1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* Parse a Microsoft Individual Code Signing blob 3 * 4 * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 */ 7 8 #define pr_fmt(fmt) "MSCODE: "fmt 9 #include <linux/kernel.h> 10 #include <linux/slab.h> 11 #include <linux/err.h> 12 #include <linux/oid_registry.h> 13 #include <crypto/pkcs7.h> 14 #include "verify_pefile.h" 15 #include "mscode.asn1.h" 16 17 /* 18 * Parse a Microsoft Individual Code Signing blob 19 */ 20 int mscode_parse(void *_ctx, const void *content_data, size_t data_len, 21 size_t asn1hdrlen) 22 { 23 struct pefile_context *ctx = _ctx; 24 25 content_data -= asn1hdrlen; 26 data_len += asn1hdrlen; 27 pr_devel("Data: %zu [%*ph]\n", data_len, (unsigned)(data_len), 28 content_data); 29 30 return asn1_ber_decoder(&mscode_decoder, ctx, content_data, data_len); 31 } 32 33 /* 34 * Check the content type OID 35 */ 36 int mscode_note_content_type(void *context, size_t hdrlen, 37 unsigned char tag, 38 const void *value, size_t vlen) 39 { 40 enum OID oid; 41 42 oid = look_up_OID(value, vlen); 43 if (oid == OID__NR) { 44 char buffer[50]; 45 46 sprint_oid(value, vlen, buffer, sizeof(buffer)); 47 pr_err("Unknown OID: %s\n", buffer); 48 return -EBADMSG; 49 } 50 51 /* 52 * pesign utility had a bug where it was putting 53 * OID_msIndividualSPKeyPurpose instead of OID_msPeImageDataObjId 54 * So allow both OIDs. 55 */ 56 if (oid != OID_msPeImageDataObjId && 57 oid != OID_msIndividualSPKeyPurpose) { 58 pr_err("Unexpected content type OID %u\n", oid); 59 return -EBADMSG; 60 } 61 62 return 0; 63 } 64 65 /* 66 * Note the digest algorithm OID 67 */ 68 int mscode_note_digest_algo(void *context, size_t hdrlen, 69 unsigned char tag, 70 const void *value, size_t vlen) 71 { 72 struct pefile_context *ctx = context; 73 char buffer[50]; 74 enum OID oid; 75 76 oid = look_up_OID(value, vlen); 77 switch (oid) { 78 case OID_sha1: 79 ctx->digest_algo = "sha1"; 80 break; 81 case OID_sha256: 82 ctx->digest_algo = "sha256"; 83 break; 84 case OID_sha384: 85 ctx->digest_algo = "sha384"; 86 break; 87 case OID_sha512: 88 ctx->digest_algo = "sha512"; 89 break; 90 case OID_sha3_256: 91 ctx->digest_algo = "sha3-256"; 92 break; 93 case OID_sha3_384: 94 ctx->digest_algo = "sha3-384"; 95 break; 96 case OID_sha3_512: 97 ctx->digest_algo = "sha3-512"; 98 break; 99 100 case OID__NR: 101 sprint_oid(value, vlen, buffer, sizeof(buffer)); 102 pr_err("Unknown OID: %s\n", buffer); 103 return -EBADMSG; 104 105 default: 106 pr_err("Unsupported content type: %u\n", oid); 107 return -ENOPKG; 108 } 109 110 return 0; 111 } 112 113 /* 114 * Note the digest we're guaranteeing with this certificate 115 */ 116 int mscode_note_digest(void *context, size_t hdrlen, 117 unsigned char tag, 118 const void *value, size_t vlen) 119 { 120 struct pefile_context *ctx = context; 121 122 ctx->digest = kmemdup(value, vlen, GFP_KERNEL); 123 if (!ctx->digest) 124 return -ENOMEM; 125 126 ctx->digest_len = vlen; 127 128 return 0; 129 } 130