1 /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 /* Asymmetric public-key algorithm definitions 3 * 4 * See Documentation/crypto/asymmetric-keys.rst 5 * 6 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. 7 * Written by David Howells (dhowells@redhat.com) 8 */ 9 10 #ifndef _LINUX_PUBLIC_KEY_H 11 #define _LINUX_PUBLIC_KEY_H 12 13 #include <linux/keyctl.h> 14 #include <linux/oid_registry.h> 15 16 /* 17 * Cryptographic data for the public-key subtype of the asymmetric key type. 18 * 19 * Note that this may include private part of the key as well as the public 20 * part. 21 */ 22 struct public_key { 23 void *key; 24 u32 keylen; 25 enum OID algo; 26 void *params; 27 u32 paramlen; 28 bool key_is_private; 29 const char *id_type; 30 const char *pkey_algo; 31 unsigned long key_eflags; /* key extension flags */ 32 #define KEY_EFLAG_CA 0 /* set if the CA basic constraints is set */ 33 #define KEY_EFLAG_DIGITALSIG 1 /* set if the digitalSignature usage is set */ 34 #define KEY_EFLAG_KEYCERTSIGN 2 /* set if the keyCertSign usage is set */ 35 }; 36 37 extern void public_key_free(struct public_key *key); 38 39 /* 40 * Public key cryptography signature data 41 */ 42 struct public_key_signature { 43 struct asymmetric_key_id *auth_ids[3]; 44 u8 *s; /* Signature */ 45 u8 *digest; 46 u32 s_size; /* Number of bytes in signature */ 47 u32 digest_size; /* Number of bytes in digest */ 48 const char *pkey_algo; 49 const char *hash_algo; 50 const char *encoding; 51 }; 52 53 extern void public_key_signature_free(struct public_key_signature *sig); 54 55 extern struct asymmetric_key_subtype public_key_subtype; 56 57 struct key; 58 struct key_type; 59 union key_payload; 60 61 extern int restrict_link_by_signature(struct key *dest_keyring, 62 const struct key_type *type, 63 const union key_payload *payload, 64 struct key *trust_keyring); 65 66 extern int restrict_link_by_key_or_keyring(struct key *dest_keyring, 67 const struct key_type *type, 68 const union key_payload *payload, 69 struct key *trusted); 70 71 extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring, 72 const struct key_type *type, 73 const union key_payload *payload, 74 struct key *trusted); 75 76 #if IS_REACHABLE(CONFIG_ASYMMETRIC_KEY_TYPE) 77 extern int restrict_link_by_ca(struct key *dest_keyring, 78 const struct key_type *type, 79 const union key_payload *payload, 80 struct key *trust_keyring); 81 int restrict_link_by_digsig(struct key *dest_keyring, 82 const struct key_type *type, 83 const union key_payload *payload, 84 struct key *trust_keyring); 85 #else 86 static inline int restrict_link_by_ca(struct key *dest_keyring, 87 const struct key_type *type, 88 const union key_payload *payload, 89 struct key *trust_keyring) 90 { 91 return 0; 92 } 93 94 static inline int restrict_link_by_digsig(struct key *dest_keyring, 95 const struct key_type *type, 96 const union key_payload *payload, 97 struct key *trust_keyring) 98 { 99 return 0; 100 } 101 #endif 102 103 extern int query_asymmetric_key(const struct kernel_pkey_params *, 104 struct kernel_pkey_query *); 105 106 extern int encrypt_blob(struct kernel_pkey_params *, const void *, void *); 107 extern int decrypt_blob(struct kernel_pkey_params *, const void *, void *); 108 extern int create_signature(struct kernel_pkey_params *, const void *, void *); 109 extern int verify_signature(const struct key *, 110 const struct public_key_signature *); 111 112 #if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) 113 int public_key_verify_signature(const struct public_key *pkey, 114 const struct public_key_signature *sig); 115 #else 116 static inline 117 int public_key_verify_signature(const struct public_key *pkey, 118 const struct public_key_signature *sig) 119 { 120 return -EINVAL; 121 } 122 #endif 123 124 #endif /* _LINUX_PUBLIC_KEY_H */ 125