// SPDX-License-Identifier: GPL-2.0-or-later /* System hash blacklist. * * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved. * Written by David Howells ([email protected]) */ #define pr_fmt(fmt) … #include <linux/module.h> #include <linux/slab.h> #include <linux/key.h> #include <linux/key-type.h> #include <linux/sched.h> #include <linux/ctype.h> #include <linux/err.h> #include <linux/seq_file.h> #include <linux/uidgid.h> #include <keys/asymmetric-type.h> #include <keys/system_keyring.h> #include "blacklist.h" /* * According to crypto/asymmetric_keys/x509_cert_parser.c:x509_note_pkey_algo(), * the size of the currently longest supported hash algorithm is 512 bits, * which translates into 128 hex characters. */ #define MAX_HASH_LEN … #define BLACKLIST_KEY_PERM … static const char tbs_prefix[] = …; static const char bin_prefix[] = …; static struct key *blacklist_keyring; #ifdef CONFIG_SYSTEM_REVOCATION_LIST extern __initconst const u8 revocation_certificate_list[]; extern __initconst const unsigned long revocation_certificate_list_size; #endif /* * The description must be a type prefix, a colon and then an even number of * hex digits. The hash is kept in the description. */ static int blacklist_vet_description(const char *desc) { … } static int blacklist_key_instantiate(struct key *key, struct key_preparsed_payload *prep) { … } static int blacklist_key_update(struct key *key, struct key_preparsed_payload *prep) { … } static void blacklist_describe(const struct key *key, struct seq_file *m) { … } static struct key_type key_type_blacklist = …; static char *get_raw_hash(const u8 *hash, size_t hash_len, enum blacklist_hash_type hash_type) { … } /** * mark_raw_hash_blacklisted - Add a hash to the system blacklist * @hash: The hash as a hex string with a type prefix (eg. "tbs:23aa429783") */ static int mark_raw_hash_blacklisted(const char *hash) { … } int mark_hash_blacklisted(const u8 *hash, size_t hash_len, enum blacklist_hash_type hash_type) { … } /** * is_hash_blacklisted - Determine if a hash is blacklisted * @hash: The hash to be checked as a binary blob * @hash_len: The length of the binary hash * @hash_type: Type of hash */ int is_hash_blacklisted(const u8 *hash, size_t hash_len, enum blacklist_hash_type hash_type) { … } EXPORT_SYMBOL_GPL(…); int is_binary_blacklisted(const u8 *hash, size_t hash_len) { … } EXPORT_SYMBOL_GPL(…); #ifdef CONFIG_SYSTEM_REVOCATION_LIST /** * add_key_to_revocation_list - Add a revocation certificate to the blacklist * @data: The data blob containing the certificate * @size: The size of data blob */ int add_key_to_revocation_list(const char *data, size_t size) { … } /** * is_key_on_revocation_list - Determine if the key for a PKCS#7 message is revoked * @pkcs7: The PKCS#7 message to check */ int is_key_on_revocation_list(struct pkcs7_message *pkcs7) { … } #endif static int restrict_link_for_blacklist(struct key *dest_keyring, const struct key_type *type, const union key_payload *payload, struct key *restrict_key) { … } /* * Initialise the blacklist * * The blacklist_init() function is registered as an initcall via * device_initcall(). As a result if the blacklist_init() function fails for * any reason the kernel continues to execute. While cleanly returning -ENODEV * could be acceptable for some non-critical kernel parts, if the blacklist * keyring fails to load it defeats the certificate/key based deny list for * signed modules. If a critical piece of security functionality that users * expect to be present fails to initialize, panic()ing is likely the right * thing to do. */ static int __init blacklist_init(void) { … } /* * Must be initialised before we try and load the keys into the keyring. */ device_initcall(blacklist_init); #ifdef CONFIG_SYSTEM_REVOCATION_LIST /* * Load the compiled-in list of revocation X.509 certificates. */ static __init int load_revocation_certificate_list(void) { … } late_initcall(load_revocation_certificate_list); #endif
Codebase Browser
linux