1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Copyright (c) 2018 Patrick Wildt <patrick@blueri.se>
4 * Copyright (c) 2019 Linaro Limited, Author: AKASHI Takahiro
5 */
6
7 #include <common.h>
8 #include <charset.h>
9 #include <efi_loader.h>
10 #include <image.h>
11 #include <hexdump.h>
12 #include <malloc.h>
13 #include <crypto/pkcs7.h>
14 #include <crypto/pkcs7_parser.h>
15 #include <crypto/public_key.h>
16 #include <linux/compat.h>
17 #include <linux/oid_registry.h>
18 #include <u-boot/rsa.h>
19 #include <u-boot/sha256.h>
20
21 const efi_guid_t efi_guid_image_security_database =
22 EFI_IMAGE_SECURITY_DATABASE_GUID;
23 const efi_guid_t efi_guid_sha256 = EFI_CERT_SHA256_GUID;
24 const efi_guid_t efi_guid_cert_rsa2048 = EFI_CERT_RSA2048_GUID;
25 const efi_guid_t efi_guid_cert_x509 = EFI_CERT_X509_GUID;
26 const efi_guid_t efi_guid_cert_x509_sha256 = EFI_CERT_X509_SHA256_GUID;
27 const efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
28
29 #if defined(CONFIG_EFI_SECURE_BOOT) || defined(CONFIG_EFI_CAPSULE_AUTHENTICATE)
30 static u8 pkcs7_hdr[] = {
31 /* SEQUENCE */
32 0x30, 0x82, 0x05, 0xc7,
33 /* OID: pkcs7-signedData */
34 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02,
35 /* Context Structured? */
36 0xa0, 0x82, 0x05, 0xb8,
37 };
38
39 /**
40 * efi_parse_pkcs7_header - parse a signature in payload
41 * @buf: Pointer to payload's value
42 * @buflen: Length of @buf
43 * @tmpbuf: Pointer to temporary buffer
44 *
45 * Parse a signature embedded in payload's value and instantiate
46 * a pkcs7_message structure. Since pkcs7_parse_message() accepts only
47 * pkcs7's signedData, some header needed be prepended for correctly
48 * parsing authentication data
49 * A temporary buffer will be allocated if needed, and it should be
50 * kept valid during the authentication because some data in the buffer
51 * will be referenced by efi_signature_verify().
52 *
53 * Return: Pointer to pkcs7_message structure on success, NULL on error
54 */
efi_parse_pkcs7_header(const void * buf,size_t buflen,u8 ** tmpbuf)55 struct pkcs7_message *efi_parse_pkcs7_header(const void *buf,
56 size_t buflen,
57 u8 **tmpbuf)
58 {
59 u8 *ebuf;
60 size_t ebuflen, len;
61 struct pkcs7_message *msg;
62
63 /*
64 * This is the best assumption to check if the binary is
65 * already in a form of pkcs7's signedData.
66 */
67 if (buflen > sizeof(pkcs7_hdr) &&
68 !memcmp(&((u8 *)buf)[4], &pkcs7_hdr[4], 11)) {
69 msg = pkcs7_parse_message(buf, buflen);
70 if (IS_ERR(msg))
71 return NULL;
72 return msg;
73 }
74
75 /*
76 * Otherwise, we should add a dummy prefix sequence for pkcs7
77 * message parser to be able to process.
78 * NOTE: EDK2 also uses similar hack in WrapPkcs7Data()
79 * in CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
80 * TODO:
81 * The header should be composed in a more refined manner.
82 */
83 EFI_PRINT("Makeshift prefix added to authentication data\n");
84 ebuflen = sizeof(pkcs7_hdr) + buflen;
85 if (ebuflen <= 0x7f) {
86 EFI_PRINT("Data is too short\n");
87 return NULL;
88 }
89
90 ebuf = malloc(ebuflen);
91 if (!ebuf) {
92 EFI_PRINT("Out of memory\n");
93 return NULL;
94 }
95
96 memcpy(ebuf, pkcs7_hdr, sizeof(pkcs7_hdr));
97 memcpy(ebuf + sizeof(pkcs7_hdr), buf, buflen);
98 len = ebuflen - 4;
99 ebuf[2] = (len >> 8) & 0xff;
100 ebuf[3] = len & 0xff;
101 len = ebuflen - 0x13;
102 ebuf[0x11] = (len >> 8) & 0xff;
103 ebuf[0x12] = len & 0xff;
104
105 msg = pkcs7_parse_message(ebuf, ebuflen);
106
107 if (IS_ERR(msg)) {
108 free(ebuf);
109 return NULL;
110 }
111
112 *tmpbuf = ebuf;
113 return msg;
114 }
115
116 /**
117 * efi_hash_regions - calculate a hash value
118 * @regs: Array of regions
119 * @count: Number of regions
120 * @hash: Pointer to a pointer to buffer holding a hash value
121 * @size: Size of buffer to be returned
122 *
123 * Calculate a sha256 value of @regs and return a value in @hash.
