY) |
+ (1 << PGP_PKT_USER_ID);
ctx.pgp.process_packet = pgp_process_public_key;
ret = pgp_parse_packets(prep->data, prep->datalen, &ctx.pgp);
if (ret < 0)
goto error;
+ if (ctx.user_id && ctx.user_id_len > 0) {
+ /* Propose a description for the key
+ * (user ID without the comment)
+ */
+ size_t ulen = ctx.user_id_len, flen = ctx.fingerprint_len;
+ const char *p;
+
+ p = memchr(ctx.user_id, '(', ulen);
+ if (p) {
+ /* Remove the comment */
+ do {
+ p--;
+ } while (*p == ' ' && p > ctx.user_id);
+ if (*p != ' ')
+ p++;
+ ulen = p - ctx.user_id;
+ }
+
+ if (ulen > 255 - 9)
+ ulen = 255 - 9;
+ prep->description = kmalloc(ulen + 1 + 8 + 1, GFP_KERNEL);
+ ret = -ENOMEM;
+ if (!prep->description)
+ goto error;
+ memcpy(prep->description, ctx.user_id, ulen);
+ prep->description[ulen] = ' ';
+ memcpy(prep->description + ulen + 1,
+ ctx.fingerprint + flen - 8, 8);
+ prep->description[ulen + 9] = 0;
+ pr_debug("desc '%s'\n", prep->description);
+ }
+
/* We're pinning the module by being linked against it */
__module_get(public_key_subtype.owner);
prep->payload.data[asym_subtype] = &public_key_subtype;
--
2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: Roberto Sassu <roberto.sassu@huawei.com>
To: dhowells@redhat.com, dwmw2@infradead.org,
herbert@gondor.apana.org.au, davem@davemloft.net
Cc: keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org,
silviu.vlasceanu@huawei.com
Subject: [RFC][PATCH 07/12] KEYS: Provide PGP key description autogeneration
Date: Mon, 12 Nov 2018 10:24:18 +0000 [thread overview]
Message-ID: <20181112102423.30415-8-roberto.sassu@huawei.com> (raw)
In-Reply-To: <20181112102423.30415-1-roberto.sassu@huawei.com>
From: David Howells <dhowells@redhat.com>
Provide a facility to autogenerate the name of PGP keys from the contents
of the payload. If add_key() is given a blank description, a description
is constructed from the last user ID packet in the payload data plus the
last 8 hex digits of the key ID. For instance:
keyctl padd asymmetric "" @s </tmp/key.pub
might create a key with a constructed description that can be seen in
/proc/keys:
2f674b96 I--Q--- 1 perm 39390000 0 0 crypto \
Sample kernel key 31f0ae93: PGP.RSA 31f0ae93 []
Changelog
v0:
- fix style issues (Roberto Sassu)
Signed-off-by: David Howells <dhowells@redhat.com>
Co-developed-by: Roberto Sassu <roberto.sassu@huawei.com>
---
crypto/asymmetric_keys/pgp_public_key.c | 46 ++++++++++++++++++++++++-
1 file changed, 45 insertions(+), 1 deletion(-)
diff --git a/crypto/asymmetric_keys/pgp_public_key.c b/crypto/asymmetric_keys/pgp_public_key.c
index a5ce146a1250..371a3e721f69 100644
--- a/crypto/asymmetric_keys/pgp_public_key.c
+++ b/crypto/asymmetric_keys/pgp_public_key.c
@@ -35,6 +35,9 @@ struct pgp_key_data_parse_context {
struct public_key *pub;
unsigned char *raw_fingerprint;
char *fingerprint;
+ const char *user_id;
+ size_t user_id_len;
+ size_t fingerprint_len;
};
/*
@@ -155,6 +158,7 @@ static int pgp_generate_fingerprint(struct pgp_key_data_parse_context *ctx,
if (ret < 0)
goto cleanup_raw_fingerprint;
+ ctx->fingerprint_len = digest_size * 2;
fingerprint = kmalloc(digest_size * 2 + 1, GFP_KERNEL);
if (!fingerprint)
goto cleanup_raw_fingerprint;
@@ -199,6 +203,13 @@ static int pgp_process_public_key(struct pgp_parse_context *context,
kenter(",%u,%u,,%zu", type, headerlen, datalen);
+ if (type = PGP_PKT_USER_ID) {
+ ctx->user_id = data;
+ ctx->user_id_len = datalen;
+ kleave(" = 0 [user ID]");
+ return 0;
+ }
+
if (ctx->fingerprint) {
kleave(" = -ENOKEY [already]");
return -EBADMSG;
@@ -291,13 +302,46 @@ static int pgp_key_parse(struct key_preparsed_payload *prep)
kenter("");
memset(&ctx, 0, sizeof(ctx));
