Merge tag 'integrity-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar...
[linux-2.6-microblaze.git] / fs / verity / signature.c
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Verification of builtin signatures
4  *
5  * Copyright 2019 Google LLC
6  */
7
8 #include "fsverity_private.h"
9
10 #include <linux/cred.h>
11 #include <linux/key.h>
12 #include <linux/slab.h>
13 #include <linux/verification.h>
14
15 /*
16  * /proc/sys/fs/verity/require_signatures
17  * If 1, all verity files must have a valid builtin signature.
18  */
19 static int fsverity_require_signatures;
20
21 /*
22  * Keyring that contains the trusted X.509 certificates.
23  *
24  * Only root (kuid=0) can modify this.  Also, root may use
25  * keyctl_restrict_keyring() to prevent any more additions.
26  */
27 static struct key *fsverity_keyring;
28
29 /**
30  * fsverity_verify_signature() - check a verity file's signature
31  * @vi: the file's fsverity_info
32  * @desc: the file's fsverity_descriptor
33  * @desc_size: size of @desc
34  *
35  * If the file's fs-verity descriptor includes a signature of the file digest,
36  * verify it against the certificates in the fs-verity keyring.
37  *
38  * Return: 0 on success (signature valid or not required); -errno on failure
39  */
40 int fsverity_verify_signature(const struct fsverity_info *vi,
41                               const struct fsverity_descriptor *desc,
42                               size_t desc_size)
43 {
44         const struct inode *inode = vi->inode;
45         const struct fsverity_hash_alg *hash_alg = vi->tree_params.hash_alg;
46         const u32 sig_size = le32_to_cpu(desc->sig_size);
47         struct fsverity_formatted_digest *d;
48         int err;
49
50         if (sig_size == 0) {
51                 if (fsverity_require_signatures) {
52                         fsverity_err(inode,
53                                      "require_signatures=1, rejecting unsigned file!");
54                         return -EPERM;
55                 }
56                 return 0;
57         }
58
59         if (sig_size > desc_size - sizeof(*desc)) {
60                 fsverity_err(inode, "Signature overflows verity descriptor");
61                 return -EBADMSG;
62         }
63
64         d = kzalloc(sizeof(*d) + hash_alg->digest_size, GFP_KERNEL);
65         if (!d)
66                 return -ENOMEM;
67         memcpy(d->magic, "FSVerity", 8);
68         d->digest_algorithm = cpu_to_le16(hash_alg - fsverity_hash_algs);
69         d->digest_size = cpu_to_le16(hash_alg->digest_size);
70         memcpy(d->digest, vi->file_digest, hash_alg->digest_size);
71
72         err = verify_pkcs7_signature(d, sizeof(*d) + hash_alg->digest_size,
73                                      desc->signature, sig_size,
74                                      fsverity_keyring,
75                                      VERIFYING_UNSPECIFIED_SIGNATURE,
76                                      NULL, NULL);
77         kfree(d);
78
79         if (err) {
80                 if (err == -ENOKEY)
81                         fsverity_err(inode,
82                                      "File's signing cert isn't in the fs-verity keyring");
83                 else if (err == -EKEYREJECTED)
84                         fsverity_err(inode, "Incorrect file signature");
85                 else if (err == -EBADMSG)
86                         fsverity_err(inode, "Malformed file signature");
87                 else
88                         fsverity_err(inode, "Error %d verifying file signature",
89                                      err);
90                 return err;
91         }
92
93         pr_debug("Valid signature for file digest %s:%*phN\n",
94                  hash_alg->name, hash_alg->digest_size, vi->file_digest);
95         return 0;
96 }
97
98 #ifdef CONFIG_SYSCTL
99 static struct ctl_table_header *fsverity_sysctl_header;
100
101 static const struct ctl_path fsverity_sysctl_path[] = {
102         { .procname = "fs", },
103         { .procname = "verity", },
104         { }
105 };
106
107 static struct ctl_table fsverity_sysctl_table[] = {
108         {
109                 .procname       = "require_signatures",
110                 .data           = &fsverity_require_signatures,
111                 .maxlen         = sizeof(int),
112                 .mode           = 0644,
113                 .proc_handler   = proc_dointvec_minmax,
114                 .extra1         = SYSCTL_ZERO,
115                 .extra2         = SYSCTL_ONE,
116         },
117         { }
118 };
119
120 static int __init fsverity_sysctl_init(void)
121 {
122         fsverity_sysctl_header = register_sysctl_paths(fsverity_sysctl_path,
123                                                        fsverity_sysctl_table);
124         if (!fsverity_sysctl_header) {
125                 pr_err("sysctl registration failed!\n");
126                 return -ENOMEM;
127         }
128         return 0;
129 }
130 #else /* !CONFIG_SYSCTL */
131 static inline int __init fsverity_sysctl_init(void)
132 {
133         return 0;
134 }
135 #endif /* !CONFIG_SYSCTL */
136
137 int __init fsverity_init_signature(void)
138 {
139         struct key *ring;
140         int err;
141
142         ring = keyring_alloc(".fs-verity", KUIDT_INIT(0), KGIDT_INIT(0),
143                              current_cred(), KEY_POS_SEARCH |
144                                 KEY_USR_VIEW | KEY_USR_READ | KEY_USR_WRITE |
145                                 KEY_USR_SEARCH | KEY_USR_SETATTR,
146                              KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
147         if (IS_ERR(ring))
148                 return PTR_ERR(ring);
149
150         err = fsverity_sysctl_init();
151         if (err)
152                 goto err_put_ring;
153
154         fsverity_keyring = ring;
155         return 0;
156
157 err_put_ring:
158         key_put(ring);
159         return err;
160 }