124 *
125 * Return: true on success, false on error
126 */
efi_hash_regions(struct image_region * regs,int count,void ** hash,size_t * size)127 static bool efi_hash_regions(struct image_region *regs, int count,
128 void **hash, size_t *size)
129 {
130 if (!*hash) {
131 *hash = calloc(1, SHA256_SUM_LEN);
132 if (!*hash) {
133 EFI_PRINT("Out of memory\n");
134 return false;
135 }
136 }
137 if (size)
138 *size = SHA256_SUM_LEN;
139
140 hash_calculate("sha256", regs, count, *hash);
141 #ifdef DEBUG
142 EFI_PRINT("hash calculated:\n");
143 print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1,
144 *hash, SHA256_SUM_LEN, false);
145 #endif
146
147 return true;
148 }
149
150 /**
151 * efi_signature_lookup_digest - search for an image's digest in sigdb
152 * @regs: List of regions to be authenticated
153 * @db: Signature database for trusted certificates
154 *
155 * A message digest of image pointed to by @regs is calculated and
156 * its hash value is compared to entries in signature database pointed
157 * to by @db.
158 *
159 * Return: true if found, false if not
160 */
efi_signature_lookup_digest(struct efi_image_regions * regs,struct efi_signature_store * db)161 bool efi_signature_lookup_digest(struct efi_image_regions *regs,
162 struct efi_signature_store *db)
163 {
164 struct efi_signature_store *siglist;
165 struct efi_sig_data *sig_data;
166 void *hash = NULL;
167 size_t size = 0;
168 bool found = false;
169
170 EFI_PRINT("%s: Enter, %p, %p\n", __func__, regs, db);
171
172 if (!regs || !db || !db->sig_data_list)
173 goto out;
174
175 for (siglist = db; siglist; siglist = siglist->next) {
176 /* TODO: support other hash algorithms */
177 if (guidcmp(&siglist->sig_type, &efi_guid_sha256)) {
178 EFI_PRINT("Digest algorithm is not supported: %pUl\n",
179 &siglist->sig_type);
180 break;
181 }
182
183 if (!efi_hash_regions(regs->reg, regs->num, &hash, &size)) {
184 EFI_PRINT("Digesting an image failed\n");
185 break;
186 }
187
188 for (sig_data = siglist->sig_data_list; sig_data;
189 sig_data = sig_data->next) {
190 #ifdef DEBUG
191 EFI_PRINT("Msg digest in database:\n");
192 print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1,
193 sig_data->data, sig_data->size, false);
194 #endif
195 if (sig_data->size == size &&
196 !memcmp(sig_data->data, hash, size)) {
197 found = true;
198 free(hash);
199 goto out;
200 }
201 }
202
203 free(hash);
204 hash = NULL;
205 }
206
207 out:
208 EFI_PRINT("%s: Exit, found: %d\n", __func__, found);
209 return found;
210 }
211
212 /**
213 * efi_lookup_certificate - find a certificate within db
214 * @msg: Signature
215 * @db: Signature database
216 *
217 * Search signature database pointed to by @db and find a certificate
218 * pointed to by @cert.
219 *
220 * Return: true if found, false otherwise.
221 */
efi_lookup_certificate(struct x509_certificate * cert,struct efi_signature_store * db)222 static bool efi_lookup_certificate(struct x509_certificate *cert,
223 struct efi_signature_store *db)
224 {
225 struct efi_signature_store *siglist;
226 struct efi_sig_data *sig_data;
227 struct image_region reg[1];
228 void *hash = NULL, *hash_tmp = NULL;
229 size_t size = 0;
230 bool found = false;
231
232 EFI_PRINT("%s: Enter, %p, %p\n", __func__, cert, db);
233
234 if (!cert || !db || !db->sig_data_list)
235 goto out;
236
237 /*
238 * TODO: identify a certificate using sha256 digest
239 * Is there any better way?
