PKCS#7: Find intersection between PKCS#7 message and known, trusted keys

Find the intersection between the X.509 certificate chain contained in a PKCS#7 message and a set of keys that we already know and trust. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Vivek Goyal <vgoyal@redhat.com> Reviewed-by: Kees Cook <keescook@chromium.org>
author: David Howells <dhowells@redhat.com> 2014-07-01 11:40:20 -0400
committer: David Howells <dhowells@redhat.com> 2014-07-08 08:50:15 -0400
commit: 08815b62d700e4fbeb72a01986ad051c3dd84a15 (patch)
tree: 9a3df820a9716348fa947986d2310d50e14f9964 /crypto/asymmetric_keys
parent: 8c76d79393ccc9b89d9af402d79a49a9cd43c5aa (diff)
2 files changed, 220 insertions, 0 deletions
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
index b6b39e7bea01..d63cb4320b96 100644
--- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile
@@ -33,6 +33,7 @@ obj-$(CONFIG_PKCS7_MESSAGE_PARSER) += pkcs7_message.o
 pkcs7_message-y := \
        pkcs7-asn1.o \
        pkcs7_parser.o \
+        pkcs7_trust.o \
        pkcs7_verify.o
 $(obj)/pkcs7_parser.o: $(obj)/pkcs7-asn1.h
diff --git a/crypto/asymmetric_keys/pkcs7_trust.c b/crypto/asymmetric_keys/pkcs7_trust.c
new file mode 100644
index 000000000000..b6b045131403
--- /dev/null
+++ b/crypto/asymmetric_keys/pkcs7_trust.c
@@ -0,0 +1,219 @@
+/* Validate the trust chain of a PKCS#7 message.
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+#define pr_fmt(fmt) "PKCS7: "fmt
+#include <linux/kernel.h>
+#include <linux/export.h>
+#include <linux/slab.h>
+#include <linux/err.h>
+#include <linux/asn1.h>
+#include <linux/key.h>
+#include <keys/asymmetric-type.h>
+#include "public_key.h"
+#include "pkcs7_parser.h"
+/*
+ * Request an asymmetric key.
+ */
+static struct key *pkcs7_request_asymmetric_key(
+        struct key *keyring,
+        const char *signer, size_t signer_len,
+        const char *authority, size_t auth_len)
+{
+        key_ref_t key;
+        char *id;
+        kenter(",%zu,,%zu", signer_len, auth_len);
+        /* Construct an identifier. */
+        id = kmalloc(signer_len + 2 + auth_len + 1, GFP_KERNEL);
+        if (!id)
+                return ERR_PTR(-ENOMEM);
+        memcpy(id, signer, signer_len);
+        id[signer_len + 0] = ':';
+        id[signer_len + 1] = ' ';
+        memcpy(id + signer_len + 2, authority, auth_len);
+        id[signer_len + 2 + auth_len] = 0;
+        pr_debug("Look up: \"%s\"\n", id);
+        key = keyring_search(make_key_ref(keyring, 1),
+                             &key_type_asymmetric, id);
+        if (IS_ERR(key))
+                pr_debug("Request for module key '%s' err %ld\n",
+                         id, PTR_ERR(key));
+        kfree(id);
+        if (IS_ERR(key)) {
+                switch (PTR_ERR(key)) {
+                        /* Hide some search errors */
+                case -EACCES:
+                case -ENOTDIR:
+                case -EAGAIN:
+                        return ERR_PTR(-ENOKEY);
+                default:
+                        return ERR_CAST(key);
+                }
+        }
+        pr_devel("<==%s() = 0 [%x]\n", __func__, key_serial(key_ref_to_ptr(key)));
+        return key_ref_to_ptr(key);
+}
+/**
+ * Check the trust on one PKCS#7 SignedInfo block.
+ */
+int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
+                             struct pkcs7_signed_info *sinfo,
+                             struct key *trust_keyring)
+{
+        struct public_key_signature *sig = &sinfo->sig;
+        struct x509_certificate *x509, *last = NULL, *p;
+        struct key *key;
+        bool trusted;
+        int ret;
+        kenter(",%u,", sinfo->index);
+        for (x509 = sinfo->signer; x509; x509 = x509->signer) {
+                if (x509->seen) {
+                        if (x509->verified) {
+                                trusted = x509->trusted;
+                                goto verified;
+                        }
+                        kleave(" = -ENOKEY [cached]");
+                        return -ENOKEY;
+                }
+                x509->seen = true;
+                /* Look to see if this certificate is present in the trusted
+                 * keys.
+                 */
+                key = pkcs7_request_asymmetric_key(
+                        trust_keyring,
+                        x509->subject, strlen(x509->subject),
+                        x509->fingerprint, strlen(x509->fingerprint));
+                if (!IS_ERR(key))
+                        /* One of the X.509 certificates in the PKCS#7 message
+                         * is apparently the same as one we already trust.
+                         * Verify that the trusted variant can also validate
+                         * the signature on the descendant.
+                         */
+                        goto matched;
+                if (key == ERR_PTR(-ENOMEM))
+                        return -ENOMEM;
+                 /* Self-signed certificates form roots of their own, and if we
+                  * don't know them, then we can't accept them.
+                  */
+                if (x509->next == x509) {
+                        kleave(" = -ENOKEY [unknown self-signed]");
+                        return -ENOKEY;
+                }
+                might_sleep();
+                last = x509;
+                sig = &last->sig;
+        }
+        /* No match - see if the root certificate has a signer amongst the
+         * trusted keys.
+         */
+        if (!last || !last->issuer || !last->authority) {
+                kleave(" = -ENOKEY [no backref]");
+                return -ENOKEY;
+        }
+        key = pkcs7_request_asymmetric_key(
+                trust_keyring,
+                last->issuer, strlen(last->issuer),
+                last->authority, strlen(last->authority));
+        if (IS_ERR(key))
+                return PTR_ERR(key) == -ENOMEM ? -ENOMEM : -ENOKEY;
+        x509 = last;
+matched:
+        ret = verify_signature(key, sig);
+        trusted = test_bit(KEY_FLAG_TRUSTED, &key->flags);
+        key_put(key);
+        if (ret < 0) {
+                if (ret == -ENOMEM)
+                        return ret;
+                kleave(" = -EKEYREJECTED [verify %d]", ret);
+                return -EKEYREJECTED;
+        }
+verified:
+        x509->verified = true;
+        for (p = sinfo->signer; p != x509; p = p->signer) {
+                p->verified = true;
+                p->trusted = trusted;
+        }
+        sinfo->trusted = trusted;
+        kleave(" = 0");
+        return 0;
+}
+/**
+ * pkcs7_validate_trust - Validate PKCS#7 trust chain
+ * @pkcs7: The PKCS#7 certificate to validate
+ * @trust_keyring: Signing certificates to use as starting points
+ * @_trusted: Set to true if trustworth, false otherwise
+ *
+ * Validate that the certificate chain inside the PKCS#7 message intersects
+ * keys we already know and trust.
+ *
+ * Returns, in order of descending priority:
+ *
+ *  (*) -EKEYREJECTED if a signature failed to match for which we have a valid
+ *      key, or:
+ *
+ *  (*) 0 if at least one signature chain intersects with the keys in the trust
+ *      keyring, or:
+ *
+ *  (*) -ENOPKG if a suitable crypto module couldn't be found for a check on a
+ *      chain.
+ *
+ *  (*) -ENOKEY if we couldn't find a match for any of the signature chains in
+ *      the message.
+ *
+ * May also return -ENOMEM.
+ */
+int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
+                         struct key *trust_keyring,
+                         bool *_trusted)
+{
+        struct pkcs7_signed_info *sinfo;
+        struct x509_certificate *p;
+        int cached_ret = 0, ret;
+        for (p = pkcs7->certs; p; p = p->next)
+                p->seen = false;
+        for (sinfo = pkcs7->signed_infos; sinfo; sinfo = sinfo->next) {
+                ret = pkcs7_validate_trust_one(pkcs7, sinfo, trust_keyring);
+                if (ret < 0) {
+                        if (ret == -ENOPKG) {
+                                cached_ret = -ENOPKG;
+                        } else if (ret == -ENOKEY) {
+                                if (cached_ret == 0)
+                                        cached_ret = -ENOKEY;
+                        } else {
+                                return ret;
+                        }
+                }
+                *_trusted |= sinfo->trusted;
+        }
+        return cached_ret;
+}
+EXPORT_SYMBOL_GPL(pkcs7_validate_trust);
author	David Howells <dhowells@redhat.com>	2014-07-01 11:40:20 -0400
committer	David Howells <dhowells@redhat.com>	2014-07-08 08:50:15 -0400
commit	08815b62d700e4fbeb72a01986ad051c3dd84a15 (patch)
tree	9a3df820a9716348fa947986d2310d50e14f9964 /crypto/asymmetric_keys
parent	8c76d79393ccc9b89d9af402d79a49a9cd43c5aa (diff)

diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile index b6b39e7bea01..d63cb4320b96 100644 --- a/crypto/asymmetric_keys/Makefile +++ b/crypto/asymmetric_keys/Makefile
@@ -33,6 +33,7 @@ obj-$(CONFIG_PKCS7_MESSAGE_PARSER) += pkcs7_message.o
33	pkcs7_message-y := \	33	pkcs7_message-y := \
34	pkcs7-asn1.o \	34	pkcs7-asn1.o \
35	pkcs7_parser.o \	35	pkcs7_parser.o \
		36	pkcs7_trust.o \
36	pkcs7_verify.o	37	pkcs7_verify.o
37		38
38	$(obj)/pkcs7_parser.o: $(obj)/pkcs7-asn1.h	39	$(obj)/pkcs7_parser.o: $(obj)/pkcs7-asn1.h


diff --git a/crypto/asymmetric_keys/pkcs7_trust.c b/crypto/asymmetric_keys/pkcs7_trust.c new file mode 100644 index 000000000000..b6b045131403 --- /dev/null +++ b/crypto/asymmetric_keys/pkcs7_trust.c
@@ -0,0 +1,219 @@
		1	/* Validate the trust chain of a PKCS#7 message.
		2	*
		3	* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
		4	* Written by David Howells (dhowells@redhat.com)
		5	*
		6	* This program is free software; you can redistribute it and/or
		7	* modify it under the terms of the GNU General Public Licence
		8	* as published by the Free Software Foundation; either version
		9	* 2 of the Licence, or (at your option) any later version.
		10	*/
		11
		12	#define pr_fmt(fmt) "PKCS7: "fmt
		13	#include <linux/kernel.h>
		14	#include <linux/export.h>
		15	#include <linux/slab.h>
		16	#include <linux/err.h>
		17	#include <linux/asn1.h>
		18	#include <linux/key.h>
		19	#include <keys/asymmetric-type.h>
		20	#include "public_key.h"
		21	#include "pkcs7_parser.h"
		22
		23	/*
		24	* Request an asymmetric key.
		25	*/
		26	static struct key *pkcs7_request_asymmetric_key(
		27	struct key *keyring,
		28	const char *signer, size_t signer_len,
		29	const char *authority, size_t auth_len)
		30	{
		31	key_ref_t key;
		32	char *id;
		33
		34	kenter(",%zu,,%zu", signer_len, auth_len);
		35
		36	/* Construct an identifier. */
		37	id = kmalloc(signer_len + 2 + auth_len + 1, GFP_KERNEL);
		38	if (!id)
		39	return ERR_PTR(-ENOMEM);
		40
		41	memcpy(id, signer, signer_len);
		42	id[signer_len + 0] = ':';
		43	id[signer_len + 1] = ' ';
		44	memcpy(id + signer_len + 2, authority, auth_len);
		45	id[signer_len + 2 + auth_len] = 0;
		46
		47	pr_debug("Look up: \"%s\"\n", id);
		48
		49	key = keyring_search(make_key_ref(keyring, 1),
		50	&key_type_asymmetric, id);
		51	if (IS_ERR(key))
		52	pr_debug("Request for module key '%s' err %ld\n",
		53	id, PTR_ERR(key));
		54	kfree(id);
		55
		56	if (IS_ERR(key)) {
		57	switch (PTR_ERR(key)) {
		58	/* Hide some search errors */
		59	case -EACCES:
		60	case -ENOTDIR:
		61	case -EAGAIN:
		62	return ERR_PTR(-ENOKEY);
		63	default:
		64	return ERR_CAST(key);
		65	}
		66	}
		67
		68	pr_devel("<==%s() = 0 [%x]\n", __func__, key_serial(key_ref_to_ptr(key)));
		69	return key_ref_to_ptr(key);
		70	}
		71
		72	/**
		73	* Check the trust on one PKCS#7 SignedInfo block.
		74	*/
		75	int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
		76	struct pkcs7_signed_info *sinfo,
		77	struct key *trust_keyring)
		78	{
		79	struct public_key_signature *sig = &sinfo->sig;
		80	struct x509_certificate x509, last = NULL, *p;
		81	struct key *key;
		82	bool trusted;
		83	int ret;
		84
		85	kenter(",%u,", sinfo->index);
		86
		87	for (x509 = sinfo->signer; x509; x509 = x509->signer) {
		88	if (x509->seen) {
		89	if (x509->verified) {
		90	trusted = x509->trusted;
		91	goto verified;
		92	}
		93	kleave(" = -ENOKEY [cached]");
		94	return -ENOKEY;
		95	}
		96	x509->seen = true;
		97
		98	/* Look to see if this certificate is present in the trusted
		99	* keys.
		100	*/
		101	key = pkcs7_request_asymmetric_key(
		102	trust_keyring,
		103	x509->subject, strlen(x509->subject),
		104	x509->fingerprint, strlen(x509->fingerprint));
		105	if (!IS_ERR(key))
		106	/* One of the X.509 certificates in the PKCS#7 message
		107	* is apparently the same as one we already trust.
		108	* Verify that the trusted variant can also validate
		109	* the signature on the descendant.
		110	*/
		111	goto matched;
		112	if (key == ERR_PTR(-ENOMEM))
		113	return -ENOMEM;
		114
		115	/* Self-signed certificates form roots of their own, and if we
		116	* don't know them, then we can't accept them.
		117	*/
		118	if (x509->next == x509) {
		119	kleave(" = -ENOKEY [unknown self-signed]");
		120	return -ENOKEY;
		121	}
		122
		123	might_sleep();
		124	last = x509;
		125	sig = &last->sig;
		126	}
		127
		128	/* No match - see if the root certificate has a signer amongst the
		129	* trusted keys.
		130	*/
		131	if (!last \|\| !last->issuer \|\| !last->authority) {
		132	kleave(" = -ENOKEY [no backref]");
		133	return -ENOKEY;
		134	}
		135
		136	key = pkcs7_request_asymmetric_key(
		137	trust_keyring,
		138	last->issuer, strlen(last->issuer),
		139	last->authority, strlen(last->authority));
		140	if (IS_ERR(key))
		141	return PTR_ERR(key) == -ENOMEM ? -ENOMEM : -ENOKEY;
		142	x509 = last;
		143
		144	matched:
		145	ret = verify_signature(key, sig);
		146	trusted = test_bit(KEY_FLAG_TRUSTED, &key->flags);
		147	key_put(key);
		148	if (ret < 0) {
		149	if (ret == -ENOMEM)
		150	return ret;
		151	kleave(" = -EKEYREJECTED [verify %d]", ret);
		152	return -EKEYREJECTED;
		153	}
		154
		155	verified:
		156	x509->verified = true;
		157	for (p = sinfo->signer; p != x509; p = p->signer) {
		158	p->verified = true;
		159	p->trusted = trusted;
		160	}
		161	sinfo->trusted = trusted;
		162	kleave(" = 0");
		163	return 0;
		164	}
		165
		166	/**
		167	* pkcs7_validate_trust - Validate PKCS#7 trust chain
		168	* @pkcs7: The PKCS#7 certificate to validate
		169	* @trust_keyring: Signing certificates to use as starting points
		170	* @_trusted: Set to true if trustworth, false otherwise
		171	*
		172	* Validate that the certificate chain inside the PKCS#7 message intersects
		173	* keys we already know and trust.
		174	*
		175	* Returns, in order of descending priority:
		176	*
		177	* (*) -EKEYREJECTED if a signature failed to match for which we have a valid
		178	* key, or:
		179	*
		180	* (*) 0 if at least one signature chain intersects with the keys in the trust
		181	* keyring, or:
		182	*
		183	* (*) -ENOPKG if a suitable crypto module couldn't be found for a check on a
		184	* chain.
		185	*
		186	* (*) -ENOKEY if we couldn't find a match for any of the signature chains in
		187	* the message.
		188	*
		189	* May also return -ENOMEM.
		190	*/
		191	int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
		192	struct key *trust_keyring,
		193	bool *_trusted)
		194	{
		195	struct pkcs7_signed_info *sinfo;
		196	struct x509_certificate *p;
		197	int cached_ret = 0, ret;
		198
		199	for (p = pkcs7->certs; p; p = p->next)
		200	p->seen = false;
		201
		202	for (sinfo = pkcs7->signed_infos; sinfo; sinfo = sinfo->next) {
		203	ret = pkcs7_validate_trust_one(pkcs7, sinfo, trust_keyring);
		204	if (ret < 0) {
		205	if (ret == -ENOPKG) {
		206	cached_ret = -ENOPKG;
		207	} else if (ret == -ENOKEY) {
		208	if (cached_ret == 0)
		209	cached_ret = -ENOKEY;
		210	} else {
		211	return ret;
		212	}
		213	}
		214	*_trusted \|= sinfo->trusted;
		215	}
		216
		217	return cached_ret;
		218	}
		219	EXPORT_SYMBOL_GPL(pkcs7_validate_trust);