Add generate_signature interface on signature.c, asymmetric-subtype and rsa.c for prepare to implement signature generation. Signed-off-by: Lee, Chun-Yi --- crypto/asymmetric_keys/private_key.h | 29 +++++++++++++++++++++++++++++ crypto/asymmetric_keys/public_key.c | 31 +++++++++++++++++++++++++++++++ crypto/asymmetric_keys/rsa.c | 22 ++++++++++++++++++++++ crypto/asymmetric_keys/signature.c | 28 ++++++++++++++++++++++++++++ include/crypto/public_key.h | 25 +++++++++++++++++++++++++ include/keys/asymmetric-subtype.h | 6 ++++++ 6 files changed, 141 insertions(+), 0 deletions(-) create mode 100644 crypto/asymmetric_keys/private_key.h diff --git a/crypto/asymmetric_keys/private_key.h b/crypto/asymmetric_keys/private_key.h new file mode 100644 index 0000000..c022eee --- /dev/null +++ b/crypto/asymmetric_keys/private_key.h @@ -0,0 +1,29 @@ +/* Private key algorithm internals + * + * Copyright (C) 2013 SUSE Linux Products GmbH. All rights reserved. + * Written by Chun-Yi Lee (jlee@suse.com) + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public Licence + * as published by the Free Software Foundation; either version + * 2 of the Licence, or (at your option) any later version. + */ + +#include + +extern struct asymmetric_key_subtype private_key_subtype; + +/* + * Private key algorithm definition. + */ +struct private_key_algorithm { + const char *name; + u8 n_pub_mpi; /* Number of MPIs in public key */ + u8 n_sec_mpi; /* Number of MPIs in secret key */ + u8 n_sig_mpi; /* Number of MPIs in a signature */ + struct public_key_signature* (*generate_signature)( + const struct private_key *key, u8 *M, + enum pkey_hash_algo hash_algo, const bool hash); +}; + +extern const struct private_key_algorithm RSA_private_key_algorithm; diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index cb2e291..97ff932 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -19,6 +19,7 @@ #include #include #include "public_key.h" +#include "private_key.h" MODULE_LICENSE("GPL"); @@ -96,6 +97,24 @@ static int public_key_verify_signature(const struct key *key, } /* + * Generate a signature using a private key. + */ +static struct public_key_signature *private_key_generate_signature( + const struct key *key, u8 *M, enum pkey_hash_algo hash_algo, + const bool hash) +{ + const struct private_key *pk = key->payload.data; + + pr_info("private_key_generate_signature start"); + + if (!pk->algo->generate_signature) + return ERR_PTR(-ENOTSUPP); + + return pk->algo->generate_signature(pk, M, hash_algo, hash); + +} + +/* * Public key algorithm asymmetric key subtype */ struct asymmetric_key_subtype public_key_subtype = { @@ -106,3 +125,15 @@ struct asymmetric_key_subtype public_key_subtype = { .verify_signature = public_key_verify_signature, }; EXPORT_SYMBOL_GPL(public_key_subtype); + +/* + * Private key algorithm asymmetric key subtype + */ +struct asymmetric_key_subtype private_key_subtype = { + .owner = THIS_MODULE, + .name = "private_key", + .describe = public_key_describe, + .destroy = public_key_destroy, + .generate_signature = private_key_generate_signature, +}; +EXPORT_SYMBOL_GPL(private_key_subtype); diff --git a/crypto/asymmetric_keys/rsa.c b/crypto/asymmetric_keys/rsa.c index 4a6a069..95aab83 100644 --- a/crypto/asymmetric_keys/rsa.c +++ b/crypto/asymmetric_keys/rsa.c @@ -14,6 +14,7 @@ #include #include #include "public_key.h" +#include "private_key.h" MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("RSA Public Key Algorithm"); @@ -267,6 +268,18 @@ error: return ret; } +/* + * Perform the generation step [RFC3447 sec 8.2.1]. + */ +static struct public_key_signature *RSA_generate_signature( + const struct private_key *key, u8 *M, + enum pkey_hash_algo hash_algo, const bool hash) +{ + pr_info("RSA_generate_signature start"); + + return 0; +} + const struct public_key_algorithm RSA_public_key_algorithm = { .name = "RSA", .n_pub_mpi = 2, @@ -275,3 +288,12 @@ const struct public_key_algorithm RSA_public_key_algorithm = { .verify_signature = RSA_verify_signature, }; EXPORT_SYMBOL_GPL(RSA_public_key_algorithm); + +const struct private_key_algorithm RSA_private_key_algorithm = { + .name = "RSA", + .n_pub_mpi = 2, + .n_sec_mpi = 3, + .n_sig_mpi = 1, + .generate_signature = RSA_generate_signature, +}; +EXPORT_SYMBOL_GPL(RSA_private_key_algorithm); diff --git a/crypto/asymmetric_keys/signature.c b/crypto/asymmetric_keys/signature.c index 50b3f88..a1bf6be 100644 --- a/crypto/asymmetric_keys/signature.c +++ b/crypto/asymmetric_keys/signature.c @@ -47,3 +47,31 @@ int verify_signature(const struct key *key, return ret; } EXPORT_SYMBOL_GPL(verify_signature); + +/** + * generate_signature - Initiate the use of an asymmetric key to generate a signature + * @key: The asymmetric key to generate against + * @M: The message to be signed, or a hash result. Dependent on the hash parameter + * @hash_algo: The hash algorithm to generate digest + * @hash: true means M is a original mesagse, false means M is a hash result + * + * Returns public_key-signature if successful or else an error. + */ +struct public_key_signature *generate_signature(const struct key *key, u8 *M, + enum pkey_hash_algo hash_algo, const bool hash) +{ + const struct asymmetric_key_subtype *subtype; + + pr_info("==>%s()\n", __func__); + + if (key->type != &key_type_asymmetric) + return ERR_PTR(-EINVAL); + subtype = asymmetric_key_subtype(key); + if (!subtype || !key->payload.data) + return ERR_PTR(-EINVAL); + if (!subtype->generate_signature) + return ERR_PTR(-ENOTSUPP); + + return