summaryrefslogtreecommitdiff
path: root/include/keys
diff options
context:
space:
mode:
authorAKASHI Takahiro <takahiro.akashi@linaro.org>2019-11-13 09:44:58 +0900
committerTom Rini <trini@konsulko.com>2019-12-06 16:44:20 -0500
commitc4e961ecec994059dbdd5f34b58454d5243ad8f0 (patch)
tree14d25313a2d2a105f23e851bafa9203fe5831b47 /include/keys
parenta9b45e6e8382d59f416e3ba7cbda66bca6e33c10 (diff)
downloadu-boot-c4e961ecec994059dbdd5f34b58454d5243ad8f0.tar.gz
u-boot-c4e961ecec994059dbdd5f34b58454d5243ad8f0.tar.bz2
u-boot-c4e961ecec994059dbdd5f34b58454d5243ad8f0.zip
lib: crypto: add public key utility
Imported from linux kernel v5.3: asymmetric-type.h with changes marked as __UBOOT__ asymmetric_type.c with changes marked as __UBOOT__ public_key.h with changes marked as __UBOOT__ public_key.c with changes marked as __UBOOT__ Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Diffstat (limited to 'include/keys')
-rw-r--r--include/keys/asymmetric-type.h88
1 files changed, 88 insertions, 0 deletions
diff --git a/include/keys/asymmetric-type.h b/include/keys/asymmetric-type.h
new file mode 100644
index 0000000000..47d83917df
--- /dev/null
+++ b/include/keys/asymmetric-type.h
@@ -0,0 +1,88 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/* Asymmetric Public-key cryptography key type interface
+ *
+ * See Documentation/crypto/asymmetric-keys.txt
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ */
+
+#ifndef _KEYS_ASYMMETRIC_TYPE_H
+#define _KEYS_ASYMMETRIC_TYPE_H
+
+#ifndef __UBOOT__
+#include <linux/key-type.h>
+#include <linux/verification.h>
+
+extern struct key_type key_type_asymmetric;
+
+/*
+ * The key payload is four words. The asymmetric-type key uses them as
+ * follows:
+ */
+enum asymmetric_payload_bits {
+ asym_crypto, /* The data representing the key */
+ asym_subtype, /* Pointer to an asymmetric_key_subtype struct */
+ asym_key_ids, /* Pointer to an asymmetric_key_ids struct */
+ asym_auth /* The key's authorisation (signature, parent key ID) */
+};
+#endif /* !__UBOOT__ */
+
+/*
+ * Identifiers for an asymmetric key ID. We have three ways of looking up a
+ * key derived from an X.509 certificate:
+ *
+ * (1) Serial Number & Issuer. Non-optional. This is the only valid way to
+ * map a PKCS#7 signature to an X.509 certificate.
+ *
+ * (2) Issuer & Subject Unique IDs. Optional. These were the original way to
+ * match X.509 certificates, but have fallen into disuse in favour of (3).
+ *
+ * (3) Auth & Subject Key Identifiers. Optional. SKIDs are only provided on
+ * CA keys that are intended to sign other keys, so don't appear in end
+ * user certificates unless forced.
+ *
+ * We could also support an PGP key identifier, which is just a SHA1 sum of the
+ * public key and certain parameters, but since we don't support PGP keys at
+ * the moment, we shall ignore those.
+ *
+ * What we actually do is provide a place where binary identifiers can be
+ * stashed and then compare against them when checking for an id match.
+ */
+struct asymmetric_key_id {
+ unsigned short len;
+ unsigned char data[];
+};
+
+struct asymmetric_key_ids {
+ void *id[2];
+};
+
+extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
+ const struct asymmetric_key_id *kid2);
+
+extern bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1,
+ const struct asymmetric_key_id *kid2);
+
+extern struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1,
+ size_t len_1,
+ const void *val_2,
+ size_t len_2);
+#ifndef __UBOOT__
+static inline
+const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key)
+{
+ return key->payload.data[asym_key_ids];
+}
+
+extern struct key *find_asymmetric_key(struct key *keyring,
+ const struct asymmetric_key_id *id_0,
+ const struct asymmetric_key_id *id_1,
+ bool partial);
+#endif
+
+/*
+ * The payload is at the discretion of the subtype.
+ */
+
+#endif /* _KEYS_ASYMMETRIC_TYPE_H */