SecurityPkg FmpAuthenticationLibRsa2048Sha256: Remove PCD reference
[mirror_edk2.git] / SecurityPkg / Library / FmpAuthenticationLibRsa2048Sha256 / FmpAuthenticationLibRsa2048Sha256.c
CommitLineData
938f77f8
JY
1/** @file\r
2 FMP Authentication RSA2048SHA256 handler.\r
3 Provide generic FMP authentication functions for DXE/PEI post memory phase.\r
4\r
5 Caution: This module requires additional review when modified.\r
6 This module will have external input - capsule image.\r
7 This external input must be validated carefully to avoid security issue like\r
8 buffer overflow, integer overflow.\r
9\r
10 FmpAuthenticatedHandlerRsa2048Sha256(), AuthenticateFmpImage() will receive\r
11 untrusted input and do basic validation.\r
12\r
d4ccf264 13 Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>\r
938f77f8
JY
14 This program and the accompanying materials\r
15 are licensed and made available under the terms and conditions of the BSD License\r
16 which accompanies this distribution. The full text of the license may be found at\r
17 http://opensource.org/licenses/bsd-license.php\r
18\r
19 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
20 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
21\r
22**/\r
23\r
24#include <Uefi.h>\r
25\r
26#include <Guid/SystemResourceTable.h>\r
27#include <Guid/FirmwareContentsSigned.h>\r
28#include <Guid/WinCertificate.h>\r
29\r
30#include <Library/BaseLib.h>\r
31#include <Library/BaseMemoryLib.h>\r
32#include <Library/DebugLib.h>\r
33#include <Library/MemoryAllocationLib.h>\r
34#include <Library/BaseCryptLib.h>\r
35#include <Library/FmpAuthenticationLib.h>\r
36#include <Library/PcdLib.h>\r
37#include <Protocol/FirmwareManagement.h>\r
38#include <Guid/SystemResourceTable.h>\r
39\r
40///\r
41/// Public Exponent of RSA Key.\r
42///\r
43STATIC CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };\r
44\r
45/**\r
46 The handler is used to do the authentication for FMP capsule based upon\r
47 EFI_FIRMWARE_IMAGE_AUTHENTICATION.\r
48\r
49 Caution: This function may receive untrusted input.\r
50\r
51 This function assumes the caller AuthenticateFmpImage()\r
52 already did basic validation for EFI_FIRMWARE_IMAGE_AUTHENTICATION.\r
53\r
54 @param[in] Image Points to an FMP authentication image, started from EFI_FIRMWARE_IMAGE_AUTHENTICATION.\r
55 @param[in] ImageSize Size of the authentication image in bytes.\r
56 @param[in] PublicKeyData The public key data used to validate the signature.\r
57 @param[in] PublicKeyDataLength The length of the public key data.\r
58\r
59 @retval RETURN_SUCCESS Authentication pass.\r
60 The LastAttemptStatus should be LAST_ATTEMPT_STATUS_SUCCESS.\r
61 @retval RETURN_SECURITY_VIOLATION Authentication fail.\r
62 The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR.\r
63 @retval RETURN_INVALID_PARAMETER The image is in an invalid format.\r
64 The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT.\r
65 @retval RETURN_OUT_OF_RESOURCES No Authentication handler associated with CertType.\r
66 The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES.\r
67**/\r
68RETURN_STATUS\r
69FmpAuthenticatedHandlerRsa2048Sha256 (\r
70 IN EFI_FIRMWARE_IMAGE_AUTHENTICATION *Image,\r
71 IN UINTN ImageSize,\r
72 IN CONST UINT8 *PublicKeyData,\r
73 IN UINTN PublicKeyDataLength\r
74 )\r
75{\r
76 RETURN_STATUS Status;\r
77 EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlockRsa2048Sha256;\r
78 BOOLEAN CryptoStatus;\r
79 UINT8 Digest[SHA256_DIGEST_SIZE];\r
