dm verity: add root hash pkcs#7 signature verification

    blocks, and a hash block will not be verified any more after all the data

    blocks it covers have been verified anyway.

root_hash_sig_key_desc <key_description>

    This is the description of the USER_KEY that the kernel will lookup to get

    the pkcs7 signature of the roothash. The pkcs7 signature is used to validate

    the root hash during the creation of the device mapper block device.

    Verification of roothash depends on the config DM_VERITY_VERIFY_ROOTHASH_SIG

    being set in the kernel.

Theory of operation

===================

	  If unsure, say N.

config DM_VERITY_VERIFY_ROOTHASH_SIG

	def_bool n

	bool "Verity data device root hash signature verification support"

	depends on DM_VERITY

	select SYSTEM_DATA_VERIFICATION

	  help

	  Add ability for dm-verity device to be validated if the

	  pre-generated tree of cryptographic checksums passed has a pkcs#7

	  signature file that can validate the roothash of the tree.

	  If unsure, say N.

config DM_VERITY_FEC

	bool "Verity forward error correction support"

	depends on DM_VERITY

ifeq ($(CONFIG_DM_VERITY_FEC),y)

dm-verity-objs			+= dm-verity-fec.o

endif

ifeq ($(CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG),y)

dm-verity-objs			+= dm-verity-verify-sig.o

endif

#include "dm-verity.h"

#include "dm-verity-fec.h"

#include "dm-verity-verify-sig.h"

#include <linux/module.h>

#include <linux/reboot.h>

#define DM_VERITY_OPT_IGN_ZEROES	"ignore_zero_blocks"

#define DM_VERITY_OPT_AT_MOST_ONCE	"check_at_most_once"

#define DM_VERITY_OPTS_MAX		(2 + DM_VERITY_OPTS_FEC)

#define DM_VERITY_OPTS_MAX		(2 + DM_VERITY_OPTS_FEC + \

					 DM_VERITY_ROOT_HASH_VERIFICATION_OPTS)

static unsigned dm_verity_prefetch_cluster = DM_VERITY_DEFAULT_PREFETCH_SIZE;

			args++;

		if (v->validated_blocks)

			args++;

		if (v->signature_key_desc)

			args += DM_VERITY_ROOT_HASH_VERIFICATION_OPTS;

		if (!args)

			return;

		DMEMIT(" %u", args);

		if (v->validated_blocks)

			DMEMIT(" " DM_VERITY_OPT_AT_MOST_ONCE);

		sz = verity_fec_status_table(v, sz, result, maxlen);

		if (v->signature_key_desc)

			DMEMIT(" " DM_VERITY_ROOT_HASH_VERIFICATION_OPT_SIG_KEY

				" %s", v->signature_key_desc);

		break;

	}

}

	verity_fec_dtr(v);

	kfree(v->signature_key_desc);

	kfree(v);

}

	return r;

}

static int verity_parse_opt_args(struct dm_arg_set *as, struct dm_verity *v)

static int verity_parse_opt_args(struct dm_arg_set *as, struct dm_verity *v,

				 struct dm_verity_sig_opts *verify_args)

{

	int r;

	unsigned argc;

			if (r)

				return r;

			continue;

		} else if (verity_verify_is_sig_opt_arg(arg_name)) {

			r = verity_verify_sig_parse_opt_args(as, v,

							     verify_args,

							     &argc, arg_name);

			if (r)

				return r;

			continue;

		}

		ti->error = "Unrecognized verity feature request";

static int verity_ctr(struct dm_target *ti, unsigned argc, char **argv)

{

	struct dm_verity *v;

	struct dm_verity_sig_opts verify_args = {0};

	struct dm_arg_set as;

	unsigned int num;

	unsigned long long num_ll;

	int i;

	sector_t hash_position;

	char dummy;

	char *root_hash_digest_to_validate;

	v = kzalloc(sizeof(struct dm_verity), GFP_KERNEL);

	if (!v) {

		r = -EINVAL;

		goto bad;

	}

	root_hash_digest_to_validate = argv[8];

	if (strcmp(argv[9], "-")) {

		v->salt_size = strlen(argv[9]) / 2;

		as.argc = argc;

		as.argv = argv;

		r = verity_parse_opt_args(&as, v);

		r = verity_parse_opt_args(&as, v, &verify_args);

		if (r < 0)

			goto bad;

	}

	/* Root hash signature is  a optional parameter*/

	r = verity_verify_root_hash(root_hash_digest_to_validate,

				    strlen(root_hash_digest_to_validate),

				    verify_args.sig,

				    verify_args.sig_size);

	if (r < 0) {

		ti->error = "Root hash verification failed";

		goto bad;

