LXR linux/crypto/asymmetric_keys/pkcs7

   1/* Validate the trust chain of a PKCS#7 message.
   2 *
   3 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
   4 * Written by David Howells (dhowells@redhat.com)
   5 *
   6 * This program is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU General Public Licence
   8 * as published by the Free Software Foundation; either version
   9 * 2 of the Licence, or (at your option) any later version.
  10 */
  11
  12#define pr_fmt(fmt) "PKCS7: "fmt
  13#include <linux/kernel.h>
  14#include <linux/export.h>
  15#include <linux/slab.h>
  16#include <linux/err.h>
  17#include <linux/asn1.h>
  18#include <linux/key.h>
  19#include <keys/asymmetric-type.h>
  20#include <crypto/public_key.h>
  21#include "pkcs7_parser.h"
  22
  23/**
  24 * Check the trust on one PKCS#7 SignedInfo block.
  25 */
  26static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
  27                                    struct pkcs7_signed_info *sinfo,
  28                                    struct key *trust_keyring)
  29{
  30        struct public_key_signature *sig = sinfo->sig;
  31        struct x509_certificate *x509, *last = NULL, *p;
  32        struct key *key;
  33        int ret;
  34
  35        kenter(",%u,", sinfo->index);
  36
  37        if (sinfo->unsupported_crypto) {
  38                kleave(" = -ENOPKG [cached]");
  39                return -ENOPKG;
  40        }
  41
  42        for (x509 = sinfo->signer; x509; x509 = x509->signer) {
  43                if (x509->seen) {
  44                        if (x509->verified)
  45                                goto verified;
  46                        kleave(" = -ENOKEY [cached]");
  47                        return -ENOKEY;
  48                }
  49                x509->seen = true;
  50
  51                /* Look to see if this certificate is present in the trusted
  52                 * keys.
  53                 */
  54                key = find_asymmetric_key(trust_keyring,
  55                                          x509->id, x509->skid, false);
  56                if (!IS_ERR(key)) {
  57                        /* One of the X.509 certificates in the PKCS#7 message
  58                         * is apparently the same as one we already trust.
  59                         * Verify that the trusted variant can also validate
  60                         * the signature on the descendant.
  61                         */
  62                        pr_devel("sinfo %u: Cert %u as key %x\n",
  63                                 sinfo->index, x509->index, key_serial(key));
  64                        goto matched;
  65                }
  66                if (key == ERR_PTR(-ENOMEM))
  67                        return -ENOMEM;
  68
  69                 /* Self-signed certificates form roots of their own, and if we
  70                  * don't know them, then we can't accept them.
  71                  */
  72                if (x509->next == x509) {
  73                        kleave(" = -ENOKEY [unknown self-signed]");
  74                        return -ENOKEY;
  75                }
  76
  77                might_sleep();
  78                last = x509;
  79                sig = last->sig;
  80        }
  81
  82        /* No match - see if the root certificate has a signer amongst the
  83         * trusted keys.
  84         */
  85        if (last && (last->sig->auth_ids[0] || last->sig->auth_ids[1])) {
  86                key = find_asymmetric_key(trust_keyring,
  87                                          last->sig->auth_ids[0],
  88                                          last->sig->auth_ids[1],
  89                                          false);
  90                if (!IS_ERR(key)) {
  91                        x509 = last;
  92                        pr_devel("sinfo %u: Root cert %u signer is key %x\n",
  93                                 sinfo->index, x509->index, key_serial(key));
  94                        goto matched;
  95                }
  96                if (PTR_ERR(key) != -ENOKEY)
  97                        return PTR_ERR(key);
  98        }
  99
 100        /* As a last resort, see if we have a trusted public key that matches
 101         * the signed info directly.
 102         */
 103        key = find_asymmetric_key(trust_keyring,
 104                                  sinfo->sig->auth_ids[0], NULL, false);
 105        if (!IS_ERR(key)) {
 106                pr_devel("sinfo %u: Direct signer is key %x\n",
 107                         sinfo->index, key_serial(key));
 108                x509 = NULL;
 109                goto matched;
 110        }
 111        if (PTR_ERR(key) != -ENOKEY)
 112                return PTR_ERR(key);
 113
 114        kleave(" = -ENOKEY [no backref]");
 115        return -ENOKEY;
 116
 117matched:
 118        ret = verify_signature(key, sig);
 119        key_put(key);
 120        if (ret < 0) {
 121                if (ret == -ENOMEM)
 122                        return ret;
 123                kleave(" = -EKEYREJECTED [verify %d]", ret);
 124                return -EKEYREJECTED;
 125        }
 126
 127verified:
 128        if (x509) {
 129                x509->verified = true;
 130                for (p = sinfo->signer; p != x509; p = p->signer)
 131                        p->verified = true;
 132        }
 133        kleave(" = 0");
 134        return 0;
 135}
 136
 137/**
 138 * pkcs7_validate_trust - Validate PKCS#7 trust chain
 139 * @pkcs7: The PKCS#7 certificate to validate
 140 * @trust_keyring: Signing certificates to use as starting points
 141 *
 142 * Validate that the certificate chain inside the PKCS#7 message intersects
 143 * keys we already know and trust.
 144 *
 145 * Returns, in order of descending priority:
 146 *
 147 *  (*) -EKEYREJECTED if a signature failed to match for which we have a valid
 148 *      key, or:
 149 *
 150 *  (*) 0 if at least one signature chain intersects with the keys in the trust
 151 *      keyring, or:
 152 *
 153 *  (*) -ENOPKG if a suitable crypto module couldn't be found for a check on a
 154 *      chain.
 155 *
 156 *  (*) -ENOKEY if we couldn't find a match for any of the signature chains in
 157 *      the message.
 158 *
 159 * May also return -ENOMEM.
 160 */
 161int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
 162                         struct key *trust_keyring)
 163{
 164        struct pkcs7_signed_info *sinfo;
 165        struct x509_certificate *p;
 166        int cached_ret = -ENOKEY;
 167        int ret;
 168
 169        for (p = pkcs7->certs; p; p = p->next)
 170                p->seen = false;
 171
 172        for (sinfo = pkcs7->signed_infos; sinfo; sinfo = sinfo->next) {
 173                ret = pkcs7_validate_trust_one(pkcs7, sinfo, trust_keyring);
 174                switch (ret) {
 175                case -ENOKEY:
 176                        continue;
 177                case -ENOPKG:
 178                        if (cached_ret == -ENOKEY)
 179                                cached_ret = -ENOPKG;
 180                        continue;
 181                case 0:
 182                        cached_ret = 0;
 183                        continue;
 184                default:
 185                        return ret;
 186                }
 187        }
 188
 189        return cached_ret;
 190}
 191EXPORT_SYMBOL_GPL(pkcs7_validate_trust);
 192