diff options
author | David Howells <dhowells@redhat.com> | 2018-10-09 17:47:31 +0100 |
---|---|---|
committer | James Morris <james.morris@microsoft.com> | 2018-10-26 09:30:46 +0100 |
commit | f7c4e06e066c3df282e6e3d4e7d8c498be9e1e46 (patch) | |
tree | b4fbeca37cf7dc4188fb459b9934b8ce386cf7d4 /crypto | |
parent | 82f94f24475c89c6d5cb673e1277b5b4394499c8 (diff) | |
download | linux-f7c4e06e066c3df282e6e3d4e7d8c498be9e1e46.tar.gz linux-f7c4e06e066c3df282e6e3d4e7d8c498be9e1e46.tar.bz2 linux-f7c4e06e066c3df282e6e3d4e7d8c498be9e1e46.zip |
KEYS: Allow the public_key struct to hold a private key [ver #2]
Put a flag in the public_key struct to indicate if the structure is holding
a private key. The private key must be held ASN.1 encoded in the format
specified in RFC 3447 A.1.2. This is the form required by crypto/rsa.c.
The software encryption subtype's verification and query functions then
need to select the appropriate crypto function to set the key.
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Marcel Holtmann <marcel@holtmann.org>
Reviewed-by: Marcel Holtmann <marcel@holtmann.org>
Reviewed-by: Denis Kenzior <denkenz@gmail.com>
Tested-by: Denis Kenzior <denkenz@gmail.com>
Signed-off-by: James Morris <james.morris@microsoft.com>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/asymmetric_keys/public_key.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index 761bfab352dc..f2dc27897319 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -115,7 +115,12 @@ static int software_key_query(const struct kernel_pkey_params *params, if (IS_ERR(tfm)) return PTR_ERR(tfm); - ret = crypto_akcipher_set_pub_key(tfm, pkey->key, pkey->keylen); + if (pkey->key_is_private) + ret = crypto_akcipher_set_priv_key(tfm, + pkey->key, pkey->keylen); + else + ret = crypto_akcipher_set_pub_key(tfm, + pkey->key, pkey->keylen); if (ret < 0) goto error_free_tfm; @@ -170,7 +175,12 @@ int public_key_verify_signature(const struct public_key *pkey, if (!req) goto error_free_tfm; - ret = crypto_akcipher_set_pub_key(tfm, pkey->key, pkey->keylen); + if (pkey->key_is_private) + ret = crypto_akcipher_set_priv_key(tfm, + pkey->key, pkey->keylen); + else + ret = crypto_akcipher_set_pub_key(tfm, + pkey->key, pkey->keylen); if (ret) goto error_free_req; |