1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /*
3  * Public Key Signature Algorithm
4  *
5  * Copyright (c) 2023 Herbert Xu <herbert@gondor.apana.org.au>
6  */
7 #ifndef _CRYPTO_SIG_H
8 #define _CRYPTO_SIG_H
9 
10 #include <linux/crypto.h>
11 
12 /**
13  * struct crypto_sig - user-instantiated objects which encapsulate
14  * algorithms and core processing logic
15  *
16  * @base:	Common crypto API algorithm data structure
17  */
18 struct crypto_sig {
19 	struct crypto_tfm base;
20 };
21 
22 /**
23  * struct sig_alg - generic public key signature algorithm
24  *
25  * @sign:	Function performs a sign operation as defined by public key
26  *		algorithm. On success, the signature size is returned.
27  *		Optional.
28  * @verify:	Function performs a complete verify operation as defined by
29  *		public key algorithm, returning verification status. Optional.
30  * @set_pub_key: Function invokes the algorithm specific set public key
31  *		function, which knows how to decode and interpret
32  *		the BER encoded public key and parameters. Mandatory.
33  * @set_priv_key: Function invokes the algorithm specific set private key
34  *		function, which knows how to decode and interpret
35  *		the BER encoded private key and parameters. Optional.
36  * @key_size:	Function returns key size. Mandatory.
37  * @digest_size: Function returns maximum digest size. Optional.
38  * @max_size:	Function returns maximum signature size. Optional.
39  * @init:	Initialize the cryptographic transformation object.
40  *		This function is used to initialize the cryptographic
41  *		transformation object. This function is called only once at
42  *		the instantiation time, right after the transformation context
43  *		was allocated. In case the cryptographic hardware has some
44  *		special requirements which need to be handled by software, this
45  *		function shall check for the precise requirement of the
46  *		transformation and put any software fallbacks in place.
47  * @exit:	Deinitialize the cryptographic transformation object. This is a
48  *		counterpart to @init, used to remove various changes set in
49  *		@init.
50  *
51  * @base:	Common crypto API algorithm data structure
52  */
53 struct sig_alg {
54 	int (*sign)(struct crypto_sig *tfm,
55 		    const void *src, unsigned int slen,
56 		    void *dst, unsigned int dlen);
57 	int (*verify)(struct crypto_sig *tfm,
58 		      const void *src, unsigned int slen,
59 		      const void *digest, unsigned int dlen);
60 	int (*set_pub_key)(struct crypto_sig *tfm,
61 			   const void *key, unsigned int keylen);
62 	int (*set_priv_key)(struct crypto_sig *tfm,
63 			    const void *key, unsigned int keylen);
64 	unsigned int (*key_size)(struct crypto_sig *tfm);
65 	unsigned int (*digest_size)(struct crypto_sig *tfm);
66 	unsigned int (*max_size)(struct crypto_sig *tfm);
67 	int (*init)(struct crypto_sig *tfm);
68 	void (*exit)(struct crypto_sig *tfm);
69 
70 	struct crypto_alg base;
71 };
72 
73 /**
74  * DOC: Generic Public Key Signature API
75  *
76  * The Public Key Signature API is used with the algorithms of type
77  * CRYPTO_ALG_TYPE_SIG (listed as type "sig" in /proc/crypto)
78  */
79 
80 /**
81  * crypto_alloc_sig() - allocate signature tfm handle
82  * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
83  *	      signing algorithm e.g. "ecdsa"
84  * @type: specifies the type of the algorithm
85  * @mask: specifies the mask for the algorithm
86  *
87  * Allocate a handle for public key signature algorithm. The returned struct
88  * crypto_sig is the handle that is required for any subsequent
89  * API invocation for signature operations.
90  *
91  * Return: allocated handle in case of success; IS_ERR() is true in case
92  *	   of an error, PTR_ERR() returns the error code.
93  */
94 struct crypto_sig *crypto_alloc_sig(const char *alg_name, u32 type, u32 mask);
95 
96 static inline struct crypto_tfm *crypto_sig_tfm(struct crypto_sig *tfm)
97 {
98 	return &tfm->base;
99 }
100 
101 static inline struct crypto_sig *__crypto_sig_tfm(struct crypto_tfm *tfm)
102 {
103 	return container_of(tfm, struct crypto_sig, base);
104 }
105 
106 static inline struct sig_alg *__crypto_sig_alg(struct crypto_alg *alg)
107 {
108 	return container_of(alg, struct sig_alg, base);
109 }
110 
111 static inline struct sig_alg *crypto_sig_alg(struct crypto_sig *tfm)
112 {
113 	return __crypto_sig_alg(crypto_sig_tfm(tfm)->__crt_alg);
114 }
115 
116 /**
117  * crypto_free_sig() - free signature tfm handle
118  *
119  * @tfm: signature tfm handle allocated with crypto_alloc_sig()
120  *
121  * If @tfm is a NULL or error pointer, this function does nothing.
