• David Howells's avatar
    MODSIGN: Implement module signature checking · 48ba2462
    David Howells authored
    Check the signature on the module against the keys compiled into the kernel or
    available in a hardware key store.
    
    Currently, only RSA keys are supported - though that's easy enough to change,
    and the signature is expected to contain raw components (so not a PGP or
    PKCS#7 formatted blob).
    
    The signature blob is expected to consist of the following pieces in order:
    
     (1) The binary identifier for the key.  This is expected to match the
         SubjectKeyIdentifier from an X.509 certificate.  Only X.509 type
         identifiers are currently supported.
    
     (2) The signature data, consisting of a series of MPIs in which each is in
         the format of a 2-byte BE word sizes followed by the content data.
    
     (3) A 12 byte information block of the form:
    
    	struct module_signature {
    		enum pkey_algo		algo : 8;
    		enum pkey_hash_algo	hash : 8;
    		enum pkey_id_type	id_type : 8;
    		u8			__pad;
    		__be32			id_length;
    		__be32			sig_length;
    	};
    
         The three enums are defined in crypto/public_key.h.
    
         'algo' contains the public-key algorithm identifier (0->DSA, 1->RSA).
    
         'hash' contains the digest algorithm identifier (0->MD4, 1->MD5, 2->SHA1,
          etc.).
    
         'id_type' contains the public-key identifier type (0->PGP, 1->X.509).
    
         '__pad' should be 0.
    
         'id_length' should contain in the binary identifier length in BE form.
    
         'sig_length' should contain in the signature data length in BE form.
    
         The lengths are in BE order rather than CPU order to make dealing with
         cross-compilation easier.
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (minor Kconfig fix)
    48ba2462
module_signing.c 5.78 KB