include/crypto/akcipher.h

0001 /* SPDX-License-Identifier: GPL-2.0-or-later */
0002 /*
0003  * Public Key Encryption
0004  *
0005  * Copyright (c) 2015, Intel Corporation
0006  * Authors: Tadeusz Struk <tadeusz.struk@intel.com>
0007  */
0008 #ifndef _CRYPTO_AKCIPHER_H
0009 #define _CRYPTO_AKCIPHER_H
0010 #include <linux/crypto.h>
0011
0012 /**
0013  * struct akcipher_request - public key request
0014  *
0015  * @base:   Common attributes for async crypto requests
0016  * @src:    Source data
0017  *      For verify op this is signature + digest, in that case
0018  *      total size of @src is @src_len + @dst_len.
0019  * @dst:    Destination data (Should be NULL for verify op)
0020  * @src_len:    Size of the input buffer
0021  *      For verify op it's size of signature part of @src, this part
0022  *      is supposed to be operated by cipher.
0023  * @dst_len:    Size of @dst buffer (for all ops except verify).
0024  *      It needs to be at least as big as the expected result
0025  *      depending on the operation.
0026  *      After operation it will be updated with the actual size of the
0027  *      result.
0028  *      In case of error where the dst sgl size was insufficient,
0029  *      it will be updated to the size required for the operation.
0030  *      For verify op this is size of digest part in @src.
0031  * @__ctx:  Start of private context data
0032  */
0033 struct akcipher_request {
0034     struct crypto_async_request base;
0035     struct scatterlist *src;
0036     struct scatterlist *dst;
0037     unsigned int src_len;
0038     unsigned int dst_len;
0039     void *__ctx[] CRYPTO_MINALIGN_ATTR;
0040 };
0041
0042 /**
0043  * struct crypto_akcipher - user-instantiated objects which encapsulate
0044  * algorithms and core processing logic
0045  *
0046  * @base:   Common crypto API algorithm data structure
0047  */
0048 struct crypto_akcipher {
0049     struct crypto_tfm base;
0050 };
0051
0052 /**
0053  * struct akcipher_alg - generic public key algorithm
0054  *
0055  * @sign:   Function performs a sign operation as defined by public key
0056  *      algorithm. In case of error, where the dst_len was insufficient,
0057  *      the req->dst_len will be updated to the size required for the
0058  *      operation
0059  * @verify: Function performs a complete verify operation as defined by
0060  *      public key algorithm, returning verification status. Requires
0061  *      digest value as input parameter.
0062  * @encrypt:    Function performs an encrypt operation as defined by public key
0063  *      algorithm. In case of error, where the dst_len was insufficient,
0064  *      the req->dst_len will be updated to the size required for the
0065  *      operation
0066  * @decrypt:    Function performs a decrypt operation as defined by public key
0067  *      algorithm. In case of error, where the dst_len was insufficient,
0068  *      the req->dst_len will be updated to the size required for the
0069  *      operation
0070  * @set_pub_key: Function invokes the algorithm specific set public key
0071  *      function, which knows how to decode and interpret
0072  *      the BER encoded public key and parameters
0073  * @set_priv_key: Function invokes the algorithm specific set private key
0074  *      function, which knows how to decode and interpret
0075  *      the BER encoded private key and parameters
0076  * @max_size:   Function returns dest buffer size required for a given key.
0077  * @init:   Initialize the cryptographic transformation object.
0078  *      This function is used to initialize the cryptographic
0079  *      transformation object. This function is called only once at
0080  *      the instantiation time, right after the transformation context
0081  *      was allocated. In case the cryptographic hardware has some
0082  *      special requirements which need to be handled by software, this
0083  *      function shall check for the precise requirement of the
0084  *      transformation and put any software fallbacks in place.
0085  * @exit:   Deinitialize the cryptographic transformation object. This is a
0086  *      counterpart to @init, used to remove various changes set in
0087  *      @init.
