| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add encryption, decryption, signature creation and signature verification
public key operations. Example usage:
j=`openssl pkcs8 -in ~/pkcs7/firmwarekey2.priv -topk8 -nocrypt -outform DER | \
keyctl padd asymmetric foo @s`
echo -n abcdefghijklmnopqrst >/tmp/data
keyctl pkey_encrypt $j 0 /tmp/data enc=pkcs1 >/tmp/enc
keyctl pkey_decrypt $j 0 /tmp/enc enc=pkcs1 >/tmp/dec
cmp /tmp/data /tmp/dec
keyctl pkey_sign $j 0 /tmp/data enc=pkcs1 hash=sha1 >/tmp/sig
keyctl pkey_verify $j 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
| |
Add a missing backslash into a regular expression in the toolbox.
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
With selinux disabled the test currently fails trying to setenforce, it
should be skipped instead. Found while trying to run in a container
where selinux always appears disabled.
Signed-off-by: Artem Savkov <asavkov@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Diffie-Hellman results used as input to a KDF algorithm can have leading
zero bytes, and the current kernel DH implementation truncates leading
zero bytes. This test confirms that the KDF code correctly handles DH
results with leading zeros.
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The dh_compute code now allows the following options:
- no KDF support / output of raw DH shared secret:
dh_compute <private> <prime> <base>
- KDF support without "other information" string:
dh_compute_kdf <private> <prime> <base> <output length> <hash_type>
- KDF support with "other information string:
dh_compute_kdf_oi <private> <prime> <base> <output length> <hash_type>
where the OI string is provided on STDIN.
The test to verify the code is based on a test vector used for the CAVS
testing of SP800-56A.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Created a new manual page for the new keyctl_restrict_keyring function and
added 'keyctl restrict_keyring' information for the keyctl command line
utility.
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
|
| |
Test keyring restrict options using keyctl_restrict()
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
| |
New symbols go into the libkeyutils.so.1.7 API.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
| |
Fix the handling of licence files in the specfile.
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
|
|
|
|
| |
Pass global ldflags into build so that hardening works.
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
git://git.kernel.org/pub/scm/linux/kernel/git/mtk/keyutils into next
"Here are some more man page layout fixes.
The biggest change is reformatting or keyctl(1) so that it's
prettier and more readable."
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| |
| |
| |
| |
| |
| | |
I introduced this problem with an earlier commit. Sorry!
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| |
| |
| |
| |
| |
| |
| | |
Use real minus signs in places where they should be used
(e..g, shell command and shell output).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| |
| |
| |
| |
| |
| | |
This make s the source much easier to read.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Use .nf/.fi to disable fill. This means we can remove use of .br.
It also fixes a few formatting glitches where some pieces of shell
code were being right justified in cases where the lines were long.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| |
| |
| |
| |
| |
| | |
The prompt "testbox>" is confusing and wordy. Use a simple "$" prompt.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| |
| |
| |
| |
| |
| | |
This layout makes the commands much easier to scan.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|/
|
|
|
|
|
| |
The current list of key IDs is layed out in a way that is quite
hard to san. Use a hanging list instead.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|\
| |
| |
| |
| |
| | |
git://git.kernel.org/pub/scm/linux/kernel/git/mtk/keyutils.git
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The norm for man pages is that the NAME line is formatted as a single
line without line breaks. The patched pages violate that norm,
and break various tools that process man page input
(such as my own scripts to format pages for man7.org).
Squash the NAME lines in the pages that have this problem, so that
a single line is produced. This necessarily entails abbreviating
the descriptive text somewhat, but I don't think this is a loss.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Normal man pages convention is that the phrase following
the dash is not capitalized.
Also, one or two other minor clean-ups in the NAME line.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| |
| |
| |
| |
| |
| | |
Always format functions as: .BR func ()
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| |
| |
| |
| |
| |
| | |
Format 'errno' with .I. Format error constants in bold.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
git://git.kernel.org/pub/scm/linux/kernel/git/mtk/keyutils.git
"As discussed face-to-face and by email, there are a number of
man pages in keyutils that document kernel APIs. The more natural
home for these pages is Linux man-pages. I've already migrated
the pages listed below into Linux man-pages, and subsequently
enhanced various pages. They'll be released with the next release of
man-pages (around the end of Feb 2017)."
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As discussed face-to-face and by email, there are a number of
man pages in keyutils that document kernel APIs. The more natural
home for these pages is Linux man-pages. I've already migrated
the pages listed below into Linux man-pages, and subsequently
enhanced various pages. They'll be released with the next release of
man-pages (around the end of Feb 2017).
keyrings.7
persistent-keyring.7
process-keyring.7
session-keyring.7
thread-keyring.7
user-keyring.7
user-session-keyring.7
|
|\ \
| | |
| | |
| | |
| | |
| | | |
git://git.kernel.org/pub/scm/linux/kernel/git/mtk/keyutils.git
Signed-off-by: David Howells <dhowells@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
SEE ALSO entries are ordered first by section, then
alphabetically within section.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
request_key() is in Section 2, not 3.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Don't force each entry onto new line
* Choose ragged right hand margin and disable hyphenation
* Use hard dashes in page names, to prevent hyphenation
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| |/
| |
| |
| |
| |
| |
| | |
Most pages use ".BR" markup. Make the others
(that use \fB..\fR) use the same mark-up.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Utilizes the new expect_multiline toolbox function to avoid false
positives. The expected output is converted to a heredoc and properly
quoted to preserve newlines.
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
expect_payload only looks at the last line of the output file, so it
doesn't work for commands that output multiple lines. expect_multiline
counts the lines in the expected value and extracts that number of
lines from the output file for comparison and assignment.
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
| |
| |
| |
| | |
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
| |
| |
| |
| | |
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
| |
| |
| |
| | |
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Created a new manual page for section 3 for the keyctl_dh_compute and
keyctl_dh_compute_alloc functions and listed these functions in the
man3 page for keyctl. Updated the man1 page for the new 'keyctl
dh_compute' command.
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|