1 /* 2 * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 /* 8 * X509 parser based on mbed TLS 9 * 10 * This module implements functions to check the integrity of a X509v3 11 * certificate ASN.1 structure and extract authentication parameters from the 12 * extensions field, such as an image hash or a public key. 13 */ 14 15 #include <assert.h> 16 #include <stddef.h> 17 #include <stdint.h> 18 #include <string.h> 19 20 /* mbed TLS headers */ 21 #include <mbedtls/asn1.h> 22 #include <mbedtls/oid.h> 23 #include <mbedtls/platform.h> 24 25 #include <arch_helpers.h> 26 #include <drivers/auth/img_parser_mod.h> 27 #include <drivers/auth/mbedtls/mbedtls_common.h> 28 #include <lib/utils.h> 29 30 /* Maximum OID string length ("a.b.c.d.e.f ...") */ 31 #define MAX_OID_STR_LEN 64 32 33 #define LIB_NAME "mbed TLS X509v3" 34 35 /* Temporary variables to speed up the authentication parameters search. These 36 * variables are assigned once during the integrity check and used any time an 37 * authentication parameter is requested, so we do not have to parse the image 38 * again */ 39 static mbedtls_asn1_buf tbs; 40 static mbedtls_asn1_buf v3_ext; 41 static mbedtls_asn1_buf pk; 42 static mbedtls_asn1_buf sig_alg; 43 static mbedtls_asn1_buf signature; 44 45 /* 46 * Clear all static temporary variables. 47 */ 48 static void clear_temp_vars(void) 49 { 50 #define ZERO_AND_CLEAN(x) \ 51 do { \ 52 zeromem(&x, sizeof(x)); \ 53 clean_dcache_range((uintptr_t)&x, sizeof(x)); \ 54 } while (0); 55 56 ZERO_AND_CLEAN(tbs) 57 ZERO_AND_CLEAN(v3_ext); 58 ZERO_AND_CLEAN(pk); 59 ZERO_AND_CLEAN(sig_alg); 60 ZERO_AND_CLEAN(signature); 61 62 #undef ZERO_AND_CLEAN 63 } 64 65 /* 66 * Get X509v3 extension 67 * 68 * Global variable 'v3_ext' must point to the extensions region 69 * in the certificate. No need to check for errors since the image has passed 70 * the integrity check. 71 */ 72 static int get_ext(const char *oid, void **ext, unsigned int *ext_len) 73 { 74 int oid_len; 75 size_t len; 76 unsigned char *end_ext_data, *end_ext_octet; 77 unsigned char *p; 78 const unsigned char *end; 79 char oid_str[MAX_OID_STR_LEN]; 80 mbedtls_asn1_buf extn_oid; 81 int is_critical; 82 83 assert(oid != NULL); 84 85 p = v3_ext.p; 86 end = v3_ext.p + v3_ext.len; 87 88 mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | 89 MBEDTLS_ASN1_SEQUENCE); 90 91 while (p < end) { 92 zeromem(&extn_oid, sizeof(extn_oid)); 93 is_critical = 0; /* DEFAULT FALSE */ 94 95 mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | 96 MBEDTLS_ASN1_SEQUENCE); 97 end_ext_data = p + len; 98 99 /* Get extension ID */ 100 extn_oid.tag = *p; 101 mbedtls_asn1_get_tag(&p, end, &extn_oid.len, MBEDTLS_ASN1_OID); 102 extn_oid.p = p; 103 p += extn_oid.len; 104 105 /* Get optional critical */ 106 mbedtls_asn1_get_bool(&p, end_ext_data, &is_critical); 107 108 /* Extension data */ 109 mbedtls_asn1_get_tag(&p, end_ext_data, &len, 110 MBEDTLS_ASN1_OCTET_STRING); 111 end_ext_octet = p + len; 112 113 /* Detect requested extension */ 114 oid_len = mbedtls_oid_get_numeric_string(oid_str, 115 MAX_OID_STR_LEN, 116 &extn_oid); 117 if ((oid_len == MBEDTLS_ERR_OID_BUF_TOO_SMALL) || (oid_len < 0)) { 118 return IMG_PARSER_ERR; 119 } 120 if (((size_t)oid_len == strlen(oid_str)) && !strcmp(oid, oid_str)) { 121 *ext = (void *)p; 122 *ext_len = (unsigned int)len; 123 return IMG_PARSER_OK; 124 } 125 126 /* Next */ 127 p = end_ext_octet; 128 } 129 130 return IMG_PARSER_ERR_NOT_FOUND; 131 } 132 133 134 /* 135 * Check the integrity of the certificate ASN.1 structure. 