1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /* Asymmetric public-key algorithm definitions
3  *
4  * See Documentation/crypto/asymmetric-keys.rst
5  *
6  * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
7  * Written by David Howells (dhowells@redhat.com)
8  */
9 
10 #ifndef _LINUX_PUBLIC_KEY_H
11 #define _LINUX_PUBLIC_KEY_H
12 
13 #include <linux/errno.h>
14 #include <linux/keyctl.h>
15 #include <linux/oid_registry.h>
16 
17 /*
18  * Cryptographic data for the public-key subtype of the asymmetric key type.
19  *
20  * Note that this may include private part of the key as well as the public
21  * part.
22  */
23 struct public_key {
24 	void *key;
25 	u32 keylen;
26 	enum OID algo;
27 	void *params;
28 	u32 paramlen;
29 	bool key_is_private;
30 	const char *id_type;
31 	const char *pkey_algo;
32 	unsigned long key_eflags;	/* key extension flags */
33 #define KEY_EFLAG_CA		0	/* set if the CA basic constraints is set */
34 #define KEY_EFLAG_DIGITALSIG	1	/* set if the digitalSignature usage is set */
35 #define KEY_EFLAG_KEYCERTSIGN	2	/* set if the keyCertSign usage is set */
36 };
37 
38 extern void public_key_free(struct public_key *key);
39 
40 /*
41  * Public key cryptography signature data
42  */
43 struct public_key_signature {
44 	struct asymmetric_key_id *auth_ids[3];
45 	u8 *s;			/* Signature */
46 	u8 *digest;
47 	u32 s_size;		/* Number of bytes in signature */
48 	u32 digest_size;	/* Number of bytes in digest */
49 	const char *pkey_algo;
50 	const char *hash_algo;
51 	const char *encoding;
52 };
53 
54 extern void public_key_signature_free(struct public_key_signature *sig);
55 
56 extern struct asymmetric_key_subtype public_key_subtype;
57 
58 struct key;
59 struct key_type;
60 union key_payload;
61 
62 extern int restrict_link_by_signature(struct key *dest_keyring,
63 				      const struct key_type *type,
64 				      const union key_payload *payload,
65 				      struct key *trust_keyring);
66 
67 extern int restrict_link_by_key_or_keyring(struct key *dest_keyring,
68 					   const struct key_type *type,
69 					   const union key_payload *payload,
70 					   struct key *trusted);
71 
72 extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring,
73 						 const struct key_type *type,
74 						 const union key_payload *payload,
75 						 struct key *trusted);
76 
77 #if IS_REACHABLE(CONFIG_ASYMMETRIC_KEY_TYPE)
78 extern int restrict_link_by_ca(struct key *dest_keyring,
79 			       const struct key_type *type,
80 			       const union key_payload *payload,
81 			       struct key *trust_keyring);
82 int restrict_link_by_digsig(struct key *dest_keyring,
83 			    const struct key_type *type,
84 			    const union key_payload *payload,
85 			    struct key *trust_keyring);
86 #else
restrict_link_by_ca(struct key * dest_keyring,const struct key_type * type,const union key_payload * payload,struct key * trust_keyring)87 static inline int restrict_link_by_ca(struct key *dest_keyring,
88 				      const struct key_type *type,
89 				      const union key_payload *payload,
90 				      struct key *trust_keyring)
91 {
92 	return 0;
93 }
94 
restrict_link_by_digsig(struct key * dest_keyring,const struct key_type * type,const union key_payload * payload,struct key * trust_keyring)95 static inline int restrict_link_by_digsig(struct key *dest_keyring,
96 					  const struct key_type *type,
97 					  const union key_payload *payload,
98 					  struct key *trust_keyring)
99 {
100 	return 0;
101 }
102 #endif
103 
104 extern int query_asymmetric_key(const struct kernel_pkey_params *,
105 				struct kernel_pkey_query *);
106 
107 extern int encrypt_blob(struct kernel_pkey_params *, const void *, void *);
108 extern int decrypt_blob(struct kernel_pkey_params *, const void *, void *);
109 extern int create_signature(struct kernel_pkey_params *, const void *, void *);
110 extern int verify_signature(const struct key *,
111 			    const struct public_key_signature *);
112 
113 #if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
114 int public_key_verify_signature(const struct public_key *pkey,
115 				const struct public_key_signature *sig);
116 #else
117 static inline
public_key_verify_signature(const struct public_key * pkey,const struct public_key_signature * sig)118 int public_key_verify_signature(const struct public_key *pkey,
119 				const struct public_key_signature *sig)
120 {
121 	return -EINVAL;
122 }
123 #endif
124 
125 #endif /* _LINUX_PUBLIC_KEY_H */
126