xref: /OK3568_Linux_fs/kernel/crypto/asymmetric_keys/mscode_parser.c (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0-or-later
2*4882a593Smuzhiyun /* Parse a Microsoft Individual Code Signing blob
3*4882a593Smuzhiyun  *
4*4882a593Smuzhiyun  * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
5*4882a593Smuzhiyun  * Written by David Howells (dhowells@redhat.com)
6*4882a593Smuzhiyun  */
7*4882a593Smuzhiyun 
8*4882a593Smuzhiyun #define pr_fmt(fmt) "MSCODE: "fmt
9*4882a593Smuzhiyun #include <linux/kernel.h>
10*4882a593Smuzhiyun #include <linux/slab.h>
11*4882a593Smuzhiyun #include <linux/err.h>
12*4882a593Smuzhiyun #include <linux/oid_registry.h>
13*4882a593Smuzhiyun #include <crypto/pkcs7.h>
14*4882a593Smuzhiyun #include "verify_pefile.h"
15*4882a593Smuzhiyun #include "mscode.asn1.h"
16*4882a593Smuzhiyun 
17*4882a593Smuzhiyun /*
18*4882a593Smuzhiyun  * Parse a Microsoft Individual Code Signing blob
19*4882a593Smuzhiyun  */
mscode_parse(void * _ctx,const void * content_data,size_t data_len,size_t asn1hdrlen)20*4882a593Smuzhiyun int mscode_parse(void *_ctx, const void *content_data, size_t data_len,
21*4882a593Smuzhiyun 		 size_t asn1hdrlen)
22*4882a593Smuzhiyun {
23*4882a593Smuzhiyun 	struct pefile_context *ctx = _ctx;
24*4882a593Smuzhiyun 
25*4882a593Smuzhiyun 	content_data -= asn1hdrlen;
26*4882a593Smuzhiyun 	data_len += asn1hdrlen;
27*4882a593Smuzhiyun 	pr_devel("Data: %zu [%*ph]\n", data_len, (unsigned)(data_len),
28*4882a593Smuzhiyun 		 content_data);
29*4882a593Smuzhiyun 
30*4882a593Smuzhiyun 	return asn1_ber_decoder(&mscode_decoder, ctx, content_data, data_len);
31*4882a593Smuzhiyun }
32*4882a593Smuzhiyun 
33*4882a593Smuzhiyun /*
34*4882a593Smuzhiyun  * Check the content type OID
35*4882a593Smuzhiyun  */
mscode_note_content_type(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)36*4882a593Smuzhiyun int mscode_note_content_type(void *context, size_t hdrlen,
37*4882a593Smuzhiyun 			     unsigned char tag,
38*4882a593Smuzhiyun 			     const void *value, size_t vlen)
39*4882a593Smuzhiyun {
40*4882a593Smuzhiyun 	enum OID oid;
41*4882a593Smuzhiyun 
42*4882a593Smuzhiyun 	oid = look_up_OID(value, vlen);
43*4882a593Smuzhiyun 	if (oid == OID__NR) {
44*4882a593Smuzhiyun 		char buffer[50];
45*4882a593Smuzhiyun 
46*4882a593Smuzhiyun 		sprint_oid(value, vlen, buffer, sizeof(buffer));
47*4882a593Smuzhiyun 		pr_err("Unknown OID: %s\n", buffer);
48*4882a593Smuzhiyun 		return -EBADMSG;
49*4882a593Smuzhiyun 	}
50*4882a593Smuzhiyun 
51*4882a593Smuzhiyun 	/*
52*4882a593Smuzhiyun 	 * pesign utility had a bug where it was putting
53*4882a593Smuzhiyun 	 * OID_msIndividualSPKeyPurpose instead of OID_msPeImageDataObjId
54*4882a593Smuzhiyun 	 * So allow both OIDs.
