1 | /* SPDX-License-Identifier: GPL-2.0-or-later */ |
2 | /* Asymmetric public-key algorithm definitions |
3 | * |
4 | * See Documentation/crypto/asymmetric-keys.rst |
5 | * |
6 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. |
7 | * Written by David Howells (dhowells@redhat.com) |
8 | */ |
9 | |
10 | #ifndef _LINUX_PUBLIC_KEY_H |
11 | #define _LINUX_PUBLIC_KEY_H |
12 | |
13 | #include <linux/keyctl.h> |
14 | #include <linux/oid_registry.h> |
15 | |
16 | /* |
17 | * Cryptographic data for the public-key subtype of the asymmetric key type. |
18 | * |
19 | * Note that this may include private part of the key as well as the public |
20 | * part. |
21 | */ |
22 | struct public_key { |
23 | void *key; |
24 | u32 keylen; |
25 | enum OID algo; |
26 | void *params; |
27 | u32 paramlen; |
28 | bool key_is_private; |
29 | const char *id_type; |
30 | const char *pkey_algo; |
31 | unsigned long key_eflags; /* key extension flags */ |
32 | #define KEY_EFLAG_CA 0 /* set if the CA basic constraints is set */ |
33 | #define KEY_EFLAG_DIGITALSIG 1 /* set if the digitalSignature usage is set */ |
34 | #define KEY_EFLAG_KEYCERTSIGN 2 /* set if the keyCertSign usage is set */ |
35 | }; |
36 | |
37 | extern void public_key_free(struct public_key *key); |
38 | |
39 | /* |
40 | * Public key cryptography signature data |
41 | */ |
42 | struct public_key_signature { |
43 | struct asymmetric_key_id *auth_ids[3]; |
44 | u8 *s; /* Signature */ |
45 | u8 *digest; |
46 | u32 s_size; /* Number of bytes in signature */ |
47 | u32 digest_size; /* Number of bytes in digest */ |
48 | const char *pkey_algo; |
49 | const char *hash_algo; |
50 | const char *encoding; |
51 | }; |
52 | |
53 | extern void public_key_signature_free(struct public_key_signature *sig); |
54 | |
55 | extern struct asymmetric_key_subtype public_key_subtype; |
56 | |
57 | struct key; |
58 | struct key_type; |
59 | union key_payload; |
60 | |
61 | extern int restrict_link_by_signature(struct key *dest_keyring, |
62 | const struct key_type *type, |
63 | const union key_payload *payload, |
64 | struct key *trust_keyring); |
65 | |
66 | extern int restrict_link_by_key_or_keyring(struct key *dest_keyring, |
67 | const struct key_type *type, |
68 | const union key_payload *payload, |
69 | struct key *trusted); |
70 | |
71 | extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring, |
72 | const struct key_type *type, |
73 | const union key_payload *payload, |
74 | struct key *trusted); |
75 | |
76 | #if IS_REACHABLE(CONFIG_ASYMMETRIC_KEY_TYPE) |
77 | extern int restrict_link_by_ca(struct key *dest_keyring, |
78 | const struct key_type *type, |
79 | const union key_payload *payload, |
80 | struct key *trust_keyring); |
81 | int restrict_link_by_digsig(struct key *dest_keyring, |
82 | const struct key_type *type, |
83 | const union key_payload *payload, |
84 | struct key *trust_keyring); |
85 | #else |
86 | static inline int restrict_link_by_ca(struct key *dest_keyring, |
87 | const struct key_type *type, |
88 | const union key_payload *payload, |
89 | struct key *trust_keyring) |
90 | { |
91 | return 0; |
92 | } |
93 | |
94 | static inline int restrict_link_by_digsig(struct key *dest_keyring, |
95 | const struct key_type *type, |
96 | const union key_payload *payload, |
97 | struct key *trust_keyring) |
98 | { |
99 | return 0; |
100 | } |
101 | #endif |
102 | |
103 | extern int query_asymmetric_key(const struct kernel_pkey_params *, |
104 | struct kernel_pkey_query *); |
105 | |
106 | extern int encrypt_blob(struct kernel_pkey_params *, const void *, void *); |
107 | extern int decrypt_blob(struct kernel_pkey_params *, const void *, void *); |
108 | extern int create_signature(struct kernel_pkey_params *, const void *, void *); |
109 | extern int verify_signature(const struct key *, |
110 | const struct public_key_signature *); |
111 | |
112 | #if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) |
113 | int public_key_verify_signature(const struct public_key *pkey, |
114 | const struct public_key_signature *sig); |
115 | #else |
116 | static inline |
117 | int public_key_verify_signature(const struct public_key *pkey, |
118 | const struct public_key_signature *sig) |
119 | { |
120 | return -EINVAL; |
121 | } |
122 | #endif |
123 | |
124 | #endif /* _LINUX_PUBLIC_KEY_H */ |
125 | |