-
Notifications
You must be signed in to change notification settings - Fork 11
/
sig-list-to-certs.c
109 lines (91 loc) · 2.54 KB
/
sig-list-to-certs.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
/*
* Copyright 2012 <[email protected]>
*
* see COPYING file
*/
#include <stdint.h>
#define __STDC_VERSION__ 199901L
#include <efi.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <variables.h>
#include <guid.h>
int
main(int argc, char *argv[])
{
char *certfile, *efifile, *name;
const char *progname = argv[0];
if (argc != 3) {
printf("Usage: %s <efi sig list file> <cert file base name>\n", progname);
exit(1);
}
efifile = argv[1];
certfile = argv[2];
name = malloc(strlen(certfile)+10);
int fd = open(efifile, O_RDONLY);
if (fd < 0) {
fprintf(stderr, "Failed to open file %s: ", efifile);
perror("");
exit(1);
}
struct stat st;
if (fstat(fd, &st) < 0) {
fprintf(stderr, "Failed to stat file %s: ", efifile);
perror("");
exit(1);
}
void *buf = malloc(st.st_size);
if (!buf) {
fprintf(stderr, "Malloc failed: ");
perror("");
exit(1);
}
if (read(fd, buf, st.st_size) != st.st_size) {
fprintf(stderr, "Failed to read %d bytes from %s: ",
(int)st.st_size, efifile);
perror("");
exit(1);
}
close(fd);
EFI_SIGNATURE_LIST *sl;
int s, count = 0;
certlist_for_each_certentry(sl, buf, s, st.st_size) {
EFI_SIGNATURE_DATA *sd;
const char *ext;
certentry_for_each_cert(sd, sl) {
if (memcmp(&sl->SignatureType, &EFI_CERT_X509_GUID, sizeof(EFI_GUID)) == 0) {
printf("X509 ");
ext = "der";
} else if (memcmp(&sl->SignatureType, &EFI_CERT_TYPE_PKCS7_GUID, sizeof(EFI_GUID)) == 0) {
printf("PKCS7 ");
ext = "pk7";
} else if (memcmp(&sl->SignatureType, &EFI_CERT_RSA2048_GUID, sizeof(EFI_GUID)) == 0) {
printf("RSA2048 ");
ext = "rsa";
} else if (memcmp(&sl->SignatureType, &EFI_CERT_SHA256_GUID, sizeof(EFI_GUID)) == 0) {
printf("SHA256 ");
ext = "hash";
} else {
printf("UNKNOWN ");
ext = "txt";
}
printf("Header sls=%d, header=%d, sig=%d\n",
sl->SignatureListSize, sl->SignatureHeaderSize, sl->SignatureSize - (UINT32)OFFSET_OF(EFI_SIGNATURE_DATA, SignatureData));
EFI_GUID *guid = &sd->SignatureOwner;
sprintf(name, "%s-%d.%s",certfile,count++,ext);
printf("file %s: Guid %s\n", name, guid_to_str(guid));
FILE *g = fopen(name, "w");
fwrite(sd->SignatureData, 1, sl->SignatureSize - OFFSET_OF(EFI_SIGNATURE_DATA, SignatureData), g);
printf("Written %d bytes\n", sl->SignatureSize - (UINT32)OFFSET_OF(EFI_SIGNATURE_DATA, SignatureData));
fclose(g);
}
}
return 0;
}