diff options
author | David Howells <dhowells@redhat.com> | 2014-07-01 11:40:19 -0400 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2014-07-08 08:50:03 -0400 |
commit | 9f0d33146e2ae81342a493c579c0e0c1aa84a527 (patch) | |
tree | 9b31262f91e15d69cf80ff014a52dfe6bdf8ab34 | |
parent | 2e3fadbf730fd0d13c891d5e555af3e7f39ca3f4 (diff) |
PKCS#7: Digest the data in a signed-data message
Digest the data in a PKCS#7 signed-data message and attach to the
public_key_signature struct contained in the pkcs7_message struct.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
-rw-r--r-- | crypto/asymmetric_keys/Makefile | 3 | ||||
-rw-r--r-- | crypto/asymmetric_keys/pkcs7_verify.c | 173 |
2 files changed, 175 insertions, 1 deletions
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile index 59d8cade5cfe..b6b39e7bea01 100644 --- a/crypto/asymmetric_keys/Makefile +++ b/crypto/asymmetric_keys/Makefile | |||
@@ -32,7 +32,8 @@ clean-files += x509_rsakey-asn1.c x509_rsakey-asn1.h | |||
32 | obj-$(CONFIG_PKCS7_MESSAGE_PARSER) += pkcs7_message.o | 32 | obj-$(CONFIG_PKCS7_MESSAGE_PARSER) += pkcs7_message.o |
33 | pkcs7_message-y := \ | 33 | pkcs7_message-y := \ |
34 | pkcs7-asn1.o \ | 34 | pkcs7-asn1.o \ |
35 | pkcs7_parser.o | 35 | pkcs7_parser.o \ |
36 | pkcs7_verify.o | ||
36 | 37 | ||
37 | $(obj)/pkcs7_parser.o: $(obj)/pkcs7-asn1.h | 38 | $(obj)/pkcs7_parser.o: $(obj)/pkcs7-asn1.h |
38 | $(obj)/pkcs7-asn1.o: $(obj)/pkcs7-asn1.c $(obj)/pkcs7-asn1.h | 39 | $(obj)/pkcs7-asn1.o: $(obj)/pkcs7-asn1.c $(obj)/pkcs7-asn1.h |
diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c new file mode 100644 index 000000000000..0bb408a5b64f --- /dev/null +++ b/crypto/asymmetric_keys/pkcs7_verify.c | |||
@@ -0,0 +1,173 @@ | |||
1 | /* Verify the signature on a PKCS#7 message. | ||
2 | * | ||
3 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public Licence | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the Licence, or (at your option) any later version. | ||
10 | */ | ||
11 | |||
12 | #define pr_fmt(fmt) "PKCS7: "fmt | ||
13 | #include <linux/kernel.h> | ||
14 | #include <linux/export.h> | ||
15 | #include <linux/slab.h> | ||
16 | #include <linux/err.h> | ||
17 | #include <linux/asn1.h> | ||
18 | #include <crypto/hash.h> | ||
19 | #include "public_key.h" | ||
20 | #include "pkcs7_parser.h" | ||
21 | |||
22 | /* | ||
23 | * Digest the relevant parts of the PKCS#7 data | ||
24 | */ | ||
25 | static int pkcs7_digest(struct pkcs7_message *pkcs7, | ||
26 | struct pkcs7_signed_info *sinfo) | ||
27 | { | ||
28 | struct crypto_shash *tfm; | ||
29 | struct shash_desc *desc; | ||
30 | size_t digest_size, desc_size; | ||
31 | void *digest; | ||
32 | int ret; | ||
33 | |||
34 | kenter(",%u,%u", sinfo->index, sinfo->sig.pkey_hash_algo); | ||
35 | |||
36 | if (sinfo->sig.pkey_hash_algo >= PKEY_HASH__LAST || | ||
37 | !hash_algo_name[sinfo->sig.pkey_hash_algo]) | ||
38 | return -ENOPKG; | ||
39 | |||
40 | /* Allocate the hashing algorithm we're going to need and find out how | ||
41 | * big the hash operational data will be. | ||
42 | */ | ||
43 | tfm = crypto_alloc_shash(hash_algo_name[sinfo->sig.pkey_hash_algo], | ||
44 | 0, 0); | ||
45 | if (IS_ERR(tfm)) | ||
46 | return (PTR_ERR(tfm) == -ENOENT) ? -ENOPKG : PTR_ERR(tfm); | ||
47 | |||
48 | desc_size = crypto_shash_descsize(tfm) + sizeof(*desc); | ||
49 | sinfo->sig.digest_size = digest_size = crypto_shash_digestsize(tfm); | ||
50 | |||
51 | ret = -ENOMEM; | ||
52 | digest = kzalloc(digest_size + desc_size, GFP_KERNEL); | ||
53 | if (!digest) | ||
54 | goto error_no_desc; | ||
55 | |||
56 | desc = digest + digest_size; | ||
57 | desc->tfm = tfm; | ||
