[linux-2.6-block.git] / crypto / asymmetric_keys / verify_pefile.c

/* Parse a signed PE binary
 *
 * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
 * Written by David Howells (dhowells@redhat.com)
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public Licence
 * as published by the Free Software Foundation; either version
 * 2 of the Licence, or (at your option) any later version.
 */

#define pr_fmt(fmt) "PEFILE: "fmt
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/err.h>
#include <linux/pe.h>
#include <linux/asn1.h>
#include <crypto/pkcs7.h>
#include <crypto/hash.h>
#include "verify_pefile.h"

/*
 * Parse a PE binary.
 */
static int pefile_parse_binary(const void *pebuf, unsigned int pelen,
			       struct pefile_context *ctx)
{
	const struct mz_hdr *mz = pebuf;
	const struct pe_hdr *pe;
	const struct pe32_opt_hdr *pe32;
	const struct pe32plus_opt_hdr *pe64;
	const struct data_directory *ddir;
	const struct data_dirent *dde;
	const struct section_header *secs, *sec;
	size_t cursor, datalen = pelen;

	kenter("");

#define chkaddr(base, x, s)						\
	do {								\
		if ((x) < base || (s) >= datalen || (x) > datalen - (s)) \
			return -ELIBBAD;				\
	} while (0)

	chkaddr(0, 0, sizeof(*mz));
	if (mz->magic != MZ_MAGIC)
		return -ELIBBAD;
	cursor = sizeof(*mz);

	chkaddr(cursor, mz->peaddr, sizeof(*pe));
	pe = pebuf + mz->peaddr;
	if (pe->magic != PE_MAGIC)
		return -ELIBBAD;
	cursor = mz->peaddr + sizeof(*pe);

	chkaddr(0, cursor, sizeof(pe32->magic));
	pe32 = pebuf + cursor;
	pe64 = pebuf + cursor;

	switch (pe32->magic) {
	case PE_OPT_MAGIC_PE32:
		chkaddr(0, cursor, sizeof(*pe32));
		ctx->image_checksum_offset =
			(unsigned long)&pe32->csum - (unsigned long)pebuf;
		ctx->header_size = pe32->header_size;
		cursor += sizeof(*pe32);
		ctx->n_data_dirents = pe32->data_dirs;
		break;

	case PE_OPT_MAGIC_PE32PLUS:
		chkaddr(0, cursor, sizeof(*pe64));
		ctx->image_checksum_offset =
			(unsigned long)&pe64->csum - (unsigned long)pebuf;
		ctx->header_size = pe64->header_size;
		cursor += sizeof(*pe64);
		ctx->n_data_dirents = pe64->data_dirs;
		break;

	default:
		pr_debug("Unknown PEOPT magic = %04hx\n", pe32->magic);
		return -ELIBBAD;
	}

	pr_debug("checksum @ %x\n", ctx->image_checksum_offset);
	pr_debug("header size = %x\n", ctx->header_size);

	if (cursor >= ctx->header_size || ctx->header_size >= datalen)
		return -ELIBBAD;

	if (ctx->n_data_dirents > (ctx->header_size - cursor) / sizeof(*dde))
		return -ELIBBAD;

	ddir = pebuf + cursor;
	cursor += sizeof(*dde) * ctx->n_data_dirents;

	ctx->cert_dirent_offset =
		(unsigned long)&ddir->certs - (unsigned long)pebuf;
	ctx->certs_size = ddir->certs.size;

	if (!ddir->certs.virtual_address || !ddir->certs.size) {
		pr_debug("Unsigned PE binary\n");
		return -EKEYREJECTED;
	}

	chkaddr(ctx->header_size, ddir->certs.virtual_address,
		ddir->certs.size);
	ctx->sig_offset = ddir->certs.virtual_address;
	ctx->sig_len = ddir->certs.size;
	pr_debug("cert = %x @%x [%*ph]\n",
		 ctx->sig_len, ctx->sig_offset,
		 ctx->sig_len, pebuf + ctx->sig_offset);

	ctx->n_sections = pe->sections;
	if (ctx->n_sections > (ctx->header_size - cursor) / sizeof(*sec))
		return -ELIBBAD;
	ctx->secs = secs = pebuf + cursor;

	return 0;
}

/*
 * Check and strip the PE wrapper from around the signature and check that the
 * remnant looks something like PKCS#7.
 */
static int pefile_strip_sig_wrapper(const void *pebuf,
				    struct pefile_context *ctx)
{
	struct win_certificate wrapper;
	const u8 *pkcs7;

	if (ctx->sig_len < sizeof(wrapper)) {
		pr_debug("Signature wrapper too short\n");
		return -ELIBBAD;
	}

	memcpy(&wrapper, pebuf + ctx->sig_offset, sizeof(wrapper));
	pr_debug("sig wrapper = { %x, %x, %x }\n",
		 wrapper.length, wrapper.revision, wrapper.cert_type);

