Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
module_signing.c
Go to the documentation of this file.
1 /* Module signature checker
2  *
3  * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells ([email protected])
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public Licence
8  * as published by the Free Software Foundation; either version
9  * 2 of the Licence, or (at your option) any later version.
10  */
11 
12 #include <linux/kernel.h>
13 #include <linux/err.h>
14 #include <crypto/public_key.h>
15 #include <crypto/hash.h>
16 #include <keys/asymmetric-type.h>
17 #include "module-internal.h"
18 
19 /*
20  * Module signature information block.
21  *
22  * The constituents of the signature section are, in order:
23  *
24  * - Signer's name
25  * - Key identifier
26  * - Signature data
27  * - Information block
28  */
30  u8 algo; /* Public-key crypto algorithm [enum pkey_algo] */
31  u8 hash; /* Digest algorithm [enum pkey_hash_algo] */
32  u8 id_type; /* Key identifier type [enum pkey_id_type] */
33  u8 signer_len; /* Length of signer's name */
34  u8 key_id_len; /* Length of key identifier */
35  u8 __pad[3];
36  __be32 sig_len; /* Length of signature data */
37 };
38 
39 /*
40  * Digest the module contents.
41  */
42 static struct public_key_signature *mod_make_digest(enum pkey_hash_algo hash,
43  const void *mod,
44  unsigned long modlen)
45 {
46  struct public_key_signature *pks;
47  struct crypto_shash *tfm;
48  struct shash_desc *desc;
49  size_t digest_size, desc_size;
50  int ret;
51 
52  pr_devel("==>%s()\n", __func__);
53 
54  /* Allocate the hashing algorithm we're going to need and find out how
55  * big the hash operational data will be.
56  */
57  tfm = crypto_alloc_shash(pkey_hash_algo[hash], 0, 0);
58  if (IS_ERR(tfm))
59  return (PTR_ERR(tfm) == -ENOENT) ? ERR_PTR(-ENOPKG) : ERR_CAST(tfm);
60 
61  desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
62  digest_size = crypto_shash_digestsize(tfm);
63 
64  /* We allocate the hash operational data storage on the end of our
65  * context data and the digest output buffer on the end of that.
66  */
67  ret = -ENOMEM;
68  pks = kzalloc(digest_size + sizeof(*pks) + desc_size, GFP_KERNEL);
69  if (!pks)
70  goto error_no_pks;
71 
72  pks->pkey_hash_algo = hash;
73  pks->digest = (u8 *)pks + sizeof(*pks) + desc_size;
74  pks->digest_size = digest_size;
75 
76  desc = (void *)pks + sizeof(*pks);
77  desc->tfm = tfm;
79 
80  ret = crypto_shash_init(desc);
81  if (ret < 0)
82  goto error;
83 
84  ret = crypto_shash_finup(desc, mod, modlen, pks->digest);
85  if (ret < 0)
86  goto error;
87 
88  crypto_free_shash(tfm);
89  pr_devel("<==%s() = ok\n", __func__);
90  return pks;
91 
92 error:
93  kfree(pks);
94 error_no_pks:
95  crypto_free_shash(tfm);
96  pr_devel("<==%s() = %d\n", __func__, ret);
97  return ERR_PTR(ret);
98 }
99 
100 /*
101  * Extract an MPI array from the signature data. This represents the actual
102  * signature. Each raw MPI is prefaced by a BE 2-byte value indicating the
103  * size of the MPI in bytes.
104  *
105  * RSA signatures only have one MPI, so currently we only read one.
106  */
107 static int mod_extract_mpi_array(struct public_key_signature *pks,
108  const void *data, size_t len)
109 {
110  size_t nbytes;
111  MPI mpi;
112 
113  if (len < 3)
114  return -EBADMSG;
115  nbytes = ((const u8 *)data)[0] << 8 | ((const u8 *)data)[1];
116  data += 2;
117  len -= 2;
118  if (len != nbytes)
119  return -EBADMSG;
120 
121  mpi = mpi_read_raw_data(data, nbytes);
122  if (!mpi)
123  return -ENOMEM;
124  pks->mpi[0] = mpi;
125  pks->nr_mpi = 1;
126  return 0;
127 }
128 
129 /*
130  * Request an asymmetric key.