55*4882a593Smuzhiyun 	 */
56*4882a593Smuzhiyun 	if (oid != OID_msPeImageDataObjId &&
57*4882a593Smuzhiyun 	    oid != OID_msIndividualSPKeyPurpose) {
58*4882a593Smuzhiyun 		pr_err("Unexpected content type OID %u\n", oid);
59*4882a593Smuzhiyun 		return -EBADMSG;
60*4882a593Smuzhiyun 	}
61*4882a593Smuzhiyun 
62*4882a593Smuzhiyun 	return 0;
63*4882a593Smuzhiyun }
64*4882a593Smuzhiyun 
65*4882a593Smuzhiyun /*
66*4882a593Smuzhiyun  * Note the digest algorithm OID
67*4882a593Smuzhiyun  */
mscode_note_digest_algo(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)68*4882a593Smuzhiyun int mscode_note_digest_algo(void *context, size_t hdrlen,
69*4882a593Smuzhiyun 			    unsigned char tag,
70*4882a593Smuzhiyun 			    const void *value, size_t vlen)
71*4882a593Smuzhiyun {
72*4882a593Smuzhiyun 	struct pefile_context *ctx = context;
73*4882a593Smuzhiyun 	char buffer[50];
74*4882a593Smuzhiyun 	enum OID oid;
75*4882a593Smuzhiyun 
76*4882a593Smuzhiyun 	oid = look_up_OID(value, vlen);
77*4882a593Smuzhiyun 	switch (oid) {
78*4882a593Smuzhiyun 	case OID_md4:
79*4882a593Smuzhiyun 		ctx->digest_algo = "md4";
80*4882a593Smuzhiyun 		break;
81*4882a593Smuzhiyun 	case OID_md5:
82*4882a593Smuzhiyun 		ctx->digest_algo = "md5";
83*4882a593Smuzhiyun 		break;
84*4882a593Smuzhiyun 	case OID_sha1:
85*4882a593Smuzhiyun 		ctx->digest_algo = "sha1";
86*4882a593Smuzhiyun 		break;
87*4882a593Smuzhiyun 	case OID_sha256:
88*4882a593Smuzhiyun 		ctx->digest_algo = "sha256";
89*4882a593Smuzhiyun 		break;
90*4882a593Smuzhiyun 	case OID_sha384:
91*4882a593Smuzhiyun 		ctx->digest_algo = "sha384";
92*4882a593Smuzhiyun 		break;
93*4882a593Smuzhiyun 	case OID_sha512:
94*4882a593Smuzhiyun 		ctx->digest_algo = "sha512";
95*4882a593Smuzhiyun 		break;
96*4882a593Smuzhiyun 	case OID_sha224:
97*4882a593Smuzhiyun 		ctx->digest_algo = "sha224";
98*4882a593Smuzhiyun 		break;
99*4882a593Smuzhiyun 
100*4882a593Smuzhiyun 	case OID__NR:
101*4882a593Smuzhiyun 		sprint_oid(value, vlen, buffer, sizeof(buffer));
102*4882a593Smuzhiyun 		pr_err("Unknown OID: %s\n", buffer);
103*4882a593Smuzhiyun 		return -EBADMSG;
104*4882a593Smuzhiyun 
105*4882a593Smuzhiyun 	default:
106*4882a593Smuzhiyun 		pr_err("Unsupported content type: %u\n", oid);
107*4882a593Smuzhiyun 		return -ENOPKG;
108*4882a593Smuzhiyun 	}
109*4882a593Smuzhiyun 
110*4882a593Smuzhiyun 	return 0;
111*4882a593Smuzhiyun }
112*4882a593Smuzhiyun 
113*4882a593Smuzhiyun /*
114*4882a593Smuzhiyun  * Note the digest we're guaranteeing with this certificate
115*4882a593Smuzhiyun  */
mscode_note_digest(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)116*4882a593Smuzhiyun int mscode_note_digest(void *context, size_t hdrlen,
117*4882a593Smuzhiyun 		       unsigned char tag,
118*4882a593Smuzhiyun 		       const void *value, size_t vlen)
119*4882a593Smuzhiyun {
120*4882a593Smuzhiyun 	struct pefile_context *ctx = context;
121*4882a593Smuzhiyun 
122*4882a593Smuzhiyun 	ctx->digest = kmemdup(value, vlen, GFP_KERNEL);
123*4882a593Smuzhiyun 	if (!ctx->digest)
124*4882a593Smuzhiyun 		return -ENOMEM;
125*4882a593Smuzhiyun 
126*4882a593Smuzhiyun 	ctx->digest_len = vlen;
127*4882a593Smuzhiyun 
128*4882a593Smuzhiyun 	return 0;
129*4882a593Smuzhiyun }
130