From patchwork Tue Jun 16 05:26:52 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: AKASHI Takahiro <takahiro.akashi@linaro.org>
X-Patchwork-Id: 1309997
X-Patchwork-Delegate: xypron.glpk@gmx.de
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256
 header.s=google header.b=qFNBp2Ue;
	dkim-atps=neutral
Received: from phobos.denx.de (phobos.denx.de
 [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 49mGwV2kFJz9sRN
	for <incoming@patchwork.ozlabs.org>; Tue, 16 Jun 2020 15:29:30 +1000 (AEST)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 2C4FC81E92;
	Tue, 16 Jun 2020 07:28:46 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key;
 unprotected) header.d=linaro.org header.i=@linaro.org header.b="qFNBp2Ue";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 54C6781EC0; Tue, 16 Jun 2020 07:28:30 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham
 autolearn_force=no version=3.4.2
Received: from mail-pf1-x443.google.com (mail-pf1-x443.google.com
 [IPv6:2607:f8b0:4864:20::443])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id CA5CD81EB5
 for <u-boot@lists.denx.de>; Tue, 16 Jun 2020 07:28:20 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=takahiro.akashi@linaro.org
Received: by mail-pf1-x443.google.com with SMTP id 10so8946082pfx.8
 for <u-boot@lists.denx.de>; Mon, 15 Jun 2020 22:28:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=MhQLNKDscXqsxKYVHYkByxJngIz64T6uR/UV7XbOZWo=;
 b=qFNBp2UegO1p3fmhYGfmHkdDiir0QYddtj7uijLs4f/ZEziYaSofeZmWGD6RDUPIbT
 SZJhnGToNnFj6TRslSFUp36qIuhl2SKuPh2uXdx38Wrn5Pjso0RHj9cNRyHH5NSUwIm0
 943Nou5Tpz2ixbcMZ6sOZSAW12Zye2SafWemAfl9VKLcA+2xGXv3kMZAGEa9fLpchwDo
 GXmz79fQy7l+OuW1nmzQl+YyPLjGz/ihK8hl0ibX2uDbjKm2zSXkSURuX1r+8y+5TpQB
 OIqgRLXHKk1lckOgbdxhGUGyp8GPWIyd+nlLwNp3bypQaQ38lOA3qSgoz9JbsS/skYmY
 PqkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=MhQLNKDscXqsxKYVHYkByxJngIz64T6uR/UV7XbOZWo=;
 b=EsVhpAYRQkrxBTOLIwhDg2LFPXglhxJynebiq3Qd/TgXDsNwQQ625uw7vDCxDAIEnh
 V3iAmpp9ehAzeO99rsDXNk85y88XMlxzCobxIzfKgEmBtWmCzOHYQdrTBBt89q66w1P1
 uKK3RY+wsoJyW8gOeUJzOkRXQmgFNVbe5qNvbwC4Mx6QeCyb/LzkFW7AzsENeYSPjJR8
 8J71LqkfFUC6qq/GPSXEoN1NE7X7gxR3B6cDq9gliWY6kN00DfNlVvR1dDAvrKorSzyn
 Nxcf3a7D4gLAMJ6DWaTr27PJrsVkNI3wegWqYXbQP+fGsoeCCJ/C0VK6bPfnZYjDTYZK
 uCjg==
X-Gm-Message-State: AOAM530eYWl0RZb9Yn1chPS6o2s6IHQS9esNmyqGjW1960KZquhLMFGp
 eh2cPXJWgw9JCR6TFhRsOEV4l17p5ri1MQ==
X-Google-Smtp-Source: 
 ABdhPJyCfjNkNSq1zUyG0Uxdki5AmB7l9+zPvknvJQq92lhgKToxeqTzzwufvW3bWU360DvzDlRb6A==
X-Received: by 2002:a63:2160:: with SMTP id s32mr869222pgm.64.1592285298031;
 Mon, 15 Jun 2020 22:28:18 -0700 (PDT)
Received: from localhost.localdomain (p6e421564.tkyea130.ap.so-net.ne.jp.
 [110.66.21.100])
 by smtp.gmail.com with ESMTPSA id ds11sm1080789pjb.0.2020.06.15.22.28.15
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 15 Jun 2020 22:28:17 -0700 (PDT)
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: xypron.glpk@gmx.de,
	agraf@csgraf.de
Cc: sughosh.ganu@linaro.org, mail@patrick-wildt.de, u-boot@lists.denx.de,
 AKASHI Takahiro <takahiro.akashi@linaro.org>
Subject: [PATCH v2 5/8] lib: crypto: add pkcs7_digest()
Date: Tue, 16 Jun 2020 14:26:52 +0900
Message-Id: <20200616052655.4845-6-takahiro.akashi@linaro.org>
X-Mailer: git-send-email 2.27.0
In-Reply-To: <20200616052655.4845-1-takahiro.akashi@linaro.org>
References: <20200616052655.4845-1-takahiro.akashi@linaro.org>
MIME-Version: 1.0
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.30rc1
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.102.2 at phobos.denx.de
X-Virus-Status: Clean

This function was nullified when the file, pkcs7_verify.c, was imported
because it calls further linux-specific interfaces inside, hence that
could lead to more files being imported from linux.

