[linux-block.git] / security / integrity / digsig_asymmetric.c

// SPDX-License-Identifier: GPL-2.0-only
/*
 * Copyright (C) 2013 Intel Corporation
 *
 * Author:
 * Dmitry Kasatkin <dmitry.kasatkin@intel.com>
 */

#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt

#include <linux/err.h>
#include <linux/ratelimit.h>
#include <linux/key-type.h>
#include <crypto/public_key.h>
#include <crypto/hash_info.h>
#include <keys/asymmetric-type.h>
#include <keys/system_keyring.h>

#include "integrity.h"

/*
 * Request an asymmetric key.
 */
static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid)
{
	struct key *key;
	char name[12];

	sprintf(name, "id:%08x", keyid);

	pr_debug("key search: \"%s\"\n", name);

	key = get_ima_blacklist_keyring();
	if (key) {
		key_ref_t kref;

		kref = keyring_search(make_key_ref(key, 1),
				      &key_type_asymmetric, name, true);
		if (!IS_ERR(kref)) {
			pr_err("Key '%s' is in ima_blacklist_keyring\n", name);
			return ERR_PTR(-EKEYREJECTED);
		}
	}

	if (keyring) {
		/* search in specific keyring */
		key_ref_t kref;

		kref = keyring_search(make_key_ref(keyring, 1),
				      &key_type_asymmetric, name, true);
		if (IS_ERR(kref))
			key = ERR_CAST(kref);
		else
			key = key_ref_to_ptr(kref);
	} else {
		key = request_key(&key_type_asymmetric, name, NULL);
	}

	if (IS_ERR(key)) {
		pr_err_ratelimited("Request for unknown key '%s' err %ld\n",
				   name, PTR_ERR(key));
		switch (PTR_ERR(key)) {
			/* Hide some search errors */
		case -EACCES:
		case -ENOTDIR:
		case -EAGAIN:
			return ERR_PTR(-ENOKEY);
		default:
			return key;
		}
	}

	pr_debug("%s() = 0 [%x]\n", __func__, key_serial(key));

	return key;
}

int asymmetric_verify(struct key *keyring, const char *sig,
		      int siglen, const char *data, int datalen)
{
	struct public_key_signature pks;
	struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
	struct key *key;
	int ret = -ENOMEM;

	if (siglen <= sizeof(*hdr))
		return -EBADMSG;

	siglen -= sizeof(*hdr);

	if (siglen != be16_to_cpu(hdr->sig_size))
		return -EBADMSG;

	if (hdr->hash_algo >= HASH_ALGO__LAST)
		return -ENOPKG;

	key = request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid));
	if (IS_ERR(key))
		return PTR_ERR(key);

	memset(&pks, 0, sizeof(pks));

	pks.hash_algo = hash_algo_name[hdr->hash_algo];
	if (hdr->hash_algo == HASH_ALGO_STREEBOG_256 ||
	    hdr->hash_algo == HASH_ALGO_STREEBOG_512) {
		/* EC-RDSA and Streebog should go together. */
		pks.pkey_algo = "ecrdsa";
		pks.encoding = "raw";
	} else {
		pks.pkey_algo = "rsa";
		pks.encoding = "pkcs1";
	}
	pks.digest = (u8 *)data;
	pks.digest_size = datalen;
	pks.s = hdr->sig;
	pks.s_size = siglen;
	ret = verify_signature(key, &pks);
	key_put(key);
	pr_debug("%s() = %d\n", __func__, ret);
	return ret;
}

/**
 * integrity_kernel_module_request - prevent crypto-pkcs1pad(rsa,*) requests
 * @kmod_name: kernel module name
 *
 * We have situation, when public_key_verify_signature() in case of RSA
 * algorithm use alg_name to store internal information in order to
 * construct an algorithm on the fly, but crypto_larval_lookup() will try
 * to use alg_name in order to load kernel module with same name.
 * Since we don't have any real "crypto-pkcs1pad(rsa,*)" kernel modules,
 * we are safe to fail such module request from crypto_larval_lookup().
 *
 * In this way we prevent modprobe execution during digsig verification
 * and avoid possible deadlock if modprobe and/or it's dependencies
 * also signed with digsig.
 */
int integrity_kernel_module_request(char *kmod_name)
{
	if (strncmp(kmod_name, "crypto-pkcs1pad(rsa,", 20) == 0)
		return -EINVAL;

