security/integrity/digsig_asymmetric.c

   1 // SPDX-License-Identifier: GPL-2.0-only
   2 /*
   3  * Copyright (C) 2013 Intel Corporation
   4  *
   5  * Author:
   6  * Dmitry Kasatkin <dmitry.kasatkin@intel.com>
   7  */
   8
   9 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  10
  11 #include <linux/err.h>
  12 #include <linux/ratelimit.h>
  13 #include <linux/key-type.h>
  14 #include <crypto/public_key.h>
  15 #include <crypto/hash_info.h>
  16 #include <keys/asymmetric-type.h>
  17 #include <keys/system_keyring.h>
  18
  19 #include "integrity.h"
  20
  21 /*
  22  * Request an asymmetric key.
  23  */
  24 static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid)
  25 {
  26         struct key *key;
  27         char name[12];
  28
  29         sprintf(name, "id:%08x", keyid);
  30
  31         pr_debug("key search: \"%s\"\n", name);
  32
  33         key = get_ima_blacklist_keyring();
  34         if (key) {
  35                 key_ref_t kref;
  36
  37                 kref = keyring_search(make_key_ref(key, 1),
  38                                       &key_type_asymmetric, name, true);
  39                 if (!IS_ERR(kref)) {
  40                         pr_err("Key '%s' is in ima_blacklist_keyring\n", name);
  41                         return ERR_PTR(-EKEYREJECTED);
  42                 }
  43         }
  44
  45         if (keyring) {
  46                 /* search in specific keyring */
  47                 key_ref_t kref;
  48
  49                 kref = keyring_search(make_key_ref(keyring, 1),
  50                                       &key_type_asymmetric, name, true);
  51                 if (IS_ERR(kref))
  52                         key = ERR_CAST(kref);
  53                 else
  54                         key = key_ref_to_ptr(kref);
  55         } else {
  56                 key = request_key(&key_type_asymmetric, name, NULL);
  57         }
  58
  59         if (IS_ERR(key)) {
  60                 pr_err_ratelimited("Request for unknown key '%s' err %ld\n",
  61                                    name, PTR_ERR(key));
  62                 switch (PTR_ERR(key)) {
  63                         /* Hide some search errors */
  64                 case -EACCES:
  65                 case -ENOTDIR:
  66                 case -EAGAIN:
  67                         return ERR_PTR(-ENOKEY);
  68                 default:
  69                         return key;
  70                 }
  71         }
  72
  73         pr_debug("%s() = 0 [%x]\n", __func__, key_serial(key));
  74
  75         return key;
  76 }
  77
  78 int asymmetric_verify(struct key *keyring, const char *sig,
  79                       int siglen, const char *data, int datalen)
  80 {
  81         struct public_key_signature pks;
  82         struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
  83         struct key *key;
  84         int ret = -ENOMEM;
  85
  86         if (siglen <= sizeof(*hdr))
  87                 return -EBADMSG;
  88
  89         siglen -= sizeof(*hdr);
  90
  91         if (siglen != be16_to_cpu(hdr->sig_size))
  92                 return -EBADMSG;
  93
  94         if (hdr->hash_algo >= HASH_ALGO__LAST)
  95                 return -ENOPKG;
  96
  97         key = request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid));
  98         if (IS_ERR(key))
  99                 return PTR_ERR(key);
 100
 101         memset(&pks, 0, sizeof(pks));
 102
 103         pks.hash_algo = hash_algo_name[hdr->hash_algo];
 104         if (hdr->hash_algo == HASH_ALGO_STREEBOG_256 ||
 105             hdr->hash_algo == HASH_ALGO_STREEBOG_512) {
 106                 /* EC-RDSA and Streebog should go together. */
 107                 pks.pkey_algo = "ecrdsa";
 108                 pks.encoding = "raw";
 109         } else {
 110                 pks.pkey_algo = "rsa";
 111                 pks.encoding = "pkcs1";
 112         }
 113         pks.digest = (u8 *)data;
 114         pks.digest_size = datalen;
 115         pks.s = hdr->sig;
 116         pks.s_size = siglen;
 117         ret = verify_signature(key, &pks);
 118         key_put(key);
 119         pr_debug("%s() = %d\n", __func__, ret);
 120         return ret;
 121 }
 122
 123 /**
 124  * integrity_kernel_module_request - prevent crypto-pkcs1pad(rsa,*) requests
 125  * @kmod_name: kernel module name
 126  *
 127  * We have situation, when public_key_verify_signature() in case of RSA
 128  * algorithm use alg_name to store internal information in order to
 129  * construct an algorithm on the fly, but crypto_larval_lookup() will try
 130  * to use alg_name in order to load kernel module with same name.
 131  * Since we don't have any real "crypto-pkcs1pad(rsa,*)" kernel modules,
 132  * we are safe to fail such module request from crypto_larval_lookup().
 133  *
 134  * In this way we prevent modprobe execution during digsig verification
 135  * and avoid possible deadlock if modprobe and/or it's dependencies
 136  * also signed with digsig.
 137  */
 138 int integrity_kernel_module_request(char *kmod_name)
 139 {
 140         if (strncmp(kmod_name, "crypto-pkcs1pad(rsa,", 20) == 0)
 141                 return -EINVAL;
 142
 143         return 0;
 144 }