From patchwork Mon May 17 15:17:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mulbrook, Andrew" X-Patchwork-Id: 1479589 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2607:f8b0:4864:20::103c; helo=mail-pj1-x103c.google.com; envelope-from=swupdate+bncbaabbgmsrkcqmgqesgjkvci@googlegroups.com; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20161025 header.b=FWmB++vl; dkim-atps=neutral Received: from mail-pj1-x103c.google.com (mail-pj1-x103c.google.com [IPv6:2607:f8b0:4864:20::103c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4FkN6j75Ysz9sX1 for ; Tue, 18 May 2021 01:17:48 +1000 (AEST) Received: by mail-pj1-x103c.google.com with SMTP id l3-20020a17090aa4c3b029015634c426b5sf6884416pjw.9 for ; Mon, 17 May 2021 08:17:48 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1621264665; cv=pass; d=google.com; s=arc-20160816; b=Zbr3TNN+Xg0G9ATAg/nM1qx166No/7U3Uq2KuWbU2eNPKEPsILdU1DfVQ63ZDKKI/D uS9m3Mj+FEdqGNuFCb38TWnENicgWIFQyNFJ+iHLJPJszSGbW4ifw2tdU0TTrgfRT5ve uidtzkoaI85CbqaIqjelqzhTM8/RZVLiQMkcpxe2oyfTc0AxXjPM5wRnKcEX/ZJir/D4 XQI5430QURnyRXAqNHusQbeQNrh34d8Ug8shyW9nqUFW05PiFwJmLPwVYBQTBZkKEM52 zvCzcY4IMRJkZA5QCA2PuC2hk8g9hX5plpl5GCxXb/MsJKiaWmbKBHRScHPlYKqJ9tts TYVA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:message-id :date:subject:cc:to:from:dkim-signature; bh=Uqx63w8FsRJwxoiqCEj7jGNY3tJG+NVUW4fPKyRIAOk=; b=br5NGweJojIcdx8FK4X2Cz+uD511Q1lE1JE5JzvwT63BgxOwOCiFWBRZtaKHZJvEv0 +d9XZoxyCgnncdGfOL4sVNFdpsZe+f8xpH7CiS6AxjT6o5QyzLp+0F9ceSUETt9Pf7vF hu9Ch7ktAQBe1JJ85lBsFmrjpIBEhVgvGMI2zwPAAxmxvpWOiU2o0liKddXiTZsu6xeR QTWYZa0Gots44DIQX9U92YjO3VmGM7ut7ioT5FZNGK2X3R1s69YWRitAsxonamVrd3yT ofHLGVq+8o/xQHhBk8AevseBslDQdShZzgTo1hAPo0HZ1OFA1pCEUu1uxyOTwV4m6GZI ZNZQ== ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@garmin.com header.s=pps1 header.b=A7c27BzE; dkim=pass header.i=@garmin.onmicrosoft.com header.s=selector1-garmin-onmicrosoft-com header.b=w58oeBqY; arc=pass (i=1 spf=pass spfdomain=garmin.com dmarc=pass fromdomain=garmin.com); spf=pass (google.com: domain of andrew.mulbrook@garmin.com designates 205.220.177.212 as permitted sender) smtp.mailfrom=Andrew.Mulbrook@garmin.com; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=garmin.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version:x-original-sender :x-original-authentication-results:reply-to:precedence:mailing-list :list-id:list-post:list-help:list-archive:list-subscribe :list-unsubscribe; bh=Uqx63w8FsRJwxoiqCEj7jGNY3tJG+NVUW4fPKyRIAOk=; b=FWmB++vlaDGIFNofACODCZYWPCd8eqs0F9ZqxCceU3r2+KtjegEP7jMYEDRWGfY0SS N7F/THEUyoqz+uPyF/vEDUqnAZfwCauJiFRa9JQkvrPKRscq4dprxZO/tugJHI9wIw/t xix7g76PfjAhnrgPVe3Dh4fOm+OGpoHlWNII6oJj5ecEoE2AfCXMkn7eOI5ogppiZnBc vqvuauP/E9dkL/JNqLFYY6whcv9rPL8R1vMsLiy3RX2TU7uS/AcYKzoEp2+bP1xQpvmR WxXhfOvtXvd9xmSSgPFrtbKRwbiFxm25PgDelxjl9exPjoT1Xo3X+MTq+Z4BoUy7gn+y g4rQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :x-original-sender:x-original-authentication-results:reply-to :precedence:mailing-list:list-id:x-spam-checked-in-group:list-post :list-help:list-archive:list-subscribe:list-unsubscribe; bh=Uqx63w8FsRJwxoiqCEj7jGNY3tJG+NVUW4fPKyRIAOk=; b=uRqx/QAxyIemtmytuyLb3GU9L1NqNm172cW4ZMcDhkzudnmQqqefqTvfYHs5diK22E