1 /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 /* Signature verification 3 * 4 * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 */ 7 8 #ifndef _LINUX_VERIFICATION_H 9 #define _LINUX_VERIFICATION_H 10 11 #include <linux/types.h> 12 13 /* 14 * Indicate that both builtin trusted keys and secondary trusted keys 15 * should be used. 16 */ 17 #define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL) 18 #define VERIFY_USE_PLATFORM_KEYRING ((struct key *)2UL) 19 20 static inline int system_keyring_id_check(u64 id) 21 { 22 if (id > (unsigned long)VERIFY_USE_PLATFORM_KEYRING) 23 return -EINVAL; 24 25 return 0; 26 } 27 28 /* 29 * The use to which an asymmetric key is being put. 30 */ 31 enum key_being_used_for { 32 VERIFYING_MODULE_SIGNATURE, 33 VERIFYING_FIRMWARE_SIGNATURE, 34 VERIFYING_KEXEC_PE_SIGNATURE, 35 VERIFYING_KEY_SIGNATURE, 36 VERIFYING_KEY_SELF_SIGNATURE, 37 VERIFYING_UNSPECIFIED_SIGNATURE, 38 NR__KEY_BEING_USED_FOR 39 }; 40 extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR]; 41 42 #ifdef CONFIG_SYSTEM_DATA_VERIFICATION 43 44 struct key; 45 struct pkcs7_message; 46 47 extern int verify_pkcs7_signature(const void *data, size_t len, 48 const void *raw_pkcs7, size_t pkcs7_len, 49 struct key *trusted_keys, 50 enum key_being_used_for usage, 51 int (*view_content)(void *ctx, 52 const void *data, size_t len, 53 size_t asn1hdrlen), 54 void *ctx); 55 extern int verify_pkcs7_message_sig(const void *data, size_t len, 56 struct pkcs7_message *pkcs7, 57 struct key *trusted_keys, 58 enum key_being_used_for usage, 59 int (*view_content)(void *ctx, 60 const void *data, 61 size_t len, 62 size_t asn1hdrlen), 63 void *ctx); 64 65 #ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION 66 extern int verify_pefile_signature(const void *pebuf, unsigned pelen, 67 struct key *trusted_keys, 68 enum key_being_used_for usage); 69 #endif 70 71 #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */ 72 #endif /* _LINUX_VERIFY_PEFILE_H */ 73