[thirdparty/kmod.git] / libkmod / libkmod-signature.c

/*
 * libkmod - module signature display
 *
 * Copyright (C) 2013 Michal Marek, SUSE
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
 */

#include <endian.h>
#include <inttypes.h>
#ifdef ENABLE_OPENSSL
#include <openssl/pkcs7.h>
#include <openssl/ssl.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <shared/missing.h>
#include <shared/util.h>

#include "libkmod-internal.h"

/* These types and tables were copied from the 3.7 kernel sources.
 * As this is just description of the signature format, it should not be
 * considered derived work (so libkmod can use the LGPL license).
 */
enum pkey_algo {
	PKEY_ALGO_DSA,
	PKEY_ALGO_RSA,
	PKEY_ALGO__LAST
};

static const char *const pkey_algo[PKEY_ALGO__LAST] = {
	[PKEY_ALGO_DSA]		= "DSA",
	[PKEY_ALGO_RSA]		= "RSA",
};

enum pkey_hash_algo {
	PKEY_HASH_MD4,
	PKEY_HASH_MD5,
	PKEY_HASH_SHA1,
	PKEY_HASH_RIPE_MD_160,
	PKEY_HASH_SHA256,
	PKEY_HASH_SHA384,
	PKEY_HASH_SHA512,
	PKEY_HASH_SHA224,
	PKEY_HASH_SM3,
	PKEY_HASH__LAST
};

const char *const pkey_hash_algo[PKEY_HASH__LAST] = {
	[PKEY_HASH_MD4]		= "md4",
	[PKEY_HASH_MD5]		= "md5",
	[PKEY_HASH_SHA1]	= "sha1",
	[PKEY_HASH_RIPE_MD_160]	= "rmd160",
	[PKEY_HASH_SHA256]	= "sha256",
	[PKEY_HASH_SHA384]	= "sha384",
	[PKEY_HASH_SHA512]	= "sha512",
	[PKEY_HASH_SHA224]	= "sha224",
	[PKEY_HASH_SM3]		= "sm3",
};

enum pkey_id_type {
	PKEY_ID_PGP,		/* OpenPGP generated key ID */
	PKEY_ID_X509,		/* X.509 arbitrary subjectKeyIdentifier */
	PKEY_ID_PKCS7,		/* Signature in PKCS#7 message */
	PKEY_ID_TYPE__LAST
};

const char *const pkey_id_type[PKEY_ID_TYPE__LAST] = {
	[PKEY_ID_PGP]		= "PGP",
	[PKEY_ID_X509]		= "X509",
	[PKEY_ID_PKCS7]		= "PKCS#7",
};

/*
 * Module signature information block.
 */
struct module_signature {
	uint8_t algo;        /* Public-key crypto algorithm [enum pkey_algo] */
	uint8_t hash;        /* Digest algorithm [enum pkey_hash_algo] */
	uint8_t id_type;     /* Key identifier type [enum pkey_id_type] */
	uint8_t signer_len;  /* Length of signer's name */
	uint8_t key_id_len;  /* Length of key identifier */
	uint8_t __pad[3];
	uint32_t sig_len;    /* Length of signature data (big endian) */
};

static bool fill_default(const char *mem, off_t size,
			 const struct module_signature *modsig, size_t sig_len,
			 struct kmod_signature_info *sig_info)
{
	size -= sig_len;
	sig_info->sig = mem + size;
	sig_info->sig_len = sig_len;

	size -= modsig->key_id_len;
	sig_info->key_id = mem + size;
	sig_info->key_id_len = modsig->key_id_len;

	size -= modsig->signer_len;
	sig_info->signer = mem + size;
	sig_info->signer_len = modsig->signer_len;

	sig_info->algo = pkey_algo[modsig->algo];
	sig_info->hash_algo = pkey_hash_algo[modsig->hash];
	sig_info->id_type = pkey_id_type[modsig->id_type];

	return true;
}

#ifdef ENABLE_OPENSSL

struct pkcs7_private {
	PKCS7 *pkcs7;
	unsigned char *key_id;
	BIGNUM *sno;
};

static void pkcs7_free(void *s)
{
	struct kmod_signature_info *si = s;
	struct pkcs7_private *pvt = si->private;

	PKCS7_free(pvt->pkcs7);
	BN_free(pvt->sno);
	free(pvt->key_id);
	free(pvt);
	si->private = NULL;
}

static int obj_to_hash_algo(const ASN1_OBJECT *o)
{
	int nid;

	nid = OBJ_obj2nid(o);
	switch (nid) {
	case NID_md4:
		return PKEY_HASH_MD4;
	case NID_md5:
		return PKEY_HASH_MD5;
	case NID_sha1:
		return PKEY_HASH_SHA1;
	case NID_ripemd160:
		return PKEY_HASH_RIPE_MD_160;
	case NID_sha256:
		return PKEY_HASH_SHA256;
	case NID_sha384:
		return PKEY_HASH_SHA384;
	case NID_sha512:
		return PKEY_HASH_SHA512;
	case NID_sha224:
		return PKEY_HASH_SHA224;
# ifndef OPENSSL_NO_SM3
	case NID_sm3:
		return PKEY_HASH_SM3;
# endif
	default:
		return -1;
	}
	return -1;
}

static const char *x509_name_to_str(X509_NAME *name)
{
	int i;
	X509_NAME_ENTRY *e;
	ASN1_STRING *d;
	ASN1_OBJECT *o;
	int nid = -1;
	const char *str;

	for (i = 0; i < X509_NAME_entry_count(name); i++) {
		e = X509_NAME_get_entry(name, i);
		o = X509_NAME_ENTRY_get_object(e);
		nid = OBJ_obj2nid(o);
		if (nid == NID_commonName)
			break;
	}
	if (nid == -1)
		return NULL;

	d = X509_NAME_ENTRY_get_data(e);
	str = (const char *)ASN1_STRING_get0_data(d);

	return str;
}

static bool fill_pkcs7(const char *mem, off_t size,
		       const struct module_signature *modsig, size_t sig_len,
		       struct kmod_signature_info *sig_info)
{
	const char *pkcs7_raw;
	PKCS7 *pkcs7;
	STACK_OF(PKCS7_SIGNER_INFO) *sis;
	PKCS7_SIGNER_INFO *si;
	PKCS7_ISSUER_AND_SERIAL *is;
	X509_NAME *issuer;
	ASN1_INTEGER *sno;
	ASN1_OCTET_STRING *sig;
	BIGNUM *sno_bn;
	X509_ALGOR *dig_alg;
	X509_ALGOR *sig_alg;
	const ASN1_OBJECT *o;
	BIO *in;
	int len;
	unsigned char *key_id_str;
	struct pkcs7_private *pvt;
	const char *issuer_str;

	size -= sig_len;
	pkcs7_raw = mem + size;

	in = BIO_new_mem_buf(pkcs7_raw, sig_len);

	pkcs7 = d2i_PKCS7_bio(in, NULL);
	if (pkcs7 == NULL) {
		BIO_free(in);
		return false;
	}

	BIO_free(in);

	sis = PKCS7_get_signer_info(pkcs7);
	if (sis == NULL)
		goto err;

	si = sk_PKCS7_SIGNER_INFO_value(sis, 0);
	if (si == NULL)
		goto err;

	is = si->issuer_and_serial;
	if (is == NULL)
		goto err;
	issuer = is->issuer;
	sno = is->serial;

	sig = si->enc_digest;
	if (sig == NULL)
		goto err;

	PKCS7_SIGNER_INFO_get0_algs(si, NULL, &dig_alg, &sig_alg);

	sig_info->sig = (const char *)ASN1_STRING_get0_data(sig);
	sig_info->sig_len = ASN1_STRING_length(sig);

	sno_bn = ASN1_INTEGER_to_BN(sno, NULL);
	if (sno_bn == NULL)
		goto err;

	len = BN_num_bytes(sno_bn);
	key_id_str = malloc(len);
	if (key_id_str == NULL)
		goto err2;
	BN_bn2bin(sno_bn, key_id_str);

	sig_info->key_id = (const char *)key_id_str;
	sig_info->key_id_len = len;

	issuer_str = x509_name_to_str(issuer);
	if (issuer_str != NULL) {
		sig_info->signer = issuer_str;
		sig_info->signer_len = strlen(issuer_str);
	}

	X509_ALGOR_get0(&o, NULL, NULL, dig_alg);

	sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
	sig_info->id_type = pkey_id_type[modsig->id_type];

	pvt = malloc(sizeof(*pvt));
	if (pvt == NULL)
		goto err3;

	pvt->pkcs7 = pkcs7;
	pvt->key_id = key_id_str;
	pvt->sno = sno_bn;
	sig_info->private = pvt;

	sig_info->free = pkcs7_free;

	return true;
err3:
	free(key_id_str);
err2:
	BN_free(sno_bn);
err:
	PKCS7_free(pkcs7);
	return false;
}

#else /* ENABLE OPENSSL */

static bool fill_pkcs7(const char *mem, off_t size,
		       const struct module_signature *modsig, size_t sig_len,
		       struct kmod_signature_info *sig_info)
{
	sig_info->hash_algo = "unknown";
	sig_info->id_type = pkey_id_type[modsig->id_type];
	return true;
}

#endif /* ENABLE OPENSSL */

#define SIG_MAGIC "~Module signature appended~\n"

/*
 * A signed module has the following layout:
 *
 * [ module                  ]
 * [ signer's name           ]
 * [ key identifier          ]
 * [ signature data          ]
 * [ struct module_signature ]
 * [ SIG_MAGIC               ]
 */

bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signature_info *sig_info)
{
	const char *mem;
	off_t size;
	const struct module_signature *modsig;
	size_t sig_len;

	size = kmod_file_get_size(file);
	mem = kmod_file_get_contents(file);
	if (size < (off_t)strlen(SIG_MAGIC))
		return false;
	size -= strlen(SIG_MAGIC);
	if (memcmp(SIG_MAGIC, mem + size, strlen(SIG_MAGIC)) != 0)
		return false;

	if (size < (off_t)sizeof(struct module_signature))
		return false;
	size -= sizeof(struct module_signature);
	modsig = (struct module_signature *)(mem + size);
	if (modsig->algo >= PKEY_ALGO__LAST ||
			modsig->hash >= PKEY_HASH__LAST ||
			modsig->id_type >= PKEY_ID_TYPE__LAST)
		return false;
	sig_len = be32toh(get_unaligned(&modsig->sig_len));
	if (sig_len == 0 ||
	    size < (int64_t)(modsig->signer_len + modsig->key_id_len + sig_len))
		return false;

	switch (modsig->id_type) {
	case PKEY_ID_PKCS7:
		return fill_pkcs7(mem, size, modsig, sig_len, sig_info);
	default:
		return fill_default(mem, size, modsig, sig_len, sig_info);
	}
}

