summaryrefslogtreecommitdiff
path: root/include/keys
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2015-07-20 21:16:28 +0100
committerDavid Howells <dhowells@redhat.com>2015-08-07 16:26:13 +0100
commit091f6e26eb326adbd718f406e440c838bed8ebb6 (patch)
tree9562f51745eb81fdf44d1fb56d6e79090935d2e4 /include/keys
parent1c39449921fc6db1f942051f79868a19c92f4d47 (diff)
MODSIGN: Extract the blob PKCS#7 signature verifier from module signing
Extract the function that drives the PKCS#7 signature verification given a data blob and a PKCS#7 blob out from the module signing code and lump it with the system keyring code as it's generic. This makes it independent of module config options and opens it to use by the firmware loader. Signed-off-by: David Howells <dhowells@redhat.com> Cc: Luis R. Rodriguez <mcgrof@suse.com> Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: Ming Lei <ming.lei@canonical.com> Cc: Seth Forshee <seth.forshee@canonical.com> Cc: Kyle McMartin <kyle@kernel.org>
Diffstat (limited to 'include/keys')
-rw-r--r--include/keys/system_keyring.h5
1 files changed, 5 insertions, 0 deletions
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index 72665eb80692..9791c907cdb7 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -28,4 +28,9 @@ static inline struct key *get_system_trusted_keyring(void)
}
#endif
+#ifdef CONFIG_SYSTEM_DATA_VERIFICATION
+extern int system_verify_data(const void *data, unsigned long len,
+ const void *raw_pkcs7, size_t pkcs7_len);
+#endif
+
#endif /* _KEYS_SYSTEM_KEYRING_H */