80 UINT8 *PublicKey;\r
81 UINTN PublicKeyBufferSize;\r
82 VOID *HashContext;\r
83 VOID *Rsa;\r
84\r
85 DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerRsa2048Sha256 - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize));\r
86\r
87 if (Image->AuthInfo.Hdr.dwLength != OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof(EFI_CERT_BLOCK_RSA_2048_SHA256)) {\r
88 DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - dwLength: 0x%04x, dwLength - 0x%04x\n", (UINTN)Image->AuthInfo.Hdr.dwLength, (UINTN)OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof(EFI_CERT_BLOCK_RSA_2048_SHA256)));\r
89 return RETURN_INVALID_PARAMETER;\r
90 }\r
91\r
92 CertBlockRsa2048Sha256 = (EFI_CERT_BLOCK_RSA_2048_SHA256 *)Image->AuthInfo.CertData;\r
93 if (!CompareGuid(&CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid)) {\r
94 DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - HashType: %g, expect - %g\n", &CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid));\r
95 return RETURN_INVALID_PARAMETER;\r
96 }\r
97\r
98 HashContext = NULL;\r
99 Rsa = NULL;\r
100\r
101 //\r
102 // Allocate hash context buffer required for SHA 256\r
103 //\r
104 HashContext = AllocatePool (Sha256GetContextSize ());\r
105 if (HashContext == NULL) {\r
106 CryptoStatus = FALSE;\r
107 DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Can not allocate hash context\n"));\r
108 Status = RETURN_OUT_OF_RESOURCES;\r
109 goto Done;\r
110 }\r
111\r
112 //\r
113 // Hash public key from data payload with SHA256.\r
114 //\r
115 ZeroMem (Digest, SHA256_DIGEST_SIZE);\r
116 CryptoStatus = Sha256Init (HashContext);\r
117 if (!CryptoStatus) {\r
118 DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Init() failed\n"));\r
119 Status = RETURN_OUT_OF_RESOURCES;\r
120 goto Done;\r
121 }\r
122 CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey));\r
123 if (!CryptoStatus) {\r
124 DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n"));\r
125 Status = RETURN_OUT_OF_RESOURCES;\r
126 goto Done;\r
127 }\r
128 CryptoStatus = Sha256Final (HashContext, Digest);\r
129 if (!CryptoStatus) {\r
130 DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Final() failed\n"));\r
131 Status = RETURN_OUT_OF_RESOURCES;\r
132 goto Done;\r
133 }\r
134\r
135 //\r
d4ccf264 136 // Fail if the PublicKey is not one of the public keys in the input PublicKeyData.\r
938f77f8
JY
137 //\r
138 PublicKey = (VOID *)PublicKeyData;\r
139 PublicKeyBufferSize = PublicKeyDataLength;\r
140 CryptoStatus = FALSE;\r
141 while (PublicKeyBufferSize != 0) {\r
142 if (CompareMem (Digest, PublicKey, SHA256_DIGEST_SIZE) == 0) {\r
143 CryptoStatus = TRUE;\r
144 break;\r
145 }\r
146 PublicKey = PublicKey + SHA256_DIGEST_SIZE;\r
147 PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE;\r
148 }\r
149 if (!CryptoStatus) {\r
150 DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Public key in section is not supported\n"));\r
151 Status = RETURN_SECURITY_VIOLATION;\r
152 goto Done;\r
153 }\r
154\r
155 //\r
156 // Generate & Initialize RSA Context.\r
157 //\r
158 Rsa = RsaNew ();\r
159 if (Rsa == NULL) {\r
160 CryptoStatus = FALSE;\r
161 DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaNew() failed\n"));\r
162 Status = RETURN_OUT_OF_RESOURCES;\r
163 goto Done;\r
164 }\r
165\r
166 //\r
167 // Set RSA Key Components.\r
168 // NOTE: Only N and E are needed to be set as RSA public key for signature verification.\r
169 //\r
170 CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey));\r
171 if (!CryptoStatus) {\r
172 DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaSetKey(RsaKeyN) failed\n"));\r
173 Status = RETURN_OUT_OF_RESOURCES;\r
174 goto Done;\r
175 }\r
176 CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));\r
177 if (!CryptoStatus) {\r
178 DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n"));\r
179 Status = RETURN_OUT_OF_RESOURCES;\r
180 goto Done;\r
181 }\r
182\r
183 //\r
184 // Hash data payload with SHA256.\r
185 //\r
186 ZeroMem (Digest, SHA256_DIGEST_SIZE);\r
187 CryptoStatus = Sha256Init (HashContext);\r
188 if (!CryptoStatus) {\r
189 DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Init() failed\n"));\r
190 Status = RETURN_OUT_OF_RESOURCES;\r
191 goto Done;\r
192 }\r
193\r
194 // It is a signature across the variable data and the Monotonic Count value.\r
195 CryptoStatus = Sha256Update (\r
196 HashContext,\r
197 (UINT8 *)Image + sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength,\r
198 ImageSize - sizeof(Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength\r
199 );\r
200 if (!CryptoStatus) {\r
201 DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n"));\r
202 Status = RETURN_OUT_OF_RESOURCES;\r
203 goto Done;\r
204 }\r
205 CryptoStatus = Sha256Update (\r
206 HashContext,\r
207 (UINT8 *)&Image->MonotonicCount,\r
208 sizeof(Image->MonotonicCount)\r
209 );\r
210 if (!CryptoStatus) {\r
211 DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n"));\r
212 Status = RETURN_OUT_OF_RESOURCES;\r
213 goto Done;\r
214 }\r
215 CryptoStatus = Sha256Final (HashContext, Digest);\r
216 if (!CryptoStatus) {\r
217 DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Final() failed\n"));\r
218 Status = RETURN_OUT_OF_RESOURCES;\r
219 goto Done;\r
220 }\r
221\r
222 //\r
223 // Verify the RSA 2048 SHA 256 signature.\r
224 //\r
225 CryptoStatus = RsaPkcs1Verify (\r
226 Rsa,\r
227 Digest,\r
228 SHA256_DIGEST_SIZE,\r
229 CertBlockRsa2048Sha256->Signature,\r
230 sizeof (CertBlockRsa2048Sha256->Signature)\r
231 );\r
232 if (!CryptoStatus) {\r
233 //\r
234 // If RSA 2048 SHA 256 signature verification fails, AUTH tested failed bit is set.\r
235 //\r
236 DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaPkcs1Verify() failed\n"));\r
237 Status = RETURN_SECURITY_VIOLATION;\r
238 goto Done;\r
239 }\r
240 DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerRsa2048Sha256: PASS verification\n"));\r
241\r
242 Status = RETURN_SUCCESS;\r
243\r
244Done:\r
245 //\r
246 // Free allocated resources used to perform RSA 2048 SHA 256 signature verification\r
247 //\r
248 if (Rsa != NULL) {\r
249 RsaFree (Rsa);\r
250 }\r
251 if (HashContext != NULL) {\r
252 FreePool (HashContext);\r
253 }\r
254\r
255 return Status;\r
256}\r
257\r
258/**\r
259 The function is used to do the authentication for FMP capsule based upon\r
260 EFI_FIRMWARE_IMAGE_AUTHENTICATION.\r
261\r
262 The FMP capsule image should start with EFI_FIRMWARE_IMAGE_AUTHENTICATION,\r
263 followed by the payload.\r
264\r
265 If the return status is RETURN_SUCCESS, the caller may continue the rest\r
266 FMP update process.\r
267 If the return status is NOT RETURN_SUCCESS, the caller should stop the FMP\r
268 update process and convert the return status to LastAttemptStatus\r
269 to indicate that FMP update fails.\r
270 The LastAttemptStatus can be got from ESRT table or via\r
271 EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImageInfo().\r
272\r
273 Caution: This function may receive untrusted input.\r
274\r
