Loading...
1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/* Asymmetric public-key algorithm definitions
3 *
4 * See Documentation/crypto/asymmetric-keys.rst
5 *
6 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
7 * Written by David Howells (dhowells@redhat.com)
8 */
9
10#ifndef _LINUX_PUBLIC_KEY_H
11#define _LINUX_PUBLIC_KEY_H
12
13#include <linux/keyctl.h>
14#include <linux/oid_registry.h>
15
16/*
17 * Cryptographic data for the public-key subtype of the asymmetric key type.
18 *
19 * Note that this may include private part of the key as well as the public
20 * part.
21 */
22struct public_key {
23 void *key;
24 u32 keylen;
25 enum OID algo;
26 void *params;
27 u32 paramlen;
28 bool key_is_private;
29 const char *id_type;
30 const char *pkey_algo;
31 unsigned long key_eflags; /* key extension flags */
32#define KEY_EFLAG_CA 0 /* set if the CA basic constraints is set */
33#define KEY_EFLAG_DIGITALSIG 1 /* set if the digitalSignature usage is set */
34#define KEY_EFLAG_KEYCERTSIGN 2 /* set if the keyCertSign usage is set */
35};
36
37extern void public_key_free(struct public_key *key);
38
39/*
40 * Public key cryptography signature data
41 */
42struct public_key_signature {
43 struct asymmetric_key_id *auth_ids[3];
44 u8 *s; /* Signature */
45 u8 *digest;
46 u32 s_size; /* Number of bytes in signature */
47 u32 digest_size; /* Number of bytes in digest */
48 const char *pkey_algo;
49 const char *hash_algo;
50 const char *encoding;
51};
52
53extern void public_key_signature_free(struct public_key_signature *sig);
54
55extern struct asymmetric_key_subtype public_key_subtype;
56
57struct key;
58struct key_type;
59union key_payload;
60
61extern int restrict_link_by_signature(struct key *dest_keyring,
62 const struct key_type *type,
63 const union key_payload *payload,
64 struct key *trust_keyring);
65
66extern int restrict_link_by_key_or_keyring(struct key *dest_keyring,
67 const struct key_type *type,
68 const union key_payload *payload,
69 struct key *trusted);
70
71extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring,
72 const struct key_type *type,
73 const union key_payload *payload,
74 struct key *trusted);
75
76#if IS_REACHABLE(CONFIG_ASYMMETRIC_KEY_TYPE)
77extern int restrict_link_by_ca(struct key *dest_keyring,
78 const struct key_type *type,
79 const union key_payload *payload,
80 struct key *trust_keyring);
81int restrict_link_by_digsig(struct key *dest_keyring,
82 const struct key_type *type,
83 const union key_payload *payload,
84 struct key *trust_keyring);
85#else
86static inline int restrict_link_by_ca(struct key *dest_keyring,
87 const struct key_type *type,
88 const union key_payload *payload,
89 struct key *trust_keyring)
90{
91 return 0;
92}
93
94static inline int restrict_link_by_digsig(struct key *dest_keyring,
95 const struct key_type *type,
96 const union key_payload *payload,
97 struct key *trust_keyring)
98{
99 return 0;
100}
101#endif
102
103extern int query_asymmetric_key(const struct kernel_pkey_params *,
104 struct kernel_pkey_query *);
105
106extern int encrypt_blob(struct kernel_pkey_params *, const void *, void *);
107extern int decrypt_blob(struct kernel_pkey_params *, const void *, void *);
108extern int create_signature(struct kernel_pkey_params *, const void *, void *);
109extern int verify_signature(const struct key *,
110 const struct public_key_signature *);
111
112#if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
113int public_key_verify_signature(const struct public_key *pkey,
114 const struct public_key_signature *sig);
115#else
116static inline
117int public_key_verify_signature(const struct public_key *pkey,
118 const struct public_key_signature *sig)
119{
120 return -EINVAL;
121}
122#endif
123
124#endif /* _LINUX_PUBLIC_KEY_H */
1/* Asymmetric public-key algorithm definitions
2 *
3 * See Documentation/crypto/asymmetric-keys.txt
4 *
5 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
6 * Written by David Howells (dhowells@redhat.com)
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public Licence
10 * as published by the Free Software Foundation; either version
11 * 2 of the Licence, or (at your option) any later version.
12 */
13
14#ifndef _LINUX_PUBLIC_KEY_H
15#define _LINUX_PUBLIC_KEY_H
16
17/*
18 * The use to which an asymmetric key is being put.
19 */
20enum key_being_used_for {
21 VERIFYING_MODULE_SIGNATURE,
22 VERIFYING_FIRMWARE_SIGNATURE,
23 VERIFYING_KEXEC_PE_SIGNATURE,
24 VERIFYING_KEY_SIGNATURE,
25 VERIFYING_KEY_SELF_SIGNATURE,
26 VERIFYING_UNSPECIFIED_SIGNATURE,
27 NR__KEY_BEING_USED_FOR
28};
29extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR];
30
31/*
32 * Cryptographic data for the public-key subtype of the asymmetric key type.
33 *
34 * Note that this may include private part of the key as well as the public
35 * part.
36 */
37struct public_key {
38 void *key;
39 u32 keylen;
40 const char *id_type;
41 const char *pkey_algo;
42};
43
44extern void public_key_destroy(void *payload);
45
46/*
47 * Public key cryptography signature data
48 */
49struct public_key_signature {
50 u8 *s; /* Signature */
51 u32 s_size; /* Number of bytes in signature */
52 u8 *digest;
53 u8 digest_size; /* Number of bytes in digest */
54 const char *pkey_algo;
55 const char *hash_algo;
56};
57
58extern struct asymmetric_key_subtype public_key_subtype;
59struct key;
60extern int verify_signature(const struct key *key,
61 const struct public_key_signature *sig);
62
63struct asymmetric_key_id;
64extern struct key *x509_request_asymmetric_key(struct key *keyring,
65 const struct asymmetric_key_id *id,
66 const struct asymmetric_key_id *skid,
67 bool partial);
68
69int public_key_verify_signature(const struct public_key *pkey,
70 const struct public_key_signature *sig);
71
72#endif /* _LINUX_PUBLIC_KEY_H */