From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752098AbaFJItk (ORCPT <rfc822;w@1wt.eu>);
	Tue, 10 Jun 2014 04:49:40 -0400
Received: from mailout2.w1.samsung.com ([210.118.77.12]:19416 "EHLO
	mailout2.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751390AbaFJIsw (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 10 Jun 2014 04:48:52 -0400
X-AuditID: cbfec7f4-b7fac6d000006cfe-46-5396c6710222
From: Dmitry Kasatkin <d.kasatkin@samsung.com>
To: zohar@linux.vnet.ibm.com, dhowells@redhat.com, jwboyer@redhat.com,
        keyrings@linux-nfs.org, linux-security-module@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, dmitry.kasatkin@gmail.com,
        Dmitry Kasatkin <d.kasatkin@samsung.com>
Subject: [PATCH 3/4] KEYS: validate key trust only with selected owner key
Date: Tue, 10 Jun 2014 11:48:17 +0300
Message-id: <ef22f2630a2545bd7c3bf2c9e730a842835cf6c4.1402387862.git.d.kasatkin@samsung.com>
X-Mailer: git-send-email 1.9.1
In-reply-to: <cover.1402387862.git.d.kasatkin@samsung.com>
References: <1402331614.7064.60.camel@dhcp-9-2-203-236.watson.ibm.com>
 <cover.1402387862.git.d.kasatkin@samsung.com>
In-reply-to: <cover.1402387862.git.d.kasatkin@samsung.com>
References: <cover.1402387862.git.d.kasatkin@samsung.com>
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprGLMWRmVeSWpSXmKPExsVy+t/xa7qFx6YFG0y4pm9x6+9eZot3Tb9Z
	LL4srbM48O4Ji8XsXQ9ZLC7vmsNm8aHnEZvFpxWTmB04PHbOusvuMe3EMhaPB4c2s3i833eV
	zaNvyypGj8+b5ALYorhsUlJzMstSi/TtErgyZvVsZy9YYlmxsXUjawNjl34XIyeHhICJxJpD
	O1ghbDGJC/fWs3UxcnEICSxllFhzehIzhNPJJPFh80lGkCo2AT2JDc0/2EESIgJtjBJtW5+x
	gSSYBdIlPk3qZQexhQW8JFq/doDFWQRUJeZf7wdbwSsQJ3FuzmoWiHVyEiePTQaKc3BwClhJ
	fFgUChIWEiiTOPn5A6awpUT/66lsExj5FzAyrGIUTS1NLihOSs811CtOzC0uzUvXS87P3cQI
	CcsvOxgXH7M6xCjAwajEw8uhMy1YiDWxrLgy9xCjBAezkgjv3W1AId6UxMqq1KL8+KLSnNTi
	Q4xMHJxSDYz13w3XzmZMuPbb+6X+h6Zib5uD36/qrQ+PrD186dyjlRd62OW/Hzyf/sWmSqhn
	RnNx5r11K6bonTh73qHXsklI5nTZ+cbuAsP48ic3LcwWHFr3Nn15vcjTg782Tt782W/HjMCf
	ARPcch49cqz6tLHkAJ+WyOf5UXM+hX6S3zfJdhfn+QNqrN+ElFiKMxINtZiLihMBGqEbuikC	AAA=
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This patch provides kernel parameter to specify owner's key id which
must be used for trust validate of keys. Keys signed with other keys
are not trusted.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
---
 crypto/asymmetric_keys/x509_public_key.c | 27 ++++++++--
 include/keys/owner_keyring.h             | 27 ----------
 init/Kconfig                             | 10 ----
 kernel/Makefile                          |  1 -
 kernel/owner_keyring.c                   | 85 --------------------------------
 5 files changed, 24 insertions(+), 126 deletions(-)
 delete mode 100644 include/keys/owner_keyring.h
 delete mode 100644 kernel/owner_keyring.c

diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index 962f9b9..d46b790 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -19,12 +19,24 @@
 #include <keys/asymmetric-subtype.h>
 #include <keys/asymmetric-parser.h>
 #include <keys/system_keyring.h>
-#include <keys/owner_keyring.h>
 #include <crypto/hash.h>
 #include "asymmetric_keys.h"
 #include "public_key.h"
 #include "x509_parser.h"
 
+static char *owner_keyid;
+static int __init default_owner_keyid_set(char *str)
+{
+	if (!str)		/* default system keyring */
+		return 1;
+
+	if (strncmp(str, "id:", 3) == 0)
+		owner_keyid = str;	/* owner local key 'id:xxxxxx' */
+
+	return 1;
+}
+__setup("keys_ownerid=", default_owner_keyid_set);
+
 /*
  * Find a key in the given keyring by issuer and authority.
  */
@@ -170,6 +182,16 @@ static int x509_validate_trust(struct x509_certificate *cert,
 	if (!trust_keyring)
 		return -EOPNOTSUPP;
 
