€•ë0Œsphinx.addnodes”Œdocument”“”)”}”(Œ rawsource”Œ”Œchildren”]”(Œ translations”Œ LanguagesNode”“”)”}”(hhh]”(hŒ pending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ refdomain”Œstd”Œreftype”Œdoc”Œ reftarget”Œ#/translations/zh_CN/security/digsig”Œmodname”NŒ classname”NŒ refexplicit”ˆuŒtagname”hhh ubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ#/translations/zh_TW/security/digsig”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ#/translations/it_IT/security/digsig”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ#/translations/ja_JP/security/digsig”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ#/translations/ko_KR/security/digsig”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ#/translations/sp_SP/security/digsig”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h hhŒ _document”hŒsource”NŒline”NubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ"Digital Signature Verification API”h]”hŒ"Digital Signature Verification API”…””}”(hh¨hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hh£hžhhŸŒ=/var/lib/git/docbuild/linux/Documentation/security/digsig.rst”h KubhŒ field_list”“”)”}”(hhh]”(hŒfield”“”)”}”(hhh]”(hŒ field_name”“”)”}”(hŒAuthor”h]”hŒAuthor”…””}”(hhÃhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÁhh¾hŸh¶h KubhŒ field_body”“”)”}”(hŒDmitry Kasatkin”h]”hŒ paragraph”“”)”}”(hhÕh]”hŒDmitry Kasatkin”…””}”(hhÙhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh¶h KhhÓubah}”(h]”h ]”h"]”h$]”h&]”uh1hÑhh¾ubeh}”(h]”h ]”h"]”h$]”h&]”uh1h¼hŸh¶h Khh¹hžhubh½)”}”(hhh]”(hÂ)”}”(hŒDate”h]”hŒDate”…””}”(hhõhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÁhhòhŸh¶h KubhÒ)”}”(hŒ 06.10.2011 ”h]”hØ)”}”(hŒ 06.10.2011”h]”hŒ 06.10.2011”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh¶h Khjubah}”(h]”h ]”h"]”h$]”h&]”uh1hÑhhòubeh}”(h]”h ]”h"]”h$]”h&]”uh1h¼hŸh¶h Khh¹hžhubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hh£hžhhŸh¶h KubhŒcomment”“”)”}”(hŒ8CONTENTS 1. Introduction 2. API 3. User-space utilities”h]”hŒ8CONTENTS 1. Introduction 2. API 3. User-space utilities”…””}”hj)sbah}”(h]”h ]”h"]”h$]”h&]”Œ xml:space”Œpreserve”uh1j'hh£hžhhŸh¶h Kubh¢)”}”(hhh]”(h§)”}”(hŒ Introduction”h]”hŒ Introduction”…””}”(hj<hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj9hžhhŸh¶h KubhØ)”}”(hŒ¦Digital signature verification API provides a method to verify digital signature. Currently digital signatures are used by the IMA/EVM integrity protection subsystem.”h]”hŒ¦Digital signature verification API provides a method to verify digital signature. Currently digital signatures are used by the IMA/EVM integrity protection subsystem.”…””}”(hjJhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh¶h Khj9hžhubhØ)”}”(hX+Digital signature verification is implemented using cut-down kernel port of GnuPG multi-precision integers (MPI) library. The kernel port provides memory allocation errors handling, has been refactored according to kernel coding style, and checkpatch.pl reported errors and warnings have been fixed.”h]”hX+Digital signature verification is implemented using cut-down kernel port of GnuPG multi-precision integers (MPI) library. The kernel port provides memory allocation errors handling, has been refactored according to kernel coding style, and checkpatch.pl reported errors and warnings have been fixed.”…””}”(hjXhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh¶h Khj9hžhubhØ)”}”(hŒ5Public key and signature consist of header and MPIs::”h]”hŒ4Public key and signature consist of header and MPIs:”…””}”(hjfhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh¶h Khj9hžhubhŒ literal_block”“”)”}”(hXIstruct pubkey_hdr { uint8_t version; /* key format version */ time_t timestamp; /* key made, always 0 for now */ uint8_t algo; uint8_t nmpi; char mpi[0]; } __packed; struct signature_hdr { uint8_t version; /* signature format version */ time_t timestamp; /* signature made */ uint8_t algo; uint8_t hash; uint8_t keyid[8]; uint8_t nmpi; char mpi[0]; } __packed;”h]”hXIstruct pubkey_hdr { uint8_t version; /* key format version */ time_t timestamp; /* key made, always 0 for now */ uint8_t algo; uint8_t nmpi; char mpi[0]; } __packed; struct signature_hdr { uint8_t version; /* signature format version */ time_t timestamp; /* signature made */ uint8_t algo; uint8_t hash; uint8_t keyid[8]; uint8_t nmpi; char mpi[0]; } __packed;”…””}”hjvsbah}”(h]”h ]”h"]”h$]”h&]”j7j8uh1jthŸh¶h Khj9hžhubhØ)”}”(hXkeyid equals to SHA1[12-19] over the total key content. Signature header is used as an input to generate a signature. Such approach insures that key or signature header could not be changed. It protects timestamp from been changed and can be used for rollback protection.”h]”hXkeyid equals to SHA1[12-19] over the total key content. Signature header is used as an input to generate a signature. Such approach insures that key or signature header could not be changed. It protects timestamp from been changed and can be used for rollback protection.”