1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/* Asymmetric public-key algorithm definitions
3 *
4 * See Documentation/crypto/asymmetric-keys.rst
5 *
6 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
7 * Written by David Howells (dhowells@redhat.com)
8 */
9
10#ifndef _LINUX_PUBLIC_KEY_H
11#define _LINUX_PUBLIC_KEY_H
12
13#include <linux/keyctl.h>
14#include <linux/oid_registry.h>
15
16/*
17 * Cryptographic data for the public-key subtype of the asymmetric key type.
18 *
19 * Note that this may include private part of the key as well as the public
20 * part.
21 */
22struct public_key {
23	void *key;
24	u32 keylen;
25	enum OID algo;
26	void *params;
27	u32 paramlen;
28	bool key_is_private;
29	const char *id_type;
30	const char *pkey_algo;
31	unsigned long key_eflags;	/* key extension flags */
32#define KEY_EFLAG_CA		0	/* set if the CA basic constraints is set */
33#define KEY_EFLAG_DIGITALSIG	1	/* set if the digitalSignature usage is set */
34#define KEY_EFLAG_KEYCERTSIGN	2	/* set if the keyCertSign usage is set */
35};
36
37extern void public_key_free(struct public_key *key);
38
39/*
40 * Public key cryptography signature data
41 */
42struct public_key_signature {
43	struct asymmetric_key_id *auth_ids[3];
44	u8 *s;			/* Signature */
45	u8 *digest;
46	u32 s_size;		/* Number of bytes in signature */
47	u32 digest_size;	/* Number of bytes in digest */
48	const char *pkey_algo;
49	const char *hash_algo;
50	const char *encoding;
51};
52
53extern void public_key_signature_free(struct public_key_signature *sig);
54
55extern struct asymmetric_key_subtype public_key_subtype;
56
57struct key;
58struct key_type;
59union key_payload;
60
61extern int restrict_link_by_signature(struct key *dest_keyring,
62				      const struct key_type *type,
63				      const union key_payload *payload,
64				      struct key *trust_keyring);
65
66extern int restrict_link_by_key_or_keyring(struct key *dest_keyring,
67					   const struct key_type *type,
68					   const union key_payload *payload,
69					   struct key *trusted);
70
71extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring,
72						 const struct key_type *type,
73						 const union key_payload *payload,
74						 struct key *trusted);
75
76#if IS_REACHABLE(CONFIG_ASYMMETRIC_KEY_TYPE)
77extern int restrict_link_by_ca(struct key *dest_keyring,
78			       const struct key_type *type,
79			       const union key_payload *payload,
80			       struct key *trust_keyring);
81int restrict_link_by_digsig(struct key *dest_keyring,
82			    const struct key_type *type,
83			    const union key_payload *payload,
84			    struct key *trust_keyring);
85#else
86static inline int restrict_link_by_ca(struct key *dest_keyring,
87				      const struct key_type *type,
88				      const union key_payload *payload,
89				      struct key *trust_keyring)
90{
91	return 0;
92}
93
94static inline int restrict_link_by_digsig(struct key *dest_keyring,
95					  const struct key_type *type,
96					  const union key_payload *payload,
97					  struct key *trust_keyring)
98{
99	return 0;
100}
101#endif
102
103extern int query_asymmetric_key(const struct kernel_pkey_params *,
104				struct kernel_pkey_query *);
105
106extern int encrypt_blob(struct kernel_pkey_params *, const void *, void *);
107extern int decrypt_blob(struct kernel_pkey_params *, const void *, void *);
108extern int create_signature(struct kernel_pkey_params *, const void *, void *);
109extern int verify_signature(const struct key *,
110			    const struct public_key_signature *);
111
112#if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
113int public_key_verify_signature(const struct public_key *pkey,
114				const struct public_key_signature *sig);
115#else
116static inline
117int public_key_verify_signature(const struct public_key *pkey,
118				const struct public_key_signature *sig)
119{
120	return -EINVAL;
121}
122#endif
123
124#endif /* _LINUX_PUBLIC_KEY_H */
125