Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / f98b3e885d238f46ca674ed1cca7ae35ff3a50a8^! / . / certs / system_keyring.c
commitf98b3e885d238f46ca674ed1cca7ae35ff3a50a8[log] [tgz]
authorSandeep Patil <sspatil@google.com>Tue Jul 24 09:40:07 2018 -0700
committerAlistair Strachan <astrachan@google.com>Wed Jul 25 18:16:39 2018 -0700
tree2cd91ee85ad48dc07b64742a43afb66fe9388d35
parent98fd7a49dfaa43403fecb6c7403f781beb015c76 [diff] [blame]
ANDROID: android-verity: Add API to verify signature with builtin keys.

The builtin keyring was exported prior to this which allowed
android-verity to simply lookup the key in the builtin keyring and
verify the signature of the verity metadata.

This is now broken as the kernel expects the signature to be
in pkcs#7 format (same used for module signing). Obviously, this doesn't
work with the verity metadata as we just append the raw signature in the
metadata .. sigh.

*This one time*, add an API to accept arbitrary signature and verify
that with a key from system's trusted keyring.

Bug: 72722987
Test:
 $ adb push verity_fs.img /data/local/tmp/
 $ adb root && adb shell
 > cd /data/local/tmp
 > losetup /dev/block/loop0 verity_fs.img
 > dmctl create verity-fs android-verity 0 4200 Android:#7e4333f9bba00adfe0ede979e28ed1920492b40f 7:0
 > mount -t ext4 /dev/block/dm-0 temp/
 > cat temp/foo.txt temp/bar.txt

Change-Id: I0c14f3cb2b587b73a4c75907367769688756213e
Signed-off-by: Sandeep Patil <sspatil@google.com>

diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 50979d6..4a34e41 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c

@@ -240,5 +240,46 @@
 	return ret;
 }
 EXPORT_SYMBOL_GPL(verify_pkcs7_signature);
-
 #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
+
+/**
+ * verify_signature_one - Verify a signature with keys from given keyring
+ * @sig: The signature to be verified
+ * @trusted_keys: Trusted keys to use (NULL for builtin trusted keys only,
+ *					(void *)1UL for all trusted keys).
+ * @keyid: key description (not partial)
+ */
+int verify_signature_one(const struct public_key_signature *sig,
+			   struct key *trusted_keys, const char *keyid)
+{
+	key_ref_t ref;
+	struct key *key;
+	int ret;
+
+	if (!sig)
+		return -EBADMSG;
+	if (!trusted_keys) {
+		trusted_keys = builtin_trusted_keys;
+	} else if (trusted_keys == (void *)1UL) {
+#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
+		trusted_keys = secondary_trusted_keys;
+#else
+		trusted_keys = builtin_trusted_keys;
+#endif
+	}
+
+	ref = keyring_search(make_key_ref(trusted_keys, 1),
+				&key_type_asymmetric, keyid);
+	if (IS_ERR(ref)) {
+		pr_err("Asymmetric key (%s) not found in keyring(%s)\n",
+				keyid, trusted_keys->description);
+		return -ENOKEY;
+	}
+
+	key = key_ref_to_ptr(ref);
+	ret = verify_signature(key, sig);
+	key_put(key);
+	return ret;
+}
+EXPORT_SYMBOL_GPL(verify_signature_one);
+