linux/crypto/asymmetric_keys
David Howells 1ca72c96db PKCS#7 message parser
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIVAwUAU7vyohOxKuMESys7AQJRkQ//XhtkCB9qDPrD/Hq6s3SDB7FCPWk8eJ9M
 GhawiLonBFgsRqWst20cW1syc+7ECjkTZU0vD5GqMHealXj9Fho+7jyf08ShP+jM
 AFBRfjoHKklOuh4C1lhB5IglR1zAXpmLHA2mP/r58BjEpOBEwlmh8rri/9/kk6iX
 hAV79d23IaoM4ueGb4vVy61ZpsKA0YQadJK1xRjXzFPAuS3f4i6W7uKG9QmsJ56m
 DaP++rtyJPByRVb/tJqUeJAIPaXQg9JRXD8tNGJ2qCdulEbHJQhNzp2ukQEMmfhS
 RaogNO7jcfdM/4BeIoRJxNt3VcvHChSdbXP1YO4V792BdxnjsXO8GdEKXp53ijoP
 mZ6Z1JsmpFKPGvAWA0eQUMYU4vnRzAtIo4CgdsIAQYpGrxOOnv+28UWalm7NLC1l
 ++YCesD03atd/XrdSNF082Xh8TTcRKI1OBOtBDya2ZhKMy56Bj/l6rOYVBw+Au6E
 Yfressl7jCRaaT/ZHefZwKsJ5ac+MTcwAk0LlKflg+f8vdpMDnUfZxhUheM2EwWw
 RyTHHa6IWUyYIOTXQ88KF1PmNXgGWBhe90yrHO909yaNWBnvFbPdJ91DuXvKUjza
 SZ0GLS2+Vt+6TnlzxaHITE1ly5m3avZDAosIqEhGKymG6EL0mg469vpNGJNUbvIp
 5jZqJ8wSF5Q=
 =aRKT
 -----END PGP SIGNATURE-----

Merge tag 'keys-pkcs7-20140708' into keys-next

Here's a set of changes that implement a PKCS#7 message parser in the kernel.

The PKCS#7 message parsing will then be used to limit kexec to authenticated
kernels only if so configured.

The changes provide the following facilities:

 (1) Parse an ASN.1 PKCS#7 message and pick out useful bits such as the data
     content and the X.509 certificates used to sign it and all the data
     signatures.

 (2) Verify all the data signatures against the set of X.509 certificates
     available in the message.

 (3) Follow the certificate chains and verify that:

     (a) for every self-signed X.509 certificate, check that it validly signed
     	 itself, and:

     (b) for every non-self-signed certificate, if we have a 'parent'
     	 certificate, the former is validly signed by the latter.

 (4) Look for intersections between the certificate chains and the trusted
     keyring, if any intersections are found, verify that the trusted
     certificates signed the intersection point in the chain.

 (5) For testing purposes, a key type can be made available that will take a
     PKCS#7 message, check that the message is trustworthy, and if so, add its
     data content into the key.

Note that (5) has to be altered to take account of the preparsing patches
already committed to this branch.

Signed-off-by: David Howells <dhowells@redhat.com>
2014-07-22 21:53:21 +01:00
..
.gitignore X.509: Add a crypto key parser for binary (DER) X.509 certificates 2012-10-08 13:50:22 +10:30
asymmetric_keys.h
asymmetric_type.c KEYS: struct key_preparsed_payload should have two payload pointers 2014-07-22 21:46:02 +01:00
Kconfig PKCS#7: Provide a key type for testing PKCS#7 2014-07-08 13:50:20 +01:00
Makefile PKCS#7: Provide a key type for testing PKCS#7 2014-07-08 13:50:20 +01:00
pkcs7_key_type.c PKCS#7 message parser 2014-07-22 21:53:21 +01:00
pkcs7_parser.c PKCS#7: Implement a parser [RFC 2315] 2014-07-08 13:49:56 +01:00
pkcs7_parser.h PKCS#7: Implement a parser [RFC 2315] 2014-07-08 13:49:56 +01:00
pkcs7_trust.c PKCS#7: Find intersection between PKCS#7 message and known, trusted keys 2014-07-08 13:50:15 +01:00
pkcs7_verify.c PKCS#7: Verify internal certificate chain 2014-07-08 13:50:11 +01:00
pkcs7.asn1 PKCS#7: Implement a parser [RFC 2315] 2014-07-08 13:49:56 +01:00
public_key.c keys: change asymmetric keys to use common hash definitions 2013-10-25 17:15:18 -04:00
public_key.h KEYS: Split public_key_verify_signature() and make available 2013-09-25 17:17:00 +01:00
rsa.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2013-11-23 16:18:25 -08:00
signature.c KEYS: Provide signature verification with an asymmetric key 2012-10-08 13:50:15 +10:30
x509_cert_parser.c X.509: Export certificate parse and free functions 2014-07-02 22:07:50 +01:00
x509_parser.h X.509: Add bits needed for PKCS#7 2014-07-01 16:40:19 +01:00
x509_public_key.c KEYS: struct key_preparsed_payload should have two payload pointers 2014-07-22 21:46:02 +01:00
x509_rsakey.asn1 X.509: Add a crypto key parser for binary (DER) X.509 certificates 2012-10-08 13:50:22 +10:30
x509.asn1 X.509: Add bits needed for PKCS#7 2014-07-01 16:40:19 +01:00