| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124 |
- /* SPDX-License-Identifier: GPL-2.0-or-later */
- /* Asymmetric public-key algorithm definitions
- *
- * See Documentation/crypto/asymmetric-keys.rst
- *
- * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
- * Written by David Howells (dhowells@redhat.com)
- */
- #ifndef _LINUX_PUBLIC_KEY_H
- #define _LINUX_PUBLIC_KEY_H
- #include <linux/errno.h>
- #include <linux/keyctl.h>
- #include <linux/oid_registry.h>
- /*
- * Cryptographic data for the public-key subtype of the asymmetric key type.
- *
- * Note that this may include private part of the key as well as the public
- * part.
- */
- struct public_key {
- void *key;
- u32 keylen;
- enum OID algo;
- void *params;
- u32 paramlen;
- bool key_is_private;
- const char *id_type;
- const char *pkey_algo;
- unsigned long key_eflags; /* key extension flags */
- #define KEY_EFLAG_CA 0 /* set if the CA basic constraints is set */
- #define KEY_EFLAG_DIGITALSIG 1 /* set if the digitalSignature usage is set */
- #define KEY_EFLAG_KEYCERTSIGN 2 /* set if the keyCertSign usage is set */
- };
- extern void public_key_free(struct public_key *key);
- /*
- * Public key cryptography signature data
- */
- struct public_key_signature {
- struct asymmetric_key_id *auth_ids[3];
- u8 *s; /* Signature */
- u8 *m; /* Message data to pass to verifier */
- u32 s_size; /* Number of bytes in signature */
- u32 m_size; /* Number of bytes in ->m */
- bool m_free; /* T if ->m needs freeing */
- bool algo_takes_data; /* T if public key algo operates on data, not a hash */
- const char *pkey_algo;
- const char *hash_algo;
- const char *encoding;
- };
- extern void public_key_signature_free(struct public_key_signature *sig);
- extern struct asymmetric_key_subtype public_key_subtype;
- struct key;
- struct key_type;
- union key_payload;
- extern int restrict_link_by_signature(struct key *dest_keyring,
- const struct key_type *type,
- const union key_payload *payload,
- struct key *trust_keyring);
- extern int restrict_link_by_key_or_keyring(struct key *dest_keyring,
- const struct key_type *type,
- const union key_payload *payload,
- struct key *trusted);
- extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring,
- const struct key_type *type,
- const union key_payload *payload,
- struct key *trusted);
- #if IS_REACHABLE(CONFIG_ASYMMETRIC_KEY_TYPE)
- extern int restrict_link_by_ca(struct key *dest_keyring,
- const struct key_type *type,
- const union key_payload *payload,
- struct key *trust_keyring);
- int restrict_link_by_digsig(struct key *dest_keyring,
- const struct key_type *type,
- const union key_payload *payload,
- struct key *trust_keyring);
- #else
- static inline int restrict_link_by_ca(struct key *dest_keyring,
- const struct key_type *type,
- const union key_payload *payload,
- struct key *trust_keyring)
- {
- return 0;
- }
- static inline int restrict_link_by_digsig(struct key *dest_keyring,
- const struct key_type *type,
- const union key_payload *payload,
- struct key *trust_keyring)
- {
- return 0;
- }
- #endif
- extern int query_asymmetric_key(const struct kernel_pkey_params *,
- struct kernel_pkey_query *);
- extern int verify_signature(const struct key *,
- const struct public_key_signature *);
- #if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
- int public_key_verify_signature(const struct public_key *pkey,
- const struct public_key_signature *sig);
- #else
- static inline
- int public_key_verify_signature(const struct public_key *pkey,
- const struct public_key_signature *sig)
- {
- return -EINVAL;
- }
- #endif
- #endif /* _LINUX_PUBLIC_KEY_H */
|