Merge remote-tracking branch 'integrity/next-with-keys' into keys-next

Signed-off-by: David Howells <dhowells@redhat.com>
author: David Howells <dhowells@redhat.com> 2014-07-22 16:54:43 -0400
committer: David Howells <dhowells@redhat.com> 2014-07-22 16:54:43 -0400
commit: 64724cfc6eea920dbaada14f0fb978b1dd31192d (patch)
tree: d2f491be07a05e2d96b5c8b8e5a0a878f285eb22 /crypto
parent: 6204e0025566ad3992ce649d4f44b7e8cdde2293 (diff)
parent: 7d2ce2320e8efdc4a6dcbae7b329ed3f0d1cd778 (diff)
3 files changed, 142 insertions, 20 deletions
diff --git a/crypto/asymmetric_keys/asymmetric_keys.h b/crypto/asymmetric_keys/asymmetric_keys.h
index 515b63430812..a63c551c6557 100644
--- a/crypto/asymmetric_keys/asymmetric_keys.h
+++ b/crypto/asymmetric_keys/asymmetric_keys.h
@@ -9,6 +9,8 @@
 * 2 of the Licence, or (at your option) any later version.
 */
+int asymmetric_keyid_match(const char *kid, const char *id);
 static inline const char *asymmetric_key_id(const struct key *key)
 {
        return key->type_data.p[1];
diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c
index 21960a4e74e8..eb8cd46961a5 100644
--- a/crypto/asymmetric_keys/asymmetric_type.c
+++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -23,6 +23,35 @@ static LIST_HEAD(asymmetric_key_parsers);
 static DECLARE_RWSEM(asymmetric_key_parsers_sem);
 /*
+ * Match asymmetric key id with partial match
+ * @id:         key id to match in a form "id:<id>"
+ */
+int asymmetric_keyid_match(const char *kid, const char *id)
+{
+        size_t idlen, kidlen;
+        if (!kid || !id)
+                return 0;
+        /* make it possible to use id as in the request: "id:<id>" */
+        if (strncmp(id, "id:", 3) == 0)
+                id += 3;
+        /* Anything after here requires a partial match on the ID string */
+        idlen = strlen(id);
+        kidlen = strlen(kid);
+        if (idlen > kidlen)
+                return 0;
+        kid += kidlen - idlen;
+        if (strcasecmp(id, kid) != 0)
+                return 0;
+        return 1;
+}
+EXPORT_SYMBOL_GPL(asymmetric_keyid_match);
+/*
 * Match asymmetric keys on (part of) their name
 * We have some shorthand methods for matching keys.  We allow:
 *
@@ -34,9 +63,8 @@ static int asymmetric_key_match(const struct key *key, const void *description)
 {
        const struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key);
        const char *spec = description;
-        const char *id, *kid;
+        const char *id;
        ptrdiff_t speclen;
-        size_t idlen, kidlen;
        if (!subtype || !spec || !*spec)
                return 0;
@@ -55,23 +83,8 @@ static int asymmetric_key_match(const struct key *key, const void *description)
        speclen = id - spec;
        id++;
-        /* Anything after here requires a partial match on the ID string */
+        if (speclen == 2 && memcmp(spec, "id", 2) == 0)
-        kid = asymmetric_key_id(key);
+                return asymmetric_keyid_match(asymmetric_key_id(key), id);
-        if (!kid)
-                return 0;
-        idlen = strlen(id);
-        kidlen = strlen(kid);
-        if (idlen > kidlen)
-                return 0;
-        kid += kidlen - idlen;
-        if (strcasecmp(id, kid) != 0)
-                return 0;
-        if (speclen == 2 &&
-            memcmp(spec, "id", 2) == 0)
-                return 1;
        if (speclen == subtype->name_len &&
            memcmp(spec, subtype->name, speclen) == 0)
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index 3fc8a0634ed7..a0f7cd196c9b 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -18,11 +18,80 @@
 #include <linux/asn1_decoder.h>
 #include <keys/asymmetric-subtype.h>
 #include <keys/asymmetric-parser.h>
+#include <keys/system_keyring.h>
 #include <crypto/hash.h>
 #include "asymmetric_keys.h"
 #include "public_key.h"
 #include "x509_parser.h"
+static bool use_builtin_keys;
+static char *ca_keyid;
+#ifndef MODULE
+static int __init ca_keys_setup(char *str)
+{
+        if (!str)               /* default system keyring */
+                return 1;
+        if (strncmp(str, "id:", 3) == 0)
+                ca_keyid = str; /* owner key 'id:xxxxxx' */
+        else if (strcmp(str, "builtin") == 0)
+                use_builtin_keys = true;
+        return 1;
+}
+__setup("ca_keys=", ca_keys_setup);
+#endif
+/*
+ * Find a key in the given keyring by issuer and authority.
