From f0f4ff23f140d044d079b021da98d819b910f0f9 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Tue, 25 Sep 2012 12:02:24 -0400 Subject: Switch to using modsign-post-KS upstream with x509 certs --- genkey | 10 - kernel.spec | 76 +- mod-extra-sign.sh | 28 + modsign-20120816.patch | 10434 ------------------------------------------- modsign-post-KS-jwb.patch | 9153 +++++++++++++++++++++++++++++++++++++ secure-boot-20120809.patch | 734 --- secure-boot-20120924.patch | 726 +++ x509.genkey | 16 + 8 files changed, 9985 insertions(+), 11192 deletions(-) delete mode 100644 genkey create mode 100755 mod-extra-sign.sh delete mode 100644 modsign-20120816.patch create mode 100644 modsign-post-KS-jwb.patch delete mode 100644 secure-boot-20120809.patch create mode 100644 secure-boot-20120924.patch create mode 100644 x509.genkey diff --git a/genkey b/genkey deleted file mode 100644 index fdb7d1f6..00000000 --- a/genkey +++ /dev/null @@ -1,10 +0,0 @@ -%pubring modsign.pub -%secring modsign.sec -%no-protection: yes -%transient-key: yes -Key-Type: RSA -Key-Length: 2048 -Name-Real: Fedora Project -Name-Comment: Kernel Module GPG key -%commit - diff --git a/kernel.spec b/kernel.spec index 8212eaaf..10fb41cb 100644 --- a/kernel.spec +++ b/kernel.spec @@ -62,7 +62,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 3 +%global baserelease 4 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -551,19 +551,20 @@ BuildRequires: rpm-build >= 4.9.0-1, elfutils >= elfutils-0.153-1 %endif %if %{signmodules} -BuildRequires: gnupg +BuildRequires: openssl BuildRequires: pesign >= 0.10-4 %endif Source0: ftp://ftp.kernel.org/pub/linux/kernel/v3.0/linux-%{kversion}.tar.xz %if %{signmodules} -Source11: genkey +Source11: x509.genkey %endif Source15: merge.pl Source16: mod-extra.list Source17: mod-extra.sh +Source18: mod-extra-sign.sh Source19: Makefile.release Source20: Makefile.config @@ -680,10 +681,10 @@ Patch700: linux-2.6-e1000-ich9-montevina.patch Patch800: linux-2.6-crash-driver.patch # crypto/ -Patch900: modsign-20120816.patch +Patch900: modsign-post-KS-jwb.patch # secure boot -Patch1000: secure-boot-20120809.patch +Patch1000: secure-boot-20120924.patch # Improve PCI support on UEFI Patch1100: handle-efi-roms.patch @@ -1393,10 +1394,10 @@ ApplyPatch linux-2.6-crash-driver.patch ApplyPatch linux-2.6-e1000-ich9-montevina.patch # crypto/ -ApplyPatch modsign-20120816.patch +ApplyPatch modsign-post-KS-jwb.patch # secure boot -ApplyPatch secure-boot-20120809.patch +ApplyPatch secure-boot-20120924.patch # Improved PCI support for UEFI ApplyPatch handle-efi-roms.patch @@ -1623,13 +1624,6 @@ BuildKernel() { # we'll get it from the linux-firmware package and we don't want conflicts make -s ARCH=$Arch INSTALL_MOD_PATH=$RPM_BUILD_ROOT modules_install KERNELRELEASE=$KernelVer mod-fw= -%if %{signmodules} - if [ -z "$(readelf -n $(find fs/ -name \*.ko | head -n 1) | grep module.sig)" ]; then - echo "ERROR: modules are NOT signed" >&2; - exit 1; - fi -%endif - %ifarch %{vdso_arches} make -s ARCH=$Arch INSTALL_MOD_PATH=$RPM_BUILD_ROOT vdso_install KERNELRELEASE=$KernelVer if [ ! -s ldconfig-kernel.conf ]; then @@ -1753,6 +1747,12 @@ BuildKernel() { # Call the modules-extra script to move things around %{SOURCE17} $RPM_BUILD_ROOT/lib/modules/$KernelVer %{SOURCE16} +%if %{signmodules} + # Save off the .tmp_versions/ directory. We'll use it in the + # __debug_install_post macro below to sign the right things + cp -r .tmp_versions .tmp_versions.sign${Flavour:+.${Flavour}} +%endif + # remove files that will be auto generated by depmod at rpm -i time for i in alias alias.bin builtin.bin ccwmap dep dep.bin ieee1394map inputmap isapnpmap ofmap pcimap seriomap symbols symbols.bin usbmap devname softdep do @@ -1875,9 +1875,56 @@ find Documentation -type d | xargs chmod u+w # This macro is used by %%install, so we must redefine it before that. %define debug_package %{nil} +# In the modsign case, we do 3 things. 1) We check the "flavour" and hard +# code the value in the following invocations. This is somewhat sub-optimal +# but we're doing this inside of an RPM macro and it isn't as easy as it +# could be because of that. 2) We restore the .tmp_versions/ directory from +# the one we saved off in BuildKernel above. This is to make sure we're +# signing the modules we actually built/installed in that flavour. 3) We +# grab the arch and invoke 'make modules_sign' and the mod-extra-sign.sh +# commands to actually sign the modules. +# +# We have to do all of those things _after_ find-debuginfo runs, otherwise +# that will strip the signature off of the modules. + %if %{with_debuginfo} %define __debug_install_post \ /usr/lib/rpm/find-debuginfo.sh %{debuginfo_args} %{_builddir}/%{?buildsubdir}\ + if [ "%{signmodules}" == "1" ]; \ + then \ + if [ "%{with_pae}" != "0" ]; \ + then \ + Arch=`head -1 configs/kernel-%{version}-%{_target_cpu}-PAE.config | cut -b 3-` \ + rm -rf .tmp_versions \ + mv .tmp_versions.sign.PAE .tmp_versions \ + make -s ARCH=$Arch V=1 INSTALL_MOD_PATH=$RPM_BUILD_ROOT modules_sign KERNELRELEASE=%{KVERREL}.PAE \ + %{SOURCE18} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.PAE/extra/ \ + fi \ + if [ "%{with_debug}" != "0" ]; \ + then \ + Arch=`head -1 configs/kernel-%{version}-%{_target_cpu}-debug.config | cut -b 3-` \ + rm -rf .tmp_versions \ + mv .tmp_versions.sign.debug .tmp_versions \ + make -s ARCH=$Arch V=1 INSTALL_MOD_PATH=$RPM_BUILD_ROOT modules_sign KERNELRELEASE=%{KVERREL}.debug \ + %{SOURCE18} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.debug/extra/ \ + fi \ + if [ "%{with_pae_debug}" != "0" ]; \ + then \ + Arch=`head -1 configs/kernel-%{version}-%{_target_cpu}-PAEdebug.config | cut -b 3-` \ + rm -rf .tmp_versions \ + mv .tmp_versions.sign.PAEdebug .tmp_versions \ + make -s ARCH=$Arch V=1 INSTALL_MOD_PATH=$RPM_BUILD_ROOT modules_sign KERNELRELEASE=%{KVERREL}.PAEdebug \ + %{SOURCE18} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.PAEdebug/extra/ \ + fi \ + if [ "%{with_up}" != "0" ]; \ + then \ + Arch=`head -1 configs/kernel-%{version}-%{_target_cpu}.config | cut -b 3-` \ + rm -rf .tmp_versions \ + mv .tmp_versions.sign .tmp_versions \ + make -s ARCH=$Arch V=1 INSTALL_MOD_PATH=$RPM_BUILD_ROOT modules_sign KERNELRELEASE=%{KVERREL} \ + %{SOURCE18} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/extra/ \ + fi \ + fi \ %{nil} %ifnarch noarch @@ -2263,6 +2310,7 @@ fi * Tue Sep 25 2012 Josh Boyer - Move the modules-extra processing to a script - Prep mod-extra.sh for signed modules +- Switch to using modsign-post-KS upstream with x509 certs * Tue Sep 25 2012 Josh Boyer - 3.6.0-0.rc7.git1.2 - Update team driver from net-next from Jiri Pirko diff --git a/mod-extra-sign.sh b/mod-extra-sign.sh new file mode 100755 index 00000000..a4b2c8cf --- /dev/null +++ b/mod-extra-sign.sh @@ -0,0 +1,28 @@ +#! /bin/bash + +# We need to sign modules we've moved from /kernel/ to /extra/ +# during mod-extra processing by hand. The 'modules_sign' Kbuild target can +# "handle" out-of-tree modules, but it does that by not signing them. Plus, +# the modules we've moved aren't actually out-of-tree. We've just shifted +# them to a different location behind Kbuild's back because we are mean. + +# This essentially duplicates the 'modules_sign' Kbuild target and runs the +# same commands for those modules. + +moddir=$1 + +modules=`find $moddir -name *.ko` + +MODSECKEY="./signing_key.priv" +MODPUBKEY="./signing_key.x509" + +for mod in $modules +do + dir=`dirname $mod` + file=`basename $mod` + + sh ./scripts/sign-file ${MODSECKEY} ${MODPUBKEY} ${dir}/${file} \ + ${dir}/${file}.signed + mv ${dir}/${file}.signed ${dir}/${file} + rm -f ${dir}/${file}.{sig,dig} +done diff --git a/modsign-20120816.patch b/modsign-20120816.patch deleted file mode 100644 index 3c679558..00000000 --- a/modsign-20120816.patch +++ /dev/null @@ -1,10434 +0,0 @@ -From bcb9a5e7e8108872ec9fd7083209cbf3a47ef952 Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 00:14:14 +0100 -Subject: [PATCH 01/32] KEYS: Add payload preparsing opportunity prior to key - instantiate or update - -Give the key type the opportunity to preparse the payload prior to the -instantiation and update routines being called. This is done with the -provision of two new key type operations: - - int (*preparse)(struct key_preparsed_payload *prep); - void (*free_preparse)(struct key_preparsed_payload *prep); - -If the first operation is present, then it is called before key creation (in -the add/update case) or before the key semaphore is taken (in the update and -instantiate cases). The second operation is called to clean up if the first -was called. - -preparse() is given the opportunity to fill in the following structure: - - struct key_preparsed_payload { - char *description; - void *type_data[2]; - void *payload; - const void *data; - size_t datalen; - size_t quotalen; - }; - -Before the preparser is called, the first three fields will have been cleared, -the payload pointer and size will be stored in data and datalen and the default -quota size from the key_type struct will be stored into quotalen. - -The preparser may parse the payload in any way it likes and may store data in -the type_data[] and payload fields for use by the instantiate() and update() -ops. - -The preparser may also propose a description for the key by attaching it as a -string to the description field. This can be used by passing a NULL or "" -description to the add_key() system call or the key_create_or_update() -function. This cannot work with request_key() as that required the description -to tell the upcall about the key to be created. - -This, for example permits keys that store PGP public keys to generate their own -name from the user ID and public key fingerprint in the key. - -The instantiate() and update() operations are then modified to look like this: - - int (*instantiate)(struct key *key, struct key_preparsed_payload *prep); - int (*update)(struct key *key, struct key_preparsed_payload *prep); - -and the new payload data is passed in *prep, whether or not it was preparsed. - -Signed-off-by: David Howells ---- - Documentation/security/keys.txt | 50 +++++++++++++- - fs/cifs/cifs_spnego.c | 6 +- - fs/cifs/cifsacl.c | 8 +-- - include/keys/user-type.h | 6 +- - include/linux/key-type.h | 35 +++++++++- - net/ceph/crypto.c | 9 +-- - net/dns_resolver/dns_key.c | 6 +- - net/rxrpc/ar-key.c | 40 ++++++------ - security/keys/encrypted-keys/encrypted.c | 16 +++-- - security/keys/key.c | 108 ++++++++++++++++++++++--------- - security/keys/keyctl.c | 18 ++++-- - security/keys/keyring.c | 6 +- - security/keys/request_key_auth.c | 8 +-- - security/keys/trusted.c | 16 +++-- - security/keys/user_defined.c | 14 ++-- - 15 files changed, 245 insertions(+), 101 deletions(-) - -diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt -index aa0dbd7..7d9ca92 100644 ---- a/Documentation/security/keys.txt -+++ b/Documentation/security/keys.txt -@@ -412,6 +412,10 @@ The main syscalls are: - to the keyring. In this case, an error will be generated if the process - does not have permission to write to the keyring. - -+ If the key type supports it, if the description is NULL or an empty -+ string, the key type will try and generate a description from the content -+ of the payload. -+ - The payload is optional, and the pointer can be NULL if not required by - the type. The payload is plen in size, and plen can be zero for an empty - payload. -@@ -1114,12 +1118,53 @@ The structure has a number of fields, some of which are mandatory: - it should return 0. - - -- (*) int (*instantiate)(struct key *key, const void *data, size_t datalen); -+ (*) int (*preparse)(struct key_preparsed_payload *prep); -+ -+ This optional method permits the key type to attempt to parse payload -+ before a key is created (add key) or the key semaphore is taken (update or -+ instantiate key). The structure pointed to by prep looks like: -+ -+ struct key_preparsed_payload { -+ char *description; -+ void *type_data[2]; -+ void *payload; -+ const void *data; -+ size_t datalen; -+ size_t quotalen; -+ }; -+ -+ Before calling the method, the caller will fill in data and datalen with -+ the payload blob parameters; quotalen will be filled in with the default -+ quota size from the key type and the rest will be cleared. -+ -+ If a description can be proposed from the payload contents, that should be -+ attached as a string to the description field. This will be used for the -+ key description if the caller of add_key() passes NULL or "". -+ -+ The method can attach anything it likes to type_data[] and payload. These -+ are merely passed along to the instantiate() or update() operations. -+ -+ The method should return 0 if success ful or a negative error code -+ otherwise. -+ -+ -+ (*) void (*free_preparse)(struct key_preparsed_payload *prep); -+ -+ This method is only required if the preparse() method is provided, -+ otherwise it is unused. It cleans up anything attached to the -+ description, type_data and payload fields of the key_preparsed_payload -+ struct as filled in by the preparse() method. -+ -+ -+ (*) int (*instantiate)(struct key *key, struct key_preparsed_payload *prep); - - This method is called to attach a payload to a key during construction. - The payload attached need not bear any relation to the data passed to this - function. - -+ The prep->data and prep->datalen fields will define the original payload -+ blob. If preparse() was supplied then other fields may be filled in also. -+ - If the amount of data attached to the key differs from the size in - keytype->def_datalen, then key_payload_reserve() should be called. - -@@ -1135,6 +1180,9 @@ The structure has a number of fields, some of which are mandatory: - If this type of key can be updated, then this method should be provided. - It is called to update a key's payload from the blob of data provided. - -+ The prep->data and prep->datalen fields will define the original payload -+ blob. If preparse() was supplied then other fields may be filled in also. -+ - key_payload_reserve() should be called if the data length might change - before any changes are actually made. Note that if this succeeds, the type - is committed to changing the key because it's already been altered, so all -diff --git a/fs/cifs/cifs_spnego.c b/fs/cifs/cifs_spnego.c -index e622863..086f381 100644 ---- a/fs/cifs/cifs_spnego.c -+++ b/fs/cifs/cifs_spnego.c -@@ -31,18 +31,18 @@ - - /* create a new cifs key */ - static int --cifs_spnego_key_instantiate(struct key *key, const void *data, size_t datalen) -+cifs_spnego_key_instantiate(struct key *key, struct key_preparsed_payload *prep) - { - char *payload; - int ret; - - ret = -ENOMEM; -- payload = kmalloc(datalen, GFP_KERNEL); -+ payload = kmalloc(prep->datalen, GFP_KERNEL); - if (!payload) - goto error; - - /* attach the data */ -- memcpy(payload, data, datalen); -+ memcpy(payload, prep->data, prep->datalen); - key->payload.data = payload; - ret = 0; - -diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c -index 05f4dc2..f3c60e2 100644 ---- a/fs/cifs/cifsacl.c -+++ b/fs/cifs/cifsacl.c -@@ -167,17 +167,17 @@ static struct shrinker cifs_shrinker = { - }; - - static int --cifs_idmap_key_instantiate(struct key *key, const void *data, size_t datalen) -+cifs_idmap_key_instantiate(struct key *key, struct key_preparsed_payload *prep) - { - char *payload; - -- payload = kmalloc(datalen, GFP_KERNEL); -+ payload = kmalloc(prep->datalen, GFP_KERNEL); - if (!payload) - return -ENOMEM; - -- memcpy(payload, data, datalen); -+ memcpy(payload, prep->data, prep->datalen); - key->payload.data = payload; -- key->datalen = datalen; -+ key->datalen = prep->datalen; - return 0; - } - -diff --git a/include/keys/user-type.h b/include/keys/user-type.h -index bc9ec1d..5e452c8 100644 ---- a/include/keys/user-type.h -+++ b/include/keys/user-type.h -@@ -35,8 +35,10 @@ struct user_key_payload { - extern struct key_type key_type_user; - extern struct key_type key_type_logon; - --extern int user_instantiate(struct key *key, const void *data, size_t datalen); --extern int user_update(struct key *key, const void *data, size_t datalen); -+struct key_preparsed_payload; -+ -+extern int user_instantiate(struct key *key, struct key_preparsed_payload *prep); -+extern int user_update(struct key *key, struct key_preparsed_payload *prep); - extern int user_match(const struct key *key, const void *criterion); - extern void user_revoke(struct key *key); - extern void user_destroy(struct key *key); -diff --git a/include/linux/key-type.h b/include/linux/key-type.h -index f0c651c..518a53a 100644 ---- a/include/linux/key-type.h -+++ b/include/linux/key-type.h -@@ -26,6 +26,27 @@ struct key_construction { - struct key *authkey;/* authorisation for key being constructed */ - }; - -+/* -+ * Pre-parsed payload, used by key add, update and instantiate. -+ * -+ * This struct will be cleared and data and datalen will be set with the data -+ * and length parameters from the caller and quotalen will be set from -+ * def_datalen from the key type. Then if the preparse() op is provided by the -+ * key type, that will be called. Then the struct will be passed to the -+ * instantiate() or the update() op. -+ * -+ * If the preparse() op is given, the free_preparse() op will be called to -+ * clear the contents. -+ */ -+struct key_preparsed_payload { -+ char *description; /* Proposed key description (or NULL) */ -+ void *type_data[2]; /* Private key-type data */ -+ void *payload; /* Proposed payload */ -+ const void *data; /* Raw data */ -+ size_t datalen; /* Raw datalen */ -+ size_t quotalen; /* Quota length for proposed payload */ -+}; -+ - typedef int (*request_key_actor_t)(struct key_construction *key, - const char *op, void *aux); - -@@ -45,18 +66,28 @@ struct key_type { - /* vet a description */ - int (*vet_description)(const char *description); - -+ /* Preparse the data blob from userspace that is to be the payload, -+ * generating a proposed description and payload that will be handed to -+ * the instantiate() and update() ops. -+ */ -+ int (*preparse)(struct key_preparsed_payload *prep); -+ -+ /* Free a preparse data structure. -+ */ -+ void (*free_preparse)(struct key_preparsed_payload *prep); -+ - /* instantiate a key of this type - * - this method should call key_payload_reserve() to determine if the - * user's quota will hold the payload - */ -- int (*instantiate)(struct key *key, const void *data, size_t datalen); -+ int (*instantiate)(struct key *key, struct key_preparsed_payload *prep); - - /* update a key of this type (optional) - * - this method should call key_payload_reserve() to recalculate the - * quota consumption - * - the key must be locked against read when modifying - */ -- int (*update)(struct key *key, const void *data, size_t datalen); -+ int (*update)(struct key *key, struct key_preparsed_payload *prep); - - /* match a key against a description */ - int (*match)(const struct key *key, const void *desc); -diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c -index 9da7fdd..af14cb4 100644 ---- a/net/ceph/crypto.c -+++ b/net/ceph/crypto.c -@@ -423,14 +423,15 @@ int ceph_encrypt2(struct ceph_crypto_key *secret, void *dst, size_t *dst_len, - } - } - --int ceph_key_instantiate(struct key *key, const void *data, size_t datalen) -+int ceph_key_instantiate(struct key *key, struct key_preparsed_payload *prep) - { - struct ceph_crypto_key *ckey; -+ size_t datalen = prep->datalen; - int ret; - void *p; - - ret = -EINVAL; -- if (datalen <= 0 || datalen > 32767 || !data) -+ if (datalen <= 0 || datalen > 32767 || !prep->data) - goto err; - - ret = key_payload_reserve(key, datalen); -@@ -443,8 +444,8 @@ int ceph_key_instantiate(struct key *key, const void *data, size_t datalen) - goto err; - - /* TODO ceph_crypto_key_decode should really take const input */ -- p = (void *)data; -- ret = ceph_crypto_key_decode(ckey, &p, (char*)data+datalen); -+ p = (void *)prep->data; -+ ret = ceph_crypto_key_decode(ckey, &p, (char*)prep->data+datalen); - if (ret < 0) - goto err_ckey; - -diff --git a/net/dns_resolver/dns_key.c b/net/dns_resolver/dns_key.c -index d9507dd..859ab8b 100644 ---- a/net/dns_resolver/dns_key.c -+++ b/net/dns_resolver/dns_key.c -@@ -59,13 +59,13 @@ const struct cred *dns_resolver_cache; - * "ip1,ip2,...#foo=bar" - */ - static int --dns_resolver_instantiate(struct key *key, const void *_data, size_t datalen) -+dns_resolver_instantiate(struct key *key, struct key_preparsed_payload *prep) - { - struct user_key_payload *upayload; - unsigned long derrno; - int ret; -- size_t result_len = 0; -- const char *data = _data, *end, *opt; -+ size_t datalen = prep->datalen, result_len = 0; -+ const char *data = prep->data, *end, *opt; - - kenter("%%%d,%s,'%*.*s',%zu", - key->serial, key->description, -diff --git a/net/rxrpc/ar-key.c b/net/rxrpc/ar-key.c -index 8b1f9f4..106c5a6 100644 ---- a/net/rxrpc/ar-key.c -+++ b/net/rxrpc/ar-key.c -@@ -26,8 +26,8 @@ - #include "ar-internal.h" - - static int rxrpc_vet_description_s(const char *); --static int rxrpc_instantiate(struct key *, const void *, size_t); --static int rxrpc_instantiate_s(struct key *, const void *, size_t); -+static int rxrpc_instantiate(struct key *, struct key_preparsed_payload *); -+static int rxrpc_instantiate_s(struct key *, struct key_preparsed_payload *); - static void rxrpc_destroy(struct key *); - static void rxrpc_destroy_s(struct key *); - static void rxrpc_describe(const struct key *, struct seq_file *); -@@ -678,7 +678,7 @@ error: - * - * if no data is provided, then a no-security key is made - */ --static int rxrpc_instantiate(struct key *key, const void *data, size_t datalen) -+static int rxrpc_instantiate(struct key *key, struct key_preparsed_payload *prep) - { - const struct rxrpc_key_data_v1 *v1; - struct rxrpc_key_token *token, **pp; -@@ -686,26 +686,26 @@ static int rxrpc_instantiate(struct key *key, const void *data, size_t datalen) - u32 kver; - int ret; - -- _enter("{%x},,%zu", key_serial(key), datalen); -+ _enter("{%x},,%zu", key_serial(key), prep->datalen); - - /* handle a no-security key */ -- if (!data && datalen == 0) -+ if (!prep->data && prep->datalen == 0) - return 0; - - /* determine if the XDR payload format is being used */ -- if (datalen > 7 * 4) { -- ret = rxrpc_instantiate_xdr(key, data, datalen); -+ if (prep->datalen > 7 * 4) { -+ ret = rxrpc_instantiate_xdr(key, prep->data, prep->datalen); - if (ret != -EPROTO) - return ret; - } - - /* get the key interface version number */ - ret = -EINVAL; -- if (datalen <= 4 || !data) -+ if (prep->datalen <= 4 || !prep->data) - goto error; -- memcpy(&kver, data, sizeof(kver)); -- data += sizeof(kver); -- datalen -= sizeof(kver); -+ memcpy(&kver, prep->data, sizeof(kver)); -+ prep->data += sizeof(kver); -+ prep->datalen -= sizeof(kver); - - _debug("KEY I/F VERSION: %u", kver); - -@@ -715,11 +715,11 @@ static int rxrpc_instantiate(struct key *key, const void *data, size_t datalen) - - /* deal with a version 1 key */ - ret = -EINVAL; -- if (datalen < sizeof(*v1)) -+ if (prep->datalen < sizeof(*v1)) - goto error; - -- v1 = data; -- if (datalen != sizeof(*v1) + v1->ticket_length) -+ v1 = prep->data; -+ if (prep->datalen != sizeof(*v1) + v1->ticket_length) - goto error; - - _debug("SCIX: %u", v1->security_index); -@@ -784,17 +784,17 @@ error: - * instantiate a server secret key - * data should be a pointer to the 8-byte secret key - */ --static int rxrpc_instantiate_s(struct key *key, const void *data, -- size_t datalen) -+static int rxrpc_instantiate_s(struct key *key, -+ struct key_preparsed_payload *prep) - { - struct crypto_blkcipher *ci; - -- _enter("{%x},,%zu", key_serial(key), datalen); -+ _enter("{%x},,%zu", key_serial(key), prep->datalen); - -- if (datalen != 8) -+ if (prep->datalen != 8) - return -EINVAL; - -- memcpy(&key->type_data, data, 8); -+ memcpy(&key->type_data, prep->data, 8); - - ci = crypto_alloc_blkcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC); - if (IS_ERR(ci)) { -@@ -802,7 +802,7 @@ static int rxrpc_instantiate_s(struct key *key, const void *data, - return PTR_ERR(ci); - } - -- if (crypto_blkcipher_setkey(ci, data, 8) < 0) -+ if (crypto_blkcipher_setkey(ci, prep->data, 8) < 0) - BUG(); - - key->payload.data = ci; -diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c -index 2d1bb8a..9e1e005 100644 ---- a/security/keys/encrypted-keys/encrypted.c -+++ b/security/keys/encrypted-keys/encrypted.c -@@ -773,8 +773,8 @@ static int encrypted_init(struct encrypted_key_payload *epayload, - * - * On success, return 0. Otherwise return errno. - */ --static int encrypted_instantiate(struct key *key, const void *data, -- size_t datalen) -+static int encrypted_instantiate(struct key *key, -+ struct key_preparsed_payload *prep) - { - struct encrypted_key_payload *epayload = NULL; - char *datablob = NULL; -@@ -782,16 +782,17 @@ static int encrypted_instantiate(struct key *key, const void *data, - char *master_desc = NULL; - char *decrypted_datalen = NULL; - char *hex_encoded_iv = NULL; -+ size_t datalen = prep->datalen; - int ret; - -- if (datalen <= 0 || datalen > 32767 || !data) -+ if (datalen <= 0 || datalen > 32767 || !prep->data) - return -EINVAL; - - datablob = kmalloc(datalen + 1, GFP_KERNEL); - if (!datablob) - return -ENOMEM; - datablob[datalen] = 0; -- memcpy(datablob, data, datalen); -+ memcpy(datablob, prep->data, datalen); - ret = datablob_parse(datablob, &format, &master_desc, - &decrypted_datalen, &hex_encoded_iv); - if (ret < 0) -@@ -834,16 +835,17 @@ static void encrypted_rcu_free(struct rcu_head *rcu) - * - * On success, return 0. Otherwise return errno. - */ --static int encrypted_update(struct key *key, const void *data, size_t datalen) -+static int encrypted_update(struct key *key, struct key_preparsed_payload *prep) - { - struct encrypted_key_payload *epayload = key->payload.data; - struct encrypted_key_payload *new_epayload; - char *buf; - char *new_master_desc = NULL; - const char *format = NULL; -+ size_t datalen = prep->datalen; - int ret = 0; - -- if (datalen <= 0 || datalen > 32767 || !data) -+ if (datalen <= 0 || datalen > 32767 || !prep->data) - return -EINVAL; - - buf = kmalloc(datalen + 1, GFP_KERNEL); -@@ -851,7 +853,7 @@ static int encrypted_update(struct key *key, const void *data, size_t datalen) - return -ENOMEM; - - buf[datalen] = 0; -- memcpy(buf, data, datalen); -+ memcpy(buf, prep->data, datalen); - ret = datablob_parse(buf, &format, &new_master_desc, NULL, NULL); - if (ret < 0) - goto out; -diff --git a/security/keys/key.c b/security/keys/key.c -index 50d96d4..732a53e 100644 ---- a/security/keys/key.c -+++ b/security/keys/key.c -@@ -412,8 +412,7 @@ EXPORT_SYMBOL(key_payload_reserve); - * key_construction_mutex. - */ - static int __key_instantiate_and_link(struct key *key, -- const void *data, -- size_t datalen, -+ struct key_preparsed_payload *prep, - struct key *keyring, - struct key *authkey, - unsigned long *_prealloc) -@@ -431,7 +430,7 @@ static int __key_instantiate_and_link(struct key *key, - /* can't instantiate twice */ - if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { - /* instantiate the key */ -- ret = key->type->instantiate(key, data, datalen); -+ ret = key->type->instantiate(key, prep); - - if (ret == 0) { - /* mark the key as being instantiated */ -@@ -482,22 +481,37 @@ int key_instantiate_and_link(struct key *key, - struct key *keyring, - struct key *authkey) - { -+ struct key_preparsed_payload prep; - unsigned long prealloc; - int ret; - -+ memset(&prep, 0, sizeof(prep)); -+ prep.data = data; -+ prep.datalen = datalen; -+ prep.quotalen = key->type->def_datalen; -+ if (key->type->preparse) { -+ ret = key->type->preparse(&prep); -+ if (ret < 0) -+ goto error; -+ } -+ - if (keyring) { - ret = __key_link_begin(keyring, key->type, key->description, - &prealloc); - if (ret < 0) -- return ret; -+ goto error_free_preparse; - } - -- ret = __key_instantiate_and_link(key, data, datalen, keyring, authkey, -+ ret = __key_instantiate_and_link(key, &prep, keyring, authkey, - &prealloc); - - if (keyring) - __key_link_end(keyring, key->type, prealloc); - -+error_free_preparse: -+ if (key->type->preparse) -+ key->type->free_preparse(&prep); -+error: - return ret; - } - -@@ -706,7 +720,7 @@ void key_type_put(struct key_type *ktype) - * if we get an error. - */ - static inline key_ref_t __key_update(key_ref_t key_ref, -- const void *payload, size_t plen) -+ struct key_preparsed_payload *prep) - { - struct key *key = key_ref_to_ptr(key_ref); - int ret; -@@ -722,7 +736,7 @@ static inline key_ref_t __key_update(key_ref_t key_ref, - - down_write(&key->sem); - -- ret = key->type->update(key, payload, plen); -+ ret = key->type->update(key, prep); - if (ret == 0) - /* updating a negative key instantiates it */ - clear_bit(KEY_FLAG_NEGATIVE, &key->flags); -@@ -774,6 +788,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, - unsigned long flags) - { - unsigned long prealloc; -+ struct key_preparsed_payload prep; - const struct cred *cred = current_cred(); - struct key_type *ktype; - struct key *keyring, *key = NULL; -@@ -789,8 +804,9 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, - } - - key_ref = ERR_PTR(-EINVAL); -- if (!ktype->match || !ktype->instantiate) -- goto error_2; -+ if (!ktype->match || !ktype->instantiate || -+ (!description && !ktype->preparse)) -+ goto error_put_type; - - keyring = key_ref_to_ptr(keyring_ref); - -@@ -798,18 +814,33 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, - - key_ref = ERR_PTR(-ENOTDIR); - if (keyring->type != &key_type_keyring) -- goto error_2; -+ goto error_put_type; -+ -+ memset(&prep, 0, sizeof(prep)); -+ prep.data = payload; -+ prep.datalen = plen; -+ prep.quotalen = ktype->def_datalen; -+ if (ktype->preparse) { -+ ret = ktype->preparse(&prep); -+ if (ret < 0) -+ goto error_put_type; -+ if (!description) -+ description = prep.description; -+ ret = -EINVAL; -+ if (!description) -+ goto error_free_prep; -+ } - - ret = __key_link_begin(keyring, ktype, description, &prealloc); - if (ret < 0) -- goto error_2; -+ goto error_free_prep; - - /* if we're going to allocate a new key, we're going to have - * to modify the keyring */ - ret = key_permission(keyring_ref, KEY_WRITE); - if (ret < 0) { - key_ref = ERR_PTR(ret); -- goto error_3; -+ goto error_link_end; - } - - /* if it's possible to update this type of key, search for an existing -@@ -840,25 +871,27 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, - perm, flags); - if (IS_ERR(key)) { - key_ref = ERR_CAST(key); -- goto error_3; -+ goto error_link_end; - } - - /* instantiate it and link it into the target keyring */ -- ret = __key_instantiate_and_link(key, payload, plen, keyring, NULL, -- &prealloc); -+ ret = __key_instantiate_and_link(key, &prep, keyring, NULL, &prealloc); - if (ret < 0) { - key_put(key); - key_ref = ERR_PTR(ret); -- goto error_3; -+ goto error_link_end; - } - - key_ref = make_key_ref(key, is_key_possessed(keyring_ref)); - -- error_3: -+error_link_end: - __key_link_end(keyring, ktype, prealloc); -- error_2: -+error_free_prep: -+ if (ktype->preparse) -+ ktype->free_preparse(&prep); -+error_put_type: - key_type_put(ktype); -- error: -+error: - return key_ref; - - found_matching_key: -@@ -866,10 +899,9 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, - * - we can drop the locks first as we have the key pinned - */ - __key_link_end(keyring, ktype, prealloc); -- key_type_put(ktype); - -- key_ref = __key_update(key_ref, payload, plen); -- goto error; -+ key_ref = __key_update(key_ref, &prep); -+ goto error_free_prep; - } - EXPORT_SYMBOL(key_create_or_update); - -@@ -888,6 +920,7 @@ EXPORT_SYMBOL(key_create_or_update); - */ - int key_update(key_ref_t key_ref, const void *payload, size_t plen) - { -+ struct key_preparsed_payload prep; - struct key *key = key_ref_to_ptr(key_ref); - int ret; - -@@ -900,18 +933,31 @@ int key_update(key_ref_t key_ref, const void *payload, size_t plen) - - /* attempt to update it if supported */ - ret = -EOPNOTSUPP; -- if (key->type->update) { -- down_write(&key->sem); -- -- ret = key->type->update(key, payload, plen); -- if (ret == 0) -- /* updating a negative key instantiates it */ -- clear_bit(KEY_FLAG_NEGATIVE, &key->flags); -+ if (!key->type->update) -+ goto error; - -- up_write(&key->sem); -+ memset(&prep, 0, sizeof(prep)); -+ prep.data = payload; -+ prep.datalen = plen; -+ prep.quotalen = key->type->def_datalen; -+ if (key->type->preparse) { -+ ret = key->type->preparse(&prep); -+ if (ret < 0) -+ goto error; - } - -- error: -+ down_write(&key->sem); -+ -+ ret = key->type->update(key, &prep); -+ if (ret == 0) -+ /* updating a negative key instantiates it */ -+ clear_bit(KEY_FLAG_NEGATIVE, &key->flags); -+ -+ up_write(&key->sem); -+ -+ if (key->type->preparse) -+ key->type->free_preparse(&prep); -+error: - return ret; - } - EXPORT_SYMBOL(key_update); -diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c -index 3364fbf..505d40b 100644 ---- a/security/keys/keyctl.c -+++ b/security/keys/keyctl.c -@@ -46,6 +46,9 @@ static int key_get_type_from_user(char *type, - * Extract the description of a new key from userspace and either add it as a - * new key to the specified keyring or update a matching key in that keyring. - * -+ * If the description is NULL or an empty string, the key type is asked to -+ * generate one from the payload. -+ * - * The keyring must be writable so that we can attach the key to it. - * - * If successful, the new key's serial number is returned, otherwise an error -@@ -72,10 +75,17 @@ SYSCALL_DEFINE5(add_key, const char __user *, _type, - if (ret < 0) - goto error; - -- description = strndup_user(_description, PAGE_SIZE); -- if (IS_ERR(description)) { -- ret = PTR_ERR(description); -- goto error; -+ description = NULL; -+ if (_description) { -+ description = strndup_user(_description, PAGE_SIZE); -+ if (IS_ERR(description)) { -+ ret = PTR_ERR(description); -+ goto error; -+ } -+ if (!*description) { -+ kfree(description); -+ description = NULL; -+ } - } - - /* pull the payload in if one was supplied */ -diff --git a/security/keys/keyring.c b/security/keys/keyring.c -index 81e7852..f04d8cf 100644 ---- a/security/keys/keyring.c -+++ b/security/keys/keyring.c -@@ -66,7 +66,7 @@ static inline unsigned keyring_hash(const char *desc) - * operations. - */ - static int keyring_instantiate(struct key *keyring, -- const void *data, size_t datalen); -+ struct key_preparsed_payload *prep); - static int keyring_match(const struct key *keyring, const void *criterion); - static void keyring_revoke(struct key *keyring); - static void keyring_destroy(struct key *keyring); -@@ -121,12 +121,12 @@ static void keyring_publish_name(struct key *keyring) - * Returns 0 on success, -EINVAL if given any data. - */ - static int keyring_instantiate(struct key *keyring, -- const void *data, size_t datalen) -+ struct key_preparsed_payload *prep) - { - int ret; - - ret = -EINVAL; -- if (datalen == 0) { -+ if (prep->datalen == 0) { - /* make the keyring available by name if it has one */ - keyring_publish_name(keyring); - ret = 0; -diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c -index 60d4e3f..85730d5 100644 ---- a/security/keys/request_key_auth.c -+++ b/security/keys/request_key_auth.c -@@ -19,7 +19,8 @@ - #include - #include "internal.h" - --static int request_key_auth_instantiate(struct key *, const void *, size_t); -+static int request_key_auth_instantiate(struct key *, -+ struct key_preparsed_payload *); - static void request_key_auth_describe(const struct key *, struct seq_file *); - static void request_key_auth_revoke(struct key *); - static void request_key_auth_destroy(struct key *); -@@ -42,10 +43,9 @@ struct key_type key_type_request_key_auth = { - * Instantiate a request-key authorisation key. - */ - static int request_key_auth_instantiate(struct key *key, -- const void *data, -- size_t datalen) -+ struct key_preparsed_payload *prep) - { -- key->payload.data = (struct request_key_auth *) data; -+ key->payload.data = (struct request_key_auth *)prep->data; - return 0; - } - -diff --git a/security/keys/trusted.c b/security/keys/trusted.c -index 2d5d041..42036c7 100644 ---- a/security/keys/trusted.c -+++ b/security/keys/trusted.c -@@ -927,22 +927,23 @@ static struct trusted_key_payload *trusted_payload_alloc(struct key *key) - * - * On success, return 0. Otherwise return errno. - */ --static int trusted_instantiate(struct key *key, const void *data, -- size_t datalen) -+static int trusted_instantiate(struct key *key, -+ struct key_preparsed_payload *prep) - { - struct trusted_key_payload *payload = NULL; - struct trusted_key_options *options = NULL; -+ size_t datalen = prep->datalen; - char *datablob; - int ret = 0; - int key_cmd; - -- if (datalen <= 0 || datalen > 32767 || !data) -+ if (datalen <= 0 || datalen > 32767 || !prep->data) - return -EINVAL; - - datablob = kmalloc(datalen + 1, GFP_KERNEL); - if (!datablob) - return -ENOMEM; -- memcpy(datablob, data, datalen); -+ memcpy(datablob, prep->data, datalen); - datablob[datalen] = '\0'; - - options = trusted_options_alloc(); -@@ -1011,17 +1012,18 @@ static void trusted_rcu_free(struct rcu_head *rcu) - /* - * trusted_update - reseal an existing key with new PCR values - */ --static int trusted_update(struct key *key, const void *data, size_t datalen) -+static int trusted_update(struct key *key, struct key_preparsed_payload *prep) - { - struct trusted_key_payload *p = key->payload.data; - struct trusted_key_payload *new_p; - struct trusted_key_options *new_o; -+ size_t datalen = prep->datalen; - char *datablob; - int ret = 0; - - if (!p->migratable) - return -EPERM; -- if (datalen <= 0 || datalen > 32767 || !data) -+ if (datalen <= 0 || datalen > 32767 || !prep->data) - return -EINVAL; - - datablob = kmalloc(datalen + 1, GFP_KERNEL); -@@ -1038,7 +1040,7 @@ static int trusted_update(struct key *key, const void *data, size_t datalen) - goto out; - } - -- memcpy(datablob, data, datalen); -+ memcpy(datablob, prep->data, datalen); - datablob[datalen] = '\0'; - ret = datablob_parse(datablob, new_p, new_o); - if (ret != Opt_update) { -diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c -index c7660a2..55dc889 100644 ---- a/security/keys/user_defined.c -+++ b/security/keys/user_defined.c -@@ -58,13 +58,14 @@ EXPORT_SYMBOL_GPL(key_type_logon); - /* - * instantiate a user defined key - */ --int user_instantiate(struct key *key, const void *data, size_t datalen) -+int user_instantiate(struct key *key, struct key_preparsed_payload *prep) - { - struct user_key_payload *upayload; -+ size_t datalen = prep->datalen; - int ret; - - ret = -EINVAL; -- if (datalen <= 0 || datalen > 32767 || !data) -+ if (datalen <= 0 || datalen > 32767 || !prep->data) - goto error; - - ret = key_payload_reserve(key, datalen); -@@ -78,7 +79,7 @@ int user_instantiate(struct key *key, const void *data, size_t datalen) - - /* attach the data */ - upayload->datalen = datalen; -- memcpy(upayload->data, data, datalen); -+ memcpy(upayload->data, prep->data, datalen); - rcu_assign_keypointer(key, upayload); - ret = 0; - -@@ -92,13 +93,14 @@ EXPORT_SYMBOL_GPL(user_instantiate); - * update a user defined key - * - the key's semaphore is write-locked - */ --int user_update(struct key *key, const void *data, size_t datalen) -+int user_update(struct key *key, struct key_preparsed_payload *prep) - { - struct user_key_payload *upayload, *zap; -+ size_t datalen = prep->datalen; - int ret; - - ret = -EINVAL; -- if (datalen <= 0 || datalen > 32767 || !data) -+ if (datalen <= 0 || datalen > 32767 || !prep->data) - goto error; - - /* construct a replacement payload */ -@@ -108,7 +110,7 @@ int user_update(struct key *key, const void *data, size_t datalen) - goto error; - - upayload->datalen = datalen; -- memcpy(upayload->data, data, datalen); -+ memcpy(upayload->data, prep->data, datalen); - - /* check the quota and attach the new data */ - zap = upayload; --- -1.7.11.4 - - -From 2f5f2d483565648dbe050fda8767edd5d65b1d98 Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 00:14:17 +0100 -Subject: [PATCH 02/32] MPILIB: Provide count_leading/trailing_zeros() based - on arch functions - -Provide count_leading/trailing_zeros() macros based on extant arch bit scanning -functions rather than reimplementing from scratch in MPILIB. - -Whilst we're at it, turn count_foo_zeros(n, x) into n = count_foo_zeros(x). - -Also move the definition to asm-generic as other people may be interested in -using it. - -Signed-off-by: David Howells -Cc: David S. Miller -Cc: Dmitry Kasatkin -Cc: Arnd Bergmann ---- - include/asm-generic/bitops/count_zeros.h | 57 +++++++++++++ - lib/mpi/longlong.h | 138 +------------------------------ - lib/mpi/mpi-bit.c | 2 +- - lib/mpi/mpi-pow.c | 4 +- - 4 files changed, 62 insertions(+), 139 deletions(-) - create mode 100644 include/asm-generic/bitops/count_zeros.h - -diff --git a/include/asm-generic/bitops/count_zeros.h b/include/asm-generic/bitops/count_zeros.h -new file mode 100644 -index 0000000..97520d2 ---- /dev/null -+++ b/include/asm-generic/bitops/count_zeros.h -@@ -0,0 +1,57 @@ -+/* Count leading and trailing zeros functions -+ * -+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. -+ * Written by David Howells (dhowells@redhat.com) -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public Licence -+ * as published by the Free Software Foundation; either version -+ * 2 of the Licence, or (at your option) any later version. -+ */ -+ -+#ifndef _ASM_GENERIC_BITOPS_COUNT_ZEROS_H_ -+#define _ASM_GENERIC_BITOPS_COUNT_ZEROS_H_ -+ -+#include -+ -+/** -+ * count_leading_zeros - Count the number of zeros from the MSB back -+ * @x: The value -+ * -+ * Count the number of leading zeros from the MSB going towards the LSB in @x. -+ * -+ * If the MSB of @x is set, the result is 0. -+ * If only the LSB of @x is set, then the result is BITS_PER_LONG-1. -+ * If @x is 0 then the result is COUNT_LEADING_ZEROS_0. -+ */ -+static inline int count_leading_zeros(unsigned long x) -+{ -+ if (sizeof(x) == 4) -+ return BITS_PER_LONG - fls(x); -+ else -+ return BITS_PER_LONG - fls64(x); -+} -+ -+#define COUNT_LEADING_ZEROS_0 BITS_PER_LONG -+ -+/** -+ * count_trailing_zeros - Count the number of zeros from the LSB forwards -+ * @x: The value -+ * -+ * Count the number of trailing zeros from the LSB going towards the MSB in @x. -+ * -+ * If the LSB of @x is set, the result is 0. -+ * If only the MSB of @x is set, then the result is BITS_PER_LONG-1. -+ * If @x is 0 then the result is COUNT_TRAILING_ZEROS_0. -+ */ -+static inline int count_trailing_zeros(unsigned long x) -+{ -+#define COUNT_TRAILING_ZEROS_0 (-1) -+ -+ if (sizeof(x) == 4) -+ return ffs(x); -+ else -+ return (x != 0) ? __ffs(x) : COUNT_TRAILING_ZEROS_0; -+} -+ -+#endif /* _ASM_GENERIC_BITOPS_COUNT_ZEROS_H_ */ -diff --git a/lib/mpi/longlong.h b/lib/mpi/longlong.h -index 29f9862..678ce4f 100644 ---- a/lib/mpi/longlong.h -+++ b/lib/mpi/longlong.h -@@ -19,6 +19,8 @@ - * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, - * MA 02111-1307, USA. */ - -+#include -+ - /* You have to define the following before including this file: - * - * UWtype -- An unsigned type, default type for operations (typically a "word") -@@ -146,12 +148,6 @@ do { \ - : "1" ((USItype)(n1)), \ - "r" ((USItype)(n0)), \ - "r" ((USItype)(d))) -- --#define count_leading_zeros(count, x) \ -- __asm__ ("clz %0,%1" \ -- : "=r" ((USItype)(count)) \ -- : "r" ((USItype)(x))) --#define COUNT_LEADING_ZEROS_0 32 - #endif /* __a29k__ */ - - #if defined(__alpha) && W_TYPE_SIZE == 64 -@@ -298,11 +294,6 @@ extern UDItype __udiv_qrnnd(); - : "1" ((USItype)(nh)), \ - "0" ((USItype)(nl)), \ - "g" ((USItype)(d))) --#define count_leading_zeros(count, x) \ -- __asm__ ("bsch/1 %1,%0" \ -- : "=g" (count) \ -- : "g" ((USItype)(x)), \ -- "0" ((USItype)0)) - #endif - - /*************************************** -@@ -354,27 +345,6 @@ do { USItype __r; \ - } while (0) - extern USItype __udiv_qrnnd(); - #endif /* LONGLONG_STANDALONE */ --#define count_leading_zeros(count, x) \ --do { \ -- USItype __tmp; \ -- __asm__ ( \ -- "ldi 1,%0\n" \ -- "extru,= %1,15,16,%%r0 ; Bits 31..16 zero?\n" \ -- "extru,tr %1,15,16,%1 ; No. Shift down, skip add.\n" \ -- "ldo 16(%0),%0 ; Yes. Perform add.\n" \ -- "extru,= %1,23,8,%%r0 ; Bits 15..8 zero?\n" \ -- "extru,tr %1,23,8,%1 ; No. Shift down, skip add.\n" \ -- "ldo 8(%0),%0 ; Yes. Perform add.\n" \ -- "extru,= %1,27,4,%%r0 ; Bits 7..4 zero?\n" \ -- "extru,tr %1,27,4,%1 ; No. Shift down, skip add.\n" \ -- "ldo 4(%0),%0 ; Yes. Perform add.\n" \ -- "extru,= %1,29,2,%%r0 ; Bits 3..2 zero?\n" \ -- "extru,tr %1,29,2,%1 ; No. Shift down, skip add.\n" \ -- "ldo 2(%0),%0 ; Yes. Perform add.\n" \ -- "extru %1,30,1,%1 ; Extract bit 1.\n" \ -- "sub %0,%1,%0 ; Subtract it. " \ -- : "=r" (count), "=r" (__tmp) : "1" (x)); \ --} while (0) - #endif /* hppa */ - - /*************************************** -@@ -457,15 +427,6 @@ do { \ - : "0" ((USItype)(n0)), \ - "1" ((USItype)(n1)), \ - "rm" ((USItype)(d))) --#define count_leading_zeros(count, x) \ --do { \ -- USItype __cbtmp; \ -- __asm__ ("bsrl %1,%0" \ -- : "=r" (__cbtmp) : "rm" ((USItype)(x))); \ -- (count) = __cbtmp ^ 31; \ --} while (0) --#define count_trailing_zeros(count, x) \ -- __asm__ ("bsfl %1,%0" : "=r" (count) : "rm" ((USItype)(x))) - #ifndef UMUL_TIME - #define UMUL_TIME 40 - #endif -@@ -536,15 +497,6 @@ do { \ - "dI" ((USItype)(d))); \ - (r) = __rq.__i.__l; (q) = __rq.__i.__h; \ - } while (0) --#define count_leading_zeros(count, x) \ --do { \ -- USItype __cbtmp; \ -- __asm__ ("scanbit %1,%0" \ -- : "=r" (__cbtmp) \ -- : "r" ((USItype)(x))); \ -- (count) = __cbtmp ^ 31; \ --} while (0) --#define COUNT_LEADING_ZEROS_0 (-32) /* sic */ - #if defined(__i960mx) /* what is the proper symbol to test??? */ - #define rshift_rhlc(r, h, l, c) \ - do { \ -@@ -603,11 +555,6 @@ do { \ - : "0" ((USItype)(n0)), \ - "1" ((USItype)(n1)), \ - "dmi" ((USItype)(d))) --#define count_leading_zeros(count, x) \ -- __asm__ ("bfffo %1{%b2:%b2},%0" \ -- : "=d" ((USItype)(count)) \ -- : "od" ((USItype)(x)), "n" (0)) --#define COUNT_LEADING_ZEROS_0 32 - #else /* not mc68020 */ - #define umul_ppmm(xh, xl, a, b) \ - do { USItype __umul_tmp1, __umul_tmp2; \ -@@ -664,15 +611,6 @@ do { USItype __umul_tmp1, __umul_tmp2; \ - "rJ" ((USItype)(bh)), \ - "rJ" ((USItype)(al)), \ - "rJ" ((USItype)(bl))) --#define count_leading_zeros(count, x) \ --do { \ -- USItype __cbtmp; \ -- __asm__ ("ff1 %0,%1" \ -- : "=r" (__cbtmp) \ -- : "r" ((USItype)(x))); \ -- (count) = __cbtmp ^ 31; \ --} while (0) --#define COUNT_LEADING_ZEROS_0 63 /* sic */ - #if defined(__m88110__) - #define umul_ppmm(wh, wl, u, v) \ - do { \ -@@ -779,12 +717,6 @@ do { \ - : "0" (__xx.__ll), \ - "g" ((USItype)(d))); \ - (r) = __xx.__i.__l; (q) = __xx.__i.__h; }) --#define count_trailing_zeros(count, x) \ --do { \ -- __asm__("ffsd %2,%0" \ -- : "=r"((USItype) (count)) \ -- : "0"((USItype) 0), "r"((USItype) (x))); \ -- } while (0) - #endif /* __ns32000__ */ - - /*************************************** -@@ -855,11 +787,6 @@ do { \ - "rI" ((USItype)(al)), \ - "r" ((USItype)(bl))); \ - } while (0) --#define count_leading_zeros(count, x) \ -- __asm__ ("{cntlz|cntlzw} %0,%1" \ -- : "=r" ((USItype)(count)) \ -- : "r" ((USItype)(x))) --#define COUNT_LEADING_ZEROS_0 32 - #if defined(_ARCH_PPC) - #define umul_ppmm(ph, pl, m0, m1) \ - do { \ -@@ -1001,19 +928,6 @@ do { \ - } while (0) - #define UMUL_TIME 20 - #define UDIV_TIME 200 --#define count_leading_zeros(count, x) \ --do { \ -- if ((x) >= 0x10000) \ -- __asm__ ("clz %0,%1" \ -- : "=r" ((USItype)(count)) \ -- : "r" ((USItype)(x) >> 16)); \ -- else { \ -- __asm__ ("clz %0,%1" \ -- : "=r" ((USItype)(count)) \ -- : "r" ((USItype)(x))); \ -- (count) += 16; \ -- } \ --} while (0) - #endif /* RT/ROMP */ - - /*************************************** -@@ -1142,13 +1056,6 @@ do { \ - "rI" ((USItype)(d)) \ - : "%g1" __AND_CLOBBER_CC) - #define UDIV_TIME 37 --#define count_leading_zeros(count, x) \ -- __asm__ ("scan %1,0,%0" \ -- : "=r" ((USItype)(x)) \ -- : "r" ((USItype)(count))) --/* Early sparclites return 63 for an argument of 0, but they warn that future -- implementations might change this. Therefore, leave COUNT_LEADING_ZEROS_0 -- undefined. */ - #endif /* __sparclite__ */ - #endif /* __sparc_v8__ */ - /* Default to sparc v7 versions of umul_ppmm and udiv_qrnnd. */ -@@ -1454,47 +1361,6 @@ do { \ - #define udiv_qrnnd __udiv_qrnnd_c - #endif - --#undef count_leading_zeros --#if !defined(count_leading_zeros) -- extern --#ifdef __STDC__ -- const --#endif -- unsigned char __clz_tab[]; --#define count_leading_zeros(count, x) \ --do { \ -- UWtype __xr = (x); \ -- UWtype __a; \ -- \ -- if (W_TYPE_SIZE <= 32) { \ -- __a = __xr < ((UWtype) 1 << 2*__BITS4) \ -- ? (__xr < ((UWtype) 1 << __BITS4) ? 0 : __BITS4) \ -- : (__xr < ((UWtype) 1 << 3*__BITS4) ? 2*__BITS4 : 3*__BITS4); \ -- } \ -- else { \ -- for (__a = W_TYPE_SIZE - 8; __a > 0; __a -= 8) \ -- if (((__xr >> __a) & 0xff) != 0) \ -- break; \ -- } \ -- \ -- (count) = W_TYPE_SIZE - (__clz_tab[__xr >> __a] + __a); \ --} while (0) -- /* This version gives a well-defined value for zero. */ --#define COUNT_LEADING_ZEROS_0 W_TYPE_SIZE --#endif -- --#if !defined(count_trailing_zeros) --/* Define count_trailing_zeros using count_leading_zeros. The latter might be -- defined in asm, but if it is not, the C version above is good enough. */ --#define count_trailing_zeros(count, x) \ --do { \ -- UWtype __ctz_x = (x); \ -- UWtype __ctz_c; \ -- count_leading_zeros(__ctz_c, __ctz_x & -__ctz_x); \ -- (count) = W_TYPE_SIZE - 1 - __ctz_c; \ --} while (0) --#endif -- - #ifndef UDIV_NEEDS_NORMALIZATION - #define UDIV_NEEDS_NORMALIZATION 0 - #endif -diff --git a/lib/mpi/mpi-bit.c b/lib/mpi/mpi-bit.c -index 5687248..503537e 100644 ---- a/lib/mpi/mpi-bit.c -+++ b/lib/mpi/mpi-bit.c -@@ -45,7 +45,7 @@ unsigned mpi_get_nbits(MPI a) - if (a->nlimbs) { - mpi_limb_t alimb = a->d[a->nlimbs - 1]; - if (alimb) -- count_leading_zeros(n, alimb); -+ n = count_leading_zeros(alimb); - else - n = BITS_PER_MPI_LIMB; - n = BITS_PER_MPI_LIMB - n + (a->nlimbs - 1) * BITS_PER_MPI_LIMB; -diff --git a/lib/mpi/mpi-pow.c b/lib/mpi/mpi-pow.c -index 67f3e79..5464c87 100644 ---- a/lib/mpi/mpi-pow.c -+++ b/lib/mpi/mpi-pow.c -@@ -77,7 +77,7 @@ int mpi_powm(MPI res, MPI base, MPI exp, MPI mod) - mp = mp_marker = mpi_alloc_limb_space(msize); - if (!mp) - goto enomem; -- count_leading_zeros(mod_shift_cnt, mod->d[msize - 1]); -+ mod_shift_cnt = count_leading_zeros(mod->d[msize - 1]); - if (mod_shift_cnt) - mpihelp_lshift(mp, mod->d, msize, mod_shift_cnt); - else -@@ -169,7 +169,7 @@ int mpi_powm(MPI res, MPI base, MPI exp, MPI mod) - - i = esize - 1; - e = ep[i]; -- count_leading_zeros(c, e); -+ c = count_leading_zeros(e); - e = (e << c) << 1; /* shift the exp bits to the left, lose msb */ - c = BITS_PER_MPI_LIMB - 1 - c; - --- -1.7.11.4 - - -From 15b76403afcc626b91e5fcee8b6a950a51f284ef Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 00:14:18 +0100 -Subject: [PATCH 03/32] KEYS: Create a key type that can be used for general - cryptographic operations - -Create a key type that can be used for general cryptographic operations, such -as encryption, decryption, signature generation and signature verification. - -The key type is "crypto" and can provide access to a variety of cryptographic -algorithms. - -Signed-off-by: David Howells ---- - Documentation/security/keys-crypto.txt | 181 ++++++++++++++++++++++ - include/keys/crypto-subtype.h | 57 +++++++ - include/keys/crypto-type.h | 25 +++ - security/keys/Kconfig | 2 + - security/keys/Makefile | 1 + - security/keys/crypto/Kconfig | 7 + - security/keys/crypto/Makefile | 7 + - security/keys/crypto/crypto_keys.h | 28 ++++ - security/keys/crypto/crypto_type.c | 272 +++++++++++++++++++++++++++++++++ - 9 files changed, 580 insertions(+) - create mode 100644 Documentation/security/keys-crypto.txt - create mode 100644 include/keys/crypto-subtype.h - create mode 100644 include/keys/crypto-type.h - create mode 100644 security/keys/crypto/Kconfig - create mode 100644 security/keys/crypto/Makefile - create mode 100644 security/keys/crypto/crypto_keys.h - create mode 100644 security/keys/crypto/crypto_type.c - -diff --git a/Documentation/security/keys-crypto.txt b/Documentation/security/keys-crypto.txt -new file mode 100644 -index 0000000..97dee80 ---- /dev/null -+++ b/Documentation/security/keys-crypto.txt -@@ -0,0 +1,181 @@ -+ ====================== -+ CRYPTOGRAPHIC KEY TYPE -+ ====================== -+ -+Contents: -+ -+ - Overview. -+ - Key identification. -+ - Accessing crypto keys. -+ - Implementing crypto parsers. -+ - Implementing crypto subtypes. -+ -+ -+======== -+OVERVIEW -+======== -+ -+The "crypto" key type is designed to be a container for cryptographic keys, -+without imposing any particular restrictions on the form of the cryptography or -+the key. -+ -+The crypto key is given a subtype that defines what sort of data is associated -+with the key and provides operations to describe and destroy it. However, no -+requirement is made that the key data actually be loaded into the key. -+ -+The crypto key also has a number of data parsers registered with it. The data -+parsers are responsible for extracing information the blobs of data passed to -+the instantiator function. The first data parser that recognises the blob gets -+to set the subtype of the key and define the operations that can be done on -+that key. -+ -+Completely in-kernel key retention and operation subtypes and parsers can be -+defined, but it would also be possible to provide access to cryptographic -+hardware (such as a TPM) that might be used to both retain the relevant key and -+perform operations using that key. In such a case, the crypto key would then -+merely be an interface to the TPM driver. -+ -+ -+================== -+KEY IDENTIFICATION -+================== -+ -+Because the identity of a key is not necessarily known and may not be easily -+calculated when a crypto key is allocated, it may not be a simple matter to set -+a key description to something that's useful for determining whether this is -+the key you're looking for. Furthermore, it may be necessary to perform a -+partial match upon the key identity. -+ -+To help with this, when a key is loaded, the parser calculates the key -+fingerprint and stores a copy in the key structure. -+ -+The crypto key type's key matching function then performs more checks than just -+the straightforward comparison of the description with the criterion string: -+ -+ (1) If the criterion string is of the form "id:" then the match -+ function will examine a key's fingerprint to see if the hex digits given -+ after the "id:" match the tail. For instance: -+ -+ keyctl search @s crypto id:5acc2142 -+ -+ will match a key with fingerprint: -+ -+ 1A00 2040 7601 7889 DE11 882C 3823 04AD 5ACC 2142 -+ -+ (2) If the criterion string is of the form ":" then the -+ match will match the ID as in (1), but with the added restriction that -+ only keys of the specified subtype (e.g. dsa or rsa) will be matched. For -+ instance: -+ -+ keyctl search @s crypto dsa:5acc2142 -+ -+Looking in /proc/keys, the last 8 hex digits of the key fingerprint are -+displayed, along with the subtype: -+ -+ 1a39e171 I----- 1 perm 3f010000 0 0 crypto modsign.0: DSA 5acc2142 [] -+ -+ -+===================== -+ACCESSING CRYPTO KEYS -+===================== -+ -+To access crypto keys from within the kernel, the following inclusion is -+required: -+ -+ #include -+ -+This gives access to the key type: -+ -+ struct key_type key_type_crypto; -+ -+ -+=========================== -+IMPLEMENTING CRYPTO PARSERS -+=========================== -+ -+The crypto key type keeps a list of registered data parsers. An example of -+such a parser is one that parses OpenPGP packet formatted data [RFC 4880]. -+ -+During key instantiation each parser in the list is tried until one doesn't -+return -EBADMSG. -+ -+The parser definition structure looks like the following: -+ -+ struct crypto_key_parser { -+ struct module *owner; -+ const char *name; -+ -+ int (*instantiate)(struct key *key, -+ const void *data, size_t datalen); -+ }; -+ -+The owner and name fields should be set to the owning module and the name of -+the parser. -+ -+There are a number of operations defined by the parser. They are all optional, -+but it is expected that at least one will be defined. -+ -+ (1) instantiate(). -+ -+ The arguments are the same as for the instantiate function in the key -+ type. 'key' is the crypto key being instantiated; data and datalen are -+ the instantiation data, presumably containing cryptographic key data, and -+ the length of that data. -+ -+ If the data format is not recognised, -EBADMSG should be returned. If it -+ is recognised, but the key cannot for some reason be set up, some other -+ negative error code should be returned. -+ -+ If the key can be successfully set up, then key->payload should be set to -+ point to the retained data, key->type_data.p[0] should be set to point to -+ the subtype chosen and key->type_data.p[1] should be set to point to a -+ copy of the key's identity string and 0 should be returned. -+ -+ The key's identity string may be partially matched upon. For a public-key -+ algorithm such as RSA and DSA this will likely be a printable hex version -+ of the key's fingerprint. -+ -+Functions are provided to register and unregister parsers: -+ -+ int register_crypto_key_parser(struct crypto_key_parser *parser); -+ void unregister_crypto_key_parser(struct crypto_key_parser *subtype); -+ -+Parsers may not have the same name. The names are only used for displaying in -+debugging messages. -+ -+ -+============================ -+IMPLEMENTING CRYPTO SUBTYPES -+============================ -+ -+The parser selects the appropriate subtype directly and sets it on the key; the -+crypto key then retains a reference on the subtype module (which means the -+parser can be removed thereafter). -+ -+The subtype definition structure looks like the following: -+ -+ struct crypto_key_subtype { -+ struct module *owner; -+ const char *name; -+ -+ void (*describe)(const struct key *key, struct seq_file *m); -+ void (*destroy)(void *payload); -+ }; -+ -+The owner and name fields should be set to the owning module and the name of -+the subtype. -+ -+There are a number of operations defined by the subtype: -+ -+ (1) describe(). -+ -+ Mandatory. This allows the subtype to display something in /proc/keys -+ against the key. For instance the name of the public key algorithm type -+ could be displayed. The key type will display the tail of the key -+ identity string after this. -+ -+ (2) destroy(). -+ -+ Mandatory. This should free the memory associated with the key. The -+ crypto key will look after freeing the fingerprint and releasing the -+ reference on the subtype module. -diff --git a/include/keys/crypto-subtype.h b/include/keys/crypto-subtype.h -new file mode 100644 -index 0000000..1f546e6 ---- /dev/null -+++ b/include/keys/crypto-subtype.h -@@ -0,0 +1,57 @@ -+/* Cryptographic key subtype -+ * -+ * Copyright (C) 2011 Red Hat, Inc. All Rights Reserved. -+ * Written by David Howells (dhowells@redhat.com) -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public Licence -+ * as published by the Free Software Foundation; either version -+ * 2 of the Licence, or (at your option) any later version. -+ * -+ * See Documentation/security/keys-crypto.txt -+ */ -+ -+#ifndef _KEYS_CRYPTO_SUBTYPE_H -+#define _KEYS_CRYPTO_SUBTYPE_H -+ -+#include -+#include -+ -+extern struct key_type key_type_crypto; -+ -+/* -+ * Keys of this type declare a subtype that indicates the handlers and -+ * capabilities. -+ */ -+struct crypto_key_subtype { -+ struct module *owner; -+ const char *name; -+ unsigned short name_len; /* length of name */ -+ -+ void (*describe)(const struct key *key, struct seq_file *m); -+ -+ void (*destroy)(void *payload); -+}; -+ -+/* -+ * Data parser. Called during instantiation and signature verification -+ * initiation. -+ */ -+struct crypto_key_parser { -+ struct list_head link; -+ struct module *owner; -+ const char *name; -+ -+ /* Attempt to parse a key from the data blob passed to add_key() or -+ * keyctl_instantiate(). Should also generate a proposed description -+ * that the caller can optionally use for the key. -+ * -+ * Return EBADMSG if not recognised. -+ */ -+ int (*preparse)(struct key_preparsed_payload *prep); -+}; -+ -+extern int register_crypto_key_parser(struct crypto_key_parser *); -+extern void unregister_crypto_key_parser(struct crypto_key_parser *); -+ -+#endif /* _KEYS_CRYPTO_SUBTYPE_H */ -diff --git a/include/keys/crypto-type.h b/include/keys/crypto-type.h -new file mode 100644 -index 0000000..47c00c7 ---- /dev/null -+++ b/include/keys/crypto-type.h -@@ -0,0 +1,25 @@ -+/* Cryptographic key type interface -+ * -+ * Copyright (C) 2011 Red Hat, Inc. All Rights Reserved. -+ * Written by David Howells (dhowells@redhat.com) -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public Licence -+ * as published by the Free Software Foundation; either version -+ * 2 of the Licence, or (at your option) any later version. -+ * -+ * See Documentation/security/keys-crypto.txt -+ */ -+ -+#ifndef _KEYS_CRYPTO_TYPE_H -+#define _KEYS_CRYPTO_TYPE_H -+ -+#include -+ -+extern struct key_type key_type_crypto; -+ -+/* -+ * The payload is at the discretion of the subtype. -+ */ -+ -+#endif /* _KEYS_CRYPTO_TYPE_H */ -diff --git a/security/keys/Kconfig b/security/keys/Kconfig -index a90d6d3..992fe52 100644 ---- a/security/keys/Kconfig -+++ b/security/keys/Kconfig -@@ -69,3 +69,5 @@ config KEYS_DEBUG_PROC_KEYS - the resulting table. - - If you are unsure as to whether this is required, answer N. -+ -+source security/keys/crypto/Kconfig -diff --git a/security/keys/Makefile b/security/keys/Makefile -index 504aaa0..67dae73 100644 ---- a/security/keys/Makefile -+++ b/security/keys/Makefile -@@ -24,3 +24,4 @@ obj-$(CONFIG_SYSCTL) += sysctl.o - # - obj-$(CONFIG_TRUSTED_KEYS) += trusted.o - obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys/ -+obj-$(CONFIG_CRYPTO_KEY_TYPE) += crypto/ -diff --git a/security/keys/crypto/Kconfig b/security/keys/crypto/Kconfig -new file mode 100644 -index 0000000..3d15710 ---- /dev/null -+++ b/security/keys/crypto/Kconfig -@@ -0,0 +1,7 @@ -+config CRYPTO_KEY_TYPE -+ tristate "Cryptographic key type" -+ depends on KEYS -+ help -+ This option provides support for a type of key that holds the keys -+ required for cryptographic operations such as encryption, decryption, -+ signature generation and signature verification. -diff --git a/security/keys/crypto/Makefile b/security/keys/crypto/Makefile -new file mode 100644 -index 0000000..36db1d5 ---- /dev/null -+++ b/security/keys/crypto/Makefile -@@ -0,0 +1,7 @@ -+# -+# Makefile for cryptographic keys -+# -+ -+obj-$(CONFIG_CRYPTO_KEY_TYPE) += crypto_keys.o -+ -+crypto_keys-y := crypto_type.o -diff --git a/security/keys/crypto/crypto_keys.h b/security/keys/crypto/crypto_keys.h -new file mode 100644 -index 0000000..eb11788 ---- /dev/null -+++ b/security/keys/crypto/crypto_keys.h -@@ -0,0 +1,28 @@ -+/* Internal crypto type stuff -+ * -+ * Copyright (C) 2011 Red Hat, Inc. All Rights Reserved. -+ * Written by David Howells (dhowells@redhat.com) -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public Licence -+ * as published by the Free Software Foundation; either version -+ * 2 of the Licence, or (at your option) any later version. -+ */ -+ -+static inline -+struct crypto_key_subtype *crypto_key_subtype(const struct key *key) -+{ -+ return key->type_data.p[0]; -+} -+ -+static inline const char *crypto_key_id(const struct key *key) -+{ -+ return key->type_data.p[1]; -+} -+ -+ -+/* -+ * crypto_type.c -+ */ -+extern struct list_head crypto_key_parsers; -+extern struct rw_semaphore crypto_key_parsers_sem; -diff --git a/security/keys/crypto/crypto_type.c b/security/keys/crypto/crypto_type.c -new file mode 100644 -index 0000000..e8f83a6 ---- /dev/null -+++ b/security/keys/crypto/crypto_type.c -@@ -0,0 +1,272 @@ -+/* Cryptographic key type -+ * -+ * Copyright (C) 2011 Red Hat, Inc. All Rights Reserved. -+ * Written by David Howells (dhowells@redhat.com) -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public Licence -+ * as published by the Free Software Foundation; either version -+ * 2 of the Licence, or (at your option) any later version. -+ * -+ * See Documentation/security/keys-crypto.txt -+ */ -+#include -+#include -+#include -+#include -+#include "crypto_keys.h" -+ -+MODULE_LICENSE("GPL"); -+ -+LIST_HEAD(crypto_key_parsers); -+DECLARE_RWSEM(crypto_key_parsers_sem); -+ -+/* -+ * Match crypto_keys on (part of) their name -+ * We have some shorthand methods for matching keys. We allow: -+ * -+ * "" - request a key by description -+ * "id:" - request a key matching the ID -+ * ":" - request a key of a subtype -+ */ -+static int crypto_key_match(const struct key *key, const void *description) -+{ -+ const struct crypto_key_subtype *subtype = crypto_key_subtype(key); -+ const char *spec = description; -+ const char *id, *kid; -+ ptrdiff_t speclen; -+ size_t idlen, kidlen; -+ -+ if (!subtype || !spec || !*spec) -+ return 0; -+ -+ /* See if the full key description matches as is */ -+ if (key->description && strcmp(key->description, description) == 0) -+ return 1; -+ -+ /* All tests from here on break the criterion description into a -+ * specifier, a colon and then an identifier. -+ */ -+ id = strchr(spec, ':'); -+ if (!id) -+ return 0; -+ -+ speclen = id - spec; -+ id++; -+ -+ /* Anything after here requires a partial match on the ID string */ -+ kid = crypto_key_id(key); -+ if (!kid) -+ return 0; -+ -+ idlen = strlen(id); -+ kidlen = strlen(kid); -+ if (idlen > kidlen) -+ return 0; -+ -+ kid += kidlen - idlen; -+ if (strcasecmp(id, kid) != 0) -+ return 0; -+ -+ if (speclen == 2 && -+ memcmp(spec, "id", 2) == 0) -+ return 1; -+ -+ if (speclen == subtype->name_len && -+ memcmp(spec, subtype->name, speclen) == 0) -+ return 1; -+ -+ return 0; -+} -+ -+/* -+ * Describe the crypto key -+ */ -+static void crypto_key_describe(const struct key *key, struct seq_file *m) -+{ -+ const struct crypto_key_subtype *subtype = crypto_key_subtype(key); -+ const char *kid = crypto_key_id(key); -+ size_t n; -+ -+ seq_puts(m, key->description); -+ -+ if (subtype) { -+ seq_puts(m, ": "); -+ subtype->describe(key, m); -+ -+ if (kid) { -+ seq_putc(m, ' '); -+ n = strlen(kid); -+ if (n <= 8) -+ seq_puts(m, kid); -+ else -+ seq_puts(m, kid + n - 8); -+ } -+ -+ seq_puts(m, " ["); -+ /* put something here to indicate the key's capabilities */ -+ seq_putc(m, ']'); -+ } -+} -+ -+/* -+ * Preparse a crypto payload to get format the contents appropriately for the -+ * internal payload to cut down on the number of scans of the data performed. -+ * -+ * We also generate a proposed description from the contents of the key that -+ * can be used to name the key if the user doesn't want to provide one. -+ */ -+static int crypto_key_preparse(struct key_preparsed_payload *prep) -+{ -+ struct crypto_key_parser *parser; -+ int ret; -+ -+ pr_devel("==>%s()\n", __func__); -+ -+ if (prep->datalen == 0) -+ return -EINVAL; -+ -+ down_read(&crypto_key_parsers_sem); -+ -+ ret = -EBADMSG; -+ list_for_each_entry(parser, &crypto_key_parsers, link) { -+ pr_debug("Trying parser '%s'\n", parser->name); -+ -+ ret = parser->preparse(prep); -+ if (ret != -EBADMSG) { -+ pr_debug("Parser recognised the format (ret %d)\n", -+ ret); -+ break; -+ } -+ } -+ -+ up_read(&crypto_key_parsers_sem); -+ pr_devel("<==%s() = %d\n", __func__, ret); -+ return ret; -+} -+ -+/* -+ * Clean up the preparse data -+ */ -+static void crypto_key_free_preparse(struct key_preparsed_payload *prep) -+{ -+ struct crypto_key_subtype *subtype = prep->type_data[0]; -+ -+ pr_devel("==>%s()\n", __func__); -+ -+ if (subtype) { -+ subtype->destroy(prep->payload); -+ module_put(subtype->owner); -+ } -+ kfree(prep->type_data[1]); -+ kfree(prep->description); -+} -+ -+/* -+ * Instantiate a crypto_key defined key -+ */ -+static int crypto_key_instantiate(struct key *key, struct key_preparsed_payload *prep) -+{ -+ int ret; -+ -+ pr_devel("==>%s()\n", __func__); -+ -+ ret = key_payload_reserve(key, prep->quotalen); -+ if (ret == 0) { -+ key->type_data.p[0] = prep->type_data[0]; -+ key->type_data.p[1] = prep->type_data[1]; -+ key->payload.data = prep->payload; -+ prep->type_data[0] = NULL; -+ prep->type_data[1] = NULL; -+ prep->payload = NULL; -+ } -+ pr_devel("<==%s() = %d\n", __func__, ret); -+ return ret; -+} -+ -+/* -+ * dispose of the data dangling from the corpse of a crypto key -+ */ -+static void crypto_key_destroy(struct key *key) -+{ -+ struct crypto_key_subtype *subtype = crypto_key_subtype(key); -+ if (subtype) { -+ subtype->destroy(key->payload.data); -+ module_put(subtype->owner); -+ key->type_data.p[0] = NULL; -+ } -+ kfree(key->type_data.p[1]); -+ key->type_data.p[1] = NULL; -+} -+ -+struct key_type key_type_crypto = { -+ .name = "crypto", -+ .preparse = crypto_key_preparse, -+ .free_preparse = crypto_key_free_preparse, -+ .instantiate = crypto_key_instantiate, -+ .match = crypto_key_match, -+ .destroy = crypto_key_destroy, -+ .describe = crypto_key_describe, -+}; -+EXPORT_SYMBOL_GPL(key_type_crypto); -+ -+/** -+ * register_crypto_key_parser - Register a crypto key blob parser -+ * @parser: The parser to register -+ */ -+int register_crypto_key_parser(struct crypto_key_parser *parser) -+{ -+ struct crypto_key_parser *cursor; -+ int ret; -+ -+ down_write(&crypto_key_parsers_sem); -+ -+ list_for_each_entry(cursor, &crypto_key_parsers, link) { -+ if (strcmp(cursor->name, parser->name) == 0) { -+ pr_err("Crypto key parser '%s' already registered\n", -+ parser->name); -+ ret = -EEXIST; -+ goto out; -+ } -+ } -+ -+ list_add_tail(&parser->link, &crypto_key_parsers); -+ -+ pr_notice("Crypto key parser '%s' registered\n", parser->name); -+ ret = 0; -+ -+out: -+ up_write(&crypto_key_parsers_sem); -+ return ret; -+} -+EXPORT_SYMBOL_GPL(register_crypto_key_parser); -+ -+/** -+ * unregister_crypto_key_parser - Unregister a crypto key blob parser -+ * @parser: The parser to unregister -+ */ -+void unregister_crypto_key_parser(struct crypto_key_parser *parser) -+{ -+ down_write(&crypto_key_parsers_sem); -+ list_del(&parser->link); -+ up_write(&crypto_key_parsers_sem); -+ -+ pr_notice("Crypto key parser '%s' unregistered\n", parser->name); -+} -+EXPORT_SYMBOL_GPL(unregister_crypto_key_parser); -+ -+/* -+ * Module stuff -+ */ -+static int __init crypto_key_init(void) -+{ -+ return register_key_type(&key_type_crypto); -+} -+ -+static void __exit crypto_key_cleanup(void) -+{ -+ unregister_key_type(&key_type_crypto); -+} -+ -+module_init(crypto_key_init); -+module_exit(crypto_key_cleanup); --- -1.7.11.4 - - -From a4e8ef15db9c013c4d3141424120c5ba74376483 Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 00:14:18 +0100 -Subject: [PATCH 04/32] KEYS: Add signature verification facility - -Add a facility whereby a key subtype may be asked to verify a signature against -the data it is purported to have signed. - -This adds four routines: - - (1) struct crypto_key_verify_context * - verify_sig_begin(struct key *keyring, const void *sig, size_t siglen); - - This sets up a verification context for the given signature using - information in that signature to select a key from the specified keyring - and to request a hash algorithm from the crypto layer. - - (2) int verify_sig_add_data(struct crypto_key_verify_context *ctx, - const void *data, size_t datalen); - - Incrementally supply data to be signed. May be called multiple times. - - (3) int verify_sig_end(struct crypto_key_verify_context *ctx, - const void *sig, size_t siglen); - - Complete the verification process and return the result. -EKEYREJECTED - will indicate that the verification failed and 0 will indicate success. - Other errors are also possible. - - (4) void verify_sig_cancel(struct crypto_key_verify_context *ctx); - - Cancel the verification process. - -Signed-off-by: David Howells ---- - Documentation/security/keys-crypto.txt | 100 +++++++++++++++++++++ - include/keys/crypto-subtype.h | 36 +++++++- - include/keys/crypto-type.h | 9 ++ - security/keys/crypto/Makefile | 2 +- - security/keys/crypto/crypto_keys.h | 1 - - security/keys/crypto/crypto_type.c | 2 +- - security/keys/crypto/crypto_verify.c | 159 +++++++++++++++++++++++++++++++++ - 7 files changed, 304 insertions(+), 5 deletions(-) - create mode 100644 security/keys/crypto/crypto_verify.c - -diff --git a/Documentation/security/keys-crypto.txt b/Documentation/security/keys-crypto.txt -index 97dee80..0a886ec 100644 ---- a/Documentation/security/keys-crypto.txt -+++ b/Documentation/security/keys-crypto.txt -@@ -7,6 +7,7 @@ Contents: - - Overview. - - Key identification. - - Accessing crypto keys. -+ - Signature verification. - - Implementing crypto parsers. - - Implementing crypto subtypes. - -@@ -89,6 +90,65 @@ This gives access to the key type: - struct key_type key_type_crypto; - - -+SIGNATURE VERIFICATION -+---------------------- -+ -+The four operations that can perform cryptographic signature verification, -+using one of a set of keys to provide the public key: -+ -+ (1) Begin verification procedure. -+ -+ struct crypto_key_verify_context * -+ verify_sig_begin(struct key *keyring, const void *sig, size_t siglen); -+ -+ This function sets up a verification context from the information in the -+ signature and looks for a suitable key in the keyring. The signature blob -+ must be presented again at the end of the procedure. The keys will be -+ checked against parameters in the signature, and if the matching one is -+ not found then -ENOKEY will be returned. -+ -+ The hashing algorithm, if such a thing applies, will be determined from -+ information in the signature and the appropriate crypto module will be -+ used. -ENOPKG will be returned if the hash algorithm is unavailable. -+ -+ The return value is an opaque pointer to be passed to the other functions, -+ or a negative error code. -+ -+ (2) Indicate data to be verified. -+ -+ int verify_sig_add_data(struct crypto_key_verify_context *ctx, -+ const void *data, size_t datalen); -+ -+ This function is used to shovel data to the verification procedure so that -+ it can load it into the hash, pass it to hardware or whatever is -+ appropriate for the algorithm being employed. -+ -+ The data is not canonicalised for the document type specified in the -+ signature. The caller must do that. -+ -+ It will return 0 if successful and a negative error code if not. -+ -+ (3) Complete the verification process. -+ -+ int verify_sig_end(struct crypto_key_verify_context *ctx, -+ const void *sig, size_t siglen); -+ -+ This function performs the actual signature verification step and cleans -+ up the resources allocated at the beginning. The signature must be -+ presented again as some of the data therein may need to be added to the -+ internal hash. -+ -+ It will return -EKEYREJECTED if the signature didn't match, 0 if -+ successful and may return other errors as appropriate. -+ -+ (4) Cancel the verification process. -+ -+ void verify_sig_cancel(struct crypto_key_verify_context *ctx); -+ -+ This function cleans up the resources allocated at the beginning. This is -+ not necessary if verify_sig_end() was called. -+ -+ - =========================== - IMPLEMENTING CRYPTO PARSERS - =========================== -@@ -107,6 +167,8 @@ The parser definition structure looks like the following: - - int (*instantiate)(struct key *key, - const void *data, size_t datalen); -+ struct crypto_key_verify_context *(*verify_sig_begin)( -+ struct key *keyring, const u8 *sig, size_t siglen); - }; - - The owner and name fields should be set to the owning module and the name of -@@ -135,6 +197,44 @@ but it is expected that at least one will be defined. - algorithm such as RSA and DSA this will likely be a printable hex version - of the key's fingerprint. - -+ (2) verify_sig_begin(). -+ -+ This is similar in concept to the instantiate() function, except that it -+ is given a signature blob to parse rather than a key data blob. -+ -+ If the data format is not recognised, -EBADMSG should be returned. If it -+ is recognised, but the signature verification process cannot for some -+ reason be set up, some other negative error code should be returned. -+ -ENOKEY should be used to indicate that no matching key is available and -+ -ENOPKG should be returned if the hash algorithm or the verification -+ algorithm are unavailable. -+ -+ If successful, the parser should allocate a verification context and embed -+ the following struct in it: -+ -+ struct crypto_key_verify_context { -+ struct key *key; -+ int (*add_data)(struct crypto_key_verify_context *ctx, -+ const void *data, size_t datalen); -+ int (*end)(struct crypto_key_verify_context *ctx, -+ const u8 *sig, size_t siglen); -+ void (*cancel)(struct crypto_key_verify_context *ctx); -+ }; -+ -+ and return a pointer to this to the caller, who will then pass it to the -+ verification operation wrappers described in the "Signature Verification" -+ section. The three operation pointers here correspond