efi_siglist.c File Reference

EFI signature lists. More...

#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <ipxe/asn1.h>
#include <ipxe/der.h>
#include <ipxe/pem.h>
#include <ipxe/image.h>
#include <ipxe/efi/efi.h>
#include <ipxe/efi/Guid/ImageAuthentication.h>
#include <ipxe/efi/efi_siglist.h>

Go to the source code of this file.

Functions
	FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
	FILE_SECBOOT (PERMITTED)
static int	efisig_find (const void *data, size_t len, size_t *start, const EFI_SIGNATURE_LIST **lhdr, const EFI_SIGNATURE_DATA **dhdr)
	Find EFI signature list entry. More...
int	efisig_asn1 (const void *data, size_t len, size_t offset, struct asn1_cursor **cursor)
	Extract ASN.1 object from EFI signature list. More...
static int	efisig_image_probe (struct image *image)
	Probe EFI signature list image. More...
static int	efisig_image_asn1 (struct image *image, size_t offset, struct asn1_cursor **cursor)
	Extract ASN.1 object from EFI signature list image. More...
struct image_type efisig_image_type	__image_type (PROBE_NORMAL)
	EFI signature list image type. More...

Detailed Description

EFI signature lists.

Definition in file efi_siglist.c.

Function Documentation

FILE_LICENCE()

FILE_LICENCE

(

GPL2_OR_LATER_OR_UBDL

)

FILE_SECBOOT()

FILE_SECBOOT

(

PERMITTED

)

efisig_find()

static int efisig_find ( const void *  data, size_t  len, size_t *  start, const EFI_SIGNATURE_LIST **  lhdr, const EFI_SIGNATURE_DATA **  dhdr  )

static

Find EFI signature list entry.

Parameters

data	EFI signature list
len	Length of EFI signature list
start	Starting offset to update
lhdr	Signature list header to fill in
dhdr	Signature data header to fill in

Return values

rc	Return status code

Definition at line 54 of file efi_siglist.c.

                                                           {
        size_t offset;
        size_t remaining;
        size_t skip;
        size_t dlen;

        /* Scan through signature list */
        offset = 0;
        while ( 1 ) {

                /* Read list header */
                assert ( offset <= len );
                remaining = ( len - offset );
                if ( remaining < sizeof ( **lhdr ) ) {
                        DBGC ( data, "EFISIG [%#zx,%#zx) truncated header "
                               "at +%#zx\n", *start, len, offset );
                        return -EINVAL;
                }
                *lhdr = ( data + offset );

                /* Get length of this signature list */
                if ( remaining < (*lhdr)->SignatureListSize ) {
                        DBGC ( data, "EFISIG [%#zx,%#zx) truncated list at "
                               "+%#zx\n", *start, len, offset );
                        return -EINVAL;
                }
                remaining = (*lhdr)->SignatureListSize;

                /* Get length of each signature in list */
                dlen = (*lhdr)->SignatureSize;
                if ( dlen < sizeof ( **dhdr ) ) {
                        DBGC ( data, "EFISIG [%#zx,%#zx) underlength "
                               "signatures at +%#zx\n", *start, len, offset );
                        return -EINVAL;
                }

                /* Strip list header (including variable portion) */
                if ( ( remaining < sizeof ( **lhdr ) ) ||
                     ( ( remaining - sizeof ( **lhdr ) ) <
                       (*lhdr)->SignatureHeaderSize ) ) {
                        DBGC ( data, "EFISIG [%#zx,%#zx) malformed header at "
                               "+%#zx\n", *start, len, offset );
                        return -EINVAL;
                }
                skip = ( sizeof ( **lhdr ) + (*lhdr)->SignatureHeaderSize );
                offset += skip;
                remaining -= skip;

                /* Read signatures */
                for ( ; remaining ; offset += dlen, remaining -= dlen ) {

                        /* Check length */
                        if ( remaining < dlen ) {
                                DBGC ( data, "EFISIG [%#zx,%#zx) truncated "
                                       "at +%#zx\n", *start, len, offset );
                                return -EINVAL;
                        }

                        /* Continue until we find the requested signature */
                        if ( offset < *start )
                                continue;

                        /* Read data header */
                        *dhdr = ( data + offset );
                        DBGC2 ( data, "EFISIG [%#zx,%#zx) %s ",
                                offset, ( offset + dlen ),
                                efi_guid_ntoa ( &(*lhdr)->SignatureType ) );
                        DBGC2 ( data, "owner %s\n",
                                efi_guid_ntoa ( &(*dhdr)->SignatureOwner ) );
                        *start = offset;
                        return 0;
                }
        }
}

References assert(), data, DBGC, DBGC2, efi_guid_ntoa(), EINVAL, len, offset, and start.

