security/integrity/digsig_asymmetric.c

   1 /*
   2  * Copyright (C) 2013 Intel Corporation
   3  *
   4  * Author:
   5  * Dmitry Kasatkin <dmitry.kasatkin@intel.com>
   6  *
   7  * This program is free software; you can redistribute it and/or modify
   8  * it under the terms of the GNU General Public License as published by
   9  * the Free Software Foundation, version 2 of the License.
  10  *
  11  */
  12
  13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  14
  15 #include <linux/err.h>
  16 #include <linux/ratelimit.h>
  17 #include <linux/key-type.h>
  18 #include <crypto/public_key.h>
  19 #include <crypto/hash_info.h>
  20 #include <keys/asymmetric-type.h>
  21 #include <keys/system_keyring.h>
  22
  23 #include "integrity.h"
  24
  25 /*
  26  * Request an asymmetric key.
  27  */
  28 static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid)
  29 {
  30         struct key *key;
  31         char name[12];
  32
  33         sprintf(name, "id:%08x", keyid);
  34
  35         pr_debug("key search: \"%s\"\n", name);
  36
  37         key = get_ima_blacklist_keyring();
  38         if (key) {
  39                 key_ref_t kref;
  40
  41                 kref = keyring_search(make_key_ref(key, 1),
  42                                      &key_type_asymmetric, name);
  43                 if (!IS_ERR(kref)) {
  44                         pr_err("Key '%s' is in ima_blacklist_keyring\n", name);
  45                         return ERR_PTR(-EKEYREJECTED);
  46                 }
  47         }
  48
  49         if (keyring) {
  50                 /* search in specific keyring */
  51                 key_ref_t kref;
  52
  53                 kref = keyring_search(make_key_ref(keyring, 1),
  54                                       &key_type_asymmetric, name);
  55                 if (IS_ERR(kref))
  56                         key = ERR_CAST(kref);
  57                 else
  58                         key = key_ref_to_ptr(kref);
  59         } else {
  60                 key = request_key(&key_type_asymmetric, name, NULL);
  61         }
  62
  63         if (IS_ERR(key)) {
  64                 pr_err_ratelimited("Request for unknown key '%s' err %ld\n",
  65                                    name, PTR_ERR(key));
  66                 switch (PTR_ERR(key)) {
  67                         /* Hide some search errors */
  68                 case -EACCES:
  69                 case -ENOTDIR:
  70                 case -EAGAIN:
  71                         return ERR_PTR(-ENOKEY);
  72                 default:
  73                         return key;
  74                 }
  75         }
  76
  77         pr_debug("%s() = 0 [%x]\n", __func__, key_serial(key));
  78
  79         return key;
  80 }
  81
  82 int asymmetric_verify(struct key *keyring, const char *sig,
  83                       int siglen, const char *data, int datalen)
  84 {
  85         struct public_key_signature pks;
  86         struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
  87         struct key *key;
  88         int ret = -ENOMEM;
  89
  90         if (siglen <= sizeof(*hdr))
  91                 return -EBADMSG;
  92
  93         siglen -= sizeof(*hdr);
  94
  95         if (siglen != be16_to_cpu(hdr->sig_size))
  96                 return -EBADMSG;
  97
  98         if (hdr->hash_algo >= HASH_ALGO__LAST)
  99                 return -ENOPKG;
 100
 101         key = request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid));
 102         if (IS_ERR(key))
 103                 return PTR_ERR(key);
 104
 105         memset(&pks, 0, sizeof(pks));
 106
 107         pks.hash_algo = hash_algo_name[hdr->hash_algo];
 108         if (hdr->hash_algo == HASH_ALGO_STREEBOG_256 ||
 109             hdr->hash_algo == HASH_ALGO_STREEBOG_512) {
 110                 /* EC-RDSA and Streebog should go together. */
 111                 pks.pkey_algo = "ecrdsa";
 112                 pks.encoding = "raw";
 113         } else {
 114                 pks.pkey_algo = "rsa";
 115                 pks.encoding = "pkcs1";
 116         }
 117         pks.digest = (u8 *)data;
 118         pks.digest_size = datalen;
 119         pks.s = hdr->sig;
 120         pks.s_size = siglen;
 121         ret = verify_signature(key, &pks);
 122         key_put(key);
 123         pr_debug("%s() = %d\n", __func__, ret);
 124         return ret;
 125 }
 126
 127 /**
 128  * integrity_kernel_module_request - prevent crypto-pkcs1pad(rsa,*) requests
 129  * @kmod_name: kernel module name
 130  *
 131  * We have situation, when public_key_verify_signature() in case of RSA
 132  * algorithm use alg_name to store internal information in order to
 133  * construct an algorithm on the fly, but crypto_larval_lookup() will try
 134  * to use alg_name in order to load kernel module with same name.
 135  * Since we don't have any real "crypto-pkcs1pad(rsa,*)" kernel modules,
 136  * we are safe to fail such module request from crypto_larval_lookup().
 137  *
 138  * In this way we prevent modprobe execution during digsig verification
 139  * and avoid possible deadlock if modprobe and/or it's dependencies
 140  * also signed with digsig.
 141  */
 142 int integrity_kernel_module_request(char *kmod_name)
 143 {
 144         if (strncmp(kmod_name, "crypto-pkcs1pad(rsa,", 20) == 0)
 145                 return -EINVAL;
 146
 147         return 0;
 148 }