1. 09 2月, 2016 1 次提交
  2. 06 2月, 2016 1 次提交
  3. 18 7月, 2014 1 次提交
  4. 09 7月, 2014 2 次提交
  5. 08 7月, 2014 2 次提交
    • D
      PKCS#7: Provide a key type for testing PKCS#7 · 22d01afb
      David Howells 提交于
      Provide a key type for testing the PKCS#7 parser.  It is given a non-detached
      PKCS#7 message as payload:
      
      	keyctl padd pkcs7_test a @s <stuff.pkcs7
      
      The PKCS#7 wrapper is validated against the trusted certificates available and
      then stripped off.  If successful, the key can be read, which will give the
      data content of the PKCS#7 message.
      
      A suitable message can be created by running make on the attached Makefile.
      This will produce a file called stuff.pkcs7 for test loading.  The key3.x509
      file should be put into the kernel source tree before it is built and
      converted to DER form:
      
      	openssl x509 -in .../pkcs7/key3.x509 -outform DER -out key3.x509
      
      ###############################################################################
      #
      # Create a pkcs7 message and sign it twice
      #
      #	openssl x509 -text -inform PEM -noout -in key2.x509
      #
      ###############################################################################
      stuff.pkcs7: stuff.txt key2.priv key2.x509 key4.priv key4.x509 certs
      	$(RM) $@
      	openssl smime -sign \
      		-signer key2.x509 \
      		-inkey key2.priv \
      		-signer key4.x509 \
      		-inkey key4.priv \
      		-in stuff.txt \
      		-certfile certs \
      		-out $@ -binary -outform DER -nodetach
      	openssl pkcs7 -inform DER -in stuff.pkcs7  -print_certs -noout
      	openssl asn1parse -inform DER -in stuff.pkcs7  -i >out
      
      stuff.txt:
      	echo "The quick red fox jumped over the lazy brown dog" >stuff.txt
      
      certs: key1.x509 key2.x509 key3.x509 key4.x509
      	cat key{1,3}.x509 >$@
      
      ###############################################################################
      #
      # Generate a signed key
      #
      #	openssl x509 -text -inform PEM -noout -in key2.x509
      #
      ###############################################################################
      key2.x509: key2.x509_unsigned key1.priv key1.x509
      	openssl x509 \
      		-req -in key2.x509_unsigned \
      		-out key2.x509 \
      		-extfile key2.genkey -extensions myexts \
      		-CA key1.x509 \
      		-CAkey key1.priv \
      		-CAcreateserial
      
      key2.priv key2.x509_unsigned: key2.genkey
      	openssl req -new -nodes -utf8 -sha1 -days 36500 \
      		-batch -outform PEM \
      		-config key2.genkey \
      		-keyout key2.priv \
      		-out key2.x509_unsigned
      
      key2.genkey:
      	@echo Generating X.509 key generation config
      	@echo  >$@ "[ req ]"
      	@echo >>$@ "default_bits = 4096"
      	@echo >>$@ "distinguished_name = req_distinguished_name"
      	@echo >>$@ "prompt = no"
      	@echo >>$@ "string_mask = utf8only"
      	@echo >>$@ "x509_extensions = myexts"
      	@echo >>$@
      	@echo >>$@ "[ req_distinguished_name ]"
      	@echo >>$@ "O = Magrathea"
      	@echo >>$@ "CN = PKCS7 key 2"
      	@echo >>$@ "emailAddress = slartibartfast@magrathea.h2g2"
      	@echo >>$@
      	@echo >>$@ "[ myexts ]"
      	@echo >>$@ "basicConstraints=critical,CA:FALSE"
      	@echo >>$@ "keyUsage=digitalSignature"
      	@echo >>$@ "subjectKeyIdentifier=hash"
      	@echo >>$@ "authorityKeyIdentifier=keyid"
      
      ###############################################################################
      #
      # Generate a couple of signing keys
      #
      #	openssl x509 -text -inform PEM -noout -in key1.x509
      #
      ###############################################################################
      key1.x509: key1.x509_unsigned key4.priv key4.x509
      	openssl x509 \
      		-req -in key1.x509_unsigned \
      		-out key1.x509 \
      		-extfile key1.genkey -extensions myexts \
      		-CA key4.x509 \
      		-CAkey key4.priv \
      		-CAcreateserial
      
      key1.priv key1.x509_unsigned: key1.genkey
      	openssl req -new -nodes -utf8 -sha1 -days 36500 \
      		-batch -outform PEM \
      		-config key1.genkey \
      		-keyout key1.priv \
      		-out key1.x509_unsigned
      
      key1.genkey:
      	@echo Generating X.509 key generation config
      	@echo  >$@ "[ req ]"
      	@echo >>$@ "default_bits = 4096"
      	@echo >>$@ "distinguished_name = req_distinguished_name"
      	@echo >>$@ "prompt = no"
      	@echo >>$@ "string_mask = utf8only"
      	@echo >>$@ "x509_extensions = myexts"
      	@echo >>$@
      	@echo >>$@ "[ req_distinguished_name ]"
      	@echo >>$@ "O = Magrathea"
      	@echo >>$@ "CN = PKCS7 key 1"
      	@echo >>$@ "emailAddress = slartibartfast@magrathea.h2g2"
      	@echo >>$@
      	@echo >>$@ "[ myexts ]"
      	@echo >>$@ "basicConstraints=critical,CA:TRUE"
      	@echo >>$@ "keyUsage=digitalSignature,keyCertSign"
      	@echo >>$@ "subjectKeyIdentifier=hash"
      	@echo >>$@ "authorityKeyIdentifier=keyid"
      