exactly to those -+ wrappers and are all mandatory. container_of() should be used to retrieve -+ the actual context. -+ -+ Note that the crypto key type retains a reference on the parser module for -+ the lifetime of this context, though the operation pointers need not point -+ into this module. -+ -+ The parser should also record a pointer to the key selected and take a -+ reference on that key with key_get(). -+ -+ - Functions are provided to register and unregister parsers: - - int register_crypto_key_parser(struct crypto_key_parser *parser); -diff --git a/include/keys/crypto-subtype.h b/include/keys/crypto-subtype.h -index 1f546e6..61a5338 100644 ---- a/include/keys/crypto-subtype.h -+++ b/include/keys/crypto-subtype.h -@@ -34,8 +34,7 @@ struct crypto_key_subtype { - }; - - /* -- * Data parser. Called during instantiation and signature verification -- * initiation. -+ * Key data parser. Called during key instantiation. - */ - struct crypto_key_parser { - struct list_head link; -@@ -54,4 +53,37 @@ struct crypto_key_parser { - extern int register_crypto_key_parser(struct crypto_key_parser *); - extern void unregister_crypto_key_parser(struct crypto_key_parser *); - -+/* -+ * Context base for signature verification methods. Allocated by the subtype -+ * and presumably embedded in something appropriate. -+ */ -+struct crypto_sig_verify_context { -+ struct key *key; -+ struct crypto_sig_parser *parser; -+ int (*add_data)(struct crypto_sig_verify_context *ctx, -+ const void *data, size_t datalen); -+ int (*end)(struct crypto_sig_verify_context *ctx, -+ const u8 *sig, size_t siglen); -+ void (*cancel)(struct crypto_sig_verify_context *ctx); -+}; -+ -+/* -+ * Signature data parser. Called during signature verification initiation. -+ */ -+struct crypto_sig_parser { -+ struct list_head link; -+ struct module *owner; -+ const char *name; -+ -+ /* Attempt to recognise a signature blob and find a matching key. -+ * -+ * Return EBADMSG if not recognised. -+ */ -+ struct crypto_sig_verify_context *(*verify_sig_begin)( -+ struct key *keyring, const u8 *sig, size_t siglen); -+}; -+ -+extern int register_crypto_sig_parser(struct crypto_sig_parser *); -+extern void unregister_crypto_sig_parser(struct crypto_sig_parser *); -+ - #endif /* _KEYS_CRYPTO_SUBTYPE_H */ -diff --git a/include/keys/crypto-type.h b/include/keys/crypto-type.h -index 47c00c7..0fb362a 100644 ---- a/include/keys/crypto-type.h -+++ b/include/keys/crypto-type.h -@@ -18,6 +18,15 @@ - - extern struct key_type key_type_crypto; - -+struct crypto_sig_verify_context; -+extern struct crypto_sig_verify_context *verify_sig_begin( -+ struct key *key, const void *sig, size_t siglen); -+extern int verify_sig_add_data(struct crypto_sig_verify_context *ctx, -+ const void *data, size_t datalen); -+extern int verify_sig_end(struct crypto_sig_verify_context *ctx, -+ const void *sig, size_t siglen); -+extern void verify_sig_cancel(struct crypto_sig_verify_context *ctx); -+ - /* - * The payload is at the discretion of the subtype. - */ -diff --git a/security/keys/crypto/Makefile b/security/keys/crypto/Makefile -index 36db1d5..67001bc 100644 ---- a/security/keys/crypto/Makefile -+++ b/security/keys/crypto/Makefile -@@ -4,4 +4,4 @@ - - obj-$(CONFIG_CRYPTO_KEY_TYPE) += crypto_keys.o - --crypto_keys-y := crypto_type.o -+crypto_keys-y := crypto_type.o crypto_verify.o -diff --git a/security/keys/crypto/crypto_keys.h b/security/keys/crypto/crypto_keys.h -index eb11788..ab9b381 100644 ---- a/security/keys/crypto/crypto_keys.h -+++ b/security/keys/crypto/crypto_keys.h -@@ -24,5 +24,4 @@ static inline const char *crypto_key_id(const struct key *key) - /* - * crypto_type.c - */ --extern struct list_head crypto_key_parsers; - extern struct rw_semaphore crypto_key_parsers_sem; -diff --git a/security/keys/crypto/crypto_type.c b/security/keys/crypto/crypto_type.c -index e8f83a6..821db37 100644 ---- a/security/keys/crypto/crypto_type.c -+++ b/security/keys/crypto/crypto_type.c -@@ -18,7 +18,7 @@ - - MODULE_LICENSE("GPL"); - --LIST_HEAD(crypto_key_parsers); -+static LIST_HEAD(crypto_key_parsers); - DECLARE_RWSEM(crypto_key_parsers_sem); - - /* -diff --git a/security/keys/crypto/crypto_verify.c b/security/keys/crypto/crypto_verify.c -new file mode 100644 -index 0000000..d64f1c7 ---- /dev/null -+++ b/security/keys/crypto/crypto_verify.c -@@ -0,0 +1,159 @@ -+/* Signature verification with a crypto key -+ * -+ * Copyright (C) 2011 Red Hat, Inc. All Rights Reserved. -+ * Written by David Howells (dhowells@redhat.com) -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public Licence -+ * as published by the Free Software Foundation; either version -+ * 2 of the Licence, or (at your option) any later version. -+ * -+ * See Documentation/security/keys-crypto.txt -+ */ -+ -+#include -+#include -+#include -+#include "crypto_keys.h" -+ -+static LIST_HEAD(crypto_sig_parsers); -+ -+/** -+ * verify_sig_begin - Initiate the use of a crypto key to verify a signature -+ * @keyring: The public keys to verify against -+ * @sig: The signature data -+ * @siglen: The signature length -+ * -+ * Returns a context or an error. -+ */ -+struct crypto_sig_verify_context *verify_sig_begin( -+ struct key *keyring, const void *sig, size_t siglen) -+{ -+ struct crypto_sig_verify_context *ret; -+ struct crypto_sig_parser *parser; -+ -+ pr_devel("==>%s()\n", __func__); -+ -+ if (siglen == 0 || !sig) -+ return ERR_PTR(-EINVAL); -+ -+ down_read(&crypto_key_parsers_sem); -+ -+ ret = ERR_PTR(-EBADMSG); -+ list_for_each_entry(parser, &crypto_sig_parsers, link) { -+ if (parser->verify_sig_begin) { -+ if (!try_module_get(parser->owner)) -+ continue; -+ -+ pr_debug("Trying parser '%s'\n", parser->name); -+ -+ ret = parser->verify_sig_begin(keyring, sig, siglen); -+ if (IS_ERR(ret)) -+ module_put(parser->owner); -+ else -+ ret->parser = parser; -+ if (ret != ERR_PTR(-EBADMSG)) { -+ pr_debug("Parser recognised the format" -+ " (ret %ld)\n", -+ PTR_ERR(ret)); -+ break; -+ } -+ } -+ } -+ -+ up_read(&crypto_key_parsers_sem); -+ pr_devel("<==%s() = %p\n", __func__, ret); -+ return ret; -+} -+EXPORT_SYMBOL_GPL(verify_sig_begin); -+ -+/** -+ * verify_sig_add_data - Incrementally provide data to be verified -+ * @ctx: The context from verify_sig_begin() -+ * @data: Data -+ * @datalen: The amount of @data -+ * -+ * This may be called multiple times. -+ */ -+int verify_sig_add_data(struct crypto_sig_verify_context *ctx, -+ const void *data, size_t datalen) -+{ -+ return ctx->add_data(ctx, data, datalen); -+} -+EXPORT_SYMBOL_GPL(verify_sig_add_data); -+ -+/** -+ * verify_sig_end - Finalise signature verification and return result -+ * @ctx: The context from verify_sig_begin() -+ * @sig: The signature data -+ * @siglen: The signature length -+ */ -+int verify_sig_end(struct crypto_sig_verify_context *ctx, -+ const void *sig, size_t siglen) -+{ -+ struct crypto_sig_parser *parser = ctx->parser; -+ int ret; -+ -+ ret = ctx->end(ctx, sig, siglen); -+ module_put(parser->owner); -+ return ret; -+} -+EXPORT_SYMBOL_GPL(verify_sig_end); -+ -+/** -+ * verify_sig_end - Cancel signature verification -+ * @ctx: The context from verify_sig_begin() -+ */ -+void verify_sig_cancel(struct crypto_sig_verify_context *ctx) -+{ -+ struct crypto_sig_parser *parser = ctx->parser; -+ -+ ctx->cancel(ctx); -+ module_put(parser->owner); -+} -+EXPORT_SYMBOL_GPL(verify_sig_cancel); -+ -+/** -+ * register_crypto_sig_parser - Register a crypto sig blob parser -+ * @parser: The parser to register -+ */ -+int register_crypto_sig_parser(struct crypto_sig_parser *parser) -+{ -+ struct crypto_sig_parser *cursor; -+ int ret; -+ -+ down_write(&crypto_key_parsers_sem); -+ -+ list_for_each_entry(cursor, &crypto_sig_parsers, link) { -+ if (strcmp(cursor->name, parser->name) == 0) { -+ pr_err("Crypto signature parser '%s' already registered\n", -+ parser->name); -+ ret = -EEXIST; -+ goto out; -+ } -+ } -+ -+ list_add_tail(&parser->link, &crypto_sig_parsers); -+ -+ pr_notice("Crypto signature parser '%s' registered\n", parser->name); -+ ret = 0; -+ -+out: -+ up_write(&crypto_key_parsers_sem); -+ return ret; -+} -+EXPORT_SYMBOL_GPL(register_crypto_sig_parser); -+ -+/** -+ * unregister_crypto_sig_parser - Unregister a crypto sig blob parser -+ * @parser: The parser to unregister -+ */ -+void unregister_crypto_sig_parser(struct crypto_sig_parser *parser) -+{ -+ down_write(&crypto_key_parsers_sem); -+ list_del(&parser->link); -+ up_write(&crypto_key_parsers_sem); -+ -+ pr_notice("Crypto signature parser '%s' unregistered\n", parser->name); -+} -+EXPORT_SYMBOL_GPL(unregister_crypto_sig_parser); --- -1.7.11.4 - - -From d8cb66a6f69869c8c2992f67915a7c238066f2fb Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 00:14:18 +0100 -Subject: [PATCH 05/32] KEYS: Asymmetric public-key algorithm crypto key - subtype - -Add a subtype for supporting asymmetric public-key encryption algorithms such -as DSA (FIPS-186) and RSA (PKCS#1 / RFC1337). - -Signed-off-by: David Howells ---- - security/keys/crypto/Kconfig | 10 ++++ - security/keys/crypto/Makefile | 3 +- - security/keys/crypto/public_key.c | 82 +++++++++++++++++++++++++ - security/keys/crypto/public_key.h | 123 ++++++++++++++++++++++++++++++++++++++ - 4 files changed, 217 insertions(+), 1 deletion(-) - create mode 100644 security/keys/crypto/public_key.c - create mode 100644 security/keys/crypto/public_key.h - -diff --git a/security/keys/crypto/Kconfig b/security/keys/crypto/Kconfig -index 3d15710..5f2b8ac 100644 ---- a/security/keys/crypto/Kconfig -+++ b/security/keys/crypto/Kconfig -@@ -5,3 +5,13 @@ config CRYPTO_KEY_TYPE - This option provides support for a type of key that holds the keys - required for cryptographic operations such as encryption, decryption, - signature generation and signature verification. -+ -+config CRYPTO_KEY_PUBLIC_KEY_SUBTYPE -+ tristate "Asymmetric public-key crypto algorithm subtype" -+ depends on CRYPTO_KEY_TYPE -+ select MPILIB -+ help -+ This option provides support for asymmetric public key type handling. -+ If signature generation and/or verification are to be used, -+ appropriate hash algorithms (such as SHA-1) must be available. -+ ENOPKG will be reported if the requisite algorithm is unavailable. -diff --git a/security/keys/crypto/Makefile b/security/keys/crypto/Makefile -index 67001bc..6384306 100644 ---- a/security/keys/crypto/Makefile -+++ b/security/keys/crypto/Makefile -@@ -3,5 +3,6 @@ - # - - obj-$(CONFIG_CRYPTO_KEY_TYPE) += crypto_keys.o -- - crypto_keys-y := crypto_type.o crypto_verify.o -+ -+obj-$(CONFIG_CRYPTO_KEY_PUBLIC_KEY_SUBTYPE) += public_key.o -diff --git a/security/keys/crypto/public_key.c b/security/keys/crypto/public_key.c -new file mode 100644 -index 0000000..ebb31ec ---- /dev/null -+++ b/security/keys/crypto/public_key.c -@@ -0,0 +1,82 @@ -+/* Asymmetric public key crypto subtype -+ * -+ * Copyright (C) 2011 Red Hat, Inc. All Rights Reserved. -+ * Written by David Howells (dhowells@redhat.com) -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public Licence -+ * as published by the Free Software Foundation; either version -+ * 2 of the Licence, or (at your option) any later version. -+ */ -+ -+#define pr_fmt(fmt) "PKEY: "fmt -+#include -+#include -+#include -+#include "public_key.h" -+ -+MODULE_LICENSE("GPL"); -+ -+const char *const pkey_algo[PKEY_ALGO__LAST] = { -+ [PKEY_ALGO_DSA] = "DSA", -+ [PKEY_ALGO_RSA] = "RSA", -+}; -+EXPORT_SYMBOL_GPL(pkey_algo); -+ -+const char *const pkey_hash_algo[PKEY_HASH__LAST] = { -+ [PKEY_HASH_MD4] = "md4", -+ [PKEY_HASH_MD5] = "md5", -+ [PKEY_HASH_SHA1] = "sha1", -+ [PKEY_HASH_RIPE_MD_160] = "rmd160", -+ [PKEY_HASH_SHA256] = "sha256", -+ [PKEY_HASH_SHA384] = "sha384", -+ [PKEY_HASH_SHA512] = "sha512", -+ [PKEY_HASH_SHA224] = "sha224", -+}; -+EXPORT_SYMBOL_GPL(pkey_hash_algo); -+ -+const char *const pkey_id_type[PKEY_ID_TYPE__LAST] = { -+ [PKEY_ID_PGP] = "PGP", -+ [PKEY_ID_X509] = "X509", -+}; -+EXPORT_SYMBOL_GPL(pkey_id_type); -+ -+/* -+ * Provide a part of a description of the key for /proc/keys. -+ */ -+static void public_key_describe(const struct key *crypto_key, -+ struct seq_file *m) -+{ -+ struct public_key *key = crypto_key->payload.data; -+ -+ if (key) -+ seq_printf(m, "%s.%s", -+ pkey_id_type[key->id_type], key->algo->name); -+} -+ -+/* -+ * Destroy a public key algorithm key -+ */ -+void public_key_destroy(void *payload) -+{ -+ struct public_key *key = payload; -+ int i; -+ -+ if (key) { -+ for (i = 0; i < ARRAY_SIZE(key->mpi); i++) -+ mpi_free(key->mpi[i]); -+ kfree(key); -+ } -+} -+EXPORT_SYMBOL_GPL(public_key_destroy); -+ -+/* -+ * Public key algorithm crypto key subtype -+ */ -+struct crypto_key_subtype public_key_crypto_key_subtype = { -+ .owner = THIS_MODULE, -+ .name = "public_key", -+ .describe = public_key_describe, -+ .destroy = public_key_destroy, -+}; -+EXPORT_SYMBOL_GPL(public_key_crypto_key_subtype); -diff --git a/security/keys/crypto/public_key.h b/security/keys/crypto/public_key.h -new file mode 100644 -index 0000000..228090d ---- /dev/null -+++ b/security/keys/crypto/public_key.h -@@ -0,0 +1,123 @@ -+/* Asymmetric public-key algorithm definitions -+ * -+ * Copyright (C) 2011 Red Hat, Inc. All Rights Reserved. -+ * Written by David Howells (dhowells@redhat.com) -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public Licence -+ * as published by the Free Software Foundation; either version -+ * 2 of the Licence, or (at your option) any later version. -+ */ -+ -+#ifndef _LINUX_PUBLIC_KEY_H -+#define _LINUX_PUBLIC_KEY_H -+ -+#include -+#include -+#include -+ -+struct public_key; -+struct public_key_signature; -+ -+enum pkey_algo { -+ PKEY_ALGO_DSA, -+ PKEY_ALGO_RSA, -+ PKEY_ALGO__LAST -+}; -+ -+extern const char *const pkey_algo[PKEY_ALGO__LAST]; -+ -+enum pkey_hash_algo { -+ PKEY_HASH_MD4, -+ PKEY_HASH_MD5, -+ PKEY_HASH_SHA1, -+ PKEY_HASH_RIPE_MD_160, -+ PKEY_HASH_SHA256, -+ PKEY_HASH_SHA384, -+ PKEY_HASH_SHA512, -+ PKEY_HASH_SHA224, -+ PKEY_HASH__LAST -+}; -+ -+extern const char *const pkey_hash_algo[PKEY_HASH__LAST]; -+ -+enum pkey_id_type { -+ PKEY_ID_PGP, /* OpenPGP generated key ID */ -+ PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */ -+ PKEY_ID_TYPE__LAST -+}; -+ -+extern const char *const pkey_id_type[PKEY_ID_TYPE__LAST]; -+ -+/* -+ * Public key type definition -+ */ -+struct public_key_algorithm { -+ const char *name; -+ u8 n_pub_mpi; /* Number of MPIs in public key */ -+ u8 n_sec_mpi; /* Number of MPIs in secret key */ -+ u8 n_sig_mpi; /* Number of MPIs in a signature */ -+ int (*verify)(const struct public_key *key, -+ const struct public_key_signature *sig); -+}; -+ -+/* -+ * Asymmetric public key data -+ */ -+struct public_key { -+ const struct public_key_algorithm *algo; -+ u8 capabilities; -+#define PKEY_CAN_ENCRYPT 0x01 -+#define PKEY_CAN_DECRYPT 0x02 -+#define PKEY_CAN_ENCDEC (PKEY_CAN_ENCRYPT | PKEY_CAN_DECRYPT) -+#define PKEY_CAN_SIGN 0x04 -+#define PKEY_CAN_VERIFY 0x08 -+#define PKEY_CAN_SIGVER (PKEY_CAN_SIGN | PKEY_CAN_VERIFY) -+ enum pkey_id_type id_type : 8; -+ union { -+ MPI mpi[5]; -+ struct { -+ MPI p; /* DSA prime */ -+ MPI q; /* DSA group order */ -+ MPI g; /* DSA group generator */ -+ MPI y; /* DSA public-key value = g^x mod p */ -+ MPI x; /* DSA secret exponent (if present) */ -+ } dsa; -+ struct { -+ MPI n; /* RSA public modulus */ -+ MPI e; /* RSA public encryption exponent */ -+ MPI d; /* RSA secret encryption exponent (if present) */ -+ MPI p; /* RSA secret prime (if present) */ -+ MPI q; /* RSA secret prime (if present) */ -+ } rsa; -+ }; -+ -+ u8 key_id[8]; /* ID of this key pair */ -+ u8 key_id_size; /* Number of bytes in key_id */ -+}; -+ -+/* -+ * Asymmetric public key algorithm signature data -+ */ -+struct public_key_signature { -+ struct crypto_sig_verify_context base; -+ u8 *digest; -+ enum pkey_hash_algo pkey_hash_algo : 8; -+ u8 signed_hash_msw[2]; -+ u8 digest_size; /* Number of bytes in digest */ -+ union { -+ MPI mpi[2]; -+ struct { -+ MPI s; /* m^d mod n */ -+ } rsa; -+ struct { -+ MPI r; -+ MPI s; -+ } dsa; -+ }; -+ struct shash_desc hash; /* This must go last! */ -+}; -+ -+extern struct crypto_key_subtype public_key_crypto_key_subtype; -+ -+#endif /* _LINUX_PUBLIC_KEY_H */ --- -1.7.11.4 - - -From 76b6843d2be046bd5ab8fbae8a1cc5b5d2d48a80 Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 00:14:18 +0100 -Subject: [PATCH 06/32] MPILIB: Reinstate mpi_cmp[_ui]() and export for RSA - signature verification - -Reinstate and export mpi_cmp() and mpi_cmp_ui() from the MPI library for use by -RSA signature verification as per RFC3447 section 5.2.2 step 1. - -Signed-off-by: David Howells ---- - lib/mpi/Makefile | 1 + - lib/mpi/mpi-cmp.c | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 71 insertions(+) - create mode 100644 lib/mpi/mpi-cmp.c - -diff --git a/lib/mpi/Makefile b/lib/mpi/Makefile -index 45ca90a..019a68c 100644 ---- a/lib/mpi/Makefile -+++ b/lib/mpi/Makefile -@@ -14,6 +14,7 @@ mpi-y = \ - generic_mpih-add1.o \ - mpicoder.o \ - mpi-bit.o \ -+ mpi-cmp.o \ - mpih-cmp.o \ - mpih-div.o \ - mpih-mul.o \ -diff --git a/lib/mpi/mpi-cmp.c b/lib/mpi/mpi-cmp.c -new file mode 100644 -index 0000000..1871e7b ---- /dev/null -+++ b/lib/mpi/mpi-cmp.c -@@ -0,0 +1,70 @@ -+/* mpi-cmp.c - MPI functions -+ * Copyright (C) 1998, 1999 Free Software Foundation, Inc. -+ * -+ * This file is part of GnuPG. -+ * -+ * GnuPG is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ * -+ * GnuPG is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, write to the Free Software -+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA -+ */ -+ -+#include "mpi-internal.h" -+ -+int mpi_cmp_ui(MPI u, unsigned long v) -+{ -+ mpi_limb_t limb = v; -+ -+ mpi_normalize(u); -+ if (!u->nlimbs && !limb) -+ return 0; -+ if (u->sign) -+ return -1; -+ if (u->nlimbs > 1) -+ return 1; -+ -+ if (u->d[0] == limb) -+ return 0; -+ else if (u->d[0] > limb) -+ return 1; -+ else -+ return -1; -+} -+EXPORT_SYMBOL_GPL(mpi_cmp_ui); -+ -+int mpi_cmp(MPI u, MPI v) -+{ -+ mpi_size_t usize, vsize; -+ int cmp; -+ -+ mpi_normalize(u); -+ mpi_normalize(v); -+ usize = u->nlimbs; -+ vsize = v->nlimbs; -+ if (!u->sign && v->sign) -+ return 1; -+ if (u->sign && !v->sign) -+ return -1; -+ if (usize != vsize && !u->sign && !v->sign) -+ return usize - vsize; -+ if (usize != vsize && u->sign && v->sign) -+ return vsize + usize; -+ if (!usize) -+ return 0; -+ cmp = mpihelp_cmp(u->d, v->d, usize); -+ if (!cmp) -+ return 0; -+ if ((cmp < 0 ? 1 : 0) == (u->sign ? 1 : 0)) -+ return 1; -+ return -1; -+} -+EXPORT_SYMBOL_GPL(mpi_cmp); --- -1.7.11.4 - - -From 48c4be1c886e51edbbbebdb65421a7ca120a8d21 Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 00:14:18 +0100 -Subject: [PATCH 07/32] KEYS: RSA: Implement signature verification algorithm - [PKCS#1 / RFC3447] - -Implement RSA public key cryptography [PKCS#1 / RFC3447]. At this time, only -the signature verification algorithm is supported. This uses the asymmetric -public key subtype to hold its key data. - -Signed-off-by: David Howells ---- - security/keys/crypto/Kconfig | 7 + - security/keys/crypto/Makefile | 1 + - security/keys/crypto/crypto_rsa.c | 267 ++++++++++++++++++++++++++++++++++++++ - security/keys/crypto/public_key.h | 2 + - 4 files changed, 277 insertions(+) - create mode 100644 security/keys/crypto/crypto_rsa.c - -diff --git a/security/keys/crypto/Kconfig b/security/keys/crypto/Kconfig -index 5f2b8ac..4e3777e 100644 ---- a/security/keys/crypto/Kconfig -+++ b/security/keys/crypto/Kconfig -@@ -15,3 +15,10 @@ config CRYPTO_KEY_PUBLIC_KEY_SUBTYPE - If signature generation and/or verification are to be used, - appropriate hash algorithms (such as SHA-1) must be available. - ENOPKG will be reported if the requisite algorithm is unavailable. -+ -+config CRYPTO_KEY_PKEY_ALGO_RSA -+ tristate "RSA public-key algorithm" -+ depends on CRYPTO_KEY_PUBLIC_KEY_SUBTYPE -+ select MPILIB_EXTRA -+ help -+ This option enables support for the RSA algorithm (PKCS#1, RFC3447). -diff --git a/security/keys/crypto/Makefile b/security/keys/crypto/Makefile -index 6384306..b6b1a5a 100644 ---- a/security/keys/crypto/Makefile -+++ b/security/keys/crypto/Makefile -@@ -6,3 +6,4 @@ obj-$(CONFIG_CRYPTO_KEY_TYPE) += crypto_keys.o - crypto_keys-y := crypto_type.o crypto_verify.o - - obj-$(CONFIG_CRYPTO_KEY_PUBLIC_KEY_SUBTYPE) += public_key.o -+obj-$(CONFIG_CRYPTO_KEY_PKEY_ALGO_RSA) += crypto_rsa.o -diff --git a/security/keys/crypto/crypto_rsa.c b/security/keys/crypto/crypto_rsa.c -new file mode 100644 -index 0000000..6e95e60 ---- /dev/null -+++ b/security/keys/crypto/crypto_rsa.c -@@ -0,0 +1,267 @@ -+/* RSA asymmetric public-key algorithm [RFC3447] -+ * -+ * Copyright (C) 2011 Red Hat, Inc. All Rights Reserved. -+ * Written by David Howells (dhowells@redhat.com) -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public Licence -+ * as published by the Free Software Foundation; either version -+ * 2 of the Licence, or (at your option) any later version. -+ */ -+ -+#define pr_fmt(fmt) "RSA: "fmt -+#include -+#include -+#include "public_key.h" -+ -+MODULE_LICENSE("GPL"); -+ -+#define kenter(FMT, ...) \ -+ pr_devel("==> %s("FMT")\n", __func__, ##__VA_ARGS__) -+#define kleave(FMT, ...) \ -+ pr_devel("<== %s()"FMT"\n", __func__, ##__VA_ARGS__) -+ -+/* -+ * Hash algorithm OIDs plus ASN.1 DER wrappings [RFC4880 sec 5.2.2]. -+ */ -+static const u8 RSA_digest_info_MD5[] = { -+ 0x30, 0x20, 0x30, 0x0C, 0x06, 0x08, -+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, /* OID */ -+ 0x05, 0x00, 0x04, 0x10 -+}; -+ -+static const u8 RSA_digest_info_SHA1[] = { -+ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, -+ 0x2B, 0x0E, 0x03, 0x02, 0x1A, -+ 0x05, 0x00, 0x04, 0x14 -+}; -+ -+static const u8 RSA_digest_info_RIPE_MD_160[] = { -+ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, -+ 0x2B, 0x24, 0x03, 0x02, 0x01, -+ 0x05, 0x00, 0x04, 0x14 -+}; -+ -+static const u8 RSA_digest_info_SHA224[] = { -+ 0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, -+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, -+ 0x05, 0x00, 0x04, 0x1C -+}; -+ -+static const u8 RSA_digest_info_SHA256[] = { -+ 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, -+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, -+ 0x05, 0x00, 0x04, 0x20 -+}; -+ -+static const u8 RSA_digest_info_SHA384[] = { -+ 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, -+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, -+ 0x05, 0x00, 0x04, 0x30 -+}; -+ -+static const u8 RSA_digest_info_SHA512[] = { -+ 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, -+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, -+ 0x05, 0x00, 0x04, 0x40 -+}; -+ -+static const struct { -+ const u8 *data; -+ size_t size; -+} RSA_ASN1_templates[PKEY_HASH__LAST] = { -+#define _(X) { RSA_digest_info_##X, sizeof(RSA_digest_info_##X) } -+ [PKEY_HASH_MD5] = _(MD5), -+ [PKEY_HASH_SHA1] = _(SHA1), -+ [PKEY_HASH_RIPE_MD_160] = _(RIPE_MD_160), -+ [PKEY_HASH_SHA256] = _(SHA256), -+ [PKEY_HASH_SHA384] = _(SHA384), -+ [PKEY_HASH_SHA512] = _(SHA512), -+ [PKEY_HASH_SHA224] = _(SHA224), -+#undef _ -+}; -+ -+/* -+ * RSAVP1() function [RFC3447 sec 5.2.2] -+ */ -+static int RSAVP1(const struct public_key *key, MPI s, MPI *_m) -+{ -+ MPI m; -+ int ret; -+ -+ /* (1) Validate 0 <= s < n */ -+ if (mpi_cmp_ui(s, 0) < 0) { -+ kleave(" = -EBADMSG [s < 0]"); -+ return -EBADMSG; -+ } -+ if (mpi_cmp(s, key->rsa.n) >= 0) { -+ kleave(" = -EBADMSG [s >= n]"); -+ return -EBADMSG; -+ } -+ -+ m = mpi_alloc(0); -+ if (!m) -+ return -ENOMEM; -+ -+ /* (2) m = s^e mod n */ -+ ret = mpi_powm(m, s, key->rsa.e, key->rsa.n); -+ if (ret < 0) { -+ mpi_free(m); -+ return ret; -+ } -+ -+ *_m = m; -+ return 0; -+} -+ -+/* -+ * Integer to Octet String conversion [RFC3447 sec 4.1] -+ */ -+static int RSA_I2OSP(MPI x, size_t xLen, u8 **_X) -+{ -+ unsigned X_size, x_size; -+ int X_sign; -+ u8 *X; -+ -+ /* Make sure the string is the right length. The number should begin -+ * with { 0x00, 0x01, ... } so we have to account for 15 leading zero -+ * bits not being reported by MPI. -+ */ -+ x_size = mpi_get_nbits(x); -+ pr_devel("size(x)=%u xLen*8=%zu\n", x_size, xLen * 8); -+ if (x_size != xLen * 8 - 15) -+ return -ERANGE; -+ -+ X = mpi_get_buffer(x, &X_size, &X_sign); -+ if (!X) -+ return -ENOMEM; -+ if (X_sign < 0) { -+ kfree(X); -+ return -EBADMSG; -+ } -+ if (X_size != xLen - 1) { -+ kfree(X); -+ return -EBADMSG; -+ } -+ -+ *_X = X; -+ return 0; -+} -+ -+/* -+ * Perform the RSA signature verification. -+ * @H: Value of hash of data and metadata -+ * @EM: The computed signature value -+ * @k: The size of EM (EM[0] is an invalid location but should hold 0x00) -+ * @hash_size: The size of H -+ * @asn1_template: The DigestInfo ASN.1 template -+ * @asn1_size: Size of asm1_template[] -+ */ -+static int RSA_verify(const u8 *H, const u8 *EM, size_t k, size_t hash_size, -+ const u8 *asn1_template, size_t asn1_size) -+{ -+ unsigned PS_end, T_offset, i; -+ -+ kenter(",,%zu,%zu,%zu", k, hash_size, asn1_size); -+ -+ if (k < 2 + 1 + asn1_size + hash_size) -+ return -EBADMSG; -+ -+ /* Decode the EMSA-PKCS1-v1_5 */ -+ if (EM[1] != 0x01) { -+ kleave(" = -EBADMSG [EM[1] == %02u]", EM[1]); -+ return -EBADMSG; -+ } -+ -+ T_offset = k - (asn1_size + hash_size); -+ PS_end = T_offset - 1; -+ if (EM[PS_end] != 0x00) { -+ kleave(" = -EBADMSG [EM[T-1] == %02u]", EM[PS_end]); -+ return -EBADMSG; -+ } -+ -+ for (i = 2; i < PS_end; i++) { -+ if (EM[i] != 0xff) { -+ kleave(" = -EBADMSG [EM[PS%x] == %02u]", i - 2, EM[i]); -+ return -EBADMSG; -+ } -+ } -+ -+ if (memcmp(asn1_template, EM + T_offset, asn1_size) != 0) { -+ kleave(" = -EBADMSG [EM[T] ASN.1 mismatch]"); -+ return -EBADMSG; -+ } -+ -+ if (memcmp(H, EM + T_offset + asn1_size, hash_size) != 0) { -+ kleave(" = -EKEYREJECTED [EM[T] hash mismatch]"); -+ return -EKEYREJECTED; -+ } -+ -+ kleave(" = 0"); -+ return 0; -+} -+ -+/* -+ * Perform the verification step [RFC3447 sec 8.2.2]. -+ */ -+static int RSA_verify_signature(const struct public_key *key, -+ const struct public_key_signature *sig) -+{ -+ size_t tsize; -+ int ret; -+ -+ /* Variables as per RFC3447 sec 8.2.2 */ -+ const u8 *H = sig->digest; -+ u8 *EM = NULL; -+ MPI m = NULL; -+ size_t k; -+ -+ kenter(""); -+ -+ if (!RSA_ASN1_templates[sig->pkey_hash_algo].data) -+ return -ENOTSUPP; -+ -+ /* (1) Check the signature size against the public key modulus size */ -+ k = (mpi_get_nbits(key->rsa.n) + 7) / 8; -+ -+ tsize = (mpi_get_nbits(sig->rsa.s) + 7) / 8; -+ pr_devel("step 1: k=%zu size(S)=%zu\n", k, tsize); -+ if (tsize != k) { -+ ret = -EBADMSG; -+ goto error; -+ } -+ -+ /* (2b) Apply the RSAVP1 verification primitive to the public key */ -+ ret = RSAVP1(key, sig->rsa.s, &m); -+ if (ret < 0) -+ goto error; -+ -+ /* (2c) Convert the message representative (m) to an encoded message -+ * (EM) of length k octets. -+ * -+ * NOTE! The leading zero byte is suppressed by MPI, so we pass a -+ * pointer to the _preceding_ byte to RSA_verify()! -+ */ -+ ret = RSA_I2OSP(m, k, &EM); -+ if (ret < 0) -+ goto error; -+ -+ ret = RSA_verify(H, EM - 1, k, sig->digest_size, -+ RSA_ASN1_templates[sig->pkey_hash_algo].data, -+ RSA_ASN1_templates[sig->pkey_hash_algo].size); -+ -+error: -+ kfree(EM); -+ mpi_free(m); -+ kleave(" = %d", ret); -+ return ret; -+} -+ -+const struct public_key_algorithm RSA_public_key_algorithm = { -+ .name = "RSA", -+ .n_pub_mpi = 2, -+ .n_sec_mpi = 3, -+ .n_sig_mpi = 1, -+ .verify = RSA_verify_signature, -+}; -+EXPORT_SYMBOL_GPL(RSA_public_key_algorithm); -diff --git a/security/keys/crypto/public_key.h b/security/keys/crypto/public_key.h -index 228090d..947817b 100644 ---- a/security/keys/crypto/public_key.h -+++ b/security/keys/crypto/public_key.h -@@ -61,6 +61,8 @@ struct public_key_algorithm { - const struct public_key_signature *sig); - }; - -+extern const struct public_key_algorithm RSA_public_key_algorithm; -+ - /* - * Asymmetric public key data - */ --- -1.7.11.4 - - -From 311305a6e970236bd30d8942552a26e6f93730ce Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 00:14:19 +0100 -Subject: [PATCH 08/32] KEYS: RSA: Fix signature verification for shorter - signatures - -gpg can produce a signature file where length of signature is less than the -modulus size because the amount of space an MPI takes up is kept as low as -possible by discarding leading zeros. This regularly happens for several -modules during the build. - -Fix it by relaxing check in RSA verification code. - -Thanks to Tomas Mraz and Miloslav Trmac for help. - -Signed-off-by: Milan Broz -Signed-off-by: David Howells ---- - security/keys/crypto/crypto_rsa.c | 14 +++++++++++--- - 1 file changed, 11 insertions(+), 3 deletions(-) - -diff --git a/security/keys/crypto/crypto_rsa.c b/security/keys/crypto/crypto_rsa.c -index 6e95e60..796ed1d 100644 ---- a/security/keys/crypto/crypto_rsa.c -+++ b/security/keys/crypto/crypto_rsa.c -@@ -222,15 +222,23 @@ static int RSA_verify_signature(const struct public_key *key, - return -ENOTSUPP; - - /* (1) Check the signature size against the public key modulus size */ -- k = (mpi_get_nbits(key->rsa.n) + 7) / 8; -+ k = mpi_get_nbits(key->rsa.n); -+ tsize = mpi_get_nbits(sig->rsa.s); - -- tsize = (mpi_get_nbits(sig->rsa.s) + 7) / 8; -+ /* According to RFC 4880 sec 3.2, length of MPI is computed starting -+ * from most significant bit. So the RFC 3447 sec 8.2.2 size check -+ * must be relaxed to conform with shorter signatures - so we fail here -+ * only if signature length is longer than modulus size. -+ */ - pr_devel("step 1: k=%zu size(S)=%zu\n", k, tsize); -- if (tsize != k) { -+ if (k < tsize) { - ret = -EBADMSG; - goto error; - } - -+ /* Round up and convert to octets */ -+ k = (k + 7) / 8; -+ - /* (2b) Apply the RSAVP1 verification primitive to the public key */ - ret = RSAVP1(key, sig->rsa.s, &m); - if (ret < 0) --- -1.7.11.4 - - -From a9b954d2c225dc99ecc319ea760576f525f0a623 Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 00:14:19 +0100 -Subject: [PATCH 09/32] PGPLIB: PGP definitions (RFC 4880) - -Provide some useful PGP definitions from RFC 4880. These describe details of -public key crypto as used by crypto keys for things like signature -verification. - -Signed-off-by: David Howells ---- - include/linux/pgp.h | 206 ++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 206 insertions(+) - create mode 100644 include/linux/pgp.h - -diff --git a/include/linux/pgp.h b/include/linux/pgp.h -new file mode 100644 -index 0000000..1359f64 ---- /dev/null -+++ b/include/linux/pgp.h -@@ -0,0 +1,206 @@ -+/* PGP definitions (RFC 4880) -+ * -+ * Copyright (C) 2011 Red Hat, Inc. All Rights Reserved. -+ * Written by David Howells (dhowells@redhat.com) -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public Licence -+ * as published by the Free Software Foundation; either version -+ * 2 of the Licence, or (at your option) any later version. -+ */ -+ -+#ifndef _LINUX_PGP_H -+#define _LINUX_PGP_H -+ -+#include -+ -+struct pgp_key_ID { -+ u8 id[8]; -+}; -+ -+struct pgp_time { -+ u8 time[4]; -+}; -+ -+/* -+ * PGP public-key algorithm identifiers [RFC4880: 9.1] -+ */ -+enum pgp_pubkey_algo { -+ PGP_PUBKEY_RSA_ENC_OR_SIG = 1, -+ PGP_PUBKEY_RSA_ENC_ONLY = 2, -+ PGP_PUBKEY_RSA_SIG_ONLY = 3, -+ PGP_PUBKEY_ELGAMAL = 16, -+ PGP_PUBKEY_DSA = 17, -+ PGP_PUBKEY__LAST -+}; -+ -+/* -+ * PGP symmetric-key algorithm identifiers [RFC4880: 9.2] -+ */ -+enum pgp_symkey_algo { -+ PGP_SYMKEY_PLAINTEXT = 0, -+ PGP_SYMKEY_IDEA = 1, -+ PGP_SYMKEY_3DES = 2, -+ PGP_SYMKEY_CAST5 = 3, -+ PGP_SYMKEY_BLOWFISH = 4, -+ PGP_SYMKEY_AES_128KEY = 7, -+ PGP_SYMKEY_AES_192KEY = 8, -+ PGP_SYMKEY_AES_256KEY = 9, -+ PGP_SYMKEY_TWOFISH_256KEY = 10, -+}; -+ -+/* -+ * PGP compression algorithm identifiers [RFC4880: 9.3] -+ */ -+enum pgp_compr_algo { -+ PGP_COMPR_UNCOMPRESSED = 0, -+ PGP_COMPR_ZIP = 1, -+ PGP_COMPR_ZLIB = 2, -+ PGP_COMPR_BZIP2 = 3, -+}; -+ -+/* -+ * PGP hash algorithm identifiers [RFC4880: 9.4] -+ */ -+enum pgp_hash_algo { -+ PGP_HASH_MD5 = 1, -+ PGP_HASH_SHA1 = 2, -+ PGP_HASH_RIPE_MD_160 = 3, -+ PGP_HASH_SHA256 = 8, -+ PGP_HASH_SHA384 = 9, -+ PGP_HASH_SHA512 = 10, -+ PGP_HASH_SHA224 = 11, -+ PGP_HASH__LAST -+}; -+ -+extern const char *const pgp_hash_algorithms[PGP_HASH__LAST]; -+ -+/* -+ * PGP packet type tags [RFC4880: 4.3]. -+ */ -+enum pgp_packet_tag { -+ PGP_PKT_RESERVED = 0, -+ PGP_PKT_PUBKEY_ENC_SESSION_KEY = 1, -+ PGP_PKT_SIGNATURE = 2, -+ PGP_PKT_SYMKEY_ENC_SESSION_KEY = 3, -+ PGP_PKT_ONEPASS_SIGNATURE = 4, -+ PGP_PKT_SECRET_KEY = 5, -+ PGP_PKT_PUBLIC_KEY = 6, -+ PGP_PKT_SECRET_SUBKEY = 7, -+ PGP_PKT_COMPRESSED_DATA = 8, -+ PGP_PKT_SYM_ENC_DATA = 9, -+ PGP_PKT_MARKER = 10, -+ PGP_PKT_LITERAL_DATA = 11, -+ PGP_PKT_TRUST = 12, -+ PGP_PKT_USER_ID = 13, -+ PGP_PKT_PUBLIC_SUBKEY = 14, -+ PGP_PKT_USER_ATTRIBUTE = 17, -+ PGP_PKT_SYM_ENC_AND_INTEG_DATA = 18, -+ PGP_PKT_MODIFY_DETECT_CODE = 19, -+ PGP_PKT_PRIVATE_0 = 60, -+ PGP_PKT_PRIVATE_3 = 63, -+ PGP_PKT__HIGHEST = 63 -+}; -+ -+/* -+ * Signature (tag 2) packet [RFC4880: 5.2]. -+ */ -+enum pgp_signature_version { -+ PGP_SIG_VERSION_3 = 3, -+ PGP_SIG_VERSION_4 = 4, -+}; -+ -+enum pgp_signature_type { -+ PGP_SIG_BINARY_DOCUMENT_SIG = 0x00, -+ PGP_SIG_CANONICAL_TEXT_DOCUMENT_SIG = 0x01, -+ PGP_SIG_STANDALONE_SIG = 0x02, -+ PGP_SIG_GENERAL_CERT_OF_UID_PUBKEY = 0x10, -+ PGP_SIG_PERSONAL_CERT_OF_UID_PUBKEY = 0x11, -+ PGP_SIG_CASUAL_CERT_OF_UID_PUBKEY = 0x12, -+ PGP_SIG_POSTITIVE_CERT_OF_UID_PUBKEY = 0x13, -+ PGP_SIG_SUBKEY_BINDING_SIG = 0x18, -+ PGP_SIG_PRIMARY_KEY_BINDING_SIG = 0x19, -+ PGP_SIG_DIRECTLY_ON_KEY = 0x1F, -+ PGP_SIG_KEY_REVOCATION_SIG = 0x20, -+ PGP_SIG_SUBKEY_REVOCATION_SIG = 0x28, -+ PGP_SIG_CERT_REVOCATION_SIG = 0x30, -+ PGP_SIG_TIMESTAMP_SIG = 0x40, -+ PGP_SIG_THIRD_PARTY_CONFIRM_SIG = 0x50, -+}; -+ -+struct pgp_signature_v3_packet { -+ enum pgp_signature_version version : 8; /* == PGP_SIG_VERSION_3 */ -+ u8 length_of_hashed; /* == 5 */ -+ struct { -+ enum pgp_signature_type signature_type : 8; -+ struct pgp_time creation_time; -+ } hashed; -+ struct pgp_key_ID issuer; -+ enum pgp_pubkey_algo pubkey_algo : 8; -+ enum pgp_hash_algo hash_algo : 8; -+} __packed; -+ -+struct pgp_signature_v4_packet { -+ enum pgp_signature_version version : 8; /* == PGP_SIG_VERSION_4 */ -+ enum pgp_signature_type signature_type : 8; -+ enum pgp_pubkey_algo pubkey_algo : 8; -+ enum pgp_hash_algo hash_algo : 8; -+} __packed; -+ -+/* -+ * V4 signature subpacket types [RFC4880: 5.2.3.1]. -+ */ -+enum pgp_sig_subpkt_type { -+ PGP_SIG_CREATION_TIME = 2, -+ PGP_SIG_EXPIRATION_TIME = 3, -+ PGP_SIG_EXPORTABLE_CERT = 4, -+ PGP_SIG_TRUST_SIG = 5, -+ PGP_SIG_REGEXP = 6, -+ PGP_SIG_REVOCABLE = 7, -+ PGP_SIG_KEY_EXPIRATION_TIME = 9, -+ PGP_SIG_PREF_SYM_ALGO = 11, -+ PGP_SIG_REVOCATION_KEY = 12, -+ PGP_SIG_ISSUER = 16, -+ PGP_SIG_NOTATION_DATA = 20, -+ PGP_SIG_PREF_HASH_ALGO = 21, -+ PGP_SIG_PREF_COMPR_ALGO = 22, -+ PGP_SIG_KEY_SERVER_PREFS = 23, -+ PGP_SIG_PREF_KEY_SERVER = 24, -+ PGP_SIG_PRIMARY_USER_ID = 25, -+ PGP_SIG_POLICY_URI = 26, -+ PGP_SIG_KEY_FLAGS = 27, -+ PGP_SIG_SIGNERS_USER_ID = 28, -+ PGP_SIG_REASON_FOR_REVOCATION = 29, -+ PGP_SIG_FEATURES = 30, -+ PGP_SIG_TARGET = 31, -+ PGP_SIG_EMBEDDED_SIG = 32, -+ PGP_SIG__LAST -+}; -+ -+#define PGP_SIG_SUBPKT_TYPE_CRITICAL_MASK 0x80 -+ -+/* -+ * Key (tag 5, 6, 7 and 14) packet -+ */ -+enum pgp_key_version { -+ PGP_KEY_VERSION_2 = 2, -+ PGP_KEY_VERSION_3 = 3, -+ PGP_KEY_VERSION_4 = 4, -+}; -+ -+struct pgp_key_v3_packet { -+ enum pgp_key_version version : 8; -+ struct pgp_time creation_time; -+ u8 expiry[2]; /* 0 or time in days till expiry */ -+ enum pgp_pubkey_algo pubkey_algo : 8; -+ u8 key_material[0]; -+} __packed; -+ -+struct pgp_key_v4_packet { -+ enum pgp_key_version version : 8; -+ struct pgp_time creation_time; -+ enum pgp_pubkey_algo pubkey_algo : 8; -+ u8 key_material[0]; -+} __packed; -+ -+#endif /* _LINUX_PGP_H */ --- -1.7.11.4 - - -From 1937e5a7e8ae1abdb7f1dc72f7b128e33c31d644 Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 01:33:13 +0100 -Subject: [PATCH 10/32] PGPLIB: Basic packet parser - -Provide a simple parser that extracts the packets from a PGP packet blob and -passes the desirous ones to the given processor function: - - struct pgp_parse_context { - u64 types_of_interest; - int (*process_packet)(struct pgp_parse_context *context, - enum pgp_packet_tag type, - u8 headerlen, - const u8 *data, - size_t datalen); - }; - - int pgp_parse_packets(const u8 *data, size_t datalen, - struct pgp_parse_context *ctx); - -This is configured on with CONFIG_PGP_LIBRARY. - -Signed-off-by: David Howells ---- - include/linux/pgplib.h | 47 +++++++ - security/keys/crypto/Kconfig | 6 + - security/keys/crypto/Makefile | 1 + - security/keys/crypto/pgp_library.c | 268 +++++++++++++++++++++++++++++++++++++ - 4 files changed, 322 insertions(+) - create mode 100644 include/linux/pgplib.h - create mode 100644 security/keys/crypto/pgp_library.c - -diff --git a/include/linux/pgplib.h b/include/linux/pgplib.h -new file mode 100644 -index 0000000..a045b3a ---- /dev/null -+++ b/include/linux/pgplib.h -@@ -0,0 +1,47 @@ -+/* PGP library definitions (RFC 4880) -+ * -+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. -+ * Written by David Howells (dhowells@redhat.com) -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public Licence -+ * as published by the Free Software Foundation; either version -+ * 2 of the Licence, or (at your option) any later version. -+ */ -+ -+#ifndef _LINUX_PGPLIB_H -+#define _LINUX_PGPLIB_H -+ -+#if defined(CONFIG_PGP_LIBRARY) || defined(CONFIG_PGP_LIBRARY_MODULE) -+ -+#include -+ -+/* -+ * PGP library packet parser -+ */ -+struct pgp_parse_context { -+ u64 types_of_interest; -+ int (*process_packet)(struct pgp_parse_context *context, -+ enum pgp_packet_tag type, -+ u8 headerlen, -+ const u8 *data, -+ size_t datalen); -+}; -+ -+extern int pgp_parse_packets(const u8 *data, size_t datalen, -+ struct pgp_parse_context *ctx); -+ -+struct pgp_parse_pubkey { -+ enum pgp_key_version version : 8; -+ enum pgp_pubkey_algo pubkey_algo : 8; -+ time_t creation_time; -+ time_t expires_at; -+}; -+ -+extern int pgp_parse_public_key(const u8 **_data, size_t *_datalen, -+ struct pgp_parse_pubkey *pk); -+ -+ -+#endif /* CONFIG_PGP_LIBRARY */ -+ -+#endif /* _LINUX_PGPLIB_H */ -diff --git a/security/keys/crypto/Kconfig b/security/keys/crypto/Kconfig -index 4e3777e..88ce0e2 100644 ---- a/security/keys/crypto/Kconfig -+++ b/security/keys/crypto/Kconfig -@@ -22,3 +22,9 @@ config CRYPTO_KEY_PKEY_ALGO_RSA - select MPILIB_EXTRA - help - This option enables support for the RSA algorithm (PKCS#1, RFC3447). -+ -+config PGP_LIBRARY -+ tristate "PGP parsing library" -+ help -+ This option enables a library that provides a number of simple -+ utility functions for parsing PGP (RFC 4880) packet-based messages. -diff --git a/security/keys/crypto/Makefile b/security/keys/crypto/Makefile -index b6b1a5a..5fbe54e 100644 ---- a/security/keys/crypto/Makefile -+++ b/security/keys/crypto/Makefile -@@ -7,3 +7,4 @@ crypto_keys-y := crypto_type.o crypto_verify.o - - obj-$(CONFIG_CRYPTO_KEY_PUBLIC_KEY_SUBTYPE) += public_key.o - obj-$(CONFIG_CRYPTO_KEY_PKEY_ALGO_RSA) += crypto_rsa.o -+obj-$(CONFIG_PGP_LIBRARY) += pgp_library.o -diff --git a/security/keys/crypto/pgp_library.c b/security/keys/crypto/pgp_library.c -new file mode 100644 -index 0000000..39d2878 ---- /dev/null -+++ b/security/keys/crypto/pgp_library.c -@@ -0,0 +1,268 @@ -+/* PGP packet parser (RFC 4880) -+ * -+ * Copyright (C) 2011 Red Hat, Inc. All Rights Reserved. -+ * Written by David Howells (dhowells@redhat.com) -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public Licence -+ * as published by the Free Software Foundation; either version -+ * 2 of the Licence, or (at your option) any later version. -+ */ -+#define pr_fmt(fmt) "PGP: "fmt -+#include -+#include -+#include -+#include -+ -+MODULE_LICENSE("GPL"); -+ -+const char *const pgp_hash_algorithms[PGP_HASH__LAST] = { -+ [PGP_HASH_MD5] = "md5", -+ [PGP_HASH_SHA1] = "sha1", -+ [PGP_HASH_RIPE_MD_160] = "rmd160", -+ [PGP_HASH_SHA256] = "sha256", -+ [PGP_HASH_SHA384] = "sha384", -+ [PGP_HASH_SHA512] = "sha512", -+ [PGP_HASH_SHA224] = "sha224", -+}; -+EXPORT_SYMBOL_GPL(pgp_hash_algorithms); -+ -+/** -+ * pgp_parse_packet_header - Parse a PGP packet header -+ * @_data: Start of the PGP packet (updated to PGP packet data) -+ * @_datalen: Amount of data remaining in buffer (decreased) -+ * @_type: Where the packet type will be returned -+ * @_headerlen: Where the header length will be returned -+ * -+ * Parse a set of PGP packet header [RFC 4880: 4.2]. -+ * -+ * Returns packet data size on success; non-zero on error. If successful, -+ * *_data and *_datalen will have been updated and *_headerlen will be set to -+ * hold the length of the packet header. -+ */ -+static ssize_t pgp_parse_packet_header(const u8 **_data, size_t *_datalen, -+ enum pgp_packet_tag *_type, -+ u8 *_headerlen) -+{ -+ enum pgp_packet_tag type; -+ const u8 *data = *_data; -+ size_t size, datalen = *_datalen; -+ -+ pr_devel("-->pgp_parse_packet_header(,%zu,,)\n", datalen); -+ -+ if (datalen < 2) -+ goto short_packet; -+ -+ pr_devel("pkthdr %02x, %02x\n", data[0], data[1]); -+ -+ type = *data++; -+ datalen--; -+ if (!(type & 0x80)) { -+ pr_debug("Packet type does not have MSB set\n"); -+ return -EBADMSG; -+ } -+ type &= ~0x80; -+ -+ if (type & 0x40) { -+ /* New packet length format */ -+ type &= ~0x40; -+ pr_devel("new format: t=%u\n", type); -+ switch (data[0]) { -+ case 0x00 ... 0xbf: -+ /* One-byte length */ -+ size = data[0]; -+ data++; -+ datalen--; -+ *_headerlen = 2; -+ break; -+ case 0xc0 ... 0xdf: -+ /* Two-byte length */ -+ if (datalen < 2) -+ goto short_packet; -+ size = (data[0] - 192) * 256; -+ size += data[1] + 192; -+ data += 2; -+ datalen -= 2; -+ *_headerlen = 3; -+ break; -+ case 0xff: -+ /* Five-byte length */ -+ if (datalen < 5) -+ goto short_packet; -+ size = data[1] << 24; -+ size |= data[2] << 16; -+ size |= data[3] << 8; -+ size |= data[4]; -+ data += 5; -+ datalen -= 5; -+ *_headerlen = 6; -+ break; -+ default: -+ pr_debug("Partial body length packet not supported\n"); -+ return -EBADMSG; -+ } -+ } else { -+ /* Old packet length format */ -+ u8 length_type = type & 0x03; -+ type >>= 2; -+ pr_devel("old format: t=%u lt=%u\n", type, length_type); -+ -+ switch (length_type) { -+ case 0: -+ /* One-byte length */ -+ size = data[0]; -+ data++; -+ datalen--; -+ *_headerlen = 2; -+ break; -+ case 1: -+ /* Two-byte length */ -+ if (datalen < 2) -+ goto short_packet; -+ size = data[0] << 8; -+ size |= data[1]; -+ data += 2; -+ datalen -= 2; -+ *_headerlen = 3; -+ break; -+ case 2: -+ /* Four-byte length */ -+ if (datalen < 4) -+ goto short_packet; -+ size = data[0] << 24; -+ size |= data[1] << 16; -+ size |= data[2] << 8; -+ size |= data[3]; -+ data += 4; -+ datalen -= 4; -+ *_headerlen = 5; -+ break; -+ default: -+ pr_debug("Indefinite length packet not supported\n"); -+ return -EBADMSG; -+ } -+ } -+ -+ pr_devel("datalen=%zu size=%zu", datalen, size); -+ if (datalen < size) -+ goto short_packet; -+ if ((int)size < 0) -+ goto too_big; -+ -+ *_data = data; -+ *_datalen = datalen; -+ *_type = type; -+ pr_devel("Found packet type=%u size=%zd\n", type, size); -+ return size; -+ -+short_packet: -+ pr_debug("Attempt to parse short packet\n"); -+ return -EBADMSG; -+too_big: -+ pr_debug("Signature subpacket size >2G\n"); -+ return -EMSGSIZE; -+} -+ -+/** -+ * pgp_parse_packets - Parse a set of PGP packets -+ * @_data: Data to be parsed (updated) -+ * @_datalen: Amount of data (updated) -+ * @ctx: Parsing context -+ * -+ * Parse a set of PGP packets [RFC 4880: 4]. -+ */ -+int pgp_parse_packets(const u8 *data, size_t datalen, -+ struct pgp_parse_context *ctx) -+{ -+ enum pgp_packet_tag type; -+ ssize_t pktlen; -+ u8 headerlen; -+ int ret; -+ -+ while (datalen > 2) { -+ pktlen = pgp_parse_packet_header(&data, &datalen, &type, -+ &headerlen); -+ if (pktlen < 0) -+ return pktlen; -+ -+ if ((ctx->types_of_interest >> type) & 1) { -+ ret = ctx->process_packet(ctx, type, headerlen, -+ data, pktlen); -+ if (ret < 0) -+ return ret; -+ } -+ data += pktlen; -+ datalen -= pktlen; -+ } -+ -+ if (datalen != 0) { -+ pr_debug("Excess octets in packet stream\n"); -+ return -EBADMSG; -+ } -+ -+ return 0; -+} -+EXPORT_SYMBOL_GPL(pgp_parse_packets); -+ -+/** -+ * pgp_parse_public_key - Parse the common part of a PGP pubkey packet -+ * @_data: Content of packet (updated) -+ * @_datalen: Length of packet remaining (updated) -+ * @pk: Public key data -+ * -+ * Parse the common data struct for a PGP pubkey packet [RFC 4880: 5.5.2]. -+ */ -+int pgp_parse_public_key(const u8 **_data, size_t *_datalen, -+ struct pgp_parse_pubkey *pk) -+{ -+ const u8 *data = *_data; -+ size_t datalen = *_datalen; -+ __be32 tmp; -+ -+ if (datalen < 12) { -+ pr_debug("Public key packet too short\n"); -+ return -EBADMSG; -+ } -+ -+ pk->version = *data++; -+ switch (pk->version) { -+ case PGP_KEY_VERSION_2: -+ case PGP_KEY_VERSION_3: -+ case PGP_KEY_VERSION_4: -+ break; -+ default: -+ pr_debug("Public key packet with unhandled version %d\n", -+ pk->version); -+ return -EBADMSG; -+ } -+ -+ tmp = *data++ << 24; -+ tmp |= *data++ << 16; -+ tmp |= *data++ << 8; -+ tmp |= *data++; -+ pk->creation_time = tmp; -+ if (pk->version == PGP_KEY_VERSION_4) { -+ pk->expires_at = 0; /* Have to get it from the selfsignature */ -+ } else { -+ unsigned short ndays; -+ ndays = *data++ << 8; -+ ndays |= *data++; -+ if (ndays) -+ pk->expires_at = pk->creation_time + ndays * 86400UL; -+ else -+ pk->expires_at = 0; -+ datalen -= 2; -+ } -+ -+ pk->pubkey_algo = *data++; -+ datalen -= 6; -+ -+ pr_devel("%x,%x,%lx,%lx", -+ pk->version, pk->pubkey_algo, pk->creation_time, -+ pk->expires_at); -+ -+ *_data = data; -+ *_datalen = datalen; -+ return 0; -+} -+EXPORT_SYMBOL_GPL(pgp_parse_public_key); --- -1.7.11.4 - - -From 3379efc21d2ecc93de135e3265baabbe1f326d5a Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 01:33:17 +0100 -Subject: [PATCH 11/32] PGPLIB: Signature parser - -Provide some PGP signature parsing helpers: - - (1) A function to parse V4 signature subpackets and pass the desired ones to - a processor function: - - int pgp_parse_sig_subpkts(const u8 *data, size_t datalen, - struct pgp_parse_sig_context *ctx); - - (2) A function to parse out basic signature parameters from any PGP signature - such that the algorithms and public key can be selected: - - int pgp_parse_sig_params(const u8 **_data, size_t *_datalen, - struct pgp_sig_parameters *p); - -Signed-off-by: David Howells ---- - include/linux/pgplib.h | 25 ++++ - security/keys/crypto/pgp_library.c | 280 +++++++++++++++++++++++++++++++++++++ - 2 files changed, 305 insertions(+) - -diff --git a/include/linux/pgplib.h b/include/linux/pgplib.h -index a045b3a..34594a9 100644 ---- a/include/linux/pgplib.h -+++ b/include/linux/pgplib.h -@@ -41,6 +41,31 @@ struct pgp_parse_pubkey { - extern int pgp_parse_public_key(const u8 **_data, size_t *_datalen, - struct pgp_parse_pubkey *pk); - -+struct pgp_parse_sig_context { -+ unsigned long types_of_interest[128 / BITS_PER_LONG]; -+ int (*process_packet)(struct pgp_parse_sig_context *context, -+ enum pgp_sig_subpkt_type type, -+ const u8 *data, -+ size_t datalen); -+}; -+ -+extern int pgp_parse_sig_packets(const u8 *data, size_t datalen, -+ struct pgp_parse_sig_context *ctx); -+ -+struct pgp_sig_parameters { -+ enum pgp_signature_version version : 8; -+ enum pgp_signature_type signature_type : 8; -+ enum pgp_pubkey_algo pubkey_algo : 8; -+ enum pgp_hash_algo hash_algo : 8; -+ union { -+ struct pgp_key_ID issuer; -+ __be32 issuer32[2]; -+ }; -+}; -+ -+extern int pgp_parse_sig_params(const u8 **_data, size_t *_datalen, -+ struct pgp_sig_parameters *p); -+ - - #endif /* CONFIG_PGP_LIBRARY */ - -diff --git a/security/keys/crypto/pgp_library.c b/security/keys/crypto/pgp_library.c -index 39d2878..50b7fa0 100644 ---- a/security/keys/crypto/pgp_library.c -+++ b/security/keys/crypto/pgp_library.c -@@ -266,3 +266,283 @@ int pgp_parse_public_key(const u8 **_data, size_t *_datalen, - return 0; - } - EXPORT_SYMBOL_GPL(pgp_parse_public_key); -+ -+/** -+ * pgp_parse_sig_subpkt_header - Parse a PGP V4 signature subpacket header -+ * @_data: Start of the subpacket (updated to subpacket data) -+ * @_datalen: Amount of data remaining in buffer (decreased) -+ * @_type: Where the subpacket type will be returned -+ * -+ * Parse a PGP V4 signature subpacket header [RFC 4880: 5.2.3.1]. -+ * -+ * Returns packet data size on success; non-zero on error. If successful, -+ * *_data and *_datalen will have been updated and *_headerlen will be set to -+ * hold the length of the packet header. -+ */ -+static ssize_t pgp_parse_sig_subpkt_header(const u8 **_data, size_t *_datalen, -+ enum pgp_sig_subpkt_type *_type) -+{ -+ enum pgp_sig_subpkt_type type; -+ const u8 *data = *_data; -+ size_t size, datalen = *_datalen; -+ -+ pr_devel("-->pgp_parse_sig_subpkt_header(,%zu,,)", datalen); -+ -+ if (datalen < 2) -+ goto short_subpacket; -+ -+ pr_devel("subpkt hdr %02x, %02x\n", data[0], data[1]); -+ -+ switch (data[0]) { -+ case 0x00 ... 0xbf: -+ /* One-byte length */ -+ size = data[0]; -+ data++; -+ datalen--; -+ break; -+ case 0xc0 ... 0xfe: -+ /* Two-byte length */ -+ if (datalen < 3) -+ goto short_subpacket; -+ size = (data[0] - 192) * 256; -+ size += data[1] + 192; -+ data += 2; -+ datalen -= 2; -+ break; -+ case 0xff: -+ if (datalen < 6) -+ goto short_subpacket; -+ size = data[1] << 24; -+ size |= data[2] << 16; -+ size |= data[3] << 8; -+ size |= data[4]; -+ data += 5; -+ datalen -= 5; -+ break; -+ } -+ -+ /* The type octet is included in the size */ -+ pr_devel("datalen=%zu size=%zu", datalen, size); -+ if (datalen < size) -+ goto short_subpacket; -+ if (size == 0) -+ goto very_short_subpacket; -+ if ((int)size < 0) -+ goto too_big; -+ -+ type = *data++ & ~PGP_SIG_SUBPKT_TYPE_CRITICAL_MASK; -+ datalen--; -+ size--; -+ -+ *_data = data; -+ *_datalen = datalen; -+ *_type = type; -+ pr_devel("Found subpkt type=%u size=%zd\n", type, size); -+ return size; -+ -+very_short_subpacket: -+ pr_debug("Signature subpacket size can't be zero\n"); -+ return -EBADMSG; -+short_subpacket: -+ pr_debug("Attempt to parse short signature subpacket\n"); -+ return -EBADMSG; -+too_big: -+ pr_debug("Signature subpacket size >2G\n"); -+ return -EMSGSIZE; -+} -+ -+/** -+ * pgp_parse_sig_subpkts - Parse a set of PGP V4 signatute subpackets -+ * @_data: Data to be parsed (updated) -+ * @_datalen: Amount of data (updated) -+ * @ctx: Parsing context -+ * -+ * Parse a set of PGP signature subpackets [RFC 4880: 5.2.3]. -+ */ -+static int pgp_parse_sig_subpkts(const u8 *data, size_t datalen, -+ struct pgp_parse_sig_context *ctx) -+{ -+ enum pgp_sig_subpkt_type type; -+ ssize_t pktlen; -+ int ret; -+ -+ pr_devel("-->pgp_parse_sig_subpkts(,%zu,,)", datalen); -+ -+ while (datalen > 2) { -+ pktlen = pgp_parse_sig_subpkt_header(&data, &datalen, &type); -+ if (pktlen < 0) -+ return pktlen; -+ if (test_bit(type, ctx->types_of_interest)) { -+ ret = ctx->process_packet(ctx, type, data, pktlen); -+ if (ret < 0) -+ return ret; -+ } -+ data += pktlen; -+ datalen -= pktlen; -+ } -+ -+ if (datalen != 0) { -+ pr_debug("Excess octets in signature subpacket stream\n"); -+ return -EBADMSG; -+ } -+ -+ return 0; -+} -+ -+struct pgp_parse_sig_params_ctx { -+ struct pgp_parse_sig_context base; -+ struct pgp_sig_parameters *params; -+ bool got_the_issuer; -+}; -+ -+/* -+ * Process a V4 signature subpacket. -+ */ -+static int pgp_process_sig_params_subpkt(struct pgp_parse_sig_context *context, -+ enum pgp_sig_subpkt_type type, -+ const u8 *data, -+ size_t datalen) -+{ -+ struct pgp_parse_sig_params_ctx *ctx = -+ container_of(context, struct pgp_parse_sig_params_ctx, base); -+ -+ if (ctx->got_the_issuer) { -+ pr_debug("V4 signature packet has multiple issuers\n"); -+ return -EBADMSG; -+ } -+ -+ if (datalen != 8) { -+ pr_debug("V4 signature issuer subpkt not 8 long (%zu)\n", -+ datalen); -+ return -EBADMSG; -+ } -+ -+ memcpy(&ctx->params->issuer, data, 8); -+ ctx->got_the_issuer = true; -+ return 0; -+} -+ -+/** -+ * pgp_parse_sig_params - Parse basic parameters from a PGP signature packet -+ * @_data: Content of packet (updated) -+ * @_datalen: Length of packet remaining (updated) -+ * @p: The basic parameters -+ * -+ * Parse the basic parameters from a PGP signature packet [RFC 4880: 5.2] that -+ * are needed to start off a signature verification operation. The only ones -+ * actually necessary are the signature type (which affects how the data is -+ * transformed) and the hash algorithm. -+ * -+ * We also extract the public key algorithm and the issuer's key ID as we'll -+ * need those to determine if we actually have the public key available. If -+ * not, then we can't verify the signature anyway. -+ * -+ * Returns 0 if successful or a negative error code. *_data and *_datalen are -+ * updated to point to the 16-bit subset of the hash value and the set of MPIs. -+ */ -+int pgp_parse_sig_params(const u8 **_data, size_t *_datalen, -+ struct pgp_sig_parameters *p) -+{ -+ const u8 *data = *_data; -+ size_t datalen = *_datalen; -+ int ret; -+ -+ pr_devel("-->pgp_parse_sig_params(,%zu,,)", datalen); -+ -+ if (datalen < 1) -+ return -EBADMSG; -+ p->version = *data; -+ -+ if (p->version == PGP_SIG_VERSION_3) { -+ const struct pgp_signature_v3_packet *v3 = (const void *)data; -+ -+ if (datalen < sizeof(*v3)) { -+ pr_debug("Short V3 signature packet\n"); -+ return -EBADMSG; -+ } -+ datalen -= sizeof(*v3); -+ data += sizeof(*v3); -+ -+ /* V3 has everything we need in the header */ -+ p->signature_type = v3->hashed.signature_type; -+ p->issuer = v3->issuer; -+ p->pubkey_algo = v3->pubkey_algo; -+ p->hash_algo = v3->hash_algo; -+ -+ } else if (p->version == PGP_SIG_VERSION_4) { -+ const struct pgp_signature_v4_packet *v4 = (const void *)data; -+ struct pgp_parse_sig_params_ctx ctx = { -+ .base.process_packet = pgp_process_sig_params_subpkt, -+ .params = p, -+ .got_the_issuer = false, -+ }; -+ size_t subdatalen; -+ -+ if (datalen < sizeof(*v4) + 2 + 2 + 2) { -+ pr_debug("Short V4 signature packet\n"); -+ return -EBADMSG; -+ } -+ datalen -= sizeof(*v4); -+ data += sizeof(*v4); -+ -+ /* V4 has most things in the header... */ -+ p->signature_type = v4->signature_type; -+ p->pubkey_algo = v4->pubkey_algo; -+ p->hash_algo = v4->hash_algo; -+ -+ /* ... but we have to get the key ID from the subpackets, of -+ * which there are two sets. */ -+ __set_bit(PGP_SIG_ISSUER, ctx.base.types_of_interest); -+ -+ subdatalen = *data++ << 8; -+ subdatalen |= *data++; -+ datalen -= 2; -+ if (subdatalen) { -+ /* Hashed subpackets */ -+ pr_devel("hashed data: %zu (after %zu)\n", -+ subdatalen, sizeof(*v4)); -+ if (subdatalen > datalen + 2 + 2) { -+ pr_debug("Short V4 signature packet [hdata]\n"); -+ return -EBADMSG; -+ } -+ ret = pgp_parse_sig_subpkts(data, subdatalen, -+ &ctx.base); -+ if (ret < 0) -+ return ret; -+ data += subdatalen; -+ datalen -= subdatalen; -+ } -+ -+ subdatalen = *data++ << 8; -+ subdatalen |= *data++; -+ datalen -= 2; -+ if (subdatalen) { -+ /* Unhashed subpackets */ -+ pr_devel("unhashed data: %zu\n", subdatalen); -+ if (subdatalen > datalen + 2) { -+ pr_debug("Short V4 signature packet [udata]\n"); -+ return -EBADMSG; -+ } -+ ret = pgp_parse_sig_subpkts(data, subdatalen, -+ &ctx.base); -+ if (ret < 0) -+ return ret; -+ data += subdatalen; -+ datalen -= subdatalen; -+ } -+ -+ if (!ctx.got_the_issuer) { -+ pr_debug("V4 signature packet lacks issuer\n"); -+ return -EBADMSG; -+ } -+ } else { -+ pr_debug("Signature packet with unhandled version %d\n", -+ p->version); -+ return -EBADMSG; -+ } -+ -+ *_data = data; -+ *_datalen = datalen; -+ return 0; -+} -+EXPORT_SYMBOL_GPL(pgp_parse_sig_params); --- -1.7.11.4 - - -From 39b6dd66338812a1e1806489d3fed50620011b14 Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 01:33:17 +0100 -Subject: [PATCH 12/32] KEYS: PGP data parser - -Implement a PGP data parser for the crypto key type to use when instantiating a -key. - -This parser attempts to parse the instantiation data as a PGP packet sequence -(RFC 4880) and if it parses okay, attempts to extract a public-key algorithm -key or subkey from it. - -If it finds such a key, it will set up a public_key subtype payload with -appropriate handler routines (DSA or RSA) and attach it to the key. - -Thanks to Tetsuo Handa for pointing out -some errors. - -Signed-off-by: David Howells ---- - security/keys/crypto/Kconfig | 12 ++ - security/keys/crypto/Makefile | 4 + - security/keys/crypto/pgp_parser.h | 23 +++ - security/keys/crypto/pgp_public_key.c | 344 ++++++++++++++++++++++++++++++++++ - 4 files changed, 383 insertions(+) - create mode 100644 security/keys/crypto/pgp_parser.h - create mode 100644 security/keys/crypto/pgp_public_key.c - -diff --git a/security/keys/crypto/Kconfig b/security/keys/crypto/Kconfig -index 88ce0e2..1c2ae55 100644 ---- a/security/keys/crypto/Kconfig -+++ b/security/keys/crypto/Kconfig -@@ -28,3 +28,15 @@ config PGP_LIBRARY - help - This option enables a library that provides a number of simple - utility functions for parsing PGP (RFC 4880) packet-based messages. -+ -+config CRYPTO_KEY_PGP_PARSER -+ tristate "PGP key blob parser" -+ depends on CRYPTO_KEY_TYPE -+ select CRYPTO_KEY_PUBLIC_KEY_SUBTYPE -+ select PGP_LIBRARY -+ select MD5 # V3 fingerprint generation -+ select SHA1 # V4 fingerprint generation -+ help -+ This option provides support for parsing PGP (RFC 4880) format blobs -+ for key data and provides the ability to instantiate a crypto key -+ from a public key packet found inside the blob. -diff --git a/security/keys/crypto/Makefile b/security/keys/crypto/Makefile -index 5fbe54e..35733fc 100644 ---- a/security/keys/crypto/Makefile -+++ b/security/keys/crypto/Makefile -@@ -8,3 +8,7 @@ crypto_keys-y := crypto_type.o crypto_verify.o - obj-$(CONFIG_CRYPTO_KEY_PUBLIC_KEY_SUBTYPE) += public_key.o - obj-$(CONFIG_CRYPTO_KEY_PKEY_ALGO_RSA) += crypto_rsa.o - obj-$(CONFIG_PGP_LIBRARY) += pgp_library.o -+ -+obj-$(CONFIG_CRYPTO_KEY_PGP_PARSER) += pgp_key_parser.o -+pgp_key_parser-y := \ -+ pgp_public_key.o -diff --git a/security/keys/crypto/pgp_parser.h b/security/keys/crypto/pgp_parser.h -new file mode 100644 -index 0000000..1cda231 ---- /dev/null -+++ b/security/keys/crypto/pgp_parser.h -@@ -0,0 +1,23 @@ -+/* PGP crypto data parser internal definitions -+ * -+ * Copyright (C) 2011 Red Hat, Inc. All Rights Reserved. -+ * Written by David Howells (dhowells@redhat.com) -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public Licence -+ * as published by the Free Software Foundation; either version -+ * 2 of the Licence, or (at your option) any later version. -+ */ -+ -+#include -+ -+#define kenter(FMT, ...) \ -+ pr_devel("==> %s("FMT")\n", __func__, ##__VA_ARGS__) -+#define kleave(FMT, ...) \ -+ pr_devel("<== %s()"FMT"\n", __func__, ##__VA_ARGS__) -+ -+/* -+ * pgp_key_parser.c -+ */ -+extern const -+struct public_key_algorithm *pgp_public_key_algorithms[PGP_PUBKEY__LAST]; -diff --git a/security/keys/crypto/pgp_public_key.c b/security/keys/crypto/pgp_public_key.c -new file mode 100644 -index 0000000..c260e02 ---- /dev/null -+++ b/security/keys/crypto/pgp_public_key.c -@@ -0,0 +1,344 @@ -+/* Instantiate a public key crypto key from PGP format data [RFC 4880] -+ * -+ * Copyright (C) 2011 Red Hat, Inc. All Rights Reserved. -+ * Written by David Howells (dhowells@redhat.com) -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public Licence -+ * as published by the Free Software Foundation; either version -+ * 2 of the Licence, or (at your option) any later version. -+ */ -+ -+#define pr_fmt(fmt) "PGP: "fmt -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "public_key.h" -+#include "pgp_parser.h" -+ -+MODULE_LICENSE("GPL"); -+ -+const -+struct public_key_algorithm *pgp_public_key_algorithms[PGP_PUBKEY__LAST] = { -+#if defined(CONFIG_CRYPTO_KEY_PKEY_ALGO_RSA) || \ -+ defined(CONFIG_CRYPTO_KEY_PKEY_ALGO_RSA_MODULE) -+ [PGP_PUBKEY_RSA_ENC_OR_SIG] = &RSA_public_key_algorithm, -+ [PGP_PUBKEY_RSA_ENC_ONLY] = &RSA_public_key_algorithm, -+ [PGP_PUBKEY_RSA_SIG_ONLY] = &RSA_public_key_algorithm, -+#endif -+ [PGP_PUBKEY_ELGAMAL] = NULL, -+ [PGP_PUBKEY_DSA] = NULL, -+}; -+ -+static const u8 pgp_public_key_capabilities[PGP_PUBKEY__LAST] = { -+ [PGP_PUBKEY_RSA_ENC_OR_SIG] = PKEY_CAN_ENCDEC | PKEY_CAN_SIGVER, -+ [PGP_PUBKEY_RSA_ENC_ONLY] = PKEY_CAN_ENCDEC, -+ [PGP_PUBKEY_RSA_SIG_ONLY] = PKEY_CAN_SIGVER, -+ [PGP_PUBKEY_ELGAMAL] = 0, -+ [PGP_PUBKEY_DSA] = 0, -+}; -+ -+static inline void digest_putc(struct shash_desc *digest, uint8_t ch) -+{ -+ crypto_shash_update(digest, &ch, 1); -+} -+ -+struct pgp_key_data_parse_context { -+ struct pgp_parse_context pgp; -+ struct crypto_key_subtype *subtype; -+ char *fingerprint; -+ void *payload; -+}; -+ -+/* -+ * Calculate the public key ID (RFC4880 12.2) -+ */ -+static int pgp_calc_pkey_keyid(struct shash_desc *digest, -+ struct pgp_parse_pubkey *pgp, -+ struct public_key *key) -+{ -+ unsigned nb[ARRAY_SIZE(key->mpi)]; -+ unsigned nn[ARRAY_SIZE(key->mpi)]; -+ unsigned n; -+ u8 *pp[ARRAY_SIZE(key->mpi)]; -+ u32 a32; -+ int npkey = key->algo->n_pub_mpi; -+ int i, ret = -ENOMEM; -+ -+ kenter(""); -+ -+ for (i = 0; i < ARRAY_SIZE(pp); i++) -+ pp[i] = NULL; -+ -+ n = (pgp->version < PGP_KEY_VERSION_4) ? 8 : 6; -+ for (i = 0; i < npkey; i++) { -+ nb[i] = mpi_get_nbits(key->mpi[i]); -+ pp[i] = mpi_get_buffer(key->mpi[i], nn + i, NULL); -+ if (!pp[i]) -+ goto error; -+ n += 2 + nn[i]; -+ } -+ -+ digest_putc(digest, 0x99); /* ctb */ -+ digest_putc(digest, n >> 8); /* 16-bit header length */ -+ digest_putc(digest, n); -+ digest_putc(digest, pgp->version); -+ -+ a32 = pgp->creation_time; -+ digest_putc(digest, a32 >> 24); -+ digest_putc(digest, a32 >> 16); -+ digest_putc(digest, a32 >> 8); -+ digest_putc(digest, a32 >> 0); -+ -+ if (pgp->version < PGP_KEY_VERSION_4) { -+ u16 a16; -+ -+ if (pgp->expires_at) -+ a16 = (pgp->expires_at - pgp->creation_time) / 86400UL; -+ else -+ a16 = 0; -+ digest_putc(digest, a16 >> 8); -+ digest_putc(digest, a16 >> 0); -+ } -+ -+ digest_putc(digest, pgp->pubkey_algo); -+ -+ for (i = 0; i < npkey; i++) { -+ digest_putc(digest, nb[i] >> 8); -+ digest_putc(digest, nb[i]); -+ crypto_shash_update(digest, pp[i], nn[i]); -+ } -+ ret = 0; -+ -+error: -+ for (i = 0; i < npkey; i++) -+ kfree(pp[i]); -+ kleave(" = %d", ret); -+ return ret; -+} -+ -+/* -+ * Calculate the public key ID fingerprint -+ */ -+static int pgp_generate_fingerprint(struct pgp_key_data_parse_context *ctx, -+ struct pgp_parse_pubkey *pgp, -+ struct public_key *key) -+{ -+ struct crypto_shash *tfm; -+ struct shash_desc *digest; -+ char *fingerprint; -+ u8 *raw_fingerprint; -+ int digest_size, offset; -+ int ret, i; -+ -+ ret = -ENOMEM; -+ tfm = crypto_alloc_shash(pgp->version < PGP_KEY_VERSION_4 ? -+ "md5" : "sha1", 0, 0); -+ if (!tfm) -+ goto cleanup; -+ -+ digest = kmalloc(sizeof(*digest) + crypto_shash_descsize(tfm), -+ GFP_KERNEL); -+ if (!digest) -+ goto cleanup_tfm; -+ -+ digest->tfm = tfm; -+ digest->flags = CRYPTO_TFM_REQ_MAY_SLEEP; -+ ret = crypto_shash_init(digest); -+ if (ret < 0) -+ goto cleanup_hash; -+ -+ ret = pgp_calc_pkey_keyid(digest, pgp, key); -+ if (ret < 0) -+ goto cleanup_hash; -+ -+ digest_size = crypto_shash_digestsize(tfm); -+ -+ raw_fingerprint = kmalloc(digest_size, GFP_KERNEL); -+ if (!raw_fingerprint) -+ goto cleanup_hash; -+ -+ ret = crypto_shash_final(digest, raw_fingerprint); -+ if (ret < 0) -+ goto cleanup_raw_fingerprint; -+ -+ fingerprint = kmalloc(digest_size * 2 + 1, GFP_KERNEL); -+ if (!fingerprint) -+ goto cleanup_raw_fingerprint; -+ -+ offset = digest_size - 8; -+ pr_debug("offset %u/%u\n", offset, digest_size); -+ -+ for (i = 0; i < digest_size; i++) -+ sprintf(fingerprint + i * 2, "%02x", raw_fingerprint[i]); -+ pr_debug("fingerprint %s\n", fingerprint); -+ -+ memcpy(&key->key_id, raw_fingerprint + offset, 8); -+ key->key_id_size = 8; -+ key->id_type = PKEY_ID_PGP; -+ -+ ctx->fingerprint = fingerprint; -+ ret = 0; -+cleanup_raw_fingerprint: -+ kfree(raw_fingerprint); -+cleanup_hash: -+ kfree(digest); -+cleanup_tfm: -+ crypto_free_shash(tfm); -+cleanup: -+ kleave(" = %d", ret); -+ return ret; -+} -+ -+/* -+ * Extract a public key or public subkey from the PGP stream. -+ */ -+static int pgp_process_public_key(struct pgp_parse_context *context, -+ enum pgp_packet_tag type, -+ u8 headerlen, -+ const u8 *data, -+ size_t datalen) -+{ -+ const struct public_key_algorithm *algo; -+ struct pgp_key_data_parse_context *ctx = -+ container_of(context, struct pgp_key_data_parse_context, pgp); -+ struct pgp_parse_pubkey pgp; -+ struct public_key *key; -+ int i, ret; -+ -+ kenter(",%u,%u,,%zu", type, headerlen, datalen); -+ -+ if (ctx->subtype) { -+ kleave(" = -ENOKEY [already]"); -+ return -EBADMSG; -+ } -+ -+ key = kzalloc(sizeof(struct public_key), GFP_KERNEL); -+ if (!key) -+ return -ENOMEM; -+ -+ ret = pgp_parse_public_key(&data, &datalen, &pgp); -+ if (ret < 0) -+ goto cleanup; -+ -+ if (pgp.pubkey_algo >= PGP_PUBKEY__LAST || -+ !pgp_public_key_algorithms[pgp.pubkey_algo]) { -+ pr_debug("Unsupported public key algorithm %u\n", -+ pgp.pubkey_algo); -+ ret = -ENOPKG; -+ goto cleanup; -+ } -+ -+ algo = key->algo = pgp_public_key_algorithms[pgp.pubkey_algo]; -+ -+ /* It's a public key, so that only gives us encrypt and verify -+ * capabilities. -+ */ -+ key->capabilities = pgp_public_key_capabilities[pgp.pubkey_algo] & -+ (PKEY_CAN_ENCRYPT | PKEY_CAN_VERIFY); -+ -+ for (i = 0; i < algo->n_pub_mpi; i++) { -+ unsigned int remaining = datalen; -+ if (remaining == 0) { -+ pr_debug("short %zu mpi %d\n", datalen, i); -+ goto cleanup_badmsg; -+ } -+ key->mpi[i] = mpi_read_from_buffer(data, &remaining); -+ if (!key->mpi[i]) -+ goto cleanup_nomem; -+ data += remaining; -+ datalen -= remaining; -+ } -+ -+ if (datalen != 0) { -+ pr_debug("excess %zu\n", datalen); -+ goto cleanup_badmsg; -+ } -+ -+ ret = pgp_generate_fingerprint(ctx, &pgp, key); -+ if (ret < 0) -+ goto cleanup; -+ -+ /* We're pinning the module by being linked against it */ -+ __module_get(public_key_crypto_key_subtype.owner); -+ ctx->subtype = &public_key_crypto_key_subtype; -+ ctx->payload = key; -+ kleave(" = 0 [use]"); -+ return 0; -+ -+cleanup_nomem: -+ ret = -ENOMEM; -+ goto cleanup; -+cleanup_badmsg: -+ ret = -EBADMSG; -+cleanup: -+ pr_devel("cleanup"); -+ if (key) { -+ for (i = 0; i < ARRAY_SIZE(key->mpi); i++) -+ mpi_free(key->mpi[i]); -+ kfree(key); -+ } -+ kleave(" = %d", ret); -+ return ret; -+} -+ -+/* -+ * Attempt to parse the instantiation data blob for a key as a PGP packet -+ * message holding a key. -+ */ -+static int pgp_key_preparse(struct key_preparsed_payload *prep) -+{ -+ struct pgp_key_data_parse_context ctx; -+ int ret; -+ -+ kenter(""); -+ -+ ctx.pgp.types_of_interest = -+ (1 << PGP_PKT_PUBLIC_KEY) | (1 << PGP_PKT_PUBLIC_SUBKEY); -+ ctx.pgp.process_packet = pgp_process_public_key; -+ ctx.subtype = NULL; -+ ctx.fingerprint = NULL; -+ ctx.payload = NULL; -+ -+ ret = pgp_parse_packets(prep->data, prep->datalen, &ctx.pgp); -+ if (ret < 0) { -+ if (ctx.payload) -+ ctx.subtype->destroy(ctx.payload); -+ if (ctx.subtype) -+ module_put(ctx.subtype->owner); -+ kfree(ctx.fingerprint); -+ return ret; -+ } -+ -+ prep->type_data[0] = ctx.subtype; -+ prep->type_data[1] = ctx.fingerprint; -+ prep->payload = ctx.payload; -+ prep->quotalen = prep->datalen; -+ return 0; -+} -+ -+static struct crypto_key_parser pgp_key_parser = { -+ .owner = THIS_MODULE, -+ .name = "pgp", -+ .preparse = pgp_key_preparse, -+}; -+ -+/* -+ * Module stuff -+ */ -+static int __init pgp_key_init(void) -+{ -+ return register_crypto_key_parser(&pgp_key_parser); -+} -+ -+static void __exit pgp_key_exit(void) -+{ -+ unregister_crypto_key_parser(&pgp_key_parser); -+} -+ -+module_init(pgp_key_init); -+module_exit(pgp_key_exit); --- -1.7.11.4 - - -From 1095ff02a49868cf8f3706dd2c83474bcf2081f8 Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 01:33:17 +0100 -Subject: [PATCH 13/32] KEYS: PGP-based public key signature verification - -Provide handlers for PGP-based public-key algorithm signature verification. -This does most of the work involved in signature verification as most of it is -public-key algorithm agnostic. The public-key verification algorithm itself -is just the last little bit and is supplied the complete hash data to process. - -This requires glue logic putting on top to make use of it - something the next -patch provides. - -Signed-off-by: David Howells ---- - security/keys/crypto/Makefile | 3 +- - security/keys/crypto/pgp_parser.h | 6 + - security/keys/crypto/pgp_sig_verify.c | 325 ++++++++++++++++++++++++++++++++++ - 3 files changed, 333 insertions(+), 1 deletion(-) - create mode 100644 security/keys/crypto/pgp_sig_verify.c - -diff --git a/security/keys/crypto/Makefile b/security/keys/crypto/Makefile -index 35733fc..0c8b8a1 100644 ---- a/security/keys/crypto/Makefile -+++ b/security/keys/crypto/Makefile -@@ -11,4 +11,5 @@ obj-$(CONFIG_PGP_LIBRARY) += pgp_library.o - - obj-$(CONFIG_CRYPTO_KEY_PGP_PARSER) += pgp_key_parser.o - pgp_key_parser-y := \ -- pgp_public_key.o -+ pgp_public_key.o \ -+ pgp_sig_verify.o -diff --git a/security/keys/crypto/pgp_parser.h b/security/keys/crypto/pgp_parser.h -index 1cda231..6f5b3af 100644 ---- a/security/keys/crypto/pgp_parser.h -+++ b/security/keys/crypto/pgp_parser.h -@@ -21,3 +21,9 @@ - */ - extern const - struct public_key_algorithm *pgp_public_key_algorithms[PGP_PUBKEY__LAST]; -+ -+/* -+ * pgp_pubkey_sig.c -+ */ -+extern struct crypto_sig_verify_context *pgp_pkey_verify_sig_begin( -+ struct key *crypto_key, const u8 *sigdata, size_t siglen); -diff --git a/security/keys/crypto/pgp_sig_verify.c b/security/keys/crypto/pgp_sig_verify.c -new file mode 100644 -index 0000000..f9bb949 ---- /dev/null -+++ b/security/keys/crypto/pgp_sig_verify.c -@@ -0,0 +1,325 @@ -+/* PGP public key signature verification [RFC 4880] -+ * -+ * Copyright (C) 2011 Red Hat, Inc. All Rights Reserved. -+ * Written by David Howells (dhowells@redhat.com) -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public Licence -+ * as published by the Free Software Foundation; either version -+ * 2 of the Licence, or (at your option) any later version. -+ */ -+ -+#define pr_fmt(fmt) "PGPSIG: "fmt -+#include -+#include -+#include -+#include -+#include -+#include "public_key.h" -+#include "pgp_parser.h" -+ -+static const struct { -+ enum pkey_hash_algo algo : 8; -+} pgp_pubkey_hash[PGP_HASH__LAST] = { -+ [PGP_HASH_MD5].algo = PKEY_HASH_MD5, -+ [PGP_HASH_SHA1].algo = PKEY_HASH_SHA1, -+ [PGP_HASH_RIPE_MD_160].algo = PKEY_HASH_RIPE_MD_160, -+ [PGP_HASH_SHA256].algo = PKEY_HASH_SHA256, -+ [PGP_HASH_SHA384].algo = PKEY_HASH_SHA384, -+ [PGP_HASH_SHA512].algo = PKEY_HASH_SHA512, -+ [PGP_HASH_SHA224].algo = PKEY_HASH_SHA224, -+}; -+ -+static int pgp_pkey_verify_sig_add_data(struct crypto_sig_verify_context *ctx, -+ const void *data, size_t datalen); -+static int pgp_pkey_verify_sig_end(struct crypto_sig_verify_context *ctx, -+ const u8 *sig, size_t siglen); -+static void pgp_pkey_verify_sig_cancel(struct crypto_sig_verify_context *ctx); -+ -+struct pgp_pkey_sig_parse_context { -+ struct pgp_parse_context pgp; -+ struct pgp_sig_parameters params; -+}; -+ -+static int pgp_pkey_parse_signature(struct pgp_parse_context *context, -+ enum pgp_packet_tag type, -+ u8 headerlen, -+ const u8 *data, -+ size_t datalen) -+{ -+ struct pgp_pkey_sig_parse_context *ctx = -+ container_of(context, struct pgp_pkey_sig_parse_context, pgp); -+ -+ return pgp_parse_sig_params(&data, &datalen, &ctx->params); -+} -+ -+/* -+ * Begin the process of verifying a DSA signature. -+ * -+ * This involves allocating the hash into which first the data and then the -+ * metadata will be put, and parsing the signature to check that it matches the -+ * key. -+ */ -+struct crypto_sig_verify_context *pgp_pkey_verify_sig_begin( -+ struct key *crypto_key, const u8 *sigdata, size_t siglen) -+{ -+ struct pgp_pkey_sig_parse_context p; -+ struct public_key_signature *sig; -+ struct crypto_shash *tfm; -+ const struct public_key *key = crypto_key->payload.data; -+ size_t digest_size, desc_size; -+ int ret; -+ -+ kenter("{%d},,%zu", key_serial(crypto_key), siglen); -+ -+ if (!key) { -+ kleave(" = -ENOKEY [no public key]"); -+ return ERR_PTR(-ENOKEY); -+ } -+ -+ p.pgp.types_of_interest = (1 << PGP_PKT_SIGNATURE); -+ p.pgp.process_packet = pgp_pkey_parse_signature; -+ ret = pgp_parse_packets(sigdata, siglen, &p.pgp); -+ if (ret < 0) -+ return ERR_PTR(ret); -+ -+ if (p.params.pubkey_algo >= PGP_PUBKEY__LAST || -+ !pgp_public_key_algorithms[p.params.pubkey_algo]) { -+ pr_debug("Unsupported public key algorithm %u\n", -+ p.params.pubkey_algo); -+ return ERR_PTR(-ENOPKG); -+ } -+ -+ if (pgp_public_key_algorithms[p.params.pubkey_algo] != key->algo) { -+ kleave(" = -EKEYREJECTED [wrong pk algo]"); -+ return ERR_PTR(-EKEYREJECTED); -+ } -+ -+ if (!