1/* SPDX-License-Identifier: GPL-2.0+ */ 2/* 3 * Module signature handling. 4 * 5 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. 6 * Written by David Howells (dhowells@redhat.com) 7 */ 8 9#ifndef _LINUX_MODULE_SIGNATURE_H 10#define _LINUX_MODULE_SIGNATURE_H 11 12#include <linux/types.h> 13 14/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ 15#define MODULE_SIG_STRING "~Module signature appended~\n" 16 17enum pkey_id_type { 18 PKEY_ID_PGP, /* OpenPGP generated key ID */ 19 PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */ 20 PKEY_ID_PKCS7, /* Signature in PKCS#7 message */ 21}; 22 23/* 24 * Module signature information block. 25 * 26 * The constituents of the signature section are, in order: 27 * 28 * - Signer's name 29 * - Key identifier 30 * - Signature data 31 * - Information block 32 */ 33struct module_signature { 34 u8 algo; /* Public-key crypto algorithm [0] */ 35 u8 hash; /* Digest algorithm [0] */ 36 u8 id_type; /* Key identifier type [PKEY_ID_PKCS7] */ 37 u8 signer_len; /* Length of signer's name [0] */ 38 u8 key_id_len; /* Length of key identifier [0] */ 39 u8 __pad[3]; 40 __be32 sig_len; /* Length of signature data */ 41}; 42 43int mod_check_sig(const struct module_signature *ms, size_t file_len, 44 const char *name); 45 46#endif /* _LINUX_MODULE_SIGNATURE_H */ 47