tLKwJoAn/tFX7cKtPwFQAzPwRqegc6/RCQypxtPHbGR4rNuzjcBE1Bsja6QnSd8x/Ltk ctGaGsXiqJPOzWcA0VYpzFPgBXW4CdJGEhWyefWOlG4ZT4ODu8NGCRc4+Nik5kCFbRsZ +hlECiDTSLSjswPbFsWqL6qYayfIpyN48WL+ql+s2UAI22dCEnMfxr6Y2Ko0bp9wLwNs yLI803UdVqLt4nTV61WAn2jIXDkgOunLefxT53H0Oo0wBzP39TDGCsG8jX0DgfvgKClK WJyA== X-Gm-Message-State: AOAM532kaZacKPTLHJ44zxEMA1VJksqOnYlXzpvbEeLofhGMRxC4YaLV BzK6WeMx9Y5ud9RG/ebGgYI= X-Google-Smtp-Source: ABdhPJzfnJBBzW2tjsmmN4rs+oI10OF1huGjJn+vPsCL08f5NCOUwyu8rxeBv0otI7gv4Q61t/h+Dg== X-Received: by 2002:a63:770b:: with SMTP id s11mr95310pgc.5.1621264665313; Mon, 17 May 2021 08:17:45 -0700 (PDT) X-BeenThere: swupdate@googlegroups.com Received: by 2002:aa7:9f96:: with SMTP id z22ls634899pfr.2.gmail; Mon, 17 May 2021 08:17:44 -0700 (PDT) X-Received: by 2002:a62:f24b:0:b029:2dc:9098:c14c with SMTP id y11-20020a62f24b0000b02902dc9098c14cmr174051pfl.19.1621264664596; Mon, 17 May 2021 08:17:44 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1621264664; cv=pass; d=google.com; s=arc-20160816; b=tdrFyDHCpioizQ8d4GeixWqTSzLY1vwncEZiQi4WBDSfq2TCVDfpvShpODBP1bkmkZ j0f3ybcjdLr7HjVA1NZFQ7Xow3dSRNpagLjM4Nm33vC3CHzPPif3qKyktippD05hcUze TzaX9zGIeDQO8PJjfdQKSRl3ckHi8k5FSudgLNlZ5A37wbsKwVrX8Bt1o7jXmFvGk95i Kc3Sm8SnKfbm+Wy9JfFRu4LaX672jMHrpyHfk8Cz4s7q32BdyLOoPoaTQD+u/H1y/Lcm XmdJZ1ZnijSBUUaolFrdaoommjNqzDo7xOByiXRyahB4Z8HVNm4n1sdz/ItarnUSmmea HPuA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:dkim-signature:dkim-signature; bh=0I67nH2o/NfbCXSFW6kpon+mgzYBSqNvTma3Jm4Q6Xc=; b=ajH/ZdbmuaRPpKQQuiFZpq2G8pux+yGqVp3B73VVLwVI7jj8BRZO/8/DxRD99fKS9d R8rrk3LFFch2K0GdWlwAtGDL/Zj6WgGSBlX7pN/3ltTcR7JqR35HFMFGGoS5YeqsC9eh ulLTwX10vazbwmZm9NigkI5XfkCdUOojwkRMLPfvRhF5vdrpVj8qk0BEogDnyvWrNwml TcFZtCILsc7LSBc5btZJCJxkn6xvJSfX16cpAeZ6v609LcWF2BVqKqU3TY0hNcr27VPi itO4NAfZmPG1PC4TiPk+i8nuJae+KUhtogJFxMUdA8S0fiduZsJUTlLmpqaQ9r7tEBwo SmNg== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@garmin.com header.s=pps1 header.b=A7c27BzE; dkim=pass header.i=@garmin.onmicrosoft.com header.s=selector1-garmin-onmicrosoft-com header.b=w58oeBqY; arc=pass (i=1 spf=pass spfdomain=garmin.com dmarc=pass fromdomain=garmin.com); spf=pass (google.com: domain of andrew.mulbrook@garmin.com designates 205.220.177.212 as permitted sender) smtp.mailfrom=Andrew.Mulbrook@garmin.com; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=garmin.com Received: from mx0b-000eb902.pphosted.com (mx0b-000eb902.pphosted.com. [205.220.177.212]) by gmr-mx.google.com with ESMTPS id n21si1250488pjq.1.2021.05.17.08.17.44 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 May 2021 08:17:44 -0700 (PDT) Received-SPF: pass (google.com: domain of andrew.mulbrook@garmin.com designates 205.220.177.212 as permitted sender) client-ip=205.220.177.212; Received: from pps.filterd (m0220299.ppops.net [127.0.0.1]) by mx0a-000eb902.