summaryrefslogtreecommitdiffstats
path: root/kernel/module/signing.c
diff options
context:
space:
mode:
authorAaron Tomlin <atomlin@redhat.com>2022-03-22 15:03:31 +0100
committerLuis Chamberlain <mcgrof@kernel.org>2022-04-04 21:57:54 +0200
commitcfc1d277891eb499b3b5354df33b30f598683e90 (patch)
tree18ab4d95c01c03aecb020d1458854871a649fba3 /kernel/module/signing.c
parentLinux 5.18-rc1 (diff)
downloadlinux-cfc1d277891eb499b3b5354df33b30f598683e90.tar.xz
linux-cfc1d277891eb499b3b5354df33b30f598683e90.zip
module: Move all into module/
No functional changes. This patch moves all module related code into a separate directory, modifies each file name and creates a new Makefile. Note: this effort is in preparation to refactor core module code. Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu> Signed-off-by: Aaron Tomlin <atomlin@redhat.com> Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
Diffstat (limited to 'kernel/module/signing.c')
-rw-r--r--kernel/module/signing.c45
1 files changed, 45 insertions, 0 deletions
diff --git a/kernel/module/signing.c b/kernel/module/signing.c
new file mode 100644
index 000000000000..8aeb6d2ee94b
--- /dev/null
+++ b/kernel/module/signing.c
@@ -0,0 +1,45 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/* Module signature checker
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ */
+
+#include <linux/kernel.h>
+#include <linux/errno.h>
+#include <linux/module.h>
+#include <linux/module_signature.h>
+#include <linux/string.h>
+#include <linux/verification.h>
+#include <crypto/public_key.h>
+#include "internal.h"
+
+/*
+ * Verify the signature on a module.
+ */
+int mod_verify_sig(const void *mod, struct load_info *info)
+{
+ struct module_signature ms;
+ size_t sig_len, modlen = info->len;
+ int ret;
+
+ pr_devel("==>%s(,%zu)\n", __func__, modlen);
+
+ if (modlen <= sizeof(ms))
+ return -EBADMSG;
+
+ memcpy(&ms, mod + (modlen - sizeof(ms)), sizeof(ms));
+
+ ret = mod_check_sig(&ms, modlen, "module");
+ if (ret)
+ return ret;
+
+ sig_len = be32_to_cpu(ms.sig_len);
+ modlen -= sig_len + sizeof(ms);
+ info->len = modlen;
+
+ return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
+ VERIFY_USE_SECONDARY_KEYRING,
+ VERIFYING_MODULE_SIGNATURE,
+ NULL, NULL);
+}