rootcert_8c_source.html

/*

 * Copyright (C) 2007 Michael Brown <mbrown@fensystems.co.uk>.

 *

 * This program is free software; you can redistribute it and/or

 * modify it under the terms of the GNU General Public License as

 * published by the Free Software Foundation; either version 2 of the

 * License, or any later version.

 *

 * This program is distributed in the hope that it will be useful, but

 * WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

 * General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with this program; if not, write to the Free Software

 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA

 * 02110-1301, USA.

 *

 * You can also choose to distribute this program under the terms of

 * the Unmodified Binary Distribution Licence (as given in the file

 * COPYING.UBDL), provided that you have satisfied its requirements.

 */


FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );

FILE_SECBOOT ( PERMITTED );


#include <stdlib.h>

#include <ipxe/crypto.h>

#include <ipxe/sha256.h>

#include <ipxe/x509.h>

#include <ipxe/settings.h>

#include <ipxe/dhcp.h>

#include <ipxe/init.h>

#include <ipxe/rootcert.h>


/** @file

 *

 * Root certificate store

 *

 */


/** Length of a root certificate fingerprint */

#define FINGERPRINT_LEN SHA256_DIGEST_SIZE


/* Allow trusted certificates to be overridden if not explicitly specified */

#ifndef ALLOW_TRUST_OVERRIDE

 #ifdef TRUSTED

  #define ALLOW_TRUST_OVERRIDE 0

 #else

  #define ALLOW_TRUST_OVERRIDE 1

 #endif

#endif


/* Use iPXE root CA if no trusted certificates are explicitly specified */

#ifndef TRUSTED


#define TRUSTED                                                         \

        /* iPXE root CA */                                              \

        0x9f, 0xaf, 0x71, 0x7b, 0x7f, 0x8c, 0xa2, 0xf9, 0x3c, 0x25,     \

        0x6c, 0x79, 0xf8, 0xac, 0x55, 0x91, 0x89, 0x5d, 0x66, 0xd1,     \

        0xff, 0x3b, 0xee, 0x63, 0x97, 0xa7, 0x0d, 0x29, 0xc6, 0x5e,     \

        0xed, 0x1a,


#endif


/** Flag indicating if root of trust may be overridden at runtime */

const int allow_trust_override = ALLOW_TRUST_OVERRIDE;


/** Root certificate fingerprints */

static const uint8_t fingerprints[] = { TRUSTED };


/** Root certificate fingerprint setting */


static struct setting trust_setting __setting ( SETTING_CRYPTO, trust ) = {

        .name = "trust",

        .description = "Trusted root certificate fingerprints",

        .tag = DHCP_EB_TRUST,

        .type = &setting_type_hex,

};


/** Root certificates */


struct x509_root root_certificates = {

        .refcnt = REF_INIT ( ref_no_free ),

        .digest = &sha256_algorithm,

        .count = ( sizeof ( fingerprints ) / FINGERPRINT_LEN ),

        .fingerprints = fingerprints,

};


/**

 * Initialise root certificate

 *

 * The list of trusted root certificates can be specified at build

 * time using the TRUST= build parameter.  If no certificates are

 * specified, then the default iPXE root CA certificate is trusted.

 *

 * If no certificates were explicitly specified, then we allow the

 * list of trusted root certificate fingerprints to be overridden

 * using the "trust" setting, but only at the point of iPXE

 * initialisation.  This prevents untrusted sources of settings

 * (e.g. DHCP) from subverting the chain of trust, while allowing

 * trustworthy sources (e.g. VMware GuestInfo or non-volatile stored

 * options) to specify the trusted root certificate without requiring

 * a rebuild.

 */


static void rootcert_init ( void ) {

        static int initialised;

        void *external = NULL;

        int len;


        /* Allow trusted root certificates to be overridden only if

         * not explicitly specified at build time.

         */

        if ( ALLOW_TRUST_OVERRIDE && ( ! initialised ) ) {


                /* Fetch copy of "trust" setting, if it exists.  This

                 * memory will never be freed.