122  */
123 static inline void crypto_free_sig(struct crypto_sig *tfm)
124 {
125 	crypto_destroy_tfm(tfm, crypto_sig_tfm(tfm));
126 }
127 
128 /**
129  * crypto_sig_keysize() - Get key size
130  *
131  * Function returns the key size in bits.
132  * Function assumes that the key is already set in the transformation. If this
133  * function is called without a setkey or with a failed setkey, you may end up
134  * in a NULL dereference.
135  *
136  * @tfm:	signature tfm handle allocated with crypto_alloc_sig()
137  */
138 static inline unsigned int crypto_sig_keysize(struct crypto_sig *tfm)
139 {
140 	struct sig_alg *alg = crypto_sig_alg(tfm);
141 
142 	return alg->key_size(tfm);
143 }
144 
145 /**
146  * crypto_sig_digestsize() - Get maximum digest size
147  *
148  * Function returns the maximum digest size in bytes.
149  * Function assumes that the key is already set in the transformation. If this
150  * function is called without a setkey or with a failed setkey, you may end up
151  * in a NULL dereference.
152  *
153  * @tfm:	signature tfm handle allocated with crypto_alloc_sig()
154  */
155 static inline unsigned int crypto_sig_digestsize(struct crypto_sig *tfm)
156 {
157 	struct sig_alg *alg = crypto_sig_alg(tfm);
158 
159 	return alg->digest_size(tfm);
160 }
161 
162 /**
163  * crypto_sig_maxsize() - Get maximum signature size
164  *
165  * Function returns the maximum signature size in bytes.
166  * Function assumes that the key is already set in the transformation. If this
167  * function is called without a setkey or with a failed setkey, you may end up
168  * in a NULL dereference.
169  *
170  * @tfm:	signature tfm handle allocated with crypto_alloc_sig()
171  */
172 static inline unsigned int crypto_sig_maxsize(struct crypto_sig *tfm)
173 {
174 	struct sig_alg *alg = crypto_sig_alg(tfm);
175 
176 	return alg->max_size(tfm);
177 }
178 
179 /**
180  * crypto_sig_sign() - Invoke signing operation
181  *
182  * Function invokes the specific signing operation for a given algorithm
183  *
184  * @tfm:	signature tfm handle allocated with crypto_alloc_sig()
185  * @src:	source buffer
186  * @slen:	source length
187  * @dst:	destination obuffer
188  * @dlen:	destination length
189  *
190  * Return: signature size on success; error code in case of error
191  */
192 static inline int crypto_sig_sign(struct crypto_sig *tfm,
193 				  const void *src, unsigned int slen,
194 				  void *dst, unsigned int dlen)
195 {
196 	struct sig_alg *alg = crypto_sig_alg(tfm);
197 
198 	return alg->sign(tfm, src, slen, dst, dlen);
199 }
200 
201 /**
202  * crypto_sig_verify() - Invoke signature verification
203  *
204  * Function invokes the specific signature verification operation
205  * for a given algorithm.
206  *
207  * @tfm:	signature tfm handle allocated with crypto_alloc_sig()
208  * @src:	source buffer
209  * @slen:	source length
210  * @digest:	digest
211  * @dlen:	digest length
212  *
213  * Return: zero on verification success; error code in case of error.
214  */
215 static inline int crypto_sig_verify(struct crypto_sig *tfm,
216 				    const void *src, unsigned int slen,
217 				    const void *digest, unsigned int dlen)
218 {
219 	struct sig_alg *alg = crypto_sig_alg(tfm);
220 
221 	return alg->verify(tfm, src, slen, digest, dlen);
222 }
223 
224 /**
225  * crypto_sig_set_pubkey() - Invoke set public key operation
226  *
227  * Function invokes the algorithm specific set key function, which knows
228  * how to decode and interpret the encoded key and parameters
229  *
230  * @tfm:	tfm handle
231  * @key:	BER encoded public key, algo OID, paramlen, BER encoded
232  *		parameters
233  * @keylen:	length of the key (not including other data)
234  *
235  * Return: zero on success; error code in case of error
236  */
237 static inline int crypto_sig_set_pubkey(struct crypto_sig *tfm,
238 					const void *key, unsigned int keylen)
239 {
240 	struct sig_alg *alg = crypto_sig_alg(tfm);
241 
242 	return alg->set_pub_key(tfm, key, keylen);
243 }
244 
245 /**
246  * crypto_sig_set_privkey() - Invoke set private key operation
247  *
248  * Function invokes the algorithm specific set key function, which knows
249  * how to decode and interpret the encoded key and parameters
250  *
251  * @tfm:	tfm handle
252  * @key:	BER encoded private key, algo OID, paramlen, BER encoded
253  *		parameters
254  * @keylen:	length of the key (not including other data)
255  *
256  * Return: zero on success; error code in case of error
257  */
258 static inline int crypto_sig_set_privkey(struct crypto_sig *tfm,
259 					 const void *key, unsigned int keylen)
260 {
261 	struct sig_alg *alg = crypto_sig_alg(tfm);
262 
263 	return alg->set_priv_key(tfm, key, keylen);
264 }
265 #endif
266