We need this function in pkcs7_verify_one() and so simply re-implement it
here instead of re-using the code.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
---
 lib/crypto/pkcs7_verify.c | 95 +++++++++++++++++++++++++++++++++++++--
 1 file changed, 91 insertions(+), 4 deletions(-)

diff --git a/lib/crypto/pkcs7_verify.c b/lib/crypto/pkcs7_verify.c
index 1e8600f7faca..9b9030ea4440 100644
--- a/lib/crypto/pkcs7_verify.c
+++ b/lib/crypto/pkcs7_verify.c
@@ -17,7 +17,10 @@
 #include <linux/err.h>
 #endif
 #include <linux/asn1.h>
-#ifndef __UBOOT__
+#ifdef __UBOOT__
+#include <image.h>
+#include <u-boot/rsa-checksum.h>
+#else
 #include <crypto/hash.h>
 #include <crypto/hash_info.h>
 #endif
@@ -29,15 +32,99 @@
 #endif
 
 /*
- * Digest the relevant parts of the PKCS#7 data
+ * pkcs7_digest - Digest the relevant parts of the PKCS#7 data
+ * @pkcs7:	PKCS7 Signed Data
+ * @sinfo:	PKCS7 Signed Info
+ *
+ * Digest the relevant parts of the PKCS#7 data, @pkcs7, using signature
+ * information in @sinfo. But if there are authentication attributes,
+ * i.e. signed image case, the digest must be calculated against
+ * the authentication attributes.
+ *
+ * Return:	0 - on success, non-zero error code - otherwise
  */
 #ifdef __UBOOT__
 static int pkcs7_digest(struct pkcs7_message *pkcs7,
 			struct pkcs7_signed_info *sinfo)
 {
-	return 0;
+	struct public_key_signature *sig = sinfo->sig;
+	struct image_region regions[2];
+	int ret = 0;
+
+	/* The digest was calculated already. */
+	if (sig->digest)
+		return 0;
+
+	if (!sinfo->sig->hash_algo)
+		return -ENOPKG;
+	if (!strcmp(sinfo->sig->hash_algo, "sha256"))
+		sig->digest_size = SHA256_SUM_LEN;
+	else if (!strcmp(sinfo->sig->hash_algo, "sha1"))
+		sig->digest_size = SHA1_SUM_LEN;
+	else
+		return -ENOPKG;
+
+	sig->digest = calloc(1, sig->digest_size);
+	if (!sig->digest) {
+		pr_warn("Sig %u: Out of memory\n", sinfo->index);
+		return -ENOMEM;
+	}
+
+	regions[0].data = pkcs7->data;
+	regions[0].size = pkcs7->data_len;
+
+	/* Digest the message [RFC2315 9.3] */
+	hash_calculate(sinfo->sig->hash_algo, regions, 1, sig->digest);
+
+	/* However, if there are authenticated attributes, there must be a
+	 * message digest attribute amongst them which corresponds to the
+	 * digest we just calculated.
+	 */
+	if (sinfo->authattrs) {
+		u8 tag;
+
+		if (!sinfo->msgdigest) {
+			pr_warn("Sig %u: No messageDigest\n", sinfo->index);
+			ret = -EKEYREJECTED;
+			goto error;
+		}
+
+		if (sinfo->msgdigest_len != sig->digest_size) {
+			pr_debug("Sig %u: Invalid digest size (%u)\n",
+				 sinfo->index, sinfo->msgdigest_len);
+			ret = -EBADMSG;
+			goto error;
+		}
+
+		if (memcmp(sig->digest, sinfo->msgdigest,
+			   sinfo->msgdigest_len) != 0) {
+			pr_debug("Sig %u: Message digest doesn't match\n",
+				 sinfo->index);
+			ret = -EKEYREJECTED;
+			goto error;
+		}
+
+		/* We then calculate anew, using the authenticated attributes
+		 * as the contents of the digest instead.  Note that we need to
+		 * convert the attributes from a CONT.0 into a SET before we
+		 * hash it.
+		 */
+		memset(sig->digest, 0, sig->digest_size);
+
+		tag = 0x31;
+		regions[0].data = &tag;
+		regions[0].size = 1;
+		regions[1].data = sinfo->authattrs;
+		regions[1].size = sinfo->authattrs_len;
+
+		hash_calculate(sinfo->sig->hash_algo, regions, 2, sig->digest);
+
+		ret = 0;
+	}
+error:
+	return ret;
 }
-#else
+#else /* !__UBOOT__ */
 static int pkcs7_digest(struct pkcs7_message *pkcs7,
 			struct pkcs7_signed_info *sinfo)
 {