blob: 91cfd9bd9385ea00195383f0abffcf8fb153b151 [file] [log] [blame]
Thomas Gleixnerb4d0d232019-05-20 19:08:01 +02001/* SPDX-License-Identifier: GPL-2.0-or-later */
David Howells964f3b32012-09-13 15:17:21 +01002/* Asymmetric Public-key cryptography key type interface
3 *
Mauro Carvalho Chehab5fb94e92018-05-08 15:14:57 -03004 * See Documentation/crypto/asymmetric-keys.txt
David Howells964f3b32012-09-13 15:17:21 +01005 *
6 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
7 * Written by David Howells (dhowells@redhat.com)
David Howells964f3b32012-09-13 15:17:21 +01008 */
9
10#ifndef _KEYS_ASYMMETRIC_TYPE_H
11#define _KEYS_ASYMMETRIC_TYPE_H
12
13#include <linux/key-type.h>
David Howellse68503b2016-04-06 16:14:24 +010014#include <linux/verification.h>
David Howells964f3b32012-09-13 15:17:21 +010015
16extern struct key_type key_type_asymmetric;
17
18/*
David Howells146aa8b2015-10-21 14:04:48 +010019 * The key payload is four words. The asymmetric-type key uses them as
20 * follows:
21 */
22enum asymmetric_payload_bits {
David Howells3b764562016-04-06 16:13:33 +010023 asym_crypto, /* The data representing the key */
24 asym_subtype, /* Pointer to an asymmetric_key_subtype struct */
25 asym_key_ids, /* Pointer to an asymmetric_key_ids struct */
26 asym_auth /* The key's authorisation (signature, parent key ID) */
David Howells146aa8b2015-10-21 14:04:48 +010027};
28
29/*
David Howells7901c1a2014-09-16 17:36:11 +010030 * Identifiers for an asymmetric key ID. We have three ways of looking up a
31 * key derived from an X.509 certificate:
32 *
33 * (1) Serial Number & Issuer. Non-optional. This is the only valid way to
34 * map a PKCS#7 signature to an X.509 certificate.
35 *
36 * (2) Issuer & Subject Unique IDs. Optional. These were the original way to
37 * match X.509 certificates, but have fallen into disuse in favour of (3).
38 *
39 * (3) Auth & Subject Key Identifiers. Optional. SKIDs are only provided on
40 * CA keys that are intended to sign other keys, so don't appear in end
41 * user certificates unless forced.
42 *
43 * We could also support an PGP key identifier, which is just a SHA1 sum of the
44 * public key and certain parameters, but since we don't support PGP keys at
45 * the moment, we shall ignore those.
46 *
47 * What we actually do is provide a place where binary identifiers can be
48 * stashed and then compare against them when checking for an id match.
49 */
50struct asymmetric_key_id {
51 unsigned short len;
52 unsigned char data[];
53};
54
55struct asymmetric_key_ids {
56 void *id[2];
57};
58
59extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
60 const struct asymmetric_key_id *kid2);
61
Dmitry Kasatkinf1b731d2014-10-06 15:21:05 +010062extern bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1,
63 const struct asymmetric_key_id *kid2);
64
David Howells7901c1a2014-09-16 17:36:11 +010065extern struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1,
66 size_t len_1,
67 const void *val_2,
68 size_t len_2);
David Howells146aa8b2015-10-21 14:04:48 +010069static inline
70const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key)
71{
72 return key->payload.data[asym_key_ids];
73}
David Howells7901c1a2014-09-16 17:36:11 +010074
David Howells9eb02982016-04-06 16:14:25 +010075extern struct key *find_asymmetric_key(struct key *keyring,
76 const struct asymmetric_key_id *id_0,
77 const struct asymmetric_key_id *id_1,
78 bool partial);
David Howells983023f2016-04-06 16:14:25 +010079
David Howells7901c1a2014-09-16 17:36:11 +010080/*
David Howells964f3b32012-09-13 15:17:21 +010081 * The payload is at the discretion of the subtype.
82 */
83
84#endif /* _KEYS_ASYMMETRIC_TYPE_H */