PKCS#7: Find intersection between PKCS#7 message and known, trusted keys

Find the intersection between the X.509 certificate chain contained in a PKCS#7
message and a set of keys that we already know and trust.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>

3 files changed, 228 insertions, 0 deletions

diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
index b6b39e7bea01..d63cb4320b96 100644
--- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile
@@ -33,6 +33,7 @@ obj-$(CONFIG_PKCS7_MESSAGE_PARSER) += pkcs7_message.o
 pkcs7_message-y := \
         pkcs7-asn1.o \
         pkcs7_parser.o \
+        pkcs7_trust.o \
         pkcs7_verify.o
 
 $(obj)/pkcs7_parser.o: $(obj)/pkcs7-asn1.h
diff --git a/crypto/asymmetric_keys/pkcs7_trust.c b/crypto/asymmetric_keys/pkcs7_trust.c
new file mode 100644
index 000000000000..b6b045131403
--- /dev/null
+++ b/crypto/asymmetric_keys/pkcs7_trust.c
@@ -0,0 +1,219 @@
+/* Validate the trust chain of a PKCS#7 message.
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+
+#define pr_fmt(fmt) "PKCS7: "fmt
+#include <linux/kernel.h>
+#include <linux/export.h>
+#include <linux/slab.h>
+#include <linux/err.h>
+#include <linux/asn1.h>
+#include <linux/key.h>
+#include <keys/asymmetric-type.h>
+#include "public_key.h"
+#include "pkcs7_parser.h"
+
+/*
+ * Request an asymmetric key.
+ */
+static struct key *pkcs7_request_asymmetric_key(
+        struct key *keyring,
+        const char *signer, size_t signer_len,
+        const char *authority, size_t auth_len)
+{
+        key_ref_t key;
+        char *id;
+
+        kenter(",%zu,,%zu", signer_len, auth_len);
+
+        /* Construct an identifier. */
+        id = kmalloc(signer_len + 2 + auth_len + 1, GFP_KERNEL);
+        if (!id)
+                return ERR_PTR(-ENOMEM);
+
+        memcpy(id, signer, signer_len);
+        id[signer_len + 0] = ':';
+        id[signer_len + 1] = ' ';
+        memcpy(id + signer_len + 2, authority, auth_len);
+        id[signer_len + 2 + auth_len] = 0;
+
+        pr_debug("Look up: \"%s\"\n", id);
+
+        key = keyring_search(make_key_ref(keyring, 1),
+                             &key_type_asymmetric, id);
+        if (IS_ERR(key))
+                pr_debug("Request for module key '%s' err %ld\n",
+                         id, PTR_ERR(key));
+        kfree(id);
+
+        if (IS_ERR(key)) {
+                switch (PTR_ERR(key)) {
+                        /* Hide some search errors */
+                case -EACCES:
+                case -ENOTDIR:
+                case -EAGAIN:
+                        return ERR_PTR(-ENOKEY);
+                default:
+                        return ERR_CAST(key);
+                }
+        }
+
+        pr_devel("<==%s() = 0 [%x]\n", __func__, key_serial(key_ref_to_ptr(key)));
+        return key_ref_to_ptr(key);
+}
+
+/**
+ * Check the trust on one PKCS#7 SignedInfo block.
+ */
+int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
+                             struct pkcs7_signed_info *sinfo,
+                             struct key *trust_keyring)
+{
+        struct public_key_signature *sig = &sinfo->sig;
+        struct x509_certificate *x509, *last = NULL, *p;
+        struct key *key;
+        bool trusted;
+        int ret;
+
+        kenter(",%u,", sinfo->index);
+
+        for (x509 = sinfo->signer; x509; x509 = x509->signer) {
+                if (x509->seen) {
+                        if (x509->verified) {
+                                trusted = x509->trusted;
+                                goto verified;
+                        }
+                        kleave(" = -ENOKEY [cached]");
+                        return -ENOKEY;
+                }
+                x509->seen = true;
+
+                /* Look to see if this certificate is present in the trusted
+                 * keys.
+                 */
+                key = pkcs7_request_asymmetric_key(
+                        trust_keyring,
+                        x509->subject, strlen(x509->subject),
+                        x509->fingerprint, strlen(x509->fingerprint));
+                if (!IS_ERR(key))
+                        /* One of the X.509 certificates in the PKCS#7 message
+                         * is apparently the same as one we already trust.
+                         * Verify that the trusted variant can also validate
+                         * the signature on the descendant.
+                         */
