1/* Sign a module file using the given key. 2 * 3 * Copyright �� 2014-2016 Red Hat, Inc. All Rights Reserved. 4 * Copyright �� 2015 Intel Corporation. 5 * Copyright �� 2016 Hewlett Packard Enterprise Development LP 6 * 7 * Authors: David Howells <dhowells@redhat.com> 8 * David Woodhouse <dwmw2@infradead.org> 9 * Juerg Haefliger <juerg.haefliger@hpe.com> 10 * 11 * This program is free software; you can redistribute it and/or 12 * modify it under the terms of the GNU Lesser General Public License 13 * as published by the Free Software Foundation; either version 2.1 14 * of the licence, or (at your option) any later version. 15 */ 16#define _GNU_SOURCE 17#include <stdio.h> 18#include <stdlib.h> 19#include <stdint.h> 20#include <stdbool.h> 21#include <string.h> 22#include <getopt.h> 23#include <err.h> 24#include <arpa/inet.h> 25#include <openssl/opensslv.h> 26#include <openssl/bio.h> 27#include <openssl/evp.h> 28#include <openssl/pem.h> 29#include <openssl/err.h> 30#include <openssl/engine.h> 31 32/* 33 * OpenSSL 3.0 deprecates the OpenSSL's ENGINE API. 34 * 35 * Remove this if/when that API is no longer used 36 */ 37#pragma GCC diagnostic ignored "-Wdeprecated-declarations" 38 39/* 40 * Use CMS if we have openssl-1.0.0 or newer available - otherwise we have to 41 * assume that it's not available and its header file is missing and that we 42 * should use PKCS#7 instead. Switching to the older PKCS#7 format restricts 43 * the options we have on specifying the X.509 certificate we want. 44 * 45 * Further, older versions of OpenSSL don't support manually adding signers to 46 * the PKCS#7 message so have to accept that we get a certificate included in 47 * the signature message. Nor do such older versions of OpenSSL support 48 * signing with anything other than SHA1 - so we're stuck with that if such is 49 * the case. 50 */ 51#if defined(LIBRESSL_VERSION_NUMBER) || \ 52 OPENSSL_VERSION_NUMBER < 0x10000000L || \ 53 defined(OPENSSL_NO_CMS) 54#define USE_PKCS7 55#endif 56#ifndef USE_PKCS7 57#include <openssl/cms.h> 58#else 59#include <openssl/pkcs7.h> 60#endif 61 62struct module_signature { 63 uint8_t algo; /* Public-key crypto algorithm [0] */ 64 uint8_t hash; /* Digest algorithm [0] */ 65 uint8_t id_type; /* Key identifier type [PKEY_ID_PKCS7] */ 66 uint8_t signer_len; /* Length of signer's name [0] */ 67 uint8_t key_id_len; /* Length of key identifier [0] */ 68 uint8_t __pad[3]; 69 uint32_t sig_len; /* Length of signature data */ 70}; 71 72#define PKEY_ID_PKCS7 2 73 74static char magic_number[] = "~Module signature appended~\n"; 75 76static __attribute__((noreturn)) 77void format(void) 78{ 79 fprintf(stderr, 80 "Usage: scripts/sign-file [-dp] <hash algo> <key> <x509> <module> [<dest>]\n"); 81 fprintf(stderr, 82 " scripts/sign-file -s <raw sig> <hash algo> <x509> <module> [<dest>]\n"); 83 exit(2); 84} 85 86static void display_openssl_errors(int l) 87{ 88 const char *file; 89 char buf[120]; 90 int e, line; 91 92 if (ERR_peek_error() == 0) 93 return; 94 fprintf(stderr, "At main.c:%d:\n", l); 95 96 while ((e = ERR_get_error_line(&file, &line))) { 97 ERR_error_string(e, buf); 98 fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line); 99 } 100} 101 102static void drain_openssl_errors(void) 103{ 104 const char *file; 105 int line; 106 107 if (ERR_peek_error() == 0) 108 return; 109 while (ERR_get_error_line(&file, &line)) {} 110} 111 112#define ERR(cond, fmt, ...) \ 113 do { \ 114 bool __cond = (cond); \ 115 display_openssl_errors(__LINE__); \ 116 if (__cond) { \ 117 errx(1, fmt, ## __VA_ARGS__); \ 118 } \ 119 } while(0) 120 121static const char *key_pass; 122 123static int pem_pw_cb(char *buf, int len, int w, void *v) 124{ 125 int pwlen; 126 127 if (!key_pass) 128 return -1; 129 130 pwlen = strlen(key_pass); 131 if (pwlen >= len) 132 return -1; 133 134 strcpy(buf, key_pass); 135 136 /* If it's wrong, don't keep trying it. */ 137 key_pass = NULL; 138 139 return pwlen; 140} 141 142static EVP_PKEY *read_private_key(const char *private_key_name) 143{ 144 EVP_PKEY *private_key; 145 146 if (!strncmp(private_key_name, "pkcs11:", 7)) { 147 ENGINE *e; 148 149 ENGINE_load_builtin_engines(); 150 drain_openssl_errors(); 151 e = ENGINE_by_id("pkcs11"); 152 ERR(!e, "Load PKCS#11 ENGINE"); 153 if (ENGINE_init(e)) 154 drain_openssl_errors(); 155 else 156 ERR(1, "ENGINE_init"); 157 if (key_pass) 158 ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), 159 "Set PKCS#11 PIN"); 160 private_key = ENGINE_load_private_key(e, private_key_name, 161 NULL, NULL); 162 ERR(!private_key, "%s", private_key_name); 163 } else { 164 BIO *b; 165 166 b = BIO_new_file(private_key_name, "rb"); 167 ERR(!b, "%s", private_key_name); 168 private_key = PEM_read_bio_PrivateKey(b, NULL, pem_pw_cb, 169 NULL); 170 ERR(!private_key, "%s", private_key_name); 171 BIO_free(b); 172 } 173 174 return private_key; 175} 176 177static X509 *read_x509(const char *x509_name) 178{ 179 unsigned char buf[2]; 180 X509 *x509; 181 BIO *b; 182 int n; 183 184 b = BIO_new_file(x509_name, "rb"); 185 ERR(!b, "%s", x509_name); 186 187 /* Look at the first two bytes of the file to determine the encoding */ 188 n = BIO_read(b, buf, 2); 189 if (n != 2) { 190 if (BIO_should_retry(b)) { 191 fprintf(stderr, "%s: Read wanted retry\n", x509_name); 192 exit(1); 193 } 194 if (n >= 0) { 195 fprintf(stderr, "%s: Short read\n", x509_name); 196 exit(1); 197 } 198 ERR(1, "%s", x509_name); 199 } 200 201 ERR(BIO_reset(b) != 0, "%s", x509_name); 202 203 if (buf[0] == 0x30 && buf[1] >= 0x81 && buf[1] <= 0x84) 204 /* Assume raw DER encoded X.509 */ 205 x509 = d2i_X509_bio(b, NULL); 206 else 207 /* Assume PEM encoded X.509 */ 208 x509 = PEM_read_bio_X509(b, NULL, NULL, NULL); 209 210 BIO_free(b); 211 ERR(!x509, "%s", x509_name); 212 213 return x509; 214} 215 216int main(int argc, char **argv) 217{ 218 struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 }; 219 char *hash_algo = NULL; 220 char *private_key_name = NULL, *raw_sig_name = NULL; 221 char *x509_name, *module_name, *dest_name; 222 bool save_sig = false, replace_orig; 223 bool sign_only = false; 224 bool raw_sig = false; 225 unsigned char buf[4096]; 226 unsigned long module_size, sig_size; 227 unsigned int use_signed_attrs; 228 const EVP_MD *digest_algo; 229 EVP_PKEY *private_key; 230#ifndef USE_PKCS7 231 CMS_ContentInfo *cms = NULL; 232 unsigned int use_keyid = 0; 233#else 234 PKCS7 *pkcs7 = NULL; 235#endif 236 X509 *x509; 237 BIO *bd, *bm; 238 int opt, n; 239 OpenSSL_add_all_algorithms(); 240 ERR_load_crypto_strings(); 241 ERR_clear_error(); 242 243 key_pass = getenv("KBUILD_SIGN_PIN"); 244 245#ifndef USE_PKCS7 246 use_signed_attrs = CMS_NOATTR; 247#else 248 use_signed_attrs = PKCS7_NOATTR; 249#endif 250 251 do { 252 opt = getopt(argc, argv, "sdpk"); 253 switch (opt) { 254 case 's': raw_sig = true; break; 255 case 'p': save_sig = true; break; 256 case 'd': sign_only = true; save_sig = true; break; 257#ifndef USE_PKCS7 258 case 'k': use_keyid = CMS_USE_KEYID; break; 259#endif 260 case -1: break; 261 default: format(); 262 } 263 } while (opt != -1); 264 265 argc -= optind; 266 argv += optind; 267 if (argc < 4 || argc > 5) 268 format(); 269 270 if (raw_sig) { 271 raw_sig_name = argv[0]; 272 hash_algo = argv[1]; 273 } else { 274 hash_algo = argv[0]; 275 private_key_name = argv[1]; 276 } 277 x509_name = argv[2]; 278 module_name = argv[3]; 279 if (argc == 5 && strcmp(argv[3], argv[4]) != 0) { 280 dest_name = argv[4]; 281 replace_orig = false; 282 } else { 283 ERR(asprintf(&dest_name, "%s.