xref: /linux/include/keys/system_keyring.h (revision 87c9c16317882dd6dbbc07e349bc3223e14f3244) 
1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /* System keyring containing trusted public keys.
3  *
4  * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved.
5  * Written by David Howells (dhowells@redhat.com)
6  */
7 
8 #ifndef _KEYS_SYSTEM_KEYRING_H
9 #define _KEYS_SYSTEM_KEYRING_H
10 
11 #include <linux/key.h>
12 
13 #ifdef CONFIG_SYSTEM_TRUSTED_KEYRING
14 
15 extern int restrict_link_by_builtin_trusted(struct key *keyring,
16 					    const struct key_type *type,
17 					    const union key_payload *payload,
18 					    struct key *restriction_key);
19 extern __init int load_module_cert(struct key *keyring);
20 
21 #else
22 #define restrict_link_by_builtin_trusted restrict_link_reject
23 
24 static inline __init int load_module_cert(struct key *keyring)
25 {
26 	return 0;
27 }
28 
29 #endif
30 
31 #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
32 extern int restrict_link_by_builtin_and_secondary_trusted(
33 	struct key *keyring,
34 	const struct key_type *type,
35 	const union key_payload *payload,
36 	struct key *restriction_key);
37 #else
38 #define restrict_link_by_builtin_and_secondary_trusted restrict_link_by_builtin_trusted
39 #endif
40 
41 extern struct pkcs7_message *pkcs7;
42 #ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
43 extern int mark_hash_blacklisted(const char *hash);
44 extern int is_hash_blacklisted(const u8 *hash, size_t hash_len,
45 			       const char *type);
46 extern int is_binary_blacklisted(const u8 *hash, size_t hash_len);
47 #else
48 static inline int is_hash_blacklisted(const u8 *hash, size_t hash_len,
49 				      const char *type)
50 {
51 	return 0;
52 }
53 
54 static inline int is_binary_blacklisted(const u8 *hash, size_t hash_len)
55 {
56 	return 0;
57 }
58 #endif
59 
60 #ifdef CONFIG_SYSTEM_REVOCATION_LIST
61 extern int add_key_to_revocation_list(const char *data, size_t size);
62 extern int is_key_on_revocation_list(struct pkcs7_message *pkcs7);
63 #else
64 static inline int add_key_to_revocation_list(const char *data, size_t size)
65 {
66 	return 0;
67 }
68 static inline int is_key_on_revocation_list(struct pkcs7_message *pkcs7)
69 {
70 	return -ENOKEY;
71 }
72 #endif
73 
74 #ifdef CONFIG_IMA_BLACKLIST_KEYRING
75 extern struct key *ima_blacklist_keyring;
76 
77 static inline struct key *get_ima_blacklist_keyring(void)
78 {
79 	return ima_blacklist_keyring;
80 }
81 #else
82 static inline struct key *get_ima_blacklist_keyring(void)
83 {
84 	return NULL;
85 }
86 #endif /* CONFIG_IMA_BLACKLIST_KEYRING */
87 
88 #if defined(CONFIG_INTEGRITY_PLATFORM_KEYRING) && \
89 	defined(CONFIG_SYSTEM_TRUSTED_KEYRING)
90 extern void __init set_platform_trusted_keys(struct key *keyring);
91 #else
92 static inline void set_platform_trusted_keys(struct key *keyring)
93 {
94 }
95 #endif
96 
97 #endif /* _KEYS_SYSTEM_KEYRING_H */
98