subtype->generate_signature(key, M, hash_algo, hash); +} +EXPORT_SYMBOL_GPL(generate_signature); diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h index f5b0224..d44b29f 100644 --- a/include/crypto/public_key.h +++ b/include/crypto/public_key.h @@ -79,6 +79,29 @@ struct public_key { }; }; +struct private_key { + const struct private_key_algorithm *algo; + u8 capabilities; + enum pkey_id_type id_type:8; + union { + MPI mpi[5]; + struct { + MPI p; /* DSA prime */ + MPI q; /* DSA group order */ + MPI g; /* DSA group generator */ + MPI y; /* DSA public-key value = g^x mod p */ + MPI x; /* DSA secret exponent (if present) */ + } dsa; + struct { + MPI n; /* RSA public modulus */ + MPI e; /* RSA public encryption exponent */ + MPI d; /* RSA secret encryption exponent (if present) */ + MPI p; /* RSA secret prime (if present) */ + MPI q; /* RSA secret prime (if present) */ + } rsa; + }; +}; + extern void public_key_destroy(void *payload); /* @@ -104,5 +127,7 @@ struct public_key_signature { struct key; extern int verify_signature(const struct key *key, const struct public_key_signature *sig); +extern struct public_key_signature *generate_signature(const struct key *key, + u8 *M, enum pkey_hash_algo hash_algo, const bool hash); #endif /* _LINUX_PUBLIC_KEY_H */ diff --git a/include/keys/asymmetric-subtype.h b/include/keys/asymmetric-subtype.h index 4b840e8..af79939 100644 --- a/include/keys/asymmetric-subtype.h +++ b/include/keys/asymmetric-subtype.h @@ -18,6 +18,7 @@ #include struct public_key_signature; +enum pkey_hash_algo; /* * Keys of this type declare a subtype that indicates the handlers and @@ -37,6 +38,11 @@ struct asymmetric_key_subtype { /* Verify the signature on a key of this subtype (optional) */ int (*verify_signature)(const struct key *key, const struct public_key_signature *sig); + + /* Generate the signature by key of this subtype (optional) */ + struct public_key_signature* (*generate_signature) + (const struct key *key, u8 *M, enum pkey_hash_algo hash_algo, + const bool hash); }; /** -- 1.6.4.2 -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org

Due to RSA_I2OSP is not only used by signature verification path but also used in signature generation path. So, separate the length checking of octet string because it's not for generate 0x00 0x01 leading string when used in signature generation. Signed-off-by: Lee, Chun-Yi --- crypto/asymmetric_keys/rsa.c | 33 ++++++++++++++++++++++++--------- 1 files changed, 24 insertions(+), 9 deletions(-) diff --git a/crypto/asymmetric_keys/rsa.c b/crypto/asymmetric_keys/rsa.c index 6996ff7..c26ae77 100644 --- a/crypto/asymmetric_keys/rsa.c +++ b/crypto/asymmetric_keys/rsa.c @@ -121,12 +121,30 @@ static int RSAVP1(const struct public_key *key, MPI s, MPI *_m) /* * Integer to Octet String conversion [RFC3447 sec 4.1] */ -static int RSA_I2OSP(MPI x, size_t xLen, u8 **_X) +static int _RSA_I2OSP(MPI x, unsigned *X_size, u8 **_X) { - unsigned X_size, x_size; int X_sign; u8 *X; + X = mpi_get_buffer(x, X_size, &X_sign); + if (!X) + return -ENOMEM; + if (X_sign < 0) { + kfree(X); + return -EBADMSG; + } + + *_X = X; + return 0; +} + +static int RSA_I2OSP(MPI x, size_t xLen, u8 **_X) +{ + unsigned x_size; + unsigned X_size; + u8 *X = NULL; + int ret; + /* Make sure the string is the right length. The number should begin * with { 0x00, 0x01, ... } so we have to account for 15 leading zero * bits not being reported by MPI. @@ -136,13 +154,10 @@ static int RSA_I2OSP(MPI x, size_t xLen, u8 **_X) if (x_size != xLen * 8 - 15) return -ERANGE; - X = mpi_get_buffer(x, &X_size, &X_sign); - if (!X) - return -ENOMEM; - if (X_sign < 0) { - kfree(X); - return -EBADMSG; - } + ret = _RSA_I2OSP(x, &X_size, &X); + if (ret < 0) + return ret; + if (X_size != xLen - 1) { kfree(X); return -EBADMSG; -- 1.6.4.2 -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org

Implement RSASP1 and fill-in the following data to public key signature structure: signature length (pkcs->k), signature octet strings (pks->S) and MPI of signature (pks->rsa.s). Signed-off-by: Lee, Chun-Yi --- crypto/asymmetric_keys/rsa.c | 47 +++++++++++++++++++++++++++++++++++++++-- 1 files changed, 44 insertions(+), 3 deletions(-) diff --git a/crypto/asymmetric_keys/rsa.c b/crypto/asymmetric_keys/rsa.c index 0862018..e60defe 100644 --- a/crypto/asymmetric_keys/rsa.c +++ b/crypto/asymmetric_keys/rsa.c @@ -86,6 +86,39 @@ static const struct { }; /* + * RSASP1() function [RFC3447 sec 5.2.1] + */ +static int RSASP1(const struct private_key *key, MPI m, MPI *_s) +{ + MPI s; + int ret; + + /* (1) Validate 0 <= m < n */ + if (mpi_cmp_ui(m, 0) < 0) { + kleave(" = -EBADMSG [m < 0]"); + return -EBADMSG; + } + if (mpi_cmp(m, key->rsa.n) >= 0) { + kleave(" = -EBADMSG [m >= n]"); + return -EBADMSG; + } + + s = mpi_alloc(0); + if (!s) + return -ENOMEM; + + /* (2) s = m^d mod n */ + ret = mpi_powm(s, m, key->rsa.d, key->rsa.n); + if (ret < 0) { + mpi_free(s); + return ret; + } + + *_s = s; + return 0; +} + +/* * RSAVP1() function [RFC3447 sec 5.2.2] */ static int RSAVP1(const struct public_key *key, MPI s, MPI *_m) @@ -173,9 +206,12 @@ static int RSA_I2OSP(MPI x, size_t xLen, u8 **_X) static int RSA_OS2IP(u8 *X, size_t XLen, MPI *_x) { MPI x; + int ret; x = mpi_alloc((XLen + BYTES_PER_MPI_LIMB - 1) / BYTES_PER_MPI_LIMB); - mpi_set_buffer(x, X, XLen, 0); + ret = mpi_set_buffer(x, X, XLen, 0); + if (ret < 0) + return ret; *_x = x; return 0; @@ -453,8 +489,13 @@ static struct public_key_signature *RSA_generate_signature( if (ret < 0) goto error_v1_5_encode; - /* TODO 3): s = RSASP1 (K, m) */ - s = m; + /* 3): s = RSASP1 (K, m) */ + RSASP1(key, m, &s); + + pks->rsa.s = s; + pks->nr_mpi = 1; + pks->k = mpi_get_nbits(s); + pks->k = (pks->k + 7) / 8; /* 4): S = I2OSP (s, k) */ _RSA_I2OSP(s, &X_size, &pks->S); -- 1.6.4.2 -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org

