1 // SPDX-License-Identifier: GPL-2.0+
3 * Copyright (c) 2018 Patrick Wildt <patrick@blueri.se>
4 * Copyright (c) 2019 Linaro Limited, Author: AKASHI Takahiro
9 #include <efi_loader.h>
13 #include <crypto/pkcs7_parser.h>
14 #include <linux/compat.h>
15 #include <linux/oid_registry.h>
16 #include <u-boot/rsa.h>
17 #include <u-boot/sha256.h>
19 const efi_guid_t efi_guid_image_security_database =
20 EFI_IMAGE_SECURITY_DATABASE_GUID;
21 const efi_guid_t efi_guid_sha256 = EFI_CERT_SHA256_GUID;
22 const efi_guid_t efi_guid_cert_rsa2048 = EFI_CERT_RSA2048_GUID;
23 const efi_guid_t efi_guid_cert_x509 = EFI_CERT_X509_GUID;
24 const efi_guid_t efi_guid_cert_x509_sha256 = EFI_CERT_X509_SHA256_GUID;
25 const efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
27 #ifdef CONFIG_EFI_SECURE_BOOT
30 * efi_hash_regions - calculate a hash value
31 * @regs: List of regions
32 * @hash: Pointer to a pointer to buffer holding a hash value
33 * @size: Size of buffer to be returned
35 * Calculate a sha256 value of @regs and return a value in @hash.
37 * Return: true on success, false on error
39 static bool efi_hash_regions(struct efi_image_regions *regs, void **hash,
43 *hash = calloc(1, SHA256_SUM_LEN);
45 debug("Out of memory\n");
48 *size = SHA256_SUM_LEN;
50 hash_calculate("sha256", regs->reg, regs->num, *hash);
52 debug("hash calculated:\n");
53 print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1,
54 *hash, SHA256_SUM_LEN, false);
61 * efi_hash_msg_content - calculate a hash value of contentInfo
63 * @hash: Pointer to a pointer to buffer holding a hash value
64 * @size: Size of buffer to be returned
66 * Calculate a sha256 value of contentInfo in @msg and return a value in @hash.
68 * Return: true on success, false on error
70 static bool efi_hash_msg_content(struct pkcs7_message *msg, void **hash,
73 struct image_region regtmp;
76 *hash = calloc(1, SHA256_SUM_LEN);
78 debug("Out of memory\n");
82 *size = SHA256_SUM_LEN;
84 regtmp.data = msg->data;
85 regtmp.size = msg->data_len;
87 hash_calculate("sha256", ®tmp, 1, *hash);
89 debug("hash calculated based on contentInfo:\n");
90 print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1,
91 *hash, SHA256_SUM_LEN, false);
98 * efi_signature_verify - verify a signature with a certificate
99 * @regs: List of regions to be authenticated
100 * @signed_info: Pointer to PKCS7's signed_info
101 * @cert: x509 certificate
103 * Signature pointed to by @signed_info against image pointed to by @regs
104 * is verified by a certificate pointed to by @cert.
105 * @signed_info holds a signature, including a message digest which is to be
106 * compared with a hash value calculated from @regs.
