1 /*
2 * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 /*
8 * X509 parser based on mbed TLS
9 *
10 * This module implements functions to check the integrity of a X509v3
11 * certificate ASN.1 structure and extract authentication parameters from the
12 * extensions field, such as an image hash or a public key.
13 */
14
15 #include <assert.h>
16 #include <stddef.h>
17 #include <stdint.h>
18 #include <string.h>
19
20 /* mbed TLS headers */
21 #include <mbedtls/asn1.h>
22 #include <mbedtls/oid.h>
23 #include <mbedtls/platform.h>
24
25 #include <arch_helpers.h>
26 #include <drivers/auth/img_parser_mod.h>
27 #include <drivers/auth/mbedtls/mbedtls_common.h>
28 #include <lib/utils.h>
29
30 /* Maximum OID string length ("a.b.c.d.e.f ...") */
31 #define MAX_OID_STR_LEN 64
32
33 #define LIB_NAME "mbed TLS X509v3"
34
35 /* Temporary variables to speed up the authentication parameters search. These
36 * variables are assigned once during the integrity check and used any time an
37 * authentication parameter is requested, so we do not have to parse the image
38 * again */
39 static mbedtls_asn1_buf tbs;
40 static mbedtls_asn1_buf v3_ext;
41 static mbedtls_asn1_buf pk;
42 static mbedtls_asn1_buf sig_alg;
43 static mbedtls_asn1_buf signature;
44
45 /*
46 * Clear all static temporary variables.
47 */
clear_temp_vars(void)48 static void clear_temp_vars(void)
49 {
50 #define ZERO_AND_CLEAN(x) \
51 do { \
52 zeromem(&x, sizeof(x)); \
53 clean_dcache_range((uintptr_t)&x, sizeof(x)); \
54 } while (0);
55
56 ZERO_AND_CLEAN(tbs)
57 ZERO_AND_CLEAN(v3_ext);
58 ZERO_AND_CLEAN(pk);
59 ZERO_AND_CLEAN(sig_alg);
60 ZERO_AND_CLEAN(signature);
61
62 #undef ZERO_AND_CLEAN
63 }
64
65 /*
66 * Get X509v3 extension
67 *
68 * Global variable 'v3_ext' must point to the extensions region
69 * in the certificate. No need to check for errors since the image has passed
70 * the integrity check.
71 */
get_ext(const char * oid,void ** ext,unsigned int * ext_len)72 static int get_ext(const char *oid, void **ext, unsigned int *ext_len)
73 {
74 int oid_len;
75 size_t len;
76 unsigned char *end_ext_data, *end_ext_octet;
77 unsigned char *p;
78 const unsigned char *end;
79 char oid_str[MAX_OID_STR_LEN];
80 mbedtls_asn1_buf extn_oid;
81 int is_critical;
82
83 assert(oid != NULL);
84
85 p = v3_ext.p;
86 end = v3_ext.p + v3_ext.len;
87
88 mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
89 MBEDTLS_ASN1_SEQUENCE);
90
91 while (p < end) {
92 zeromem(&extn_oid, sizeof(extn_oid));
93 is_critical = 0; /* DEFAULT FALSE */
94
95 mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
96 MBEDTLS_ASN1_SEQUENCE);
97 end_ext_data = p + len;
98
99 /* Get extension ID */
100 extn_oid.tag = *p;
101 mbedtls_asn1_get_tag(&p, end, &extn_oid.len, MBEDTLS_ASN1_OID);
102 extn_oid.p = p;
103 p += extn_oid.len;
104
105 /* Get optional critical */
106 mbedtls_asn1_get_bool(&p, end_ext_data, &is_critical);
107
108 /* Extension data */
109 mbedtls_asn1_get_tag(&p, end_ext_data, &len,
110 MBEDTLS_ASN1_OCTET_STRING);
111 end_ext_octet = p + len;
112
113 /* Detect requested extension */
114 oid_len = mbedtls_oid_get_numeric_string(oid_str,
115 MAX_OID_STR_LEN,
116 &extn_oid);
117 if (oid_len == MBEDTLS_ERR_OID_BUF_TOO_SMALL) {
118 return IMG_PARSER_ERR;
119 }
120 if ((oid_len == strlen(oid_str)) && !strcmp(oid, oid_str)) {
121 *ext = (void *)p;
122 *ext_len = (unsigned int)len;
123 return IMG_PARSER_OK;
124 }
125
126 /* Next */
127 p = end_ext_octet;
128 }
129
130 return IMG_PARSER_ERR_NOT_FOUND;
131 }
132
133
134 /*
135 * Check the integrity of the certificate ASN.1 structure.
