xref: /freebsd/usr.sbin/uefisign/uefisign.c (revision 86aa9539fef591a363b06a0ebd3aa7a07f4c1579)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3  *
4  * Copyright (c) 2014 The FreeBSD Foundation
5  * All rights reserved.
6  *
7  * This software was developed by Edward Tomasz Napierala under sponsorship
8  * from the FreeBSD Foundation.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  *
31  */
32 
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
35 
36 #include <sys/wait.h>
37 #include <assert.h>
38 #include <err.h>
39 #include <errno.h>
40 #include <stdio.h>
41 #include <string.h>
42 #include <unistd.h>
43 
44 #include <openssl/conf.h>
45 #include <openssl/evp.h>
46 #include <openssl/err.h>
47 #include <openssl/pem.h>
48 #include <openssl/pkcs7.h>
49 
50 #include "uefisign.h"
51 #include "magic.h"
52 
53 static void
54 usage(void)
55 {
56 
57 	fprintf(stderr, "usage: uefisign -c cert -k key -o outfile [-v] file\n"
58 			"       uefisign -V [-c cert] [-v] file\n");
59 	exit(1);
60 }
61 
62 static char *
63 checked_strdup(const char *s)
64 {
65 	char *c;
66 
67 	c = strdup(s);
68 	if (c == NULL)
69 		err(1, "strdup");
70 	return (c);
71 }
72 
73 FILE *
74 checked_fopen(const char *path, const char *mode)
75 {
76 	FILE *fp;
77 
78 	assert(path != NULL);
79 
80 	fp = fopen(path, mode);
81 	if (fp == NULL)
82 		err(1, "%s", path);
83 	return (fp);
84 }
85 
86 void
87 send_chunk(const void *buf, size_t len, int pipefd)
88 {
89 	ssize_t ret;
90 
91 	ret = write(pipefd, &len, sizeof(len));
92 	if (ret != sizeof(len))
93 		err(1, "write");
94 	ret = write(pipefd, buf, len);
95 	if (ret != (ssize_t)len)
96 		err(1, "write");
97 }
98 
99 void
100 receive_chunk(void **bufp, size_t *lenp, int pipefd)
101 {
102 	ssize_t ret;
103 	size_t len;
104 	void *buf;
105 
106 	ret = read(pipefd, &len, sizeof(len));
107 	if (ret != sizeof(len))
108 		err(1, "read");
109 
110 	buf = calloc(1, len);
111 	if (buf == NULL)
112 		err(1, "calloc");
113 
114 	ret = read(pipefd, buf, len);
115 	if (ret != (ssize_t)len)
116 		err(1, "read");
117 
118 	*bufp = buf;
119 	*lenp = len;
120 }
121 
122 static char *
123 bin2hex(const char *bin, size_t bin_len)
124 {
125 	unsigned char *hex, *tmp, ch;
126 	size_t hex_len;
127 	size_t i;
128 
129 	hex_len = bin_len * 2 + 1; /* +1 for '\0'. */
130 	hex = malloc(hex_len);
131 	if (hex == NULL)
132 		err(1, "malloc");
133 
134 	tmp = hex;
135 	for (i = 0; i < bin_len; i++) {
136 		ch = bin[i];
137 		tmp += sprintf(tmp, "%02x", ch);
138 	}
139 
140 	return (hex);
141 }
142 
143 /*
144  * We need to replace a standard chunk of PKCS7 signature with one mandated
145  * by Authenticode.  Problem is, replacing it just like that and then calling
146  * PKCS7_final() would make OpenSSL segfault somewhere in PKCS7_dataFinal().
147  * So, instead, we call PKCS7_dataInit(), then put our Authenticode-specific
148  * data into BIO it returned, then call PKCS7_dataFinal() - which now somehow
149  * does not panic - and _then_ we replace it in the signature.  This technique
150  * was used in sbsigntool by Jeremy Kerr, and might have originated in
151  * osslsigncode.
152  */
153 static void
154 magic(PKCS7 *pkcs7, const char *digest, size_t digest_len)
155 {
156 	BIO *bio, *t_bio;
157 	ASN1_TYPE *t;
158 	ASN1_STRING *s;
159 	CONF *cnf;
160 	unsigned char *buf, *tmp;
161 	char *digest_hex, *magic_conf, *str;
162 	int len, nid, ok;
163 
164 	digest_hex = bin2hex(digest, digest_len);
165 
166 	/*
167 	 * Construct the SpcIndirectDataContent chunk.
