[RFC PATCH 1/5] KEYS: Provide key type operations for kpp ops

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Provide three new operations in the key_type struct that can be used to
provide access to kpp operations. These will be implemented for the
asymmetric key type in a later patch and may refer to a key retained in
RAM by the kernel or a key retained in crypto hardware.

    int (*asym_kpp_query)(const struct kernel_kpp_params *params,
                          struct kernel_kpp_query *res);
    int (*asym_kpp_gen_pubkey)(struct kernel_kpp_params *params,
			       void *out);
    int (*asym_kpp_compute_ss)(struct kernel_kpp_params *params,
                               const void *in, void *out);

Signed-off-by: Tudor Ambarus <tudor.ambarus@xxxxxxxxxxxxx>
---
 Documentation/security/keys/core.rst | 54 ++++++++++++++++++++++++++++++++++++
 include/linux/key-type.h             |  7 +++++
 include/linux/keyctl.h               | 11 ++++++++
 include/uapi/linux/keyctl.h          |  3 ++
 4 files changed, 75 insertions(+)

diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst
index d224fd0..9b69a1f 100644
--- a/Documentation/security/keys/core.rst
+++ b/Documentation/security/keys/core.rst
@@ -1688,6 +1688,60 @@ The structure has a number of fields, some of which are mandatory:
      If successful, 0 will be returned.  If the key doesn't support this,
      EOPNOTSUPP will be returned.
 
+  *  ``int (*asym_kpp_gen_pubkey)(struct kernel_kpp_params *params, void *out);``
+  *  ``int (*asym_kpp_compute_ss)(struct kernel_kpp_params *params, const void *in, void *out);``
+
+     These methods are optional. If provided the first allows to generate the
+     public key pair corresponding to the private key. The second method allows
+     to generate a shared secret by  combining the private key and the other
+     party's public key.
+
+     In all cases, the following information is provided in the params block::
+
+       struct kernel_kpp_query {
+               struct key      *key;
+               __u32           in_len;         /* Input data size */
+               __u32           out_len;        /* Output buffer size */
+       }
+
+     This includes the key to be used and the sizes in bytes of the input and
+     output buffers.
+
+     For a given operation, the in and out buffers are used as follows::
+
+       Operation ID            in,in_len            out,out_len
+       ======================= ===================  ========================
+       KEYCTL_KPP_GEN_PUBKEY   -                    Corresponding public key
+       KEYCTL_KPP_COMPUTE_SS   Pair's public key    Shared Secret
+
+     If successful, the public key generation and the shared secret computation
+     will return the amount of data written into the output buffer.
+
+  *  ``int (*asym_kpp_query)(const struct kernel_kpp_params *params, struct kernel_kpp_query *res);``
+
+     This method is optional. If provided it allows information about the
+     asymmetric KPP (Key Protocol Primitives) key held in the key to be
+     determined.
+
+     The ``params`` block will contain the key to be queried. ``in_len`` and
+     ``out_len`` are unused.
+
+     If successful, the following information is filled in::
+
+       struct kernel_kpp_query {
+               __u32           supported_ops;  /* Which ops are supported */
+               __u32           max_size;       /* Maximum size of the output buffer */
+       };
+
+     The supported_ops field will contain a bitmask indicating what operations
+     are supported by the key, including public key generation and shared
+     secret computation. The following constants are defined for this::
+
+       KEYCTL_SUPPORTS_{GEN_PUBKEY, COMPUTE_SS};
+
+     If successful, 0 is returned.  If the key is not an asymmetric kpp key,
+     EOPNOTSUPP is returned.
+
 
 Request-Key Callback Service
 ============================
diff --git a/include/linux/key-type.h b/include/linux/key-type.h
index bc9af55..d354b6b 100644
--- a/include/linux/key-type.h
+++ b/include/linux/key-type.h
@@ -19,6 +19,8 @@
 
 struct kernel_pkey_query;
 struct kernel_pkey_params;
+struct kernel_kpp_query;
+struct kernel_kpp_params;
 
 /*
  * key under-construction record
@@ -165,6 +167,11 @@ struct key_type {
 			   const void *in, void *out);
 	int (*asym_verify_signature)(struct kernel_pkey_params *params,
 				     const void *in, const void *in2);
+	int (*asym_kpp_query)(const struct kernel_kpp_params *params,
+			      struct kernel_kpp_query *res);
+	int (*asym_kpp_gen_pubkey)(struct kernel_kpp_params *params, void *out);
+	int (*asym_kpp_compute_ss)(struct kernel_kpp_params *params,
+				   const void *in, void *out);
 
 	/* internal fields */
 	struct list_head	link;		/* link in types list */
diff --git a/include/linux/keyctl.h b/include/linux/keyctl.h
index e89b4a4..8f464ea 100644
--- a/include/linux/keyctl.h
+++ b/include/linux/keyctl.h
@@ -43,4 +43,15 @@ struct kernel_pkey_params {
 	enum kernel_pkey_operation op : 8;
 };
 
+struct kernel_kpp_query {
+	__u32		supported_ops;	/* Which ops are supported */
+	__u32           max_size;	/* Maximum size of the output buffer */
+};
+
+struct kernel_kpp_params {
+	struct key	*key;
+	__u32		in_len;         /* Input data size */
+	__u32		out_len;	/* Output buffer size */
+};
+
 #endif /* __LINUX_KEYCTL_H */
diff --git a/include/uapi/linux/keyctl.h b/include/uapi/linux/keyctl.h
index d75d208..98b79f8 100644
--- a/include/uapi/linux/keyctl.h
+++ b/include/uapi/linux/keyctl.h
@@ -107,4 +107,7 @@ struct keyctl_pkey_params {
 	__u32		__spare[7];
 };
 
+#define KEYCTL_SUPPORTS_GEN_PUBKEY	0x0f
+#define KEYCTL_SUPPORTS_COMPUTE_SS	0x10
+
 #endif /*  _LINUX_KEYCTL_H */
-- 
2.9.4




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux