korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-29 23:24:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
c7381b0128
linux/crypto/asymmetric_keys
History
Vitaly Chikunov c7381b0128 crypto: akcipher - new verify API for public key algorithms 
Previous akcipher .verify() just `decrypts' (using RSA encrypt which is
using public key) signature to uncover message hash, which was then
compared in upper level public_key_verify_signature() with the expected
hash value, which itself was never passed into verify().

This approach was incompatible with EC-DSA family of algorithms,
because, to verify a signature EC-DSA algorithm also needs a hash value
as input; then it's used (together with a signature divided into halves
`r||s') to produce a witness value, which is then compared with `r' to
determine if the signature is correct. Thus, for EC-DSA, nor
requirements of .verify() itself, nor its output expectations in
public_key_verify_signature() wasn't sufficient.

Make improved .verify() call which gets hash value as input and produce
complete signature check without any output besides status.

Now for the top level verification only crypto_akcipher_verify() needs
to be called and its return value inspected.

Make sure that `digest' is in kmalloc'd memory (in place of `output`) in
{public,tpm}_key_verify_signature() as insisted by Herbert Xu, and will
be changed in the following commit.

Cc: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Reviewed-by: Denis Kenzior <denkenz@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-04-18 22:15:02 +08:00
..
asym_tpm.c crypto: akcipher - new verify API for public key algorithms 2019-04-18 22:15:02 +08:00
asymmetric_keys.h KEYS: Provide missing asymmetric key subops for new key type ops [ver #2] 2018-10-26 09:30:46 +01:00
asymmetric_type.c KEYS: Provide missing asymmetric key subops for new key type ops [ver #2] 2018-10-26 09:30:46 +01:00
Kconfig KEYS: trusted: Expose common functionality [ver #2] 2018-10-26 09:30:47 +01:00
Makefile KEYS: Add parser for TPM-based keys [ver #2] 2018-10-26 09:30:46 +01:00
mscode_parser.c kbuild: rename *-asn1.[ch] to *.asn1.[ch] 2018-04-07 19:04:02 +09:00
mscode.asn1 pefile: Parse the "Microsoft individual code signing" data blob 2014-07-09 14:58:37 +01:00
pkcs7_key_type.c Replace magic for trusting the secondary keyring with #define 2018-08-16 09:57:20 -07:00
pkcs7_parser.c KEYS: Make the X.509 and PKCS7 parsers supply the sig encoding type [ver #2] 2018-10-26 09:30:46 +01:00
pkcs7_parser.h PKCS#7: Handle blacklisted certificates 2017-04-03 16:07:25 +01:00
pkcs7_trust.c PKCS#7: fix direct verification of SignerInfo signature 2018-02-22 14:38:33 +00:00
pkcs7_verify.c PKCS#7: fix certificate blacklisting 2018-02-22 14:38:33 +00:00
pkcs7.asn1 PKCS#7: Appropriately restrict authenticated attributes and content type 2015-08-12 17:01:01 +01:00
pkcs8_parser.c KEYS: Implement PKCS#8 RSA Private Key parser [ver #2] 2018-10-26 09:30:46 +01:00
pkcs8.asn1 KEYS: Implement PKCS#8 RSA Private Key parser [ver #2] 2018-10-26 09:30:46 +01:00
public_key.c crypto: akcipher - new verify API for public key algorithms 2019-04-18 22:15:02 +08:00
restrict.c X.509: fix NULL dereference when restricting key with unsupported_sig 2018-02-22 14:38:34 +00:00
signature.c KEYS: Provide missing asymmetric key subops for new key type ops [ver #2] 2018-10-26 09:30:46 +01:00
tpm_parser.c KEYS: Add parser for TPM-based keys [ver #2] 2018-10-26 09:30:46 +01:00
tpm.asn1 KEYS: Add parser for TPM-based keys [ver #2] 2018-10-26 09:30:46 +01:00
verify_pefile.c crypto : asymmetric_keys : verify_pefile:zero memory content before freeing 2017-06-09 13:29:50 +10:00
verify_pefile.h KEYS: Generalise system_verify_data() to provide access to internal content 2016-04-06 16:14:24 +01:00
x509_akid.asn1 X.509: Extract both parts of the AuthorityKeyIdentifier 2015-08-07 16:26:13 +01:00
x509_cert_parser.c KEYS: Make the X.509 and PKCS7 parsers supply the sig encoding type [ver #2] 2018-10-26 09:30:46 +01:00
x509_parser.h X.509: Allow X.509 certs to be blacklisted 2017-04-03 16:07:25 +01:00
x509_public_key.c X.509: fix comparisons of ->pkey_algo 2017-12-08 15:13:29 +00:00
x509.asn1 X.509: Add bits needed for PKCS#7 2014-07-01 16:40:19 +01:00