crypto/asymmetric_keys/public_key.c

   1 // SPDX-License-Identifier: GPL-2.0-or-later
   2 /* In-software asymmetric public-key crypto subtype
   3  *
   4  * See Documentation/crypto/asymmetric-keys.txt
   5  *
   6  * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
   7  * Written by David Howells (dhowells@redhat.com)
   8  */
   9
  10 #define pr_fmt(fmt) "PKEY: "fmt
  11 #include <linux/module.h>
  12 #include <linux/export.h>
  13 #include <linux/kernel.h>
  14 #include <linux/slab.h>
  15 #include <linux/seq_file.h>
  16 #include <linux/scatterlist.h>
  17 #include <keys/asymmetric-subtype.h>
  18 #include <crypto/public_key.h>
  19 #include <crypto/akcipher.h>
  20
  21 MODULE_DESCRIPTION("In-software asymmetric public-key subtype");
  22 MODULE_AUTHOR("Red Hat, Inc.");
  23 MODULE_LICENSE("GPL");
  24
  25 /*
  26  * Provide a part of a description of the key for /proc/keys.
  27  */
  28 static void public_key_describe(const struct key *asymmetric_key,
  29                                 struct seq_file *m)
  30 {
  31         struct public_key *key = asymmetric_key->payload.data[asym_crypto];
  32
  33         if (key)
  34                 seq_printf(m, "%s.%s", key->id_type, key->pkey_algo);
  35 }
  36
  37 /*
  38  * Destroy a public key algorithm key.
  39  */
  40 void public_key_free(struct public_key *key)
  41 {
  42         if (key) {
  43                 kfree(key->key);
  44                 kfree(key->params);
  45                 kfree(key);
  46         }
  47 }
  48 EXPORT_SYMBOL_GPL(public_key_free);
  49
  50 /*
  51  * Destroy a public key algorithm key.
  52  */
  53 static void public_key_destroy(void *payload0, void *payload3)
  54 {
  55         public_key_free(payload0);
  56         public_key_signature_free(payload3);
  57 }
  58
  59 /*
  60  * Determine the crypto algorithm name.
  61  */
  62 static
  63 int software_key_determine_akcipher(const char *encoding,
  64                                     const char *hash_algo,
  65                                     const struct public_key *pkey,
  66                                     char alg_name[CRYPTO_MAX_ALG_NAME])
  67 {
  68         int n;
  69
  70         if (strcmp(encoding, "pkcs1") == 0) {
  71                 /* The data wangled by the RSA algorithm is typically padded
  72                  * and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447
  73                  * sec 8.2].
  74                  */
  75                 if (!hash_algo)
  76                         n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
  77                                      "pkcs1pad(%s)",
  78                                      pkey->pkey_algo);
  79                 else
  80                         n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
  81                                      "pkcs1pad(%s,%s)",
  82                                      pkey->pkey_algo, hash_algo);
  83                 return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0;
  84         }
  85
  86         if (strcmp(encoding, "raw") == 0) {
  87                 strcpy(alg_name, pkey->pkey_algo);
  88                 return 0;
  89         }
  90
  91         return -ENOPKG;
  92 }
  93
  94 static u8 *pkey_pack_u32(u8 *dst, u32 val)
  95 {
  96         memcpy(dst, &val, sizeof(val));
  97         return dst + sizeof(val);
  98 }
  99
 100 /*
 101  * Query information about a key.
