1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* In-software asymmetric public-key crypto subtype
3 *
4 * See Documentation/crypto/asymmetric-keys.txt
5 *
6 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
7 * Written by David Howells (dhowells@redhat.com)
8 */
9
10 #define pr_fmt(fmt) "PKEY: "fmt
11 #ifdef __UBOOT__
12 #include <dm/devres.h>
13 #include <linux/bug.h>
14 #include <linux/compat.h>
15 #include <linux/err.h>
16 #else
17 #include <linux/module.h>
18 #include <linux/export.h>
19 #endif
20 #include <linux/kernel.h>
21 #ifndef __UBOOT__
22 #include <linux/slab.h>
23 #include <linux/seq_file.h>
24 #include <linux/scatterlist.h>
25 #include <keys/asymmetric-subtype.h>
26 #endif
27 #include <crypto/public_key.h>
28 #ifdef __UBOOT__
29 #include <image.h>
30 #include <u-boot/rsa.h>
31 #else
32 #include <crypto/akcipher.h>
33 #endif
34
35 MODULE_DESCRIPTION("In-software asymmetric public-key subtype");
36 MODULE_AUTHOR("Red Hat, Inc.");
37 MODULE_LICENSE("GPL");
38
39 #ifndef __UBOOT__
40 /*
41 * Provide a part of a description of the key for /proc/keys.
42 */
public_key_describe(const struct key * asymmetric_key,struct seq_file * m)43 static void public_key_describe(const struct key *asymmetric_key,
44 struct seq_file *m)
45 {
46 struct public_key *key = asymmetric_key->payload.data[asym_crypto];
47
48 if (key)
49 seq_printf(m, "%s.%s", key->id_type, key->pkey_algo);
50 }
51 #endif
52
53 /*
54 * Destroy a public key algorithm key.
55 */
public_key_free(struct public_key * key)56 void public_key_free(struct public_key *key)
57 {
58 if (key) {
59 kfree(key->key);
60 kfree(key->params);
61 kfree(key);
62 }
63 }
64 EXPORT_SYMBOL_GPL(public_key_free);
65
66 #ifdef __UBOOT__
67 /*
68 * from <linux>/crypto/asymmetric_keys/signature.c
69 *
70 * Destroy a public key signature.
71 */
public_key_signature_free(struct public_key_signature * sig)72 void public_key_signature_free(struct public_key_signature *sig)
73 {
74 int i;
75
76 if (sig) {
77 for (i = 0; i < ARRAY_SIZE(sig->auth_ids); i++)
78 free(sig->auth_ids[i]);
79 free(sig->s);
80 free(sig->digest);
81 free(sig);
82 }
83 }
84 EXPORT_SYMBOL_GPL(public_key_signature_free);
85
86 /**
87 * public_key_verify_signature - Verify a signature using a public key.
88 *
89 * @pkey: Public key
90 * @sig: Signature
91 *
92 * Verify a signature, @sig, using a RSA public key, @pkey.
93 *
94 * Return: 0 - verified, non-zero error code - otherwise
95 */
public_key_verify_signature(const struct public_key * pkey,const struct public_key_signature * sig)96 int public_key_verify_signature(const struct public_key *pkey,
97 const struct public_key_signature *sig)
98 {
99 struct image_sign_info info;
100 int ret;
101
102 pr_devel("==>%s()\n", __func__);
103
104 if (!pkey || !sig)
105 return -EINVAL;
106
107 if (pkey->key_is_private)
108 return -EINVAL;
109
110 memset(&info, '\0', sizeof(info));
111 info.padding = image_get_padding_algo("pkcs-1.5");
112 /*
113 * Note: image_get_[checksum|crypto]_algo takes a string
114 * argument like "<checksum>,<crypto>"
115 * TODO: support other hash algorithms
116 */
117 if (strcmp(sig->pkey_algo, "rsa") || (sig->s_size * 8) != 2048) {
118 pr_warn("Encryption is not RSA2048: %s%d\n",
119 sig->pkey_algo, sig->s_size * 8);
120 return -ENOPKG;
121 }
122 if (!strcmp(sig->hash_algo, "sha1")) {
123 info.checksum = image_get_checksum_algo("sha1,rsa2048");
124 info.name = "sha1,rsa2048";
125 } else if (!strcmp(sig->hash_algo, "sha256")) {
126 info.checksum = image_get_checksum_algo("sha256,rsa2048");
127 info.name = "sha256,rsa2048";
128 } else {
129 pr_warn("unknown msg digest algo: %s\n", sig->hash_algo);
130 return -ENOPKG;
131 }
132 info.crypto = image_get_crypto_algo(info.name);
133 if (IS_ERR(info.checksum) || IS_ERR(info.crypto))
134 return -ENOPKG;
135
136 info.key = pkey->key;
137 info.keylen = pkey->keylen;
138
139 if (rsa_verify_with_pkey(&info, sig->digest, sig->s, sig->s_size))
140 ret = -EKEYREJECTED;
141 else
142 ret = 0;
143
144 pr_devel("<==%s() = %d\n", __func__, ret);
145 return ret;
146 }
147 #else
148 /*
149 * Destroy a public key algorithm key.
