xref: /openbmc/linux/include/crypto/public_key.h (revision d6e2d652)
1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /* Asymmetric public-key algorithm definitions
3  *
4  * See Documentation/crypto/asymmetric-keys.rst
5  *
6  * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
7  * Written by David Howells (dhowells@redhat.com)
8  */
9 
10 #ifndef _LINUX_PUBLIC_KEY_H
11 #define _LINUX_PUBLIC_KEY_H
12 
13 #include <linux/keyctl.h>
14 #include <linux/oid_registry.h>
15 
16 /*
17  * Cryptographic data for the public-key subtype of the asymmetric key type.
18  *
19  * Note that this may include private part of the key as well as the public
20  * part.
21  */
22 struct public_key {
23 	void *key;
24 	u32 keylen;
25 	enum OID algo;
26 	void *params;
27 	u32 paramlen;
28 	bool key_is_private;
29 	const char *id_type;
30 	const char *pkey_algo;
31 	unsigned long key_eflags;	/* key extension flags */
32 #define KEY_EFLAG_CA		0	/* set if the CA basic constraints is set */
33 #define KEY_EFLAG_DIGITALSIG	1	/* set if the digitalSignature usage is set */
34 #define KEY_EFLAG_KEYCERTSIGN	2	/* set if the keyCertSign usage is set */
35 };
36 
37 extern void public_key_free(struct public_key *key);
38 
39 /*
40  * Public key cryptography signature data
41  */
42 struct public_key_signature {
43 	struct asymmetric_key_id *auth_ids[3];
44 	u8 *s;			/* Signature */
45 	u8 *digest;
46 	u32 s_size;		/* Number of bytes in signature */
47 	u32 digest_size;	/* Number of bytes in digest */
48 	const char *pkey_algo;
49 	const char *hash_algo;
50 	const char *encoding;
51 };
52 
53 extern void public_key_signature_free(struct public_key_signature *sig);
54 
55 extern struct asymmetric_key_subtype public_key_subtype;
56 
57 struct key;
58 struct key_type;
59 union key_payload;
60 
61 extern int restrict_link_by_signature(struct key *dest_keyring,
62 				      const struct key_type *type,
63 				      const union key_payload *payload,
64 				      struct key *trust_keyring);
65 
66 extern int restrict_link_by_key_or_keyring(struct key *dest_keyring,
67 					   const struct key_type *type,
68 					   const union key_payload *payload,
69 					   struct key *trusted);
70 
71 extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring,
72 						 const struct key_type *type,
73 						 const union key_payload *payload,
74 						 struct key *trusted);
75 
76 #if IS_REACHABLE(CONFIG_ASYMMETRIC_KEY_TYPE)
77 extern int restrict_link_by_ca(struct key *dest_keyring,
78 			       const struct key_type *type,
79 			       const union key_payload *payload,
80 			       struct key *trust_keyring);
81 #else
82 static inline int restrict_link_by_ca(struct key *dest_keyring,
83 				      const struct key_type *type,
84 				      const union key_payload *payload,
85 				      struct key *trust_keyring)
86 {
87 	return 0;
88 }
89 #endif
90 
91 extern int query_asymmetric_key(const struct kernel_pkey_params *,
92 				struct kernel_pkey_query *);
93 
94 extern int encrypt_blob(struct kernel_pkey_params *, const void *, void *);
95 extern int decrypt_blob(struct kernel_pkey_params *, const void *, void *);
96 extern int create_signature(struct kernel_pkey_params *, const void *, void *);
97 extern int verify_signature(const struct key *,
98 			    const struct public_key_signature *);
99 
100 #if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
101 int public_key_verify_signature(const struct public_key *pkey,
102 				const struct public_key_signature *sig);
103 #else
104 static inline
105 int public_key_verify_signature(const struct public_key *pkey,
106 				const struct public_key_signature *sig)
107 {
108 	return -EINVAL;
109 }
110 #endif
111 
112 #endif /* _LINUX_PUBLIC_KEY_H */
113