Branch data     Line data    Source code

       1                 :            : /* SPDX-License-Identifier: GPL-2.0-or-later */
       2                 :            : /* Asymmetric Public-key cryptography key type interface
       3                 :            :  *
       4                 :            :  * See Documentation/crypto/asymmetric-keys.txt
       5                 :            :  *
       6                 :            :  * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
       7                 :            :  * Written by David Howells (dhowells@redhat.com)
       8                 :            :  */
       9                 :            : 
      10                 :            : #ifndef _KEYS_ASYMMETRIC_TYPE_H
      11                 :            : #define _KEYS_ASYMMETRIC_TYPE_H
      12                 :            : 
      13                 :            : #include <linux/key-type.h>
      14                 :            : #include <linux/verification.h>
      15                 :            : 
      16                 :            : extern struct key_type key_type_asymmetric;
      17                 :            : 
      18                 :            : /*
      19                 :            :  * The key payload is four words.  The asymmetric-type key uses them as
      20                 :            :  * follows:
      21                 :            :  */
      22                 :            : enum asymmetric_payload_bits {
      23                 :            :         asym_crypto,            /* The data representing the key */
      24                 :            :         asym_subtype,           /* Pointer to an asymmetric_key_subtype struct */
      25                 :            :         asym_key_ids,           /* Pointer to an asymmetric_key_ids struct */
      26                 :            :         asym_auth               /* The key's authorisation (signature, parent key ID) */
      27                 :            : };
      28                 :            : 
      29                 :            : /*
      30                 :            :  * Identifiers for an asymmetric key ID.  We have three ways of looking up a
      31                 :            :  * key derived from an X.509 certificate:
      32                 :            :  *
      33                 :            :  * (1) Serial Number & Issuer.  Non-optional.  This is the only valid way to
      34                 :            :  *     map a PKCS#7 signature to an X.509 certificate.
      35                 :            :  *
      36                 :            :  * (2) Issuer & Subject Unique IDs.  Optional.  These were the original way to
      37                 :            :  *     match X.509 certificates, but have fallen into disuse in favour of (3).
      38                 :            :  *
      39                 :            :  * (3) Auth & Subject Key Identifiers.  Optional.  SKIDs are only provided on
      40                 :            :  *     CA keys that are intended to sign other keys, so don't appear in end
      41                 :            :  *     user certificates unless forced.
      42                 :            :  *
      43                 :            :  * We could also support an PGP key identifier, which is just a SHA1 sum of the
      44                 :            :  * public key and certain parameters, but since we don't support PGP keys at
      45                 :            :  * the moment, we shall ignore those.
      46                 :            :  *
      47                 :            :  * What we actually do is provide a place where binary identifiers can be
      48                 :            :  * stashed and then compare against them when checking for an id match.
      49                 :            :  */
      50                 :            : struct asymmetric_key_id {
      51                 :            :         unsigned short  len;
      52                 :            :         unsigned char   data[];
      53                 :            : };
      54                 :            : 
      55                 :            : struct asymmetric_key_ids {
      56                 :            :         void            *id[2];
      57                 :            : };
      58                 :            : 
      59                 :            : extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
      60                 :            :                                    const struct asymmetric_key_id *kid2);
      61                 :            : 
      62                 :            : extern bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1,
      63                 :            :                                       const struct asymmetric_key_id *kid2);
      64                 :            : 
      65                 :            : extern struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1,
      66                 :            :                                                             size_t len_1,
      67                 :            :                                                             const void *val_2,
      68                 :            :                                                             size_t len_2);
      69                 :            : static inline
      70                 :            : const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key)
      71                 :            : {
      72                 :        207 :         return key->payload.data[asym_key_ids];
      73                 :            : }
      74                 :            : 
      75                 :            : extern struct key *find_asymmetric_key(struct key *keyring,
      76                 :            :                                        const struct asymmetric_key_id *id_0,
      77                 :            :                                        const struct asymmetric_key_id *id_1,
      78                 :            :                                        bool partial);
      79                 :            : 
      80                 :            : /*
      81                 :            :  * The payload is at the discretion of the subtype.
      82                 :            :  */
      83                 :            : 
      84                 :            : #endif /* _KEYS_ASYMMETRIC_TYPE_H */