| 1 | /* SPDX-License-Identifier: GPL-2.0+ */ |
|---|
| 2 | /* |
|---|
| 3 | * Module signature handling. |
|---|
| 4 | * |
|---|
| 5 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. |
|---|
| 6 | * Written by David Howells (dhowells@redhat.com) |
|---|
| 7 | */ |
|---|
| 8 | |
|---|
| 9 | #ifndef _LINUX_MODULE_SIGNATURE_H |
|---|
| 10 | #define _LINUX_MODULE_SIGNATURE_H |
|---|
| 11 | |
|---|
| 12 | #include <linux/types.h> |
|---|
| 13 | |
|---|
| 14 | /* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ |
|---|
| 15 | #define MODULE_SIG_STRING "~Module signature appended~\n" |
|---|
| 16 | |
|---|
| 17 | enum pkey_id_type { |
|---|
| 18 | PKEY_ID_PGP, /* OpenPGP generated key ID */ |
|---|
| 19 | PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */ |
|---|
| 20 | PKEY_ID_PKCS7, /* Signature in PKCS#7 message */ |
|---|
| 21 | }; |
|---|
| 22 | |
|---|
| 23 | /* |
|---|
| 24 | * Module signature information block. |
|---|
| 25 | * |
|---|
| 26 | * The constituents of the signature section are, in order: |
|---|
| 27 | * |
|---|
| 28 | * - Signer's name |
|---|
| 29 | * - Key identifier |
|---|
| 30 | * - Signature data |
|---|
| 31 | * - Information block |
|---|
| 32 | */ |
|---|
| 33 | struct module_signature { |
|---|
| 34 | u8 algo; /* Public-key crypto algorithm [0] */ |
|---|
| 35 | u8 hash; /* Digest algorithm [0] */ |
|---|
| 36 | u8 id_type; /* Key identifier type [PKEY_ID_PKCS7] */ |
|---|
| 37 | u8 signer_len; /* Length of signer's name [0] */ |
|---|
| 38 | u8 key_id_len; /* Length of key identifier [0] */ |
|---|
| 39 | u8 __pad[3]; |
|---|
| 40 | __be32 sig_len; /* Length of signature data */ |
|---|
| 41 | }; |
|---|
| 42 | |
|---|
| 43 | int mod_check_sig(const struct module_signature *ms, size_t file_len, |
|---|
| 44 | const char *name); |
|---|
| 45 | |
|---|
| 46 | #endif /* _LINUX_MODULE_SIGNATURE_H */ |
|---|
| 47 | |
|---|
