1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /* Asymmetric public-key algorithm definitions
4 * See Documentation/crypto/asymmetric-keys.rst
6 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
7 * Written by David Howells (dhowells@redhat.com)
10 #ifndef _LINUX_PUBLIC_KEY_H
11 #define _LINUX_PUBLIC_KEY_H
13 #include <linux/errno.h>
14 #include <linux/keyctl.h>
15 #include <linux/oid_registry.h>
18 * Cryptographic data for the public-key subtype of the asymmetric key type.
20 * Note that this may include private part of the key as well as the public
31 const char *pkey_algo;
32 unsigned long key_eflags; /* key extension flags */
33 #define KEY_EFLAG_CA 0 /* set if the CA basic constraints is set */
34 #define KEY_EFLAG_DIGITALSIG 1 /* set if the digitalSignature usage is set */
35 #define KEY_EFLAG_KEYCERTSIGN 2 /* set if the keyCertSign usage is set */
38 extern void public_key_free(struct public_key *key);
41 * Public key cryptography signature data
43 struct public_key_signature {
44 struct asymmetric_key_id *auth_ids[3];
45 u8 *s; /* Signature */
47 u32 s_size; /* Number of bytes in signature */
48 u32 digest_size; /* Number of bytes in digest */
49 const char *pkey_algo;
50 const char *hash_algo;
54 extern void public_key_signature_free(struct public_key_signature *sig);
56 extern struct asymmetric_key_subtype public_key_subtype;
62 extern int restrict_link_by_signature(struct key *dest_keyring,
63 const struct key_type *type,
64 const union key_payload *payload,
65 struct key *trust_keyring);
67 extern int restrict_link_by_key_or_keyring(struct key *dest_keyring,
68 const struct key_type *type,
69 const union key_payload *payload,
72 extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring,
73 const struct key_type *type,
74 const union key_payload *payload,
77 #if IS_REACHABLE(CONFIG_ASYMMETRIC_KEY_TYPE)
78 extern int restrict_link_by_ca(struct key *dest_keyring,
79 const struct key_type *type,
80 const union key_payload *payload,
81 struct key *trust_keyring);
82 int restrict_link_by_digsig(struct key *dest_keyring,
83 const struct key_type *type,
84 const union key_payload *payload,
85 struct key *trust_keyring);
87 static inline int restrict_link_by_ca(struct key *dest_keyring,
88 const struct key_type *type,
89 const union key_payload *payload,
90 struct key *trust_keyring)
95 static inline int restrict_link_by_digsig(struct key *dest_keyring,
96 const struct key_type *type,
97 const union key_payload *payload,
98 struct key *trust_keyring)
104 extern int query_asymmetric_key(const struct kernel_pkey_params *,
105 struct kernel_pkey_query *);
107 extern int encrypt_blob(struct kernel_pkey_params *, const void *, void *);
108 extern int decrypt_blob(struct kernel_pkey_params *, const void *, void *);
109 extern int create_signature(struct kernel_pkey_params *, const void *, void *);
110 extern int verify_signature(const struct key *,
111 const struct public_key_signature *);
113 #if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
114 int public_key_verify_signature(const struct public_key *pkey,
115 const struct public_key_signature *sig);
118 int public_key_verify_signature(const struct public_key *pkey,
119 const struct public_key_signature *sig)
125 #endif /* _LINUX_PUBLIC_KEY_H */