diff options
author | Raymond Mao <raymond.mao@linaro.org> | 2024-04-16 12:00:16 -0700 |
---|---|---|
committer | Tom Rini <trini@konsulko.com> | 2024-04-16 13:10:05 -0600 |
commit | 55ea742f685b17d6e8b2bc6ee575924e8c73d324 (patch) | |
tree | 26840980cc7c3cd9f46c45b532ad680b6ada4598 | |
parent | 9305d14d84d370c6cd7e92119f31573d4a2638a8 (diff) | |
download | u-boot-55ea742f685b17d6e8b2bc6ee575924e8c73d324.zip u-boot-55ea742f685b17d6e8b2bc6ee575924e8c73d324.tar.gz u-boot-55ea742f685b17d6e8b2bc6ee575924e8c73d324.tar.bz2 |
lib/crypto: port MSCode parser on MbedTLS
Integrate MicroSoft Authenticate Code parser on top of MbedTLS
ASN.1 decoder.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
-rw-r--r-- | include/crypto/mscode.h | 4 | ||||
-rw-r--r-- | lib/crypto/mscode_parser.c | 104 |
2 files changed, 108 insertions, 0 deletions
diff --git a/include/crypto/mscode.h b/include/crypto/mscode.h index 551058b..c214fc8 100644 --- a/include/crypto/mscode.h +++ b/include/crypto/mscode.h @@ -9,6 +9,10 @@ #ifndef __UBOOT__ #include <crypto/hash_info.h> #endif +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) +#include <external/mbedtls/include/mbedtls/asn1.h> +#include <external/mbedtls/include/mbedtls/oid.h> +#endif struct pefile_context { #ifndef __UBOOT__ diff --git a/lib/crypto/mscode_parser.c b/lib/crypto/mscode_parser.c index 90d5b37..167304d 100644 --- a/lib/crypto/mscode_parser.c +++ b/lib/crypto/mscode_parser.c @@ -18,11 +18,113 @@ #else #include "verify_pefile.h" #endif +#if !CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) #include "mscode.asn1.h" +#endif /* * Parse a Microsoft Individual Code Signing blob + * + * U.P.SEQUENCE { + * U.P.OBJECTIDENTIFIER 1.3.6.1.4.1.311.2.1.15 (SPC_PE_IMAGE_DATA_OBJID) + * U.P.SEQUENCE { + * U.P.BITSTRING NaN : 0 unused bit(s); + * [C.P.0] { + * [C.P.2] { + * [C.P.0] <arbitrary string> + * } + * } + * } + * } + * U.P.SEQUENCE { + * U.P.SEQUENCE { + * U.P.OBJECTIDENTIFIER <digest algorithm OID> + * U.P.NULL + * } + * U.P.OCTETSTRING <PE image digest> + * } + * */ +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) + +int mscode_parse(void *_ctx, const void *content_data, size_t data_len, + size_t asn1hdrlen) +{ + struct pefile_context *ctx = _ctx; + unsigned char *p = (unsigned char *)content_data; + unsigned char *end = (unsigned char *)content_data + data_len; + size_t len = 0; + int ret; + unsigned char *inner_p; + size_t seq_len = 0; + + ret = mbedtls_asn1_get_tag(&p, end, &seq_len, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE); + if (ret) + return ret; + + inner_p = p; + ret = mbedtls_asn1_get_tag(&inner_p, inner_p + seq_len, &len, MBEDTLS_ASN1_OID); + if (ret) + return ret; + + /* Sanity check on the PE Image Data OID (1.3.6.1.4.1.311.2.1.15) */ + if (MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_MICROSOFT_PEIMAGEDATA, inner_p, len)) + return -EINVAL; + + p += seq_len; + ret = mbedtls_asn1_get_tag(&p, end, &seq_len, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE); + if (ret) + return ret; + + ret = mbedtls_asn1_get_tag(&p, p + seq_len, &seq_len, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE); + if (ret) + return ret; + + inner_p = p; + + /* + * Check if the inner sequence contains a supported hash + * algorithm OID + */ + ret = mbedtls_asn1_get_tag(&inner_p, inner_p + seq_len, &len, MBEDTLS_ASN1_OID); + if (ret) + return ret; + + if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_DIGEST_ALG_MD5, inner_p, len)) + ctx->digest_algo = "md5"; + else if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_DIGEST_ALG_SHA1, inner_p, len)) + ctx->digest_algo = "sha1"; + else if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_DIGEST_ALG_SHA224, inner_p, len)) + ctx->digest_algo = "sha224"; + else if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_DIGEST_ALG_SHA256, inner_p, len)) + ctx->digest_algo = "sha256"; + else if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_DIGEST_ALG_SHA384, inner_p, len)) + ctx->digest_algo = "sha384"; + else if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_DIGEST_ALG_SHA512, inner_p, len)) + ctx->digest_algo = "sha512"; + + if (!ctx->digest_algo) + return -EINVAL; + + p += seq_len; + ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING); + if (ret) + return ret; + + ctx->digest = p; + ctx->digest_len = len; + + return 0; +} + +#else /* !CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) */ + int mscode_parse(void *_ctx, const void *content_data, size_t data_len, size_t asn1hdrlen) { @@ -36,6 +138,8 @@ int mscode_parse(void *_ctx, const void *content_data, size_t data_len, return asn1_ber_decoder(&mscode_decoder, ctx, content_data, data_len); } +#endif /* CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) */ + /* * Check the content type OID */ |