      ###############################################################################
      #
      # Generate a signed key
      #
      #	openssl x509 -text -inform PEM -noout -in key4.x509
      #
      ###############################################################################
      key4.x509: key4.x509_unsigned key3.priv key3.x509
      	openssl x509 \
      		-req -in key4.x509_unsigned \
      		-out key4.x509 \
      		-extfile key4.genkey -extensions myexts \
      		-CA key3.x509 \
      		-CAkey key3.priv \
      		-CAcreateserial
      
      key4.priv key4.x509_unsigned: key4.genkey
      	openssl req -new -nodes -utf8 -sha1 -days 36500 \
      		-batch -outform PEM \
      		-config key4.genkey \
      		-keyout key4.priv \
      		-out key4.x509_unsigned
      
      key4.genkey:
      	@echo Generating X.509 key generation config
      	@echo  >$@ "[ req ]"
      	@echo >>$@ "default_bits = 4096"
      	@echo >>$@ "distinguished_name = req_distinguished_name"
      	@echo >>$@ "prompt = no"
      	@echo >>$@ "string_mask = utf8only"
      	@echo >>$@ "x509_extensions = myexts"
      	@echo >>$@
      	@echo >>$@ "[ req_distinguished_name ]"
      	@echo >>$@ "O = Magrathea"
      	@echo >>$@ "CN = PKCS7 key 4"
      	@echo >>$@ "emailAddress = slartibartfast@magrathea.h2g2"
      	@echo >>$@
      	@echo >>$@ "[ myexts ]"
      	@echo >>$@ "basicConstraints=critical,CA:TRUE"
      	@echo >>$@ "keyUsage=digitalSignature,keyCertSign"
      	@echo >>$@ "subjectKeyIdentifier=hash"
      	@echo >>$@ "authorityKeyIdentifier=keyid"
      
      ###############################################################################
      #
      # Generate a couple of signing keys
      #
      #	openssl x509 -text -inform PEM -noout -in key3.x509
      #
      ###############################################################################
      key3.priv key3.x509: key3.genkey
      	openssl req -new -nodes -utf8 -sha1 -days 36500 \
      		-batch -x509 -outform PEM \
      		-config key3.genkey \
      		-keyout key3.priv \
      		-out key3.x509
      
      key3.genkey:
      	@echo Generating X.509 key generation config
      	@echo  >$@ "[ req ]"
      	@echo >>$@ "default_bits = 4096"
      	@echo >>$@ "distinguished_name = req_distinguished_name"
      	@echo >>$@ "prompt = no"
      	@echo >>$@ "string_mask = utf8only"
      	@echo >>$@ "x509_extensions = myexts"
      	@echo >>$@
      	@echo >>$@ "[ req_distinguished_name ]"
      	@echo >>$@ "O = Magrathea"
      	@echo >>$@ "CN = PKCS7 key 3"
      	@echo >>$@ "emailAddress = slartibartfast@magrathea.h2g2"
      	@echo >>$@
      	@echo >>$@ "[ myexts ]"
      	@echo >>$@ "basicConstraints=critical,CA:TRUE"
      	@echo >>$@ "keyUsage=digitalSignature,keyCertSign"
      	@echo >>$@ "subjectKeyIdentifier=hash"
      	@echo >>$@ "authorityKeyIdentifier=keyid"
      
      clean:
      	$(RM) *~
      	$(RM) key1.* key2.* key3.* key4.* stuff.* out certs
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      22d01afb
    • D
      PKCS#7: Implement a parser [RFC 2315] · 2e3fadbf
      David Howells 提交于
      Implement a parser for a PKCS#7 signed-data message as described in part of
      RFC 2315.
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Acked-by: NVivek Goyal <vgoyal@redhat.com>
      Reviewed-by: NKees Cook <keescook@chromium.org>
      2e3fadbf
  6. 19 6月, 2014 1 次提交
  7. 01 11月, 2013 1 次提交
    • D
      KEYS: The RSA public key algorithm needs to select MPILIB · dbed7141
      David Howells 提交于
      The RSA public key algorithm needs to select MPILIB directly in Kconfig as the
      'select' directive is not recursive and is thus MPILIB is not enabled by
      selecting MPILIB_EXTRA.
      
      Without this, the following errors can occur:
      
      	crypto/built-in.o: In function `RSA_verify_signature':
      	rsa.c:(.text+0x1d347): undefined reference to `mpi_get_nbits'
      	rsa.c:(.text+0x1d354): undefined reference to `mpi_get_nbits'
      	rsa.c:(.text+0x1d36e): undefined reference to `mpi_cmp_ui'
      	rsa.c:(.text+0x1d382): undefined reference to `mpi_cmp'
      	rsa.c:(.text+0x1d391): undefined reference to `mpi_alloc'
      	rsa.c:(.text+0x1d3b0): undefined reference to `mpi_powm'
      	rsa.c:(.text+0x1d3c3): undefined reference to `mpi_free'
      	rsa.c:(.text+0x1d3d8): undefined reference to `mpi_get_buffer'
      	rsa.c:(.text+0x1d4d4): undefined reference to `mpi_free'
      	rsa.c:(.text+0x1d503): undefined reference to `mpi_get_nbits'
      Reported-by: NRandy Dunlap <rdunlap@infradead.org>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Acked-by: NRandy Dunlap <rdunlap@infradead.org>
      dbed7141
  8. 26 10月, 2013 1 次提交
  9. 25 9月, 2013 1 次提交
  10. 08 10月, 2012 4 次提交