| /* |
| * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>. |
| * |
| * This program is free software; you can redistribute it and/or |
| * modify it under the terms of the GNU General Public License as |
| * published by the Free Software Foundation; either version 2 of the |
| * License, or any later version. |
| * |
| * This program is distributed in the hope that it will be useful, but |
| * WITHOUT ANY WARRANTY; without even the implied warranty of |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| * General Public License for more details. |
| * |
| * You should have received a copy of the GNU General Public License |
| * along with this program; if not, write to the Free Software |
| * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA |
| * 02110-1301, USA. |
| * |
| * You can also choose to distribute this program under the terms of |
| * the Unmodified Binary Distribution Licence (as given in the file |
| * COPYING.UBDL), provided that you have satisfied its requirements. |
| */ |
| |
| FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); |
| |
| /** @file |
| * |
| * Cryptographic Message Syntax (PKCS #7) |
| * |
| * The format of CMS messages is defined in RFC 5652. |
| * |
| */ |
| |
| #include <stdint.h> |
| #include <string.h> |
| #include <time.h> |
| #include <errno.h> |
| #include <ipxe/asn1.h> |
| #include <ipxe/x509.h> |
| #include <ipxe/image.h> |
| #include <ipxe/malloc.h> |
| #include <ipxe/uaccess.h> |
| #include <ipxe/privkey.h> |
| #include <ipxe/cms.h> |
| |
| /* Disambiguate the various error causes */ |
| #define EACCES_NON_SIGNING \ |
| __einfo_error ( EINFO_EACCES_NON_SIGNING ) |
| #define EINFO_EACCES_NON_SIGNING \ |
| __einfo_uniqify ( EINFO_EACCES, 0x01, "Not a signing certificate" ) |
| #define EACCES_NON_CODE_SIGNING \ |
| __einfo_error ( EINFO_EACCES_NON_CODE_SIGNING ) |
| #define EINFO_EACCES_NON_CODE_SIGNING \ |
| __einfo_uniqify ( EINFO_EACCES, 0x02, "Not a code-signing certificate" ) |
| #define EACCES_WRONG_NAME \ |
| __einfo_error ( EINFO_EACCES_WRONG_NAME ) |
| #define EINFO_EACCES_WRONG_NAME \ |
| __einfo_uniqify ( EINFO_EACCES, 0x04, "Incorrect certificate name" ) |
| #define EACCES_NO_SIGNATURES \ |
| __einfo_error ( EINFO_EACCES_NO_SIGNATURES ) |
| #define EINFO_EACCES_NO_SIGNATURES \ |
| __einfo_uniqify ( EINFO_EACCES, 0x05, "No signatures present" ) |
| #define EACCES_NO_RECIPIENTS \ |
| __einfo_error ( EINFO_EACCES_NO_RECIPIENTS ) |
| #define EINFO_EACCES_NO_RECIPIENTS \ |
| __einfo_uniqify ( EINFO_EACCES, 0x06, "No usable recipients" ) |
| #define EACCES_LEN \ |
| __einfo_error ( EINFO_EACCES_LEN ) |
| #define EINFO_EACCES_LEN \ |
| __einfo_uniqify ( EINFO_EACCES, 0x07, "Bad file length" ) |
| #define EACCES_PAD \ |
| __einfo_error ( EINFO_EACCES_PAD ) |
| #define EINFO_EACCES_PAD \ |
| __einfo_uniqify ( EINFO_EACCES, 0x08, "Bad block padding" ) |
| #define EACCES_MAC \ |
| __einfo_error ( EINFO_EACCES_MAC ) |
| #define EINFO_EACCES_MAC \ |
| __einfo_uniqify ( EINFO_EACCES, 0x09, "Invalid MAC" ) |
| #define ENOTSUP_TYPE \ |
| __einfo_error ( EINFO_ENOTSUP_TYPE ) |
| #define EINFO_ENOTSUP_TYPE \ |
| __einfo_uniqify ( EINFO_ENOTSUP, 0x01, "Unrecognised message type" ) |
| |
| /** Buffer size for decryption |
| * |
| * Must be at least 256 to allow block padding to be removed if |
| * needed. |
| */ |
| #define CMS_DECRYPT_BLKSZ 2048 |
| |
| static int cms_parse_signed ( struct cms_message *cms, |
| const struct asn1_cursor *raw ); |
| static int cms_parse_enveloped ( struct cms_message *cms, |
| const struct asn1_cursor *raw ); |
| |
| /** "id-signedData" object identifier */ |
| static uint8_t oid_signeddata[] = { ASN1_OID_SIGNEDDATA }; |
| |
| /** "id-envelopedData" object identifier */ |
| static uint8_t oid_envelopeddata[] = { ASN1_OID_ENVELOPEDDATA }; |
| |
| /** "id-authEnvelopedData" object identifier */ |
| static uint8_t oid_authenvelopeddata[] = { ASN1_OID_AUTHENVELOPEDDATA }; |
| |
| /** CMS message types */ |
| static struct cms_type cms_types[] = { |
| { |
| .name = "signed", |
| .oid = ASN1_CURSOR ( oid_signeddata ), |
| .parse = cms_parse_signed, |
| }, |
| { |
| .name = "enveloped", |
| .oid = ASN1_CURSOR ( oid_envelopeddata ), |
| .parse = cms_parse_enveloped, |
| }, |
| { |
| .name = "authEnveloped", |
| .oid = ASN1_CURSOR ( oid_authenvelopeddata ), |
| .parse = cms_parse_enveloped, |
| } |
