Commit | Line | Data |
---|---|---|
a9681bf3 DH |
1 | /* In-software asymmetric public-key crypto subtype |
2 | * | |
3 | * See Documentation/crypto/asymmetric-keys.txt | |
4 | * | |
5 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. | |
6 | * Written by David Howells (dhowells@redhat.com) | |
7 | * | |
8 | * This program is free software; you can redistribute it and/or | |
9 | * modify it under the terms of the GNU General Public Licence | |
10 | * as published by the Free Software Foundation; either version | |
11 | * 2 of the Licence, or (at your option) any later version. | |
12 | */ | |
13 | ||
14 | #define pr_fmt(fmt) "PKEY: "fmt | |
15 | #include <linux/module.h> | |
16 | #include <linux/export.h> | |
17 | #include <linux/kernel.h> | |
18 | #include <linux/slab.h> | |
19 | #include <linux/seq_file.h> | |
d43de6c7 | 20 | #include <linux/scatterlist.h> |
a9681bf3 | 21 | #include <keys/asymmetric-subtype.h> |
db6c43bd | 22 | #include <crypto/public_key.h> |
d43de6c7 | 23 | #include <crypto/akcipher.h> |
a9681bf3 | 24 | |
1e684d38 DH |
25 | MODULE_DESCRIPTION("In-software asymmetric public-key subtype"); |
26 | MODULE_AUTHOR("Red Hat, Inc."); | |
a9681bf3 DH |
27 | MODULE_LICENSE("GPL"); |
28 | ||
a9681bf3 DH |
29 | /* |
30 | * Provide a part of a description of the key for /proc/keys. | |
31 | */ | |
32 | static void public_key_describe(const struct key *asymmetric_key, | |
33 | struct seq_file *m) | |
34 | { | |
146aa8b1 | 35 | struct public_key *key = asymmetric_key->payload.data[asym_crypto]; |
a9681bf3 DH |
36 | |
37 | if (key) | |
4e8ae72a | 38 | seq_printf(m, "%s.%s", key->id_type, key->pkey_algo); |
a9681bf3 DH |
39 | } |
40 | ||
41 | /* | |
42 | * Destroy a public key algorithm key. | |
43 | */ | |
3b764563 | 44 | void public_key_free(struct public_key *key) |
a9681bf3 | 45 | { |
3b764563 | 46 | if (key) { |
db6c43bd | 47 | kfree(key->key); |
3b764563 DH |
48 | kfree(key); |
49 | } | |
50 | } | |
51 | EXPORT_SYMBOL_GPL(public_key_free); | |
52 | ||
53 | /* | |
54 | * Destroy a public key algorithm key. | |
55 | */ | |
56 | static void public_key_destroy(void *payload0, void *payload3) | |
57 | { | |
58 | public_key_free(payload0); | |
59 | public_key_signature_free(payload3); | |
a9681bf3 | 60 | } |
a9681bf3 | 61 | |
82f94f24 DH |
62 | /* |
63 | * Determine the crypto algorithm name. | |
64 | */ | |
65 | static | |
66 | int software_key_determine_akcipher(const char *encoding, | |
67 | const char *hash_algo, | |
68 | const struct public_key *pkey, | |
69 | char alg_name[CRYPTO_MAX_ALG_NAME]) | |
70 | { | |
71 | int n; | |
72 | ||
73 | if (strcmp(encoding, "pkcs1") == 0) { | |
74 | /* The data wangled by the RSA algorithm is typically padded | |
75 | * and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447 | |
76 | * sec 8.2]. | |
77 | */ | |
78 | if (!hash_algo) | |
79 | n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME, | |
80 | "pkcs1pad(%s)", | |
81 | pkey->pkey_algo); | |
82 | else | |
83 | n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME, | |
84 | "pkcs1pad(%s,%s)", | |
85 | pkey->pkey_algo, hash_algo); | |
86 | return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0; | |
87 | } | |
88 | ||
89 | if (strcmp(encoding, "raw") == 0) { | |
90 | strcpy(alg_name, pkey->pkey_algo); | |
91 | return 0; | |
92 | } | |
93 | ||
94 | return -ENOPKG; | |
95 | } | |
96 | ||
97 | /* | |
98 | * Query information about a key. | |
99 | */ | |
100 | static int software_key_query(const struct kernel_pkey_params *params, | |
101 | struct kernel_pkey_query *info) | |
102 | { | |
103 | struct crypto_akcipher *tfm; | |
104 | struct public_key *pkey = params->key->payload.data[asym_crypto]; | |
105 | char alg_name[CRYPTO_MAX_ALG_NAME]; | |
106 | int ret, len; | |
107 | ||
108 | ret = software_key_determine_akcipher(params->encoding, | |
109 | params->hash_algo, | |
110 | pkey, alg_name); | |
