^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0-or-later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /* Verify the signature on a PKCS#7 message.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * Written by David Howells (dhowells@redhat.com)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) #define pr_fmt(fmt) "PKCS7: "fmt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) #include <linux/kernel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) #include <linux/export.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #include <linux/err.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #include <linux/asn1.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #include <crypto/hash.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) #include <crypto/hash_info.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include <crypto/public_key.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) #include "pkcs7_parser.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) * Digest the relevant parts of the PKCS#7 data
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) static int pkcs7_digest(struct pkcs7_message *pkcs7,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) struct pkcs7_signed_info *sinfo)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) struct public_key_signature *sig = sinfo->sig;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) struct crypto_shash *tfm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) struct shash_desc *desc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) size_t desc_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) kenter(",%u,%s", sinfo->index, sinfo->sig->hash_algo);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) /* The digest was calculated already. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) if (sig->digest)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) if (!sinfo->sig->hash_algo)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) return -ENOPKG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) /* Allocate the hashing algorithm we're going to need and find out how
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) * big the hash operational data will be.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) tfm = crypto_alloc_shash(sinfo->sig->hash_algo, 0, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) if (IS_ERR(tfm))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) return (PTR_ERR(tfm) == -ENOENT) ? -ENOPKG : PTR_ERR(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) sig->digest_size = crypto_shash_digestsize(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) ret = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) sig->digest = kmalloc(sig->digest_size, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) if (!sig->digest)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) goto error_no_desc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) desc = kzalloc(desc_size, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) if (!desc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) goto error_no_desc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) desc->tfm = tfm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) /* Digest the message [RFC2315 9.3] */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) ret = crypto_shash_digest(desc, pkcs7->data, pkcs7->data_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) sig->digest);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) pr_devel("MsgDigest = [%*ph]\n", 8, sig->digest);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) /* However, if there are authenticated attributes, there must be a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) * message digest attribute amongst them which corresponds to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) * digest we just calculated.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) if (sinfo->authattrs) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) u8 tag;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) if (!sinfo->msgdigest) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) pr_warn("Sig %u: No messageDigest\n", sinfo->index);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) ret = -EKEYREJECTED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) if (sinfo->msgdigest_len != sig->digest_size) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) pr_debug("Sig %u: Invalid digest size (%u)\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) sinfo->index, sinfo->msgdigest_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) ret = -EBADMSG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) if (memcmp(sig->digest, sinfo->msgdigest,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) sinfo->msgdigest_len) != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) pr_debug("Sig %u: Message digest doesn't match\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) sinfo->index);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) ret = -EKEYREJECTED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) /* We then calculate anew, using the authenticated attributes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) * as the contents of the digest instead. Note that we need to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) * convert the attributes from a CONT.0 into a SET before we
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) * hash it.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) memset(sig->digest, 0, sig->digest_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) ret = crypto_shash_init(desc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) tag = ASN1_CONS_BIT | ASN1_SET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) ret = crypto_shash_update(desc, &tag, 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) ret = crypto_shash_finup(desc, sinfo->authattrs,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) sinfo->authattrs_len, sig->digest);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) pr_devel("AADigest = [%*ph]\n", 8, sig->digest);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) error:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) kfree(desc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) error_no_desc:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) crypto_free_shash(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) kleave(" = %d", ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) int pkcs7_get_digest(struct pkcs7_message *pkcs7, const u8 **buf, u32 *len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) enum hash_algo *hash_algo)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) struct pkcs7_signed_info *sinfo = pkcs7->signed_infos;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) int i, ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) * This function doesn't support messages with more than one signature.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) if (sinfo == NULL || sinfo->next != NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) return -EBADMSG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) ret = pkcs7_digest(pkcs7, sinfo);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) *buf = sinfo->sig->digest;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) *len = sinfo->sig->digest_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) for (i = 0; i < HASH_ALGO__LAST; i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) if (!strcmp(hash_algo_name[i], sinfo->sig->hash_algo)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) *hash_algo = i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) * Find the key (X.509 certificate) to use to verify a PKCS#7 message. PKCS#7
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) * uses the issuer's name and the issuing certificate serial number for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) * matching purposes. These must match the certificate issuer's name (not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) * subject's name) and the certificate serial number [RFC 2315 6.7].
