2015-06-16 20:30:55 +03:00
/*
* Public Key Encryption
*
* Copyright ( c ) 2015 , Intel Corporation
* Authors : Tadeusz Struk < tadeusz . struk @ intel . com >
*
* This program is free software ; you can redistribute it and / or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation ; either version 2 of the License , or ( at your option )
* any later version .
*
*/
# ifndef _CRYPTO_AKCIPHER_H
# define _CRYPTO_AKCIPHER_H
# include <linux/crypto.h>
/**
* struct akcipher_request - public key request
*
* @ base : Common attributes for async crypto requests
2015-10-08 19:26:55 +03:00
* @ src : Source data
crypto: akcipher - new verify API for public key algorithms
Previous akcipher .verify() just `decrypts' (using RSA encrypt which is
using public key) signature to uncover message hash, which was then
compared in upper level public_key_verify_signature() with the expected
hash value, which itself was never passed into verify().
This approach was incompatible with EC-DSA family of algorithms,
because, to verify a signature EC-DSA algorithm also needs a hash value
as input; then it's used (together with a signature divided into halves
`r||s') to produce a witness value, which is then compared with `r' to
determine if the signature is correct. Thus, for EC-DSA, nor
requirements of .verify() itself, nor its output expectations in
public_key_verify_signature() wasn't sufficient.
Make improved .verify() call which gets hash value as input and produce
complete signature check without any output besides status.
Now for the top level verification only crypto_akcipher_verify() needs
to be called and its return value inspected.
Make sure that `digest' is in kmalloc'd memory (in place of `output`) in
{public,tpm}_key_verify_signature() as insisted by Herbert Xu, and will
be changed in the following commit.
Cc: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Reviewed-by: Denis Kenzior <denkenz@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-04-11 18:51:15 +03:00
* For verify op this is signature + digest , in that case
* total size of @ src is @ src_len + @ dst_len .
* @ dst : Destination data ( Should be NULL for verify op )
2015-10-08 19:26:55 +03:00
* @ src_len : Size of the input buffer
crypto: akcipher - new verify API for public key algorithms
Previous akcipher .verify() just `decrypts' (using RSA encrypt which is
using public key) signature to uncover message hash, which was then
compared in upper level public_key_verify_signature() with the expected
hash value, which itself was never passed into verify().
This approach was incompatible with EC-DSA family of algorithms,
because, to verify a signature EC-DSA algorithm also needs a hash value
as input; then it's used (together with a signature divided into halves
`r||s') to produce a witness value, which is then compared with `r' to
determine if the signature is correct. Thus, for EC-DSA, nor
requirements of .verify() itself, nor its output expectations in
public_key_verify_signature() wasn't sufficient.
Make improved .verify() call which gets hash value as input and produce
complete signature check without any output besides status.
Now for the top level verification only crypto_akcipher_verify() needs
to be called and its return value inspected.
Make sure that `digest' is in kmalloc'd memory (in place of `output`) in
{public,tpm}_key_verify_signature() as insisted by Herbert Xu, and will
be changed in the following commit.
Cc: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Reviewed-by: Denis Kenzior <denkenz@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-04-11 18:51:15 +03:00
* For verify op it ' s size of signature part of @ src , this part
* is supposed to be operated by cipher .
* @ dst_len : Size of @ dst buffer ( for all ops except verify ) .
* It needs to be at least as big as the expected result
* depending on the operation .
2015-12-08 11:00:23 +03:00
* After operation it will be updated with the actual size of the
2015-10-08 19:26:55 +03:00
* result .
* In case of error where the dst sgl size was insufficient ,
2015-06-16 20:30:55 +03:00
* it will be updated to the size required for the operation .
crypto: akcipher - new verify API for public key algorithms
Previous akcipher .verify() just `decrypts' (using RSA encrypt which is
using public key) signature to uncover message hash, which was then
compared in upper level public_key_verify_signature() with the expected
hash value, which itself was never passed into verify().
This approach was incompatible with EC-DSA family of algorithms,
because, to verify a signature EC-DSA algorithm also needs a hash value
as input; then it's used (together with a signature divided into halves
`r||s') to produce a witness value, which is then compared with `r' to
determine if the signature is correct. Thus, for EC-DSA, nor
requirements of .verify() itself, nor its output expectations in
public_key_verify_signature() wasn't sufficient.