108 * Return: true if signature is verified, false if not
110 static bool efi_signature_verify(struct efi_image_regions *regs,
111 struct pkcs7_message *msg,
112 struct pkcs7_signed_info *ps_info,
113 struct x509_certificate *cert)
115 struct image_sign_info info;
116 struct image_region regtmp[2];
122 debug("%s: Enter, %p, %p, %p(issuer: %s, subject: %s)\n", __func__,
123 regs, ps_info, cert, cert->issuer, cert->subject);
127 memset(&info, '\0', sizeof(info));
128 info.padding = image_get_padding_algo("pkcs-1.5");
130 * Note: image_get_[checksum|crypto]_algo takes an string
131 * argument like "<checksum>,<crypto>"
132 * TODO: support other hash algorithms
134 if (!strcmp(ps_info->sig->hash_algo, "sha1")) {
135 info.checksum = image_get_checksum_algo("sha1,rsa2048");
136 info.name = "sha1,rsa2048";
137 } else if (!strcmp(ps_info->sig->hash_algo, "sha256")) {
138 info.checksum = image_get_checksum_algo("sha256,rsa2048");
139 info.name = "sha256,rsa2048";
141 debug("unknown msg digest algo: %s\n", ps_info->sig->hash_algo);
144 info.crypto = image_get_crypto_algo(info.name);
146 info.key = cert->pub->key;
147 info.keylen = cert->pub->keylen;
149 /* verify signature */
150 debug("%s: crypto: %s, signature len:%x\n", __func__,
151 info.name, ps_info->sig->s_size);
152 if (ps_info->aa_set & (1UL << sinfo_has_message_digest)) {
153 debug("%s: RSA verify authentication attribute\n", __func__);
155 * NOTE: This path will be executed only for
156 * PE image authentication
159 /* check if hash matches digest first */
160 debug("checking msg digest first, len:0x%x\n",
161 ps_info->msgdigest_len);
164 debug("hash in database:\n");
165 print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1,
166 ps_info->msgdigest, ps_info->msgdigest_len,
169 /* against contentInfo first */
170 if ((msg->data && efi_hash_msg_content(msg, &hash, &size)) ||
171 /* for signed image */
172 efi_hash_regions(regs, &hash, &size)) {
173 /* for authenticated variable */
174 if (ps_info->msgdigest_len != size ||
175 memcmp(hash, ps_info->msgdigest, size)) {
176 debug("Digest doesn't match\n");
183 debug("Digesting image failed\n");
191 regtmp[1].data = ps_info->authattrs;
192 regtmp[1].size = ps_info->authattrs_len;
194 if (!rsa_verify(&info, regtmp, 2,
195 ps_info->sig->s, ps_info->sig->s_size))
198 debug("%s: RSA verify content data\n", __func__);
199 /* against all data */
200 if (!rsa_verify(&info, regs->reg, regs->num,
201 ps_info->sig->s, ps_info->sig->s_size))
206 debug("%s: Exit, verified: %d\n", __func__, verified);
211 * efi_signature_verify_with_list - verify a signature with signature list
212 * @regs: List of regions to be authenticated
214 * @signed_info: Pointer to PKCS7's signed_info
215 * @siglist: Signature list for certificates
216 * @valid_cert: x509 certificate that verifies this signature
218 * Signature pointed to by @signed_info against image pointed to by @regs
219 * is verified by signature list pointed to by @siglist.
220 * Signature database is a simple concatenation of one or more
223 * Return: true if signature is verified, false if not
226 bool efi_signature_verify_with_list(struct efi_image_regions *regs,
227 struct pkcs7_message *msg,
228 struct pkcs7_signed_info *signed_info,
229 struct efi_signature_store *siglist,
230 struct x509_certificate **valid_cert)
232 struct x509_certificate *cert;
233 struct efi_sig_data *sig_data;
234 bool verified = false;
236 debug("%s: Enter, %p, %p, %p, %p\n", __func__,
237 regs, signed_info, siglist, valid_cert);
243 debug("%s: unsigned image\n", __func__);
245 * verify based on calculated hash value
246 * TODO: support other hash algorithms
248 if (guidcmp(&siglist->sig_type, &efi_guid_sha256)) {
249 debug("Digest algorithm is not supported: %pUl\n",
254 if (!efi_hash_regions(regs, &hash, &size)) {
255 debug("Digesting unsigned image failed\n");
259 /* go through the list */
260 for (sig_data = siglist->sig_data_list; sig_data;
261 sig_data = sig_data->next) {
263 debug("Msg digest in database:\n");
264 print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1,
265 sig_data->data, sig_data->size, false);
267 if ((sig_data->size == size) &&
268 !memcmp(sig_data->data, hash, size)) {
278 debug("%s: signed image\n", __func__);
279 if (guidcmp(&siglist->sig_type, &efi_guid_cert_x509)) {
280 debug("Signature type is not supported: %pUl\n",
285 /* go through the list */
286 for (sig_data = siglist->sig_data_list; sig_data;
287 sig_data = sig_data->next) {
288 /* TODO: support owner check based on policy */
290 cert = x509_cert_parse(sig_data->data, sig_data->size);
292 debug("Parsing x509 certificate failed\n");
296 verified = efi_signature_verify(regs, msg, signed_info, cert);
302 x509_free_certificate(cert);
305 x509_free_certificate(cert);
309 debug("%s: Exit, verified: %d\n", __func__, verified);
314 * efi_signature_verify_with_sigdb - verify a signature with db
315 * @regs: List of regions to be authenticated
317 * @db: Signature database for trusted certificates
318 * @cert: x509 certificate that verifies this signature
320 * Signature pointed to by @msg against image pointed to by @regs
321 * is verified by signature database pointed to by @db.
