forked from Minki/linux
bda850cd21
Make the determination of the trustworthiness of a key dependent on whether a key that can verify it is present in the supplied ring of trusted keys rather than whether or not the verifying key has KEY_FLAG_TRUSTED set. verify_pkcs7_signature() will return -ENOKEY if the PKCS#7 message trust chain cannot be verified. Signed-off-by: David Howells <dhowells@redhat.com>
48 lines
1.2 KiB
C
48 lines
1.2 KiB
C
/* PKCS#7 crypto data parser
|
|
*
|
|
* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public Licence
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the Licence, or (at your option) any later version.
|
|
*/
|
|
|
|
#ifndef _CRYPTO_PKCS7_H
|
|
#define _CRYPTO_PKCS7_H
|
|
|
|
#include <linux/verification.h>
|
|
#include <crypto/public_key.h>
|
|
|
|
struct key;
|
|
struct pkcs7_message;
|
|
|
|
/*
|
|
* pkcs7_parser.c
|
|
*/
|
|
extern struct pkcs7_message *pkcs7_parse_message(const void *data,
|
|
size_t datalen);
|
|
extern void pkcs7_free_message(struct pkcs7_message *pkcs7);
|
|
|
|
extern int pkcs7_get_content_data(const struct pkcs7_message *pkcs7,
|
|
const void **_data, size_t *_datalen,
|
|
size_t *_headerlen);
|
|
|
|
/*
|
|
* pkcs7_trust.c
|
|
*/
|
|
extern int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
|
|
struct key *trust_keyring);
|
|
|
|
/*
|
|
* pkcs7_verify.c
|
|
*/
|
|
extern int pkcs7_verify(struct pkcs7_message *pkcs7,
|
|
enum key_being_used_for usage);
|
|
|
|
extern int pkcs7_supply_detached_data(struct pkcs7_message *pkcs7,
|
|
const void *data, size_t datalen);
|
|
|
|
#endif /* _CRYPTO_PKCS7_H */
|