From d9c46b184fcfd33c85a7dc48a653435a08e21f56 Mon Sep 17 00:00:00 2001 From: Dmitry Kasatkin Date: Wed, 31 Aug 2011 14:05:16 +0300 Subject: crypto: GnuPG based MPI lib - make files (part 3) Adds the multi-precision-integer maths library which was originally taken from GnuPG and ported to the kernel by (among others) David Howells. This version is taken from Fedora kernel 2.6.32-71.14.1.el6. The difference is that checkpatch reported errors and warnings have been fixed. This library is used to implemenet RSA digital signature verification used in IMA/EVM integrity protection subsystem. Due to patch size limitation, the patch is divided into 4 parts. Signed-off-by: Dmitry Kasatkin --- lib/Kconfig | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'lib/Kconfig') diff --git a/lib/Kconfig b/lib/Kconfig index 32f3e5ae2be5..4af07ec7f2de 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -276,4 +276,11 @@ config CORDIC so its calculations are in fixed point. Modules can select this when they require this function. Module will be called cordic. +config MPILIB + tristate "Multiprecision maths library" + help + Multiprecision maths library from GnuPG. + It is used to implement RSA digital signature verification, + which is used by IMA/EVM digital signature extension. + endmenu -- cgit v1.2.3 From 7e8dec918ef8e0f68b4937c3c50fa57002077a4d Mon Sep 17 00:00:00 2001 From: Dmitry Kasatkin Date: Mon, 7 Nov 2011 15:16:37 +0200 Subject: crypto: GnuPG based MPI lib - additional sources (part 4) Adds the multi-precision-integer maths library which was originally taken from GnuPG and ported to the kernel by (among others) David Howells. This version is taken from Fedora kernel 2.6.32-71.14.1.el6. The difference is that checkpatch reported errors and warnings have been fixed. This library is used to implemenet RSA digital signature verification used in IMA/EVM integrity protection subsystem. Due to patch size limitation, the patch is divided into 4 parts. This code is unnecessary for RSA digital signature verification, but for completeness it is included here and can be compiled, if CONFIG_MPILIB_EXTRA is enabled. Signed-off-by: Dmitry Kasatkin --- lib/Kconfig | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'lib/Kconfig') diff --git a/lib/Kconfig b/lib/Kconfig index 4af07ec7f2de..d411de53be4f 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -283,4 +283,14 @@ config MPILIB It is used to implement RSA digital signature verification, which is used by IMA/EVM digital signature extension. +config MPILIB_EXTRA + bool "Multiprecision maths library - additional sources" + depends on MPILIB + help + Multiprecision maths library from GnuPG. + It is used to implement RSA digital signature verification, + which is used by IMA/EVM digital signature extension. + This code in unnecessary for RSA digital signature verification, + and can be compiled if needed. + endmenu -- cgit v1.2.3 From 051dbb918c7fb7da8e64a2cd0d804ba73399709f Mon Sep 17 00:00:00 2001 From: Dmitry Kasatkin Date: Fri, 14 Oct 2011 15:25:16 +0300 Subject: crypto: digital signature verification support This patch implements RSA digital signature verification using GnuPG library. The format of the signature and the public key is defined by their respective headers. The signature header contains version information, algorithm, and keyid, which was used to generate the signature. The key header contains version and algorythim type. The payload of the signature and the key are multi-precision integers. The signing and key management utilities evm-utils provide functionality to generate signatures and load keys into the kernel keyring. When the key is added to the kernel keyring, the keyid defines the name of the key. Signed-off-by: Dmitry Kasatkin Acked-by: Mimi Zohar --- lib/Kconfig | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'lib/Kconfig') diff --git a/lib/Kconfig b/lib/Kconfig index d411de53be4f..c1a89185fe6b 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -293,4 +293,12 @@ config MPILIB_EXTRA This code in unnecessary for RSA digital signature verification, and can be compiled if needed. +config DIGSIG + tristate "In-kernel signature checker" + depends on CRYPTO + select MPILIB + help + Digital signature verification. Currently only RSA is supported. + Implementation is done using GnuPG MPI library + endmenu -- cgit v1.2.3 From de353533753e048b5c4658f0a42365937527ac45 Mon Sep 17 00:00:00 2001 From: Dmitry Kasatkin Date: Mon, 21 Nov 2011 17:31:15 +0200 Subject: digsig: build dependency fix Fix build errors by adding Kconfig dependency on KEYS. CRYPTO dependency removed. CC security/integrity/digsig.o security/integrity/digsig.c: In function ?integrity_digsig_verify?: security/integrity/digsig.c:38:4: error: implicit declaration of function ?request_key? security/integrity/digsig.c:38:17: error: ?key_type_keyring? undeclared (first use in this function) security/integrity/digsig.c:38:17: note: each undeclared identifier is reported only once for each function it appears in make[2]: *** [security/integrity/digsig.o] Error 1 Reported-by: Randy Dunlap Signed-off-by: Dmitry Kasatkin Signed-off-by: James Morris --- lib/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/Kconfig') diff --git a/lib/Kconfig b/lib/Kconfig index c1a89185fe6b..5634e473ff6d 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -295,7 +295,7 @@ config MPILIB_EXTRA config DIGSIG tristate "In-kernel signature checker" - depends on CRYPTO + depends on KEYS select MPILIB help Digital signature verification. Currently only RSA is supported. -- cgit v1.2.3