xref: /linux/security/integrity/platform_certs/efi_parser.c (revision 762f99f4f3cb41a775b5157dd761217beba65873) 
10bc9ae39SDave Howells // SPDX-License-Identifier: GPL-2.0+
20bc9ae39SDave Howells /* EFI signature/key/certificate list parser
30bc9ae39SDave Howells  *
40bc9ae39SDave Howells  * Copyright (C) 2012, 2016 Red Hat, Inc. All Rights Reserved.
50bc9ae39SDave Howells  * Written by David Howells (dhowells@redhat.com)
60bc9ae39SDave Howells  */
70bc9ae39SDave Howells 
80bc9ae39SDave Howells #define pr_fmt(fmt) "EFI: "fmt
90bc9ae39SDave Howells #include <linux/module.h>
100bc9ae39SDave Howells #include <linux/printk.h>
110bc9ae39SDave Howells #include <linux/err.h>
120bc9ae39SDave Howells #include <linux/efi.h>
130bc9ae39SDave Howells 
140bc9ae39SDave Howells /**
150bc9ae39SDave Howells  * parse_efi_signature_list - Parse an EFI signature list for certificates
160bc9ae39SDave Howells  * @source: The source of the key
170bc9ae39SDave Howells  * @data: The data blob to parse
180bc9ae39SDave Howells  * @size: The size of the data blob
190bc9ae39SDave Howells  * @get_handler_for_guid: Get the handler func for the sig type (or NULL)
200bc9ae39SDave Howells  *
210bc9ae39SDave Howells  * Parse an EFI signature list looking for elements of interest.  A list is
220bc9ae39SDave Howells  * made up of a series of sublists, where all the elements in a sublist are of
230bc9ae39SDave Howells  * the same type, but sublists can be of different types.
240bc9ae39SDave Howells  *
250bc9ae39SDave Howells  * For each sublist encountered, the @get_handler_for_guid function is called
260bc9ae39SDave Howells  * with the type specifier GUID and returns either a pointer to a function to
270bc9ae39SDave Howells  * handle elements of that type or NULL if the type is not of interest.
280bc9ae39SDave Howells  *
290bc9ae39SDave Howells  * If the sublist is of interest, each element is passed to the handler
300bc9ae39SDave Howells  * function in turn.
310bc9ae39SDave Howells  *
320bc9ae39SDave Howells  * Error EBADMSG is returned if the list doesn't parse correctly and 0 is
330bc9ae39SDave Howells  * returned if the list was parsed correctly.  No error can be returned from
340bc9ae39SDave Howells  * the @get_handler_for_guid function or the element handler function it
350bc9ae39SDave Howells  * returns.
360bc9ae39SDave Howells  */
parse_efi_signature_list(const char * source,const void * data,size_t size,efi_element_handler_t (* get_handler_for_guid)(const efi_guid_t *))370bc9ae39SDave Howells int __init parse_efi_signature_list(
380bc9ae39SDave Howells 	const char *source,
390bc9ae39SDave Howells 	const void *data, size_t size,
400bc9ae39SDave Howells 	efi_element_handler_t (*get_handler_for_guid)(const efi_guid_t *))
410bc9ae39SDave Howells {
420bc9ae39SDave Howells 	efi_element_handler_t handler;
430bc9ae39SDave Howells 	unsigned int offs = 0;
440bc9ae39SDave Howells 
450bc9ae39SDave Howells 	pr_devel("-->%s(,%zu)\n", __func__, size);
460bc9ae39SDave Howells 
470bc9ae39SDave Howells 	while (size > 0) {
480bc9ae39SDave Howells 		const efi_signature_data_t *elem;
490bc9ae39SDave Howells 		efi_signature_list_t list;
500bc9ae39SDave Howells 		size_t lsize, esize, hsize, elsize;
510bc9ae39SDave Howells 
520bc9ae39SDave Howells 		if (size < sizeof(list))
530bc9ae39SDave Howells 			return -EBADMSG;
540bc9ae39SDave Howells 
550bc9ae39SDave Howells 		memcpy(&list, data, sizeof(list));
560bc9ae39SDave Howells 		pr_devel("LIST[%04x] guid=%pUl ls=%x hs=%x ss=%x\n",
570bc9ae39SDave Howells 			 offs,
58*b31eea2eSAndy Shevchenko 			 &list.signature_type, list.signature_list_size,
590bc9ae39SDave Howells 			 list.signature_header_size, list.signature_size);
600bc9ae39SDave Howells 
610bc9ae39SDave Howells 		lsize = list.signature_list_size;
620bc9ae39SDave Howells 		hsize = list.signature_header_size;
630bc9ae39SDave Howells 		esize = list.signature_size;
640bc9ae39SDave Howells 		elsize = lsize - sizeof(list) - hsize;
650bc9ae39SDave Howells 
660bc9ae39SDave Howells 		if (lsize > size) {
670bc9ae39SDave Howells 			pr_devel("<--%s() = -EBADMSG [overrun @%x]\n",
680bc9ae39SDave Howells 				 __func__, offs);
690bc9ae39SDave Howells 			return -EBADMSG;
700bc9ae39SDave Howells 		}
710bc9ae39SDave Howells 
720bc9ae39SDave Howells 		if (lsize < sizeof(list) ||
730bc9ae39SDave Howells 		    lsize - sizeof(list) < hsize ||
740bc9ae39SDave Howells 		    esize < sizeof(*elem) ||
750bc9ae39SDave Howells 		    elsize < esize ||
760bc9ae39SDave Howells 		    elsize % esize != 0) {
770bc9ae39SDave Howells 			pr_devel("- bad size combo @%x\n", offs);
780bc9ae39SDave Howells 			return -EBADMSG;
790bc9ae39SDave Howells 		}
800bc9ae39SDave Howells 
810bc9ae39SDave Howells 		handler = get_handler_for_guid(&list.signature_type);
820bc9ae39SDave Howells 		if (!handler) {
830bc9ae39SDave Howells 			data += lsize;
840bc9ae39SDave Howells 			size -= lsize;
850bc9ae39SDave Howells 			offs += lsize;
860bc9ae39SDave Howells 			continue;
870bc9ae39SDave Howells 		}
880bc9ae39SDave Howells 
890bc9ae39SDave Howells 		data += sizeof(list) + hsize;
900bc9ae39SDave Howells 		size -= sizeof(list) + hsize;
910bc9ae39SDave Howells 		offs += sizeof(list) + hsize;
920bc9ae39SDave Howells 
930bc9ae39SDave Howells 		for (; elsize > 0; elsize -= esize) {
940bc9ae39SDave Howells 			elem = data;
950bc9ae39SDave Howells 
960bc9ae39SDave Howells 			pr_devel("ELEM[%04x]\n", offs);
970bc9ae39SDave Howells 			handler(source,
980bc9ae39SDave Howells 				&elem->signature_data,
990bc9ae39SDave Howells 				esize - sizeof(*elem));
1000bc9ae39SDave Howells 
1010bc9ae39SDave Howells 			data += esize;
1020bc9ae39SDave Howells 			size -= esize;
1030bc9ae39SDave Howells 			offs += esize;
1040bc9ae39SDave Howells 		}
1050bc9ae39SDave Howells 	}
1060bc9ae39SDave Howells 
1070bc9ae39SDave Howells 	return 0;
1080bc9ae39SDave Howells }
109