2 * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License as
6 * published by the Free Software Foundation; either version 2 of the
7 * License, or any later version.
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
20 FILE_LICENCE ( GPL2_OR_LATER );
24 * Cryptographic Message Syntax (PKCS #7)
26 * The format of CMS messages is defined in RFC 5652.
34 #include <ipxe/asn1.h>
35 #include <ipxe/x509.h>
36 #include <ipxe/malloc.h>
37 #include <ipxe/uaccess.h>
40 /* Disambiguate the various error causes */
41 #define EACCES_NON_SIGNING \
42 __einfo_error ( EINFO_EACCES_NON_SIGNING )
43 #define EINFO_EACCES_NON_SIGNING \
44 __einfo_uniqify ( EINFO_EACCES, 0x01, "Not a signing certificate" )
45 #define EACCES_NON_CODE_SIGNING \
46 __einfo_error ( EINFO_EACCES_NON_CODE_SIGNING )
47 #define EINFO_EACCES_NON_CODE_SIGNING \
48 __einfo_uniqify ( EINFO_EACCES, 0x02, "Not a code-signing certificate" )
49 #define EACCES_WRONG_NAME \
50 __einfo_error ( EINFO_EACCES_WRONG_NAME )
51 #define EINFO_EACCES_WRONG_NAME \
52 __einfo_uniqify ( EINFO_EACCES, 0x04, "Incorrect certificate name" )
53 #define EACCES_NO_SIGNATURES \
54 __einfo_error ( EINFO_EACCES_NO_SIGNATURES )
55 #define EINFO_EACCES_NO_SIGNATURES \
56 __einfo_uniqify ( EINFO_EACCES, 0x05, "No signatures present" )
57 #define EINVAL_DIGEST \
58 __einfo_error ( EINFO_EINVAL_DIGEST )
59 #define EINFO_EINVAL_DIGEST \
60 __einfo_uniqify ( EINFO_EINVAL, 0x01, "Not a digest algorithm" )
61 #define EINVAL_PUBKEY \
62 __einfo_error ( EINFO_EINVAL_PUBKEY )
63 #define EINFO_EINVAL_PUBKEY \
64 __einfo_uniqify ( EINFO_EINVAL, 0x02, "Not a public-key algorithm" )
65 #define ENOTSUP_SIGNEDDATA \
66 __einfo_error ( EINFO_ENOTSUP_SIGNEDDATA )
67 #define EINFO_ENOTSUP_SIGNEDDATA \
68 __einfo_uniqify ( EINFO_ENOTSUP, 0x01, "Not a digital signature" )
70 /** "pkcs7-signedData" object identifier */
71 static uint8_t oid_signeddata[] = { ASN1_OID_SIGNEDDATA };
73 /** "pkcs7-signedData" object identifier cursor */
74 static struct asn1_cursor oid_signeddata_cursor =
75 ASN1_OID_CURSOR ( oid_signeddata );
78 * Parse CMS signature content type
80 * @v sig CMS signature
82 * @ret rc Return status code
84 static int cms_parse_content_type ( struct cms_signature *sig,
85 const struct asn1_cursor *raw ) {
86 struct asn1_cursor cursor;
88 /* Enter contentType */
89 memcpy ( &cursor, raw, sizeof ( cursor ) );
90 asn1_enter ( &cursor, ASN1_OID );
92 /* Check OID is pkcs7-signedData */
93 if ( asn1_compare ( &cursor, &oid_signeddata_cursor ) != 0 ) {
94 DBGC ( sig, "CMS %p does not contain signedData:\n", sig );
95 DBGC_HDA ( sig, 0, raw->data, raw->len );
96 return -ENOTSUP_SIGNEDDATA;
99 DBGC ( sig, "CMS %p contains signedData\n", sig );
104 * Parse CMS signature certificate list
106 * @v sig CMS signature
107 * @v raw ASN.1 cursor
108 * @ret rc Return status code
110 static int cms_parse_certificates ( struct cms_signature *sig,
111 const struct asn1_cursor *raw ) {
112 struct asn1_cursor cursor;
113 struct x509_certificate *cert;
116 /* Enter certificates */
117 memcpy ( &cursor, raw, sizeof ( cursor ) );
118 asn1_enter ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) );
120 /* Add each certificate */
121 while ( cursor.len ) {
123 /* Add certificate to chain */
124 if ( ( rc = x509_append_raw ( sig->certificates, cursor.data,
125 cursor.len ) ) != 0 ) {
126 DBGC ( sig, "CMS %p could not append certificate: %s\n",
127 sig, strerror ( rc) );
128 DBGC_HDA ( sig, 0, cursor.data, cursor.len );
131 cert = x509_last ( sig->certificates );
