[Fedora 10/19] ima: define functions to appraise memory buffer contents

Vivek Goyal vgoyal at redhat.com
Wed Sep 4 21:24:42 UTC 2013 

I need to provide user space with facility that it can call into kernel
for signature verification of a file. Trying to rely on file based appraisal
has the downside that somebody might write to file after appraisal and it
is racy.

Alternative is that one can copy file contents in memory buffer and pass
buffer and signature to kernel and ask whether signatures are valid.

Hence introduce an IMA function to be able verify signature of meory
buffer. This will in turn be called the keyctl() which will provide
this facility to user space.

This can be used by kexec to verify signature of bzImage being loaded.

Signed-off-by: Vivek Goyal <vgoyal at redhat.com>
---
 include/linux/integrity.h   |  13 +++++
 security/integrity/digsig.c | 115 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 128 insertions(+)

diff --git a/include/linux/integrity.h b/include/linux/integrity.h
index b26bd7d..13e6816 100644
--- a/include/linux/integrity.h
+++ b/include/linux/integrity.h
@@ -11,6 +11,7 @@
 #define _LINUX_INTEGRITY_H
 
 #include <linux/fs.h>
+#include <linux/key.h>
 
 enum integrity_status {
 	INTEGRITY_PASS = 0,
@@ -30,6 +31,10 @@ enum evm_ima_xattr_type {
 #ifdef CONFIG_INTEGRITY
 extern struct integrity_iint_cache *integrity_inode_get(struct inode *inode);
 extern void integrity_inode_free(struct inode *inode);
+extern int integrity_verify_user_buffer_digsig(struct key *keyring,
+				const char __user *data,
+				unsigned long data_len,
+				char *sig, unsigned int siglen);
 
 #else
 static inline struct integrity_iint_cache *
@@ -42,5 +47,13 @@ static inline void integrity_inode_free(struct inode *inode)
 {
 	return;
 }
+
+static inline int integrity_verify_user_buffer_digsig(struct key *keyring,
+				const char __user *data,
+				unsigned long data_len,
+				char *sig, unsigned int siglen)
+{
+	return -EOPNOTSUPP;
+}
 #endif /* CONFIG_INTEGRITY */
 #endif /* _LINUX_INTEGRITY_H */
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index e0319d8..28b7b48 100644
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -16,6 +16,7 @@
 #include <linux/rbtree.h>
 #include <linux/key-type.h>
 #include <linux/digsig.h>
+#include <linux/sched.h>
 #include <crypto/hash.h>
 #include <crypto/public_key.h>
 
@@ -104,3 +105,117 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
 	return integrity_digsig_verify_keyring(keyring[id], sig, siglen,
 						digest, digestlen);
 }
+
+static int integrity_calc_user_buffer_hash(enum pkey_hash_algo hash_algo,
+					const char __user *data,
+					unsigned long data_len, char **_digest,
+					unsigned int *digest_len)
+{
+	char *buffer, *digest;
+	unsigned long len;
+	struct crypto_shash *tfm;
+	size_t desc_size, digest_size;
+	struct shash_desc *desc;
+	int ret;
+
+	buffer = kmalloc(PAGE_SIZE, GFP_KERNEL);
+	if (!buffer)
+		return -ENOMEM;
+
+	/* TODO: allow different kind of hash */
+	tfm = crypto_alloc_shash(pkey_hash_algo_name[hash_algo], 0, 0);
+	if (IS_ERR(tfm)) {
+		ret = PTR_ERR(tfm);
+		goto out;
+	}
+	desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
+	desc = kzalloc(desc_size, GFP_KERNEL);
+	if (!desc) {
+		ret = -ENOMEM;
+		goto out_free_tfm;
+	}
+
+	desc->tfm   = tfm;
+	desc->flags = 0;
+
+	ret = crypto_shash_init(desc);
+	if (ret < 0)
+		goto out_free_desc;
+
+	digest_size = crypto_shash_digestsize(tfm);
+	digest = kzalloc(digest_size, GFP_KERNEL);
+	if (!digest) {
+		ret = -ENOMEM;
+		goto out_free_desc;
+	}
+
+	do {
+		len = min(data_len, PAGE_SIZE - ((size_t)data & ~PAGE_MASK));
+		ret = -EFAULT;
+		if (copy_from_user(buffer, data, len) != 0)
+			goto out_free_digest;
+
+		ret = crypto_shash_update(desc, buffer, len);
+                if (ret)
+                        break;
+
+		data_len -= len;
+		data += len;
+
+		if (fatal_signal_pending(current)) {
+			ret = -EINTR;
+			break;
+		}
+	} while (data_len > 0);
+
+	if (!ret) {
+		ret = crypto_shash_final(desc, digest);
+		*_digest = digest;
+		*digest_len = digest_size;
+		digest = NULL;
+	}
+
+out_free_digest:
+	if (digest)
+		kfree(digest);
+out_free_desc:
+	kfree(desc);
+out_free_tfm:
+	kfree(tfm);
+out:
+	kfree(buffer);
+	return ret;
+}
+
+/*
+ * Appraise a user buffer with a given digital signature
+ * keyring: keyring to use for appraisal
+ * sig: signature
+ * siglen: length of signature
+ *
+ * Returns 0 on successful appraisal, error otherwise.
+ */
+int integrity_verify_user_buffer_digsig(struct key *keyring,
+				const char __user *data,
+				unsigned long data_len,
+				char *sig, unsigned int siglen)
+{
+	int ret = 0;
+	enum pkey_hash_algo hash_algo;
+	char *digest = NULL;
+	unsigned int digest_len = 0;
+
+	hash_algo = integrity_digsig_get_hash_algo(sig);
+	if (hash_algo < 0)
+		return hash_algo;
+
+	ret = integrity_calc_user_buffer_hash(hash_algo, data, data_len,
+						&digest, &digest_len);
+	if (ret)
+		return ret;
+
+	ret = integrity_digsig_verify_keyring(keyring, sig, siglen, digest,
+					digest_len);
+	kfree(digest);
+	return ret;
+}
-- 
1.8.3.1

More information about the kernel mailing list