linux-stable/crypto/asymmetric_keys
Denis Kenzior 64ae16dfee KEYS: asym_tpm: Add support for the sign operation [ver #2]
The sign operation can operate in a non-hashed mode by running the RSA
sign operation directly on the input.  This assumes that the input is
less than key_size_in_bytes - 11.  Since the TPM performs its own PKCS1
padding, it isn't possible to support 'raw' mode, only 'pkcs1'.

Alternatively, a hashed version is also possible.  In this variant the
input is hashed (by userspace) via the selected hash function first.
Then this implementation takes care of converting the hash to ASN.1
format and the sign operation is performed on the result.  This is
similar to the implementation inside crypto/rsa-pkcs1pad.c.

ASN1 templates were copied from crypto/rsa-pkcs1pad.c.  There seems to
be no easy way to expose that functionality, but likely the templates
should be shared somehow.

The sign operation is implemented via TPM_Sign operation on the TPM.
It is assumed that the TPM wrapped key provided uses
TPM_SS_RSASSAPKCS1v15_DER signature scheme.  This allows the TPM_Sign
operation to work on data up to key_len_in_bytes - 11 bytes long.

In theory, we could also use TPM_Unbind instead of TPM_Sign, but we would
have to manually pkcs1 pad the digest first.

Signed-off-by: Denis Kenzior <denkenz@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Marcel Holtmann <marcel@holtmann.org>
Reviewed-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: James Morris <james.morris@microsoft.com>
2018-10-26 09:30:47 +01:00
..
asym_tpm.c KEYS: asym_tpm: Add support for the sign operation [ver #2] 2018-10-26 09:30:47 +01:00
asymmetric_keys.h KEYS: Provide missing asymmetric key subops for new key type ops [ver #2] 2018-10-26 09:30:46 +01:00
asymmetric_type.c KEYS: Provide missing asymmetric key subops for new key type ops [ver #2] 2018-10-26 09:30:46 +01:00
Kconfig KEYS: trusted: Expose common functionality [ver #2] 2018-10-26 09:30:47 +01:00
Makefile KEYS: Add parser for TPM-based keys [ver #2] 2018-10-26 09:30:46 +01:00
mscode.asn1 pefile: Parse the "Microsoft individual code signing" data blob 2014-07-09 14:58:37 +01:00
mscode_parser.c kbuild: rename *-asn1.[ch] to *.asn1.[ch] 2018-04-07 19:04:02 +09:00
pkcs7.asn1 PKCS#7: Appropriately restrict authenticated attributes and content type 2015-08-12 17:01:01 +01:00
pkcs7_key_type.c Replace magic for trusting the secondary keyring with #define 2018-08-16 09:57:20 -07:00
pkcs7_parser.c KEYS: Make the X.509 and PKCS7 parsers supply the sig encoding type [ver #2] 2018-10-26 09:30:46 +01:00
pkcs7_parser.h PKCS#7: Handle blacklisted certificates 2017-04-03 16:07:25 +01:00
pkcs7_trust.c PKCS#7: fix direct verification of SignerInfo signature 2018-02-22 14:38:33 +00:00
pkcs7_verify.c PKCS#7: fix certificate blacklisting 2018-02-22 14:38:33 +00:00
pkcs8.asn1 KEYS: Implement PKCS#8 RSA Private Key parser [ver #2] 2018-10-26 09:30:46 +01:00
pkcs8_parser.c KEYS: Implement PKCS#8 RSA Private Key parser [ver #2] 2018-10-26 09:30:46 +01:00
public_key.c KEYS: Implement encrypt, decrypt and sign for software asymmetric key [ver #2] 2018-10-26 09:30:46 +01:00
restrict.c X.509: fix NULL dereference when restricting key with unsupported_sig 2018-02-22 14:38:34 +00:00
signature.c KEYS: Provide missing asymmetric key subops for new key type ops [ver #2] 2018-10-26 09:30:46 +01:00
tpm.asn1 KEYS: Add parser for TPM-based keys [ver #2] 2018-10-26 09:30:46 +01:00
tpm_parser.c KEYS: Add parser for TPM-based keys [ver #2] 2018-10-26 09:30:46 +01:00
verify_pefile.c crypto : asymmetric_keys : verify_pefile:zero memory content before freeing 2017-06-09 13:29:50 +10:00
verify_pefile.h KEYS: Generalise system_verify_data() to provide access to internal content 2016-04-06 16:14:24 +01:00
x509.asn1 X.509: Add bits needed for PKCS#7 2014-07-01 16:40:19 +01:00
x509_akid.asn1 X.509: Extract both parts of the AuthorityKeyIdentifier 2015-08-07 16:26:13 +01:00
x509_cert_parser.c KEYS: Make the X.509 and PKCS7 parsers supply the sig encoding type [ver #2] 2018-10-26 09:30:46 +01:00
x509_parser.h X.509: Allow X.509 certs to be blacklisted 2017-04-03 16:07:25 +01:00
x509_public_key.c X.509: fix comparisons of ->pkey_algo 2017-12-08 15:13:29 +00:00