136 *
137 * Extract the relevant data that will be used later during authentication.
138 *
139 * This function doesn't clear the static variables located on the top of this
140 * file in case of an error. It is only called from check_integrity(), which
141 * performs the cleanup if necessary.
142 */
cert_parse(void * img,unsigned int img_len)143 static int cert_parse(void *img, unsigned int img_len)
144 {
145 int ret, is_critical;
146 size_t len;
147 unsigned char *p, *end, *crt_end;
148 mbedtls_asn1_buf sig_alg1, sig_alg2;
149
150 p = (unsigned char *)img;
151 len = img_len;
152 end = p + len;
153
154 /*
155 * Certificate ::= SEQUENCE {
156 * tbsCertificate TBSCertificate,
157 * signatureAlgorithm AlgorithmIdentifier,
158 * signatureValue BIT STRING }
159 */
160 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
161 MBEDTLS_ASN1_SEQUENCE);
162 if (ret != 0) {
163 return IMG_PARSER_ERR_FORMAT;
164 }
165
166 if (len > (size_t)(end - p)) {
167 return IMG_PARSER_ERR_FORMAT;
168 }
169 crt_end = p + len;
170
171 /*
172 * TBSCertificate ::= SEQUENCE {
173 */
174 tbs.p = p;
175 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
176 MBEDTLS_ASN1_SEQUENCE);
177 if (ret != 0) {
178 return IMG_PARSER_ERR_FORMAT;
179 }
180 end = p + len;
181 tbs.len = end - tbs.p;
182
183 /*
184 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
185 */
186 ret = mbedtls_asn1_get_tag(&p, end, &len,
187 MBEDTLS_ASN1_CONTEXT_SPECIFIC |
188 MBEDTLS_ASN1_CONSTRUCTED | 0);
189 if (ret != 0) {
190 return IMG_PARSER_ERR_FORMAT;
191 }
192 p += len;
193
194 /*
195 * CertificateSerialNumber ::= INTEGER
196 */
197 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER);
198 if (ret != 0) {
199 return IMG_PARSER_ERR_FORMAT;
200 }
201 p += len;
202
203 /*
204 * signature AlgorithmIdentifier
205 */
206 sig_alg1.p = p;
207 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
208 MBEDTLS_ASN1_SEQUENCE);
209 if (ret != 0) {
210 return IMG_PARSER_ERR_FORMAT;
211 }
212 if ((end - p) < 1) {
213 return IMG_PARSER_ERR_FORMAT;
214 }
215 sig_alg1.len = (p + len) - sig_alg1.p;
216 p += len;
217
218 /*
219 * issuer Name
220 */
221 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
222 MBEDTLS_ASN1_SEQUENCE);
223 if (ret != 0) {
224 return IMG_PARSER_ERR_FORMAT;
225 }
226 p += len;
227
228 /*
229 * Validity ::= SEQUENCE {
230 * notBefore Time,
231 * notAfter Time }
232 *
233 */
234 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
235 MBEDTLS_ASN1_SEQUENCE);
236 if (ret != 0) {
237 return IMG_PARSER_ERR_FORMAT;
238 }
239 p += len;
240
241 /*
242 * subject Name
243 */
244 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
245 MBEDTLS_ASN1_SEQUENCE);
246 if (ret != 0) {
247 return IMG_PARSER_ERR_FORMAT;
248 }
249 p += len;
250
251 /*
252 * SubjectPublicKeyInfo
253 */
254 pk.p = p;
255 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
256 MBEDTLS_ASN1_SEQUENCE);
257 if (ret != 0) {
258 return IMG_PARSER_ERR_FORMAT;
259 }
260 pk.len = (p + len) - pk.p;
261 p += len;
262
263 /*
264 * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
265 */
266 ret = mbedtls_asn1_get_tag(&p, end, &len,
267 MBEDTLS_ASN1_CONTEXT_SPECIFIC |
268 MBEDTLS_ASN1_CONSTRUCTED | 1);
269 if (ret != 0) {