	/* Both pesign and sbsign round up the length of certificate table
	 * (in optional header data directories) to 8 byte alignment.
	 */
	if (round_up(wrapper.length, 8) != ctx->sig_len) {
		pr_debug("Signature wrapper len wrong\n");
		return -ELIBBAD;
	}
	if (wrapper.revision != WIN_CERT_REVISION_2_0) {
		pr_debug("Signature is not revision 2.0\n");
		return -ENOTSUPP;
	}
	if (wrapper.cert_type != WIN_CERT_TYPE_PKCS_SIGNED_DATA) {
		pr_debug("Signature certificate type is not PKCS\n");
		return -ENOTSUPP;
	}

	/* Looks like actual pkcs signature length is in wrapper->length.
	 * size obtained from data dir entries lists the total size of
	 * certificate table which is also aligned to octawrod boundary.
	 *
	 * So set signature length field appropriately.
	 */
	ctx->sig_len = wrapper.length;
	ctx->sig_offset += sizeof(wrapper);
	ctx->sig_len -= sizeof(wrapper);
	if (ctx->sig_len == 0) {
		pr_debug("Signature data missing\n");
		return -EKEYREJECTED;
	}

	/* What's left should a PKCS#7 cert */
	pkcs7 = pebuf + ctx->sig_offset;
	if (pkcs7[0] == (ASN1_CONS_BIT | ASN1_SEQ)) {
		if (pkcs7[1] == 0x82 &&
		    pkcs7[2] == (((ctx->sig_len - 4) >> 8) & 0xff) &&
		    pkcs7[3] ==  ((ctx->sig_len - 4)       & 0xff))
			return 0;
		if (pkcs7[1] == 0x80)
			return 0;
		if (pkcs7[1] > 0x82)
			return -EMSGSIZE;
	}

	pr_debug("Signature data not PKCS#7\n");
	return -ELIBBAD;
}

/**
 * verify_pefile_signature - Verify the signature on a PE binary image
 * @pebuf: Buffer containing the PE binary image
 * @pelen: Length of the binary image
 * @trust_keyring: Signing certificates to use as starting points
 * @_trusted: Set to true if trustworth, false otherwise
 *
 * Validate that the certificate chain inside the PKCS#7 message inside the PE
 * binary image intersects keys we already know and trust.
 *
 * Returns, in order of descending priority:
 *
 *  (*) -ELIBBAD if the image cannot be parsed, or:
 *
 *  (*) -EKEYREJECTED if a signature failed to match for which we have a valid
 *	key, or:
 *
 *  (*) 0 if at least one signature chain intersects with the keys in the trust
 *	keyring, or:
 *
 *  (*) -ENOPKG if a suitable crypto module couldn't be found for a check on a
 *	chain.
 *
 *  (*) -ENOKEY if we couldn't find a match for any of the signature chains in
 *	the message.
 *
 * May also return -ENOMEM.
 */
int verify_pefile_signature(const void *pebuf, unsigned pelen,
			    struct key *trusted_keyring, bool *_trusted)
{
	struct pefile_context ctx;
	int ret;

	kenter("");

	memset(&ctx, 0, sizeof(ctx));
	ret = pefile_parse_binary(pebuf, pelen, &ctx);
	if (ret < 0)
		return ret;

	ret = pefile_strip_sig_wrapper(pebuf, &ctx);
	if (ret < 0)
		return ret;

