projects / linux.git / blame
| Commit | Line | Data |
|---|---|---|
| b4d0d230 | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
| 106a4ee2 RR |
2 | /* Module signature checker |
| 3 | * | |
| 4 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. | |
| 5 | * Written by David Howells ([email protected]) | |
| 106a4ee2 RR |
6 | */ |
| 7 | ||
| 8 | #include <linux/kernel.h> | |
| 146aa8b1 | 9 | #include <linux/errno.h> |
| c8424e77 TJB |
10 | #include <linux/module.h> |
| 11 | #include <linux/module_signature.h> | |
| 89053aa9 | 12 | #include <linux/string.h> |
| a511e1af | 13 | #include <linux/verification.h> |
| 3f1e1bea | 14 | #include <crypto/public_key.h> |
| 106a4ee2 RR |
15 | #include "module-internal.h" |
| 16 | ||
| 17 | /* | |
| 18 | * Verify the signature on a module. | |
| 19 | */ | |
| f314dfea | 20 | int mod_verify_sig(const void *mod, struct load_info *info) |
| 106a4ee2 | 21 | { |
| 48ba2462 | 22 | struct module_signature ms; |
| f314dfea | 23 | size_t sig_len, modlen = info->len; |
| c8424e77 | 24 | int ret; |
| 48ba2462 | 25 | |
| 0390c883 | 26 | pr_devel("==>%s(,%zu)\n", __func__, modlen); |
| 48ba2462 | 27 | |
| caabe240 | 28 | if (modlen <= sizeof(ms)) |
| 48ba2462 DH |
29 | return -EBADMSG; |
| 30 | ||
| caabe240 | 31 | memcpy(&ms, mod + (modlen - sizeof(ms)), sizeof(ms)); |
| c8424e77 TJB |
32 | |
| 33 | ret = mod_check_sig(&ms, modlen, info->name); | |
| 34 | if (ret) | |
| 35 | return ret; | |
| 48ba2462 DH |
36 | |
| 37 | sig_len = be32_to_cpu(ms.sig_len); | |
| c8424e77 | 38 | modlen -= sig_len + sizeof(ms); |
| f314dfea | 39 | info->len = modlen; |
| 48ba2462 | 40 | |
| e68503bd | 41 | return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, |
| e84cd7ee KW |
42 | VERIFY_USE_SECONDARY_KEYRING, |
| 43 | VERIFYING_MODULE_SIGNATURE, | |
| e68503bd | 44 | NULL, NULL); |
| 106a4ee2 | 45 | } |