linux/security/integrity/digsig.c
<<
>>
Prefs
   1/*
   2 * Copyright (C) 2011 Intel Corporation
   3 *
   4 * Author:
   5 * Dmitry Kasatkin <dmitry.kasatkin@intel.com>
   6 *
   7 * This program is free software; you can redistribute it and/or modify
   8 * it under the terms of the GNU General Public License as published by
   9 * the Free Software Foundation, version 2 of the License.
  10 *
  11 */
  12
  13#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  14
  15#include <linux/err.h>
  16#include <linux/rbtree.h>
  17#include <linux/key-type.h>
  18#include <linux/digsig.h>
  19
  20#include "integrity.h"
  21
  22static struct key *keyring[INTEGRITY_KEYRING_MAX];
  23
  24static const char *keyring_name[INTEGRITY_KEYRING_MAX] = {
  25        "_evm",
  26        "_module",
  27        "_ima",
  28};
  29
  30int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
  31                                        const char *digest, int digestlen)
  32{
  33        if (id >= INTEGRITY_KEYRING_MAX)
  34                return -EINVAL;
  35
  36        if (!keyring[id]) {
  37                keyring[id] =
  38                        request_key(&key_type_keyring, keyring_name[id], NULL);
  39                if (IS_ERR(keyring[id])) {
  40                        int err = PTR_ERR(keyring[id]);
  41                        pr_err("no %s keyring: %d\n", keyring_name[id], err);
  42                        keyring[id] = NULL;
  43                        return err;
  44                }
  45        }
  46
  47        return digsig_verify(keyring[id], sig, siglen, digest, digestlen);
  48}
  49
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.