linux-imx
Public
Source
committed f86880175d0 " scripts/sign-file -s <raw sig> <hash algo> <x509> <module> [<dest>]\n");/* Sign a module file using the given key. * * Copyright © 2014-2016 Red Hat, Inc. All Rights Reserved. * Copyright © 2015 Intel Corporation. * Copyright © 2016 Hewlett Packard Enterprise Development LP * * Authors: David Howells <dhowells@redhat.com> * David Woodhouse <dwmw2@infradead.org> * Juerg Haefliger <juerg.haefliger@hpe.com> * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License * as published by the Free Software Foundation; either version 2.1 * of the licence, or (at your option) any later version. *//* * Use CMS if we have openssl-1.0.0 or newer available - otherwise we have to * assume that it's not available and its header file is missing and that we * should use PKCS#7 instead. Switching to the older PKCS#7 format restricts * the options we have on specifying the X.509 certificate we want. * * Further, older versions of OpenSSL don't support manually adding signers to * the PKCS#7 message so have to accept that we get a certificate included in * the signature message. Nor do such older versions of OpenSSL support * signing with anything other than SHA1 - so we're stuck with that if such is * the case. */struct module_signature { uint8_t algo; /* Public-key crypto algorithm [0] */ uint8_t hash; /* Digest algorithm [0] */ uint8_t id_type; /* Key identifier type [PKEY_ID_PKCS7] */ uint8_t signer_len; /* Length of signer's name [0] */ uint8_t key_id_len; /* Length of key identifier [0] */ uint8_t __pad[3]; uint32_t sig_len; /* Length of signature data */};