summaryrefslogtreecommitdiff
path: root/security/integrity
diff options
context:
space:
mode:
authorJames Morris <james.l.morris@oracle.com>2016-03-04 11:39:53 +1100
committerJames Morris <james.l.morris@oracle.com>2016-03-04 11:39:53 +1100
commit88a1b564a20e371e6be41b39b85673e9c1959491 (patch)
treef70850f5242470d479711ddb816ac05f47b15642 /security/integrity
parent5804602536649bccc907cbdd7e31b8797bdb6c45 (diff)
parent4e8ae72a75aae285ec5b93518b9680da198afd0d (diff)
downloadlinux-88a1b564a20e371e6be41b39b85673e9c1959491.tar.gz
Merge tag 'keys-next-20160303' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into next
Diffstat (limited to 'security/integrity')
-rw-r--r--security/integrity/Kconfig2
-rw-r--r--security/integrity/digsig_asymmetric.c16
-rw-r--r--security/integrity/integrity.h2
3 files changed, 9 insertions, 11 deletions
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index 21d756832b75..979be65d22c4 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig
@@ -36,6 +36,7 @@ config INTEGRITY_ASYMMETRIC_KEYS
select ASYMMETRIC_KEY_TYPE
select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
select PUBLIC_KEY_ALGO_RSA
+ select CRYPTO_RSA
select X509_CERTIFICATE_PARSER
help
This option enables digital signature verification using
@@ -45,7 +46,6 @@ config INTEGRITY_TRUSTED_KEYRING
bool "Require all keys on the integrity keyrings be signed"
depends on SYSTEM_TRUSTED_KEYRING
depends on INTEGRITY_ASYMMETRIC_KEYS
- select KEYS_DEBUG_PROC_KEYS
default y
help
This option requires that all keys added to the .ima and
diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
index 5ade2a7517a6..80052ed8d467 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -16,6 +16,7 @@
#include <linux/ratelimit.h>
#include <linux/key-type.h>
#include <crypto/public_key.h>
+#include <crypto/hash_info.h>
#include <keys/asymmetric-type.h>
#include <keys/system_keyring.h>
@@ -94,7 +95,7 @@ int asymmetric_verify(struct key *keyring, const char *sig,
if (siglen != __be16_to_cpu(hdr->sig_size))
return -EBADMSG;
- if (hdr->hash_algo >= PKEY_HASH__LAST)
+ if (hdr->hash_algo >= HASH_ALGO__LAST)
return -ENOPKG;
key = request_asymmetric_key(keyring, __be32_to_cpu(hdr->keyid));
@@ -103,16 +104,13 @@ int asymmetric_verify(struct key *keyring, const char *sig,
memset(&pks, 0, sizeof(pks));
- pks.pkey_hash_algo = hdr->hash_algo;
+ pks.pkey_algo = "rsa";
+ pks.hash_algo = hash_algo_name[hdr->hash_algo];
pks.digest = (u8 *)data;
pks.digest_size = datalen;
- pks.nr_mpi = 1;
- pks.rsa.s = mpi_read_raw_data(hdr->sig, siglen);
-
- if (pks.rsa.s)
- ret = verify_signature(key, &pks);
-
- mpi_free(pks.rsa.s);
+ pks.s = hdr->sig;
+ pks.s_size = siglen;
+ ret = verify_signature(key, &pks);
key_put(key);
pr_debug("%s() = %d\n", __func__, ret);
return ret;
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index c7a111cc7d89..e08935cf343f 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -90,7 +90,7 @@ struct ima_digest_data {
struct signature_v2_hdr {
uint8_t type; /* xattr type */
uint8_t version; /* signature format version */
- uint8_t hash_algo; /* Digest algorithm [enum pkey_hash_algo] */
+ uint8_t hash_algo; /* Digest algorithm [enum hash_algo] */
uint32_t keyid; /* IMA key identifier - not X509/PGP specific */
uint16_t sig_size; /* signature size */
uint8_t sig[0]; /* signature payload */