include/keys/asymmetric-type.h - kernel/common - Git at Google

 /* Asymmetric Public-key cryptography key type interface
  *
  * See Documentation/security/asymmetric-keys.txt
  *
  * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
  * Written by David Howells ([email protected])
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public Licence
  * as published by the Free Software Foundation; either version
  * 2 of the Licence, or (at your option) any later version.
  */

 #ifndef _KEYS_ASYMMETRIC_TYPE_H
 #define _KEYS_ASYMMETRIC_TYPE_H

 #include <linux/key-type.h>
 #include <linux/verification.h>

 extern struct key_type key_type_asymmetric;

 /*
  * The key payload is four words.  The asymmetric-type key uses them as
  * follows:
  */
 enum asymmetric_payload_bits {
 	asym_crypto,		/* The data representing the key */
 	asym_subtype,		/* Pointer to an asymmetric_key_subtype struct */
 	asym_key_ids,		/* Pointer to an asymmetric_key_ids struct */
 	asym_auth		/* The key's authorisation (signature, parent key ID) */
 };

 /*
  * Identifiers for an asymmetric key ID.  We have three ways of looking up a
  * key derived from an X.509 certificate:
  *
  * (1) Serial Number & Issuer.  Non-optional.  This is the only valid way to
  *     map a PKCS#7 signature to an X.509 certificate.
  *
  * (2) Issuer & Subject Unique IDs.  Optional.  These were the original way to
  *     match X.509 certificates, but have fallen into disuse in favour of (3).
  *
  * (3) Auth & Subject Key Identifiers.  Optional.  SKIDs are only provided on
  *     CA keys that are intended to sign other keys, so don't appear in end
  *     user certificates unless forced.
  *
  * We could also support an PGP key identifier, which is just a SHA1 sum of the
  * public key and certain parameters, but since we don't support PGP keys at
  * the moment, we shall ignore those.
  *
  * What we actually do is provide a place where binary identifiers can be
  * stashed and then compare against them when checking for an id match.
  */
 struct asymmetric_key_id {
 	unsigned short	len;
 	unsigned char	data[];
 };

 struct asymmetric_key_ids {
 	void		*id[2];
 };

 extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
 				   const struct asymmetric_key_id *kid2);

 extern bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1,
 				      const struct asymmetric_key_id *kid2);

 extern struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1,
 							    size_t len_1,
 							    const void *val_2,
 							    size_t len_2);
 static inline
 const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key)
 {
 	return key->payload.data[asym_key_ids];
 }

 extern struct key *find_asymmetric_key(struct key *keyring,
 				       const struct asymmetric_key_id *id_0,
 				       const struct asymmetric_key_id *id_1,
 				       bool partial);

 /*
  * The payload is at the discretion of the subtype.
  */

 #endif /* _KEYS_ASYMMETRIC_TYPE_H */
	/* Asymmetric Public-key cryptography key type interface
	*
	* See Documentation/security/asymmetric-keys.txt
	*
	* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
	* Written by David Howells ([email protected])
	*
	* This program is free software; you can redistribute it and/or
	* modify it under the terms of the GNU General Public Licence
	* as published by the Free Software Foundation; either version
	* 2 of the Licence, or (at your option) any later version.
	*/

	#ifndef _KEYS_ASYMMETRIC_TYPE_H
	#define _KEYS_ASYMMETRIC_TYPE_H

	#include <linux/key-type.h>
	#include <linux/verification.h>

	extern struct key_type key_type_asymmetric;

	/*
	* The key payload is four words. The asymmetric-type key uses them as
	* follows:
	*/
	enum asymmetric_payload_bits {
	asym_crypto, /* The data representing the key */
	asym_subtype, /* Pointer to an asymmetric_key_subtype struct */
	asym_key_ids, /* Pointer to an asymmetric_key_ids struct */
	asym_auth /* The key's authorisation (signature, parent key ID) */
	};

	/*
	* Identifiers for an asymmetric key ID. We have three ways of looking up a
	* key derived from an X.509 certificate:
	*
	* (1) Serial Number & Issuer. Non-optional. This is the only valid way to
	* map a PKCS#7 signature to an X.509 certificate.
	*
	* (2) Issuer & Subject Unique IDs. Optional. These were the original way to
	* match X.509 certificates, but have fallen into disuse in favour of (3).
	*
	* (3) Auth & Subject Key Identifiers. Optional. SKIDs are only provided on
	* CA keys that are intended to sign other keys, so don't appear in end
	* user certificates unless forced.
	*
	* We could also support an PGP key identifier, which is just a SHA1 sum of the
	* public key and certain parameters, but since we don't support PGP keys at
	* the moment, we shall ignore those.
	*
	* What we actually do is provide a place where binary identifiers can be
	* stashed and then compare against them when checking for an id match.
	*/
	struct asymmetric_key_id {
	unsigned short len;
	unsigned char data[];
	};

	struct asymmetric_key_ids {
	void *id[2];
	};

	extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
	const struct asymmetric_key_id *kid2);

	extern bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1,
	const struct asymmetric_key_id *kid2);

	extern struct asymmetric_key_id asymmetric_key_generate_id(const void val_1,
	size_t len_1,
	const void *val_2,
	size_t len_2);
	static inline
	const struct asymmetric_key_ids asymmetric_key_ids(const struct key key)
	{
	return key->payload.data[asym_key_ids];
	}

	extern struct key find_asymmetric_key(struct key keyring,
	const struct asymmetric_key_id *id_0,
	const struct asymmetric_key_id *id_1,
	bool partial);

	/*
	* The payload is at the discretion of the subtype.
	*/

	#endif /* _KEYS_ASYMMETRIC_TYPE_H */