Re: [PATCH v2 2/2] integrity: convert digsig to akcipher api

2015-12-14 Thread Tadeusz Struk 
On 12/14/2015 05:24 AM, Mimi Zohar wrote:
> On Sat, 2015-12-12 at 18:26 -0800, Tadeusz Struk wrote:
>> Convert asymmetric_verify to akcipher api.
>>
>> Signed-off-by: Tadeusz Struk 
>> ---
>>  security/integrity/Kconfig |1 +
>>  security/integrity/digsig_asymmetric.c |   10 +++---
>>  2 files changed, 4 insertions(+), 7 deletions(-)
>>
>> diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
>> index 73c457b..f0b2463 100644
>> --- a/security/integrity/Kconfig
>> +++ b/security/integrity/Kconfig
>> @@ -36,6 +36,7 @@ config INTEGRITY_ASYMMETRIC_KEYS
>>  select ASYMMETRIC_KEY_TYPE
>>  select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
>>  select PUBLIC_KEY_ALGO_RSA
>> +select CRYPTO_RSA
>>  select X509_CERTIFICATE_PARSER
>>  help
>>This option enables digital signature verification using
>> diff --git a/security/integrity/digsig_asymmetric.c 
>> b/security/integrity/digsig_asymmetric.c
>> index 4fec181..5629372 100644
>> --- a/security/integrity/digsig_asymmetric.c
>> +++ b/security/integrity/digsig_asymmetric.c
>> @@ -92,13 +92,9 @@ int asymmetric_verify(struct key *keyring, const char 
>> *sig,
>>  pks.pkey_hash_algo = hdr->hash_algo;
>>  pks.digest = (u8 *)data;
>>  pks.digest_size = datalen;
>> -pks.nr_mpi = 1;
>> -pks.rsa.s = mpi_read_raw_data(hdr->sig, siglen);
>> -
>> -if (pks.rsa.s)
>> -ret = verify_signature(key, );
>> -
>> -mpi_free(pks.rsa.s);
>> +pks.s = hdr->sig;
> 
> Thanks!  With this change, my system is now able to boot.
> 
Thanks Mimi.

David, do you have any comments to this patch set? If not could you ACK please.
Thanks,

-- 
TS
--
To unsubscribe from this list: send the line "unsubscribe 
linux-security-module" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v2 2/2] integrity: convert digsig to akcipher api

2015-12-14 Thread Mimi Zohar 
On Sat, 2015-12-12 at 18:26 -0800, Tadeusz Struk wrote:
> Convert asymmetric_verify to akcipher api.
> 
> Signed-off-by: Tadeusz Struk 
> ---
>  security/integrity/Kconfig |1 +
>  security/integrity/digsig_asymmetric.c |   10 +++---
>  2 files changed, 4 insertions(+), 7 deletions(-)
> 
> diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
> index 73c457b..f0b2463 100644
> --- a/security/integrity/Kconfig
> +++ b/security/integrity/Kconfig
> @@ -36,6 +36,7 @@ config INTEGRITY_ASYMMETRIC_KEYS
>  select ASYMMETRIC_KEY_TYPE
>  select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
>  select PUBLIC_KEY_ALGO_RSA
> +select CRYPTO_RSA
>  select X509_CERTIFICATE_PARSER
>   help
> This option enables digital signature verification using
> diff --git a/security/integrity/digsig_asymmetric.c 
> b/security/integrity/digsig_asymmetric.c
> index 4fec181..5629372 100644
> --- a/security/integrity/digsig_asymmetric.c
> +++ b/security/integrity/digsig_asymmetric.c
> @@ -92,13 +92,9 @@ int asymmetric_verify(struct key *keyring, const char *sig,
>   pks.pkey_hash_algo = hdr->hash_algo;
>   pks.digest = (u8 *)data;
>   pks.digest_size = datalen;
> - pks.nr_mpi = 1;
> - pks.rsa.s = mpi_read_raw_data(hdr->sig, siglen);
> -
> - if (pks.rsa.s)
> - ret = verify_signature(key, );
> -
> - mpi_free(pks.rsa.s);
> + pks.s = hdr->sig;

Thanks!  With this change, my system is now able to boot.

Mimi 

> + pks.s_size = siglen;
> + ret = verify_signature(key, );
>   key_put(key);
>   pr_debug("%s() = %d\n", __func__, ret);
>   return ret;

--
To unsubscribe from this list: send the line "unsubscribe 
linux-security-module" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v2 2/2] integrity: convert digsig to akcipher api

2015-12-12 Thread Tadeusz Struk 
Convert asymmetric_verify to akcipher api.

Signed-off-by: Tadeusz Struk 
---
 security/integrity/Kconfig |1 +
 security/integrity/digsig_asymmetric.c |   10 +++---
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index 73c457b..f0b2463 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig
@@ -36,6 +36,7 @@ config INTEGRITY_ASYMMETRIC_KEYS
 select ASYMMETRIC_KEY_TYPE
 select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
 select PUBLIC_KEY_ALGO_RSA
+select CRYPTO_RSA
 select X509_CERTIFICATE_PARSER
help
  This option enables digital signature verification using
diff --git a/security/integrity/digsig_asymmetric.c 
b/security/integrity/digsig_asymmetric.c
index 4fec181..5629372 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -92,13 +92,9 @@ int asymmetric_verify(struct key *keyring, const char *sig,
pks.pkey_hash_algo = hdr->hash_algo;
pks.digest = (u8 *)data;
pks.digest_size = datalen;
-   pks.nr_mpi = 1;
-   pks.rsa.s = mpi_read_raw_data(hdr->sig, siglen);
-
-   if (pks.rsa.s)
-   ret = verify_signature(key, );
-
-   mpi_free(pks.rsa.s);
+   pks.s = hdr->sig;
+   pks.s_size = siglen;
+   ret = verify_signature(key, );
key_put(key);
pr_debug("%s() = %d\n", __func__, ret);
return ret;

--
To unsubscribe from this list: send the line "unsubscribe 
linux-security-module" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html