mirror of
https://git.proxmox.com/git/efi-boot-shim
synced 2025-08-14 10:15:48 +00:00
Improve the layout of the key info
This commit is contained in:
Gary Ching-Pang Lin
parent
e6194ddd0a
commit
ff8d867c68
78
MokManager.c
78
MokManager.c
@ -127,13 +127,13 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) {
|
|||||||
return list;
|
return list;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void print_x509_name (X509_NAME *X509Name, char *name)
|
static void print_x509_name (X509_NAME *X509Name, CHAR16 *name)
|
||||||
{
|
{
|
||||||
char *str;
|
char *str;
|
||||||
|
|
||||||
str = X509_NAME_oneline(X509Name, NULL, 0);
|
str = X509_NAME_oneline(X509Name, NULL, 0);
|
||||||
if (str) {
|
if (str) {
|
||||||
APrint((CHAR8 *)"%a: %a\n", name, str);
|
Print(L" %s:\n %a\n", name, str);
|
||||||
OPENSSL_free(str);
|
OPENSSL_free(str);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -143,7 +143,8 @@ static const char *mon[12]= {
|
|||||||
"Jul","Aug","Sep","Oct","Nov","Dec"
|
"Jul","Aug","Sep","Oct","Nov","Dec"
|
||||||
};
|
};
|
||||||
|
|
||||||
static void print_x509_GENERALIZEDTIME_time (ASN1_TIME *time, char *name) {
|
static void print_x509_GENERALIZEDTIME_time (ASN1_TIME *time, CHAR16 *time_string)
|
||||||
|
{
|
||||||
char *v;
|
char *v;
|
||||||
int gmt = 0;
|
int gmt = 0;
|
||||||
int i;
|
int i;
|
||||||
@ -184,18 +185,19 @@ static void print_x509_GENERALIZEDTIME_time (ASN1_TIME *time, char *name) {
|
|||||||
int l = time->length;
|
int l = time->length;
|
||||||
f = &v[14]; /* The decimal point. */
|
f = &v[14]; /* The decimal point. */
|
||||||
f_len = 1;
|
f_len = 1;
|
||||||
while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9')
|
while (14 + f_len < l && f[f_len] >= '0' &&
|
||||||
|
f[f_len] <= '9')
|
||||||
++f_len;
|
++f_len;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
APrint((CHAR8 *)"%a: %a %2d %02d:%02d:%02d%.*a %d%a",
|
SPrint(time_string, 0, L"%a %2d %02d:%02d:%02d%.*a %d%a",
|
||||||
name, mon[M-1],d,h,m,s,f_len,f,y,(gmt)?" GMT":"");
|
mon[M-1], d, h, m, s, f_len, f, y, (gmt)?" GMT":"");
|
||||||
error:
|
error:
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void print_x509_UTCTIME_time (ASN1_TIME *time, char *name)
|
static void print_x509_UTCTIME_time (ASN1_TIME *time, CHAR16 *time_string)
|
||||||
{
|
{
|
||||||
char *v;
|
char *v;
|
||||||
int gmt=0;
|
int gmt=0;
|
||||||
@ -234,44 +236,63 @@ static void print_x509_UTCTIME_time (ASN1_TIME *time, char *name)
|
|||||||
(v[11] >= '0') && (v[11] <= '9'))
|
(v[11] >= '0') && (v[11] <= '9'))
|
||||||
s = (v[10]-'0')*10+(v[11]-'0');
|
s = (v[10]-'0')*10+(v[11]-'0');
|
||||||
|
|
||||||
APrint((CHAR8 *)"%a: %a %2d %02d:%02d:%02d %d%a\n",
|
SPrint(time_string, 0, L"%a %2d %02d:%02d:%02d %d%a",
|
||||||
name, mon[M-1],d,h,m,s,y+1900,(gmt)?" GMT":"");
|
mon[M-1], d, h, m, s, y+1900, (gmt)?" GMT":"");
|
||||||
error:
|
error:
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void print_x509_time (ASN1_TIME *time, char *name)
|
static void print_x509_time (ASN1_TIME *time, CHAR16 *name)
|
||||||
{
|
{
|
||||||
|
CHAR16 time_string[30];
|
||||||
|
|
||||||
if(time->type == V_ASN1_UTCTIME)
|
if(time->type == V_ASN1_UTCTIME)
|
||||||
print_x509_UTCTIME_time(time, name);
|
print_x509_UTCTIME_time(time, time_string);
|
||||||
|
|
||||||
if(time->type == V_ASN1_GENERALIZEDTIME)
|
if(time->type == V_ASN1_GENERALIZEDTIME)
|
||||||
print_x509_GENERALIZEDTIME_time(time, name);
|
print_x509_GENERALIZEDTIME_time(time, time_string);
|
||||||
|
|
||||||
|
Print(L" %s:\n %s\n", name, time_string);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void show_x509_info (X509 *X509Cert)
|
static void show_x509_info (X509 *X509Cert)
|
||||||
{
|
{
|
||||||
|
ASN1_INTEGER *serial;
|
||||||
|
BIGNUM *bnser;
|
||||||
|
unsigned char hexbuf[30];
|
||||||
X509_NAME *X509Name;
|
X509_NAME *X509Name;
|
||||||
ASN1_TIME *time;
|
ASN1_TIME *time;
|
||||||
|
|
||||||
|
serial = X509_get_serialNumber(X509Cert);
|
||||||
|
if (serial) {
|
||||||
|
int i, n;
|
||||||
|
bnser = ASN1_INTEGER_to_BN(serial, NULL);
|
||||||
|
n = BN_bn2bin(bnser, hexbuf);
|
||||||
|
Print(L" Serial Number:\n ");
|
||||||
|
for (i = 0; i < n-1; i++) {
|
||||||
|
Print(L"%02x:", hexbuf[i]);
|
||||||
|
}
|
||||||
|
Print(L"%02x\n", hexbuf[n-1]);
|
||||||
|
}
|
||||||
|
|
||||||
X509Name = X509_get_issuer_name(X509Cert);
|
X509Name = X509_get_issuer_name(X509Cert);
|
||||||
if (X509Name) {
|
if (X509Name) {
|
||||||
print_x509_name(X509Name, "Issuer");
|
print_x509_name(X509Name, L"Issuer");
|
||||||
}
|
}
|
||||||
|
|
||||||
X509Name = X509_get_subject_name(X509Cert);
|
X509Name = X509_get_subject_name(X509Cert);
|
||||||
if (X509Name) {
|
if (X509Name) {
|
||||||
print_x509_name(X509Name, "Subject");
|
print_x509_name(X509Name, L"Subject");
|
||||||
}
|
}
|
||||||
|
|
||||||
time = X509_get_notBefore(X509Cert);
|
time = X509_get_notBefore(X509Cert);
|
||||||
if (time) {
|
if (time) {
|
||||||
print_x509_time(time, "Not Before");
|
print_x509_time(time, L"Validity from");
|
||||||
}
|
}
|
||||||
|
|
||||||
time = X509_get_notAfter(X509Cert);
|
time = X509_get_notAfter(X509Cert);
|
||||||
if (time) {
|
if (time) {
|
||||||
print_x509_time(time, "Not After");
|
print_x509_time(time, L"Validity till");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -285,6 +306,15 @@ static void show_mok_info (void *Mok, UINTN MokSize)
|
|||||||
if (!Mok || MokSize == 0)
|
if (!Mok || MokSize == 0)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
if (X509ConstructCertificate(Mok, MokSize, (UINT8 **) &X509Cert) &&
|
||||||
|
X509Cert != NULL) {
|
||||||
|
show_x509_info(X509Cert);
|
||||||
|
X509_free(X509Cert);
|
||||||
|
} else {
|
||||||
|
Print(L" Not a valid X509 certificate\n\n");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
efi_status = get_sha256sum(Mok, MokSize, hash);
|
efi_status = get_sha256sum(Mok, MokSize, hash);
|
||||||
|
|
||||||
if (efi_status != EFI_SUCCESS) {
|
if (efi_status != EFI_SUCCESS) {
|
||||||
@ -292,18 +322,13 @@ static void show_mok_info (void *Mok, UINTN MokSize)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (X509ConstructCertificate(Mok, MokSize, (UINT8 **) &X509Cert) &&
|
Print(L" Fingerprint (SHA256):\n ");
|
||||||
X509Cert != NULL) {
|
|
||||||
show_x509_info(X509Cert);
|
|
||||||
X509_free(X509Cert);
|
|
||||||
}
|
|
||||||
|
|
||||||
Print(L"Fingerprint (SHA256):\n");
|
|
||||||
for (i = 0; i < SHA256_DIGEST_SIZE; i++) {
|
for (i = 0; i < SHA256_DIGEST_SIZE; i++) {
|
||||||
Print(L" %02x", hash[i]);
|
Print(L" %02x", hash[i]);
|
||||||
if (i % 16 == 15)
|
if (i % 16 == 15)
|
||||||
Print(L"\n");
|
Print(L"\n ");
|
||||||
}
|
}
|
||||||
|
Print(L"\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
static UINT8 list_keys (void *MokNew, UINTN MokNewSize)
|
static UINT8 list_keys (void *MokNew, UINTN MokNewSize)
|
||||||
@ -329,9 +354,8 @@ static UINT8 list_keys (void *MokNew, UINTN MokNewSize)
|
|||||||
|
|
||||||
Print(L"New machine owner key(s):\n\n");
|
Print(L"New machine owner key(s):\n\n");
|
||||||
for (i = 0; i < MokNum; i++) {
|
for (i = 0; i < MokNum; i++) {
|
||||||
Print(L"Key %d:\n", i);
|
Print(L"[Key %d]\n", i+1);
|
||||||
show_mok_info(keys[i].Mok, keys[i].MokSize);
|
show_mok_info(keys[i].Mok, keys[i].MokSize);
|
||||||
Print(L"\n");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = 1;
|
ret = 1;
|
||||||
@ -350,7 +374,7 @@ static UINT8 mok_enrollment_prompt (void *MokNew, UINTN MokNewSize)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
Print(L"\nEnroll the key(s)? (y/N): ");
|
Print(L"Enroll the key(s)? (y/N): ");
|
||||||
|
|
||||||
key = get_keystroke();
|
key = get_keystroke();
|
||||||
Print(L"%c\n", key.UnicodeChar);
|
Print(L"%c\n", key.UnicodeChar);
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user