~hc/RK356X_SDK_RELEASE.git

..	..	@@ -1,14 +1,10 @@
	1	+// SPDX-License-Identifier: GPL-2.0-or-later
1	2	/* In-software asymmetric public-key crypto subtype
2	3	*
3		- * See Documentation/crypto/asymmetric-keys.txt
	4	+ * See Documentation/crypto/asymmetric-keys.rst
4	5	*
5	6	* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
6	7	* Written by David Howells (dhowells@redhat.com)
7		- *
8		- * This program is free software; you can redistribute it and/or
9		- * modify it under the terms of the GNU General Public Licence
10		- * as published by the Free Software Foundation; either version
11		- * 2 of the Licence, or (at your option) any later version.
12	8	*/
13	9
14	10	#define pr_fmt(fmt) "PKEY: "fmt
..	..	@@ -21,6 +17,8 @@
21	17	#include <keys/asymmetric-subtype.h>
22	18	#include <crypto/public_key.h>
23	19	#include <crypto/akcipher.h>
	20	+#include <crypto/sm2.h>
	21	+#include <crypto/sm3_base.h>
24	22
25	23	MODULE_DESCRIPTION("In-software asymmetric public-key subtype");
26	24	MODULE_AUTHOR("Red Hat, Inc.");
..	..	@@ -45,6 +43,7 @@
45	43	{
46	44	if (key) {
47	45	kfree(key->key);
	46	+ kfree(key->params);
48	47	kfree(key);
49	48	}
50	49	}
..	..	@@ -60,42 +59,129 @@
60	59	}
61	60
62	61	/*
63		- * Verify a signature using a public key.
	62	+ * Determine the crypto algorithm name.
64	63	*/
65		-int public_key_verify_signature(const struct public_key *pkey,
66		- const struct public_key_signature *sig)
	64	+static
	65	+int software_key_determine_akcipher(const char *encoding,
	66	+ const char *hash_algo,
	67	+ const struct public_key *pkey,
	68	+ char alg_name[CRYPTO_MAX_ALG_NAME])
67	69	{
68		- struct crypto_wait cwait;
69		- struct crypto_akcipher *tfm;
70		- struct akcipher_request *req;
71		- struct scatterlist sig_sg, digest_sg;
72		- const char *alg_name;
73		- char alg_name_buf[CRYPTO_MAX_ALG_NAME];
74		- void *output;
75		- unsigned int outlen;
76		- int ret;
	70	+ int n;
77	71
78		- pr_devel("==>%s()\n", __func__);
79		-
80		- BUG_ON(!pkey);
81		- BUG_ON(!sig);
82		- BUG_ON(!sig->s);
83		-
84		- if (!sig->digest)
85		- return -ENOPKG;
86		-
87		- alg_name = sig->pkey_algo;
88		- if (strcmp(sig->pkey_algo, "rsa") == 0) {
	72	+ if (strcmp(encoding, "pkcs1") == 0) {
89	73	/* The data wangled by the RSA algorithm is typically padded
90	74	* and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447
91	75	* sec 8.2].
92	76	*/
93		- if (snprintf(alg_name_buf, CRYPTO_MAX_ALG_NAME,
94		- "pkcs1pad(rsa,%s)", sig->hash_algo
95		- ) >= CRYPTO_MAX_ALG_NAME)
96		- return -EINVAL;
97		- alg_name = alg_name_buf;
	77	+ if (!hash_algo)
	78	+ n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
	79	+ "pkcs1pad(%s)",
	80	+ pkey->pkey_algo);
	81	+ else
	82	+ n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
	83	+ "pkcs1pad(%s,%s)",
	84	+ pkey->pkey_algo, hash_algo);
	85	+ return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0;
98	86	}
	87	+
	88	+ if (strcmp(encoding, "raw") == 0) {
	89	+ strcpy(alg_name, pkey->pkey_algo);
	90	+ return 0;
	91	+ }
	92	+
	93	+ return -ENOPKG;
	94	+}
	95	+
	96	+static u8 pkey_pack_u32(u8 dst, u32 val)
	97	+{
	98	+ memcpy(dst, &val, sizeof(val));
	99	+ return dst + sizeof(val);
	100	+}
	101	+
	102	+/*
	103	+ * Query information about a key.
