2 files changed, 229 insertions, 1 deletions
diff --git a/init/Kconfig b/init/Kconfig
index 00d45799dee1..abc6e63f2fb8 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1588,6 +1588,14 @@ config MODULE_SRCVERSION_ALL
 config MODULE_SIG
        bool "Module signature verification"
        depends on MODULES
+        select KEYS
+        select CRYPTO
+        select ASYMMETRIC_KEY_TYPE
+        select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+        select PUBLIC_KEY_ALGO_RSA
+        select ASN1
+        select OID_REGISTRY
+        select X509_CERTIFICATE_PARSER
        help
          Check modules for valid signatures upon load: the signature
          is simply appended to the module. For more information see
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
index 499728aecafb..6b09f6983ac0 100644
--- a/kernel/module_signing.c
+++ b/kernel/module_signing.c
@@ -11,13 +11,233 @@
 #include <linux/kernel.h>
 #include <linux/err.h>
+#include <crypto/public_key.h>
+#include <crypto/hash.h>
+#include <keys/asymmetric-type.h>
 #include "module-internal.h"
 /*
+ * Module signature information block.
+ *
+ * The constituents of the signature section are, in order:
+ *
+ *      - Signer's name
+ *      - Key identifier
+ *      - Signature data
+ *      - Information block
+ */
+struct module_signature {
+        enum pkey_algo          algo : 8;       /* Public-key crypto algorithm */
+        enum pkey_hash_algo     hash : 8;       /* Digest algorithm */
+        enum pkey_id_type       id_type : 8;    /* Key identifier type */
+        u8                      signer_len;     /* Length of signer's name */
+        u8                      key_id_len;     /* Length of key identifier */
+        u8                      __pad[3];
+        __be32                  sig_len;        /* Length of signature data */
+};
+/*
+ * Digest the module contents.
+ */
+static struct public_key_signature *mod_make_digest(enum pkey_hash_algo hash,
+                                                    const void *mod,
+                                                    unsigned long modlen)
+{
+        struct public_key_signature *pks;
+        struct crypto_shash *tfm;
+        struct shash_desc *desc;
+        size_t digest_size, desc_size;
+        int ret;
+        pr_devel("==>%s()\n", __func__);
+        
+        /* Allocate the hashing algorithm we're going to need and find out how
+         * big the hash operational data will be.
+         */
+        tfm = crypto_alloc_shash(pkey_hash_algo[hash], 0, 0);
+        if (IS_ERR(tfm))
+                return (PTR_ERR(tfm) == -ENOENT) ? ERR_PTR(-ENOPKG) : ERR_CAST(tfm);
+        desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
+        digest_size = crypto_shash_digestsize(tfm);
+        /* We allocate the hash operational data storage on the end of our
+         * context data and the digest output buffer on the end of that.
+         */
+        ret = -ENOMEM;
+        pks = kzalloc(digest_size + sizeof(*pks) + desc_size, GFP_KERNEL);
+        if (!pks)
+                goto error_no_pks;
+        pks->pkey_hash_algo     = hash;
+        pks->digest             = (u8 *)pks + sizeof(*pks) + desc_size;
+        pks->digest_size        = digest_size;
+        desc = (void *)pks + sizeof(*pks);
+        desc->tfm   = tfm;
+        desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+        ret = crypto_shash_init(desc);
+        if (ret < 0)
+                goto error;
+        ret = crypto_shash_finup(desc, mod, modlen, pks->digest);
+        if (ret < 0)
+                goto error;
+        crypto_free_shash(tfm);
+        pr_devel("<==%s() = ok\n", __func__);
+        return pks;
+error:
+        kfree(pks);
+error_no_pks:
+        crypto_free_shash(tfm);
+        pr_devel("<==%s() = %d\n", __func__, ret);
+        return ERR_PTR(ret);
+}
+/*
+ * Extract an MPI array from the signature data.  This represents the actual
+ * signature.  Each raw MPI is prefaced by a BE 2-byte value indicating the
+ * size of the MPI in bytes.
+ *
+ * RSA signatures only have one MPI, so currently we only read one.
+ */
+static int mod_extract_mpi_array(struct public_key_signature *pks,
+                                 const void *data, size_t len)
+{
+        size_t nbytes;
+        MPI mpi;
+        if (len < 3)
+                return -EBADMSG;
+        nbytes = ((const u8 *)data)[0] << 8 | ((const u8 *)data)[1];
+        data += 2;
+        len -= 2;
+        if (len != nbytes)
+                return -EBADMSG;
+        mpi = mpi_read_raw_data(data, nbytes);
+        if (!mpi)
+                return -ENOMEM;
+        pks->mpi[0] = mpi;
+        pks->nr_mpi = 1;
+        return 0;
+}
+/*
+ * Request an asymmetric key.
