1b4d0d230SThomas Gleixner /* SPDX-License-Identifier: GPL-2.0-or-later */
2a9681bf3SDavid Howells /* Asymmetric public-key algorithm definitions
3a9681bf3SDavid Howells *
40efaaa86SMauro Carvalho Chehab * See Documentation/crypto/asymmetric-keys.rst
5a9681bf3SDavid Howells *
6a9681bf3SDavid Howells * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
7a9681bf3SDavid Howells * Written by David Howells (dhowells@redhat.com)
8a9681bf3SDavid Howells */
9a9681bf3SDavid Howells
10a9681bf3SDavid Howells #ifndef _LINUX_PUBLIC_KEY_H
11a9681bf3SDavid Howells #define _LINUX_PUBLIC_KEY_H
12a9681bf3SDavid Howells
13*4bb439e8SClay Chang #include <linux/errno.h>
145a307718SDavid Howells #include <linux/keyctl.h>
15f1774cb8SVitaly Chikunov #include <linux/oid_registry.h>
165a307718SDavid Howells
17a9681bf3SDavid Howells /*
18a9681bf3SDavid Howells * Cryptographic data for the public-key subtype of the asymmetric key type.
19a9681bf3SDavid Howells *
20a9681bf3SDavid Howells * Note that this may include private part of the key as well as the public
21a9681bf3SDavid Howells * part.
22a9681bf3SDavid Howells */
23a9681bf3SDavid Howells struct public_key {
24db6c43bdSTadeusz Struk void *key;
25db6c43bdSTadeusz Struk u32 keylen;
26f1774cb8SVitaly Chikunov enum OID algo;
27f1774cb8SVitaly Chikunov void *params;
28f1774cb8SVitaly Chikunov u32 paramlen;
29f7c4e06eSDavid Howells bool key_is_private;
304e8ae72aSDavid Howells const char *id_type;
314e8ae72aSDavid Howells const char *pkey_algo;
3230eae2b0SEric Snowberg unsigned long key_eflags; /* key extension flags */
3330eae2b0SEric Snowberg #define KEY_EFLAG_CA 0 /* set if the CA basic constraints is set */
3456767128SEric Snowberg #define KEY_EFLAG_DIGITALSIG 1 /* set if the digitalSignature usage is set */
3556767128SEric Snowberg #define KEY_EFLAG_KEYCERTSIGN 2 /* set if the keyCertSign usage is set */
36a9681bf3SDavid Howells };
37a9681bf3SDavid Howells
383b764563SDavid Howells extern void public_key_free(struct public_key *key);
39a9681bf3SDavid Howells
40a9681bf3SDavid Howells /*
41a9681bf3SDavid Howells * Public key cryptography signature data
42a9681bf3SDavid Howells */
43a9681bf3SDavid Howells struct public_key_signature {
447d30198eSAndrew Zaborowski struct asymmetric_key_id *auth_ids[3];
45db6c43bdSTadeusz Struk u8 *s; /* Signature */
46a9681bf3SDavid Howells u8 *digest;
47f985911bSzhenwei pi u32 s_size; /* Number of bytes in signature */
48f985911bSzhenwei pi u32 digest_size; /* Number of bytes in digest */
494e8ae72aSDavid Howells const char *pkey_algo;
504e8ae72aSDavid Howells const char *hash_algo;
515a307718SDavid Howells const char *encoding;
52a9681bf3SDavid Howells };
53a9681bf3SDavid Howells
543b764563SDavid Howells extern void public_key_signature_free(struct public_key_signature *sig);
553b764563SDavid Howells
56db6c43bdSTadeusz Struk extern struct asymmetric_key_subtype public_key_subtype;
573b764563SDavid Howells
584ae71c1dSDavid Howells struct key;
59a511e1afSDavid Howells struct key_type;
60a511e1afSDavid Howells union key_payload;
61a511e1afSDavid Howells
62aaf66c88SMat Martineau extern int restrict_link_by_signature(struct key *dest_keyring,
63a511e1afSDavid Howells const struct key_type *type,
64aaf66c88SMat Martineau const union key_payload *payload,
65aaf66c88SMat Martineau struct key *trust_keyring);
66a511e1afSDavid Howells
677e3c4d22SMat Martineau extern int restrict_link_by_key_or_keyring(struct key *dest_keyring,
687e3c4d22SMat Martineau const struct key_type *type,
697e3c4d22SMat Martineau const union key_payload *payload,
707e3c4d22SMat Martineau struct key *trusted);
717e3c4d22SMat Martineau
728e323a02SMat Martineau extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring,
738e323a02SMat Martineau const struct key_type *type,
748e323a02SMat Martineau const union key_payload *payload,
758e323a02SMat Martineau struct key *trusted);
768e323a02SMat Martineau
7776adb2fbSEric Snowberg #if IS_REACHABLE(CONFIG_ASYMMETRIC_KEY_TYPE)
7876adb2fbSEric Snowberg extern int restrict_link_by_ca(struct key *dest_keyring,
7976adb2fbSEric Snowberg const struct key_type *type,
8076adb2fbSEric Snowberg const union key_payload *payload,
8176adb2fbSEric Snowberg struct key *trust_keyring);
824cfb9080SEric Snowberg int restrict_link_by_digsig(struct key *dest_keyring,
834cfb9080SEric Snowberg const struct key_type *type,
844cfb9080SEric Snowberg const union key_payload *payload,
854cfb9080SEric Snowberg struct key *trust_keyring);
8676adb2fbSEric Snowberg #else
restrict_link_by_ca(struct key * dest_keyring,const struct key_type * type,const union key_payload * payload,struct key * trust_keyring)8776adb2fbSEric Snowberg static inline int restrict_link_by_ca(struct key *dest_keyring,
8876adb2fbSEric Snowberg const struct key_type *type,
8976adb2fbSEric Snowberg const union key_payload *payload,
9076adb2fbSEric Snowberg struct key *trust_keyring)
9176adb2fbSEric Snowberg {
9276adb2fbSEric Snowberg return 0;
9376adb2fbSEric Snowberg }
944cfb9080SEric Snowberg
restrict_link_by_digsig(struct key * dest_keyring,const struct key_type * type,const union key_payload * payload,struct key * trust_keyring)954cfb9080SEric Snowberg static inline int restrict_link_by_digsig(struct key *dest_keyring,
964cfb9080SEric Snowberg const struct key_type *type,
974cfb9080SEric Snowberg const union key_payload *payload,
984cfb9080SEric Snowberg struct key *trust_keyring)
994cfb9080SEric Snowberg {
1004cfb9080SEric Snowberg return 0;
1014cfb9080SEric Snowberg }
10276adb2fbSEric Snowberg #endif
10376adb2fbSEric Snowberg
1045a307718SDavid Howells extern int query_asymmetric_key(const struct kernel_pkey_params *,
1055a307718SDavid Howells struct kernel_pkey_query *);
1065a307718SDavid Howells
1075a307718SDavid Howells extern int encrypt_blob(struct kernel_pkey_params *, const void *, void *);
1085a307718SDavid Howells extern int decrypt_blob(struct kernel_pkey_params *, const void *, void *);
1095a307718SDavid Howells extern int create_signature(struct kernel_pkey_params *, const void *, void *);
1105a307718SDavid Howells extern int verify_signature(const struct key *,
1115a307718SDavid Howells const struct public_key_signature *);
1124ae71c1dSDavid Howells
1137f8da991SEric Snowberg #if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
114db6c43bdSTadeusz Struk int public_key_verify_signature(const struct public_key *pkey,
115db6c43bdSTadeusz Struk const struct public_key_signature *sig);
1167f8da991SEric Snowberg #else
1177f8da991SEric Snowberg static inline
public_key_verify_signature(const struct public_key * pkey,const struct public_key_signature * sig)1187f8da991SEric Snowberg int public_key_verify_signature(const struct public_key *pkey,
1197f8da991SEric Snowberg const struct public_key_signature *sig)
1207f8da991SEric Snowberg {
1217f8da991SEric Snowberg return -EINVAL;
1227f8da991SEric Snowberg }
1237f8da991SEric Snowberg #endif
124db6c43bdSTadeusz Struk
125a9681bf3SDavid Howells #endif /* _LINUX_PUBLIC_KEY_H */
126