3 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
12 #define pr_fmt(fmt) "PKCS7: "fmt
13 #include <linux/kernel.h>
14 #include <linux/export.h>
15 #include <linux/slab.h>
16 #include <linux/err.h>
17 #include <linux/oid_registry.h>
18 #include <crypto/public_key.h>
19 #include "pkcs7_parser.h"
20 #include "pkcs7-asn1.h"
22 struct pkcs7_parse_context
{
23 struct pkcs7_message
*msg
; /* Message being constructed */
24 struct pkcs7_signed_info
*sinfo
; /* SignedInfo being constructed */
25 struct pkcs7_signed_info
**ppsinfo
;
26 struct x509_certificate
*certs
; /* Certificate cache */
27 struct x509_certificate
**ppcerts
;
28 unsigned long data
; /* Start of data */
29 enum OID last_oid
; /* Last OID encountered */
32 const void *raw_serial
;
33 unsigned raw_serial_size
;
34 unsigned raw_issuer_size
;
35 const void *raw_issuer
;
37 unsigned raw_skid_size
;
42 * Free a signed information block.
44 static void pkcs7_free_signed_info(struct pkcs7_signed_info
*sinfo
)
48 kfree(sinfo
->sig
.digest
);
49 kfree(sinfo
->signing_cert_id
);
55 * pkcs7_free_message - Free a PKCS#7 message
56 * @pkcs7: The PKCS#7 message to free
58 void pkcs7_free_message(struct pkcs7_message
*pkcs7
)
60 struct x509_certificate
*cert
;
61 struct pkcs7_signed_info
*sinfo
;
64 while (pkcs7
->certs
) {
66 pkcs7
->certs
= cert
->next
;
67 x509_free_certificate(cert
);
71 pkcs7
->crl
= cert
->next
;
72 x509_free_certificate(cert
);
74 while (pkcs7
->signed_infos
) {
75 sinfo
= pkcs7
->signed_infos
;
76 pkcs7
->signed_infos
= sinfo
->next
;
77 pkcs7_free_signed_info(sinfo
);
82 EXPORT_SYMBOL_GPL(pkcs7_free_message
);
85 * Check authenticatedAttributes are provided or not provided consistently.
87 static int pkcs7_check_authattrs(struct pkcs7_message
*msg
)
89 struct pkcs7_signed_info
*sinfo
;
92 sinfo
= msg
->signed_infos
;
93 if (sinfo
->authattrs
) {
95 msg
->have_authattrs
= true;
98 for (sinfo
= sinfo
->next
; sinfo
; sinfo
= sinfo
->next
)
99 if (!!sinfo
->authattrs
!= want
)
104 pr_warn("Inconsistently supplied authAttrs\n");
109 * pkcs7_parse_message - Parse a PKCS#7 message
110 * @data: The raw binary ASN.1 encoded message to be parsed
111 * @datalen: The size of the encoded message
113 struct pkcs7_message
*pkcs7_parse_message(const void *data
, size_t datalen
)
115 struct pkcs7_parse_context
*ctx
;
116 struct pkcs7_message
*msg
= ERR_PTR(-ENOMEM
);
119 ctx
= kzalloc(sizeof(struct pkcs7_parse_context
), GFP_KERNEL
);
122 ctx
->msg
= kzalloc(sizeof(struct pkcs7_message
), GFP_KERNEL
);
125 ctx
->sinfo
= kzalloc(sizeof(struct pkcs7_signed_info
), GFP_KERNEL
);
129 ctx
->data
= (unsigned long)data
;
130 ctx
->ppcerts
= &ctx
->certs
;
131 ctx
->ppsinfo
= &ctx
->msg
->signed_infos
;
133 /* Attempt to decode the signature */
134 ret
= asn1_ber_decoder(&pkcs7_decoder
, ctx
, data
, datalen
);
140 ret
= pkcs7_check_authattrs(ctx
->msg
);
149 struct x509_certificate
*cert
= ctx
->certs
;
150 ctx
->certs
= cert
->next
;
151 x509_free_certificate(cert
);
153 pkcs7_free_signed_info(ctx
->sinfo
);
155 pkcs7_free_message(ctx
->msg
);
161 EXPORT_SYMBOL_GPL(pkcs7_parse_message
);
164 * pkcs7_get_content_data - Get access to the PKCS#7 content
165 * @pkcs7: The preparsed PKCS#7 message to access
166 * @_data: Place to return a pointer to the data
167 * @_data_len: Place to return the data length
168 * @want_wrapper: True if the ASN.1 object header should be included in the data
170 * Get access to the data content of the PKCS#7 message, including, optionally,
171 * the header of the ASN.1 object that contains it. Returns -ENODATA if the
172 * data object was missing from the message.
