kernel/common.git - Unnamed repository; edit this file 'description' to name the repository.

1 /* System trusted keyring for trusted public keys
2  *
3  * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public Licence
8  * as published by the Free Software Foundation; either version
9  * 2 of the Licence, or (at your option) any later version.
10  */
11
12 #include <linux/export.h>
13 #include <linux/kernel.h>
14 #include <linux/sched.h>
15 #include <linux/cred.h>
16 #include <linux/err.h>
17 #include <linux/verification.h>
18 #include <keys/asymmetric-type.h>
19 #include <keys/system_keyring.h>
20 #include <crypto/pkcs7.h>
21
22 static struct key *builtin_trusted_keys;
23 #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
24 static struct key *secondary_trusted_keys;
25 #endif
26
27 extern __initconst const u8 system_certificate_list[];
28 extern __initconst const unsigned long system_certificate_list_size;
29
30 /**
31  * restrict_link_to_builtin_trusted - Restrict keyring addition by built in CA
32  *
33  * Restrict the addition of keys into a keyring based on the key-to-be-added
34  * being vouched for by a key in the built in system keyring.
35  */
36 int restrict_link_by_builtin_trusted(struct key *keyring,
37 				     const struct key_type *type,
38 				     const union key_payload *payload)
39 {
40 	return restrict_link_by_signature(builtin_trusted_keys, type, payload);
41 }
42
43 #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
44 /**
45  * restrict_link_by_builtin_and_secondary_trusted - Restrict keyring
46  *   addition by both builtin and secondary keyrings
47  *
48  * Restrict the addition of keys into a keyring based on the key-to-be-added
49  * being vouched for by a key in either the built-in or the secondary system
50  * keyrings.
51  */
52 int restrict_link_by_builtin_and_secondary_trusted(
53 	struct key *keyring,
54 	const struct key_type *type,
55 	const union key_payload *payload)
56 {
57 	/* If we have a secondary trusted keyring, then that contains a link
58 	 * through to the builtin keyring and the search will follow that link.
59 	 */
60 	if (type == &key_type_keyring &&
61 	    keyring == secondary_trusted_keys &&
62 	    payload == &builtin_trusted_keys->payload)
63 		/* Allow the builtin keyring to be added to the secondary */
64 		return 0;
65
66 	return restrict_link_by_signature(secondary_trusted_keys, type, payload);
67 }
68 #endif
69
70 /*
71  * Create the trusted keyrings
72  */
73 static __init int system_trusted_keyring_init(void)
74 {
75 	pr_notice("Initialise system trusted keyrings\n");
76
77 	builtin_trusted_keys =
78 		keyring_alloc(".builtin_trusted_keys",
79 			      KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
80 			      ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
81 			      KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH),
82 			      KEY_ALLOC_NOT_IN_QUOTA,
83 			      NULL, NULL);
84 	if (IS_ERR(builtin_trusted_keys))
85 		panic("Can't allocate builtin trusted keyring\n");
86
87 #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
88 	secondary_trusted_keys =
89 		keyring_alloc(".secondary_trusted_keys",
90 			      KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
91 			      ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
92 			       KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH |
93 			       KEY_USR_WRITE),
94 			      KEY_ALLOC_NOT_IN_QUOTA,
95 			      restrict_link_by_builtin_and_secondary_trusted,
96 			      NULL);
97 	if (IS_ERR(secondary_trusted_keys))
98 		panic("Can't allocate secondary trusted keyring\n");
99
100 	if (key_link(secondary_trusted_keys, builtin_trusted_keys) < 0)
101 		panic("Can't link trusted keyrings\n");
102 #endif
103
104 	return 0;
105 }
106
107 /*
108  * Must be initialised before we try and load the keys into the keyring.
109  */
110 device_initcall(system_trusted_keyring_init);
111
112 /*
113  * Load the compiled-in list of X.509 certificates.
114  */
115 static __init int load_system_certificate_list(void)
116 {
117 	key_ref_t key;
118 	const u8 *p, *end;
119 	size_t plen;
120
121 	pr_notice("Loading compiled-in X.509 certificates\n");
122
123 	p = system_certificate_list;
124 	end = p + system_certificate_list_size;
125 	while (p < end) {
126 		/* Each cert begins with an ASN.1 SEQUENCE tag and must be more
127 		 * than 256 bytes in size.