(key->capabilities & PKEY_CAN_VERIFY)) { -+ kleave(" = -EKEYREJECTED [key can't verify]"); -+ return ERR_PTR(-EKEYREJECTED); -+ } -+ -+ if (p.params.hash_algo >= PGP_HASH__LAST || -+ !pgp_hash_algorithms[p.params.hash_algo]) { -+ pr_debug("Unsupported hash algorithm %u\n", -+ p.params.hash_algo); -+ return ERR_PTR(-ENOPKG); -+ } -+ -+ pr_debug("Signature generated with %s hash\n", -+ pgp_hash_algorithms[p.params.hash_algo]); -+ -+ if (memcmp(&p.params.issuer, key->key_id, 8) != 0) { -+ kleave(" = -ENOKEY [wrong key ID]"); -+ return ERR_PTR(-ENOKEY); -+ } -+ -+ if (p.params.signature_type != PGP_SIG_BINARY_DOCUMENT_SIG && -+ p.params.signature_type != PGP_SIG_STANDALONE_SIG) { -+ /* We don't want to canonicalise */ -+ kleave(" = -EOPNOTSUPP [canon]"); -+ return ERR_PTR(-EOPNOTSUPP); -+ } -+ -+ /* Allocate the hashing algorithm we're going to need and find out how -+ * big the hash operational data will be. -+ */ -+ tfm = crypto_alloc_shash(pgp_hash_algorithms[p.params.hash_algo], 0, 0); -+ if (IS_ERR(tfm)) -+ return PTR_ERR(tfm) == -ENOENT ? -+ ERR_PTR(-ENOPKG) : ERR_CAST(tfm); -+ -+ desc_size = crypto_shash_descsize(tfm); -+ digest_size = crypto_shash_digestsize(tfm); -+ -+ /* We allocate the hash operational data storage on the end of our -+ * context data. -+ */ -+ sig = kzalloc(sizeof(*sig) + desc_size + digest_size, GFP_KERNEL); -+ if (!sig) { -+ crypto_free_shash(tfm); -+ return ERR_PTR(-ENOMEM); -+ } -+ -+ sig->base.key = crypto_key; -+ sig->base.add_data = pgp_pkey_verify_sig_add_data; -+ sig->base.end = pgp_pkey_verify_sig_end; -+ sig->base.cancel = pgp_pkey_verify_sig_cancel; -+ sig->pkey_hash_algo = pgp_pubkey_hash[p.params.hash_algo].algo; -+ sig->digest = (u8 *)sig + sizeof(*sig) + desc_size; -+ sig->digest_size = digest_size; -+ sig->hash.tfm = tfm; -+ sig->hash.flags = CRYPTO_TFM_REQ_MAY_SLEEP; -+ -+ ret = crypto_shash_init(&sig->hash); -+ if (ret < 0) { -+ crypto_free_shash(sig->hash.tfm); -+ kfree(sig); -+ return ERR_PTR(ret); -+ } -+ -+ key_get(sig->base.key); -+ kleave(" = %p", sig); -+ return &sig->base; -+} -+ -+/* -+ * Load data into the hash -+ */ -+static int pgp_pkey_verify_sig_add_data(struct crypto_sig_verify_context *ctx, -+ const void *data, size_t datalen) -+{ -+ struct public_key_signature *sig = -+ container_of(ctx, struct public_key_signature, base); -+ -+ return crypto_shash_update(&sig->hash, data, datalen); -+} -+ -+struct pgp_pkey_sig_digest_context { -+ struct pgp_parse_context pgp; -+ const struct public_key *key; -+ struct public_key_signature *sig; -+}; -+ -+/* -+ * Extract required metadata from the signature packet and add what we need to -+ * to the hash. -+ */ -+static int pgp_pkey_digest_signature(struct pgp_parse_context *context, -+ enum pgp_packet_tag type, -+ u8 headerlen, -+ const u8 *data, -+ size_t datalen) -+{ -+ struct pgp_pkey_sig_digest_context *ctx = -+ container_of(context, struct pgp_pkey_sig_digest_context, pgp); -+ enum pgp_signature_version version; -+ int i; -+ -+ kenter(",%u,%u,,%zu", type, headerlen, datalen); -+ -+ version = *data; -+ if (version == PGP_SIG_VERSION_3) { -+ /* We just include an excerpt of the metadata from a V3 -+ * signature. -+ */ -+ crypto_shash_update(&ctx->sig->hash, data + 1, 5); -+ data += sizeof(struct pgp_signature_v3_packet); -+ datalen -= sizeof(struct pgp_signature_v3_packet); -+ } else if (version == PGP_SIG_VERSION_4) { -+ /* We add the whole metadata header and some of the hashed data -+ * for a V4 signature, plus a trailer. -+ */ -+ size_t hashedsz, unhashedsz; -+ u8 trailer[6]; -+ -+ hashedsz = 4 + 2 + (data[4] << 8) + data[5]; -+ crypto_shash_update(&ctx->sig->hash, data, hashedsz); -+ -+ trailer[0] = version; -+ trailer[1] = 0xffU; -+ trailer[2] = hashedsz >> 24; -+ trailer[3] = hashedsz >> 16; -+ trailer[4] = hashedsz >> 8; -+ trailer[5] = hashedsz; -+ -+ crypto_shash_update(&ctx->sig->hash, trailer, 6); -+ data += hashedsz; -+ datalen -= hashedsz; -+ -+ unhashedsz = 2 + (data[0] << 8) + data[1]; -+ data += unhashedsz; -+ datalen -= unhashedsz; -+ } -+ -+ if (datalen <= 2) { -+ kleave(" = -EBADMSG"); -+ return -EBADMSG; -+ } -+ -+ /* There's a quick check on the hash available. */ -+ ctx->sig->signed_hash_msw[0] = *data++; -+ ctx->sig->signed_hash_msw[1] = *data++; -+ datalen -= 2; -+ -+ /* And then the cryptographic data, which we'll need for the -+ * algorithm. -+ */ -+ for (i = 0; i < ctx->key->algo->n_sig_mpi; i++) { -+ unsigned int remaining = datalen; -+ if (remaining == 0) { -+ pr_debug("short %zu mpi %d\n", datalen, i); -+ return -EBADMSG; -+ } -+ ctx->sig->mpi[i] = mpi_read_from_buffer(data, &remaining); -+ if (!ctx->sig->mpi[i]) -+ return -ENOMEM; -+ data += remaining; -+ datalen -= remaining; -+ } -+ -+ if (datalen != 0) { -+ kleave(" = -EBADMSG [trailer %zu]", datalen); -+ return -EBADMSG; -+ } -+ -+ kleave(" = 0"); -+ return 0; -+} -+ -+/* -+ * The data is now all loaded into the hash; load the metadata, finalise the -+ * hash and perform the verification step. -+ */ -+static int pgp_pkey_verify_sig_end(struct crypto_sig_verify_context *ctx, -+ const u8 *sigdata, size_t siglen) -+{ -+ struct public_key_signature *sig = -+ container_of(ctx, struct public_key_signature, base); -+ const struct public_key *key = sig->base.key->payload.data; -+ struct pgp_pkey_sig_digest_context p; -+ int ret; -+ -+ kenter(""); -+ -+ /* Firstly we add metadata, starting with some of the data from the -+ * signature packet */ -+ p.pgp.types_of_interest = (1 << PGP_PKT_SIGNATURE); -+ p.pgp.process_packet = pgp_pkey_digest_signature; -+ p.key = key; -+ p.sig = sig; -+ ret = pgp_parse_packets(sigdata, siglen, &p.pgp); -+ if (ret < 0) -+ goto error_free_ctx; -+ -+ crypto_shash_final(&sig->hash, sig->digest); -+ -+ ret = key->algo->verify(key, sig); -+ -+error_free_ctx: -+ pgp_pkey_verify_sig_cancel(ctx); -+ kleave(" = %d", ret); -+ return ret; -+} -+ -+/* -+ * Cancel an in-progress data loading -+ */ -+static void pgp_pkey_verify_sig_cancel(struct crypto_sig_verify_context *ctx) -+{ -+ struct public_key_signature *sig = -+ container_of(ctx, struct public_key_signature, base); -+ int i; -+ -+ kenter(""); -+ -+ /* !!! Do we need to tell the crypto layer to cancel too? */ -+ crypto_free_shash(sig->hash.tfm); -+ key_put(sig->base.key); -+ for (i = 0; i < ARRAY_SIZE(sig->mpi); i++) -+ mpi_free(sig->mpi[i]); -+ kfree(sig); -+ -+ kleave(""); -+} --- -1.7.11.4 - - -From 69d9f31b888090b5705b7148760143a6b706a116 Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 01:33:17 +0100 -Subject: [PATCH 14/32] KEYS: PGP format signature parser - -Implement a signature parser that will attempt to parse a signature blob as a -PGP packet format message. If it can, it will find an appropriate crypto key -and set the public-key algorithm according to the data in the signature. - -Signed-off-by: David Howells ---- - security/keys/crypto/Makefile | 1 + - security/keys/crypto/pgp_sig_parser.c | 136 ++++++++++++++++++++++++++++++++++ - 2 files changed, 137 insertions(+) - create mode 100644 security/keys/crypto/pgp_sig_parser.c - -diff --git a/security/keys/crypto/Makefile b/security/keys/crypto/Makefile -index 0c8b8a1..a9a34c6 100644 ---- a/security/keys/crypto/Makefile -+++ b/security/keys/crypto/Makefile -@@ -12,4 +12,5 @@ obj-$(CONFIG_PGP_LIBRARY) += pgp_library.o - obj-$(CONFIG_CRYPTO_KEY_PGP_PARSER) += pgp_key_parser.o - pgp_key_parser-y := \ - pgp_public_key.o \ -+ pgp_sig_parser.o \ - pgp_sig_verify.o -diff --git a/security/keys/crypto/pgp_sig_parser.c b/security/keys/crypto/pgp_sig_parser.c -new file mode 100644 -index 0000000..683eb53 ---- /dev/null -+++ b/security/keys/crypto/pgp_sig_parser.c -@@ -0,0 +1,136 @@ -+/* Handling for PGP public key signature data [RFC 4880] -+ * -+ * Copyright (C) 2011 Red Hat, Inc. All Rights Reserved. -+ * Written by David Howells (dhowells@redhat.com) -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public Licence -+ * as published by the Free Software Foundation; either version -+ * 2 of the Licence, or (at your option) any later version. -+ */ -+ -+#define pr_fmt(fmt) "PGPSIG: "fmt -+#include -+#include -+#include -+#include -+#include "public_key.h" -+#include "pgp_parser.h" -+ -+struct PGP_sig_parse_context { -+ struct pgp_parse_context pgp; -+ struct pgp_sig_parameters params; -+ bool found_sig; -+}; -+ -+/* -+ * Look inside signature sections for a key ID -+ */ -+static int pgp_process_signature(struct pgp_parse_context *context, -+ enum pgp_packet_tag type, -+ u8 headerlen, -+ const u8 *data, -+ size_t datalen) -+{ -+ struct PGP_sig_parse_context *ctx = -+ container_of(context, struct PGP_sig_parse_context, pgp); -+ -+ ctx->found_sig = true; -+ return pgp_parse_sig_params(&data, &datalen, &ctx->params); -+} -+ -+/* -+ * Attempt to find a key to use for PGP signature verification, starting off by -+ * looking in the supplied keyring. -+ * -+ * The function may also look for other key sources such as a TPM. If an -+ * alternative key is found it can be added to the keyring for future -+ * reference. -+ */ -+static struct key *find_key_for_pgp_sig(struct key *keyring, -+ const u8 *sig, size_t siglen) -+{ -+ struct PGP_sig_parse_context p; -+ key_ref_t key; -+ char criterion[3 + 8 * 2 + 1]; -+ int ret; -+ -+ if (!keyring) -+ return ERR_PTR(-ENOKEY); -+ -+ /* Need to find the key ID */ -+ p.pgp.types_of_interest = (1 << PGP_PKT_SIGNATURE); -+ p.pgp.process_packet = pgp_process_signature; -+ p.found_sig = false; -+ ret = pgp_parse_packets(sig, siglen, &p.pgp); -+ if (ret < 0) -+ return ERR_PTR(ret); -+ -+ if (!p.found_sig) -+ return ERR_PTR(-ENOMSG); -+ -+ sprintf(criterion, "id:%08x%08x", -+ be32_to_cpu(p.params.issuer32[0]), -+ be32_to_cpu(p.params.issuer32[1])); -+ -+ pr_debug("Look up: %s\n", criterion); -+ -+ key = keyring_search(make_key_ref(keyring, 1), -+ &key_type_crypto, criterion); -+ if (IS_ERR(key)) { -+ switch (PTR_ERR(key)) { -+ /* Hide some search errors */ -+ case -EACCES: -+ case -ENOTDIR: -+ case -EAGAIN: -+ return ERR_PTR(-ENOKEY); -+ default: -+ return ERR_CAST(key); -+ } -+ } -+ -+ pr_debug("Found key %x\n", key_serial(key_ref_to_ptr(key))); -+ return key_ref_to_ptr(key); -+} -+ -+/* -+ * Attempt to parse a signature as a PGP packet format blob and find a -+ * matching key. -+ */ -+static struct crypto_sig_verify_context *pgp_verify_sig_begin( -+ struct key *keyring, const u8 *sig, size_t siglen) -+{ -+ struct crypto_sig_verify_context *ctx; -+ struct key *key; -+ -+ key = find_key_for_pgp_sig(keyring, sig, siglen); -+ if (IS_ERR(key)) -+ return ERR_CAST(key); -+ -+ /* We only handle in-kernel public key signatures for the moment */ -+ ctx = pgp_pkey_verify_sig_begin(key, sig, siglen); -+ key_put(key); -+ return ctx; -+} -+ -+static struct crypto_sig_parser pgp_sig_parser = { -+ .owner = THIS_MODULE, -+ .name = "pgp", -+ .verify_sig_begin = pgp_verify_sig_begin, -+}; -+ -+/* -+ * Module stuff -+ */ -+static int __init pgp_sig_init(void) -+{ -+ return register_crypto_sig_parser(&pgp_sig_parser); -+} -+ -+static void __exit pgp_sig_exit(void) -+{ -+ unregister_crypto_sig_parser(&pgp_sig_parser); -+} -+ -+module_init(pgp_sig_init); -+module_exit(pgp_sig_exit); --- -1.7.11.4 - - -From fe109b5adbb22b3503cb1f72f5585543218ba990 Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 01:33:17 +0100 -Subject: [PATCH 15/32] KEYS: Provide PGP key description autogeneration - -Provide a facility to autogenerate the name of PGP keys from the contents of -the payload. If add_key() is given a blank description, a description is -constructed from the last user ID packet in the payload data plus the last 8 -hex digits of the key ID. For instance: - - keyctl padd crypto "" @s ---- - security/keys/crypto/pgp_public_key.c | 64 +++++++++++++++++++++++++++++------ - 1 file changed, 53 insertions(+), 11 deletions(-) - -diff --git a/security/keys/crypto/pgp_public_key.c b/security/keys/crypto/pgp_public_key.c -index c260e02..2347ecd 100644 ---- a/security/keys/crypto/pgp_public_key.c -+++ b/security/keys/crypto/pgp_public_key.c -@@ -52,6 +52,9 @@ struct pgp_key_data_parse_context { - struct crypto_key_subtype *subtype; - char *fingerprint; - void *payload; -+ const char *user_id; -+ size_t user_id_len; -+ size_t fingerprint_len; - }; - - /* -@@ -166,6 +169,7 @@ static int pgp_generate_fingerprint(struct pgp_key_data_parse_context *ctx, - if (ret < 0) - goto cleanup_raw_fingerprint; - -+ ctx->fingerprint_len = digest_size * 2; - fingerprint = kmalloc(digest_size * 2 + 1, GFP_KERNEL); - if (!fingerprint) - goto cleanup_raw_fingerprint; -@@ -212,6 +216,13 @@ static int pgp_process_public_key(struct pgp_parse_context *context, - - kenter(",%u,%u,,%zu", type, headerlen, datalen); - -+ if (type == PGP_PKT_USER_ID) { -+ ctx->user_id = data; -+ ctx->user_id_len = datalen; -+ kleave(" = 0 [user ID]"); -+ return 0; -+ } -+ - if (ctx->subtype) { - kleave(" = -ENOKEY [already]"); - return -EBADMSG; -@@ -297,21 +308,44 @@ static int pgp_key_preparse(struct key_preparsed_payload *prep) - - kenter(""); - -+ memset(&ctx, 0, sizeof(ctx)); - ctx.pgp.types_of_interest = -- (1 << PGP_PKT_PUBLIC_KEY) | (1 << PGP_PKT_PUBLIC_SUBKEY); -+ (1 << PGP_PKT_PUBLIC_KEY) | (1 << PGP_PKT_PUBLIC_SUBKEY) | -+ (1 << PGP_PKT_USER_ID); - ctx.pgp.process_packet = pgp_process_public_key; -- ctx.subtype = NULL; -- ctx.fingerprint = NULL; -- ctx.payload = NULL; - - ret = pgp_parse_packets(prep->data, prep->datalen, &ctx.pgp); -- if (ret < 0) { -- if (ctx.payload) -- ctx.subtype->destroy(ctx.payload); -- if (ctx.subtype) -- module_put(ctx.subtype->owner); -- kfree(ctx.fingerprint); -- return ret; -+ if (ret < 0) -+ goto error; -+ -+ if (ctx.user_id && ctx.user_id_len > 0) { -+ /* Propose a description for the key (user ID without the comment) */ -+ size_t ulen = ctx.user_id_len, flen = ctx.fingerprint_len; -+ const char *p; -+ -+ p = memchr(ctx.user_id, '(', ulen); -+ if (p) { -+ /* Remove the comment */ -+ do { -+ p--; -+ } while (*p == ' ' && p > ctx.user_id); -+ if (*p != ' ') -+ p++; -+ ulen = p - ctx.user_id; -+ } -+ -+ if (ulen > 255 - 9) -+ ulen = 255 - 9; -+ prep->description = kmalloc(ulen + 1 + 8 + 1, GFP_KERNEL); -+ ret = -ENOMEM; -+ if (!prep->description) -+ goto error; -+ memcpy(prep->description, ctx.user_id, ulen); -+ prep->description[ulen] = ' '; -+ memcpy(prep->description + ulen + 1, -+ ctx.fingerprint + flen - 8, 8); -+ prep->description[ulen + 9] = 0; -+ pr_debug("desc '%s'\n", prep->description); - } - - prep->type_data[0] = ctx.subtype; -@@ -319,6 +353,14 @@ static int pgp_key_preparse(struct key_preparsed_payload *prep) - prep->payload = ctx.payload; - prep->quotalen = prep->datalen; - return 0; -+ -+error: -+ if (ctx.payload) -+ ctx.subtype->destroy(ctx.payload); -+ if (ctx.subtype) -+ module_put(ctx.subtype->owner); -+ kfree(ctx.fingerprint); -+ return ret; - } - - static struct crypto_key_parser pgp_key_parser = { --- -1.7.11.4 - - -From 77b00423d002eb013293177310644c8284b6ea2f Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 01:33:18 +0100 -Subject: [PATCH 16/32] KEYS: Provide a function to load keys from a PGP - keyring blob - -Provide a function to load keys from a PGP keyring blob for use in initialising -the module signing key keyring: - - int load_PGP_keys(const u8 *pgpdata, size_t pgpdatalen, - struct key *keyring, const char *descprefix); - -The keys are labelled with descprefix plus a number to uniquify them. The keys -will actually be identified by the ID calculated from the PGP data rather than -by the description, so this shouldn't be a problem. - -The keys are attached to the keyring supplied. - -Looking as root in /proc/keys after the module signing keyring has been loaded: - -24460d1c I----- 1 perm 3f010000 0 0 crypto modsign.0: dsa 5acc2142 [] -3ca85723 I----- 1 perm 1f010000 0 0 keyring .module_sign: 1/4 - -Thanks to Tetsuo Handa for some pointing -out some errors. - -Signed-off-by: David Howells ---- - Documentation/security/keys-crypto.txt | 20 ++++++ - include/keys/crypto-type.h | 3 + - security/keys/crypto/Kconfig | 9 +++ - security/keys/crypto/Makefile | 1 + - security/keys/crypto/pgp_preload.c | 115 +++++++++++++++++++++++++++++++++ - 5 files changed, 148 insertions(+) - create mode 100644 security/keys/crypto/pgp_preload.c - -diff --git a/Documentation/security/keys-crypto.txt b/Documentation/security/keys-crypto.txt -index 0a886ec..be5067e 100644 ---- a/Documentation/security/keys-crypto.txt -+++ b/Documentation/security/keys-crypto.txt -@@ -10,6 +10,7 @@ Contents: - - Signature verification. - - Implementing crypto parsers. - - Implementing crypto subtypes. -+ - Initial PGP key preloading. - - - ======== -@@ -279,3 +280,22 @@ There are a number of operations defined by the subtype: - Mandatory. This should free the memory associated with the key. The - crypto key will look after freeing the fingerprint and releasing the - reference on the subtype module. -+ -+ -+======================= -+INITIAL PGP KEY LOADING -+======================= -+ -+A function is provided to perform an initial load of a set of public keys bound -+into a PGP packet format blob: -+ -+ int preload_pgp_keys(const u8 *pgpdata, size_t pgpdatalen, -+ struct key *keyring); -+ -+This takes the blob of data defined by pgpdata and pgpdatalen, extracts keys -+from them and adds them to the specified keyring. The keys are labelled with a -+description generated from the fingerprint and last user ID of each key. The -+description is required to prevent all but the last key being discarded when -+the keys are linked into the keyring. -+ -+This function is only available during initial kernel set up. -diff --git a/include/keys/crypto-type.h b/include/keys/crypto-type.h -index 0fb362a..ed9b203 100644 ---- a/include/keys/crypto-type.h -+++ b/include/keys/crypto-type.h -@@ -31,4 +31,7 @@ extern void verify_sig_cancel(struct crypto_sig_verify_context *ctx); - * The payload is at the discretion of the subtype. - */ - -+extern __init int preload_pgp_keys(const u8 *pgpdata, size_t pgpdatalen, -+ struct key *keyring); -+ - #endif /* _KEYS_CRYPTO_TYPE_H */ -diff --git a/security/keys/crypto/Kconfig b/security/keys/crypto/Kconfig -index 1c2ae55..8af0155 100644 ---- a/security/keys/crypto/Kconfig -+++ b/security/keys/crypto/Kconfig -@@ -40,3 +40,12 @@ config CRYPTO_KEY_PGP_PARSER - This option provides support for parsing PGP (RFC 4880) format blobs - for key data and provides the ability to instantiate a crypto key - from a public key packet found inside the blob. -+ -+config PGP_PRELOAD -+ bool "PGP public key preloading facility" -+ select PGP_LIBRARY -+ select CRYPTO_KEY_PGP_PARSER -+ help -+ This option provides a facility for the kernel to preload PGP-wrapped -+ bundles of keys during boot. It is used by module signing to load -+ the module signing keys for example. -diff --git a/security/keys/crypto/Makefile b/security/keys/crypto/Makefile -index a9a34c6..c873674 100644 ---- a/security/keys/crypto/Makefile -+++ b/security/keys/crypto/Makefile -@@ -8,6 +8,7 @@ crypto_keys-y := crypto_type.o crypto_verify.o - obj-$(CONFIG_CRYPTO_KEY_PUBLIC_KEY_SUBTYPE) += public_key.o - obj-$(CONFIG_CRYPTO_KEY_PKEY_ALGO_RSA) += crypto_rsa.o - obj-$(CONFIG_PGP_LIBRARY) += pgp_library.o -+obj-$(CONFIG_PGP_PRELOAD) += pgp_preload.o - - obj-$(CONFIG_CRYPTO_KEY_PGP_PARSER) += pgp_key_parser.o - pgp_key_parser-y := \ -diff --git a/security/keys/crypto/pgp_preload.c b/security/keys/crypto/pgp_preload.c -new file mode 100644 -index 0000000..ca4cfe6 ---- /dev/null -+++ b/security/keys/crypto/pgp_preload.c -@@ -0,0 +1,115 @@ -+/* Cryptographic key request handling -+ * -+ * Copyright (C) 2011 Red Hat, Inc. All Rights Reserved. -+ * Written by David Howells (dhowells@redhat.com) -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public Licence -+ * as published by the Free Software Foundation; either version -+ * 2 of the Licence, or (at your option) any later version. -+ * -+ * See Documentation/security/keys-crypto.txt -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include "crypto_keys.h" -+ -+struct preload_pgp_keys_context { -+ struct pgp_parse_context pgp; -+ key_ref_t keyring; -+ const u8 *key_start; -+ const u8 *key_end; -+ bool found_key; -+}; -+ -+/* -+ * Create a key. -+ */ -+static int __init create_pgp_key(struct preload_pgp_keys_context *ctx) -+{ -+ key_ref_t key; -+ -+ key = key_create_or_update(ctx->keyring, "crypto", NULL, -+ ctx->key_start, -+ ctx->key_end - ctx->key_start, -+ KEY_POS_ALL | KEY_USR_VIEW, -+ KEY_ALLOC_NOT_IN_QUOTA); -+ if (IS_ERR(key)) -+ return PTR_ERR(key); -+ -+ pr_notice("Loaded %s key: %s\n", -+ key_ref_to_ptr(key)->description, -+ crypto_key_id(key_ref_to_ptr(key))); -+ -+ key_ref_put(key); -+ return 0; -+} -+ -+/* -+ * Extract a public key or subkey from the PGP stream. -+ */ -+static int __init found_pgp_key(struct pgp_parse_context *context, -+ enum pgp_packet_tag type, u8 headerlen, -+ const u8 *data, size_t datalen) -+{ -+ struct preload_pgp_keys_context *ctx = -+ container_of(context, struct preload_pgp_keys_context, pgp); -+ int ret; -+ -+ if (ctx->found_key) { -+ ctx->key_end = data - headerlen; -+ ret = create_pgp_key(ctx); -+ if (ret < 0) -+ return ret; -+ } -+ -+ ctx->key_start = data - headerlen; -+ ctx->found_key = true; -+ return 0; -+} -+ -+/** -+ * preload_pgp_keys - Load keys from a PGP keyring blob -+ * @pgpdata: The PGP keyring blob containing the keys. -+ * @pgpdatalen: The size of the @pgpdata blob. -+ * @keyring: The keyring to add the new keys to. -+ * -+ * Preload a pack of keys from a PGP keyring blob. -+ * -+ * The keys have their descriptions generated from the user ID and fingerprint -+ * in the PGP stream. Since keys can be matched on their key IDs independently -+ * of the key description, the description is mostly irrelevant apart from the -+ * fact that keys of the same description displace one another from a keyring. -+ * -+ * The caller should override the current creds if they want the keys to be -+ * owned by someone other than the current process's owner. Keys will not be -+ * accounted towards the owner's quota. -+ * -+ * This function may only be called whilst the kernel is booting. -+ */ -+int __init preload_pgp_keys(const u8 *pgpdata, size_t pgpdatalen, -+ struct key *keyring) -+{ -+ struct preload_pgp_keys_context ctx; -+ int ret; -+ -+ ctx.pgp.types_of_interest = -+ (1 << PGP_PKT_PUBLIC_KEY) | (1 << PGP_PKT_PUBLIC_SUBKEY); -+ ctx.pgp.process_packet = found_pgp_key; -+ ctx.keyring = make_key_ref(keyring, 1); -+ ctx.found_key = false; -+ -+ ret = pgp_parse_packets(pgpdata, pgpdatalen, &ctx.pgp); -+ if (ret < 0) -+ return ret; -+ -+ if (ctx.found_key) { -+ ctx.key_end = pgpdata + pgpdatalen; -+ return create_pgp_key(&ctx); -+ } -+ return 0; -+} --- -1.7.11.4 - - -From d569964b0037289f291f5ac48df54a6b90b3435a Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 01:33:48 +0100 -Subject: [PATCH 17/32] Make most arch asm/module.h files use - asm-generic/module.h - -Use the mapping of Elf_[SPE]hdr, Elf_Addr, Elf_Sym, Elf_Dyn, Elf_Rel/Rela, -ELF_R_TYPE() and ELF_R_SYM() to either the 32-bit version or the 64-bit version -into asm-generic/module.h for all arches bar MIPS. - -Also, use the generic definition mod_arch_specific where possible. - -To this end, I've defined three new config bools: - - (*) HAVE_MOD_ARCH_SPECIFIC - - Arches define this if they don't want to use the empty generic - mod_arch_specific struct. - - (*) MODULES_USE_ELF_RELA - - Arches define this if their modules can contain RELA records. This causes - the Elf_Rela mapping to be emitted and allows apply_relocate_add() to be - defined by the arch rather than have the core emit an error message. - - (*) MODULES_USE_ELF_REL - - Arches define this if their modules can contain REL records. This causes - the Elf_Rel mapping to be emitted and allows apply_relocate() to be - defined by the arch rather than have the core emit an error message. - -Note that it is possible to allow both REL and RELA records: m68k and mips are -two arches that do this. - -With this, some arch asm/module.h files can be deleted entirely and replaced -with a generic-y marker in the arch Kbuild file. - -Additionally, I have removed the bits from m32r and score that handle the -unsupported type of relocation record as that's now handled centrally. - -Thanks to Jonas Gorski for some MIPS fixes. - -Signed-off-by: David Howells -Acked-by: Sam Ravnborg ---- - arch/Kconfig | 19 ++++++++++++++++++ - arch/alpha/Kconfig | 2 ++ - arch/alpha/include/asm/module.h | 10 ++-------- - arch/arm/Kconfig | 2 ++ - arch/arm/include/asm/module.h | 8 ++------ - arch/avr32/Kconfig | 2 ++ - arch/avr32/include/asm/module.h | 6 ++---- - arch/blackfin/Kconfig | 2 ++ - arch/blackfin/include/asm/module.h | 4 +--- - arch/c6x/Kconfig | 1 + - arch/c6x/include/asm/module.h | 12 +----------- - arch/cris/Kconfig | 1 + - arch/cris/include/asm/Kbuild | 2 ++ - arch/cris/include/asm/module.h | 9 --------- - arch/frv/include/asm/module.h | 8 +------- - arch/h8300/Kconfig | 1 + - arch/h8300/include/asm/Kbuild | 2 ++ - arch/h8300/include/asm/module.h | 11 ----------- - arch/hexagon/Kconfig | 1 + - arch/ia64/Kconfig | 2 ++ - arch/ia64/include/asm/module.h | 6 ++---- - arch/m32r/Kconfig | 1 + - arch/m32r/include/asm/Kbuild | 2 ++ - arch/m32r/include/asm/module.h | 10 ---------- - arch/m32r/kernel/module.c | 15 -------------- - arch/m68k/Kconfig | 3 +++ - arch/m68k/include/asm/module.h | 6 ++---- - arch/microblaze/Kconfig | 1 + - arch/mips/Kconfig | 3 +++ - arch/mips/include/asm/module.h | 10 ++++++++-- - arch/mips/kernel/module.c | 2 ++ - arch/mn10300/Kconfig | 1 + - arch/mn10300/include/asm/module.h | 7 +------ - arch/openrisc/Kconfig | 1 + - arch/parisc/Kconfig | 2 ++ - arch/parisc/include/asm/module.h | 16 +++------------ - arch/powerpc/Kconfig | 2 ++ - arch/powerpc/include/asm/module.h | 7 +------ - arch/s390/Kconfig | 2 ++ - arch/s390/include/asm/module.h | 18 +++-------------- - arch/score/Kconfig | 2 ++ - arch/score/include/asm/module.h | 6 +----- - arch/score/kernel/module.c | 10 ---------- - arch/sh/Kconfig | 2 ++ - arch/sh/include/asm/module.h | 14 +++---------- - arch/sparc/Kconfig | 1 + - arch/sparc/include/asm/Kbuild | 1 + - arch/sparc/include/asm/module.h | 24 ----------------------- - arch/tile/Kconfig | 1 + - arch/unicore32/Kconfig | 1 + - arch/x86/Kconfig | 2 ++ - arch/x86/um/Kconfig | 2 ++ - arch/xtensa/Kconfig | 1 + - arch/xtensa/include/asm/module.h | 9 +-------- - include/asm-generic/module.h | 40 +++++++++++++++++++++++++++++++------- - include/linux/moduleloader.h | 36 ++++++++++++++++++++++++++++++---- - kernel/module.c | 20 ------------------- - 57 files changed, 169 insertions(+), 223 deletions(-) - delete mode 100644 arch/cris/include/asm/module.h - delete mode 100644 arch/h8300/include/asm/module.h - delete mode 100644 arch/m32r/include/asm/module.h - delete mode 100644 arch/sparc/include/asm/module.h - -diff --git a/arch/Kconfig b/arch/Kconfig -index 72f2fa1..3450115 100644 ---- a/arch/Kconfig -+++ b/arch/Kconfig -@@ -281,4 +281,23 @@ config SECCOMP_FILTER - - See Documentation/prctl/seccomp_filter.txt for details. - -+config HAVE_MOD_ARCH_SPECIFIC -+ bool -+ help -+ The arch uses struct mod_arch_specific to store data. Many arches -+ just need a simple module loader without arch specific data - those -+ should not enable this. -+ -+config MODULES_USE_ELF_RELA -+ bool -+ help -+ Modules only use ELF RELA relocations. Modules with ELF REL -+ relocations will give an error. -+ -+config MODULES_USE_ELF_REL -+ bool -+ help -+ Modules only use ELF REL relocations. Modules with ELF RELA -+ relocations will give an error. -+ - source "kernel/gcov/Kconfig" -diff --git a/arch/alpha/Kconfig b/arch/alpha/Kconfig -index 9944ded..7e3710c 100644 ---- a/arch/alpha/Kconfig -+++ b/arch/alpha/Kconfig -@@ -20,6 +20,8 @@ config ALPHA - select GENERIC_CMOS_UPDATE - select GENERIC_STRNCPY_FROM_USER - select GENERIC_STRNLEN_USER -+ select HAVE_MOD_ARCH_SPECIFIC -+ select MODULES_USE_ELF_RELA - help - The Alpha is a 64-bit general-purpose processor designed and - marketed by the Digital Equipment Corporation of blessed memory, -diff --git a/arch/alpha/include/asm/module.h b/arch/alpha/include/asm/module.h -index 7b63743..9cd13b5 100644 ---- a/arch/alpha/include/asm/module.h -+++ b/arch/alpha/include/asm/module.h -@@ -1,19 +1,13 @@ - #ifndef _ALPHA_MODULE_H - #define _ALPHA_MODULE_H - -+#include -+ - struct mod_arch_specific - { - unsigned int gotsecindex; - }; - --#define Elf_Sym Elf64_Sym --#define Elf_Shdr Elf64_Shdr --#define Elf_Ehdr Elf64_Ehdr --#define Elf_Phdr Elf64_Phdr --#define Elf_Dyn Elf64_Dyn --#define Elf_Rel Elf64_Rel --#define Elf_Rela Elf64_Rela -- - #define ARCH_SHF_SMALL SHF_ALPHA_GPREL - - #ifdef MODULE -diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig -index e91c7cd..c75c217 100644 ---- a/arch/arm/Kconfig -+++ b/arch/arm/Kconfig -@@ -50,6 +50,8 @@ config ARM - select GENERIC_STRNCPY_FROM_USER - select GENERIC_STRNLEN_USER - select DCACHE_WORD_ACCESS if (CPU_V6 || CPU_V6K || CPU_V7) && !CPU_BIG_ENDIAN -+ select HAVE_MOD_ARCH_SPECIFIC if ARM_UNWIND -+ select MODULES_USE_ELF_REL - help - The ARM series is a line of low-power-consumption RISC chip designs - licensed by ARM Ltd and targeted at embedded applications and -diff --git a/arch/arm/include/asm/module.h b/arch/arm/include/asm/module.h -index 6c6809f..0d3a28d 100644 ---- a/arch/arm/include/asm/module.h -+++ b/arch/arm/include/asm/module.h -@@ -1,9 +1,7 @@ - #ifndef _ASM_ARM_MODULE_H - #define _ASM_ARM_MODULE_H - --#define Elf_Shdr Elf32_Shdr --#define Elf_Sym Elf32_Sym --#define Elf_Ehdr Elf32_Ehdr -+#include - - struct unwind_table; - -@@ -16,13 +14,11 @@ enum { - ARM_SEC_DEVEXIT, - ARM_SEC_MAX, - }; --#endif - - struct mod_arch_specific { --#ifdef CONFIG_ARM_UNWIND - struct unwind_table *unwind[ARM_SEC_MAX]; --#endif - }; -+#endif - - /* - * Add the ARM architecture version to the version magic string -diff --git a/arch/avr32/Kconfig b/arch/avr32/Kconfig -index 5ade51c..06e73bf 100644 ---- a/arch/avr32/Kconfig -+++ b/arch/avr32/Kconfig -@@ -15,6 +15,8 @@ config AVR32 - select ARCH_WANT_IPC_PARSE_VERSION - select ARCH_HAVE_NMI_SAFE_CMPXCHG - select GENERIC_CLOCKEVENTS -+ select HAVE_MOD_ARCH_SPECIFIC -+ select MODULES_USE_ELF_RELA - help - AVR32 is a high-performance 32-bit RISC microprocessor core, - designed for cost-sensitive embedded applications, with particular -diff --git a/arch/avr32/include/asm/module.h b/arch/avr32/include/asm/module.h -index 4514445..3f083d3 100644 ---- a/arch/avr32/include/asm/module.h -+++ b/arch/avr32/include/asm/module.h -@@ -1,6 +1,8 @@ - #ifndef __ASM_AVR32_MODULE_H - #define __ASM_AVR32_MODULE_H - -+#include -+ - struct mod_arch_syminfo { - unsigned long got_offset; - int got_initialized; -@@ -17,10 +19,6 @@ struct mod_arch_specific { - struct mod_arch_syminfo *syminfo; - }; - --#define Elf_Shdr Elf32_Shdr --#define Elf_Sym Elf32_Sym --#define Elf_Ehdr Elf32_Ehdr -- - #define MODULE_PROC_FAMILY "AVR32v1" - - #define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY -diff --git a/arch/blackfin/Kconfig b/arch/blackfin/Kconfig -index f348619..a48d8be 100644 ---- a/arch/blackfin/Kconfig -+++ b/arch/blackfin/Kconfig -@@ -41,6 +41,8 @@ config BLACKFIN - select HAVE_NMI_WATCHDOG if NMI_WATCHDOG - select GENERIC_SMP_IDLE_THREAD - select ARCH_USES_GETTIMEOFFSET if !GENERIC_CLOCKEVENTS -+ select HAVE_MOD_ARCH_SPECIFIC -+ select MODULES_USE_ELF_RELA - - config GENERIC_CSUM - def_bool y -diff --git a/arch/blackfin/include/asm/module.h b/arch/blackfin/include/asm/module.h -index ed5689b..231a149 100644 ---- a/arch/blackfin/include/asm/module.h -+++ b/arch/blackfin/include/asm/module.h -@@ -7,9 +7,7 @@ - #ifndef _ASM_BFIN_MODULE_H - #define _ASM_BFIN_MODULE_H - --#define Elf_Shdr Elf32_Shdr --#define Elf_Sym Elf32_Sym --#define Elf_Ehdr Elf32_Ehdr -+#include - - struct mod_arch_specific { - Elf_Shdr *text_l1; -diff --git a/arch/c6x/Kconfig b/arch/c6x/Kconfig -index 052f81a..8f3a304 100644 ---- a/arch/c6x/Kconfig -+++ b/arch/c6x/Kconfig -@@ -16,6 +16,7 @@ config C6X - select OF - select OF_EARLY_FLATTREE - select GENERIC_CLOCKEVENTS -+ select MODULES_USE_ELF_RELA - - config MMU - def_bool n -diff --git a/arch/c6x/include/asm/module.h b/arch/c6x/include/asm/module.h -index a453f97..5c7269c 100644 ---- a/arch/c6x/include/asm/module.h -+++ b/arch/c6x/include/asm/module.h -@@ -13,17 +13,7 @@ - #ifndef _ASM_C6X_MODULE_H - #define _ASM_C6X_MODULE_H - --#define Elf_Shdr Elf32_Shdr --#define Elf_Sym Elf32_Sym --#define Elf_Ehdr Elf32_Ehdr --#define Elf_Addr Elf32_Addr --#define Elf_Word Elf32_Word -- --/* -- * This file contains the C6x architecture specific module code. -- */ --struct mod_arch_specific { --}; -+#include - - struct loaded_sections { - unsigned int new_vaddr; -diff --git a/arch/cris/Kconfig b/arch/cris/Kconfig -index e922154..7bb8cf9 100644 ---- a/arch/cris/Kconfig -+++ b/arch/cris/Kconfig -@@ -47,6 +47,7 @@ config CRIS - select GENERIC_IOMAP - select GENERIC_SMP_IDLE_THREAD if ETRAX_ARCH_V32 - select GENERIC_CMOS_UPDATE -+ select MODULES_USE_ELF_RELA - - config HZ - int -diff --git a/arch/cris/include/asm/Kbuild b/arch/cris/include/asm/Kbuild -index 04d02a5..28b690d 100644 ---- a/arch/cris/include/asm/Kbuild -+++ b/arch/cris/include/asm/Kbuild -@@ -7,3 +7,5 @@ header-y += ethernet.h - header-y += etraxgpio.h - header-y += rs485.h - header-y += sync_serial.h -+ -+generic-y += module.h -diff --git a/arch/cris/include/asm/module.h b/arch/cris/include/asm/module.h -deleted file mode 100644 -index 7ee7231..0000000 ---- a/arch/cris/include/asm/module.h -+++ /dev/null -@@ -1,9 +0,0 @@ --#ifndef _ASM_CRIS_MODULE_H --#define _ASM_CRIS_MODULE_H --/* cris is simple */ --struct mod_arch_specific { }; -- --#define Elf_Shdr Elf32_Shdr --#define Elf_Sym Elf32_Sym --#define Elf_Ehdr Elf32_Ehdr --#endif /* _ASM_CRIS_MODULE_H */ -diff --git a/arch/frv/include/asm/module.h b/arch/frv/include/asm/module.h -index 3d5c636..a8848f0 100644 ---- a/arch/frv/include/asm/module.h -+++ b/arch/frv/include/asm/module.h -@@ -11,13 +11,7 @@ - #ifndef _ASM_MODULE_H - #define _ASM_MODULE_H - --struct mod_arch_specific --{ --}; -- --#define Elf_Shdr Elf32_Shdr --#define Elf_Sym Elf32_Sym --#define Elf_Ehdr Elf32_Ehdr -+#include - - /* - * Include the architecture version. -diff --git a/arch/h8300/Kconfig b/arch/h8300/Kconfig -index 5e8a0d9..c149d3b29 100644 ---- a/arch/h8300/Kconfig -+++ b/arch/h8300/Kconfig -@@ -6,6 +6,7 @@ config H8300 - select ARCH_WANT_IPC_PARSE_VERSION - select GENERIC_IRQ_SHOW - select GENERIC_CPU_DEVICES -+ select MODULES_USE_ELF_RELA - - config SYMBOL_PREFIX - string -diff --git a/arch/h8300/include/asm/Kbuild b/arch/h8300/include/asm/Kbuild -index c68e168..871382d 100644 ---- a/arch/h8300/include/asm/Kbuild -+++ b/arch/h8300/include/asm/Kbuild -@@ -1 +1,3 @@ - include include/asm-generic/Kbuild.asm -+ -+generic-y += module.h -diff --git a/arch/h8300/include/asm/module.h b/arch/h8300/include/asm/module.h -deleted file mode 100644 -index 8e46724..0000000 ---- a/arch/h8300/include/asm/module.h -+++ /dev/null -@@ -1,11 +0,0 @@ --#ifndef _ASM_H8300_MODULE_H --#define _ASM_H8300_MODULE_H --/* -- * This file contains the H8/300 architecture specific module code. -- */ --struct mod_arch_specific { }; --#define Elf_Shdr Elf32_Shdr --#define Elf_Sym Elf32_Sym --#define Elf_Ehdr Elf32_Ehdr -- --#endif /* _ASM_H8/300_MODULE_H */ -diff --git a/arch/hexagon/Kconfig b/arch/hexagon/Kconfig -index b2fdfb7..0744f7d 100644 ---- a/arch/hexagon/Kconfig -+++ b/arch/hexagon/Kconfig -@@ -30,6 +30,7 @@ config HEXAGON - select KTIME_SCALAR - select GENERIC_CLOCKEVENTS - select GENERIC_CLOCKEVENTS_BROADCAST -+ select MODULES_USE_ELF_RELA - ---help--- - Qualcomm Hexagon is a processor architecture designed for high - performance and low power across a wide variety of applications. -diff --git a/arch/ia64/Kconfig b/arch/ia64/Kconfig -index 310cf57..6881464 100644 ---- a/arch/ia64/Kconfig -+++ b/arch/ia64/Kconfig -@@ -39,6 +39,8 @@ config IA64 - select ARCH_THREAD_INFO_ALLOCATOR - select ARCH_CLOCKSOURCE_DATA - select GENERIC_TIME_VSYSCALL -+ select HAVE_MOD_ARCH_SPECIFIC -+ select MODULES_USE_ELF_RELA - default y - help - The Itanium Processor Family is Intel's 64-bit successor to -diff --git a/arch/ia64/include/asm/module.h b/arch/ia64/include/asm/module.h -index 908eaef..dfba22a 100644 ---- a/arch/ia64/include/asm/module.h -+++ b/arch/ia64/include/asm/module.h -@@ -1,6 +1,8 @@ - #ifndef _ASM_IA64_MODULE_H - #define _ASM_IA64_MODULE_H - -+#include -+ - /* - * IA-64-specific support for kernel module loader. - * -@@ -29,10 +31,6 @@ struct mod_arch_specific { - unsigned int next_got_entry; /* index of next available got entry */ - }; - --#define Elf_Shdr Elf64_Shdr --#define Elf_Sym Elf64_Sym --#define Elf_Ehdr Elf64_Ehdr -- - #define MODULE_PROC_FAMILY "ia64" - #define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY \ - "gcc-" __stringify(__GNUC__) "." __stringify(__GNUC_MINOR__) -diff --git a/arch/m32r/Kconfig b/arch/m32r/Kconfig -index 49498bb..fc61533 100644 ---- a/arch/m32r/Kconfig -+++ b/arch/m32r/Kconfig -@@ -13,6 +13,7 @@ config M32R - select GENERIC_IRQ_SHOW - select GENERIC_ATOMIC64 - select ARCH_USES_GETTIMEOFFSET -+ select MODULES_USE_ELF_RELA - - config SBUS - bool -diff --git a/arch/m32r/include/asm/Kbuild b/arch/m32r/include/asm/Kbuild -index c68e168..871382d 100644 ---- a/arch/m32r/include/asm/Kbuild -+++ b/arch/m32r/include/asm/Kbuild -@@ -1 +1,3 @@ - include include/asm-generic/Kbuild.asm -+ -+generic-y += module.h -diff --git a/arch/m32r/include/asm/module.h b/arch/m32r/include/asm/module.h -deleted file mode 100644 -index eb73ee0..0000000 ---- a/arch/m32r/include/asm/module.h -+++ /dev/null -@@ -1,10 +0,0 @@ --#ifndef _ASM_M32R_MODULE_H --#define _ASM_M32R_MODULE_H -- --struct mod_arch_specific { }; -- --#define Elf_Shdr Elf32_Shdr --#define Elf_Sym Elf32_Sym --#define Elf_Ehdr Elf32_Ehdr -- --#endif /* _ASM_M32R_MODULE_H */ -diff --git a/arch/m32r/kernel/module.c b/arch/m32r/kernel/module.c -index 3071fe8..38233b6 100644 ---- a/arch/m32r/kernel/module.c -+++ b/arch/m32r/kernel/module.c -@@ -201,18 +201,3 @@ int apply_relocate_add(Elf32_Shdr *sechdrs, - } - return 0; - } -- --int apply_relocate(Elf32_Shdr *sechdrs, -- const char *strtab, -- unsigned int symindex, -- unsigned int relsec, -- struct module *me) --{ --#if 0 -- printk(KERN_ERR "module %s: REL RELOCATION unsupported\n", -- me->name); -- return -ENOEXEC; --#endif -- return 0; -- --} -diff --git a/arch/m68k/Kconfig b/arch/m68k/Kconfig -index 4a46990..714a850 100644 ---- a/arch/m68k/Kconfig -+++ b/arch/m68k/Kconfig -@@ -12,6 +12,9 @@ config M68K - select FPU if MMU - select ARCH_WANT_IPC_PARSE_VERSION - select ARCH_USES_GETTIMEOFFSET if MMU && !COLDFIRE -+ select HAVE_MOD_ARCH_SPECIFIC -+ select MODULES_USE_ELF_REL -+ select MODULES_USE_ELF_RELA - - config RWSEM_GENERIC_SPINLOCK - bool -diff --git a/arch/m68k/include/asm/module.h b/arch/m68k/include/asm/module.h -index edffe66..8b58fce 100644 ---- a/arch/m68k/include/asm/module.h -+++ b/arch/m68k/include/asm/module.h -@@ -1,6 +1,8 @@ - #ifndef _ASM_M68K_MODULE_H - #define _ASM_M68K_MODULE_H - -+#include -+ - enum m68k_fixup_type { - m68k_fixup_memoffset, - m68k_fixup_vnode_shift, -@@ -36,8 +38,4 @@ struct module; - extern void module_fixup(struct module *mod, struct m68k_fixup_info *start, - struct m68k_fixup_info *end); - --#define Elf_Shdr Elf32_Shdr --#define Elf_Sym Elf32_Sym --#define Elf_Ehdr Elf32_Ehdr -- - #endif /* _ASM_M68K_MODULE_H */ -diff --git a/arch/microblaze/Kconfig b/arch/microblaze/Kconfig -index ab9afca..b4f409f 100644 ---- a/arch/microblaze/Kconfig -+++ b/arch/microblaze/Kconfig -@@ -24,6 +24,7 @@ config MICROBLAZE - select GENERIC_CPU_DEVICES - select GENERIC_ATOMIC64 - select GENERIC_CLOCKEVENTS -+ select MODULES_USE_ELF_RELA - - config SWAP - def_bool n -diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig -index 331d574..5ff52db 100644 ---- a/arch/mips/Kconfig -+++ b/arch/mips/Kconfig -@@ -36,6 +36,9 @@ config MIPS - select BUILDTIME_EXTABLE_SORT - select GENERIC_CLOCKEVENTS - select GENERIC_CMOS_UPDATE -+ select HAVE_MOD_ARCH_SPECIFIC -+ select MODULES_USE_ELF_REL -+ select MODULES_USE_ELF_RELA if 64BIT - - menu "Machine selection" - -diff --git a/arch/mips/include/asm/module.h b/arch/mips/include/asm/module.h -index 7531ecd..c93b62b 100644 ---- a/arch/mips/include/asm/module.h -+++ b/arch/mips/include/asm/module.h -@@ -34,11 +34,14 @@ typedef struct { - } Elf64_Mips_Rela; - - #ifdef CONFIG_32BIT -- - #define Elf_Shdr Elf32_Shdr - #define Elf_Sym Elf32_Sym - #define Elf_Ehdr Elf32_Ehdr - #define Elf_Addr Elf32_Addr -+#define Elf_Rel Elf32_Rel -+#define Elf_Rela Elf32_Rela -+#define ELF_R_TYPE(X) ELF32_R_TYPE(X) -+#define ELF_R_SYM(X) ELF32_R_SYM(X) - - #define Elf_Mips_Rel Elf32_Rel - #define Elf_Mips_Rela Elf32_Rela -@@ -49,11 +52,14 @@ typedef struct { - #endif - - #ifdef CONFIG_64BIT -- - #define Elf_Shdr Elf64_Shdr - #define Elf_Sym Elf64_Sym - #define Elf_Ehdr Elf64_Ehdr - #define Elf_Addr Elf64_Addr -+#define Elf_Rel Elf64_Rel -+#define Elf_Rela Elf64_Rela -+#define ELF_R_TYPE(X) ELF64_R_TYPE(X) -+#define ELF_R_SYM(X) ELF64_R_SYM(X) - - #define Elf_Mips_Rel Elf64_Mips_Rel - #define Elf_Mips_Rela Elf64_Mips_Rela -diff --git a/arch/mips/kernel/module.c b/arch/mips/kernel/module.c -index 4f8c3cb..9f102cf 100644 ---- a/arch/mips/kernel/module.c -+++ b/arch/mips/kernel/module.c -@@ -324,6 +324,7 @@ int apply_relocate(Elf_Shdr *sechdrs, const char *strtab, - return 0; - } - -+#ifdef CONFIG_MODULES_USE_ELF_RELA - int apply_relocate_add(Elf_Shdr *sechdrs, const char *strtab, - unsigned int symindex, unsigned int relsec, - struct module *me) -@@ -363,6 +364,7 @@ int apply_relocate_add(Elf_Shdr *sechdrs, const char *strtab, - - return 0; - } -+#endif - - /* Given an address, look for it in the module exception tables. */ - const struct exception_table_entry *search_module_dbetables(unsigned long addr) -diff --git a/arch/mn10300/Kconfig b/arch/mn10300/Kconfig -index 5cfb086..aa03f2e 100644 ---- a/arch/mn10300/Kconfig -+++ b/arch/mn10300/Kconfig -@@ -8,6 +8,7 @@ config MN10300 - select HAVE_ARCH_KGDB - select HAVE_NMI_WATCHDOG if MN10300_WD_TIMER - select GENERIC_CLOCKEVENTS -+ select MODULES_USE_ELF_RELA - - config AM33_2 - def_bool n -diff --git a/arch/mn10300/include/asm/module.h b/arch/mn10300/include/asm/module.h -index 5d7057d..6571103 100644 ---- a/arch/mn10300/include/asm/module.h -+++ b/arch/mn10300/include/asm/module.h -@@ -12,12 +12,7 @@ - #ifndef _ASM_MODULE_H - #define _ASM_MODULE_H - --struct mod_arch_specific { --}; -- --#define Elf_Shdr Elf32_Shdr --#define Elf_Sym Elf32_Sym --#define Elf_Ehdr Elf32_Ehdr -+#include - - /* - * Include the MN10300 architecture version. -diff --git a/arch/openrisc/Kconfig b/arch/openrisc/Kconfig -index 49765b5..05f2ba4 100644 ---- a/arch/openrisc/Kconfig -+++ b/arch/openrisc/Kconfig -@@ -21,6 +21,7 @@ config OPENRISC - select GENERIC_CLOCKEVENTS - select GENERIC_STRNCPY_FROM_USER - select GENERIC_STRNLEN_USER -+ select MODULES_USE_ELF_RELA - - config MMU - def_bool y -diff --git a/arch/parisc/Kconfig b/arch/parisc/Kconfig -index 3ff21b5..166d991 100644 ---- a/arch/parisc/Kconfig -+++ b/arch/parisc/Kconfig -@@ -19,6 +19,8 @@ config PARISC - select ARCH_HAVE_NMI_SAFE_CMPXCHG - select GENERIC_SMP_IDLE_THREAD - select GENERIC_STRNCPY_FROM_USER -+ select HAVE_MOD_ARCH_SPECIFIC -+ select MODULES_USE_ELF_RELA - - help - The PA-RISC microprocessor is designed by Hewlett-Packard and used -diff --git a/arch/parisc/include/asm/module.h b/arch/parisc/include/asm/module.h -index 1f41234..bab37e9 100644 ---- a/arch/parisc/include/asm/module.h -+++ b/arch/parisc/include/asm/module.h -@@ -1,21 +1,11 @@ - #ifndef _ASM_PARISC_MODULE_H - #define _ASM_PARISC_MODULE_H -+ -+#include -+ - /* - * This file contains the parisc architecture specific module code. - */ --#ifdef CONFIG_64BIT --#define Elf_Shdr Elf64_Shdr --#define Elf_Sym Elf64_Sym --#define Elf_Ehdr Elf64_Ehdr --#define Elf_Addr Elf64_Addr --#define Elf_Rela Elf64_Rela --#else --#define Elf_Shdr Elf32_Shdr --#define Elf_Sym Elf32_Sym --#define Elf_Ehdr Elf32_Ehdr --#define Elf_Addr Elf32_Addr --#define Elf_Rela Elf32_Rela --#endif - - struct unwind_table; - -diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig -index 352f416..74f8478 100644 ---- a/arch/powerpc/Kconfig -+++ b/arch/powerpc/Kconfig -@@ -139,6 +139,8 @@ config PPC - select GENERIC_CLOCKEVENTS - select GENERIC_STRNCPY_FROM_USER - select GENERIC_STRNLEN_USER -+ select HAVE_MOD_ARCH_SPECIFIC -+ select MODULES_USE_ELF_RELA - - config EARLY_PRINTK - bool -diff --git a/arch/powerpc/include/asm/module.h b/arch/powerpc/include/asm/module.h -index 0192a4e..c1df590 100644 ---- a/arch/powerpc/include/asm/module.h -+++ b/arch/powerpc/include/asm/module.h -@@ -11,6 +11,7 @@ - - #include - #include -+#include - - - #ifndef __powerpc64__ -@@ -60,16 +61,10 @@ struct mod_arch_specific { - */ - - #ifdef __powerpc64__ --# define Elf_Shdr Elf64_Shdr --# define Elf_Sym Elf64_Sym --# define Elf_Ehdr Elf64_Ehdr - # ifdef MODULE - asm(".section .stubs,\"ax\",@nobits; .align 3; .previous"); - # endif - #else --# define Elf_Shdr Elf32_Shdr --# define Elf_Sym Elf32_Sym --# define Elf_Ehdr Elf32_Ehdr - # ifdef MODULE - asm(".section .plt,\"ax\",@nobits; .align 3; .previous"); - asm(".section .init.plt,\"ax\",@nobits; .align 3; .previous"); -diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig -index 107610e..c76a052 100644 ---- a/arch/s390/Kconfig -+++ b/arch/s390/Kconfig -@@ -125,6 +125,8 @@ config S390 - select GENERIC_CLOCKEVENTS - select KTIME_SCALAR if 32BIT - select HAVE_ARCH_SECCOMP_FILTER -+ select HAVE_MOD_ARCH_SPECIFIC -+ select MODULES_USE_ELF_RELA - - config SCHED_OMIT_FRAME_POINTER - def_bool y -diff --git a/arch/s390/include/asm/module.h b/arch/s390/include/asm/module.h -index f0b6b26..df1f861 100644 ---- a/arch/s390/include/asm/module.h -+++ b/arch/s390/include/asm/module.h -@@ -1,5 +1,8 @@ - #ifndef _ASM_S390_MODULE_H - #define _ASM_S390_MODULE_H -+ -+#include -+ - /* - * This file contains the s390 architecture specific module code. - */ -@@ -28,19 +31,4 @@ struct mod_arch_specific - struct mod_arch_syminfo *syminfo; - }; - --#ifdef CONFIG_64BIT --#define ElfW(x) Elf64_ ## x --#define ELFW(x) ELF64_ ## x --#else --#define ElfW(x) Elf32_ ## x --#define ELFW(x) ELF32_ ## x --#endif -- --#define Elf_Addr ElfW(Addr) --#define Elf_Rela ElfW(Rela) --#define Elf_Shdr ElfW(Shdr) --#define Elf_Sym ElfW(Sym) --#define Elf_Ehdr ElfW(Ehdr) --#define ELF_R_SYM ELFW(R_SYM) --#define ELF_R_TYPE ELFW(R_TYPE) - #endif /* _ASM_S390_MODULE_H */ -diff --git a/arch/score/Kconfig b/arch/score/Kconfig -index ba0f412..e2c8db4 100644 ---- a/arch/score/Kconfig -+++ b/arch/score/Kconfig -@@ -10,6 +10,8 @@ config SCORE - select ARCH_DISCARD_MEMBLOCK - select GENERIC_CPU_DEVICES - select GENERIC_CLOCKEVENTS -+ select HAVE_MOD_ARCH_SPECIFIC -+ select MODULES_USE_ELF_REL - - choice - prompt "System type" -diff --git a/arch/score/include/asm/module.h b/arch/score/include/asm/module.h -index f0b5dc0..abf395b 100644 ---- a/arch/score/include/asm/module.h -+++ b/arch/score/include/asm/module.h -@@ -3,6 +3,7 @@ - - #include - #include -+#include - - struct mod_arch_specific { - /* Data Bus Error exception tables */ -@@ -13,11 +14,6 @@ struct mod_arch_specific { - - typedef uint8_t Elf64_Byte; /* Type for a 8-bit quantity. */ - --#define Elf_Shdr Elf32_Shdr --#define Elf_Sym Elf32_Sym --#define Elf_Ehdr Elf32_Ehdr --#define Elf_Addr Elf32_Addr -- - /* Given an address, look for it in the exception tables. */ - #ifdef CONFIG_MODULES - const struct exception_table_entry *search_module_dbetables(unsigned long addr); -diff --git a/arch/score/kernel/module.c b/arch/score/kernel/module.c -index 469e3b6..1378d99 100644 ---- a/arch/score/kernel/module.c -+++ b/arch/score/kernel/module.c -@@ -125,16 +125,6 @@ int apply_relocate(Elf_Shdr *sechdrs, const char *strtab, - return 0; - } - --int apply_relocate_add(Elf_Shdr *sechdrs, const char *strtab, -- unsigned int symindex, unsigned int relsec, -- struct module *me) --{ -- /* Non-standard return value... most other arch's return -ENOEXEC -- * for an unsupported relocation variant -- */ -- return 0; --} -- - /* Given an address, look for it in the module exception tables. */ - const struct exception_table_entry *search_module_dbetables(unsigned long addr) - { -diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig -index 36f5141..656329a 100644 ---- a/arch/sh/Kconfig -+++ b/arch/sh/Kconfig -@@ -35,6 +35,8 @@ config SUPERH - select GENERIC_CMOS_UPDATE if SH_SH03 || SH_DREAMCAST - select GENERIC_STRNCPY_FROM_USER - select GENERIC_STRNLEN_USER -+ select HAVE_MOD_ARCH_SPECIFIC if DWARF_UNWINDER -+ select MODULES_USE_ELF_RELA - help - The SuperH is a RISC processor targeted for use in embedded systems - and consumer electronics; it was also used in the Sega Dreamcast -diff --git a/arch/sh/include/asm/module.h b/arch/sh/include/asm/module.h -index b7927de..81300d8b 100644 ---- a/arch/sh/include/asm/module.h -+++ b/arch/sh/include/asm/module.h -@@ -1,21 +1,13 @@ - #ifndef _ASM_SH_MODULE_H - #define _ASM_SH_MODULE_H - --struct mod_arch_specific { -+#include -+ - #ifdef CONFIG_DWARF_UNWINDER -+struct mod_arch_specific { - struct list_head fde_list; - struct list_head cie_list; --#endif - }; -- --#ifdef CONFIG_64BIT --#define Elf_Shdr Elf64_Shdr --#define Elf_Sym Elf64_Sym --#define Elf_Ehdr Elf64_Ehdr --#else --#define Elf_Shdr Elf32_Shdr --#define Elf_Sym Elf32_Sym --#define Elf_Ehdr Elf32_Ehdr - #endif - - #ifdef CONFIG_CPU_LITTLE_ENDIAN -diff --git a/arch/sparc/Kconfig b/arch/sparc/Kconfig -index 67f1f6f..a244e70 100644 ---- a/arch/sparc/Kconfig -+++ b/arch/sparc/Kconfig -@@ -37,6 +37,7 @@ config SPARC - select GENERIC_CLOCKEVENTS - select GENERIC_STRNCPY_FROM_USER - select GENERIC_STRNLEN_USER -+ select MODULES_USE_ELF_RELA - - config SPARC32 - def_bool !64BIT -diff --git a/arch/sparc/include/asm/Kbuild b/arch/sparc/include/asm/Kbuild -index 67f83e0..fbe1cb5 100644 ---- a/arch/sparc/include/asm/Kbuild -+++ b/arch/sparc/include/asm/Kbuild -@@ -21,4 +21,5 @@ generic-y += div64.h - generic-y += local64.h - generic-y += irq_regs.h - generic-y += local.h -+generic-y += module.h - generic-y += word-at-a-time.h -diff --git a/arch/sparc/include/asm/module.h b/arch/sparc/include/asm/module.h -deleted file mode 100644 -index ff8e02d..0000000 ---- a/arch/sparc/include/asm/module.h -+++ /dev/null -@@ -1,24 +0,0 @@ --#ifndef __SPARC_MODULE_H --#define __SPARC_MODULE_H --struct mod_arch_specific { }; -- --/* -- * Use some preprocessor magic to define the correct symbol -- * for sparc32 and sparc64. -- * Elf_Addr becomes Elf32_Addr for sparc32 and Elf64_Addr for sparc64 -- */ --#define ___ELF(a, b, c) a##b##c --#define __ELF(a, b, c) ___ELF(a, b, c) --#define _Elf(t) __ELF(Elf, CONFIG_BITS, t) --#define _ELF(t) __ELF(ELF, CONFIG_BITS, t) -- --#define Elf_Shdr _Elf(_Shdr) --#define Elf_Sym _Elf(_Sym) --#define Elf_Ehdr _Elf(_Ehdr) --#define Elf_Rela _Elf(_Rela) --#define Elf_Addr _Elf(_Addr) -- --#define ELF_R_SYM _ELF(_R_SYM) --#define ELF_R_TYPE _ELF(_R_TYPE) -- --#endif /* __SPARC_MODULE_H */ -diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig -index 932e443..1603f30 100644 ---- a/arch/tile/Kconfig -+++ b/arch/tile/Kconfig -@@ -17,6 +17,7 @@ config TILE - select SYS_HYPERVISOR - select ARCH_HAVE_NMI_SAFE_CMPXCHG - select GENERIC_CLOCKEVENTS -+ select MODULES_USE_ELF_RELA - - # FIXME: investigate whether we need/want these options. - # select HAVE_IOREMAP_PROT -diff --git a/arch/unicore32/Kconfig b/arch/unicore32/Kconfig -index b0a4743..5ef0814 100644 ---- a/arch/unicore32/Kconfig -+++ b/arch/unicore32/Kconfig -@@ -14,6 +14,7 @@ config UNICORE32 - select GENERIC_IRQ_SHOW - select ARCH_WANT_FRAME_POINTERS - select GENERIC_IOMAP -+ select MODULES_USE_ELF_REL - help - UniCore-32 is 32-bit Instruction Set Architecture, - including a series of low-power-consumption RISC chip -diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 8ec3a1a..01726cb 100644 ---- a/arch/x86/Kconfig -+++ b/arch/x86/Kconfig -@@ -97,6 +97,8 @@ config X86 - select KTIME_SCALAR if X86_32 - select GENERIC_STRNCPY_FROM_USER - select GENERIC_STRNLEN_USER -+ select MODULES_USE_ELF_REL if X86_32 -+ select MODULES_USE_ELF_RELA if X86_64 - - config INSTRUCTION_DECODER - def_bool (KPROBES || PERF_EVENTS || UPROBES) -diff --git a/arch/x86/um/Kconfig b/arch/x86/um/Kconfig -index 9926e11..a4b0c10 100644 ---- a/arch/x86/um/Kconfig -+++ b/arch/x86/um/Kconfig -@@ -21,9 +21,11 @@ config 64BIT - config X86_32 - def_bool !64BIT - select HAVE_AOUT -+ select MODULES_USE_ELF_REL - - config X86_64 - def_bool 64BIT -+ select MODULES_USE_ELF_RELA - - config RWSEM_XCHGADD_ALGORITHM - def_bool X86_XADD && 64BIT -diff --git a/arch/xtensa/Kconfig b/arch/xtensa/Kconfig -index 8ed64cf..4816e44 100644 ---- a/arch/xtensa/Kconfig -+++ b/arch/xtensa/Kconfig -@@ -11,6 +11,7 @@ config XTENSA - select HAVE_GENERIC_HARDIRQS - select GENERIC_IRQ_SHOW - select GENERIC_CPU_DEVICES -+ select MODULES_USE_ELF_RELA - help - Xtensa processors are 32-bit RISC machines designed by Tensilica - primarily for embedded systems. These processors are both -diff --git a/arch/xtensa/include/asm/module.h b/arch/xtensa/include/asm/module.h -index d9b34be..488b40c 100644 ---- a/arch/xtensa/include/asm/module.h -+++ b/arch/xtensa/include/asm/module.h -@@ -13,15 +13,8 @@ - #ifndef _XTENSA_MODULE_H - #define _XTENSA_MODULE_H - --struct mod_arch_specific --{ -- /* No special elements, yet. */ --}; -- - #define MODULE_ARCH_VERMAGIC "xtensa-" __stringify(XCHAL_CORE_ID) " " - --#define Elf_Shdr Elf32_Shdr --#define Elf_Sym Elf32_Sym --#define Elf_Ehdr Elf32_Ehdr -+#include - - #endif /* _XTENSA_MODULE_H */ -diff --git a/include/asm-generic/module.h b/include/asm-generic/module.h -index ed5b44d..14dc41d 100644 ---- a/include/asm-generic/module.h -+++ b/include/asm-generic/module.h -@@ -5,18 +5,44 @@ - * Many architectures just need a simple module - * loader without arch specific data. - */ -+#ifndef CONFIG_HAVE_MOD_ARCH_SPECIFIC - struct mod_arch_specific - { - }; -+#endif - - #ifdef CONFIG_64BIT --#define Elf_Shdr Elf64_Shdr --#define Elf_Sym Elf64_Sym --#define Elf_Ehdr Elf64_Ehdr --#else --#define Elf_Shdr Elf32_Shdr --#define Elf_Sym Elf32_Sym --#define Elf_Ehdr Elf32_Ehdr -+#define Elf_Shdr Elf64_Shdr -+#define Elf_Phdr Elf64_Phdr -+#define Elf_Sym Elf64_Sym -+#define Elf_Dyn Elf64_Dyn -+#define Elf_Ehdr Elf64_Ehdr -+#define Elf_Addr Elf64_Addr -+#ifdef CONFIG_MODULES_USE_ELF_REL -+#define Elf_Rel Elf64_Rel -+#endif -+#ifdef CONFIG_MODULES_USE_ELF_RELA -+#define Elf_Rela Elf64_Rela -+#endif -+#define ELF_R_TYPE(X) ELF64_R_TYPE(X) -+#define ELF_R_SYM(X) ELF64_R_SYM(X) -+ -+#else /* CONFIG_64BIT */ -+ -+#define Elf_Shdr Elf32_Shdr -+#define Elf_Phdr Elf32_Phdr -+#define Elf_Sym Elf32_Sym -+#define Elf_Dyn Elf32_Dyn -+#define Elf_Ehdr Elf32_Ehdr -+#define Elf_Addr Elf32_Addr -+#ifdef CONFIG_MODULES_USE_ELF_REL -+#define Elf_Rel Elf32_Rel -+#endif -+#ifdef CONFIG_MODULES_USE_ELF_RELA -+#define Elf_Rela Elf32_Rela -+#endif -+#define ELF_R_TYPE(X) ELF32_R_TYPE(X) -+#define ELF_R_SYM(X) ELF32_R_SYM(X) - #endif - - #endif /* __ASM_GENERIC_MODULE_H */ -diff --git a/include/linux/moduleloader.h b/include/linux/moduleloader.h -index b2be02e..560ca53 100644 ---- a/include/linux/moduleloader.h -+++ b/include/linux/moduleloader.h -@@ -28,21 +28,49 @@ void *module_alloc(unsigned long size); - /* Free memory returned from module_alloc. */ - void module_free(struct module *mod, void *module_region); - --/* Apply the given relocation to the (simplified) ELF. Return -error -- or 0. */ -+/* -+ * Apply the given relocation to the (simplified) ELF. Return -error -+ * or 0. -+ */ -+#ifdef CONFIG_MODULES_USE_ELF_REL - int apply_relocate(Elf_Shdr *sechdrs, - const char *strtab, - unsigned int symindex, - unsigned int relsec, - struct module *mod); -+#else -+static inline int apply_relocate(Elf_Shdr *sechdrs, -+ const char *strtab, -+ unsigned int symindex, -+ unsigned int relsec, -+ struct module *me) -+{ -+ printk(KERN_ERR "module %s: REL relocation unsupported\n", me->name); -+ return -ENOEXEC; -+} -+#endif - --/* Apply the given add relocation to the (simplified) ELF. Return -- -error or 0 */ -+/* -+ * Apply the given add relocation to the (simplified) ELF. Return -+ * -error or 0 -+ */ -+#ifdef CONFIG_MODULES_USE_ELF_RELA - int apply_relocate_add(Elf_Shdr *sechdrs, - const char *strtab, - unsigned int symindex, - unsigned int relsec, - struct module *mod); -+#else -+static inline int apply_relocate_add(Elf_Shdr *sechdrs, -+ const char *strtab, -+ unsigned int symindex, -+ unsigned int relsec, -+ struct module *me) -+{ -+ printk(KERN_ERR "module %s: REL relocation unsupported\n", me->name); -+ return -ENOEXEC; -+} -+#endif - - /* Any final processing of module before access. Return -error or 0. */ - int module_finalize(const Elf_Ehdr *hdr, -diff --git a/kernel/module.c b/kernel/module.c -index 4edbd9c..087aeed 100644 ---- a/kernel/module.c -+++ b/kernel/module.c -@@ -1949,26 +1949,6 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) - return ret; - } - --int __weak apply_relocate(Elf_Shdr *sechdrs, -- const char *strtab, -- unsigned int symindex, -- unsigned int relsec, -- struct module *me) --{ -- pr_err("module %s: REL relocation unsupported\n", me->name); -- return -ENOEXEC; --} -- --int __weak apply_relocate_add(Elf_Shdr *sechdrs, -- const char *strtab, -- unsigned int symindex, -- unsigned int relsec, -- struct module *me) --{ -- pr_err("module %s: RELA relocation unsupported\n", me->name); -- return -ENOEXEC; --} -- - static int apply_relocations(struct module *mod, const struct load_info *info) - { - unsigned int i; --- -1.7.11.4 - - -From c6cfa3260f1e2961e69a2e3240695954aed24976 Mon Sep 17 00:00:00 2001 -From: Ralf Baechle -Date: Thu, 16 Aug 2012 01:38:43 +0100 -Subject: [PATCH 18/32] MIPS: Fix module.c build for 32 bit - -Fixes build failure introduced by "Make most arch asm/module.h files use -asm-generic/module.h" by moving all the RELA processing code to a -separate file to be used only for RELA processing on 64-bit kernels. - - CC arch/mips/kernel/module.o -arch/mips/kernel/module.c:250:14: error: 'reloc_handlers_rela' defined but not -used [-Werror=unused-variable] -cc1: all warnings being treated as errors - -make[6]: *** [arch/mips/kernel/module.o] Error 1 - -Signed-off-by: Ralf Baechle -Signed-off-by: David Howells ---- - arch/mips/kernel/Makefile | 1 + - arch/mips/kernel/module-rela.c | 144 +++++++++++++++++++++++++++++++++++++++++ - arch/mips/kernel/module.c | 124 +---------------------------------- - arch/mips/kernel/module.h | 12 ++++ - 4 files changed, 159 insertions(+), 122 deletions(-) - create mode 100644 arch/mips/kernel/module-rela.c - create mode 100644 arch/mips/kernel/module.h - -diff --git a/arch/mips/kernel/module-rela.c b/arch/mips/kernel/module-rela.c -new file mode 100644 -index 0000000..4e784a8 ---- /dev/null -+++ b/arch/mips/kernel/module-rela.c -@@ -0,0 +1,144 @@ -+/* -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, write to the Free Software -+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -+ * -+ * Copyright (C) 2001 Rusty Russell. -+ * Copyright (C) 2003, 2004 Ralf Baechle (ralf@linux-mips.org) -+ * Copyright (C) 2005 Thiemo Seufer -+ */ -+ -+#include -+#include -+#include -+#include -+#include "module.h" -+ -+static int apply_r_mips_32_rela(struct module *me, u32 *location, Elf_Addr v) -+{ -+ *location = v; -+ -+ return 0; -+} -+ -+static int apply_r_mips_26_rela(struct module *me, u32 *location, Elf_Addr v) -+{ -+ if (v % 4) { -+ pr_err("module %s: dangerous R_MIPS_26 RELArelocation\n", -+ me->name); -+ return -ENOEXEC; -+ } -+ -+ if ((v & 0xf0000000) != (((unsigned long)location + 4) & 0xf0000000)) { -+ printk(KERN_ERR -+ "module %s: relocation overflow\n", -+ me->name); -+ return -ENOEXEC; -+ } -+ -+ *location = (*location & ~0x03ffffff) | ((v >> 2) & 0x03ffffff); -+ -+ return 0; -+} -+ -+static int apply_r_mips_hi16_rela(struct module *me, u32 *location, Elf_Addr v) -+{ -+ *location = (*location & 0xffff0000) | -+ ((((long long) v + 0x8000LL) >> 16) & 0xffff); -+ -+ return 0; -+} -+ -+static int apply_r_mips_lo16_rela(struct module *me, u32 *location, Elf_Addr v) -+{ -+ *location = (*location & 0xffff0000) | (v & 0xffff); -+ -+ return 0; -+} -+ -+static int apply_r_mips_64_rela(struct module *me, u32 *location, Elf_Addr v) -+{ -+ *(Elf_Addr *)location = v; -+ -+ return 0; -+} -+ -+static int apply_r_mips_higher_rela(struct module *me, u32 *location, -+ Elf_Addr v) -+{ -+ *location = (*location & 0xffff0000) | -+ ((((long long) v + 0x80008000LL) >> 32) & 0xffff); -+ -+ return 0; -+} -+ -+static int apply_r_mips_highest_rela(struct module *me, u32 *location, -+ Elf_Addr v) -+{ -+ *location = (*location & 0xffff0000) | -+ ((((long long) v + 0x800080008000LL) >> 48) & 0xffff); -+ -+ return 0; -+} -+ -+static int (*reloc_handlers_rela[]) (struct module *me, u32 *location, -+ Elf_Addr v) = { -+ [R_MIPS_NONE] = apply_r_mips_none, -+ [R_MIPS_32] = apply_r_mips_32_rela, -+ [R_MIPS_26] = apply_r_mips_26_rela, -+ [R_MIPS_HI16] = apply_r_mips_hi16_rela, -+ [R_MIPS_LO16] = apply_r_mips_lo16_rela, -+ [R_MIPS_64] = apply_r_mips_64_rela, -+ [R_MIPS_HIGHER] = apply_r_mips_higher_rela, -+ [R_MIPS_HIGHEST] = apply_r_mips_highest_rela -+}; -+ -+int apply_relocate_add(Elf_Shdr *sechdrs, const char *strtab, -+ unsigned int symindex, unsigned int relsec, -+ struct module *me) -+{ -+ Elf_Mips_Rela *rel = (void *) sechdrs[relsec].sh_addr; -+ Elf_Sym *sym; -+ u32 *location; -+ unsigned int i; -+ Elf_Addr v; -+ int res; -+ -+ pr_debug("Applying relocate section %u to %u\n", relsec, -+ sechdrs[relsec].sh_info); -+ -+ for (i = 0; i < sechdrs[relsec].sh_size / sizeof(*rel); i++) { -+ /* This is where to make the change */ -+ location = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr -+ + rel[i].r_offset; -+ /* This is the symbol it is referring to */ -+ sym = (Elf_Sym *)sechdrs[symindex].sh_addr -+ + ELF_MIPS_R_SYM(rel[i]); -+ if (IS_ERR_VALUE(sym->st_value)) { -+ /* Ignore unresolved weak symbol */ -+ if (ELF_ST_BIND(sym->st_info) == STB_WEAK) -+ continue; -+ printk(KERN_WARNING "%s: Unknown symbol %s\n", -+ me->name, strtab + sym->st_name); -+ return -ENOENT; -+ } -+ -+ v = sym->st_value + rel[i].r_addend; -+ -+ res = reloc_handlers_rela[ELF_MIPS_R_TYPE(rel[i])](me, location, v); -+ if (res) -+ return res; -+ } -+ -+ return 0; -+} -diff --git a/arch/mips/kernel/module.h b/arch/mips/kernel/module.h -new file mode 100644 -index 0000000..675d091 ---- /dev/null -+++ b/arch/mips/kernel/module.h -@@ -0,0 +1,12 @@ -+/* Internal definitions for MIPS module code -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public Licence -+ * as published by the Free Software Foundation; either version -+ * 2 of the Licence, or (at your option) any later version. -+ */ -+ -+/* -+ * module.c -+ */ -+extern int apply_r_mips_none(struct module *me, u32 *location, Elf_Addr v); -diff --git a/arch/mips/kernel/Makefile b/arch/mips/kernel/Makefile -index fdaf65e..cd1e6c2 100644 ---- a/arch/mips/kernel/Makefile -+++ b/arch/mips/kernel/Makefile -@@ -31,6 +31,7 @@ obj-$(CONFIG_SYNC_R4K) += sync-r4k.o - - obj-$(CONFIG_STACKTRACE) += stacktrace.o - obj-$(CONFIG_MODULES) += mips_ksyms.o module.o -+obj-$(CONFIG_MODULES_USE_ELF_RELA) += module-rela.o - - obj-$(CONFIG_FUNCTION_TRACER) += mcount.o ftrace.o - -diff --git a/arch/mips/kernel/module.c b/arch/mips/kernel/module.c -index 9f102cf..e7dc80b 100644 ---- a/arch/mips/kernel/module.c -+++ b/arch/mips/kernel/module.c -@@ -30,6 +30,7 @@ - #include - #include - #include -+#include "module.h" - - #include /* MODULE_START */ - -@@ -51,7 +52,7 @@ void *module_alloc(unsigned long size) - } - #endif - --static int apply_r_mips_none(struct module *me, u32 *location, Elf_Addr v) -+int apply_r_mips_none(struct module *me, u32 *location, Elf_Addr v) - { - return 0; - } -@@ -63,13 +64,6 @@ static int apply_r_mips_32_rel(struct module *me, u32 *location, Elf_Addr v) - return 0; - } - --static int apply_r_mips_32_rela(struct module *me, u32 *location, Elf_Addr v) --{ -- *location = v; -- -- return 0; --} -- - static int apply_r_mips_26_rel(struct module *me, u32 *location, Elf_Addr v) - { - if (v % 4) { -@@ -91,26 +85,6 @@ static int apply_r_mips_26_rel(struct module *me, u32 *location, Elf_Addr v) - return 0; - } - --static int apply_r_mips_26_rela(struct module *me, u32 *location, Elf_Addr v) --{ -- if (v % 4) { -- pr_err("module %s: dangerous R_MIPS_26 RELArelocation\n", -- me->name); -- return -ENOEXEC; -- } -- -- if ((v & 0xf0000000) != (((unsigned long)location + 4) & 0xf0000000)) { -- printk(KERN_ERR -- "module %s: relocation overflow\n", -- me->name); -- return -ENOEXEC; -- } -- -- *location = (*location & ~0x03ffffff) | ((v >> 2) & 0x03ffffff); -- -- return 0; --} -- - static int apply_r_mips_hi16_rel(struct module *me, u32 *location, Elf_Addr v) - { - struct mips_hi16 *n; -@@ -132,14 +106,6 @@ static int apply_r_mips_hi16_rel(struct module *me, u32 *location, Elf_Addr v) - return 0; - } - --static int apply_r_mips_hi16_rela(struct module *me, u32 *location, Elf_Addr v) --{ -- *location = (*location & 0xffff0000) | -- ((((long long) v + 0x8000LL) >> 16) & 0xffff); -- -- return 0; --} -- - static void free_relocation_chain(struct mips_hi16 *l) - { - struct mips_hi16 *next; -@@ -217,38 +183,6 @@ out_danger: - return -ENOEXEC; - } - --static int apply_r_mips_lo16_rela(struct module *me, u32 *location, Elf_Addr v) --{ -- *location = (*location & 0xffff0000) | (v & 0xffff); -- -- return 0; --} -- --static int apply_r_mips_64_rela(struct module *me, u32 *location, Elf_Addr v) --{ -- *(Elf_Addr *)location = v; -- -- return 0; --} -- --static int apply_r_mips_higher_rela(struct module *me, u32 *location, -- Elf_Addr v) --{ -- *location = (*location & 0xffff0000) | -- ((((long long) v + 0x80008000LL) >> 32) & 0xffff); -- -- return 0; --} -- --static int apply_r_mips_highest_rela(struct module *me, u32 *location, -- Elf_Addr v) --{ -- *location = (*location & 0xffff0000) | -- ((((long long) v + 0x800080008000LL) >> 48) & 0xffff); -- -- return 0; --} -- - static int (*reloc_handlers_rel[]) (struct module *me, u32 *location, - Elf_Addr v) = { - [R_MIPS_NONE] = apply_r_mips_none, -@@ -258,18 +192,6 @@ static int (*reloc_handlers_rel[]) (struct module *me, u32 *location, - [R_MIPS_LO16] = apply_r_mips_lo16_rel - }; - --static int (*reloc_handlers_rela[]) (struct module *me, u32 *location, -- Elf_Addr v) = { -- [R_MIPS_NONE] = apply_r_mips_none, -- [R_MIPS_32] = apply_r_mips_32_rela, -- [R_MIPS_26] = apply_r_mips_26_rela, -- [R_MIPS_HI16] = apply_r_mips_hi16_rela, -- [R_MIPS_LO16] = apply_r_mips_lo16_rela, -- [R_MIPS_64] = apply_r_mips_64_rela, -- [R_MIPS_HIGHER] = apply_r_mips_higher_rela, -- [R_MIPS_HIGHEST] = apply_r_mips_highest_rela --}; -- - int apply_relocate(Elf_Shdr *sechdrs, const char *strtab, - unsigned int symindex, unsigned int relsec, - struct module *me) -@@ -324,48 +246,6 @@ int apply_relocate(Elf_Shdr *sechdrs, const char *strtab, - return 0; - } - --#ifdef CONFIG_MODULES_USE_ELF_RELA --int apply_relocate_add(Elf_Shdr *sechdrs, const char *strtab, -- unsigned int symindex, unsigned int relsec, -- struct module *me) --{ -- Elf_Mips_Rela *rel = (void *) sechdrs[relsec].sh_addr; -- Elf_Sym *sym; -- u32 *location; -- unsigned int i; -- Elf_Addr v; -- int res; -- -- pr_debug("Applying relocate section %u to %u\n", relsec, -- sechdrs[relsec].sh_info); -- -- for (i = 0; i < sechdrs[relsec].sh_size / sizeof(*rel); i++) { -- /* This is where to make the change */ -- location = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr -- + rel[i].r_offset; -- /* This is the symbol it is referring to */ -- sym = (Elf_Sym *)sechdrs[symindex].sh_addr -- + ELF_MIPS_R_SYM(rel[i]); -- if (IS_ERR_VALUE(sym->st_value)) { -- /* Ignore unresolved weak symbol */ -- if (ELF_ST_BIND(sym->st_info) == STB_WEAK) -- continue; -- printk(KERN_WARNING "%s: Unknown symbol %s\n", -- me->name, strtab + sym->st_name); -- return -ENOENT; -- } -- -- v = sym->st_value + rel[i].r_addend; -- -- res = reloc_handlers_rela[ELF_MIPS_R_TYPE(rel[i])](me, location, v); -- if (res) -- return res; -- } -- -- return 0; --} --#endif -- - /* Given an address, look for it in the module exception tables. */ - const struct exception_table_entry *search_module_dbetables(unsigned long addr) - { --- -1.7.11.4 - - -From 661f0147e9414fb2237f56d88d1f92d8a42345c9 Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 01:38:45 +0100 -Subject: [PATCH 19/32] Provide macros for forming the name of an ELF note and - its section - -Provide macros for stringifying the name of an ELF note and its section -appropriately so that the macro can be used in both C and assembly. - -Signed-off-by: David Howells ---- - include/linux/elfnote.h | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/include/linux/elfnote.h b/include/linux/elfnote.h -index 278e3ef..949d494 100644 ---- a/include/linux/elfnote.h -+++ b/include/linux/elfnote.h -@@ -58,6 +58,7 @@ - ELFNOTE_END - - #else /* !__ASSEMBLER__ */ -+#include - #include - /* - * Use an anonymous structure which matches the shape of -@@ -93,6 +94,9 @@ - - #define ELFNOTE32(name, type, desc) ELFNOTE(32, name, type, desc) - #define ELFNOTE64(name, type, desc) ELFNOTE(64, name, type, desc) -+ -+#define ELFNOTE_NAME(name) __stringify(name) -+#define ELFNOTE_SECTION(name) ".note."ELFNOTE_NAME(name) - #endif /* __ASSEMBLER__ */ - - #endif /* _LINUX_ELFNOTE_H */ --- -1.7.11.4 - - -From 544f02e192a8a38153d7dedc61bc107545666c0d Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 01:38:45 +0100 -Subject: [PATCH 20/32] MODSIGN: Provide gitignore and make clean rules for - extra files - -Provide gitignore and make clean rules for extra files to hide and clean up the -extra files produced by module signing stuff once it is added. Also add a -clean up rule for the module content extractor program used to extract the data -to be signed. - -Signed-off-by: David Howells ---- - .gitignore | 12 ++++++++++++ - Makefile | 1 + - scripts/mod/.gitignore | 1 + - 3 files changed, 14 insertions(+) - -diff --git a/.gitignore b/.gitignore -index 57af07c..7948eeb 100644 ---- a/.gitignore -+++ b/.gitignore -@@ -14,6 +14,9 @@ - *.o.* - *.a - *.s -+*.ko.unsigned -+*.ko.digest -+*.ko.digest.sig - *.ko - *.so - *.so.dbg -@@ -84,3 +87,12 @@ GTAGS - *.orig - *~ - \#*# -+ -+# -+# GPG leavings from module signing -+# -+genkey -+modsign.pub -+modsign.sec -+random_seed -+trustdb.gpg -diff --git a/Makefile b/Makefile -index ddf5be9..70a6b5b 100644 ---- a/Makefile -+++ b/Makefile -@@ -1239,6 +1239,7 @@ clean: $(clean-dirs) - $(call cmd,rmfiles) - @find $(if $(KBUILD_EXTMOD), $(KBUILD_EXTMOD), .) $(RCS_FIND_IGNORE) \ - \( -name '*.[oas]' -o -name '*.ko' -o -name '.*.cmd' \ -+ -o -name '*.ko.*' \ - -o -name '.*.d' -o -name '.*.tmp' -o -name '*.mod.c' \ - -o -name '*.symtypes' -o -name 'modules.order' \ - -o -name modules.builtin -o -name '.tmp_*.o.