162306a36Sopenharmony_ci/* SPDX-License-Identifier: GPL-2.0-or-later */ 262306a36Sopenharmony_ci/* Asymmetric public-key algorithm definitions 362306a36Sopenharmony_ci * 462306a36Sopenharmony_ci * See Documentation/crypto/asymmetric-keys.rst 562306a36Sopenharmony_ci * 662306a36Sopenharmony_ci * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. 762306a36Sopenharmony_ci * Written by David Howells (dhowells@redhat.com) 862306a36Sopenharmony_ci */ 962306a36Sopenharmony_ci 1062306a36Sopenharmony_ci#ifndef _LINUX_PUBLIC_KEY_H 1162306a36Sopenharmony_ci#define _LINUX_PUBLIC_KEY_H 1262306a36Sopenharmony_ci 1362306a36Sopenharmony_ci#include <linux/keyctl.h> 1462306a36Sopenharmony_ci#include <linux/oid_registry.h> 1562306a36Sopenharmony_ci 1662306a36Sopenharmony_ci/* 1762306a36Sopenharmony_ci * Cryptographic data for the public-key subtype of the asymmetric key type. 1862306a36Sopenharmony_ci * 1962306a36Sopenharmony_ci * Note that this may include private part of the key as well as the public 2062306a36Sopenharmony_ci * part. 2162306a36Sopenharmony_ci */ 2262306a36Sopenharmony_cistruct public_key { 2362306a36Sopenharmony_ci void *key; 2462306a36Sopenharmony_ci u32 keylen; 2562306a36Sopenharmony_ci enum OID algo; 2662306a36Sopenharmony_ci void *params; 2762306a36Sopenharmony_ci u32 paramlen; 2862306a36Sopenharmony_ci bool key_is_private; 2962306a36Sopenharmony_ci const char *id_type; 3062306a36Sopenharmony_ci const char *pkey_algo; 3162306a36Sopenharmony_ci unsigned long key_eflags; /* key extension flags */ 3262306a36Sopenharmony_ci#define KEY_EFLAG_CA 0 /* set if the CA basic constraints is set */ 3362306a36Sopenharmony_ci#define KEY_EFLAG_DIGITALSIG 1 /* set if the digitalSignature usage is set */ 3462306a36Sopenharmony_ci#define KEY_EFLAG_KEYCERTSIGN 2 /* set if the keyCertSign usage is set */ 3562306a36Sopenharmony_ci}; 3662306a36Sopenharmony_ci 3762306a36Sopenharmony_ciextern void public_key_free(struct public_key *key); 3862306a36Sopenharmony_ci 3962306a36Sopenharmony_ci/* 4062306a36Sopenharmony_ci * Public key cryptography signature data 4162306a36Sopenharmony_ci */ 4262306a36Sopenharmony_cistruct public_key_signature { 4362306a36Sopenharmony_ci struct asymmetric_key_id *auth_ids[3]; 4462306a36Sopenharmony_ci u8 *s; /* Signature */ 4562306a36Sopenharmony_ci u8 *digest; 4662306a36Sopenharmony_ci u32 s_size; /* Number of bytes in signature */ 4762306a36Sopenharmony_ci u32 digest_size; /* Number of bytes in digest */ 4862306a36Sopenharmony_ci const char *pkey_algo; 4962306a36Sopenharmony_ci const char *hash_algo; 5062306a36Sopenharmony_ci const char *encoding; 5162306a36Sopenharmony_ci}; 5262306a36Sopenharmony_ci 5362306a36Sopenharmony_ciextern void public_key_signature_free(struct public_key_signature *sig); 5462306a36Sopenharmony_ci 5562306a36Sopenharmony_ciextern struct asymmetric_key_subtype public_key_subtype; 5662306a36Sopenharmony_ci 5762306a36Sopenharmony_cistruct key; 5862306a36Sopenharmony_cistruct key_type; 5962306a36Sopenharmony_ciunion key_payload; 6062306a36Sopenharmony_ci 6162306a36Sopenharmony_ciextern int restrict_link_by_signature(struct key *dest_keyring, 6262306a36Sopenharmony_ci const struct key_type *type, 6362306a36Sopenharmony_ci const union key_payload *payload, 6462306a36Sopenharmony_ci struct key *trust_keyring); 6562306a36Sopenharmony_ci 6662306a36Sopenharmony_ciextern int restrict_link_by_key_or_keyring(struct key *dest_keyring, 6762306a36Sopenharmony_ci const struct key_type *type, 6862306a36Sopenharmony_ci const union key_payload *payload, 6962306a36Sopenharmony_ci struct key *trusted); 7062306a36Sopenharmony_ci 7162306a36Sopenharmony_ciextern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring, 7262306a36Sopenharmony_ci const struct key_type *type, 7362306a36Sopenharmony_ci const union key_payload *payload, 7462306a36Sopenharmony_ci struct key *trusted); 7562306a36Sopenharmony_ci 7662306a36Sopenharmony_ci#if IS_REACHABLE(CONFIG_ASYMMETRIC_KEY_TYPE) 7762306a36Sopenharmony_ciextern int restrict_link_by_ca(struct key *dest_keyring, 7862306a36Sopenharmony_ci const struct key_type *type, 7962306a36Sopenharmony_ci const union key_payload *payload, 8062306a36Sopenharmony_ci struct key *trust_keyring); 8162306a36Sopenharmony_ciint restrict_link_by_digsig(struct key *dest_keyring, 8262306a36Sopenharmony_ci const struct key_type *type, 8362306a36Sopenharmony_ci const union key_payload *payload, 8462306a36Sopenharmony_ci struct key *trust_keyring); 8562306a36Sopenharmony_ci#else 8662306a36Sopenharmony_cistatic inline int restrict_link_by_ca(struct key *dest_keyring, 8762306a36Sopenharmony_ci const struct key_type *type, 8862306a36Sopenharmony_ci const union key_payload *payload, 8962306a36Sopenharmony_ci struct key *trust_keyring) 9062306a36Sopenharmony_ci{ 9162306a36Sopenharmony_ci return 0; 9262306a36Sopenharmony_ci} 9362306a36Sopenharmony_ci 9462306a36Sopenharmony_cistatic inline int restrict_link_by_digsig(struct key *dest_keyring, 9562306a36Sopenharmony_ci const struct key_type *type, 9662306a36Sopenharmony_ci const union key_payload *payload, 9762306a36Sopenharmony_ci struct key *trust_keyring) 9862306a36Sopenharmony_ci{ 9962306a36Sopenharmony_ci return 0; 10062306a36Sopenharmony_ci} 10162306a36Sopenharmony_ci#endif 10262306a36Sopenharmony_ci 10362306a36Sopenharmony_ciextern int query_asymmetric_key(const struct kernel_pkey_params *, 10462306a36Sopenharmony_ci struct kernel_pkey_query *); 10562306a36Sopenharmony_ci 10662306a36Sopenharmony_ciextern int encrypt_blob(struct kernel_pkey_params *, const void *, void *); 10762306a36Sopenharmony_ciextern int decrypt_blob(struct kernel_pkey_params *, const void *, void *); 10862306a36Sopenharmony_ciextern int create_signature(struct kernel_pkey_params *, const void *, void *); 10962306a36Sopenharmony_ciextern int verify_signature(const struct key *, 11062306a36Sopenharmony_ci const struct public_key_signature *); 11162306a36Sopenharmony_ci 11262306a36Sopenharmony_ci#if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) 11362306a36Sopenharmony_ciint public_key_verify_signature(const struct public_key *pkey, 11462306a36Sopenharmony_ci const struct public_key_signature *sig); 11562306a36Sopenharmony_ci#else 11662306a36Sopenharmony_cistatic inline 11762306a36Sopenharmony_ciint public_key_verify_signature(const struct public_key *pkey, 11862306a36Sopenharmony_ci const struct public_key_signature *sig) 11962306a36Sopenharmony_ci{ 12062306a36Sopenharmony_ci return -EINVAL; 12162306a36Sopenharmony_ci} 12262306a36Sopenharmony_ci#endif 12362306a36Sopenharmony_ci 12462306a36Sopenharmony_ci#endif /* _LINUX_PUBLIC_KEY_H */ 125