asymmetric-type.h source code [linux/include/keys/asymmetric-type.h]

1	/ SPDX-License-Identifier: GPL-2.0-or-later /
2	/ Asymmetric Public-key cryptography key type interface*
3	*
4	* See Documentation/crypto/asymmetric-keys.rst
5	*
6	* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
7	* Written by David Howells (dhowells@redhat.com)
8	*/
9
10	#ifndef _KEYS_ASYMMETRIC_TYPE_H
11	#define _KEYS_ASYMMETRIC_TYPE_H
12
13	#include <linux/key-type.h>
14	#include <linux/verification.h>
15
16	extern struct key_type key_type_asymmetric;
17
18	/*
19	* The key payload is four words. The asymmetric-type key uses them as
20	* follows:
21	*/
22	enum asymmetric_payload_bits {
23	asym_crypto, / The data representing the key /
24	asym_subtype, / Pointer to an asymmetric_key_subtype struct /
25	asym_key_ids, / Pointer to an asymmetric_key_ids struct /
26	asym_auth / The key's authorisation (signature, parent key ID) /
27	};
28
29	/*
30	* Identifiers for an asymmetric key ID. We have three ways of looking up a
31	* key derived from an X.509 certificate:
32	*
33	* (1) Serial Number & Issuer. Non-optional. This is the only valid way to
34	* map a PKCS#7 signature to an X.509 certificate.
35	*
36	* (2) Issuer & Subject Unique IDs. Optional. These were the original way to
37	* match X.509 certificates, but have fallen into disuse in favour of (3).
38	*
39	* (3) Auth & Subject Key Identifiers. Optional. SKIDs are only provided on
40	* CA keys that are intended to sign other keys, so don't appear in end
41	* user certificates unless forced.
42	*
43	* We could also support an PGP key identifier, which is just a SHA1 sum of the
44	* public key and certain parameters, but since we don't support PGP keys at
45	* the moment, we shall ignore those.
46	*
47	* What we actually do is provide a place where binary identifiers can be
48	* stashed and then compare against them when checking for an id match.
49	*/
50	struct asymmetric_key_id {
51	unsigned short len;
52	unsigned char data[] __counted_by(len);
53	};
54
55	struct asymmetric_key_ids {
56	void *id[`3`];
57	};
58
59	extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
60	const struct asymmetric_key_id *kid2);
61
62	extern bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1,
63	const struct asymmetric_key_id *kid2);
64
65	extern struct asymmetric_key_id asymmetric_key_generate_id(const* void *val_1,
66	size_t len_1,
67	const void *val_2,
68	size_t len_2);
69	static inline
70	const struct asymmetric_key_ids asymmetric_key_ids(const* struct key *key)
71	{
72	return key->payload.data[asym_key_ids];
73	}
74
75	static inline
76	const struct public_key asymmetric_key_public_key(const* struct key *key)
77	{
78	return key->payload.data[asym_crypto];
79	}
80
81	extern struct key find_asymmetric_key(struct* key *keyring,
82	const struct asymmetric_key_id *id_0,
83	const struct asymmetric_key_id *id_1,
84	const struct asymmetric_key_id *id_2,
85	bool partial);
86
87	int x509_load_certificate_list(const u8 cert_list[], const unsigned long list_size,
88	const struct key *keyring);
89
90	/*
91	* The payload is at the discretion of the subtype.
92	*/
93
94	#endif /* _KEYS_ASYMMETRIC_TYPE_H */
95

source code of linux/include/keys/asymmetric-type.h