blob: f6a009d88a33fb550654b11d2cfc4460c733a049 [file] [log] [blame]
David Howells08815b62014-07-01 16:40:20 +01001/* Validate the trust chain of a PKCS#7 message.
2 *
3 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
10 */
11
12#define pr_fmt(fmt) "PKCS7: "fmt
13#include <linux/kernel.h>
14#include <linux/export.h>
15#include <linux/slab.h>
16#include <linux/err.h>
17#include <linux/asn1.h>
18#include <linux/key.h>
19#include <keys/asymmetric-type.h>
Tadeusz Strukdb6c43b2016-02-02 10:08:53 -080020#include <crypto/public_key.h>
David Howells08815b62014-07-01 16:40:20 +010021#include "pkcs7_parser.h"
22
David Howells08815b62014-07-01 16:40:20 +010023/**
24 * Check the trust on one PKCS#7 SignedInfo block.
25 */
David Howells15155b92014-09-16 17:07:07 +010026static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
27 struct pkcs7_signed_info *sinfo,
28 struct key *trust_keyring)
David Howells08815b62014-07-01 16:40:20 +010029{
David Howells566a1172016-04-06 16:13:33 +010030 struct public_key_signature *sig = sinfo->sig;
David Howells08815b62014-07-01 16:40:20 +010031 struct x509_certificate *x509, *last = NULL, *p;
32 struct key *key;
David Howells08815b62014-07-01 16:40:20 +010033 int ret;
34
35 kenter(",%u,", sinfo->index);
36
David Howells41559422014-09-16 17:36:15 +010037 if (sinfo->unsupported_crypto) {
38 kleave(" = -ENOPKG [cached]");
39 return -ENOPKG;
40 }
41
David Howells08815b62014-07-01 16:40:20 +010042 for (x509 = sinfo->signer; x509; x509 = x509->signer) {
43 if (x509->seen) {
David Howellsbda850c2016-04-06 16:14:24 +010044 if (x509->verified)
David Howells08815b62014-07-01 16:40:20 +010045 goto verified;
David Howells08815b62014-07-01 16:40:20 +010046 kleave(" = -ENOKEY [cached]");
47 return -ENOKEY;
48 }
49 x509->seen = true;
50
51 /* Look to see if this certificate is present in the trusted
52 * keys.
53 */
David Howells9eb02982016-04-06 16:14:25 +010054 key = find_asymmetric_key(trust_keyring,
55 x509->id, x509->skid, false);
David Howells757932e2014-09-16 17:36:17 +010056 if (!IS_ERR(key)) {
David Howells08815b62014-07-01 16:40:20 +010057 /* One of the X.509 certificates in the PKCS#7 message
58 * is apparently the same as one we already trust.
59 * Verify that the trusted variant can also validate
60 * the signature on the descendant.
61 */
David Howells757932e2014-09-16 17:36:17 +010062 pr_devel("sinfo %u: Cert %u as key %x\n",
63 sinfo->index, x509->index, key_serial(key));
David Howells08815b62014-07-01 16:40:20 +010064 goto matched;
David Howells757932e2014-09-16 17:36:17 +010065 }
David Howells08815b62014-07-01 16:40:20 +010066 if (key == ERR_PTR(-ENOMEM))
67 return -ENOMEM;
68
69 /* Self-signed certificates form roots of their own, and if we
70 * don't know them, then we can't accept them.
71 */
72 if (x509->next == x509) {
73 kleave(" = -ENOKEY [unknown self-signed]");
74 return -ENOKEY;
75 }
76
77 might_sleep();
78 last = x509;
David Howells77d09102016-04-06 16:13:33 +010079 sig = last->sig;
David Howells08815b62014-07-01 16:40:20 +010080 }
81
82 /* No match - see if the root certificate has a signer amongst the
83 * trusted keys.
84 */
David Howells77d09102016-04-06 16:13:33 +010085 if (last && (last->sig->auth_ids[0] || last->sig->auth_ids[1])) {
David Howells9eb02982016-04-06 16:14:25 +010086 key = find_asymmetric_key(trust_keyring,
87 last->sig->auth_ids[0],
88 last->sig->auth_ids[1],
89 false);
David Howells757932e2014-09-16 17:36:17 +010090 if (!IS_ERR(key)) {
91 x509 = last;
92 pr_devel("sinfo %u: Root cert %u signer is key %x\n",
93 sinfo->index, x509->index, key_serial(key));
94 goto matched;
95 }
96 if (PTR_ERR(key) != -ENOKEY)
97 return PTR_ERR(key);
David Howells08815b62014-07-01 16:40:20 +010098 }
99
David Howells757932e2014-09-16 17:36:17 +0100100 /* As a last resort, see if we have a trusted public key that matches
101 * the signed info directly.
102 */
David Howells9eb02982016-04-06 16:14:25 +0100103 key = find_asymmetric_key(trust_keyring,
104 sinfo->sig->auth_ids[0], NULL, false);
David Howells757932e2014-09-16 17:36:17 +0100105 if (!IS_ERR(key)) {
106 pr_devel("sinfo %u: Direct signer is key %x\n",
107 sinfo->index, key_serial(key));
108 x509 = NULL;
109 goto matched;
110 }
111 if (PTR_ERR(key) != -ENOKEY)
112 return PTR_ERR(key);
113
114 kleave(" = -ENOKEY [no backref]");
115 return -ENOKEY;
David Howells08815b62014-07-01 16:40:20 +0100116
117matched:
118 ret = verify_signature(key, sig);
David Howells08815b62014-07-01 16:40:20 +0100119 key_put(key);
120 if (ret < 0) {
121 if (ret == -ENOMEM)
122 return ret;
123 kleave(" = -EKEYREJECTED [verify %d]", ret);
124 return -EKEYREJECTED;
125 }
126
127verified:
David Howells757932e2014-09-16 17:36:17 +0100128 if (x509) {
129 x509->verified = true;
David Howellsbda850c2016-04-06 16:14:24 +0100130 for (p = sinfo->signer; p != x509; p = p->signer)
David Howells757932e2014-09-16 17:36:17 +0100131 p->verified = true;
David Howells08815b62014-07-01 16:40:20 +0100132 }
David Howells08815b62014-07-01 16:40:20 +0100133 kleave(" = 0");
134 return 0;
135}
136
137/**
138 * pkcs7_validate_trust - Validate PKCS#7 trust chain
139 * @pkcs7: The PKCS#7 certificate to validate
140 * @trust_keyring: Signing certificates to use as starting points
David Howells08815b62014-07-01 16:40:20 +0100141 *
142 * Validate that the certificate chain inside the PKCS#7 message intersects
143 * keys we already know and trust.
144 *
145 * Returns, in order of descending priority:
146 *
147 * (*) -EKEYREJECTED if a signature failed to match for which we have a valid
148 * key, or:
149 *
150 * (*) 0 if at least one signature chain intersects with the keys in the trust
151 * keyring, or:
152 *
153 * (*) -ENOPKG if a suitable crypto module couldn't be found for a check on a
154 * chain.
155 *
156 * (*) -ENOKEY if we couldn't find a match for any of the signature chains in
157 * the message.
158 *
159 * May also return -ENOMEM.
160 */
161int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
David Howellsbda850c2016-04-06 16:14:24 +0100162 struct key *trust_keyring)
David Howells08815b62014-07-01 16:40:20 +0100163{
164 struct pkcs7_signed_info *sinfo;
165 struct x509_certificate *p;
David Howells41559422014-09-16 17:36:15 +0100166 int cached_ret = -ENOKEY;
167 int ret;
David Howells08815b62014-07-01 16:40:20 +0100168
169 for (p = pkcs7->certs; p; p = p->next)
170 p->seen = false;
171
172 for (sinfo = pkcs7->signed_infos; sinfo; sinfo = sinfo->next) {
173 ret = pkcs7_validate_trust_one(pkcs7, sinfo, trust_keyring);
David Howells41559422014-09-16 17:36:15 +0100174 switch (ret) {
175 case -ENOKEY:
176 continue;
177 case -ENOPKG:
178 if (cached_ret == -ENOKEY)
David Howells08815b62014-07-01 16:40:20 +0100179 cached_ret = -ENOPKG;
David Howells41559422014-09-16 17:36:15 +0100180 continue;
181 case 0:
David Howells41559422014-09-16 17:36:15 +0100182 cached_ret = 0;
183 continue;
184 default:
185 return ret;
David Howells08815b62014-07-01 16:40:20 +0100186 }
David Howells08815b62014-07-01 16:40:20 +0100187 }
188
189 return cached_ret;
190}
191EXPORT_SYMBOL_GPL(pkcs7_validate_trust);