blob: 3671ed138559ce8a94673e496958e658a4b4c914 [file] [log] [blame]
AKASHI Takahirocbb10072019-11-13 09:44:58 +09001// SPDX-License-Identifier: GPL-2.0-or-later
2/* In-software asymmetric public-key crypto subtype
3 *
4 * See Documentation/crypto/asymmetric-keys.txt
5 *
6 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
7 * Written by David Howells (dhowells@redhat.com)
8 */
9
10#define pr_fmt(fmt) "PKEY: "fmt
11#ifdef __UBOOT__
Simon Glassd66c5f72020-02-03 07:36:15 -070012#include <dm/devres.h>
Simon Glassc06c1be2020-05-10 11:40:08 -060013#include <linux/bug.h>
AKASHI Takahirocbb10072019-11-13 09:44:58 +090014#include <linux/compat.h>
Simon Glassd66c5f72020-02-03 07:36:15 -070015#include <linux/err.h>
AKASHI Takahirocbb10072019-11-13 09:44:58 +090016#else
17#include <linux/module.h>
18#include <linux/export.h>
19#endif
20#include <linux/kernel.h>
21#ifndef __UBOOT__
22#include <linux/slab.h>
23#include <linux/seq_file.h>
24#include <linux/scatterlist.h>
25#include <keys/asymmetric-subtype.h>
26#endif
27#include <crypto/public_key.h>
AKASHI Takahiro697b4cc2020-07-21 19:35:17 +090028#ifdef __UBOOT__
29#include <image.h>
30#include <u-boot/rsa.h>
31#else
AKASHI Takahirocbb10072019-11-13 09:44:58 +090032#include <crypto/akcipher.h>
33#endif
34
35MODULE_DESCRIPTION("In-software asymmetric public-key subtype");
36MODULE_AUTHOR("Red Hat, Inc.");
37MODULE_LICENSE("GPL");
38
39#ifndef __UBOOT__
40/*
41 * Provide a part of a description of the key for /proc/keys.
42 */
43static void public_key_describe(const struct key *asymmetric_key,
44 struct seq_file *m)
45{
46 struct public_key *key = asymmetric_key->payload.data[asym_crypto];
47
48 if (key)
49 seq_printf(m, "%s.%s", key->id_type, key->pkey_algo);
50}
51#endif
52
53/*
54 * Destroy a public key algorithm key.
55 */
56void public_key_free(struct public_key *key)
57{
58 if (key) {
59 kfree(key->key);
60 kfree(key->params);
61 kfree(key);
62 }
63}
64EXPORT_SYMBOL_GPL(public_key_free);
65
66#ifdef __UBOOT__
67/*
68 * from <linux>/crypto/asymmetric_keys/signature.c
69 *
70 * Destroy a public key signature.
71 */
72void public_key_signature_free(struct public_key_signature *sig)
73{
74 int i;
75
76 if (sig) {
77 for (i = 0; i < ARRAY_SIZE(sig->auth_ids); i++)
78 free(sig->auth_ids[i]);
79 free(sig->s);
80 free(sig->digest);
81 free(sig);
82 }
83}
84EXPORT_SYMBOL_GPL(public_key_signature_free);
85
AKASHI Takahiro697b4cc2020-07-21 19:35:17 +090086/**
87 * public_key_verify_signature - Verify a signature using a public key.
88 *
89 * @pkey: Public key
90 * @sig: Signature
91 *
92 * Verify a signature, @sig, using a RSA public key, @pkey.
