1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* In-software asymmetric public-key crypto subtype
4 * See Documentation/crypto/asymmetric-keys.txt
6 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
7 * Written by David Howells (dhowells@redhat.com)
10 #define pr_fmt(fmt) "PKEY: "fmt
12 #include <dm/devres.h>
13 #include <linux/bug.h>
14 #include <linux/compat.h>
15 #include <linux/err.h>
17 #include <linux/module.h>
18 #include <linux/export.h>
20 #include <linux/kernel.h>
22 #include <linux/slab.h>
23 #include <linux/seq_file.h>
24 #include <linux/scatterlist.h>
25 #include <keys/asymmetric-subtype.h>
27 #include <crypto/public_key.h>
30 #include <u-boot/rsa.h>
32 #include <crypto/akcipher.h>
35 MODULE_DESCRIPTION("In-software asymmetric public-key subtype");
36 MODULE_AUTHOR("Red Hat, Inc.");
37 MODULE_LICENSE("GPL");
41 * Provide a part of a description of the key for /proc/keys.
43 static void public_key_describe(const struct key *asymmetric_key,
46 struct public_key *key = asymmetric_key->payload.data[asym_crypto];
49 seq_printf(m, "%s.%s", key->id_type, key->pkey_algo);
54 * Destroy a public key algorithm key.
56 void public_key_free(struct public_key *key)
64 EXPORT_SYMBOL_GPL(public_key_free);
68 * from <linux>/crypto/asymmetric_keys/signature.c
70 * Destroy a public key signature.
72 void public_key_signature_free(struct public_key_signature *sig)
77 for (i = 0; i < ARRAY_SIZE(sig->auth_ids); i++)
78 free(sig->auth_ids[i]);
84 EXPORT_SYMBOL_GPL(public_key_signature_free);
87 * public_key_verify_signature - Verify a signature using a public key.
92 * Verify a signature, @sig, using a RSA public key, @pkey.
94 * Return: 0 - verified, non-zero error code - otherwise
96 int public_key_verify_signature(const struct public_key *pkey,
97 const struct public_key_signature *sig)
99 struct image_sign_info info;
103 pr_devel("==>%s()\n", __func__);
108 if (pkey->key_is_private)
111 memset(&info, '\0', sizeof(info));
112 memset(algo, 0, sizeof(algo));
113 info.padding = image_get_padding_algo("pkcs-1.5");
114 if (strcmp(sig->pkey_algo, "rsa")) {
115 pr_err("Encryption is not RSA: %s\n", sig->pkey_algo);
118 ret = snprintf(algo, sizeof(algo), "%s,%s%d", sig->hash_algo,
119 sig->pkey_algo, sig->s_size * 8);
121 if (ret >= sizeof(algo))
124 info.checksum = image_get_checksum_algo((const char *)algo);
125 info.name = (const char *)algo;
126 info.crypto = image_get_crypto_algo(info.name);
127 if (!info.checksum || !info.crypto) {
128 pr_err("<%s> not supported on image_get_(checksum|crypto)_algo()\n",
133 info.key = pkey->key;
134 info.keylen = pkey->keylen;
136 if (rsa_verify_with_pkey(&info, sig->digest, sig->s, sig->s_size))
141 pr_devel("<==%s() = %d\n", __func__, ret);
146 * Destroy a public key algorithm key.
148 static void public_key_destroy(void *payload0, void *payload3)
150 public_key_free(payload0);
151 public_key_signature_free(payload3);
155 * Determine the crypto algorithm name.
158 int software_key_determine_akcipher(const char *encoding,
159 const char *hash_algo,
160 const struct public_key *pkey,
161 char alg_name[CRYPTO_MAX_ALG_NAME])
165 if (strcmp(encoding, "pkcs1") == 0) {
166 /* The data wangled by the RSA algorithm is typically padded
167 * and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447
171 n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
175 n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
177 pkey->pkey_algo, hash_algo);
178 return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0;
181 if (strcmp(encoding, "raw") == 0) {
182 strcpy(alg_name, pkey->pkey_algo);
189 static u8 *pkey_pack_u32(u8 *dst, u32 val)
191 memcpy(dst, &val, sizeof(val));
192 return dst + sizeof(val);
196 * Query information about a key.
198 static int software_key_query(const struct kernel_pkey_params *params,
199 struct kernel_pkey_query *info)
201 struct crypto_akcipher *tfm;
202 struct public_key *pkey = params->key->payload.data[asym_crypto];
203 char alg_name[CRYPTO_MAX_ALG_NAME];
207 ret = software_key_determine_akcipher(params->encoding,
213 tfm = crypto_alloc_akcipher(alg_name, 0, 0);
217 key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
221 memcpy(key, pkey->key, pkey->keylen);
222 ptr = key + pkey->keylen;
223 ptr = pkey_pack_u32(ptr, pkey->algo);
224 ptr = pkey_pack_u32(ptr, pkey->paramlen);
225 memcpy(ptr, pkey->params, pkey->paramlen);
227 if (pkey->key_is_private)
228 ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen);
230 ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen);
234 len = crypto_akcipher_maxsize(tfm);
235 info->key_size = len * 8;
236 info->max_data_size = len;
237 info->max_sig_size = len;
238 info->max_enc_size = len;
239 info->max_dec_size = len;
240 info->supported_ops = (KEYCTL_SUPPORTS_ENCRYPT |
241 KEYCTL_SUPPORTS_VERIFY);
242 if (pkey->key_is_private)
243 info->supported_ops |= (KEYCTL_SUPPORTS_DECRYPT |
244 KEYCTL_SUPPORTS_SIGN);
250 crypto_free_akcipher(tfm);
251 pr_devel("<==%s() = %d\n", __func__, ret);
256 * Do encryption, decryption and signing ops.
