diff options
| author | Johannes Berg <johannes.berg@intel.com> | 2017-10-12 14:10:08 +0200 |
|---|---|---|
| committer | Johannes Berg <johannes.berg@intel.com> | 2017-10-13 10:57:59 +0200 |
| commit | 988e2af4b7a0c1bc70188674cfde2bf8b2838bd7 (patch) | |
| tree | 6cc10692587c0a92cb02d89e19573723051808f0 /backport/backport-include/keys | |
| parent | f82274f97829d7f9e11a9793546ba88b084e1199 (diff) | |
backports: add signature verification code
Uh, this was awful. Because the crypto/ things are completely
impossible to backport, I've actually implemented this by using
mbedtls and embedding the relevant functions it has...
The mbedtls code is taken from mbedtls version 2.6.0 and only
minimally modified (mostly to remove <string.h> and similar).
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'backport/backport-include/keys')
| -rw-r--r-- | backport/backport-include/keys/asymmetric-type.h | 33 | ||||
| -rw-r--r-- | backport/backport-include/keys/system_keyring.h | 10 |
2 files changed, 43 insertions, 0 deletions
diff --git a/backport/backport-include/keys/asymmetric-type.h b/backport/backport-include/keys/asymmetric-type.h new file mode 100644 index 00000000..ee9c4186 --- /dev/null +++ b/backport/backport-include/keys/asymmetric-type.h @@ -0,0 +1,33 @@ +#ifndef __BP_ASYMMETRIC_TYPE_H +#define __BP_ASYMMETRIC_TYPE_H +#ifdef CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION + +struct asymmetric_key_id { + unsigned short len; + unsigned char data[]; +}; + +struct asymmetric_key_ids { + struct asymmetric_key_id *id[2]; +}; + +static inline bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1, + const struct asymmetric_key_id *kid2) +{ + if (!kid1 || !kid2) + return false; + if (kid1->len != kid2->len) + return false; + return memcmp(kid1->data, kid2->data, kid1->len) == 0; +} + +extern struct asymmetric_key_id * +asymmetric_key_generate_id(const void *val_1, size_t len_1, + const void *val_2, size_t len_2); + +extern struct key *find_asymmetric_key(struct key *keyring, + const struct asymmetric_key_id *id_0, + const struct asymmetric_key_id *id_1, + bool partial); +#endif +#endif /* __BP_ASYMMETRIC_TYPE_H */ diff --git a/backport/backport-include/keys/system_keyring.h b/backport/backport-include/keys/system_keyring.h new file mode 100644 index 00000000..00d2bfff --- /dev/null +++ b/backport/backport-include/keys/system_keyring.h @@ -0,0 +1,10 @@ +#ifndef __BP_SYSTEM_KEYRING_H +#define __BP_SYSTEM_KEYRING_H +#ifndef CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION +#include_next <keys/system_keyring.h> +#else +#include <linux/key.h> + +#define is_hash_blacklisted(...) 0 +#endif /* CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION */ +#endif /* __BP_SYSTEM_KEYRING_H */ |