Provide three new operations in the key_type struct that can be used to provide access to kpp operations. These will be implemented for the asymmetric key type in a later patch and may refer to a key retained in RAM by the kernel or a key retained in crypto hardware. int (*asym_kpp_query)(const struct kernel_kpp_params *params, struct kernel_kpp_query *res); int (*asym_kpp_gen_pubkey)(struct kernel_kpp_params *params, void *out); int (*asym_kpp_compute_ss)(struct kernel_kpp_params *params, const void *in, void *out); Signed-off-by: Tudor Ambarus <tudor.ambarus@xxxxxxxxxxxxx> --- Documentation/security/keys/core.rst | 54 ++++++++++++++++++++++++++++++++++++ include/linux/key-type.h | 7 +++++ include/linux/keyctl.h | 11 ++++++++ include/uapi/linux/keyctl.h | 3 ++ 4 files changed, 75 insertions(+) diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst index d224fd0..9b69a1f 100644 --- a/Documentation/security/keys/core.rst +++ b/Documentation/security/keys/core.rst @@ -1688,6 +1688,60 @@ The structure has a number of fields, some of which are mandatory: If successful, 0 will be returned. If the key doesn't support this, EOPNOTSUPP will be returned. + * ``int (*asym_kpp_gen_pubkey)(struct kernel_kpp_params *params, void *out);`` + * ``int (*asym_kpp_compute_ss)(struct kernel_kpp_params *params, const void *in, void *out);`` + + These methods are optional. If provided the first allows to generate the + public key pair corresponding to the private key. The second method allows + to generate a shared secret by combining the private key and the other + party's public key. + + In all cases, the following information is provided in the params block:: + + struct kernel_kpp_query { + struct key *key; + __u32 in_len; /* Input data size */ + __u32 out_len; /* Output buffer size */ + } + + This includes the key to be used and the sizes in bytes of the input and + output buffers. + + For a given operation, the in and out buffers are used as follows:: + + Operation ID in,in_len out,out_len + ======================= =================== ======================== + KEYCTL_KPP_GEN_PUBKEY - Corresponding public key + KEYCTL_KPP_COMPUTE_SS Pair's public key Shared Secret + + If successful, the public key generation and the shared secret computation + will return the amount of data written into the output buffer. + + * ``int (*asym_kpp_query)(const struct kernel_kpp_params *params, struct kernel_kpp_query *res);`` + + This method is optional. If provided it allows information about the + asymmetric KPP (Key Protocol Primitives) key held in the key to be + determined. + + The ``params`` block will contain the key to be queried. ``in_len`` and + ``out_len`` are unused. + + If successful, the following information is filled in:: + + struct kernel_kpp_query { + __u32 supported_ops; /* Which ops are supported */ + __u32 max_size; /* Maximum size of the output buffer */ + }; + + The supported_ops field will contain a bitmask indicating what operations + are supported by the key, including public key generation and shared + secret computation. The following constants are defined for this:: + + KEYCTL_SUPPORTS_{GEN_PUBKEY, COMPUTE_SS}; + + If successful, 0 is returned. If the key is not an asymmetric kpp key, + EOPNOTSUPP is returned. + Request-Key Callback Service ============================ diff --git a/include/linux/key-type.h b/include/linux/key-type.h index bc9af55..d354b6b 100644 --- a/include/linux/key-type.h +++ b/include/linux/key-type.h @@ -19,6 +19,8 @@ struct kernel_pkey_query; struct kernel_pkey_params; +struct kernel_kpp_query; +struct kernel_kpp_params; /* * key under-construction record @@ -165,6 +167,11 @@ struct key_type { const void *in, void *out); int (*asym_verify_signature)(struct kernel_pkey_params *params, const void *in, const void *in2); + int (*asym_kpp_query)(const struct kernel_kpp_params *params, + struct kernel_kpp_query *res); + int (*asym_kpp_gen_pubkey)(struct kernel_kpp_params *params, void *out); + int (*asym_kpp_compute_ss)(struct kernel_kpp_params *params, + const void *in, void *out); /* internal fields */ struct list_head link; /* link in types list */ diff --git a/include/linux/keyctl.h b/include/linux/keyctl.h index e89b4a4..8f464ea 100644 --- a/include/linux/keyctl.h +++ b/include/linux/keyctl.h @@ -43,4 +43,15 @@ struct kernel_pkey_params { enum kernel_pkey_operation op : 8; }; +struct kernel_kpp_query { + __u32 supported_ops; /* Which ops are supported */ + __u32 max_size; /* Maximum size of the output buffer */ +}; + +struct kernel_kpp_params { + struct key *key; + __u32 in_len; /* Input data size */ + __u32 out_len; /* Output buffer size */ +}; + #endif /* __LINUX_KEYCTL_H */ diff --git a/include/uapi/linux/keyctl.h b/include/uapi/linux/keyctl.h index d75d208..98b79f8 100644 --- a/include/uapi/linux/keyctl.h +++ b/include/uapi/linux/keyctl.h @@ -107,4 +107,7 @@ struct keyctl_pkey_params { __u32 __spare[7]; }; +#define KEYCTL_SUPPORTS_GEN_PUBKEY 0x0f +#define KEYCTL_SUPPORTS_COMPUTE_SS 0x10 + #endif /* _LINUX_KEYCTL_H */ -- 2.9.4