00d60fd3b9
Provide five keyctl functions that permit userspace to make use of the new key type ops for accessing and driving asymmetric keys. (*) Query an asymmetric key. long keyctl(KEYCTL_PKEY_QUERY, key_serial_t key, unsigned long reserved, struct keyctl_pkey_query *info); Get information about an asymmetric key. The information is returned in the keyctl_pkey_query struct: __u32 supported_ops; A bit mask of flags indicating which ops are supported. This is constructed from a bitwise-OR of: KEYCTL_SUPPORTS_{ENCRYPT,DECRYPT,SIGN,VERIFY} __u32 key_size; The size in bits of the key. __u16 max_data_size; __u16 max_sig_size; __u16 max_enc_size; __u16 max_dec_size; The maximum sizes in bytes of a blob of data to be signed, a signature blob, a blob to be encrypted and a blob to be decrypted. reserved must be set to 0. This is intended for future use to hand over one or more passphrases needed unlock a key. If successful, 0 is returned. If the key is not an asymmetric key, EOPNOTSUPP is returned. (*) Encrypt, decrypt, sign or verify a blob using an asymmetric key. long keyctl(KEYCTL_PKEY_ENCRYPT, const struct keyctl_pkey_params *params, const char *info, const void *in, void *out); long keyctl(KEYCTL_PKEY_DECRYPT, const struct keyctl_pkey_params *params, const char *info, const void *in, void *out); long keyctl(KEYCTL_PKEY_SIGN, const struct keyctl_pkey_params *params, const char *info, const void *in, void *out); long keyctl(KEYCTL_PKEY_VERIFY, const struct keyctl_pkey_params *params, const char *info, const void *in, const void *in2); Use an asymmetric key to perform a public-key cryptographic operation a blob of data. The parameter block pointed to by params contains a number of integer values: __s32 key_id; __u32 in_len; __u32 out_len; __u32 in2_len; For a given operation, the in and out buffers are used as follows: Operation ID in,in_len out,out_len in2,in2_len ======================= =============== =============== =========== KEYCTL_PKEY_ENCRYPT Raw data Encrypted data - KEYCTL_PKEY_DECRYPT Encrypted data Raw data - KEYCTL_PKEY_SIGN Raw data Signature - KEYCTL_PKEY_VERIFY Raw data - Signature info is a string of key=value pairs that supply supplementary information. The __spare space in the parameter block must be set to 0. This is intended, amongst other things, to allow the passing of passphrases required to unlock a key. If successful, encrypt, decrypt and sign all return the amount of data written into the output buffer. Verification returns 0 on success. Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Marcel Holtmann <marcel@holtmann.org> Reviewed-by: Marcel Holtmann <marcel@holtmann.org> Reviewed-by: Denis Kenzior <denkenz@gmail.com> Tested-by: Denis Kenzior <denkenz@gmail.com> Signed-off-by: James Morris <james.morris@microsoft.com>
33 lines
678 B
Makefile
33 lines
678 B
Makefile
# SPDX-License-Identifier: GPL-2.0
|
|
#
|
|
# Makefile for key management
|
|
#
|
|
|
|
#
|
|
# Core
|
|
#
|
|
obj-y := \
|
|
gc.o \
|
|
key.o \
|
|
keyring.o \
|
|
keyctl.o \
|
|
permission.o \
|
|
process_keys.o \
|
|
request_key.o \
|
|
request_key_auth.o \
|
|
user_defined.o
|
|
compat-obj-$(CONFIG_KEY_DH_OPERATIONS) += compat_dh.o
|
|
obj-$(CONFIG_KEYS_COMPAT) += compat.o $(compat-obj-y)
|
|
obj-$(CONFIG_PROC_FS) += proc.o
|
|
obj-$(CONFIG_SYSCTL) += sysctl.o
|
|
obj-$(CONFIG_PERSISTENT_KEYRINGS) += persistent.o
|
|
obj-$(CONFIG_KEY_DH_OPERATIONS) += dh.o
|
|
obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += keyctl_pkey.o
|
|
|
|
#
|
|
# Key types
|
|
#
|
|
obj-$(CONFIG_BIG_KEYS) += big_key.o
|
|
obj-$(CONFIG_TRUSTED_KEYS) += trusted.o
|
|
obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys/
|