projects / linux-block.git / blame
| Commit | Line | Data |
|---|---|---|
| b4d0d230 | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
| a9681bf3 DH |
2 | /* In-software asymmetric public-key crypto subtype |
| 3 | * | |
| 0efaaa86 | 4 | * See Documentation/crypto/asymmetric-keys.rst |
| a9681bf3 DH |
5 | * |
| 6 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. | |
| 7 | * Written by David Howells (dhowells@redhat.com) | |
| a9681bf3 DH |
8 | */ |
| 9 | ||
| 10 | #define pr_fmt(fmt) "PKEY: "fmt | |
| 63ba4d67 HX |
11 | #include <crypto/akcipher.h> |
| 12 | #include <crypto/public_key.h> | |
| 13 | #include <crypto/sig.h> | |
| 14 | #include <keys/asymmetric-subtype.h> | |
| 15 | #include <linux/asn1.h> | |
| 16 | #include <linux/err.h> | |
| a9681bf3 | 17 | #include <linux/kernel.h> |
| 63ba4d67 | 18 | #include <linux/module.h> |
| a9681bf3 | 19 | #include <linux/seq_file.h> |
| 63ba4d67 HX |
20 | #include <linux/slab.h> |
| 21 | #include <linux/string.h> | |
| a9681bf3 | 22 | |
| 1e684d38 DH |
23 | MODULE_DESCRIPTION("In-software asymmetric public-key subtype"); |
| 24 | MODULE_AUTHOR("Red Hat, Inc."); | |
| a9681bf3 DH |
25 | MODULE_LICENSE("GPL"); |
| 26 | ||
| a9681bf3 DH |
27 | /* |
| 28 | * Provide a part of a description of the key for /proc/keys. | |
| 29 | */ | |
| 30 | static void public_key_describe(const struct key *asymmetric_key, | |
| 31 | struct seq_file *m) | |
| 32 | { | |
| 146aa8b1 | 33 | struct public_key *key = asymmetric_key->payload.data[asym_crypto]; |
| a9681bf3 DH |
34 | |
| 35 | if (key) | |
| 4e8ae72a | 36 | seq_printf(m, "%s.%s", key->id_type, key->pkey_algo); |
| a9681bf3 DH |
37 | } |
| 38 | ||
| 39 | /* | |
| 40 | * Destroy a public key algorithm key. | |
| 41 | */ | |
| 3b764563 | 42 | void public_key_free(struct public_key *key) |
| a9681bf3 | 43 | { |
| 3b764563 | 44 | if (key) { |
| 9f3fa6bc | 45 | kfree_sensitive(key->key); |
| f1774cb8 | 46 | kfree(key->params); |
| 3b764563 DH |
47 | kfree(key); |
| 48 | } | |
| 49 | } | |
| 50 | EXPORT_SYMBOL_GPL(public_key_free); | |
| 51 | ||
| 52 | /* | |
| 53 | * Destroy a public key algorithm key. | |
| 54 | */ | |
| 55 | static void public_key_destroy(void *payload0, void *payload3) | |
| 56 | { | |
| 57 | public_key_free(payload0); | |
| 58 | public_key_signature_free(payload3); | |
| a9681bf3 | 59 | } |
| a9681bf3 | 60 | |
| 82f94f24 | 61 | /* |
| 590bfb57 EB |
62 | * Given a public_key, and an encoding and hash_algo to be used for signing |
| 63 | * and/or verification with that key, determine the name of the corresponding | |
| 64 | * akcipher algorithm. Also check that encoding and hash_algo are allowed. | |
| 82f94f24 | 65 | */ |
| 590bfb57 EB |
66 | static int |
| 67 | software_key_determine_akcipher(const struct public_key *pkey, | |
| 68 | const char *encoding, const char *hash_algo, | |
| 63ba4d67 HX |
69 | char alg_name[CRYPTO_MAX_ALG_NAME], bool *sig, |
| 70 | enum kernel_pkey_operation op) | |
| 82f94f24 DH |
71 | { |
| 72 | int n; | |
| 73 | ||
| 63ba4d67 HX |
74 | *sig = true; |
| 75 | ||
| 590bfb57 EB |
76 | if (!encoding) |
| 77 | return -EINVAL; | |
| 78 | ||
