Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf
[platform/kernel/linux-rpi.git] / include / linux / verification.h
1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /* Signature verification
3  *
4  * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
5  * Written by David Howells (dhowells@redhat.com)
6  */
7
8 #ifndef _LINUX_VERIFICATION_H
9 #define _LINUX_VERIFICATION_H
10
11 #include <linux/types.h>
12
13 /*
14  * Indicate that both builtin trusted keys and secondary trusted keys
15  * should be used.
16  */
17 #define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)
18 #define VERIFY_USE_PLATFORM_KEYRING  ((struct key *)2UL)
19
20 /*
21  * The use to which an asymmetric key is being put.
22  */
23 enum key_being_used_for {
24         VERIFYING_MODULE_SIGNATURE,
25         VERIFYING_FIRMWARE_SIGNATURE,
26         VERIFYING_KEXEC_PE_SIGNATURE,
27         VERIFYING_KEY_SIGNATURE,
28         VERIFYING_KEY_SELF_SIGNATURE,
29         VERIFYING_UNSPECIFIED_SIGNATURE,
30         NR__KEY_BEING_USED_FOR
31 };
32 extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR];
33
34 #ifdef CONFIG_SYSTEM_DATA_VERIFICATION
35
36 struct key;
37 struct pkcs7_message;
38
39 extern int verify_pkcs7_signature(const void *data, size_t len,
40                                   const void *raw_pkcs7, size_t pkcs7_len,
41                                   struct key *trusted_keys,
42                                   enum key_being_used_for usage,
43                                   int (*view_content)(void *ctx,
44                                                       const void *data, size_t len,
45                                                       size_t asn1hdrlen),
46                                   void *ctx);
47 extern int verify_pkcs7_message_sig(const void *data, size_t len,
48                                     struct pkcs7_message *pkcs7,
49                                     struct key *trusted_keys,
50                                     enum key_being_used_for usage,
51                                     int (*view_content)(void *ctx,
52                                                         const void *data,
53                                                         size_t len,
54                                                         size_t asn1hdrlen),
55                                     void *ctx);
56
57 #ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION
58 extern int verify_pefile_signature(const void *pebuf, unsigned pelen,
59                                    struct key *trusted_keys,
60                                    enum key_being_used_for usage);
61 #endif
62
63 #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
64 #endif /* _LINUX_VERIFY_PEFILE_H */