240 */
241 /* calculate hash of TBSCertificate */
242 reg[0].data = cert->tbs;
243 reg[0].size = cert->tbs_size;
244 if (!efi_hash_regions(reg, 1, &hash, &size))
245 goto out;
246
247 EFI_PRINT("%s: searching for %s\n", __func__, cert->subject);
248 for (siglist = db; siglist; siglist = siglist->next) {
249 /* only with x509 certificate */
250 if (guidcmp(&siglist->sig_type, &efi_guid_cert_x509))
251 continue;
252
253 for (sig_data = siglist->sig_data_list; sig_data;
254 sig_data = sig_data->next) {
255 struct x509_certificate *cert_tmp;
256
257 cert_tmp = x509_cert_parse(sig_data->data,
258 sig_data->size);
259 if (IS_ERR_OR_NULL(cert_tmp))
260 continue;
261
262 EFI_PRINT("%s: against %s\n", __func__,
263 cert_tmp->subject);
264 reg[0].data = cert_tmp->tbs;
265 reg[0].size = cert_tmp->tbs_size;
266 if (!efi_hash_regions(reg, 1, &hash_tmp, NULL))
267 goto out;
268
269 x509_free_certificate(cert_tmp);
270
271 if (!memcmp(hash, hash_tmp, size)) {
272 found = true;
273 goto out;
274 }
275 }
276 }
277 out:
278 free(hash);
279 free(hash_tmp);
280
281 EFI_PRINT("%s: Exit, found: %d\n", __func__, found);
282 return found;
283 }
284
285 /**
286 * efi_verify_certificate - verify certificate's signature with database
287 * @signer: Certificate
288 * @db: Signature database
289 * @root: Certificate to verify @signer
290 *
291 * Determine if certificate pointed to by @signer may be verified
292 * by one of certificates in signature database pointed to by @db.
293 *
294 * Return: true if certificate is verified, false otherwise.
295 */
efi_verify_certificate(struct x509_certificate * signer,struct efi_signature_store * db,struct x509_certificate ** root)296 static bool efi_verify_certificate(struct x509_certificate *signer,
297 struct efi_signature_store *db,
298 struct x509_certificate **root)
299 {
300 struct efi_signature_store *siglist;
301 struct efi_sig_data *sig_data;
302 struct x509_certificate *cert;
303 bool verified = false;
304 int ret;
305
306 EFI_PRINT("%s: Enter, %p, %p\n", __func__, signer, db);
307
308 if (!signer || !db || !db->sig_data_list)
309 goto out;
310
311 for (siglist = db; siglist; siglist = siglist->next) {
312 /* only with x509 certificate */
313 if (guidcmp(&siglist->sig_type, &efi_guid_cert_x509))
314 continue;
315
316 for (sig_data = siglist->sig_data_list; sig_data;
317 sig_data = sig_data->next) {
318 cert = x509_cert_parse(sig_data->data, sig_data->size);
319 if (IS_ERR_OR_NULL(cert)) {
320 EFI_PRINT("Cannot parse x509 certificate\n");
321 continue;
322 }
323
324 ret = public_key_verify_signature(cert->pub,
325 signer->sig);
326 if (!ret) {
327 verified = true;
328 if (root)
329 *root = cert;
330 else
331 x509_free_certificate(cert);
332 goto out;
333 }
334 x509_free_certificate(cert);
335 }
336 }
337
338 out:
339 EFI_PRINT("%s: Exit, verified: %d\n", __func__, verified);
340 return verified;
341 }
342
343 /**
344 * efi_signature_check_revocation - check revocation with dbx
345 * @sinfo: Signer's info
346 * @cert: x509 certificate
347 * @dbx: Revocation signature database
348 *
349 * Search revocation signature database pointed to by @dbx and find
350 * an entry matching to certificate pointed to by @cert.
351 *
352 * While this entry contains revocation time, we don't support timestamp
353 * protocol at this time and any image will be unconditionally revoked
354 * when this match occurs.
355 *
356 * Return: true if check passed (not found), false otherwise.