323 * Return: true if signature is verified, false if not
325 bool efi_signature_verify_with_sigdb(struct efi_image_regions *regs,
326 struct pkcs7_message *msg,
327 struct efi_signature_store *db,
328 struct x509_certificate **cert)
330 struct pkcs7_signed_info *info;
331 struct efi_signature_store *siglist;
332 bool verified = false;
334 debug("%s: Enter, %p, %p, %p, %p\n", __func__, regs, msg, db, cert);
339 if (!db->sig_data_list)
342 /* for unsigned image */
344 debug("%s: Verify unsigned image with db\n", __func__);
345 for (siglist = db; siglist; siglist = siglist->next)
346 if (efi_signature_verify_with_list(regs, NULL, NULL,
355 /* for signed image or variable */
356 debug("%s: Verify signed image with db\n", __func__);
357 for (info = msg->signed_infos; info; info = info->next) {
358 debug("Signed Info: digest algo: %s, pkey algo: %s\n",
359 info->sig->hash_algo, info->sig->pkey_algo);
361 for (siglist = db; siglist; siglist = siglist->next) {
362 if (efi_signature_verify_with_list(regs, msg, info,
371 debug("%s: Exit, verified: %d\n", __func__, verified);
376 * efi_search_siglist - search signature list for a certificate
377 * @cert: x509 certificate
378 * @siglist: Signature list
379 * @revoc_time: Pointer to buffer for revocation time
381 * Search signature list pointed to by @siglist and find a certificate
382 * pointed to by @cert.
383 * If found, revocation time that is specified in signature database is
384 * returned in @revoc_time.
386 * Return: true if certificate is found, false if not
388 static bool efi_search_siglist(struct x509_certificate *cert,
389 struct efi_signature_store *siglist,
390 time64_t *revoc_time)
392 struct image_region reg[1];
393 void *hash = NULL, *msg = NULL;
394 struct efi_sig_data *sig_data;
398 if (!siglist->sig_data_list)
401 if (guidcmp(&siglist->sig_type, &efi_guid_cert_x509_sha256)) {
402 /* TODO: other hash algos */
403 debug("Certificate's digest type is not supported: %pUl\n",
408 /* calculate hash of TBSCertificate */
409 msg = calloc(1, SHA256_SUM_LEN);
411 debug("Out of memory\n");
415 hash = calloc(1, SHA256_SUM_LEN);
417 debug("Out of memory\n");
421 reg[0].data = cert->tbs;
422 reg[0].size = cert->tbs_size;
423 hash_calculate("sha256", reg, 1, msg);
425 /* go through signature list */
426 for (sig_data = siglist->sig_data_list; sig_data;
427 sig_data = sig_data->next) {
429 * struct efi_cert_x509_sha256 {
430 * u8 tbs_hash[256/8];
431 * time64_t revocation_time;
434 if ((sig_data->size == SHA256_SUM_LEN) &&
435 !memcmp(sig_data->data, hash, SHA256_SUM_LEN)) {
436 memcpy(revoc_time, sig_data->data + SHA256_SUM_LEN,
437 sizeof(*revoc_time));
451 * efi_signature_verify_cert - verify a certificate with dbx
452 * @cert: x509 certificate
453 * @dbx: Signature database
455 * Search signature database pointed to by @dbx and find a certificate
456 * pointed to by @cert.
457 * This function is expected to be used against "dbx".
459 * Return: true if a certificate is not rejected, false otherwise.