Referenced by efisig_asn1(), and efisig_image_probe().

efisig_asn1()

int efisig_asn1	(	const void *	data,
		size_t	len,
		size_t	offset,
		struct asn1_cursor **	cursor
	)

Extract ASN.1 object from EFI signature list.

Parameters

data	EFI signature list
len	Length of EFI signature list
offset	Offset within image
cursor	ASN.1 cursor to fill in

Return values

next	Offset to next image, or negative error

The caller is responsible for eventually calling free() on the allocated ASN.1 cursor.

Definition at line 143 of file efi_siglist.c.

                                                {
        const EFI_SIGNATURE_LIST *lhdr;
        const EFI_SIGNATURE_DATA *dhdr;
        int ( * asn1 ) ( const void *data, size_t len, size_t offset,
                         struct asn1_cursor **cursor );
        size_t skip = offsetof ( typeof ( *dhdr ), SignatureData );
        int next;
        int rc;

        /* Locate signature list entry */
        if ( ( rc = efisig_find ( data, len, &offset, &lhdr, &dhdr ) ) != 0 )
                goto err_entry;
        len = ( offset + lhdr->SignatureSize );

        /* Parse as PEM or DER based on first character */
        asn1 = ( ( dhdr->SignatureData[0] == ASN1_SEQUENCE ) ?
                 der_asn1 : pem_asn1 );
        DBGC2 ( data, "EFISIG [%#zx,%#zx) extracting %s\n", offset, len,
                ( ( asn1 == der_asn1 ) ? "DER" : "PEM" ) );
        next = asn1 ( data, len, ( offset + skip ), cursor );
        if ( next < 0 ) {
                rc = next;
                DBGC ( data, "EFISIG [%#zx,%#zx) could not extract ASN.1: "
                       "%s\n", offset, len, strerror ( rc ) );
                goto err_asn1;
        }

        /* Check that whole entry was consumed */
        if ( ( ( unsigned int ) next ) != len ) {
                DBGC ( data, "EFISIG [%#zx,%#zx) malformed data\n",
                       offset, len );
                rc = -EINVAL;
                goto err_whole;
        }

        return len;

 err_whole:
        free ( *cursor );
 err_asn1:
 err_entry:
        return rc;
}

References image_type::asn1, ASN1_SEQUENCE, data, DBGC, DBGC2, der_asn1(), efisig_find(), EINVAL, free, len, next, offset, offsetof, pem_asn1(), rc, EFI_SIGNATURE_DATA::SignatureData, EFI_SIGNATURE_LIST::SignatureSize, strerror(), and typeof().

Referenced by efi_cacert(), and efisig_image_asn1().

efisig_image_probe()

static int efisig_image_probe ( struct image *  image )

static

Probe EFI signature list image.

Parameters

image

EFI signature list

Return values

rc	Return status code

Definition at line 194 of file efi_siglist.c.

                                                      {
        const EFI_SIGNATURE_LIST *lhdr;
        const EFI_SIGNATURE_DATA *dhdr;
        size_t offset = 0;
        unsigned int count = 0;
        int rc;

        /* Check file is a well-formed signature list */
        while ( 1 ) {

                /* Find next signature list entry */
                if ( ( rc = efisig_find ( image->data, image->len, &offset,
                                          &lhdr, &dhdr ) ) != 0 ) {
                        return rc;
                }

                /* Skip this entry */
                offset += lhdr->SignatureSize;
                count++;

                /* Check if we have reached end of the image */
                if ( offset == image->len ) {
                        DBGC ( image, "EFISIG %s contains %d signatures\n",
                               image->name, count );
                        return 0;
                }
        }
}

References count, image::data, DBGC, efisig_find(), image::len, image::name, offset, rc, and EFI_SIGNATURE_LIST::SignatureSize.

efisig_image_asn1()

static int efisig_image_asn1 ( struct image *  image, size_t  offset, struct asn1_cursor **  cursor  )

static

Extract ASN.1 object from EFI signature list image.

Parameters

image	EFI signature list
offset	Offset within image
cursor	ASN.1 cursor to fill in

Return values

next	Offset to next image, or negative error

The caller is responsible for eventually calling free() on the allocated ASN.1 cursor.

Definition at line 234 of file efi_siglist.c.

                                                             {
        int next;
        int rc;

        /* Extract ASN.1 object */
        if ( ( next = efisig_asn1 ( image->data, image->len, offset,
                                    cursor ) ) < 0 ) {
                rc = next;
                DBGC ( image, "EFISIG %s could not extract ASN.1: %s\n",
                       image->name, strerror ( rc ) );
                return rc;
        }

        return next;
}

References image::data, DBGC, efisig_asn1(), image::len, image::name, next, offset, rc, and strerror().

__image_type()

struct image_type efisig_image_type __image_type

(

PROBE_NORMAL

)

EFI signature list image type.