                 */

                if ( ( len = fetch_raw_setting_copy ( NULL, &trust_setting,

                                                      &external ) ) >= 0 ) {

                        root_certificates.fingerprints = external;

                        root_certificates.count = ( len / FINGERPRINT_LEN );

                }


                /* Prevent subsequent modifications */

                initialised = 1;

        }


        DBGC ( &root_certificates, "ROOTCERT using %d %s certificate(s):\n",

               root_certificates.count, ( external ? "external" : "built-in" ));

        DBGC_HDA ( &root_certificates, 0, root_certificates.fingerprints,

                   ( root_certificates.count * FINGERPRINT_LEN ) );

}


/** Root certificate initialiser */


struct startup_fn rootcert_startup_fn __startup_fn ( STARTUP_LATE ) = {

        .name = "rootcert",

        .startup = rootcert_init,

};


NULL
#define NULL
NULL pointer (VOID *)
Definition Base.h:322

uint8_t
unsigned char uint8_t
Definition stdint.h:10

len
ring len
Length.
Definition dwmac.h:226

DBGC
#define DBGC(...)
Definition compiler.h:505

DBGC_HDA
#define DBGC_HDA(...)
Definition compiler.h:506

DHCP_EB_TRUST
#define DHCP_EB_TRUST
Trusted root certficate fingerprints.
Definition dhcp.h:417

FILE_LICENCE
#define FILE_LICENCE(_licence)
Declare a particular licence as applying to a file.
Definition compiler.h:896

FILE_SECBOOT
#define FILE_SECBOOT(_status)
Declare a file's UEFI Secure Boot permission status.
Definition compiler.h:926

SETTING_CRYPTO
#define SETTING_CRYPTO
Cryptography settings.
Definition settings.h:80

STARTUP_LATE
#define STARTUP_LATE
Late startup.
Definition init.h:66

crypto.h
Cryptographic API.

dhcp.h
Dynamic Host Configuration Protocol.

settings.h
Configuration settings.

__setting
#define __setting(setting_order, name)
Declare a configuration setting.
Definition settings.h:57

init.h

__startup_fn
#define __startup_fn(startup_order)
Declare a startup/shutdown function.
Definition init.h:53

ref_no_free
void ref_no_free(struct refcnt *refcnt __unused)
Do not free reference-counted object.
Definition refcnt.c:102

REF_INIT
#define REF_INIT(free_fn)
Initialise a static reference counter.
Definition refcnt.h:78

fingerprints
static const uint8_t fingerprints[]
Root certificate fingerprints.
Definition rootcert.c:68

TRUSTED
#define TRUSTED
Definition rootcert.c:56

allow_trust_override
const int allow_trust_override
Flag indicating if root of trust may be overridden at runtime.
Definition rootcert.c:65

ALLOW_TRUST_OVERRIDE
#define ALLOW_TRUST_OVERRIDE
Definition rootcert.c:50

FINGERPRINT_LEN
#define FINGERPRINT_LEN
Length of a root certificate fingerprint.
Definition rootcert.c:43

root_certificates
struct x509_root root_certificates
Root certificates.
Definition rootcert.c:79

rootcert_init
static void rootcert_init(void)
Initialise root certificate.
Definition rootcert.c:102

rootcert.h
Root certificate store.

fetch_raw_setting_copy
int fetch_raw_setting_copy(struct settings *settings, const struct setting *setting, void **data)
Fetch value of setting.
Definition settings.c:822

sha256_algorithm
struct digest_algorithm sha256_algorithm
SHA-256 algorithm.
Definition sha256.c:265

sha256.h
SHA-256 algorithm.

stdlib.h

setting
A setting.
Definition settings.h:24

startup_fn
A startup/shutdown function.
Definition init.h:43

x509_root
An X.509 root certificate list.
Definition x509.h:375

x509.h
X.509 certificates.