Re: [RFC PATCH 5/8] KEYS: Provide software public key query function [ver 3]
On 05/11/2016 04:50 PM, Mat Martineau wrote: > >> +len = crypto_akcipher_maxsize(tfm); >> +info->key_size = len * 8; >> +info->max_data_size = len; >> +info->max_sig_size = len; >> +info->max_enc_size = len; >> +info->max_dec_size = len; > > If len > UINT16_MAX, should UINT16_MAX be reported as the max size? Similar > question for len*8 and key_size. Hi Mat, Since all the operations performed are mod key->n the output will never be bigger than size of pkey->n, which is the return value from crypto_akcipher_maxsize(tfm) for a given key. Thanks, -- TS -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RFC PATCH 8/8] KEYS: Implement PKCS#8 RSA Private Key parser [ver 3]
On Wed, 11 May 2016, David Howells wrote: diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile index 6516855bec18..417035a53e98 100644 --- a/crypto/asymmetric_keys/Makefile +++ b/crypto/asymmetric_keys/Makefile @@ -34,6 +34,19 @@ clean-files += x509_akid-asn1.c x509_akid-asn1.h # # PKCS#7 message handling Update to PKCS#8 # +obj-$(CONFIG_PKCS8_PRIVATE_KEY_PARSER) += pkcs8_key_parser.o +pkcs8_key_parser-y := \ + pkcs8-asn1.o \ + pkcs8_parser.o + +$(obj)/pkcs8_parser.o: $(obj)/pkcs8-asn1.h +$(obj)/pkcs8-asn1.o: $(obj)/pkcs8-asn1.c $(obj)/pkcs8-asn1.h + +clean-files+= pkcs8-asn1.c pkcs8-asn1.h -- Mat Martineau Intel OTC -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RFC PATCH 5/8] KEYS: Provide software public key query function [ver 3]
On Wed, 11 May 2016, David Howells wrote: Provide a query function for the software public key implementation. This permits information about such a key to be obtained using query_asymmetric_key() or KEYCTL_PKEY_QUERY. Signed-off-by: David Howells--- crypto/asymmetric_keys/public_key.c | 96 ++- 1 file changed, 82 insertions(+), 14 deletions(-) diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index 96983906d2a2..e9967e5a2c25 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c +static int software_key_query(const struct kernel_pkey_params *params, + struct kernel_pkey_query *info) +{ ... + len = crypto_akcipher_maxsize(tfm); + info->key_size = len * 8; + info->max_data_size = len; + info->max_sig_size = len; + info->max_enc_size = len; + info->max_dec_size = len; If len > UINT16_MAX, should UINT16_MAX be reported as the max size? Similar question for len*8 and key_size. -- Mat Martineau Intel OTC -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RFC PATCH 2/8] KEYS: Provide keyctls to drive the new key type ops for asymmetric keys [ver 3]
On Wed, 11 May 2016, David Howells wrote: diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt index ca72b70a24b9..01c2ae28a8c0 100644 --- a/Documentation/security/keys.txt +++ b/Documentation/security/keys.txt + If the key needs to be unlocked with a password, a logon-type key that + holds the password may be given as the password argument ... + If the key must be unlocked with a password before it can be used, + password_id should point to a logon-type key that holds this. It should be noted that the password_id should be 0 if no password is to be used. diff --git a/security/keys/keyctl_pkey.c b/security/keys/keyctl_pkey.c new file mode 100644 index ..7f51db984aaa --- /dev/null +++ b/security/keys/keyctl_pkey.c +long keyctl_pkey_e_d_s(int op, ... + ret = params.key->type->asym_eds_op(, in, out); Need to check for NULL asym_eds_op before calling. Regards, -- Mat Martineau Intel OTC -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: RSA/MPI handling issues and keyctl access to public key keyrings
On 05/11/2016 06:55 AM, David Howells wrote: > Tadeusz Strukwrote: > >>> (2) rsa-pkcs1pad needs to indicate what the maximum content size is, given >>> the minimum possible padding for the specified hash type (ie. a >>> particular OID). >> >> The user needs to use crypto_akcipher_maxsize(tfm) to get the required buffer >> size for a given key. >> We do check if the buffer if big enough to accommodate padding and hash info. >> This is needed in sign and encrypt operations, and in both cases we check it, >> sign: >> https://git.kernel.org/cgit/linux/kernel/git/herbert/cryptodev-2.6.git/tree/crypto/rsa-pkcs1pad.c#n434 >> and encrypt: >> https://git.kernel.org/cgit/linux/kernel/git/herbert/cryptodev-2.6.git/tree/crypto/rsa-pkcs1pad.c#n252 > > Can you supply a way to find out the reduced size from the padding? > Hi David, What exactly do you want to do? For the verify operation we don't know the reduced size before the operation. We only figure it out after we decrypt the message and then the req->dst_len gets the actual size of the message without padding. Thanks, -- TS -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] crypto: qat: remove unused vairable.
On 05/11/2016 12:28 PM, Muhammad Falak R Wani wrote: > Remove the unused variable ret, and return 0 explicitly. Thanks for the patch. In this case it will be even better to change the adf_ctl_stop_devices() to a void function. ---8<--- Subject: [PATCH] crypto: qat - change the adf_ctl_stop_devices to void Change the adf_ctl_stop_devices to a void function. Signed-off-by: Tadeusz Struk--- drivers/crypto/qat/qat_common/adf_ctl_drv.c | 9 +++-- 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/drivers/crypto/qat/qat_common/adf_ctl_drv.c b/drivers/crypto/qat/qat_common/adf_ctl_drv.c index db21b49..abc7a7f 100644 --- a/drivers/crypto/qat/qat_common/adf_ctl_drv.c +++ b/drivers/crypto/qat/qat_common/adf_ctl_drv.c @@ -270,10 +270,9 @@ static int adf_ctl_is_device_in_use(int id) return 0; } -static int adf_ctl_stop_devices(uint32_t id) +static void adf_ctl_stop_devices(uint32_t id) { struct adf_accel_dev *accel_dev; - int ret = 0; list_for_each_entry(accel_dev, adf_devmgr_get_head(), list) { if (id == accel_dev->accel_id || id == ADF_CFG_ALL_DEVICES) { @@ -298,7 +297,6 @@ static int adf_ctl_stop_devices(uint32_t id) adf_dev_shutdown(accel_dev); } } - return ret; } static int adf_ctl_ioctl_dev_stop(struct file *fp, unsigned int cmd, @@ -327,9 +325,8 @@ static int adf_ctl_ioctl_dev_stop(struct file *fp, unsigned int cmd, pr_info("QAT: Stopping acceleration device qat_dev%d.\n", ctl_data->device_id); - ret = adf_ctl_stop_devices(ctl_data->device_id); - if (ret) - pr_err("QAT: failed to stop device.\n"); + adf_ctl_stop_devices(ctl_data->device_id); + out: kfree(ctl_data); return ret; Thanks, -- TS -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] crypto: qat: remove unused vairable.
