xref: /openbmc/linux/include/crypto/sig.h (revision 6cb8815f) 
1*6cb8815fSHerbert Xu /* SPDX-License-Identifier: GPL-2.0-or-later */
2*6cb8815fSHerbert Xu /*
3*6cb8815fSHerbert Xu  * Public Key Signature Algorithm
4*6cb8815fSHerbert Xu  *
5*6cb8815fSHerbert Xu  * Copyright (c) 2023 Herbert Xu <herbert@gondor.apana.org.au>
6*6cb8815fSHerbert Xu  */
7*6cb8815fSHerbert Xu #ifndef _CRYPTO_SIG_H
8*6cb8815fSHerbert Xu #define _CRYPTO_SIG_H
9*6cb8815fSHerbert Xu 
10*6cb8815fSHerbert Xu #include <linux/crypto.h>
11*6cb8815fSHerbert Xu 
12*6cb8815fSHerbert Xu /**
13*6cb8815fSHerbert Xu  * struct crypto_sig - user-instantiated objects which encapsulate
14*6cb8815fSHerbert Xu  * algorithms and core processing logic
15*6cb8815fSHerbert Xu  *
16*6cb8815fSHerbert Xu  * @base:	Common crypto API algorithm data structure
17*6cb8815fSHerbert Xu  */
18*6cb8815fSHerbert Xu struct crypto_sig {
19*6cb8815fSHerbert Xu 	struct crypto_tfm base;
20*6cb8815fSHerbert Xu };
21*6cb8815fSHerbert Xu 
22*6cb8815fSHerbert Xu /**
23*6cb8815fSHerbert Xu  * DOC: Generic Public Key Signature API
24*6cb8815fSHerbert Xu  *
25*6cb8815fSHerbert Xu  * The Public Key Signature API is used with the algorithms of type
26*6cb8815fSHerbert Xu  * CRYPTO_ALG_TYPE_SIG (listed as type "sig" in /proc/crypto)
27*6cb8815fSHerbert Xu  */
28*6cb8815fSHerbert Xu 
29*6cb8815fSHerbert Xu /**
30*6cb8815fSHerbert Xu  * crypto_alloc_sig() - allocate signature tfm handle
31*6cb8815fSHerbert Xu  * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
32*6cb8815fSHerbert Xu  *	      signing algorithm e.g. "ecdsa"
33*6cb8815fSHerbert Xu  * @type: specifies the type of the algorithm
34*6cb8815fSHerbert Xu  * @mask: specifies the mask for the algorithm
35*6cb8815fSHerbert Xu  *
36*6cb8815fSHerbert Xu  * Allocate a handle for public key signature algorithm. The returned struct
37*6cb8815fSHerbert Xu  * crypto_sig is the handle that is required for any subsequent
38*6cb8815fSHerbert Xu  * API invocation for signature operations.
39*6cb8815fSHerbert Xu  *
40*6cb8815fSHerbert Xu  * Return: allocated handle in case of success; IS_ERR() is true in case
41*6cb8815fSHerbert Xu  *	   of an error, PTR_ERR() returns the error code.
42*6cb8815fSHerbert Xu  */
43*6cb8815fSHerbert Xu struct crypto_sig *crypto_alloc_sig(const char *alg_name, u32 type, u32 mask);
44*6cb8815fSHerbert Xu 
crypto_sig_tfm(struct crypto_sig * tfm)45*6cb8815fSHerbert Xu static inline struct crypto_tfm *crypto_sig_tfm(struct crypto_sig *tfm)
46*6cb8815fSHerbert Xu {
47*6cb8815fSHerbert Xu 	return &tfm->base;
48*6cb8815fSHerbert Xu }
49*6cb8815fSHerbert Xu 
50*6cb8815fSHerbert Xu /**
51*6cb8815fSHerbert Xu  * crypto_free_sig() - free signature tfm handle
52*6cb8815fSHerbert Xu  *
53*6cb8815fSHerbert Xu  * @tfm: signature tfm handle allocated with crypto_alloc_sig()
54*6cb8815fSHerbert Xu  *
55*6cb8815fSHerbert Xu  * If @tfm is a NULL or error pointer, this function does nothing.
56*6cb8815fSHerbert Xu  */
crypto_free_sig(struct crypto_sig * tfm)57*6cb8815fSHerbert Xu static inline void crypto_free_sig(struct crypto_sig *tfm)
58*6cb8815fSHerbert Xu {
59*6cb8815fSHerbert Xu 	crypto_destroy_tfm(tfm, crypto_sig_tfm(tfm));
60*6cb8815fSHerbert Xu }
61*6cb8815fSHerbert Xu 
62*6cb8815fSHerbert Xu /**
63*6cb8815fSHerbert Xu  * crypto_sig_maxsize() - Get len for output buffer
64*6cb8815fSHerbert Xu  *
65*6cb8815fSHerbert Xu  * Function returns the dest buffer size required for a given key.
66*6cb8815fSHerbert Xu  * Function assumes that the key is already set in the transformation. If this
67*6cb8815fSHerbert Xu  * function is called without a setkey or with a failed setkey, you will end up
68*6cb8815fSHerbert Xu  * in a NULL dereference.
