04 Aug, 2015
1 commit
-
commit f2b3dee484f9cee967a54ef05a66866282337519 upstream.
The call to asymmetric_key_hex_to_key_id() from ca_keys_setup()
silently fails with -ENOMEM. Instead of dynamically allocating
memory from a __setup function, this patch defines a variable
and calls __asymmetric_key_hex_to_key_id(), a new helper function,
directly.This bug was introduced by 'commit 46963b774d44 ("KEYS: Overhaul
key identification when searching for asymmetric keys")'.Changelog:
- for clarification, rename hexlen to asciihexlen in
asymmetric_key_hex_to_key_id()
- add size argument to __asymmetric_key_hex_to_key_id() - David Howells
- inline __asymmetric_key_hex_to_key_id() - David Howells
- remove duplicate strlen() callsAcked-by: David Howells
Signed-off-by: Mimi Zohar
Signed-off-by: Greg Kroah-Hartman
12 Oct, 2014
1 commit
-
Pull security subsystem updates from James Morris.
Mostly ima, selinux, smack and key handling updates.
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (65 commits)
integrity: do zero padding of the key id
KEYS: output last portion of fingerprint in /proc/keys
KEYS: strip 'id:' from ca_keyid
KEYS: use swapped SKID for performing partial matching
KEYS: Restore partial ID matching functionality for asymmetric keys
X.509: If available, use the raw subjKeyId to form the key description
KEYS: handle error code encoded in pointer
selinux: normalize audit log formatting
selinux: cleanup error reporting in selinux_nlmsg_perm()
KEYS: Check hex2bin()'s return when generating an asymmetric key ID
ima: detect violations for mmaped files
ima: fix race condition on ima_rdwr_violation_check and process_measurement
ima: added ima_policy_flag variable
ima: return an error code from ima_add_boot_aggregate()
ima: provide 'ima_appraise=log' kernel option
ima: move keyring initialization to ima_init()
PKCS#7: Handle PKCS#7 messages that contain no X.509 certs
PKCS#7: Better handling of unsupported crypto
KEYS: Overhaul key identification when searching for asymmetric keys
KEYS: Implement binary asymmetric key ID handling
...
07 Oct, 2014
2 commits
-
Previous version of KEYS used to output last 4 bytes of fingerprint.
Now it outputs 8 last bytes of raw subject, which does not make any
visual meaning at all. This patch restores old behavior.Signed-off-by: Dmitry Kasatkin
Signed-off-by: David Howells -
The 'id:' prefix must be stripped for asymmetric_key_hex_to_key_id() to be
able to process ca_keyid.Signed-off-by: Dmitry Kasatkin
Signed-off-by: David Howells
06 Oct, 2014
2 commits
-
Earlier KEYS code used pure subject key identifiers (fingerprint)
for searching keys. Latest merged code removed that and broke
compatibility with integrity subsytem signatures and original
format of module signatures.This patch returns back partial matching on SKID.
Reported-by: Dmitry Kasatkin
Signed-off-by: Dmitry Kasatkin
Signed-off-by: David Howells -
Bring back the functionality whereby an asymmetric key can be matched with a
partial match on one of its IDs.Whilst we're at it, allow for the possibility of having an increased number of
IDs.Reported-by: Dmitry Kasatkin
Signed-off-by: Dmitry Kasatkin
Signed-off-by: David Howells
03 Oct, 2014
2 commits
-
Module signing matches keys by comparing against the key description exactly.
However, the way the key description gets constructed got changed to be
composed of the subject name plus the certificate serial number instead of the
subject name and the subjectKeyId. I changed this to avoid problems with
certificates that don't *have* a subjectKeyId.Instead, if available, use the raw subjectKeyId to form the key description
and only use the serial number if the subjectKeyId doesn't exist.Reported-by: Dmitry Kasatkin
Signed-off-by: David Howells -
If hexlen is odd then function returns an error.
Use IS_ERR to check for error, otherwise invalid pointer
is used and kernel gives oops:[ 132.816522] BUG: unable to handle kernel paging request at
ffffffffffffffea
[ 132.819902] IP: [] asymmetric_key_id_same+0x14/0x36
[ 132.820302] PGD 1a12067 PUD 1a14067 PMD 0
[ 132.820302] Oops: 0000 [#1] SMP
[ 132.820302] Modules linked in: bridge(E) stp(E) llc(E) evdev(E)
serio_raw(E) i2c_piix4(E) button(E) fuse(E)
[ 132.820302] CPU: 0 PID: 2993 Comm: cat Tainted: G E
3.16.0-kds+ #2847
[ 132.820302] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 132.820302] task: ffff88004249a430 ti: ffff880056640000 task.ti:
ffff880056640000
[ 132.820302] RIP: 0010:[] []
asymmetric_key_id_same+0x14/0x36
[ 132.820302] RSP: 0018:ffff880056643930 EFLAGS: 00010246
[ 132.820302] RAX: 0000000000000000 RBX: ffffffffffffffea RCX:
ffff880056643ae0
[ 132.820302] RDX: 000000000000005e RSI: ffffffffffffffea RDI:
ffff88005bac9300
[ 132.820302] RBP: ffff880056643948 R08: 0000000000000003 R09:
00000007504aa01a
[ 132.820302] R10: 0000000000000000 R11: 0000000000000000 R12:
ffff88005d68ca40
[ 132.820302] R13: 0000000000000101 R14: 0000000000000000 R15:
ffff88005bac5280
[ 132.820302] FS: 00007f67a153c740(0000) GS:ffff88005da00000(0000)
knlGS:0000000000000000
[ 132.820302] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 132.820302] CR2: ffffffffffffffea CR3: 000000002e663000 CR4:
00000000000006f0
[ 132.820302] Stack:
[ 132.820302] ffffffff812bfc66 ffff880056643ae0 ffff88005bac5280
ffff880056643958
[ 132.820302] ffffffff812bfc9d ffff880056643980 ffffffff812971d9
ffff88005ce930c1
[ 132.820302] ffff88005ce930c0 0000000000000000 ffff8800566439c8
ffffffff812fb753
[ 132.820302] Call Trace:
[ 132.820302] [] ? asymmetric_match_key_ids+0x24/0x42
[ 132.820302] [] asymmetric_key_cmp+0x19/0x1b
[ 132.820302] [] keyring_search_iterator+0x74/0xd7
[ 132.820302] [] assoc_array_subtree_iterate+0x67/0xd2
[ 132.820302] [] ? key_default_cmp+0x20/0x20
[ 132.820302] [] assoc_array_iterate+0x19/0x1e
[ 132.820302] [] search_nested_keyrings+0xf6/0x2b6
[ 132.820302] [] ? sched_clock_cpu+0x91/0xa2
[ 132.820302] [] ? mark_held_locks+0x58/0x6e
[ 132.820302] [] ? current_kernel_time+0x77/0xb8
[ 132.820302] [] keyring_search_aux+0xe1/0x14c
[ 132.820302] [] ? keyring_search_aux+0x6c/0x14c
[ 132.820302] [] keyring_search+0x8f/0xb6
[ 132.820302] [] ? asymmetric_match_key_ids+0x42/0x42
[ 132.820302] [] ? key_default_cmp+0x20/0x20
[ 132.820302] [] asymmetric_verify+0xa4/0x214
[ 132.820302] [] integrity_digsig_verify+0xb1/0xe2
[ 132.820302] [] ? evm_verifyxattr+0x6a/0x7a
[ 132.820302] [] ima_appraise_measurement+0x160/0x370
[ 132.820302] [] ? d_absolute_path+0x5b/0x7a
[ 132.820302] [] process_measurement+0x322/0x404Reported-by: Dmitry Kasatkin
Signed-off-by: Dmitry Kasatkin
Signed-off-by: David Howells
22 Sep, 2014
1 commit
-
As it stands, the code to generate an asymmetric key ID prechecks the hex
string it is given whilst determining the length, before it allocates the
buffer for hex2bin() to translate into - which mean that checking the result of
hex2bin() is redundant.Unfortunately, hex2bin() is marked as __must_check, which means that the
following warning may be generated if the return value isn't checked:crypto/asymmetric_keys/asymmetric_type.c: In function
asymmetric_key_hex_to_key_id:
crypto/asymmetric_keys/asymmetric_type.c:110: warning: ignoring return
value of hex2bin, declared with attribute warn_unused_resultThe warning can't be avoided by casting the result to void.
Instead, use strlen() to check the length of the string and ignore the fact
that the string might not be entirely valid hex until after the allocation has
been done - in which case we can use the result of hex2bin() for this.Signed-off-by: David Howells
17 Sep, 2014
13 commits
-
The X.509 certificate list in a PKCS#7 message is optional. To save space, we
can omit the inclusion of any X.509 certificates if we are sure that we can
look the relevant public key up by the serial number and issuer given in a
signed info block.This also supports use of a signed info block for which we can't find a
matching X.509 cert in the certificate list, though it be populated.Signed-off-by: David Howells
Acked-by: Vivek Goyal -
Provide better handling of unsupported crypto when verifying a PKCS#7 message.
If we can't bridge the gap between a pair of X.509 certs or between a signed
info block and an X.509 cert because it involves some crypto we don't support,
that's not necessarily the end of the world as there may be other ways points
at which we can intersect with a ring of trusted keys.Instead, only produce ENOPKG immediately if all the signed info blocks in a
PKCS#7 message require unsupported crypto to bridge to the first X.509 cert.
Otherwise, we defer the generation of ENOPKG until we get ENOKEY during trust
validation.Signed-off-by: David Howells
Acked-by: Vivek Goyal -
Make use of the new match string preparsing to overhaul key identification
when searching for asymmetric keys. The following changes are made:(1) Use the previously created asymmetric_key_id struct to hold the following
key IDs derived from the X.509 certificate or PKCS#7 message:id: serial number + issuer
skid: subjKeyId + subject
authority: authKeyId + issuer(2) Replace the hex fingerprint attached to key->type_data[1] with an
asymmetric_key_ids struct containing the id and the skid (if present).(3) Make the asymmetric_type match data preparse select one of two searches:
(a) An iterative search for the key ID given if prefixed with "id:". The
prefix is expected to be followed by a hex string giving the ID to
search for. The criterion key ID is checked against all key IDs
recorded on the key.(b) A direct search if the key ID is not prefixed with "id:". This will
look for an exact match on the key description.(4) Make x509_request_asymmetric_key() take a key ID. This is then converted
into "id:" and passed into keyring_search() where match preparsing
will turn it back into a binary ID.(5) X.509 certificate verification then takes the authority key ID and looks
up a key that matches it to find the public key for the certificate
signature.(6) PKCS#7 certificate verification then takes the id key ID and looks up a
key that matches it to find the public key for the signed information
block signature.Additional changes:
(1) Multiple subjKeyId and authKeyId values on an X.509 certificate cause the
cert to be rejected with -EBADMSG.(2) The 'fingerprint' ID is gone. This was primarily intended to convey PGP
public key fingerprints. If PGP is supported in future, this should
generate a key ID that carries the fingerprint.(3) Th ca_keyid= kernel command line option is now converted to a key ID and
used to match the authority key ID. Possibly this should only match the
actual authKeyId part and not the issuer as well.Signed-off-by: David Howells
Acked-by: Vivek Goyal -
Implement the first step in using binary key IDs for asymmetric keys rather
than hex string keys.The previously added match data preparsing will be able to convert hex
criterion strings into binary which can then be compared more rapidly.Further, we actually want more then one ID string per public key. The problem
is that X.509 certs refer to other X.509 certs by matching Issuer + AuthKeyId
to Subject + SubjKeyId, but PKCS#7 messages match against X.509 Issuer +
SerialNumber.This patch just provides facilities for a later patch to make use of.
Signed-off-by: David Howells
Acked-by: Vivek Goyal -
Make the key matching functions pointed to by key_match_data::cmp return bool
rather than int.Signed-off-by: David Howells
Acked-by: Vivek Goyal -
A previous patch added a ->match_preparse() method to the key type. This is
allowed to override the function called by the iteration algorithm.
Therefore, we can just set a default that simply checks for an exact match of
the key description with the original criterion data and allow match_preparse
to override it as needed.The key_type::match op is then redundant and can be removed, as can the
user_match() function.Signed-off-by: David Howells
Acked-by: Vivek Goyal -
Remove key_type::def_lookup_type as it's no longer used. The information now
defaults to KEYRING_SEARCH_LOOKUP_DIRECT but may be overridden by
type->match_preparse().Signed-off-by: David Howells
Acked-by: Vivek Goyal -
Preparse the match data. This provides several advantages:
(1) The preparser can reject invalid criteria up front.
(2) The preparser can convert the criteria to binary data if necessary (the
asymmetric key type really wants to do binary comparison of the key IDs).(3) The preparser can set the type of search to be performed. This means
that it's not then a one-off setting in the key type.(4) The preparser can set an appropriate comparator function.
Signed-off-by: David Howells
Acked-by: Vivek Goyal -
Merge in keyrings fixes for next:
(1) Insert some missing 'static' annotations.
Signed-off-by: David Howells
-
Merge in keyrings fixes, at least some of which later patches depend on:
(1) Reinstate the production of EPERM for key types beginning with '.' in
requests from userspace.(2) Tidy up the cleanup of PKCS#7 message signed information blocks and fix a
bug this made more obvious.Signed-off-by: David Howells
-
Fix the parser cleanup code to drain parsed out X.509 certs in the case that
the decode fails and we jump to error_decode.The function is rearranged so that the same cleanup code is used in the success
case as the error case - just that the message descriptor under construction is
only released if it is still pointed to by the context struct at that point.Signed-off-by: David Howells
Acked-by: Vivek Goyal -
The code to free a signed info block is repeated several times, so move the
code to do it into a function of its own. This gives us a place to add clean
ups for stuff that gets added to pkcs7_signed_info.Signed-off-by: David Howells
Acked-by: Vivek Goyal -
Add a missing static (found by checker).
Signed-off-by: David Howells
Acked-by: Vivek Goyal
03 Sep, 2014
3 commits
-
Printing in base signature handling should have a prefix, so set pr_fmt().
Signed-off-by: David Howells
Signed-off-by: James Morris -
Relax the check on the length of the PKCS#7 cert as it appears that the PE
file wrapper size gets rounded up to the nearest 8.The debugging output looks like this:
PEFILE: ==> verify_pefile_signature()
PEFILE: ==> pefile_parse_binary()
PEFILE: checksum @ 110
PEFILE: header size = 200
PEFILE: cert = 968 @547be0 [68 09 00 00 00 02 02 00 30 82 09 56 ]
PEFILE: sig wrapper = { 968, 200, 2 }
PEFILE: Signature data not PKCS#7The wrapper is the first 8 bytes of the hex dump inside []. This indicates a
length of 0x968 bytes, including the wrapper header - so 0x960 bytes of
payload.The ASN.1 wrapper begins [ ... 30 82 09 56 ]. That indicates an object of size
0x956 - a four byte discrepency, presumably just padding for alignment
purposes.So we just check that the ASN.1 container is no bigger than the payload and
reduce the recorded size appropriately.Whilst we're at it, allow shorter PKCS#7 objects that manage to squeeze within
127 or 255 bytes. It's just about conceivable if no X.509 certs are included
in the PKCS#7 message.Reported-by: Vivek Goyal
Signed-off-by: David Howells
Acked-by: Vivek Goyal
Acked-by: Peter Jones
Signed-off-by: James Morris -
The length of the name of an asymmetric key subtype must be stored in struct
asymmetric_key_subtype::name_len so that it can be matched by a search for
":". Fix the public_key subtype to have
name_len set.Signed-off-by: David Howells
Signed-off-by: James Morris
03 Aug, 2014
1 commit
-
Need to export x509_request_asymmetric_key() so that PKCS#7 can use it if
compiled as a module.Reported-by: James Morris
Signed-off-by: David Howells
31 Jul, 2014
1 commit
-
X.509 certificate issuer and subject fields are mandatory fields in the ASN.1
and so their existence needn't be tested for. They are guaranteed to end up
with an empty string if the name material has nothing we can use (see
x509_fabricate_name()).Reported-by: Dan Carpenter
Signed-off-by: David Howells
Acked-by: Vivek Goyal
29 Jul, 2014
1 commit
-
pkcs7_request_asymmetric_key() and x509_request_asymmetric_key() do the same
thing, the latter being a copy of the former created by the IMA folks, so drop
the PKCS#7 version as the X.509 location is more general.Whilst we're at it, rename the arguments of x509_request_asymmetric_key() to
better reflect what the values being passed in are intended to match on an
X.509 cert.Signed-off-by: David Howells
Acked-by: Mimi Zohar
28 Jul, 2014
2 commits
-
x509_request_asymmetric_keys() doesn't need the lengths of the NUL-terminated
strings passing in as it can work that out for itself.Signed-off-by: David Howells
Acked-by: Mimi Zohar -
Fixes the following sparse warnings:
crypto/asymmetric_keys/pkcs7_key_type.c:73:17: warning:
symbol 'key_type_pkcs7' was not declared. Should it be static?Signed-off-by: Wei Yongjun
Signed-off-by: David Howells
25 Jul, 2014
1 commit
-
crypto/asymmetric_keys/pkcs7_key_type.c needs to #include linux/err.h rather
than relying on getting it through other headers.Without this, the powerpc allyesconfig build fails.
Reported-by: Stephen Rothwell
Signed-off-by: David Howells
23 Jul, 2014
5 commits
-
Signed-off-by: David Howells
-
Signed-off-by: David Howells
-
Here's a set of changes that implement a PE file signature checker.
This provides the following facility:
(1) Extract the signature from the PE file. This is a PKCS#7 message
containing, as its data, a hash of the signed parts of the file.(2) Digest the signed parts of the file.
(3) Compare the digest with the one from the PKCS#7 message.
(4) Validate the signatures on the PKCS#7 message and indicate
whether it was matched by a trusted key.Signed-off-by: David Howells
-
Here's a set of changes that implement a PKCS#7 message parser in the kernel.
The PKCS#7 message parsing will then be used to limit kexec to authenticated
kernels only if so configured.The changes provide the following facilities:
(1) Parse an ASN.1 PKCS#7 message and pick out useful bits such as the data
content and the X.509 certificates used to sign it and all the data
signatures.(2) Verify all the data signatures against the set of X.509 certificates
available in the message.(3) Follow the certificate chains and verify that:
(a) for every self-signed X.509 certificate, check that it validly signed
itself, and:(b) for every non-self-signed certificate, if we have a 'parent'
certificate, the former is validly signed by the latter.(4) Look for intersections between the certificate chains and the trusted
keyring, if any intersections are found, verify that the trusted
certificates signed the intersection point in the chain.(5) For testing purposes, a key type can be made available that will take a
PKCS#7 message, check that the message is trustworthy, and if so, add its
data content into the key.Note that (5) has to be altered to take account of the preparsing patches
already committed to this branch.Signed-off-by: David Howells
-
struct key_preparsed_payload should have two payload pointers to correspond
with those in struct key.Signed-off-by: David Howells
Acked-by: Steve Dickson
Acked-by: Jeff Layton
Reviewed-by: Sage Weil
19 Jul, 2014
1 commit
-
Provide a generic instantiation function for key types that use the preparse
hook. This makes it easier to prereserve key quota before keyrings get locked
to retain the new key.Signed-off-by: David Howells
Acked-by: Steve Dickson
Acked-by: Jeff Layton
Reviewed-by: Sage Weil
18 Jul, 2014
1 commit
-
You can select MPILIB_EXTRA all you want, it doesn't exist ;-)
Surprised kconfig doesn't complain about that...
Signed-off-by: Jean Delvare
Acked-by: Marek Vasut
Signed-off-by: David Howells
Cc: Herbert Xu
Cc: "David S. Miller"
17 Jul, 2014
2 commits
-
Instead of allowing public keys, with certificates signed by any
key on the system trusted keyring, to be added to a trusted keyring,
this patch further restricts the certificates to those signed only by
builtin keys on the system keyring.This patch defines a new option 'builtin' for the kernel parameter
'keys_ownerid' to allow trust validation using builtin keys.Simplified Mimi's "KEYS: define an owner trusted keyring" patch
Changelog v7:
- rename builtin_keys to use_builtin_keysSigned-off-by: Dmitry Kasatkin
Signed-off-by: Mimi Zohar -
Instead of allowing public keys, with certificates signed by any
key on the system trusted keyring, to be added to a trusted keyring,
this patch further restricts the certificates to those signed by a
particular key on the system keyring.This patch defines a new kernel parameter 'ca_keys' to identify the
specific key which must be used for trust validation of certificates.Simplified Mimi's "KEYS: define an owner trusted keyring" patch.
Changelog:
- support for builtin x509 public keys only
- export "asymmetric_keyid_match"
- remove ifndefs MODULE
- rename kernel boot parameter from keys_ownerid to ca_keysSigned-off-by: Dmitry Kasatkin
Signed-off-by: Mimi Zohar