lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 19 Feb 2016 17:18:59 +0000
From:	David Howells <dhowells@...hat.com>
To:	keyrings@...r.kernel.org
Cc:	dhowells@...hat.com, linux-security-module@...r.kernel.org,
	zohar@...ux.vnet.ibm.com, linux-kernel@...r.kernel.org,
	tadeusz.struk@...el.com
Subject: [PATCH 7/8] X.509: Rename public_key.c to software_pkey.c

Rename public_key.c to software_pkey.c as it's not the only possible
subtype for doing public_key operations - there can conceivably be
hardware-offload subtypes that do public key operations (such as in the
TPM) too.

Signed-off-by: David Howells <dhowells@...hat.com>
---

 arch/s390/configs/default_defconfig     |    2 
 arch/s390/configs/gcov_defconfig        |    2 
 arch/s390/configs/performance_defconfig |    2 
 crypto/asymmetric_keys/Kconfig          |   10 +-
 crypto/asymmetric_keys/Makefile         |    2 
 crypto/asymmetric_keys/public_key.c     |  142 -------------------------------
 crypto/asymmetric_keys/software_pkey.c  |  142 +++++++++++++++++++++++++++++++
 init/Kconfig                            |    2 
 security/integrity/Kconfig              |    2 
 9 files changed, 153 insertions(+), 153 deletions(-)
 delete mode 100644 crypto/asymmetric_keys/public_key.c
 create mode 100644 crypto/asymmetric_keys/software_pkey.c

diff --git a/arch/s390/configs/default_defconfig b/arch/s390/configs/default_defconfig
index 0ac42cc4f880..b1b7b22688d5 100644
--- a/arch/s390/configs/default_defconfig
+++ b/arch/s390/configs/default_defconfig
@@ -665,7 +665,7 @@ CONFIG_CRYPTO_DES_S390=m
 CONFIG_CRYPTO_AES_S390=m
 CONFIG_CRYPTO_GHASH_S390=m
 CONFIG_ASYMMETRIC_KEY_TYPE=m
-CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=m
+CONFIG_SOFTWARE_PUBLIC_KEY_SUBTYPE=m
 CONFIG_X509_CERTIFICATE_PARSER=m
 CONFIG_CRC7=m
 CONFIG_CRC8=m
diff --git a/arch/s390/configs/gcov_defconfig b/arch/s390/configs/gcov_defconfig
index a31dcd56f7c0..ce8e7e492af5 100644
--- a/arch/s390/configs/gcov_defconfig
+++ b/arch/s390/configs/gcov_defconfig
@@ -611,7 +611,7 @@ CONFIG_CRYPTO_DES_S390=m
 CONFIG_CRYPTO_AES_S390=m
 CONFIG_CRYPTO_GHASH_S390=m
 CONFIG_ASYMMETRIC_KEY_TYPE=m
-CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=m
+CONFIG_SOFTWARE_PUBLIC_KEY_SUBTYPE=m
 CONFIG_X509_CERTIFICATE_PARSER=m
 CONFIG_CRC7=m
 CONFIG_CRC8=m
diff --git a/arch/s390/configs/performance_defconfig b/arch/s390/configs/performance_defconfig
index 7b73bf353345..a176e84e6c61 100644
--- a/arch/s390/configs/performance_defconfig
+++ b/arch/s390/configs/performance_defconfig
@@ -608,7 +608,7 @@ CONFIG_CRYPTO_DES_S390=m
 CONFIG_CRYPTO_AES_S390=m
 CONFIG_CRYPTO_GHASH_S390=m
 CONFIG_ASYMMETRIC_KEY_TYPE=m
-CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=m
+CONFIG_SOFTWARE_PUBLIC_KEY_SUBTYPE=m
 CONFIG_X509_CERTIFICATE_PARSER=m
 CONFIG_CRC7=m
 CONFIG_CRC8=m
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index 91a7e047a765..e42c42b10d7a 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
@@ -9,19 +9,19 @@ menuconfig ASYMMETRIC_KEY_TYPE
 