~signed~", module_name) < 0, 284 "asprintf"); 285 replace_orig = true; 286 } 287 288#ifdef USE_PKCS7 289 if (strcmp(hash_algo, "sha1") != 0) { 290 fprintf(stderr, "sign-file: %s only supports SHA1 signing\n", 291 OPENSSL_VERSION_TEXT); 292 exit(3); 293 } 294#endif 295 296 /* Open the module file */ 297 bm = BIO_new_file(module_name, "rb"); 298 ERR(!bm, "%s", module_name); 299 300 if (!raw_sig) { 301 /* Read the private key and the X.509 cert the PKCS#7 message 302 * will point to. 303 */ 304 private_key = read_private_key(private_key_name); 305 x509 = read_x509(x509_name); 306 307 /* Digest the module data. */ 308 OpenSSL_add_all_digests(); 309 display_openssl_errors(__LINE__); 310 digest_algo = EVP_get_digestbyname(hash_algo); 311 ERR(!digest_algo, "EVP_get_digestbyname"); 312 313#ifndef USE_PKCS7 314 /* Load the signature message from the digest buffer. */ 315 cms = CMS_sign(NULL, NULL, NULL, NULL, 316 CMS_NOCERTS | CMS_PARTIAL | CMS_BINARY | 317 CMS_DETACHED | CMS_STREAM); 318 ERR(!cms, "CMS_sign"); 319 320 ERR(!CMS_add1_signer(cms, x509, private_key, digest_algo, 321 CMS_NOCERTS | CMS_BINARY | 322 CMS_NOSMIMECAP | use_keyid | 323 use_signed_attrs), 324 "CMS_add1_signer"); 325 ERR(CMS_final(cms, bm, NULL, CMS_NOCERTS | CMS_BINARY) != 1, 326 "CMS_final"); 327 328#else 329 pkcs7 = PKCS7_sign(x509, private_key, NULL, bm, 330 PKCS7_NOCERTS | PKCS7_BINARY | 331 PKCS7_DETACHED | use_signed_attrs); 332 ERR(!pkcs7, "PKCS7_sign"); 333#endif 334 335 if (save_sig) { 336 char *sig_file_name; 337 BIO *b; 338 339 ERR(asprintf(&sig_file_name, "%s.p7s", module_name) < 0, 340 "asprintf"); 341 b = BIO_new_file(sig_file_name, "wb"); 342 ERR(!b, "%s", sig_file_name); 343#ifndef USE_PKCS7 344 ERR(i2d_CMS_bio_stream(b, cms, NULL, 0) != 1, 345 "%s", sig_file_name); 346#else 347 ERR(i2d_PKCS7_bio(b, pkcs7) != 1, 348 "%s", sig_file_name); 349#endif 350 BIO_free(b); 351 } 352 353 if (sign_only) { 354 BIO_free(bm); 355 return 0; 356 } 357 } 358 359 /* Open the destination file now so that we can shovel the module data 360 * across as we read it. 361 */ 362 bd = BIO_new_file(dest_name, "wb"); 363 ERR(!bd, "%s", dest_name); 364 365 /* Append the marker and the PKCS#7 message to the destination file */ 366 ERR(BIO_reset(bm) < 0, "%s", module_name); 367 while ((n = BIO_read(bm, buf, sizeof(buf))), 368 n > 0) { 369 ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name); 370 } 371 BIO_free(bm); 372 ERR(n < 0, "%s", module_name); 373 module_size = BIO_number_written(bd); 374 375 if (!raw_sig) { 376#ifndef USE_PKCS7 377 ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) != 1, "%s", dest_name); 378#else 379 ERR(i2d_PKCS7_bio(bd, pkcs7) != 1, "%s", dest_name); 380#endif 381 } else { 382 BIO *b; 383 384 /* Read the raw signature file and write the data to the 385 * destination file 386 */ 387 b = BIO_new_file(raw_sig_name, "rb"); 388 ERR(!b, "%s", raw_sig_name); 389 while ((n = BIO_read(b, buf, sizeof(buf))), n > 0) 390 ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name); 391 BIO_free(b); 392 } 393 394 sig_size = BIO_number_written(bd) - module_size; 395 sig_info.sig_len = htonl(sig_size); 396 ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s", dest_name); 397 ERR(BIO_write(bd, magic_number, sizeof(magic_number) - 1) < 0, "%s", dest_name); 398 399 ERR(BIO_free(bd) != 1, "%s", dest_name); 400 401 /* Finally, if we're signing in place, replace the original. */ 402 if (replace_orig) 403 ERR(rename(dest_name, module_name) < 0, "%s", dest_name); 404 405 return 0; 406} 407