1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /* Asymmetric Public-key cryptography key type interface
3  *
4  * See Documentation/crypto/asymmetric-keys.txt
5  *
6  * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
7  * Written by David Howells (dhowells@redhat.com)
8  */
9 
10 #ifndef _KEYS_ASYMMETRIC_TYPE_H
11 #define _KEYS_ASYMMETRIC_TYPE_H
12 
13 #ifndef __UBOOT__
14 #include <linux/key-type.h>
15 #include <linux/verification.h>
16 
17 extern struct key_type key_type_asymmetric;
18 
19 /*
20  * The key payload is four words.  The asymmetric-type key uses them as
21  * follows:
22  */
23 enum asymmetric_payload_bits {
24 	asym_crypto,		/* The data representing the key */
25 	asym_subtype,		/* Pointer to an asymmetric_key_subtype struct */
26 	asym_key_ids,		/* Pointer to an asymmetric_key_ids struct */
27 	asym_auth		/* The key's authorisation (signature, parent key ID) */
28 };
29 #endif /* !__UBOOT__ */
30 
31 /*
32  * Identifiers for an asymmetric key ID.  We have three ways of looking up a
33  * key derived from an X.509 certificate:
34  *
35  * (1) Serial Number & Issuer.  Non-optional.  This is the only valid way to
36  *     map a PKCS#7 signature to an X.509 certificate.
37  *
38  * (2) Issuer & Subject Unique IDs.  Optional.  These were the original way to
39  *     match X.509 certificates, but have fallen into disuse in favour of (3).
40  *
41  * (3) Auth & Subject Key Identifiers.  Optional.  SKIDs are only provided on
42  *     CA keys that are intended to sign other keys, so don't appear in end
43  *     user certificates unless forced.
44  *
45  * We could also support an PGP key identifier, which is just a SHA1 sum of the
46  * public key and certain parameters, but since we don't support PGP keys at
47  * the moment, we shall ignore those.
48  *
49  * What we actually do is provide a place where binary identifiers can be
50  * stashed and then compare against them when checking for an id match.
51  */
52 struct asymmetric_key_id {
53 	unsigned short	len;
54 	unsigned char	data[];
55 };
56 
57 struct asymmetric_key_ids {
58 	void		*id[2];
59 };
60 
61 extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
62 				   const struct asymmetric_key_id *kid2);
63 
64 extern bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1,
65 				      const struct asymmetric_key_id *kid2);
66 
67 extern struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1,
68 							    size_t len_1,
69 							    const void *val_2,
70 							    size_t len_2);
71 #ifndef __UBOOT__
72 static inline
asymmetric_key_ids(const struct key * key)73 const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key)
74 {
75 	return key->payload.data[asym_key_ids];
76 }
77 
78 extern struct key *find_asymmetric_key(struct key *keyring,
79 				       const struct asymmetric_key_id *id_0,
80 				       const struct asymmetric_key_id *id_1,
81 				       bool partial);
82 #endif
83 
84 /*
85  * The payload is at the discretion of the subtype.
86  */
87 
88 #endif /* _KEYS_ASYMMETRIC_TYPE_H */
89