[mirror_ubuntu-artful-kernel.git] / include / keys / asymmetric-type.h

/* Asymmetric Public-key cryptography key type interface
 *
 * See Documentation/security/asymmetric-keys.txt
 *
 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
 * Written by David Howells (dhowells@redhat.com)
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public Licence
 * as published by the Free Software Foundation; either version
 * 2 of the Licence, or (at your option) any later version.
 */

#ifndef _KEYS_ASYMMETRIC_TYPE_H
#define _KEYS_ASYMMETRIC_TYPE_H

#include <linux/key-type.h>

extern struct key_type key_type_asymmetric;

/*
 * The key payload is four words.  The asymmetric-type key uses them as
 * follows:
 */
enum asymmetric_payload_bits {
	asym_crypto,		/* The data representing the key */
	asym_subtype,		/* Pointer to an asymmetric_key_subtype struct */
	asym_key_ids,		/* Pointer to an asymmetric_key_ids struct */
	asym_auth		/* The key's authorisation (signature, parent key ID) */
};

/*
 * Identifiers for an asymmetric key ID.  We have three ways of looking up a
 * key derived from an X.509 certificate:
 *
 * (1) Serial Number & Issuer.  Non-optional.  This is the only valid way to
 *     map a PKCS#7 signature to an X.509 certificate.
 *
 * (2) Issuer & Subject Unique IDs.  Optional.  These were the original way to
 *     match X.509 certificates, but have fallen into disuse in favour of (3).
 *
 * (3) Auth & Subject Key Identifiers.  Optional.  SKIDs are only provided on
 *     CA keys that are intended to sign other keys, so don't appear in end
 *     user certificates unless forced.
 *
 * We could also support an PGP key identifier, which is just a SHA1 sum of the
 * public key and certain parameters, but since we don't support PGP keys at
 * the moment, we shall ignore those.
 *
 * What we actually do is provide a place where binary identifiers can be
 * stashed and then compare against them when checking for an id match.
 */
struct asymmetric_key_id {
	unsigned short	len;
	unsigned char	data[];
};

struct asymmetric_key_ids {
	void		*id[2];
};

extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
				   const struct asymmetric_key_id *kid2);

extern bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1,
				      const struct asymmetric_key_id *kid2);

extern struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1,
							    size_t len_1,
							    const void *val_2,
							    size_t len_2);
static inline
const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key)
{
	return key->payload.data[asym_key_ids];
}

/*
 * The payload is at the discretion of the subtype.
 */

#endif /* _KEYS_ASYMMETRIC_TYPE_H */
Commit	Line	Data
964f3b3b DH	1	/* Asymmetric Public-key cryptography key type interface
	2	*
	3	* See Documentation/security/asymmetric-keys.txt
	4	*
	5	* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
	6	* Written by David Howells (dhowells@redhat.com)
	7	*
	8	* This program is free software; you can redistribute it and/or
	9	* modify it under the terms of the GNU General Public Licence
	10	* as published by the Free Software Foundation; either version
	11	* 2 of the Licence, or (at your option) any later version.
	12	*/
	13
	14	#ifndef _KEYS_ASYMMETRIC_TYPE_H
	15	#define _KEYS_ASYMMETRIC_TYPE_H
	16
	17	#include <linux/key-type.h>
	18
	19	extern struct key_type key_type_asymmetric;
	20
146aa8b1 DH	21	/*
	22	* The key payload is four words. The asymmetric-type key uses them as
	23	* follows:
	24	*/
	25	enum asymmetric_payload_bits {
3b764563 DH	26	asym_crypto, /* The data representing the key */
	27	asym_subtype, /* Pointer to an asymmetric_key_subtype struct */
	28	asym_key_ids, /* Pointer to an asymmetric_key_ids struct */
	29	asym_auth /* The key's authorisation (signature, parent key ID) */
146aa8b1 DH	30	};
146aa8b1 DH	31
7901c1a8 DH	32	/*
	33	* Identifiers for an asymmetric key ID. We have three ways of looking up a
	34	* key derived from an X.509 certificate:
	35	*
	36	* (1) Serial Number & Issuer. Non-optional. This is the only valid way to
	37	* map a PKCS#7 signature to an X.509 certificate.
	38	*
	39	* (2) Issuer & Subject Unique IDs. Optional. These were the original way to
	40	* match X.509 certificates, but have fallen into disuse in favour of (3).
	41	*
	42	* (3) Auth & Subject Key Identifiers. Optional. SKIDs are only provided on
	43	* CA keys that are intended to sign other keys, so don't appear in end
	44	* user certificates unless forced.
	45	*
	46	* We could also support an PGP key identifier, which is just a SHA1 sum of the
	47	* public key and certain parameters, but since we don't support PGP keys at
	48	* the moment, we shall ignore those.
	49	*
	50	* What we actually do is provide a place where binary identifiers can be
	51	* stashed and then compare against them when checking for an id match.
	52	*/
	53	struct asymmetric_key_id {
	54	unsigned short len;
	55	unsigned char data[];
	56	};
	57
	58	struct asymmetric_key_ids {
	59	void *id[2];
	60	};
	61
	62	extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
	63	const struct asymmetric_key_id *kid2);
	64
f1b731db DK	65	extern bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1,
	66	const struct asymmetric_key_id *kid2);
	67
7901c1a8 DH	68	extern struct asymmetric_key_id asymmetric_key_generate_id(const void val_1,
	69	size_t len_1,
	70	const void *val_2,
	71	size_t len_2);
146aa8b1 DH	72	static inline
	73	const struct asymmetric_key_ids asymmetric_key_ids(const struct key key)
	74	{
	75	return key->payload.data[asym_key_ids];
	76	}
7901c1a8	77
964f3b3b DH	78	/*
	79	* The payload is at the discretion of the subtype.
	80	*/
	81
	82	#endif /* _KEYS_ASYMMETRIC_TYPE_H */