174 int pkcs7_get_content_data(const struct pkcs7_message
*pkcs7
,
175 const void **_data
, size_t *_data_len
,
183 wrapper
= want_wrapper
? pkcs7
->data_hdrlen
: 0;
184 *_data
= pkcs7
->data
- wrapper
;
185 *_data_len
= pkcs7
->data_len
+ wrapper
;
188 EXPORT_SYMBOL_GPL(pkcs7_get_content_data
);
191 * Note an OID when we find one for later processing when we know how
194 int pkcs7_note_OID(void *context
, size_t hdrlen
,
196 const void *value
, size_t vlen
)
198 struct pkcs7_parse_context
*ctx
= context
;
200 ctx
->last_oid
= look_up_OID(value
, vlen
);
201 if (ctx
->last_oid
== OID__NR
) {
203 sprint_oid(value
, vlen
, buffer
, sizeof(buffer
));
204 printk("PKCS7: Unknown OID: [%lu] %s\n",
205 (unsigned long)value
- ctx
->data
, buffer
);
211 * Note the digest algorithm for the signature.
213 int pkcs7_sig_note_digest_algo(void *context
, size_t hdrlen
,
215 const void *value
, size_t vlen
)
217 struct pkcs7_parse_context
*ctx
= context
;
219 switch (ctx
->last_oid
) {
221 ctx
->sinfo
->sig
.hash_algo
= "md4";
224 ctx
->sinfo
->sig
.hash_algo
= "md5";
227 ctx
->sinfo
->sig
.hash_algo
= "sha1";
230 ctx
->sinfo
->sig
.hash_algo
= "sha256";
233 ctx
->sinfo
->sig
.hash_algo
= "sha384";
236 ctx
->sinfo
->sig
.hash_algo
= "sha512";
239 ctx
->sinfo
->sig
.hash_algo
= "sha224";
242 printk("Unsupported digest algo: %u\n", ctx
->last_oid
);
249 * Note the public key algorithm for the signature.
251 int pkcs7_sig_note_pkey_algo(void *context
, size_t hdrlen
,
253 const void *value
, size_t vlen
)
255 struct pkcs7_parse_context
*ctx
= context
;
257 switch (ctx
->last_oid
) {
258 case OID_rsaEncryption
:
259 ctx
->sinfo
->sig
.pkey_algo
= "rsa";
262 printk("Unsupported pkey algo: %u\n", ctx
->last_oid
);
269 * We only support signed data [RFC2315 sec 9].
271 int pkcs7_check_content_type(void *context
, size_t hdrlen
,
273 const void *value
, size_t vlen
)
275 struct pkcs7_parse_context
*ctx
= context
;
277 if (ctx
->last_oid
!= OID_signed_data
) {
278 pr_warn("Only support pkcs7_signedData type\n");
286 * Note the SignedData version
288 int pkcs7_note_signeddata_version(void *context
, size_t hdrlen
,
290 const void *value
, size_t vlen
)
292 struct pkcs7_parse_context
*ctx
= context
;
298 ctx
->msg
->version
= version
= *(const u8
*)value
;
301 /* PKCS#7 SignedData [RFC2315 sec 9.1]
302 * CMS ver 1 SignedData [RFC5652 sec 5.1]
306 /* CMS ver 3 SignedData [RFC2315 sec 5.1] */
315 pr_warn("Unsupported SignedData version\n");
320 * Note the SignerInfo version
322 int pkcs7_note_signerinfo_version(void *context
, size_t hdrlen
,
324 const void *value
, size_t vlen
)
326 struct pkcs7_parse_context
*ctx
= context
;
332 version
= *(const u8
*)value
;
335 /* PKCS#7 SignerInfo [RFC2315 sec 9.2]
336 * CMS ver 1 SignerInfo [RFC5652 sec 5.3]
338 if (ctx
->msg
->version
!= 1)
339 goto version_mismatch
;
340 ctx
->expect_skid
= false;
343 /* CMS ver 3 SignerInfo [RFC2315 sec 5.3] */
344 if (ctx
->msg
->version
== 1)
345 goto version_mismatch
;
346 ctx
->expect_skid
= true;
355 pr_warn("Unsupported SignerInfo version\n");
358 pr_warn("SignedData-SignerInfo version mismatch\n");
363 * Extract a certificate and store it in the context.
