LXR linux/security/integrity/digsig

   1// SPDX-License-Identifier: GPL-2.0-only
   2/*
   3 * Copyright (C) 2013 Intel Corporation
   4 *
   5 * Author:
   6 * Dmitry Kasatkin <dmitry.kasatkin@intel.com>
   7 */
   8
   9#include <linux/err.h>
  10#include <linux/ratelimit.h>
  11#include <linux/key-type.h>
  12#include <crypto/public_key.h>
  13#include <crypto/hash_info.h>
  14#include <keys/asymmetric-type.h>
  15#include <keys/system_keyring.h>
  16
  17#include "integrity.h"
  18
  19/*
  20 * Request an asymmetric key.
  21 */
  22static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid)
  23{
  24        struct key *key;
  25        char name[12];
  26
  27        sprintf(name, "id:%08x", keyid);
  28
  29        pr_debug("key search: \"%s\"\n", name);
  30
  31        key = get_ima_blacklist_keyring();
  32        if (key) {
  33                key_ref_t kref;
  34
  35                kref = keyring_search(make_key_ref(key, 1),
  36                                      &key_type_asymmetric, name, true);
  37                if (!IS_ERR(kref)) {
  38                        pr_err("Key '%s' is in ima_blacklist_keyring\n", name);
  39                        return ERR_PTR(-EKEYREJECTED);
  40                }
  41        }
  42
  43        if (keyring) {
  44                /* search in specific keyring */
  45                key_ref_t kref;
  46
  47                kref = keyring_search(make_key_ref(keyring, 1),
  48                                      &key_type_asymmetric, name, true);
  49                if (IS_ERR(kref))
  50                        key = ERR_CAST(kref);
  51                else
  52                        key = key_ref_to_ptr(kref);
  53        } else {
  54                key = request_key(&key_type_asymmetric, name, NULL);
  55        }
  56
  57        if (IS_ERR(key)) {
  58                if (keyring)
  59                        pr_err_ratelimited("Request for unknown key '%s' in '%s' keyring. err %ld\n",
  60                                           name, keyring->description,
  61                                           PTR_ERR(key));
  62                else
  63                        pr_err_ratelimited("Request for unknown key '%s' err %ld\n",
  64                                           name, PTR_ERR(key));
  65
  66                switch (PTR_ERR(key)) {
  67                        /* Hide some search errors */
  68                case -EACCES:
  69                case -ENOTDIR:
  70                case -EAGAIN:
  71                        return ERR_PTR(-ENOKEY);
  72                default:
  73                        return key;
  74                }
  75        }
  76
  77        pr_debug("%s() = 0 [%x]\n", __func__, key_serial(key));
  78
  79        return key;
  80}
  81
  82int asymmetric_verify(struct key *keyring, const char *sig,
  83                      int siglen, const char *data, int datalen)
  84{
  85        struct public_key_signature pks;
  86        struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
  87        struct key *key;
  88        int ret;
  89
  90        if (siglen <= sizeof(*hdr))
  91                return -EBADMSG;
  92
  93        siglen -= sizeof(*hdr);
  94
  95        if (siglen != be16_to_cpu(hdr->sig_size))
  96                return -EBADMSG;
  97
  98        if (hdr->hash_algo >= HASH_ALGO__LAST)
  99                return -ENOPKG;
 100
 101        key = request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid));
 102        if (IS_ERR(key))
 103                return PTR_ERR(key);
 104
 105        memset(&pks, 0, sizeof(pks));
 106
 107        pks.hash_algo = hash_algo_name[hdr->hash_algo];
 108        switch (hdr->hash_algo) {
 109        case HASH_ALGO_STREEBOG_256:
 110        case HASH_ALGO_STREEBOG_512:
 111                /* EC-RDSA and Streebog should go together. */
 112                pks.pkey_algo = "ecrdsa";
 113                pks.encoding = "raw";
 114                break;
 115        case HASH_ALGO_SM3_256:
 116                /* SM2 and SM3 should go together. */
 117                pks.pkey_algo = "sm2";
 118                pks.encoding = "raw";
 119                break;
 120        default:
 121                pks.pkey_algo = "rsa";
 122                pks.encoding = "pkcs1";
 123                break;
 124        }
 125        pks.digest = (u8 *)data;
 126        pks.digest_size = datalen;
 127        pks.s = hdr->sig;
 128        pks.s_size = siglen;
 129        ret = verify_signature(key, &pks);
 130        key_put(key);
 131        pr_debug("%s() = %d\n", __func__, ret);
 132        return ret;
 133}
 134
 135/**
 136 * integrity_kernel_module_request - prevent crypto-pkcs1pad(rsa,*) requests
 137 * @kmod_name: kernel module name
 138 *
 139 * We have situation, when public_key_verify_signature() in case of RSA
 140 * algorithm use alg_name to store internal information in order to
 141 * construct an algorithm on the fly, but crypto_larval_lookup() will try
 142 * to use alg_name in order to load kernel module with same name.
 143 * Since we don't have any real "crypto-pkcs1pad(rsa,*)" kernel modules,
 144 * we are safe to fail such module request from crypto_larval_lookup().
 145 *
 146 * In this way we prevent modprobe execution during digsig verification
 147 * and avoid possible deadlock if modprobe and/or it's dependencies
 148 * also signed with digsig.
 149 */
 150int integrity_kernel_module_request(char *kmod_name)
 151{
 152        if (strncmp(kmod_name, "crypto-pkcs1pad(rsa,", 20) == 0)
 153                return -EINVAL;
 154
 155        return 0;
 156}
 157