keys: change asymmetric keys to use common hash definitions
authorDmitry Kasatkin <d.kasatkin@samsung.com>
Mon, 6 May 2013 12:58:15 +0000 (15:58 +0300)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Fri, 25 Oct 2013 21:15:18 +0000 (17:15 -0400)
This patch makes use of the newly defined common hash algorithm info,
replacing, for example, PKEY_HASH with HASH_ALGO.

Changelog:
- Lindent fixes - Mimi

CC: David Howells <dhowells@redhat.com>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
crypto/asymmetric_keys/Kconfig
crypto/asymmetric_keys/public_key.c
crypto/asymmetric_keys/rsa.c
crypto/asymmetric_keys/x509_cert_parser.c
crypto/asymmetric_keys/x509_parser.h
crypto/asymmetric_keys/x509_public_key.c
include/crypto/public_key.h
kernel/module_signing.c

index 862b01fe61726694f656a9fc16fc9a012906528b..82e7d6b0c276b6d1e07c0148658b024d4785d92c 100644 (file)
@@ -13,6 +13,7 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
        tristate "Asymmetric public-key crypto algorithm subtype"
        select MPILIB
        select PUBLIC_KEY_ALGO_RSA
+       select CRYPTO_HASH_INFO
        help
          This option provides support for asymmetric public key type handling.
          If signature generation and/or verification are to be used,
index 49ac8d848ed162eacf0aaacf1d883fe70059ba8c..97eb001960b97774e89643f65711d2a68e6a3a8f 100644 (file)
@@ -36,18 +36,6 @@ const struct public_key_algorithm *pkey_algo[PKEY_ALGO__LAST] = {
 };
 EXPORT_SYMBOL_GPL(pkey_algo);
 
-const char *const pkey_hash_algo_name[PKEY_HASH__LAST] = {
-       [PKEY_HASH_MD4]         = "md4",
-       [PKEY_HASH_MD5]         = "md5",
-       [PKEY_HASH_SHA1]        = "sha1",
-       [PKEY_HASH_RIPE_MD_160] = "rmd160",
-       [PKEY_HASH_SHA256]      = "sha256",
-       [PKEY_HASH_SHA384]      = "sha384",
-       [PKEY_HASH_SHA512]      = "sha512",
-       [PKEY_HASH_SHA224]      = "sha224",
-};
-EXPORT_SYMBOL_GPL(pkey_hash_algo_name);
-
 const char *const pkey_id_type_name[PKEY_ID_TYPE__LAST] = {
        [PKEY_ID_PGP]           = "PGP",
        [PKEY_ID_X509]          = "X509",
index 4a6a0696f8a3b165618fe7c62516a7446e354c24..90a17f59ba2800d197366dbcb0835a9adc598320 100644 (file)
@@ -73,13 +73,13 @@ static const struct {
        size_t size;
 } RSA_ASN1_templates[PKEY_HASH__LAST] = {
 #define _(X) { RSA_digest_info_##X, sizeof(RSA_digest_info_##X) }
-       [PKEY_HASH_MD5]         = _(MD5),
-       [PKEY_HASH_SHA1]        = _(SHA1),
-       [PKEY_HASH_RIPE_MD_160] = _(RIPE_MD_160),
-       [PKEY_HASH_SHA256]      = _(SHA256),
-       [PKEY_HASH_SHA384]      = _(SHA384),
-       [PKEY_HASH_SHA512]      = _(SHA512),
-       [PKEY_HASH_SHA224]      = _(SHA224),
+       [HASH_ALGO_MD5]         = _(MD5),
+       [HASH_ALGO_SHA1]        = _(SHA1),
+       [HASH_ALGO_RIPE_MD_160] = _(RIPE_MD_160),
+       [HASH_ALGO_SHA256]      = _(SHA256),
+       [HASH_ALGO_SHA384]      = _(SHA384),
+       [HASH_ALGO_SHA512]      = _(SHA512),
+       [HASH_ALGO_SHA224]      = _(SHA224),
 #undef _
 };
 
