1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0-or-later
2*4882a593Smuzhiyun /* Signature verification with an asymmetric key
3*4882a593Smuzhiyun *
4*4882a593Smuzhiyun * See Documentation/crypto/asymmetric-keys.rst
5*4882a593Smuzhiyun *
6*4882a593Smuzhiyun * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
7*4882a593Smuzhiyun * Written by David Howells (dhowells@redhat.com)
8*4882a593Smuzhiyun */
9*4882a593Smuzhiyun
10*4882a593Smuzhiyun #define pr_fmt(fmt) "SIG: "fmt
11*4882a593Smuzhiyun #include <keys/asymmetric-subtype.h>
12*4882a593Smuzhiyun #include <linux/export.h>
13*4882a593Smuzhiyun #include <linux/err.h>
14*4882a593Smuzhiyun #include <linux/slab.h>
15*4882a593Smuzhiyun #include <linux/keyctl.h>
16*4882a593Smuzhiyun #include <crypto/public_key.h>
17*4882a593Smuzhiyun #include <keys/user-type.h>
18*4882a593Smuzhiyun #include "asymmetric_keys.h"
19*4882a593Smuzhiyun
20*4882a593Smuzhiyun /*
21*4882a593Smuzhiyun * Destroy a public key signature.
22*4882a593Smuzhiyun */
public_key_signature_free(struct public_key_signature * sig)23*4882a593Smuzhiyun void public_key_signature_free(struct public_key_signature *sig)
24*4882a593Smuzhiyun {
25*4882a593Smuzhiyun int i;
26*4882a593Smuzhiyun
27*4882a593Smuzhiyun if (sig) {
28*4882a593Smuzhiyun for (i = 0; i < ARRAY_SIZE(sig->auth_ids); i++)
29*4882a593Smuzhiyun kfree(sig->auth_ids[i]);
30*4882a593Smuzhiyun kfree(sig->s);
31*4882a593Smuzhiyun kfree(sig->digest);
32*4882a593Smuzhiyun kfree(sig);
33*4882a593Smuzhiyun }
34*4882a593Smuzhiyun }
35*4882a593Smuzhiyun EXPORT_SYMBOL_GPL(public_key_signature_free);
36*4882a593Smuzhiyun
37*4882a593Smuzhiyun /**
38*4882a593Smuzhiyun * query_asymmetric_key - Get information about an aymmetric key.
39*4882a593Smuzhiyun * @params: Various parameters.
40*4882a593Smuzhiyun * @info: Where to put the information.
41*4882a593Smuzhiyun */
query_asymmetric_key(const struct kernel_pkey_params * params,struct kernel_pkey_query * info)42*4882a593Smuzhiyun int query_asymmetric_key(const struct kernel_pkey_params *params,
43*4882a593Smuzhiyun struct kernel_pkey_query *info)
44*4882a593Smuzhiyun {
45*4882a593Smuzhiyun const struct asymmetric_key_subtype *subtype;
46*4882a593Smuzhiyun struct key *key = params->key;
47*4882a593Smuzhiyun int ret;
48*4882a593Smuzhiyun
49*4882a593Smuzhiyun pr_devel("==>%s()\n", __func__);
50*4882a593Smuzhiyun
51*4882a593Smuzhiyun if (key->type != &key_type_asymmetric)
52*4882a593Smuzhiyun return -EINVAL;
53*4882a593Smuzhiyun subtype = asymmetric_key_subtype(key);
54*4882a593Smuzhiyun if (!subtype ||
55*4882a593Smuzhiyun !key->payload.data[0])
56*4882a593Smuzhiyun return -EINVAL;
57*4882a593Smuzhiyun if (!subtype->query)
58*4882a593Smuzhiyun return -ENOTSUPP;
59*4882a593Smuzhiyun
60*4882a593Smuzhiyun ret = subtype->query(params, info);
61*4882a593Smuzhiyun
62*4882a593Smuzhiyun pr_devel("<==%s() = %d\n", __func__, ret);
63*4882a593Smuzhiyun return ret;
64*4882a593Smuzhiyun }
65*4882a593Smuzhiyun EXPORT_SYMBOL_GPL(query_asymmetric_key);
66*4882a593Smuzhiyun
67*4882a593Smuzhiyun /**
68*4882a593Smuzhiyun * encrypt_blob - Encrypt data using an asymmetric key
69*4882a593Smuzhiyun * @params: Various parameters
70*4882a593Smuzhiyun * @data: Data blob to be encrypted, length params->data_len
71*4882a593Smuzhiyun * @enc: Encrypted data buffer, length params->enc_len
72*4882a593Smuzhiyun *
73*4882a593Smuzhiyun * Encrypt the specified data blob using the private key specified by
74*4882a593Smuzhiyun * params->key. The encrypted data is wrapped in an encoding if
75*4882a593Smuzhiyun * params->encoding is specified (eg. "pkcs1").
76*4882a593Smuzhiyun *
77*4882a593Smuzhiyun * Returns the length of the data placed in the encrypted data buffer or an
78*4882a593Smuzhiyun * error.
