diff options
author | James Bottomley <JBottomley@Parallels.com> | 2012-12-11 18:39:49 +0000 |
---|---|---|
committer | James Bottomley <JBottomley@Parallels.com> | 2012-12-12 00:23:50 +0000 |
commit | 6e6f1c46c0044996beaa722b3e64170a8db90e20 (patch) | |
tree | fe62a5d466861cdb8c2df02757d00a5cc54a1767 | |
parent | dcdb19ba86a4b0f77c12555041e215e5bd115cff (diff) | |
download | efitools-6e6f1c46c0044996beaa722b3e64170a8db90e20.tar.gz |
Keytool: Display rudimentary asn1 information about the keys
Use the asn1 parser to print subject and issuer
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
-rw-r--r-- | KeyTool.c | 59 | ||||
-rw-r--r-- | include/x509.h | 2 | ||||
-rw-r--r-- | lib/asn1/Makefile | 3 | ||||
-rw-r--r-- | lib/asn1/asn1_parser.c | 12 | ||||
-rw-r--r-- | lib/asn1/identification.c | 4 | ||||
-rw-r--r-- | lib/asn1/typedefs.h | 8 | ||||
-rw-r--r-- | lib/asn1/x509.c | 2 |
7 files changed, 75 insertions, 15 deletions
@@ -12,7 +12,8 @@ #include <simple_file.h> #include <variables.h> #include <guid.h> -#include "efiauthenticated.h" +#include <x509.h> +#include <efiauthenticated.h> static EFI_HANDLE im; static UINT8 SetupMode, SecureBoot; @@ -149,13 +150,42 @@ select_and_apply(CHAR16 **title, CHAR16 *ext, int key, UINTN options) } } +static int +StringSplit(CHAR16 *str, int maxlen, CHAR16 c, CHAR16 **out) +{ + int len = StrLen(str); + int count = 0; + + if (len < maxlen) { + out[0] = str; + return 1; + } + while (len > 0) { + int i, found; + + for (i = 0; i < maxlen; i++) { + if (str[i] == c) + found = i; + if (str[i] == '\0') { + found = i; + break; + } + } + out[count++] = str; + str[found] = '\0'; + str = str + found + 1; + len -= found + 1; + } + return count; +} + static void show_key(int key, int offset, void *Data, int DataSize) { EFI_SIGNATURE_LIST *CertList; EFI_SIGNATURE_DATA *Cert = NULL; int cert_count = 0, i, Size, option = 0, offs = 0; - CHAR16 *title[6], *options[4]; + CHAR16 *title[20], *options[4]; CHAR16 str[256], str1[256], str2[256]; title[0] = keyinfo[key].text; @@ -189,10 +219,35 @@ show_key(int key, int offset, void *Data, int DataSize) break; } } + CHAR16 buf[1024], buf1[1024], *tmpbuf[10], *tmpbuf1[10]; if (CompareGuid(&CertList->SignatureType, &EFI_CERT_SHA256_GUID) == 0) { StrCpy(str2, L"Hash: "); sha256_StrCat_hash(str2, Cert->SignatureData); title[++c] = str2; + } else if (CompareGuid(&CertList->SignatureType, &X509_GUID) == 0) { + + x509_to_str(Cert->SignatureData, + CertList->SignatureSize, + X509_OBJ_SUBJECT, buf, sizeof(buf)); + + title[++c] = L""; + title[++c] = L"Subject:"; + + + int sp = StringSplit(buf, 70, ',', tmpbuf); + + for (i = 0; i < sp; i++) + title[++c] = tmpbuf[i]; + + x509_to_str(Cert->SignatureData, + CertList->SignatureSize, + X509_OBJ_ISSUER, buf1, sizeof(buf1)); + + sp = StringSplit(buf1, 70, ',', tmpbuf1); + + title[++c] = L"Issuer:"; + for (i = 0; i < sp; i++) + title[++c] = tmpbuf1[i]; } title[++c] = NULL; options[0] = L"Delete"; diff --git a/include/x509.h b/include/x509.h index 969e59e..f072702 100644 --- a/include/x509.h +++ b/include/x509.h @@ -19,5 +19,5 @@ #define X509_OBJ_SIGNATURE 25 int -x509_to_str(const char *cert, int cert_size, int tag, +x509_to_str(void *cert, int cert_size, int tag, STR *buf, int len); diff --git a/lib/asn1/Makefile b/lib/asn1/Makefile index 0d5549b..c900a4f 100644 --- a/lib/asn1/Makefile +++ b/lib/asn1/Makefile @@ -7,5 +7,8 @@ include ../../Make.rules libasn1.a: $(LIBFILES) libasn1-efi.a: $(EFILIBFILES) +test.o: test.c ../../include/x509.h + $(CC) -I../../include -c -o $@ $< + test: test.o libasn1.a $(CC) -o $@ $< libasn1.a diff --git a/lib/asn1/asn1_parser.c