include/linux/verification.h at v6.18 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

kernel / include / linux / verification.h

at v6.18 1.9 kB view raw

 1/* SPDX-License-Identifier: GPL-2.0-or-later */
 2/* Signature verification
 3 *
 4 * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
 5 * Written by David Howells (dhowells@redhat.com)
 6 */
 7
 8#ifndef _LINUX_VERIFICATION_H
 9#define _LINUX_VERIFICATION_H
10
11#include <linux/errno.h>
12#include <linux/types.h>
13
14/*
15 * Indicate that both builtin trusted keys and secondary trusted keys
16 * should be used.
17 */
18#define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)
19#define VERIFY_USE_PLATFORM_KEYRING  ((struct key *)2UL)
20
21static inline int system_keyring_id_check(u64 id)
22{
23	if (id > (unsigned long)VERIFY_USE_PLATFORM_KEYRING)
24		return -EINVAL;
25
26	return 0;
27}
28
29/*
30 * The use to which an asymmetric key is being put.
31 */
32enum key_being_used_for {
33	VERIFYING_MODULE_SIGNATURE,
34	VERIFYING_FIRMWARE_SIGNATURE,
35	VERIFYING_KEXEC_PE_SIGNATURE,
36	VERIFYING_KEY_SIGNATURE,
37	VERIFYING_KEY_SELF_SIGNATURE,
38	VERIFYING_UNSPECIFIED_SIGNATURE,
39	VERIFYING_BPF_SIGNATURE,
40	NR__KEY_BEING_USED_FOR
41};
42#ifdef CONFIG_SYSTEM_DATA_VERIFICATION
43
44struct key;
45struct pkcs7_message;
46
47extern int verify_pkcs7_signature(const void *data, size_t len,
48				  const void *raw_pkcs7, size_t pkcs7_len,
49				  struct key *trusted_keys,
50				  enum key_being_used_for usage,
51				  int (*view_content)(void *ctx,
52						      const void *data, size_t len,
53						      size_t asn1hdrlen),
54				  void *ctx);
55extern int verify_pkcs7_message_sig(const void *data, size_t len,
56				    struct pkcs7_message *pkcs7,
57				    struct key *trusted_keys,
58				    enum key_being_used_for usage,
59				    int (*view_content)(void *ctx,
60							const void *data,
61							size_t len,
62							size_t asn1hdrlen),
63				    void *ctx);
64
65#ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION
66extern int verify_pefile_signature(const void *pebuf, unsigned pelen,
67				   struct key *trusted_keys,
68				   enum key_being_used_for usage);
69#endif
70
71#endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
72#endif /* _LINUX_VERIFY_PEFILE_H */