06 Apr, 2016
1 commit
-
Generalise system_verify_data() to provide access to internal content
through a callback. This allows all the PKCS#7 stuff to be hidden inside
this function and removed from the PE file parser and the PKCS#7 test key.If external content is not required, NULL should be passed as data to the
function. If the callback is not required, that can be set to NULL.The function is now called verify_pkcs7_signature() to contrast with
verify_pefile_signature() and the definitions of both have been moved into
linux/verification.h along with the key_being_used_for enum.Signed-off-by: David Howells
04 Mar, 2016
1 commit
-
Make the identifier public key and digest algorithm fields text instead of
enum.Signed-off-by: David Howells
Acked-by: Herbert Xu
09 Jul, 2014
2 commits
-
The PKCS#7 certificate should contain a "Microsoft individual code signing"
data blob as its signed content. This blob contains a digest of the signed
content of the PE binary and the OID of the digest algorithm used (typically
SHA256).Signed-off-by: David Howells
Acked-by: Vivek Goyal
Reviewed-by: Kees Cook -
Parse a PE binary to find a key and a signature contained therein. Later
patches will check the signature and add the key if the signature checks out.Signed-off-by: David Howells
Acked-by: Vivek Goyal
Reviewed-by: Kees Cook