[PATCH 09/21] KEYS: Asymmetric public-key algorithm crypto key subtype [ver #3]

Fri, 02 Dec 2011 10:46:10 -0800 

Add a subtype for supporting asymmetric public-key encryption algorithms such
as DSA (FIPS-186) and RSA (PKCS#1 / RFC1337).

Signed-off-by: David Howells <dhowe...@redhat.com>
---

 security/keys/Kconfig      |    9 ++++
 security/keys/Makefile     |    1 
 security/keys/public_key.c |   55 ++++++++++++++++++++++
 security/keys/public_key.h |  109 ++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 174 insertions(+), 0 deletions(-)
 create mode 100644 security/keys/public_key.c
 create mode 100644 security/keys/public_key.h


diff --git a/security/keys/Kconfig b/security/keys/Kconfig
index 290c9d3..07c7f3b 100644
--- a/security/keys/Kconfig
+++ b/security/keys/Kconfig
@@ -77,3 +77,12 @@ config CRYPTO_KEY_TYPE
          This option provides support for a type of key that holds the keys
          required for cryptographic operations such as encryption, decryption,
          signature generation and signature verification.
+
+config CRYPTO_KEY_PUBLIC_KEY_SUBTYPE
+       tristate "Asymmetric public-key crypto algorithm subtype"
+       depends on CRYPTO_KEY_TYPE
+       help
+         This option provides support for asymmetric public key type handling.
+         If signature generation and/or verification are to be used,
+         appropriate hash algorithms (such as SHA-1) must be available.
+         ENOPKG will be reported if the requisite algorithm is unavailable.
diff --git a/security/keys/Makefile b/security/keys/Makefile
index 8462904..dc3281f 100644
--- a/security/keys/Makefile
+++ b/security/keys/Makefile
@@ -25,5 +25,6 @@ obj-$(CONFIG_SYSCTL) += sysctl.o
 obj-$(CONFIG_TRUSTED_KEYS) += trusted.o
 obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys/
 obj-$(CONFIG_CRYPTO_KEY_TYPE) += crypto_keys.o
+obj-$(CONFIG_CRYPTO_KEY_PUBLIC_KEY_SUBTYPE) += public_key.o
 