461 bool efi_signature_verify_cert(struct x509_certificate *cert,
462 struct efi_signature_store *dbx)
464 struct efi_signature_store *siglist;
468 debug("%s: Enter, %p, %p\n", __func__, dbx, cert);
473 for (siglist = dbx; siglist; siglist = siglist->next) {
474 if (efi_search_siglist(cert, siglist, &revoc_time)) {
476 /* compare signing time with revocation time */
483 debug("%s: Exit, verified: %d\n", __func__, !found);
488 * efi_signature_verify_signers - verify signers' certificates with dbx
490 * @dbx: Signature database
492 * Determine if any of signers' certificates in @msg may be verified
493 * by any of certificates in signature database pointed to by @dbx.
494 * This function is expected to be used against "dbx".
496 * Return: true if none of certificates is rejected, false otherwise.
498 bool efi_signature_verify_signers(struct pkcs7_message *msg,
499 struct efi_signature_store *dbx)
501 struct pkcs7_signed_info *info;
504 debug("%s: Enter, %p, %p\n", __func__, msg, dbx);
509 for (info = msg->signed_infos; info; info = info->next) {
511 !efi_signature_verify_cert(info->signer, dbx)) {
517 debug("%s: Exit, verified: %d\n", __func__, !found);
522 * efi_image_region_add - add an entry of region
523 * @regs: Pointer to array of regions
524 * @start: Start address of region
525 * @end: End address of region
526 * @nocheck: flag against overlapped regions
528 * Take one entry of region [@start, @end] and append it to the list
529 * pointed to by @regs. If @nocheck is false, overlapping among entries
530 * will be checked first.
532 * Return: status code
534 efi_status_t efi_image_region_add(struct efi_image_regions *regs,
535 const void *start, const void *end,
538 struct image_region *reg;
541 if (regs->num >= regs->max) {
542 debug("%s: no more room for regions\n", __func__);
543 return EFI_OUT_OF_RESOURCES;
547 return EFI_INVALID_PARAMETER;
549 for (i = 0; i < regs->num; i++) {
554 if (start > reg->data + reg->size)
557 if ((start >= reg->data && start < reg->data + reg->size) ||
558 (end > reg->data && end < reg->data + reg->size)) {
559 debug("%s: new region already part of another\n",
561 return EFI_INVALID_PARAMETER;
564 if (start < reg->data && end < reg->data + reg->size) {
565 for (j = regs->num - 1; j >= i; j--)
566 memcpy(®s->reg[j], ®s->reg[j + 1],
574 reg->size = end - start;
581 * efi_sigstore_free - free signature store
582 * @sigstore: Pointer to signature store structure
584 * Feee all the memories held in signature store and itself,
585 * which were allocated by efi_sigstore_parse_sigdb().
587 void efi_sigstore_free(struct efi_signature_store *sigstore)
589 struct efi_signature_store *sigstore_next;
590 struct efi_sig_data *sig_data, *sig_data_next;
593 sigstore_next = sigstore->next;
595 sig_data = sigstore->sig_data_list;
597 sig_data_next = sig_data->next;
598 free(sig_data->data);
600 sig_data = sig_data_next;
604 sigstore = sigstore_next;
609 * efi_sigstore_parse_siglist - parse a signature list
610 * @name: Pointer to signature list
612 * Parse signature list and instantiate a signature store structure.
