xref: /OK3568_Linux_fs/kernel/include/keys/system_keyring.h (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun /* SPDX-License-Identifier: GPL-2.0-or-later */
2*4882a593Smuzhiyun /* System keyring containing trusted public keys.
3*4882a593Smuzhiyun  *
4*4882a593Smuzhiyun  * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved.
5*4882a593Smuzhiyun  * Written by David Howells (dhowells@redhat.com)
6*4882a593Smuzhiyun  */
7*4882a593Smuzhiyun 
8*4882a593Smuzhiyun #ifndef _KEYS_SYSTEM_KEYRING_H
9*4882a593Smuzhiyun #define _KEYS_SYSTEM_KEYRING_H
10*4882a593Smuzhiyun 
11*4882a593Smuzhiyun #include <linux/key.h>
12*4882a593Smuzhiyun 
13*4882a593Smuzhiyun #ifdef CONFIG_SYSTEM_TRUSTED_KEYRING
14*4882a593Smuzhiyun 
15*4882a593Smuzhiyun extern int restrict_link_by_builtin_trusted(struct key *keyring,
16*4882a593Smuzhiyun 					    const struct key_type *type,
17*4882a593Smuzhiyun 					    const union key_payload *payload,
18*4882a593Smuzhiyun 					    struct key *restriction_key);
19*4882a593Smuzhiyun 
20*4882a593Smuzhiyun #else
21*4882a593Smuzhiyun #define restrict_link_by_builtin_trusted restrict_link_reject
22*4882a593Smuzhiyun #endif
23*4882a593Smuzhiyun 
24*4882a593Smuzhiyun #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
25*4882a593Smuzhiyun extern int restrict_link_by_builtin_and_secondary_trusted(
26*4882a593Smuzhiyun 	struct key *keyring,
27*4882a593Smuzhiyun 	const struct key_type *type,
28*4882a593Smuzhiyun 	const union key_payload *payload,
29*4882a593Smuzhiyun 	struct key *restriction_key);
30*4882a593Smuzhiyun #else
31*4882a593Smuzhiyun #define restrict_link_by_builtin_and_secondary_trusted restrict_link_by_builtin_trusted
32*4882a593Smuzhiyun #endif
33*4882a593Smuzhiyun 
34*4882a593Smuzhiyun extern struct pkcs7_message *pkcs7;
35*4882a593Smuzhiyun #ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
36*4882a593Smuzhiyun extern int mark_hash_blacklisted(const char *hash);
37*4882a593Smuzhiyun extern int is_hash_blacklisted(const u8 *hash, size_t hash_len,
38*4882a593Smuzhiyun 			       const char *type);
39*4882a593Smuzhiyun extern int is_binary_blacklisted(const u8 *hash, size_t hash_len);
40*4882a593Smuzhiyun #else
is_hash_blacklisted(const u8 * hash,size_t hash_len,const char * type)41*4882a593Smuzhiyun static inline int is_hash_blacklisted(const u8 *hash, size_t hash_len,
42*4882a593Smuzhiyun 				      const char *type)
43*4882a593Smuzhiyun {
44*4882a593Smuzhiyun 	return 0;
45*4882a593Smuzhiyun }
46*4882a593Smuzhiyun 
is_binary_blacklisted(const u8 * hash,size_t hash_len)47*4882a593Smuzhiyun static inline int is_binary_blacklisted(const u8 *hash, size_t hash_len)
48*4882a593Smuzhiyun {
49*4882a593Smuzhiyun 	return 0;
50*4882a593Smuzhiyun }
51*4882a593Smuzhiyun #endif
52*4882a593Smuzhiyun 
53*4882a593Smuzhiyun #ifdef CONFIG_SYSTEM_REVOCATION_LIST
54*4882a593Smuzhiyun extern int add_key_to_revocation_list(const char *data, size_t size);
55*4882a593Smuzhiyun extern int is_key_on_revocation_list(struct pkcs7_message *pkcs7);
56*4882a593Smuzhiyun #else
add_key_to_revocation_list(const char * data,size_t size)57*4882a593Smuzhiyun static inline int add_key_to_revocation_list(const char *data, size_t size)
58*4882a593Smuzhiyun {
59*4882a593Smuzhiyun 	return 0;
60*4882a593Smuzhiyun }
is_key_on_revocation_list(struct pkcs7_message * pkcs7)61*4882a593Smuzhiyun static inline int is_key_on_revocation_list(struct pkcs7_message *pkcs7)
62*4882a593Smuzhiyun {
63*4882a593Smuzhiyun 	return -ENOKEY;
64*4882a593Smuzhiyun }
65*4882a593Smuzhiyun #endif
66*4882a593Smuzhiyun 
67*4882a593Smuzhiyun #ifdef CONFIG_IMA_BLACKLIST_KEYRING
68*4882a593Smuzhiyun extern struct key *ima_blacklist_keyring;
69*4882a593Smuzhiyun 
get_ima_blacklist_keyring(void)70*4882a593Smuzhiyun static inline struct key *get_ima_blacklist_keyring(void)
71*4882a593Smuzhiyun {
72*4882a593Smuzhiyun 	return ima_blacklist_keyring;
73*4882a593Smuzhiyun }
74*4882a593Smuzhiyun #else
get_ima_blacklist_keyring(void)75*4882a593Smuzhiyun static inline struct key *get_ima_blacklist_keyring(void)
76*4882a593Smuzhiyun {
77*4882a593Smuzhiyun 	return NULL;
78*4882a593Smuzhiyun }
79*4882a593Smuzhiyun #endif /* CONFIG_IMA_BLACKLIST_KEYRING */
80*4882a593Smuzhiyun 
81*4882a593Smuzhiyun #if defined(CONFIG_INTEGRITY_PLATFORM_KEYRING) && \
82*4882a593Smuzhiyun 	defined(CONFIG_SYSTEM_TRUSTED_KEYRING)
83*4882a593Smuzhiyun extern void __init set_platform_trusted_keys(struct key *keyring);
84*4882a593Smuzhiyun #else
set_platform_trusted_keys(struct key * keyring)85*4882a593Smuzhiyun static inline void set_platform_trusted_keys(struct key *keyring)
86*4882a593Smuzhiyun {
87*4882a593Smuzhiyun }
88*4882a593Smuzhiyun #endif
89*4882a593Smuzhiyun 
90*4882a593Smuzhiyun #endif /* _KEYS_SYSTEM_KEYRING_H */
91