|  | /* | 
|  | * SPDX-License-Identifier: GPL-2.0-or-later | 
|  | * | 
|  | * uefi vars device - pkcs7 verification | 
|  | */ | 
|  | #include "qemu/osdep.h" | 
|  | #include "qemu/error-report.h" | 
|  | #include "system/dma.h" | 
|  |  | 
|  | #include <gnutls/gnutls.h> | 
|  | #include <gnutls/pkcs7.h> | 
|  | #include <gnutls/crypto.h> | 
|  |  | 
|  | #include "hw/uefi/var-service.h" | 
|  |  | 
|  | #define AUTHVAR_DIGEST_ALGO GNUTLS_DIG_SHA256 | 
|  | #define AUTHVAR_DIGEST_SIZE 32 | 
|  |  | 
|  | /* | 
|  | * Replicate the signed data for signature verification. | 
|  | */ | 
|  | static gnutls_datum_t *build_signed_data(mm_variable_access *va, void *data) | 
|  | { | 
|  | variable_auth_2 *auth = data; | 
|  | uint64_t data_offset = sizeof(efi_time) + auth->hdr_length; | 
|  | uint16_t *name = (void *)va + sizeof(mm_variable_access); | 
|  | gnutls_datum_t *sdata; | 
|  | uint64_t pos = 0; | 
|  |  | 
|  | sdata = g_new(gnutls_datum_t, 1); | 
|  | sdata->size = (va->name_size - 2 | 
|  | + sizeof(QemuUUID) | 
|  | + sizeof(va->attributes) | 
|  | + sizeof(auth->timestamp) | 
|  | + va->data_size - data_offset); | 
|  | sdata->data = g_malloc(sdata->size); | 
|  |  | 
|  | /* Variable Name (without terminating \0) */ | 
|  | memcpy(sdata->data + pos, name, va->name_size - 2); | 
|  | pos += va->name_size - 2; | 
|  |  | 
|  | /* Variable Namespace Guid */ | 
|  | memcpy(sdata->data + pos, &va->guid, sizeof(va->guid)); | 
|  | pos += sizeof(va->guid); | 
|  |  | 
|  | /* Attributes */ | 
|  | memcpy(sdata->data + pos, &va->attributes, sizeof(va->attributes)); | 
|  | pos += sizeof(va->attributes); | 
|  |  | 
|  | /* TimeStamp */ | 
|  | memcpy(sdata->data + pos, &auth->timestamp, sizeof(auth->timestamp)); | 
|  | pos += sizeof(auth->timestamp); | 
|  |  | 
|  | /* Variable Content */ | 
|  | memcpy(sdata->data + pos, data + data_offset, va->data_size - data_offset); | 
|  | pos += va->data_size - data_offset; | 
|  |  | 
|  | assert(pos == sdata->size); | 
|  | return sdata; | 
|  | } | 
|  |  | 
|  | /* | 
|  | * See WrapPkcs7Data() in edk2. | 
|  | * | 
|  | * UEFI spec allows pkcs7 signatures being used without the envelope which | 
|  | * identifies them as pkcs7 signatures.  openssl and gnutls will not parse them | 
|  | * without the envelope though.  So add it if needed. | 
|  | */ | 
|  | static void wrap_pkcs7(gnutls_datum_t *pkcs7) | 
|  | { | 
|  | static uint8_t signed_data_oid[9] = { | 
|  | 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02 | 
|  | }; | 
|  | gnutls_datum_t wrap; | 
|  |  | 
|  | if (pkcs7->data[4] == 0x06 && | 
|  | pkcs7->data[5] == 0x09 && | 
|  | memcmp(pkcs7->data + 6, signed_data_oid, sizeof(signed_data_oid)) == 0 && | 
|  | pkcs7->data[15] == 0x0a && | 
