1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2013 Intel Corporation 4 * 5 * Author: 6 * Dmitry Kasatkin <dmitry.kasatkin@intel.com> 7 */ 8 9 #include <linux/err.h> 10 #include <linux/ratelimit.h> 11 #include <linux/key-type.h> 12 #include <crypto/public_key.h> 13 #include <crypto/hash_info.h> 14 #include <keys/asymmetric-type.h> 15 #include <keys/system_keyring.h> 16 17 #include "integrity.h" 18 19 /* 20 * Request an asymmetric key. 21 */ 22 static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid) 23 { 24 struct key *key; 25 char name[12]; 26 27 sprintf(name, "id:%08x", keyid); 28 29 pr_debug("key search: \"%s\"\n", name); 30 31 key = get_ima_blacklist_keyring(); 32 if (key) { 33 key_ref_t kref; 34 35 kref = keyring_search(make_key_ref(key, 1), 36 &key_type_asymmetric, name, true); 37 if (!IS_ERR(kref)) { 38 pr_err("Key '%s' is in ima_blacklist_keyring\n", name); 39 return ERR_PTR(-EKEYREJECTED); 40 } 41 } 42 43 if (keyring) { 44 /* search in specific keyring */ 45 key_ref_t kref; 46 47 kref = keyring_search(make_key_ref(keyring, 1), 48 &key_type_asymmetric, name, true); 49 if (IS_ERR(kref)) 50 key = ERR_CAST(kref); 51 else 52 key = key_ref_to_ptr(kref); 53 } else { 54 key = request_key(&key_type_asymmetric, name, NULL); 55 } 56 57 if (IS_ERR(key)) { 58 if (keyring) 59 pr_err_ratelimited("Request for unknown key '%s' in '%s' keyring. err %ld\n", 60 name, keyring->description, 61 PTR_ERR(key)); 62 else 63 pr_err_ratelimited("Request for unknown key '%s' err %ld\n", 64 name, PTR_ERR(key)); 65 66 switch (PTR_ERR(key)) { 67 /* Hide some search errors */ 68 case -EACCES: 69 case -ENOTDIR: 70 case -EAGAIN: 71 return ERR_PTR(-ENOKEY); 72 default: 73 return key; 74 } 75 } 76 77 pr_debug("%s() = 0 [%x]\n", __func__, key_serial(key)); 78 79 return key; 80 } 81 82 /** 83 * asymmetric_verify_common -- sigv2 and sigv3 common verify function 84 * @key: The key to use for signature verification; caller must free it 85 * @pk: The associated public key; must not be NULL 86 * @sig: The xattr signature 87 * @siglen: The length of the xattr signature; must be at least 88 * sizeof(struct signature_v2_hdr) 89 * @data: The data to verify the signature on 90 * @datalen: Length of @data 91 */ 92 static int asymmetric_verify_common(const struct key *key, 93 const struct public_key *pk, 94 const char *sig, int siglen, 95 const char *data, int datalen) 96 { 97 struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig; 98 struct public_key_signature pks; 99 int ret; 100 101 siglen -= sizeof(*hdr); 102 103 if (siglen != be16_to_cpu(hdr->sig_size)) 104 return -EBADMSG; 105 106 if (hdr->hash_algo >= HASH_ALGO__LAST) 107 return -ENOPKG; 108 109 memset(&pks, 0, sizeof(pks)); 110 111 pks.hash_algo = hash_algo_name[hdr->hash_algo]; 112 pks.pkey_algo = pk->pkey_algo; 113 if (!strcmp(pk->pkey_algo, "rsa")) { 114 pks.encoding = "pkcs1"; 115 } else if (!strncmp(pk->pkey_algo, "ecdsa-", 6)) { 116 /* edcsa-nist-p192 etc. */ 117 pks.encoding = "x962"; 118 } else if (!strcmp(pk->pkey_algo, "ecrdsa")) { 119 pks.encoding = "raw"; 120 } else { 121 ret = -ENOPKG; 122 goto out; 123 } 124 125 pks.m = (u8 *)data; 126 pks.m_size = datalen; 127 pks.s = hdr->sig; 128 pks.s_size = siglen; 129 ret = verify_signature(key, &pks); 130 out: 131 pr_debug("%s() = %d\n", __func__, ret); 132 return ret; 133 } 134 135 int asymmetric_verify(struct key *keyring, const char *sig, 136 int siglen, const char *data, int datalen) 137 { 138 struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig; 139 const struct public_key *pk; 140 struct key *key; 141 int ret; 142 143 if (siglen <= sizeof(*hdr)) 144 return -EBADMSG; 145 146 key = request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid)); 147 if (IS_ERR(key)) 148 return PTR_ERR(key); 149 pk = asymmetric_key_public_key(key); 150 if (!pk) { 151 ret = -ENOKEY; 152 goto out; 153 } 154 155 ret = asymmetric_verify_common(key, pk, sig, siglen, data, datalen); 156 157 out: 158 key_put(key); 159 160 return ret; 161 } 162 163 /* 164 * calc_file_id_hash - calculate the hash of the ima_file_id struct data 165 * @type: xattr type [enum evm_ima_xattr_type] 166 * @algo: hash algorithm [enum hash_algo]; caller must ensure valid value 167 * @digest: pointer to the digest to be hashed 168 * @hash: (out) pointer to the hash 169 * 170 * IMA signature version 3 disambiguates the data that is signed by 171 * indirectly signing the hash of the ima_file_id structure data. 172 * 173 * Return 0 on success, error code otherwise. 