From de26a46f6c581b579f77bbe31cc7aef0b1fd14bc Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Mon, 24 Sep 2012 17:11:48 +0100
Subject: X.509: Add a crypto key parser for binary (DER) X.509 certificates

Add a crypto key parser for binary (DER) encoded X.509 certificates.  The
certificate is parsed and, if possible, the signature is verified.

An X.509 key can be added like this:

	# keyctl padd crypto bar @s </tmp/x509.cert
	15768135

and displayed like this:

	# cat /proc/keys
	00f09a47 I--Q---     1 perm 39390000     0     0 asymmetri bar: X509.RSA e9fd6d08 []

Note that this only works with binary certificates.  PEM encoded certificates
are ignored by the parser.

Note also that the X.509 key ID is not congruent with the PGP key ID, but for
the moment, they will match.

If a NULL or "" name is given to add_key(), then the parser will generate a key
description from the CertificateSerialNumber and Name fields of the
TBSCertificate:

	00aefc4e I--Q---     1 perm 39390000     0     0 asymmetri bfbc0cd76d050ea4:/C=GB/L=Cambridge/O=Red Hat/CN=kernel key: X509.RSA 0c688c7b []

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---
 crypto/asymmetric_keys/x509_public_key.c | 207 +++++++++++++++++++++++++++++++
 1 file changed, 207 insertions(+)
 create mode 100644 crypto/asymmetric_keys/x509_public_key.c

(limited to 'crypto/asymmetric_keys/x509_public_key.c')

diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
new file mode 100644
index 00000000..716917ce
--- /dev/null
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -0,0 +1,207 @@
+/* Instantiate a public key crypto key from an X.509 Certificate
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+
+#define pr_fmt(fmt) "X.509: "fmt
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/slab.h>
+#include <linux/err.h>
+#include <linux/mpi.h>
+#include <linux/asn1_decoder.h>
+#include <keys/asymmetric-subtype.h>
+#include <keys/asymmetric-parser.h>
+#include <crypto/hash.h>
+#include "asymmetric_keys.h"
+#include "public_key.h"
+#include "x509_parser.h"
+
+static const
+struct public_key_algorithm *x509_public_key_algorithms[PKEY_ALGO__LAST] = {
+	[PKEY_ALGO_DSA]		= NULL,
+#if defined(CONFIG_PUBLIC_KEY_ALGO_RSA) || \
+	defined(CONFIG_PUBLIC_KEY_ALGO_RSA_MODULE)
+	[PKEY_ALGO_RSA]		= &RSA_public_key_algorithm,
+#endif
+};
+
+/*
+ * Check the signature on a certificate using the provided public key
+ */
+static int x509_check_signature(const struct public_key *pub,
+				const struct x509_certificate *cert)
+{
+	struct public_key_signature *sig;
+	struct crypto_shash *tfm;
+	struct shash_desc *desc;
+	size_t digest_size, desc_size;
+	int ret;
+
+	pr_devel("==>%s()\n", __func__);
+	
+	/* Allocate the hashing algorithm we're going to need and find out how
+	 * big the hash operational data will be.
+	 */
+	tfm = crypto_alloc_shash(pkey_hash_algo[cert->sig_hash_algo], 0, 0);
+	if (IS_ERR(tfm))
+		return (PTR_ERR(tfm) == -ENOENT) ? -ENOPKG : PTR_ERR(tfm);
+
+	desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
+	digest_size = crypto_shash_digestsize(tfm);
+
+	/* We allocate the hash operational data storage on the end of our
+	 * context data.
+	 */
+	ret = -ENOMEM;
+	sig = kzalloc(sizeof(*sig) + desc_size + digest_size, GFP_KERNEL);
+	if (!sig)
+		goto error_no_sig;
+
+	sig->pkey_hash_algo	= cert->sig_hash_algo;
+	sig->digest		= (u8 *)sig + sizeof(*sig) + desc_size;
+	sig->digest_size	= digest_size;
+
+	desc = (void *)sig + sizeof(*sig);
+	desc->tfm	= tfm;
+	desc->flags	= CRYPTO_TFM_REQ_MAY_SLEEP;
+
+	ret = crypto_shash_init(desc);
+	if (ret < 0)
+		goto error;
+
+	ret = -ENOMEM;
+	sig->rsa.s = mpi_read_raw_data(cert->sig, cert->sig_size);
+	if (!sig->rsa.s)
+		goto error;
+
+	ret = crypto_shash_finup(desc, cert->tbs, cert->tbs_size, sig->digest);
+	if (ret < 0)
+		goto error_mpi;
+
+	ret = pub->algo->verify_signature(pub, sig);
+
+	pr_debug("Cert Verification: %d\n", ret);
+
+error_mpi:
+	mpi_free(sig->rsa.s);
+error:
+	kfree(sig);
+error_no_sig:
+	crypto_free_shash(tfm);
+
+	pr_devel("<==%s() = %d\n", __func__, ret);
+	return ret;
+}
+
+/*
+ * Attempt to parse a data blob for a key as an X509 certificate.
+ */
+static int x509_key_preparse(struct key_preparsed_payload *prep)
+{
+	struct x509_certificate *cert;
+	time_t now;
+	size_t srlen, sulen;
+	char *desc = NULL;
+	int ret;
+
+	cert = x509_cert_parse(prep->data, prep->datalen);
+	if (IS_ERR(cert))
+		return PTR_ERR(cert);
+
+	pr_devel("Cert Issuer: %s\n", cert->issuer);
+	pr_devel("Cert Subject: %s\n", cert->subject);
+	pr_devel("Cert Key Algo: %s\n", pkey_algo[cert->pkey_algo]);
+	pr_devel("Cert Valid: %lu - %lu\n", cert->valid_from, cert->valid_to);
+	pr_devel("Cert Signature: %s + %s\n",
+		 pkey_algo[cert->sig_pkey_algo],
+		 pkey_hash_algo[cert->sig_hash_algo]);
+
+	if (!cert->fingerprint || !cert->authority) {
+		pr_warn("Cert for '%s' must have SubjKeyId and AuthKeyId extensions\n",
+			cert->subject);
+		ret = -EKEYREJECTED;
+		goto error_free_cert;
+	}
+
+	now = CURRENT_TIME.tv_sec;
+	if (now < cert->valid_from) {
+		pr_warn("Cert %s is not yet valid\n", cert->fingerprint);
+		ret = -EKEYREJECTED;
+		goto error_free_cert;
+	}
+	if (now >= cert->valid_to) {
+		pr_warn("Cert %s has expired\n", cert->fingerprint);
+		ret = -EKEYEXPIRED;
+		goto error_free_cert;
+	}
+
+	cert->pub->algo = x509_public_key_algorithms[cert->pkey_algo];
+	cert->pub->id_type = PKEY_ID_X509;
+
+	/* Check the signature on the key */
+	if (strcmp(cert->fingerprint, cert->authority) == 0) {
+		ret = x509_check_signature(cert->pub, cert);
+		if (ret < 0)
+			goto error_free_cert;
+	}
+
+	/* Propose a description */
+	sulen = strlen(cert->subject);
+	srlen = strlen(cert->fingerprint);
+	ret = -ENOMEM;
+	desc = kmalloc(sulen + 2 + srlen + 1, GFP_KERNEL);
+	if (!desc)
+		goto error_free_cert;
+	memcpy(desc, cert->subject, sulen);
+	desc[sulen] = ':';
+	desc[sulen + 1] = ' ';
+	memcpy(desc + sulen + 2, cert->fingerprint, srlen);
+	desc[sulen + 2 + srlen] = 0;
+
+	/* We're pinning the module by being linked against it */
+	__module_get(public_key_subtype.owner);
+	prep->type_data[0] = &public_key_subtype;
+	prep->type_data[1] = cert->fingerprint;
+	prep->payload = cert->pub;
+	prep->description = desc;
+	prep->quotalen = 100;
+
+	/* We've finished with the certificate */
+	cert->pub = NULL;
+	cert->fingerprint = NULL;
+	desc = NULL;
+	ret = 0;
+
+error_free_cert:
+	x509_free_certificate(cert);
+	return ret;
+}
+
+static struct asymmetric_key_parser x509_key_parser = {
+	.owner	= THIS_MODULE,
+	.name	= "x509",
+	.parse	= x509_key_preparse,
+};
+
+/*
+ * Module stuff
+ */
+static int __init x509_key_init(void)
+{
+	return register_asymmetric_key_parser(&x509_key_parser);
+}
+
+static void __exit x509_key_exit(void)
+{
+	unregister_asymmetric_key_parser(&x509_key_parser);
+}
+
+module_init(x509_key_init);
+module_exit(x509_key_exit);
-- 
cgit v1.2.3


