redonkable/alistair23-linux
redonkable/alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/crypto
History
David Howells 1ca72c96db PKCS#7 message parser 
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIVAwUAU7vyohOxKuMESys7AQJRkQ//XhtkCB9qDPrD/Hq6s3SDB7FCPWk8eJ9M
 GhawiLonBFgsRqWst20cW1syc+7ECjkTZU0vD5GqMHealXj9Fho+7jyf08ShP+jM
 AFBRfjoHKklOuh4C1lhB5IglR1zAXpmLHA2mP/r58BjEpOBEwlmh8rri/9/kk6iX
 hAV79d23IaoM4ueGb4vVy61ZpsKA0YQadJK1xRjXzFPAuS3f4i6W7uKG9QmsJ56m
 DaP++rtyJPByRVb/tJqUeJAIPaXQg9JRXD8tNGJ2qCdulEbHJQhNzp2ukQEMmfhS
 RaogNO7jcfdM/4BeIoRJxNt3VcvHChSdbXP1YO4V792BdxnjsXO8GdEKXp53ijoP
 mZ6Z1JsmpFKPGvAWA0eQUMYU4vnRzAtIo4CgdsIAQYpGrxOOnv+28UWalm7NLC1l
 ++YCesD03atd/XrdSNF082Xh8TTcRKI1OBOtBDya2ZhKMy56Bj/l6rOYVBw+Au6E
 Yfressl7jCRaaT/ZHefZwKsJ5ac+MTcwAk0LlKflg+f8vdpMDnUfZxhUheM2EwWw
 RyTHHa6IWUyYIOTXQ88KF1PmNXgGWBhe90yrHO909yaNWBnvFbPdJ91DuXvKUjza
 SZ0GLS2+Vt+6TnlzxaHITE1ly5m3avZDAosIqEhGKymG6EL0mg469vpNGJNUbvIp
 5jZqJ8wSF5Q=
 =aRKT
 -----END PGP SIGNATURE-----

Merge tag 'keys-pkcs7-20140708' into keys-next

Here's a set of changes that implement a PKCS#7 message parser in the kernel.

The PKCS#7 message parsing will then be used to limit kexec to authenticated
kernels only if so configured.

The changes provide the following facilities:

 (1) Parse an ASN.1 PKCS#7 message and pick out useful bits such as the data
     content and the X.509 certificates used to sign it and all the data
     signatures.

 (2) Verify all the data signatures against the set of X.509 certificates
     available in the message.

 (3) Follow the certificate chains and verify that:

     (a) for every self-signed X.509 certificate, check that it validly signed
     	 itself, and:

     (b) for every non-self-signed certificate, if we have a 'parent'
     	 certificate, the former is validly signed by the latter.

 (4) Look for intersections between the certificate chains and the trusted
     keyring, if any intersections are found, verify that the trusted
     certificates signed the intersection point in the chain.

 (5) For testing purposes, a key type can be made available that will take a
     PKCS#7 message, check that the message is trustworthy, and if so, add its
     data content into the key.

Note that (5) has to be altered to take account of the preparsing patches
already committed to this branch.

