xref: /openbmc/linux/security/integrity/digsig.c (revision e23feb16)
1 /*
2  * Copyright (C) 2011 Intel Corporation
3  *
4  * Author:
5  * Dmitry Kasatkin <dmitry.kasatkin@intel.com>
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation, version 2 of the License.
10  *
11  */
12 
13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14 
15 #include <linux/err.h>
16 #include <linux/rbtree.h>
17 #include <linux/key-type.h>
18 #include <linux/digsig.h>
19 
20 #include "integrity.h"
21 
22 static struct key *keyring[INTEGRITY_KEYRING_MAX];
23 
24 static const char *keyring_name[INTEGRITY_KEYRING_MAX] = {
25 	"_evm",
26 	"_module",
27 	"_ima",
28 };
29 
30 int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
31 					const char *digest, int digestlen)
32 {
33 	if (id >= INTEGRITY_KEYRING_MAX)
34 		return -EINVAL;
35 
36 	if (!keyring[id]) {
37 		keyring[id] =
38 			request_key(&key_type_keyring, keyring_name[id], NULL);
39 		if (IS_ERR(keyring[id])) {
40 			int err = PTR_ERR(keyring[id]);
41 			pr_err("no %s keyring: %d\n", keyring_name[id], err);
42 			keyring[id] = NULL;
43 			return err;
44 		}
45 	}
46 
47 	switch (sig[0]) {
48 	case 1:
49 		return digsig_verify(keyring[id], sig, siglen,
50 				     digest, digestlen);
51 	case 2:
52 		return asymmetric_verify(keyring[id], sig, siglen,
53 					 digest, digestlen);
54 	}
55 
56 	return -EOPNOTSUPP;
57 }
58