PKCS#7: Appropriately restrict authenticated attributes and content type

	int ret;

	ret = verify_pefile_signature(kernel, kernel_len,

				      system_trusted_keyring, &trusted);

				      system_trusted_keyring,

				      VERIFYING_KEXEC_PE_SIGNATURE,

				      &trusted);

	if (ret < 0)

		return ret;

	if (!trusted)

 */

#include <keys/asymmetric-subtype.h>

#include <keys/asymmetric-parser.h>

#include <crypto/public_key.h>

#include <linux/seq_file.h>

#include <linux/module.h>

#include <linux/slab.h>

MODULE_LICENSE("GPL");

const char *const key_being_used_for[NR__KEY_BEING_USED_FOR] = {

	[VERIFYING_MODULE_SIGNATURE]		= "mod sig",

	[VERIFYING_FIRMWARE_SIGNATURE]		= "firmware sig",

	[VERIFYING_KEXEC_PE_SIGNATURE]		= "kexec PE sig",

	[VERIFYING_KEY_SIGNATURE]		= "key sig",

	[VERIFYING_KEY_SELF_SIGNATURE]		= "key self sig",

	[VERIFYING_UNSPECIFIED_SIGNATURE]	= "unspec sig",

};

EXPORT_SYMBOL_GPL(key_being_used_for);

static LIST_HEAD(asymmetric_key_parsers);

static DECLARE_RWSEM(asymmetric_key_parsers_sem);

SignedData ::= SEQUENCE {

	version			INTEGER ({ pkcs7_note_signeddata_version }),

	digestAlgorithms	DigestAlgorithmIdentifiers,

	contentInfo		ContentInfo,

	contentInfo		ContentInfo ({ pkcs7_note_content }),

	certificates		CHOICE {

		certSet		[0] IMPLICIT ExtendedCertificatesAndCertificates,

		certSequence	[2] IMPLICIT Certificates

}

ContentInfo ::= SEQUENCE {

	contentType	ContentType,

	contentType	ContentType ({ pkcs7_note_OID }),

	content		[0] EXPLICIT Data OPTIONAL

}

}

UnauthenticatedAttribute ::= SEQUENCE {

	type			OBJECT IDENTIFIER ({ pkcs7_note_OID }),

	type			OBJECT IDENTIFIER,

	values			SET OF ANY

}

#include <linux/err.h>

#include <linux/module.h>

#include <linux/key-type.h>

#include <keys/asymmetric-type.h>

#include <crypto/pkcs7.h>

#include <keys/user-type.h>

#include <keys/system_keyring.h>

#include "pkcs7_parser.h"

static unsigned pkcs7_usage;

module_param_named(usage, pkcs7_usage, uint, S_IWUSR | S_IRUGO);

MODULE_PARM_DESC(pkcs7_usage,

		 "Usage to specify when verifying the PKCS#7 message");

/*

 * Preparse a PKCS#7 wrapped and validated data blob.

 */

static int pkcs7_preparse(struct key_preparsed_payload *prep)

{

	enum key_being_used_for usage = pkcs7_usage;

	struct pkcs7_message *pkcs7;

	const void *data, *saved_prep_data;

	size_t datalen, saved_prep_datalen;

	kenter("");

	if (usage >= NR__KEY_BEING_USED_FOR) {

		pr_err("Invalid usage type %d\n", usage);

		return -EINVAL;

	}

	saved_prep_data = prep->data;

	saved_prep_datalen = prep->datalen;

	pkcs7 = pkcs7_parse_message(saved_prep_data, saved_prep_datalen);

		goto error;

	}

	ret = pkcs7_verify(pkcs7);

	ret = pkcs7_verify(pkcs7, usage);

	if (ret < 0)

		goto error_free;

}

EXPORT_SYMBOL_GPL(pkcs7_free_message);

/*

 * Check authenticatedAttributes are provided or not provided consistently.

 */

static int pkcs7_check_authattrs(struct pkcs7_message *msg)

{

	struct pkcs7_signed_info *sinfo;

	bool want;

	sinfo = msg->signed_infos;

	if (sinfo->authattrs) {

		want = true;

		msg->have_authattrs = true;

	}

	for (sinfo = sinfo->next; sinfo; sinfo = sinfo->next)

		if (!!sinfo->authattrs != want)

			goto inconsistent;

	return 0;

inconsistent:

	pr_warn("Inconsistently supplied authAttrs\n");

	return -EINVAL;

}

/**

 * pkcs7_parse_message - Parse a PKCS#7 message

 * @data: The raw binary ASN.1 encoded message to be parsed

		goto out;

	}

	ret = pkcs7_check_authattrs(ctx->msg);

	if (ret < 0)

		goto out;

	msg = ctx->msg;

	ctx->msg = NULL;

	return 0;

}

/*

 * Note the content type.

 */

int pkcs7_note_content(void *context, size_t hdrlen,

		       unsigned char tag,

		       const void *value, size_t vlen)

{

	struct pkcs7_parse_context *ctx = context;

	if (ctx->last_oid != OID_data &&

	    ctx->last_oid != OID_msIndirectData) {

		pr_warn("Unsupported data type %d\n", ctx->last_oid);

		return -EINVAL;

	}

	ctx->msg->data_type = ctx->last_oid;

	return 0;

}

/*

 * Extract the data from the message and store that and its content type OID in

 * the context.

	ctx->msg->data = value;

	ctx->msg->data_len = vlen;

	ctx->msg->data_hdrlen = hdrlen;

	ctx->msg->data_type = ctx->last_oid;

	return 0;

}

/*

 * Parse authenticated attributes

 * Parse authenticated attributes.