132 DBGC ( sig, "CMS %p found certificate %s\n",
133 sig, x509_name ( cert ) );
135 /* Move to next certificate */
136 asn1_skip_any ( &cursor );
143 * Identify CMS signature certificate by issuer and serial number
145 * @v sig CMS signature
147 * @v serial Serial number
148 * @ret cert X.509 certificate, or NULL if not found
150 static struct x509_certificate *
151 cms_find_issuer_serial ( struct cms_signature *sig,
152 const struct asn1_cursor *issuer,
153 const struct asn1_cursor *serial ) {
154 struct x509_link *link;
155 struct x509_certificate *cert;
157 /* Scan through certificate list */
158 list_for_each_entry ( link, &sig->certificates->links, list ) {
160 /* Check issuer and serial number */
162 if ( ( asn1_compare ( issuer, &cert->issuer.raw ) == 0 ) &&
163 ( asn1_compare ( serial, &cert->serial.raw ) == 0 ) )
171 * Parse CMS signature signer identifier
173 * @v sig CMS signature
174 * @v info Signer information to fill in
175 * @v raw ASN.1 cursor
176 * @ret rc Return status code
178 static int cms_parse_signer_identifier ( struct cms_signature *sig,
179 struct cms_signer_info *info,
180 const struct asn1_cursor *raw ) {
181 struct asn1_cursor cursor;
182 struct asn1_cursor serial;
183 struct asn1_cursor issuer;
184 struct x509_certificate *cert;
187 /* Enter issuerAndSerialNumber */
188 memcpy ( &cursor, raw, sizeof ( cursor ) );
189 asn1_enter ( &cursor, ASN1_SEQUENCE );
191 /* Identify issuer */
192 memcpy ( &issuer, &cursor, sizeof ( issuer ) );
193 if ( ( rc = asn1_shrink ( &issuer, ASN1_SEQUENCE ) ) != 0 ) {
194 DBGC ( sig, "CMS %p/%p could not locate issuer: %s\n",
195 sig, info, strerror ( rc ) );
196 DBGC_HDA ( sig, 0, raw->data, raw->len );
199 DBGC ( sig, "CMS %p/%p issuer is:\n", sig, info );
200 DBGC_HDA ( sig, 0, issuer.data, issuer.len );
201 asn1_skip_any ( &cursor );
203 /* Identify serialNumber */
204 memcpy ( &serial, &cursor, sizeof ( serial ) );
205 if ( ( rc = asn1_shrink ( &serial, ASN1_INTEGER ) ) != 0 ) {
206 DBGC ( sig, "CMS %p/%p could not locate serialNumber: %s\n",
207 sig, info, strerror ( rc ) );
208 DBGC_HDA ( sig, 0, raw->data, raw->len );
211 DBGC ( sig, "CMS %p/%p serial number is:\n", sig, info );
212 DBGC_HDA ( sig, 0, serial.data, serial.len );
214 /* Identify certificate */
215 cert = cms_find_issuer_serial ( sig, &issuer, &serial );
217 DBGC ( sig, "CMS %p/%p could not identify signer's "
218 "certificate\n", sig, info );
222 /* Append certificate to chain */
223 if ( ( rc = x509_append ( info->chain, cert ) ) != 0 ) {
224 DBGC ( sig, "CMS %p/%p could not append certificate: %s\n",
225 sig, info, strerror ( rc ) );
229 /* Append remaining certificates to chain */
230 if ( ( rc = x509_auto_append ( info->chain,
231 sig->certificates ) ) != 0 ) {
232 DBGC ( sig, "CMS %p/%p could not append certificates: %s\n",
233 sig, info, strerror ( rc ) );
241 * Parse CMS signature digest algorithm
243 * @v sig CMS signature
244 * @v info Signer information to fill in
245 * @v raw ASN.1 cursor
246 * @ret rc Return status code
248 static int cms_parse_digest_algorithm ( struct cms_signature *sig,
249 struct cms_signer_info *info,
250 const struct asn1_cursor *raw ) {
251 struct asn1_algorithm *algorithm;
254 /* Identify algorithm */
255 if ( ( rc = asn1_digest_algorithm ( raw, &algorithm ) ) != 0 ) {
256 DBGC ( sig, "CMS %p/%p could not identify digest algorithm: "
257 "%s\n", sig, info, strerror ( rc ) );
258 DBGC_HDA ( sig, 0, raw->data, raw->len );
262 /* Record digest algorithm */
