18c2ecf20Sopenharmony_ci/* SPDX-License-Identifier: GPL-2.0-or-later */ 28c2ecf20Sopenharmony_ci/* System keyring containing trusted public keys. 38c2ecf20Sopenharmony_ci * 48c2ecf20Sopenharmony_ci * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved. 58c2ecf20Sopenharmony_ci * Written by David Howells (dhowells@redhat.com) 68c2ecf20Sopenharmony_ci */ 78c2ecf20Sopenharmony_ci 88c2ecf20Sopenharmony_ci#ifndef _KEYS_SYSTEM_KEYRING_H 98c2ecf20Sopenharmony_ci#define _KEYS_SYSTEM_KEYRING_H 108c2ecf20Sopenharmony_ci 118c2ecf20Sopenharmony_ci#include <linux/key.h> 128c2ecf20Sopenharmony_ci 138c2ecf20Sopenharmony_ci#ifdef CONFIG_SYSTEM_TRUSTED_KEYRING 148c2ecf20Sopenharmony_ci 158c2ecf20Sopenharmony_ciextern int restrict_link_by_builtin_trusted(struct key *keyring, 168c2ecf20Sopenharmony_ci const struct key_type *type, 178c2ecf20Sopenharmony_ci const union key_payload *payload, 188c2ecf20Sopenharmony_ci struct key *restriction_key); 198c2ecf20Sopenharmony_ci 208c2ecf20Sopenharmony_ci#else 218c2ecf20Sopenharmony_ci#define restrict_link_by_builtin_trusted restrict_link_reject 228c2ecf20Sopenharmony_ci#endif 238c2ecf20Sopenharmony_ci 248c2ecf20Sopenharmony_ci#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING 258c2ecf20Sopenharmony_ciextern int restrict_link_by_builtin_and_secondary_trusted( 268c2ecf20Sopenharmony_ci struct key *keyring, 278c2ecf20Sopenharmony_ci const struct key_type *type, 288c2ecf20Sopenharmony_ci const union key_payload *payload, 298c2ecf20Sopenharmony_ci struct key *restriction_key); 308c2ecf20Sopenharmony_ci#else 318c2ecf20Sopenharmony_ci#define restrict_link_by_builtin_and_secondary_trusted restrict_link_by_builtin_trusted 328c2ecf20Sopenharmony_ci#endif 338c2ecf20Sopenharmony_ci 348c2ecf20Sopenharmony_ciextern struct pkcs7_message *pkcs7; 358c2ecf20Sopenharmony_ci#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING 368c2ecf20Sopenharmony_ciextern int mark_hash_blacklisted(const char *hash); 378c2ecf20Sopenharmony_ciextern int is_hash_blacklisted(const u8 *hash, size_t hash_len, 388c2ecf20Sopenharmony_ci const char *type); 398c2ecf20Sopenharmony_ciextern int is_binary_blacklisted(const u8 *hash, size_t hash_len); 408c2ecf20Sopenharmony_ci#else 418c2ecf20Sopenharmony_cistatic inline int is_hash_blacklisted(const u8 *hash, size_t hash_len, 428c2ecf20Sopenharmony_ci const char *type) 438c2ecf20Sopenharmony_ci{ 448c2ecf20Sopenharmony_ci return 0; 458c2ecf20Sopenharmony_ci} 468c2ecf20Sopenharmony_ci 478c2ecf20Sopenharmony_cistatic inline int is_binary_blacklisted(const u8 *hash, size_t hash_len) 488c2ecf20Sopenharmony_ci{ 498c2ecf20Sopenharmony_ci return 0; 508c2ecf20Sopenharmony_ci} 518c2ecf20Sopenharmony_ci#endif 528c2ecf20Sopenharmony_ci 538c2ecf20Sopenharmony_ci#ifdef CONFIG_SYSTEM_REVOCATION_LIST 548c2ecf20Sopenharmony_ciextern int add_key_to_revocation_list(const char *data, size_t size); 558c2ecf20Sopenharmony_ciextern int is_key_on_revocation_list(struct pkcs7_message *pkcs7); 568c2ecf20Sopenharmony_ci#else 578c2ecf20Sopenharmony_cistatic inline int add_key_to_revocation_list(const char *data, size_t size) 588c2ecf20Sopenharmony_ci{ 598c2ecf20Sopenharmony_ci return 0; 608c2ecf20Sopenharmony_ci} 618c2ecf20Sopenharmony_cistatic inline int is_key_on_revocation_list(struct pkcs7_message *pkcs7) 628c2ecf20Sopenharmony_ci{ 638c2ecf20Sopenharmony_ci return -ENOKEY; 648c2ecf20Sopenharmony_ci} 658c2ecf20Sopenharmony_ci#endif 668c2ecf20Sopenharmony_ci 678c2ecf20Sopenharmony_ci#ifdef CONFIG_IMA_BLACKLIST_KEYRING 688c2ecf20Sopenharmony_ciextern struct key *ima_blacklist_keyring; 698c2ecf20Sopenharmony_ci 708c2ecf20Sopenharmony_cistatic inline struct key *get_ima_blacklist_keyring(void) 718c2ecf20Sopenharmony_ci{ 728c2ecf20Sopenharmony_ci return ima_blacklist_keyring; 738c2ecf20Sopenharmony_ci} 748c2ecf20Sopenharmony_ci#else 758c2ecf20Sopenharmony_cistatic inline struct key *get_ima_blacklist_keyring(void) 768c2ecf20Sopenharmony_ci{ 778c2ecf20Sopenharmony_ci return NULL; 788c2ecf20Sopenharmony_ci} 798c2ecf20Sopenharmony_ci#endif /* CONFIG_IMA_BLACKLIST_KEYRING */ 808c2ecf20Sopenharmony_ci 818c2ecf20Sopenharmony_ci#if defined(CONFIG_INTEGRITY_PLATFORM_KEYRING) && \ 828c2ecf20Sopenharmony_ci defined(CONFIG_SYSTEM_TRUSTED_KEYRING) 838c2ecf20Sopenharmony_ciextern void __init set_platform_trusted_keys(struct key *keyring); 848c2ecf20Sopenharmony_ci#else 858c2ecf20Sopenharmony_cistatic inline void set_platform_trusted_keys(struct key *keyring) 868c2ecf20Sopenharmony_ci{ 878c2ecf20Sopenharmony_ci} 888c2ecf20Sopenharmony_ci#endif 898c2ecf20Sopenharmony_ci 908c2ecf20Sopenharmony_ci#endif /* _KEYS_SYSTEM_KEYRING_H */ 91