Make improved .verify() call which gets hash value as input and produce
complete signature check without any output besides status.
Now for the top level verification only crypto_akcipher_verify() needs
to be called and its return value inspected.
Make sure that `digest' is in kmalloc'd memory (in place of `output`) in
{public,tpm}_key_verify_signature() as insisted by Herbert Xu, and will
be changed in the following commit.
Cc: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Reviewed-by: Denis Kenzior <denkenz@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-04-11 18:51:15 +03:00
* For verify op this is size of digest part in @ src .
2015-06-16 20:30:55 +03:00
* @ __ctx : Start of private context data
*/
struct akcipher_request {
struct crypto_async_request base ;
2015-10-08 19:26:55 +03:00
struct scatterlist * src ;
struct scatterlist * dst ;
2015-06-16 20:30:55 +03:00
unsigned int src_len ;
unsigned int dst_len ;
void * __ctx [ ] CRYPTO_MINALIGN_ATTR ;
} ;
/**
* struct crypto_akcipher - user - instantiated objects which encapsulate
* algorithms and core processing logic
*
* @ base : Common crypto API algorithm data structure
*/
struct crypto_akcipher {
struct crypto_tfm base ;
} ;
/**
* struct akcipher_alg - generic public key algorithm
*
* @ sign : Function performs a sign operation as defined by public key
* algorithm . In case of error , where the dst_len was insufficient ,
* the req - > dst_len will be updated to the size required for the
* operation
crypto: akcipher - new verify API for public key algorithms
Previous akcipher .verify() just `decrypts' (using RSA encrypt which is
using public key) signature to uncover message hash, which was then
compared in upper level public_key_verify_signature() with the expected
hash value, which itself was never passed into verify().
This approach was incompatible with EC-DSA family of algorithms,
because, to verify a signature EC-DSA algorithm also needs a hash value
as input; then it's used (together with a signature divided into halves
`r||s') to produce a witness value, which is then compared with `r' to
determine if the signature is correct. Thus, for EC-DSA, nor
requirements of .verify() itself, nor its output expectations in
public_key_verify_signature() wasn't sufficient.
Make improved .verify() call which gets hash value as input and produce
complete signature check without any output besides status.
Now for the top level verification only crypto_akcipher_verify() needs
to be called and its return value inspected.
Make sure that `digest' is in kmalloc'd memory (in place of `output`) in
{public,tpm}_key_verify_signature() as insisted by Herbert Xu, and will
be changed in the following commit.
Cc: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Reviewed-by: Denis Kenzior <denkenz@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-04-11 18:51:15 +03:00
* @ verify : Function performs a complete verify operation as defined by
* public key algorithm , returning verification status . Requires
* digest value as input parameter .
2015-12-08 11:00:23 +03:00
* @ encrypt : Function performs an encrypt operation as defined by public key
2015-06-16 20:30:55 +03:00
* algorithm . In case of error , where the dst_len was insufficient ,
* the req - > dst_len will be updated to the size required for the
* operation
* @ decrypt : Function performs a decrypt operation as defined by public key
* algorithm . In case of error , where the dst_len was insufficient ,
* the req - > dst_len will be updated to the size required for the
* operation
2015-10-08 19:26:55 +03:00
* @ set_pub_key : Function invokes the algorithm specific set public key
* function , which knows how to decode and interpret
2019-04-11 18:51:17 +03:00
* the BER encoded public key and parameters
2015-10-08 19:26:55 +03:00
* @ set_priv_key : Function invokes the algorithm specific set private key
* function , which knows how to decode and interpret
2019-04-11 18:51:17 +03:00
* the BER encoded private key and parameters
2015-12-08 11:00:23 +03:00
* @ max_size : Function returns dest buffer size required for a given key .
2015-06-16 20:30:55 +03:00
* @ init : Initialize the cryptographic transformation object .
* This function is used to initialize the cryptographic
* transformation object . This function is called only once at
* the instantiation time , right after the transformation context
* was allocated . In case the cryptographic hardware has some
* special requirements which need to be handled by software , this
* function shall check for the precise requirement of the
* transformation and put any software fallbacks in place .