150 */
public_key_destroy(void * payload0,void * payload3)151 static void public_key_destroy(void *payload0, void *payload3)
152 {
153 public_key_free(payload0);
154 public_key_signature_free(payload3);
155 }
156
157 /*
158 * Determine the crypto algorithm name.
159 */
160 static
software_key_determine_akcipher(const char * encoding,const char * hash_algo,const struct public_key * pkey,char alg_name[CRYPTO_MAX_ALG_NAME])161 int software_key_determine_akcipher(const char *encoding,
162 const char *hash_algo,
163 const struct public_key *pkey,
164 char alg_name[CRYPTO_MAX_ALG_NAME])
165 {
166 int n;
167
168 if (strcmp(encoding, "pkcs1") == 0) {
169 /* The data wangled by the RSA algorithm is typically padded
170 * and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447
171 * sec 8.2].
172 */
173 if (!hash_algo)
174 n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
175 "pkcs1pad(%s)",
176 pkey->pkey_algo);
177 else
178 n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
179 "pkcs1pad(%s,%s)",
180 pkey->pkey_algo, hash_algo);
181 return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0;
182 }
183
184 if (strcmp(encoding, "raw") == 0) {
185 strcpy(alg_name, pkey->pkey_algo);
186 return 0;
187 }
188
189 return -ENOPKG;
190 }
191
pkey_pack_u32(u8 * dst,u32 val)192 static u8 *pkey_pack_u32(u8 *dst, u32 val)
193 {
194 memcpy(dst, &val, sizeof(val));
195 return dst + sizeof(val);
196 }
197
198 /*
199 * Query information about a key.
200 */
software_key_query(const struct kernel_pkey_params * params,struct kernel_pkey_query * info)201 static int software_key_query(const struct kernel_pkey_params *params,
202 struct kernel_pkey_query *info)
203 {
204 struct crypto_akcipher *tfm;
205 struct public_key *pkey = params->key->payload.data[asym_crypto];
206 char alg_name[CRYPTO_MAX_ALG_NAME];
207 u8 *key, *ptr;
208 int ret, len;
209
210 ret = software_key_determine_akcipher(params->encoding,
211 params->hash_algo,
212 pkey, alg_name);
213 if (ret < 0)
214 return ret;
215
216 tfm = crypto_alloc_akcipher(alg_name, 0, 0);
217 if (IS_ERR(tfm))
218 return PTR_ERR(tfm);
219
220 key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
221 GFP_KERNEL);
222 if (!key)
223 goto error_free_tfm;
224 memcpy(key, pkey->key, pkey->keylen);
225 ptr = key + pkey->keylen;
226 ptr = pkey_pack_u32(ptr, pkey->algo);
227 ptr = pkey_pack_u32(ptr, pkey->paramlen);
228 memcpy(ptr, pkey->params, pkey->paramlen);
229
230 if (pkey->key_is_private)
231 ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen);
232 else
233 ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen);
234 if (ret < 0)
235 goto error_free_key;
236
237 len = crypto_akcipher_maxsize(tfm);
238 info->key_size = len * 8;
239 info->max_data_size = len;
240 info->max_sig_size = len;
241 info->max_enc_size = len;
242 info->max_dec_size = len;
243 info->supported_ops = (KEYCTL_SUPPORTS_ENCRYPT |
244 KEYCTL_SUPPORTS_VERIFY);
245 if (pkey->key_is_private)
246 info->supported_ops |= (KEYCTL_SUPPORTS_DECRYPT |
247 KEYCTL_SUPPORTS_SIGN);
248 ret = 0;
249
250 error_free_key:
251 kfree(key);
252 error_free_tfm:
253 crypto_free_akcipher(tfm);
254 pr_devel("<==%s() = %d\n", __func__, ret);
255 return ret;
256 }
257
258 /*
259 * Do encryption, decryption and signing ops.
