On Thu, May 08, 2025 at 06:50:25PM -0400, Zhuoying Cai wrote:
> From: Collin Walling <wall...@linux.ibm.com>
>
> DIAG 508 subcode 1 performs signature-verification on signed components.
> A signed component may be a Linux kernel image, or any other signed
> binary. **Verification of initrd is not supported.**
>
> The instruction call expects two item-pairs: an address of a device
> component, an address of the analogous signature file (in PKCS#7 format),
> and their respective lengths. All of this data should be encapsulated
> within a Diag508SignatureVerificationBlock, with the CertificateStoreInfo
> fields ignored. The DIAG handler will read from the provided addresses
> to retrieve the necessary data, parse the signature file, then
> perform the signature-verification. Because there is no way to
> correlate a specific certificate to a component, each certificate
> in the store is tried until either verification succeeds, or all
> certs have been exhausted.
>
> The subcode value is denoted by setting the second-to-left-most bit of
> a 2-byte field.
>
> A return code of 1 indicates success, and the index and length of the
> corresponding certificate will be set in the CertificateStoreInfo
> portion of the SigVerifBlock. The following values indicate failure:
>
> 0x0202: component data is invalid
> 0x0302: signature is not in PKCS#7 format
> 0x0402: signature-verification failed
>
> Signed-off-by: Collin Walling <wall...@linux.ibm.com>
> Signed-off-by: Zhuoying Cai <zy...@linux.ibm.com>
> ---
> crypto/x509-utils.c | 54 +++++++++++++++++++++++
> include/crypto/x509-utils.h | 4 ++
> include/hw/s390x/ipl/diag508.h | 22 +++++++++
> target/s390x/diag.c | 81 +++++++++++++++++++++++++++++++++-
> 4 files changed, 160 insertions(+), 1 deletion(-)
>
> diff --git a/crypto/x509-utils.c b/crypto/x509-utils.c
> index 51bd75d4eb..56d9a42f39 100644
> --- a/crypto/x509-utils.c
> +++ b/crypto/x509-utils.c
> @@ -20,6 +20,7 @@
> #include <gnutls/gnutls.h>
> #include <gnutls/crypto.h>
> #include <gnutls/x509.h>
> +#include <gnutls/pkcs7.h>
>
> static const int qcrypto_to_gnutls_hash_alg_map[QCRYPTO_HASH_ALGO__MAX] = {
> [QCRYPTO_HASH_ALGO_MD5] = GNUTLS_DIG_MD5,
> @@ -373,6 +374,51 @@ cleanup:
> return ret;
> }
>
> +int qcrypto_verify_x509_cert(uint8_t *cert, size_t cert_size,
> + uint8_t *comp, size_t comp_size,
> + uint8_t *sig, size_t sig_size, Error **errp)
> +{
> + int rc = -1;
> + gnutls_x509_crt_t crt;
> + gnutls_pkcs7_t signature;
> + gnutls_datum_t cert_datum = {.data = cert, .size = cert_size};
> + gnutls_datum_t data_datum = {.data = comp, .size = comp_size};
> + gnutls_datum_t sig_datum = {.data = sig, .size = sig_size};
> + gnutls_x509_crt_fmt_t fmt;
> +
> + fmt = qcrypto_get_x509_cert_fmt(cert, cert_size, errp);
> + if (fmt == -1) {
> + error_setg(errp, "Certificate is neither in DER or PEM format");
> + return rc;
> + }
> +
> + if (gnutls_x509_crt_init(&crt) < 0) {
> + error_setg(errp, "Failed to initialize certificate");
> + return rc;
> + }
> +
> + if (gnutls_x509_crt_import(crt, &cert_datum, fmt) != 0) {
> + error_setg(errp, "Failed to import certificate");
> + goto cleanup;
> + }
> +
> + if (gnutls_pkcs7_init(&signature) < 0) {
> + error_setg(errp, "Failed to initalize pkcs7 data.");
> + return rc;
> + }
> +
> + if (gnutls_pkcs7_import(signature, &sig_datum , fmt) != 0) {
> + error_setg(errp, "Failed to import signature");
> + }
> +
> + rc = gnutls_pkcs7_verify_direct(signature, crt, 0, &data_datum, 0);
> +
> +cleanup:
> + gnutls_x509_crt_deinit(crt);
> + gnutls_pkcs7_deinit(signature);
> + return rc;
> +}
> +
> #else /* ! CONFIG_GNUTLS */
>
> int qcrypto_check_x509_cert_fmt(uint8_t *cert, size_t size,
> @@ -438,4 +484,12 @@ int qcrypto_get_x509_cert_key_id(uint8_t *cert, size_t
> size,
> return -ENOTSUP;
> }
>
> +int qcrypto_verify_x509_cert(uint8_t *cert, size_t cert_size,
> + uint8_t *comp, size_t comp_size,
> + uint8_t *sig, size_t sig_size, Error **errp)
> +{
> + error_setg(errp, "signature-verification support requires GNUTLS");
> + return -ENOTSUP;
> +}
> +
> #endif /* ! CONFIG_GNUTLS */
> diff --git a/include/crypto/x509-utils.h b/include/crypto/x509-utils.h
> index cf43de0b2c..ec90667376 100644
> --- a/include/crypto/x509-utils.h
> +++ b/include/crypto/x509-utils.h
> @@ -35,4 +35,8 @@ int qcrypto_get_x509_cert_key_id(uint8_t *cert, size_t size,
> size_t *resultlen,
> Error **errp);
>
> +int qcrypto_verify_x509_cert(uint8_t *cert, size_t cert_size,
> + uint8_t *comp, size_t comp_size,
> + uint8_t *sig, size_t sig_size, Error **errp);
> +
Needs API docs to say what all these different params mean
> #endif
Please always aim to seperate out code from different subsystems into
separate patches, if technically possible.
