diff options
author | David Howells <dhowells@redhat.com> | 2012-09-26 05:11:03 -0400 |
---|---|---|
committer | Rusty Russell <rusty@rustcorp.com.au> | 2012-10-10 05:36:10 -0400 |
commit | 48ba2462ace6072741fd8d0058207d630ce93bf1 (patch) | |
tree | 3cea7661a3bd5d03631e01171c19f2123346cf01 /init | |
parent | 631cc66eb9eaa7296e303197ff1eb0f55e32b61d (diff) |
MODSIGN: Implement module signature checking
Check the signature on the module against the keys compiled into the kernel or
available in a hardware key store.
Currently, only RSA keys are supported - though that's easy enough to change,
and the signature is expected to contain raw components (so not a PGP or
PKCS#7 formatted blob).
The signature blob is expected to consist of the following pieces in order:
(1) The binary identifier for the key. This is expected to match the
SubjectKeyIdentifier from an X.509 certificate. Only X.509 type
identifiers are currently supported.
(2) The signature data, consisting of a series of MPIs in which each is in
the format of a 2-byte BE word sizes followed by the content data.
(3) A 12 byte information block of the form:
struct module_signature {
enum pkey_algo algo : 8;
enum pkey_hash_algo hash : 8;
enum pkey_id_type id_type : 8;
u8 __pad;
__be32 id_length;
__be32 sig_length;
};
The three enums are defined in crypto/public_key.h.
'algo' contains the public-key algorithm identifier (0->DSA, 1->RSA).
'hash' contains the digest algorithm identifier (0->MD4, 1->MD5, 2->SHA1,
etc.).
'id_type' contains the public-key identifier type (0->PGP, 1->X.509).
'__pad' should be 0.
'id_length' should contain in the binary identifier length in BE form.
'sig_length' should contain in the signature data length in BE form.
The lengths are in BE order rather than CPU order to make dealing with
cross-compilation easier.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (minor Kconfig fix)
Diffstat (limited to 'init')
-rw-r--r-- | init/Kconfig | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig index 00d45799dee1..abc6e63f2fb8 100644 --- a/init/Kconfig +++ b/init/Kconfig | |||
@@ -1588,6 +1588,14 @@ config MODULE_SRCVERSION_ALL | |||
1588 | config MODULE_SIG | 1588 | config MODULE_SIG |
1589 | bool "Module signature verification" | 1589 | bool "Module signature verification" |
1590 | depends on MODULES | 1590 | depends on MODULES |
1591 | select KEYS | ||
1592 | select CRYPTO | ||
1593 | select ASYMMETRIC_KEY_TYPE | ||
1594 | select ASYMMETRIC_PUBLIC_KEY_SUBTYPE | ||
1595 | select PUBLIC_KEY_ALGO_RSA | ||
1596 | select ASN1 | ||
1597 | select OID_REGISTRY | ||
1598 | select X509_CERTIFICATE_PARSER | ||
1591 | help | 1599 | help |
1592 | Check modules for valid signatures upon load: the signature | 1600 | Check modules for valid signatures upon load: the signature |
1593 | is simply appended to the module. For more information see | 1601 | is simply appended to the module. For more information see |