Commit | Line | Data |
---|---|---|
b886d83c | 1 | // SPDX-License-Identifier: GPL-2.0-only |
e0751257 DK |
2 | /* |
3 | * Copyright (C) 2013 Intel Corporation | |
4 | * | |
5 | * Author: | |
6 | * Dmitry Kasatkin <dmitry.kasatkin@intel.com> | |
e0751257 DK |
7 | */ |
8 | ||
e0751257 | 9 | #include <linux/err.h> |
d9a2e5d7 | 10 | #include <linux/ratelimit.h> |
e0751257 DK |
11 | #include <linux/key-type.h> |
12 | #include <crypto/public_key.h> | |
4e8ae72a | 13 | #include <crypto/hash_info.h> |
e0751257 | 14 | #include <keys/asymmetric-type.h> |
41c89b64 | 15 | #include <keys/system_keyring.h> |
e0751257 DK |
16 | |
17 | #include "integrity.h" | |
18 | ||
e0751257 DK |
19 | /* |
20 | * Request an asymmetric key. | |
21 | */ | |
22 | static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid) | |
23 | { | |
24 | struct key *key; | |
25 | char name[12]; | |
26 | ||
594081ee | 27 | sprintf(name, "id:%08x", keyid); |
e0751257 DK |
28 | |
29 | pr_debug("key search: \"%s\"\n", name); | |
30 | ||
41c89b64 PM |
31 | key = get_ima_blacklist_keyring(); |
32 | if (key) { | |
33 | key_ref_t kref; | |
34 | ||
35 | kref = keyring_search(make_key_ref(key, 1), | |
dcf49dbc | 36 | &key_type_asymmetric, name, true); |
41c89b64 PM |
37 | if (!IS_ERR(kref)) { |
38 | pr_err("Key '%s' is in ima_blacklist_keyring\n", name); | |
39 | return ERR_PTR(-EKEYREJECTED); | |
40 | } | |
41 | } | |
42 | ||
e0751257 DK |
43 | if (keyring) { |
44 | /* search in specific keyring */ | |
45 | key_ref_t kref; | |
41c89b64 | 46 | |
e0751257 | 47 | kref = keyring_search(make_key_ref(keyring, 1), |
dcf49dbc | 48 | &key_type_asymmetric, name, true); |
e0751257 DK |
49 | if (IS_ERR(kref)) |
50 | key = ERR_CAST(kref); | |
51 | else | |
52 | key = key_ref_to_ptr(kref); | |
53 | } else { | |
028db3e2 | 54 | key = request_key(&key_type_asymmetric, name, NULL); |
e0751257 DK |
55 | } |
56 | ||
57 | if (IS_ERR(key)) { | |
8c2f516c BM |
58 | if (keyring) |
59 | pr_err_ratelimited("Request for unknown key '%s' in '%s' keyring. err %ld\n", | |
60 | name, keyring->description, | |
61 | PTR_ERR(key)); | |
62 | else | |
63 | pr_err_ratelimited("Request for unknown key '%s' err %ld\n", | |
64 | name, PTR_ERR(key)); | |
65 | ||
e0751257 DK |
66 | switch (PTR_ERR(key)) { |
67 | /* Hide some search errors */ | |
68 | case -EACCES: | |
69 | case -ENOTDIR: | |
70 | case -EAGAIN: | |
71 | return ERR_PTR(-ENOKEY); | |
72 | default: | |
73 | return key; | |
74 | } | |
75 | } | |
76 | ||
77 | pr_debug("%s() = 0 [%x]\n", __func__, key_serial(key)); | |
78 | ||
79 | return key; | |
80 | } | |
81 | ||
82 | int asymmetric_verify(struct key *keyring, const char *sig, | |
83 | int siglen, const char *data, int datalen) | |
84 | { | |
85 | struct public_key_signature pks; | |
86 | struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig; | |
87 | struct key *key; | |
3db0d0c2 | 88 | int ret; |
e0751257 DK |
89 | |
90 | if (siglen <= sizeof(*hdr)) | |
91 | return -EBADMSG; | |
92 | ||
93 | siglen -= sizeof(*hdr); | |
94 | ||
bb543e39 | 95 | if (siglen != be16_to_cpu(hdr->sig_size)) |
e0751257 DK |
96 | return -EBADMSG; |
97 | ||
4e8ae72a | 98 | if (hdr->hash_algo >= HASH_ALGO__LAST) |
e0751257 DK |
99 | return -ENOPKG; |
100 | ||
bb543e39 | 101 | key = request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid)); |
e0751257 DK |
102 | if (IS_ERR(key)) |
103 | return PTR_ERR(key); | |
104 | ||
105 | memset(&pks, 0, sizeof(pks)); | |
106 | ||
4e8ae72a | 107 | pks.hash_algo = hash_algo_name[hdr->hash_algo]; |
0b7e44d3 TZ |
108 | switch (hdr->hash_algo) { |
109 | case HASH_ALGO_STREEBOG_256: | |
110 | case HASH_ALGO_STREEBOG_512: | |
be08f0c6 VC |
111 | /* EC-RDSA and Streebog should go together. */ |
112 | pks.pkey_algo = "ecrdsa"; | |
113 | pks.encoding = "raw"; | |
0b7e44d3 TZ |
114 | break; |
115 | case HASH_ALGO_SM3_256: | |
116 | /* SM2 and SM3 should go together. */ | |
117 | pks.pkey_algo = "sm2"; | |
118 | pks.encoding = "raw"; | |
119 | break; | |
120 | default: | |
be08f0c6 VC |
121 | pks.pkey_algo = "rsa"; |
122 | pks.encoding = "pkcs1"; | |
0b7e44d3 | 123 | break; |
be08f0c6 | 124 | } |
e0751257 DK |
125 | pks.digest = (u8 *)data; |
126 | pks.digest_size = datalen; | |
eb5798f2 TS |
127 | pks.s = hdr->sig; |
128 | pks.s_size = siglen; | |
129 | ret = verify_signature(key, &pks); | |
e0751257 DK |
130 | key_put(key); |
131 | pr_debug("%s() = %d\n", __func__, ret); | |
132 | return ret; | |
133 | } | |
6eb864c1 MK |
134 | |
135 | /** | |
136 | * integrity_kernel_module_request - prevent crypto-pkcs1pad(rsa,*) requests | |
137 | * @kmod_name: kernel module name | |
138 | * | |
139 | * We have situation, when public_key_verify_signature() in case of RSA | |
140 | * algorithm use alg_name to store internal information in order to | |
141 | * construct an algorithm on the fly, but crypto_larval_lookup() will try | |
142 | * to use alg_name in order to load kernel module with same name. | |
143 | * Since we don't have any real "crypto-pkcs1pad(rsa,*)" kernel modules, | |
144 | * we are safe to fail such module request from crypto_larval_lookup(). | |
145 | * | |
146 | * In this way we prevent modprobe execution during digsig verification | |
147 | * and avoid possible deadlock if modprobe and/or it's dependencies | |
148 | * also signed with digsig. | |
149 | */ | |
150 | int integrity_kernel_module_request(char *kmod_name) | |
151 | { | |
152 | if (strncmp(kmod_name, "crypto-pkcs1pad(rsa,", 20) == 0) | |
153 | return -EINVAL; | |
154 | ||
155 | return 0; | |
156 | } |