security/integrity/digsig_asymmetric.c

   1 // SPDX-License-Identifier: GPL-2.0-only
   2 /*
   3  * Copyright (C) 2013 Intel Corporation
   4  *
   5  * Author:
   6  * Dmitry Kasatkin <dmitry.kasatkin@intel.com>
   7  */
   8
   9 #include <linux/err.h>
  10 #include <linux/ratelimit.h>
  11 #include <linux/key-type.h>
  12 #include <crypto/public_key.h>
  13 #include <crypto/hash_info.h>
  14 #include <keys/asymmetric-type.h>
  15 #include <keys/system_keyring.h>
  16
  17 #include "integrity.h"
  18
  19 /*
  20  * Request an asymmetric key.
  21  */
  22 static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid)
  23 {
  24         struct key *key;
  25         char name[12];
  26
  27         sprintf(name, "id:%08x", keyid);
  28
  29         pr_debug("key search: \"%s\"\n", name);
  30
  31         key = get_ima_blacklist_keyring();
  32         if (key) {
  33                 key_ref_t kref;
  34
  35                 kref = keyring_search(make_key_ref(key, 1),
  36                                       &key_type_asymmetric, name, true);
  37                 if (!IS_ERR(kref)) {
  38                         pr_err("Key '%s' is in ima_blacklist_keyring\n", name);
  39                         return ERR_PTR(-EKEYREJECTED);
  40                 }
  41         }
  42
  43         if (keyring) {
  44                 /* search in specific keyring */
  45                 key_ref_t kref;
  46
  47                 kref = keyring_search(make_key_ref(keyring, 1),
  48                                       &key_type_asymmetric, name, true);
  49                 if (IS_ERR(kref))
  50                         key = ERR_CAST(kref);
  51                 else
  52                         key = key_ref_to_ptr(kref);
  53         } else {
  54                 key = request_key(&key_type_asymmetric, name, NULL);
  55         }
  56
  57         if (IS_ERR(key)) {
  58                 pr_err_ratelimited("Request for unknown key '%s' err %ld\n",
  59                                    name, PTR_ERR(key));
  60                 switch (PTR_ERR(key)) {
  61                         /* Hide some search errors */
  62                 case -EACCES:
  63                 case -ENOTDIR:
  64                 case -EAGAIN:
  65                         return ERR_PTR(-ENOKEY);
  66                 default:
  67                         return key;
  68                 }
  69         }
  70
  71         pr_debug("%s() = 0 [%x]\n", __func__, key_serial(key));
  72
  73         return key;
  74 }
  75
  76 int asymmetric_verify(struct key *keyring, const char *sig,
  77                       int siglen, const char *data, int datalen)
  78 {
  79         struct public_key_signature pks;
  80         struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
  81         struct key *key;
  82         int ret = -ENOMEM;
  83
  84         if (siglen <= sizeof(*hdr))
  85                 return -EBADMSG;
  86
  87         siglen -= sizeof(*hdr);
  88
  89         if (siglen != be16_to_cpu(hdr->sig_size))
  90                 return -EBADMSG;
  91
  92         if (hdr->hash_algo >= HASH_ALGO__LAST)
  93                 return -ENOPKG;
  94
  95         key = request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid));
  96         if (IS_ERR(key))
  97                 return PTR_ERR(key);
  98
  99         memset(&pks, 0, sizeof(pks));
 100
 101         pks.hash_algo = hash_algo_name[hdr->hash_algo];
 102         if (hdr->hash_algo == HASH_ALGO_STREEBOG_256 ||
 103             hdr->hash_algo == HASH_ALGO_STREEBOG_512) {
 104                 /* EC-RDSA and Streebog should go together. */
 105                 pks.pkey_algo = "ecrdsa";
 106                 pks.encoding = "raw";
 107         } else {
 108                 pks.pkey_algo = "rsa";
 109                 pks.encoding = "pkcs1";
 110         }
 111         pks.digest = (u8 *)data;
 112         pks.digest_size = datalen;
 113         pks.s = hdr->sig;
 114         pks.s_size = siglen;
 115         ret = verify_signature(key, &pks);
 116         key_put(key);
 117         pr_debug("%s() = %d\n", __func__, ret);
 118         return ret;
 119 }
 120
 121 /**
 122  * integrity_kernel_module_request - prevent crypto-pkcs1pad(rsa,*) requests
 123  * @kmod_name: kernel module name
 124  *
 125  * We have situation, when public_key_verify_signature() in case of RSA
 126  * algorithm use alg_name to store internal information in order to
 127  * construct an algorithm on the fly, but crypto_larval_lookup() will try
 128  * to use alg_name in order to load kernel module with same name.
 129  * Since we don't have any real "crypto-pkcs1pad(rsa,*)" kernel modules,
 130  * we are safe to fail such module request from crypto_larval_lookup().
 131  *
 132  * In this way we prevent modprobe execution during digsig verification
 133  * and avoid possible deadlock if modprobe and/or it's dependencies
 134  * also signed with digsig.
 135  */
 136 int integrity_kernel_module_request(char *kmod_name)
 137 {
 138         if (strncmp(kmod_name, "crypto-pkcs1pad(rsa,", 20) == 0)
 139                 return -EINVAL;
 140
 141         return 0;
 142 }