1 /* 2 * Copyright (C) 2011 Intel Corporation 3 * 4 * Author: 5 * Dmitry Kasatkin <dmitry.kasatkin@intel.com> 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation, version 2 of the License. 10 * 11 */ 12 13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 14 15 #include <linux/err.h> 16 #include <linux/rbtree.h> 17 #include <linux/key-type.h> 18 #include <linux/digsig.h> 19 20 #include "integrity.h" 21 22 static struct key *keyring[INTEGRITY_KEYRING_MAX]; 23 24 static const char *keyring_name[INTEGRITY_KEYRING_MAX] = { 25 "_evm", 26 "_module", 27 "_ima", 28 }; 29 30 int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, 31 const char *digest, int digestlen) 32 { 33 if (id >= INTEGRITY_KEYRING_MAX) 34 return -EINVAL; 35 36 if (!keyring[id]) { 37 keyring[id] = 38 request_key(&key_type_keyring, keyring_name[id], NULL); 39 if (IS_ERR(keyring[id])) { 40 int err = PTR_ERR(keyring[id]); 41 pr_err("no %s keyring: %d\n", keyring_name[id], err); 42 keyring[id] = NULL; 43 return err; 44 } 45 } 46 47 switch (sig[0]) { 48 case 1: 49 return digsig_verify(keyring[id], sig, siglen, 50 digest, digestlen); 51 case 2: 52 return asymmetric_verify(keyring[id], sig, siglen, 53 digest, digestlen); 54 } 55 56 return -EOPNOTSUPP; 57 } 58