1/* Asymmetric Public-key cryptography key type interface 2 * 3 * See Documentation/security/asymmetric-keys.txt 4 * 5 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. 6 * Written by David Howells (dhowells@redhat.com) 7 * 8 * This program is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU General Public Licence 10 * as published by the Free Software Foundation; either version 11 * 2 of the Licence, or (at your option) any later version. 12 */ 13 14#ifndef _KEYS_ASYMMETRIC_TYPE_H 15#define _KEYS_ASYMMETRIC_TYPE_H 16 17#include <linux/key-type.h> 18 19extern struct key_type key_type_asymmetric; 20 21/* 22 * Identifiers for an asymmetric key ID. We have three ways of looking up a 23 * key derived from an X.509 certificate: 24 * 25 * (1) Serial Number & Issuer. Non-optional. This is the only valid way to 26 * map a PKCS#7 signature to an X.509 certificate. 27 * 28 * (2) Issuer & Subject Unique IDs. Optional. These were the original way to 29 * match X.509 certificates, but have fallen into disuse in favour of (3). 30 * 31 * (3) Auth & Subject Key Identifiers. Optional. SKIDs are only provided on 32 * CA keys that are intended to sign other keys, so don't appear in end 33 * user certificates unless forced. 34 * 35 * We could also support an PGP key identifier, which is just a SHA1 sum of the 36 * public key and certain parameters, but since we don't support PGP keys at 37 * the moment, we shall ignore those. 38 * 39 * What we actually do is provide a place where binary identifiers can be 40 * stashed and then compare against them when checking for an id match. 41 */ 42struct asymmetric_key_id { 43 unsigned short len; 44 unsigned char data[]; 45}; 46 47struct asymmetric_key_ids { 48 void *id[2]; 49}; 50 51extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1, 52 const struct asymmetric_key_id *kid2); 53 54extern bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1, 55 const struct asymmetric_key_id *kid2); 56 57extern struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1, 58 size_t len_1, 59 const void *val_2, 60 size_t len_2); 61 62/* 63 * The payload is at the discretion of the subtype. 64 */ 65 66#endif /* _KEYS_ASYMMETRIC_TYPE_H */ 67