2019-05-20 19:08:01 +02:00
// SPDX-License-Identifier: GPL-2.0-or-later
2012-09-21 23:25:04 +01:00
/* Signature verification with an asymmetric key
*
2018-05-08 15:14:57 -03:00
* See Documentation / crypto / asymmetric - keys . txt
2012-09-21 23:25:04 +01:00
*
* Copyright ( C ) 2012 Red Hat , Inc . All Rights Reserved .
* Written by David Howells ( dhowells @ redhat . com )
*/
2014-09-02 13:52:15 +01:00
# define pr_fmt(fmt) "SIG: "fmt
2012-09-21 23:25:04 +01:00
# include <keys/asymmetric-subtype.h>
2015-12-09 15:05:28 -05:00
# include <linux/export.h>
2012-09-21 23:25:04 +01:00
# include <linux/err.h>
2016-04-06 16:13:33 +01:00
# include <linux/slab.h>
2018-10-09 17:47:07 +01:00
# include <linux/keyctl.h>
2012-09-21 23:25:04 +01:00
# include <crypto/public_key.h>
2018-10-09 17:47:07 +01:00
# include <keys/user-type.h>
2012-09-21 23:25:04 +01:00
# include "asymmetric_keys.h"
2016-04-06 16:13:33 +01:00
/*
* Destroy a public key signature .
*/
void public_key_signature_free ( struct public_key_signature * sig )
{
2016-04-06 16:13:33 +01:00
int i ;
2016-04-06 16:13:33 +01:00
if ( sig ) {
2016-04-06 16:13:33 +01:00
for ( i = 0 ; i < ARRAY_SIZE ( sig - > auth_ids ) ; i + + )
kfree ( sig - > auth_ids [ i ] ) ;
2016-04-06 16:13:33 +01:00
kfree ( sig - > s ) ;
kfree ( sig - > digest ) ;
kfree ( sig ) ;
}
}
EXPORT_SYMBOL_GPL ( public_key_signature_free ) ;
2018-10-09 17:47:07 +01:00
/**
* query_asymmetric_key - Get information about an aymmetric key .
* @ params : Various parameters .
* @ info : Where to put the information .
*/
int query_asymmetric_key ( const struct kernel_pkey_params * params ,
struct kernel_pkey_query * info )
{
const struct asymmetric_key_subtype * subtype ;
struct key * key = params - > key ;
int ret ;
pr_devel ( " ==>%s() \n " , __func__ ) ;
if ( key - > type ! = & key_type_asymmetric )
return - EINVAL ;
subtype = asymmetric_key_subtype ( key ) ;
if ( ! subtype | |
! key - > payload . data [ 0 ] )
return - EINVAL ;
if ( ! subtype - > query )
return - ENOTSUPP ;
ret = subtype - > query ( params , info ) ;
pr_devel ( " <==%s() = %d \n " , __func__ , ret ) ;
return ret ;
}
EXPORT_SYMBOL_GPL ( query_asymmetric_key ) ;
/**
* encrypt_blob - Encrypt data using an asymmetric key
* @ params : Various parameters
* @ data : Data blob to be encrypted , length params - > data_len
* @ enc : Encrypted data buffer , length params - > enc_len
*
* Encrypt the specified data blob using the private key specified by
* params - > key . The encrypted data is wrapped in an encoding if
* params - > encoding is specified ( eg . " pkcs1 " ) .
*
* Returns the length of the data placed in the encrypted data buffer or an
* error .
*/
int encrypt_blob ( struct kernel_pkey_params * params ,
const void * data , void * enc )
{
params - > op = kernel_pkey_encrypt ;
return asymmetric_key_eds_op ( params , data , enc ) ;
}
EXPORT_SYMBOL_GPL ( encrypt_blob ) ;
/**
* decrypt_blob - Decrypt data using an asymmetric key
* @ params : Various parameters
* @ enc : Encrypted data to be decrypted , length params - > enc_len
* @ data : Decrypted data buffer , length params - > data_len
*
* Decrypt the specified data blob using the private key specified by
* params - > key . The decrypted data is wrapped in an encoding if
* params - > encoding is specified ( eg . " pkcs1 " ) .
*
* Returns the length of the data placed in the decrypted data buffer or an
* error .
*/
int decrypt_blob ( struct kernel_pkey_params * params ,
const void * enc , void * data )
{
params - > op = kernel_pkey_decrypt ;
return asymmetric_key_eds_op ( params , enc , data ) ;
}
EXPORT_SYMBOL_GPL ( decrypt_blob ) ;
/**
* create_signature - Sign some data using an asymmetric key
* @ params : Various parameters
* @ data : Data blob to be signed , length params - > data_len
* @ enc : Signature buffer , length params - > enc_len
*
* Sign the specified data blob using the private key specified by params - > key .
* The signature is wrapped in an encoding if params - > encoding is specified
* ( eg . " pkcs1 " ) . If the encoding needs to know the digest type , this can be
* passed through params - > hash_algo ( eg . " sha1 " ) .
*
* Returns the length of the data placed in the signature buffer or an error .
*/
int create_signature ( struct kernel_pkey_params * params ,
const void * data , void * enc )
{
params - > op = kernel_pkey_sign ;
return asymmetric_key_eds_op ( params , data , enc ) ;
}
EXPORT_SYMBOL_GPL ( create_signature ) ;
2012-09-21 23:25:04 +01:00
/**
* verify_signature - Initiate the use of an asymmetric key to verify a signature
* @ key : The asymmetric key to verify against
* @ sig : The signature to check
*
* Returns 0 if successful or else an error .
*/
int verify_signature ( const struct key * key ,
const struct public_key_signature * sig )
{
const struct asymmetric_key_subtype * subtype ;
int ret ;
pr_devel ( " ==>%s() \n " , __func__ ) ;
if ( key - > type ! = & key_type_asymmetric )
return - EINVAL ;
subtype = asymmetric_key_subtype ( key ) ;
if ( ! subtype | |
2015-10-21 14:04:48 +01:00
! key - > payload . data [ 0 ] )
2012-09-21 23:25:04 +01:00
return - EINVAL ;
if ( ! subtype - > verify_signature )
return - ENOTSUPP ;
ret = subtype - > verify_signature ( key , sig ) ;
pr_devel ( " <==%s() = %d \n " , __func__ , ret ) ;
return ret ;
}
EXPORT_SYMBOL_GPL ( verify_signature ) ;