06 Apr, 2016

1 commit

• e68503bd6   KEYS: Generalise system_verify_data() to provide access to internal content ... Browse Code »

  Generalise system_verify_data() to provide access to internal content
  through a callback. This allows all the PKCS#7 stuff to be hidden inside
  this function and removed from the PE file parser and the PKCS#7 test key.

  If external content is not required, NULL should be passed as data to the
  function. If the callback is not required, that can be set to NULL.

  The function is now called verify_pkcs7_signature() to contrast with
  verify_pefile_signature() and the definitions of both have been moved into
  linux/verification.h along with the key_being_used_for enum.

  Signed-off-by: David Howells

  David Howells

  2016-04-06 23:14:24 +0800  

04 Mar, 2016

1 commit

• 4e8ae72a7   X.509: Make algo identifiers text instead of enum ... Browse Code »

  Make the identifier public key and digest algorithm fields text instead of
  enum.

  Signed-off-by: David Howells
  Acked-by: Herbert Xu

  David Howells

  2016-03-04 05:49:27 +0800  

09 Jul, 2014

2 commits

• 4c0b4b1d1   pefile: Parse the "Microsoft individual code signing" data blob ... Browse Code »

  The PKCS#7 certificate should contain a "Microsoft individual code signing"
  data blob as its signed content. This blob contains a digest of the signed
  content of the PE binary and the OID of the digest algorithm used (typically
  SHA256).

  Signed-off-by: David Howells
  Acked-by: Vivek Goyal
  Reviewed-by: Kees Cook

  David Howells

  2014-07-09 21:58:37 +0800  
• 26d1164be   pefile: Parse a PE binary to find a key and a signature contained therein ... Browse Code »

  Parse a PE binary to find a key and a signature contained therein. Later
  patches will check the signature and add the key if the signature checks out.

  Signed-off-by: David Howells
  Acked-by: Vivek Goyal
  Reviewed-by: Kees Cook

  David Howells

  2014-07-09 21:58:37 +0800