111 | if (ret < 0) | |
112 | return ret; | |
113 | ||
114 | tfm = crypto_alloc_akcipher(alg_name, 0, 0); | |
115 | if (IS_ERR(tfm)) | |
116 | return PTR_ERR(tfm); | |
117 | ||
f7c4e06e DH |
118 | if (pkey->key_is_private) |
119 | ret = crypto_akcipher_set_priv_key(tfm, | |
120 | pkey->key, pkey->keylen); | |
121 | else | |
122 | ret = crypto_akcipher_set_pub_key(tfm, | |
123 | pkey->key, pkey->keylen); | |
82f94f24 DH |
124 | if (ret < 0) |
125 | goto error_free_tfm; | |
126 | ||
127 | len = crypto_akcipher_maxsize(tfm); | |
128 | info->key_size = len * 8; | |
129 | info->max_data_size = len; | |
130 | info->max_sig_size = len; | |
131 | info->max_enc_size = len; | |
132 | info->max_dec_size = len; | |
c08fed73 DH |
133 | info->supported_ops = (KEYCTL_SUPPORTS_ENCRYPT | |
134 | KEYCTL_SUPPORTS_VERIFY); | |
135 | if (pkey->key_is_private) | |
136 | info->supported_ops |= (KEYCTL_SUPPORTS_DECRYPT | | |
137 | KEYCTL_SUPPORTS_SIGN); | |
82f94f24 DH |
138 | ret = 0; |
139 | ||
140 | error_free_tfm: | |
141 | crypto_free_akcipher(tfm); | |
142 | pr_devel("<==%s() = %d\n", __func__, ret); | |
143 | return ret; | |
144 | } | |
145 | ||
c08fed73 DH |
146 | /* |
147 | * Do encryption, decryption and signing ops. | |
148 | */ | |
149 | static int software_key_eds_op(struct kernel_pkey_params *params, | |
150 | const void *in, void *out) | |
151 | { | |
152 | const struct public_key *pkey = params->key->payload.data[asym_crypto]; | |
153 | struct akcipher_request *req; | |
154 | struct crypto_akcipher *tfm; | |
155 | struct crypto_wait cwait; | |
156 | struct scatterlist in_sg, out_sg; | |
157 | char alg_name[CRYPTO_MAX_ALG_NAME]; | |
158 | int ret; | |
159 | ||
160 | pr_devel("==>%s()\n", __func__); | |
161 | ||
162 | ret = software_key_determine_akcipher(params->encoding, | |
163 | params->hash_algo, | |
164 | pkey, alg_name); | |
165 | if (ret < 0) | |
166 | return ret; | |
167 | ||
168 | tfm = crypto_alloc_akcipher(alg_name, 0, 0); | |
169 | if (IS_ERR(tfm)) | |
170 | return PTR_ERR(tfm); | |
171 | ||
172 | req = akcipher_request_alloc(tfm, GFP_KERNEL); | |
173 | if (!req) | |
174 | goto error_free_tfm; | |
175 | ||
176 | if (pkey->key_is_private) | |
177 | ret = crypto_akcipher_set_priv_key(tfm, | |
178 | pkey->key, pkey->keylen); | |
179 | else | |
180 | ret = crypto_akcipher_set_pub_key(tfm, | |
181 | pkey->key, pkey->keylen); | |
182 | if (ret) | |
183 | goto error_free_req; | |
184 | ||
185 | sg_init_one(&in_sg, in, params->in_len); | |
186 | sg_init_one(&out_sg, out, params->out_len); | |
187 | akcipher_request_set_crypt(req, &in_sg, &out_sg, params->in_len, | |
188 | params->out_len); | |
189 | crypto_init_wait(&cwait); | |
190 | akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG | | |
191 | CRYPTO_TFM_REQ_MAY_SLEEP, | |
192 | crypto_req_done, &cwait); | |
193 | ||
194 | /* Perform the encryption calculation. */ | |
195 | switch (params->op) { | |
196 | case kernel_pkey_encrypt: | |
197 | ret = crypto_akcipher_encrypt(req); | |
198 | break; | |
199 | case kernel_pkey_decrypt: | |
200 | ret = crypto_akcipher_decrypt(req); | |
201 | break; | |
202 | case kernel_pkey_sign: | |
203 | ret = crypto_akcipher_sign(req); | |
204 | break; | |
205 | default: | |
206 | BUG(); | |
207 | } | |
208 | ||
209 | ret = crypto_wait_req(ret, &cwait); | |
210 | if (ret == 0) | |
211 | ret = req->dst_len; | |
212 | ||
213 | error_free_req: | |
214 | akcipher_request_free(req); | |
215 | error_free_tfm: | |
216 | crypto_free_akcipher(tfm); | |
217 | pr_devel("<==%s() = %d\n", __func__, ret); | |
218 | return ret; | |
219 | } | |
220 | ||
a9681bf3 DH |
221 | /* |
222 | * Verify a signature using a public key. | |
223 | */ | |
db6c43bd | 224 | int public_key_verify_signature(const struct public_key *pkey, |
3d167d68 | 225 | const struct public_key_signature *sig) |
a9681bf3 | 226 | { |
0ca2a04a | 227 | struct crypto_wait cwait; |
