• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /* Signature verification
3  *
4  * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
5  * Written by David Howells (dhowells@redhat.com)
6  */
7 
8 #ifndef _LINUX_VERIFICATION_H
9 #define _LINUX_VERIFICATION_H
10 
11 /*
12  * Indicate that both builtin trusted keys and secondary trusted keys
13  * should be used.
14  */
15 #define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)
16 #define VERIFY_USE_PLATFORM_KEYRING  ((struct key *)2UL)
17 
18 /*
19  * The use to which an asymmetric key is being put.
20  */
21 enum key_being_used_for {
22 	VERIFYING_MODULE_SIGNATURE,
23 	VERIFYING_FIRMWARE_SIGNATURE,
24 	VERIFYING_KEXEC_PE_SIGNATURE,
25 	VERIFYING_KEY_SIGNATURE,
26 	VERIFYING_KEY_SELF_SIGNATURE,
27 	VERIFYING_UNSPECIFIED_SIGNATURE,
28 	NR__KEY_BEING_USED_FOR
29 };
30 extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR];
31 
32 #ifdef CONFIG_SYSTEM_DATA_VERIFICATION
33 
34 struct key;
35 struct pkcs7_message;
36 
37 extern int verify_pkcs7_signature(const void *data, size_t len,
38 				  const void *raw_pkcs7, size_t pkcs7_len,
39 				  struct key *trusted_keys,
40 				  enum key_being_used_for usage,
41 				  int (*view_content)(void *ctx,
42 						      const void *data, size_t len,
43 						      size_t asn1hdrlen),
44 				  void *ctx);
45 extern int verify_pkcs7_message_sig(const void *data, size_t len,
46 				    struct pkcs7_message *pkcs7,
47 				    struct key *trusted_keys,
48 				    enum key_being_used_for usage,
49 				    int (*view_content)(void *ctx,
50 							const void *data,
51 							size_t len,
52 							size_t asn1hdrlen),
53 				    void *ctx);
54 
55 #ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION
56 extern int verify_pefile_signature(const void *pebuf, unsigned pelen,
57 				   struct key *trusted_keys,
58 				   enum key_being_used_for usage);
59 #endif
60 
61 #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
62 #endif /* _LINUX_VERIFY_PEFILE_H */
63