vbatts/sbsigntools
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

sbkeysync: pass data buffer (instead of EFI_SIGNATURE_DATA) to key_id

Browse source 
We want to call key_id on file buffers too, which don't have the
EFI_SIGNATURE_DATA encapsulation.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
This commit is contained in:
Jeremy Kerr 2012-08-21 13:56:41 +08:00
parent 1a431a5a2d
commit 98911a7f4c
1 changed files with 14 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

29
src/sbkeysync.c
View file

@ -84,8 +84,7 @@ static const char *default_keystore_dirs[] = {
"/usr/share/secureboot/keys", "/usr/share/secureboot/keys",
}; };
typedef int (*key_id_func)(void *, EFI_SIGNATURE_DATA *, size_t, typedef int (*key_id_func)(void *, uint8_t *, size_t, uint8_t **, int *);
uint8_t **, int *);
struct cert_type { struct cert_type {
EFI_GUID guid; EFI_GUID guid;
@ -143,17 +142,17 @@ static void guid_to_str(const EFI_GUID *guid, char *str)
guid->Data4[6], guid->Data4[7]); guid->Data4[6], guid->Data4[7]);
} }
static int sha256_key_id(void *ctx, EFI_SIGNATURE_DATA *sigdata, static int sha256_key_id(void *ctx, uint8_t *sigdata,
size_t sigdata_datalen, uint8_t **buf, int *len) size_t sigdata_len, uint8_t **buf, int *len)
{ {
const unsigned int sha256_id_size = 256 / 8; const unsigned int sha256_id_size = 256 / 8;
uint8_t *id; uint8_t *id;
if (sigdata_datalen != sha256_id_size) if (sigdata_len != sha256_id_size)
return -1; return -1;
id = talloc_array(ctx, uint8_t, sha256_id_size); id = talloc_array(ctx, uint8_t, sha256_id_size);
memcpy(sigdata->SignatureData, buf, sha256_id_size); memcpy(sigdata, buf, sha256_id_size);
*buf = id; *buf = id;
*len = sha256_id_size; *len = sha256_id_size;
@ -161,8 +160,8 @@ static int sha256_key_id(void *ctx, EFI_SIGNATURE_DATA *sigdata,
return 0; return 0;
} }
static int x509_key_id(void *ctx, EFI_SIGNATURE_DATA *sigdata, static int x509_key_id(void *ctx, uint8_t *sigdata,
size_t sigdata_datalen, uint8_t **buf, int *len) size_t sigdata_len, uint8_t **buf, int *len)
{ {
ASN1_INTEGER *serial; ASN1_INTEGER *serial;
const uint8_t *tmp; const uint8_t *tmp;
@ -172,9 +171,9 @@ static int x509_key_id(void *ctx, EFI_SIGNATURE_DATA *sigdata,
rc = -1; rc = -1;
tmp = sigdata->SignatureData; tmp = sigdata;
x509 = d2i_X509(NULL, &tmp, sigdata_datalen); x509 = d2i_X509(NULL, &tmp, sigdata_len);
if (!x509) if (!x509)
return -1; return -1;
@ -209,8 +208,8 @@ static int guidcmp(const EFI_GUID *a, const EFI_GUID *b)
return memcmp(a, b, sizeof(EFI_GUID)); return memcmp(a, b, sizeof(EFI_GUID));
} }
static int key_id(void *ctx, const EFI_GUID *type, EFI_SIGNATURE_DATA *sigdata, static int key_id(void *ctx, const EFI_GUID *type, uint8_t *sigdata,
size_t sigdata_datalen, uint8_t **buf, int *len) size_t sigdata_len, uint8_t **buf, int *len)
{ {
char guid_str[GUID_STRLEN]; char guid_str[GUID_STRLEN];
unsigned int i; unsigned int i;
@ -219,7 +218,7 @@ static int key_id(void *ctx, const EFI_GUID *type, EFI_SIGNATURE_DATA *sigdata,
if (guidcmp(&cert_types[i].guid, type)) if (guidcmp(&cert_types[i].guid, type))
continue; continue;
return cert_types[i].get_id(ctx, sigdata, sigdata_datalen, return cert_types[i].get_id(ctx, sigdata, sigdata_len,
buf, len); buf, len);
} }
@ -300,8 +299,8 @@ static int sigdb_add_key(EFI_SIGNATURE_DATA *sigdata, int len,
key = talloc(kdb, struct key); key = talloc(kdb, struct key);
rc = key_id(kdb, type, sigdata, len - sizeof(sigdata), &key->id, rc = key_id(kdb, type, sigdata->SignatureData, len - sizeof(sigdata),
&key->id_len); &key->id, &key->id_len);
if (rc) if (rc)
talloc_free(key); talloc_free(key);