xref: /linux/crypto/asymmetric_keys/x509_public_key.c (revision ca55b2fef3a9373fcfc30f82fd26bc7fccbda732)
1 /* Instantiate a public key crypto key from an X.509 Certificate
2  *
3  * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public Licence
8  * as published by the Free Software Foundation; either version
9  * 2 of the Licence, or (at your option) any later version.
10  */
11 
12 #define pr_fmt(fmt) "X.509: "fmt
13 #include <linux/module.h>
14 #include <linux/kernel.h>
15 #include <linux/slab.h>
16 #include <linux/err.h>
17 #include <linux/mpi.h>
18 #include <linux/asn1_decoder.h>
19 #include <keys/asymmetric-subtype.h>
20 #include <keys/asymmetric-parser.h>
21 #include <keys/system_keyring.h>
22 #include <crypto/hash.h>
23 #include "asymmetric_keys.h"
24 #include "public_key.h"
25 #include "x509_parser.h"
26 
27 static bool use_builtin_keys;
28 static struct asymmetric_key_id *ca_keyid;
29 
30 #ifndef MODULE
31 static struct {
32 	struct asymmetric_key_id id;
33 	unsigned char data[10];
34 } cakey;
35 
36 static int __init ca_keys_setup(char *str)
37 {
38 	if (!str)		/* default system keyring */
39 		return 1;
40 
41 	if (strncmp(str, "id:", 3) == 0) {
42 		struct asymmetric_key_id *p = &cakey.id;
43 		size_t hexlen = (strlen(str) - 3) / 2;
44 		int ret;
45 
46 		if (hexlen == 0 || hexlen > sizeof(cakey.data)) {
47 			pr_err("Missing or invalid ca_keys id\n");
48 			return 1;
49 		}
50 
51 		ret = __asymmetric_key_hex_to_key_id(str + 3, p, hexlen);
52 		if (ret < 0)
53 			pr_err("Unparsable ca_keys id hex string\n");
54 		else
55 			ca_keyid = p;	/* owner key 'id:xxxxxx' */
56 	} else if (strcmp(str, "builtin") == 0) {
57 		use_builtin_keys = true;
58 	}
59 
60 	return 1;
61 }
62 __setup("ca_keys=", ca_keys_setup);
63 #endif
64 
65 /**
66  * x509_request_asymmetric_key - Request a key by X.509 certificate params.
67  * @keyring: The keys to search.
68  * @id: The issuer & serialNumber to look for or NULL.
69  * @skid: The subjectKeyIdentifier to look for or NULL.
70  * @partial: Use partial match if true, exact if false.
71  *
72  * Find a key in the given keyring by identifier.  The preferred identifier is
73  * the issuer + serialNumber and the fallback identifier is the
74  * subjectKeyIdentifier.  If both are given, the lookup is by the former, but
75  * the latter must also match.
76  */
77 struct key *x509_request_asymmetric_key(struct key *keyring,
78 					const struct asymmetric_key_id *id,
79 					const struct asymmetric_key_id *skid,
80 					bool partial)
81 {
82 	struct key *key;
83 	key_ref_t ref;
84 	const char *lookup;
85 	char *req, *p;
86 	int len;
87 
88 	if (id) {
89 		lookup = id->data;
90 		len = id->len;
91 	} else {
92 		lookup = skid->data;
93 		len = skid->len;
94 	}
95 
96 	/* Construct an identifier "id:<keyid>". */
97 	p = req = kmalloc(2 + 1 + len * 2 + 1, GFP_KERNEL);
98 	if (!req)
99 		return ERR_PTR(-ENOMEM);
100 
101 	if (partial) {
102 		*p++ = 'i';
103 		*p++ = 'd';
104 	} else {
105 		*p++ = 'e';
106 		*p++ = 'x';
107 	}
108 	*p++ = ':';
109 	p = bin2hex(p, lookup, len);
110 	*p = 0;
111 
112 	pr_debug("Look up: \"%s\"\n", req);
113 
114 	ref = keyring_search(make_key_ref(keyring, 1),
115 			     &key_type_asymmetric, req);
116 	if (IS_ERR(ref))
117 		pr_debug("Request for key '%s' err %ld\n", req, PTR_ERR(ref));
118 	kfree(req);
119 
120 	if (IS_ERR(ref)) {
121 		switch (PTR_ERR(ref)) {
122 			/* Hide some search errors */
123 		case -EACCES:
124 		case -ENOTDIR:
125 		case -EAGAIN:
126 			return ERR_PTR(-ENOKEY);
127 		default:
128 			return ERR_CAST(ref);
129 		}
130 	}
131 
132 	key = key_ref_to_ptr(ref);
133 	if (id && skid) {
134 		const struct asymmetric_key_ids *kids = asymmetric_key_ids(key);
135 		if (!kids->id[1]) {
136 			pr_debug("issuer+serial match, but expected SKID missing\n");
137 			goto reject;
138 		}
139 		if (!asymmetric_key_id_same(skid, kids->id[1])) {
140 			pr_debug("issuer+serial match, but SKID does not\n");
141 			goto reject;
142 		}
143 	}
144 
145 	pr_devel("<==%s() = 0 [%x]\n", __func__, key_serial(key));
146 	return key;
147 
148 reject:
149 	key_put(key);
150 	return ERR_PTR(-EKEYREJECTED);
151 }
152 EXPORT_SYMBOL_GPL(x509_request_asymmetric_key);
153 
154 /*
155  * Set up the signature parameters in an X.509 certificate.  This involves
156  * digesting the signed data and extracting the signature.
157  */
158 int x509_get_sig_params(struct x509_certificate *cert)
159 {
160 	struct crypto_shash *tfm;
161 	struct shash_desc *desc;
162 	size_t digest_size, desc_size;
163 	void *digest;
164 	int ret;
165 
166 	pr_devel("==>%s()\n", __func__);
167 
168 	if (cert->unsupported_crypto)
169 		return -ENOPKG;
170 	if (cert->sig.rsa.s)
171 		return 0;
172 
173 	cert->sig.rsa.s = mpi_read_raw_data(cert->raw_sig, cert->raw_sig_size);
174 	if (!cert->sig.rsa.s)
175 		return -ENOMEM;
176 	cert->sig.nr_mpi = 1;
177 
178 	/* Allocate the hashing algorithm we're going to need and find out how
179 	 * big the hash operational data will be.
180 	 */
181 	tfm = crypto_alloc_shash(hash_algo_name[cert->sig.pkey_hash_algo], 0, 0);
182 	if (IS_ERR(tfm)) {
183 		if (PTR_ERR(tfm) == -ENOENT) {
184 			cert->unsupported_crypto = true;
185 			return -ENOPKG;
186 		}
187 		return PTR_ERR(tfm);
188 	}
189 
190 	desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
191 	digest_size = crypto_shash_digestsize(tfm);
192 
193 	/* We allocate the hash operational data storage on the end of the
194 	 * digest storage space.
195 	 */
196 	ret = -ENOMEM;
197 	digest = kzalloc(digest_size + desc_size, GFP_KERNEL);
198 	if (!digest)
199 		goto error;
200 
201 	cert->sig.digest = digest;
202 	cert->sig.digest_size = digest_size;
203 
204 	desc = digest + digest_size;
205 	desc->tfm = tfm;
206 	desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
207 
208 	ret = crypto_shash_init(desc);
209 	if (ret < 0)
210 		goto error;
211 	might_sleep();
212 	ret = crypto_shash_finup(desc, cert->tbs, cert->tbs_size, digest);
213 error:
214 	crypto_free_shash(tfm);
215 	pr_devel("<==%s() = %d\n", __func__, ret);
216 	return ret;
217 }
218 EXPORT_SYMBOL_GPL(x509_get_sig_params);
219 
220 /*
221  * Check the signature on a certificate using the provided public key
222  */
223 int x509_check_signature(const struct public_key *pub,
224 			 struct x509_certificate *cert)
225 {
226 	int ret;
227 
228 	pr_devel("==>%s()\n", __func__);
229 
230 	ret = x509_get_sig_params(cert);
231 	if (ret < 0)
232 		return ret;
233 
234 	ret = public_key_verify_signature(pub, &cert->sig);
235 	if (ret == -ENOPKG)
236 		cert->unsupported_crypto = true;
237 	pr_debug("Cert Verification: %d\n", ret);
238 	return ret;
239 }
240 EXPORT_SYMBOL_GPL(x509_check_signature);
241 
242 /*
243  * Check the new certificate against the ones in the trust keyring.  If one of
244  * those is the signing key and validates the new certificate, then mark the
245  * new certificate as being trusted.
246  *
247  * Return 0 if the new certificate was successfully validated, 1 if we couldn't
248  * find a matching parent certificate in the trusted list and an error if there
249  * is a matching certificate but the signature check fails.
250  */
251 static int x509_validate_trust(struct x509_certificate *cert,
252 			       struct key *trust_keyring)
253 {
254 	struct key *key;
255 	int ret = 1;
256 
257 	if (!trust_keyring)
258 		return -EOPNOTSUPP;
259 
260 	if (ca_keyid && !asymmetric_key_id_partial(cert->akid_skid, ca_keyid))
261 		return -EPERM;
262 
263 	key = x509_request_asymmetric_key(trust_keyring,
264 					  cert->akid_id, cert->akid_skid,
265 					  false);
266 	if (!IS_ERR(key))  {
267 		if (!use_builtin_keys
268 		    || test_bit(KEY_FLAG_BUILTIN, &key->flags))
269 			ret = x509_check_signature(key->payload.data, cert);
270 		key_put(key);
271 	}
272 	return ret;
273 }
274 
275 /*
276  * Attempt to parse a data blob for a key as an X509 certificate.
277  */
278 static int x509_key_preparse(struct key_preparsed_payload *prep)
279 {
280 	struct asymmetric_key_ids *kids;
281 	struct x509_certificate *cert;
282 	const char *q;
283 	size_t srlen, sulen;
284 	char *desc = NULL, *p;
285 	int ret;
286 
287 	cert = x509_cert_parse(prep->data, prep->datalen);
288 	if (IS_ERR(cert))
289 		return PTR_ERR(cert);
290 
291 	pr_devel("Cert Issuer: %s\n", cert->issuer);
292 	pr_devel("Cert Subject: %s\n", cert->subject);
293 
294 	if (cert->pub->pkey_algo >= PKEY_ALGO__LAST ||
295 	    cert->sig.pkey_algo >= PKEY_ALGO__LAST ||
296 	    cert->sig.pkey_hash_algo >= PKEY_HASH__LAST ||
297 	    !pkey_algo[cert->pub->pkey_algo] ||
298 	    !pkey_algo[cert->sig.pkey_algo] ||
299 	    !hash_algo_name[cert->sig.pkey_hash_algo]) {
300 		ret = -ENOPKG;
301 		goto error_free_cert;
302 	}
303 
304 	pr_devel("Cert Key Algo: %s\n", pkey_algo_name[cert->pub->pkey_algo]);
305 	pr_devel("Cert Valid period: %lld-%lld\n", cert->valid_from, cert->valid_to);
306 	pr_devel("Cert Signature: %s + %s\n",
307 		 pkey_algo_name[cert->sig.pkey_algo],
308 		 hash_algo_name[cert->sig.pkey_hash_algo]);
309 
310 	cert->pub->algo = pkey_algo[cert->pub->pkey_algo];
311 	cert->pub->id_type = PKEY_ID_X509;
312 
313 	/* Check the signature on the key if it appears to be self-signed */
314 	if ((!cert->akid_skid && !cert->akid_id) ||
315 	    asymmetric_key_id_same(cert->skid, cert->akid_skid) ||
316 	    asymmetric_key_id_same(cert->id, cert->akid_id)) {
317 		ret = x509_check_signature(cert->pub, cert); /* self-signed */
318 		if (ret < 0)
319 			goto error_free_cert;
320 	} else if (!prep->trusted) {
321 		ret = x509_validate_trust(cert, get_system_trusted_keyring());
322 		if (!ret)
323 			prep->trusted = 1;
324 	}
325 
326 	/* Propose a description */
327 	sulen = strlen(cert->subject);
328 	if (cert->raw_skid) {
329 		srlen = cert->raw_skid_size;
330 		q = cert->raw_skid;
331 	} else {
332 		srlen = cert->raw_serial_size;
333 		q = cert->raw_serial;
334 	}
335 
336 	ret = -ENOMEM;
337 	desc = kmalloc(sulen + 2 + srlen * 2 + 1, GFP_KERNEL);
338 	if (!desc)
339 		goto error_free_cert;
340 	p = memcpy(desc, cert->subject, sulen);
341 	p += sulen;
342 	*p++ = ':';
343 	*p++ = ' ';
344 	p = bin2hex(p, q, srlen);
345 	*p = 0;
346 
347 	kids = kmalloc(sizeof(struct asymmetric_key_ids), GFP_KERNEL);
348 	if (!kids)
349 		goto error_free_desc;
350 	kids->id[0] = cert->id;
351 	kids->id[1] = cert->skid;
352 
353 	/* We're pinning the module by being linked against it */
354 	__module_get(public_key_subtype.owner);
355 	prep->type_data[0] = &public_key_subtype;
356 	prep->type_data[1] = kids;
357 	prep->payload[0] = cert->pub;
358 	prep->description = desc;
359 	prep->quotalen = 100;
360 
361 	/* We've finished with the certificate */
362 	cert->pub = NULL;
363 	cert->id = NULL;
364 	cert->skid = NULL;
365 	desc = NULL;
366 	ret = 0;
367 
368 error_free_desc:
369 	kfree(desc);
370 error_free_cert:
371 	x509_free_certificate(cert);
372 	return ret;
373 }
374 
375 static struct asymmetric_key_parser x509_key_parser = {
376 	.owner	= THIS_MODULE,
377 	.name	= "x509",
378 	.parse	= x509_key_preparse,
379 };
380 
381 /*
382  * Module stuff
383  */
384 static int __init x509_key_init(void)
385 {
386 	return register_asymmetric_key_parser(&x509_key_parser);
387 }
388 
389 static void __exit x509_key_exit(void)
390 {
391 	unregister_asymmetric_key_parser(&x509_key_parser);
392 }
393 
394 module_init(x509_key_init);
395 module_exit(x509_key_exit);
396 
397 MODULE_DESCRIPTION("X.509 certificate parser");
398 MODULE_LICENSE("GPL");
399