crypto/asymmetric_keys/signature.c

   1 /* Signature verification with an asymmetric key
   2  *
   3  * See Documentation/crypto/asymmetric-keys.txt
   4  *
   5  * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
   6  * Written by David Howells (dhowells@redhat.com)
   7  *
   8  * This program is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU General Public Licence
  10  * as published by the Free Software Foundation; either version
  11  * 2 of the Licence, or (at your option) any later version.
  12  */
  13
  14 #define pr_fmt(fmt) "SIG: "fmt
  15 #include <keys/asymmetric-subtype.h>
  16 #include <linux/export.h>
  17 #include <linux/err.h>
  18 #include <linux/slab.h>
  19 #include <linux/keyctl.h>
  20 #include <crypto/public_key.h>
  21 #include <keys/user-type.h>
  22 #include "asymmetric_keys.h"
  23
  24 /*
  25  * Destroy a public key signature.
  26  */
  27 void public_key_signature_free(struct public_key_signature *sig)
  28 {
  29         int i;
  30
  31         if (sig) {
  32                 for (i = 0; i < ARRAY_SIZE(sig->auth_ids); i++)
  33                         kfree(sig->auth_ids[i]);
  34                 kfree(sig->s);
  35                 kfree(sig->digest);
  36                 kfree(sig);
  37         }
  38 }
  39 EXPORT_SYMBOL_GPL(public_key_signature_free);
  40
  41 /**
  42  * query_asymmetric_key - Get information about an aymmetric key.
  43  * @params: Various parameters.
  44  * @info: Where to put the information.
  45  */
  46 int query_asymmetric_key(const struct kernel_pkey_params *params,
  47                          struct kernel_pkey_query *info)
  48 {
  49         const struct asymmetric_key_subtype *subtype;
  50         struct key *key = params->key;
  51         int ret;
  52
  53         pr_devel("==>%s()\n", __func__);
  54
  55         if (key->type != &key_type_asymmetric)
  56                 return -EINVAL;
  57         subtype = asymmetric_key_subtype(key);
  58         if (!subtype ||
  59             !key->payload.data[0])
  60                 return -EINVAL;
  61         if (!subtype->query)
  62                 return -ENOTSUPP;
  63
  64         ret = subtype->query(params, info);
  65
  66         pr_devel("<==%s() = %d\n", __func__, ret);
  67         return ret;
  68 }
  69 EXPORT_SYMBOL_GPL(query_asymmetric_key);
  70
  71 /**
  72  * encrypt_blob - Encrypt data using an asymmetric key
  73  * @params: Various parameters
  74  * @data: Data blob to be encrypted, length params->data_len
  75  * @enc: Encrypted data buffer, length params->enc_len
  76  *
  77  * Encrypt the specified data blob using the private key specified by
  78  * params->key.  The encrypted data is wrapped in an encoding if
  79  * params->encoding is specified (eg. "pkcs1").
  80  *
  81  * Returns the length of the data placed in the encrypted data buffer or an
  82  * error.
  83  */
  84 int encrypt_blob(struct kernel_pkey_params *params,
  85                  const void *data, void *enc)
  86 {
  87         params->op = kernel_pkey_encrypt;
  88         return asymmetric_key_eds_op(params, data, enc);
  89 }
  90 EXPORT_SYMBOL_GPL(encrypt_blob);
  91
  92 /**
  93  * decrypt_blob - Decrypt data using an asymmetric key
  94  * @params: Various parameters
  95  * @enc: Encrypted data to be decrypted, length params->enc_len
  96  * @data: Decrypted data buffer, length params->data_len
  97  *
  98  * Decrypt the specified data blob using the private key specified by
  99  * params->key.  The decrypted data is wrapped in an encoding if
 100  * params->encoding is specified (eg. "pkcs1").
 101  *
 102  * Returns the length of the data placed in the decrypted data buffer or an
 103  * error.
 104  */
 105 int decrypt_blob(struct kernel_pkey_params *params,
 106                  const void *enc, void *data)
 107 {
 108         params->op = kernel_pkey_decrypt;
 109         return asymmetric_key_eds_op(params, enc, data);
 110 }
 111 EXPORT_SYMBOL_GPL(decrypt_blob);
 112
 113 /**
 114  * create_signature - Sign some data using an asymmetric key
 115  * @params: Various parameters
 116  * @data: Data blob to be signed, length params->data_len
 117  * @enc: Signature buffer, length params->enc_len
 118  *
 119  * Sign the specified data blob using the private key specified by params->key.
 120  * The signature is wrapped in an encoding if params->encoding is specified
 121  * (eg. "pkcs1").  If the encoding needs to know the digest type, this can be
 122  * passed through params->hash_algo (eg. "sha1").
 123  *
 124  * Returns the length of the data placed in the signature buffer or an error.
 125  */
 126 int create_signature(struct kernel_pkey_params *params,
 127                      const void *data, void *enc)
 128 {
 129         params->op = kernel_pkey_sign;
 130         return asymmetric_key_eds_op(params, data, enc);
 131 }
 132 EXPORT_SYMBOL_GPL(create_signature);
 133
 134 /**
 135  * verify_signature - Initiate the use of an asymmetric key to verify a signature
 136  * @key: The asymmetric key to verify against
 137  * @sig: The signature to check
 138  *
 139  * Returns 0 if successful or else an error.
 140  */
 141 int verify_signature(const struct key *key,
 142                      const struct public_key_signature *sig)
 143 {
 144         const struct asymmetric_key_subtype *subtype;
 145         int ret;
 146
 147         pr_devel("==>%s()\n", __func__);
 148
 149         if (key->type != &key_type_asymmetric)
 150                 return -EINVAL;
 151         subtype = asymmetric_key_subtype(key);
 152         if (!subtype ||
 153             !key->payload.data[0])
 154                 return -EINVAL;
 155         if (!subtype->verify_signature)
 156                 return -ENOTSUPP;
 157
 158         ret = subtype->verify_signature(key, sig);
 159
 160         pr_devel("<==%s() = %d\n", __func__, ret);
 161         return ret;
 162 }
 163 EXPORT_SYMBOL_GPL(verify_signature);