1 /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 /* Signature verification 3 * 4 * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 */ 7 8 #ifndef _LINUX_VERIFICATION_H 9 #define _LINUX_VERIFICATION_H 10 11 /* 12 * Indicate that both builtin trusted keys and secondary trusted keys 13 * should be used. 14 */ 15 #define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL) 16 #define VERIFY_USE_PLATFORM_KEYRING ((struct key *)2UL) 17 18 /* 19 * The use to which an asymmetric key is being put. 20 */ 21 enum key_being_used_for { 22 VERIFYING_MODULE_SIGNATURE, 23 VERIFYING_FIRMWARE_SIGNATURE, 24 VERIFYING_KEXEC_PE_SIGNATURE, 25 VERIFYING_KEY_SIGNATURE, 26 VERIFYING_KEY_SELF_SIGNATURE, 27 VERIFYING_UNSPECIFIED_SIGNATURE, 28 NR__KEY_BEING_USED_FOR 29 }; 30 extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR]; 31 32 #ifdef CONFIG_SYSTEM_DATA_VERIFICATION 33 34 struct key; 35 struct pkcs7_message; 36 37 extern int verify_pkcs7_signature(const void *data, size_t len, 38 const void *raw_pkcs7, size_t pkcs7_len, 39 struct key *trusted_keys, 40 enum key_being_used_for usage, 41 int (*view_content)(void *ctx, 42 const void *data, size_t len, 43 size_t asn1hdrlen), 44 void *ctx); 45 extern int verify_pkcs7_message_sig(const void *data, size_t len, 46 struct pkcs7_message *pkcs7, 47 struct key *trusted_keys, 48 enum key_being_used_for usage, 49 int (*view_content)(void *ctx, 50 const void *data, 51 size_t len, 52 size_t asn1hdrlen), 53 void *ctx); 54 55 #ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION 56 extern int verify_pefile_signature(const void *pebuf, unsigned pelen, 57 struct key *trusted_keys, 58 enum key_being_used_for usage); 59 #endif 60 61 #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */ 62 #endif /* _LINUX_VERIFY_PEFILE_H */ 63