1// SPDX-License-Identifier: GPL-2.0
 2
 3/*
 4 * Copyright (C) 2022 Huawei Technologies Duesseldorf GmbH
 5 *
 6 * Author: Roberto Sassu <roberto.sassu@huawei.com>
 7 */
 8
 9#include "vmlinux.h"
10#include <errno.h>
11#include <bpf/bpf_helpers.h>
12#include <bpf/bpf_tracing.h>
13#include "bpf_kfuncs.h"
14#include "err.h"
15
16#define MAX_DATA_SIZE (1024 * 1024)
17#define MAX_SIG_SIZE 1024
18
19__u32 monitored_pid;
20__u32 user_keyring_serial;
21__u64 system_keyring_id;
22
23struct data {
24	__u8 data[MAX_DATA_SIZE];
25	__u32 data_len;
26	__u8 sig[MAX_SIG_SIZE];
27	__u32 sig_len;
28};
29
30struct {
31	__uint(type, BPF_MAP_TYPE_ARRAY);
32	__uint(max_entries, 1);
33	__type(key, __u32);
34	__type(value, struct data);
35} data_input SEC(".maps");
36
37char _license[] SEC("license") = "GPL";
38
39SEC("lsm.s/bpf")
40int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size)
41{
42	struct bpf_dynptr data_ptr, sig_ptr;
43	struct data *data_val;
44	struct bpf_key *trusted_keyring;
45	__u32 pid;
46	__u64 value;
47	int ret, zero = 0;
48
49	pid = bpf_get_current_pid_tgid() >> 32;
50	if (pid != monitored_pid)
51		return 0;
52
53	data_val = bpf_map_lookup_elem(&data_input, &zero);
54	if (!data_val)
55		return 0;
56
57	ret = bpf_probe_read_kernel(&value, sizeof(value), &attr->value);
58	if (ret)
59		goto out;
60
61	ret = bpf_copy_from_user(data_val, sizeof(struct data),
62				 (void *)(unsigned long)value);
63	if (ret)
64		goto out;
65
66	if (data_val->data_len > sizeof(data_val->data))
67		return -EINVAL;
68
69	bpf_dynptr_from_mem(data_val->data, data_val->data_len, 0, &data_ptr);
70
71	if (data_val->sig_len > sizeof(data_val->sig))
72		return -EINVAL;
73
74	bpf_dynptr_from_mem(data_val->sig, data_val->sig_len, 0, &sig_ptr);
75
76	if (user_keyring_serial)
77		trusted_keyring = bpf_lookup_user_key(user_keyring_serial, 0);
78	else
79		trusted_keyring = bpf_lookup_system_key(system_keyring_id);
80
81	if (!trusted_keyring)
82		return -ENOENT;
83
84	ret = bpf_verify_pkcs7_signature(&data_ptr, &sig_ptr, trusted_keyring);
85
86	bpf_key_put(trusted_keyring);
87
88out:
89	set_if_not_errno_or_zero(ret, -EFAULT);
90
91	return ret;
92}

 1// SPDX-License-Identifier: GPL-2.0
 2
 3/*
 4 * Copyright (C) 2022 Huawei Technologies Duesseldorf GmbH
 5 *
 6 * Author: Roberto Sassu <roberto.sassu@huawei.com>
 7 */
 8
 9#include "vmlinux.h"
10#include <errno.h>
11#include <bpf/bpf_helpers.h>
12#include <bpf/bpf_tracing.h>
13#include "bpf_kfuncs.h"
 
14
15#define MAX_DATA_SIZE (1024 * 1024)
16#define MAX_SIG_SIZE 1024
17
18__u32 monitored_pid;
19__u32 user_keyring_serial;
20__u64 system_keyring_id;
21
22struct data {
23	__u8 data[MAX_DATA_SIZE];
24	__u32 data_len;
25	__u8 sig[MAX_SIG_SIZE];
26	__u32 sig_len;
27};
28
29struct {
30	__uint(type, BPF_MAP_TYPE_ARRAY);
31	__uint(max_entries, 1);
32	__type(key, __u32);
33	__type(value, struct data);
34} data_input SEC(".maps");
35
36char _license[] SEC("license") = "GPL";
37
38SEC("lsm.s/bpf")
39int BPF_PROG(bpf, int cmd, union bpf_attr *attr, unsigned int size)
40{
41	struct bpf_dynptr data_ptr, sig_ptr;
42	struct data *data_val;
43	struct bpf_key *trusted_keyring;
44	__u32 pid;
45	__u64 value;
46	int ret, zero = 0;
47
48	pid = bpf_get_current_pid_tgid() >> 32;
49	if (pid != monitored_pid)
50		return 0;
51
52	data_val = bpf_map_lookup_elem(&data_input, &zero);
53	if (!data_val)
54		return 0;
55
56	ret = bpf_probe_read_kernel(&value, sizeof(value), &attr->value);
57	if (ret)
58		return ret;
59
60	ret = bpf_copy_from_user(data_val, sizeof(struct data),
61				 (void *)(unsigned long)value);
62	if (ret)
63		return ret;
64
65	if (data_val->data_len > sizeof(data_val->data))
66		return -EINVAL;
67
68	bpf_dynptr_from_mem(data_val->data, data_val->data_len, 0, &data_ptr);
69
70	if (data_val->sig_len > sizeof(data_val->sig))
71		return -EINVAL;
72
73	bpf_dynptr_from_mem(data_val->sig, data_val->sig_len, 0, &sig_ptr);
74
75	if (user_keyring_serial)
76		trusted_keyring = bpf_lookup_user_key(user_keyring_serial, 0);
77	else
78		trusted_keyring = bpf_lookup_system_key(system_keyring_id);
79
80	if (!trusted_keyring)
81		return -ENOENT;
82
83	ret = bpf_verify_pkcs7_signature(&data_ptr, &sig_ptr, trusted_keyring);
84
85	bpf_key_put(trusted_keyring);
 
 
 
86
87	return ret;
88}