xref: /openbmc/linux/include/crypto/public_key.h (revision 9b68f30b) 
1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /* Asymmetric public-key algorithm definitions
3  *
4  * See Documentation/crypto/asymmetric-keys.rst
5  *
6  * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
7  * Written by David Howells (dhowells@redhat.com)
8  */
9 
10 #ifndef _LINUX_PUBLIC_KEY_H
11 #define _LINUX_PUBLIC_KEY_H
12 
13 #include <linux/keyctl.h>
14 #include <linux/oid_registry.h>
15 
16 /*
17  * Cryptographic data for the public-key subtype of the asymmetric key type.
18  *
19  * Note that this may include private part of the key as well as the public
20  * part.
21  */
22 struct public_key {
23 	void *key;
24 	u32 keylen;
25 	enum OID algo;
26 	void *params;
27 	u32 paramlen;
28 	bool key_is_private;
29 	const char *id_type;
30 	const char *pkey_algo;
31 	unsigned long key_eflags;	/* key extension flags */
32 #define KEY_EFLAG_CA		0	/* set if the CA basic constraints is set */
33 #define KEY_EFLAG_DIGITALSIG	1	/* set if the digitalSignature usage is set */
34 #define KEY_EFLAG_KEYCERTSIGN	2	/* set if the keyCertSign usage is set */
35 };
36 
37 extern void public_key_free(struct public_key *key);
38 
39 /*
40  * Public key cryptography signature data
41  */
42 struct public_key_signature {
43 	struct asymmetric_key_id *auth_ids[3];
44 	u8 *s;			/* Signature */
45 	u8 *digest;
46 	u32 s_size;		/* Number of bytes in signature */
47 	u32 digest_size;	/* Number of bytes in digest */
48 	const char *pkey_algo;
49 	const char *hash_algo;
50 	const char *encoding;
51 	const void *data;
52 	unsigned int data_size;
53 };
54 
55 extern void public_key_signature_free(struct public_key_signature *sig);
56 
57 extern struct asymmetric_key_subtype public_key_subtype;
58 
59 struct key;
60 struct key_type;
61 union key_payload;
62 
63 extern int restrict_link_by_signature(struct key *dest_keyring,
64 				      const struct key_type *type,
65 				      const union key_payload *payload,
66 				      struct key *trust_keyring);
67 
68 extern int restrict_link_by_key_or_keyring(struct key *dest_keyring,
69 					   const struct key_type *type,
70 					   const union key_payload *payload,
71 					   struct key *trusted);
72 
73 extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring,
74 						 const struct key_type *type,
75 						 const union key_payload *payload,
76 						 struct key *trusted);
77 
78 #if IS_REACHABLE(CONFIG_ASYMMETRIC_KEY_TYPE)
79 extern int restrict_link_by_ca(struct key *dest_keyring,
80 			       const struct key_type *type,
81 			       const union key_payload *payload,
82 			       struct key *trust_keyring);
83 #else
84 static inline int restrict_link_by_ca(struct key *dest_keyring,
85 				      const struct key_type *type,
86 				      const union key_payload *payload,
87 				      struct key *trust_keyring)
88 {
89 	return 0;
90 }
91 #endif
92 
93 extern int query_asymmetric_key(const struct kernel_pkey_params *,
94 				struct kernel_pkey_query *);
95 
96 extern int encrypt_blob(struct kernel_pkey_params *, const void *, void *);
97 extern int decrypt_blob(struct kernel_pkey_params *, const void *, void *);
98 extern int create_signature(struct kernel_pkey_params *, const void *, void *);
99 extern int verify_signature(const struct key *,
100 			    const struct public_key_signature *);
101 
102 #if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
103 int public_key_verify_signature(const struct public_key *pkey,
104 				const struct public_key_signature *sig);
105 #else
106 static inline
107 int public_key_verify_signature(const struct public_key *pkey,
108 				const struct public_key_signature *sig)
109 {
110 	return -EINVAL;
111 }
112 #endif
113 
114 #endif /* _LINUX_PUBLIC_KEY_H */
115