1 /* SPDX-License-Identifier: GPL-2.0+ */
2 /*
3 * Module signature handling.
4 *
5 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
6 * Written by David Howells (dhowells@redhat.com)
7 */
8
9 #ifndef _LINUX_MODULE_SIGNATURE_H
10 #define _LINUX_MODULE_SIGNATURE_H
11
12 #include <linux/types.h>
13
14 /* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
15 #define MODULE_SIG_STRING "~Module signature appended~\n"
16
17 enum pkey_id_type {
18 PKEY_ID_PGP, /* OpenPGP generated key ID */
19 PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */
20 PKEY_ID_PKCS7, /* Signature in PKCS#7 message */
21 };
22
23 /*
24 * Module signature information block.
25 *
26 * The constituents of the signature section are, in order:
27 *
28 * - Signer's name
29 * - Key identifier
30 * - Signature data
31 * - Information block
32 */
33 struct module_signature {
34 u8 algo; /* Public-key crypto algorithm [0] */
35 u8 hash; /* Digest algorithm [0] */
36 u8 id_type; /* Key identifier type [PKEY_ID_PKCS7] */
37 u8 signer_len; /* Length of signer's name [0] */
38 u8 key_id_len; /* Length of key identifier [0] */
39 u8 __pad[3];
40 __be32 sig_len; /* Length of signature data */
41 };
42
43 int mod_check_sig(const struct module_signature *ms, size_t file_len,
44 const char *name);
45
46 #endif /* _LINUX_MODULE_SIGNATURE_H */