260 */
software_key_eds_op(struct kernel_pkey_params * params,const void * in,void * out)261 static int software_key_eds_op(struct kernel_pkey_params *params,
262 const void *in, void *out)
263 {
264 const struct public_key *pkey = params->key->payload.data[asym_crypto];
265 struct akcipher_request *req;
266 struct crypto_akcipher *tfm;
267 struct crypto_wait cwait;
268 struct scatterlist in_sg, out_sg;
269 char alg_name[CRYPTO_MAX_ALG_NAME];
270 char *key, *ptr;
271 int ret;
272
273 pr_devel("==>%s()\n", __func__);
274
275 ret = software_key_determine_akcipher(params->encoding,
276 params->hash_algo,
277 pkey, alg_name);
278 if (ret < 0)
279 return ret;
280
281 tfm = crypto_alloc_akcipher(alg_name, 0, 0);
282 if (IS_ERR(tfm))
283 return PTR_ERR(tfm);
284
285 req = akcipher_request_alloc(tfm, GFP_KERNEL);
286 if (!req)
287 goto error_free_tfm;
288
289 key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
290 GFP_KERNEL);
291 if (!key)
292 goto error_free_req;
293
294 memcpy(key, pkey->key, pkey->keylen);
295 ptr = key + pkey->keylen;
296 ptr = pkey_pack_u32(ptr, pkey->algo);
297 ptr = pkey_pack_u32(ptr, pkey->paramlen);
298 memcpy(ptr, pkey->params, pkey->paramlen);
299
300 if (pkey->key_is_private)
301 ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen);
302 else
303 ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen);
304 if (ret)
305 goto error_free_key;
306
307 sg_init_one(&in_sg, in, params->in_len);
308 sg_init_one(&out_sg, out, params->out_len);
309 akcipher_request_set_crypt(req, &in_sg, &out_sg, params->in_len,
310 params->out_len);
311 crypto_init_wait(&cwait);
312 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
313 CRYPTO_TFM_REQ_MAY_SLEEP,
314 crypto_req_done, &cwait);
315
316 /* Perform the encryption calculation. */
317 switch (params->op) {
318 case kernel_pkey_encrypt:
319 ret = crypto_akcipher_encrypt(req);
320 break;
321 case kernel_pkey_decrypt:
322 ret = crypto_akcipher_decrypt(req);
323 break;
324 case kernel_pkey_sign:
325 ret = crypto_akcipher_sign(req);
326 break;
327 default:
328 BUG();
329 }
330
331 ret = crypto_wait_req(ret, &cwait);
332 if (ret == 0)
333 ret = req->dst_len;
334
335 error_free_key:
336 kfree(key);
337 error_free_req:
338 akcipher_request_free(req);
339 error_free_tfm:
340 crypto_free_akcipher(tfm);
341 pr_devel("<==%s() = %d\n", __func__, ret);
342 return ret;
343 }
344
345 /*
346 * Verify a signature using a public key.
347 */
public_key_verify_signature(const struct public_key * pkey,const struct public_key_signature * sig)348 int public_key_verify_signature(const struct public_key *pkey,
349 const struct public_key_signature *sig)
350 {
351 struct crypto_wait cwait;
352 struct crypto_akcipher *tfm;
353 struct akcipher_request *req;
354 struct scatterlist src_sg[2];
355 char alg_name[CRYPTO_MAX_ALG_NAME];
356 char *key, *ptr;
357 int ret;
358
359 pr_devel("==>%s()\n", __func__);
360
361 BUG_ON(!pkey);
362 BUG_ON(!sig);
363 BUG_ON(!sig->s);
364
365 ret = software_key_determine_akcipher(sig->encoding,
366 sig->hash_algo,
367 pkey, alg_name);
368 if (ret < 0)
369 return ret;
370
371 tfm = crypto_alloc_akcipher(alg_name, 0, 0);
372 if (IS_ERR(tfm))
373 return PTR_ERR(tfm);
374
375 ret = -ENOMEM;
376 req = akcipher_request_alloc(tfm, GFP_KERNEL);
377 if (!req)
378 goto error_free_tfm;
379
380 key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
381 GFP_KERNEL);
382 if (!key)
383 goto error_free_req;
384
385 memcpy(key, pkey->key, pkey->keylen);
386 ptr = key + pkey->keylen;
387 ptr = pkey_pack_u32(ptr, pkey->algo);
388 ptr = pkey_pack_u32(ptr, pkey->paramlen);
389 memcpy(ptr, pkey->params, pkey->paramlen);
390
391 if (pkey->key_is_private)
392 ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen);
393 else
394 ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen);
395 if (ret)
396 goto error_free_key;
397
398 sg_init_table(src_sg, 2);
399 sg_set_buf(&src_sg[0], sig->s, sig->s_size);
400 sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
401 akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size,
402 sig->digest_size);
403 crypto_init_wait(&cwait);
404 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
405 CRYPTO_TFM_REQ_MAY_SLEEP,
406 crypto_req_done, &cwait);
407 ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
408
409 error_free_key:
410 kfree(key);
411 error_free_req:
412 akcipher_request_free(req);
413 error_free_tfm:
414 crypto_free_akcipher(tfm);
415 pr_devel("<==%s() = %d\n", __func__, ret);
416 if (WARN_ON_ONCE(ret > 0))
417 ret = -EINVAL;
418 return ret;
419 }
420 EXPORT_SYMBOL_GPL(public_key_verify_signature);
421
public_key_verify_signature_2(const struct key * key,const struct public_key_signature * sig)422 static int public_key_verify_signature_2(const struct key *key,
423 const struct public_key_signature *sig)
424 {
425 const struct public_key *pk = key->payload.data[asym_crypto];
426 return public_key_verify_signature(pk, sig);
427 }
428
429 /*
430 * Public key algorithm asymmetric key subtype
431 */
432 struct asymmetric_key_subtype public_key_subtype = {
433 .owner = THIS_MODULE,
434 .name = "public_key",
435 .name_len = sizeof("public_key") - 1,
436 .describe = public_key_describe,
437 .destroy = public_key_destroy,
438 .query = software_key_query,
439 .eds_op = software_key_eds_op,
440 .verify_signature = public_key_verify_signature_2,
441 };
442 EXPORT_SYMBOL_GPL(public_key_subtype);
443 #endif /* !__UBOOT__ */
444