1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* Asymmetric public-key cryptography key type
3 *
4 * See Documentation/crypto/asymmetric-keys.rst
5 *
6 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
7 * Written by David Howells (dhowells@redhat.com)
8 */
9 #include <keys/asymmetric-subtype.h>
10 #include <keys/asymmetric-parser.h>
11 #include <crypto/public_key.h>
12 #include <linux/hex.h>
13 #include <linux/seq_file.h>
14 #include <linux/module.h>
15 #include <linux/overflow.h>
16 #include <linux/slab.h>
17 #include <linux/ctype.h>
18 #include <keys/system_keyring.h>
19 #include <keys/user-type.h>
20 #include "asymmetric_keys.h"
21
22
23 static LIST_HEAD(asymmetric_key_parsers);
24 static DECLARE_RWSEM(asymmetric_key_parsers_sem);
25
26 /**
27 * find_asymmetric_key - Find a key by ID.
28 * @keyring: The keys to search.
29 * @id_0: The first ID to look for or NULL.
30 * @id_1: The second ID to look for or NULL, matched together with @id_0
31 * against @keyring keys' id[0] and id[1].
32 * @id_2: The fallback ID to match against @keyring keys' id[2] if both of the
33 * other IDs are NULL.
34 * @partial: Use partial match for @id_0 and @id_1 if true, exact if false.
35 *
36 * Find a key in the given keyring by identifier. The preferred identifier is
37 * the id_0 and the fallback identifier is the id_1. If both are given, the
38 * former is matched (exactly or partially) against either of the sought key's
39 * identifiers and the latter must match the found key's second identifier
40 * exactly. If both are missing, id_2 must match the sought key's third
41 * identifier exactly.
42 */
find_asymmetric_key(struct key * keyring,const struct asymmetric_key_id * id_0,const struct asymmetric_key_id * id_1,const struct asymmetric_key_id * id_2,bool partial)43 struct key *find_asymmetric_key(struct key *keyring,
44 const struct asymmetric_key_id *id_0,
45 const struct asymmetric_key_id *id_1,
46 const struct asymmetric_key_id *id_2,
47 bool partial)
48 {
49 struct key *key;
50 key_ref_t ref;
51 const char *lookup;
52 char *req, *p;
53 int len;
54
55 if (id_0) {
56 lookup = id_0->data;
57 len = id_0->len;
58 } else if (id_1) {
59 lookup = id_1->data;
60 len = id_1->len;
61 } else if (id_2) {
62 lookup = id_2->data;
63 len = id_2->len;
64 } else {
65 WARN_ON(1);
66 return ERR_PTR(-EINVAL);
67 }
68
69 /* Construct an identifier "id:<keyid>". */
70 p = req = kmalloc(2 + 1 + len * 2 + 1, GFP_KERNEL);
71 if (!req)
72 return ERR_PTR(-ENOMEM);
73
74 if (!id_0 && !id_1) {
75 *p++ = 'd';
76 *p++ = 'n';
77 } else if (partial) {
78 *p++ = 'i';
79 *p++ = 'd';
80 } else {
81 *p++ = 'e';
82 *p++ = 'x';
83 }
84 *p++ = ':';
85 p = bin2hex(p, lookup, len);
86 *p = 0;
87
88 pr_debug("Look up: \"%s\"\n", req);
89
90 ref = keyring_search(make_key_ref(keyring, 1),
91 &key_type_asymmetric, req, true);
92 if (IS_ERR(ref))
93 pr_debug("Request for key '%s' err %ld\n", req, PTR_ERR(ref));
94 kfree(req);
95
96 if (IS_ERR(ref)) {
97 switch (PTR_ERR(ref)) {
98 /* Hide some search errors */
99 case -EACCES:
100 case -ENOTDIR:
101 case -EAGAIN:
102 return ERR_PTR(-ENOKEY);
103 default:
104 return ERR_CAST(ref);
105 }
106 }
107
108 key = key_ref_to_ptr(ref);
109 if (id_0 && id_1) {
110 const struct asymmetric_key_ids *kids = asymmetric_key_ids(key);
111
112 if (!kids->id[1]) {
113 pr_debug("First ID matches, but second is missing\n");
114 goto reject;
115 }
116 if (!asymmetric_key_id_same(id_1, kids->id[1])) {
117 pr_debug("First ID matches, but second does not\n");
118 goto reject;
119 }
120 }
121
122 pr_devel("<==%s() = 0 [%x]\n", __func__, key_serial(key));
123 return key;
124
125 reject:
126 key_put(key);
127 return ERR_PTR(-EKEYREJECTED);
128 }
129 EXPORT_SYMBOL_GPL(find_asymmetric_key);
130
131 /**
132 * asymmetric_key_generate_id: Construct an asymmetric key ID
133 * @val_1: First binary blob
134 * @len_1: Length of first binary blob
135 * @val_2: Second binary blob
136 * @len_2: Length of second binary blob
137 *
138 * Construct an asymmetric key ID from a pair of binary blobs.
139 */
asymmetric_key_generate_id(const void * val_1,size_t len_1,const void * val_2,size_t len_2)140 struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1,
141 size_t len_1,
142 const void *val_2,
143 size_t len_2)
144 {
145 struct asymmetric_key_id *kid;
146 size_t kid_sz;
147 size_t len;
148
149 if (check_add_overflow(len_1, len_2, &len))
150 return ERR_PTR(-EOVERFLOW);
151 if (check_add_overflow(sizeof(struct asymmetric_key_id), len, &kid_sz))
152 return ERR_PTR(-EOVERFLOW);
153 kid = kmalloc(kid_sz, GFP_KERNEL);
154 if (!kid)
155 return ERR_PTR(-ENOMEM);
156 kid->len = len;
157 memcpy(kid->data, val_1, len_1);
158 memcpy(kid->data + len_1, val_2, len_2);
159 return kid;
160 }
161 EXPORT_SYMBOL_GPL(asymmetric_key_generate_id);
162
163 /**
164 * asymmetric_key_id_same - Return true if two asymmetric keys IDs are the same.
165 * @kid1: The key ID to compare
166 * @kid2: The key ID to compare
167 */
asymmetric_key_id_same(const struct asymmetric_key_id * kid1,const struct asymmetric_key_id * kid2)168 bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
169 const struct asymmetric_key_id *kid2)
170 {
171 if (!kid1 || !kid2)
172 return false;
173 if (kid1->len != kid2->len)
174 return false;
175 return memcmp(kid1->data, kid2->data, kid1->len) == 0;
176 }
177 EXPORT_SYMBOL_GPL(asymmetric_key_id_same);
178
179 /**
180 * asymmetric_key_id_partial - Return true if two asymmetric keys IDs
181 * partially match
182 * @kid1: The key ID to compare
183 * @kid2: The key ID to compare
184 */
asymmetric_key_id_partial(const struct asymmetric_key_id * kid1,const struct asymmetric_key_id * kid2)185 bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1,
186 const struct asymmetric_key_id *kid2)
187 {
188 if (!kid1 || !kid2)
189 return false;
190 if (kid1->len < kid2->len)
191 return false;
192 return memcmp(kid1->data + (kid1->len - kid2->len),
193 kid2->data, kid2->len) == 0;
194 }
195 EXPORT_SYMBOL_GPL(asymmetric_key_id_partial);
196
197 /**
198 * asymmetric_match_key_ids - Search asymmetric key IDs 1 & 2
199 * @kids: The pair of key IDs to check
200 * @match_id: The key ID we're looking for
201 * @match: The match function to use
202 */
asymmetric_match_key_ids(const struct asymmetric_key_ids * kids,const struct asymmetric_key_id * match_id,bool (* match)(const struct asymmetric_key_id * kid1,const struct asymmetric_key_id * kid2))203 static bool asymmetric_match_key_ids(
204 const struct asymmetric_key_ids *kids,
205 const struct asymmetric_key_id *match_id,
206 bool (*match)(const struct asymmetric_key_id *kid1,
207 const struct asymmetric_key_id *kid2))
208 {
209 int i;
210
211 if (!kids || !match_id)
212 return false;
213 for (i = 0; i < 2; i++)
214 if (match(kids->id[i], match_id))
215 return true;
216 return false;
217 }
218
219 /* helper function can be called directly with pre-allocated memory */
__asymmetric_key_hex_to_key_id(const char * id,struct asymmetric_key_id * match_id,size_t hexlen)220 inline int __asymmetric_key_hex_to_key_id(const char *id,
221 struct asymmetric_key_id *match_id,
222 size_t hexlen)
223 {
224 match_id->len = hexlen;
225 return hex2bin(match_id->data, id, hexlen);
226 }
227
228 /**
229 * asymmetric_key_hex_to_key_id - Convert a hex string into a key ID.
