sbkeysync: Add X509 key parsing
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
This commit is contained in:
parent
c03ca4f73f
commit
5757f27812
1 changed files with 46 additions and 0 deletions
|
@ -44,6 +44,9 @@
|
|||
#include <ccan/array_size/array_size.h>
|
||||
#include <ccan/talloc/talloc.h>
|
||||
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
#include "fileio.h"
|
||||
#include "efivars.h"
|
||||
|
||||
|
@ -142,8 +145,47 @@ static int sha256_key_id(void *ctx, EFI_SIGNATURE_DATA *sigdata,
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int x509_key_id(void *ctx, EFI_SIGNATURE_DATA *sigdata,
|
||||
size_t sigdata_datalen, uint8_t **buf, int *len)
|
||||
{
|
||||
ASN1_INTEGER *serial;
|
||||
const uint8_t *tmp;
|
||||
uint8_t *tmp_buf;
|
||||
int tmp_len, rc;
|
||||
X509 *x509;
|
||||
|
||||
rc = -1;
|
||||
|
||||
tmp = sigdata->SignatureData;
|
||||
|
||||
x509 = d2i_X509(NULL, &tmp, sigdata_datalen);
|
||||
if (!x509)
|
||||
return -1;
|
||||
|
||||
/* we use the X509 serial number as the key ID */
|
||||
if (!x509->cert_info || !x509->cert_info->serialNumber)
|
||||
goto out;
|
||||
|
||||
serial = x509->cert_info->serialNumber;
|
||||
|
||||
tmp_len = ASN1_STRING_length(serial);
|
||||
tmp_buf = talloc_array(ctx, uint8_t, tmp_len);
|
||||
|
||||
memcpy(tmp_buf, ASN1_STRING_data(serial), tmp_len);
|
||||
|
||||
*buf = tmp_buf;
|
||||
*len = tmp_len;
|
||||
|
||||
rc = 0;
|
||||
|
||||
out:
|
||||
X509_free(x509);
|
||||
return rc;
|
||||
}
|
||||
|
||||
struct cert_type cert_types[] = {
|
||||
{ EFI_CERT_SHA256_GUID, sha256_key_id },
|
||||
{ EFI_CERT_X509_GUID, x509_key_id },
|
||||
};
|
||||
|
||||
static int guidcmp(const EFI_GUID *a, const EFI_GUID *b)
|
||||
|
@ -394,6 +436,10 @@ int main(int argc, char **argv)
|
|||
return EXIT_FAILURE;
|
||||
}
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
OpenSSL_add_all_digests();
|
||||
OpenSSL_add_all_ciphers();
|
||||
|
||||
ctx = talloc(NULL, struct sync_context);
|
||||
|
||||
read_key_databases(ctx);
|
||||
|
|
Loading…
Reference in a new issue