git.karo-electronics.de Git - karo-tx-linux.git/commit

author	David Howells <dhowells@redhat.com>
	Fri, 21 Sep 2012 22:25:04 +0000 (23:25 +0100)
committer	Rusty Russell <rusty@rustcorp.com.au>
	Fri, 28 Sep 2012 05:14:50 +0000 (14:44 +0930)
commit	9188ee623691b5e63250fbd8175118264de61bbb
tree	c9b7b37702b3ff9920ecc2538da3d457c09168c4	tree \| snapshot
parent	7d2c84cd0964e9f8fc08a500c7b1a21fca493875	commit \| diff

KEYS: Provide signature verification with an asymmetric key

Provide signature verification using an asymmetric-type key to indicate the
public key to be used.

The API is a single function that can be found in crypto/public_key.h:

int verify_signature(const struct key *key,
     const struct public_key_signature *sig)

The first argument is the appropriate key to be used and the second argument
is the parsed signature data:

struct public_key_signature {
u8 *digest;
u16 digest_size;
enum pkey_hash_algo pkey_hash_algo : 8;
union {
MPI mpi[2];
struct {
MPI s; /* m^d mod n */
} rsa;
struct {
MPI r;
MPI s;
} dsa;
};
};

This should be filled in prior to calling the function.  The hash algorithm
should already have been called and the hash finalised and the output should
be in a buffer pointed to by the 'digest' member.

Any extra data to be added to the hash by the hash format (eg. PGP) should
have been added by the caller prior to finalising the hash.

It is assumed that the signature is made up of a number of MPI values.  If an
algorithm becomes available for which this is not the case, the above structure
will have to change.

It is also assumed that it will have been checked that the signature algorithm
matches the key algorithm.

Signed-off-by: David Howells <dhowells@redhat.com>

crypto/asymmetric_keys/Makefile		diff \| blob \| history
crypto/asymmetric_keys/signature.c	[new file with mode: 0644]	blob
include/crypto/public_key.h		diff \| blob \| history