2 files changed, 94 insertions, 0 deletions

diff --git a/backport/backport-include/linux/key.h b/backport/backport-include/linux/key.h
new file mode 100644
index 00000000..e7abbf47
--- /dev/null
+++ b/backport/backport-include/linux/key.h
@@ -0,0 +1,66 @@
+#ifndef __BP_KEY_H
+#define __BP_KEY_H
+#ifndef CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION
+#include_next <linux/key.h>
+#else
+#include <linux/types.h>
+#include <linux/refcount.h>
+#include <linux/list.h>
+#include <keys/asymmetric-type.h>
+
+typedef uint32_t key_perm_t;
+
+struct key {
+	refcount_t refcount;
+	const char *description;
+	s32 serial;
+	struct list_head list;
+
+	struct asymmetric_key_ids kids;
+	struct public_key *public_key;
+	struct public_key_signature *sig;
+
+	bool keyring;
+};
+
+typedef struct __key_reference_with_attributes *key_ref_t;
+
+static inline key_ref_t make_key_ref(const struct key *key,
+				     bool possession)
+{
+	return (key_ref_t) ((unsigned long) key | possession);
+}
+
+static inline struct key *key_ref_to_ptr(const key_ref_t key_ref)
+{
+	return (struct key *) ((unsigned long) key_ref & ~1UL);
+}
+
+#define key_put LINUX_BACKPORT(key_put)
+extern void key_put(struct key *key);
+
+static inline void key_ref_put(key_ref_t key_ref)
+{
+	key_put(key_ref_to_ptr(key_ref));
+}
+
+#define key_create_or_update(keyring, type, desc, payload, plen, perm, flags) \
+	bp_key_create_or_update(keyring, desc, payload, plen)
+
+extern key_ref_t bp_key_create_or_update(key_ref_t keyring,
+					 const char *description,
+					 const void *payload,
+					 size_t plen);
+
+#define keyring_alloc(desc, uid, gid, cred, perm, flags, restrict, dest) \
+	bp_keyring_alloc();
+
+extern struct key *bp_keyring_alloc(void);
+
+static inline s32 key_serial(const struct key *key)
+{
+	return key ? key->serial : 0;
+}
+
+#endif /* CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION */
+#endif /* __BP_KEY_H */
diff --git a/backport/backport-include/linux/verification.h b/backport/backport-include/linux/verification.h
new file mode 100644
index 00000000..10e1bcfb
--- /dev/null
+++ b/backport/backport-include/linux/verification.h
@@ -0,0 +1,28 @@
+#ifndef __BP_VERIFICATION_H
+#define __BP_VERIFICATION_H
+#include <linux/version.h>
+#ifndef CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION
+#include_next <linux/verification.h>
+#else
+#include <linux/key.h>
+
+enum key_being_used_for {
+	VERIFYING_MODULE_SIGNATURE,
+	VERIFYING_FIRMWARE_SIGNATURE,
+	VERIFYING_KEXEC_PE_SIGNATURE,
+	VERIFYING_KEY_SIGNATURE,
+	VERIFYING_KEY_SELF_SIGNATURE,
+	VERIFYING_UNSPECIFIED_SIGNATURE,
+	NR__KEY_BEING_USED_FOR
+};
+
+extern int verify_pkcs7_signature(const void *data, size_t len,
+				  const void *raw_pkcs7, size_t pkcs7_len,
+				  struct key *trusted_keys,
+				  enum key_being_used_for usage,
+				  int (*view_content)(void *ctx,
+						      const void *data, size_t len,
+						      size_t asn1hdrlen),
+				  void *ctx);
+#endif /* LINUX_VERSION_IS_GEQ(4,7,0) */
+#endif /* __BP_VERIFICATION_H */