include/linux/verification.h

   1 /* Signature verification
   2  *
   3  * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
   4  * Written by David Howells ([email protected])
   5  *
   6  * This program is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU General Public Licence
   8  * as published by the Free Software Foundation; either version
   9  * 2 of the Licence, or (at your option) any later version.
  10  */
  11
  12 #ifndef _LINUX_VERIFICATION_H
  13 #define _LINUX_VERIFICATION_H
  14
  15 /*
  16  * Indicate that both builtin trusted keys and secondary trusted keys
  17  * should be used.
  18  */
  19 #define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)
  20 #define VERIFY_USE_PLATFORM_KEYRING  ((struct key *)2UL)
  21
  22 /*
  23  * The use to which an asymmetric key is being put.
  24  */
  25 enum key_being_used_for {
  26         VERIFYING_MODULE_SIGNATURE,
  27         VERIFYING_FIRMWARE_SIGNATURE,
  28         VERIFYING_KEXEC_PE_SIGNATURE,
  29         VERIFYING_KEY_SIGNATURE,
  30         VERIFYING_KEY_SELF_SIGNATURE,
  31         VERIFYING_UNSPECIFIED_SIGNATURE,
  32         NR__KEY_BEING_USED_FOR
  33 };
  34 extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR];
  35
  36 #ifdef CONFIG_SYSTEM_DATA_VERIFICATION
  37
  38 struct key;
  39
  40 extern int verify_pkcs7_signature(const void *data, size_t len,
  41                                   const void *raw_pkcs7, size_t pkcs7_len,
  42                                   struct key *trusted_keys,
  43                                   enum key_being_used_for usage,
  44                                   int (*view_content)(void *ctx,
  45                                                       const void *data, size_t len,
  46                                                       size_t asn1hdrlen),
  47                                   void *ctx);
  48
  49 #ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION
  50 extern int verify_pefile_signature(const void *pebuf, unsigned pelen,
  51                                    struct key *trusted_keys,
  52                                    enum key_being_used_for usage);
  53 #endif
  54
  55 #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
  56 #endif /* _LINUX_VERIFY_PEFILE_H */