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 14HF4ARw028309 for ; Mon, 17 May 2021 10:17:43 -0500 Received: from nam11-bn8-obe.outbound.protection.outlook.com (mail-bn8nam11lp2172.outbound.protection.outlook.com [104.47.58.172]) by mx0a-000eb902.pphosted.com with ESMTP id 38ktdur39n-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 17 May 2021 10:17:43 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MlxZ5/TS9L9VRfzuFeLr301zrjA2CcmfLQCadG51IyVeRL8hXWtyiqSAoaTLCSmR1EOFz7thFsPecz2ip0yxdQp+Axabl2RS1VpHoSzIeAiDgX0I9N3UzdziaMHk01eXgVEByXfETCnqSYws0dPN87sgo1ME14tJL6LYacnlyFYXafr5lzT6trytY2BxwA8g2Dil5EHzYPbiHtNEODIzXwias6meNgVweMA3mWoo5KaB5rQlJdu3g3eLPBoOt2Un/v2PqquaX3+2TeKvlvLwQ697XxZ9ugIBxf3dubxXdbhLqhi3m4pLZSJnUplxY2mfKpj3jZ1WugkYajQgoA3cYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0I67nH2o/NfbCXSFW6kpon+mgzYBSqNvTma3Jm4Q6Xc=; b=FjTQfTa3M/69+E9Qc/8x9YewNSGnkNSeRHUav05iMrpXOOz6cfICXD+8bbjdfS84yFxqTar/mjpXI5ia34Cw33NfFO21g9TMJ9awVAhMopH8cbC8MotgfXTn4P4NzIEe6MvRiX6OrVhsWYh4rlA0s2cJOi6avFlbAq9iFLMrTB9KzGhJeNE5o/jfl77hXO+ji5RaM/cldeHw0zdp54xh99ZxotmQcvg0l+iZAEplL8xGKzA0tPki9/cWQHkDfrAd0ba7bDMl5DW8TJtZw//Qf4D5CdXgmRNl8yOW+azrNO2qCqYS+y27US9JrmUwfhp63ug8sErOInZuVmpFYCsDtg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 204.77.163.244) smtp.rcpttodomain=googlegroups.com smtp.mailfrom=garmin.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=garmin.com; dkim=none (message not signed); arc=none Received: from DM5PR2201CA0007.namprd22.prod.outlook.com (2603:10b6:4:14::17) by BYAPR04MB4359.namprd04.prod.outlook.com (2603:10b6:a02:ff::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.26; Mon, 17 May 2021 15:17:39 +0000 Received: from DM6NAM10FT059.eop-nam10.prod.protection.outlook.com (2603:10b6:4:14:cafe::c6) by DM5PR2201CA0007.outlook.office365.com (2603:10b6:4:14::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4108.25 via Frontend Transport; Mon, 17 May 2021 15:17:39 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 204.77.163.244) smtp.mailfrom=garmin.com; googlegroups.com; dkim=none (message not signed) header.d=none;googlegroups.com; dmarc=pass action=none header.from=garmin.com; Received-SPF: Pass (protection.outlook.com: domain of garmin.com designates 204.77.163.244 as permitted sender) receiver=protection.outlook.com; client-ip=204.77.163.244; helo=edgetransport.garmin.com; Received: from edgetransport.garmin.com (204.77.163.244) by DM6NAM10FT059.mail.protection.outlook.com (10.13.153.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.25 via Frontend Transport; Mon, 17 May 2021 15:17:39 +0000 Received: from OLAWPA-EXMB1.ad.garmin.com (10.5.144.23) by olawpa-edge2.garmin.com (10.60.4.35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.2106.2; Mon, 17 May 2021 10:17:35 -0500 Received: from OLAWPA-EXMB1.ad.garmin.com (10.5.144.23) by OLAWPA-EXMB1.ad.garmin.com (10.5.144.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2242.10; Mon, 17 May 2021 10:17:38 -0500 Received: from ola-gq7yn23.garmin.com (10.5.84.15) by smtp.garmin.com (10.5.144.23) with Microsoft SMTP Server id 15.1.2242.10 via Frontend Transport; Mon, 17 May 2021 10:17:38 -0500 X-Patchwork-Original-From: "'Andrew Mulbrook' via swupdate" From: "Mulbrook, Andrew" To: CC: Andrew Mulbrook Subject: [swupdate] [PATCH] Add optional CMS single signer verification Date: Mon, 17 May 2021 10:17:28 -0500 Message-ID: <20210517151728.8679-1-andrew.mulbrook@garmin.