| 79 | if (strcmp(pkey->pkey_algo, "rsa") == 0) { | |
| 80 | /* | |
| 81 | * RSA signatures usually use EMSA-PKCS1-1_5 [RFC3447 sec 8.2]. | |
| 82 | */ | |
| 83 | if (strcmp(encoding, "pkcs1") == 0) { | |
| b1195035 HX |
84 | *sig = op == kernel_pkey_sign || |
| 85 | op == kernel_pkey_verify; | |
| 63ba4d67 | 86 | if (!hash_algo) { |
| 590bfb57 EB |
87 | n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME, |
| 88 | "pkcs1pad(%s)", | |
| 89 | pkey->pkey_algo); | |
| 63ba4d67 | 90 | } else { |
| 590bfb57 EB |
91 | n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME, |
| 92 | "pkcs1pad(%s,%s)", | |
| 93 | pkey->pkey_algo, hash_algo); | |
| 63ba4d67 | 94 | } |
| 590bfb57 EB |
95 | return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0; |
| 96 | } | |
| 97 | if (strcmp(encoding, "raw") != 0) | |
| 98 | return -EINVAL; | |
| 99 | /* | |
| 100 | * Raw RSA cannot differentiate between different hash | |
| 101 | * algorithms. | |
| 102 | */ | |
| 103 | if (hash_algo) | |
| 104 | return -EINVAL; | |
| 63ba4d67 | 105 | *sig = false; |
| 590bfb57 EB |
106 | } else if (strncmp(pkey->pkey_algo, "ecdsa", 5) == 0) { |
| 107 | if (strcmp(encoding, "x962") != 0) | |
| 108 | return -EINVAL; | |
| 109 | /* | |
| 110 | * ECDSA signatures are taken over a raw hash, so they don't | |
| 111 | * differentiate between different hash algorithms. That means | |
| 112 | * that the verifier should hard-code a specific hash algorithm. | |
| 113 | * Unfortunately, in practice ECDSA is used with multiple SHAs, | |
| 114 | * so we have to allow all of them and not just one. | |
| 82f94f24 DH |
115 | */ |
| 116 | if (!hash_algo) | |
| 590bfb57 | 117 | return -EINVAL; |
| 203a6763 EB |
118 | if (strcmp(hash_algo, "sha1") != 0 && |
| 119 | strcmp(hash_algo, "sha224") != 0 && | |
| 590bfb57 EB |
120 | strcmp(hash_algo, "sha256") != 0 && |
| 121 | strcmp(hash_algo, "sha384") != 0 && | |
| fdb4f66c DJL |
122 | strcmp(hash_algo, "sha512") != 0 && |
| 123 | strcmp(hash_algo, "sha3-256") != 0 && | |
| 124 | strcmp(hash_algo, "sha3-384") != 0 && | |
| 125 | strcmp(hash_algo, "sha3-512") != 0) | |
| 590bfb57 EB |
126 | return -EINVAL; |
| 127 | } else if (strcmp(pkey->pkey_algo, "sm2") == 0) { | |
| 128 | if (strcmp(encoding, "raw") != 0) | |
| 129 | return -EINVAL; | |
| 130 | if (!hash_algo) | |
| 131 | return -EINVAL; | |
| 132 | if (strcmp(hash_algo, "sm3") != 0) | |
| 133 | return -EINVAL; | |
| 134 | } else if (strcmp(pkey->pkey_algo, "ecrdsa") == 0) { | |
| 135 | if (strcmp(encoding, "raw") != 0) | |
| 136 | return -EINVAL; | |
| 137 | if (!hash_algo) | |
| 138 | return -EINVAL; | |
| 139 | if (strcmp(hash_algo, "streebog256") != 0 && | |
| 140 | strcmp(hash_algo, "streebog512") != 0) | |
| 141 | return -EINVAL; | |
| 142 | } else { | |
| 143 | /* Unknown public key algorithm */ | |
| 144 | return -ENOPKG; | |
| 82f94f24 | 145 | } |
| 590bfb57 EB |
146 | if (strscpy(alg_name, pkey->pkey_algo, CRYPTO_MAX_ALG_NAME) < 0) |
| 147 | return -EINVAL; | |
| 148 | return 0; | |
| 82f94f24 DH |
149 | } |
| 150 | ||
| f1774cb8 VC |
151 | static u8 *pkey_pack_u32(u8 *dst, u32 val) |
| 152 | { | |
