lib/digsig.c
Source file repositories/reference/linux-study-clean/lib/digsig.c
File Facts
- System
- Linux kernel
- Corpus path
lib/digsig.c- Extension
.c- Size
- 5018 bytes
- Lines
- 245
- Domain
- Kernel Services
- Bucket
- lib
- Inferred role
- Kernel Services: exported/initcall integration point
- Status
- integration implementation candidate
Why This File Exists
Shared kernel service surface used by multiple subsystems, including helpers, cryptography, virtualization support, and async I/O infrastructure.
- Shared kernel service surface used by multiple subsystems, including helpers, cryptography, virtualization support, and async I/O infrastructure.
- Exports symbols or registers init work; inspect boot/module ordering and who consumes the exported contract.
- Allocates kernel memory; connect allocation flags and lifetime to context constraints.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/err.hlinux/module.hlinux/slab.hlinux/key.hcrypto/sha1.hkeys/user-type.hlinux/mpi.hlinux/digsig.h
Detected Declarations
function Copyrightfunction digsig_verify_rsafunction digsig_verifyexport digsig_verify
Annotated Snippet
if (IS_ERR(pkey[i])) {
err = PTR_ERR(pkey[i]);
goto err;
}
datap += remaining;
}
mblen = mpi_get_nbits(pkey[0]);
mlen = DIV_ROUND_UP(mblen, 8);
if (mlen == 0) {
err = -EINVAL;
goto err;
}
err = -ENOMEM;
out1 = kzalloc(mlen, GFP_KERNEL);
if (!out1)
goto err;
nret = siglen;
in = mpi_read_from_buffer(sig, &nret);
if (IS_ERR(in)) {
err = PTR_ERR(in);
goto err;
}
res = mpi_alloc(mpi_get_nlimbs(in) * 2);
if (!res)
goto err;
err = mpi_powm(res, in, pkey[1], pkey[0]);
if (err)
goto err;
if (mpi_get_nlimbs(res) * BYTES_PER_MPI_LIMB > mlen) {
err = -EINVAL;
goto err;
}
p = mpi_get_buffer(res, &l, NULL);
if (!p) {
err = -EINVAL;
goto err;
}
len = mlen;
head = len - l;
memcpy(out1 + head, p, l);
kfree(p);
m = pkcs_1_v1_5_decode_emsa(out1, len, mblen, &len);
if (!m || len != hlen || memcmp(m, h, hlen))
err = -EINVAL;
err:
mpi_free(in);
mpi_free(res);
kfree(out1);
while (--i >= 0)
mpi_free(pkey[i]);
err1:
up_read(&key->sem);
return err;
}
/**
* digsig_verify() - digital signature verification with public key
* @keyring: keyring to search key in
* @sig: digital signature
* @siglen: length of the signature
* @data: data
* @datalen: length of the data
*
* Returns 0 on success, -EINVAL otherwise
*
* Verifies data integrity against digital signature.
* Currently only RSA is supported.
* Normally hash of the content is used as a data for this function.
*
*/
int digsig_verify(struct key *keyring, const char *sig, int siglen,
const char *data, int datalen)
{
struct signature_hdr *sh = (struct signature_hdr *)sig;
struct sha1_ctx ctx;
Annotation
- Immediate include surface: `linux/err.h`, `linux/module.h`, `linux/slab.h`, `linux/key.h`, `crypto/sha1.h`, `keys/user-type.h`, `linux/mpi.h`, `linux/digsig.h`.
- Detected declarations: `function Copyright`, `function digsig_verify_rsa`, `function digsig_verify`, `export digsig_verify`.
- Atlas domain: Kernel Services / lib.
- Implementation status: integration implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.