tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

PKCS#7: Appropriately restrict authenticated attributes and content type

A PKCS#7 or CMS message can have per-signature authenticated attributes
that are digested as a lump and signed by the authorising key for that
signature. If such attributes exist, the content digest isn't itself
signed, but rather it is included in a special authattr which then
contributes to the signature.

Further, we already require the master message content type to be
pkcs7_signedData - but there's also a separate content type for the data
itself within the SignedData object and this must be repeated inside the
authattrs for each signer [RFC2315 9.2, RFC5652 11.1].

We should really validate the authattrs if they exist or forbid them
entirely as appropriate. To this end:

(1) Alter the PKCS#7 parser to reject any message that has more than one
signature where at least one signature has authattrs and at least one
that does not.

(2) Validate authattrs if they are present and strongly restrict them.
Only the following authattrs are permitted and all others are
rejected:

(a) contentType. This is checked to be an OID that matches the
content type in the SignedData object.

(b) messageDigest. This must match the crypto digest of the data.

(c) signingTime. If present, we check that this is a valid, parseable
UTCTime or GeneralTime and that the date it encodes fits within
the validity window of the matching X.509 cert.

(d) S/MIME capabilities. We don't check the contents.

(e) Authenticode SP Opus Info. We don't check the contents.

(f) Authenticode Statement Type. We don't check the contents.

The message is rejected if (a) or (b) are missing. If the message is
an Authenticode type, the message is rejected if (e) is missing; if
not Authenticode, the message is rejected if (d) - (f) are present.

The S/MIME capabilities authattr (d) unfortunately has to be allowed
to support kernels already signed by the pesign program. This only
affects kexec. sign-file suppresses them (CMS_NOSMIMECAP).

The message is also rejected if an authattr is given more than once or
if it contains more than one element in its set of values.

(3) Add a parameter to pkcs7_verify() to select one of the following
restrictions and pass in the appropriate option from the callers:

(*) VERIFYING_MODULE_SIGNATURE

This requires that the SignedData content type be pkcs7-data and
forbids authattrs. sign-file sets CMS_NOATTR. We could be more
flexible and permit authattrs optionally, but only permit minimal
content.

(*) VERIFYING_FIRMWARE_SIGNATURE

This requires that the SignedData content type be pkcs7-data and
requires authattrs. In future, this will require an attribute
holding the target firmware name in addition to the minimal set.

(*) VERIFYING_UNSPECIFIED_SIGNATURE

This requires that the SignedData content type be pkcs7-data but
allows either no authattrs or only permits the minimal set.

(*) VERIFYING_KEXEC_PE_SIGNATURE

This only supports the Authenticode SPC_INDIRECT_DATA content type
and requires at least an SpcSpOpusInfo authattr in addition to the
minimal set. It also permits an SPC_STATEMENT_TYPE authattr (and
an S/MIME capabilities authattr because the pesign program doesn't
remove these).

(*) VERIFYING_KEY_SIGNATURE
(*) VERIFYING_KEY_SELF_SIGNATURE

These are invalid in this context but are included for later use
when limiting the use of X.509 certs.

(4) The pkcs7_test key type is given a module parameter to select between
the above options for testing purposes. For example:

echo 1 >/sys/module/pkcs7_test_key/parameters/usage
keyctl padd pkcs7_test foo @s </tmp/stuff.pkcs7

will attempt to check the signature on stuff.pkcs7 as if it contains a
firmware blob (1 being VERIFYING_FIRMWARE_SIGNATURE).