128 		 */
129 		if (end - p < 4)
130 			goto dodgy_cert;
131 		if (p[0] != 0x30 &&
132 		    p[1] != 0x82)
133 			goto dodgy_cert;
134 		plen = (p[2] << 8) | p[3];
135 		plen += 4;
136 		if (plen > end - p)
137 			goto dodgy_cert;
138
139 		key = key_create_or_update(make_key_ref(builtin_trusted_keys, 1),
140 					   "asymmetric",
141 					   NULL,
142 					   p,
143 					   plen,
144 					   ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
145 					   KEY_USR_VIEW | KEY_USR_READ),
146 					   KEY_ALLOC_NOT_IN_QUOTA |
147 					   KEY_ALLOC_BUILT_IN |
148 					   KEY_ALLOC_BYPASS_RESTRICTION);
149 		if (IS_ERR(key)) {
150 			pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
151 			       PTR_ERR(key));
152 		} else {
153 			pr_notice("Loaded X.509 cert '%s'\n",
154 				  key_ref_to_ptr(key)->description);
155 			key_ref_put(key);
156 		}
157 		p += plen;
158 	}
159
160 	return 0;
161
162 dodgy_cert:
163 	pr_err("Problem parsing in-kernel X.509 certificate list\n");
164 	return 0;
165 }
166 late_initcall(load_system_certificate_list);
167
168 #ifdef CONFIG_SYSTEM_DATA_VERIFICATION
169
170 /**
171  * verify_pkcs7_signature - Verify a PKCS#7-based signature on system data.
172  * @data: The data to be verified (NULL if expecting internal data).
173  * @len: Size of @data.
174  * @raw_pkcs7: The PKCS#7 message that is the signature.
175  * @pkcs7_len: The size of @raw_pkcs7.
176  * @trusted_keys: Trusted keys to use (NULL for builtin trusted keys only,
177  *					(void *)1UL for all trusted keys).
178  * @usage: The use to which the key is being put.
179  * @view_content: Callback to gain access to content.
180  * @ctx: Context for callback.
181  */
182 int verify_pkcs7_signature(const void *data, size_t len,
183 			   const void *raw_pkcs7, size_t pkcs7_len,
184 			   struct key *trusted_keys,
185 			   enum key_being_used_for usage,
186 			   int (*view_content)(void *ctx,
187 					       const void *data, size_t len,
188 					       size_t asn1hdrlen),
189 			   void *ctx)
190 {
191 	struct pkcs7_message *pkcs7;
192 	int ret;
193
194 	pkcs7 = pkcs7_parse_message(raw_pkcs7, pkcs7_len);
195 	if (IS_ERR(pkcs7))
196 		return PTR_ERR(pkcs7);
197
198 	/* The data should be detached - so we need to supply it. */
199 	if (data && pkcs7_supply_detached_data(pkcs7, data, len) < 0) {
200 		pr_err("PKCS#7 signature with non-detached data\n");
201 		ret = -EBADMSG;
202 		goto error;
203 	}
204
205 	ret = pkcs7_verify(pkcs7, usage);
206 	if (ret < 0)
207 		goto error;
208
209 	if (!trusted_keys) {
210 		trusted_keys = builtin_trusted_keys;
211 	} else if (trusted_keys == VERIFY_USE_SECONDARY_KEYRING) {
212 #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
213 		trusted_keys = secondary_trusted_keys;
214 #else
215 		trusted_keys = builtin_trusted_keys;
216 #endif
217 	}
218 	ret = pkcs7_validate_trust(pkcs7, trusted_keys);
219 	if (ret < 0) {
220 		if (ret == -ENOKEY)
221 			pr_err("PKCS#7 signature not signed with a trusted key\n");
222 		goto error;
223 	}
224
225 	if (view_content) {
226 		size_t asn1hdrlen;
227
228 		ret = pkcs7_get_content_data(pkcs7, &data, &len, &asn1hdrlen);
229 		if (ret < 0) {
230 			if (ret == -ENODATA)
231 				pr_devel("PKCS#7 message does not contain data\n");
232 			goto error;
233 		}
234
235 		ret = view_content(ctx, data, len, asn1hdrlen);
236 	}
237
238 error:
239 	pkcs7_free_message(pkcs7);
240 	pr_devel("<==%s() = %d\n", __func__, ret);
241 	return ret;
242 }
243 EXPORT_SYMBOL_GPL(verify_pkcs7_signature);
244 #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
245
246 /**
247  * verify_signature_one - Verify a signature with keys from given keyring
248  * @sig: The signature to be verified
249  * @trusted_keys: Trusted keys to use (NULL for builtin trusted keys only,
250  *					(void *)1UL for all trusted keys).
251  * @keyid: key description (not partial)
252  */
253 int verify_signature_one(const struct public_key_signature *sig,
254 			   struct key *trusted_keys, const char *keyid)
255 {
256 	key_ref_t ref;
257 	struct key *key;
258 	int ret;
259
260 	if (!sig)
261 		return -EBADMSG;
262 	if (!trusted_keys) {
263 		trusted_keys = builtin_trusted_keys;
264 	} else if (trusted_keys == (void *)1UL) {
265 #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
266 		trusted_keys = secondary_trusted_keys;
267 #else
268 		trusted_keys = builtin_trusted_keys;
269 #endif
270 	}
271
272 	ref = keyring_search(make_key_ref(trusted_keys, 1),
273 				&key_type_asymmetric, keyid);
274 	if (IS_ERR(ref)) {
275 		pr_err("Asymmetric key (%s) not found in keyring(%s)\n",
276 				keyid, trusted_keys->description);
277 		return -ENOKEY;
278 	}
279
280 	key = key_ref_to_ptr(ref);
281 	ret = verify_signature(key, sig);
282 	key_put(key);
283 	return ret;
284 }
285 EXPORT_SYMBOL_GPL(verify_signature_one);
286
287
1	/* System trusted keyring for trusted public keys
2	*
3	* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
4	* Written by David Howells (dhowells@redhat.com)
5	*
6	* This program is free software; you can redistribute it and/or
7	* modify it under the terms of the GNU General Public Licence
8	* as published by the Free Software Foundation; either version
9	* 2 of the Licence, or (at your option) any later version.
10	*/
11
12	#include <linux/export.h>
13	#include <linux/kernel.h>
14	#include <linux/sched.h>
15	#include <linux/cred.h>
16	#include <linux/err.h>
17	#include <linux/verification.h>
18	#include <keys/asymmetric-type.h>
19	#include <keys/system_keyring.h>
20	#include <crypto/pkcs7.h>
21
22	static struct key *builtin_trusted_keys;
23	#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
24	static struct key *secondary_trusted_keys;
25	#endif
26
27	extern __initconst const u8 system_certificate_list[];
28	extern __initconst const unsigned long system_certificate_list_size;
29
30	/**
31	* restrict_link_to_builtin_trusted - Restrict keyring addition by built in CA
32	*
33	* Restrict the addition of keys into a keyring based on the key-to-be-added
34	* being vouched for by a key in the built in system keyring.
35	*/
36	int restrict_link_by_builtin_trusted(struct key *keyring,
37	const struct key_type *type,
38	const union key_payload *payload)
39	{
40	return restrict_link_by_signature(builtin_trusted_keys, type, payload);
41	}
42
43	#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
44	/**
45	* restrict_link_by_builtin_and_secondary_trusted - Restrict keyring
46	* addition by both builtin and secondary keyrings
47	*
48	* Restrict the addition of keys into a keyring based on the key-to-be-added
49	* being vouched for by a key in either the built-in or the secondary system
50	* keyrings.
51	*/
52	int restrict_link_by_builtin_and_secondary_trusted(
53	struct key *keyring,
54	const struct key_type *type,
55	const union key_payload *payload)
56	{
57	/* If we have a secondary trusted keyring, then that contains a link
58	* through to the builtin keyring and the search will follow that link.
59	*/
60	if (type == &key_type_keyring &&
61	keyring == secondary_trusted_keys &&
62	payload == &builtin_trusted_keys->payload)
63	/* Allow the builtin keyring to be added to the secondary */
64	return 0;
65
66	return restrict_link_by_signature(secondary_trusted_keys, type, payload);
67	}
68	#endif
69
70	/*
71	* Create the trusted keyrings
72	*/
73	static __init int system_trusted_keyring_init(void)
74	{
75	pr_notice("Initialise system trusted keyrings\n");
76
77	builtin_trusted_keys =
78	keyring_alloc(".builtin_trusted_keys",
79	KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
80	((KEY_POS_ALL & ~KEY_POS_SETATTR) \|
81	KEY_USR_VIEW \| KEY_USR_READ \| KEY_USR_SEARCH),
82	KEY_ALLOC_NOT_IN_QUOTA,
83	NULL, NULL);
84	if (IS_ERR(builtin_trusted_keys))
85	panic("Can't allocate builtin trusted keyring\n");
86
87	#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
88	secondary_trusted_keys =
89	keyring_alloc(".secondary_trusted_keys",
90	KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
91	((KEY_POS_ALL & ~KEY_POS_SETATTR) \|
92	KEY_USR_VIEW \| KEY_USR_READ \| KEY_USR_SEARCH \|
93	KEY_USR_WRITE),
94	KEY_ALLOC_NOT_IN_QUOTA,
95	restrict_link_by_builtin_and_secondary_trusted,
96	NULL);
97	if (IS_ERR(secondary_trusted_keys))
98	panic("Can't allocate secondary trusted keyring\n");
99
100	if (key_link(secondary_trusted_keys, builtin_trusted_keys) < 0)
101	panic("Can't link trusted keyrings\n");
102	#endif
103
104	return 0;
105	}
106
107	/*
108	* Must be initialised before we try and load the keys into the keyring.
109	*/
110	device_initcall(system_trusted_keyring_init);
111
112	/*
113	* Load the compiled-in list of X.509 certificates.
114	*/
115	static __init int load_system_certificate_list(void)
116	{
117	key_ref_t key;
118	const u8 p, end;
119	size_t plen;
120
121	pr_notice("Loading compiled-in X.509 certificates\n");
122
123	p = system_certificate_list;
124	end = p + system_certificate_list_size;
125	while (p < end) {
126	/* Each cert begins with an ASN.1 SEQUENCE tag and must be more
127	* than 256 bytes in size.
128	*/
129	if (end - p < 4)
130	goto dodgy_cert;
131	if (p[0] != 0x30 &&
132	p[1] != 0x82)
133	goto dodgy_cert;
134	plen = (p[2] << 8) \| p[3];
135	plen += 4;
136	if (plen > end - p)
137	goto dodgy_cert;
138
139	key = key_create_or_update(make_key_ref(builtin_trusted_keys, 1),
140	"asymmetric",
141	NULL,
142	p,
143	plen,
144	((KEY_POS_ALL & ~KEY_POS_SETATTR) \|
145	KEY_USR_VIEW \| KEY_USR_READ),
146	KEY_ALLOC_NOT_IN_QUOTA \|
147	KEY_ALLOC_BUILT_IN \|
148	KEY_ALLOC_BYPASS_RESTRICTION);
149	if (IS_ERR(key)) {
150	pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
151	PTR_ERR(key));
152	} else {
153	pr_notice("Loaded X.509 cert '%s'\n",
154	key_ref_to_ptr(key)->description);
155	key_ref_put(key);
156	}
157	p += plen;
158	}
159
160	return 0;
161
162	dodgy_cert:
163	pr_err("Problem parsing in-kernel X.509 certificate list\n");
164	return 0;
165	}
166	late_initcall(load_system_certificate_list);
167
168	#ifdef CONFIG_SYSTEM_DATA_VERIFICATION
169
170	/**
171	* verify_pkcs7_signature - Verify a PKCS#7-based signature on system data.
172	* @data: The data to be verified (NULL if expecting internal data).
173	* @len: Size of @data.
174	* @raw_pkcs7: The PKCS#7 message that is the signature.
175	* @pkcs7_len: The size of @raw_pkcs7.
176	* @trusted_keys: Trusted keys to use (NULL for builtin trusted keys only,
177	* (void *)1UL for all trusted keys).
178	* @usage: The use to which the key is being put.
179	* @view_content: Callback to gain access to content.
180	* @ctx: Context for callback.
181	*/
182	int verify_pkcs7_signature(const void *data, size_t len,
183	const void *raw_pkcs7, size_t pkcs7_len,
184	struct key *trusted_keys,
185	enum key_being_used_for usage,
186	int (view_content)(void ctx,
187	const void *data, size_t len,
188	size_t asn1hdrlen),
189	void *ctx)
190	{
191	struct pkcs7_message *pkcs7;
192	int ret;
193
194	pkcs7 = pkcs7_parse_message(raw_pkcs7, pkcs7_len);
195	if (IS_ERR(pkcs7))
196	return PTR_ERR(pkcs7);
197
198	/* The data should be detached - so we need to supply it. */
199	if (data && pkcs7_supply_detached_data(pkcs7, data, len) < 0) {
200	pr_err("PKCS#7 signature with non-detached data\n");
201	ret = -EBADMSG;
202	goto error;
203	}
204
205	ret = pkcs7_verify(pkcs7, usage);
206	if (ret < 0)
207	goto error;
208
209	if (!trusted_keys) {
210	trusted_keys = builtin_trusted_keys;
211	} else if (trusted_keys == VERIFY_USE_SECONDARY_KEYRING) {
212	#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
213	trusted_keys = secondary_trusted_keys;
214	#else
215	trusted_keys = builtin_trusted_keys;
216	#endif
217	}
218	ret = pkcs7_validate_trust(pkcs7, trusted_keys);
219	if (ret < 0) {
220	if (ret == -ENOKEY)
221	pr_err("PKCS#7 signature not signed with a trusted key\n");
222	goto error;
223	}
224
225	if (view_content) {
226	size_t asn1hdrlen;
227
228	ret = pkcs7_get_content_data(pkcs7, &data, &len, &asn1hdrlen);
229	if (ret < 0) {
230	if (ret == -ENODATA)
231	pr_devel("PKCS#7 message does not contain data\n");
232	goto error;
233	}
234
235	ret = view_content(ctx, data, len, asn1hdrlen);
236	}
237
238	error:
239	pkcs7_free_message(pkcs7);
240	pr_devel("<==%s() = %d\n", __func__, ret);
241	return ret;
242	}
243	EXPORT_SYMBOL_GPL(verify_pkcs7_signature);
244	#endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
245
246	/**
247	* verify_signature_one - Verify a signature with keys from given keyring
248	* @sig: The signature to be verified
249	* @trusted_keys: Trusted keys to use (NULL for builtin trusted keys only,
250	* (void *)1UL for all trusted keys).
251	* @keyid: key description (not partial)
252	*/
253	int verify_signature_one(const struct public_key_signature *sig,
254	struct key trusted_keys, const char keyid)
255	{
256	key_ref_t ref;
257	struct key *key;
258	int ret;
259
260	if (!sig)
261	return -EBADMSG;
262	if (!trusted_keys) {
263	trusted_keys = builtin_trusted_keys;
264	} else if (trusted_keys == (void *)1UL) {
265	#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
266	trusted_keys = secondary_trusted_keys;
267	#else
268	trusted_keys = builtin_trusted_keys;
269	#endif
270	}
271
272	ref = keyring_search(make_key_ref(trusted_keys, 1),
273	&key_type_asymmetric, keyid);
274	if (IS_ERR(ref)) {
275	pr_err("Asymmetric key (%s) not found in keyring(%s)\n",
276	keyid, trusted_keys->description);
277	return -ENOKEY;
278	}
279
280	key = key_ref_to_ptr(ref);
281	ret = verify_signature(key, sig);
282	key_put(key);
283	return ret;
284	}
285	EXPORT_SYMBOL_GPL(verify_signature_one);
286
287