[linux-block.git] / crypto / asymmetric_keys / public_key.c

// SPDX-License-Identifier: GPL-2.0-or-later
/* In-software asymmetric public-key crypto subtype
 *
 * See Documentation/crypto/asymmetric-keys.rst
 *
 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
 * Written by David Howells (dhowells@redhat.com)
 */

#define pr_fmt(fmt) "PKEY: "fmt
#include <linux/module.h>
#include <linux/export.h>
#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/seq_file.h>
#include <linux/scatterlist.h>
#include <keys/asymmetric-subtype.h>
#include <crypto/public_key.h>
#include <crypto/akcipher.h>
#include <crypto/sm2.h>
#include <crypto/sm3_base.h>

MODULE_DESCRIPTION("In-software asymmetric public-key subtype");
MODULE_AUTHOR("Red Hat, Inc.");
MODULE_LICENSE("GPL");

/*
 * Provide a part of a description of the key for /proc/keys.
 */
static void public_key_describe(const struct key *asymmetric_key,
				struct seq_file *m)
{
	struct public_key *key = asymmetric_key->payload.data[asym_crypto];

	if (key)
		seq_printf(m, "%s.%s", key->id_type, key->pkey_algo);
}

/*
 * Destroy a public key algorithm key.
 */
void public_key_free(struct public_key *key)
{
	if (key) {
		kfree(key->key);
		kfree(key->params);
		kfree(key);
	}
}
EXPORT_SYMBOL_GPL(public_key_free);

/*
 * Destroy a public key algorithm key.
 */
static void public_key_destroy(void *payload0, void *payload3)
{
	public_key_free(payload0);
	public_key_signature_free(payload3);
}

/*
 * Determine the crypto algorithm name.
 */
static
int software_key_determine_akcipher(const char *encoding,
				    const char *hash_algo,
				    const struct public_key *pkey,
				    char alg_name[CRYPTO_MAX_ALG_NAME])
{
	int n;

	if (strcmp(encoding, "pkcs1") == 0) {
		/* The data wangled by the RSA algorithm is typically padded
		 * and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447
		 * sec 8.2].
		 */
		if (!hash_algo)
			n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
				     "pkcs1pad(%s)",
				     pkey->pkey_algo);
		else
			n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
				     "pkcs1pad(%s,%s)",
				     pkey->pkey_algo, hash_algo);
		return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0;
	}

	if (strcmp(encoding, "raw") == 0) {
		strcpy(alg_name, pkey->pkey_algo);
		return 0;
	}

	return -ENOPKG;
}

static u8 *pkey_pack_u32(u8 *dst, u32 val)
{
	memcpy(dst, &val, sizeof(val));
	return dst + sizeof(val);
}

/*
 * Query information about a key.
 */
static int software_key_query(const struct kernel_pkey_params *params,
			      struct kernel_pkey_query *info)
{
	struct crypto_akcipher *tfm;
	struct public_key *pkey = params->key->payload.data[asym_crypto];
	char alg_name[CRYPTO_MAX_ALG_NAME];
	u8 *key, *ptr;
	int ret, len;

	ret = software_key_determine_akcipher(params->encoding,
					      params->hash_algo,
					      pkey, alg_name);
	if (ret < 0)
		return ret;

	tfm = crypto_alloc_akcipher(alg_name, 0, 0);
	if (IS_ERR(tfm))
		return PTR_ERR(tfm);

	ret = -ENOMEM;
	key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
		      GFP_KERNEL);
	if (!key)
		goto error_free_tfm;
	memcpy(key, pkey->key, pkey->keylen);
	ptr = key + pkey->keylen;
	ptr = pkey_pack_u32(ptr, pkey->algo);
	ptr = pkey_pack_u32(ptr, pkey->paramlen);
	memcpy(ptr, pkey->params, pkey->paramlen);

	if (pkey->key_is_private)
		ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen);
	else
		ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen);
	if (ret < 0)
		goto error_free_key;

	len = crypto_akcipher_maxsize(tfm);
	info->key_size = len * 8;
	info->max_data_size = len;
	info->max_sig_size = len;
	info->max_enc_size = len;
	info->max_dec_size = len;
	info->supported_ops = (KEYCTL_SUPPORTS_ENCRYPT |
			       KEYCTL_SUPPORTS_VERIFY);
	if (pkey->key_is_private)
		info->supported_ops |= (KEYCTL_SUPPORTS_DECRYPT |
					KEYCTL_SUPPORTS_SIGN);
	ret = 0;

error_free_key:
	kfree(key);
error_free_tfm:
	crypto_free_akcipher(tfm);
	pr_devel("<==%s() = %d\n", __func__, ret);
	return ret;
}

