xref: /openbmc/linux/include/linux/verification.h (revision 93a2477b)
1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /* Signature verification
3  *
4  * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
5  * Written by David Howells (dhowells@redhat.com)
6  */
7 
8 #ifndef _LINUX_VERIFICATION_H
9 #define _LINUX_VERIFICATION_H
10 
11 #include <linux/errno.h>
12 #include <linux/types.h>
13 
14 /*
15  * Indicate that both builtin trusted keys and secondary trusted keys
16  * should be used.
17  */
18 #define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)
19 #define VERIFY_USE_PLATFORM_KEYRING  ((struct key *)2UL)
20 
system_keyring_id_check(u64 id)21 static inline int system_keyring_id_check(u64 id)
22 {
23 	if (id > (unsigned long)VERIFY_USE_PLATFORM_KEYRING)
24 		return -EINVAL;
25 
26 	return 0;
27 }
28 
29 /*
30  * The use to which an asymmetric key is being put.
31  */
32 enum key_being_used_for {
33 	VERIFYING_MODULE_SIGNATURE,
34 	VERIFYING_FIRMWARE_SIGNATURE,
35 	VERIFYING_KEXEC_PE_SIGNATURE,
36 	VERIFYING_KEY_SIGNATURE,
37 	VERIFYING_KEY_SELF_SIGNATURE,
38 	VERIFYING_UNSPECIFIED_SIGNATURE,
39 	NR__KEY_BEING_USED_FOR
40 };
41 extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR];
42 
43 #ifdef CONFIG_SYSTEM_DATA_VERIFICATION
44 
45 struct key;
46 struct pkcs7_message;
47 
48 extern int verify_pkcs7_signature(const void *data, size_t len,
49 				  const void *raw_pkcs7, size_t pkcs7_len,
50 				  struct key *trusted_keys,
51 				  enum key_being_used_for usage,
52 				  int (*view_content)(void *ctx,
53 						      const void *data, size_t len,
54 						      size_t asn1hdrlen),
55 				  void *ctx);
56 extern int verify_pkcs7_message_sig(const void *data, size_t len,
57 				    struct pkcs7_message *pkcs7,
58 				    struct key *trusted_keys,
59 				    enum key_being_used_for usage,
60 				    int (*view_content)(void *ctx,
61 							const void *data,
62 							size_t len,
63 							size_t asn1hdrlen),
64 				    void *ctx);
65 
66 #ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION
67 extern int verify_pefile_signature(const void *pebuf, unsigned pelen,
68 				   struct key *trusted_keys,
69 				   enum key_being_used_for usage);
70 #endif
71 
72 #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
73 #endif /* _LINUX_VERIFY_PEFILE_H */
74