index 144201ccba0c19ce7f85f74671206595b6d7deb6..29893162497ca352101b4d2126a0d03590e50ed1 100644 (file)
@@ -154,32 +154,32 @@ int x509_note_pkey_algo(void *context, size_t hdrlen,
                return -ENOPKG; /* Unsupported combination */
 
        case OID_md4WithRSAEncryption:
-               ctx->cert->sig.pkey_hash_algo = PKEY_HASH_MD5;
+               ctx->cert->sig.pkey_hash_algo = HASH_ALGO_MD5;
                ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
                break;
 
        case OID_sha1WithRSAEncryption:
-               ctx->cert->sig.pkey_hash_algo = PKEY_HASH_SHA1;
+               ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA1;
                ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
                break;
 
        case OID_sha256WithRSAEncryption:
-               ctx->cert->sig.pkey_hash_algo = PKEY_HASH_SHA256;
+               ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA256;
                ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
                break;
 
        case OID_sha384WithRSAEncryption:
-               ctx->cert->sig.pkey_hash_algo = PKEY_HASH_SHA384;
+               ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA384;
                ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
                break;
 
        case OID_sha512WithRSAEncryption:
-               ctx->cert->sig.pkey_hash_algo = PKEY_HASH_SHA512;
+               ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA512;
                ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
                break;
 
        case OID_sha224WithRSAEncryption:
-               ctx->cert->sig.pkey_hash_algo = PKEY_HASH_SHA224;
+               ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA224;
                ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
                break;
        }
index 87d9cc26f630625d7c57e3309456de2a356a46b5..04c81bd0f3f27b8a71042acc8ca575047900ccfd 100644 (file)
@@ -21,6 +21,8 @@ struct x509_certificate {
        char            *authority;             /* Authority key fingerprint as hex */
        struct tm       valid_from;
        struct tm       valid_to;
+       enum pkey_algo  pkey_algo : 8;          /* Public key algorithm */
+       enum hash_algo sig_hash_algo : 8;       /* Signature hash algorithm */
        const void      *tbs;                   /* Signed data */
        unsigned        tbs_size;               /* Size of signed data */
        unsigned        raw_sig_size;           /* Size of sigature */
index 6abc27f2e8a51b0a0d382a6938d818447a8bdab6..0a6bfad5491680db7b618f55f52a4fdf3ca72857 100644 (file)
@@ -96,7 +96,7 @@ int x509_get_sig_params(struct x509_certificate *cert)
        /* Allocate the hashing algorithm we're going to need and find out how
         * big the hash operational data will be.
         */
-       tfm = crypto_alloc_shash(pkey_hash_algo_name[cert->sig.pkey_hash_algo], 0, 0);
+       tfm = crypto_alloc_shash(hash_algo_name[cert->sig.pkey_hash_algo], 0, 0);
        if (IS_ERR(tfm))
                return (PTR_ERR(tfm) == -ENOENT) ? -ENOPKG : PTR_ERR(tfm);
 
@@ -199,7 +199,7 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
            cert->sig.pkey_hash_algo >= PKEY_HASH__LAST ||
            !pkey_algo[cert->pub->pkey_algo] ||
            !pkey_algo[cert->sig.pkey_algo] ||
-           !pkey_hash_algo_name[cert->sig.pkey_hash_algo]) {
+           !hash_algo_name[cert->sig.pkey_hash_algo]) {
                ret = -ENOPKG;
                goto error_free_cert;
        }
@@ -213,9 +213,8 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
                 cert->valid_to.tm_year + 1900, cert->valid_to.tm_mon + 1,
                 cert->valid_to.tm_mday, cert->valid_to.tm_hour,
                 cert->valid_to.tm_min,  cert->valid_to.tm_sec);
-       pr_devel("Cert Signature: %s + %s\n",
-                pkey_algo_name[cert->sig.pkey_algo],
-                pkey_hash_algo_name[cert->sig.pkey_hash_algo]);
+       pr_devel("Cert Signature: %s\n",
+                hash_algo_name[cert->sig.pkey_hash_algo]);
 
        if (!cert->fingerprint) {
                pr_warn("Cert for '%s' must have a SubjKeyId extension\n",
index b34fda4dcabf091cc0f3bdc833996b94ba8bd86f..fc09732613adbe98985083a0ca8fc0ec5ea334a9 100644 (file)
@@ -15,6 +15,7 @@
 #define _LINUX_PUBLIC_KEY_H
 
