1 /* Signature verification with an asymmetric key
2  *
3  * See Documentation/crypto/asymmetric-keys.txt
4  *
5  * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
6  * Written by David Howells (dhowells@redhat.com)
7  *
8  * This program is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU General Public Licence
10  * as published by the Free Software Foundation; either version
11  * 2 of the Licence, or (at your option) any later version.
12  */
13 
14 #define pr_fmt(fmt) "SIG: "fmt
15 #include <keys/asymmetric-subtype.h>
16 #include <linux/export.h>
17 #include <linux/err.h>
18 #include <linux/slab.h>
19 #include <linux/keyctl.h>
20 #include <crypto/public_key.h>
21 #include <keys/user-type.h>
22 #include "asymmetric_keys.h"
23 
24 /*
25  * Destroy a public key signature.
26  */
27 void public_key_signature_free(struct public_key_signature *sig)
28 {
29 	int i;
30 
31 	if (sig) {
32 		for (i = 0; i < ARRAY_SIZE(sig->auth_ids); i++)
33 			kfree(sig->auth_ids[i]);
34 		kfree(sig->s);
35 		kfree(sig->digest);
36 		kfree(sig);
37 	}
38 }
39 EXPORT_SYMBOL_GPL(public_key_signature_free);
40 
41 /**
42  * query_asymmetric_key - Get information about an aymmetric key.
43  * @params: Various parameters.
44  * @info: Where to put the information.
45  */
46 int query_asymmetric_key(const struct kernel_pkey_params *params,
47 			 struct kernel_pkey_query *info)
48 {
49 	const struct asymmetric_key_subtype *subtype;
50 	struct key *key = params->key;
51 	int ret;
52 
53 	pr_devel("==>%s()\n", __func__);
54 
55 	if (key->type != &key_type_asymmetric)
56 		return -EINVAL;
57 	subtype = asymmetric_key_subtype(key);
58 	if (!subtype ||
59 	    !key->payload.data[0])
60 		return -EINVAL;
61 	if (!subtype->query)
62 		return -ENOTSUPP;
63 
64 	ret = subtype->query(params, info);
65 
66 	pr_devel("<==%s() = %d\n", __func__, ret);
67 	return ret;
68 }
69 EXPORT_SYMBOL_GPL(query_asymmetric_key);
70 
71 /**
72  * encrypt_blob - Encrypt data using an asymmetric key
73  * @params: Various parameters
74  * @data: Data blob to be encrypted, length params->data_len
75  * @enc: Encrypted data buffer, length params->enc_len
76  *
77  * Encrypt the specified data blob using the private key specified by
78  * params->key.  The encrypted data is wrapped in an encoding if
79  * params->encoding is specified (eg. "pkcs1").
80  *
81  * Returns the length of the data placed in the encrypted data buffer or an
82  * error.
83  */
84 int encrypt_blob(struct kernel_pkey_params *params,
85 		 const void *data, void *enc)
86 {
87 	params->op = kernel_pkey_encrypt;
88 	return asymmetric_key_eds_op(params, data, enc);
89 }
90 EXPORT_SYMBOL_GPL(encrypt_blob);
91 
92 /**
93  * decrypt_blob - Decrypt data using an asymmetric key
94  * @params: Various parameters
95  * @enc: Encrypted data to be decrypted, length params->enc_len
96  * @data: Decrypted data buffer, length params->data_len
97  *
98  * Decrypt the specified data blob using the private key specified by
99  * params->key.  The decrypted data is wrapped in an encoding if
100  * params->encoding is specified (eg. "pkcs1").
101  *
102  * Returns the length of the data placed in the decrypted data buffer or an
103  * error.
104  */
105 int decrypt_blob(struct kernel_pkey_params *params,
106 		 const void *enc, void *data)
107 {
108 	params->op = kernel_pkey_decrypt;
109 	return asymmetric_key_eds_op(params, enc, data);
110 }
111 EXPORT_SYMBOL_GPL(decrypt_blob);
112 
113 /**
114  * create_signature - Sign some data using an asymmetric key
115  * @params: Various parameters
116  * @data: Data blob to be signed, length params->data_len
117  * @enc: Signature buffer, length params->enc_len
118  *
119  * Sign the specified data blob using the private key specified by params->key.
120  * The signature is wrapped in an encoding if params->encoding is specified
121  * (eg. "pkcs1").  If the encoding needs to know the digest type, this can be
122  * passed through params->hash_algo (eg. "sha1").
123  *
124  * Returns the length of the data placed in the signature buffer or an error.
125  */
126 int create_signature(struct kernel_pkey_params *params,
127 		     const void *data, void *enc)
128 {
129 	params->op = kernel_pkey_sign;
130 	return asymmetric_key_eds_op(params, data, enc);
131 }
132 EXPORT_SYMBOL_GPL(create_signature);
133 
134 /**
135  * verify_signature - Initiate the use of an asymmetric key to verify a signature
136  * @key: The asymmetric key to verify against
137  * @sig: The signature to check
138  *
139  * Returns 0 if successful or else an error.
140  */
141 int verify_signature(const struct key *key,
142 		     const struct public_key_signature *sig)
143 {
144 	const struct asymmetric_key_subtype *subtype;
145 	int ret;
146 
147 	pr_devel("==>%s()\n", __func__);
148 
149 	if (key->type != &key_type_asymmetric)
150 		return -EINVAL;
151 	subtype = asymmetric_key_subtype(key);
152 	if (!subtype ||
153 	    !key->payload.data[0])
154 		return -EINVAL;
155 	if (!subtype->verify_signature)
156 		return -ENOTSUPP;
157 
158 	ret = subtype->verify_signature(key, sig);
159 
160 	pr_devel("<==%s() = %d\n", __func__, ret);
161 	return ret;
162 }
163 EXPORT_SYMBOL_GPL(verify_signature);
164