cdnutter
/
iBoot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
iBoot/lib/pki/chain-validation.c

663 lines
21 KiB
C
Raw Permalink Blame History

/*
* Copyright (C) 2007-2008 Apple Inc. All rights reserved.
*
* This document is the property of Apple Inc.
* It is considered confidential and proprietary.
*
* This document may not be reproduced or transmitted in any form,
* in whole or in part, without the express written permission of
* Apple Inc.
*/
#include <platform.h>
#include <libDER/DER_CertCrl.h>
#include <libDER/DER_Keys.h>
#include <libDER/DER_Digest.h>
#include <libDER/oids.h>
#include <libDER/asn1Types.h>
#ifndef WITH_HW_PKE
#include <libgRSA/libgRSA.h>
#include <libgRSA/libgRSA_DER.h>
#include <libgRSA/libgRSA_priv.h>
#include <libGiants/giantDebug.h>
#endif
#include <debug.h>
#if DEBUG_BUILD
#ifndef DEBUG_ASSERT_PRODUCTION_CODE
#define DEBUG_ASSERT_PRODUCTION_CODE 0
#endif
#endif
#include <AssertMacros.h>
#include <drivers/pke.h>
#include <drivers/sha1.h>
#include <lib/pki.h>
#if PKI_APPLE_ROOT_CA
#include <apple_ca.h>
#else
#include <fake_ca.h>
#endif
typedef struct {
DERItem subjectKeyID;
DERItem authorityKeyID;
DERItem appleSpecBlob;
DERItem appleSpecTicketBlob;
} DERExtensions;
static int extension_octet_string_value(DERExtension *extn, bool critical,
DERItem *value)
{
DERDecodedInfo extn_info;
#if 0
if (critical) {
/* this is more important to be enforced when issued */
bool critical;
require_noerr(DERParseBoolean(&extn->critical, false, &critical), out);
require(critical, out);
}
#endif
/* get value */
require_noerr(DERDecodeItem(&extn->extnValue, &extn_info), out);
require(extn_info.tag == ASN1_OCTET_STRING, out);
*value = extn_info.content;
return 0;
out:
return -1;
}
static int extension_sequence_item(DERExtension *extn, bool critical,
DERItem *value)
{
DERDecodedInfo extn_info;
#if 0
if (critical) {
/* this is more important to be enforced when issued */
bool critical;
require_noerr(DERParseBoolean(&extn->critical, false, &critical), out);
require(critical, out);
}
#endif
/* get the sequence */
require_noerr(DERDecodeItem(&extn->extnValue, &extn_info), out);
require(extn_info.tag == ASN1_CONSTR_SEQUENCE, out);
*value = extn->extnValue;
return 0;
out:
return -1;
}
/**
* Find extension with oidAppleSecureBootCertSpec oid and return octet string.
* It's not an error to not find it, but general parse errors are flagged.