/*
 * Do encryption, decryption and signing ops.
 */
static int software_key_eds_op(struct kernel_pkey_params *params,
			       const void *in, void *out)
{
	const struct public_key *pkey = params->key->payload.data[asym_crypto];
	struct akcipher_request *req;
	struct crypto_akcipher *tfm;
	struct crypto_wait cwait;
	struct scatterlist in_sg, out_sg;
	char alg_name[CRYPTO_MAX_ALG_NAME];
	char *key, *ptr;
	int ret;

	pr_devel("==>%s()\n", __func__);

	ret = software_key_determine_akcipher(params->encoding,
					      params->hash_algo,
					      pkey, alg_name);
	if (ret < 0)
		return ret;

	tfm = crypto_alloc_akcipher(alg_name, 0, 0);
	if (IS_ERR(tfm))
		return PTR_ERR(tfm);

	ret = -ENOMEM;
	req = akcipher_request_alloc(tfm, GFP_KERNEL);
	if (!req)
		goto error_free_tfm;

	key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
		      GFP_KERNEL);
	if (!key)
		goto error_free_req;

	memcpy(key, pkey->key, pkey->keylen);
	ptr = key + pkey->keylen;
	ptr = pkey_pack_u32(ptr, pkey->algo);
	ptr = pkey_pack_u32(ptr, pkey->paramlen);
	memcpy(ptr, pkey->params, pkey->paramlen);

	if (pkey->key_is_private)
		ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen);
	else
		ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen);
	if (ret)
		goto error_free_key;

	sg_init_one(&in_sg, in, params->in_len);
	sg_init_one(&out_sg, out, params->out_len);
	akcipher_request_set_crypt(req, &in_sg, &out_sg, params->in_len,
				   params->out_len);
	crypto_init_wait(&cwait);
	akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
				      CRYPTO_TFM_REQ_MAY_SLEEP,
				      crypto_req_done, &cwait);

	/* Perform the encryption calculation. */
	switch (params->op) {
	case kernel_pkey_encrypt:
		ret = crypto_akcipher_encrypt(req);
		break;
	case kernel_pkey_decrypt:
		ret = crypto_akcipher_decrypt(req);
		break;
	case kernel_pkey_sign:
		ret = crypto_akcipher_sign(req);
		break;
	default:
		BUG();
	}

	ret = crypto_wait_req(ret, &cwait);
	if (ret == 0)
		ret = req->dst_len;

error_free_key:
	kfree(key);
error_free_req:
	akcipher_request_free(req);
error_free_tfm:
	crypto_free_akcipher(tfm);
	pr_devel("<==%s() = %d\n", __func__, ret);
	return ret;
}

#if IS_REACHABLE(CONFIG_CRYPTO_SM2)
static int cert_sig_digest_update(const struct public_key_signature *sig,
				  struct crypto_akcipher *tfm_pkey)
{
	struct crypto_shash *tfm;
	struct shash_desc *desc;
	size_t desc_size;
	unsigned char dgst[SM3_DIGEST_SIZE];
	int ret;