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 994fe2b2-5e1f-4c4d-9d4e-08d91946e8ed X-MS-TrafficTypeDiagnostic: BYAPR04MB4359: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6790; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: djN2Yp5ZZG9ihpotcR/xKU0qCtjvSzvxSLYckrv9E3ccaEp0Z8wNUpunI7aDXzvhk4rqlszwO5jx5wlp01EE6ed7WNyCUeDrLXg467RjLcL7wl/KEFmGwf5PD0Mct5B4eV+ij1fa79RDLwoHEzGhLCYnS77UtkKXiFYcw63XodZqh2dvWnkTjm2nZz0ZNUHCa+AhRw60aFfnsmKEsxrLsSbbu0AS7kPswoVASH0JOTpyb32dATn6OpdMTRLG1yy2ZzxEEQsjpcdceVbztOFeRKVbfqv2hblhxffdp8OQ4gYPYBq9M5qXOYd8WmWbLChoobOGUtEP1QXd+OhkXSmu//q/oJFKG3s8tBZPz+Pf1s/K7ACOQE+OQc+rxYwNM7usvV94gANY1Vqa0SGWA+i7jQmroVtUJ0rZKZ1FHpPEcvMLk27gTaXAGS65Fta3J6vxlwIKRCdlC9AtCgXX2Z2q/0b5KjQ5w1rrqxD7Ppqbe1kpS7aZhRwPQ/ng4vhx5XNwJwOFvqaWjGj+PBu93g21EtjGqcJBn2a3uP2KmBvUYaK601Du+5BL6tz7ru350RQDxWuzNxK3o93UA5bD8dc+V9pebHswwYk4xEAiPPFQAQT5NvCYmEtffjguwgRAE/Tgh6kzXYuIJFU1jprAnzNgbfeZ1vfG+29BEKiN0sVIMvs= X-Forefront-Antispam-Report: CIP:204.77.163.244;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:edgetransport.garmin.com;PTR:extedge.garmin.com;CAT:NONE;SFS:(39860400002)(136003)(376002)(396003)(346002)(46966006)(36840700001)(107886003)(44832011)(7696005)(4326008)(47076005)(336012)(70206006)(316002)(356005)(6916009)(186003)(478600001)(8936002)(15650500001)(82740400003)(26005)(426003)(86362001)(2616005)(7636003)(8676002)(6666004)(36860700001)(5660300002)(82310400003)(2906002)(36756003)(83380400001)(70586007)(1076003);DIR:OUT;SFP:1102; X-OriginatorOrg: garmin.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 May 2021 15:17:39.4688 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 994fe2b2-5e1f-4c4d-9d4e-08d91946e8ed X-MS-Exchange-CrossTenant-Id: 38d0d425-ba52-4c0a-a03e-2a65c8e82e2d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=38d0d425-ba52-4c0a-a03e-2a65c8e82e2d;Ip=[204.77.163.244];Helo=[edgetransport.garmin.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM10FT059.eop-nam10.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR04MB4359 X-Proofpoint-GUID: SBvIZVyTXG2-2yaY10VJMo9lFa6AbMHL X-Proofpoint-ORIG-GUID: SBvIZVyTXG2-2yaY10VJMo9lFa6AbMHL X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391,18.0.761 definitions=2021-05-17_06:2021-05-17,2021-05-17 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 clxscore=1011 bulkscore=0 adultscore=0 mlxscore=0 lowpriorityscore=0 spamscore=0 malwarescore=0 phishscore=0 impostorscore=0 priorityscore=1501 mlxlogscore=713 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2105170107 X-Original-Sender: andrew.mulbrook@garmin.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@garmin.com header.s=pps1 header.b=A7c27BzE; dkim=pass header.i=@garmin.onmicrosoft.com header.s=selector1-garmin-onmicrosoft-com header.b=w58oeBqY; arc=pass (i=1 spf=pass spfdomain=garmin.com dmarc=pass fromdomain=garmin.com); spf=pass (google.com: domain of andrew.mulbrook@garmin.com designates 205.220.177.212 as permitted sender) smtp.mailfrom=Andrew.Mulbrook@garmin.com; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=garmin.com X-Original-From: Andrew Mulbrook Reply-To: Andrew Mulbrook Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , This change introduces a Kconfig parameter allowing CMS verification when additional unrecognized signatures are included in the CMS stream. Content verification is required against all signatures, but swupdate only requires a single signature in the