forked from Minki/linux
7d30198ee2
There are non-root X.509 v3 certificates in use out there that contain no Authority Key Identifier extension (RFC5280 section 4.2.1.1). For trust verification purposes the kernel asymmetric key type keeps two struct asymmetric_key_id instances that the key can be looked up by, and another two to look up the key's issuer. The x509 public key type and the PKCS7 type generate them from the SKID and AKID extensions in the certificate. In effect current code has no way to look up the issuer certificate for verification without the AKID. To remedy this, add a third asymmetric_key_id blob to the arrays in both asymmetric_key_id's (for certficate subject) and in the public_keys_signature's auth_ids (for issuer lookup), using just raw subject and issuer DNs from the certificate. Adapt asymmetric_key_ids() and its callers to use the third ID for lookups when none of the other two are available. Attempt to keep the logic intact when they are, to minimise behaviour changes. Adapt the restrict functions' NULL-checks to include that ID too. Do not modify the lookup logic in pkcs7_verify.c, the AKID extensions are still required there. Internally use a new "dn:" prefix to the search specifier string generated for the key lookup in find_asymmetric_key(). This tells asymmetric_key_match_preparse to only match the data against the raw DN in the third ID and shouldn't conflict with search specifiers already in use. In effect implement what (2) in the struct asymmetric_key_id comment (include/keys/asymmetric-type.h) is probably talking about already, so do not modify that comment. It is also how "openssl verify" looks up issuer certificates without the AKID available. Lookups by the raw DN are unambiguous only provided that the CAs respect the condition in RFC5280 4.2.1.1 that the AKID may only be omitted if the CA uses a single signing key. The following is an example of two things that this change enables. A self-signed ceritficate is generated following the example from https://letsencrypt.org/docs/certificates-for-localhost/, and can be looked up by an identifier and verified against itself by linking to a restricted keyring -- both things not possible before due to the missing AKID extension: $ openssl req -x509 -out localhost.crt -outform DER -keyout localhost.key \ -newkey rsa:2048 -nodes -sha256 \ -subj '/CN=localhost' -extensions EXT -config <( \ echo -e "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\n" \ "subjectAltName=DNS:localhost\nkeyUsage=digitalSignature\n" \ "extendedKeyUsage=serverAuth") $ keyring=`keyctl newring test @u` $ trusted=`keyctl padd asymmetric trusted $keyring < localhost.crt`; \ echo $trusted 39726322 $ keyctl search $keyring asymmetric dn:3112301006035504030c096c6f63616c686f7374 39726322 $ keyctl restrict_keyring $keyring asymmetric key_or_keyring:$trusted $ keyctl padd asymmetric verified $keyring < localhost.crt Signed-off-by: Andrew Zaborowski <andrew.zaborowski@intel.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Acked-by: Jarkko Sakkinen <jarkko@kernel.org> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
92 lines
2.8 KiB
C
92 lines
2.8 KiB
C
/* SPDX-License-Identifier: GPL-2.0-or-later */
|
|
/* Asymmetric Public-key cryptography key type interface
|
|
*
|
|
* See Documentation/crypto/asymmetric-keys.rst
|
|
*
|
|
* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
*/
|
|
|
|
#ifndef _KEYS_ASYMMETRIC_TYPE_H
|
|
#define _KEYS_ASYMMETRIC_TYPE_H
|
|
|
|
#include <linux/key-type.h>
|
|
#include <linux/verification.h>
|
|
|
|
extern struct key_type key_type_asymmetric;
|
|
|
|
/*
|
|
* The key payload is four words. The asymmetric-type key uses them as
|
|
* follows:
|
|
*/
|
|
enum asymmetric_payload_bits {
|
|
asym_crypto, /* The data representing the key */
|
|
asym_subtype, /* Pointer to an asymmetric_key_subtype struct */
|
|
asym_key_ids, /* Pointer to an asymmetric_key_ids struct */
|
|
asym_auth /* The key's authorisation (signature, parent key ID) */
|
|
};
|
|
|
|
/*
|
|
* Identifiers for an asymmetric key ID. We have three ways of looking up a
|
|
* key derived from an X.509 certificate:
|
|
*
|
|
* (1) Serial Number & Issuer. Non-optional. This is the only valid way to
|
|
* map a PKCS#7 signature to an X.509 certificate.
|
|
*
|
|
* (2) Issuer & Subject Unique IDs. Optional. These were the original way to
|
|
* match X.509 certificates, but have fallen into disuse in favour of (3).
|
|
*
|
|
* (3) Auth & Subject Key Identifiers. Optional. SKIDs are only provided on
|
|
* CA keys that are intended to sign other keys, so don't appear in end
|
|
* user certificates unless forced.
|
|
*
|
|
* We could also support an PGP key identifier, which is just a SHA1 sum of the
|
|
* public key and certain parameters, but since we don't support PGP keys at
|
|
* the moment, we shall ignore those.
|
|
*
|
|
* What we actually do is provide a place where binary identifiers can be
|
|
* stashed and then compare against them when checking for an id match.
|
|
*/
|
|
struct asymmetric_key_id {
|
|
unsigned short len;
|
|
unsigned char data[];
|
|
};
|
|
|
|
struct asymmetric_key_ids {
|
|
void *id[3];
|
|
};
|
|
|
|
extern bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
|
|
const struct asymmetric_key_id *kid2);
|
|
|
|
extern bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1,
|
|
const struct asymmetric_key_id *kid2);
|
|
|
|
extern struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1,
|
|
size_t len_1,
|
|
const void *val_2,
|
|
size_t len_2);
|
|
static inline
|
|
const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key)
|
|
{
|
|
return key->payload.data[asym_key_ids];
|
|
}
|
|
|
|
static inline
|
|
const struct public_key *asymmetric_key_public_key(const struct key *key)
|
|
{
|
|
return key->payload.data[asym_crypto];
|
|
}
|
|
|
|
extern struct key *find_asymmetric_key(struct key *keyring,
|
|
const struct asymmetric_key_id *id_0,
|
|
const struct asymmetric_key_id *id_1,
|
|
const struct asymmetric_key_id *id_2,
|
|
bool partial);
|
|
|
|
/*
|
|
* The payload is at the discretion of the subtype.
|
|
*/
|
|
|
|
#endif /* _KEYS_ASYMMETRIC_TYPE_H */
|