On Thu, 23 Jun 2016, David Howells wrote:
diff --git a/include/uapi/linux/keyctl.h b/include/uapi/linux/keyctl.h index 8ac2c5fbc8fc..93ebd25b1427 100644 --- a/include/uapi/linux/keyctl.h +++ b/include/uapi/linux/keyctl.h @@ -60,6 +60,11 @@ #define KEYCTL_INVALIDATE 21 /* invalidate a key */ #define KEYCTL_GET_PERSISTENT 22 /* get a user's persistent keyring */ #define KEYCTL_DH_COMPUTE 23 /* Compute Diffie-Hellman values */ +#define KEYCTL_PKEY_QUERY 24 /* Query public key parameters */ +#define KEYCTL_PKEY_ENCRYPT 25 /* Encrypt a blob using a public key */ +#define KEYCTL_PKEY_DECRYPT 26 /* Decrypt a blob using a public key */ +#define KEYCTL_PKEY_SIGN 27 /* Create a public key signature */ +#define KEYCTL_PKEY_VERIFY 28 /* Verify a public key signature */ /* keyctl structures */ struct keyctl_dh_params { @@ -73,4 +78,24 @@ struct keyctl_dh_params { #define KEYCTL_SUPPORTS_SIGN 0x04 #define KEYCTL_SUPPORTS_VERIFY 0x08 +struct keyctl_pkey_query { + __u32 supported_ops; /* Which ops are supported */ + __u32 key_size; /* Size of the key in bits */ + __u16 max_data_size; /* Maximum size of raw data to sign in bytes */ + __u16 max_sig_size; /* Maximum size of signature in bytes */ + __u16 max_enc_size; /* Maximum size of encrypted blob in bytes */ + __u16 max_dec_size; /* Maximum size of decrypted blob in bytes */ + __u32 __spare[10]; +};
It would also be useful to return pkey_algo so userspace can see which algorithm is in use for the given public key. The public key algorithm is printed in /proc/keys, but is not returned by KEYCTL_PKEY_QUERY or KEYCTL_DESCRIBE.
Does it make sense to add the information from key->type->describe() to KEYCTL_PKEY_QUERY or KEYCTL_DESCRIBE? Or add something new like KEYCTL_DESCRIBE_TYPE?
-- Mat Martineau Intel OTC -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html