| 153 | memcpy(dst, &val, sizeof(val)); | |
| 154 | return dst + sizeof(val); | |
| 155 | } | |
| 156 | ||
| 82f94f24 DH |
157 | /* |
| 158 | * Query information about a key. | |
| 159 | */ | |
| 160 | static int software_key_query(const struct kernel_pkey_params *params, | |
| 161 | struct kernel_pkey_query *info) | |
| 162 | { | |
| 163 | struct crypto_akcipher *tfm; | |
| 164 | struct public_key *pkey = params->key->payload.data[asym_crypto]; | |
| 165 | char alg_name[CRYPTO_MAX_ALG_NAME]; | |
| 63ba4d67 | 166 | struct crypto_sig *sig; |
| f1774cb8 | 167 | u8 *key, *ptr; |
| 82f94f24 | 168 | int ret, len; |
| 63ba4d67 | 169 | bool issig; |
| 82f94f24 | 170 | |
| 590bfb57 | 171 | ret = software_key_determine_akcipher(pkey, params->encoding, |
| 63ba4d67 HX |
172 | params->hash_algo, alg_name, |
| 173 | &issig, kernel_pkey_sign); | |
| 82f94f24 DH |
174 | if (ret < 0) |
| 175 | return ret; | |
| 176 | ||
| f1774cb8 VC |
177 | key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen, |
| 178 | GFP_KERNEL); | |
| 179 | if (!key) | |
| 63ba4d67 HX |
180 | return -ENOMEM; |
| 181 | ||
| f1774cb8 VC |
182 | memcpy(key, pkey->key, pkey->keylen); |
| 183 | ptr = key + pkey->keylen; | |
| 184 | ptr = pkey_pack_u32(ptr, pkey->algo); | |
| 185 | ptr = pkey_pack_u32(ptr, pkey->paramlen); | |
| 186 | memcpy(ptr, pkey->params, pkey->paramlen); | |
| 187 | ||
| 63ba4d67 HX |
188 | if (issig) { |
| 189 | sig = crypto_alloc_sig(alg_name, 0, 0); | |
| 9e9311e0 DC |
190 | if (IS_ERR(sig)) { |
| 191 | ret = PTR_ERR(sig); | |
| 63ba4d67 | 192 | goto error_free_key; |
| 9e9311e0 | 193 | } |
| 63ba4d67 HX |
194 | |
| 195 | if (pkey->key_is_private) | |
| 196 | ret = crypto_sig_set_privkey(sig, key, pkey->keylen); | |
| 197 | else | |
| 198 | ret = crypto_sig_set_pubkey(sig, key, pkey->keylen); | |
| 199 | if (ret < 0) | |
| 200 | goto error_free_tfm; | |
| 201 | ||
| 202 | len = crypto_sig_maxsize(sig); | |
| 203 | ||
| 204 | info->supported_ops = KEYCTL_SUPPORTS_VERIFY; | |
| 205 | if (pkey->key_is_private) | |
| 206 | info->supported_ops |= KEYCTL_SUPPORTS_SIGN; | |
| 207 | ||
| 208 | if (strcmp(params->encoding, "pkcs1") == 0) { | |
| 209 | info->supported_ops |= KEYCTL_SUPPORTS_ENCRYPT; | |
| 210 | if (pkey->key_is_private) | |
| 211 | info->supported_ops |= KEYCTL_SUPPORTS_DECRYPT; | |
| 212 | } | |
| 213 | } else { | |
| 214 | tfm = crypto_alloc_akcipher(alg_name, 0, 0); | |
| 9e9311e0 DC |
215 | if (IS_ERR(tfm)) { |
| 216 | ret = PTR_ERR(tfm); | |
| 63ba4d67 | 217 | goto error_free_key; |
| 9e9311e0 | 218 | } |
| 63ba4d67 HX |
219 | |
| 220 | if (pkey->key_is_private) | |
| 221 | ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen); | |
| 222 | else | |
| 223 | ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen); | |
| 224 | if (ret < 0) | |
| 225 | goto error_free_tfm; | |
| 226 | ||
| 227 | len = crypto_akcipher_maxsize(tfm); | |
| 228 | ||
| 229 | info->supported_ops = KEYCTL_SUPPORTS_ENCRYPT; | |
| 230 | if (pkey->key_is_private) | |
| 231 | info->supported_ops |= KEYCTL_SUPPORTS_DECRYPT; | |
| 232 | } | |
| 82f94f24 | 233 | |
| 82f94f24 | 234 | info->key_size = len * 8; |
