crypto/asymmetric_keys/public_key.c

   1 /* In-software asymmetric public-key crypto subtype
   2  *
   3  * See Documentation/crypto/asymmetric-keys.txt
   4  *
   5  * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
   6  * Written by David Howells (dhowells@redhat.com)
   7  *
   8  * This program is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU General Public Licence
  10  * as published by the Free Software Foundation; either version
  11  * 2 of the Licence, or (at your option) any later version.
  12  */
  13
  14 #define pr_fmt(fmt) "PKEY: "fmt
  15 #include <linux/module.h>
  16 #include <linux/export.h>
  17 #include <linux/kernel.h>
  18 #include <linux/slab.h>
  19 #include <linux/seq_file.h>
  20 #include <linux/scatterlist.h>
  21 #include <keys/asymmetric-subtype.h>
  22 #include <crypto/public_key.h>
  23 #include <crypto/akcipher.h>
  24
  25 MODULE_DESCRIPTION("In-software asymmetric public-key subtype");
  26 MODULE_AUTHOR("Red Hat, Inc.");
  27 MODULE_LICENSE("GPL");
  28
  29 /*
  30  * Provide a part of a description of the key for /proc/keys.
  31  */
  32 static void public_key_describe(const struct key *asymmetric_key,
  33                                 struct seq_file *m)
  34 {
  35         struct public_key *key = asymmetric_key->payload.data[asym_crypto];
  36
  37         if (key)
  38                 seq_printf(m, "%s.%s", key->id_type, key->pkey_algo);
  39 }
  40
  41 /*
  42  * Destroy a public key algorithm key.
  43  */
  44 void public_key_free(struct public_key *key)
  45 {
  46         if (key) {
  47                 kfree(key->key);
  48                 kfree(key);
  49         }
  50 }
  51 EXPORT_SYMBOL_GPL(public_key_free);
  52
  53 /*
  54  * Destroy a public key algorithm key.
  55  */
  56 static void public_key_destroy(void *payload0, void *payload3)
  57 {
  58         public_key_free(payload0);
  59         public_key_signature_free(payload3);
  60 }
  61
  62 /*
  63  * Determine the crypto algorithm name.
  64  */
  65 static
  66 int software_key_determine_akcipher(const char *encoding,
  67                                     const char *hash_algo,
  68                                     const struct public_key *pkey,
  69                                     char alg_name[CRYPTO_MAX_ALG_NAME])
  70 {
  71         int n;
  72
  73         if (strcmp(encoding, "pkcs1") == 0) {
  74                 /* The data wangled by the RSA algorithm is typically padded
  75                  * and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447
  76                  * sec 8.2].
  77                  */
  78                 if (!hash_algo)
  79                         n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
  80                                      "pkcs1pad(%s)",
  81                                      pkey->pkey_algo);
  82                 else
  83                         n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
  84                                      "pkcs1pad(%s,%s)",
  85                                      pkey->pkey_algo, hash_algo);
  86                 return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0;
  87         }
  88
  89         if (strcmp(encoding, "raw") == 0) {
  90                 strcpy(alg_name, pkey->pkey_algo);
  91                 return 0;
  92         }
  93
  94         return -ENOPKG;
  95 }
  96
  97 /*
  98  * Query information about a key.
