GitList

libclamav/crtmgr.c

5d49bd06	/*
e1cbc270	* Copyright (C) 2013-2019 Cisco Systems, Inc. and/or its affiliates. All rights reserved. * Copyright (C) 2011-2013 Sourcefire, Inc.
5d49bd06	* * Authors: aCaB * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, * MA 02110-1301, USA. */
8997495d	#if HAVE_CONFIG_H #include "clamav-config.h" #endif
60d8d2c3	#include "clamav.h"
8997495d	#include "others.h"
56b4f4b0	#include "crtmgr.h"
e5c6c1aa
46e06209	#define OID_1_2_840_113549_2_5 "\x2a\x86\x48\x86\xf7\x0d\x02\x05" #define OID_md5 OID_1_2_840_113549_2_5 #define OID_1_3_14_3_2_26 "\x2b\x0e\x03\x02\x1a" #define OID_sha1 OID_1_3_14_3_2_26 #define OID_2_16_840_1_101_3_4_2_1 "\x60\x86\x48\x01\x65\x03\x04\x02\x01" #define OID_sha256 OID_2_16_840_1_101_3_4_2_1
63ebd651	#define OID_2_16_840_1_101_3_4_2_2 "\x60\x86\x48\x01\x65\x03\x04\x02\x02" #define OID_sha384 OID_2_16_840_1_101_3_4_2_2
cc9381ae	#define OID_2_16_840_1_101_3_4_2_3 "\x60\x86\x48\x01\x65\x03\x04\x02\x03" #define OID_sha512 OID_2_16_840_1_101_3_4_2_3
288057e9	int cli_crt_init(cli_crt *x509) {
71da61a7	int ret;
952ea115	memset(x509, 0, sizeof(*x509));
288057e9	if ((ret = mp_init_multi(&x509->n, &x509->e, &x509->sig, NULL))) {
89f3be11	cli_errmsg("cli_crt_init: mp_init_multi failed with %d\n", ret); return 1;
71da61a7	}
e5c6c1aa	return 0; }
288057e9	void cli_crt_clear(cli_crt *x509) {
cd94be7a	UNUSEDPARAM(x509);
e5c6c1aa	mp_clear_multi(&x509->n, &x509->e, &x509->sig, NULL); }
39f735b8	/* Look for an existing certificate in the trust store m. This search allows * the not_before / not_after / certSign / codeSign / timeSign fields to be * more restrictive than the values associated with a cert in the trust store, * but not less. It's probably overkill to not do exact matching on those * fields... TODO Is there a case where this is needed * * There are two ways that things get added to the whitelist - through the CRB * rules, and through embedded signatures / catalog files that we parse. CRB
a133cd8e	* rules don't currently allow the issuer and hashtype to be specified, so the * code sets those to sentinel values (0xcacacaca repeating and * CLI_HASHTYPE_ANY respectively). There are two ways we'd like to use this * function: * * - To see whether x509 already exists in m (when adding new CRB sig certs
ab3fe575	* and when adding certs that are embedded in Authenticode signatures) to * prevent duplicate entries. In this case, we want to take x509's * hashtype and issuer field into account, so a CRB sig cert entry isn't * returned for an embedded cert duplicate check, and so that two embedded * certs with different hash types or issuers aren't treated as being the * same.
a133cd8e	* * - To see whether a CRB sig matches against x509, deeming it worthy to be
ab3fe575	* added to the trust store. In this case, we don't want to compare * hashtype and issuer, since the embedded sig will have the actual values * and the CRB sig cert will have placeholder values.
a133cd8e	* * Use crb_crts_only to distinguish between the two cases. If True, it will * ignore all crts not added from CRB rules and ignore x509's issuer and * hashtype fields / cli_crt crtmgr_whitelist_lookup(crtmgr m, cli_crt x509, int crb_crts_only)
288057e9	{
f05aa165	cli_crt *i;
288057e9	for (i = m->crts; i; i = i->next) {
a133cd8e	if (i->isBlacklisted) { continue; } if (crb_crts_only) { if (i->hashtype != CLI_HASHTYPE_ANY) { continue; } } else { /* Almost all of the rules in m will be CRB rules, so optimize for * the case where we are trying to determine whether an embedded * cert already exists in m (by checking the hashtype first). Do * the issuer check here too to simplify the code. */ if (x509->hashtype != i->hashtype \|\| memcmp(x509->issuer, i->issuer, sizeof(i->issuer))) { continue; } } if (x509->not_before >= i->not_before &&
288057e9	x509->not_after <= i->not_after && (i->certSign \| x509->certSign) == i->certSign && (i->codeSign \| x509->codeSign) == i->codeSign && (i->timeSign \| x509->timeSign) == i->timeSign && !memcmp(x509->subject, i->subject, sizeof(i->subject)) && !memcmp(x509->serial, i->serial, sizeof(i->serial)) && !mp_cmp(&x509->n, &i->n) && !mp_cmp(&x509->e, &i->e)) {
89f3be11	return i; }
8997495d	}
71da61a7	return NULL; }
288057e9	cli_crt crtmgr_blacklist_lookup(crtmgr m, cli_crt *x509) {
f05aa165	cli_crt *i;
39f735b8	for (i = m->crts; i; i = i->next) { // The CRB rules are based on subject, serial, and public key, // so do blacklist queries based on those fields
2c2e89e1
1d7f6b27	// TODO the rule format specifies CodeSign / TimeSign / CertSign // which we could also match on, but we just ignore those fields // for blacklist certs for now
39f735b8	// TODO Handle the case where these items aren't specified in a CRB
1d7f6b27	// rule entry - substitute in default values instead (or make the // crb parser not permit leaving these fields blank).