263 info->digest = algorithm->digest;
264 DBGC ( sig, "CMS %p/%p digest algorithm is %s\n",
265 sig, info, algorithm->name );
271 * Parse CMS signature algorithm
273 * @v sig CMS signature
274 * @v info Signer information to fill in
275 * @v raw ASN.1 cursor
276 * @ret rc Return status code
278 static int cms_parse_signature_algorithm ( struct cms_signature *sig,
279 struct cms_signer_info *info,
280 const struct asn1_cursor *raw ) {
281 struct asn1_algorithm *algorithm;
284 /* Identify algorithm */
285 if ( ( rc = asn1_pubkey_algorithm ( raw, &algorithm ) ) != 0 ) {
286 DBGC ( sig, "CMS %p/%p could not identify public-key "
287 "algorithm: %s\n", sig, info, strerror ( rc ) );
288 DBGC_HDA ( sig, 0, raw->data, raw->len );
292 /* Record signature algorithm */
293 info->pubkey = algorithm->pubkey;
294 DBGC ( sig, "CMS %p/%p public-key algorithm is %s\n",
295 sig, info, algorithm->name );
301 * Parse CMS signature value
303 * @v sig CMS signature
304 * @v info Signer information to fill in
305 * @v raw ASN.1 cursor
306 * @ret rc Return status code
308 static int cms_parse_signature_value ( struct cms_signature *sig,
309 struct cms_signer_info *info,
310 const struct asn1_cursor *raw ) {
311 struct asn1_cursor cursor;
314 /* Enter signature */
315 memcpy ( &cursor, raw, sizeof ( cursor ) );
316 if ( ( rc = asn1_enter ( &cursor, ASN1_OCTET_STRING ) ) != 0 ) {
317 DBGC ( sig, "CMS %p/%p could not locate signature:\n",
319 DBGC_HDA ( sig, 0, raw->data, raw->len );
323 /* Record signature */
324 info->signature_len = cursor.len;
325 info->signature = malloc ( info->signature_len );
326 if ( ! info->signature )
328 memcpy ( info->signature, cursor.data, info->signature_len );
329 DBGC ( sig, "CMS %p/%p signature value is:\n", sig, info );
330 DBGC_HDA ( sig, 0, info->signature, info->signature_len );
336 * Parse CMS signature signer information
338 * @v sig CMS signature
339 * @v info Signer information to fill in
340 * @v raw ASN.1 cursor
341 * @ret rc Return status code
343 static int cms_parse_signer_info ( struct cms_signature *sig,
344 struct cms_signer_info *info,
345 const struct asn1_cursor *raw ) {
346 struct asn1_cursor cursor;
349 /* Enter signerInfo */
350 memcpy ( &cursor, raw, sizeof ( cursor ) );
351 asn1_enter ( &cursor, ASN1_SEQUENCE );
354 asn1_skip ( &cursor, ASN1_INTEGER );
357 if ( ( rc = cms_parse_signer_identifier ( sig, info, &cursor ) ) != 0 )
359 asn1_skip_any ( &cursor );
361 /* Parse digestAlgorithm */
362 if ( ( rc = cms_parse_digest_algorithm ( sig, info, &cursor ) ) != 0 )
364 asn1_skip_any ( &cursor );
366 /* Skip signedAttrs, if present */
367 asn1_skip_if_exists ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) );
369 /* Parse signatureAlgorithm */
370 if ( ( rc = cms_parse_signature_algorithm ( sig, info, &cursor ) ) != 0)
372 asn1_skip_any ( &cursor );
374 /* Parse signature */
375 if ( ( rc = cms_parse_signature_value ( sig, info, &cursor ) ) != 0 )
382 * Parse CMS signature from ASN.1 data
384 * @v sig CMS signature
385 * @v raw ASN.1 cursor
386 * @ret rc Return status code
388 static int cms_parse ( struct cms_signature *sig,
389 const struct asn1_cursor *raw ) {
390 struct asn1_cursor cursor;
391 struct cms_signer_info *info;
394 /* Enter contentInfo */
395 memcpy ( &cursor, raw, sizeof ( cursor ) );
396 asn1_enter ( &cursor, ASN1_SEQUENCE );
398 /* Parse contentType */
400 if ( ( rc = cms_parse_content_type ( sig, &cursor ) ) != 0 )
402 asn1_skip_any ( &cursor );
405 asn1_enter ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) );