  99  */
 100 static int software_key_query(const struct kernel_pkey_params *params,
 101                               struct kernel_pkey_query *info)
 102 {
 103         struct crypto_akcipher *tfm;
 104         struct public_key *pkey = params->key->payload.data[asym_crypto];
 105         char alg_name[CRYPTO_MAX_ALG_NAME];
 106         int ret, len;
 107
 108         ret = software_key_determine_akcipher(params->encoding,
 109                                               params->hash_algo,
 110                                               pkey, alg_name);
 111         if (ret < 0)
 112                 return ret;
 113
 114         tfm = crypto_alloc_akcipher(alg_name, 0, 0);
 115         if (IS_ERR(tfm))
 116                 return PTR_ERR(tfm);
 117
 118         if (pkey->key_is_private)
 119                 ret = crypto_akcipher_set_priv_key(tfm,
 120                                                    pkey->key, pkey->keylen);
 121         else
 122                 ret = crypto_akcipher_set_pub_key(tfm,
 123                                                   pkey->key, pkey->keylen);
 124         if (ret < 0)
 125                 goto error_free_tfm;
 126
 127         len = crypto_akcipher_maxsize(tfm);
 128         info->key_size = len * 8;
 129         info->max_data_size = len;
 130         info->max_sig_size = len;
 131         info->max_enc_size = len;
 132         info->max_dec_size = len;
 133         info->supported_ops = (KEYCTL_SUPPORTS_ENCRYPT |
 134                                KEYCTL_SUPPORTS_VERIFY);
 135         if (pkey->key_is_private)
 136                 info->supported_ops |= (KEYCTL_SUPPORTS_DECRYPT |
 137                                         KEYCTL_SUPPORTS_SIGN);
 138         ret = 0;
 139
 140 error_free_tfm:
 141         crypto_free_akcipher(tfm);
 142         pr_devel("<==%s() = %d\n", __func__, ret);
 143         return ret;
 144 }
 145
 146 /*
 147  * Do encryption, decryption and signing ops.
 148  */
 149 static int software_key_eds_op(struct kernel_pkey_params *params,
 150                                const void *in, void *out)
 151 {
 152         const struct public_key *pkey = params->key->payload.data[asym_crypto];
 153         struct akcipher_request *req;
 154         struct crypto_akcipher *tfm;
 155         struct crypto_wait cwait;
 156         struct scatterlist in_sg, out_sg;
 157         char alg_name[CRYPTO_MAX_ALG_NAME];
 158         int ret;
 159
 160         pr_devel("==>%s()\n", __func__);
 161
 162         ret = software_key_determine_akcipher(params->encoding,
 163                                               params->hash_algo,
 164                                               pkey, alg_name);
 165         if (ret < 0)
 166                 return ret;
 167
 168         tfm = crypto_alloc_akcipher(alg_name, 0, 0);
 169         if (IS_ERR(tfm))
 170                 return PTR_ERR(tfm);
 171
 172         req = akcipher_request_alloc(tfm, GFP_KERNEL);
 173         if (!req)
 174                 goto error_free_tfm;
 175
 176         if (pkey->key_is_private)
 177                 ret = crypto_akcipher_set_priv_key(tfm,
 178                                                    pkey->key, pkey->keylen);
 179         else
 180                 ret = crypto_akcipher_set_pub_key(tfm,
 181                                                   pkey->key, pkey->keylen);
 182         if (ret)
 183                 goto error_free_req;
 184
 185         sg_init_one(&in_sg, in, params->in_len);
 186         sg_init_one(&out_sg, out, params->out_len);
 187         akcipher_request_set_crypt(req, &in_sg, &out_sg, params->in_len,
 188                                    params->out_len);
 189         crypto_init_wait(&cwait);
 190         akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
 191                                       CRYPTO_TFM_REQ_MAY_SLEEP,
 192                                       crypto_req_done, &cwait);
 193
 194         /* Perform the encryption calculation. */
 195         switch (params->op) {
 196         case kernel_pkey_encrypt:
 197                 ret = crypto_akcipher_encrypt(req);
 198                 break;
 199         case kernel_pkey_decrypt:
 200                 ret = crypto_akcipher_decrypt(req);
 201                 break;
 202         case kernel_pkey_sign:
 203                 ret = crypto_akcipher_sign(req);
 204                 break;
 205         default:
 206                 BUG();
 207         }
 208
 209         ret = crypto_wait_req(ret, &cwait);
 210         if (ret == 0)
 211                 ret = req->dst_len;
 212
 213 error_free_req:
 214         akcipher_request_free(req);
 215 error_free_tfm:
 216         crypto_free_akcipher(tfm);
 217         pr_devel("<==%s() = %d\n", __func__, ret);
 218         return ret;
 219 }
 220
 221 /*
 222  * Verify a signature using a public key.