	104	+ */
	105	+static int software_key_query(const struct kernel_pkey_params *params,
	106	+ struct kernel_pkey_query *info)
	107	+{
	108	+ struct crypto_akcipher *tfm;
	109	+ struct public_key *pkey = params->key->payload.data[asym_crypto];
	110	+ char alg_name[CRYPTO_MAX_ALG_NAME];
	111	+ u8 key, ptr;
	112	+ int ret, len;
	113	+
	114	+ ret = software_key_determine_akcipher(params->encoding,
	115	+ params->hash_algo,
	116	+ pkey, alg_name);
	117	+ if (ret < 0)
	118	+ return ret;
	119	+
	120	+ tfm = crypto_alloc_akcipher(alg_name, 0, 0);
	121	+ if (IS_ERR(tfm))
	122	+ return PTR_ERR(tfm);
	123	+
	124	+ ret = -ENOMEM;
	125	+ key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
	126	+ GFP_KERNEL);
	127	+ if (!key)
	128	+ goto error_free_tfm;
	129	+ memcpy(key, pkey->key, pkey->keylen);
	130	+ ptr = key + pkey->keylen;
	131	+ ptr = pkey_pack_u32(ptr, pkey->algo);
	132	+ ptr = pkey_pack_u32(ptr, pkey->paramlen);
	133	+ memcpy(ptr, pkey->params, pkey->paramlen);
	134	+
	135	+ if (pkey->key_is_private)
	136	+ ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen);
	137	+ else
	138	+ ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen);
	139	+ if (ret < 0)
	140	+ goto error_free_key;
	141	+
	142	+ len = crypto_akcipher_maxsize(tfm);
	143	+ info->key_size = len * 8;
	144	+ info->max_data_size = len;
	145	+ info->max_sig_size = len;
	146	+ info->max_enc_size = len;
	147	+ info->max_dec_size = len;
	148	+ info->supported_ops = (KEYCTL_SUPPORTS_ENCRYPT \|
	149	+ KEYCTL_SUPPORTS_VERIFY);
	150	+ if (pkey->key_is_private)
	151	+ info->supported_ops \|= (KEYCTL_SUPPORTS_DECRYPT \|
	152	+ KEYCTL_SUPPORTS_SIGN);
	153	+ ret = 0;
	154	+
	155	+error_free_key:
	156	+ kfree(key);
	157	+error_free_tfm:
	158	+ crypto_free_akcipher(tfm);
	159	+ pr_devel("<==%s() = %d\n", __func__, ret);
	160	+ return ret;
	161	+}
	162	+
	163	+/*
	164	+ * Do encryption, decryption and signing ops.
	165	+ */
	166	+static int software_key_eds_op(struct kernel_pkey_params *params,
	167	+ const void in, void out)
	168	+{
	169	+ const struct public_key *pkey = params->key->payload.data[asym_crypto];
	170	+ struct akcipher_request *req;
	171	+ struct crypto_akcipher *tfm;
	172	+ struct crypto_wait cwait;
	173	+ struct scatterlist in_sg, out_sg;
	174	+ char alg_name[CRYPTO_MAX_ALG_NAME];
	175	+ char key, ptr;
	176	+ int ret;
	177	+
	178	+ pr_devel("==>%s()\n", __func__);
	179	+
	180	+ ret = software_key_determine_akcipher(params->encoding,
	181	+ params->hash_algo,
	182	+ pkey, alg_name);
	183	+ if (ret < 0)
	184	+ return ret;
99	185
100	186	tfm = crypto_alloc_akcipher(alg_name, 0, 0);
101	187	if (IS_ERR(tfm))
..	..	@@ -106,40 +192,197 @@
106	192	if (!req)
107	193	goto error_free_tfm;
108	194
109		- ret = crypto_akcipher_set_pub_key(tfm, pkey->key, pkey->keylen);
	195	+ key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
	196	+ GFP_KERNEL);
	197	+ if (!key)
	198	+ goto error_free_req;
	199	+
	200	+ memcpy(key, pkey->key, pkey->keylen);
	201	+ ptr = key + pkey->keylen;
	202	+ ptr = pkey_pack_u32(ptr, pkey->algo);
	203	+ ptr = pkey_pack_u32(ptr, pkey->paramlen);
	204	+ memcpy(ptr, pkey->params, pkey->paramlen);
	205	+
	206	+ if (pkey->key_is_private)
	207	+ ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen);
	208	+ else
	209	+ ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen);
110	210	if (ret)
111		- goto error_free_req;
	211	+ goto error_free_key;
112	212
113		- ret = -ENOMEM;
114		- outlen = crypto_akcipher_maxsize(tfm);
115		- output = kmalloc(outlen, GFP_KERNEL);
116		- if (!output)
117		- goto error_free_req;
118		-
119		- sg_init_one(&sig_sg, sig->s, sig->s_size);
120		- sg_init_one(&digest_sg, output, outlen);
121		- akcipher_request_set_crypt(req, &sig_sg, &digest_sg, sig->s_size,
122		- outlen);
	213	+ sg_init_one(&in_sg, in, params->in_len);
	214	+ sg_init_one(&out_sg, out, params->out_len);
	215	+ akcipher_request_set_crypt(req, &in_sg, &out_sg, params->in_len,
	216	+ params->out_len);
123	217	crypto_init_wait(&cwait);
124	218	akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG \|
125	219	CRYPTO_TFM_REQ_MAY_SLEEP,
126	220	crypto_req_done, &cwait);
127	221
128		- /* Perform the verification calculation. This doesn't actually do the
129		- * verification, but rather calculates the hash expected by the
130		- * signature and returns that to us.