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) static int pkcs7_find_key(struct pkcs7_message *pkcs7,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) struct pkcs7_signed_info *sinfo)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) struct x509_certificate *x509;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) unsigned certix = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) kenter("%u", sinfo->index);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) for (x509 = pkcs7->certs; x509; x509 = x509->next, certix++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) /* I'm _assuming_ that the generator of the PKCS#7 message will
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) * encode the fields from the X.509 cert in the same way in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) * PKCS#7 message - but I can't be 100% sure of that. It's
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) * possible this will need element-by-element comparison.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) if (!asymmetric_key_id_same(x509->id, sinfo->sig->auth_ids[0]))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) pr_devel("Sig %u: Found cert serial match X.509[%u]\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) sinfo->index, certix);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) if (strcmp(x509->pub->pkey_algo, sinfo->sig->pkey_algo) != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) pr_warn("Sig %u: X.509 algo and PKCS#7 sig algo don't match\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) sinfo->index);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) sinfo->signer = x509;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) /* The relevant X.509 cert isn't found here, but it might be found in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) * the trust keyring.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) pr_debug("Sig %u: Issuing X.509 cert not found (#%*phN)\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) sinfo->index,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) sinfo->sig->auth_ids[0]->len, sinfo->sig->auth_ids[0]->data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) * Verify the internal certificate chain as best we can.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) static int pkcs7_verify_sig_chain(struct pkcs7_message *pkcs7,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) struct pkcs7_signed_info *sinfo)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) struct public_key_signature *sig;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) struct x509_certificate *x509 = sinfo->signer, *p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) struct asymmetric_key_id *auth;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) kenter("");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) for (p = pkcs7->certs; p; p = p->next)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) p->seen = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) for (;;) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) pr_debug("verify %s: %*phN\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) x509->subject,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) x509->raw_serial_size, x509->raw_serial);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) x509->seen = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) if (x509->blacklisted) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) /* If this cert is blacklisted, then mark everything
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) * that depends on this as blacklisted too.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) sinfo->blacklisted = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) for (p = sinfo->signer; p != x509; p = p->signer)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) p->blacklisted = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) pr_debug("- blacklisted\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) if (x509->unsupported_key)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) goto unsupported_crypto_in_x509;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) pr_debug("- issuer %s\n", x509->issuer);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) sig = x509->sig;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) if (sig->auth_ids[0])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) pr_debug("- authkeyid.id %*phN\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) sig->auth_ids[0]->len, sig->auth_ids[0]->data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) if (sig->auth_ids[1])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) pr_debug("- authkeyid.skid %*phN\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) sig->auth_ids[1]->len, sig->auth_ids[1]->data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) if (x509->self_signed) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) /* If there's no authority certificate specified, then
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) * the certificate must be self-signed and is the root
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) * of the chain. Likewise if the cert is its own
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) * authority.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) if (x509->unsupported_sig)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) goto unsupported_crypto_in_x509;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) x509->signer = x509;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) pr_debug("- self-signed\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) /* Look through the X.509 certificates in the PKCS#7 message's
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) * list to see if the next one is there.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) auth = sig->auth_ids[0];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) if (auth) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) pr_debug("- want %*phN\n", auth->len, auth->data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) for (p = pkcs7->certs; p; p = p->next) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) pr_debug("- cmp [%u] %*phN\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) p->index, p->id->len, p->id->data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) if (asymmetric_key_id_same(p->id, auth))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) goto found_issuer_check_skid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) } else if (sig->auth_ids[1]) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) auth = sig->auth_ids[1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) pr_debug("- want %*phN\n", auth->len, auth->data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) for (p = pkcs7->certs; p; p = p->next) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) if (!p->skid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) pr_debug("- cmp [%u] %*phN\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) p->index, p->skid->len, p->skid->data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) if (asymmetric_key_id_same(p->skid, auth))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) goto found_issuer;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) /* We didn't find the root of this chain */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) pr_debug("- top\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) found_issuer_check_skid:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) /* We matched issuer + serialNumber, but if there's an
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) * authKeyId.keyId, that must match the CA subjKeyId also.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) if (sig->auth_ids[1] &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) !asymmetric_key_id_same(p->skid, sig->auth_ids[1])) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) pr_warn("Sig %u: X.509 chain contains auth-skid nonmatch (%u->%u)\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) sinfo->index, x509->index, p->index);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) return -EKEYREJECTED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) found_issuer:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) pr_debug("- subject %s\n", p->subject);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) if (p->seen) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) pr_warn("Sig %u: X.509 chain contains loop\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) sinfo->index);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) ret = public_key_verify_signature(p->pub, x509->sig);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) x509->signer = p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) if (x509 == p) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) pr_debug("- self-signed\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) x509 = p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) might_sleep();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) unsupported_crypto_in_x509:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) /* Just prune the certificate chain at this point if we lack some
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) * crypto module to go further. Note, however, we don't want to set
