blob: 90d6d47965b0826d40e795bc68f563aa2f033856 [file] [log] [blame]
David Howells08815b62014-07-01 16:40:20 +01001/* Validate the trust chain of a PKCS#7 message.
2 *
3 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
10 */
11
12#define pr_fmt(fmt) "PKCS7: "fmt
13#include <linux/kernel.h>
14#include <linux/export.h>
15#include <linux/slab.h>
16#include <linux/err.h>
17#include <linux/asn1.h>
18#include <linux/key.h>
19#include <keys/asymmetric-type.h>
20#include "public_key.h"
21#include "pkcs7_parser.h"
22
David Howells08815b62014-07-01 16:40:20 +010023/**
24 * Check the trust on one PKCS#7 SignedInfo block.
25 */
David Howells15155b92014-09-16 17:07:07 +010026static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
27 struct pkcs7_signed_info *sinfo,
28 struct key *trust_keyring)
David Howells08815b62014-07-01 16:40:20 +010029{
30 struct public_key_signature *sig = &sinfo->sig;
31 struct x509_certificate *x509, *last = NULL, *p;
32 struct key *key;
33 bool trusted;
34 int ret;
35
36 kenter(",%u,", sinfo->index);
37
David Howells41559422014-09-16 17:36:15 +010038 if (sinfo->unsupported_crypto) {
39 kleave(" = -ENOPKG [cached]");
40 return -ENOPKG;
41 }
42
David Howells08815b62014-07-01 16:40:20 +010043 for (x509 = sinfo->signer; x509; x509 = x509->signer) {
44 if (x509->seen) {
45 if (x509->verified) {
46 trusted = x509->trusted;
47 goto verified;
48 }
49 kleave(" = -ENOKEY [cached]");
50 return -ENOKEY;
51 }
52 x509->seen = true;
53
54 /* Look to see if this certificate is present in the trusted
55 * keys.
56 */
David Howells4573b642015-07-20 21:16:26 +010057 key = x509_request_asymmetric_key(trust_keyring,
58 x509->id, x509->skid,
Dmitry Kasatkinf1b731d2014-10-06 15:21:05 +010059 false);
David Howells757932e2014-09-16 17:36:17 +010060 if (!IS_ERR(key)) {
David Howells08815b62014-07-01 16:40:20 +010061 /* One of the X.509 certificates in the PKCS#7 message
62 * is apparently the same as one we already trust.
63 * Verify that the trusted variant can also validate
64 * the signature on the descendant.
65 */
David Howells757932e2014-09-16 17:36:17 +010066 pr_devel("sinfo %u: Cert %u as key %x\n",
67 sinfo->index, x509->index, key_serial(key));
David Howells08815b62014-07-01 16:40:20 +010068 goto matched;
David Howells757932e2014-09-16 17:36:17 +010069 }
David Howells08815b62014-07-01 16:40:20 +010070 if (key == ERR_PTR(-ENOMEM))
71 return -ENOMEM;
72
73 /* Self-signed certificates form roots of their own, and if we
74 * don't know them, then we can't accept them.
75 */
76 if (x509->next == x509) {
77 kleave(" = -ENOKEY [unknown self-signed]");
78 return -ENOKEY;
79 }
80
81 might_sleep();
82 last = x509;
83 sig = &last->sig;
84 }
85
86 /* No match - see if the root certificate has a signer amongst the
87 * trusted keys.
88 */
David Howells4573b642015-07-20 21:16:26 +010089 if (last && (last->akid_id || last->akid_skid)) {
90 key = x509_request_asymmetric_key(trust_keyring,
91 last->akid_id,
92 last->akid_skid,
Dmitry Kasatkinf1b731d2014-10-06 15:21:05 +010093 false);
David Howells757932e2014-09-16 17:36:17 +010094 if (!IS_ERR(key)) {
95 x509 = last;
96 pr_devel("sinfo %u: Root cert %u signer is key %x\n",
97 sinfo->index, x509->index, key_serial(key));
98 goto matched;
99 }
100 if (PTR_ERR(key) != -ENOKEY)
101 return PTR_ERR(key);
David Howells08815b62014-07-01 16:40:20 +0100102 }
103
David Howells757932e2014-09-16 17:36:17 +0100104 /* As a last resort, see if we have a trusted public key that matches
105 * the signed info directly.
106 */
107 key = x509_request_asymmetric_key(trust_keyring,
Dmitry Kasatkinf1b731d2014-10-06 15:21:05 +0100108 sinfo->signing_cert_id,
David Howells4573b642015-07-20 21:16:26 +0100109 NULL,
Dmitry Kasatkinf1b731d2014-10-06 15:21:05 +0100110 false);
David Howells757932e2014-09-16 17:36:17 +0100111 if (!IS_ERR(key)) {
112 pr_devel("sinfo %u: Direct signer is key %x\n",
113 sinfo->index, key_serial(key));
114 x509 = NULL;
115 goto matched;
116 }
117 if (PTR_ERR(key) != -ENOKEY)
118 return PTR_ERR(key);
119
120 kleave(" = -ENOKEY [no backref]");
121 return -ENOKEY;
David Howells08815b62014-07-01 16:40:20 +0100122
123matched:
124 ret = verify_signature(key, sig);
125 trusted = test_bit(KEY_FLAG_TRUSTED, &key->flags);
126 key_put(key);
127 if (ret < 0) {
128 if (ret == -ENOMEM)
129 return ret;
130 kleave(" = -EKEYREJECTED [verify %d]", ret);
131 return -EKEYREJECTED;
132 }
133
134verified:
David Howells757932e2014-09-16 17:36:17 +0100135 if (x509) {
136 x509->verified = true;
137 for (p = sinfo->signer; p != x509; p = p->signer) {
138 p->verified = true;
139 p->trusted = trusted;
140 }
David Howells08815b62014-07-01 16:40:20 +0100141 }
142 sinfo->trusted = trusted;
143 kleave(" = 0");
144 return 0;
145}
146
147/**
148 * pkcs7_validate_trust - Validate PKCS#7 trust chain
149 * @pkcs7: The PKCS#7 certificate to validate
150 * @trust_keyring: Signing certificates to use as starting points
151 * @_trusted: Set to true if trustworth, false otherwise
152 *
153 * Validate that the certificate chain inside the PKCS#7 message intersects
154 * keys we already know and trust.
155 *
156 * Returns, in order of descending priority:
157 *
158 * (*) -EKEYREJECTED if a signature failed to match for which we have a valid
159 * key, or:
160 *
161 * (*) 0 if at least one signature chain intersects with the keys in the trust
162 * keyring, or:
163 *
164 * (*) -ENOPKG if a suitable crypto module couldn't be found for a check on a
165 * chain.
166 *
167 * (*) -ENOKEY if we couldn't find a match for any of the signature chains in
168 * the message.
169 *
170 * May also return -ENOMEM.
171 */
172int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
173 struct key *trust_keyring,
174 bool *_trusted)
175{
176 struct pkcs7_signed_info *sinfo;
177 struct x509_certificate *p;
David Howells41559422014-09-16 17:36:15 +0100178 int cached_ret = -ENOKEY;
179 int ret;
David Howells08815b62014-07-01 16:40:20 +0100180
181 for (p = pkcs7->certs; p; p = p->next)
182 p->seen = false;
183
184 for (sinfo = pkcs7->signed_infos; sinfo; sinfo = sinfo->next) {
185 ret = pkcs7_validate_trust_one(pkcs7, sinfo, trust_keyring);
David Howells41559422014-09-16 17:36:15 +0100186 switch (ret) {
187 case -ENOKEY:
188 continue;
189 case -ENOPKG:
190 if (cached_ret == -ENOKEY)
David Howells08815b62014-07-01 16:40:20 +0100191 cached_ret = -ENOPKG;
David Howells41559422014-09-16 17:36:15 +0100192 continue;
193 case 0:
194 *_trusted |= sinfo->trusted;
195 cached_ret = 0;
196 continue;
197 default:
198 return ret;
David Howells08815b62014-07-01 16:40:20 +0100199 }
David Howells08815b62014-07-01 16:40:20 +0100200 }
201
202 return cached_ret;
203}
204EXPORT_SYMBOL_GPL(pkcs7_validate_trust);