1 /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 /* Asymmetric Public-key cryptography key type interface 3 * 4 * See Documentation/crypto/asymmetric-keys.rst 5 * 6 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. 7 * Written by David Howells (dhowells@redhat.com) 8 */ 9 10 #ifndef _KEYS_ASYMMETRIC_TYPE_H 11 #define _KEYS_ASYMMETRIC_TYPE_H 12 13 #include <linux/key-type.h> 14 #include <linux/verification.h> 15 16 extern struct key_type key_type_asymmetric; 17 18 /* 19 * The key payload is four words. The asymmetric-type key uses them as 20 * follows: 21 */ 22 enum asymmetric_payload_bits { 23 asym_crypto, /* The data representing the key */ 24 asym_subtype, /* Pointer to an asymmetric_key_subtype struct */ 25 asym_key_ids, /* Pointer to an asymmetric_key_ids struct */ 26 asym_auth /* The key's authorisation (signature, parent key ID) */ 27 }; 28 29 /* 30 * Identifiers for an asymmetric key ID. We have three ways of looking up a 31 * key derived from an X.509 certificate: 32 * 33 * (1) Serial Number & Issuer. Non-optional. This is the only valid way to 34 * map a PKCS#7 signature to an X.509 certificate. 35 * 36 * (2) Issuer & Subject Unique IDs. Optional. These were the original way to 37 * match X.509 certificates, but have fallen into disuse in favour of (3). 38 * 39 * (3) Auth & Subject Key Identifiers. Optional. SKIDs are only provided on 40 * CA keys that are intended to sign other keys, so don't appear in end 41 * user certificates unless forced. 42 * 43 * We could also support an PGP key identifier, which is just a SHA1 sum of the 44 * public key and certain parameters, but since we don't support PGP keys at 45 * the moment, we shall ignore those. 46 * 47 * What we actually do is provide a place where binary identifiers can be 48 * stashed and then compare against them when checking for an id match. 49 */ 50 struct asymmetric_key_id { 51 unsigned short len; 52 unsigned char data[]; 53 }; 54 55 struct asymmetric_key_ids { 56 void *id[2]; 57 }; 58 59 extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1, 60 const struct asymmetric_key_id *kid2); 61 62 extern bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1, 63 const struct asymmetric_key_id *kid2); 64 65 extern struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1, 66 size_t len_1, 67 const void *val_2, 68 size_t len_2); 69 static inline 70 const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key) 71 { 72 return key->payload.data[asym_key_ids]; 73 } 74 75 extern struct key *find_asymmetric_key(struct key *keyring, 76 const struct asymmetric_key_id *id_0, 77 const struct asymmetric_key_id *id_1, 78 bool partial); 79 80 /* 81 * The payload is at the discretion of the subtype. 82 */ 83 84 #endif /* _KEYS_ASYMMETRIC_TYPE_H */ 85