*' \ -diff --git a/scripts/mod/.gitignore b/scripts/mod/.gitignore -index e9b7abe..223dfd6 100644 ---- a/scripts/mod/.gitignore -+++ b/scripts/mod/.gitignore -@@ -1,4 +1,5 @@ - elfconfig.h - mk_elfconfig - modpost -+mod-extract - --- -1.7.11.4 - - -From 6e21809168e7b45a830ec354ec9fc1582fcffe4f Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 01:38:45 +0100 -Subject: [PATCH 21/32] MODSIGN: Provide Documentation and Kconfig options - -Provide documentation and kernel configuration options for module signing. - -The documentation can be found in: - - Documentation/module-signing.txt - -The following configuration options are added: - - (1) CONFIG_MODULE_SIG - - Enable module signing. This will both cause the build process to sign - modules and the kernel to check modules when they're loaded. - - (2) CONFIG_MODULE_SIG_SHA1 - CONFIG_MODULE_SIG_SHA224 - CONFIG_MODULE_SIG_SHA256 - CONFIG_MODULE_SIG_SHA384 - CONFIG_MODULE_SIG_SHA512 - - Select the cryptographic hash used to digest the data prior to signing. - Additionally, the crypto module selected will be built into the kernel as - it won't be possible to load it as a module without incurring a circular - dependency when the kernel tries to check its signature. - - (3) CONFIG_MODULE_SIG_FORCE - - Require that any module loaded must be signed with a key compiled into - the kernel. All other modules are rejected with EKEYREJECTED. - -Signed-off-by: David Howells ---- - Documentation/module-signing.txt | 194 +++++++++++++++++++++++++++++++++++++++ - include/linux/modsign.h | 27 ++++++ - init/Kconfig | 54 +++++++++++ - 3 files changed, 275 insertions(+) - create mode 100644 Documentation/module-signing.txt - create mode 100644 include/linux/modsign.h - -diff --git a/Documentation/module-signing.txt b/Documentation/module-signing.txt -new file mode 100644 -index 0000000..d75d473 ---- /dev/null -+++ b/Documentation/module-signing.txt -@@ -0,0 +1,194 @@ -+ ============================== -+ KERNEL MODULE SIGNING FACILITY -+ ============================== -+ -+The module signing facility applies cryptographic signature checking to modules -+on module load, checking the signature against a ring of public keys compiled -+into the kernel. GPG is used to do the cryptographic work and determines the -+format of the signature and key data. The facility uses GPG's MPI library to -+handle the huge numbers involved. -+ -+This facility is enabled through CONFIG_MODULE_SIG. Turning on signature -+checking will also force the module's ELF metadata to be verified before the -+signature is checked. -+ -+The signature checker in the kernel is capable of handling multiple keys of -+either DSA or RSA type, and can support any of MD5, RIPE-MD-160, SHA-1, -+SHA-224, SHA-256, SHA-384 and SHA-512 hashes - PROVIDED(!) the requisite -+algorithms are compiled into the kernel. -+ -+(!) NOTE: Modules may only be verified initially with algorithms compiled into -+the kernel. Further algorithm modules may be loaded and used - but these must -+first pass a verification step using already loaded/compiled-in algorithms. -+ -+ -+===================== -+SUPPLYING PUBLIC KEYS -+===================== -+ -+A set of public keys must be supplied at kernel image build time. This is done -+by taking a GPG public key file and placing it in the base of the kernel -+directory in a file called modsign.pub. -+ -+For example, a throwaway key could be generated automatically by something like -+the following: -+ -+ cat >genkey < -+ -+ This indicates the whereabouts of the GPG keyring that is the source of -+ the public key to be used. The default is "./modsign.pub". -+ -+ (*) MODKEYNAME= -+ -+ The name of the key pair to be used from the aforementioned keyrings. -+ This defaults to being unset, thus leaving the choice of default key to -+ gpg. -+ -+ (*) KEYFLAGS="gpg-options" -+ -+ Override the complete gpg command line, including the preceding three -+ options. The default options supplied to gpg are: -+ -+ --no-default-keyring -+ --secret-keyring $(MODSECKEY) -+ --keyring $(MODPUBKEY) -+ --no-default-keyring -+ --homedir . -+ --no-options -+ --no-auto-check-trustdb -+ --no-permission-warning -+ --digest-algo= -+ -+ with: -+ -+ --default-key $(MODKEYNAME) -+ -+ being added if requested. -+ -+The resulting module.ko file will be the signed module. -+ -+ -+======================== -+STRIPPING SIGNED MODULES -+======================== -+ -+Signed modules may be safely stripped with any of the following: -+ -+ strip -x -+ strip -g -+ eu-strip -+ -+as the signature only covers those parts of the module the kernel actually uses -+and any ELF metadata required to deal with them. Any necessary ELF metadata -+that is affected by stripping is canonicalised by the sig generator and the sig -+checker to hide strip effects. -+ -+This permits the debuginfo to be detached from the module and placed in another -+spot so that gdb can find it when referring to that module without the need for -+multiple signed versions of the module. Such is done by rpmbuild when -+producing RPMs. -+ -+It also permits the module to be stripped as far as possible for when modules -+are being reduced prior to being included in an initial ramdisk composition. -+ -+Note that "strip" and "strip -s" may not be used on a module, signed or -+otherwise, as they remove the symbol table and render the relocation tables -+unusable. -+ -+ -+====================== -+LOADING SIGNED MODULES -+====================== -+ -+Modules are loaded with insmod, exactly as for unsigned modules. The signature -+is inserted into the module object file during the build process as an ELF note -+called "module.sig" in an ELF section called ".note.module.sig". The signature -+checker will detect it and apply signature checking. -+ -+ -+========================================= -+NON-VALID SIGNATURES AND UNSIGNED MODULES -+========================================= -+ -+If CONFIG_MODULE_SIG_FORCE is enabled or "enforcemodulesig=1" is supplied on -+the kernel command line, the kernel will _only_ load validly signed modules -+for which it has a public key. Otherwise, it will also load modules that are -+unsigned. Any module for which the kernel has a key, but which proves to have -+a signature mismatch will not be permitted to load (returning EKEYREJECTED). -+ -+This table indicates the behaviours of the various situations: -+ -+ MODULE STATE PERMISSIVE MODE ENFORCING MODE -+ ======================================= =============== =============== -+ Unsigned Ok EKEYREJECTED -+ Signed, no public key ENOKEY ENOKEY -+ Validly signed, public key Ok Ok -+ Invalidly signed, public key EKEYREJECTED EKEYREJECTED -+ Validly signed, expired key EKEYEXPIRED EKEYEXPIRED -+ Signed, hash algorithm unavailable ENOPKG ENOPKG -+ Corrupt signature EBADMSG EBADMSG -+ Corrupt ELF ELIBBAD ELIBBAD -diff --git a/include/linux/modsign.h b/include/linux/modsign.h -new file mode 100644 -index 0000000..c5ac87a ---- /dev/null -+++ b/include/linux/modsign.h -@@ -0,0 +1,27 @@ -+/* Module signing definitions -+ * -+ * Copyright (C) 2009 Red Hat, Inc. All Rights Reserved. -+ * Written by David Howells (dhowells@redhat.com) -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public Licence -+ * as published by the Free Software Foundation; either version -+ * 2 of the Licence, or (at your option) any later version. -+ */ -+ -+#ifndef _LINUX_MODSIGN_H -+#define _LINUX_MODSIGN_H -+ -+#ifdef CONFIG_MODULE_SIG -+ -+#include -+ -+/* -+ * The parameters of the ELF note used to carry the signature -+ */ -+#define MODSIGN_NOTE_NAME module.sig -+#define MODSIGN_NOTE_TYPE 100 -+ -+#endif -+ -+#endif /* _LINUX_MODSIGN_H */ -diff --git a/init/Kconfig b/init/Kconfig -index af6c7f8..e23ed83 100644 ---- a/init/Kconfig -+++ b/init/Kconfig -@@ -1585,6 +1585,60 @@ config MODULE_SRCVERSION_ALL - the version). With this option, such a "srcversion" field - will be created for all modules. If unsure, say N. - -+config MODULE_SIG -+ bool "Module signature verification" -+ depends on MODULES -+ select KEYS -+ select CRYPTO_KEY_TYPE -+ select CRYPTO_KEY_PKEY_ALGO_DSA -+ select CRYPTO_KEY_PKEY_ALGO_RSA -+ select PGP_PARSER -+ select PGP_PRELOAD -+ help -+ Check modules for valid signatures upon load. For more information -+ see: -+ -+ Documentation/module-signing.txt -+ -+choice -+ prompt "Which hash algorithm should modules be signed with?" -+ depends on MODULE_SIG -+ help -+ This determines which sort of hashing algorithm will be used during -+ signature generation. This algorithm _must_ be built into the kernel -+ directly so that signature verification can take place. It is not -+ possible to load a signed module containing the algorithm to check -+ the signature on that module. -+ -+config MODULE_SIG_SHA1 -+ bool "Sign modules with SHA-1" -+ select CRYPTO_SHA1 -+ -+config MODULE_SIG_SHA224 -+ bool "Sign modules with SHA-224" -+ select CRYPTO_SHA224 -+ -+config MODULE_SIG_SHA256 -+ bool "Sign modules with SHA-256" -+ select CRYPTO_SHA256 -+ -+config MODULE_SIG_SHA384 -+ bool "Sign modules with SHA-384" -+ select CRYPTO_SHA384 -+ -+config MODULE_SIG_SHA512 -+ bool "Sign modules with SHA-512" -+ select CRYPTO_SHA512 -+ -+endchoice -+ -+config MODULE_SIG_FORCE -+ bool "Required modules to be validly signed (EXPERIMENTAL)" -+ depends on MODULE_SIG -+ help -+ Reject unsigned modules or signed modules for which we don't have a -+ key. -+ - endif # MODULES - - config INIT_ALL_POSSIBLE --- -1.7.11.4 - - -From 7733934d34b7f03574b4578edfad4a60d6fe3d56 Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 01:38:45 +0100 -Subject: [PATCH 22/32] MODSIGN: Sign modules during the build process - -If CONFIG_MODULE_SIG is set, then this patch will cause the module to get a -signature installed. The following steps will occur: - - (1) The module will be linked to foo.ko.unsigned instead of foo.ko - - (2) The module's signable content will be extracted to foo.ko.digest by the - mod-extract program. - - (3) The signature will be generated on foo.ko.digest by gpg and placed in - foo.ko.digest.sig - - (4) The signature will be encapsulated into an ELF note and placed into a file - called foo.ko.note.o using the output from modsign-note.sh piped into the - assembler. - - (5) The unsigned module from (1) and the signature ELF note from (4) will be - linked together to produce foo.ko - -Step (3) requires private and public keys to be available. By default these -are expected to be found in PGP keyring files called modsign.sec (the secret -key) and modsign.pub (the public key) in the build root. - -If the secret key is not found then signing will be skipped and the unsigned -module from (1) will just be copied to foo.ko. - -If signing occurs, lines like the following will be seen: - - LD [M] fs/foo/foo.ko.unsigned - SIGN [M] fs/foo/foo.ko - -will appear in the build log. If it is skipped, the following will be seen: - - LD [M] fs/foo/foo.ko.unsigned - NO SIGN [M] fs/foo/foo.ko - -Signed-off-by: David Howells ---- - scripts/Makefile.modpost | 87 ++++- - scripts/mod/Makefile | 2 +- - scripts/mod/mod-extract.c | 913 ++++++++++++++++++++++++++++++++++++++++++++ - scripts/mod/modsign-note.sh | 16 + - 4 files changed, 1016 insertions(+), 2 deletions(-) - create mode 100644 scripts/mod/mod-extract.c - create mode 100644 scripts/mod/modsign-note.sh - -diff --git a/scripts/Makefile.modpost b/scripts/Makefile.modpost -index 08dce14..17465d8 100644 ---- a/scripts/Makefile.modpost -+++ b/scripts/Makefile.modpost -@@ -14,7 +14,8 @@ - # 3) create one .mod.c file pr. module - # 4) create one Module.symvers file with CRC for all exported symbols - # 5) compile all .mod.c files --# 6) final link of the module to a file -+# 6) final link of the module to a (or ) file -+# 7) signs the modules to a file - - # Step 3 is used to place certain information in the module's ELF - # section, including information such as: -@@ -32,6 +33,8 @@ - # Step 4 is solely used to allow module versioning in external modules, - # where the CRC of each module is retrieved from the Module.symvers file. - -+# Step 7 is dependent on CONFIG_MODULE_SIG being enabled. -+ - # KBUILD_MODPOST_WARN can be set to avoid error out in case of undefined - # symbols in the final module linking stage - # KBUILD_MODPOST_NOFINAL can be set to skip the final link of modules. -@@ -116,6 +119,7 @@ $(modules:.ko=.mod.o): %.mod.o: %.mod.c FORCE - targets += $(modules:.ko=.mod.o) - - # Step 6), final link of the modules -+ifneq ($(CONFIG_MODULE_SIG),y) - quiet_cmd_ld_ko_o = LD [M] $@ - cmd_ld_ko_o = $(LD) -r $(LDFLAGS) \ - $(KBUILD_LDFLAGS_MODULE) $(LDFLAGS_MODULE) \ -@@ -125,7 +129,88 @@ $(modules): %.ko :%.o %.mod.o FORCE - $(call if_changed,ld_ko_o) - - targets += $(modules) -+else -+quiet_cmd_ld_ko_unsigned_o = LD [M] $@ -+ cmd_ld_ko_unsigned_o = \ -+ $(LD) -r $(LDFLAGS) \ -+ $(KBUILD_LDFLAGS_MODULE) $(LDFLAGS_MODULE) \ -+ -o $@ $(filter-out FORCE,$^) \ -+ $(if $(AFTER_LINK),; $(AFTER_LINK)) -+ -+$(modules:.ko=.ko.unsigned): %.ko.unsigned :%.o %.mod.o FORCE -+ $(call if_changed,ld_ko_unsigned_o) -+ -+targets += $(modules:.ko=.ko.unsigned) -+ -+# Step 7), sign the modules -+MODSECKEY = ./modsign.sec -+MODPUBKEY = ./modsign.pub -+KEYFLAGS = --no-default-keyring --secret-keyring $(MODSECKEY) --keyring $(MODPUBKEY) --no-default-keyring --homedir . --no-options --no-auto-check-trustdb --no-permission-warning -+ -+ifdef CONFIG_MODULE_SIG_SHA1 -+KEYFLAGS += --digest-algo=SHA1 -+else -+ifdef CONFIG_MODULE_SIG_SHA224 -+KEYFLAGS += --digest-algo=SHA224 -+else -+ifdef CONFIG_MODULE_SIG_SHA256 -+KEYFLAGS += --digest-algo=SHA256 -+else -+ifdef CONFIG_MODULE_SIG_SHA384 -+KEYFLAGS += --digest-algo=SHA384 -+else -+ifdef CONFIG_MODULE_SIG_SHA512 -+KEYFLAGS += --digest-algo=SHA512 -+else -+endif -+endif -+endif -+endif -+endif -+ -+ifdef MODKEYNAME -+KEYFLAGS += --default-key $(MODKEYNAME) -+endif - -+ifeq ($(wildcard $(MODSECKEY))+$(wildcard $(MODPUBKEY)),$(MODSECKEY)+$(MODPUBKEY)) -+ifeq ($(KBUILD_SRC),) -+ # no O= is being used -+ SCRIPTS_DIR := scripts -+else -+ SCRIPTS_DIR := $(KBUILD_SRC)/scripts -+endif -+SIGN_MODULES := 1 -+else -+SIGN_MODULES := 0 -+endif -+ -+# only sign if it's an in-tree module -+ifneq ($(KBUILD_EXTMOD),) -+SIGN_MODULES := 0 -+endif -+ -+ifeq ($(SIGN_MODULES),1) -+KEYRING_DEP := modsign.sec modsign.pub -+quiet_cmd_sign_ko_ko_unsigned = SIGN [M] $@ -+ cmd_sign_ko_ko_unsigned = \ -+ scripts/mod/mod-extract $< $@.digest && \ -+ rm -f $@.digest.sig && \ -+ gpg --batch --no-greeting $(KEYFLAGS) -b $@.digest && \ -+ sh $(SCRIPTS_DIR)/mod/modsign-note.sh $@.digest.sig | \ -+ $(CC) -x assembler-with-cpp $(c_flags) $(CFLAGS_MODULE) -c -o $@.note.o - && \ -+ $(LD) -r $(LDFLAGS) -o $@ $< $@.note.o -+else -+KEYRING_DEP := -+quiet_cmd_sign_ko_ko_unsigned = NO SIGN [M] $@ -+ cmd_sign_ko_ko_unsigned = \ -+ cp $< $@ -+endif -+ -+$(modules): %.ko :%.ko.unsigned $(KEYRING_DEP) FORCE -+ $(call if_changed,sign_ko_ko_unsigned) -+ -+targets += $(modules) -+endif - - # Add FORCE to the prequisites of a target to force it to be always rebuilt. - # --------------------------------------------------------------------------- -diff --git a/scripts/mod/Makefile b/scripts/mod/Makefile -index ff954f8..4654e3b 100644 ---- a/scripts/mod/Makefile -+++ b/scripts/mod/Makefile -@@ -1,4 +1,4 @@ --hostprogs-y := modpost mk_elfconfig -+hostprogs-y := modpost mk_elfconfig mod-extract - always := $(hostprogs-y) empty.o - - modpost-objs := modpost.o file2alias.o sumversion.o -diff --git a/scripts/mod/mod-extract.c b/scripts/mod/mod-extract.c -new file mode 100644 -index 0000000..0c0e3e3 ---- /dev/null -+++ b/scripts/mod/mod-extract.c -@@ -0,0 +1,913 @@ -+/* mod-extract.c: module extractor for signing -+ * -+ * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. -+ * Written by David Howells (dhowells@redhat.com) -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+static void extract_elf64(void *buffer, size_t size, Elf64_Ehdr *hdr); -+static void extract_elf32(void *buffer, size_t size, Elf32_Ehdr *hdr); -+ -+struct byteorder { -+ uint16_t (*get16)(const uint16_t *); -+ uint32_t (*get32)(const uint32_t *); -+ uint64_t (*get64)(const uint64_t *); -+ void (*set16)(uint16_t *, uint16_t); -+ void (*set32)(uint32_t *, uint32_t); -+ void (*set64)(uint64_t *, uint64_t); -+}; -+ -+static uint16_t get16_le(const uint16_t *p) { return __le16_to_cpu(*p); } -+static uint32_t get32_le(const uint32_t *p) { return __le32_to_cpu(*p); } -+static uint64_t get64_le(const uint64_t *p) { return __le64_to_cpu(*p); } -+static uint16_t get16_be(const uint16_t *p) { return __be16_to_cpu(*p); } -+static uint32_t get32_be(const uint32_t *p) { return __be32_to_cpu(*p); } -+static uint64_t get64_be(const uint64_t *p) { return __be64_to_cpu(*p); } -+ -+static void set16_le(uint16_t *p, uint16_t n) { *p = __cpu_to_le16(n); } -+static void set32_le(uint32_t *p, uint32_t n) { *p = __cpu_to_le32(n); } -+static void set64_le(uint64_t *p, uint64_t n) { *p = __cpu_to_le64(n); } -+static void set16_be(uint16_t *p, uint16_t n) { *p = __cpu_to_be16(n); } -+static void set32_be(uint32_t *p, uint32_t n) { *p = __cpu_to_be32(n); } -+static void set64_be(uint64_t *p, uint64_t n) { *p = __cpu_to_be64(n); } -+ -+static const struct byteorder byteorder_le = { -+ get16_le, get32_le, get64_le, -+ set16_le, set32_le, set64_le -+}; -+static const struct byteorder byteorder_be = { -+ get16_be, get32_be, get64_be, -+ set16_be, set32_be, set64_be -+}; -+static const struct byteorder *order; -+ -+static inline uint16_t get16(const uint16_t *p) { return order->get16(p); } -+static inline uint32_t get32(const uint32_t *p) { return order->get32(p); } -+static inline uint64_t get64(const uint64_t *p) { return order->get64(p); } -+static inline void set16(uint16_t *p, uint16_t n) { order->set16(p, n); } -+static inline void set32(uint32_t *p, uint32_t n) { order->set32(p, n); } -+static inline void set64(uint64_t *p, uint64_t n) { order->set64(p, n); } -+ -+static FILE *outfd; -+static uint8_t csum, xcsum; -+ -+static void write_out(const void *data, size_t size) -+{ -+ const uint8_t *p = data; -+ size_t loop; -+ -+ for (loop = 0; loop < size; loop++) { -+ csum += p[loop]; -+ xcsum += p[loop]; -+ } -+ -+ if (fwrite(data, 1, size, outfd) != size) { -+ perror("write"); -+ exit(1); -+ } -+} -+ -+#define write_out_val(VAL) write_out(&(VAL), sizeof(VAL)) -+ -+static int is_verbose; -+ -+static __attribute__((format(printf, 1, 2))) -+void verbose(const char *fmt, ...) -+{ -+ va_list va; -+ -+ if (is_verbose) { -+ va_start(va, fmt); -+ vprintf(fmt, va); -+ va_end(va); -+ } -+} -+ -+static __attribute__((noreturn)) -+void usage(void) -+{ -+ fprintf(stderr, "Usage: mod-extract [-v] \n"); -+ exit(2); -+} -+ -+/* -+ * -+ */ -+int main(int argc, char **argv) -+{ -+ struct stat st; -+ Elf32_Ehdr *hdr32; -+ Elf64_Ehdr *hdr64; -+ size_t len; -+ void *buffer; -+ int fd, be, b64; -+ -+ while (argc > 1 && strcmp("-v", argv[1]) == 0) { -+ argv++; -+ argc--; -+ is_verbose++; -+ } -+ -+ if (argc != 3) -+ usage(); -+ -+ /* map the module into memory */ -+ fd = open(argv[1], O_RDONLY); -+ if (fd < 0) { -+ perror("open input"); -+ exit(1); -+ } -+ -+ if (fstat(fd, &st) < 0) { -+ perror("fstat"); -+ exit(1); -+ } -+ -+ len = st.st_size; -+ -+ buffer = mmap(NULL, len, PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0); -+ if (buffer == MAP_FAILED) { -+ perror("mmap"); -+ exit(1); -+ } -+ -+ if (close(fd) < 0) { -+ perror("close input"); -+ exit(1); -+ } -+ -+ /* check it's an ELF object */ -+ hdr32 = buffer; -+ hdr64 = buffer; -+ -+ if (hdr32->e_ident[EI_MAG0] != ELFMAG0 || -+ hdr32->e_ident[EI_MAG1] != ELFMAG1 || -+ hdr32->e_ident[EI_MAG2] != ELFMAG2 || -+ hdr32->e_ident[EI_MAG3] != ELFMAG3 -+ ) { -+ fprintf(stderr, "Module does not appear to be ELF\n"); -+ exit(3); -+ } -+ -+ /* determine endianness and word size */ -+ b64 = (hdr32->e_ident[EI_CLASS] == ELFCLASS64); -+ be = (hdr32->e_ident[EI_DATA] == ELFDATA2MSB); -+ order = be ? &byteorder_be : &byteorder_le; -+ -+ verbose("Module is %s-bit %s-endian\n", -+ b64 ? "64" : "32", -+ be ? "big" : "little"); -+ -+ /* open the output file */ -+ outfd = fopen(argv[2], "w"); -+ if (!outfd) { -+ perror("open output"); -+ exit(1); -+ } -+ -+ /* perform the extraction */ -+ if (b64) -+ extract_elf64(buffer, len, hdr64); -+ else -+ extract_elf32(buffer, len, hdr32); -+ -+ /* done */ -+ if (fclose(outfd) == EOF) { -+ perror("close output"); -+ exit(1); -+ } -+ -+ return 0; -+} -+ -+/* -+ * extract a RELA table -+ * - need to canonicalise the entries in case section addition/removal has -+ * rearranged the symbol table and the section table -+ */ -+static void extract_elf64_rela(const void *buffer, int secix, int targetix, -+ const Elf64_Rela *relatab, size_t nrels, -+ const Elf64_Sym *symbols, size_t nsyms, -+ const Elf64_Shdr *sections, size_t nsects, int *canonmap, -+ const char *strings, size_t nstrings, -+ const char *sh_name) -+{ -+ struct { -+ uint64_t r_offset; -+ uint64_t r_addend; -+ uint64_t st_value; -+ uint64_t st_size; -+ uint32_t r_type; -+ uint16_t st_shndx; -+ uint8_t st_info; -+ uint8_t st_other; -+ -+ } __attribute__((packed)) relocation; -+ -+ const Elf64_Sym *symbol; -+ size_t loop; -+ -+ /* contribute the relevant bits from a join of { RELA, SYMBOL, SECTION } */ -+ for (loop = 0; loop < nrels; loop++) { -+ Elf64_Section st_shndx; -+ Elf64_Xword r_info; -+ -+ /* decode the relocation */ -+ r_info = get64(&relatab[loop].r_info); -+ relocation.r_offset = relatab[loop].r_offset; -+ relocation.r_addend = relatab[loop].r_addend; -+ set32(&relocation.r_type, ELF64_R_TYPE(r_info)); -+ -+ if (ELF64_R_SYM(r_info) >= nsyms) { -+ fprintf(stderr, "Invalid symbol ID %zx in relocation %zu\n", -+ (size_t)ELF64_R_SYM(r_info), loop); -+ exit(1); -+ } -+ -+ /* decode the symbol referenced by the relocation */ -+ symbol = &symbols[ELF64_R_SYM(r_info)]; -+ relocation.st_info = symbol->st_info; -+ relocation.st_other = symbol->st_other; -+ relocation.st_value = symbol->st_value; -+ relocation.st_size = symbol->st_size; -+ relocation.st_shndx = symbol->st_shndx; -+ st_shndx = get16(&symbol->st_shndx); -+ -+ /* canonicalise the section used by the symbol */ -+ if (st_shndx > SHN_UNDEF && st_shndx < nsects) -+ set16(&relocation.st_shndx, canonmap[st_shndx]); -+ -+ write_out_val(relocation); -+ -+ /* undefined symbols must be named if referenced */ -+ if (st_shndx == SHN_UNDEF) { -+ const char *name = strings + get32(&symbol->st_name); -+ write_out(name, strlen(name) + 1); -+ } -+ } -+ -+ verbose("%02x %4d %s [canon]\n", csum, secix, sh_name); -+} -+ -+/* -+ * extract a REL table -+ * - need to canonicalise the entries in case section addition/removal has -+ * rearranged the symbol table and the section table -+ */ -+static void extract_elf64_rel(const void *buffer, int secix, int targetix, -+ const Elf64_Rel *relatab, size_t nrels, -+ const Elf64_Sym *symbols, size_t nsyms, -+ const Elf64_Shdr *sections, size_t nsects, int *canonmap, -+ const char *strings, size_t nstrings, -+ const char *sh_name) -+{ -+ struct { -+ uint64_t r_offset; -+ uint64_t st_value; -+ uint64_t st_size; -+ uint32_t r_type; -+ uint16_t st_shndx; -+ uint8_t st_info; -+ uint8_t st_other; -+ -+ } __attribute__((packed)) relocation; -+ -+ const Elf64_Sym *symbol; -+ size_t loop; -+ -+ /* contribute the relevant bits from a join of { RELA, SYMBOL, SECTION } */ -+ for (loop = 0; loop < nrels; loop++) { -+ Elf64_Section st_shndx; -+ Elf64_Xword r_info; -+ -+ /* decode the relocation */ -+ r_info = get64(&relatab[loop].r_info); -+ relocation.r_offset = relatab[loop].r_offset; -+ set32(&relocation.r_type, ELF64_R_TYPE(r_info)); -+ -+ if (ELF64_R_SYM(r_info) >= nsyms) { -+ fprintf(stderr, "Invalid symbol ID %zx in relocation %zu\n", -+ (size_t)ELF64_R_SYM(r_info), loop); -+ exit(1); -+ } -+ -+ /* decode the symbol referenced by the relocation */ -+ symbol = &symbols[ELF64_R_SYM(r_info)]; -+ relocation.st_info = symbol->st_info; -+ relocation.st_other = symbol->st_other; -+ relocation.st_value = symbol->st_value; -+ relocation.st_size = symbol->st_size; -+ relocation.st_shndx = symbol->st_shndx; -+ st_shndx = get16(&symbol->st_shndx); -+ -+ /* canonicalise the section used by the symbol */ -+ if (st_shndx > SHN_UNDEF && st_shndx < nsects) -+ set16(&relocation.st_shndx, canonmap[st_shndx]); -+ -+ write_out_val(relocation); -+ -+ /* undefined symbols must be named if referenced */ -+ if (st_shndx == SHN_UNDEF) { -+ const char *name = strings + get32(&symbol->st_name); -+ write_out(name, strlen(name) + 1); -+ } -+ } -+ -+ verbose("%02x %4d %s [canon]\n", csum, secix, sh_name); -+} -+ -+/* -+ * extract the data from a 64-bit module -+ */ -+static void extract_elf64(void *buffer, size_t len, Elf64_Ehdr *hdr) -+{ -+ const Elf64_Sym *symbols; -+ Elf64_Shdr *sections; -+ const char *secstrings, *strings; -+ size_t nsyms, nstrings; -+ int loop, shnum, *canonlist, *canonmap, canon, changed, tmp; -+ -+ sections = buffer + get64(&hdr->e_shoff); -+ secstrings = buffer + get64(§ions[get16(&hdr->e_shstrndx)].sh_offset); -+ shnum = get16(&hdr->e_shnum); -+ -+ /* find the symbol table and the string table and produce a list of -+ * index numbers of sections that contribute to the kernel's module -+ * image -+ */ -+ canonlist = calloc(sizeof(int), shnum * 2); -+ if (!canonlist) { -+ perror("calloc"); -+ exit(1); -+ } -+ canonmap = canonlist + shnum; -+ canon = 0; -+ -+ symbols = NULL; -+ strings = NULL; -+ nstrings = 0; -+ nsyms = 0; -+ -+ for (loop = 1; loop < shnum; loop++) { -+ const char *sh_name = secstrings + get32(§ions[loop].sh_name); -+ Elf64_Word sh_type = get32(§ions[loop].sh_type); -+ Elf64_Xword sh_size = get64(§ions[loop].sh_size); -+ Elf64_Xword sh_flags = get64(§ions[loop].sh_flags); -+ Elf64_Word sh_info = get32(§ions[loop].sh_info); -+ Elf64_Off sh_offset = get64(§ions[loop].sh_offset); -+ void *data = buffer + sh_offset; -+ -+ /* quick sanity check */ -+ if (sh_type != SHT_NOBITS && len < sh_offset + sh_size) { -+ fprintf(stderr, "Section goes beyond EOF\n"); -+ exit(3); -+ } -+ -+ /* we only need to canonicalise allocatable sections */ -+ if (sh_flags & SHF_ALLOC) -+ canonlist[canon++] = loop; -+ else if ((sh_type == SHT_REL || sh_type == SHT_RELA) && -+ get64(§ions[sh_info].sh_flags) & SHF_ALLOC) -+ canonlist[canon++] = loop; -+ -+ /* keep track of certain special sections */ -+ switch (sh_type) { -+ case SHT_SYMTAB: -+ if (strcmp(sh_name, ".symtab") == 0) { -+ symbols = data; -+ nsyms = sh_size / sizeof(Elf64_Sym); -+ } -+ break; -+ -+ case SHT_STRTAB: -+ if (strcmp(sh_name, ".strtab") == 0) { -+ strings = data; -+ nstrings = sh_size; -+ } -+ break; -+ -+ default: -+ break; -+ } -+ } -+ -+ if (!symbols) { -+ fprintf(stderr, "Couldn't locate symbol table\n"); -+ exit(3); -+ } -+ -+ if (!strings) { -+ fprintf(stderr, "Couldn't locate strings table\n"); -+ exit(3); -+ } -+ -+ /* canonicalise the index numbers of the contributing section */ -+ do { -+ changed = 0; -+ -+ for (loop = 0; loop < canon - 1; loop++) { -+ const char *x = secstrings + get32(§ions[canonlist[loop + 0]].sh_name); -+ const char *y = secstrings + get32(§ions[canonlist[loop + 1]].sh_name); -+ if (strcmp(x, y) > 0) { -+ tmp = canonlist[loop + 0]; -+ canonlist[loop + 0] = canonlist[loop + 1]; -+ canonlist[loop + 1] = tmp; -+ changed = 1; -+ } -+ } -+ -+ } while (changed); -+ -+ for (loop = 0; loop < canon; loop++) -+ canonmap[canonlist[loop]] = loop + 1; -+ -+ if (is_verbose > 1) { -+ printf("\nSection canonicalisation map:\n"); -+ for (loop = 1; loop < shnum; loop++) { -+ const char *x = secstrings + get32(§ions[loop].sh_name); -+ printf("%4d %s\n", canonmap[loop], x); -+ } -+ -+ printf("\nAllocated section list in canonical order:\n"); -+ for (loop = 0; loop < canon; loop++) { -+ const char *x = secstrings + get32(§ions[canonlist[loop]].sh_name); -+ printf("%4d %s\n", canonlist[loop], x); -+ } -+ } -+ -+ /* iterate through the section table looking for sections we want to -+ * contribute to the signature */ -+ verbose("\n"); -+ verbose("CAN FILE POS CS SECT NAME\n"); -+ verbose("=== ======== == ==== ==============================\n"); -+ -+ for (loop = 0; loop < canon; loop++) { -+ int sect = canonlist[loop]; -+ const char *sh_name = secstrings + get32(§ions[sect].sh_name); -+ Elf64_Word sh_type = get32(§ions[sect].sh_type); -+ Elf64_Xword sh_size = get64(§ions[sect].sh_size); -+ Elf64_Xword sh_flags = get64(§ions[sect].sh_flags); -+ Elf64_Word sh_info = get32(§ions[sect].sh_info); -+ Elf64_Off sh_offset = get64(§ions[sect].sh_offset); -+ void *data = buffer + sh_offset; -+ -+ csum = 0; -+ -+ /* include canonicalised relocation sections */ -+ if (sh_type == SHT_REL || sh_type == SHT_RELA) { -+ Elf32_Word canon_sh_info; -+ -+ if (sh_info <= 0 && sh_info >= hdr->e_shnum) { -+ fprintf(stderr, -+ "Invalid ELF - REL/RELA sh_info does" -+ " not refer to a valid section\n"); -+ exit(3); -+ } -+ -+ verbose("%3u %08lx ", loop, ftell(outfd)); -+ -+ set32(&canon_sh_info, canonmap[sh_info]); -+ -+ /* write out selected portions of the section header */ -+ write_out(sh_name, strlen(sh_name)); -+ write_out_val(sections[sect].sh_type); -+ write_out_val(sections[sect].sh_flags); -+ write_out_val(sections[sect].sh_size); -+ write_out_val(sections[sect].sh_addralign); -+ write_out_val(canon_sh_info); -+ -+ if (sh_type == SHT_RELA) -+ extract_elf64_rela(buffer, sect, sh_info, -+ data, sh_size / sizeof(Elf64_Rela), -+ symbols, nsyms, -+ sections, shnum, canonmap, -+ strings, nstrings, -+ sh_name); -+ else -+ extract_elf64_rel(buffer, sect, sh_info, -+ data, sh_size / sizeof(Elf64_Rel), -+ symbols, nsyms, -+ sections, shnum, canonmap, -+ strings, nstrings, -+ sh_name); -+ continue; -+ } -+ -+ /* include the headers of BSS sections */ -+ if (sh_type == SHT_NOBITS && sh_flags & SHF_ALLOC) { -+ verbose("%3u %08lx ", loop, ftell(outfd)); -+ -+ /* write out selected portions of the section header */ -+ write_out(sh_name, strlen(sh_name)); -+ write_out_val(sections[sect].sh_type); -+ write_out_val(sections[sect].sh_flags); -+ write_out_val(sections[sect].sh_size); -+ write_out_val(sections[sect].sh_addralign); -+ -+ verbose("%02x %4d %s\n", csum, sect, sh_name); -+ } -+ -+ /* include allocatable loadable sections */ -+ if (sh_type != SHT_NOBITS && sh_flags & SHF_ALLOC) -+ goto include_section; -+ -+ /* not this section */ -+ continue; -+ -+ include_section: -+ verbose("%3u %08lx ", loop, ftell(outfd)); -+ -+ /* write out selected portions of the section header */ -+ write_out(sh_name, strlen(sh_name)); -+ write_out_val(sections[sect].sh_type); -+ write_out_val(sections[sect].sh_flags); -+ write_out_val(sections[sect].sh_size); -+ write_out_val(sections[sect].sh_addralign); -+ -+ /* write out the section data */ -+ write_out(data, sh_size); -+ -+ verbose("%02x %4d %s\n", csum, sect, sh_name); -+ } -+ -+ verbose("%08lx (%lu bytes csum 0x%02x)\n", -+ ftell(outfd), ftell(outfd), xcsum); -+} -+ -+/* -+ * extract a RELA table -+ * - need to canonicalise the entries in case section addition/removal has -+ * rearranged the symbol table and the section table -+ */ -+static void extract_elf32_rela(const void *buffer, int secix, int targetix, -+ const Elf32_Rela *relatab, size_t nrels, -+ const Elf32_Sym *symbols, size_t nsyms, -+ const Elf32_Shdr *sections, size_t nsects, -+ int *canonmap, -+ const char *strings, size_t nstrings, -+ const char *sh_name) -+{ -+ struct { -+ uint32_t r_offset; -+ uint32_t r_addend; -+ uint32_t st_value; -+ uint32_t st_size; -+ uint16_t st_shndx; -+ uint8_t r_type; -+ uint8_t st_info; -+ uint8_t st_other; -+ -+ } __attribute__((packed)) relocation; -+ -+ const Elf32_Sym *symbol; -+ size_t loop; -+ -+ /* contribute the relevant bits from a join of { RELA, SYMBOL, SECTION } */ -+ for (loop = 0; loop < nrels; loop++) { -+ Elf32_Section st_shndx; -+ Elf32_Word r_info; -+ -+ /* decode the relocation */ -+ r_info = get32(&relatab[loop].r_info); -+ relocation.r_offset = relatab[loop].r_offset; -+ relocation.r_addend = relatab[loop].r_addend; -+ relocation.r_type = ELF32_R_TYPE(r_info); -+ -+ if (ELF32_R_SYM(r_info) >= nsyms) { -+ fprintf(stderr, "Invalid symbol ID %x in relocation %zu\n", -+ ELF32_R_SYM(r_info), loop); -+ exit(1); -+ } -+ -+ /* decode the symbol referenced by the relocation */ -+ symbol = &symbols[ELF32_R_SYM(r_info)]; -+ relocation.st_info = symbol->st_info; -+ relocation.st_other = symbol->st_other; -+ relocation.st_value = symbol->st_value; -+ relocation.st_size = symbol->st_size; -+ relocation.st_shndx = symbol->st_shndx; -+ st_shndx = get16(&symbol->st_shndx); -+ -+ /* canonicalise the section used by the symbol */ -+ if (st_shndx > SHN_UNDEF && st_shndx < nsects) -+ set16(&relocation.st_shndx, canonmap[st_shndx]); -+ -+ write_out_val(relocation); -+ -+ /* undefined symbols must be named if referenced */ -+ if (st_shndx == SHN_UNDEF) { -+ const char *name = strings + get32(&symbol->st_name); -+ write_out(name, strlen(name) + 1); -+ } -+ } -+ -+ verbose("%02x %4d %s [canon]\n", csum, secix, sh_name); -+} -+ -+/* -+ * extract a REL table -+ * - need to canonicalise the entries in case section addition/removal has -+ * rearranged the symbol table and the section table -+ */ -+static void extract_elf32_rel(const void *buffer, int secix, int targetix, -+ const Elf32_Rel *relatab, size_t nrels, -+ const Elf32_Sym *symbols, size_t nsyms, -+ const Elf32_Shdr *sections, size_t nsects, -+ int *canonmap, -+ const char *strings, size_t nstrings, -+ const char *sh_name) -+{ -+ struct { -+ uint32_t r_offset; -+ uint32_t st_value; -+ uint32_t st_size; -+ uint16_t st_shndx; -+ uint8_t r_type; -+ uint8_t st_info; -+ uint8_t st_other; -+ -+ } __attribute__((packed)) relocation; -+ -+ const Elf32_Sym *symbol; -+ size_t loop; -+ -+ /* contribute the relevant bits from a join of { RELA, SYMBOL, SECTION } */ -+ for (loop = 0; loop < nrels; loop++) { -+ Elf32_Section st_shndx; -+ Elf32_Word r_info; -+ -+ /* decode the relocation */ -+ r_info = get32(&relatab[loop].r_info); -+ relocation.r_offset = relatab[loop].r_offset; -+ relocation.r_type = ELF32_R_TYPE(r_info); -+ -+ if (ELF32_R_SYM(r_info) >= nsyms) { -+ fprintf(stderr, "Invalid symbol ID %x in relocation %zu\n", -+ ELF32_R_SYM(r_info), loop); -+ exit(1); -+ } -+ -+ /* decode the symbol referenced by the relocation */ -+ symbol = &symbols[ELF32_R_SYM(r_info)]; -+ relocation.st_info = symbol->st_info; -+ relocation.st_other = symbol->st_other; -+ relocation.st_value = symbol->st_value; -+ relocation.st_size = symbol->st_size; -+ relocation.st_shndx = symbol->st_shndx; -+ st_shndx = get16(&symbol->st_shndx); -+ -+ /* canonicalise the section used by the symbol */ -+ if (st_shndx > SHN_UNDEF && st_shndx < nsects) -+ set16(&relocation.st_shndx, canonmap[st_shndx]); -+ -+ write_out_val(relocation); -+ -+ /* undefined symbols must be named if referenced */ -+ if (st_shndx == SHN_UNDEF) { -+ const char *name = strings + get32(&symbol->st_name); -+ write_out(name, strlen(name) + 1); -+ } -+ } -+ -+ verbose("%02x %4d %s [canon]\n", csum, secix, sh_name); -+} -+ -+/* -+ * extract the data from a 32-bit module -+ */ -+static void extract_elf32(void *buffer, size_t len, Elf32_Ehdr *hdr) -+{ -+ const Elf32_Sym *symbols; -+ Elf32_Shdr *sections; -+ const char *secstrings, *strings; -+ size_t nsyms, nstrings; -+ int loop, shnum, *canonlist, *canonmap, canon, changed, tmp; -+ -+ sections = buffer + get32(&hdr->e_shoff); -+ secstrings = buffer + get32(§ions[get16(&hdr->e_shstrndx)].sh_offset); -+ shnum = get16(&hdr->e_shnum); -+ -+ /* find the symbol table and the string table and produce a list of -+ * index numbers of sections that contribute to the kernel's module -+ * image -+ */ -+ canonlist = calloc(sizeof(int), shnum * 2); -+ if (!canonlist) { -+ perror("calloc"); -+ exit(1); -+ } -+ canonmap = canonlist + shnum; -+ canon = 0; -+ -+ symbols = NULL; -+ strings = NULL; -+ nstrings = 0; -+ nsyms = 0; -+ -+ for (loop = 1; loop < shnum; loop++) { -+ const char *sh_name = secstrings + get32(§ions[loop].sh_name); -+ Elf32_Word sh_type = get32(§ions[loop].sh_type); -+ Elf32_Xword sh_size = get32(§ions[loop].sh_size); -+ Elf32_Xword sh_flags = get32(§ions[loop].sh_flags); -+ Elf64_Word sh_info = get32(§ions[loop].sh_info); -+ Elf32_Off sh_offset = get32(§ions[loop].sh_offset); -+ void *data = buffer + sh_offset; -+ -+ /* quick sanity check */ -+ if (sh_type != SHT_NOBITS && len < sh_offset + sh_size) { -+ fprintf(stderr, "Section goes beyond EOF\n"); -+ exit(3); -+ } -+ -+ /* we only need to canonicalise allocatable sections */ -+ if (sh_flags & SHF_ALLOC) -+ canonlist[canon++] = loop; -+ else if ((sh_type == SHT_REL || sh_type == SHT_RELA) && -+ get32(§ions[sh_info].sh_flags) & SHF_ALLOC) -+ canonlist[canon++] = loop; -+ -+ /* keep track of certain special sections */ -+ switch (sh_type) { -+ case SHT_SYMTAB: -+ if (strcmp(sh_name, ".symtab") == 0) { -+ symbols = data; -+ nsyms = sh_size / sizeof(Elf32_Sym); -+ } -+ break; -+ -+ case SHT_STRTAB: -+ if (strcmp(sh_name, ".strtab") == 0) { -+ strings = data; -+ nstrings = sh_size; -+ } -+ break; -+ -+ default: -+ break; -+ } -+ } -+ -+ if (!symbols) { -+ fprintf(stderr, "Couldn't locate symbol table\n"); -+ exit(3); -+ } -+ -+ if (!strings) { -+ fprintf(stderr, "Couldn't locate strings table\n"); -+ exit(3); -+ } -+ -+ /* canonicalise the index numbers of the contributing section */ -+ do { -+ changed = 0; -+ -+ for (loop = 0; loop < canon - 1; loop++) { -+ const char *x = secstrings + get32(§ions[canonlist[loop + 0]].sh_name); -+ const char *y = secstrings + get32(§ions[canonlist[loop + 1]].sh_name); -+ if (strcmp(x, y) > 0) { -+ tmp = canonlist[loop + 0]; -+ canonlist[loop + 0] = canonlist[loop + 1]; -+ canonlist[loop + 1] = tmp; -+ changed = 1; -+ } -+ } -+ -+ } while (changed); -+ -+ for (loop = 0; loop < canon; loop++) -+ canonmap[canonlist[loop]] = loop + 1; -+ -+ if (is_verbose > 1) { -+ printf("\nSection canonicalisation map:\n"); -+ for (loop = 1; loop < shnum; loop++) { -+ const char *x = secstrings + get32(§ions[loop].sh_name); -+ printf("%4d %s\n", canonmap[loop], x); -+ } -+ -+ printf("\nAllocated section list in canonical order:\n"); -+ for (loop = 0; loop < canon; loop++) { -+ const char *x = secstrings + get32(§ions[canonlist[loop]].sh_name); -+ printf("%4d %s\n", canonlist[loop], x); -+ } -+ } -+ -+ /* iterate through the section table looking for sections we want to -+ * contribute to the signature */ -+ verbose("\n"); -+ verbose("CAN FILE POS CS SECT NAME\n"); -+ verbose("=== ======== == ==== ==============================\n"); -+ -+ for (loop = 0; loop < canon; loop++) { -+ int sect = canonlist[loop]; -+ const char *sh_name = secstrings + get32(§ions[sect].sh_name); -+ Elf32_Word sh_type = get32(§ions[sect].sh_type); -+ Elf32_Xword sh_size = get32(§ions[sect].sh_size); -+ Elf32_Xword sh_flags = get32(§ions[sect].sh_flags); -+ Elf32_Word sh_info = get32(§ions[sect].sh_info); -+ Elf32_Off sh_offset = get32(§ions[sect].sh_offset); -+ void *data = buffer + sh_offset; -+ -+ csum = 0; -+ -+ /* quick sanity check */ -+ if (sh_type != SHT_NOBITS && len < sh_offset + sh_size) { -+ fprintf(stderr, "section goes beyond EOF\n"); -+ exit(3); -+ } -+ -+ /* include canonicalised relocation sections */ -+ if (sh_type == SHT_REL || sh_type == SHT_RELA) { -+ Elf32_Word canon_sh_info; -+ -+ if (sh_info <= 0 && sh_info >= hdr->e_shnum) { -+ fprintf(stderr, -+ "Invalid ELF - REL/RELA sh_info does" -+ " not refer to a valid section\n"); -+ exit(3); -+ } -+ -+ verbose("%3u %08lx ", loop, ftell(outfd)); -+ -+ set32(&canon_sh_info, canonmap[sh_info]); -+ -+ /* write out selected portions of the section header */ -+ write_out(sh_name, strlen(sh_name)); -+ write_out_val(sections[sect].sh_type); -+ write_out_val(sections[sect].sh_flags); -+ write_out_val(sections[sect].sh_size); -+ write_out_val(sections[sect].sh_addralign); -+ write_out_val(canon_sh_info); -+ -+ if (sh_type == SHT_RELA) -+ extract_elf32_rela(buffer, sect, sh_info, -+ data, sh_size / sizeof(Elf32_Rela), -+ symbols, nsyms, -+ sections, shnum, canonmap, -+ strings, nstrings, -+ sh_name); -+ else -+ extract_elf32_rel(buffer, sect, sh_info, -+ data, sh_size / sizeof(Elf32_Rel), -+ symbols, nsyms, -+ sections, shnum, canonmap, -+ strings, nstrings, -+ sh_name); -+ continue; -+ } -+ -+ /* include the headers of BSS sections */ -+ if (sh_type == SHT_NOBITS && sh_flags & SHF_ALLOC) { -+ verbose("%3u %08lx ", loop, ftell(outfd)); -+ -+ /* write out selected portions of the section header */ -+ write_out(sh_name, strlen(sh_name)); -+ write_out_val(sections[sect].sh_type); -+ write_out_val(sections[sect].sh_flags); -+ write_out_val(sections[sect].sh_size); -+ write_out_val(sections[sect].sh_addralign); -+ -+ verbose("%02x %4d %s\n", csum, sect, sh_name); -+ } -+ -+ /* include allocatable loadable sections */ -+ if (sh_type != SHT_NOBITS && sh_flags & SHF_ALLOC) -+ goto include_section; -+ -+ /* not this section */ -+ continue; -+ -+ include_section: -+ verbose("%3u %08lx ", loop, ftell(outfd)); -+ -+ /* write out selected portions of the section header */ -+ write_out(sh_name, strlen(sh_name)); -+ write_out_val(sections[sect].sh_type); -+ write_out_val(sections[sect].sh_flags); -+ write_out_val(sections[sect].sh_size); -+ write_out_val(sections[sect].sh_addralign); -+ -+ /* write out the section data */ -+ write_out(data, sh_size); -+ -+ verbose("%02x %4d %s\n", csum, sect, sh_name); -+ } -+ -+ verbose("%08lx (%lu bytes csum 0x%02x)\n", -+ ftell(outfd), ftell(outfd), xcsum); -+} -diff --git a/scripts/mod/modsign-note.sh b/scripts/mod/modsign-note.sh -new file mode 100644 -index 0000000..bca67c0 ---- /dev/null -+++ b/scripts/mod/modsign-note.sh -@@ -0,0 +1,16 @@ -+#!/bin/sh -+# -+# Generate a module signature note source file -+# -+# mod-sign.sh > -+# -+ -+SIG=$1 -+ -+cat < -+ -+ELFNOTE(MODSIGN_NOTE_NAME, MODSIGN_NOTE_TYPE, .incbin "$SIG") -+EOF -+ -+exit 0 --- -1.7.11.4 - - -From ee3ca99bcf972f0d072d91f9256c39a197153b8e Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 01:38:45 +0100 -Subject: [PATCH 23/32] MODSIGN: Module signature verification stub - -Create a stub for the module signature verifier and link it into module.c so -that it gets called. A field is added to struct module to record whether or -not a valid module signature was detected. - -The stub also implements the policy for handling unsigned modules and the -printing of error messages to indicate various problems with the module. - -If CONFIG_MODULE_SIG_FORCE is enabled or "enforcemodulesig=1" is supplied on -the kernel command line, the kernel will _only_ load validly signed modules -for which it has a public key. Otherwise, it will also load modules that are -unsigned. Any module for which the kernel has a key, but which proves to have -a signature mismatch will not be permitted to load. - -This table indicates the behaviours in the various situations: - - MODULE STATE PERMISSIVE MODE ENFORCING MODE - ======================================= =============== =============== - Unsigned Ok EKEYREJECTED - Signed, no public key ENOKEY ENOKEY - Validly signed, public key Ok Ok - Invalidly signed, public key EKEYREJECTED EKEYREJECTED - Validly signed, expired key EKEYEXPIRED EKEYEXPIRED - Signed, hash algorithm unavailable ENOPKG ENOPKG - Corrupt signature EBADMSG EBADMSG - Corrupt ELF ELIBBAD ELIBBAD - -Signed-off-by: David Howells ---- - include/linux/module.h | 3 ++ - kernel/Makefile | 1 + - kernel/module-verify-defs.h | 77 +++++++++++++++++++++++++++++++ - kernel/module-verify.c | 110 ++++++++++++++++++++++++++++++++++++++++++++ - kernel/module-verify.h | 20 ++++++++ - kernel/module.c | 26 +++++++++-- - 6 files changed, 232 insertions(+), 5 deletions(-) - create mode 100644 kernel/module-verify-defs.h - create mode 100644 kernel/module-verify.c - create mode 100644 kernel/module-verify.h - -diff --git a/include/linux/module.h b/include/linux/module.h -index fbcafe2..7391833 100644 ---- a/include/linux/module.h -+++ b/include/linux/module.h -@@ -227,6 +227,9 @@ struct module - /* Unique handle for this module */ - char name[MODULE_NAME_LEN]; - -+ /* Is this module GPG signed */ -+ bool gpgsig_ok; -+ - /* Sysfs stuff. */ - struct module_kobject mkobj; - struct module_attribute *modinfo_attrs; -diff --git a/kernel/Makefile b/kernel/Makefile -index c0cc67a..cec222a 100644 ---- a/kernel/Makefile -+++ b/kernel/Makefile -@@ -55,6 +55,7 @@ obj-$(CONFIG_DEBUG_SPINLOCK) += spinlock.o - obj-$(CONFIG_PROVE_LOCKING) += spinlock.o - obj-$(CONFIG_UID16) += uid16.o - obj-$(CONFIG_MODULES) += module.o -+obj-$(CONFIG_MODULE_SIG) += module-verify.o - obj-$(CONFIG_KALLSYMS) += kallsyms.o - obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o - obj-$(CONFIG_KEXEC) += kexec.o -diff --git a/kernel/module-verify-defs.h b/kernel/module-verify-defs.h -new file mode 100644 -index 0000000..141ddab ---- /dev/null -+++ b/kernel/module-verify-defs.h -@@ -0,0 +1,77 @@ -+/* Module verification internal definitions -+ * -+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. -+ * Written by David Howells (dhowells@redhat.com) -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public Licence -+ * as published by the Free Software Foundation; either version -+ * 2 of the Licence, or (at your option) any later version. -+ */ -+ -+#ifdef CONFIG_MODULE_SIG -+ -+/* -+ * Internal state -+ */ -+struct module_verify_data { -+ struct crypto_key_verify_context *mod_sig; /* Module signing context */ -+ union { -+ const void *buffer; /* module buffer */ -+ const Elf_Ehdr *hdr; /* ELF header */ -+ }; -+ const Elf_Shdr *sections; /* ELF section table */ -+ const char *secstrings; /* ELF section string table */ -+ const void *sig; /* Signature note content */ -+ size_t size; /* module object size */ -+ size_t nsects; /* number of sections */ -+ size_t sig_size; /* Size of signature */ -+ size_t signed_size; /* count of bytes contributed to digest */ -+ unsigned *canonlist; /* list of canonicalised sections */ -+ unsigned *canonmap; /* section canonicalisation map */ -+ unsigned ncanon; /* number of canonicalised sections */ -+ unsigned sig_index; /* module signature section index */ -+ uint8_t xcsum; /* checksum of bytes contributed to digest */ -+ uint8_t csum; /* checksum of bytes representing a section */ -+}; -+ -+/* -+ * Whether or not we support various types of ELF relocation record -+ */ -+#if defined(MODULE_HAS_ELF_REL_ONLY) -+#define is_elf_rel(sh_type) ((sh_type) == SHT_REL) -+#define is_elf_rela(sh_type) (0) -+#elif defined(MODULE_HAS_ELF_RELA_ONLY) -+#define is_elf_rel(sh_type) (0) -+#define is_elf_rela(sh_type) ((sh_type) == SHT_RELA) -+#else -+#define is_elf_rel(sh_type) ((sh_type) == SHT_REL) -+#define is_elf_rela(sh_type) ((sh_type) == SHT_RELA) -+#endif -+ -+/* -+ * Debugging. Define DEBUG to enable. -+ */ -+#define _debug(FMT, ...) \ -+ do { \ -+ if (unlikely(modsign_debug)) \ -+ pr_debug(FMT, ##__VA_ARGS__); \ -+ } while (0) -+ -+#ifdef DEBUG -+#define count_and_csum(C, __p, __n) \ -+ do { \ -+ int __loop; \ -+ for (__loop = 0; __loop < __n; __loop++) { \ -+ (C)->csum += __p[__loop]; \ -+ (C)->xcsum += __p[__loop]; \ -+ } \ -+ (C)->signed_size += __n; \ -+ } while (0) -+#else -+#define count_and_csum(C, __p, __n) \ -+ do { \ -+ } while (0) -+#endif -+ -+#endif /* CONFIG_MODULE_SIG */ -diff --git a/kernel/module-verify.c b/kernel/module-verify.c -new file mode 100644 -index 0000000..4bf857e ---- /dev/null -+++ b/kernel/module-verify.c -@@ -0,0 +1,110 @@ -+/* Module signature verification -+ * -+ * The code in this file examines a signed kernel module and attempts to -+ * determine if the PGP signature inside the module matches a digest of the -+ * allocatable sections and the canonicalised relocation tables for those -+ * allocatable sections. -+ * -+ * The module signature is included in an ELF note within the ELF structure of -+ * the module blob. This, combined with the minimal canonicalisation performed -+ * here, permits the module to pass through "strip -x", "strip -g" and -+ * "eu-strip" without becoming corrupt. "strip" and "strip -s" will render a -+ * module unusable by removing the symbol table. -+ * -+ * Copyright (C) 2004, 2011, 2012 Red Hat, Inc. All Rights Reserved. -+ * Written by David Howells (dhowells@redhat.com) -+ * - Derived from GregKH's RSA module signer -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ */ -+ -+#undef DEBUG -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "module-verify.h" -+#include "module-verify-defs.h" -+ -+#ifdef DEBUG -+static int modsign_debug; -+core_param(modsign_debug, modsign_debug, int, 0644); -+#else -+#define modsign_debug false -+#endif -+ -+#ifdef CONFIG_MODULE_SIG_FORCE -+#define modsign_signedonly true -+#else -+static bool modsign_signedonly; -+#endif -+ -+static const char modsign_note_name[] = ELFNOTE_NAME(MODSIGN_NOTE_NAME); -+static const char modsign_note_section[] = ELFNOTE_SECTION(MODSIGN_NOTE_NAME); -+ -+/* -+ * Verify a module's integrity -+ */ -+int module_verify(const Elf_Ehdr *hdr, size_t size, bool *_gpgsig_ok) -+{ -+ struct module_verify_data mvdata; -+ int ret; -+ -+ memset(&mvdata, 0, sizeof(mvdata)); -+ mvdata.buffer = hdr; -+ mvdata.size = size; -+ -+ if (mvdata.sig_index <= 0) { -+ /* Deal with an unsigned module */ -+ if (modsign_signedonly) { -+ pr_err("An attempt to load unsigned module was rejected\n"); -+ return -EKEYREJECTED; -+ } else { -+ return 0; -+ } -+ goto out; -+ } -+ -+ ret = 0; -+ -+out: -+ switch (ret) { -+ case 0: /* Good signature */ -+ *_gpgsig_ok = true; -+ break; -+ case -ELIBBAD: -+ pr_err("Module format error encountered\n"); -+ break; -+ case -EBADMSG: -+ pr_err("Module signature error encountered\n"); -+ break; -+ case -EKEYREJECTED: /* Signature mismatch or number format error */ -+ pr_err("Module signature verification failed\n"); -+ break; -+ case -ENOKEY: /* Signed, but we don't have the public key */ -+ pr_err("Module signed with unknown public key\n"); -+ break; -+ default: /* Other error (probably ENOMEM) */ -+ break; -+ } -+ return ret; -+} -+ -+static int __init sign_setup(char *str) -+{ -+#ifndef CONFIG_MODULE_SIG_FORCE -+ modsign_signedonly = true; -+#endif -+ return 0; -+} -+__setup("enforcemodulesig", sign_setup); -diff --git a/kernel/module-verify.h b/kernel/module-verify.h -new file mode 100644 -index 0000000..c640634 ---- /dev/null -+++ b/kernel/module-verify.h -@@ -0,0 +1,20 @@ -+/* Module verification definitions -+ * -+ * Copyright (C) 2004, 2012 Red Hat, Inc. All Rights Reserved. -+ * Written by David Howells (dhowells@redhat.com) -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ */ -+ -+#ifdef CONFIG_MODULE_SIG -+extern int module_verify(const Elf_Ehdr *hdr, size_t size, bool *_gpgsig_ok); -+#else -+static inline int module_verify(const Elf_Ehdr *hdr, size_t size, -+ bool *_gpgsig_ok) -+{ -+ return 0; -+} -+#endif -diff --git a/kernel/module.c b/kernel/module.c -index 087aeed..a59a9da 100644 ---- a/kernel/module.c -+++ b/kernel/module.c -@@ -58,6 +58,7 @@ - #include - #include - #include -+#include "module-verify.h" - - #define CREATE_TRACE_POINTS - #include -@@ -2382,7 +2383,8 @@ static inline void kmemleak_load_module(const struct module *mod, - /* Sets info->hdr and info->len. */ - static int copy_and_check(struct load_info *info, - const void __user *umod, unsigned long len, -- const char __user *uargs) -+ const char __user *uargs, -+ bool *_gpgsig_ok) - { - int err; - Elf_Ehdr *hdr; -@@ -2415,6 +2417,12 @@ static int copy_and_check(struct load_info *info, - goto free_hdr; - } - -+ /* Verify the module's contents */ -+ *_gpgsig_ok = false; -+ err = module_verify(hdr, len, _gpgsig_ok); -+ if (err < 0) -+ goto free_hdr; -+ - info->hdr = hdr; - info->len = len; - return 0; -@@ -2757,7 +2765,8 @@ int __weak module_frob_arch_sections(Elf_Ehdr *hdr, - return 0; - } - --static struct module *layout_and_allocate(struct load_info *info) -+static struct module *layout_and_allocate(struct load_info *info, -+ bool gpgsig_ok) - { - /* Module within temporary copy. */ - struct module *mod; -@@ -2767,6 +2776,7 @@ static struct module *layout_and_allocate(struct load_info *info) - mod = setup_load_info(info); - if (IS_ERR(mod)) - return mod; -+ mod->gpgsig_ok = gpgsig_ok; - - err = check_modinfo(mod, info); - if (err) -@@ -2850,17 +2860,18 @@ static struct module *load_module(void __user *umod, - struct load_info info = { NULL, }; - struct module *mod; - long err; -+ bool gpgsig_ok; - - pr_debug("load_module: umod=%p, len=%lu, uargs=%p\n", - umod, len, uargs); - - /* Copy in the blobs from userspace, check they are vaguely sane. */ -- err = copy_and_check(&info, umod, len, uargs); -+ err = copy_and_check(&info, umod, len, uargs, &gpgsig_ok); - if (err) - return ERR_PTR(err); - - /* Figure out module layout, and allocate all the memory. */ -- mod = layout_and_allocate(&info); -+ mod = layout_and_allocate(&info, gpgsig_ok); - if (IS_ERR(mod)) { - err = PTR_ERR(mod); - goto free_copy; -@@ -3497,8 +3508,13 @@ void print_modules(void) - printk(KERN_DEFAULT "Modules linked in:"); - /* Most callers should already have preempt disabled, but make sure */ - preempt_disable(); -- list_for_each_entry_rcu(mod, &modules, list) -+ list_for_each_entry_rcu(mod, &modules, list) { - printk(" %s%s", mod->name, module_flags(mod, buf)); -+#ifdef CONFIG_MODULE_SIG -+ if (!mod->gpgsig_ok) -+ printk("(U)"); -+#endif -+ } - preempt_enable(); - if (last_unloaded_module[0]) - printk(" [last unloaded: %s]", last_unloaded_module); --- -1.7.11.4 - - -From 0f8f372047d8220e1d918797972746bb9fe345d9 Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 01:38:45 +0100 -Subject: [PATCH 24/32] MODSIGN: Automatically generate module signing keys if - missing - -Automatically generate keys for module signing if they're absent so that -allyesconfig doesn't break. The builder should consider generating their own -keyrings, however, so that the keys are appropriately named and any extra keys -required get imported. - -Also change the names of the keyring files to modsign.pub and modsign.sec so -that they are then a more obvious what they're about and add a dependency for -the signing rules on the keyring files so that the signatures get regenerated -if the keyrings change. - -Signed-off-by: David Howells ---- - kernel/Makefile | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 49 insertions(+) - -diff --git a/kernel/Makefile b/kernel/Makefile -index cec222a..28cd248 100644 ---- a/kernel/Makefile -+++ b/kernel/Makefile -@@ -132,3 +132,52 @@ quiet_cmd_timeconst = TIMEC $@ - targets += timeconst.h - $(obj)/timeconst.h: $(src)/timeconst.pl FORCE - $(call if_changed,timeconst) -+ -+############################################################################### -+# -+# If module signing is requested, say by allyesconfig, but a key has not been -+# supplied, then one will need to be generated to make sure the build does not -+# fail and that the kernel may be used afterwards. -+# -+############################################################################### -+ifeq ($(CONFIG_MODULE_SIG),y) -+modsign.pub modsign.sec: genkey -+ @echo "###" -+ @echo "### Now generating a PGP key pair to be used for signing modules." -+ @echo "###" -+ @echo "### If this takes a long time, you might wish to run rngd in the" -+ @echo "### background to keep the supply of entropy topped up. It" -+ @echo "### needs to be run as root and should use a hardware random" -+ @echo "### number generator if one is available, eg:" -+ @echo "###" -+ @echo "### rngd -r /dev/hwrandom" -+ @echo "###" -+ gpg --homedir . --batch --gen-key genkey -+ @echo "###" -+ @echo "### Key pair generated." -+ @echo "###" -+ rm -f pubring.gpg secring.gpg trustdb.gpg -+ -+genkey: -+ @echo "###" >&2 -+ @echo "### Now generating a sample key generation script." >&2 -+ @echo "###" >&2 -+ @echo "### IT IS STRONGLY RECOMMENDED THAT YOU SUPPLY YOUR OWN" >&2 -+ @echo "### SCRIPT WITH APPROPRIATE NAME FIELDS FILLED IN." >&2 -+ @echo "###" >&2 -+ @echo "### If you have a hardware random number generator feeding" >&2 -+ @echo "### into /dev/random, you should drop the %no-protection" >&2 -+ @echo "### and %transient-key lines from the script." >&2 -+ @echo "###" >&2 -+ echo "%pubring modsign.pub" >genkey -+ echo "%secring modsign.sec" >>genkey -+ echo "%no-protection: yes" >> genkey -+ echo "%transient-key: yes" >>genkey -+ echo "Key-Type: RSA" >>genkey -+ echo "Key-Length: 4096" >>genkey -+ echo "Name-Real: Sample kernel key" >>genkey -+ echo "Name-Comment: Sample kernel module signing key" >>genkey -+ echo "%commit" >>genkey -+ -+endif -+CLEAN_FILES += modsign.pub modsign.sec genkey random_seed --- -1.7.11.4 - - -From be5544dce081ccb49fd452a6273c5024208b2f06 Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 01:38:45 +0100 -Subject: [PATCH 25/32] MODSIGN: Provide module signing public keys to the - kernel - -Include a PGP keyring containing the public keys required to perform module -verification in the kernel image during build and create a special keyring -during boot which is then populated with keys of crypto type holding the public -keys found in the PGP keyring. - -These can be seen by root: - -[root@andromeda ~]# cat /proc/keys -07ad4ee0 I----- 1 perm 3f010000 0 0 crypto modsign.0: RSA 87b9b3bd [] -15c7f8c3 I----- 1 perm 1f030000 0 0 keyring .module_sign: 1/4 -... - -It is probably worth permitting root to invalidate these keys, resulting in -their removal and preventing further modules from being loaded with that key. - -Signed-off-by: David Howells ---- - kernel/Makefile | 25 ++++++++------- - kernel/modsign-pubkey.c | 75 +++++++++++++++++++++++++++++++++++++++++++++ - kernel/module-verify-defs.h | 4 +++ - kernel/module-verify.c | 2 -- - 4 files changed, 93 insertions(+), 13 deletions(-) - create mode 100644 kernel/modsign-pubkey.c - -diff --git a/kernel/Makefile b/kernel/Makefile -index 28cd248..1d20704 100644 ---- a/kernel/Makefile -+++ b/kernel/Makefile -@@ -55,7 +55,8 @@ obj-$(CONFIG_DEBUG_SPINLOCK) += spinlock.o - obj-$(CONFIG_PROVE_LOCKING) += spinlock.o - obj-$(CONFIG_UID16) += uid16.o - obj-$(CONFIG_MODULES) += module.o --obj-$(CONFIG_MODULE_SIG) += module-verify.o -+obj-$(CONFIG_MODULE_SIG) += module-verify.o modsign-pubkey.o -+kernel/modsign-pubkey.o: modsign.pub - obj-$(CONFIG_KALLSYMS) += kallsyms.o - obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o - obj-$(CONFIG_KEXEC) += kexec.o -@@ -159,16 +160,18 @@ modsign.pub modsign.sec: genkey - rm -f pubring.gpg secring.gpg trustdb.gpg - - genkey: -- @echo "###" >&2 -- @echo "### Now generating a sample key generation script." >&2 -- @echo "###" >&2 -- @echo "### IT IS STRONGLY RECOMMENDED THAT YOU SUPPLY YOUR OWN" >&2 -- @echo "### SCRIPT WITH APPROPRIATE NAME FIELDS FILLED IN." >&2 -- @echo "###" >&2 -- @echo "### If you have a hardware random number generator feeding" >&2 -- @echo "### into /dev/random, you should drop the %no-protection" >&2 -- @echo "### and %transient-key lines from the script." >&2 -- @echo "###" >&2 -+ @echo "kernel/Makefile:163: ###" >&2 -+ @echo "kernel/Makefile:163: ### CONFIG_MODULE_SIG is enabled so a public key is needed." >&2 -+ @echo "kernel/Makefile:163: ###" >&2 -+ @echo "kernel/Makefile:163: ### Now generating a sample key generation script." >&2 -+ @echo "kernel/Makefile:163: ###" >&2 -+ @echo "kernel/Makefile:163: ### IT IS STRONGLY RECOMMENDED THAT YOU SUPPLY YOUR OWN" >&2 -+ @echo "kernel/Makefile:163: ### SCRIPT WITH APPROPRIATE NAME FIELDS FILLED IN." >&2 -+ @echo "kernel/Makefile:163: ###" >&2 -+ @echo "kernel/Makefile:163: ### If you have a hardware random number generator feeding" >&2 -+ @echo "kernel/Makefile:163: ### into /dev/random, you should drop the %no-protection" >&2 -+ @echo "kernel/Makefile:163: ### and %transient-key lines from the script." >&2 -+ @echo "kernel/Makefile:163: ###" >&2 - echo "%pubring modsign.pub" >genkey - echo "%secring modsign.sec" >>genkey - echo "%no-protection: yes" >> genkey -diff --git a/kernel/modsign-pubkey.c b/kernel/modsign-pubkey.c -new file mode 100644 -index 0000000..5fdb082 ---- /dev/null -+++ b/kernel/modsign-pubkey.c -@@ -0,0 +1,75 @@ -+/* Public keys for module signature verification -+ * -+ * Copyright (C) 2011 Red Hat, Inc. All Rights Reserved. -+ * Written by David Howells (dhowells@redhat.com) -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public Licence -+ * as published by the Free Software Foundation; either version -+ * 2 of the Licence, or (at your option) any later version. -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include "module-verify-defs.h" -+ -+struct key *modsign_keyring; -+ -+extern __initdata const u8 modsign_public_keys[]; -+extern __initdata const u8 modsign_public_keys_end[]; -+asm(".section .init.data,\"aw\"\n" -+ "modsign_public_keys:\n" -+ ".incbin \"modsign.pub\"\n" -+ "modsign_public_keys_end:" -+ ); -+ -+/* -+ * We need to make sure ccache doesn't cache the .o file as it doesn't notice -+ * if modsign.pub changes. -+ */ -+static __initdata const char annoy_ccache[] = __TIME__ "foo"; -+ -+/* -+ * Load the compiled-in keys -+ */ -+static __init int module_verify_init(void) -+{ -+ pr_notice("Initialise module verification\n"); -+ -+ modsign_keyring = key_alloc(&key_type_keyring, ".module_sign", -+ 0, 0, current_cred(), -+ (KEY_POS_ALL & ~KEY_POS_SETATTR) | -+ KEY_USR_VIEW | KEY_USR_READ, -+ KEY_ALLOC_NOT_IN_QUOTA); -+ if (IS_ERR(modsign_keyring)) -+ panic("Can't allocate module signing keyring\n"); -+ -+ if (key_instantiate_and_link(modsign_keyring, NULL, 0, NULL, NULL) < 0) -+ panic("Can't instantiate module signing keyring\n"); -+ -+ return 0; -+} -+ -+/* -+ * Must be initialised before we try and load the keys into the keyring. -+ */ -+device_initcall(module_verify_init); -+ -+/* -+ * Load the compiled-in keys -+ */ -+static __init int modsign_pubkey_init(void) -+{ -+ pr_notice("Load module verification keys\n"); -+ -+ if (preload_pgp_keys(modsign_public_keys, -+ modsign_public_keys_end - modsign_public_keys, -+ modsign_keyring) < 0) -+ panic("Can't load module signing keys\n"); -+ -+ return 0; -+} -+late_initcall(modsign_pubkey_init); -diff --git a/kernel/module-verify-defs.h b/kernel/module-verify-defs.h -index 141ddab..2fe31e1 100644 ---- a/kernel/module-verify-defs.h -+++ b/kernel/module-verify-defs.h -@@ -11,6 +11,10 @@ - - #ifdef CONFIG_MODULE_SIG - -+#include -+ -+extern struct key *modsign_keyring; -+ - /* - * Internal state - */ -diff --git a/kernel/module-verify.c b/kernel/module-verify.c -index 4bf857e..05473e6 100644 ---- a/kernel/module-verify.c -+++ b/kernel/module-verify.c -@@ -28,8 +28,6 @@ - #include - #include - #include --#include --#include - #include - #include - #include --- -1.7.11.4 - - -From 34c918aacc002f8a7226a26a0d8af614c6f4430e Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 01:38:45 +0100 -Subject: [PATCH 26/32] MODSIGN: Check the ELF container - -Check the ELF container of the kernel module to prevent the kernel from -crashing or getting corrupted whilst trying to use it and locate the module -signature note if present. - -We try to check as little as possible. We check the metadata that the -signature checker actually has to use, and leave anything that it doesn't -actually need to the signature to catch. - -The stuff we need to check is: - - (1) The locations and offsets in the ELF header of important parts like the - section table. - - (2) The section table. Note that we only check sh_info for section types that - we're actually interested in (string, symbol and relocation tables). We - also check that alignments are what we expect for those tables. - - (3) That non-empty string tables have the required NUL at the end so that we - can be sure that all strings therein are NUL-terminated. We don't bother - checking for the required NUL at the beginning as it shouldn't cause a - problem to us. - - (4) The name offset and section index in each symbol. We could defer this to - when we deal with the relocation tables so that we only check symbols that - are used by relocations - but we would then end up checking some symbols - multiple times. - - (5) The module signature note section and the first note in it if present. - - (6) That relocations applied to an allocatable section only refer to - symbols in allocatable sections and absolute symbols (done in the module - signing code rather than here). - -Note that these checks survive "strip -x", "strip -g" and "eu-strip" being -applied to a module and detect if the module was given to "strip" or "strip -s" -and report an error. - -We can skip some direct checks that turn out unnecessary or redundant: - - (1) That sh_link has a greater than 0 value for symbol tables and relocation - tables. These require the index of a string table and a symbol table - respectively - and since we have already checked section 0 is of SHT_NULL - type, checking the symbol type renders the sh_link > 0 check redundant. - - (2) That a non-empty string table begins with a NUL. Since we check the - string table ends with a NUL, any string in there will be NUL-terminated - and shouldn't cause us to transgress beyond the bounds of the string table - when using strlen(). - - (3) That strings in a string table actually make sense. We don't care, so - long as it is NUL terminated. Any string that refers to an undefined - symbol is added to the crypto digest and will be checked that way. - Strings that we directly look for (such as ".modinfo") will be validated - by that. - - (4) That sections don't overlap. We don't actually care if sections overlap - in the file, provided we don't see bad metadata. If the sections holding - the allocatable content overlap, then the signature check is likely to - fail. - - (5) That symbol values and relocation offsets and addends make sense. We just - add this data to the digest if it pertains to an allocatable section. - - (6) That allocatable note sections, other than the signature note, make sense. - The contents of these get added to the digest in their entirety, so we - don't need to check them manually. - -If bad ELF is detected, ELIBBAD is indicated. - -Note! The "noinline" attribute on the module_verify_elf() function results in -somewhat smaller code. Similarly, having separate loops to check basic section -parameters and to check type-specific features of sections results in smaller -code, presumably because some local variables can be discarded. - -Signed-off-by: David Howells ---- - kernel/module-verify.c | 230 +++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 230 insertions(+) - -diff --git a/kernel/module-verify.c b/kernel/module-verify.c -index 05473e6..2161d11 100644 ---- a/kernel/module-verify.c -+++ b/kernel/module-verify.c -@@ -51,6 +51,228 @@ static const char modsign_note_name[] = ELFNOTE_NAME(MODSIGN_NOTE_NAME); - static const char modsign_note_section[] = ELFNOTE_SECTION(MODSIGN_NOTE_NAME); - - /* -+ * Verify the minimum amount of ELF structure of a module needed to check the -+ * module's signature without bad ELF crashing the kernel. -+ */ -+static noinline int module_verify_elf(struct module_verify_data *mvdata) -+{ -+ const struct elf_note *note; -+ const Elf_Ehdr *hdr = mvdata->hdr; -+ const Elf_Shdr *section, *secstop; -+ const Elf_Sym *symbols, *symbol, *symstop; -+ const char *strtab; -+ size_t size, secstrsize, strsize, notesize, notemetasize; -+ unsigned line; -+ -+ size = mvdata->size; -+ -+#define elfcheck(X) \ -+do { if (unlikely(!(X))) { line = __LINE__; goto elfcheck_error; } } while (0) -+ -+#define seccheck(X) \ -+do { if (unlikely(!(X))) { line = __LINE__; goto seccheck_error; } } while (0) -+ -+#define symcheck(X) \ -+do { if (unlikely(!(X))) { line = __LINE__; goto symcheck_error; } } while (0) -+ -+ /* Validate the ELF header */ -+ elfcheck(size > sizeof(Elf_Ehdr)); -+ elfcheck(hdr->e_ehsize < size); -+ -+ elfcheck(hdr->e_shnum < SHN_LORESERVE); -+ elfcheck(hdr->e_shstrndx < hdr->e_shnum); -+ elfcheck(hdr->e_shentsize == sizeof(Elf_Shdr)); -+ elfcheck(hdr->e_shoff < size); -+ elfcheck(hdr->e_shoff >= hdr->e_ehsize); -+ elfcheck(hdr->e_shoff % sizeof(long) == 0); -+ elfcheck(hdr->e_shnum * sizeof(Elf_Shdr) <= size - hdr->e_shoff); -+ -+ /* Validate the section table contents */ -+ mvdata->nsects = hdr->e_shnum; -+ mvdata->sections = mvdata->buffer + hdr->e_shoff; -+ secstop = mvdata->sections + mvdata->nsects; -+ -+ /* Section 0 is special, usually indicating an undefined symbol */ -+ section = &mvdata->sections[SHN_UNDEF]; -+ seccheck(section->sh_type == SHT_NULL); -+ -+ /* We also want access to the section name table */ -+ section = &mvdata->sections[hdr->e_shstrndx]; -+ seccheck(section->sh_type == SHT_STRTAB); -+ secstrsize = mvdata->sections[hdr->e_shstrndx].sh_size; -+ -+ for (section = mvdata->sections + 1; section < secstop; section++) { -+ seccheck(section->sh_name < secstrsize); -+ seccheck(section->sh_link < hdr->e_shnum); -+ -+ /* Section file offsets must reside within the file, though -+ * they don't have to actually consume file space (.bss for -+ * example). -+ */ -+ seccheck(section->sh_offset >= hdr->e_ehsize); -+ if (section->sh_addralign > 1) -+ seccheck((section->sh_offset & -+ (section->sh_addralign - 1)) == 0); -+ seccheck(section->sh_offset <= size); -+ if (section->sh_type != SHT_NOBITS) -+ seccheck(section->sh_size <= size - section->sh_offset); -+ -+ /* Some types of section should contain arrays of fixed-length -+ * records of a predetermined size and mustn't contain partial -+ * records. Also, records we're going to access directly must -+ * have appropriate alignment that we don't get a misalignment -+ * exception. -+ */ -+ if (section->sh_entsize > 1) -+ seccheck(section->sh_size % section->sh_entsize == 0); -+ -+ switch (section->sh_type) { -+ case SHT_SYMTAB: -+ seccheck(section->sh_entsize == sizeof(Elf_Sym)); -+ seccheck(section->sh_addralign % sizeof(long) == 0); -+ break; -+ case SHT_REL: -+#ifdef Elf_Rel -+ seccheck(section->sh_entsize == sizeof(Elf_Rel)); -+ seccheck(section->sh_addralign % sizeof(long) == 0); -+ break; -+#else -+ seccheck(false); -+ break; -+#endif -+ case SHT_RELA: -+#ifdef Elf_Rela -+ seccheck(section->sh_entsize == sizeof(Elf_Rela)); -+ seccheck(section->sh_addralign % sizeof(long) == 0); -+ break; -+#else -+ seccheck(false); -+ break; -+#endif -+ case SHT_NOTE: -+ seccheck(section->sh_addralign % 4 == 0); -+ break; -+ case SHT_STRTAB: -+ /* We require all string tables to be non-empty. If -+ * not empty, a string table must end in a NUL (it -+ * should also begin with a NUL, but it's not a problem -+ * for us if it doesn't). -+ */ -+ seccheck(section->sh_size >= 2); -+ strtab = mvdata->buffer + section->sh_offset; -+ seccheck(strtab[section->sh_size - 1] == '\0'); -+ break; -+ } -+ } -+ -+ /* Check features specific to the type of each section. -+ * -+ * Note that having a separate loop here allows the compiler to discard -+ * some local variables used in the above loop thus making the code -+ * smaller. -+ */ -+ for (section = mvdata->sections + 1; section < secstop; section++) { -+ switch (section->sh_type) { -+ case SHT_SYMTAB: -+ /* Symbol tables nominate a string table. */ -+ seccheck(mvdata->sections[section->sh_link].sh_type == -+ SHT_STRTAB); -+ -+ /* Validate the symbols in the table. The first symbol -+ * (STN_UNDEF) is special. -+ */ -+ symbol = symbols = mvdata->buffer + section->sh_offset; -+ symstop = mvdata->buffer + -+ (section->sh_offset + section->sh_size); -+ -+ symcheck(ELF_ST_TYPE(symbols[0].st_info) == STT_NOTYPE); -+ symcheck(symbol[0].st_shndx == SHN_UNDEF); -+ -+ strsize = mvdata->sections[section->sh_link].sh_size; -+ for (symbol++; symbol < symstop; symbol++) { -+ symcheck(symbol->st_name < strsize); -+ symcheck(symbol->st_shndx < hdr->e_shnum || -+ symbol->st_shndx >= SHN_LORESERVE); -+ } -+ break; -+ -+#ifdef Elf_Rel -+ case SHT_REL: -+#endif -+#ifdef Elf_Rela -+ case SHT_RELA: -+#endif -+ /* Relocation tables nominate a symbol table and a -+ * target section to which the relocations will be -+ * applied. -+ */ -+ seccheck(mvdata->sections[section->sh_link].sh_type == -+ SHT_SYMTAB); -+ seccheck(section->sh_info > 0); -+ seccheck(section->sh_info < hdr->e_shnum); -+ break; -+ } -+ } -+ -+ /* We can now use section name string table section as we checked its -+ * bounds in the loop above. -+ * -+ * Each name is NUL-terminated, and the table as a whole should have a -+ * NUL at either end as there to be at least one named section for the -+ * module information. -+ */ -+ section = &mvdata->sections[hdr->e_shstrndx]; -+ mvdata->secstrings = mvdata->buffer + section->sh_offset; -+ -+ for (section = mvdata->sections + 1; section < secstop; section++) { -+ const char *name = mvdata->secstrings + section->sh_name; -+ -+ switch (section->sh_type) { -+ case SHT_NOTE: -+ if (strcmp(name, modsign_note_section) != 0) -+ continue; -+ -+ /* We've found a note purporting to contain a signature -+ * so we should check the structure of that. -+ */ -+ notemetasize = sizeof(struct elf_note) + -+ roundup(sizeof(modsign_note_name), 4); -+ -+ seccheck(mvdata->sig_index == 0); -+ seccheck(section->sh_size > notemetasize); -+ note = mvdata->buffer + section->sh_offset; -+ seccheck(note->n_type == MODSIGN_NOTE_TYPE); -+ seccheck(note->n_namesz == sizeof(modsign_note_name)); -+ -+ notesize = section->sh_size - notemetasize; -+ seccheck(note->n_descsz <= notesize); -+ -+ seccheck(memcmp(note + 1, modsign_note_name, -+ note->n_namesz) == 0); -+ -+ mvdata->sig_size = note->n_descsz; -+ mvdata->sig = (void *)note + notemetasize; -+ mvdata->sig_index = section - mvdata->sections; -+ break; -+ } -+ } -+ -+ return 0; -+ -+elfcheck_error: -+ _debug("Verify ELF error (check %u)\n", line); -+ return -ELIBBAD; -+seccheck_error: -+ _debug("Verify ELF error [sec %ld] (check %u)\n", -+ (long)(section - mvdata->sections), line); -+ return -ELIBBAD; -+symcheck_error: -+ _debug("Verify ELF error [sym %ld] (check %u)\n", -+ (long)(symbol - symbols), line); -+ return -ELIBBAD; -+} -+ -+/* - * Verify a module's integrity - */ - int module_verify(const Elf_Ehdr *hdr, size_t size, bool *_gpgsig_ok) -@@ -62,6 +284,14 @@ int module_verify(const Elf_Ehdr *hdr, size_t size, bool *_gpgsig_ok) - mvdata.buffer = hdr; - mvdata.size = size; - -+ /* Minimally check the ELF to make sure building the signature digest -+ * won't crash the kernel. -+ */ -+ ret = module_verify_elf(&mvdata); -+ if (ret < 0) -+ goto out; -+ -+ /* The ELF checker found the sig for us if it exists */ - if (mvdata.sig_index <= 0) { - /* Deal with an unsigned module */ - if (modsign_signedonly) { --- -1.7.11.4 - - -From 2de4559e24c416e6813c10edbe3cc433ecd0dd50 Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 01:38:46 +0100 -Subject: [PATCH 27/32] MODSIGN: Produce a filtered and canonicalised section - list - -Build a list of the sections in which we're interested and canonicalise the -section indices to avoid the problems of the section table being altered by ld -when the signature is linked into the binary and by strip. - -The only sections in which we're actually interested are those that are marked -allocatable (which will be kept in memory) and relocation tables that are -applicable to those sections. - -Canonicalisation is done by sorting the filtered list in order of section name. - -Signed-off-by: David Howells ---- - kernel/module-verify.c | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 80 insertions(+) - -diff --git a/kernel/module-verify.c b/kernel/module-verify.c -index 2161d11..646b104 100644 ---- a/kernel/module-verify.c -+++ b/kernel/module-verify.c -@@ -273,6 +273,80 @@ symcheck_error: - } - - /* -+ * Canonicalise the section table index numbers. -+ * -+ * We build a list of the sections we want to add to the digest and sort it by -+ * name. We're only interested in adding two types of section: -+ * -+ * (1) Allocatable sections. These should have no references to other -+ * sections. -+ * -+ * (2) Relocation tables for allocatable sections. The section table entry -+ * has a reference to the target section to which the relocations will be -+ * applied. The relocation entries have references to symbols in -+ * non-allocatable sections. Symbols can be replaced by their contents, -+ * but do include a further reference to a section - which must be -+ * canonicalised. -+ * -+ * We also build a map of raw section index to canonical section index. -+ */ -+static int module_verify_canonicalise(struct module_verify_data *mvdata) -+{ -+ const Elf_Shdr *sechdrs = mvdata->sections; -+ unsigned *canonlist, canon, loop, tmp; -+ bool changed; -+ -+ canonlist = kmalloc(sizeof(unsigned) * mvdata->nsects * 2, GFP_KERNEL); -+ if (!canonlist) -+ return -ENOMEM; -+ -+ mvdata->canonlist = canonlist; -+ mvdata->canonmap = canonlist + mvdata->nsects; -+ canon = 0; -+ -+ for (loop = 1; loop < mvdata->nsects; loop++) { -+ const Elf_Shdr *section = mvdata->sections + loop; -+ -+ if (loop == mvdata->sig_index) -+ continue; -+ -+ /* We only want allocatable sections and relocation tables */ -+ if (section->sh_flags & SHF_ALLOC) -+ canonlist[canon++] = loop; -+ else if ((is_elf_rel(section->sh_type) || -+ is_elf_rela(section->sh_type)) && -+ mvdata->sections[section->sh_info].sh_flags & SHF_ALLOC) -+ canonlist[canon++] = loop; -+ } -+ -+ /* Sort the canonicalisation list */ -+ do { -+ changed = false; -+ -+ for (loop = 0; loop < canon - 1; loop++) { -+ const char *x, *y; -+ -+ x = mvdata->secstrings + sechdrs[canonlist[loop + 0]].sh_name; -+ y = mvdata->secstrings + sechdrs[canonlist[loop + 1]].sh_name; -+ -+ if (strcmp(x, y) > 0) { -+ tmp = canonlist[loop + 0]; -+ canonlist[loop + 0] = canonlist[loop + 1]; -+ canonlist[loop + 1] = tmp; -+ changed = true; -+ } -+ } -+ } while (changed); -+ -+ /* What we really want is a raw-to-canon lookup table */ -+ memset(mvdata->canonmap, 0xff, mvdata->nsects * sizeof(unsigned)); -+ for (loop = 0; loop < canon; loop++) -+ mvdata->canonmap[mvdata->canonlist[loop]] = loop + 1; -+ mvdata->ncanon = canon; -+ return 0; -+} -+ -+/* - * Verify a module's integrity - */ - int module_verify(const Elf_Ehdr *hdr, size_t size, bool *_gpgsig_ok) -@@ -303,7 +377,13 @@ int module_verify(const Elf_Ehdr *hdr, size_t size, bool *_gpgsig_ok) - goto out; - } - -+ /* Produce a canonicalisation map for the sections */ -+ ret = module_verify_canonicalise(&mvdata); -+ if (ret < 0) -+ goto out; -+ - ret = 0; -+ kfree(mvdata.canonlist); - - out: - switch (ret) { --- -1.7.11.4 - - -From 3c8e71a46663f1fc3ee49fe3f6fa5c3bb85b704c Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 01:38:46 +0100 -Subject: [PATCH 28/32] MODSIGN: Create digest of module content and check - signature - -Apply signature checking to modules on module load, checking the signature -against the ring of public keys compiled into the kernel (if enabled by -CONFIG_MODULE_SIG). Turning on signature checking will also force the module's -ELF metadata to be verified first. - -There are several reasons why these patches are useful, amongst which are: - - (1) to prevent accidentally corrupted modules from causing damage; - - (2) to prevent maliciously modified modules from causing damage; - - (3) to allow a sysadmin (or more likely an IT department) to enforce a policy - that only known and approved modules shall be loaded onto machines which - they're expected to support; - - (4) to allow other support providers to do likewise, or at least to _detect_ - the fact that unsupported modules are loaded; - - (5) to allow the detection of modules replaced by a second-order distro or a - preloaded Linux purveyor. - -These patches have two main appeals: (a) preventing malicious modules from -being loaded, and (b) reducing support workload by pointing out modules on a -crashing box that aren't what they're expected to be. - -Note that this is not a complete solution by any means: the core kernel is not -protected, and nor are /dev/mem or /dev/kmem, but it denies (or at least -controls) one relatively simple attack vector. To protect the kernel image -would be the responsibility of the boot loader or the system BIOS. - -This facility is optional: the builder of a kernel is by no means under any -requirement to actually enable it, let alone force the set of loadable modules -to be restricted to just those that the builder provides (there are degrees of -restriction available). - -Note! The "noinline" attribute on module_verify_signature() results in -somewhat smaller code. - -Signed-off-by: David Howells ---- - kernel/module-verify-defs.h | 13 +- - kernel/module-verify.c | 332 +++++++++++++++++++++++++++++++++++++++++++- - 2 files changed, 338 insertions(+), 7 deletions(-) - -diff --git a/kernel/module-verify-defs.h b/kernel/module-verify-defs.h -index 2fe31e1..cb477a2 100644 ---- a/kernel/module-verify-defs.h -+++ b/kernel/module-verify-defs.h -@@ -19,7 +19,7 @@ extern struct key *modsign_keyring; - * Internal state - */ - struct module_verify_data { -- struct crypto_key_verify_context *mod_sig; /* Module signing context */ -+ struct crypto_sig_verify_context *mod_sig; /* Module signing context */ - union { - const void *buffer; /* module buffer */ - const Elf_Ehdr *hdr; /* ELF header */ -@@ -42,15 +42,16 @@ struct module_verify_data { - /* - * Whether or not we support various types of ELF relocation record - */ --#if defined(MODULE_HAS_ELF_REL_ONLY) -+#ifdef Elf_Rel - #define is_elf_rel(sh_type) ((sh_type) == SHT_REL) --#define is_elf_rela(sh_type) (0) --#elif defined(MODULE_HAS_ELF_RELA_ONLY) -+#else - #define is_elf_rel(sh_type) (0) -+#endif -+ -+#ifdef Elf_Rela - #define is_elf_rela(sh_type) ((sh_type) == SHT_RELA) - #else --#define is_elf_rel(sh_type) ((sh_type) == SHT_REL) --#define is_elf_rela(sh_type) ((sh_type) == SHT_RELA) -+#define is_elf_rela(sh_type) (0) - #endif - - /* -diff --git a/kernel/module-verify.c b/kernel/module-verify.c -index 646b104..bee7e04 100644 ---- a/kernel/module-verify.c -+++ b/kernel/module-verify.c -@@ -50,6 +50,22 @@ static bool modsign_signedonly; - static const char modsign_note_name[] = ELFNOTE_NAME(MODSIGN_NOTE_NAME); - static const char modsign_note_section[] = ELFNOTE_SECTION(MODSIGN_NOTE_NAME); - -+#define crypto_digest_update_data(C, PTR, N) \ -+do { \ -+ uint8_t *__p = (uint8_t *)(PTR); \ -+ size_t __n = (N); \ -+ count_and_csum((C), __p, __n); \ -+ verify_sig_add_data((C)->mod_sig, __p, __n); \ -+} while (0) -+ -+#define crypto_digest_update_val(C, VAL) \ -+do { \ -+ uint8_t *__p = (uint8_t *)&(VAL); \ -+ size_t __n = sizeof(VAL); \ -+ count_and_csum((C), __p, __n); \ -+ verify_sig_add_data((C)->mod_sig, __p, __n); \ -+} while (0) -+ - /* - * Verify the minimum amount of ELF structure of a module needed to check the - * module's signature without bad ELF crashing the kernel. -@@ -346,6 +362,320 @@ static int module_verify_canonicalise(struct module_verify_data *mvdata) - return 0; - } - -+#ifdef Elf_Rel -+/* -+ * Extract an ELF REL table -+ * -+ * We need to canonicalise the entries in case section/symbol addition/removal -+ * has rearranged the symbol table and the section table. -+ */ -+static int extract_elf_rel(struct module_verify_data *mvdata, -+ unsigned secix, -+ const Elf_Rel *reltab, size_t nrels, -+ const char *sh_name) -+{ -+ struct { -+#ifdef CONFIG_64BIT -+ uint64_t r_offset; -+ uint64_t st_value; -+ uint64_t st_size; -+ uint32_t r_type; -+ uint16_t st_shndx; -+ uint8_t st_info; -+ uint8_t st_other; -+#else -+ uint32_t r_offset; -+ uint32_t st_value; -+ uint32_t st_size; -+ uint16_t st_shndx; -+ uint8_t r_type; -+ uint8_t st_info; -+ uint8_t st_other; -+#endif -+ } __packed relocation; -+ -+ const Elf_Shdr *relsec, *symsec, *strsec; -+ const Elf_Rel *reloc; -+ const Elf_Sym *symbols, *symbol; -+ const char *strings; -+ unsigned long r_sym; -+ size_t nsyms, loop; -+ -+ relsec = &mvdata->sections[secix]; -+ symsec = &mvdata->sections[relsec->sh_link]; -+ strsec = &mvdata->sections[symsec->sh_link]; -+ nsyms = symsec->sh_size / sizeof(Elf_Sym); -+ symbols = mvdata->buffer + symsec->sh_offset; -+ strings = mvdata->buffer + strsec->sh_offset; -+ -+ /* Contribute the relevant bits from a join of -+ * { REL, SYMBOL, SECTION } -+ */ -+ for (loop = 0; loop < nrels; loop++) { -+ unsigned st_shndx; -+ -+ reloc = &reltab[loop]; -+ -+ /* Decode the relocation */ -+ relocation.r_offset = reloc->r_offset; -+ relocation.r_type = ELF_R_TYPE(reloc->r_info); -+ -+ /* Decode the symbol referenced by the relocation */ -+ r_sym = ELF_R_SYM(reloc->r_info); -+ if (r_sym >= nsyms) -+ return -ELIBBAD; -+ symbol = &symbols[r_sym]; -+ relocation.st_info = symbol->st_info; -+ relocation.st_other = symbol->st_other; -+ relocation.st_value = symbol->st_value; -+ relocation.st_size = symbol->st_size; -+ relocation.st_shndx = symbol->st_shndx; -+ st_shndx = symbol->st_shndx; -+ -+ /* Canonicalise the section used by the symbol */ -+ if (st_shndx > SHN_UNDEF && st_shndx < mvdata->nsects) { -+ if (!(mvdata->sections[st_shndx].sh_flags & SHF_ALLOC)) -+ return -ELIBBAD; -+ relocation.st_shndx = mvdata->canonmap[st_shndx]; -+ } -+ -+ crypto_digest_update_val(mvdata, relocation); -+ -+ /* Undefined symbols must be named if referenced */ -+ if (st_shndx == SHN_UNDEF) { -+ const char *name = strings + symbol->st_name; -+ crypto_digest_update_data(mvdata, -+ name, strlen(name) + 1); -+ } -+ } -+ -+ _debug("%08zx %02x digested the %s section, nrels %zu\n", -+ mvdata->signed_size, mvdata->csum, sh_name, nrels); -+ -+ return 0; -+} -+#endif -+ -+#ifdef Elf_Rela -+/* -+ * Extract an ELF RELA table -+ * -+ * We need to canonicalise the entries in case section/symbol addition/removal -+ * has rearranged the symbol table and the section table. -+ */ -+static int extract_elf_rela(struct module_verify_data *mvdata, -+ unsigned secix, -+ const Elf_Rela *relatab, size_t nrels, -+ const char *sh_name) -+{ -+ struct { -+#ifdef CONFIG_64BIT -+ uint64_t r_offset; -+ uint64_t r_addend; -+ uint64_t st_value; -+ uint64_t st_size; -+ uint32_t r_type; -+ uint16_t st_shndx; -+ uint8_t st_info; -+ uint8_t st_other; -+#else -+ uint32_t r_offset; -+ uint32_t r_addend; -+ uint32_t st_value; -+ uint32_t st_size; -+ uint16_t st_shndx; -+ uint8_t r_type; -+ uint8_t st_info; -+ uint8_t st_other; -+#endif -+ } __packed relocation; -+ -+ const Elf_Shdr *relsec, *symsec, *strsec; -+ const Elf_Rela *reloc; -+ const Elf_Sym *symbols, *symbol; -+ unsigned long r_sym; -+ const char *strings; -+ size_t nsyms, loop; -+ -+ relsec = &mvdata->sections[secix]; -+ symsec = &mvdata->sections[relsec->sh_link]; -+ strsec = &mvdata->sections[symsec->sh_link]; -+ nsyms = symsec->sh_size / sizeof(Elf_Sym); -+ symbols = mvdata->buffer + symsec->sh_offset; -+ strings = mvdata->buffer + strsec->sh_offset; -+ -+ /* Contribute the relevant bits from a join of -+ * { RELA, SYMBOL, SECTION } -+ */ -+ for (loop = 0; loop < nrels; loop++) { -+ unsigned st_shndx; -+ -+ reloc = &relatab[loop]; -+ -+ /* Decode the relocation */ -+ relocation.r_offset = reloc->r_offset; -+ relocation.r_addend = reloc->r_addend; -+ relocation.r_type = ELF_R_TYPE(reloc->r_info); -+ -+ /* Decode the symbol referenced by the relocation */ -+ r_sym = ELF_R_SYM(reloc->r_info); -+ if (r_sym >= nsyms) -+ return -ELIBBAD; -+ symbol = &symbols[r_sym]; -+ relocation.st_info = symbol->st_info; -+ relocation.st_other = symbol->st_other; -+ relocation.st_value = symbol->st_value; -+ relocation.st_size = symbol->st_size; -+ relocation.st_shndx = 0; -+ st_shndx = symbol->st_shndx; -+ -+ /* Canonicalise the section used by the symbol */ -+ if (st_shndx > SHN_UNDEF && st_shndx < mvdata->nsects) { -+ if (!