PKCS#7: Find intersection between PKCS#7 message and known, trusted keys

Find the intersection between the X.509 certificate chain contained in a PKCS#7 message and a set of keys that we already know and trust. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Vivek Goyal <vgoyal@redhat.com> Reviewed-by: Kees Cook <keescook@chromium.org>
2014-07-01 16:40:20 +01:00
parent 8c76d79393
commit 08815b62d7
3 changed files with 228 additions and 0 deletions
--- a/include/crypto/pkcs7.h
+++ b/include/crypto/pkcs7.h
@@ -9,6 +9,7 @@
 * 2 of the Licence, or (at your option) any later version.
 */

+struct key;
 struct pkcs7_message;

 /*
@@ -22,6 +23,13 @@ extern int pkcs7_get_content_data(const struct pkcs7_message *pkcs7,
 				  const void **_data, size_t *_datalen,
 				  bool want_wrapper);

+/*
+ * pkcs7_trust.c
+ */
+extern int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
+				struct key *trust_keyring,
+				bool *_trusted);
+
 /*
 * pkcs7_verify.c
 */