On Fri, 2018-03-16 at 17:38 -0300, Thiago Jung Bauermann wrote: > IMA will only look for a modsig if the xattr sig references a key which is > not in the expected kernel keyring. To that end, introduce > asymmetric_sig_has_known_key(). > > The logic of extracting the key used in the xattr sig is factored out from > asymmetric_verify() so that it can be used by the new function. > > Signed-off-by: Thiago Jung Bauermann <bauerman@xxxxxxxxxxxxxxxxxx> Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> > --- > security/integrity/digsig_asymmetric.c | 44 +++++++++++++++++++++++++--------- > security/integrity/integrity.h | 8 +++++++ > 2 files changed, 41 insertions(+), 11 deletions(-) > > diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c > index ab6a029062a1..241647970c19 100644 > --- a/security/integrity/digsig_asymmetric.c > +++ b/security/integrity/digsig_asymmetric.c > @@ -79,26 +79,48 @@ static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid) > return key; > } > > -int asymmetric_verify(struct key *keyring, const char *sig, > - int siglen, const char *data, int datalen) > +static struct key *asymmetric_key_from_sig(struct key *keyring, const char *sig, > + int siglen) > { > - struct public_key_signature pks; > - struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig; > - struct key *key; > - int ret = -ENOMEM; > + const struct signature_v2_hdr *hdr = (struct signature_v2_hdr *) sig; > > if (siglen <= sizeof(*hdr)) > - return -EBADMSG; > + return ERR_PTR(-EBADMSG); > > siglen -= sizeof(*hdr); > > if (siglen != be16_to_cpu(hdr->sig_size)) > - return -EBADMSG; > + return ERR_PTR(-EBADMSG); > > if (hdr->hash_algo >= HASH_ALGO__LAST) > - return -ENOPKG; > + return ERR_PTR(-ENOPKG); > + > + return request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid)); > +} > + > +bool asymmetric_sig_has_known_key(struct key *keyring, const char *sig, > + int siglen) > +{ > + struct key *key; > + > + key = asymmetric_key_from_sig(keyring, sig, siglen); > + if (IS_ERR_OR_NULL(key)) > + return false; > + > + key_put(key); > + > + return true; > +} > + > +int asymmetric_verify(struct key *keyring, const char *sig, > + int siglen, const char *data, int datalen) > +{ > + struct public_key_signature pks; > + struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig; > + struct key *key; > + int ret = -ENOMEM; > > - key = request_asymmetric_key(keyring, be32_to_cpu(hdr->keyid)); > + key = asymmetric_key_from_sig(keyring, sig, siglen); > if (IS_ERR(key)) > return PTR_ERR(key); > > @@ -109,7 +131,7 @@ int asymmetric_verify(struct key *keyring, const char *sig, > pks.digest = (u8 *)data; > pks.digest_size = datalen; > pks.s = hdr->sig; > - pks.s_size = siglen; > + pks.s_size = siglen - sizeof(*hdr); > ret = verify_signature(key, &pks); > key_put(key); > pr_debug("%s() = %d\n", __func__, ret); > diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h > index 2d245f44ca26..4c381b992e11 100644 > --- a/security/integrity/integrity.h > +++ b/security/integrity/integrity.h > @@ -179,12 +179,20 @@ static inline int integrity_init_keyring(const unsigned int id) > #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS > int asymmetric_verify(struct key *keyring, const char *sig, > int siglen, const char *data, int datalen); > +bool asymmetric_sig_has_known_key(struct key *keyring, const char *sig, > + int siglen); > #else > static inline int asymmetric_verify(struct key *keyring, const char *sig, > int siglen, const char *data, int datalen) > { > return -EOPNOTSUPP; > } > + > +static inline bool asymmetric_sig_has_known_key(struct key *keyring, > + const char *sig, int siglen) > +{ > + return false; > +} > #endif > > #ifdef CONFIG_IMA_LOAD_X509 >