kernel/module_signature.c

   1 // SPDX-License-Identifier: GPL-2.0+
   2 /*
   3  * Module signature checker
   4  *
   5  * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
   6  * Written by David Howells (dhowells@redhat.com)
   7  */
   8
   9 #include <linux/errno.h>
  10 #include <linux/printk.h>
  11 #include <linux/module_signature.h>
  12 #include <asm/byteorder.h>
  13
  14 /**
  15  * mod_check_sig - check that the given signature is sane
  16  *
  17  * @ms:         Signature to check.
  18  * @file_len:   Size of the file to which @ms is appended.
  19  * @name:       What is being checked. Used for error messages.
  20  */
  21 int mod_check_sig(const struct module_signature *ms, size_t file_len,
  22                   const char *name)
  23 {
  24         if (be32_to_cpu(ms->sig_len) >= file_len - sizeof(*ms))
  25                 return -EBADMSG;
  26
  27         if (ms->id_type != PKEY_ID_PKCS7) {
  28                 pr_err("%s: Module is not signed with expected PKCS#7 message\n",
  29                        name);
  30                 return -ENOPKG;
  31         }
  32
  33         if (ms->algo != 0 ||
  34             ms->hash != 0 ||
  35             ms->signer_len != 0 ||
  36             ms->key_id_len != 0 ||
  37             ms->__pad[0] != 0 ||
  38             ms->__pad[1] != 0 ||
  39             ms->__pad[2] != 0) {
  40                 pr_err("%s: PKCS#7 signature info has unexpected non-zero params\n",
  41                        name);
  42                 return -EBADMSG;
  43         }
  44
  45         return 0;
  46 }