| }; |
| |
| /** |
| * Parse CMS message content type |
| * |
| * @v cms CMS message |
| * @v raw ASN.1 cursor |
| * @ret rc Return status code |
| */ |
| static int cms_parse_content_type ( struct cms_message *cms, |
| const struct asn1_cursor *raw ) { |
| struct asn1_cursor cursor; |
| struct cms_type *type; |
| unsigned int i; |
| |
| /* Enter contentType */ |
| memcpy ( &cursor, raw, sizeof ( cursor ) ); |
| asn1_enter ( &cursor, ASN1_OID ); |
| |
| /* Check for a recognised OID */ |
| for ( i = 0 ; i < ( sizeof ( cms_types ) / |
| sizeof ( cms_types[0] ) ) ; i++ ) { |
| type = &cms_types[i]; |
| if ( asn1_compare ( &cursor, &type->oid ) == 0 ) { |
| cms->type = type; |
| DBGC ( cms, "CMS %p contains %sData\n", |
| cms, type->name ); |
| return 0; |
| } |
| } |
| |
| DBGC ( cms, "CMS %p is not a recognised message type:\n", cms ); |
| DBGC_HDA ( cms, 0, raw->data, raw->len ); |
| return -ENOTSUP_TYPE; |
| } |
| |
| /** |
| * Parse CMS message certificate list |
| * |
| * @v cms CMS message |
| * @v raw ASN.1 cursor |
| * @ret rc Return status code |
| */ |
| static int cms_parse_certificates ( struct cms_message *cms, |
| const struct asn1_cursor *raw ) { |
| struct asn1_cursor cursor; |
| struct x509_certificate *cert; |
| int rc; |
| |
| /* Enter certificates */ |
| memcpy ( &cursor, raw, sizeof ( cursor ) ); |
| asn1_enter ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) ); |
| |
| /* Add each certificate */ |
| while ( cursor.len ) { |
| |
| /* Add certificate to chain */ |
| if ( ( rc = x509_append_raw ( cms->certificates, cursor.data, |
| cursor.len ) ) != 0 ) { |
| DBGC ( cms, "CMS %p could not append certificate: %s\n", |
| cms, strerror ( rc) ); |
| DBGC_HDA ( cms, 0, cursor.data, cursor.len ); |
| return rc; |
| } |
| cert = x509_last ( cms->certificates ); |
| DBGC ( cms, "CMS %p found certificate %s\n", |
| cms, x509_name ( cert ) ); |
| |
| /* Move to next certificate */ |
| asn1_skip_any ( &cursor ); |
| } |
| |
| return 0; |
| } |
| |
| /** |
| * Parse CMS message participant identifier |
| * |
| * @v cms CMS message |
| * @v part Participant information to fill in |
| * @v raw ASN.1 cursor |
| * @ret rc Return status code |
| */ |
| static int cms_parse_identifier ( struct cms_message *cms, |
| struct cms_participant *part, |
| const struct asn1_cursor *raw ) { |
| struct asn1_cursor cursor; |
| struct asn1_cursor serial; |
| struct asn1_cursor issuer; |
| struct x509_certificate *cert; |
| int rc; |
| |
| /* Enter issuerAndSerialNumber */ |
| memcpy ( &cursor, raw, sizeof ( cursor ) ); |
| asn1_enter ( &cursor, ASN1_SEQUENCE ); |
| |
| /* Identify issuer */ |
| memcpy ( &issuer, &cursor, sizeof ( issuer ) ); |
| if ( ( rc = asn1_shrink ( &issuer, ASN1_SEQUENCE ) ) != 0 ) { |
| DBGC ( cms, "CMS %p/%p could not locate issuer: %s\n", |
| cms, part, strerror ( rc ) ); |
| DBGC_HDA ( cms, 0, raw->data, raw->len ); |
| return rc; |
| } |
| DBGC ( cms, "CMS %p/%p issuer is:\n", cms, part ); |
| DBGC_HDA ( cms, 0, issuer.data, issuer.len ); |
| asn1_skip_any ( &cursor ); |
| |
| /* Identify serialNumber */ |
| memcpy ( &serial, &cursor, sizeof ( serial ) ); |
| if ( ( rc = asn1_shrink ( &serial, ASN1_INTEGER ) ) != 0 ) { |
| DBGC ( cms, "CMS %p/%p could not locate serialNumber: %s\n", |
| cms, part, strerror ( rc ) ); |
| DBGC_HDA ( cms, 0, raw->data, raw->len ); |
| return rc; |
| } |
| DBGC ( cms, "CMS %p/%p serial number is:\n", cms, part ); |
| DBGC_HDA ( cms, 0, serial.data, serial.len ); |
| |
| /* Identify certificate */ |
| cert = x509_find_issuer_serial ( cms->certificates, &issuer, &serial ); |
| if ( ! cert ) { |
| DBGC ( cms, "CMS %p/%p could not identify certificate\n", |
| cms, part ); |
| return ( cms_is_signature ( cms ) ? -ENOENT : 0 ); |
| } |
| |
| /* Append certificate to chain */ |
| if ( ( rc = x509_append ( part->chain, cert ) ) != 0 ) { |
| DBGC ( cms, "CMS %p/%p could not append certificate: %s\n", |
| cms, part, strerror ( rc ) ); |
| return rc; |
| } |
| |
| /* Append remaining certificates to chain */ |
| if ( ( rc = x509_auto_append ( part->chain, |
| cms->certificates ) ) != 0 ) { |
| DBGC ( cms, "CMS %p/%p could not append certificates: %s\n", |
| cms, part, strerror ( rc ) ); |
| return rc; |
| } |
| |
| return 0; |
| } |
| |
| /** |
| * Parse CMS message digest algorithm |
| * |
| * @v cms CMS message |