From b704b28c01f94cf11495d9c97dc5be3b35900bb8 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 2 Oct 2012 14:36:16 +0100
Subject: MODSIGN: Fix 32-bit overflow in X.509 certificate validity date
 checking

The current choice of lifetime for the autogenerated X.509 of 100 years,
putting the validTo date in 2112, causes problems on 32-bit systems where a
32-bit time_t wraps in 2106.  64-bit x86_64 systems seem to be unaffected.

This can result in something like:

	Loading module verification certificates
	X.509: Cert 6e03943da0f3b015ba6ed7f5e0cac4fe48680994 has expired
	MODSIGN: Problem loading in-kernel X.509 certificate (-127)

Or:

	X.509: Cert 6e03943da0f3b015ba6ed7f5e0cac4fe48680994 is not yet valid
	MODSIGN: Problem loading in-kernel X.509 certificate (-129)

Instead of turning the dates into time_t values and comparing, turn the system
clock and the ASN.1 dates into tm structs and compare those piecemeal instead.

Reported-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Josh Boyer <jwboyer@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---
 crypto/asymmetric_keys/x509_cert_parser.c | 25 +++++++++---------
 crypto/asymmetric_keys/x509_parser.h      |  4 +--
 crypto/asymmetric_keys/x509_public_key.c  | 42 +++++++++++++++++++++++++++----
 3 files changed, 51 insertions(+), 20 deletions(-)

(limited to 'crypto/asymmetric_keys/x509_public_key.c')

diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 8fcac949..db07e8c9 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -434,11 +434,10 @@ int x509_process_extension(void *context, size_t hdrlen,
 /*
  * Record a certificate time.
  */
-static int x509_note_time(time_t *_time,  size_t hdrlen,
+static int x509_note_time(struct tm *tm,  size_t hdrlen,
 			  unsigned char tag,
 			  const unsigned char *value, size_t vlen)
 {
-	unsigned YY, MM, DD, hh, mm, ss;
 	const unsigned char *p = value;
 
 #define dec2bin(X) ((X) - '0')
@@ -448,30 +447,30 @@ static int x509_note_time(time_t *_time,  size_t hdrlen,
 		/* UTCTime: YYMMDDHHMMSSZ */
 		if (vlen != 13)
 			goto unsupported_time;
-		YY = DD2bin(p);
-		if (YY > 50)
-			YY += 1900;
+		tm->tm_year = DD2bin(p);
+		if (tm->tm_year >= 50)
+			tm->tm_year += 1900;
 		else
-			YY += 2000;
+			tm->tm_year += 2000;
 	} else if (tag == ASN1_GENTIM) {
 		/* GenTime: YYYYMMDDHHMMSSZ */
 		if (vlen != 15)
 			goto unsupported_time;
-		YY = DD2bin(p) * 100 + DD2bin(p);
+		tm->tm_year = DD2bin(p) * 100 + DD2bin(p);
 	} else {
 		goto unsupported_time;
 	}
 
-	MM = DD2bin(p);
-	DD = DD2bin(p);
-	hh = DD2bin(p);
-	mm = DD2bin(p);
-	ss = DD2bin(p);
+	tm->tm_year -= 1900;
+	tm->tm_mon  = DD2bin(p) - 1;
+	tm->tm_mday = DD2bin(p);
+	tm->tm_hour = DD2bin(p);
+	tm->tm_min  = DD2bin(p);
+	tm->tm_sec  = DD2bin(p);
 
 	if (*p != 'Z')
 		goto unsupported_time;
 
-	*_time = mktime(YY, MM, DD, hh, mm, ss);
 	return 0;
 
 unsupported_time:
diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h
index 635053f7..f86dc5fc 100644
--- a/crypto/asymmetric_keys/x509_parser.h
+++ b/crypto/asymmetric_keys/x509_parser.h
@@ -18,8 +18,8 @@ struct x509_certificate {
 	char		*subject;		/* Name of certificate subject */
 	char		*fingerprint;		/* Key fingerprint as hex */
 	char		*authority;		/* Authority key fingerprint as hex */
-	time_t		valid_from;
-	time_t		valid_to;
+	struct tm	valid_from;
+	struct tm	valid_to;
 	enum pkey_algo	pkey_algo : 8;		/* Public key algorithm */
 	enum pkey_algo	sig_pkey_algo : 8;	/* Signature public key algorithm */
 	enum pkey_hash_algo sig_hash_algo : 8;	/* Signature hash algorithm */
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index 716917ce..5ab736db 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -106,7 +106,7 @@ error_no_sig:
 static int x509_key_preparse(struct key_preparsed_payload *prep)
 {
 	struct x509_certificate *cert;
-	time_t now;
+	struct tm now;
 	size_t srlen, sulen;
 	char *desc = NULL;
 	int ret;
@@ -118,7 +118,14 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
 	pr_devel("Cert Issuer: %s\n", cert->issuer);
 	pr_devel("Cert Subject: %s\n", cert->subject);
 	pr_devel("Cert Key Algo: %s\n", pkey_algo[cert->pkey_algo]);
-	pr_devel("Cert Valid: %lu - %lu\n", cert->valid_from, cert->valid_to);
+	printk("Cert Valid From: %04ld-%02d-%02d %02d:%02d:%02d\n",
+		 cert->valid_from.tm_year + 1900, cert->valid_from.tm_mon + 1,
+		 cert->valid_from.tm_mday, cert->valid_from.tm_hour,
+		 cert->valid_from.tm_min,  cert->valid_from.tm_sec);
+	printk("Cert Valid To: %04ld-%02d-%02d %02d:%02d:%02d\n",
+		 cert->valid_to.tm_year + 1900, cert->valid_to.tm_mon + 1,
+		 cert->valid_to.tm_mday, cert->valid_to.tm_hour,
+		 cert->valid_to.tm_min,  cert->valid_to.tm_sec);
 	pr_devel("Cert Signature: %s + %s\n",
 		 pkey_algo[cert->sig_pkey_algo],
 		 pkey_hash_algo[cert->sig_hash_algo]);
@@ -130,13 +137,38 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
 		goto error_free_cert;
 	}
 
