/* SPDX-License-Identifier: GPL-2.0+ */
/*
 * Module signature handling.
 *
 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
 * Written by David Howells (dhowells@redhat.com)
 */

#ifndef _LINUX_MODULE_SIGNATURE_H
#define _LINUX_MODULE_SIGNATURE_H

#include <linux/types.h>

/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
#define MODULE_SIG_STRING "~Module signature appended~\n"

enum pkey_id_type {
        PKEY_ID_PGP,            /* OpenPGP generated key ID */
        PKEY_ID_X509,           /* X.509 arbitrary subjectKeyIdentifier */
        PKEY_ID_PKCS7,          /* Signature in PKCS#7 message */
};

/*
 * Module signature information block.
 *
 * The constituents of the signature section are, in order:
 *
 *      - Signer's name
 *      - Key identifier
 *      - Signature data
 *      - Information block
 */
struct module_signature {
        u8      algo;           /* Public-key crypto algorithm [0] */
        u8      hash;           /* Digest algorithm [0] */
        u8      id_type;        /* Key identifier type [PKEY_ID_PKCS7] */
        u8      signer_len;     /* Length of signer's name [0] */
        u8      key_id_len;     /* Length of key identifier [0] */
        u8      __pad[3];
        __be32  sig_len;        /* Length of signature data */
};

int mod_check_sig(const struct module_signature *ms, size_t file_len,
                  const char *name);

#endif /* _LINUX_MODULE_SIGNATURE_H */