diff options
Diffstat (limited to 'backport/backport-include')
-rw-r--r-- | backport/backport-include/keys/asymmetric-type.h | 33 | ||||
-rw-r--r-- | backport/backport-include/keys/system_keyring.h | 10 | ||||
-rw-r--r-- | backport/backport-include/linux/key.h | 66 | ||||
-rw-r--r-- | backport/backport-include/linux/verification.h | 28 |
4 files changed, 137 insertions, 0 deletions
diff --git a/backport/backport-include/keys/asymmetric-type.h b/backport/backport-include/keys/asymmetric-type.h new file mode 100644 index 00000000..ee9c4186 --- /dev/null +++ b/backport/backport-include/keys/asymmetric-type.h @@ -0,0 +1,33 @@ +#ifndef __BP_ASYMMETRIC_TYPE_H +#define __BP_ASYMMETRIC_TYPE_H +#ifdef CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION + +struct asymmetric_key_id { + unsigned short len; + unsigned char data[]; +}; + +struct asymmetric_key_ids { + struct asymmetric_key_id *id[2]; +}; + +static inline bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1, + const struct asymmetric_key_id *kid2) +{ + if (!kid1 || !kid2) + return false; + if (kid1->len != kid2->len) + return false; + return memcmp(kid1->data, kid2->data, kid1->len) == 0; +} + +extern struct asymmetric_key_id * +asymmetric_key_generate_id(const void *val_1, size_t len_1, + const void *val_2, size_t len_2); + +extern struct key *find_asymmetric_key(struct key *keyring, + const struct asymmetric_key_id *id_0, + const struct asymmetric_key_id *id_1, + bool partial); +#endif +#endif /* __BP_ASYMMETRIC_TYPE_H */ diff --git a/backport/backport-include/keys/system_keyring.h b/backport/backport-include/keys/system_keyring.h new file mode 100644 index 00000000..00d2bfff --- /dev/null +++ b/backport/backport-include/keys/system_keyring.h @@ -0,0 +1,10 @@ +#ifndef __BP_SYSTEM_KEYRING_H +#define __BP_SYSTEM_KEYRING_H +#ifndef CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION +#include_next <keys/system_keyring.h> +#else +#include <linux/key.h> + +#define is_hash_blacklisted(...) 0 +#endif /* CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION */ +#endif /* __BP_SYSTEM_KEYRING_H */ diff --git a/backport/backport-include/linux/key.h b/backport/backport-include/linux/key.h new file mode 100644 index 00000000..e7abbf47 --- /dev/null +++ b/backport/backport-include/linux/key.h @@ -0,0 +1,66 @@ +#ifndef __BP_KEY_H +#define __BP_KEY_H +#ifndef CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION +#include_next <linux/key.h> +#else +#include <linux/types.h> +#include <linux/refcount.h> +#include <linux/list.h> +#include <keys/asymmetric-type.h> + +typedef uint32_t key_perm_t; + +struct key { + refcount_t refcount; + const char *description; + s32 serial; + struct list_head list; + + struct asymmetric_key_ids kids; + struct public_key *public_key; + struct public_key_signature *sig; + + bool keyring; +}; + +typedef struct __key_reference_with_attributes *key_ref_t; + +static inline key_ref_t make_key_ref(const struct key *key, + bool possession) +{ + return (key_ref_t) ((unsigned long) key | possession); +} + +static inline struct key *key_ref_to_ptr(const key_ref_t key_ref) +{ + return (struct key *) ((unsigned long) key_ref & ~1UL); +} + +#define key_put LINUX_BACKPORT(key_put) +extern void key_put(struct key *key); + +static inline void key_ref_put(key_ref_t key_ref) +{ + key_put(key_ref_to_ptr(key_ref)); +} + +#define key_create_or_update(keyring, type, desc, payload, plen, perm, flags) \ + bp_key_create_or_update(keyring, desc, payload, plen) + +extern key_ref_t bp_key_create_or_update(key_ref_t keyring, + const char *description, + const void *payload, + size_t plen); + +#define keyring_alloc(desc, uid, gid, cred, perm, flags, restrict, dest) \ + bp_keyring_alloc(); + +extern struct key *bp_keyring_alloc(void); + +static inline s32 key_serial(const struct key *key) +{ + return key ? key->serial : 0; +} + +#endif /* CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION */ +#endif /* __BP_KEY_H */ diff --git a/backport/backport-include/linux/verification.h b/backport/backport-include/linux/verification.h new file mode 100644 index 00000000..10e1bcfb --- /dev/null +++ b/backport/backport-include/linux/verification.h @@ -0,0 +1,28 @@ +#ifndef __BP_VERIFICATION_H +#define __BP_VERIFICATION_H +#include <linux/version.h> +#ifndef CPTCFG_BPAUTO_BUILD_SYSTEM_DATA_VERIFICATION +#include_next <linux/verification.h> +#else +#include <linux/key.h> + +enum key_being_used_for { + VERIFYING_MODULE_SIGNATURE, + VERIFYING_FIRMWARE_SIGNATURE, + VERIFYING_KEXEC_PE_SIGNATURE, + VERIFYING_KEY_SIGNATURE, + VERIFYING_KEY_SELF_SIGNATURE, + VERIFYING_UNSPECIFIED_SIGNATURE, + NR__KEY_BEING_USED_FOR +}; + +extern int verify_pkcs7_signature(const void *data, size_t len, + const void *raw_pkcs7, size_t pkcs7_len, + struct key *trusted_keys, + enum key_being_used_for usage, + int (*view_content)(void *ctx, + const void *data, size_t len, + size_t asn1hdrlen), + void *ctx); +#endif /* LINUX_VERSION_IS_GEQ(4,7,0) */ +#endif /* __BP_VERIFICATION_H */ |