xref: /openbmc/linux/kernel/module_signature.c (revision b9df3997)
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  * Module signature checker
4  *
5  * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
6  * Written by David Howells (dhowells@redhat.com)
7  */
8 
9 #include <linux/errno.h>
10 #include <linux/printk.h>
11 #include <linux/module_signature.h>
12 #include <asm/byteorder.h>
13 
14 /**
15  * mod_check_sig - check that the given signature is sane
16  *
17  * @ms:		Signature to check.
18  * @file_len:	Size of the file to which @ms is appended.
19  * @name:	What is being checked. Used for error messages.
20  */
21 int mod_check_sig(const struct module_signature *ms, size_t file_len,
22 		  const char *name)
23 {
24 	if (be32_to_cpu(ms->sig_len) >= file_len - sizeof(*ms))
25 		return -EBADMSG;
26 
27 	if (ms->id_type != PKEY_ID_PKCS7) {
28 		pr_err("%s: Module is not signed with expected PKCS#7 message\n",
29 		       name);
30 		return -ENOPKG;
31 	}
32 
33 	if (ms->algo != 0 ||
34 	    ms->hash != 0 ||
35 	    ms->signer_len != 0 ||
36 	    ms->key_id_len != 0 ||
37 	    ms->__pad[0] != 0 ||
38 	    ms->__pad[1] != 0 ||
39 	    ms->__pad[2] != 0) {
40 		pr_err("%s: PKCS#7 signature info has unexpected non-zero params\n",
41 		       name);
42 		return -EBADMSG;
43 	}
44 
45 	return 0;
46 }
47