 102  */
 103 static int software_key_query(const struct kernel_pkey_params *params,
 104                               struct kernel_pkey_query *info)
 105 {
 106         struct crypto_akcipher *tfm;
 107         struct public_key *pkey = params->key->payload.data[asym_crypto];
 108         char alg_name[CRYPTO_MAX_ALG_NAME];
 109         u8 *key, *ptr;
 110         int ret, len;
 111
 112         ret = software_key_determine_akcipher(params->encoding,
 113                                               params->hash_algo,
 114                                               pkey, alg_name);
 115         if (ret < 0)
 116                 return ret;
 117
 118         tfm = crypto_alloc_akcipher(alg_name, 0, 0);
 119         if (IS_ERR(tfm))
 120                 return PTR_ERR(tfm);
 121
 122         key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
 123                       GFP_KERNEL);
 124         if (!key)
 125                 goto error_free_tfm;
 126         memcpy(key, pkey->key, pkey->keylen);
 127         ptr = key + pkey->keylen;
 128         ptr = pkey_pack_u32(ptr, pkey->algo);
 129         ptr = pkey_pack_u32(ptr, pkey->paramlen);
 130         memcpy(ptr, pkey->params, pkey->paramlen);
 131
 132         if (pkey->key_is_private)
 133                 ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen);
 134         else
 135                 ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen);
 136         if (ret < 0)
 137                 goto error_free_key;
 138
 139         len = crypto_akcipher_maxsize(tfm);
 140         info->key_size = len * 8;
 141         info->max_data_size = len;
 142         info->max_sig_size = len;
 143         info->max_enc_size = len;
 144         info->max_dec_size = len;
 145         info->supported_ops = (KEYCTL_SUPPORTS_ENCRYPT |
 146                                KEYCTL_SUPPORTS_VERIFY);
 147         if (pkey->key_is_private)
 148                 info->supported_ops |= (KEYCTL_SUPPORTS_DECRYPT |
 149                                         KEYCTL_SUPPORTS_SIGN);
 150         ret = 0;
 151
 152 error_free_key:
 153         kfree(key);
 154 error_free_tfm:
 155         crypto_free_akcipher(tfm);
 156         pr_devel("<==%s() = %d\n", __func__, ret);
 157         return ret;
 158 }
 159
 160 /*
 161  * Do encryption, decryption and signing ops.
 162  */
 163 static int software_key_eds_op(struct kernel_pkey_params *params,
 164                                const void *in, void *out)
 165 {
 166         const struct public_key *pkey = params->key->payload.data[asym_crypto];
 167         struct akcipher_request *req;
 168         struct crypto_akcipher *tfm;
 169         struct crypto_wait cwait;
 170         struct scatterlist in_sg, out_sg;
 171         char alg_name[CRYPTO_MAX_ALG_NAME];
 172         char *key, *ptr;
 173         int ret;
 174
 175         pr_devel("==>%s()\n", __func__);
 176
 177         ret = software_key_determine_akcipher(params->encoding,
 178                                               params->hash_algo,
 179                                               pkey, alg_name);
 180         if (ret < 0)
 181                 return ret;
 182
 183         tfm = crypto_alloc_akcipher(alg_name, 0, 0);
 184         if (IS_ERR(tfm))
 185                 return PTR_ERR(tfm);
 186
 187         ret = -ENOMEM;
 188         req = akcipher_request_alloc(tfm, GFP_KERNEL);
 189         if (!req)
 190                 goto error_free_tfm;
 191
 192         key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
 193                       GFP_KERNEL);
 194         if (!key)
 195                 goto error_free_req;
 196
 197         memcpy(key, pkey->key, pkey->keylen);
 198         ptr = key + pkey->keylen;
 199         ptr = pkey_pack_u32(ptr, pkey->algo);
 200         ptr = pkey_pack_u32(ptr, pkey->paramlen);
 201         memcpy(ptr, pkey->params, pkey->paramlen);
 202
 203         if (pkey->key_is_private)
 204                 ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen);
 205         else
 206                 ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen);
 207         if (ret)
 208                 goto error_free_key;
 209
 210         sg_init_one(&in_sg, in, params->in_len);
 211         sg_init_one(&out_sg, out, params->out_len);
 212         akcipher_request_set_crypt(req, &in_sg, &out_sg, params->in_len,
 213                                    params->out_len);
 214         crypto_init_wait(&cwait);
 215         akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
 216                                       CRYPTO_TFM_REQ_MAY_SLEEP,
 217                                       crypto_req_done, &cwait);
 218
 219         /* Perform the encryption calculation. */
 220         switch (params->op) {
 221         case kernel_pkey_encrypt:
 222                 ret = crypto_akcipher_encrypt(req);
 223                 break;
 224         case kernel_pkey_decrypt:
 225                 ret = crypto_akcipher_decrypt(req);
 226                 break;
 227         case kernel_pkey_sign:
 228                 ret = crypto_akcipher_sign(req);
 229                 break;
 230         default:
 231                 BUG();
 232         }
 233
 234         ret = crypto_wait_req(ret, &cwait);
 235         if (ret == 0)
 236                 ret = req->dst_len;
 237
 238 error_free_key:
 239         kfree(key);
 240 error_free_req:
 241         akcipher_request_free(req);
 242 error_free_tfm:
 243         crypto_free_akcipher(tfm);
 244         pr_devel("<==%s() = %d\n", __func__, ret);
 245         return ret;
 246 }
 247
 248 /*
 249  * Verify a signature using a public key.