136 * 137 * Extract the relevant data that will be used later during authentication. 138 * 139 * This function doesn't clear the static variables located on the top of this 140 * file in case of an error. It is only called from check_integrity(), which 141 * performs the cleanup if necessary. 142 */ 143 static int cert_parse(void *img, unsigned int img_len) 144 { 145 int ret, is_critical; 146 size_t len; 147 unsigned char *p, *end, *crt_end; 148 mbedtls_asn1_buf sig_alg1, sig_alg2; 149 /* 150 * The unique ASN.1 DER encoding of [0] EXPLICIT INTEGER { v3(2} }. 151 */ 152 static const char v3[] = { 153 /* The outer CONTEXT SPECIFIC 0 tag */ 154 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0, 155 /* The number bytes used to encode the inner INTEGER */ 156 3, 157 /* The tag of the inner INTEGER */ 158 MBEDTLS_ASN1_INTEGER, 159 /* The number of bytes needed to represent 2 */ 160 1, 161 /* The actual value 2 */ 162 2, 163 }; 164 165 p = (unsigned char *)img; 166 len = img_len; 167 end = p + len; 168 169 /* 170 * Certificate ::= SEQUENCE { 171 * tbsCertificate TBSCertificate, 172 * signatureAlgorithm AlgorithmIdentifier, 173 * signatureValue BIT STRING } 174 */ 175 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | 176 MBEDTLS_ASN1_SEQUENCE); 177 if (ret != 0) { 178 return IMG_PARSER_ERR_FORMAT; 179 } 180 181 if (len > (size_t)(end - p)) { 182 return IMG_PARSER_ERR_FORMAT; 183 } 184 crt_end = p + len; 185 186 /* 187 * TBSCertificate ::= SEQUENCE { 188 */ 189 tbs.p = p; 190 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | 191 MBEDTLS_ASN1_SEQUENCE); 192 if (ret != 0) { 193 return IMG_PARSER_ERR_FORMAT; 194 } 195 end = p + len; 196 tbs.len = end - tbs.p; 197 198 /* 199 * Version ::= [0] EXPLICIT INTEGER { v1(0), v2(1), v3(2) } 200 * -- only v3 accepted 201 */ 202 if (((end - p) <= (ptrdiff_t)sizeof(v3)) || 203 (memcmp(p, v3, sizeof(v3)) != 0)) { 204 return IMG_PARSER_ERR_FORMAT; 205 } 206 p += sizeof(v3); 207 208 /* 209 * CertificateSerialNumber ::= INTEGER 210 */ 211 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER); 212 if (ret != 0) { 213 return IMG_PARSER_ERR_FORMAT; 214 } 215 p += len; 216 217 /* 218 * signature AlgorithmIdentifier 219 */ 220 sig_alg1.p = p; 221 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | 222 MBEDTLS_ASN1_SEQUENCE); 223 if (ret != 0) { 224 return IMG_PARSER_ERR_FORMAT; 225 } 226 if ((end - p) < 1) { 227 return IMG_PARSER_ERR_FORMAT; 228 } 229 sig_alg1.len = (p + len) - sig_alg1.p; 230 p += len; 231 232 /* 233 * issuer Name 234 */ 235 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | 236 MBEDTLS_ASN1_SEQUENCE); 237 if (ret != 0) { 238 return IMG_PARSER_ERR_FORMAT; 239 } 240 p += len; 241 242 /* 243 * Validity ::= SEQUENCE { 244 * notBefore