[linux-2.6-block.git] / crypto / asymmetric_keys / public_key.c

/* In-software asymmetric public-key crypto subtype
 *
 * See Documentation/crypto/asymmetric-keys.txt
 *
 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
 * Written by David Howells (dhowells@redhat.com)
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public Licence
 * as published by the Free Software Foundation; either version
 * 2 of the Licence, or (at your option) any later version.
 */

#define pr_fmt(fmt) "PKEY: "fmt
#include <linux/module.h>
#include <linux/export.h>
#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/seq_file.h>
#include <linux/scatterlist.h>
#include <keys/asymmetric-subtype.h>
#include <crypto/public_key.h>
#include <crypto/akcipher.h>

MODULE_DESCRIPTION("In-software asymmetric public-key subtype");
MODULE_AUTHOR("Red Hat, Inc.");
MODULE_LICENSE("GPL");

/*
 * Provide a part of a description of the key for /proc/keys.
 */
static void public_key_describe(const struct key *asymmetric_key,
				struct seq_file *m)
{
	struct public_key *key = asymmetric_key->payload.data[asym_crypto];

	if (key)
		seq_printf(m, "%s.%s", key->id_type, key->pkey_algo);
}

/*
 * Destroy a public key algorithm key.
 */
void public_key_free(struct public_key *key)
{
	if (key) {
		kfree(key->key);
		kfree(key);
	}
}
EXPORT_SYMBOL_GPL(public_key_free);

/*
 * Destroy a public key algorithm key.
 */
static void public_key_destroy(void *payload0, void *payload3)
{
	public_key_free(payload0);
	public_key_signature_free(payload3);
}

/*
 * Determine the crypto algorithm name.
 */
static
int software_key_determine_akcipher(const char *encoding,
				    const char *hash_algo,
				    const struct public_key *pkey,
				    char alg_name[CRYPTO_MAX_ALG_NAME])
{
	int n;

	if (strcmp(encoding, "pkcs1") == 0) {
		/* The data wangled by the RSA algorithm is typically padded
		 * and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447
		 * sec 8.2].
		 */
		if (!hash_algo)
			n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
				     "pkcs1pad(%s)",
				     pkey->pkey_algo);
		else
			n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
				     "pkcs1pad(%s,%s)",
				     pkey->pkey_algo, hash_algo);
		return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0;
	}

	if (strcmp(encoding, "raw") == 0) {
		strcpy(alg_name, pkey->pkey_algo);
		return 0;
	}

	return -ENOPKG;
}

/*
 * Query information about a key.
 */
static int software_key_query(const struct kernel_pkey_params *params,
			      struct kernel_pkey_query *info)
{
	struct crypto_akcipher *tfm;
	struct public_key *pkey = params->key->payload.data[asym_crypto];
	char alg_name[CRYPTO_MAX_ALG_NAME];
	int ret, len;

	ret = software_key_determine_akcipher(params->encoding,
					      params->hash_algo,
					      pkey, alg_name);
	if (ret < 0)
		return ret;

	tfm = crypto_alloc_akcipher(alg_name, 0, 0);
	if (IS_ERR(tfm))
		return PTR_ERR(tfm);

	if (pkey->key_is_private)
		ret = crypto_akcipher_set_priv_key(tfm,
						   pkey->key, pkey->keylen);
	else
		ret = crypto_akcipher_set_pub_key(tfm,
						  pkey->key, pkey->keylen);
	if (ret < 0)
		goto error_free_tfm;

	len = crypto_akcipher_maxsize(tfm);
	info->key_size = len * 8;
	info->max_data_size = len;
	info->max_sig_size = len;
	info->max_enc_size = len;
	info->max_dec_size = len;
	info->supported_ops = (KEYCTL_SUPPORTS_ENCRYPT |
			       KEYCTL_SUPPORTS_VERIFY);
	if (pkey->key_is_private)
		info->supported_ops |= (KEYCTL_SUPPORTS_DECRYPT |
					KEYCTL_SUPPORTS_SIGN);
	ret = 0;

error_free_tfm:
	crypto_free_akcipher(tfm);
	pr_devel("<==%s() = %d\n", __func__, ret);
	return ret;
}