407 /* Enter signedData */
408 asn1_enter ( &cursor, ASN1_SEQUENCE );
411 asn1_skip ( &cursor, ASN1_INTEGER );
413 /* Skip digestAlgorithms */
414 asn1_skip ( &cursor, ASN1_SET );
416 /* Skip encapContentInfo */
417 asn1_skip ( &cursor, ASN1_SEQUENCE );
419 /* Parse certificates */
420 if ( ( rc = cms_parse_certificates ( sig, &cursor ) ) != 0 )
422 asn1_skip_any ( &cursor );
424 /* Skip crls, if present */
425 asn1_skip_if_exists ( &cursor, ASN1_EXPLICIT_TAG ( 1 ) );
427 /* Enter signerInfos */
428 asn1_enter ( &cursor, ASN1_SET );
430 /* Add each signerInfo. Errors are handled by ensuring that
431 * cms_put() will always be able to free any allocated memory.
433 while ( cursor.len ) {
435 /* Allocate signer information block */
436 info = zalloc ( sizeof ( *info ) );
439 list_add ( &info->list, &sig->info );
441 /* Allocate certificate chain */
442 info->chain = x509_alloc_chain();
446 /* Parse signerInfo */
447 if ( ( rc = cms_parse_signer_info ( sig, info,
450 asn1_skip_any ( &cursor );
459 * @v refcnt Reference count
461 static void cms_free ( struct refcnt *refcnt ) {
462 struct cms_signature *sig =
463 container_of ( refcnt, struct cms_signature, refcnt );
464 struct cms_signer_info *info;
465 struct cms_signer_info *tmp;
467 list_for_each_entry_safe ( info, tmp, &sig->info, list ) {
468 list_del ( &info->list );
469 x509_chain_put ( info->chain );
470 free ( info->signature );
473 x509_chain_put ( sig->certificates );
478 * Create CMS signature
480 * @v data Raw signature data
481 * @v len Length of raw data
482 * @ret sig CMS signature
483 * @ret rc Return status code
485 * On success, the caller holds a reference to the CMS signature, and
486 * is responsible for ultimately calling cms_put().
488 int cms_signature ( const void *data, size_t len, struct cms_signature **sig ) {
489 struct asn1_cursor cursor;
492 /* Allocate and initialise signature */
493 *sig = zalloc ( sizeof ( **sig ) );
498 ref_init ( &(*sig)->refcnt, cms_free );
499 INIT_LIST_HEAD ( &(*sig)->info );
501 /* Allocate certificate list */
502 (*sig)->certificates = x509_alloc_chain();
503 if ( ! (*sig)->certificates ) {
505 goto err_alloc_chain;
508 /* Initialise cursor */
511 asn1_shrink_any ( &cursor );
513 /* Parse signature */
514 if ( ( rc = cms_parse ( *sig, &cursor ) ) != 0 )
527 * Calculate digest of CMS-signed data
529 * @v sig CMS signature
530 * @v info Signer information
531 * @v data Signed data
532 * @v len Length of signed data
533 * @v out Digest output
535 static void cms_digest ( struct cms_signature *sig,
536 struct cms_signer_info *info,
537 userptr_t data, size_t len, void *out ) {
538 struct digest_algorithm *digest = info->digest;
539 uint8_t ctx[ digest->ctxsize ];
540 uint8_t block[ digest->blocksize ];
544 /* Initialise digest */
545 digest_init ( digest, ctx );
547 /* Process data one block at a time */
550 if ( frag_len > sizeof ( block ) )
551 frag_len = sizeof ( block );
552 copy_from_user ( block, data, offset, frag_len );
553 digest_update ( digest, ctx, block, frag_len );
558 /* Finalise digest */
559 digest_final ( digest, ctx, out );
561 DBGC ( sig, "CMS %p/%p digest value:\n", sig, info );
562 DBGC_HDA ( sig, 0, out, digest->digestsize );
566 * Verify digest of CMS-signed data
568 * @v sig CMS signature
569 * @v info Signer information
570 * @v cert Corresponding certificate
571 * @v data Signed data
572 * @v len Length of signed data
573 * @ret rc Return status code
575 static int cms_verify_digest ( struct cms_signature *sig,
