1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* Validate the trust chain of a PKCS#7 message.
4 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
5 * Written by David Howells (dhowells@redhat.com)
8 #define pr_fmt(fmt) "PKCS7: "fmt
9 #include <linux/kernel.h>
10 #include <linux/export.h>
11 #include <linux/slab.h>
12 #include <linux/err.h>
13 #include <linux/asn1.h>
14 #include <linux/key.h>
15 #include <keys/asymmetric-type.h>
16 #include <crypto/public_key.h>
17 #include "pkcs7_parser.h"
20 * Check the trust on one PKCS#7 SignedInfo block.
22 static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
23 struct pkcs7_signed_info *sinfo,
24 struct key *trust_keyring)
26 struct public_key_signature *sig = sinfo->sig;
27 struct x509_certificate *x509, *last = NULL, *p;
31 kenter(",%u,", sinfo->index);
33 if (sinfo->unsupported_crypto) {
34 kleave(" = -ENOPKG [cached]");
38 for (x509 = sinfo->signer; x509; x509 = x509->signer) {
42 kleave(" = -ENOKEY [cached]");
47 /* Look to see if this certificate is present in the trusted
50 key = find_asymmetric_key(trust_keyring,
51 x509->id, x509->skid, NULL, false);
53 /* One of the X.509 certificates in the PKCS#7 message
54 * is apparently the same as one we already trust.
55 * Verify that the trusted variant can also validate
56 * the signature on the descendant.
58 pr_devel("sinfo %u: Cert %u as key %x\n",
59 sinfo->index, x509->index, key_serial(key));
62 if (key == ERR_PTR(-ENOMEM))
65 /* Self-signed certificates form roots of their own, and if we
66 * don't know them, then we can't accept them.
68 if (x509->signer == x509) {
69 kleave(" = -ENOKEY [unknown self-signed]");
78 /* No match - see if the root certificate has a signer amongst the
81 if (last && (last->sig->auth_ids[0] || last->sig->auth_ids[1])) {
82 key = find_asymmetric_key(trust_keyring,
83 last->sig->auth_ids[0],
84 last->sig->auth_ids[1],
88 pr_devel("sinfo %u: Root cert %u signer is key %x\n",
89 sinfo->index, x509->index, key_serial(key));
92 if (PTR_ERR(key) != -ENOKEY)
96 /* As a last resort, see if we have a trusted public key that matches
97 * the signed info directly.
99 key = find_asymmetric_key(trust_keyring,
100 sinfo->sig->auth_ids[0], NULL, NULL, false);
102 pr_devel("sinfo %u: Direct signer is key %x\n",
103 sinfo->index, key_serial(key));
108 if (PTR_ERR(key) != -ENOKEY)
111 kleave(" = -ENOKEY [no backref]");
115 ret = verify_signature(key, sig);
120 kleave(" = -EKEYREJECTED [verify %d]", ret);
121 return -EKEYREJECTED;
126 x509->verified = true;
127 for (p = sinfo->signer; p != x509; p = p->signer)
135 * pkcs7_validate_trust - Validate PKCS#7 trust chain
136 * @pkcs7: The PKCS#7 certificate to validate
137 * @trust_keyring: Signing certificates to use as starting points
139 * Validate that the certificate chain inside the PKCS#7 message intersects
140 * keys we already know and trust.
142 * Returns, in order of descending priority:
144 * (*) -EKEYREJECTED if a signature failed to match for which we have a valid
147 * (*) 0 if at least one signature chain intersects with the keys in the trust
150 * (*) -ENOPKG if a suitable crypto module couldn't be found for a check on a
153 * (*) -ENOKEY if we couldn't find a match for any of the signature chains in
156 * May also return -ENOMEM.
158 int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
159 struct key *trust_keyring)
161 struct pkcs7_signed_info *sinfo;
162 struct x509_certificate *p;
163 int cached_ret = -ENOKEY;
166 for (p = pkcs7->certs; p; p = p->next)
169 for (sinfo = pkcs7->signed_infos; sinfo; sinfo = sinfo->next) {
170 ret = pkcs7_validate_trust_one(pkcs7, sinfo, trust_keyring);
175 if (cached_ret == -ENOKEY)
176 cached_ret = -ENOPKG;
188 EXPORT_SYMBOL_GPL(pkcs7_validate_trust);