Time, 245 * notAfter Time } 246 * 247 */ 248 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | 249 MBEDTLS_ASN1_SEQUENCE); 250 if (ret != 0) { 251 return IMG_PARSER_ERR_FORMAT; 252 } 253 p += len; 254 255 /* 256 * subject Name 257 */ 258 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | 259 MBEDTLS_ASN1_SEQUENCE); 260 if (ret != 0) { 261 return IMG_PARSER_ERR_FORMAT; 262 } 263 p += len; 264 265 /* 266 * SubjectPublicKeyInfo 267 */ 268 pk.p = p; 269 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | 270 MBEDTLS_ASN1_SEQUENCE); 271 if (ret != 0) { 272 return IMG_PARSER_ERR_FORMAT; 273 } 274 pk.len = (p + len) - pk.p; 275 p += len; 276 277 /* 278 * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, 279 */ 280 ret = mbedtls_asn1_get_tag(&p, end, &len, 281 MBEDTLS_ASN1_CONTEXT_SPECIFIC | 282 MBEDTLS_ASN1_CONSTRUCTED | 1); 283 if (ret != 0) { 284 if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { 285 return IMG_PARSER_ERR_FORMAT; 286 } 287 } else { 288 p += len; 289 } 290 291 /* 292 * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, 293 */ 294 ret = mbedtls_asn1_get_tag(&p, end, &len, 295 MBEDTLS_ASN1_CONTEXT_SPECIFIC | 296 MBEDTLS_ASN1_CONSTRUCTED | 2); 297 if (ret != 0) { 298 if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { 299 return IMG_PARSER_ERR_FORMAT; 300 } 301 } else { 302 p += len; 303 } 304 305 /* 306 * extensions [3] EXPLICIT Extensions OPTIONAL 307 */ 308 ret = mbedtls_asn1_get_tag(&p, end, &len, 309 MBEDTLS_ASN1_CONTEXT_SPECIFIC | 310 MBEDTLS_ASN1_CONSTRUCTED | 3); 311 if (ret != 0) { 312 return IMG_PARSER_ERR_FORMAT; 313 } 314 315 /* 316 * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension 317 */ 318 v3_ext.p = p; 319 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | 320 MBEDTLS_ASN1_SEQUENCE); 321 if (ret != 0) { 322 return IMG_PARSER_ERR_FORMAT; 323 } 324 v3_ext.len = (p + len) - v3_ext.p; 325 326 /* 327 * Check extensions integrity 328 */ 329 while (p < end) { 330 ret = mbedtls_asn1_get_tag(&p, end, &len, 331 MBEDTLS_ASN1_CONSTRUCTED | 332 MBEDTLS_ASN1_SEQUENCE); 333 if (ret != 0) { 334 return IMG_PARSER_ERR_FORMAT; 335 } 336 337 /* Get extension ID */ 338 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID); 339 if (ret != 0) { 340 return IMG_PARSER_ERR_FORMAT; 341 } 342 p += len; 343 344 /* Get optional critical */ 345 ret = mbedtls_asn1_get_bool(&p, end, &is_critical); 346 if ((ret != 0) && (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) { 347 return IMG_PARSER_ERR_FORMAT; 348 } 349 350 /* Data should be octet string type */ 351 ret = mbedtls_asn1_get_tag(&p, end, &len, 352 MBEDTLS_ASN1_OCTET_STRING); 353 if (ret != 0) { 354 return IMG_PARSER_ERR_FORMAT; 355 } 356 p += len; 357 } 358 359 if (p != end) { 360 return IMG_PARSER_ERR_FORMAT; 361 } 362 363 end = crt_end; 364 365 /* 366 * } 367 * -- end of TBSCertificate 368 * 369 * signatureAlgorithm AlgorithmIdentifier 370 */ 371 sig_alg2.p = p; 372 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | 373 MBEDTLS_ASN1_SEQUENCE); 374 if (ret != 0) { 375 return IMG_PARSER_ERR_FORMAT; 376 } 377 if ((end - p) < 1) { 378 return IMG_PARSER_ERR_FORMAT; 379 } 380 