357 */
efi_signature_check_revocation(struct pkcs7_signed_info * sinfo,struct x509_certificate * cert,struct efi_signature_store * dbx)358 static bool efi_signature_check_revocation(struct pkcs7_signed_info *sinfo,
359 struct x509_certificate *cert,
360 struct efi_signature_store *dbx)
361 {
362 struct efi_signature_store *siglist;
363 struct efi_sig_data *sig_data;
364 struct image_region reg[1];
365 void *hash = NULL;
366 size_t size = 0;
367 time64_t revoc_time;
368 bool revoked = false;
369
370 EFI_PRINT("%s: Enter, %p, %p, %p\n", __func__, sinfo, cert, dbx);
371
372 if (!sinfo || !cert || !dbx || !dbx->sig_data_list)
373 goto out;
374
375 EFI_PRINT("Checking revocation against %s\n", cert->subject);
376 for (siglist = dbx; siglist; siglist = siglist->next) {
377 if (guidcmp(&siglist->sig_type, &efi_guid_cert_x509_sha256))
378 continue;
379
380 /* calculate hash of TBSCertificate */
381 reg[0].data = cert->tbs;
382 reg[0].size = cert->tbs_size;
383 if (!efi_hash_regions(reg, 1, &hash, &size))
384 goto out;
385
386 for (sig_data = siglist->sig_data_list; sig_data;
387 sig_data = sig_data->next) {
388 /*
389 * struct efi_cert_x509_sha256 {
390 * u8 tbs_hash[256/8];
391 * time64_t revocation_time;
392 * };
393 */
394 #ifdef DEBUG
395 if (sig_data->size >= size) {
396 EFI_PRINT("hash in db:\n");
397 print_hex_dump(" ", DUMP_PREFIX_OFFSET,
398 16, 1,
399 sig_data->data, size, false);
400 }
401 #endif
402 if ((sig_data->size < size + sizeof(time64_t)) ||
403 memcmp(sig_data->data, hash, size))
404 continue;
405
406 memcpy(&revoc_time, sig_data->data + size,
407 sizeof(revoc_time));
408 EFI_PRINT("revocation time: 0x%llx\n", revoc_time);
409 /*
410 * TODO: compare signing timestamp in sinfo
411 * with revocation time
412 */
413
414 revoked = true;
415 free(hash);
416 goto out;
417 }
418 free(hash);
419 hash = NULL;
420 }
421 out:
422 EFI_PRINT("%s: Exit, revoked: %d\n", __func__, revoked);
423 return !revoked;
424 }
425
426 /*
427 * efi_signature_verify - verify signatures with db and dbx
428 * @regs: List of regions to be authenticated
429 * @msg: Signature
430 * @db: Signature database for trusted certificates
431 * @dbx: Revocation signature database
432 *
433 * All the signature pointed to by @msg against image pointed to by @regs
434 * will be verified by signature database pointed to by @db and @dbx.
435 *
436 * Return: true if verification for all signatures passed, false otherwise
437 */
efi_signature_verify(struct efi_image_regions * regs,struct pkcs7_message * msg,struct efi_signature_store * db,struct efi_signature_store * dbx)438 bool efi_signature_verify(struct efi_image_regions *regs,
439 struct pkcs7_message *msg,
440 struct efi_signature_store *db,
441 struct efi_signature_store *dbx)
442 {
443 struct pkcs7_signed_info *sinfo;
444 struct x509_certificate *signer, *root;
445 bool verified = false;
446 int ret;
447
448 EFI_PRINT("%s: Enter, %p, %p, %p, %p\n", __func__, regs, msg, db, dbx);
449
450 if (!regs || !msg || !db || !db->sig_data_list)
451 goto out;
452
453 for (sinfo = msg->signed_infos; sinfo; sinfo = sinfo->next) {
454 EFI_PRINT("Signed Info: digest algo: %s, pkey algo: %s\n",
455 sinfo->sig->hash_algo, sinfo->sig->pkey_algo);
456
457 /*
458 * only for authenticated variable.
459 *
460 * If this function is called for image,
461 * hash calculation will be done in
462 * pkcs7_verify_one().
