Open Menu / lib / mbedtls / mscode_parser.c
Loading...
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
// SPDX-License-Identifier: GPL-2.0+
/*
 * MSCode parser using MbedTLS ASN1 library
 *
 * Copyright (c) 2024 Linaro Limited
 * Author: Raymond Mao <raymond.mao@linaro.org>
 */

#include <linux/kernel.h>
#include <linux/err.h>
#include <crypto/pkcs7.h>
#include <crypto/mscode.h>

/*
 * Parse a Microsoft Individual Code Signing blob
 *
 * U.P.SEQUENCE {
 *    U.P.OBJECTIDENTIFIER 1.3.6.1.4.1.311.2.1.15 (SPC_PE_IMAGE_DATA_OBJID)
 *    U.P.SEQUENCE {
 *       U.P.BITSTRING NaN : 0 unused bit(s);
 *       [C.P.0] {
 *          [C.P.2] {
 *             [C.P.0] <arbitrary string>
 *          }
 *       }
 *    }
 * }
 * U.P.SEQUENCE {
 *    U.P.SEQUENCE {
 *       U.P.OBJECTIDENTIFIER <digest algorithm OID>
 *       U.P.NULL
 *    }
 *    U.P.OCTETSTRING <PE image digest>
 * }
 *
 * @ctx: PE file context.
 * @content_data: content data pointer.
 * @data_len: content data length.
 * @asn1hdrlen: ASN1 header length.
 */
int mscode_parse(void *ctx, const void *content_data, size_t data_len,
		 size_t asn1hdrlen)
{
	struct pefile_context *_ctx = ctx;
	unsigned char *p = (unsigned char *)content_data;
	unsigned char *end = (unsigned char *)content_data + data_len;
	size_t len = 0;
	int ret;
	unsigned char *inner_p;
	size_t seq_len = 0;

	ret = mbedtls_asn1_get_tag(&p, end, &seq_len,
				   MBEDTLS_ASN1_CONSTRUCTED |
				   MBEDTLS_ASN1_SEQUENCE);
	if (ret)
		return ret;

	inner_p = p;
	ret = mbedtls_asn1_get_tag(&inner_p, inner_p + seq_len, &len,
				   MBEDTLS_ASN1_OID);
	if (ret)
		return ret;

	/* Sanity check on the PE Image Data OID (1.3.6.1.4.1.311.2.1.15) */
	if (MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_MICROSOFT_PEIMAGEDATA, inner_p,
				len))
		return -EINVAL;

	p += seq_len;
	ret = mbedtls_asn1_get_tag(&p, end, &seq_len,
				   MBEDTLS_ASN1_CONSTRUCTED |
				   MBEDTLS_ASN1_SEQUENCE);
	if (ret)
		return ret;

	ret = mbedtls_asn1_get_tag(&p, p + seq_len, &seq_len,
				   MBEDTLS_ASN1_CONSTRUCTED |
				   MBEDTLS_ASN1_SEQUENCE);
	if (ret)
		return ret;

	inner_p = p;

	/*
	 * Check if the inner sequence contains a supported hash
	 * algorithm OID
	 */
	ret = mbedtls_asn1_get_tag(&inner_p, inner_p + seq_len, &len,
				   MBEDTLS_ASN1_OID);
	if (ret)
		return ret;

	if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_DIGEST_ALG_MD5, inner_p, len))
		_ctx->digest_algo = "md5";
	else if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_DIGEST_ALG_SHA1, inner_p,
				      len))
		_ctx->digest_algo = "sha1";
	else if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_DIGEST_ALG_SHA224, inner_p,
				      len))
		_ctx->digest_algo = "sha224";
	else if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_DIGEST_ALG_SHA256, inner_p,
				      len))
		_ctx->digest_algo = "sha256";
	else if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_DIGEST_ALG_SHA384, inner_p,
				      len))
		_ctx->digest_algo = "sha384";
	else if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_DIGEST_ALG_SHA512, inner_p,
				      len))
		_ctx->digest_algo = "sha512";

	if (!_ctx->digest_algo)
		return -EINVAL;

	p += seq_len;
	ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
	if (ret)
		return ret;

	_ctx->digest = p;
	_ctx->digest_len = len;

	return 0;
}