> diff --git a/include/hw/s390x/ipl/diag508.h b/include/hw/s390x/ipl/diag508.h
> index 6281ad8299..80a5bb906b 100644
> --- a/include/hw/s390x/ipl/diag508.h
> +++ b/include/hw/s390x/ipl/diag508.h
> diff --git a/target/s390x/diag.c b/target/s390x/diag.c
> index 954c95fe50..2171e3275d 100644
> --- a/target/s390x/diag.c
> +++ b/target/s390x/diag.c
> @@ -494,7 +494,10 @@ void handle_diag_320(CPUS390XState *env, uint64_t r1,
> uint64_t r3, uintptr_t ra)
>
> void handle_diag_508(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t
> ra)
> {
> + S390IPLCertificateStore *qcs = s390_ipl_get_certificate_store();
> + size_t csi_size = sizeof(Diag508CertificateStoreInfo);
> uint64_t subcode = env->regs[r3];
> + uint64_t addr = env->regs[r1];
> int rc;
>
> if (env->psw.mask & PSW_MASK_PSTATE) {
> @@ -509,7 +512,83 @@ void handle_diag_508(CPUS390XState *env, uint64_t r1,
> uint64_t r3, uintptr_t ra)
>
> switch (subcode) {
> case DIAG_508_SUBC_QUERY_SUBC:
> - rc = 0;
> + rc = DIAG_508_SUBC_SIG_VERIF;
> + break;
> + case DIAG_508_SUBC_SIG_VERIF:
> + size_t svb_size = sizeof(Diag508SignatureVerificationBlock);
> + Diag508SignatureVerificationBlock *svb;
> + uint64_t comp_len, comp_addr;
> + uint64_t sig_len, sig_addr;
> + uint8_t *svb_comp;
> + uint8_t *svb_sig;
> + int verified;
> + Error *err = NULL;
> + int i;
> +
> + if (!qcs || !qcs->count) {
> + rc = DIAG_508_RC_NO_CERTS;
> + break;
> + }
> +
> + if (!diag_parm_addr_valid(addr, svb_size, false) ||
> + !diag_parm_addr_valid(addr, csi_size, true)) {
> + s390_program_interrupt(env, PGM_ADDRESSING, ra);
> + return;
> + }
> +
> + svb = g_new0(Diag508SignatureVerificationBlock, 1);
> + cpu_physical_memory_read(addr, svb, svb_size);
> +
> + comp_len = be64_to_cpu(svb->comp_len);
> + comp_addr = be64_to_cpu(svb->comp_addr);
> + sig_len = be64_to_cpu(svb->sig_len);
> + sig_addr = be64_to_cpu(svb->sig_addr);
> +
> + if (!comp_len || !comp_addr) {
> + rc = DIAG_508_RC_INVAL_COMP_DATA;
> + g_free(svb);
> + break;
> + }
> +
> + if (!sig_len || !sig_addr) {
> + rc = DIAG_508_RC_INVAL_PKCS7_SIG;
> + g_free(svb);
> + break;
> + }
> +
> + svb_comp = g_malloc0(comp_len);
> + cpu_physical_memory_read(comp_addr, svb_comp, comp_len);
> +
> + svb_sig = g_malloc0(sig_len);
> + cpu_physical_memory_read(sig_addr, svb_sig, sig_len);
> +
> + rc = DIAG_508_RC_FAIL_VERIF;
> + /*
> + * It is uncertain which certificate contains
> + * the analogous key to verify the signed data
> + */
> + for (i = 0; i < qcs->count; i++) {
> + verified = qcrypto_verify_x509_cert((uint8_t *)qcs->certs[i].raw,
> + qcs->certs[i].size,
> + svb_comp, comp_len,
> + svb_sig, sig_len, &err);
> +
> + /* return early if GNUTLS is not enabled */
> + if (verified == -ENOTSUP) {
> + g_free(svb);
> + break;
> + }
> +
> + if (verified == 0) {
> + svb->csi.idx = i;
> + svb->csi.len = cpu_to_be64(qcs->certs[i].size);
> + cpu_physical_memory_write(addr, &svb->csi,
> be32_to_cpu(csi_size));
> + rc = DIAG_508_RC_OK;
Leaks 'svb' here
> + break;
> + }
> + }
> +
> + g_free(svb);
This and all the other paths leak 'svb_comp' and
'svb_sig'.
Declare all three allocated vars with 'g_autofree' and then you don't
need to remember to manually g_free them.
> break;
> default:
> s390_program_interrupt(env, PGM_SPECIFICATION, ra);
> --
> 2.49.0
>
>
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
