diff options
| author | David Howells <dhowells@redhat.com> | 2014-07-22 21:54:05 +0100 |
|---|---|---|
| committer | David Howells <dhowells@redhat.com> | 2014-07-22 21:54:05 +0100 |
| commit | 22255b135613bad5b22f9e77795ded54c86e71b3 (patch) | |
| tree | d8ca15df2cf084bce176c8de9f81cfdcd5928295 /crypto/asymmetric_keys/verify_pefile.h | |
| parent | 6bbf47c5faf826127a0abb47a9083a3ca478d1c0 (diff) | |
| parent | 6390c2d3013e6f493ee0163c5abd26fcd422c4df (diff) | |
| download | linux-crypto-22255b135613bad5b22f9e77795ded54c86e71b3.tar.gz linux-crypto-22255b135613bad5b22f9e77795ded54c86e71b3.zip | |
Merge tag 'keys-pefile-20140709' into keys-next
Here's a set of changes that implement a PE file signature checker.
This provides the following facility:
(1) Extract the signature from the PE file. This is a PKCS#7 message
containing, as its data, a hash of the signed parts of the file.
(2) Digest the signed parts of the file.
(3) Compare the digest with the one from the PKCS#7 message.
(4) Validate the signatures on the PKCS#7 message and indicate
whether it was matched by a trusted key.
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'crypto/asymmetric_keys/verify_pefile.h')
| -rw-r--r-- | crypto/asymmetric_keys/verify_pefile.h | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/crypto/asymmetric_keys/verify_pefile.h b/crypto/asymmetric_keys/verify_pefile.h new file mode 100644 index 00000000..55d5f7eb --- /dev/null +++ b/crypto/asymmetric_keys/verify_pefile.h @@ -0,0 +1,42 @@ +/* PE Binary parser bits + * + * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. + * Written by David Howells (dhowells@redhat.com) + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public Licence + * as published by the Free Software Foundation; either version + * 2 of the Licence, or (at your option) any later version. + */ + +#include <linux/verify_pefile.h> +#include <crypto/pkcs7.h> +#include <crypto/hash_info.h> + +struct pefile_context { + unsigned header_size; + unsigned image_checksum_offset; + unsigned cert_dirent_offset; + unsigned n_data_dirents; + unsigned n_sections; + unsigned certs_size; + unsigned sig_offset; + unsigned sig_len; + const struct section_header *secs; + struct pkcs7_message *pkcs7; + + /* PKCS#7 MS Individual Code Signing content */ + const void *digest; /* Digest */ + unsigned digest_len; /* Digest length */ + enum hash_algo digest_algo; /* Digest algorithm */ +}; + +#define kenter(FMT, ...) \ + pr_devel("==> %s("FMT")\n", __func__, ##__VA_ARGS__) +#define kleave(FMT, ...) \ + pr_devel("<== %s()"FMT"\n", __func__, ##__VA_ARGS__) + +/* + * mscode_parser.c + */ +extern int mscode_parse(struct pefile_context *ctx); |