270 if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
271 return IMG_PARSER_ERR_FORMAT;
272 }
273 } else {
274 p += len;
275 }
276
277 /*
278 * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
279 */
280 ret = mbedtls_asn1_get_tag(&p, end, &len,
281 MBEDTLS_ASN1_CONTEXT_SPECIFIC |
282 MBEDTLS_ASN1_CONSTRUCTED | 2);
283 if (ret != 0) {
284 if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
285 return IMG_PARSER_ERR_FORMAT;
286 }
287 } else {
288 p += len;
289 }
290
291 /*
292 * extensions [3] EXPLICIT Extensions OPTIONAL
293 */
294 ret = mbedtls_asn1_get_tag(&p, end, &len,
295 MBEDTLS_ASN1_CONTEXT_SPECIFIC |
296 MBEDTLS_ASN1_CONSTRUCTED | 3);
297 if (ret != 0) {
298 return IMG_PARSER_ERR_FORMAT;
299 }
300
301 /*
302 * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
303 */
304 v3_ext.p = p;
305 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
306 MBEDTLS_ASN1_SEQUENCE);
307 if (ret != 0) {
308 return IMG_PARSER_ERR_FORMAT;
309 }
310 v3_ext.len = (p + len) - v3_ext.p;
311
312 /*
313 * Check extensions integrity
314 */
315 while (p < end) {
316 ret = mbedtls_asn1_get_tag(&p, end, &len,
317 MBEDTLS_ASN1_CONSTRUCTED |
318 MBEDTLS_ASN1_SEQUENCE);
319 if (ret != 0) {
320 return IMG_PARSER_ERR_FORMAT;
321 }
322
323 /* Get extension ID */
324 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID);
325 if (ret != 0) {
326 return IMG_PARSER_ERR_FORMAT;
327 }
328 p += len;
329
330 /* Get optional critical */
331 ret = mbedtls_asn1_get_bool(&p, end, &is_critical);
332 if ((ret != 0) && (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) {
333 return IMG_PARSER_ERR_FORMAT;
334 }
335
336 /* Data should be octet string type */
337 ret = mbedtls_asn1_get_tag(&p, end, &len,
338 MBEDTLS_ASN1_OCTET_STRING);
339 if (ret != 0) {
340 return IMG_PARSER_ERR_FORMAT;
341 }
342 p += len;
343 }
344
345 if (p != end) {
346 return IMG_PARSER_ERR_FORMAT;
347 }
348
349 end = crt_end;
350
351 /*
352 * }
353 * -- end of TBSCertificate
354 *
355 * signatureAlgorithm AlgorithmIdentifier
356 */
357 sig_alg2.p = p;
358 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
359 MBEDTLS_ASN1_SEQUENCE);
360 if (ret != 0) {
361 return IMG_PARSER_ERR_FORMAT;
362 }
363 if ((end - p) < 1) {
364 return IMG_PARSER_ERR_FORMAT;
365 }
366 sig_alg2.len = (p + len) - sig_alg2.p;
367 p += len;
368
369 /* Compare both signature algorithms */
370 if (sig_alg1.len != sig_alg2.len) {
371 return IMG_PARSER_ERR_FORMAT;
372 }
373 if (0 != memcmp(sig_alg1.p, sig_alg2.p, sig_alg1.len)) {
374 return IMG_PARSER_ERR_FORMAT;
375 }
376 memcpy(&sig_alg, &sig_alg1, sizeof(sig_alg));
377
378 /*
379 * signatureValue BIT STRING
380 */
381 signature.p = p;
382 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_BIT_STRING);
383 if (ret != 0) {
384 return IMG_PARSER_ERR_FORMAT;
385 }
386 signature.len = (p + len) - signature.p;
387 p += len;
388
389 /* Check certificate length */
390 if (p != end) {
391 return IMG_PARSER_ERR_FORMAT;
392 }
393
394 return IMG_PARSER_OK;
395 }
396
397
398 /* Exported functions */
399
init(void)400 static void init(void)
401 {
402 mbedtls_init();
403 }
404
405 /*
406 * Wrapper for cert_parse() that clears the static variables used by it in case
407 * of an error.