 #include <linux/mpi.h>
+#include <crypto/hash_info.h>
 
 enum pkey_algo {
        PKEY_ALGO_DSA,
@@ -25,19 +26,8 @@ enum pkey_algo {
 extern const char *const pkey_algo_name[PKEY_ALGO__LAST];
 extern const struct public_key_algorithm *pkey_algo[PKEY_ALGO__LAST];
 
-enum pkey_hash_algo {
-       PKEY_HASH_MD4,
-       PKEY_HASH_MD5,
-       PKEY_HASH_SHA1,
-       PKEY_HASH_RIPE_MD_160,
-       PKEY_HASH_SHA256,
-       PKEY_HASH_SHA384,
-       PKEY_HASH_SHA512,
-       PKEY_HASH_SHA224,
-       PKEY_HASH__LAST
-};
-
-extern const char *const pkey_hash_algo_name[PKEY_HASH__LAST];
+/* asymmetric key implementation supports only up to SHA224 */
+#define PKEY_HASH__LAST                (HASH_ALGO_SHA224 + 1)
 
 enum pkey_id_type {
        PKEY_ID_PGP,            /* OpenPGP generated key ID */
@@ -91,7 +81,7 @@ struct public_key_signature {
        u8 digest_size;                 /* Number of bytes in digest */
        u8 nr_mpi;                      /* Occupancy of mpi[] */
        enum pkey_algo pkey_algo : 8;
-       enum pkey_hash_algo pkey_hash_algo : 8;
+       enum hash_algo pkey_hash_algo : 8;
        union {
                MPI mpi[2];
                struct {
index 0b6b870dc5e4fe642fe0b149a4c6d77bb75861b4..be5b8fac4bd0de72aba1f91674a2d0eb7a296d31 100644 (file)
@@ -29,7 +29,7 @@
  */
 struct module_signature {
        u8      algo;           /* Public-key crypto algorithm [enum pkey_algo] */
-       u8      hash;           /* Digest algorithm [enum pkey_hash_algo] */
+       u8      hash;           /* Digest algorithm [enum hash_algo] */
        u8      id_type;        /* Key identifier type [enum pkey_id_type] */
        u8      signer_len;     /* Length of signer's name */
        u8      key_id_len;     /* Length of key identifier */
@@ -40,7 +40,7 @@ struct module_signature {
 /*
  * Digest the module contents.
  */
-static struct public_key_signature *mod_make_digest(enum pkey_hash_algo hash,
+static struct public_key_signature *mod_make_digest(enum hash_algo hash,
                                                    const void *mod,
                                                    unsigned long modlen)
 {
@@ -55,7 +55,7 @@ static struct public_key_signature *mod_make_digest(enum pkey_hash_algo hash,
        /* Allocate the hashing algorithm we're going to need and find out how
         * big the hash operational data will be.
         */
-       tfm = crypto_alloc_shash(pkey_hash_algo_name[hash], 0, 0);
+       tfm = crypto_alloc_shash(hash_algo_name[hash], 0, 0);
        if (IS_ERR(tfm))
                return (PTR_ERR(tfm) == -ENOENT) ? ERR_PTR(-ENOPKG) : ERR_CAST(tfm);
 
@@ -218,7 +218,7 @@ int mod_verify_sig(const void *mod, unsigned long *_modlen)
                return -ENOPKG;
 
        if (ms.hash >= PKEY_HASH__LAST ||
-           !pkey_hash_algo_name[ms.hash])
+           !hash_algo_name[ms.hash])
                return -ENOPKG;
 
        key = request_asymmetric_key(sig, ms.signer_len,