1// SPDX-License-Identifier: GPL-2.0-or-later
2/* Validate the trust chain of a PKCS#7 message.
3 *
4 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
5 * Written by David Howells (dhowells@redhat.com)
6 */
7
8#define pr_fmt(fmt) "PKCS7: "fmt
9#include <linux/kernel.h>
10#include <linux/export.h>
11#include <linux/slab.h>
12#include <linux/err.h>
13#include <linux/asn1.h>
14#include <linux/key.h>
15#include <keys/asymmetric-type.h>
16#include <crypto/public_key.h>
17#include "pkcs7_parser.h"
18
19/*
20 * Check the trust on one PKCS#7 SignedInfo block.
21 */
22static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
23				    struct pkcs7_signed_info *sinfo,
24				    struct key *trust_keyring)
25{
26	struct public_key_signature *sig = sinfo->sig;
27	struct x509_certificate *x509, *last = NULL, *p;
28	struct key *key;
29	int ret;
30
31	kenter(",%u,", sinfo->index);
32
33	if (sinfo->unsupported_crypto) {
34		kleave(" = -ENOPKG [cached]");
35		return -ENOPKG;
36	}
37
38	for (x509 = sinfo->signer; x509; x509 = x509->signer) {
39		if (x509->seen) {
40			if (x509->verified)
41				goto verified;
42			kleave(" = -ENOKEY [cached]");
43			return -ENOKEY;
44		}
45		x509->seen = true;
46
47		/* Look to see if this certificate is present in the trusted
48		 * keys.
49		 */
50		key = find_asymmetric_key(trust_keyring,
51					  x509->id, x509->skid, NULL, false);
52		if (!IS_ERR(key)) {
53			/* One of the X.509 certificates in the PKCS#7 message
54			 * is apparently the same as one we already trust.
55			 * Verify that the trusted variant can also validate
56			 * the signature on the descendant.
57			 */
58			pr_devel("sinfo %u: Cert %u as key %x\n",
59				 sinfo->index, x509->index, key_serial(key));
60			goto matched;
61		}
62		if (key == ERR_PTR(-ENOMEM))
63			return -ENOMEM;
64
65		 /* Self-signed certificates form roots of their own, and if we
66		  * don't know them, then we can't accept them.
67		  */
68		if (x509->signer == x509) {
69			kleave(" = -ENOKEY [unknown self-signed]");
70			return -ENOKEY;
71		}
72
73		might_sleep();
74		last = x509;
75		sig = last->sig;
76	}
77
78	/* No match - see if the root certificate has a signer amongst the
79	 * trusted keys.
80	 */
81	if (last && (last->sig->auth_ids[0] || last->sig->auth_ids[1])) {
82		key = find_asymmetric_key(trust_keyring,
83					  last->sig->auth_ids[0],
84					  last->sig->auth_ids[1],
85					  NULL, false);
86		if (!IS_ERR(key)) {
87			x509 = last;
88			pr_devel("sinfo %u: Root cert %u signer is key %x\n",
89				 sinfo->index, x509->index, key_serial(key));
90			goto matched;
91		}
92		if (PTR_ERR(key) != -ENOKEY)
93			return PTR_ERR(key);
94	}
95
96	/* As a last resort, see if we have a trusted public key that matches
97	 * the signed info directly.
98	 */
99	key = find_asymmetric_key(trust_keyring,
100				  sinfo->sig->auth_ids[0], NULL, NULL, false);
101	if (!IS_ERR(key)) {
102		pr_devel("sinfo %u: Direct signer is key %x\n",
103			 sinfo->index, key_serial(key));
104		x509 = NULL;
105		sig = sinfo->sig;
106		goto matched;
107	}
108	if (PTR_ERR(key) != -ENOKEY)
109		return PTR_ERR(key);
110
111	kleave(" = -ENOKEY [no backref]");
112	return -ENOKEY;
113
114matched:
115	ret = verify_signature(key, sig);
116	key_put(key);
117	if (ret < 0) {
118		if (ret == -ENOMEM)
119			return ret;
120		kleave(" = -EKEYREJECTED [verify %d]", ret);
121		return -EKEYREJECTED;
122	}
123
124verified:
125	if (x509) {
126		x509->verified = true;
127		for (p = sinfo->signer; p != x509; p = p->signer)
128			p->verified = true;
129	}
130	kleave(" = 0");
131	return 0;
132}
133
134/**
135 * pkcs7_validate_trust - Validate PKCS#7 trust chain
136 * @pkcs7: The PKCS#7 certificate to validate
137 * @trust_keyring: Signing certificates to use as starting points
138 *
139 * Validate that the certificate chain inside the PKCS#7 message intersects
140 * keys we already know and trust.
141 *
142 * Returns, in order of descending priority:
143 *
144 *  (*) -EKEYREJECTED if a signature failed to match for which we have a valid
145 *	key, or:
146 *
147 *  (*) 0 if at least one signature chain intersects with the keys in the trust
148 *	keyring, or:
149 *
150 *  (*) -ENOPKG if a suitable crypto module couldn't be found for a check on a
151 *	chain.
152 *
153 *  (*) -ENOKEY if we couldn't find a match for any of the signature chains in
154 *	the message.
155 *
156 * May also return -ENOMEM.
157 */
158int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
159			 struct key *trust_keyring)
160{
161	struct pkcs7_signed_info *sinfo;
162	struct x509_certificate *p;
163	int cached_ret = -ENOKEY;
164	int ret;
165
166	for (p = pkcs7->certs; p; p = p->next)
167		p->seen = false;
168
169	for (sinfo = pkcs7->signed_infos; sinfo; sinfo = sinfo->next) {
170		ret = pkcs7_validate_trust_one(pkcs7, sinfo, trust_keyring);
171		switch (ret) {
172		case -ENOKEY:
173			continue;
174		case -ENOPKG:
175			if (cached_ret == -ENOKEY)
176				cached_ret = -ENOPKG;
177			continue;
178		case 0:
179			cached_ret = 0;
180			continue;
181		default:
182			return ret;
183		}
184	}
185
186	return cached_ret;
187}
188EXPORT_SYMBOL_GPL(pkcs7_validate_trust);
189