Linux/crypto/asymmetric_keys/pkcs8

Version: ~ [ linux-6.11-rc3 ] ~ [ linux-6.10.4 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.45 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.104 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.164 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.223 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.281 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.319 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* PKCS#8 Private Key parser [RFC 5208]. 3 * 4 * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 */ 7 8 #define pr_fmt(fmt) "PKCS8: "fmt 9 #include <linux/module.h> 10 #include <linux/kernel.h> 11 #include <linux/export.h> 12 #include <linux/slab.h> 13 #include <linux/err.h> 14 #include <linux/oid_registry.h> 15 #include <keys/asymmetric-subtype.h> 16 #include <keys/asymmetric-parser.h> 17 #include <crypto/public_key.h> 18 #include "pkcs8.asn1.h" 19 20 struct pkcs8_parse_context { 21 struct public_key *pub; 22 unsigned long data; /* Start of data */ 23 enum OID last_oid; /* Last OID encountered */ 24 enum OID algo_oid; /* Algorithm OID */ 25 u32 key_size; 26 const void *key; 27 }; 28 29 /* 30 * Note an OID when we find one for later processing when we know how to 31 * interpret it. 32 */ 33 int pkcs8_note_OID(void *context, size_t hdrlen, 34 unsigned char tag, 35 const void *value, size_t vlen) 36 { 37 struct pkcs8_parse_context *ctx = context; 38 39 ctx->last_oid = look_up_OID(value, vlen); 40 if (ctx->last_oid == OID__NR) { 41 char buffer[50]; 42 43 sprint_oid(value, vlen, buffer, sizeof(buffer)); 44 pr_info("Unknown OID: [%lu] %s\n", 45 (unsigned long)value - ctx->data, buffer); 46 } 47 return 0; 48 } 49 50 /* 51 * Note the version number of the ASN.1 blob. 52 */ 53 int pkcs8_note_version(void *context, size_t hdrlen, 54 unsigned char tag, 55 const void *value, size_t vlen) 56 { 57 if (vlen != 1 || ((const u8 *)value)[0] != 0) { 58 pr_warn("Unsupported PKCS#8 version\n"); 59 return -EBADMSG; 60 } 61 return 0; 62 } 63 64 /* 65 * Note the public algorithm. 66 */ 67 int pkcs8_note_algo(void *context, size_t hdrlen, 68 unsigned char tag, 69 const void *value, size_t vlen) 70 { 71 struct pkcs8_parse_context *ctx = context; 72 73 if (ctx->last_oid != OID_rsaEncryption) 74 return -ENOPKG; 75 76 ctx->pub->pkey_algo = "rsa"; 77 return 0; 78 } 79 80 /* 81 * Note the key data of the ASN.1 blob. 82 */ 83 int pkcs8_note_key(void *context, size_t hdrlen, 84 unsigned char tag, 85 const void *value, size_t vlen) 86 { 87 struct pkcs8_parse_context *ctx = context; 88 89 ctx->key = value; 90 ctx->key_size = vlen; 91 return 0; 92 } 93 94 /* 95 * Parse a PKCS#8 private key blob. 96 */ 97 static struct public_key *pkcs8_parse(const void *data, size_t datalen) 98 { 99 struct pkcs8_parse_context ctx; 100 struct public_key *pub; 101 long ret; 102 103 memset(&ctx, 0, sizeof(ctx)); 104 105 ret = -ENOMEM; 106 ctx.pub = kzalloc(sizeof(struct public_key), GFP_KERNEL); 107 if (!ctx.pub) 108 goto error; 109 110 ctx.data = (unsigned long)data; 111 112 /* Attempt to decode the private key */ 113 ret = asn1_ber_decoder(&pkcs8_decoder, &ctx, data, datalen); 114 if (ret < 0) 115 goto error_decode; 116 117 ret = -ENOMEM; 118 pub = ctx.pub; 119 pub->key = kmemdup(ctx.key, ctx.key_size, GFP_KERNEL); 120 if (!pub->key) 121 goto error_decode; 122 123 pub->keylen = ctx.key_size; 124 pub->key_is_private = true; 125 return pub; 126 127 error_decode: 128 kfree(ctx.pub); 129 error: 130 return ERR_PTR(ret); 131 } 132 133 /* 134 * Attempt to parse a data blob for a key as a PKCS#8 private key. 135 */ 136 static int pkcs8_key_preparse(struct key_preparsed_payload *prep) 137 { 138 struct public_key *pub; 139 140 pub = pkcs8_parse(prep->data, prep->datalen); 141 if (IS_ERR(pub)) 142 return PTR_ERR(pub); 143 144 pr_devel("Cert Key Algo: %s\n", pub->pkey_algo); 145 pub->id_type = "PKCS8"; 146 147 /* We're pinning the module by being linked against it */ 148 __module_get(public_key_subtype.owner); 149 prep->payload.data[asym_subtype] = &public_key_subtype; 150 prep->payload.data[asym_key_ids] = NULL; 151 prep->payload.data[asym_crypto] = pub; 152 prep->payload.data[asym_auth] = NULL; 153 prep->quotalen = 100; 154 return 0; 155 } 156 157 static struct asymmetric_key_parser pkcs8_key_parser = { 158 .owner = THIS_MODULE, 159 .name = "pkcs8", 160 .parse = pkcs8_key_preparse, 161 }; 162 163 /* 164 * Module stuff 165 */ 166 static int __init pkcs8_key_init(void) 167 { 168 return register_asymmetric_key_parser(&pkcs8_key_parser); 169 } 170 171 static void __exit pkcs8_key_exit(void) 172 { 173 unregister_asymmetric_key_parser(&pkcs8_key_parser); 174 } 175 176 module_init(pkcs8_key_init); 177 module_exit(pkcs8_key_exit); 178 179 MODULE_DESCRIPTION("PKCS#8 certificate parser"); 180 MODULE_LICENSE("GPL"); 181

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference Linux/crypto/asymmetric_keys/pkcs8_parser.c

TOMOYO Linux Cross Reference
Linux/crypto/asymmetric_keys/pkcs8_parser.c