[thirdparty/kmod.git] / libkmod / libkmod-signature.c

/*
 * libkmod - module signature display
 *
 * Copyright (C) 2013 Michal Marek, SUSE
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */

#include <endian.h>
#include <inttypes.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <shared/missing.h>
#include <shared/util.h>

#include "libkmod-internal.h"

/* These types and tables were copied from the 3.7 kernel sources.
 * As this is just description of the signature format, it should not be
 * considered derived work (so libkmod can use the LGPL license).
 */
enum pkey_algo {
	PKEY_ALGO_DSA,
	PKEY_ALGO_RSA,
	PKEY_ALGO__LAST
};

static const char *const pkey_algo[PKEY_ALGO__LAST] = {
	[PKEY_ALGO_DSA]		= "DSA",
	[PKEY_ALGO_RSA]		= "RSA",
};

enum pkey_hash_algo {
	PKEY_HASH_MD4,
	PKEY_HASH_MD5,
	PKEY_HASH_SHA1,
	PKEY_HASH_RIPE_MD_160,
	PKEY_HASH_SHA256,
	PKEY_HASH_SHA384,
	PKEY_HASH_SHA512,
	PKEY_HASH_SHA224,
	PKEY_HASH__LAST
};

const char *const pkey_hash_algo[PKEY_HASH__LAST] = {
	[PKEY_HASH_MD4]		= "md4",
	[PKEY_HASH_MD5]		= "md5",
	[PKEY_HASH_SHA1]	= "sha1",
	[PKEY_HASH_RIPE_MD_160]	= "rmd160",
	[PKEY_HASH_SHA256]	= "sha256",
	[PKEY_HASH_SHA384]	= "sha384",
	[PKEY_HASH_SHA512]	= "sha512",
	[PKEY_HASH_SHA224]	= "sha224",
};

enum pkey_id_type {
	PKEY_ID_PGP,		/* OpenPGP generated key ID */
	PKEY_ID_X509,		/* X.509 arbitrary subjectKeyIdentifier */
	PKEY_ID_TYPE__LAST
};

const char *const pkey_id_type[PKEY_ID_TYPE__LAST] = {
	[PKEY_ID_PGP]		= "PGP",
	[PKEY_ID_X509]		= "X509",
};

/*
 * Module signature information block.
 *
 * The constituents of the signature section are, in order:
 *
 *	- Signer's name
 *	- Key identifier
 *	- Signature data
 *	- Information block
 */
struct module_signature {
	uint8_t algo;        /* Public-key crypto algorithm [enum pkey_algo] */
	uint8_t hash;        /* Digest algorithm [enum pkey_hash_algo] */
	uint8_t id_type;     /* Key identifier type [enum pkey_id_type] */
	uint8_t signer_len;  /* Length of signer's name */
	uint8_t key_id_len;  /* Length of key identifier */
	uint8_t __pad[3];
	uint32_t sig_len;    /* Length of signature data (big endian) */
};

#define SIG_MAGIC "~Module signature appended~\n"

bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signature_info *sig_info)
{
	const char *mem;
	off_t size;
	const struct module_signature *modsig;
	size_t sig_len;


	size = kmod_file_get_size(file);
	mem = kmod_file_get_contents(file);
	if (size < (off_t)strlen(SIG_MAGIC))
		return false;
	size -= strlen(SIG_MAGIC);
	if (memcmp(SIG_MAGIC, mem + size, strlen(SIG_MAGIC)) != 0)
		return false;

	if (size < (off_t)sizeof(struct module_signature))
		return false;
	size -= sizeof(struct module_signature);
	modsig = (struct module_signature *)(mem + size);
	if (modsig->algo >= PKEY_ALGO__LAST ||
			modsig->hash >= PKEY_HASH__LAST ||
			modsig->id_type >= PKEY_ID_TYPE__LAST)
		return false;
	sig_len = be32toh(get_unaligned(&modsig->sig_len));
	if (size < (off_t)(modsig->signer_len + modsig->key_id_len + sig_len))
		return false;

	size -= modsig->key_id_len + sig_len;
	sig_info->key_id = mem + size;
	sig_info->key_id_len = modsig->key_id_len;

	size -= modsig->signer_len;
	sig_info->signer = mem + size;
	sig_info->signer_len = modsig->signer_len;

	sig_info->algo = pkey_algo[modsig->algo];
	sig_info->hash_algo = pkey_hash_algo[modsig->hash];
	sig_info->id_type = pkey_id_type[modsig->id_type];

	return true;
}
Commit	Line	Data
8fe1681c MM	1	/*
	2	* libkmod - module signature display
	3	*
	4	* Copyright (C) 2013 Michal Marek, SUSE
	5	*
	6	* This library is free software; you can redistribute it and/or
	7	* modify it under the terms of the GNU Lesser General Public
	8	* License as published by the Free Software Foundation; either
	9	* version 2.1 of the License, or (at your option) any later version.
	10	*
	11	* This library is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	14	* Lesser General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU Lesser General Public
	17	* License along with this library; if not, write to the Free Software
	18	* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	19	*/
	20
	21	#include <endian.h>
b18979b7	22	#include <inttypes.h>
c2e4286b	23	#include <stdio.h>
8fe1681c MM	24	#include <stdlib.h>
8fe1681c MM	25	#include <string.h>
8fe1681c	26
8b7189bc	27	#include <shared/missing.h>
96573a02	28	#include <shared/util.h>
8b7189bc	29
83b855a6	30	#include "libkmod-internal.h"
8fe1681c MM	31
	32	/* These types and tables were copied from the 3.7 kernel sources.
	33	* As this is just description of the signature format, it should not be
	34	* considered derived work (so libkmod can use the LGPL license).
	35	*/
	36	enum pkey_algo {
	37	PKEY_ALGO_DSA,
	38	PKEY_ALGO_RSA,
	39	PKEY_ALGO__LAST
	40	};
	41
	42	static const char *const pkey_algo[PKEY_ALGO__LAST] = {
	43	[PKEY_ALGO_DSA] = "DSA",
	44	[PKEY_ALGO_RSA] = "RSA",
	45	};
	46
	47	enum pkey_hash_algo {
	48	PKEY_HASH_MD4,
	49	PKEY_HASH_MD5,
	50	PKEY_HASH_SHA1,
	51	PKEY_HASH_RIPE_MD_160,
	52	PKEY_HASH_SHA256,
	53	PKEY_HASH_SHA384,
	54	PKEY_HASH_SHA512,
	55	PKEY_HASH_SHA224,
	56	PKEY_HASH__LAST
	57	};
	58
	59	const char *const pkey_hash_algo[PKEY_HASH__LAST] = {
	60	[PKEY_HASH_MD4] = "md4",
	61	[PKEY_HASH_MD5] = "md5",
	62	[PKEY_HASH_SHA1] = "sha1",
	63	[PKEY_HASH_RIPE_MD_160] = "rmd160",
	64	[PKEY_HASH_SHA256] = "sha256",
	65	[PKEY_HASH_SHA384] = "sha384",
	66	[PKEY_HASH_SHA512] = "sha512",
	67	[PKEY_HASH_SHA224] = "sha224",
	68	};
	69
	70	enum pkey_id_type {
	71	PKEY_ID_PGP, /* OpenPGP generated key ID */
	72	PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */
	73	PKEY_ID_TYPE__LAST
	74	};
	75
	76	const char *const pkey_id_type[PKEY_ID_TYPE__LAST] = {
	77	[PKEY_ID_PGP] = "PGP",
	78	[PKEY_ID_X509] = "X509",
	79	};
	80
	81	/*
	82	* Module signature information block.
	83	*
	84	* The constituents of the signature section are, in order:
	85	*
	86	* - Signer's name
	87	* - Key identifier
	88	* - Signature data
	89	* - Information block
	90	*/
	91	struct module_signature {
	92	uint8_t algo; /* Public-key crypto algorithm [enum pkey_algo] */
	93	uint8_t hash; /* Digest algorithm [enum pkey_hash_algo] */
	94	uint8_t id_type; /* Key identifier type [enum pkey_id_type] */
95	uint8_t signer_len; /* Length of signer's name */
96	uint8_t key_id_len; /* Length of key identifier */
97	uint8_t __pad[3];
98	uint32_t sig_len; /* Length of signature data (big endian) */
99	};
100
101	#define SIG_MAGIC "~Module signature appended~\n"
102
103	bool kmod_module_signature_info(const struct kmod_file file, struct kmod_signature_info sig_info)
104	{
105	const char *mem;
106	off_t size;
107	const struct module_signature *modsig;
108	size_t sig_len;
109
110
111	size = kmod_file_get_size(file);
112	mem = kmod_file_get_contents(file);
113	if (size < (off_t)strlen(SIG_MAGIC))
114	return false;
115	size -= strlen(SIG_MAGIC);
116	if (memcmp(SIG_MAGIC, mem + size, strlen(SIG_MAGIC)) != 0)
117	return false;
118
119	if (size < (off_t)sizeof(struct module_signature))
120	return false;
121	size -= sizeof(struct module_signature);
122	modsig = (struct module_signature *)(mem + size);
123	if (modsig->algo >= PKEY_ALGO__LAST \|\|
124	modsig->hash >= PKEY_HASH__LAST \|\|
125	modsig->id_type >= PKEY_ID_TYPE__LAST)
126	return false;
f87dc57a	127	sig_len = be32toh(get_unaligned(&modsig->sig_len));
8fe1681c MM	128	if (size < (off_t)(modsig->signer_len + modsig->key_id_len + sig_len))
	129	return false;
	130
	131	size -= modsig->key_id_len + sig_len;
	132	sig_info->key_id = mem + size;
	133	sig_info->key_id_len = modsig->key_id_len;
	134
	135	size -= modsig->signer_len;
	136	sig_info->signer = mem + size;
	137	sig_info->signer_len = modsig->signer_len;
	138
	139	sig_info->algo = pkey_algo[modsig->algo];
	140	sig_info->hash_algo = pkey_hash_algo[modsig->hash];
	141	sig_info->id_type = pkey_id_type[modsig->id_type];
	142
	143	return true;
	144	}