- ctx.pgp.types_of_interest = (1 << PGP_PKT_PUBLIC_KEY);
+ ctx.pgp.types_of_interest = (1 << PGP_PKT_PUBLIC_KEY) |
+ (1 << PGP_PKT_USER_ID);
ctx.pgp.process_packet = pgp_process_public_key;
ret = pgp_parse_packets(prep->data, prep->datalen, &ctx.pgp);
if (ret < 0)
goto error;
+ if (ctx.user_id && ctx.user_id_len > 0) {
+ /* Propose a description for the key
+ * (user ID without the comment)
+ */
+ size_t ulen = ctx.user_id_len, flen = ctx.fingerprint_len;
+ const char *p;
+
+ p = memchr(ctx.user_id, '(', ulen);
+ if (p) {
+ /* Remove the comment */
+ do {
+ p--;
+ } while (*p = ' ' && p > ctx.user_id);
+ if (*p != ' ')
+ p++;
+ ulen = p - ctx.user_id;
+ }
+
+ if (ulen > 255 - 9)
+ ulen = 255 - 9;
+ prep->description = kmalloc(ulen + 1 + 8 + 1, GFP_KERNEL);
+ ret = -ENOMEM;
+ if (!prep->description)
+ goto error;
+ memcpy(prep->description, ctx.user_id, ulen);
+ prep->description[ulen] = ' ';
+ memcpy(prep->description + ulen + 1,
+ ctx.fingerprint + flen - 8, 8);
+ prep->description[ulen + 9] = 0;
+ pr_debug("desc '%s'\n", prep->description);
+ }
+
/* We're pinning the module by being linked against it */
__module_get(public_key_subtype.owner);
prep->payload.data[asym_subtype] = &public_key_subtype;
--
2.17.1
next prev parent reply other threads:[~2018-11-12 20:24 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-12 10:24 [RFC][PATCH 00/12] keys: add support for PGP keys and signatures Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu
2018-11-12 10:24 ` [RFC][PATCH 01/12] mpi: introduce mpi_key_length() Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu
2018-11-12 10:24 ` [RFC][PATCH 02/12] rsa: add parser of raw format Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu
2018-11-12 10:24 ` [RFC][PATCH 03/12] PGPLIB: PGP definitions (RFC 4880) Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu
2018-11-12 10:24 ` [RFC][PATCH 04/12] PGPLIB: Basic packet parser Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu
2018-11-12 10:24 ` [RFC][PATCH 05/12] PGPLIB: Signature parser Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu
2018-11-12 10:24 ` [RFC][PATCH 06/12] KEYS: PGP data parser Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu [this message]
2018-11-12 10:24 ` [RFC][PATCH 07/12] KEYS: Provide PGP key description autogeneration Roberto Sassu
2018-11-12 10:24 ` [RFC][PATCH 08/12] KEYS: PGP-based public key signature verification Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu
2018-11-12 10:24 ` [RFC][PATCH 09/12] verification: introduce verify_pgp_signature() Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu
2018-11-12 10:24 ` [RFC][PATCH 10/12] PGP: Provide a key type for testing PGP signatures Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu
2018-11-12 10:24 ` [RFC][PATCH 11/12] KEYS: Provide a function to load keys from a PGP keyring blob Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu
2018-11-12 10:24 ` [RFC][PATCH 12/12] KEYS: Introduce load_pgp_public_keyring() Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu
2018-11-12 12:31 ` [RFC][PATCH 04/12] PGPLIB: Basic packet parser David Howells
2018-11-12 12:35 ` [RFC][PATCH 05/12] PGPLIB: Signature parser David Howells
2018-11-12 12:43 ` [RFC][PATCH 08/12] KEYS: PGP-based public key signature verification David Howells
2018-11-12 14:22 ` Roberto Sassu
2018-11-12 14:22 ` Roberto Sassu
2018-12-10 16:58 ` David Howells
2018-12-10 18:04 ` Roberto Sassu
2018-12-10 18:04 ` Roberto Sassu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181112102423.30415-8-roberto.sassu@huawei.com \
--to=roberto.sassu@huawei.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=silviu.vlasceanu@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.