~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/crypto/asymmetric_keys/public_key.c

Version: ~ [ linux-5.4-rc7 ] ~ [ linux-5.3.10 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.83 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.153 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.200 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.200 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.76 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /* In-software asymmetric public-key crypto subtype
  2  *
  3  * See Documentation/crypto/asymmetric-keys.txt
  4  *
  5  * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
  6  * Written by David Howells (dhowells@redhat.com)
  7  *
  8  * This program is free software; you can redistribute it and/or
  9  * modify it under the terms of the GNU General Public Licence
 10  * as published by the Free Software Foundation; either version
 11  * 2 of the Licence, or (at your option) any later version.
 12  */
 13 
 14 #define pr_fmt(fmt) "PKEY: "fmt
 15 #include <linux/module.h>
 16 #include <linux/export.h>
 17 #include <linux/kernel.h>
 18 #include <linux/slab.h>
 19 #include <linux/seq_file.h>
 20 #include <linux/scatterlist.h>
 21 #include <keys/asymmetric-subtype.h>
 22 #include <crypto/public_key.h>
 23 #include <crypto/akcipher.h>
 24 
 25 MODULE_LICENSE("GPL");
 26 
 27 /*
 28  * Provide a part of a description of the key for /proc/keys.
 29  */
 30 static void public_key_describe(const struct key *asymmetric_key,
 31                                 struct seq_file *m)
 32 {
 33         struct public_key *key = asymmetric_key->payload.data[asym_crypto];
 34 
 35         if (key)
 36                 seq_printf(m, "%s.%s", key->id_type, key->pkey_algo);
 37 }
 38 
 39 /*
 40  * Destroy a public key algorithm key.
 41  */
 42 void public_key_free(struct public_key *key)
 43 {
 44         if (key) {
 45                 kfree(key->key);
 46                 kfree(key);
 47         }
 48 }
 49 EXPORT_SYMBOL_GPL(public_key_free);
 50 
 51 /*
 52  * Destroy a public key algorithm key.
 53  */
 54 static void public_key_destroy(void *payload0, void *payload3)
 55 {
 56         public_key_free(payload0);
 57         public_key_signature_free(payload3);
 58 }
 59 
 60 struct public_key_completion {
 61         struct completion completion;
 62         int err;
 63 };
 64 
 65 static void public_key_verify_done(struct crypto_async_request *req, int err)
 66 {
 67         struct public_key_completion *compl = req->data;
 68 
 69         if (err == -EINPROGRESS)
 70                 return;
 71 
 72         compl->err = err;
 73         complete(&compl->completion);
 74 }
 75 
 76 /*
 77  * Verify a signature using a public key.
 78  */
 79 int public_key_verify_signature(const struct public_key *pkey,
 80                                 const struct public_key_signature *sig)
 81 {
 82         struct public_key_completion compl;
 83         struct crypto_akcipher *tfm;
 84         struct akcipher_request *req;
 85         struct scatterlist sig_sg, digest_sg;
 86         const char *alg_name;
 87         char alg_name_buf[CRYPTO_MAX_ALG_NAME];
 88         void *output;
 89         unsigned int outlen;
 90         int ret = -ENOMEM;
 91 
 92         pr_devel("==>%s()\n", __func__);
 93 
 94         BUG_ON(!pkey);
 95         BUG_ON(!sig);
 96         BUG_ON(!sig->digest);
 97         BUG_ON(!sig->s);
 98 
 99         alg_name = sig->pkey_algo;
100         if (strcmp(sig->pkey_algo, "rsa") == 0) {
101                 /* The data wangled by the RSA algorithm is typically padded
102                  * and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447
103                  * sec 8.2].
104                  */
105                 if (snprintf(alg_name_buf, CRYPTO_MAX_ALG_NAME,
106                              "pkcs1pad(rsa,%s)", sig->hash_algo
107                              ) >= CRYPTO_MAX_ALG_NAME)
108                         return -EINVAL;
109                 alg_name = alg_name_buf;
110         }
111 
112         tfm = crypto_alloc_akcipher(alg_name, 0, 0);
113         if (IS_ERR(tfm))
114                 return PTR_ERR(tfm);
115 
116         req = akcipher_request_alloc(tfm, GFP_KERNEL);
117         if (!req)
118                 goto error_free_tfm;
119 
120         ret = crypto_akcipher_set_pub_key(tfm, pkey->key, pkey->keylen);
121         if (ret)
122                 goto error_free_req;
123 
124         ret = -ENOMEM;
125         outlen = crypto_akcipher_maxsize(tfm);
126         output = kmalloc(outlen, GFP_KERNEL);
127         if (!output)
128                 goto error_free_req;
129 
130         sg_init_one(&sig_sg, sig->s, sig->s_size);
131         sg_init_one(&digest_sg, output, outlen);
132         akcipher_request_set_crypt(req, &sig_sg, &digest_sg, sig->s_size,
133                                    outlen);
134         init_completion(&compl.completion);
135         akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
136                                       CRYPTO_TFM_REQ_MAY_SLEEP,
137                                       public_key_verify_done, &compl);
138 
139         /* Perform the verification calculation.  This doesn't actually do the
140          * verification, but rather calculates the hash expected by the
141          * signature and returns that to us.
142          */
143         ret = crypto_akcipher_verify(req);
144         if (ret == -EINPROGRESS) {
145                 wait_for_completion(&compl.completion);
146                 ret = compl.err;
147         }
148         if (ret < 0)
149                 goto out_free_output;
150 
151         /* Do the actual verification step. */
152         if (req->dst_len != sig->digest_size ||
153             memcmp(sig->digest, output, sig->digest_size) != 0)
154                 ret = -EKEYREJECTED;
155 
156 out_free_output:
157         kfree(output);
158 error_free_req:
159         akcipher_request_free(req);
160 error_free_tfm:
161         crypto_free_akcipher(tfm);
162         pr_devel("<==%s() = %d\n", __func__, ret);
163         return ret;
164 }
165 EXPORT_SYMBOL_GPL(public_key_verify_signature);
166 
167 static int public_key_verify_signature_2(const struct key *key,
168                                          const struct public_key_signature *sig)
169 {
170         const struct public_key *pk = key->payload.data[asym_crypto];
171         return public_key_verify_signature(pk, sig);
172 }
173 
174 /*
175  * Public key algorithm asymmetric key subtype
176  */
177 struct asymmetric_key_subtype public_key_subtype = {
178         .owner                  = THIS_MODULE,
179         .name                   = "public_key",
180         .name_len               = sizeof("public_key") - 1,
181         .describe               = public_key_describe,
182         .destroy                = public_key_destroy,
183         .verify_signature       = public_key_verify_signature_2,
184 };
185 EXPORT_SYMBOL_GPL(public_key_subtype);
186 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp