kernel/module_signing.c - linux - Git at Google

 // SPDX-License-Identifier: GPL-2.0-or-later
 /* Module signature checker
  *
  * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
  * Written by David Howells (dhowells@redhat.com)
  */

 #include <linux/kernel.h>
 #include <linux/errno.h>
 #include <linux/module.h>
 #include <linux/module_signature.h>
 #include <linux/string.h>
 #include <linux/verification.h>
 #include <crypto/public_key.h>
 #include "module-internal.h"

 /*
  * Verify the signature on a module.
  */
 int mod_verify_sig(const void *mod, struct load_info *info)
 {
 	struct module_signature ms;
 	size_t sig_len, modlen = info->len;
 	int ret;

 	pr_devel("==>%s(,%zu)\n", __func__, modlen);

 	if (modlen <= sizeof(ms))
 		return -EBADMSG;

 	memcpy(&ms, mod + (modlen - sizeof(ms)), sizeof(ms));

 	ret = mod_check_sig(&ms, modlen, info->name);
 	if (ret)
 		return ret;

 	sig_len = be32_to_cpu(ms.sig_len);
 	modlen -= sig_len + sizeof(ms);
 	info->len = modlen;

 	return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
 				      VERIFY_USE_SECONDARY_KEYRING,
 				      VERIFYING_MODULE_SIGNATURE,
 				      NULL, NULL);
 }
	// SPDX-License-Identifier: GPL-2.0-or-later
	/* Module signature checker
	*
	* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
	* Written by David Howells (dhowells@redhat.com)
	*/

	#include <linux/kernel.h>
	#include <linux/errno.h>
	#include <linux/module.h>
	#include <linux/module_signature.h>
	#include <linux/string.h>
	#include <linux/verification.h>
	#include <crypto/public_key.h>
	#include "module-internal.h"

	/*
	* Verify the signature on a module.
	*/
	int mod_verify_sig(const void mod, struct load_info info)
	{
	struct module_signature ms;
	size_t sig_len, modlen = info->len;
	int ret;

	pr_devel("==>%s(,%zu)\n", __func__, modlen);

	if (modlen <= sizeof(ms))
	return -EBADMSG;

	memcpy(&ms, mod + (modlen - sizeof(ms)), sizeof(ms));

	ret = mod_check_sig(&ms, modlen, info->name);
	if (ret)
	return ret;

	sig_len = be32_to_cpu(ms.sig_len);
	modlen -= sig_len + sizeof(ms);
	info->len = modlen;

	return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
	VERIFY_USE_SECONDARY_KEYRING,
	VERIFYING_MODULE_SIGNATURE,
	NULL, NULL);
	}