diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-11-01 23:23:59 +0100 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-11-01 23:23:59 +0100 |
commit | baa888d25ea64d0c59344d474284ca99cfdd449a (patch) | |
tree | 06b85d1c3b70a12ad5c8a49394d57c14d5a69993 /include/uapi | |
parent | Merge tag 'ovl-update-4.20' of git://git.kernel.org/pub/scm/linux/kernel/git/... (diff) | |
parent | KEYS: asym_tpm: Add support for the sign operation [ver #2] (diff) | |
download | linux-baa888d25ea64d0c59344d474284ca99cfdd449a.tar.xz linux-baa888d25ea64d0c59344d474284ca99cfdd449a.zip |
Merge branch 'next-keys2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull keys updates from James Morris:
"Provide five new operations in the key_type struct that can be used to
provide access to asymmetric key operations. These will be implemented
for the asymmetric key type in a later patch and may refer to a key
retained in RAM by the kernel or a key retained in crypto hardware.
int (*asym_query)(const struct kernel_pkey_params *params,
struct kernel_pkey_query *info);
int (*asym_eds_op)(struct kernel_pkey_params *params,
const void *in, void *out);
int (*asym_verify_signature)(struct kernel_pkey_params *params,
const void *in, const void *in2);
Since encrypt, decrypt and sign are identical in their interfaces,
they're rolled together in the asym_eds_op() operation and there's an
operation ID in the params argument to distinguish them.
Verify is different in that we supply the data and the signature
instead and get an error value (or 0) as the only result on the
expectation that this may well be how a hardware crypto device may
work"
* 'next-keys2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (22 commits)
KEYS: asym_tpm: Add support for the sign operation [ver #2]
KEYS: asym_tpm: Implement tpm_sign [ver #2]
KEYS: asym_tpm: Implement signature verification [ver #2]
KEYS: asym_tpm: Implement the decrypt operation [ver #2]
KEYS: asym_tpm: Implement tpm_unbind [ver #2]
KEYS: asym_tpm: Add loadkey2 and flushspecific [ver #2]
KEYS: Move trusted.h to include/keys [ver #2]
KEYS: trusted: Expose common functionality [ver #2]
KEYS: asym_tpm: Implement encryption operation [ver #2]
KEYS: asym_tpm: Implement pkey_query [ver #2]
KEYS: Add parser for TPM-based keys [ver #2]
KEYS: asym_tpm: extract key size & public key [ver #2]
KEYS: asym_tpm: add skeleton for asym_tpm [ver #2]
crypto: rsa-pkcs1pad: Allow hash to be optional [ver #2]
KEYS: Implement PKCS#8 RSA Private Key parser [ver #2]
KEYS: Implement encrypt, decrypt and sign for software asymmetric key [ver #2]
KEYS: Allow the public_key struct to hold a private key [ver #2]
KEYS: Provide software public key query function [ver #2]
KEYS: Make the X.509 and PKCS7 parsers supply the sig encoding type [ver #2]
KEYS: Provide missing asymmetric key subops for new key type ops [ver #2]
...
Diffstat (limited to 'include/uapi')
-rw-r--r-- | include/uapi/linux/keyctl.h | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/include/uapi/linux/keyctl.h b/include/uapi/linux/keyctl.h index 0f3cb13db8e9..f45ee0f69c0c 100644 --- a/include/uapi/linux/keyctl.h +++ b/include/uapi/linux/keyctl.h @@ -61,6 +61,11 @@ #define KEYCTL_INVALIDATE 21 /* invalidate a key */ #define KEYCTL_GET_PERSISTENT 22 /* get a user's persistent keyring */ #define KEYCTL_DH_COMPUTE 23 /* Compute Diffie-Hellman values */ +#define KEYCTL_PKEY_QUERY 24 /* Query public key parameters */ +#define KEYCTL_PKEY_ENCRYPT 25 /* Encrypt a blob using a public key */ +#define KEYCTL_PKEY_DECRYPT 26 /* Decrypt a blob using a public key */ +#define KEYCTL_PKEY_SIGN 27 /* Create a public key signature */ +#define KEYCTL_PKEY_VERIFY 28 /* Verify a public key signature */ #define KEYCTL_RESTRICT_KEYRING 29 /* Restrict keys allowed to link to a keyring */ /* keyctl structures */ @@ -82,4 +87,29 @@ struct keyctl_kdf_params { __u32 __spare[8]; }; +#define KEYCTL_SUPPORTS_ENCRYPT 0x01 +#define KEYCTL_SUPPORTS_DECRYPT 0x02 +#define KEYCTL_SUPPORTS_SIGN 0x04 +#define KEYCTL_SUPPORTS_VERIFY 0x08 + +struct keyctl_pkey_query { + __u32 supported_ops; /* Which ops are supported */ + __u32 key_size; /* Size of the key in bits */ + __u16 max_data_size; /* Maximum size of raw data to sign in bytes */ + __u16 max_sig_size; /* Maximum size of signature in bytes */ + __u16 max_enc_size; /* Maximum size of encrypted blob in bytes */ + __u16 max_dec_size; /* Maximum size of decrypted blob in bytes */ + __u32 __spare[10]; +}; + +struct keyctl_pkey_params { + __s32 key_id; /* Serial no. of public key to use */ + __u32 in_len; /* Input data size */ + union { + __u32 out_len; /* Output buffer size (encrypt/decrypt/sign) */ + __u32 in2_len; /* 2nd input data size (verify) */ + }; + __u32 __spare[7]; +}; + #endif /* _LINUX_KEYCTL_H */ |