+	if (owner_keyid) {
+		/* validate trust only with the owner_keyid if specified */
+		/* partial match of keyid according to the asymmetric_type.c */
+		int idlen = strlen(owner_keyid) - 3; /* - id: */
+		int authlen = strlen(cert->authority);
+		char *auth = cert->authority + authlen - idlen;
+		if (idlen > authlen || strcasecmp(owner_keyid + 3, auth))
+			return -EPERM;
+	}
+
 	key = x509_request_asymmetric_key(trust_keyring,
 					  cert->issuer, strlen(cert->issuer),
 					  cert->authority,
@@ -239,8 +261,7 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
 		if (ret < 0)
 			goto error_free_cert;
 	} else if (!prep->trusted) {
-		ret = x509_validate_trust(cert,
-					  get_system_or_owner_trusted_keyring());
+		ret = x509_validate_trust(cert, get_system_trusted_keyring());
 		if (!ret)
 			prep->trusted = 1;
 	}
diff --git a/include/keys/owner_keyring.h b/include/keys/owner_keyring.h
deleted file mode 100644
index 78dd09d..0000000
--- a/include/keys/owner_keyring.h
+++ /dev/null
@@ -1,27 +0,0 @@
-/* 
- * Copyright (C) 2014 IBM Corporation
- * Author: Mimi Zohar <zohar@us.ibm.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, version 2 of the License.
- */
-
-#ifndef _KEYS_OWNER_KEYRING_H
-#define _KEYS_OWNER_KEYRING_H
-
-#ifdef CONFIG_OWNER_TRUSTED_KEYRING
-
-#include <linux/key.h>
-
-extern struct key *owner_trusted_keyring;
-extern struct key *get_system_or_owner_trusted_keyring(void);
-
-#else
-static inline struct key *get_system_or_owner_trusted_keyring(void)
-{
-	return get_system_trusted_keyring();
-}
-
-#endif
-#endif /* _KEYS_OWNER_KEYRING_H */
diff --git a/init/Kconfig b/init/Kconfig
index 7876787..009a797 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1661,16 +1661,6 @@ config SYSTEM_TRUSTED_KEYRING
 
 	  Keys in this keyring are used by module signature checking.
 
-config OWNER_TRUSTED_KEYRING
-	bool "Verify certificate signatures using a specific system key"
-	depends on SYSTEM_TRUSTED_KEYRING
-	help
-	  Verify a certificate's signature, before adding the key to
-	  a trusted keyring, using a specific key on the system trusted
-	  keyring.  The specific key on the system trusted keyring is
-	  identified using the kernel boot command line option
-	  "keys_ownerid" and is added to the owner_trusted_keyring.
-
 menuconfig MODULES
 	bool "Enable loadable module support"
 	option modules
diff --git a/kernel/Makefile b/kernel/Makefile
index 7b44efd..bc010ee 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -44,7 +44,6 @@ obj-$(CONFIG_UID16) += uid16.o
 obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
 obj-$(CONFIG_MODULES) += module.o
 obj-$(CONFIG_MODULE_SIG) += module_signing.o
-obj-$(CONFIG_OWNER_TRUSTED_KEYRING) += owner_keyring.o
 obj-$(CONFIG_KALLSYMS) += kallsyms.o
 obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
 obj-$(CONFIG_KEXEC) += kexec.o
diff --git a/kernel/owner_keyring.c b/kernel/owner_keyring.c
deleted file mode 100644
index a31b865..0000000
--- a/kernel/owner_keyring.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/* 
- * Copyright (C) 2014 IBM Corporation
- * Author: Mimi Zohar <zohar@us.ibm.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, version 2 of the License.
- */
-
-#include <linux/export.h>
-#include <linux/kernel.h>
-#include <linux/sched.h>
-#include <linux/cred.h>
-#include <linux/err.h>
-#include <keys/asymmetric-type.h>
-#include <keys/system_keyring.h>
-#include "module-internal.h"
-
-struct key *owner_trusted_keyring;
-static int use_owner_trusted_keyring;
-
-static char *owner_keyid;
-static int __init default_owner_keyid_set(char *str)
-{
-	if (!str)		/* default system keyring */
-		return 1;
-
-	if (strncmp(str, "id:", 3) == 0)
-		owner_keyid = str;	/* owner local key 'id:xxxxxx' */
-
-	return 1;
-}
-
-__setup("keys_ownerid=", default_owner_keyid_set);
-
-struct key *get_system_or_owner_trusted_keyring(void)
-{
-	return use_owner_trusted_keyring ? owner_trusted_keyring :
-	    get_system_trusted_keyring();
-}
-
-static __init int owner_trusted_keyring_init(void)
-{
-	pr_notice("Initialize the owner trusted keyring\n");
-
-	owner_trusted_keyring =
-	    keyring_alloc(".owner_keyring",
-			  KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
-			  ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
-			   KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH),
-			  KEY_ALLOC_NOT_IN_QUOTA, NULL);
-	if (IS_ERR(owner_trusted_keyring))
-		panic("Can't allocate owner trusted keyring\n");
-
-	set_bit(KEY_FLAG_TRUSTED_ONLY, &owner_trusted_keyring->flags);
-	return 0;
-}
-
-device_initcall(owner_trusted_keyring_init);
-
-void load_owner_identified_key(void)
-{
-	key_ref_t key_ref;
-	int ret;
-
-	if (!owner_keyid)
-		return;
-
-	key_ref = keyring_search(make_key_ref(system_trusted_keyring, 1),
-				 &key_type_asymmetric, owner_keyid);
-	if (IS_ERR(key_ref)) {
-		pr_warn("Request for unknown %s key\n", owner_keyid);
-		goto out;
-	}
-	ret = key_link(owner_trusted_keyring, key_ref_to_ptr(key_ref));
-	pr_info("Loaded owner key %s %s\n", owner_keyid,
-		ret < 0 ? "failed" : "succeeded");
-	key_ref_put(key_ref);
-	if (!ret)
-		use_owner_trusted_keyring = 1;
-out:
-	return;
-}
-
-late_initcall(load_owner_identified_key);
-- 
1.9.1