diff --git a/go.mod b/go.mod index e7c4ac7..c56b831 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.16 require ( github.com/anatol/vmtest v0.0.0-20210225191124-26540db15d49 github.com/fatih/color v1.12.0 - github.com/foxboron/go-uefi v0.0.0-20210602193603-8589bbab9380 + github.com/foxboron/go-uefi v0.0.0-20210611230104-7a6a29e36155 github.com/google/uuid v1.2.0 github.com/mattn/go-isatty v0.0.13 // indirect github.com/spf13/cobra v1.1.3 diff --git a/go.sum b/go.sum index 98e203d..45c8d24 100644 --- a/go.sum +++ b/go.sum @@ -43,6 +43,8 @@ github.com/fatih/color v1.12.0 h1:mRhaKNwANqRgUBGKmnI5ZxEk7QXmjQeCcuYFMX2bfcc= github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM= github.com/foxboron/go-uefi v0.0.0-20210602193603-8589bbab9380 h1:D8hRHRCC/jFjOg0alhvQo2unG/HU/qZFbhLvRJPo21I= github.com/foxboron/go-uefi v0.0.0-20210602193603-8589bbab9380/go.mod h1:bLcrn48nYQOkijhTK2iQw1MjXbBqJTG0k8RP6ww+CGQ= +github.com/foxboron/go-uefi v0.0.0-20210611230104-7a6a29e36155 h1:9RnTC3NVUwcFpHGGzDYd2LqED59D929P9rl+bq8JL2c= +github.com/foxboron/go-uefi v0.0.0-20210611230104-7a6a29e36155/go.mod h1:bLcrn48nYQOkijhTK2iQw1MjXbBqJTG0k8RP6ww+CGQ= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= diff --git a/keys.go b/keys.go index af2d14c..574d18f 100644 --- a/keys.go +++ b/keys.go @@ -99,7 +99,18 @@ func Enroll(uuid util.EFIGUID, cert, signerKey, signerPem []byte, efivar string) c.AppendBytes(uuid, cert) buf := new(bytes.Buffer) signature.WriteSignatureList(buf, *c) - signedBuf := efi.SignEFIVariable(util.ReadKey(signerKey), util.ReadCert(signerPem), efivar, buf.Bytes()) + key, err := util.ReadKey(signerKey) + if err != nil { + return nil + } + crt, err := util.ReadCert(signerPem) + if err != nil { + return nil + } + signedBuf, err := efi.SignEFIVariable(key, crt, efivar, buf.Bytes()) + if err != nil { + return err + } return efi.WriteEFIVariable(efivar, signedBuf) } @@ -131,7 +142,10 @@ func VerifyFile(cert, file string) (bool, error) { return false, err } - x509Cert := util.ReadCertFromFile(cert) + x509Cert, err := util.ReadCertFromFile(cert) + if err != nil { + return false, err + } sigs, err := pecoff.GetSignatures(peFile) if err != nil { return false, err @@ -190,14 +204,26 @@ func SignFile(key, cert, file, output, checksum string) error { return err } - Cert := util.ReadCertFromFile(cert) - Key := util.ReadKeyFromFile(key) + Cert, err := util.ReadCertFromFile(cert) + if err != nil { + return err + } + Key, err := util.ReadKeyFromFile(key) + if err != nil { + return err + } ctx := pecoff.PECOFFChecksum(peFile) - sig := pecoff.CreateSignature(ctx, Cert, Key) + sig, err := pecoff.CreateSignature(ctx, Cert, Key) + if err != nil { + return err + } - b := pecoff.AppendToBinary(ctx, sig) + b, err := pecoff.AppendToBinary(ctx, sig) + if err != nil { + return err + } if err = os.WriteFile(file, b, si.Mode()); err != nil { return err }