Merge tag 'vfs-6.13-rc7.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs

[J-linux.git] / include / crypto / sig.h

/* SPDX-License-Identifier: GPL-2.0-or-later */
/*
 * Public Key Signature Algorithm
 *
 * Copyright (c) 2023 Herbert Xu <[email protected]>
 */
#ifndef _CRYPTO_SIG_H
#define _CRYPTO_SIG_H

#include <linux/crypto.h>

/**
 * struct crypto_sig - user-instantiated objects which encapsulate
 * algorithms and core processing logic
 *
 * @base:       Common crypto API algorithm data structure
 */
struct crypto_sig {
        struct crypto_tfm base;
};

/**
 * struct sig_alg - generic public key signature algorithm
 *
 * @sign:       Function performs a sign operation as defined by public key
 *              algorithm. Optional.
 * @verify:     Function performs a complete verify operation as defined by
 *              public key algorithm, returning verification status. Optional.
 * @set_pub_key: Function invokes the algorithm specific set public key
 *              function, which knows how to decode and interpret
 *              the BER encoded public key and parameters. Mandatory.
 * @set_priv_key: Function invokes the algorithm specific set private key
 *              function, which knows how to decode and interpret
 *              the BER encoded private key and parameters. Optional.
 * @key_size:   Function returns key size. Mandatory.
 * @digest_size: Function returns maximum digest size. Optional.
 * @max_size:   Function returns maximum signature size. Optional.
 * @init:       Initialize the cryptographic transformation object.
 *              This function is used to initialize the cryptographic
 *              transformation object. This function is called only once at
 *              the instantiation time, right after the transformation context
 *              was allocated. In case the cryptographic hardware has some
 *              special requirements which need to be handled by software, this
 *              function shall check for the precise requirement of the
 *              transformation and put any software fallbacks in place.
 * @exit:       Deinitialize the cryptographic transformation object. This is a
 *              counterpart to @init, used to remove various changes set in
 *              @init.
 *
 * @base:       Common crypto API algorithm data structure
 */
struct sig_alg {
        int (*sign)(struct crypto_sig *tfm,
                    const void *src, unsigned int slen,
                    void *dst, unsigned int dlen);
        int (*verify)(struct crypto_sig *tfm,
                      const void *src, unsigned int slen,
                      const void *digest, unsigned int dlen);
        int (*set_pub_key)(struct crypto_sig *tfm,
                           const void *key, unsigned int keylen);
        int (*set_priv_key)(struct crypto_sig *tfm,
                            const void *key, unsigned int keylen);
        unsigned int (*key_size)(struct crypto_sig *tfm);
        unsigned int (*digest_size)(struct crypto_sig *tfm);
        unsigned int (*max_size)(struct crypto_sig *tfm);
        int (*init)(struct crypto_sig *tfm);
        void (*exit)(struct crypto_sig *tfm);

        struct crypto_alg base;
};

/**
 * DOC: Generic Public Key Signature API
 *
 * The Public Key Signature API is used with the algorithms of type
 * CRYPTO_ALG_TYPE_SIG (listed as type "sig" in /proc/crypto)
 */

/**
 * crypto_alloc_sig() - allocate signature tfm handle
 * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
 *            signing algorithm e.g. "ecdsa"
 * @type: specifies the type of the algorithm
 * @mask: specifies the mask for the algorithm
 *
 * Allocate a handle for public key signature algorithm. The returned struct
 * crypto_sig is the handle that is required for any subsequent
 * API invocation for signature operations.
 *
 * Return: allocated handle in case of success; IS_ERR() is true in case
 *         of an error, PTR_ERR() returns the error code.
 */
struct crypto_sig *crypto_alloc_sig(const char *alg_name, u32 type, u32 mask);

static inline struct crypto_tfm *crypto_sig_tfm(struct crypto_sig *tfm)
{
        return &tfm->base;
}

static inline struct crypto_sig *__crypto_sig_tfm(struct crypto_tfm *tfm)
{
        return container_of(tfm, struct crypto_sig, base);
}

static inline struct sig_alg *__crypto_sig_alg(struct crypto_alg *alg)
{
        return container_of(alg, struct sig_alg, base);
}

static inline struct sig_alg *crypto_sig_alg(struct crypto_sig *tfm)
{
        return __crypto_sig_alg(crypto_sig_tfm(tfm)->__crt_alg);
}

/**
 * crypto_free_sig() - free signature tfm handle
 *
 * @tfm: signature tfm handle allocated with crypto_alloc_sig()
 *
 * If @tfm is a NULL or error pointer, this function does nothing.
 */
static inline void crypto_free_sig(struct crypto_sig *tfm)
{
        crypto_destroy_tfm(tfm, crypto_sig_tfm(tfm));
}