| * @v part Participant information to fill in |
| * @v raw ASN.1 cursor |
| * @ret rc Return status code |
| */ |
| static int cms_parse_digest_algorithm ( struct cms_message *cms, |
| struct cms_participant *part, |
| const struct asn1_cursor *raw ) { |
| struct asn1_algorithm *algorithm; |
| int rc; |
| |
| /* Identify algorithm */ |
| if ( ( rc = asn1_digest_algorithm ( raw, &algorithm ) ) != 0 ) { |
| DBGC ( cms, "CMS %p/%p could not identify digest algorithm: " |
| "%s\n", cms, part, strerror ( rc ) ); |
| DBGC_HDA ( cms, 0, raw->data, raw->len ); |
| return rc; |
| } |
| |
| /* Record digest algorithm */ |
| part->digest = algorithm->digest; |
| DBGC ( cms, "CMS %p/%p digest algorithm is %s\n", |
| cms, part, algorithm->name ); |
| |
| return 0; |
| } |
| |
| /** |
| * Parse CMS message public-key algorithm |
| * |
| * @v cms CMS message |
| * @v part Participant information to fill in |
| * @v raw ASN.1 cursor |
| * @ret rc Return status code |
| */ |
| static int cms_parse_pubkey_algorithm ( struct cms_message *cms, |
| struct cms_participant *part, |
| const struct asn1_cursor *raw ) { |
| struct asn1_algorithm *algorithm; |
| int rc; |
| |
| /* Identify algorithm */ |
| if ( ( rc = asn1_pubkey_algorithm ( raw, &algorithm ) ) != 0 ) { |
| DBGC ( cms, "CMS %p/%p could not identify public-key " |
| "algorithm: %s\n", cms, part, strerror ( rc ) ); |
| DBGC_HDA ( cms, 0, raw->data, raw->len ); |
| return rc; |
| } |
| |
| /* Record public-key algorithm */ |
| part->pubkey = algorithm->pubkey; |
| DBGC ( cms, "CMS %p/%p public-key algorithm is %s\n", |
| cms, part, algorithm->name ); |
| |
| return 0; |
| } |
| |
| /** |
| * Parse CMS message cipher algorithm |
| * |
| * @v cms CMS message |
| * @v raw ASN.1 cursor |
| * @ret rc Return status code |
| */ |
| static int cms_parse_cipher_algorithm ( struct cms_message *cms, |
| const struct asn1_cursor *raw ) { |
| struct asn1_algorithm *algorithm; |
| int rc; |
| |
| /* Identify algorithm */ |
| if ( ( rc = asn1_cipher_algorithm ( raw, &algorithm, |
| &cms->iv ) ) != 0 ) { |
| DBGC ( cms, "CMS %p could not identify cipher algorithm: %s\n", |
| cms, strerror ( rc ) ); |
| DBGC_HDA ( cms, 0, raw->data, raw->len ); |
| return rc; |
| } |
| |
| /* Record cipher */ |
| cms->cipher = algorithm->cipher; |
| DBGC ( cms, "CMS %p cipher algorithm is %s\n", cms, algorithm->name ); |
| |
| return 0; |
| } |
| |
| /** |
| * Parse CMS message signature or key value |
| * |
| * @v cms CMS message |
| * @v part Participant information to fill in |
| * @v raw ASN.1 cursor |
| * @ret rc Return status code |
| */ |
| static int cms_parse_value ( struct cms_message *cms, |
| struct cms_participant *part, |
| const struct asn1_cursor *raw ) { |
| int rc; |
| |
| /* Enter signature or encryptedKey */ |
| memcpy ( &part->value, raw, sizeof ( part->value ) ); |
| if ( ( rc = asn1_enter ( &part->value, ASN1_OCTET_STRING ) ) != 0 ) { |
| DBGC ( cms, "CMS %p/%p could not locate value:\n", |
| cms, part ); |
| DBGC_HDA ( cms, 0, raw->data, raw->len ); |
| return rc; |
| } |
| DBGC ( cms, "CMS %p/%p value is:\n", cms, part ); |
| DBGC_HDA ( cms, 0, part->value.data, part->value.len ); |
| |
| return 0; |
| } |
| |
| /** |
| * Parse CMS message participant information |
| * |
| * @v cms CMS message |
| * @v part Participant information to fill in |
| * @v raw ASN.1 cursor |
| * @ret rc Return status code |
| */ |
| static int cms_parse_participant ( struct cms_message *cms, |
| struct cms_participant *part, |
| const struct asn1_cursor *raw ) { |
| struct asn1_cursor cursor; |
| int rc; |
| |
| /* Enter signerInfo or ktri */ |
| memcpy ( &cursor, raw, sizeof ( cursor ) ); |
| asn1_enter ( &cursor, ASN1_SEQUENCE ); |
| |
| /* Skip version */ |
| asn1_skip ( &cursor, ASN1_INTEGER ); |
| |
| /* Parse sid or rid */ |
| if ( ( rc = cms_parse_identifier ( cms, part, &cursor ) ) != 0 ) |
| return rc; |
| asn1_skip_any ( &cursor ); |
| |
| /* Parse signature-only objects */ |
| if ( cms_is_signature ( cms ) ) { |
| |
| /* Parse digestAlgorithm */ |
| if ( ( rc = cms_parse_digest_algorithm ( cms, part, |
| &cursor ) ) != 0 ) |
| return rc; |
| asn1_skip_any ( &cursor ); |
| |
| /* Skip signedAttrs, if present */ |
| asn1_skip_if_exists ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) ); |
| } |
| |
| /* Parse signatureAlgorithm or contentEncryptionAlgorithm */ |
