Branch data Line data Source code
1 : : /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 : : /* Asymmetric Public-key cryptography key type interface 3 : : * 4 : : * See Documentation/crypto/asymmetric-keys.txt 5 : : * 6 : : * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. 7 : : * Written by David Howells (dhowells@redhat.com) 8 : : */ 9 : : 10 : : #ifndef _KEYS_ASYMMETRIC_TYPE_H 11 : : #define _KEYS_ASYMMETRIC_TYPE_H 12 : : 13 : : #include <linux/key-type.h> 14 : : #include <linux/verification.h> 15 : : 16 : : extern struct key_type key_type_asymmetric; 17 : : 18 : : /* 19 : : * The key payload is four words. The asymmetric-type key uses them as 20 : : * follows: 21 : : */ 22 : : enum asymmetric_payload_bits { 23 : : asym_crypto, /* The data representing the key */ 24 : : asym_subtype, /* Pointer to an asymmetric_key_subtype struct */ 25 : : asym_key_ids, /* Pointer to an asymmetric_key_ids struct */ 26 : : asym_auth /* The key's authorisation (signature, parent key ID) */ 27 : : }; 28 : : 29 : : /* 30 : : * Identifiers for an asymmetric key ID. We have three ways of looking up a 31 : : * key derived from an X.509 certificate: 32 : : * 33 : : * (1) Serial Number & Issuer. Non-optional. This is the only valid way to 34 : : * map a PKCS#7 signature to an X.509 certificate. 35 : : * 36 : : * (2) Issuer & Subject Unique IDs. Optional. These were the original way to 37 : : * match X.509 certificates, but have fallen into disuse in favour of (3). 38 : : * 39 : : * (3) Auth & Subject Key Identifiers. Optional. SKIDs are only provided on 40 : : * CA keys that are intended to sign other keys, so don't appear in end 41 : : * user certificates unless forced. 42 : : * 43 : : * We could also support an PGP key identifier, which is just a SHA1 sum of the 44 : : * public key and certain parameters, but since we don't support PGP keys at 45 : : * the moment, we shall ignore those. 46 : : * 47 : : * What we actually do is provide a place where binary identifiers can be 48 : : * stashed and then compare against them when checking for an id match. 49 : : */ 50 : : struct asymmetric_key_id { 51 : : unsigned short len; 52 : : unsigned char data[]; 53 : : }; 54 : : 55 : : struct asymmetric_key_ids { 56 : : void *id[2]; 57 : : }; 58 : : 59 : : extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1, 60 : : const struct asymmetric_key_id *kid2); 61 : : 62 : : extern bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1, 63 : : const struct asymmetric_key_id *kid2); 64 : : 65 : : extern struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1, 66 : : size_t len_1, 67 : : const void *val_2, 68 : : size_t len_2); 69 : : static inline 70 : 0 : const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key) 71 : : { 72 [ # # # # : 0 : return key->payload.data[asym_key_ids]; # # ] 73 : : } 74 : : 75 : : extern struct key *find_asymmetric_key(struct key *keyring, 76 : : const struct asymmetric_key_id *id_0, 77 : : const struct asymmetric_key_id *id_1, 78 : : bool partial); 79 : : 80 : : /* 81 : : * The payload is at the discretion of the subtype. 82 : : */ 83 : : 84 : : #endif /* _KEYS_ASYMMETRIC_TYPE_H */