0088  *
0089  * @reqsize:    Request context size required by algorithm implementation
0090  * @base:   Common crypto API algorithm data structure
0091  */
0092 struct akcipher_alg {
0093     int (*sign)(struct akcipher_request *req);
0094     int (*verify)(struct akcipher_request *req);
0095     int (*encrypt)(struct akcipher_request *req);
0096     int (*decrypt)(struct akcipher_request *req);
0097     int (*set_pub_key)(struct crypto_akcipher *tfm, const void *key,
0098                unsigned int keylen);
0099     int (*set_priv_key)(struct crypto_akcipher *tfm, const void *key,
0100                 unsigned int keylen);
0101     unsigned int (*max_size)(struct crypto_akcipher *tfm);
0102     int (*init)(struct crypto_akcipher *tfm);
0103     void (*exit)(struct crypto_akcipher *tfm);
0104
0105     unsigned int reqsize;
0106     struct crypto_alg base;
0107 };
0108
0109 /**
0110  * DOC: Generic Public Key API
0111  *
0112  * The Public Key API is used with the algorithms of type
0113  * CRYPTO_ALG_TYPE_AKCIPHER (listed as type "akcipher" in /proc/crypto)
0114  */
0115
0116 /**
0117  * crypto_alloc_akcipher() - allocate AKCIPHER tfm handle
0118  * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
0119  *        public key algorithm e.g. "rsa"
0120  * @type: specifies the type of the algorithm
0121  * @mask: specifies the mask for the algorithm
0122  *
0123  * Allocate a handle for public key algorithm. The returned struct
0124  * crypto_akcipher is the handle that is required for any subsequent
0125  * API invocation for the public key operations.
0126  *
0127  * Return: allocated handle in case of success; IS_ERR() is true in case
0128  *     of an error, PTR_ERR() returns the error code.
0129  */
0130 struct crypto_akcipher *crypto_alloc_akcipher(const char *alg_name, u32 type,
0131                           u32 mask);
0132
0133 static inline struct crypto_tfm *crypto_akcipher_tfm(
0134     struct crypto_akcipher *tfm)
0135 {
0136     return &tfm->base;
0137 }
0138
0139 static inline struct akcipher_alg *__crypto_akcipher_alg(struct crypto_alg *alg)
0140 {
0141     return container_of(alg, struct akcipher_alg, base);
0142 }
0143
0144 static inline struct crypto_akcipher *__crypto_akcipher_tfm(
0145     struct crypto_tfm *tfm)
0146 {
0147     return container_of(tfm, struct crypto_akcipher, base);
0148 }
0149
0150 static inline struct akcipher_alg *crypto_akcipher_alg(
0151     struct crypto_akcipher *tfm)
0152 {
0153     return __crypto_akcipher_alg(crypto_akcipher_tfm(tfm)->__crt_alg);
0154 }
0155
0156 static inline unsigned int crypto_akcipher_reqsize(struct crypto_akcipher *tfm)
0157 {
0158     return crypto_akcipher_alg(tfm)->reqsize;
0159 }
0160
0161 static inline void akcipher_request_set_tfm(struct akcipher_request *req,
0162                         struct crypto_akcipher *tfm)
0163 {
0164     req->base.tfm = crypto_akcipher_tfm(tfm);
0165 }
0166
0167 static inline struct crypto_akcipher *crypto_akcipher_reqtfm(
0168     struct akcipher_request *req)
0169 {
0170     return __crypto_akcipher_tfm(req->base.tfm);
0171 }
0172
0173 /**
0174  * crypto_free_akcipher() - free AKCIPHER tfm handle
0175  *
0176  * @tfm: AKCIPHER tfm handle allocated with crypto_alloc_akcipher()
0177  *
0178  * If @tfm is a NULL or error pointer, this function does nothing.
0179  */
0180 static inline void crypto_free_akcipher(struct crypto_akcipher *tfm)
0181 {
0182     crypto_destroy_tfm(tfm, crypto_akcipher_tfm(tfm));
0183 }
0184
0185 /**
0186  * akcipher_request_alloc() - allocates public key request
0187  *
0188  * @tfm:    AKCIPHER tfm handle allocated with crypto_alloc_akcipher()
0189  * @gfp:    allocation flags
0190  *
0191  * Return: allocated handle in case of success or NULL in case of an error.