230 * @id: The ID as a hex string.
231 */
asymmetric_key_hex_to_key_id(const char * id)232 struct asymmetric_key_id *asymmetric_key_hex_to_key_id(const char *id)
233 {
234 struct asymmetric_key_id *match_id;
235 size_t asciihexlen;
236 int ret;
237
238 if (!*id)
239 return ERR_PTR(-EINVAL);
240 asciihexlen = strlen(id);
241 if (asciihexlen & 1)
242 return ERR_PTR(-EINVAL);
243
244 match_id = kmalloc(sizeof(struct asymmetric_key_id) + asciihexlen / 2,
245 GFP_KERNEL);
246 if (!match_id)
247 return ERR_PTR(-ENOMEM);
248 ret = __asymmetric_key_hex_to_key_id(id, match_id, asciihexlen / 2);
249 if (ret < 0) {
250 kfree(match_id);
251 return ERR_PTR(-EINVAL);
252 }
253 return match_id;
254 }
255
256 /*
257 * Match asymmetric keys by an exact match on one of the first two IDs.
258 */
asymmetric_key_cmp(const struct key * key,const struct key_match_data * match_data)259 static bool asymmetric_key_cmp(const struct key *key,
260 const struct key_match_data *match_data)
261 {
262 const struct asymmetric_key_ids *kids = asymmetric_key_ids(key);
263 const struct asymmetric_key_id *match_id = match_data->preparsed;
264
265 return asymmetric_match_key_ids(kids, match_id,
266 asymmetric_key_id_same);
267 }
268
269 /*
270 * Match asymmetric keys by a partial match on one of the first two IDs.
271 */
asymmetric_key_cmp_partial(const struct key * key,const struct key_match_data * match_data)272 static bool asymmetric_key_cmp_partial(const struct key *key,
273 const struct key_match_data *match_data)
274 {
275 const struct asymmetric_key_ids *kids = asymmetric_key_ids(key);
276 const struct asymmetric_key_id *match_id = match_data->preparsed;
277
278 return asymmetric_match_key_ids(kids, match_id,
279 asymmetric_key_id_partial);
280 }
281
282 /*
283 * Match asymmetric keys by an exact match on the third IDs.
284 */
asymmetric_key_cmp_name(const struct key * key,const struct key_match_data * match_data)285 static bool asymmetric_key_cmp_name(const struct key *key,
286 const struct key_match_data *match_data)
287 {
288 const struct asymmetric_key_ids *kids = asymmetric_key_ids(key);
289 const struct asymmetric_key_id *match_id = match_data->preparsed;
290
291 return kids && asymmetric_key_id_same(kids->id[2], match_id);
292 }
293
294 /*
295 * Preparse the match criterion. If we don't set lookup_type and cmp,
296 * the default will be an exact match on the key description.
297 *
298 * There are some specifiers for matching key IDs rather than by the key
299 * description:
300 *
301 * "id:<id>" - find a key by partial match on one of the first two IDs
302 * "ex:<id>" - find a key by exact match on one of the first two IDs
303 * "dn:<id>" - find a key by exact match on the third ID
304 *
305 * These have to be searched by iteration rather than by direct lookup because
306 * the key is hashed according to its description.
