xref: /linux/kernel/module_signature.c (revision ec2a2959) 
1c8424e77SThiago Jung Bauermann // SPDX-License-Identifier: GPL-2.0+
2c8424e77SThiago Jung Bauermann /*
3c8424e77SThiago Jung Bauermann  * Module signature checker
4c8424e77SThiago Jung Bauermann  *
5c8424e77SThiago Jung Bauermann  * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
6c8424e77SThiago Jung Bauermann  * Written by David Howells (dhowells@redhat.com)
7c8424e77SThiago Jung Bauermann  */
8c8424e77SThiago Jung Bauermann 
9c8424e77SThiago Jung Bauermann #include <linux/errno.h>
10c8424e77SThiago Jung Bauermann #include <linux/printk.h>
11c8424e77SThiago Jung Bauermann #include <linux/module_signature.h>
12c8424e77SThiago Jung Bauermann #include <asm/byteorder.h>
13c8424e77SThiago Jung Bauermann 
14c8424e77SThiago Jung Bauermann /**
15c8424e77SThiago Jung Bauermann  * mod_check_sig - check that the given signature is sane
16c8424e77SThiago Jung Bauermann  *
17c8424e77SThiago Jung Bauermann  * @ms:		Signature to check.
18c8424e77SThiago Jung Bauermann  * @file_len:	Size of the file to which @ms is appended.
19c8424e77SThiago Jung Bauermann  * @name:	What is being checked. Used for error messages.
20c8424e77SThiago Jung Bauermann  */
mod_check_sig(const struct module_signature * ms,size_t file_len,const char * name)21c8424e77SThiago Jung Bauermann int mod_check_sig(const struct module_signature *ms, size_t file_len,
22c8424e77SThiago Jung Bauermann 		  const char *name)
23c8424e77SThiago Jung Bauermann {
24c8424e77SThiago Jung Bauermann 	if (be32_to_cpu(ms->sig_len) >= file_len - sizeof(*ms))
25c8424e77SThiago Jung Bauermann 		return -EBADMSG;
26c8424e77SThiago Jung Bauermann 
27c8424e77SThiago Jung Bauermann 	if (ms->id_type != PKEY_ID_PKCS7) {
28*ec2a2959SFrank van der Linden 		pr_err("%s: not signed with expected PKCS#7 message\n",
29c8424e77SThiago Jung Bauermann 		       name);
30c8424e77SThiago Jung Bauermann 		return -ENOPKG;
31c8424e77SThiago Jung Bauermann 	}
32c8424e77SThiago Jung Bauermann 
33c8424e77SThiago Jung Bauermann 	if (ms->algo != 0 ||
34c8424e77SThiago Jung Bauermann 	    ms->hash != 0 ||
35c8424e77SThiago Jung Bauermann 	    ms->signer_len != 0 ||
36c8424e77SThiago Jung Bauermann 	    ms->key_id_len != 0 ||
37c8424e77SThiago Jung Bauermann 	    ms->__pad[0] != 0 ||
38c8424e77SThiago Jung Bauermann 	    ms->__pad[1] != 0 ||
39c8424e77SThiago Jung Bauermann 	    ms->__pad[2] != 0) {
40c8424e77SThiago Jung Bauermann 		pr_err("%s: PKCS#7 signature info has unexpected non-zero params\n",
41c8424e77SThiago Jung Bauermann 		       name);
42c8424e77SThiago Jung Bauermann 		return -EBADMSG;
43c8424e77SThiago Jung Bauermann 	}
44c8424e77SThiago Jung Bauermann 
45c8424e77SThiago Jung Bauermann 	return 0;
46c8424e77SThiago Jung Bauermann }
47