From: Collin Walling <wall...@linux.ibm.com>
DIAG 508 subcode 1 performs signature-verification on signed components.
A signed component may be a Linux kernel image, or any other signed
binary. **Verification of initrd is not supported.**
The instruction call expects two item-pairs: an address of a device
component, an address of the analogous signature file (in PKCS#7 format),
and their respective lengths. All of this data should be encapsulated
within a Diag508SignatureVerificationBlock, with the CertificateStoreInfo
fields ignored. The DIAG handler will read from the provided addresses
to retrieve the necessary data, parse the signature file, then
perform the signature-verification. Because there is no way to
correlate a specific certificate to a component, each certificate
in the store is tried until either verification succeeds, or all
certs have been exhausted.
The subcode value is denoted by setting the second-to-left-most bit of
a 2-byte field.
A return code of 1 indicates success, and the index and length of the
corresponding certificate will be set in the CertificateStoreInfo
portion of the SigVerifBlock. The following values indicate failure:
0x0202: component data is invalid
0x0302: signature is not in PKCS#7 format
0x0402: signature-verification failed
Signed-off-by: Collin Walling <wall...@linux.ibm.com>
Signed-off-by: Zhuoying Cai <zy...@linux.ibm.com>
---
crypto/x509-utils.c | 54 +++++++++++++++++++++++
include/crypto/x509-utils.h | 4 ++
include/hw/s390x/ipl/diag508.h | 22 +++++++++
target/s390x/diag.c | 81 +++++++++++++++++++++++++++++++++-
4 files changed, 160 insertions(+), 1 deletion(-)
diff --git a/crypto/x509-utils.c b/crypto/x509-utils.c
index 51bd75d4eb..56d9a42f39 100644
--- a/crypto/x509-utils.c
+++ b/crypto/x509-utils.c
@@ -20,6 +20,7 @@
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
#include <gnutls/x509.h>
+#include <gnutls/pkcs7.h>
static const int qcrypto_to_gnutls_hash_alg_map[QCRYPTO_HASH_ALGO__MAX] = {
[QCRYPTO_HASH_ALGO_MD5] = GNUTLS_DIG_MD5,
@@ -373,6 +374,51 @@ cleanup:
return ret;
}
+int qcrypto_verify_x509_cert(uint8_t *cert, size_t cert_size,
+ uint8_t *comp, size_t comp_size,
+ uint8_t *sig, size_t sig_size, Error **errp)
+{
+ int rc = -1;
+ gnutls_x509_crt_t crt;
+ gnutls_pkcs7_t signature;
+ gnutls_datum_t cert_datum = {.data = cert, .size = cert_size};
+ gnutls_datum_t data_datum = {.data = comp, .size = comp_size};
+ gnutls_datum_t sig_datum = {.data = sig, .size = sig_size};
+ gnutls_x509_crt_fmt_t fmt;
+
+ fmt = qcrypto_get_x509_cert_fmt(cert, cert_size, errp);
+ if (fmt == -1) {
+ error_setg(errp, "Certificate is neither in DER or PEM format");
+ return rc;
+ }
+
+ if (gnutls_x509_crt_init(&crt) < 0) {
+ error_setg(errp, "Failed to initialize certificate");
+ return rc;
+ }
+
+ if (gnutls_x509_crt_import(crt, &cert_datum, fmt) != 0) {
+ error_setg(errp, "Failed to import certificate");
+ goto cleanup;
+ }
+
+ if (gnutls_pkcs7_init(&signature) < 0) {
+ error_setg(errp, "Failed to initalize pkcs7 data.");
+ return rc;
+ }
+
+ if (gnutls_pkcs7_import(signature, &sig_datum , fmt) != 0) {
+ error_setg(errp, "Failed to import signature");
+ }
+
+ rc = gnutls_pkcs7_verify_direct(signature, crt, 0, &data_datum, 0);
+
+cleanup:
+ gnutls_x509_crt_deinit(crt);
+ gnutls_pkcs7_deinit(signature);
+ return rc;
+}
+
#else /* ! CONFIG_GNUTLS */
int qcrypto_check_x509_cert_fmt(uint8_t *cert, size_t size,
@@ -438,4 +484,12 @@ int qcrypto_get_x509_cert_key_id(uint8_t *cert, size_t
size,
return -ENOTSUP;
}
+int qcrypto_verify_x509_cert(uint8_t *cert, size_t cert_size,
+ uint8_t *comp, size_t comp_size,
+ uint8_t *sig, size_t sig_size, Error **errp)
+{
+ error_setg(errp, "signature-verification support requires GNUTLS");
+ return -ENOTSUP;
+}
+
#endif /* ! CONFIG_GNUTLS */
diff --git a/include/crypto/x509-utils.h b/include/crypto/x509-utils.h
index cf43de0b2c..ec90667376 100644
--- a/include/crypto/x509-utils.h