463 */
464 if (!msg->data &&
465 !efi_hash_regions(regs->reg, regs->num,
466 (void **)&sinfo->sig->digest, NULL)) {
467 EFI_PRINT("Digesting an image failed\n");
468 goto out;
469 }
470
471 EFI_PRINT("Verifying certificate chain\n");
472 signer = NULL;
473 ret = pkcs7_verify_one(msg, sinfo, &signer);
474 if (ret == -ENOPKG)
475 continue;
476
477 if (ret < 0 || !signer)
478 goto out;
479
480 if (sinfo->blacklisted)
481 goto out;
482
483 EFI_PRINT("Verifying last certificate in chain\n");
484 if (signer->self_signed) {
485 if (efi_lookup_certificate(signer, db))
486 if (efi_signature_check_revocation(sinfo,
487 signer, dbx))
488 break;
489 } else if (efi_verify_certificate(signer, db, &root)) {
490 bool check;
491
492 check = efi_signature_check_revocation(sinfo, root,
493 dbx);
494 x509_free_certificate(root);
495 if (check)
496 break;
497 }
498
499 EFI_PRINT("Certificate chain didn't reach trusted CA\n");
500 }
501 if (sinfo)
502 verified = true;
503 out:
504 EFI_PRINT("%s: Exit, verified: %d\n", __func__, verified);
505 return verified;
506 }
507
508 /**
509 * efi_signature_check_signers - check revocation against all signers with dbx
510 * @msg: Signature
511 * @dbx: Revocation signature database
512 *
513 * Determine if none of signers' certificates in @msg are revoked
514 * by signature database pointed to by @dbx.
515 *
516 * Return: true if all signers passed, false otherwise.
517 */
efi_signature_check_signers(struct pkcs7_message * msg,struct efi_signature_store * dbx)518 bool efi_signature_check_signers(struct pkcs7_message *msg,
519 struct efi_signature_store *dbx)
520 {
521 struct pkcs7_signed_info *sinfo;
522 bool revoked = false;
523
524 EFI_PRINT("%s: Enter, %p, %p\n", __func__, msg, dbx);
525
526 if (!msg || !dbx)
527 goto out;
528
529 for (sinfo = msg->signed_infos; sinfo; sinfo = sinfo->next) {
530 if (sinfo->signer &&
531 !efi_signature_check_revocation(sinfo, sinfo->signer,
532 dbx)) {
533 revoked = true;
534 break;
535 }
536 }
537 out:
538 EFI_PRINT("%s: Exit, revoked: %d\n", __func__, revoked);
539 return !revoked;
540 }
541
542 /**
543 * efi_image_region_add() - add an entry of region
544 * @regs: Pointer to array of regions
545 * @start: Start address of region (included)
546 * @end: End address of region (excluded)
547 * @nocheck: flag against overlapped regions
548 *
549 * Take one entry of region [@start, @end[ and insert it into the list.
550 *
551 * * If @nocheck is false, the list will be sorted ascending by address.
552 * Overlapping entries will not be allowed.
553 *
554 * * If @nocheck is true, the list will be sorted ascending by sequence
555 * of adding the entries. Overlapping is allowed.
556 *
557 * Return: status code
558 */
efi_image_region_add(struct efi_image_regions * regs,const void * start,const void * end,int nocheck)559 efi_status_t efi_image_region_add(struct efi_image_regions *regs,
560 const void *start, const void *end,
561 int nocheck)
562 {
563 struct image_region *reg;
564 int i, j;
565
566 if (regs->num >= regs->max) {
567 EFI_PRINT("%s: no more room for regions\n", __func__);
568 return EFI_OUT_OF_RESOURCES;
569 }
570
571 if (end < start)
572 return EFI_INVALID_PARAMETER;
573
574 for (i = 0; i < regs->num; i++) {
575 reg = ®s->reg[i];
576 if (nocheck)
577 continue;
578
579 /* new data after registered region */
580 if (start >= reg->data + reg->size)
581 continue;
582
583 /* new data preceding registered region */
584 if (end <= reg->data) {
585 for (j = regs->num - 1; j >= i; j--)
586 memcpy(®s->reg[j + 1], ®s->reg[j],
587 sizeof(*reg));
588 break;
589 }
590
591 /* new data overlapping registered region */
592 EFI_PRINT("%s: new region already part of another\n", __func__);
593 return EFI_INVALID_PARAMETER;
594 }
595
596 reg = ®s->reg[i];
597 reg->data = start;
598 reg->size = end - start;
599 regs->num++;
600
601 return EFI_SUCCESS;
602 }
603
604 /**
605 * efi_sigstore_free - free signature store
606 * @sigstore: Pointer to signature store structure
607 *
608 * Feee all the memories held in signature store and itself,
609 * which were allocated by efi_sigstore_parse_sigdb().
