1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /* Asymmetric public-key algorithm definitions
3  *
4  * See Documentation/crypto/asymmetric-keys.rst
5  *
6  * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
7  * Written by David Howells (dhowells@redhat.com)
8  */
9 
10 #ifndef _LINUX_PUBLIC_KEY_H
11 #define _LINUX_PUBLIC_KEY_H
12 
13 #include <linux/keyctl.h>
14 #include <linux/oid_registry.h>
15 
16 /*
17  * Cryptographic data for the public-key subtype of the asymmetric key type.
18  *
19  * Note that this may include private part of the key as well as the public
20  * part.
21  */
22 struct public_key {
23 	void *key;
24 	u32 keylen;
25 	enum OID algo;
26 	void *params;
27 	u32 paramlen;
28 	bool key_is_private;
29 	const char *id_type;
30 	const char *pkey_algo;
31 	unsigned long key_eflags;	/* key extension flags */
32 #define KEY_EFLAG_CA		0	/* set if the CA basic constraints is set */
33 #define KEY_EFLAG_DIGITALSIG	1	/* set if the digitalSignature usage is set */
34 #define KEY_EFLAG_KEYCERTSIGN	2	/* set if the keyCertSign usage is set */
35 };
36 
37 extern void public_key_free(struct public_key *key);
38 
39 /*
40  * Public key cryptography signature data
41  */
42 struct public_key_signature {
43 	struct asymmetric_key_id *auth_ids[3];
44 	u8 *s;			/* Signature */
45 	u8 *digest;
46 	u32 s_size;		/* Number of bytes in signature */
47 	u32 digest_size;	/* Number of bytes in digest */
48 	const char *pkey_algo;
49 	const char *hash_algo;
50 	const char *encoding;
51 };
52 
53 extern void public_key_signature_free(struct public_key_signature *sig);
54 
55 extern struct asymmetric_key_subtype public_key_subtype;
56 
57 struct key;
58 struct key_type;
59 union key_payload;
60 
61 extern int restrict_link_by_signature(struct key *dest_keyring,
62 				      const struct key_type *type,
63 				      const union key_payload *payload,
64 				      struct key *trust_keyring);
65 
66 extern int restrict_link_by_key_or_keyring(struct key *dest_keyring,
67 					   const struct key_type *type,
68 					   const union key_payload *payload,
69 					   struct key *trusted);
70 
71 extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring,
72 						 const struct key_type *type,
73 						 const union key_payload *payload,
74 						 struct key *trusted);
75 
76 #if IS_REACHABLE(CONFIG_ASYMMETRIC_KEY_TYPE)
77 extern int restrict_link_by_ca(struct key *dest_keyring,
78 			       const struct key_type *type,
79 			       const union key_payload *payload,
80 			       struct key *trust_keyring);
81 int restrict_link_by_digsig(struct key *dest_keyring,
82 			    const struct key_type *type,
83 			    const union key_payload *payload,
84 			    struct key *trust_keyring);
85 #else
restrict_link_by_ca(struct key * dest_keyring,const struct key_type * type,const union key_payload * payload,struct key * trust_keyring)86 static inline int restrict_link_by_ca(struct key *dest_keyring,
87 				      const struct key_type *type,
88 				      const union key_payload *payload,
89 				      struct key *trust_keyring)
90 {
91 	return 0;
92 }
93 
restrict_link_by_digsig(struct key * dest_keyring,const struct key_type * type,const union key_payload * payload,struct key * trust_keyring)94 static inline int restrict_link_by_digsig(struct key *dest_keyring,
95 					  const struct key_type *type,
96 					  const union key_payload *payload,
97 					  struct key *trust_keyring)
98 {
99 	return 0;
100 }
101 #endif
102 
103 extern int query_asymmetric_key(const struct kernel_pkey_params *,
104 				struct kernel_pkey_query *);
105 
106 extern int encrypt_blob(struct kernel_pkey_params *, const void *, void *);
107 extern int decrypt_blob(struct kernel_pkey_params *, const void *, void *);
108 extern int create_signature(struct kernel_pkey_params *, const void *, void *);
109 extern int verify_signature(const struct key *,
110 			    const struct public_key_signature *);
111 
112 #if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
113 int public_key_verify_signature(const struct public_key *pkey,
114 				const struct public_key_signature *sig);
115 #else
116 static inline
public_key_verify_signature(const struct public_key * pkey,const struct public_key_signature * sig)117 int public_key_verify_signature(const struct public_key *pkey,
118 				const struct public_key_signature *sig)
119 {
120 	return -EINVAL;
121 }
122 #endif
123 
124 #endif /* _LINUX_PUBLIC_KEY_H */
125