Commit 191cac34 authored by Eric Biggers's avatar Eric Biggers Committed by Mimi Zohar
Browse files

lib/digsig: Use SHA-1 library instead of crypto_shash 



Now that a SHA-1 library API is available, use it instead of
crypto_shash.  This is simpler and faster.

Signed-off-by: default avatarEric Biggers <ebiggers@kernel.org>
Reviewed-by: default avatarPaul Menzel <pmenzel@molgen.mpg.de>
Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
parent 1376956c

lib/Kconfig

+1 −2
Original line number Diff line number Diff line
@@ -477,8 +477,7 @@ config MPILIB 
config SIGNATURE

	tristate

	depends on KEYS

	select CRYPTO

	select CRYPTO_SHA1

	select CRYPTO_LIB_SHA1

	select MPILIB

	help

	  Digital signature verification. Currently only RSA is supported.

lib/digsig.c

+6 −40
Original line number Diff line number Diff line
@@ -18,15 +18,11 @@ 
#include <linux/module.h>

#include <linux/slab.h>

#include <linux/key.h>

#include <linux/crypto.h>

#include <crypto/hash.h>

#include <crypto/sha1.h>

#include <keys/user-type.h>

#include <linux/mpi.h>

#include <linux/digsig.h>



static struct crypto_shash *shash;



static const char *pkcs_1_v1_5_decode_emsa(const unsigned char *msg,

						unsigned long  msglen,

						unsigned long  modulus_bitlen,
@@ -199,12 +195,12 @@ static int digsig_verify_rsa(struct key *key, 
int digsig_verify(struct key *keyring, const char *sig, int siglen,

						const char *data, int datalen)

{

	int err = -ENOMEM;

	struct signature_hdr *sh = (struct signature_hdr *)sig;

	struct shash_desc *desc = NULL;

	struct sha1_ctx ctx;

	unsigned char hash[SHA1_DIGEST_SIZE];

	struct key *key;

	char name[20];

	int err;



	if (siglen < sizeof(*sh) + 2)

		return -EINVAL;
@@ -231,49 +227,19 @@ int digsig_verify(struct key *keyring, const char *sig, int siglen, 
		return PTR_ERR(key);

	}



	desc = kzalloc(sizeof(*desc) + crypto_shash_descsize(shash),

		       GFP_KERNEL);

	if (!desc)

		goto err;



	desc->tfm = shash;



	crypto_shash_init(desc);

	crypto_shash_update(desc, data, datalen);

	crypto_shash_update(desc, sig, sizeof(*sh));

	crypto_shash_final(desc, hash);



	kfree(desc);

	sha1_init(&ctx);

	sha1_update(&ctx, data, datalen);

	sha1_update(&ctx, sig, sizeof(*sh));

	sha1_final(&ctx, hash);



	/* pass signature mpis address */

	err = digsig_verify_rsa(key, sig + sizeof(*sh), siglen - sizeof(*sh),

			     hash, sizeof(hash));



err:

	key_put(key);



	return err ? -EINVAL : 0;

}

EXPORT_SYMBOL_GPL(digsig_verify);



static int __init digsig_init(void)

{

	shash = crypto_alloc_shash("sha1", 0, 0);

	if (IS_ERR(shash)) {

		pr_err("shash allocation failed\n");

		return  PTR_ERR(shash);

	}



	return 0;



}



static void __exit digsig_cleanup(void)

{

	crypto_free_shash(shash);

}



module_init(digsig_init);

module_exit(digsig_cleanup);



MODULE_LICENSE("GPL");