+++ b/include/crypto/x509-utils.h
@@ -35,4 +35,8 @@ int qcrypto_get_x509_cert_key_id(uint8_t *cert, size_t size,
size_t *resultlen,
Error **errp);
+int qcrypto_verify_x509_cert(uint8_t *cert, size_t cert_size,
+ uint8_t *comp, size_t comp_size,
+ uint8_t *sig, size_t sig_size, Error **errp);
+
#endif
diff --git a/include/hw/s390x/ipl/diag508.h b/include/hw/s390x/ipl/diag508.h
index 6281ad8299..80a5bb906b 100644
--- a/include/hw/s390x/ipl/diag508.h
+++ b/include/hw/s390x/ipl/diag508.h
@@ -11,5 +11,27 @@
#define S390X_DIAG508_H
#define DIAG_508_SUBC_QUERY_SUBC 0x0000
+#define DIAG_508_SUBC_SIG_VERIF 0x8000
+
+#define DIAG_508_RC_OK 0x0001
+#define DIAG_508_RC_NO_CERTS 0x0102
+#define DIAG_508_RC_INVAL_COMP_DATA 0x0202
+#define DIAG_508_RC_INVAL_PKCS7_SIG 0x0302
+#define DIAG_508_RC_FAIL_VERIF 0x0402
+
+struct Diag508CertificateStoreInfo {
+ uint8_t idx;
+ uint64_t len;
+} QEMU_PACKED;
+typedef struct Diag508CertificateStoreInfo Diag508CertificateStoreInfo;
+
+struct Diag508SignatureVerificationBlock {
+ Diag508CertificateStoreInfo csi;
+ uint64_t comp_len;
+ uint64_t comp_addr;
+ uint64_t sig_len;
+ uint64_t sig_addr;
+} QEMU_PACKED;
+typedef struct Diag508SignatureVerificationBlock
Diag508SignatureVerificationBlock;
#endif
diff --git a/target/s390x/diag.c b/target/s390x/diag.c
index 954c95fe50..2171e3275d 100644
--- a/target/s390x/diag.c
+++ b/target/s390x/diag.c
@@ -494,7 +494,10 @@ void handle_diag_320(CPUS390XState *env, uint64_t r1,
uint64_t r3, uintptr_t ra)
void handle_diag_508(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t
ra)
{
+ S390IPLCertificateStore *qcs = s390_ipl_get_certificate_store();
+ size_t csi_size = sizeof(Diag508CertificateStoreInfo);
uint64_t subcode = env->regs[r3];
+ uint64_t addr = env->regs[r1];
int rc;
if (env->psw.mask & PSW_MASK_PSTATE) {
@@ -509,7 +512,83 @@ void handle_diag_508(CPUS390XState *env, uint64_t r1,
uint64_t r3, uintptr_t ra)
switch (subcode) {
case DIAG_508_SUBC_QUERY_SUBC:
- rc = 0;
+ rc = DIAG_508_SUBC_SIG_VERIF;
+ break;
+ case DIAG_508_SUBC_SIG_VERIF:
+ size_t svb_size = sizeof(Diag508SignatureVerificationBlock);
+ Diag508SignatureVerificationBlock *svb;
+ uint64_t comp_len, comp_addr;
+ uint64_t sig_len, sig_addr;
+ uint8_t *svb_comp;
+ uint8_t *svb_sig;
+ int verified;
+ Error *err = NULL;
+ int i;
+
+ if (!qcs || !qcs->count) {
+ rc = DIAG_508_RC_NO_CERTS;
+ break;
+ }
+
+ if (!diag_parm_addr_valid(addr, svb_size, false) ||
+ !diag_parm_addr_valid(addr, csi_size, true)) {
+ s390_program_interrupt(env, PGM_ADDRESSING, ra);
+ return;
+ }
+
+ svb = g_new0(Diag508SignatureVerificationBlock, 1);
+ cpu_physical_memory_read(addr, svb, svb_size);
+
+ comp_len = be64_to_cpu(svb->comp_len);
+ comp_addr = be64_to_cpu(svb->comp_addr);
+ sig_len = be64_to_cpu(svb->sig_len);
+ sig_addr = be64_to_cpu(svb->sig_addr);
+
+ if (!comp_len || !comp_addr) {
+ rc = DIAG_508_RC_INVAL_COMP_DATA;
+ g_free(svb);
+ break;
+ }
+
+ if (!sig_len || !sig_addr) {
+ rc = DIAG_508_RC_INVAL_PKCS7_SIG;
+ g_free(svb);
+ break;
+ }
+
+ svb_comp = g_malloc0(comp_len);
+ cpu_physical_memory_read(comp_addr, svb_comp, comp_len);
+
+ svb_sig = g_malloc0(sig_len);
+ cpu_physical_memory_read(sig_addr, svb_sig, sig_len);
+
+ rc = DIAG_508_RC_FAIL_VERIF;
+ /*
+ * It is uncertain which certificate contains
+ * the analogous key to verify the signed data
+ */
+ for (i = 0; i < qcs->count; i++) {
+ verified = qcrypto_verify_x509_cert((uint8_t *)qcs->certs[i].raw,
+ qcs->certs[i].size,
+ svb_comp, comp_len,
+ svb_sig, sig_len, &err);
+
+ /* return early if GNUTLS is not enabled */
+ if (verified == -ENOTSUP) {
+ g_free(svb);
+ break;
+ }
+
+ if (verified == 0) {
+ svb->csi.idx = i;
+ svb->csi.len = cpu_to_be64(qcs->certs[i].size);
+ cpu_physical_memory_write(addr, &svb->csi,
be32_to_cpu(csi_size));
+ rc = DIAG_508_RC_OK;
+ break;
+ }
+ }
+
+ g_free(svb);
break;
default:
s390_program_interrupt(env, PGM_SPECIFICATION, ra);
--
2.49.0
