xref: /linux/security/integrity/digsig_asymmetric.c (revision 23da766ab1dc005860b675bf048226a11a748bf9)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Copyright (C) 2013 Intel Corporation
4  *
5  * Author:
6  * Dmitry Kasatkin <dmitry.kasatkin@intel.com>
7  */
8 
9 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10 
11 #include <linux/err.h>
12 #include <linux/ratelimit.h>
13 #include <linux/key-type.h>
14 #include <crypto/public_key.h>
15 #include <crypto/hash_info.h>
16 #include <keys/asymmetric-type.h>
17 #include <keys/system_keyring.h>
18 
19 #include "integrity.h"
20 
21 /*
22  * Request an asymmetric key.
23  */
24 static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid)
25 {
26 	struct key *key;
27 	char name[12];
28 
29 	sprintf(name, "id:%08x", keyid);
30 
31 	pr_debug("key search: \"%s\"\n", name);
32 
33 	key = get_ima_blacklist_keyring();
34 	if (key) {
35 		key_ref_t kref;
36 
37 		kref = keyring_search(make_key_ref(key, 1),
38 				     &key_type_asymmetric, name);
39 		if (!IS_ERR(kref)) {
40 			pr_err("Key '%s' is in ima_blacklist_keyring\n", name);
41 			return ERR_PTR(-EKEYREJECTED);
42 		}
43 	}
44 
45 	if (keyring) {
46 		/* search in specific keyring */
47 		key_ref_t kref;
48 
49 		kref = keyring_search(make_key_ref(keyring, 1),
50 				      &key_type_asymmetric, name);
51 		if (IS_ERR(kref))
52 			key = ERR_CAST(kref);
53 		else
54 			key = key_ref_to_ptr(kref);
55 	} else {
56 		key = request_key(&key_type_asymmetric, name, NULL);
57 	}
58 
59 	if (IS_ERR(key)) {
60 		pr_err_ratelimited("Request for unknown key '%s' err %ld\n",
61 				   name, PTR_ERR(key));
62 		switch (PTR_ERR(key)) {
63 			/* Hide some search errors */
64 		case -EACCES:
65 		case -ENOTDIR:
66 		case -EAGAIN:
67 			return ERR_PTR(-ENOKEY);
68 		default:
69 			return key;
70 		}
71 	}
72 
73 	pr_debug("%s() = 0 [%x]\n", __func__, key_serial(key));
74 
75 	return key;
76 }
77 
78 int asymmetric_verify(struct key *keyring, const char *sig,
79 		      int siglen, const char *data, int datalen)
80 {
81 	struct public_key_signature pks;
82 	struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
83 	struct key *key;
84 	int ret = -ENOMEM;
85 
86 	if (siglen <= sizeof(*hdr))
87 		return -EBADMSG;
88 
89 	siglen -= sizeof(*hdr);
90 
91 	if (siglen != be16_to_cpu(hdr->sig_size))
92 		return -EBADMSG;
93 
94 	if (hdr->hash_algo >= HASH_ALGO__LAST)
95 		return -ENOPKG;
96 
97 	key = request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid));
98 	if (IS_ERR(key))
99 		return PTR_ERR(key);
100 
101 	memset(&pks, 0, sizeof(pks));
102 
103 	pks.hash_algo = hash_algo_name[hdr->hash_algo];
104 	if (hdr->hash_algo == HASH_ALGO_STREEBOG_256 ||
105 	    hdr->hash_algo == HASH_ALGO_STREEBOG_512) {
106 		/* EC-RDSA and Streebog should go together. */
107 		pks.pkey_algo = "ecrdsa";
108 		pks.encoding = "raw";
109 	} else {
110 		pks.pkey_algo = "rsa";
111 		pks.encoding = "pkcs1";
112 	}
113 	pks.digest = (u8 *)data;
114 	pks.digest_size = datalen;
115 	pks.s = hdr->sig;
116 	pks.s_size = siglen;
117 	ret = verify_signature(key, &pks);
118 	key_put(key);
119 	pr_debug("%s() = %d\n", __func__, ret);
120 	return ret;
121 }
122 
123 /**
124  * integrity_kernel_module_request - prevent crypto-pkcs1pad(rsa,*) requests
125  * @kmod_name: kernel module name
126  *
127  * We have situation, when public_key_verify_signature() in case of RSA
128  * algorithm use alg_name to store internal information in order to
129  * construct an algorithm on the fly, but crypto_larval_lookup() will try
130  * to use alg_name in order to load kernel module with same name.
131  * Since we don't have any real "crypto-pkcs1pad(rsa,*)" kernel modules,
132  * we are safe to fail such module request from crypto_larval_lookup().
133  *
134  * In this way we prevent modprobe execution during digsig verification
135  * and avoid possible deadlock if modprobe and/or it's dependencies
136  * also signed with digsig.
137  */
138 int integrity_kernel_module_request(char *kmod_name)
139 {
140 	if (strncmp(kmod_name, "crypto-pkcs1pad(rsa,", 20) == 0)
141 		return -EINVAL;
142 
143 	return 0;
144 }
145