d43de6c7 DH |
228 | struct crypto_akcipher *tfm; |
229 | struct akcipher_request *req; | |
230 | struct scatterlist sig_sg, digest_sg; | |
82f94f24 | 231 | char alg_name[CRYPTO_MAX_ALG_NAME]; |
d43de6c7 DH |
232 | void *output; |
233 | unsigned int outlen; | |
72f9a07b | 234 | int ret; |
d43de6c7 DH |
235 | |
236 | pr_devel("==>%s()\n", __func__); | |
237 | ||
db6c43bd | 238 | BUG_ON(!pkey); |
3d167d68 | 239 | BUG_ON(!sig); |
db6c43bd | 240 | BUG_ON(!sig->s); |
a9681bf3 | 241 | |
82f94f24 DH |
242 | ret = software_key_determine_akcipher(sig->encoding, |
243 | sig->hash_algo, | |
244 | pkey, alg_name); | |
245 | if (ret < 0) | |
246 | return ret; | |
d43de6c7 DH |
247 | |
248 | tfm = crypto_alloc_akcipher(alg_name, 0, 0); | |
249 | if (IS_ERR(tfm)) | |
250 | return PTR_ERR(tfm); | |
251 | ||
72f9a07b | 252 | ret = -ENOMEM; |
d43de6c7 DH |
253 | req = akcipher_request_alloc(tfm, GFP_KERNEL); |
254 | if (!req) | |
255 | goto error_free_tfm; | |
256 | ||
f7c4e06e DH |
257 | if (pkey->key_is_private) |
258 | ret = crypto_akcipher_set_priv_key(tfm, | |
259 | pkey->key, pkey->keylen); | |
260 | else | |
261 | ret = crypto_akcipher_set_pub_key(tfm, | |
262 | pkey->key, pkey->keylen); | |
d43de6c7 DH |
263 | if (ret) |
264 | goto error_free_req; | |
265 | ||
fbb72630 | 266 | ret = -ENOMEM; |
d43de6c7 DH |
267 | outlen = crypto_akcipher_maxsize(tfm); |
268 | output = kmalloc(outlen, GFP_KERNEL); | |
269 | if (!output) | |
270 | goto error_free_req; | |
271 | ||
272 | sg_init_one(&sig_sg, sig->s, sig->s_size); | |
273 | sg_init_one(&digest_sg, output, outlen); | |
274 | akcipher_request_set_crypt(req, &sig_sg, &digest_sg, sig->s_size, | |
275 | outlen); | |
0ca2a04a | 276 | crypto_init_wait(&cwait); |
d43de6c7 DH |
277 | akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG | |
278 | CRYPTO_TFM_REQ_MAY_SLEEP, | |
0ca2a04a | 279 | crypto_req_done, &cwait); |
d43de6c7 DH |
280 | |
281 | /* Perform the verification calculation. This doesn't actually do the | |
282 | * verification, but rather calculates the hash expected by the | |
283 | * signature and returns that to us. | |
284 | */ | |
0ca2a04a | 285 | ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait); |
72f9a07b | 286 | if (ret) |
d43de6c7 | 287 | goto out_free_output; |
a9681bf3 | 288 | |
d43de6c7 DH |
289 | /* Do the actual verification step. */ |
290 | if (req->dst_len != sig->digest_size || | |
291 | memcmp(sig->digest, output, sig->digest_size) != 0) | |
292 | ret = -EKEYREJECTED; | |
a9681bf3 | 293 | |
d43de6c7 DH |
294 | out_free_output: |
295 | kfree(output); | |
296 | error_free_req: | |
297 | akcipher_request_free(req); | |
298 | error_free_tfm: | |
299 | crypto_free_akcipher(tfm); | |
300 | pr_devel("<==%s() = %d\n", __func__, ret); | |
72f9a07b EB |
301 | if (WARN_ON_ONCE(ret > 0)) |
302 | ret = -EINVAL; | |
d43de6c7 | 303 | return ret; |
3d167d68 DH |
304 | } |
305 | EXPORT_SYMBOL_GPL(public_key_verify_signature); | |
306 | ||
307 | static int public_key_verify_signature_2(const struct key *key, | |
308 | const struct public_key_signature *sig) | |
309 | { | |
146aa8b1 | 310 | const struct public_key *pk = key->payload.data[asym_crypto]; |
3d167d68 | 311 | return public_key_verify_signature(pk, sig); |
a9681bf3 DH |
312 | } |
313 | ||
314 | /* | |
315 | * Public key algorithm asymmetric key subtype | |
316 | */ | |
317 | struct asymmetric_key_subtype public_key_subtype = { | |
318 | .owner = THIS_MODULE, | |
319 | .name = "public_key", | |
876c6e3e | 320 | .name_len = sizeof("public_key") - 1, |
a9681bf3 DH |
321 | .describe = public_key_describe, |
322 | .destroy = public_key_destroy, | |
82f94f24 | 323 | .query = software_key_query, |
c08fed73 | 324 | .eds_op = software_key_eds_op, |
3d167d68 | 325 | .verify_signature = public_key_verify_signature_2, |
a9681bf3 DH |
326 | }; |
327 | EXPORT_SYMBOL_GPL(public_key_subtype); |