LXR linux/include/keys/asymmetric-type.h

   1/* SPDX-License-Identifier: GPL-2.0-or-later */
   2/* Asymmetric Public-key cryptography key type interface
   3 *
   4 * See Documentation/crypto/asymmetric-keys.txt
   5 *
   6 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
   7 * Written by David Howells (dhowells@redhat.com)
   8 */
   9
  10#ifndef _KEYS_ASYMMETRIC_TYPE_H
  11#define _KEYS_ASYMMETRIC_TYPE_H
  12
  13#include <linux/key-type.h>
  14#include <linux/verification.h>
  15
  16extern struct key_type key_type_asymmetric;
  17
  18/*
  19 * The key payload is four words.  The asymmetric-type key uses them as
  20 * follows:
  21 */
  22enum asymmetric_payload_bits {
  23        asym_crypto,            /* The data representing the key */
  24        asym_subtype,           /* Pointer to an asymmetric_key_subtype struct */
  25        asym_key_ids,           /* Pointer to an asymmetric_key_ids struct */
  26        asym_auth               /* The key's authorisation (signature, parent key ID) */
  27};
  28
  29/*
  30 * Identifiers for an asymmetric key ID.  We have three ways of looking up a
  31 * key derived from an X.509 certificate:
  32 *
  33 * (1) Serial Number & Issuer.  Non-optional.  This is the only valid way to
  34 *     map a PKCS#7 signature to an X.509 certificate.
  35 *
  36 * (2) Issuer & Subject Unique IDs.  Optional.  These were the original way to
  37 *     match X.509 certificates, but have fallen into disuse in favour of (3).
  38 *
  39 * (3) Auth & Subject Key Identifiers.  Optional.  SKIDs are only provided on
  40 *     CA keys that are intended to sign other keys, so don't appear in end
  41 *     user certificates unless forced.
  42 *
  43 * We could also support an PGP key identifier, which is just a SHA1 sum of the
  44 * public key and certain parameters, but since we don't support PGP keys at
  45 * the moment, we shall ignore those.
  46 *
  47 * What we actually do is provide a place where binary identifiers can be
  48 * stashed and then compare against them when checking for an id match.
  49 */
  50struct asymmetric_key_id {
  51        unsigned short  len;
  52        unsigned char   data[];
  53};
  54
  55struct asymmetric_key_ids {
  56        void            *id[2];
  57};
  58
  59extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
  60                                   const struct asymmetric_key_id *kid2);
  61
  62extern bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1,
  63                                      const struct asymmetric_key_id *kid2);
  64
  65extern struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1,
  66                                                            size_t len_1,
  67                                                            const void *val_2,
  68                                                            size_t len_2);
  69static inline
  70const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key)
  71{
  72        return key->payload.data[asym_key_ids];
  73}
  74
  75extern struct key *find_asymmetric_key(struct key *keyring,
  76                                       const struct asymmetric_key_id *id_0,
  77                                       const struct asymmetric_key_id *id_1,
  78                                       bool partial);
  79
  80/*
  81 * The payload is at the discretion of the subtype.
  82 */
  83
  84#endif /* _KEYS_ASYMMETRIC_TYPE_H */
  85