/* SPDX-License-Identifier: GPL-2.0+ */ /* * Module signature handling. * * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) */ #ifndef _LINUX_MODULE_SIGNATURE_H #define _LINUX_MODULE_SIGNATURE_H #include <linux/types.h> /* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ #define MODULE_SIG_STRING "~Module signature appended~\n" enum pkey_id_type { PKEY_ID_PGP, /* OpenPGP generated key ID */ PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */ PKEY_ID_PKCS7, /* Signature in PKCS#7 message */ }; /* * Module signature information block. * * The constituents of the signature section are, in order: * * - Signer's name * - Key identifier * - Signature data * - Information block */ struct module_signature { u8 algo; /* Public-key crypto algorithm [0] */ u8 hash; /* Digest algorithm [0] */ u8 id_type; /* Key identifier type [PKEY_ID_PKCS7] */ u8 signer_len; /* Length of signer's name [0] */ u8 key_id_len; /* Length of key identifier [0] */ u8 __pad[3]; __be32 sig_len; /* Length of signature data */ }; int mod_check_sig(const struct module_signature *ms, size_t file_len, const char *name); #endif /* _LINUX_MODULE_SIGNATURE_H */