sig_alg2.len = (p + len) - sig_alg2.p; 381 p += len; 382 383 /* Compare both signature algorithms */ 384 if (sig_alg1.len != sig_alg2.len) { 385 return IMG_PARSER_ERR_FORMAT; 386 } 387 if (0 != memcmp(sig_alg1.p, sig_alg2.p, sig_alg1.len)) { 388 return IMG_PARSER_ERR_FORMAT; 389 } 390 memcpy(&sig_alg, &sig_alg1, sizeof(sig_alg)); 391 392 /* 393 * signatureValue BIT STRING 394 */ 395 signature.p = p; 396 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_BIT_STRING); 397 if (ret != 0) { 398 return IMG_PARSER_ERR_FORMAT; 399 } 400 signature.len = (p + len) - signature.p; 401 p += len; 402 403 /* Check certificate length */ 404 if (p != end) { 405 return IMG_PARSER_ERR_FORMAT; 406 } 407 408 return IMG_PARSER_OK; 409 } 410 411 412 /* Exported functions */ 413 414 static void init(void) 415 { 416 mbedtls_init(); 417 } 418 419 /* 420 * Wrapper for cert_parse() that clears the static variables used by it in case 421 * of an error. 422 */ 423 static int check_integrity(void *img, unsigned int img_len) 424 { 425 int rc = cert_parse(img, img_len); 426 427 if (rc != IMG_PARSER_OK) 428 clear_temp_vars(); 429 430 return rc; 431 } 432 433 /* 434 * Extract an authentication parameter from an X509v3 certificate 435 * 436 * This function returns a pointer to the extracted data and its length. 437 * Depending on the type of parameter, a pointer to the data stored in the 438 * certificate may be returned (i.e. an octet string containing a hash). Other 439 * data may need to be copied and formatted (i.e. integers). In the later case, 440 * a buffer of the correct type needs to be statically allocated, filled and 441 * returned. 442 */ 443 static int get_auth_param(const auth_param_type_desc_t *type_desc, 444 void *img, unsigned int img_len, 445 void **param, unsigned int *param_len) 446 { 447 int rc = IMG_PARSER_OK; 448 449 /* We do not use img because the check_integrity function has already 450 * extracted the relevant data (v3_ext, pk, sig_alg, etc) */ 451 452 switch (type_desc->type) { 453 case AUTH_PARAM_RAW_DATA: 454 /* Data to be signed */ 455 *param = (void *)tbs.p; 456 *param_len = (unsigned int)tbs.len; 457 break; 458 case AUTH_PARAM_HASH: 459 case AUTH_PARAM_NV_CTR: 460 /* All these parameters are included as X509v3 extensions */ 461 rc = get_ext(type_desc->cookie, param, param_len); 462 break; 463 case AUTH_PARAM_PUB_KEY: 464 if (type_desc->cookie != 0) { 465 /* Get public key from extension */ 466 rc = get_ext(type_desc->cookie, param, param_len); 467 } else { 468 /* Get the subject public key */ 469 *param = (void *)pk.p; 470 *param_len = (unsigned int)pk.len; 471 } 472 break; 473 case AUTH_PARAM_SIG_ALG: 474 /* Get the certificate signature algorithm */ 475 *param = (void *)sig_alg.p; 476 *param_len = (unsigned int)sig_alg.len; 477 break; 478 case AUTH_PARAM_SIG: 479 /* Get the certificate signature */ 480 *param = (void *)signature.p; 481 *param_len = (unsigned int)signature.len; 482 break; 483 default: 484 rc = IMG_PARSER_ERR_NOT_FOUND; 485 break; 486 } 487 488 return rc; 489 } 490 491 REGISTER_IMG_PARSER_LIB(IMG_CERT, LIB_NAME, init, \ 492 check_integrity, get_auth_param); 493