[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160219171859.17223.21725.stgit@warthog.procyon.org.uk>
Date: Fri, 19 Feb 2016 17:18:59 +0000
From: David Howells <dhowells@...hat.com>
To: keyrings@...r.kernel.org
Cc: dhowells@...hat.com, linux-security-module@...r.kernel.org,
zohar@...ux.vnet.ibm.com, linux-kernel@...r.kernel.org,
tadeusz.struk@...el.com
Subject: [PATCH 7/8] X.509: Rename public_key.c to software_pkey.c
Rename public_key.c to software_pkey.c as it's not the only possible
subtype for doing public_key operations - there can conceivably be
hardware-offload subtypes that do public key operations (such as in the
TPM) too.
Signed-off-by: David Howells <dhowells@...hat.com>
---
arch/s390/configs/default_defconfig | 2
arch/s390/configs/gcov_defconfig | 2
arch/s390/configs/performance_defconfig | 2
crypto/asymmetric_keys/Kconfig | 10 +-
crypto/asymmetric_keys/Makefile | 2
crypto/asymmetric_keys/public_key.c | 142 -------------------------------
crypto/asymmetric_keys/software_pkey.c | 142 +++++++++++++++++++++++++++++++
init/Kconfig | 2
security/integrity/Kconfig | 2
9 files changed, 153 insertions(+), 153 deletions(-)
delete mode 100644 crypto/asymmetric_keys/public_key.c
create mode 100644 crypto/asymmetric_keys/software_pkey.c
diff --git a/arch/s390/configs/default_defconfig b/arch/s390/configs/default_defconfig
index 0ac42cc4f880..b1b7b22688d5 100644
--- a/arch/s390/configs/default_defconfig
+++ b/arch/s390/configs/default_defconfig
@@ -665,7 +665,7 @@ CONFIG_CRYPTO_DES_S390=m
CONFIG_CRYPTO_AES_S390=m
CONFIG_CRYPTO_GHASH_S390=m
CONFIG_ASYMMETRIC_KEY_TYPE=m
-CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=m
+CONFIG_SOFTWARE_PUBLIC_KEY_SUBTYPE=m
CONFIG_X509_CERTIFICATE_PARSER=m
CONFIG_CRC7=m
CONFIG_CRC8=m
diff --git a/arch/s390/configs/gcov_defconfig b/arch/s390/configs/gcov_defconfig
index a31dcd56f7c0..ce8e7e492af5 100644
--- a/arch/s390/configs/gcov_defconfig
+++ b/arch/s390/configs/gcov_defconfig
@@ -611,7 +611,7 @@ CONFIG_CRYPTO_DES_S390=m
CONFIG_CRYPTO_AES_S390=m
CONFIG_CRYPTO_GHASH_S390=m
CONFIG_ASYMMETRIC_KEY_TYPE=m
-CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=m
+CONFIG_SOFTWARE_PUBLIC_KEY_SUBTYPE=m
CONFIG_X509_CERTIFICATE_PARSER=m
CONFIG_CRC7=m
CONFIG_CRC8=m
diff --git a/arch/s390/configs/performance_defconfig b/arch/s390/configs/performance_defconfig
index 7b73bf353345..a176e84e6c61 100644
--- a/arch/s390/configs/performance_defconfig
+++ b/arch/s390/configs/performance_defconfig
@@ -608,7 +608,7 @@ CONFIG_CRYPTO_DES_S390=m
CONFIG_CRYPTO_AES_S390=m
CONFIG_CRYPTO_GHASH_S390=m
CONFIG_ASYMMETRIC_KEY_TYPE=m
-CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=m
+CONFIG_SOFTWARE_PUBLIC_KEY_SUBTYPE=m
CONFIG_X509_CERTIFICATE_PARSER=m
CONFIG_CRC7=m
CONFIG_CRC8=m
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index 91a7e047a765..e42c42b10d7a 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
@@ -9,19 +9,19 @@ menuconfig ASYMMETRIC_KEY_TYPE
if ASYMMETRIC_KEY_TYPE
-config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+config SOFTWARE_PUBLIC_KEY_SUBTYPE
tristate "Asymmetric public-key crypto algorithm subtype"
select MPILIB
select CRYPTO_HASH_INFO
help
- This option provides support for asymmetric public key type handling.
- If signature generation and/or verification are to be used,
- appropriate hash algorithms (such as SHA-1) must be available.
+ This option provides support for software-based asymmetric public key
+ type handling. If signature generation and/or verification are to be
+ used, appropriate hash algorithms (such as SHA-1) must be available.
ENOPKG will be reported if the requisite algorithm is unavailable.
config X509_CERTIFICATE_PARSER
tristate "X.509 certificate parser"
- depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ depends on SOFTWARE_PUBLIC_KEY_SUBTYPE
select ASN1
select OID_REGISTRY
help
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
index f90486256f01..bb86e5d157b2 100644
--- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile
@@ -6,7 +6,7 @@ obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o
asymmetric_keys-y := asymmetric_type.o signature.o
-obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
+obj-$(CONFIG_SOFTWARE_PUBLIC_KEY_SUBTYPE) += software_pkey.o
#
# X.509 Certificate handling
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
deleted file mode 100644
index 3024081026c1..000000000000
--- a/crypto/asymmetric_keys/public_key.c
+++ /dev/null
@@ -1,142 +0,0 @@
-/* In-software asymmetric public-key crypto subtype
- *
- * See Documentation/crypto/asymmetric-keys.txt
- *
- * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
- * Written by David Howells (dhowells@...hat.com)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
- * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
- */
-
-#define pr_fmt(fmt) "PKEY: "fmt
-#include <linux/module.h>
-#include <linux/export.h>
-#include <linux/kernel.h>
-#include <linux/slab.h>
-#include <linux/seq_file.h>
-#include <linux/scatterlist.h>
-#include <keys/asymmetric-subtype.h>
-#include "software_pkey.h"
-#include <crypto/akcipher.h>
-
-MODULE_LICENSE("GPL");
-
-/*
- * Provide a part of a description of the key for /proc/keys.
- */
-static void public_key_describe(const struct key *asymmetric_key,
- struct seq_file *m)
-{
- struct public_key *key = asymmetric_key->payload.data[asym_crypto];
-
- if (key)
- seq_printf(m, "%s.%s", key->id_type, key->pkey_algo);
-}
-
-/*
- * Destroy a public key algorithm key.
- */
-void public_key_destroy(void *payload)
-{
- struct public_key *key = payload;
-
- if (key)
- kfree(key->key);
- kfree(key);
-}
-EXPORT_SYMBOL_GPL(public_key_destroy);
-
-struct public_key_completion {
- struct completion completion;
- int err;
-};
-
-static void public_key_verify_done(struct crypto_async_request *req, int err)
-{
- struct public_key_completion *compl = req->data;
-
- if (err == -EINPROGRESS)
- return;
-
- compl->err = err;
- complete(&compl->completion);
-}
-
-/*
- * Verify a signature using a public key.
- */
-int public_key_verify_signature(const struct public_key *pkey,
- const struct public_key_signature *sig)
-{
- struct public_key_completion compl;
- struct crypto_akcipher *tfm;
- struct akcipher_request *req;
- struct scatterlist sig_sg, digest_sg;
- int ret = -ENOMEM;
-
- pr_devel("==>%s()\n", __func__);
-
- BUG_ON(!pkey);
- BUG_ON(!sig);
- BUG_ON(!sig->digest);
- BUG_ON(!sig->s);
-
- tfm = crypto_alloc_akcipher(sig->pkey_algo, 0, 0);
- if (IS_ERR(tfm))
- return PTR_ERR(tfm);
-
- req = akcipher_request_alloc(tfm, GFP_KERNEL);
- if (!req)
- goto error_free_tfm;
-
- ret = crypto_akcipher_set_pub_key(tfm, pkey->key, pkey->keylen);
- if (ret)
- goto error_free_req;
-
- sg_init_one(&sig_sg, sig->s, sig->s_size);
- sg_init_one(&digest_sg, sig->digest, sig->digest_size);
- akcipher_request_set_crypt(req, &sig_sg, &digest_sg,
- sig->s_size, sig->digest_size,
- sig->hash_algo);
- init_completion(&compl.completion);
- akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
- CRYPTO_TFM_REQ_MAY_SLEEP,
- public_key_verify_done, &compl);
-
- ret = crypto_akcipher_verify(req);
- if (ret == -EINPROGRESS) {
- wait_for_completion(&compl.completion);
- ret = compl.err;
- }
-
-error_free_req:
- akcipher_request_free(req);
-error_free_tfm:
- crypto_free_akcipher(tfm);
- pr_devel("<==%s() = %d\n", __func__, ret);
- return ret;
-}
-EXPORT_SYMBOL_GPL(public_key_verify_signature);
-
-static int public_key_verify_signature_2(const struct key *key,
- const struct public_key_signature *sig)
-{
- const struct public_key *pk = key->payload.data[asym_crypto];
- return public_key_verify_signature(pk, sig);
-}
-
-/*
- * Public key algorithm asymmetric key subtype
- */
-struct asymmetric_key_subtype public_key_subtype = {
- .owner = THIS_MODULE,
- .name = "public_key",
- .name_len = sizeof("public_key") - 1,
- .describe = public_key_describe,
- .destroy = public_key_destroy,
- .verify_signature = public_key_verify_signature_2,
-};
-EXPORT_SYMBOL_GPL(public_key_subtype);
diff --git a/crypto/asymmetric_keys/software_pkey.c b/crypto/asymmetric_keys/software_pkey.c
new file mode 100644
index 000000000000..3024081026c1
--- /dev/null
+++ b/crypto/asymmetric_keys/software_pkey.c
@@ -0,0 +1,142 @@
+/* In-software asymmetric public-key crypto subtype
+ *
+ * See Documentation/crypto/asymmetric-keys.txt
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@...hat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+
+#define pr_fmt(fmt) "PKEY: "fmt
+#include <linux/module.h>
+#include <linux/export.h>
+#include <linux/kernel.h>
+#include <linux/slab.h>
+#include <linux/seq_file.h>
+#include <linux/scatterlist.h>
+#include <keys/asymmetric-subtype.h>
+#include "software_pkey.h"
+#include <crypto/akcipher.h>
+
+MODULE_LICENSE("GPL");
+
+/*
+ * Provide a part of a description of the key for /proc/keys.
+ */
+static void public_key_describe(const struct key *asymmetric_key,
+ struct seq_file *m)
+{
+ struct public_key *key = asymmetric_key->payload.data[asym_crypto];
+
+ if (key)
+ seq_printf(m, "%s.%s", key->id_type, key->pkey_algo);
+}
+
+/*
+ * Destroy a public key algorithm key.
+ */
+void public_key_destroy(void *payload)
+{
+ struct public_key *key = payload;
+
+ if (key)
+ kfree(key->key);
+ kfree(key);
+}
+EXPORT_SYMBOL_GPL(public_key_destroy);
+
+struct public_key_completion {
+ struct completion completion;
+ int err;
+};
+
+static void public_key_verify_done(struct crypto_async_request *req, int err)
+{
+ struct public_key_completion *compl = req->data;
+
+ if (err == -EINPROGRESS)
+ return;
+
+ compl->err = err;
+ complete(&compl->completion);
+}
+
+/*
+ * Verify a signature using a public key.
+ */
+int public_key_verify_signature(const struct public_key *pkey,
+ const struct public_key_signature *sig)
+{
+ struct public_key_completion compl;
+ struct crypto_akcipher *tfm;
+ struct akcipher_request *req;
+ struct scatterlist sig_sg, digest_sg;
+ int ret = -ENOMEM;
+
+ pr_devel("==>%s()\n", __func__);
+
+ BUG_ON(!pkey);
+ BUG_ON(!sig);
+ BUG_ON(!sig->digest);
+ BUG_ON(!sig->s);
+
+ tfm = crypto_alloc_akcipher(sig->pkey_algo, 0, 0);
+ if (IS_ERR(tfm))
+ return PTR_ERR(tfm);
+
+ req = akcipher_request_alloc(tfm, GFP_KERNEL);
+ if (!req)
+ goto error_free_tfm;
+
+ ret = crypto_akcipher_set_pub_key(tfm, pkey->key, pkey->keylen);
+ if (ret)
+ goto error_free_req;
+
+ sg_init_one(&sig_sg, sig->s, sig->s_size);
+ sg_init_one(&digest_sg, sig->digest, sig->digest_size);
+ akcipher_request_set_crypt(req, &sig_sg, &digest_sg,
+ sig->s_size, sig->digest_size,
+ sig->hash_algo);
+ init_completion(&compl.completion);
+ akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
+ CRYPTO_TFM_REQ_MAY_SLEEP,
+ public_key_verify_done, &compl);
+
+ ret = crypto_akcipher_verify(req);
+ if (ret == -EINPROGRESS) {
+ wait_for_completion(&compl.completion);
+ ret = compl.err;
+ }
+
+error_free_req:
+ akcipher_request_free(req);
+error_free_tfm:
+ crypto_free_akcipher(tfm);
+ pr_devel("<==%s() = %d\n", __func__, ret);
+ return ret;
+}
+EXPORT_SYMBOL_GPL(public_key_verify_signature);
+
+static int public_key_verify_signature_2(const struct key *key,
+ const struct public_key_signature *sig)
+{
+ const struct public_key *pk = key->payload.data[asym_crypto];
+ return public_key_verify_signature(pk, sig);
+}
+
+/*
+ * Public key algorithm asymmetric key subtype
+ */
+struct asymmetric_key_subtype public_key_subtype = {
+ .owner = THIS_MODULE,
+ .name = "public_key",
+ .name_len = sizeof("public_key") - 1,
+ .describe = public_key_describe,
+ .destroy = public_key_destroy,
+ .verify_signature = public_key_verify_signature_2,
+};
+EXPORT_SYMBOL_GPL(public_key_subtype);
diff --git a/init/Kconfig b/init/Kconfig
index af4de4f1b02c..58194e40ff3c 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1759,7 +1759,7 @@ config SYSTEM_DATA_VERIFICATION
select CRYPTO
select CRYPTO_RSA
select ASYMMETRIC_KEY_TYPE
- select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ select SOFTWARE_PUBLIC_KEY_SUBTYPE
select ASN1
select OID_REGISTRY
select X509_CERTIFICATE_PARSER
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index 5533a011b58e..f2dd41bcf19c 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig
@@ -34,7 +34,7 @@ config INTEGRITY_ASYMMETRIC_KEYS
depends on INTEGRITY_SIGNATURE
default n
select ASYMMETRIC_KEY_TYPE
- select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ select SOFTWARE_PUBLIC_KEY_SUBTYPE
select PUBLIC_KEY_ALGO_RSA
select CRYPTO_RSA
select X509_CERTIFICATE_PARSER
Powered by blists - more mailing lists