	BUG_ON(!sig->data);

	ret = sm2_compute_z_digest(tfm_pkey, SM2_DEFAULT_USERID,
					SM2_DEFAULT_USERID_LEN, dgst);
	if (ret)
		return ret;

	tfm = crypto_alloc_shash(sig->hash_algo, 0, 0);
	if (IS_ERR(tfm))
		return PTR_ERR(tfm);

	desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
	desc = kzalloc(desc_size, GFP_KERNEL);
	if (!desc) {
		ret = -ENOMEM;
		goto error_free_tfm;
	}

	desc->tfm = tfm;

	ret = crypto_shash_init(desc);
	if (ret < 0)
		goto error_free_desc;

	ret = crypto_shash_update(desc, dgst, SM3_DIGEST_SIZE);
	if (ret < 0)
		goto error_free_desc;

	ret = crypto_shash_finup(desc, sig->data, sig->data_size, sig->digest);

error_free_desc:
	kfree(desc);
error_free_tfm:
	crypto_free_shash(tfm);
	return ret;
}
#else
static inline int cert_sig_digest_update(
	const struct public_key_signature *sig,
	struct crypto_akcipher *tfm_pkey)
{
	return -ENOTSUPP;
}
#endif /* ! IS_REACHABLE(CONFIG_CRYPTO_SM2) */

/*
 * Verify a signature using a public key.
 */
int public_key_verify_signature(const struct public_key *pkey,
				const struct public_key_signature *sig)
{
	struct crypto_wait cwait;
	struct crypto_akcipher *tfm;
	struct akcipher_request *req;
	struct scatterlist src_sg[2];
	char alg_name[CRYPTO_MAX_ALG_NAME];
	char *key, *ptr;
	int ret;

	pr_devel("==>%s()\n", __func__);

	BUG_ON(!pkey);
	BUG_ON(!sig);
	BUG_ON(!sig->s);

	ret = software_key_determine_akcipher(sig->encoding,
					      sig->hash_algo,
					      pkey, alg_name);
	if (ret < 0)
		return ret;

	tfm = crypto_alloc_akcipher(alg_name, 0, 0);
	if (IS_ERR(tfm))
		return PTR_ERR(tfm);

	ret = -ENOMEM;
	req = akcipher_request_alloc(tfm, GFP_KERNEL);
	if (!req)
		goto error_free_tfm;

	key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
		      GFP_KERNEL);
	if (!key)
		goto error_free_req;

	memcpy(key, pkey->key, pkey->keylen);
	ptr = key + pkey->keylen;
	ptr = pkey_pack_u32(ptr, pkey->algo);
	ptr = pkey_pack_u32(ptr, pkey->paramlen);
	memcpy(ptr, pkey->params, pkey->paramlen);

	if (pkey->key_is_private)
		ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen);
	else
		ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen);
	if (ret)
		goto error_free_key;

	if (strcmp(sig->pkey_algo, "sm2") == 0 && sig->data_size) {
		ret = cert_sig_digest_update(sig, tfm);
		if (ret)
			goto error_free_key;
	}

	sg_init_table(src_sg, 2);
	sg_set_buf(&src_sg[0], sig->s, sig->s_size);
	sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
	akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size,
				   sig->digest_size);
	crypto_init_wait(&cwait);
	akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
				      CRYPTO_TFM_REQ_MAY_SLEEP,
				      crypto_req_done, &cwait);
	ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);

error_free_key:
	kfree(key);
error_free_req:
	akcipher_request_free(req);
error_free_tfm:
	crypto_free_akcipher(tfm);
	pr_devel("<==%s() = %d\n", __func__, ret);
	if (WARN_ON_ONCE(ret > 0))
		ret = -EINVAL;
	return ret;
}
EXPORT_SYMBOL_GPL(public_key_verify_signature);

static int public_key_verify_signature_2(const struct key *key,
					 const struct public_key_signature *sig)
{
	const struct public_key *pk = key->payload.data[asym_crypto];
	return public_key_verify_signature(pk, sig);
}

