forked from Minki/linux
b4d0d230cc
Based on 1 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public licence as published by the free software foundation either version 2 of the licence or at your option any later version extracted by the scancode license scanner the SPDX license identifier GPL-2.0-or-later has been chosen to replace the boilerplate/reference in 114 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190520170857.552531963@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
85 lines
2.7 KiB
C
85 lines
2.7 KiB
C
/* SPDX-License-Identifier: GPL-2.0-or-later */
|
|
/* Asymmetric Public-key cryptography key type interface
|
|
*
|
|
* See Documentation/crypto/asymmetric-keys.txt
|
|
*
|
|
* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
*/
|
|
|
|
#ifndef _KEYS_ASYMMETRIC_TYPE_H
|
|
#define _KEYS_ASYMMETRIC_TYPE_H
|
|
|
|
#include <linux/key-type.h>
|
|
#include <linux/verification.h>
|
|
|
|
extern struct key_type key_type_asymmetric;
|
|
|
|
/*
|
|
* The key payload is four words. The asymmetric-type key uses them as
|
|
* follows:
|
|
*/
|
|
enum asymmetric_payload_bits {
|
|
asym_crypto, /* The data representing the key */
|
|
asym_subtype, /* Pointer to an asymmetric_key_subtype struct */
|
|
asym_key_ids, /* Pointer to an asymmetric_key_ids struct */
|
|
asym_auth /* The key's authorisation (signature, parent key ID) */
|
|
};
|
|
|
|
/*
|
|
* Identifiers for an asymmetric key ID. We have three ways of looking up a
|
|
* key derived from an X.509 certificate:
|
|
*
|
|
* (1) Serial Number & Issuer. Non-optional. This is the only valid way to
|
|
* map a PKCS#7 signature to an X.509 certificate.
|
|
*
|
|
* (2) Issuer & Subject Unique IDs. Optional. These were the original way to
|
|
* match X.509 certificates, but have fallen into disuse in favour of (3).
|
|
*
|
|
* (3) Auth & Subject Key Identifiers. Optional. SKIDs are only provided on
|
|
* CA keys that are intended to sign other keys, so don't appear in end
|
|
* user certificates unless forced.
|
|
*
|
|
* We could also support an PGP key identifier, which is just a SHA1 sum of the
|
|
* public key and certain parameters, but since we don't support PGP keys at
|
|
* the moment, we shall ignore those.
|
|
*
|
|
* What we actually do is provide a place where binary identifiers can be
|
|
* stashed and then compare against them when checking for an id match.
|
|
*/
|
|
struct asymmetric_key_id {
|
|
unsigned short len;
|
|
unsigned char data[];
|
|
};
|
|
|
|
struct asymmetric_key_ids {
|
|
void *id[2];
|
|
};
|
|
|
|
extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
|
|
const struct asymmetric_key_id *kid2);
|
|
|
|
extern bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1,
|
|
const struct asymmetric_key_id *kid2);
|
|
|
|
extern struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1,
|
|
size_t len_1,
|
|
const void *val_2,
|
|
size_t len_2);
|
|
static inline
|
|
const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key)
|
|
{
|
|
return key->payload.data[asym_key_ids];
|
|
}
|
|
|
|
extern struct key *find_asymmetric_key(struct key *keyring,
|
|
const struct asymmetric_key_id *id_0,
|
|
const struct asymmetric_key_id *id_1,
|
|
bool partial);
|
|
|
|
/*
|
|
* The payload is at the discretion of the subtype.
|
|
*/
|
|
|
|
#endif /* _KEYS_ASYMMETRIC_TYPE_H */
|