include/linux/verification.h

   1 /* SPDX-License-Identifier: GPL-2.0-or-later */
   2 /* Signature verification
   3  *
   4  * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
   5  * Written by David Howells (dhowells@redhat.com)
   6  */
   7
   8 #ifndef _LINUX_VERIFICATION_H
   9 #define _LINUX_VERIFICATION_H
  10
  11 #include <linux/errno.h>
  12 #include <linux/types.h>
  13
  14 /*
  15  * Indicate that both builtin trusted keys and secondary trusted keys
  16  * should be used.
  17  */
  18 #define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)
  19 #define VERIFY_USE_PLATFORM_KEYRING  ((struct key *)2UL)
  20
  21 static inline int system_keyring_id_check(u64 id)
  22 {
  23         if (id > (unsigned long)VERIFY_USE_PLATFORM_KEYRING)
  24                 return -EINVAL;
  25
  26         return 0;
  27 }
  28
  29 /*
  30  * The use to which an asymmetric key is being put.
  31  */
  32 enum key_being_used_for {
  33         VERIFYING_MODULE_SIGNATURE,
  34         VERIFYING_FIRMWARE_SIGNATURE,
  35         VERIFYING_KEXEC_PE_SIGNATURE,
  36         VERIFYING_KEY_SIGNATURE,
  37         VERIFYING_KEY_SELF_SIGNATURE,
  38         VERIFYING_UNSPECIFIED_SIGNATURE,
  39         NR__KEY_BEING_USED_FOR
  40 };
  41 extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR];
  42
  43 #ifdef CONFIG_SYSTEM_DATA_VERIFICATION
  44
  45 struct key;
  46 struct pkcs7_message;
  47
  48 extern int verify_pkcs7_signature(const void *data, size_t len,
  49                                   const void *raw_pkcs7, size_t pkcs7_len,
  50                                   struct key *trusted_keys,
  51                                   enum key_being_used_for usage,
  52                                   int (*view_content)(void *ctx,
  53                                                       const void *data, size_t len,
  54                                                       size_t asn1hdrlen),
  55                                   void *ctx);
  56 extern int verify_pkcs7_message_sig(const void *data, size_t len,
  57                                     struct pkcs7_message *pkcs7,
  58                                     struct key *trusted_keys,
  59                                     enum key_being_used_for usage,
  60                                     int (*view_content)(void *ctx,
  61                                                         const void *data,
  62                                                         size_t len,
  63                                                         size_t asn1hdrlen),
  64                                     void *ctx);
  65
  66 #ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION
  67 extern int verify_pefile_signature(const void *pebuf, unsigned pelen,
  68                                    struct key *trusted_keys,
  69                                    enum key_being_used_for usage);
  70 #endif
  71
  72 #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
  73 #endif /* _LINUX_VERIFY_PEFILE_H */