cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

verification.h (1815B)


      1/* SPDX-License-Identifier: GPL-2.0-or-later */
      2/* Signature verification
      3 *
      4 * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
      5 * Written by David Howells (dhowells@redhat.com)
      6 */
      7
      8#ifndef _LINUX_VERIFICATION_H
      9#define _LINUX_VERIFICATION_H
     10
     11#include <linux/types.h>
     12
     13/*
     14 * Indicate that both builtin trusted keys and secondary trusted keys
     15 * should be used.
     16 */
     17#define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)
     18#define VERIFY_USE_PLATFORM_KEYRING  ((struct key *)2UL)
     19
     20/*
     21 * The use to which an asymmetric key is being put.
     22 */
     23enum key_being_used_for {
     24	VERIFYING_MODULE_SIGNATURE,
     25	VERIFYING_FIRMWARE_SIGNATURE,
     26	VERIFYING_KEXEC_PE_SIGNATURE,
     27	VERIFYING_KEY_SIGNATURE,
     28	VERIFYING_KEY_SELF_SIGNATURE,
     29	VERIFYING_UNSPECIFIED_SIGNATURE,
     30	NR__KEY_BEING_USED_FOR
     31};
     32extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR];
     33
     34#ifdef CONFIG_SYSTEM_DATA_VERIFICATION
     35
     36struct key;
     37struct pkcs7_message;
     38
     39extern int verify_pkcs7_signature(const void *data, size_t len,
     40				  const void *raw_pkcs7, size_t pkcs7_len,
     41				  struct key *trusted_keys,
     42				  enum key_being_used_for usage,
     43				  int (*view_content)(void *ctx,
     44						      const void *data, size_t len,
     45						      size_t asn1hdrlen),
     46				  void *ctx);
     47extern int verify_pkcs7_message_sig(const void *data, size_t len,
     48				    struct pkcs7_message *pkcs7,
     49				    struct key *trusted_keys,
     50				    enum key_being_used_for usage,
     51				    int (*view_content)(void *ctx,
     52							const void *data,
     53							size_t len,
     54							size_t asn1hdrlen),
     55				    void *ctx);
     56
     57#ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION
     58extern int verify_pefile_signature(const void *pebuf, unsigned pelen,
     59				   struct key *trusted_keys,
     60				   enum key_being_used_for usage);
     61#endif
     62
     63#endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
     64#endif /* _LINUX_VERIFY_PEFILE_H */