408 */
check_integrity(void * img,unsigned int img_len)409 static int check_integrity(void *img, unsigned int img_len)
410 {
411 int rc = cert_parse(img, img_len);
412
413 if (rc != IMG_PARSER_OK)
414 clear_temp_vars();
415
416 return rc;
417 }
418
419 /*
420 * Extract an authentication parameter from an X509v3 certificate
421 *
422 * This function returns a pointer to the extracted data and its length.
423 * Depending on the type of parameter, a pointer to the data stored in the
424 * certificate may be returned (i.e. an octet string containing a hash). Other
425 * data may need to be copied and formatted (i.e. integers). In the later case,
426 * a buffer of the correct type needs to be statically allocated, filled and
427 * returned.
428 */
get_auth_param(const auth_param_type_desc_t * type_desc,void * img,unsigned int img_len,void ** param,unsigned int * param_len)429 static int get_auth_param(const auth_param_type_desc_t *type_desc,
430 void *img, unsigned int img_len,
431 void **param, unsigned int *param_len)
432 {
433 int rc = IMG_PARSER_OK;
434
435 /* We do not use img because the check_integrity function has already
436 * extracted the relevant data (v3_ext, pk, sig_alg, etc) */
437
438 switch (type_desc->type) {
439 case AUTH_PARAM_RAW_DATA:
440 /* Data to be signed */
441 *param = (void *)tbs.p;
442 *param_len = (unsigned int)tbs.len;
443 break;
444 case AUTH_PARAM_HASH:
445 case AUTH_PARAM_NV_CTR:
446 /* All these parameters are included as X509v3 extensions */
447 rc = get_ext(type_desc->cookie, param, param_len);
448 break;
449 case AUTH_PARAM_PUB_KEY:
450 if (type_desc->cookie != 0) {
451 /* Get public key from extension */
452 rc = get_ext(type_desc->cookie, param, param_len);
453 } else {
454 /* Get the subject public key */
455 *param = (void *)pk.p;
456 *param_len = (unsigned int)pk.len;
457 }
458 break;
459 case AUTH_PARAM_SIG_ALG:
460 /* Get the certificate signature algorithm */
461 *param = (void *)sig_alg.p;
462 *param_len = (unsigned int)sig_alg.len;
463 break;
464 case AUTH_PARAM_SIG:
465 /* Get the certificate signature */
466 *param = (void *)signature.p;
467 *param_len = (unsigned int)signature.len;
468 break;
469 default:
470 rc = IMG_PARSER_ERR_NOT_FOUND;
471 break;
472 }
473
474 return rc;
475 }
476
477 REGISTER_IMG_PARSER_LIB(IMG_CERT, LIB_NAME, init, \
478 check_integrity, get_auth_param);
479