diff options
Diffstat (limited to 'backport/backport-include/linux')
-rw-r--r-- | backport/backport-include/linux/key.h | 66 | ||||
-rw-r--r-- | backport/backport-include/linux/verification.h | 28 |
2 files changed, 94 insertions, 0 deletions
diff --git a/backport/backport-include/linux/key.h b/backport/backport-include/linux/key.h new file mode 100644 index 00000000..e7abbf47 --- /dev/null +++ b/backport/backport-include/linux/key.h @@ -0,0 +1,66 @@ +#ifndef __BP_KEY_H +#define __BP_KEY_H +#ifndef CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION +#include_next <linux/key.h> +#else +#include <linux/types.h> +#include <linux/refcount.h> +#include <linux/list.h> +#include <keys/asymmetric-type.h> + +typedef uint32_t key_perm_t; + +struct key { + refcount_t refcount; + const char *description; + s32 serial; + struct list_head list; + + struct asymmetric_key_ids kids; + struct public_key *public_key; + struct public_key_signature *sig; + + bool keyring; +}; + +typedef struct __key_reference_with_attributes *key_ref_t; + +static inline key_ref_t make_key_ref(const struct key *key, + bool possession) +{ + return (key_ref_t) ((unsigned long) key | possession); +} + +static inline struct key *key_ref_to_ptr(const key_ref_t key_ref) +{ + return (struct key *) ((unsigned long) key_ref & ~1UL); +} + +#define key_put LINUX_BACKPORT(key_put) +extern void key_put(struct key *key); + +static inline void key_ref_put(key_ref_t key_ref) +{ + key_put(key_ref_to_ptr(key_ref)); +} + +#define key_create_or_update(keyring, type, desc, payload, plen, perm, flags) \ + bp_key_create_or_update(keyring, desc, payload, plen) + +extern key_ref_t bp_key_create_or_update(key_ref_t keyring, + const char *description, + const void *payload, + size_t plen); + +#define keyring_alloc(desc, uid, gid, cred, perm, flags, restrict, dest) \ + bp_keyring_alloc(); + +extern struct key *bp_keyring_alloc(void); + +static inline s32 key_serial(const struct key *key) +{ + return key ? key->serial : 0; +} + +#endif /* CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION */ +#endif /* __BP_KEY_H */ diff --git a/backport/backport-include/linux/verification.h b/backport/backport-include/linux/verification.h new file mode 100644 index 00000000..10e1bcfb --- /dev/null +++ b/backport/backport-include/linux/verification.h @@ -0,0 +1,28 @@ +#ifndef __BP_VERIFICATION_H +#define __BP_VERIFICATION_H +#include <linux/version.h> +#ifndef CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION +#include_next <linux/verification.h> +#else +#include <linux/key.h> + +enum key_being_used_for { + VERIFYING_MODULE_SIGNATURE, + VERIFYING_FIRMWARE_SIGNATURE, + VERIFYING_KEXEC_PE_SIGNATURE, + VERIFYING_KEY_SIGNATURE, + VERIFYING_KEY_SELF_SIGNATURE, + VERIFYING_UNSPECIFIED_SIGNATURE, + NR__KEY_BEING_USED_FOR +}; + +extern int verify_pkcs7_signature(const void *data, size_t len, + const void *raw_pkcs7, size_t pkcs7_len, + struct key *trusted_keys, + enum key_being_used_for usage, + int (*view_content)(void *ctx, + const void *data, size_t len, + size_t asn1hdrlen), + void *ctx); +#endif /* LINUX_VERSION_IS_GEQ(4,7,0) */ +#endif /* __BP_VERIFICATION_H */ |