e336be
From e4c62c12635a371e43bd17e8d33a936668264491 Mon Sep 17 00:00:00 2001
e336be
From: Dave Howells <dhowells@redhat.com>
e336be
Date: Fri, 5 May 2017 08:21:58 +0100
e336be
Subject: [PATCH 2/4] efi: Add an EFI signature blob parser
e336be
e336be
Add a function to parse an EFI signature blob looking for elements of
e336be
interest.  A list is made up of a series of sublists, where all the
e336be
elements in a sublist are of the same type, but sublists can be of
e336be
different types.
e336be
e336be
For each sublist encountered, the function pointed to by the
e336be
get_handler_for_guid argument is called with the type specifier GUID and
e336be
returns either a pointer to a function to handle elements of that type or
e336be
NULL if the type is not of interest.
e336be
e336be
If the sublist is of interest, each element is passed to the handler
e336be
function in turn.
e336be
e336be
Signed-off-by: David Howells <dhowells@redhat.com>
e336be
---
e336be
 certs/Kconfig       |   8 ++++
e336be
 certs/Makefile      |   1 +
e336be
 certs/efi_parser.c  | 112 ++++++++++++++++++++++++++++++++++++++++++++++++++++
e336be
 include/linux/efi.h |   9 +++++
e336be
 4 files changed, 130 insertions(+)
e336be
 create mode 100644 certs/efi_parser.c
e336be
e336be
diff --git a/certs/Kconfig b/certs/Kconfig
e336be
index 6ce51ed..630ae09 100644
e336be
--- a/certs/Kconfig
e336be
+++ b/certs/Kconfig
e336be
@@ -82,4 +82,12 @@ config SYSTEM_BLACKLIST_HASH_LIST
e336be
 	  wrapper to incorporate the list into the kernel.  Each <hash> should
e336be
 	  be a string of hex digits.
e336be
e336be
+config EFI_SIGNATURE_LIST_PARSER
e336be
+	bool "EFI signature list parser"
e336be
+	depends on EFI
e336be
+	select X509_CERTIFICATE_PARSER
e336be
+	help
e336be
+	  This option provides support for parsing EFI signature lists for
e336be
+	  X.509 certificates and turning them into keys.
e336be
+
e336be
 endmenu
e336be
diff --git a/certs/Makefile b/certs/Makefile
e336be
index 4119bb3..738151a 100644
e336be
--- a/certs/Makefile
e336be
+++ b/certs/Makefile
e336be
@@ -9,6 +9,7 @@ obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_hashes.o
e336be
 else
e336be
 obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_nohashes.o
e336be
 endif
e336be
+obj-$(CONFIG_EFI_SIGNATURE_LIST_PARSER) += efi_parser.o
e336be
e336be
 ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y)
e336be
e336be
diff --git a/certs/efi_parser.c b/certs/efi_parser.c
e336be
new file mode 100644
e336be
index 0000000..4e396f9
e336be
--- /dev/null
e336be
+++ b/certs/efi_parser.c
e336be
@@ -0,0 +1,112 @@
e336be
+/* EFI signature/key/certificate list parser
e336be
+ *
e336be
+ * Copyright (C) 2012, 2016 Red Hat, Inc. All Rights Reserved.
e336be
+ * Written by David Howells (dhowells@redhat.com)
e336be
+ *
e336be
+ * This program is free software; you can redistribute it and/or
e336be
+ * modify it under the terms of the GNU General Public Licence
e336be
+ * as published by the Free Software Foundation; either version
e336be
+ * 2 of the Licence, or (at your option) any later version.
e336be
+ */
e336be
+
e336be
+#define pr_fmt(fmt) "EFI: "fmt
e336be
+#include <linux/module.h>
e336be
+#include <linux/printk.h>
e336be
+#include <linux/err.h>
e336be
+#include <linux/efi.h>
e336be
+
e336be
+/**
e336be
+ * parse_efi_signature_list - Parse an EFI signature list for certificates
e336be
+ * @source: The source of the key
e336be
+ * @data: The data blob to parse
e336be
+ * @size: The size of the data blob
e336be
+ * @get_handler_for_guid: Get the handler func for the sig type (or NULL)
e336be
+ *
e336be
+ * Parse an EFI signature list looking for elements of interest.  A list is
e336be
+ * made up of a series of sublists, where all the elements in a sublist are of
e336be
+ * the same type, but sublists can be of different types.
e336be
+ *
e336be
+ * For each sublist encountered, the @get_handler_for_guid function is called
e336be
+ * with the type specifier GUID and returns either a pointer to a function to
e336be
+ * handle elements of that type or NULL if the type is not of interest.
