091f6e26eb
Extract the function that drives the PKCS#7 signature verification given a data blob and a PKCS#7 blob out from the module signing code and lump it with the system keyring code as it's generic. This makes it independent of module config options and opens it to use by the firmware loader. Signed-off-by: David Howells <dhowells@redhat.com> Cc: Luis R. Rodriguez <mcgrof@suse.com> Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: Ming Lei <ming.lei@canonical.com> Cc: Seth Forshee <seth.forshee@canonical.com> Cc: Kyle McMartin <kyle@kernel.org>
36 lines
975 B
C
36 lines
975 B
C
/* System keyring containing trusted public keys.
|
|
*
|
|
* Copyright (C) 2013 Red Hat, Inc. All Rights Reserved.
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public Licence
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the Licence, or (at your option) any later version.
|
|
*/
|
|
|
|
#ifndef _KEYS_SYSTEM_KEYRING_H
|
|
#define _KEYS_SYSTEM_KEYRING_H
|
|
|
|
#ifdef CONFIG_SYSTEM_TRUSTED_KEYRING
|
|
|
|
#include <linux/key.h>
|
|
|
|
extern struct key *system_trusted_keyring;
|
|
static inline struct key *get_system_trusted_keyring(void)
|
|
{
|
|
return system_trusted_keyring;
|
|
}
|
|
#else
|
|
static inline struct key *get_system_trusted_keyring(void)
|
|
{
|
|
return NULL;
|
|
}
|
|
#endif
|
|
|
|
#ifdef CONFIG_SYSTEM_DATA_VERIFICATION
|
|
extern int system_verify_data(const void *data, unsigned long len,
|
|
const void *raw_pkcs7, size_t pkcs7_len);
|
|
#endif
|
|
|
|
#endif /* _KEYS_SYSTEM_KEYRING_H */
|