 crypto_keys-y := crypto_type.o crypto_verify.o
diff --git a/security/keys/public_key.c b/security/keys/public_key.c
new file mode 100644
index 0000000..c00ddac
--- /dev/null
+++ b/security/keys/public_key.c
@@ -0,0 +1,55 @@
+/* Asymmetric public key crypto subtype
+ *
+ * Copyright (C) 2011 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowe...@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+
+#define pr_fmt(fmt) "PKEY: "fmt
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include "public_key.h"
+
+MODULE_LICENSE("GPL");
+
+/*
+ * Provide a part of a description of the key for /proc/keys.
+ */
+static void public_key_describe(const struct key *crypto_key,
+                               struct seq_file *m)
+{
+       struct public_key *key = crypto_key->payload.data;
+
+       if (key)
+               seq_puts(m, key->algo->name);
+}
+
+/*
+ * Destroy a public key algorithm key
+ */
+static void public_key_destroy(void *payload)
+{
+       struct public_key *key = payload;
+       int i;
+
+       if (key) {
+               for (i = 0; i < ARRAY_SIZE(key->mpi); i++)
+                       mpi_free(key->mpi[i]);
+               kfree(key);
+       }
+}
+
+/*
+ * Public key algorithm crypto key subtype
+ */
+struct crypto_key_subtype public_key_crypto_key_subtype = {
+       .owner          = THIS_MODULE,
+       .name           = "public_key",
+       .describe       = public_key_describe,
+       .destroy        = public_key_destroy,
+};
+EXPORT_SYMBOL_GPL(public_key_crypto_key_subtype);
diff --git a/security/keys/public_key.h b/security/keys/public_key.h
new file mode 100644
index 0000000..b5aab3d
--- /dev/null
+++ b/security/keys/public_key.h
@@ -0,0 +1,109 @@
+/* Asymmetric public-key algorithm definitions
+ *
+ * Copyright (C) 2011 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowe...@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+
+#ifndef _LINUX_PUBLIC_KEY_H
+#define _LINUX_PUBLIC_KEY_H
+
+#include <linux/mpi.h>
+#include <crypto/hash.h>
+#include <keys/crypto-subtype.h>
+
+struct public_key;
+struct public_key_signature;
+
+enum pkey_hash_algo {
+       PKEY_HASH_MD5,
+       PKEY_HASH_SHA1,
+       PKEY_HASH_RIPE_MD_160,
+       PKEY_HASH_SHA256,
+       PKEY_HASH_SHA384,
+       PKEY_HASH_SHA512,
+       PKEY_HASH_SHA224,
+       PKEY_HASH__LAST
+};
+
+/*
+ * Public key type definition
+ */
+struct public_key_algorithm {
+       const char      *name;
+       u8              n_pub_mpi;      /* Number of MPIs in public key */
+       u8              n_sec_mpi;      /* Number of MPIs in secret key */
+       u8              n_sig_mpi;      /* Number of MPIs in a signature */
+       int (*verify)(const struct public_key *key,
+                     const struct public_key_signature *sig);
+};
+
+extern const struct public_key_algorithm DSA_public_key_algorithm;
+extern const struct public_key_algorithm RSA_public_key_algorithm;
+
+/*
+ * Asymmetric public key data
+ */
+struct public_key {
+       const struct public_key_algorithm *algo;
+       u8      capabilities;
+#define PKEY_CAN_ENCRYPT       0x01
+#define PKEY_CAN_DECRYPT       0x02
+#define PKEY_CAN_ENCDEC                (PKEY_CAN_ENCRYPT | PKEY_CAN_DECRYPT)
+#define PKEY_CAN_SIGN          0x04
+#define PKEY_CAN_VERIFY                0x08
+#define PKEY_CAN_SIGVER                (PKEY_CAN_SIGN | PKEY_CAN_VERIFY)
+       union {
+               MPI     mpi[5];
+               struct {
+                       MPI     p;      /* DSA prime */
+                       MPI     q;      /* DSA group order */
+                       MPI     g;      /* DSA group generator */
+                       MPI     y;      /* DSA public-key value = g^x mod p */
+                       MPI     x;      /* DSA secret exponent (if present) */
+               } dsa;
+               struct {
+                       MPI     n;      /* RSA public modulus */
+                       MPI     e;      /* RSA public encryption exponent */
+                       MPI     d;      /* RSA secret encryption exponent (if 
present) */
+                       MPI     p;      /* RSA secret prime (if present) */
+                       MPI     q;      /* RSA secret prime (if present) */
+               } rsa;
+       };
+
+       u8      key_id[8];      /* ID of this key pair */
+       u8      key_id_size;    /* Number of bytes in key_id */
+};
+
+/*
+ * Asymmetric public key algorithm signature data
+ */
+struct public_key_signature {
+       struct crypto_key_verify_context base;
+       u8 *digest;
+       enum pkey_hash_algo pkey_hash_algo : 8;
+       u8 signed_hash_msw[2];
+       u8 digest_size; /* Number of bytes in digest */
+       union {
+               MPI mpi[2];
+               struct {
+                       MPI s;                  /* m^d mod n */
+               } rsa;
+               struct {
+                       MPI r;
+                       MPI s;
+               } dsa;
+       };
+       struct shash_desc hash;                 /* This must go last! */
+};
+
+extern struct crypto_key_verify_context *pgp_pkey_verify_sig_begin(
+       struct key *crypto_key, const u8 *sigdata, size_t siglen);
+
+extern struct crypto_key_subtype public_key_crypto_key_subtype;
+
+#endif /* _LINUX_PUBLIC_KEY_H */

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to