365 int pkcs7_extract_cert(void *context
, size_t hdrlen
,
367 const void *value
, size_t vlen
)
369 struct pkcs7_parse_context
*ctx
= context
;
370 struct x509_certificate
*x509
;
372 if (tag
!= ((ASN1_UNIV
<< 6) | ASN1_CONS_BIT
| ASN1_SEQ
)) {
373 pr_debug("Cert began with tag %02x at %lu\n",
374 tag
, (unsigned long)ctx
- ctx
->data
);
378 /* We have to correct for the header so that the X.509 parser can start
379 * from the beginning. Note that since X.509 stipulates DER, there
380 * probably shouldn't be an EOC trailer - but it is in PKCS#7 (which
386 if (((u8
*)value
)[1] == 0x80)
387 vlen
+= 2; /* Indefinite length - there should be an EOC */
389 x509
= x509_cert_parse(value
, vlen
);
391 return PTR_ERR(x509
);
393 x509
->index
= ++ctx
->x509_index
;
394 pr_debug("Got cert %u for %s\n", x509
->index
, x509
->subject
);
395 pr_debug("- fingerprint %*phN\n", x509
->id
->len
, x509
->id
->data
);
397 *ctx
->ppcerts
= x509
;
398 ctx
->ppcerts
= &x509
->next
;
403 * Save the certificate list
405 int pkcs7_note_certificate_list(void *context
, size_t hdrlen
,
407 const void *value
, size_t vlen
)
409 struct pkcs7_parse_context
*ctx
= context
;
411 pr_devel("Got cert list (%02x)\n", tag
);
413 *ctx
->ppcerts
= ctx
->msg
->certs
;
414 ctx
->msg
->certs
= ctx
->certs
;
416 ctx
->ppcerts
= &ctx
->certs
;
421 * Note the content type.
423 int pkcs7_note_content(void *context
, size_t hdrlen
,
425 const void *value
, size_t vlen
)
427 struct pkcs7_parse_context
*ctx
= context
;
429 if (ctx
->last_oid
!= OID_data
&&
430 ctx
->last_oid
!= OID_msIndirectData
) {
431 pr_warn("Unsupported data type %d\n", ctx
->last_oid
);
435 ctx
->msg
->data_type
= ctx
->last_oid
;
440 * Extract the data from the message and store that and its content type OID in
443 int pkcs7_note_data(void *context
, size_t hdrlen
,
445 const void *value
, size_t vlen
)
447 struct pkcs7_parse_context
*ctx
= context
;
449 pr_debug("Got data\n");
451 ctx
->msg
->data
= value
;
452 ctx
->msg
->data_len
= vlen
;
453 ctx
->msg
->data_hdrlen
= hdrlen
;
458 * Parse authenticated attributes.
460 int pkcs7_sig_note_authenticated_attr(void *context
, size_t hdrlen
,
462 const void *value
, size_t vlen
)
464 struct pkcs7_parse_context
*ctx
= context
;
465 struct pkcs7_signed_info
*sinfo
= ctx
->sinfo
;
466 enum OID content_type
;
468 pr_devel("AuthAttr: %02x %zu [%*ph]\n", tag
, vlen
, (unsigned)vlen
, value
);
470 switch (ctx
->last_oid
) {
471 case OID_contentType
:
472 if (__test_and_set_bit(sinfo_has_content_type
, &sinfo
->aa_set
))
474 content_type
= look_up_OID(value
, vlen
);
475 if (content_type
!= ctx
->msg
->data_type
) {
476 pr_warn("Mismatch between global data type (%d) and sinfo %u (%d)\n",
477 ctx
->msg
->data_type
, sinfo
->index
,
483 case OID_signingTime
:
484 if (__test_and_set_bit(sinfo_has_signing_time
, &sinfo
->aa_set
))
486 /* Should we check that the signing time is consistent
487 * with the signer's X.509 cert?
489 return x509_decode_time(&sinfo
->signing_time
,
490 hdrlen
, tag
, value
, vlen
);
492 case OID_messageDigest
:
493 if (__test_and_set_bit(sinfo_has_message_digest
, &sinfo
->aa_set
))
497 sinfo
->msgdigest
= value
;
498 sinfo
->msgdigest_len
= vlen
;
501 case OID_smimeCapabilites
:
502 if (__test_and_set_bit(sinfo_has_smime_caps
, &sinfo
->aa_set
))
504 if (ctx
->msg
->data_type
!= OID_msIndirectData
) {
505 pr_warn("S/MIME Caps only allowed with Authenticode\n");
506 return -EKEYREJECTED
;
510 /* Microsoft SpOpusInfo seems to be contain cont[0] 16-bit BE
511 * char URLs and cont[1] 8-bit char URLs.
513 * Microsoft StatementType seems to contain a list of OIDs that
514 * are also used as extendedKeyUsage types in X.509 certs.