…””}”(hj„hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh¶h K/hj9hžhubeh}”(h]”Œ introduction”ah ]”h"]”Œ introduction”ah$]”h&]”uh1h¡hh£hžhhŸh¶h Kubh¢)”}”(hhh]”(h§)”}”(hŒAPI”h]”hŒAPI”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjšhžhhŸh¶h K6ubhØ)”}”(hŒ(API currently includes only 1 function::”h]”hŒ'API currently includes only 1 function:”…””}”(hj«hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh¶h K8hjšhžhubju)”}”(hXudigsig_verify() - digital signature verification with public key /** * digsig_verify() - digital signature verification with public key * @keyring: keyring to search key in * @sig: digital signature * @sigen: length of the signature * @data: data * @datalen: length of the data * @return: 0 on success, -EINVAL otherwise * * Verifies data integrity against digital signature. * Currently only RSA is supported. * Normally hash of the content is used as a data for this function. * */ int digsig_verify(struct key *keyring, const char *sig, int siglen, const char *data, int datalen);”h]”hXudigsig_verify() - digital signature verification with public key /** * digsig_verify() - digital signature verification with public key * @keyring: keyring to search key in * @sig: digital signature * @sigen: length of the signature * @data: data * @datalen: length of the data * @return: 0 on success, -EINVAL otherwise * * Verifies data integrity against digital signature. * Currently only RSA is supported. * Normally hash of the content is used as a data for this function. * */ int digsig_verify(struct key *keyring, const char *sig, int siglen, const char *data, int datalen);”…””}”hj¹sbah}”(h]”h ]”h"]”h$]”h&]”j7j8uh1jthŸh¶h K:hjšhžhubeh}”(h]”Œapi”ah ]”h"]”Œapi”ah$]”h&]”uh1h¡hh£hžhhŸh¶h K6ubh¢)”}”(hhh]”(h§)”}”(hŒUser-space utilities”h]”hŒUser-space utilities”…””}”(hjÒhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjÏhžhhŸh¶h KOubhØ)”}”(hX7The signing and key management utilities evm-utils provide functionality to generate signatures, to load keys into the kernel keyring. Keys can be in PEM or converted to the kernel format. When the key is added to the kernel keyring, the keyid defines the name of the key: 5D2B05FC633EE3E8 in the example below.”h]”hX7The signing and key management utilities evm-utils provide functionality to generate signatures, to load keys into the kernel keyring. Keys can be in PEM or converted to the kernel format. When the key is added to the kernel keyring, the keyid defines the name of the key: 5D2B05FC633EE3E8 in the example below.”…””}”(hjàhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh¶h KQhjÏhžhubhØ)”}”(hŒ.Here is example output of the keyctl utility::”h]”hŒ-Here is example output of the keyctl utility:”…””}”(hjîhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h×hŸh¶h KWhjÏhžhubju)”}”(hXó$ keyctl show Session Keyring -3 --alswrv 0 0 keyring: _ses 603976250 --alswrv 0 -1 \_ keyring: _uid.0 817777377 --alswrv 0 0 \_ user: kmk 891974900 --alswrv 0 0 \_ encrypted: evm-key 170323636 --alswrv 0 0 \_ keyring: _module 548221616 --alswrv 0 0 \_ keyring: _ima 128198054 --alswrv 0 0 \_ keyring: _evm $ keyctl list 128198054 1 key in keyring: 620789745: --alswrv 0 0 user: 5D2B05FC633EE3E8”h]”hXó$ keyctl show Session Keyring -3 --alswrv 0 0 keyring: _ses 603976250 --alswrv 0 -1 \_ keyring: _uid.0 817777377 --alswrv 0 0 \_ user: kmk 891974900 --alswrv 0 0 \_ encrypted: evm-key 170323636 --alswrv 0 0 \_ keyring: _module 548221616 --alswrv 0 0 \_ keyring: _ima 128198054 --alswrv 0 0 \_ keyring: _evm $ keyctl list 128198054 1 key in keyring: 620789745: --alswrv 0 0 user: 5D2B05FC633EE3E8”…””}”hjüsbah}”(h]”h ]”h"]”h$]”h&]”j7j8uh1jthŸh¶h KYhjÏhžhubeh}”(h]”Œuser-space-utilities”ah ]”h"]”Œuser-space utilities”ah$]”h&]”uh1h¡hh£hžhhŸh¶h KOubeh}”(h]”Œ"digital-signature-verification-api”ah ]”h"]”Œ"digital signature verification api”ah$]”h&]”uh1h¡hhhžhhŸh¶h Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h¶uh1hŒcurrent_source”NŒ current_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(h¦NŒ generator”NŒ datestamp”NŒ source_link”NŒ source_url”NŒ toc_backlinks”Œentry”Œfootnote_backlinks”KŒ sectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒ strip_classes”NŒ report_level”KŒ halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ traceback”ˆŒinput_encoding”Œ utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”j=Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œ language_code”Œen”Œrecord_dependencies”NŒconfig”NŒ id_prefix”hŒauto_id_prefix”Œid”Œ dump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h¶Œ _destination”NŒ _config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒ raw_enabled”KŒline_length_limit”M'Œpep_references”NŒ pep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒ rfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œ smart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œ docinfo_xform”KŒsectsubtitle_xform”‰Œ image_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(jjj—j”jÌjÉjj uŒ nametypes”}”(j‰j—‰j̉j‰uh}”(jh£j”j9jÉjšj jÏuŒ footnote_refs”}”Œ citation_refs”}”Œ autofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ footnotes”]”Œ citations”]”Œautofootnote_start”KŒsymbol_footnote_start”KŒ id_counter”Œ collections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œ transformer”NŒ include_log”]”Œ decoration”Nhžhub.