1 /* Parse a Microsoft Individual Code Signing blob
2  *
3  * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public Licence
8  * as published by the Free Software Foundation; either version
9  * 2 of the Licence, or (at your option) any later version.
10  */
11 
12 #define pr_fmt(fmt) "MSCODE: "fmt
13 #include <linux/kernel.h>
14 #include <linux/slab.h>
15 #include <linux/err.h>
16 #include <linux/oid_registry.h>
17 #include <crypto/pkcs7.h>
18 #include "verify_pefile.h"
19 #include "mscode-asn1.h"
20 
21 /*
22  * Parse a Microsoft Individual Code Signing blob
23  */
24 int mscode_parse(struct pefile_context *ctx)
25 {
26 	const void *content_data;
27 	size_t data_len;
28 	int ret;
29 
30 	ret = pkcs7_get_content_data(ctx->pkcs7, &content_data, &data_len, 1);
31 
32 	if (ret) {
33 		pr_debug("PKCS#7 message does not contain data\n");
34 		return ret;
35 	}
36 
37 	pr_devel("Data: %zu [%*ph]\n", data_len, (unsigned)(data_len),
38 		 content_data);
39 
40 	return asn1_ber_decoder(&mscode_decoder, ctx, content_data, data_len);
41 }
42 
43 /*
44  * Check the content type OID
45  */
46 int mscode_note_content_type(void *context, size_t hdrlen,
47 			     unsigned char tag,
48 			     const void *value, size_t vlen)
49 {
50 	enum OID oid;
51 
52 	oid = look_up_OID(value, vlen);
53 	if (oid == OID__NR) {
54 		char buffer[50];
55 
56 		sprint_oid(value, vlen, buffer, sizeof(buffer));
57 		pr_err("Unknown OID: %s\n", buffer);
58 		return -EBADMSG;
59 	}
60 
61 	/*
62 	 * pesign utility had a bug where it was putting
63 	 * OID_msIndividualSPKeyPurpose instead of OID_msPeImageDataObjId
64 	 * So allow both OIDs.
65 	 */
66 	if (oid != OID_msPeImageDataObjId &&
67 	    oid != OID_msIndividualSPKeyPurpose) {
68 		pr_err("Unexpected content type OID %u\n", oid);
69 		return -EBADMSG;
70 	}
71 
72 	return 0;
73 }
74 
75 /*
76  * Note the digest algorithm OID
77  */
78 int mscode_note_digest_algo(void *context, size_t hdrlen,
79 			    unsigned char tag,
80 			    const void *value, size_t vlen)
81 {
82 	struct pefile_context *ctx = context;
83 	char buffer[50];
84 	enum OID oid;
85 
86 	oid = look_up_OID(value, vlen);
87 	switch (oid) {
88 	case OID_md4:
89 		ctx->digest_algo = "md4";
90 		break;
91 	case OID_md5:
92 		ctx->digest_algo = "md5";
93 		break;
94 	case OID_sha1:
95 		ctx->digest_algo = "sha1";
96 		break;
97 	case OID_sha256:
98 		ctx->digest_algo = "sha256";
99 		break;
100 	case OID_sha384:
101 		ctx->digest_algo = "sha384";
102 		break;
103 	case OID_sha512:
104 		ctx->digest_algo = "sha512";
105 		break;
106 	case OID_sha224:
107 		ctx->digest_algo = "sha224";
108 		break;
109 
110 	case OID__NR:
111 		sprint_oid(value, vlen, buffer, sizeof(buffer));
112 		pr_err("Unknown OID: %s\n", buffer);
113 		return -EBADMSG;
114 
115 	default:
116 		pr_err("Unsupported content type: %u\n", oid);
117 		return -ENOPKG;
118 	}
119 
120 	return 0;
121 }
122 
123 /*
124  * Note the digest we're guaranteeing with this certificate
125  */
126 int mscode_note_digest(void *context, size_t hdrlen,
127 		       unsigned char tag,
128 		       const void *value, size_t vlen)
129 {
130 	struct pefile_context *ctx = context;
131 
132 	ctx->digest = value;
133 	ctx->digest_len = vlen;
134 	return 0;
135 }
136