610 */
efi_sigstore_free(struct efi_signature_store * sigstore)611 void efi_sigstore_free(struct efi_signature_store *sigstore)
612 {
613 struct efi_signature_store *sigstore_next;
614 struct efi_sig_data *sig_data, *sig_data_next;
615
616 while (sigstore) {
617 sigstore_next = sigstore->next;
618
619 sig_data = sigstore->sig_data_list;
620 while (sig_data) {
621 sig_data_next = sig_data->next;
622 free(sig_data->data);
623 free(sig_data);
624 sig_data = sig_data_next;
625 }
626
627 free(sigstore);
628 sigstore = sigstore_next;
629 }
630 }
631
632 /**
633 * efi_sigstore_parse_siglist - parse a signature list
634 * @name: Pointer to signature list
635 *
636 * Parse signature list and instantiate a signature store structure.
637 * Signature database is a simple concatenation of one or more
638 * signature list(s).
639 *
640 * Return: Pointer to signature store on success, NULL on error
641 */
642 static struct efi_signature_store *
efi_sigstore_parse_siglist(struct efi_signature_list * esl)643 efi_sigstore_parse_siglist(struct efi_signature_list *esl)
644 {
645 struct efi_signature_store *siglist = NULL;
646 struct efi_sig_data *sig_data, *sig_data_next;
647 struct efi_signature_data *esd;
648 size_t left;
649
650 /*
651 * UEFI specification defines certificate types:
652 * for non-signed images,
653 * EFI_CERT_SHA256_GUID
654 * EFI_CERT_RSA2048_GUID
655 * EFI_CERT_RSA2048_SHA256_GUID
656 * EFI_CERT_SHA1_GUID
657 * EFI_CERT_RSA2048_SHA_GUID
658 * EFI_CERT_SHA224_GUID
659 * EFI_CERT_SHA384_GUID
660 * EFI_CERT_SHA512_GUID
661 *
662 * for signed images,
663 * EFI_CERT_X509_GUID
664 * NOTE: Each certificate will normally be in a separate
665 * EFI_SIGNATURE_LIST as the size may vary depending on
666 * its algo's.
667 *
668 * for timestamp revocation of certificate,
669 * EFI_CERT_X509_SHA512_GUID
670 * EFI_CERT_X509_SHA256_GUID
671 * EFI_CERT_X509_SHA384_GUID
672 */
673
674 if (esl->signature_list_size
675 <= (sizeof(*esl) + esl->signature_header_size)) {
676 EFI_PRINT("Siglist in wrong format\n");
677 return NULL;
678 }
679
680 /* Create a head */
681 siglist = calloc(sizeof(*siglist), 1);
682 if (!siglist) {
683 EFI_PRINT("Out of memory\n");
684 goto err;
685 }
686 memcpy(&siglist->sig_type, &esl->signature_type, sizeof(efi_guid_t));
687
688 /* Go through the list */
689 sig_data_next = NULL;
690 left = esl->signature_list_size
691 - (sizeof(*esl) + esl->signature_header_size);
692 esd = (struct efi_signature_data *)
693 ((u8 *)esl + sizeof(*esl) + esl->signature_header_size);
694
695 while (left > 0) {
696 /* Signature must exist if there is remaining data. */
697 if (left < esl->signature_size) {
698 EFI_PRINT("Certificate is too small\n");
699 goto err;
700 }
701
702 sig_data = calloc(esl->signature_size
703 - sizeof(esd->signature_owner), 1);
704 if (!sig_data) {
705 EFI_PRINT("Out of memory\n");
706 goto err;
707 }
708
709 /* Append signature data */
710 memcpy(&sig_data->owner, &esd->signature_owner,
711 sizeof(efi_guid_t));
712 sig_data->size = esl->signature_size
713 - sizeof(esd->signature_owner);
714 sig_data->data = malloc(sig_data->size);
715 if (!sig_data->data) {
716 EFI_PRINT("Out of memory\n");
717 goto err;
718 }
719 memcpy(sig_data->data, esd->signature_data, sig_data->size);
720
721 sig_data->next = sig_data_next;
722 sig_data_next = sig_data;
723
724 /* Next */
725 esd = (struct efi_signature_data *)
726 ((u8 *)esd + esl->signature_size);
727 left -= esl->signature_size;
728 }
729 siglist->sig_data_list = sig_data_next;
730
731 return siglist;
732
733 err:
734 efi_sigstore_free(siglist);
735
736 return NULL;
737 }
738
739 /**
740 * efi_sigstore_parse_sigdb - parse the signature list and populate
741 * the signature store
742 *
743 * @sig_list: Pointer to the signature list
744 * @size: Size of the signature list
745 *
746 * Parse the efi signature list and instantiate a signature store
747 * structure.