| 10de7b54 DK |
235 | |
| 236 | if (strncmp(pkey->pkey_algo, "ecdsa", 5) == 0) { | |
| 237 | /* | |
| 238 | * ECDSA key sizes are much smaller than RSA, and thus could | |
| 239 | * operate on (hashed) inputs that are larger than key size. | |
| 240 | * For example SHA384-hashed input used with secp256r1 | |
| 241 | * based keys. Set max_data_size to be at least as large as | |
| 242 | * the largest supported hash size (SHA512) | |
| 243 | */ | |
| 244 | info->max_data_size = 64; | |
| 245 | ||
| 246 | /* | |
| 247 | * Verify takes ECDSA-Sig (described in RFC 5480) as input, | |
| 248 | * which is actually 2 'key_size'-bit integers encoded in | |
| 249 | * ASN.1. Account for the ASN.1 encoding overhead here. | |
| 250 | */ | |
| 251 | info->max_sig_size = 2 * (len + 3) + 2; | |
| 252 | } else { | |
| 253 | info->max_data_size = len; | |
| 254 | info->max_sig_size = len; | |
| 255 | } | |
| 256 | ||
| 82f94f24 DH |
257 | info->max_enc_size = len; |
| 258 | info->max_dec_size = len; | |
| 63ba4d67 | 259 | |
| 82f94f24 DH |
260 | ret = 0; |
| 261 | ||
| 63ba4d67 HX |
262 | error_free_tfm: |
| 263 | if (issig) | |
| 264 | crypto_free_sig(sig); | |
| 265 | else | |
| 266 | crypto_free_akcipher(tfm); | |
| f1774cb8 | 267 | error_free_key: |
| 9f3fa6bc | 268 | kfree_sensitive(key); |
| 82f94f24 DH |
269 | pr_devel("<==%s() = %d\n", __func__, ret); |
| 270 | return ret; | |
| 271 | } | |
| 272 | ||
| c08fed73 DH |
273 | /* |
| 274 | * Do encryption, decryption and signing ops. | |
| 275 | */ | |
| 276 | static int software_key_eds_op(struct kernel_pkey_params *params, | |
| 277 | const void *in, void *out) | |
| 278 | { | |
| 279 | const struct public_key *pkey = params->key->payload.data[asym_crypto]; | |
| c08fed73 | 280 | char alg_name[CRYPTO_MAX_ALG_NAME]; |
| 63ba4d67 HX |
281 | struct crypto_akcipher *tfm; |
| 282 | struct crypto_sig *sig; | |
| f1774cb8 | 283 | char *key, *ptr; |
| 63ba4d67 HX |
284 | bool issig; |
| 285 | int ksz; | |
| c08fed73 DH |
286 | int ret; |
| 287 | ||
| 288 | pr_devel("==>%s()\n", __func__); | |
| 289 | ||
| 590bfb57 | 290 | ret = software_key_determine_akcipher(pkey, params->encoding, |
| 63ba4d67 HX |
291 | params->hash_algo, alg_name, |
| 292 | &issig, params->op); | |
| c08fed73 DH |
293 | if (ret < 0) |
| 294 | return ret; | |
| 295 | ||
| f1774cb8 VC |
296 | key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen, |
| 297 | GFP_KERNEL); | |
| 298 | if (!key) | |
| 63ba4d67 | 299 | return -ENOMEM; |
| f1774cb8 VC |
300 | |
| 301 | memcpy(key, pkey->key, pkey->keylen); | |
| 302 | ptr = key + pkey->keylen; | |
| 303 | ptr = pkey_pack_u32(ptr, pkey->algo); | |
| 304 | ptr = pkey_pack_u32(ptr, pkey->paramlen); | |
| 305 | memcpy(ptr, pkey->params, pkey->paramlen); | |
| 306 | ||
| 63ba4d67 HX |
307 | if (issig) { |
| 308 | sig = crypto_alloc_sig(alg_name, 0, 0); | |
| 9e9311e0 DC |
309 | if (IS_ERR(sig)) { |
| 310 | ret = PTR_ERR(sig); | |
| 63ba4d67 | 311 | goto error_free_key; |
| 9e9311e0 | 312 | } |
| 63ba4d67 HX |
313 | |
| 314 | if (pkey->key_is_private) | |
| 315 | ret = crypto_sig_set_privkey(sig, key, pkey->keylen); | |