* @ exit : Deinitialize the cryptographic transformation object . This is a
* counterpart to @ init , used to remove various changes set in
* @ init .
*
* @ reqsize : Request context size required by algorithm implementation
* @ base : Common crypto API algorithm data structure
*/
struct akcipher_alg {
int ( * sign ) ( struct akcipher_request * req ) ;
int ( * verify ) ( struct akcipher_request * req ) ;
int ( * encrypt ) ( struct akcipher_request * req ) ;
int ( * decrypt ) ( struct akcipher_request * req ) ;
2015-10-08 19:26:55 +03:00
int ( * set_pub_key ) ( struct crypto_akcipher * tfm , const void * key ,
unsigned int keylen ) ;
int ( * set_priv_key ) ( struct crypto_akcipher * tfm , const void * key ,
unsigned int keylen ) ;
2017-05-25 10:18:12 +03:00
unsigned int ( * max_size ) ( struct crypto_akcipher * tfm ) ;
2015-06-16 20:30:55 +03:00
int ( * init ) ( struct crypto_akcipher * tfm ) ;
void ( * exit ) ( struct crypto_akcipher * tfm ) ;
unsigned int reqsize ;
struct crypto_alg base ;
} ;
/**
* DOC : Generic Public Key API
*
* The Public Key API is used with the algorithms of type
* CRYPTO_ALG_TYPE_AKCIPHER ( listed as type " akcipher " in / proc / crypto )
*/
/**
2016-02-16 13:32:06 +03:00
* crypto_alloc_akcipher ( ) - allocate AKCIPHER tfm handle
2015-06-16 20:30:55 +03:00
* @ alg_name : is the cra_name / name or cra_driver_name / driver name of the
* public key algorithm e . g . " rsa "
* @ type : specifies the type of the algorithm
* @ mask : specifies the mask for the algorithm
*
* Allocate a handle for public key algorithm . The returned struct
* crypto_akcipher is the handle that is required for any subsequent
* API invocation for the public key operations .
*
* Return : allocated handle in case of success ; IS_ERR ( ) is true in case
* of an error , PTR_ERR ( ) returns the error code .
*/
struct crypto_akcipher * crypto_alloc_akcipher ( const char * alg_name , u32 type ,
u32 mask ) ;
static inline struct crypto_tfm * crypto_akcipher_tfm (
struct crypto_akcipher * tfm )
{
return & tfm - > base ;
}
static inline struct akcipher_alg * __crypto_akcipher_alg ( struct crypto_alg * alg )
{
return container_of ( alg , struct akcipher_alg , base ) ;
}
static inline struct crypto_akcipher * __crypto_akcipher_tfm (
struct crypto_tfm * tfm )
{
return container_of ( tfm , struct crypto_akcipher , base ) ;
}
static inline struct akcipher_alg * crypto_akcipher_alg (
struct crypto_akcipher * tfm )
{
return __crypto_akcipher_alg ( crypto_akcipher_tfm ( tfm ) - > __crt_alg ) ;
}
static inline unsigned int crypto_akcipher_reqsize ( struct crypto_akcipher * tfm )
{
return crypto_akcipher_alg ( tfm ) - > reqsize ;
}
static inline void akcipher_request_set_tfm ( struct akcipher_request * req ,
struct crypto_akcipher * tfm )
{
req - > base . tfm = crypto_akcipher_tfm ( tfm ) ;
}
static inline struct crypto_akcipher * crypto_akcipher_reqtfm (
struct akcipher_request * req )
{
return __crypto_akcipher_tfm ( req - > base . tfm ) ;
}
/**
2016-02-16 13:32:06 +03:00
* crypto_free_akcipher ( ) - free AKCIPHER tfm handle
2015-06-16 20:30:55 +03:00
*
* @ tfm : AKCIPHER tfm handle allocated with crypto_alloc_akcipher ( )
*/
static inline void crypto_free_akcipher ( struct crypto_akcipher * tfm )
{
crypto_destroy_tfm ( tfm , crypto_akcipher_tfm ( tfm ) ) ;
}
/**
2016-02-16 13:32:06 +03:00
* akcipher_request_alloc ( ) - allocates public key request
2015-06-16 20:30:55 +03:00
*
* @ tfm : AKCIPHER tfm handle allocated with crypto_alloc_akcipher ( )
* @ gfp : allocation flags
*
* Return : allocated handle in case of success or NULL in case of an error .