0192  */
0193 static inline struct akcipher_request *akcipher_request_alloc(
0194     struct crypto_akcipher *tfm, gfp_t gfp)
0195 {
0196     struct akcipher_request *req;
0197
0198     req = kmalloc(sizeof(*req) + crypto_akcipher_reqsize(tfm), gfp);
0199     if (likely(req))
0200         akcipher_request_set_tfm(req, tfm);
0201
0202     return req;
0203 }
0204
0205 /**
0206  * akcipher_request_free() - zeroize and free public key request
0207  *
0208  * @req:    request to free
0209  */
0210 static inline void akcipher_request_free(struct akcipher_request *req)
0211 {
0212     kfree_sensitive(req);
0213 }
0214
0215 /**
0216  * akcipher_request_set_callback() - Sets an asynchronous callback.
0217  *
0218  * Callback will be called when an asynchronous operation on a given
0219  * request is finished.
0220  *
0221  * @req:    request that the callback will be set for
0222  * @flgs:   specify for instance if the operation may backlog
0223  * @cmpl:   callback which will be called
0224  * @data:   private data used by the caller
0225  */
0226 static inline void akcipher_request_set_callback(struct akcipher_request *req,
0227                          u32 flgs,
0228                          crypto_completion_t cmpl,
0229                          void *data)
0230 {
0231     req->base.complete = cmpl;
0232     req->base.data = data;
0233     req->base.flags = flgs;
0234 }
0235
0236 /**
0237  * akcipher_request_set_crypt() - Sets request parameters
0238  *
0239  * Sets parameters required by crypto operation
0240  *
0241  * @req:    public key request
0242  * @src:    ptr to input scatter list
0243  * @dst:    ptr to output scatter list or NULL for verify op
0244  * @src_len:    size of the src input scatter list to be processed
0245  * @dst_len:    size of the dst output scatter list or size of signature
0246  *      portion in @src for verify op
0247  */
0248 static inline void akcipher_request_set_crypt(struct akcipher_request *req,
0249                           struct scatterlist *src,
0250                           struct scatterlist *dst,
0251                           unsigned int src_len,
0252                           unsigned int dst_len)
0253 {
0254     req->src = src;
0255     req->dst = dst;
0256     req->src_len = src_len;
0257     req->dst_len = dst_len;
0258 }
0259
0260 /**
0261  * crypto_akcipher_maxsize() - Get len for output buffer
0262  *
0263  * Function returns the dest buffer size required for a given key.
0264  * Function assumes that the key is already set in the transformation. If this
0265  * function is called without a setkey or with a failed setkey, you will end up
0266  * in a NULL dereference.
0267  *
0268  * @tfm:    AKCIPHER tfm handle allocated with crypto_alloc_akcipher()
0269  */
0270 static inline unsigned int crypto_akcipher_maxsize(struct crypto_akcipher *tfm)
0271 {
0272     struct akcipher_alg *alg = crypto_akcipher_alg(tfm);
0273
0274     return alg->max_size(tfm);
0275 }
0276
0277 /**
0278  * crypto_akcipher_encrypt() - Invoke public key encrypt operation
0279  *
0280  * Function invokes the specific public key encrypt operation for a given
0281  * public key algorithm
0282  *
0283  * @req:    asymmetric key request
0284  *
0285  * Return: zero on success; error code in case of error
0286  */
0287 static inline int crypto_akcipher_encrypt(struct akcipher_request *req)
0288 {
0289     struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
0290     struct akcipher_alg *alg = crypto_akcipher_alg(tfm);
0291     struct crypto_alg *calg = tfm->base.__crt_alg;
0292     unsigned int src_len = req->src_len;
0293     int ret;
0294
0295     crypto_stats_get(calg);
0296     ret = alg->encrypt(req);
0297     crypto_stats_akcipher_encrypt(src_len, ret, calg);
0298     return ret;
0299 }
0300
0301 /**
0302  * crypto_akcipher_decrypt() - Invoke public key decrypt operation
0303  *
0304  * Function invokes the specific public key decrypt operation for a given
0305  * public key algorithm
0306  *
0307  * @req:    asymmetric key request