Suggested-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Marcel Holtmann <marcel@holtmann.org>
Reviewed-by: David Woodhouse <David.Woodhouse@intel.com>

David Howells 99db4435 f29299b4

+285 -27
+3 -1
arch/x86/kernel/kexec-bzimage64.c
··· 536 536 int ret; 537 537 538 538 ret = verify_pefile_signature(kernel, kernel_len, 539 - system_trusted_keyring, &trusted); 539 + system_trusted_keyring, 540 + VERIFYING_KEXEC_PE_SIGNATURE, 541 + &trusted); 540 542 if (ret < 0) 541 543 return ret; 542 544 if (!trusted)
+11
crypto/asymmetric_keys/asymmetric_type.c
··· 12 12 */ 13 13 #include <keys/asymmetric-subtype.h> 14 14 #include <keys/asymmetric-parser.h> 15 + #include <crypto/public_key.h> 15 16 #include <linux/seq_file.h> 16 17 #include <linux/module.h> 17 18 #include <linux/slab.h> ··· 20 19 #include "asymmetric_keys.h" 21 20 22 21 MODULE_LICENSE("GPL"); 22 + 23 + const char *const key_being_used_for[NR__KEY_BEING_USED_FOR] = { 24 + [VERIFYING_MODULE_SIGNATURE] = "mod sig", 25 + [VERIFYING_FIRMWARE_SIGNATURE] = "firmware sig", 26 + [VERIFYING_KEXEC_PE_SIGNATURE] = "kexec PE sig", 27 + [VERIFYING_KEY_SIGNATURE] = "key sig", 28 + [VERIFYING_KEY_SELF_SIGNATURE] = "key self sig", 29 + [VERIFYING_UNSPECIFIED_SIGNATURE] = "unspec sig", 30 + }; 31 + EXPORT_SYMBOL_GPL(key_being_used_for); 23 32 24 33 static LIST_HEAD(asymmetric_key_parsers); 25 34 static DECLARE_RWSEM(asymmetric_key_parsers_sem);
+3 -3
crypto/asymmetric_keys/pkcs7.asn1
··· 8 8 SignedData ::= SEQUENCE { 9 9 version INTEGER ({ pkcs7_note_signeddata_version }), 10 10 digestAlgorithms DigestAlgorithmIdentifiers, 11 - contentInfo ContentInfo, 11 + contentInfo ContentInfo ({ pkcs7_note_content }), 12 12 certificates CHOICE { 13 13 certSet [0] IMPLICIT ExtendedCertificatesAndCertificates, 14 14 certSequence [2] IMPLICIT Certificates ··· 21 21 } 22 22 23 23 ContentInfo ::= SEQUENCE { 24 - contentType ContentType, 24 + contentType ContentType ({ pkcs7_note_OID }), 25 25 content [0] EXPLICIT Data OPTIONAL 26 26 } 27 27 ··· 111 111 } 112 112 113 113 UnauthenticatedAttribute ::= SEQUENCE { 114 - type OBJECT IDENTIFIER ({ pkcs7_note_OID }), 114 + type OBJECT IDENTIFIER, 115 115 values SET OF ANY 116 116 } 117 117
+13 -1
crypto/asymmetric_keys/pkcs7_key_type.c
··· 14 14 #include <linux/err.h> 15 15 #include <linux/module.h> 16 16 #include <linux/key-type.h> 17 + #include <keys/asymmetric-type.h> 17 18 #include <crypto/pkcs7.h> 18 19 #include <keys/user-type.h> 19 20 #include <keys/system_keyring.h> 20 21 #include "pkcs7_parser.h" 22 + 23 + static unsigned pkcs7_usage; 24 + module_param_named(usage, pkcs7_usage, uint, S_IWUSR | S_IRUGO); 25 + MODULE_PARM_DESC(pkcs7_usage, 26 + "Usage to specify when verifying the PKCS#7 message"); 21 27 22 28 /* 23 29 * Preparse a PKCS#7 wrapped and validated data blob. 24 30 */ 25 31 static int pkcs7_preparse(struct key_preparsed_payload *prep) 26 32 { 33 + enum key_being_used_for usage = pkcs7_usage; 27 34 struct