*/
static inline struct akcipher_request * akcipher_request_alloc (
struct crypto_akcipher * tfm , gfp_t gfp )
{
struct akcipher_request * req ;
req = kmalloc ( sizeof ( * req ) + crypto_akcipher_reqsize ( tfm ) , gfp ) ;
if ( likely ( req ) )
akcipher_request_set_tfm ( req , tfm ) ;
return req ;
}
/**
2016-02-16 13:32:06 +03:00
* akcipher_request_free ( ) - zeroize and free public key request
2015-06-16 20:30:55 +03:00
*
* @ req : request to free
*/
static inline void akcipher_request_free ( struct akcipher_request * req )
{
kzfree ( req ) ;
}
/**
2016-02-16 13:32:06 +03:00
* akcipher_request_set_callback ( ) - Sets an asynchronous callback .
2015-06-16 20:30:55 +03:00
*
* Callback will be called when an asynchronous operation on a given
* request is finished .
*
* @ req : request that the callback will be set for
* @ flgs : specify for instance if the operation may backlog
2016-02-16 13:32:06 +03:00
* @ cmpl : callback which will be called
2015-06-16 20:30:55 +03:00
* @ data : private data used by the caller
*/
static inline void akcipher_request_set_callback ( struct akcipher_request * req ,
u32 flgs ,
crypto_completion_t cmpl ,
void * data )
{
req - > base . complete = cmpl ;
req - > base . data = data ;
req - > base . flags = flgs ;
}
/**
2016-02-16 13:32:06 +03:00
* akcipher_request_set_crypt ( ) - Sets request parameters
2015-06-16 20:30:55 +03:00
*
* Sets parameters required by crypto operation
*
* @ req : public key request
2015-10-08 19:26:55 +03:00
* @ src : ptr to input scatter list
crypto: akcipher - new verify API for public key algorithms
Previous akcipher .verify() just `decrypts' (using RSA encrypt which is
using public key) signature to uncover message hash, which was then
compared in upper level public_key_verify_signature() with the expected
hash value, which itself was never passed into verify().
This approach was incompatible with EC-DSA family of algorithms,
because, to verify a signature EC-DSA algorithm also needs a hash value
as input; then it's used (together with a signature divided into halves
`r||s') to produce a witness value, which is then compared with `r' to
determine if the signature is correct. Thus, for EC-DSA, nor
requirements of .verify() itself, nor its output expectations in
public_key_verify_signature() wasn't sufficient.
Make improved .verify() call which gets hash value as input and produce
complete signature check without any output besides status.
Now for the top level verification only crypto_akcipher_verify() needs
to be called and its return value inspected.
Make sure that `digest' is in kmalloc'd memory (in place of `output`) in
{public,tpm}_key_verify_signature() as insisted by Herbert Xu, and will
be changed in the following commit.
Cc: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Reviewed-by: Denis Kenzior <denkenz@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-04-11 18:51:15 +03:00
* @ dst : ptr to output scatter list or NULL for verify op
2015-10-08 19:26:55 +03:00
* @ src_len : size of the src input scatter list to be processed
crypto: akcipher - new verify API for public key algorithms
Previous akcipher .verify() just `decrypts' (using RSA encrypt which is
using public key) signature to uncover message hash, which was then
compared in upper level public_key_verify_signature() with the expected
hash value, which itself was never passed into verify().
This approach was incompatible with EC-DSA family of algorithms,
because, to verify a signature EC-DSA algorithm also needs a hash value
as input; then it's used (together with a signature divided into halves
`r||s') to produce a witness value, which is then compared with `r' to
determine if the signature is correct. Thus, for EC-DSA, nor
requirements of .verify() itself, nor its output expectations in
public_key_verify_signature() wasn't sufficient.
Make improved .verify() call which gets hash value as input and produce
complete signature check without any output besides status.
Now for the top level verification only crypto_akcipher_verify() needs
to be called and its return value inspected.