+ */
+static struct key *request_asymmetric_key(const char *signer, size_t signer_len,
+                                          const u8 *key_id, size_t key_id_len)
+{
+        key_ref_t key;
+        size_t i;
+        char *id, *q;
+        pr_devel("==>%s(,%zu,,%zu)\n", __func__, signer_len, key_id_len);
+        /* Construct an identifier. */
+        id = kmalloc(signer_len + 2 + key_id_len * 2 + 1, GFP_KERNEL);
+        if (!id)
+                return ERR_PTR(-ENOKEY);
+        memcpy(id, signer, signer_len);
+        q = id + signer_len;
+        *q++ = ':';
+        *q++ = ' ';
+        for (i = 0; i < key_id_len; i++) {
+                *q++ = hex_asc[*key_id >> 4];
+                *q++ = hex_asc[*key_id++ & 0x0f];
+        }
+        *q = 0;
+        pr_debug("Look up: \"%s\"\n", id);
+        key = keyring_search(make_key_ref(modsign_keyring, 1),
+                             &key_type_asymmetric, id);
+        if (IS_ERR(key))
+                pr_warn("Request for unknown module key '%s' err %ld\n",
+                        id, PTR_ERR(key));
+        kfree(id);
+        if (IS_ERR(key)) {
+                switch (PTR_ERR(key)) {
+                        /* Hide some search errors */
+                case -EACCES:
+                case -ENOTDIR:
+                case -EAGAIN:
+                        return ERR_PTR(-ENOKEY);
+                default:
+                        return ERR_CAST(key);
+                }
+        }
+        pr_devel("<==%s() = 0 [%x]\n", __func__, key_serial(key_ref_to_ptr(key)));
+        return key_ref_to_ptr(key);
+}
+/*
 * Verify the signature on a module.
 */
 int mod_verify_sig(const void *mod, unsigned long modlen,
                   const void *sig, unsigned long siglen)
 {
-        return -ENOKEY;
+        struct public_key_signature *pks;
+        struct module_signature ms;
+        struct key *key;
+        size_t sig_len;
+        int ret;
+        pr_devel("==>%s(,%lu,,%lu,)\n", __func__, modlen, siglen);
+        if (siglen <= sizeof(ms))
+                return -EBADMSG;
+        memcpy(&ms, sig + (siglen - sizeof(ms)), sizeof(ms));
+        siglen -= sizeof(ms);
+        sig_len = be32_to_cpu(ms.sig_len);
+        if (sig_len >= siglen ||
+            siglen - sig_len != (size_t)ms.signer_len + ms.key_id_len)
+                return -EBADMSG;
+        /* For the moment, only support RSA and X.509 identifiers */
+        if (ms.algo != PKEY_ALGO_RSA ||
+            ms.id_type != PKEY_ID_X509)
+                return -ENOPKG;
+        if (ms.hash >= PKEY_HASH__LAST ||
+            !pkey_hash_algo[ms.hash])
+                return -ENOPKG;
+        key = request_asymmetric_key(sig, ms.signer_len,
+                                     sig + ms.signer_len, ms.key_id_len);
+        if (IS_ERR(key))
+                return PTR_ERR(key);
+        pks = mod_make_digest(ms.hash, mod, modlen);
+        if (IS_ERR(pks)) {
+                ret = PTR_ERR(pks);
+                goto error_put_key;
+        }
+        ret = mod_extract_mpi_array(pks, sig + ms.signer_len + ms.key_id_len,
+                                    sig_len);
+        if (ret < 0)
+                goto error_free_pks;
+        ret = verify_signature(key, pks);
+        pr_devel("verify_signature() = %d\n", ret);
+error_free_pks:
+        mpi_free(pks->rsa.s);
+        kfree(pks);
+error_put_key:
+        key_put(key);
+        pr_devel("<==%s() = %d\n", __func__, ret);
+        return ret;     
 }

diff --git a/init/Kconfig b/init/Kconfig index 00d45799dee1..abc6e63f2fb8 100644 --- a/init/Kconfig +++ b/init/Kconfig
@@ -1588,6 +1588,14 @@ config MODULE_SRCVERSION_ALL
1588	config MODULE_SIG	1588	config MODULE_SIG
1589	bool "Module signature verification"	1589	bool "Module signature verification"
1590	depends on MODULES	1590	depends on MODULES
		1591	select KEYS
		1592	select CRYPTO
		1593	select ASYMMETRIC_KEY_TYPE
		1594	select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
		1595	select PUBLIC_KEY_ALGO_RSA
		1596	select ASN1
		1597	select OID_REGISTRY
		1598	select X509_CERTIFICATE_PARSER
1591	help	1599	help
1592	Check modules for valid signatures upon load: the signature	1600	Check modules for valid signatures upon load: the signature
1593	is simply appended to the module. For more information see	1601	is simply appended to the module. For more information see


diff --git a/kernel/module_signing.c b/kernel/module_signing.c index 499728aecafb..6b09f6983ac0 100644 --- a/kernel/module_signing.c +++ b/kernel/module_signing.c
@@ -11,13 +11,233 @@
11		11
12	#include <linux/kernel.h>	12	#include <linux/kernel.h>
13	#include <linux/err.h>	13	#include <linux/err.h>
		14	#include <crypto/public_key.h>
		15	#include <crypto/hash.h>
		16	#include <keys/asymmetric-type.h>
14	#include "module-internal.h"	17	#include "module-internal.h"
15		18
16	/*	19	/*
		20	* Module signature information block.