 223  */
 224 int public_key_verify_signature(const struct public_key *pkey,
 225                                 const struct public_key_signature *sig)
 226 {
 227         struct crypto_wait cwait;
 228         struct crypto_akcipher *tfm;
 229         struct akcipher_request *req;
 230         struct scatterlist sig_sg, digest_sg;
 231         char alg_name[CRYPTO_MAX_ALG_NAME];
 232         void *output;
 233         unsigned int outlen;
 234         int ret;
 235
 236         pr_devel("==>%s()\n", __func__);
 237
 238         BUG_ON(!pkey);
 239         BUG_ON(!sig);
 240         BUG_ON(!sig->s);
 241
 242         ret = software_key_determine_akcipher(sig->encoding,
 243                                               sig->hash_algo,
 244                                               pkey, alg_name);
 245         if (ret < 0)
 246                 return ret;
 247
 248         tfm = crypto_alloc_akcipher(alg_name, 0, 0);
 249         if (IS_ERR(tfm))
 250                 return PTR_ERR(tfm);
 251
 252         ret = -ENOMEM;
 253         req = akcipher_request_alloc(tfm, GFP_KERNEL);
 254         if (!req)
 255                 goto error_free_tfm;
 256
 257         if (pkey->key_is_private)
 258                 ret = crypto_akcipher_set_priv_key(tfm,
 259                                                    pkey->key, pkey->keylen);
 260         else
 261                 ret = crypto_akcipher_set_pub_key(tfm,
 262                                                   pkey->key, pkey->keylen);
 263         if (ret)
 264                 goto error_free_req;
 265
 266         ret = -ENOMEM;
 267         outlen = crypto_akcipher_maxsize(tfm);
 268         output = kmalloc(outlen, GFP_KERNEL);
 269         if (!output)
 270                 goto error_free_req;
 271
 272         sg_init_one(&sig_sg, sig->s, sig->s_size);
 273         sg_init_one(&digest_sg, output, outlen);
 274         akcipher_request_set_crypt(req, &sig_sg, &digest_sg, sig->s_size,
 275                                    outlen);
 276         crypto_init_wait(&cwait);
 277         akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
 278                                       CRYPTO_TFM_REQ_MAY_SLEEP,
 279                                       crypto_req_done, &cwait);
 280
 281         /* Perform the verification calculation.  This doesn't actually do the
 282          * verification, but rather calculates the hash expected by the
 283          * signature and returns that to us.
 284          */
 285         ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
 286         if (ret)
 287                 goto out_free_output;
 288
 289         /* Do the actual verification step. */
 290         if (req->dst_len != sig->digest_size ||
 291             memcmp(sig->digest, output, sig->digest_size) != 0)
 292                 ret = -EKEYREJECTED;
 293
 294 out_free_output:
 295         kfree(output);
 296 error_free_req:
 297         akcipher_request_free(req);
 298 error_free_tfm:
 299         crypto_free_akcipher(tfm);
 300         pr_devel("<==%s() = %d\n", __func__, ret);
 301         if (WARN_ON_ONCE(ret > 0))
 302                 ret = -EINVAL;
 303         return ret;
 304 }
 305 EXPORT_SYMBOL_GPL(public_key_verify_signature);
 306
 307 static int public_key_verify_signature_2(const struct key *key,
 308                                          const struct public_key_signature *sig)
 309 {
 310         const struct public_key *pk = key->payload.data[asym_crypto];
 311         return public_key_verify_signature(pk, sig);
 312 }
 313
 314 /*
 315  * Public key algorithm asymmetric key subtype
 316  */
 317 struct asymmetric_key_subtype public_key_subtype = {
 318         .owner                  = THIS_MODULE,
 319         .name                   = "public_key",
 320         .name_len               = sizeof("public_key") - 1,
 321         .describe               = public_key_describe,
 322         .destroy                = public_key_destroy,
 323         .query                  = software_key_query,
 324         .eds_op                 = software_key_eds_op,
 325         .verify_signature       = public_key_verify_signature_2,
 326 };
 327 EXPORT_SYMBOL_GPL(public_key_subtype);