89f3be11
39f735b8	if (i->isBlacklisted && !memcmp(i->subject, x509->subject, sizeof(i->subject)) && !memcmp(i->serial, x509->serial, sizeof(i->serial)) &&
89f3be11	!mp_cmp(&x509->n, &i->n) && !mp_cmp(&x509->e, &i->e)) {
39f735b8	return i; } } return NULL; }
89f3be11
39f735b8	/* Determine whether x509 already exists in m. The fields compared depend on * whether x509 is a blacklist entry or a trusted certificate */
288057e9	cli_crt crtmgr_lookup(crtmgr m, cli_crt *x509) {
39f735b8	if (x509->isBlacklisted) { return crtmgr_blacklist_lookup(m, x509); } else {
a133cd8e	return crtmgr_whitelist_lookup(m, x509, 0);
39f735b8	} }
288057e9	int crtmgr_add(crtmgr m, cli_crt x509) {
39f735b8	cli_crt *i; int ret = 0; if (x509->isBlacklisted) { if (crtmgr_blacklist_lookup(m, x509)) { cli_dbgmsg("crtmgr_add: duplicate blacklist entry detected - not adding\n"); return 0; } } else {
a133cd8e	if (crtmgr_whitelist_lookup(m, x509, 0)) {
39f735b8	cli_dbgmsg("crtmgr_add: duplicate trusted certificate detected - not adding\n"); return 0;
89f3be11	}
f05aa165	}
7bcfb2f3
8997495d	i = cli_malloc(sizeof(*i));
288057e9	if (!i)
89f3be11	return 1;
8997495d
288057e9	if ((ret = mp_init_multi(&i->n, &i->e, &i->sig, NULL))) {
89f3be11	cli_warnmsg("crtmgr_add: failed to mp_init failed with %d\n", ret); free(i); return 1;
8997495d	}
288057e9	if ((ret = mp_copy(&x509->n, &i->n)) \|\| (ret = mp_copy(&x509->e, &i->e)) \|\| (ret = mp_copy(&x509->sig, &i->sig))) {
89f3be11	cli_warnmsg("crtmgr_add: failed to mp_init failed with %d\n", ret); cli_crt_clear(i); free(i); return 1;
8997495d	}
0f418a13	if ((x509->name))
89f3be11	i->name = strdup(x509->name);
0f418a13	else
89f3be11	i->name = NULL;
0f418a13
616c0259	memcpy(i->raw_subject, x509->raw_subject, sizeof(i->raw_subject)); memcpy(i->raw_issuer, x509->raw_issuer, sizeof(i->raw_issuer)); memcpy(i->raw_serial, x509->raw_serial, sizeof(i->raw_serial));
8997495d	memcpy(i->subject, x509->subject, sizeof(i->subject));
a8e79d93	memcpy(i->serial, x509->serial, sizeof(i->serial));
8997495d	memcpy(i->issuer, x509->issuer, sizeof(i->issuer));
7bcfb2f3	memcpy(i->tbshash, x509->tbshash, sizeof(i->tbshash));
288057e9	i->not_before = x509->not_before; i->not_after = x509->not_after; i->hashtype = x509->hashtype; i->certSign = x509->certSign; i->codeSign = x509->codeSign; i->timeSign = x509->timeSign;
278b2b28	i->isBlacklisted = x509->isBlacklisted;
288057e9	i->next = m->crts; i->prev = NULL; if (m->crts)
89f3be11	m->crts->prev = i;
8997495d	m->crts = i;
71da61a7
7bcfb2f3	m->items++;
8997495d	return 0; }
288057e9	void crtmgr_init(crtmgr *m) { m->crts = NULL;
7bcfb2f3	m->items = 0; }
288057e9	void crtmgr_del(crtmgr m, cli_crt x509) {
7bcfb2f3	cli_crt *i;
288057e9	for (i = m->crts; i; i = i->next) { if (i == x509) { if (i->prev)
89f3be11	i->prev->next = i->next; else m->crts = i->next;
288057e9	if (i->next)
89f3be11	i->next->prev = i->prev; cli_crt_clear(x509); if ((x509->name)) free(x509->name); free(x509); m->items--; return; }
