2019-05-20 17:08:01 +00:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0-or-later */
|
2012-09-21 22:24:55 +00:00
|
|
|
/* Asymmetric public-key algorithm definitions
|
|
|
|
*
|
2020-06-15 06:50:08 +00:00
|
|
|
* See Documentation/crypto/asymmetric-keys.rst
|
2012-09-21 22:24:55 +00:00
|
|
|
*
|
|
|
|
* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
|
|
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef _LINUX_PUBLIC_KEY_H
|
|
|
|
#define _LINUX_PUBLIC_KEY_H
|
|
|
|
|
2024-01-07 13:28:42 +00:00
|
|
|
#include <linux/errno.h>
|
2018-10-09 16:47:07 +00:00
|
|
|
#include <linux/keyctl.h>
|
2019-04-11 15:51:17 +00:00
|
|
|
#include <linux/oid_registry.h>
|
2018-10-09 16:47:07 +00:00
|
|
|
|
2012-09-21 22:24:55 +00:00
|
|
|
/*
|
|
|
|
* Cryptographic data for the public-key subtype of the asymmetric key type.
|
|
|
|
*
|
|
|
|
* Note that this may include private part of the key as well as the public
|
|
|
|
* part.
|
|
|
|
*/
|
|
|
|
struct public_key {
|
2016-02-02 18:08:53 +00:00
|
|
|
void *key;
|
|
|
|
u32 keylen;
|
2019-04-11 15:51:17 +00:00
|
|
|
enum OID algo;
|
|
|
|
void *params;
|
|
|
|
u32 paramlen;
|
2018-10-09 16:47:31 +00:00
|
|
|
bool key_is_private;
|
2016-03-03 21:49:27 +00:00
|
|
|
const char *id_type;
|
|
|
|
const char *pkey_algo;
|
2023-03-02 16:46:49 +00:00
|
|
|
unsigned long key_eflags; /* key extension flags */
|
|
|
|
#define KEY_EFLAG_CA 0 /* set if the CA basic constraints is set */
|
KEYS: X.509: Parse Key Usage
Parse the X.509 Key Usage. The key usage extension defines the purpose of
the key contained in the certificate.
id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
KeyUsage ::= BIT STRING {
digitalSignature (0),
contentCommitment (1),
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5),
cRLSign (6),
encipherOnly (7),
decipherOnly (8) }
If the keyCertSign or digitalSignature is set, store it in the
public_key structure. Having the purpose of the key being stored
during parsing, allows enforcement on the usage field in the future.
This will be used in a follow on patch that requires knowing the
certificate key usage type.
Link: https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.3
Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
2023-03-02 16:46:50 +00:00
|
|
|
#define KEY_EFLAG_DIGITALSIG 1 /* set if the digitalSignature usage is set */
|
|
|
|
#define KEY_EFLAG_KEYCERTSIGN 2 /* set if the keyCertSign usage is set */
|
2012-09-21 22:24:55 +00:00
|
|
|
};
|
|
|
|
|
2016-04-06 15:13:33 +00:00
|
|
|
extern void public_key_free(struct public_key *key);
|
2012-09-21 22:24:55 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Public key cryptography signature data
|
|
|
|
*/
|
|
|
|
struct public_key_signature {
|
2021-11-09 15:16:49 +00:00
|
|
|
struct asymmetric_key_id *auth_ids[3];
|
2016-02-02 18:08:53 +00:00
|
|
|
u8 *s; /* Signature */
|
2012-09-21 22:24:55 +00:00
|
|
|
u8 *digest;
|
2021-08-19 12:37:10 +00:00
|
|
|
u32 s_size; /* Number of bytes in signature */
|
|
|
|
u32 digest_size; /* Number of bytes in digest */
|
2016-03-03 21:49:27 +00:00
|
|
|
const char *pkey_algo;
|
|
|
|
const char *hash_algo;
|
2018-10-09 16:47:07 +00:00
|
|
|
const char *encoding;
|
2012-09-21 22:24:55 +00:00
|
|
|
};
|
|
|
|
|
2016-04-06 15:13:33 +00:00
|
|
|
extern void public_key_signature_free(struct public_key_signature *sig);
|
|
|
|
|
2016-02-02 18:08:53 +00:00
|
|
|
extern struct asymmetric_key_subtype public_key_subtype;
|
2016-04-06 15:13:33 +00:00
|
|
|
|
2012-09-21 22:25:04 +00:00
|
|
|
struct key;
|
KEYS: Move the point of trust determination to __key_link()
Move the point at which a key is determined to be trustworthy to
__key_link() so that we use the contents of the keyring being linked in to
to determine whether the key being linked in is trusted or not.
