Root/
1 | /* |
2 | * Copyright (C) 2011 Nokia Corporation |
3 | * Copyright (C) 2011 Intel Corporation |
4 | * |
5 | * Author: |
6 | * Dmitry Kasatkin <dmitry.kasatkin@nokia.com> |
7 | * <dmitry.kasatkin@intel.com> |
8 | * |
9 | * This program is free software; you can redistribute it and/or modify |
10 | * it under the terms of the GNU General Public License as published by |
11 | * the Free Software Foundation, version 2 of the License. |
12 | * |
13 | * File: sign.c |
14 | * implements signature (RSA) verification |
15 | * pkcs decoding is based on LibTomCrypt code |
16 | */ |
17 | |
18 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
19 | |
20 | #include <linux/err.h> |
21 | #include <linux/module.h> |
22 | #include <linux/slab.h> |
23 | #include <linux/key.h> |
24 | #include <linux/crypto.h> |
25 | #include <crypto/hash.h> |
26 | #include <crypto/sha.h> |
27 | #include <keys/user-type.h> |
28 | #include <linux/mpi.h> |
29 | #include <linux/digsig.h> |
30 | |
31 | static struct crypto_shash *shash; |
32 | |
33 | static const char *pkcs_1_v1_5_decode_emsa(const unsigned char *msg, |
34 | unsigned long msglen, |
35 | unsigned long modulus_bitlen, |
36 | unsigned long *outlen) |
37 | { |
38 | unsigned long modulus_len, ps_len, i; |
39 | |
40 | modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); |
41 | |
42 | /* test message size */ |
43 | if ((msglen > modulus_len) || (modulus_len < 11)) |
44 | return NULL; |
45 | |
46 | /* separate encoded message */ |
47 | if (msg[0] != 0x00 || msg[1] != 0x01) |
48 | return NULL; |
49 | |
50 | for (i = 2; i < modulus_len - 1; i++) |
51 | if (msg[i] != 0xFF) |
52 | break; |
53 | |
54 | /* separator check */ |
55 | if (msg[i] != 0) |
56 | /* There was no octet with hexadecimal value 0x00 |
57 | to separate ps from m. */ |
58 | return NULL; |
59 | |
60 | ps_len = i - 2; |
61 | |
62 | *outlen = (msglen - (2 + ps_len + 1)); |
63 | |
64 | return msg + 2 + ps_len + 1; |
65 | } |
66 | |
67 | /* |
68 | * RSA Signature verification with public key |
69 | */ |
70 | static int digsig_verify_rsa(struct key *key, |
71 | const char *sig, int siglen, |
72 | const char *h, int hlen) |
73 | { |
74 | int err = -EINVAL; |
75 | unsigned long len; |
76 | unsigned long mlen, mblen; |
77 | unsigned nret, l; |
78 | int head, i; |
79 | unsigned char *out1 = NULL; |
80 | const char *m; |
81 | MPI in = NULL, res = NULL, pkey[2]; |
82 | uint8_t *p, *datap, *endp; |
83 | struct user_key_payload *ukp; |
84 | struct pubkey_hdr *pkh; |
85 | |
86 | down_read(&key->sem); |
87 | ukp = key->payload.data; |
88 | |
89 | if (ukp->datalen < sizeof(*pkh)) |
90 | goto err1; |
91 | |
92 | pkh = (struct pubkey_hdr *)ukp->data; |
93 | |
94 | if (pkh->version != 1) |
95 | goto err1; |
96 | |
97 | if (pkh->algo != PUBKEY_ALGO_RSA) |
98 | goto err1; |
99 | |
100 | if (pkh->nmpi != 2) |
101 | goto err1; |
102 | |
103 | datap = pkh->mpi; |
104 | endp = ukp->data + ukp->datalen; |
105 | |
106 | err = -ENOMEM; |
107 | |
108 | for (i = 0; i < pkh->nmpi; i++) { |
109 | unsigned int remaining = endp - datap; |
110 | pkey[i] = mpi_read_from_buffer(datap, &remaining); |
111 | if (!pkey[i]) |
112 | goto err; |
113 | datap += remaining; |
114 | } |
115 | |
116 | mblen = mpi_get_nbits(pkey[0]); |
117 | mlen = DIV_ROUND_UP(mblen, 8); |
118 | |
119 | if (mlen == 0) |
120 | goto err; |
121 | |
122 | out1 = kzalloc(mlen, GFP_KERNEL); |
123 | if (!out1) |
124 | goto err; |
125 | |
126 | nret = siglen; |
127 | in = mpi_read_from_buffer(sig, &nret); |
128 | if (!in) |
129 | goto err; |
130 | |
131 | res = mpi_alloc(mpi_get_nlimbs(in) * 2); |
132 | if (!res) |
133 | goto err; |
134 | |
135 | err = mpi_powm(res, in, pkey[1], pkey[0]); |