		21	*
		22	* The constituents of the signature section are, in order:
		23	*
		24	* - Signer's name
		25	* - Key identifier
		26	* - Signature data
		27	* - Information block
		28	*/
		29	struct module_signature {
		30	enum pkey_algo algo : 8; /* Public-key crypto algorithm */
		31	enum pkey_hash_algo hash : 8; /* Digest algorithm */
		32	enum pkey_id_type id_type : 8; /* Key identifier type */
		33	u8 signer_len; /* Length of signer's name */
		34	u8 key_id_len; /* Length of key identifier */
		35	u8 __pad[3];
		36	__be32 sig_len; /* Length of signature data */
		37	};
		38
		39	/*
		40	* Digest the module contents.
		41	*/
		42	static struct public_key_signature *mod_make_digest(enum pkey_hash_algo hash,
		43	const void *mod,
		44	unsigned long modlen)
		45	{
		46	struct public_key_signature *pks;
		47	struct crypto_shash *tfm;
		48	struct shash_desc *desc;
		49	size_t digest_size, desc_size;
		50	int ret;
		51
		52	pr_devel("==>%s()\n", __func__);
		53
		54	/* Allocate the hashing algorithm we're going to need and find out how
		55	* big the hash operational data will be.
		56	*/
		57	tfm = crypto_alloc_shash(pkey_hash_algo[hash], 0, 0);
		58	if (IS_ERR(tfm))
		59	return (PTR_ERR(tfm) == -ENOENT) ? ERR_PTR(-ENOPKG) : ERR_CAST(tfm);
		60
		61	desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
		62	digest_size = crypto_shash_digestsize(tfm);
		63
		64	/* We allocate the hash operational data storage on the end of our
		65	* context data and the digest output buffer on the end of that.
		66	*/
		67	ret = -ENOMEM;
		68	pks = kzalloc(digest_size + sizeof(*pks) + desc_size, GFP_KERNEL);
		69	if (!pks)
		70	goto error_no_pks;
		71
		72	pks->pkey_hash_algo = hash;
		73	pks->digest = (u8 )pks + sizeof(pks) + desc_size;
		74	pks->digest_size = digest_size;
		75
		76	desc = (void )pks + sizeof(pks);
		77	desc->tfm = tfm;
		78	desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
		79
		80	ret = crypto_shash_init(desc);
		81	if (ret < 0)
		82	goto error;
		83
		84	ret = crypto_shash_finup(desc, mod, modlen, pks->digest);
		85	if (ret < 0)
		86	goto error;
		87
		88	crypto_free_shash(tfm);
		89	pr_devel("<==%s() = ok\n", __func__);
		90	return pks;
		91
		92	error:
		93	kfree(pks);
		94	error_no_pks:
		95	crypto_free_shash(tfm);
		96	pr_devel("<==%s() = %d\n", __func__, ret);
		97	return ERR_PTR(ret);
		98	}
		99
		100	/*
		101	* Extract an MPI array from the signature data. This represents the actual
		102	* signature. Each raw MPI is prefaced by a BE 2-byte value indicating the
		103	* size of the MPI in bytes.
		104	*
		105	* RSA signatures only have one MPI, so currently we only read one.
		106	*/
		107	static int mod_extract_mpi_array(struct public_key_signature *pks,
		108	const void *data, size_t len)
		109	{
		110	size_t nbytes;
		111	MPI mpi;
		112
		113	if (len < 3)
		114	return -EBADMSG;
		115	nbytes = ((const u8 )data)[0] << 8 \| ((const u8 )data)[1];
		116	data += 2;
		117	len -= 2;
		118	if (len != nbytes)
		119	return -EBADMSG;
		120
		121	mpi = mpi_read_raw_data(data, nbytes);
		122	if (!mpi)
		123	return -ENOMEM;
		124	pks->mpi[0] = mpi;
		125	pks->nr_mpi = 1;
		126	return 0;
		127	}
		128
		129	/*
		130	* Request an asymmetric key.
