blob: adcef59eec0b6a58eb8c0ee0ebf7c48a91472c57 [file] [log] [blame]
David Howells4c0b4b12014-07-01 16:02:52 +01001/* Parse a Microsoft Individual Code Signing blob
2 *
3 * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
10 */
11
12#define pr_fmt(fmt) "MSCODE: "fmt
13#include <linux/kernel.h>
14#include <linux/slab.h>
15#include <linux/err.h>
16#include <linux/oid_registry.h>
17#include <crypto/pkcs7.h>
18#include "verify_pefile.h"
19#include "mscode-asn1.h"
20
21/*
22 * Parse a Microsoft Individual Code Signing blob
23 */
24int mscode_parse(struct pefile_context *ctx)
25{
26 const void *content_data;
27 size_t data_len;
28 int ret;
29
30 ret = pkcs7_get_content_data(ctx->pkcs7, &content_data, &data_len, 1);
31
32 if (ret) {
33 pr_debug("PKCS#7 message does not contain data\n");
34 return ret;
35 }
36
37 pr_devel("Data: %zu [%*ph]\n", data_len, (unsigned)(data_len),
38 content_data);
39
40 return asn1_ber_decoder(&mscode_decoder, ctx, content_data, data_len);
41}
42
43/*
44 * Check the content type OID
45 */
46int mscode_note_content_type(void *context, size_t hdrlen,
47 unsigned char tag,
48 const void *value, size_t vlen)
49{
50 enum OID oid;
51
52 oid = look_up_OID(value, vlen);
53 if (oid == OID__NR) {
54 char buffer[50];
55
56 sprint_oid(value, vlen, buffer, sizeof(buffer));
57 pr_err("Unknown OID: %s\n", buffer);
58 return -EBADMSG;
59 }
60
Vivek Goyaldd7d66f2014-07-08 18:10:46 +010061 /*
62 * pesign utility had a bug where it was putting
63 * OID_msIndividualSPKeyPurpose instead of OID_msPeImageDataObjId
64 * So allow both OIDs.
65 */
66 if (oid != OID_msPeImageDataObjId &&
67 oid != OID_msIndividualSPKeyPurpose) {
David Howells4c0b4b12014-07-01 16:02:52 +010068 pr_err("Unexpected content type OID %u\n", oid);
69 return -EBADMSG;
70 }
71
72 return 0;
73}
74
75/*
76 * Note the digest algorithm OID
77 */
78int mscode_note_digest_algo(void *context, size_t hdrlen,
79 unsigned char tag,
80 const void *value, size_t vlen)
81{
82 struct pefile_context *ctx = context;
83 char buffer[50];
84 enum OID oid;
85
86 oid = look_up_OID(value, vlen);
87 switch (oid) {
88 case OID_md4:
89 ctx->digest_algo = HASH_ALGO_MD4;
90 break;
91 case OID_md5:
92 ctx->digest_algo = HASH_ALGO_MD5;
93 break;
94 case OID_sha1:
95 ctx->digest_algo = HASH_ALGO_SHA1;
96 break;
97 case OID_sha256:
98 ctx->digest_algo = HASH_ALGO_SHA256;
99 break;
David Howells07f081f2015-08-30 16:59:57 +0100100 case OID_sha384:
101 ctx->digest_algo = HASH_ALGO_SHA384;
102 break;
103 case OID_sha512:
104 ctx->digest_algo = HASH_ALGO_SHA512;
105 break;
106 case OID_sha224:
107 ctx->digest_algo = HASH_ALGO_SHA224;
108 break;
David Howells4c0b4b12014-07-01 16:02:52 +0100109
110 case OID__NR:
111 sprint_oid(value, vlen, buffer, sizeof(buffer));
112 pr_err("Unknown OID: %s\n", buffer);
113 return -EBADMSG;
114
115 default:
116 pr_err("Unsupported content type: %u\n", oid);
117 return -ENOPKG;
118 }
119
120 return 0;
121}
122
123/*
124 * Note the digest we're guaranteeing with this certificate
125 */
126int mscode_note_digest(void *context, size_t hdrlen,
127 unsigned char tag,
128 const void *value, size_t vlen)
129{
130 struct pefile_context *ctx = context;
131
132 ctx->digest = value;
133 ctx->digest_len = vlen;
134 return 0;
135}