1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (C) 2013 Intel Corporation
4 *
5 * Author:
6 * Dmitry Kasatkin <dmitry.kasatkin@intel.com>
7 */
8
9 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10
11 #include <linux/err.h>
12 #include <linux/ratelimit.h>
13 #include <linux/key-type.h>
14 #include <crypto/public_key.h>
15 #include <crypto/hash_info.h>
16 #include <keys/asymmetric-type.h>
17 #include <keys/system_keyring.h>
18
19 #include "integrity.h"
20
21 /*
22 * Request an asymmetric key.
23 */
request_asymmetric_key(struct key * keyring,uint32_t keyid)24 static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid)
25 {
26 struct key *key;
27 char name[12];
28
29 sprintf(name, "id:%08x", keyid);
30
31 pr_debug("key search: \"%s\"\n", name);
32
33 key = get_ima_blacklist_keyring();
34 if (key) {
35 key_ref_t kref;
36
37 kref = keyring_search(make_key_ref(key, 1),
38 &key_type_asymmetric, name, true);
39 if (!IS_ERR(kref)) {
40 pr_err("Key '%s' is in ima_blacklist_keyring\n", name);
41 return ERR_PTR(-EKEYREJECTED);
42 }
43 }
44
45 if (keyring) {
46 /* search in specific keyring */
47 key_ref_t kref;
48
49 kref = keyring_search(make_key_ref(keyring, 1),
50 &key_type_asymmetric, name, true);
51 if (IS_ERR(kref))
52 key = ERR_CAST(kref);
53 else
54 key = key_ref_to_ptr(kref);
55 } else {
56 key = request_key(&key_type_asymmetric, name, NULL);
57 }
58
59 if (IS_ERR(key)) {
60 pr_err_ratelimited("Request for unknown key '%s' err %ld\n",
61 name, PTR_ERR(key));
62 switch (PTR_ERR(key)) {
63 /* Hide some search errors */
64 case -EACCES:
65 case -ENOTDIR:
66 case -EAGAIN:
67 return ERR_PTR(-ENOKEY);
68 default:
69 return key;
70 }
71 }
72
73 pr_debug("%s() = 0 [%x]\n", __func__, key_serial(key));
74
75 return key;
76 }
77
asymmetric_verify(struct key * keyring,const char * sig,int siglen,const char * data,int datalen)78 int asymmetric_verify(struct key *keyring, const char *sig,
79 int siglen, const char *data, int datalen)
80 {
81 struct public_key_signature pks;
82 struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
83 struct key *key;
84 int ret = -ENOMEM;
85
86 if (siglen <= sizeof(*hdr))
87 return -EBADMSG;
88
89 siglen -= sizeof(*hdr);
90
91 if (siglen != be16_to_cpu(hdr->sig_size))
92 return -EBADMSG;
93
94 if (hdr->hash_algo >= HASH_ALGO__LAST)
95 return -ENOPKG;
96
97 key = request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid));
98 if (IS_ERR(key))
99 return PTR_ERR(key);
100
101 memset(&pks, 0, sizeof(pks));
102
103 pks.hash_algo = hash_algo_name[hdr->hash_algo];
104 if (hdr->hash_algo == HASH_ALGO_STREEBOG_256 ||
105 hdr->hash_algo == HASH_ALGO_STREEBOG_512) {
106 /* EC-RDSA and Streebog should go together. */
107 pks.pkey_algo = "ecrdsa";
108 pks.encoding = "raw";
109 } else {
110 pks.pkey_algo = "rsa";
111 pks.encoding = "pkcs1";
112 }
113 pks.digest = (u8 *)data;
114 pks.digest_size = datalen;
115 pks.s = hdr->sig;
116 pks.s_size = siglen;
117 ret = verify_signature(key, &pks);
118 key_put(key);
119 pr_debug("%s() = %d\n", __func__, ret);
120 return ret;
121 }
122
123 /**
124 * integrity_kernel_module_request - prevent crypto-pkcs1pad(rsa,*) requests
125 * @kmod_name: kernel module name
126 *
127 * We have situation, when public_key_verify_signature() in case of RSA
128 * algorithm use alg_name to store internal information in order to
129 * construct an algorithm on the fly, but crypto_larval_lookup() will try
130 * to use alg_name in order to load kernel module with same name.
131 * Since we don't have any real "crypto-pkcs1pad(rsa,*)" kernel modules,
132 * we are safe to fail such module request from crypto_larval_lookup().
133 *
134 * In this way we prevent modprobe execution during digsig verification
135 * and avoid possible deadlock if modprobe and/or it's dependencies
136 * also signed with digsig.
137 */
integrity_kernel_module_request(char * kmod_name)138 int integrity_kernel_module_request(char *kmod_name)
139 {
140 if (strncmp(kmod_name, "crypto-pkcs1pad(rsa,", 20) == 0)
141 return -EINVAL;
142
143 return 0;
144 }
145