b/lib/asn1/asn1_parser.c index cfe0ff3..ca3626a 100644 --- a/lib/asn1/asn1_parser.c +++ b/lib/asn1/asn1_parser.c @@ -116,7 +116,7 @@ METHOD(asn1_parser_t, iterate, bool, if ((obj.flags & ASN1_DEF) && (blob->len == 0 || *start_ptr != obj.type) ) { /* field is missing */ - DBG1("L%d - %s:", level, obj.name); + DBG1("L%d - %a:", level, obj.name); if (obj.type & ASN1_CONSTRUCTED) { this->line++ ; /* skip context-specific tag */ @@ -143,7 +143,7 @@ METHOD(asn1_parser_t, iterate, bool, if (blob->len < 2) { - DBG1("L%d - %s: ASN.1 object smaller than 2 octets", + DBG1("L%d - %a: ASN.1 object smaller than 2 octets", level, obj.name); this->success = FALSE; goto end; @@ -153,7 +153,7 @@ METHOD(asn1_parser_t, iterate, bool, if (blob1->len == ASN1_INVALID_LENGTH) { - DBG1("L%d - %s: length of ASN.1 object invalid or too large", + DBG1("L%d - %a: length of ASN.1 object invalid or too large", level, obj.name); this->success = FALSE; } @@ -166,7 +166,7 @@ METHOD(asn1_parser_t, iterate, bool, if (obj.flags & ASN1_RAW) { - DBG1("L%d - %s:", level, obj.name); + DBG1("L%d - %a:", level, obj.name); object->ptr = start_ptr; object->len = (size_t)(blob->ptr - start_ptr); goto end; @@ -174,14 +174,14 @@ METHOD(asn1_parser_t, iterate, bool, if (*start_ptr != obj.type && !(this->implicit && this->line == 0)) { - DBG1("L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x", + DBG1("L%d - %a: ASN1 tag 0x%02x expected, but is 0x%02x", level, obj.name, obj.type, *start_ptr); DBG1("%b", start_ptr, (u_int)(blob->ptr - start_ptr)); this->success = FALSE; goto end; } - DBG1("L%d - %s:", level, obj.name); + DBG1("L%d - %a:", level, obj.name); /* In case of "SEQUENCE OF" or "SET OF" start a loop */ if (obj.flags & ASN1_LOOP) diff --git a/lib/asn1/identification.c b/lib/asn1/identification.c index b595436..665c6ae 100644 --- a/lib/asn1/identification.c +++ b/lib/asn1/identification.c @@ -240,7 +240,7 @@ void dntoa(chunk_t dn, STR *buf, size_t len) } else { - written = snprintf(buf, len,"%s=", oid_names[oid].name); + written = snprintf(buf, len,"%a=", oid_names[oid].name); } if (written < 0 || written >= len) { @@ -250,7 +250,7 @@ void dntoa(chunk_t dn, STR *buf, size_t len) len -= written; chunk_printable(data, &printable, '?'); - written = snprintf(buf, len, "%.*s", (int)printable.len, printable.ptr); + written = snprintf(buf, len, "%.*a", (int)printable.len, printable.ptr); chunk_free(&printable); if (written < 0 || written >= len) { diff --git a/lib/asn1/typedefs.h b/lib/asn1/typedefs.h index 4b38f36..fc861ef 100644 --- a/lib/asn1/typedefs.h +++ b/lib/asn1/typedefs.h @@ -7,7 +7,7 @@ #define strcmp(x,y) StrCmp(x,y) #define memset(m,c,l) ZeroMem(m,l) #define memcmp(x,y,z) strncmpa(x,y,z) -#define isprint(x) (0) +#define isprint(x) (1) #define snprintf(s, l, f...) SPrint(s, l, L ## f) #define STR CHAR16 @@ -25,7 +25,7 @@ MEMCPY(void *dest, void *src, size_t n) #define memcpy MEMCPY -typedef char u_char; +typedef unsigned char u_char; #else @@ -52,8 +52,8 @@ typedef char u_char; typedef unsigned char bool; typedef unsigned int u_int; -#define DBG1(...) -#define DBG2(...) +#define DBG1(s...) +#define DBG2(s...) /** * Method declaration/definition macro, providing private and public interface. diff --git a/lib/asn1/x509.c b/lib/asn1/x509.c index 1afb738..bb313c2 100644 --- a/lib/asn1/x509.c +++ b/lib/asn1/x509.c @@ -48,6 +48,8 @@ x509_to_str(void *cert, int cert_size, int tag, parser = asn1_parser_create(x509_certObjects, blob); parser->set_top_level(parser, 0); + snprintf(buf, sizeof(buf), "MISPARSE"); + while (parser->iterate(parser, &objectID, &object)) { if (objectID == tag) dntoa(object, buf, len); |