| if ( ( rc = cms_parse_pubkey_algorithm ( cms, part, &cursor ) ) != 0 ) |
| return rc; |
| asn1_skip_any ( &cursor ); |
| |
| /* Parse signature or encryptedKey */ |
| if ( ( rc = cms_parse_value ( cms, part, &cursor ) ) != 0 ) |
| return rc; |
| |
| return 0; |
| } |
| |
| /** |
| * Parse CMS message participants information |
| * |
| * @v cms CMS message |
| * @v raw ASN.1 cursor |
| * @ret rc Return status code |
| */ |
| static int cms_parse_participants ( struct cms_message *cms, |
| const struct asn1_cursor *raw ) { |
| struct asn1_cursor cursor; |
| struct cms_participant *part; |
| int rc; |
| |
| /* Enter signerInfos or recipientInfos */ |
| memcpy ( &cursor, raw, sizeof ( cursor ) ); |
| asn1_enter ( &cursor, ASN1_SET ); |
| |
| /* Add each signerInfo or recipientInfo. Errors are handled |
| * by ensuring that cms_put() will always be able to free any |
| * allocated memory. |
| */ |
| while ( cursor.len ) { |
| |
| /* Allocate participant information block */ |
| part = zalloc ( sizeof ( *part ) ); |
| if ( ! part ) |
| return -ENOMEM; |
| list_add ( &part->list, &cms->participants ); |
| |
| /* Allocate certificate chain */ |
| part->chain = x509_alloc_chain(); |
| if ( ! part->chain ) |
| return -ENOMEM; |
| |
| /* Parse signerInfo or recipientInfo */ |
| if ( ( rc = cms_parse_participant ( cms, part, |
| &cursor ) ) != 0 ) |
| return rc; |
| asn1_skip_any ( &cursor ); |
| } |
| |
| return 0; |
| } |
| |
| /** |
| * Parse CMS message encrypted content information |
| * |
| * @v cms CMS message |
| * @v raw ASN.1 cursor |
| * @ret rc Return status code |
| */ |
| static int cms_parse_encrypted ( struct cms_message *cms, |
| const struct asn1_cursor *raw ) { |
| struct asn1_cursor cursor; |
| int rc; |
| |
| /* Enter encryptedContentInfo */ |
| memcpy ( &cursor, raw, sizeof ( cursor ) ); |
| asn1_enter ( &cursor, ASN1_SEQUENCE ); |
| |
| /* Skip contentType */ |
| asn1_skip ( &cursor, ASN1_OID ); |
| |
| /* Parse contentEncryptionAlgorithm */ |
| if ( ( rc = cms_parse_cipher_algorithm ( cms, &cursor ) ) != 0 ) |
| return rc; |
| |
| return 0; |
| } |
| |
| /** |
| * Parse CMS message MAC |
| * |
| * @v cms CMS message |
| * @v raw ASN.1 cursor |
| * @ret rc Return status code |
| */ |
| static int cms_parse_mac ( struct cms_message *cms, |
| const struct asn1_cursor *raw ) { |
| int rc; |
| |
| /* Enter mac */ |
| memcpy ( &cms->mac, raw, sizeof ( cms->mac ) ); |
| if ( ( rc = asn1_enter ( &cms->mac, ASN1_OCTET_STRING ) ) != 0 ) { |
| DBGC ( cms, "CMS %p could not locate mac: %s\n", |
| cms, strerror ( rc ) ); |
| DBGC_HDA ( cms, 0, raw->data, raw->len ); |
| return rc; |
| } |
| DBGC ( cms, "CMS %p mac is:\n", cms ); |
| DBGC_HDA ( cms, 0, cms->mac.data, cms->mac.len ); |
| |
| return 0; |
| } |
| |
| /** |
| * Parse CMS signed data |
| * |
| * @v cms CMS message |
| * @v raw ASN.1 cursor |
| * @ret rc Return status code |
| */ |
| static int cms_parse_signed ( struct cms_message *cms, |
| const struct asn1_cursor *raw ) { |
| struct asn1_cursor cursor; |
| int rc; |
| |
| /* Allocate certificate list */ |
| cms->certificates = x509_alloc_chain(); |
| if ( ! cms->certificates ) |
| return -ENOMEM; |
| |
| /* Enter signedData */ |
| memcpy ( &cursor, raw, sizeof ( cursor ) ); |
| asn1_enter ( &cursor, ASN1_SEQUENCE ); |
| |
| /* Skip version */ |
| asn1_skip ( &cursor, ASN1_INTEGER ); |
| |
| /* Skip digestAlgorithms */ |
| asn1_skip ( &cursor, ASN1_SET ); |
| |
| /* Skip encapContentInfo */ |
| asn1_skip ( &cursor, ASN1_SEQUENCE ); |
| |
| /* Parse certificates */ |
| if ( ( rc = cms_parse_certificates ( cms, &cursor ) ) != 0 ) |
| return rc; |
| asn1_skip_any ( &cursor ); |
| |
| /* Skip crls, if present */ |
| asn1_skip_if_exists ( &cursor, ASN1_EXPLICIT_TAG ( 1 ) ); |
| |
| /* Parse signerInfos */ |
| if ( ( rc = cms_parse_participants ( cms, &cursor ) ) != 0 ) |
| return rc; |
| |
| return 0; |
| } |
| |
| /** |
| * Parse CMS enveloped data |
| * |
| * @v cms CMS message |
| * @v raw ASN.1 cursor |
| * @ret rc Return status code |
| */ |
| static int cms_parse_enveloped ( struct cms_message *cms, |
| const struct asn1_cursor *raw ) { |
| struct asn1_cursor cursor; |
| int rc; |
| |
| /* Enter envelopedData or authEnvelopedData */ |
| memcpy ( &cursor, raw, sizeof ( cursor ) ); |
| asn1_enter ( &cursor, ASN1_SEQUENCE ); |
| |
| /* Skip version */ |
| asn1_skip ( &cursor, ASN1_INTEGER ); |
