From patchwork Thu Oct 20 23:55:20 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mat Martineau X-Patchwork-Id: 9387765 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 48464607F0 for ; Thu, 20 Oct 2016 23:55:38 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4BFE629B14 for ; Thu, 20 Oct 2016 23:55:38 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4126529B29; Thu, 20 Oct 2016 23:55:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C5C2529B14 for ; Thu, 20 Oct 2016 23:55:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753868AbcJTXzf (ORCPT ); Thu, 20 Oct 2016 19:55:35 -0400 Received: from mga04.intel.com ([192.55.52.120]:9237 "EHLO mga04.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753832AbcJTXzb (ORCPT ); Thu, 20 Oct 2016 19:55:31 -0400 Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga104.fm.intel.com with ESMTP; 20 Oct 2016 16:55:28 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,521,1473145200"; d="scan'208";a="1056884015" Received: from mjmartin-nuc01.wa.intel.com ([10.232.97.135]) by fmsmga001.fm.intel.com with ESMTP; 20 Oct 2016 16:55:28 -0700 From: Mat Martineau To: keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, dhowells@redhat.com Cc: Mat Martineau , zohar@linux.vnet.ibm.com Subject: [PATCH v8 08/11] KEYS: Add a lookup_restrict function for the asymmetric key type Date: Thu, 20 Oct 2016 16:55:20 -0700 Message-Id: <20161020235523.11703-9-mathew.j.martineau@linux.intel.com> X-Mailer: git-send-email 2.10.1 In-Reply-To: <20161020235523.11703-1-mathew.j.martineau@linux.intel.com> References: <20161020235523.11703-1-mathew.j.martineau@linux.intel.com> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Look up asymmetric keyring restriction information using the key-type lookup_restrict hook. Signed-off-by: Mat Martineau --- Documentation/crypto/asymmetric-keys.txt | 35 ++++++++++++++++++++++++++ crypto/asymmetric_keys/asymmetric_type.c | 42 ++++++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+) diff --git a/Documentation/crypto/asymmetric-keys.txt b/Documentation/crypto/asymmetric-keys.txt index b33a13c..07efce6 100644 --- a/Documentation/crypto/asymmetric-keys.txt +++ b/Documentation/crypto/asymmetric-keys.txt @@ -327,3 +327,38 @@ Functions are provided to register and unregister parsers: Parsers may not have the same name. The names are otherwise only used for displaying in debugging messages. + + +========================= +KEYRING LINK RESTRICTIONS +========================= + +Keyrings created from userspace using add_key can be configured to check the +signature of the key being linked. + +Several restriction methods are available: + + (1) Restrict using the kernel builtin trusted keyring + + - Options used when creating the keyring: + - restrict=asymmetric:builtin_trusted + + The kernel builtin trusted keyring will be searched for the signing + key. The ca_keys kernel parameter also affects which keys are used for + signature verification. + + (2) Restrict using the kernel builtin and secondary trusted keyrings + + - Options used when creating the keyring: + - restrict=asymmetric:builtin_and_secondary_trusted + + The kernel builtin and secondary trusted keyrings will be searched for the + signing key. The ca_keys kernel parameter also affects which keys are used + for signature verification. + +In all of these cases, if the signing key is found the signature of the key to +be linked will be verified using the signing key. The requested key is added +to the keyring only if the signature is successfully verified. -ENOKEY is +returned if the parent certificate could not be found, or -EKEYREJECTED is +returned if the signature check fails or the key is blacklisted. Other errors +may be returned if the signature check could not be performed. diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c index 77aa44a..8039a69 100644 --- a/crypto/asymmetric_keys/asymmetric_type.c +++ b/crypto/asymmetric_keys/asymmetric_type.c @@ -18,6 +18,7 @@ #include #include #include +#include #include "asymmetric_keys.h" MODULE_LICENSE("GPL"); @@ -491,6 +492,46 @@ static int asymmetric_key_verify_signature(struct kernel_pkey_params *params, return verify_signature(params->key, &sig); } +static struct key_restriction *asymmetric_restriction_alloc( + restrict_link_func_t check, + void (*free_data)(void *), + void *data) +{ + struct key_restriction *keyres = kzalloc(sizeof(struct key_restriction), + GFP_KERNEL); + if (!keyres) { + if (free_data) + free_data(data); + + return ERR_PTR(-ENOMEM); + } + + keyres->check = check; + keyres->free_data = free_data; + keyres->data = data; + + return keyres; +} + +/* + * look up keyring restrict functions for asymmetric keys + */ +static struct key_restriction *asymmetric_lookup_restrict(char *restriction) +{ + const char *restrict_method; + + if (strcmp("builtin_trusted", restriction) == 0) + return asymmetric_restriction_alloc( + restrict_link_by_builtin_trusted, NULL, NULL); + + if (strcmp("builtin_and_secondary_trusted", restriction) == 0) + return asymmetric_restriction_alloc( + restrict_link_by_builtin_and_secondary_trusted, + NULL, NULL); + + return ERR_PTR(-EINVAL); +} + struct key_type key_type_asymmetric = { .name = "asymmetric", .preparse = asymmetric_key_preparse, @@ -503,6 +544,7 @@ struct key_type key_type_asymmetric = { .asym_query = query_asymmetric_key, .asym_eds_op = asymmetric_key_eds_op, .asym_verify_signature = asymmetric_key_verify_signature, + .lookup_restrict = asymmetric_lookup_restrict, }; EXPORT_SYMBOL_GPL(key_type_asymmetric);