1 /* Testing module to load key from trusted PKCS#7 message 2 * 3 * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public Licence 8 * as published by the Free Software Foundation; either version 9 * 2 of the Licence, or (at your option) any later version. 10 */ 11 12 #define pr_fmt(fmt) "PKCS7key: "fmt 13 #include <linux/key.h> 14 #include <linux/err.h> 15 #include <linux/key-type.h> 16 #include <crypto/pkcs7.h> 17 #include <keys/user-type.h> 18 #include <keys/system_keyring.h> 19 #include "pkcs7_parser.h" 20 21 /* 22 * Preparse a PKCS#7 wrapped and validated data blob. 23 */ 24 static int pkcs7_preparse(struct key_preparsed_payload *prep) 25 { 26 struct pkcs7_message *pkcs7; 27 const void *data, *saved_prep_data; 28 size_t datalen, saved_prep_datalen; 29 bool trusted; 30 int ret; 31 32 kenter(""); 33 34 saved_prep_data = prep->data; 35 saved_prep_datalen = prep->datalen; 36 pkcs7 = pkcs7_parse_message(saved_prep_data, saved_prep_datalen); 37 if (IS_ERR(pkcs7)) { 38 ret = PTR_ERR(pkcs7); 39 goto error; 40 } 41 42 ret = pkcs7_verify(pkcs7); 43 if (ret < 0) 44 goto error_free; 45 46 ret = pkcs7_validate_trust(pkcs7, system_trusted_keyring, &trusted); 47 if (ret < 0) 48 goto error_free; 49 if (!trusted) 50 pr_warn("PKCS#7 message doesn't chain back to a trusted key\n"); 51 52 ret = pkcs7_get_content_data(pkcs7, &data, &datalen, false); 53 if (ret < 0) 54 goto error_free; 55 56 prep->data = data; 57 prep->datalen = datalen; 58 ret = user_preparse(prep); 59 prep->data = saved_prep_data; 60 prep->datalen = saved_prep_datalen; 61 62 error_free: 63 pkcs7_free_message(pkcs7); 64 error: 65 kleave(" = %d", ret); 66 return ret; 67 } 68 69 /* 70 * user defined keys take an arbitrary string as the description and an 71 * arbitrary blob of data as the payload 72 */ 73 static struct key_type key_type_pkcs7 = { 74 .name = "pkcs7_test", 75 .preparse = pkcs7_preparse, 76 .free_preparse = user_free_preparse, 77 .instantiate = generic_key_instantiate, 78 .revoke = user_revoke, 79 .destroy = user_destroy, 80 .describe = user_describe, 81 .read = user_read, 82 }; 83 84 /* 85 * Module stuff 86 */ 87 static int __init pkcs7_key_init(void) 88 { 89 return register_key_type(&key_type_pkcs7); 90 } 91 92 static void __exit pkcs7_key_cleanup(void) 93 { 94 unregister_key_type(&key_type_pkcs7); 95 } 96 97 module_init(pkcs7_key_init); 98 module_exit(pkcs7_key_cleanup); 99