	return -ENOANO; // Not yet complete
}
Commit	Line	Data
26d1164b DH	1	/* Parse a signed PE binary
	2	*
	3	* Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
	4	* Written by David Howells (dhowells@redhat.com)
	5	*
	6	* This program is free software; you can redistribute it and/or
	7	* modify it under the terms of the GNU General Public Licence
	8	* as published by the Free Software Foundation; either version
	9	* 2 of the Licence, or (at your option) any later version.
	10	*/
	11
	12	#define pr_fmt(fmt) "PEFILE: "fmt
	13	#include <linux/module.h>
	14	#include <linux/kernel.h>
	15	#include <linux/slab.h>
	16	#include <linux/err.h>
	17	#include <linux/pe.h>
09dacbbd	18	#include <linux/asn1.h>
26d1164b DH	19	#include <crypto/pkcs7.h>
	20	#include <crypto/hash.h>
	21	#include "verify_pefile.h"
	22
	23	/*
	24	* Parse a PE binary.
	25	*/
	26	static int pefile_parse_binary(const void *pebuf, unsigned int pelen,
	27	struct pefile_context *ctx)
	28	{
	29	const struct mz_hdr *mz = pebuf;
	30	const struct pe_hdr *pe;
	31	const struct pe32_opt_hdr *pe32;
	32	const struct pe32plus_opt_hdr *pe64;
	33	const struct data_directory *ddir;
	34	const struct data_dirent *dde;
	35	const struct section_header secs, sec;
	36	size_t cursor, datalen = pelen;
	37
	38	kenter("");
	39
	40	#define chkaddr(base, x, s) \
	41	do { \
	42	if ((x) < base \|\| (s) >= datalen \|\| (x) > datalen - (s)) \
	43	return -ELIBBAD; \
	44	} while (0)
	45
	46	chkaddr(0, 0, sizeof(*mz));
	47	if (mz->magic != MZ_MAGIC)
	48	return -ELIBBAD;
	49	cursor = sizeof(*mz);
	50
	51	chkaddr(cursor, mz->peaddr, sizeof(*pe));
	52	pe = pebuf + mz->peaddr;
	53	if (pe->magic != PE_MAGIC)
	54	return -ELIBBAD;
	55	cursor = mz->peaddr + sizeof(*pe);
	56
	57	chkaddr(0, cursor, sizeof(pe32->magic));
	58	pe32 = pebuf + cursor;
	59	pe64 = pebuf + cursor;
	60
	61	switch (pe32->magic) {
	62	case PE_OPT_MAGIC_PE32:
	63	chkaddr(0, cursor, sizeof(*pe32));
	64	ctx->image_checksum_offset =
	65	(unsigned long)&pe32->csum - (unsigned long)pebuf;
	66	ctx->header_size = pe32->header_size;
	67	cursor += sizeof(*pe32);
	68	ctx->n_data_dirents = pe32->data_dirs;
	69	break;
	70
	71	case PE_OPT_MAGIC_PE32PLUS:
	72	chkaddr(0, cursor, sizeof(*pe64));
	73	ctx->image_checksum_offset =
	74	(unsigned long)&pe64->csum - (unsigned long)pebuf;
	75	ctx->header_size = pe64->header_size;
	76	cursor += sizeof(*pe64);
	77	ctx->n_data_dirents = pe64->data_dirs;
	78	break;
	79
	80	default:
	81	pr_debug("Unknown PEOPT magic = %04hx\n", pe32->magic);
	82	return -ELIBBAD;
83	}
84
85	pr_debug("checksum @ %x\n", ctx->image_checksum_offset);
86	pr_debug("header size = %x\n", ctx->header_size);
87
88	if (cursor >= ctx->header_size \|\| ctx->header_size >= datalen)
89	return -ELIBBAD;
90
91	if (ctx->n_data_dirents > (ctx->header_size - cursor) / sizeof(*dde))
92	return -ELIBBAD;
93
94	ddir = pebuf + cursor;
95	cursor += sizeof(dde) ctx->n_data_dirents;
96
97	ctx->cert_dirent_offset =
98	(unsigned long)&ddir->certs - (unsigned long)pebuf;
99	ctx->certs_size = ddir->certs.size;
100
101	if (!ddir->certs.virtual_address \|\| !ddir->certs.size) {
102	pr_debug("Unsigned PE binary\n");
103	return -EKEYREJECTED;
104	}
105
106	chkaddr(ctx->header_size, ddir->certs.virtual_address,
107	ddir->certs.size);
108	ctx->sig_offset = ddir->certs.virtual_address;
109	ctx->sig_len = ddir->certs.size;
110	pr_debug("cert = %x @%x [%*ph]\n",
111	ctx->sig_len, ctx->sig_offset,
112	ctx->sig_len, pebuf + ctx->sig_offset);
113
114	ctx->n_sections = pe->sections;
115	if (ctx->n_sections > (ctx->header_size - cursor) / sizeof(*sec))
116	return -ELIBBAD;
117	ctx->secs = secs = pebuf + cursor;
118
119	return 0;
120	}
121
09dacbbd DH	122	/*