What is 'trusted' then becomes a matter of what's in the keyring.
Currently, the test is done when the key is parsed, but given that at that
point we can only sensibly refer to the contents of the system trusted
keyring, we can only use that as the basis for working out the
trustworthiness of a new key.
With this change, a trusted keyring is a set of keys that once the
trusted-only flag is set cannot be added to except by verification through
one of the contained keys.
Further, adding a key into a trusted keyring, whilst it might grant
trustworthiness in the context of that keyring, does not automatically
grant trustworthiness in the context of a second keyring to which it could
be secondarily linked.
To accomplish this, the authentication data associated with the key source
must now be retained. For an X.509 cert, this means the contents of the
AuthorityKeyIdentifier and the signature data.
If system keyrings are disabled then restrict_link_by_builtin_trusted()
resolves to restrict_link_reject(). The integrity digital signature code
still works correctly with this as it was previously using
KEY_FLAG_TRUSTED_ONLY, which doesn't permit anything to be added if there
is no system keyring against which trust can be determined.
Signed-off-by: David Howells <dhowells@redhat.com>
2016-04-06 15:14:26 +00:00
|
|
|
struct key_type;
|
|
|
|
union key_payload;
|
|
|
|
|
2016-08-30 18:33:13 +00:00
|
|
|
extern int restrict_link_by_signature(struct key *dest_keyring,
|
KEYS: Move the point of trust determination to __key_link()
Move the point at which a key is determined to be trustworthy to
__key_link() so that we use the contents of the keyring being linked in to
to determine whether the key being linked in is trusted or not.
What is 'trusted' then becomes a matter of what's in the keyring.
Currently, the test is done when the key is parsed, but given that at that
point we can only sensibly refer to the contents of the system trusted
keyring, we can only use that as the basis for working out the
trustworthiness of a new key.
With this change, a trusted keyring is a set of keys that once the
trusted-only flag is set cannot be added to except by verification through
one of the contained keys.
Further, adding a key into a trusted keyring, whilst it might grant
trustworthiness in the context of that keyring, does not automatically
grant trustworthiness in the context of a second keyring to which it could
be secondarily linked.
To accomplish this, the authentication data associated with the key source
must now be retained. For an X.509 cert, this means the contents of the
AuthorityKeyIdentifier and the signature data.
If system keyrings are disabled then restrict_link_by_builtin_trusted()
resolves to restrict_link_reject(). The integrity digital signature code
still works correctly with this as it was previously using
KEY_FLAG_TRUSTED_ONLY, which doesn't permit anything to be added if there
is no system keyring against which trust can be determined.
Signed-off-by: David Howells <dhowells@redhat.com>
2016-04-06 15:14:26 +00:00
|
|
|
const struct key_type *type,
|
2016-08-30 18:33:13 +00:00
|
|
|
const union key_payload *payload,
|
|
|
|
struct key *trust_keyring);
|
KEYS: Move the point of trust determination to __key_link()
Move the point at which a key is determined to be trustworthy to
__key_link() so that we use the contents of the keyring being linked in to
to determine whether the key being linked in is trusted or not.
What is 'trusted' then becomes a matter of what's in the keyring.
Currently, the test is done when the key is parsed, but given that at that
point we can only sensibly refer to the contents of the system trusted
keyring, we can only use that as the basis for working out the
trustworthiness of a new key.
