1  /* SPDX-License-Identifier: GPL-2.0-or-later */
2  /* Asymmetric public-key algorithm definitions
3   *
4   * See Documentation/crypto/asymmetric-keys.rst
5   *
6   * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
7   * Written by David Howells (dhowells@redhat.com)
8   */
9  
10  #ifndef _LINUX_PUBLIC_KEY_H
11  #define _LINUX_PUBLIC_KEY_H
12  
13  #include <linux/errno.h>
14  #include <linux/keyctl.h>
15  #include <linux/oid_registry.h>
16  
17  /*
18   * Cryptographic data for the public-key subtype of the asymmetric key type.
19   *
20   * Note that this may include private part of the key as well as the public
21   * part.
22   */
23  struct public_key {
24  	void *key;
25  	u32 keylen;
26  	enum OID algo;
27  	void *params;
28  	u32 paramlen;
29  	bool key_is_private;
30  	const char *id_type;
31  	const char *pkey_algo;
32  	unsigned long key_eflags;	/* key extension flags */
33  #define KEY_EFLAG_CA		0	/* set if the CA basic constraints is set */
34  #define KEY_EFLAG_DIGITALSIG	1	/* set if the digitalSignature usage is set */
35  #define KEY_EFLAG_KEYCERTSIGN	2	/* set if the keyCertSign usage is set */
36  };
37  
38  extern void public_key_free(struct public_key *key);
39  
40  /*
41   * Public key cryptography signature data
42   */
43  struct public_key_signature {
44  	struct asymmetric_key_id *auth_ids[3];
45  	u8 *s;			/* Signature */
46  	u8 *digest;
47  	u32 s_size;		/* Number of bytes in signature */
48  	u32 digest_size;	/* Number of bytes in digest */
49  	const char *pkey_algo;
50  	const char *hash_algo;
51  	const char *encoding;
52  };
53  
54  extern void public_key_signature_free(struct public_key_signature *sig);
55  
56  extern struct asymmetric_key_subtype public_key_subtype;
57  
58  struct key;
59  struct key_type;
60  union key_payload;
61  
62  extern int restrict_link_by_signature(struct key *dest_keyring,
63  				      const struct key_type *type,
64  				      const union key_payload *payload,
65  				      struct key *trust_keyring);
66  
67  extern int restrict_link_by_key_or_keyring(struct key *dest_keyring,
68  					   const struct key_type *type,
69  					   const union key_payload *payload,
70  					   struct key *trusted);
71  
72  extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring,
73  						 const struct key_type *type,
74  						 const union key_payload *payload,
75  						 struct key *trusted);
76  
77  #if IS_REACHABLE(CONFIG_ASYMMETRIC_KEY_TYPE)
78  extern int restrict_link_by_ca(struct key *dest_keyring,
79  			       const struct key_type *type,
80  			       const union key_payload *payload,
81  			       struct key *trust_keyring);
82  int restrict_link_by_digsig(struct key *dest_keyring,
83  			    const struct key_type *type,
84  			    const union key_payload *payload,
85  			    struct key *trust_keyring);
86  #else
restrict_link_by_ca(struct key * dest_keyring,const struct key_type * type,const union key_payload * payload,struct key * trust_keyring)87  static inline int restrict_link_by_ca(struct key *dest_keyring,
88  				      const struct key_type *type,
89  				      const union key_payload *payload,
90  				      struct key *trust_keyring)
91  {
92  	return 0;
93  }
94  
restrict_link_by_digsig(struct key * dest_keyring,const struct key_type * type,const union key_payload * payload,struct key * trust_keyring)95  static inline int restrict_link_by_digsig(struct key *dest_keyring,
96  					  const struct key_type *type,
97  					  const union key_payload *payload,
98  					  struct key *trust_keyring)
99  {
100  	return 0;
101  }
102  #endif
103  
104  extern int query_asymmetric_key(const struct kernel_pkey_params *,
105  				struct kernel_pkey_query *);
106  
107  extern int encrypt_blob(struct kernel_pkey_params *, const void *, void *);
108  extern int decrypt_blob(struct kernel_pkey_params *, const void *, void *);
109  extern int create_signature(struct kernel_pkey_params *, const void *, void *);
110  extern int verify_signature(const struct key *,
111  			    const struct public_key_signature *);
112  
113  #if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
114  int public_key_verify_signature(const struct public_key *pkey,
115  				const struct public_key_signature *sig);
116  #else
117  static inline
public_key_verify_signature(const struct public_key * pkey,const struct public_key_signature * sig)118  int public_key_verify_signature(const struct public_key *pkey,
119  				const struct public_key_signature *sig)
120  {
121  	return -EINVAL;
122  }
123  #endif
124  
125  #endif /* _LINUX_PUBLIC_KEY_H */
126