	return 0;
}
Commit	Line	Data
b886d83c	1	// SPDX-License-Identifier: GPL-2.0-only
e0751257 DK	2	/*
	3	* Copyright (C) 2013 Intel Corporation
	4	*
	5	* Author:
	6	* Dmitry Kasatkin <dmitry.kasatkin@intel.com>
e0751257 DK	7	*/
	8
	9	#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
	10
	11	#include <linux/err.h>
d9a2e5d7	12	#include <linux/ratelimit.h>
e0751257 DK	13	#include <linux/key-type.h>
e0751257 DK	14	#include <crypto/public_key.h>
4e8ae72a	15	#include <crypto/hash_info.h>
e0751257	16	#include <keys/asymmetric-type.h>
41c89b64	17	#include <keys/system_keyring.h>
e0751257 DK	18
	19	#include "integrity.h"
	20
e0751257 DK	21	/*
	22	* Request an asymmetric key.
	23	*/
	24	static struct key request_asymmetric_key(struct key keyring, uint32_t keyid)
	25	{
	26	struct key *key;
	27	char name[12];
	28
594081ee	29	sprintf(name, "id:%08x", keyid);
e0751257 DK	30
	31	pr_debug("key search: \"%s\"\n", name);
	32
41c89b64 PM	33	key = get_ima_blacklist_keyring();
	34	if (key) {
	35	key_ref_t kref;
	36
	37	kref = keyring_search(make_key_ref(key, 1),
dcf49dbc	38	&key_type_asymmetric, name, true);
41c89b64 PM	39	if (!IS_ERR(kref)) {
	40	pr_err("Key '%s' is in ima_blacklist_keyring\n", name);
	41	return ERR_PTR(-EKEYREJECTED);
	42	}
	43	}
	44
e0751257 DK	45	if (keyring) {
	46	/* search in specific keyring */
	47	key_ref_t kref;
41c89b64	48
e0751257	49	kref = keyring_search(make_key_ref(keyring, 1),
dcf49dbc	50	&key_type_asymmetric, name, true);
e0751257 DK	51	if (IS_ERR(kref))
	52	key = ERR_CAST(kref);
	53	else
	54	key = key_ref_to_ptr(kref);
	55	} else {
028db3e2	56	key = request_key(&key_type_asymmetric, name, NULL);
e0751257 DK	57	}
	58
	59	if (IS_ERR(key)) {
d9a2e5d7 DK	60	pr_err_ratelimited("Request for unknown key '%s' err %ld\n",
d9a2e5d7 DK	61	name, PTR_ERR(key));
e0751257 DK	62	switch (PTR_ERR(key)) {
	63	/* Hide some search errors */
	64	case -EACCES:
	65	case -ENOTDIR:
	66	case -EAGAIN:
	67	return ERR_PTR(-ENOKEY);
	68	default:
	69	return key;
	70	}
	71	}
	72
	73	pr_debug("%s() = 0 [%x]\n", __func__, key_serial(key));
	74
	75	return key;
	76	}
	77
	78	int asymmetric_verify(struct key keyring, const char sig,
	79	int siglen, const char *data, int datalen)
	80	{
	81	struct public_key_signature pks;
	82	struct signature_v2_hdr hdr = (struct signature_v2_hdr )sig;
	83	struct key *key;
	84	int ret = -ENOMEM;
	85
	86	if (siglen <= sizeof(*hdr))
	87	return -EBADMSG;
	88
	89	siglen -= sizeof(*hdr);
	90
bb543e39	91	if (siglen != be16_to_cpu(hdr->sig_size))
e0751257 DK	92	return -EBADMSG;
e0751257 DK	93
4e8ae72a	94	if (hdr->hash_algo >= HASH_ALGO__LAST)
e0751257 DK	95	return -ENOPKG;
e0751257 DK	96
bb543e39	97	key = request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid));
e0751257 DK	98	if (IS_ERR(key))
	99	return PTR_ERR(key);
	100
	101	memset(&pks, 0, sizeof(pks));
	102
4e8ae72a	103	pks.hash_algo = hash_algo_name[hdr->hash_algo];
be08f0c6 VC	104	if (hdr->hash_algo == HASH_ALGO_STREEBOG_256 \|\|
	105	hdr->hash_algo == HASH_ALGO_STREEBOG_512) {
	106	/* EC-RDSA and Streebog should go together. */
	107	pks.pkey_algo = "ecrdsa";
	108	pks.encoding = "raw";
	109	} else {
	110	pks.pkey_algo = "rsa";
	111	pks.encoding = "pkcs1";
	112	}
e0751257 DK	113	pks.digest = (u8 *)data;
e0751257 DK	114	pks.digest_size = datalen;
eb5798f2 TS	115	pks.s = hdr->sig;
	116	pks.s_size = siglen;
	117	ret = verify_signature(key, &pks);
e0751257 DK	118	key_put(key);
	119	pr_debug("%s() = %d\n", __func__, ret);
	120	return ret;
	121	}
6eb864c1 MK	122
	123	/**
	124	* integrity_kernel_module_request - prevent crypto-pkcs1pad(rsa,*) requests
	125	* @kmod_name: kernel module name
	126	*
	127	* We have situation, when public_key_verify_signature() in case of RSA
	128	* algorithm use alg_name to store internal information in order to
	129	* construct an algorithm on the fly, but crypto_larval_lookup() will try
	130	* to use alg_name in order to load kernel module with same name.
	131	* Since we don't have any real "crypto-pkcs1pad(rsa,*)" kernel modules,
	132	* we are safe to fail such module request from crypto_larval_lookup().
	133	*
	134	* In this way we prevent modprobe execution during digsig verification
	135	* and avoid possible deadlock if modprobe and/or it's dependencies
	136	* also signed with digsig.
	137	*/
	138	int integrity_kernel_module_request(char *kmod_name)
	139	{
	140	if (strncmp(kmod_name, "crypto-pkcs1pad(rsa,", 20) == 0)
	141	return -EINVAL;
	142
	143	return 0;
	144	}