| 316 | else | |
| 317 | ret = crypto_sig_set_pubkey(sig, key, pkey->keylen); | |
| 318 | if (ret) | |
| 319 | goto error_free_tfm; | |
| 320 | ||
| 321 | ksz = crypto_sig_maxsize(sig); | |
| 322 | } else { | |
| 323 | tfm = crypto_alloc_akcipher(alg_name, 0, 0); | |
| 9e9311e0 DC |
324 | if (IS_ERR(tfm)) { |
| 325 | ret = PTR_ERR(tfm); | |
| 63ba4d67 | 326 | goto error_free_key; |
| 9e9311e0 | 327 | } |
| 63ba4d67 HX |
328 | |
| 329 | if (pkey->key_is_private) | |
| 330 | ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen); | |
| 331 | else | |
| 332 | ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen); | |
| 333 | if (ret) | |
| 334 | goto error_free_tfm; | |
| 335 | ||
| 336 | ksz = crypto_akcipher_maxsize(tfm); | |
| 337 | } | |
| c08fed73 | 338 | |
| 63ba4d67 | 339 | ret = -EINVAL; |
| c08fed73 DH |
340 | |
| 341 | /* Perform the encryption calculation. */ | |
| 342 | switch (params->op) { | |
| 343 | case kernel_pkey_encrypt: | |
| 63ba4d67 HX |
344 | if (issig) |
| 345 | break; | |
| 346 | ret = crypto_akcipher_sync_encrypt(tfm, in, params->in_len, | |
| 347 | out, params->out_len); | |
| c08fed73 DH |
348 | break; |
| 349 | case kernel_pkey_decrypt: | |
| 63ba4d67 HX |
350 | if (issig) |
| 351 | break; | |
| 352 | ret = crypto_akcipher_sync_decrypt(tfm, in, params->in_len, | |
| 353 | out, params->out_len); | |
| c08fed73 DH |
354 | break; |
| 355 | case kernel_pkey_sign: | |
| 63ba4d67 HX |
356 | if (!issig) |
| 357 | break; | |
| 358 | ret = crypto_sig_sign(sig, in, params->in_len, | |
| 359 | out, params->out_len); | |
| c08fed73 DH |
360 | break; |
| 361 | default: | |
| 362 | BUG(); | |
| 363 | } | |
| 364 | ||
| c08fed73 | 365 | if (ret == 0) |
| 63ba4d67 | 366 | ret = ksz; |
| c08fed73 | 367 | |
| 63ba4d67 HX |
368 | error_free_tfm: |
| 369 | if (issig) | |
| 370 | crypto_free_sig(sig); | |
| 371 | else | |
| 372 | crypto_free_akcipher(tfm); | |
| f1774cb8 | 373 | error_free_key: |
| 9f3fa6bc | 374 | kfree_sensitive(key); |
| c08fed73 DH |
375 | pr_devel("<==%s() = %d\n", __func__, ret); |
| 376 | return ret; | |
| 377 | } | |
| 378 | ||
| a9681bf3 DH |
379 | /* |
| 380 | * Verify a signature using a public key. | |
| 381 | */ | |
| db6c43bd | 382 | int public_key_verify_signature(const struct public_key *pkey, |
| 3d167d68 | 383 | const struct public_key_signature *sig) |
| a9681bf3 | 384 | { |
| 82f94f24 | 385 | char alg_name[CRYPTO_MAX_ALG_NAME]; |
| 63ba4d67 | 386 | struct crypto_sig *tfm; |
| f1774cb8 | 387 | char *key, *ptr; |
| 63ba4d67 | 388 | bool issig; |
| 72f9a07b | 389 | int ret; |
| d43de6c7 DH |
390 | |
| 391 | pr_devel("==>%s()\n", __func__); | |
| 392 | ||
| db6c43bd | 393 | BUG_ON(!pkey); |
| 3d167d68 | 394 | BUG_ON(!sig); |
| db6c43bd | 395 | BUG_ON(!sig->s); |
| a9681bf3 | 396 | |
| 2abc9c24 EB |
397 | /* |
| 398 | * If the signature specifies a public key algorithm, it *must* match | |
| 399 | * the key's actual public key algorithm. | |
| 400 | * | |
| 401 | * Small exception: ECDSA signatures don't specify the curve, but ECDSA | |
| 402 | * keys do. So the strings can mismatch slightly in that case: | |