	123	* Check and strip the PE wrapper from around the signature and check that the
	124	* remnant looks something like PKCS#7.
	125	*/
	126	static int pefile_strip_sig_wrapper(const void *pebuf,
	127	struct pefile_context *ctx)
	128	{
	129	struct win_certificate wrapper;
	130	const u8 *pkcs7;
	131
	132	if (ctx->sig_len < sizeof(wrapper)) {
	133	pr_debug("Signature wrapper too short\n");
	134	return -ELIBBAD;
	135	}
	136
	137	memcpy(&wrapper, pebuf + ctx->sig_offset, sizeof(wrapper));
	138	pr_debug("sig wrapper = { %x, %x, %x }\n",
	139	wrapper.length, wrapper.revision, wrapper.cert_type);
	140
	141	/* Both pesign and sbsign round up the length of certificate table
	142	* (in optional header data directories) to 8 byte alignment.
	143	*/
	144	if (round_up(wrapper.length, 8) != ctx->sig_len) {
	145	pr_debug("Signature wrapper len wrong\n");
	146	return -ELIBBAD;
	147	}
	148	if (wrapper.revision != WIN_CERT_REVISION_2_0) {
	149	pr_debug("Signature is not revision 2.0\n");
	150	return -ENOTSUPP;
	151	}
	152	if (wrapper.cert_type != WIN_CERT_TYPE_PKCS_SIGNED_DATA) {
	153	pr_debug("Signature certificate type is not PKCS\n");
	154	return -ENOTSUPP;
	155	}
	156
	157	/* Looks like actual pkcs signature length is in wrapper->length.
	158	* size obtained from data dir entries lists the total size of
	159	* certificate table which is also aligned to octawrod boundary.
	160	*
	161	* So set signature length field appropriately.
	162	*/
	163	ctx->sig_len = wrapper.length;
	164	ctx->sig_offset += sizeof(wrapper);
	165	ctx->sig_len -= sizeof(wrapper);
	166	if (ctx->sig_len == 0) {
	167	pr_debug("Signature data missing\n");
	168	return -EKEYREJECTED;
	169	}
	170
	171	/* What's left should a PKCS#7 cert */
	172	pkcs7 = pebuf + ctx->sig_offset;
	173	if (pkcs7[0] == (ASN1_CONS_BIT \| ASN1_SEQ)) {
	174	if (pkcs7[1] == 0x82 &&
	175	pkcs7[2] == (((ctx->sig_len - 4) >> 8) & 0xff) &&
	176	pkcs7[3] == ((ctx->sig_len - 4) & 0xff))
	177	return 0;
	178	if (pkcs7[1] == 0x80)
	179	return 0;
	180	if (pkcs7[1] > 0x82)
	181	return -EMSGSIZE;
	182	}
	183
	184	pr_debug("Signature data not PKCS#7\n");
	185	return -ELIBBAD;
186	}
187
26d1164b DH	188	/**
	189	* verify_pefile_signature - Verify the signature on a PE binary image
	190	* @pebuf: Buffer containing the PE binary image
	191	* @pelen: Length of the binary image
	192	* @trust_keyring: Signing certificates to use as starting points
	193	* @_trusted: Set to true if trustworth, false otherwise
	194	*
	195	* Validate that the certificate chain inside the PKCS#7 message inside the PE
	196	* binary image intersects keys we already know and trust.
	197	*
	198	* Returns, in order of descending priority:
	199	*
	200	* (*) -ELIBBAD if the image cannot be parsed, or:
	201	*
	202	* (*) -EKEYREJECTED if a signature failed to match for which we have a valid
	203	* key, or:
	204	*
	205	* (*) 0 if at least one signature chain intersects with the keys in the trust
	206	* keyring, or:
	207	*
	208	* (*) -ENOPKG if a suitable crypto module couldn't be found for a check on a
	209	* chain.
	210	*
	211	* (*) -ENOKEY if we couldn't find a match for any of the signature chains in
	212	* the message.
	213	*
	214	* May also return -ENOMEM.
	215	*/
	216	int verify_pefile_signature(const void *pebuf, unsigned pelen,
	217	struct key trusted_keyring, bool _trusted)
	218	{
	219	struct pefile_context ctx;
	220	int ret;
	221
	222	kenter("");
	223
	224	memset(&ctx, 0, sizeof(ctx));
	225	ret = pefile_parse_binary(pebuf, pelen, &ctx);
	226	if (ret < 0)
	227	return ret;
	228
09dacbbd DH	229	ret = pefile_strip_sig_wrapper(pebuf, &ctx);
	230	if (ret < 0)
	231	return ret;
	232
26d1164b DH	233	return -ENOANO; // Not yet complete
26d1164b DH	234	}