Commit | Line | Data |
---|---|---|
964f3b3b DH |
1 | /* Asymmetric Public-key cryptography key type interface |
2 | * | |
3 | * See Documentation/security/asymmetric-keys.txt | |
4 | * | |
5 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. | |
6 | * Written by David Howells (dhowells@redhat.com) | |
7 | * | |
8 | * This program is free software; you can redistribute it and/or | |
9 | * modify it under the terms of the GNU General Public Licence | |
10 | * as published by the Free Software Foundation; either version | |
11 | * 2 of the Licence, or (at your option) any later version. | |
12 | */ | |
13 | ||
14 | #ifndef _KEYS_ASYMMETRIC_TYPE_H | |
15 | #define _KEYS_ASYMMETRIC_TYPE_H | |
16 | ||
17 | #include <linux/key-type.h> | |
18 | ||
19 | extern struct key_type key_type_asymmetric; | |
20 | ||
7901c1a8 DH |
21 | /* |
22 | * Identifiers for an asymmetric key ID. We have three ways of looking up a | |
23 | * key derived from an X.509 certificate: | |
24 | * | |
25 | * (1) Serial Number & Issuer. Non-optional. This is the only valid way to | |
26 | * map a PKCS#7 signature to an X.509 certificate. | |
27 | * | |
28 | * (2) Issuer & Subject Unique IDs. Optional. These were the original way to | |
29 | * match X.509 certificates, but have fallen into disuse in favour of (3). | |
30 | * | |
31 | * (3) Auth & Subject Key Identifiers. Optional. SKIDs are only provided on | |
32 | * CA keys that are intended to sign other keys, so don't appear in end | |
33 | * user certificates unless forced. | |
34 | * | |
35 | * We could also support an PGP key identifier, which is just a SHA1 sum of the | |
36 | * public key and certain parameters, but since we don't support PGP keys at | |
37 | * the moment, we shall ignore those. | |
38 | * | |
39 | * What we actually do is provide a place where binary identifiers can be | |
40 | * stashed and then compare against them when checking for an id match. | |
41 | */ | |
42 | struct asymmetric_key_id { | |
43 | unsigned short len; | |
44 | unsigned char data[]; | |
45 | }; | |
46 | ||
47 | struct asymmetric_key_ids { | |
48 | void *id[2]; | |
49 | }; | |
50 | ||
51 | extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1, | |
52 | const struct asymmetric_key_id *kid2); | |
53 | ||
f1b731db DK |
54 | extern bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1, |
55 | const struct asymmetric_key_id *kid2); | |
56 | ||
7901c1a8 DH |
57 | extern struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1, |
58 | size_t len_1, | |
59 | const void *val_2, | |
60 | size_t len_2); | |
61 | ||
964f3b3b DH |
62 | /* |
63 | * The payload is at the discretion of the subtype. | |
64 | */ | |
65 | ||
66 | #endif /* _KEYS_ASYMMETRIC_TYPE_H */ |