diff options
| author | David Howells <dhowells@redhat.com> | 2016-04-12 21:10:19 +0200 |
|---|---|---|
| committer | David Howells <dhowells@redhat.com> | 2016-04-12 21:10:19 +0200 |
| commit | b6e17c1be75c796b37d01d058ae17387f043e495 (patch) | |
| tree | b28635b7a29c43c9773cecf6f9eca46db5a71ed5 /include | |
| parent | Merge branch 'keys-misc' into keys-next (diff) | |
| parent | X.509: Fix self-signed determination (diff) | |
| download | linux-b6e17c1be75c796b37d01d058ae17387f043e495.tar.xz linux-b6e17c1be75c796b37d01d058ae17387f043e495.zip | |
Merge branch 'keys-sig' into keys-next
These commits do the following:
(1) Retain a signature in an asymmetric-type key and associate with it the
identifiers that will match a key that can be used to verify it.
(2) Differentiate an X.509 cert that cannot be used versus one that cannot
be verified due to unavailable crypto. This is noted in the
structures involved.
(3) Determination of the self-signedness of an X.509 cert is improved to
include checks on the subject/issuer names and the key
algorithm/signature algorithm types.
(4) Self-signed X.509 certificates are consistency checked early on if the
appropriate crypto is available.
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/crypto/public_key.h | 6 | ||||
| -rw-r--r-- | include/keys/asymmetric-subtype.h | 2 | ||||
| -rw-r--r-- | include/keys/asymmetric-type.h | 7 |
3 files changed, 10 insertions, 5 deletions
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h index aa730ea7faf8..2f5de5c1a3a0 100644 --- a/include/crypto/public_key.h +++ b/include/crypto/public_key.h @@ -41,12 +41,13 @@ struct public_key { const char *pkey_algo; }; -extern void public_key_destroy(void *payload); +extern void public_key_free(struct public_key *key); /* * Public key cryptography signature data */ struct public_key_signature { + struct asymmetric_key_id *auth_ids[2]; u8 *s; /* Signature */ u32 s_size; /* Number of bytes in signature */ u8 *digest; @@ -55,7 +56,10 @@ struct public_key_signature { const char *hash_algo; }; +extern void public_key_signature_free(struct public_key_signature *sig); + extern struct asymmetric_key_subtype public_key_subtype; + struct key; extern int verify_signature(const struct key *key, const struct public_key_signature *sig); diff --git a/include/keys/asymmetric-subtype.h b/include/keys/asymmetric-subtype.h index 4915d40d3c3c..2480469ce8fb 100644 --- a/include/keys/asymmetric-subtype.h +++ b/include/keys/asymmetric-subtype.h @@ -32,7 +32,7 @@ struct asymmetric_key_subtype { void (*describe)(const struct key *key, struct seq_file *m); /* Destroy a key of this subtype */ - void (*destroy)(void *payload); + void (*destroy)(void *payload_crypto, void *payload_auth); /* Verify the signature on a key of this subtype (optional) */ int (*verify_signature)(const struct key *key, diff --git a/include/keys/asymmetric-type.h b/include/keys/asymmetric-type.h index 59c1df9cf922..70a8775bb444 100644 --- a/include/keys/asymmetric-type.h +++ b/include/keys/asymmetric-type.h @@ -23,9 +23,10 @@ extern struct key_type key_type_asymmetric; * follows: */ enum asymmetric_payload_bits { - asym_crypto, - asym_subtype, - asym_key_ids, + asym_crypto, /* The data representing the key */ + asym_subtype, /* Pointer to an asymmetric_key_subtype struct */ + asym_key_ids, /* Pointer to an asymmetric_key_ids struct */ + asym_auth /* The key's authorisation (signature, parent key ID) */ }; /* |