00d60fd3b9
Provide five keyctl functions that permit userspace to make use of the new key type ops for accessing and driving asymmetric keys. (*) Query an asymmetric key. long keyctl(KEYCTL_PKEY_QUERY, key_serial_t key, unsigned long reserved, struct keyctl_pkey_query *info); Get information about an asymmetric key. The information is returned in the keyctl_pkey_query struct: __u32 supported_ops; A bit mask of flags indicating which ops are supported. This is constructed from a bitwise-OR of: KEYCTL_SUPPORTS_{ENCRYPT,DECRYPT,SIGN,VERIFY} __u32 key_size; The size in bits of the key. __u16 max_data_size; __u16 max_sig_size; __u16 max_enc_size; __u16 max_dec_size; The maximum sizes in bytes of a blob of data to be signed, a signature blob, a blob to be encrypted and a blob to be decrypted. reserved must be set to 0. This is intended for future use to hand over one or more passphrases needed unlock a key. If successful, 0 is returned. If the key is not an asymmetric key, EOPNOTSUPP is returned. (*) Encrypt, decrypt, sign or verify a blob using an asymmetric key. long keyctl(KEYCTL_PKEY_ENCRYPT, const struct keyctl_pkey_params *params, const char *info, const void *in, void *out); long keyctl(KEYCTL_PKEY_DECRYPT, const struct keyctl_pkey_params *params, const char *info, const void *in, void *out); long keyctl(KEYCTL_PKEY_SIGN, const struct keyctl_pkey_params *params, const char *info, const void *in, void *out); long keyctl(KEYCTL_PKEY_VERIFY, const struct keyctl_pkey_params *params, const char *info, const void *in, const void *in2); Use an asymmetric key to perform a public-key cryptographic operation a blob of data. The parameter block pointed to by params contains a number of integer values: __s32 key_id; __u32 in_len; __u32 out_len; __u32 in2_len; For a given operation, the in and out buffers are used as follows: Operation ID in,in_len out,out_len in2,in2_len ======================= =============== =============== =========== KEYCTL_PKEY_ENCRYPT Raw data Encrypted data - KEYCTL_PKEY_DECRYPT Encrypted data Raw data - KEYCTL_PKEY_SIGN Raw data Signature - KEYCTL_PKEY_VERIFY Raw data - Signature info is a string of key=value pairs that supply supplementary information. The __spare space in the parameter block must be set to 0. This is intended, amongst other things, to allow the passing of passphrases required to unlock a key. If successful, encrypt, decrypt and sign all return the amount of data written into the output buffer. Verification returns 0 on success. Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Marcel Holtmann <marcel@holtmann.org> Reviewed-by: Marcel Holtmann <marcel@holtmann.org> Reviewed-by: Denis Kenzior <denkenz@gmail.com> Tested-by: Denis Kenzior <denkenz@gmail.com> Signed-off-by: James Morris <james.morris@microsoft.com> |
||
---|---|---|
.. | ||
ABI | ||
accelerators | ||
accounting | ||
acpi | ||
admin-guide | ||
aoe | ||
arm | ||
arm64 | ||
auxdisplay | ||
backlight | ||
block | ||
blockdev | ||
bpf | ||
bus-devices | ||
cdrom | ||
cgroup-v1 | ||
cma | ||
connector | ||
console | ||
core-api | ||
cpu-freq | ||
cpuidle | ||
crypto | ||
dev-tools | ||
device-mapper | ||
devicetree | ||
doc-guide | ||
driver-api | ||
driver-model | ||
early-userspace | ||
EDID | ||
extcon | ||
fault-injection | ||
fb | ||
features | ||
filesystems | ||
firmware_class | ||
fmc | ||
fpga | ||
gpio | ||
gpu | ||
hid | ||
hwmon | ||
i2c | ||
ia64 | ||
ide | ||
iio | ||
infiniband | ||
input | ||
ioctl | ||
isdn | ||
kbuild | ||
kdump | ||
kernel-hacking | ||
laptops | ||
leds | ||
lightnvm | ||
livepatch | ||
locking | ||
m68k | ||
maintainer | ||
md | ||
media | ||
memory-devices | ||
mic | ||
mips | ||
misc-devices | ||
mmc | ||
mtd | ||
namespaces | ||
netlabel | ||
networking | ||
nfc | ||
nios2 | ||
nvdimm | ||
nvmem | ||
openrisc | ||
parisc | ||
PCI | ||
pcmcia | ||
perf | ||
phy | ||
platform | ||
power | ||
powerpc | ||
pps | ||
process | ||
pti | ||
ptp | ||
rapidio | ||
RCU | ||
riscv | ||
s390 | ||
scheduler | ||
scsi | ||
security | ||
serial | ||
sh | ||
sound | ||
sparc | ||
sphinx | ||
sphinx-static | ||
spi | ||
sysctl | ||
target | ||
thermal | ||
timers | ||
trace | ||
translations | ||
usb | ||
userspace-api | ||
virtual | ||
vm | ||
w1 | ||
watchdog | ||
wimax | ||
x86 | ||
xtensa | ||
.gitignore | ||
atomic_bitops.txt | ||
atomic_t.txt | ||
bt8xxgpio.txt | ||
btmrvl.txt | ||
bus-virt-phys-mapping.txt | ||
Changes | ||
clearing-warn-once.txt | ||
CodingStyle | ||
conf.py | ||
cpu-load.txt | ||
cputopology.txt | ||
crc32.txt | ||
dcdbas.txt | ||
debugging-modules.txt | ||
debugging-via-ohci1394.txt | ||
dell_rbu.txt | ||
digsig.txt | ||
DMA-API-HOWTO.txt | ||
DMA-API.txt | ||
DMA-attributes.txt | ||
DMA-ISA-LPC.txt | ||
docutils.conf | ||
dontdiff | ||
efi-stub.txt | ||
eisa.txt | ||
flexible-arrays.txt | ||
futex-requeue-pi.txt | ||
gcc-plugins.txt | ||
highuid.txt | ||
hw_random.txt | ||
hwspinlock.txt | ||
index.rst | ||
intel_txt.txt | ||
Intel-IOMMU.txt | ||
io_ordering.txt | ||
io-mapping.txt | ||
iostats.txt | ||
IPMI.txt | ||
IRQ-affinity.txt | ||
IRQ-domain.txt | ||
IRQ.txt | ||
irqflags-tracing.txt | ||
isa.txt | ||
isapnp.txt | ||
kernel-per-CPU-kthreads.txt | ||
kobject.txt | ||
kprobes.txt | ||
kref.txt | ||
ldm.txt | ||
lockup-watchdogs.txt | ||
logo.gif | ||
logo.txt | ||
lsm.txt | ||
lzo.txt | ||
mailbox.txt | ||
Makefile | ||
memory-barriers.txt | ||
men-chameleon-bus.txt | ||
nommu-mmap.txt | ||
ntb.txt | ||
numastat.txt | ||
padata.txt | ||
parport-lowlevel.txt | ||
percpu-rw-semaphore.txt | ||
phy.txt | ||
pi-futex.txt | ||
pnp.txt | ||
preempt-locking.txt | ||
pwm.txt | ||
rbtree.txt | ||
remoteproc.txt | ||
rfkill.txt | ||
robust-futex-ABI.txt | ||
robust-futexes.txt | ||
rpmsg.txt | ||
rtc.txt | ||
SAK.txt | ||
sgi-ioc4.txt | ||
siphash.txt | ||
SM501.txt | ||
smsc_ece1099.txt | ||
speculation.txt | ||
static-keys.txt | ||
SubmittingPatches | ||
svga.txt | ||
switchtec.txt | ||
sync_file.txt | ||
tee.txt | ||
this_cpu_ops.txt | ||
unaligned-memory-access.txt | ||
vfio-mediated-device.txt | ||
vfio.txt | ||
video-output.txt | ||
xillybus.txt | ||
xz.txt | ||
zorro.txt |