From: Roberto Sassu
Support for PGP keys and signatures was proposed by David long time ago,
before the decision of using PKCS#7 for kernel modules signatures
verification was made. After that, there has been not enough interest to
support PGP too.
Lately, when discussing a proposal of introduci
From: Roberto Sassu
Parse the RSA key with RAW format if the ASN.1 parser returns an error.
Signed-off-by: Roberto Sassu
Signed-off-by: David Howells
---
crypto/rsa.c | 14 +--
crypto/rsa_helper.c | 69 +++
include/crypto/internal
From: Roberto Sassu
Introduce the new function to get the number of bits and bytes from an MPI.
Signed-off-by: Roberto Sassu
Signed-off-by: David Howells
---
include/linux/mpi.h | 2 ++
lib/crypto/mpi/mpicoder.c | 33 ++---
2 files changed, 28 insertions(+),
From: David Howells
Provide some useful PGP definitions from RFC 4880. These describe details
of public key crypto as used by crypto keys for things like signature
verification.
Signed-off-by: David Howells
Co-developed-by: Roberto Sassu
Signed-off-by: Roberto Sassu
---
crypto/asymmetric_ke
From: David Howells
Provide a simple parser that extracts the packets from a PGP packet blob
and passes the desirous ones to the given processor function:
struct pgp_parse_context {
u64 types_of_interest;
int (*process_packet)(struct pgp_parse_context *con
From: David Howells
Provide some PGP signature parsing helpers:
(1) A function to parse V4 signature subpackets and pass the desired ones
to a processor function:
int pgp_parse_sig_subpkts(const u8 *data, size_t datalen,
struct pgp_parse_sig_conte
From: David Howells
Implement a PGP data parser for the crypto key type to use when
instantiating a key.
This parser attempts to parse the instantiation data as a PGP packet
sequence (RFC 4880) and if it parses okay, attempts to extract a public-key
algorithm key or subkey from it.
If it finds
From: David Howells
Provide a facility to autogenerate the name of PGP keys from the contents
of the payload. If add_key() is given a blank description, a description
is constructed from the last user ID packet in the payload data plus the
last 8 hex digits of the key ID. For instance:
From: Roberto Sassu
Retry asymmetric key search in restrict_link_by_signature() to support the
case of partial IDs, provided by PGP signatures (only the last 8 bytes).
Although recently draft-ietf-openpgp-rfc4880bis-10 supports the signature
subpacket type 33, which contains the full issuer fing
From: David Howells
Provide handlers for PGP-based public-key algorithm signature verification.
This does most of the work involved in signature verification as most of it
is public-key algorithm agnostic. The public-key verification algorithm
itself is just the last little bit and is supplied t
From: Roberto Sassu
Calculate the digest of the signature, according to the RFC4880 section
5.2.4, get the last suitable signature with types 0x10 (Generic
certification of a User ID and Public-Key packet) or 0x13 (Positive
certification of a User ID and Public Key packet), and store it in the
as
From: David Howells
Provide a key type for testing the PGP signature parser. It is given a
non-detached PGP message as payload:
keyctl padd pgp_test a @s content.txt
gpg --compress-algo=none -s content.txt
Signed-off-by: David Howells
Co-developed-by: Roberto Sassu
Signed-off
From: Roberto Sassu
Introduce verify_pgp_signature() to verify PGP signatures from detached
data. It will be used by fsverity and by IMA.
Signed-off-by: Roberto Sassu
---
certs/system_keyring.c | 70
include/linux/verification.h | 23
2 f
From: David Howells
Provide a function to load keys from a PGP keyring blob to the built-in
keyring:
int preload_pgp_keys(const u8 *pgpdata, size_t pgpdatalen,
struct key *keyring);
Descriptions are generated from user ID notes and key fingerprints. The
key
From: Roberto Sassu
Preload PGP keys from 'pubring.gpg', placed in certs/ of the kernel source
directory.
Signed-off-by: Roberto Sassu
---
certs/Kconfig | 11 +++
certs/Makefile | 7 +++
certs/system_certificates.S | 18 ++
certs/system_k
15 matches
Mail list logo
