Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / kmod / 0c0a6fa1171a2f7ab7edc77be557614e48f1a9f7 / . / libkmod / libkmod-signature.c
blob: e6a9ea497509a6ec873dc0484066a5359a91c74c [file] [log] [blame]
Michal Marek8fe16812013-01-16 09:52:01 +0100[diff] [blame]1/*
2 * libkmod - module signature display
3 *
4 * Copyright (C) 2013 Michal Marek, SUSE
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
Lucas De Marchidea2dfe2014-12-25 23:32:03 -0200[diff] [blame]17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
Michal Marek8fe16812013-01-16 09:52:01 +0100[diff] [blame]18 */
19
Lucas De Marchib18979b2014-10-03 02:03:55 -0300[diff] [blame]20#include <inttypes.h>
Lucas De Marchic2e42862014-10-03 01:41:42 -0300[diff] [blame]21#include <stdio.h>
Michal Marek8fe16812013-01-16 09:52:01 +0100[diff] [blame]22#include <stdlib.h>
23#include <string.h>
Michal Marek8fe16812013-01-16 09:52:01 +0100[diff] [blame]24
Lucas De Marchi8b7189b2014-10-02 22:08:47 -0300[diff] [blame]25#include <shared/missing.h>
Lucas De Marchi96573a02014-10-03 00:01:35 -0300[diff] [blame]26#include <shared/util.h>
Lucas De Marchi8b7189b2014-10-02 22:08:47 -0300[diff] [blame]27
Lucas De Marchi83b855a2013-07-04 16:13:11 -0300[diff] [blame]28#include "libkmod-internal.h"
Michal Marek8fe16812013-01-16 09:52:01 +0100[diff] [blame]29
30/* These types and tables were copied from the 3.7 kernel sources.
31 * As this is just description of the signature format, it should not be
32 * considered derived work (so libkmod can use the LGPL license).
33 */
34enum pkey_algo {
35 PKEY_ALGO_DSA,
36 PKEY_ALGO_RSA,
37 PKEY_ALGO__LAST
38};
39
40static const char *const pkey_algo[PKEY_ALGO__LAST] = {
41 [PKEY_ALGO_DSA] = "DSA",
42 [PKEY_ALGO_RSA] = "RSA",
43};
44
45enum pkey_hash_algo {
46 PKEY_HASH_MD4,
47 PKEY_HASH_MD5,
48 PKEY_HASH_SHA1,
49 PKEY_HASH_RIPE_MD_160,
50 PKEY_HASH_SHA256,
51 PKEY_HASH_SHA384,
52 PKEY_HASH_SHA512,
53 PKEY_HASH_SHA224,
54 PKEY_HASH__LAST
55};
56
57const char *const pkey_hash_algo[PKEY_HASH__LAST] = {
58 [PKEY_HASH_MD4] = "md4",
59 [PKEY_HASH_MD5] = "md5",
60 [PKEY_HASH_SHA1] = "sha1",
61 [PKEY_HASH_RIPE_MD_160] = "rmd160",
62 [PKEY_HASH_SHA256] = "sha256",
63 [PKEY_HASH_SHA384] = "sha384",
64 [PKEY_HASH_SHA512] = "sha512",
65 [PKEY_HASH_SHA224] = "sha224",
66};
67
68enum pkey_id_type {
69 PKEY_ID_PGP, /* OpenPGP generated key ID */
70 PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */
Lucas De Marchi75f45d92016-06-05 00:00:57 -0300[diff] [blame]71 PKEY_ID_PKCS7, /* Signature in PKCS#7 message */
Michal Marek8fe16812013-01-16 09:52:01 +0100[diff] [blame]72 PKEY_ID_TYPE__LAST
73};
74
75const char *const pkey_id_type[PKEY_ID_TYPE__LAST] = {
76 [PKEY_ID_PGP] = "PGP",
77 [PKEY_ID_X509] = "X509",
Lucas De Marchi75f45d92016-06-05 00:00:57 -0300[diff] [blame]78 [PKEY_ID_PKCS7] = "PKCS#7",
Michal Marek8fe16812013-01-16 09:52:01 +0100[diff] [blame]79};
80
81/*
82 * Module signature information block.
Michal Marek8fe16812013-01-16 09:52:01 +0100[diff] [blame]83 */
84struct module_signature {
85 uint8_t algo; /* Public-key crypto algorithm [enum pkey_algo] */
86 uint8_t hash; /* Digest algorithm [enum pkey_hash_algo] */
87 uint8_t id_type; /* Key identifier type [enum pkey_id_type] */
88 uint8_t signer_len; /* Length of signer's name */
89 uint8_t key_id_len; /* Length of key identifier */
90 uint8_t __pad[3];
91 uint32_t sig_len; /* Length of signature data (big endian) */
92};
93
94#define SIG_MAGIC "~Module signature appended~\n"
95
Lucas De Marchi885e90b2015-02-18 16:47:14 -0200[diff] [blame]96/*
97 * A signed module has the following layout:
98 *
99 * [ module ]
100 * [ signer's name ]
101 * [ key identifier ]
102 * [ signature data ]
103 * [ struct module_signature ]
104 * [ SIG_MAGIC ]
105 */
106
Michal Marek8fe16812013-01-16 09:52:01 +0100[diff] [blame]107bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signature_info *sig_info)
108{
109 const char *mem;
110 off_t size;
111 const struct module_signature *modsig;
112 size_t sig_len;
113
114
115 size = kmod_file_get_size(file);
116 mem = kmod_file_get_contents(file);
117 if (size < (off_t)strlen(SIG_MAGIC))
118 return false;
119 size -= strlen(SIG_MAGIC);
120 if (memcmp(SIG_MAGIC, mem + size, strlen(SIG_MAGIC)) != 0)
121 return false;
122
123 if (size < (off_t)sizeof(struct module_signature))
124 return false;
125 size -= sizeof(struct module_signature);
126 modsig = (struct module_signature *)(mem + size);
127 if (modsig->algo >= PKEY_ALGO__LAST ||
128 modsig->hash >= PKEY_HASH__LAST ||
129 modsig->id_type >= PKEY_ID_TYPE__LAST)
130 return false;
Lucas De Marchif87dc572014-03-24 14:33:50 -0300[diff] [blame]131 sig_len = be32toh(get_unaligned(&modsig->sig_len));
Lucas De Marchidcbe1842015-02-18 16:15:45 -0200[diff] [blame]132 if (sig_len == 0 ||
133 size < (int64_t)(modsig->signer_len + modsig->key_id_len + sig_len))
Michal Marek8fe16812013-01-16 09:52:01 +0100[diff] [blame]134 return false;
135
136 size -= modsig->key_id_len + sig_len;
137 sig_info->key_id = mem + size;
138 sig_info->key_id_len = modsig->key_id_len;
139
140 size -= modsig->signer_len;
141 sig_info->signer = mem + size;
142 sig_info->signer_len = modsig->signer_len;
143
144 sig_info->algo = pkey_algo[modsig->algo];
145 sig_info->hash_algo = pkey_hash_algo[modsig->hash];
146 sig_info->id_type = pkey_id_type[modsig->id_type];
147
148 return true;
149}