Commit | Line | Data |
---|---|---|
8607c501 DK |
1 | /* |
2 | * Copyright (C) 2011 Intel Corporation | |
3 | * | |
4 | * Author: | |
5 | * Dmitry Kasatkin <dmitry.kasatkin@intel.com> | |
6 | * | |
7 | * This program is free software; you can redistribute it and/or modify | |
8 | * it under the terms of the GNU General Public License as published by | |
9 | * the Free Software Foundation, version 2 of the License. | |
10 | * | |
11 | */ | |
12 | ||
13 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt | |
14 | ||
15 | #include <linux/err.h> | |
16 | #include <linux/rbtree.h> | |
17 | #include <linux/key-type.h> | |
18 | #include <linux/digsig.h> | |
19 | ||
20 | #include "integrity.h" | |
21 | ||
22 | static struct key *keyring[INTEGRITY_KEYRING_MAX]; | |
23 | ||
24 | static const char *keyring_name[INTEGRITY_KEYRING_MAX] = { | |
25 | "_evm", | |
26 | "_module", | |
27 | "_ima", | |
28 | }; | |
29 | ||
30 | int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, | |
31 | const char *digest, int digestlen) | |
32 | { | |
33 | if (id >= INTEGRITY_KEYRING_MAX) | |
34 | return -EINVAL; | |
35 | ||
36 | if (!keyring[id]) { | |
37 | keyring[id] = | |
38 | request_key(&key_type_keyring, keyring_name[id], NULL); | |
39 | if (IS_ERR(keyring[id])) { | |
40 | int err = PTR_ERR(keyring[id]); | |
41 | pr_err("no %s keyring: %d\n", keyring_name[id], err); | |
42 | keyring[id] = NULL; | |
43 | return err; | |
44 | } | |
45 | } | |
46 | ||
47 | return digsig_verify(keyring[id], sig, siglen, digest, digestlen); | |
48 | } |