| |
| /* Skip originatorInfo, if present */ |
| asn1_skip_if_exists ( &cursor, ASN1_IMPLICIT_TAG ( 0 ) ); |
| |
| /* Parse recipientInfos */ |
| if ( ( rc = cms_parse_participants ( cms, &cursor ) ) != 0 ) |
| return rc; |
| asn1_skip_any ( &cursor ); |
| |
| /* Parse encryptedContentInfo or authEncryptedContentInfo */ |
| if ( ( rc = cms_parse_encrypted ( cms, &cursor ) ) != 0 ) |
| return rc; |
| asn1_skip_any ( &cursor ); |
| assert ( cms->cipher != NULL ); |
| |
| /* Skip unprotectedAttrs or authAttrs, if present */ |
| asn1_skip_if_exists ( &cursor, ASN1_IMPLICIT_TAG ( 1 ) ); |
| |
| /* Parse mac, if present */ |
| if ( ( cms->cipher->authsize != 0 ) && |
| ( ( rc = cms_parse_mac ( cms, &cursor ) ) != 0 ) ) |
| return rc; |
| |
| return 0; |
| } |
| |
| /** |
| * Parse CMS message from ASN.1 data |
| * |
| * @v cms CMS message |
| * @ret rc Return status code |
| */ |
| static int cms_parse ( struct cms_message *cms ) { |
| struct asn1_cursor cursor; |
| int rc; |
| |
| /* Enter contentInfo */ |
| memcpy ( &cursor, cms->raw, sizeof ( cursor ) ); |
| asn1_enter ( &cursor, ASN1_SEQUENCE ); |
| |
| /* Parse contentType */ |
| if ( ( rc = cms_parse_content_type ( cms, &cursor ) ) != 0 ) |
| return rc; |
| asn1_skip_any ( &cursor ); |
| |
| /* Enter content */ |
| asn1_enter ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) ); |
| |
| /* Parse type-specific content */ |
| if ( ( rc = cms->type->parse ( cms, &cursor ) ) != 0 ) |
| return rc; |
| |
| return 0; |
| } |
| |
| /** |
| * Free CMS message |
| * |
| * @v refcnt Reference count |
| */ |
| static void cms_free ( struct refcnt *refcnt ) { |
| struct cms_message *cms = |
| container_of ( refcnt, struct cms_message, refcnt ); |
| struct cms_participant *part; |
| struct cms_participant *tmp; |
| |
| list_for_each_entry_safe ( part, tmp, &cms->participants, list ) { |
| list_del ( &part->list ); |
| x509_chain_put ( part->chain ); |
| free ( part ); |
| } |
| x509_chain_put ( cms->certificates ); |
| free ( cms->raw ); |
| free ( cms ); |
| } |
| |
| /** |
| * Create CMS message |
| * |
| * @v image Image |
| * @ret sig CMS message |
| * @ret rc Return status code |
| * |
| * On success, the caller holds a reference to the CMS message, and |
| * is responsible for ultimately calling cms_put(). |
| */ |
| int cms_message ( struct image *image, struct cms_message **cms ) { |
| int next; |
| int rc; |
| |
| /* Allocate and initialise message */ |
| *cms = zalloc ( sizeof ( **cms ) ); |
| if ( ! *cms ) { |
| rc = -ENOMEM; |
| goto err_alloc; |
| } |
| ref_init ( &(*cms)->refcnt, cms_free ); |
| INIT_LIST_HEAD ( &(*cms)->participants ); |
| (*cms)->cipher = &cipher_null; |
| |
| /* Get raw message data */ |
| next = image_asn1 ( image, 0, &(*cms)->raw ); |
| if ( next < 0 ) { |
| rc = next; |
| DBGC ( *cms, "CMS %p could not get raw ASN.1 data: %s\n", |
| *cms, strerror ( rc ) ); |
| goto err_asn1; |
| } |
| |
| /* Use only first message in image */ |
| asn1_shrink_any ( (*cms)->raw ); |
| |
| /* Parse message */ |
| if ( ( rc = cms_parse ( *cms ) ) != 0 ) |
| goto err_parse; |
| |
| return 0; |
| |
| err_parse: |
| err_asn1: |
| cms_put ( *cms ); |
| err_alloc: |
| return rc; |
| } |
| |
| /** |
| * Calculate digest of CMS-signed data |
| * |
| * @v cms CMS message |
| * @v part Participant information |
| * @v data Signed data |
| * @v len Length of signed data |
| * @v out Digest output |
| */ |
| static void cms_digest ( struct cms_message *cms, |
| struct cms_participant *part, |
| userptr_t data, size_t len, void *out ) { |
| struct digest_algorithm *digest = part->digest; |
| uint8_t ctx[ digest->ctxsize ]; |
| uint8_t block[ digest->blocksize ]; |
| size_t offset = 0; |
| size_t frag_len; |
| |
| /* Initialise digest */ |
| digest_init ( digest, ctx ); |
| |
| /* Process data one block at a time */ |
| while ( len ) { |
| frag_len = len; |
| if ( frag_len > sizeof ( block ) ) |
| frag_len = sizeof ( block ); |
| copy_from_user ( block, data, offset, frag_len ); |
| digest_update ( digest, ctx, block, frag_len ); |
| offset += frag_len; |
| len -= frag_len; |
| } |
| |
| /* Finalise digest */ |
| digest_final ( digest, ctx, out ); |
| |
| DBGC ( cms, "CMS %p/%p digest value:\n", cms, part ); |
| DBGC_HDA ( cms, 0, out, digest->digestsize ); |
| } |
| |
| /** |
| * Verify digest of CMS-signed data |