Remove the unused variable ret, and return 0 explicitly. Signed-off-by: Muhammad Falak R Wani--- drivers/crypto/qat/qat_common/adf_ctl_drv.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/crypto/qat/qat_common/adf_ctl_drv.c b/drivers/crypto/qat/qat_common/adf_ctl_drv.c index db21b49..0f0677f 100644 --- a/drivers/crypto/qat/qat_common/adf_ctl_drv.c +++ b/drivers/crypto/qat/qat_common/adf_ctl_drv.c @@ -273,7 +273,6 @@ static int adf_ctl_is_device_in_use(int id) static int adf_ctl_stop_devices(uint32_t id) { struct adf_accel_dev *accel_dev; - int ret = 0; list_for_each_entry(accel_dev, adf_devmgr_get_head(), list) { if (id == accel_dev->accel_id || id == ADF_CFG_ALL_DEVICES) { @@ -298,7 +297,7 @@ static int adf_ctl_stop_devices(uint32_t id) adf_dev_shutdown(accel_dev); } } - return ret; + return 0; } static int adf_ctl_ioctl_dev_stop(struct file *fp, unsigned int cmd, -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RFC PATCH 8/8] KEYS: Implement PKCS#8 RSA Private Key parser [ver 3]
On Wed, 2016-05-11 at 15:22 +0100, David Howells wrote: > Implement PKCS#8 RSA Private Key format [RFC 5208] parser for the > asymmetric key type. For the moment, this will only support unencrypted > DER blobs. PEM and decryption can be added later. I would recommend *not* adding PEM and decryption support. That can live in userspace. You don't want to end up with the whole set of handlers for all the weird formats, from PKCS#12 to OpenSSL's non- standard encrypted PEM files. Trust me, I implemented a whole bunch of that for OpenConnect. You don't want it. Just mandate unencrypted binary PKCS#8 (or PKCS#1). -- David WoodhouseOpen Source Technology Centre david.woodho...@intel.com Intel Corporation smime.p7s Description: S/MIME cryptographic signature
Re: [PATCH] crypto/ccp: remove rwlocks_types.h
On 05/11/2016 05:06 AM, Sebastian Andrzej Siewior wrote: > Users of rwlocks should include spinlock.h instead including this > header file. The current users of rwlocks_types.h are internal. > > Signed-off-by: Sebastian Andrzej SiewiorThere's already been a patch submitted and accepted for this in the cryptodev tree: commit 7587c4075400 ("crypto: ccp - Fix RT breaking #include ") Thanks, Tom > --- > drivers/crypto/ccp/ccp-dev.c | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/drivers/crypto/ccp/ccp-dev.c b/drivers/crypto/ccp/ccp-dev.c > index 4dbc18727235..2a8ad712a5f2 100644 > --- a/drivers/crypto/ccp/ccp-dev.c > +++ b/drivers/crypto/ccp/ccp-dev.c > @@ -16,7 +16,6 @@ > #include > #include > #include > -#include > #include > #include > #include > -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH RESEND v5 0/6] crypto: algif - add akcipher
Tadeusz Strukwrote: > This is the same v5 version as before rebased on top of > http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-asym-keyctl I've just reposted this. The interface you're using should be the same, I think, but the details underneath have changed. Also, you can now supply private keys to the kernel if they're PKCS#8 encoded and keyctls are supplied that do encryption, decryption, signing and verifying, e.g.: j=`openssl pkcs8 -in ~/pkcs7/firmwarekey2.priv -topk8 -nocrypt -outform DER | \ keyctl padd asymmetric foo @s` echo -n abcdefghijklmnopqrst >/tmp/data keyctl pkey_encrypt $j 0 /tmp/data enc=pkcs1 >/tmp/enc keyctl pkey_decrypt $j 0 /tmp/enc enc=pkcs1 >/tmp/dec cmp /tmp/data /tmp/dec keyctl pkey_sign $j 0 /tmp/data enc=pkcs1 hash=sha1 >/tmp/sig keyctl pkey_verify $j 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1 David -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC PATCH 2/8] KEYS: Provide keyctls to drive the new key type ops for asymmetric keys [ver 3]
Provide five keyctl functions that permit userspace to make use of the new key type ops for accessing and driving asymmetric keys. (*) Query an asymmetric key. long keyctl(KEYCTL_PKEY_QUERY, key_serial_t key, key_serial_t password, struct keyctl_pkey_query *info); Get information about an asymmetric key. The information is returned in the keyctl_pkey_query struct: __u32 supported_ops; A bit mask of flags indicating which ops are supported. This is constructed from a bitwise-OR of: KEYCTL_SUPPORTS_{ENCRYPT,DECRYPT,SIGN,VERIFY} __u32 key_size; The size in bits of the key. __u16 max_data_size; __u16 max_sig_size; __u16 max_enc_size; __u16 max_dec_size; The maximum sizes in bytes of a blob of data to be signed, a signature blob, a blob to be encrypted and a blob to be decypted. If the key needs to be unlocked with a password, a logon-type key that holds the password may be given as the password argument If successful, 0 is returned. If the key is not an asymmetric key, EOPNOTSUPP is returned. (*) Encrypt, decrypt, sign or verify a blob using an asymmetric key. long keyctl(KEYCTL_PKEY_ENCRYPT, const struct keyctl_pkey_params *params, const char *info, const void *in, void *out); long keyctl(KEYCTL_PKEY_DECRYPT, const struct keyctl_pkey_params *params, const char *info, const void *in, void *out); long keyctl(KEYCTL_PKEY_SIGN, const struct keyctl_pkey_params *params, const char *info, const void *in, void *out); long keyctl(KEYCTL_PKEY_VERIFY, const struct keyctl_pkey_params *params, const char *info, const void *in, const void *in2); Use an asymmetric key to perform a public-key cryptographic operation a blob of data. The parameter block pointed to by params contains a number of integer values: __s32 key_id; __s32 password_id; __u32 in_len; __u32 out_len; __u32 in2_len; For a given operation, the in and out buffers are used as follows: Operation IDin,in_len out,out_len in2,in2_len === === === === KEYCTL_PKEY_ENCRYPT Raw dataEncrypted data - KEYCTL_PKEY_DECRYPT Encrypted data Raw data- KEYCTL_PKEY_SIGNRaw dataSignature - KEYCTL_PKEY_VERIFY Raw data- Signature If the key must be unlocked with a password before it can be used, password_id should point to a logon-type key that holds this. info is a string of key=value pairs that supply supplementary information. If successful, encrypt, decrypt and sign all return the amount of data written into the output buffer. Verification returns 0 on success. Signed-off-by: David Howells--- Documentation/security/keys.txt | 111 + include/uapi/linux/keyctl.h | 26 +++ security/keys/Makefile |1 security/keys/compat.c | 15 ++ security/keys/internal.h| 39 + security/keys/keyctl.c | 23 +++ security/keys/keyctl_pkey.c | 335 +++ 7 files changed, 550 insertions(+) create mode 100644 security/keys/keyctl_pkey.c diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt index ca72b70a24b9..01c2ae28a8c0 100644 --- a/Documentation/security/keys.txt +++ b/Documentation/security/keys.txt @@ -854,6 +854,117 @@ The keyctl syscall functions are: supported, error ENOKEY if the key could not be found, or error EACCES if the key is not readable by the caller. + + (*) Query an asymmetric key. + + long keyctl(KEYCTL_PKEY_QUERY, + key_serial_t key, key_serial_t password, + struct keyctl_pkey_query *info); + + Get information about an asymmetric key. The information is returned in + the keyctl_pkey_query struct: + + __u32 supported_ops; + + A bit mask of flags indicating which ops are supported. This is + constructed from a bitwise-OR of: + + KEYCTL_SUPPORTS_{ENCRYPT,DECRYPT,SIGN,VERIFY} + + __u32 key_size; + + The size in bits of the key. + + __u16 max_data_size; + __u16 max_sig_size; + __u16 max_enc_size; + __u16 max_dec_size; + + The maximum sizes in bytes of a blob of data to be signed, a signature + blob, a blob
[RFC PATCH 4/8] KEYS: Make the X.509 and PKCS7 parsers supply the sig encoding type [ver 3]