613 * Signature database is a simple concatenation of one or more
616 * Return: Pointer to signature store on success, NULL on error
618 static struct efi_signature_store *
619 efi_sigstore_parse_siglist(struct efi_signature_list *esl)
621 struct efi_signature_store *siglist = NULL;
622 struct efi_sig_data *sig_data, *sig_data_next;
623 struct efi_signature_data *esd;
627 * UEFI specification defines certificate types:
628 * for non-signed images,
629 * EFI_CERT_SHA256_GUID
630 * EFI_CERT_RSA2048_GUID
631 * EFI_CERT_RSA2048_SHA256_GUID
633 * EFI_CERT_RSA2048_SHA_GUID
634 * EFI_CERT_SHA224_GUID
635 * EFI_CERT_SHA384_GUID
636 * EFI_CERT_SHA512_GUID
640 * NOTE: Each certificate will normally be in a separate
641 * EFI_SIGNATURE_LIST as the size may vary depending on
644 * for timestamp revocation of certificate,
645 * EFI_CERT_X509_SHA512_GUID
646 * EFI_CERT_X509_SHA256_GUID
647 * EFI_CERT_X509_SHA384_GUID
650 if (esl->signature_list_size
651 <= (sizeof(*esl) + esl->signature_header_size)) {
652 debug("Siglist in wrong format\n");
657 siglist = calloc(sizeof(*siglist), 1);
659 debug("Out of memory\n");
662 memcpy(&siglist->sig_type, &esl->signature_type, sizeof(efi_guid_t));
664 /* Go through the list */
665 sig_data_next = NULL;
666 left = esl->signature_list_size
667 - (sizeof(*esl) + esl->signature_header_size);
668 esd = (struct efi_signature_data *)
669 ((u8 *)esl + sizeof(*esl) + esl->signature_header_size);
672 /* Signature must exist if there is remaining data. */
673 if (left < esl->signature_size) {
674 debug("Certificate is too small\n");
678 sig_data = calloc(esl->signature_size
679 - sizeof(esd->signature_owner), 1);
681 debug("Out of memory\n");
685 /* Append signature data */
686 memcpy(&sig_data->owner, &esd->signature_owner,
688 sig_data->size = esl->signature_size
689 - sizeof(esd->signature_owner);
690 sig_data->data = malloc(sig_data->size);
691 if (!sig_data->data) {
692 debug("Out of memory\n");
695 memcpy(sig_data->data, esd->signature_data, sig_data->size);
697 sig_data->next = sig_data_next;
698 sig_data_next = sig_data;
701 esd = (struct efi_signature_data *)
702 ((u8 *)esd + esl->signature_size);
703 left -= esl->signature_size;
705 siglist->sig_data_list = sig_data_next;
710 efi_sigstore_free(siglist);
716 * efi_sigstore_parse_sigdb - parse a signature database variable
717 * @name: Variable's name
719 * Read in a value of signature database variable pointed to by
720 * @name, parse it and instantiate a signature store structure.
722 * Return: Pointer to signature store on success, NULL on error
724 struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name)
726 struct efi_signature_store *sigstore = NULL, *siglist;
727 struct efi_signature_list *esl;
728 const efi_guid_t *vendor;
733 if (!u16_strcmp(name, L"PK") || !u16_strcmp(name, L"KEK")) {
734 vendor = &efi_global_variable_guid;
735 } else if (!u16_strcmp(name, L"db") || !u16_strcmp(name, L"dbx")) {
736 vendor = &efi_guid_image_security_database;
738 debug("unknown signature database, %ls\n", name);
742 /* retrieve variable data */
744 ret = EFI_CALL(efi_get_variable(name, vendor, NULL, &db_size, NULL));
745 if (ret == EFI_NOT_FOUND) {
746 debug("variable, %ls, not found\n", name);
747 sigstore = calloc(sizeof(*sigstore), 1);
749 } else if (ret != EFI_BUFFER_TOO_SMALL) {
750 debug("Getting variable, %ls, failed\n", name);
754 db = malloc(db_size);
756 debug("Out of memory\n");
760 ret = EFI_CALL(efi_get_variable(name, vendor, NULL, &db_size, db));
761 if (ret != EFI_SUCCESS) {
762 debug("Getting variable, %ls, failed\n", name);
766 /* Parse siglist list */
768 while (db_size > 0) {
769 /* List must exist if there is remaining data. */
770 if (db_size < sizeof(*esl)) {
771 debug("variable, %ls, in wrong format\n", name);
775 if (db_size < esl->signature_list_size) {
776 debug("variable, %ls, in wrong format\n", name);
780 /* Parse a single siglist. */
781 siglist = efi_sigstore_parse_siglist(esl);
783 debug("Parsing signature list of %ls failed\n", name);
788 siglist->next = sigstore;
792 db_size -= esl->signature_list_size;
793 esl = (void *)esl + esl->signature_list_size;
800 efi_sigstore_free(sigstore);
805 #endif /* CONFIG_EFI_SECURE_BOOT */