|  | pkcs7->data[16] == 0x82) { | 
|  | return; | 
|  | } | 
|  |  | 
|  | wrap.size = pkcs7->size + 19; | 
|  | wrap.data = g_malloc(wrap.size); | 
|  |  | 
|  | wrap.data[0] = 0x30; | 
|  | wrap.data[1] = 0x82; | 
|  | wrap.data[2] = (wrap.size - 4) >> 8; | 
|  | wrap.data[3] = (wrap.size - 4) & 0xff; | 
|  | wrap.data[4] = 0x06; | 
|  | wrap.data[5] = 0x09; | 
|  | memcpy(wrap.data + 6, signed_data_oid, sizeof(signed_data_oid)); | 
|  |  | 
|  | wrap.data[15] = 0xa0; | 
|  | wrap.data[16] = 0x82; | 
|  | wrap.data[17] = pkcs7->size >> 8; | 
|  | wrap.data[18] = pkcs7->size & 0xff; | 
|  | memcpy(wrap.data + 19, pkcs7->data, pkcs7->size); | 
|  |  | 
|  | g_free(pkcs7->data); | 
|  | *pkcs7 = wrap; | 
|  | } | 
|  |  | 
|  | static gnutls_datum_t *build_pkcs7(void *data) | 
|  | { | 
|  | variable_auth_2 *auth = data; | 
|  | gnutls_datum_t *pkcs7; | 
|  |  | 
|  | pkcs7 = g_new(gnutls_datum_t, 1); | 
|  | pkcs7->size = auth->hdr_length - 24; | 
|  | pkcs7->data = g_malloc(pkcs7->size); | 
|  | memcpy(pkcs7->data, data + 16 + 24, pkcs7->size); | 
|  |  | 
|  | wrap_pkcs7(pkcs7); | 
|  |  | 
|  | return pkcs7; | 
|  | } | 
|  |  | 
|  | /* | 
|  | * Read UEFI signature database, store x509 all certificates found in | 
|  | * gnutls_x509_trust_list_t. | 
|  | */ | 
|  | static gnutls_x509_trust_list_t build_trust_list_sb(uefi_variable *var) | 
|  | { | 
|  | gnutls_x509_trust_list_t tlist; | 
|  | gnutls_datum_t cert_data; | 
|  | gnutls_x509_crt_t cert; | 
|  | uefi_vars_siglist siglist; | 
|  | uefi_vars_cert *c; | 
|  | int rc; | 
|  |  | 
|  | rc = gnutls_x509_trust_list_init(&tlist, 0); | 
|  | if (rc < 0) { | 
|  | warn_report("gnutls_x509_trust_list_init error: %s", | 
|  | gnutls_strerror(rc)); | 
|  | return NULL; | 
|  | } | 
|  |  | 
|  | uefi_vars_siglist_init(&siglist); | 
|  | uefi_vars_siglist_parse(&siglist, var->data, var->data_size); | 
|  |  | 
|  | QTAILQ_FOREACH(c, &siglist.x509, next) { | 
|  | cert_data.size = c->size; | 
|  | cert_data.data = c->data; | 
|  |  | 
|  | rc = gnutls_x509_crt_init(&cert); | 
|  | if (rc < 0) { | 
|  | warn_report("gnutls_x509_crt_init error: %s", gnutls_strerror(rc)); | 
|  | break; | 
|  | } | 
|  | rc = gnutls_x509_crt_import(cert, &cert_data, GNUTLS_X509_FMT_DER); | 
|  | if (rc < 0) { | 
|  | warn_report("gnutls_x509_crt_import error: %s", | 
|  | gnutls_strerror(rc)); | 
|  | gnutls_x509_crt_deinit(cert); | 
|  | break; | 
|  | } | 
|  | rc = gnutls_x509_trust_list_add_cas(tlist, &cert, 1, 0); | 
|  | if (rc < 0) { | 
|  | warn_report("gnutls_x509_crt_import error: %s", | 
|  | gnutls_strerror(rc)); | 
|  | gnutls_x509_crt_deinit(cert); | 
|  | break; | 
|  | } | 
|  | } | 
|  |  | 
|  | uefi_vars_siglist_free(&siglist); | 
