brintos

brintos / linux-shallow public Read only

0
0
Text · 4.4 KiB · 2deff81 Raw
160 lines · c
1// SPDX-License-Identifier: GPL-2.0-or-later2/* Signature verification with an asymmetric key3 *4 * See Documentation/crypto/asymmetric-keys.rst5 *6 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.7 * Written by David Howells (dhowells@redhat.com)8 */9 10#define pr_fmt(fmt) "SIG: "fmt11#include <keys/asymmetric-subtype.h>12#include <linux/export.h>13#include <linux/err.h>14#include <linux/slab.h>15#include <linux/keyctl.h>16#include <crypto/public_key.h>17#include <keys/user-type.h>18#include "asymmetric_keys.h"19 20/*21 * Destroy a public key signature.22 */23void public_key_signature_free(struct public_key_signature *sig)24{25	int i;26 27	if (sig) {28		for (i = 0; i < ARRAY_SIZE(sig->auth_ids); i++)29			kfree(sig->auth_ids[i]);30		kfree(sig->s);31		kfree(sig->digest);32		kfree(sig);33	}34}35EXPORT_SYMBOL_GPL(public_key_signature_free);36 37/**38 * query_asymmetric_key - Get information about an asymmetric key.39 * @params: Various parameters.40 * @info: Where to put the information.41 */42int query_asymmetric_key(const struct kernel_pkey_params *params,43			 struct kernel_pkey_query *info)44{45	const struct asymmetric_key_subtype *subtype;46	struct key *key = params->key;47	int ret;48 49	pr_devel("==>%s()\n", __func__);50 51	if (key->type != &key_type_asymmetric)52		return -EINVAL;53	subtype = asymmetric_key_subtype(key);54	if (!subtype ||55	    !key->payload.data[0])56		return -EINVAL;57	if (!subtype->query)58		return -ENOTSUPP;59 60	ret = subtype->query(params, info);61 62	pr_devel("<==%s() = %d\n", __func__, ret);63	return ret;64}65EXPORT_SYMBOL_GPL(query_asymmetric_key);66 67/**68 * encrypt_blob - Encrypt data using an asymmetric key69 * @params: Various parameters70 * @data: Data blob to be encrypted, length params->data_len71 * @enc: Encrypted data buffer, length params->enc_len72 *73 * Encrypt the specified data blob using the private key specified by74 * params->key.  The encrypted data is wrapped in an encoding if75 * params->encoding is specified (eg. "pkcs1").76 *77 * Returns the length of the data placed in the encrypted data buffer or an78 * error.79 */80int encrypt_blob(struct kernel_pkey_params *params,81		 const void *data, void *enc)82{83	params->op = kernel_pkey_encrypt;84	return asymmetric_key_eds_op(params, data, enc);85}86EXPORT_SYMBOL_GPL(encrypt_blob);87 88/**89 * decrypt_blob - Decrypt data using an asymmetric key90 * @params: Various parameters91 * @enc: Encrypted data to be decrypted, length params->enc_len92 * @data: Decrypted data buffer, length params->data_len93 *94 * Decrypt the specified data blob using the private key specified by95 * params->key.  The decrypted data is wrapped in an encoding if96 * params->encoding is specified (eg. "pkcs1").97 *98 * Returns the length of the data placed in the decrypted data buffer or an99 * error.100 */101int decrypt_blob(struct kernel_pkey_params *params,102		 const void *enc, void *data)103{104	params->op = kernel_pkey_decrypt;105	return asymmetric_key_eds_op(params, enc, data);106}107EXPORT_SYMBOL_GPL(decrypt_blob);108 109/**110 * create_signature - Sign some data using an asymmetric key111 * @params: Various parameters112 * @data: Data blob to be signed, length params->data_len113 * @enc: Signature buffer, length params->enc_len114 *115 * Sign the specified data blob using the private key specified by params->key.116 * The signature is wrapped in an encoding if params->encoding is specified117 * (eg. "pkcs1").  If the encoding needs to know the digest type, this can be118 * passed through params->hash_algo (eg. "sha1").119 *120 * Returns the length of the data placed in the signature buffer or an error.121 */122int create_signature(struct kernel_pkey_params *params,123		     const void *data, void *enc)124{125	params->op = kernel_pkey_sign;126	return asymmetric_key_eds_op(params, data, enc);127}128EXPORT_SYMBOL_GPL(create_signature);129 130/**131 * verify_signature - Initiate the use of an asymmetric key to verify a signature132 * @key: The asymmetric key to verify against133 * @sig: The signature to check134 *135 * Returns 0 if successful or else an error.136 */137int verify_signature(const struct key *key,138		     const struct public_key_signature *sig)139{140	const struct asymmetric_key_subtype *subtype;141	int ret;142 143	pr_devel("==>%s()\n", __func__);144 145	if (key->type != &key_type_asymmetric)146		return -EINVAL;147	subtype = asymmetric_key_subtype(key);148	if (!subtype ||149	    !key->payload.data[0])150		return -EINVAL;151	if (!subtype->verify_signature)152		return -ENOTSUPP;153 154	ret = subtype->verify_signature(key, sig);155 156	pr_devel("<==%s() = %d\n", __func__, ret);157	return ret;158}159EXPORT_SYMBOL_GPL(verify_signature);160