1 /* Testing module to load key from trusted PKCS#7 message
2  *
3  * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public Licence
8  * as published by the Free Software Foundation; either version
9  * 2 of the Licence, or (at your option) any later version.
10  */
11 
12 #define pr_fmt(fmt) "PKCS7key: "fmt
13 #include <linux/key.h>
14 #include <linux/err.h>
15 #include <linux/key-type.h>
16 #include <crypto/pkcs7.h>
17 #include <keys/user-type.h>
18 #include <keys/system_keyring.h>
19 #include "pkcs7_parser.h"
20 
21 /*
22  * Preparse a PKCS#7 wrapped and validated data blob.
23  */
24 static int pkcs7_preparse(struct key_preparsed_payload *prep)
25 {
26 	struct pkcs7_message *pkcs7;
27 	const void *data, *saved_prep_data;
28 	size_t datalen, saved_prep_datalen;
29 	bool trusted;
30 	int ret;
31 
32 	kenter("");
33 
34 	saved_prep_data = prep->data;
35 	saved_prep_datalen = prep->datalen;
36 	pkcs7 = pkcs7_parse_message(saved_prep_data, saved_prep_datalen);
37 	if (IS_ERR(pkcs7)) {
38 		ret = PTR_ERR(pkcs7);
39 		goto error;
40 	}
41 
42 	ret = pkcs7_verify(pkcs7);
43 	if (ret < 0)
44 		goto error_free;
45 
46 	ret = pkcs7_validate_trust(pkcs7, system_trusted_keyring, &trusted);
47 	if (ret < 0)
48 		goto error_free;
49 	if (!trusted)
50 		pr_warn("PKCS#7 message doesn't chain back to a trusted key\n");
51 
52 	ret = pkcs7_get_content_data(pkcs7, &data, &datalen, false);
53 	if (ret < 0)
54 		goto error_free;
55 
56 	prep->data = data;
57 	prep->datalen = datalen;
58 	ret = user_preparse(prep);
59 	prep->data = saved_prep_data;
60 	prep->datalen = saved_prep_datalen;
61 
62 error_free:
63 	pkcs7_free_message(pkcs7);
64 error:
65 	kleave(" = %d", ret);
66 	return ret;
67 }
68 
69 /*
70  * user defined keys take an arbitrary string as the description and an
71  * arbitrary blob of data as the payload
72  */
73 static struct key_type key_type_pkcs7 = {
74 	.name			= "pkcs7_test",
75 	.preparse		= pkcs7_preparse,
76 	.free_preparse		= user_free_preparse,
77 	.instantiate		= generic_key_instantiate,
78 	.revoke			= user_revoke,
79 	.destroy		= user_destroy,
80 	.describe		= user_describe,
81 	.read			= user_read,
82 };
83 
84 /*
85  * Module stuff
86  */
87 static int __init pkcs7_key_init(void)
88 {
89 	return register_key_type(&key_type_pkcs7);
90 }
91 
92 static void __exit pkcs7_key_cleanup(void)
93 {
94 	unregister_key_type(&key_type_pkcs7);
95 }
96 
97 module_init(pkcs7_key_init);
98 module_exit(pkcs7_key_cleanup);
99