void kmod_module_signature_info_free(struct kmod_signature_info *sig_info)
{
	if (sig_info->free)
		sig_info->free(sig_info);
}
Commit	Line	Data
8fe1681c MM	1	/*
	2	* libkmod - module signature display
	3	*
	4	* Copyright (C) 2013 Michal Marek, SUSE
	5	*
	6	* This library is free software; you can redistribute it and/or
	7	* modify it under the terms of the GNU Lesser General Public
	8	* License as published by the Free Software Foundation; either
	9	* version 2.1 of the License, or (at your option) any later version.
	10	*
	11	* This library is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	14	* Lesser General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU Lesser General Public
dea2dfee	17	* License along with this library; if not, see <http://www.gnu.org/licenses/>.
8fe1681c MM	18	*/
	19
	20	#include <endian.h>
b18979b7	21	#include <inttypes.h>
391b4714	22	#ifdef ENABLE_OPENSSL
628677e0	23	#include <openssl/pkcs7.h>
391b4714 YK	24	#include <openssl/ssl.h>
391b4714 YK	25	#endif
c2e4286b	26	#include <stdio.h>
8fe1681c MM	27	#include <stdlib.h>
8fe1681c MM	28	#include <string.h>
8fe1681c	29
8b7189bc	30	#include <shared/missing.h>
96573a02	31	#include <shared/util.h>
8b7189bc	32
83b855a6	33	#include "libkmod-internal.h"
8fe1681c MM	34
	35	/* These types and tables were copied from the 3.7 kernel sources.
	36	* As this is just description of the signature format, it should not be
	37	* considered derived work (so libkmod can use the LGPL license).
	38	*/
	39	enum pkey_algo {
	40	PKEY_ALGO_DSA,
	41	PKEY_ALGO_RSA,
	42	PKEY_ALGO__LAST
	43	};
	44
	45	static const char *const pkey_algo[PKEY_ALGO__LAST] = {
	46	[PKEY_ALGO_DSA] = "DSA",
	47	[PKEY_ALGO_RSA] = "RSA",
	48	};
	49
	50	enum pkey_hash_algo {
	51	PKEY_HASH_MD4,
	52	PKEY_HASH_MD5,
	53	PKEY_HASH_SHA1,
	54	PKEY_HASH_RIPE_MD_160,
	55	PKEY_HASH_SHA256,
	56	PKEY_HASH_SHA384,
	57	PKEY_HASH_SHA512,
	58	PKEY_HASH_SHA224,
f609cb51	59	PKEY_HASH_SM3,
8fe1681c MM	60	PKEY_HASH__LAST
	61	};
	62
	63	const char *const pkey_hash_algo[PKEY_HASH__LAST] = {
	64	[PKEY_HASH_MD4] = "md4",
	65	[PKEY_HASH_MD5] = "md5",
	66	[PKEY_HASH_SHA1] = "sha1",
	67	[PKEY_HASH_RIPE_MD_160] = "rmd160",
	68	[PKEY_HASH_SHA256] = "sha256",
	69	[PKEY_HASH_SHA384] = "sha384",
	70	[PKEY_HASH_SHA512] = "sha512",
	71	[PKEY_HASH_SHA224] = "sha224",
f609cb51	72	[PKEY_HASH_SM3] = "sm3",
8fe1681c MM	73	};
	74
	75	enum pkey_id_type {
	76	PKEY_ID_PGP, /* OpenPGP generated key ID */
	77	PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */
75f45d9b	78	PKEY_ID_PKCS7, /* Signature in PKCS#7 message */
8fe1681c MM	79	PKEY_ID_TYPE__LAST
	80	};
	81
	82	const char *const pkey_id_type[PKEY_ID_TYPE__LAST] = {
	83	[PKEY_ID_PGP] = "PGP",
	84	[PKEY_ID_X509] = "X509",
75f45d9b	85	[PKEY_ID_PKCS7] = "PKCS#7",
8fe1681c MM	86	};
	87
	88	/*
	89	* Module signature information block.
8fe1681c MM	90	*/
	91	struct module_signature {
	92	uint8_t algo; /* Public-key crypto algorithm [enum pkey_algo] */
	93	uint8_t hash; /* Digest algorithm [enum pkey_hash_algo] */
	94	uint8_t id_type; /* Key identifier type [enum pkey_id_type] */
	95	uint8_t signer_len; /* Length of signer's name */
	96	uint8_t key_id_len; /* Length of key identifier */
	97	uint8_t __pad[3];
	98	uint32_t sig_len; /* Length of signature data (big endian) */
	99	};
	100
a1105720 YK	101	static bool fill_default(const char *mem, off_t size,
	102	const struct module_signature *modsig, size_t sig_len,
	103	struct kmod_signature_info *sig_info)
	104	{
	105	size -= sig_len;
	106	sig_info->sig = mem + size;
	107	sig_info->sig_len = sig_len;
	108
	109	size -= modsig->key_id_len;
	110	sig_info->key_id = mem + size;
	111	sig_info->key_id_len = modsig->key_id_len;
	112
	113	size -= modsig->signer_len;
	114	sig_info->signer = mem + size;
	115	sig_info->signer_len = modsig->signer_len;
	116
	117	sig_info->algo = pkey_algo[modsig->algo];
	118	sig_info->hash_algo = pkey_hash_algo[modsig->hash];
	119	sig_info->id_type = pkey_id_type[modsig->id_type];
	120
	121	return true;
	122	}
	123
391b4714 YK	124	#ifdef ENABLE_OPENSSL
	125
	126	struct pkcs7_private {
628677e0	127	PKCS7 *pkcs7;
391b4714 YK	128	unsigned char *key_id;
	129	BIGNUM *sno;
	130	};
	131
	132	static void pkcs7_free(void *s)
	133	{
	134	struct kmod_signature_info *si = s;
	135	struct pkcs7_private *pvt = si->private;
	136
628677e0	137	PKCS7_free(pvt->pkcs7);
391b4714 YK	138	BN_free(pvt->sno);
	139	free(pvt->key_id);
	140	free(pvt);
	141	si->private = NULL;
	142	}
	143
	144	static int obj_to_hash_algo(const ASN1_OBJECT *o)
	145	{
	146	int nid;
	147
	148	nid = OBJ_obj2nid(o);
	149	switch (nid) {
	150	case NID_md4:
	151	return PKEY_HASH_MD4;
	152	case NID_md5:
	153	return PKEY_HASH_MD5;
	154	case NID_sha1:
	155	return PKEY_HASH_SHA1;
	156	case NID_ripemd160:
	157	return PKEY_HASH_RIPE_MD_160;
	158	case NID_sha256:
	159	return PKEY_HASH_SHA256;
	160	case NID_sha384:
	161	return PKEY_HASH_SHA384;
	162	case NID_sha512:
	163	return PKEY_HASH_SHA512;
	164	case NID_sha224:
	165	return PKEY_HASH_SHA224;
f609cb51 H	166	# ifndef OPENSSL_NO_SM3
	167	case NID_sm3:
	168	return PKEY_HASH_SM3;
	169	# endif
391b4714 YK	170	default:
	171	return -1;
	172	}
	173	return -1;
	174	}
	175
	176	static const char x509_name_to_str(X509_NAME name)
	177	{
	178	int i;
	179	X509_NAME_ENTRY *e;
	180	ASN1_STRING *d;
	181	ASN1_OBJECT *o;
	182	int nid = -1;
	183	const char *str;
	184
	185	for (i = 0; i < X509_NAME_entry_count(name); i++) {
	186	e = X509_NAME_get_entry(name, i);
	187	o = X509_NAME_ENTRY_get_object(e);
	188	nid = OBJ_obj2nid(o);
	189	if (nid == NID_commonName)
	190	break;
	191	}
	192	if (nid == -1)
	193	return NULL;
	194
	195	d = X509_NAME_ENTRY_get_data(e);
	196	str = (const char *)ASN1_STRING_get0_data(d);
	197
	198	return str;
	199	}
	200
	201	static bool fill_pkcs7(const char *mem, off_t size,
	202	const struct module_signature *modsig, size_t sig_len,
	203	struct kmod_signature_info *sig_info)
	204	{
	205	const char *pkcs7_raw;
628677e0 SS	206	PKCS7 *pkcs7;
	207	STACK_OF(PKCS7_SIGNER_INFO) *sis;
	208	PKCS7_SIGNER_INFO *si;
	209	PKCS7_ISSUER_AND_SERIAL *is;
391b4714 YK	210	X509_NAME *issuer;
	211	ASN1_INTEGER *sno;
	212	ASN1_OCTET_STRING *sig;
	213	BIGNUM *sno_bn;
	214	X509_ALGOR *dig_alg;
	215	X509_ALGOR *sig_alg;
	216	const ASN1_OBJECT *o;
	217	BIO *in;
	218	int len;
	219	unsigned char *key_id_str;
	220	struct pkcs7_private *pvt;
	221	const char *issuer_str;
	222
	223	size -= sig_len;
	224	pkcs7_raw = mem + size;
	225
	226	in = BIO_new_mem_buf(pkcs7_raw, sig_len);
	227
628677e0 SS	228	pkcs7 = d2i_PKCS7_bio(in, NULL);
628677e0 SS	229	if (pkcs7 == NULL) {
391b4714 YK	230	BIO_free(in);
	231	return false;
	232	}
	233
	234	BIO_free(in);
	235
628677e0	236	sis = PKCS7_get_signer_info(pkcs7);
391b4714 YK	237	if (sis == NULL)
	238	goto err;
	239
628677e0	240	si = sk_PKCS7_SIGNER_INFO_value(sis, 0);
391b4714 YK	241	if (si == NULL)
	242	goto err;
	243
628677e0 SS	244	is = si->issuer_and_serial;
628677e0 SS	245	if (is == NULL)
391b4714	246	goto err;
628677e0 SS	247	issuer = is->issuer;
628677e0 SS	248	sno = is->serial;
391b4714	249
628677e0	250	sig = si->enc_digest;
391b4714 YK	251	if (sig == NULL)
