1 /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 /* Asymmetric public-key algorithm definitions 3 * 4 * See Documentation/crypto/asymmetric-keys.rst 5 * 6 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. 7 * Written by David Howells (dhowells@redhat.com) 8 */ 9 10 #ifndef _LINUX_PUBLIC_KEY_H 11 #define _LINUX_PUBLIC_KEY_H 12 13 #include <linux/errno.h> 14 #include <linux/keyctl.h> 15 #include <linux/oid_registry.h> 16 17 /* 18 * Cryptographic data for the public-key subtype of the asymmetric key type. 19 * 20 * Note that this may include private part of the key as well as the public 21 * part. 22 */ 23 struct public_key { 24 void *key; 25 u32 keylen; 26 enum OID algo; 27 void *params; 28 u32 paramlen; 29 bool key_is_private; 30 const char *id_type; 31 const char *pkey_algo; 32 unsigned long key_eflags; /* key extension flags */ 33 #define KEY_EFLAG_CA 0 /* set if the CA basic constraints is set */ 34 #define KEY_EFLAG_DIGITALSIG 1 /* set if the digitalSignature usage is set */ 35 #define KEY_EFLAG_KEYCERTSIGN 2 /* set if the keyCertSign usage is set */ 36 }; 37 38 extern void public_key_free(struct public_key *key); 39 40 /* 41 * Public key cryptography signature data 42 */ 43 struct public_key_signature { 44 struct asymmetric_key_id *auth_ids[3]; 45 u8 *s; /* Signature */ 46 u8 *m; /* Message data to pass to verifier */ 47 u32 s_size; /* Number of bytes in signature */ 48 u32 m_size; /* Number of bytes in ->m */ 49 bool m_free; /* T if ->m needs freeing */ 50 bool algo_takes_data; /* T if public key algo operates on data, not a hash */ 51 const char *pkey_algo; 52 const char *hash_algo; 53 const char *encoding; 54 }; 55 56 extern void public_key_signature_free(struct public_key_signature *sig); 57 58 extern struct asymmetric_key_subtype public_key_subtype; 59 60 struct key; 61 struct key_type; 62 union key_payload; 63 64 extern int restrict_link_by_signature(struct key *dest_keyring, 65 const struct key_type *type, 66 const union key_payload *payload, 67 struct key *trust_keyring); 68 69 extern int restrict_link_by_key_or_keyring(struct key *dest_keyring, 70 const struct key_type *type, 71 const union key_payload *payload, 72 struct key *trusted); 73 74 extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring, 75 const struct key_type *type, 76 const union key_payload *payload, 77 struct key *trusted); 78 79 #if IS_REACHABLE(CONFIG_ASYMMETRIC_KEY_TYPE) 80 extern int restrict_link_by_ca(struct key *dest_keyring, 81 const struct key_type *type, 82 const union key_payload *payload, 83 struct key *trust_keyring); 84 int restrict_link_by_digsig(struct key *dest_keyring, 85 const struct key_type *type, 86 const union key_payload *payload, 87 struct key *trust_keyring); 88 #else 89 static inline int restrict_link_by_ca(struct key *dest_keyring, 90 const struct key_type *type, 91 const union key_payload *payload, 92 struct key *trust_keyring) 93 { 94 return 0; 95 } 96 97 static inline int restrict_link_by_digsig(struct key *dest_keyring, 98 const struct key_type *type, 99 const union key_payload *payload, 100 struct key *trust_keyring) 101 { 102 return 0; 103 } 104 #endif 105 106 extern int query_asymmetric_key(const struct kernel_pkey_params *, 107 struct kernel_pkey_query *); 108 109 extern int verify_signature(const struct key *, 110 const struct public_key_signature *); 111 112 #if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) 113 int public_key_verify_signature(const struct public_key *pkey, 114 const struct public_key_signature *sig); 115 #else 116 static inline 117 int public_key_verify_signature(const struct public_key *pkey, 118 const struct public_key_signature *sig) 119 { 120 return -EINVAL; 121 } 122 #endif 123 124 #endif /* _LINUX_PUBLIC_KEY_H */ 125