1/* Signature verification
 2 *
 3 * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
 4 * Written by David Howells (dhowells@redhat.com)
 5 *
 6 * This program is free software; you can redistribute it and/or
 7 * modify it under the terms of the GNU General Public Licence
 8 * as published by the Free Software Foundation; either version
 9 * 2 of the Licence, or (at your option) any later version.
10 */
11
12#ifndef _LINUX_VERIFICATION_H
13#define _LINUX_VERIFICATION_H
14
15/*
16 * The use to which an asymmetric key is being put.
17 */
18enum key_being_used_for {
19	VERIFYING_MODULE_SIGNATURE,
20	VERIFYING_FIRMWARE_SIGNATURE,
21	VERIFYING_KEXEC_PE_SIGNATURE,
22	VERIFYING_KEY_SIGNATURE,
23	VERIFYING_KEY_SELF_SIGNATURE,
24	VERIFYING_UNSPECIFIED_SIGNATURE,
25	NR__KEY_BEING_USED_FOR
26};
27extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR];
28
29#ifdef CONFIG_SYSTEM_DATA_VERIFICATION
30
31struct key;
32
33extern int verify_pkcs7_signature(const void *data, size_t len,
34				  const void *raw_pkcs7, size_t pkcs7_len,
35				  struct key *trusted_keys,
36				  enum key_being_used_for usage,
37				  int (*view_content)(void *ctx,
38						      const void *data, size_t len,
39						      size_t asn1hdrlen),
40				  void *ctx);
41
42#ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION
43extern int verify_pefile_signature(const void *pebuf, unsigned pelen,
44				   struct key *trusted_keys,
45				   enum key_being_used_for usage);
46#endif
47
48#endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
49#endif /* _LINUX_VERIFY_PEFILE_H */