crypto/asymmetric_keys/pkcs7_trust.c

*4882a593Smuzhiyun// SPDX-License-Identifier: GPL-2.0-or-later
*4882a593Smuzhiyun/* Validate the trust chain of a PKCS#7 message.
*4882a593Smuzhiyun *
*4882a593Smuzhiyun * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
*4882a593Smuzhiyun * Written by David Howells (dhowells@redhat.com)
*4882a593Smuzhiyun */
*4882a593Smuzhiyun
*4882a593Smuzhiyun#define pr_fmt(fmt) "PKCS7: "fmt
*4882a593Smuzhiyun#include <linux/kernel.h>
*4882a593Smuzhiyun#include <linux/export.h>
*4882a593Smuzhiyun#include <linux/slab.h>
*4882a593Smuzhiyun#include <linux/err.h>
*4882a593Smuzhiyun#include <linux/asn1.h>
*4882a593Smuzhiyun#include <linux/key.h>
*4882a593Smuzhiyun#include <keys/asymmetric-type.h>
*4882a593Smuzhiyun#include <crypto/public_key.h>
*4882a593Smuzhiyun#include "pkcs7_parser.h"
*4882a593Smuzhiyun
*4882a593Smuzhiyun/**
*4882a593Smuzhiyun * Check the trust on one PKCS#7 SignedInfo block.
*4882a593Smuzhiyun */
*4882a593Smuzhiyunstatic int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
*4882a593Smuzhiyun				    struct pkcs7_signed_info *sinfo,
*4882a593Smuzhiyun				    struct key *trust_keyring)
*4882a593Smuzhiyun{
*4882a593Smuzhiyun	struct public_key_signature *sig = sinfo->sig;
*4882a593Smuzhiyun	struct x509_certificate *x509, *last = NULL, *p;
*4882a593Smuzhiyun	struct key *key;
*4882a593Smuzhiyun	int ret;
*4882a593Smuzhiyun
*4882a593Smuzhiyun	kenter(",%u,", sinfo->index);
*4882a593Smuzhiyun
*4882a593Smuzhiyun	if (sinfo->unsupported_crypto) {
*4882a593Smuzhiyun		kleave(" = -ENOPKG [cached]");
*4882a593Smuzhiyun		return -ENOPKG;
*4882a593Smuzhiyun	}
*4882a593Smuzhiyun
*4882a593Smuzhiyun	for (x509 = sinfo->signer; x509; x509 = x509->signer) {
*4882a593Smuzhiyun		if (x509->seen) {
*4882a593Smuzhiyun			if (x509->verified)
*4882a593Smuzhiyun				goto verified;
*4882a593Smuzhiyun			kleave(" = -ENOKEY [cached]");
*4882a593Smuzhiyun			return -ENOKEY;
*4882a593Smuzhiyun		}
*4882a593Smuzhiyun		x509->seen = true;
*4882a593Smuzhiyun
*4882a593Smuzhiyun		/* Look to see if this certificate is present in the trusted
*4882a593Smuzhiyun		 * keys.
*4882a593Smuzhiyun		 */
*4882a593Smuzhiyun		key = find_asymmetric_key(trust_keyring,
*4882a593Smuzhiyun					  x509->id, x509->skid, false);
*4882a593Smuzhiyun		if (!IS_ERR(key)) {
*4882a593Smuzhiyun			/* One of the X.509 certificates in the PKCS#7 message
*4882a593Smuzhiyun			 * is apparently the same as one we already trust.
*4882a593Smuzhiyun			 * Verify that the trusted variant can also validate
*4882a593Smuzhiyun			 * the signature on the descendant.
*4882a593Smuzhiyun			 */
*4882a593Smuzhiyun			pr_devel("sinfo %u: Cert %u as key %x\n",
*4882a593Smuzhiyun				 sinfo->index, x509->index, key_serial(key));
*4882a593Smuzhiyun			goto matched;
*4882a593Smuzhiyun		}
*4882a593Smuzhiyun		if (key == ERR_PTR(-ENOMEM))
*4882a593Smuzhiyun			return -ENOMEM;
*4882a593Smuzhiyun
*4882a593Smuzhiyun		 /* Self-signed certificates form roots of their own, and if we
*4882a593Smuzhiyun		  * don't know them, then we can't accept them.
