Eric Lee / smarc-fsl-linux-kernel

24 May, 2019

1 commit

  • b4d0d230c   treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 ... Browse Code »

    Based on 1 normalized pattern(s):

    this program is free software you can redistribute it and or modify
    it under the terms of the gnu general public licence as published by
    the free software foundation either version 2 of the licence or at
    your option any later version

    extracted by the scancode license scanner the SPDX license identifier

    GPL-2.0-or-later

    has been chosen to replace the boilerplate/reference in 114 file(s).

    Signed-off-by: Thomas Gleixner
    Reviewed-by: Allison Randal
    Reviewed-by: Kate Stewart
    Cc: linux-spdx@vger.kernel.org
    Link: https://lkml.kernel.org/r/20190520170857.552531963@linutronix.de
    Signed-off-by: Greg Kroah-Hartman

    Thomas Gleixner
     

26 Oct, 2018

1 commit

  • 5a3077183   KEYS: Provide missing asymmetric key subops for new key type ops [ver #2] ... Browse Code »

    Provide the missing asymmetric key subops for new key type ops. This
    include query, encrypt, decrypt and create signature. Verify signature
    already exists. Also provided are accessor functions for this:

    int query_asymmetric_key(const struct key *key,
    struct kernel_pkey_query *info);

    int encrypt_blob(struct kernel_pkey_params *params,
    const void *data, void *enc);
    int decrypt_blob(struct kernel_pkey_params *params,
    const void *enc, void *data);
    int create_signature(struct kernel_pkey_params *params,
    const void *data, void *enc);

    The public_key_signature struct gains an encoding field to carry the
    encoding for verify_signature().

    Signed-off-by: David Howells
    Tested-by: Marcel Holtmann
    Reviewed-by: Marcel Holtmann
    Reviewed-by: Denis Kenzior
    Tested-by: Denis Kenzior
    Signed-off-by: James Morris

    David Howells
     

12 Apr, 2016

1 commit

21 Oct, 2015

1 commit

  • 146aa8b14   KEYS: Merge the type-specific data with the payload data ... Browse Code »

    Merge the type-specific data with the payload data into one four-word chunk
    as it seems pointless to keep them separate.

    Use user_key_payload() for accessing the payloads of overloaded
    user-defined keys.

    Signed-off-by: David Howells
    cc: linux-cifs@vger.kernel.org
    cc: ecryptfs@vger.kernel.org
    cc: linux-ext4@vger.kernel.org
    cc: linux-f2fs-devel@lists.sourceforge.net
    cc: linux-nfs@vger.kernel.org
    cc: ceph-devel@vger.kernel.org
    cc: linux-ima-devel@lists.sourceforge.net

    David Howells
     

22 May, 2015

1 commit

  • f2b3dee48   KEYS: fix "ca_keys=" partial key matching ... Browse Code »

    The call to asymmetric_key_hex_to_key_id() from ca_keys_setup()
    silently fails with -ENOMEM. Instead of dynamically allocating
    memory from a __setup function, this patch defines a variable
    and calls __asymmetric_key_hex_to_key_id(), a new helper function,
    directly.

    This bug was introduced by 'commit 46963b774d44 ("KEYS: Overhaul
    key identification when searching for asymmetric keys")'.

    Changelog:
    - for clarification, rename hexlen to asciihexlen in
    asymmetric_key_hex_to_key_id()
    - add size argument to __asymmetric_key_hex_to_key_id() - David Howells
    - inline __asymmetric_key_hex_to_key_id() - David Howells
    - remove duplicate strlen() calls

    Acked-by: David Howells
    Signed-off-by: Mimi Zohar
    Cc: stable@vger.kernel.org # 3.18

    Mimi Zohar
     

06 Oct, 2014

1 commit

17 Sep, 2014

2 commits

  • 46963b774   KEYS: Overhaul key identification when searching for asymmetric keys ... Browse Code »

    Make use of the new match string preparsing to overhaul key identification
    when searching for asymmetric keys. The following changes are made:

    (1) Use the previously created asymmetric_key_id struct to hold the following
    key IDs derived from the X.509 certificate or PKCS#7 message:

    id: serial number + issuer
    skid: subjKeyId + subject
    authority: authKeyId + issuer

    (2) Replace the hex fingerprint attached to key->type_data[1] with an
    asymmetric_key_ids struct containing the id and the skid (if present).

    (3) Make the asymmetric_type match data preparse select one of two searches:

    (a) An iterative search for the key ID given if prefixed with "id:". The
    prefix is expected to be followed by a hex string giving the ID to
    search for. The criterion key ID is checked against all key IDs
    recorded on the key.

    (b) A direct search if the key ID is not prefixed with "id:". This will
    look for an exact match on the key description.

    (4) Make x509_request_asymmetric_key() take a key ID. This is then converted
    into "id:" and passed into keyring_search() where match preparsing
    will turn it back into a binary ID.

    (5) X.509 certificate verification then takes the authority key ID and looks
    up a key that matches it to find the public key for the certificate
    signature.

    (6) PKCS#7 certificate verification then takes the id key ID and looks up a
    key that matches it to find the public key for the signed information
    block signature.

    Additional changes:

    (1) Multiple subjKeyId and authKeyId values on an X.509 certificate cause the
    cert to be rejected with -EBADMSG.

    (2) The 'fingerprint' ID is gone. This was primarily intended to convey PGP
    public key fingerprints. If PGP is supported in future, this should
    generate a key ID that carries the fingerprint.

    (3) Th ca_keyid= kernel command line option is now converted to a key ID and
    used to match the authority key ID. Possibly this should only match the
    actual authKeyId part and not the issuer as well.

    Signed-off-by: David Howells
    Acked-by: Vivek Goyal

    David Howells
     
  • 7901c1a8e   KEYS: Implement binary asymmetric key ID handling ... Browse Code »

    Implement the first step in using binary key IDs for asymmetric keys rather
    than hex string keys.

    The previously added match data preparsing will be able to convert hex
    criterion strings into binary which can then be compared more rapidly.

    Further, we actually want more then one ID string per public key. The problem
    is that X.509 certs refer to other X.509 certs by matching Issuer + AuthKeyId
    to Subject + SubjKeyId, but PKCS#7 messages match against X.509 Issuer +
    SerialNumber.

    This patch just provides facilities for a later patch to make use of.

    Signed-off-by: David Howells
    Acked-by: Vivek Goyal

    David Howells
     

17 Jul, 2014

1 commit

  • b3426827c   KEYS: make partial key id matching as a dedicated function ... Browse Code »

    To avoid code duplication this patch refactors asymmetric_key_match(),
    making partial ID string match a separate function.

    This patch also implicitly fixes a bug in the code. asymmetric_key_match()
    allows to match the key by its subtype. But subtype matching could be
    undone if asymmetric_key_id(key) would return NULL. This patch first
    checks for matching spec and then for its value.

    Signed-off-by: Dmitry Kasatkin
    Signed-off-by: Mimi Zohar

    Dmitry Kasatkin
     

08 Oct, 2012

1 commit

  • 964f3b3bf   KEYS: Implement asymmetric key type ... Browse Code »

    Create a key type that can be used to represent an asymmetric key type for use
    in appropriate cryptographic operations, such as encryption, decryption,
    signature generation and signature verification.

    The key type is "asymmetric" and can provide access to a variety of
    cryptographic algorithms.

    Possibly, this would be better as "public_key" - but that has the disadvantage
    that "public key" is an overloaded term.

    Signed-off-by: David Howells
    Signed-off-by: Rusty Russell

    David Howells