 250  */
 251 int public_key_verify_signature(const struct public_key *pkey,
 252                                 const struct public_key_signature *sig)
 253 {
 254         struct crypto_wait cwait;
 255         struct crypto_akcipher *tfm;
 256         struct akcipher_request *req;
 257         struct scatterlist src_sg[2];
 258         char alg_name[CRYPTO_MAX_ALG_NAME];
 259         char *key, *ptr;
 260         int ret;
 261
 262         pr_devel("==>%s()\n", __func__);
 263
 264         BUG_ON(!pkey);
 265         BUG_ON(!sig);
 266         BUG_ON(!sig->s);
 267
 268         ret = software_key_determine_akcipher(sig->encoding,
 269                                               sig->hash_algo,
 270                                               pkey, alg_name);
 271         if (ret < 0)
 272                 return ret;
 273
 274         tfm = crypto_alloc_akcipher(alg_name, 0, 0);
 275         if (IS_ERR(tfm))
 276                 return PTR_ERR(tfm);
 277
 278         ret = -ENOMEM;
 279         req = akcipher_request_alloc(tfm, GFP_KERNEL);
 280         if (!req)
 281                 goto error_free_tfm;
 282
 283         key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
 284                       GFP_KERNEL);
 285         if (!key)
 286                 goto error_free_req;
 287
 288         memcpy(key, pkey->key, pkey->keylen);
 289         ptr = key + pkey->keylen;
 290         ptr = pkey_pack_u32(ptr, pkey->algo);
 291         ptr = pkey_pack_u32(ptr, pkey->paramlen);
 292         memcpy(ptr, pkey->params, pkey->paramlen);
 293
 294         if (pkey->key_is_private)
 295                 ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen);
 296         else
 297                 ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen);
 298         if (ret)
 299                 goto error_free_key;
 300
 301         sg_init_table(src_sg, 2);
 302         sg_set_buf(&src_sg[0], sig->s, sig->s_size);
 303         sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
 304         akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size,
 305                                    sig->digest_size);
 306         crypto_init_wait(&cwait);
 307         akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
 308                                       CRYPTO_TFM_REQ_MAY_SLEEP,
 309                                       crypto_req_done, &cwait);
 310         ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
 311
 312 error_free_key:
 313         kfree(key);
 314 error_free_req:
 315         akcipher_request_free(req);
 316 error_free_tfm:
 317         crypto_free_akcipher(tfm);
 318         pr_devel("<==%s() = %d\n", __func__, ret);
 319         if (WARN_ON_ONCE(ret > 0))
 320                 ret = -EINVAL;
 321         return ret;
 322 }
 323 EXPORT_SYMBOL_GPL(public_key_verify_signature);
 324
 325 static int public_key_verify_signature_2(const struct key *key,
 326                                          const struct public_key_signature *sig)
 327 {
 328         const struct public_key *pk = key->payload.data[asym_crypto];
 329         return public_key_verify_signature(pk, sig);
 330 }
 331
 332 /*
 333  * Public key algorithm asymmetric key subtype
 334  */
 335 struct asymmetric_key_subtype public_key_subtype = {
 336         .owner                  = THIS_MODULE,
 337         .name                   = "public_key",
 338         .name_len               = sizeof("public_key") - 1,
 339         .describe               = public_key_describe,
 340         .destroy                = public_key_destroy,
 341         .query                  = software_key_query,
 342         .eds_op                 = software_key_eds_op,
 343         .verify_signature       = public_key_verify_signature_2,
 344 };
 345 EXPORT_SYMBOL_GPL(public_key_subtype);