Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/* Validate the trust chain of a PKCS#7 message.
3 *
4 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
5 * Written by David Howells (dhowells@redhat.com)
6 */
7
8#define pr_fmt(fmt) "PKCS7: "fmt
9#include <linux/kernel.h>
10#include <linux/export.h>
11#include <linux/slab.h>
12#include <linux/err.h>
13#include <linux/asn1.h>
14#include <linux/key.h>
15#include <keys/asymmetric-type.h>
16#include <crypto/public_key.h>
17#include "pkcs7_parser.h"
18
19/**
20 * Check the trust on one PKCS#7 SignedInfo block.
21 */
22static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
23 struct pkcs7_signed_info *sinfo,
24 struct key *trust_keyring)
25{
26 struct public_key_signature *sig = sinfo->sig;
27 struct x509_certificate *x509, *last = NULL, *p;
28 struct key *key;
29 int ret;
30
31 kenter(",%u,", sinfo->index);
32
33 if (sinfo->unsupported_crypto) {
34 kleave(" = -ENOPKG [cached]");
35 return -ENOPKG;
36 }
37
38 for (x509 = sinfo->signer; x509; x509 = x509->signer) {
39 if (x509->seen) {
40 if (x509->verified)
41 goto verified;
42 kleave(" = -ENOKEY [cached]");
43 return -ENOKEY;
44 }
45 x509->seen = true;
46
47 /* Look to see if this certificate is present in the trusted
48 * keys.
49 */
50 key = find_asymmetric_key(trust_keyring,
51 x509->id, x509->skid, false);
52 if (!IS_ERR(key)) {
53 /* One of the X.509 certificates in the PKCS#7 message
54 * is apparently the same as one we already trust.
55 * Verify that the trusted variant can also validate
56 * the signature on the descendant.
57 */
58 pr_devel("sinfo %u: Cert %u as key %x\n",
59 sinfo->index, x509->index, key_serial(key));
60 goto matched;
61 }
62 if (key == ERR_PTR(-ENOMEM))
63 return -ENOMEM;
64
65 /* Self-signed certificates form roots of their own, and if we
66 * don't know them, then we can't accept them.
67 */
68 if (x509->signer == x509) {
69 kleave(" = -ENOKEY [unknown self-signed]");
70 return -ENOKEY;
71 }
72
73 might_sleep();
74 last = x509;
75 sig = last->sig;
76 }
77
78 /* No match - see if the root certificate has a signer amongst the
79 * trusted keys.
80 */
81 if (last && (last->sig->auth_ids[0] || last->sig->auth_ids[1])) {
82 key = find_asymmetric_key(trust_keyring,
83 last->sig->auth_ids[0],
84 last->sig->auth_ids[1],
85 false);
86 if (!IS_ERR(key)) {
87 x509 = last;
88 pr_devel("sinfo %u: Root cert %u signer is key %x\n",
89 sinfo->index, x509->index, key_serial(key));
90 goto matched;
91 }
92 if (PTR_ERR(key) != -ENOKEY)
93 return PTR_ERR(key);
94 }
95
96 /* As a last resort, see if we have a trusted public key that matches
97 * the signed info directly.
98 */
99 key = find_asymmetric_key(trust_keyring,
100 sinfo->sig->auth_ids[0], NULL, false);
101 if (!IS_ERR(key)) {
102 pr_devel("sinfo %u: Direct signer is key %x\n",
103 sinfo->index, key_serial(key));
104 x509 = NULL;
105 sig = sinfo->sig;
106 goto matched;
107 }
108 if (PTR_ERR(key) != -ENOKEY)
109 return PTR_ERR(key);
110
111 kleave(" = -ENOKEY [no backref]");
112 return -ENOKEY;
113
114matched:
115 ret = verify_signature(key, sig);
116 key_put(key);
117 if (ret < 0) {
118 if (ret == -ENOMEM)
119 return ret;
120 kleave(" = -EKEYREJECTED [verify %d]", ret);
121 return -EKEYREJECTED;
122 }
123
124verified:
125 if (x509) {
126 x509->verified = true;
127 for (p = sinfo->signer; p != x509; p = p->signer)
128 p->verified = true;
129 }
130 kleave(" = 0");
131 return 0;
132}
133
134/**
135 * pkcs7_validate_trust - Validate PKCS#7 trust chain
136 * @pkcs7: The PKCS#7 certificate to validate
137 * @trust_keyring: Signing certificates to use as starting points
138 *
139 * Validate that the certificate chain inside the PKCS#7 message intersects
140 * keys we already know and trust.