516 case OID_msSpOpusInfo
:
517 if (__test_and_set_bit(sinfo_has_ms_opus_info
, &sinfo
->aa_set
))
519 goto authenticode_check
;
520 case OID_msStatementType
:
521 if (__test_and_set_bit(sinfo_has_ms_statement_type
, &sinfo
->aa_set
))
524 if (ctx
->msg
->data_type
!= OID_msIndirectData
) {
525 pr_warn("Authenticode AuthAttrs only allowed with Authenticode\n");
526 return -EKEYREJECTED
;
528 /* I'm not sure how to validate these */
535 /* We permit max one item per AuthenticatedAttribute and no repeats */
536 pr_warn("Repeated/multivalue AuthAttrs not permitted\n");
537 return -EKEYREJECTED
;
541 * Note the set of auth attributes for digestion purposes [RFC2315 sec 9.3]
543 int pkcs7_sig_note_set_of_authattrs(void *context
, size_t hdrlen
,
545 const void *value
, size_t vlen
)
547 struct pkcs7_parse_context
*ctx
= context
;
548 struct pkcs7_signed_info
*sinfo
= ctx
->sinfo
;
550 if (!test_bit(sinfo_has_content_type
, &sinfo
->aa_set
) ||
551 !test_bit(sinfo_has_message_digest
, &sinfo
->aa_set
)) {
552 pr_warn("Missing required AuthAttr\n");
556 if (ctx
->msg
->data_type
!= OID_msIndirectData
&&
557 test_bit(sinfo_has_ms_opus_info
, &sinfo
->aa_set
)) {
558 pr_warn("Unexpected Authenticode AuthAttr\n");
562 /* We need to switch the 'CONT 0' to a 'SET OF' when we digest */
563 sinfo
->authattrs
= value
- (hdrlen
- 1);
564 sinfo
->authattrs_len
= vlen
+ (hdrlen
- 1);
569 * Note the issuing certificate serial number
571 int pkcs7_sig_note_serial(void *context
, size_t hdrlen
,
573 const void *value
, size_t vlen
)
575 struct pkcs7_parse_context
*ctx
= context
;
576 ctx
->raw_serial
= value
;
577 ctx
->raw_serial_size
= vlen
;
582 * Note the issuer's name
584 int pkcs7_sig_note_issuer(void *context
, size_t hdrlen
,
586 const void *value
, size_t vlen
)
588 struct pkcs7_parse_context
*ctx
= context
;
589 ctx
->raw_issuer
= value
;
590 ctx
->raw_issuer_size
= vlen
;
595 * Note the issuing cert's subjectKeyIdentifier
597 int pkcs7_sig_note_skid(void *context
, size_t hdrlen
,
599 const void *value
, size_t vlen
)
601 struct pkcs7_parse_context
*ctx
= context
;
603 pr_devel("SKID: %02x %zu [%*ph]\n", tag
, vlen
, (unsigned)vlen
, value
);
605 ctx
->raw_skid
= value
;
606 ctx
->raw_skid_size
= vlen
;
611 * Note the signature data
613 int pkcs7_sig_note_signature(void *context
, size_t hdrlen
,
615 const void *value
, size_t vlen
)
617 struct pkcs7_parse_context
*ctx
= context
;
619 ctx
->sinfo
->sig
.s
= kmemdup(value
, vlen
, GFP_KERNEL
);
620 if (!ctx
->sinfo
->sig
.s
)
623 ctx
->sinfo
->sig
.s_size
= vlen
;
628 * Note a signature information block
630 int pkcs7_note_signed_info(void *context
, size_t hdrlen
,
632 const void *value
, size_t vlen
)
634 struct pkcs7_parse_context
*ctx
= context
;
635 struct pkcs7_signed_info
*sinfo
= ctx
->sinfo
;
636 struct asymmetric_key_id
*kid
;
638 if (ctx
->msg
->data_type
== OID_msIndirectData
&& !sinfo
->authattrs
) {
639 pr_warn("Authenticode requires AuthAttrs\n");
643 /* Generate cert issuer + serial number key ID */
644 if (!ctx
->expect_skid
) {
645 kid
= asymmetric_key_generate_id(ctx
->raw_serial
,
646 ctx
->raw_serial_size
,
648 ctx
->raw_issuer_size
);
650 kid
= asymmetric_key_generate_id(ctx
->raw_skid
,
657 pr_devel("SINFO KID: %u [%*phN]\n", kid
->len
, kid
->len
, kid
->data
);
659 sinfo
->signing_cert_id
= kid
;
660 sinfo
->index
= ++ctx
->sinfo_index
;
661 *ctx
->ppsinfo
= sinfo
;
662 ctx
->ppsinfo
= &sinfo
->next
;
663 ctx
->sinfo
= kzalloc(sizeof(struct pkcs7_signed_info
), GFP_KERNEL
);