@@ -20,6 +20,15 @@
MODULE_LICENSE("GPL");
+const char *const asymmetric_key_verification_names[NR__ASYMMETRIC_KEY_VERIFICATION] = {
+ [KEY_VERIFYING_MODULE_SIGNATURE] = "mod sig",
+ [KEY_VERIFYING_FIRMWARE_SIGNATURE] = "firmware sig",
+ [KEY_VERIFYING_KEXEC_SIGNATURE] = "kexec sig",
+ [KEY_VERIFYING_KEY_SIGNATURE] = "key sig",
+ [KEY_VERIFYING_KEY_SELF_SIGNATURE] = "key self sig",
+};
+EXPORT_SYMBOL_GPL(asymmetric_key_verification_names);
+
static LIST_HEAD(asymmetric_key_parsers);
static DECLARE_RWSEM(asymmetric_key_parsers_sem);
@@ -12,17 +12,24 @@
#define pr_fmt(fmt) "PKCS7key: "fmt
#include <linux/key.h>
#include <linux/err.h>
-#include <linux/key-type.h>
+#include <linux/module.h>
+#include <keys/asymmetric-type.h>
#include <crypto/pkcs7.h>
#include <keys/user-type.h>
#include <keys/system_keyring.h>
#include "pkcs7_parser.h"
+unsigned pkcs7_usage;
+module_param_named(usage, pkcs7_usage, uint, S_IWUSR | S_IRUGO);
+MODULE_PARM_DESC(pkcs7_usage,
+ "Usage to specify when verifying the PKCS#7 message");
+
/*
* Preparse a PKCS#7 wrapped and validated data blob.
*/
static int pkcs7_preparse(struct key_preparsed_payload *prep)
{
+ enum asymmetric_key_verification usage = pkcs7_usage;
struct pkcs7_message *pkcs7;
const void *data, *saved_prep_data;
size_t datalen, saved_prep_datalen;
@@ -31,6 +38,11 @@ static int pkcs7_preparse(struct key_preparsed_payload *prep)
kenter("");
+ if (usage >= NR__ASYMMETRIC_KEY_VERIFICATION) {
+ pr_err("Invalid usage type %d\n", usage);
+ return -EINVAL;
+ }
+
saved_prep_data = prep->data;
saved_prep_datalen = prep->datalen;
pkcs7 = pkcs7_parse_message(saved_prep_data, saved_prep_datalen);
@@ -39,11 +51,12 @@ static int pkcs7_preparse(struct key_preparsed_payload *prep)
goto error;
}
- ret = pkcs7_verify(pkcs7);
+ ret = pkcs7_verify(pkcs7, usage);
if (ret < 0)
goto error_free;
- ret = pkcs7_validate_trust(pkcs7, system_trusted_keyring, &trusted);
+ ret = pkcs7_validate_trust(pkcs7, system_trusted_keyring, usage,
+ &trusted);
if (ret < 0)
goto error_free;
if (!trusted)
@@ -25,7 +25,8 @@
*/
static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
struct pkcs7_signed_info *sinfo,
- struct key *trust_keyring)
+ struct key *trust_keyring,
+ enum asymmetric_key_verification usage)
{
struct public_key_signature *sig = &sinfo->sig;
struct x509_certificate *x509, *last = NULL, *p;
@@ -65,6 +66,7 @@ static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
*/
pr_devel("sinfo %u: Cert %u as key %x\n",
sinfo->index, x509->index, key_serial(key));
+ usage = KEY_VERIFYING_KEY_SIGNATURE;
goto matched;
}
if (key == ERR_PTR(-ENOMEM))
@@ -95,6 +97,7 @@ static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
x509 = last;
pr_devel("sinfo %u: Root cert %u signer is key %x\n",
sinfo->index, x509->index, key_serial(key));
+ usage = KEY_VERIFYING_KEY_SIGNATURE;
goto matched;
}
if (PTR_ERR(key) != -ENOKEY)
@@ -121,7 +124,7 @@ static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
return -ENOKEY;
matched:
- ret = verify_signature(key, sig);
+ ret = verify_signature(key, sig, usage);
trusted = test_bit(KEY_FLAG_TRUSTED, &key->flags);
key_put(key);
if (ret < 0) {
@@ -148,7 +151,8 @@ verified:
* pkcs7_validate_trust - Validate PKCS#7 trust chain
* @pkcs7: The PKCS#7 certificate to validate
* @trust_keyring: Signing certificates to use as starting points
- * @_trusted: Set to true if trustworth, false otherwise
+ * @usage: The use to which the key is being put.
+ * @_trusted: Set to true if trustworthy, false otherwise
*
* Validate that the certificate chain inside the PKCS#7 message intersects
* keys we already know and trust.
@@ -171,6 +175,7 @@ verified:
*/
int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
struct key *trust_keyring,
+ enum asymmetric_key_verification usage,
bool *_trusted)
{
struct pkcs7_signed_info *sinfo;
@@ -182,7 +187,8 @@ int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
p->seen = false;
for (sinfo = pkcs7->signed_infos; sinfo; sinfo = sinfo->next) {
- ret = pkcs7_validate_trust_one(pkcs7, sinfo, trust_keyring);
+ ret = pkcs7_validate_trust_one(pkcs7, sinfo, trust_keyring,
+ usage);
switch (ret) {
case -ENOKEY:
continue;
@@ -208,7 +208,8 @@ static int pkcs7_verify_sig_chain(struct pkcs7_message *pkcs7,
x509->raw_issuer_size) != 0)
return 0;
- ret = x509_check_signature(x509->pub, x509);
+ ret = x509_check_signature(x509->pub, x509,
+ KEY_VERIFYING_KEY_SELF_SIGNATURE);
if (ret < 0)
goto maybe_missing_crypto_in_x509;
x509->signer = x509;
@@ -262,7 +263,8 @@ static int pkcs7_verify_sig_chain(struct pkcs7_message *pkcs7,
sinfo->index);
return 0;
}
- ret = x509_check_signature(p->pub, x509);
+ ret = x509_check_signature(p->pub, x509,
+ KEY_VERIFYING_KEY_SIGNATURE);
if (ret < 0)
return ret;
x509->signer = p;
@@ -290,7 +292,8 @@ maybe_missing_crypto_in_x509:
* Verify one signed information block from a PKCS#7 message.
*/
static int pkcs7_verify_one(struct pkcs7_message *pkcs7,
- struct pkcs7_signed_info *sinfo)
+ struct pkcs7_signed_info *sinfo,
+ enum asymmetric_key_verification usage)
{
int ret;
@@ -315,7 +318,8 @@ static int pkcs7_verify_one(struct pkcs7_message *pkcs7,
sinfo->signer->index, sinfo->index);
/* Verify the PKCS#7 binary against the key */
- ret = public_key_verify_signature(sinfo->signer->pub, &sinfo->sig);
+ ret = public_key_verify_signature(sinfo->signer->pub, &sinfo->sig,
+ usage);
if (ret < 0)
return ret;
@@ -328,6 +332,7 @@ static int pkcs7_verify_one(struct pkcs7_message *pkcs7,
/**
* pkcs7_verify - Verify a PKCS#7 message
* @pkcs7: The PKCS#7 message to be verified
+ * @usage: The use to which the key is being put
*
* Verify a PKCS#7 message is internally consistent - that is, the data digest
* matches the digest in the AuthAttrs and any signature in the message or one
@@ -339,6 +344,9 @@ static int pkcs7_verify_one(struct pkcs7_message *pkcs7,
*
* Returns, in order of descending priority:
*
+ * (*) -EKEYREJECTED if a key was selected that had a usage restriction at
+ * odds with the specified usage, or:
+ *
* (*) -EKEYREJECTED if a signature failed to match for which we found an
* appropriate X.509 certificate, or:
*
@@ -350,7 +358,8 @@ static int pkcs7_verify_one(struct pkcs7_message *pkcs7,
* (*) 0 if all the signature chains that don't incur -ENOPKG can be verified
* (note that a signature chain may be of zero length), or:
*/
-int pkcs7_verify(struct pkcs7_message *pkcs7)
+int pkcs7_verify(struct pkcs7_message *pkcs7,
+ enum asymmetric_key_verification usage)
{
struct pkcs7_signed_info *sinfo;
struct x509_certificate *x509;
@@ -366,7 +375,7 @@ int pkcs7_verify(struct pkcs7_message *pkcs7)
}
for (sinfo = pkcs7->signed_infos; sinfo; sinfo = sinfo->next) {
- ret = pkcs7_verify_one(pkcs7, sinfo);
+ ret = pkcs7_verify_one(pkcs7, sinfo, usage);
if (ret < 0) {
if (ret == -ENOPKG) {
sinfo->unsupported_crypto = true;
@@ -94,12 +94,56 @@ void public_key_destroy(void *payload)
EXPORT_SYMBOL_GPL(public_key_destroy);
/*
+ * Apply key usage policy.
+ */
+static int public_key_usage_policy(enum asymmetric_key_verification usage,
+ enum pkey_usage_restriction restriction)
+{
+ switch (usage) {
+ case KEY_VERIFYING_MODULE_SIGNATURE:
+ if (restriction != PKEY_RESTRICTED_TO_MODULE_SIGNING &&
+ restriction != PKEY_USAGE_NOT_SPECIFIED)
+ goto wrong_purpose;
+ return 0;
+ case KEY_VERIFYING_FIRMWARE_SIGNATURE:
+ if (restriction != PKEY_RESTRICTED_TO_FIRMWARE_SIGNING) {
+ pr_warn("Firmware signed with non-firmware key (%s)\n",
+ public_key_restrictions[restriction]);
+ return -EKEYREJECTED;
+ }
+ return 0;
+ case KEY_VERIFYING_KEXEC_SIGNATURE:
+ if (restriction != PKEY_RESTRICTED_TO_KEXEC_SIGNING &&
+ restriction != PKEY_USAGE_NOT_SPECIFIED)
+ goto wrong_purpose;
+ return 0;
+ case KEY_VERIFYING_KEY_SIGNATURE:
+ if (restriction != PKEY_RESTRICTED_TO_KEY_SIGNING &&
+ restriction != PKEY_USAGE_NOT_SPECIFIED)
+ goto wrong_purpose;
+ return 0;
+ case KEY_VERIFYING_KEY_SELF_SIGNATURE:
+ return 0;
+ default:
+ BUG();
+ }
+
+wrong_purpose:
+ pr_warn("Restricted usage key (%s) used for wrong purpose (%s)\n",
+ public_key_restrictions[restriction],
+ asymmetric_key_verification_names[usage]);
+ return -EKEYREJECTED;
+}
+
+/*
* Verify a signature using a public key.
*/
int public_key_verify_signature(const struct public_key *pk,
- const struct public_key_signature *sig)
+ const struct public_key_signature *sig,
+ enum asymmetric_key_verification usage)
{
const struct public_key_algorithm *algo;
+ int ret;
BUG_ON(!pk);
BUG_ON(!pk->mpi[0]);
@@ -126,15 +170,20 @@ int public_key_verify_signature(const struct public_key *pk,
return -EINVAL;
}
+ ret = public_key_usage_policy(usage, pk->usage_restriction);
+ if (ret < 0)
+ return ret;
+
return algo->verify_signature(pk, sig);
}
EXPORT_SYMBOL_GPL(public_key_verify_signature);
static int public_key_verify_signature_2(const struct key *key,
- const struct public_key_signature *sig)
+ const struct public_key_signature *sig,
+ enum asymmetric_key_verification usage)
{
const struct public_key *pk = key->payload.data;
- return public_key_verify_signature(pk, sig);
+ return public_key_verify_signature(pk, sig, usage);
}
/*
@@ -33,4 +33,5 @@ extern const struct public_key_algorithm RSA_public_key_algorithm;
* public_key.c
*/
extern int public_key_verify_signature(const struct public_key *pk,
- const struct public_key_signature *sig);
+ const struct public_key_signature *sig,
+ enum asymmetric_key_verification usage);
@@ -22,11 +22,13 @@
* verify_signature - Initiate the use of an asymmetric key to verify a signature
* @key: The asymmetric key to verify against
* @sig: The signature to check
+ * @usage: The use to which the key is being put.
*
* Returns 0 if successful or else an error.
*/
int verify_signature(const struct key *key,
- const struct public_key_signature *sig)
+ const struct public_key_signature *sig,
+ enum asymmetric_key_verification usage)
{
const struct asymmetric_key_subtype *subtype;
int ret;
@@ -42,7 +44,7 @@ int verify_signature(const struct key *key,
if (!subtype->verify_signature)
return -ENOTSUPP;
- ret = subtype->verify_signature(key, sig);
+ ret = subtype->verify_signature(key, sig, usage);
pr_devel("<==%s() = %d\n", __func__, ret);
return ret;
@@ -55,4 +55,5 @@ extern struct x509_certificate *x509_cert_parse(const void *data, size_t datalen
*/
extern int x509_get_sig_params(struct x509_certificate *cert);
extern int x509_check_signature(const struct public_key *pub,
- struct x509_certificate *cert);
+ struct x509_certificate *cert,
+ enum asymmetric_key_verification usage);
@@ -208,7 +208,8 @@ EXPORT_SYMBOL_GPL(x509_get_sig_params);
* Check the signature on a certificate using the provided public key
*/
int x509_check_signature(const struct public_key *pub,
- struct x509_certificate *cert)
+ struct x509_certificate *cert,
+ enum asymmetric_key_verification usage)
{
int ret;
@@ -218,7 +219,7 @@ int x509_check_signature(const struct public_key *pub,
if (ret < 0)
return ret;
- ret = public_key_verify_signature(pub, &cert->sig);
+ ret = public_key_verify_signature(pub, &cert->sig, usage);
if (ret == -ENOPKG)
cert->unsupported_crypto = true;
pr_debug("Cert Verification: %d\n", ret);
@@ -251,9 +252,10 @@ static int x509_validate_trust(struct x509_certificate *cert,
cert->akid_id, cert->akid_skid,
false);
if (!IS_ERR(key)) {
- if (!use_builtin_keys
- || test_bit(KEY_FLAG_BUILTIN, &key->flags))
- ret = x509_check_signature(key->payload.data, cert);
+ if (!use_builtin_keys ||
+ test_bit(KEY_FLAG_BUILTIN, &key->flags))
+ ret = x509_check_signature(key->payload.data, cert,
+ KEY_VERIFYING_KEY_SIGNATURE);
key_put(key);
}
return ret;
@@ -308,7 +310,8 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
if ((!cert->akid_skid && !cert->akid_id) ||
asymmetric_key_id_same(cert->skid, cert->akid_skid) ||
asymmetric_key_id_same(cert->id, cert->akid_id)) {
- ret = x509_check_signature(cert->pub, cert); /* self-signed */
+ ret = x509_check_signature(cert->pub, cert,
+ KEY_VERIFYING_KEY_SELF_SIGNATURE);
if (ret < 0)
goto error_free_cert;
} else if (!prep->trusted) {
@@ -29,12 +29,14 @@ extern const char *pkcs7_get_firmware_name(const struct pkcs7_message *pkcs7);
*/
extern int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
struct key *trust_keyring,
+ enum asymmetric_key_verification usage,
bool *_trusted);
/*
* pkcs7_verify.c
*/
-extern int pkcs7_verify(struct pkcs7_message *pkcs7);
+extern int pkcs7_verify(struct pkcs7_message *pkcs7,
+ enum asymmetric_key_verification usage);
extern int pkcs7_supply_detached_data(struct pkcs7_message *pkcs7,
const void *data, size_t datalen);
@@ -110,7 +110,8 @@ struct public_key_signature {
struct key;
extern int verify_signature(const struct key *key,
- const struct public_key_signature *sig);
+ const struct public_key_signature *sig,
+ enum asymmetric_key_verification usage);
struct asymmetric_key_id;
extern struct key *x509_request_asymmetric_key(struct key *keyring,
@@ -39,7 +39,8 @@ struct asymmetric_key_subtype {
/* Verify the signature on a key of this subtype (optional) */
int (*verify_signature)(const struct key *key,
- const struct public_key_signature *sig);
+ const struct public_key_signature *sig,
+ enum asymmetric_key_verification usage);
};
/**
@@ -60,6 +60,19 @@ extern struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1,
size_t len_2);
/*
+ * The use to which an asymmetric is being put when verifying a signature.
+ */
+enum asymmetric_key_verification {
+ KEY_VERIFYING_MODULE_SIGNATURE,
+ KEY_VERIFYING_FIRMWARE_SIGNATURE,
+ KEY_VERIFYING_KEXEC_SIGNATURE,
+ KEY_VERIFYING_KEY_SIGNATURE,
+ KEY_VERIFYING_KEY_SELF_SIGNATURE,
+ NR__ASYMMETRIC_KEY_VERIFICATION
+};
+extern const char *const asymmetric_key_verification_names[NR__ASYMMETRIC_KEY_VERIFICATION];
+
+/*
* The payload is at the discretion of the subtype.
*/
@@ -29,8 +29,10 @@ static inline struct key *get_system_trusted_keyring(void)
#endif
#ifdef CONFIG_SYSTEM_DATA_VERIFICATION
+enum asymmetric_key_verification;
extern int system_verify_data(const void *data, unsigned long len,
const void *raw_pkcs7, size_t pkcs7_len,
+ enum asymmetric_key_verification usage,
const char *firmware_name);
#endif
@@ -72,5 +72,6 @@ int mod_verify_sig(const void *mod, unsigned long *_modlen)
return -EBADMSG;
}
- return system_verify_data(mod, modlen, mod + modlen, sig_len, NULL);
+ return system_verify_data(mod, modlen, mod + modlen, sig_len,
+ KEY_VERIFYING_MODULE_SIGNATURE, NULL);
}
@@ -113,10 +113,12 @@ late_initcall(load_system_certificate_list);
* @len: Size of @data.
* @raw_pkcs7: The PKCS#7 message that is the signature.
* @pkcs7_len: The size of @raw_pkcs7.
+ * @usage: The use to which the key is being put.
* @firmware_name: The required firmware name or NULL.
*/
int system_verify_data(const void *data, unsigned long len,
const void *raw_pkcs7, size_t pkcs7_len,
+ enum asymmetric_key_verification usage,
const char *firmware_name)
{
struct pkcs7_message *pkcs7;
@@ -156,11 +158,12 @@ int system_verify_data(const void *data, unsigned long len,
goto error;
}
- ret = pkcs7_verify(pkcs7);
+ ret = pkcs7_verify(pkcs7, usage);
if (ret < 0)
goto error;
- ret = pkcs7_validate_trust(pkcs7, system_trusted_keyring, &trusted);
+ ret = pkcs7_validate_trust(pkcs7, system_trusted_keyring, usage,
+ &trusted);
if (ret < 0)
goto error;
Restrict the verification of X.509 certificates such that a certificate can only be verified if either: (1) A certificate is signed with the key it holds. (2) A certificate is signed with a key that has keyCertSign set in its keyUsage extension and has no purpose restriction set. Restrict the verification of PKCS#7 messages such that a signature can only be verified by a matching key if the key does not have keyCertSign set and either of the following is true: (1) The key has no purpose restriction and the PKCS#7 is not a firmware signature. (2) The key has a recognised purpose restriction that matches the use to which the PKCS#7 signature is being put. In the event that a restriction mismatch occurs, EKEYREJECTED will be returned and an error similar to one of the following will be logged to dmesg: PKEY: Firmware signed with non-firmware key (module sig) PKEY: Restricted usage key (module sig) used for wrong purpose (kexec sig) The PKCS#7 test key type is given the usage to specify in a module parameter. For example: echo 1 >/sys/module/pkcs7_test_key/parameters/usage keyctl padd pkcs7_test foo @s </tmp/stuff.pkcs7 will attempt to check the signature on stuff.pkcs7 as if it contains a firmware blob (1 being KEY_VERIFYING_FIRMWARE_SIGNATURE). Not-yet-signed-off-by: David Howells <dhowells@redhat.com> --- crypto/asymmetric_keys/asymmetric_type.c | 9 +++++ crypto/asymmetric_keys/pkcs7_key_type.c | 19 +++++++++- crypto/asymmetric_keys/pkcs7_trust.c | 14 +++++--- crypto/asymmetric_keys/pkcs7_verify.c | 21 ++++++++--- crypto/asymmetric_keys/public_key.c | 55 ++++++++++++++++++++++++++++-- crypto/asymmetric_keys/public_key.h | 3 +- crypto/asymmetric_keys/signature.c | 6 ++- crypto/asymmetric_keys/x509_parser.h | 3 +- crypto/asymmetric_keys/x509_public_key.c | 15 +++++--- include/crypto/pkcs7.h | 4 ++ include/crypto/public_key.h | 3 +- include/keys/asymmetric-subtype.h | 3 +- include/keys/asymmetric-type.h | 13 +++++++ include/keys/system_keyring.h | 2 + kernel/module_signing.c | 3 +- kernel/system_keyring.c | 7 +++- 16 files changed, 148 insertions(+), 32 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html