With this change, a trusted keyring is a set of keys that once the
trusted-only flag is set cannot be added to except by verification through
one of the contained keys.
Further, adding a key into a trusted keyring, whilst it might grant
trustworthiness in the context of that keyring, does not automatically
grant trustworthiness in the context of a second keyring to which it could
be secondarily linked.
To accomplish this, the authentication data associated with the key source
must now be retained. For an X.509 cert, this means the contents of the
AuthorityKeyIdentifier and the signature data.
If system keyrings are disabled then restrict_link_by_builtin_trusted()
resolves to restrict_link_reject(). The integrity digital signature code
still works correctly with this as it was previously using
KEY_FLAG_TRUSTED_ONLY, which doesn't permit anything to be added if there
is no system keyring against which trust can be determined.
Signed-off-by: David Howells <dhowells@redhat.com>
2016-04-06 15:14:26 +00:00
|
|
|
|
2016-06-27 23:45:16 +00:00
|
|
|
extern int restrict_link_by_key_or_keyring(struct key *dest_keyring,
|
|
|
|
const struct key_type *type,
|
|
|
|
const union key_payload *payload,
|
|
|
|
struct key *trusted);
|
|
|
|
|
2016-10-04 23:42:45 +00:00
|
|
|
extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring,
|
|
|
|
const struct key_type *type,
|
|
|
|
const union key_payload *payload,
|
|
|
|
struct key *trusted);
|
|
|
|
|
2023-03-02 16:46:51 +00:00
|
|
|
#if IS_REACHABLE(CONFIG_ASYMMETRIC_KEY_TYPE)
|
|
|
|
extern int restrict_link_by_ca(struct key *dest_keyring,
|
|
|
|
const struct key_type *type,
|
|
|
|
const union key_payload *payload,
|
|
|
|
struct key *trust_keyring);
|
2023-05-22 23:09:42 +00:00
|
|
|
int restrict_link_by_digsig(struct key *dest_keyring,
|
|
|
|
const struct key_type *type,
|
|
|
|
const union key_payload *payload,
|
|
|
|
struct key *trust_keyring);
|
2023-03-02 16:46:51 +00:00
|
|
|
#else
|
|
|
|
static inline int restrict_link_by_ca(struct key *dest_keyring,
|
|
|
|
const struct key_type *type,
|
|
|
|
const union key_payload *payload,
|
|
|
|
struct key *trust_keyring)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
2023-05-22 23:09:42 +00:00
|
|
|
|
|
|
|
static inline int restrict_link_by_digsig(struct key *dest_keyring,
|
|
|
|
const struct key_type *type,
|
|
|
|
const union key_payload *payload,
|
|
|
|
struct key *trust_keyring)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
2023-03-02 16:46:51 +00:00
|
|
|
#endif
|
|
|
|
|
2018-10-09 16:47:07 +00:00
|
|
|
extern int query_asymmetric_key(const struct kernel_pkey_params *,
|
|
|
|
struct kernel_pkey_query *);
|
|
|
|
|
|
|
|
extern int verify_signature(const struct key *,
|
|
|
|
const struct public_key_signature *);
|
2012-09-21 22:25:04 +00:00
|
|
|
|
2023-03-02 16:46:47 +00:00
|
|
|
#if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
|
2016-02-02 18:08:53 +00:00
|
|
|
int public_key_verify_signature(const struct public_key *pkey,
|
|
|
|
const struct public_key_signature *sig);
|
2023-03-02 16:46:47 +00:00
|
|
|
#else
|
|
|
|
static inline
|
|
|
|
int public_key_verify_signature(const struct public_key *pkey,
|
|
|
|
const struct public_key_signature *sig)
|
|
|
|
{
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
#endif
|
2016-02-02 18:08:53 +00:00
|
|
|
|
2012-09-21 22:24:55 +00:00
|
|
|
#endif /* _LINUX_PUBLIC_KEY_H */
|