Make the X.509 and PKCS7 parsers fill in the signature encoding type field recently added to the public_key_signature struct. Signed-off-by: David Howells--- crypto/asymmetric_keys/pkcs7_parser.c |1 + crypto/asymmetric_keys/x509_cert_parser.c | 21 + 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c index af4cd8649117..5f0c6755a55b 100644 --- a/crypto/asymmetric_keys/pkcs7_parser.c +++ b/crypto/asymmetric_keys/pkcs7_parser.c @@ -261,6 +261,7 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen, switch (ctx->last_oid) { case OID_rsaEncryption: ctx->sinfo->sig->pkey_algo = "rsa"; + ctx->sinfo->sig->encoding = "pkcs1"; break; default: printk("Unsupported pkey algo: %u\n", ctx->last_oid); diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c index 865f46ea724f..1f1899d5ab43 100644 --- a/crypto/asymmetric_keys/x509_cert_parser.c +++ b/crypto/asymmetric_keys/x509_cert_parser.c @@ -199,35 +199,32 @@ int x509_note_pkey_algo(void *context, size_t hdrlen, case OID_md4WithRSAEncryption: ctx->cert->sig->hash_algo = "md4"; - ctx->cert->sig->pkey_algo = "rsa"; - break; + goto rsa_pkcs1; case OID_sha1WithRSAEncryption: ctx->cert->sig->hash_algo = "sha1"; - ctx->cert->sig->pkey_algo = "rsa"; - break; + goto rsa_pkcs1; case OID_sha256WithRSAEncryption: ctx->cert->sig->hash_algo = "sha256"; - ctx->cert->sig->pkey_algo = "rsa"; - break; + goto rsa_pkcs1; case OID_sha384WithRSAEncryption: ctx->cert->sig->hash_algo = "sha384"; - ctx->cert->sig->pkey_algo = "rsa"; - break; + goto rsa_pkcs1; case OID_sha512WithRSAEncryption: ctx->cert->sig->hash_algo = "sha512"; - ctx->cert->sig->pkey_algo = "rsa"; - break; + goto rsa_pkcs1; case OID_sha224WithRSAEncryption: ctx->cert->sig->hash_algo = "sha224"; - ctx->cert->sig->pkey_algo = "rsa"; - break; + goto rsa_pkcs1; } +rsa_pkcs1: + ctx->cert->sig->pkey_algo = "rsa"; + ctx->cert->sig->encoding = "pkcs1"; ctx->algo_oid = ctx->last_oid; return 0; } -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC PATCH 1/8] KEYS: Provide key type operations for asymmetric key ops [ver 3]
Provide five new operations in the key_type struct that can be used to provide access to asymmetric key operations. These will be implemented for the asymmetric key type in a later patch and may refer to a key retained in RAM by the kernel or a key retained in crypto hardware. int (*asym_query)(const struct key *key, const struct key *password, struct kernel_pkey_query *info); int (*asym_eds_op)(struct kernel_pkey_params *params, const void *in, void *out); int (*asym_verify_signature)(struct kernel_pkey_params *params, const void *in, const void *in2); Since encrypt, decrypt and sign are identical in their interfaces, they're rolled together in the asym_eds_op() operation and there's an operation ID in the params argument to distinguish them. Verify is different in that we supply the data and the signature instead and get an error value (or 0) as the only result on the expectation that this may well be how a hardware crypto device may work. Signed-off-by: David Howells--- Documentation/security/keys.txt | 113 +++ include/linux/key-type.h| 11 include/linux/keyctl.h | 47 include/uapi/linux/keyctl.h |5 ++ 4 files changed, 176 insertions(+) create mode 100644 include/linux/keyctl.h diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt index 20d05719bceb..ca72b70a24b9 100644 --- a/Documentation/security/keys.txt +++ b/Documentation/security/keys.txt @@ -1429,6 +1429,119 @@ The structure has a number of fields, some of which are mandatory: The authorisation key. + (*) int (*asym_eds_op)(struct kernel_pkey_params *params, + const void *in, void *out); + int (*asym_verify_signature)(struct kernel_pkey_params *params, + const void *in, const void *in2); + + These methods are optional. If provided the first allows a key to be + used to encrypt, decrypt or sign a blob of data, and the second allows a + key to verify a signature. + + In all cases, the following information is provided in the params block: + + struct kernel_pkey_params { + struct key *key; + struct key *password; + const char *encoding; + const char *hash_algo; + char*info; + __u32 in_len; + union { + __u32 out_len; + __u32 in2_len; + }; + enum kernel_pkey_operation op : 8; + }; + + This includes the key to be used; an optional second key that can be used + to provide a password (and must be of logon type); an optional string + indicating the encoding to use (for instance, "pkcs1" may be used with an + RSA key to indicate RSASSA-PKCS1-v1.5 or RSAES-PKCS1-v1.5 encoding); the + name of the hash algorithm used to generate the data for a signature (if + appropriate); the sizes of the input and output (or second input) buffers; + and the ID of the operation to be performed. + + For a given operation ID, the input and output buffers are used as + follows: + + Operation IDin,in_len out,out_len in2,in2_len + === === === === + kernel_pkey_encrypt Raw dataEncrypted data - + kernel_pkey_decrypt Encrypted data Raw data- + kernel_pkey_signRaw dataSignature - + kernel_pkey_verify Raw data- Signature + + asym_eds_op() deals with encryption, decryption and signature creation as + specified by params->op. Note that params->op is also set for + asym_verify_signature(). + + Encrypting and signature creation both take raw data in the input buffer + and return the encrypted result in the output buffer. Padding may have + been added if an encoding was set. In the case of signature creation, + depending on the encoding, the padding created may need to indicate the + digest algorithm - the name of which should be supplied in hash_algo. + + Decryption takes encrypted data in the input buffer and returns the raw + data in the output buffer. Padding will get checked and stripped off if + an encoding was set. + + Verification takes raw data in the input buffer and the signature in the + second input buffer and checks that the one matches the other. Padding + will be validated. Depending on the encoding, the digest algorithm used + to generate the raw data may need to be indicated in hash_algo. + + If successful, asym_eds_op() should return the number of bytes written + into the output buffer. asym_verify_signature() should return 0.
[RFC PATCH 3/8] KEYS: Provide missing asymmetric key subops for new key type ops [ver 3]
Provide the missing asymmetric key subops for new key type ops. This include query, encrypt, decrypt and create signature. Verify signature already exists. Also provided are accessor functions for this: int query_asymmetric_key(const struct key *key, const struct key *password, struct kernel_pkey_query *info); int encrypt_blob(struct kernel_pkey_params *params, const void *data, void *enc); int decrypt_blob(struct kernel_pkey_params *params, const void *enc, void *data); int create_signature(struct kernel_pkey_params *params, const void *data, void *enc); The public_key_signature struct gains an encoding field to carry the encoding for verify_signature() and that function gains an extra key pointer that can be used to pass a pointer to a logon key carrying a password to unlock the key. Signed-off-by: David Howells--- Documentation/crypto/asymmetric-keys.txt | 31 +++- crypto/asymmetric_keys/asymmetric_keys.h |3 + crypto/asymmetric_keys/asymmetric_type.c | 60 ++-- crypto/asymmetric_keys/pkcs7_trust.c |2 - crypto/asymmetric_keys/public_key.c |1 crypto/asymmetric_keys/restrict.c|2 - crypto/asymmetric_keys/signature.c | 112 +- include/crypto/public_key.h | 13 +++ include/keys/asymmetric-subtype.h| 10 +++ security/integrity/digsig_asymmetric.c |2 - 10 files changed, 216 insertions(+), 20 deletions(-) diff --git a/Documentation/crypto/asymmetric-keys.txt b/Documentation/crypto/asymmetric-keys.txt index 8c07e0ea6bc0..93a071714de7 100644 --- a/Documentation/crypto/asymmetric-keys.txt +++ b/Documentation/crypto/asymmetric-keys.txt @@ -123,6 +123,7 @@ An operation is provided to perform cryptographic signature verification, using an asymmetric key to provide or to provide access to the public key. int verify_signature(const struct key *key, +const struct key *password, const struct public_key_signature *sig); The caller must have already obtained the key from some source and can then use @@ -148,6 +149,9 @@ In addition, the data must have been digested by the caller and the resulting hash must be pointed to by sig->digest and the size of the hash be placed in sig->digest_size. +If the key needs to be unlocked with a passphrase, this can be passed in a +logon key as the password argument. + The function will return 0 upon success or -EKEYREJECTED if the signature doesn't match. @@ -182,6 +186,10 @@ and looks like the following: void (*describe)(const struct key *key, struct seq_file *m); void (*destroy)(void *payload); + int (*query)(const struct kernel_pkey_params *params, +struct kernel_pkey_query *info); + int (*eds_op)(struct kernel_pkey_params *params, + const void *in, void *out); int (*verify_signature)(const struct key *key, const struct public_key_signature *sig); }; @@ -206,12 +214,25 @@ There are a number of operations defined by