TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / hafnium / third_party / linux.git / 92d4c21e51fc12736c39c2a161a42f20e2be8a00 / . / include / linux / verification.h
blob: 911ab7c2b1ab39133f2e993eeaf818847912204c [file] [log] [blame]
David Brazdil0f672f62019-12-10 10:32:29 +0000[diff] [blame]1/* SPDX-License-Identifier: GPL-2.0-or-later */
Andrew Scullb4b6d4a2019-01-02 15:54:55 +0000[diff] [blame]2/* Signature verification
3 *
4 * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
5 * Written by David Howells (dhowells@redhat.com)
Andrew Scullb4b6d4a2019-01-02 15:54:55 +0000[diff] [blame]6 */
7
8#ifndef _LINUX_VERIFICATION_H
9#define _LINUX_VERIFICATION_H
10
11/*
12 * Indicate that both builtin trusted keys and secondary trusted keys
13 * should be used.
14 */
15#define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)
David Brazdil0f672f62019-12-10 10:32:29 +0000[diff] [blame]16#define VERIFY_USE_PLATFORM_KEYRING ((struct key *)2UL)
Andrew Scullb4b6d4a2019-01-02 15:54:55 +0000[diff] [blame]17
18/*
19 * The use to which an asymmetric key is being put.
20 */
21enum key_being_used_for {
22 VERIFYING_MODULE_SIGNATURE,
23 VERIFYING_FIRMWARE_SIGNATURE,
24 VERIFYING_KEXEC_PE_SIGNATURE,
25 VERIFYING_KEY_SIGNATURE,
26 VERIFYING_KEY_SELF_SIGNATURE,
27 VERIFYING_UNSPECIFIED_SIGNATURE,
28 NR__KEY_BEING_USED_FOR
29};
30extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR];
31
32#ifdef CONFIG_SYSTEM_DATA_VERIFICATION
33
34struct key;
David Brazdil0f672f62019-12-10 10:32:29 +0000[diff] [blame]35struct pkcs7_message;
Andrew Scullb4b6d4a2019-01-02 15:54:55 +0000[diff] [blame]36
37extern int verify_pkcs7_signature(const void *data, size_t len,
38 const void *raw_pkcs7, size_t pkcs7_len,
39 struct key *trusted_keys,
40 enum key_being_used_for usage,
41 int (*view_content)(void *ctx,
42 const void *data, size_t len,
43 size_t asn1hdrlen),
44 void *ctx);
David Brazdil0f672f62019-12-10 10:32:29 +0000[diff] [blame]45extern int verify_pkcs7_message_sig(const void *data, size_t len,
46 struct pkcs7_message *pkcs7,
47 struct key *trusted_keys,
48 enum key_being_used_for usage,
49 int (*view_content)(void *ctx,
50 const void *data,
51 size_t len,
52 size_t asn1hdrlen),
53 void *ctx);
Andrew Scullb4b6d4a2019-01-02 15:54:55 +0000[diff] [blame]54
55#ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION
56extern int verify_pefile_signature(const void *pebuf, unsigned pelen,
57 struct key *trusted_keys,
58 enum key_being_used_for usage);
59#endif
60
61#endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
62#endif /* _LINUX_VERIFY_PEFILE_H */