	}

	v->hash_per_block_bits =

		__fls((1 << v->hash_dev_block_bits) / v->digest_size);

	ti->per_io_data_size = roundup(ti->per_io_data_size,

				       __alignof__(struct dm_verity_io));

	verity_verify_sig_opts_cleanup(&verify_args);

	return 0;

bad:

	verity_verify_sig_opts_cleanup(&verify_args);

	verity_dtr(ti);

	return r;

static struct target_type verity_target = {

	.name		= "verity",

	.version	= {1, 4, 0},

	.version	= {1, 5, 0},

	.module		= THIS_MODULE,

	.ctr		= verity_ctr,

	.dtr		= verity_dtr,

// SPDX-License-Identifier: GPL-2.0

/*

 * Copyright (C) 2019 Microsoft Corporation.

 *

 * Author:  Jaskaran Singh Khurana <jaskarankhurana@linux.microsoft.com>

 *

 */

#include <linux/device-mapper.h>

#include <linux/verification.h>

#include <keys/user-type.h>

#include <linux/module.h>

#include "dm-verity.h"

#include "dm-verity-verify-sig.h"

#define DM_VERITY_VERIFY_ERR(s) DM_VERITY_ROOT_HASH_VERIFICATION " " s

static bool require_signatures;

module_param(require_signatures, bool, false);

MODULE_PARM_DESC(require_signatures,

		"Verify the roothash of dm-verity hash tree");

#define DM_VERITY_IS_SIG_FORCE_ENABLED() \

	(require_signatures != false)

bool verity_verify_is_sig_opt_arg(const char *arg_name)

{

	return (!strcasecmp(arg_name,

			    DM_VERITY_ROOT_HASH_VERIFICATION_OPT_SIG_KEY));

}

static int verity_verify_get_sig_from_key(const char *key_desc,

					struct dm_verity_sig_opts *sig_opts)

{

	struct key *key;

	const struct user_key_payload *ukp;

	int ret = 0;

	key = request_key(&key_type_user,

			key_desc, NULL);

	if (IS_ERR(key))

		return PTR_ERR(key);

	down_read(&key->sem);

	ukp = user_key_payload_locked(key);

	if (!ukp) {

		ret = -EKEYREVOKED;

		goto end;

	}

	sig_opts->sig = kmalloc(ukp->datalen, GFP_KERNEL);

	if (!sig_opts->sig) {

		ret = -ENOMEM;

		goto end;

	}

	sig_opts->sig_size = ukp->datalen;

	memcpy(sig_opts->sig, ukp->data, sig_opts->sig_size);

end:

	up_read(&key->sem);

	key_put(key);

	return ret;

}

int verity_verify_sig_parse_opt_args(struct dm_arg_set *as,

				     struct dm_verity *v,

				     struct dm_verity_sig_opts *sig_opts,

				     unsigned int *argc,

				     const char *arg_name)

{

	struct dm_target *ti = v->ti;

	int ret = 0;

	const char *sig_key = NULL;

	if (!*argc) {

		ti->error = DM_VERITY_VERIFY_ERR("Signature key not specified");

		return -EINVAL;

	}

	sig_key = dm_shift_arg(as);

	(*argc)--;

	ret = verity_verify_get_sig_from_key(sig_key, sig_opts);

	if (ret < 0)

		ti->error = DM_VERITY_VERIFY_ERR("Invalid key specified");

	v->signature_key_desc = kstrdup(sig_key, GFP_KERNEL);

	if (!v->signature_key_desc)

		return -ENOMEM;

	return ret;

}

/*

 * verify_verify_roothash - Verify the root hash of the verity hash device

 *			     using builtin trusted keys.

 *

 * @root_hash: For verity, the roothash/data to be verified.

 * @root_hash_len: Size of the roothash/data to be verified.

 * @sig_data: The trusted signature that verifies the roothash/data.

 * @sig_len: Size of the signature.

 *

 */

int verity_verify_root_hash(const void *root_hash, size_t root_hash_len,

			    const void *sig_data, size_t sig_len)

{

	int ret;

	if (!root_hash || root_hash_len == 0)

		return -EINVAL;

	if (!sig_data  || sig_len == 0) {

		if (DM_VERITY_IS_SIG_FORCE_ENABLED())

			return -ENOKEY;

		else

			return 0;

	}

	ret = verify_pkcs7_signature(root_hash, root_hash_len, sig_data,

				sig_len, NULL, VERIFYING_UNSPECIFIED_SIGNATURE,

				NULL, NULL);

	return ret;

}

void verity_verify_sig_opts_cleanup(struct dm_verity_sig_opts *sig_opts)

{

	kfree(sig_opts->sig);

	sig_opts->sig = NULL;

	sig_opts->sig_size = 0;

}