131		- */
132		- ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
	222	+ /* Perform the encryption calculation. */
	223	+ switch (params->op) {
	224	+ case kernel_pkey_encrypt:
	225	+ ret = crypto_akcipher_encrypt(req);
	226	+ break;
	227	+ case kernel_pkey_decrypt:
	228	+ ret = crypto_akcipher_decrypt(req);
	229	+ break;
	230	+ case kernel_pkey_sign:
	231	+ ret = crypto_akcipher_sign(req);
	232	+ break;
	233	+ default:
	234	+ BUG();
	235	+ }
	236	+
	237	+ ret = crypto_wait_req(ret, &cwait);
	238	+ if (ret == 0)
	239	+ ret = req->dst_len;
	240	+
	241	+error_free_key:
	242	+ kfree(key);
	243	+error_free_req:
	244	+ akcipher_request_free(req);
	245	+error_free_tfm:
	246	+ crypto_free_akcipher(tfm);
	247	+ pr_devel("<==%s() = %d\n", __func__, ret);
	248	+ return ret;
	249	+}
	250	+
	251	+#if IS_REACHABLE(CONFIG_CRYPTO_SM2)
	252	+static int cert_sig_digest_update(const struct public_key_signature *sig,
	253	+ struct crypto_akcipher *tfm_pkey)
	254	+{
	255	+ struct crypto_shash *tfm;
	256	+ struct shash_desc *desc;
	257	+ size_t desc_size;
	258	+ unsigned char dgst[SM3_DIGEST_SIZE];
	259	+ int ret;
	260	+
	261	+ BUG_ON(!sig->data);
	262	+
	263	+ /* SM2 signatures always use the SM3 hash algorithm */
	264	+ if (!sig->hash_algo \|\| strcmp(sig->hash_algo, "sm3") != 0)
	265	+ return -EINVAL;
	266	+
	267	+ ret = sm2_compute_z_digest(tfm_pkey, SM2_DEFAULT_USERID,
	268	+ SM2_DEFAULT_USERID_LEN, dgst);
133	269	if (ret)
134		- goto out_free_output;
	270	+ return ret;
135	271
136		- /* Do the actual verification step. */
137		- if (req->dst_len != sig->digest_size \|\|
138		- memcmp(sig->digest, output, sig->digest_size) != 0)
139		- ret = -EKEYREJECTED;
	272	+ tfm = crypto_alloc_shash(sig->hash_algo, 0, 0);
	273	+ if (IS_ERR(tfm))
	274	+ return PTR_ERR(tfm);
140	275
141		-out_free_output:
142		- kfree(output);
	276	+ desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
	277	+ desc = kzalloc(desc_size, GFP_KERNEL);
	278	+ if (!desc) {
	279	+ ret = -ENOMEM;
	280	+ goto error_free_tfm;
	281	+ }
	282	+
	283	+ desc->tfm = tfm;
	284	+
	285	+ ret = crypto_shash_init(desc);
	286	+ if (ret < 0)
	287	+ goto error_free_desc;
	288	+
	289	+ ret = crypto_shash_update(desc, dgst, SM3_DIGEST_SIZE);
	290	+ if (ret < 0)
	291	+ goto error_free_desc;
	292	+
	293	+ ret = crypto_shash_finup(desc, sig->data, sig->data_size, sig->digest);
	294	+
	295	+error_free_desc:
	296	+ kfree(desc);
	297	+error_free_tfm:
	298	+ crypto_free_shash(tfm);
	299	+ return ret;
	300	+}
	301	+#else
	302	+static inline int cert_sig_digest_update(
	303	+ const struct public_key_signature *sig,
	304	+ struct crypto_akcipher *tfm_pkey)
	305	+{
	306	+ return -ENOTSUPP;
	307	+}
	308	+#endif /* ! IS_REACHABLE(CONFIG_CRYPTO_SM2) */
	309	+
	310	+/*
	311	+ * Verify a signature using a public key.