| * |
| * @v cms CMS message |
| * @v part Participant information |
| * @v cert Corresponding certificate |
| * @v data Signed data |
| * @v len Length of signed data |
| * @ret rc Return status code |
| */ |
| static int cms_verify_digest ( struct cms_message *cms, |
| struct cms_participant *part, |
| struct x509_certificate *cert, |
| userptr_t data, size_t len ) { |
| struct digest_algorithm *digest = part->digest; |
| struct pubkey_algorithm *pubkey = part->pubkey; |
| const struct asn1_cursor *key = &cert->subject.public_key.raw; |
| const struct asn1_cursor *value = &part->value; |
| uint8_t digest_out[ digest->digestsize ]; |
| int rc; |
| |
| /* Generate digest */ |
| cms_digest ( cms, part, data, len, digest_out ); |
| |
| /* Verify digest */ |
| if ( ( rc = pubkey_verify ( pubkey, key, digest, digest_out, |
| value->data, value->len ) ) != 0 ) { |
| DBGC ( cms, "CMS %p/%p signature verification failed: %s\n", |
| cms, part, strerror ( rc ) ); |
| return rc; |
| } |
| |
| return 0; |
| } |
| |
| /** |
| * Verify CMS message signer |
| * |
| * @v cms CMS message |
| * @v part Participant information |
| * @v data Signed data |
| * @v len Length of signed data |
| * @v time Time at which to validate certificates |
| * @v store Certificate store, or NULL to use default |
| * @v root Root certificate list, or NULL to use default |
| * @ret rc Return status code |
| */ |
| static int cms_verify_signer ( struct cms_message *cms, |
| struct cms_participant *part, |
| userptr_t data, size_t len, |
| time_t time, struct x509_chain *store, |
| struct x509_root *root ) { |
| struct x509_certificate *cert; |
| int rc; |
| |
| /* Validate certificate chain */ |
| if ( ( rc = x509_validate_chain ( part->chain, time, store, |
| root ) ) != 0 ) { |
| DBGC ( cms, "CMS %p/%p could not validate chain: %s\n", |
| cms, part, strerror ( rc ) ); |
| return rc; |
| } |
| |
| /* Extract code-signing certificate */ |
| cert = x509_first ( part->chain ); |
| assert ( cert != NULL ); |
| |
| /* Check that certificate can create digital signatures */ |
| if ( ! ( cert->extensions.usage.bits & X509_DIGITAL_SIGNATURE ) ) { |
| DBGC ( cms, "CMS %p/%p certificate cannot create signatures\n", |
| cms, part ); |
| return -EACCES_NON_SIGNING; |
| } |
| |
| /* Check that certificate can sign code */ |
| if ( ! ( cert->extensions.ext_usage.bits & X509_CODE_SIGNING ) ) { |
| DBGC ( cms, "CMS %p/%p certificate is not code-signing\n", |
| cms, part ); |
| return -EACCES_NON_CODE_SIGNING; |
| } |
| |
| /* Verify digest */ |
| if ( ( rc = cms_verify_digest ( cms, part, cert, data, len ) ) != 0 ) |
| return rc; |
| |
| return 0; |
| } |
| |
| /** |
| * Verify CMS signature |
| * |
| * @v cms CMS message |
| * @v image Signed image |
| * @v name Required common name, or NULL to check all signatures |
| * @v time Time at which to validate certificates |
| * @v store Certificate store, or NULL to use default |
| * @v root Root certificate list, or NULL to use default |
| * @ret rc Return status code |
| */ |
| int cms_verify ( struct cms_message *cms, struct image *image, |
| const char *name, time_t time, struct x509_chain *store, |
| struct x509_root *root ) { |
| struct cms_participant *part; |
| struct x509_certificate *cert; |
| int count = 0; |
| int rc; |
| |
| /* Mark image as untrusted */ |
| image_untrust ( image ); |
| |
| /* Sanity check */ |
| if ( ! cms_is_signature ( cms ) ) |
| return -ENOTTY; |
| |
| /* Verify using all signers */ |
| list_for_each_entry ( part, &cms->participants, list ) { |
| cert = x509_first ( part->chain ); |
| if ( name && ( x509_check_name ( cert, name ) != 0 ) ) |
| continue; |
| if ( ( rc = cms_verify_signer ( cms, part, image->data, |
| image->len, time, store, |
| root ) ) != 0 ) |
| return rc; |
| count++; |
| } |
| |
| /* Check that we have verified at least one signature */ |
| if ( count == 0 ) { |
| if ( name ) { |
| DBGC ( cms, "CMS %p had no signatures matching name " |
| "%s\n", cms, name ); |
| return -EACCES_WRONG_NAME; |
| } else { |
| DBGC ( cms, "CMS %p had no signatures\n", cms ); |
| return -EACCES_NO_SIGNATURES; |
| } |
| } |
| |
| /* Mark image as trusted */ |
| image_trust ( image ); |
| |
| return 0; |
| } |
| |
| /** |
| * Identify CMS recipient corresponding to private key |
| * |
| * @v cms CMS message |
| * @v private_key Private key |
