Gitiles
Code Review Sign In
android-review.linaro.org / kernel / hikey-linaro / bf7ef8f2d57cd1f5f1846dd58ff9309efad58252 / . / include / keys / asymmetric-type.h
blob: b38240716d411745b9e11e2d68030b1ae4a948fb [file] [log] [blame]
David Howells964f3b32012-09-13 15:17:21 +0100[diff] [blame]1/* Asymmetric Public-key cryptography key type interface
2 *
3 * See Documentation/security/asymmetric-keys.txt
4 *
5 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
6 * Written by David Howells (dhowells@redhat.com)
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public Licence
10 * as published by the Free Software Foundation; either version
11 * 2 of the Licence, or (at your option) any later version.
12 */
13
14#ifndef _KEYS_ASYMMETRIC_TYPE_H
15#define _KEYS_ASYMMETRIC_TYPE_H
16
17#include <linux/key-type.h>
David Howellse68503b2016-04-06 16:14:24 +0100[diff] [blame]18#include <linux/verification.h>
David Howells964f3b32012-09-13 15:17:21 +0100[diff] [blame]19
20extern struct key_type key_type_asymmetric;
21
22/*
David Howells146aa8b2015-10-21 14:04:48 +0100[diff] [blame]23 * The key payload is four words. The asymmetric-type key uses them as
24 * follows:
25 */
26enum asymmetric_payload_bits {
David Howells3b764562016-04-06 16:13:33 +0100[diff] [blame]27 asym_crypto, /* The data representing the key */
28 asym_subtype, /* Pointer to an asymmetric_key_subtype struct */
29 asym_key_ids, /* Pointer to an asymmetric_key_ids struct */
30 asym_auth /* The key's authorisation (signature, parent key ID) */
David Howells146aa8b2015-10-21 14:04:48 +0100[diff] [blame]31};
32
33/*
David Howells7901c1a2014-09-16 17:36:11 +0100[diff] [blame]34 * Identifiers for an asymmetric key ID. We have three ways of looking up a
35 * key derived from an X.509 certificate:
36 *
37 * (1) Serial Number & Issuer. Non-optional. This is the only valid way to
38 * map a PKCS#7 signature to an X.509 certificate.
39 *
40 * (2) Issuer & Subject Unique IDs. Optional. These were the original way to
41 * match X.509 certificates, but have fallen into disuse in favour of (3).
42 *
43 * (3) Auth & Subject Key Identifiers. Optional. SKIDs are only provided on
44 * CA keys that are intended to sign other keys, so don't appear in end
45 * user certificates unless forced.
46 *
47 * We could also support an PGP key identifier, which is just a SHA1 sum of the
48 * public key and certain parameters, but since we don't support PGP keys at
49 * the moment, we shall ignore those.
50 *
51 * What we actually do is provide a place where binary identifiers can be
52 * stashed and then compare against them when checking for an id match.
53 */
54struct asymmetric_key_id {
55 unsigned short len;
56 unsigned char data[];
57};
58
59struct asymmetric_key_ids {
60 void *id[2];
61};
62
63extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
64 const struct asymmetric_key_id *kid2);
65
Dmitry Kasatkinf1b731d2014-10-06 15:21:05 +0100[diff] [blame]66extern bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1,
67 const struct asymmetric_key_id *kid2);
68
David Howells7901c1a2014-09-16 17:36:11 +0100[diff] [blame]69extern struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1,
70 size_t len_1,
71 const void *val_2,
72 size_t len_2);
David Howells146aa8b2015-10-21 14:04:48 +0100[diff] [blame]73static inline
74const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key)
75{
76 return key->payload.data[asym_key_ids];
77}
David Howells7901c1a2014-09-16 17:36:11 +0100[diff] [blame]78
David Howells9eb02982016-04-06 16:14:25 +0100[diff] [blame]79extern struct key *find_asymmetric_key(struct key *keyring,
80 const struct asymmetric_key_id *id_0,
81 const struct asymmetric_key_id *id_1,
82 bool partial);
David Howells983023f2016-04-06 16:14:25 +0100[diff] [blame]83
David Howells7901c1a2014-09-16 17:36:11 +0100[diff] [blame]84/*
David Howells964f3b32012-09-13 15:17:21 +0100[diff] [blame]85 * The payload is at the discretion of the subtype.
86 */
87
88#endif /* _KEYS_ASYMMETRIC_TYPE_H */