@@ -415,6 +415,8 @@ choice
config SSL_IMPL_WOLFSSL
bool "wolfSSL (with OpenSSL compatibility layer)"
depends on HAVE_WOLFSSL
+ select CMS_IGNORE_CERTIFICATE_PURPOSE
+ select CMS_SKIP_UNKNOWN_SIGNERS
config SSL_IMPL_MBEDTLS
bool "mbedTLS"
@@ -451,7 +453,10 @@ choice
default SIGALG_RAWRSA
help
Select if the signature algorithm for signed images is a raw RSA signature
- (following PKCS#1.5) or if it uses Cryptographic Message Syntax (CMS).
+ (following PKCS#1.5) or if it uses Cryptographic Message Syntax (CMS) with
+ OpenSSL/LibreSSL or PKCS#7 with wolfSSL.
+ wolfSSL's PKCS#7 implementation can only deal with one signature and cannot
+ deal with X509 purposes.
config SIGALG_RAWRSA
bool "RSA PKCS#1.5"
@@ -460,12 +465,12 @@ choice
bool "RSA PSS"
config SIGALG_CMS
- bool "Cryptographic Message Syntax (CMS)"
- depends on SSL_IMPL_OPENSSL
+ bool "Cryptographic Message Syntax (CMS) / PKCS#7"
+ depends on SSL_IMPL_OPENSSL || SSL_IMPL_WOLFSSL
endchoice
-menu "CMS signature verification options"
+menu "CMS / PKCS#7 signature verification options"
depends on SIGALG_CMS
config CMS_IGNORE_EXPIRED_CERTIFICATE
@@ -17,9 +17,11 @@ lib-$(CONFIG_SIGALG_RAWRSA) += swupdate_rsa_verify.o
lib-$(CONFIG_SIGALG_RSAPSS) += swupdate_rsa_verify.o
endif
ifeq ($(CONFIG_SSL_IMPL_OPENSSL),y)
-# wolfSSL does not support CMS in the compatibility layer yet
lib-$(CONFIG_SIGALG_CMS) += swupdate_cms_verify.o
endif
+ifeq ($(CONFIG_SSL_IMPL_WOLFSSL),y)
+lib-$(CONFIG_SIGALG_CMS) += swupdate_pkcs7_verify.o
+endif
ifeq ($(CONFIG_SSL_IMPL_MBEDTLS),y)
lib-$(CONFIG_HASH_VERIFY) += verify_signature_mbedtls.o
ifeq ($(CONFIG_PKCS11),y)
@@ -22,6 +22,7 @@
#define VERIFY_UNKNOWN_SIGNER_FLAGS (0)
#endif
+#ifndef CONFIG_CMS_IGNORE_CERTIFICATE_PURPOSE
int check_code_sign(const X509_PURPOSE *xp, const X509 *crt, int ca)
{
X509 *x = (X509 *)crt;
@@ -47,6 +48,7 @@ int check_code_sign(const X509_PURPOSE *xp, const X509 *crt, int ca)
return (ex_flags & EXFLAG_XKUSAGE) && (ex_xkusage & XKU_CODE_SIGN);
}
+#endif
static int cms_verify_callback(int ok, X509_STORE_CTX *ctx) {
int cert_error = X509_STORE_CTX_get_error(ctx);
new file mode 100644
@@ -0,0 +1,173 @@
+/*
+ * (C) Copyright 2019
+ * Stefano Babic, DENX Software Engineering, sbabic@denx.de.
+ * (C) Copyright 2023
+ * Bastian Germann
+ *
+ * SPDX-License-Identifier: GPL-2.0-only
+ *
+ * Code mostly taken from openssl examples
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdbool.h>
+#include "swupdate.h"
+#include "sslapi.h"
+#include "util.h"
+#include "swupdate_verify_private.h"
+
+static int store_verify_callback(int ok, X509_STORE_CTX *ctx) {
+ int cert_error = X509_STORE_CTX_get_error(ctx);
+
+ if (!ok) {
+ switch (cert_error) {
+#if defined(CONFIG_CMS_IGNORE_EXPIRED_CERTIFICATE)
+ case X509_V_ERR_CERT_HAS_EXPIRED:
+ case X509_V_ERR_CERT_NOT_YET_VALID:
+ ok = 1;
+ break;
+#endif
+#if defined(CONFIG_CMS_IGNORE_CERTIFICATE_PURPOSE)
+ case X509_V_ERR_INVALID_PURPOSE:
+ ok = 1;
+ break;
+#endif
+ default:
+ break;
+ }
+ }
+
+ return ok;
+}
+
+X509_STORE *load_cert_chain(const char *file)
+{
+ X509_STORE *castore = X509_STORE_new();
+ if (!castore) {
+ return NULL;
+ }
+
+ /*
+ * Set error callback function for verification of CRTs and CRLs in order
+ * to ignore some errors depending on configuration
+ */
+ X509_STORE_set_verify_cb(castore, store_verify_callback);
+
+ BIO *castore_bio = BIO_new_file(file, "r");
+ if (!castore_bio) {
+ TRACE("failed: BIO_new_file(%s)", file);
+ return NULL;
+ }
+
+ int crt_count = 0;
+ X509 *crt = NULL;
+ do {
+ crt = PEM_read_bio_X509(castore_bio, NULL, 0, NULL);
+ if (crt) {
+ crt_count++;
+ char *subj = X509_NAME_oneline(X509_get_subject_name(crt), NULL, 0);
+ char *issuer = X509_NAME_oneline(X509_get_issuer_name(crt), NULL, 0);
+ TRACE("Read PEM #%d: %s %s", crt_count, issuer, subj);
+ free(subj);
+ free(issuer);
+ if (X509_STORE_add_cert(castore, crt) == 0) {
+ TRACE("Adding certificate to X509_STORE failed");
+ BIO_free(castore_bio);
+ X509_STORE_free(castore);
+ return NULL;
+ }
+ }
+ } while (crt);
+ BIO_free(castore_bio);
+
+ if (crt_count == 0) {
+ X509_STORE_free(castore);
+ return NULL;
+ }
+
+ return castore;
+}
+
+static int check_signer_name(const char *name)
+{
+ // TODO work around wolfSSL's PKCS7_get0_signers always returning NULL
+ if (name)
+ WARN("The X.509 common name might not be equal to %s.", name);
+ return 0;
+}
+
+int swupdate_verify_file(struct swupdate_digest *dgst, const char *sigfile,
+ const char *file, const char *signer_name)
+{
+ int status = -EFAULT;
+ WOLFSSL_PKCS7* pkcs7 = (WOLFSSL_PKCS7 *)PKCS7_new();
+ BIO *bio_mem = NULL;
+ BIO *content_bio = NULL;
+
+ /* Open detached signature that needs to be checked */
+ BIO *sigfile_bio = BIO_new_file(sigfile, "rb");
+ if (!sigfile_bio) {
+ ERROR("%s cannot be opened", sigfile);
+ status = -EBADF;
+ goto out;
+ }
+
+ pkcs7->len = wolfSSL_BIO_get_len(sigfile_bio);
+ pkcs7->data = calloc(1, pkcs7->len);
+ BIO_read(sigfile_bio, pkcs7->data, pkcs7->len);
+ if (!pkcs7->data) {
+ ERROR("%s cannot be parsed as DER-encoded PKCS#7 signature blob", sigfile);
+ status = -EFAULT;
+ goto out;
+ }
+
+ /* Open the content file (data which was signed) */
+ content_bio = BIO_new_file(file, "rb");
+ if (!content_bio) {
+ ERROR("%s cannot be opened", file);
+ status = -EBADF;
+ goto out;
+ }
+ long content_len = wolfSSL_BIO_get_len(content_bio);
+ char *content = calloc(1, content_len);
+ BIO_read(content_bio, content, content_len);
+ bio_mem = BIO_new_mem_buf(content, content_len);
+
+ /* Then try to verify signature. The BIO* in parameter has to be a mem BIO.