	312	+ */
	313	+int public_key_verify_signature(const struct public_key *pkey,
	314	+ const struct public_key_signature *sig)
	315	+{
	316	+ struct crypto_wait cwait;
	317	+ struct crypto_akcipher *tfm;
	318	+ struct akcipher_request *req;
	319	+ struct scatterlist src_sg;
	320	+ char alg_name[CRYPTO_MAX_ALG_NAME];
	321	+ char buf, ptr;
	322	+ size_t buf_len;
	323	+ int ret;
	324	+
	325	+ pr_devel("==>%s()\n", __func__);
	326	+
	327	+ BUG_ON(!pkey);
	328	+ BUG_ON(!sig);
	329	+ BUG_ON(!sig->s);
	330	+
	331	+ ret = software_key_determine_akcipher(sig->encoding,
	332	+ sig->hash_algo,
	333	+ pkey, alg_name);
	334	+ if (ret < 0)
	335	+ return ret;
	336	+
	337	+ tfm = crypto_alloc_akcipher(alg_name, 0, 0);
	338	+ if (IS_ERR(tfm))
	339	+ return PTR_ERR(tfm);
	340	+
	341	+ ret = -ENOMEM;
	342	+ req = akcipher_request_alloc(tfm, GFP_KERNEL);
	343	+ if (!req)
	344	+ goto error_free_tfm;
	345	+
	346	+ buf_len = max_t(size_t, pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
	347	+ sig->s_size + sig->digest_size);
	348	+
	349	+ buf = kmalloc(buf_len, GFP_KERNEL);
	350	+ if (!buf)
	351	+ goto error_free_req;
	352	+
	353	+ memcpy(buf, pkey->key, pkey->keylen);
	354	+ ptr = buf + pkey->keylen;
	355	+ ptr = pkey_pack_u32(ptr, pkey->algo);
	356	+ ptr = pkey_pack_u32(ptr, pkey->paramlen);
	357	+ memcpy(ptr, pkey->params, pkey->paramlen);
	358	+
	359	+ if (pkey->key_is_private)
	360	+ ret = crypto_akcipher_set_priv_key(tfm, buf, pkey->keylen);
	361	+ else
	362	+ ret = crypto_akcipher_set_pub_key(tfm, buf, pkey->keylen);
	363	+ if (ret)
	364	+ goto error_free_buf;
	365	+
	366	+ if (strcmp(pkey->pkey_algo, "sm2") == 0 && sig->data_size) {
	367	+ ret = cert_sig_digest_update(sig, tfm);
	368	+ if (ret)
	369	+ goto error_free_buf;
	370	+ }
	371	+
	372	+ memcpy(buf, sig->s, sig->s_size);
	373	+ memcpy(buf + sig->s_size, sig->digest, sig->digest_size);
	374	+
	375	+ sg_init_one(&src_sg, buf, sig->s_size + sig->digest_size);
	376	+ akcipher_request_set_crypt(req, &src_sg, NULL, sig->s_size,
	377	+ sig->digest_size);
	378	+ crypto_init_wait(&cwait);
	379	+ akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG \|
	380	+ CRYPTO_TFM_REQ_MAY_SLEEP,
	381	+ crypto_req_done, &cwait);
	382	+ ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
	383	+
	384	+error_free_buf:
	385	+ kfree(buf);
143	386	error_free_req:
144	387	akcipher_request_free(req);
145	388	error_free_tfm:
..	..	@@ -167,6 +410,8 @@
167	410	.name_len = sizeof("public_key") - 1,
168	411	.describe = public_key_describe,
169	412	.destroy = public_key_destroy,
	413	+ .query = software_key_query,
	414	+ .eds_op = software_key_eds_op,
170	415	.verify_signature = public_key_verify_signature_2,
171	416	};
172	417	EXPORT_SYMBOL_GPL(public_key_subtype);