1 | /* SPDX-License-Identifier: GPL-2.0+ */ |
2 | /* |
3 | * Module signature handling. |
4 | * |
5 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. |
6 | * Written by David Howells (dhowells@redhat.com) |
7 | */ |
8 | |
9 | #ifndef _LINUX_MODULE_SIGNATURE_H |
10 | #define _LINUX_MODULE_SIGNATURE_H |
11 | |
12 | #include <linux/types.h> |
13 | |
14 | /* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ |
15 | #define MODULE_SIG_STRING "~Module signature appended~\n" |
16 | |
17 | enum pkey_id_type { |
18 | PKEY_ID_PGP, /* OpenPGP generated key ID */ |
19 | PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */ |
20 | PKEY_ID_PKCS7, /* Signature in PKCS#7 message */ |
21 | }; |
22 | |
23 | /* |
24 | * Module signature information block. |
25 | * |
26 | * The constituents of the signature section are, in order: |
27 | * |
28 | * - Signer's name |
29 | * - Key identifier |
30 | * - Signature data |
31 | * - Information block |
32 | */ |
33 | struct module_signature { |
34 | u8 algo; /* Public-key crypto algorithm [0] */ |
35 | u8 hash; /* Digest algorithm [0] */ |
36 | u8 id_type; /* Key identifier type [PKEY_ID_PKCS7] */ |
37 | u8 signer_len; /* Length of signer's name [0] */ |
38 | u8 key_id_len; /* Length of key identifier [0] */ |
39 | u8 __pad[3]; |
40 | __be32 sig_len; /* Length of signature data */ |
41 | }; |
42 | |
43 | int mod_check_sig(const struct module_signature *ms, size_t file_len, |
44 | const char *name); |
45 | |
46 | #endif /* _LINUX_MODULE_SIGNATURE_H */ |
47 | |