Merge tag 'modsign-pkcs7-20150812-3' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into next

author: James Morris <james.l.morris@oracle.com> 2015-08-13 22:08:39 -0400
committer: James Morris <james.l.morris@oracle.com> 2015-08-13 22:08:39 -0400
commit: e4fc02f24c223ee8d668bf2d39bb8a2dbd61b40e (patch)
tree: 8ad26407ec8b8898f6ff5f396ff628919a56c624 /kernel/module_signing.c
parent: aa62efff65ba572814511efa68cb158fe9e960c4 (diff)
parent: e9a5e8cc55286941503f36c5b7485a5aa923b3f1 (diff)
1 files changed, 20 insertions, 193 deletions
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
index be5b8fac4bd0..bd62f5cda746 100644
--- a/kernel/module_signing.c
+++ b/kernel/module_signing.c
@@ -10,11 +10,8 @@
 */
 #include <linux/kernel.h>
-#include <linux/err.h>
-#include <crypto/public_key.h>
-#include <crypto/hash.h>
-#include <keys/asymmetric-type.h>
 #include <keys/system_keyring.h>
+#include <crypto/public_key.h>
 #include "module-internal.h"
 /*
@@ -28,170 +25,22 @@
 *      - Information block
 */
 struct module_signature {
-        u8      algo;           /* Public-key crypto algorithm [enum pkey_algo] */
+        u8      algo;           /* Public-key crypto algorithm [0] */
-        u8      hash;           /* Digest algorithm [enum hash_algo] */
+        u8      hash;           /* Digest algorithm [0] */
-        u8      id_type;        /* Key identifier type [enum pkey_id_type] */
+        u8      id_type;        /* Key identifier type [PKEY_ID_PKCS7] */
-        u8      signer_len;     /* Length of signer's name */
+        u8      signer_len;     /* Length of signer's name [0] */
-        u8      key_id_len;     /* Length of key identifier */
+        u8      key_id_len;     /* Length of key identifier [0] */
        u8      __pad[3];
        __be32  sig_len;        /* Length of signature data */
 };
 /*
- * Digest the module contents.
- */
-static struct public_key_signature *mod_make_digest(enum hash_algo hash,
-                                                    const void *mod,
-                                                    unsigned long modlen)
-{
-        struct public_key_signature *pks;
-        struct crypto_shash *tfm;
-        struct shash_desc *desc;
-        size_t digest_size, desc_size;
-        int ret;
-        pr_devel("==>%s()\n", __func__);
-        
-        /* Allocate the hashing algorithm we're going to need and find out how
-         * big the hash operational data will be.
-         */
-        tfm = crypto_alloc_shash(hash_algo_name[hash], 0, 0);
-        if (IS_ERR(tfm))
-                return (PTR_ERR(tfm) == -ENOENT) ? ERR_PTR(-ENOPKG) : ERR_CAST(tfm);
-        desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
-        digest_size = crypto_shash_digestsize(tfm);
-        /* We allocate the hash operational data storage on the end of our
-         * context data and the digest output buffer on the end of that.
-         */
-        ret = -ENOMEM;
-        pks = kzalloc(digest_size + sizeof(*pks) + desc_size, GFP_KERNEL);
-        if (!pks)
-                goto error_no_pks;
-        pks->pkey_hash_algo     = hash;
-        pks->digest             = (u8 *)pks + sizeof(*pks) + desc_size;
-        pks->digest_size        = digest_size;
-        desc = (void *)pks + sizeof(*pks);
-        desc->tfm   = tfm;
-        desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
-        ret = crypto_shash_init(desc);
-        if (ret < 0)
-                goto error;
-        ret = crypto_shash_finup(desc, mod, modlen, pks->digest);
-        if (ret < 0)
-                goto error;
-        crypto_free_shash(tfm);
-        pr_devel("<==%s() = ok\n", __func__);
-        return pks;
-error:
-        kfree(pks);
-error_no_pks:
-        crypto_free_shash(tfm);
-        pr_devel("<==%s() = %d\n", __func__, ret);
-        return ERR_PTR(ret);
-}
-/*
- * Extract an MPI array from the signature data.  This represents the actual
- * signature.  Each raw MPI is prefaced by a BE 2-byte value indicating the
- * size of the MPI in bytes.
- *
- * RSA signatures only have one MPI, so currently we only read one.
- */
-static int mod_extract_mpi_array(struct public_key_signature *pks,
-                                 const void *data, size_t len)
-{
-        size_t nbytes;
-        MPI mpi;
-        if (len < 3)
-                return -EBADMSG;
-        nbytes = ((const u8 *)data)[0] << 8 | ((const u8 *)data)[1];
-        data += 2;
-        len -= 2;
-        if (len != nbytes)
-                return -EBADMSG;
-        mpi = mpi_read_raw_data(data, nbytes);
-        if (!mpi)
-                return -ENOMEM;
-        pks->mpi[0] = mpi;
-        pks->nr_mpi = 1;
-        return 0;
-}
-/*
- * Request an asymmetric key.
- */
-static struct key *request_asymmetric_key(const char *signer, size_t signer_len,
-                                          const u8 *key_id, size_t key_id_len)
-{
-        key_ref_t key;
-        size_t i;
-        char *id, *q;
-        pr_devel("==>%s(,%zu,,%zu)\n", __func__, signer_len, key_id_len);
-        /* Construct an identifier. */
-        id = kmalloc(signer_len + 2 + key_id_len * 2 + 1, GFP_KERNEL);
-        if (!id)
-                return ERR_PTR(-ENOKEY);
-        memcpy(id, signer, signer_len);
-        q = id + signer_len;
-        *q++ = ':';
-        *q++ = ' ';
-        for (i = 0; i < key_id_len; i++) {
-                *q++ = hex_asc[*key_id >> 4];
-                *q++ = hex_asc[*key_id++ & 0x0f];
-        }
-        *q = 0;
-        pr_debug("Look up: \"%s\"\n", id);
-        key = keyring_search(make_key_ref(system_trusted_keyring, 1),
-                             &key_type_asymmetric, id);
-        if (IS_ERR(key))
-                pr_warn("Request for unknown module key '%s' err %ld\n",
-                        id, PTR_ERR(key));
-        kfree(id);
-        if (IS_ERR(key)) {
-                switch (PTR_ERR(key)) {
-                        /* Hide some search errors */
-                case -EACCES:
-                case -ENOTDIR:
-                case -EAGAIN:
-                        return ERR_PTR(-ENOKEY);
-                default:
-                        return ERR_CAST(key);
-                }
-        }
-        pr_devel("<==%s() = 0 [%x]\n", __func__, key_serial(key_ref_to_ptr(key)));
-        return key_ref_to_ptr(key);
-}
-/*
 * Verify the signature on a module.
 */
 int mod_verify_sig(const void *mod, unsigned long *_modlen)
 {
-        struct public_key_signature *pks;
        struct module_signature ms;
-        struct key *key;
-        const void *sig;
        size_t modlen = *_modlen, sig_len;
-        int ret;
        pr_devel("==>%s(,%zu)\n", __func__, modlen);
@@ -205,46 +54,24 @@ int mod_verify_sig(const void *mod, unsigned long *_modlen)
        if (sig_len >= modlen)
                return -EBADMSG;
        modlen -= sig_len;
-        if ((size_t)ms.signer_len + ms.key_id_len >= modlen)
-                return -EBADMSG;
-        modlen -= (size_t)ms.signer_len + ms.key_id_len;
        *_modlen = modlen;
-        sig = mod + modlen;
-        /* For the moment, only support RSA and X.509 identifiers */
-        if (ms.algo != PKEY_ALGO_RSA ||
-            ms.id_type != PKEY_ID_X509)
-                return -ENOPKG;
-        if (ms.hash >= PKEY_HASH__LAST ||
+        if (ms.id_type != PKEY_ID_PKCS7) {
-            !hash_algo_name[ms.hash])
+                pr_err("Module is not signed with expected PKCS#7 message\n");
                return -ENOPKG;
-        key = request_asymmetric_key(sig, ms.signer_len,
-                                     sig + ms.signer_len, ms.key_id_len);
-        if (IS_ERR(key))
-                return PTR_ERR(key);
-        pks = mod_make_digest(ms.hash, mod, modlen);
-        if (IS_ERR(pks)) {
-                ret = PTR_ERR(pks);
-                goto error_put_key;
        }
-        ret = mod_extract_mpi_array(pks, sig + ms.signer_len + ms.key_id_len,
+        if (ms.algo != 0 ||
-                                    sig_len);
+            ms.hash != 0 ||
-        if (ret < 0)
+            ms.signer_len != 0 ||
-                goto error_free_pks;
+            ms.key_id_len != 0 ||
+            ms.__pad[0] != 0 ||
-        ret = verify_signature(key, pks);
+            ms.__pad[1] != 0 ||
-        pr_devel("verify_signature() = %d\n", ret);
+            ms.__pad[2] != 0) {
+                pr_err("PKCS#7 signature info has unexpected non-zero params\n");
+                return -EBADMSG;
+        }
-error_free_pks:
+        return system_verify_data(mod, modlen, mod + modlen, sig_len,
-        mpi_free(pks->rsa.s);
+                                  VERIFYING_MODULE_SIGNATURE);
-        kfree(pks);
-error_put_key:
-        key_put(key);
-        pr_devel("<==%s() = %d\n", __func__, ret);
-        return ret;     
 }
author	James Morris <james.l.morris@oracle.com>	2015-08-13 22:08:39 -0400
committer	James Morris <james.l.morris@oracle.com>	2015-08-13 22:08:39 -0400
commit	e4fc02f24c223ee8d668bf2d39bb8a2dbd61b40e (patch)
tree	8ad26407ec8b8898f6ff5f396ff628919a56c624 /kernel/module_signing.c
parent	aa62efff65ba572814511efa68cb158fe9e960c4 (diff)
parent	e9a5e8cc55286941503f36c5b7485a5aa923b3f1 (diff)

diff --git a/kernel/module_signing.c b/kernel/module_signing.c index be5b8fac4bd0..bd62f5cda746 100644 --- a/kernel/module_signing.c +++ b/kernel/module_signing.c
@@ -10,11 +10,8 @@
10	*/	10	*/
11		11
12	#include <linux/kernel.h>	12	#include <linux/kernel.h>
13	#include <linux/err.h>
14	#include <crypto/public_key.h>
15	#include <crypto/hash.h>
16	#include <keys/asymmetric-type.h>
17	#include <keys/system_keyring.h>	13	#include <keys/system_keyring.h>
		14	#include <crypto/public_key.h>
18	#include "module-internal.h"	15	#include "module-internal.h"
19		16
20	/*	17	/*
@@ -28,170 +25,22 @@
28	* - Information block	25	* - Information block
29	*/	26	*/
30	struct module_signature {	27	struct module_signature {
31	u8 algo; /* Public-key crypto algorithm [enum pkey_algo] */	28	u8 algo; /* Public-key crypto algorithm [0] */
32	u8 hash; /* Digest algorithm [enum hash_algo] */	29	u8 hash; /* Digest algorithm [0] */
33	u8 id_type; /* Key identifier type [enum pkey_id_type] */	30	u8 id_type; /* Key identifier type [PKEY_ID_PKCS7] */
34	u8 signer_len; /* Length of signer's name */	31	u8 signer_len; /* Length of signer's name [0] */
35	u8 key_id_len; /* Length of key identifier */	32	u8 key_id_len; /* Length of key identifier [0] */
36	u8 __pad[3];	33	u8 __pad[3];
37	__be32 sig_len; /* Length of signature data */	34	__be32 sig_len; /* Length of signature data */
38	};	35	};
39		36
40	/*	37	/*
41	* Digest the module contents.