/*
 * Do encryption, decryption and signing ops.
 */
static int software_key_eds_op(struct kernel_pkey_params *params,
			       const void *in, void *out)
{
	const struct public_key *pkey = params->key->payload.data[asym_crypto];
	struct akcipher_request *req;
	struct crypto_akcipher *tfm;
	struct crypto_wait cwait;
	struct scatterlist in_sg, out_sg;
	char alg_name[CRYPTO_MAX_ALG_NAME];
	int ret;

	pr_devel("==>%s()\n", __func__);

	ret = software_key_determine_akcipher(params->encoding,
					      params->hash_algo,
					      pkey, alg_name);
	if (ret < 0)
		return ret;

	tfm = crypto_alloc_akcipher(alg_name, 0, 0);
	if (IS_ERR(tfm))
		return PTR_ERR(tfm);

	req = akcipher_request_alloc(tfm, GFP_KERNEL);
	if (!req)
		goto error_free_tfm;

	if (pkey->key_is_private)
		ret = crypto_akcipher_set_priv_key(tfm,
						   pkey->key, pkey->keylen);
	else
		ret = crypto_akcipher_set_pub_key(tfm,
						  pkey->key, pkey->keylen);
	if (ret)
		goto error_free_req;

	sg_init_one(&in_sg, in, params->in_len);
	sg_init_one(&out_sg, out, params->out_len);
	akcipher_request_set_crypt(req, &in_sg, &out_sg, params->in_len,
				   params->out_len);
	crypto_init_wait(&cwait);
	akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
				      CRYPTO_TFM_REQ_MAY_SLEEP,
				      crypto_req_done, &cwait);

	/* Perform the encryption calculation. */
	switch (params->op) {
	case kernel_pkey_encrypt:
		ret = crypto_akcipher_encrypt(req);
		break;
	case kernel_pkey_decrypt:
		ret = crypto_akcipher_decrypt(req);
		break;
	case kernel_pkey_sign:
		ret = crypto_akcipher_sign(req);
		break;
	default:
		BUG();
	}

	ret = crypto_wait_req(ret, &cwait);
	if (ret == 0)
		ret = req->dst_len;

error_free_req:
	akcipher_request_free(req);
error_free_tfm:
	crypto_free_akcipher(tfm);
	pr_devel("<==%s() = %d\n", __func__, ret);
	return ret;
}

/*
 * Verify a signature using a public key.
 */
int public_key_verify_signature(const struct public_key *pkey,
				const struct public_key_signature *sig)
{
	struct crypto_wait cwait;
	struct crypto_akcipher *tfm;
	struct akcipher_request *req;
	struct scatterlist sig_sg, digest_sg;
	char alg_name[CRYPTO_MAX_ALG_NAME];
	void *output;
	unsigned int outlen;
	int ret;

	pr_devel("==>%s()\n", __func__);

	BUG_ON(!pkey);
	BUG_ON(!sig);
	BUG_ON(!sig->s);

	ret = software_key_determine_akcipher(sig->encoding,
					      sig->hash_algo,
					      pkey, alg_name);
	if (ret < 0)
		return ret;

	tfm = crypto_alloc_akcipher(alg_name, 0, 0);
	if (IS_ERR(tfm))
		return PTR_ERR(tfm);

	ret = -ENOMEM;
	req = akcipher_request_alloc(tfm, GFP_KERNEL);
	if (!req)
		goto error_free_tfm;

	if (pkey->key_is_private)
		ret = crypto_akcipher_set_priv_key(tfm,
						   pkey->key, pkey->keylen);
	else
		ret = crypto_akcipher_set_pub_key(tfm,
						  pkey->key, pkey->keylen);
	if (ret)
		goto error_free_req;

