162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later 262306a36Sopenharmony_ci/* Parse a Microsoft Individual Code Signing blob 362306a36Sopenharmony_ci * 462306a36Sopenharmony_ci * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. 562306a36Sopenharmony_ci * Written by David Howells (dhowells@redhat.com) 662306a36Sopenharmony_ci */ 762306a36Sopenharmony_ci 862306a36Sopenharmony_ci#define pr_fmt(fmt) "MSCODE: "fmt 962306a36Sopenharmony_ci#include <linux/kernel.h> 1062306a36Sopenharmony_ci#include <linux/slab.h> 1162306a36Sopenharmony_ci#include <linux/err.h> 1262306a36Sopenharmony_ci#include <linux/oid_registry.h> 1362306a36Sopenharmony_ci#include <crypto/pkcs7.h> 1462306a36Sopenharmony_ci#include "verify_pefile.h" 1562306a36Sopenharmony_ci#include "mscode.asn1.h" 1662306a36Sopenharmony_ci 1762306a36Sopenharmony_ci/* 1862306a36Sopenharmony_ci * Parse a Microsoft Individual Code Signing blob 1962306a36Sopenharmony_ci */ 2062306a36Sopenharmony_ciint mscode_parse(void *_ctx, const void *content_data, size_t data_len, 2162306a36Sopenharmony_ci size_t asn1hdrlen) 2262306a36Sopenharmony_ci{ 2362306a36Sopenharmony_ci struct pefile_context *ctx = _ctx; 2462306a36Sopenharmony_ci 2562306a36Sopenharmony_ci content_data -= asn1hdrlen; 2662306a36Sopenharmony_ci data_len += asn1hdrlen; 2762306a36Sopenharmony_ci pr_devel("Data: %zu [%*ph]\n", data_len, (unsigned)(data_len), 2862306a36Sopenharmony_ci content_data); 2962306a36Sopenharmony_ci 3062306a36Sopenharmony_ci return asn1_ber_decoder(&mscode_decoder, ctx, content_data, data_len); 3162306a36Sopenharmony_ci} 3262306a36Sopenharmony_ci 3362306a36Sopenharmony_ci/* 3462306a36Sopenharmony_ci * Check the content type OID 3562306a36Sopenharmony_ci */ 3662306a36Sopenharmony_ciint mscode_note_content_type(void *context, size_t hdrlen, 3762306a36Sopenharmony_ci unsigned char tag, 3862306a36Sopenharmony_ci const void *value, size_t vlen) 3962306a36Sopenharmony_ci{ 4062306a36Sopenharmony_ci enum OID oid; 4162306a36Sopenharmony_ci 4262306a36Sopenharmony_ci oid = look_up_OID(value, vlen); 4362306a36Sopenharmony_ci if (oid == OID__NR) { 4462306a36Sopenharmony_ci char buffer[50]; 4562306a36Sopenharmony_ci 4662306a36Sopenharmony_ci sprint_oid(value, vlen, buffer, sizeof(buffer)); 4762306a36Sopenharmony_ci pr_err("Unknown OID: %s\n", buffer); 4862306a36Sopenharmony_ci return -EBADMSG; 4962306a36Sopenharmony_ci } 5062306a36Sopenharmony_ci 5162306a36Sopenharmony_ci /* 5262306a36Sopenharmony_ci * pesign utility had a bug where it was putting 5362306a36Sopenharmony_ci * OID_msIndividualSPKeyPurpose instead of OID_msPeImageDataObjId 5462306a36Sopenharmony_ci * So allow both OIDs. 5562306a36Sopenharmony_ci */ 5662306a36Sopenharmony_ci if (oid != OID_msPeImageDataObjId && 5762306a36Sopenharmony_ci oid != OID_msIndividualSPKeyPurpose) { 5862306a36Sopenharmony_ci pr_err("Unexpected content type OID %u\n", oid); 5962306a36Sopenharmony_ci return -EBADMSG; 6062306a36Sopenharmony_ci } 