xref: /openbmc/linux/include/crypto/public_key.h (revision a8da474e) 
1 /* Asymmetric public-key algorithm definitions
2  *
3  * See Documentation/crypto/asymmetric-keys.txt
4  *
5  * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
6  * Written by David Howells (dhowells@redhat.com)
7  *
8  * This program is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU General Public Licence
10  * as published by the Free Software Foundation; either version
11  * 2 of the Licence, or (at your option) any later version.
12  */
13 
14 #ifndef _LINUX_PUBLIC_KEY_H
15 #define _LINUX_PUBLIC_KEY_H
16 
17 #include <linux/mpi.h>
18 #include <crypto/hash_info.h>
19 
20 enum pkey_algo {
21 	PKEY_ALGO_DSA,
22 	PKEY_ALGO_RSA,
23 	PKEY_ALGO__LAST
24 };
25 
26 extern const char *const pkey_algo_name[PKEY_ALGO__LAST];
27 extern const struct public_key_algorithm *pkey_algo[PKEY_ALGO__LAST];
28 
29 /* asymmetric key implementation supports only up to SHA224 */
30 #define PKEY_HASH__LAST		(HASH_ALGO_SHA224 + 1)
31 
32 enum pkey_id_type {
33 	PKEY_ID_PGP,		/* OpenPGP generated key ID */
34 	PKEY_ID_X509,		/* X.509 arbitrary subjectKeyIdentifier */
35 	PKEY_ID_PKCS7,		/* Signature in PKCS#7 message */
36 	PKEY_ID_TYPE__LAST
37 };
38 
39 extern const char *const pkey_id_type_name[PKEY_ID_TYPE__LAST];
40 
41 /*
42  * The use to which an asymmetric key is being put.
43  */
44 enum key_being_used_for {
45 	VERIFYING_MODULE_SIGNATURE,
46 	VERIFYING_FIRMWARE_SIGNATURE,
47 	VERIFYING_KEXEC_PE_SIGNATURE,
48 	VERIFYING_KEY_SIGNATURE,
49 	VERIFYING_KEY_SELF_SIGNATURE,
50 	VERIFYING_UNSPECIFIED_SIGNATURE,
51 	NR__KEY_BEING_USED_FOR
52 };
53 extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR];
54 
55 /*
56  * Cryptographic data for the public-key subtype of the asymmetric key type.
57  *
58  * Note that this may include private part of the key as well as the public
59  * part.
60  */
61 struct public_key {
62 	const struct public_key_algorithm *algo;
63 	u8	capabilities;
64 #define PKEY_CAN_ENCRYPT	0x01
65 #define PKEY_CAN_DECRYPT	0x02
66 #define PKEY_CAN_SIGN		0x04
67 #define PKEY_CAN_VERIFY		0x08
68 	enum pkey_algo pkey_algo : 8;
69 	enum pkey_id_type id_type : 8;
70 	union {
71 		MPI	mpi[5];
72 		struct {
73 			MPI	p;	/* DSA prime */
74 			MPI	q;	/* DSA group order */
75 			MPI	g;	/* DSA group generator */
76 			MPI	y;	/* DSA public-key value = g^x mod p */
77 			MPI	x;	/* DSA secret exponent (if present) */
78 		} dsa;
79 		struct {
80 			MPI	n;	/* RSA public modulus */
81 			MPI	e;	/* RSA public encryption exponent */
82 			MPI	d;	/* RSA secret encryption exponent (if present) */
83 			MPI	p;	/* RSA secret prime (if present) */
84 			MPI	q;	/* RSA secret prime (if present) */
85 		} rsa;
86 	};
87 };
88 
89 extern void public_key_destroy(void *payload);
90 
91 /*
92  * Public key cryptography signature data
93  */
94 struct public_key_signature {
95 	u8 *digest;
96 	u8 digest_size;			/* Number of bytes in digest */
97 	u8 nr_mpi;			/* Occupancy of mpi[] */
98 	enum pkey_algo pkey_algo : 8;
99 	enum hash_algo pkey_hash_algo : 8;
100 	union {
101 		MPI mpi[2];
102 		struct {
103 			MPI s;		/* m^d mod n */
104 		} rsa;
105 		struct {
106 			MPI r;
107 			MPI s;
108 		} dsa;
109 	};
110 };
111 
112 struct key;
113 extern int verify_signature(const struct key *key,
114 			    const struct public_key_signature *sig);
115 
116 struct asymmetric_key_id;
117 extern struct key *x509_request_asymmetric_key(struct key *keyring,
118 					       const struct asymmetric_key_id *id,
119 					       const struct asymmetric_key_id *skid,
120 					       bool partial);
121 
122 #endif /* _LINUX_PUBLIC_KEY_H */
123