Make sure that `digest' is in kmalloc'd memory (in place of `output`) in
{public,tpm}_key_verify_signature() as insisted by Herbert Xu, and will
be changed in the following commit.
Cc: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Reviewed-by: Denis Kenzior <denkenz@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-04-11 18:51:15 +03:00
* @ dst_len : size of the dst output scatter list or size of signature
* portion in @ src for verify op
2015-06-16 20:30:55 +03:00
*/
static inline void akcipher_request_set_crypt ( struct akcipher_request * req ,
2015-10-08 19:26:55 +03:00
struct scatterlist * src ,
struct scatterlist * dst ,
2015-06-16 20:30:55 +03:00
unsigned int src_len ,
unsigned int dst_len )
{
req - > src = src ;
req - > dst = dst ;
req - > src_len = src_len ;
req - > dst_len = dst_len ;
}
2015-10-08 19:26:55 +03:00
/**
2016-02-16 13:32:06 +03:00
* crypto_akcipher_maxsize ( ) - Get len for output buffer
2015-10-08 19:26:55 +03:00
*
2017-05-25 10:18:12 +03:00
* Function returns the dest buffer size required for a given key .
* Function assumes that the key is already set in the transformation . If this
* function is called without a setkey or with a failed setkey , you will end up
* in a NULL dereference .
2015-10-08 19:26:55 +03:00
*
* @ tfm : AKCIPHER tfm handle allocated with crypto_alloc_akcipher ( )
*/
2017-05-25 10:18:12 +03:00
static inline unsigned int crypto_akcipher_maxsize ( struct crypto_akcipher * tfm )
2015-10-08 19:26:55 +03:00
{
struct akcipher_alg * alg = crypto_akcipher_alg ( tfm ) ;
return alg - > max_size ( tfm ) ;
}
2015-06-16 20:30:55 +03:00
/**
2016-02-16 13:32:06 +03:00
* crypto_akcipher_encrypt ( ) - Invoke public key encrypt operation
2015-06-16 20:30:55 +03:00
*
* Function invokes the specific public key encrypt operation for a given
* public key algorithm
*
* @ req : asymmetric key request
*
* Return : zero on success ; error code in case of error
*/
static inline int crypto_akcipher_encrypt ( struct akcipher_request * req )
{
struct crypto_akcipher * tfm = crypto_akcipher_reqtfm ( req ) ;
struct akcipher_alg * alg = crypto_akcipher_alg ( tfm ) ;
2018-11-29 17:42:21 +03:00
struct crypto_alg * calg = tfm - > base . __crt_alg ;
unsigned int src_len = req - > src_len ;
2018-09-19 13:10:54 +03:00
int ret ;
2015-06-16 20:30:55 +03:00
2018-11-29 17:42:21 +03:00
crypto_stats_get ( calg ) ;
2018-09-19 13:10:54 +03:00
ret = alg - > encrypt ( req ) ;
2018-11-29 17:42:21 +03:00
crypto_stats_akcipher_encrypt ( src_len , ret , calg ) ;
2018-09-19 13:10:54 +03:00
return ret ;
2015-06-16 20:30:55 +03:00
}
/**
2016-02-16 13:32:06 +03:00
* crypto_akcipher_decrypt ( ) - Invoke public key decrypt operation
2015-06-16 20:30:55 +03:00
*
* Function invokes the specific public key decrypt operation for a given
* public key algorithm
*
* @ req : asymmetric key request
*
* Return : zero on success ; error code in case of error
*/
static inline int crypto_akcipher_decrypt ( struct akcipher_request * req )
{
struct crypto_akcipher * tfm = crypto_akcipher_reqtfm ( req ) ;
struct akcipher_alg * alg = crypto_akcipher_alg ( tfm ) ;
2018-11-29 17:42:21 +03:00
struct crypto_alg * calg = tfm - > base . __crt_alg ;
unsigned int src_len = req - > src_len ;
2018-09-19 13:10:54 +03:00
int ret ;
2015-06-16 20:30:55 +03:00
2018-11-29 17:42:21 +03:00
crypto_stats_get ( calg ) ;
2018-09-19 13:10:54 +03:00
ret = alg - > decrypt ( req ) ;
2018-11-29 17:42:21 +03:00
crypto_stats_akcipher_decrypt ( src_len , ret , calg ) ;
2018-09-19 13:10:54 +03:00
return ret ;
2015-06-16 20:30:55 +03:00
}
/**
2016-02-16 13:32:06 +03:00
* crypto_akcipher_sign ( ) - Invoke public key sign operation
2015-06-16 20:30:55 +03:00
*
* Function invokes the specific public key sign operation for a given
* public key algorithm
*
* @ req : asymmetric key request
*
* Return : zero on success ; error code in case of error
*/
static inline int crypto_akcipher_sign ( struct akcipher_request * req )