|  |  | 
|  | return tlist; | 
|  | } | 
|  |  | 
|  | static int build_digest_authvar(gnutls_x509_crt_t signer, | 
|  | gnutls_x509_crt_t root, | 
|  | uint8_t *hash_digest) | 
|  | { | 
|  | char *cn; | 
|  | size_t cn_size = 0; | 
|  | uint8_t fp[AUTHVAR_DIGEST_SIZE]; | 
|  | size_t fp_size = sizeof(fp); | 
|  | gnutls_hash_hd_t hash; | 
|  | int rc; | 
|  |  | 
|  | /* get signer CN */ | 
|  | rc = gnutls_x509_crt_get_dn_by_oid(signer, GNUTLS_OID_X520_COMMON_NAME, | 
|  | 0, 0, NULL, &cn_size); | 
|  | if (rc != GNUTLS_E_SHORT_MEMORY_BUFFER) { | 
|  | warn_report("gnutls_x509_crt_get_dn_by_oid error #1: %s", | 
|  | gnutls_strerror(rc)); | 
|  | return rc; | 
|  | } | 
|  |  | 
|  | cn = g_malloc(cn_size); | 
|  | rc = gnutls_x509_crt_get_dn_by_oid(signer, GNUTLS_OID_X520_COMMON_NAME, | 
|  | 0, 0, cn, &cn_size); | 
|  | if (rc < 0) { | 
|  | warn_report("gnutls_x509_crt_get_dn_by_oid error #2: %s", | 
|  | gnutls_strerror(rc)); | 
|  | goto err; | 
|  | } | 
|  |  | 
|  | /* get root certificate fingerprint */ | 
|  | rc = gnutls_x509_crt_get_fingerprint(root, AUTHVAR_DIGEST_ALGO, | 
|  | fp, &fp_size); | 
|  | if (rc < 0) { | 
|  | warn_report("gnutls_x509_crt_get_fingerprint error: %s", | 
|  | gnutls_strerror(rc)); | 
|  | goto err; | 
|  | } | 
|  |  | 
|  | /* digest both items */ | 
|  | rc = gnutls_hash_init(&hash, AUTHVAR_DIGEST_ALGO); | 
|  | if (rc < 0) { | 
|  | warn_report("gnutls_hash_init error: %s", | 
|  | gnutls_strerror(rc)); | 
|  | goto err; | 
|  | } | 
|  | rc = gnutls_hash(hash, cn, cn_size); | 
|  | if (rc < 0) { | 
|  | warn_report("gnutls_hash error: %s", | 
|  | gnutls_strerror(rc)); | 
|  | goto err; | 
|  | } | 
|  | rc = gnutls_hash(hash, fp, fp_size); | 
|  | if (rc < 0) { | 
|  | warn_report("gnutls_hash error: %s", | 
|  | gnutls_strerror(rc)); | 
|  | goto err; | 
|  | } | 
|  | gnutls_hash_deinit(hash, hash_digest); | 
|  |  | 
|  | return 0; | 
|  |  | 
|  | err: | 
|  | g_free(cn); | 
|  | return rc; | 
|  | } | 
|  |  | 
|  | /* | 
|  | * uefi spec 2.9, section 8.2.2 | 
|  | * | 
|  | * For EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS variables which are | 
|  | * NOT secure boot variables we should track the root certificate of the trust | 
|  | * chain, and the subject CN of the signer certificate. | 
|  | * | 
|  | * So we'll go store a digest of these two items so we can verify this.  Also | 
|  | * create a gnutls_x509_trust_list_t with the root certificate, so | 
|  | * gnutls_pkcs7_verify() will pass (assuming the signature is otherwise | 
|  | * correct). | 
|  | */ | 
|  | static gnutls_x509_trust_list_t build_trust_list_authvar(gnutls_pkcs7_t pkcs7, | 
|  | uint8_t *hash_digest) | 
|  | { | 
|  | gnutls_datum_t signer_data = { 0 }; | 
