From patchwork Tue Jul 19 20:46:10 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mat Martineau X-Patchwork-Id: 9238343 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 259AE60574 for ; Tue, 19 Jul 2016 20:46:26 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 16A782624D for ; Tue, 19 Jul 2016 20:46:26 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0550F275A2; Tue, 19 Jul 2016 20:46:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8DF472787D for ; Tue, 19 Jul 2016 20:46:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752353AbcGSUqV (ORCPT ); Tue, 19 Jul 2016 16:46:21 -0400 Received: from mga02.intel.com ([134.134.136.20]:55747 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752330AbcGSUqT (ORCPT ); Tue, 19 Jul 2016 16:46:19 -0400 Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga101.jf.intel.com with ESMTP; 19 Jul 2016 13:46:17 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.28,390,1464678000"; d="scan'208";a="736825656" Received: from mjmartin-nuc01.wa.intel.com ([10.232.97.131]) by FMSMGA003.fm.intel.com with ESMTP; 19 Jul 2016 13:46:15 -0700 From: Mat Martineau To: keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, dhowells@redhat.com Cc: Mat Martineau , zohar@linux.vnet.ibm.com, marcel@holtmann.org Subject: [PATCH v5 3/6] KEYS: Restrict key linkage using a specific keychain Date: Tue, 19 Jul 2016 13:46:10 -0700 Message-Id: <20160719204613.25495-4-mathew.j.martineau@linux.intel.com> X-Mailer: git-send-email 2.9.2 In-Reply-To: <20160719204613.25495-1-mathew.j.martineau@linux.intel.com> References: <20160719204613.25495-1-mathew.j.martineau@linux.intel.com> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Adds restrict_link_by_signature_keyring(), which uses the restrict_key member of the provided destination_keyring data structure as the keyring to search for signing keys. Signed-off-by: Mat Martineau --- crypto/asymmetric_keys/restrict.c | 55 +++++++++++++++++++++++++++++++++++++++ include/crypto/public_key.h | 4 +++ 2 files changed, 59 insertions(+) diff --git a/crypto/asymmetric_keys/restrict.c b/crypto/asymmetric_keys/restrict.c index ac4bddf..d6985f8 100644 --- a/crypto/asymmetric_keys/restrict.c +++ b/crypto/asymmetric_keys/restrict.c @@ -106,3 +106,58 @@ int restrict_link_by_signature(struct key *trust_keyring, key_put(key); return ret; } + +/** + * restrict_link_by_keyring - Restrict additions to a ring of public + * keys using the restrict_key information stored in the ring. + * @destination_keyring: Keyring being linked to. + * @type: The type of key being added. + * @payload: The payload of the new key. + * + * Check the new certificate only against the keys in the + * destination_keyring->restrict_key ring. If one of those is the + * signing key and validates the new certificate, then mark the new + * certificate as being ok to link. + * + * Returns 0 if the new certificate was accepted, -ENOKEY if we + * couldn't find a matching parent certificate in the trusted list, + * -EKEYREJECTED if the signature check fails, and some other error if + * there is a matching certificate but the signature check cannot be + * performed. + */ +int restrict_link_by_keyring(struct key *destination_keyring, + const struct key_type *type, + const union key_payload *payload) +{ + const struct public_key_signature *sig; + struct key *key; + int ret; + + pr_devel("==>%s()\n", __func__); + + if (!destination_keyring) + return -ENOKEY; + else if (destination_keyring->type != &key_type_keyring) + return -EOPNOTSUPP; + + if (!destination_keyring->restrict_key) + return -ENOKEY; + + if (type != &key_type_asymmetric) + return -EOPNOTSUPP; + + sig = payload->data[asym_auth]; + if (!sig->auth_ids[0] && !sig->auth_ids[1]) + return -ENOKEY; + + /* See if we have a key that signed this one. */ + key = find_asymmetric_key(destination_keyring->restrict_key, + sig->auth_ids[0], sig->auth_ids[1], + false); + if (IS_ERR(key)) + return -ENOKEY; + + ret = verify_signature(key, sig); + key_put(key); + return ret; +} diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h index c5e569b..53e8928 100644 --- a/include/crypto/public_key.h +++ b/include/crypto/public_key.h @@ -58,6 +58,10 @@ extern int restrict_link_by_signature(struct key *trust_keyring, const struct key_type *type, const union key_payload *payload); +extern int restrict_link_by_keyring(struct key *trust_keyring, + const struct key_type *type, + const union key_payload *payload); + extern int query_asymmetric_key(const struct kernel_pkey_params *, struct kernel_pkey_query *);