Signed-off-by: David Howells <dhowells@redhat.com>
2014-07-22 21:53:21 +01:00
..
asymmetric_keys PKCS#7 message parser 2014-07-22 21:53:21 +01:00
async_tx Merge commit 'dmaengine-3.13-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/dmaengine 2013-11-16 12:02:36 +05:30
842.c
ablk_helper.c crypto: ablk_helper - Replace memcpy with struct assignment 2013-10-07 14:16:57 +08:00
ablkcipher.c crypto: skcipher - Use eseqiv even on UP machines 2013-10-30 09:51:45 +08:00
aead.c crypto: user - fix info leaks in report API 2013-02-19 20:27:03 +08:00
aes_generic.c crypto: make tables used from assembler __visible 2013-08-14 20:42:03 +10:00
af_alg.c tree-wide: use reinit_completion instead of INIT_COMPLETION 2013-11-15 09:32:21 +09:00
ahash.c crypto: hash - Add real ahash walk interface 2014-05-21 20:56:12 +08:00
algapi.c crypto: sanitize argument for format string 2013-07-03 16:07:25 -07:00
algboss.c crypto: algboss - Hold ref count on larval 2013-06-25 19:15:17 +08:00
algif_hash.c net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST 2013-11-29 16:32:54 -05:00
algif_skcipher.c net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST 2013-11-29 16:32:54 -05:00
ansi_cprng.c crypto: ansi_cprng - Fix off by one error in non-block size request 2013-09-24 06:02:23 +10:00
anubis.c
api.c crypto: api - Fix race condition in larval lookup 2013-09-08 14:33:50 +10:00
arc4.c
authenc.c crypto: authenc - Find proper IV address in ablkcipher callback 2013-11-28 22:16:23 +08:00
authencesn.c crypto: authencesn - Simplify key parsing 2013-10-16 20:56:25 +08:00
blkcipher.c crypto: allow blkcipher walks over AEAD data 2014-03-10 20:17:11 +08:00
blowfish_common.c
blowfish_generic.c
camellia_generic.c crypto: camellia_generic - replace commas by semicolons and adjust code alignment 2013-08-21 21:08:33 +10:00
cast5_generic.c
cast6_generic.c
cast_common.c crypto: make tables used from assembler __visible 2013-08-14 20:42:03 +10:00
cbc.c
ccm.c crypto: ccm - Fix handling of zero plaintext when computing mac 2013-11-28 22:25:17 +08:00
chainiv.c arch: Mass conversion of smp_mb__*() 2014-04-18 14:20:48 +02:00
cipher.c
cmac.c crypto: add CMAC support to CryptoAPI 2013-04-25 21:01:47 +08:00
compress.c
crc32.c crypto: crc32 - add crc32 pclmulqdq implementation and wrappers for table implementation 2013-01-20 10:16:45 +11:00
crc32c_generic.c CRC32C: Add soft module dependency to load other accelerated crc32c modules 2014-02-25 19:45:04 +08:00
crct10dif_common.c crypto: crct10dif - Add fallback for broken initrds 2013-09-12 15:31:34 +10:00
crct10dif_generic.c crypto: crct10dif - Add fallback for broken initrds 2013-09-12 15:31:34 +10:00
cryptd.c
crypto_null.c crypto: export NULL algorithms defines 2014-03-21 21:54:26 +08:00
crypto_user.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6 into next 2014-06-07 19:44:40 -07:00
crypto_wq.c crypto: crypto_wq - Fix late crypto work queue initialization 2014-03-21 21:54:28 +08:00
ctr.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2013-02-25 15:56:15 -08:00
cts.c crypto: use ERR_CAST 2013-02-04 21:16:53 +08:00
deflate.c
des_generic.c
ecb.c
eseqiv.c
fcrypt.c crypto: fcrypt - Fix bitoperation for compilation with clang 2013-09-02 20:32:58 +10:00
fips.c
gcm.c crypto: crypto_memneq - add equality testing of memory regions w/o timing leaks 2013-10-07 14:17:06 +08:00
gf128mul.c
ghash-generic.c
hash_info.c crypto: provide single place for hash algo information 2013-10-25 17:14:03 -04:00
hmac.c
internal.h crypto: algboss - Hold ref count on larval 2013-06-25 19:15:17 +08:00
Kconfig crypto: sha - SHA1 transform x86_64 AVX2 2014-03-21 21:54:30 +08:00
khazad.c
krng.c
lrw.c
lz4.c crypto: add lz4 Cryptographic API 2013-07-09 10:33:30 -07:00
lz4hc.c crypto: add lz4 Cryptographic API 2013-07-09 10:33:30 -07:00
lzo.c
Makefile CRC32C: Add soft module dependency to load other accelerated crc32c modules 2014-02-25 19:45:04 +08:00
md4.c
md5.c
memneq.c crypto: memneq - fix for archs without efficient unaligned access 2013-12-09 20:09:12 +08:00
michael_mic.c
pcbc.c
pcompress.c crypto: user - fix info leaks in report API 2013-02-19 20:27:03 +08:00
pcrypt.c crypto: pcrypt - Fix wrong usage of rcu_dereference() 2013-12-05 21:28:42 +08:00
proc.c
ripemd.h
rmd128.c
rmd160.c
rmd256.c
rmd320.c
rng.c crypto: user - fix info leaks in report API 2013-02-19 20:27:03 +08:00
salsa20_generic.c
scatterwalk.c crypto: scatterwalk - Add support for calculating number of SG elements 2013-08-21 21:27:58 +10:00
seed.c
seqiv.c crypto: use ERR_CAST 2013-02-04 21:16:53 +08:00
serpent_generic.c
sha1_generic.c
sha256_generic.c crypto: sha256 - Expose SHA256 generic routine to be callable externally. 2013-04-03 09:06:31 +08:00
sha512_generic.c crypto: sha512_generic - set cra_driver_name 2013-05-28 15:43:04 +08:00
shash.c crypto: LLVMLinux: aligned-attribute.patch 2014-06-07 11:44:39 -07:00
tcrypt.c crypto: testmgr - add aead cbc des, des3_ede tests 2014-05-22 21:03:18 +08:00
tcrypt.h crypto: tcrypt - Added speed tests for AEAD crypto alogrithms in tcrypt test suite 2013-12-20 20:06:25 +08:00
tea.c
testmgr.c crypto: testmgr - add aead cbc des, des3_ede tests 2014-05-22 21:03:18 +08:00
testmgr.h crypto: testmgr - add aead cbc des, des3_ede tests 2014-05-22 21:03:18 +08:00
tgr192.c
twofish_common.c
twofish_generic.c
vmac.c
wp512.c
xcbc.c
xor.c
xts.c
zlib.c