Merge tag 'modsign-pkcs7-20150812-3' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into next

author: James Morris <james.l.morris@oracle.com> 2015-08-13 22:08:39 -0400
committer: James Morris <james.l.morris@oracle.com> 2015-08-13 22:08:39 -0400
commit: e4fc02f24c223ee8d668bf2d39bb8a2dbd61b40e (patch)
tree: 8ad26407ec8b8898f6ff5f396ff628919a56c624 /include
parent: aa62efff65ba572814511efa68cb158fe9e960c4 (diff)
parent: e9a5e8cc55286941503f36c5b7485a5aa923b3f1 (diff)
5 files changed, 44 insertions, 4 deletions
diff --git a/include/crypto/pkcs7.h b/include/crypto/pkcs7.h
index 691c79172a26..441aff9b5aa7 100644
--- a/include/crypto/pkcs7.h
+++ b/include/crypto/pkcs7.h
@@ -9,6 +9,11 @@
 * 2 of the Licence, or (at your option) any later version.
 */
+#ifndef _CRYPTO_PKCS7_H
+#define _CRYPTO_PKCS7_H
+#include <crypto/public_key.h>
 struct key;
 struct pkcs7_message;
@@ -33,4 +38,10 @@ extern int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
 /*
 * pkcs7_verify.c
 */
-extern int pkcs7_verify(struct pkcs7_message *pkcs7);
+extern int pkcs7_verify(struct pkcs7_message *pkcs7,
+                        enum key_being_used_for usage);
+extern int pkcs7_supply_detached_data(struct pkcs7_message *pkcs7,
+                                      const void *data, size_t datalen);
+#endif /* _CRYPTO_PKCS7_H */
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
index 54add2069901..067c242b1e15 100644
--- a/include/crypto/public_key.h
+++ b/include/crypto/public_key.h
@@ -33,12 +33,27 @@ extern const struct public_key_algorithm *pkey_algo[PKEY_ALGO__LAST];
 enum pkey_id_type {
        PKEY_ID_PGP,            /* OpenPGP generated key ID */
        PKEY_ID_X509,           /* X.509 arbitrary subjectKeyIdentifier */
+        PKEY_ID_PKCS7,          /* Signature in PKCS#7 message */
        PKEY_ID_TYPE__LAST
 };
 extern const char *const pkey_id_type_name[PKEY_ID_TYPE__LAST];
 /*
+ * The use to which an asymmetric key is being put.
+ */
+enum key_being_used_for {
+        VERIFYING_MODULE_SIGNATURE,
+        VERIFYING_FIRMWARE_SIGNATURE,
+        VERIFYING_KEXEC_PE_SIGNATURE,
+        VERIFYING_KEY_SIGNATURE,
+        VERIFYING_KEY_SELF_SIGNATURE,
+        VERIFYING_UNSPECIFIED_SIGNATURE,
+        NR__KEY_BEING_USED_FOR
+};
+extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR];
+/*
 * Cryptographic data for the public-key subtype of the asymmetric key type.
 *
 * Note that this may include private part of the key as well as the public
@@ -101,7 +116,8 @@ extern int verify_signature(const struct key *key,
 struct asymmetric_key_id;
 extern struct key *x509_request_asymmetric_key(struct key *keyring,
-                                               const struct asymmetric_key_id *kid,
+                                               const struct asymmetric_key_id *id,
+                                               const struct asymmetric_key_id *skid,
                                               bool partial);
 #endif /* _LINUX_PUBLIC_KEY_H */
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index 72665eb80692..b20cd885c1fd 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -15,6 +15,7 @@
 #ifdef CONFIG_SYSTEM_TRUSTED_KEYRING
 #include <linux/key.h>
+#include <crypto/public_key.h>
 extern struct key *system_trusted_keyring;
 static inline struct key *get_system_trusted_keyring(void)
@@ -28,4 +29,10 @@ static inline struct key *get_system_trusted_keyring(void)
 }
 #endif
+#ifdef CONFIG_SYSTEM_DATA_VERIFICATION
+extern int system_verify_data(const void *data, unsigned long len,
+                              const void *raw_pkcs7, size_t pkcs7_len,
+                              enum key_being_used_for usage);
+#endif
 #endif /* _KEYS_SYSTEM_KEYRING_H */
diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
index c2bbf672b84e..93e0ff92fb9b 100644
--- a/include/linux/oid_registry.h
+++ b/include/linux/oid_registry.h
@@ -41,7 +41,7 @@ enum OID {
        OID_signed_data,                /* 1.2.840.113549.1.7.2 */
        /* PKCS#9 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)} */
        OID_email_address,              /* 1.2.840.113549.1.9.1 */
-        OID_content_type,               /* 1.2.840.113549.1.9.3 */
+        OID_contentType,                /* 1.2.840.113549.1.9.3 */
        OID_messageDigest,              /* 1.2.840.113549.1.9.4 */
        OID_signingTime,                /* 1.2.840.113549.1.9.5 */
        OID_smimeCapabilites,           /* 1.2.840.113549.1.9.15 */
@@ -54,6 +54,8 @@ enum OID {
        /* Microsoft Authenticode & Software Publishing */
        OID_msIndirectData,             /* 1.3.6.1.4.1.311.2.1.4 */
+        OID_msStatementType,            /* 1.3.6.1.4.1.311.2.1.11 */
+        OID_msSpOpusInfo,               /* 1.3.6.1.4.1.311.2.1.12 */
        OID_msPeImageDataObjId,         /* 1.3.6.1.4.1.311.2.1.15 */
        OID_msIndividualSPKeyPurpose,   /* 1.3.6.1.4.1.311.2.1.21 */
        OID_msOutlookExpress,           /* 1.3.6.1.4.1.311.16.4 */
diff --git a/include/linux/verify_pefile.h b/include/linux/verify_pefile.h
index ac34819214f9..da2049b5161c 100644
--- a/include/linux/verify_pefile.h
+++ b/include/linux/verify_pefile.h
@@ -12,7 +12,11 @@
 #ifndef _LINUX_VERIFY_PEFILE_H
 #define _LINUX_VERIFY_PEFILE_H
+#include <crypto/public_key.h>
 extern int verify_pefile_signature(const void *pebuf, unsigned pelen,
-                                   struct key *trusted_keyring, bool *_trusted);
+                                   struct key *trusted_keyring,
+                                   enum key_being_used_for usage,
+                                   bool *_trusted);
 #endif /* _LINUX_VERIFY_PEFILE_H */
author	James Morris <james.l.morris@oracle.com>	2015-08-13 22:08:39 -0400
committer	James Morris <james.l.morris@oracle.com>	2015-08-13 22:08:39 -0400
commit	e4fc02f24c223ee8d668bf2d39bb8a2dbd61b40e (patch)
tree	8ad26407ec8b8898f6ff5f396ff628919a56c624 /include
parent	aa62efff65ba572814511efa68cb158fe9e960c4 (diff)
parent	e9a5e8cc55286941503f36c5b7485a5aa923b3f1 (diff)