79*4882a593Smuzhiyun */
encrypt_blob(struct kernel_pkey_params * params,const void * data,void * enc)80*4882a593Smuzhiyun int encrypt_blob(struct kernel_pkey_params *params,
81*4882a593Smuzhiyun const void *data, void *enc)
82*4882a593Smuzhiyun {
83*4882a593Smuzhiyun params->op = kernel_pkey_encrypt;
84*4882a593Smuzhiyun return asymmetric_key_eds_op(params, data, enc);
85*4882a593Smuzhiyun }
86*4882a593Smuzhiyun EXPORT_SYMBOL_GPL(encrypt_blob);
87*4882a593Smuzhiyun
88*4882a593Smuzhiyun /**
89*4882a593Smuzhiyun * decrypt_blob - Decrypt data using an asymmetric key
90*4882a593Smuzhiyun * @params: Various parameters
91*4882a593Smuzhiyun * @enc: Encrypted data to be decrypted, length params->enc_len
92*4882a593Smuzhiyun * @data: Decrypted data buffer, length params->data_len
93*4882a593Smuzhiyun *
94*4882a593Smuzhiyun * Decrypt the specified data blob using the private key specified by
95*4882a593Smuzhiyun * params->key. The decrypted data is wrapped in an encoding if
96*4882a593Smuzhiyun * params->encoding is specified (eg. "pkcs1").
97*4882a593Smuzhiyun *
98*4882a593Smuzhiyun * Returns the length of the data placed in the decrypted data buffer or an
99*4882a593Smuzhiyun * error.
100*4882a593Smuzhiyun */
decrypt_blob(struct kernel_pkey_params * params,const void * enc,void * data)101*4882a593Smuzhiyun int decrypt_blob(struct kernel_pkey_params *params,
102*4882a593Smuzhiyun const void *enc, void *data)
103*4882a593Smuzhiyun {
104*4882a593Smuzhiyun params->op = kernel_pkey_decrypt;
105*4882a593Smuzhiyun return asymmetric_key_eds_op(params, enc, data);
106*4882a593Smuzhiyun }
107*4882a593Smuzhiyun EXPORT_SYMBOL_GPL(decrypt_blob);
108*4882a593Smuzhiyun
109*4882a593Smuzhiyun /**
110*4882a593Smuzhiyun * create_signature - Sign some data using an asymmetric key
111*4882a593Smuzhiyun * @params: Various parameters
112*4882a593Smuzhiyun * @data: Data blob to be signed, length params->data_len
113*4882a593Smuzhiyun * @enc: Signature buffer, length params->enc_len
114*4882a593Smuzhiyun *
115*4882a593Smuzhiyun * Sign the specified data blob using the private key specified by params->key.
116*4882a593Smuzhiyun * The signature is wrapped in an encoding if params->encoding is specified
117*4882a593Smuzhiyun * (eg. "pkcs1"). If the encoding needs to know the digest type, this can be
118*4882a593Smuzhiyun * passed through params->hash_algo (eg. "sha1").
119*4882a593Smuzhiyun *
120*4882a593Smuzhiyun * Returns the length of the data placed in the signature buffer or an error.
121*4882a593Smuzhiyun */
create_signature(struct kernel_pkey_params * params,const void * data,void * enc)122*4882a593Smuzhiyun int create_signature(struct kernel_pkey_params *params,
123*4882a593Smuzhiyun const void *data, void *enc)
124*4882a593Smuzhiyun {
125*4882a593Smuzhiyun params->op = kernel_pkey_sign;
126*4882a593Smuzhiyun return asymmetric_key_eds_op(params, data, enc);
127*4882a593Smuzhiyun }
128*4882a593Smuzhiyun EXPORT_SYMBOL_GPL(create_signature);
129*4882a593Smuzhiyun
130*4882a593Smuzhiyun /**
131*4882a593Smuzhiyun * verify_signature - Initiate the use of an asymmetric key to verify a signature
132*4882a593Smuzhiyun * @key: The asymmetric key to verify against
133*4882a593Smuzhiyun * @sig: The signature to check
134*4882a593Smuzhiyun *
135*4882a593Smuzhiyun * Returns 0 if successful or else an error.
136*4882a593Smuzhiyun */
verify_signature(const struct key * key,const struct public_key_signature * sig)137*4882a593Smuzhiyun int verify_signature(const struct key *key,
138*4882a593Smuzhiyun const struct public_key_signature *sig)
139*4882a593Smuzhiyun {
140*4882a593Smuzhiyun const struct asymmetric_key_subtype *subtype;
141*4882a593Smuzhiyun int ret;
142*4882a593Smuzhiyun
143*4882a593Smuzhiyun pr_devel("==>%s()\n", __func__);
144*4882a593Smuzhiyun
145*4882a593Smuzhiyun if (key->type != &key_type_asymmetric)
146*4882a593Smuzhiyun return -EINVAL;
147*4882a593Smuzhiyun subtype = asymmetric_key_subtype(key);
148*4882a593Smuzhiyun if (!subtype ||
149*4882a593Smuzhiyun !key->payload.data[0])
150*4882a593Smuzhiyun return -EINVAL;
151*4882a593Smuzhiyun if (!subtype->verify_signature)
152*4882a593Smuzhiyun return -ENOTSUPP;
153*4882a593Smuzhiyun
154*4882a593Smuzhiyun ret = subtype->verify_signature(key, sig);
155*4882a593Smuzhiyun
156*4882a593Smuzhiyun pr_devel("<==%s() = %d\n", __func__, ret);
157*4882a593Smuzhiyun return ret;
158*4882a593Smuzhiyun }
159*4882a593Smuzhiyun EXPORT_SYMBOL_GPL(verify_signature);
160