pkcs7_message *pkcs7; 28 35 const void *data, *saved_prep_data; 29 36 size_t datalen, saved_prep_datalen; ··· 38 31 int ret; 39 32 40 33 kenter(""); 34 + 35 + if (usage >= NR__KEY_BEING_USED_FOR) { 36 + pr_err("Invalid usage type %d\n", usage); 37 + return -EINVAL; 38 + } 41 39 42 40 saved_prep_data = prep->data; 43 41 saved_prep_datalen = prep->datalen; ··· 52 40 goto error; 53 41 } 54 42 55 - ret = pkcs7_verify(pkcs7); 43 + ret = pkcs7_verify(pkcs7, usage); 56 44 if (ret < 0) 57 45 goto error_free; 58 46
+132 -6
crypto/asymmetric_keys/pkcs7_parser.c
··· 81 81 } 82 82 EXPORT_SYMBOL_GPL(pkcs7_free_message); 83 83 84 + /* 85 + * Check authenticatedAttributes are provided or not provided consistently. 86 + */ 87 + static int pkcs7_check_authattrs(struct pkcs7_message *msg) 88 + { 89 + struct pkcs7_signed_info *sinfo; 90 + bool want; 91 + 92 + sinfo = msg->signed_infos; 93 + if (sinfo->authattrs) { 94 + want = true; 95 + msg->have_authattrs = true; 96 + } 97 + 98 + for (sinfo = sinfo->next; sinfo; sinfo = sinfo->next) 99 + if (!!sinfo->authattrs != want) 100 + goto inconsistent; 101 + return 0; 102 + 103 + inconsistent: 104 + pr_warn("Inconsistently supplied authAttrs\n"); 105 + return -EINVAL; 106 + } 107 + 84 108 /** 85 109 * pkcs7_parse_message - Parse a PKCS#7 message 86 110 * @data: The raw binary ASN.1 encoded message to be parsed ··· 136 112 msg = ERR_PTR(ret); 137 113 goto out; 138 114 } 115 + 116 + ret = pkcs7_check_authattrs(ctx->msg); 117 + if (ret < 0) 118 + goto out; 139 119 140 120 msg = ctx->msg; 141 121 ctx->msg = NULL; ··· 409 381 } 410 382 411 383 /* 384 + * Note the content type. 385 + */ 386 + int pkcs7_note_content(void *context, size_t hdrlen, 387 + unsigned char tag, 388 + const void *value, size_t vlen) 389 + { 390 + struct pkcs7_parse_context *ctx = context; 391 + 392 + if (ctx->last_oid != OID_data && 393 + ctx->last_oid != OID_msIndirectData) { 394 + pr_warn("Unsupported data type %d\n", ctx->last_oid); 395 + return -EINVAL; 396 + } 397 + 398 + ctx->msg->data_type = ctx->last_oid; 399 + return 0; 400 + } 401 + 402 + /* 412 403 * Extract the data from the message and store that and its content type OID in 413 404 * the context. 414 405 */ ··· 442 395 ctx->msg->data = value; 443 396 ctx->msg->data_len = vlen; 444 397 ctx->msg->data_hdrlen = hdrlen; 445 - ctx->msg->data_type = ctx->last_oid; 446 398 return 0; 447 399 } 448 400 449 401 /* 450 - * Parse authenticated attributes 402 + * Parse authenticated attributes. 451 403 */ 452 404 int pkcs7_sig_note_authenticated_attr(void *context, size_t hdrlen, 453 405 unsigned char tag, 454 406 const void *value, size_t vlen) 455 407 { 456 408 struct pkcs7_parse_context *ctx = context; 409 + struct pkcs7_signed_info *sinfo = ctx->sinfo; 410 + enum OID content_type; 457 411 458 412 pr_devel("AuthAttr: %02x %zu [%*ph]\n", tag, vlen, (unsigned)vlen, value); 459 413 460 414 switch (ctx->last_oid) { 415 + case OID_contentType: 416 + if (__test_and_set_bit(sinfo_has_content_type, &sinfo->aa_set)) 417 + goto repeated; 418 + content_type = look_up_OID(value, vlen); 419 + if (content_type != ctx->msg->data_type) { 420 + pr_warn("Mismatch between global data type (%d) and sinfo %u (%d)\n", 421 + ctx->msg->data_type, sinfo->index, 422 + content_type); 423 + return -EBADMSG; 424 + } 425 + return 0; 426 + 427 + case OID_signingTime: 428 + if (__test_and_set_bit(sinfo_has_signing_time, &sinfo->aa_set)) 429 + goto repeated; 430 + /* Should we check that the signing time is consistent 431 + * with the signer's X.509 cert? 432 + */ 433 + return x509_decode_time(&sinfo->signing_time, 434 + hdrlen, tag, value, vlen); 435 + 461 436 case OID_messageDigest: 437 + if (__test_and_set_bit(sinfo_has_message_digest, &sinfo->aa_set)) 438 + goto repeated; 462 439 if (tag != ASN1_OTS) 463 440 return -EBADMSG; 464 - ctx->sinfo->msgdigest = value; 465 - ctx->sinfo->msgdigest_len = vlen; 441 + sinfo->msgdigest = value; 442 + sinfo->msgdigest_len = vlen; 443 + return 0; 444 + 445 + case OID_smimeCapabilites: 446 + if (__test_and_set_bit(sinfo_has_smime_caps, &sinfo->aa_set)) 447 + goto repeated; 448 + if (ctx->msg->data_type != OID_msIndirectData) { 449 + pr_warn("S/MIME Caps only allowed with Authenticode\n"); 450 + return -EKEYREJECTED; 451 + } 452 + return 0; 453 + 454 + /* Microsoft SpOpusInfo seems to be contain cont[0] 16-bit BE 455 + * char URLs and cont[1] 8-bit char URLs. 456 + * 457 + * Microsoft StatementType seems to contain a list of OIDs that 458 + * are also used as extendedKeyUsage types in X.509 certs. 459 + */ 460 + case OID_msSpOpusInfo: 461 + if (__test_and_set_bit(sinfo_has_ms_opus_info, &sinfo->aa_set)) 462 + goto repeated; 463 + goto authenticode_check; 464 + case OID_msStatementType: 465 + if (__test_and_set_bit(sinfo_has_ms_statement_type, &sinfo->aa_set)) 466 + goto repeated; 467 + authenticode_check: 468 + if (ctx->msg->data_type != OID_msIndirectData) { 469 + pr_warn("Authenticode AuthAttrs only allowed with Authenticode\n"); 470 + return -EKEYREJECTED; 471 + } 472 + /* I'm not sure how to validate these */ 466 473 return 0; 467 474 default: 468 475 return 0; 469 476 } 477 + 478 + repeated: 479 + /* We permit max one item per AuthenticatedAttribute and no repeats */ 480 + pr_warn("Repeated/multivalue AuthAttrs not permitted\n"); 481 + return -EKEYREJECTED; 470 482 } 471 483 472 484 /* ··· 536 430 const void *value, size_t vlen) 537 431 { 538 432 struct pkcs7_parse_context *ctx = context; 433 + struct pkcs7_signed_info *sinfo = ctx->sinfo; 434 + 435 + if (!test_bit(sinfo_has_content_type, &sinfo->aa_set) || 436 + !test_bit(sinfo_has_message_digest, &sinfo->aa_set) || 437 + (ctx->msg->data_type == OID_msIndirectData && 438 + !test_bit(sinfo_has_ms_opus_info, &sinfo->aa_set))) { 439 + pr_warn("Missing required AuthAttr\n"); 440 + return -EBADMSG; 441 + } 442 + 443 + if (ctx->msg->data_type != OID_msIndirectData && 444 + test_bit(sinfo_has_ms_opus_info, &sinfo->aa_set)) { 445 + pr_warn("Unexpected Authenticode AuthAttr\n"); 446 + return -EBADMSG; 447 + } 539 448 540 449 /* We need to switch the 'CONT 0' to a 'SET OF' when we digest */ 541 - ctx->sinfo->authattrs = value - (hdrlen - 1); 542 - ctx->sinfo->authattrs_len = vlen + (hdrlen - 1); 450 + sinfo->authattrs = value - (hdrlen - 1); 451 + sinfo->authattrs_len = vlen + (hdrlen - 1); 543 452 return 0; 544 453 } 545 454 ··· 631 510 struct pkcs7_parse_context *ctx = context; 632 511 struct pkcs7_signed_info *sinfo = ctx->sinfo; 633 512 struct asymmetric_key_id *kid; 513 + 514 + if (ctx->msg->data_type == OID_msIndirectData && !sinfo->authattrs) { 515 + pr_warn("Authenticode requires AuthAttrs\n"); 516 + return -EBADMSG; 517 + } 634 518 635 519 /* Generate cert issuer + serial number key ID */ 636 520 if (!ctx->expect_skid) {
+12 -3
crypto/asymmetric_keys/pkcs7_parser.h
··· 21 21 struct pkcs7_signed_info { 22 22 struct pkcs7_signed_info *next; 23 23 struct x509_certificate *signer; /* Signing certificate (in msg->certs) */ 24 - unsigned index; 25 - bool trusted; 26 - bool unsupported_crypto; /* T if not usable due to missing crypto */ 24 + unsigned index; 25 + bool trusted; 26 + bool unsupported_crypto; /* T if not usable due to missing crypto */ 27 27 28 28 /* Message digest - the digest of the Content Data (or NULL) */ 29 29 const void *msgdigest; ··· 32 32 /* Authenticated Attribute data (or NULL) */ 33 33 unsigned authattrs_len; 34 34 const void *authattrs; 35 + unsigned long aa_set; 36 + #define sinfo_has_content_type 0 37 + #define sinfo_has_signing_time 1 38 + #define sinfo_has_message_digest 2 39 + #define sinfo_has_smime_caps 3 40 + #define sinfo_has_ms_opus_info 4 41 + #define sinfo_has_ms_statement_type 5 42 + time64_t signing_time; 35 43 36 44 /* Issuing cert serial number and issuer's name [PKCS#7 or CMS ver 1] 37 45 * or issuing cert's SKID [CMS ver 3]. ··· 61 53 struct x509_certificate *crl; /* Revocation list */ 62 54 struct pkcs7_signed_info *signed_infos; 63 55 u8 version; /* Version of cert (1 -> PKCS#7 or CMS; 3 -> CMS) */ 56 + bool have_authattrs; /* T if have authattrs */ 64 57 65 58 /* Content Data (or NULL) */ 66 59 enum OID data_type; /* Type of Data */
+63 -2
crypto/asymmetric_keys/pkcs7_verify.c
··· 70 70 * message digest attribute amongst them which corresponds to the 71 71 * digest we just calculated. 72 72 */ 73 - if (sinfo->msgdigest) { 73 + if (sinfo->authattrs) { 74 74 u8 tag; 75 + 76 + if (!sinfo->msgdigest) { 77 + pr_warn("Sig %u: No messageDigest\n", sinfo->index); 78 + ret = -EKEYREJECTED; 79 + goto error; 80 + } 75 81 76 82 if (sinfo->msgdigest_len != sinfo->sig.digest_size) { 77 83 pr_debug("Sig %u: Invalid digest size (%u)\n", ··· 320 314 pr_devel("Using X.509[%u] for sig %u\n", 321 315 sinfo->signer->index, sinfo->index); 322 316 317 + /* Check that the PKCS#7 signing time is valid according to the X.509 318 + * certificate. We can't, however, check against the system clock 319 + * since that may not have been set yet and may be wrong. 