	ret = -ENOMEM;
	outlen = crypto_akcipher_maxsize(tfm);
	output = kmalloc(outlen, GFP_KERNEL);
	if (!output)
		goto error_free_req;

	sg_init_one(&sig_sg, sig->s, sig->s_size);
	sg_init_one(&digest_sg, output, outlen);
	akcipher_request_set_crypt(req, &sig_sg, &digest_sg, sig->s_size,
				   outlen);
	crypto_init_wait(&cwait);
	akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
				      CRYPTO_TFM_REQ_MAY_SLEEP,
				      crypto_req_done, &cwait);

	/* Perform the verification calculation.  This doesn't actually do the
	 * verification, but rather calculates the hash expected by the
	 * signature and returns that to us.
	 */
	ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
	if (ret)
		goto out_free_output;

	/* Do the actual verification step. */
	if (req->dst_len != sig->digest_size ||
	    memcmp(sig->digest, output, sig->digest_size) != 0)
		ret = -EKEYREJECTED;

out_free_output:
	kfree(output);
error_free_req:
	akcipher_request_free(req);
error_free_tfm:
	crypto_free_akcipher(tfm);
	pr_devel("<==%s() = %d\n", __func__, ret);
	if (WARN_ON_ONCE(ret > 0))
		ret = -EINVAL;
	return ret;
}
EXPORT_SYMBOL_GPL(public_key_verify_signature);

static int public_key_verify_signature_2(const struct key *key,
					 const struct public_key_signature *sig)
{
	const struct public_key *pk = key->payload.data[asym_crypto];
	return public_key_verify_signature(pk, sig);
}