168 	 */
169 	nid = OBJ_create("1.3.6.1.4.1.311.2.1.4", NULL, NULL);
170 
171 	asprintf(&magic_conf, magic_fmt, digest_hex);
172 	if (magic_conf == NULL)
173 		err(1, "asprintf");
174 
175 	bio = BIO_new_mem_buf((void *)magic_conf, -1);
176 	if (bio == NULL) {
177 		ERR_print_errors_fp(stderr);
178 		errx(1, "BIO_new_mem_buf(3) failed");
179 	}
180 
181 	cnf = NCONF_new(NULL);
182 	if (cnf == NULL) {
183 		ERR_print_errors_fp(stderr);
184 		errx(1, "NCONF_new(3) failed");
185 	}
186 
187 	ok = NCONF_load_bio(cnf, bio, NULL);
188 	if (ok == 0) {
189 		ERR_print_errors_fp(stderr);
190 		errx(1, "NCONF_load_bio(3) failed");
191 	}
192 
193 	str = NCONF_get_string(cnf, "default", "asn1");
194 	if (str == NULL) {
195 		ERR_print_errors_fp(stderr);
196 		errx(1, "NCONF_get_string(3) failed");
197 	}
198 
199 	t = ASN1_generate_nconf(str, cnf);
200 	if (t == NULL) {
201 		ERR_print_errors_fp(stderr);
202 		errx(1, "ASN1_generate_nconf(3) failed");
203 	}
204 
205 	/*
206 	 * We now have our proprietary piece of ASN.1.  Let's do
207 	 * the actual signing.
208 	 */
209 	len = i2d_ASN1_TYPE(t, NULL);
210 	tmp = buf = calloc(1, len);
211 	if (tmp == NULL)
212 		err(1, "calloc");
213 	i2d_ASN1_TYPE(t, &tmp);
214 
215 	/*
216 	 * We now have contents of 't' stuffed into memory buffer 'buf'.
217 	 */
218 	tmp = NULL;
219 	t = NULL;
220 
221 	t_bio = PKCS7_dataInit(pkcs7, NULL);
222 	if (t_bio == NULL) {
223 		ERR_print_errors_fp(stderr);
224 		errx(1, "PKCS7_dataInit(3) failed");
225 	}
226 
227 	BIO_write(t_bio, buf + 2, len - 2);
228 
229 	ok = PKCS7_dataFinal(pkcs7, t_bio);
230 	if (ok == 0) {
231 		ERR_print_errors_fp(stderr);
232 		errx(1, "PKCS7_dataFinal(3) failed");
233 	}
234 
235 	t = ASN1_TYPE_new();
236 	s = ASN1_STRING_new();
237 	ASN1_STRING_set(s, buf, len);
238 	ASN1_TYPE_set(t, V_ASN1_SEQUENCE, s);
239 
240 	PKCS7_set0_type_other(pkcs7->d.sign->contents, nid, t);
241 }
242 
243 static void
244 sign(X509 *cert, EVP_PKEY *key, int pipefd)
245 {
246 	PKCS7 *pkcs7;
247 	BIO *bio, *out;
248 	const EVP_MD *md;
249 	PKCS7_SIGNER_INFO *info;
250 	void *digest, *signature;
251 	size_t digest_len, signature_len;
252 	int ok;
253 
254 	assert(cert != NULL);
255 	assert(key != NULL);
256 
257 	receive_chunk(&digest, &digest_len, pipefd);
258 
259 	bio = BIO_new_mem_buf(digest, digest_len);
260 	if (bio == NULL) {
261 		ERR_print_errors_fp(stderr);
262 		errx(1, "BIO_new_mem_buf(3) failed");
263 	}
264 
265 	pkcs7 = PKCS7_sign(NULL, NULL, NULL, bio, PKCS7_BINARY | PKCS7_PARTIAL);
266 	if (pkcs7 == NULL) {
267 		ERR_print_errors_fp(stderr);
268 		errx(1, "PKCS7_sign(3) failed");
269 	}
270 
271 	md = EVP_get_digestbyname(DIGEST);
272 	if (md == NULL) {
273 		ERR_print_errors_fp(stderr);
274 		errx(1, "EVP_get_digestbyname(\"%s\") failed", DIGEST);
275 	}
276 
277 	info = PKCS7_sign_add_signer(pkcs7, cert, key, md, 0);
278 	if (info == NULL) {
279 		ERR_print_errors_fp(stderr);
280 		errx(1, "PKCS7_sign_add_signer(3) failed");
281 	}
282 
283 	/*
284 	 * XXX: All the signed binaries seem to have this, but where is it
285 	 *      described in the spec?
