cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

asymmetric-type.h (3032B)

      1/* SPDX-License-Identifier: GPL-2.0-or-later */
      2/* Asymmetric Public-key cryptography key type interface
      3 *
      4 * See Documentation/crypto/asymmetric-keys.rst
      5 *
      6 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
      7 * Written by David Howells (dhowells@redhat.com)
      8 */
      9
     10#ifndef _KEYS_ASYMMETRIC_TYPE_H
     11#define _KEYS_ASYMMETRIC_TYPE_H
     12
     13#include <linux/key-type.h>
     14#include <linux/verification.h>
     15
     16extern struct key_type key_type_asymmetric;
     17
     18/*
     19 * The key payload is four words.  The asymmetric-type key uses them as
     20 * follows:
     21 */
     22enum asymmetric_payload_bits {
     23	asym_crypto,		/* The data representing the key */
     24	asym_subtype,		/* Pointer to an asymmetric_key_subtype struct */
     25	asym_key_ids,		/* Pointer to an asymmetric_key_ids struct */
     26	asym_auth		/* The key's authorisation (signature, parent key ID) */
     27};
     28
     29/*
     30 * Identifiers for an asymmetric key ID.  We have three ways of looking up a
     31 * key derived from an X.509 certificate:
     32 *
     33 * (1) Serial Number & Issuer.  Non-optional.  This is the only valid way to
     34 *     map a PKCS#7 signature to an X.509 certificate.
     35 *
     36 * (2) Issuer & Subject Unique IDs.  Optional.  These were the original way to
     37 *     match X.509 certificates, but have fallen into disuse in favour of (3).
     38 *
     39 * (3) Auth & Subject Key Identifiers.  Optional.  SKIDs are only provided on
     40 *     CA keys that are intended to sign other keys, so don't appear in end
     41 *     user certificates unless forced.
     42 *
     43 * We could also support an PGP key identifier, which is just a SHA1 sum of the
     44 * public key and certain parameters, but since we don't support PGP keys at
     45 * the moment, we shall ignore those.
     46 *
     47 * What we actually do is provide a place where binary identifiers can be
     48 * stashed and then compare against them when checking for an id match.
     49 */
     50struct asymmetric_key_id {
     51	unsigned short	len;
     52	unsigned char	data[];
     53};
     54
     55struct asymmetric_key_ids {
     56	void		*id[3];
     57};
     58
     59extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
     60				   const struct asymmetric_key_id *kid2);
     61
     62extern bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1,
     63				      const struct asymmetric_key_id *kid2);
     64
     65extern struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1,
     66							    size_t len_1,
     67							    const void *val_2,
     68							    size_t len_2);
     69static inline
     70const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key)
     71{
     72	return key->payload.data[asym_key_ids];
     73}
     74
     75static inline
     76const struct public_key *asymmetric_key_public_key(const struct key *key)
     77{
     78	return key->payload.data[asym_crypto];
     79}
     80
     81extern struct key *find_asymmetric_key(struct key *keyring,
     82				       const struct asymmetric_key_id *id_0,
     83				       const struct asymmetric_key_id *id_1,
     84				       const struct asymmetric_key_id *id_2,
     85				       bool partial);
     86
     87int x509_load_certificate_list(const u8 cert_list[], const unsigned long list_size,
     88			       const struct key *keyring);
     89
     90/*
     91 * The payload is at the discretion of the subtype.
     92 */
     93
     94#endif /* _KEYS_ASYMMETRIC_TYPE_H */