[RFC][PATCH 3/6] verification: Introduce verify_umd_signature() and verify_umd_message_sig()

[Roberto Sassu]

From: Roberto Sassu <roberto.sassu@xxxxxxxxxx>

Introduce verify_umd_signature() and verify_umd_message_sig(), to verify
UMD-parsed signatures from detached data. It aims to be used by kernel
subsystems wishing to verify the authenticity of system data, with
system-defined keyrings as trust anchor.

Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
---
 certs/system_keyring.c       | 125 +++++++++++++++++++++++++++++++++++
 include/linux/verification.h |  48 ++++++++++++++
 2 files changed, 173 insertions(+)

diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index a7a49b17ceb..d4c0de4dceb 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -16,6 +16,7 @@
 #include <keys/asymmetric-type.h>
 #include <keys/system_keyring.h>
 #include <crypto/pkcs7.h>
+#include <crypto/umd_sig.h>
 
 static struct key *builtin_trusted_keys;
 #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
@@ -339,6 +340,130 @@ int verify_pkcs7_signature(const void *data, size_t len,
 }
 EXPORT_SYMBOL_GPL(verify_pkcs7_signature);
 
+#ifdef CONFIG_UMD_SIG_PARSER
+/**
+ * verify_umd_message_sig - Verify a UMD-parsed signature on system data.
+ * @data: The data to be verified (must be provided)
+ * @len: Size of @data
+ * @umd_sig: The UMD-parsed signature
+ * @trusted_keys: Trusted keys to use (NULL for builtin trusted keys only,
+ *					(void *)1UL for all trusted keys)
+ *					(void *)2UL for platform keys)
+ * @usage: The use to which the key is being put
+ * @view_content: Callback to gain access to content
+ * @ctx: Context for callback
+ *
+ * Verify the UMD-parsed signature of the supplied system data, against a
+ * key (if found) in the supplied trusted keyring.
+ *
+ * Return: Zero on successful verification, a negative value otherwise.
+ */
+int verify_umd_message_sig(const void *data, size_t len,
+			   struct umd_sig_message *umd_sig,
+			   struct key *trusted_keys,
+			   enum key_being_used_for usage,
+			   int (*view_content)(void *ctx,
+					       const void *data, size_t len,
+					       size_t asn1hdrlen),
+			   void *ctx)
+{
+	int ret;
+
+	/* The data should be detached - so we need to supply it. */
+	if (data && umd_sig_supply_detached_data(umd_sig, data, len)) {
+		pr_err("Failed to supply data for UMD-parsed signature\n");
+		ret = -EBADMSG;
+		goto error;
+	}
+
+	if (!trusted_keys) {
+		trusted_keys = builtin_trusted_keys;
+	} else if (trusted_keys == VERIFY_USE_SECONDARY_KEYRING) {
+#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
+		trusted_keys = secondary_trusted_keys;
+#else
+		trusted_keys = builtin_trusted_keys;
+#endif
+	} else if (trusted_keys == VERIFY_USE_PLATFORM_KEYRING) {
+#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
+		trusted_keys = platform_trusted_keys;
+#else
+		trusted_keys = NULL;
+#endif
+		if (!trusted_keys) {
+			ret = -ENOKEY;
+			pr_devel("Platform keyring is not available\n");
+			goto error;
+		}
+	}
+
+	ret = umd_sig_verify_message(umd_sig, trusted_keys);
+	if (ret < 0)
+		goto error;
+
+	if (view_content) {
+		size_t sig_data_len;
+
+		ret = umd_sig_get_content_data(umd_sig, &data, &len,
+					       &sig_data_len);
+		if (ret < 0) {
+			if (ret == -ENODATA)
+				pr_devel("UMD-parsed signature does not contain data\n");
+			goto error;
+		}
+
+		ret = view_content(ctx, data, len, sig_data_len);
+		kfree(data);
+	}
+error:
+	pr_devel("<==%s() = %d\n", __func__, ret);
+	return ret;
+}
+EXPORT_SYMBOL_GPL(verify_umd_message_sig);
+
+/**
+ * verify_umd_signature - Verify a UMD-parsed signature on system data.
+ * @data: The data to be verified (must be provided)
+ * @len: Size of @data
+ * @raw_umd_sig: The raw signature to be parsed with UMD
+ * @raw_umd_sig_len: The size of @raw_umd_sig
+ * @trusted_keys: Trusted keys to use (NULL for builtin trusted keys only,
+ *					(void *)1UL for all trusted keys)
+ *					(void *)2UL for platform keys)
+ * @usage: The use to which the key is being put
+ * @view_content: Callback to gain access to content
+ * @ctx: Context for callback
+ *
+ * Verify the UMD-parsed signature of the supplied system data, against a
+ * key (if found) in the supplied trusted keyring.
+ *
+ * Return: Zero on successful verification, a negative value otherwise.
+ */
+int verify_umd_signature(const void *data, size_t len,
+			 const void *raw_umd_sig, size_t raw_umd_sig_len,
+			 struct key *trusted_keys,
+			 enum key_being_used_for usage,
+			 int (*view_content)(void *ctx,
+					     const void *data, size_t len,
+					     size_t asn1hdrlen),
+			 void *ctx)
+{
+	struct umd_sig_message *umd_sig;
+	int ret;
+
+	umd_sig = umd_sig_parse_message(raw_umd_sig, raw_umd_sig_len);
+	if (IS_ERR(umd_sig))
+		return PTR_ERR(umd_sig);
+
+	ret = verify_umd_message_sig(data, len, umd_sig, trusted_keys, usage,
+				     view_content, ctx);
+
+	umd_sig_free_message(umd_sig);
+	pr_devel("<==%s() = %d\n", __func__, ret);
+	return ret;
+}
+EXPORT_SYMBOL_GPL(verify_umd_signature);
+#endif /* CONFIG_UMD_SIG_PARSER */
 #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
 
