Home | History | Annotate | Download | only in libkmod 
      1 /*
      2  * libkmod - module signature display
      3  *
      4  * Copyright (C) 2013 Michal Marek, SUSE
      5  *
      6  * This library is free software; you can redistribute it and/or
      7  * modify it under the terms of the GNU Lesser General Public
      8  * License as published by the Free Software Foundation; either
      9  * version 2.1 of the License, or (at your option) any later version.
     10  *
     11  * This library is distributed in the hope that it will be useful,
     12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
     13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     14  * Lesser General Public License for more details.
     15  *
     16  * You should have received a copy of the GNU Lesser General Public
     17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
     18  */
     19 
     20 #include <inttypes.h>
     21 #include <stdio.h>
     22 #include <stdlib.h>
     23 #include <string.h>
     24 
     25 #include <shared/missing.h>
     26 #include <shared/util.h>
     27 
     28 #include "libkmod-internal.h"
     29 
     30 /* These types and tables were copied from the 3.7 kernel sources.
     31  * As this is just description of the signature format, it should not be
     32  * considered derived work (so libkmod can use the LGPL license).
     33  */
     34 enum pkey_algo {
     35 	PKEY_ALGO_DSA,
     36 	PKEY_ALGO_RSA,
     37 	PKEY_ALGO__LAST
     38 };
     39 
     40 static const char *const pkey_algo[PKEY_ALGO__LAST] = {
     41 	[PKEY_ALGO_DSA]		= "DSA",
     42 	[PKEY_ALGO_RSA]		= "RSA",
     43 };
     44 
     45 enum pkey_hash_algo {
     46 	PKEY_HASH_MD4,
     47 	PKEY_HASH_MD5,
     48 	PKEY_HASH_SHA1,
     49 	PKEY_HASH_RIPE_MD_160,
     50 	PKEY_HASH_SHA256,
     51 	PKEY_HASH_SHA384,
     52 	PKEY_HASH_SHA512,
     53 	PKEY_HASH_SHA224,
     54 	PKEY_HASH__LAST
     55 };
     56 
     57 const char *const pkey_hash_algo[PKEY_HASH__LAST] = {
     58 	[PKEY_HASH_MD4]		= "md4",
     59 	[PKEY_HASH_MD5]		= "md5",
     60 	[PKEY_HASH_SHA1]	= "sha1",
     61 	[PKEY_HASH_RIPE_MD_160]	= "rmd160",
     62 	[PKEY_HASH_SHA256]	= "sha256",
     63 	[PKEY_HASH_SHA384]	= "sha384",
     64 	[PKEY_HASH_SHA512]	= "sha512",
     65 	[PKEY_HASH_SHA224]	= "sha224",
     66 };
     67 
     68 enum pkey_id_type {
     69 	PKEY_ID_PGP,		/* OpenPGP generated key ID */
     70 	PKEY_ID_X509,		/* X.509 arbitrary subjectKeyIdentifier */
     71 	PKEY_ID_PKCS7,		/* Signature in PKCS#7 message */
     72 	PKEY_ID_TYPE__LAST
     73 };
     74 
     75 const char *const pkey_id_type[PKEY_ID_TYPE__LAST] = {
     76 	[PKEY_ID_PGP]		= "PGP",
     77 	[PKEY_ID_X509]		= "X509",
     78 	[PKEY_ID_PKCS7]		= "PKCS#7",
     79 };
     80 
     81 /*
     82  * Module signature information block.
     83  */
     84 struct module_signature {
     85 	uint8_t algo;        /* Public-key crypto algorithm [enum pkey_algo] */
     86 	uint8_t hash;        /* Digest algorithm [enum pkey_hash_algo] */
     87 	uint8_t id_type;     /* Key identifier type [enum pkey_id_type] */
     88 	uint8_t signer_len;  /* Length of signer's name */
     89 	uint8_t key_id_len;  /* Length of key identifier */
     90 	uint8_t __pad[3];
     91 	uint32_t sig_len;    /* Length of signature data (big endian) */
     92 };
     93 
     94 #define SIG_MAGIC "~Module signature appended~\n"
     95 
     96 /*
     97  * A signed module has the following layout:
     98  *
     99  * [ module                  ]
    100  * [ signer's name           ]
    101  * [ key identifier          ]
    102  * [ signature data          ]
    103  * [ struct module_signature ]
    104  * [ SIG_MAGIC               ]
    105  */
    106 
    107 bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signature_info *sig_info)
    108 {
    109 	const char *mem;
    110 	off_t size;
    111 	const struct module_signature *modsig;
    112 	size_t sig_len;
    113 
    114 
    115 	size = kmod_file_get_size(file);
    116 	mem = kmod_file_get_contents(file);
    117 	if (size < (off_t)strlen(SIG_MAGIC))
    118 		return false;
    119 	size -= strlen(SIG_MAGIC);
    120 	if (memcmp(SIG_MAGIC, mem + size, strlen(SIG_MAGIC)) != 0)
    121 		return false;
    122 
    123 	if (size < (off_t)sizeof(struct module_signature))
    124 		return false;
    125 	size -= sizeof(struct module_signature);
    126 	modsig = (struct module_signature *)(mem + size);
    127 	if (modsig->algo >= PKEY_ALGO__LAST ||
    128 			modsig->hash >= PKEY_HASH__LAST ||
    129 			modsig->id_type >= PKEY_ID_TYPE__LAST)
    130 		return false;
    131 	sig_len = be32toh(get_unaligned(&modsig->sig_len));
    132 	if (sig_len == 0 ||
    133 	    size < (int64_t)(modsig->signer_len + modsig->key_id_len + sig_len))
    134 		return false;
    135 
    136 	size -= modsig->key_id_len + sig_len;
    137 	sig_info->key_id = mem + size;
    138 	sig_info->key_id_len = modsig->key_id_len;
    139 
    140 	size -= modsig->signer_len;
    141 	sig_info->signer = mem + size;
    142 	sig_info->signer_len = modsig->signer_len;
    143 
    144 	sig_info->algo = pkey_algo[modsig->algo];
    145 	sig_info->hash_algo = pkey_hash_algo[modsig->hash];
    146 	sig_info->id_type = pkey_id_type[modsig->id_type];
    147 
    148 	return true;
    149 }
    150