e336be
+ *
e336be
+ * If the sublist is of interest, each element is passed to the handler
e336be
+ * function in turn.
e336be
+ *
e336be
+ * Error EBADMSG is returned if the list doesn't parse correctly and 0 is
e336be
+ * returned if the list was parsed correctly.  No error can be returned from
e336be
+ * the @get_handler_for_guid function or the element handler function it
e336be
+ * returns.
e336be
+ */
e336be
+int __init parse_efi_signature_list(
e336be
+	const char *source,
e336be
+	const void *data, size_t size,
e336be
+	efi_element_handler_t (*get_handler_for_guid)(const efi_guid_t *))
e336be
+{
e336be
+	efi_element_handler_t handler;
e336be
+	unsigned offs = 0;
e336be
+
e336be
+	pr_devel("-->%s(,%zu)\n", __func__, size);
e336be
+
e336be
+	while (size > 0) {
e336be
+		const efi_signature_data_t *elem;
e336be
+		efi_signature_list_t list;
e336be
+		size_t lsize, esize, hsize, elsize;
e336be
+
e336be
+		if (size < sizeof(list))
e336be
+			return -EBADMSG;
e336be
+
e336be
+		memcpy(&list, data, sizeof(list));
e336be
+		pr_devel("LIST[%04x] guid=%pUl ls=%x hs=%x ss=%x\n",
e336be
+			 offs,
e336be
+			 list.signature_type.b, list.signature_list_size,
e336be
+			 list.signature_header_size, list.signature_size);
e336be
+
e336be
+		lsize = list.signature_list_size;
e336be
+		hsize = list.signature_header_size;
e336be
+		esize = list.signature_size;
e336be
+		elsize = lsize - sizeof(list) - hsize;
e336be
+
e336be
+		if (lsize > size) {
e336be
+			pr_devel("<--%s() = -EBADMSG [overrun @%x]\n",
e336be
+				 __func__, offs);
e336be
+			return -EBADMSG;
e336be
+		}
e336be
+
e336be
+		if (lsize < sizeof(list) ||
e336be
+		    lsize - sizeof(list) < hsize ||
e336be
+		    esize < sizeof(*elem) ||
e336be
+		    elsize < esize ||
e336be
+		    elsize % esize != 0) {
e336be
+			pr_devel("- bad size combo @%x\n", offs);
e336be
+			return -EBADMSG;
e336be
+		}
e336be
+
e336be
+		handler = get_handler_for_guid(&list.signature_type);
e336be
+		if (!handler) {
e336be
+			data += lsize;
e336be
+			size -= lsize;
e336be
+			offs += lsize;
e336be
+			continue;
e336be
+		}
e336be
+
e336be
+		data += sizeof(list) + hsize;
e336be
+		size -= sizeof(list) + hsize;
e336be
+		offs += sizeof(list) + hsize;
e336be
+
e336be
+		for (; elsize > 0; elsize -= esize) {
e336be
+			elem = data;
e336be
+
e336be
+			pr_devel("ELEM[%04x]\n", offs);
e336be
+			handler(source,
e336be
+				&elem->signature_data,
e336be
+				esize - sizeof(*elem));
e336be
+
e336be
+			data += esize;
e336be
+			size -= esize;
e336be
+			offs += esize;
e336be
+		}
e336be
+	}
e336be
+
e336be
+	return 0;
e336be
+}
e336be
diff --git a/include/linux/efi.h b/include/linux/efi.h
e336be
index 3259ad6..08024c6 100644
e336be
--- a/include/linux/efi.h
e336be
+++ b/include/linux/efi.h
e336be
@@ -1055,6 +1055,15 @@ extern int efi_memattr_apply_permissions(struct mm_struct *mm,
e336be
 char * __init efi_md_typeattr_format(char *buf, size_t size,
e336be
 				     const efi_memory_desc_t *md);
e336be
e336be
+
e336be
+typedef void (*efi_element_handler_t)(const char *source,
e336be
+				      const void *element_data,
e336be
+				      size_t element_size);
e336be
+extern int __init parse_efi_signature_list(
e336be
+	const char *source,
e336be
+	const void *data, size_t size,
e336be
+	efi_element_handler_t (*get_handler_for_guid)(const efi_guid_t *));
e336be
+
e336be
 /**
e336be
  * efi_range_is_wc - check the WC bit on an address range
e336be
  * @start: starting kvirt address
e336be
-- 
e336be
2.9.3
e336be