(mvdata->sections[st_shndx].sh_flags & SHF_ALLOC)) -+ return -ELIBBAD; -+ relocation.st_shndx = mvdata->canonmap[st_shndx]; -+ } -+ -+ crypto_digest_update_val(mvdata, relocation); -+ -+ /* Undefined symbols must be named if referenced */ -+ if (st_shndx == SHN_UNDEF) { -+ const char *name = strings + symbol->st_name; -+ crypto_digest_update_data(mvdata, -+ name, strlen(name) + 1); -+ } -+ } -+ -+ _debug("%08zx %02x digested the %s section, nrels %zu\n", -+ mvdata->signed_size, mvdata->csum, sh_name, nrels); -+ -+ return 0; -+} -+#endif -+ -+/* -+ * Verify a module's signature -+ */ -+static noinline int module_verify_signature(struct module_verify_data *mvdata) -+{ -+ struct crypto_sig_verify_context *mod_sig; -+ const Elf_Shdr *sechdrs = mvdata->sections; -+ const char *secstrings = mvdata->secstrings; -+ const u8 *sig = mvdata->sig; -+ size_t sig_size = mvdata->sig_size; -+ int loop, ret; -+ -+ _debug("sig in section %u (size %zu)\n", -+ mvdata->sig_index, mvdata->sig_size); -+ _debug("%02x%02x%02x%02x%02x%02x%02x%02x\n", -+ sig[0], sig[1], sig[2], sig[3], -+ sig[4], sig[5], sig[6], sig[7]); -+ -+ /* Find the crypto key for the module signature -+ * - !!! if this tries to load the required hash algorithm module, -+ * we will deadlock!!! -+ */ -+ mod_sig = verify_sig_begin(modsign_keyring, sig, sig_size); -+ if (IS_ERR(mod_sig)) { -+ pr_err("Couldn't initiate module signature verification: %ld\n", -+ PTR_ERR(mod_sig)); -+ return PTR_ERR(mod_sig); -+ } -+ -+ mvdata->mod_sig = mod_sig; -+#ifdef DEBUG -+ mvdata->xcsum = 0; -+#endif -+ -+ /* Load data from each relevant section into the digest. Note that -+ * canonlist[] is a filtered list and only contains the sections we -+ * actually want. -+ */ -+ for (loop = 0; loop < mvdata->ncanon; loop++) { -+ int sect = mvdata->canonlist[loop]; -+ unsigned long sh_type = sechdrs[sect].sh_type; -+ unsigned long sh_info = sechdrs[sect].sh_info; -+ unsigned long sh_size = sechdrs[sect].sh_size; -+ const char *sh_name = secstrings + sechdrs[sect].sh_name; -+ const void *data = mvdata->buffer + sechdrs[sect].sh_offset; -+ -+#ifdef DEBUG -+ mvdata->csum = 0; -+#endif -+ -+ /* Digest the headers of any section we include. */ -+ crypto_digest_update_data(mvdata, sh_name, strlen(sh_name)); -+ crypto_digest_update_val(mvdata, sechdrs[sect].sh_type); -+ crypto_digest_update_val(mvdata, sechdrs[sect].sh_flags); -+ crypto_digest_update_val(mvdata, sechdrs[sect].sh_size); -+ crypto_digest_update_val(mvdata, sechdrs[sect].sh_addralign); -+ -+ /* Relocation record sections refer to the section to be -+ * relocated, but this needs to be canonicalised to survive -+ * stripping. -+ */ -+ if (is_elf_rel(sh_type) || is_elf_rela(sh_type)) -+ crypto_digest_update_val(mvdata, -+ mvdata->canonmap[sh_info]); -+ -+ /* Since relocation records give details of how we have to -+ * alter the allocatable sections, we need to digest these too. -+ * -+ * These, however, refer to metadata (symbols and sections) -+ * that may have been altered by the process of adding the -+ * signature section or the process of being stripped. -+ * -+ * To deal with this, we substitute the referenced metadata for -+ * the references to that metadata. So, for instance, the -+ * symbol ref from the relocation record is replaced with the -+ * contents of the symbol to which it refers, and the symbol's -+ * section ref is replaced with a canonicalised section number. -+ */ -+#ifdef Elf_Rel -+ if (is_elf_rel(sh_type)) { -+ ret = extract_elf_rel(mvdata, sect, -+ data, -+ sh_size / sizeof(Elf_Rel), -+ sh_name); -+ if (ret < 0) -+ goto format_error; -+ continue; -+ } -+#endif -+ -+#ifdef Elf_Rela -+ if (is_elf_rela(sh_type)) { -+ ret = extract_elf_rela(mvdata, sect, -+ data, -+ sh_size / sizeof(Elf_Rela), -+ sh_name); -+ if (ret < 0) -+ goto format_error; -+ continue; -+ } -+#endif -+ -+ /* Include allocatable loadable sections */ -+ if (sh_type != SHT_NOBITS) -+ crypto_digest_update_data(mvdata, data, sh_size); -+ -+ _debug("%08zx %02x digested the %s section, size %ld\n", -+ mvdata->signed_size, mvdata->csum, sh_name, sh_size); -+ } -+ -+ _debug("Contributed %zu bytes to the digest (csum 0x%02x)\n", -+ mvdata->signed_size, mvdata->xcsum); -+ -+ /* Do the actual signature verification */ -+ ret = verify_sig_end(mvdata->mod_sig, sig, sig_size); -+ _debug("verify-sig : %d\n", ret); -+ return ret; -+ -+format_error: -+ verify_sig_cancel(mvdata->mod_sig); -+ return -ELIBBAD; -+} -+ - /* - * Verify a module's integrity - */ -@@ -382,7 +712,7 @@ int module_verify(const Elf_Ehdr *hdr, size_t size, bool *_gpgsig_ok) - if (ret < 0) - goto out; - -- ret = 0; -+ ret = module_verify_signature(&mvdata); - kfree(mvdata.canonlist); - - out: --- -1.7.11.4 - - -From 53142a9c74e2922885d03555d26213fc38553b90 Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 01:38:46 +0100 -Subject: [PATCH 29/32] MODSIGN: Suppress some redundant ELF checks - -Suppress some redundant ELF checks in module_verify_elf() that are also done -by copy_and_check() in the core module loader code prior to calling -module_verify(). - -Signed-off-by: David Howells ---- - kernel/module-verify.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/kernel/module-verify.c b/kernel/module-verify.c -index bee7e04..f3a694f 100644 ---- a/kernel/module-verify.c -+++ b/kernel/module-verify.c -@@ -97,11 +97,11 @@ do { if (unlikely(!(X))) { line = __LINE__; goto symcheck_error; } } while (0) - - elfcheck(hdr->e_shnum < SHN_LORESERVE); - elfcheck(hdr->e_shstrndx < hdr->e_shnum); -- elfcheck(hdr->e_shentsize == sizeof(Elf_Shdr)); -- elfcheck(hdr->e_shoff < size); -+ /* elfcheck(hdr->e_shentsize == sizeof(Elf_Shdr)); */ -+ /* elfcheck(hdr->e_shoff < size); */ - elfcheck(hdr->e_shoff >= hdr->e_ehsize); - elfcheck(hdr->e_shoff % sizeof(long) == 0); -- elfcheck(hdr->e_shnum * sizeof(Elf_Shdr) <= size - hdr->e_shoff); -+ /* elfcheck(hdr->e_shnum * sizeof(Elf_Shdr) <= size - hdr->e_shoff); */ - - /* Validate the section table contents */ - mvdata->nsects = hdr->e_shnum; --- -1.7.11.4 - - -From 14d36171021b1c16f6c664bd4ab31e1d989ab282 Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Thu, 16 Aug 2012 01:38:46 +0100 -Subject: [PATCH 30/32] MODSIGN: Panic the kernel if FIPS is enabled upon - module signing failure - -If module signing fails when the kernel is running with FIPS enabled then the -kernel should panic lest the crypto layer be compromised. Possibly a panic -shouldn't happen on cases like ENOMEM. - -Reported-by: Stephan Mueller -Signed-off-by: David Howells ---- - kernel/module-verify.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/kernel/module-verify.c b/kernel/module-verify.c -index f3a694f..896c0ff 100644 ---- a/kernel/module-verify.c -+++ b/kernel/module-verify.c -@@ -30,6 +30,7 @@ - #include - #include - #include -+#include - #include - #include "module-verify.h" - #include "module-verify-defs.h" -@@ -716,6 +717,10 @@ int module_verify(const Elf_Ehdr *hdr, size_t size, bool *_gpgsig_ok) - kfree(mvdata.canonlist); - - out: -+ if (ret < 0 && fips_enabled) -+ panic("Module verification failed with error %d in FIPS mode\n", -+ ret); -+ - switch (ret) { - case 0: /* Good signature */ - *_gpgsig_ok = true; --- -1.7.11.4 - - -From 1e8e625508f013acfb8ade3b5c30dcc7ff710ce9 Mon Sep 17 00:00:00 2001 -From: Josh Boyer -Date: Thu, 16 Aug 2012 01:38:46 +0100 -Subject: [PATCH 31/32] MODSIGN: Allow modules to be signed with an unknown - key unless enforcing - -Currently we fail the loading of modules that are signed with a public key -that is not in the modsign keyring even if we are not in enforcing mode. -This is somewhat at odds with the fact that we allow a completely unsigned -module to load in such a case. - -We should allow modules signed with an unknown key to load in cases -where we are not enforcing and not in FIPS mode. - -Signed-off-by: Josh Boyer -Signed-off-by: David Howells ---- - kernel/module-verify.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/kernel/module-verify.c b/kernel/module-verify.c -index 896c0ff..041506f 100644 ---- a/kernel/module-verify.c -+++ b/kernel/module-verify.c -@@ -736,6 +736,13 @@ out: - break; - case -ENOKEY: /* Signed, but we don't have the public key */ - pr_err("Module signed with unknown public key\n"); -+ if (!modsign_signedonly) { -+ /* Allow a module to be signed with an unknown public -+ * key unless we're enforcing. -+ */ -+ pr_info("Allowing\n"); -+ ret = 0; -+ } - break; - default: /* Other error (probably ENOMEM) */ - break; --- -1.7.11.4 - - -From 7ac7095ee6624789c6a971d16f5ca823ebbde3c7 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 16 Aug 2012 01:38:46 +0100 -Subject: [PATCH 32/32] MODSIGN: Fix documentation of signed-nokey behavior - when not enforcing. - -jwboyer's previous commit changes the behavior of module signing when -there's a valid signature but we don't know the public key and are in -permissive mode. This updates the documentation to match. - -Signed-off-by: Peter Jones -Acked-by: Josh Boyer -Signed-off-by: David Howells ---- - Documentation/module-signing.txt | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Documentation/module-signing.txt b/Documentation/module-signing.txt -index d75d473..8c4bef9 100644 ---- a/Documentation/module-signing.txt -+++ b/Documentation/module-signing.txt -@@ -185,7 +185,7 @@ This table indicates the behaviours of the various situations: - MODULE STATE PERMISSIVE MODE ENFORCING MODE - ======================================= =============== =============== - Unsigned Ok EKEYREJECTED -- Signed, no public key ENOKEY ENOKEY -+ Signed, no public key Ok ENOKEY - Validly signed, public key Ok Ok - Invalidly signed, public key EKEYREJECTED EKEYREJECTED - Validly signed, expired key EKEYEXPIRED EKEYEXPIRED --- -1.7.11.4 - diff --git a/modsign-post-KS-jwb.patch b/modsign-post-KS-jwb.patch new file mode 100644 index 00000000..6dd81ffa --- /dev/null +++ b/modsign-post-KS-jwb.patch @@ -0,0 +1,9153 @@ +From 2cdfd353ac1a5b9f62398ef59b4a08b5b55ac089 Mon Sep 17 00:00:00 2001 +From: Rusty Russell +Date: Wed, 5 Sep 2012 12:32:17 +0930 +Subject: [PATCH 01/26] module: signature checking hook + +We do a very simple search for a particular string appended to the module +(which is cache-hot and about to be SHA'd anyway). There's both a config +option and a boot parameter which control whether we accept (and taint) or +fail with unsigned modules. + +Signed-off-by: Rusty Russell +--- + Documentation/kernel-parameters.txt | 6 +++ + include/linux/module.h | 8 ++++ + init/Kconfig | 14 ++++++ + kernel/module.c | 88 ++++++++++++++++++++++++++++++++++++- + 4 files changed, 115 insertions(+), 1 deletion(-) + +diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt +index ad7e2e5..9b2b8d3 100644 +--- a/Documentation/kernel-parameters.txt ++++ b/Documentation/kernel-parameters.txt +@@ -1582,6 +1582,12 @@ bytes respectively. Such letter suffixes can also be entirely omitted. + log everything. Information is printed at KERN_DEBUG + so loglevel=8 may also need to be specified. + ++ module.sig_enforce ++ [KNL] When CONFIG_MODULE_SIG is set, this means that ++ modules without (valid) signatures will fail to load. ++ Note that if CONFIG_MODULE_SIG_ENFORCE is set, that ++ is always true, so this option does nothing. ++ + mousedev.tap_time= + [MOUSE] Maximum time between finger touching and + leaving touchpad surface for touch to be considered +diff --git a/include/linux/module.h b/include/linux/module.h +index fbcafe2..7760c6d 100644 +--- a/include/linux/module.h ++++ b/include/linux/module.h +@@ -21,6 +21,9 @@ + #include + #include + ++/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ ++#define MODULE_SIG_STRING "~Module signature appended~\n" ++ + /* Not Yet Implemented */ + #define MODULE_SUPPORTED_DEVICE(name) + +@@ -260,6 +263,11 @@ struct module + const unsigned long *unused_gpl_crcs; + #endif + ++#ifdef CONFIG_MODULE_SIG ++ /* Signature was verified. */ ++ bool sig_ok; ++#endif ++ + /* symbols that will be GPL-only in the near future. */ + const struct kernel_symbol *gpl_future_syms; + const unsigned long *gpl_future_crcs; +diff --git a/init/Kconfig b/init/Kconfig +index af6c7f8..7452e19 100644 +--- a/init/Kconfig ++++ b/init/Kconfig +@@ -1585,6 +1585,20 @@ config MODULE_SRCVERSION_ALL + the version). With this option, such a "srcversion" field + will be created for all modules. If unsure, say N. + ++config MODULE_SIG ++ bool "Module signature verification" ++ depends on MODULES ++ help ++ Check modules for valid signatures upon load: the signature ++ is simply appended to the module. For more information see ++ Documentation/module-signing.txt. ++ ++config MODULE_SIG_FORCE ++ bool "Require modules to be validly signed" ++ depends on MODULE_SIG ++ help ++ Reject unsigned modules or signed modules for which we don't have a ++ key. Without this, such modules will simply taint the kernel. + endif # MODULES + + config INIT_ALL_POSSIBLE +diff --git a/kernel/module.c b/kernel/module.c +index 4edbd9c..5c6f65c 100644 +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -102,6 +102,43 @@ static LIST_HEAD(modules); + struct list_head *kdb_modules = &modules; /* kdb needs the list of modules */ + #endif /* CONFIG_KGDB_KDB */ + ++#ifdef CONFIG_MODULE_SIG ++#ifdef CONFIG_MODULE_SIG_FORCE ++static bool sig_enforce = true; ++#else ++static bool sig_enforce = false; ++ ++static int param_set_bool_enable_only(const char *val, ++ const struct kernel_param *kp) ++{ ++ int err; ++ bool test; ++ struct kernel_param dummy_kp = *kp; ++ ++ dummy_kp.arg = &test; ++ ++ err = param_set_bool(val, &dummy_kp); ++ if (err) ++ return err; ++ ++ /* Don't let them unset it once it's set! */ ++ if (!test && sig_enforce) ++ return -EROFS; ++ ++ if (test) ++ sig_enforce = true; ++ return 0; ++} ++ ++static const struct kernel_param_ops param_ops_bool_enable_only = { ++ .set = param_set_bool_enable_only, ++ .get = param_get_bool, ++}; ++#define param_check_bool_enable_only param_check_bool ++ ++module_param(sig_enforce, bool_enable_only, 0644); ++#endif /* !CONFIG_MODULE_SIG_FORCE */ ++#endif /* CONFIG_MODULE_SIG */ + + /* Block module loading/unloading? */ + int modules_disabled = 0; +@@ -136,6 +173,7 @@ struct load_info { + unsigned long symoffs, stroffs; + struct _ddebug *debug; + unsigned int num_debug; ++ bool sig_ok; + struct { + unsigned int sym, str, mod, vers, info, pcpu; + } index; +@@ -2399,7 +2437,45 @@ static inline void kmemleak_load_module(const struct module *mod, + } + #endif + +-/* Sets info->hdr and info->len. */ ++#ifdef CONFIG_MODULE_SIG ++static int module_sig_check(struct load_info *info, ++ const void *mod, unsigned long *len) ++{ ++ int err = 0; ++ const unsigned long markerlen = strlen(MODULE_SIG_STRING); ++ const void *p = mod, *end = mod + *len; ++ ++ /* Poor man's memmem. */ ++ while ((p = memchr(p, MODULE_SIG_STRING[0], end - p))) { ++ if (p + markerlen > end) ++ break; ++ ++ if (memcmp(p, MODULE_SIG_STRING, markerlen) == 0) { ++ const void *sig = p + markerlen; ++ /* Truncate module up to signature. */ ++ *len = p - mod; ++ err = mod_verify_sig(mod, *len, ++ sig, end - sig, ++ &info->sig_ok); ++ break; ++ } ++ p++; ++ } ++ ++ /* Not having a signature is only an error if we're strict. */ ++ if (!err && !info->sig_ok && sig_enforce) ++ err = -EKEYREJECTED; ++ return err; ++} ++#else /* !CONFIG_MODULE_SIG */ ++static int module_sig_check(struct load_info *info, ++ void *mod, unsigned long *len) ++{ ++ return 0; ++} ++#endif /* !CONFIG_MODULE_SIG */ ++ ++/* Sets info->hdr, info->len and info->sig_ok. */ + static int copy_and_check(struct load_info *info, + const void __user *umod, unsigned long len, + const char __user *uargs) +@@ -2419,6 +2495,10 @@ static int copy_and_check(struct load_info *info, + goto free_hdr; + } + ++ err = module_sig_check(info, hdr, &len); ++ if (err) ++ goto free_hdr; ++ + /* Sanity checks against insmoding binaries or wrong arch, + weird elf version */ + if (memcmp(hdr->e_ident, ELFMAG, SELFMAG) != 0 +@@ -2886,6 +2966,12 @@ static struct module *load_module(void __user *umod, + goto free_copy; + } + ++#ifdef CONFIG_MODULE_SIG ++ mod->sig_ok = info.sig_ok; ++ if (!mod->sig_ok) ++ add_taint_module(mod, TAINT_FORCED_MODULE); ++#endif ++ + /* Now module is in final location, initialize linked lists, etc. */ + err = module_unload_init(mod); + if (err) +-- +1.7.11.4 + + +From d4f65b5d2497b2fd9c45f06b71deb4ab084a5b66 Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Thu, 13 Sep 2012 13:06:29 +0100 +Subject: [PATCH 02/26] KEYS: Add payload preparsing opportunity prior to key + instantiate or update + +Give the key type the opportunity to preparse the payload prior to the +instantiation and update routines being called. This is done with the +provision of two new key type operations: + + int (*preparse)(struct key_preparsed_payload *prep); + void (*free_preparse)(struct key_preparsed_payload *prep); + +If the first operation is present, then it is called before key creation (in +the add/update case) or before the key semaphore is taken (in the update and +instantiate cases). The second operation is called to clean up if the first +was called. + +preparse() is given the opportunity to fill in the following structure: + + struct key_preparsed_payload { + char *description; + void *type_data[2]; + void *payload; + const void *data; + size_t datalen; + size_t quotalen; + }; + +Before the preparser is called, the first three fields will have been cleared, +the payload pointer and size will be stored in data and datalen and the default +quota size from the key_type struct will be stored into quotalen. + +The preparser may parse the payload in any way it likes and may store data in +the type_data[] and payload fields for use by the instantiate() and update() +ops. + +The preparser may also propose a description for the key by attaching it as a +string to the description field. This can be used by passing a NULL or "" +description to the add_key() system call or the key_create_or_update() +function. This cannot work with request_key() as that required the description +to tell the upcall about the key to be created. + +This, for example permits keys that store PGP public keys to generate their own +name from the user ID and public key fingerprint in the key. + +The instantiate() and update() operations are then modified to look like this: + + int (*instantiate)(struct key *key, struct key_preparsed_payload *prep); + int (*update)(struct key *key, struct key_preparsed_payload *prep); + +and the new payload data is passed in *prep, whether or not it was preparsed. + +Signed-off-by: David Howells +--- + Documentation/security/keys.txt | 50 +++++++++++++- + fs/cifs/cifs_spnego.c | 6 +- + fs/cifs/cifsacl.c | 8 +-- + include/keys/user-type.h | 6 +- + include/linux/key-type.h | 35 +++++++++- + net/ceph/crypto.c | 9 +-- + net/dns_resolver/dns_key.c | 6 +- + net/rxrpc/ar-key.c | 40 +++++------ + security/keys/encrypted-keys/encrypted.c | 16 +++-- + security/keys/key.c | 114 ++++++++++++++++++++++--------- + security/keys/keyctl.c | 18 +++-- + security/keys/keyring.c | 6 +- + security/keys/request_key_auth.c | 8 +-- + security/keys/trusted.c | 16 +++-- + security/keys/user_defined.c | 14 ++-- + 15 files changed, 250 insertions(+), 102 deletions(-) + +diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt +index aa0dbd7..7d9ca92 100644 +--- a/Documentation/security/keys.txt ++++ b/Documentation/security/keys.txt +@@ -412,6 +412,10 @@ The main syscalls are: + to the keyring. In this case, an error will be generated if the process + does not have permission to write to the keyring. + ++ If the key type supports it, if the description is NULL or an empty ++ string, the key type will try and generate a description from the content ++ of the payload. ++ + The payload is optional, and the pointer can be NULL if not required by + the type. The payload is plen in size, and plen can be zero for an empty + payload. +@@ -1114,12 +1118,53 @@ The structure has a number of fields, some of which are mandatory: + it should return 0. + + +- (*) int (*instantiate)(struct key *key, const void *data, size_t datalen); ++ (*) int (*preparse)(struct key_preparsed_payload *prep); ++ ++ This optional method permits the key type to attempt to parse payload ++ before a key is created (add key) or the key semaphore is taken (update or ++ instantiate key). The structure pointed to by prep looks like: ++ ++ struct key_preparsed_payload { ++ char *description; ++ void *type_data[2]; ++ void *payload; ++ const void *data; ++ size_t datalen; ++ size_t quotalen; ++ }; ++ ++ Before calling the method, the caller will fill in data and datalen with ++ the payload blob parameters; quotalen will be filled in with the default ++ quota size from the key type and the rest will be cleared. ++ ++ If a description can be proposed from the payload contents, that should be ++ attached as a string to the description field. This will be used for the ++ key description if the caller of add_key() passes NULL or "". ++ ++ The method can attach anything it likes to type_data[] and payload. These ++ are merely passed along to the instantiate() or update() operations. ++ ++ The method should return 0 if success ful or a negative error code ++ otherwise. ++ ++ ++ (*) void (*free_preparse)(struct key_preparsed_payload *prep); ++ ++ This method is only required if the preparse() method is provided, ++ otherwise it is unused. It cleans up anything attached to the ++ description, type_data and payload fields of the key_preparsed_payload ++ struct as filled in by the preparse() method. ++ ++ ++ (*) int (*instantiate)(struct key *key, struct key_preparsed_payload *prep); + + This method is called to attach a payload to a key during construction. + The payload attached need not bear any relation to the data passed to this + function. + ++ The prep->data and prep->datalen fields will define the original payload ++ blob. If preparse() was supplied then other fields may be filled in also. ++ + If the amount of data attached to the key differs from the size in + keytype->def_datalen, then key_payload_reserve() should be called. + +@@ -1135,6 +1180,9 @@ The structure has a number of fields, some of which are mandatory: + If this type of key can be updated, then this method should be provided. + It is called to update a key's payload from the blob of data provided. + ++ The prep->data and prep->datalen fields will define the original payload ++ blob. If preparse() was supplied then other fields may be filled in also. ++ + key_payload_reserve() should be called if the data length might change + before any changes are actually made. Note that if this succeeds, the type + is committed to changing the key because it's already been altered, so all +diff --git a/fs/cifs/cifs_spnego.c b/fs/cifs/cifs_spnego.c +index e622863..086f381 100644 +--- a/fs/cifs/cifs_spnego.c ++++ b/fs/cifs/cifs_spnego.c +@@ -31,18 +31,18 @@ + + /* create a new cifs key */ + static int +-cifs_spnego_key_instantiate(struct key *key, const void *data, size_t datalen) ++cifs_spnego_key_instantiate(struct key *key, struct key_preparsed_payload *prep) + { + char *payload; + int ret; + + ret = -ENOMEM; +- payload = kmalloc(datalen, GFP_KERNEL); ++ payload = kmalloc(prep->datalen, GFP_KERNEL); + if (!payload) + goto error; + + /* attach the data */ +- memcpy(payload, data, datalen); ++ memcpy(payload, prep->data, prep->datalen); + key->payload.data = payload; + ret = 0; + +diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c +index 05f4dc2..f3c60e2 100644 +--- a/fs/cifs/cifsacl.c ++++ b/fs/cifs/cifsacl.c +@@ -167,17 +167,17 @@ static struct shrinker cifs_shrinker = { + }; + + static int +-cifs_idmap_key_instantiate(struct key *key, const void *data, size_t datalen) ++cifs_idmap_key_instantiate(struct key *key, struct key_preparsed_payload *prep) + { + char *payload; + +- payload = kmalloc(datalen, GFP_KERNEL); ++ payload = kmalloc(prep->datalen, GFP_KERNEL); + if (!payload) + return -ENOMEM; + +- memcpy(payload, data, datalen); ++ memcpy(payload, prep->data, prep->datalen); + key->payload.data = payload; +- key->datalen = datalen; ++ key->datalen = prep->datalen; + return 0; + } + +diff --git a/include/keys/user-type.h b/include/keys/user-type.h +index bc9ec1d..5e452c8 100644 +--- a/include/keys/user-type.h ++++ b/include/keys/user-type.h +@@ -35,8 +35,10 @@ struct user_key_payload { + extern struct key_type key_type_user; + extern struct key_type key_type_logon; + +-extern int user_instantiate(struct key *key, const void *data, size_t datalen); +-extern int user_update(struct key *key, const void *data, size_t datalen); ++struct key_preparsed_payload; ++ ++extern int user_instantiate(struct key *key, struct key_preparsed_payload *prep); ++extern int user_update(struct key *key, struct key_preparsed_payload *prep); + extern int user_match(const struct key *key, const void *criterion); + extern void user_revoke(struct key *key); + extern void user_destroy(struct key *key); +diff --git a/include/linux/key-type.h b/include/linux/key-type.h +index f0c651c..518a53a 100644 +--- a/include/linux/key-type.h ++++ b/include/linux/key-type.h +@@ -26,6 +26,27 @@ struct key_construction { + struct key *authkey;/* authorisation for key being constructed */ + }; + ++/* ++ * Pre-parsed payload, used by key add, update and instantiate. ++ * ++ * This struct will be cleared and data and datalen will be set with the data ++ * and length parameters from the caller and quotalen will be set from ++ * def_datalen from the key type. Then if the preparse() op is provided by the ++ * key type, that will be called. Then the struct will be passed to the ++ * instantiate() or the update() op. ++ * ++ * If the preparse() op is given, the free_preparse() op will be called to ++ * clear the contents. ++ */ ++struct key_preparsed_payload { ++ char *description; /* Proposed key description (or NULL) */ ++ void *type_data[2]; /* Private key-type data */ ++ void *payload; /* Proposed payload */ ++ const void *data; /* Raw data */ ++ size_t datalen; /* Raw datalen */ ++ size_t quotalen; /* Quota length for proposed payload */ ++}; ++ + typedef int (*request_key_actor_t)(struct key_construction *key, + const char *op, void *aux); + +@@ -45,18 +66,28 @@ struct key_type { + /* vet a description */ + int (*vet_description)(const char *description); + ++ /* Preparse the data blob from userspace that is to be the payload, ++ * generating a proposed description and payload that will be handed to ++ * the instantiate() and update() ops. ++ */ ++ int (*preparse)(struct key_preparsed_payload *prep); ++ ++ /* Free a preparse data structure. ++ */ ++ void (*free_preparse)(struct key_preparsed_payload *prep); ++ + /* instantiate a key of this type + * - this method should call key_payload_reserve() to determine if the + * user's quota will hold the payload + */ +- int (*instantiate)(struct key *key, const void *data, size_t datalen); ++ int (*instantiate)(struct key *key, struct key_preparsed_payload *prep); + + /* update a key of this type (optional) + * - this method should call key_payload_reserve() to recalculate the + * quota consumption + * - the key must be locked against read when modifying + */ +- int (*update)(struct key *key, const void *data, size_t datalen); ++ int (*update)(struct key *key, struct key_preparsed_payload *prep); + + /* match a key against a description */ + int (*match)(const struct key *key, const void *desc); +diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c +index 9da7fdd..af14cb4 100644 +--- a/net/ceph/crypto.c ++++ b/net/ceph/crypto.c +@@ -423,14 +423,15 @@ int ceph_encrypt2(struct ceph_crypto_key *secret, void *dst, size_t *dst_len, + } + } + +-int ceph_key_instantiate(struct key *key, const void *data, size_t datalen) ++int ceph_key_instantiate(struct key *key, struct key_preparsed_payload *prep) + { + struct ceph_crypto_key *ckey; ++ size_t datalen = prep->datalen; + int ret; + void *p; + + ret = -EINVAL; +- if (datalen <= 0 || datalen > 32767 || !data) ++ if (datalen <= 0 || datalen > 32767 || !prep->data) + goto err; + + ret = key_payload_reserve(key, datalen); +@@ -443,8 +444,8 @@ int ceph_key_instantiate(struct key *key, const void *data, size_t datalen) + goto err; + + /* TODO ceph_crypto_key_decode should really take const input */ +- p = (void *)data; +- ret = ceph_crypto_key_decode(ckey, &p, (char*)data+datalen); ++ p = (void *)prep->data; ++ ret = ceph_crypto_key_decode(ckey, &p, (char*)prep->data+datalen); + if (ret < 0) + goto err_ckey; + +diff --git a/net/dns_resolver/dns_key.c b/net/dns_resolver/dns_key.c +index d9507dd..859ab8b 100644 +--- a/net/dns_resolver/dns_key.c ++++ b/net/dns_resolver/dns_key.c +@@ -59,13 +59,13 @@ const struct cred *dns_resolver_cache; + * "ip1,ip2,...#foo=bar" + */ + static int +-dns_resolver_instantiate(struct key *key, const void *_data, size_t datalen) ++dns_resolver_instantiate(struct key *key, struct key_preparsed_payload *prep) + { + struct user_key_payload *upayload; + unsigned long derrno; + int ret; +- size_t result_len = 0; +- const char *data = _data, *end, *opt; ++ size_t datalen = prep->datalen, result_len = 0; ++ const char *data = prep->data, *end, *opt; + + kenter("%%%d,%s,'%*.*s',%zu", + key->serial, key->description, +diff --git a/net/rxrpc/ar-key.c b/net/rxrpc/ar-key.c +index 8b1f9f4..106c5a6 100644 +--- a/net/rxrpc/ar-key.c ++++ b/net/rxrpc/ar-key.c +@@ -26,8 +26,8 @@ + #include "ar-internal.h" + + static int rxrpc_vet_description_s(const char *); +-static int rxrpc_instantiate(struct key *, const void *, size_t); +-static int rxrpc_instantiate_s(struct key *, const void *, size_t); ++static int rxrpc_instantiate(struct key *, struct key_preparsed_payload *); ++static int rxrpc_instantiate_s(struct key *, struct key_preparsed_payload *); + static void rxrpc_destroy(struct key *); + static void rxrpc_destroy_s(struct key *); + static void rxrpc_describe(const struct key *, struct seq_file *); +@@ -678,7 +678,7 @@ error: + * + * if no data is provided, then a no-security key is made + */ +-static int rxrpc_instantiate(struct key *key, const void *data, size_t datalen) ++static int rxrpc_instantiate(struct key *key, struct key_preparsed_payload *prep) + { + const struct rxrpc_key_data_v1 *v1; + struct rxrpc_key_token *token, **pp; +@@ -686,26 +686,26 @@ static int rxrpc_instantiate(struct key *key, const void *data, size_t datalen) + u32 kver; + int ret; + +- _enter("{%x},,%zu", key_serial(key), datalen); ++ _enter("{%x},,%zu", key_serial(key), prep->datalen); + + /* handle a no-security key */ +- if (!data && datalen == 0) ++ if (!prep->data && prep->datalen == 0) + return 0; + + /* determine if the XDR payload format is being used */ +- if (datalen > 7 * 4) { +- ret = rxrpc_instantiate_xdr(key, data, datalen); ++ if (prep->datalen > 7 * 4) { ++ ret = rxrpc_instantiate_xdr(key, prep->data, prep->datalen); + if (ret != -EPROTO) + return ret; + } + + /* get the key interface version number */ + ret = -EINVAL; +- if (datalen <= 4 || !data) ++ if (prep->datalen <= 4 || !prep->data) + goto error; +- memcpy(&kver, data, sizeof(kver)); +- data += sizeof(kver); +- datalen -= sizeof(kver); ++ memcpy(&kver, prep->data, sizeof(kver)); ++ prep->data += sizeof(kver); ++ prep->datalen -= sizeof(kver); + + _debug("KEY I/F VERSION: %u", kver); + +@@ -715,11 +715,11 @@ static int rxrpc_instantiate(struct key *key, const void *data, size_t datalen) + + /* deal with a version 1 key */ + ret = -EINVAL; +- if (datalen < sizeof(*v1)) ++ if (prep->datalen < sizeof(*v1)) + goto error; + +- v1 = data; +- if (datalen != sizeof(*v1) + v1->ticket_length) ++ v1 = prep->data; ++ if (prep->datalen != sizeof(*v1) + v1->ticket_length) + goto error; + + _debug("SCIX: %u", v1->security_index); +@@ -784,17 +784,17 @@ error: + * instantiate a server secret key + * data should be a pointer to the 8-byte secret key + */ +-static int rxrpc_instantiate_s(struct key *key, const void *data, +- size_t datalen) ++static int rxrpc_instantiate_s(struct key *key, ++ struct key_preparsed_payload *prep) + { + struct crypto_blkcipher *ci; + +- _enter("{%x},,%zu", key_serial(key), datalen); ++ _enter("{%x},,%zu", key_serial(key), prep->datalen); + +- if (datalen != 8) ++ if (prep->datalen != 8) + return -EINVAL; + +- memcpy(&key->type_data, data, 8); ++ memcpy(&key->type_data, prep->data, 8); + + ci = crypto_alloc_blkcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC); + if (IS_ERR(ci)) { +@@ -802,7 +802,7 @@ static int rxrpc_instantiate_s(struct key *key, const void *data, + return PTR_ERR(ci); + } + +- if (crypto_blkcipher_setkey(ci, data, 8) < 0) ++ if (crypto_blkcipher_setkey(ci, prep->data, 8) < 0) + BUG(); + + key->payload.data = ci; +diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c +index 2d1bb8a..9e1e005 100644 +--- a/security/keys/encrypted-keys/encrypted.c ++++ b/security/keys/encrypted-keys/encrypted.c +@@ -773,8 +773,8 @@ static int encrypted_init(struct encrypted_key_payload *epayload, + * + * On success, return 0. Otherwise return errno. + */ +-static int encrypted_instantiate(struct key *key, const void *data, +- size_t datalen) ++static int encrypted_instantiate(struct key *key, ++ struct key_preparsed_payload *prep) + { + struct encrypted_key_payload *epayload = NULL; + char *datablob = NULL; +@@ -782,16 +782,17 @@ static int encrypted_instantiate(struct key *key, const void *data, + char *master_desc = NULL; + char *decrypted_datalen = NULL; + char *hex_encoded_iv = NULL; ++ size_t datalen = prep->datalen; + int ret; + +- if (datalen <= 0 || datalen > 32767 || !data) ++ if (datalen <= 0 || datalen > 32767 || !prep->data) + return -EINVAL; + + datablob = kmalloc(datalen + 1, GFP_KERNEL); + if (!datablob) + return -ENOMEM; + datablob[datalen] = 0; +- memcpy(datablob, data, datalen); ++ memcpy(datablob, prep->data, datalen); + ret = datablob_parse(datablob, &format, &master_desc, + &decrypted_datalen, &hex_encoded_iv); + if (ret < 0) +@@ -834,16 +835,17 @@ static void encrypted_rcu_free(struct rcu_head *rcu) + * + * On success, return 0. Otherwise return errno. + */ +-static int encrypted_update(struct key *key, const void *data, size_t datalen) ++static int encrypted_update(struct key *key, struct key_preparsed_payload *prep) + { + struct encrypted_key_payload *epayload = key->payload.data; + struct encrypted_key_payload *new_epayload; + char *buf; + char *new_master_desc = NULL; + const char *format = NULL; ++ size_t datalen = prep->datalen; + int ret = 0; + +- if (datalen <= 0 || datalen > 32767 || !data) ++ if (datalen <= 0 || datalen > 32767 || !prep->data) + return -EINVAL; + + buf = kmalloc(datalen + 1, GFP_KERNEL); +@@ -851,7 +853,7 @@ static int encrypted_update(struct key *key, const void *data, size_t datalen) + return -ENOMEM; + + buf[datalen] = 0; +- memcpy(buf, data, datalen); ++ memcpy(buf, prep->data, datalen); + ret = datablob_parse(buf, &format, &new_master_desc, NULL, NULL); + if (ret < 0) + goto out; +diff --git a/security/keys/key.c b/security/keys/key.c +index 50d96d4..1d039af 100644 +--- a/security/keys/key.c ++++ b/security/keys/key.c +@@ -412,8 +412,7 @@ EXPORT_SYMBOL(key_payload_reserve); + * key_construction_mutex. + */ + static int __key_instantiate_and_link(struct key *key, +- const void *data, +- size_t datalen, ++ struct key_preparsed_payload *prep, + struct key *keyring, + struct key *authkey, + unsigned long *_prealloc) +@@ -431,7 +430,7 @@ static int __key_instantiate_and_link(struct key *key, + /* can't instantiate twice */ + if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { + /* instantiate the key */ +- ret = key->type->instantiate(key, data, datalen); ++ ret = key->type->instantiate(key, prep); + + if (ret == 0) { + /* mark the key as being instantiated */ +@@ -482,22 +481,37 @@ int key_instantiate_and_link(struct key *key, + struct key *keyring, + struct key *authkey) + { ++ struct key_preparsed_payload prep; + unsigned long prealloc; + int ret; + ++ memset(&prep, 0, sizeof(prep)); ++ prep.data = data; ++ prep.datalen = datalen; ++ prep.quotalen = key->type->def_datalen; ++ if (key->type->preparse) { ++ ret = key->type->preparse(&prep); ++ if (ret < 0) ++ goto error; ++ } ++ + if (keyring) { + ret = __key_link_begin(keyring, key->type, key->description, + &prealloc); + if (ret < 0) +- return ret; ++ goto error_free_preparse; + } + +- ret = __key_instantiate_and_link(key, data, datalen, keyring, authkey, ++ ret = __key_instantiate_and_link(key, &prep, keyring, authkey, + &prealloc); + + if (keyring) + __key_link_end(keyring, key->type, prealloc); + ++error_free_preparse: ++ if (key->type->preparse) ++ key->type->free_preparse(&prep); ++error: + return ret; + } + +@@ -706,7 +720,7 @@ void key_type_put(struct key_type *ktype) + * if we get an error. + */ + static inline key_ref_t __key_update(key_ref_t key_ref, +- const void *payload, size_t plen) ++ struct key_preparsed_payload *prep) + { + struct key *key = key_ref_to_ptr(key_ref); + int ret; +@@ -722,7 +736,7 @@ static inline key_ref_t __key_update(key_ref_t key_ref, + + down_write(&key->sem); + +- ret = key->type->update(key, payload, plen); ++ ret = key->type->update(key, prep); + if (ret == 0) + /* updating a negative key instantiates it */ + clear_bit(KEY_FLAG_NEGATIVE, &key->flags); +@@ -774,6 +788,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, + unsigned long flags) + { + unsigned long prealloc; ++ struct key_preparsed_payload prep; + const struct cred *cred = current_cred(); + struct key_type *ktype; + struct key *keyring, *key = NULL; +@@ -789,8 +804,9 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, + } + + key_ref = ERR_PTR(-EINVAL); +- if (!ktype->match || !ktype->instantiate) +- goto error_2; ++ if (!ktype->match || !ktype->instantiate || ++ (!description && !ktype->preparse)) ++ goto error_put_type; + + keyring = key_ref_to_ptr(keyring_ref); + +@@ -798,18 +814,37 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, + + key_ref = ERR_PTR(-ENOTDIR); + if (keyring->type != &key_type_keyring) +- goto error_2; ++ goto error_put_type; ++ ++ memset(&prep, 0, sizeof(prep)); ++ prep.data = payload; ++ prep.datalen = plen; ++ prep.quotalen = ktype->def_datalen; ++ if (ktype->preparse) { ++ ret = ktype->preparse(&prep); ++ if (ret < 0) { ++ key_ref = ERR_PTR(ret); ++ goto error_put_type; ++ } ++ if (!description) ++ description = prep.description; ++ key_ref = ERR_PTR(-EINVAL); ++ if (!description) ++ goto error_free_prep; ++ } + + ret = __key_link_begin(keyring, ktype, description, &prealloc); +- if (ret < 0) +- goto error_2; ++ if (ret < 0) { ++ key_ref = ERR_PTR(ret); ++ goto error_free_prep; ++ } + + /* if we're going to allocate a new key, we're going to have + * to modify the keyring */ + ret = key_permission(keyring_ref, KEY_WRITE); + if (ret < 0) { + key_ref = ERR_PTR(ret); +- goto error_3; ++ goto error_link_end; + } + + /* if it's possible to update this type of key, search for an existing +@@ -840,25 +875,27 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, + perm, flags); + if (IS_ERR(key)) { + key_ref = ERR_CAST(key); +- goto error_3; ++ goto error_link_end; + } + + /* instantiate it and link it into the target keyring */ +- ret = __key_instantiate_and_link(key, payload, plen, keyring, NULL, +- &prealloc); ++ ret = __key_instantiate_and_link(key, &prep, keyring, NULL, &prealloc); + if (ret < 0) { + key_put(key); + key_ref = ERR_PTR(ret); +- goto error_3; ++ goto error_link_end; + } + + key_ref = make_key_ref(key, is_key_possessed(keyring_ref)); + +- error_3: ++error_link_end: + __key_link_end(keyring, ktype, prealloc); +- error_2: ++error_free_prep: ++ if (ktype->preparse) ++ ktype->free_preparse(&prep); ++error_put_type: + key_type_put(ktype); +- error: ++error: + return key_ref; + + found_matching_key: +@@ -866,10 +903,9 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, + * - we can drop the locks first as we have the key pinned + */ + __key_link_end(keyring, ktype, prealloc); +- key_type_put(ktype); + +- key_ref = __key_update(key_ref, payload, plen); +- goto error; ++ key_ref = __key_update(key_ref, &prep); ++ goto error_free_prep; + } + EXPORT_SYMBOL(key_create_or_update); + +@@ -888,6 +924,7 @@ EXPORT_SYMBOL(key_create_or_update); + */ + int key_update(key_ref_t key_ref, const void *payload, size_t plen) + { ++ struct key_preparsed_payload prep; + struct key *key = key_ref_to_ptr(key_ref); + int ret; + +@@ -900,18 +937,31 @@ int key_update(key_ref_t key_ref, const void *payload, size_t plen) + + /* attempt to update it if supported */ + ret = -EOPNOTSUPP; +- if (key->type->update) { +- down_write(&key->sem); +- +- ret = key->type->update(key, payload, plen); +- if (ret == 0) +- /* updating a negative key instantiates it */ +- clear_bit(KEY_FLAG_NEGATIVE, &key->flags); ++ if (!key->type->update) ++ goto error; + +- up_write(&key->sem); ++ memset(&prep, 0, sizeof(prep)); ++ prep.data = payload; ++ prep.datalen = plen; ++ prep.quotalen = key->type->def_datalen; ++ if (key->type->preparse) { ++ ret = key->type->preparse(&prep); ++ if (ret < 0) ++ goto error; + } + +- error: ++ down_write(&key->sem); ++ ++ ret = key->type->update(key, &prep); ++ if (ret == 0) ++ /* updating a negative key instantiates it */ ++ clear_bit(KEY_FLAG_NEGATIVE, &key->flags); ++ ++ up_write(&key->sem); ++ ++ if (key->type->preparse) ++ key->type->free_preparse(&prep); ++error: + return ret; + } + EXPORT_SYMBOL(key_update); +diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c +index 3364fbf..505d40b 100644 +--- a/security/keys/keyctl.c ++++ b/security/keys/keyctl.c +@@ -46,6 +46,9 @@ static int key_get_type_from_user(char *type, + * Extract the description of a new key from userspace and either add it as a + * new key to the specified keyring or update a matching key in that keyring. + * ++ * If the description is NULL or an empty string, the key type is asked to ++ * generate one from the payload. ++ * + * The keyring must be writable so that we can attach the key to it. + * + * If successful, the new key's serial number is returned, otherwise an error +@@ -72,10 +75,17 @@ SYSCALL_DEFINE5(add_key, const char __user *, _type, + if (ret < 0) + goto error; + +- description = strndup_user(_description, PAGE_SIZE); +- if (IS_ERR(description)) { +- ret = PTR_ERR(description); +- goto error; ++ description = NULL; ++ if (_description) { ++ description = strndup_user(_description, PAGE_SIZE); ++ if (IS_ERR(description)) { ++ ret = PTR_ERR(description); ++ goto error; ++ } ++ if (!*description) { ++ kfree(description); ++ description = NULL; ++ } + } + + /* pull the payload in if one was supplied */ +diff --git a/security/keys/keyring.c b/security/keys/keyring.c +index 81e7852..f04d8cf 100644 +--- a/security/keys/keyring.c ++++ b/security/keys/keyring.c +@@ -66,7 +66,7 @@ static inline unsigned keyring_hash(const char *desc) + * operations. + */ + static int keyring_instantiate(struct key *keyring, +- const void *data, size_t datalen); ++ struct key_preparsed_payload *prep); + static int keyring_match(const struct key *keyring, const void *criterion); + static void keyring_revoke(struct key *keyring); + static void keyring_destroy(struct key *keyring); +@@ -121,12 +121,12 @@ static void keyring_publish_name(struct key *keyring) + * Returns 0 on success, -EINVAL if given any data. + */ + static int keyring_instantiate(struct key *keyring, +- const void *data, size_t datalen) ++ struct key_preparsed_payload *prep) + { + int ret; + + ret = -EINVAL; +- if (datalen == 0) { ++ if (prep->datalen == 0) { + /* make the keyring available by name if it has one */ + keyring_publish_name(keyring); + ret = 0; +diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c +index 60d4e3f..85730d5 100644 +--- a/security/keys/request_key_auth.c ++++ b/security/keys/request_key_auth.c +@@ -19,7 +19,8 @@ + #include + #include "internal.h" + +-static int request_key_auth_instantiate(struct key *, const void *, size_t); ++static int request_key_auth_instantiate(struct key *, ++ struct key_preparsed_payload *); + static void request_key_auth_describe(const struct key *, struct seq_file *); + static void request_key_auth_revoke(struct key *); + static void request_key_auth_destroy(struct key *); +@@ -42,10 +43,9 @@ struct key_type key_type_request_key_auth = { + * Instantiate a request-key authorisation key. + */ + static int request_key_auth_instantiate(struct key *key, +- const void *data, +- size_t datalen) ++ struct key_preparsed_payload *prep) + { +- key->payload.data = (struct request_key_auth *) data; ++ key->payload.data = (struct request_key_auth *)prep->data; + return 0; + } + +diff --git a/security/keys/trusted.c b/security/keys/trusted.c +index 2d5d041..42036c7 100644 +--- a/security/keys/trusted.c ++++ b/security/keys/trusted.c +@@ -927,22 +927,23 @@ static struct trusted_key_payload *trusted_payload_alloc(struct key *key) + * + * On success, return 0. Otherwise return errno. + */ +-static int trusted_instantiate(struct key *key, const void *data, +- size_t datalen) ++static int trusted_instantiate(struct key *key, ++ struct key_preparsed_payload *prep) + { + struct trusted_key_payload *payload = NULL; + struct trusted_key_options *options = NULL; ++ size_t datalen = prep->datalen; + char *datablob; + int ret = 0; + int key_cmd; + +- if (datalen <= 0 || datalen > 32767 || !data) ++ if (datalen <= 0 || datalen > 32767 || !prep->data) + return -EINVAL; + + datablob = kmalloc(datalen + 1, GFP_KERNEL); + if (!datablob) + return -ENOMEM; +- memcpy(datablob, data, datalen); ++ memcpy(datablob, prep->data, datalen); + datablob[datalen] = '\0'; + + options = trusted_options_alloc(); +@@ -1011,17 +1012,18 @@ static void trusted_rcu_free(struct rcu_head *rcu) + /* + * trusted_update - reseal an existing key with new PCR values + */ +-static int trusted_update(struct key *key, const void *data, size_t datalen) ++static int trusted_update(struct key *key, struct key_preparsed_payload *prep) + { + struct trusted_key_payload *p = key->payload.data; + struct trusted_key_payload *new_p; + struct trusted_key_options *new_o; ++ size_t datalen = prep->datalen; + char *datablob; + int ret = 0; + + if (!p->migratable) + return -EPERM; +- if (datalen <= 0 || datalen > 32767 || !data) ++ if (datalen <= 0 || datalen > 32767 || !prep->data) + return -EINVAL; + + datablob = kmalloc(datalen + 1, GFP_KERNEL); +@@ -1038,7 +1040,7 @@ static int trusted_update(struct key *key, const void *data, size_t datalen) + goto out; + } + +- memcpy(datablob, data, datalen); ++ memcpy(datablob, prep->data, datalen); + datablob[datalen] = '\0'; + ret = datablob_parse(datablob, new_p, new_o); + if (ret != Opt_update) { +diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c +index c7660a2..55dc889 100644 +--- a/security/keys/user_defined.c ++++ b/security/keys/user_defined.c +@@ -58,13 +58,14 @@ EXPORT_SYMBOL_GPL(key_type_logon); + /* + * instantiate a user defined key + */ +-int user_instantiate(struct key *key, const void *data, size_t datalen) ++int user_instantiate(struct key *key, struct key_preparsed_payload *prep) + { + struct user_key_payload *upayload; ++ size_t datalen = prep->datalen; + int ret; + + ret = -EINVAL; +- if (datalen <= 0 || datalen > 32767 || !data) ++ if (datalen <= 0 || datalen > 32767 || !prep->data) + goto error; + + ret = key_payload_reserve(key, datalen); +@@ -78,7 +79,7 @@ int user_instantiate(struct key *key, const void *data, size_t datalen) + + /* attach the data */ + upayload->datalen = datalen; +- memcpy(upayload->data, data, datalen); ++ memcpy(upayload->data, prep->data, datalen); + rcu_assign_keypointer(key, upayload); + ret = 0; + +@@ -92,13 +93,14 @@ EXPORT_SYMBOL_GPL(user_instantiate); + * update a user defined key + * - the key's semaphore is write-locked + */ +-int user_update(struct key *key, const void *data, size_t datalen) ++int user_update(struct key *key, struct key_preparsed_payload *prep) + { + struct user_key_payload *upayload, *zap; ++ size_t datalen = prep->datalen; + int ret; + + ret = -EINVAL; +- if (datalen <= 0 || datalen > 32767 || !data) ++ if (datalen <= 0 || datalen > 32767 || !prep->data) + goto error; + + /* construct a replacement payload */ +@@ -108,7 +110,7 @@ int user_update(struct key *key, const void *data, size_t datalen) + goto error; + + upayload->datalen = datalen; +- memcpy(upayload->data, data, datalen); ++ memcpy(upayload->data, prep->data, datalen); + + /* check the quota and attach the new data */ + zap = upayload; +-- +1.7.11.4 + + +From a3f7dff6cbc2eb6be871a58fef34cacf7f78abf8 Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Thu, 13 Sep 2012 13:09:33 +0100 +Subject: [PATCH 03/26] MPILIB: Provide count_leading/trailing_zeros() based + on arch functions + +Provide count_leading/trailing_zeros() macros based on extant arch bit scanning +functions rather than reimplementing from scratch in MPILIB. + +Whilst we're at it, turn count_foo_zeros(n, x) into n = count_foo_zeros(x). + +Also move the definition to asm-generic as other people may be interested in +using it. + +Signed-off-by: David Howells +Cc: David S. Miller +Cc: Dmitry Kasatkin +Cc: Arnd Bergmann +--- + include/asm-generic/bitops/count_zeros.h | 57 +++++++++++++ + lib/mpi/longlong.h | 138 +------------------------------ + lib/mpi/mpi-bit.c | 2 +- + lib/mpi/mpi-pow.c | 4 +- + 4 files changed, 62 insertions(+), 139 deletions(-) + create mode 100644 include/asm-generic/bitops/count_zeros.h + +diff --git a/include/asm-generic/bitops/count_zeros.h b/include/asm-generic/bitops/count_zeros.h +new file mode 100644 +index 0000000..97520d2 +--- /dev/null ++++ b/include/asm-generic/bitops/count_zeros.h +@@ -0,0 +1,57 @@ ++/* Count leading and trailing zeros functions ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#ifndef _ASM_GENERIC_BITOPS_COUNT_ZEROS_H_ ++#define _ASM_GENERIC_BITOPS_COUNT_ZEROS_H_ ++ ++#include ++ ++/** ++ * count_leading_zeros - Count the number of zeros from the MSB back ++ * @x: The value ++ * ++ * Count the number of leading zeros from the MSB going towards the LSB in @x. ++ * ++ * If the MSB of @x is set, the result is 0. ++ * If only the LSB of @x is set, then the result is BITS_PER_LONG-1. ++ * If @x is 0 then the result is COUNT_LEADING_ZEROS_0. ++ */ ++static inline int count_leading_zeros(unsigned long x) ++{ ++ if (sizeof(x) == 4) ++ return BITS_PER_LONG - fls(x); ++ else ++ return BITS_PER_LONG - fls64(x); ++} ++ ++#define COUNT_LEADING_ZEROS_0 BITS_PER_LONG ++ ++/** ++ * count_trailing_zeros - Count the number of zeros from the LSB forwards ++ * @x: The value ++ * ++ * Count the number of trailing zeros from the LSB going towards the MSB in @x. ++ * ++ * If the LSB of @x is set, the result is 0. ++ * If only the MSB of @x is set, then the result is BITS_PER_LONG-1. ++ * If @x is 0 then the result is COUNT_TRAILING_ZEROS_0. ++ */ ++static inline int count_trailing_zeros(unsigned long x) ++{ ++#define COUNT_TRAILING_ZEROS_0 (-1) ++ ++ if (sizeof(x) == 4) ++ return ffs(x); ++ else ++ return (x != 0) ? __ffs(x) : COUNT_TRAILING_ZEROS_0; ++} ++ ++#endif /* _ASM_GENERIC_BITOPS_COUNT_ZEROS_H_ */ +diff --git a/lib/mpi/longlong.h b/lib/mpi/longlong.h +index 29f9862..678ce4f 100644 +--- a/lib/mpi/longlong.h ++++ b/lib/mpi/longlong.h +@@ -19,6 +19,8 @@ + * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. */ + ++#include ++ + /* You have to define the following before including this file: + * + * UWtype -- An unsigned type, default type for operations (typically a "word") +@@ -146,12 +148,6 @@ do { \ + : "1" ((USItype)(n1)), \ + "r" ((USItype)(n0)), \ + "r" ((USItype)(d))) +- +-#define count_leading_zeros(count, x) \ +- __asm__ ("clz %0,%1" \ +- : "=r" ((USItype)(count)) \ +- : "r" ((USItype)(x))) +-#define COUNT_LEADING_ZEROS_0 32 + #endif /* __a29k__ */ + + #if defined(__alpha) && W_TYPE_SIZE == 64 +@@ -298,11 +294,6 @@ extern UDItype __udiv_qrnnd(); + : "1" ((USItype)(nh)), \ + "0" ((USItype)(nl)), \ + "g" ((USItype)(d))) +-#define count_leading_zeros(count, x) \ +- __asm__ ("bsch/1 %1,%0" \ +- : "=g" (count) \ +- : "g" ((USItype)(x)), \ +- "0" ((USItype)0)) + #endif + + /*************************************** +@@ -354,27 +345,6 @@ do { USItype __r; \ + } while (0) + extern USItype __udiv_qrnnd(); + #endif /* LONGLONG_STANDALONE */ +-#define count_leading_zeros(count, x) \ +-do { \ +- USItype __tmp; \ +- __asm__ ( \ +- "ldi 1,%0\n" \ +- "extru,= %1,15,16,%%r0 ; Bits 31..16 zero?\n" \ +- "extru,tr %1,15,16,%1 ; No. Shift down, skip add.\n" \ +- "ldo 16(%0),%0 ; Yes. Perform add.\n" \ +- "extru,= %1,23,8,%%r0 ; Bits 15..8 zero?\n" \ +- "extru,tr %1,23,8,%1 ; No. Shift down, skip add.\n" \ +- "ldo 8(%0),%0 ; Yes. Perform add.\n" \ +- "extru,= %1,27,4,%%r0 ; Bits 7..4 zero?\n" \ +- "extru,tr %1,27,4,%1 ; No. Shift down, skip add.\n" \ +- "ldo 4(%0),%0 ; Yes. Perform add.\n" \ +- "extru,= %1,29,2,%%r0 ; Bits 3..2 zero?\n" \ +- "extru,tr %1,29,2,%1 ; No. Shift down, skip add.\n" \ +- "ldo 2(%0),%0 ; Yes. Perform add.\n" \ +- "extru %1,30,1,%1 ; Extract bit 1.\n" \ +- "sub %0,%1,%0 ; Subtract it. " \ +- : "=r" (count), "=r" (__tmp) : "1" (x)); \ +-} while (0) + #endif /* hppa */ + + /*************************************** +@@ -457,15 +427,6 @@ do { \ + : "0" ((USItype)(n0)), \ + "1" ((USItype)(n1)), \ + "rm" ((USItype)(d))) +-#define count_leading_zeros(count, x) \ +-do { \ +- USItype __cbtmp; \ +- __asm__ ("bsrl %1,%0" \ +- : "=r" (__cbtmp) : "rm" ((USItype)(x))); \ +- (count) = __cbtmp ^ 31; \ +-} while (0) +-#define count_trailing_zeros(count, x) \ +- __asm__ ("bsfl %1,%0" : "=r" (count) : "rm" ((USItype)(x))) + #ifndef UMUL_TIME + #define UMUL_TIME 40 + #endif +@@ -536,15 +497,6 @@ do { \ + "dI" ((USItype)(d))); \ + (r) = __rq.__i.__l; (q) = __rq.__i.__h; \ + } while (0) +-#define count_leading_zeros(count, x) \ +-do { \ +- USItype __cbtmp; \ +- __asm__ ("scanbit %1,%0" \ +- : "=r" (__cbtmp) \ +- : "r" ((USItype)(x))); \ +- (count) = __cbtmp ^ 31; \ +-} while (0) +-#define COUNT_LEADING_ZEROS_0 (-32) /* sic */ + #if defined(__i960mx) /* what is the proper symbol to test??? */ + #define rshift_rhlc(r, h, l, c) \ + do { \ +@@ -603,11 +555,6 @@ do { \ + : "0" ((USItype)(n0)), \ + "1" ((USItype)(n1)), \ + "dmi" ((USItype)(d))) +-#define count_leading_zeros(count, x) \ +- __asm__ ("bfffo %1{%b2:%b2},%0" \ +- : "=d" ((USItype)(count)) \ +- : "od" ((USItype)(x)), "n" (0)) +-#define COUNT_LEADING_ZEROS_0 32 + #else /* not mc68020 */ + #define umul_ppmm(xh, xl, a, b) \ + do { USItype __umul_tmp1, __umul_tmp2; \ +@@ -664,15 +611,6 @@ do { USItype __umul_tmp1, __umul_tmp2; \ + "rJ" ((USItype)(bh)), \ + "rJ" ((USItype)(al)), \ + "rJ" ((USItype)(bl))) +-#define count_leading_zeros(count, x) \ +-do { \ +- USItype __cbtmp; \ +- __asm__ ("ff1 %0,%1" \ +- : "=r" (__cbtmp) \ +- : "r" ((USItype)(x))); \ +- (count) = __cbtmp ^ 31; \ +-} while (0) +-#define COUNT_LEADING_ZEROS_0 63 /* sic */ + #if defined(__m88110__) + #define umul_ppmm(wh, wl, u, v) \ + do { \ +@@ -779,12 +717,6 @@ do { \ + : "0" (__xx.__ll), \ + "g" ((USItype)(d))); \ + (r) = __xx.__i.__l; (q) = __xx.__i.__h; }) +-#define count_trailing_zeros(count, x) \ +-do { \ +- __asm__("ffsd %2,%0" \ +- : "=r"((USItype) (count)) \ +- : "0"((USItype) 0), "r"((USItype) (x))); \ +- } while (0) + #endif /* __ns32000__ */ + + /*************************************** +@@ -855,11 +787,6 @@ do { \ + "rI" ((USItype)(al)), \ + "r" ((USItype)(bl))); \ + } while (0) +-#define count_leading_zeros(count, x) \ +- __asm__ ("{cntlz|cntlzw} %0,%1" \ +- : "=r" ((USItype)(count)) \ +- : "r" ((USItype)(x))) +-#define COUNT_LEADING_ZEROS_0 32 + #if defined(_ARCH_PPC) + #define umul_ppmm(ph, pl, m0, m1) \ + do { \ +@@ -1001,19 +928,6 @@ do { \ + } while (0) + #define UMUL_TIME 20 + #define UDIV_TIME 200 +-#define count_leading_zeros(count, x) \ +-do { \ +- if ((x) >= 0x10000) \ +- __asm__ ("clz %0,%1" \ +- : "=r" ((USItype)(count)) \ +- : "r" ((USItype)(x) >> 16)); \ +- else { \ +- __asm__ ("clz %0,%1" \ +- : "=r" ((USItype)(count)) \ +- : "r" ((USItype)(x))); \ +- (count) += 16; \ +- } \ +-} while (0) + #endif /* RT/ROMP */ + + /*************************************** +@@ -1142,13 +1056,6 @@ do { \ + "rI" ((USItype)(d)) \ + : "%g1" __AND_CLOBBER_CC) + #define UDIV_TIME 37 +-#define count_leading_zeros(count, x) \ +- __asm__ ("scan %1,0,%0" \ +- : "=r" ((USItype)(x)) \ +- : "r" ((USItype)(count))) +-/* Early sparclites return 63 for an argument of 0, but they warn that future +- implementations might change this. Therefore, leave COUNT_LEADING_ZEROS_0 +- undefined. */ + #endif /* __sparclite__ */ + #endif /* __sparc_v8__ */ + /* Default to sparc v7 versions of umul_ppmm and udiv_qrnnd. */ +@@ -1454,47 +1361,6 @@ do { \ + #define udiv_qrnnd __udiv_qrnnd_c + #endif + +-#undef count_leading_zeros +-#if !defined(count_leading_zeros) +- extern +-#ifdef __STDC__ +- const +-#endif +- unsigned char __clz_tab[]; +-#define count_leading_zeros(count, x) \ +-do { \ +- UWtype __xr = (x); \ +- UWtype __a; \ +- \ +- if (W_TYPE_SIZE <= 32) { \ +- __a = __xr < ((UWtype) 1 << 2*__BITS4) \ +- ? (__xr < ((UWtype) 1 << __BITS4) ? 0 : __BITS4) \ +- : (__xr < ((UWtype) 1 << 3*__BITS4) ? 2*__BITS4 : 3*__BITS4); \ +- } \ +- else { \ +- for (__a = W_TYPE_SIZE - 8; __a > 0; __a -= 8) \ +- if (((__xr >> __a) & 0xff) != 0) \ +- break; \ +- } \ +- \ +- (count) = W_TYPE_SIZE - (__clz_tab[__xr >> __a] + __a); \ +-} while (0) +- /* This version gives a well-defined value for zero. */ +-#define COUNT_LEADING_ZEROS_0 W_TYPE_SIZE +-#endif +- +-#if !defined(count_trailing_zeros) +-/* Define count_trailing_zeros using count_leading_zeros. The latter might be +- defined in asm, but if it is not, the C version above is good enough. */ +-#define count_trailing_zeros(count, x) \ +-do { \ +- UWtype __ctz_x = (x); \ +- UWtype __ctz_c; \ +- count_leading_zeros(__ctz_c, __ctz_x & -__ctz_x); \ +- (count) = W_TYPE_SIZE - 1 - __ctz_c; \ +-} while (0) +-#endif +- + #ifndef UDIV_NEEDS_NORMALIZATION + #define UDIV_NEEDS_NORMALIZATION 0 + #endif +diff --git a/lib/mpi/mpi-bit.c b/lib/mpi/mpi-bit.c +index 5687248..503537e 100644 +--- a/lib/mpi/mpi-bit.c ++++ b/lib/mpi/mpi-bit.c +@@ -45,7 +45,7 @@ unsigned mpi_get_nbits(MPI a) + if (a->nlimbs) { + mpi_limb_t alimb = a->d[a->nlimbs - 1]; + if (alimb) +- count_leading_zeros(n, alimb); ++ n = count_leading_zeros(alimb); + else + n = BITS_PER_MPI_LIMB; + n = BITS_PER_MPI_LIMB - n + (a->nlimbs - 1) * BITS_PER_MPI_LIMB; +diff --git a/lib/mpi/mpi-pow.c b/lib/mpi/mpi-pow.c +index 67f3e79..5464c87 100644 +--- a/lib/mpi/mpi-pow.c ++++ b/lib/mpi/mpi-pow.c +@@ -77,7 +77,7 @@ int mpi_powm(MPI res, MPI base, MPI exp, MPI mod) + mp = mp_marker = mpi_alloc_limb_space(msize); + if (!mp) + goto enomem; +- count_leading_zeros(mod_shift_cnt, mod->d[msize - 1]); ++ mod_shift_cnt = count_leading_zeros(mod->d[msize - 1]); + if (mod_shift_cnt) + mpihelp_lshift(mp, mod->d, msize, mod_shift_cnt); + else +@@ -169,7 +169,7 @@ int mpi_powm(MPI res, MPI base, MPI exp, MPI mod) + + i = esize - 1; + e = ep[i]; +- count_leading_zeros(c, e); ++ c = count_leading_zeros(e); + e = (e << c) << 1; /* shift the exp bits to the left, lose msb */ + c = BITS_PER_MPI_LIMB - 1 - c; + +-- +1.7.11.4 + + +From 79e4c942f35117b405402acf0f075ff79260e546 Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Thu, 13 Sep 2012 15:17:21 +0100 +Subject: [PATCH 04/26] KEYS: Document asymmetric key type + +In-source documentation for the asymmetric key type. This will be located in: + + Documentation/crypto/asymmetric-keys.txt + +Signed-off-by: David Howells +--- + Documentation/crypto/asymmetric-keys.txt | 312 +++++++++++++++++++++++++++++++ + 1 file changed, 312 insertions(+) + create mode 100644 Documentation/crypto/asymmetric-keys.txt + +diff --git a/Documentation/crypto/asymmetric-keys.txt b/Documentation/crypto/asymmetric-keys.txt +new file mode 100644 +index 0000000..b767590 +--- /dev/null ++++ b/Documentation/crypto/asymmetric-keys.txt +@@ -0,0 +1,312 @@ ++ ============================================= ++ ASYMMETRIC / PUBLIC-KEY CRYPTOGRAPHY KEY TYPE ++ ============================================= ++ ++Contents: ++ ++ - Overview. ++ - Key identification. ++ - Accessing asymmetric keys. ++ - Signature verification. ++ - Asymmetric key subtypes. ++ - Instantiation data parsers. ++ ++ ++======== ++OVERVIEW ++======== ++ ++The "asymmetric" key type is designed to be a container for the keys used in ++public-key cryptography, without imposing any particular restrictions on the ++form or mechanism of the cryptography or form of the key. ++ ++The asymmetric key is given a subtype that defines what sort of data is ++associated with the key and provides operations to describe and destroy it. ++However, no requirement is made that the key data actually be stored in the ++key. ++ ++A completely in-kernel key retention and operation subtype can be defined, but ++it would also be possible to provide access to cryptographic hardware (such as ++a TPM) that might be used to both retain the relevant key and perform ++operations using that key. In such a case, the asymmetric key would then ++merely be an interface to the TPM driver. ++ ++Also provided is the concept of a data parser. Data parsers are responsible ++for extracting information from the blobs of data passed to the instantiation ++function. The first data parser that recognises the blob gets to set the ++subtype of the key and define the operations that can be done on that key. ++ ++A data parser may interpret the data blob as containing the bits representing a ++key, or it may interpret it as a reference to a key held somewhere else in the ++system (for example, a TPM). ++ ++ ++================== ++KEY IDENTIFICATION ++================== ++ ++If a key is added with an empty name, the instantiation data parsers are given ++the opportunity to pre-parse a key and to determine the description the key ++should be given from the content of the key. ++ ++This can then be used to refer to the key, either by complete match or by ++partial match. The key type may also use other criteria to refer to a key. ++ ++The asymmetric key type's match function can then perform a wider range of ++comparisons than just the straightforward comparison of the description with ++the criterion string: ++ ++ (1) If the criterion string is of the form "id:" then the match ++ function will examine a key's fingerprint to see if the hex digits given ++ after the "id:" match the tail. For instance: ++ ++ keyctl search @s asymmetric id:5acc2142 ++ ++ will match a key with fingerprint: ++ ++ 1A00 2040 7601 7889 DE11 882C 3823 04AD 5ACC 2142 ++ ++ (2) If the criterion string is of the form ":" then the ++ match will match the ID as in (1), but with the added restriction that ++ only keys of the specified subtype (e.g. tpm) will be matched. For ++ instance: ++ ++ keyctl search @s asymmetric tpm:5acc2142 ++ ++Looking in /proc/keys, the last 8 hex digits of the key fingerprint are ++displayed, along with the subtype: ++ ++ 1a39e171 I----- 1 perm 3f010000 0 0 asymmetri modsign.0: DSA 5acc2142 [] ++ ++ ++========================= ++ACCESSING ASYMMETRIC KEYS ++========================= ++ ++For general access to asymmetric keys from within the kernel, the following ++inclusion is required: ++ ++ #include ++ ++This gives access to functions for dealing with asymmetric / public keys. ++Three enums are defined there for representing public-key cryptography ++algorithms: ++ ++ enum pkey_algo ++ ++digest algorithms used by those: ++ ++ enum pkey_hash_algo ++ ++and key identifier representations: ++ ++ enum pkey_id_type ++ ++Note that the key type representation types are required because key ++identifiers from different standards aren't necessarily compatible. For ++instance, PGP generates key identifiers by hashing the key data plus some ++PGP-specific metadata, whereas X.509 has arbitrary certificate identifiers. ++ ++The operations defined upon a key are: ++ ++ (1) Signature verification. ++ ++Other operations are possible (such as encryption) with the same key data ++required for verification, but not currently supported, and others ++(eg. decryption and signature generation) require extra key data. ++ ++ ++SIGNATURE VERIFICATION ++---------------------- ++ ++An operation is provided to perform cryptographic signature verification, using ++an asymmetric key to provide or to provide access to the public key. ++ ++ int verify_signature(const struct key *key, ++ const struct public_key_signature *sig); ++ ++The caller must have already obtained the key from some source and can then use ++it to check the signature. The caller must have parsed the signature and ++transferred the relevant bits to the structure pointed to by sig. ++ ++ struct public_key_signature { ++ u8 *digest; ++ u8 digest_size; ++ enum pkey_hash_algo pkey_hash_algo : 8; ++ u8 nr_mpi; ++ union { ++ MPI mpi[2]; ++ ... ++ }; ++ }; ++ ++The algorithm used must be noted in sig->pkey_hash_algo, and all the MPIs that ++make up the actual signature must be stored in sig->mpi[] and the count of MPIs ++placed in sig->nr_mpi. ++ ++In addition, the data must have been digested by the caller and the resulting ++hash must be pointed to by sig->digest and the size of the hash be placed in ++sig->digest_size. ++ ++The function will return 0 upon success or -EKEYREJECTED if the signature ++doesn't match. ++ ++The function may also return -ENOTSUPP if an unsupported public-key algorithm ++or public-key/hash algorithm combination is specified or the key doesn't ++support the operation; -EBADMSG or -ERANGE if some of the parameters have weird ++data; or -ENOMEM if an allocation can't be performed. -EINVAL can be returned ++if the key argument is the wrong type or is incompletely set up. ++ ++ ++======================= ++ASYMMETRIC KEY SUBTYPES ++======================= ++ ++Asymmetric keys have a subtype that defines the set of operations that can be ++performed on that key and that determines what data is attached as the key ++payload. The payload format is entirely at the whim of the subtype. ++ ++The subtype is selected by the key data parser and the parser must initialise ++the data required for it. The asymmetric key retains a reference on the ++subtype module. ++ ++The subtype definition structure can be found in: ++ ++ #include ++ ++and looks like the following: ++ ++ struct asymmetric_key_subtype { ++ struct module *owner; ++ const char *name; ++ ++ void (*describe)(const struct key *key, struct seq_file *m); ++ void (*destroy)(void *payload); ++ int (*verify_signature)(const struct key *key, ++ const struct public_key_signature *sig); ++ }; ++ ++Asymmetric keys point to this with their type_data[0] member. ++ ++The owner and name fields should be set to the owning module and the name of ++the subtype. Currently, the name is only used for print statements. ++ ++There are a number of operations defined by the subtype: ++ ++ (1) describe(). ++ ++ Mandatory. This allows the subtype to display something in /proc/keys ++ against the key. For instance the name of the public key algorithm type ++ could be displayed. The key type will display the tail of the key ++ identity string after this. ++ ++ (2) destroy(). ++ ++ Mandatory. This should free the memory associated with the key. The ++ asymmetric key will look after freeing the fingerprint and releasing the ++ reference on the subtype module. ++ ++ (3) verify_signature(). ++ ++ Optional. These are the entry points for the key usage operations. ++ Currently there is only the one defined. If not set, the caller will be ++ given -ENOTSUPP. The subtype may do anything it likes to implement an ++ operation, including offloading to hardware. ++ ++ ++========================== ++INSTANTIATION DATA PARSERS ++========================== ++ ++The asymmetric key type doesn't generally want to store or to deal with a raw ++blob of data that holds the key data. It would have to parse it and error ++check it each time it wanted to use it. Further, the contents of the blob may ++have various checks that can be performed on it (eg. self-signatures, validity ++dates) and may contain useful data about the key (identifiers, capabilities). ++ ++Also, the blob may represent a pointer to some hardware containing the key ++rather than the key itself. ++ ++Examples of blob formats for which parsers could be implemented include: ++ ++ - OpenPGP packet stream [RFC 4880]. ++ - X.509 ASN.1 stream. ++ - Pointer to TPM key. ++ - Pointer to UEFI key. ++ ++During key instantiation each parser in the list is tried until one doesn't ++return -EBADMSG. ++ ++The parser definition structure can be found in: ++ ++ #include ++ ++and looks like the following: ++ ++ struct asymmetric_key_parser { ++ struct module *owner; ++ const char *name; ++ ++ int (*parse)(struct key_preparsed_payload *prep); ++ }; ++ ++The owner and name fields should be set to the owning module and the name of ++the parser. ++ ++There is currently only a single operation defined by the parser, and it is ++mandatory: ++ ++ (1) parse(). ++ ++ This is called to preparse the key from the key creation and update paths. ++ In particular, it is called during the key creation _before_ a key is ++ allocated, and as such, is permitted to provide the key's description in ++ the case that the caller declines to do so. ++ ++ The caller passes a pointer to the following struct with all of the fields ++ cleared, except for data, datalen and quotalen [see ++ Documentation/security/keys.txt]. ++ ++ struct key_preparsed_payload { ++ char *description; ++ void *type_data[2]; ++ void *payload; ++ const void *data; ++ size_t datalen; ++ size_t quotalen; ++ }; ++ ++ The instantiation data is in a blob pointed to by data and is datalen in ++ size. The parse() function is not permitted to change these two values at ++ all, and shouldn't change any of the other values _unless_ they are ++ recognise the blob format and will not return -EBADMSG to indicate it is ++ not theirs. ++ ++ If the parser is happy with the blob, it should propose a description for ++ the key and attach it to ->description, ->type_data[0] should be set to ++ point to the subtype to be used, ->payload should be set to point to the ++ initialised data for that subtype, ->type_data[1] should point to a hex ++ fingerprint and quotalen should be updated to indicate how much quota this ++ key should account for. ++ ++ When clearing up, the data attached to ->type_data[1] and ->description ++ will be kfree()'d and the data attached to ->payload will be passed to the ++ subtype's ->destroy() method to be disposed of. A module reference for ++ the subtype pointed to by ->type_data[0] will be put. ++ ++ ++ If the data format is not recognised, -EBADMSG should be returned. If it ++ is recognised, but the key cannot for some reason be set up, some other ++ negative error code should be returned. On success, 0 should be returned. ++ ++ The key's fingerprint string may be partially matched upon. For a ++ public-key algorithm such as RSA and DSA this will likely be a printable ++ hex version of the key's fingerprint. ++ ++Functions are provided to register and unregister parsers: ++ ++ int register_asymmetric_key_parser(struct asymmetric_key_parser *parser); ++ void unregister_asymmetric_key_parser(struct asymmetric_key_parser *subtype); ++ ++Parsers may not have the same name. The names are otherwise only used for ++displaying in debugging messages. +-- +1.7.11.4 + + +From 2fb78e0d337ac41f2cddad18fc5c34374e5298ab Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Thu, 13 Sep 2012 15:17:21 +0100 +Subject: [PATCH 05/26] KEYS: Implement asymmetric key type + +Create a key type that can be used to represent an asymmetric key type for use +in appropriate cryptographic operations, such as encryption, decryption, +signature generation and signature verification. + +The key type is "asymmetric" and can provide access to a variety of +cryptographic algorithms. + +Possibly, this would be better as "public_key" - but that has the disadvantage +that "public key" is an overloaded term. + +Signed-off-by: David Howells +--- + crypto/Kconfig | 1 + + crypto/Makefile | 1 + + crypto/asymmetric_keys/Kconfig | 13 +++ + crypto/asymmetric_keys/Makefile | 7 ++ + crypto/asymmetric_keys/asymmetric_keys.h | 15 +++ + crypto/asymmetric_keys/asymmetric_type.c | 156 +++++++++++++++++++++++++++++++ + include/keys/asymmetric-subtype.h | 55 +++++++++++ + include/keys/asymmetric-type.h | 25 +++++ + 8 files changed, 273 insertions(+) + create mode 100644 crypto/asymmetric_keys/Kconfig + create mode 100644 crypto/asymmetric_keys/Makefile + create mode 100644 crypto/asymmetric_keys/asymmetric_keys.h + create mode 100644 crypto/asymmetric_keys/asymmetric_type.c + create mode 100644 include/keys/asymmetric-subtype.h + create mode 100644 include/keys/asymmetric-type.h + +diff --git a/crypto/Kconfig b/crypto/Kconfig +index a323805..1ca0b24 100644 +--- a/crypto/Kconfig ++++ b/crypto/Kconfig +@@ -1043,5 +1043,6 @@ config CRYPTO_USER_API_SKCIPHER + key cipher algorithms. + + source "drivers/crypto/Kconfig" ++source crypto/asymmetric_keys/Kconfig + + endif # if CRYPTO +diff --git a/crypto/Makefile b/crypto/Makefile +index 30f33d6..ced472e 100644 +--- a/crypto/Makefile ++++ b/crypto/Makefile +@@ -96,3 +96,4 @@ obj-$(CONFIG_CRYPTO_USER_API_SKCIPHER) += algif_skcipher.o + # + obj-$(CONFIG_XOR_BLOCKS) += xor.o + obj-$(CONFIG_ASYNC_CORE) += async_tx/ ++obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys/ +diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig +new file mode 100644 +index 0000000..cad29b3 +--- /dev/null ++++ b/crypto/asymmetric_keys/Kconfig +@@ -0,0 +1,13 @@ ++menuconfig ASYMMETRIC_KEY_TYPE ++ tristate "Asymmetric (public-key cryptographic) key type" ++ depends on KEYS ++ help ++ This option provides support for a key type that holds the data for ++ the asymmetric keys used for public key cryptographic operations such ++ as encryption, decryption, signature generation and signature ++ verification. ++ ++if ASYMMETRIC_KEY_TYPE ++ ++ ++endif # ASYMMETRIC_KEY_TYPE +diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile +new file mode 100644 +index 0000000..b725bcc +--- /dev/null ++++ b/crypto/asymmetric_keys/Makefile +@@ -0,0 +1,7 @@ ++# ++# Makefile for asymmetric cryptographic keys ++# ++ ++obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o ++ ++asymmetric_keys-y := asymmetric_type.o +diff --git a/crypto/asymmetric_keys/asymmetric_keys.h b/crypto/asymmetric_keys/asymmetric_keys.h +new file mode 100644 +index 0000000..515b634 +--- /dev/null ++++ b/crypto/asymmetric_keys/asymmetric_keys.h +@@ -0,0 +1,15 @@ ++/* Internal definitions for asymmetric key type ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++static inline const char *asymmetric_key_id(const struct key *key) ++{ ++ return key->type_data.p[1]; ++} +diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c +new file mode 100644 +index 0000000..bfb0424 +--- /dev/null ++++ b/crypto/asymmetric_keys/asymmetric_type.c +@@ -0,0 +1,156 @@ ++/* Asymmetric public-key cryptography key type ++ * ++ * See Documentation/security/asymmetric-keys.txt ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++#include ++#include ++#include ++#include ++#include "asymmetric_keys.h" ++ ++MODULE_LICENSE("GPL"); ++ ++/* ++ * Match asymmetric keys on (part of) their name ++ * We have some shorthand methods for matching keys. We allow: ++ * ++ * "" - request a key by description ++ * "id:" - request a key matching the ID ++ * ":" - request a key of a subtype ++ */ ++static int asymmetric_key_match(const struct key *key, const void *description) ++{ ++ const struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key); ++ const char *spec = description; ++ const char *id, *kid; ++ ptrdiff_t speclen; ++ size_t idlen, kidlen; ++ ++ if (!subtype || !spec || !