xref: /linux/security/integrity/digsig_asymmetric.c (revision be08f0c681a8469f2537f04de76e73a68c9c96e1)
1 /*
2  * Copyright (C) 2013 Intel Corporation
3  *
4  * Author:
5  * Dmitry Kasatkin <dmitry.kasatkin@intel.com>
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation, version 2 of the License.
10  *
11  */
12 
13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14 
15 #include <linux/err.h>
16 #include <linux/ratelimit.h>
17 #include <linux/key-type.h>
18 #include <crypto/public_key.h>
19 #include <crypto/hash_info.h>
20 #include <keys/asymmetric-type.h>
21 #include <keys/system_keyring.h>
22 
23 #include "integrity.h"
24 
25 /*
26  * Request an asymmetric key.
27  */
28 static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid)
29 {
30 	struct key *key;
31 	char name[12];
32 
33 	sprintf(name, "id:%08x", keyid);
34 
35 	pr_debug("key search: \"%s\"\n", name);
36 
37 	key = get_ima_blacklist_keyring();
38 	if (key) {
39 		key_ref_t kref;
40 
41 		kref = keyring_search(make_key_ref(key, 1),
42 				     &key_type_asymmetric, name);
43 		if (!IS_ERR(kref)) {
44 			pr_err("Key '%s' is in ima_blacklist_keyring\n", name);
45 			return ERR_PTR(-EKEYREJECTED);
46 		}
47 	}
48 
49 	if (keyring) {
50 		/* search in specific keyring */
51 		key_ref_t kref;
52 
53 		kref = keyring_search(make_key_ref(keyring, 1),
54 				      &key_type_asymmetric, name);
55 		if (IS_ERR(kref))
56 			key = ERR_CAST(kref);
57 		else
58 			key = key_ref_to_ptr(kref);
59 	} else {
60 		key = request_key(&key_type_asymmetric, name, NULL);
61 	}
62 
63 	if (IS_ERR(key)) {
64 		pr_err_ratelimited("Request for unknown key '%s' err %ld\n",
65 				   name, PTR_ERR(key));
66 		switch (PTR_ERR(key)) {
67 			/* Hide some search errors */
68 		case -EACCES:
69 		case -ENOTDIR:
70 		case -EAGAIN:
71 			return ERR_PTR(-ENOKEY);
72 		default:
73 			return key;
74 		}
75 	}
76 
77 	pr_debug("%s() = 0 [%x]\n", __func__, key_serial(key));
78 
79 	return key;
80 }
81 
82 int asymmetric_verify(struct key *keyring, const char *sig,
83 		      int siglen, const char *data, int datalen)
84 {
85 	struct public_key_signature pks;
86 	struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
87 	struct key *key;
88 	int ret = -ENOMEM;
89 
90 	if (siglen <= sizeof(*hdr))
91 		return -EBADMSG;
92 
93 	siglen -= sizeof(*hdr);
94 
95 	if (siglen != be16_to_cpu(hdr->sig_size))
96 		return -EBADMSG;
97 
98 	if (hdr->hash_algo >= HASH_ALGO__LAST)
99 		return -ENOPKG;
100 
101 	key = request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid));
102 	if (IS_ERR(key))
103 		return PTR_ERR(key);
104 
105 	memset(&pks, 0, sizeof(pks));
106 
107 	pks.hash_algo = hash_algo_name[hdr->hash_algo];
108 	if (hdr->hash_algo == HASH_ALGO_STREEBOG_256 ||
109 	    hdr->hash_algo == HASH_ALGO_STREEBOG_512) {
110 		/* EC-RDSA and Streebog should go together. */
111 		pks.pkey_algo = "ecrdsa";
112 		pks.encoding = "raw";
113 	} else {
114 		pks.pkey_algo = "rsa";
115 		pks.encoding = "pkcs1";
116 	}
117 	pks.digest = (u8 *)data;
118 	pks.digest_size = datalen;
119 	pks.s = hdr->sig;
120 	pks.s_size = siglen;
121 	ret = verify_signature(key, &pks);
122 	key_put(key);
123 	pr_debug("%s() = %d\n", __func__, ret);
124 	return ret;
125 }
126 
127 /**
128  * integrity_kernel_module_request - prevent crypto-pkcs1pad(rsa,*) requests
129  * @kmod_name: kernel module name
130  *
131  * We have situation, when public_key_verify_signature() in case of RSA
132  * algorithm use alg_name to store internal information in order to
133  * construct an algorithm on the fly, but crypto_larval_lookup() will try
134  * to use alg_name in order to load kernel module with same name.
135  * Since we don't have any real "crypto-pkcs1pad(rsa,*)" kernel modules,
136  * we are safe to fail such module request from crypto_larval_lookup().
137  *
138  * In this way we prevent modprobe execution during digsig verification
139  * and avoid possible deadlock if modprobe and/or it's dependencies
140  * also signed with digsig.
141  */
142 int integrity_kernel_module_request(char *kmod_name)
143 {
144 	if (strncmp(kmod_name, "crypto-pkcs1pad(rsa,", 20) == 0)
145 		return -EINVAL;
146 
147 	return 0;
148 }
149