7bcfb2f3	} }
71da61a7
288057e9	void crtmgr_free(crtmgr *m) { while (m->items)
89f3be11	crtmgr_del(m, m->crts);
6bc5d0cb	}
29fb5f5c
288057e9	static int crtmgr_rsa_verify(cli_crt x509, mp_int sig, cli_crt_hashtype hashtype, const uint8_t *refhash) {
29fb5f5c	int keylen = mp_unsigned_bin_size(&x509->n), siglen = mp_unsigned_bin_size(sig);
46e06209	int ret, j, objlen, hashlen;
71da61a7	uint8_t d[513]; mp_int x;
46e06209	if (hashtype == CLI_SHA1RSA) { hashlen = SHA1_HASH_SIZE; } else if (hashtype == CLI_MD5RSA) { hashlen = MD5_HASH_SIZE; } else if (hashtype == CLI_SHA256RSA) { hashlen = SHA256_HASH_SIZE;
63ebd651	} else if (hashtype == CLI_SHA384RSA) { hashlen = SHA384_HASH_SIZE;
cc9381ae	} else if (hashtype == CLI_SHA512RSA) { hashlen = SHA512_HASH_SIZE;
46e06209	} else {
63ebd651	cli_errmsg("crtmgr_rsa_verify: Unsupported hashtype: %d\n", hashtype);
46e06209	return 1; }
288057e9	if ((ret = mp_init(&x))) {
89f3be11	cli_errmsg("crtmgr_rsa_verify: mp_init failed with %d\n", ret); return 1;
71da61a7	}
29fb5f5c	do {
288057e9	if (MAX(keylen, siglen) - MIN(keylen, siglen) > 1) {
18aed36f	cli_dbgmsg("crtmgr_rsa_verify: keylen and siglen differ by more than one\n");
89f3be11	break;
18aed36f	}
288057e9	if ((ret = mp_exptmod(sig, &x509->e, &x509->n, &x))) {
89f3be11	cli_warnmsg("crtmgr_rsa_verify: verification failed: mp_exptmod failed with %d\n", ret); break; }
288057e9	if (mp_unsigned_bin_size(&x) != keylen - 1) {
18aed36f	cli_dbgmsg("crtmgr_rsa_verify: keylen-1 doesn't match expected size of exptmod result\n");
89f3be11	break;
18aed36f	}
288057e9	if (((unsigned int)mp_unsigned_bin_size(&x)) > sizeof(d)) {
18aed36f	cli_dbgmsg("crtmgr_rsa_verify: exptmod result would overrun working buffer\n");
63ebd651	break;
18aed36f	}
288057e9	if ((ret = mp_to_unsigned_bin(&x, d))) {
89f3be11	cli_warnmsg("crtmgr_rsa_verify: mp_unsigned_bin_size failed with %d\n", ret); break; }
288057e9	if (d != 1) { / block type 1 */
18aed36f	cli_dbgmsg("crtmgr_rsa_verify: expected block type 1 at d[0]\n");
89f3be11	break;
18aed36f	}
89f3be11	keylen -= 1; /* 0xff padding */
288057e9	for (j = 1; j < keylen - 2; j++) if (d[j] != 0xff)
89f3be11	break;
288057e9	if (j == keylen - 2) {
18aed36f	cli_dbgmsg("crtmgr_rsa_verify: only encountered 0xFF padding parsing cert\n");
89f3be11	break;
18aed36f	}
288057e9	if (d[j] != 0) { /* 0x00 separator */
18aed36f	cli_dbgmsg("crtmgr_rsa_verify: expected 0x00 separator\n");
89f3be11	break;
18aed36f	}
89f3be11	j++; keylen -= j; /* asn1 size */
288057e9	if (keylen < hashlen) {
18aed36f	cli_dbgmsg("crtmgr_rsa_verify: encountered keylen less than hashlen\n");
89f3be11	break;
18aed36f	}
288057e9	if (keylen > hashlen) {
89f3be11	/* hash is asn1 der encoded / / SEQ { SEQ { OID, NULL }, OCTET STRING */
288057e9	if (keylen < 2 \|\| d[j] != 0x30 \|\| d[j + 1] + 2 != keylen) {
18aed36f	cli_dbgmsg("crtmgr_rsa_verify: unexpected hash to be ASN1 DER encoded\n");
