1 /* local.h: kernel signature checker internal defs
3 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 * - Derived from GnuPG packet.h - packet definitions
6 * - Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
23 #include <linux/list.h>
24 #include <linux/crypto.h>
25 #include <linux/crypto/ksign.h>
26 #include <linux/crypto/mpi.h>
27 #include <asm/atomic.h>
29 #define SHA1_DIGEST_SIZE 20
31 #define PUBKEY_USAGE_SIG 1 /* key is good for signatures */
32 #define PUBKEY_USAGE_ENC 2 /* key is good for encryption */
34 #define PUBKEY_ALGO_DSA 17
35 #define DSA_NPKEY 4 /* number of MPI's in DSA public key */
36 #define DSA_NSIG 2 /* number of MPI's in DSA signature */
38 #define DIGEST_ALGO_SHA1 2
42 PKT_SIGNATURE = 2, /* secret key encrypted packet */
43 PKT_PUBLIC_KEY = 6, /* public key */
44 PKT_USER_ID = 13, /* user id packet */
48 SIGSUBPKT_TEST_CRITICAL = -3,
50 SIGSUBPKT_SIG_CREATED = 2, /* signature creation time */
51 SIGSUBPKT_SIG_EXPIRE = 3, /* signature expiration time */
52 SIGSUBPKT_EXPORTABLE = 4, /* exportable */
53 SIGSUBPKT_TRUST = 5, /* trust signature */
54 SIGSUBPKT_REGEXP = 6, /* regular expression */
55 SIGSUBPKT_REVOCABLE = 7, /* revocable */
56 SIGSUBPKT_KEY_EXPIRE = 9, /* key expiration time */
57 SIGSUBPKT_ARR = 10, /* additional recipient request */
58 SIGSUBPKT_PREF_SYM = 11, /* preferred symmetric algorithms */
59 SIGSUBPKT_REV_KEY = 12, /* revocation key */
60 SIGSUBPKT_ISSUER = 16, /* issuer key ID */
61 SIGSUBPKT_NOTATION = 20, /* notation data */
62 SIGSUBPKT_PREF_HASH = 21, /* preferred hash algorithms */
63 SIGSUBPKT_PREF_COMPR = 22, /* preferred compression algorithms */
64 SIGSUBPKT_KS_FLAGS = 23, /* key server preferences */
65 SIGSUBPKT_PREF_KS = 24, /* preferred key server */
66 SIGSUBPKT_PRIMARY_UID = 25, /* primary user id */
67 SIGSUBPKT_POLICY = 26, /* policy URL */
68 SIGSUBPKT_KEY_FLAGS = 27, /* key flags */
69 SIGSUBPKT_SIGNERS_UID = 28, /* signer's user id */
70 SIGSUBPKT_REVOC_REASON = 29, /* reason for revocation */
71 SIGSUBPKT_PRIV_VERIFY_CACHE = 101, /* cache verification result */
73 SIGSUBPKT_FLAG_CRITICAL = 128
79 struct ksign_signature
81 uint32_t keyid[2]; /* 64 bit keyid */
82 time_t timestamp; /* signature made */
84 uint8_t sig_class; /* sig classification, append for MD calculation*/
85 uint8_t *hashed_data; /* all subpackets with hashed data (v4 only) */
86 uint8_t *unhashed_data; /* ditto for unhashed data */
87 uint8_t digest_start[2]; /* first 2 uint8_ts of the digest */
91 extern void ksign_free_signature(struct ksign_signature *sig);
96 struct ksign_public_key
98 struct list_head link;
99 atomic_t count; /* ref count */
100 time_t timestamp; /* key made */
101 time_t expiredate; /* expires at this date or 0 if not at all */
102 uint8_t hdrbytes; /* number of header bytes */
104 int is_valid; /* key (especially subkey) is valid */
105 unsigned long local_id; /* internal use, valid if > 0 */
106 uint32_t main_keyid[2]; /* keyid of the primary key */
107 uint32_t keyid[2]; /* calculated by keyid_from_pk() */
111 extern void ksign_free_public_key(struct ksign_public_key *pk);
113 static inline void ksign_put_public_key(struct ksign_public_key *pk)
115 if (atomic_dec_and_test(&pk->count))
116 ksign_free_public_key(pk);
119 extern int ksign_load_keyring_from_buffer(const void *buffer, size_t size);
121 extern struct ksign_public_key *ksign_get_public_key(const uint32_t *keyid);
128 int len; /* length of the name */
132 extern void ksign_free_user_id(struct ksign_user_id *uid);
137 typedef int (*ksign_signature_actor_t)(struct ksign_signature *, void *fnxdata);
138 typedef int (*ksign_public_key_actor_t)(struct ksign_public_key *, void *fnxdata);
139 typedef int (*ksign_user_id_actor_t)(struct ksign_user_id *, void *fnxdata);
141 extern int ksign_parse_packets(const uint8_t *buf,
143 ksign_signature_actor_t sigfnx,
144 ksign_public_key_actor_t pkfnx,
145 ksign_user_id_actor_t uidfnx,
148 extern int DSA_verify(const MPI datahash, const MPI sig[], const MPI pkey[]);
151 * fast access to the digest
152 * - we _know_ the data is locked into kernel memory, so we don't want to have
155 static inline void SHA1_putc(struct crypto_tfm *sha1, uint8_t ch)
157 crypto_digest_update_kernel(sha1, &ch, 1);
160 static inline void SHA1_write(struct crypto_tfm *sha1, const void *s, size_t n)
162 crypto_digest_update_kernel(sha1, s, n);