58 | desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; | ||
59 | |||
60 | /* Digest the message [RFC2315 9.3] */ | ||
61 | ret = crypto_shash_init(desc); | ||
62 | if (ret < 0) | ||
63 | goto error; | ||
64 | ret = crypto_shash_finup(desc, pkcs7->data, pkcs7->data_len, digest); | ||
65 | if (ret < 0) | ||
66 | goto error; | ||
67 | pr_devel("MsgDigest = [%*ph]\n", 8, digest); | ||
68 | |||
69 | /* However, if there are authenticated attributes, there must be a | ||
70 | * message digest attribute amongst them which corresponds to the | ||
71 | * digest we just calculated. | ||
72 | */ | ||
73 | if (sinfo->msgdigest) { | ||
74 | u8 tag; | ||
75 | |||
76 | if (sinfo->msgdigest_len != sinfo->sig.digest_size) { | ||
77 | pr_debug("Sig %u: Invalid digest size (%u)\n", | ||
78 | sinfo->index, sinfo->msgdigest_len); | ||
79 | ret = -EBADMSG; | ||
80 | goto error; | ||
81 | } | ||
82 | |||
83 | if (memcmp(digest, sinfo->msgdigest, sinfo->msgdigest_len) != 0) { | ||
84 | pr_debug("Sig %u: Message digest doesn't match\n", | ||
85 | sinfo->index); | ||
86 | ret = -EKEYREJECTED; | ||
87 | goto error; | ||
88 | } | ||
89 | |||
90 | /* We then calculate anew, using the authenticated attributes | ||
91 | * as the contents of the digest instead. Note that we need to | ||
92 | * convert the attributes from a CONT.0 into a SET before we | ||
93 | * hash it. | ||
94 | */ | ||
95 | memset(digest, 0, sinfo->sig.digest_size); | ||
96 | |||
97 | ret = crypto_shash_init(desc); | ||
98 | if (ret < 0) | ||
99 | goto error; | ||
100 | tag = ASN1_CONS_BIT | ASN1_SET; | ||
101 | ret = crypto_shash_update(desc, &tag, 1); | ||
102 | if (ret < 0) | ||
103 | goto error; | ||
104 | ret = crypto_shash_finup(desc, sinfo->authattrs, | ||
105 | sinfo->authattrs_len, digest); | ||
106 | if (ret < 0) | ||
107 | goto error; | ||
108 | pr_devel("AADigest = [%*ph]\n", 8, digest); | ||
109 | } | ||
110 | |||
111 | sinfo->sig.digest = digest; | ||
112 | digest = NULL; | ||
113 | |||
114 | error: | ||
115 | kfree(digest); | ||
116 | error_no_desc: | ||
117 | crypto_free_shash(tfm); | ||
118 | kleave(" = %d", ret); | ||
119 | return ret; | ||
120 | } | ||
121 | |||
122 | /* | ||
123 | /* | ||
124 | * Verify one signed information block from a PKCS#7 message. | ||
125 | */ | ||
126 | static int pkcs7_verify_one(struct pkcs7_message *pkcs7, | ||
127 | struct pkcs7_signed_info *sinfo) | ||
128 | { | ||
129 | int ret; | ||
130 | |||
131 | kenter(",%u", sinfo->index); | ||
132 | |||
133 | /* First of all, digest the data in the PKCS#7 message and the | ||
134 | * signed information block | ||
135 | */ | ||
136 | ret = pkcs7_digest(pkcs7, sinfo); | ||
137 | if (ret < 0) | ||
138 | return ret; | ||
139 | |||
140 | return 0; | ||
141 | } | ||
142 | |||
143 | /** | ||
144 | * pkcs7_verify - Verify a PKCS#7 message | ||
145 | * @pkcs7: The PKCS#7 message to be verified | ||
146 | */ | ||
147 | int pkcs7_verify(struct pkcs7_message *pkcs7) | ||
148 | { | ||
149 | struct pkcs7_signed_info *sinfo; | ||
150 | struct x509_certificate *x509; | ||
151 | int ret, n; | ||
152 | |||
153 | kenter(""); | ||
154 | |||
155 | for (n = 0, x509 = pkcs7->certs; x509; x509 = x509->next, n++) { | ||
156 | ret = x509_get_sig_params(x509); | ||
157 | if (ret < 0) | ||
158 | return ret; | ||
159 | pr_debug("X.509[%u] %s\n", n, x509->authority); | ||
160 | } | ||
161 | |||
162 | for (sinfo = pkcs7->signed_infos; sinfo; sinfo = sinfo->next) { | ||
163 | ret = pkcs7_verify_one(pkcs7, sinfo); | ||
164 | if (ret < 0) { | ||
165 | kleave(" = %d", ret); | ||
166 | return ret; | ||
167 | } | ||
168 | } | ||
169 | |||
170 | kleave(" = 0"); | ||
171 | return 0; | ||
172 | } | ||
173 | EXPORT_SYMBOL_GPL(pkcs7_verify); | ||