Per PKCS1 spec, the EMSA-PKCS1-v1_5 encoded message is leading by 0x00 0x01 in its first 2 bytes. The leading zero byte is suppressed by MPI so we pass a pointer to the _preceding_ byte to RSA_verify() in original code, but it has risk for the byte is not zero because it's not in EM buffer's scope, neither RSA_verify() nor mpi_get_buffer() didn't take care the leading byte. To avoid the risk, that's better we explicitly add the leading zero byte to EM for pass to RSA_verify(). This patch allocate a _EM buffer to capture the result from RSA_I2OSP(), then set the first byte to zero in EM and copy the remaining bytes from _EM. Signed-off-by: Lee, Chun-Yi --- crypto/asymmetric_keys/rsa.c | 14 ++++++++++---- 1 files changed, 10 insertions(+), 4 deletions(-) diff --git a/crypto/asymmetric_keys/rsa.c b/crypto/asymmetric_keys/rsa.c index e60defe..4baf431 100644 --- a/crypto/asymmetric_keys/rsa.c +++ b/crypto/asymmetric_keys/rsa.c @@ -401,6 +401,7 @@ static int RSA_verify_signature(const struct public_key *key, /* Variables as per RFC3447 sec 8.2.2 */ const u8 *H = sig->digest; u8 *EM = NULL; + u8 *_EM = NULL; MPI m = NULL; size_t k; @@ -435,14 +436,19 @@ static int RSA_verify_signature(const struct public_key *key, /* (2c) Convert the message representative (m) to an encoded message * (EM) of length k octets. * - * NOTE! The leading zero byte is suppressed by MPI, so we pass a - * pointer to the _preceding_ byte to RSA_verify()! + * NOTE! The leading zero byte is suppressed by MPI, so we add it + * back to EM before input to RSA_verify()! */ - ret = RSA_I2OSP(m, k, &EM); + ret = RSA_I2OSP(m, k, &_EM); if (ret < 0) goto error; - ret = RSA_verify(H, EM - 1, k, sig->digest_size, + EM = kmalloc(k, GFP_KERNEL); + memset(EM, 0, 1); + memcpy(EM + 1, _EM, k-1); + kfree(_EM); + + ret = RSA_verify(H, EM, k, sig->digest_size, RSA_ASN1_templates[sig->pkey_hash_algo].data, RSA_ASN1_templates[sig->pkey_hash_algo].size); -- 1.6.4.2 -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org

From: Matthew Garrett The firmware has a set of flags that indicate whether secure boot is enabled and enforcing. Use them to indicate whether the kernel should lock itself down. We also indicate the machine is in secure boot mode by adding the EFI_SECURE_BOOT bit for use with efi_enabled. Signed-off-by: Matthew Garrett Signed-off-by: Josh Boyer Acked-by: Lee, Chun-Yi --- Documentation/x86/zero-page.txt | 2 ++ arch/x86/boot/compressed/eboot.c | 32 ++++++++++++++++++++++++++++++++ arch/x86/include/asm/bootparam_utils.h | 8 ++++++-- arch/x86/include/uapi/asm/bootparam.h | 3 ++- arch/x86/kernel/setup.c | 7 +++++++ include/linux/cred.h | 2 ++ include/linux/efi.h | 1 + 7 files changed, 52 insertions(+), 3 deletions(-) diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt index 199f453..ff651d3 100644 --- a/Documentation/x86/zero-page.txt +++ b/Documentation/x86/zero-page.txt @@ -30,6 +30,8 @@ Offset Proto Name Meaning 1E9/001 ALL eddbuf_entries Number of entries in eddbuf (below) 1EA/001 ALL edd_mbr_sig_buf_entries Number of entries in edd_mbr_sig_buffer (below) +1EB/001 ALL kbd_status Numlock is enabled +1EC/001 ALL secure_boot Kernel should enable secure boot lockdowns 1EF/001 ALL sentinel Used to detect broken bootloaders 290/040 ALL edd_mbr_sig_buffer EDD MBR signatures 2D0/A00 ALL e820_map E820 memory map table diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c index d606463..9baee3e 100644 --- a/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c @@ -861,6 +861,36 @@ fail: return status; } +static int get_secure_boot(efi_system_table_t *_table) +{ + u8 sb, setup; + unsigned long datasize = sizeof(sb); + efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID; + efi_status_t status; + + status = efi_call_phys5(sys_table->runtime->get_variable, + L"SecureBoot", &var_guid, NULL, &datasize, &sb); + + if (status != EFI_SUCCESS) + return 0; + + if (sb == 0) + return 0; + + + status = efi_call_phys5(sys_table->runtime->get_variable, + L"SetupMode", &var_guid, NULL, &datasize, + &setup); + + if (status != EFI_SUCCESS) + return 0; + + if (setup == 1) + return 0; + + return 1; +} + /* * Because the x86 boot code expects to be passed a boot_params we * need to create one ourselves (usually the bootloader would create @@ -1169,6 +1199,8 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table, if (sys_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE) goto fail; + boot_params->secure_boot = get_secure_boot(sys_table); + setup_graphics(boot_params); setup_efi_pci(boot_params); diff --git a/arch/x86/include/asm/bootparam_utils.h b/arch/x86/include/asm/bootparam_utils.h index 653668d..69a6c08 100644 --- a/arch/x86/include/asm/bootparam_utils.h +++ b/arch/x86/include/asm/bootparam_utils.h @@ -38,9 +38,13 @@ static void sanitize_boot_params(struct boot_params *boot_params) memset(&boot_params->olpc_ofw_header, 0, (char *)&boot_params->efi_info - (char *)&boot_params->olpc_ofw_header); - memset(&boot_params->kbd_status, 0, + memset(&boot_params->kbd_status, 0, sizeof(boot_params->kbd_status)); + /* don't clear boot_params->secure_boot. we set that ourselves + * earlier. + */ + memset(&boot_params->_pad5[0], 0, (char *)&boot_params->hdr - - (char *)&boot_params->kbd_status); + (char *)&boot_params->_pad5[0]); memset(&boot_params->_pad7[0], 0, (char *)&boot_params->edd_mbr_sig_buffer[0] - (char *)&boot_params->_pad7[0]); diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h index c15ddaf..85d7685 100644 --- a/arch/x86/include/uapi/asm/bootparam.h +++ b/arch/x86/include/uapi/asm/bootparam.h @@ -131,7 +131,8 @@ struct boot_params { __u8 eddbuf_entries; /* 0x1e9 */ __u8 edd_mbr_sig_buf_entries; /* 0x1ea */ __u8 kbd_status; /* 0x1eb */ - __u8 _pad5[3]; /* 0x1ec */ + __u8 secure_boot; /* 0x1ec */ + __u8 _pad5[2]; /* 0x1ed */ /* * The sentinel is set to a nonzero value (0xff) in header.S. * diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index f8ec578..2a8168a 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -1129,6 +1129,13 @@ void __init setup_arch(char **cmdline_p) io_delay_init(); + if (boot_params.secure_boot) { +#ifdef CONFIG_EFI + set_bit(EFI_SECURE_BOOT, &x86_efi_facility); +#endif + secureboot_enable(); + } + /* * Parse the ACPI tables for possible boot-time SMP configuration. */ diff --git a/include/linux/cred.h b/include/linux/cred.h index 04421e8..9e69542 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -156,6 +156,8 @@ extern int set_security_override_from_ctx(struct cred *, const char *); extern int set_create_files_as(struct cred *, struct inode *); extern void __init cred_init(void); +extern void secureboot_enable(void); + /* * check for validity of credentials */ diff --git a/include/linux/efi.h b/include/linux/efi.h index 5f8f176..febce85 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -634,6 +634,7 @@ extern int __init efi_setup_pcdp_console(char *); #define EFI_RUNTIME_SERVICES 3 /* Can we use runtime services? */ #define EFI_MEMMAP 4 /* Can we use EFI memory map? */ #define EFI_64BIT 5 /* Is the firmware 64-bit? */ +#define EFI_SECURE_BOOT 6 /* Are we in Secure Boot mode? */ #ifdef CONFIG_EFI # ifdef CONFIG_X86 -- 1.6.4.2 -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org

This patch add the code for generate/verify signature of snapshot, it put the signature to snapshot header. This approach can support both on userspace hibernate and in-kernel hibernate. Signed-off-by: Lee, Chun-Yi --- kernel/power/power.h | 5 + kernel/power/snapshot.c | 239 ++++++++++++++++++++++++++++++++++++++++++++++- kernel/power/swap.c | 10 ++ kernel/power/user.c | 11 ++ 4 files changed, 261 insertions(+), 4 deletions(-) diff --git a/kernel/power/power.h b/kernel/power/power.h index 03d7d45..56ef656 100644 --- a/kernel/power/power.h +++ b/kernel/power/power.h @@ -3,6 +3,9 @@ #include #include +/* The maximum length of snapshot signature */ +#define SIG_LENG 512 + struct swsusp_info { struct new_utsname uts; u32 version_code; @@ -11,6 +14,7 @@ struct swsusp_info { unsigned long image_pages; unsigned long pages; unsigned long size; + u8 signature[SIG_LENG]; } __attribute__((aligned(PAGE_SIZE))); #ifdef CONFIG_HIBERNATION @@ -134,6 +138,7 @@ extern int snapshot_read_next(struct snapshot_handle *handle); extern int snapshot_write_next(struct snapshot_handle *handle); extern void snapshot_write_finalize(struct snapshot_handle *handle); extern int snapshot_image_loaded(struct snapshot_handle *handle); +extern int snapshot_image_verify(void); /* If unset, the snapshot device cannot be open. */ extern atomic_t snapshot_device_available; diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c index 349587b..7a817c2 100644 --- a/kernel/power/snapshot.c +++ b/kernel/power/snapshot.c @@ -27,6 +27,9 @@ #include #include #include +#include +#include +#include #include #include @@ -1031,11 +1034,49 @@ static inline void copy_data_page(unsigned long dst_pfn, unsigned long src_pfn) } #endif /* CONFIG_HIGHMEM */ -static void +#define SNAPSHOT_HASH "sha256" + +/* + * Signature of snapshot for check. + */ +static u8 signature[SIG_LENG]; + +static int copy_data_pages(struct memory_bitmap *copy_bm, struct memory_bitmap *orig_bm) { struct zone *zone; - unsigned long pfn; + unsigned long pfn, dst_pfn; + struct page *d_page; + void *hash_buffer = NULL; + struct crypto_shash *tfm; + struct shash_desc *desc; + u8 *digest; + size_t digest_size, desc_size; + struct key *s4_sign_key; + struct public_key_signature *pks; + int ret; + + ret = -ENOMEM; + tfm = crypto_alloc_shash(SNAPSHOT_HASH, 0, 0); + if (IS_ERR(tfm)) { + pr_err("IS_ERR(tfm): %ld", PTR_ERR(tfm)); + return PTR_ERR(tfm); + } + + desc_size = crypto_shash_descsize(tfm) + sizeof(*desc); + digest_size = crypto_shash_digestsize(tfm); + digest = kzalloc(digest_size + desc_size, GFP_KERNEL); + if (!digest) { + pr_err("digest allocate fail"); + ret = -ENOMEM; + goto error_digest; + } + desc = (void *) digest + digest_size; + desc->tfm = tfm; + desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; + ret = crypto_shash_init(desc); + if (ret < 0) + goto error_shash; for_each_populated_zone(zone) { unsigned long max_zone_pfn; @@ -1052,8 +1093,65 @@ copy_data_pages(struct memory_bitmap *copy_bm, struct memory_bitmap *orig_bm) pfn = memory_bm_next_pfn(orig_bm); if (unlikely(pfn == BM_END_OF_MAP)) break; - copy_data_page(memory_bm_next_pfn(copy_bm), pfn); + dst_pfn = memory_bm_next_pfn(copy_bm); + copy_data_page(dst_pfn, pfn); + + /* Generate digest */ + d_page = pfn_to_page(dst_pfn); + if (PageHighMem(d_page)) { + void *kaddr; + kaddr = kmap_atomic(d_page); + copy_page(buffer, kaddr); + kunmap_atomic(kaddr); + hash_buffer = buffer; + } else { + hash_buffer = page_address(d_page); + } + ret = crypto_shash_update(desc, hash_buffer, PAGE_SIZE); + if (ret) + goto error_shash; + } + + crypto_shash_final(desc, digest); + if (ret) + goto error_shash; + + /* Generate