• David Howells's avatar
    KEYS: Provide keyctls to drive the new key type ops for asymmetric keys [ver #2] · 00d60fd3
    David Howells authored
    Provide five keyctl functions that permit userspace to make use of the new
    key type ops for accessing and driving asymmetric keys.
    
     (*) Query an asymmetric key.
    
    	long keyctl(KEYCTL_PKEY_QUERY,
    		    key_serial_t key, unsigned long reserved,
    		    struct keyctl_pkey_query *info);
    
         Get information about an asymmetric key.  The information is returned
         in the keyctl_pkey_query struct:
    
    	__u32	supported_ops;
    
         A bit mask of flags indicating which ops are supported.  This is
         constructed from a bitwise-OR of:
    
    	KEYCTL_SUPPORTS_{ENCRYPT,DECRYPT,SIGN,VERIFY}
    
    	__u32	key_size;
    
         The size in bits of the key.
    
    	__u16	max_data_size;
    	__u16	max_sig_size;
    	__u16	max_enc_size;
    	__u16	max_dec_size;
    
         The maximum sizes in bytes of a blob of data to be signed, a signature
         blob, a blob to be encrypted and a blob to be decrypted.
    
         reserved must be set to 0.  This is intended for future use to hand
         over one or more passphrases needed unlock a key.
    
         If successful, 0 is returned.  If the key is not an asymmetric key,
         EOPNOTSUPP is returned.
    
     (*) Encrypt, decrypt, sign or verify a blob using an asymmetric key.
    
    	long keyctl(KEYCTL_PKEY_ENCRYPT,
    		    const struct keyctl_pkey_params *params,
    		    const char *info,
    		    const void *in,
    		    void *out);
    
    	long keyctl(KEYCTL_PKEY_DECRYPT,
    		    const struct keyctl_pkey_params *params,
    		    const char *info,
    		    const void *in,
    		    void *out);
    
    	long keyctl(KEYCTL_PKEY_SIGN,
    		    const struct keyctl_pkey_params *params,
    		    const char *info,
    		    const void *in,
    		    void *out);
    
    	long keyctl(KEYCTL_PKEY_VERIFY,
    		    const struct keyctl_pkey_params *params,
    		    const char *info,
    		    const void *in,
    		    const void *in2);
    
         Use an asymmetric key to perform a public-key cryptographic operation
         a blob of data.
    
         The parameter block pointed to by params contains a number of integer
         values:
    
    	__s32		key_id;
    	__u32		in_len;
    	__u32		out_len;
    	__u32		in2_len;
    
         For a given operation, the in and out buffers are used as follows:
    
    	Operation ID		in,in_len	out,out_len	in2,in2_len
    	=======================	===============	===============	===========
    	KEYCTL_PKEY_ENCRYPT	Raw data	Encrypted data	-
    	KEYCTL_PKEY_DECRYPT	Encrypted data	Raw data	-
    	KEYCTL_PKEY_SIGN	Raw data	Signature	-
    	KEYCTL_PKEY_VERIFY	Raw data	-		Signature
    
         info is a string of key=value pairs that supply supplementary
         information.
    
         The __spare space in the parameter block must be set to 0.  This is
         intended, amongst other things, to allow the passing of passphrases
         required to unlock a key.
    
         If successful, encrypt, decrypt and sign all return the amount of data
         written into the output buffer.  Verification returns 0 on success.
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    Tested-by: default avatarMarcel Holtmann <marcel@holtmann.org>
    Reviewed-by: default avatarMarcel Holtmann <marcel@holtmann.org>
    Reviewed-by: default avatarDenis Kenzior <denkenz@gmail.com>
    Tested-by: default avatarDenis Kenzior <denkenz@gmail.com>
    Signed-off-by: default avatarJames Morris <james.morris@microsoft.com>
    00d60fd3
keyctl.c 43.4 KB