src/image/efi_siglist.c - ipxe - Git at Google

 /*
  * Copyright (C) 2025 Michael Brown <mbrown@fensystems.co.uk>.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License as
  * published by the Free Software Foundation; either version 2 of the
  * License, or any later version.
  *
  * This program is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  * General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  * 02110-1301, USA.
  *
  * You can also choose to distribute this program under the terms of
  * the Unmodified Binary Distribution Licence (as given in the file
  * COPYING.UBDL), provided that you have satisfied its requirements.
  */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 FILE_SECBOOT ( PERMITTED );

 /** @file
  *
  * EFI signature lists
  *
  */

 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
 #include <ipxe/asn1.h>
 #include <ipxe/der.h>
 #include <ipxe/pem.h>
 #include <ipxe/image.h>
 #include <ipxe/efi/efi.h>
 #include <ipxe/efi/Guid/ImageAuthentication.h>
 #include <ipxe/efi/efi_siglist.h>

 /**
  * Find EFI signature list entry
  *
  * @v data		EFI signature list
  * @v len		Length of EFI signature list
  * @v start		Starting offset to update
  * @v lhdr		Signature list header to fill in
  * @v dhdr		Signature data header to fill in
  * @ret rc		Return status code
  */
 static int efisig_find ( const void *data, size_t len, size_t *start,
 			 const EFI_SIGNATURE_LIST **lhdr,
 			 const EFI_SIGNATURE_DATA **dhdr ) {
 	size_t offset;
 	size_t remaining;
 	size_t skip;
 	size_t dlen;

 	/* Scan through signature list */
 	offset = 0;
 	while ( 1 ) {

 		/* Read list header */
 		assert ( offset <= len );
 		remaining = ( len - offset );
 		if ( remaining < sizeof ( **lhdr ) ) {
 			DBGC ( data, "EFISIG [%#zx,%#zx) truncated header "
 			       "at +%#zx\n", *start, len, offset );
 			return -EINVAL;
 		}
 		*lhdr = ( data + offset );

 		/* Get length of this signature list */
 		if ( remaining < (*lhdr)->SignatureListSize ) {
 			DBGC ( data, "EFISIG [%#zx,%#zx) truncated list at "
 			       "+%#zx\n", *start, len, offset );
 			return -EINVAL;
 		}
 		remaining = (*lhdr)->SignatureListSize;

 		/* Get length of each signature in list */
 		dlen = (*lhdr)->SignatureSize;
 		if ( dlen < sizeof ( **dhdr ) ) {
 			DBGC ( data, "EFISIG [%#zx,%#zx) underlength "
 			       "signatures at +%#zx\n", *start, len, offset );
 			return -EINVAL;
 		}

 		/* Strip list header (including variable portion) */
 		if ( ( remaining < sizeof ( **lhdr ) ) ||
 		     ( ( remaining - sizeof ( **lhdr ) ) <
 		       (*lhdr)->SignatureHeaderSize ) ) {
 			DBGC ( data, "EFISIG [%#zx,%#zx) malformed header at "
 			       "+%#zx\n", *start, len, offset );
 			return -EINVAL;
 		}
 		skip = ( sizeof ( **lhdr ) + (*lhdr)->SignatureHeaderSize );
 		offset += skip;
 		remaining -= skip;

 		/* Read signatures */
 		for ( ; remaining ; offset += dlen, remaining -= dlen ) {

 			/* Check length */
 			if ( remaining < dlen ) {
 				DBGC ( data, "EFISIG [%#zx,%#zx) truncated "
 				       "at +%#zx\n", *start, len, offset );
 				return -EINVAL;
 			}

 			/* Continue until we find the requested signature */
 			if ( offset < *start )
 				continue;

 			/* Read data header */
 			*dhdr = ( data + offset );
 			DBGC2 ( data, "EFISIG [%#zx,%#zx) %s ",
 				offset, ( offset + dlen ),
 				efi_guid_ntoa ( &(*lhdr)->SignatureType ) );
 			DBGC2 ( data, "owner %s\n",
 				efi_guid_ntoa ( &(*dhdr)->SignatureOwner ) );
 			*start = offset;
 			return 0;
 		}
 	}
 }

