Commit | Line | Data |
---|---|---|
b4d0d230 | 1 | /* SPDX-License-Identifier: GPL-2.0-or-later */ |
a9681bf3 DH |
2 | /* Asymmetric public-key algorithm definitions |
3 | * | |
0efaaa86 | 4 | * See Documentation/crypto/asymmetric-keys.rst |
a9681bf3 DH |
5 | * |
6 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. | |
7 | * Written by David Howells (dhowells@redhat.com) | |
a9681bf3 DH |
8 | */ |
9 | ||
10 | #ifndef _LINUX_PUBLIC_KEY_H | |
11 | #define _LINUX_PUBLIC_KEY_H | |
12 | ||
4bb439e8 | 13 | #include <linux/errno.h> |
5a307718 | 14 | #include <linux/keyctl.h> |
f1774cb8 | 15 | #include <linux/oid_registry.h> |
5a307718 | 16 | |
a9681bf3 DH |
17 | /* |
18 | * Cryptographic data for the public-key subtype of the asymmetric key type. | |
19 | * | |
20 | * Note that this may include private part of the key as well as the public | |
21 | * part. | |
22 | */ | |
23 | struct public_key { | |
db6c43bd TS |
24 | void *key; |
25 | u32 keylen; | |
f1774cb8 VC |
26 | enum OID algo; |
27 | void *params; | |
28 | u32 paramlen; | |
f7c4e06e | 29 | bool key_is_private; |
4e8ae72a DH |
30 | const char *id_type; |
31 | const char *pkey_algo; | |
30eae2b0 ES |
32 | unsigned long key_eflags; /* key extension flags */ |
33 | #define KEY_EFLAG_CA 0 /* set if the CA basic constraints is set */ | |
56767128 ES |
34 | #define KEY_EFLAG_DIGITALSIG 1 /* set if the digitalSignature usage is set */ |
35 | #define KEY_EFLAG_KEYCERTSIGN 2 /* set if the keyCertSign usage is set */ | |
a9681bf3 DH |
36 | }; |
37 | ||
3b764563 | 38 | extern void public_key_free(struct public_key *key); |
a9681bf3 DH |
39 | |
40 | /* | |
41 | * Public key cryptography signature data | |
42 | */ | |
43 | struct public_key_signature { | |
7d30198e | 44 | struct asymmetric_key_id *auth_ids[3]; |
db6c43bd | 45 | u8 *s; /* Signature */ |
a9681bf3 | 46 | u8 *digest; |
f985911b | 47 | u32 s_size; /* Number of bytes in signature */ |
48 | u32 digest_size; /* Number of bytes in digest */ | |
4e8ae72a DH |
49 | const char *pkey_algo; |
50 | const char *hash_algo; | |
5a307718 | 51 | const char *encoding; |
a9681bf3 DH |
52 | }; |
53 | ||
3b764563 DH |
54 | extern void public_key_signature_free(struct public_key_signature *sig); |
55 | ||
db6c43bd | 56 | extern struct asymmetric_key_subtype public_key_subtype; |
3b764563 | 57 | |
4ae71c1d | 58 | struct key; |
a511e1af DH |
59 | struct key_type; |
60 | union key_payload; | |
61 | ||
aaf66c88 | 62 | extern int restrict_link_by_signature(struct key *dest_keyring, |
a511e1af | 63 | const struct key_type *type, |
aaf66c88 MM |
64 | const union key_payload *payload, |
65 | struct key *trust_keyring); | |
a511e1af | 66 | |
7e3c4d22 MM |
67 | extern int restrict_link_by_key_or_keyring(struct key *dest_keyring, |
68 | const struct key_type *type, | |
69 | const union key_payload *payload, | |
70 | struct key *trusted); | |
71 | ||
8e323a02 MM |
72 | extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring, |
73 | const struct key_type *type, | |
74 | const union key_payload *payload, | |
75 | struct key *trusted); | |
76 | ||
76adb2fb ES |
77 | #if IS_REACHABLE(CONFIG_ASYMMETRIC_KEY_TYPE) |
78 | extern int restrict_link_by_ca(struct key *dest_keyring, | |
79 | const struct key_type *type, | |
80 | const union key_payload *payload, | |
81 | struct key *trust_keyring); | |
4cfb9080 ES |
82 | int restrict_link_by_digsig(struct key *dest_keyring, |
83 | const struct key_type *type, | |
84 | const union key_payload *payload, | |
85 | struct key *trust_keyring); | |
76adb2fb ES |
86 | #else |
87 | static inline int restrict_link_by_ca(struct key *dest_keyring, | |
88 | const struct key_type *type, | |
89 | const union key_payload *payload, | |
90 | struct key *trust_keyring) | |
91 | { | |
92 | return 0; | |
93 | } | |
4cfb9080 ES |
94 | |
95 | static inline int restrict_link_by_digsig(struct key *dest_keyring, | |
96 | const struct key_type *type, | |
97 | const union key_payload *payload, | |
98 | struct key *trust_keyring) | |
99 | { | |
100 | return 0; | |
101 | } | |
76adb2fb ES |
102 | #endif |
103 | ||
5a307718 DH |
104 | extern int query_asymmetric_key(const struct kernel_pkey_params *, |
105 | struct kernel_pkey_query *); | |
106 | ||
107 | extern int encrypt_blob(struct kernel_pkey_params *, const void *, void *); | |
108 | extern int decrypt_blob(struct kernel_pkey_params *, const void *, void *); | |
109 | extern int create_signature(struct kernel_pkey_params *, const void *, void *); | |
110 | extern int verify_signature(const struct key *, | |
111 | const struct public_key_signature *); | |
4ae71c1d | 112 | |
7f8da991 | 113 | #if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) |
db6c43bd TS |
114 | int public_key_verify_signature(const struct public_key *pkey, |
115 | const struct public_key_signature *sig); | |
7f8da991 ES |
116 | #else |
117 | static inline | |
118 | int public_key_verify_signature(const struct public_key *pkey, | |
119 | const struct public_key_signature *sig) | |
120 | { | |
121 | return -EINVAL; | |
122 | } | |
123 | #endif | |
db6c43bd | 124 | |
a9681bf3 | 125 | #endif /* _LINUX_PUBLIC_KEY_H */ |