89f3be11	break;
18aed36f	}
89f3be11	keylen -= 2;
288057e9	j += 2;
89f3be11
288057e9	if (keylen < 2 \|\| d[j] != 0x30) {
18aed36f	cli_dbgmsg("crtmgr_rsa_verify: expected SEQUENCE at beginning of cert AlgorithmIdentifier\n");
89f3be11	break;
18aed36f	}
89f3be11
288057e9	objlen = d[j + 1];
89f3be11	keylen -= 2;
288057e9	j += 2; if (keylen < objlen) {
18aed36f	cli_dbgmsg("crtmgr_rsa_verify: key length mismatch in ASN1 DER hash encoding\n");
89f3be11	break;
18aed36f	}
288057e9	if (objlen == 9) {
46e06209	// Check for OID type indicating a length of 5, OID_sha1, and the NULL type/value
288057e9	if (hashtype != CLI_SHA1RSA \|\| memcmp(&d[j], "\x06\x05" OID_sha1 "\x05\x00", 9)) {
89f3be11	cli_errmsg("crtmgr_rsa_verify: FIXME ACAB - CRYPTO MISSING?\n"); break; }
288057e9	} else if (objlen == 12) {
46e06209	// Check for OID type indicating a length of 8, OID_md5, and the NULL type/value
288057e9	if (hashtype != CLI_MD5RSA \|\| memcmp(&d[j], "\x06\x08" OID_md5 "\x05\x00", 12)) {
89f3be11	cli_errmsg("crtmgr_rsa_verify: FIXME ACAB - CRYPTO MISSING?\n"); break; }
288057e9	} else if (objlen == 13) {
63ebd651	if (hashtype == CLI_SHA256RSA) { // Check for OID type indicating a length of 9, OID_sha256, and the NULL type/value if (0 != memcmp(&d[j], "\x06\x09" OID_sha256 "\x05\x00", 13)) { cli_dbgmsg("crtmgr_rsa_verify: invalid AlgorithmIdentifier block for SHA256 hash\n"); break; } } else if (hashtype == CLI_SHA384RSA) { // Check for OID type indicating a length of 9, OID_sha384, and the NULL type/value if (0 != memcmp(&d[j], "\x06\x09" OID_sha384 "\x05\x00", 13)) { cli_dbgmsg("crtmgr_rsa_verify: invalid AlgorithmIdentifier block for SHA384 hash\n"); break; }
cc9381ae	} else if (hashtype == CLI_SHA512RSA) { // Check for OID type indicating a length of 9, OID_sha512, and the NULL type/value if (0 != memcmp(&d[j], "\x06\x09" OID_sha512 "\x05\x00", 13)) { cli_dbgmsg("crtmgr_rsa_verify: invalid AlgorithmIdentifier block for SHA512 hash\n"); break; }
63ebd651	} else {
89f3be11	cli_errmsg("crtmgr_rsa_verify: FIXME ACAB - CRYPTO MISSING?\n"); break; } } else { cli_errmsg("crtmgr_rsa_verify: FIXME ACAB - CRYPTO MISSING?\n"); break; } keylen -= objlen; j += objlen;
288057e9	if (keylen < 2 \|\| d[j] != 0x04 \|\| d[j + 1] != hashlen) {
18aed36f	cli_dbgmsg("crtmgr_rsa_verify: hash length mismatch in ASN1 DER hash encoding\n");
89f3be11	break;
18aed36f	}
89f3be11	keylen -= 2;
288057e9	j += 2; if (keylen != hashlen) {
18aed36f	cli_dbgmsg("crtmgr_rsa_verify: extra data in the ASN1 DER hash encoding\n");
89f3be11	break;
18aed36f	}
89f3be11	}
288057e9	if (memcmp(&d[j], refhash, hashlen)) {
18aed36f	// This is a common error case if we are using crtmgr_rsa_verify to // determine whether we've found the right issuer certificate based // (as is done by crtmgr_verify_crt). If we are pretty sure that // x509 is the correct cert to use for verification, then this // case is more of a concern.
89f3be11	break;
18aed36f	}
89f3be11	mp_clear(&x); return 0;
29fb5f5c
288057e9	} while (0);
5e84efeb
29fb5f5c	mp_clear(&x); return 1; }
a133cd8e	/* For a given cli_crt, returns a pointer to the signer x509 certificate if
18aed36f	* one is found in the crtmgr and it's signature can be validated (NULL is * returned otherwise.) */
288057e9	cli_crt crtmgr_verify_crt(crtmgr m, cli_crt *x509) {
f5092717	cli_crt i = m->crts, best = NULL;
288057e9	int score = 0;
39f735b8	unsigned int possible = 0;
29fb5f5c
1d7f6b27	// Loop through each of the certificates in our trust store and see whether // x509 is signed with it. If it is, it's trusted
39f735b8	// TODO Technically we should loop through all of the blacklisted certs // first to see whether one of those is used to sign x509. This case // will get handled if the blacklisted certificate is embedded, since we // will call crtmgr_verify_crt on it and match against the blacklist entry // that way, but the cert doesn't HAVE to be embedded. This case seems
1d7f6b27	// unlikely enough to ignore, though. If we ever want to blacklist a // stolen CA cert or something, then we will need to revisit this.
39f735b8
288057e9	for (i = m->crts; i; i = i->next) { if (i->certSign && !i->isBlacklisted && !memcmp(i->subject, x509->issuer, sizeof(i->subject)) && !crtmgr_rsa_verify(i, &x509->sig, x509->hashtype, x509->tbshash)) {
89f3be11	int curscore;
288057e9	if ((x509->codeSign & i->codeSign) == x509->codeSign && (x509->timeSign & i->timeSign) == x509->timeSign)
89f3be11	return i;
39f735b8	possible++;
89f3be11	curscore = (x509->codeSign & i->codeSign) + (x509->timeSign & i->timeSign);
288057e9	if (curscore > score) { best = i;
89f3be11	score = curscore; } }
71da61a7	}
39f735b8	if (possible > 1) { // If this is ever triggered, it's probably an indication of an error // in the CRB being used. cli_warnmsg("crtmgr_verify_crt: choosing between codeSign cert and timeSign cert without enough info - errors may result\n"); }
f5092717	return best;
71da61a7	}
288057e9	cli_crt crtmgr_verify_pkcs7(crtmgr m, const uint8_t issuer, const uint8_t serial, const void signature, unsigned int signature_len, cli_crt_hashtype hashtype, const uint8_t refhash, cli_vrfy_type vrfytype) {
29fb5f5c	cli_crt *i; mp_int sig; int ret;
288057e9	if (signature_len < 1024 / 8 \|\| signature_len > 4096 / 8 + 1) {
89f3be11	cli_dbgmsg("crtmgr_verify_pkcs7: unsupported sig len: %u\n", signature_len); return NULL;
29fb5f5c	}
288057e9	if ((ret = mp_init(&sig))) {
18aed36f	cli_dbgmsg("crtmgr_verify_pkcs7: mp_init failed with %d\n", ret);
89f3be11	return NULL;
29fb5f5c	}
288057e9	if ((ret = mp_read_unsigned_bin(&sig, signature, signature_len))) {
18aed36f	cli_dbgmsg("crtmgr_verify_pkcs7: mp_read_unsigned_bin failed with %d\n", ret);
89f3be11	return NULL;
29fb5f5c	}
288057e9	for (i = m->crts; i; i = i->next) { if (vrfytype == VRFY_CODE && !i->codeSign)
89f3be11	continue;
288057e9	if (vrfytype == VRFY_TIME && !i->timeSign)
89f3be11	continue;
288057e9	if (!memcmp(i->issuer, issuer, sizeof(i->issuer)) && !memcmp(i->serial, serial, sizeof(i->serial))) { if (!crtmgr_rsa_verify(i, &sig, hashtype, refhash)) {
18aed36f	break; } cli_dbgmsg("crtmgr_verify_pkcs7: found cert with matching issuer and serial but RSA verification failed\n");
278b2b28	}
29fb5f5c	} mp_clear(&sig);
f5092717	return i;
29fb5f5c	}
71da61a7
a133cd8e	int crtmgr_add_roots(struct cl_engine engine, crtmgr m, int exclude_bl_crts)
288057e9	{
cd94be7a	cli_crt *crt;
56b4f4b0	/*
d12f1646	* Certs are cached in engine->cmgr. Copy from there.
56b4f4b0	*/
d12f1646	if (m != &(engine->cmgr)) {
288057e9	for (crt = engine->cmgr.crts; crt != NULL; crt = crt->next) {
a133cd8e	if (exclude_bl_crts && crt->isBlacklisted) { continue; }
288057e9	if (crtmgr_add(m, crt)) { crtmgr_free(m); return 1; } } return 0;
56b4f4b0	}
7bcfb2f3
d12f1646	return 0;
71da61a7	}