at the moment I am working on the kernel module of ccn-lite (http://www.ccn-lite.net/). For that I need some security functionality (sha1 and public/private key authentificaton). For the user-space I use the openssl library, but I cannot use a library in the kernel module.
It is also hard to pick the functions out of OpenSSL and add them to the kernel module, because most of them have dependencies to libc.
Is there any any security function in the linux kernel, which I could use?
Edit: I can compute the hash function of the data received over ethernet:
struct scatterlist sg[1];
struct crypto_hash *tfm;
struct hash_desc desc;
tfm = crypto_alloc_hash("sha1", 0, CRYPTO_ALG_ASYNC);
desc.tfm = tfm;
desc.flags = 0;
crypto_hash_init(&desc);
sg_init_table(sg, ARRAY_SIZE(sg));
sg_set_buf(&sg[0], input, length);
crypto_hash_digest(&desc, sg, length, md);
crypto_free_hash(tfm);
And now I want to verify the signature field of the data by using the function digsig_verify.
verified = digsig_verify(keyring, sig, sig_len, md, md_len);
As far as I can see, the second parameter is the signature, the third the len of the signature, the forth is the hash of the data and the last is the length of the hash.
The first field has the type "struct key", and should contain the publickey, which is needed to verify the signature?
How can I initialize this parameter i.e. how can I get the systems public key? Is there also a way to sign a char* in the linux kernel?
The linux kernel comes with a bunch of crypto functions.