174 */ 175 static int calc_file_id_hash(enum evm_ima_xattr_type type, 176 enum hash_algo algo, const u8 *digest, 177 struct ima_max_digest_data *hash) 178 { 179 struct ima_file_id file_id = {.hash_type = type, .hash_algorithm = algo}; 180 size_t digest_size = hash_digest_size[algo]; 181 struct crypto_shash *tfm; 182 size_t file_id_size; 183 int rc; 184 185 if (type != IMA_VERITY_DIGSIG && type != EVM_IMA_XATTR_DIGSIG && 186 type != EVM_XATTR_PORTABLE_DIGSIG) 187 return -EINVAL; 188 189 tfm = crypto_alloc_shash(hash_algo_name[algo], 0, 0); 190 if (IS_ERR(tfm)) 191 return PTR_ERR(tfm); 192 193 memcpy(file_id.hash, digest, digest_size); 194 195 /* Calculate the ima_file_id struct hash on the portion used. */ 196 file_id_size = sizeof(file_id) - (HASH_MAX_DIGESTSIZE - digest_size); 197 198 hash->hdr.algo = algo; 199 hash->hdr.length = digest_size; 200 rc = crypto_shash_tfm_digest(tfm, (const u8 *)&file_id, file_id_size, 201 hash->digest); 202 203 crypto_free_shash(tfm); 204 return rc; 205 } 206 207 /** 208 * asymmetric_verify_v3_hashless - Use hashless signature verification on sigv3 209 * @key: The key to use for signature verification; caller must free it 210 * @pk: The associated public key; must not be NULL 211 * @encoding: The encoding the key type uses 212 * @sig: The xattr signature 213 * @siglen: The length of the xattr signature; must be at least 214 * sizeof(struct signature_v2_hdr) 215 * @algo: hash algorithm [enum hash_algo]; caller must ensure valid value 216 * @digest: The file digest 217 * 218 * Create an ima_file_id structure and use it for signature verification 219 * directly. This can be used for ML-DSA in pure mode for example. 220 */ 221 static int asymmetric_verify_v3_hashless(struct key *key, 222 const struct public_key *pk, 223 const char *encoding, 224 const char *sig, int siglen, 225 u8 algo, 226 const u8 *digest) 227 { 228 struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig; 229 struct ima_file_id file_id = { 230 .hash_type = hdr->type, 231 .hash_algorithm = algo, 232 }; 233 size_t digest_size = hash_digest_size[algo]; 234 struct public_key_signature pks = { 235 .m = (u8 *)&file_id, 236 .m_size = sizeof(file_id) - (HASH_MAX_DIGESTSIZE - digest_size), 237 .s = hdr->sig, 238 .s_size = siglen - sizeof(*hdr), 239 .pkey_algo = pk->pkey_algo, 240 .hash_algo = "none", 241 .encoding = encoding, 242 }; 243 int ret; 244 245 if (hdr->type != IMA_VERITY_DIGSIG && 246 hdr->type != EVM_IMA_XATTR_DIGSIG && 247 hdr->type != EVM_XATTR_PORTABLE_DIGSIG) 248 return -EINVAL; 249 250 if (pks.s_size != be16_to_cpu(hdr->sig_size)) 251 return -EBADMSG; 252 253 memcpy(file_id.hash, digest, digest_size); 254 255 ret = verify_signature(key, &pks); 256 pr_debug("%s() = %d\n", __func__, ret); 257 return ret; 258 } 259 260 int asymmetric_verify_v3(struct key *keyring, const char *sig, int siglen, 261 const char *data, int datalen, u8 algo) 262 { 263 struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig; 264 struct ima_max_digest_data hash; 265 const struct public_key *pk; 266 struct key *key; 267 int rc; 268 269 if (algo >= HASH_ALGO__LAST) 270 return -ENOPKG; 271 272 if (siglen <= sizeof(*hdr)) 273 return -EBADMSG; 274 275 key = request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid)); 276 if (IS_ERR(key)) 277 return PTR_ERR(key); 278 279 pk = asymmetric_key_public_key(key); 280 if (!pk) { 281 rc = -ENOKEY; 282 goto out; 283 } 284 if (!strncmp(pk->pkey_algo, "mldsa", 5)) { 285 rc = asymmetric_verify_v3_hashless(key, pk, "raw", 286 sig, siglen, algo, data); 287 } else { 288 rc = calc_file_id_hash(hdr->type, algo, data, &hash); 289 if (rc) { 290 rc = -EINVAL; 291 goto out; 292 } 293 294 rc = asymmetric_verify_common(key, pk, sig, siglen, hash.digest, 295 hash.hdr.length); 296 } 297 298 out: 299 key_put(key); 300 301 return rc; 302 } 303