 #ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
diff --git a/include/linux/verification.h b/include/linux/verification.h
index f34e50ebcf6..2e44ea17f23 100644
--- a/include/linux/verification.h
+++ b/include/linux/verification.h
@@ -43,6 +43,7 @@ extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR];
 
 struct key;
 struct pkcs7_message;
+struct umd_sig_message;
 
 extern int verify_pkcs7_signature(const void *data, size_t len,
 				  const void *raw_pkcs7, size_t pkcs7_len,
@@ -62,6 +63,53 @@ extern int verify_pkcs7_message_sig(const void *data, size_t len,
 							size_t asn1hdrlen),
 				    void *ctx);
 
+#ifdef CONFIG_UMD_SIG_PARSER
+extern int verify_umd_message_sig(const void *data, size_t len,
+				  struct umd_sig_message *umd_sig,
+				  struct key *trusted_keys,
+				  enum key_being_used_for usage,
+				  int (*view_content)(void *ctx,
+						      const void *data,
+						      size_t len,
+						      size_t asn1hdrlen),
+				  void *ctx);
+extern int verify_umd_signature(const void *data, size_t len,
+				const void *raw_pgp, size_t pgp_len,
+				struct key *trusted_keys,
+				enum key_being_used_for usage,
+				int (*view_content)(void *ctx,
+						const void *data, size_t len,
+						size_t asn1hdrlen),
+				void *ctx);
+#else
+static inline int verify_umd_message_sig(const void *data, size_t len,
+					 struct umd_sig_message *umd_sig,
+					 struct key *trusted_keys,
+					 enum key_being_used_for usage,
+					 int (*view_content)(void *ctx,
+							     const void *data,
+							     size_t len,
+							     size_t asn1hdrlen),
+					 void *ctx)
+{
+	return -EOPNOTSUPP;
+}
+
+static inline int verify_umd_signature(const void *data, size_t len,
+				       const void *raw_umd_sig,
+				       size_t raw_umd_sig_len,
+				       struct key *trusted_keys,
+				       enum key_being_used_for usage,
+				       int (*view_content)(void *ctx,
+							   const void *data,
+							   size_t len,
+							   size_t asn1hdrlen),
+				       void *ctx)
+{
+	return -EOPNOTSUPP;
+}
+#endif /* CONFIG_UMD_SIG_PARSER */
+
 #ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION
 extern int verify_pefile_signature(const void *pebuf, unsigned pelen,
 				   struct key *trusted_keys,
-- 
2.25.1