1 files changed, 256 insertions, 0 deletions
diff --git a/src/image/efi_siglist.c b/src/image/efi_siglist.c
new file mode 100644
index 000000000..71d597006
--- /dev/null
+++ b/src/image/efi_siglist.c
@@ -0,0 +1,256 @@
+/*
+ * Copyright (C) 2025 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ * You can also choose to distribute this program under the terms of
+ * the Unmodified Binary Distribution Licence (as given in the file
+ * COPYING.UBDL), provided that you have satisfied its requirements.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
+
+/** @file
+ *
+ * EFI signature lists
+ *
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <ipxe/asn1.h>
+#include <ipxe/der.h>
+#include <ipxe/pem.h>
+#include <ipxe/image.h>
+#include <ipxe/efi/efi.h>
+#include <ipxe/efi/Guid/ImageAuthentication.h>
+#include <ipxe/efi/efi_siglist.h>
+
+/**
+ * Find EFI signature list entry
+ *
+ * @v data		EFI signature list
+ * @v len		Length of EFI signature list
+ * @v start		Starting offset to update
+ * @v lhdr		Signature list header to fill in
+ * @v dhdr		Signature data header to fill in
+ * @ret rc		Return status code
+ */
+static int efisig_find ( const void *data, size_t len, size_t *start,
+			 const EFI_SIGNATURE_LIST **lhdr,
+			 const EFI_SIGNATURE_DATA **dhdr ) {
+	size_t offset;
+	size_t remaining;
+	size_t skip;
+	size_t dlen;
+
+	/* Scan through signature list */
+	offset = 0;
+	while ( 1 ) {
+
+		/* Read list header */
+		assert ( offset <= len );
+		remaining = ( len - offset );
+		if ( remaining < sizeof ( **lhdr ) ) {
+			DBGC ( data, "EFISIG [%#zx,%#zx) truncated header "
+			       "at +%#zx\n", *start, len, offset );
+			return -EINVAL;
+		}
+		*lhdr = ( data + offset );
+
+		/* Get length of this signature list */
+		if ( remaining < (*lhdr)->SignatureListSize ) {
+			DBGC ( data, "EFISIG [%#zx,%#zx) truncated list at "
+			       "+%#zx\n", *start, len, offset );
+			return -EINVAL;
+		}
+		remaining = (*lhdr)->SignatureListSize;
+
+		/* Get length of each signature in list */
+		dlen = (*lhdr)->SignatureSize;
+		if ( dlen < sizeof ( **dhdr ) ) {
+			DBGC ( data, "EFISIG [%#zx,%#zx) underlength "
+			       "signatures at +%#zx\n", *start, len, offset );
+			return -EINVAL;
+		}
+
+		/* Strip list header (including variable portion) */
+		if ( ( remaining < sizeof ( **lhdr ) ) ||
+		     ( ( remaining - sizeof ( **lhdr ) ) <
+		       (*lhdr)->SignatureHeaderSize ) ) {
+			DBGC ( data, "EFISIG [%#zx,%#zx) malformed header at "
+			       "+%#zx\n", *start, len, offset );
+			return -EINVAL;
+		}
+		skip = ( sizeof ( **lhdr ) + (*lhdr)->SignatureHeaderSize );
+		offset += skip;
+		remaining -= skip;
+
+		/* Read signatures */
+		for ( ; remaining ; offset += dlen, remaining -= dlen ) {
+
+			/* Check length */
+			if ( remaining < dlen ) {
+				DBGC ( data, "EFISIG [%#zx,%#zx) truncated "
+				       "at +%#zx\n", *start, len, offset );
+				return -EINVAL;
+			}
+
+			/* Continue until we find the requested signature */
+			if ( offset < *start )
+				continue;
+
+			/* Read data header */
+			*dhdr = ( data + offset );
+			DBGC2 ( data, "EFISIG [%#zx,%#zx) %s ",
+				offset, ( offset + dlen ),
+				efi_guid_ntoa ( &(*lhdr)->SignatureType ) );
+			DBGC2 ( data, "owner %s\n",
+				efi_guid_ntoa ( &(*dhdr)->SignatureOwner ) );
+			*start = offset;
+			return 0;
+		}
+	}
+}
+
+/**
+ * Extract ASN.1 object from EFI signature list
+ *
+ * @v data		EFI signature list
+ * @v len		Length of EFI signature list
+ * @v offset		Offset within image
+ * @v cursor		ASN.1 cursor to fill in
+ * @ret next		Offset to next image, or negative error
+ *
+ * The caller is responsible for eventually calling free() on the
+ * allocated ASN.1 cursor.
+ */
+int efisig_asn1 ( const void *data, size_t len, size_t offset,
+		  struct asn1_cursor **cursor ) {
+	const EFI_SIGNATURE_LIST *lhdr;
+	const EFI_SIGNATURE_DATA *dhdr;
+	int ( * asn1 ) ( const void *data, size_t len, size_t offset,
+			 struct asn1_cursor **cursor );
+	size_t skip = offsetof ( typeof ( *dhdr ), SignatureData );
+	int next;
+	int rc;
+
+	/* Locate signature list entry */
+	if ( ( rc = efisig_find ( data, len, &offset, &lhdr, &dhdr ) ) != 0 )
+		goto err_entry;
+	len = ( offset + lhdr->SignatureSize );
+
+	/* Parse as PEM or DER based on first character */
+	asn1 = ( ( dhdr->SignatureData[0] == ASN1_SEQUENCE ) ?
+		 der_asn1 : pem_asn1 );
+	DBGC2 ( data, "EFISIG [%#zx,%#zx) extracting %s\n", offset, len,
+		( ( asn1 == der_asn1 ) ? "DER" : "PEM" ) );
+	next = asn1 ( data, len, ( offset + skip ), cursor );
+	if ( next < 0 ) {
+		rc = next;
+		DBGC ( data, "EFISIG [%#zx,%#zx) could not extract ASN.1: "
+		       "%s\n", offset, len, strerror ( rc ) );
+		goto err_asn1;
+	}
+
+	/* Check that whole entry was consumed */
+	if ( ( ( unsigned int ) next ) != len ) {
+		DBGC ( data, "EFISIG [%#zx,%#zx) malformed data\n",
+		       offset, len );
+		rc = -EINVAL;
+		goto err_whole;
+	}
+
+	return len;
+
+ err_whole:
+	free ( *cursor );
+ err_asn1:
+ err_entry:
+	return rc;
+}
+
+/**
+ * Probe EFI signature list image
+ *
+ * @v image		EFI signature list
+ * @ret rc		Return status code
+ */
+static int efisig_image_probe ( struct image *image ) {
+	const EFI_SIGNATURE_LIST *lhdr;
+	const EFI_SIGNATURE_DATA *dhdr;
+	size_t offset = 0;
+	unsigned int count = 0;
+	int rc;
+
+	/* Check file is a well-formed signature list */
+	while ( 1 ) {
+
+		/* Find next signature list entry */
+		if ( ( rc = efisig_find ( image->data, image->len, &offset,
+					  &lhdr, &dhdr ) ) != 0 ) {
+			return rc;
+		}
+
+		/* Skip this entry */
+		offset += lhdr->SignatureSize;
+		count++;
+
+		/* Check if we have reached end of the image */
+		if ( offset == image->len ) {
+			DBGC ( image, "EFISIG %s contains %d signatures\n",
+			       image->name, count );
+			return 0;
+		}
+	}
+}
+
+/**
+ * Extract ASN.1 object from EFI signature list image
+ *
+ * @v image		EFI signature list
+ * @v offset		Offset within image
+ * @v cursor		ASN.1 cursor to fill in
+ * @ret next		Offset to next image, or negative error
+ *
+ * The caller is responsible for eventually calling free() on the
+ * allocated ASN.1 cursor.
+ */
+static int efisig_image_asn1 ( struct image *image, size_t offset,
+			       struct asn1_cursor **cursor ) {
+	int next;
+	int rc;
+
+	/* Extract ASN.1 object */
+	if ( ( next = efisig_asn1 ( image->data, image->len, offset,
+				    cursor ) ) < 0 ) {
+		rc = next;
+		DBGC ( image, "EFISIG %s could not extract ASN.1: %s\n",
+		       image->name, strerror ( rc ) );
+		return rc;
+	}
+
+	return next;
+}
+
+/** EFI signature list image type */
+struct image_type efisig_image_type __image_type ( PROBE_NORMAL ) = {
+	.name = "EFISIG",
+	.probe = efisig_image_probe,
+	.asn1 = efisig_image_asn1,
+};