]>
Commit | Line | Data |
---|---|---|
b4d0d230 | 1 | /* SPDX-License-Identifier: GPL-2.0-or-later */ |
e68503bd DH |
2 | /* Signature verification |
3 | * | |
4 | * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. | |
5 | * Written by David Howells (dhowells@redhat.com) | |
e68503bd DH |
6 | */ |
7 | ||
8 | #ifndef _LINUX_VERIFICATION_H | |
9 | #define _LINUX_VERIFICATION_H | |
10 | ||
817aef26 YS |
11 | /* |
12 | * Indicate that both builtin trusted keys and secondary trusted keys | |
13 | * should be used. | |
14 | */ | |
15 | #define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL) | |
278311e4 | 16 | #define VERIFY_USE_PLATFORM_KEYRING ((struct key *)2UL) |
817aef26 | 17 | |
e68503bd DH |
18 | /* |
19 | * The use to which an asymmetric key is being put. | |
20 | */ | |
21 | enum key_being_used_for { | |
22 | VERIFYING_MODULE_SIGNATURE, | |
23 | VERIFYING_FIRMWARE_SIGNATURE, | |
24 | VERIFYING_KEXEC_PE_SIGNATURE, | |
25 | VERIFYING_KEY_SIGNATURE, | |
26 | VERIFYING_KEY_SELF_SIGNATURE, | |
27 | VERIFYING_UNSPECIFIED_SIGNATURE, | |
28 | NR__KEY_BEING_USED_FOR | |
29 | }; | |
30 | extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR]; | |
31 | ||
32 | #ifdef CONFIG_SYSTEM_DATA_VERIFICATION | |
33 | ||
34 | struct key; | |
2a7bf671 | 35 | struct pkcs7_message; |
e68503bd DH |
36 | |
37 | extern int verify_pkcs7_signature(const void *data, size_t len, | |
38 | const void *raw_pkcs7, size_t pkcs7_len, | |
39 | struct key *trusted_keys, | |
e68503bd DH |
40 | enum key_being_used_for usage, |
41 | int (*view_content)(void *ctx, | |
42 | const void *data, size_t len, | |
43 | size_t asn1hdrlen), | |
44 | void *ctx); | |
2a7bf671 TJB |
45 | extern int verify_pkcs7_message_sig(const void *data, size_t len, |
46 | struct pkcs7_message *pkcs7, | |
47 | struct key *trusted_keys, | |
48 | enum key_being_used_for usage, | |
49 | int (*view_content)(void *ctx, | |
50 | const void *data, | |
51 | size_t len, | |
52 | size_t asn1hdrlen), | |
53 | void *ctx); | |
e68503bd DH |
54 | |
55 | #ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION | |
56 | extern int verify_pefile_signature(const void *pebuf, unsigned pelen, | |
57 | struct key *trusted_keys, | |
58 | enum key_being_used_for usage); | |
59 | #endif | |
60 | ||
61 | #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */ | |
62 | #endif /* _LINUX_VERIFY_PEFILE_H */ |