6162306a36Sopenharmony_ci 6262306a36Sopenharmony_ci return 0; 6362306a36Sopenharmony_ci} 6462306a36Sopenharmony_ci 6562306a36Sopenharmony_ci/* 6662306a36Sopenharmony_ci * Note the digest algorithm OID 6762306a36Sopenharmony_ci */ 6862306a36Sopenharmony_ciint mscode_note_digest_algo(void *context, size_t hdrlen, 6962306a36Sopenharmony_ci unsigned char tag, 7062306a36Sopenharmony_ci const void *value, size_t vlen) 7162306a36Sopenharmony_ci{ 7262306a36Sopenharmony_ci struct pefile_context *ctx = context; 7362306a36Sopenharmony_ci char buffer[50]; 7462306a36Sopenharmony_ci enum OID oid; 7562306a36Sopenharmony_ci 7662306a36Sopenharmony_ci oid = look_up_OID(value, vlen); 7762306a36Sopenharmony_ci switch (oid) { 7862306a36Sopenharmony_ci case OID_md4: 7962306a36Sopenharmony_ci ctx->digest_algo = "md4"; 8062306a36Sopenharmony_ci break; 8162306a36Sopenharmony_ci case OID_md5: 8262306a36Sopenharmony_ci ctx->digest_algo = "md5"; 8362306a36Sopenharmony_ci break; 8462306a36Sopenharmony_ci case OID_sha1: 8562306a36Sopenharmony_ci ctx->digest_algo = "sha1"; 8662306a36Sopenharmony_ci break; 8762306a36Sopenharmony_ci case OID_sha256: 8862306a36Sopenharmony_ci ctx->digest_algo = "sha256"; 8962306a36Sopenharmony_ci break; 9062306a36Sopenharmony_ci case OID_sha384: 9162306a36Sopenharmony_ci ctx->digest_algo = "sha384"; 9262306a36Sopenharmony_ci break; 9362306a36Sopenharmony_ci case OID_sha512: 9462306a36Sopenharmony_ci ctx->digest_algo = "sha512"; 9562306a36Sopenharmony_ci break; 9662306a36Sopenharmony_ci case OID_sha224: 9762306a36Sopenharmony_ci ctx->digest_algo = "sha224"; 9862306a36Sopenharmony_ci break; 9962306a36Sopenharmony_ci 10062306a36Sopenharmony_ci case OID__NR: 10162306a36Sopenharmony_ci sprint_oid(value, vlen, buffer, sizeof(buffer)); 10262306a36Sopenharmony_ci pr_err("Unknown OID: %s\n", buffer); 10362306a36Sopenharmony_ci return -EBADMSG; 10462306a36Sopenharmony_ci 10562306a36Sopenharmony_ci default: 10662306a36Sopenharmony_ci pr_err("Unsupported content type: %u\n", oid); 10762306a36Sopenharmony_ci return -ENOPKG; 10862306a36Sopenharmony_ci } 10962306a36Sopenharmony_ci 11062306a36Sopenharmony_ci return 0; 11162306a36Sopenharmony_ci} 11262306a36Sopenharmony_ci 11362306a36Sopenharmony_ci/* 11462306a36Sopenharmony_ci * Note the digest we're guaranteeing with this certificate 11562306a36Sopenharmony_ci */ 11662306a36Sopenharmony_ciint mscode_note_digest(void *context, size_t hdrlen, 11762306a36Sopenharmony_ci unsigned char tag, 11862306a36Sopenharmony_ci const void *value, size_t vlen) 11962306a36Sopenharmony_ci{ 12062306a36Sopenharmony_ci struct pefile_context *ctx = context; 12162306a36Sopenharmony_ci 12262306a36Sopenharmony_ci ctx->digest = kmemdup(value, vlen, GFP_KERNEL); 12362306a36Sopenharmony_ci if (!ctx->digest) 12462306a36Sopenharmony_ci return -ENOMEM; 12562306a36Sopenharmony_ci 12662306a36Sopenharmony_ci ctx->digest_len = vlen; 12762306a36Sopenharmony_ci 12862306a36Sopenharmony_ci return 0; 12962306a36Sopenharmony_ci} 130