131  */
132 static struct key *request_asymmetric_key(const char *signer, size_t signer_len,
133  const u8 *key_id, size_t key_id_len)
134 {
135  key_ref_t key;
136  size_t i;
137  char *id, *q;
138 
139  pr_devel("==>%s(,%zu,,%zu)\n", __func__, signer_len, key_id_len);
140 
141  /* Construct an identifier. */
142  id = kmalloc(signer_len + 2 + key_id_len * 2 + 1, GFP_KERNEL);
143  if (!id)
144  return ERR_PTR(-ENOKEY);
145 
146  memcpy(id, signer, signer_len);
147 
148  q = id + signer_len;
149  *q++ = ':';
150  *q++ = ' ';
151  for (i = 0; i < key_id_len; i++) {
152  *q++ = hex_asc[*key_id >> 4];
153  *q++ = hex_asc[*key_id++ & 0x0f];
154  }
155 
156  *q = 0;
157 
158  pr_debug("Look up: \"%s\"\n", id);
159 
160  key = keyring_search(make_key_ref(modsign_keyring, 1),
161  &key_type_asymmetric, id);
162  if (IS_ERR(key))
163  pr_warn("Request for unknown module key '%s' err %ld\n",
164  id, PTR_ERR(key));
165  kfree(id);
166 
167  if (IS_ERR(key)) {
168  switch (PTR_ERR(key)) {
169  /* Hide some search errors */
170  case -EACCES:
171  case -ENOTDIR:
172  case -EAGAIN:
173  return ERR_PTR(-ENOKEY);
174  default:
175  return ERR_CAST(key);
176  }
177  }
178 
179  pr_devel("<==%s() = 0 [%x]\n", __func__, key_serial(key_ref_to_ptr(key)));
180  return key_ref_to_ptr(key);
181 }
182 
183 /*
184  * Verify the signature on a module.
185  */
186 int mod_verify_sig(const void *mod, unsigned long *_modlen)
187 {
188  struct public_key_signature *pks;
189  struct module_signature ms;
190  struct key *key;
191  const void *sig;
192  size_t modlen = *_modlen, sig_len;
193  int ret;
194 
195  pr_devel("==>%s(,%zu)\n", __func__, modlen);
196 
197  if (modlen <= sizeof(ms))
198  return -EBADMSG;
199 
200  memcpy(&ms, mod + (modlen - sizeof(ms)), sizeof(ms));
201  modlen -= sizeof(ms);
202 
203  sig_len = be32_to_cpu(ms.sig_len);
204  if (sig_len >= modlen)
205  return -EBADMSG;
206  modlen -= sig_len;
207  if ((size_t)ms.signer_len + ms.key_id_len >= modlen)
208  return -EBADMSG;
209  modlen -= (size_t)ms.signer_len + ms.key_id_len;
210 
211  *_modlen = modlen;
212  sig = mod + modlen;
213 
214  /* For the moment, only support RSA and X.509 identifiers */
215  if (ms.algo != PKEY_ALGO_RSA ||
216  ms.id_type != PKEY_ID_X509)
217  return -ENOPKG;
218 
219  if (ms.hash >= PKEY_HASH__LAST ||
220  !pkey_hash_algo[ms.hash])
221  return -ENOPKG;
222 
223  key = request_asymmetric_key(sig, ms.signer_len,
224  sig + ms.signer_len, ms.key_id_len);
225  if (IS_ERR(key))
226  return PTR_ERR(key);
227 
228  pks = mod_make_digest(ms.hash, mod, modlen);
229  if (IS_ERR(pks)) {
230  ret = PTR_ERR(pks);
231  goto error_put_key;
232  }
233 
234  ret = mod_extract_mpi_array(pks, sig + ms.signer_len + ms.key_id_len,
235  sig_len);
236  if (ret < 0)
237  goto error_free_pks;
238 
239  ret = verify_signature(key, pks);
240  pr_devel("verify_signature() = %d\n", ret);
241 
242 error_free_pks:
243  mpi_free(pks->rsa.s);
244  kfree(pks);
245 error_put_key:
246  key_put(key);
247  pr_devel("<==%s() = %d\n", __func__, ret);
248  return ret;
249 }