Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/* Signature verification
3 *
4 * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
5 * Written by David Howells (dhowells@redhat.com)
6 */
7
8#ifndef _LINUX_VERIFICATION_H
9#define _LINUX_VERIFICATION_H
10
11#include <linux/errno.h>
12#include <linux/types.h>
13
14/*
15 * Indicate that both builtin trusted keys and secondary trusted keys
16 * should be used.
17 */
18#define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)
19#define VERIFY_USE_PLATFORM_KEYRING ((struct key *)2UL)
20
21static inline int system_keyring_id_check(u64 id)
22{
23 if (id > (unsigned long)VERIFY_USE_PLATFORM_KEYRING)
24 return -EINVAL;
25
26 return 0;
27}
28
29/*
30 * The use to which an asymmetric key is being put.
31 */
32enum key_being_used_for {
33 VERIFYING_MODULE_SIGNATURE,
34 VERIFYING_FIRMWARE_SIGNATURE,
35 VERIFYING_KEXEC_PE_SIGNATURE,
36 VERIFYING_KEY_SIGNATURE,
37 VERIFYING_KEY_SELF_SIGNATURE,
38 VERIFYING_UNSPECIFIED_SIGNATURE,
39 NR__KEY_BEING_USED_FOR
40};
41#ifdef CONFIG_SYSTEM_DATA_VERIFICATION
42
43struct key;
44struct pkcs7_message;
45
46extern int verify_pkcs7_signature(const void *data, size_t len,
47 const void *raw_pkcs7, size_t pkcs7_len,
48 struct key *trusted_keys,
49 enum key_being_used_for usage,
50 int (*view_content)(void *ctx,
51 const void *data, size_t len,
52 size_t asn1hdrlen),
53 void *ctx);
54extern int verify_pkcs7_message_sig(const void *data, size_t len,
55 struct pkcs7_message *pkcs7,
56 struct key *trusted_keys,
57 enum key_being_used_for usage,
58 int (*view_content)(void *ctx,
59 const void *data,
60 size_t len,
61 size_t asn1hdrlen),
62 void *ctx);
63
64#ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION
65extern int verify_pefile_signature(const void *pebuf, unsigned pelen,
66 struct key *trusted_keys,
67 enum key_being_used_for usage);
68#endif
69
70#endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
71#endif /* _LINUX_VERIFY_PEFILE_H */