These patches do the following:
(1) Retain a signature in an asymmetric-type key and associate with it the
identifiers that will match a key that can be used to verify it.
(2) Differentiate an X.509 cert that cannot be used versus one that cannot
be verified due to unavailable crypto. This is noted in the
structures involved.
(3) Determination of the self-signedness of an X.509 cert is improved to
include checks on the subject/issuer names and the key
algorithm/signature algorithm types.
(4) Self-signed X.509 certificates are consistency checked early on if the
appropriate crypto is available.
This set of patches is a prelude to a set that changes how trustworthiness
is determined.
David
---
David Howells (7):
X.509: Whitespace cleanup
KEYS: Allow authentication data to be stored in an asymmetric key
KEYS: Add identifier pointers to public_key_signature struct
X.509: Retain the key verification data
PKCS#7: Make the signature a pointer rather than embedding it
X.509: Extract signature digest and make self-signed cert checks earlier
There's a bug in the code determining whether a certificate is self-signed
crypto/asymmetric_keys/asymmetric_type.c | 7 +
crypto/asymmetric_keys/pkcs7_parser.c | 38 ++++--
crypto/asymmetric_keys/pkcs7_parser.h | 10 +-
crypto/asymmetric_keys/pkcs7_trust.c | 12 +-
crypto/asymmetric_keys/pkcs7_verify.c | 107 +++++++----------
crypto/asymmetric_keys/public_key.c | 20 ++-
crypto/asymmetric_keys/signature.c | 18 +++
crypto/asymmetric_keys/x509_cert_parser.c | 52 +++++---
crypto/asymmetric_keys/x509_parser.h | 11 +-
crypto/asymmetric_keys/x509_public_key.c | 182 +++++++++++++++++++----------
include/crypto/public_key.h | 6 +
include/keys/asymmetric-subtype.h | 2
include/keys/asymmetric-type.h | 7 +
13 files changed, 281 insertions(+), 191 deletions(-)
