Keytool: Display rudimentary asn1 information about the keys

Use the asn1 parser to print subject and issuer Signed-off-by: James Bottomley <JBottomley@Parallels.com>
author: James Bottomley <JBottomley@Parallels.com> 2012-12-11 18:39:49 +0000
committer: James Bottomley <JBottomley@Parallels.com> 2012-12-12 00:23:50 +0000
commit: 6e6f1c46c0044996beaa722b3e64170a8db90e20 (patch)
tree: fe62a5d466861cdb8c2df02757d00a5cc54a1767
parent: dcdb19ba86a4b0f77c12555041e215e5bd115cff (diff)
download: efitools-6e6f1c46c0044996beaa722b3e64170a8db90e20.tar.gz
7 files changed, 75 insertions, 15 deletions
diff --git a/KeyTool.c b/KeyTool.c
index bae1a2b..062232c 100644
--- a/KeyTool.c
+++ b/KeyTool.c
@@ -12,7 +12,8 @@
 #include <simple_file.h>
 #include <variables.h>
 #include <guid.h>
-#include "efiauthenticated.h"
+#include <x509.h>
+#include <efiauthenticated.h>
 
 static EFI_HANDLE im;
 static UINT8 SetupMode, SecureBoot;
@@ -149,13 +150,42 @@ select_and_apply(CHAR16 **title, CHAR16 *ext, int key, UINTN options)
 	}
 }
 
+static int
+StringSplit(CHAR16 *str, int maxlen, CHAR16 c, CHAR16 **out)
+{
+	int len = StrLen(str);
+	int count = 0;
+
+	if (len < maxlen) {
+		out[0] = str;
+		return 1;
+	}
+	while (len > 0) {
+		int i, found;
+
+		for (i = 0; i < maxlen; i++) {
+			if (str[i] == c)
+				found = i;
+			if (str[i] == '\0') {
+				found = i;
+				break;
+			}
+		}
+		out[count++] = str;
+		str[found] = '\0';
+		str = str + found + 1;
+		len -= found + 1;
+	}
+	return count;
+}
+
 static void
 show_key(int key, int offset, void *Data, int DataSize)
 {
 	EFI_SIGNATURE_LIST *CertList;
 	EFI_SIGNATURE_DATA *Cert = NULL;
 	int cert_count = 0, i, Size, option = 0, offs = 0;
-	CHAR16 *title[6], *options[4];
+	CHAR16 *title[20], *options[4];
 	CHAR16 str[256], str1[256], str2[256];
 
 	title[0] = keyinfo[key].text;
@@ -189,10 +219,35 @@ show_key(int key, int offset, void *Data, int DataSize)
 			break;
 		}
 	}
+	CHAR16 buf[1024], buf1[1024], *tmpbuf[10], *tmpbuf1[10];
 	if (CompareGuid(&CertList->SignatureType, &EFI_CERT_SHA256_GUID) == 0) {
 		StrCpy(str2, L"Hash: ");
 		sha256_StrCat_hash(str2, Cert->SignatureData);
 		title[++c] = str2;
+	} else if (CompareGuid(&CertList->SignatureType, &X509_GUID) == 0) {
+
+		x509_to_str(Cert->SignatureData,
+			    CertList->SignatureSize,
+			    X509_OBJ_SUBJECT, buf, sizeof(buf));
+
+		title[++c] = L"";
+		title[++c] = L"Subject:";
+
+
+		int sp = StringSplit(buf, 70, ',', tmpbuf);
+
+		for (i = 0; i < sp; i++)
+			title[++c] = tmpbuf[i];
+
+		x509_to_str(Cert->SignatureData,
+			    CertList->SignatureSize,
+			    X509_OBJ_ISSUER, buf1, sizeof(buf1));
+
+		sp = StringSplit(buf1, 70, ',', tmpbuf1);
+	
+		title[++c] = L"Issuer:";
+		for (i = 0; i < sp; i++)
+			title[++c] = tmpbuf1[i];
 	}
 	title[++c] = NULL;
 	options[0] = L"Delete";
diff --git a/include/x509.h b/include/x509.h
index 969e59e..f072702 100644
--- a/include/x509.h
+++ b/include/x509.h
@@ -19,5 +19,5 @@
 #define X509_OBJ_SIGNATURE						25
 
 int
-x509_to_str(const char *cert, int cert_size, int tag,
+x509_to_str(void *cert, int cert_size, int tag,
 	    STR *buf, int len);
diff --git a/lib/asn1/Makefile b/lib/asn1/Makefile
index 0d5549b..c900a4f 100644
--- a/lib/asn1/Makefile
+++ b/lib/asn1/Makefile
@@ -7,5 +7,8 @@ include ../../Make.rules
 libasn1.a: $(LIBFILES)
 libasn1-efi.a: $(EFILIBFILES)
 
+test.o: test.c ../../include/x509.h
+	$(CC) -I../../include -c -o $@ $<
+
 test: test.o libasn1.a
 	$(CC) -o $@ $< libasn1.a
diff --git a/lib/asn1/asn1_parser.c b/lib/asn1/asn1_parser.c
index cfe0ff3..ca3626a 100644
--- a/lib/asn1/asn1_parser.c
+++ b/lib/asn1/asn1_parser.c
@@ -116,7 +116,7 @@ METHOD(asn1_parser_t, iterate, bool,
 	if ((obj.flags & ASN1_DEF) && (blob->len == 0 || *start_ptr != obj.type) )
 	{
 		/* field is missing */
-		DBG1("L%d - %s:", level, obj.name);
+		DBG1("L%d - %a:", level, obj.name);
 		if (obj.type & ASN1_CONSTRUCTED)
 		{
 			this->line++ ;  /* skip context-specific tag */
@@ -143,7 +143,7 @@ METHOD(asn1_parser_t, iterate, bool,
 
 	if (blob->len < 2)
 	{
-		DBG1("L%d - %s:  ASN.1 object smaller than 2 octets",
+		DBG1("L%d - %a:  ASN.1 object smaller than 2 octets",
 		       level, obj.name);
 		this->success = FALSE;
 		goto end;
@@ -153,7 +153,7 @@ METHOD(asn1_parser_t, iterate, bool,
 
 	if (blob1->len == ASN1_INVALID_LENGTH)
 	{
-		DBG1("L%d - %s:  length of ASN.1 object invalid or too large",
+		DBG1("L%d - %a:  length of ASN.1 object invalid or too large",
 					level, obj.name);
 		this->success = FALSE;
 	}
@@ -166,7 +166,7 @@ METHOD(asn1_parser_t, iterate, bool,
 
 	if (obj.flags & ASN1_RAW)
 	{
-		DBG1("L%d - %s:", level, obj.name);
+		DBG1("L%d - %a:", level, obj.name);
 		object->ptr = start_ptr;
 		object->len = (size_t)(blob->ptr - start_ptr);
 		goto end;
@@ -174,14 +174,14 @@ METHOD(asn1_parser_t, iterate, bool,
 
 	if (*start_ptr != obj.type && !(this->implicit && this->line == 0))
 	{
-		DBG1("L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x",
+		DBG1("L%d - %a: ASN1 tag 0x%02x expected, but is 0x%02x",
 					level, obj.name, obj.type, *start_ptr);
 		DBG1("%b", start_ptr, (u_int)(blob->ptr - start_ptr));
 		this->success = FALSE;
 		goto end;
 	}
 
-	DBG1("L%d - %s:", level, obj.name);
+	DBG1("L%d - %a:", level, obj.name);
 
 	/* In case of "SEQUENCE OF" or "SET OF" start a loop */
 	if (obj.flags & ASN1_LOOP)
diff --git a/lib/asn1/identification.c b/lib/asn1/identification.c
index b595436..665c6ae 100644
--- a/lib/asn1/identification.c
+++ b/lib/asn1/identification.c
@@ -240,7 +240,7 @@ void dntoa(chunk_t dn, STR *buf, size_t len)
 		}
 		else
 		{
-			written = snprintf(buf, len,"%s=", oid_names[oid].name);
+			written = snprintf(buf, len,"%a=", oid_names[oid].name);
 		}
 		if (written < 0 || written >= len)
 		{
@@ -250,7 +250,7 @@ void dntoa(chunk_t dn, STR *buf, size_t len)
 		len -= written;
 
 		chunk_printable(data, &printable, '?');
-		written = snprintf(buf, len, "%.*s", (int)printable.len, printable.ptr);
+		written = snprintf(buf, len, "%.*a", (int)printable.len, printable.ptr);
 		chunk_free(&printable);
 		if (written < 0 || written >= len)
 		{
diff --git a/lib/asn1/typedefs.h b/lib/asn1/typedefs.h
index 4b38f36..fc861ef 100644
--- a/lib/asn1/typedefs.h
+++ b/lib/asn1/typedefs.h
@@ -7,7 +7,7 @@
 #define strcmp(x,y) StrCmp(x,y)
 #define memset(m,c,l) ZeroMem(m,l)
 #define memcmp(x,y,z) strncmpa(x,y,z)
-#define isprint(x) (0)
+#define isprint(x) (1)
 #define snprintf(s, l, f...) SPrint(s, l, L ## f)
 
 #define STR CHAR16
@@ -25,7 +25,7 @@ MEMCPY(void *dest, void *src, size_t n)
 
 #define memcpy MEMCPY
 
-typedef char u_char;
+typedef unsigned char u_char;
 
 #else
 
@@ -52,8 +52,8 @@ typedef char u_char;
 typedef unsigned char bool;
 typedef unsigned int u_int;
 
-#define DBG1(...)
-#define DBG2(...)
+#define DBG1(s...)
+#define DBG2(s...)
 
 /**
  * Method declaration/definition macro, providing private and public interface.
diff --git a/lib/asn1/x509.c b/lib/asn1/x509.c
index 1afb738..bb313c2 100644
--- a/lib/asn1/x509.c
+++ b/lib/asn1/x509.c
@@ -48,6 +48,8 @@ x509_to_str(void *cert, int cert_size, int tag,
 	parser = asn1_parser_create(x509_certObjects, blob);
 	parser->set_top_level(parser, 0);
 
+	snprintf(buf, sizeof(buf), "MISPARSE");
+
 	while (parser->iterate(parser, &objectID, &object)) {
 		if (objectID == tag)
 			dntoa(object, buf, len);
author	James Bottomley <JBottomley@Parallels.com>	2012-12-11 18:39:49 +0000
committer	James Bottomley <JBottomley@Parallels.com>	2012-12-12 00:23:50 +0000
commit	6e6f1c46c0044996beaa722b3e64170a8db90e20 (patch)
tree	fe62a5d466861cdb8c2df02757d00a5cc54a1767
parent	dcdb19ba86a4b0f77c12555041e215e5bd115cff (diff)
download	efitools-6e6f1c46c0044996beaa722b3e64170a8db90e20.tar.gz