1 /* Asymmetric public-key algorithm definitions 2 * 3 * See Documentation/crypto/asymmetric-keys.txt 4 * 5 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. 6 * Written by David Howells (dhowells@redhat.com) 7 * 8 * This program is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU General Public Licence 10 * as published by the Free Software Foundation; either version 11 * 2 of the Licence, or (at your option) any later version. 12 */ 13 14 #ifndef _LINUX_PUBLIC_KEY_H 15 #define _LINUX_PUBLIC_KEY_H 16 17 #include <linux/mpi.h> 18 #include <keys/asymmetric-type.h> 19 #include <crypto/hash_info.h> 20 21 enum pkey_algo { 22 PKEY_ALGO_DSA, 23 PKEY_ALGO_RSA, 24 PKEY_ALGO__LAST 25 }; 26 27 extern const char *const pkey_algo_name[PKEY_ALGO__LAST]; 28 extern const struct public_key_algorithm *pkey_algo[PKEY_ALGO__LAST]; 29 30 /* asymmetric key implementation supports only up to SHA224 */ 31 #define PKEY_HASH__LAST (HASH_ALGO_SHA224 + 1) 32 33 enum pkey_id_type { 34 PKEY_ID_PGP, /* OpenPGP generated key ID */ 35 PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */ 36 PKEY_ID_PKCS7, /* Signature in PKCS#7 message */ 37 PKEY_ID_TYPE__LAST 38 }; 39 40 extern const char *const pkey_id_type_name[PKEY_ID_TYPE__LAST]; 41 42 /* 43 * The use to which an asymmetric key is being put. 44 */ 45 enum key_being_used_for { 46 VERIFYING_MODULE_SIGNATURE, 47 VERIFYING_FIRMWARE_SIGNATURE, 48 VERIFYING_KEXEC_PE_SIGNATURE, 49 VERIFYING_KEY_SIGNATURE, 50 VERIFYING_KEY_SELF_SIGNATURE, 51 VERIFYING_UNSPECIFIED_SIGNATURE, 52 NR__KEY_BEING_USED_FOR 53 }; 54 extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR]; 55 56 /* 57 * Cryptographic data for the public-key subtype of the asymmetric key type. 58 * 59 * Note that this may include private part of the key as well as the public 60 * part. 61 */ 62 struct public_key { 63 const struct public_key_algorithm *algo; 64 u8 capabilities; 65 #define PKEY_CAN_ENCRYPT 0x01 66 #define PKEY_CAN_DECRYPT 0x02 67 #define PKEY_CAN_SIGN 0x04 68 #define PKEY_CAN_VERIFY 0x08 69 enum pkey_algo pkey_algo : 8; 70 enum pkey_id_type id_type : 8; 71 union { 72 MPI mpi[5]; 73 struct { 74 MPI p; /* DSA prime */ 75 MPI q; /* DSA group order */ 76 MPI g; /* DSA group generator */ 77 MPI y; /* DSA public-key value = g^x mod p */ 78 MPI x; /* DSA secret exponent (if present) */ 79 } dsa; 80 struct { 81 MPI n; /* RSA public modulus */ 82 MPI e; /* RSA public encryption exponent */ 83 MPI d; /* RSA secret encryption exponent (if present) */ 84 MPI p; /* RSA secret prime (if present) */ 85 MPI q; /* RSA secret prime (if present) */ 86 } rsa; 87 }; 88 }; 89 90 extern void public_key_destroy(void *payload); 91 92 /* 93 * Public key cryptography signature data 94 */ 95 struct public_key_signature { 96 u8 *digest; 97 u8 digest_size; /* Number of bytes in digest */ 98 u8 nr_mpi; /* Occupancy of mpi[] */ 99 enum pkey_algo pkey_algo : 8; 100 enum hash_algo pkey_hash_algo : 8; 101 union { 102 MPI mpi[2]; 103 struct { 104 MPI s; /* m^d mod n */ 105 } rsa; 106 struct { 107 MPI r; 108 MPI s; 109 } dsa; 110 }; 111 }; 112 113 struct key; 114 extern int verify_signature(const struct key *key, 115 const struct public_key_signature *sig); 116 117 struct asymmetric_key_id; 118 extern struct key *x509_request_asymmetric_key(struct key *keyring, 119 const struct asymmetric_key_id *id, 120 const struct asymmetric_key_id *skid, 121 bool partial); 122 123 #endif /* _LINUX_PUBLIC_KEY_H */ 124