Received: by 10.213.65.68 with SMTP id h4csp200545imn; Wed, 21 Mar 2018 16:19:08 -0700 (PDT) X-Google-Smtp-Source: AG47ELsjDnBBz9gNFoZ93IcIOZ+rzm4Ue2+O6tO6yAMqFO4HLev2HGvTr+qNSNaDnThEH6BkYQNg X-Received: by 10.99.108.202 with SMTP id h193mr16631773pgc.325.1521674347973; Wed, 21 Mar 2018 16:19:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521674347; cv=none; d=google.com; s=arc-20160816; b=UMa+KeMKHNjNFJBnL0yIBqr0CBua5QGgkXLnfZDF4gQ0olnXXsqp3g8cBNXkwPxefT gK5gvWgT47k/Bg85KSA3erHbgBOboJYylre7/qVyk4bNnHZz+fS6S547h8m3pOZYp6pi sCPxEXbDIAG1t2RON2EaCQH7Qe03Kjq/xRsBFu74/QGQudKf6K6EXULyTNHLMaLtyDpA 32qop/BIeEHmH2tE+MRxjoJO8/70/3SbMe6uk8ZHtFDyfefrdrBdOX351KXcsPdTMbo2 B7M6UVTFkkhfvqqpe5hLVDTJMXDH9BWNe2bLGHEsEXXe0P3U+hANQEojZ5zlYKwVUEo8 yq5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :mime-version:references:in-reply-to:date:cc:to:from:subject :arc-authentication-results; bh=pJwqypsoN3fhVMHVB0r9r5kVMyIX07l/my2+HpHymYk=; b=vFbcqGt2ZP2y2bwaSwzDBgIdjloshWTj53F9dzxUu6o/DKjTGiCbIqCUH2SbMLRRfG E9jRYOV8oc1x7QLsijAkCV4nkJ/BZ19IF/PPk+DI7xPfgXh9HWcUkHVXs7OHe87nusLB /I5hIq2Sf/miI1DiRPLLAT/qZoDnmYImZ7zCK91Bwpq6UIVjz0NFYBXDihcU84sYBBic PoOG0Qdz4GcGReXtyqtS/6P/tGmptvrlo5UW1y2vIcf1lCqG2nevZPkiQhCdXD91R6U3 1jQGWSVABE20itX4f9EW1jJVkLTuLN4uPaMsnlSqYsxDz7THM0lJO/yOWMJuQK+wQGdx frBA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a9si3469701pgf.172.2018.03.21.16.18.53; Wed, 21 Mar 2018 16:19:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754191AbeCUXSA (ORCPT + 99 others); Wed, 21 Mar 2018 19:18:00 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:37114 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754161AbeCUXR4 (ORCPT ); Wed, 21 Mar 2018 19:17:56 -0400 Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w2LNEiBj057114 for ; Wed, 21 Mar 2018 19:17:56 -0400 Received: from e06smtp11.uk.ibm.com (e06smtp11.uk.ibm.com [195.75.94.107]) by mx0b-001b2d01.pphosted.com with ESMTP id 2guw158yhy-1 (version=TLSv1.2 cipher=AES256-SHA256 bits=256 verify=NOT) for ; Wed, 21 Mar 2018 19:17:55 -0400 Received: from localhost by e06smtp11.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 21 Mar 2018 23:17:53 -0000 Received: from b06cxnps3074.portsmouth.uk.ibm.com (9.149.109.194) by e06smtp11.uk.ibm.com (192.168.101.141) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Wed, 21 Mar 2018 23:17:48 -0000 Received: from d06av24.portsmouth.uk.ibm.com (mk.ibm.com [9.149.105.60]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w2LNHmZ042336386; Wed, 21 Mar 2018 23:17:48 GMT Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DCB6342049; Wed, 21 Mar 2018 23:09:54 +0000 (GMT) Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id EBE1642042; Wed, 21 Mar 2018 23:09:52 +0000 (GMT) Received: from localhost.localdomain (unknown [9.80.103.4]) by d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 21 Mar 2018 23:09:52 +0000 (GMT) Subject: Re: [PATCH v6 06/12] integrity: Introduce asymmetric_sig_has_known_key() From: Mimi Zohar To: Thiago Jung Bauermann , linux-integrity@vger.kernel.org Cc: linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, Dmitry Kasatkin , James Morris , "Serge E. Hallyn" , David Howells , David Woodhouse , Jessica Yu , Herbert Xu , "David S. Miller" , "AKASHI, Takahiro" Date: Wed, 21 Mar 2018 19:17:45 -0400 In-Reply-To: <20180316203837.10174-7-bauerman@linux.vnet.ibm.com> References: <20180316203837.10174-1-bauerman@linux.vnet.ibm.com> <20180316203837.10174-7-bauerman@linux.vnet.ibm.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 x-cbid: 18032123-0040-0000-0000-00000443EF70 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18032123-0041-0000-0000-000020E71538 Message-Id: <1521674265.3848.220.camel@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2018-03-21_13:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1803210264 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 2018-03-16 at 17:38 -0300, Thiago Jung Bauermann wrote: > IMA will only look for a modsig if the xattr sig references a key which is > not in the expected kernel keyring. To that end, introduce > asymmetric_sig_has_known_key(). > > The logic of extracting the key used in the xattr sig is factored out from > asymmetric_verify() so that it can be used by the new function. > > Signed-off-by: Thiago Jung Bauermann Signed-off-by: Mimi Zohar > --- > security/integrity/digsig_asymmetric.c | 44 +++++++++++++++++++++++++--------- > security/integrity/integrity.h | 8 +++++++ > 2 files changed, 41 insertions(+), 11 deletions(-) > > diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c > index ab6a029062a1..241647970c19 100644 > --- a/security/integrity/digsig_asymmetric.c > +++ b/security/integrity/digsig_asymmetric.c > @@ -79,26 +79,48 @@ static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid) > return key; > } > > -int asymmetric_verify(struct key *keyring, const char *sig, > - int siglen, const char *data, int datalen) > +static struct key *asymmetric_key_from_sig(struct key *keyring, const char *sig, > + int siglen) > { > - struct public_key_signature pks; > - struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig; > - struct key *key; > - int ret = -ENOMEM; > + const struct signature_v2_hdr *hdr = (struct signature_v2_hdr *) sig; > > if (siglen <= sizeof(*hdr)) > - return -EBADMSG; > + return ERR_PTR(-EBADMSG); > > siglen -= sizeof(*hdr); > > if (siglen != be16_to_cpu(hdr->sig_size)) > - return -EBADMSG; > + return ERR_PTR(-EBADMSG); > > if (hdr->hash_algo >= HASH_ALGO__LAST) > - return -ENOPKG; > + return ERR_PTR(-ENOPKG); > + > + return request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid)); > +} > + > +bool asymmetric_sig_has_known_key(struct key *keyring, const char *sig, > + int siglen) > +{ > + struct key *key; > + > + key = asymmetric_key_from_sig(keyring, sig, siglen); > + if (IS_ERR_OR_NULL(key)) > + return false; > + > + key_put(key); > + > + return true; > +} > + > +int asymmetric_verify(struct key *keyring, const char *sig, > + int siglen, const char *data, int datalen) > +{ > + struct public_key_signature pks; > + struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig; > + struct key *key; > + int ret = -ENOMEM; > > - key = request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid)); > + key = asymmetric_key_from_sig(keyring, sig, siglen); > if (IS_ERR(key)) > return PTR_ERR(key); > > @@ -109,7 +131,7 @@ int asymmetric_verify(struct key *keyring, const char *sig, > pks.digest = (u8 *)data; > pks.digest_size = datalen; > pks.s = hdr->sig; > - pks.s_size = siglen; > + pks.s_size = siglen - sizeof(*hdr); > ret = verify_signature(key, &pks); > key_put(key); > pr_debug("%s() = %d\n", __func__, ret); > diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h > index 2d245f44ca26..4c381b992e11 100644 > --- a/security/integrity/integrity.h > +++ b/security/integrity/integrity.h > @@ -179,12 +179,20 @@ static inline int integrity_init_keyring(const unsigned int id) > #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS > int asymmetric_verify(struct key *keyring, const char *sig, > int siglen, const char *data, int datalen); > +bool asymmetric_sig_has_known_key(struct key *keyring, const char *sig, > + int siglen); > #else > static inline int asymmetric_verify(struct key *keyring, const char *sig, > int siglen, const char *data, int datalen) > { > return -EOPNOTSUPP; > } > + > +static inline bool asymmetric_sig_has_known_key(struct key *keyring, > + const char *sig, int siglen) > +{ > + return false; > +} > #endif > > #ifdef CONFIG_IMA_LOAD_X509 >