security/integrity/digsig.c

   1 /*
   2  * Copyright (C) 2011 Intel Corporation
   3  *
   4  * Author:
   5  * Dmitry Kasatkin <dmitry.kasatkin@intel.com>
   6  *
   7  * This program is free software; you can redistribute it and/or modify
   8  * it under the terms of the GNU General Public License as published by
   9  * the Free Software Foundation, version 2 of the License.
  10  *
  11  */
  12
  13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  14
  15 #include <linux/err.h>
  16 #include <linux/rbtree.h>
  17 #include <linux/key-type.h>
  18 #include <linux/digsig.h>
  19
  20 #include "integrity.h"
  21
  22 static struct key *keyring[INTEGRITY_KEYRING_MAX];
  23
  24 static const char *keyring_name[INTEGRITY_KEYRING_MAX] = {
  25         "_evm",
  26         "_module",
  27         "_ima",
  28 };
  29
  30 int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
  31                             const char *digest, int digestlen)
  32 {
  33         if (id >= INTEGRITY_KEYRING_MAX)
  34                 return -EINVAL;
  35
  36         if (!keyring[id]) {
  37                 keyring[id] =
  38                         request_key(&key_type_keyring, keyring_name[id], NULL);
  39                 if (IS_ERR(keyring[id])) {
  40                         int err = PTR_ERR(keyring[id]);
  41                         pr_err("no %s keyring: %d\n", keyring_name[id], err);
  42                         keyring[id] = NULL;
  43                         return err;
  44                 }
  45         }
  46
  47         switch (sig[1]) {
  48         case 1:
  49                 /* v1 API expect signature without xattr type */
  50                 return digsig_verify(keyring[id], sig + 1, siglen - 1,
  51                                      digest, digestlen);
  52         case 2:
  53                 return asymmetric_verify(keyring[id], sig, siglen,
  54                                          digest, digestlen);
  55         }
  56
  57         return -EOPNOTSUPP;
  58 }