	252	goto err;
	253
628677e0	254	PKCS7_SIGNER_INFO_get0_algs(si, NULL, &dig_alg, &sig_alg);
391b4714 YK	255
	256	sig_info->sig = (const char *)ASN1_STRING_get0_data(sig);
	257	sig_info->sig_len = ASN1_STRING_length(sig);
	258
	259	sno_bn = ASN1_INTEGER_to_BN(sno, NULL);
	260	if (sno_bn == NULL)
	261	goto err;
	262
	263	len = BN_num_bytes(sno_bn);
	264	key_id_str = malloc(len);
	265	if (key_id_str == NULL)
	266	goto err2;
	267	BN_bn2bin(sno_bn, key_id_str);
	268
	269	sig_info->key_id = (const char *)key_id_str;
	270	sig_info->key_id_len = len;
	271
	272	issuer_str = x509_name_to_str(issuer);
	273	if (issuer_str != NULL) {
	274	sig_info->signer = issuer_str;
	275	sig_info->signer_len = strlen(issuer_str);
	276	}
	277
	278	X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
	279
	280	sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
	281	sig_info->id_type = pkey_id_type[modsig->id_type];
	282
	283	pvt = malloc(sizeof(*pvt));
	284	if (pvt == NULL)
	285	goto err3;
	286
628677e0	287	pvt->pkcs7 = pkcs7;
391b4714 YK	288	pvt->key_id = key_id_str;
	289	pvt->sno = sno_bn;
	290	sig_info->private = pvt;
	291
	292	sig_info->free = pkcs7_free;
	293
	294	return true;
	295	err3:
	296	free(key_id_str);
	297	err2:
	298	BN_free(sno_bn);
	299	err:
628677e0	300	PKCS7_free(pkcs7);
391b4714 YK	301	return false;
	302	}
	303
	304	#else /* ENABLE OPENSSL */
	305
	306	static bool fill_pkcs7(const char *mem, off_t size,
	307	const struct module_signature *modsig, size_t sig_len,
	308	struct kmod_signature_info *sig_info)
a1105720 YK	309	{
	310	sig_info->hash_algo = "unknown";
	311	sig_info->id_type = pkey_id_type[modsig->id_type];
	312	return true;
	313	}
	314
391b4714 YK	315	#endif /* ENABLE OPENSSL */
391b4714 YK	316
8fe1681c MM	317	#define SIG_MAGIC "~Module signature appended~\n"
8fe1681c MM	318
885e90b6 LDM	319	/*
	320	* A signed module has the following layout:
	321	*
	322	* [ module ]
	323	* [ signer's name ]
	324	* [ key identifier ]
	325	* [ signature data ]
	326	* [ struct module_signature ]
	327	* [ SIG_MAGIC ]
	328	*/
	329
8fe1681c MM	330	bool kmod_module_signature_info(const struct kmod_file file, struct kmod_signature_info sig_info)
	331	{
	332	const char *mem;
	333	off_t size;
	334	const struct module_signature *modsig;
	335	size_t sig_len;
	336
8fe1681c MM	337	size = kmod_file_get_size(file);
	338	mem = kmod_file_get_contents(file);
	339	if (size < (off_t)strlen(SIG_MAGIC))
	340	return false;
	341	size -= strlen(SIG_MAGIC);
	342	if (memcmp(SIG_MAGIC, mem + size, strlen(SIG_MAGIC)) != 0)
	343	return false;
	344
	345	if (size < (off_t)sizeof(struct module_signature))
	346	return false;
	347	size -= sizeof(struct module_signature);
	348	modsig = (struct module_signature *)(mem + size);
	349	if (modsig->algo >= PKEY_ALGO__LAST \|\|
	350	modsig->hash >= PKEY_HASH__LAST \|\|
	351	modsig->id_type >= PKEY_ID_TYPE__LAST)
	352	return false;
f87dc57a	353	sig_len = be32toh(get_unaligned(&modsig->sig_len));
dcbe1846 LDM	354	if (sig_len == 0 \|\|
dcbe1846 LDM	355	size < (int64_t)(modsig->signer_len + modsig->key_id_len + sig_len))
8fe1681c MM	356	return false;
8fe1681c MM	357
a1105720 YK	358	switch (modsig->id_type) {
a1105720 YK	359	case PKEY_ID_PKCS7:
391b4714	360	return fill_pkcs7(mem, size, modsig, sig_len, sig_info);
a1105720 YK	361	default:
	362	return fill_default(mem, size, modsig, sig_len, sig_info);
	363	}
8fe1681c	364	}
391b4714 YK	365
	366	void kmod_module_signature_info_free(struct kmod_signature_info *sig_info)
	367	{
	368	if (sig_info->free)
	369	sig_info->free(sig_info);
	370	}