git.openwrt.org Git - openwrt/staging/blogic.git/commit

author	David Howells <dhowells@redhat.com>
	Tue, 9 Oct 2018 16:47:38 +0000 (17:47 +0100)
committer	James Morris <james.morris@microsoft.com>
	Fri, 26 Oct 2018 08:30:46 +0000 (09:30 +0100)
commit	c08fed73712620eb0a19244dbbbbdf00edbe5e47
tree	ac2ce0609c78d7a217e9e933d872acb1bdcd3237	tree \| snapshot
parent	f7c4e06e066c3df282e6e3d4e7d8c498be9e1e46	commit \| diff

KEYS: Implement encrypt, decrypt and sign for software asymmetric key [ver #2]

Implement the encrypt, decrypt and sign operations for the software
asymmetric key subtype.  This mostly involves offloading the call to the
crypto layer.

Note that the decrypt and sign operations require a private key to be
supplied.  Encrypt (and also verify) will work with either a public or a
private key.  A public key can be supplied with an X.509 certificate and a
private key can be supplied using a PKCS#8 blob:

# j=`openssl pkcs8 -in ~/pkcs7/firmwarekey2.priv -topk8 -nocrypt -outform DER | keyctl padd asymmetric foo @s`
# keyctl pkey_query $j - enc=pkcs1
key_size=4096
max_data_size=512
max_sig_size=512
max_enc_size=512
max_dec_size=512
encrypt=y
decrypt=y
sign=y
verify=y
# keyctl pkey_encrypt $j 0 data enc=pkcs1 >/tmp/enc
# keyctl pkey_decrypt $j 0 /tmp/enc enc=pkcs1 >/tmp/dec
# cmp data /tmp/dec
# keyctl pkey_sign $j 0 data enc=pkcs1 hash=sha1 >/tmp/sig
# keyctl pkey_verify $j 0 data /tmp/sig enc=pkcs1 hash=sha1
#

Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Marcel Holtmann <marcel@holtmann.org>
Reviewed-by: Marcel Holtmann <marcel@holtmann.org>
Reviewed-by: Denis Kenzior <denkenz@gmail.com>
Tested-by: Denis Kenzior <denkenz@gmail.com>
Signed-off-by: James Morris <james.morris@microsoft.com>