the subtype: asymmetric key will look after freeing the fingerprint and releasing the reference on the subtype module. - (3) verify_signature(). + (3) query(). + + Mandatory. This is a function for querying the capabilities of a key. A + password can be provided if the key needs unlocking. + + (4) eds_op(). + + Optional. This is the entry point for the encryption, decryption and + signature creation operations (which are distinguished by the operation ID + in the parameter struct). The subtype may do anything it likes to + implement an operation, including offloading to hardware. A password can + be provided if the key needs unlocking. + + (5) verify_signature(). - Optional. These are the entry points for the key usage operations. - Currently there is only the one defined. If not set, the caller will be - given -ENOTSUPP. The subtype may do anything it likes to implement an - operation, including offloading to hardware. + Optional. This is the entry point for signature verification. The + subtype may do anything it likes to implement an operation, including + offloading to hardware. A password can be provided if the key needs + unlocking. == diff --git a/crypto/asymmetric_keys/asymmetric_keys.h b/crypto/asymmetric_keys/asymmetric_keys.h index ca8e9ac34ce6..7be1ccf4fa9f 100644 --- a/crypto/asymmetric_keys/asymmetric_keys.h +++ b/crypto/asymmetric_keys/asymmetric_keys.h @@ -16,3 +16,6 @@ extern struct asymmetric_key_id *asymmetric_key_hex_to_key_id(const char *id); extern
[RFC PATCH 5/8] KEYS: Provide software public key query function [ver 3]
Provide a query function for the software public key implementation. This permits information about such a key to be obtained using query_asymmetric_key() or KEYCTL_PKEY_QUERY. Signed-off-by: David Howells--- crypto/asymmetric_keys/public_key.c | 96 ++- 1 file changed, 82 insertions(+), 14 deletions(-) diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index 96983906d2a2..e9967e5a2c25 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -57,6 +57,81 @@ static void public_key_destroy(void *payload0, void *payload3) public_key_signature_free(payload3); } +/* + * Determine the crypto algorithm name. + */ +static +int software_key_determine_akcipher(const char *encoding, + const char *hash_algo, + const struct public_key *pkey, + char alg_name[CRYPTO_MAX_ALG_NAME]) +{ + int n; + + if (strcmp(encoding, "pkcs1") == 0) { + /* The data wangled by the RSA algorithm is typically padded +* and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447 +* sec 8.2]. +*/ + if (!hash_algo) + n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME, +"pkcs1pad(%s)", +pkey->pkey_algo); + else + n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME, +"pkcs1pad(%s,%s)", +pkey->pkey_algo, hash_algo); + return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0; + } + + if (strcmp(encoding, "raw") == 0) { + strcpy(alg_name, pkey->pkey_algo); + return 0; + } + + return -ENOPKG; +} + +/* + * Query information about a key. + */ +static int software_key_query(const struct kernel_pkey_params *params, + struct kernel_pkey_query *info) +{ + struct crypto_akcipher *tfm; + struct public_key *pkey = params->key->payload.data[asym_crypto]; + char alg_name[CRYPTO_MAX_ALG_NAME]; + int ret, len; + + ret = software_key_determine_akcipher(params->encoding, + params->hash_algo, + pkey, alg_name); + if (ret < 0) + return ret; + + tfm = crypto_alloc_akcipher(alg_name, 0, 0); + if (IS_ERR(tfm)) + return PTR_ERR(tfm); + + ret = crypto_akcipher_set_pub_key(tfm, pkey->key, pkey->keylen); + if (ret < 0) + goto error_free_tfm; + + len = crypto_akcipher_maxsize(tfm); + info->key_size = len * 8; + info->max_data_size = len; + info->max_sig_size = len; + info->max_enc_size = len; + info->max_dec_size = len; + info->supported_ops = KEYCTL_SUPPORTS_VERIFY; + ret = 0; + +error_free_tfm: + crypto_free_akcipher(tfm); + pr_devel("<==%s() = %d\n", __func__, ret); + return ret; +} + struct public_key_completion { struct completion completion; int err; @@ -83,8 +158,7 @@ int public_key_verify_signature(const struct public_key *pkey, struct crypto_akcipher *tfm; struct akcipher_request *req; struct scatterlist sig_sg, digest_sg; - const char *alg_name; - char alg_name_buf[CRYPTO_MAX_ALG_NAME]; + char alg_name[CRYPTO_MAX_ALG_NAME]; void *output; unsigned int outlen; int ret = -ENOMEM; @@ -96,18 +170,11 @@ int public_key_verify_signature(const struct public_key *pkey, BUG_ON(!sig->digest); BUG_ON(!sig->s); - alg_name = sig->pkey_algo; - if (strcmp(sig->pkey_algo, "rsa") == 0) { - /* The data wangled by the RSA algorithm is typically padded -* and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447 -* sec 8.2]. -*/ - if (snprintf(alg_name_buf, CRYPTO_MAX_ALG_NAME, -"pkcs1pad(rsa,%s)", sig->hash_algo -) >= CRYPTO_MAX_ALG_NAME) - return -EINVAL; - alg_name = alg_name_buf; - } + ret = software_key_determine_akcipher(sig->encoding, + sig->hash_algo, + pkey, alg_name); + if (ret < 0) + return ret; tfm = crypto_alloc_akcipher(alg_name, 0, 0); if (IS_ERR(tfm)) @@ -180,6 +247,7 @@ struct asymmetric_key_subtype public_key_subtype = { .name_len = sizeof("public_key") - 1, .describe = public_key_describe, .destroy= public_key_destroy, + .query
[RFC PATCH 6/8] KEYS: Allow the public_key struct to hold a private key [ver 3]
Put a flag in the public_key struct to indicate if the structure is holding a private key. The private key must be held ASN.1 encoded in the format specified in RFC 3447 A.1.2. This is the form required by crypto/rsa.c. The software encryption subtype's verification and query functions then need to select the appropriate crypto function to set the key. Signed-off-by: David Howells--- crypto/asymmetric_keys/public_key.c | 14 -- include/crypto/public_key.h |1 + 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index e9967e5a2c25..92997d4e8173 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -113,7 +113,12 @@ static int software_key_query(const struct kernel_pkey_params *params, if (IS_ERR(tfm)) return PTR_ERR(tfm); - ret = crypto_akcipher_set_pub_key(tfm, pkey->key, pkey->keylen); + if (pkey->key_is_private) + ret = crypto_akcipher_set_priv_key(tfm, + pkey->key, pkey->keylen); + else + ret = crypto_akcipher_set_pub_key(tfm, + pkey->key, pkey->keylen); if (ret < 0) goto error_free_tfm; @@ -184,7 +189,12 @@ int public_key_verify_signature(const struct public_key *pkey, if (!req) goto error_free_tfm; - ret = crypto_akcipher_set_pub_key(tfm, pkey->key, pkey->keylen); + if (pkey->key_is_private) + ret = crypto_akcipher_set_priv_key(tfm, + pkey->key, pkey->keylen); + else + ret = crypto_akcipher_set_pub_key(tfm, + pkey->key, pkey->keylen); if (ret) goto error_free_req; diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h index 1db6f1933dbd..a5096e72de5c 100644 --- a/include/crypto/public_key.h +++ b/include/crypto/public_key.h @@ -25,6 +25,7 @@ struct public_key { void *key; u32 keylen; + bool key_is_private; const char *id_type; const char *pkey_algo; }; -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC PATCH 8/8] KEYS: Implement PKCS#8 RSA Private Key parser [ver 3]