*4882a593Smuzhiyun		  */
*4882a593Smuzhiyun		if (x509->signer == x509) {
*4882a593Smuzhiyun			kleave(" = -ENOKEY [unknown self-signed]");
*4882a593Smuzhiyun			return -ENOKEY;
*4882a593Smuzhiyun		}
*4882a593Smuzhiyun
*4882a593Smuzhiyun		might_sleep();
*4882a593Smuzhiyun		last = x509;
*4882a593Smuzhiyun		sig = last->sig;
*4882a593Smuzhiyun	}
*4882a593Smuzhiyun
*4882a593Smuzhiyun	/* No match - see if the root certificate has a signer amongst the
*4882a593Smuzhiyun	 * trusted keys.
*4882a593Smuzhiyun	 */
*4882a593Smuzhiyun	if (last && (last->sig->auth_ids[0] || last->sig->auth_ids[1])) {
*4882a593Smuzhiyun		key = find_asymmetric_key(trust_keyring,
*4882a593Smuzhiyun					  last->sig->auth_ids[0],
*4882a593Smuzhiyun					  last->sig->auth_ids[1],
*4882a593Smuzhiyun					  false);
*4882a593Smuzhiyun		if (!IS_ERR(key)) {
*4882a593Smuzhiyun			x509 = last;
*4882a593Smuzhiyun			pr_devel("sinfo %u: Root cert %u signer is key %x\n",
*4882a593Smuzhiyun				 sinfo->index, x509->index, key_serial(key));
*4882a593Smuzhiyun			goto matched;
*4882a593Smuzhiyun		}
*4882a593Smuzhiyun		if (PTR_ERR(key) != -ENOKEY)
*4882a593Smuzhiyun			return PTR_ERR(key);
*4882a593Smuzhiyun	}
*4882a593Smuzhiyun
*4882a593Smuzhiyun	/* As a last resort, see if we have a trusted public key that matches
*4882a593Smuzhiyun	 * the signed info directly.
*4882a593Smuzhiyun	 */
*4882a593Smuzhiyun	key = find_asymmetric_key(trust_keyring,
*4882a593Smuzhiyun				  sinfo->sig->auth_ids[0], NULL, false);
*4882a593Smuzhiyun	if (!IS_ERR(key)) {
*4882a593Smuzhiyun		pr_devel("sinfo %u: Direct signer is key %x\n",
*4882a593Smuzhiyun			 sinfo->index, key_serial(key));
*4882a593Smuzhiyun		x509 = NULL;
*4882a593Smuzhiyun		sig = sinfo->sig;
*4882a593Smuzhiyun		goto matched;
*4882a593Smuzhiyun	}
*4882a593Smuzhiyun	if (PTR_ERR(key) != -ENOKEY)
*4882a593Smuzhiyun		return PTR_ERR(key);
*4882a593Smuzhiyun
*4882a593Smuzhiyun	kleave(" = -ENOKEY [no backref]");
*4882a593Smuzhiyun	return -ENOKEY;
*4882a593Smuzhiyun
*4882a593Smuzhiyunmatched:
*4882a593Smuzhiyun	ret = verify_signature(key, sig);
*4882a593Smuzhiyun	key_put(key);
*4882a593Smuzhiyun	if (ret < 0) {
*4882a593Smuzhiyun		if (ret == -ENOMEM)
*4882a593Smuzhiyun			return ret;
*4882a593Smuzhiyun		kleave(" = -EKEYREJECTED [verify %d]", ret);
*4882a593Smuzhiyun		return -EKEYREJECTED;
*4882a593Smuzhiyun	}
*4882a593Smuzhiyun
*4882a593Smuzhiyunverified:
*4882a593Smuzhiyun	if (x509) {
*4882a593Smuzhiyun		x509->verified = true;
*4882a593Smuzhiyun		for (p = sinfo->signer; p != x509; p = p->signer)
*4882a593Smuzhiyun			p->verified = true;
*4882a593Smuzhiyun	}
*4882a593Smuzhiyun	kleave(" = 0");
*4882a593Smuzhiyun	return 0;
*4882a593Smuzhiyun}
*4882a593Smuzhiyun
*4882a593Smuzhiyun/**
*4882a593Smuzhiyun * pkcs7_validate_trust - Validate PKCS#7 trust chain
*4882a593Smuzhiyun * @pkcs7: The PKCS#7 certificate to validate
*4882a593Smuzhiyun * @trust_keyring: Signing certificates to use as starting points
*4882a593Smuzhiyun *
*4882a593Smuzhiyun * Validate that the certificate chain inside the PKCS#7 message intersects
*4882a593Smuzhiyun * keys we already know and trust.
*4882a593Smuzhiyun *
*4882a593Smuzhiyun * Returns, in order of descending priority:
*4882a593Smuzhiyun *
*4882a593Smuzhiyun *  (*) -EKEYREJECTED if a signature failed to match for which we have a valid
*4882a593Smuzhiyun *	key, or:
*4882a593Smuzhiyun *
*4882a593Smuzhiyun *  (*) 0 if at least one signature chain intersects with the keys in the trust
*4882a593Smuzhiyun *	keyring, or:
*4882a593Smuzhiyun *
*4882a593Smuzhiyun *  (*) -ENOPKG if a suitable crypto module couldn't be found for a check on a
*4882a593Smuzhiyun *	chain.
*4882a593Smuzhiyun *
*4882a593Smuzhiyun *  (*) -ENOKEY if we couldn't find a match for any of the signature chains in
*4882a593Smuzhiyun *	the message.
*4882a593Smuzhiyun *
*4882a593Smuzhiyun * May also return -ENOMEM.
*4882a593Smuzhiyun */
*4882a593Smuzhiyunint pkcs7_validate_trust(struct pkcs7_message *pkcs7,
*4882a593Smuzhiyun			 struct key *trust_keyring)
*4882a593Smuzhiyun{
*4882a593Smuzhiyun	struct pkcs7_signed_info *sinfo;
*4882a593Smuzhiyun	struct x509_certificate *p;
*4882a593Smuzhiyun	int cached_ret = -ENOKEY;
*4882a593Smuzhiyun	int ret;
*4882a593Smuzhiyun
*4882a593Smuzhiyun	for (p = pkcs7->certs; p; p = p->next)
*4882a593Smuzhiyun		p->seen = false;
*4882a593Smuzhiyun
*4882a593Smuzhiyun	for (sinfo = pkcs7->signed_infos; sinfo; sinfo = sinfo->next) {
*4882a593Smuzhiyun		ret = pkcs7_validate_trust_one(pkcs7, sinfo, trust_keyring);
*4882a593Smuzhiyun		switch (ret) {
*4882a593Smuzhiyun		case -ENOKEY:
*4882a593Smuzhiyun			continue;
*4882a593Smuzhiyun		case -ENOPKG:
*4882a593Smuzhiyun			if (cached_ret == -ENOKEY)
*4882a593Smuzhiyun				cached_ret = -ENOPKG;
*4882a593Smuzhiyun			continue;
*4882a593Smuzhiyun		case 0:
*4882a593Smuzhiyun			cached_ret = 0;
*4882a593Smuzhiyun			continue;
*4882a593Smuzhiyun		default:
*4882a593Smuzhiyun			return ret;
*4882a593Smuzhiyun		}
*4882a593Smuzhiyun	}
*4882a593Smuzhiyun
*4882a593Smuzhiyun	return cached_ret;
*4882a593Smuzhiyun}
*4882a593SmuzhiyunEXPORT_SYMBOL_GPL(pkcs7_validate_trust);