136 | if (err) |
137 | goto err; |
138 | |
139 | if (mpi_get_nlimbs(res) * BYTES_PER_MPI_LIMB > mlen) { |
140 | err = -EINVAL; |
141 | goto err; |
142 | } |
143 | |
144 | p = mpi_get_buffer(res, &l, NULL); |
145 | if (!p) { |
146 | err = -EINVAL; |
147 | goto err; |
148 | } |
149 | |
150 | len = mlen; |
151 | head = len - l; |
152 | memset(out1, 0, head); |
153 | memcpy(out1 + head, p, l); |
154 | |
155 | kfree(p); |
156 | |
157 | m = pkcs_1_v1_5_decode_emsa(out1, len, mblen, &len); |
158 | |
159 | if (!m || len != hlen || memcmp(m, h, hlen)) |
160 | err = -EINVAL; |
161 | |
162 | err: |
163 | mpi_free(in); |
164 | mpi_free(res); |
165 | kfree(out1); |
166 | while (--i >= 0) |
167 | mpi_free(pkey[i]); |
168 | err1: |
169 | up_read(&key->sem); |
170 | |
171 | return err; |
172 | } |
173 | |
174 | /** |
175 | * digsig_verify() - digital signature verification with public key |
176 | * @keyring: keyring to search key in |
177 | * @sig: digital signature |
178 | * @sigen: length of the signature |
179 | * @data: data |
180 | * @datalen: length of the data |
181 | * @return: 0 on success, -EINVAL otherwise |
182 | * |
183 | * Verifies data integrity against digital signature. |
184 | * Currently only RSA is supported. |
185 | * Normally hash of the content is used as a data for this function. |
186 | * |
187 | */ |
188 | int digsig_verify(struct key *keyring, const char *sig, int siglen, |
189 | const char *data, int datalen) |
190 | { |
191 | int err = -ENOMEM; |
192 | struct signature_hdr *sh = (struct signature_hdr *)sig; |
193 | struct shash_desc *desc = NULL; |
194 | unsigned char hash[SHA1_DIGEST_SIZE]; |
195 | struct key *key; |
196 | char name[20]; |
197 | |
198 | if (siglen < sizeof(*sh) + 2) |
199 | return -EINVAL; |
200 | |
201 | if (sh->algo != PUBKEY_ALGO_RSA) |
202 | return -ENOTSUPP; |
203 | |
204 | sprintf(name, "%llX", __be64_to_cpup((uint64_t *)sh->keyid)); |
205 | |
206 | if (keyring) { |
207 | /* search in specific keyring */ |
208 | key_ref_t kref; |
209 | kref = keyring_search(make_key_ref(keyring, 1UL), |
210 | &key_type_user, name); |
211 | if (IS_ERR(kref)) |
212 | key = ERR_PTR(PTR_ERR(kref)); |
213 | else |
214 | key = key_ref_to_ptr(kref); |
215 | } else { |
216 | key = request_key(&key_type_user, name, NULL); |
217 | } |
218 | if (IS_ERR(key)) { |
219 | pr_err("key not found, id: %s\n", name); |
220 | return PTR_ERR(key); |
221 | } |
222 | |
223 | desc = kzalloc(sizeof(*desc) + crypto_shash_descsize(shash), |
224 | GFP_KERNEL); |
225 | if (!desc) |
226 | goto err; |
227 | |
228 | desc->tfm = shash; |
229 | desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; |
230 | |
231 | crypto_shash_init(desc); |
232 | crypto_shash_update(desc, data, datalen); |
233 | crypto_shash_update(desc, sig, sizeof(*sh)); |
234 | crypto_shash_final(desc, hash); |
235 | |
236 | kfree(desc); |
237 | |
238 | /* pass signature mpis address */ |
239 | err = digsig_verify_rsa(key, sig + sizeof(*sh), siglen - sizeof(*sh), |
240 | hash, sizeof(hash)); |
241 | |
242 | err: |
243 | key_put(key); |
244 | |
245 | return err ? -EINVAL : 0; |
246 | } |
247 | EXPORT_SYMBOL_GPL(digsig_verify); |
248 | |
249 | static int __init digsig_init(void) |
250 | { |
251 | shash = crypto_alloc_shash("sha1", 0, 0); |
252 | if (IS_ERR(shash)) { |
253 | pr_err("shash allocation failed\n"); |
254 | return PTR_ERR(shash); |
255 | } |
256 | |
257 | return 0; |
258 | |
259 | } |
260 | |
261 | static void __exit digsig_cleanup(void) |
262 | { |
263 | crypto_free_shash(shash); |
264 | } |
265 | |
266 | module_init(digsig_init); |
267 | module_exit(digsig_cleanup); |
268 | |
269 | MODULE_LICENSE("GPL"); |
270 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9