/* module-verify.c: description
 *
 * Written by David Howells (dhowells@redhat.com)
 * - Derived from GregKH's RSA module signer
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version
 * 2 of the License, or (at your option) any later version.
 */

#include <linux/config.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/slab.h>
#include <linux/mm.h>
#include <linux/vmalloc.h>
#include <linux/elf.h>
#include <linux/crypto.h>
#include <linux/crypto/ksign.h>
#include <asm/scatterlist.h>
#include "module-verify.h"

#if 0
#define _debug(FMT, ...) printk(KERN_DEBUG FMT, ##__VA_ARGS__)
#else
#define _debug(FMT, ...) do { ; } while (0)
#endif

static int signedonly;

/*****************************************************************************/
/*
 * verify the signature attached to a module
 */
int module_verify_sig(Elf_Ehdr *hdr, Elf_Shdr *sechdrs, const char *secstrings, struct module *mod)
{
	struct crypto_tfm *sha1_tfm;
	unsigned sig_index, sig_size;
	char *sig;
	int i;

	/* pull the signature out of the file */
	sig_index = 0;
	for (i = 1; i < hdr->e_shnum; i++) {
		if (strcmp(secstrings + sechdrs[i].sh_name,
			   "module_sig") == 0) {
			sig_index = i;
			break;
		}
	}

	if (sig_index <= 0)
		goto no_signature;

	_debug("sig in section %d (size %d)\n",
	       sig_index, sechdrs[sig_index].sh_size);

	sig = (char *) sechdrs[sig_index].sh_addr;
	sig_size = sechdrs[sig_index].sh_size;

	_debug("");




	/* grab an SHA1 transformation context
	 * - !!! if this tries to load the sha1.ko module, we will deadlock!!!
	 */
	sha1_tfm = crypto_alloc_tfm2("sha1", 0, 1);
	if (!sha1_tfm) {
		printk("Couldn't load module - SHA1 transform unavailable\n");
		return -EPERM;
	}

	crypto_digest_init(sha1_tfm);

	for (i = 1; i < hdr->e_shnum; i++) {
		uint8_t *data;
		int size;
		const char *name = secstrings + sechdrs[i].sh_name;

		/* We only care about sections with "text" or "data" in their names */
		if ((strstr(name, "text") == NULL) &&
		    (strstr(name, "data") == NULL))
			continue;

		/* avoid the ".rel.*" sections too. */
		if (strstr(name, ".rel.") != NULL)
			continue;

		/* avoid the ".rel.*" sections too. */
		if (strstr(name, ".rela.") != NULL)
			continue;

		data = (uint8_t *) sechdrs[i].sh_addr;
		size = sechdrs[i].sh_size;

		_debug("SHA1ing the %s section, size %d\n", name, size);
		_debug("idata [ %02x%02x%02x%02x ]\n",
		       data[0], data[1], data[2], data[3]);

		crypto_digest_update_kernel(sha1_tfm, data, size);
	}

	/* do the actual signature verification */
	i = ksign_verify_signature(sig, sig_size, sha1_tfm);
	if (!i)
                mod->gpgsig_ok = 1;
	
	return i;

	/* deal with the case of an unsigned module */
 no_signature:
 	if (!signedonly)
		return 0;
	printk("An attempt to load unsigned module was rejected\n");
	return -EPERM;
} /* end module_verify_sig() */

static int __init sign_setup(char *str)
{
	signedonly = 1;
	return 0;
}
__setup("enforcemodulesig", sign_setup);