1
// SPDX-License-Identifier: GPL-2.0-or-later
2
/* Validate the trust chain of a PKCS#7 message.
3
 *
4
 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
5
 * Written by David Howells ([email protected])
6
 */
7

8
#define pr_fmt(fmt) "PKCS7: "fmt
9
#include <linux/kernel.h>
10
#include <linux/export.h>
11
#include <linux/slab.h>
12
#include <linux/err.h>
13
#include <linux/asn1.h>
14
#include <linux/key.h>
15
#include <keys/asymmetric-type.h>
16
#include <crypto/public_key.h>
17
#include "pkcs7_parser.h"
18

19
/*
20
 * Check the trust on one PKCS#7 SignedInfo block.
21
 */
22
static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
23
				    struct pkcs7_signed_info *sinfo,
24
				    struct key *trust_keyring)
25
{
26
	struct public_key_signature *sig = sinfo->sig;
27
	struct x509_certificate *x509, *last = NULL, *p;
28
	struct key *key;
29
	int ret;
30

31
	kenter(",%u,", sinfo->index);
32

33
	if (sinfo->unsupported_crypto) {
34
		kleave(" = -ENOPKG [cached]");
35
		return -ENOPKG;
36
	}
37

38
	for (x509 = sinfo->signer; x509; x509 = x509->signer) {
39
		if (x509->seen) {
40
			if (x509->verified)
41
				goto verified;
42
			kleave(" = -ENOKEY [cached]");
43
			return -ENOKEY;
44
		}
45
		x509->seen = true;
46

47
		/* Look to see if this certificate is present in the trusted
48
		 * keys.
49
		 */
50
		key = find_asymmetric_key(trust_keyring,
51
					  x509->id, x509->skid, NULL, false);
52
		if (!IS_ERR(key)) {
53
			/* One of the X.509 certificates in the PKCS#7 message
54
			 * is apparently the same as one we already trust.
55
			 * Verify that the trusted variant can also validate
56
			 * the signature on the descendant.
57
			 */
58
			pr_devel("sinfo %u: Cert %u as key %x\n",
59
				 sinfo->index, x509->index, key_serial(key));
60
			goto matched;
61
		}
62
		if (key == ERR_PTR(-ENOMEM))
63
			return -ENOMEM;
64

65
		 /* Self-signed certificates form roots of their own, and if we
66
		  * don't know them, then we can't accept them.
67
		  */
68
		if (x509->signer == x509) {
69
			kleave(" = -ENOKEY [unknown self-signed]");
70
			return -ENOKEY;
71
		}
72

73
		might_sleep();
74
		last = x509;
75
		sig = last->sig;
76
	}
77

78
	/* No match - see if the root certificate has a signer amongst the
79
	 * trusted keys.
80
	 */
81
	if (last && (last->sig->auth_ids[0] || last->sig->auth_ids[1])) {
82
		key = find_asymmetric_key(trust_keyring,
83
					  last->sig->auth_ids[0],
84
					  last->sig->auth_ids[1],
85
					  NULL, false);
86
		if (!IS_ERR(key)) {
87
			x509 = last;
88
			pr_devel("sinfo %u: Root cert %u signer is key %x\n",
89
				 sinfo->index, x509->index, key_serial(key));
90
			goto matched;
91
		}
92
		if (PTR_ERR(key) != -ENOKEY)
93
			return PTR_ERR(key);
94
	}
95

96
	/* As a last resort, see if we have a trusted public key that matches
97
	 * the signed info directly.
98
	 */
99
	key = find_asymmetric_key(trust_keyring,
100
				  sinfo->sig->auth_ids[0], NULL, NULL, false);
101
	if (!IS_ERR(key)) {
102
		pr_devel("sinfo %u: Direct signer is key %x\n",
103
			 sinfo->index, key_serial(key));
104
		x509 = NULL;
105
		sig = sinfo->sig;
106
		goto matched;
107
	}
108
	if (PTR_ERR(key) != -ENOKEY)
109
		return PTR_ERR(key);
110

111
	kleave(" = -ENOKEY [no backref]");
112
	return -ENOKEY;
113

114
matched:
115
	ret = verify_signature(key, sig);
116
	key_put(key);
117
	if (ret < 0) {
118
		if (ret == -ENOMEM)
119
			return ret;
120
		kleave(" = -EKEYREJECTED [verify %d]", ret);
121
		return -EKEYREJECTED;
122
	}
123

124
verified:
125
	if (x509) {
126
		x509->verified = true;
127
		for (p = sinfo->signer; p != x509; p = p->signer)
128
			p->verified = true;
129
	}
130
	kleave(" = 0");
131
	return 0;
132
}
133

134
/**
135
 * pkcs7_validate_trust - Validate PKCS#7 trust chain
136
 * @pkcs7: The PKCS#7 certificate to validate
137
 * @trust_keyring: Signing certificates to use as starting points
138
 *
139
 * Validate that the certificate chain inside the PKCS#7 message intersects
140
 * keys we already know and trust.
141
 *
142
 * Returns, in order of descending priority:
143
 *
144
 *  (*) -EKEYREJECTED if a signature failed to match for which we have a valid
145
 *	key, or:
146
 *
147
 *  (*) 0 if at least one signature chain intersects with the keys in the trust
148
 *	keyring, or:
149
 *
150
 *  (*) -ENOPKG if a suitable crypto module couldn't be found for a check on a
151
 *	chain.
152
 *
153
 *  (*) -ENOKEY if we couldn't find a match for any of the signature chains in
154
 *	the message.
155
 *
156
 * May also return -ENOMEM.
157
 */
158
int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
159
			 struct key *trust_keyring)
160
{
161
	struct pkcs7_signed_info *sinfo;
162
	struct x509_certificate *p;
163
	int cached_ret = -ENOKEY;
164
	int ret;
165

166
	for (p = pkcs7->certs; p; p = p->next)
167
		p->seen = false;
168

169
	for (sinfo = pkcs7->signed_infos; sinfo; sinfo = sinfo->next) {
170
		ret = pkcs7_validate_trust_one(pkcs7, sinfo, trust_keyring);
171
		switch (ret) {
172
		case -ENOKEY:
173
			continue;
174
		case -ENOPKG:
175
			if (cached_ret == -ENOKEY)
176
				cached_ret = -ENOPKG;
177
			continue;
178
		case 0:
179
			cached_ret = 0;
180
			continue;
181
		default:
182
			return ret;
183
		}
184
	}
185

186
	return cached_ret;
187
}
188
EXPORT_SYMBOL_GPL(pkcs7_validate_trust);
189

190