From 301b62fdbdf9e6b9c89e61099d0f4157f886003c Mon Sep 17 00:00:00 2001 From: limerence Date: Mon, 20 Nov 2023 15:02:23 +0800 Subject: [PATCH] =?UTF-8?q?=E5=86=85=E6=A0=B8=E6=94=AF=E6=8C=81=E4=BB=A3?= =?UTF-8?q?=E7=A0=81=E6=89=80=E6=9C=89=E8=80=85=E8=A7=A3=E6=9E=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: limerence --- crypto/asymmetric_keys/pkcs7_parser.c | 11 +++++++++++ crypto/asymmetric_keys/pkcs7_parser.h | 6 ++++++ fs/verity/fsverity_private.h | 1 + fs/verity/signature.c | 2 +- include/linux/hck/lite_hck_code_sign.h | 5 +++-- include/linux/mm_types.h | 4 ++++ include/linux/oid_registry.h | 3 +++ include/linux/xpm_types.h | 5 +++++ 8 files changed, 34 insertions(+), 3 deletions(-) diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c index 6592279d839a..2a2b14d1c3d6 100644 --- a/crypto/asymmetric_keys/pkcs7_parser.c +++ b/crypto/asymmetric_keys/pkcs7_parser.c @@ -526,6 +526,17 @@ int pkcs7_sig_note_authenticated_attr(void *context, size_t hdrlen, } return 0; +#ifdef CONFIG_SECURITY_CODE_SIGN + case OID_ownerid: + if (__test_and_set_bit(sinfo_has_owner_identifier, &sinfo->aa_set)) + goto repeated; + if (tag != ASN1_UTF8STR) + return -EBADMSG; + sinfo->ownerid = value; + sinfo->ownerid_len = vlen; + return 0; +#endif /* CONFIG_SECURITY_CODE_SIGN */ + /* Microsoft SpOpusInfo seems to be contain cont[0] 16-bit BE * char URLs and cont[1] 8-bit char URLs. * diff --git a/crypto/asymmetric_keys/pkcs7_parser.h b/crypto/asymmetric_keys/pkcs7_parser.h index 6565fdc2d4ca..49317eaf0abe 100644 --- a/crypto/asymmetric_keys/pkcs7_parser.h +++ b/crypto/asymmetric_keys/pkcs7_parser.h @@ -35,8 +35,14 @@ struct pkcs7_signed_info { #define sinfo_has_smime_caps 3 #define sinfo_has_ms_opus_info 4 #define sinfo_has_ms_statement_type 5 +#define sinfo_has_owner_identifier 6 time64_t signing_time; +#ifdef CONFIG_SECURITY_CODE_SIGN + const char *ownerid; + unsigned ownerid_len; +#endif /* CONFIG_SECURITY_CODE_SIGN */ + /* Message signature. * * This contains the generated digest of _either_ the Content Data or diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h index 643d404d2c0e..f2f2a1b1d724 100644 --- a/fs/verity/fsverity_private.h +++ b/fs/verity/fsverity_private.h @@ -77,6 +77,7 @@ struct fsverity_info { u8 measurement[FS_VERITY_MAX_DIGEST_SIZE]; const struct inode *inode; #ifdef CONFIG_SECURITY_CODE_SIGN + struct cs_info fcs_info; u64 verified_data_size; int cert_type; #endif diff --git a/fs/verity/signature.c b/fs/verity/signature.c index aa95f36a68af..d066b1b9f027 100644 --- a/fs/verity/signature.c +++ b/fs/verity/signature.c @@ -55,7 +55,7 @@ static inline int fsverity_verify_certchain(struct fsverity_info *vi, int ret = 0; CALL_HCK_LITE_HOOK(code_sign_verify_certchain_lhck, - raw_pkcs7, pkcs7_len, &ret); + raw_pkcs7, pkcs7_len, &vi->fcs_info, &ret); if (ret > 0) { fsverity_set_cert_type(vi, ret); ret = 0; diff --git a/include/linux/hck/lite_hck_code_sign.h b/include/linux/hck/lite_hck_code_sign.h index 13d139fc5d6b..d479babbf5cb 100644 --- a/include/linux/hck/lite_hck_code_sign.h +++ b/include/linux/hck/lite_hck_code_sign.h @@ -17,8 +17,9 @@ #else DECLARE_HCK_LITE_HOOK(code_sign_verify_certchain_lhck, - TP_PROTO(const void *raw_pkcs7, size_t pkcs7_len, int *ret), - TP_ARGS(raw_pkcs7, pkcs7_len, ret)); + TP_PROTO(const void *raw_pkcs7, size_t pkcs7_len, struct cs_info *cs_info, + int *ret), + TP_ARGS(raw_pkcs7, pkcs7_len, cs_info, ret)); DECLARE_HCK_LITE_HOOK(code_sign_check_descriptor_lhck, TP_PROTO(const struct inode *inode, const void *desc, int *ret), diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h index 3eb93c487004..52ed702ffb11 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h @@ -608,6 +608,10 @@ struct mm_struct { #ifdef CONFIG_SECURITY_XPM struct xpm_region xpm_region; #endif + +#ifdef CONFIG_SECURITY_CODE_SIGN + struct cs_info pcs_info; +#endif } __randomize_layout; /* diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h index cc64d9419746..334fd50348d5 100644 --- a/include/linux/oid_registry.h +++ b/include/linux/oid_registry.h @@ -120,6 +120,9 @@ enum OID { OID_SM2_with_SM3, /* 1.2.156.10197.1.501 */ OID_sm3WithRSAEncryption, /* 1.2.156.10197.1.504 */ + /* Code signature defined OIDS */ + OID_ownerid, /* 1.3.6.1.4.1.2011.2.376.1.4.1 */ + OID__NR }; diff --git a/include/linux/xpm_types.h b/include/linux/xpm_types.h index 22a58c8a8542..e8a0cec9845f 100644 --- a/include/linux/xpm_types.h +++ b/include/linux/xpm_types.h @@ -13,4 +13,9 @@ struct xpm_region { unsigned long addr_end; /* end address of xpm region */ }; +struct cs_info { + uint32_t id_type; + uint32_t ownerid; +}; + #endif /* _XPM_TYPES_H */ \ No newline at end of file -- Gitee