+ See https://github.com/wolfSSL/wolfssl/issues/6174. */
+ if (!PKCS7_verify((PKCS7 *)pkcs7, NULL, dgst->certs, bio_mem,
+ NULL, PKCS7_BINARY)) {
+ ERR_print_errors_fp(stderr);
+ ERROR("Signature verification failed");
+ status = -EBADMSG;
+ goto out;
+ }
+
+ if (check_signer_name(signer_name)) {
+ ERROR("failed to verify signer name");
+ status = -EFAULT;
+ goto out;
+ }
+
+ TRACE("Verified OK");
+
+ /* Signature is valid */
+ status = 0;
+out:
+
+ if (pkcs7) {
+ PKCS7_free((PKCS7 *)pkcs7);
+ }
+ if (bio_mem) {
+ BIO_free(bio_mem);
+ }
+ if (content_bio) {
+ BIO_free(content_bio);
+ }
+ if (sigfile_bio) {
+ BIO_free(sigfile_bio);
+ }
+ return status;
+}
@@ -16,7 +16,9 @@ EVP_PKEY *load_pubkey(const char *file);
#endif
#ifdef CONFIG_SIGALG_CMS
+#ifndef CONFIG_CMS_IGNORE_CERTIFICATE_PURPOSE
int check_code_sign(const X509_PURPOSE *xp, const X509 *crt, int ca);
+#endif
X509_STORE *load_cert_chain(const char *file);
#endif
@@ -153,6 +153,7 @@ int swupdate_dgst_init(struct swupdate_cfg *sw, const char *keyfile)
goto dgst_init_error;
}
+#ifndef CONFIG_CMS_IGNORE_CERTIFICATE_PURPOSE
{
static char code_sign_name[] = "Code signing";
static char code_sign_sname[] = "codesign";
@@ -171,6 +172,8 @@ int swupdate_dgst_init(struct swupdate_cfg *sw, const char *keyfile)
ret = -EINVAL;
goto dgst_init_error;
}
+#endif
+
#else
TRACE("public key / cert %s ignored, you need to set SIGALG", keyfile);
#endif
@@ -38,6 +38,7 @@
#include <openssl/hmac.h>
#include <openssl/aes.h>
#include <openssl/opensslv.h>
+#include <openssl/cms.h>
#elif defined(CONFIG_SSL_IMPL_WOLFSSL)
#include <wolfssl/options.h>
#include <wolfssl/openssl/bio.h>
@@ -50,12 +51,12 @@
#include <wolfssl/openssl/hmac.h>
#include <wolfssl/openssl/aes.h>
#include <wolfssl/openssl/opensslv.h>
+#include <wolfssl/openssl/pkcs7.h>
#endif
#if defined(CONFIG_SSL_IMPL_OPENSSL) || defined(CONFIG_SSL_IMPL_WOLFSSL)
#ifdef CONFIG_SIGALG_CMS
-#include <openssl/cms.h>
static inline uint32_t SSL_X509_get_extension_flags(X509 *x)
{
wolfSSL has a PKCS#7 implementation that has mostly the same features like CMS. Add signature verification based on the existing swupdate_cms_verify module. It can only deal with one signature and cannot deal with X509 purposes, which is why CMS_SKIP_UNKNOWN_SIGNERS and CMS_IGNORE_CERTIFICATE_PURPOSE are forcibly set with PKCS#7. Wire up the new module in the build system. Signed-off-by: Bastian Germann <bage@debian.org> --- Kconfig | 13 ++- corelib/Makefile | 4 +- corelib/swupdate_cms_verify.c | 2 + corelib/swupdate_pkcs7_verify.c | 173 ++++++++++++++++++++++++++++++ corelib/swupdate_verify_private.h | 2 + corelib/verify_signature.c | 3 + include/sslapi.h | 3 +- 7 files changed, 194 insertions(+), 6 deletions(-) create mode 100644 corelib/swupdate_pkcs7_verify.c