320 + */ 321 + if (test_bit(sinfo_has_signing_time, &sinfo->aa_set)) { 322 + if (sinfo->signing_time < sinfo->signer->valid_from || 323 + sinfo->signing_time > sinfo->signer->valid_to) { 324 + pr_warn("Message signed outside of X.509 validity window\n"); 325 + return -EKEYREJECTED; 326 + } 327 + } 328 + 323 329 /* Verify the PKCS#7 binary against the key */ 324 330 ret = public_key_verify_signature(sinfo->signer->pub, &sinfo->sig); 325 331 if (ret < 0) ··· 346 328 /** 347 329 * pkcs7_verify - Verify a PKCS#7 message 348 330 * @pkcs7: The PKCS#7 message to be verified 331 + * @usage: The use to which the key is being put 349 332 * 350 333 * Verify a PKCS#7 message is internally consistent - that is, the data digest 351 334 * matches the digest in the AuthAttrs and any signature in the message or one ··· 357 338 * external public keys. 358 339 * 359 340 * Returns, in order of descending priority: 341 + * 342 + * (*) -EKEYREJECTED if a key was selected that had a usage restriction at 343 + * odds with the specified usage, or: 360 344 * 361 345 * (*) -EKEYREJECTED if a signature failed to match for which we found an 362 346 * appropriate X.509 certificate, or: ··· 372 350 * (*) 0 if all the signature chains that don't incur -ENOPKG can be verified 373 351 * (note that a signature chain may be of zero length), or: 374 352 */ 375 - int pkcs7_verify(struct pkcs7_message *pkcs7) 353 + int pkcs7_verify(struct pkcs7_message *pkcs7, 354 + enum key_being_used_for usage) 376 355 { 377 356 struct pkcs7_signed_info *sinfo; 378 357 struct x509_certificate *x509; ··· 381 358 int ret, n; 382 359 383 360 kenter(""); 361 + 362 + switch (usage) { 363 + case VERIFYING_MODULE_SIGNATURE: 364 + if (pkcs7->data_type != OID_data) { 365 + pr_warn("Invalid module sig (not pkcs7-data)\n"); 366 + return -EKEYREJECTED; 367 + } 368 + if (pkcs7->have_authattrs) { 369 + pr_warn("Invalid module sig (has authattrs)\n"); 370 + return -EKEYREJECTED; 371 + } 372 + break; 373 + case VERIFYING_FIRMWARE_SIGNATURE: 374 + if (pkcs7->data_type != OID_data) { 375 + pr_warn("Invalid firmware sig (not pkcs7-data)\n"); 376 + return -EKEYREJECTED; 377 + } 378 + if (!pkcs7->have_authattrs) { 379 + pr_warn("Invalid firmware sig (missing authattrs)\n"); 380 + return -EKEYREJECTED; 381 + } 382 + break; 383 + case VERIFYING_KEXEC_PE_SIGNATURE: 384 + if (pkcs7->data_type != OID_msIndirectData) { 385 + pr_warn("Invalid kexec sig (not Authenticode)\n"); 386 + return -EKEYREJECTED; 387 + } 388 + /* Authattr presence checked in parser */ 389 + break; 390 + case VERIFYING_UNSPECIFIED_SIGNATURE: 391 + if (pkcs7->data_type != OID_data) { 392 + pr_warn("Invalid unspecified sig (not pkcs7-data)\n"); 393 + return -EKEYREJECTED; 394 + } 395 + break; 396 + default: 397 + return -EINVAL; 398 + } 384 399 385 400 for (n = 0, x509 = pkcs7->certs; x509; x509 = x509->next, n++) { 386 401 ret = x509_get_sig_params(x509);