286 	 */
287 	PKCS7_add_signed_attribute(info, NID_pkcs9_contentType,
288 	    V_ASN1_OBJECT, OBJ_txt2obj("1.3.6.1.4.1.311.2.1.4", 1));
289 
290 	magic(pkcs7, digest, digest_len);
291 
292 #if 0
293 	out = BIO_new(BIO_s_file());
294 	BIO_set_fp(out, stdout, BIO_NOCLOSE);
295 	PKCS7_print_ctx(out, pkcs7, 0, NULL);
296 
297 	i2d_PKCS7_bio(out, pkcs7);
298 #endif
299 
300 	out = BIO_new(BIO_s_mem());
301 	if (out == NULL) {
302 		ERR_print_errors_fp(stderr);
303 		errx(1, "BIO_new(3) failed");
304 	}
305 
306 	ok = i2d_PKCS7_bio(out, pkcs7);
307 	if (ok == 0) {
308 		ERR_print_errors_fp(stderr);
309 		errx(1, "i2d_PKCS7_bio(3) failed");
310 	}
311 
312 	signature_len = BIO_get_mem_data(out, &signature);
313 	if (signature_len <= 0) {
314 		ERR_print_errors_fp(stderr);
315 		errx(1, "BIO_get_mem_data(3) failed");
316 	}
317 
318 	(void)BIO_set_close(out, BIO_NOCLOSE);
319 	BIO_free(out);
320 
321 	send_chunk(signature, signature_len, pipefd);
322 }
323 
324 static int
325 wait_for_child(pid_t pid)
326 {
327 	int status;
328 
329 	pid = waitpid(pid, &status, 0);
330 	if (pid == -1)
331 		err(1, "waitpid");
332 
333 	return (WEXITSTATUS(status));
334 }
335 
336 int
337 main(int argc, char **argv)
338 {
339 	int ch, error;
340 	bool Vflag = false, vflag = false;
341 	const char *certpath = NULL, *keypath = NULL, *outpath = NULL, *inpath = NULL;
342 	FILE *certfp = NULL, *keyfp = NULL;
343 	X509 *cert = NULL;
344 	EVP_PKEY *key = NULL;
345 	pid_t pid;
346 	int pipefds[2];
347 
348 	while ((ch = getopt(argc, argv, "Vc:k:o:v")) != -1) {
349 		switch (ch) {
350 		case 'V':
351 			Vflag = true;
352 			break;
353 		case 'c':
354 			certpath = checked_strdup(optarg);
355 			break;
356 		case 'k':
357 			keypath = checked_strdup(optarg);
358 			break;
359 		case 'o':
360 			outpath = checked_strdup(optarg);
361 			break;
362 		case 'v':
363 			vflag = true;
364 			break;
365 		default:
366 			usage();
367 		}
368 	}
369 
370 	argc -= optind;
371 	argv += optind;
372 	if (argc != 1)
373 		usage();
374 
375 	if (Vflag) {
376 		if (certpath != NULL)
377 			errx(1, "-V and -c are mutually exclusive");
378 		if (keypath != NULL)
379 			errx(1, "-V and -k are mutually exclusive");
380 		if (outpath != NULL)
381 			errx(1, "-V and -o are mutually exclusive");
382 	} else {
383 		if (certpath == NULL)
384 			errx(1, "-c option is mandatory");
385 		if (keypath == NULL)
386 			errx(1, "-k option is mandatory");
387 		if (outpath == NULL)
388 			errx(1, "-o option is mandatory");
389 	}
390 
391 	inpath = argv[0];
392 
393 	OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG |
394 	    OPENSSL_INIT_LOAD_CRYPTO_STRINGS |
395 	    OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
396 
397 	error = pipe(pipefds);
398 	if (error != 0)
399 		err(1, "pipe");
400 
401 	pid = fork();
402 	if (pid < 0)
403 		err(1, "fork");
404 
405 	if (pid == 0)
406 		return (child(inpath, outpath, pipefds[1], Vflag, vflag));
407 
408 	if (!Vflag) {
409 		certfp = checked_fopen(certpath, "r");
410 		cert = PEM_read_X509(certfp, NULL, NULL, NULL);
411 		if (cert == NULL) {
412 			ERR_print_errors_fp(stderr);
413 			errx(1, "failed to load certificate from %s", certpath);
414 		}
415 
416 		keyfp = checked_fopen(keypath, "r");
417 		key = PEM_read_PrivateKey(keyfp, NULL, NULL, NULL);
418 		if (key == NULL) {
419 			ERR_print_errors_fp(stderr);
420 			errx(1, "failed to load private key from %s", keypath);
421 		}
422 
423 		sign(cert, key, pipefds[0]);
424 	}
425 
426 	return (wait_for_child(pid));
427 }
428