/*
 * Public key algorithm asymmetric key subtype
 */
struct asymmetric_key_subtype public_key_subtype = {
	.owner			= THIS_MODULE,
	.name			= "public_key",
	.name_len		= sizeof("public_key") - 1,
	.describe		= public_key_describe,
	.destroy		= public_key_destroy,
	.query			= software_key_query,
	.eds_op			= software_key_eds_op,
	.verify_signature	= public_key_verify_signature_2,
};
EXPORT_SYMBOL_GPL(public_key_subtype);
Commit	Line	Data
b4d0d230	1	// SPDX-License-Identifier: GPL-2.0-or-later
a9681bf3 DH	2	/* In-software asymmetric public-key crypto subtype
a9681bf3 DH	3	*
0efaaa86	4	* See Documentation/crypto/asymmetric-keys.rst
a9681bf3 DH	5	*
	6	* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
	7	* Written by David Howells (dhowells@redhat.com)
a9681bf3 DH	8	*/
	9
	10	#define pr_fmt(fmt) "PKEY: "fmt
	11	#include <linux/module.h>
	12	#include <linux/export.h>
	13	#include <linux/kernel.h>
	14	#include <linux/slab.h>
	15	#include <linux/seq_file.h>
d43de6c7	16	#include <linux/scatterlist.h>
a9681bf3	17	#include <keys/asymmetric-subtype.h>
db6c43bd	18	#include <crypto/public_key.h>
d43de6c7	19	#include <crypto/akcipher.h>
3093e7c1 HX	20	#include <crypto/sm2.h>
3093e7c1 HX	21	#include <crypto/sm3_base.h>
a9681bf3	22
1e684d38 DH	23	MODULE_DESCRIPTION("In-software asymmetric public-key subtype");
1e684d38 DH	24	MODULE_AUTHOR("Red Hat, Inc.");
a9681bf3 DH	25	MODULE_LICENSE("GPL");
a9681bf3 DH	26
a9681bf3 DH	27	/*
	28	* Provide a part of a description of the key for /proc/keys.
	29	*/
	30	static void public_key_describe(const struct key *asymmetric_key,
	31	struct seq_file *m)
	32	{
146aa8b1	33	struct public_key *key = asymmetric_key->payload.data[asym_crypto];
a9681bf3 DH	34
a9681bf3 DH	35	if (key)
4e8ae72a	36	seq_printf(m, "%s.%s", key->id_type, key->pkey_algo);
a9681bf3 DH	37	}
	38
	39	/*
	40	* Destroy a public key algorithm key.
	41	*/
3b764563	42	void public_key_free(struct public_key *key)
a9681bf3	43	{
3b764563	44	if (key) {
db6c43bd	45	kfree(key->key);
f1774cb8	46	kfree(key->params);
3b764563 DH	47	kfree(key);
	48	}
	49	}
	50	EXPORT_SYMBOL_GPL(public_key_free);
	51
	52	/*
	53	* Destroy a public key algorithm key.
	54	*/
	55	static void public_key_destroy(void payload0, void payload3)
	56	{
	57	public_key_free(payload0);
	58	public_key_signature_free(payload3);
a9681bf3	59	}
a9681bf3	60
82f94f24 DH	61	/*
	62	* Determine the crypto algorithm name.
	63	*/
	64	static
	65	int software_key_determine_akcipher(const char *encoding,
	66	const char *hash_algo,
	67	const struct public_key *pkey,
	68	char alg_name[CRYPTO_MAX_ALG_NAME])
	69	{
	70	int n;
	71
	72	if (strcmp(encoding, "pkcs1") == 0) {
	73	/* The data wangled by the RSA algorithm is typically padded
	74	* and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447
	75	* sec 8.2].
	76	*/
	77	if (!hash_algo)
	78	n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
	79	"pkcs1pad(%s)",
	80	pkey->pkey_algo);
	81	else
	82	n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
	83	"pkcs1pad(%s,%s)",
	84	pkey->pkey_algo, hash_algo);
	85	return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0;
	86	}
	87
	88	if (strcmp(encoding, "raw") == 0) {
	89	strcpy(alg_name, pkey->pkey_algo);
	90	return 0;
	91	}
	92
	93	return -ENOPKG;
	94	}
	95