+5 -2
crypto/asymmetric_keys/verify_pefile.c
··· 393 393 * @pebuf: Buffer containing the PE binary image 394 394 * @pelen: Length of the binary image 395 395 * @trust_keyring: Signing certificates to use as starting points 396 + * @usage: The use to which the key is being put. 396 397 * @_trusted: Set to true if trustworth, false otherwise 397 398 * 398 399 * Validate that the certificate chain inside the PKCS#7 message inside the PE ··· 418 417 * May also return -ENOMEM. 419 418 */ 420 419 int verify_pefile_signature(const void *pebuf, unsigned pelen, 421 - struct key *trusted_keyring, bool *_trusted) 420 + struct key *trusted_keyring, 421 + enum key_being_used_for usage, 422 + bool *_trusted) 422 423 { 423 424 struct pkcs7_message *pkcs7; 424 425 struct pefile_context ctx; ··· 465 462 if (ret < 0) 466 463 goto error; 467 464 468 - ret = pkcs7_verify(pkcs7); 465 + ret = pkcs7_verify(pkcs7, usage); 469 466 if (ret < 0) 470 467 goto error; 471 468
+9 -1
include/crypto/pkcs7.h
··· 9 9 * 2 of the Licence, or (at your option) any later version. 10 10 */ 11 11 12 + #ifndef _CRYPTO_PKCS7_H 13 + #define _CRYPTO_PKCS7_H 14 + 15 + #include <crypto/public_key.h> 16 + 12 17 struct key; 13 18 struct pkcs7_message; 14 19 ··· 38 33 /* 39 34 * pkcs7_verify.c 40 35 */ 41 - extern int pkcs7_verify(struct pkcs7_message *pkcs7); 36 + extern int pkcs7_verify(struct pkcs7_message *pkcs7, 37 + enum key_being_used_for usage); 42 38 43 39 extern int pkcs7_supply_detached_data(struct pkcs7_message *pkcs7, 44 40 const void *data, size_t datalen); 41 + 42 + #endif /* _CRYPTO_PKCS7_H */
+14
include/crypto/public_key.h
··· 40 40 extern const char *const pkey_id_type_name[PKEY_ID_TYPE__LAST]; 41 41 42 42 /* 43 + * The use to which an asymmetric key is being put. 44 + */ 45 + enum key_being_used_for { 46 + VERIFYING_MODULE_SIGNATURE, 47 + VERIFYING_FIRMWARE_SIGNATURE, 48 + VERIFYING_KEXEC_PE_SIGNATURE, 49 + VERIFYING_KEY_SIGNATURE, 50 + VERIFYING_KEY_SELF_SIGNATURE, 51 + VERIFYING_UNSPECIFIED_SIGNATURE, 52 + NR__KEY_BEING_USED_FOR 53 + }; 54 + extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR]; 55 + 56 + /* 43 57 * Cryptographic data for the public-key subtype of the asymmetric key type. 44 58 * 45 59 * Note that this may include private part of the key as well as the public
+3 -1
include/keys/system_keyring.h
··· 15 15 #ifdef CONFIG_SYSTEM_TRUSTED_KEYRING 16 16 17 17 #include <linux/key.h> 18 + #include <crypto/public_key.h> 18 19 19 20 extern struct key *system_trusted_keyring; 20 21 static inline struct key *get_system_trusted_keyring(void) ··· 31 30 32 31 #ifdef CONFIG_SYSTEM_DATA_VERIFICATION 33 32 extern int system_verify_data(const void *data, unsigned long len, 34 - const void *raw_pkcs7, size_t pkcs7_len); 33 + const void *raw_pkcs7, size_t pkcs7_len, 34 + enum key_being_used_for usage); 35 35 #endif 36 36 37 37 #endif /* _KEYS_SYSTEM_KEYRING_H */
