10bc9ae39SDave Howells // SPDX-License-Identifier: GPL-2.0+ 20bc9ae39SDave Howells /* EFI signature/key/certificate list parser 30bc9ae39SDave Howells * 40bc9ae39SDave Howells * Copyright (C) 2012, 2016 Red Hat, Inc. All Rights Reserved. 50bc9ae39SDave Howells * Written by David Howells (dhowells@redhat.com) 60bc9ae39SDave Howells */ 70bc9ae39SDave Howells 80bc9ae39SDave Howells #define pr_fmt(fmt) "EFI: "fmt 90bc9ae39SDave Howells #include <linux/module.h> 100bc9ae39SDave Howells #include <linux/printk.h> 110bc9ae39SDave Howells #include <linux/err.h> 120bc9ae39SDave Howells #include <linux/efi.h> 130bc9ae39SDave Howells 140bc9ae39SDave Howells /** 150bc9ae39SDave Howells * parse_efi_signature_list - Parse an EFI signature list for certificates 160bc9ae39SDave Howells * @source: The source of the key 170bc9ae39SDave Howells * @data: The data blob to parse 180bc9ae39SDave Howells * @size: The size of the data blob 190bc9ae39SDave Howells * @get_handler_for_guid: Get the handler func for the sig type (or NULL) 200bc9ae39SDave Howells * 210bc9ae39SDave Howells * Parse an EFI signature list looking for elements of interest. A list is 220bc9ae39SDave Howells * made up of a series of sublists, where all the elements in a sublist are of 230bc9ae39SDave Howells * the same type, but sublists can be of different types. 240bc9ae39SDave Howells * 250bc9ae39SDave Howells * For each sublist encountered, the @get_handler_for_guid function is called 260bc9ae39SDave Howells * with the type specifier GUID and returns either a pointer to a function to 270bc9ae39SDave Howells * handle elements of that type or NULL if the type is not of interest. 280bc9ae39SDave Howells * 290bc9ae39SDave Howells * If the sublist is of interest, each element is passed to the handler 300bc9ae39SDave Howells * function in turn. 310bc9ae39SDave Howells * 320bc9ae39SDave Howells * Error EBADMSG is returned if the list doesn't parse correctly and 0 is 330bc9ae39SDave Howells * returned if the list was parsed correctly. No error can be returned from 340bc9ae39SDave Howells * the @get_handler_for_guid function or the element handler function it 350bc9ae39SDave Howells * returns. 360bc9ae39SDave Howells */ 370bc9ae39SDave Howells int __init parse_efi_signature_list( 380bc9ae39SDave Howells const char *source, 390bc9ae39SDave Howells const void *data, size_t size, 400bc9ae39SDave Howells efi_element_handler_t (*get_handler_for_guid)(const efi_guid_t *)) 410bc9ae39SDave Howells { 420bc9ae39SDave Howells efi_element_handler_t handler; 430bc9ae39SDave Howells unsigned int offs = 0; 440bc9ae39SDave Howells 450bc9ae39SDave Howells pr_devel("-->%s(,%zu)\n", __func__, size); 460bc9ae39SDave Howells 470bc9ae39SDave Howells while (size > 0) { 480bc9ae39SDave Howells const efi_signature_data_t *elem; 490bc9ae39SDave Howells efi_signature_list_t list; 500bc9ae39SDave Howells size_t lsize, esize, hsize, elsize; 510bc9ae39SDave Howells 520bc9ae39SDave Howells if (size < sizeof(list)) 530bc9ae39SDave Howells return -EBADMSG; 540bc9ae39SDave Howells 550bc9ae39SDave Howells memcpy(&list, data, sizeof(list)); 560bc9ae39SDave Howells pr_devel("LIST[%04x] guid=%pUl ls=%x hs=%x ss=%x\n", 570bc9ae39SDave Howells offs, 58*b31eea2eSAndy Shevchenko &list.signature_type, list.signature_list_size, 590bc9ae39SDave Howells list.signature_header_size, list.signature_size); 600bc9ae39SDave Howells 610bc9ae39SDave Howells lsize = list.signature_list_size; 620bc9ae39SDave Howells hsize = list.signature_header_size; 630bc9ae39SDave Howells esize = list.signature_size; 640bc9ae39SDave Howells elsize = lsize - sizeof(list) - hsize; 650bc9ae39SDave Howells 660bc9ae39SDave Howells if (lsize > size) { 670bc9ae39SDave Howells pr_devel("<--%s() = -EBADMSG [overrun @%x]\n", 680bc9ae39SDave Howells __func__, offs); 690bc9ae39SDave Howells return -EBADMSG; 700bc9ae39SDave Howells } 710bc9ae39SDave Howells 720bc9ae39SDave Howells if (lsize < sizeof(list) || 730bc9ae39SDave Howells lsize - sizeof(list) < hsize || 740bc9ae39SDave Howells esize < sizeof(*elem) || 750bc9ae39SDave Howells elsize < esize || 760bc9ae39SDave Howells elsize % esize != 0) { 770bc9ae39SDave Howells pr_devel("- bad size combo @%x\n", offs); 780bc9ae39SDave Howells return -EBADMSG; 790bc9ae39SDave Howells } 800bc9ae39SDave Howells 810bc9ae39SDave Howells handler = get_handler_for_guid(&list.signature_type); 820bc9ae39SDave Howells if (!handler) { 830bc9ae39SDave Howells data += lsize; 840bc9ae39SDave Howells size -= lsize; 850bc9ae39SDave Howells offs += lsize; 860bc9ae39SDave Howells continue; 870bc9ae39SDave Howells } 880bc9ae39SDave Howells 890bc9ae39SDave Howells data += sizeof(list) + hsize; 900bc9ae39SDave Howells size -= sizeof(list) + hsize; 910bc9ae39SDave Howells offs += sizeof(list) + hsize; 920bc9ae39SDave Howells 930bc9ae39SDave Howells for (; elsize > 0; elsize -= esize) { 940bc9ae39SDave Howells elem = data; 950bc9ae39SDave Howells 960bc9ae39SDave Howells pr_devel("ELEM[%04x]\n", offs); 970bc9ae39SDave Howells handler(source, 980bc9ae39SDave Howells &elem->signature_data, 990bc9ae39SDave Howells esize - sizeof(*elem)); 1000bc9ae39SDave Howells 1010bc9ae39SDave Howells data += esize; 1020bc9ae39SDave Howells size -= esize; 1030bc9ae39SDave Howells offs += esize; 1040bc9ae39SDave Howells } 1050bc9ae39SDave Howells } 1060bc9ae39SDave Howells 1070bc9ae39SDave Howells return 0; 1080bc9ae39SDave Howells } 109