2012-09-13 15:17:21 +01:00
/* Asymmetric Public-key cryptography key type interface
*
2018-05-08 15:14:57 -03:00
* See Documentation / crypto / asymmetric - keys . txt
2012-09-13 15:17:21 +01:00
*
* Copyright ( C ) 2012 Red Hat , Inc . All Rights Reserved .
* Written by David Howells ( dhowells @ redhat . com )
*
* This program is free software ; you can redistribute it and / or
* modify it under the terms of the GNU General Public Licence
* as published by the Free Software Foundation ; either version
* 2 of the Licence , or ( at your option ) any later version .
*/
# ifndef _KEYS_ASYMMETRIC_TYPE_H
# define _KEYS_ASYMMETRIC_TYPE_H
# include <linux/key-type.h>
2016-04-06 16:14:24 +01:00
# include <linux/verification.h>
2012-09-13 15:17:21 +01:00
extern struct key_type key_type_asymmetric ;
2015-10-21 14:04:48 +01:00
/*
* The key payload is four words . The asymmetric - type key uses them as
* follows :
*/
enum asymmetric_payload_bits {
2016-04-06 16:13:33 +01:00
asym_crypto , /* The data representing the key */
asym_subtype , /* Pointer to an asymmetric_key_subtype struct */
asym_key_ids , /* Pointer to an asymmetric_key_ids struct */
asym_auth /* The key's authorisation (signature, parent key ID) */
2015-10-21 14:04:48 +01:00
} ;
2014-09-16 17:36:11 +01:00
/*
* Identifiers for an asymmetric key ID . We have three ways of looking up a
* key derived from an X .509 certificate :
*
* ( 1 ) Serial Number & Issuer . Non - optional . This is the only valid way to
* map a PKCS # 7 signature to an X .509 certificate .
*
* ( 2 ) Issuer & Subject Unique IDs . Optional . These were the original way to
* match X .509 certificates , but have fallen into disuse in favour of ( 3 ) .
*
* ( 3 ) Auth & Subject Key Identifiers . Optional . SKIDs are only provided on
* CA keys that are intended to sign other keys , so don ' t appear in end
* user certificates unless forced .
*
* We could also support an PGP key identifier , which is just a SHA1 sum of the
* public key and certain parameters , but since we don ' t support PGP keys at
* the moment , we shall ignore those .
*
* What we actually do is provide a place where binary identifiers can be
* stashed and then compare against them when checking for an id match .
*/
struct asymmetric_key_id {
unsigned short len ;
unsigned char data [ ] ;
} ;
struct asymmetric_key_ids {
void * id [ 2 ] ;
} ;
extern bool asymmetric_key_id_same ( const struct asymmetric_key_id * kid1 ,
const struct asymmetric_key_id * kid2 ) ;
2014-10-06 15:21:05 +01:00
extern bool asymmetric_key_id_partial ( const struct asymmetric_key_id * kid1 ,
const struct asymmetric_key_id * kid2 ) ;
2014-09-16 17:36:11 +01:00
extern struct asymmetric_key_id * asymmetric_key_generate_id ( const void * val_1 ,
size_t len_1 ,
const void * val_2 ,
size_t len_2 ) ;
2015-10-21 14:04:48 +01:00
static inline
const struct asymmetric_key_ids * asymmetric_key_ids ( const struct key * key )
{
return key - > payload . data [ asym_key_ids ] ;
}
2014-09-16 17:36:11 +01:00
2016-04-06 16:14:25 +01:00
extern struct key * find_asymmetric_key ( struct key * keyring ,
const struct asymmetric_key_id * id_0 ,
const struct asymmetric_key_id * id_1 ,
bool partial ) ;
2016-04-06 16:14:25 +01:00
2012-09-13 15:17:21 +01:00
/*
* The payload is at the discretion of the subtype .
*/
# endif /* _KEYS_ASYMMETRIC_TYPE_H */