*/
static int parse_extensions(DERTBSCert *tbsCert, DERExtensions *extensions)
{
DERSequence derSeq;
DERTag tag;
DERDecodedInfo currDecoded;
DERExtension extn;
bzero(extensions, sizeof(*extensions));
if (tbsCert->extensions.length) {
require_noerr(DERDecodeSeqInit(&tbsCert->extensions, &tag, &derSeq), out);
require(tag == ASN1_CONSTR_SEQUENCE, out);
while (DERDecodeSeqNext(&derSeq, &currDecoded) == DR_Success) {
require(currDecoded.tag == ASN1_CONSTR_SEQUENCE, out);
require_noerr(DERParseSequenceContent(&currDecoded.content,
DERNumExtensionItemSpecs, DERExtensionItemSpecs,
&extn, sizeof(extn)), out);
if (DEROidCompare(&oidAppleSecureBootTicketCertSpec, &extn.extnID)) {
require_noerr(extension_sequence_item(&extn, false,
&extensions->appleSpecTicketBlob), out);
dprintf(DEBUG_SPEW, "found apple spec (ticket) extension (%p, %u)\n",
extensions->appleSpecTicketBlob.data,
extensions->appleSpecTicketBlob.length);
}
else if (DEROidCompare(&oidAppleSecureBootCertSpec, &extn.extnID)) {
require_noerr(extension_octet_string_value(&extn, false,
&extensions->appleSpecBlob), out);
dprintf(DEBUG_SPEW, "found apple spec (image3) extension (%p, %d)\n",
extensions->appleSpecBlob.data,
extensions->appleSpecBlob.length);
}
#if PKI_CHECK_KEY_IDS
else if (DEROidCompare(&oidSubjectKeyIdentifier, &extn.extnID)) {
require_noerr(extension_octet_string_value(&extn, false,
&extensions->subjectKeyID), out);
dprintf(DEBUG_SPEW, "found subject key id extension (%p, %d)\n",
extensions->subjectKeyID.data,
extensions->subjectKeyID.length);
}
else if (DEROidCompare(&oidAuthorityKeyIdentifier, &extn.extnID)) {
DERAuthorityKeyIdentifier authority_key_id_seq;
require_noerr(DERParseSequence(&extn.extnValue,
DERNumAuthorityKeyIdentifierItemSpecs,
DERAuthorityKeyIdentifierItemSpecs,
&authority_key_id_seq,
sizeof(authority_key_id_seq)), out);
if (authority_key_id_seq.keyIdentifier.length) {
extensions->authorityKeyID =
authority_key_id_seq.keyIdentifier;
dprintf(DEBUG_SPEW, "found auth key id extension (%p, %d)\n",
extensions->authorityKeyID.data,
extensions->authorityKeyID.length);
}
}
#endif
}
}
return 0;
out:
return -1;
}
static inline int dercmp(const DERItem a, const DERItem b)
{
if (a.length != b.length)
return -1;
if (memcmp(a.data, b.data, a.length))
return -1;
return 0;
}
/* Take a byte string and reverse it: giants layout on little endian */
static int rsa_set_giant(uint8_t *destination, size_t *dest_len,
uint8_t *source, size_t length, bool should_trim)
{
size_t len = length;
uint8_t *end = source;
uint8_t *dst = destination;
if(should_trim) {
/* ASN.1 integers may start with a zero to avoid sign interpretation */
if( len && !(*end) ) {
end++;
len--;
}
}
/* If it won't fit or zero we won't continue */
if (!len || len > *dest_len) {
*dest_len = 0;
return -1;
}
/* Reverse bytes: bignums start with lsb, word size doesn't matter for
little endian */
uint8_t *src = source+length-1;
while (src >= end)
*dst++ = *src--;
*dest_len = len;
return 0;
}
#if WITH_HW_PKE
/* Verify signed encoded digest info with rsa pubKey against signature */
static int verify_pkcs1_sig(const DERItem *pubKey /* PKCS1 format */,
const DERItem *digest_info, const DERItem *sig)
{
DERItem keyItem = {(DERByte *)pubKey->data, pubKey->length};
DERRSAPubKeyPKCS1 decodedKey;
struct {
uint8_t pmod[256];
uint8_t base[256];
uint8_t expn[256];
uint8_t mods[256];
size_t pmod_length;
size_t base_length;
size_t expn_length;
size_t mods_length;
size_t key_length;
} request;
require_noerr(DERParseSequence(&keyItem,
DERNumRSAPubKeyPKCS1ItemSpecs, DERRSAPubKeyPKCS1ItemSpecs,
&decodedKey, sizeof(decodedKey)), out);
bzero(&request, sizeof(request));
request.pmod_length = sizeof(request.pmod);
request.base_length = sizeof(request.base);
request.expn_length = sizeof(request.expn);
request.mods_length = sizeof(request.mods);
//Modulus and expn can have a leading zero padded to indicate a positive num.
