xref: /linux/security/integrity/digsig_asymmetric.c (revision 48dea9a700c8728cc31a1dd44588b97578de86ee)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Copyright (C) 2013 Intel Corporation
4  *
5  * Author:
6  * Dmitry Kasatkin <dmitry.kasatkin@intel.com>
7  */
8 
9 #include <linux/err.h>
10 #include <linux/ratelimit.h>
11 #include <linux/key-type.h>
12 #include <crypto/public_key.h>
13 #include <crypto/hash_info.h>
14 #include <keys/asymmetric-type.h>
15 #include <keys/system_keyring.h>
16 
17 #include "integrity.h"
18 
19 /*
20  * Request an asymmetric key.
21  */
22 static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid)
23 {
24 	struct key *key;
25 	char name[12];
26 
27 	sprintf(name, "id:%08x", keyid);
28 
29 	pr_debug("key search: \"%s\"\n", name);
30 
31 	key = get_ima_blacklist_keyring();
32 	if (key) {
33 		key_ref_t kref;
34 
35 		kref = keyring_search(make_key_ref(key, 1),
36 				      &key_type_asymmetric, name, true);
37 		if (!IS_ERR(kref)) {
38 			pr_err("Key '%s' is in ima_blacklist_keyring\n", name);
39 			return ERR_PTR(-EKEYREJECTED);
40 		}
41 	}
42 
43 	if (keyring) {
44 		/* search in specific keyring */
45 		key_ref_t kref;
46 
47 		kref = keyring_search(make_key_ref(keyring, 1),
48 				      &key_type_asymmetric, name, true);
49 		if (IS_ERR(kref))
50 			key = ERR_CAST(kref);
51 		else
52 			key = key_ref_to_ptr(kref);
53 	} else {
54 		key = request_key(&key_type_asymmetric, name, NULL);
55 	}
56 
57 	if (IS_ERR(key)) {
58 		pr_err_ratelimited("Request for unknown key '%s' err %ld\n",
59 				   name, PTR_ERR(key));
60 		switch (PTR_ERR(key)) {
61 			/* Hide some search errors */
62 		case -EACCES:
63 		case -ENOTDIR:
64 		case -EAGAIN:
65 			return ERR_PTR(-ENOKEY);
66 		default:
67 			return key;
68 		}
69 	}
70 
71 	pr_debug("%s() = 0 [%x]\n", __func__, key_serial(key));
72 
73 	return key;
74 }
75 
76 int asymmetric_verify(struct key *keyring, const char *sig,
77 		      int siglen, const char *data, int datalen)
78 {
79 	struct public_key_signature pks;
80 	struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
81 	struct key *key;
82 	int ret;
83 
84 	if (siglen <= sizeof(*hdr))
85 		return -EBADMSG;
86 
87 	siglen -= sizeof(*hdr);
88 
89 	if (siglen != be16_to_cpu(hdr->sig_size))
90 		return -EBADMSG;
91 
92 	if (hdr->hash_algo >= HASH_ALGO__LAST)
93 		return -ENOPKG;
94 
95 	key = request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid));
96 	if (IS_ERR(key))
97 		return PTR_ERR(key);
98 
99 	memset(&pks, 0, sizeof(pks));
100 
101 	pks.hash_algo = hash_algo_name[hdr->hash_algo];
102 	if (hdr->hash_algo == HASH_ALGO_STREEBOG_256 ||
103 	    hdr->hash_algo == HASH_ALGO_STREEBOG_512) {
104 		/* EC-RDSA and Streebog should go together. */
105 		pks.pkey_algo = "ecrdsa";
106 		pks.encoding = "raw";
107 	} else {
108 		pks.pkey_algo = "rsa";
109 		pks.encoding = "pkcs1";
110 	}
111 	pks.digest = (u8 *)data;
112 	pks.digest_size = datalen;
113 	pks.s = hdr->sig;
114 	pks.s_size = siglen;
115 	ret = verify_signature(key, &pks);
116 	key_put(key);
117 	pr_debug("%s() = %d\n", __func__, ret);
118 	return ret;
119 }
120 
121 /**
122  * integrity_kernel_module_request - prevent crypto-pkcs1pad(rsa,*) requests
123  * @kmod_name: kernel module name
124  *
125  * We have situation, when public_key_verify_signature() in case of RSA
126  * algorithm use alg_name to store internal information in order to
127  * construct an algorithm on the fly, but crypto_larval_lookup() will try
128  * to use alg_name in order to load kernel module with same name.
129  * Since we don't have any real "crypto-pkcs1pad(rsa,*)" kernel modules,
130  * we are safe to fail such module request from crypto_larval_lookup().
131  *
132  * In this way we prevent modprobe execution during digsig verification
133  * and avoid possible deadlock if modprobe and/or it's dependencies
134  * also signed with digsig.
135  */
136 int integrity_kernel_module_request(char *kmod_name)
137 {
138 	if (strncmp(kmod_name, "crypto-pkcs1pad(rsa,", 20) == 0)
139 		return -EINVAL;
140 
141 	return 0;
142 }
143