| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Feb 2016 17:18:51 +0000
From: David Howells <dhowells@...hat.com>
To: keyrings@...r.kernel.org
Cc: dhowells@...hat.com, linux-security-module@...r.kernel.org,
zohar@...ux.vnet.ibm.com, linux-kernel@...r.kernel.org,
tadeusz.struk@...el.com
Subject: [PATCH 6/8] X.509: Make the public_key asymmetric key type internal
data private
Make the public_key asymmetric key type internal data (struct public_key)
private by moving it to the asymmetric keys directory.
Whilst struct public_key_signature needs to be available, since that's part
of the asymmetric key API to verify a signature, anyone using asymmetric
keys should not be poking around inside the subtype internals, but should
rather use API functions, such as verify_signature(), in case the internals
turn out not to be of the subtype expected.
An exception is made for the X.509 and PKCS#7 parsers as they don't create
keys but rather use the public key routines directly.
Signed-off-by: David Howells <dhowells@...hat.com>
---
crypto/asymmetric_keys/pkcs7_verify.c | 2 +-
crypto/asymmetric_keys/public_key.c | 2 +-
crypto/asymmetric_keys/software_pkey.h | 33 +++++++++++++++++++++++++++++
crypto/asymmetric_keys/x509_cert_parser.c | 2 +-
crypto/asymmetric_keys/x509_public_key.c | 1 +
include/crypto/public_key.h | 19 -----------------
6 files changed, 37 insertions(+), 22 deletions(-)
create mode 100644 crypto/asymmetric_keys/software_pkey.h
diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
index 50be2a15e531..6aad267f19bb 100644
--- a/crypto/asymmetric_keys/pkcs7_verify.c
+++ b/crypto/asymmetric_keys/pkcs7_verify.c
@@ -16,7 +16,7 @@
#include <linux/err.h>
#include <linux/asn1.h>
#include <crypto/hash.h>
-#include <crypto/public_key.h>
+#include "software_pkey.h"
#include "pkcs7_parser.h"
/*
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index 16895996c2e2..3024081026c1 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -19,7 +19,7 @@
#include <linux/seq_file.h>
#include <linux/scatterlist.h>
#include <keys/asymmetric-subtype.h>
-#include <crypto/public_key.h>
+#include "software_pkey.h"
#include <crypto/akcipher.h>
MODULE_LICENSE("GPL");
diff --git a/crypto/asymmetric_keys/software_pkey.h b/crypto/asymmetric_keys/software_pkey.h
new file mode 100644
index 000000000000..06d6500e5825
--- /dev/null
+++ b/crypto/asymmetric_keys/software_pkey.h
@@ -0,0 +1,33 @@
+/* Internal definitions for the software public key subtype
+ *
+ * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@...hat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+
+#include <crypto/public_key.h>
+
+extern struct asymmetric_key_subtype public_key_subtype;
+
+/*
+ * Cryptographic data for the software public-key subtype of the asymmetric key
+ * type.
+ *
+ * Note that this may include private part of the key as well as the public
+ * part.
+ */
+struct public_key {
+ void *key;
+ u32 keylen;
+ const char *id_type;
+ const char *pkey_algo;
+};
+
+extern void public_key_destroy(void *payload);
+
+extern int public_key_verify_signature(const struct public_key *pkey,
+ const struct public_key_signature *sig);
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index dffd30f107cd..a008a945aa82 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -15,7 +15,7 @@
#include <linux/slab.h>
#include <linux/err.h>
#include <linux/oid_registry.h>
-#include <crypto/public_key.h>
+#include "software_pkey.h"
#include "x509_parser.h"
#include "x509-asn1.h"
#include "x509_akid-asn1.h"
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index 733c046aacc6..0896f784cfda 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -18,6 +18,7 @@
#include <keys/system_keyring.h>
#include <crypto/hash.h>
#include "asymmetric_keys.h"
+#include "software_pkey.h"
#include "x509_parser.h"
static bool use_builtin_keys;
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
index aa730ea7faf8..d55f9f9bfd65 100644
--- a/include/crypto/public_key.h
+++ b/include/crypto/public_key.h
@@ -29,21 +29,6 @@ enum key_being_used_for {
extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR];
/*
- * Cryptographic data for the public-key subtype of the asymmetric key type.
- *
- * Note that this may include private part of the key as well as the public
- * part.
- */
-struct public_key {
- void *key;
- u32 keylen;
- const char *id_type;
- const char *pkey_algo;
-};
-
-extern void public_key_destroy(void *payload);
-
-/*
* Public key cryptography signature data
*/
struct public_key_signature {
@@ -55,7 +40,6 @@ struct public_key_signature {
const char *hash_algo;
};
-extern struct asymmetric_key_subtype public_key_subtype;
struct key;
extern int verify_signature(const struct key *key,
const struct public_key_signature *sig);
@@ -66,7 +50,4 @@ extern struct key *x509_request_asymmetric_key(struct key *keyring,
const struct asymmetric_key_id *skid,
bool partial);
-int public_key_verify_signature(const struct public_key *pkey,
- const struct public_key_signature *sig);
-
#endif /* _LINUX_PUBLIC_KEY_H */
Powered by blists - more mailing lists