Implement PKCS#8 RSA Private Key format [RFC 5208] parser for the asymmetric key type. For the moment, this will only support unencrypted DER blobs. PEM and decryption can be added later. PKCS#8 keys can be loaded like this: openssl pkcs8 -in private_key.pem -topk8 -nocrypt -outform DER | \ keyctl padd asymmetric foo @s Signed-off-by: David Howells--- Documentation/crypto/asymmetric-keys.txt |2 crypto/asymmetric_keys/Kconfig | 10 ++ crypto/asymmetric_keys/Makefile | 13 ++ crypto/asymmetric_keys/pkcs8.asn1| 24 crypto/asymmetric_keys/pkcs8_parser.c| 184 ++ 5 files changed, 233 insertions(+) create mode 100644 crypto/asymmetric_keys/pkcs8.asn1 create mode 100644 crypto/asymmetric_keys/pkcs8_parser.c diff --git a/Documentation/crypto/asymmetric-keys.txt b/Documentation/crypto/asymmetric-keys.txt index 93a071714de7..45e50c5695bf 100644 --- a/Documentation/crypto/asymmetric-keys.txt +++ b/Documentation/crypto/asymmetric-keys.txt @@ -254,6 +254,8 @@ Examples of blob formats for which parsers could be implemented include: - X.509 ASN.1 stream. - Pointer to TPM key. - Pointer to UEFI key. + - PKCS#8 private key [RFC 5208]. + - PKCS#5 encrypted private key [RFC 2898]. During key instantiation each parser in the list is tried until one doesn't return -EBADMSG. diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig index e28e912000a7..c145bdf88381 100644 --- a/crypto/asymmetric_keys/Kconfig +++ b/crypto/asymmetric_keys/Kconfig @@ -29,6 +29,16 @@ config X509_CERTIFICATE_PARSER data and provides the ability to instantiate a crypto key from a public key packet found inside the certificate. +config PKCS8_PRIVATE_KEY_PARSER + tristate "PKCS#8 private key parser" + depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select ASN1 + select OID_REGISTRY + help + This option provides support for parsing PKCS#8 format blobs for + private key data and provides the ability to instantiate a crypto key + from that data. + config PKCS7_MESSAGE_PARSER tristate "PKCS#7 message parser" depends on X509_CERTIFICATE_PARSER diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile index 6516855bec18..417035a53e98 100644 --- a/crypto/asymmetric_keys/Makefile +++ b/crypto/asymmetric_keys/Makefile @@ -34,6 +34,19 @@ clean-files += x509_akid-asn1.c x509_akid-asn1.h # # PKCS#7 message handling # +obj-$(CONFIG_PKCS8_PRIVATE_KEY_PARSER) += pkcs8_key_parser.o +pkcs8_key_parser-y := \ + pkcs8-asn1.o \ + pkcs8_parser.o + +$(obj)/pkcs8_parser.o: $(obj)/pkcs8-asn1.h +$(obj)/pkcs8-asn1.o: $(obj)/pkcs8-asn1.c $(obj)/pkcs8-asn1.h + +clean-files+= pkcs8-asn1.c pkcs8-asn1.h + +# +# PKCS#7 message handling +# obj-$(CONFIG_PKCS7_MESSAGE_PARSER) += pkcs7_message.o pkcs7_message-y := \ pkcs7-asn1.o \ diff --git a/crypto/asymmetric_keys/pkcs8.asn1 b/crypto/asymmetric_keys/pkcs8.asn1 new file mode 100644 index ..702c41a3c713 --- /dev/null +++ b/crypto/asymmetric_keys/pkcs8.asn1 @@ -0,0 +1,24 @@ +-- +-- This is the unencrypted variant +-- +PrivateKeyInfo ::= SEQUENCE { + version Version, + privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, + privateKey PrivateKey, + attributes [0] IMPLICIT Attributes OPTIONAL +} + +Version ::= INTEGER ({ pkcs8_note_version }) + +PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier ({ pkcs8_note_algo }) + +PrivateKey ::= OCTET STRING ({ pkcs8_note_key }) + +Attributes ::= SET OF Attribute + +Attribute ::= ANY + +AlgorithmIdentifier ::= SEQUENCE { + algorithm OBJECT IDENTIFIER ({ pkcs8_note_OID }), + parameters ANY OPTIONAL +} diff --git a/crypto/asymmetric_keys/pkcs8_parser.c b/crypto/asymmetric_keys/pkcs8_parser.c new file mode 100644 index ..26a73c0b7eef --- /dev/null +++ b/crypto/asymmetric_keys/pkcs8_parser.c @@ -0,0 +1,184 @@ +/* PKCS#8 Private Key parser [RFC 5208]. + * + * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved. + * Written by David Howells (dhowe...@redhat.com) + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public Licence + * as published by the Free Software Foundation; either version + * 2 of the Licence, or (at your option) any later version. + */ + +#define pr_fmt(fmt) "PKCS8: "fmt +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "pkcs8-asn1.h" + +struct pkcs8_parse_context { + struct public_key *pub; + unsigned long data; /* Start of data */ + enum OIDlast_oid; /* Last OID encountered */ + enum OIDalgo_oid; /* Algorithm OID */ + u32 key_size; + const void
[RFC PATCH 7/8] KEYS: Implement encrypt, decrypt and sign for software asymmetric key [ver 3]
Implement the encrypt, decrypt and sign operations for the software asymmetric key subtype. This mostly involves offloading the call to the crypto layer. Note that the decrypt and sign operations require a private key to be supplied. Encrypt (and also verify) will work with either a public or a private key. A public key can be supplied with an X.509 certificate and a private key can be supplied using a PKCS#8 blob: # j=`openssl pkcs8 -in ~/pkcs7/firmwarekey2.priv -topk8 -nocrypt -outform DER | keyctl padd asymmetric foo @s` # keyctl pkey_query $j - enc=pkcs1 key_size=4096 max_data_size=512 max_sig_size=512 max_enc_size=512 max_dec_size=512 encrypt=y decrypt=y sign=y verify=y # keyctl pkey_encrypt $j 0 data enc=pkcs1 >/tmp/enc # keyctl pkey_decrypt $j 0 /tmp/enc enc=pkcs1 >/tmp/dec # cmp data /tmp/dec # keyctl pkey_sign $j 0 data enc=pkcs1 hash=sha1 >/tmp/sig # keyctl pkey_verify $j 0 data /tmp/sig enc=pkcs1 hash=sha1 # Signed-off-by: David Howells--- crypto/asymmetric_keys/public_key.c | 89 ++- 1 file changed, 86 insertions(+), 3 deletions(-) diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index 92997d4e8173..2bdb673cf074 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -128,7 +128,11 @@ static int software_key_query(const struct kernel_pkey_params *params, info->max_sig_size = len; info->max_enc_size = len; info->max_dec_size = len; - info->supported_ops = KEYCTL_SUPPORTS_VERIFY; + info->supported_ops = (KEYCTL_SUPPORTS_ENCRYPT | + KEYCTL_SUPPORTS_VERIFY); + if (pkey->key_is_private) + info->supported_ops |= (KEYCTL_SUPPORTS_DECRYPT | + KEYCTL_SUPPORTS_SIGN); ret = 0; error_free_tfm: @@ -142,7 +146,7 @@ struct public_key_completion { int err; }; -static void public_key_verify_done(struct crypto_async_request *req, int err) +static void public_key_crypto_done(struct crypto_async_request *req, int err) { struct public_key_completion *compl = req->data; @@ -154,6 +158,84 @@ static void public_key_verify_done(struct crypto_async_request *req, int err) } /* + * Do encryption, decryption and signing ops. + */ +static int software_key_eds_op(struct kernel_pkey_params *params, + const void *in, void *out) +{ + struct public_key_completion compl; + const struct public_key *pkey = params->key->payload.data[asym_crypto]; + struct akcipher_request *req; + struct crypto_akcipher *tfm; + struct scatterlist in_sg, out_sg; + char alg_name[CRYPTO_MAX_ALG_NAME]; + int ret; + + pr_devel("==>%s()\n", __func__); + + ret = software_key_determine_akcipher(params->encoding, + params->hash_algo, + pkey, alg_name); + if (ret < 0) + return ret; + + tfm = crypto_alloc_akcipher(alg_name, 0, 0); + if (IS_ERR(tfm)) + return PTR_ERR(tfm); + + req = akcipher_request_alloc(tfm, GFP_KERNEL); + if (!req) + goto error_free_tfm; + + if (pkey->key_is_private) + ret = crypto_akcipher_set_priv_key(tfm, + pkey->key, pkey->keylen); + else + ret = crypto_akcipher_set_pub_key(tfm, + pkey->key, pkey->keylen); + if (ret) + goto error_free_req; + + sg_init_one(_sg, in, params->in_len); + sg_init_one(_sg, out, params->out_len); + akcipher_request_set_crypt(req, _sg, _sg, params->in_len, + params->out_len); + init_completion(); + akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG | + CRYPTO_TFM_REQ_MAY_SLEEP, + public_key_crypto_done, ); + + /* Perform the encryption calculation. */ + switch (params->op) { + case kernel_pkey_encrypt: + ret = crypto_akcipher_encrypt(req); + break; + case kernel_pkey_decrypt: + ret = crypto_akcipher_decrypt(req); + break; + case kernel_pkey_sign: + ret = crypto_akcipher_sign(req); + break; + default: + BUG(); + } + if (ret == -EINPROGRESS) { + wait_for_completion(); + ret = compl.err; + } + + if (ret == 0) + ret = req->dst_len; + +error_free_req: + akcipher_request_free(req); +error_free_tfm: + crypto_free_akcipher(tfm); +
[RFC PATCH 0/8] KEYS: keyctl operations for asymmetric keys [ver 3]
