1 | /* SPDX-License-Identifier: GPL-2.0-or-later */ |
2 | /* Signature verification |
3 | * |
4 | * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. |
5 | * Written by David Howells (dhowells@redhat.com) |
6 | */ |
7 | |
8 | #ifndef _LINUX_VERIFICATION_H |
9 | #define _LINUX_VERIFICATION_H |
10 | |
11 | #include <linux/errno.h> |
12 | #include <linux/types.h> |
13 | |
14 | /* |
15 | * Indicate that both builtin trusted keys and secondary trusted keys |
16 | * should be used. |
17 | */ |
18 | #define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL) |
19 | #define VERIFY_USE_PLATFORM_KEYRING ((struct key *)2UL) |
20 | |
21 | static inline int system_keyring_id_check(u64 id) |
22 | { |
23 | if (id > (unsigned long)VERIFY_USE_PLATFORM_KEYRING) |
24 | return -EINVAL; |
25 | |
26 | return 0; |
27 | } |
28 | |
29 | /* |
30 | * The use to which an asymmetric key is being put. |
31 | */ |
32 | enum key_being_used_for { |
33 | VERIFYING_MODULE_SIGNATURE, |
34 | VERIFYING_FIRMWARE_SIGNATURE, |
35 | VERIFYING_KEXEC_PE_SIGNATURE, |
36 | VERIFYING_KEY_SIGNATURE, |
37 | VERIFYING_KEY_SELF_SIGNATURE, |
38 | VERIFYING_UNSPECIFIED_SIGNATURE, |
39 | NR__KEY_BEING_USED_FOR |
40 | }; |
41 | extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR]; |
42 | |
43 | #ifdef CONFIG_SYSTEM_DATA_VERIFICATION |
44 | |
45 | struct key; |
46 | struct pkcs7_message; |
47 | |
48 | extern int verify_pkcs7_signature(const void *data, size_t len, |
49 | const void *raw_pkcs7, size_t pkcs7_len, |
50 | struct key *trusted_keys, |
51 | enum key_being_used_for usage, |
52 | int (*view_content)(void *ctx, |
53 | const void *data, size_t len, |
54 | size_t asn1hdrlen), |
55 | void *ctx); |
56 | extern int verify_pkcs7_message_sig(const void *data, size_t len, |
57 | struct pkcs7_message *pkcs7, |
58 | struct key *trusted_keys, |
59 | enum key_being_used_for usage, |
60 | int (*view_content)(void *ctx, |
61 | const void *data, |
62 | size_t len, |
63 | size_t asn1hdrlen), |
64 | void *ctx); |
65 | |
66 | #ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION |
67 | extern int verify_pefile_signature(const void *pebuf, unsigned pelen, |
68 | struct key *trusted_keys, |
69 | enum key_being_used_for usage); |
70 | #endif |
71 | |
72 | #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */ |
73 | #endif /* _LINUX_VERIFY_PEFILE_H */ |
74 | |