From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755379AbcATUl3 (ORCPT <rfc822;w@1wt.eu>);
	Wed, 20 Jan 2016 15:41:29 -0500
Received: from e23smtp06.au.ibm.com ([202.81.31.148]:41247 "EHLO
	e23smtp06.au.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752533AbcATUl0 (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Wed, 20 Jan 2016 15:41:26 -0500
X-IBM-Helo: d23dlp03.au.ibm.com
X-IBM-MailFrom: zohar@linux.vnet.ibm.com
X-IBM-RcptTo: keyrings@vger.kernel.org;linux-kernel@vger.kernel.org;linux-security-module@vger.kernel.org
Message-ID: <1453322420.9549.8.camel@linux.vnet.ibm.com>
Subject: Re: [RFC PATCH 04/20] X.509: Don't treat self-signed keys specially
 [ver #2]
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: David Howells <dhowells@redhat.com>
Cc: linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
        petkan@mip-labs.com, linux-kernel@vger.kernel.org
Date: Wed, 20 Jan 2016 15:40:20 -0500
In-Reply-To: <20160119113056.23238.72401.stgit@warthog.procyon.org.uk>
References: <20160119113026.23238.4498.stgit@warthog.procyon.org.uk>
	 <20160119113056.23238.72401.stgit@warthog.procyon.org.uk>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.12.11 (3.12.11-1.fc21) 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-TM-AS-MML: disable
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 16012020-0021-0000-0000-000002914397
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, 2016-01-19 at 11:30 +0000, David Howells wrote:
> Trust for a self-signed certificate can normally only be determined by
> whether we obtained it from a trusted location (ie. it was built into the
> kernel at compile time), so there's not really any point in checking it -
> we could verify that the signature is valid, but it doesn't really tell us
> anything if the signature checks out.
> 
> However, there's a bug in the code determining whether a certificate is
> self-signed or not - if they have neither AKID nor SKID then we just assume
> that the cert is self-signed, which may not be true.
> 
> Given this, remove the code that treats self-signed certs specially when it
> comes to evaluating trustability and attempt to evaluate them as ordinary
> signed certificates.  We then expect self-signed certificates to fail the
> trustability check and be marked as untrustworthy in x509_key_preparse().
> 
> Note that there is the possibility of the trustability check on a
> self-signed cert then succeeding.  This is most likely to happen when a
> duplicate of the certificate is already on the trust keyring - in which
> case it shouldn't be a problem.
> 
> Signed-off-by: David Howells <dhowells@redhat.com>
> cc: David Woodhouse <David.Woodhouse@intel.com>
> cc: Mimi Zohar <zohar@linux.vnet.ibm.com>

Acked-by:  Mimi Zohar <zohar@linux.vnet.ibm.com

> ---
> 
>  crypto/asymmetric_keys/x509_public_key.c |   25 ++++++++++++++++---------
>  1 file changed, 16 insertions(+), 9 deletions(-)
> 
> diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
> index c4f3c40a4ab9..630c1c331fe1 100644
> --- a/crypto/asymmetric_keys/x509_public_key.c
> +++ b/crypto/asymmetric_keys/x509_public_key.c
> @@ -265,6 +265,9 @@ static int x509_validate_trust(struct x509_certificate *cert,
>  	struct key *key;
>  	int ret = 1;
> 
> +	if (!cert->akid_id && !cert->akid_skid)
> +		return 1;
> +
>  	if (!trust_keyring)
>  		return -EOPNOTSUPP;
> 
> @@ -322,19 +325,23 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
>  	cert->pub->algo = pkey_algo[cert->pub->pkey_algo];
>  	cert->pub->id_type = PKEY_ID_X509;
> 
> -	/* Check the signature on the key if it appears to be self-signed */
> -	if ((!cert->akid_skid && !cert->akid_id) ||
> -	    asymmetric_key_id_same(cert->skid, cert->akid_skid) ||
> -	    asymmetric_key_id_same(cert->id, cert->akid_id)) {
> -		ret = x509_check_signature(cert->pub, cert); /* self-signed */
> -		if (ret < 0)
> -			goto error_free_cert;
> -	} else if (!prep->trusted) {
> +	/* See if we can derive the trustability of this certificate.
> +	 *
> +	 * When it comes to self-signed certificates, we cannot evaluate
> +	 * trustedness except by the fact that we obtained it from a trusted
> +	 * location.  So we just rely on x509_validate_trust() failing in this
> +	 * case.
> +	 *
> +	 * Note that there's a possibility of a self-signed cert matching a
> +	 * cert that we have (most likely a duplicate that we already trust) -
> +	 * in which case it will be marked trusted.
> +	 */
> +	if (!prep->trusted) {
>  		ret = x509_validate_trust(cert, get_system_trusted_keyring());
>  		if (ret)
>  			ret = x509_validate_trust(cert, get_ima_mok_keyring());
>  		if (!ret)
> -			prep->trusted = 1;
> +			prep->trusted = true;
>  	}
> 
>  	/* Don't permit addition of blacklisted keys */
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>