mirror of
https://github.com/torvalds/linux.git
synced 2026-03-08 00:44:31 +01:00
f3eccecd78
Allow the data to be verified in a PKCS#7 or CMS message to be passed
directly to an asymmetric cipher algorithm (e.g. ML-DSA) if it wants to do
whatever passes for hashing/digestion itself. The normal digestion of the
data is then skipped as that would be ignored unless another signed info in
the message has some other algorithm that needs it.
The 'data to be verified' may be the content of the PKCS#7 message or it
will be the authenticatedAttributes (signedAttrs if CMS), modified, if
those are present.
This is done by:
(1) Make ->m and ->m_size point to the data to be verified rather than
making public_key_verify_signature() access the data directly. This
is so that keyctl(KEYCTL_PKEY_VERIFY) will still work.
(2) Add a flag, ->algo_takes_data, to indicate that the verification
algorithm wants to access the data to be verified directly rather than
having it digested first.
(3) If the PKCS#7 message has authenticatedAttributes (or CMS
signedAttrs), then the digest contained therein will be validated as
now, and the modified attrs blob will either be digested or assigned
to ->m as appropriate.
(4) If present, always copy and modify the authenticatedAttributes (or
signedAttrs) then digest that in one go rather than calling the shash
update twice (once for the tag and once for the rest).
(5) For ML-DSA, point ->m to the TBSCertificate instead of digesting it
and using the digest.
Note that whilst ML-DSA does allow for an "external mu", CMS doesn't yet
have that standardised.
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Lukas Wunner <lukas@wunner.de>
cc: Ignat Korchagin <ignat@cloudflare.com>
cc: Stephan Mueller <smueller@chronox.de>
cc: Eric Biggers <ebiggers@kernel.org>
cc: Herbert Xu <herbert@gondor.apana.org.au>
cc: keyrings@vger.kernel.org
cc: linux-crypto@vger.kernel.org
124 lines
3.5 KiB
C
124 lines
3.5 KiB
C
/* SPDX-License-Identifier: GPL-2.0-or-later */
|
|
/* Asymmetric public-key algorithm definitions
|
|
*
|
|
* See Documentation/crypto/asymmetric-keys.rst
|
|
*
|
|
* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
*/
|
|
|
|
#ifndef _LINUX_PUBLIC_KEY_H
|
|
#define _LINUX_PUBLIC_KEY_H
|
|
|
|
#include <linux/errno.h>
|
|
#include <linux/keyctl.h>
|
|
#include <linux/oid_registry.h>
|
|
|
|
/*
|
|
* Cryptographic data for the public-key subtype of the asymmetric key type.
|
|
*
|
|
* Note that this may include private part of the key as well as the public
|
|
* part.
|
|
*/
|
|
struct public_key {
|
|
void *key;
|
|
u32 keylen;
|
|
enum OID algo;
|
|
void *params;
|
|
u32 paramlen;
|
|
bool key_is_private;
|
|
const char *id_type;
|
|
const char *pkey_algo;
|
|
unsigned long key_eflags; /* key extension flags */
|
|
#define KEY_EFLAG_CA 0 /* set if the CA basic constraints is set */
|
|
#define KEY_EFLAG_DIGITALSIG 1 /* set if the digitalSignature usage is set */
|
|
#define KEY_EFLAG_KEYCERTSIGN 2 /* set if the keyCertSign usage is set */
|
|
};
|
|
|
|
extern void public_key_free(struct public_key *key);
|
|
|
|
/*
|
|
* Public key cryptography signature data
|
|
*/
|
|
struct public_key_signature {
|
|
struct asymmetric_key_id *auth_ids[3];
|
|
u8 *s; /* Signature */
|
|
u8 *m; /* Message data to pass to verifier */
|
|
u32 s_size; /* Number of bytes in signature */
|
|
u32 m_size; /* Number of bytes in ->m */
|
|
bool m_free; /* T if ->m needs freeing */
|
|
bool algo_takes_data; /* T if public key algo operates on data, not a hash */
|
|
const char *pkey_algo;
|
|
const char *hash_algo;
|
|
const char *encoding;
|
|
};
|
|
|
|
extern void public_key_signature_free(struct public_key_signature *sig);
|
|
|
|
extern struct asymmetric_key_subtype public_key_subtype;
|
|
|
|
struct key;
|
|
struct key_type;
|
|
union key_payload;
|
|
|
|
extern int restrict_link_by_signature(struct key *dest_keyring,
|
|
const struct key_type *type,
|
|
const union key_payload *payload,
|
|
struct key *trust_keyring);
|
|
|
|
extern int restrict_link_by_key_or_keyring(struct key *dest_keyring,
|
|
const struct key_type *type,
|
|
const union key_payload *payload,
|
|
struct key *trusted);
|
|
|
|
extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring,
|
|
const struct key_type *type,
|
|
const union key_payload *payload,
|
|
struct key *trusted);
|
|
|
|
#if IS_REACHABLE(CONFIG_ASYMMETRIC_KEY_TYPE)
|
|
extern int restrict_link_by_ca(struct key *dest_keyring,
|
|
const struct key_type *type,
|
|
const union key_payload *payload,
|
|
struct key *trust_keyring);
|
|
int restrict_link_by_digsig(struct key *dest_keyring,
|
|
const struct key_type *type,
|
|
const union key_payload *payload,
|
|
struct key *trust_keyring);
|
|
#else
|
|
static inline int restrict_link_by_ca(struct key *dest_keyring,
|
|
const struct key_type *type,
|
|
const union key_payload *payload,
|
|
struct key *trust_keyring)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static inline int restrict_link_by_digsig(struct key *dest_keyring,
|
|
const struct key_type *type,
|
|
const union key_payload *payload,
|
|
struct key *trust_keyring)
|
|
{
|
|
return 0;
|
|
}
|
|
#endif
|
|
|
|
extern int query_asymmetric_key(const struct kernel_pkey_params *,
|
|
struct kernel_pkey_query *);
|
|
|
|
extern int verify_signature(const struct key *,
|
|
const struct public_key_signature *);
|
|
|
|
#if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
|
|
int public_key_verify_signature(const struct public_key *pkey,
|
|
const struct public_key_signature *sig);
|
|
#else
|
|
static inline
|
|
int public_key_verify_signature(const struct public_key *pkey,
|
|
const struct public_key_signature *sig)
|
|
{
|
|
return -EINVAL;
|
|
}
|
|
#endif
|
|
|
|
#endif /* _LINUX_PUBLIC_KEY_H */
|