Here's a set of patches that provides keyctl access for asymmetric keys, including a query function, and functions to do encryption, decryption, signature creation and signature verification. I've added a PKCS#8 asymmetric key parser so that you can load an RSA private key into the kernel. Currently only DER-encoded and unencrypted PKCS#8 is supported. Encryption and verification can use a public key from an X.509 cert, but signing and decryption require a private key, though encryption and verification can use that too. Example usage: j=`openssl pkcs8 -in ~/pkcs7/firmwarekey2.priv -topk8 -nocrypt -outform DER | \ keyctl padd asymmetric foo @s` echo -n abcdefghijklmnopqrst >/tmp/data keyctl pkey_encrypt $j 0 /tmp/data enc=pkcs1 >/tmp/enc keyctl pkey_decrypt $j 0 /tmp/enc enc=pkcs1 >/tmp/dec cmp /tmp/data /tmp/dec keyctl pkey_sign $j 0 /tmp/data enc=pkcs1 hash=sha1 >/tmp/sig keyctl pkey_verify $j 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1 The kernel patches can be found here also: http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-asym-keyctl The keyutils changes needed can be found here: http://git.kernel.org/cgit/linux/kernel/git/dhowells/keyutils.git/log/?h=pkey David --- David Howells (8): KEYS: Provide key type operations for asymmetric key ops KEYS: Provide keyctls to drive the new key type ops for asymmetric keys KEYS: Provide missing asymmetric key subops for new key type ops KEYS: Make the X.509 and PKCS7 parsers supply the sig encoding type KEYS: Provide software public key query function KEYS: Allow the public_key struct to hold a private key KEYS: Implement encrypt, decrypt and sign for software asymmetric key KEYS: Implement PKCS#8 RSA Private Key parser Documentation/crypto/asymmetric-keys.txt | 33 ++- Documentation/security/keys.txt | 224 +++ crypto/asymmetric_keys/Kconfig| 10 + crypto/asymmetric_keys/Makefile | 13 + crypto/asymmetric_keys/asymmetric_keys.h |3 crypto/asymmetric_keys/asymmetric_type.c | 60 + crypto/asymmetric_keys/pkcs7_parser.c |1 crypto/asymmetric_keys/pkcs7_trust.c |2 crypto/asymmetric_keys/pkcs8.asn1 | 24 ++ crypto/asymmetric_keys/pkcs8_parser.c | 184 crypto/asymmetric_keys/public_key.c | 196 +++-- crypto/asymmetric_keys/restrict.c |2 crypto/asymmetric_keys/signature.c| 112 ++ crypto/asymmetric_keys/x509_cert_parser.c | 21 +- include/crypto/public_key.h | 14 + include/keys/asymmetric-subtype.h | 10 + include/linux/key-type.h | 11 + include/linux/keyctl.h| 47 include/uapi/linux/keyctl.h | 31 +++ security/integrity/digsig_asymmetric.c|2 security/keys/Makefile|1 security/keys/compat.c| 15 + security/keys/internal.h | 39 +++ security/keys/keyctl.c| 23 ++ security/keys/keyctl_pkey.c | 335 + 25 files changed, 1364 insertions(+), 49 deletions(-) create mode 100644 crypto/asymmetric_keys/pkcs8.asn1 create mode 100644 crypto/asymmetric_keys/pkcs8_parser.c create mode 100644 include/linux/keyctl.h create mode 100644 security/keys/keyctl_pkey.c -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: RSA/MPI handling issues and keyctl access to public key keyrings
Tadeusz Strukwrote: > > (2) rsa-pkcs1pad needs to indicate what the maximum content size is, given > > the minimum possible padding for the specified hash type (ie. a > > particular OID). > > The user needs to use crypto_akcipher_maxsize(tfm) to get the required buffer > size for a given key. > We do check if the buffer if big enough to accommodate padding and hash info. > This is needed in sign and encrypt operations, and in both cases we check it, > sign: > https://git.kernel.org/cgit/linux/kernel/git/herbert/cryptodev-2.6.git/tree/crypto/rsa-pkcs1pad.c#n434 > and encrypt: > https://git.kernel.org/cgit/linux/kernel/git/herbert/cryptodev-2.6.git/tree/crypto/rsa-pkcs1pad.c#n252 Can you supply a way to find out the reduced size from the padding? David -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] lib: asn1_decoder - add MODULE_LICENSE("GPL")
Tudor Ambaruswrote: > A kernel taint results when loading the rsa_generic module: > > root@(none):~# modprobe rsa_generic > asn1_decoder: module license 'unspecified' taints kernel. > Disabling lock debugging due to kernel taint > > "Tainting" of the kernel is (usually) a way of indicating that > a proprietary module has been inserted, which is not the case here. > > Signed-off-by: Tudor Ambarus Applied. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
RE: [PATCH v6 0/3] Key-agreement Protocol Primitives (KPP) API
Hi Stephan, > -Original Message- > From: linux-crypto-ow...@vger.kernel.org [mailto:linux-crypto- > ow...@vger.kernel.org] On Behalf Of Stephan Mueller > Sent: Wednesday, May 11, 2016 10:05 AM > To: Benedetto, Salvatore> Cc: herb...@gondor.apana.org.au; linux-crypto@vger.kernel.org > Subject: Re: [PATCH v6 0/3] Key-agreement Protocol Primitives (KPP) API > > Am Mittwoch, 11. Mai 2016, 08:26:00 schrieb Salvatore Benedetto: > > Hi Salvatore, > > > Changes from v5: > > * Fix ecdh loading in fips mode. > > Thanks. > > As I do not readily see how you solved the issue, may I ask for a pointer to > the code that handles that? > Loading kpp ecdh was indeed calling panic() before because the P192 test was run anyway. Now when fips=1 is passed and CONFIG_CRYPTO_FIPS is set the P192 is not run. Regards, Salvatore -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] crypto: caam: add backlogging support
On Wed, May 11, 2016 at 07:53:19AM +, Catalin Vasile wrote: > > Every request will be queued and eventually done. > The hardware equipment has a constraint on the number of tfms it can have. > Is there a requirement to support an infinite number of tfms on a device? > > > You should use a software queue instead.> As I said you drivers are always supposed to have a software queue in addition to any hardware queues. There is no reason why your driver should be special in this regard. Cheers, -- Email: Herbert XuHome Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
RE: [PATCH] crypto: rsa - return raw integer for the ASN.1 parser
Hi Herbert, > On Fri, Apr 29, 2016 at 03:51:46PM +0300, Tudor Ambarus wrote: > > > > struct rsa_key { > > + u8 *n; > > + u8 *e; > > + u8 *d; > > + dma_addr_t dma_n; > > + dma_addr_t dma_e; > > + dma_addr_t dma_d; > > + size_t n_sz; > > + size_t e_sz; > > + bool coherent; > > + gfp_t flags; > > Please don't put the DMA primitives in the generic helper. They > should stay in the driver for now. If I move the DMA primitives to the driver context, I can't assure software coherency enforcement in rsa helper. If so, after the ANS.1 parsing, if a driver needs to enforce software coherency, it will have to allocate coherent memory and copy the ANS.1 parsed data there. Is this acceptable? Thanks, ta -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] crypto/ccp: remove rwlocks_types.h
Users of rwlocks should include spinlock.h instead including this header file. The current users of rwlocks_types.h are internal. Signed-off-by: Sebastian Andrzej Siewior--- drivers/crypto/ccp/ccp-dev.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/crypto/ccp/ccp-dev.c b/drivers/crypto/ccp/ccp-dev.c index 4dbc18727235..2a8ad712a5f2 100644 --- a/drivers/crypto/ccp/ccp-dev.c +++ b/drivers/crypto/ccp/ccp-dev.c @@ -16,7 +16,6 @@ #include #include #include -#include #include #include #include -- 2.8.1 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[patch V4 21/31] crypto: use parity functions in qat_hal
From: Zhaoxiu ZengSigned-off-by: Zhaoxiu Zeng --- drivers/crypto/qat/qat_common/qat_hal.c | 32 ++-- 1 file changed, 10 insertions(+), 22 deletions(-) diff --git a/drivers/crypto/qat/qat_common/qat_hal.c b/drivers/crypto/qat/qat_common/qat_hal.c index 1e480f1..318558f 100644 --- a/drivers/crypto/qat/qat_common/qat_hal.c +++ b/drivers/crypto/qat/qat_common/qat_hal.c @@ -546,17 +546,6 @@ static void qat_hal_disable_ctx(struct icp_qat_fw_loader_handle *handle, qat_hal_wr_ae_csr(handle, ae, CTX_ENABLES, ctx); } -static uint64_t qat_hal_parity_64bit(uint64_t word) -{ - word ^= word >> 1; - word ^= word >> 2; - word ^= word >> 4; - word ^= word >> 8; - word ^= word >> 16; - word ^= word >> 32; - return word & 1; -} - static uint64_t qat_hal_set_uword_ecc(uint64_t uword) { uint64_t bit0_mask = 0xff87fffULL, bit1_mask = 0x1f801ff801fULL, @@ -566,13 +555,13 @@ static uint64_t qat_hal_set_uword_ecc(uint64_t uword) /* clear the ecc bits */ uword &= ~(0x7fULL << 0x2C); - uword |= qat_hal_parity_64bit(bit0_mask & uword) << 0x2C; - uword |= qat_hal_parity_64bit(bit1_mask & uword) << 0x2D; - uword |= qat_hal_parity_64bit(bit2_mask & uword) << 0x2E; - uword |= qat_hal_parity_64bit(bit3_mask & uword) << 0x2F; - uword |= qat_hal_parity_64bit(bit4_mask & uword) << 0x30; - uword |= qat_hal_parity_64bit(bit5_mask & uword) << 0x31; - uword |= qat_hal_parity_64bit(bit6_mask & uword) << 0x32; + uword |= (uint64_t)parity64(bit0_mask & uword) << 0x2C; + uword |= (uint64_t)parity64(bit1_mask & uword) << 0x2D; + uword |= (uint64_t)parity64(bit2_mask & uword) << 0x2E; + uword |= (uint64_t)parity64(bit3_mask & uword) << 0x2F; + uword |= (uint64_t)parity64(bit4_mask & uword) << 0x30; + uword |= (uint64_t)parity64(bit5_mask & uword) << 0x31; + uword |= (uint64_t)parity64(bit6_mask & uword) << 0x32; return uword; } @@ -853,15 +842,14 @@ void qat_hal_wr_umem(struct icp_qat_fw_loader_handle *handle, uaddr |= UA_ECS; qat_hal_wr_ae_csr(handle, ae, USTORE_ADDRESS, uaddr); for (i = 0; i < words_num; i++) { - unsigned int uwrd_lo, uwrd_hi, tmp; + unsigned int uwrd_lo, uwrd_hi; uwrd_lo = ((data[i] & 0xfff) << 4) | (0x3 << 18) | ((data[i] & 0xff00) << 2) | (0x3 << 8) | (data[i] & 0xff); uwrd_hi = (0xf << 4) | ((data[i] & 0xf000) >> 28); - uwrd_hi |= (hweight32(data[i] & 0x) & 0x1) << 8; - tmp = ((data[i] >> 0x10) & 0x); - uwrd_hi |= (hweight32(tmp) & 0x1) << 9; + uwrd_hi |= parity16(data[i]) << 8; + uwrd_hi |= parity16(data[i] >> 16) << 9; qat_hal_wr_ae_csr(handle, ae, USTORE_DATA_LOWER, uwrd_lo); qat_hal_wr_ae_csr(handle, ae, USTORE_DATA_UPPER, uwrd_hi); } -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[patch V4 30/31] crypto: use parity_long is sahara.c
From: Zhaoxiu ZengSigned-off-by: Zhaoxiu Zeng --- drivers/crypto/sahara.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/crypto/sahara.c b/drivers/crypto/sahara.c index c3f3d89..5c44a15 100644 --- a/drivers/crypto/sahara.c +++ b/drivers/crypto/sahara.c @@ -783,7 +783,7 @@ static u32 sahara_sha_init_hdr(struct sahara_dev *dev, if (rctx->last) hdr |= SAHARA_HDR_MDHA_PDATA; - if (hweight_long(hdr) % 2 == 0) + if (!parity_long(hdr)) hdr |= SAHARA_HDR_PARITY_BIT; return hdr; -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v6 0/3] Key-agreement Protocol Primitives (KPP) API
Am Mittwoch, 11. Mai 2016, 08:26:00 schrieb Salvatore Benedetto: Hi Salvatore, > Changes from v5: > * Fix ecdh loading in fips mode. Thanks. As I do not readily see how you solved the issue, may I ask for a pointer to the code that handles that? Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] crypto: caam: add backlogging support
> > > From: Herbert Xu> Sent: Tuesday, May 10, 2016 12:46 PM > To: Catalin Vasile > Cc: linux-crypto@vger.kernel.org; linux-crypto-ow...@vger.kernel.org; Horia > Ioan Geanta Neag; Alexandru Porosanu; Scott Wood; Catalin Vasile > Subject: Re: [PATCH] crypto: caam: add backlogging support> > Catalin Vasile wrote: > > caam_jr_enqueue() function returns -EBUSY once there are no more slots > > available in the JR, but it doesn't actually save the current request. > > This breaks the functionality of users that expect that even if there is > > no more space for the request, it is at least queued for later > > execution. In other words, all crypto transformations that request > > backlogging (i.e. have CRYPTO_TFM_REQ_MAY_BACKLOG set), will hang. Such > > an example is dm-crypt. The current patch solves this issue by setting a > > threshold after which caam_jr_enqueue() returns -EBUSY, but since the HW > > job ring isn't actually full, the job is enqueued. > > > > Signed-off-by: Alexandru Porosanu > > Tested-by: Catalin Vasile > > This is not acceptable. The request that triggers EBUSY must > be allowed to queue. As the number of tfms is unlimited you > can't just put them onto the hardware queue and hope that it > works out.> Every request will be queued and eventually done. The hardware equipment has a constraint on the number of tfms it can have. Is there a requirement to support an infinite number of tfms on a device? > You should use a software queue instead.> > Cheers, > -- > Email: Herbert Xu > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH v6 3/3] crypto: kpp - Add ECDH software support
* Implement ECDH under kpp API * Provide ECC software support for curve P-192 and P-256. * Add kpp test for ECDH with data generated by OpenSSL Signed-off-by: Salvatore Benedetto--- crypto/Kconfig |5 + crypto/Makefile |3 + crypto/ecc.c| 1016 +++ crypto/ecc.h| 70 crypto/ecc_curve_defs.h | 57 +++ crypto/ecdh.c | 171 crypto/testmgr.c| 136 ++- crypto/testmgr.h| 78 include/crypto/ecdh.h | 24 ++ 9 files changed, 1551 insertions(+), 9 deletions(-) create mode 100644 crypto/ecc.c create mode 100644 crypto/ecc.h create mode 100644 crypto/ecc_curve_defs.h create mode 100644 crypto/ecdh.c create mode 100644 include/crypto/ecdh.h diff --git a/crypto/Kconfig b/crypto/Kconfig index 89db25c..08a1a3b 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -117,6 +117,11 @@ config CRYPTO_DH help Generic implementation of the Diffie-Hellman algorithm. +config CRYPTO_ECDH + tristate "ECDH algorithm" + select CRYTPO_KPP + help + Generic implementation of the ECDH algorithm config CRYPTO_MANAGER tristate "Cryptographic algorithm manager" diff --git a/crypto/Makefile b/crypto/Makefile index 101f8fd..ba03079 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -33,6 +33,9 @@ obj-$(CONFIG_CRYPTO_AKCIPHER2) += akcipher.o obj-$(CONFIG_CRYPTO_KPP2) += kpp.o obj-$(CONFIG_CRYPTO_DH) += dh.o +ecdh_generic-y := ecc.o +ecdh_generic-y += ecdh.o +obj-$(CONFIG_CRYPTO_ECDH) += ecdh_generic.o $(obj)/rsapubkey-asn1.o: $(obj)/rsapubkey-asn1.c $(obj)/rsapubkey-asn1.h $(obj)/rsaprivkey-asn1.o: $(obj)/rsaprivkey-asn1.c $(obj)/rsaprivkey-asn1.h diff --git a/crypto/ecc.c b/crypto/ecc.c new file mode 100644 index 000..65b3134 --- /dev/null +++ b/crypto/ecc.c @@ -0,0 +1,1016 @@ +/* + * Copyright (c) 2013, Kenneth MacKay + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + *notice, this list of conditions and the following disclaimer in the + *documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include + +#include "ecc.h" +#include "ecc_curve_defs.h" + +#define MAX_TRIES 16 + +typedef struct { + u64 m_low; + u64 m_high; +} uint128_t; + +static inline const struct ecc_curve *ecc_get_curve(unsigned int curve_id) +{ + switch (curve_id) { + /* In FIPS mode only allow P256 and higher */ + case ECC_CURVE_NIST_P192: + return fips_enabled ? NULL : _p192; + case ECC_CURVE_NIST_P256: + return _p256; + default: + return NULL; + } +} + +static u64 *ecc_alloc_digits_space(unsigned int ndigits) +{ + size_t len = ndigits * sizeof(u64); + + if (!len) + return NULL; + + return kmalloc(len, GFP_KERNEL); +} + +static void ecc_free_digits_space(u64 *space) +{ + kzfree(space); +} + +static struct ecc_point *ecc_alloc_point(unsigned int ndigits) +{ + struct ecc_point *p = kmalloc(sizeof(*p), GFP_KERNEL); + + if (!p) + return NULL; + + p->x = ecc_alloc_digits_space(ndigits); + if (!p->x) + goto err_alloc_x; + + p->y = ecc_alloc_digits_space(ndigits); + if (!p->y) + goto err_alloc_y; + + p->ndigits = ndigits; + + return p; + +err_alloc_y: + ecc_free_digits_space(p->x); +err_alloc_x: + kfree(p); + return NULL; +} + +static void ecc_free_point(struct ecc_point *p) +{ + if (!p) + return; + + kzfree(p->x); + kzfree(p->y); + kzfree(p); +} + +static void vli_clear(u64 *vli, unsigned int ndigits) +{ + int i; + + for (i = 0; i <
[PATCH v6 2/3] crypto: kpp - Add DH software implementation
* Implement MPI based Diffie-Hellman under kpp API * Test provided uses data generad by OpenSSL Signed-off-by: Salvatore Benedetto--- crypto/Kconfig | 8 ++ crypto/Makefile | 2 + crypto/dh.c | 224 crypto/testmgr.c| 157 crypto/testmgr.h| 208 include/crypto/dh.h | 23 ++ 6 files changed, 622 insertions(+) create mode 100644 crypto/dh.c create mode 100644 include/crypto/dh.h diff --git a/crypto/Kconfig b/crypto/Kconfig index 31bf962..89db25c 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -110,6 +110,14 @@ config CRYPTO_RSA help Generic implementation of the RSA public key algorithm. +config CRYPTO_DH + tristate "Diffie-Hellman algorithm" + select CRYPTO_KPP + select MPILIB + help + Generic implementation of the Diffie-Hellman algorithm. + + config CRYPTO_MANAGER tristate "Cryptographic algorithm manager" select CRYPTO_MANAGER2 diff --git a/crypto/Makefile b/crypto/Makefile index 5b60890..101f8fd 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -32,6 +32,8 @@ obj-$(CONFIG_CRYPTO_HASH2) += crypto_hash.o obj-$(CONFIG_CRYPTO_AKCIPHER2) += akcipher.o obj-$(CONFIG_CRYPTO_KPP2) += kpp.o +obj-$(CONFIG_CRYPTO_DH) += dh.o + $(obj)/rsapubkey-asn1.o: $(obj)/rsapubkey-asn1.c $(obj)/rsapubkey-asn1.h $(obj)/rsaprivkey-asn1.o: $(obj)/rsaprivkey-asn1.c $(obj)/rsaprivkey-asn1.h clean-files += rsapubkey-asn1.c rsapubkey-asn1.h diff --git a/crypto/dh.c b/crypto/dh.c new file mode 100644 index 000..06e4805 --- /dev/null +++ b/crypto/dh.c @@ -0,0 +1,224 @@ +/* Diffie-Hellman Key Agreement Method [RFC2631] + * + * Copyright (c) 2016, Intel Corporation + * Authors: Salvatore Benedetto + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public Licence + * as published by the Free Software Foundation; either version + * 2 of the Licence, or (at your option) any later version. + */ + +#include +#include +#include +#include +#include + +struct dh_ctx { + MPI p; + MPI g; + MPI xa; +}; + +static void