+3 -1
include/linux/oid_registry.h
··· 41 41 OID_signed_data, /* 1.2.840.113549.1.7.2 */ 42 42 /* PKCS#9 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)} */ 43 43 OID_email_address, /* 1.2.840.113549.1.9.1 */ 44 - OID_content_type, /* 1.2.840.113549.1.9.3 */ 44 + OID_contentType, /* 1.2.840.113549.1.9.3 */ 45 45 OID_messageDigest, /* 1.2.840.113549.1.9.4 */ 46 46 OID_signingTime, /* 1.2.840.113549.1.9.5 */ 47 47 OID_smimeCapabilites, /* 1.2.840.113549.1.9.15 */ ··· 54 54 55 55 /* Microsoft Authenticode & Software Publishing */ 56 56 OID_msIndirectData, /* 1.3.6.1.4.1.311.2.1.4 */ 57 + OID_msStatementType, /* 1.3.6.1.4.1.311.2.1.11 */ 58 + OID_msSpOpusInfo, /* 1.3.6.1.4.1.311.2.1.12 */ 57 59 OID_msPeImageDataObjId, /* 1.3.6.1.4.1.311.2.1.15 */ 58 60 OID_msIndividualSPKeyPurpose, /* 1.3.6.1.4.1.311.2.1.21 */ 59 61 OID_msOutlookExpress, /* 1.3.6.1.4.1.311.16.4 */
+5 -1
include/linux/verify_pefile.h
··· 12 12 #ifndef _LINUX_VERIFY_PEFILE_H 13 13 #define _LINUX_VERIFY_PEFILE_H 14 14 15 + #include <crypto/public_key.h> 16 + 15 17 extern int verify_pefile_signature(const void *pebuf, unsigned pelen, 16 - struct key *trusted_keyring, bool *_trusted); 18 + struct key *trusted_keyring, 19 + enum key_being_used_for usage, 20 + bool *_trusted); 17 21 18 22 #endif /* _LINUX_VERIFY_PEFILE_H */
+2 -1
kernel/module_signing.c
··· 72 72 return -EBADMSG; 73 73 } 74 74 75 - return system_verify_data(mod, modlen, mod + modlen, sig_len); 75 + return system_verify_data(mod, modlen, mod + modlen, sig_len, 76 + VERIFYING_MODULE_SIGNATURE); 76 77 }
+4 -2
kernel/system_keyring.c
··· 113 113 * @len: Size of @data. 114 114 * @raw_pkcs7: The PKCS#7 message that is the signature. 115 115 * @pkcs7_len: The size of @raw_pkcs7. 116 + * @usage: The use to which the key is being put. 116 117 */ 117 118 int system_verify_data(const void *data, unsigned long len, 118 - const void *raw_pkcs7, size_t pkcs7_len) 119 + const void *raw_pkcs7, size_t pkcs7_len, 120 + enum key_being_used_for usage) 119 121 { 120 122 struct pkcs7_message *pkcs7; 121 123 bool trusted; ··· 134 132 goto error; 135 133 } 136 134 137 - ret = pkcs7_verify(pkcs7); 135 + ret = pkcs7_verify(pkcs7, usage); 138 136 if (ret < 0) 139 137 goto error; 140 138
+3 -2
scripts/sign-file.c
··· 111 111 bool sign_only = false; 112 112 unsigned char buf[4096]; 113 113 unsigned long module_size, cms_size; 114 - unsigned int use_keyid = 0; 114 + unsigned int use_keyid = 0, use_signed_attrs = CMS_NOATTR; 115 115 const EVP_MD *digest_algo; 116 116 EVP_PKEY *private_key; 117 117 CMS_ContentInfo *cms; ··· 216 216 ERR(!cms, "CMS_sign"); 217 217 218 218 ERR(!CMS_add1_signer(cms, x509, private_key, digest_algo, 219 - CMS_NOCERTS | CMS_BINARY | CMS_NOSMIMECAP | use_keyid), 219 + CMS_NOCERTS | CMS_BINARY | CMS_NOSMIMECAP | 220 + use_keyid | use_signed_attrs), 220 221 "CMS_sign_add_signer"); 221 222 ERR(CMS_final(cms, bm, NULL, CMS_NOCERTS | CMS_BINARY) < 0, 222 223 "CMS_final");