//So trim those zeros out.
require_noerr(rsa_set_giant(request.mods, &request.mods_length,
decodedKey.modulus.data, decodedKey.modulus.length, true), out);
require_noerr(rsa_set_giant(request.expn, &request.expn_length,
decodedKey.pubExponent.data, decodedKey.pubExponent.length, true), out);
require_noerr(rsa_set_giant(request.base, &request.base_length,
sig->data, sig->length, false), out);
request.key_length = request.mods_length * 8;
require(pke_do_exp(request.pmod, &request.pmod_length,
request.key_length,
request.base, request.base_length,
request.expn, request.expn_length,
request.mods, request.mods_length), out);
/* verify padding: 0x00, 0x01, 0xff**0xff, 0x00, {algid, hash}: */
/* minimal pad length; digest_info->length although passed in is fixed. */
require(request.pmod_length >= digest_info->length + 11, out);
uint8_t *ptr = request.pmod + request.pmod_length - 1;
uint8_t *end = request.pmod;
uint8_t result = 0;
/* start with 0 */
result |= *ptr-- ^ 0;
require(ptr>end, out);
/* block type 1 */
result |= *ptr-- ^ 1;
require(ptr>end, out);
/* all 0xff */
while (*ptr == 0xff) {
require(ptr>end, out);
ptr--;
}
/* terminated by 0 */
result |= *ptr-- ^ 0;
require(ptr>end, out);
/* digest_info->length bytes left */
require(end + digest_info->length - 1 == ptr, out);
uint8_t *hash = digest_info->data;
/* match SHA-1 hash */
while (ptr>=end) {
result |= *ptr-- ^ *hash++;
}
require(result == 0, out);
return 0;
out:
return -1;
}
#else /* !WITH_HW_PKE */
/*
* Verify a PKCS1 signature with an RSA key. Caller is responsible for
* EncodedDigestInfo formatting.
*/
static int verify_pkcs1_sig(
const DERItem *pubKey, /* PKCS1 format */
const DERItem *toVerify,
const DERItem *sig)
{
RSAPubGiantKey rsaPubKey;
RSAStatus rrtn;
GI_CHECK_SP("verifyPkcs1Sig");
/*
* Convert PKCS1 format key to native libgRSA key.
* Ideally we'd like to have the key in Apple Custom form,
* with the reciprocal, obtainable from cert,
* Someday maybe.
*/
GI_LOG_SP("calling RSA_DecodePubKey");
rrtn = RSA_DecodePubKey(pubKey->data, pubKey->length, &rsaPubKey);
require_noerr(rrtn, out);
GI_LOG_SP("calling RSA_SigVerify");
rrtn = RSA_SigVerify(&rsaPubKey, RP_PKCS1,
(const gi_uint8 *)toVerify->data, (gi_uint16)toVerify->length,
(const gi_uint8 *)sig->data, (gi_uint16)sig->length);
require_noerr(rrtn, out);
return 0;
out:
return -1;
}
#endif
/*
* Given data to sign or verify, take the SHA1 digest of it and encode the result in
* an EncodedDigestInfo. The result is DER_SHA1_DIGEST_INFO_LEN bytes, allocated by the
* caller.
*/
static int sha1DigestInfo(const DERItem *ptext, unsigned char *digestInfo)
/* DER_SHA1_DIGEST_INFO_LEN bytes RETURNED */
{
DERByte digest[DER_SHA1_DIGEST_LEN];
DERReturn resultLen = DER_SHA1_DIGEST_INFO_LEN;
/* take the SHA1 digest */
sha1_calculate(ptext->data, ptext->length, digest);
/* now roll it into an EncodedDigestInfo */
return DEREncodeSHA1DigestInfo(digest, DER_SHA1_DIGEST_LEN,
digestInfo, &resultLen);
}
/* decode an algorithm ID */
static int decodeAlgId(const DERItem *encodedAlgId, DERAlgorithmId *decodedAlgId)
{
return DERParseSequenceContent(encodedAlgId,
DERNumAlgorithmIdItemSpecs, DERAlgorithmIdItemSpecs,
decodedAlgId, sizeof(*decodedAlgId));
}
/*
* Obtain a PKCS1-format public key from a SubjectPubKeyInfo (tbs.subjectPubKey).