/**
 * crypto_sig_keysize() - Get key size
 *
 * Function returns the key size in bytes.
 * Function assumes that the key is already set in the transformation. If this
 * function is called without a setkey or with a failed setkey, you may end up
 * in a NULL dereference.
 *
 * @tfm:        signature tfm handle allocated with crypto_alloc_sig()
 */
static inline unsigned int crypto_sig_keysize(struct crypto_sig *tfm)
{
        struct sig_alg *alg = crypto_sig_alg(tfm);

        return alg->key_size(tfm);
}

/**
 * crypto_sig_digestsize() - Get maximum digest size
 *
 * Function returns the maximum digest size in bytes.
 * Function assumes that the key is already set in the transformation. If this
 * function is called without a setkey or with a failed setkey, you may end up
 * in a NULL dereference.
 *
 * @tfm:        signature tfm handle allocated with crypto_alloc_sig()
 */
static inline unsigned int crypto_sig_digestsize(struct crypto_sig *tfm)
{
        struct sig_alg *alg = crypto_sig_alg(tfm);

        return alg->digest_size(tfm);
}

/**
 * crypto_sig_maxsize() - Get maximum signature size
 *
 * Function returns the maximum signature size in bytes.
 * Function assumes that the key is already set in the transformation. If this
 * function is called without a setkey or with a failed setkey, you may end up
 * in a NULL dereference.
 *
 * @tfm:        signature tfm handle allocated with crypto_alloc_sig()
 */
static inline unsigned int crypto_sig_maxsize(struct crypto_sig *tfm)
{
        struct sig_alg *alg = crypto_sig_alg(tfm);

        return alg->max_size(tfm);
}

/**
 * crypto_sig_sign() - Invoke signing operation
 *
 * Function invokes the specific signing operation for a given algorithm
 *
 * @tfm:        signature tfm handle allocated with crypto_alloc_sig()
 * @src:        source buffer
 * @slen:       source length
 * @dst:        destination obuffer
 * @dlen:       destination length
 *
 * Return: zero on success; error code in case of error
 */
static inline int crypto_sig_sign(struct crypto_sig *tfm,
                                  const void *src, unsigned int slen,
                                  void *dst, unsigned int dlen)
{
        struct sig_alg *alg = crypto_sig_alg(tfm);

        return alg->sign(tfm, src, slen, dst, dlen);
}

/**
 * crypto_sig_verify() - Invoke signature verification
 *
 * Function invokes the specific signature verification operation
 * for a given algorithm.
 *
 * @tfm:        signature tfm handle allocated with crypto_alloc_sig()
 * @src:        source buffer
 * @slen:       source length
 * @digest:     digest
 * @dlen:       digest length
 *
 * Return: zero on verification success; error code in case of error.
 */
static inline int crypto_sig_verify(struct crypto_sig *tfm,
                                    const void *src, unsigned int slen,
                                    const void *digest, unsigned int dlen)
{
        struct sig_alg *alg = crypto_sig_alg(tfm);

        return alg->verify(tfm, src, slen, digest, dlen);
}

/**
 * crypto_sig_set_pubkey() - Invoke set public key operation
 *
 * Function invokes the algorithm specific set key function, which knows
 * how to decode and interpret the encoded key and parameters
 *
 * @tfm:        tfm handle
 * @key:        BER encoded public key, algo OID, paramlen, BER encoded
 *              parameters
 * @keylen:     length of the key (not including other data)
 *
 * Return: zero on success; error code in case of error
 */
static inline int crypto_sig_set_pubkey(struct crypto_sig *tfm,
                                        const void *key, unsigned int keylen)
{
        struct sig_alg *alg = crypto_sig_alg(tfm);

        return alg->set_pub_key(tfm, key, keylen);
}

/**
 * crypto_sig_set_privkey() - Invoke set private key operation
 *
 * Function invokes the algorithm specific set key function, which knows
 * how to decode and interpret the encoded key and parameters
 *
 * @tfm:        tfm handle
 * @key:        BER encoded private key, algo OID, paramlen, BER encoded
 *              parameters
 * @keylen:     length of the key (not including other data)
 *
 * Return: zero on success; error code in case of error
 */
static inline int crypto_sig_set_privkey(struct crypto_sig *tfm,
                                         const void *key, unsigned int keylen)
{
        struct sig_alg *alg = crypto_sig_alg(tfm);

        return alg->set_priv_key(tfm, key, keylen);
}
#endif