307 */
asymmetric_key_match_preparse(struct key_match_data * match_data)308 static int asymmetric_key_match_preparse(struct key_match_data *match_data)
309 {
310 struct asymmetric_key_id *match_id;
311 const char *spec = match_data->raw_data;
312 const char *id;
313 bool (*cmp)(const struct key *, const struct key_match_data *) =
314 asymmetric_key_cmp;
315
316 if (!spec || !*spec)
317 return -EINVAL;
318 if (spec[0] == 'i' &&
319 spec[1] == 'd' &&
320 spec[2] == ':') {
321 id = spec + 3;
322 cmp = asymmetric_key_cmp_partial;
323 } else if (spec[0] == 'e' &&
324 spec[1] == 'x' &&
325 spec[2] == ':') {
326 id = spec + 3;
327 } else if (spec[0] == 'd' &&
328 spec[1] == 'n' &&
329 spec[2] == ':') {
330 id = spec + 3;
331 cmp = asymmetric_key_cmp_name;
332 } else {
333 goto default_match;
334 }
335
336 match_id = asymmetric_key_hex_to_key_id(id);
337 if (IS_ERR(match_id))
338 return PTR_ERR(match_id);
339
340 match_data->preparsed = match_id;
341 match_data->cmp = cmp;
342 match_data->lookup_type = KEYRING_SEARCH_LOOKUP_ITERATE;
343 return 0;
344
345 default_match:
346 return 0;
347 }
348
349 /*
350 * Free the preparsed the match criterion.
351 */
asymmetric_key_match_free(struct key_match_data * match_data)352 static void asymmetric_key_match_free(struct key_match_data *match_data)
353 {
354 kfree(match_data->preparsed);
355 }
356
357 /*
358 * Describe the asymmetric key
359 */
asymmetric_key_describe(const struct key * key,struct seq_file * m)360 static void asymmetric_key_describe(const struct key *key, struct seq_file *m)
361 {
362 const struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key);
363 const struct asymmetric_key_ids *kids = asymmetric_key_ids(key);
364 const struct asymmetric_key_id *kid;
365 const unsigned char *p;
366 int n;
367
368 seq_puts(m, key->description);
369
370 if (subtype) {
371 seq_puts(m, ": ");
372 subtype->describe(key, m);
373
374 if (kids && kids->id[1]) {
375 kid = kids->id[1];
376 seq_putc(m, ' ');
377 n = kid->len;
378 p = kid->data;
379 if (n > 4) {
380 p += n - 4;
381 n = 4;
382 }
383 seq_printf(m, "%*phN", n, p);
384 }
385
386 seq_puts(m, " [");
387 /* put something here to indicate the key's capabilities */
388 seq_putc(m, ']');
389 }
390 }
391
392 /*
393 * Preparse a asymmetric payload to get format the contents appropriately for the
394 * internal payload to cut down on the number of scans of the data performed.
395 *
396 * We also generate a proposed description from the contents of the key that
397 * can be used to name the key if the user doesn't want to provide one.
398 */
asymmetric_key_preparse(struct key_preparsed_payload * prep)399 static int asymmetric_key_preparse(struct key_preparsed_payload *prep)
400 {
401 struct asymmetric_key_parser *parser;
402 int ret;
403
404 pr_devel("==>%s()\n", __func__);
405
406 if (prep->datalen == 0)
407 return -EINVAL;
408
409 down_read(&asymmetric_key_parsers_sem);
410
411 ret = -EBADMSG;
412 list_for_each_entry(parser, &asymmetric_key_parsers, link) {
413 pr_debug("Trying parser '%s'\n", parser->name);
414
415 ret = parser->parse(prep);
416 if (ret != -EBADMSG) {
417 pr_debug("Parser recognised the format (ret %d)\n",
418 ret);
419 break;
420 }
421 }
422
423 up_read(&asymmetric_key_parsers_sem);
424 pr_devel("<==%s() = %d\n", __func__, ret);
425 return ret;
426 }
427
428 /*
429 * Clean up the key ID list
430 */
asymmetric_key_free_kids(struct asymmetric_key_ids * kids)431 static void asymmetric_key_free_kids(struct asymmetric_key_ids *kids)
432 {
433 int i;
434
435 if (kids) {
436 for (i = 0; i < ARRAY_SIZE(kids->id); i++)
437 kfree(kids->id[i]);
438 kfree(kids);