dh_free_ctx(struct dh_ctx *ctx) +{ + mpi_free(ctx->p); + mpi_free(ctx->g); + mpi_free(ctx->xa); + ctx->p = NULL; + ctx->g = NULL; + ctx->xa = NULL; +} + +/* + * Public key generation function [RFC2631 sec 2.1.1] + * ya = g^xa mod p; + */ +static int _generate_public_key(const struct dh_ctx *ctx, MPI ya) +{ + /* ya = g^xa mod p */ + return mpi_powm(ya, ctx->g, ctx->xa, ctx->p); +} + +/* + * ZZ generation function [RFC2631 sec 2.1.1] + * ZZ = yb^xa mod p; + */ +static int _compute_shared_secret(const struct dh_ctx *ctx, MPI yb, + MPI zz) +{ + /* ZZ = yb^xa mod p */ + return mpi_powm(zz, yb, ctx->xa, ctx->p); +} + +static inline struct dh_ctx *dh_get_ctx(struct crypto_kpp *tfm) +{ + return kpp_tfm_ctx(tfm); +} + +static int dh_check_params_length(unsigned int p_len) +{ + return (p_len < 1536) ? -EINVAL : 0; +} + +static int dh_set_params(struct crypto_kpp *tfm, void *buffer, +unsigned int len) +{ + struct dh_ctx *ctx = dh_get_ctx(tfm); + struct dh_params *params = (struct dh_params *)buffer; + + if (unlikely(!buffer || !len)) + return -EINVAL; + + if (unlikely(!params->p || !params->g)) + return -EINVAL; + + if (dh_check_params_length(params->p_size << 3)) + return -EINVAL; + + ctx->p = mpi_read_raw_data(params->p, params->p_size); + if (!ctx->p) + return -EINVAL; + + ctx->g = mpi_read_raw_data(params->g, params->g_size); + if (!ctx->g) { + mpi_free(ctx->p); + return -EINVAL; + } + + return 0; +} + +static int dh_set_secret(struct crypto_kpp *tfm, void *buffer, +unsigned int len) +{ + struct dh_ctx *ctx = dh_get_ctx(tfm); + + if (unlikely(!buffer || !len)) + return -EINVAL; + + ctx->xa = mpi_read_raw_data(buffer, len); + + if (!ctx->xa) + return -EINVAL; + + return 0; +} + +static int dh_generate_public_key(struct kpp_request *req) +{ + struct crypto_kpp *tfm = crypto_kpp_reqtfm(req); + const struct dh_ctx *ctx = dh_get_ctx(tfm); + MPI ya = mpi_alloc(0); + int ret = 0; + int sign; + + if (!ya) + return -ENOMEM; + + if (unlikely(!ctx->p || !ctx->g || !ctx->xa)) { + ret = -EINVAL; + goto err_free_ya; + } + ret = _generate_public_key(ctx, ya); + if (ret) + goto err_free_ya; + + ret = mpi_write_to_sgl(ya, req->dst, >dst_len, ); + if (ret) +
[PATCH v6 1/3] crypto: Key-agreement Protocol Primitives API (KPP)
Add key-agreement protocol primitives (kpp) API which allows to implement primitives required by protocols such as DH and ECDH. The API is composed mainly by the following functions * set_params() - It allows the user to set the parameters known to both parties involved in the key-agreement session * set_secret() - It allows the user to set his secret, also referred to as his private key * generate_public_key() - It generates the public key to be sent to the other counterpart involved in the key-agreement session. The function has to be called after set_params() and set_secret() * generate_secret() - It generates the shared secret for the session Other functions such as init() and exit() are provided for allowing cryptographic hardware to be inizialized properly before use Signed-off-by: Salvatore Benedetto--- crypto/Kconfig | 10 ++ crypto/Makefile | 1 + crypto/crypto_user.c| 20 +++ crypto/kpp.c| 123 +++ include/crypto/internal/kpp.h | 64 include/crypto/kpp.h| 333 include/linux/crypto.h | 1 + include/uapi/linux/cryptouser.h | 5 + 8 files changed, 557 insertions(+) create mode 100644 crypto/kpp.c create mode 100644 include/crypto/internal/kpp.h create mode 100644 include/crypto/kpp.h diff --git a/crypto/Kconfig b/crypto/Kconfig index 93a1fdc..31bf962 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -93,6 +93,15 @@ config CRYPTO_AKCIPHER select CRYPTO_AKCIPHER2 select CRYPTO_ALGAPI +config CRYPTO_KPP2 + tristate + select CRYPTO_ALGAPI2 + +config CRYPTO_KPP + tristate + select CRYPTO_ALGAPI + select CRYPTO_KPP2 + config CRYPTO_RSA tristate "RSA algorithm" select CRYPTO_AKCIPHER @@ -114,6 +123,7 @@ config CRYPTO_MANAGER2 select CRYPTO_HASH2 select CRYPTO_BLKCIPHER2 select CRYPTO_AKCIPHER2 + select CRYPTO_KPP2 config CRYPTO_USER tristate "Userspace cryptographic algorithm configuration" diff --git a/crypto/Makefile b/crypto/Makefile index 4f4ef7e..5b60890 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -30,6 +30,7 @@ crypto_hash-y += shash.o obj-$(CONFIG_CRYPTO_HASH2) += crypto_hash.o obj-$(CONFIG_CRYPTO_AKCIPHER2) += akcipher.o +obj-$(CONFIG_CRYPTO_KPP2) += kpp.o $(obj)/rsapubkey-asn1.o: $(obj)/rsapubkey-asn1.c $(obj)/rsapubkey-asn1.h $(obj)/rsaprivkey-asn1.o: $(obj)/rsaprivkey-asn1.c $(obj)/rsaprivkey-asn1.h diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c index 43fe85f..d28513fb 100644 --- a/crypto/crypto_user.c +++ b/crypto/crypto_user.c @@ -28,6 +28,7 @@ #include #include #include +#include #include "internal.h" @@ -126,6 +127,21 @@ nla_put_failure: return -EMSGSIZE; } +static int crypto_report_kpp(struct sk_buff *skb, struct crypto_alg *alg) +{ + struct crypto_report_kpp rkpp; + + strncpy(rkpp.type, "kpp", sizeof(rkpp.type)); + + if (nla_put(skb, CRYPTOCFGA_REPORT_KPP, + sizeof(struct crypto_report_kpp), )) + goto nla_put_failure; + return 0; + +nla_put_failure: + return -EMSGSIZE; +} + static int crypto_report_one(struct crypto_alg *alg, struct crypto_user_alg *ualg, struct sk_buff *skb) { @@ -176,6 +192,10 @@ static int crypto_report_one(struct crypto_alg *alg, goto nla_put_failure; break; + case CRYPTO_ALG_TYPE_KPP: + if (crypto_report_kpp(skb, alg)) + goto nla_put_failure; + break; } out: diff --git a/crypto/kpp.c b/crypto/kpp.c new file mode 100644 index 000..d36ce05 --- /dev/null +++ b/crypto/kpp.c @@ -0,0 +1,123 @@ +/* + * Key-agreement Protocol Primitives (KPP) + * + * Copyright (c) 2016, Intel Corporation + * Authors: Salvatore Benedetto + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "internal.h" + +#ifdef CONFIG_NET +static int crypto_kpp_report(struct sk_buff *skb, struct crypto_alg *alg) +{ + struct crypto_report_kpp rkpp; + + strncpy(rkpp.type, "kpp", sizeof(rkpp.type)); + + if (nla_put(skb, CRYPTOCFGA_REPORT_KPP, + sizeof(struct crypto_report_kpp), )) + goto nla_put_failure; + return 0; + +nla_put_failure: + return -EMSGSIZE; +} +#else +static int crypto_kpp_report(struct sk_buff *skb, struct crypto_alg *alg) +{ + return -ENOSYS; +} +#endif + +static void
[PATCH v6 0/3] Key-agreement Protocol Primitives (KPP) API
Hi Herb, the following patchset introduces a new API for abstracting key-agreement protocols such as DH and ECDH. It provides the primitives required for implementing the protocol, thus the name KPP (Key-agreement Protocol Primitives). Regards, Salvatore Changes from v5: * Fix ecdh loading in fips mode. Changes from v4: * If fips_enabled is set allow only P256 (or higher) as Stephan suggested * Pass ndigits as argument to ecdh_make_pub_key and ecdh_shared_secret so that VLA can be used like in the rest of the module Changes from v3: * Move curve ID definition to public header ecdh.h as users need to have access to those ids when selecting the curve Changes from v2: * Add support for ECDH (curve P192 and P256). I reused the ecc module already present in net/bluetooth and extended it in order to select different curves at runtime. Code for P192 was taken from tinycrypt. Changes from v1: * Change check in dh_check_params_length based on Stephan review Salvatore Benedetto (3): crypto: Key-agreement Protocol Primitives API (KPP) crypto: kpp - Add DH software implementation crypto: kpp - Add ECDH software support crypto/Kconfig | 23 + crypto/Makefile |6 + crypto/crypto_user.c| 20 + crypto/dh.c | 224 + crypto/ecc.c| 1016 +++ crypto/ecc.h| 70 +++ crypto/ecc_curve_defs.h | 57 +++ crypto/ecdh.c | 171 +++ crypto/kpp.c| 123 + crypto/testmgr.c| 275 +++ crypto/testmgr.h| 286 +++ include/crypto/dh.h | 23 + include/crypto/ecdh.h | 24 + include/crypto/internal/kpp.h | 64 +++ include/crypto/kpp.h| 333 + include/linux/crypto.h |1 + include/uapi/linux/cryptouser.h |5 + 17 files changed, 2721 insertions(+) create mode 100644 crypto/dh.c create mode 100644 crypto/ecc.c create mode 100644 crypto/ecc.h create mode 100644 crypto/ecc_curve_defs.h create mode 100644 crypto/ecdh.c create mode 100644 crypto/kpp.c create mode 100644 include/crypto/dh.h create mode 100644 include/crypto/ecdh.h create mode 100644 include/crypto/internal/kpp.h create mode 100644 include/crypto/kpp.h -- 2.5.0 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html