18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later 28c2ecf20Sopenharmony_ci/* Module signature checker 38c2ecf20Sopenharmony_ci * 48c2ecf20Sopenharmony_ci * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. 58c2ecf20Sopenharmony_ci * Written by David Howells (dhowells@redhat.com) 68c2ecf20Sopenharmony_ci */ 78c2ecf20Sopenharmony_ci 88c2ecf20Sopenharmony_ci#include <linux/kernel.h> 98c2ecf20Sopenharmony_ci#include <linux/errno.h> 108c2ecf20Sopenharmony_ci#include <linux/module.h> 118c2ecf20Sopenharmony_ci#include <linux/module_signature.h> 128c2ecf20Sopenharmony_ci#include <linux/string.h> 138c2ecf20Sopenharmony_ci#include <linux/verification.h> 148c2ecf20Sopenharmony_ci#include <crypto/public_key.h> 158c2ecf20Sopenharmony_ci#include "module-internal.h" 168c2ecf20Sopenharmony_ci 178c2ecf20Sopenharmony_ci/* 188c2ecf20Sopenharmony_ci * Verify the signature on a module. 198c2ecf20Sopenharmony_ci */ 208c2ecf20Sopenharmony_ciint mod_verify_sig(const void *mod, struct load_info *info) 218c2ecf20Sopenharmony_ci{ 228c2ecf20Sopenharmony_ci struct module_signature ms; 238c2ecf20Sopenharmony_ci size_t sig_len, modlen = info->len; 248c2ecf20Sopenharmony_ci int ret; 258c2ecf20Sopenharmony_ci 268c2ecf20Sopenharmony_ci pr_devel("==>%s(,%zu)\n", __func__, modlen); 278c2ecf20Sopenharmony_ci 288c2ecf20Sopenharmony_ci if (modlen <= sizeof(ms)) 298c2ecf20Sopenharmony_ci return -EBADMSG; 308c2ecf20Sopenharmony_ci 318c2ecf20Sopenharmony_ci memcpy(&ms, mod + (modlen - sizeof(ms)), sizeof(ms)); 328c2ecf20Sopenharmony_ci 338c2ecf20Sopenharmony_ci ret = mod_check_sig(&ms, modlen, "module"); 348c2ecf20Sopenharmony_ci if (ret) 358c2ecf20Sopenharmony_ci return ret; 368c2ecf20Sopenharmony_ci 378c2ecf20Sopenharmony_ci sig_len = be32_to_cpu(ms.sig_len); 388c2ecf20Sopenharmony_ci modlen -= sig_len + sizeof(ms); 398c2ecf20Sopenharmony_ci info->len = modlen; 408c2ecf20Sopenharmony_ci 418c2ecf20Sopenharmony_ci return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, 428c2ecf20Sopenharmony_ci VERIFY_USE_SECONDARY_KEYRING, 438c2ecf20Sopenharmony_ci VERIFYING_MODULE_SIGNATURE, 448c2ecf20Sopenharmony_ci NULL, NULL); 458c2ecf20Sopenharmony_ci} 46