[PATCH 3/4] KEYS: validate key trust only with selected owner key

From: Dmitry Kasatkin
Date: Tue Jun 10 2014 - 04:50:33 EST

Next message: Peter Zijlstra: "Re: [PATCH 1/1] perf/amd: NULL return of kzalloc_node should be handled"
Previous message: Dmitry Kasatkin: "[PATCH 2/4] KEYS: fix couple of things"
In reply to: Dmitry Kasatkin: "[PATCH 2/4] KEYS: fix couple of things"
Next in thread: Vivek Goyal: "Re: [PATCH 3/4] KEYS: validate key trust only with selected owner key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This patch provides kernel parameter to specify owner's key id which
must be used for trust validate of keys. Keys signed with other keys
are not trusted.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@xxxxxxxxxxx>
---
crypto/asymmetric_keys/x509_public_key.c | 27 ++++++++--
include/keys/owner_keyring.h | 27 ----------
init/Kconfig | 10 ----
kernel/Makefile | 1 -
kernel/owner_keyring.c | 85 --------------------------------
5 files changed, 24 insertions(+), 126 deletions(-)
delete mode 100644 include/keys/owner_keyring.h
delete mode 100644 kernel/owner_keyring.c

diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index 962f9b9..d46b790 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -19,12 +19,24 @@
#include <keys/asymmetric-subtype.h>
#include <keys/asymmetric-parser.h>
#include <keys/system_keyring.h>
-#include <keys/owner_keyring.h>
#include <crypto/hash.h>
#include "asymmetric_keys.h"
#include "public_key.h"
#include "x509_parser.h"

+static char *owner_keyid;
+static int __init default_owner_keyid_set(char *str)
+{
+ if (!str) /* default system keyring */
+ return 1;
+
+ if (strncmp(str, "id:", 3) == 0)
+ owner_keyid = str; /* owner local key 'id:xxxxxx' */
+
+ return 1;
+}
+__setup("keys_ownerid=", default_owner_keyid_set);
+
/*
* Find a key in the given keyring by issuer and authority.
*/
@@ -170,6 +182,16 @@ static int x509_validate_trust(struct x509_certificate *cert,
if (!trust_keyring)
return -EOPNOTSUPP;

+ if (owner_keyid) {
+ /* validate trust only with the owner_keyid if specified */
+ /* partial match of keyid according to the asymmetric_type.c */
+ int idlen = strlen(owner_keyid) - 3; /* - id: */
+ int authlen = strlen(cert->authority);
+ char *auth = cert->authority + authlen - idlen;
+ if (idlen > authlen || strcasecmp(owner_keyid + 3, auth))
+ return -EPERM;
+ }
+
key = x509_request_asymmetric_key(trust_keyring,
cert->issuer, strlen(cert->issuer),
cert->authority,
@@ -239,8 +261,7 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
if (ret < 0)
goto error_free_cert;
} else if (!prep->trusted) {
- ret = x509_validate_trust(cert,
- get_system_or_owner_trusted_keyring());
+ ret = x509_validate_trust(cert, get_system_trusted_keyring());
if (!ret)
prep->trusted = 1;
}
diff --git a/include/keys/owner_keyring.h b/include/keys/owner_keyring.h
deleted file mode 100644
index 78dd09d..0000000
--- a/include/keys/owner_keyring.h
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * Copyright (C) 2014 IBM Corporation
- * Author: Mimi Zohar <zohar@xxxxxxxxxx>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, version 2 of the License.
- */
-
-#ifndef _KEYS_OWNER_KEYRING_H
-#define _KEYS_OWNER_KEYRING_H
-
-#ifdef CONFIG_OWNER_TRUSTED_KEYRING
-
-#include <linux/key.h>
-
-extern struct key *owner_trusted_keyring;
-extern struct key *get_system_or_owner_trusted_keyring(void);
-
-#else
-static inline struct key *get_system_or_owner_trusted_keyring(void)
-{
- return get_system_trusted_keyring();
-}
-
-#endif
-#endif /* _KEYS_OWNER_KEYRING_H */
diff --git a/init/Kconfig b/init/Kconfig
index 7876787..009a797 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1661,16 +1661,6 @@ config SYSTEM_TRUSTED_KEYRING

Keys in this keyring are used by module signature checking.