*spec) ++ return 0; ++ ++ /* See if the full key description matches as is */ ++ if (key->description && strcmp(key->description, description) == 0) ++ return 1; ++ ++ /* All tests from here on break the criterion description into a ++ * specifier, a colon and then an identifier. ++ */ ++ id = strchr(spec, ':'); ++ if (!id) ++ return 0; ++ ++ speclen = id - spec; ++ id++; ++ ++ /* Anything after here requires a partial match on the ID string */ ++ kid = asymmetric_key_id(key); ++ if (!kid) ++ return 0; ++ ++ idlen = strlen(id); ++ kidlen = strlen(kid); ++ if (idlen > kidlen) ++ return 0; ++ ++ kid += kidlen - idlen; ++ if (strcasecmp(id, kid) != 0) ++ return 0; ++ ++ if (speclen == 2 && ++ memcmp(spec, "id", 2) == 0) ++ return 1; ++ ++ if (speclen == subtype->name_len && ++ memcmp(spec, subtype->name, speclen) == 0) ++ return 1; ++ ++ return 0; ++} ++ ++/* ++ * Describe the asymmetric key ++ */ ++static void asymmetric_key_describe(const struct key *key, struct seq_file *m) ++{ ++ const struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key); ++ const char *kid = asymmetric_key_id(key); ++ size_t n; ++ ++ seq_puts(m, key->description); ++ ++ if (subtype) { ++ seq_puts(m, ": "); ++ subtype->describe(key, m); ++ ++ if (kid) { ++ seq_putc(m, ' '); ++ n = strlen(kid); ++ if (n <= 8) ++ seq_puts(m, kid); ++ else ++ seq_puts(m, kid + n - 8); ++ } ++ ++ seq_puts(m, " ["); ++ /* put something here to indicate the key's capabilities */ ++ seq_putc(m, ']'); ++ } ++} ++ ++/* ++ * Instantiate a asymmetric_key defined key. The key was preparsed, so we just ++ * have to transfer the data here. ++ */ ++static int asymmetric_key_instantiate(struct key *key, struct key_preparsed_payload *prep) ++{ ++ return -EOPNOTSUPP; ++} ++ ++/* ++ * dispose of the data dangling from the corpse of a asymmetric key ++ */ ++static void asymmetric_key_destroy(struct key *key) ++{ ++ struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key); ++ if (subtype) { ++ subtype->destroy(key->payload.data); ++ module_put(subtype->owner); ++ key->type_data.p[0] = NULL; ++ } ++ kfree(key->type_data.p[1]); ++ key->type_data.p[1] = NULL; ++} ++ ++struct key_type key_type_asymmetric = { ++ .name = "asymmetric", ++ .instantiate = asymmetric_key_instantiate, ++ .match = asymmetric_key_match, ++ .destroy = asymmetric_key_destroy, ++ .describe = asymmetric_key_describe, ++}; ++EXPORT_SYMBOL_GPL(key_type_asymmetric); ++ ++/* ++ * Module stuff ++ */ ++static int __init asymmetric_key_init(void) ++{ ++ return register_key_type(&key_type_asymmetric); ++} ++ ++static void __exit asymmetric_key_cleanup(void) ++{ ++ unregister_key_type(&key_type_asymmetric); ++} ++ ++module_init(asymmetric_key_init); ++module_exit(asymmetric_key_cleanup); +diff --git a/include/keys/asymmetric-subtype.h b/include/keys/asymmetric-subtype.h +new file mode 100644 +index 0000000..4b840e8 +--- /dev/null ++++ b/include/keys/asymmetric-subtype.h +@@ -0,0 +1,55 @@ ++/* Asymmetric public-key cryptography key subtype ++ * ++ * See Documentation/security/asymmetric-keys.txt ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#ifndef _KEYS_ASYMMETRIC_SUBTYPE_H ++#define _KEYS_ASYMMETRIC_SUBTYPE_H ++ ++#include ++#include ++ ++struct public_key_signature; ++ ++/* ++ * Keys of this type declare a subtype that indicates the handlers and ++ * capabilities. ++ */ ++struct asymmetric_key_subtype { ++ struct module *owner; ++ const char *name; ++ unsigned short name_len; /* length of name */ ++ ++ /* Describe a key of this subtype for /proc/keys */ ++ void (*describe)(const struct key *key, struct seq_file *m); ++ ++ /* Destroy a key of this subtype */ ++ void (*destroy)(void *payload); ++ ++ /* Verify the signature on a key of this subtype (optional) */ ++ int (*verify_signature)(const struct key *key, ++ const struct public_key_signature *sig); ++}; ++ ++/** ++ * asymmetric_key_subtype - Get the subtype from an asymmetric key ++ * @key: The key of interest. ++ * ++ * Retrieves and returns the subtype pointer of the asymmetric key from the ++ * type-specific data attached to the key. ++ */ ++static inline ++struct asymmetric_key_subtype *asymmetric_key_subtype(const struct key *key) ++{ ++ return key->type_data.p[0]; ++} ++ ++#endif /* _KEYS_ASYMMETRIC_SUBTYPE_H */ +diff --git a/include/keys/asymmetric-type.h b/include/keys/asymmetric-type.h +new file mode 100644 +index 0000000..7dd4734 +--- /dev/null ++++ b/include/keys/asymmetric-type.h +@@ -0,0 +1,25 @@ ++/* Asymmetric Public-key cryptography key type interface ++ * ++ * See Documentation/security/asymmetric-keys.txt ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#ifndef _KEYS_ASYMMETRIC_TYPE_H ++#define _KEYS_ASYMMETRIC_TYPE_H ++ ++#include ++ ++extern struct key_type key_type_asymmetric; ++ ++/* ++ * The payload is at the discretion of the subtype. ++ */ ++ ++#endif /* _KEYS_ASYMMETRIC_TYPE_H */ +-- +1.7.11.4 + + +From d28ffd9e0c8987e5af59ae38bb48779b0d221f00 Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Thu, 13 Sep 2012 15:17:32 +0100 +Subject: [PATCH 06/26] KEYS: Asymmetric key pluggable data parsers + +The instantiation data passed to the asymmetric key type are expected to be +formatted in some way, and there are several possible standard ways to format +the data. + +The two obvious standards are OpenPGP keys and X.509 certificates. The latter +is especially useful when dealing with UEFI, and the former might be useful +when dealing with, say, eCryptfs. + +Further, it might be desirable to provide formatted blobs that indicate +hardware is to be accessed to retrieve the keys or that the keys live +unretrievably in a hardware store, but that the keys can be used by means of +the hardware. + +From userspace, the keys can be loaded using the keyctl command, for example, +an X.509 binary certificate: + + keyctl padd asymmetric foo @s +--- + crypto/asymmetric_keys/asymmetric_type.c | 120 ++++++++++++++++++++++++++++++- + include/keys/asymmetric-parser.h | 37 ++++++++++ + 2 files changed, 156 insertions(+), 1 deletion(-) + create mode 100644 include/keys/asymmetric-parser.h + +diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c +index bfb0424..cf80765 100644 +--- a/crypto/asymmetric_keys/asymmetric_type.c ++++ b/crypto/asymmetric_keys/asymmetric_type.c +@@ -11,6 +11,7 @@ + * 2 of the Licence, or (at your option) any later version. + */ + #include ++#include + #include + #include + #include +@@ -18,6 +19,9 @@ + + MODULE_LICENSE("GPL"); + ++static LIST_HEAD(asymmetric_key_parsers); ++static DECLARE_RWSEM(asymmetric_key_parsers_sem); ++ + /* + * Match asymmetric keys on (part of) their name + * We have some shorthand methods for matching keys. We allow: +@@ -107,12 +111,79 @@ static void asymmetric_key_describe(const struct key *key, struct seq_file *m) + } + + /* ++ * Preparse a asymmetric payload to get format the contents appropriately for the ++ * internal payload to cut down on the number of scans of the data performed. ++ * ++ * We also generate a proposed description from the contents of the key that ++ * can be used to name the key if the user doesn't want to provide one. ++ */ ++static int asymmetric_key_preparse(struct key_preparsed_payload *prep) ++{ ++ struct asymmetric_key_parser *parser; ++ int ret; ++ ++ pr_devel("==>%s()\n", __func__); ++ ++ if (prep->datalen == 0) ++ return -EINVAL; ++ ++ down_read(&asymmetric_key_parsers_sem); ++ ++ ret = -EBADMSG; ++ list_for_each_entry(parser, &asymmetric_key_parsers, link) { ++ pr_debug("Trying parser '%s'\n", parser->name); ++ ++ ret = parser->parse(prep); ++ if (ret != -EBADMSG) { ++ pr_debug("Parser recognised the format (ret %d)\n", ++ ret); ++ break; ++ } ++ } ++ ++ up_read(&asymmetric_key_parsers_sem); ++ pr_devel("<==%s() = %d\n", __func__, ret); ++ return ret; ++} ++ ++/* ++ * Clean up the preparse data ++ */ ++static void asymmetric_key_free_preparse(struct key_preparsed_payload *prep) ++{ ++ struct asymmetric_key_subtype *subtype = prep->type_data[0]; ++ ++ pr_devel("==>%s()\n", __func__); ++ ++ if (subtype) { ++ subtype->destroy(prep->payload); ++ module_put(subtype->owner); ++ } ++ kfree(prep->type_data[1]); ++ kfree(prep->description); ++} ++ ++/* + * Instantiate a asymmetric_key defined key. The key was preparsed, so we just + * have to transfer the data here. + */ + static int asymmetric_key_instantiate(struct key *key, struct key_preparsed_payload *prep) + { +- return -EOPNOTSUPP; ++ int ret; ++ ++ pr_devel("==>%s()\n", __func__); ++ ++ ret = key_payload_reserve(key, prep->quotalen); ++ if (ret == 0) { ++ key->type_data.p[0] = prep->type_data[0]; ++ key->type_data.p[1] = prep->type_data[1]; ++ key->payload.data = prep->payload; ++ prep->type_data[0] = NULL; ++ prep->type_data[1] = NULL; ++ prep->payload = NULL; ++ } ++ pr_devel("<==%s() = %d\n", __func__, ret); ++ return ret; + } + + /* +@@ -132,6 +203,8 @@ static void asymmetric_key_destroy(struct key *key) + + struct key_type key_type_asymmetric = { + .name = "asymmetric", ++ .preparse = asymmetric_key_preparse, ++ .free_preparse = asymmetric_key_free_preparse, + .instantiate = asymmetric_key_instantiate, + .match = asymmetric_key_match, + .destroy = asymmetric_key_destroy, +@@ -139,6 +212,51 @@ struct key_type key_type_asymmetric = { + }; + EXPORT_SYMBOL_GPL(key_type_asymmetric); + ++/** ++ * register_asymmetric_key_parser - Register a asymmetric key blob parser ++ * @parser: The parser to register ++ */ ++int register_asymmetric_key_parser(struct asymmetric_key_parser *parser) ++{ ++ struct asymmetric_key_parser *cursor; ++ int ret; ++ ++ down_write(&asymmetric_key_parsers_sem); ++ ++ list_for_each_entry(cursor, &asymmetric_key_parsers, link) { ++ if (strcmp(cursor->name, parser->name) == 0) { ++ pr_err("Asymmetric key parser '%s' already registered\n", ++ parser->name); ++ ret = -EEXIST; ++ goto out; ++ } ++ } ++ ++ list_add_tail(&parser->link, &asymmetric_key_parsers); ++ ++ pr_notice("Asymmetric key parser '%s' registered\n", parser->name); ++ ret = 0; ++ ++out: ++ up_write(&asymmetric_key_parsers_sem); ++ return ret; ++} ++EXPORT_SYMBOL_GPL(register_asymmetric_key_parser); ++ ++/** ++ * unregister_asymmetric_key_parser - Unregister a asymmetric key blob parser ++ * @parser: The parser to unregister ++ */ ++void unregister_asymmetric_key_parser(struct asymmetric_key_parser *parser) ++{ ++ down_write(&asymmetric_key_parsers_sem); ++ list_del(&parser->link); ++ up_write(&asymmetric_key_parsers_sem); ++ ++ pr_notice("Asymmetric key parser '%s' unregistered\n", parser->name); ++} ++EXPORT_SYMBOL_GPL(unregister_asymmetric_key_parser); ++ + /* + * Module stuff + */ +diff --git a/include/keys/asymmetric-parser.h b/include/keys/asymmetric-parser.h +new file mode 100644 +index 0000000..09b3b48 +--- /dev/null ++++ b/include/keys/asymmetric-parser.h +@@ -0,0 +1,37 @@ ++/* Asymmetric public-key cryptography data parser ++ * ++ * See Documentation/crypto/asymmetric-keys.txt ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#ifndef _KEYS_ASYMMETRIC_PARSER_H ++#define _KEYS_ASYMMETRIC_PARSER_H ++ ++/* ++ * Key data parser. Called during key instantiation. ++ */ ++struct asymmetric_key_parser { ++ struct list_head link; ++ struct module *owner; ++ const char *name; ++ ++ /* Attempt to parse a key from the data blob passed to add_key() or ++ * keyctl_instantiate(). Should also generate a proposed description ++ * that the caller can optionally use for the key. ++ * ++ * Return EBADMSG if not recognised. ++ */ ++ int (*parse)(struct key_preparsed_payload *prep); ++}; ++ ++extern int register_asymmetric_key_parser(struct asymmetric_key_parser *); ++extern void unregister_asymmetric_key_parser(struct asymmetric_key_parser *); ++ ++#endif /* _KEYS_ASYMMETRIC_PARSER_H */ +-- +1.7.11.4 + + +From 171881bb3693176db4d0f85f78066fcdb6266525 Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Fri, 21 Sep 2012 23:24:55 +0100 +Subject: [PATCH 07/26] KEYS: Asymmetric public-key algorithm crypto key + subtype + +Add a subtype for supporting asymmetric public-key encryption algorithms such +as DSA (FIPS-186) and RSA (PKCS#1 / RFC1337). + +Signed-off-by: David Howells +--- + crypto/asymmetric_keys/Kconfig | 8 +++ + crypto/asymmetric_keys/Makefile | 2 + + crypto/asymmetric_keys/public_key.c | 108 ++++++++++++++++++++++++++++++++++++ + crypto/asymmetric_keys/public_key.h | 28 ++++++++++ + include/crypto/public_key.h | 104 ++++++++++++++++++++++++++++++++++ + 5 files changed, 250 insertions(+) + create mode 100644 crypto/asymmetric_keys/public_key.c + create mode 100644 crypto/asymmetric_keys/public_key.h + create mode 100644 include/crypto/public_key.h + +diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig +index cad29b3..bbfccaa 100644 +--- a/crypto/asymmetric_keys/Kconfig ++++ b/crypto/asymmetric_keys/Kconfig +@@ -9,5 +9,13 @@ menuconfig ASYMMETRIC_KEY_TYPE + + if ASYMMETRIC_KEY_TYPE + ++config ASYMMETRIC_PUBLIC_KEY_SUBTYPE ++ tristate "Asymmetric public-key crypto algorithm subtype" ++ select MPILIB ++ help ++ This option provides support for asymmetric public key type handling. ++ If signature generation and/or verification are to be used, ++ appropriate hash algorithms (such as SHA-1) must be available. ++ ENOPKG will be reported if the requisite algorithm is unavailable. + + endif # ASYMMETRIC_KEY_TYPE +diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile +index b725bcc..5ed46ee 100644 +--- a/crypto/asymmetric_keys/Makefile ++++ b/crypto/asymmetric_keys/Makefile +@@ -5,3 +5,5 @@ + obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o + + asymmetric_keys-y := asymmetric_type.o ++ ++obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o +diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c +new file mode 100644 +index 0000000..cb2e291 +--- /dev/null ++++ b/crypto/asymmetric_keys/public_key.c +@@ -0,0 +1,108 @@ ++/* In-software asymmetric public-key crypto subtype ++ * ++ * See Documentation/crypto/asymmetric-keys.txt ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#define pr_fmt(fmt) "PKEY: "fmt ++#include ++#include ++#include ++#include ++#include ++#include ++#include "public_key.h" ++ ++MODULE_LICENSE("GPL"); ++ ++const char *const pkey_algo[PKEY_ALGO__LAST] = { ++ [PKEY_ALGO_DSA] = "DSA", ++ [PKEY_ALGO_RSA] = "RSA", ++}; ++EXPORT_SYMBOL_GPL(pkey_algo); ++ ++const char *const pkey_hash_algo[PKEY_HASH__LAST] = { ++ [PKEY_HASH_MD4] = "md4", ++ [PKEY_HASH_MD5] = "md5", ++ [PKEY_HASH_SHA1] = "sha1", ++ [PKEY_HASH_RIPE_MD_160] = "rmd160", ++ [PKEY_HASH_SHA256] = "sha256", ++ [PKEY_HASH_SHA384] = "sha384", ++ [PKEY_HASH_SHA512] = "sha512", ++ [PKEY_HASH_SHA224] = "sha224", ++}; ++EXPORT_SYMBOL_GPL(pkey_hash_algo); ++ ++const char *const pkey_id_type[PKEY_ID_TYPE__LAST] = { ++ [PKEY_ID_PGP] = "PGP", ++ [PKEY_ID_X509] = "X509", ++}; ++EXPORT_SYMBOL_GPL(pkey_id_type); ++ ++/* ++ * Provide a part of a description of the key for /proc/keys. ++ */ ++static void public_key_describe(const struct key *asymmetric_key, ++ struct seq_file *m) ++{ ++ struct public_key *key = asymmetric_key->payload.data; ++ ++ if (key) ++ seq_printf(m, "%s.%s", ++ pkey_id_type[key->id_type], key->algo->name); ++} ++ ++/* ++ * Destroy a public key algorithm key. ++ */ ++void public_key_destroy(void *payload) ++{ ++ struct public_key *key = payload; ++ int i; ++ ++ if (key) { ++ for (i = 0; i < ARRAY_SIZE(key->mpi); i++) ++ mpi_free(key->mpi[i]); ++ kfree(key); ++ } ++} ++EXPORT_SYMBOL_GPL(public_key_destroy); ++ ++/* ++ * Verify a signature using a public key. ++ */ ++static int public_key_verify_signature(const struct key *key, ++ const struct public_key_signature *sig) ++{ ++ const struct public_key *pk = key->payload.data; ++ ++ if (!pk->algo->verify_signature) ++ return -ENOTSUPP; ++ ++ if (sig->nr_mpi != pk->algo->n_sig_mpi) { ++ pr_debug("Signature has %u MPI not %u\n", ++ sig->nr_mpi, pk->algo->n_sig_mpi); ++ return -EINVAL; ++ } ++ ++ return pk->algo->verify_signature(pk, sig); ++} ++ ++/* ++ * Public key algorithm asymmetric key subtype ++ */ ++struct asymmetric_key_subtype public_key_subtype = { ++ .owner = THIS_MODULE, ++ .name = "public_key", ++ .describe = public_key_describe, ++ .destroy = public_key_destroy, ++ .verify_signature = public_key_verify_signature, ++}; ++EXPORT_SYMBOL_GPL(public_key_subtype); +diff --git a/crypto/asymmetric_keys/public_key.h b/crypto/asymmetric_keys/public_key.h +new file mode 100644 +index 0000000..1f86aad +--- /dev/null ++++ b/crypto/asymmetric_keys/public_key.h +@@ -0,0 +1,28 @@ ++/* Public key algorithm internals ++ * ++ * See Documentation/crypto/asymmetric-keys.txt ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#include ++ ++extern struct asymmetric_key_subtype public_key_subtype; ++ ++/* ++ * Public key algorithm definition. ++ */ ++struct public_key_algorithm { ++ const char *name; ++ u8 n_pub_mpi; /* Number of MPIs in public key */ ++ u8 n_sec_mpi; /* Number of MPIs in secret key */ ++ u8 n_sig_mpi; /* Number of MPIs in a signature */ ++ int (*verify_signature)(const struct public_key *key, ++ const struct public_key_signature *sig); ++}; +diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h +new file mode 100644 +index 0000000..4b8b6c1 +--- /dev/null ++++ b/include/crypto/public_key.h +@@ -0,0 +1,104 @@ ++/* Asymmetric public-key algorithm definitions ++ * ++ * See Documentation/crypto/asymmetric-keys.txt ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#ifndef _LINUX_PUBLIC_KEY_H ++#define _LINUX_PUBLIC_KEY_H ++ ++#include ++ ++enum pkey_algo { ++ PKEY_ALGO_DSA, ++ PKEY_ALGO_RSA, ++ PKEY_ALGO__LAST ++}; ++ ++extern const char *const pkey_algo[PKEY_ALGO__LAST]; ++ ++enum pkey_hash_algo { ++ PKEY_HASH_MD4, ++ PKEY_HASH_MD5, ++ PKEY_HASH_SHA1, ++ PKEY_HASH_RIPE_MD_160, ++ PKEY_HASH_SHA256, ++ PKEY_HASH_SHA384, ++ PKEY_HASH_SHA512, ++ PKEY_HASH_SHA224, ++ PKEY_HASH__LAST ++}; ++ ++extern const char *const pkey_hash_algo[PKEY_HASH__LAST]; ++ ++enum pkey_id_type { ++ PKEY_ID_PGP, /* OpenPGP generated key ID */ ++ PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */ ++ PKEY_ID_TYPE__LAST ++}; ++ ++extern const char *const pkey_id_type[PKEY_ID_TYPE__LAST]; ++ ++/* ++ * Cryptographic data for the public-key subtype of the asymmetric key type. ++ * ++ * Note that this may include private part of the key as well as the public ++ * part. ++ */ ++struct public_key { ++ const struct public_key_algorithm *algo; ++ u8 capabilities; ++#define PKEY_CAN_ENCRYPT 0x01 ++#define PKEY_CAN_DECRYPT 0x02 ++#define PKEY_CAN_SIGN 0x04 ++#define PKEY_CAN_VERIFY 0x08 ++ enum pkey_id_type id_type : 8; ++ union { ++ MPI mpi[5]; ++ struct { ++ MPI p; /* DSA prime */ ++ MPI q; /* DSA group order */ ++ MPI g; /* DSA group generator */ ++ MPI y; /* DSA public-key value = g^x mod p */ ++ MPI x; /* DSA secret exponent (if present) */ ++ } dsa; ++ struct { ++ MPI n; /* RSA public modulus */ ++ MPI e; /* RSA public encryption exponent */ ++ MPI d; /* RSA secret encryption exponent (if present) */ ++ MPI p; /* RSA secret prime (if present) */ ++ MPI q; /* RSA secret prime (if present) */ ++ } rsa; ++ }; ++}; ++ ++extern void public_key_destroy(void *payload); ++ ++/* ++ * Public key cryptography signature data ++ */ ++struct public_key_signature { ++ u8 *digest; ++ u8 digest_size; /* Number of bytes in digest */ ++ u8 nr_mpi; /* Occupancy of mpi[] */ ++ enum pkey_hash_algo pkey_hash_algo : 8; ++ union { ++ MPI mpi[2]; ++ struct { ++ MPI s; /* m^d mod n */ ++ } rsa; ++ struct { ++ MPI r; ++ MPI s; ++ } dsa; ++ }; ++}; ++ ++#endif /* _LINUX_PUBLIC_KEY_H */ +-- +1.7.11.4 + + +From 8e45e274bb3f8bb90306e0102a2c48ea1ef179fb Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Fri, 21 Sep 2012 23:25:04 +0100 +Subject: [PATCH 08/26] KEYS: Provide signature verification with an + asymmetric key + +Provide signature verification using an asymmetric-type key to indicate the +public key to be used. + +The API is a single function that can be found in crypto/public_key.h: + + int verify_signature(const struct key *key, + const struct public_key_signature *sig) + +The first argument is the appropriate key to be used and the second argument +is the parsed signature data: + + struct public_key_signature { + u8 *digest; + u16 digest_size; + enum pkey_hash_algo pkey_hash_algo : 8; + union { + MPI mpi[2]; + struct { + MPI s; /* m^d mod n */ + } rsa; + struct { + MPI r; + MPI s; + } dsa; + }; + }; + +This should be filled in prior to calling the function. The hash algorithm +should already have been called and the hash finalised and the output should +be in a buffer pointed to by the 'digest' member. + +Any extra data to be added to the hash by the hash format (eg. PGP) should +have been added by the caller prior to finalising the hash. + +It is assumed that the signature is made up of a number of MPI values. If an +algorithm becomes available for which this is not the case, the above structure +will have to change. + +It is also assumed that it will have been checked that the signature algorithm +matches the key algorithm. + +Signed-off-by: David Howells +--- + crypto/asymmetric_keys/Makefile | 2 +- + crypto/asymmetric_keys/signature.c | 49 ++++++++++++++++++++++++++++++++++++++ + include/crypto/public_key.h | 4 ++++ + 3 files changed, 54 insertions(+), 1 deletion(-) + create mode 100644 crypto/asymmetric_keys/signature.c + +diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile +index 5ed46ee..8dcdf0c 100644 +--- a/crypto/asymmetric_keys/Makefile ++++ b/crypto/asymmetric_keys/Makefile +@@ -4,6 +4,6 @@ + + obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o + +-asymmetric_keys-y := asymmetric_type.o ++asymmetric_keys-y := asymmetric_type.o signature.o + + obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o +diff --git a/crypto/asymmetric_keys/signature.c b/crypto/asymmetric_keys/signature.c +new file mode 100644 +index 0000000..50b3f88 +--- /dev/null ++++ b/crypto/asymmetric_keys/signature.c +@@ -0,0 +1,49 @@ ++/* Signature verification with an asymmetric key ++ * ++ * See Documentation/security/asymmetric-keys.txt ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#include ++#include ++#include ++#include ++#include "asymmetric_keys.h" ++ ++/** ++ * verify_signature - Initiate the use of an asymmetric key to verify a signature ++ * @key: The asymmetric key to verify against ++ * @sig: The signature to check ++ * ++ * Returns 0 if successful or else an error. ++ */ ++int verify_signature(const struct key *key, ++ const struct public_key_signature *sig) ++{ ++ const struct asymmetric_key_subtype *subtype; ++ int ret; ++ ++ pr_devel("==>%s()\n", __func__); ++ ++ if (key->type != &key_type_asymmetric) ++ return -EINVAL; ++ subtype = asymmetric_key_subtype(key); ++ if (!subtype || ++ !key->payload.data) ++ return -EINVAL; ++ if (!subtype->verify_signature) ++ return -ENOTSUPP; ++ ++ ret = subtype->verify_signature(key, sig); ++ ++ pr_devel("<==%s() = %d\n", __func__, ret); ++ return ret; ++} ++EXPORT_SYMBOL_GPL(verify_signature); +diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h +index 4b8b6c1..f5b0224 100644 +--- a/include/crypto/public_key.h ++++ b/include/crypto/public_key.h +@@ -101,4 +101,8 @@ struct public_key_signature { + }; + }; + ++struct key; ++extern int verify_signature(const struct key *key, ++ const struct public_key_signature *sig); ++ + #endif /* _LINUX_PUBLIC_KEY_H */ +-- +1.7.11.4 + + +From 941e72448fc68f41a56798112a6f20df6bcd0ad0 Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Fri, 21 Sep 2012 23:25:22 +0100 +Subject: [PATCH 09/26] MPILIB: Reinstate mpi_cmp[_ui]() and export for RSA + signature verification + +Reinstate and export mpi_cmp() and mpi_cmp_ui() from the MPI library for use by +RSA signature verification as per RFC3447 section 5.2.2 step 1. + +Signed-off-by: David Howells +--- + lib/mpi/Makefile | 1 + + lib/mpi/mpi-cmp.c | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 71 insertions(+) + create mode 100644 lib/mpi/mpi-cmp.c + +diff --git a/lib/mpi/Makefile b/lib/mpi/Makefile +index 45ca90a..019a68c 100644 +--- a/lib/mpi/Makefile ++++ b/lib/mpi/Makefile +@@ -14,6 +14,7 @@ mpi-y = \ + generic_mpih-add1.o \ + mpicoder.o \ + mpi-bit.o \ ++ mpi-cmp.o \ + mpih-cmp.o \ + mpih-div.o \ + mpih-mul.o \ +diff --git a/lib/mpi/mpi-cmp.c b/lib/mpi/mpi-cmp.c +new file mode 100644 +index 0000000..1871e7b +--- /dev/null ++++ b/lib/mpi/mpi-cmp.c +@@ -0,0 +1,70 @@ ++/* mpi-cmp.c - MPI functions ++ * Copyright (C) 1998, 1999 Free Software Foundation, Inc. ++ * ++ * This file is part of GnuPG. ++ * ++ * GnuPG is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or ++ * (at your option) any later version. ++ * ++ * GnuPG is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA ++ */ ++ ++#include "mpi-internal.h" ++ ++int mpi_cmp_ui(MPI u, unsigned long v) ++{ ++ mpi_limb_t limb = v; ++ ++ mpi_normalize(u); ++ if (!u->nlimbs && !limb) ++ return 0; ++ if (u->sign) ++ return -1; ++ if (u->nlimbs > 1) ++ return 1; ++ ++ if (u->d[0] == limb) ++ return 0; ++ else if (u->d[0] > limb) ++ return 1; ++ else ++ return -1; ++} ++EXPORT_SYMBOL_GPL(mpi_cmp_ui); ++ ++int mpi_cmp(MPI u, MPI v) ++{ ++ mpi_size_t usize, vsize; ++ int cmp; ++ ++ mpi_normalize(u); ++ mpi_normalize(v); ++ usize = u->nlimbs; ++ vsize = v->nlimbs; ++ if (!u->sign && v->sign) ++ return 1; ++ if (u->sign && !v->sign) ++ return -1; ++ if (usize != vsize && !u->sign && !v->sign) ++ return usize - vsize; ++ if (usize != vsize && u->sign && v->sign) ++ return vsize + usize; ++ if (!usize) ++ return 0; ++ cmp = mpihelp_cmp(u->d, v->d, usize); ++ if (!cmp) ++ return 0; ++ if ((cmp < 0 ? 1 : 0) == (u->sign ? 1 : 0)) ++ return 1; ++ return -1; ++} ++EXPORT_SYMBOL_GPL(mpi_cmp); +-- +1.7.11.4 + + +From ca876ff8fde3c6febb8a8578ca0e1608576071bf Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Fri, 21 Sep 2012 23:25:40 +0100 +Subject: [PATCH 10/26] RSA: Implement signature verification algorithm + [PKCS#1 / RFC3447] + +Implement RSA public key cryptography [PKCS#1 / RFC3447]. At this time, only +the signature verification algorithm is supported. This uses the asymmetric +public key subtype to hold its key data. + +Signed-off-by: David Howells +--- + crypto/asymmetric_keys/Kconfig | 7 + + crypto/asymmetric_keys/Makefile | 1 + + crypto/asymmetric_keys/public_key.h | 2 + + crypto/asymmetric_keys/rsa.c | 269 ++++++++++++++++++++++++++++++++++++ + 4 files changed, 279 insertions(+) + create mode 100644 crypto/asymmetric_keys/rsa.c + +diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig +index bbfccaa..561759d 100644 +--- a/crypto/asymmetric_keys/Kconfig ++++ b/crypto/asymmetric_keys/Kconfig +@@ -18,4 +18,11 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE + appropriate hash algorithms (such as SHA-1) must be available. + ENOPKG will be reported if the requisite algorithm is unavailable. + ++config PUBLIC_KEY_ALGO_RSA ++ tristate "RSA public-key algorithm" ++ depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE ++ select MPILIB_EXTRA ++ help ++ This option enables support for the RSA algorithm (PKCS#1, RFC3447). ++ + endif # ASYMMETRIC_KEY_TYPE +diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile +index 8dcdf0c..7c92691 100644 +--- a/crypto/asymmetric_keys/Makefile ++++ b/crypto/asymmetric_keys/Makefile +@@ -7,3 +7,4 @@ obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o + asymmetric_keys-y := asymmetric_type.o signature.o + + obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o ++obj-$(CONFIG_PUBLIC_KEY_ALGO_RSA) += rsa.o +diff --git a/crypto/asymmetric_keys/public_key.h b/crypto/asymmetric_keys/public_key.h +index 1f86aad..5e5e356 100644 +--- a/crypto/asymmetric_keys/public_key.h ++++ b/crypto/asymmetric_keys/public_key.h +@@ -26,3 +26,5 @@ struct public_key_algorithm { + int (*verify_signature)(const struct public_key *key, + const struct public_key_signature *sig); + }; ++ ++extern const struct public_key_algorithm RSA_public_key_algorithm; +diff --git a/crypto/asymmetric_keys/rsa.c b/crypto/asymmetric_keys/rsa.c +new file mode 100644 +index 0000000..9b31ee2 +--- /dev/null ++++ b/crypto/asymmetric_keys/rsa.c +@@ -0,0 +1,269 @@ ++/* RSA asymmetric public-key algorithm [RFC3447] ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#define pr_fmt(fmt) "RSA: "fmt ++#include ++#include ++#include ++#include "public_key.h" ++ ++MODULE_LICENSE("GPL"); ++MODULE_DESCRIPTION("RSA Public Key Algorithm"); ++ ++#define kenter(FMT, ...) \ ++ pr_devel("==> %s("FMT")\n", __func__, ##__VA_ARGS__) ++#define kleave(FMT, ...) \ ++ pr_devel("<== %s()"FMT"\n", __func__, ##__VA_ARGS__) ++ ++/* ++ * Hash algorithm OIDs plus ASN.1 DER wrappings [RFC4880 sec 5.2.2]. ++ */ ++static const u8 RSA_digest_info_MD5[] = { ++ 0x30, 0x20, 0x30, 0x0C, 0x06, 0x08, ++ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, /* OID */ ++ 0x05, 0x00, 0x04, 0x10 ++}; ++ ++static const u8 RSA_digest_info_SHA1[] = { ++ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, ++ 0x2B, 0x0E, 0x03, 0x02, 0x1A, ++ 0x05, 0x00, 0x04, 0x14 ++}; ++ ++static const u8 RSA_digest_info_RIPE_MD_160[] = { ++ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, ++ 0x2B, 0x24, 0x03, 0x02, 0x01, ++ 0x05, 0x00, 0x04, 0x14 ++}; ++ ++static const u8 RSA_digest_info_SHA224[] = { ++ 0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, ++ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, ++ 0x05, 0x00, 0x04, 0x1C ++}; ++ ++static const u8 RSA_digest_info_SHA256[] = { ++ 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, ++ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, ++ 0x05, 0x00, 0x04, 0x20 ++}; ++ ++static const u8 RSA_digest_info_SHA384[] = { ++ 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, ++ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, ++ 0x05, 0x00, 0x04, 0x30 ++}; ++ ++static const u8 RSA_digest_info_SHA512[] = { ++ 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, ++ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, ++ 0x05, 0x00, 0x04, 0x40 ++}; ++ ++static const struct { ++ const u8 *data; ++ size_t size; ++} RSA_ASN1_templates[PKEY_HASH__LAST] = { ++#define _(X) { RSA_digest_info_##X, sizeof(RSA_digest_info_##X) } ++ [PKEY_HASH_MD5] = _(MD5), ++ [PKEY_HASH_SHA1] = _(SHA1), ++ [PKEY_HASH_RIPE_MD_160] = _(RIPE_MD_160), ++ [PKEY_HASH_SHA256] = _(SHA256), ++ [PKEY_HASH_SHA384] = _(SHA384), ++ [PKEY_HASH_SHA512] = _(SHA512), ++ [PKEY_HASH_SHA224] = _(SHA224), ++#undef _ ++}; ++ ++/* ++ * RSAVP1() function [RFC3447 sec 5.2.2] ++ */ ++static int RSAVP1(const struct public_key *key, MPI s, MPI *_m) ++{ ++ MPI m; ++ int ret; ++ ++ /* (1) Validate 0 <= s < n */ ++ if (mpi_cmp_ui(s, 0) < 0) { ++ kleave(" = -EBADMSG [s < 0]"); ++ return -EBADMSG; ++ } ++ if (mpi_cmp(s, key->rsa.n) >= 0) { ++ kleave(" = -EBADMSG [s >= n]"); ++ return -EBADMSG; ++ } ++ ++ m = mpi_alloc(0); ++ if (!m) ++ return -ENOMEM; ++ ++ /* (2) m = s^e mod n */ ++ ret = mpi_powm(m, s, key->rsa.e, key->rsa.n); ++ if (ret < 0) { ++ mpi_free(m); ++ return ret; ++ } ++ ++ *_m = m; ++ return 0; ++} ++ ++/* ++ * Integer to Octet String conversion [RFC3447 sec 4.1] ++ */ ++static int RSA_I2OSP(MPI x, size_t xLen, u8 **_X) ++{ ++ unsigned X_size, x_size; ++ int X_sign; ++ u8 *X; ++ ++ /* Make sure the string is the right length. The number should begin ++ * with { 0x00, 0x01, ... } so we have to account for 15 leading zero ++ * bits not being reported by MPI. ++ */ ++ x_size = mpi_get_nbits(x); ++ pr_devel("size(x)=%u xLen*8=%zu\n", x_size, xLen * 8); ++ if (x_size != xLen * 8 - 15) ++ return -ERANGE; ++ ++ X = mpi_get_buffer(x, &X_size, &X_sign); ++ if (!X) ++ return -ENOMEM; ++ if (X_sign < 0) { ++ kfree(X); ++ return -EBADMSG; ++ } ++ if (X_size != xLen - 1) { ++ kfree(X); ++ return -EBADMSG; ++ } ++ ++ *_X = X; ++ return 0; ++} ++ ++/* ++ * Perform the RSA signature verification. ++ * @H: Value of hash of data and metadata ++ * @EM: The computed signature value ++ * @k: The size of EM (EM[0] is an invalid location but should hold 0x00) ++ * @hash_size: The size of H ++ * @asn1_template: The DigestInfo ASN.1 template ++ * @asn1_size: Size of asm1_template[] ++ */ ++static int RSA_verify(const u8 *H, const u8 *EM, size_t k, size_t hash_size, ++ const u8 *asn1_template, size_t asn1_size) ++{ ++ unsigned PS_end, T_offset, i; ++ ++ kenter(",,%zu,%zu,%zu", k, hash_size, asn1_size); ++ ++ if (k < 2 + 1 + asn1_size + hash_size) ++ return -EBADMSG; ++ ++ /* Decode the EMSA-PKCS1-v1_5 */ ++ if (EM[1] != 0x01) { ++ kleave(" = -EBADMSG [EM[1] == %02u]", EM[1]); ++ return -EBADMSG; ++ } ++ ++ T_offset = k - (asn1_size + hash_size); ++ PS_end = T_offset - 1; ++ if (EM[PS_end] != 0x00) { ++ kleave(" = -EBADMSG [EM[T-1] == %02u]", EM[PS_end]); ++ return -EBADMSG; ++ } ++ ++ for (i = 2; i < PS_end; i++) { ++ if (EM[i] != 0xff) { ++ kleave(" = -EBADMSG [EM[PS%x] == %02u]", i - 2, EM[i]); ++ return -EBADMSG; ++ } ++ } ++ ++ if (memcmp(asn1_template, EM + T_offset, asn1_size) != 0) { ++ kleave(" = -EBADMSG [EM[T] ASN.1 mismatch]"); ++ return -EBADMSG; ++ } ++ ++ if (memcmp(H, EM + T_offset + asn1_size, hash_size) != 0) { ++ kleave(" = -EKEYREJECTED [EM[T] hash mismatch]"); ++ return -EKEYREJECTED; ++ } ++ ++ kleave(" = 0"); ++ return 0; ++} ++ ++/* ++ * Perform the verification step [RFC3447 sec 8.2.2]. ++ */ ++static int RSA_verify_signature(const struct public_key *key, ++ const struct public_key_signature *sig) ++{ ++ size_t tsize; ++ int ret; ++ ++ /* Variables as per RFC3447 sec 8.2.2 */ ++ const u8 *H = sig->digest; ++ u8 *EM = NULL; ++ MPI m = NULL; ++ size_t k; ++ ++ kenter(""); ++ ++ if (!RSA_ASN1_templates[sig->pkey_hash_algo].data) ++ return -ENOTSUPP; ++ ++ /* (1) Check the signature size against the public key modulus size */ ++ k = (mpi_get_nbits(key->rsa.n) + 7) / 8; ++ ++ tsize = (mpi_get_nbits(sig->rsa.s) + 7) / 8; ++ pr_devel("step 1: k=%zu size(S)=%zu\n", k, tsize); ++ if (tsize != k) { ++ ret = -EBADMSG; ++ goto error; ++ } ++ ++ /* (2b) Apply the RSAVP1 verification primitive to the public key */ ++ ret = RSAVP1(key, sig->rsa.s, &m); ++ if (ret < 0) ++ goto error; ++ ++ /* (2c) Convert the message representative (m) to an encoded message ++ * (EM) of length k octets. ++ * ++ * NOTE! The leading zero byte is suppressed by MPI, so we pass a ++ * pointer to the _preceding_ byte to RSA_verify()! ++ */ ++ ret = RSA_I2OSP(m, k, &EM); ++ if (ret < 0) ++ goto error; ++ ++ ret = RSA_verify(H, EM - 1, k, sig->digest_size, ++ RSA_ASN1_templates[sig->pkey_hash_algo].data, ++ RSA_ASN1_templates[sig->pkey_hash_algo].size); ++ ++error: ++ kfree(EM); ++ mpi_free(m); ++ kleave(" = %d", ret); ++ return ret; ++} ++ ++const struct public_key_algorithm RSA_public_key_algorithm = { ++ .name = "RSA", ++ .n_pub_mpi = 2, ++ .n_sec_mpi = 3, ++ .n_sig_mpi = 1, ++ .verify_signature = RSA_verify_signature, ++}; ++EXPORT_SYMBOL_GPL(RSA_public_key_algorithm); +-- +1.7.11.4 + + +From e179a9b04469ea018a8fdb53f11c57222ba540a0 Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Fri, 21 Sep 2012 23:28:05 +0100 +Subject: [PATCH 11/26] RSA: Fix signature verification for shorter signatures + +gpg can produce a signature file where length of signature is less than the +modulus size because the amount of space an MPI takes up is kept as low as +possible by discarding leading zeros. This regularly happens for several +modules during the build. + +Fix it by relaxing check in RSA verification code. + +Thanks to Tomas Mraz and Miloslav Trmac for help. + +Signed-off-by: Milan Broz +Signed-off-by: David Howells +--- + crypto/asymmetric_keys/rsa.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/crypto/asymmetric_keys/rsa.c b/crypto/asymmetric_keys/rsa.c +index 9b31ee2..4a6a069 100644 +--- a/crypto/asymmetric_keys/rsa.c ++++ b/crypto/asymmetric_keys/rsa.c +@@ -224,15 +224,23 @@ static int RSA_verify_signature(const struct public_key *key, + return -ENOTSUPP; + + /* (1) Check the signature size against the public key modulus size */ +- k = (mpi_get_nbits(key->rsa.n) + 7) / 8; ++ k = mpi_get_nbits(key->rsa.n); ++ tsize = mpi_get_nbits(sig->rsa.s); + +- tsize = (mpi_get_nbits(sig->rsa.s) + 7) / 8; ++ /* According to RFC 4880 sec 3.2, length of MPI is computed starting ++ * from most significant bit. So the RFC 3447 sec 8.2.2 size check ++ * must be relaxed to conform with shorter signatures - so we fail here ++ * only if signature length is longer than modulus size. ++ */ + pr_devel("step 1: k=%zu size(S)=%zu\n", k, tsize); +- if (tsize != k) { ++ if (k < tsize) { + ret = -EBADMSG; + goto error; + } + ++ /* Round up and convert to octets */ ++ k = (k + 7) / 8; ++ + /* (2b) Apply the RSAVP1 verification primitive to the public key */ + ret = RSAVP1(key, sig->rsa.s, &m); + if (ret < 0) +-- +1.7.11.4 + + +From d412c256ea6170b6aeceb9f1eb1737d991473634 Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Fri, 21 Sep 2012 23:30:46 +0100 +Subject: [PATCH 12/26] X.509: Implement simple static OID registry + +Implement a simple static OID registry that allows the mapping of an encoded +OID to an enum value for ease of use. + +The OID registry index enum appears in the: + + linux/oid_registry.h + +header file. A script generates the registry from lines in the header file +that look like: + + OID_foo,/*1.2.3.4*/ + +The actual OID is taken to be represented by the numbers with interpolated +dots in the comment. + +All other lines in the header are ignored. + +The registry is queries by calling: + + OID look_up_oid(const void *data, size_t datasize); + +This returns a number from the registry enum representing the OID if found or +OID__NR if not. + +Signed-off-by: David Howells +--- + include/linux/oid_registry.h | 90 +++++++++++++++++++ + lib/.gitignore | 2 +- + lib/Kconfig | 5 ++ + lib/Makefile | 16 ++++ + lib/build_OID_registry | 209 +++++++++++++++++++++++++++++++++++++++++++ + lib/oid_registry.c | 89 ++++++++++++++++++ + 6 files changed, 410 insertions(+), 1 deletion(-) + create mode 100644 include/linux/oid_registry.h + create mode 100755 lib/build_OID_registry + create mode 100644 lib/oid_registry.c + +diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h +new file mode 100644 +index 0000000..5928546 +--- /dev/null ++++ b/include/linux/oid_registry.h +@@ -0,0 +1,90 @@ ++/* ASN.1 Object identifier (OID) registry ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#ifndef _LINUX_OID_REGISTRY_H ++#define _LINUX_OID_REGISTRY_H ++ ++#include ++ ++/* ++ * OIDs are turned into these values if possible, or OID__NR if not held here. ++ * ++ * NOTE! Do not mess with the format of each line as this is read by ++ * build_OID_registry.pl to generate the data for look_up_OID(). ++ */ ++enum OID { ++ OID_id_dsa_with_sha1, /* 1.2.840.10030.4.3 */ ++ OID_id_dsa, /* 1.2.840.10040.4.1 */ ++ OID_id_ecdsa_with_sha1, /* 1.2.840.10045.4.1 */ ++ OID_id_ecPublicKey, /* 1.2.840.10045.2.1 */ ++ ++ /* PKCS#1 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)} */ ++ OID_rsaEncryption, /* 1.2.840.113549.1.1.1 */ ++ OID_md2WithRSAEncryption, /* 1.2.840.113549.1.1.2 */ ++ OID_md3WithRSAEncryption, /* 1.2.840.113549.1.1.3 */ ++ OID_md4WithRSAEncryption, /* 1.2.840.113549.1.1.4 */ ++ OID_sha1WithRSAEncryption, /* 1.2.840.113549.1.1.5 */ ++ OID_sha256WithRSAEncryption, /* 1.2.840.113549.1.1.11 */ ++ OID_sha384WithRSAEncryption, /* 1.2.840.113549.1.1.12 */ ++ OID_sha512WithRSAEncryption, /* 1.2.840.113549.1.1.13 */ ++ OID_sha224WithRSAEncryption, /* 1.2.840.113549.1.1.14 */ ++ /* PKCS#7 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-7(7)} */ ++ OID_data, /* 1.2.840.113549.1.7.1 */ ++ OID_signed_data, /* 1.2.840.113549.1.7.2 */ ++ /* PKCS#9 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)} */ ++ OID_email_address, /* 1.2.840.113549.1.9.1 */ ++ OID_content_type, /* 1.2.840.113549.1.9.3 */ ++ OID_messageDigest, /* 1.2.840.113549.1.9.4 */ ++ OID_signingTime, /* 1.2.840.113549.1.9.5 */ ++ OID_smimeCapabilites, /* 1.2.840.113549.1.9.15 */ ++ OID_smimeAuthenticatedAttrs, /* 1.2.840.113549.1.9.16.2.11 */ ++ ++ /* {iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2)} */ ++ OID_md2, /* 1.2.840.113549.2.2 */ ++ OID_md4, /* 1.2.840.113549.2.4 */ ++ OID_md5, /* 1.2.840.113549.2.5 */ ++ ++ OID_certAuthInfoAccess, /* 1.3.6.1.5.5.7.1.1 */ ++ OID_msOutlookExpress, /* 1.3.6.1.4.1.311.16.4 */ ++ OID_sha1, /* 1.3.14.3.2.26 */ ++ ++ /* Distinguished Name attribute IDs [RFC 2256] */ ++ OID_commonName, /* 2.5.4.3 */ ++ OID_surname, /* 2.5.4.4 */ ++ OID_countryName, /* 2.5.4.6 */ ++ OID_locality, /* 2.5.4.7 */ ++ OID_stateOrProvinceName, /* 2.5.4.8 */ ++ OID_organizationName, /* 2.5.4.10 */ ++ OID_organizationUnitName, /* 2.5.4.11 */ ++ OID_title, /* 2.5.4.12 */ ++ OID_description, /* 2.5.4.13 */ ++ OID_name, /* 2.5.4.41 */ ++ OID_givenName, /* 2.5.4.42 */ ++ OID_initials, /* 2.5.4.43 */ ++ OID_generationalQualifier, /* 2.5.4.44 */ ++ ++ /* Certificate extension IDs */ ++ OID_subjectKeyIdentifier, /* 2.5.29.14 */ ++ OID_keyUsage, /* 2.5.29.15 */ ++ OID_subjectAltName, /* 2.5.29.17 */ ++ OID_issuerAltName, /* 2.5.29.18 */ ++ OID_basicConstraints, /* 2.5.29.19 */ ++ OID_crlDistributionPoints, /* 2.5.29.31 */ ++ OID_certPolicies, /* 2.5.29.32 */ ++ OID_authorityKeyIdentifier, /* 2.5.29.35 */ ++ OID_extKeyUsage, /* 2.5.29.37 */ ++ ++ OID__NR ++}; ++ ++extern enum OID look_up_OID(const void *data, size_t datasize); ++ ++#endif /* _LINUX_OID_REGISTRY_H */ +diff --git a/lib/.gitignore b/lib/.gitignore +index 3bef1ea..09aae85 100644 +--- a/lib/.gitignore ++++ b/lib/.gitignore +@@ -3,4 +3,4 @@ + # + gen_crc32table + crc32table.h +- ++oid_registry_data.c +diff --git a/lib/Kconfig b/lib/Kconfig +index bb94c1b..4b31a46 100644 +--- a/lib/Kconfig ++++ b/lib/Kconfig +@@ -396,4 +396,9 @@ config SIGNATURE + config LIBFDT + bool + ++config OID_REGISTRY ++ tristate ++ help ++ Enable fast lookup object identifier registry. ++ + endmenu +diff --git a/lib/Makefile b/lib/Makefile +index 42d283e..b042896 100644 +--- a/lib/Makefile ++++ b/lib/Makefile +@@ -150,3 +150,19 @@ quiet_cmd_crc32 = GEN $@ + + $(obj)/crc32table.h: $(obj)/gen_crc32table + $(call cmd,crc32) ++ ++# ++# Build a fast OID lookip registry from include/linux/oid_registry.h ++# ++obj-$(CONFIG_OID_REGISTRY) += oid_registry.o ++ ++$(obj)/oid_registry.c: $(obj)/oid_registry_data.c ++ ++$(obj)/oid_registry_data.c: $(srctree)/include/linux/oid_registry.h \ ++ $(src)/build_OID_registry ++ $(call cmd,build_OID_registry) ++ ++quiet_cmd_build_OID_registry = GEN $@ ++ cmd_build_OID_registry = perl $(srctree)/$(src)/build_OID_registry $< $@ ++ ++clean-files += oid_registry_data.c +diff --git a/lib/build_OID_registry b/lib/build_OID_registry +new file mode 100755 +index 0000000..dfbdaab +--- /dev/null ++++ b/lib/build_OID_registry +@@ -0,0 +1,209 @@ ++#!/usr/bin/perl -w ++# ++# Build a static ASN.1 Object Identified (OID) registry ++# ++# Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++# Written by David Howells (dhowells@redhat.com) ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public Licence ++# as published by the Free Software Foundation; either version ++# 2 of the Licence, or (at your option) any later version. ++# ++ ++use strict; ++ ++my @names = (); ++my @oids = (); ++ ++if ($#ARGV != 1) { ++ print STDERR "Format: ", $0, " \n"; ++ exit(2); ++} ++ ++# ++# Open the file to read from ++# ++open IN_FILE, "<$ARGV[0]" || die; ++while () { ++ chomp; ++ if (m!\s+OID_([a-zA-z][a-zA-Z0-9_]+),\s+/[*]\s+([012][.0-9]*)\s+[*]/!) { ++ push @names, $1; ++ push @oids, $2; ++ } ++} ++close IN_FILE || die; ++ ++# ++# Open the files to write into ++# ++open C_FILE, ">$ARGV[1]" or die; ++print C_FILE "/*\n"; ++print C_FILE " * Automatically generated by ", $0, ". Do not edit\n"; ++print C_FILE " */\n"; ++ ++# ++# Split the data up into separate lists and also determine the lengths of the ++# encoded data arrays. ++# ++my @indices = (); ++my @lengths = (); ++my $total_length = 0; ++ ++print "Compiling ", $#names + 1, " OIDs\n"; ++ ++for (my $i = 0; $i <= $#names; $i++) { ++ my $name = $names[$i]; ++ my $oid = $oids[$i]; ++ ++ my @components = split(/[.]/, $oid); ++ ++ # Determine the encoded length of this OID ++ my $size = $#components; ++ for (my $loop = 2; $loop <= $#components; $loop++) { ++ my $c = $components[$loop]; ++ ++ # We will base128 encode the number ++ my $tmp = ($c == 0) ? 0 : int(log($c)/log(2)); ++ $tmp = int($tmp / 7); ++ $size += $tmp; ++ } ++ push @lengths, $size; ++ push @indices, $total_length; ++ $total_length += $size; ++} ++ ++# ++# Emit the look-up-by-OID index table ++# ++print C_FILE "\n"; ++if ($total_length <= 255) { ++ print C_FILE "static const unsigned char oid_index[OID__NR + 1] = {\n"; ++} else { ++ print C_FILE "static const unsigned short oid_index[OID__NR + 1] = {\n"; ++} ++for (my $i = 0; $i <= $#names; $i++) { ++ print C_FILE "\t[OID_", $names[$i], "] = ", $indices[$i], ",\n" ++} ++print C_FILE "\t[OID__NR] = ", $total_length, "\n"; ++print C_FILE "};\n"; ++ ++# ++# Encode the OIDs ++# ++my @encoded_oids = (); ++ ++for (my $i = 0; $i <= $#names; $i++) { ++ my @octets = (); ++ ++ my @components = split(/[.]/, $oids[$i]); ++ ++ push @octets, $components[0] * 40 + $components[1]; ++ ++ for (my $loop = 2; $loop <= $#components; $loop++) { ++ my $c = $components[$loop]; ++ ++ # Base128 encode the number ++ my $tmp = ($c == 0) ? 0 : int(log($c)/log(2)); ++ $tmp = int($tmp / 7); ++ ++ for (; $tmp > 0; $tmp--) { ++ push @octets, (($c >> $tmp * 7) & 0x7f) | 0x80; ++ } ++ push @octets, $c & 0x7f; ++ } ++ ++ push @encoded_oids, \@octets; ++} ++ ++# ++# Create a hash value for each OID ++# ++my @hash_values = (); ++for (my $i = 0; $i <= $#names; $i++) { ++ my @octets = @{$encoded_oids[$i]}; ++ ++ my $hash = $#octets; ++ foreach (@octets) { ++ $hash += $_ * 33; ++ } ++ ++ $hash = ($hash >> 24) ^ ($hash >> 16) ^ ($hash >> 8) ^ ($hash); ++ ++ push @hash_values, $hash & 0xff; ++} ++ ++# ++# Emit the OID data ++# ++print C_FILE "\n"; ++print C_FILE "static const unsigned char oid_data[", $total_length, "] = {\n"; ++for (my $i = 0; $i <= $#names; $i++) { ++ my @octets = @{$encoded_oids[$i]}; ++ print C_FILE "\t"; ++ print C_FILE $_, ", " foreach (@octets); ++ print C_FILE "\t// ", $names[$i]; ++ print C_FILE "\n"; ++} ++print C_FILE "};\n"; ++ ++# ++# Build the search index table (ordered by length then hash then content) ++# ++my @index_table = ( 0 .. $#names ); ++ ++@index_table = sort { ++ my @octets_a = @{$encoded_oids[$a]}; ++ my @octets_b = @{$encoded_oids[$b]}; ++ ++ return $hash_values[$a] <=> $hash_values[$b] ++ if ($hash_values[$a] != $hash_values[$b]); ++ return $#octets_a <=> $#octets_b ++ if ($#octets_a != $#octets_b); ++ for (my $i = $#octets_a; $i >= 0; $i--) { ++ return $octets_a[$i] <=> $octets_b[$i] ++ if ($octets_a[$i] != $octets_b[$i]); ++ } ++ return 0; ++ ++} @index_table; ++ ++# ++# Emit the search index and hash value table ++# ++print C_FILE "\n"; ++print C_FILE "static const struct {\n"; ++print C_FILE "\tunsigned char hash;\n"; ++if ($#names <= 255) { ++ print C_FILE "\tenum OID oid : 8;\n"; ++} else { ++ print C_FILE "\tenum OID oid : 16;\n"; ++} ++print C_FILE "} oid_search_table[OID__NR] = {\n"; ++for (my $i = 0; $i <= $#names; $i++) { ++ my @octets = @{$encoded_oids[$index_table[$i]]}; ++ printf(C_FILE "\t[%3u] = { %3u, OID_%-35s }, // ", ++ $i, ++ $hash_values[$index_table[$i]], ++ $names[$index_table[$i]]); ++ printf C_FILE "%02x", $_ foreach (@octets); ++ print C_FILE "\n"; ++} ++print C_FILE "};\n"; ++ ++# ++# Emit the OID debugging name table ++# ++#print C_FILE "\n"; ++#print C_FILE "const char *const oid_name_table[OID__NR + 1] = {\n"; ++# ++#for (my $i = 0; $i <= $#names; $i++) { ++# print C_FILE "\t\"", $names[$i], "\",\n" ++#} ++#print C_FILE "\t\"Unknown-OID\"\n"; ++#print C_FILE "};\n"; ++ ++# ++# Polish off ++# ++close C_FILE or die; +diff --git a/lib/oid_registry.c b/lib/oid_registry.c +new file mode 100644 +index 0000000..33cfd17 +--- /dev/null ++++ b/lib/oid_registry.c +@@ -0,0 +1,89 @@ ++/* ASN.1 Object identifier (OID) registry ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#include ++#include ++#include "oid_registry_data.c" ++ ++/** ++ * look_up_OID - Find an OID registration for the specified data ++ * @data: Binary representation of the OID ++ * @datasize: Size of the binary representation ++ */ ++enum OID look_up_OID(const void *data, size_t datasize) ++{ ++ const unsigned char *octets = data; ++ enum OID oid; ++ unsigned char xhash; ++ unsigned i, j, k, hash; ++ size_t len; ++ ++ /* Hash the OID data */ ++ hash = datasize - 1; ++ ++ for (i = 0; i < datasize; i++) ++ hash += octets[i] * 33; ++ hash = (hash >> 24) ^ (hash >> 16) ^ (hash >> 8) ^ hash; ++ hash &= 0xff; ++ ++ /* Binary search the OID registry. OIDs are stored in ascending order ++ * of hash value then ascending order of size and then in ascending ++ * order of reverse value. ++ */ ++ i = 0; ++ k = OID__NR; ++ while (i < k) { ++ j = (i + k) / 2; ++ ++ xhash = oid_search_table[j].hash; ++ if (xhash > hash) { ++ k = j; ++ continue; ++ } ++ if (xhash < hash) { ++ i = j + 1; ++ continue; ++ } ++ ++ oid = oid_search_table[j].oid; ++ len = oid_index[oid + 1] - oid_index[oid]; ++ if (len > datasize) { ++ k = j; ++ continue; ++ } ++ if (len < datasize) { ++ i = j + 1; ++ continue; ++ } ++ ++ /* Variation is most likely to be at the tail end of the ++ * OID, so do the comparison in reverse. ++ */ ++ while (len > 0) { ++ unsigned char a = oid_data[oid_index[oid] + --len]; ++ unsigned char b = octets[len]; ++ if (a > b) { ++ k = j; ++ goto next; ++ } ++ if (a < b) { ++ i = j + 1; ++ goto next; ++ } ++ } ++ return oid; ++ next: ++ ; ++ } ++ ++ return OID__NR; ++} ++EXPORT_SYMBOL_GPL(look_up_OID); +-- +1.7.11.4 + + +From 098335ed1edc5ec7ae7a346416654e12bb9bcd65 Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Fri, 21 Sep 2012 23:30:51 +0100 +Subject: [PATCH 13/26] X.509: Add utility functions to render OIDs as strings + +Add a pair of utility functions to render OIDs as strings. The first takes an +encoded OID and turns it into a "a.b.c.d" form string: + + int sprint_oid(const void *data, size_t datasize, + char *buffer, size_t bufsize); + +The second takes an OID enum index and calls the first on the data held +therein: + + int sprint_OID(enum OID oid, char *buffer, size_t bufsize); + +Signed-off-by: David Howells +--- + include/linux/oid_registry.h | 2 ++ + lib/oid_registry.c | 81 ++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 83 insertions(+) + +diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h +index 5928546..6926db7 100644 +--- a/include/linux/oid_registry.h ++++ b/include/linux/oid_registry.h +@@ -86,5 +86,7 @@ enum OID { + }; + + extern enum OID look_up_OID(const void *data, size_t datasize); ++extern int sprint_oid(const void *, size_t, char *, size_t); ++extern int sprint_OID(enum OID, char *, size_t); + + #endif /* _LINUX_OID_REGISTRY_H */ +diff --git a/lib/oid_registry.c b/lib/oid_registry.c +index 33cfd17..d8de11f 100644 +--- a/lib/oid_registry.c ++++ b/lib/oid_registry.c +@@ -11,6 +11,9 @@ + + #include + #include ++#include ++#include ++#include + #include "oid_registry_data.c" + + /** +@@ -87,3 +90,81 @@ enum OID look_up_OID(const void *data, size_t datasize) + return OID__NR; + } + EXPORT_SYMBOL_GPL(look_up_OID); ++ ++/* ++ * sprint_OID - Print an Object Identifier into a buffer ++ * @data: The encoded OID to print ++ * @datasize: The size of the encoded OID ++ * @buffer: The buffer to render into ++ * @bufsize: The size of the buffer ++ * ++ * The OID is rendered into the buffer in "a.b.c.d" format and the number of ++ * bytes is returned. -EBADMSG is returned if the data could not be intepreted ++ * and -ENOBUFS if the buffer was too small. ++ */ ++int sprint_oid(const void *data, size_t datasize, char *buffer, size_t bufsize) ++{ ++ const unsigned char *v = data, *end = v + datasize; ++ unsigned long num; ++ unsigned char n; ++ size_t ret; ++ int count; ++ ++ if (v >= end) ++ return -EBADMSG; ++ ++ n = *v++; ++ ret = count = snprintf(buffer, bufsize, "%u.%u", n / 40, n % 40); ++ buffer += count; ++ bufsize -= count; ++ if (bufsize == 0) ++ return -ENOBUFS; ++ ++ while (v < end) { ++ num = 0; ++ n = *v++; ++ if (!(n & 0x80)) { ++ num = n; ++ } else { ++ num = n & 0x7f; ++ do { ++ if (v >= end) ++ return -EBADMSG; ++ n = *v++; ++ num <<= 7; ++ num |= n & 0x7f; ++ } while (n & 0x80); ++ } ++ ret += count = snprintf(buffer, bufsize, ".%lu", num); ++ buffer += count; ++ bufsize -= count; ++ if (bufsize == 0) ++ return -ENOBUFS; ++ } ++ ++ return ret; ++} ++EXPORT_SYMBOL_GPL(sprint_oid); ++ ++/** ++ * sprint_OID - Print an Object Identifier into a buffer ++ * @oid: The OID to print ++ * @buffer: The buffer to render into ++ * @bufsize: The size of the buffer ++ * ++ * The OID is rendered into the buffer in "a.b.c.d" format and the number of ++ * bytes is returned. ++ */ ++int sprint_OID(enum OID oid, char *buffer, size_t bufsize) ++{ ++ int ret; ++ ++ BUG_ON(oid >= OID__NR); ++ ++ ret = sprint_oid(oid_data + oid_index[oid], ++ oid_index[oid + 1] - oid_index[oid], ++ buffer, bufsize); ++ BUG_ON(ret == -EBADMSG); ++ return ret; ++} ++EXPORT_SYMBOL_GPL(sprint_OID); +-- +1.7.11.4 + + +From 3ddb8a2f1fe420777491641d39328741d9a28565 Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Fri, 21 Sep 2012 23:31:13 +0100 +Subject: [PATCH 14/26] X.509: Add simple ASN.1 grammar compiler + +Add a simple ASN.1 grammar compiler. This produces a bytecode output that can +be fed to a decoder to inform the decoder how to interpret the ASN.1 stream it +is trying to parse. + +Action functions can be specified in the grammar by interpolating: + + ({ foo }) + +after a type, for example: + + SubjectPublicKeyInfo ::= SEQUENCE { + algorithm AlgorithmIdentifier, + subjectPublicKey BIT STRING ({ do_key_data }) + } + +The decoder is expected to call these after matching this type and parsing the +contents if it is a constructed type. + +The grammar compiler does not currently support the SET type (though it does +support SET OF) as I can't see a good way of tracking which members have been +encountered yet without using up extra stack space. + +Currently, the grammar compiler will fail if more than 256 bytes of bytecode +would be produced or more than 256 actions have been specified as it uses +8-bit jump values and action indices to keep space usage down. + +Signed-off-by: David Howells +--- + include/linux/asn1.h | 67 ++ + include/linux/asn1_ber_bytecode.h | 87 +++ + init/Kconfig | 8 + + scripts/.gitignore | 1 + + scripts/Makefile | 2 + + scripts/Makefile.build | 11 + + scripts/asn1_compiler.c | 1545 +++++++++++++++++++++++++++++++++++++ + 7 files changed, 1721 insertions(+) + create mode 100644 include/linux/asn1.h + create mode 100644 include/linux/asn1_ber_bytecode.h + create mode 100644 scripts/asn1_compiler.c + +diff --git a/include/linux/asn1.h b/include/linux/asn1.h +new file mode 100644 +index 0000000..5c3f4e4 +--- /dev/null ++++ b/include/linux/asn1.h +@@ -0,0 +1,67 @@ ++/* ASN.1 BER/DER/CER encoding definitions ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#ifndef _LINUX_ASN1_H ++#define _LINUX_ASN1_H ++ ++/* Class */ ++enum asn1_class { ++ ASN1_UNIV = 0, /* Universal */ ++ ASN1_APPL = 1, /* Application */ ++ ASN1_CONT = 2, /* Context */ ++ ASN1_PRIV = 3 /* Private */ ++}; ++#define ASN1_CLASS_BITS 0xc0 ++ ++ ++enum asn1_method { ++ ASN1_PRIM = 0, /* Primitive */ ++ ASN1_CONS = 1 /* Constructed */ ++}; ++#define ASN1_CONS_BIT 0x20 ++ ++/* Tag */ ++enum asn1_tag { ++ ASN1_EOC = 0, /* End Of Contents or N/A */ ++ ASN1_BOOL = 1, /* Boolean */ ++ ASN1_INT = 2, /* Integer */ ++ ASN1_BTS = 3, /* Bit String */ ++ ASN1_OTS = 4, /* Octet String */ ++ ASN1_NULL = 5, /* Null */ ++ ASN1_OID = 6, /* Object Identifier */ ++ ASN1_ODE = 7, /* Object Description */ ++ ASN1_EXT = 8, /* External */ ++ ASN1_REAL = 9, /* Real float */ ++ ASN1_ENUM = 10, /* Enumerated */ ++ ASN1_EPDV = 11, /* Embedded PDV */ ++ ASN1_UTF8STR = 12, /* UTF8 String */ ++ ASN1_RELOID = 13, /* Relative OID */ ++ /* 14 - Reserved */ ++ /* 15 - Reserved */ ++ ASN1_SEQ = 16, /* Sequence and Sequence of */ ++ ASN1_SET = 17, /* Set and Set of */ ++ ASN1_NUMSTR = 18, /* Numerical String */ ++ ASN1_PRNSTR = 19, /* Printable String */ ++ ASN1_TEXSTR = 20, /* T61 String / Teletext String */ ++ ASN1_VIDSTR = 21, /* Videotex String */ ++ ASN1_IA5STR = 22, /* IA5 String */ ++ ASN1_UNITIM = 23, /* Universal Time */ ++ ASN1_GENTIM = 24, /* General Time */ ++ ASN1_GRASTR = 25, /* Graphic String */ ++ ASN1_VISSTR = 26, /* Visible String */ ++ ASN1_GENSTR = 27, /* General String */ ++ ASN1_UNISTR = 28, /* Universal String */ ++ ASN1_CHRSTR = 29, /* Character String */ ++ ASN1_BMPSTR = 30, /* BMP String */ ++ ASN1_LONG_TAG = 31 /* Long form tag */ ++}; ++ ++#endif /* _LINUX_ASN1_H */ +diff --git a/include/linux/asn1_ber_bytecode.h b/include/linux/asn1_ber_bytecode.h +new file mode 100644 +index 0000000..945d44a +--- /dev/null ++++ b/include/linux/asn1_ber_bytecode.h +@@ -0,0 +1,87 @@ ++/* ASN.1 BER/DER/CER parsing state machine internal definitions ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#ifndef _LINUX_ASN1_BER_BYTECODE_H ++#define _LINUX_ASN1_BER_BYTECODE_H ++ ++#ifdef __KERNEL__ ++#include ++#endif ++#include ++ ++typedef int (*asn1_action_t)(void *context, ++ size_t hdrlen, /* In case of ANY type */ ++ unsigned char tag, /* In case of ANY type */ ++ const void *value, size_t vlen); ++ ++struct asn1_decoder { ++ const unsigned char *machine; ++ size_t machlen; ++ const asn1_action_t *actions; ++}; ++ ++enum asn1_opcode { ++ /* The tag-matching ops come first and the odd-numbered slots ++ * are for OR_SKIP ops. ++ */ ++#define ASN1_OP_MATCH__SKIP 0x01 ++#define ASN1_OP_MATCH__ACT 0x02 ++#define ASN1_OP_MATCH__JUMP 0x04 ++#define ASN1_OP_MATCH__ANY 0x08 ++#define ASN1_OP_MATCH__COND 0x10 ++ ++ ASN1_OP_MATCH = 0x00, ++ ASN1_OP_MATCH_OR_SKIP = 0x01, ++ ASN1_OP_MATCH_ACT = 0x02, ++ ASN1_OP_MATCH_ACT_OR_SKIP = 0x03, ++ ASN1_OP_MATCH_JUMP = 0x04, ++ ASN1_OP_MATCH_JUMP_OR_SKIP = 0x05, ++ ASN1_OP_MATCH_ANY = 0x08, ++ ASN1_OP_MATCH_ANY_ACT = 0x0a, ++ /* Everything before here matches unconditionally */ ++ ++ ASN1_OP_COND_MATCH_OR_SKIP = 0x11, ++ ASN1_OP_COND_MATCH_ACT_OR_SKIP = 0x13, ++ ASN1_OP_COND_MATCH_JUMP_OR_SKIP = 0x15, ++ ASN1_OP_COND_MATCH_ANY = 0x18, ++ ASN1_OP_COND_MATCH_ANY_ACT = 0x1a, ++ ++ /* Everything before here will want a tag from the data */ ++#define ASN1_OP__MATCHES_TAG ASN1_OP_COND_MATCH_ANY_ACT ++ ++ /* These are here to help fill up space */ ++ ASN1_OP_COND_FAIL = 0x1b, ++ ASN1_OP_COMPLETE = 0x1c, ++ ASN1_OP_ACT = 0x1d, ++ ASN1_OP_RETURN = 0x1e, ++ ++ /* The following eight have bit 0 -> SET, 1 -> OF, 2 -> ACT */ ++ ASN1_OP_END_SEQ = 0x20, ++ ASN1_OP_END_SET = 0x21, ++ ASN1_OP_END_SEQ_OF = 0x22, ++ ASN1_OP_END_SET_OF = 0x23, ++ ASN1_OP_END_SEQ_ACT = 0x24, ++ ASN1_OP_END_SET_ACT = 0x25, ++ ASN1_OP_END_SEQ_OF_ACT = 0x26, ++ ASN1_OP_END_SET_OF_ACT = 0x27, ++#define ASN1_OP_END__SET 0x01 ++#define ASN1_OP_END__OF 0x02 ++#define ASN1_OP_END__ACT 0x04 ++ ++ ASN1_OP__NR ++}; ++ ++#define _tag(CLASS, CP, TAG) ((ASN1_##CLASS << 6) | (ASN1_##CP << 5) | ASN1_##TAG) ++#define _tagn(CLASS, CP, TAG) ((ASN1_##CLASS << 6) | (ASN1_##CP << 5) | TAG) ++#define _jump_target(N) (N) ++#define _action(N) (N) ++ ++#endif /* _LINUX_ASN1_BER_BYTECODE_H */ +diff --git a/init/Kconfig b/init/Kconfig +index af6c7f8..66cc885 100644 +--- a/init/Kconfig ++++ b/init/Kconfig +@@ -1612,4 +1612,12 @@ config PADATA + depends on SMP + bool + ++config ASN1 ++ tristate ++ help ++ Build a simple ASN.1 grammar compiler that produces a bytecode output ++ that can be interpreted by the ASN.1 stream decoder and used to ++ inform it as to what tags are to be expected in a stream and what ++ functions to call on what tags. ++ + source "kernel/Kconfig.locks" +diff --git a/scripts/.gitignore b/scripts/.gitignore +index 65f362d..fb070fa 100644 +--- a/scripts/.gitignore ++++ b/scripts/.gitignore +@@ -10,3 +10,4 @@ ihex2fw + recordmcount + docproc + sortextable ++asn1_compiler +diff --git a/scripts/Makefile b/scripts/Makefile +index a55b006..01e7adb 100644 +--- a/scripts/Makefile ++++ b/scripts/Makefile +@@ -16,8 +16,10 @@ hostprogs-$(CONFIG_VT) += conmakehash + hostprogs-$(CONFIG_IKCONFIG) += bin2c + hostprogs-$(BUILD_C_RECORDMCOUNT) += recordmcount + hostprogs-$(CONFIG_BUILDTIME_EXTABLE_SORT) += sortextable ++hostprogs-$(CONFIG_ASN1) += asn1_compiler + + HOSTCFLAGS_sortextable.o = -I$(srctree)/tools/include ++HOSTCFLAGS_asn1_compiler.o = -I$(srctree)/include + + always := $(hostprogs-y) $(hostprogs-m) + +diff --git a/scripts/Makefile.build b/scripts/Makefile.build +index ff1720d..0e801c3 100644 +--- a/scripts/Makefile.build ++++ b/scripts/Makefile.build +@@ -354,6 +354,17 @@ quiet_cmd_cpp_lds_S = LDS $@ + $(obj)/%.lds: $(src)/%.lds.S FORCE + $(call if_changed_dep,cpp_lds_S) + ++# ASN.1 grammar ++# --------------------------------------------------------------------------- ++quiet_cmd_asn1_compiler = ASN.1 $@ ++ cmd_asn1_compiler = $(objtree)/scripts/asn1_compiler $< \ ++ $(subst .h,.c,$@) $(subst .c,.h,$@) ++ ++.PRECIOUS: $(objtree)/$(obj)/%-asn1.c $(objtree)/$(obj)/%-asn1.h ++ ++$(obj)/%-asn1.c $(obj)/%-asn1.h: $(src)/%.asn1 $(objtree)/scripts/asn1_compiler ++ $(call cmd,asn1_compiler) ++ + # Build the compiled-in targets + # --------------------------------------------------------------------------- + +diff --git a/scripts/asn1_compiler.c b/scripts/asn1_compiler.c +new file mode 100644 +index 0000000..db0e5cd +--- /dev/null ++++ b/scripts/asn1_compiler.c +@@ -0,0 +1,1545 @@ ++/* Simplified ASN.1 notation parser ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++enum token_type { ++ DIRECTIVE_ABSENT, ++ DIRECTIVE_ALL, ++ DIRECTIVE_ANY, ++ DIRECTIVE_APPLICATION, ++ DIRECTIVE_AUTOMATIC, ++ DIRECTIVE_BEGIN, ++ DIRECTIVE_BIT, ++ DIRECTIVE_BMPString, ++ DIRECTIVE_BOOLEAN, ++ DIRECTIVE_BY, ++ DIRECTIVE_CHARACTER, ++ DIRECTIVE_CHOICE, ++ DIRECTIVE_CLASS, ++ DIRECTIVE_COMPONENT, ++ DIRECTIVE_COMPONENTS, ++ DIRECTIVE_CONSTRAINED, ++ DIRECTIVE_CONTAINING, ++ DIRECTIVE_DEFAULT, ++ DIRECTIVE_DEFINED, ++ DIRECTIVE_DEFINITIONS, ++ DIRECTIVE_EMBEDDED, ++ DIRECTIVE_ENCODED, ++ DIRECTIVE_ENCODING_CONTROL, ++ DIRECTIVE_END, ++ DIRECTIVE_ENUMERATED, ++ DIRECTIVE_EXCEPT, ++ DIRECTIVE_EXPLICIT, ++ DIRECTIVE_EXPORTS, ++ DIRECTIVE_EXTENSIBILITY, ++ DIRECTIVE_EXTERNAL, ++ DIRECTIVE_FALSE, ++ DIRECTIVE_FROM, ++ DIRECTIVE_GeneralString, ++ DIRECTIVE_GeneralizedTime, ++ DIRECTIVE_GraphicString, ++ DIRECTIVE_IA5String, ++ DIRECTIVE_IDENTIFIER, ++ DIRECTIVE_IMPLICIT, ++ DIRECTIVE_IMPLIED, ++ DIRECTIVE_IMPORTS, ++ DIRECTIVE_INCLUDES, ++ DIRECTIVE_INSTANCE, ++ DIRECTIVE_INSTRUCTIONS, ++ DIRECTIVE_INTEGER, ++ DIRECTIVE_INTERSECTION, ++ DIRECTIVE_ISO646String, ++ DIRECTIVE_MAX, ++ DIRECTIVE_MIN, ++ DIRECTIVE_MINUS_INFINITY, ++ DIRECTIVE_NULL, ++ DIRECTIVE_NumericString, ++ DIRECTIVE_OBJECT, ++ DIRECTIVE_OCTET, ++ DIRECTIVE_OF, ++ DIRECTIVE_OPTIONAL, ++ DIRECTIVE_ObjectDescriptor, ++ DIRECTIVE_PATTERN, ++ DIRECTIVE_PDV, ++ DIRECTIVE_PLUS_INFINITY, ++ DIRECTIVE_PRESENT, ++ DIRECTIVE_PRIVATE, ++ DIRECTIVE_PrintableString, ++ DIRECTIVE_REAL, ++ DIRECTIVE_RELATIVE_OID, ++ DIRECTIVE_SEQUENCE, ++ DIRECTIVE_SET, ++ DIRECTIVE_SIZE, ++ DIRECTIVE_STRING, ++ DIRECTIVE_SYNTAX, ++ DIRECTIVE_T61String, ++ DIRECTIVE_TAGS, ++ DIRECTIVE_TRUE, ++ DIRECTIVE_TeletexString, ++ DIRECTIVE_UNION, ++ DIRECTIVE_UNIQUE, ++ DIRECTIVE_UNIVERSAL, ++ DIRECTIVE_UTCTime, ++ DIRECTIVE_UTF8String, ++ DIRECTIVE_UniversalString, ++ DIRECTIVE_VideotexString, ++ DIRECTIVE_VisibleString, ++ DIRECTIVE_WITH, ++ NR__DIRECTIVES, ++ TOKEN_ASSIGNMENT = NR__DIRECTIVES, ++ TOKEN_OPEN_CURLY, ++ TOKEN_CLOSE_CURLY, ++ TOKEN_OPEN_SQUARE, ++ TOKEN_CLOSE_SQUARE, ++ TOKEN_OPEN_ACTION, ++ TOKEN_CLOSE_ACTION, ++ TOKEN_COMMA, ++ TOKEN_NUMBER, ++ TOKEN_TYPE_NAME, ++ TOKEN_ELEMENT_NAME, ++ NR__TOKENS ++}; ++ ++static const unsigned char token_to_tag[NR__TOKENS] = { ++ /* EOC goes first */ ++ [DIRECTIVE_BOOLEAN] = ASN1_BOOL, ++ [DIRECTIVE_INTEGER] = ASN1_INT, ++ [DIRECTIVE_BIT] = ASN1_BTS, ++ [DIRECTIVE_OCTET] = ASN1_OTS, ++ [DIRECTIVE_NULL] = ASN1_NULL, ++ [DIRECTIVE_OBJECT] = ASN1_OID, ++ [DIRECTIVE_ObjectDescriptor] = ASN1_ODE, ++ [DIRECTIVE_EXTERNAL] = ASN1_EXT, ++ [DIRECTIVE_REAL] = ASN1_REAL, ++ [DIRECTIVE_ENUMERATED] = ASN1_ENUM, ++ [DIRECTIVE_EMBEDDED] = 0, ++ [DIRECTIVE_UTF8String] = ASN1_UTF8STR, ++ [DIRECTIVE_RELATIVE_OID] = ASN1_RELOID, ++ /* 14 */ ++ /* 15 */ ++ [DIRECTIVE_SEQUENCE] = ASN1_SEQ, ++ [DIRECTIVE_SET] = ASN1_SET, ++ [DIRECTIVE_NumericString] = ASN1_NUMSTR, ++ [DIRECTIVE_PrintableString] = ASN1_PRNSTR, ++ [DIRECTIVE_T61String] = ASN1_TEXSTR, ++ [DIRECTIVE_TeletexString] = ASN1_TEXSTR, ++ [DIRECTIVE_VideotexString] = ASN1_VIDSTR, ++ [DIRECTIVE_IA5String] = ASN1_IA5STR, ++ [DIRECTIVE_UTCTime] = ASN1_UNITIM, ++ [DIRECTIVE_GeneralizedTime] = ASN1_GENTIM, ++ [DIRECTIVE_GraphicString] = ASN1_GRASTR, ++ [DIRECTIVE_VisibleString] = ASN1_VISSTR, ++ [DIRECTIVE_GeneralString] = ASN1_GENSTR, ++ [DIRECTIVE_UniversalString] = ASN1_UNITIM, ++ [DIRECTIVE_CHARACTER] = ASN1_CHRSTR, ++ [DIRECTIVE_BMPString] = ASN1_BMPSTR, ++}; ++ ++static const char asn1_classes[4][5] = { ++ [ASN1_UNIV] = "UNIV", ++ [ASN1_APPL] = "APPL", ++ [ASN1_CONT] = "CONT", ++ [ASN1_PRIV] = "PRIV" ++}; ++ ++static const char asn1_methods[2][5] = { ++ [ASN1_UNIV] = "PRIM", ++ [ASN1_APPL] = "CONS" ++}; ++ ++static const char *const asn1_universal_tags[32] = { ++ "EOC", ++ "BOOL", ++ "INT", ++ "BTS", ++ "OTS", ++ "NULL", ++ "OID", ++ "ODE", ++ "EXT", ++ "REAL", ++ "ENUM", ++ "EPDV", ++ "UTF8STR", ++ "RELOID", ++ NULL, /* 14 */ ++ NULL, /* 15 */ ++ "SEQ", ++ "SET", ++ "NUMSTR", ++ "PRNSTR", ++ "TEXSTR", ++ "VIDSTR", ++ "IA5STR", ++ "UNITIM", ++ "GENTIM", ++ "GRASTR", ++ "VISSTR", ++ "GENSTR", ++ "UNISTR", ++ "CHRSTR", ++ "BMPSTR", ++ NULL /* 31 */ ++}; ++ ++static const char *filename; ++static const char *grammar_name; ++static const char *outputname; ++static const char *headername; ++ ++static const char *const directives[NR__DIRECTIVES] = { ++#define _(X) [DIRECTIVE_##X] = #X ++ _(ABSENT), ++ _(ALL), ++ _(ANY), ++ _(APPLICATION), ++ _(AUTOMATIC), ++ _(BEGIN), ++ _(BIT), ++ _(BMPString), ++ _(BOOLEAN), ++ _(BY), ++ _(CHARACTER), ++ _(CHOICE), ++ _(CLASS), ++ _(COMPONENT), ++ _(COMPONENTS), ++ _(CONSTRAINED), ++ _(CONTAINING), ++ _(DEFAULT), ++ _(DEFINED), ++ _(DEFINITIONS), ++ _(EMBEDDED), ++ _(ENCODED), ++ [DIRECTIVE_ENCODING_CONTROL] = "ENCODING-CONTROL", ++ _(END), ++ _(ENUMERATED), ++ _(EXCEPT), ++ _(EXPLICIT), ++ _(EXPORTS), ++ _(EXTENSIBILITY), ++ _(EXTERNAL), ++ _(FALSE), ++ _(FROM), ++ _(GeneralString), ++ _(GeneralizedTime), ++ _(GraphicString), ++ _(IA5String), ++ _(IDENTIFIER), ++ _(IMPLICIT), ++ _(IMPLIED), ++ _(IMPORTS), ++ _(INCLUDES), ++ _(INSTANCE), ++ _(INSTRUCTIONS), ++ _(INTEGER), ++ _(INTERSECTION), ++ _(ISO646String), ++ _(MAX), ++ _(MIN), ++ [DIRECTIVE_MINUS_INFINITY] = "MINUS-INFINITY", ++ [DIRECTIVE_NULL] = "NULL", ++ _(NumericString), ++ _(OBJECT), ++ _(OCTET), ++ _(OF), ++ _(OPTIONAL), ++ _(ObjectDescriptor), ++ _(PATTERN), ++ _(PDV), ++ [DIRECTIVE_PLUS_INFINITY] = "PLUS-INFINITY", ++ _(PRESENT), ++ _(PRIVATE), ++ _(PrintableString), ++ _(REAL), ++ [DIRECTIVE_RELATIVE_OID] = "RELATIVE-OID", ++ _(SEQUENCE), ++ _(SET), ++ _(SIZE), ++ _(STRING), ++ _(SYNTAX), ++ _(T61String), ++ _(TAGS), ++ _(TRUE), ++ _(TeletexString), ++ _(UNION), ++ _(UNIQUE), ++ _(UNIVERSAL), ++ _(UTCTime), ++ _(UTF8String), ++ _(UniversalString), ++ _(VideotexString), ++ _(VisibleString), ++ _(WITH) ++}; ++ ++struct action { ++ struct action *next; ++ unsigned char index; ++ char name[]; ++}; ++ ++static struct action *action_list; ++static unsigned nr_actions; ++ ++struct token { ++ unsigned short line; ++ enum token_type token_type : 8; ++ unsigned char size; ++ struct action *action; ++ const char *value; ++ struct type *type; ++}; ++ ++static struct token *token_list; ++static unsigned nr_tokens; ++ ++static int directive_compare(const void *_key, const void *_pdir) ++{ ++ const struct token *token = _key; ++ const char *const *pdir = _pdir, *dir = *pdir; ++ size_t dlen, clen; ++ int val; ++ ++ dlen = strlen(dir); ++ clen = (dlen < token->size) ? dlen : token->size; ++ ++ //printf("cmp(%*.*s,%s) = ", ++ // (int)token->size, (int)token->size, token->value, ++ // dir); ++ ++ val = memcmp(token->value, dir, clen); ++ if (val != 0) { ++ //printf("%d [cmp]\n", val); ++ return val; ++ } ++ ++ if (dlen == token->size) { ++ //printf("0\n"); ++ return 0; ++ } ++ //printf("%d\n", (int)dlen - (int)token->size); ++ return dlen - token->size; /* shorter -> negative */ ++} ++ ++/* ++ * Tokenise an ASN.1 grammar ++ */ ++static void tokenise(char *buffer, char *end) ++{ ++ struct token *tokens; ++ char *line, *nl, *p, *q; ++ unsigned tix, lineno; ++ ++ /* Assume we're going to have half as many tokens as we have ++ * characters ++ */ ++ token_list = tokens = calloc((end - buffer) / 2, sizeof(struct token)); ++ if (!tokens) { ++ perror(NULL); ++ exit(1); ++ } ++ tix = 0; ++ ++ lineno = 0; ++ while (buffer < end) { ++ /* First of all, break out a line */ ++ lineno++; ++ line = buffer; ++ nl = memchr(line, '\n', end - buffer); ++ if (!nl) { ++ buffer = nl = end; ++ } else { ++ buffer = nl + 1; ++ *nl = '\0'; ++ } ++ ++ /* Remove "--" comments */ ++ p = line; ++ next_comment: ++ while ((p = memchr(p, '-', nl - p))) { ++ if (p[1] == '-') { ++ /* Found a comment; see if there's a terminator */ ++ q = p + 2; ++ while ((q = memchr(q, '-', nl - q))) { ++ if (q[1] == '-') { ++ /* There is - excise the comment */ ++ q += 2; ++ memmove(p, q, nl - q); ++ goto next_comment; ++ } ++ q++; ++ } ++ *p = '\0'; ++ nl = p; ++ break; ++ } else { ++ p++; ++ } ++ } ++ ++ p = line; ++ while (p < nl) { ++ /* Skip white space */ ++ while (p < nl && isspace(*p)) ++ *(p++) = 0; ++ if (p >= nl) ++ break; ++ ++ tokens[tix].line = lineno; ++ tokens[tix].value = p; ++ ++ /* Handle string tokens */ ++ if (isalpha(*p)) { ++ const char **dir; ++ ++ /* Can be a directive, type name or element ++ * name. Find the end of the name. ++ */ ++ q = p + 1; ++ while (q < nl && (isalnum(*q) || *q == '-' || *q == '_')) ++ q++; ++ tokens[tix].size = q - p; ++ p = q; ++ ++ /* If it begins with a lowercase letter then ++ * it's an element name ++ */ ++ if (islower(tokens[tix].value[0])) { ++ tokens[tix++].token_type = TOKEN_ELEMENT_NAME; ++ continue; ++ } ++ ++ /* Otherwise we need to search the directive ++ * table ++ */ ++ dir = bsearch(&tokens[tix], directives, ++ sizeof(directives) / sizeof(directives[1]), ++ sizeof(directives[1]), ++ directive_compare); ++ if (dir) { ++ tokens[tix++].token_type = dir - directives; ++ continue; ++ } ++ ++ tokens[tix++].token_type = TOKEN_TYPE_NAME; ++ continue; ++ } ++ ++ /* Handle numbers */ ++ if (isdigit(*p)) { ++ /* Find the end of the number */ ++ q = p + 1; ++ while (q < nl && (isdigit(*q))) ++ q++; ++ tokens[tix].size = q - p; ++ p = q; ++ tokens[tix++].token_type = TOKEN_NUMBER; ++ continue; ++ } ++ ++ if (nl - p >= 3) { ++ if (memcmp(p, "::=", 3) == 0) { ++ p += 3; ++ tokens[tix].size = 3; ++ tokens[tix++].token_type = TOKEN_ASSIGNMENT; ++ continue; ++ } ++ } ++ ++ if (nl - p >= 2) { ++ if (memcmp(p, "({", 2) == 0) { ++ p += 2; ++ tokens[tix].size = 2; ++ tokens[tix++].token_type = TOKEN_OPEN_ACTION; ++ continue; ++ } ++ if (memcmp(p, "})", 2) == 0) { ++ p += 2; ++ tokens[tix].size = 2; ++ tokens[tix++].token_type = TOKEN_CLOSE_ACTION; ++ continue; ++ } ++ } ++ ++ if (nl - p >= 1) { ++ tokens[tix].size = 1; ++ switch (*p) { ++ case '{': ++ p += 1; ++ tokens[tix++].token_type = TOKEN_OPEN_CURLY; ++ continue; ++ case '}': ++ p += 1; ++ tokens[tix++].token_type = TOKEN_CLOSE_CURLY; ++ continue; ++ case '[': ++ p += 1; ++ tokens[tix++].token_type = TOKEN_OPEN_SQUARE; ++ continue; ++ case ']': ++ p += 1; ++ tokens[tix++].token_type = TOKEN_CLOSE_SQUARE; ++ continue; ++ case ',': ++ p += 1; ++ tokens[tix++].token_type = TOKEN_COMMA; ++ continue; ++ default: ++ break; ++ } ++ } ++ ++ fprintf(stderr, "%s:%u: Unknown character in grammar: '%c'\n", ++ filename, lineno, *p); ++ exit(1); ++ } ++ } ++ ++ nr_tokens = tix; ++ printf("Extracted %u tokens\n", nr_tokens); ++ ++#if 0 ++ { ++ int n; ++ for (n = 0; n < nr_tokens; n++) ++ printf("Token %3u: '%*.*s'\n", ++ n, ++ (int)token_list[n].size, (int)token_list[n].size, ++ token_list[n].value); ++ } ++#endif ++} ++ ++static void build_type_list(void); ++static void parse(void); ++static void render(FILE *out, FILE *hdr); ++ ++/* ++ * ++ */ ++int main(int argc, char **argv) ++{ ++ struct stat st; ++ ssize_t readlen; ++ FILE *out, *hdr; ++ char *buffer, *p; ++ int fd; ++ ++ if (argc != 4) { ++ fprintf(stderr, "Format: %s \n", ++ argv[0]); ++ exit(2); ++ } ++ ++ filename = argv[1]; ++ outputname = argv[2]; ++ headername = argv[3]; ++ ++ fd = open(filename, O_RDONLY); ++ if (fd < 0) { ++ perror(filename); ++ exit(1); ++ } ++ ++ if (fstat(fd, &st) < 0) { ++ perror(filename); ++ exit(1); ++ } ++ ++ if (!(buffer = malloc(st.st_size + 1))) { ++ perror(NULL); ++ exit(1); ++ } ++ ++ if ((readlen = read(fd, buffer, st.st_size)) < 0) { ++ perror(filename); ++ exit(1); ++ } ++ ++ if (close(fd) < 0) { ++ perror(filename); ++ exit(1); ++ } ++ ++ if (readlen != st.st_size) { ++ fprintf(stderr, "%s: Short read\n", filename); ++ exit(1); ++ } ++ ++ p = strrchr(argv[1], '/'); ++ p = p ? p + 1 : argv[1]; ++ grammar_name = strdup(p); ++ if (!p) { ++ perror(NULL); ++ exit(1); ++ } ++ p = strchr(grammar_name, '.'); ++ if (p) ++ *p = '\0'; ++ ++ buffer[readlen] = 0; ++ tokenise(buffer, buffer + readlen); ++ build_type_list(); ++ parse(); ++ ++ out = fopen(outputname, "w"); ++ if (!out) { ++ perror(outputname); ++ exit(1); ++ } ++ ++ hdr = fopen(headername, "w"); ++ if (!out) { ++ perror(headername); ++ exit(1); ++ } ++ ++ render(out, hdr); ++ ++ if (fclose(out) < 0) { ++ perror(outputname); ++ exit(1); ++ } ++ ++ if (fclose(hdr) < 0) { ++ perror(headername); ++ exit(1); ++ } ++ ++ return 0; ++} ++ ++enum compound { ++ NOT_COMPOUND, ++ SET, ++ SET_OF, ++ SEQUENCE, ++ SEQUENCE_OF, ++ CHOICE, ++ ANY, ++ TYPE_REF, ++ TAG_OVERRIDE ++}; ++ ++struct element { ++ struct type *type_def; ++ struct token *name; ++ struct token *type; ++ struct action *action; ++ struct element *children; ++ struct element *next; ++ struct element *render_next; ++ struct element *list_next; ++ uint8_t n_elements; ++ enum compound compound : 8; ++ enum asn1_class class : 8; ++ enum asn1_method method : 8; ++ uint8_t tag; ++ unsigned entry_index; ++ unsigned flags; ++#define ELEMENT_IMPLICIT 0x0001 ++#define ELEMENT_EXPLICIT 0x0002 ++#define ELEMENT_MARKED 0x0004 ++#define ELEMENT_RENDERED 0x0008 ++#define ELEMENT_SKIPPABLE 0x0010 ++#define ELEMENT_CONDITIONAL 0x0020 ++}; ++ ++struct type { ++ struct token *name; ++ struct token *def; ++ struct element *element; ++ unsigned ref_count; ++ unsigned flags; ++#define TYPE_STOP_MARKER 0x0001 ++#define TYPE_BEGIN 0x0002 ++}; ++ ++static struct type *type_list; ++static struct type **type_index; ++static unsigned nr_types; ++ ++static int type_index_compare(const void *_a, const void *_b) ++{ ++ const struct type *const *a = _a, *const *b = _b; ++ ++ if ((*a)->name->size != (*b)->name->size) ++ return (*a)->name->size - (*b)->name->size; ++ else ++ return memcmp((*a)->name->value, (*b)->name->value, ++ (*a)->name->size); ++} ++ ++static int type_finder(const void *_key, const void *_ti) ++{ ++ const struct token *token = _key; ++ const struct type *const *ti = _ti; ++ const struct type *type = *ti; ++ ++ if (token->size != type->name->size) ++ return token->size - type->name->size; ++ else ++ return memcmp(token->value, type->name->value, ++ token->size); ++} ++ ++/* ++ * Build up a list of types and a sorted index to that list. ++ */ ++static void build_type_list(void) ++{ ++ struct type *types; ++ unsigned nr, t, n; ++ ++ nr = 0; ++ for (n = 0; n < nr_tokens - 1; n++) ++ if (token_list[n + 0].token_type == TOKEN_TYPE_NAME && ++ token_list[n + 1].token_type == TOKEN_ASSIGNMENT) ++ nr++; ++ ++ if (nr == 0) { ++ fprintf(stderr, "%s: No defined types\n", filename); ++ exit(1); ++ } ++ ++ nr_types = nr; ++ types = type_list = calloc(nr + 1, sizeof(type_list[0])); ++ if (!type_list) { ++ perror(NULL); ++ exit(1); ++ } ++ type_index = calloc(nr, sizeof(type_index[0])); ++ if (!type_index) { ++ perror(NULL); ++ exit(1); ++ } ++ ++ t = 0; ++ types[t].flags |= TYPE_BEGIN; ++ for (n = 0; n < nr_tokens - 1; n++) { ++ if (token_list[n + 0].token_type == TOKEN_TYPE_NAME && ++ token_list[n + 1].token_type == TOKEN_ASSIGNMENT) { ++ types[t].name = &token_list[n]; ++ type_index[t] = &types[t]; ++ t++; ++ } ++ } ++ types[t].name = &token_list[n + 1]; ++ types[t].flags |= TYPE_STOP_MARKER; ++ ++ qsort(type_index, nr, sizeof(type_index[0]), type_index_compare); ++ ++ printf("Extracted %u types\n", nr_types); ++#if 0 ++ for (n = 0; n < nr_types; n++) { ++ struct type *type = type_index[n]; ++ printf("- %*.*s\n", ++ (int)type->name->size, ++ (int)type->name->size, ++ type->name->value); ++ } ++#endif ++} ++ ++static struct element *parse_type(struct token **_cursor, struct token *stop, ++ struct token *name); ++ ++/* ++ * Parse the token stream ++ */ ++static void parse(void) ++{ ++ struct token *cursor; ++ struct type *type; ++ ++ /* Parse one type definition statement at a time */ ++ type = type_list; ++ do { ++ cursor = type->name; ++ ++ if (cursor[0].token_type != TOKEN_TYPE_NAME || ++ cursor[1].token_type != TOKEN_ASSIGNMENT) ++ abort(); ++ cursor += 2; ++ ++ type->element = parse_type(&cursor, type[1].name, NULL); ++ type->element->type_def = type; ++ ++ if (cursor != type[1].name) { ++ fprintf(stderr, "%s:%d: Parse error at token '%*.*s'\n", ++ filename, cursor->line, ++ (int)cursor->size, (int)cursor->size, cursor->value); ++ exit(1); ++ } ++ ++ } while (type++, !(type->flags & TYPE_STOP_MARKER)); ++ ++ printf("Extracted %u actions\n", nr_actions); ++} ++ ++static struct element *element_list; ++ ++static struct element *alloc_elem(struct token *type) ++{ ++ struct element *e = calloc(1, sizeof(*e)); ++ if (!e) { ++ perror(NULL); ++ exit(1); ++ } ++ e->list_next = element_list; ++ element_list = e; ++ return e; ++} ++ ++static struct element *parse_compound(struct token **_cursor, struct token *end, ++ int alternates); ++ ++/* ++ * Parse one type definition statement ++ */ ++static struct element *parse_type(struct token **_cursor, struct token *end, ++ struct token *name) ++{ ++ struct element *top, *element; ++ struct action *action, **ppaction; ++ struct token *cursor = *_cursor; ++ struct type **ref; ++ char *p; ++ int labelled = 0, implicit = 0; ++ ++ top = element = alloc_elem(cursor); ++ element->class = ASN1_UNIV; ++ element->method = ASN1_PRIM; ++ element->tag = token_to_tag[cursor->token_type]; ++ element->name = name; ++ ++ /* Extract the tag value if one given */ ++ if (cursor->token_type == TOKEN_OPEN_SQUARE) { ++ cursor++; ++ if (cursor >= end) ++ goto overrun_error; ++ switch (cursor->token_type) { ++ case DIRECTIVE_UNIVERSAL: ++ element->class = ASN1_UNIV; ++ cursor++; ++ break; ++ case DIRECTIVE_APPLICATION: ++ element->class = ASN1_APPL; ++ cursor++; ++ break; ++ case TOKEN_NUMBER: ++ element->class = ASN1_CONT; ++ break; ++ case DIRECTIVE_PRIVATE: ++ element->class = ASN1_PRIV; ++ cursor++; ++ break; ++ default: ++ fprintf(stderr, "%s:%d: Unrecognised tag class token '%*.