KEYS: validate certificate trust only with builtin keys
Instead of allowing public keys, with certificates signed by any key on the system trusted keyring, to be added to a trusted keyring, this patch further restricts the certificates to those signed only by builtin keys on the system keyring. This patch defines a new option 'builtin' for the kernel parameter 'keys_ownerid' to allow trust validation using builtin keys. Simplified Mimi's "KEYS: define an owner trusted keyring" patch Changelog v7: - rename builtin_keys to use_builtin_keys Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
parent
ffb70f61ba
commit
32c4741cb6
4 changed files with 9 additions and 4 deletions
|
@ -569,7 +569,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
|
|||
ca_keys= [KEYS] This parameter identifies a specific key(s) on
|
||||
the system trusted keyring to be used for certificate
|
||||
trust validation.
|
||||
format: id:<keyid>
|
||||
format: { id:<keyid> | builtin }
|
||||
|
||||
ccw_timeout_log [S390]
|
||||
See Documentation/s390/CommonIO for details.
|
||||
|
|
|
@ -24,6 +24,7 @@
|
|||
#include "public_key.h"
|
||||
#include "x509_parser.h"
|
||||
|
||||
static bool use_builtin_keys;
|
||||
static char *ca_keyid;
|
||||
|
||||
#ifndef MODULE
|
||||
|
@ -34,6 +35,8 @@ static int __init ca_keys_setup(char *str)
|
|||
|
||||
if (strncmp(str, "id:", 3) == 0)
|
||||
ca_keyid = str; /* owner key 'id:xxxxxx' */
|
||||
else if (strcmp(str, "builtin") == 0)
|
||||
use_builtin_keys = true;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
@ -180,7 +183,6 @@ EXPORT_SYMBOL_GPL(x509_check_signature);
|
|||
static int x509_validate_trust(struct x509_certificate *cert,
|
||||
struct key *trust_keyring)
|
||||
{
|
||||
const struct public_key *pk;
|
||||
struct key *key;
|
||||
int ret = 1;
|
||||
|
||||
|
@ -195,8 +197,9 @@ static int x509_validate_trust(struct x509_certificate *cert,
|
|||
cert->authority,
|
||||
strlen(cert->authority));
|
||||
if (!IS_ERR(key)) {
|
||||
pk = key->payload.data;
|
||||
ret = x509_check_signature(pk, cert);
|
||||
if (!use_builtin_keys
|
||||
|| test_bit(KEY_FLAG_BUILTIN, &key->flags))
|
||||
ret = x509_check_signature(key->payload.data, cert);
|
||||
key_put(key);
|
||||
}
|
||||
return ret;
|
||||
|
|
|
@ -170,6 +170,7 @@ struct key {
|
|||
#define KEY_FLAG_INVALIDATED 7 /* set if key has been invalidated */
|
||||
#define KEY_FLAG_TRUSTED 8 /* set if key is trusted */
|
||||
#define KEY_FLAG_TRUSTED_ONLY 9 /* set if keyring only accepts links to trusted keys */
|
||||
#define KEY_FLAG_BUILTIN 10 /* set if key is builtin */
|
||||
|
||||
/* the key type and key description string
|
||||
* - the desc is used to match a key against search criteria
|
||||
|
|
|
@ -89,6 +89,7 @@ static __init int load_system_certificate_list(void)
|
|||
pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
|
||||
PTR_ERR(key));
|
||||
} else {
|
||||
set_bit(KEY_FLAG_BUILTIN, &key_ref_to_ptr(key)->flags);
|
||||
pr_notice("Loaded X.509 cert '%s'\n",
|
||||
key_ref_to_ptr(key)->description);
|
||||
key_ref_put(key);
|
||||
|
|
Loading…
Reference in a new issue