public_key.h 3.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124
  1. /* SPDX-License-Identifier: GPL-2.0-or-later */
  2. /* Asymmetric public-key algorithm definitions
  3. *
  4. * See Documentation/crypto/asymmetric-keys.rst
  5. *
  6. * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
  7. * Written by David Howells (dhowells@redhat.com)
  8. */
  9. #ifndef _LINUX_PUBLIC_KEY_H
  10. #define _LINUX_PUBLIC_KEY_H
  11. #include <linux/errno.h>
  12. #include <linux/keyctl.h>
  13. #include <linux/oid_registry.h>
  14. /*
  15. * Cryptographic data for the public-key subtype of the asymmetric key type.
  16. *
  17. * Note that this may include private part of the key as well as the public
  18. * part.
  19. */
  20. struct public_key {
  21. void *key;
  22. u32 keylen;
  23. enum OID algo;
  24. void *params;
  25. u32 paramlen;
  26. bool key_is_private;
  27. const char *id_type;
  28. const char *pkey_algo;
  29. unsigned long key_eflags; /* key extension flags */
  30. #define KEY_EFLAG_CA 0 /* set if the CA basic constraints is set */
  31. #define KEY_EFLAG_DIGITALSIG 1 /* set if the digitalSignature usage is set */
  32. #define KEY_EFLAG_KEYCERTSIGN 2 /* set if the keyCertSign usage is set */
  33. };
  34. extern void public_key_free(struct public_key *key);
  35. /*
  36. * Public key cryptography signature data
  37. */
  38. struct public_key_signature {
  39. struct asymmetric_key_id *auth_ids[3];
  40. u8 *s; /* Signature */
  41. u8 *m; /* Message data to pass to verifier */
  42. u32 s_size; /* Number of bytes in signature */
  43. u32 m_size; /* Number of bytes in ->m */
  44. bool m_free; /* T if ->m needs freeing */
  45. bool algo_takes_data; /* T if public key algo operates on data, not a hash */
  46. const char *pkey_algo;
  47. const char *hash_algo;
  48. const char *encoding;
  49. };
  50. extern void public_key_signature_free(struct public_key_signature *sig);
  51. extern struct asymmetric_key_subtype public_key_subtype;
  52. struct key;
  53. struct key_type;
  54. union key_payload;
  55. extern int restrict_link_by_signature(struct key *dest_keyring,
  56. const struct key_type *type,
  57. const union key_payload *payload,
  58. struct key *trust_keyring);
  59. extern int restrict_link_by_key_or_keyring(struct key *dest_keyring,
  60. const struct key_type *type,
  61. const union key_payload *payload,
  62. struct key *trusted);
  63. extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring,
  64. const struct key_type *type,
  65. const union key_payload *payload,
  66. struct key *trusted);
  67. #if IS_REACHABLE(CONFIG_ASYMMETRIC_KEY_TYPE)
  68. extern int restrict_link_by_ca(struct key *dest_keyring,
  69. const struct key_type *type,
  70. const union key_payload *payload,
  71. struct key *trust_keyring);
  72. int restrict_link_by_digsig(struct key *dest_keyring,
  73. const struct key_type *type,
  74. const union key_payload *payload,
  75. struct key *trust_keyring);
  76. #else
  77. static inline int restrict_link_by_ca(struct key *dest_keyring,
  78. const struct key_type *type,
  79. const union key_payload *payload,
  80. struct key *trust_keyring)
  81. {
  82. return 0;
  83. }
  84. static inline int restrict_link_by_digsig(struct key *dest_keyring,
  85. const struct key_type *type,
  86. const union key_payload *payload,
  87. struct key *trust_keyring)
  88. {
  89. return 0;
  90. }
  91. #endif
  92. extern int query_asymmetric_key(const struct kernel_pkey_params *,
  93. struct kernel_pkey_query *);
  94. extern int verify_signature(const struct key *,
  95. const struct public_key_signature *);
  96. #if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
  97. int public_key_verify_signature(const struct public_key *pkey,
  98. const struct public_key_signature *sig);
  99. #else
  100. static inline
  101. int public_key_verify_signature(const struct public_key *pkey,
  102. const struct public_key_signature *sig)
  103. {
  104. return -EINVAL;
  105. }
  106. #endif
  107. #endif /* _LINUX_PUBLIC_KEY_H */