~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/integrity/digsig_asymmetric.c

Version: ~ [ linux-6.11-rc3 ] ~ [ linux-6.10.4 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.45 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.104 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.164 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.223 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.281 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.319 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~ 
  1 // SPDX-License-Identifier: GPL-2.0-only
  2 /*
  3  * Copyright (C) 2013 Intel Corporation
  4  *
  5  * Author:
  6  * Dmitry Kasatkin <dmitry.kasatkin@intel.com>
  7  */
  8 
  9 #include <linux/err.h>
 10 #include <linux/ratelimit.h>
 11 #include <linux/key-type.h>
 12 #include <crypto/public_key.h>
 13 #include <crypto/hash_info.h>
 14 #include <keys/asymmetric-type.h>
 15 #include <keys/system_keyring.h>
 16 
 17 #include "integrity.h"
 18 
 19 /*
 20  * Request an asymmetric key.
 21  */
 22 static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid)
 23 {
 24         struct key *key;
 25         char name[12];
 26 
 27         sprintf(name, "id:%08x", keyid);
 28 
 29         pr_debug("key search: \"%s\"\n", name);
 30 
 31         key = get_ima_blacklist_keyring();
 32         if (key) {
 33                 key_ref_t kref;
 34 
 35                 kref = keyring_search(make_key_ref(key, 1),
 36                                       &key_type_asymmetric, name, true);
 37                 if (!IS_ERR(kref)) {
 38                         pr_err("Key '%s' is in ima_blacklist_keyring\n", name);
 39                         return ERR_PTR(-EKEYREJECTED);
 40                 }
 41         }
 42 
 43         if (keyring) {
 44                 /* search in specific keyring */
 45                 key_ref_t kref;
 46 
 47                 kref = keyring_search(make_key_ref(keyring, 1),
 48                                       &key_type_asymmetric, name, true);
 49                 if (IS_ERR(kref))
 50                         key = ERR_CAST(kref);
 51                 else
 52                         key = key_ref_to_ptr(kref);
 53         } else {
 54                 key = request_key(&key_type_asymmetric, name, NULL);
 55         }
 56 
 57         if (IS_ERR(key)) {
 58                 if (keyring)
 59                         pr_err_ratelimited("Request for unknown key '%s' in '%s' keyring. err %ld\n",
 60                                            name, keyring->description,
 61                                            PTR_ERR(key));
 62                 else
 63                         pr_err_ratelimited("Request for unknown key '%s' err %ld\n",
 64                                            name, PTR_ERR(key));
 65 
 66                 switch (PTR_ERR(key)) {
 67                         /* Hide some search errors */
 68                 case -EACCES:
 69                 case -ENOTDIR:
 70                 case -EAGAIN:
 71                         return ERR_PTR(-ENOKEY);
 72                 default:
 73                         return key;
 74                 }
 75         }
 76 
 77         pr_debug("%s() = 0 [%x]\n", __func__, key_serial(key));
 78 
 79         return key;
 80 }
 81 
 82 int asymmetric_verify(struct key *keyring, const char *sig,
 83                       int siglen, const char *data, int datalen)
 84 {
 85         struct public_key_signature pks;
 86         struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig;
 87         const struct public_key *pk;
 88         struct key *key;
 89         int ret;
 90 
 91         if (siglen <= sizeof(*hdr))
 92                 return -EBADMSG;
 93 
 94         siglen -= sizeof(*hdr);
 95 
 96         if (siglen != be16_to_cpu(hdr->sig_size))
 97                 return -EBADMSG;
 98 
 99         if (hdr->hash_algo >= HASH_ALGO__LAST)
100                 return -ENOPKG;
101 
102         key = request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid));
103         if (IS_ERR(key))
104                 return PTR_ERR(key);
105 
106         memset(&pks, 0, sizeof(pks));
107 
108         pks.hash_algo = hash_algo_name[hdr->hash_algo];
109 
110         pk = asymmetric_key_public_key(key);
111         pks.pkey_algo = pk->pkey_algo;
112         if (!strcmp(pk->pkey_algo, "rsa")) {
113                 pks.encoding = "pkcs1";
114         } else if (!strncmp(pk->pkey_algo, "ecdsa-", 6)) {
115                 /* edcsa-nist-p192 etc. */
116                 pks.encoding = "x962";
117         } else if (!strcmp(pk->pkey_algo, "ecrdsa")) {
118                 pks.encoding = "raw";
119         } else {
120                 ret = -ENOPKG;
121                 goto out;
122         }
123 
124         pks.digest = (u8 *)data;
125         pks.digest_size = datalen;
126         pks.s = hdr->sig;
127         pks.s_size = siglen;
128         ret = verify_signature(key, &pks);
129 out:
130         key_put(key);
131         pr_debug("%s() = %d\n", __func__, ret);
132         return ret;
133 }
134
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php