f1774cb8 VC	96	static u8 pkey_pack_u32(u8 dst, u32 val)
	97	{
	98	memcpy(dst, &val, sizeof(val));
	99	return dst + sizeof(val);
	100	}
	101
82f94f24 DH	102	/*
	103	* Query information about a key.
	104	*/
	105	static int software_key_query(const struct kernel_pkey_params *params,
	106	struct kernel_pkey_query *info)
	107	{
	108	struct crypto_akcipher *tfm;
	109	struct public_key *pkey = params->key->payload.data[asym_crypto];
	110	char alg_name[CRYPTO_MAX_ALG_NAME];
f1774cb8	111	u8 key, ptr;
82f94f24 DH	112	int ret, len;
	113
	114	ret = software_key_determine_akcipher(params->encoding,
	115	params->hash_algo,
	116	pkey, alg_name);
	117	if (ret < 0)
	118	return ret;
	119
	120	tfm = crypto_alloc_akcipher(alg_name, 0, 0);
	121	if (IS_ERR(tfm))
	122	return PTR_ERR(tfm);
	123
6cbba1f9	124	ret = -ENOMEM;
f1774cb8 VC	125	key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
	126	GFP_KERNEL);
	127	if (!key)
	128	goto error_free_tfm;
	129	memcpy(key, pkey->key, pkey->keylen);
	130	ptr = key + pkey->keylen;
	131	ptr = pkey_pack_u32(ptr, pkey->algo);
	132	ptr = pkey_pack_u32(ptr, pkey->paramlen);
	133	memcpy(ptr, pkey->params, pkey->paramlen);
	134
f7c4e06e	135	if (pkey->key_is_private)
f1774cb8	136	ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen);
f7c4e06e	137	else
f1774cb8	138	ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen);
82f94f24	139	if (ret < 0)
f1774cb8	140	goto error_free_key;
82f94f24 DH	141
	142	len = crypto_akcipher_maxsize(tfm);
	143	info->key_size = len * 8;
	144	info->max_data_size = len;
	145	info->max_sig_size = len;
	146	info->max_enc_size = len;
	147	info->max_dec_size = len;
c08fed73 DH	148	info->supported_ops = (KEYCTL_SUPPORTS_ENCRYPT \|
	149	KEYCTL_SUPPORTS_VERIFY);
	150	if (pkey->key_is_private)
	151	info->supported_ops \|= (KEYCTL_SUPPORTS_DECRYPT \|
	152	KEYCTL_SUPPORTS_SIGN);
82f94f24 DH	153	ret = 0;
82f94f24 DH	154
f1774cb8 VC	155	error_free_key:
f1774cb8 VC	156	kfree(key);
82f94f24 DH	157	error_free_tfm:
	158	crypto_free_akcipher(tfm);
	159	pr_devel("<==%s() = %d\n", __func__, ret);
	160	return ret;
	161	}
	162
c08fed73 DH	163	/*
	164	* Do encryption, decryption and signing ops.
	165	*/
	166	static int software_key_eds_op(struct kernel_pkey_params *params,
	167	const void in, void out)
	168	{
	169	const struct public_key *pkey = params->key->payload.data[asym_crypto];
	170	struct akcipher_request *req;
	171	struct crypto_akcipher *tfm;
	172	struct crypto_wait cwait;
	173	struct scatterlist in_sg, out_sg;
	174	char alg_name[CRYPTO_MAX_ALG_NAME];
f1774cb8	175	char key, ptr;
c08fed73 DH	176	int ret;
	177
	178	pr_devel("==>%s()\n", __func__);
	179
	180	ret = software_key_determine_akcipher(params->encoding,
	181	params->hash_algo,
	182	pkey, alg_name);
	183	if (ret < 0)
	184	return ret;
	185
	186	tfm = crypto_alloc_akcipher(alg_name, 0, 0);
	187	if (IS_ERR(tfm))
	188	return PTR_ERR(tfm);
	189
bea37414	190	ret = -ENOMEM;
c08fed73 DH	191	req = akcipher_request_alloc(tfm, GFP_KERNEL);
	192	if (!req)
	193	goto error_free_tfm;
	194
f1774cb8 VC	195	key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
	196	GFP_KERNEL);
	197	if (!key)
	198	goto error_free_req;
	199
	200	memcpy(key, pkey->key, pkey->keylen);
	201	ptr = key + pkey->keylen;
	202	ptr = pkey_pack_u32(ptr, pkey->algo);
