1/* SPDX-License-Identifier: GPL-2.0-or-later */ 2/* Asymmetric public-key algorithm definitions 3 * 4 * See Documentation/crypto/asymmetric-keys.rst 5 * 6 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. 7 * Written by David Howells (dhowells@redhat.com) 8 */ 9 10#ifndef _LINUX_PUBLIC_KEY_H 11#define _LINUX_PUBLIC_KEY_H 12 13#include <linux/errno.h> 14#include <linux/keyctl.h> 15#include <linux/oid_registry.h> 16 17/* 18 * Cryptographic data for the public-key subtype of the asymmetric key type. 19 * 20 * Note that this may include private part of the key as well as the public 21 * part. 22 */ 23struct public_key { 24 void *key; 25 u32 keylen; 26 enum OID algo; 27 void *params; 28 u32 paramlen; 29 bool key_is_private; 30 const char *id_type; 31 const char *pkey_algo; 32 unsigned long key_eflags; /* key extension flags */ 33#define KEY_EFLAG_CA 0 /* set if the CA basic constraints is set */ 34#define KEY_EFLAG_DIGITALSIG 1 /* set if the digitalSignature usage is set */ 35#define KEY_EFLAG_KEYCERTSIGN 2 /* set if the keyCertSign usage is set */ 36}; 37 38extern void public_key_free(struct public_key *key); 39 40/* 41 * Public key cryptography signature data 42 */ 43struct public_key_signature { 44 struct asymmetric_key_id *auth_ids[3]; 45 u8 *s; /* Signature */ 46 u8 *digest; 47 u32 s_size; /* Number of bytes in signature */ 48 u32 digest_size; /* Number of bytes in digest */ 49 const char *pkey_algo; 50 const char *hash_algo; 51 const char *encoding; 52}; 53 54extern void public_key_signature_free(struct public_key_signature *sig); 55 56extern struct asymmetric_key_subtype public_key_subtype; 57 58struct key; 59struct key_type; 60union key_payload; 61 62extern int restrict_link_by_signature(struct key *dest_keyring, 63 const struct key_type *type, 64 const union key_payload *payload, 65 struct key *trust_keyring); 66 67extern int restrict_link_by_key_or_keyring(struct key *dest_keyring, 68 const struct key_type *type, 69 const union key_payload *payload, 70 struct key *trusted); 71 72extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring, 73 const struct key_type *type, 74 const union key_payload *payload, 75 struct key *trusted); 76 77#if IS_REACHABLE(CONFIG_ASYMMETRIC_KEY_TYPE) 78extern int restrict_link_by_ca(struct key *dest_keyring, 79 const struct key_type *type, 80 const union key_payload *payload, 81 struct key *trust_keyring); 82int restrict_link_by_digsig(struct key *dest_keyring, 83 const struct key_type *type, 84 const union key_payload *payload, 85 struct key *trust_keyring); 86#else 87static inline int restrict_link_by_ca(struct key *dest_keyring, 88 const struct key_type *type, 89 const union key_payload *payload, 90 struct key *trust_keyring) 91{ 92 return 0; 93} 94 95static inline int restrict_link_by_digsig(struct key *dest_keyring, 96 const struct key_type *type, 97 const union key_payload *payload, 98 struct key *trust_keyring) 99{ 100 return 0; 101} 102#endif 103 104extern int query_asymmetric_key(const struct kernel_pkey_params *, 105 struct kernel_pkey_query *); 106 107extern int encrypt_blob(struct kernel_pkey_params *, const void *, void *); 108extern int decrypt_blob(struct kernel_pkey_params *, const void *, void *); 109extern int create_signature(struct kernel_pkey_params *, const void *, void *); 110extern int verify_signature(const struct key *, 111 const struct public_key_signature *); 112 113#if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) 114int public_key_verify_signature(const struct public_key *pkey, 115 const struct public_key_signature *sig); 116#else 117static inline 118int public_key_verify_signature(const struct public_key *pkey, 119 const struct public_key_signature *sig) 120{ 121 return -EINVAL; 122} 123#endif 124 125#endif /* _LINUX_PUBLIC_KEY_H */ 126