digsig.c 4.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /*
  3. * Copyright (C) 2011 Nokia Corporation
  4. * Copyright (C) 2011 Intel Corporation
  5. *
  6. * Author:
  7. * Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
  8. * <dmitry.kasatkin@intel.com>
  9. *
  10. * File: sign.c
  11. * implements signature (RSA) verification
  12. * pkcs decoding is based on LibTomCrypt code
  13. */
  14. #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  15. #include <linux/err.h>
  16. #include <linux/module.h>
  17. #include <linux/slab.h>
  18. #include <linux/key.h>
  19. #include <crypto/sha1.h>
  20. #include <keys/user-type.h>
  21. #include <linux/mpi.h>
  22. #include <linux/digsig.h>
  23. static const char *pkcs_1_v1_5_decode_emsa(const unsigned char *msg,
  24. unsigned long msglen,
  25. unsigned long modulus_bitlen,
  26. unsigned long *outlen)
  27. {
  28. unsigned long modulus_len, ps_len, i;
  29. modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0);
  30. /* test message size */
  31. if ((msglen > modulus_len) || (modulus_len < 11))
  32. return NULL;
  33. /* separate encoded message */
  34. if (msg[0] != 0x00 || msg[1] != 0x01)
  35. return NULL;
  36. for (i = 2; i < modulus_len - 1; i++)
  37. if (msg[i] != 0xFF)
  38. break;
  39. /* separator check */
  40. if (msg[i] != 0)
  41. /* There was no octet with hexadecimal value 0x00
  42. to separate ps from m. */
  43. return NULL;
  44. ps_len = i - 2;
  45. *outlen = (msglen - (2 + ps_len + 1));
  46. return msg + 2 + ps_len + 1;
  47. }
  48. /*
  49. * RSA Signature verification with public key
  50. */
  51. static int digsig_verify_rsa(struct key *key,
  52. const char *sig, int siglen,
  53. const char *h, int hlen)
  54. {
  55. int err = -EINVAL;
  56. unsigned long len;
  57. unsigned long mlen, mblen;
  58. unsigned nret, l;
  59. int head, i;
  60. unsigned char *out1 = NULL;
  61. const char *m;
  62. MPI in = NULL, res = NULL, pkey[2];
  63. uint8_t *p, *datap;
  64. const uint8_t *endp;
  65. const struct user_key_payload *ukp;
  66. struct pubkey_hdr *pkh;
  67. down_read(&key->sem);
  68. ukp = user_key_payload_locked(key);
  69. if (!ukp) {
  70. /* key was revoked before we acquired its semaphore */
  71. err = -EKEYREVOKED;
  72. goto err1;
  73. }
  74. if (ukp->datalen < sizeof(*pkh))
  75. goto err1;
  76. pkh = (struct pubkey_hdr *)ukp->data;
  77. if (pkh->version != 1)
  78. goto err1;
  79. if (pkh->algo != PUBKEY_ALGO_RSA)
  80. goto err1;
  81. if (pkh->nmpi != 2)
  82. goto err1;
  83. datap = pkh->mpi;
  84. endp = ukp->data + ukp->datalen;
  85. for (i = 0; i < pkh->nmpi; i++) {
  86. unsigned int remaining = endp - datap;
  87. pkey[i] = mpi_read_from_buffer(datap, &remaining);
  88. if (IS_ERR(pkey[i])) {
  89. err = PTR_ERR(pkey[i]);
  90. goto err;
  91. }
  92. datap += remaining;
  93. }
  94. mblen = mpi_get_nbits(pkey[0]);
  95. mlen = DIV_ROUND_UP(mblen, 8);
  96. if (mlen == 0) {
  97. err = -EINVAL;
  98. goto err;
  99. }
  100. err = -ENOMEM;
  101. out1 = kzalloc(mlen, GFP_KERNEL);
  102. if (!out1)
  103. goto err;
  104. nret = siglen;
  105. in = mpi_read_from_buffer(sig, &nret);
  106. if (IS_ERR(in)) {
  107. err = PTR_ERR(in);
  108. goto err;
  109. }
  110. res = mpi_alloc(mpi_get_nlimbs(in) * 2);
  111. if (!res)
  112. goto err;
  113. err = mpi_powm(res, in, pkey[1], pkey[0]);
  114. if (err)
  115. goto err;
  116. if (mpi_get_nlimbs(res) * BYTES_PER_MPI_LIMB > mlen) {
  117. err = -EINVAL;
  118. goto err;
  119. }
  120. p = mpi_get_buffer(res, &l, NULL);
  121. if (!p) {
  122. err = -EINVAL;
  123. goto err;
  124. }
  125. len = mlen;
  126. head = len - l;
  127. memcpy(out1 + head, p, l);
  128. kfree(p);
  129. m = pkcs_1_v1_5_decode_emsa(out1, len, mblen, &len);
  130. if (!m || len != hlen || memcmp(m, h, hlen))
  131. err = -EINVAL;
  132. err:
  133. mpi_free(in);
  134. mpi_free(res);
  135. kfree(out1);
  136. while (--i >= 0)
  137. mpi_free(pkey[i]);
  138. err1:
  139. up_read(&key->sem);
  140. return err;
  141. }
  142. /**
  143. * digsig_verify() - digital signature verification with public key
  144. * @keyring: keyring to search key in
  145. * @sig: digital signature
  146. * @siglen: length of the signature
  147. * @data: data
  148. * @datalen: length of the data
  149. *
  150. * Returns 0 on success, -EINVAL otherwise
  151. *
  152. * Verifies data integrity against digital signature.
  153. * Currently only RSA is supported.
  154. * Normally hash of the content is used as a data for this function.
  155. *
  156. */
  157. int digsig_verify(struct key *keyring, const char *sig, int siglen,
  158. const char *data, int datalen)
  159. {
  160. struct signature_hdr *sh = (struct signature_hdr *)sig;
  161. struct sha1_ctx ctx;
  162. unsigned char hash[SHA1_DIGEST_SIZE];
  163. struct key *key;
  164. char name[20];
  165. int err;
  166. if (siglen < sizeof(*sh) + 2)
  167. return -EINVAL;
  168. if (sh->algo != PUBKEY_ALGO_RSA)
  169. return -ENOTSUPP;
  170. sprintf(name, "%llX", __be64_to_cpup((uint64_t *)sh->keyid));
  171. if (keyring) {
  172. /* search in specific keyring */
  173. key_ref_t kref;
  174. kref = keyring_search(make_key_ref(keyring, 1UL),
  175. &key_type_user, name, true);
  176. if (IS_ERR(kref))
  177. key = ERR_CAST(kref);
  178. else
  179. key = key_ref_to_ptr(kref);
  180. } else {
  181. key = request_key(&key_type_user, name, NULL);
  182. }
  183. if (IS_ERR(key)) {
  184. pr_err("key not found, id: %s\n", name);
  185. return PTR_ERR(key);
  186. }
  187. sha1_init(&ctx);
  188. sha1_update(&ctx, data, datalen);
  189. sha1_update(&ctx, sig, sizeof(*sh));
  190. sha1_final(&ctx, hash);
  191. /* pass signature mpis address */
  192. err = digsig_verify_rsa(key, sig + sizeof(*sh), siglen - sizeof(*sh),
  193. hash, sizeof(hash));
  194. key_put(key);
  195. return err ? -EINVAL : 0;
  196. }
  197. EXPORT_SYMBOL_GPL(digsig_verify);
  198. MODULE_LICENSE("GPL");