1 /* Signature verification
3 * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
12 #ifndef _LINUX_VERIFICATION_H
13 #define _LINUX_VERIFICATION_H
16 * Indicate that both builtin trusted keys and secondary trusted keys
19 #define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)
22 * The use to which an asymmetric key is being put.
24 enum key_being_used_for
{
25 VERIFYING_MODULE_SIGNATURE
,
26 VERIFYING_FIRMWARE_SIGNATURE
,
27 VERIFYING_KEXEC_PE_SIGNATURE
,
28 VERIFYING_KEY_SIGNATURE
,
29 VERIFYING_KEY_SELF_SIGNATURE
,
30 VERIFYING_UNSPECIFIED_SIGNATURE
,
31 NR__KEY_BEING_USED_FOR
33 extern const char *const key_being_used_for
[NR__KEY_BEING_USED_FOR
];
36 struct public_key_signature
;
38 extern int verify_signature_one(const struct public_key_signature
*sig
,
39 struct key
*trusted_keys
, const char *keyid
);
41 #ifdef CONFIG_SYSTEM_DATA_VERIFICATION
43 extern int verify_pkcs7_signature(const void *data
, size_t len
,
44 const void *raw_pkcs7
, size_t pkcs7_len
,
45 struct key
*trusted_keys
,
46 enum key_being_used_for usage
,
47 int (*view_content
)(void *ctx
,
48 const void *data
, size_t len
,
52 #ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION
53 extern int verify_pefile_signature(const void *pebuf
, unsigned pelen
,
54 struct key
*trusted_keys
,
55 enum key_being_used_for usage
);
58 #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
59 #endif /* _LINUX_VERIFY_PEFILE_H */