1 files changed, 38 insertions, 0 deletions
diff --git a/include/keys/asymmetric-type.h b/include/keys/asymmetric-type.h
index 7dd473496180..044ab0d3aa45 100644
--- a/include/keys/asymmetric-type.h
+++ b/include/keys/asymmetric-type.h
@@ -19,6 +19,44 @@
 extern struct key_type key_type_asymmetric;
 /*
+ * Identifiers for an asymmetric key ID.  We have three ways of looking up a
+ * key derived from an X.509 certificate:
+ *
+ * (1) Serial Number & Issuer.  Non-optional.  This is the only valid way to
+ *     map a PKCS#7 signature to an X.509 certificate.
+ *
+ * (2) Issuer & Subject Unique IDs.  Optional.  These were the original way to
+ *     match X.509 certificates, but have fallen into disuse in favour of (3).
+ *
+ * (3) Auth & Subject Key Identifiers.  Optional.  SKIDs are only provided on
+ *     CA keys that are intended to sign other keys, so don't appear in end
+ *     user certificates unless forced.
+ *
+ * We could also support an PGP key identifier, which is just a SHA1 sum of the
+ * public key and certain parameters, but since we don't support PGP keys at
+ * the moment, we shall ignore those.
+ *
+ * What we actually do is provide a place where binary identifiers can be
+ * stashed and then compare against them when checking for an id match.
+ */
+struct asymmetric_key_id {
+        unsigned short  len;
+        unsigned char   data[];
+};
+struct asymmetric_key_ids {
+        void            *id[2];
+};
+extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
+                                   const struct asymmetric_key_id *kid2);
+extern struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1,
+                                                            size_t len_1,
+                                                            const void *val_2,
+                                                            size_t len_2);
+/*
 * The payload is at the discretion of the subtype.
 */

diff --git a/include/keys/asymmetric-type.h b/include/keys/asymmetric-type.h index 7dd473496180..044ab0d3aa45 100644 --- a/include/keys/asymmetric-type.h +++ b/include/keys/asymmetric-type.h
@@ -19,6 +19,44 @@
19	extern struct key_type key_type_asymmetric;	19	extern struct key_type key_type_asymmetric;
20		20
21	/*	21	/*
		22	* Identifiers for an asymmetric key ID. We have three ways of looking up a
		23	* key derived from an X.509 certificate:
		24	*
		25	* (1) Serial Number & Issuer. Non-optional. This is the only valid way to
		26	* map a PKCS#7 signature to an X.509 certificate.
		27	*
		28	* (2) Issuer & Subject Unique IDs. Optional. These were the original way to
		29	* match X.509 certificates, but have fallen into disuse in favour of (3).
		30	*
		31	* (3) Auth & Subject Key Identifiers. Optional. SKIDs are only provided on
		32	* CA keys that are intended to sign other keys, so don't appear in end
		33	* user certificates unless forced.
		34	*
		35	* We could also support an PGP key identifier, which is just a SHA1 sum of the
		36	* public key and certain parameters, but since we don't support PGP keys at
		37	* the moment, we shall ignore those.
		38	*
		39	* What we actually do is provide a place where binary identifiers can be
		40	* stashed and then compare against them when checking for an id match.
		41	*/
		42	struct asymmetric_key_id {
		43	unsigned short len;
		44	unsigned char data[];
		45	};
		46
		47	struct asymmetric_key_ids {
		48	void *id[2];
		49	};
		50
		51	extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
		52	const struct asymmetric_key_id *kid2);
		53
		54	extern struct asymmetric_key_id asymmetric_key_generate_id(const void val_1,
		55	size_t len_1,
		56	const void *val_2,
		57	size_t len_2);
		58
		59	/*
22	* The payload is at the discretion of the subtype.	60	* The payload is at the discretion of the subtype.
23	*/	61	*/
24		62