*/
static int decodePubKey(DERItem *pubKeyInfoContent, DERItem *pubKeyPkcs1)
{
DERSubjPubKeyInfo pubKeyInfo;
DERByte numUnused;
DERAlgorithmId algId;
/* sequence we're given: encoded DERSubjPubKeyInfo */
require_noerr(DERParseSequenceContent(pubKeyInfoContent,
DERNumSubjPubKeyInfoItemSpecs, DERSubjPubKeyInfoItemSpecs,
&pubKeyInfo, sizeof(pubKeyInfo)), out);
/* verify that this is an RSA key by decoding the AlgId */
require_noerr(decodeAlgId(&pubKeyInfo.algId, &algId), out);
require(DEROidCompare(&algId.oid, &oidRsa), out);
/*
* The contents of pubKeyInfo.pubKey is a bit string whose contents
* are a PKCS1 format RSA key.
*/
require_noerr(DERParseBitString(&pubKeyInfo.pubKey, pubKeyPkcs1, &numUnused), out);
return 0;
out:
return -1;
}
static int crack_chain(DERItem *certblob, DERItem chain[], DERShort chain_len)
{
DERItem der_iter = *certblob;
DERShort num = 0;
DERSize used;
DERDecodedInfo topDecode;
dprintf(DEBUG_SPEW, "PKI: break certificate chain into certs\n");
do {
require_noerr(DERDecodeItem(&der_iter, &topDecode), out);
used = topDecode.content.data + topDecode.content.length - der_iter.data;
require(used < (128 * 1024), out); //no single cert larger than 128k
require(der_iter.length >= used, out);
require(num < chain_len, out);
chain[num].length = used;
chain[num].data = der_iter.data;
num++;
der_iter.length -= used;
der_iter.data += used;
} while (der_iter.length > 0);
#if PKI_CHECK_ANCHOR_BY_SHA1
/* require 3 element long chain */
require(num == chain_len, out);
/* check SHA-1 of (whole) root certificate (Apple root CA) */
dprintf(DEBUG_SPEW, "PKI: check SHA-1 of root\n");
unsigned char sha1[DER_SHA1_DIGEST_LEN];
sha1_calculate(chain[0].data, chain[0].length, sha1);
require_noerr(memcmp(ROOT_CA_SHA1_HASH, sha1, DER_SHA1_DIGEST_LEN), out);
#else
/* make room for root CA */
if (num == chain_len - 1) {
DERShort index;
for (index = chain_len - 1; index > 0; index--)
chain[index] = chain[index - 1];
}
else
require(num == chain_len, out);
/* use embedded root ca; override if one was passed in */
dprintf(DEBUG_SPEW, "PKI: anchor chain to %s CA\n",
PKI_APPLE_ROOT_CA ? "Apple" : "fake");
chain[0].data = (u_int8_t*)&ROOT_CA_CERTIFICATE;
chain[0].length = sizeof(ROOT_CA_CERTIFICATE);
#endif /* PKI_CHECK_ANCHOR_BY_SHA1 */
return 0;
out:
return -1;
}
static int parse_chain(DERItem chain[], DERShort chain_len,
DERSignedCertCrl chainElements[], DERTBSCert tbsCerts[],
DERItem derPubKey[], DERExtensions extensions[])
{
DERShort num = 0;
/* top level decode */
for (num = 0; num < chain_len; num++) {
dprintf(DEBUG_SPEW, "PKI: parse cert %d of %d\n", num + 1, chain_len);
require_noerr(DERParseSequence(&chain[num],
DERNumSignedCertCrlItemSpecs, DERSignedCertCrlItemSpecs,
&chainElements[num], sizeof(*chainElements)), out);
require_noerr(DERParseSequence(&chainElements[num].tbs,
DERNumTBSCertItemSpecs, DERTBSCertItemSpecs,
&tbsCerts[num], sizeof(*tbsCerts)), out);
require_noerr(decodePubKey(&tbsCerts[num].subjectPubKey, &derPubKey[num]), out);
require_noerr(parse_extensions(&tbsCerts[num], &extensions[num]), out);
}
return 0;
out:
return -1;
}
static int verify_chain_signatures(
DERItem *issuerPubKey,
DERSignedCertCrl *signedCert)
{
DERAlgorithmId algId;
unsigned char digestInfo[DER_SHA1_DIGEST_INFO_LEN];
DERByte numUnused;
DERItem toVerify = { digestInfo, DER_SHA1_DIGEST_INFO_LEN };
DERItem sigBytes;
/* figure out which digest to use from the sig algId */
require_noerr(decodeAlgId(&signedCert->sigAlg, &algId), out);
/* get the encodedDigestInfo from the digest of the subject's TBSCert */
require(DEROidCompare(&algId.oid, &oidSha1Rsa), out);
/* generate digest info from plaintext */
require_noerr(sha1DigestInfo(&signedCert->tbs, digestInfo), out);
/* get contents of sig, a bit string, as raw bytes */
require_noerr(DERParseBitString(&signedCert->sig, &sigBytes, &numUnused), out);
require_noerr(verify_pkcs1_sig(issuerPubKey, &toVerify, &sigBytes), out);
return 0;
out:
return -1;
}
/* find first value for oid */
static int find_content_by_oid(const DERItem *rdnSetContent,
const DERItem *oid, DERItem *content)
{
DERReturn drtn;
DERSequence rdn;
DERDecodedInfo atvContent;
DERAttributeTypeAndValue atv;
require_noerr(DERDecodeSeqContentInit(rdnSetContent, &rdn), out);
while ((drtn = DERDecodeSeqNext(&rdn, &atvContent)) == DR_Success) {
require(atvContent.tag == ASN1_CONSTR_SEQUENCE, out);
require_noerr(DERParseSequenceContent(&atvContent.content,
DERNumAttributeTypeAndValueItemSpecs,
DERAttributeTypeAndValueItemSpecs,
&atv, sizeof(atv)), out);
if (DEROidCompare(oid, &atv.type)) {
*content = atv.value;
return 0;
}
}
return drtn;
out:
return -1;
}
static int parse_common_name(const DERItem *subject, const DERItem *oid, DERItem *content)
{
DERSequence derSeq;
DERDecodedInfo currDecoded;
require_noerr(DERDecodeSeqContentInit(subject, &derSeq), out);
while (DERDecodeSeqNext(&derSeq, &currDecoded) == DR_Success) {
require(currDecoded.tag == ASN1_CONSTR_SET, out);
/* only if we reached the end of a sequence do we keep looking */
int status = find_content_by_oid(&currDecoded.content, oid, content);
if (status != DR_EndOfSequence)
return status;
}
out:
return -1;
}
static int verify_signature_with_hash(DERItem *public_key_pkcs1_rsa,
unsigned char *sig_blob, unsigned sig_blob_len,
unsigned char *hash_blob, unsigned hash_blob_len)
{
unsigned char digest_data[DER_SHA1_DIGEST_INFO_LEN];
DERItem signature = { sig_blob, sig_blob_len };
DERItem digest_info = { digest_data, sizeof(digest_data) };
/* generate digest info blob from hash */
require(hash_blob_len == DER_SHA1_DIGEST_LEN, out);
require_noerr(DEREncodeSHA1DigestInfo(hash_blob, hash_blob_len,
digest_info.data, &digest_info.length), out);
/* verify signature */
return verify_pkcs1_sig(public_key_pkcs1_rsa, &digest_info, &signature);
out:
return -1;
}
int verify_signature_with_chain(void *chain_blob, size_t chain_blob_length,
void *sig_blob, size_t sig_blob_len,
void *hash_blob, size_t hash_blob_len,
void **img3_spec_blob, size_t *img3_spec_blob_len,
void **ticket_spec_blob, size_t *ticket_spec_blob_len)
{
DERShort index;
const uint8_t chain_len = 3;
DERItem chain = { chain_blob, chain_blob_length };
DERItem certs[chain_len];
DERSignedCertCrl signedCert[chain_len];
DERTBSCert tbsCert[chain_len];
DERItem pubKeyPkcs1[chain_len];
DERExtensions extensions[chain_len];
require_noerr(crack_chain(&chain, certs, chain_len), out);
require_noerr(parse_chain(certs, chain_len, signedCert, tbsCert,
pubKeyPkcs1, extensions), out);
/* check linkage */
index = 1;
while (index < chain_len) {
dprintf(DEBUG_SPEW, "PKI: verify cert %d was issued by %d\n", index, index-1);
require_noerr(dercmp(tbsCert[index-1].subject,
tbsCert[index].issuer), out);
#if PKI_CHECK_KEY_IDS
require_noerr(dercmp(extensions[index-1].subjectKeyID,
extensions[index].authorityKeyID), out);
#endif
require_noerr(verify_chain_signatures(&pubKeyPkcs1[index-1], &signedCert[index]), out);
index++;
}
/* check common name intermediary cert to restrict to secure boot sub CA */
DERItem commonName = { NULL, 0 };
require_noerr(parse_common_name(&tbsCert[1].subject, &oidCommonName, &commonName), out);
// first character (0x13) - ASN1_PRINTABLE_STRING
// second character (0x29) - Length (copied over a cert)
static const DERByte sboot_common_name[] = "\x13\x29""Apple Secure Boot Certification Authority";
static const DERItem sboot_item = {
.data = (DERByte *)sboot_common_name,
.length = 0x2b
};
dprintf(DEBUG_SPEW, "PKI: check intermediate cert for common name '%s'\n", sboot_common_name);
require(DEROidCompare(&sboot_item, &commonName), out);
dprintf(DEBUG_SPEW, "PKI: check payload hash with signature\n");
require_noerr(verify_signature_with_hash(&pubKeyPkcs1[chain_len-1],
sig_blob, sig_blob_len, hash_blob, hash_blob_len), out);
/* return pointer to leaf blob in cert chain if it exists */
if (extensions[chain_len-1].appleSpecTicketBlob.data &&
extensions[chain_len-1].appleSpecTicketBlob.length) {
if (ticket_spec_blob != NULL && ticket_spec_blob_len != NULL) {
*ticket_spec_blob = extensions[chain_len-1].appleSpecTicketBlob.data;
*ticket_spec_blob_len = extensions[chain_len-1].appleSpecTicketBlob.length;
dprintf(DEBUG_SPEW, "PKI: parse apple spec id extension (ticket) in leaf: (%p, %zu)\n", *ticket_spec_blob, *ticket_spec_blob_len);
}
}
else if (extensions[chain_len-1].appleSpecBlob.data &&
extensions[chain_len-1].appleSpecBlob.length) {
if (img3_spec_blob != NULL && img3_spec_blob_len != NULL) {
*img3_spec_blob = extensions[chain_len-1].appleSpecBlob.data;
*img3_spec_blob_len = extensions[chain_len-1].appleSpecBlob.length;
dprintf(DEBUG_SPEW, "PKI: parse apple spec id extension (image3) in leaf: (%p, %zu)\n", *img3_spec_blob, *img3_spec_blob_len);
}
}
#if NO_DEFAULT_PLATFORM_PROVIDE_SPEC_BLOB
else /* ask the platform to provide a leaf blob */
{
DERTBSCert *leaf = &tbsCert[chain_len-1];
DERItem leafCommonName = { NULL, 0 };
require_noerr(parse_common_name(&leaf->subject, &oidCommonName, &leafCommonName), out);
require(platform_provide_spec_blob(leafCommonName.data, leafCommonName.length,
leaf->serialNum.data, leaf->serialNum.length,
img3_spec_blob, img3_spec_blob_len), out);
}
#endif // NO_DEFAULT_PLATFORM_PROVIDE_SPEC_BLOB
return 0;
out:
return -1;
}
Reference in New Issue View Git Blame Copy Permalink