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) * sinfo->unsupported_crypto as the signed info block may still be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) * validatable against an X.509 cert lower in the chain that we have a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) * trusted copy of.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) * Verify one signed information block from a PKCS#7 message.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) static int pkcs7_verify_one(struct pkcs7_message *pkcs7,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) struct pkcs7_signed_info *sinfo)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) kenter(",%u", sinfo->index);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) /* First of all, digest the data in the PKCS#7 message and the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) * signed information block
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) ret = pkcs7_digest(pkcs7, sinfo);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) /* Find the key for the signature if there is one */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) ret = pkcs7_find_key(pkcs7, sinfo);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) if (!sinfo->signer)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) pr_devel("Using X.509[%u] for sig %u\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) sinfo->signer->index, sinfo->index);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) /* Check that the PKCS#7 signing time is valid according to the X.509
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) * certificate. We can't, however, check against the system clock
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) * since that may not have been set yet and may be wrong.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) if (test_bit(sinfo_has_signing_time, &sinfo->aa_set)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) if (sinfo->signing_time < sinfo->signer->valid_from ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) sinfo->signing_time > sinfo->signer->valid_to) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) pr_warn("Message signed outside of X.509 validity window\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) return -EKEYREJECTED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) /* Verify the PKCS#7 binary against the key */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) ret = public_key_verify_signature(sinfo->signer->pub, sinfo->sig);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) pr_devel("Verified signature %u\n", sinfo->index);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) /* Verify the internal certificate chain */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) return pkcs7_verify_sig_chain(pkcs7, sinfo);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) * pkcs7_verify - Verify a PKCS#7 message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) * @pkcs7: The PKCS#7 message to be verified
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) * @usage: The use to which the key is being put
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) * Verify a PKCS#7 message is internally consistent - that is, the data digest
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) * matches the digest in the AuthAttrs and any signature in the message or one
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) * of the X.509 certificates it carries that matches another X.509 cert in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) * message can be verified.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) * This does not look to match the contents of the PKCS#7 message against any
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) * external public keys.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) * Returns, in order of descending priority:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) * (*) -EKEYREJECTED if a key was selected that had a usage restriction at
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) * odds with the specified usage, or:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) * (*) -EKEYREJECTED if a signature failed to match for which we found an
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) * appropriate X.509 certificate, or:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) * (*) -EBADMSG if some part of the message was invalid, or:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) * (*) 0 if a signature chain passed verification, or:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) * (*) -EKEYREJECTED if a blacklisted key was encountered, or:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) * (*) -ENOPKG if none of the signature chains are verifiable because suitable
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) * crypto modules couldn't be found.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) int pkcs7_verify(struct pkcs7_message *pkcs7,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) enum key_being_used_for usage)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407) struct pkcs7_signed_info *sinfo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) int actual_ret = -ENOPKG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409) int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) kenter("");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) switch (usage) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) case VERIFYING_MODULE_SIGNATURE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415) if (pkcs7->data_type != OID_data) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) pr_warn("Invalid module sig (not pkcs7-data)\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) return -EKEYREJECTED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) if (pkcs7->have_authattrs) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) pr_warn("Invalid module sig (has authattrs)\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421) return -EKEYREJECTED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) case VERIFYING_FIRMWARE_SIGNATURE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425) if (pkcs7->data_type != OID_data) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) pr_warn("Invalid firmware sig (not pkcs7-data)\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) return -EKEYREJECTED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) if (!pkcs7->have_authattrs) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430) pr_warn("Invalid firmware sig (missing authattrs)\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) return -EKEYREJECTED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) case VERIFYING_KEXEC_PE_SIGNATURE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) if (pkcs7->data_type != OID_msIndirectData) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) pr_warn("Invalid kexec sig (not Authenticode)\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) return -EKEYREJECTED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439) /* Authattr presence checked in parser */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) case VERIFYING_UNSPECIFIED_SIGNATURE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) if (pkcs7->data_type != OID_data) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443) pr_warn("Invalid unspecified sig (not pkcs7-data)\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444) return -EKEYREJECTED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) for (sinfo = pkcs7->signed_infos; sinfo; sinfo = sinfo->next) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452) ret = pkcs7_verify_one(pkcs7, sinfo);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) if (sinfo->blacklisted) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) if (actual_ret == -ENOPKG)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455) actual_ret = -EKEYREJECTED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458) if (ret < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459) if (ret == -ENOPKG) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460) sinfo->unsupported_crypto = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463) kleave(" = %d", ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466) actual_ret = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) kleave(" = %d", actual_ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) return actual_ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472) EXPORT_SYMBOL_GPL(pkcs7_verify);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475) * pkcs7_supply_detached_data - Supply the data needed to verify a PKCS#7 message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) * @pkcs7: The PKCS#7 message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477) * @data: The data to be verified
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478) * @datalen: The amount of data
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480) * Supply the detached data needed to verify a PKCS#7 message. Note that no
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481) * attempt to retain/pin the data is made. That is left to the caller. The
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482) * data will not be modified by pkcs7_verify() and will not be freed when the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) * PKCS#7 message is freed.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485) * Returns -EINVAL if data is already supplied in the message, 0 otherwise.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487) int pkcs7_supply_detached_data(struct pkcs7_message *pkcs7,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488) const void *data, size_t datalen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490) if (pkcs7->data) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491) pr_debug("Data already supplied\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494) pkcs7->data = data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495) pkcs7->data_len = datalen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497) }
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags