signature

package
v0.0.0-...-19dc140 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 19, 2024 License: MIT Imports: 14 Imported by: 5

Documentation

Index

Constants

View Source
const (
	CERT_SHA256         CertType = "SHA256"
	CERT_RSA2048                 = "RSA2048"
	CERT_RSA2048_SHA256          = "RSA2048 SHA256"
	CERT_SHA1                    = "SHA1"
	CERT_RSA2048_SHA1            = "RSA2048 SHA1"
	CERT_X509                    = "X509"
	CERT_SHA224                  = "SHA224"
	CERT_SHA384                  = "SHA238"
	CERT_SHA512                  = "SHA512"
	CERT_X509_SHA256             = "X509 SHA256"
)
View Source
const SizeofSignatureList uint32 = util.SizeofEFIGUID + 4 + 4 + 4

SignatureSize + sizeof(SignatureType) + sizeof(uint32)*3

View Source
const SizeofWINCertificate = 4 + 2 + 2
View Source
const SizeofWinCertificateUEFIGUID = SizeofWINCertificate + util.SizeofEFIGUID

Variables

View Source
var (
	CERT_SHA256_GUID         = util.EFIGUID{0xc1c41626, 0x504c, 0x4092, [8]uint8{0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28}}
	CERT_RSA2048_GUID        = util.EFIGUID{0x3c5766e8, 0x269c, 0x4e34, [8]uint8{0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6}}
	CERT_RSA2048_SHA256_GUID = util.EFIGUID{0xe2b36190, 0x879b, 0x4a3d, [8]uint8{0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84}}

	CERT_SHA1_GUID         = util.EFIGUID{0x826ca512, 0xcf10, 0x4ac9, [8]uint8{0xb1, 0x87, 0xbe, 0x01, 0x49, 0x66, 0x31, 0xbd}}
	CERT_RSA2048_SHA1_GUID = util.EFIGUID{0x67f8444f, 0x8743, 0x48f1, [8]uint8{0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80}}

	CERT_X509_GUID = util.EFIGUID{0xa5c059a1, 0x94e4, 0x4aa7, [8]uint8{0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72}}

	CERT_SHA224_GUID = util.EFIGUID{0xb6e5233, 0xa65c, 0x44c9, [8]uint8{0x94, 0x07, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd}}

	CERT_SHA384_GUID = util.EFIGUID{0xff3e5307, 0x9fd0, 0x48c9, [8]uint8{0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x01}}

	CERT_SHA512_GUID = util.EFIGUID{0x93e0fae, 0xa6c4, 0x4f50, [8]uint8{0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a}}

	CERT_X509_SHA256_GUID = util.EFIGUID{0x3bd2a492, 0x96c0, 0x4079, [8]uint8{0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed}}

	CERT_EXTERNAL_MANAGEMENT_GUID = util.EFIGUID{0x452e8ced, 0xdfff, 0x4b8c, [8]uint8{0xae, 0x01, 0x51, 0x18, 0x86, 0x2e, 0x68, 0x2c}}
)

Section 32.4.1 Signature Database Page 1714 -> Page 1717

View Source
var (
	EFI_CERT_TYPE_RSA2048_SHA256_GUID = util.EFIGUID{0xa7717414, 0xc616, 0x4977, [8]uint8{0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf}}
	EFI_CERT_TYPE_PKCS7_GUID          = util.EFIGUID{0x4aafd29d, 0x68df, 0x49ee, [8]uint8{0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7}}
)
View Source
var ErrNoSuchSignatureScheme = errors.New("no such signature scheme")
View Source
var ErrNotFoundSigData = errors.New("signature data not found")
View Source
var ErrNotFoundSigList = errors.New("signature list not found")
View Source
var ErrParse = errors.New("could not parse struct")
View Source
var ErrSigDataExists = errors.New("signature data exists already")
View Source
var ValidEFISignatureSchemes = map[util.EFIGUID]CertType{
	CERT_SHA256_GUID:              "SHA256",
	CERT_RSA2048_GUID:             "RSA2048",
	CERT_RSA2048_SHA256_GUID:      "RSA2048 SHA256",
	CERT_SHA1_GUID:                "SHA1",
	CERT_RSA2048_SHA1_GUID:        "RSA2048 SHA1",
	CERT_X509_GUID:                "X509",
	CERT_SHA224_GUID:              "SHA224",
	CERT_SHA384_GUID:              "SHA238",
	CERT_SHA512_GUID:              "SHA512",
	CERT_X509_SHA256_GUID:         "X509 SHA256",
	CERT_EXTERNAL_MANAGEMENT_GUID: "EXTERNAL MANAGEMENT",
}

Quick access list Maybe a map[string]EFIGUID?

View Source
var WINCertTypeString = map[WINCertType]string{
	0x0002: "WIN_CERT_TYPE_PKCS_SIGNED_DATA",
	0x0EF0: "WIN_CERT_TYPE_EFI_PKCS1_15",
	0x0EF1: "WIN_CERT_TYPE_EFI_GUID",
}
View Source
var WIN_CERTIFICATE_REVISION uint16 = 0x0200

According to page 1705 UEFI Spec February 2020

Functions

func GetSupportedSignatures

func GetSupportedSignatures(f io.Reader) ([]util.EFIGUID, error)

Section 3.3 - Globally Defined Variables Array of GUIDs representing the type of signatures supported by the platform firmware. Should be treated as read-only

func WriteEFIVariableAuthencation2

func WriteEFIVariableAuthencation2(b *bytes.Buffer, e EFIVariableAuthentication2)

func WriteSignatureData

func WriteSignatureData(b io.Writer, s SignatureData)

func WriteSignatureDatabase

func WriteSignatureDatabase(b io.Writer, sigdb SignatureDatabase)

Write a signature database which contains a slice of SignautureLists

func WriteSignatureList

func WriteSignatureList(b io.Writer, s SignatureList)

Writes a signature list

func WriteWinCertificate

func WriteWinCertificate(b *bytes.Buffer, w *WINCertificate)

func WriteWinCertificateUEFIGUID

func WriteWinCertificateUEFIGUID(b *bytes.Buffer, w *WinCertificateUEFIGUID)

Types

type CertType

type CertType string

type EFIVariableAuthentication

type EFIVariableAuthentication struct {
	MonotonicCount uint64
	AuthInfo       util.EFIGUID // WIN_CERTIFICATE_UEFI_GUID
}

Page. 237 Deprecated. But defined because #reasons

type EFIVariableAuthentication2

type EFIVariableAuthentication2 struct {
	Time     util.EFITime
	AuthInfo WinCertificateUEFIGUID
}

Page. 238 Only accepts the CertType EFI_CERT_TYPE_PKCS7_GUID

func NewEFIVariableAuthentication2

func NewEFIVariableAuthentication2() *EFIVariableAuthentication2

Returns an EFIVariableAuthencation2 struct no SignedData

func ReadEFIVariableAuthencation2

func ReadEFIVariableAuthencation2(f io.Reader) (*EFIVariableAuthentication2, error)

func (*EFIVariableAuthentication2) Marshal

func (e *EFIVariableAuthentication2) Marshal(b *bytes.Buffer)

func (*EFIVariableAuthentication2) Unmarshal

func (e *EFIVariableAuthentication2) Unmarshal(b *bytes.Buffer) error

func (*EFIVariableAuthentication2) Verify

type EFIVariableAuthentication3

type EFIVariableAuthentication3 struct {
	Version      uint8
	Type         uint8
	MetadataSize uint32
	Flags        uint32
}

Page. 238 Only used when EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS is set

type SignatureData

type SignatureData struct {
	Owner util.EFIGUID
	Data  []uint8
}

Section 32.4.1 - Signature Database Page 1712

func ReadSignatureData

func ReadSignatureData(f io.Reader, size uint32) (*SignatureData, error)

func (*SignatureData) Bytes

func (sd *SignatureData) Bytes() []byte

type SignatureDatabase

type SignatureDatabase []*SignatureList

SignatureDatabase is a list of EFI signature lists

func NewSignatureDatabase

func NewSignatureDatabase() *SignatureDatabase

func ReadSignatureDatabase

func ReadSignatureDatabase(f io.Reader) (SignatureDatabase, error)

Reads several signature lists from a io.Reader. It assumes io.EOF means there are no more signatures to read as opposed to an actual issue

func (*SignatureDatabase) Append

func (sd *SignatureDatabase) Append(certtype util.EFIGUID, owner util.EFIGUID, data []byte) error

Appends the raw signature values to the database

func (*SignatureDatabase) AppendDatabase

func (sd *SignatureDatabase) AppendDatabase(s *SignatureDatabase)

Appends a signature database

func (*SignatureDatabase) AppendList

func (sd *SignatureDatabase) AppendList(sl *SignatureList)

Appends a signature list to the database TODO: Should merge towards a fitting list?

func (*SignatureDatabase) AppendSignature

func (sd *SignatureDatabase) AppendSignature(certtype util.EFIGUID, sl *SignatureData) error

Appends a signaure to the database. It will scan the database for the appropriate list to append itself to.

func (*SignatureDatabase) Bytes

func (sd *SignatureDatabase) Bytes() []byte

Serialize the Signature Database into bytes

func (*SignatureDatabase) BytesExists

func (sd *SignatureDatabase) BytesExists(certtype util.EFIGUID, owner util.EFIGUID, data []byte) bool

Checks if the bytes in a list is present in the signature database

func (*SignatureDatabase) Exists

func (sd *SignatureDatabase) Exists(certtype util.EFIGUID, siglist *SignatureList) bool

Checks if all signatures in a list is present in the signature database

func (*SignatureDatabase) Marshal

func (sd *SignatureDatabase) Marshal(b *bytes.Buffer)

func (*SignatureDatabase) Remove

func (sd *SignatureDatabase) Remove(certtype util.EFIGUID, owner util.EFIGUID, data []byte) error

Remove the raw signature values to the database

func (*SignatureDatabase) RemoveList

func (sd *SignatureDatabase) RemoveList(sl *SignatureList) error

Removes a signature list from the database

func (*SignatureDatabase) RemoveSignature

func (sd *SignatureDatabase) RemoveSignature(certtype util.EFIGUID, sl *SignatureData) error

Removes a signaure to the database. It will scan available lists for something to remove

func (*SignatureDatabase) SigDataExists

func (sd *SignatureDatabase) SigDataExists(certtype util.EFIGUID, sigdata *SignatureData) bool

Checks if all signatures in a list is present in the signature database

func (*SignatureDatabase) Unmarshal

func (sd *SignatureDatabase) Unmarshal(b *bytes.Buffer) error

type SignatureList

type SignatureList struct {
	SignatureType   util.EFIGUID
	ListSize        uint32          // Total size of the signature list, including this header
	HeaderSize      uint32          // Size of SignatureHead
	Size            uint32          // Size of each signature. At least the size of EFI_SIGNATURE_DATA
	SignatureHeader []uint8         // SignatureType defines the content of this header
	Signatures      []SignatureData // SignatureData List
}

Section 32.4.1 - Signature Database Page 1713

func NewSignatureList

func NewSignatureList(certtype util.EFIGUID) *SignatureList

func ReadSignatureList

func ReadSignatureList(f io.Reader) (*SignatureList, error)

Read an EFI_SIGNATURE_LIST from io.Reader. It will read until io.EOF. io.EOF should be somewhat expected if we are trying to read multiple lists as they should be either at the end of the file, or the entire file.

func (*SignatureList) AppendBytes

func (sl *SignatureList) AppendBytes(owner util.EFIGUID, data []byte) error

func (*SignatureList) AppendSignature

func (sl *SignatureList) AppendSignature(s SignatureData) error

func (*SignatureList) Bytes

func (sl *SignatureList) Bytes() []byte

func (*SignatureList) CmpHeader

func (sl *SignatureList) CmpHeader(siglist *SignatureList) bool

Compare the signature lists header to see if they are the same type of list This is usefull if you wonder if you can merge the lists or not

func (*SignatureList) Exists

func (sl *SignatureList) Exists(sigdata *SignatureData) (bool, int)

Check if signature exists in the signature list Return true if it does along with the index

func (*SignatureList) ExistsInList

func (sl *SignatureList) ExistsInList(siglist *SignatureList) bool

func (*SignatureList) RemoveBytes

func (sl *SignatureList) RemoveBytes(owner util.EFIGUID, data []byte) error

func (*SignatureList) RemoveSignature

func (sl *SignatureList) RemoveSignature(s SignatureData) error

type WINCertType

type WINCertType uint16
var (
	WIN_CERT_TYPE_PKCS_SIGNED_DATA WINCertType = 0x0002
	WIN_CERT_TYPE_EFI_PKCS1_15     WINCertType = 0x0EF0
	WIN_CERT_TYPE_EFI_GUID         WINCertType = 0x0EF1
)

Page 1705 0x0EF0 to 0x0EFF is the reserved range

type WINCertificate

type WINCertificate struct {
	Length      uint32
	Revision    uint16
	CertType    WINCertType
	Certificate []uint8
}

PE/COFF structure for signing Page 1705

func ReadWinCertificate

func ReadWinCertificate(f io.Reader) (WINCertificate, error)

type WinCertificateUEFIGUID

type WinCertificateUEFIGUID struct {
	Header   WINCertificate
	CertType util.EFIGUID // One of the EFI_CERT types
	CertData []uint8
}

Should implement an interface Page 1707

func ReadWinCertificateUEFIGUID

func ReadWinCertificateUEFIGUID(f io.Reader) (WinCertificateUEFIGUID, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL