1 /* PKCS#8 Private Key parser [RFC 5208].
2  *
3  * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public Licence
8  * as published by the Free Software Foundation; either version
9  * 2 of the Licence, or (at your option) any later version.
10  */
11 
12 #define pr_fmt(fmt) "PKCS8: "fmt
13 #include <linux/module.h>
14 #include <linux/kernel.h>
15 #include <linux/export.h>
16 #include <linux/slab.h>
17 #include <linux/err.h>
18 #include <linux/oid_registry.h>
19 #include <keys/asymmetric-subtype.h>
20 #include <keys/asymmetric-parser.h>
21 #include <crypto/public_key.h>
22 #include "pkcs8.asn1.h"
23 
24 struct pkcs8_parse_context {
25 	struct public_key *pub;
26 	unsigned long	data;			/* Start of data */
27 	enum OID	last_oid;		/* Last OID encountered */
28 	enum OID	algo_oid;		/* Algorithm OID */
29 	u32		key_size;
30 	const void	*key;
31 };
32 
33 /*
34  * Note an OID when we find one for later processing when we know how to
35  * interpret it.
36  */
37 int pkcs8_note_OID(void *context, size_t hdrlen,
38 		   unsigned char tag,
39 		   const void *value, size_t vlen)
40 {
41 	struct pkcs8_parse_context *ctx = context;
42 
43 	ctx->last_oid = look_up_OID(value, vlen);
44 	if (ctx->last_oid == OID__NR) {
45 		char buffer[50];
46 
47 		sprint_oid(value, vlen, buffer, sizeof(buffer));
48 		pr_info("Unknown OID: [%lu] %s\n",
49 			(unsigned long)value - ctx->data, buffer);
50 	}
51 	return 0;
52 }
53 
54 /*
55  * Note the version number of the ASN.1 blob.
56  */
57 int pkcs8_note_version(void *context, size_t hdrlen,
58 		       unsigned char tag,
59 		       const void *value, size_t vlen)
60 {
61 	if (vlen != 1 || ((const u8 *)value)[0] != 0) {
62 		pr_warn("Unsupported PKCS#8 version\n");
63 		return -EBADMSG;
64 	}
65 	return 0;
66 }
67 
68 /*
69  * Note the public algorithm.
70  */
71 int pkcs8_note_algo(void *context, size_t hdrlen,
72 		    unsigned char tag,
73 		    const void *value, size_t vlen)
74 {
75 	struct pkcs8_parse_context *ctx = context;
76 
77 	if (ctx->last_oid != OID_rsaEncryption)
78 		return -ENOPKG;
79 
80 	ctx->pub->pkey_algo = "rsa";
81 	return 0;
82 }
83 
84 /*
85  * Note the key data of the ASN.1 blob.
86  */
87 int pkcs8_note_key(void *context, size_t hdrlen,
88 		   unsigned char tag,
89 		   const void *value, size_t vlen)
90 {
91 	struct pkcs8_parse_context *ctx = context;
92 
93 	ctx->key = value;
94 	ctx->key_size = vlen;
95 	return 0;
96 }
97 
98 /*
99  * Parse a PKCS#8 private key blob.
100  */
101 static struct public_key *pkcs8_parse(const void *data, size_t datalen)
102 {
103 	struct pkcs8_parse_context ctx;
104 	struct public_key *pub;
105 	long ret;
106 
107 	memset(&ctx, 0, sizeof(ctx));
108 
109 	ret = -ENOMEM;
110 	ctx.pub = kzalloc(sizeof(struct public_key), GFP_KERNEL);
111 	if (!ctx.pub)
112 		goto error;
113 
114 	ctx.data = (unsigned long)data;
115 
116 	/* Attempt to decode the private key */
117 	ret = asn1_ber_decoder(&pkcs8_decoder, &ctx, data, datalen);
118 	if (ret < 0)
119 		goto error_decode;
120 
121 	ret = -ENOMEM;
122 	pub = ctx.pub;
123 	pub->key = kmemdup(ctx.key, ctx.key_size, GFP_KERNEL);
124 	if (!pub->key)
125 		goto error_decode;
126 
127 	pub->keylen = ctx.key_size;
128 	pub->key_is_private = true;
129 	return pub;
130 
131 error_decode:
132 	kfree(ctx.pub);
133 error:
134 	return ERR_PTR(ret);
135 }
136 
137 /*
138  * Attempt to parse a data blob for a key as a PKCS#8 private key.
139  */
140 static int pkcs8_key_preparse(struct key_preparsed_payload *prep)
141 {
142 	struct public_key *pub;
143 
144 	pub = pkcs8_parse(prep->data, prep->datalen);
145 	if (IS_ERR(pub))
146 		return PTR_ERR(pub);
147 
148 	pr_devel("Cert Key Algo: %s\n", pub->pkey_algo);
149 	pub->id_type = "PKCS8";
150 
151 	/* We're pinning the module by being linked against it */
152 	__module_get(public_key_subtype.owner);
153 	prep->payload.data[asym_subtype] = &public_key_subtype;
154 	prep->payload.data[asym_key_ids] = NULL;
155 	prep->payload.data[asym_crypto] = pub;
156 	prep->payload.data[asym_auth] = NULL;
157 	prep->quotalen = 100;
158 	return 0;
159 }
160 
161 static struct asymmetric_key_parser pkcs8_key_parser = {
162 	.owner	= THIS_MODULE,
163 	.name	= "pkcs8",
164 	.parse	= pkcs8_key_preparse,
165 };
166 
167 /*
168  * Module stuff
169  */
170 static int __init pkcs8_key_init(void)
171 {
172 	return register_asymmetric_key_parser(&pkcs8_key_parser);
173 }
174 
175 static void __exit pkcs8_key_exit(void)
176 {
177 	unregister_asymmetric_key_parser(&pkcs8_key_parser);
178 }
179 
180 module_init(pkcs8_key_init);
181 module_exit(pkcs8_key_exit);
182 
183 MODULE_DESCRIPTION("PKCS#8 certificate parser");
184 MODULE_LICENSE("GPL");
185