include/linux/module_signature.h

   1 /* SPDX-License-Identifier: GPL-2.0+ */
   2 /*
   3  * Module signature handling.
   4  *
   5  * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
   6  * Written by David Howells (dhowells@redhat.com)
   7  */
   8
   9 #ifndef _LINUX_MODULE_SIGNATURE_H
  10 #define _LINUX_MODULE_SIGNATURE_H
  11
  12 #include <linux/types.h>
  13
  14 /* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
  15 #define MODULE_SIG_STRING "~Module signature appended~\n"
  16
  17 enum pkey_id_type {
  18         PKEY_ID_PGP,            /* OpenPGP generated key ID */
  19         PKEY_ID_X509,           /* X.509 arbitrary subjectKeyIdentifier */
  20         PKEY_ID_PKCS7,          /* Signature in PKCS#7 message */
  21 };
  22
  23 /*
  24  * Module signature information block.
  25  *
  26  * The constituents of the signature section are, in order:
  27  *
  28  *      - Signer's name
  29  *      - Key identifier
  30  *      - Signature data
  31  *      - Information block
  32  */
  33 struct module_signature {
  34         u8      algo;           /* Public-key crypto algorithm [0] */
  35         u8      hash;           /* Digest algorithm [0] */
  36         u8      id_type;        /* Key identifier type [PKEY_ID_PKCS7] */
  37         u8      signer_len;     /* Length of signer's name [0] */
  38         u8      key_id_len;     /* Length of key identifier [0] */
  39         u8      __pad[3];
  40         __be32  sig_len;        /* Length of signature data */
  41 };
  42
  43 int mod_check_sig(const struct module_signature *ms, size_t file_len,
  44                   const char *name);
  45
  46 #endif /* _LINUX_MODULE_SIGNATURE_H */