David Howells | 964f3b3 | 2012-09-13 15:17:21 +0100 | [diff] [blame] | 1 | /* Asymmetric Public-key cryptography key type interface |
| 2 | * |
| 3 | * See Documentation/security/asymmetric-keys.txt |
| 4 | * |
| 5 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. |
| 6 | * Written by David Howells (dhowells@redhat.com) |
| 7 | * |
| 8 | * This program is free software; you can redistribute it and/or |
| 9 | * modify it under the terms of the GNU General Public Licence |
| 10 | * as published by the Free Software Foundation; either version |
| 11 | * 2 of the Licence, or (at your option) any later version. |
| 12 | */ |
| 13 | |
| 14 | #ifndef _KEYS_ASYMMETRIC_TYPE_H |
| 15 | #define _KEYS_ASYMMETRIC_TYPE_H |
| 16 | |
| 17 | #include <linux/key-type.h> |
| 18 | |
| 19 | extern struct key_type key_type_asymmetric; |
| 20 | |
| 21 | /* |
David Howells | 146aa8b | 2015-10-21 14:04:48 +0100 | [diff] [blame] | 22 | * The key payload is four words. The asymmetric-type key uses them as |
| 23 | * follows: |
| 24 | */ |
| 25 | enum asymmetric_payload_bits { |
| 26 | asym_crypto, |
| 27 | asym_subtype, |
| 28 | asym_key_ids, |
| 29 | }; |
| 30 | |
| 31 | /* |
David Howells | 7901c1a | 2014-09-16 17:36:11 +0100 | [diff] [blame] | 32 | * Identifiers for an asymmetric key ID. We have three ways of looking up a |
| 33 | * key derived from an X.509 certificate: |
| 34 | * |
| 35 | * (1) Serial Number & Issuer. Non-optional. This is the only valid way to |
| 36 | * map a PKCS#7 signature to an X.509 certificate. |
| 37 | * |
| 38 | * (2) Issuer & Subject Unique IDs. Optional. These were the original way to |
| 39 | * match X.509 certificates, but have fallen into disuse in favour of (3). |
| 40 | * |
| 41 | * (3) Auth & Subject Key Identifiers. Optional. SKIDs are only provided on |
| 42 | * CA keys that are intended to sign other keys, so don't appear in end |
| 43 | * user certificates unless forced. |
| 44 | * |
| 45 | * We could also support an PGP key identifier, which is just a SHA1 sum of the |
| 46 | * public key and certain parameters, but since we don't support PGP keys at |
| 47 | * the moment, we shall ignore those. |
| 48 | * |
| 49 | * What we actually do is provide a place where binary identifiers can be |
| 50 | * stashed and then compare against them when checking for an id match. |
| 51 | */ |
| 52 | struct asymmetric_key_id { |
| 53 | unsigned short len; |
| 54 | unsigned char data[]; |
| 55 | }; |
| 56 | |
| 57 | struct asymmetric_key_ids { |
| 58 | void *id[2]; |
| 59 | }; |
| 60 | |
| 61 | extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1, |
| 62 | const struct asymmetric_key_id *kid2); |
| 63 | |
Dmitry Kasatkin | f1b731d | 2014-10-06 15:21:05 +0100 | [diff] [blame] | 64 | extern bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1, |
| 65 | const struct asymmetric_key_id *kid2); |
| 66 | |
David Howells | 7901c1a | 2014-09-16 17:36:11 +0100 | [diff] [blame] | 67 | extern struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1, |
| 68 | size_t len_1, |
| 69 | const void *val_2, |
| 70 | size_t len_2); |
David Howells | 146aa8b | 2015-10-21 14:04:48 +0100 | [diff] [blame] | 71 | static inline |
| 72 | const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key) |
| 73 | { |
| 74 | return key->payload.data[asym_key_ids]; |
| 75 | } |
David Howells | 7901c1a | 2014-09-16 17:36:11 +0100 | [diff] [blame] | 76 | |
| 77 | /* |
David Howells | 964f3b3 | 2012-09-13 15:17:21 +0100 | [diff] [blame] | 78 | * The payload is at the discretion of the subtype. |
| 79 | */ |
| 80 | |
| 81 | #endif /* _KEYS_ASYMMETRIC_TYPE_H */ |