PKCS#7: Find intersection between PKCS#7 message and known, trusted keys

Find the intersection between the X.509 certificate chain contained in a PKCS#7 message and a set of keys that we already know and trust. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Vivek Goyal <vgoyal@redhat.com> Reviewed-by: Kees Cook <keescook@chromium.org>
author: David Howells <dhowells@redhat.com> 2014-07-01 11:40:20 -0400
committer: David Howells <dhowells@redhat.com> 2014-07-08 08:50:15 -0400
commit: 08815b62d700e4fbeb72a01986ad051c3dd84a15 (patch)
tree: 9a3df820a9716348fa947986d2310d50e14f9964 /include/crypto
parent: 8c76d79393ccc9b89d9af402d79a49a9cd43c5aa (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/include/crypto/pkcs7.h b/include/crypto/pkcs7.h
index 8ba0f3810d67..691c79172a26 100644
--- a/include/crypto/pkcs7.h
+++ b/include/crypto/pkcs7.h
@@ -9,6 +9,7 @@
 * 2 of the Licence, or (at your option) any later version.
 */
+struct key;
 struct pkcs7_message;
 /*
@@ -23,6 +24,13 @@ extern int pkcs7_get_content_data(const struct pkcs7_message *pkcs7,
                                  bool want_wrapper);
 /*
+ * pkcs7_trust.c
+ */
+extern int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
+                                struct key *trust_keyring,
+                                bool *_trusted);
+/*
 * pkcs7_verify.c
 */
 extern int pkcs7_verify(struct pkcs7_message *pkcs7);
author	David Howells <dhowells@redhat.com>	2014-07-01 11:40:20 -0400
committer	David Howells <dhowells@redhat.com>	2014-07-08 08:50:15 -0400
commit	08815b62d700e4fbeb72a01986ad051c3dd84a15 (patch)
tree	9a3df820a9716348fa947986d2310d50e14f9964 /include/crypto
parent	8c76d79393ccc9b89d9af402d79a49a9cd43c5aa (diff)