1 /* SPDX-License-Identifier: GPL-2.0+ */
2 /*
3  * Module signature handling.
4  *
5  * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
6  * Written by David Howells (dhowells@redhat.com)
7  */
8 
9 #ifndef _LINUX_MODULE_SIGNATURE_H
10 #define _LINUX_MODULE_SIGNATURE_H
11 
12 #include <linux/types.h>
13 
14 /* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
15 #define MODULE_SIG_STRING "~Module signature appended~\n"
16 
17 enum pkey_id_type {
18 	PKEY_ID_PGP,		/* OpenPGP generated key ID */
19 	PKEY_ID_X509,		/* X.509 arbitrary subjectKeyIdentifier */
20 	PKEY_ID_PKCS7,		/* Signature in PKCS#7 message */
21 };
22 
23 /*
24  * Module signature information block.
25  *
26  * The constituents of the signature section are, in order:
27  *
28  *	- Signer's name
29  *	- Key identifier
30  *	- Signature data
31  *	- Information block
32  */
33 struct module_signature {
34 	u8	algo;		/* Public-key crypto algorithm [0] */
35 	u8	hash;		/* Digest algorithm [0] */
36 	u8	id_type;	/* Key identifier type [PKEY_ID_PKCS7] */
37 	u8	signer_len;	/* Length of signer's name [0] */
38 	u8	key_id_len;	/* Length of key identifier [0] */
39 	u8	__pad[3];
40 	__be32	sig_len;	/* Length of signature data */
41 };
42 
43 int mod_check_sig(const struct module_signature *ms, size_t file_len,
44 		  const char *name);
45 
46 #endif /* _LINUX_MODULE_SIGNATURE_H */
47