42	*/
43	static struct public_key_signature *mod_make_digest(enum hash_algo hash,
44	const void *mod,
45	unsigned long modlen)
46	{
47	struct public_key_signature *pks;
48	struct crypto_shash *tfm;
49	struct shash_desc *desc;
50	size_t digest_size, desc_size;
51	int ret;
52
53	pr_devel("==>%s()\n", __func__);
54
55	/* Allocate the hashing algorithm we're going to need and find out how
56	* big the hash operational data will be.
57	*/
58	tfm = crypto_alloc_shash(hash_algo_name[hash], 0, 0);
59	if (IS_ERR(tfm))
60	return (PTR_ERR(tfm) == -ENOENT) ? ERR_PTR(-ENOPKG) : ERR_CAST(tfm);
61
62	desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
63	digest_size = crypto_shash_digestsize(tfm);
64
65	/* We allocate the hash operational data storage on the end of our
66	* context data and the digest output buffer on the end of that.
67	*/
68	ret = -ENOMEM;
69	pks = kzalloc(digest_size + sizeof(*pks) + desc_size, GFP_KERNEL);
70	if (!pks)
71	goto error_no_pks;
72
73	pks->pkey_hash_algo = hash;
74	pks->digest = (u8 )pks + sizeof(pks) + desc_size;
75	pks->digest_size = digest_size;
76
77	desc = (void )pks + sizeof(pks);
78	desc->tfm = tfm;
79	desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
80
81	ret = crypto_shash_init(desc);
82	if (ret < 0)
83	goto error;
84
85	ret = crypto_shash_finup(desc, mod, modlen, pks->digest);
86	if (ret < 0)
87	goto error;
88
89	crypto_free_shash(tfm);
90	pr_devel("<==%s() = ok\n", __func__);
91	return pks;
92
93	error:
94	kfree(pks);
95	error_no_pks:
96	crypto_free_shash(tfm);
97	pr_devel("<==%s() = %d\n", __func__, ret);
98	return ERR_PTR(ret);
99	}
100
101	/*
102	* Extract an MPI array from the signature data. This represents the actual
103	* signature. Each raw MPI is prefaced by a BE 2-byte value indicating the
104	* size of the MPI in bytes.
105	*
106	* RSA signatures only have one MPI, so currently we only read one.
107	*/
108	static int mod_extract_mpi_array(struct public_key_signature *pks,
109	const void *data, size_t len)
110	{
111	size_t nbytes;
112	MPI mpi;
113
114	if (len < 3)
115	return -EBADMSG;
116	nbytes = ((const u8 )data)[0] << 8 \| ((const u8 )data)[1];
117	data += 2;
118	len -= 2;
119	if (len != nbytes)
120	return -EBADMSG;
121
122	mpi = mpi_read_raw_data(data, nbytes);
123	if (!mpi)
124	return -ENOMEM;
125	pks->mpi[0] = mpi;
126	pks->nr_mpi = 1;
127	return 0;
128	}
129
130	/*
131	* Request an asymmetric key.
132	*/
133	static struct key request_asymmetric_key(const char signer, size_t signer_len,
134	const u8 *key_id, size_t key_id_len)
135	{
136	key_ref_t key;
137	size_t i;
138	char id, q;
139
140	pr_devel("==>%s(,%zu,,%zu)\n", __func__, signer_len, key_id_len);
141
142	/* Construct an identifier. */
143	id = kmalloc(signer_len + 2 + key_id_len * 2 + 1, GFP_KERNEL);
144	if (!id)
145	return ERR_PTR(-ENOKEY);
146
147	memcpy(id, signer, signer_len);
148
149	q = id + signer_len;
150	*q++ = ':';
151	*q++ = ' ';
152	for (i = 0; i < key_id_len; i++) {
153	q++ = hex_asc[key_id >> 4];
154	q++ = hex_asc[key_id++ & 0x0f];
155	}
156
157	*q = 0;
158
159	pr_debug("Look up: \"%s\"\n", id);
160
161	key = keyring_search(make_key_ref(system_trusted_keyring, 1),
162	&key_type_asymmetric, id);
163	if (IS_ERR(key))
164	pr_warn("Request for unknown module key '%s' err %ld\n",
165	id, PTR_ERR(key));
166	kfree(id);
167
168	if (IS_ERR(key)) {
169	switch (PTR_ERR(key)) {
170	/* Hide some search errors */
171	case -EACCES:
172	case -ENOTDIR:
173	case -EAGAIN:
174	return ERR_PTR(-ENOKEY);
175	default:
176	return ERR_CAST(key);
177	}
178	}
179
180	pr_devel("<==%s() = 0 [%x]\n", __func__, key_serial(key_ref_to_ptr(key)));
181	return key_ref_to_ptr(key);
182	}
183
184	/*
185	* Verify the signature on a module.	38	* Verify the signature on a module.
