1 | /* SPDX-License-Identifier: GPL-2.0-or-later */ |
2 | /* Asymmetric public-key algorithm definitions |
3 | * |
4 | * See Documentation/crypto/asymmetric-keys.rst |
5 | * |
6 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. |
7 | * Written by David Howells (dhowells@redhat.com) |
8 | */ |
9 | |
10 | #ifndef _LINUX_PUBLIC_KEY_H |
11 | #define _LINUX_PUBLIC_KEY_H |
12 | |
13 | #include <linux/errno.h> |
14 | #include <linux/keyctl.h> |
15 | #include <linux/oid_registry.h> |
16 | |
17 | /* |
18 | * Cryptographic data for the public-key subtype of the asymmetric key type. |
19 | * |
20 | * Note that this may include private part of the key as well as the public |
21 | * part. |
22 | */ |
23 | struct public_key { |
24 | void *key; |
25 | u32 keylen; |
26 | enum OID algo; |
27 | void *params; |
28 | u32 paramlen; |
29 | bool key_is_private; |
30 | const char *id_type; |
31 | const char *pkey_algo; |
32 | unsigned long key_eflags; /* key extension flags */ |
33 | #define KEY_EFLAG_CA 0 /* set if the CA basic constraints is set */ |
34 | #define KEY_EFLAG_DIGITALSIG 1 /* set if the digitalSignature usage is set */ |
35 | #define KEY_EFLAG_KEYCERTSIGN 2 /* set if the keyCertSign usage is set */ |
36 | }; |
37 | |
38 | extern void public_key_free(struct public_key *key); |
39 | |
40 | /* |
41 | * Public key cryptography signature data |
42 | */ |
43 | struct public_key_signature { |
44 | struct asymmetric_key_id *auth_ids[3]; |
45 | u8 *s; /* Signature */ |
46 | u8 *digest; |
47 | u32 s_size; /* Number of bytes in signature */ |
48 | u32 digest_size; /* Number of bytes in digest */ |
49 | const char *pkey_algo; |
50 | const char *hash_algo; |
51 | const char *encoding; |
52 | }; |
53 | |
54 | extern void public_key_signature_free(struct public_key_signature *sig); |
55 | |
56 | extern struct asymmetric_key_subtype public_key_subtype; |
57 | |
58 | struct key; |
59 | struct key_type; |
60 | union key_payload; |
61 | |
62 | extern int restrict_link_by_signature(struct key *dest_keyring, |
63 | const struct key_type *type, |
64 | const union key_payload *payload, |
65 | struct key *trust_keyring); |
66 | |
67 | extern int restrict_link_by_key_or_keyring(struct key *dest_keyring, |
68 | const struct key_type *type, |
69 | const union key_payload *payload, |
70 | struct key *trusted); |
71 | |
72 | extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring, |
73 | const struct key_type *type, |
74 | const union key_payload *payload, |
75 | struct key *trusted); |
76 | |
77 | #if IS_REACHABLE(CONFIG_ASYMMETRIC_KEY_TYPE) |
78 | extern int restrict_link_by_ca(struct key *dest_keyring, |
79 | const struct key_type *type, |
80 | const union key_payload *payload, |
81 | struct key *trust_keyring); |
82 | int restrict_link_by_digsig(struct key *dest_keyring, |
83 | const struct key_type *type, |
84 | const union key_payload *payload, |
85 | struct key *trust_keyring); |
86 | #else |
87 | static inline int restrict_link_by_ca(struct key *dest_keyring, |
88 | const struct key_type *type, |
89 | const union key_payload *payload, |
90 | struct key *trust_keyring) |
91 | { |
92 | return 0; |
93 | } |
94 | |
95 | static inline int restrict_link_by_digsig(struct key *dest_keyring, |
96 | const struct key_type *type, |
97 | const union key_payload *payload, |
98 | struct key *trust_keyring) |
99 | { |
100 | return 0; |
101 | } |
102 | #endif |
103 | |
104 | extern int query_asymmetric_key(const struct kernel_pkey_params *, |
105 | struct kernel_pkey_query *); |
106 | |
107 | extern int encrypt_blob(struct kernel_pkey_params *, const void *, void *); |
108 | extern int decrypt_blob(struct kernel_pkey_params *, const void *, void *); |
109 | extern int create_signature(struct kernel_pkey_params *, const void *, void *); |
110 | extern int verify_signature(const struct key *, |
111 | const struct public_key_signature *); |
112 | |
113 | #if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) |
114 | int public_key_verify_signature(const struct public_key *pkey, |
115 | const struct public_key_signature *sig); |
116 | #else |
117 | static inline |
118 | int public_key_verify_signature(const struct public_key *pkey, |
119 | const struct public_key_signature *sig) |
120 | { |
121 | return -EINVAL; |
122 | } |
123 | #endif |
124 | |
125 | #endif /* _LINUX_PUBLIC_KEY_H */ |
126 | |