1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/* Asymmetric public-key algorithm definitions
3 *
4 * See Documentation/crypto/asymmetric-keys.rst
5 *
6 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
7 * Written by David Howells (dhowells@redhat.com)
8 */
9
10#ifndef _LINUX_PUBLIC_KEY_H
11#define _LINUX_PUBLIC_KEY_H
12
13#include <linux/errno.h>
14#include <linux/keyctl.h>
15#include <linux/oid_registry.h>
16
17/*
18 * Cryptographic data for the public-key subtype of the asymmetric key type.
19 *
20 * Note that this may include private part of the key as well as the public
21 * part.
22 */
23struct public_key {
24	void *key;
25	u32 keylen;
26	enum OID algo;
27	void *params;
28	u32 paramlen;
29	bool key_is_private;
30	const char *id_type;
31	const char *pkey_algo;
32	unsigned long key_eflags;	/* key extension flags */
33#define KEY_EFLAG_CA		0	/* set if the CA basic constraints is set */
34#define KEY_EFLAG_DIGITALSIG	1	/* set if the digitalSignature usage is set */
35#define KEY_EFLAG_KEYCERTSIGN	2	/* set if the keyCertSign usage is set */
36};
37
38extern void public_key_free(struct public_key *key);
39
40/*
41 * Public key cryptography signature data
42 */
43struct public_key_signature {
44	struct asymmetric_key_id *auth_ids[3];
45	u8 *s;			/* Signature */
46	u8 *digest;
47	u32 s_size;		/* Number of bytes in signature */
48	u32 digest_size;	/* Number of bytes in digest */
49	const char *pkey_algo;
50	const char *hash_algo;
51	const char *encoding;
52};
53
54extern void public_key_signature_free(struct public_key_signature *sig);
55
56extern struct asymmetric_key_subtype public_key_subtype;
57
58struct key;
59struct key_type;
60union key_payload;
61
62extern int restrict_link_by_signature(struct key *dest_keyring,
63				      const struct key_type *type,
64				      const union key_payload *payload,
65				      struct key *trust_keyring);
66
67extern int restrict_link_by_key_or_keyring(struct key *dest_keyring,
68					   const struct key_type *type,
69					   const union key_payload *payload,
70					   struct key *trusted);
71
72extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring,
73						 const struct key_type *type,
74						 const union key_payload *payload,
75						 struct key *trusted);
76
77#if IS_REACHABLE(CONFIG_ASYMMETRIC_KEY_TYPE)
78extern int restrict_link_by_ca(struct key *dest_keyring,
79			       const struct key_type *type,
80			       const union key_payload *payload,
81			       struct key *trust_keyring);
82int restrict_link_by_digsig(struct key *dest_keyring,
83			    const struct key_type *type,
84			    const union key_payload *payload,
85			    struct key *trust_keyring);
86#else
87static inline int restrict_link_by_ca(struct key *dest_keyring,
88				      const struct key_type *type,
89				      const union key_payload *payload,
90				      struct key *trust_keyring)
91{
92	return 0;
93}
94
95static inline int restrict_link_by_digsig(struct key *dest_keyring,
96					  const struct key_type *type,
97					  const union key_payload *payload,
98					  struct key *trust_keyring)
99{
100	return 0;
101}
102#endif
103
104extern int query_asymmetric_key(const struct kernel_pkey_params *,
105				struct kernel_pkey_query *);
106
107extern int encrypt_blob(struct kernel_pkey_params *, const void *, void *);
108extern int decrypt_blob(struct kernel_pkey_params *, const void *, void *);
109extern int create_signature(struct kernel_pkey_params *, const void *, void *);
110extern int verify_signature(const struct key *,
111			    const struct public_key_signature *);
112
113#if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
114int public_key_verify_signature(const struct public_key *pkey,
115				const struct public_key_signature *sig);
116#else
117static inline
118int public_key_verify_signature(const struct public_key *pkey,
119				const struct public_key_signature *sig)
120{
121	return -EINVAL;
122}
123#endif
124
125#endif /* _LINUX_PUBLIC_KEY_H */
126