Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
torvalds
GitHub Repository: torvalds/linux
 Path: blob/master/security/keys/keyctl_pkey.c
26378 views
1
// SPDX-License-Identifier: GPL-2.0-or-later

2
/* Public-key operation keyctls

3
 *

4
 * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.

5
 * Written by David Howells ([email protected])

6
 */

7


8
#include <linux/slab.h>

9
#include <linux/err.h>

10
#include <linux/key.h>

11
#include <linux/keyctl.h>

12
#include <linux/parser.h>

13
#include <linux/uaccess.h>

14
#include <keys/user-type.h>

15
#include "internal.h"

16


17
static void keyctl_pkey_params_free(struct kernel_pkey_params *params)

18
{

19
	kfree(params->info);

20
	key_put(params->key);

21
}

22


23
enum {

24
	Opt_err,

25
	Opt_enc,		/* "enc=<encoding>" eg. "enc=oaep" */

26
	Opt_hash,		/* "hash=<digest-name>" eg. "hash=sha1" */

27
};

28


29
static const match_table_t param_keys = {

30
	{ Opt_enc,	"enc=%s" },

31
	{ Opt_hash,	"hash=%s" },

32
	{ Opt_err,	NULL }

33
};

34


35
/*

36
 * Parse the information string which consists of key=val pairs.

37
 */

38
static int keyctl_pkey_params_parse(struct kernel_pkey_params *params)

39
{

40
	unsigned long token_mask = 0;

41
	substring_t args[MAX_OPT_ARGS];

42
	char *c = params->info, *p, *q;

43
	int token;

44


45
	while ((p = strsep(&c, " \t"))) {

46
		if (*p == '\0' || *p == ' ' || *p == '\t')

47
			continue;

48
		token = match_token(p, param_keys, args);

49
		if (token == Opt_err)

50
			return -EINVAL;

51
		if (__test_and_set_bit(token, &token_mask))

52
			return -EINVAL;

53
		q = args[0].from;

54
		if (!q[0])

55
			return -EINVAL;

56


57
		switch (token) {

58
		case Opt_enc:

59
			params->encoding = q;

60
			break;

61


62
		case Opt_hash:

63
			params->hash_algo = q;

64
			break;

65


66
		default:

67
			return -EINVAL;

68
		}

69
	}

70


71
	return 0;

72
}

73


74
/*

75
 * Interpret parameters.  Callers must always call the free function

76
 * on params, even if an error is returned.

77
 */

78
static int keyctl_pkey_params_get(key_serial_t id,

79
				  const char __user *_info,

80
				  struct kernel_pkey_params *params)

81
{

82
	key_ref_t key_ref;

83
	void *p;

84
	int ret;

85


86
	memset(params, 0, sizeof(*params));

87
	params->encoding = "raw";

88


89
	p = strndup_user(_info, PAGE_SIZE);

90
	if (IS_ERR(p))

91
		return PTR_ERR(p);

92
	params->info = p;

93


94
	ret = keyctl_pkey_params_parse(params);

95
	if (ret < 0)

96
		return ret;

97


98
	key_ref = lookup_user_key(id, 0, KEY_NEED_SEARCH);

99
	if (IS_ERR(key_ref))

100
		return PTR_ERR(key_ref);

101
	params->key = key_ref_to_ptr(key_ref);

102


103
	if (!params->key->type->asym_query)

104
		return -EOPNOTSUPP;

105


106
	return 0;

107
}

108


109
/*

110
 * Get parameters from userspace.  Callers must always call the free function

111
 * on params, even if an error is returned.

112
 */

113
static int keyctl_pkey_params_get_2(const struct keyctl_pkey_params __user *_params,

114
				    const char __user *_info,

115
				    int op,

116
				    struct kernel_pkey_params *params)

117
{

118
	struct keyctl_pkey_params uparams;

119
	struct kernel_pkey_query info;

120
	int ret;

121


122
	memset(params, 0, sizeof(*params));

123
	params->encoding = "raw";

124


125
	if (copy_from_user(&uparams, _params, sizeof(uparams)) != 0)

126
		return -EFAULT;

127


128
	ret = keyctl_pkey_params_get(uparams.key_id, _info, params);

129
	if (ret < 0)

130
		return ret;

131


132
	ret = params->key->type->asym_query(params, &info);

133
	if (ret < 0)

134
		return ret;

135


136
	switch (op) {

137
	case KEYCTL_PKEY_ENCRYPT:

138
		if (uparams.in_len  > info.max_dec_size ||

139
		    uparams.out_len > info.max_enc_size)

140
			return -EINVAL;

141
		break;

142
	case KEYCTL_PKEY_DECRYPT:

143
		if (uparams.in_len  > info.max_enc_size ||

144
		    uparams.out_len > info.max_dec_size)

145
			return -EINVAL;

146
		break;

147
	case KEYCTL_PKEY_SIGN:

148
		if (uparams.in_len  > info.max_data_size ||

149
		    uparams.out_len > info.max_sig_size)

150
			return -EINVAL;

151
		break;

152
	case KEYCTL_PKEY_VERIFY:

153
		if (uparams.in_len  > info.max_data_size ||

154
		    uparams.in2_len > info.max_sig_size)

155
			return -EINVAL;

156
		break;

157
	default:

158
		BUG();

159
	}

160


161
	params->in_len  = uparams.in_len;

162
	params->out_len = uparams.out_len; /* Note: same as in2_len */

163
	return 0;

164
}

165


166
/*

167
 * Query information about an asymmetric key.