 if ASYMMETRIC_KEY_TYPE
 
-config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+config SOFTWARE_PUBLIC_KEY_SUBTYPE
 	tristate "Asymmetric public-key crypto algorithm subtype"
 	select MPILIB
 	select CRYPTO_HASH_INFO
 	help
-	  This option provides support for asymmetric public key type handling.
-	  If signature generation and/or verification are to be used,
-	  appropriate hash algorithms (such as SHA-1) must be available.
+	  This option provides support for software-based asymmetric public key
+	  type handling.  If signature generation and/or verification are to be
+	  used, appropriate hash algorithms (such as SHA-1) must be available.
 	  ENOPKG will be reported if the requisite algorithm is unavailable.
 
 config X509_CERTIFICATE_PARSER
 	tristate "X.509 certificate parser"
-	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+	depends on SOFTWARE_PUBLIC_KEY_SUBTYPE
 	select ASN1
 	select OID_REGISTRY
 	help
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
index f90486256f01..bb86e5d157b2 100644
--- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile
@@ -6,7 +6,7 @@ obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o
 
 asymmetric_keys-y := asymmetric_type.o signature.o
 
-obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
+obj-$(CONFIG_SOFTWARE_PUBLIC_KEY_SUBTYPE) += software_pkey.o
 