576 struct cms_signer_info *info,
577 struct x509_certificate *cert,
578 userptr_t data, size_t len ) {
579 struct digest_algorithm *digest = info->digest;
580 struct pubkey_algorithm *pubkey = info->pubkey;
581 struct x509_public_key *public_key = &cert->subject.public_key;
582 uint8_t digest_out[ digest->digestsize ];
583 uint8_t ctx[ pubkey->ctxsize ];
586 /* Generate digest */
587 cms_digest ( sig, info, data, len, digest_out );
589 /* Initialise public-key algorithm */
590 if ( ( rc = pubkey_init ( pubkey, ctx, public_key->raw.data,
591 public_key->raw.len ) ) != 0 ) {
592 DBGC ( sig, "CMS %p/%p could not initialise public key: %s\n",
593 sig, info, strerror ( rc ) );
598 if ( ( rc = pubkey_verify ( pubkey, ctx, digest, digest_out,
600 info->signature_len ) ) != 0 ) {
601 DBGC ( sig, "CMS %p/%p signature verification failed: %s\n",
602 sig, info, strerror ( rc ) );
607 pubkey_final ( pubkey, ctx );
613 * Verify CMS signature signer information
615 * @v sig CMS signature
616 * @v info Signer information
617 * @v data Signed data
618 * @v len Length of signed data
619 * @v time Time at which to validate certificates
620 * @v store Certificate store, or NULL to use default
621 * @v root Root certificate list, or NULL to use default
622 * @ret rc Return status code
624 static int cms_verify_signer_info ( struct cms_signature *sig,
625 struct cms_signer_info *info,
626 userptr_t data, size_t len,
627 time_t time, struct x509_chain *store,
628 struct x509_root *root ) {
629 struct x509_certificate *cert;
632 /* Validate certificate chain */
633 if ( ( rc = x509_validate_chain ( info->chain, time, store,
635 DBGC ( sig, "CMS %p/%p could not validate chain: %s\n",
636 sig, info, strerror ( rc ) );
640 /* Extract code-signing certificate */
641 cert = x509_first ( info->chain );
642 assert ( cert != NULL );
644 /* Check that certificate can create digital signatures */
645 if ( ! ( cert->extensions.usage.bits & X509_DIGITAL_SIGNATURE ) ) {
646 DBGC ( sig, "CMS %p/%p certificate cannot create signatures\n",
648 return -EACCES_NON_SIGNING;
651 /* Check that certificate can sign code */
652 if ( ! ( cert->extensions.ext_usage.bits & X509_CODE_SIGNING ) ) {
653 DBGC ( sig, "CMS %p/%p certificate is not code-signing\n",
655 return -EACCES_NON_CODE_SIGNING;
659 if ( ( rc = cms_verify_digest ( sig, info, cert, data, len ) ) != 0 )
666 * Verify CMS signature
668 * @v sig CMS signature
669 * @v data Signed data
670 * @v len Length of signed data
671 * @v name Required common name, or NULL to check all signatures
672 * @v time Time at which to validate certificates
673 * @v store Certificate store, or NULL to use default
674 * @v root Root certificate list, or NULL to use default
675 * @ret rc Return status code
677 int cms_verify ( struct cms_signature *sig, userptr_t data, size_t len,
678 const char *name, time_t time, struct x509_chain *store,
679 struct x509_root *root ) {
680 struct cms_signer_info *info;
681 struct x509_certificate *cert;
685 /* Verify using all signerInfos */
686 list_for_each_entry ( info, &sig->info, list ) {
687 cert = x509_first ( info->chain );
688 if ( name && ( x509_check_name ( cert, name ) != 0 ) )
690 if ( ( rc = cms_verify_signer_info ( sig, info, data, len, time,
691 store, root ) ) != 0 )
696 /* Check that we have verified at least one signature */
699 DBGC ( sig, "CMS %p had no signatures matching name "
701 return -EACCES_WRONG_NAME;
703 DBGC ( sig, "CMS %p had no signatures\n", sig );
704 return -EACCES_NO_SIGNATURES;