1c8424e77SThiago Jung Bauermann // SPDX-License-Identifier: GPL-2.0+ 2c8424e77SThiago Jung Bauermann /* 3c8424e77SThiago Jung Bauermann * Module signature checker 4c8424e77SThiago Jung Bauermann * 5c8424e77SThiago Jung Bauermann * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. 6c8424e77SThiago Jung Bauermann * Written by David Howells (dhowells@redhat.com) 7c8424e77SThiago Jung Bauermann */ 8c8424e77SThiago Jung Bauermann 9c8424e77SThiago Jung Bauermann #include <linux/errno.h> 10c8424e77SThiago Jung Bauermann #include <linux/printk.h> 11c8424e77SThiago Jung Bauermann #include <linux/module_signature.h> 12c8424e77SThiago Jung Bauermann #include <asm/byteorder.h> 13c8424e77SThiago Jung Bauermann 14c8424e77SThiago Jung Bauermann /** 15c8424e77SThiago Jung Bauermann * mod_check_sig - check that the given signature is sane 16c8424e77SThiago Jung Bauermann * 17c8424e77SThiago Jung Bauermann * @ms: Signature to check. 18c8424e77SThiago Jung Bauermann * @file_len: Size of the file to which @ms is appended. 19c8424e77SThiago Jung Bauermann * @name: What is being checked. Used for error messages. 20c8424e77SThiago Jung Bauermann */ mod_check_sig(const struct module_signature * ms,size_t file_len,const char * name)21c8424e77SThiago Jung Bauermannint mod_check_sig(const struct module_signature *ms, size_t file_len, 22c8424e77SThiago Jung Bauermann const char *name) 23c8424e77SThiago Jung Bauermann { 24c8424e77SThiago Jung Bauermann if (be32_to_cpu(ms->sig_len) >= file_len - sizeof(*ms)) 25c8424e77SThiago Jung Bauermann return -EBADMSG; 26c8424e77SThiago Jung Bauermann 27c8424e77SThiago Jung Bauermann if (ms->id_type != PKEY_ID_PKCS7) { 28*ec2a2959SFrank van der Linden pr_err("%s: not signed with expected PKCS#7 message\n", 29c8424e77SThiago Jung Bauermann name); 30c8424e77SThiago Jung Bauermann return -ENOPKG; 31c8424e77SThiago Jung Bauermann } 32c8424e77SThiago Jung Bauermann 33c8424e77SThiago Jung Bauermann if (ms->algo != 0 || 34c8424e77SThiago Jung Bauermann ms->hash != 0 || 35c8424e77SThiago Jung Bauermann ms->signer_len != 0 || 36c8424e77SThiago Jung Bauermann ms->key_id_len != 0 || 37c8424e77SThiago Jung Bauermann ms->__pad[0] != 0 || 38c8424e77SThiago Jung Bauermann ms->__pad[1] != 0 || 39c8424e77SThiago Jung Bauermann ms->__pad[2] != 0) { 40c8424e77SThiago Jung Bauermann pr_err("%s: PKCS#7 signature info has unexpected non-zero params\n", 41c8424e77SThiago Jung Bauermann name); 42c8424e77SThiago Jung Bauermann return -EBADMSG; 43c8424e77SThiago Jung Bauermann } 44c8424e77SThiago Jung Bauermann 45c8424e77SThiago Jung Bauermann return 0; 46c8424e77SThiago Jung Bauermann } 47