168
 */

169
long keyctl_pkey_query(key_serial_t id,

170
		       const char __user *_info,

171
		       struct keyctl_pkey_query __user *_res)

172
{

173
	struct kernel_pkey_params params;

174
	struct kernel_pkey_query res;

175
	long ret;

176


177
	ret = keyctl_pkey_params_get(id, _info, &params);

178
	if (ret < 0)

179
		goto error;

180


181
	ret = params.key->type->asym_query(&params, &res);

182
	if (ret < 0)

183
		goto error;

184


185
	ret = -EFAULT;

186
	if (copy_to_user(_res, &res, sizeof(res)) == 0 &&

187
	    clear_user(_res->__spare, sizeof(_res->__spare)) == 0)

188
		ret = 0;

189


190
error:

191
	keyctl_pkey_params_free(&params);

192
	return ret;

193
}

194


195
/*

196
 * Encrypt/decrypt/sign

197
 *

198
 * Encrypt data, decrypt data or sign data using a public key.

199
 *

200
 * _info is a string of supplementary information in key=val format.  For

201
 * instance, it might contain:

202
 *

203
 *	"enc=pkcs1 hash=sha256"

204
 *

205
 * where enc= specifies the encoding and hash= selects the OID to go in that

206
 * particular encoding if required.  If enc= isn't supplied, it's assumed that

207
 * the caller is supplying raw values.

208
 *

209
 * If successful, the amount of data written into the output buffer is

210
 * returned.

211
 */

212
long keyctl_pkey_e_d_s(int op,

213
		       const struct keyctl_pkey_params __user *_params,

214
		       const char __user *_info,

215
		       const void __user *_in,

216
		       void __user *_out)

217
{

218
	struct kernel_pkey_params params;

219
	void *in, *out;

220
	long ret;

221


222
	ret = keyctl_pkey_params_get_2(_params, _info, op, &params);

223
	if (ret < 0)

224
		goto error_params;

225


226
	ret = -EOPNOTSUPP;

227
	if (!params.key->type->asym_eds_op)

228
		goto error_params;

229


230
	switch (op) {

231
	case KEYCTL_PKEY_ENCRYPT:

232
		params.op = kernel_pkey_encrypt;

233
		break;

234
	case KEYCTL_PKEY_DECRYPT:

235
		params.op = kernel_pkey_decrypt;

236
		break;

237
	case KEYCTL_PKEY_SIGN:

238
		params.op = kernel_pkey_sign;

239
		break;

240
	default:

241
		BUG();

242
	}

243


244
	in = memdup_user(_in, params.in_len);

245
	if (IS_ERR(in)) {

246
		ret = PTR_ERR(in);

247
		goto error_params;

248
	}

249


250
	ret = -ENOMEM;

251
	out = kmalloc(params.out_len, GFP_KERNEL);

252
	if (!out)

253
		goto error_in;

254


255
	ret = params.key->type->asym_eds_op(&params, in, out);

256
	if (ret < 0)

257
		goto error_out;

258


259
	if (copy_to_user(_out, out, ret) != 0)

260
		ret = -EFAULT;

261


262
error_out:

263
	kfree(out);

264
error_in:

265
	kfree(in);

266
error_params:

267
	keyctl_pkey_params_free(&params);

268
	return ret;

269
}

270


271
/*

272
 * Verify a signature.

273
 *

274
 * Verify a public key signature using the given key, or if not given, search

275
 * for a matching key.

276
 *

277
 * _info is a string of supplementary information in key=val format.  For

278
 * instance, it might contain:

279
 *

280
 *	"enc=pkcs1 hash=sha256"

281
 *

282
 * where enc= specifies the signature blob encoding and hash= selects the OID

283
 * to go in that particular encoding.  If enc= isn't supplied, it's assumed

284
 * that the caller is supplying raw values.

285
 *

286
 * If successful, 0 is returned.

287
 */

288
long keyctl_pkey_verify(const struct keyctl_pkey_params __user *_params,

289
			const char __user *_info,

290
			const void __user *_in,

291
			const void __user *_in2)

292
{

293
	struct kernel_pkey_params params;

294
	void *in, *in2;

295
	long ret;

296


297
	ret = keyctl_pkey_params_get_2(_params, _info, KEYCTL_PKEY_VERIFY,

298
				       &params);

299
	if (ret < 0)

300
		goto error_params;

301


302
	ret = -EOPNOTSUPP;

303
	if (!params.key->type->asym_verify_signature)

304
		goto error_params;

305


306
	in = memdup_user(_in, params.in_len);

307
	if (IS_ERR(in)) {

308
		ret = PTR_ERR(in);

309
		goto error_params;

310
	}

311


312
	in2 = memdup_user(_in2, params.in2_len);

313
	if (IS_ERR(in2)) {

314
		ret = PTR_ERR(in2);

315
		goto error_in;

316
	}

317


318
	params.op = kernel_pkey_verify;

319
	ret = params.key->type->asym_verify_signature(&params, in, in2);

320


321
	kfree(in2);

322
error_in:

323
	kfree(in);

324
error_params:

325
	keyctl_pkey_params_free(&params);

326
	return ret;

327
}

328


329