-	now = CURRENT_TIME.tv_sec;
-	if (now < cert->valid_from) {
+	time_to_tm(CURRENT_TIME.tv_sec, 0, &now);
+	printk("Now: %04ld-%02d-%02d %02d:%02d:%02d\n",
+		 now.tm_year + 1900, now.tm_mon + 1, now.tm_mday,
+		 now.tm_hour, now.tm_min,  now.tm_sec);
+	if (now.tm_year < cert->valid_from.tm_year ||
+	    (now.tm_year == cert->valid_from.tm_year &&
+	     (now.tm_mon < cert->valid_from.tm_mon ||
+	      (now.tm_mon == cert->valid_from.tm_mon &&
+	       (now.tm_mday < cert->valid_from.tm_mday ||
+		(now.tm_mday == cert->valid_from.tm_mday &&
+		 (now.tm_hour < cert->valid_from.tm_hour ||
+		  (now.tm_hour == cert->valid_from.tm_hour &&
+		   (now.tm_min < cert->valid_from.tm_min ||
+		    (now.tm_min == cert->valid_from.tm_min &&
+		     (now.tm_sec < cert->valid_from.tm_sec
+		      ))))))))))) {
 		pr_warn("Cert %s is not yet valid\n", cert->fingerprint);
 		ret = -EKEYREJECTED;
 		goto error_free_cert;
 	}
-	if (now >= cert->valid_to) {
+	if (now.tm_year > cert->valid_to.tm_year ||
+	    (now.tm_year == cert->valid_to.tm_year &&
+	     (now.tm_mon > cert->valid_to.tm_mon ||
+	      (now.tm_mon == cert->valid_to.tm_mon &&
+	       (now.tm_mday > cert->valid_to.tm_mday ||
+		(now.tm_mday == cert->valid_to.tm_mday &&
+		 (now.tm_hour > cert->valid_to.tm_hour ||
+		  (now.tm_hour == cert->valid_to.tm_hour &&
+		   (now.tm_min > cert->valid_to.tm_min ||
+		    (now.tm_min == cert->valid_to.tm_min &&
+		     (now.tm_sec > cert->valid_to.tm_sec
+		      ))))))))))) {
 		pr_warn("Cert %s has expired\n", cert->fingerprint);
 		ret = -EKEYEXPIRED;
 		goto error_free_cert;
-- 
cgit v1.2.3


From f1b6883a1e29f85809431bebe43a63f2fd46e7bb Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Thu, 4 Oct 2012 14:21:23 +0100
Subject: X.509: Convert some printk calls to pr_devel

Some debugging printk() calls should've been converted to pr_devel() calls.
Do that now.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---
 crypto/asymmetric_keys/x509_public_key.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'crypto/asymmetric_keys/x509_public_key.c')

diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index 5ab736db..06007f0e 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -118,11 +118,11 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
 	pr_devel("Cert Issuer: %s\n", cert->issuer);
 	pr_devel("Cert Subject: %s\n", cert->subject);
 	pr_devel("Cert Key Algo: %s\n", pkey_algo[cert->pkey_algo]);
-	printk("Cert Valid From: %04ld-%02d-%02d %02d:%02d:%02d\n",
+	pr_devel("Cert Valid From: %04ld-%02d-%02d %02d:%02d:%02d\n",
 		 cert->valid_from.tm_year + 1900, cert->valid_from.tm_mon + 1,
 		 cert->valid_from.tm_mday, cert->valid_from.tm_hour,
 		 cert->valid_from.tm_min,  cert->valid_from.tm_sec);
-	printk("Cert Valid To: %04ld-%02d-%02d %02d:%02d:%02d\n",
+	pr_devel("Cert Valid To: %04ld-%02d-%02d %02d:%02d:%02d\n",
 		 cert->valid_to.tm_year + 1900, cert->valid_to.tm_mon + 1,
 		 cert->valid_to.tm_mday, cert->valid_to.tm_hour,
 		 cert->valid_to.tm_min,  cert->valid_to.tm_sec);
@@ -138,7 +138,7 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
 	}
 
 	time_to_tm(CURRENT_TIME.tv_sec, 0, &now);
-	printk("Now: %04ld-%02d-%02d %02d:%02d:%02d\n",
+	pr_devel("Now: %04ld-%02d-%02d %02d:%02d:%02d\n",
 		 now.tm_year + 1900, now.tm_mon + 1, now.tm_mday,
 		 now.tm_hour, now.tm_min,  now.tm_sec);
 	if (now.tm_year < cert->valid_from.tm_year ||
-- 
cgit v1.2.3