PKCS#7: Find intersection between PKCS#7 message and known, trusted keys
authorDavid Howells <dhowells@redhat.com>
Tue, 1 Jul 2014 15:40:20 +0000 (16:40 +0100)
committerDavid Howells <dhowells@redhat.com>
Tue, 8 Jul 2014 12:50:15 +0000 (13:50 +0100)
Find the intersection between the X.509 certificate chain contained in a PKCS#7
message and a set of keys that we already know and trust.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
crypto/asymmetric_keys/Makefile
crypto/asymmetric_keys/pkcs7_trust.c [new file with mode: 0644]
include/crypto/pkcs7.h

index b6b39e7bea01e5ef5e77a2d45cce68ef111ce5e0..d63cb4320b9620fd77644ac144ed117923069a8d 100644 (file)
@@ -33,6 +33,7 @@ obj-$(CONFIG_PKCS7_MESSAGE_PARSER) += pkcs7_message.o
 pkcs7_message-y := \
        pkcs7-asn1.o \
        pkcs7_parser.o \
+       pkcs7_trust.o \
        pkcs7_verify.o
 
 $(obj)/pkcs7_parser.o: $(obj)/pkcs7-asn1.h
diff --git a/crypto/asymmetric_keys/pkcs7_trust.c b/crypto/asymmetric_keys/pkcs7_trust.c
new file mode 100644 (file)
index 0000000..b6b0451
--- /dev/null
@@ -0,0 +1,219 @@
+/* Validate the trust chain of a PKCS#7 message.
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+
+#define pr_fmt(fmt) "PKCS7: "fmt
+#include <linux/kernel.h>
+#include <linux/export.h>
+#include <linux/slab.h>
+#include <linux/err.h>
+#include <linux/asn1.h>
+#include <linux/key.h>
+#include <keys/asymmetric-type.h>
+#include "public_key.h"
+#include "pkcs7_parser.h"
+
+/*
+ * Request an asymmetric key.
+ */
+static struct key *pkcs7_request_asymmetric_key(
+       struct key *keyring,
+       const char *signer, size_t signer_len,
+       const char *authority, size_t auth_len)
+{
+       key_ref_t key;
+       char *id;
+
+       kenter(",%zu,,%zu", signer_len, auth_len);
+
+       /* Construct an identifier. */
+       id = kmalloc(signer_len + 2 + auth_len + 1, GFP_KERNEL);
+       if (!id)
+               return ERR_PTR(-ENOMEM);
+
+       memcpy(id, signer, signer_len);
+       id[signer_len + 0] = ':';
+       id[signer_len + 1] = ' ';
+       memcpy(id + signer_len + 2, authority, auth_len);
+       id[signer_len + 2 + auth_len] = 0;
+
+       pr_debug("Look up: \"%s\"\n", id);
+
+       key = keyring_search(make_key_ref(keyring, 1),
+                            &key_type_asymmetric, id);
+       if (IS_ERR(key))
+               pr_debug("Request for module key '%s' err %ld\n",
+                        id, PTR_ERR(key));
+       kfree(id);
+
+       if (IS_ERR(key)) {
+               switch (PTR_ERR(key)) {
+                       /* Hide some search errors */
+               case -EACCES:
+               case -ENOTDIR:
+               case -EAGAIN:
+                       return ERR_PTR(-ENOKEY);
+               default:
+                       return ERR_CAST(key);
+               }
+       }
+
+       pr_devel("<==%s() = 0 [%x]\n", __func__, key_serial(key_ref_to_ptr(key)));
+       return key_ref_to_ptr(key);
+}
+
+/**
+ * Check the trust on one PKCS#7 SignedInfo block.
+ */
+int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
+                            struct pkcs7_signed_info *sinfo,
+                            struct key *trust_keyring)
+{
+       struct public_key_signature *sig = &sinfo->sig;
+       struct x509_certificate *x509, *last = NULL, *p;
+       struct key *key;
+       bool trusted;
+       int ret;
+
+       kenter(",%u,", sinfo->index);
+
+       for (x509 = sinfo->signer; x509; x509 = x509->signer) {
+               if (x509->seen) {
+                       if (x509->verified) {
+                               trusted = x509->trusted;
+                               goto verified;
+                       }
+                       kleave(" = -ENOKEY [cached]");
+                       return -ENOKEY;
+               }
+               x509->seen = true;
+
+               /* Look to see if this certificate is present in the trusted
+                * keys.
+                */
+               key = pkcs7_request_asymmetric_key(
+                       trust_keyring,
+                       x509->subject, strlen(x509->subject),
+                       x509->fingerprint, strlen(x509->fingerprint));
+               if (!IS_ERR(key))
+                       /* One of the X.509 certificates in the PKCS#7 message
+                        * is apparently the same as one we already trust.
+                        * Verify that the trusted variant can also validate
+                        * the signature on the descendant.
+                        */
+                       goto matched;
+               if (key == ERR_PTR(-ENOMEM))
+                       return -ENOMEM;
+
+                /* Self-signed certificates form roots of their own, and if we
+                 * don't know them, then we can't accept them.
+                 */
+               if (x509->next == x509) {
+                       kleave(" = -ENOKEY [unknown self-signed]");
+                       return -ENOKEY;
+               }
+
+               might_sleep();
+               last = x509;
+               sig = &last->sig;
+       }
+
+       /* No match - see if the root certificate has a signer amongst the
+        * trusted keys.
+        */
+       if (!last || !last->issuer || !last->authority) {
+               kleave(" = -ENOKEY [no backref]");
+               return -ENOKEY;
+       }
+
+       key = pkcs7_request_asymmetric_key(
+               trust_keyring,
+               last->issuer, strlen(last->issuer),
+               last->authority, strlen(last->authority));
+       if (IS_ERR(key))
+               return PTR_ERR(key) == -ENOMEM ? -ENOMEM : -ENOKEY;
+       x509 = last;
+
+matched:
+       ret = verify_signature(key, sig);
+       trusted = test_bit(KEY_FLAG_TRUSTED, &key->flags);
+       key_put(key);
+       if (ret < 0) {
+               if (ret == -ENOMEM)
+                       return ret;
+               kleave(" = -EKEYREJECTED [verify %d]", ret);
+               return -EKEYREJECTED;
+       }
+
+verified:
+       x509->verified = true;
+       for (p = sinfo->signer; p != x509; p = p->signer) {
+               p->verified = true;
+               p->trusted = trusted;
+       }
+       sinfo->trusted = trusted;
+       kleave(" = 0");
+       return 0;
+}
+
+/**
+ * pkcs7_validate_trust - Validate PKCS#7 trust chain
+ * @pkcs7: The PKCS#7 certificate to validate
+ * @trust_keyring: Signing certificates to use as starting points
+ * @_trusted: Set to true if trustworth, false otherwise
+ *
+ * Validate that the certificate chain inside the PKCS#7 message intersects
+ * keys we already know and trust.
+ *
+ * Returns, in order of descending priority:
+ *
+ *  (*) -EKEYREJECTED if a signature failed to match for which we have a valid
+ *     key, or:
+ *
+ *  (*) 0 if at least one signature chain intersects with the keys in the trust
+ *     keyring, or:
+ *
+ *  (*) -ENOPKG if a suitable crypto module couldn't be found for a check on a
+ *     chain.
+ *
+ *  (*) -ENOKEY if we couldn't find a match for any of the signature chains in
+ *     the message.
+ *
+ * May also return -ENOMEM.
+ */
+int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
+                        struct key *trust_keyring,
+                        bool *_trusted)
+{
+       struct pkcs7_signed_info *sinfo;
+       struct x509_certificate *p;
+       int cached_ret = 0, ret;
+
+       for (p = pkcs7->certs; p; p = p->next)
+               p->seen = false;
+
+       for (sinfo = pkcs7->signed_infos; sinfo; sinfo = sinfo->next) {
+               ret = pkcs7_validate_trust_one(pkcs7, sinfo, trust_keyring);
+               if (ret < 0) {
+                       if (ret == -ENOPKG) {
+                               cached_ret = -ENOPKG;
+                       } else if (ret == -ENOKEY) {
+                               if (cached_ret == 0)
+                                       cached_ret = -ENOKEY;
+                       } else {
+                               return ret;
+                       }
+               }
+               *_trusted |= sinfo->trusted;
+       }
+
+       return cached_ret;
+}
+EXPORT_SYMBOL_GPL(pkcs7_validate_trust);
index 8ba0f3810d6718656e07374e5564d9658173ffdc..691c79172a269152cf22c1a5d8a5455c736bb835 100644 (file)
@@ -9,6 +9,7 @@
  * 2 of the Licence, or (at your option) any later version.
  */
 
+struct key;
 struct pkcs7_message;
 
 /*
@@ -22,6 +23,13 @@ extern int pkcs7_get_content_data(const struct pkcs7_message *pkcs7,
                                  const void **_data, size_t *_datalen,
                                  bool want_wrapper);
 
+/*
+ * pkcs7_trust.c
+ */
+extern int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
+                               struct key *trust_keyring,
+                               bool *_trusted);
+
 /*
  * pkcs7_verify.c
  */