| 403 | * "ecdsa-nist-*" for the key, but "ecdsa" for the signature. | |
| 404 | */ | |
| 405 | if (sig->pkey_algo) { | |
| 406 | if (strcmp(pkey->pkey_algo, sig->pkey_algo) != 0 && | |
| 407 | (strncmp(pkey->pkey_algo, "ecdsa-", 6) != 0 || | |
| 408 | strcmp(sig->pkey_algo, "ecdsa") != 0)) | |
| 409 | return -EKEYREJECTED; | |
| 410 | } | |
| 411 | ||
| 590bfb57 | 412 | ret = software_key_determine_akcipher(pkey, sig->encoding, |
| 63ba4d67 HX |
413 | sig->hash_algo, alg_name, |
| 414 | &issig, kernel_pkey_verify); | |
| 82f94f24 DH |
415 | if (ret < 0) |
| 416 | return ret; | |
| d43de6c7 | 417 | |
| 63ba4d67 | 418 | tfm = crypto_alloc_sig(alg_name, 0, 0); |
| d43de6c7 DH |
419 | if (IS_ERR(tfm)) |
| 420 | return PTR_ERR(tfm); | |
| 421 | ||
| f1774cb8 VC |
422 | key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen, |
| 423 | GFP_KERNEL); | |
| 9e9311e0 DC |
424 | if (!key) { |
| 425 | ret = -ENOMEM; | |
| 63ba4d67 | 426 | goto error_free_tfm; |
| 9e9311e0 | 427 | } |
| f1774cb8 VC |
428 | |
| 429 | memcpy(key, pkey->key, pkey->keylen); | |
| 430 | ptr = key + pkey->keylen; | |
| 431 | ptr = pkey_pack_u32(ptr, pkey->algo); | |
| 432 | ptr = pkey_pack_u32(ptr, pkey->paramlen); | |
| 433 | memcpy(ptr, pkey->params, pkey->paramlen); | |
| 434 | ||
| f7c4e06e | 435 | if (pkey->key_is_private) |
| 63ba4d67 | 436 | ret = crypto_sig_set_privkey(tfm, key, pkey->keylen); |
| f7c4e06e | 437 | else |
| 63ba4d67 | 438 | ret = crypto_sig_set_pubkey(tfm, key, pkey->keylen); |
| d43de6c7 | 439 | if (ret) |
| f1774cb8 | 440 | goto error_free_key; |
| d43de6c7 | 441 | |
| 63ba4d67 HX |
442 | ret = crypto_sig_verify(tfm, sig->s, sig->s_size, |
| 443 | sig->digest, sig->digest_size); | |
| a9681bf3 | 444 | |
| f1774cb8 | 445 | error_free_key: |
| 9f3fa6bc | 446 | kfree_sensitive(key); |
| d43de6c7 | 447 | error_free_tfm: |
| 63ba4d67 | 448 | crypto_free_sig(tfm); |
| d43de6c7 | 449 | pr_devel("<==%s() = %d\n", __func__, ret); |
| 72f9a07b EB |
450 | if (WARN_ON_ONCE(ret > 0)) |
| 451 | ret = -EINVAL; | |
| d43de6c7 | 452 | return ret; |
| 3d167d68 DH |
453 | } |
| 454 | EXPORT_SYMBOL_GPL(public_key_verify_signature); | |
| 455 | ||
| 456 | static int public_key_verify_signature_2(const struct key *key, | |
| 457 | const struct public_key_signature *sig) | |
| 458 | { | |
| 146aa8b1 | 459 | const struct public_key *pk = key->payload.data[asym_crypto]; |
| 3d167d68 | 460 | return public_key_verify_signature(pk, sig); |
| a9681bf3 DH |
461 | } |
| 462 | ||
| 463 | /* | |
| 464 | * Public key algorithm asymmetric key subtype | |
| 465 | */ | |
| 466 | struct asymmetric_key_subtype public_key_subtype = { | |
| 467 | .owner = THIS_MODULE, | |
| 468 | .name = "public_key", | |
| 876c6e3e | 469 | .name_len = sizeof("public_key") - 1, |
| a9681bf3 DH |
470 | .describe = public_key_describe, |
| 471 | .destroy = public_key_destroy, | |
| 82f94f24 | 472 | .query = software_key_query, |
| c08fed73 | 473 | .eds_op = software_key_eds_op, |
| 3d167d68 | 474 | .verify_signature = public_key_verify_signature_2, |
| a9681bf3 DH |
475 | }; |
| 476 | EXPORT_SYMBOL_GPL(public_key_subtype); |