Página inicial Explorar Ajuda
Registrar Entrar
phyus
/
linux-vybrid_public
8
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Tree: 34ef7bd382
Branches Tags
linux-vybrid_pu...
/
security
/
integrity
/
digsig.c

digsig.c 1.3 KB
Histórico Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758 
  1. /*
    2. 

  2.  * Copyright (C) 2011 Intel Corporation
    3. 

  3.  *
    4. 

  4.  * Author:
    5. 

  5.  * Dmitry Kasatkin <dmitry.kasatkin@intel.com>
    6. 

  6.  *
    7. 

  7.  * This program is free software; you can redistribute it and/or modify
    8. 

  8.  * it under the terms of the GNU General Public License as published by
    9. 

  9.  * the Free Software Foundation, version 2 of the License.
    10. 

  10.  *
    11. 

  11.  */
    12. 

  12. 

  13. #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
    14. 

  14. 

  15. #include <linux/err.h>
    16. 

  16. #include <linux/rbtree.h>
    17. 

  17. #include <linux/key-type.h>
    18. 

  18. #include <linux/digsig.h>
    19. 

  19. 

  20. #include "integrity.h"
    21. 

  21. 

  22. static struct key *keyring[INTEGRITY_KEYRING_MAX];
    23. 

  23. 

  24. static const char *keyring_name[INTEGRITY_KEYRING_MAX] = {
    25. 

  25. 	"_evm",
    26. 

  26. 	"_module",
    27. 

  27. 	"_ima",
    28. 

  28. };
    29. 

  29. 

  30. int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
    31. 

  31. 			    const char *digest, int digestlen)
    32. 

  32. {
    33. 

  33. 	if (id >= INTEGRITY_KEYRING_MAX)
    34. 

  34. 		return -EINVAL;
    35. 

  35. 

  36. 	if (!keyring[id]) {
    37. 

  37. 		keyring[id] =
    38. 

  38. 			request_key(&key_type_keyring, keyring_name[id], NULL);
    39. 

  39. 		if (IS_ERR(keyring[id])) {
    40. 

  40. 			int err = PTR_ERR(keyring[id]);
    41. 

  41. 			pr_err("no %s keyring: %d\n", keyring_name[id], err);
    42. 

  42. 			keyring[id] = NULL;
    43. 

  43. 			return err;
    44. 

  44. 		}
    45. 

  45. 	}
    46. 

  46. 

  47. 	switch (sig[1]) {
    48. 

  48. 	case 1:
    49. 

  49. 		/* v1 API expect signature without xattr type */
    50. 

  50. 		return digsig_verify(keyring[id], sig + 1, siglen - 1,
    51. 

  51. 				     digest, digestlen);
    52. 

  52. 	case 2:
    53. 

  53. 		return asymmetric_verify(keyring[id], sig, siglen,
    54. 

  54. 					 digest, digestlen);
    55. 

  55. 	}
    56. 

  56. 

  57. 	return -EOPNOTSUPP;
    58. 

  58. }
    59.