+                        goto matched;
+                if (key == ERR_PTR(-ENOMEM))
+                        return -ENOMEM;
+
+                 /* Self-signed certificates form roots of their own, and if we
+                  * don't know them, then we can't accept them.
+                  */
+                if (x509->next == x509) {
+                        kleave(" = -ENOKEY [unknown self-signed]");
+                        return -ENOKEY;
+                }
+
+                might_sleep();
+                last = x509;
+                sig = &last->sig;
+        }
+
+        /* No match - see if the root certificate has a signer amongst the
+         * trusted keys.
+         */
+        if (!last || !last->issuer || !last->authority) {
+                kleave(" = -ENOKEY [no backref]");
+                return -ENOKEY;
+        }
+
+        key = pkcs7_request_asymmetric_key(
+                trust_keyring,
+                last->issuer, strlen(last->issuer),
+                last->authority, strlen(last->authority));
+        if (IS_ERR(key))
+                return PTR_ERR(key) == -ENOMEM ? -ENOMEM : -ENOKEY;
+        x509 = last;
+
+matched:
+        ret = verify_signature(key, sig);
+        trusted = test_bit(KEY_FLAG_TRUSTED, &key->flags);
+        key_put(key);
+        if (ret < 0) {
+                if (ret == -ENOMEM)
+                        return ret;
+                kleave(" = -EKEYREJECTED [verify %d]", ret);
+                return -EKEYREJECTED;
+        }
+
+verified:
+        x509->verified = true;
+        for (p = sinfo->signer; p != x509; p = p->signer) {
+                p->verified = true;
+                p->trusted = trusted;
+        }
+        sinfo->trusted = trusted;
+        kleave(" = 0");
+        return 0;
+}
+
+/**
+ * pkcs7_validate_trust - Validate PKCS#7 trust chain
+ * @pkcs7: The PKCS#7 certificate to validate
+ * @trust_keyring: Signing certificates to use as starting points
+ * @_trusted: Set to true if trustworth, false otherwise
+ *
+ * Validate that the certificate chain inside the PKCS#7 message intersects
+ * keys we already know and trust.
+ *
+ * Returns, in order of descending priority:
+ *
+ *  (*) -EKEYREJECTED if a signature failed to match for which we have a valid
+ *      key, or:
+ *
+ *  (*) 0 if at least one signature chain intersects with the keys in the trust
+ *      keyring, or:
+ *
+ *  (*) -ENOPKG if a suitable crypto module couldn't be found for a check on a
+ *      chain.
+ *
+ *  (*) -ENOKEY if we couldn't find a match for any of the signature chains in
+ *      the message.
+ *
+ * May also return -ENOMEM.
+ */
+int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
+                         struct key *trust_keyring,
+                         bool *_trusted)
+{
+        struct pkcs7_signed_info *sinfo;
+        struct x509_certificate *p;
+        int cached_ret = 0, ret;
+
+        for (p = pkcs7->certs; p; p = p->next)
+                p->seen = false;
+
+        for (sinfo = pkcs7->signed_infos; sinfo; sinfo = sinfo->next) {
+                ret = pkcs7_validate_trust_one(pkcs7, sinfo, trust_keyring);
+                if (ret < 0) {
+                        if (ret == -ENOPKG) {
+                                cached_ret = -ENOPKG;
+                        } else if (ret == -ENOKEY) {
+                                if (cached_ret == 0)
+                                        cached_ret = -ENOKEY;
+                        } else {
+                                return ret;
+                        }
+                }
+                *_trusted |= sinfo->trusted;
+        }
+
+        return cached_ret;
+}
+EXPORT_SYMBOL_GPL(pkcs7_validate_trust);
diff --git a/include/crypto/pkcs7.h b/include/crypto/pkcs7.h
index 8ba0f3810d67..691c79172a26 100644
--- a/include/crypto/pkcs7.h
+++ b/include/crypto/pkcs7.h
@@ -9,6 +9,7 @@
  * 2 of the Licence, or (at your option) any later version.
  */
 
+struct key;
 struct pkcs7_message;
 
 /*
@@ -23,6 +24,13 @@ extern int pkcs7_get_content_data(const struct pkcs7_message *pkcs7,
                                   bool want_wrapper);
 
 /*
+ * pkcs7_trust.c
+ */
+extern int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
+                                struct key *trust_keyring,
+                                bool *_trusted);
+
+/*
  * pkcs7_verify.c
  */
 extern int pkcs7_verify(struct pkcs7_message *pkcs7);