439 }
440 }
441
442 /*
443 * Clean up the preparse data
444 */
asymmetric_key_free_preparse(struct key_preparsed_payload * prep)445 static void asymmetric_key_free_preparse(struct key_preparsed_payload *prep)
446 {
447 struct asymmetric_key_subtype *subtype = prep->payload.data[asym_subtype];
448 struct asymmetric_key_ids *kids = prep->payload.data[asym_key_ids];
449
450 pr_devel("==>%s()\n", __func__);
451
452 if (subtype) {
453 subtype->destroy(prep->payload.data[asym_crypto],
454 prep->payload.data[asym_auth]);
455 module_put(subtype->owner);
456 }
457 asymmetric_key_free_kids(kids);
458 kfree(prep->description);
459 }
460
461 /*
462 * dispose of the data dangling from the corpse of a asymmetric key
463 */
asymmetric_key_destroy(struct key * key)464 static void asymmetric_key_destroy(struct key *key)
465 {
466 struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key);
467 struct asymmetric_key_ids *kids = key->payload.data[asym_key_ids];
468 void *data = key->payload.data[asym_crypto];
469 void *auth = key->payload.data[asym_auth];
470
471 key->payload.data[asym_crypto] = NULL;
472 key->payload.data[asym_subtype] = NULL;
473 key->payload.data[asym_key_ids] = NULL;
474 key->payload.data[asym_auth] = NULL;
475
476 if (subtype) {
477 subtype->destroy(data, auth);
478 module_put(subtype->owner);
479 }
480
481 asymmetric_key_free_kids(kids);
482 }
483
asymmetric_restriction_alloc(key_restrict_link_func_t check,struct key * key)484 static struct key_restriction *asymmetric_restriction_alloc(
485 key_restrict_link_func_t check,
486 struct key *key)
487 {
488 struct key_restriction *keyres =
489 kzalloc_obj(struct key_restriction);
490
491 if (!keyres)
492 return ERR_PTR(-ENOMEM);
493
494 keyres->check = check;
495 keyres->key = key;
496 keyres->keytype = &key_type_asymmetric;
497
498 return keyres;
499 }
500
501 /*
502 * look up keyring restrict functions for asymmetric keys
503 */
asymmetric_lookup_restriction(const char * restriction)504 static struct key_restriction *asymmetric_lookup_restriction(
505 const char *restriction)
506 {
507 char *restrict_method;
508 char *parse_buf;
509 char *next;
510 struct key_restriction *ret = ERR_PTR(-EINVAL);
511
512 if (strcmp("builtin_trusted", restriction) == 0)
513 return asymmetric_restriction_alloc(
514 restrict_link_by_builtin_trusted, NULL);
515
516 if (strcmp("builtin_and_secondary_trusted", restriction) == 0)
517 return asymmetric_restriction_alloc(
518 restrict_link_by_builtin_and_secondary_trusted, NULL);
519
520 parse_buf = kstrndup(restriction, PAGE_SIZE, GFP_KERNEL);
521 if (!parse_buf)
522 return ERR_PTR(-ENOMEM);
523
524 next = parse_buf;
525 restrict_method = strsep(&next, ":");
526
527 if ((strcmp(restrict_method, "key_or_keyring") == 0) && next) {
528 char *key_text;
529 key_serial_t serial;
530 struct key *key;
531 key_restrict_link_func_t link_fn =
532 restrict_link_by_key_or_keyring;
533 bool allow_null_key = false;
534
535 key_text = strsep(&next, ":");
536
537 if (next) {
538 if (strcmp(next, "chain") != 0)
539 goto out;
540
541 link_fn = restrict_link_by_key_or_keyring_chain;
542 allow_null_key = true;
543 }
544
545 if (kstrtos32(key_text, 0, &serial) < 0)
546 goto out;
547
548 if ((serial == 0) && allow_null_key) {
549 key = NULL;
550 } else {
551 key = key_lookup(serial);
552 if (IS_ERR(key)) {
553 ret = ERR_CAST(key);
554 goto out;
555 }
556 }
557
558 ret = asymmetric_restriction_alloc(link_fn, key);
559 if (IS_ERR(ret))
560 key_put(key);
561 }
562
563 out:
564 kfree(parse_buf);
565 return ret;
566 }
567
asymmetric_key_eds_op(struct kernel_pkey_params * params,const void * in,void * out)568 int asymmetric_key_eds_op(struct kernel_pkey_params *params,
