8e323a02e8
Add a restrict_link_by_key_or_keyring_chain link restriction that
searches for signing keys in the destination keyring in addition to the
signing key or keyring designated when the destination keyring was
created. Userspace enables this behavior by including the "chain" option
in the keyring restriction:
keyctl(KEYCTL_RESTRICT_KEYRING, keyring, "asymmetric",
"key_or_keyring:<signing key>:chain");
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
75 lines
2.1 KiB
C
75 lines
2.1 KiB
C
/* Asymmetric public-key algorithm definitions
|
|
*
|
|
* See Documentation/crypto/asymmetric-keys.txt
|
|
*
|
|
* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public Licence
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the Licence, or (at your option) any later version.
|
|
*/
|
|
|
|
#ifndef _LINUX_PUBLIC_KEY_H
|
|
#define _LINUX_PUBLIC_KEY_H
|
|
|
|
/*
|
|
* Cryptographic data for the public-key subtype of the asymmetric key type.
|
|
*
|
|
* Note that this may include private part of the key as well as the public
|
|
* part.
|
|
*/
|
|
struct public_key {
|
|
void *key;
|
|
u32 keylen;
|
|
const char *id_type;
|
|
const char *pkey_algo;
|
|
};
|
|
|
|
extern void public_key_free(struct public_key *key);
|
|
|
|
/*
|
|
* Public key cryptography signature data
|
|
*/
|
|
struct public_key_signature {
|
|
struct asymmetric_key_id *auth_ids[2];
|
|
u8 *s; /* Signature */
|
|
u32 s_size; /* Number of bytes in signature */
|
|
u8 *digest;
|
|
u8 digest_size; /* Number of bytes in digest */
|
|
const char *pkey_algo;
|
|
const char *hash_algo;
|
|
};
|
|
|
|
extern void public_key_signature_free(struct public_key_signature *sig);
|
|
|
|
extern struct asymmetric_key_subtype public_key_subtype;
|
|
|
|
struct key;
|
|
struct key_type;
|
|
union key_payload;
|
|
|
|
extern int restrict_link_by_signature(struct key *dest_keyring,
|
|
const struct key_type *type,
|
|
const union key_payload *payload,
|
|
struct key *trust_keyring);
|
|
|
|
extern int restrict_link_by_key_or_keyring(struct key *dest_keyring,
|
|
const struct key_type *type,
|
|
const union key_payload *payload,
|
|
struct key *trusted);
|
|
|
|
extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring,
|
|
const struct key_type *type,
|
|
const union key_payload *payload,
|
|
struct key *trusted);
|
|
|
|
extern int verify_signature(const struct key *key,
|
|
const struct public_key_signature *sig);
|
|
|
|
int public_key_verify_signature(const struct public_key *pkey,
|
|
const struct public_key_signature *sig);
|
|
|
|
#endif /* _LINUX_PUBLIC_KEY_H */
|