 #
 # X.509 Certificate handling
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
deleted file mode 100644
index 3024081026c1..000000000000
--- a/crypto/asymmetric_keys/public_key.c
+++ /dev/null
@@ -1,142 +0,0 @@
-/* In-software asymmetric public-key crypto subtype
- *
- * See Documentation/crypto/asymmetric-keys.txt
- *
- * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
- * Written by David Howells (dhowells@...hat.com)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
- * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
- */
-
-#define pr_fmt(fmt) "PKEY: "fmt
-#include <linux/module.h>
-#include <linux/export.h>
-#include <linux/kernel.h>
-#include <linux/slab.h>
-#include <linux/seq_file.h>
-#include <linux/scatterlist.h>
-#include <keys/asymmetric-subtype.h>
-#include "software_pkey.h"
-#include <crypto/akcipher.h>
-
-MODULE_LICENSE("GPL");
-
-/*
- * Provide a part of a description of the key for /proc/keys.
- */
-static void public_key_describe(const struct key *asymmetric_key,
-				struct seq_file *m)
-{
-	struct public_key *key = asymmetric_key->payload.data[asym_crypto];
-
-	if (key)
-		seq_printf(m, "%s.%s", key->id_type, key->pkey_algo);
-}
-
-/*
- * Destroy a public key algorithm key.
- */
-void public_key_destroy(void *payload)
-{
-	struct public_key *key = payload;
-
-	if (key)
-		kfree(key->key);
-	kfree(key);
-}
-EXPORT_SYMBOL_GPL(public_key_destroy);
-
-struct public_key_completion {
-	struct completion completion;
-	int err;
-};
-
-static void public_key_verify_done(struct crypto_async_request *req, int err)
-{
-	struct public_key_completion *compl = req->data;
-
-	if (err == -EINPROGRESS)
-		return;
-
-	compl->err = err;
-	complete(&compl->completion);
-}
-
-/*
- * Verify a signature using a public key.
- */
-int public_key_verify_signature(const struct public_key *pkey,
-				const struct public_key_signature *sig)
-{
-	struct public_key_completion compl;
-	struct crypto_akcipher *tfm;
-	struct akcipher_request *req;
-	struct scatterlist sig_sg, digest_sg;
-	int ret = -ENOMEM;
-
-	pr_devel("==>%s()\n", __func__);
-
-	BUG_ON(!pkey);
-	BUG_ON(!sig);
-	BUG_ON(!sig->digest);
-	BUG_ON(!sig->s);
-
-	tfm = crypto_alloc_akcipher(sig->pkey_algo, 0, 0);
-	if (IS_ERR(tfm))
-		return PTR_ERR(tfm);
-
-	req = akcipher_request_alloc(tfm, GFP_KERNEL);
-	if (!req)
-		goto error_free_tfm;
-
-	ret = crypto_akcipher_set_pub_key(tfm, pkey->key, pkey->keylen);
-	if (ret)
-		goto error_free_req;
-
-	sg_init_one(&sig_sg, sig->s, sig->s_size);
-	sg_init_one(&digest_sg, sig->digest, sig->digest_size);
-	akcipher_request_set_crypt(req, &sig_sg, &digest_sg,
-				   sig->s_size, sig->digest_size,
-				   sig->hash_algo);
-	init_completion(&compl.completion);
-	akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
-				      CRYPTO_TFM_REQ_MAY_SLEEP,
-				      public_key_verify_done, &compl);
-
-	ret = crypto_akcipher_verify(req);
-	if (ret == -EINPROGRESS) {
-		wait_for_completion(&compl.completion);
-		ret = compl.err;
-	}
-
-error_free_req:
-	akcipher_request_free(req);
-error_free_tfm:
-	crypto_free_akcipher(tfm);
-	pr_devel("<==%s() = %d\n", __func__, ret);
-	return ret;
-}
-EXPORT_SYMBOL_GPL(public_key_verify_signature);
-
-static int public_key_verify_signature_2(const struct key *key,
-					 const struct public_key_signature *sig)
-{
-	const struct public_key *pk = key->payload.data[asym_crypto];
-	return public_key_verify_signature(pk, sig);
-}
-
-/*
- * Public key algorithm asymmetric key subtype
- */
-struct asymmetric_key_subtype public_key_subtype = {
-	.owner			= THIS_MODULE,
-	.name			= "public_key",
-	.name_len		= sizeof("public_key") - 1,
-	.describe		= public_key_describe,
-	.destroy		= public_key_destroy,
-	.verify_signature	= public_key_verify_signature_2,
-};
-EXPORT_SYMBOL_GPL(public_key_subtype);
diff --git a/crypto/asymmetric_keys/software_pkey.c b/crypto/asymmetric_keys/software_pkey.c
new file mode 100644
index 000000000000..3024081026c1
--- /dev/null
+++ b/crypto/asymmetric_keys/software_pkey.c
@@ -0,0 +1,142 @@
+/* In-software asymmetric public-key crypto subtype
+ *
+ * See Documentation/crypto/asymmetric-keys.txt
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@...hat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+