|  | gnutls_datum_t root_data = { 0 }; | 
|  | gnutls_x509_crt_t signer = NULL; | 
|  | gnutls_x509_crt_t root = NULL; | 
|  | gnutls_x509_trust_list_t tlist = NULL; | 
|  | int n, rc; | 
|  |  | 
|  | n = gnutls_pkcs7_get_crt_count(pkcs7); | 
|  |  | 
|  | /* first is signer certificate */ | 
|  | rc = gnutls_pkcs7_get_crt_raw2(pkcs7, 0, &signer_data); | 
|  | if (rc < 0) { | 
|  | warn_report("gnutls_pkcs7_get_crt_raw2(0) error: %s", | 
|  | gnutls_strerror(rc)); | 
|  | goto done; | 
|  | } | 
|  | rc = gnutls_x509_crt_init(&signer); | 
|  | if (rc < 0) { | 
|  | warn_report("gnutls_x509_crt_init error: %s", gnutls_strerror(rc)); | 
|  | goto done; | 
|  | } | 
|  | rc = gnutls_x509_crt_import(signer, &signer_data, GNUTLS_X509_FMT_DER); | 
|  | if (rc < 0) { | 
|  | warn_report("gnutls_x509_crt_import error: %s", | 
|  | gnutls_strerror(rc)); | 
|  | gnutls_x509_crt_deinit(signer); | 
|  | goto done; | 
|  | } | 
|  |  | 
|  | /* last is root-of-trust certificate (can be identical to signer) */ | 
|  | rc = gnutls_pkcs7_get_crt_raw2(pkcs7, n - 1, &root_data); | 
|  | if (rc < 0) { | 
|  | warn_report("gnutls_pkcs7_get_crt_raw2(%d) error: %s", | 
|  | n - 1, gnutls_strerror(rc)); | 
|  | goto done; | 
|  | } | 
|  | rc = gnutls_x509_crt_init(&root); | 
|  | if (rc < 0) { | 
|  | warn_report("gnutls_x509_crt_init error: %s", gnutls_strerror(rc)); | 
|  | goto done; | 
|  | } | 
|  | rc = gnutls_x509_crt_import(root, &root_data, GNUTLS_X509_FMT_DER); | 
|  | if (rc < 0) { | 
|  | warn_report("gnutls_x509_crt_import error: %s", | 
|  | gnutls_strerror(rc)); | 
|  | goto done; | 
|  | } | 
|  |  | 
|  | /* calc digest for signer CN + root cert */ | 
|  | rc = build_digest_authvar(signer, root, hash_digest); | 
|  | if (rc < 0) { | 
|  | goto done; | 
|  | } | 
|  |  | 
|  | /* add root to trust list */ | 
|  | rc = gnutls_x509_trust_list_init(&tlist, 0); | 
|  | if (rc < 0) { | 
|  | warn_report("gnutls_x509_trust_list_init error: %s", | 
|  | gnutls_strerror(rc)); | 
|  | goto done; | 
|  | } | 
|  | rc = gnutls_x509_trust_list_add_cas(tlist, &root, 1, 0); | 
|  | if (rc < 0) { | 
|  | warn_report("gnutls_x509_crt_import error: %s", | 
|  | gnutls_strerror(rc)); | 
|  | gnutls_x509_trust_list_deinit(tlist, 1); | 
|  | tlist = NULL; | 
|  | goto done; | 
|  | } else { | 
|  | /* ownership passed to tlist */ | 
|  | root = NULL; | 
|  | } | 
|  |  | 
|  | done: | 
|  | if (signer_data.data) { | 
|  | gnutls_free(signer_data.data); | 
|  | } | 
|  | if (root_data.data) { | 
|  | gnutls_free(root_data.data); | 
|  | } | 
|  | if (signer) { | 
|  | gnutls_x509_crt_deinit(signer); | 
|  | } | 
|  | if (root) { | 
|  | gnutls_x509_crt_deinit(root); | 
|  | } | 
|  | return tlist; | 
|  | } | 
