Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/* Asymmetric public-key algorithm definitions
3 *
4 * See Documentation/crypto/asymmetric-keys.rst
5 *
6 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
7 * Written by David Howells (dhowells@redhat.com)
8 */
9
10#ifndef _LINUX_PUBLIC_KEY_H
11#define _LINUX_PUBLIC_KEY_H
12
13#include <linux/errno.h>
14#include <linux/keyctl.h>
15#include <linux/oid_registry.h>
16
17/*
18 * Cryptographic data for the public-key subtype of the asymmetric key type.
19 *
20 * Note that this may include private part of the key as well as the public
21 * part.
22 */
23struct public_key {
24 void *key;
25 u32 keylen;
26 enum OID algo;
27 void *params;
28 u32 paramlen;
29 bool key_is_private;
30 const char *id_type;
31 const char *pkey_algo;
32 unsigned long key_eflags; /* key extension flags */
33#define KEY_EFLAG_CA 0 /* set if the CA basic constraints is set */
34#define KEY_EFLAG_DIGITALSIG 1 /* set if the digitalSignature usage is set */
35#define KEY_EFLAG_KEYCERTSIGN 2 /* set if the keyCertSign usage is set */
36};
37
38extern void public_key_free(struct public_key *key);
39
40/*
41 * Public key cryptography signature data
42 */
43struct public_key_signature {
44 struct asymmetric_key_id *auth_ids[3];
45 u8 *s; /* Signature */
46 u8 *m; /* Message data to pass to verifier */
47 u32 s_size; /* Number of bytes in signature */
48 u32 m_size; /* Number of bytes in ->m */
49 bool m_free; /* T if ->m needs freeing */
50 bool algo_takes_data; /* T if public key algo operates on data, not a hash */
51 const char *pkey_algo;
52 const char *hash_algo;
53 const char *encoding;
54};
55
56extern void public_key_signature_free(struct public_key_signature *sig);
57
58extern struct asymmetric_key_subtype public_key_subtype;
59
60struct key;
61struct key_type;
62union key_payload;
63
64extern int restrict_link_by_signature(struct key *dest_keyring,
65 const struct key_type *type,
66 const union key_payload *payload,
67 struct key *trust_keyring);
68
69extern int restrict_link_by_key_or_keyring(struct key *dest_keyring,
70 const struct key_type *type,
71 const union key_payload *payload,
72 struct key *trusted);
73
74extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring,
75 const struct key_type *type,
76 const union key_payload *payload,
77 struct key *trusted);
78
79#if IS_REACHABLE(CONFIG_ASYMMETRIC_KEY_TYPE)
80extern int restrict_link_by_ca(struct key *dest_keyring,
81 const struct key_type *type,
82 const union key_payload *payload,
83 struct key *trust_keyring);
84int restrict_link_by_digsig(struct key *dest_keyring,
85 const struct key_type *type,
86 const union key_payload *payload,
87 struct key *trust_keyring);
88#else
89static inline int restrict_link_by_ca(struct key *dest_keyring,
90 const struct key_type *type,
91 const union key_payload *payload,
92 struct key *trust_keyring)
93{
94 return 0;
95}
96
97static inline int restrict_link_by_digsig(struct key *dest_keyring,
98 const struct key_type *type,
99 const union key_payload *payload,
100 struct key *trust_keyring)
101{
102 return 0;
103}
104#endif
105
106extern int query_asymmetric_key(const struct kernel_pkey_params *,
107 struct kernel_pkey_query *);
108
109extern int verify_signature(const struct key *,
110 const struct public_key_signature *);
111
112#if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
113int public_key_verify_signature(const struct public_key *pkey,
114 const struct public_key_signature *sig);
115#else
116static inline
117int public_key_verify_signature(const struct public_key *pkey,
118 const struct public_key_signature *sig)
119{
120 return -EINVAL;
121}
122#endif
123
124#endif /* _LINUX_PUBLIC_KEY_H */