748 *
749 * Return: Pointer to signature store on success, NULL on error
750 */
efi_build_signature_store(void * sig_list,efi_uintn_t size)751 struct efi_signature_store *efi_build_signature_store(void *sig_list,
752 efi_uintn_t size)
753 {
754 struct efi_signature_list *esl;
755 struct efi_signature_store *sigstore = NULL, *siglist;
756
757 esl = sig_list;
758 while (size > 0) {
759 /* List must exist if there is remaining data. */
760 if (size < sizeof(*esl)) {
761 EFI_PRINT("Signature list in wrong format\n");
762 goto err;
763 }
764
765 if (size < esl->signature_list_size) {
766 EFI_PRINT("Signature list in wrong format\n");
767 goto err;
768 }
769
770 /* Parse a single siglist. */
771 siglist = efi_sigstore_parse_siglist(esl);
772 if (!siglist) {
773 EFI_PRINT("Parsing of signature list of failed\n");
774 goto err;
775 }
776
777 /* Append siglist */
778 siglist->next = sigstore;
779 sigstore = siglist;
780
781 /* Next */
782 size -= esl->signature_list_size;
783 esl = (void *)esl + esl->signature_list_size;
784 }
785 free(sig_list);
786
787 return sigstore;
788
789 err:
790 efi_sigstore_free(sigstore);
791 free(sig_list);
792
793 return NULL;
794 }
795
796 /**
797 * efi_sigstore_parse_sigdb - parse a signature database variable
798 * @name: Variable's name
799 *
800 * Read in a value of signature database variable pointed to by
801 * @name, parse it and instantiate a signature store structure.
802 *
803 * Return: Pointer to signature store on success, NULL on error
804 */
efi_sigstore_parse_sigdb(u16 * name)805 struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name)
806 {
807 struct efi_signature_store *sigstore = NULL;
808 const efi_guid_t *vendor;
809 void *db;
810 efi_uintn_t db_size;
811 efi_status_t ret;
812
813 if (!u16_strcmp(name, L"PK") || !u16_strcmp(name, L"KEK")) {
814 vendor = &efi_global_variable_guid;
815 } else if (!u16_strcmp(name, L"db") || !u16_strcmp(name, L"dbx")) {
816 vendor = &efi_guid_image_security_database;
817 } else {
818 EFI_PRINT("unknown signature database, %ls\n", name);
819 return NULL;
820 }
821
822 /* retrieve variable data */
823 db_size = 0;
824 ret = EFI_CALL(efi_get_variable(name, vendor, NULL, &db_size, NULL));
825 if (ret == EFI_NOT_FOUND) {
826 EFI_PRINT("variable, %ls, not found\n", name);
827 sigstore = calloc(sizeof(*sigstore), 1);
828 return sigstore;
829 } else if (ret != EFI_BUFFER_TOO_SMALL) {
830 EFI_PRINT("Getting variable, %ls, failed\n", name);
831 return NULL;
832 }
833
834 db = malloc(db_size);
835 if (!db) {
836 EFI_PRINT("Out of memory\n");
837 return NULL;
838 }
839
840 ret = EFI_CALL(efi_get_variable(name, vendor, NULL, &db_size, db));
841 if (ret != EFI_SUCCESS) {
842 EFI_PRINT("Getting variable, %ls, failed\n", name);
843 free(db);
844 return NULL;
845 }
846
847 return efi_build_signature_store(db, db_size);
848 }
849 #endif /* CONFIG_EFI_SECURE_BOOT || CONFIG_EFI_CAPSULE_AUTHENTICATE */
850