the-tree/lib/digsig.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  * Copyright (C) 2011 Nokia Corporation
0004  * Copyright (C) 2011 Intel Corporation
0005  *
0006  * Author:
0007  * Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
0008  *                 <dmitry.kasatkin@intel.com>
0009  *
0010  * File: sign.c
0011  *  implements signature (RSA) verification
0012  *  pkcs decoding is based on LibTomCrypt code
0013  */
0014
0015 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
0016
0017 #include <linux/err.h>
0018 #include <linux/module.h>
0019 #include <linux/slab.h>
0020 #include <linux/key.h>
0021 #include <linux/crypto.h>
0022 #include <crypto/hash.h>
0023 #include <crypto/sha1.h>
0024 #include <keys/user-type.h>
0025 #include <linux/mpi.h>
0026 #include <linux/digsig.h>
0027
0028 static struct crypto_shash *shash;
0029
0030 static const char *pkcs_1_v1_5_decode_emsa(const unsigned char *msg,
0031                         unsigned long  msglen,
0032                         unsigned long  modulus_bitlen,
0033                         unsigned long *outlen)
0034 {
0035     unsigned long modulus_len, ps_len, i;
0036
0037     modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0);
0038
0039     /* test message size */
0040     if ((msglen > modulus_len) || (modulus_len < 11))
0041         return NULL;
0042
0043     /* separate encoded message */
0044     if (msg[0] != 0x00 || msg[1] != 0x01)
0045         return NULL;
0046
0047     for (i = 2; i < modulus_len - 1; i++)
0048         if (msg[i] != 0xFF)
0049             break;
0050
0051     /* separator check */
0052     if (msg[i] != 0)
0053         /* There was no octet with hexadecimal value 0x00
0054         to separate ps from m. */
0055         return NULL;
0056
0057     ps_len = i - 2;
0058
0059     *outlen = (msglen - (2 + ps_len + 1));
0060
0061     return msg + 2 + ps_len + 1;
0062 }
0063
0064 /*
0065  * RSA Signature verification with public key
0066  */
0067 static int digsig_verify_rsa(struct key *key,
0068             const char *sig, int siglen,
0069                const char *h, int hlen)
0070 {
0071     int err = -EINVAL;
0072     unsigned long len;
0073     unsigned long mlen, mblen;
0074     unsigned nret, l;
0075     int head, i;
0076     unsigned char *out1 = NULL;
0077     const char *m;
0078     MPI in = NULL, res = NULL, pkey[2];
0079     uint8_t *p, *datap;
0080     const uint8_t *endp;
0081     const struct user_key_payload *ukp;
0082     struct pubkey_hdr *pkh;
0083
0084     down_read(&key->sem);
0085     ukp = user_key_payload_locked(key);
0086
0087     if (!ukp) {
0088         /* key was revoked before we acquired its semaphore */
0089         err = -EKEYREVOKED;
0090         goto err1;
0091     }
0092
0093     if (ukp->datalen < sizeof(*pkh))
0094         goto err1;
0095
0096     pkh = (struct pubkey_hdr *)ukp->data;
0097
0098     if (pkh->version != 1)
0099         goto err1;
0100
0101     if (pkh->algo != PUBKEY_ALGO_RSA)
0102         goto err1;
0103
0104     if (pkh->nmpi != 2)
0105         goto err1;
0106
0107     datap = pkh->mpi;
0108     endp = ukp->data + ukp->datalen;
0109
0110     for (i = 0; i < pkh->nmpi; i++) {
0111         unsigned int remaining = endp - datap;
0112         pkey[i] = mpi_read_from_buffer(datap, &remaining);
0113         if (IS_ERR(pkey[i])) {
0114             err = PTR_ERR(pkey[i]);
0115             goto err;
0116         }
0117         datap += remaining;
0118     }
0119
0120     mblen = mpi_get_nbits(pkey[0]);
0121     mlen = DIV_ROUND_UP(mblen, 8);
0122
0123     if (mlen == 0) {
0124         err = -EINVAL;
0125         goto err;
0126     }
0127
0128     err = -ENOMEM;
0129
0130     out1 = kzalloc(mlen, GFP_KERNEL);
0131     if (!out1)
0132         goto err;
0133
0134     nret = siglen;
0135     in = mpi_read_from_buffer(sig, &nret);
0136     if (IS_ERR(in)) {
0137         err = PTR_ERR(in);
0138         goto err;
0139     }
0140
0141     res = mpi_alloc(mpi_get_nlimbs(in) * 2);
0142     if (!res)
0143         goto err;
0144
0145     err = mpi_powm(res, in, pkey[1], pkey[0]);
0146     if (err)
0147         goto err;
0148
0149     if (mpi_get_nlimbs(res) * BYTES_PER_MPI_LIMB > mlen) {
0150         err = -EINVAL;
0151         goto err;
0152     }
0153
0154     p = mpi_get_buffer(res, &l, NULL);
0155     if (!p) {
0156         err = -EINVAL;
0157         goto err;
0158     }
0159
0160     len = mlen;
0161     head = len - l;
0162     memset(out1, 0, head);
0163     memcpy(out1 + head, p, l);
0164
0165     kfree(p);
0166
0167     m = pkcs_1_v1_5_decode_emsa(out1, len, mblen, &len);
0168
0169     if (!m || len != hlen || memcmp(m, h, hlen))
0170         err = -EINVAL;
0171
0172 err:
0173     mpi_free(in);
0174     mpi_free(res);
0175     kfree(out1);
0176     while (--i >= 0)
0177         mpi_free(pkey[i]);
0178 err1:
0179     up_read(&key->sem);
0180
0181     return err;
0182 }
0183
0184 /**
0185  * digsig_verify() - digital signature verification with public key
0186  * @keyring:    keyring to search key in
0187  * @sig:    digital signature
0188  * @siglen: length of the signature
0189  * @data:   data
0190  * @datalen:    length of the data
0191  *
0192  * Returns 0 on success, -EINVAL otherwise
0193  *
0194  * Verifies data integrity against digital signature.
0195  * Currently only RSA is supported.
0196  * Normally hash of the content is used as a data for this function.
0197  *
0198  */
0199 int digsig_verify(struct key *keyring, const char *sig, int siglen,
0200                         const char *data, int datalen)
0201 {
0202     int err = -ENOMEM;
0203     struct signature_hdr *sh = (struct signature_hdr *)sig;
0204     struct shash_desc *desc = NULL;
0205     unsigned char hash[SHA1_DIGEST_SIZE];
0206     struct key *key;
0207     char name[20];
0208
0209     if (siglen < sizeof(*sh) + 2)
0210         return -EINVAL;
0211
0212     if (sh->algo != PUBKEY_ALGO_RSA)
0213         return -ENOTSUPP;
0214
0215     sprintf(name, "%llX", __be64_to_cpup((uint64_t *)sh->keyid));
0216
0217     if (keyring) {
0218         /* search in specific keyring */
0219         key_ref_t kref;
0220         kref = keyring_search(make_key_ref(keyring, 1UL),
0221                       &key_type_user, name, true);
0222         if (IS_ERR(kref))
0223             key = ERR_CAST(kref);
0224         else
0225             key = key_ref_to_ptr(kref);
0226     } else {
0227         key = request_key(&key_type_user, name, NULL);
0228     }
0229     if (IS_ERR(key)) {
0230         pr_err("key not found, id: %s\n", name);
0231         return PTR_ERR(key);
0232     }
0233
0234     desc = kzalloc(sizeof(*desc) + crypto_shash_descsize(shash),
0235                GFP_KERNEL);
0236     if (!desc)
0237         goto err;
0238
0239     desc->tfm = shash;
0240
0241     crypto_shash_init(desc);
0242     crypto_shash_update(desc, data, datalen);
0243     crypto_shash_update(desc, sig, sizeof(*sh));
0244     crypto_shash_final(desc, hash);
0245
0246     kfree(desc);
0247
0248     /* pass signature mpis address */
0249     err = digsig_verify_rsa(key, sig + sizeof(*sh), siglen - sizeof(*sh),
0250                  hash, sizeof(hash));
0251
0252 err:
0253     key_put(key);
0254
0255     return err ? -EINVAL : 0;
0256 }
0257 EXPORT_SYMBOL_GPL(digsig_verify);
0258
0259 static int __init digsig_init(void)
0260 {
0261     shash = crypto_alloc_shash("sha1", 0, 0);
0262     if (IS_ERR(shash)) {
0263         pr_err("shash allocation failed\n");
0264         return  PTR_ERR(shash);
0265     }
0266
0267     return 0;
0268
0269 }
0270
0271 static void __exit digsig_cleanup(void)
0272 {
0273     crypto_free_shash(shash);
0274 }
0275
0276 module_init(digsig_init);
0277 module_exit(digsig_cleanup);
0278
0279 MODULE_LICENSE("GPL");