Linux 4.19.133
[linux/fpc-iii.git] / security / integrity / digsig_asymmetric.c
blob6dc0751445087727f9d1b09a8c1efdbbc9105625
1 /*
2 * Copyright (C) 2013 Intel Corporation
4 * Author:
5 * Dmitry Kasatkin <dmitry.kasatkin@intel.com>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, version 2 of the License.
13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15 #include <linux/err.h>
16 #include <linux/ratelimit.h>
17 #include <linux/key-type.h>
18 #include <crypto/public_key.h>
19 #include <crypto/hash_info.h>
20 #include <keys/asymmetric-type.h>
21 #include <keys/system_keyring.h>
23 #include "integrity.h"
26 * Request an asymmetric key.
28 static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid)
30 struct key *key;
31 char name[12];
33 sprintf(name, "id:%08x", keyid);
35 pr_debug("key search: \"%s\"\n", name);
37 key = get_ima_blacklist_keyring();
38 if (key) {
39 key_ref_t kref;
41 kref = keyring_search(make_key_ref(key, 1),
42 &key_type_asymmetric, name);
43 if (!IS_ERR(kref)) {
44 pr_err("Key '%s' is in ima_blacklist_keyring\n", name);
45 return ERR_PTR(-EKEYREJECTED);
49 if (keyring) {
50 /* search in specific keyring */
51 key_ref_t kref;
53 kref = keyring_search(make_key_ref(keyring, 1),
54 &key_type_asymmetric, name);
55 if (IS_ERR(kref))
56 key = ERR_CAST(kref);
57 else
58 key = key_ref_to_ptr(kref);
59 } else {
60 key = request_key(&key_type_asymmetric, name, NULL);
63 if (IS_ERR(key)) {
64 pr_err_ratelimited("Request for unknown key '%s' err %ld\n",
65 name, PTR_ERR(key));
66 switch (PTR_ERR(key)) {
67 /* Hide some search errors */
68 case -EACCES:
69 case -ENOTDIR:
70 case -EAGAIN:
71 return ERR_PTR(-ENOKEY);
72 default:
73 return key;
77 pr_debug("%s() = 0 [%x]\n", __func__, key_serial(key));
79 return key;
82 int asymmetric_verify(struct key *keyring, const char *sig,
83 int siglen, const char *data, int datalen)
85 struct public_key_signature pks;
86 struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
87 struct key *key;
88 int ret = -ENOMEM;
90 if (siglen <= sizeof(*hdr))
91 return -EBADMSG;
93 siglen -= sizeof(*hdr);
95 if (siglen != be16_to_cpu(hdr->sig_size))
96 return -EBADMSG;
98 if (hdr->hash_algo >= HASH_ALGO__LAST)
99 return -ENOPKG;
101 key = request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid));
102 if (IS_ERR(key))
103 return PTR_ERR(key);
105 memset(&pks, 0, sizeof(pks));
107 pks.pkey_algo = "rsa";
108 pks.hash_algo = hash_algo_name[hdr->hash_algo];
109 pks.digest = (u8 *)data;
110 pks.digest_size = datalen;
111 pks.s = hdr->sig;
112 pks.s_size = siglen;
113 ret = verify_signature(key, &pks);
114 key_put(key);
115 pr_debug("%s() = %d\n", __func__, ret);
116 return ret;
120 * integrity_kernel_module_request - prevent crypto-pkcs1pad(rsa,*) requests
121 * @kmod_name: kernel module name
123 * We have situation, when public_key_verify_signature() in case of RSA
124 * algorithm use alg_name to store internal information in order to
125 * construct an algorithm on the fly, but crypto_larval_lookup() will try
126 * to use alg_name in order to load kernel module with same name.
127 * Since we don't have any real "crypto-pkcs1pad(rsa,*)" kernel modules,
128 * we are safe to fail such module request from crypto_larval_lookup().
130 * In this way we prevent modprobe execution during digsig verification
131 * and avoid possible deadlock if modprobe and/or it's dependencies
132 * also signed with digsig.
134 int integrity_kernel_module_request(char *kmod_name)
136 if (strncmp(kmod_name, "crypto-pkcs1pad(rsa,", 20) == 0)
137 return -EINVAL;
139 return 0;