2019-05-20 20:08:01 +03:00
/* SPDX-License-Identifier: GPL-2.0-or-later */
2012-09-13 18:17:21 +04:00
/* Asymmetric Public-key cryptography key type interface
*
2020-06-15 09:50:08 +03:00
* See Documentation / crypto / asymmetric - keys . rst
2012-09-13 18:17:21 +04:00
*
* Copyright ( C ) 2012 Red Hat , Inc . All Rights Reserved .
* Written by David Howells ( dhowells @ redhat . com )
*/
# ifndef _KEYS_ASYMMETRIC_TYPE_H
# define _KEYS_ASYMMETRIC_TYPE_H
# include <linux/key-type.h>
2016-04-06 18:14:24 +03:00
# include <linux/verification.h>
2012-09-13 18:17:21 +04:00
extern struct key_type key_type_asymmetric ;
2015-10-21 16:04:48 +03:00
/*
* The key payload is four words . The asymmetric - type key uses them as
* follows :
*/
enum asymmetric_payload_bits {
2016-04-06 18:13:33 +03:00
asym_crypto , /* The data representing the key */
asym_subtype , /* Pointer to an asymmetric_key_subtype struct */
asym_key_ids , /* Pointer to an asymmetric_key_ids struct */
asym_auth /* The key's authorisation (signature, parent key ID) */
2015-10-21 16:04:48 +03:00
} ;
2014-09-16 20:36:11 +04:00
/*
* Identifiers for an asymmetric key ID . We have three ways of looking up a
* key derived from an X .509 certificate :
*
* ( 1 ) Serial Number & Issuer . Non - optional . This is the only valid way to
* map a PKCS # 7 signature to an X .509 certificate .
*
* ( 2 ) Issuer & Subject Unique IDs . Optional . These were the original way to
* match X .509 certificates , but have fallen into disuse in favour of ( 3 ) .
*
* ( 3 ) Auth & Subject Key Identifiers . Optional . SKIDs are only provided on
* CA keys that are intended to sign other keys , so don ' t appear in end
* user certificates unless forced .
*
* We could also support an PGP key identifier , which is just a SHA1 sum of the
* public key and certain parameters , but since we don ' t support PGP keys at
* the moment , we shall ignore those .
*
* What we actually do is provide a place where binary identifiers can be
* stashed and then compare against them when checking for an id match .
*/
struct asymmetric_key_id {
unsigned short len ;
unsigned char data [ ] ;
} ;
struct asymmetric_key_ids {
2021-11-09 18:16:49 +03:00
void * id [ 3 ] ;
2014-09-16 20:36:11 +04:00
} ;
extern bool asymmetric_key_id_same ( const struct asymmetric_key_id * kid1 ,
const struct asymmetric_key_id * kid2 ) ;
2014-10-06 18:21:05 +04:00
extern bool asymmetric_key_id_partial ( const struct asymmetric_key_id * kid1 ,
const struct asymmetric_key_id * kid2 ) ;
2014-09-16 20:36:11 +04:00
extern struct asymmetric_key_id * asymmetric_key_generate_id ( const void * val_1 ,
size_t len_1 ,
const void * val_2 ,
size_t len_2 ) ;
2015-10-21 16:04:48 +03:00
static inline
const struct asymmetric_key_ids * asymmetric_key_ids ( const struct key * key )
{
return key - > payload . data [ asym_key_ids ] ;
}
2014-09-16 20:36:11 +04:00
2021-03-17 00:07:38 +03:00
static inline
const struct public_key * asymmetric_key_public_key ( const struct key * key )
{
return key - > payload . data [ asym_crypto ] ;
}
2016-04-06 18:14:25 +03:00
extern struct key * find_asymmetric_key ( struct key * keyring ,
const struct asymmetric_key_id * id_0 ,
const struct asymmetric_key_id * id_1 ,
2021-11-09 18:16:49 +03:00
const struct asymmetric_key_id * id_2 ,
2016-04-06 18:14:25 +03:00
bool partial ) ;
2016-04-06 18:14:25 +03:00
2022-05-19 01:48:09 +03:00
int x509_load_certificate_list ( const u8 cert_list [ ] , const unsigned long list_size ,
const struct key * keyring ) ;
2012-09-13 18:17:21 +04:00
/*
* The payload is at the discretion of the subtype .
*/
# endif /* _KEYS_ASYMMETRIC_TYPE_H */