-config OWNER_TRUSTED_KEYRING
- bool "Verify certificate signatures using a specific system key"
- depends on SYSTEM_TRUSTED_KEYRING
- help
- Verify a certificate's signature, before adding the key to
- a trusted keyring, using a specific key on the system trusted
- keyring. The specific key on the system trusted keyring is
- identified using the kernel boot command line option
- "keys_ownerid" and is added to the owner_trusted_keyring.
-
menuconfig MODULES
bool "Enable loadable module support"
option modules
diff --git a/kernel/Makefile b/kernel/Makefile
index 7b44efd..bc010ee 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -44,7 +44,6 @@ obj-$(CONFIG_UID16) += uid16.o
obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
obj-$(CONFIG_MODULES) += module.o
obj-$(CONFIG_MODULE_SIG) += module_signing.o
-obj-$(CONFIG_OWNER_TRUSTED_KEYRING) += owner_keyring.o
obj-$(CONFIG_KALLSYMS) += kallsyms.o
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
obj-$(CONFIG_KEXEC) += kexec.o
diff --git a/kernel/owner_keyring.c b/kernel/owner_keyring.c
deleted file mode 100644
index a31b865..0000000
--- a/kernel/owner_keyring.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright (C) 2014 IBM Corporation
- * Author: Mimi Zohar <zohar@xxxxxxxxxx>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, version 2 of the License.
- */
-
-#include <linux/export.h>
-#include <linux/kernel.h>
-#include <linux/sched.h>
-#include <linux/cred.h>
-#include <linux/err.h>
-#include <keys/asymmetric-type.h>
-#include <keys/system_keyring.h>
-#include "module-internal.h"
-
-struct key *owner_trusted_keyring;
-static int use_owner_trusted_keyring;
-
-static char *owner_keyid;
-static int __init default_owner_keyid_set(char *str)
-{
- if (!str) /* default system keyring */
- return 1;
-
- if (strncmp(str, "id:", 3) == 0)
- owner_keyid = str; /* owner local key 'id:xxxxxx' */
-
- return 1;
-}
-
-__setup("keys_ownerid=", default_owner_keyid_set);
-
-struct key *get_system_or_owner_trusted_keyring(void)
-{
- return use_owner_trusted_keyring ? owner_trusted_keyring :
- get_system_trusted_keyring();
-}
-
-static __init int owner_trusted_keyring_init(void)
-{
- pr_notice("Initialize the owner trusted keyring\n");
-
- owner_trusted_keyring =
- keyring_alloc(".owner_keyring",
- KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
- ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
- KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH),
- KEY_ALLOC_NOT_IN_QUOTA, NULL);
- if (IS_ERR(owner_trusted_keyring))
- panic("Can't allocate owner trusted keyring\n");
-
- set_bit(KEY_FLAG_TRUSTED_ONLY, &owner_trusted_keyring->flags);
- return 0;
-}
-
-device_initcall(owner_trusted_keyring_init);
-
-void load_owner_identified_key(void)
-{
- key_ref_t key_ref;
- int ret;
-
- if (!owner_keyid)
- return;
-
- key_ref = keyring_search(make_key_ref(system_trusted_keyring, 1),
- &key_type_asymmetric, owner_keyid);
- if (IS_ERR(key_ref)) {
- pr_warn("Request for unknown %s key\n", owner_keyid);
- goto out;
- }
- ret = key_link(owner_trusted_keyring, key_ref_to_ptr(key_ref));
- pr_info("Loaded owner key %s %s\n", owner_keyid,
- ret < 0 ? "failed" : "succeeded");
- key_ref_put(key_ref);
- if (!ret)
- use_owner_trusted_keyring = 1;
-out:
- return;
-}
-
-late_initcall(load_owner_identified_key);
--
1.9.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Peter Zijlstra: "Re: [PATCH 1/1] perf/amd: NULL return of kzalloc_node should be handled"
Previous message: Dmitry Kasatkin: "[PATCH 2/4] KEYS: fix couple of things"
In reply to: Dmitry Kasatkin: "[PATCH 2/4] KEYS: fix couple of things"
Next in thread: Vivek Goyal: "Re: [PATCH 3/4] KEYS: validate key trust only with selected owner key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]