diff options
author | Dmitry Kasatkin <dmitry.kasatkin@intel.com> | 2011-10-14 15:25:16 +0300 |
---|---|---|
committer | Dmitry Kasatkin <dmitry.kasatkin@intel.com> | 2011-11-09 12:10:37 +0200 |
commit | 051dbb918c7fb7da8e64a2cd0d804ba73399709f (patch) | |
tree | 34d547e74ef6edb7feeda4a8291b221cc016c393 /include/linux/digsig.h | |
parent | 7e8dec918ef8e0f68b4937c3c50fa57002077a4d (diff) | |
download | lwn-051dbb918c7fb7da8e64a2cd0d804ba73399709f.tar.gz lwn-051dbb918c7fb7da8e64a2cd0d804ba73399709f.zip |
crypto: digital signature verification support
This patch implements RSA digital signature verification using GnuPG library.
The format of the signature and the public key is defined by their respective
headers. The signature header contains version information, algorithm,
and keyid, which was used to generate the signature.
The key header contains version and algorythim type.
The payload of the signature and the key are multi-precision integers.
The signing and key management utilities evm-utils provide functionality
to generate signatures and load keys into the kernel keyring.
When the key is added to the kernel keyring, the keyid defines the name
of the key.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Diffstat (limited to 'include/linux/digsig.h')
-rw-r--r-- | include/linux/digsig.h | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/include/linux/digsig.h b/include/linux/digsig.h new file mode 100644 index 000000000000..efae755017d7 --- /dev/null +++ b/include/linux/digsig.h @@ -0,0 +1,64 @@ +/* + * Copyright (C) 2011 Nokia Corporation + * Copyright (C) 2011 Intel Corporation + * + * Author: + * Dmitry Kasatkin <dmitry.kasatkin@nokia.com> + * <dmitry.kasatkin@intel.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, version 2 of the License. + * + */ + +#ifndef _DIGSIG_H +#define _DIGSIG_H + +#include <linux/key.h> + +enum pubkey_algo { + PUBKEY_ALGO_RSA, + PUBKEY_ALGO_MAX, +}; + +enum digest_algo { + DIGEST_ALGO_SHA1, + DIGEST_ALGO_SHA256, + DIGEST_ALGO_MAX +}; + +struct pubkey_hdr { + uint8_t version; /* key format version */ + time_t timestamp; /* key made, always 0 for now */ + uint8_t algo; + uint8_t nmpi; + char mpi[0]; +} __packed; + +struct signature_hdr { + uint8_t version; /* signature format version */ + time_t timestamp; /* signature made */ + uint8_t algo; + uint8_t hash; + uint8_t keyid[8]; + uint8_t nmpi; + char mpi[0]; +} __packed; + +#if defined(CONFIG_DIGSIG) || defined(CONFIG_DIGSIG_MODULE) + +int digsig_verify(struct key *keyring, const char *sig, int siglen, + const char *digest, int digestlen); + +#else + +static inline int digsig_verify(struct key *keyring, const char *sig, + int siglen, const char *digest, int digestlen) +{ + return -EOPNOTSUPP; +} + +#endif /* CONFIG_DIGSIG */ + +#endif /* _DIGSIG_H */ |