Commit 3d167d68 authored by David Howells's avatar David Howells

KEYS: Split public_key_verify_signature() and make available

Modify public_key_verify_signature() so that it now takes a public_key struct
rather than a key struct and supply a wrapper that takes a key struct.  The
wrapper is then used by the asymmetric key subtype and the modified function is
used by X.509 self-signature checking and can be used by other things also.
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Reviewed-by: default avatarKees Cook <keescook@chromium.org>
Reviewed-by: default avatarJosh Boyer <jwboyer@redhat.com>
parent 67f7d60b
...@@ -86,21 +86,45 @@ EXPORT_SYMBOL_GPL(public_key_destroy); ...@@ -86,21 +86,45 @@ EXPORT_SYMBOL_GPL(public_key_destroy);
/* /*
* Verify a signature using a public key. * Verify a signature using a public key.
*/ */
static int public_key_verify_signature(const struct key *key, int public_key_verify_signature(const struct public_key *pk,
const struct public_key_signature *sig) const struct public_key_signature *sig)
{ {
const struct public_key *pk = key->payload.data; const struct public_key_algorithm *algo;
BUG_ON(!pk);
BUG_ON(!pk->mpi[0]);
BUG_ON(!pk->mpi[1]);
BUG_ON(!sig);
BUG_ON(!sig->digest);
BUG_ON(!sig->mpi[0]);
algo = pk->algo;
if (!algo) {
if (pk->pkey_algo >= PKEY_ALGO__LAST)
return -ENOPKG;
algo = pkey_algo[pk->pkey_algo];
if (!algo)
return -ENOPKG;
}
if (!pk->algo->verify_signature) if (!algo->verify_signature)
return -ENOTSUPP; return -ENOTSUPP;
if (sig->nr_mpi != pk->algo->n_sig_mpi) { if (sig->nr_mpi != algo->n_sig_mpi) {
pr_debug("Signature has %u MPI not %u\n", pr_debug("Signature has %u MPI not %u\n",
sig->nr_mpi, pk->algo->n_sig_mpi); sig->nr_mpi, algo->n_sig_mpi);
return -EINVAL; return -EINVAL;
} }
return pk->algo->verify_signature(pk, sig); return algo->verify_signature(pk, sig);
}
EXPORT_SYMBOL_GPL(public_key_verify_signature);
static int public_key_verify_signature_2(const struct key *key,
const struct public_key_signature *sig)
{
const struct public_key *pk = key->payload.data;
return public_key_verify_signature(pk, sig);
} }
/* /*
...@@ -111,6 +135,6 @@ struct asymmetric_key_subtype public_key_subtype = { ...@@ -111,6 +135,6 @@ struct asymmetric_key_subtype public_key_subtype = {
.name = "public_key", .name = "public_key",
.describe = public_key_describe, .describe = public_key_describe,
.destroy = public_key_destroy, .destroy = public_key_destroy,
.verify_signature = public_key_verify_signature, .verify_signature = public_key_verify_signature_2,
}; };
EXPORT_SYMBOL_GPL(public_key_subtype); EXPORT_SYMBOL_GPL(public_key_subtype);
...@@ -28,3 +28,9 @@ struct public_key_algorithm { ...@@ -28,3 +28,9 @@ struct public_key_algorithm {
}; };
extern const struct public_key_algorithm RSA_public_key_algorithm; extern const struct public_key_algorithm RSA_public_key_algorithm;
/*
* public_key.c
*/
extern int public_key_verify_signature(const struct public_key *pk,
const struct public_key_signature *sig);
...@@ -76,7 +76,7 @@ static int x509_check_signature(const struct public_key *pub, ...@@ -76,7 +76,7 @@ static int x509_check_signature(const struct public_key *pub,
if (ret < 0) if (ret < 0)
goto error_mpi; goto error_mpi;
ret = pub->algo->verify_signature(pub, sig); ret = public_key_verify_signature(pub, sig);
pr_debug("Cert Verification: %d\n", ret); pr_debug("Cert Verification: %d\n", ret);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment