Commit 32c4741cb66703a3c282f41d77deff4afd93342a
Committed by
Mimi Zohar
1 parent
ffb70f61ba
Exists in
ti-lsk-linux-4.1.y
and in
10 other branches
KEYS: validate certificate trust only with builtin keys
Instead of allowing public keys, with certificates signed by any key on the system trusted keyring, to be added to a trusted keyring, this patch further restricts the certificates to those signed only by builtin keys on the system keyring. This patch defines a new option 'builtin' for the kernel parameter 'keys_ownerid' to allow trust validation using builtin keys. Simplified Mimi's "KEYS: define an owner trusted keyring" patch Changelog v7: - rename builtin_keys to use_builtin_keys Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Showing 4 changed files with 9 additions and 4 deletions Side-by-side Diff
Documentation/kernel-parameters.txt
... | ... | @@ -569,7 +569,7 @@ |
569 | 569 | ca_keys= [KEYS] This parameter identifies a specific key(s) on |
570 | 570 | the system trusted keyring to be used for certificate |
571 | 571 | trust validation. |
572 | - format: id:<keyid> | |
572 | + format: { id:<keyid> | builtin } | |
573 | 573 | |
574 | 574 | ccw_timeout_log [S390] |
575 | 575 | See Documentation/s390/CommonIO for details. |
crypto/asymmetric_keys/x509_public_key.c
... | ... | @@ -24,6 +24,7 @@ |
24 | 24 | #include "public_key.h" |
25 | 25 | #include "x509_parser.h" |
26 | 26 | |
27 | +static bool use_builtin_keys; | |
27 | 28 | static char *ca_keyid; |
28 | 29 | |
29 | 30 | #ifndef MODULE |
... | ... | @@ -34,6 +35,8 @@ |
34 | 35 | |
35 | 36 | if (strncmp(str, "id:", 3) == 0) |
36 | 37 | ca_keyid = str; /* owner key 'id:xxxxxx' */ |
38 | + else if (strcmp(str, "builtin") == 0) | |
39 | + use_builtin_keys = true; | |
37 | 40 | |
38 | 41 | return 1; |
39 | 42 | } |
... | ... | @@ -180,7 +183,6 @@ |
180 | 183 | static int x509_validate_trust(struct x509_certificate *cert, |
181 | 184 | struct key *trust_keyring) |
182 | 185 | { |
183 | - const struct public_key *pk; | |
184 | 186 | struct key *key; |
185 | 187 | int ret = 1; |
186 | 188 | |
... | ... | @@ -195,8 +197,9 @@ |
195 | 197 | cert->authority, |
196 | 198 | strlen(cert->authority)); |
197 | 199 | if (!IS_ERR(key)) { |
198 | - pk = key->payload.data; | |
199 | - ret = x509_check_signature(pk, cert); | |
200 | + if (!use_builtin_keys | |
201 | + || test_bit(KEY_FLAG_BUILTIN, &key->flags)) | |
202 | + ret = x509_check_signature(key->payload.data, cert); | |
200 | 203 | key_put(key); |
201 | 204 | } |
202 | 205 | return ret; |
include/linux/key.h
... | ... | @@ -170,6 +170,7 @@ |
170 | 170 | #define KEY_FLAG_INVALIDATED 7 /* set if key has been invalidated */ |
171 | 171 | #define KEY_FLAG_TRUSTED 8 /* set if key is trusted */ |
172 | 172 | #define KEY_FLAG_TRUSTED_ONLY 9 /* set if keyring only accepts links to trusted keys */ |
173 | +#define KEY_FLAG_BUILTIN 10 /* set if key is builtin */ | |
173 | 174 | |
174 | 175 | /* the key type and key description string |
175 | 176 | * - the desc is used to match a key against search criteria |
kernel/system_keyring.c