0308  *
0309  * Return: zero on success; error code in case of error
0310  */
0311 static inline int crypto_akcipher_decrypt(struct akcipher_request *req)
0312 {
0313     struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
0314     struct akcipher_alg *alg = crypto_akcipher_alg(tfm);
0315     struct crypto_alg *calg = tfm->base.__crt_alg;
0316     unsigned int src_len = req->src_len;
0317     int ret;
0318
0319     crypto_stats_get(calg);
0320     ret = alg->decrypt(req);
0321     crypto_stats_akcipher_decrypt(src_len, ret, calg);
0322     return ret;
0323 }
0324
0325 /**
0326  * crypto_akcipher_sign() - Invoke public key sign operation
0327  *
0328  * Function invokes the specific public key sign operation for a given
0329  * public key algorithm
0330  *
0331  * @req:    asymmetric key request
0332  *
0333  * Return: zero on success; error code in case of error
0334  */
0335 static inline int crypto_akcipher_sign(struct akcipher_request *req)
0336 {
0337     struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
0338     struct akcipher_alg *alg = crypto_akcipher_alg(tfm);
0339     struct crypto_alg *calg = tfm->base.__crt_alg;
0340     int ret;
0341
0342     crypto_stats_get(calg);
0343     ret = alg->sign(req);
0344     crypto_stats_akcipher_sign(ret, calg);
0345     return ret;
0346 }
0347
0348 /**
0349  * crypto_akcipher_verify() - Invoke public key signature verification
0350  *
0351  * Function invokes the specific public key signature verification operation
0352  * for a given public key algorithm.
0353  *
0354  * @req:    asymmetric key request
0355  *
0356  * Note: req->dst should be NULL, req->src should point to SG of size
0357  * (req->src_size + req->dst_size), containing signature (of req->src_size
0358  * length) with appended digest (of req->dst_size length).
0359  *
0360  * Return: zero on verification success; error code in case of error.
0361  */
0362 static inline int crypto_akcipher_verify(struct akcipher_request *req)
0363 {
0364     struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
0365     struct akcipher_alg *alg = crypto_akcipher_alg(tfm);
0366     struct crypto_alg *calg = tfm->base.__crt_alg;
0367     int ret;
0368
0369     crypto_stats_get(calg);
0370     ret = alg->verify(req);
0371     crypto_stats_akcipher_verify(ret, calg);
0372     return ret;
0373 }
0374
0375 /**
0376  * crypto_akcipher_set_pub_key() - Invoke set public key operation
0377  *
0378  * Function invokes the algorithm specific set key function, which knows
0379  * how to decode and interpret the encoded key and parameters
0380  *
0381  * @tfm:    tfm handle
0382  * @key:    BER encoded public key, algo OID, paramlen, BER encoded
0383  *      parameters
0384  * @keylen: length of the key (not including other data)
0385  *
0386  * Return: zero on success; error code in case of error
0387  */
0388 static inline int crypto_akcipher_set_pub_key(struct crypto_akcipher *tfm,
0389                           const void *key,
0390                           unsigned int keylen)
0391 {
0392     struct akcipher_alg *alg = crypto_akcipher_alg(tfm);
0393
0394     return alg->set_pub_key(tfm, key, keylen);
0395 }
0396
0397 /**
0398  * crypto_akcipher_set_priv_key() - Invoke set private key operation
0399  *
0400  * Function invokes the algorithm specific set key function, which knows
0401  * how to decode and interpret the encoded key and parameters
0402  *
0403  * @tfm:    tfm handle
0404  * @key:    BER encoded private key, algo OID, paramlen, BER encoded
0405  *      parameters
0406  * @keylen: length of the key (not including other data)
0407  *
0408  * Return: zero on success; error code in case of error
0409  */
0410 static inline int crypto_akcipher_set_priv_key(struct crypto_akcipher *tfm,
0411                            const void *key,
0412                            unsigned int keylen)
0413 {
0414     struct akcipher_alg *alg = crypto_akcipher_alg(tfm);
0415
0416     return alg->set_priv_key(tfm, key, keylen);
0417 }
0418 #endif