+ */
+static struct key *x509_request_asymmetric_key(struct key *keyring,
+                                               const char *signer,
+                                               size_t signer_len,
+                                               const char *authority,
+                                               size_t auth_len)
+{
+        key_ref_t key;
+        char *id;
+        /* Construct an identifier. */
+        id = kmalloc(signer_len + 2 + auth_len + 1, GFP_KERNEL);
+        if (!id)
+                return ERR_PTR(-ENOMEM);
+        memcpy(id, signer, signer_len);
+        id[signer_len + 0] = ':';
+        id[signer_len + 1] = ' ';
+        memcpy(id + signer_len + 2, authority, auth_len);
+        id[signer_len + 2 + auth_len] = 0;
+        pr_debug("Look up: \"%s\"\n", id);
+        key = keyring_search(make_key_ref(keyring, 1),
+                             &key_type_asymmetric, id);
+        if (IS_ERR(key))
+                pr_debug("Request for module key '%s' err %ld\n",
+                         id, PTR_ERR(key));
+        kfree(id);
+        if (IS_ERR(key)) {
+                switch (PTR_ERR(key)) {
+                        /* Hide some search errors */
+                case -EACCES:
+                case -ENOTDIR:
+                case -EAGAIN:
+                        return ERR_PTR(-ENOKEY);
+                default:
+                        return ERR_CAST(key);
+                }
+        }
+        pr_devel("<==%s() = 0 [%x]\n", __func__,
+                 key_serial(key_ref_to_ptr(key)));
+        return key_ref_to_ptr(key);
+}
 /*
 * Set up the signature parameters in an X.509 certificate.  This involves
 * digesting the signed data and extracting the signature.
@@ -103,6 +172,40 @@ int x509_check_signature(const struct public_key *pub,
 EXPORT_SYMBOL_GPL(x509_check_signature);
 /*
+ * Check the new certificate against the ones in the trust keyring.  If one of
+ * those is the signing key and validates the new certificate, then mark the
+ * new certificate as being trusted.
+ *
+ * Return 0 if the new certificate was successfully validated, 1 if we couldn't
+ * find a matching parent certificate in the trusted list and an error if there
+ * is a matching certificate but the signature check fails.
+ */
+static int x509_validate_trust(struct x509_certificate *cert,
+                               struct key *trust_keyring)
+{
+        struct key *key;
+        int ret = 1;
+        if (!trust_keyring)
+                return -EOPNOTSUPP;
+        if (ca_keyid && !asymmetric_keyid_match(cert->authority, ca_keyid))
+                return -EPERM;
+        key = x509_request_asymmetric_key(trust_keyring,
+                                          cert->issuer, strlen(cert->issuer),
+                                          cert->authority,
+                                          strlen(cert->authority));
+        if (!IS_ERR(key))  {
+                if (!use_builtin_keys
+                    || test_bit(KEY_FLAG_BUILTIN, &key->flags))
+                        ret = x509_check_signature(key->payload.data, cert);
+                key_put(key);
+        }
+        return ret;
+}
+/*
 * Attempt to parse a data blob for a key as an X509 certificate.
 */
 static int x509_key_preparse(struct key_preparsed_payload *prep)
@@ -155,9 +258,13 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
        /* Check the signature on the key if it appears to be self-signed */
        if (!cert->authority ||
            strcmp(cert->fingerprint, cert->authority) == 0) {
-                ret = x509_check_signature(cert->pub, cert);
+                ret = x509_check_signature(cert->pub, cert); /* self-signed */
                if (ret < 0)
                        goto error_free_cert;
+        } else if (!prep->trusted) {
+                ret = x509_validate_trust(cert, get_system_trusted_keyring());
+                if (!ret)
+                        prep->trusted = 1;
        }
        /* Propose a description */
author	David Howells <dhowells@redhat.com>	2014-07-22 16:54:43 -0400
committer	David Howells <dhowells@redhat.com>	2014-07-22 16:54:43 -0400
commit	64724cfc6eea920dbaada14f0fb978b1dd31192d (patch)
tree	d2f491be07a05e2d96b5c8b8e5a0a878f285eb22 /crypto
parent	6204e0025566ad3992ce649d4f44b7e8cdde2293 (diff)
parent	7d2ce2320e8efdc4a6dcbae7b329ed3f0d1cd778 (diff)

diff --git a/crypto/asymmetric_keys/asymmetric_keys.h b/crypto/asymmetric_keys/asymmetric_keys.h index 515b63430812..a63c551c6557 100644 --- a/crypto/asymmetric_keys/asymmetric_keys.h +++ b/crypto/asymmetric_keys/asymmetric_keys.h
@@ -9,6 +9,8 @@
9	* 2 of the Licence, or (at your option) any later version.	9	* 2 of the Licence, or (at your option) any later version.
10	*/	10	*/
11		11
		12	int asymmetric_keyid_match(const char kid, const char id);
		13
12	static inline const char asymmetric_key_id(const struct key key)	14	static inline const char asymmetric_key_id(const struct key key)
13	{	15	{
14	return key->type_data.p[1];	16	return key->type_data.p[1];


diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c index 21960a4e74e8..eb8cd46961a5 100644 --- a/crypto/asymmetric_keys/asymmetric_type.c +++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -23,6 +23,35 @@ static LIST_HEAD(asymmetric_key_parsers);
23	static DECLARE_RWSEM(asymmetric_key_parsers_sem);	23	static DECLARE_RWSEM(asymmetric_key_parsers_sem);
24		24
25	/*	25	/*
		26	* Match asymmetric key id with partial match
		27	* @id: key id to match in a form "id:<id>"
		28	*/
		29	int asymmetric_keyid_match(const char kid, const char id)
		30	{
		31	size_t idlen, kidlen;
		32
		33	if (!kid \|\| !id)
		34	return 0;
		35
		36	/* make it possible to use id as in the request: "id:<id>" */
		37	if (strncmp(id, "id:", 3) == 0)
		38	id += 3;
		39
		40	/* Anything after here requires a partial match on the ID string */
		41	idlen = strlen(id);
		42	kidlen = strlen(kid);
		43	if (idlen > kidlen)
		44	return 0;
		45
		46	kid += kidlen - idlen;
		47	if (strcasecmp(id, kid) != 0)
		48	return 0;
		49
		50	return 1;
		51	}
		52	EXPORT_SYMBOL_GPL(asymmetric_keyid_match);
		53
		54	/*
26	* Match asymmetric keys on (part of) their name	55	* Match asymmetric keys on (part of) their name
27	* We have some shorthand methods for matching keys. We allow:	56	* We have some shorthand methods for matching keys. We allow:
28	*	57	*
@@ -34,9 +63,8 @@ static int asymmetric_key_match(const struct key key, const void description)
34	{	63	{
35	const struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key);	64	const struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key);
36	const char *spec = description;	65	const char *spec = description;
37	const char id, kid;	66	const char *id;
38	ptrdiff_t speclen;	67	ptrdiff_t speclen;
39	size_t idlen, kidlen;
40		68
41	if (!subtype \|\| !spec \|\| !*spec)	69	if (!subtype \|\| !spec \|\| !*spec)
42	return 0;	70	return 0;
@@ -55,23 +83,8 @@ static int asymmetric_key_match(const struct key key, const void description)
55	speclen = id - spec;	83	speclen = id - spec;
56	id++;	84	id++;
57		85
58	/* Anything after here requires a partial match on the ID string */	86	if (speclen == 2 && memcmp(spec, "id", 2) == 0)
59	kid = asymmetric_key_id(key);	87	return asymmetric_keyid_match(asymmetric_key_id(key), id);
60	if (!kid)
61	return 0;
62
63	idlen = strlen(id);
64	kidlen = strlen(kid);
65	if (idlen > kidlen)
66	return 0;
67
68	kid += kidlen - idlen;
69	if (strcasecmp(id, kid) != 0)
70	return 0;
71
72	if (speclen == 2 &&
73	memcmp(spec, "id", 2) == 0)
74	return 1;
75		88
76	if (speclen == subtype->name_len &&	89	if (speclen == subtype->name_len &&
77	memcmp(spec, subtype->name, speclen) == 0)	90	memcmp(spec, subtype->name, speclen) == 0)


diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c index 3fc8a0634ed7..a0f7cd196c9b 100644 --- a/crypto/asymmetric_keys/x509_public_key.c +++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -18,11 +18,80 @@
18	#include <linux/asn1_decoder.h>	18	#include <linux/asn1_decoder.h>
19	#include <keys/asymmetric-subtype.h>	19	#include <keys/asymmetric-subtype.h>
20	#include <keys/asymmetric-parser.h>	20	#include <keys/asymmetric-parser.h>
		21	#include <keys/system_keyring.h>
21	#include <crypto/hash.h>	22	#include <crypto/hash.h>
22	#include "asymmetric_keys.h"	23	#include "asymmetric_keys.h"
23	#include "public_key.h"	24	#include "public_key.h"
24	#include "x509_parser.h"	25	#include "x509_parser.h"
25		26
		27	static bool use_builtin_keys;
		28	static char *ca_keyid;
		29
		30	#ifndef MODULE
		31	static int __init ca_keys_setup(char *str)
		32	{
		33	if (!str) /* default system keyring */
		34	return 1;
		35
		36	if (strncmp(str, "id:", 3) == 0)
		37	ca_keyid = str; /* owner key 'id:xxxxxx' */
		38	else if (strcmp(str, "builtin") == 0)
		39	use_builtin_keys = true;
		40
		41	return 1;
		42	}
		43	__setup("ca_keys=", ca_keys_setup);
		44	#endif
		45
		46	/*
		47	* Find a key in the given keyring by issuer and authority.
		48	*/
		49	static struct key x509_request_asymmetric_key(struct key keyring,
		50	const char *signer,
		51	size_t signer_len,
		52	const char *authority,
		53	size_t auth_len)
		54	{
		55	key_ref_t key;
		56	char *id;
		57
		58	/* Construct an identifier. */
		59	id = kmalloc(signer_len + 2 + auth_len + 1, GFP_KERNEL);
		60	if (!id)
		61	return ERR_PTR(-ENOMEM);
		62
		63	memcpy(id, signer, signer_len);
		64	id[signer_len + 0] = ':';
		65	id[signer_len + 1] = ' ';
		66	memcpy(id + signer_len + 2, authority, auth_len);
		67	id[signer_len + 2 + auth_len] = 0;
		68
		69	pr_debug("Look up: \"%s\"\n", id);
		70
		71	key = keyring_search(make_key_ref(keyring, 1),
		72	&key_type_asymmetric, id);
		73	if (IS_ERR(key))
		74	pr_debug("Request for module key '%s' err %ld\n",
		75	id, PTR_ERR(key));
		76	kfree(id);
		77
		78	if (IS_ERR(key)) {
		79	switch (PTR_ERR(key)) {
		80	/* Hide some search errors */
		81	case -EACCES:
		82	case -ENOTDIR:
		83	case -EAGAIN:
		84	return ERR_PTR(-ENOKEY);
		85	default:
		86	return ERR_CAST(key);
		87	}
		88	}
		89
		90	pr_devel("<==%s() = 0 [%x]\n", __func__,
		91	key_serial(key_ref_to_ptr(key)));
		92	return key_ref_to_ptr(key);
		93	}
		94
26	/*	95	/*
27	* Set up the signature parameters in an X.509 certificate. This involves	96	* Set up the signature parameters in an X.509 certificate. This involves
28	* digesting the signed data and extracting the signature.	97	* digesting the signed data and extracting the signature.
@@ -103,6 +172,40 @@ int x509_check_signature(const struct public_key *pub,
103	EXPORT_SYMBOL_GPL(x509_check_signature);	172	EXPORT_SYMBOL_GPL(x509_check_signature);
104		173
105	/*	174	/*
		175	* Check the new certificate against the ones in the trust keyring. If one of
		176	* those is the signing key and validates the new certificate, then mark the
		177	* new certificate as being trusted.
		178	*
		179	* Return 0 if the new certificate was successfully validated, 1 if we couldn't
		180	* find a matching parent certificate in the trusted list and an error if there
		181	* is a matching certificate but the signature check fails.
		182	*/
		183	static int x509_validate_trust(struct x509_certificate *cert,
		184	struct key *trust_keyring)
		185	{
		186	struct key *key;
		187	int ret = 1;
		188
		189	if (!trust_keyring)
		190	return -EOPNOTSUPP;
		191
		192	if (ca_keyid && !asymmetric_keyid_match(cert->authority, ca_keyid))
		193	return -EPERM;
		194
		195	key = x509_request_asymmetric_key(trust_keyring,
		196	cert->issuer, strlen(cert->issuer),
		197	cert->authority,
		198	strlen(cert->authority));
		199	if (!IS_ERR(key)) {
		200	if (!use_builtin_keys
		201	\|\| test_bit(KEY_FLAG_BUILTIN, &key->flags))
		202	ret = x509_check_signature(key->payload.data, cert);
		203	key_put(key);
		204	}
		205	return ret;
		206	}
		207
		208	/*
106	* Attempt to parse a data blob for a key as an X509 certificate.	209	* Attempt to parse a data blob for a key as an X509 certificate.
107	*/	210	*/
108	static int x509_key_preparse(struct key_preparsed_payload *prep)	211	static int x509_key_preparse(struct key_preparsed_payload *prep)
@@ -155,9 +258,13 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
155	/* Check the signature on the key if it appears to be self-signed */	258	/* Check the signature on the key if it appears to be self-signed */
156	if (!cert->authority \|\|	259	if (!cert->authority \|\|
157	strcmp(cert->fingerprint, cert->authority) == 0) {	260	strcmp(cert->fingerprint, cert->authority) == 0) {
158	ret = x509_check_signature(cert->pub, cert);	261	ret = x509_check_signature(cert->pub, cert); /* self-signed */
159	if (ret < 0)	262	if (ret < 0)
160	goto error_free_cert;	263	goto error_free_cert;
		264	} else if (!prep->trusted) {
		265	ret = x509_validate_trust(cert, get_system_trusted_keyring());
		266	if (!ret)
		267	prep->trusted = 1;
161	}	268	}
162		269
163	/* Propose a description */	270	/* Propose a description */