signature by private key */ + s4_sign_key = get_sign_key(); + if (!s4_sign_key || IS_ERR(s4_sign_key)) { + pr_err("Get S4 sign key fail: %ld\n", PTR_ERR(s4_sign_key)); + ret = PTR_ERR(s4_sign_key); + goto error_key; } + + pks = generate_signature(s4_sign_key, digest, PKEY_HASH_SHA256, false); + if (IS_ERR(pks)) { + pr_err("Generate signature fail: %lx", PTR_ERR(pks)); + ret = PTR_ERR(pks); + goto error_sign; + } else + memcpy(signature, pks->S, pks->k); + + destroy_sign_key(s4_sign_key); + + if (pks && pks->digest) + kfree(pks->digest); + if (pks && pks->rsa.s) + mpi_free(pks->rsa.s); + kfree(pks); + kfree(digest); + crypto_free_shash(tfm); + + return 0; + +error_sign: + destroy_sign_key(s4_sign_key); +error_key: +error_shash: + kfree(digest); +error_digest: + crypto_free_shash(tfm); + return ret; } /* Total number of image pages */ @@ -1580,6 +1678,7 @@ swsusp_alloc(struct memory_bitmap *orig_bm, struct memory_bitmap *copy_bm, asmlinkage int swsusp_save(void) { unsigned int nr_pages, nr_highmem; + int ret; printk(KERN_INFO "PM: Creating hibernation image:\n"); @@ -1602,7 +1701,9 @@ asmlinkage int swsusp_save(void) * Kill them. */ drain_local_pages(NULL); - copy_data_pages(©_bm, &orig_bm); + ret = copy_data_pages(©_bm, &orig_bm); + if (ret) + return ret; /* * End of critical section. From now on, we can write to memory, @@ -1657,6 +1758,7 @@ static int init_header(struct swsusp_info *info) info->pages = snapshot_get_image_size(); info->size = info->pages; info->size <<= PAGE_SHIFT; + memcpy(info->signature, signature, SIG_LENG); return init_header_complete(info); } @@ -1819,6 +1921,7 @@ load_header(struct swsusp_info *info) if (!error) { nr_copy_pages = info->image_pages; nr_meta_pages = info->pages - info->image_pages - 1; + memcpy(signature, info->signature, SIG_LENG); } return error; } @@ -2194,6 +2297,8 @@ static void *get_buffer(struct memory_bitmap *bm, struct chain_allocator *ca) return pbe->address; } +void **h_buf; + /** * snapshot_write_next - used for writing the system memory snapshot. * @@ -2236,6 +2341,13 @@ int snapshot_write_next(struct snapshot_handle *handle) if (error) return error; + /* Allocate void * array to keep buffer point for generate hash, + * h_buf will freed in snapshot_image_verify(). + */ + h_buf = kmalloc(sizeof(void *) * nr_copy_pages, GFP_KERNEL); + if (!h_buf) + pr_err("Allocate hash buffer fail!"); + error = memory_bm_create(©_bm, GFP_ATOMIC, PG_ANY); if (error) return error; @@ -2262,6 +2374,8 @@ int snapshot_write_next(struct snapshot_handle *handle) handle->sync_read = 0; if (IS_ERR(handle->buffer)) return PTR_ERR(handle->buffer); + if (h_buf) + *h_buf = handle->buffer; } } else { copy_last_highmem_page(); @@ -2272,6 +2386,8 @@ int snapshot_write_next(struct snapshot_handle *handle) return PTR_ERR(handle->buffer); if (handle->buffer != buffer) handle->sync_read = 0; + if (h_buf) + *(h_buf + (handle->cur - nr_meta_pages - 1)) = handle->buffer; } handle->cur++; return PAGE_SIZE; @@ -2304,6 +2420,121 @@ int snapshot_image_loaded(struct snapshot_handle *handle) handle->cur <= nr_meta_pages + nr_copy_pages); } +int snapshot_verify_signature(u8 *digest, size_t digest_size) +{ + struct key *s4_wake_key; + struct public_key_signature *pks; + int ret; + MPI mpi; + + /* load public key */ + s4_wake_key = load_wake_key(); + if (!s4_wake_key || IS_ERR(s4_wake_key)) { + pr_err("Get S4 wake key fail: %ld\n", PTR_ERR(s4_wake_key)); + return PTR_ERR(s4_wake_key); + } + + pks = kzalloc(digest_size + sizeof(*pks), GFP_KERNEL); + if (!pks) { + pr_err("Allocate public key signature fail!"); + return -ENOMEM; + } + pks->pkey_hash_algo = PKEY_HASH_SHA256; + pks->digest = digest; + pks->digest_size = digest_size; + + mpi = mpi_read_raw_data(signature, get_key_length(s4_wake_key)); + if (!mpi) { + pr_err("PM: mpi_read_raw_data fail!\n"); + ret = -ENOMEM; + goto error_mpi; + } + pks->mpi[0] = mpi; + pks->nr_mpi = 1; + + /* RSA signature check */ + ret = verify_signature(s4_wake_key, pks); + if (ret) { + pr_err("snapshot S4 signature verification fail: %d\n", ret); + goto error_verify; + } else + pr_info("snapshot S4 signature verification pass!\n"); + + if (pks->rsa.s) + mpi_free(pks->rsa.s); + kfree(pks); + + return 0; + +error_verify: + if (pks->rsa.s) + mpi_free(pks->rsa.s); +error_mpi: + kfree(pks); + return ret; +} + +int snapshot_image_verify(void) +{ + struct crypto_shash *tfm; + struct shash_desc *desc; + u8 *digest; + size_t digest_size, desc_size; + int ret, i; + + if (!h_buf) + return 0; + + tfm = crypto_alloc_shash(SNAPSHOT_HASH, 0, 0); + if (IS_ERR(tfm)) { + pr_err("IS_ERR(tfm): %ld", PTR_ERR(tfm)); + return PTR_ERR(tfm); + } + + desc_size = crypto_shash_descsize(tfm) + sizeof(*desc); + digest_size = crypto_shash_digestsize(tfm); + digest = kzalloc(digest_size + desc_size, GFP_KERNEL); + if (!digest) { + pr_err("digest allocate fail"); + ret = -ENOMEM; + goto error_digest; + } + desc = (void *) digest + digest_size; + desc->tfm = tfm; + desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; + + ret = crypto_shash_init(desc); + if (ret < 0) + goto error_shash; + + for (i = 0; i < nr_copy_pages; i++) { + ret = crypto_shash_update(desc, *(h_buf + i), PAGE_SIZE); + if (ret) + goto error_shash; + } + + ret = crypto_shash_final(desc, digest); + if (ret) + goto error_shash; + + ret = snapshot_verify_signature(digest, digest_size); + if (ret) + goto error_verify; + + kfree(h_buf); + kfree(digest); + crypto_free_shash(tfm); + return 0; + +error_verify: +error_shash: + kfree(h_buf); + kfree(digest); +error_digest: + crypto_free_shash(tfm); + return ret; +} + #ifdef CONFIG_HIGHMEM /* Assumes that @buf is ready and points to a "safe" page */ static inline void diff --git a/kernel/power/swap.c b/kernel/power/swap.c index 7c33ed2..7dc54e6 100644 --- a/kernel/power/swap.c +++ b/kernel/power/swap.c @@ -1004,6 +1004,11 @@ static int load_image(struct swap_map_handle *handle, snapshot_write_finalize(snapshot); if (!snapshot_image_loaded(snapshot)) ret = -ENODATA; + ret = snapshot_image_verify(); + if (ret) + pr_info("PM: snapshot signature check FAIL: %d\n", ret); + else + pr_info("PM: snapshot signature check SUCCESS!