From: David Howells <dhowells@redhat.com>
To: herbert@gondor.hengli.com.au, rusty@rustcorp.com.au
Cc: linux-crypto@vger.kernel.org, zohar@us.ibm.com,
dmitry.kasatkin@intel.com, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH 07/16] KEYS: Provide signature verification with an asymmetric key
Date: Fri, 14 Sep 2012 00:49:06 +0100 [thread overview]
Message-ID: <20120913234906.3575.85399.stgit@warthog.procyon.org.uk> (raw)
In-Reply-To: <20120913234802.3575.77103.stgit@warthog.procyon.org.uk>
Provide signature verification using an asymmetric-type key to indicate the
public key to be used.
The API is a single function that can be found in crypto/public_key.h:
int verify_signature(const struct key *key,
const struct public_key_signature *sig)
The first argument is the appropriate key to be used and the second argument
is the parsed signature data:
struct public_key_signature {
u8 *digest;
u16 digest_size;
enum pkey_hash_algo pkey_hash_algo : 8;
union {
MPI mpi[2];
struct {
MPI s; /* m^d mod n */
} rsa;
struct {
MPI r;
MPI s;
} dsa;
};
};
This should be filled in prior to calling the function. The hash algorithm
should already have been called and the hash finalised and the output should
be in a buffer pointed to by the 'digest' member.
Any extra data to be added to the hash by the hash format (eg. PGP) should
have been added by the caller prior to finalising the hash.
It is assumed that the signature is made up of a number of MPI values. If an
algorithm becomes available for which this is not the case, the above structure
will have to change.
It is also assumed that it will have been checked that the signature algorithm
matches the key algorithm.
Signed-off-by: David Howells <dhowells@redhat.com>
---
crypto/asymmetric_keys/Makefile | 2 +
crypto/asymmetric_keys/signature.c | 49 ++++++++++++++++++++++++++++++++++++
include/crypto/public_key.h | 4 +++
3 files changed, 54 insertions(+), 1 deletion(-)
create mode 100644 crypto/asymmetric_keys/signature.c
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
index 5ed46ee..8dcdf0c 100644
--- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile
@@ -4,6 +4,6 @@
obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o
-asymmetric_keys-y := asymmetric_type.o
+asymmetric_keys-y := asymmetric_type.o signature.o
obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
diff --git a/crypto/asymmetric_keys/signature.c b/crypto/asymmetric_keys/signature.c
new file mode 100644
index 0000000..50b3f88
--- /dev/null
+++ b/crypto/asymmetric_keys/signature.c
@@ -0,0 +1,49 @@
+/* Signature verification with an asymmetric key
+ *
+ * See Documentation/security/asymmetric-keys.txt
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+
+#include <keys/asymmetric-subtype.h>
+#include <linux/module.h>
+#include <linux/err.h>
+#include <crypto/public_key.h>
+#include "asymmetric_keys.h"
+
+/**
+ * verify_signature - Initiate the use of an asymmetric key to verify a signature
+ * @key: The asymmetric key to verify against
+ * @sig: The signature to check
+ *
+ * Returns 0 if successful or else an error.
+ */
+int verify_signature(const struct key *key,
+ const struct public_key_signature *sig)
+{
+ const struct asymmetric_key_subtype *subtype;
+ int ret;
+
+ pr_devel("==>%s()\n", __func__);
+
+ if (key->type != &key_type_asymmetric)
+ return -EINVAL;
+ subtype = asymmetric_key_subtype(key);
+ if (!subtype ||
+ !key->payload.data)
+ return -EINVAL;
+ if (!subtype->verify_signature)
+ return -ENOTSUPP;
+
+ ret = subtype->verify_signature(key, sig);
+
+ pr_devel("<==%s() = %d\n", __func__, ret);
+ return ret;
+}
+EXPORT_SYMBOL_GPL(verify_signature);
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
index 65d9879..eb25eb2 100644
--- a/include/crypto/public_key.h
+++ b/include/crypto/public_key.h
@@ -106,4 +106,8 @@ struct public_key_signature {
};
};
+struct key;
+extern int verify_signature(const struct key *key,
+ const struct public_key_signature *sig);
+
#endif /* _LINUX_PUBLIC_KEY_H */
next prev parent reply other threads:[~2012-09-13 23:52 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-13 23:48 [RFC][PATCH 00/16] Asymmetric / Public-key cryptography key type David Howells
2012-09-13 23:48 ` [PATCH 01/16] KEYS: Add payload preparsing opportunity prior to key instantiate or update David Howells
2012-09-13 23:48 ` [PATCH 02/16] MPILIB: Provide count_leading/trailing_zeros() based on arch functions David Howells
2012-09-13 23:48 ` [PATCH 03/16] KEYS: Document asymmetric key type David Howells
2012-09-13 23:48 ` [PATCH 04/16] KEYS: Implement " David Howells
2012-09-13 23:48 ` [PATCH 05/16] KEYS: Asymmetric key pluggable data parsers David Howells
2012-09-13 23:48 ` [PATCH 06/16] KEYS: Asymmetric public-key algorithm crypto key subtype David Howells
2012-09-13 23:49 ` David Howells [this message]
2012-09-13 23:49 ` [PATCH 08/16] MPILIB: Reinstate mpi_cmp[_ui]() and export for RSA signature verification David Howells
2012-09-13 23:49 ` [PATCH 09/16] RSA: Implement signature verification algorithm [PKCS#1 / RFC3447] David Howells
2012-09-13 23:49 ` [PATCH 10/16] RSA: Fix signature verification for shorter signatures David Howells
2012-09-13 23:49 ` [PATCH 11/16] X.509: Implement simple static OID registry David Howells
2012-09-13 23:49 ` [PATCH 12/16] X.509: Add utility functions to render OIDs as strings David Howells
2012-09-13 23:49 ` [PATCH 13/16] X.509: Add simple ASN.1 grammar compiler David Howells
2012-09-13 23:50 ` [PATCH 14/16] X.509: Add an ASN.1 decoder David Howells
2012-09-14 9:39 ` Alan Cox
2012-09-18 17:34 ` David Howells
2012-09-18 18:51 ` Alan Cox
2012-09-18 22:19 ` Peter Jones
2012-09-19 4:17 ` James Morris
2012-09-20 9:45 ` David Howells
2012-09-18 22:03 ` David Howells
2012-09-18 22:26 ` David Howells
2012-09-19 13:05 ` David Howells
2012-09-13 23:50 ` [PATCH 15/16] MPILIB: Provide a function to read raw data into an MPI David Howells
2012-09-13 23:50 ` [PATCH 16/16] X.509: Add a crypto key parser for binary (DER) X.509 certificates David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120913234906.3575.85399.stgit@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=dmitry.kasatkin@intel.com \
--cc=herbert@gondor.hengli.com.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=rusty@rustcorp.com.au \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).