+#define pr_fmt(fmt) "PKEY: "fmt
+#include <linux/module.h>
+#include <linux/export.h>
+#include <linux/kernel.h>
+#include <linux/slab.h>
+#include <linux/seq_file.h>
+#include <linux/scatterlist.h>
+#include <keys/asymmetric-subtype.h>
+#include "software_pkey.h"
+#include <crypto/akcipher.h>
+
+MODULE_LICENSE("GPL");
+
+/*
+ * Provide a part of a description of the key for /proc/keys.
+ */
+static void public_key_describe(const struct key *asymmetric_key,
+				struct seq_file *m)
+{
+	struct public_key *key = asymmetric_key->payload.data[asym_crypto];
+
+	if (key)
+		seq_printf(m, "%s.%s", key->id_type, key->pkey_algo);
+}
+
+/*
+ * Destroy a public key algorithm key.
+ */
+void public_key_destroy(void *payload)
+{
+	struct public_key *key = payload;
+
+	if (key)
+		kfree(key->key);
+	kfree(key);
+}
+EXPORT_SYMBOL_GPL(public_key_destroy);
+
+struct public_key_completion {
+	struct completion completion;
+	int err;
+};
+
+static void public_key_verify_done(struct crypto_async_request *req, int err)
+{
+	struct public_key_completion *compl = req->data;
+
+	if (err == -EINPROGRESS)
+		return;
+
+	compl->err = err;
+	complete(&compl->completion);
+}
+
+/*
+ * Verify a signature using a public key.
+ */
+int public_key_verify_signature(const struct public_key *pkey,
+				const struct public_key_signature *sig)
+{
+	struct public_key_completion compl;
+	struct crypto_akcipher *tfm;
+	struct akcipher_request *req;
+	struct scatterlist sig_sg, digest_sg;
+	int ret = -ENOMEM;
+
+	pr_devel("==>%s()\n", __func__);
+
+	BUG_ON(!pkey);
+	BUG_ON(!sig);
+	BUG_ON(!sig->digest);
+	BUG_ON(!sig->s);
+
+	tfm = crypto_alloc_akcipher(sig->pkey_algo, 0, 0);
+	if (IS_ERR(tfm))
+		return PTR_ERR(tfm);
+
+	req = akcipher_request_alloc(tfm, GFP_KERNEL);
+	if (!req)
+		goto error_free_tfm;
+
+	ret = crypto_akcipher_set_pub_key(tfm, pkey->key, pkey->keylen);
+	if (ret)
+		goto error_free_req;
+
+	sg_init_one(&sig_sg, sig->s, sig->s_size);
+	sg_init_one(&digest_sg, sig->digest, sig->digest_size);
+	akcipher_request_set_crypt(req, &sig_sg, &digest_sg,
+				   sig->s_size, sig->digest_size,
+				   sig->hash_algo);
+	init_completion(&compl.completion);
+	akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
+				      CRYPTO_TFM_REQ_MAY_SLEEP,
+				      public_key_verify_done, &compl);
+
+	ret = crypto_akcipher_verify(req);
+	if (ret == -EINPROGRESS) {
+		wait_for_completion(&compl.completion);
+		ret = compl.err;
+	}
+
+error_free_req:
+	akcipher_request_free(req);
+error_free_tfm:
+	crypto_free_akcipher(tfm);
+	pr_devel("<==%s() = %d\n", __func__, ret);
+	return ret;
+}
+EXPORT_SYMBOL_GPL(public_key_verify_signature);
+
+static int public_key_verify_signature_2(const struct key *key,
+					 const struct public_key_signature *sig)
+{
+	const struct public_key *pk = key->payload.data[asym_crypto];
+	return public_key_verify_signature(pk, sig);
+}
+
+/*
+ * Public key algorithm asymmetric key subtype
+ */
+struct asymmetric_key_subtype public_key_subtype = {
+	.owner			= THIS_MODULE,
+	.name			= "public_key",
+	.name_len		= sizeof("public_key") - 1,
+	.describe		= public_key_describe,
+	.destroy		= public_key_destroy,
+	.verify_signature	= public_key_verify_signature_2,
+};
+EXPORT_SYMBOL_GPL(public_key_subtype);
diff --git a/init/Kconfig b/init/Kconfig
index af4de4f1b02c..58194e40ff3c 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1759,7 +1759,7 @@ config SYSTEM_DATA_VERIFICATION
 	select CRYPTO
 	select CRYPTO_RSA
 	select ASYMMETRIC_KEY_TYPE
-	select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+	select SOFTWARE_PUBLIC_KEY_SUBTYPE
 	select ASN1
 	select OID_REGISTRY
 	select X509_CERTIFICATE_PARSER
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index 5533a011b58e..f2dd41bcf19c 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig
@@ -34,7 +34,7 @@ config INTEGRITY_ASYMMETRIC_KEYS
 	depends on INTEGRITY_SIGNATURE
 	default n
         select ASYMMETRIC_KEY_TYPE
-        select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+        select SOFTWARE_PUBLIC_KEY_SUBTYPE
         select PUBLIC_KEY_ALGO_RSA
         select CRYPTO_RSA
         select X509_CERTIFICATE_PARSER

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