	203	ptr = pkey_pack_u32(ptr, pkey->paramlen);
	204	memcpy(ptr, pkey->params, pkey->paramlen);
	205
c08fed73	206	if (pkey->key_is_private)
f1774cb8	207	ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen);
c08fed73	208	else
f1774cb8	209	ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen);
c08fed73	210	if (ret)
f1774cb8	211	goto error_free_key;
c08fed73 DH	212
	213	sg_init_one(&in_sg, in, params->in_len);
	214	sg_init_one(&out_sg, out, params->out_len);
	215	akcipher_request_set_crypt(req, &in_sg, &out_sg, params->in_len,
	216	params->out_len);
	217	crypto_init_wait(&cwait);
	218	akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG \|
	219	CRYPTO_TFM_REQ_MAY_SLEEP,
	220	crypto_req_done, &cwait);
	221
	222	/* Perform the encryption calculation. */
	223	switch (params->op) {
	224	case kernel_pkey_encrypt:
	225	ret = crypto_akcipher_encrypt(req);
	226	break;
	227	case kernel_pkey_decrypt:
	228	ret = crypto_akcipher_decrypt(req);
	229	break;
	230	case kernel_pkey_sign:
	231	ret = crypto_akcipher_sign(req);
	232	break;
	233	default:
	234	BUG();
	235	}
	236
	237	ret = crypto_wait_req(ret, &cwait);
	238	if (ret == 0)
	239	ret = req->dst_len;
	240
f1774cb8 VC	241	error_free_key:
f1774cb8 VC	242	kfree(key);
c08fed73 DH	243	error_free_req:
	244	akcipher_request_free(req);
	245	error_free_tfm:
	246	crypto_free_akcipher(tfm);
	247	pr_devel("<==%s() = %d\n", __func__, ret);
	248	return ret;
	249	}
	250
3093e7c1 HX	251	#if IS_REACHABLE(CONFIG_CRYPTO_SM2)
	252	static int cert_sig_digest_update(const struct public_key_signature *sig,
	253	struct crypto_akcipher *tfm_pkey)
	254	{
	255	struct crypto_shash *tfm;
	256	struct shash_desc *desc;
	257	size_t desc_size;
	258	unsigned char dgst[SM3_DIGEST_SIZE];
	259	int ret;
	260
	261	BUG_ON(!sig->data);
	262
	263	ret = sm2_compute_z_digest(tfm_pkey, SM2_DEFAULT_USERID,
	264	SM2_DEFAULT_USERID_LEN, dgst);
	265	if (ret)
	266	return ret;
	267
	268	tfm = crypto_alloc_shash(sig->hash_algo, 0, 0);
	269	if (IS_ERR(tfm))
	270	return PTR_ERR(tfm);
	271
	272	desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
	273	desc = kzalloc(desc_size, GFP_KERNEL);
	274	if (!desc) {
	275	ret = -ENOMEM;
	276	goto error_free_tfm;
	277	}
	278
	279	desc->tfm = tfm;
	280
	281	ret = crypto_shash_init(desc);
	282	if (ret < 0)
	283	goto error_free_desc;
	284
	285	ret = crypto_shash_update(desc, dgst, SM3_DIGEST_SIZE);
	286	if (ret < 0)
	287	goto error_free_desc;
	288
	289	ret = crypto_shash_finup(desc, sig->data, sig->data_size, sig->digest);
	290
	291	error_free_desc:
	292	kfree(desc);
	293	error_free_tfm:
	294	crypto_free_shash(tfm);
	295	return ret;
	296	}
	297	#else
	298	static inline int cert_sig_digest_update(
	299	const struct public_key_signature *sig,
	300	struct crypto_akcipher *tfm_pkey)
	301	{
	302	return -ENOTSUPP;
	303	}
	304	#endif /* ! IS_REACHABLE(CONFIG_CRYPTO_SM2) */
	305
a9681bf3 DH	306	/*
	307	* Verify a signature using a public key.
	308	*/
db6c43bd	309	int public_key_verify_signature(const struct public_key *pkey,
3d167d68	310	const struct public_key_signature *sig)
a9681bf3	311	{
0ca2a04a	312	struct crypto_wait cwait;
d43de6c7 DH	313	struct crypto_akcipher *tfm;
d43de6c7 DH	314	struct akcipher_request *req;
c7381b01	315	struct scatterlist src_sg[2];
