1 /* Asymmetric Public-key cryptography key type interface 2 * 3 * See Documentation/crypto/asymmetric-keys.txt 4 * 5 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. 6 * Written by David Howells (dhowells@redhat.com) 7 * 8 * This program is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU General Public Licence 10 * as published by the Free Software Foundation; either version 11 * 2 of the Licence, or (at your option) any later version. 12 */ 13 14 #ifndef _KEYS_ASYMMETRIC_TYPE_H 15 #define _KEYS_ASYMMETRIC_TYPE_H 16 17 #include <linux/key-type.h> 18 #include <linux/verification.h> 19 20 extern struct key_type key_type_asymmetric; 21 22 /* 23 * The key payload is four words. The asymmetric-type key uses them as 24 * follows: 25 */ 26 enum asymmetric_payload_bits { 27 asym_crypto, /* The data representing the key */ 28 asym_subtype, /* Pointer to an asymmetric_key_subtype struct */ 29 asym_key_ids, /* Pointer to an asymmetric_key_ids struct */ 30 asym_auth /* The key's authorisation (signature, parent key ID) */ 31 }; 32 33 /* 34 * Identifiers for an asymmetric key ID. We have three ways of looking up a 35 * key derived from an X.509 certificate: 36 * 37 * (1) Serial Number & Issuer. Non-optional. This is the only valid way to 38 * map a PKCS#7 signature to an X.509 certificate. 39 * 40 * (2) Issuer & Subject Unique IDs. Optional. These were the original way to 41 * match X.509 certificates, but have fallen into disuse in favour of (3). 42 * 43 * (3) Auth & Subject Key Identifiers. Optional. SKIDs are only provided on 44 * CA keys that are intended to sign other keys, so don't appear in end 45 * user certificates unless forced. 46 * 47 * We could also support an PGP key identifier, which is just a SHA1 sum of the 48 * public key and certain parameters, but since we don't support PGP keys at 49 * the moment, we shall ignore those. 50 * 51 * What we actually do is provide a place where binary identifiers can be 52 * stashed and then compare against them when checking for an id match. 53 */ 54 struct asymmetric_key_id { 55 unsigned short len; 56 unsigned char data[]; 57 }; 58 59 struct asymmetric_key_ids { 60 void *id[2]; 61 }; 62 63 extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1, 64 const struct asymmetric_key_id *kid2); 65 66 extern bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1, 67 const struct asymmetric_key_id *kid2); 68 69 extern struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1, 70 size_t len_1, 71 const void *val_2, 72 size_t len_2); 73 static inline 74 const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key) 75 { 76 return key->payload.data[asym_key_ids]; 77 } 78 79 extern struct key *find_asymmetric_key(struct key *keyring, 80 const struct asymmetric_key_id *id_0, 81 const struct asymmetric_key_id *id_1, 82 bool partial); 83 84 /* 85 * The payload is at the discretion of the subtype. 86 */ 87 88 #endif /* _KEYS_ASYMMETRIC_TYPE_H */ 89