From: Tadeusz Struk <tadeusz.struk@intel.com>
To: herbert@gondor.apana.org.au
Cc: tadeusz.struk@intel.com, smueller@chronox.de,
linux-api@vger.kernel.org, marcel@holtmann.org,
linux-kernel@vger.kernel.org, dhowells@redhat.com,
keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
dwmw2@infradead.org, davem@davemloft.net
Subject: [PATCH v3 6/7] crypto: KEYS - add public_key info query
Date: Tue, 29 Mar 2016 17:57:26 -0700 [thread overview]
Message-ID: <20160330005726.25410.62293.stgit@tstruk-mobl1> (raw)
In-Reply-To: <20160330005649.25410.70508.stgit@tstruk-mobl1>
It is needed to query the key capabilities and how to use the key correctly.
In case of a key stored in HW (TPM) it can not be passed to the crypto API.
For now it the public_key_info only contains information about where the key
is stored, which is needed to prevent other modules, like AF_ALG, using
a key that can not be accessed by software. Later, when support for hardware
based public keys will be added this can be extended to describe other
characteristic of the key, like information on what operations the key
supports, size of data is supported, whether a password is
required to unlock it, etc.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
---
crypto/asymmetric_keys/x509_cert_parser.c | 1 +
include/crypto/public_key.h | 31 +++++++++++++++++++++++++++++
2 files changed, 32 insertions(+)
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 4a29bac..4d44724 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -107,6 +107,7 @@ struct x509_certificate *x509_cert_parse(const void *data, size_t datalen)
goto error_decode;
cert->pub->keylen = ctx->key_size;
+ cert->pub->info.stored = KEY_INFO_STOR_SW;
/* Generate cert issuer + serial number key ID */
kid = asymmetric_key_generate_id(cert->raw_serial,
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
index aa730ea..1ca1a93 100644
--- a/include/crypto/public_key.h
+++ b/include/crypto/public_key.h
@@ -29,6 +29,26 @@ enum key_being_used_for {
extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR];
/*
+ * Info indicating where a key is stored.
+ * For instance if the key is stored in software, then it can be accessed
+ * by SW. If the key is stored in hardware e.g. (TPM) then it can not be
+ * directly accessed by SW.
+ */
+enum public_key_info_storage {
+ KEY_INFO_STOR_HW,
+ KEY_INFO_STOR_SW
+};
+
+/*
+ * Information describing public_key.
+ * Struct sotres information about the key i.e.
+ * where key is stored, what operation it supports, etc.
+ */
+struct public_key_info {
+ enum public_key_info_storage stored;
+};
+
+/*
* Cryptographic data for the public-key subtype of the asymmetric key type.
*
* Note that this may include private part of the key as well as the public
@@ -39,6 +59,7 @@ struct public_key {
u32 keylen;
const char *id_type;
const char *pkey_algo;
+ struct public_key_info info;
};
extern void public_key_destroy(void *payload);
@@ -55,6 +76,16 @@ struct public_key_signature {
const char *hash_algo;
};
+static inline bool public_key_query_sw_key(struct public_key *pkey)
+{
+ return pkey->info.stored == KEY_INFO_STOR_SW;
+}
+
+static inline bool public_key_query_hw_key(struct public_key *pkey)
+{
+ return pkey->info.stored == KEY_INFO_STOR_HW;
+}
+
extern struct asymmetric_key_subtype public_key_subtype;
struct key;
extern int verify_signature(const struct key *key,
next prev parent reply other threads:[~2016-03-30 0:57 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-30 0:56 [PATCH v3 0/7] crypto: algif - add akcipher Tadeusz Struk
2016-03-30 0:56 ` [PATCH v3 1/7] crypto: AF_ALG -- add sign/verify API Tadeusz Struk
2016-03-30 0:57 ` [PATCH v3 2/7] crypto: AF_ALG -- add setpubkey setsockopt call Tadeusz Struk
2016-03-30 0:57 ` [PATCH v3 3/7] crypto: AF_ALG -- add asymmetric cipher interface Tadeusz Struk
2016-03-30 0:57 ` [PATCH v3 4/7] crypto: algif_akcipher - enable compilation Tadeusz Struk
2016-03-30 0:57 ` [PATCH v3 5/7] crypto: algif_akcipher - add ops_nokey Tadeusz Struk
2016-03-30 0:57 ` Tadeusz Struk [this message]
2016-03-30 0:57 ` [PATCH v3 7/7] crypto: AF_ALG - add support for key_id Tadeusz Struk
2016-03-30 1:49 ` kbuild test robot
[not found] ` <201603300916.Og5tA3rF%fengguang.wu-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2016-03-30 2:52 ` Tadeusz Struk
2016-03-30 2:22 ` kbuild test robot
2016-03-30 2:46 ` kbuild test robot
2016-03-30 16:31 ` David Howells
2016-03-30 16:45 ` David Woodhouse
2016-03-30 16:45 ` David Woodhouse
2016-03-30 17:19 ` Tadeusz Struk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160330005726.25410.62293.stgit@tstruk-mobl1 \
--to=tadeusz.struk@intel.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marcel@holtmann.org \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).