1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* In-software asymmetric public-key crypto subtype 3 * 4 * See Documentation/crypto/asymmetric-keys.rst 5 * 6 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. 7 * Written by David Howells (dhowells@redhat.com) 8 */ 9 10 #define pr_fmt(fmt) "PKEY: "fmt 11 #include <linux/module.h> 12 #include <linux/export.h> 13 #include <linux/kernel.h> 14 #include <linux/slab.h> 15 #include <linux/seq_file.h> 16 #include <linux/scatterlist.h> 17 #include <keys/asymmetric-subtype.h> 18 #include <crypto/public_key.h> 19 #include <crypto/akcipher.h> 20 #include <crypto/sm2.h> 21 #include <crypto/sm3_base.h> 22 23 MODULE_DESCRIPTION("In-software asymmetric public-key subtype"); 24 MODULE_AUTHOR("Red Hat, Inc."); 25 MODULE_LICENSE("GPL"); 26 27 /* 28 * Provide a part of a description of the key for /proc/keys. 29 */ 30 static void public_key_describe(const struct key *asymmetric_key, 31 struct seq_file *m) 32 { 33 struct public_key *key = asymmetric_key->payload.data[asym_crypto]; 34 35 if (key) 36 seq_printf(m, "%s.%s", key->id_type, key->pkey_algo); 37 } 38 39 /* 40 * Destroy a public key algorithm key. 41 */ 42 void public_key_free(struct public_key *key) 43 { 44 if (key) { 45 kfree(key->key); 46 kfree(key->params); 47 kfree(key); 48 } 49 } 50 EXPORT_SYMBOL_GPL(public_key_free); 51 52 /* 53 * Destroy a public key algorithm key. 54 */ 55 static void public_key_destroy(void *payload0, void *payload3) 56 { 57 public_key_free(payload0); 58 public_key_signature_free(payload3); 59 } 60 61 /* 62 * Determine the crypto algorithm name. 63 */ 64 static 65 int software_key_determine_akcipher(const char *encoding, 66 const char *hash_algo, 67 const struct public_key *pkey, 68 char alg_name[CRYPTO_MAX_ALG_NAME]) 69 { 70 int n; 71 72 if (strcmp(encoding, "pkcs1") == 0) { 73 /* The data wangled by the RSA algorithm is typically padded 74 * and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447 75 * sec 8.2]. 76 */ 77 if (!hash_algo) 78 n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME, 79 "pkcs1pad(%s)", 80 pkey->pkey_algo); 81 else 82 n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME, 83 "pkcs1pad(%s,%s)", 84 pkey->pkey_algo, hash_algo); 85 return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0; 86 } 87 88 if (strcmp(encoding, "raw") == 0) { 89 strcpy(alg_name, pkey->pkey_algo); 90 return 0; 91 } 92 93 return -ENOPKG; 94 } 95 96 static u8 *pkey_pack_u32(u8 *dst, u32 val) 97 { 98 memcpy(dst, &val, sizeof(val)); 99 return dst + sizeof(val); 100 } 101 102 /* 103 * Query information about a key. 104 */ 105 static int software_key_query(const struct kernel_pkey_params *params, 106 struct kernel_pkey_query *info) 107 { 108 struct crypto_akcipher *tfm; 109 struct public_key *pkey = params->key->payload.data[asym_crypto]; 110 char alg_name[CRYPTO_MAX_ALG_NAME]; 111 u8 *key, *ptr; 112 int ret, len; 113 114 ret = software_key_determine_akcipher(params->encoding, 115 params->hash_algo, 116 pkey, alg_name); 117 if (ret < 0) 118 return ret; 119 120 tfm = crypto_alloc_akcipher(alg_name, 0, 0); 121 if (IS_ERR(tfm)) 122 return PTR_ERR(tfm); 123 124 ret = -ENOMEM; 125 key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen, 126 GFP_KERNEL); 127 if (!key) 128 goto error_free_tfm; 129 memcpy(key, pkey->key, pkey->keylen); 130 ptr = key + pkey->keylen; 131 ptr = pkey_pack_u32(ptr, pkey->algo); 132 ptr = pkey_pack_u32(ptr, pkey->paramlen); 133 memcpy(ptr, pkey->params, pkey->paramlen); 134 135 if (pkey->key_is_private) 136 ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen); 137 else 138 ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen); 139 if (ret < 0) 140 goto error_free_key; 141 142 len = crypto_akcipher_maxsize(tfm); 143 info->key_size = len * 8; 144 info->max_data_size = len; 145 info->max_sig_size = len; 146 info->max_enc_size = len; 147 info->max_dec_size = len; 148 info->supported_ops = (KEYCTL_SUPPORTS_ENCRYPT | 149 KEYCTL_SUPPORTS_VERIFY); 150 if (pkey->key_is_private) 151 info->supported_ops |= (KEYCTL_SUPPORTS_DECRYPT | 152 KEYCTL_SUPPORTS_SIGN); 153 ret = 0; 154 155 error_free_key: 156 kfree(key); 157 error_free_tfm: 158 crypto_free_akcipher(tfm); 159 pr_devel("<==%s() = %d\n", __func__, ret); 160 return ret; 161 } 162 163 /* 164 * Do encryption, decryption and signing ops. 165 */ 166 static int software_key_eds_op(struct kernel_pkey_params *params, 167 const void *in, void *out) 168 { 169 const struct public_key *pkey = params->key->payload.data[asym_crypto]; 170 struct akcipher_request *req; 171 struct crypto_akcipher *tfm; 172 struct crypto_wait cwait; 173 struct scatterlist in_sg, out_sg; 174 char alg_name[CRYPTO_MAX_ALG_NAME]; 175 char *key, *ptr; 176 int ret; 177 178 pr_devel("==>%s()\n", __func__); 179 180 ret = software_key_determine_akcipher(params->encoding, 181 params->hash_algo, 182 pkey, alg_name); 183 if (ret < 0) 184 return ret; 185 186 tfm = crypto_alloc_akcipher(alg_name, 0, 0); 187 if (IS_ERR(tfm)) 188 return PTR_ERR(tfm); 189 190 ret = -ENOMEM; 191 req = akcipher_request_alloc(tfm, GFP_KERNEL); 192 if (!req) 193 goto error_free_tfm; 194 195 key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen, 196 GFP_KERNEL); 197 if (!key) 198 goto error_free_req; 199 200 memcpy(key, pkey->key, pkey->keylen); 201 ptr = key + pkey->keylen; 202 ptr = pkey_pack_u32(ptr, pkey->algo); 203 ptr = pkey_pack_u32(ptr, pkey->paramlen); 204 memcpy(ptr, pkey->params, pkey->paramlen); 205 206 if (pkey->key_is_private) 207 ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen); 208 else 209 ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen); 210 if (ret) 211 goto error_free_key; 212 213 sg_init_one(&in_sg, in, params->in_len); 214 sg_init_one(&out_sg, out, params->out_len); 215 akcipher_request_set_crypt(req, &in_sg, &out_sg, params->in_len, 216 params->out_len); 217 crypto_init_wait(&cwait); 218 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG | 219 CRYPTO_TFM_REQ_MAY_SLEEP, 220 crypto_req_done, &cwait); 221 222 /* Perform the encryption calculation. */ 223 switch (params->op) { 224 case kernel_pkey_encrypt: 225 ret = crypto_akcipher_encrypt(req); 226 break; 227 case kernel_pkey_decrypt: 228 ret = crypto_akcipher_decrypt(req); 229 break; 230 case kernel_pkey_sign: 231 ret = crypto_akcipher_sign(req); 232 break; 233 default: 234 BUG(); 235 } 236 237 ret = crypto_wait_req(ret, &cwait); 238 if (ret == 0) 239 ret = req->dst_len; 240 241 error_free_key: 242 kfree(key); 243 error_free_req: 244 akcipher_request_free(req); 245 error_free_tfm: 246 crypto_free_akcipher(tfm); 247 pr_devel("<==%s() = %d\n", __func__, ret); 248 return ret; 249 } 250 251 #if IS_REACHABLE(CONFIG_CRYPTO_SM2) 252 static int cert_sig_digest_update(const struct public_key_signature *sig, 253 struct crypto_akcipher *tfm_pkey) 254 { 255 struct crypto_shash *tfm; 256 struct shash_desc *desc; 257 size_t desc_size; 258 unsigned char dgst[SM3_DIGEST_SIZE]; 259 int ret; 260 261 BUG_ON(!sig->data); 262 263 ret = sm2_compute_z_digest(tfm_pkey, SM2_DEFAULT_USERID, 264 SM2_DEFAULT_USERID_LEN, dgst); 265 if (ret) 266 return ret; 267 268 tfm = crypto_alloc_shash(sig->hash_algo, 0, 0); 269 if (IS_ERR(tfm)) 270 return PTR_ERR(tfm); 271 272 desc_size = crypto_shash_descsize(tfm) + sizeof(*desc); 273 desc = kzalloc(desc_size, GFP_KERNEL); 274 if (!desc) { 275 ret = -ENOMEM; 