186	*/	39	*/
187	int mod_verify_sig(const void mod, unsigned long _modlen)	40	int mod_verify_sig(const void mod, unsigned long _modlen)
188	{	41	{
189	struct public_key_signature *pks;
190	struct module_signature ms;	42	struct module_signature ms;
191	struct key *key;
192	const void *sig;
193	size_t modlen = *_modlen, sig_len;	43	size_t modlen = *_modlen, sig_len;
194	int ret;
195		44
196	pr_devel("==>%s(,%zu)\n", __func__, modlen);	45	pr_devel("==>%s(,%zu)\n", __func__, modlen);
197		46
@@ -205,46 +54,24 @@ int mod_verify_sig(const void mod, unsigned long _modlen)
205	if (sig_len >= modlen)	54	if (sig_len >= modlen)
206	return -EBADMSG;	55	return -EBADMSG;
207	modlen -= sig_len;	56	modlen -= sig_len;
208	if ((size_t)ms.signer_len + ms.key_id_len >= modlen)
209	return -EBADMSG;
210	modlen -= (size_t)ms.signer_len + ms.key_id_len;
211
212	*_modlen = modlen;	57	*_modlen = modlen;
213	sig = mod + modlen;
214
215	/* For the moment, only support RSA and X.509 identifiers */
216	if (ms.algo != PKEY_ALGO_RSA \|\|
217	ms.id_type != PKEY_ID_X509)
218	return -ENOPKG;
219		58
220	if (ms.hash >= PKEY_HASH__LAST \|\|	59	if (ms.id_type != PKEY_ID_PKCS7) {
221	!hash_algo_name[ms.hash])	60	pr_err("Module is not signed with expected PKCS#7 message\n");
222	return -ENOPKG;	61	return -ENOPKG;
223
224	key = request_asymmetric_key(sig, ms.signer_len,
225	sig + ms.signer_len, ms.key_id_len);
226	if (IS_ERR(key))
227	return PTR_ERR(key);
228
229	pks = mod_make_digest(ms.hash, mod, modlen);
230	if (IS_ERR(pks)) {
231	ret = PTR_ERR(pks);
232	goto error_put_key;
233	}	62	}
234		63
235	ret = mod_extract_mpi_array(pks, sig + ms.signer_len + ms.key_id_len,	64	if (ms.algo != 0 \|\|
236	sig_len);	65	ms.hash != 0 \|\|
237	if (ret < 0)	66	ms.signer_len != 0 \|\|
238	goto error_free_pks;	67	ms.key_id_len != 0 \|\|
239		68	ms.__pad[0] != 0 \|\|
240	ret = verify_signature(key, pks);	69	ms.__pad[1] != 0 \|\|
241	pr_devel("verify_signature() = %d\n", ret);	70	ms.__pad[2] != 0) {
		71	pr_err("PKCS#7 signature info has unexpected non-zero params\n");
		72	return -EBADMSG;
		73	}
242		74
243	error_free_pks:	75	return system_verify_data(mod, modlen, mod + modlen, sig_len,
244	mpi_free(pks->rsa.s);	76	VERIFYING_MODULE_SIGNATURE);
245	kfree(pks);
246	error_put_key:
247	key_put(key);
248	pr_devel("<==%s() = %d\n", __func__, ret);
249	return ret;
250	}	77	}