 */

int pkcs7_sig_note_authenticated_attr(void *context, size_t hdrlen,

				      unsigned char tag,

				      const void *value, size_t vlen)

{

	struct pkcs7_parse_context *ctx = context;

	struct pkcs7_signed_info *sinfo = ctx->sinfo;

	enum OID content_type;

	pr_devel("AuthAttr: %02x %zu [%*ph]\n", tag, vlen, (unsigned)vlen, value);

	switch (ctx->last_oid) {

	case OID_contentType:

		if (__test_and_set_bit(sinfo_has_content_type, &sinfo->aa_set))

			goto repeated;

		content_type = look_up_OID(value, vlen);

		if (content_type != ctx->msg->data_type) {

			pr_warn("Mismatch between global data type (%d) and sinfo %u (%d)\n",

				ctx->msg->data_type, sinfo->index,

				content_type);

			return -EBADMSG;

		}

		return 0;

	case OID_signingTime:

		if (__test_and_set_bit(sinfo_has_signing_time, &sinfo->aa_set))

			goto repeated;

		/* Should we check that the signing time is consistent

		 * with the signer's X.509 cert?

		 */

		return x509_decode_time(&sinfo->signing_time,

					hdrlen, tag, value, vlen);

	case OID_messageDigest:

		if (__test_and_set_bit(sinfo_has_message_digest, &sinfo->aa_set))

			goto repeated;

		if (tag != ASN1_OTS)

			return -EBADMSG;

		ctx->sinfo->msgdigest = value;

		ctx->sinfo->msgdigest_len = vlen;

		sinfo->msgdigest = value;

		sinfo->msgdigest_len = vlen;

		return 0;

	case OID_smimeCapabilites:

		if (__test_and_set_bit(sinfo_has_smime_caps, &sinfo->aa_set))

			goto repeated;

		if (ctx->msg->data_type != OID_msIndirectData) {

			pr_warn("S/MIME Caps only allowed with Authenticode\n");

			return -EKEYREJECTED;

		}

		return 0;

		/* Microsoft SpOpusInfo seems to be contain cont[0] 16-bit BE

		 * char URLs and cont[1] 8-bit char URLs.

		 *

		 * Microsoft StatementType seems to contain a list of OIDs that

		 * are also used as extendedKeyUsage types in X.509 certs.

		 */

	case OID_msSpOpusInfo:

		if (__test_and_set_bit(sinfo_has_ms_opus_info, &sinfo->aa_set))

			goto repeated;

		goto authenticode_check;

	case OID_msStatementType:

		if (__test_and_set_bit(sinfo_has_ms_statement_type, &sinfo->aa_set))

			goto repeated;

	authenticode_check:

		if (ctx->msg->data_type != OID_msIndirectData) {

			pr_warn("Authenticode AuthAttrs only allowed with Authenticode\n");

			return -EKEYREJECTED;

		}

		/* I'm not sure how to validate these */

		return 0;

	default:

		return 0;

	}

repeated:

	/* We permit max one item per AuthenticatedAttribute and no repeats */

	pr_warn("Repeated/multivalue AuthAttrs not permitted\n");

	return -EKEYREJECTED;

}

/*

				    const void *value, size_t vlen)

{

	struct pkcs7_parse_context *ctx = context;

	struct pkcs7_signed_info *sinfo = ctx->sinfo;

	if (!test_bit(sinfo_has_content_type, &sinfo->aa_set) ||

	    !test_bit(sinfo_has_message_digest, &sinfo->aa_set) ||

	    (ctx->msg->data_type == OID_msIndirectData &&

	     !test_bit(sinfo_has_ms_opus_info, &sinfo->aa_set))) {

		pr_warn("Missing required AuthAttr\n");

		return -EBADMSG;

	}

	if (ctx->msg->data_type != OID_msIndirectData &&

	    test_bit(sinfo_has_ms_opus_info, &sinfo->aa_set)) {

		pr_warn("Unexpected Authenticode AuthAttr\n");

		return -EBADMSG;

	}

	/* We need to switch the 'CONT 0' to a 'SET OF' when we digest */

	ctx->sinfo->authattrs = value - (hdrlen - 1);

	ctx->sinfo->authattrs_len = vlen + (hdrlen - 1);

	sinfo->authattrs = value - (hdrlen - 1);

	sinfo->authattrs_len = vlen + (hdrlen - 1);

	return 0;

}

	struct pkcs7_signed_info *sinfo = ctx->sinfo;

	struct asymmetric_key_id *kid;

	if (ctx->msg->data_type == OID_msIndirectData && !sinfo->authattrs) {

		pr_warn("Authenticode requires AuthAttrs\n");

		return -EBADMSG;

	}

	/* Generate cert issuer + serial number key ID */

	if (!ctx->expect_skid) {

		kid = asymmetric_key_generate_id(ctx->raw_serial,