{
struct crypto_akcipher * tfm = crypto_akcipher_reqtfm ( req ) ;
struct akcipher_alg * alg = crypto_akcipher_alg ( tfm ) ;
2018-11-29 17:42:21 +03:00
struct crypto_alg * calg = tfm - > base . __crt_alg ;
2018-09-19 13:10:54 +03:00
int ret ;
2015-06-16 20:30:55 +03:00
2018-11-29 17:42:21 +03:00
crypto_stats_get ( calg ) ;
2018-09-19 13:10:54 +03:00
ret = alg - > sign ( req ) ;
2018-11-29 17:42:21 +03:00
crypto_stats_akcipher_sign ( ret , calg ) ;
2018-09-19 13:10:54 +03:00
return ret ;
2015-06-16 20:30:55 +03:00
}
/**
crypto: akcipher - new verify API for public key algorithms
Previous akcipher .verify() just `decrypts' (using RSA encrypt which is
using public key) signature to uncover message hash, which was then
compared in upper level public_key_verify_signature() with the expected
hash value, which itself was never passed into verify().
This approach was incompatible with EC-DSA family of algorithms,
because, to verify a signature EC-DSA algorithm also needs a hash value
as input; then it's used (together with a signature divided into halves
`r||s') to produce a witness value, which is then compared with `r' to
determine if the signature is correct. Thus, for EC-DSA, nor
requirements of .verify() itself, nor its output expectations in
public_key_verify_signature() wasn't sufficient.
Make improved .verify() call which gets hash value as input and produce
complete signature check without any output besides status.
Now for the top level verification only crypto_akcipher_verify() needs
to be called and its return value inspected.
Make sure that `digest' is in kmalloc'd memory (in place of `output`) in
{public,tpm}_key_verify_signature() as insisted by Herbert Xu, and will
be changed in the following commit.
Cc: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Reviewed-by: Denis Kenzior <denkenz@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-04-11 18:51:15 +03:00
* crypto_akcipher_verify ( ) - Invoke public key signature verification
2015-06-16 20:30:55 +03:00
*
crypto: akcipher - new verify API for public key algorithms
Previous akcipher .verify() just `decrypts' (using RSA encrypt which is
using public key) signature to uncover message hash, which was then
compared in upper level public_key_verify_signature() with the expected
hash value, which itself was never passed into verify().
This approach was incompatible with EC-DSA family of algorithms,
because, to verify a signature EC-DSA algorithm also needs a hash value
as input; then it's used (together with a signature divided into halves
`r||s') to produce a witness value, which is then compared with `r' to
determine if the signature is correct. Thus, for EC-DSA, nor
requirements of .verify() itself, nor its output expectations in
public_key_verify_signature() wasn't sufficient.
Make improved .verify() call which gets hash value as input and produce
complete signature check without any output besides status.
Now for the top level verification only crypto_akcipher_verify() needs
to be called and its return value inspected.
Make sure that `digest' is in kmalloc'd memory (in place of `output`) in
{public,tpm}_key_verify_signature() as insisted by Herbert Xu, and will
be changed in the following commit.
Cc: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Reviewed-by: Denis Kenzior <denkenz@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-04-11 18:51:15 +03:00
* Function invokes the specific public key signature verification operation
* for a given public key algorithm .
2015-06-16 20:30:55 +03:00
*
* @ req : asymmetric key request
*
crypto: akcipher - new verify API for public key algorithms
Previous akcipher .verify() just `decrypts' (using RSA encrypt which is
using public key) signature to uncover message hash, which was then
compared in upper level public_key_verify_signature() with the expected
hash value, which itself was never passed into verify().