*s'\n", ++ filename, cursor->line, ++ (int)cursor->size, (int)cursor->size, cursor->value); ++ exit(1); ++ } ++ ++ if (cursor >= end) ++ goto overrun_error; ++ if (cursor->token_type != TOKEN_NUMBER) { ++ fprintf(stderr, "%s:%d: Missing tag number '%*.*s'\n", ++ filename, cursor->line, ++ (int)cursor->size, (int)cursor->size, cursor->value); ++ exit(1); ++ } ++ ++ element->tag &= ~0x1f; ++ element->tag |= strtoul(cursor->value, &p, 10); ++ if (p - cursor->value != cursor->size) ++ abort(); ++ cursor++; ++ ++ if (cursor >= end) ++ goto overrun_error; ++ if (cursor->token_type != TOKEN_CLOSE_SQUARE) { ++ fprintf(stderr, "%s:%d: Missing closing square bracket '%*.*s'\n", ++ filename, cursor->line, ++ (int)cursor->size, (int)cursor->size, cursor->value); ++ exit(1); ++ } ++ cursor++; ++ if (cursor >= end) ++ goto overrun_error; ++ labelled = 1; ++ } ++ ++ /* Handle implicit and explicit markers */ ++ if (cursor->token_type == DIRECTIVE_IMPLICIT) { ++ element->flags |= ELEMENT_IMPLICIT; ++ implicit = 1; ++ cursor++; ++ if (cursor >= end) ++ goto overrun_error; ++ } else if (cursor->token_type == DIRECTIVE_EXPLICIT) { ++ element->flags |= ELEMENT_EXPLICIT; ++ cursor++; ++ if (cursor >= end) ++ goto overrun_error; ++ } ++ ++ if (labelled) { ++ if (!implicit) ++ element->method |= ASN1_CONS; ++ element->compound = implicit ? TAG_OVERRIDE : SEQUENCE; ++ element->children = alloc_elem(cursor); ++ element = element->children; ++ element->class = ASN1_UNIV; ++ element->method = ASN1_PRIM; ++ element->tag = token_to_tag[cursor->token_type]; ++ element->name = name; ++ } ++ ++ /* Extract the type we're expecting here */ ++ element->type = cursor; ++ switch (cursor->token_type) { ++ case DIRECTIVE_ANY: ++ element->compound = ANY; ++ cursor++; ++ break; ++ ++ case DIRECTIVE_NULL: ++ case DIRECTIVE_BOOLEAN: ++ case DIRECTIVE_ENUMERATED: ++ case DIRECTIVE_INTEGER: ++ element->compound = NOT_COMPOUND; ++ cursor++; ++ break; ++ ++ case DIRECTIVE_EXTERNAL: ++ element->method = ASN1_CONS; ++ ++ case DIRECTIVE_BMPString: ++ case DIRECTIVE_GeneralString: ++ case DIRECTIVE_GraphicString: ++ case DIRECTIVE_IA5String: ++ case DIRECTIVE_ISO646String: ++ case DIRECTIVE_NumericString: ++ case DIRECTIVE_PrintableString: ++ case DIRECTIVE_T61String: ++ case DIRECTIVE_TeletexString: ++ case DIRECTIVE_UniversalString: ++ case DIRECTIVE_UTF8String: ++ case DIRECTIVE_VideotexString: ++ case DIRECTIVE_VisibleString: ++ case DIRECTIVE_ObjectDescriptor: ++ case DIRECTIVE_GeneralizedTime: ++ case DIRECTIVE_UTCTime: ++ element->compound = NOT_COMPOUND; ++ cursor++; ++ break; ++ ++ case DIRECTIVE_BIT: ++ case DIRECTIVE_OCTET: ++ element->compound = NOT_COMPOUND; ++ cursor++; ++ if (cursor >= end) ++ goto overrun_error; ++ if (cursor->token_type != DIRECTIVE_STRING) ++ goto parse_error; ++ cursor++; ++ break; ++ ++ case DIRECTIVE_OBJECT: ++ element->compound = NOT_COMPOUND; ++ cursor++; ++ if (cursor >= end) ++ goto overrun_error; ++ if (cursor->token_type != DIRECTIVE_IDENTIFIER) ++ goto parse_error; ++ cursor++; ++ break; ++ ++ case TOKEN_TYPE_NAME: ++ element->compound = TYPE_REF; ++ ref = bsearch(cursor, type_index, nr_types, sizeof(type_index[0]), ++ type_finder); ++ if (!ref) { ++ fprintf(stderr, "%s:%d: Type '%*.*s' undefined\n", ++ filename, cursor->line, ++ (int)cursor->size, (int)cursor->size, cursor->value); ++ exit(1); ++ } ++ cursor->type = *ref; ++ (*ref)->ref_count++; ++ cursor++; ++ break; ++ ++ case DIRECTIVE_CHOICE: ++ element->compound = CHOICE; ++ cursor++; ++ element->children = parse_compound(&cursor, end, 1); ++ break; ++ ++ case DIRECTIVE_SEQUENCE: ++ element->compound = SEQUENCE; ++ element->method = ASN1_CONS; ++ cursor++; ++ if (cursor >= end) ++ goto overrun_error; ++ if (cursor->token_type == DIRECTIVE_OF) { ++ element->compound = SEQUENCE_OF; ++ cursor++; ++ if (cursor >= end) ++ goto overrun_error; ++ element->children = parse_type(&cursor, end, NULL); ++ } else { ++ element->children = parse_compound(&cursor, end, 0); ++ } ++ break; ++ ++ case DIRECTIVE_SET: ++ element->compound = SET; ++ element->method = ASN1_CONS; ++ cursor++; ++ if (cursor >= end) ++ goto overrun_error; ++ if (cursor->token_type == DIRECTIVE_OF) { ++ element->compound = SET_OF; ++ cursor++; ++ if (cursor >= end) ++ goto parse_error; ++ element->children = parse_type(&cursor, end, NULL); ++ } else { ++ element->children = parse_compound(&cursor, end, 1); ++ } ++ break; ++ ++ default: ++ fprintf(stderr, "%s:%d: Token '%*.*s' does not introduce a type\n", ++ filename, cursor->line, ++ (int)cursor->size, (int)cursor->size, cursor->value); ++ exit(1); ++ } ++ ++ /* Handle elements that are optional */ ++ if (cursor < end && (cursor->token_type == DIRECTIVE_OPTIONAL || ++ cursor->token_type == DIRECTIVE_DEFAULT) ++ ) { ++ cursor++; ++ top->flags |= ELEMENT_SKIPPABLE; ++ } ++ ++ if (cursor < end && cursor->token_type == TOKEN_OPEN_ACTION) { ++ cursor++; ++ if (cursor >= end) ++ goto overrun_error; ++ if (cursor->token_type != TOKEN_ELEMENT_NAME) { ++ fprintf(stderr, "%s:%d: Token '%*.*s' is not an action function name\n", ++ filename, cursor->line, ++ (int)cursor->size, (int)cursor->size, cursor->value); ++ exit(1); ++ } ++ ++ action = malloc(sizeof(struct action) + cursor->size + 1); ++ if (!action) { ++ perror(NULL); ++ exit(1); ++ } ++ action->index = 0; ++ memcpy(action->name, cursor->value, cursor->size); ++ action->name[cursor->size] = 0; ++ ++ for (ppaction = &action_list; ++ *ppaction; ++ ppaction = &(*ppaction)->next ++ ) { ++ int cmp = strcmp(action->name, (*ppaction)->name); ++ if (cmp == 0) { ++ free(action); ++ action = *ppaction; ++ goto found; ++ } ++ if (cmp < 0) { ++ action->next = *ppaction; ++ *ppaction = action; ++ nr_actions++; ++ goto found; ++ } ++ } ++ action->next = NULL; ++ *ppaction = action; ++ nr_actions++; ++ found: ++ ++ element->action = action; ++ cursor->action = action; ++ cursor++; ++ if (cursor >= end) ++ goto overrun_error; ++ if (cursor->token_type != TOKEN_CLOSE_ACTION) { ++ fprintf(stderr, "%s:%d: Missing close action, got '%*.*s'\n", ++ filename, cursor->line, ++ (int)cursor->size, (int)cursor->size, cursor->value); ++ exit(1); ++ } ++ cursor++; ++ } ++ ++ *_cursor = cursor; ++ return top; ++ ++parse_error: ++ fprintf(stderr, "%s:%d: Unexpected token '%*.*s'\n", ++ filename, cursor->line, ++ (int)cursor->size, (int)cursor->size, cursor->value); ++ exit(1); ++ ++overrun_error: ++ fprintf(stderr, "%s: Unexpectedly hit EOF\n", filename); ++ exit(1); ++} ++ ++/* ++ * Parse a compound type list ++ */ ++static struct element *parse_compound(struct token **_cursor, struct token *end, ++ int alternates) ++{ ++ struct element *children, **child_p = &children, *element; ++ struct token *cursor = *_cursor, *name; ++ ++ if (cursor->token_type != TOKEN_OPEN_CURLY) { ++ fprintf(stderr, "%s:%d: Expected compound to start with brace not '%*.*s'\n", ++ filename, cursor->line, ++ (int)cursor->size, (int)cursor->size, cursor->value); ++ exit(1); ++ } ++ cursor++; ++ if (cursor >= end) ++ goto overrun_error; ++ ++ if (cursor->token_type == TOKEN_OPEN_CURLY) { ++ fprintf(stderr, "%s:%d: Empty compound\n", ++ filename, cursor->line); ++ exit(1); ++ } ++ ++ for (;;) { ++ name = NULL; ++ if (cursor->token_type == TOKEN_ELEMENT_NAME) { ++ name = cursor; ++ cursor++; ++ if (cursor >= end) ++ goto overrun_error; ++ } ++ ++ element = parse_type(&cursor, end, name); ++ if (alternates) ++ element->flags |= ELEMENT_SKIPPABLE | ELEMENT_CONDITIONAL; ++ ++ *child_p = element; ++ child_p = &element->next; ++ ++ if (cursor >= end) ++ goto overrun_error; ++ if (cursor->token_type != TOKEN_COMMA) ++ break; ++ cursor++; ++ if (cursor >= end) ++ goto overrun_error; ++ } ++ ++ children->flags &= ~ELEMENT_CONDITIONAL; ++ ++ if (cursor->token_type != TOKEN_CLOSE_CURLY) { ++ fprintf(stderr, "%s:%d: Expected compound closure, got '%*.*s'\n", ++ filename, cursor->line, ++ (int)cursor->size, (int)cursor->size, cursor->value); ++ exit(1); ++ } ++ cursor++; ++ ++ *_cursor = cursor; ++ return children; ++ ++overrun_error: ++ fprintf(stderr, "%s: Unexpectedly hit EOF\n", filename); ++ exit(1); ++} ++ ++static void render_element(FILE *out, struct element *e, struct element *tag); ++static void render_out_of_line_list(FILE *out); ++ ++static int nr_entries; ++static int render_depth = 1; ++static struct element *render_list, **render_list_p = &render_list; ++ ++__attribute__((format(printf, 2, 3))) ++static void render_opcode(FILE *out, const char *fmt, ...) ++{ ++ va_list va; ++ ++ if (out) { ++ fprintf(out, "\t[%4d] =%*s", nr_entries, render_depth, ""); ++ va_start(va, fmt); ++ vfprintf(out, fmt, va); ++ va_end(va); ++ } ++ nr_entries++; ++} ++ ++__attribute__((format(printf, 2, 3))) ++static void render_more(FILE *out, const char *fmt, ...) ++{ ++ va_list va; ++ ++ if (out) { ++ va_start(va, fmt); ++ vfprintf(out, fmt, va); ++ va_end(va); ++ } ++} ++ ++/* ++ * Render the grammar into a state machine definition. ++ */ ++static void render(FILE *out, FILE *hdr) ++{ ++ struct element *e; ++ struct action *action; ++ struct type *root; ++ int index; ++ ++ fprintf(hdr, "/*\n"); ++ fprintf(hdr, " * Automatically generated by asn1_compiler. Do not edit\n"); ++ fprintf(hdr, " *\n"); ++ fprintf(hdr, " * ASN.1 parser for %s\n", grammar_name); ++ fprintf(hdr, " */\n"); ++ fprintf(hdr, "#include \n"); ++ fprintf(hdr, "\n"); ++ fprintf(hdr, "extern const struct asn1_decoder %s_decoder;\n", grammar_name); ++ if (ferror(hdr)) { ++ perror(headername); ++ exit(1); ++ } ++ ++ fprintf(out, "/*\n"); ++ fprintf(out, " * Automatically generated by asn1_compiler. Do not edit\n"); ++ fprintf(out, " *\n"); ++ fprintf(out, " * ASN.1 parser for %s\n", grammar_name); ++ fprintf(out, " */\n"); ++ fprintf(out, "#include \n"); ++ fprintf(out, "#include \"%s-asn1.h\"\n", grammar_name); ++ fprintf(out, "\n"); ++ if (ferror(out)) { ++ perror(outputname); ++ exit(1); ++ } ++ ++ /* Tabulate the action functions we might have to call */ ++ fprintf(hdr, "\n"); ++ index = 0; ++ for (action = action_list; action; action = action->next) { ++ action->index = index++; ++ fprintf(hdr, ++ "extern int %s(void *, size_t, unsigned char," ++ " const void *, size_t);\n", ++ action->name); ++ } ++ fprintf(hdr, "\n"); ++ ++ fprintf(out, "enum %s_actions {\n", grammar_name); ++ for (action = action_list; action; action = action->next) ++ fprintf(out, "\tACT_%s = %u,\n", ++ action->name, action->index); ++ fprintf(out, "\tNR__%s_actions = %u\n", grammar_name, nr_actions); ++ fprintf(out, "};\n"); ++ ++ fprintf(out, "\n"); ++ fprintf(out, "static const asn1_action_t %s_action_table[NR__%s_actions] = {\n", ++ grammar_name, grammar_name); ++ for (action = action_list; action; action = action->next) ++ fprintf(out, "\t[%4u] = %s,\n", action->index, action->name); ++ fprintf(out, "};\n"); ++ ++ if (ferror(out)) { ++ perror(outputname); ++ exit(1); ++ } ++ ++ /* We do two passes - the first one calculates all the offsets */ ++ printf("Pass 1\n"); ++ nr_entries = 0; ++ root = &type_list[0]; ++ render_element(NULL, root->element, NULL); ++ render_opcode(NULL, "ASN1_OP_COMPLETE,\n"); ++ render_out_of_line_list(NULL); ++ ++ for (e = element_list; e; e = e->list_next) ++ e->flags &= ~ELEMENT_RENDERED; ++ ++ /* And then we actually render */ ++ printf("Pass 2\n"); ++ fprintf(out, "\n"); ++ fprintf(out, "static const unsigned char %s_machine[] = {\n", ++ grammar_name); ++ ++ nr_entries = 0; ++ root = &type_list[0]; ++ render_element(out, root->element, NULL); ++ render_opcode(out, "ASN1_OP_COMPLETE,\n"); ++ render_out_of_line_list(out); ++ ++ fprintf(out, "};\n"); ++ ++ fprintf(out, "\n"); ++ fprintf(out, "const struct asn1_decoder %s_decoder = {\n", grammar_name); ++ fprintf(out, "\t.machine = %s_machine,\n", grammar_name); ++ fprintf(out, "\t.machlen = sizeof(%s_machine),\n", grammar_name); ++ fprintf(out, "\t.actions = %s_action_table,\n", grammar_name); ++ fprintf(out, "};\n"); ++} ++ ++/* ++ * Render the out-of-line elements ++ */ ++static void render_out_of_line_list(FILE *out) ++{ ++ struct element *e, *ce; ++ const char *act; ++ int entry; ++ ++ while ((e = render_list)) { ++ render_list = e->render_next; ++ if (!render_list) ++ render_list_p = &render_list; ++ ++ render_more(out, "\n"); ++ e->entry_index = entry = nr_entries; ++ render_depth++; ++ for (ce = e->children; ce; ce = ce->next) ++ render_element(out, ce, NULL); ++ render_depth--; ++ ++ act = e->action ? "_ACT" : ""; ++ switch (e->compound) { ++ case SEQUENCE: ++ render_opcode(out, "ASN1_OP_END_SEQ%s,\n", act); ++ break; ++ case SEQUENCE_OF: ++ render_opcode(out, "ASN1_OP_END_SEQ_OF%s,\n", act); ++ render_opcode(out, "_jump_target(%u),\n", entry); ++ break; ++ case SET: ++ render_opcode(out, "ASN1_OP_END_SET%s,\n", act); ++ break; ++ case SET_OF: ++ render_opcode(out, "ASN1_OP_END_SET_OF%s,\n", act); ++ render_opcode(out, "_jump_target(%u),\n", entry); ++ break; ++ } ++ if (e->action) ++ render_opcode(out, "_action(ACT_%s),\n", ++ e->action->name); ++ render_opcode(out, "ASN1_OP_RETURN,\n"); ++ } ++} ++ ++/* ++ * Render an element. ++ */ ++static void render_element(FILE *out, struct element *e, struct element *tag) ++{ ++ struct element *ec; ++ const char *cond, *act; ++ int entry, skippable = 0, outofline = 0; ++ ++ if (e->flags & ELEMENT_SKIPPABLE || ++ (tag && tag->flags & ELEMENT_SKIPPABLE)) ++ skippable = 1; ++ ++ if ((e->type_def && e->type_def->ref_count > 1) || ++ skippable) ++ outofline = 1; ++ ++ if (e->type_def && out) { ++ render_more(out, "\t// %*.*s\n", ++ (int)e->type_def->name->size, (int)e->type_def->name->size, ++ e->type_def->name->value); ++ } ++ ++ /* Render the operation */ ++ cond = (e->flags & ELEMENT_CONDITIONAL || ++ (tag && tag->flags & ELEMENT_CONDITIONAL)) ? "COND_" : ""; ++ act = e->action ? "_ACT" : ""; ++ switch (e->compound) { ++ case ANY: ++ render_opcode(out, "ASN1_OP_%sMATCH_ANY%s,", cond, act); ++ if (e->name) ++ render_more(out, "\t\t// %*.*s", ++ (int)e->name->size, (int)e->name->size, ++ e->name->value); ++ render_more(out, "\n"); ++ goto dont_render_tag; ++ ++ case TAG_OVERRIDE: ++ render_element(out, e->children, e); ++ return; ++ ++ case SEQUENCE: ++ case SEQUENCE_OF: ++ case SET: ++ case SET_OF: ++ render_opcode(out, "ASN1_OP_%sMATCH%s%s,", ++ cond, ++ outofline ? "_JUMP" : "", ++ skippable ? "_OR_SKIP" : ""); ++ break; ++ ++ case CHOICE: ++ goto dont_render_tag; ++ ++ case TYPE_REF: ++ if (e->class == ASN1_UNIV && e->method == ASN1_PRIM && e->tag == 0) ++ goto dont_render_tag; ++ default: ++ render_opcode(out, "ASN1_OP_%sMATCH%s%s,", ++ cond, act, ++ skippable ? "_OR_SKIP" : ""); ++ break; ++ } ++ ++ if (e->name) ++ render_more(out, "\t\t// %*.*s", ++ (int)e->name->size, (int)e->name->size, ++ e->name->value); ++ render_more(out, "\n"); ++ ++ /* Render the tag */ ++ if (!tag) ++ tag = e; ++ if (tag->class == ASN1_UNIV && ++ tag->tag != 14 && ++ tag->tag != 15 && ++ tag->tag != 31) ++ render_opcode(out, "_tag(%s, %s, %s),\n", ++ asn1_classes[tag->class], ++ asn1_methods[tag->method | e->method], ++ asn1_universal_tags[tag->tag]); ++ else ++ render_opcode(out, "_tagn(%s, %s, %2u),\n", ++ asn1_classes[tag->class], ++ asn1_methods[tag->method | e->method], ++ tag->tag); ++ tag = NULL; ++dont_render_tag: ++ ++ /* Deal with compound types */ ++ switch (e->compound) { ++ case TYPE_REF: ++ render_element(out, e->type->type->element, tag); ++ if (e->action) ++ render_opcode(out, "ASN1_OP_ACT,\n"); ++ break; ++ ++ case SEQUENCE: ++ if (outofline) { ++ /* Render out-of-line for multiple use or ++ * skipability */ ++ render_opcode(out, "_jump_target(%u),", e->entry_index); ++ if (e->type_def && e->type_def->name) ++ render_more(out, "\t\t// --> %*.*s", ++ (int)e->type_def->name->size, ++ (int)e->type_def->name->size, ++ e->type_def->name->value); ++ render_more(out, "\n"); ++ if (!(e->flags & ELEMENT_RENDERED)) { ++ e->flags |= ELEMENT_RENDERED; ++ *render_list_p = e; ++ render_list_p = &e->render_next; ++ } ++ return; ++ } else { ++ /* Render inline for single use */ ++ render_depth++; ++ for (ec = e->children; ec; ec = ec->next) ++ render_element(out, ec, NULL); ++ render_depth--; ++ render_opcode(out, "ASN1_OP_END_SEQ%s,\n", act); ++ } ++ break; ++ ++ case SEQUENCE_OF: ++ case SET_OF: ++ if (outofline) { ++ /* Render out-of-line for multiple use or ++ * skipability */ ++ render_opcode(out, "_jump_target(%u),", e->entry_index); ++ if (e->type_def && e->type_def->name) ++ render_more(out, "\t\t// --> %*.*s", ++ (int)e->type_def->name->size, ++ (int)e->type_def->name->size, ++ e->type_def->name->value); ++ render_more(out, "\n"); ++ if (!(e->flags & ELEMENT_RENDERED)) { ++ e->flags |= ELEMENT_RENDERED; ++ *render_list_p = e; ++ render_list_p = &e->render_next; ++ } ++ return; ++ } else { ++ /* Render inline for single use */ ++ entry = nr_entries; ++ render_depth++; ++ render_element(out, e->children, NULL); ++ render_depth--; ++ if (e->compound == SEQUENCE_OF) ++ render_opcode(out, "ASN1_OP_END_SEQ_OF%s,\n", act); ++ else ++ render_opcode(out, "ASN1_OP_END_SET_OF%s,\n", act); ++ render_opcode(out, "_jump_target(%u),\n", entry); ++ } ++ break; ++ ++ case SET: ++ /* I can't think of a nice way to do SET support without having ++ * a stack of bitmasks to make sure no element is repeated. ++ * The bitmask has also to be checked that no non-optional ++ * elements are left out whilst not preventing optional ++ * elements from being left out. ++ */ ++ fprintf(stderr, "The ASN.1 SET type is not currently supported.\n"); ++ exit(1); ++ ++ case CHOICE: ++ for (ec = e->children; ec; ec = ec->next) ++ render_element(out, ec, NULL); ++ if (!skippable) ++ render_opcode(out, "ASN1_OP_COND_FAIL,\n"); ++ if (e->action) ++ render_opcode(out, "ASN1_OP_ACT,\n"); ++ break; ++ ++ default: ++ break; ++ } ++ ++ if (e->action) ++ render_opcode(out, "_action(ACT_%s),\n", e->action->name); ++} +-- +1.7.11.4 + + +From 8ea3f94cc16a23e3edbebf12f4223e654eb8219d Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Mon, 24 Sep 2012 17:11:16 +0100 +Subject: [PATCH 15/26] X.509: Add an ASN.1 decoder + +Add an ASN.1 BER/DER/CER decoder. This uses the bytecode from the ASN.1 +compiler in the previous patch to inform it as to what to expect to find in the +encoded byte stream. The output from the compiler also tells it what functions +to call on what tags, thus allowing the caller to retrieve information. + +The decoder is called as follows: + + int asn1_decoder(const struct asn1_decoder *decoder, + void *context, + const unsigned char *data, + size_t datalen); + +The decoder argument points to the bytecode from the ASN.1 compiler. context +is the caller's context and is passed to the action functions. data and +datalen define the byte stream to be decoded. + + +Note that the decoder is currently limited to datalen being less than 64K. +This reduces the amount of stack space used by the decoder because ASN.1 is a +nested construct. Similarly, the decoder is limited to a maximum of 10 levels +of constructed data outside of a leaf node also in an effort to keep stack +usage down. + +These restrictions can be raised if necessary. + +Signed-off-by: David Howells +--- + include/linux/asn1_decoder.h | 24 +++ + lib/Makefile | 2 + + lib/asn1_decoder.c | 477 +++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 503 insertions(+) + create mode 100644 include/linux/asn1_decoder.h + create mode 100644 lib/asn1_decoder.c + +diff --git a/include/linux/asn1_decoder.h b/include/linux/asn1_decoder.h +new file mode 100644 +index 0000000..fa2ff5b +--- /dev/null ++++ b/include/linux/asn1_decoder.h +@@ -0,0 +1,24 @@ ++/* ASN.1 decoder ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#ifndef _LINUX_ASN1_DECODER_H ++#define _LINUX_ASN1_DECODER_H ++ ++#include ++ ++struct asn1_decoder; ++ ++extern int asn1_ber_decoder(const struct asn1_decoder *decoder, ++ void *context, ++ const unsigned char *data, ++ size_t datalen); ++ ++#endif /* _LINUX_ASN1_DECODER_H */ +diff --git a/lib/Makefile b/lib/Makefile +index b042896..ca856b6 100644 +--- a/lib/Makefile ++++ b/lib/Makefile +@@ -140,6 +140,8 @@ $(foreach file, $(libfdt_files), \ + $(eval CFLAGS_$(file) = -I$(src)/../scripts/dtc/libfdt)) + lib-$(CONFIG_LIBFDT) += $(libfdt_files) + ++obj-$(CONFIG_ASN1) += asn1_decoder.o ++ + hostprogs-y := gen_crc32table + clean-files := crc32table.h + +diff --git a/lib/asn1_decoder.c b/lib/asn1_decoder.c +new file mode 100644 +index 0000000..2e4196d +--- /dev/null ++++ b/lib/asn1_decoder.c +@@ -0,0 +1,477 @@ ++/* Decoder for ASN.1 BER/DER/CER encoded bytestream ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++ ++static const unsigned char asn1_op_lengths[ASN1_OP__NR] = { ++ /* OPC TAG JMP ACT */ ++ [ASN1_OP_MATCH] = 1 + 1, ++ [ASN1_OP_MATCH_OR_SKIP] = 1 + 1, ++ [ASN1_OP_MATCH_ACT] = 1 + 1 + 1, ++ [ASN1_OP_MATCH_ACT_OR_SKIP] = 1 + 1 + 1, ++ [ASN1_OP_MATCH_JUMP] = 1 + 1 + 1, ++ [ASN1_OP_MATCH_JUMP_OR_SKIP] = 1 + 1 + 1, ++ [ASN1_OP_MATCH_ANY] = 1, ++ [ASN1_OP_MATCH_ANY_ACT] = 1 + 1, ++ [ASN1_OP_COND_MATCH_OR_SKIP] = 1 + 1, ++ [ASN1_OP_COND_MATCH_ACT_OR_SKIP] = 1 + 1 + 1, ++ [ASN1_OP_COND_MATCH_JUMP_OR_SKIP] = 1 + 1 + 1, ++ [ASN1_OP_COND_MATCH_ANY] = 1, ++ [ASN1_OP_COND_MATCH_ANY_ACT] = 1 + 1, ++ [ASN1_OP_COND_FAIL] = 1, ++ [ASN1_OP_COMPLETE] = 1, ++ [ASN1_OP_ACT] = 1 + 1, ++ [ASN1_OP_RETURN] = 1, ++ [ASN1_OP_END_SEQ] = 1, ++ [ASN1_OP_END_SEQ_OF] = 1 + 1, ++ [ASN1_OP_END_SET] = 1, ++ [ASN1_OP_END_SET_OF] = 1 + 1, ++ [ASN1_OP_END_SEQ_ACT] = 1 + 1, ++ [ASN1_OP_END_SEQ_OF_ACT] = 1 + 1 + 1, ++ [ASN1_OP_END_SET_ACT] = 1 + 1, ++ [ASN1_OP_END_SET_OF_ACT] = 1 + 1 + 1, ++}; ++ ++/* ++ * Find the length of an indefinite length object ++ */ ++static int asn1_find_indefinite_length(const unsigned char *data, size_t datalen, ++ const char **_errmsg, size_t *_err_dp) ++{ ++ unsigned char tag, tmp; ++ size_t dp = 0, len, n; ++ int indef_level = 1; ++ ++next_tag: ++ if (unlikely(datalen - dp < 2)) { ++ if (datalen == dp) ++ goto missing_eoc; ++ goto data_overrun_error; ++ } ++ ++ /* Extract a tag from the data */ ++ tag = data[dp++]; ++ if (tag == 0) { ++ /* It appears to be an EOC. */ ++ if (data[dp++] != 0) ++ goto invalid_eoc; ++ if (--indef_level <= 0) ++ return dp; ++ goto next_tag; ++ } ++ ++ if (unlikely((tag & 0x1f) == 0x1f)) { ++ do { ++ if (unlikely(datalen - dp < 2)) ++ goto data_overrun_error; ++ tmp = data[dp++]; ++ } while (tmp & 0x80); ++ } ++ ++ /* Extract the length */ ++ len = data[dp++]; ++ if (len < 0x7f) { ++ dp += len; ++ goto next_tag; ++ } ++ ++ if (unlikely(len == 0x80)) { ++ /* Indefinite length */ ++ if (unlikely((tag & ASN1_CONS_BIT) == ASN1_PRIM << 5)) ++ goto indefinite_len_primitive; ++ indef_level++; ++ goto next_tag; ++ } ++ ++ n = len - 0x80; ++ if (unlikely(n > sizeof(size_t) - 1)) ++ goto length_too_long; ++ if (unlikely(n > datalen - dp)) ++ goto data_overrun_error; ++ for (len = 0; n > 0; n--) { ++ len <<= 8; ++ len |= data[dp++]; ++ } ++ dp += len; ++ goto next_tag; ++ ++length_too_long: ++ *_errmsg = "Unsupported length"; ++ goto error; ++indefinite_len_primitive: ++ *_errmsg = "Indefinite len primitive not permitted"; ++ goto error; ++invalid_eoc: ++ *_errmsg = "Invalid length EOC"; ++ goto error; ++data_overrun_error: ++ *_errmsg = "Data overrun error"; ++ goto error; ++missing_eoc: ++ *_errmsg = "Missing EOC in indefinite len cons"; ++error: ++ *_err_dp = dp; ++ return -1; ++} ++ ++/** ++ * asn1_ber_decoder - Decoder BER/DER/CER ASN.1 according to pattern ++ * @decoder: The decoder definition (produced by asn1_compiler) ++ * @context: The caller's context (to be passed to the action functions) ++ * @data: The encoded data ++ * @datasize: The size of the encoded data ++ * ++ * Decode BER/DER/CER encoded ASN.1 data according to a bytecode pattern ++ * produced by asn1_compiler. Action functions are called on marked tags to ++ * allow the caller to retrieve significant data. ++ * ++ * LIMITATIONS: ++ * ++ * To keep down the amount of stack used by this function, the following limits ++ * have been imposed: ++ * ++ * (1) This won't handle datalen > 65535 without increasing the size of the ++ * cons stack elements and length_too_long checking. ++ * ++ * (2) The stack of constructed types is 10 deep. If the depth of non-leaf ++ * constructed types exceeds this, the decode will fail. ++ * ++ * (3) The SET type (not the SET OF type) isn't really supported as tracking ++ * what members of the set have been seen is a pain. ++ */ ++int asn1_ber_decoder(const struct asn1_decoder *decoder, ++ void *context, ++ const unsigned char *data, ++ size_t datalen) ++{ ++ const unsigned char *machine = decoder->machine; ++ const asn1_action_t *actions = decoder->actions; ++ size_t machlen = decoder->machlen; ++ enum asn1_opcode op; ++ unsigned char tag = 0, csp = 0, jsp = 0, optag = 0, hdr = 0; ++ const char *errmsg; ++ size_t pc = 0, dp = 0, tdp = 0, len = 0; ++ int ret; ++ ++ unsigned char flags = 0; ++#define FLAG_INDEFINITE_LENGTH 0x01 ++#define FLAG_MATCHED 0x02 ++#define FLAG_CONS 0x20 /* Corresponds to CONS bit in the opcode tag ++ * - ie. whether or not we are going to parse ++ * a compound type. ++ */ ++ ++#define NR_CONS_STACK 10 ++ unsigned short cons_dp_stack[NR_CONS_STACK]; ++ unsigned short cons_datalen_stack[NR_CONS_STACK]; ++ unsigned char cons_hdrlen_stack[NR_CONS_STACK]; ++#define NR_JUMP_STACK 10 ++ unsigned char jump_stack[NR_JUMP_STACK]; ++ ++ if (datalen > 65535) ++ return -EMSGSIZE; ++ ++next_op: ++ pr_debug("next_op: pc=\e[32m%zu\e[m/%zu dp=\e[33m%zu\e[m/%zu C=%d J=%d\n", ++ pc, machlen, dp, datalen, csp, jsp); ++ if (unlikely(pc >= machlen)) ++ goto machine_overrun_error; ++ op = machine[pc]; ++ if (unlikely(pc + asn1_op_lengths[op] > machlen)) ++ goto machine_overrun_error; ++ ++ /* If this command is meant to match a tag, then do that before ++ * evaluating the command. ++ */ ++ if (op <= ASN1_OP__MATCHES_TAG) { ++ unsigned char tmp; ++ ++ /* Skip conditional matches if possible */ ++ if ((op & ASN1_OP_MATCH__COND && ++ flags & FLAG_MATCHED) || ++ dp == datalen) { ++ pc += asn1_op_lengths[op]; ++ goto next_op; ++ } ++ ++ flags = 0; ++ hdr = 2; ++ ++ /* Extract a tag from the data */ ++ if (unlikely(dp >= datalen - 1)) ++ goto data_overrun_error; ++ tag = data[dp++]; ++ if (unlikely((tag & 0x1f) == 0x1f)) ++ goto long_tag_not_supported; ++ ++ if (op & ASN1_OP_MATCH__ANY) { ++ pr_debug("- any %02x\n", tag); ++ } else { ++ /* Extract the tag from the machine ++ * - Either CONS or PRIM are permitted in the data if ++ * CONS is not set in the op stream, otherwise CONS ++ * is mandatory. ++ */ ++ optag = machine[pc + 1]; ++ flags |= optag & FLAG_CONS; ++ ++ /* Determine whether the tag matched */ ++ tmp = optag ^ tag; ++ tmp &= ~(optag & ASN1_CONS_BIT); ++ pr_debug("- match? %02x %02x %02x\n", tag, optag, tmp); ++ if (tmp != 0) { ++ /* All odd-numbered tags are MATCH_OR_SKIP. */ ++ if (op & ASN1_OP_MATCH__SKIP) { ++ pc += asn1_op_lengths[op]; ++ dp--; ++ goto next_op; ++ } ++ goto tag_mismatch; ++ } ++ } ++ flags |= FLAG_MATCHED; ++ ++ len = data[dp++]; ++ if (len > 0x7f) { ++ if (unlikely(len == 0x80)) { ++ /* Indefinite length */ ++ if (unlikely(!(tag & ASN1_CONS_BIT))) ++ goto indefinite_len_primitive; ++ flags |= FLAG_INDEFINITE_LENGTH; ++ if (unlikely(2 > datalen - dp)) ++ goto data_overrun_error; ++ } else { ++ int n = len - 0x80; ++ if (unlikely(n > 2)) ++ goto length_too_long; ++ if (unlikely(dp >= datalen - n)) ++ goto data_overrun_error; ++ hdr += n; ++ for (len = 0; n > 0; n--) { ++ len <<= 8; ++ len |= data[dp++]; ++ } ++ if (unlikely(len > datalen - dp)) ++ goto data_overrun_error; ++ } ++ } ++ ++ if (flags & FLAG_CONS) { ++ /* For expected compound forms, we stack the positions ++ * of the start and end of the data. ++ */ ++ if (unlikely(csp >= NR_CONS_STACK)) ++ goto cons_stack_overflow; ++ cons_dp_stack[csp] = dp; ++ cons_hdrlen_stack[csp] = hdr; ++ if (!(flags & FLAG_INDEFINITE_LENGTH)) { ++ cons_datalen_stack[csp] = datalen; ++ datalen = dp + len; ++ } else { ++ cons_datalen_stack[csp] = 0; ++ } ++ csp++; ++ } ++ ++ pr_debug("- TAG: %02x %zu%s\n", ++ tag, len, flags & FLAG_CONS ? " CONS" : ""); ++ tdp = dp; ++ } ++ ++ /* Decide how to handle the operation */ ++ switch (op) { ++ case ASN1_OP_MATCH_ANY_ACT: ++ case ASN1_OP_COND_MATCH_ANY_ACT: ++ ret = actions[machine[pc + 1]](context, hdr, tag, data + dp, len); ++ if (ret < 0) ++ return ret; ++ goto skip_data; ++ ++ case ASN1_OP_MATCH_ACT: ++ case ASN1_OP_MATCH_ACT_OR_SKIP: ++ case ASN1_OP_COND_MATCH_ACT_OR_SKIP: ++ ret = actions[machine[pc + 2]](context, hdr, tag, data + dp, len); ++ if (ret < 0) ++ return ret; ++ goto skip_data; ++ ++ case ASN1_OP_MATCH: ++ case ASN1_OP_MATCH_OR_SKIP: ++ case ASN1_OP_MATCH_ANY: ++ case ASN1_OP_COND_MATCH_OR_SKIP: ++ case ASN1_OP_COND_MATCH_ANY: ++ skip_data: ++ if (!(flags & FLAG_CONS)) { ++ if (flags & FLAG_INDEFINITE_LENGTH) { ++ len = asn1_find_indefinite_length( ++ data + dp, datalen - dp, &errmsg, &dp); ++ if (len < 0) ++ goto error; ++ } ++ pr_debug("- LEAF: %zu\n", len); ++ dp += len; ++ } ++ pc += asn1_op_lengths[op]; ++ goto next_op; ++ ++ case ASN1_OP_MATCH_JUMP: ++ case ASN1_OP_MATCH_JUMP_OR_SKIP: ++ case ASN1_OP_COND_MATCH_JUMP_OR_SKIP: ++ pr_debug("- MATCH_JUMP\n"); ++ if (unlikely(jsp == NR_JUMP_STACK)) ++ goto jump_stack_overflow; ++ jump_stack[jsp++] = pc + asn1_op_lengths[op]; ++ pc = machine[pc + 2]; ++ goto next_op; ++ ++ case ASN1_OP_COND_FAIL: ++ if (unlikely(!(flags & FLAG_MATCHED))) ++ goto tag_mismatch; ++ pc += asn1_op_lengths[op]; ++ goto next_op; ++ ++ case ASN1_OP_COMPLETE: ++ if (unlikely(jsp != 0 || csp != 0)) { ++ pr_err("ASN.1 decoder error: Stacks not empty at completion (%u, %u)\n", ++ jsp, csp); ++ return -EBADMSG; ++ } ++ return 0; ++ ++ case ASN1_OP_END_SET: ++ case ASN1_OP_END_SET_ACT: ++ if (unlikely(!(flags & FLAG_MATCHED))) ++ goto tag_mismatch; ++ case ASN1_OP_END_SEQ: ++ case ASN1_OP_END_SET_OF: ++ case ASN1_OP_END_SEQ_OF: ++ case ASN1_OP_END_SEQ_ACT: ++ case ASN1_OP_END_SET_OF_ACT: ++ case ASN1_OP_END_SEQ_OF_ACT: ++ if (unlikely(csp <= 0)) ++ goto cons_stack_underflow; ++ csp--; ++ tdp = cons_dp_stack[csp]; ++ hdr = cons_hdrlen_stack[csp]; ++ len = datalen; ++ datalen = cons_datalen_stack[csp]; ++ pr_debug("- end cons t=%zu dp=%zu l=%zu/%zu\n", ++ tdp, dp, len, datalen); ++ if (datalen == 0) { ++ /* Indefinite length - check for the EOC. */ ++ datalen = len; ++ if (unlikely(datalen - dp < 2)) ++ goto data_overrun_error; ++ if (data[dp++] != 0) { ++ if (op & ASN1_OP_END__OF) { ++ dp--; ++ csp++; ++ pc = machine[pc + 1]; ++ pr_debug("- continue\n"); ++ goto next_op; ++ } ++ goto missing_eoc; ++ } ++ if (data[dp++] != 0) ++ goto invalid_eoc; ++ len = dp - tdp - 2; ++ } else { ++ if (dp < len && (op & ASN1_OP_END__OF)) { ++ datalen = len; ++ csp++; ++ pc = machine[pc + 1]; ++ pr_debug("- continue\n"); ++ goto next_op; ++ } ++ if (dp != len) ++ goto cons_length_error; ++ len -= tdp; ++ pr_debug("- cons len l=%zu d=%zu\n", len, dp - tdp); ++ } ++ ++ if (op & ASN1_OP_END__ACT) { ++ unsigned char act; ++ if (op & ASN1_OP_END__OF) ++ act = machine[pc + 2]; ++ else ++ act = machine[pc + 1]; ++ ret = actions[act](context, hdr, 0, data + tdp, len); ++ } ++ pc += asn1_op_lengths[op]; ++ goto next_op; ++ ++ case ASN1_OP_ACT: ++ ret = actions[machine[pc + 1]](context, hdr, tag, data + tdp, len); ++ pc += asn1_op_lengths[op]; ++ goto next_op; ++ ++ case ASN1_OP_RETURN: ++ if (unlikely(jsp <= 0)) ++ goto jump_stack_underflow; ++ pc = jump_stack[--jsp]; ++ goto next_op; ++ ++ default: ++ break; ++ } ++ ++ /* Shouldn't reach here */ ++ pr_err("ASN.1 decoder error: Found reserved opcode (%u)\n", op); ++ return -EBADMSG; ++ ++data_overrun_error: ++ errmsg = "Data overrun error"; ++ goto error; ++machine_overrun_error: ++ errmsg = "Machine overrun error"; ++ goto error; ++jump_stack_underflow: ++ errmsg = "Jump stack underflow"; ++ goto error; ++jump_stack_overflow: ++ errmsg = "Jump stack overflow"; ++ goto error; ++cons_stack_underflow: ++ errmsg = "Cons stack underflow"; ++ goto error; ++cons_stack_overflow: ++ errmsg = "Cons stack overflow"; ++ goto error; ++cons_length_error: ++ errmsg = "Cons length error"; ++ goto error; ++missing_eoc: ++ errmsg = "Missing EOC in indefinite len cons"; ++ goto error; ++invalid_eoc: ++ errmsg = "Invalid length EOC"; ++ goto error; ++length_too_long: ++ errmsg = "Unsupported length"; ++ goto error; ++indefinite_len_primitive: ++ errmsg = "Indefinite len primitive not permitted"; ++ goto error; ++tag_mismatch: ++ errmsg = "Unexpected tag"; ++ goto error; ++long_tag_not_supported: ++ errmsg = "Long tag not supported"; ++error: ++ pr_debug("\nASN1: %s [m=%zu d=%zu ot=%02x t=%02x l=%zu]\n", ++ errmsg, pc, dp, optag, tag, len); ++ return -EBADMSG; ++} ++EXPORT_SYMBOL_GPL(asn1_ber_decoder); +-- +1.7.11.4 + + +From f055a9091c35be0171d39ca8e76bb4677d89eef1 Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Mon, 24 Sep 2012 17:11:27 +0100 +Subject: [PATCH 16/26] MPILIB: Provide a function to read raw data into an + MPI + +Provide a function to read raw data of a predetermined size into an MPI rather +than expecting the size to be encoded within the data. The data is assumed to +represent an unsigned integer, and the resulting MPI will be positive. + +The function looks like this: + + MPI mpi_read_raw_data(const void *, size_t); + +This is useful for reading ASN.1 integer primitives where the length is encoded +in the ASN.1 metadata. + +Signed-off-by: David Howells +--- + include/linux/mpi.h | 1 + + lib/mpi/mpicoder.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 56 insertions(+) + +diff --git a/include/linux/mpi.h b/include/linux/mpi.h +index d02cca6..5af1b81 100644 +--- a/include/linux/mpi.h ++++ b/include/linux/mpi.h +@@ -76,6 +76,7 @@ void mpi_swap(MPI a, MPI b); + + /*-- mpicoder.c --*/ + MPI do_encode_md(const void *sha_buffer, unsigned nbits); ++MPI mpi_read_raw_data(const void *xbuffer, size_t nbytes); + MPI mpi_read_from_buffer(const void *buffer, unsigned *ret_nread); + int mpi_fromstr(MPI val, const char *str); + u32 mpi_get_keyid(MPI a, u32 *keyid); +diff --git a/lib/mpi/mpicoder.c b/lib/mpi/mpicoder.c +index f0fa659..3962b7f 100644 +--- a/lib/mpi/mpicoder.c ++++ b/lib/mpi/mpicoder.c +@@ -18,10 +18,65 @@ + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + ++#include ++#include + #include "mpi-internal.h" + + #define MAX_EXTERN_MPI_BITS 16384 + ++/** ++ * mpi_read_raw_data - Read a raw byte stream as a positive integer ++ * @xbuffer: The data to read ++ * @nbytes: The amount of data to read ++ */ ++MPI mpi_read_raw_data(const void *xbuffer, size_t nbytes) ++{ ++ const uint8_t *buffer = xbuffer; ++ int i, j; ++ unsigned nbits, nlimbs; ++ mpi_limb_t a; ++ MPI val = NULL; ++ ++ while (nbytes >= 0 && buffer[0] == 0) { ++ buffer++; ++ nbytes--; ++ } ++ ++ nbits = nbytes * 8; ++ if (nbits > MAX_EXTERN_MPI_BITS) { ++ pr_info("MPI: mpi too large (%u bits)\n", nbits); ++ return NULL; ++ } ++ if (nbytes > 0) ++ nbits -= count_leading_zeros(buffer[0]); ++ else ++ nbits = 0; ++ ++ nlimbs = (nbytes + BYTES_PER_MPI_LIMB - 1) / BYTES_PER_MPI_LIMB; ++ val = mpi_alloc(nlimbs); ++ if (!val) ++ return NULL; ++ val->nbits = nbits; ++ val->sign = 0; ++ val->nlimbs = nlimbs; ++ ++ if (nbytes > 0) { ++ i = BYTES_PER_MPI_LIMB - nbytes % BYTES_PER_MPI_LIMB; ++ i %= BYTES_PER_MPI_LIMB; ++ for (j = nlimbs; j > 0; j--) { ++ a = 0; ++ for (; i < BYTES_PER_MPI_LIMB; i++) { ++ a <<= 8; ++ a |= *buffer++; ++ } ++ i = 0; ++ val->d[j - 1] = a; ++ } ++ } ++ return val; ++} ++EXPORT_SYMBOL_GPL(mpi_read_raw_data); ++ + MPI mpi_read_from_buffer(const void *xbuffer, unsigned *ret_nread) + { + const uint8_t *buffer = xbuffer; +-- +1.7.11.4 + + +From 3d816cdad8cdd5412ecc8f539bb09daef52ba361 Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Mon, 24 Sep 2012 17:11:48 +0100 +Subject: [PATCH 17/26] X.509: Add a crypto key parser for binary (DER) X.509 + certificates + +Add a crypto key parser for binary (DER) encoded X.509 certificates. The +certificate is parsed and, if possible, the signature is verified. + +An X.509 key can be added like this: + + # keyctl padd crypto bar @s +--- + crypto/asymmetric_keys/.gitignore | 1 + + crypto/asymmetric_keys/Kconfig | 10 + + crypto/asymmetric_keys/Makefile | 17 + + crypto/asymmetric_keys/x509.asn1 | 60 ++++ + crypto/asymmetric_keys/x509_cert_parser.c | 497 ++++++++++++++++++++++++++++++ + crypto/asymmetric_keys/x509_parser.h | 36 +++ + crypto/asymmetric_keys/x509_public_key.c | 207 +++++++++++++ + crypto/asymmetric_keys/x509_rsakey.asn1 | 4 + + 8 files changed, 832 insertions(+) + create mode 100644 crypto/asymmetric_keys/.gitignore + create mode 100644 crypto/asymmetric_keys/x509.asn1 + create mode 100644 crypto/asymmetric_keys/x509_cert_parser.c + create mode 100644 crypto/asymmetric_keys/x509_parser.h + create mode 100644 crypto/asymmetric_keys/x509_public_key.c + create mode 100644 crypto/asymmetric_keys/x509_rsakey.asn1 + +diff --git a/crypto/asymmetric_keys/.gitignore b/crypto/asymmetric_keys/.gitignore +new file mode 100644 +index 0000000..ee32837 +--- /dev/null ++++ b/crypto/asymmetric_keys/.gitignore +@@ -0,0 +1 @@ ++*-asn1.[ch] +diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig +index 561759d..6d2c2ea 100644 +--- a/crypto/asymmetric_keys/Kconfig ++++ b/crypto/asymmetric_keys/Kconfig +@@ -25,4 +25,14 @@ config PUBLIC_KEY_ALGO_RSA + help + This option enables support for the RSA algorithm (PKCS#1, RFC3447). + ++config X509_CERTIFICATE_PARSER ++ tristate "X.509 certificate parser" ++ depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE ++ select ASN1 ++ select OID_REGISTRY ++ help ++ This option procides support for parsing X.509 format blobs for key ++ data and provides the ability to instantiate a crypto key from a ++ public key packet found inside the certificate. ++ + endif # ASYMMETRIC_KEY_TYPE +diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile +index 7c92691..0727204 100644 +--- a/crypto/asymmetric_keys/Makefile ++++ b/crypto/asymmetric_keys/Makefile +@@ -8,3 +8,20 @@ asymmetric_keys-y := asymmetric_type.o signature.o + + obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o + obj-$(CONFIG_PUBLIC_KEY_ALGO_RSA) += rsa.o ++ ++# ++# X.509 Certificate handling ++# ++obj-$(CONFIG_X509_CERTIFICATE_PARSER) += x509_key_parser.o ++x509_key_parser-y := \ ++ x509-asn1.o \ ++ x509_rsakey-asn1.o \ ++ x509_cert_parser.o \ ++ x509_public_key.o ++ ++$(obj)/x509_cert_parser.o: $(obj)/x509-asn1.h $(obj)/x509_rsakey-asn1.h ++$(obj)/x509-asn1.o: $(obj)/x509-asn1.c $(obj)/x509-asn1.h ++$(obj)/x509_rsakey-asn1.o: $(obj)/x509_rsakey-asn1.c $(obj)/x509_rsakey-asn1.h ++ ++clean-files += x509-asn1.c x509-asn1.h ++clean-files += x509_rsakey-asn1.c x509_rsakey-asn1.h +diff --git a/crypto/asymmetric_keys/x509.asn1 b/crypto/asymmetric_keys/x509.asn1 +new file mode 100644 +index 0000000..bf32b3d +--- /dev/null ++++ b/crypto/asymmetric_keys/x509.asn1 +@@ -0,0 +1,60 @@ ++Certificate ::= SEQUENCE { ++ tbsCertificate TBSCertificate ({ x509_note_tbs_certificate }), ++ signatureAlgorithm AlgorithmIdentifier, ++ signature BIT STRING ({ x509_note_signature }) ++ } ++ ++TBSCertificate ::= SEQUENCE { ++ version [ 0 ] Version DEFAULT, ++ serialNumber CertificateSerialNumber, ++ signature AlgorithmIdentifier ({ x509_note_pkey_algo }), ++ issuer Name ({ x509_note_issuer }), ++ validity Validity, ++ subject Name ({ x509_note_subject }), ++ subjectPublicKeyInfo SubjectPublicKeyInfo, ++ issuerUniqueID [ 1 ] IMPLICIT UniqueIdentifier OPTIONAL, ++ subjectUniqueID [ 2 ] IMPLICIT UniqueIdentifier OPTIONAL, ++ extensions [ 3 ] Extensions OPTIONAL ++ } ++ ++Version ::= INTEGER ++CertificateSerialNumber ::= INTEGER ++ ++AlgorithmIdentifier ::= SEQUENCE { ++ algorithm OBJECT IDENTIFIER ({ x509_note_OID }), ++ parameters ANY OPTIONAL ++} ++ ++Name ::= SEQUENCE OF RelativeDistinguishedName ++ ++RelativeDistinguishedName ::= SET OF AttributeValueAssertion ++ ++AttributeValueAssertion ::= SEQUENCE { ++ attributeType OBJECT IDENTIFIER ({ x509_note_OID }), ++ attributeValue ANY ({ x509_extract_name_segment }) ++ } ++ ++Validity ::= SEQUENCE { ++ notBefore Time ({ x509_note_not_before }), ++ notAfter Time ({ x509_note_not_after }) ++ } ++ ++Time ::= CHOICE { ++ utcTime UTCTime, ++ generalTime GeneralizedTime ++ } ++ ++SubjectPublicKeyInfo ::= SEQUENCE { ++ algorithm AlgorithmIdentifier, ++ subjectPublicKey BIT STRING ({ x509_extract_key_data }) ++ } ++ ++UniqueIdentifier ::= BIT STRING ++ ++Extensions ::= SEQUENCE OF Extension ++ ++Extension ::= SEQUENCE { ++ extnid OBJECT IDENTIFIER ({ x509_note_OID }), ++ critical BOOLEAN DEFAULT, ++ extnValue OCTET STRING ({ x509_process_extension }) ++ } +diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c +new file mode 100644 +index 0000000..8fcac94 +--- /dev/null ++++ b/crypto/asymmetric_keys/x509_cert_parser.c +@@ -0,0 +1,497 @@ ++/* X.509 certificate parser ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#define pr_fmt(fmt) "X.509: "fmt ++#include ++#include ++#include ++#include ++#include "public_key.h" ++#include "x509_parser.h" ++#include "x509-asn1.h" ++#include "x509_rsakey-asn1.h" ++ ++struct x509_parse_context { ++ struct x509_certificate *cert; /* Certificate being constructed */ ++ unsigned long data; /* Start of data */ ++ const void *cert_start; /* Start of cert content */ ++ const void *key; /* Key data */ ++ size_t key_size; /* Size of key data */ ++ enum OID last_oid; /* Last OID encountered */ ++ enum OID algo_oid; /* Algorithm OID */ ++ unsigned char nr_mpi; /* Number of MPIs stored */ ++ u8 o_size; /* Size of organizationName (O) */ ++ u8 cn_size; /* Size of commonName (CN) */ ++ u8 email_size; /* Size of emailAddress */ ++ u16 o_offset; /* Offset of organizationName (O) */ ++ u16 cn_offset; /* Offset of commonName (CN) */ ++ u16 email_offset; /* Offset of emailAddress */ ++}; ++ ++/* ++ * Free an X.509 certificate ++ */ ++void x509_free_certificate(struct x509_certificate *cert) ++{ ++ if (cert) { ++ public_key_destroy(cert->pub); ++ kfree(cert->issuer); ++ kfree(cert->subject); ++ kfree(cert->fingerprint); ++ kfree(cert->authority); ++ kfree(cert); ++ } ++} ++ ++/* ++ * Parse an X.509 certificate ++ */ ++struct x509_certificate *x509_cert_parse(const void *data, size_t datalen) ++{ ++ struct x509_certificate *cert; ++ struct x509_parse_context *ctx; ++ long ret; ++ ++ ret = -ENOMEM; ++ cert = kzalloc(sizeof(struct x509_certificate), GFP_KERNEL); ++ if (!cert) ++ goto error_no_cert; ++ cert->pub = kzalloc(sizeof(struct public_key), GFP_KERNEL); ++ if (!cert->pub) ++ goto error_no_ctx; ++ ctx = kzalloc(sizeof(struct x509_parse_context), GFP_KERNEL); ++ if (!ctx) ++ goto error_no_ctx; ++ ++ ctx->cert = cert; ++ ctx->data = (unsigned long)data; ++ ++ /* Attempt to decode the certificate */ ++ ret = asn1_ber_decoder(&x509_decoder, ctx, data, datalen); ++ if (ret < 0) ++ goto error_decode; ++ ++ /* Decode the public key */ ++ ret = asn1_ber_decoder(&x509_rsakey_decoder, ctx, ++ ctx->key, ctx->key_size); ++ if (ret < 0) ++ goto error_decode; ++ ++ kfree(ctx); ++ return cert; ++ ++error_decode: ++ kfree(ctx); ++error_no_ctx: ++ x509_free_certificate(cert); ++error_no_cert: ++ return ERR_PTR(ret); ++} ++ ++/* ++ * Note an OID when we find one for later processing when we know how ++ * to interpret it. ++ */ ++int x509_note_OID(void *context, size_t hdrlen, ++ unsigned char tag, ++ const void *value, size_t vlen) ++{ ++ struct x509_parse_context *ctx = context; ++ ++ ctx->last_oid = look_up_OID(value, vlen); ++ if (ctx->last_oid == OID__NR) { ++ char buffer[50]; ++ sprint_oid(value, vlen, buffer, sizeof(buffer)); ++ pr_debug("Unknown OID: [%zu] %s\n", ++ (unsigned long)value - ctx->data, buffer); ++ } ++ return 0; ++} ++ ++/* ++ * Save the position of the TBS data so that we can check the signature over it ++ * later. ++ */ ++int x509_note_tbs_certificate(void *context, size_t hdrlen, ++ unsigned char tag, ++ const void *value, size_t vlen) ++{ ++ struct x509_parse_context *ctx = context; ++ ++ pr_debug("x509_note_tbs_certificate(,%zu,%02x,%ld,%zu)!\n", ++ hdrlen, tag, (unsigned long)value - ctx->data, vlen); ++ ++ ctx->cert->tbs = value - hdrlen; ++ ctx->cert->tbs_size = vlen + hdrlen; ++ return 0; ++} ++ ++/* ++ * Record the public key algorithm ++ */ ++int x509_note_pkey_algo(void *context, size_t hdrlen, ++ unsigned char tag, ++ const void *value, size_t vlen) ++{ ++ struct x509_parse_context *ctx = context; ++ ++ pr_debug("PubKey Algo: %u\n", ctx->last_oid); ++ ++ switch (ctx->last_oid) { ++ case OID_md2WithRSAEncryption: ++ case OID_md3WithRSAEncryption: ++ default: ++ return -ENOPKG; /* Unsupported combination */ ++ ++ case OID_md4WithRSAEncryption: ++ ctx->cert->sig_hash_algo = PKEY_HASH_MD5; ++ ctx->cert->sig_pkey_algo = PKEY_ALGO_RSA; ++ break; ++ ++ case OID_sha1WithRSAEncryption: ++ ctx->cert->sig_hash_algo = PKEY_HASH_SHA1; ++ ctx->cert->sig_pkey_algo = PKEY_ALGO_RSA; ++ break; ++ ++ case OID_sha256WithRSAEncryption: ++ ctx->cert->sig_hash_algo = PKEY_HASH_SHA256; ++ ctx->cert->sig_pkey_algo = PKEY_ALGO_RSA; ++ break; ++ ++ case OID_sha384WithRSAEncryption: ++ ctx->cert->sig_hash_algo = PKEY_HASH_SHA384; ++ ctx->cert->sig_pkey_algo = PKEY_ALGO_RSA; ++ break; ++ ++ case OID_sha512WithRSAEncryption: ++ ctx->cert->sig_hash_algo = PKEY_HASH_SHA512; ++ ctx->cert->sig_pkey_algo = PKEY_ALGO_RSA; ++ break; ++ ++ case OID_sha224WithRSAEncryption: ++ ctx->cert->sig_hash_algo = PKEY_HASH_SHA224; ++ ctx->cert->sig_pkey_algo = PKEY_ALGO_RSA; ++ break; ++ } ++ ++ ctx->algo_oid = ctx->last_oid; ++ return 0; ++} ++ ++/* ++ * Note the whereabouts and type of the signature. ++ */ ++int x509_note_signature(void *context, size_t hdrlen, ++ unsigned char tag, ++ const void *value, size_t vlen) ++{ ++ struct x509_parse_context *ctx = context; ++ ++ pr_debug("Signature type: %u size %zu\n", ctx->last_oid, vlen); ++ ++ if (ctx->last_oid != ctx->algo_oid) { ++ pr_warn("Got cert with pkey (%u) and sig (%u) algorithm OIDs\n", ++ ctx->algo_oid, ctx->last_oid); ++ return -EINVAL; ++ } ++ ++ ctx->cert->sig = value; ++ ctx->cert->sig_size = vlen; ++ return 0; ++} ++ ++/* ++ * Note some of the name segments from which we'll fabricate a name. ++ */ ++int x509_extract_name_segment(void *context, size_t hdrlen, ++ unsigned char tag, ++ const void *value, size_t vlen) ++{ ++ struct x509_parse_context *ctx = context; ++ ++ switch (ctx->last_oid) { ++ case OID_commonName: ++ ctx->cn_size = vlen; ++ ctx->cn_offset = (unsigned long)value - ctx->data; ++ break; ++ case OID_organizationName: ++ ctx->o_size = vlen; ++ ctx->o_offset = (unsigned long)value - ctx->data; ++ break; ++ case OID_email_address: ++ ctx->email_size = vlen; ++ ctx->email_offset = (unsigned long)value - ctx->data; ++ break; ++ default: ++ break; ++ } ++ ++ return 0; ++} ++ ++/* ++ * Fabricate and save the issuer and subject names ++ */ ++static int x509_fabricate_name(struct x509_parse_context *ctx, size_t hdrlen, ++ unsigned char tag, ++ char **_name, size_t vlen) ++{ ++ const void *name, *data = (const void *)ctx->data; ++ size_t namesize; ++ char *buffer; ++ ++ if (*_name) ++ return -EINVAL; ++ ++ /* Empty name string if no material */ ++ if (!ctx->cn_size && !ctx->o_size && !ctx->email_size) { ++ buffer = kmalloc(1, GFP_KERNEL); ++ if (!buffer) ++ return -ENOMEM; ++ buffer[0] = 0; ++ goto done; ++ } ++ ++ if (ctx->cn_size && ctx->o_size) { ++ /* Consider combining O and CN, but use only the CN if it is ++ * prefixed by the O, or a significant portion thereof. ++ */ ++ namesize = ctx->cn_size; ++ name = data + ctx->cn_offset; ++ if (ctx->cn_size >= ctx->o_size && ++ memcmp(data + ctx->cn_offset, data + ctx->o_offset, ++ ctx->o_size) == 0) ++ goto single_component; ++ if (ctx->cn_size >= 7 && ++ ctx->o_size >= 7 && ++ memcmp(data + ctx->cn_offset, data + ctx->o_offset, 7) == 0) ++ goto single_component; ++ ++ buffer = kmalloc(ctx->o_size + 2 + ctx->cn_size + 1, ++ GFP_KERNEL); ++ if (!buffer) ++ return -ENOMEM; ++ ++ memcpy(buffer, ++ data + ctx->o_offset, ctx->o_size); ++ buffer[ctx->o_size + 0] = ':'; ++ buffer[ctx->o_size + 1] = ' '; ++ memcpy(buffer + ctx->o_size + 2, ++ data + ctx->cn_offset, ctx->cn_size); ++ buffer[ctx->o_size + 2 + ctx->cn_size] = 0; ++ goto done; ++ ++ } else if (ctx->cn_size) { ++ namesize = ctx->cn_size; ++ name = data + ctx->cn_offset; ++ } else if (ctx->o_size) { ++ namesize = ctx->o_size; ++ name = data + ctx->o_offset; ++ } else { ++ namesize = ctx->email_size; ++ name = data + ctx->email_offset; ++ } ++ ++single_component: ++ buffer = kmalloc(namesize + 1, GFP_KERNEL); ++ if (!buffer) ++ return -ENOMEM; ++ memcpy(buffer, name, namesize); ++ buffer[namesize] = 0; ++ ++done: ++ *_name = buffer; ++ ctx->cn_size = 0; ++ ctx->o_size = 0; ++ ctx->email_size = 0; ++ return 0; ++} ++ ++int x509_note_issuer(void *context, size_t hdrlen, ++ unsigned char tag, ++ const void *value, size_t vlen) ++{ ++ struct x509_parse_context *ctx = context; ++ return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->issuer, vlen); ++} ++ ++int x509_note_subject(void *context, size_t hdrlen, ++ unsigned char tag, ++ const void *value, size_t vlen) ++{ ++ struct x509_parse_context *ctx = context; ++ return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->subject, vlen); ++} ++ ++/* ++ * Extract the data for the public key algorithm ++ */ ++int x509_extract_key_data(void *context, size_t hdrlen, ++ unsigned char tag, ++ const void *value, size_t vlen) ++{ ++ struct x509_parse_context *ctx = context; ++ ++ if (ctx->last_oid != OID_rsaEncryption) ++ return -ENOPKG; ++ ++ /* There seems to be an extraneous 0 byte on the front of the data */ ++ ctx->cert->pkey_algo = PKEY_ALGO_RSA; ++ ctx->key = value + 1; ++ ctx->key_size = vlen - 1; ++ return 0; ++} ++ ++/* ++ * Extract a RSA public key value ++ */ ++int rsa_extract_mpi(void *context, size_t hdrlen, ++ unsigned char tag, ++ const void *value, size_t vlen) ++{ ++ struct x509_parse_context *ctx = context; ++ MPI mpi; ++ ++ if (ctx->nr_mpi >= ARRAY_SIZE(ctx->cert->pub->mpi)) { ++ pr_err("Too many public key MPIs in certificate\n"); ++ return -EBADMSG; ++ } ++ ++ mpi = mpi_read_raw_data(value, vlen); ++ if (!mpi) ++ return -ENOMEM; ++ ++ ctx->cert->pub->mpi[ctx->nr_mpi++] = mpi; ++ return 0; ++} ++ ++/* ++ * Process certificate extensions that are used to qualify the certificate. ++ */ ++int x509_process_extension(void *context, size_t hdrlen, ++ unsigned char tag, ++ const void *value, size_t vlen) ++{ ++ struct x509_parse_context *ctx = context; ++ const unsigned char *v = value; ++ char *f; ++ int i; ++ ++ pr_debug("Extension: %u\n", ctx->last_oid); ++ ++ if (ctx->last_oid == OID_subjectKeyIdentifier) { ++ /* Get hold of the key fingerprint */ ++ if (vlen < 3) ++ return -EBADMSG; ++ if (v[0] != ASN1_OTS || v[1] != vlen - 2) ++ return -EBADMSG; ++ v += 2; ++ vlen -= 2; ++ ++ f = kmalloc(vlen * 2 + 1, GFP_KERNEL); ++ if (!f) ++ return -ENOMEM; ++ for (i = 0; i < vlen; i++) ++ sprintf(f + i * 2, "%02x", v[i]); ++ pr_debug("fingerprint %s\n", f); ++ ctx->cert->fingerprint = f; ++ return 0; ++ } ++ ++ if (ctx->last_oid == OID_authorityKeyIdentifier) { ++ /* Get hold of the CA key fingerprint */ ++ if (vlen < 5) ++ return -EBADMSG; ++ if (v[0] != (ASN1_SEQ | (ASN1_CONS << 5)) || ++ v[1] != vlen - 2 || ++ v[2] != (ASN1_CONT << 6) || ++ v[3] != vlen - 4) ++ return -EBADMSG; ++ v += 4; ++ vlen -= 4; ++ ++ f = kmalloc(vlen * 2 + 1, GFP_KERNEL); ++ if (!f) ++ return -ENOMEM; ++ for (i = 0; i < vlen; i++) ++ sprintf(f + i * 2, "%02x", v[i]); ++ pr_debug("authority %s\n", f); ++ ctx->cert->authority = f; ++ return 0; ++ } ++ ++ return 0; ++} ++ ++/* ++ * Record a certificate time. ++ */ ++static int x509_note_time(time_t *_time, size_t hdrlen, ++ unsigned char tag, ++ const unsigned char *value, size_t vlen) ++{ ++ unsigned YY, MM, DD, hh, mm, ss; ++ const unsigned char *p = value; ++ ++#define dec2bin(X) ((X) - '0') ++#define DD2bin(P) ({ unsigned x = dec2bin(P[0]) * 10 + dec2bin(P[1]); P += 2; x; }) ++ ++ if (tag == ASN1_UNITIM) { ++ /* UTCTime: YYMMDDHHMMSSZ */ ++ if (vlen != 13) ++ goto unsupported_time; ++ YY = DD2bin(p); ++ if (YY > 50) ++ YY += 1900; ++ else ++ YY += 2000; ++ } else if (tag == ASN1_GENTIM) { ++ /* GenTime: YYYYMMDDHHMMSSZ */ ++ if (vlen != 15) ++ goto unsupported_time; ++ YY = DD2bin(p) * 100 + DD2bin(p); ++ } else { ++ goto unsupported_time; ++ } ++ ++ MM = DD2bin(p); ++ DD = DD2bin(p); ++ hh = DD2bin(p); ++ mm = DD2bin(p); ++ ss = DD2bin(p); ++ ++ if (*p != 'Z') ++ goto unsupported_time; ++ ++ *_time = mktime(YY, MM, DD, hh, mm, ss); ++ return 0; ++ ++unsupported_time: ++ pr_debug("Got unsupported time [tag %02x]: '%*.*s'\n", ++ tag, (int)vlen, (int)vlen, value); ++ return -EBADMSG; ++} ++ ++int x509_note_not_before(void *context, size_t hdrlen, ++ unsigned char tag, ++ const void *value, size_t vlen) ++{ ++ struct x509_parse_context *ctx = context; ++ return x509_note_time(&ctx->cert->valid_from, hdrlen, tag, value, vlen); ++} ++ ++int x509_note_not_after(void *context, size_t hdrlen, ++ unsigned char tag, ++ const void *value, size_t vlen) ++{ ++ struct x509_parse_context *ctx = context; ++ return x509_note_time(&ctx->cert->valid_to, hdrlen, tag, value, vlen); ++} +diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h +new file mode 100644 +index 0000000..635053f +--- /dev/null ++++ b/crypto/asymmetric_keys/x509_parser.h +@@ -0,0 +1,36 @@ ++/* X.509 certificate parser internal definitions ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#include ++ ++struct x509_certificate { ++ struct x509_certificate *next; ++ struct public_key *pub; /* Public key details */ ++ char *issuer; /* Name of certificate issuer */ ++ char *subject; /* Name of certificate subject */ ++ char *fingerprint; /* Key fingerprint as hex */ ++ char *authority; /* Authority key fingerprint as hex */ ++ time_t valid_from; ++ time_t valid_to; ++ enum pkey_algo pkey_algo : 8; /* Public key algorithm */ ++ enum pkey_algo sig_pkey_algo : 8; /* Signature public key algorithm */ ++ enum pkey_hash_algo sig_hash_algo : 8; /* Signature hash algorithm */ ++ const void *tbs; /* Signed data */ ++ size_t tbs_size; /* Size of signed data */ ++ const void *sig; /* Signature data */ ++ size_t sig_size; /* Size of sigature */ ++}; ++ ++/* ++ * x509_cert_parser.c ++ */ ++extern void x509_free_certificate(struct x509_certificate *cert); ++extern struct x509_certificate *x509_cert_parse(const void *data, size_t datalen); +diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c +new file mode 100644 +index 0000000..716917c +--- /dev/null ++++ b/crypto/asymmetric_keys/x509_public_key.c +@@ -0,0 +1,207 @@ ++/* Instantiate a public key crypto key from an X.509 Certificate ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#define pr_fmt(fmt) "X.509: "fmt ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include "asymmetric_keys.h" ++#include "public_key.h" ++#include "x509_parser.h" ++ ++static const ++struct public_key_algorithm *x509_public_key_algorithms[PKEY_ALGO__LAST] = { ++ [PKEY_ALGO_DSA] = NULL, ++#if defined(CONFIG_PUBLIC_KEY_ALGO_RSA) || \ ++ defined(CONFIG_PUBLIC_KEY_ALGO_RSA_MODULE) ++ [PKEY_ALGO_RSA] = &RSA_public_key_algorithm, ++#endif ++}; ++ ++/* ++ * Check the signature on a certificate using the provided public key ++ */ ++static int x509_check_signature(const struct public_key *pub, ++ const struct x509_certificate *cert) ++{ ++ struct public_key_signature *sig; ++ struct crypto_shash *tfm; ++ struct shash_desc *desc; ++ size_t digest_size, desc_size; ++ int ret; ++ ++ pr_devel("==>%s()\n", __func__); ++ ++ /* Allocate the hashing algorithm we're going to need and find out how ++ * big the hash operational data will be. ++ */ ++ tfm = crypto_alloc_shash(pkey_hash_algo[cert->sig_hash_algo], 0, 0); ++ if (IS_ERR(tfm)) ++ return (PTR_ERR(tfm) == -ENOENT) ? -ENOPKG : PTR_ERR(tfm); ++ ++ desc_size = crypto_shash_descsize(tfm) + sizeof(*desc); ++ digest_size = crypto_shash_digestsize(tfm); ++ ++ /* We allocate the hash operational data storage on the end of our ++ * context data. ++ */ ++ ret = -ENOMEM; ++ sig = kzalloc(sizeof(*sig) + desc_size + digest_size, GFP_KERNEL); ++ if (!sig) ++ goto error_no_sig; ++ ++ sig->pkey_hash_algo = cert->sig_hash_algo; ++ sig->digest = (u8 *)sig + sizeof(*sig) + desc_size; ++ sig->digest_size = digest_size; ++ ++ desc = (void *)sig + sizeof(*sig); ++ desc->tfm = tfm; ++ desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; ++ ++ ret = crypto_shash_init(desc); ++ if (ret < 0) ++ goto error; ++ ++ ret = -ENOMEM; ++ sig->rsa.s = mpi_read_raw_data(cert->sig, cert->sig_size); ++ if (!sig->rsa.s) ++ goto error; ++ ++ ret = crypto_shash_finup(desc, cert->tbs, cert->tbs_size, sig->digest); ++ if (ret < 0) ++ goto error_mpi; ++ ++ ret = pub->algo->verify_signature(pub, sig); ++ ++ pr_debug("Cert Verification: %d\n", ret); ++ ++error_mpi: ++ mpi_free(sig->rsa.s); ++error: ++ kfree(sig); ++error_no_sig: ++ crypto_free_shash(tfm); ++ ++ pr_devel("<==%s() = %d\n", __func__, ret); ++ return ret; ++} ++ ++/* ++ * Attempt to parse a data blob for a key as an X509 certificate. ++ */ ++static int x509_key_preparse(struct key_preparsed_payload *prep) ++{ ++ struct x509_certificate *cert; ++ time_t now; ++ size_t srlen, sulen; ++ char *desc = NULL; ++ int ret; ++ ++ cert = x509_cert_parse(prep->data, prep->datalen); ++ if (IS_ERR(cert)) ++ return PTR_ERR(cert); ++ ++ pr_devel("Cert Issuer: %s\n", cert->issuer); ++ pr_devel("Cert Subject: %s\n", cert->subject); ++ pr_devel("Cert Key Algo: %s\n", pkey_algo[cert->pkey_algo]); ++ pr_devel("Cert Valid: %lu - %lu\n", cert->valid_from, cert->valid_to); ++ pr_devel("Cert Signature: %s + %s\n", ++ pkey_algo[cert->sig_pkey_algo], ++ pkey_hash_algo[cert->sig_hash_algo]); ++ ++ if (!cert->fingerprint || !cert->authority) { ++ pr_warn("Cert for '%s' must have SubjKeyId and AuthKeyId extensions\n", ++ cert->subject); ++ ret = -EKEYREJECTED; ++ goto error_free_cert; ++ } ++ ++ now = CURRENT_TIME.tv_sec; ++ if (now < cert->valid_from) { ++ pr_warn("Cert %s is not yet valid\n", cert->fingerprint); ++ ret = -EKEYREJECTED; ++ goto error_free_cert; ++ } ++ if (now >= cert->valid_to) { ++ pr_warn("Cert %s has expired\n", cert->fingerprint); ++ ret = -EKEYEXPIRED; ++ goto error_free_cert; ++ } ++ ++ cert->pub->algo = x509_public_key_algorithms[cert->pkey_algo]; ++ cert->pub->id_type = PKEY_ID_X509; ++ ++ /* Check the signature on the key */ ++ if (strcmp(cert->fingerprint, cert->authority) == 0) { ++ ret = x509_check_signature(cert->pub, cert); ++ if (ret < 0) ++ goto error_free_cert; ++ } ++ ++ /* Propose a description */ ++ sulen = strlen(cert->subject); ++ srlen = strlen(cert->fingerprint); ++ ret = -ENOMEM; ++ desc = kmalloc(sulen + 2 + srlen + 1, GFP_KERNEL); ++ if (!desc) ++ goto error_free_cert; ++ memcpy(desc, cert->subject, sulen); ++ desc[sulen] = ':'; ++ desc[sulen + 1] = ' '; ++ memcpy(desc + sulen + 2, cert->fingerprint, srlen); ++ desc[sulen + 2 + srlen] = 0; ++ ++ /* We're pinning the module by being linked against it */ ++ __module_get(public_key_subtype.owner); ++ prep->type_data[0] = &public_key_subtype; ++ prep->type_data[1] = cert->fingerprint; ++ prep->payload = cert->pub; ++ prep->description = desc; ++ prep->quotalen = 100; ++ ++ /* We've finished with the certificate */ ++ cert->pub = NULL; ++ cert->fingerprint = NULL; ++ desc = NULL; ++ ret = 0; ++ ++error_free_cert: ++ x509_free_certificate(cert); ++ return ret; ++} ++ ++static struct asymmetric_key_parser x509_key_parser = { ++ .owner = THIS_MODULE, ++ .name = "x509", ++ .parse = x509_key_preparse, ++}; ++ ++/* ++ * Module stuff ++ */ ++static int __init x509_key_init(void) ++{ ++ return register_asymmetric_key_parser(&x509_key_parser); ++} ++ ++static void __exit x509_key_exit(void) ++{ ++ unregister_asymmetric_key_parser(&x509_key_parser); ++} ++ ++module_init(x509_key_init); ++module_exit(x509_key_exit); +diff --git a/crypto/asymmetric_keys/x509_rsakey.asn1 b/crypto/asymmetric_keys/x509_rsakey.asn1 +new file mode 100644 +index 0000000..4ec7cc6 +--- /dev/null ++++ b/crypto/asymmetric_keys/x509_rsakey.asn1 +@@ -0,0 +1,4 @@ ++RSAPublicKey ::= SEQUENCE { ++ modulus INTEGER ({ rsa_extract_mpi }), -- n ++ publicExponent INTEGER ({ rsa_extract_mpi }) -- e ++ } +-- +1.7.11.4 + + +From 955fc6ec995f6bec6c487eb46027e108e240ebe3 Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Mon, 24 Sep 2012 17:13:25 +0100 +Subject: [PATCH 18/26] MOD: Fix Rusty's module_sig_check() + +Make the following fixes to Rusty's module_sig_check() function: + + (1) mod_verify_sig() is not defined, resulting in a compilation error and + thereby breaking git bisect, so provide a dummy that returns an error. + + (2) Using strlen() on a static string is a waste of resources. Further, you + may end up with two copies of the string emitted. + + (3) Doing a memchr() of the bytes beyond the last position that the marker + can be in is a waste of resources. + +While we're at it, push responsibility for the return value entirely off to +mod_verify_sig() if we find a signature. + +Signed-off-by: David Howells +--- + kernel/Makefile | 1 + + kernel/module-internal.h | 14 ++++++++++++++ + kernel/module.c | 41 +++++++++++++++++++++++------------------ + kernel/module_signing.c | 23 +++++++++++++++++++++++ + 4 files changed, 61 insertions(+), 18 deletions(-) + create mode 100644 kernel/module-internal.h + create mode 100644 kernel/module_signing.c + +diff --git a/kernel/Makefile b/kernel/Makefile +index c0cc67a..08ba8a6 100644 +--- a/kernel/Makefile ++++ b/kernel/Makefile +@@ -55,6 +55,7 @@ obj-$(CONFIG_DEBUG_SPINLOCK) += spinlock.o + obj-$(CONFIG_PROVE_LOCKING) += spinlock.o + obj-$(CONFIG_UID16) += uid16.o + obj-$(CONFIG_MODULES) += module.o ++obj-$(CONFIG_MODULE_SIG) += module_signing.o + obj-$(CONFIG_KALLSYMS) += kallsyms.o + obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o + obj-$(CONFIG_KEXEC) += kexec.o +diff --git a/kernel/module-internal.h b/kernel/module-internal.h +new file mode 100644 +index 0000000..14da0ea +--- /dev/null ++++ b/kernel/module-internal.h +@@ -0,0 +1,14 @@ ++/* Module internals ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++extern int mod_verify_sig(const void *mod, unsigned long modlen, ++ const void *sig, unsigned long siglen, ++ bool *_sig_ok); +diff --git a/kernel/module.c b/kernel/module.c +index 5c6f65c..ab69599 100644 +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -58,6 +58,7 @@ + #include + #include + #include ++#include "module-internal.h" + + #define CREATE_TRACE_POINTS + #include +@@ -2438,34 +2439,38 @@ static inline void kmemleak_load_module(const struct module *mod, + #endif + + #ifdef CONFIG_MODULE_SIG ++ + static int module_sig_check(struct load_info *info, + const void *mod, unsigned long *len) + { ++ static const char module_sig_string[] = MODULE_SIG_STRING; + int err = 0; +- const unsigned long markerlen = strlen(MODULE_SIG_STRING); +- const void *p = mod, *end = mod + *len; +- +- /* Poor man's memmem. */ +- while ((p = memchr(p, MODULE_SIG_STRING[0], end - p))) { +- if (p + markerlen > end) +- break; +- +- if (memcmp(p, MODULE_SIG_STRING, markerlen) == 0) { +- const void *sig = p + markerlen; +- /* Truncate module up to signature. */ +- *len = p - mod; +- err = mod_verify_sig(mod, *len, +- sig, end - sig, +- &info->sig_ok); +- break; +- } +- p++; ++ const unsigned long markerlen = sizeof(module_sig_string) - 1; ++ const void *p = mod, *end = mod + *len, *sig; ++ const void *limit = end - markerlen - 1; ++ ++ if (markerlen < *len) { ++ /* Poor man's memmem. */ ++ do { ++ p = memchr(p, MODULE_SIG_STRING[0], limit - p); ++ if (!p) ++ break; ++ if (memcmp(p, module_sig_string, markerlen) != 0) ++ continue; ++ goto found_marker; ++ } while (++p < limit); + } + + /* Not having a signature is only an error if we're strict. */ + if (!err && !info->sig_ok && sig_enforce) + err = -EKEYREJECTED; + return err; ++ ++found_marker: ++ sig = p + markerlen; ++ /* Truncate module up to signature. */ ++ *len = p - mod; ++ return mod_verify_sig(mod, *len, sig, end - sig, &info->sig_ok); + } + #else /* !CONFIG_MODULE_SIG */ + static int module_sig_check(struct load_info *info, +diff --git a/kernel/module_signing.c b/kernel/module_signing.c +new file mode 100644 +index 0000000..0af10a5 +--- /dev/null ++++ b/kernel/module_signing.c +@@ -0,0 +1,23 @@ ++/* Module signature checker ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#include ++#include "module-internal.h" ++ ++/* ++ * Verify the signature on a module. ++ */ ++int mod_verify_sig(const void *mod, unsigned long modlen, ++ const void *sig, unsigned long siglen, ++ bool *_sig_ok) ++{ ++ return -EKEYREJECTED; ++} +-- +1.7.11.4 + + +From 4c31831859550149cdba65a37d72416c87dbbef6 Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Mon, 24 Sep 2012 17:13:25 +0100 +Subject: [PATCH 19/26] MODSIGN: Provide gitignore and make clean rules for + extra files + +Provide gitignore and make clean rules for extra files to hide and clean up the +extra files produced by module signing stuff once it is added. Also add a +clean up rule for the module content extractor program used to extract the data +to be signed. + +Signed-off-by: David Howells +--- + .gitignore | 13 +++++++++++++ + Makefile | 1 + + 2 files changed, 14 insertions(+) + +diff --git a/.gitignore b/.gitignore +index 57af07c..9736304 100644 +--- a/.gitignore ++++ b/.gitignore +@@ -14,6 +14,10 @@ + *.o.* + *.a + *.s ++*.ko.unsigned ++*.ko.stripped ++*.ko.stripped.dig ++*.ko.stripped.sig + *.ko + *.so + *.so.dbg +@@ -84,3 +88,12 @@ GTAGS + *.orig + *~ + \#*# ++ ++# ++# Leavings from module signing ++# ++extra_certificates ++signing_key.priv ++signing_key.x509 ++signing_key.x509.keyid ++signing_key.x509.signer +diff --git a/Makefile b/Makefile +index 371ce88..644048d 100644 +--- a/Makefile ++++ b/Makefile +@@ -1239,6 +1239,7 @@ clean: $(clean-dirs) + $(call cmd,rmfiles) + @find $(if $(KBUILD_EXTMOD), $(KBUILD_EXTMOD), .) $(RCS_FIND_IGNORE) \ + \( -name '*.[oas]' -o -name '*.ko' -o -name '.*.cmd' \ ++ -o -name '*.ko.*' \ + -o -name '.*.d' -o -name '.*.tmp' -o -name '*.mod.c' \ + -o -name '*.symtypes' -o -name 'modules.order' \ + -o -name modules.builtin -o -name '.tmp_*.o.*' \ +-- +1.7.11.4 + + +From 6977e69eef4379f34a2ad264856d74ac292284df Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Mon, 24 Sep 2012 17:13:25 +0100 +Subject: [PATCH 20/26] MODSIGN: Provide Kconfig options + +Provide kernel configuration options for module signing. + +The following configuration options are added: + + CONFIG_MODULE_SIG_SHA1 + CONFIG_MODULE_SIG_SHA224 + CONFIG_MODULE_SIG_SHA256 + CONFIG_MODULE_SIG_SHA384 + CONFIG_MODULE_SIG_SHA512 + +These select the cryptographic hash used to digest the data prior to signing. +Additionally, the crypto module selected will be built into the kernel as it +won't be possible to load it as a module without incurring a circular +dependency when the kernel tries to check its signature. + +Signed-off-by: David Howells +--- + init/Kconfig | 38 ++++++++++++++++++++++++++++++++++++++ + 1 file changed, 38 insertions(+) + +diff --git a/init/Kconfig b/init/Kconfig +index fa8ccad..00d4579 100644 +--- a/init/Kconfig ++++ b/init/Kconfig +@@ -1593,12 +1593,50 @@ config MODULE_SIG + is simply appended to the module. For more information see + Documentation/module-signing.txt. + ++ !!!WARNING!!! If you enable this option, you MUST make sure that the ++ module DOES NOT get stripped after being signed. This includes the ++ debuginfo strip done by some packagers (such as rpmbuild) and ++ inclusion into an initramfs that wants the module size reduced. ++ + config MODULE_SIG_FORCE + bool "Require modules to be validly signed" + depends on MODULE_SIG + help + Reject unsigned modules or signed modules for which we don't have a + key. Without this, such modules will simply taint the kernel. ++ ++choice ++ prompt "Which hash algorithm should modules be signed with?" ++ depends on MODULE_SIG ++ help ++ This determines which sort of hashing algorithm will be used during ++ signature generation. This algorithm _must_ be built into the kernel ++ directly so that signature verification can take place. It is not ++ possible to load a signed module containing the algorithm to check ++ the signature on that module. ++ ++config MODULE_SIG_SHA1 ++ bool "Sign modules with SHA-1" ++ select CRYPTO_SHA1 ++ ++config MODULE_SIG_SHA224 ++ bool "Sign modules with SHA-224" ++ select CRYPTO_SHA256 ++ ++config MODULE_SIG_SHA256 ++ bool "Sign modules with SHA-256" ++ select CRYPTO_SHA256 ++ ++config MODULE_SIG_SHA384 ++ bool "Sign modules with SHA-384" ++ select CRYPTO_SHA512 ++ ++config MODULE_SIG_SHA512 ++ bool "Sign modules with SHA-512" ++ select CRYPTO_SHA512 ++ ++endchoice ++ + endif # MODULES + + config INIT_ALL_POSSIBLE +-- +1.7.11.4 + + +From 60378703cf88ed221ee602727c37ae241565d44a Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Mon, 24 Sep 2012 17:13:25 +0100 +Subject: [PATCH 21/26] MODSIGN: Automatically generate module signing keys if + missing + +Automatically generate keys for module signing if they're absent so that +allyesconfig doesn't break. The builder should consider generating their own +key and certificate, however, so that the keys are appropriately named. + +The private key for the module signer should be placed in signing_key.priv +(unencrypted!) and the public key in an X.509 certificate as signing_key.x509. + +If a transient key is desired for signing the modules, a config file for +'openssl req' can be placed in x509.genkey, looking something like the +following: + + [ req ] + default_bits = 4096 + distinguished_name = req_distinguished_name + prompt = no + x509_extensions = myexts + + [ req_distinguished_name ] + O = Magarathea + CN = Glacier signing key + emailAddress = slartibartfast@magrathea.h2g2 + + [ myexts ] + basicConstraints=critical,CA:FALSE + keyUsage=digitalSignature + subjectKeyIdentifier=hash + authorityKeyIdentifier=hash + +The build process will use this to configure: + + openssl req -new -nodes -utf8 -sha1 -days 36500 -batch \ + -x509 -config x509.genkey \ + -outform DER -out signing_key.x509 \ + -keyout signing_key.priv + +to generate the key. + +Note that it is required that the X.509 certificate have a subjectKeyIdentifier +and an authorityKeyIdentifier. Without those, the certificate will be +rejected. These can be used to check the validity of a certificate. + +Note that 'make distclean' will remove signing_key.