569 const void *in, void *out)
570 {
571 const struct asymmetric_key_subtype *subtype;
572 struct key *key = params->key;
573 int ret;
574
575 pr_devel("==>%s()\n", __func__);
576
577 if (key->type != &key_type_asymmetric)
578 return -EINVAL;
579 subtype = asymmetric_key_subtype(key);
580 if (!subtype ||
581 !key->payload.data[0])
582 return -EINVAL;
583 if (!subtype->eds_op)
584 return -ENOTSUPP;
585
586 ret = subtype->eds_op(params, in, out);
587
588 pr_devel("<==%s() = %d\n", __func__, ret);
589 return ret;
590 }
591
asymmetric_key_verify_signature(struct kernel_pkey_params * params,const void * in,const void * in2)592 static int asymmetric_key_verify_signature(struct kernel_pkey_params *params,
593 const void *in, const void *in2)
594 {
595 struct public_key_signature sig = {
596 .s_size = params->in2_len,
597 .m_size = params->in_len,
598 .encoding = params->encoding,
599 .hash_algo = params->hash_algo,
600 .m = (void *)in,
601 .s = (void *)in2,
602 };
603
604 return verify_signature(params->key, &sig);
605 }
606
607 struct key_type key_type_asymmetric = {
608 .name = "asymmetric",
609 .preparse = asymmetric_key_preparse,
610 .free_preparse = asymmetric_key_free_preparse,
611 .instantiate = generic_key_instantiate,
612 .match_preparse = asymmetric_key_match_preparse,
613 .match_free = asymmetric_key_match_free,
614 .destroy = asymmetric_key_destroy,
615 .describe = asymmetric_key_describe,
616 .lookup_restriction = asymmetric_lookup_restriction,
617 .asym_query = query_asymmetric_key,
618 .asym_eds_op = asymmetric_key_eds_op,
619 .asym_verify_signature = asymmetric_key_verify_signature,
620 };
621 EXPORT_SYMBOL_GPL(key_type_asymmetric);
622
623 /**
624 * register_asymmetric_key_parser - Register a asymmetric key blob parser
625 * @parser: The parser to register
626 */
register_asymmetric_key_parser(struct asymmetric_key_parser * parser)627 int register_asymmetric_key_parser(struct asymmetric_key_parser *parser)
628 {
629 struct asymmetric_key_parser *cursor;
630 int ret;
631
632 down_write(&asymmetric_key_parsers_sem);
633
634 list_for_each_entry(cursor, &asymmetric_key_parsers, link) {
635 if (strcmp(cursor->name, parser->name) == 0) {
636 pr_err("Asymmetric key parser '%s' already registered\n",
637 parser->name);
638 ret = -EEXIST;
639 goto out;
640 }
641 }
642
643 list_add_tail(&parser->link, &asymmetric_key_parsers);
644
645 pr_notice("Asymmetric key parser '%s' registered\n", parser->name);
646 ret = 0;
647
648 out:
649 up_write(&asymmetric_key_parsers_sem);
650 return ret;
651 }
652 EXPORT_SYMBOL_GPL(register_asymmetric_key_parser);
653
654 /**
655 * unregister_asymmetric_key_parser - Unregister a asymmetric key blob parser
656 * @parser: The parser to unregister
657 */
unregister_asymmetric_key_parser(struct asymmetric_key_parser * parser)658 void unregister_asymmetric_key_parser(struct asymmetric_key_parser *parser)
659 {
660 down_write(&asymmetric_key_parsers_sem);
661 list_del(&parser->link);
662 up_write(&asymmetric_key_parsers_sem);
663
664 pr_notice("Asymmetric key parser '%s' unregistered\n", parser->name);
665 }
666 EXPORT_SYMBOL_GPL(unregister_asymmetric_key_parser);
667
668 /*
669 * Module stuff
670 */
asymmetric_key_init(void)671 static int __init asymmetric_key_init(void)
672 {
673 return register_key_type(&key_type_asymmetric);
674 }
675
asymmetric_key_cleanup(void)676 static void __exit asymmetric_key_cleanup(void)
677 {
678 unregister_key_type(&key_type_asymmetric);
679 }
680
681 module_init(asymmetric_key_init);
682 module_exit(asymmetric_key_cleanup);
683