275 @param[in] Image Points to an FMP authentication image, started from EFI_FIRMWARE_IMAGE_AUTHENTICATION.\r
276 @param[in] ImageSize Size of the authentication image in bytes.\r
277 @param[in] PublicKeyData The public key data used to validate the signature.\r
278 @param[in] PublicKeyDataLength The length of the public key data.\r
279\r
280 @retval RETURN_SUCCESS Authentication pass.\r
281 The LastAttemptStatus should be LAST_ATTEMPT_STATUS_SUCCESS.\r
282 @retval RETURN_SECURITY_VIOLATION Authentication fail.\r
283 The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR.\r
284 @retval RETURN_INVALID_PARAMETER The image is in an invalid format.\r
285 The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT.\r
286 @retval RETURN_UNSUPPORTED No Authentication handler associated with CertType.\r
287 The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT.\r
288 @retval RETURN_UNSUPPORTED Image or ImageSize is invalid.\r
289 The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT.\r
290 @retval RETURN_OUT_OF_RESOURCES No Authentication handler associated with CertType.\r
291 The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES.\r
292**/\r
293RETURN_STATUS\r
294EFIAPI\r
295AuthenticateFmpImage (\r
296 IN EFI_FIRMWARE_IMAGE_AUTHENTICATION *Image,\r
297 IN UINTN ImageSize,\r
298 IN CONST UINT8 *PublicKeyData,\r
299 IN UINTN PublicKeyDataLength\r
300 )\r
301{\r
302 GUID *CertType;\r
303 EFI_STATUS Status;\r
304\r
305 if ((Image == NULL) || (ImageSize == 0)) {\r
306 return RETURN_UNSUPPORTED;\r
307 }\r
308\r
492c05f5
JY
309 if ((PublicKeyDataLength % SHA256_DIGEST_SIZE) != 0) {\r
310 DEBUG ((DEBUG_ERROR, "PublicKeyDataLength is not multiple SHA256 size\n"));\r
311 return RETURN_UNSUPPORTED;\r
312 }\r
313\r
938f77f8
JY
314 if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) {\r
315 DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));\r
316 return RETURN_INVALID_PARAMETER;\r
317 }\r
318 if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) {\r
319 DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n"));\r
320 return RETURN_INVALID_PARAMETER;\r
321 }\r
ba47ae93 322 if ((UINTN) Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof(UINT64)) {\r
938f77f8
JY
323 DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n"));\r
324 return RETURN_INVALID_PARAMETER;\r
325 }\r
326 if (ImageSize <= sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) {\r
327 DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));\r
328 return RETURN_INVALID_PARAMETER;\r
329 }\r
330 if (Image->AuthInfo.Hdr.wRevision != 0x0200) {\r
331 DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200));\r
332 return RETURN_INVALID_PARAMETER;\r
333 }\r
334 if (Image->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) {\r
335 DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID));\r
336 return RETURN_INVALID_PARAMETER;\r
337 }\r
338\r
339 CertType = &Image->AuthInfo.CertType;\r
340 DEBUG((DEBUG_INFO, "AuthenticateFmpImage - CertType: %g\n", CertType));\r
341\r
342 if (CompareGuid (&gEfiCertTypeRsa2048Sha256Guid, CertType)) {\r
343 //\r
344 // Call the match handler to extract raw data for the input section data.\r
345 //\r
346 Status = FmpAuthenticatedHandlerRsa2048Sha256 (\r
347 Image,\r
348 ImageSize,\r
349 PublicKeyData,\r
350 PublicKeyDataLength\r
351 );\r
352 return Status;\r
353 }\r
354\r
355 //\r
356 // Not found, the input guided section is not supported.\r
357 //\r
358 return RETURN_UNSUPPORTED;\r
359}\r
360\r