{priv,x509} and x509.genkey, +whether or not they were generated automatically. + +Signed-off-by: David Howells +--- + kernel/Makefile | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 49 insertions(+) + +diff --git a/kernel/Makefile b/kernel/Makefile +index 08ba8a6..83f1565 100644 +--- a/kernel/Makefile ++++ b/kernel/Makefile +@@ -132,3 +132,52 @@ quiet_cmd_timeconst = TIMEC $@ + targets += timeconst.h + $(obj)/timeconst.h: $(src)/timeconst.pl FORCE + $(call if_changed,timeconst) ++ ++ifeq ($(CONFIG_MODULE_SIG),y) ++ ++############################################################################### ++# ++# If module signing is requested, say by allyesconfig, but a key has not been ++# supplied, then one will need to be generated to make sure the build does not ++# fail and that the kernel may be used afterwards. ++# ++############################################################################### ++signing_key.priv signing_key.x509: x509.genkey ++ @echo "###" ++ @echo "### Now generating an X.509 key pair to be used for signing modules." ++ @echo "###" ++ @echo "### If this takes a long time, you might wish to run rngd in the" ++ @echo "### background to keep the supply of entropy topped up. It" ++ @echo "### needs to be run as root, and should use a hardware random" ++ @echo "### number generator if one is available, eg:" ++ @echo "###" ++ @echo "### rngd -r /dev/hwrandom" ++ @echo "###" ++ openssl req -new -nodes -utf8 -sha1 -days 36500 -batch \ ++ -x509 -config x509.genkey \ ++ -outform DER -out signing_key.x509 \ ++ -keyout signing_key.priv ++ @echo "###" ++ @echo "### Key pair generated." ++ @echo "###" ++ ++x509.genkey: ++ @echo Generating X.509 key generation config ++ @echo >x509.genkey "[ req ]" ++ @echo >>x509.genkey "default_bits = 4096" ++ @echo >>x509.genkey "distinguished_name = req_distinguished_name" ++ @echo >>x509.genkey "prompt = no" ++ @echo >>x509.genkey "x509_extensions = myexts" ++ @echo >>x509.genkey ++ @echo >>x509.genkey "[ req_distinguished_name ]" ++ @echo >>x509.genkey "O = Magarathea" ++ @echo >>x509.genkey "CN = Glacier signing key" ++ @echo >>x509.genkey "emailAddress = slartibartfast@magrathea.h2g2" ++ @echo >>x509.genkey ++ @echo >>x509.genkey "[ myexts ]" ++ @echo >>x509.genkey "basicConstraints=critical,CA:FALSE" ++ @echo >>x509.genkey "keyUsage=digitalSignature" ++ @echo >>x509.genkey "subjectKeyIdentifier=hash" ++ @echo >>x509.genkey "authorityKeyIdentifier=keyid" ++endif ++CLEAN_FILES += signing_key.priv signing_key.x509 x509.genkey +-- +1.7.11.4 + + +From 798049d9df83c8fd87fd5ddb97a77054558f4361 Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Mon, 24 Sep 2012 17:13:25 +0100 +Subject: [PATCH 22/26] MODSIGN: Provide module signing public keys to the + kernel + +Include a PGP keyring containing the public keys required to perform module +verification in the kernel image during build and create a special keyring +during boot which is then populated with keys of crypto type holding the public +keys found in the PGP keyring. + +These can be seen by root: + +[root@andromeda ~]# cat /proc/keys +07ad4ee0 I----- 1 perm 3f010000 0 0 crypto modsign.0: RSA 87b9b3bd [] +15c7f8c3 I----- 1 perm 1f030000 0 0 keyring .module_sign: 1/4 +... + +It is probably worth permitting root to invalidate these keys, resulting in +their removal and preventing further modules from being loaded with that key. + +Signed-off-by: David Howells +--- + kernel/Makefile | 11 ++++- + kernel/modsign_pubkey.c | 112 +++++++++++++++++++++++++++++++++++++++++++++++ + kernel/module-internal.h | 2 + + 3 files changed, 123 insertions(+), 2 deletions(-) + create mode 100644 kernel/modsign_pubkey.c + +diff --git a/kernel/Makefile b/kernel/Makefile +index 83f1565..63f8386 100644 +--- a/kernel/Makefile ++++ b/kernel/Makefile +@@ -55,7 +55,7 @@ obj-$(CONFIG_DEBUG_SPINLOCK) += spinlock.o + obj-$(CONFIG_PROVE_LOCKING) += spinlock.o + obj-$(CONFIG_UID16) += uid16.o + obj-$(CONFIG_MODULES) += module.o +-obj-$(CONFIG_MODULE_SIG) += module_signing.o ++obj-$(CONFIG_MODULE_SIG) += module_signing.o modsign_pubkey.o + obj-$(CONFIG_KALLSYMS) += kallsyms.o + obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o + obj-$(CONFIG_KEXEC) += kexec.o +@@ -134,6 +134,13 @@ $(obj)/timeconst.h: $(src)/timeconst.pl FORCE + $(call if_changed,timeconst) + + ifeq ($(CONFIG_MODULE_SIG),y) ++# ++# Pull the signing certificate and any extra certificates into the kernel ++# ++extra_certificates: ++ touch $@ ++ ++kernel/modsign_pubkey.o: signing_key.x509 extra_certificates + + ############################################################################### + # +@@ -180,4 +187,4 @@ x509.genkey: + @echo >>x509.genkey "subjectKeyIdentifier=hash" + @echo >>x509.genkey "authorityKeyIdentifier=keyid" + endif +-CLEAN_FILES += signing_key.priv signing_key.x509 x509.genkey ++CLEAN_FILES += signing_key.priv signing_key.x509 x509.genkey extra_certificates +diff --git a/kernel/modsign_pubkey.c b/kernel/modsign_pubkey.c +new file mode 100644 +index 0000000..f504d9f +--- /dev/null ++++ b/kernel/modsign_pubkey.c +@@ -0,0 +1,112 @@ ++/* Public keys for module signature verification ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include "module-internal.h" ++ ++struct key *modsign_keyring; ++ ++extern __initdata const u8 modsign_certificate_list[]; ++extern __initdata const u8 modsign_certificate_list_end[]; ++asm(".section .init.data,\"aw\"\n" ++ "modsign_certificate_list:\n" ++ ".incbin \"signing_key.x509\"\n" ++ ".incbin \"extra_certificates\"\n" ++ "modsign_certificate_list_end:" ++ ); ++ ++/* ++ * We need to make sure ccache doesn't cache the .o file as it doesn't notice ++ * if modsign.pub changes. ++ */ ++static __initdata const char annoy_ccache[] = __TIME__ "foo"; ++ ++/* ++ * Load the compiled-in keys ++ */ ++static __init int module_verify_init(void) ++{ ++ pr_notice("Initialise module verification\n"); ++ ++ modsign_keyring = key_alloc(&key_type_keyring, ".module_sign", ++ 0, 0, current_cred(), ++ (KEY_POS_ALL & ~KEY_POS_SETATTR) | ++ KEY_USR_VIEW | KEY_USR_READ, ++ KEY_ALLOC_NOT_IN_QUOTA); ++ if (IS_ERR(modsign_keyring)) ++ panic("Can't allocate module signing keyring\n"); ++ ++ if (key_instantiate_and_link(modsign_keyring, NULL, 0, NULL, NULL) < 0) ++ panic("Can't instantiate module signing keyring\n"); ++ ++ return 0; ++} ++ ++/* ++ * Must be initialised before we try and load the keys into the keyring. ++ */ ++device_initcall(module_verify_init); ++ ++/* ++ * Load the compiled-in keys ++ */ ++static __init int load_module_signing_keys(void) ++{ ++ key_ref_t key; ++ const u8 *p, *end; ++ size_t plen; ++ ++ pr_notice("Loading module verification certificates\n"); ++ ++ end = modsign_certificate_list_end; ++ p = modsign_certificate_list; ++ while (p < end) { ++ /* Each cert begins with an ASN.1 SEQUENCE tag and must be more ++ * than 256 bytes in size. ++ */ ++ if (end - p < 4) ++ goto dodgy_cert; ++ if (p[0] != 0x30 && ++ p[1] != 0x82) ++ goto dodgy_cert; ++ plen = (p[2] << 8) | p[3]; ++ plen += 4; ++ if (plen > end - p) ++ goto dodgy_cert; ++ ++ key = key_create_or_update(make_key_ref(modsign_keyring, 1), ++ "asymmetric", ++ NULL, ++ p, ++ plen, ++ (KEY_POS_ALL & ~KEY_POS_SETATTR) | ++ KEY_USR_VIEW, ++ KEY_ALLOC_NOT_IN_QUOTA); ++ if (IS_ERR(key)) ++ pr_err("MODSIGN: Problem loading in-kernel X.509 certificate (%ld)\n", ++ PTR_ERR(key)); ++ else ++ pr_notice("MODSIGN: Loaded cert '%s'\n", ++ key_ref_to_ptr(key)->description); ++ p += plen; ++ } ++ ++ return 0; ++ ++dodgy_cert: ++ pr_err("MODSIGN: Problem parsing in-kernel X.509 certificate list\n"); ++ return 0; ++} ++late_initcall(load_module_signing_keys); +diff --git a/kernel/module-internal.h b/kernel/module-internal.h +index 14da0ea..648f481 100644 +--- a/kernel/module-internal.h ++++ b/kernel/module-internal.h +@@ -9,6 +9,8 @@ + * 2 of the Licence, or (at your option) any later version. + */ + ++extern struct key *modsign_keyring; ++ + extern int mod_verify_sig(const void *mod, unsigned long modlen, + const void *sig, unsigned long siglen, + bool *_sig_ok); +-- +1.7.11.4 + + +From dcac300c703bc9a237deab7c7f0301f3803a3a9a Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Mon, 24 Sep 2012 17:13:26 +0100 +Subject: [PATCH 23/26] MODSIGN: Implement module signature checking + +Check the signature on the module against the keys compiled into the kernel or +available in a hardware key store. + +Currently, only RSA keys are supported - though that's easy enough to change, +and the signature is expected to contain raw components (so not a PGP or +PKCS#7 formatted blob). + +The signature blob is expected to consist of the following pieces in order: + + (1) The binary identifier for the key. This is expected to match the + SubjectKeyIdentifier from an X.509 certificate. Only X.509 type + identifiers are currently supported. + + (2) The signature data, consisting of a series of MPIs in which each is in + the format of a 2-byte BE word sizes followed by the content data. + + (3) A 12 byte information block of the form: + + struct module_signature { + enum pkey_algo algo : 8; + enum pkey_hash_algo hash : 8; + enum pkey_id_type id_type : 8; + u8 __pad; + __be32 id_length; + __be32 sig_length; + }; + + The three enums are defined in crypto/public_key.h. + + 'algo' contains the public-key algorithm identifier (0->DSA, 1->RSA). + + 'hash' contains the digest algorithm identifier (0->MD4, 1->MD5, 2->SHA1, + etc.). + + 'id_type' contains the public-key identifier type (0->PGP, 1->X.509). + + '__pad' should be 0. + + 'id_length' should contain in the binary identifier length in BE form. + + 'sig_length' should contain in the signature data length in BE form. + + The lengths are in BE order rather than CPU order to make dealing with + cross-compilation easier. + +Signed-off-by: David Howells +--- + init/Kconfig | 8 ++ + kernel/module_signing.c | 223 +++++++++++++++++++++++++++++++++++++++++++++++- + 2 files changed, 230 insertions(+), 1 deletion(-) + +diff --git a/init/Kconfig b/init/Kconfig +index 00d4579..63fcbeb 100644 +--- a/init/Kconfig ++++ b/init/Kconfig +@@ -1588,6 +1588,14 @@ config MODULE_SRCVERSION_ALL + config MODULE_SIG + bool "Module signature verification" + depends on MODULES ++ select CONFIG_KEYS ++ select CONFIG_CRYPTO ++ select ASYMMETRIC_KEY_TYPE ++ select ASYMMETRIC_PUBLIC_KEY_SUBTYPE ++ select PUBLIC_KEY_ALGO_RSA ++ select ASN1 ++ select OID_REGISTRY ++ select X509_CERTIFICATE_PARSER + help + Check modules for valid signatures upon load: the signature + is simply appended to the module. For more information see +diff --git a/kernel/module_signing.c b/kernel/module_signing.c +index 0af10a5..83eb505 100644 +--- a/kernel/module_signing.c ++++ b/kernel/module_signing.c +@@ -10,14 +10,235 @@ + */ + + #include ++#include ++#include ++#include ++#include + #include "module-internal.h" + + /* ++ * Module signature information block. ++ * ++ * The constituents of the signature section are, in order: ++ * ++ * - Signer's name ++ * - Key identifier ++ * - Signature data ++ * - Information block ++ */ ++struct module_signature { ++ enum pkey_algo algo : 8; /* Public-key crypto algorithm */ ++ enum pkey_hash_algo hash : 8; /* Digest algorithm */ ++ enum pkey_id_type id_type : 8; /* Key identifier type */ ++ u8 signer_len; /* Length of signer's name */ ++ u8 key_id_len; /* Length of key identifier */ ++ u8 __pad[3]; ++ __be32 sig_len; /* Length of signature data */ ++}; ++ ++/* ++ * Digest the module contents. ++ */ ++static struct public_key_signature *mod_make_digest(enum pkey_hash_algo hash, ++ const void *mod, ++ unsigned long modlen) ++{ ++ struct public_key_signature *pks; ++ struct crypto_shash *tfm; ++ struct shash_desc *desc; ++ size_t digest_size, desc_size; ++ int ret; ++ ++ pr_devel("==>%s()\n", __func__); ++ ++ /* Allocate the hashing algorithm we're going to need and find out how ++ * big the hash operational data will be. ++ */ ++ tfm = crypto_alloc_shash(pkey_hash_algo[hash], 0, 0); ++ if (IS_ERR(tfm)) ++ return (PTR_ERR(tfm) == -ENOENT) ? ERR_PTR(-ENOPKG) : ERR_CAST(tfm); ++ ++ desc_size = crypto_shash_descsize(tfm) + sizeof(*desc); ++ digest_size = crypto_shash_digestsize(tfm); ++ ++ /* We allocate the hash operational data storage on the end of our ++ * context data and the digest output buffer on the end of that. ++ */ ++ ret = -ENOMEM; ++ pks = kzalloc(digest_size + sizeof(*pks) + desc_size, GFP_KERNEL); ++ if (!pks) ++ goto error_no_pks; ++ ++ pks->pkey_hash_algo = hash; ++ pks->digest = (u8 *)pks + sizeof(*pks) + desc_size; ++ pks->digest_size = digest_size; ++ ++ desc = (void *)pks + sizeof(*pks); ++ desc->tfm = tfm; ++ desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; ++ ++ ret = crypto_shash_init(desc); ++ if (ret < 0) ++ goto error; ++ ++ ret = crypto_shash_finup(desc, mod, modlen, pks->digest); ++ if (ret < 0) ++ goto error; ++ ++ crypto_free_shash(tfm); ++ pr_devel("<==%s() = ok\n", __func__); ++ return pks; ++ ++error: ++ kfree(pks); ++error_no_pks: ++ crypto_free_shash(tfm); ++ pr_devel("<==%s() = %d\n", __func__, ret); ++ return ERR_PTR(ret); ++} ++ ++/* ++ * Extract an MPI array from the signature data. This represents the actual ++ * signature. Each raw MPI is prefaced by a BE 2-byte value indicating the ++ * size of the MPI in bytes. ++ * ++ * RSA signatures only have one MPI, so currently we only read one. ++ */ ++static int mod_extract_mpi_array(struct public_key_signature *pks, ++ const void *data, size_t len) ++{ ++ size_t nbytes; ++ MPI mpi; ++ ++ if (len < 3) ++ return -EBADMSG; ++ nbytes = ((const u8 *)data)[0] << 8 | ((const u8 *)data)[1]; ++ data += 2; ++ len -= 2; ++ if (len != nbytes) ++ return -EBADMSG; ++ ++ mpi = mpi_read_raw_data(data, nbytes); ++ if (!mpi) ++ return -ENOMEM; ++ pks->mpi[0] = mpi; ++ pks->nr_mpi = 1; ++ return 0; ++} ++ ++/* ++ * Request an asymmetric key. ++ */ ++static struct key *request_asymmetric_key(const char *signer, size_t signer_len, ++ const u8 *key_id, size_t key_id_len) ++{ ++ key_ref_t key; ++ size_t i; ++ char *id, *q; ++ ++ pr_devel("==>%s(,%zu,,%zu)\n", __func__, signer_len, key_id_len); ++ ++ /* Construct an identifier. */ ++ id = kmalloc(signer_len + 2 + key_id_len * 2 + 1, GFP_KERNEL); ++ if (!id) ++ return ERR_PTR(-ENOKEY); ++ ++ memcpy(id, signer, signer_len); ++ ++ q = id + signer_len; ++ *q++ = ':'; ++ *q++ = ' '; ++ for (i = 0; i < key_id_len; i++) { ++ *q++ = hex_asc[*key_id >> 4]; ++ *q++ = hex_asc[*key_id++ & 0x0f]; ++ } ++ ++ *q = 0; ++ ++ pr_debug("Look up: \"%s\"\n", id); ++ ++ key = keyring_search(make_key_ref(modsign_keyring, 1), ++ &key_type_asymmetric, id); ++ kfree(id); ++ ++ if (IS_ERR(key)) { ++ switch (PTR_ERR(key)) { ++ /* Hide some search errors */ ++ case -EACCES: ++ case -ENOTDIR: ++ case -EAGAIN: ++ return ERR_PTR(-ENOKEY); ++ default: ++ return ERR_CAST(key); ++ } ++ } ++ ++ pr_devel("<==%s() = 0 [%x]\n", __func__, key_serial(key_ref_to_ptr(key))); ++ return key_ref_to_ptr(key); ++} ++ ++/* + * Verify the signature on a module. + */ + int mod_verify_sig(const void *mod, unsigned long modlen, + const void *sig, unsigned long siglen, + bool *_sig_ok) + { +- return -EKEYREJECTED; ++ struct public_key_signature *pks; ++ struct module_signature ms; ++ struct key *key; ++ size_t sig_len; ++ int ret; ++ ++ pr_devel("==>%s(,%lu,,%lu,)\n", __func__, modlen, siglen); ++ ++ if (siglen <= sizeof(ms)) ++ return -EBADMSG; ++ ++ memcpy(&ms, sig + (siglen - sizeof(ms)), sizeof(ms)); ++ siglen -= sizeof(ms); ++ ++ sig_len = be32_to_cpu(ms.sig_len); ++ if (sig_len >= siglen || ++ siglen - sig_len != (size_t)ms.signer_len + ms.key_id_len) ++ return -EBADMSG; ++ ++ /* For the moment, only support RSA and X.509 identifiers */ ++ if (ms.algo != PKEY_ALGO_RSA || ++ ms.id_type != PKEY_ID_X509) ++ return -ENOPKG; ++ ++ if (ms.hash >= PKEY_HASH__LAST || ++ !pkey_hash_algo[ms.hash]) ++ return -ENOPKG; ++ ++ key = request_asymmetric_key(sig, ms.signer_len, ++ sig + ms.signer_len, ms.key_id_len); ++ if (IS_ERR(key)) ++ return PTR_ERR(key); ++ ++ pks = mod_make_digest(ms.hash, mod, modlen); ++ if (IS_ERR(pks)) { ++ ret = PTR_ERR(pks); ++ goto error_put_key; ++ } ++ ++ ret = mod_extract_mpi_array(pks, sig + ms.signer_len + ms.key_id_len, ++ sig_len); ++ if (ret < 0) ++ goto error_free_pks; ++ ++ ret = verify_signature(key, pks); ++ pr_devel("verify_signature() = %d\n", ret); ++ ++ if (ret == 0) ++ *_sig_ok = true; ++ ++error_free_pks: ++ mpi_free(pks->rsa.s); ++ kfree(pks); ++error_put_key: ++ key_put(key); ++ pr_devel("<==%s() = %d\n", __func__, ret); ++ return ret; + } +-- +1.7.11.4 + + +From 89fbf1de73ed1ef29a3943d9f3bcf69a433191da Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Mon, 24 Sep 2012 17:13:26 +0100 +Subject: [PATCH 24/26] MODSIGN: Provide a script for generating a key ID from + an X.509 cert + +Provide a script to parse an X.509 certificate and certain pieces of +information from it in order to generate a key identifier to be included within +a module signature. + +The script takes the Subject Name and extracts (if present) the +organizationName (O), the commonName (CN) and the emailAddress and fabricates +the signer's name from them: + + (1) If both O and CN exist, then the name will be "O: CN", unless: + + (a) CN is prefixed by O, in which case only CN is used. + + (b) CN and O share at least the first 7 characters, in which case only CN + is used. + + (2) Otherwise, CN is used if present. + + (3) Otherwise, O is used if present. + + (4) Otherwise the emailAddress is used, if present. + + (5) Otherwise a blank name is used. + +The script emits a binary encoded identifier in the following form: + + - 2 BE bytes indicating the length of the signer's name. + + - 2 BE bytes indicating the length of the subject key identifier. + + - The characters of the signer's name. + + - The bytes of the subject key identifier. + +Signed-off-by: David Howells +--- + scripts/x509keyid | 268 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 268 insertions(+) + create mode 100755 scripts/x509keyid + +diff --git a/scripts/x509keyid b/scripts/x509keyid +new file mode 100755 +index 0000000..c8e91a4 +--- /dev/null ++++ b/scripts/x509keyid +@@ -0,0 +1,268 @@ ++#!/usr/bin/perl -w ++# ++# Generate an identifier from an X.509 certificate that can be placed in a ++# module signature to indentify the key to use. ++# ++# Format: ++# ++# ./scripts/x509keyid ++# ++# We read the DER-encoded X509 certificate and parse it to extract the Subject ++# name and Subject Key Identifier. The provide the data we need to build the ++# certificate identifier. ++# ++# The signer's name part of the identifier is fabricated from the commonName, ++# the organizationName or the emailAddress components of the X.509 subject ++# name and written to the second named file. ++# ++# The subject key ID to select which of that signer's certificates we're ++# intending to use to sign the module is written to the third named file. ++# ++use strict; ++ ++my $raw_data; ++ ++die "Need three filenames\n" if ($#ARGV != 2); ++ ++my $src = $ARGV[0]; ++ ++open(FD, "<$src") || die $src; ++binmode FD; ++my @st = stat(FD); ++die $src if (!@st); ++read(FD, $raw_data, $st[7]) || die $src; ++close(FD); ++ ++my $UNIV = 0 << 6; ++my $APPL = 1 << 6; ++my $CONT = 2 << 6; ++my $PRIV = 3 << 6; ++ ++my $CONS = 0x20; ++ ++my $BOOLEAN = 0x01; ++my $INTEGER = 0x02; ++my $BIT_STRING = 0x03; ++my $OCTET_STRING = 0x04; ++my $NULL = 0x05; ++my $OBJ_ID = 0x06; ++my $UTF8String = 0x0c; ++my $SEQUENCE = 0x10; ++my $SET = 0x11; ++my $UTCTime = 0x17; ++my $GeneralizedTime = 0x18; ++ ++my %OIDs = ( ++ pack("CCC", 85, 4, 3) => "commonName", ++ pack("CCC", 85, 4, 6) => "countryName", ++ pack("CCC", 85, 4, 10) => "organizationName", ++ pack("CCC", 85, 4, 11) => "organizationUnitName", ++ pack("CCCCCCCCC", 42, 134, 72, 134, 247, 13, 1, 1, 1) => "rsaEncryption", ++ pack("CCCCCCCCC", 42, 134, 72, 134, 247, 13, 1, 1, 5) => "sha1WithRSAEncryption", ++ pack("CCCCCCCCC", 42, 134, 72, 134, 247, 13, 1, 9, 1) => "emailAddress", ++ pack("CCC", 85, 29, 35) => "authorityKeyIdentifier", ++ pack("CCC", 85, 29, 14) => "subjectKeyIdentifier", ++ pack("CCC", 85, 29, 19) => "basicConstraints" ++); ++ ++############################################################################### ++# ++# Extract an ASN.1 element from a string and return information about it. ++# ++############################################################################### ++sub asn1_extract($$@) ++{ ++ my ($cursor, $expected_tag, $optional) = @_; ++ ++ return [ -1 ] ++ if ($cursor->[1] == 0 && $optional); ++ ++ die $src, ": ", $cursor->[0], ": ASN.1 data underrun (elem ", $cursor->[1], ")\n" ++ if ($cursor->[1] < 2); ++ ++ my ($tag, $len) = unpack("CC", substr(${$cursor->[2]}, $cursor->[0], 2)); ++ ++ if ($expected_tag != -1 && $tag != $expected_tag) { ++ return [ -1 ] ++ if ($optional); ++ die $src, ": ", $cursor->[0], ": ASN.1 unexpected tag (", $tag, ++ " not ", $expected_tag, ")\n"; ++ } ++ ++ $cursor->[0] += 2; ++ $cursor->[1] -= 2; ++ ++ die $src, ": ", $cursor->[0], ": ASN.1 long tag\n" ++ if (($tag & 0x1f) == 0x1f); ++ die $src, ": ", $cursor->[0], ": ASN.1 indefinite length\n" ++ if ($len == 0x80); ++ ++ if ($len > 0x80) { ++ my $l = $len - 0x80; ++ die $src, ": ", $cursor->[0], ": ASN.1 data underrun (len len $l)\n" ++ if ($cursor->[1] < $l); ++ ++ if ($l == 0x1) { ++ $len = unpack("C", substr(${$cursor->[2]}, $cursor->[0], 1)); ++ } elsif ($l = 0x2) { ++ $len = unpack("n", substr(${$cursor->[2]}, $cursor->[0], 2)); ++ } elsif ($l = 0x3) { ++ $len = unpack("C", substr(${$cursor->[2]}, $cursor->[0], 1)) << 16; ++ $len = unpack("n", substr(${$cursor->[2]}, $cursor->[0] + 1, 2)); ++ } elsif ($l = 0x4) { ++ $len = unpack("N", substr(${$cursor->[2]}, $cursor->[0], 4)); ++ } else { ++ die $src, ": ", $cursor->[0], ": ASN.1 element too long (", $l, ")\n"; ++ } ++ ++ $cursor->[0] += $l; ++ $cursor->[1] -= $l; ++ } ++ ++ die $src, ": ", $cursor->[0], ": ASN.1 data underrun (", $len, ")\n" ++ if ($cursor->[1] < $len); ++ ++ my $ret = [ $tag, [ $cursor->[0], $len, $cursor->[2] ] ]; ++ $cursor->[0] += $len; ++ $cursor->[1] -= $len; ++ ++ return $ret; ++} ++ ++############################################################################### ++# ++# Retrieve the data referred to by a cursor ++# ++############################################################################### ++sub asn1_retrieve($) ++{ ++ my ($cursor) = @_; ++ my ($offset, $len, $data) = @$cursor; ++ return substr($$data, $offset, $len); ++} ++ ++############################################################################### ++# ++# Roughly parse the X.509 certificate ++# ++############################################################################### ++my $cursor = [ 0, length($raw_data), \$raw_data ]; ++ ++my $cert = asn1_extract($cursor, $UNIV | $CONS | $SEQUENCE); ++my $tbs = asn1_extract($cert->[1], $UNIV | $CONS | $SEQUENCE); ++my $version = asn1_extract($tbs->[1], $CONT | $CONS | 0, 1); ++my $serial_number = asn1_extract($tbs->[1], $UNIV | $INTEGER); ++my $sig_type = asn1_extract($tbs->[1], $UNIV | $CONS | $SEQUENCE); ++my $issuer = asn1_extract($tbs->[1], $UNIV | $CONS | $SEQUENCE); ++my $validity = asn1_extract($tbs->[1], $UNIV | $CONS | $SEQUENCE); ++my $subject = asn1_extract($tbs->[1], $UNIV | $CONS | $SEQUENCE); ++my $key = asn1_extract($tbs->[1], $UNIV | $CONS | $SEQUENCE); ++my $issuer_uid = asn1_extract($tbs->[1], $CONT | $CONS | 1, 1); ++my $subject_uid = asn1_extract($tbs->[1], $CONT | $CONS | 2, 1); ++my $extension_list = asn1_extract($tbs->[1], $CONT | $CONS | 3, 1); ++ ++my $subject_key_id = (); ++my $authority_key_id = (); ++ ++# ++# Parse the extension list ++# ++if ($extension_list->[0] != -1) { ++ my $extensions = asn1_extract($extension_list->[1], $UNIV | $CONS | $SEQUENCE); ++ ++ while ($extensions->[1]->[1] > 0) { ++ my $ext = asn1_extract($extensions->[1], $UNIV | $CONS | $SEQUENCE); ++ my $x_oid = asn1_extract($ext->[1], $UNIV | $OBJ_ID); ++ my $x_crit = asn1_extract($ext->[1], $UNIV | $BOOLEAN, 1); ++ my $x_val = asn1_extract($ext->[1], $UNIV | $OCTET_STRING); ++ ++ my $raw_oid = asn1_retrieve($x_oid->[1]); ++ next if (!exists($OIDs{$raw_oid})); ++ my $x_type = $OIDs{$raw_oid}; ++ ++ my $raw_value = asn1_retrieve($x_val->[1]); ++ ++ if ($x_type eq "subjectKeyIdentifier") { ++ my $vcursor = [ 0, length($raw_value), \$raw_value ]; ++ ++ $subject_key_id = asn1_extract($vcursor, $UNIV | $OCTET_STRING); ++ } ++ } ++} ++ ++############################################################################### ++# ++# Determine what we're going to use as the signer's name. In order of ++# preference, take one of: commonName, organizationName or emailAddress. ++# ++############################################################################### ++my $org = ""; ++my $cn = ""; ++my $email = ""; ++ ++while ($subject->[1]->[1] > 0) { ++ my $rdn = asn1_extract($subject->[1], $UNIV | $CONS | $SET); ++ my $attr = asn1_extract($rdn->[1], $UNIV | $CONS | $SEQUENCE); ++ my $n_oid = asn1_extract($attr->[1], $UNIV | $OBJ_ID); ++ my $n_val = asn1_extract($attr->[1], -1); ++ ++ my $raw_oid = asn1_retrieve($n_oid->[1]); ++ next if (!exists($OIDs{$raw_oid})); ++ my $n_type = $OIDs{$raw_oid}; ++ ++ my $raw_value = asn1_retrieve($n_val->[1]); ++ ++ if ($n_type eq "organizationName") { ++ $org = $raw_value; ++ } elsif ($n_type eq "commonName") { ++ $cn = $raw_value; ++ } elsif ($n_type eq "emailAddress") { ++ $email = $raw_value; ++ } ++} ++ ++my $id_name = $email; ++ ++if ($org && $cn) { ++ # Don't use the organizationName if the commonName repeats it ++ if (length($org) <= length($cn) && ++ substr($cn, 0, length($org)) eq $org) { ++ $id_name = $cn; ++ goto got_id_name; ++ } ++ ++ # Or a signifcant chunk of it ++ if (length($org) >= 7 && ++ length($cn) >= 7 && ++ substr($cn, 0, 7) eq substr($org, 0, 7)) { ++ $id_name = $cn; ++ goto got_id_name; ++ } ++ ++ $id_name = $org . ": " . $cn; ++} elsif ($org) { ++ $id_name = $org; ++} elsif ($cn) { ++ $id_name = $cn; ++} ++ ++got_id_name: ++ ++############################################################################### ++# ++# Output the signer's name and the key identifier that we're going to include ++# in module signatures. ++# ++############################################################################### ++die $src, ": ", "X.509: Couldn't find the Subject Key Identifier extension\n" ++ if (!$subject_key_id); ++ ++my $id_key_id = asn1_retrieve($subject_key_id->[1]); ++ ++open(OUTFD, ">$ARGV[1]") || die $ARGV[1]; ++print OUTFD $id_name; ++close OUTFD || die $ARGV[1]; ++ ++open(OUTFD, ">$ARGV[2]") || die $ARGV[2]; ++print OUTFD $id_key_id; ++close OUTFD || die $ARGV[2]; +-- +1.7.11.4 + + +From 007c8fc3412f0a55cd3a32c5e42236703a17d1c1 Mon Sep 17 00:00:00 2001 +From: Josh Boyer +Date: Mon, 24 Sep 2012 10:46:36 -0400 +Subject: [PATCH 25/26] MODSIGN: Add modules_sign make target + +If CONFIG_MODULE_SIG is set, and 'make modules_sign' is called then this +patch will cause the modules to get a signature installed. The make target +is intended to be run after 'make modules_install', and will modify the +modules in-place in the installed location. + +The signature will be appended to the module, along with some information +about the signature size and a magic string that indicates the presence of +the signature. This requires private and public keys to be available. By +default these are expected to be found in files: + + signing_key.priv + signing_key.x509 + +in the base directory of the build. The first is the private key in PEM +form and the second is the X.509 certificate in DER form as can be generated +from openssl: + + openssl req \ + -new -x509 -outform PEM -out signing_key.x509 \ + -keyout signing_key.priv -nodes \ + -subj "/CN=H2G2/O=Magrathea/CN=Slartibartfast" + +If the secret key is not found then signing will be skipped and the unsigned +module from (1) will just be copied to foo.ko. + +If signing occurs, lines like the following will be seen: + + SIGN [M] /fs/foo/foo.ko + +will appear in the build log. If the signature step will be skipped and the +following will be seen: + + NO SIGN [M] /fs/foo/foo.ko + +NOTE! After the signature step, the signed module must not be passed through +strip. If you wish to strip or otherwise modify the kernel modules, use the +built-in stripping capabilities with 'make modules_install' or perform said +modifications before calling this make target. This restriction may affect +packaging tools (such as rpmbuild) and initramfs composition tools. + +Based heavily on work by: David Howells +Signed-off-by: Josh Boyer +--- + Makefile | 6 +++ + scripts/Makefile.modsign | 72 +++++++++++++++++++++++++++++ + scripts/sign-file | 115 +++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 193 insertions(+) + create mode 100644 scripts/Makefile.modsign + create mode 100644 scripts/sign-file + +diff --git a/Makefile b/Makefile +index 644048d..4479147 100644 +--- a/Makefile ++++ b/Makefile +@@ -965,6 +965,12 @@ _modinst_post: _modinst_ + $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.fwinst obj=firmware __fw_modinst + $(call cmd,depmod) + ++ifeq ($(CONFIG_MODULE_SIG), y) ++PHONY += modules_sign ++modules_sign: ++ $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modsign ++endif ++ + else # CONFIG_MODULES + + # Modules not configured +diff --git a/scripts/Makefile.modsign b/scripts/Makefile.modsign +new file mode 100644 +index 0000000..17326bc +--- /dev/null ++++ b/scripts/Makefile.modsign +@@ -0,0 +1,72 @@ ++# ========================================================================== ++# Signing modules ++# ========================================================================== ++ ++PHONY := __modsign ++__modsign: ++ ++include scripts/Kbuild.include ++ ++__modules := $(sort $(shell grep -h '\.ko' /dev/null $(wildcard $(MODVERDIR)/*.mod))) ++modules := $(patsubst %.o,%.ko,$(wildcard $(__modules:.ko=.o))) ++ ++PHONY += $(modules) ++__modsign: $(modules) ++ @: ++ ++MODSECKEY = ./signing_key.priv ++MODPUBKEY = ./signing_key.x509 ++ ++ifeq ($(wildcard $(MODSECKEY))+$(wildcard $(MODPUBKEY)),$(MODSECKEY)+$(MODPUBKEY)) ++ifeq ($(KBUILD_SRC),) ++ # no O= is being used ++ SCRIPTS_DIR := scripts ++else ++ SCRIPTS_DIR := $(KBUILD_SRC)/scripts ++endif ++SIGN_MODULES := 1 ++else ++SIGN_MODULES := 0 ++endif ++ ++# only sign if it's an in-tree module ++ifneq ($(KBUILD_EXTMOD),) ++SIGN_MODULES := 0 ++endif ++ ++ifeq ($(SIGN_MODULES),1) ++ ++quiet_cmd_genkeyid = GENKEYID $@ ++ cmd_genkeyid = \ ++ perl $(SCRIPTS_DIR)/x509keyid $< $<.signer $<.keyid ++ ++%.signer %.keyid: % ++ $(call if_changed,genkeyid) ++ ++KEYRING_DEP := $(MODSECKEY) $(MODPUBKEY) $(MODPUBKEY).signer $(MODPUBKEY).keyid ++quiet_cmd_sign_ko = SIGN [M] $(2)/$(notdir $@) ++ cmd_sign_ko = \ ++ sh $(SCRIPTS_DIR)/sign-file $(MODSECKEY) $(MODPUBKEY) \ ++ $(2)/$(notdir $@) $(2)/$(notdir $@).signed && \ ++ mv $(2)/$(notdir $@).signed $(2)/$(notdir $@) && \ ++ rm -rf $(2)/$(notdir $@).{dig,sig} ++else ++KEYRING_DEP := ++quiet_cmd_sign_ko = NO SIGN [M] $@ ++ cmd_sign_ko = \ ++ true ++endif ++ ++# Modules built outside the kernel source tree go into extra by default ++INSTALL_MOD_DIR ?= extra ++ext-mod-dir = $(INSTALL_MOD_DIR)$(subst $(patsubst %/,%,$(KBUILD_EXTMOD)),,$(@D)) ++ ++modinst_dir = $(if $(KBUILD_EXTMOD),$(ext-mod-dir),kernel/$(@D)) ++ ++$(modules): $(KEYRING_DEP) ++ $(call cmd,sign_ko,$(MODLIB)/$(modinst_dir)) ++ ++# Declare the contents of the .PHONY variable as phony. We keep that ++# # information in a variable se we can use it in if_changed and friends. ++ ++.PHONY: $(PHONY) +diff --git a/scripts/sign-file b/scripts/sign-file +new file mode 100644 +index 0000000..1a472bb +--- /dev/null ++++ b/scripts/sign-file +@@ -0,0 +1,115 @@ ++#!/bin/sh ++# ++# Sign a module file using the given key. ++# ++# Format: sign-file ++# ++ ++scripts=`dirname $0` ++ ++CONFIG_MODULE_SIG_SHA512=y ++if [ -r .config ] ++then ++ source ./.config ++fi ++ ++key="$1" ++x509="$2" ++src="$3" ++dst="$4" ++ ++if [ ! -r "$key" ] ++then ++ echo "Can't read private key" >&2 ++ exit 2 ++fi ++ ++if [ ! -r "$x509" ] ++then ++ echo "Can't read X.509 certificate" >&2 ++ exit 2 ++fi ++if [ ! -r "$x509.signer" ] ++then ++ echo "Can't read Signer name" >&2 ++ exit 2; ++fi ++if [ ! -r "$x509.keyid" ] ++then ++ echo "Can't read Key identifier" >&2 ++ exit 2; ++fi ++ ++# ++# Signature parameters ++# ++algo=1 # Public-key crypto algorithm: RSA ++hash= # Digest algorithm ++id_type=1 # Identifier type: X.509 ++ ++# ++# Digest the data ++# ++dgst= ++if [ "$CONFIG_MODULE_SIG_SHA1" = "y" ] ++then ++ prologue="0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14" ++ dgst=-sha1 ++ hash=2 ++elif [ "$CONFIG_MODULE_SIG_SHA224" = "y" ] ++then ++ prologue="0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1C" ++ dgst=-sha224 ++ hash=7 ++elif [ "$CONFIG_MODULE_SIG_SHA256" = "y" ] ++then ++ prologue="0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20" ++ dgst=-sha256 ++ hash=4 ++elif [ "$CONFIG_MODULE_SIG_SHA384" = "y" ] ++then ++ prologue="0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30" ++ dgst=-sha384 ++ hash=5 ++elif [ "$CONFIG_MODULE_SIG_SHA512" = "y" ] ++then ++ prologue="0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40" ++ dgst=-sha512 ++ hash=6 ++else ++ echo "$0: Can't determine hash algorithm" >&2 ++ exit 2 ++fi ++ ++( ++perl -e "binmode STDOUT; print pack(\"C*\", $prologue)" || exit $? ++openssl dgst $dgst -binary $src || exit $? ++) >$src.dig || exit $? ++ ++# ++# Generate the binary signature, which will be just the integer that comprises ++# the signature with no metadata attached. ++# ++openssl rsautl -sign -inkey $key -keyform PEM -in $src.dig -out $src.sig || exit $? ++signerlen=`stat -c %s $x509.signer` ++keyidlen=`stat -c %s $x509.keyid` ++siglen=`stat -c %s $src.sig` ++ ++# ++# Build the signed binary ++# ++( ++ cat $src || exit $? ++ echo '~Module signature appended~' || exit $? ++ cat $x509.signer $x509.keyid || exit $? ++ ++ # Preface each signature integer with a 2-byte BE length ++ perl -e "binmode STDOUT; print pack(\"n\", $siglen)" || exit $? ++ cat $src.sig || exit $? ++ ++ # Generate the information block ++ perl -e "binmode STDOUT; print pack(\"CCCCCxxxN\", $algo, $hash, $id_type, $signerlen, $keyidlen, $siglen + 2)" || exit $? ++) >$dst~ || exit $? ++ ++# Permit in-place signing ++mv $dst~ $dst || exit $? +-- +1.7.11.4 + + +From 33c6737b352ec10a7e0d7b053fbb084c0b7a9d36 Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Mon, 24 Sep 2012 20:51:59 +0100 +Subject: [PATCH 26/26] MODSIGN: Extend the policy on signature check failure + +Extend the policy on handling various sorts of signature check failure such as +not having the requisite key available or being in FIPS mode. + +If the key specified is not known (ENOKEY) permit the module to be loaded in +non-enforcing mode, otherwise reject it. + +If in FIPS mode, any loading failure shall cause a panic. + +Also print a warning if we try and fail to find a module signing key: + + Request for unknown module key 'Magrathea: Glacier signing key: 5dd0839552bd6af498253f8af1e65da3472941c6' err -11 + +This contains the identity field and the key ID from the signature as well as +the error code. The error codes are the raw return from keyring_search() and +may be translated to -ENOKEY. + +Signed-off-by: David Howells +--- + kernel/Makefile | 2 +- + kernel/module.c | 9 ++++++++- + kernel/module_signing.c | 3 +++ + 3 files changed, 12 insertions(+), 2 deletions(-) + +diff --git a/kernel/Makefile b/kernel/Makefile +index 63f8386..111a845 100644 +--- a/kernel/Makefile ++++ b/kernel/Makefile +@@ -177,7 +177,7 @@ x509.genkey: + @echo >>x509.genkey "x509_extensions = myexts" + @echo >>x509.genkey + @echo >>x509.genkey "[ req_distinguished_name ]" +- @echo >>x509.genkey "O = Magarathea" ++ @echo >>x509.genkey "O = Magrathea" + @echo >>x509.genkey "CN = Glacier signing key" + @echo >>x509.genkey "emailAddress = slartibartfast@magrathea.h2g2" + @echo >>x509.genkey +diff --git a/kernel/module.c b/kernel/module.c +index ab69599..de16959 100644 +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -58,6 +58,7 @@ + #include + #include + #include ++#include + #include "module-internal.h" + + #define CREATE_TRACE_POINTS +@@ -2470,7 +2471,13 @@ found_marker: + sig = p + markerlen; + /* Truncate module up to signature. */ + *len = p - mod; +- return mod_verify_sig(mod, *len, sig, end - sig, &info->sig_ok); ++ err = mod_verify_sig(mod, *len, sig, end - sig, &info->sig_ok); ++ if (err < 0 && fips_enabled) ++ panic("Module verification failed with error %d in FIPS mode\n", ++ err); ++ if (err == -ENOKEY && !sig_enforce) ++ err = 0; ++ return err; + } + #else /* !CONFIG_MODULE_SIG */ + static int module_sig_check(struct load_info *info, +diff --git a/kernel/module_signing.c b/kernel/module_signing.c +index 83eb505..2beea56 100644 +--- a/kernel/module_signing.c ++++ b/kernel/module_signing.c +@@ -159,6 +159,9 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len, + + key = keyring_search(make_key_ref(modsign_keyring, 1), + &key_type_asymmetric, id); ++ if (IS_ERR(key)) ++ pr_warn("Request for unknown module key '%s' err %ld\n", ++ id, PTR_ERR(key)); + kfree(id); + + if (IS_ERR(key)) { +-- +1.7.11.4 + diff --git a/secure-boot-20120809.patch b/secure-boot-20120809.patch deleted file mode 100644 index 0d6a837c..00000000 --- a/secure-boot-20120809.patch +++ /dev/null @@ -1,734 +0,0 @@ -From 617309bdd75bbce794ae2d41d44e7b76fb8c6d8b Mon Sep 17 00:00:00 2001 -From: Matthew Garrett -Date: Thu, 8 Mar 2012 09:56:33 -0500 -Subject: [PATCH 01/13] Secure boot: Add new capability - -Secure boot adds certain policy requirements, including that root must not -be able to do anything that could cause the kernel to execute arbitrary code. -The simplest way to handle this would seem to be to add a new capability -and gate various functionality on that. We'll then strip it from the initial -capability set if required. - -Signed-off-by: Matthew Garrett ---- - include/linux/capability.h | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/include/linux/capability.h b/include/linux/capability.h -index d10b7ed..6a39163 100644 ---- a/include/linux/capability.h -+++ b/include/linux/capability.h -@@ -364,7 +364,11 @@ struct cpu_vfs_cap_data { - - #define CAP_BLOCK_SUSPEND 36 - --#define CAP_LAST_CAP CAP_BLOCK_SUSPEND -+/* Allow things that are dangerous under secure boot */ -+ -+#define CAP_SECURE_FIRMWARE 37 -+ -+#define CAP_LAST_CAP CAP_SECURE_FIRMWARE - - #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP) - --- -1.7.11.2 - - -From ac892cb2320872717005736c8ef88208c12e61ee Mon Sep 17 00:00:00 2001 -From: Matthew Garrett -Date: Thu, 8 Mar 2012 10:10:38 -0500 -Subject: [PATCH 02/13] PCI: Lock down BAR access in secure boot environments - -Any hardware that can potentially generate DMA has to be locked down from -userspace in order to avoid it being possible for an attacker to cause -arbitrary kernel behaviour. Default to paranoid - in future we can -potentially relax this for sufficiently IOMMU-isolated devices. - -Signed-off-by: Matthew Garrett ---- - drivers/pci/pci-sysfs.c | 9 +++++++++ - drivers/pci/proc.c | 8 +++++++- - drivers/pci/syscall.c | 2 +- - 3 files changed, 17 insertions(+), 2 deletions(-) - -diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c -index 6869009..a1ad0f7 100644 ---- a/drivers/pci/pci-sysfs.c -+++ b/drivers/pci/pci-sysfs.c -@@ -542,6 +542,9 @@ pci_write_config(struct file* filp, struct kobject *kobj, - loff_t init_off = off; - u8 *data = (u8*) buf; - -+ if (!capable(CAP_SECURE_FIRMWARE)) -+ return -EPERM; -+ - if (off > dev->cfg_size) - return 0; - if (off + count > dev->cfg_size) { -@@ -844,6 +847,9 @@ pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr, - resource_size_t start, end; - int i; - -+ if (!capable(CAP_SECURE_FIRMWARE)) -+ return -EPERM; -+ - for (i = 0; i < PCI_ROM_RESOURCE; i++) - if (res == &pdev->resource[i]) - break; -@@ -951,6 +957,9 @@ pci_write_resource_io(struct file *filp, struct kobject *kobj, - struct bin_attribute *attr, char *buf, - loff_t off, size_t count) - { -+ if (!capable(CAP_SECURE_FIRMWARE)) -+ return -EPERM; -+ - return pci_resource_io(filp, kobj, attr, buf, off, count, true); - } - -diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c -index 27911b5..01d4753 100644 ---- a/drivers/pci/proc.c -+++ b/drivers/pci/proc.c -@@ -135,6 +135,9 @@ proc_bus_pci_write(struct file *file, const char __user *buf, size_t nbytes, lof - int size = dp->size; - int cnt; - -+ if (!capable(CAP_SECURE_FIRMWARE)) -+ return -EPERM; -+ - if (pos >= size) - return 0; - if (nbytes >= size) -@@ -211,6 +214,9 @@ static long proc_bus_pci_ioctl(struct file *file, unsigned int cmd, - #endif /* HAVE_PCI_MMAP */ - int ret = 0; - -+ if (!capable(CAP_SECURE_FIRMWARE)) -+ return -EPERM; -+ - switch (cmd) { - case PCIIOC_CONTROLLER: - ret = pci_domain_nr(dev->bus); -@@ -251,7 +257,7 @@ static int proc_bus_pci_mmap(struct file *file, struct vm_area_struct *vma) - struct pci_filp_private *fpriv = file->private_data; - int i, ret; - -- if (!capable(CAP_SYS_RAWIO)) -+ if (!capable(CAP_SYS_RAWIO) || !capable(CAP_SECURE_FIRMWARE)) - return -EPERM; - - /* Make sure the caller is mapping a real resource for this device */ -diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c -index e1c1ec5..a778ba9 100644 ---- a/drivers/pci/syscall.c -+++ b/drivers/pci/syscall.c -@@ -92,7 +92,7 @@ SYSCALL_DEFINE5(pciconfig_write, unsigned long, bus, unsigned long, dfn, - u32 dword; - int err = 0; - -- if (!capable(CAP_SYS_ADMIN)) -+ if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SECURE_FIRMWARE)) - return -EPERM; - - dev = pci_get_bus_and_slot(bus, dfn); --- -1.7.11.2 - - -From 4c02feefb934d587f03c74cc48e8d58904416c68 Mon Sep 17 00:00:00 2001 -From: Matthew Garrett -Date: Thu, 8 Mar 2012 10:35:59 -0500 -Subject: [PATCH 03/13] x86: Lock down IO port access in secure boot - environments - -IO port access would permit users to gain access to PCI configuration -registers, which in turn (on a lot of hardware) give access to MMIO register -space. This would potentially permit root to trigger arbitrary DMA, so lock -it down by default. - -Signed-off-by: Matthew Garrett ---- - arch/x86/kernel/ioport.c | 4 ++-- - drivers/char/mem.c | 3 +++ - 2 files changed, 5 insertions(+), 2 deletions(-) - -diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c -index 8c96897..c3a1bb2 100644 ---- a/arch/x86/kernel/ioport.c -+++ b/arch/x86/kernel/ioport.c -@@ -28,7 +28,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on) - - if ((from + num <= from) || (from + num > IO_BITMAP_BITS)) - return -EINVAL; -- if (turn_on && !capable(CAP_SYS_RAWIO)) -+ if (turn_on && (!capable(CAP_SYS_RAWIO) || !capable(CAP_SECURE_FIRMWARE))) - return -EPERM; - - /* -@@ -102,7 +102,7 @@ long sys_iopl(unsigned int level, struct pt_regs *regs) - return -EINVAL; - /* Trying to gain more privileges? */ - if (level > old) { -- if (!capable(CAP_SYS_RAWIO)) -+ if (!capable(CAP_SYS_RAWIO) || !capable(CAP_SECURE_FIRMWARE)) - return -EPERM; - } - regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12); -diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index e5eedfa..8f5f872 100644 ---- a/drivers/char/mem.c -+++ b/drivers/char/mem.c -@@ -597,6 +597,9 @@ static ssize_t write_port(struct file *file, const char __user *buf, - unsigned long i = *ppos; - const char __user * tmp = buf; - -+ if (!capable(CAP_SECURE_FIRMWARE)) -+ return -EPERM; -+ - if (!access_ok(VERIFY_READ, buf, count)) - return -EFAULT; - while (count-- > 0 && i < 65536) { --- -1.7.11.2 - - -From d379d102316075d51011b81748433530d294a70c Mon Sep 17 00:00:00 2001 -From: Matthew Garrett -Date: Fri, 9 Mar 2012 08:39:37 -0500 -Subject: [PATCH 04/13] ACPI: Limit access to custom_method - -It must be impossible for even root to get code executed in kernel context -under a secure boot environment. custom_method effectively allows arbitrary -access to system memory, so it needs to have a capability check here. - -Signed-off-by: Matthew Garrett ---- - drivers/acpi/custom_method.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c -index 5d42c24..3e78014 100644 ---- a/drivers/acpi/custom_method.c -+++ b/drivers/acpi/custom_method.c -@@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf, - struct acpi_table_header table; - acpi_status status; - -+ if (!capable(CAP_SECURE_FIRMWARE)) -+ return -EPERM; -+ - if (!(*ppos)) { - /* parse the table header to get the table length */ - if (count <= sizeof(struct acpi_table_header)) --- -1.7.11.2 - - -From afc7c002eb264fc745a38fb6ec322be4928338dd Mon Sep 17 00:00:00 2001 -From: Matthew Garrett -Date: Fri, 9 Mar 2012 08:46:50 -0500 -Subject: [PATCH 05/13] asus-wmi: Restrict debugfs interface - -We have no way of validating what all of the Asus WMI methods do on a -given machine, and there's a risk that some will allow hardware state to -be manipulated in such a way that arbitrary code can be executed in the -kernel. Add a capability check to prevent that. - -Signed-off-by: Matthew Garrett ---- - drivers/platform/x86/asus-wmi.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c -index c7a36f6..0fb58bc 100644 ---- a/drivers/platform/x86/asus-wmi.c -+++ b/drivers/platform/x86/asus-wmi.c -@@ -1509,6 +1509,9 @@ static int show_dsts(struct seq_file *m, void *data) - int err; - u32 retval = -1; - -+ if (!capable(CAP_SECURE_FIRMWARE)) -+ return -EPERM; -+ - err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval); - - if (err < 0) -@@ -1525,6 +1528,9 @@ static int show_devs(struct seq_file *m, void *data) - int err; - u32 retval = -1; - -+ if (!capable(CAP_SECURE_FIRMWARE)) -+ return -EPERM; -+ - err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param, - &retval); - -@@ -1549,6 +1555,9 @@ static int show_call(struct seq_file *m, void *data) - union acpi_object *obj; - acpi_status status; - -+ if (!capable(CAP_SECURE_FIRMWARE)) -+ return -EPERM; -+ - status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID, - 1, asus->debug.method_id, - &input, &output); --- -1.7.11.2 - - -From 21bd1f0da09b40a0ba50636267f7eac8f839a336 Mon Sep 17 00:00:00 2001 -From: Matthew Garrett -Date: Fri, 9 Mar 2012 09:28:15 -0500 -Subject: [PATCH 06/13] Restrict /dev/mem and /dev/kmem in secure boot setups - -Allowing users to write to address space makes it possible for the kernel -to be subverted. Restrict this when we need to protect the kernel. - -Signed-off-by: Matthew Garrett ---- - drivers/char/mem.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index 8f5f872..c1de8e1 100644 ---- a/drivers/char/mem.c -+++ b/drivers/char/mem.c -@@ -158,6 +158,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf, - unsigned long copied; - void *ptr; - -+ if (!capable(CAP_SECURE_FIRMWARE)) -+ return -EPERM; -+ - if (!valid_phys_addr_range(p, count)) - return -EFAULT; - -@@ -530,6 +533,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf, - char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */ - int err = 0; - -+ if (!capable(CAP_SECURE_FIRMWARE)) -+ return -EPERM; -+ - if (p < (unsigned long) high_memory) { - unsigned long to_write = min_t(unsigned long, count, - (unsigned long)high_memory - p); --- -1.7.11.2 - - -From 1940a18cd651113f5b46f5a41290065963d6fbad Mon Sep 17 00:00:00 2001 -From: Matthew Garrett -Date: Fri, 9 Mar 2012 11:47:56 -0500 -Subject: [PATCH 07/13] kexec: Disable in a secure boot environment - -kexec could be used as a vector for a malicious user to use a signed kernel -to circumvent the secure boot trust model. In the long run we'll want to -support signed kexec payloads, but for the moment we should just disable -loading entirely in that situation. - -Signed-off-by: Matthew Garrett ---- - kernel/kexec.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/kernel/kexec.c b/kernel/kexec.c -index 0668d58..48852ec 100644 ---- a/kernel/kexec.c -+++ b/kernel/kexec.c -@@ -944,7 +944,7 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments, - int result; - - /* We only trust the superuser with rebooting the system. */ -- if (!capable(CAP_SYS_BOOT)) -+ if (!capable(CAP_SYS_BOOT) || !capable(CAP_SECURE_FIRMWARE)) - return -EPERM; - - /* --- -1.7.11.2 - - -From c83bad5d60b8f02ebbedf9b4c4b69cdee49a7976 Mon Sep 17 00:00:00 2001 -From: Josh Boyer -Date: Mon, 25 Jun 2012 19:45:15 -0400 -Subject: [PATCH 08/13] Secure boot: Add a dummy kernel parameter that will - switch on Secure Boot mode - -This forcibly drops CAP_SECURE_FIRMWARE from both cap_permitted and cap_bset -in the init_cred struct, which everything else inherits from. This works on -any machine and can be used to develop even if the box doesn't have UEFI. - -Signed-off-by: Josh Boyer ---- - kernel/cred.c | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/kernel/cred.c b/kernel/cred.c -index de728ac..0d71d02 100644 ---- a/kernel/cred.c -+++ b/kernel/cred.c -@@ -623,6 +623,20 @@ void __init cred_init(void) - 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); - } - -+/* Dummy Secure Boot enable option to fake out UEFI SB=1 */ -+static int __init secureboot_enable(char *str) -+{ -+ -+ int sb_enable = !!simple_strtol(str, NULL, 0); -+ pr_info("Secure Boot mode %s\n", (sb_enable ? "enabled" : "disabled")); -+ if (sb_enable) { -+ cap_lower((&init_cred)->cap_bset, CAP_SECURE_FIRMWARE); -+ cap_lower((&init_cred)->cap_permitted, CAP_SECURE_FIRMWARE); -+ } -+ return 1; -+} -+__setup("secureboot_enable=", secureboot_enable); -+ - /** - * prepare_kernel_cred - Prepare a set of credentials for a kernel service - * @daemon: A userspace daemon to be used as a reference --- -1.7.11.2 - - -From b70595f1523ecadc4ce9d43e9a0c465436ed1007 Mon Sep 17 00:00:00 2001 -From: Matthew Garrett -Date: Wed, 18 Jul 2012 11:28:00 -0400 -Subject: [PATCH 09/13] efi: Enable secure boot lockdown automatically when - enabled in firmware - -The firmware has a set of flags that indicate whether secure boot is enabled -and enforcing. Use them to indicate whether the kernel should lock itself -down. - -Signed-off-by: Matthew Garrett ---- - arch/x86/boot/compressed/eboot.c | 32 ++++++++++++++++++++++++++++++++ - arch/x86/include/asm/bootparam.h | 3 ++- - arch/x86/kernel/setup.c | 3 +++ - include/linux/cred.h | 2 ++ - kernel/cred.c | 18 +++++++++++------- - 5 files changed, 50 insertions(+), 8 deletions(-) - -diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c -index b3e0227..3789356 100644 ---- a/arch/x86/boot/compressed/eboot.c -+++ b/arch/x86/boot/compressed/eboot.c -@@ -724,6 +724,36 @@ fail: - return status; - } - -+static int get_secure_boot(efi_system_table_t *_table) -+{ -+ u8 sb, setup; -+ unsigned long datasize = sizeof(sb); -+ efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID; -+ efi_status_t status; -+ -+ status = efi_call_phys5(sys_table->runtime->get_variable, -+ L"SecureBoot", &var_guid, NULL, &datasize, &sb); -+ -+ if (status != EFI_SUCCESS) -+ return 0; -+ -+ if (sb == 0) -+ return 0; -+ -+ -+ status = efi_call_phys5(sys_table->runtime->get_variable, -+ L"SetupMode", &var_guid, NULL, &datasize, -+ &setup); -+ -+ if (status != EFI_SUCCESS) -+ return 0; -+ -+ if (setup == 1) -+ return 0; -+ -+ return 1; -+} -+ - /* - * Because the x86 boot code expects to be passed a boot_params we - * need to create one ourselves (usually the bootloader would create -@@ -1018,6 +1048,8 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table, - if (sys_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE) - goto fail; - -+ boot_params->secure_boot = get_secure_boot(sys_table); -+ - setup_graphics(boot_params); - - status = efi_call_phys3(sys_table->boottime->allocate_pool, -diff --git a/arch/x86/include/asm/bootparam.h b/arch/x86/include/asm/bootparam.h -index 2ad874c..c7338e0 100644 ---- a/arch/x86/include/asm/bootparam.h -+++ b/arch/x86/include/asm/bootparam.h -@@ -114,7 +114,8 @@ struct boot_params { - __u8 eddbuf_entries; /* 0x1e9 */ - __u8 edd_mbr_sig_buf_entries; /* 0x1ea */ - __u8 kbd_status; /* 0x1eb */ -- __u8 _pad6[5]; /* 0x1ec */ -+ __u8 secure_boot; /* 0x1ec */ -+ __u8 _pad6[4]; /* 0x1ed */ - struct setup_header hdr; /* setup header */ /* 0x1f1 */ - __u8 _pad7[0x290-0x1f1-sizeof(struct setup_header)]; - __u32 edd_mbr_sig_buffer[EDD_MBR_SIG_MAX]; /* 0x290 */ -diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index f4b9b80..239bf2a 100644 ---- a/arch/x86/kernel/setup.c -+++ b/arch/x86/kernel/setup.c -@@ -947,6 +947,9 @@ void __init setup_arch(char **cmdline_p) - - io_delay_init(); - -+ if (boot_params.secure_boot) -+ secureboot_enable(); -+ - /* - * Parse the ACPI tables for possible boot-time SMP configuration. - */ -diff --git a/include/linux/cred.h b/include/linux/cred.h -index ebbed2c..a24faf1 100644 ---- a/include/linux/cred.h -+++ b/include/linux/cred.h -@@ -170,6 +170,8 @@ extern int set_security_override_from_ctx(struct cred *, const char *); - extern int set_create_files_as(struct cred *, struct inode *); - extern void __init cred_init(void); - -+extern void secureboot_enable(void); -+ - /* - * check for validity of credentials - */ -diff --git a/kernel/cred.c b/kernel/cred.c -index 0d71d02..c43e2b0 100644 ---- a/kernel/cred.c -+++ b/kernel/cred.c -@@ -623,19 +623,23 @@ void __init cred_init(void) - 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); - } - -+void __init secureboot_enable() -+{ -+ pr_info("Secure boot enabled\n"); -+ cap_lower((&init_cred)->cap_bset, CAP_SECURE_FIRMWARE); -+ cap_lower((&init_cred)->cap_permitted, CAP_SECURE_FIRMWARE); -+} -+ - /* Dummy Secure Boot enable option to fake out UEFI SB=1 */ --static int __init secureboot_enable(char *str) -+static int __init secureboot_enable_opt(char *str) - { - - int sb_enable = !!simple_strtol(str, NULL, 0); -- pr_info("Secure Boot mode %s\n", (sb_enable ? "enabled" : "disabled")); -- if (sb_enable) { -- cap_lower((&init_cred)->cap_bset, CAP_SECURE_FIRMWARE); -- cap_lower((&init_cred)->cap_permitted, CAP_SECURE_FIRMWARE); -- } -+ if (sb_enable) -+ secureboot_enable(); - return 1; - } --__setup("secureboot_enable=", secureboot_enable); -+__setup("secureboot_enable=", secureboot_enable_opt); - - /** - * prepare_kernel_cred - Prepare a set of credentials for a kernel service --- -1.7.11.2 - - -From 411c18c35ccacb1a9e3f3dc67383a6431e110e17 Mon Sep 17 00:00:00 2001 -From: Josh Boyer -Date: Mon, 25 Jun 2012 19:57:30 -0400 -Subject: [PATCH 10/13] acpi: Ignore acpi_rsdp kernel parameter in a secure - boot environment - -This option allows userspace to pass the RSDP address to the kernel. This -could potentially be used to circumvent the secure boot trust model. -We ignore the setting if we don't have the CAP_SECURE_FIRMWARE capability. - -Signed-off-by: Josh Boyer ---- - drivers/acpi/osl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c -index 9eaf708..50c94e4 100644 ---- a/drivers/acpi/osl.c -+++ b/drivers/acpi/osl.c -@@ -246,7 +246,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp); - acpi_physical_address __init acpi_os_get_root_pointer(void) - { - #ifdef CONFIG_KEXEC -- if (acpi_rsdp) -+ if (acpi_rsdp && capable(CAP_SECURE_FIRMWARE)) - return acpi_rsdp; - #endif - --- -1.7.11.2 - - -From 7bf87e8da8c7b57ba7f9448855c8ec84c684fb65 Mon Sep 17 00:00:00 2001 -From: Josh Boyer -Date: Mon, 25 Jun 2012 21:29:46 -0400 -Subject: [PATCH 11/13] Documentation: kernel-parameters.txt remove - capability.disable - -Remove the documentation for capability.disable. The code supporting this -parameter was removed with: - - commit 5915eb53861c5776cfec33ca4fcc1fd20d66dd27 - Author: Miklos Szeredi - Date: Thu Jul 3 20:56:05 2008 +0200 - - security: remove dummy module - -Signed-off-by: Josh Boyer ---- - Documentation/kernel-parameters.txt | 6 ------ - 1 file changed, 6 deletions(-) - -diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index ad7e2e5..33c4029 100644 ---- a/Documentation/kernel-parameters.txt -+++ b/Documentation/kernel-parameters.txt -@@ -446,12 +446,6 @@ bytes respectively. Such letter suffixes can also be entirely omitted. - possible to determine what the correct size should be. - This option provides an override for these situations. - -- capability.disable= -- [SECURITY] Disable capabilities. This would normally -- be used only if an alternative security model is to be -- configured. Potentially dangerous and should only be -- used if you are entirely sure of the consequences. -- - ccw_timeout_log [S390] - See Documentation/s390/CommonIO for details. - --- -1.7.11.2 - - -From ec0ca55ba3d1c2a59b0c0b6e38f7ae9966d676aa Mon Sep 17 00:00:00 2001 -From: Josh Boyer -Date: Tue, 26 Jun 2012 14:15:51 -0400 -Subject: [PATCH 12/13] SELinux: define mapping for new Secure Boot capability - -Add the name of the new Secure Boot capability. This allows SELinux -policies to properly map CAP_SECURE_FIRMWARE to the appropriate -capability class. - -Signed-off-by: Josh Boyer ---- - security/selinux/include/classmap.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h -index df2de54..0a1e348 100644 ---- a/security/selinux/include/classmap.h -+++ b/security/selinux/include/classmap.h -@@ -146,8 +146,8 @@ struct security_class_mapping secclass_map[] = { - { "memprotect", { "mmap_zero", NULL } }, - { "peer", { "recv", NULL } }, - { "capability2", -- { "mac_override", "mac_admin", "syslog", "wake_alarm", "block_suspend", -- NULL } }, -+ { "mac_override", "mac_admin", "syslog", "wake_alarm", -+ "block_suspend", "secure_firmware", NULL } }, - { "kernel_service", { "use_as_override", "create_files_as", NULL } }, - { "tun_socket", - { COMMON_SOCK_PERMS, NULL } }, --- -1.7.11.2 - - -From 0a90e99e45f5c8eddd3b8cfcd63a4c6355c5688d Mon Sep 17 00:00:00 2001 -From: Josh Boyer -Date: Tue, 26 Jun 2012 16:27:26 -0400 -Subject: [PATCH 13/13] modsign: Reject unsigned modules in a Secure Boot - environment - -If a machine is booted into a Secure Boot environment, we need to -protect the trust model. This requires that all modules be signed -with a key that is in the kernel's _modsign keyring. We add a -capability check and reject modules that are not signed. - -Signed-off-by: Josh Boyer ---- - kernel/module-verify.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/kernel/module-verify.c b/kernel/module-verify.c -index 22036d4..f6821b3 100644 ---- a/kernel/module-verify.c -+++ b/kernel/module-verify.c -@@ -31,6 +31,7 @@ - #include - #include - #include -+#include - #include - #include "module-verify.h" - #include "module-verify-defs.h" -@@ -699,7 +700,7 @@ int module_verify(const Elf_Ehdr *hdr, size_t size, bool *_gpgsig_ok) - /* The ELF checker found the sig for us if it exists */ - if (mvdata.sig_index <= 0) { - /* Deal with an unsigned module */ -- if (modsign_signedonly) { -+ if (modsign_signedonly || !capable(CAP_SECURE_FIRMWARE)) { - pr_err("An attempt to load unsigned module was rejected\n"); - return -EKEYREJECTED; - } else { -@@ -736,7 +737,7 @@ out: - break; - case -ENOKEY: /* Signed, but we don't have the public key */ - pr_err("Module signed with unknown public key\n"); -- if (!modsign_signedonly) { -+ if (!modsign_signedonly && capable(CAP_SECURE_FIRMWARE)) { - /* Allow a module to be signed with an unknown public - * key unless we're enforcing. - */ --- -1.7.11.2 - -From: Matthew Garrett -To: matt.fleming@intel.com -Cc: linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, - x86@kernel.org, Matthew Garrett -Date: Thu, 26 Jul 2012 18:00:00 -0400 -Message-Id: <1343340000-7587-1-git-send-email-mjg@redhat.com> -Subject: [PATCH] efi: Build EFI stub with EFI-appropriate options - -We can't assume the presence of the red zone while we're still in a boot -services environment, so we should build with -fno-red-zone to avoid -problems. Change the size of wchar at the same time to make string handling -simpler. - -Signed-off-by: Matthew Garrett ---- - arch/x86/boot/compressed/Makefile | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile -index e398bb5..8a84501 100644 ---- a/arch/x86/boot/compressed/Makefile -+++ b/arch/x86/boot/compressed/Makefile -@@ -28,6 +28,9 @@ VMLINUX_OBJS = $(obj)/vmlinux.lds $(obj)/head_$(BITS).o $(obj)/misc.o \ - $(obj)/string.o $(obj)/cmdline.o $(obj)/early_serial_console.o \ - $(obj)/piggy.o - -+$(obj)/eboot.o: KBUILD_CFLAGS += -fshort-wchar -mno-red-zone -+$(obj)/efi_stub_$(BITS).o: KBUILD_CLFAGS += -fshort-wchar -mno-red-zone -+ - ifeq ($(CONFIG_EFI_STUB), y) - VMLINUX_OBJS += $(obj)/eboot.o $(obj)/efi_stub_$(BITS).o - endif - diff --git a/secure-boot-20120924.patch b/secure-boot-20120924.patch new file mode 100644 index 00000000..37beb41b --- /dev/null +++ b/secure-boot-20120924.patch @@ -0,0 +1,726 @@ +From 57c0dbcbafaa724313c672830ff0087f56a84c47 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Thu, 20 Sep 2012 10:40:56 -0400 +Subject: [PATCH 01/14] Secure boot: Add new capability + +Secure boot adds certain policy requirements, including that root must not +be able to do anything that could cause the kernel to execute arbitrary code. +The simplest way to handle this would seem to be to add a new capability +and gate various functionality on that. We'll then strip it from the initial +capability set if required. + +Signed-off-by: Matthew Garrett +--- + include/linux/capability.h | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/include/linux/capability.h b/include/linux/capability.h +index d10b7ed..4345bc8 100644 +--- a/include/linux/capability.h ++++ b/include/linux/capability.h +@@ -364,7 +364,11 @@ struct cpu_vfs_cap_data { + + #define CAP_BLOCK_SUSPEND 36 + +-#define CAP_LAST_CAP CAP_BLOCK_SUSPEND ++/* Allow things that trivially permit root to modify the running kernel */ ++ ++#define CAP_COMPROMISE_KERNEL 37 ++ ++#define CAP_LAST_CAP CAP_COMPROMISE_KERNEL + + #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP) + +-- +1.7.11.4 + + +From 95fd8148be46036e20fc64c480104d2a2b454e27 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Thu, 20 Sep 2012 10:40:57 -0400 +Subject: [PATCH 02/14] PCI: Lock down BAR access in secure boot environments + +Any hardware that can potentially generate DMA has to be locked down from +userspace in order to avoid it being possible for an attacker to cause +arbitrary kernel behaviour. Default to paranoid - in future we can +potentially relax this for sufficiently IOMMU-isolated devices. + +Signed-off-by: Matthew Garrett +--- + drivers/pci/pci-sysfs.c | 9 +++++++++ + drivers/pci/proc.c | 8 +++++++- + drivers/pci/syscall.c | 2 +- + 3 files changed, 17 insertions(+), 2 deletions(-) + +diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c +index 6869009..c03fb85 100644 +--- a/drivers/pci/pci-sysfs.c ++++ b/drivers/pci/pci-sysfs.c +@@ -542,6 +542,9 @@ pci_write_config(struct file* filp, struct kobject *kobj, + loff_t init_off = off; + u8 *data = (u8*) buf; + ++ if (!capable(CAP_COMPROMISE_KERNEL)) ++ return -EPERM; ++ + if (off > dev->cfg_size) + return 0; + if (off + count > dev->cfg_size) { +@@ -844,6 +847,9 @@ pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr, + resource_size_t start, end; + int i; + ++ if (!capable(CAP_COMPROMISE_KERNEL)) ++ return -EPERM; ++ + for (i = 0; i < PCI_ROM_RESOURCE; i++) + if (res == &pdev->resource[i]) + break; +@@ -951,6 +957,9 @@ pci_write_resource_io(struct file *filp, struct kobject *kobj, + struct bin_attribute *attr, char *buf, + loff_t off, size_t count) + { ++ if (!capable(CAP_COMPROMISE_KERNEL)) ++ return -EPERM; ++ + return pci_resource_io(filp, kobj, attr, buf, off, count, true); + } + +diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c +index 27911b5..ac8c9a5 100644 +--- a/drivers/pci/proc.c ++++ b/drivers/pci/proc.c +@@ -135,6 +135,9 @@ proc_bus_pci_write(struct file *file, const char __user *buf, size_t nbytes, lof + int size = dp->size; + int cnt; + ++ if (!capable(CAP_COMPROMISE_KERNEL)) ++ return -EPERM; ++ + if (pos >= size) + return 0; + if (nbytes >= size) +@@ -211,6 +214,9 @@ static long proc_bus_pci_ioctl(struct file *file, unsigned int cmd, + #endif /* HAVE_PCI_MMAP */ + int ret = 0; + ++ if (!capable(CAP_COMPROMISE_KERNEL)) ++ return -EPERM; ++ + switch (cmd) { + case PCIIOC_CONTROLLER: + ret = pci_domain_nr(dev->bus); +@@ -251,7 +257,7 @@ static int proc_bus_pci_mmap(struct file *file, struct vm_area_struct *vma) + struct pci_filp_private *fpriv = file->private_data; + int i, ret; + +- if (!capable(CAP_SYS_RAWIO)) ++ if (!capable(CAP_SYS_RAWIO) || !capable(CAP_COMPROMISE_KERNEL)) + return -EPERM; + + /* Make sure the caller is mapping a real resource for this device */ +diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c +index e1c1ec5..97e785f 100644 +--- a/drivers/pci/syscall.c ++++ b/drivers/pci/syscall.c +@@ -92,7 +92,7 @@ SYSCALL_DEFINE5(pciconfig_write, unsigned long, bus, unsigned long, dfn, + u32 dword; + int err = 0; + +- if (!capable(CAP_SYS_ADMIN)) ++ if (!capable(CAP_SYS_ADMIN) || !capable(CAP_COMPROMISE_KERNEL)) + return -EPERM; + + dev = pci_get_bus_and_slot(bus, dfn); +-- +1.7.11.4 + + +From 2d23d2726583d79062e58abcc32c7dd027d312aa Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Thu, 20 Sep 2012 10:40:58 -0400 +Subject: [PATCH 03/14] x86: Lock down IO port access in secure boot + environments + +IO port access would permit users to gain access to PCI configuration +registers, which in turn (on a lot of hardware) give access to MMIO register +space. This would potentially permit root to trigger arbitrary DMA, so lock +it down by default. + +Signed-off-by: Matthew Garrett +--- + arch/x86/kernel/ioport.c | 4 ++-- + drivers/char/mem.c | 3 +++ + 2 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c +index 8c96897..a2578c4 100644 +--- a/arch/x86/kernel/ioport.c ++++ b/arch/x86/kernel/ioport.c +@@ -28,7 +28,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on) + + if ((from + num <= from) || (from + num > IO_BITMAP_BITS)) + return -EINVAL; +- if (turn_on && !capable(CAP_SYS_RAWIO)) ++ if (turn_on && (!capable(CAP_SYS_RAWIO) || !capable(CAP_COMPROMISE_KERNEL))) + return -EPERM; + + /* +@@ -102,7 +102,7 @@ long sys_iopl(unsigned int level, struct pt_regs *regs) + return -EINVAL; + /* Trying to gain more privileges? */ + if (level > old) { +- if (!capable(CAP_SYS_RAWIO)) ++ if (!capable(CAP_SYS_RAWIO) || !capable(CAP_COMPROMISE_KERNEL)) + return -EPERM; + } + regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12); +diff --git a/drivers/char/mem.c b/drivers/char/mem.c +index e5eedfa..1e0a660 100644 +--- a/drivers/char/mem.c ++++ b/drivers/char/mem.c +@@ -597,6 +597,9 @@ static ssize_t write_port(struct file *file, const char __user *buf, + unsigned long i = *ppos; + const char __user * tmp = buf; + ++ if (!capable(CAP_COMPROMISE_KERNEL)) ++ return -EPERM; ++ + if (!access_ok(VERIFY_READ, buf, count)) + return -EFAULT; + while (count-- > 0 && i < 65536) { +-- +1.7.11.4 + + +From e063cb2f3a667d2540682d4bdbef91fdb23b1a84 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Thu, 20 Sep 2012 10:40:59 -0400 +Subject: [PATCH 04/14] ACPI: Limit access to custom_method + +It must be impossible for even root to get code executed in kernel context +under a secure boot environment. custom_method effectively allows arbitrary +access to system memory, so it needs to have a capability check here. + +Signed-off-by: Matthew Garrett +--- + drivers/acpi/custom_method.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c +index 5d42c24..247d58b 100644 +--- a/drivers/acpi/custom_method.c ++++ b/drivers/acpi/custom_method.c +@@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf, + struct acpi_table_header table; + acpi_status status; + ++ if (!capable(CAP_COMPROMISE_KERNEL)) ++ return -EPERM; ++ + if (!(*ppos)) { + /* parse the table header to get the table length */ + if (count <= sizeof(struct acpi_table_header)) +-- +1.7.11.4 + + +From a1cccbd084c7355dcb2be7ae2934f168ce9ba9d5 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Thu, 20 Sep 2012 10:41:00 -0400 +Subject: [PATCH 05/14] asus-wmi: Restrict debugfs interface + +We have no way of validating what all of the Asus WMI methods do on a +given machine, and there's a risk that some will allow hardware state to +be manipulated in such a way that arbitrary code can be executed in the +kernel. Add a capability check to prevent that. + +Signed-off-by: Matthew Garrett +--- + drivers/platform/x86/asus-wmi.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c +index 2eb9fe8..61e055d 100644 +--- a/drivers/platform/x86/asus-wmi.c ++++ b/drivers/platform/x86/asus-wmi.c +@@ -1523,6 +1523,9 @@ static int show_dsts(struct seq_file *m, void *data) + int err; + u32 retval = -1; + ++ if (!capable(CAP_COMPROMISE_KERNEL)) ++ return -EPERM; ++ + err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval); + + if (err < 0) +@@ -1539,6 +1542,9 @@ static int show_devs(struct seq_file *m, void *data) + int err; + u32 retval = -1; + ++ if (!capable(CAP_COMPROMISE_KERNEL)) ++ return -EPERM; ++ + err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param, + &retval); + +@@ -1563,6 +1569,9 @@ static int show_call(struct seq_file *m, void *data) + union acpi_object *obj; + acpi_status status; + ++ if (!capable(CAP_COMPROMISE_KERNEL)) ++ return -EPERM; ++ + status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID, + 1, asus->debug.method_id, + &input, &output); +-- +1.7.11.4 + + +From 1c9e53b626268f82509062751eda14e8572717cf Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Thu, 20 Sep 2012 10:41:01 -0400 +Subject: [PATCH 06/14] Restrict /dev/mem and /dev/kmem in secure boot setups + +Allowing users to write to address space makes it possible for the kernel +to be subverted. Restrict this when we need to protect the kernel. + +Signed-off-by: Matthew Garrett +--- + drivers/char/mem.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/drivers/char/mem.c b/drivers/char/mem.c +index 1e0a660..33eb947 100644 +--- a/drivers/char/mem.c ++++ b/drivers/char/mem.c +@@ -158,6 +158,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf, + unsigned long copied; + void *ptr; + ++ if (!capable(CAP_COMPROMISE_KERNEL)) ++ return -EPERM; ++ + if (!valid_phys_addr_range(p, count)) + return -EFAULT; + +@@ -530,6 +533,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf, + char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */ + int err = 0; + ++ if (!capable(CAP_COMPROMISE_KERNEL)) ++ return -EPERM; ++ + if (p < (unsigned long) high_memory) { + unsigned long to_write = min_t(unsigned long, count, + (unsigned long)high_memory - p); +-- +1.7.11.4 + + +From fbf919bf372b9a7a08bdacac8129d47ced1b1f19 Mon Sep 17 00:00:00 2001 +From: Josh Boyer +Date: Thu, 20 Sep 2012 10:41:02 -0400 +Subject: [PATCH 07/14] Secure boot: Add a dummy kernel parameter that will + switch on Secure Boot mode + +This forcibly drops CAP_COMPROMISE_KERNEL from both cap_permitted and cap_bset +in the init_cred struct, which everything else inherits from. This works on +any machine and can be used to develop even if the box doesn't have UEFI. + +Signed-off-by: Josh Boyer +--- + Documentation/kernel-parameters.txt | 7 +++++++ + kernel/cred.c | 17 +++++++++++++++++ + 2 files changed, 24 insertions(+) + +diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt +index 9b2b8d3..93978d5 100644 +--- a/Documentation/kernel-parameters.txt ++++ b/Documentation/kernel-parameters.txt +@@ -2562,6 +2562,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. + Note: increases power consumption, thus should only be + enabled if running jitter sensitive (HPC/RT) workloads. + ++ secureboot_enable= ++ [KNL] Enables an emulated UEFI Secure Boot mode. This ++ locks down various aspects of the kernel guarded by the ++ CAP_COMPROMISE_KERNEL capability. This includes things ++ like /dev/mem, IO port access, and other areas. It can ++ be used on non-UEFI machines for testing purposes. ++ + security= [SECURITY] Choose a security module to enable at boot. + If this boot parameter is not specified, only the first + security module asking for security registration will be +diff --git a/kernel/cred.c b/kernel/cred.c +index de728ac..7e6e83f 100644 +--- a/kernel/cred.c ++++ b/kernel/cred.c +@@ -623,6 +623,23 @@ void __init cred_init(void) + 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); + } + ++void __init secureboot_enable() ++{ ++ pr_info("Secure boot enabled\n"); ++ cap_lower((&init_cred)->cap_bset, CAP_COMPROMISE_KERNEL); ++ cap_lower((&init_cred)->cap_permitted, CAP_COMPROMISE_KERNEL); ++} ++ ++/* Dummy Secure Boot enable option to fake out UEFI SB=1 */ ++static int __init secureboot_enable_opt(char *str) ++{ ++ int sb_enable = !!simple_strtol(str, NULL, 0); ++ if (sb_enable) ++ secureboot_enable(); ++ return 1; ++} ++__setup("secureboot_enable=", secureboot_enable_opt); ++ + /** + * prepare_kernel_cred - Prepare a set of credentials for a kernel service + * @daemon: A userspace daemon to be used as a reference +-- +1.7.11.4 + + +From 43ed7865d867ae692e30227d66fa58cdecbd9269 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Thu, 20 Sep 2012 10:41:03 -0400 +Subject: [PATCH 08/14] efi: Enable secure boot lockdown automatically when + enabled in firmware + +The firmware has a set of flags that indicate whether secure boot is enabled +and enforcing. Use them to indicate whether the kernel should lock itself +down. + +Signed-off-by: Matthew Garrett +--- + Documentation/x86/zero-page.txt | 2 ++ + arch/x86/boot/compressed/eboot.c | 32 ++++++++++++++++++++++++++++++++ + arch/x86/include/asm/bootparam.h | 3 ++- + arch/x86/kernel/setup.c | 3 +++ + include/linux/cred.h | 2 ++ + 5 files changed, 41 insertions(+), 1 deletion(-) + +diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt +index cf5437d..7f9ed48 100644 +--- a/Documentation/x86/zero-page.txt ++++ b/Documentation/x86/zero-page.txt +@@ -27,6 +27,8 @@ Offset Proto Name Meaning + 1E9/001 ALL eddbuf_entries Number of entries in eddbuf (below) + 1EA/001 ALL edd_mbr_sig_buf_entries Number of entries in edd_mbr_sig_buffer + (below) ++1EB/001 ALL kbd_status Numlock is enabled ++1EC/001 ALL secure_boot Kernel should enable secure boot lockdowns + 290/040 ALL edd_mbr_sig_buffer EDD MBR signatures + 2D0/A00 ALL e820_map E820 memory map table + (array of struct e820entry) +diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c +index b3e0227..3789356 100644 +--- a/arch/x86/boot/compressed/eboot.c ++++ b/arch/x86/boot/compressed/eboot.c +@@ -724,6 +724,36 @@ fail: + return status; + } + ++static int get_secure_boot(efi_system_table_t *_table) ++{ ++ u8 sb, setup; ++ unsigned long datasize = sizeof(sb); ++ efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID; ++ efi_status_t status; ++ ++ status = efi_call_phys5(sys_table->runtime->get_variable, ++ L"SecureBoot", &var_guid, NULL, &datasize, &sb); ++ ++ if (status != EFI_SUCCESS) ++ return 0; ++ ++ if (sb == 0) ++ return 0; ++ ++ ++ status = efi_call_phys5(sys_table->runtime->get_variable, ++ L"SetupMode", &var_guid, NULL, &datasize, ++ &setup); ++ ++ if (status != EFI_SUCCESS) ++ return 0; ++ ++ if (setup == 1) ++ return 0; ++ ++ return 1; ++} ++ + /* + * Because the x86 boot code expects to be passed a boot_params we + * need to create one ourselves (usually the bootloader would create +@@ -1018,6 +1048,8 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table, + if (sys_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE) + goto fail; + ++ boot_params->secure_boot = get_secure_boot(sys_table); ++ + setup_graphics(boot_params); + + status = efi_call_phys3(sys_table->boottime->allocate_pool, +diff --git a/arch/x86/include/asm/bootparam.h b/arch/x86/include/asm/bootparam.h +index 2ad874c..c7338e0 100644 +--- a/arch/x86/include/asm/bootparam.h ++++ b/arch/x86/include/asm/bootparam.h +@@ -114,7 +114,8 @@ struct boot_params { + __u8 eddbuf_entries; /* 0x1e9 */ + __u8 edd_mbr_sig_buf_entries; /* 0x1ea */ + __u8 kbd_status; /* 0x1eb */ +- __u8 _pad6[5]; /* 0x1ec */ ++ __u8 secure_boot; /* 0x1ec */ ++ __u8 _pad6[4]; /* 0x1ed */ + struct setup_header hdr; /* setup header */ /* 0x1f1 */ + __u8 _pad7[0x290-0x1f1-sizeof(struct setup_header)]; + __u32 edd_mbr_sig_buffer[EDD_MBR_SIG_MAX]; /* 0x290 */ +diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c +index f4b9b80..239bf2a 100644 +--- a/arch/x86/kernel/setup.c ++++ b/arch/x86/kernel/setup.c +@@ -947,6 +947,9 @@ void __init setup_arch(char **cmdline_p) + + io_delay_init(); + ++ if (boot_params.secure_boot) ++ secureboot_enable(); ++ + /* + * Parse the ACPI tables for possible boot-time SMP configuration. + */ +diff --git a/include/linux/cred.h b/include/linux/cred.h +index ebbed2c..a24faf1 100644 +--- a/include/linux/cred.h ++++ b/include/linux/cred.h +@@ -170,6 +170,8 @@ extern int set_security_override_from_ctx(struct cred *, const char *); + extern int set_create_files_as(struct cred *, struct inode *); + extern void __init cred_init(void); + ++extern void secureboot_enable(void); ++ + /* + * check for validity of credentials + */ +-- +1.7.11.4 + + +From 3acf1ceb5f6f3be9103c9da16ddc24afc6d8b02a Mon Sep 17 00:00:00 2001 +From: Josh Boyer +Date: Thu, 20 Sep 2012 10:41:04 -0400 +Subject: [PATCH 09/14] acpi: Ignore acpi_rsdp kernel parameter in a secure + boot environment + +This option allows userspace to pass the RSDP address to the kernel. This +could potentially be used to circumvent the secure boot trust model. +We ignore the setting if we don't have the CAP_COMPROMISE_KERNEL capability. + +Signed-off-by: Josh Boyer +--- + drivers/acpi/osl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c +index 9eaf708..f94341b 100644 +--- a/drivers/acpi/osl.c ++++ b/drivers/acpi/osl.c +@@ -246,7 +246,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp); + acpi_physical_address __init acpi_os_get_root_pointer(void) + { + #ifdef CONFIG_KEXEC +- if (acpi_rsdp) ++ if (acpi_rsdp && capable(CAP_COMPROMISE_KERNEL)) + return acpi_rsdp; + #endif + +-- +1.7.11.4 + + +From 03fb06d272ddc1062e610521c5cfdbe42f251209 Mon Sep 17 00:00:00 2001 +From: Josh Boyer +Date: Thu, 20 Sep 2012 10:41:05 -0400 +Subject: [PATCH 10/14] SELinux: define mapping for new Secure Boot capability + +Add the name of the new Secure Boot capability. This allows SELinux +policies to properly map CAP_COMPROMISE_KERNEL to the appropriate +capability class. + +Signed-off-by: Josh Boyer +--- + security/selinux/include/classmap.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h +index df2de54..70e2834 100644 +--- a/security/selinux/include/classmap.h ++++ b/security/selinux/include/classmap.h +@@ -146,8 +146,8 @@ struct security_class_mapping secclass_map[] = { + { "memprotect", { "mmap_zero", NULL } }, + { "peer", { "recv", NULL } }, + { "capability2", +- { "mac_override", "mac_admin", "syslog", "wake_alarm", "block_suspend", +- NULL } }, ++ { "mac_override", "mac_admin", "syslog", "wake_alarm", ++ "block_suspend", "compromise_kernel", NULL } }, + { "kernel_service", { "use_as_override", "create_files_as", NULL } }, + { "tun_socket", + { COMMON_SOCK_PERMS, NULL } }, +-- +1.7.11.4 + + +From 0cfaa5ecf01f8eaaa2a84d88b7258a94ac9a1bfe Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Tue, 4 Sep 2012 11:55:13 -0400 +Subject: [PATCH 11/14] kexec: Disable in a secure boot environment + +kexec could be used as a vector for a malicious user to use a signed kernel +to circumvent the secure boot trust model. In the long run we'll want to +support signed kexec payloads, but for the moment we should just disable +loading entirely in that situation. + +Signed-off-by: Matthew Garrett +--- + kernel/kexec.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kernel/kexec.c b/kernel/kexec.c +index 0668d58..8b976a5 100644 +--- a/kernel/kexec.c ++++ b/kernel/kexec.c +@@ -944,7 +944,7 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments, + int result; + + /* We only trust the superuser with rebooting the system. */ +- if (!capable(CAP_SYS_BOOT)) ++ if (!capable(CAP_SYS_BOOT) || !capable(CAP_COMPROMISE_KERNEL)) + return -EPERM; + + /* +-- +1.7.11.4 + + +From 895c46276788b3711aee05a1a1d685eff69d48b9 Mon Sep 17 00:00:00 2001 +From: Josh Boyer +Date: Mon, 25 Jun 2012 21:29:46 -0400 +Subject: [PATCH 12/14] Documentation: kernel-parameters.txt remove + capability.disable + +Remove the documentation for capability.disable. The code supporting this +parameter was removed with: + + commit 5915eb53861c5776cfec33ca4fcc1fd20d66dd27 + Author: Miklos Szeredi + Date: Thu Jul 3 20:56:05 2008 +0200 + + security: remove dummy module + +Signed-off-by: Josh Boyer +--- + Documentation/kernel-parameters.txt | 6 ------ + 1 file changed, 6 deletions(-) + +diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt +index 93978d5..e3e5f8c 100644 +--- a/Documentation/kernel-parameters.txt ++++ b/Documentation/kernel-parameters.txt +@@ -446,12 +446,6 @@ bytes respectively. Such letter suffixes can also be entirely omitted. + possible to determine what the correct size should be. + This option provides an override for these situations. + +- capability.disable= +- [SECURITY] Disable capabilities. This would normally +- be used only if an alternative security model is to be +- configured. Potentially dangerous and should only be +- used if you are entirely sure of the consequences. +- + ccw_timeout_log [S390] + See Documentation/s390/CommonIO for details. + +-- +1.7.11.4 + + +From 294d339c63b0f67a362efaa62713f26d9f496da8 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Thu, 26 Jul 2012 18:00:00 -0400 +Subject: [PATCH 13/14] efi: Build EFI stub with EFI-appropriate options + +We can't assume the presence of the red zone while we're still in a boot +services environment, so we should build with -fno-red-zone to avoid +problems. Change the size of wchar at the same time to make string handling +simpler. + +Signed-off-by: Matthew Garrett +--- + arch/x86/boot/compressed/Makefile | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile +index e398bb5..8a84501 100644 +--- a/arch/x86/boot/compressed/Makefile ++++ b/arch/x86/boot/compressed/Makefile +@@ -28,6 +28,9 @@ VMLINUX_OBJS = $(obj)/vmlinux.lds $(obj)/head_$(BITS).o $(obj)/misc.o \ + $(obj)/string.o $(obj)/cmdline.o $(obj)/early_serial_console.o \ + $(obj)/piggy.o + ++$(obj)/eboot.o: KBUILD_CFLAGS += -fshort-wchar -mno-red-zone ++$(obj)/efi_stub_$(BITS).o: KBUILD_CLFAGS += -fshort-wchar -mno-red-zone ++ + ifeq ($(CONFIG_EFI_STUB), y) + VMLINUX_OBJS += $(obj)/eboot.o $(obj)/efi_stub_$(BITS).o + endif +-- +1.7.11.4 + + +From d1a225668878a3339adcd7ce0be256e857360ada Mon Sep 17 00:00:00 2001 +From: Josh Boyer +Date: Tue, 26 Jun 2012 16:27:26 -0400 +Subject: [PATCH 14/14] modsign: Reject unsigned modules in a Secure Boot + environment + +If a machine is booted into a Secure Boot environment, we need to +protect the trust model. This requires that all modules be signed +with a key that is in the kernel's _modsign keyring. We add a +capability check and reject modules that are not signed. + +Signed-off-by: Josh Boyer +--- + kernel/module.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/kernel/module.c b/kernel/module.c +index de16959..5af69cc 100644 +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -2463,7 +2463,7 @@ static int module_sig_check(struct load_info *info, + } + + /* Not having a signature is only an error if we're strict. */ +- if (!err && !info->sig_ok && sig_enforce) ++ if (!err && !info->sig_ok && (sig_enforce || !capable(CAP_COMPROMISE_KERNEL))) + err = -EKEYREJECTED; + return err; + +@@ -2475,7 +2475,7 @@ found_marker: + if (err < 0 && fips_enabled) + panic("Module verification failed with error %d in FIPS mode\n", + err); +- if (err == -ENOKEY && !sig_enforce) ++ if (err == -ENOKEY && (!sig_enforce && capable(CAP_COMPROMISE_KERNEL))) + err = 0; + return err; + } +-- +1.7.11.4 + diff --git a/x509.genkey b/x509.genkey new file mode 100644 index 00000000..2f90e1bc --- /dev/null +++ b/x509.genkey @@ -0,0 +1,16 @@ +[ req ] +default_bits = 4096 +distinguished_name = req_distinguished_name +prompt = no +x509_extensions = myexts + +[ req_distinguished_name ] +O = Fedora +CN = Fedora kernel signing key +emailAddress = kernel-team@fedoraproject.org + +[ myexts ] +basicConstraints=critical,CA:FALSE +keyUsage=digitalSignature +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid -- cgit