\n"); } swsusp_show_speed(&start, &stop, nr_to_read, "Read"); return ret; @@ -1358,6 +1363,11 @@ out_finish: } } } + ret = snapshot_image_verify(); + if (ret) + pr_info("PM: snapshot signature check FAIL: %d\n", ret); + else + pr_info("PM: snapshot signature check SUCCESS!\n"); } swsusp_show_speed(&start, &stop, nr_to_read, "Read"); out_clean: diff --git a/kernel/power/user.c b/kernel/power/user.c index 4ed81e7..31bf500 100644 --- a/kernel/power/user.c +++ b/kernel/power/user.c @@ -196,6 +196,7 @@ static long snapshot_ioctl(struct file *filp, unsigned int cmd, struct snapshot_data *data; loff_t size; sector_t offset; + int skey_error = 0; if (_IOC_TYPE(cmd) != SNAPSHOT_IOC_MAGIC) return -ENOTTY; @@ -228,6 +229,9 @@ static long snapshot_ioctl(struct file *filp, unsigned int cmd, if (!data->frozen || data->ready) break; pm_restore_gfp_mask(); + skey_error = load_sign_key_data(); + if (skey_error) + pr_err("Load private key fail: %d", skey_error); thaw_processes(); data->frozen = 0; break; @@ -253,6 +257,13 @@ static long snapshot_ioctl(struct file *filp, unsigned int cmd, error = -EPERM; break; } + if (!snapshot_image_verify()) + pr_info("PM: snapshot signature check SUCCESS!\n"); + else { + pr_info("PM: snapshot signature check FAIL!\n"); + error = -EPERM; + break; + } error = hibernation_restore(data->platform_support); break; -- 1.6.4.2 -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org

This patch fix the race condition of remove S4 sign key. It moved the code of reload sign key to software_resume() in hibernate.c after we confirmed the snapshot image doesn't in swap partition. We ignore the errors, -ENOENT, -ENODEV and -NENXIO to ignore the checking result before swap partition available. It avoid the S4 sign key removed before we load it after S4 resume success. Signed-off-by: Lee, Chun-Yi --- kernel/power/hibernate.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c index 692c790..840c711 100644 --- a/kernel/power/hibernate.c +++ b/kernel/power/hibernate.c @@ -844,6 +844,8 @@ static int software_resume(void) Unlock: mutex_unlock(&pm_mutex); pr_debug("PM: Hibernation image not present or could not be loaded.\n"); + if (error && error != -ENOENT && error != -ENODEV && error != -ENXIO) + load_sign_key_data(); return error; close_finish: swsusp_close(FMODE_READ); -- 1.6.4.2 -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org

In current solution, the snapshot signature check used the RSA key-pair that are generated by bootloader(e.g. shim) and pass the key-pair to kernel through EFI variables. I choice to binding the snapshot signature check mechanism with UEFI secure boot for provide stronger protection of hibernate. Current behavior is following: + UEFI Secure Boot ON, Kernel found key-pair from shim: Will do the S4 signature check. + UEFI Secure Boot ON, Kernel didn't find key-pair from shim: Will lock down S4 function. + UEFI Secure Boot OFF Will NOT do the S4 signature check. Ignore any keys from bootloader. Signed-off-by: Lee, Chun-Yi --- kernel/power/hibernate.c | 35 +++++++++++++++++ kernel/power/main.c | 11 +++++- kernel/power/snapshot.c | 95 ++++++++++++++++++++++++++-------------------- kernel/power/swap.c | 4 +- kernel/power/user.c | 11 +++++ 5 files changed, 112 insertions(+), 44 deletions(-) Index: linux/kernel/power/hibernate.c =================================================================== --- linux.orig/kernel/power/hibernate.c +++ linux/kernel/power/hibernate.c @@ -29,6 +29,7 @@ #include #include #include +#include #include "power.h" @@ -634,6 +635,14 @@ int hibernate(void) int error; int skey_error; +#ifdef CONFIG_SNAPSHOT_VERIFICATION + if (!capable(CAP_COMPROMISE_KERNEL) && !sign_key_data_loaded()) { +#else + if (!capable(CAP_COMPROMISE_KERNEL)) { +#endif + return -EPERM; + } + lock_system_sleep(); /* The snapshot device should not be opened while we're running */ if (!atomic_add_unless(&snapshot_device_available, -1, 0)) { @@ -801,6 +810,15 @@ static int software_resume(void) if (error) goto Unlock; +#ifdef CONFIG_SNAPSHOT_VERIFICATION + if (!capable(CAP_COMPROMISE_KERNEL) && find_wake_key_data()) { +#else + if (!capable(CAP_COMPROMISE_KERNEL)) { +#endif + mutex_unlock(&pm_mutex); + return -EPERM; + } + /* The snapshot device should not be opened while we're running */ if (!atomic_add_unless(&snapshot_device_available, -1, 0)) { error = -EBUSY; @@ -896,6 +914,15 @@ static ssize_t disk_show(struct kobject int i; char *start = buf; +#ifdef CONFIG_SNAPSHOT_VERIFICATION + if (efi_enabled(EFI_SECURE_BOOT) && !sign_key_data_loaded()) { +#else + if (efi_enabled(EFI_SECURE_BOOT)) { +#endif + buf += sprintf(buf, "[%s]\n", "disabled"); + return buf-start; + } + for (i = HIBERNATION_FIRST; i <= HIBERNATION_MAX; i++) { if (!hibernation_modes[i]) continue; @@ -930,6 +957,14 @@ static ssize_t disk_store(struct kobject char *p; int mode = HIBERNATION_INVALID; +#ifdef CONFIG_SNAPSHOT_VERIFICATION + if (!capable(CAP_COMPROMISE_KERNEL) && !sign_key_data_loaded()) { +#else + if (!capable(CAP_COMPROMISE_KERNEL)) { +#endif + return -EPERM; + } + p = memchr(buf, '\n', n); len = p ? p - buf : n; Index: linux/kernel/power/main.c =================================================================== --- linux.orig/kernel/power/main.c +++ linux/kernel/power/main.c @@ -15,6 +15,7 @@ #include #include #include +#include #include "power.h" @@ -301,7 +302,15 @@ static ssize_t state_show(struct kobject } #endif #ifdef CONFIG_HIBERNATION - s += sprintf(s, "%s\n", "disk"); + if (!efi_enabled(EFI_SECURE_BOOT)) { + s += sprintf(s, "%s\n", "disk"); +#ifdef CONFIG_SNAPSHOT_VERIFICATION + } else if (sign_key_data_loaded()) { + s += sprintf(s, "%s\n", "disk"); +#endif + } else { + s += sprintf(s, "\n"); + } #else if (s != buf) /* convert the last space to a newline */ Index: linux/kernel/power/snapshot.c =================================================================== --- linux.orig/kernel/power/snapshot.c +++ linux/kernel/power/snapshot.c @@ -860,7 +860,8 @@ static struct page *saveable_highmem_pag BUG_ON(!PageHighMem(page)); - if (swsusp_page_is_sign_key(page)) + if (!capable(CAP_COMPROMISE_KERNEL) && + swsusp_page_is_sign_key(page)) return NULL; if (swsusp_page_is_forbidden(page) || swsusp_page_is_free(page) || @@ -925,7 +926,8 @@ static struct page *saveable_page(struct BUG_ON(PageHighMem(page)); - if (swsusp_page_is_sign_key(page)) + if (!capable(CAP_COMPROMISE_KERNEL) && + swsusp_page_is_sign_key(page)) return NULL; if (swsusp_page_is_forbidden(page) || swsusp_page_is_free(page)) @@ -1056,35 +1058,37 @@ copy_data_pages(struct memory_bitmap *co #ifdef CONFIG_SNAPSHOT_VERIFICATION struct page *d_page; void *hash_buffer = NULL; - struct crypto_shash *tfm; - struct shash_desc *desc; - u8 *digest; + struct crypto_shash *tfm = NULL; + struct shash_desc *desc = NULL; + u8 *digest = NULL; size_t digest_size, desc_size; struct key *s4_sign_key; struct public_key_signature *pks; int ret; ret = -ENOMEM; - tfm = crypto_alloc_shash(SNAPSHOT_HASH, 0, 0); - if (IS_ERR(tfm)) { - pr_err("IS_ERR(tfm): %ld", PTR_ERR(tfm)); - return PTR_ERR(tfm); - } - - desc_size = crypto_shash_descsize(tfm) + sizeof(*desc); - digest_size = crypto_shash_digestsize(tfm); - digest = kzalloc(digest_size + desc_size, GFP_KERNEL); - if (!digest) { - pr_err("digest allocate fail"); - ret = -ENOMEM; - goto error_digest; - } - desc = (void *) digest + digest_size; - desc->tfm = tfm; - desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; - ret = crypto_shash_init(desc); - if (ret < 0) - goto error_shash; + if (!capable(CAP_COMPROMISE_KERNEL)) { + tfm = crypto_alloc_shash(SNAPSHOT_HASH, 0, 0); + if (IS_ERR(tfm)) { + pr_err("IS_ERR(tfm): %ld", PTR_ERR(tfm)); + return PTR_ERR(tfm); + } + + desc_size = crypto_shash_descsize(tfm) + sizeof(*desc); + digest_size = crypto_shash_digestsize(tfm); + digest = kzalloc(digest_size + desc_size, GFP_KERNEL); + if (!digest) { + pr_err("digest allocate fail"); + ret = -ENOMEM; + goto error_digest; + } + desc = (void *) digest + digest_size; + desc->tfm = tfm; + desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; + ret = crypto_shash_init(desc); + if (ret < 0) + goto error_shash; + } #endif /* CONFIG_SNAPSHOT_VERIFICATION */ for_each_populated_zone(zone) { @@ -1106,24 +1110,29 @@ copy_data_pages(struct memory_bitmap *co copy_data_page(dst_pfn, pfn); #ifdef CONFIG_SNAPSHOT_VERIFICATION - /* Generate digest */ - d_page = pfn_to_page(dst_pfn); - if (PageHighMem(d_page)) { - void *kaddr; - kaddr = kmap_atomic(d_page); - copy_page(buffer, kaddr); - kunmap_atomic(kaddr); - hash_buffer = buffer; - } else { - hash_buffer = page_address(d_page); + if (!capable(CAP_COMPROMISE_KERNEL)) { + /* Generate digest */ + d_page = pfn_to_page(dst_pfn); + if (PageHighMem(d_page)) { + void *kaddr; + kaddr = kmap_atomic(d_page); + copy_page(buffer, kaddr); + kunmap_atomic(kaddr); + hash_buffer = buffer; + } else { + hash_buffer = page_address(d_page); + } + ret = crypto_shash_update(desc, hash_buffer, PAGE_SIZE); + if (ret) + goto error_shash; } - ret = crypto_shash_update(desc, hash_buffer, PAGE_SIZE); - if (ret) - goto error_shash; #endif } #ifdef CONFIG_SNAPSHOT_VERIFICATION + if (capable(CAP_COMPROMISE_KERNEL)) + goto skip_sign; + crypto_shash_final(desc, digest); if (ret) goto error_shash; @@ -1153,6 +1162,8 @@ copy_data_pages(struct memory_bitmap *co kfree(pks); kfree(digest); crypto_free_shash(tfm); + +skip_sign: #endif /* CONFIG_SNAPSHOT_VERIFICATION */ return 0; @@ -2362,9 +2373,11 @@ int snapshot_write_next(struct snapshot_ /* Allocate void * array to keep buffer point for generate hash, * h_buf will freed in snapshot_image_verify(). */ - h_buf = kmalloc(sizeof(void *) * nr_copy_pages, GFP_KERNEL); - if (!h_buf) - pr_err("Allocate hash buffer fail!"); + if (!capable(CAP_COMPROMISE_KERNEL)) { + h_buf = kmalloc(sizeof(void *) * nr_copy_pages, GFP_KERNEL); + if (!h_buf) + pr_err("Allocate hash buffer fail!"); + } #endif error = memory_bm_create(©_bm, GFP_ATOMIC, PG_ANY); @@ -2394,7 +2407,7 @@ int snapshot_write_next(struct snapshot_ if (IS_ERR(handle->buffer)) return PTR_ERR(handle->buffer); #ifdef CONFIG_SNAPSHOT_VERIFICATION - if (h_buf) + if (!capable(CAP_COMPROMISE_KERNEL) && h_buf) *h_buf = handle->buffer; #endif } @@ -2408,7 +2421,7 @@ int snapshot_write_next(struct snapshot_ if (handle->buffer != buffer) handle->sync_read = 0; #ifdef CONFIG_SNAPSHOT_VERIFICATION - if (h_buf) + if (!capable(CAP_COMPROMISE_KERNEL) && h_buf) *(h_buf + (handle->cur - nr_meta_pages - 1)) = handle->buffer; #endif } Index: linux/kernel/power/swap.c =================================================================== --- linux.orig/kernel/power/swap.c +++ linux/kernel/power/swap.c @@ -1005,7 +1005,7 @@ static int load_image(struct swap_map_ha if (!snapshot_image_loaded(snapshot)) ret = -ENODATA; #ifdef CONFIG_SNAPSHOT_VERIFICATION - else { + else if (!capable(CAP_COMPROMISE_KERNEL)) { ret = snapshot_image_verify(); if (ret) pr_info("PM: snapshot signature check FAIL: %d\n", ret); @@ -1368,7 +1368,7 @@ out_finish: } } #ifdef CONFIG_SNAPSHOT_VERIFICATION - if (!ret) { + if (!ret && !capable(CAP_COMPROMISE_KERNEL)) { ret = snapshot_image_verify(); if (ret) pr_info("PM: snapshot signature check FAIL: %d\n", ret); Index: linux/kernel/power/user.c =================================================================== --- linux.orig/kernel/power/user.c +++ linux/kernel/power/user.c @@ -48,6 +48,14 @@ static int snapshot_open(struct inode *i struct snapshot_data *data; int error; +#ifdef CONFIG_SNAPSHOT_VERIFICATION + if (!capable(CAP_COMPROMISE_KERNEL) && find_wake_key_data()) { +#else + if (!capable(CAP_COMPROMISE_KERNEL)) { +#endif + return -EPERM; + } + lock_system_sleep(); if (!atomic_add_unless(&snapshot_device_available, -1, 0)) { @@ -258,6 +266,8 @@ static long snapshot_ioctl(struct file * break; } #ifdef CONFIG_SNAPSHOT_VERIFICATION + if (capable(CAP_COMPROMISE_KERNEL)) + goto skip_verify; if (!snapshot_image_verify()) pr_info("PM: snapshot signature check SUCCESS!\n"); else { @@ -265,6 +275,7 @@ static long snapshot_ioctl(struct file * error = -EPERM; break; } +skip_verify: #endif error = hibernation_restore(data->platform_support); break; -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org

This patch introduced SNAPSHOT_SIG_HASH config for user to select which hash algorithm will be used during signature generation of snapshot. Signed-off-by: Lee, Chun-Yi --- kernel/power/Kconfig | 46 ++++++++++++++++++++++++++++++++++++++++++++++ kernel/power/snapshot.c | 25 ++++++++++++++++++++----- 2 files changed, 66 insertions(+), 5 deletions(-) Index: linux/kernel/power/Kconfig =================================================================== --- linux.orig/kernel/power/Kconfig +++ linux/kernel/power/Kconfig @@ -78,6 +78,52 @@ config SNAPSHOT_VERIFICATION dependent on UEFI environment. EFI bootloader should generate the key-pair. +choice + prompt "Which hash algorithm should snapshot be signed with?" + depends on SNAPSHOT_VERIFICATION + help + This determines which sort of hashing algorithm will be used during + signature generation of snapshot. This algorithm _must_ be built into + the kernel directly so that signature verification can take place. + It is not possible to load a signed snapshot containing the algorithm + to check the signature on that module. + +config SNAPSHOT_SIG_SHA1 + bool "Sign modules with SHA-1" + select CRYPTO_SHA1 + select CRYPTO_SHA1_SSSE3 if X86_64 + +config SNAPSHOT_SIG_SHA224 + bool "Sign modules with SHA-224" + select CRYPTO_SHA256 + select CRYPTO_SHA256_SSSE3 if X86_64 + +config SNAPSHOT_SIG_SHA256 + bool "Sign modules with SHA-256" + select CRYPTO_SHA256 + select CRYPTO_SHA256_SSSE3 if X86_64 + +config SNAPSHOT_SIG_SHA384 + bool "Sign modules with SHA-384" + select CRYPTO_SHA512 + select CRYPTO_SHA512_SSSE3 if X86_64 + +config SNAPSHOT_SIG_SHA512 + bool "Sign modules with SHA-512" + select CRYPTO_SHA512 + select CRYPTO_SHA512_SSSE3 if X86_64 + +endchoice + +config SNAPSHOT_SIG_HASH + string + depends on SNAPSHOT_VERIFICATION + default "sha1" if SNAPSHOT_SIG_SHA1 + default "sha224" if SNAPSHOT_SIG_SHA224 + default "sha256" if SNAPSHOT_SIG_SHA256 + default "sha384" if SNAPSHOT_SIG_SHA384 + default "sha512" if SNAPSHOT_SIG_SHA512 + config PM_STD_PARTITION string "Default resume partition" depends on HIBERNATION Index: linux/kernel/power/snapshot.c =================================================================== --- linux.orig/kernel/power/snapshot.c +++ linux/kernel/power/snapshot.c @@ -1042,7 +1042,22 @@ static inline void copy_data_page(unsign } #endif /* CONFIG_HIGHMEM */ -#define SNAPSHOT_HASH "sha256" +static const char *snapshot_hash = CONFIG_SNAPSHOT_SIG_HASH; + +static int pkey_hash(void) +{ + int i, ret; + + ret = -1; + for (i = 0; i < PKEY_HASH__LAST; i++) { + if (!strcmp(pkey_hash_algo[i], snapshot_hash)) { + ret = i; + break; + } + } + + return ret; +} /* * Signature of snapshot for check. @@ -1068,7 +1083,7 @@ copy_data_pages(struct memory_bitmap *co ret = -ENOMEM; if (!capable(CAP_COMPROMISE_KERNEL)) { - tfm = crypto_alloc_shash(SNAPSHOT_HASH, 0, 0); + tfm = crypto_alloc_shash(snapshot_hash, 0, 0); if (IS_ERR(tfm)) { pr_err("IS_ERR(tfm): %ld", PTR_ERR(tfm)); return PTR_ERR(tfm); @@ -1145,7 +1160,7 @@ copy_data_pages(struct memory_bitmap *co goto error_key; } - pks = generate_signature(s4_sign_key, digest, PKEY_HASH_SHA256, false); + pks = generate_signature(s4_sign_key, digest, pkey_hash(), false); if (IS_ERR(pks)) { pr_err("Generate signature fail: %lx", PTR_ERR(pks)); ret = PTR_ERR(pks); @@ -2476,7 +2491,7 @@ int snapshot_verify_signature(u8 *digest pr_err("Allocate public key signature fail!"); return -ENOMEM; } - pks->pkey_hash_algo = PKEY_HASH_SHA256; + pks->pkey_hash_algo = pkey_hash(); pks->digest = digest; pks->digest_size = digest_size; @@ -2524,7 +2539,7 @@ int snapshot_image_verify(void) if (!h_buf) return 0; - tfm = crypto_alloc_shash(SNAPSHOT_HASH, 0, 0); + tfm = crypto_alloc_shash(snapshot_hash, 0, 0); if (IS_ERR(tfm)) { pr_err("IS_ERR(tfm): %ld", PTR_ERR(tfm)); return PTR_ERR(tfm); -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org