69*6cb8815fSHerbert Xu  *
70*6cb8815fSHerbert Xu  * @tfm:	signature tfm handle allocated with crypto_alloc_sig()
71*6cb8815fSHerbert Xu  */
72*6cb8815fSHerbert Xu int crypto_sig_maxsize(struct crypto_sig *tfm);
73*6cb8815fSHerbert Xu 
74*6cb8815fSHerbert Xu /**
75*6cb8815fSHerbert Xu  * crypto_sig_sign() - Invoke signing operation
76*6cb8815fSHerbert Xu  *
77*6cb8815fSHerbert Xu  * Function invokes the specific signing operation for a given algorithm
78*6cb8815fSHerbert Xu  *
79*6cb8815fSHerbert Xu  * @tfm:	signature tfm handle allocated with crypto_alloc_sig()
80*6cb8815fSHerbert Xu  * @src:	source buffer
81*6cb8815fSHerbert Xu  * @slen:	source length
82*6cb8815fSHerbert Xu  * @dst:	destinatino obuffer
83*6cb8815fSHerbert Xu  * @dlen:	destination length
84*6cb8815fSHerbert Xu  *
85*6cb8815fSHerbert Xu  * Return: zero on success; error code in case of error
86*6cb8815fSHerbert Xu  */
87*6cb8815fSHerbert Xu int crypto_sig_sign(struct crypto_sig *tfm,
88*6cb8815fSHerbert Xu 		    const void *src, unsigned int slen,
89*6cb8815fSHerbert Xu 		    void *dst, unsigned int dlen);
90*6cb8815fSHerbert Xu 
91*6cb8815fSHerbert Xu /**
92*6cb8815fSHerbert Xu  * crypto_sig_verify() - Invoke signature verification
93*6cb8815fSHerbert Xu  *
94*6cb8815fSHerbert Xu  * Function invokes the specific signature verification operation
95*6cb8815fSHerbert Xu  * for a given algorithm.
96*6cb8815fSHerbert Xu  *
97*6cb8815fSHerbert Xu  * @tfm:	signature tfm handle allocated with crypto_alloc_sig()
98*6cb8815fSHerbert Xu  * @src:	source buffer
99*6cb8815fSHerbert Xu  * @slen:	source length
100*6cb8815fSHerbert Xu  * @digest:	digest
101*6cb8815fSHerbert Xu  * @dlen:	digest length
102*6cb8815fSHerbert Xu  *
103*6cb8815fSHerbert Xu  * Return: zero on verification success; error code in case of error.
104*6cb8815fSHerbert Xu  */
105*6cb8815fSHerbert Xu int crypto_sig_verify(struct crypto_sig *tfm,
106*6cb8815fSHerbert Xu 		      const void *src, unsigned int slen,
107*6cb8815fSHerbert Xu 		      const void *digest, unsigned int dlen);
108*6cb8815fSHerbert Xu 
109*6cb8815fSHerbert Xu /**
110*6cb8815fSHerbert Xu  * crypto_sig_set_pubkey() - Invoke set public key operation
111*6cb8815fSHerbert Xu  *
112*6cb8815fSHerbert Xu  * Function invokes the algorithm specific set key function, which knows
113*6cb8815fSHerbert Xu  * how to decode and interpret the encoded key and parameters
114*6cb8815fSHerbert Xu  *
115*6cb8815fSHerbert Xu  * @tfm:	tfm handle
116*6cb8815fSHerbert Xu  * @key:	BER encoded public key, algo OID, paramlen, BER encoded
117*6cb8815fSHerbert Xu  *		parameters
118*6cb8815fSHerbert Xu  * @keylen:	length of the key (not including other data)
119*6cb8815fSHerbert Xu  *
120*6cb8815fSHerbert Xu  * Return: zero on success; error code in case of error
121*6cb8815fSHerbert Xu  */
122*6cb8815fSHerbert Xu int crypto_sig_set_pubkey(struct crypto_sig *tfm,
123*6cb8815fSHerbert Xu 			  const void *key, unsigned int keylen);
124*6cb8815fSHerbert Xu 
125*6cb8815fSHerbert Xu /**
126*6cb8815fSHerbert Xu  * crypto_sig_set_privkey() - Invoke set private key operation
127*6cb8815fSHerbert Xu  *
128*6cb8815fSHerbert Xu  * Function invokes the algorithm specific set key function, which knows
129*6cb8815fSHerbert Xu  * how to decode and interpret the encoded key and parameters
130*6cb8815fSHerbert Xu  *
131*6cb8815fSHerbert Xu  * @tfm:	tfm handle
132*6cb8815fSHerbert Xu  * @key:	BER encoded private key, algo OID, paramlen, BER encoded
133*6cb8815fSHerbert Xu  *		parameters
134*6cb8815fSHerbert Xu  * @keylen:	length of the key (not including other data)
135*6cb8815fSHerbert Xu  *
136*6cb8815fSHerbert Xu  * Return: zero on success; error code in case of error
137*6cb8815fSHerbert Xu  */
138*6cb8815fSHerbert Xu int crypto_sig_set_privkey(struct crypto_sig *tfm,
139*6cb8815fSHerbert Xu 			   const void *key, unsigned int keylen);
140*6cb8815fSHerbert Xu #endif
141