141 *
142 * Returns, in order of descending priority:
143 *
144 * (*) -EKEYREJECTED if a signature failed to match for which we have a valid
145 * key, or:
146 *
147 * (*) 0 if at least one signature chain intersects with the keys in the trust
148 * keyring, or:
149 *
150 * (*) -ENOPKG if a suitable crypto module couldn't be found for a check on a
151 * chain.
152 *
153 * (*) -ENOKEY if we couldn't find a match for any of the signature chains in
154 * the message.
155 *
156 * May also return -ENOMEM.
157 */
158int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
159 struct key *trust_keyring)
160{
161 struct pkcs7_signed_info *sinfo;
162 struct x509_certificate *p;
163 int cached_ret = -ENOKEY;
164 int ret;
165
166 for (p = pkcs7->certs; p; p = p->next)
167 p->seen = false;
168
169 for (sinfo = pkcs7->signed_infos; sinfo; sinfo = sinfo->next) {
170 ret = pkcs7_validate_trust_one(pkcs7, sinfo, trust_keyring);
171 switch (ret) {
172 case -ENOKEY:
173 continue;
174 case -ENOPKG:
175 if (cached_ret == -ENOKEY)
176 cached_ret = -ENOPKG;
177 continue;
178 case 0:
179 cached_ret = 0;
180 continue;
181 default:
182 return ret;
183 }
184 }
185
186 return cached_ret;
187}
188EXPORT_SYMBOL_GPL(pkcs7_validate_trust);
1/* Validate the trust chain of a PKCS#7 message.
2 *
3 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
10 */
11
12#define pr_fmt(fmt) "PKCS7: "fmt
13#include <linux/kernel.h>
14#include <linux/export.h>
15#include <linux/slab.h>
16#include <linux/err.h>
17#include <linux/asn1.h>
18#include <linux/key.h>
19#include <keys/asymmetric-type.h>
20#include <crypto/public_key.h>
21#include "pkcs7_parser.h"
22
23/**
24 * Check the trust on one PKCS#7 SignedInfo block.
25 */
26static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
27 struct pkcs7_signed_info *sinfo,
28 struct key *trust_keyring)
29{
30 struct public_key_signature *sig = sinfo->sig;
31 struct x509_certificate *x509, *last = NULL, *p;
32 struct key *key;
33 int ret;
34
35 kenter(",%u,", sinfo->index);
36
37 if (sinfo->unsupported_crypto) {
38 kleave(" = -ENOPKG [cached]");
39 return -ENOPKG;
40 }
41
42 for (x509 = sinfo->signer; x509; x509 = x509->signer) {
43 if (x509->seen) {
44 if (x509->verified)
45 goto verified;
46 kleave(" = -ENOKEY [cached]");
47 return -ENOKEY;
48 }
49 x509->seen = true;
50
51 /* Look to see if this certificate is present in the trusted
52 * keys.
53 */
54 key = find_asymmetric_key(trust_keyring,
55 x509->id, x509->skid, false);
56 if (!IS_ERR(key)) {
57 /* One of the X.509 certificates in the PKCS#7 message
58 * is apparently the same as one we already trust.
59 * Verify that the trusted variant can also validate
60 * the signature on the descendant.
61 */
62 pr_devel("sinfo %u: Cert %u as key %x\n",
63 sinfo->index, x509->index, key_serial(key));
64 goto matched;
65 }
66 if (key == ERR_PTR(-ENOMEM))
67 return -ENOMEM;
68
69 /* Self-signed certificates form roots of their own, and if we
70 * don't know them, then we can't accept them.
71 */
72 if (x509->signer == x509) {
73 kleave(" = -ENOKEY [unknown self-signed]");
74 return -ENOKEY;
75 }
76
77 might_sleep();
78 last = x509;
79 sig = last->sig;
80 }
81
82 /* No match - see if the root certificate has a signer amongst the
83 * trusted keys.
84 */
85 if (last && (last->sig->auth_ids[0] || last->sig->auth_ids[1])) {
86 key = find_asymmetric_key(trust_keyring,
87 last->sig->auth_ids[0],
88 last->sig->auth_ids[1],
89 false);
90 if (!IS_ERR(key)) {
91 x509 = last;
92 pr_devel("sinfo %u: Root cert %u signer is key %x\n",
93 sinfo->index, x509->index, key_serial(key));
94 goto matched;
95 }
96 if (PTR_ERR(key) != -ENOKEY)
97 return PTR_ERR(key);
98 }
99
100 /* As a last resort, see if we have a trusted public key that matches
101 * the signed info directly.
102 */
103 key = find_asymmetric_key(trust_keyring,
104 sinfo->sig->auth_ids[0], NULL, false);
105 if (!IS_ERR(key)) {
106 pr_devel("sinfo %u: Direct signer is key %x\n",
107 sinfo->index, key_serial(key));
108 x509 = NULL;
109 sig = sinfo->sig;
110 goto matched;
111 }
112 if (PTR_ERR(key) != -ENOKEY)
113 return PTR_ERR(key);
114
115 kleave(" = -ENOKEY [no backref]");
116 return -ENOKEY;
117
118matched:
119 ret = verify_signature(key, sig);
120 key_put(key);
121 if (ret < 0) {
122 if (ret == -ENOMEM)
123 return ret;
124 kleave(" = -EKEYREJECTED [verify %d]", ret);
125 return -EKEYREJECTED;
126 }
127
128verified:
129 if (x509) {
130 x509->verified = true;
131 for (p = sinfo->signer; p != x509; p = p->signer)
132 p->verified = true;
133 }
134 kleave(" = 0");
135 return 0;
136}
137
138/**
139 * pkcs7_validate_trust - Validate PKCS#7 trust chain
140 * @pkcs7: The PKCS#7 certificate to validate
141 * @trust_keyring: Signing certificates to use as starting points
142 *
143 * Validate that the certificate chain inside the PKCS#7 message intersects
144 * keys we already know and trust.
145 *
146 * Returns, in order of descending priority:
147 *
148 * (*) -EKEYREJECTED if a signature failed to match for which we have a valid
149 * key, or:
150 *
151 * (*) 0 if at least one signature chain intersects with the keys in the trust
152 * keyring, or:
153 *
154 * (*) -ENOPKG if a suitable crypto module couldn't be found for a check on a
155 * chain.
156 *
157 * (*) -ENOKEY if we couldn't find a match for any of the signature chains in
158 * the message.
159 *
160 * May also return -ENOMEM.
161 */
162int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
163 struct key *trust_keyring)
164{
165 struct pkcs7_signed_info *sinfo;
166 struct x509_certificate *p;
167 int cached_ret = -ENOKEY;
168 int ret;
169
170 for (p = pkcs7->certs; p; p = p->next)
171 p->seen = false;
172
173 for (sinfo = pkcs7->signed_infos; sinfo; sinfo = sinfo->next) {
174 ret = pkcs7_validate_trust_one(pkcs7, sinfo, trust_keyring);
175 switch (ret) {
176 case -ENOKEY:
177 continue;
178 case -ENOPKG:
179 if (cached_ret == -ENOKEY)
180 cached_ret = -ENOPKG;
181 continue;
182 case 0:
183 cached_ret = 0;
184 continue;
185 default:
186 return ret;
187 }
188 }
189
190 return cached_ret;
191}
192EXPORT_SYMBOL_GPL(pkcs7_validate_trust);