2019-05-21 01:08:01 +08:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0-or-later */
|
2016-04-06 23:14:24 +08:00
|
|
|
/* Signature verification
|
|
|
|
*
|
|
|
|
* Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
|
|
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef _LINUX_VERIFICATION_H
|
|
|
|
#define _LINUX_VERIFICATION_H
|
|
|
|
|
2020-11-21 02:04:22 +08:00
|
|
|
#include <linux/types.h>
|
|
|
|
|
2018-08-16 21:05:10 +08:00
|
|
|
/*
|
|
|
|
* Indicate that both builtin trusted keys and secondary trusted keys
|
|
|
|
* should be used.
|
|
|
|
*/
|
|
|
|
#define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)
|
2019-01-21 17:59:29 +08:00
|
|
|
#define VERIFY_USE_PLATFORM_KEYRING ((struct key *)2UL)
|
2018-08-16 21:05:10 +08:00
|
|
|
|
2022-09-20 15:59:45 +08:00
|
|
|
static inline int system_keyring_id_check(u64 id)
|
|
|
|
{
|
|
|
|
if (id > (unsigned long)VERIFY_USE_PLATFORM_KEYRING)
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2016-04-06 23:14:24 +08:00
|
|
|
/*
|
|
|
|
* The use to which an asymmetric key is being put.
|
|
|
|
*/
|
|
|
|
enum key_being_used_for {
|
|
|
|
VERIFYING_MODULE_SIGNATURE,
|
|
|
|
VERIFYING_FIRMWARE_SIGNATURE,
|
|
|
|
VERIFYING_KEXEC_PE_SIGNATURE,
|
|
|
|
VERIFYING_KEY_SIGNATURE,
|
|
|
|
VERIFYING_KEY_SELF_SIGNATURE,
|
|
|
|
VERIFYING_UNSPECIFIED_SIGNATURE,
|
|
|
|
NR__KEY_BEING_USED_FOR
|
|
|
|
};
|
|
|
|
extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR];
|
|
|
|
|
|
|
|
#ifdef CONFIG_SYSTEM_DATA_VERIFICATION
|
|
|
|
|
|
|
|
struct key;
|
2019-06-28 10:19:25 +08:00
|
|
|
struct pkcs7_message;
|
2016-04-06 23:14:24 +08:00
|
|
|
|
|
|
|
extern int verify_pkcs7_signature(const void *data, size_t len,
|
|
|
|
const void *raw_pkcs7, size_t pkcs7_len,
|
|
|
|
struct key *trusted_keys,
|
|
|
|
enum key_being_used_for usage,
|
|
|
|
int (*view_content)(void *ctx,
|
|
|
|
const void *data, size_t len,
|
|
|
|
size_t asn1hdrlen),
|
|
|
|
void *ctx);
|
2019-06-28 10:19:25 +08:00
|
|
|
extern int verify_pkcs7_message_sig(const void *data, size_t len,
|
|
|
|
struct pkcs7_message *pkcs7,
|
|
|
|
struct key *trusted_keys,
|
|
|
|
enum key_being_used_for usage,
|
|
|
|
int (*view_content)(void *ctx,
|
|
|
|
const void *data,
|
|
|
|
size_t len,
|
|
|
|
size_t asn1hdrlen),
|
|
|
|
void *ctx);
|
2016-04-06 23:14:24 +08:00
|
|
|
|
|
|
|
#ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION
|
|
|
|
extern int verify_pefile_signature(const void *pebuf, unsigned pelen,
|
|
|
|
struct key *trusted_keys,
|
|
|
|
enum key_being_used_for usage);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
|
|
|
|
#endif /* _LINUX_VERIFY_PEFILE_H */
|