|  |  | 
|  | static void free_datum(gnutls_datum_t *ptr) | 
|  | { | 
|  | if (!ptr) { | 
|  | return; | 
|  | } | 
|  | g_free(ptr->data); | 
|  | g_free(ptr); | 
|  | } | 
|  |  | 
|  | static void gnutls_log_stderr(int level, const char *msg) | 
|  | { | 
|  | if (strncmp(msg, "ASSERT:", 7) == 0) { | 
|  | return; | 
|  | } | 
|  | fprintf(stderr, "    %d: %s", level, msg); | 
|  | } | 
|  |  | 
|  | /* | 
|  | * pkcs7 signature verification (EFI_VARIABLE_AUTHENTICATION_2). | 
|  | */ | 
|  | efi_status uefi_vars_check_pkcs7_2(uefi_variable *siglist, | 
|  | void **digest, uint32_t *digest_size, | 
|  | mm_variable_access *va, void *data) | 
|  | { | 
|  | gnutls_x509_trust_list_t tlist = NULL; | 
|  | gnutls_datum_t *signed_data = NULL; | 
|  | gnutls_datum_t *pkcs7_data = NULL; | 
|  | gnutls_pkcs7_t pkcs7 = NULL; | 
|  | efi_status status = EFI_SECURITY_VIOLATION; | 
|  | int rc; | 
|  |  | 
|  | if (0) { | 
|  | /* gnutls debug logging */ | 
|  | static bool first = true; | 
|  |  | 
|  | if (first) { | 
|  | first = false; | 
|  | gnutls_global_set_log_function(gnutls_log_stderr); | 
|  | gnutls_global_set_log_level(99); | 
|  | } | 
|  | } | 
|  |  | 
|  | signed_data = build_signed_data(va, data); | 
|  | pkcs7_data = build_pkcs7(data); | 
|  |  | 
|  | rc = gnutls_pkcs7_init(&pkcs7); | 
|  | if (rc < 0) { | 
|  | warn_report("gnutls_pkcs7_init error: %s", gnutls_strerror(rc)); | 
|  | goto out; | 
|  | } | 
|  |  | 
|  | rc = gnutls_pkcs7_import(pkcs7, pkcs7_data, GNUTLS_X509_FMT_DER); | 
|  | if (rc < 0) { | 
|  | warn_report("gnutls_pkcs7_import error: %s", gnutls_strerror(rc)); | 
|  | goto out; | 
|  | } | 
|  |  | 
|  | if (siglist) { | 
|  | /* secure boot variables */ | 
|  | tlist = build_trust_list_sb(siglist); | 
|  | } else if (digest && digest_size) { | 
|  | /* other authenticated variables */ | 
|  | *digest_size = AUTHVAR_DIGEST_SIZE; | 
|  | *digest = g_malloc(*digest_size); | 
|  | tlist = build_trust_list_authvar(pkcs7, *digest); | 
|  | } else { | 
|  | /* should not happen */ | 
|  | goto out; | 
|  | } | 
|  |  | 
|  | rc = gnutls_pkcs7_verify(pkcs7, tlist, | 
|  | NULL, 0, | 
|  | 0, signed_data, | 
|  | GNUTLS_VERIFY_DISABLE_TIME_CHECKS | | 
|  | GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS); | 
|  | if (rc < 0) { | 
|  | warn_report("gnutls_pkcs7_verify error: %s", gnutls_strerror(rc)); | 
|  | goto out; | 
|  | } | 
|  |  | 
|  | /* check passed */ | 
|  | status = EFI_SUCCESS; | 
|  |  | 
|  | out: | 
|  | free_datum(signed_data); | 
|  | free_datum(pkcs7_data); | 
|  | if (tlist) { | 
|  | gnutls_x509_trust_list_deinit(tlist, 1); | 
|  | } | 
|  | if (pkcs7) { | 
|  | gnutls_pkcs7_deinit(pkcs7); | 
|  | } | 
|  | return status; | 
|  | } |