93 *
94 * Return: 0 - verified, non-zero error code - otherwise
95 */
96int public_key_verify_signature(const struct public_key *pkey,
97 const struct public_key_signature *sig)
98{
99 struct image_sign_info info;
Ilias Apalodimascde8bae2022-01-19 13:54:41 +0200100 char algo[256];
AKASHI Takahiro697b4cc2020-07-21 19:35:17 +0900101 int ret;
102
103 pr_devel("==>%s()\n", __func__);
104
105 if (!pkey || !sig)
106 return -EINVAL;
107
108 if (pkey->key_is_private)
109 return -EINVAL;
110
111 memset(&info, '\0', sizeof(info));
Ilias Apalodimascde8bae2022-01-19 13:54:41 +0200112 memset(algo, 0, sizeof(algo));
AKASHI Takahiro697b4cc2020-07-21 19:35:17 +0900113 info.padding = image_get_padding_algo("pkcs-1.5");
Ilias Apalodimascde8bae2022-01-19 13:54:41 +0200114 if (strcmp(sig->pkey_algo, "rsa")) {
115 pr_err("Encryption is not RSA: %s\n", sig->pkey_algo);
AKASHI Takahiro697b4cc2020-07-21 19:35:17 +0900116 return -ENOPKG;
117 }
Ilias Apalodimascde8bae2022-01-19 13:54:41 +0200118 ret = snprintf(algo, sizeof(algo), "%s,%s%d", sig->hash_algo,
119 sig->pkey_algo, sig->s_size * 8);
120
121 if (ret >= sizeof(algo))
122 return -EINVAL;
123
124 info.checksum = image_get_checksum_algo((const char *)algo);
125 info.name = (const char *)algo;
AKASHI Takahiro697b4cc2020-07-21 19:35:17 +0900126 info.crypto = image_get_crypto_algo(info.name);
Ilias Apalodimascde8bae2022-01-19 13:54:41 +0200127 if (!info.checksum || !info.crypto) {
128 pr_err("<%s> not supported on image_get_(checksum|crypto)_algo()\n",
129 algo);
AKASHI Takahiro697b4cc2020-07-21 19:35:17 +0900130 return -ENOPKG;
Ilias Apalodimascde8bae2022-01-19 13:54:41 +0200131 }
AKASHI Takahiro697b4cc2020-07-21 19:35:17 +0900132
133 info.key = pkey->key;
134 info.keylen = pkey->keylen;
135
AKASHI Takahiro697b4cc2020-07-21 19:35:17 +0900136 if (rsa_verify_with_pkey(&info, sig->digest, sig->s, sig->s_size))
137 ret = -EKEYREJECTED;
138 else
139 ret = 0;
140
141 pr_devel("<==%s() = %d\n", __func__, ret);
142 return ret;
143}
AKASHI Takahirocbb10072019-11-13 09:44:58 +0900144#else
145/*
146 * Destroy a public key algorithm key.
147 */
148static void public_key_destroy(void *payload0, void *payload3)
149{
150 public_key_free(payload0);
151 public_key_signature_free(payload3);
152}
153
154/*
155 * Determine the crypto algorithm name.
156 */
157static
158int software_key_determine_akcipher(const char *encoding,
159 const char *hash_algo,
160 const struct public_key *pkey,
161 char alg_name[CRYPTO_MAX_ALG_NAME])
162{
163 int n;
164
165 if (strcmp(encoding, "pkcs1") == 0) {
166 /* The data wangled by the RSA algorithm is typically padded
167 * and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447
168 * sec 8.2].
169 */
170 if (!hash_algo)
171 n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
172 "pkcs1pad(%s)",
173 pkey->pkey_algo);
174 else
175 n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
176 "pkcs1pad(%s,%s)",
177 pkey->pkey_algo, hash_algo);
178 return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0;
179 }
180
181 if (strcmp(encoding, "raw") == 0) {
182 strcpy(alg_name, pkey->pkey_algo);
183 return 0;
184 }
185
186 return -ENOPKG;
187}
188
189static u8 *pkey_pack_u32(u8 *dst, u32 val)
190{
191 memcpy(dst, &val, sizeof(val));
192 return dst + sizeof(val);
193}
194
195/*
196 * Query information about a key.
197 */
198static int software_key_query(const struct kernel_pkey_params *params,
199 struct kernel_pkey_query *info)
200{
201 struct crypto_akcipher *tfm;
202 struct public_key *pkey = params->key->payload.data[asym_crypto];
203 char alg_name[CRYPTO_MAX_ALG_NAME];
204 u8 *key, *ptr;
205 int ret, len;
206
207 ret = software_key_determine_akcipher(params->encoding,
208 params->hash_algo,
209 pkey, alg_name);
210 if (ret < 0)
211 return ret;
212
213 tfm = crypto_alloc_akcipher(alg_name, 0, 0);
214 if (IS_ERR(tfm))
215 return PTR_ERR(tfm);
216
217 key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
218 GFP_KERNEL);
219 if (!key)
220 goto error_free_tfm;
221 memcpy(key, pkey->key, pkey->keylen);
222 ptr = key + pkey->keylen;
223 ptr = pkey_pack_u32(ptr, pkey->algo);
224 ptr = pkey_pack_u32(ptr, pkey->paramlen);
225 memcpy(ptr, pkey->params, pkey->paramlen);
226
227 if (pkey->key_is_private)
228 ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen);
229 else
230 ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen);
231 if (ret < 0)
232 goto error_free_key;
233
234 len = crypto_akcipher_maxsize(tfm);
235 info->key_size = len * 8;
236 info->max_data_size = len;
237 info->max_sig_size = len;
238 info->max_enc_size = len;
239 info->max_dec_size = len;
240 info->supported_ops = (KEYCTL_SUPPORTS_ENCRYPT |
241 KEYCTL_SUPPORTS_VERIFY);
242 if (pkey->key_is_private)
243 info->supported_ops |= (KEYCTL_SUPPORTS_DECRYPT |
244 KEYCTL_SUPPORTS_SIGN);
245 ret = 0;
246
247error_free_key:
248 kfree(key);
249error_free_tfm:
250 crypto_free_akcipher(tfm);
251 pr_devel("<==%s() = %d\n", __func__, ret);
252 return ret;
253}
254
255/*
256 * Do encryption, decryption and signing ops.
257 */
258static int software_key_eds_op(struct kernel_pkey_params *params,
259 const void *in, void *out)
260{
261 const struct public_key *pkey = params->key->payload.data[asym_crypto];
262 struct akcipher_request *req;
263 struct crypto_akcipher *tfm;
264 struct crypto_wait cwait;
265 struct scatterlist in_sg, out_sg;
266 char alg_name[CRYPTO_MAX_ALG_NAME];
267 char *key, *ptr;
268 int ret;
269
270 pr_devel("==>%s()\n", __func__);
271
272 ret = software_key_determine_akcipher(params->encoding,
273 params->hash_algo,
274 pkey, alg_name);
275 if (ret < 0)
276 return ret;
277
278 tfm = crypto_alloc_akcipher(alg_name, 0, 0);
279 if (IS_ERR(tfm))
280 return PTR_ERR(tfm);
281
282 req = akcipher_request_alloc(tfm, GFP_KERNEL);
283 if (!req)
284 goto error_free_tfm;
285
286 key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
287 GFP_KERNEL);
288 if (!key)
289 goto error_free_req;
290
291 memcpy(key, pkey->key, pkey->keylen);
292 ptr = key + pkey->keylen;
293 ptr = pkey_pack_u32(ptr, pkey->algo);
294 ptr = pkey_pack_u32(ptr, pkey->paramlen);
295 memcpy(ptr, pkey->params, pkey->paramlen);
296
297 if (pkey->key_is_private)
298 ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen);
299 else
300 ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen);
301 if (ret)
302 goto error_free_key;
303
304 sg_init_one(&in_sg, in, params->in_len);
305 sg_init_one(&out_sg, out, params->out_len);
306 akcipher_request_set_crypt(req, &in_sg, &out_sg, params->in_len,
307 params->out_len);
308 crypto_init_wait(&cwait);
309 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
310 CRYPTO_TFM_REQ_MAY_SLEEP,
311 crypto_req_done, &cwait);
312
313 /* Perform the encryption calculation. */
314 switch (params->op) {
315 case kernel_pkey_encrypt:
316 ret = crypto_akcipher_encrypt(req);
317 break;
318 case kernel_pkey_decrypt:
319 ret = crypto_akcipher_decrypt(req);
320 break;
321 case kernel_pkey_sign:
322 ret = crypto_akcipher_sign(req);
323 break;
324 default:
325 BUG();
326 }
327
328 ret = crypto_wait_req(ret, &cwait);
329 if (ret == 0)
330 ret = req->dst_len;
331
332error_free_key:
333 kfree(key);
334error_free_req:
335 akcipher_request_free(req);
336error_free_tfm:
337 crypto_free_akcipher(tfm);
338 pr_devel("<==%s() = %d\n", __func__, ret);
339 return ret;
340}
341
342/*
343 * Verify a signature using a public key.
344 */
345int public_key_verify_signature(const struct public_key *pkey,
346 const struct public_key_signature *sig)
347{
348 struct crypto_wait cwait;
349 struct crypto_akcipher *tfm;
350 struct akcipher_request *req;
351 struct scatterlist src_sg[2];
352 char alg_name[CRYPTO_MAX_ALG_NAME];
353 char *key, *ptr;
354 int ret;
355
356 pr_devel("==>%s()\n", __func__);
357
358 BUG_ON(!pkey);
359 BUG_ON(!sig);
360 BUG_ON(!sig->s);
361
362 ret = software_key_determine_akcipher(sig->encoding,
363 sig->hash_algo,
364 pkey, alg_name);
365 if (ret < 0)
366 return ret;
367
368 tfm = crypto_alloc_akcipher(alg_name, 0, 0);
369 if (IS_ERR(tfm))
370 return PTR_ERR(tfm);
371
372 ret = -ENOMEM;
373 req = akcipher_request_alloc(tfm, GFP_KERNEL);
374 if (!req)
375 goto error_free_tfm;
376
377 key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
378 GFP_KERNEL);
379 if (!key)
380 goto error_free_req;
381
382 memcpy(key, pkey->key, pkey->keylen);
383 ptr = key + pkey->keylen;
384 ptr = pkey_pack_u32(ptr, pkey->algo);
385 ptr = pkey_pack_u32(ptr, pkey->paramlen);
386 memcpy(ptr, pkey->params, pkey->paramlen);
387
388 if (pkey->key_is_private)
389 ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen);
390 else
391 ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen);
392 if (ret)
393 goto error_free_key;
394
395 sg_init_table(src_sg, 2);
396 sg_set_buf(&src_sg[0], sig->s, sig->s_size);
397 sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
398 akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size,
399 sig->digest_size);
400 crypto_init_wait(&cwait);
401 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
402 CRYPTO_TFM_REQ_MAY_SLEEP,
403 crypto_req_done, &cwait);
404 ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
405
406error_free_key:
407 kfree(key);
408error_free_req:
409 akcipher_request_free(req);
410error_free_tfm:
411 crypto_free_akcipher(tfm);
412 pr_devel("<==%s() = %d\n", __func__, ret);
413 if (WARN_ON_ONCE(ret > 0))
414 ret = -EINVAL;
415 return ret;
416}
417EXPORT_SYMBOL_GPL(public_key_verify_signature);
418
419static int public_key_verify_signature_2(const struct key *key,
420 const struct public_key_signature *sig)
421{
422 const struct public_key *pk = key->payload.data[asym_crypto];
423 return public_key_verify_signature(pk, sig);
424}
425
426/*
427 * Public key algorithm asymmetric key subtype
428 */
429struct asymmetric_key_subtype public_key_subtype = {
430 .owner = THIS_MODULE,
431 .name = "public_key",
432 .name_len = sizeof("public_key") - 1,
433 .describe = public_key_describe,
434 .destroy = public_key_destroy,
435 .query = software_key_query,
436 .eds_op = software_key_eds_op,
437 .verify_signature = public_key_verify_signature_2,
438};
439EXPORT_SYMBOL_GPL(public_key_subtype);
440#endif /* !__UBOOT__ */