This approach was incompatible with EC-DSA family of algorithms,
because, to verify a signature EC-DSA algorithm also needs a hash value
as input; then it's used (together with a signature divided into halves
`r||s') to produce a witness value, which is then compared with `r' to
determine if the signature is correct. Thus, for EC-DSA, nor
requirements of .verify() itself, nor its output expectations in
public_key_verify_signature() wasn't sufficient.
Make improved .verify() call which gets hash value as input and produce
complete signature check without any output besides status.
Now for the top level verification only crypto_akcipher_verify() needs
to be called and its return value inspected.
Make sure that `digest' is in kmalloc'd memory (in place of `output`) in
{public,tpm}_key_verify_signature() as insisted by Herbert Xu, and will
be changed in the following commit.
Cc: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Reviewed-by: Denis Kenzior <denkenz@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-04-11 18:51:15 +03:00
* Note : req - > dst should be NULL , req - > src should point to SG of size
* ( req - > src_size + req - > dst_size ) , containing signature ( of req - > src_size
* length ) with appended digest ( of req - > dst_size length ) .
*
* Return : zero on verification success ; error code in case of error .
2015-06-16 20:30:55 +03:00
*/
static inline int crypto_akcipher_verify ( struct akcipher_request * req )
{
struct crypto_akcipher * tfm = crypto_akcipher_reqtfm ( req ) ;
struct akcipher_alg * alg = crypto_akcipher_alg ( tfm ) ;
2018-11-29 17:42:21 +03:00
struct crypto_alg * calg = tfm - > base . __crt_alg ;
2018-09-19 13:10:54 +03:00
int ret ;
2015-06-16 20:30:55 +03:00
2018-11-29 17:42:21 +03:00
crypto_stats_get ( calg ) ;
2018-09-19 13:10:54 +03:00
ret = alg - > verify ( req ) ;
2018-11-29 17:42:21 +03:00
crypto_stats_akcipher_verify ( ret , calg ) ;
2018-09-19 13:10:54 +03:00
return ret ;
2015-06-16 20:30:55 +03:00
}
/**
2016-02-16 13:32:06 +03:00
* crypto_akcipher_set_pub_key ( ) - Invoke set public key operation
2015-10-08 19:26:55 +03:00
*
* Function invokes the algorithm specific set key function , which knows
2019-04-11 18:51:17 +03:00
* how to decode and interpret the encoded key and parameters
2015-10-08 19:26:55 +03:00
*
* @ tfm : tfm handle
2019-04-11 18:51:17 +03:00
* @ key : BER encoded public key , algo OID , paramlen , BER encoded
* parameters
* @ keylen : length of the key ( not including other data )
2015-10-08 19:26:55 +03:00
*
* Return : zero on success ; error code in case of error
*/
static inline int crypto_akcipher_set_pub_key ( struct crypto_akcipher * tfm ,
const void * key ,
unsigned int keylen )
{
struct akcipher_alg * alg = crypto_akcipher_alg ( tfm ) ;
return alg - > set_pub_key ( tfm , key , keylen ) ;
}
/**
2016-02-16 13:32:06 +03:00
* crypto_akcipher_set_priv_key ( ) - Invoke set private key operation
2015-06-16 20:30:55 +03:00
*
* Function invokes the algorithm specific set key function , which knows
2019-04-11 18:51:17 +03:00
* how to decode and interpret the encoded key and parameters
2015-06-16 20:30:55 +03:00
*
* @ tfm : tfm handle
2019-04-11 18:51:17 +03:00
* @ key : BER encoded private key , algo OID , paramlen , BER encoded
* parameters
* @ keylen : length of the key ( not including other data )
2015-06-16 20:30:55 +03:00
*
* Return : zero on success ; error code in case of error
*/
2015-10-08 19:26:55 +03:00
static inline int crypto_akcipher_set_priv_key ( struct crypto_akcipher * tfm ,
const void * key ,
unsigned int keylen )
2015-06-16 20:30:55 +03:00
{
struct akcipher_alg * alg = crypto_akcipher_alg ( tfm ) ;
2015-10-08 19:26:55 +03:00
return alg - > set_priv_key ( tfm , key , keylen ) ;
2015-06-16 20:30:55 +03:00
}
# endif