| * @ret part Participant information, or NULL if not found |
| */ |
| static struct cms_participant * |
| cms_recipient ( struct cms_message *cms, struct private_key *private_key ) { |
| struct cms_participant *part; |
| struct x509_certificate *cert; |
| |
| /* Identify certificate (if any) for which we have a private key */ |
| cert = x509_find_key ( NULL, private_key ); |
| if ( ! cert ) |
| return NULL; |
| |
| /* Identify corresponding recipient, if any */ |
| list_for_each_entry ( part, &cms->participants, list ) { |
| if ( cert == x509_first ( part->chain ) ) |
| return part; |
| } |
| |
| return NULL; |
| } |
| |
| /** |
| * Set CMS cipher key |
| * |
| * @v cms CMS message |
| * @v part Participant information |
| * @v private_key Private key |
| * @v ctx Cipher context |
| * @ret rc Return status code |
| */ |
| static int cms_cipher_key ( struct cms_message *cms, |
| struct cms_participant *part, |
| struct private_key *private_key, void *ctx ) { |
| struct cipher_algorithm *cipher = cms->cipher; |
| struct pubkey_algorithm *pubkey = part->pubkey; |
| const struct asn1_cursor *key = privkey_cursor ( private_key ); |
| const struct asn1_cursor *value = &part->value; |
| size_t max_len = pubkey_max_len ( pubkey, key ); |
| uint8_t cipher_key[max_len]; |
| int len; |
| int rc; |
| |
| /* Decrypt cipher key */ |
| len = pubkey_decrypt ( pubkey, key, value->data, value->len, |
| cipher_key ); |
| if ( len < 0 ) { |
| rc = len; |
| DBGC ( cms, "CMS %p/%p could not decrypt cipher key: %s\n", |
| cms, part, strerror ( rc ) ); |
| DBGC_HDA ( cms, 0, value->data, value->len ); |
| return rc; |
| } |
| DBGC ( cms, "CMS %p/%p cipher key:\n", cms, part ); |
| DBGC_HDA ( cms, 0, cipher_key, len ); |
| |
| /* Set cipher key */ |
| if ( ( rc = cipher_setkey ( cipher, ctx, cipher_key, len ) ) != 0 ) { |
| DBGC ( cms, "CMS %p could not set cipher key: %s\n", |
| cms, strerror ( rc ) ); |
| return rc; |
| } |
| |
| /* Set cipher initialization vector */ |
| cipher_setiv ( cipher, ctx, cms->iv.data, cms->iv.len ); |
| if ( cms->iv.len ) { |
| DBGC ( cms, "CMS %p cipher IV:\n", cms ); |
| DBGC_HDA ( cms, 0, cms->iv.data, cms->iv.len ); |
| } |
| |
| return 0; |
| } |
| |
| /** |
| * Initialise cipher for CMS decryption |
| * |
| * @v cms CMS message |
| * @v private_key Private key |
| * @v ctx Cipher context |
| * @ret rc Return status code |
| */ |
| static int cms_cipher ( struct cms_message *cms, |
| struct private_key *private_key, void *ctx ) { |
| struct cms_participant *part; |
| int rc; |
| |
| /* Identify a usable recipient */ |
| part = cms_recipient ( cms, private_key ); |
| if ( ! part ) { |
| DBGC ( cms, "CMS %p had no usable recipients\n", cms ); |
| return -EACCES_NO_RECIPIENTS; |
| } |
| |
| /* Decrypt and set cipher key */ |
| if ( ( rc = cms_cipher_key ( cms, part, private_key, ctx ) ) != 0 ) |
| return rc; |
| |
| return 0; |
| } |
| |
| /** |
| * Check CMS padding |
| * |
| * @v cms CMS message |
| * @v data Final block |
| * @v len Final block length |
| * @ret len Padding length, or negative error |
| */ |
| static int cms_verify_padding ( struct cms_message *cms, const void *data, |
| size_t len ) { |
| struct cipher_algorithm *cipher = cms->cipher; |
| const uint8_t *pad; |
| size_t pad_len; |
| unsigned int i; |
| |
| /* Non-block ciphers do not use padding */ |
| if ( ! is_block_cipher ( cipher ) ) |
| return 0; |
| |
| /* Block padding can never produce an empty file */ |
| if ( len == 0 ) { |
| DBGC ( cms, "CMS %p invalid empty padding\n", cms ); |
| return -EACCES_PAD; |
| } |
| |
| /* Sanity check */ |
| assert ( len >= cipher->blocksize ); |
| |
| /* Extract and verify padding */ |
| pad = ( data + len - 1 ); |
| pad_len = *pad; |
| if ( ( pad_len == 0 ) || ( pad_len > len ) ) { |
| DBGC ( cms, "CMS %p invalid padding length %zd\n", |
| cms, pad_len ); |
| return -EACCES_PAD; |
| } |
| for ( i = 0 ; i < pad_len ; i++ ) { |
| if ( *(pad--) != pad_len ) { |
| DBGC ( cms, "CMS %p invalid padding\n", cms ); |
| DBGC_HDA ( cms, 0, ( data + len - pad_len ), pad_len ); |
| return -EACCES_PAD; |
| } |
| } |
| |
| return pad_len; |
| } |
| |
| /** |
| * Decrypt CMS message |
| * |
| * @v cms CMS message |
| * @v image Image to decrypt |
| * @v name Decrypted image name, or NULL to use default |
| * @v private_key Private key |
| * @ret rc Return status code |
| */ |