/*
 * Public key algorithm asymmetric key subtype
 */
struct asymmetric_key_subtype public_key_subtype = {
	.owner			= THIS_MODULE,
	.name			= "public_key",
	.name_len		= sizeof("public_key") - 1,
	.describe		= public_key_describe,
	.destroy		= public_key_destroy,
	.query			= software_key_query,
	.eds_op			= software_key_eds_op,
	.verify_signature	= public_key_verify_signature_2,
};
EXPORT_SYMBOL_GPL(public_key_subtype);
Commit	Line	Data
a9681bf3 DH	1	/* In-software asymmetric public-key crypto subtype
	2	*
	3	* See Documentation/crypto/asymmetric-keys.txt
	4	*
	5	* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
	6	* Written by David Howells (dhowells@redhat.com)
	7	*
	8	* This program is free software; you can redistribute it and/or
	9	* modify it under the terms of the GNU General Public Licence
	10	* as published by the Free Software Foundation; either version
	11	* 2 of the Licence, or (at your option) any later version.
	12	*/
	13
	14	#define pr_fmt(fmt) "PKEY: "fmt
	15	#include <linux/module.h>
	16	#include <linux/export.h>
	17	#include <linux/kernel.h>
	18	#include <linux/slab.h>
	19	#include <linux/seq_file.h>
d43de6c7	20	#include <linux/scatterlist.h>
a9681bf3	21	#include <keys/asymmetric-subtype.h>
db6c43bd	22	#include <crypto/public_key.h>
d43de6c7	23	#include <crypto/akcipher.h>
a9681bf3	24
1e684d38 DH	25	MODULE_DESCRIPTION("In-software asymmetric public-key subtype");
1e684d38 DH	26	MODULE_AUTHOR("Red Hat, Inc.");
a9681bf3 DH	27	MODULE_LICENSE("GPL");
a9681bf3 DH	28
a9681bf3 DH	29	/*
	30	* Provide a part of a description of the key for /proc/keys.
	31	*/
	32	static void public_key_describe(const struct key *asymmetric_key,
	33	struct seq_file *m)
	34	{
146aa8b1	35	struct public_key *key = asymmetric_key->payload.data[asym_crypto];
a9681bf3 DH	36
a9681bf3 DH	37	if (key)
4e8ae72a	38	seq_printf(m, "%s.%s", key->id_type, key->pkey_algo);
a9681bf3 DH	39	}
	40
	41	/*
	42	* Destroy a public key algorithm key.
	43	*/
3b764563	44	void public_key_free(struct public_key *key)
a9681bf3	45	{
3b764563	46	if (key) {
db6c43bd	47	kfree(key->key);
3b764563 DH	48	kfree(key);
	49	}
	50	}
	51	EXPORT_SYMBOL_GPL(public_key_free);
	52
	53	/*
	54	* Destroy a public key algorithm key.
	55	*/
	56	static void public_key_destroy(void payload0, void payload3)
	57	{
	58	public_key_free(payload0);
	59	public_key_signature_free(payload3);
a9681bf3	60	}
a9681bf3	61
82f94f24 DH	62	/*
	63	* Determine the crypto algorithm name.
	64	*/
	65	static
	66	int software_key_determine_akcipher(const char *encoding,
	67	const char *hash_algo,
	68	const struct public_key *pkey,
	69	char alg_name[CRYPTO_MAX_ALG_NAME])
	70	{
	71	int n;
	72
	73	if (strcmp(encoding, "pkcs1") == 0) {
	74	/* The data wangled by the RSA algorithm is typically padded
	75	* and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447
	76	* sec 8.2].
	77	*/
	78	if (!hash_algo)
	79	n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
	80	"pkcs1pad(%s)",
	81	pkey->pkey_algo);
	82	else
	83	n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
	84	"pkcs1pad(%s,%s)",
	85	pkey->pkey_algo, hash_algo);
	86	return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0;
	87	}
	88
	89	if (strcmp(encoding, "raw") == 0) {
	90	strcpy(alg_name, pkey->pkey_algo);
	91	return 0;
	92	}
	93
	94	return -ENOPKG;
	95	}
	96
	97	/*
	98	* Query information about a key.
	99	*/
	100	static int software_key_query(const struct kernel_pkey_params *params,
	101	struct kernel_pkey_query *info)
	102	{
	103	struct crypto_akcipher *tfm;
	104	struct public_key *pkey = params->key->payload.data[asym_crypto];
	105	char alg_name[CRYPTO_MAX_ALG_NAME];
	106	int ret, len;
	107
	108	ret = software_key_determine_akcipher(params->encoding,
	109	params->hash_algo,
	110	pkey, alg_name);
	111	if (ret < 0)
	112	return ret;
	113
	114	tfm = crypto_alloc_akcipher(alg_name, 0, 0);
	115	if (IS_ERR(tfm))
	116	return PTR_ERR(tfm);
	117
f7c4e06e DH	118	if (pkey->key_is_private)
	119	ret = crypto_akcipher_set_priv_key(tfm,
	120	pkey->key, pkey->keylen);
	121	else
	122	ret = crypto_akcipher_set_pub_key(tfm,
	123	pkey->key, pkey->keylen);
82f94f24 DH	124	if (ret < 0)
	125	goto error_free_tfm;
	126
	127	len = crypto_akcipher_maxsize(tfm);
	128	info->key_size = len * 8;
	129	info->max_data_size = len;
	130	info->max_sig_size = len;
	131	info->max_enc_size = len;
	132	info->max_dec_size = len;
c08fed73 DH	133	info->supported_ops = (KEYCTL_SUPPORTS_ENCRYPT \|
	134	KEYCTL_SUPPORTS_VERIFY);
	135	if (pkey->key_is_private)
	136	info->supported_ops \|= (KEYCTL_SUPPORTS_DECRYPT \|
	137	KEYCTL_SUPPORTS_SIGN);
82f94f24 DH	138	ret = 0;
	139
	140	error_free_tfm:
	141	crypto_free_akcipher(tfm);
	142	pr_devel("<==%s() = %d\n", __func__, ret);
	143	return ret;
	144	}
	145
c08fed73 DH	146	/*
	147	* Do encryption, decryption and signing ops.
	148	*/
	149	static int software_key_eds_op(struct kernel_pkey_params *params,
	150	const void in, void out)
	151	{
	152	const struct public_key *pkey = params->key->payload.data[asym_crypto];
	153	struct akcipher_request *req;
	154	struct crypto_akcipher *tfm;
	155	struct crypto_wait cwait;
	156	struct scatterlist in_sg, out_sg;
	157	char alg_name[CRYPTO_MAX_ALG_NAME];
	158	int ret;
	159
	160	pr_devel("==>%s()\n", __func__);
	161
	162	ret = software_key_determine_akcipher(params->encoding,
	163	params->hash_algo,
	164	pkey, alg_name);
	165	if (ret < 0)
	166	return ret;
	167
	168	tfm = crypto_alloc_akcipher(alg_name, 0, 0);
	169	if (IS_ERR(tfm))
	170	return PTR_ERR(tfm);
	171
	172	req = akcipher_request_alloc(tfm, GFP_KERNEL);
	173	if (!req)
	174	goto error_free_tfm;
	175
	176	if (pkey->key_is_private)
	177	ret = crypto_akcipher_set_priv_key(tfm,
	178	pkey->key, pkey->keylen);
	179	else
	180	ret = crypto_akcipher_set_pub_key(tfm,
	181	pkey->key, pkey->keylen);
	182	if (ret)
	183	goto error_free_req;
	184
	185	sg_init_one(&in_sg, in, params->in_len);
	186	sg_init_one(&out_sg, out, params->out_len);
	187	akcipher_request_set_crypt(req, &in_sg, &out_sg, params->in_len,
	188	params->out_len);
	189	crypto_init_wait(&cwait);
	190	akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG \|
	191	CRYPTO_TFM_REQ_MAY_SLEEP,
	192	crypto_req_done, &cwait);
	193
	194	/* Perform the encryption calculation. */
	195	switch (params->op) {
	196	case kernel_pkey_encrypt:
	197	ret = crypto_akcipher_encrypt(req);
	198	break;
	199	case kernel_pkey_decrypt:
	200	ret = crypto_akcipher_decrypt(req);
	201	break;
	202	case kernel_pkey_sign:
	203	ret = crypto_akcipher_sign(req);
	204	break;
	205	default:
	206	BUG();
	207	}
	208
	209	ret = crypto_wait_req(ret, &cwait);
210	if (ret == 0)
211	ret = req->dst_len;
212
213	error_free_req:
214	akcipher_request_free(req);
215	error_free_tfm:
216	crypto_free_akcipher(tfm);
217	pr_devel("<==%s() = %d\n", __func__, ret);
218	return ret;
219	}
220
a9681bf3 DH	221	/*
	222	* Verify a signature using a public key.
	223	*/
db6c43bd	224	int public_key_verify_signature(const struct public_key *pkey,
3d167d68	225	const struct public_key_signature *sig)
a9681bf3	226	{
0ca2a04a	227	struct crypto_wait cwait;
d43de6c7 DH	228	struct crypto_akcipher *tfm;
	229	struct akcipher_request *req;
	230	struct scatterlist sig_sg, digest_sg;
82f94f24	231	char alg_name[CRYPTO_MAX_ALG_NAME];
d43de6c7 DH	232	void *output;
d43de6c7 DH	233	unsigned int outlen;
72f9a07b	234	int ret;
d43de6c7 DH	235
	236	pr_devel("==>%s()\n", __func__);
	237
db6c43bd	238	BUG_ON(!pkey);
3d167d68	239	BUG_ON(!sig);
db6c43bd	240	BUG_ON(!sig->s);
a9681bf3	241
82f94f24 DH	242	ret = software_key_determine_akcipher(sig->encoding,
	243	sig->hash_algo,
	244	pkey, alg_name);
	245	if (ret < 0)
	246	return ret;
d43de6c7 DH	247
	248	tfm = crypto_alloc_akcipher(alg_name, 0, 0);
	249	if (IS_ERR(tfm))
	250	return PTR_ERR(tfm);
	251
72f9a07b	252	ret = -ENOMEM;
d43de6c7 DH	253	req = akcipher_request_alloc(tfm, GFP_KERNEL);
	254	if (!req)
	255	goto error_free_tfm;
	256
f7c4e06e DH	257	if (pkey->key_is_private)
	258	ret = crypto_akcipher_set_priv_key(tfm,
	259	pkey->key, pkey->keylen);
	260	else
	261	ret = crypto_akcipher_set_pub_key(tfm,
	262	pkey->key, pkey->keylen);
d43de6c7 DH	263	if (ret)
	264	goto error_free_req;
	265
fbb72630	266	ret = -ENOMEM;
d43de6c7 DH	267	outlen = crypto_akcipher_maxsize(tfm);
	268	output = kmalloc(outlen, GFP_KERNEL);
	269	if (!output)
	270	goto error_free_req;
	271
	272	sg_init_one(&sig_sg, sig->s, sig->s_size);
	273	sg_init_one(&digest_sg, output, outlen);
	274	akcipher_request_set_crypt(req, &sig_sg, &digest_sg, sig->s_size,
	275	outlen);
0ca2a04a	276	crypto_init_wait(&cwait);
d43de6c7 DH	277	akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG \|
d43de6c7 DH	278	CRYPTO_TFM_REQ_MAY_SLEEP,
0ca2a04a	279	crypto_req_done, &cwait);
d43de6c7 DH	280
	281	/* Perform the verification calculation. This doesn't actually do the
	282	* verification, but rather calculates the hash expected by the
	283	* signature and returns that to us.
	284	*/
0ca2a04a	285	ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
72f9a07b	286	if (ret)
d43de6c7	287	goto out_free_output;
a9681bf3	288
d43de6c7 DH	289	/* Do the actual verification step. */
	290	if (req->dst_len != sig->digest_size \|\|
	291	memcmp(sig->digest, output, sig->digest_size) != 0)
	292	ret = -EKEYREJECTED;
a9681bf3	293
d43de6c7 DH	294	out_free_output:
	295	kfree(output);
	296	error_free_req:
	297	akcipher_request_free(req);
	298	error_free_tfm:
	299	crypto_free_akcipher(tfm);
	300	pr_devel("<==%s() = %d\n", __func__, ret);
72f9a07b EB	301	if (WARN_ON_ONCE(ret > 0))
72f9a07b EB	302	ret = -EINVAL;
d43de6c7	303	return ret;
3d167d68 DH	304	}
	305	EXPORT_SYMBOL_GPL(public_key_verify_signature);
	306
	307	static int public_key_verify_signature_2(const struct key *key,
	308	const struct public_key_signature *sig)
	309	{
146aa8b1	310	const struct public_key *pk = key->payload.data[asym_crypto];
3d167d68	311	return public_key_verify_signature(pk, sig);
a9681bf3 DH	312	}
	313
	314	/*
	315	* Public key algorithm asymmetric key subtype
	316	*/
	317	struct asymmetric_key_subtype public_key_subtype = {
	318	.owner = THIS_MODULE,
	319	.name = "public_key",
876c6e3e	320	.name_len = sizeof("public_key") - 1,
a9681bf3 DH	321	.describe = public_key_describe,
a9681bf3 DH	322	.destroy = public_key_destroy,
82f94f24	323	.query = software_key_query,
c08fed73	324	.eds_op = software_key_eds_op,
3d167d68	325	.verify_signature = public_key_verify_signature_2,
a9681bf3 DH	326	};
a9681bf3 DH	327	EXPORT_SYMBOL_GPL(public_key_subtype);