		131	*/
		132	static struct key request_asymmetric_key(const char signer, size_t signer_len,
		133	const u8 *key_id, size_t key_id_len)
		134	{
		135	key_ref_t key;
		136	size_t i;
		137	char id, q;
		138
		139	pr_devel("==>%s(,%zu,,%zu)\n", __func__, signer_len, key_id_len);
		140
		141	/* Construct an identifier. */
		142	id = kmalloc(signer_len + 2 + key_id_len * 2 + 1, GFP_KERNEL);
		143	if (!id)
		144	return ERR_PTR(-ENOKEY);
		145
		146	memcpy(id, signer, signer_len);
		147
		148	q = id + signer_len;
		149	*q++ = ':';
		150	*q++ = ' ';
		151	for (i = 0; i < key_id_len; i++) {
		152	q++ = hex_asc[key_id >> 4];
		153	q++ = hex_asc[key_id++ & 0x0f];
		154	}
		155
		156	*q = 0;
		157
		158	pr_debug("Look up: \"%s\"\n", id);
		159
		160	key = keyring_search(make_key_ref(modsign_keyring, 1),
		161	&key_type_asymmetric, id);
		162	if (IS_ERR(key))
		163	pr_warn("Request for unknown module key '%s' err %ld\n",
		164	id, PTR_ERR(key));
		165	kfree(id);
		166
		167	if (IS_ERR(key)) {
		168	switch (PTR_ERR(key)) {
		169	/* Hide some search errors */
		170	case -EACCES:
		171	case -ENOTDIR:
		172	case -EAGAIN:
		173	return ERR_PTR(-ENOKEY);
		174	default:
		175	return ERR_CAST(key);
		176	}
		177	}
		178
		179	pr_devel("<==%s() = 0 [%x]\n", __func__, key_serial(key_ref_to_ptr(key)));
		180	return key_ref_to_ptr(key);
		181	}
		182
		183	/*
17	* Verify the signature on a module.	184	* Verify the signature on a module.
18	*/	185	*/
19	int mod_verify_sig(const void *mod, unsigned long modlen,	186	int mod_verify_sig(const void *mod, unsigned long modlen,
20	const void *sig, unsigned long siglen)	187	const void *sig, unsigned long siglen)
21	{	188	{
22	return -ENOKEY;	189	struct public_key_signature *pks;
		190	struct module_signature ms;
		191	struct key *key;
		192	size_t sig_len;
		193	int ret;
		194
		195	pr_devel("==>%s(,%lu,,%lu,)\n", __func__, modlen, siglen);
		196
		197	if (siglen <= sizeof(ms))
		198	return -EBADMSG;
		199
		200	memcpy(&ms, sig + (siglen - sizeof(ms)), sizeof(ms));
		201	siglen -= sizeof(ms);
		202
		203	sig_len = be32_to_cpu(ms.sig_len);
		204	if (sig_len >= siglen \|\|
		205	siglen - sig_len != (size_t)ms.signer_len + ms.key_id_len)
		206	return -EBADMSG;
		207
		208	/* For the moment, only support RSA and X.509 identifiers */
		209	if (ms.algo != PKEY_ALGO_RSA \|\|
		210	ms.id_type != PKEY_ID_X509)
		211	return -ENOPKG;
		212
		213	if (ms.hash >= PKEY_HASH__LAST \|\|
		214	!pkey_hash_algo[ms.hash])
		215	return -ENOPKG;
		216
		217	key = request_asymmetric_key(sig, ms.signer_len,
		218	sig + ms.signer_len, ms.key_id_len);
		219	if (IS_ERR(key))
		220	return PTR_ERR(key);
		221
		222	pks = mod_make_digest(ms.hash, mod, modlen);
		223	if (IS_ERR(pks)) {
		224	ret = PTR_ERR(pks);
		225	goto error_put_key;
		226	}
		227
		228	ret = mod_extract_mpi_array(pks, sig + ms.signer_len + ms.key_id_len,
		229	sig_len);
		230	if (ret < 0)
		231	goto error_free_pks;
		232
		233	ret = verify_signature(key, pks);
		234	pr_devel("verify_signature() = %d\n", ret);
		235
		236	error_free_pks:
		237	mpi_free(pks->rsa.s);
		238	kfree(pks);
		239	error_put_key:
		240	key_put(key);
		241	pr_devel("<==%s() = %d\n", __func__, ret);
		242	return ret;
23	}	243	}