Blame view
include/keys/asymmetric-type.h
2.66 KB
b4d0d230c
|
1 |
/* SPDX-License-Identifier: GPL-2.0-or-later */ |
964f3b3bf
|
2 3 |
/* Asymmetric Public-key cryptography key type interface * |
0efaaa865
|
4 |
* See Documentation/crypto/asymmetric-keys.rst |
964f3b3bf
|
5 6 7 |
* * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) |
964f3b3bf
|
8 9 10 11 12 13 |
*/ #ifndef _KEYS_ASYMMETRIC_TYPE_H #define _KEYS_ASYMMETRIC_TYPE_H #include <linux/key-type.h> |
e68503bd6
|
14 |
#include <linux/verification.h> |
964f3b3bf
|
15 16 17 18 |
extern struct key_type key_type_asymmetric; /* |
146aa8b14
|
19 20 21 22 |
* The key payload is four words. The asymmetric-type key uses them as * follows: */ enum asymmetric_payload_bits { |
3b7645631
|
23 24 25 26 |
asym_crypto, /* The data representing the key */ asym_subtype, /* Pointer to an asymmetric_key_subtype struct */ asym_key_ids, /* Pointer to an asymmetric_key_ids struct */ asym_auth /* The key's authorisation (signature, parent key ID) */ |
146aa8b14
|
27 28 29 |
}; /* |
7901c1a8e
|
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
* Identifiers for an asymmetric key ID. We have three ways of looking up a * key derived from an X.509 certificate: * * (1) Serial Number & Issuer. Non-optional. This is the only valid way to * map a PKCS#7 signature to an X.509 certificate. * * (2) Issuer & Subject Unique IDs. Optional. These were the original way to * match X.509 certificates, but have fallen into disuse in favour of (3). * * (3) Auth & Subject Key Identifiers. Optional. SKIDs are only provided on * CA keys that are intended to sign other keys, so don't appear in end * user certificates unless forced. * * We could also support an PGP key identifier, which is just a SHA1 sum of the * public key and certain parameters, but since we don't support PGP keys at * the moment, we shall ignore those. * * What we actually do is provide a place where binary identifiers can be * stashed and then compare against them when checking for an id match. */ struct asymmetric_key_id { unsigned short len; unsigned char data[]; }; struct asymmetric_key_ids { void *id[2]; }; extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1, const struct asymmetric_key_id *kid2); |
f1b731dbc
|
61 62 |
extern bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1, const struct asymmetric_key_id *kid2); |
7901c1a8e
|
63 64 65 66 |
extern struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1, size_t len_1, const void *val_2, size_t len_2); |
146aa8b14
|
67 68 69 70 71 |
static inline const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key) { return key->payload.data[asym_key_ids]; } |
7901c1a8e
|
72 |
|
9eb029893
|
73 74 75 76 |
extern struct key *find_asymmetric_key(struct key *keyring, const struct asymmetric_key_id *id_0, const struct asymmetric_key_id *id_1, bool partial); |
983023f28
|
77 |
|
7901c1a8e
|
78 |
/* |
964f3b3bf
|
79 80 81 82 |
* The payload is at the discretion of the subtype. */ #endif /* _KEYS_ASYMMETRIC_TYPE_H */ |