forked from Qortal/Brooklyn
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
45 lines
1.1 KiB
45 lines
1.1 KiB
// SPDX-License-Identifier: GPL-2.0-or-later |
|
/* Module signature checker |
|
* |
|
* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. |
|
* Written by David Howells ([email protected]) |
|
*/ |
|
|
|
#include <linux/kernel.h> |
|
#include <linux/errno.h> |
|
#include <linux/module.h> |
|
#include <linux/module_signature.h> |
|
#include <linux/string.h> |
|
#include <linux/verification.h> |
|
#include <crypto/public_key.h> |
|
#include "module-internal.h" |
|
|
|
/* |
|
* Verify the signature on a module. |
|
*/ |
|
int mod_verify_sig(const void *mod, struct load_info *info) |
|
{ |
|
struct module_signature ms; |
|
size_t sig_len, modlen = info->len; |
|
int ret; |
|
|
|
pr_devel("==>%s(,%zu)\n", __func__, modlen); |
|
|
|
if (modlen <= sizeof(ms)) |
|
return -EBADMSG; |
|
|
|
memcpy(&ms, mod + (modlen - sizeof(ms)), sizeof(ms)); |
|
|
|
ret = mod_check_sig(&ms, modlen, "module"); |
|
if (ret) |
|
return ret; |
|
|
|
sig_len = be32_to_cpu(ms.sig_len); |
|
modlen -= sig_len + sizeof(ms); |
|
info->len = modlen; |
|
|
|
return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, |
|
VERIFY_USE_SECONDARY_KEYRING, |
|
VERIFYING_MODULE_SIGNATURE, |
|
NULL, NULL); |
|
}
|
|
|