 /**
  * Extract ASN.1 object from EFI signature list
  *
  * @v data		EFI signature list
  * @v len		Length of EFI signature list
  * @v offset		Offset within image
  * @v cursor		ASN.1 cursor to fill in
  * @ret next		Offset to next image, or negative error
  *
  * The caller is responsible for eventually calling free() on the
  * allocated ASN.1 cursor.
  */
 int efisig_asn1 ( const void *data, size_t len, size_t offset,
 		  struct asn1_cursor **cursor ) {
 	const EFI_SIGNATURE_LIST *lhdr;
 	const EFI_SIGNATURE_DATA *dhdr;
 	int ( * asn1 ) ( const void *data, size_t len, size_t offset,
 			 struct asn1_cursor **cursor );
 	size_t skip = offsetof ( typeof ( *dhdr ), SignatureData );
 	int next;
 	int rc;

 	/* Locate signature list entry */
 	if ( ( rc = efisig_find ( data, len, &offset, &lhdr, &dhdr ) ) != 0 )
 		goto err_entry;
 	len = ( offset + lhdr->SignatureSize );

 	/* Parse as PEM or DER based on first character */
 	asn1 = ( ( dhdr->SignatureData[0] == ASN1_SEQUENCE ) ?
 		 der_asn1 : pem_asn1 );
 	DBGC2 ( data, "EFISIG [%#zx,%#zx) extracting %s\n", offset, len,
 		( ( asn1 == der_asn1 ) ? "DER" : "PEM" ) );
 	next = asn1 ( data, len, ( offset + skip ), cursor );
 	if ( next < 0 ) {
 		rc = next;
 		DBGC ( data, "EFISIG [%#zx,%#zx) could not extract ASN.1: "
 		       "%s\n", offset, len, strerror ( rc ) );
 		goto err_asn1;
 	}

 	/* Check that whole entry was consumed */
 	if ( ( ( unsigned int ) next ) != len ) {
 		DBGC ( data, "EFISIG [%#zx,%#zx) malformed data\n",
 		       offset, len );
 		rc = -EINVAL;
 		goto err_whole;
 	}

 	return len;

  err_whole:
 	free ( *cursor );
  err_asn1:
  err_entry:
 	return rc;
 }

 /**
  * Probe EFI signature list image
  *
  * @v image		EFI signature list
  * @ret rc		Return status code
  */
 static int efisig_image_probe ( struct image *image ) {
 	const EFI_SIGNATURE_LIST *lhdr;
 	const EFI_SIGNATURE_DATA *dhdr;
 	size_t offset = 0;
 	unsigned int count = 0;
 	int rc;

 	/* Check file is a well-formed signature list */
 	while ( 1 ) {

 		/* Find next signature list entry */
 		if ( ( rc = efisig_find ( image->data, image->len, &offset,
 					  &lhdr, &dhdr ) ) != 0 ) {
 			return rc;
 		}

 		/* Skip this entry */
 		offset += lhdr->SignatureSize;
 		count++;

 		/* Check if we have reached end of the image */
 		if ( offset == image->len ) {
 			DBGC ( image, "EFISIG %s contains %d signatures\n",
 			       image->name, count );
 			return 0;
 		}
 	}
 }

 /**
  * Extract ASN.1 object from EFI signature list image
  *
  * @v image		EFI signature list
  * @v offset		Offset within image
  * @v cursor		ASN.1 cursor to fill in
  * @ret next		Offset to next image, or negative error
  *
  * The caller is responsible for eventually calling free() on the
  * allocated ASN.1 cursor.
  */
 static int efisig_image_asn1 ( struct image *image, size_t offset,
 			       struct asn1_cursor **cursor ) {
 	int next;
 	int rc;

 	/* Extract ASN.1 object */
 	if ( ( next = efisig_asn1 ( image->data, image->len, offset,
 				    cursor ) ) < 0 ) {
 		rc = next;
 		DBGC ( image, "EFISIG %s could not extract ASN.1: %s\n",
 		       image->name, strerror ( rc ) );
 		return rc;
 	}

 	return next;
 }

 /** EFI signature list image type */
 struct image_type efisig_image_type __image_type ( PROBE_NORMAL ) = {
 	.name = "EFISIG",
 	.probe = efisig_image_probe,
 	.asn1 = efisig_image_asn1,
 };
	/*
	* Copyright (C) 2025 Michael Brown <mbrown@fensystems.co.uk>.
	*
	* This program is free software; you can redistribute it and/or
	* modify it under the terms of the GNU General Public License as
	* published by the Free Software Foundation; either version 2 of the
	* License, or any later version.
	*
	* This program is distributed in the hope that it will be useful, but
	* WITHOUT ANY WARRANTY; without even the implied warranty of
	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	* General Public License for more details.
	*
	* You should have received a copy of the GNU General Public License
	* along with this program; if not, write to the Free Software
	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
	* 02110-1301, USA.
	*
	* You can also choose to distribute this program under the terms of
	* the Unmodified Binary Distribution Licence (as given in the file
	* COPYING.UBDL), provided that you have satisfied its requirements.
	*/

	FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
	FILE_SECBOOT ( PERMITTED );

	/** @file
	*
	* EFI signature lists
	*
	*/

	#include <stdlib.h>
	#include <string.h>
	#include <errno.h>
	#include <ipxe/asn1.h>
	#include <ipxe/der.h>
	#include <ipxe/pem.h>
	#include <ipxe/image.h>
	#include <ipxe/efi/efi.h>
	#include <ipxe/efi/Guid/ImageAuthentication.h>
	#include <ipxe/efi/efi_siglist.h>

	/**
	* Find EFI signature list entry
	*
	* @v data EFI signature list
	* @v len Length of EFI signature list
	* @v start Starting offset to update
	* @v lhdr Signature list header to fill in
	* @v dhdr Signature data header to fill in
	* @ret rc Return status code
	*/
	static int efisig_find ( const void data, size_t len, size_t start,
	const EFI_SIGNATURE_LIST **lhdr,
	const EFI_SIGNATURE_DATA **dhdr ) {
	size_t offset;
	size_t remaining;
	size_t skip;
	size_t dlen;

	/* Scan through signature list */
	offset = 0;
	while ( 1 ) {

	/* Read list header */
	assert ( offset <= len );
	remaining = ( len - offset );
	if ( remaining < sizeof ( **lhdr ) ) {
	DBGC ( data, "EFISIG [%#zx,%#zx) truncated header "
	"at +%#zx\n", *start, len, offset );
	return -EINVAL;
	}
	*lhdr = ( data + offset );

	/* Get length of this signature list */
	if ( remaining < (*lhdr)->SignatureListSize ) {
	DBGC ( data, "EFISIG [%#zx,%#zx) truncated list at "
	"+%#zx\n", *start, len, offset );
	return -EINVAL;
	}
	remaining = (*lhdr)->SignatureListSize;

	/* Get length of each signature in list */
	dlen = (*lhdr)->SignatureSize;
	if ( dlen < sizeof ( **dhdr ) ) {
	DBGC ( data, "EFISIG [%#zx,%#zx) underlength "
	"signatures at +%#zx\n", *start, len, offset );
	return -EINVAL;
	}

	/* Strip list header (including variable portion) */
	if ( ( remaining < sizeof ( **lhdr ) ) \|\|
	( ( remaining - sizeof ( **lhdr ) ) <
	(*lhdr)->SignatureHeaderSize ) ) {
	DBGC ( data, "EFISIG [%#zx,%#zx) malformed header at "
	"+%#zx\n", *start, len, offset );
	return -EINVAL;
	}
	skip = ( sizeof ( *lhdr ) + (lhdr)->SignatureHeaderSize );
	offset += skip;
	remaining -= skip;

	/* Read signatures */
	for ( ; remaining ; offset += dlen, remaining -= dlen ) {

	/* Check length */
	if ( remaining < dlen ) {
	DBGC ( data, "EFISIG [%#zx,%#zx) truncated "
	"at +%#zx\n", *start, len, offset );
	return -EINVAL;
	}

	/* Continue until we find the requested signature */
	if ( offset < *start )
	continue;

	/* Read data header */
	*dhdr = ( data + offset );
	DBGC2 ( data, "EFISIG [%#zx,%#zx) %s ",
	offset, ( offset + dlen ),
	efi_guid_ntoa ( &(*lhdr)->SignatureType ) );
	DBGC2 ( data, "owner %s\n",
	efi_guid_ntoa ( &(*dhdr)->SignatureOwner ) );
	*start = offset;
	return 0;
	}
	}
	}

	/**
	* Extract ASN.1 object from EFI signature list
	*
	* @v data EFI signature list
	* @v len Length of EFI signature list
	* @v offset Offset within image
	* @v cursor ASN.1 cursor to fill in
	* @ret next Offset to next image, or negative error
	*
	* The caller is responsible for eventually calling free() on the
	* allocated ASN.1 cursor.
	*/
	int efisig_asn1 ( const void *data, size_t len, size_t offset,
	struct asn1_cursor **cursor ) {
	const EFI_SIGNATURE_LIST *lhdr;
	const EFI_SIGNATURE_DATA *dhdr;
	int ( * asn1 ) ( const void *data, size_t len, size_t offset,
	struct asn1_cursor **cursor );
	size_t skip = offsetof ( typeof ( *dhdr ), SignatureData );
	int next;
	int rc;

	/* Locate signature list entry */
	if ( ( rc = efisig_find ( data, len, &offset, &lhdr, &dhdr ) ) != 0 )
	goto err_entry;
	len = ( offset + lhdr->SignatureSize );

	/* Parse as PEM or DER based on first character */
	asn1 = ( ( dhdr->SignatureData[0] == ASN1_SEQUENCE ) ?
	der_asn1 : pem_asn1 );
	DBGC2 ( data, "EFISIG [%#zx,%#zx) extracting %s\n", offset, len,
	( ( asn1 == der_asn1 ) ? "DER" : "PEM" ) );
	next = asn1 ( data, len, ( offset + skip ), cursor );
	if ( next < 0 ) {
	rc = next;
	DBGC ( data, "EFISIG [%#zx,%#zx) could not extract ASN.1: "
	"%s\n", offset, len, strerror ( rc ) );
	goto err_asn1;
	}

	/* Check that whole entry was consumed */
	if ( ( ( unsigned int ) next ) != len ) {
	DBGC ( data, "EFISIG [%#zx,%#zx) malformed data\n",
	offset, len );
	rc = -EINVAL;
	goto err_whole;
	}

	return len;

	err_whole:
	free ( *cursor );
	err_asn1:
	err_entry:
	return rc;
	}

	/**
	* Probe EFI signature list image
	*
	* @v image EFI signature list
	* @ret rc Return status code
	*/
	static int efisig_image_probe ( struct image *image ) {
	const EFI_SIGNATURE_LIST *lhdr;
	const EFI_SIGNATURE_DATA *dhdr;
	size_t offset = 0;
	unsigned int count = 0;
	int rc;

	/* Check file is a well-formed signature list */
	while ( 1 ) {

	/* Find next signature list entry */
	if ( ( rc = efisig_find ( image->data, image->len, &offset,
	&lhdr, &dhdr ) ) != 0 ) {
	return rc;
	}

	/* Skip this entry */
	offset += lhdr->SignatureSize;
	count++;

	/* Check if we have reached end of the image */
	if ( offset == image->len ) {
	DBGC ( image, "EFISIG %s contains %d signatures\n",
	image->name, count );
	return 0;
	}
	}
	}

	/**
	* Extract ASN.1 object from EFI signature list image
	*
	* @v image EFI signature list
	* @v offset Offset within image
	* @v cursor ASN.1 cursor to fill in
	* @ret next Offset to next image, or negative error
	*
	* The caller is responsible for eventually calling free() on the
	* allocated ASN.1 cursor.
	*/
	static int efisig_image_asn1 ( struct image *image, size_t offset,
	struct asn1_cursor **cursor ) {
	int next;
	int rc;

	/* Extract ASN.1 object */
	if ( ( next = efisig_asn1 ( image->data, image->len, offset,
	cursor ) ) < 0 ) {
	rc = next;
	DBGC ( image, "EFISIG %s could not extract ASN.1: %s\n",
	image->name, strerror ( rc ) );
	return rc;
	}

	return next;
	}

	/** EFI signature list image type */
	struct image_type efisig_image_type __image_type ( PROBE_NORMAL ) = {
	.name = "EFISIG",
	.probe = efisig_image_probe,
	.asn1 = efisig_image_asn1,
	};