mirror of https://github.com/OpenIPC/firmware.git
52 lines
1.4 KiB
Diff
52 lines
1.4 KiB
Diff
diff -drupN a/certs/system_keyring.c b/certs/system_keyring.c
|
|
--- a/certs/system_keyring.c 2018-08-06 17:23:04.000000000 +0300
|
|
+++ b/certs/system_keyring.c 2022-06-12 05:28:14.000000000 +0300
|
|
@@ -240,5 +240,46 @@ error:
|
|
return ret;
|
|
}
|
|
EXPORT_SYMBOL_GPL(verify_pkcs7_signature);
|
|
-
|
|
#endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
|
|
+
|
|
+/**
|
|
+ * verify_signature_one - Verify a signature with keys from given keyring
|
|
+ * @sig: The signature to be verified
|
|
+ * @trusted_keys: Trusted keys to use (NULL for builtin trusted keys only,
|
|
+ * (void *)1UL for all trusted keys).
|
|
+ * @keyid: key description (not partial)
|
|
+ */
|
|
+int verify_signature_one(const struct public_key_signature *sig,
|
|
+ struct key *trusted_keys, const char *keyid)
|
|
+{
|
|
+ key_ref_t ref;
|
|
+ struct key *key;
|
|
+ int ret;
|
|
+
|
|
+ if (!sig)
|
|
+ return -EBADMSG;
|
|
+ if (!trusted_keys) {
|
|
+ trusted_keys = builtin_trusted_keys;
|
|
+ } else if (trusted_keys == (void *)1UL) {
|
|
+#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
|
|
+ trusted_keys = secondary_trusted_keys;
|
|
+#else
|
|
+ trusted_keys = builtin_trusted_keys;
|
|
+#endif
|
|
+ }
|
|
+
|
|
+ ref = keyring_search(make_key_ref(trusted_keys, 1),
|
|
+ &key_type_asymmetric, keyid);
|
|
+ if (IS_ERR(ref)) {
|
|
+ pr_err("Asymmetric key (%s) not found in keyring(%s)\n",
|
|
+ keyid, trusted_keys->description);
|
|
+ return -ENOKEY;
|
|
+ }
|
|
+
|
|
+ key = key_ref_to_ptr(ref);
|
|
+ ret = verify_signature(key, sig);
|
|
+ key_put(key);
|
|
+ return ret;
|
|
+}
|
|
+EXPORT_SYMBOL_GPL(verify_signature_one);
|
|
+
|