]>
git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blob - security/integrity/digsig_asymmetric.c
1 // SPDX-License-Identifier: GPL-2.0-only
3 * Copyright (C) 2013 Intel Corporation
6 * Dmitry Kasatkin <dmitry.kasatkin@intel.com>
10 #include <linux/ratelimit.h>
11 #include <linux/key-type.h>
12 #include <crypto/public_key.h>
13 #include <crypto/hash_info.h>
14 #include <keys/asymmetric-type.h>
15 #include <keys/system_keyring.h>
17 #include "integrity.h"
20 * Request an asymmetric key.
22 static struct key
*request_asymmetric_key(struct key
*keyring
, uint32_t keyid
)
27 sprintf(name
, "id:%08x", keyid
);
29 pr_debug("key search: \"%s\"\n", name
);
31 key
= get_ima_blacklist_keyring();
35 kref
= keyring_search(make_key_ref(key
, 1),
36 &key_type_asymmetric
, name
, true);
38 pr_err("Key '%s' is in ima_blacklist_keyring\n", name
);
39 return ERR_PTR(-EKEYREJECTED
);
44 /* search in specific keyring */
47 kref
= keyring_search(make_key_ref(keyring
, 1),
48 &key_type_asymmetric
, name
, true);
52 key
= key_ref_to_ptr(kref
);
54 key
= request_key(&key_type_asymmetric
, name
, NULL
);
59 pr_err_ratelimited("Request for unknown key '%s' in '%s' keyring. err %ld\n",
60 name
, keyring
->description
,
63 pr_err_ratelimited("Request for unknown key '%s' err %ld\n",
66 switch (PTR_ERR(key
)) {
67 /* Hide some search errors */
71 return ERR_PTR(-ENOKEY
);
77 pr_debug("%s() = 0 [%x]\n", __func__
, key_serial(key
));
82 int asymmetric_verify(struct key
*keyring
, const char *sig
,
83 int siglen
, const char *data
, int datalen
)
85 struct public_key_signature pks
;
86 struct signature_v2_hdr
*hdr
= (struct signature_v2_hdr
*)sig
;
87 const struct public_key
*pk
;
91 if (siglen
<= sizeof(*hdr
))
94 siglen
-= sizeof(*hdr
);
96 if (siglen
!= be16_to_cpu(hdr
->sig_size
))
99 if (hdr
->hash_algo
>= HASH_ALGO__LAST
)
102 key
= request_asymmetric_key(keyring
, be32_to_cpu(hdr
->keyid
));
106 memset(&pks
, 0, sizeof(pks
));
108 pks
.hash_algo
= hash_algo_name
[hdr
->hash_algo
];
110 pk
= asymmetric_key_public_key(key
);
111 pks
.pkey_algo
= pk
->pkey_algo
;
112 if (!strcmp(pk
->pkey_algo
, "rsa"))
113 pks
.encoding
= "pkcs1";
114 else if (!strncmp(pk
->pkey_algo
, "ecdsa-", 6))
115 /* edcsa-nist-p192 etc. */
116 pks
.encoding
= "x962";
117 else if (!strcmp(pk
->pkey_algo
, "ecrdsa") ||
118 !strcmp(pk
->pkey_algo
, "sm2"))
119 pks
.encoding
= "raw";
123 pks
.digest
= (u8
*)data
;
124 pks
.digest_size
= datalen
;
127 ret
= verify_signature(key
, &pks
);
129 pr_debug("%s() = %d\n", __func__
, ret
);
134 * integrity_kernel_module_request - prevent crypto-pkcs1pad(rsa,*) requests
135 * @kmod_name: kernel module name
137 * We have situation, when public_key_verify_signature() in case of RSA
138 * algorithm use alg_name to store internal information in order to
139 * construct an algorithm on the fly, but crypto_larval_lookup() will try
140 * to use alg_name in order to load kernel module with same name.
141 * Since we don't have any real "crypto-pkcs1pad(rsa,*)" kernel modules,
142 * we are safe to fail such module request from crypto_larval_lookup().
144 * In this way we prevent modprobe execution during digsig verification
145 * and avoid possible deadlock if modprobe and/or it's dependencies
146 * also signed with digsig.
148 int integrity_kernel_module_request(char *kmod_name
)
150 if (strncmp(kmod_name
, "crypto-pkcs1pad(rsa,", 20) == 0)