258 static int software_key_eds_op(struct kernel_pkey_params *params,
259 const void *in, void *out)
261 const struct public_key *pkey = params->key->payload.data[asym_crypto];
262 struct akcipher_request *req;
263 struct crypto_akcipher *tfm;
264 struct crypto_wait cwait;
265 struct scatterlist in_sg, out_sg;
266 char alg_name[CRYPTO_MAX_ALG_NAME];
270 pr_devel("==>%s()\n", __func__);
272 ret = software_key_determine_akcipher(params->encoding,
278 tfm = crypto_alloc_akcipher(alg_name, 0, 0);
282 req = akcipher_request_alloc(tfm, GFP_KERNEL);
286 key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
291 memcpy(key, pkey->key, pkey->keylen);
292 ptr = key + pkey->keylen;
293 ptr = pkey_pack_u32(ptr, pkey->algo);
294 ptr = pkey_pack_u32(ptr, pkey->paramlen);
295 memcpy(ptr, pkey->params, pkey->paramlen);
297 if (pkey->key_is_private)
298 ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen);
300 ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen);
304 sg_init_one(&in_sg, in, params->in_len);
305 sg_init_one(&out_sg, out, params->out_len);
306 akcipher_request_set_crypt(req, &in_sg, &out_sg, params->in_len,
308 crypto_init_wait(&cwait);
309 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
310 CRYPTO_TFM_REQ_MAY_SLEEP,
311 crypto_req_done, &cwait);
313 /* Perform the encryption calculation. */
314 switch (params->op) {
315 case kernel_pkey_encrypt:
316 ret = crypto_akcipher_encrypt(req);
318 case kernel_pkey_decrypt:
319 ret = crypto_akcipher_decrypt(req);
321 case kernel_pkey_sign:
322 ret = crypto_akcipher_sign(req);
328 ret = crypto_wait_req(ret, &cwait);
335 akcipher_request_free(req);
337 crypto_free_akcipher(tfm);
338 pr_devel("<==%s() = %d\n", __func__, ret);
343 * Verify a signature using a public key.
345 int public_key_verify_signature(const struct public_key *pkey,
346 const struct public_key_signature *sig)
348 struct crypto_wait cwait;
349 struct crypto_akcipher *tfm;
350 struct akcipher_request *req;
351 struct scatterlist src_sg[2];
352 char alg_name[CRYPTO_MAX_ALG_NAME];
356 pr_devel("==>%s()\n", __func__);
362 ret = software_key_determine_akcipher(sig->encoding,
368 tfm = crypto_alloc_akcipher(alg_name, 0, 0);
373 req = akcipher_request_alloc(tfm, GFP_KERNEL);
377 key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
382 memcpy(key, pkey->key, pkey->keylen);
383 ptr = key + pkey->keylen;
384 ptr = pkey_pack_u32(ptr, pkey->algo);
385 ptr = pkey_pack_u32(ptr, pkey->paramlen);
386 memcpy(ptr, pkey->params, pkey->paramlen);
388 if (pkey->key_is_private)
389 ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen);
391 ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen);
395 sg_init_table(src_sg, 2);
396 sg_set_buf(&src_sg[0], sig->s, sig->s_size);
397 sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
398 akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size,
400 crypto_init_wait(&cwait);
401 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
402 CRYPTO_TFM_REQ_MAY_SLEEP,
403 crypto_req_done, &cwait);
404 ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
409 akcipher_request_free(req);
411 crypto_free_akcipher(tfm);
412 pr_devel("<==%s() = %d\n", __func__, ret);
413 if (WARN_ON_ONCE(ret > 0))
417 EXPORT_SYMBOL_GPL(public_key_verify_signature);
419 static int public_key_verify_signature_2(const struct key *key,
420 const struct public_key_signature *sig)
422 const struct public_key *pk = key->payload.data[asym_crypto];
423 return public_key_verify_signature(pk, sig);
427 * Public key algorithm asymmetric key subtype
429 struct asymmetric_key_subtype public_key_subtype = {
430 .owner = THIS_MODULE,
431 .name = "public_key",
432 .name_len = sizeof("public_key") - 1,
433 .describe = public_key_describe,
434 .destroy = public_key_destroy,
435 .query = software_key_query,
436 .eds_op = software_key_eds_op,
437 .verify_signature = public_key_verify_signature_2,
439 EXPORT_SYMBOL_GPL(public_key_subtype);
440 #endif /* !__UBOOT__ */