diff options
author | David Howells <dhowells@redhat.com> | 2014-07-22 21:54:05 +0100 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2014-07-22 21:54:05 +0100 |
commit | 6204e0025566ad3992ce649d4f44b7e8cdde2293 (patch) | |
tree | bf851c8197aa6546c12c97cb205f9c75a7cae729 /crypto/asymmetric_keys/verify_pefile.h | |
parent | 1ca72c96dbad332ebd89b5756640f881ff0e6e9e (diff) | |
parent | 98801c002f7e573b4a86bcd5b234864d375e98a0 (diff) | |
download | talos-op-linux-6204e0025566ad3992ce649d4f44b7e8cdde2293.tar.gz talos-op-linux-6204e0025566ad3992ce649d4f44b7e8cdde2293.zip |
Merge tag 'keys-pefile-20140709' into keys-next
Here's a set of changes that implement a PE file signature checker.
This provides the following facility:
(1) Extract the signature from the PE file. This is a PKCS#7 message
containing, as its data, a hash of the signed parts of the file.
(2) Digest the signed parts of the file.
(3) Compare the digest with the one from the PKCS#7 message.
(4) Validate the signatures on the PKCS#7 message and indicate
whether it was matched by a trusted key.
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'crypto/asymmetric_keys/verify_pefile.h')
-rw-r--r-- | crypto/asymmetric_keys/verify_pefile.h | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/crypto/asymmetric_keys/verify_pefile.h b/crypto/asymmetric_keys/verify_pefile.h new file mode 100644 index 000000000000..55d5f7ebc45a --- /dev/null +++ b/crypto/asymmetric_keys/verify_pefile.h @@ -0,0 +1,42 @@ +/* PE Binary parser bits + * + * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. + * Written by David Howells (dhowells@redhat.com) + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public Licence + * as published by the Free Software Foundation; either version + * 2 of the Licence, or (at your option) any later version. + */ + +#include <linux/verify_pefile.h> +#include <crypto/pkcs7.h> +#include <crypto/hash_info.h> + +struct pefile_context { + unsigned header_size; + unsigned image_checksum_offset; + unsigned cert_dirent_offset; + unsigned n_data_dirents; + unsigned n_sections; + unsigned certs_size; + unsigned sig_offset; + unsigned sig_len; + const struct section_header *secs; + struct pkcs7_message *pkcs7; + + /* PKCS#7 MS Individual Code Signing content */ + const void *digest; /* Digest */ + unsigned digest_len; /* Digest length */ + enum hash_algo digest_algo; /* Digest algorithm */ +}; + +#define kenter(FMT, ...) \ + pr_devel("==> %s("FMT")\n", __func__, ##__VA_ARGS__) +#define kleave(FMT, ...) \ + pr_devel("<== %s()"FMT"\n", __func__, ##__VA_ARGS__) + +/* + * mscode_parser.c + */ +extern int mscode_parse(struct pefile_context *ctx); |