1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /* Signature verification
3 *
4 * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
5 * Written by David Howells (dhowells@redhat.com)
6 */
7
8 #ifndef _LINUX_VERIFICATION_H
9 #define _LINUX_VERIFICATION_H
10
11 #include <linux/types.h>
12
13 /*
14 * Indicate that both builtin trusted keys and secondary trusted keys
15 * should be used.
16 */
17 #define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)
18 #define VERIFY_USE_PLATFORM_KEYRING ((struct key *)2UL)
19
system_keyring_id_check(u64 id)20 static inline int system_keyring_id_check(u64 id)
21 {
22 if (id > (unsigned long)VERIFY_USE_PLATFORM_KEYRING)
23 return -EINVAL;
24
25 return 0;
26 }
27
28 /*
29 * The use to which an asymmetric key is being put.
30 */
31 enum key_being_used_for {
32 VERIFYING_MODULE_SIGNATURE,
33 VERIFYING_FIRMWARE_SIGNATURE,
34 VERIFYING_KEXEC_PE_SIGNATURE,
35 VERIFYING_KEY_SIGNATURE,
36 VERIFYING_KEY_SELF_SIGNATURE,
37 VERIFYING_UNSPECIFIED_SIGNATURE,
38 NR__KEY_BEING_USED_FOR
39 };
40 extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR];
41
42 #ifdef CONFIG_SYSTEM_DATA_VERIFICATION
43
44 struct key;
45 struct pkcs7_message;
46
47 extern int verify_pkcs7_signature(const void *data, size_t len,
48 const void *raw_pkcs7, size_t pkcs7_len,
49 struct key *trusted_keys,
50 enum key_being_used_for usage,
51 int (*view_content)(void *ctx,
52 const void *data, size_t len,
53 size_t asn1hdrlen),
54 void *ctx);
55 extern int verify_pkcs7_message_sig(const void *data, size_t len,
56 struct pkcs7_message *pkcs7,
57 struct key *trusted_keys,
58 enum key_being_used_for usage,
59 int (*view_content)(void *ctx,
60 const void *data,
61 size_t len,
62 size_t asn1hdrlen),
63 void *ctx);
64
65 #ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION
66 extern int verify_pefile_signature(const void *pebuf, unsigned pelen,
67 struct key *trusted_keys,
68 enum key_being_used_for usage);
69 #endif
70
71 #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
72 #endif /* _LINUX_VERIFY_PEFILE_H */
73