| int cms_decrypt ( struct cms_message *cms, struct image *image, |
| const char *name, struct private_key *private_key ) { |
| struct cipher_algorithm *cipher = cms->cipher; |
| const unsigned int original_flags = image->flags; |
| size_t offset; |
| size_t remaining; |
| size_t frag_len; |
| int pad_len; |
| void *tmp; |
| void *ctx; |
| void *ctxdup; |
| void *auth; |
| int rc; |
| |
| /* Sanity checks */ |
| if ( ! cipher ) { |
| rc = -ENOTTY; |
| goto err_no_cipher; |
| } |
| |
| /* Check block size */ |
| if ( ( image->len & ( cipher->blocksize - 1 ) ) != 0 ) { |
| DBGC ( cms, "CMS %p invalid length %zd\n", cms, image->len ); |
| rc = -EACCES_LEN; |
| goto err_blocksize; |
| } |
| |
| /* Allocate temporary working space */ |
| tmp = malloc ( CMS_DECRYPT_BLKSZ + ( 2 * cipher->ctxsize ) + |
| cipher->authsize ); |
| if ( ! tmp ) { |
| rc = -ENOMEM; |
| goto err_alloc; |
| } |
| ctx = ( tmp + CMS_DECRYPT_BLKSZ ); |
| ctxdup = ( ctx + cipher->ctxsize ); |
| auth = ( ctxdup + cipher->ctxsize ); |
| |
| /* Initialise cipher */ |
| if ( ( rc = cms_cipher ( cms, private_key, ctx ) ) != 0 ) |
| goto err_cipher; |
| |
| /* Duplicate cipher context for potential reencryption on error */ |
| memcpy ( ctxdup, ctx, cipher->ctxsize ); |
| |
| /* Temporarily unregister image */ |
| image_get ( image ); |
| unregister_image ( image ); |
| |
| /* Clear trusted flag before modifying image */ |
| image_untrust ( image ); |
| |
| /* Decrypt one block at a time */ |
| offset = 0; |
| remaining = image->len; |
| frag_len = 0; |
| while ( remaining ) { |
| |
| /* Calculate fragment length */ |
| frag_len = remaining; |
| if ( frag_len > CMS_DECRYPT_BLKSZ ) |
| frag_len = CMS_DECRYPT_BLKSZ; |
| |
| /* Decrypt fragment */ |
| copy_from_user ( tmp, image->data, offset, frag_len ); |
| cipher_decrypt ( cipher, ctx, tmp, tmp, frag_len ); |
| |
| /* Overwrite all but the final fragment */ |
| if ( remaining > frag_len ) |
| copy_to_user ( image->data, offset, tmp, frag_len ); |
| |
| /* Move to next block */ |
| remaining -= frag_len; |
| offset += frag_len; |
| } |
| |
| /* Check authentication tag, if applicable */ |
| cipher_auth ( cipher, ctx, auth ); |
| if ( ( cms->mac.len != cipher->authsize ) || |
| ( memcmp ( cms->mac.data, auth, cipher->authsize ) != 0 ) ) { |
| DBGC ( cms, "CMS %p invalid authentication tag\n", cms ); |
| DBGC_HDA ( cms, 0, auth, cipher->authsize ); |
| rc = -EACCES_MAC; |
| goto err_auth; |
| } |
| |
| /* Check block padding, if applicable */ |
| if ( ( pad_len = cms_verify_padding ( cms, tmp, frag_len ) ) < 0 ) { |
| rc = pad_len; |
| goto err_pad; |
| } |
| |
| /* Update image name. Do this as the last possible failure, so |
| * that we do not have to include any error-handling code path |
| * to restore the original image name (which may itself fail). |
| */ |
| if ( name ) { |
| if ( ( rc = image_set_name ( image, name ) ) != 0 ) |
| goto err_set_name; |
| } else { |
| image_strip_suffix ( image ); |
| } |
| |
| /* Overwrite final fragment and strip block padding. Do this |
| * only once no further failure paths exist, so that we do not |
| * have to include include any error-handling code path to |
| * reconstruct the block padding. |
| */ |
| copy_to_user ( image->data, ( offset - frag_len ), tmp, frag_len ); |
| image->len -= pad_len; |
| |
| /* Clear image type and re-register image */ |
| image->type = NULL; |
| register_image ( image ); |
| image_put ( image ); |
| |
| /* Free temporary working space */ |
| free ( tmp ); |
| |
| return 0; |
| |
| err_set_name: |
| err_pad: |
| err_auth: |
| /* Reencrypt all overwritten fragments. This can be done |
| * since we have deliberately not overwritten the final |
| * fragment containing the potentially invalid (and therefore |
| * unreproducible) block padding. |
| */ |
| remaining = ( offset - frag_len ); |
| for ( offset = 0 ; offset < remaining ; offset += CMS_DECRYPT_BLKSZ ) { |
| copy_from_user ( tmp, image->data, offset, CMS_DECRYPT_BLKSZ ); |
| cipher_encrypt ( cipher, ctxdup, tmp, tmp, CMS_DECRYPT_BLKSZ ); |
| copy_to_user ( image->data, offset, tmp, CMS_DECRYPT_BLKSZ ); |
| } |
| image->flags = original_flags; |
| register_image ( image ); /* Cannot fail on re-registration */ |
| image_put ( image ); |
| err_cipher: |
| free ( tmp ); |
| err_alloc: |
| err_blocksize: |
| err_no_cipher: |
| return rc; |
| } |