1 /* Signature verification 2 * 3 * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public Licence 8 * as published by the Free Software Foundation; either version 9 * 2 of the Licence, or (at your option) any later version. 10 */ 11 12 #ifndef _LINUX_VERIFICATION_H 13 #define _LINUX_VERIFICATION_H 14 15 /* 16 * Indicate that both builtin trusted keys and secondary trusted keys 17 * should be used. 18 */ 19 #define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL) 20 21 /* 22 * The use to which an asymmetric key is being put. 23 */ 24 enum key_being_used_for { 25 VERIFYING_MODULE_SIGNATURE, 26 VERIFYING_FIRMWARE_SIGNATURE, 27 VERIFYING_KEXEC_PE_SIGNATURE, 28 VERIFYING_KEY_SIGNATURE, 29 VERIFYING_KEY_SELF_SIGNATURE, 30 VERIFYING_UNSPECIFIED_SIGNATURE, 31 NR__KEY_BEING_USED_FOR 32 }; 33 extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR]; 34 35 #ifdef CONFIG_SYSTEM_DATA_VERIFICATION 36 37 struct key; 38 39 extern int verify_pkcs7_signature(const void *data, size_t len, 40 const void *raw_pkcs7, size_t pkcs7_len, 41 struct key *trusted_keys, 42 enum key_being_used_for usage, 43 int (*view_content)(void *ctx, 44 const void *data, size_t len, 45 size_t asn1hdrlen), 46 void *ctx); 47 48 #ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION 49 extern int verify_pefile_signature(const void *pebuf, unsigned pelen, 50 struct key *trusted_keys, 51 enum key_being_used_for usage); 52 #endif 53 54 #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */ 55 #endif /* _LINUX_VERIFY_PEFILE_H */ 56