82f94f24	316	char alg_name[CRYPTO_MAX_ALG_NAME];
f1774cb8	317	char key, ptr;
72f9a07b	318	int ret;
d43de6c7 DH	319
	320	pr_devel("==>%s()\n", __func__);
	321
db6c43bd	322	BUG_ON(!pkey);
3d167d68	323	BUG_ON(!sig);
db6c43bd	324	BUG_ON(!sig->s);
a9681bf3	325
82f94f24 DH	326	ret = software_key_determine_akcipher(sig->encoding,
	327	sig->hash_algo,
	328	pkey, alg_name);
	329	if (ret < 0)
	330	return ret;
d43de6c7 DH	331
	332	tfm = crypto_alloc_akcipher(alg_name, 0, 0);
	333	if (IS_ERR(tfm))
	334	return PTR_ERR(tfm);
	335
72f9a07b	336	ret = -ENOMEM;
d43de6c7 DH	337	req = akcipher_request_alloc(tfm, GFP_KERNEL);
	338	if (!req)
	339	goto error_free_tfm;
	340
f1774cb8 VC	341	key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
	342	GFP_KERNEL);
	343	if (!key)
	344	goto error_free_req;
	345
	346	memcpy(key, pkey->key, pkey->keylen);
	347	ptr = key + pkey->keylen;
	348	ptr = pkey_pack_u32(ptr, pkey->algo);
	349	ptr = pkey_pack_u32(ptr, pkey->paramlen);
	350	memcpy(ptr, pkey->params, pkey->paramlen);
	351
f7c4e06e	352	if (pkey->key_is_private)
f1774cb8	353	ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen);
f7c4e06e	354	else
f1774cb8	355	ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen);
d43de6c7	356	if (ret)
f1774cb8	357	goto error_free_key;
d43de6c7	358
21552563 TZ	359	if (strcmp(sig->pkey_algo, "sm2") == 0 && sig->data_size) {
	360	ret = cert_sig_digest_update(sig, tfm);
	361	if (ret)
	362	goto error_free_key;
	363	}
	364
c7381b01 VC	365	sg_init_table(src_sg, 2);
c7381b01 VC	366	sg_set_buf(&src_sg[0], sig->s, sig->s_size);
83bc0299	367	sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
c7381b01 VC	368	akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size,
c7381b01 VC	369	sig->digest_size);
0ca2a04a	370	crypto_init_wait(&cwait);
d43de6c7 DH	371	akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG \|
d43de6c7 DH	372	CRYPTO_TFM_REQ_MAY_SLEEP,
0ca2a04a	373	crypto_req_done, &cwait);
0ca2a04a	374	ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
a9681bf3	375
f1774cb8 VC	376	error_free_key:
f1774cb8 VC	377	kfree(key);
d43de6c7 DH	378	error_free_req:
	379	akcipher_request_free(req);
	380	error_free_tfm:
	381	crypto_free_akcipher(tfm);
	382	pr_devel("<==%s() = %d\n", __func__, ret);
72f9a07b EB	383	if (WARN_ON_ONCE(ret > 0))
72f9a07b EB	384	ret = -EINVAL;
d43de6c7	385	return ret;
3d167d68 DH	386	}
	387	EXPORT_SYMBOL_GPL(public_key_verify_signature);
	388
	389	static int public_key_verify_signature_2(const struct key *key,
	390	const struct public_key_signature *sig)
	391	{
146aa8b1	392	const struct public_key *pk = key->payload.data[asym_crypto];
3d167d68	393	return public_key_verify_signature(pk, sig);
a9681bf3 DH	394	}
	395
	396	/*
	397	* Public key algorithm asymmetric key subtype
	398	*/
	399	struct asymmetric_key_subtype public_key_subtype = {
	400	.owner = THIS_MODULE,
	401	.name = "public_key",
876c6e3e	402	.name_len = sizeof("public_key") - 1,
a9681bf3 DH	403	.describe = public_key_describe,
a9681bf3 DH	404	.destroy = public_key_destroy,
82f94f24	405	.query = software_key_query,
c08fed73	406	.eds_op = software_key_eds_op,
3d167d68	407	.verify_signature = public_key_verify_signature_2,
a9681bf3 DH	408	};
a9681bf3 DH	409	EXPORT_SYMBOL_GPL(public_key_subtype);