set to be verified against the public key specified to swupdate. This operation requires manual checking of signatures outside of the CMS_verify operation as OpenSSL requires all signatures within the CMS envelop to verify. Signed-off-by: Andrew Mulbrook --- Kconfig | 4 +++ corelib/swupdate_cms_verify.c | 58 ++++++++++++++++++++++++++++++++++- 2 files changed, 61 insertions(+), 1 deletion(-) diff --git a/Kconfig b/Kconfig index 75f9eaa..2a8133c 100644 --- a/Kconfig +++ b/Kconfig @@ -457,6 +457,10 @@ config CMS_IGNORE_EXPIRED_CERTIFICATE config CMS_IGNORE_CERTIFICATE_PURPOSE bool "Ignore X.509 certificate purpose" depends on SIGALG_CMS + +config CMS_SKIP_UNKNOWN_SIGNERS + bool "Ignore unverifiable signatures if known signer verifies" + depends on SIGALG_CMS endmenu diff --git a/corelib/swupdate_cms_verify.c b/corelib/swupdate_cms_verify.c index 5ec3878..2c0ba39 100644 --- a/corelib/swupdate_cms_verify.c +++ b/corelib/swupdate_cms_verify.c @@ -16,6 +16,12 @@ #include "util.h" #include "swupdate_verify_private.h" +#if defined(CONFIG_CMS_SKIP_UNKNOWN_SIGNERS) +#define VERIFY_UNKNOWN_SIGNER_FLAGS (CMS_NO_SIGNER_CERT_VERIFY) +#else +#define VERIFY_UNKNOWN_SIGNER_FLAGS (0) +#endif + int check_code_sign(const X509_PURPOSE *xp, const X509 *crt, int ca) { X509 *x = (X509 *)crt; @@ -182,6 +188,47 @@ static int check_signer_name(CMS_ContentInfo *cms, const char *name) return ret; } +#if defined(CONFIG_CMS_SKIP_UNKNOWN_SIGNERS) +static int check_verified_signer(CMS_ContentInfo* cms, X509_STORE* store) +{ + int i, ret = 1; + + X509_STORE_CTX *ctx = X509_STORE_CTX_new(); + STACK_OF(CMS_SignerInfo) *infos = CMS_get0_SignerInfos(cms); + STACK_OF(X509)* cms_certs = CMS_get1_certs(cms); + + if (!ctx) { + ERROR("Failed to allocate verification context"); + return ret; + } + + for (i = 0; i < sk_CMS_SignerInfo_num(infos) && ret != 0; ++i) { + CMS_SignerInfo *si = sk_CMS_SignerInfo_value(infos, i); + X509 *signer = NULL; + + CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL); + if (!X509_STORE_CTX_init(ctx, store, signer, cms_certs)) { + ERROR("Failed to initialize signer verification operation"); + break; + } + + X509_STORE_CTX_set_default(ctx, "smime_sign"); + if (X509_verify_cert(ctx) > 0) { + TRACE("Verified signature %d in signer sequence", i); + ret = 0; + } else { + TRACE("Failed to verify certificate %d in signer sequence", i); + } + + X509_STORE_CTX_cleanup(ctx); + } + + X509_STORE_CTX_free(ctx); + + return ret; +} +#endif + int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile, const char *file, const char *signer_name) { @@ -221,13 +268,22 @@ int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile, /* Then try to verify signature */ if (!CMS_verify(cms, NULL, dgst->certs, content_bio, - NULL, CMS_BINARY)) { + NULL, CMS_BINARY | VERIFY_UNKNOWN_SIGNER_FLAGS)) { ERR_print_errors_fp(stderr); ERROR("Signature verification failed"); status = -EBADMSG; goto out; } +#if defined(CONFIG_CMS_SKIP_UNKNOWN_SIGNERS) + /* Verify at least one signer authenticates */ + if (check_verified_signer(cms, dgst->certs)) { + ERROR("Authentication of all signatures failed"); + status = -EBADMSG; + goto out; + } +#endif + TRACE("Verified OK"); /* Signature is valid */