276 goto error_free_tfm; 277 } 278 279 desc->tfm = tfm; 280 281 ret = crypto_shash_init(desc); 282 if (ret < 0) 283 goto error_free_desc; 284 285 ret = crypto_shash_update(desc, dgst, SM3_DIGEST_SIZE); 286 if (ret < 0) 287 goto error_free_desc; 288 289 ret = crypto_shash_finup(desc, sig->data, sig->data_size, sig->digest); 290 291 error_free_desc: 292 kfree(desc); 293 error_free_tfm: 294 crypto_free_shash(tfm); 295 return ret; 296 } 297 #else 298 static inline int cert_sig_digest_update( 299 const struct public_key_signature *sig, 300 struct crypto_akcipher *tfm_pkey) 301 { 302 return -ENOTSUPP; 303 } 304 #endif /* ! IS_REACHABLE(CONFIG_CRYPTO_SM2) */ 305 306 /* 307 * Verify a signature using a public key. 308 */ 309 int public_key_verify_signature(const struct public_key *pkey, 310 const struct public_key_signature *sig) 311 { 312 struct crypto_wait cwait; 313 struct crypto_akcipher *tfm; 314 struct akcipher_request *req; 315 struct scatterlist src_sg[2]; 316 char alg_name[CRYPTO_MAX_ALG_NAME]; 317 char *key, *ptr; 318 int ret; 319 320 pr_devel("==>%s()\n", __func__); 321 322 BUG_ON(!pkey); 323 BUG_ON(!sig); 324 BUG_ON(!sig->s); 325 326 ret = software_key_determine_akcipher(sig->encoding, 327 sig->hash_algo, 328 pkey, alg_name); 329 if (ret < 0) 330 return ret; 331 332 tfm = crypto_alloc_akcipher(alg_name, 0, 0); 333 if (IS_ERR(tfm)) 334 return PTR_ERR(tfm); 335 336 ret = -ENOMEM; 337 req = akcipher_request_alloc(tfm, GFP_KERNEL); 338 if (!req) 339 goto error_free_tfm; 340 341 key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen, 342 GFP_KERNEL); 343 if (!key) 344 goto error_free_req; 345 346 memcpy(key, pkey->key, pkey->keylen); 347 ptr = key + pkey->keylen; 348 ptr = pkey_pack_u32(ptr, pkey->algo); 349 ptr = pkey_pack_u32(ptr, pkey->paramlen); 350 memcpy(ptr, pkey->params, pkey->paramlen); 351 352 if (pkey->key_is_private) 353 ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen); 354 else 355 ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen); 356 if (ret) 357 goto error_free_key; 358 359 if (strcmp(sig->pkey_algo, "sm2") == 0 && sig->data_size) { 360 ret = cert_sig_digest_update(sig, tfm); 361 if (ret) 362 goto error_free_key; 363 } 364 365 sg_init_table(src_sg, 2); 366 sg_set_buf(&src_sg[0], sig->s, sig->s_size); 367 sg_set_buf(&src_sg[1], sig->digest, sig->digest_size); 368 akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size, 369 sig->digest_size); 370 crypto_init_wait(&cwait); 371 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG | 372 CRYPTO_TFM_REQ_MAY_SLEEP, 373 crypto_req_done, &cwait); 374 ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait); 375 376 error_free_key: 377 kfree(key); 378 error_free_req: 379 akcipher_request_free(req); 380 error_free_tfm: 381 crypto_free_akcipher(tfm); 382 pr_devel("<==%s() = %d\n", __func__, ret); 383 if (WARN_ON_ONCE(ret > 0)) 384 ret = -EINVAL; 385 return ret; 386 } 387 EXPORT_SYMBOL_GPL(public_key_verify_signature); 388 389 static int public_key_verify_signature_2(const struct key *key, 390 const struct public_key_signature *sig) 391 { 392 const struct public_key *pk = key->payload.data[asym_crypto]; 393 return public_key_verify_signature(pk, sig); 394 } 395 396 /* 397 * Public key algorithm asymmetric key subtype 398 */ 399 struct asymmetric_key_subtype public_key_subtype = { 400 .owner = THIS_MODULE, 401 .name = "public_key", 402 .name_len = sizeof("public_key") - 1, 403 .describe = public_key_describe, 404 .destroy = public_key_destroy, 405 .query = software_key_query, 406 .eds_op = software_key_eds_op, 407 .verify_signature = public_key_verify_signature_2, 408 }; 409 EXPORT_SYMBOL_GPL(public_key_subtype); 410