| 1 | /** @file\r |
| 2 | Detects if PcdFmpDevicePkcs7CertBufferXdr contains a test key.\r |
| 3 | \r |
| 4 | Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>\r |
| 5 | \r |
| 6 | Redistribution and use in source and binary forms, with or without\r |
| 7 | modification, are permitted provided that the following conditions are met:\r |
| 8 | 1. Redistributions of source code must retain the above copyright notice,\r |
| 9 | this list of conditions and the following disclaimer.\r |
| 10 | 2. Redistributions in binary form must reproduce the above copyright notice,\r |
| 11 | this list of conditions and the following disclaimer in the documentation\r |
| 12 | and/or other materials provided with the distribution.\r |
| 13 | \r |
| 14 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND\r |
| 15 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\r |
| 16 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\r |
| 17 | IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,\r |
| 18 | INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,\r |
| 19 | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\r |
| 20 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF\r |
| 21 | LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\r |
| 22 | OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF\r |
| 23 | ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\r |
| 24 | \r |
| 25 | **/\r |
| 26 | \r |
| 27 | #include <PiDxe.h>\r |
| 28 | #include <Library/DebugLib.h>\r |
| 29 | #include <Library/BaseLib.h>\r |
| 30 | #include <Library/BaseMemoryLib.h>\r |
| 31 | #include <Library/PcdLib.h>\r |
| 32 | #include <Library/MemoryAllocationLib.h>\r |
| 33 | #include <Library/BaseCryptLib.h>\r |
| 34 | \r |
| 35 | /**\r |
| 36 | Check to see if any of the keys in PcdFmpDevicePkcs7CertBufferXdr matches\r |
| 37 | the test key. PcdFmpDeviceTestKeySha256Digest contains the SHA256 hash of\r |
| 38 | the test key. For each key in PcdFmpDevicePkcs7CertBufferXdr, compute the\r |
| 39 | SHA256 hash and compare it to PcdFmpDeviceTestKeySha256Digest. If the\r |
| 40 | SHA256 hash matches or there is then error computing the SHA256 hash, then\r |
| 41 | set PcdTestKeyUsed to TRUE. Skip this check if PcdTestKeyUsed is already\r |
| 42 | TRUE or PcdFmpDeviceTestKeySha256Digest is not exactly SHA256_DIGEST_SIZE\r |
| 43 | bytes.\r |
| 44 | **/\r |
| 45 | VOID\r |
| 46 | DetectTestKey (\r |
| 47 | VOID\r |
| 48 | )\r |
| 49 | {\r |
| 50 | BOOLEAN TestKeyUsed;\r |
| 51 | UINTN PublicKeyDataLength;\r |
| 52 | UINT8 *PublicKeyDataXdr;\r |
| 53 | UINT8 *PublicKeyDataXdrEnd;\r |
| 54 | VOID *HashContext;\r |
| 55 | UINT8 Digest[SHA256_DIGEST_SIZE];\r |
| 56 | \r |
| 57 | //\r |
| 58 | // If PcdFmpDeviceTestKeySha256Digest is not exacty SHA256_DIGEST_SIZE bytes,\r |
| 59 | // then skip the test key detection.\r |
| 60 | //\r |
| 61 | if (PcdGetSize (PcdFmpDeviceTestKeySha256Digest) != SHA256_DIGEST_SIZE) {\r |
| 62 | return;\r |
| 63 | }\r |
| 64 | \r |
| 65 | //\r |
| 66 | // If PcdTestKeyUsed is already TRUE, then skip test key detection\r |
| 67 | //\r |
| 68 | TestKeyUsed = PcdGetBool (PcdTestKeyUsed);\r |
| 69 | if (TestKeyUsed) {\r |
| 70 | return;\r |
| 71 | }\r |
| 72 | \r |
| 73 | //\r |
| 74 | // If PcdFmpDevicePkcs7CertBufferXdr is invalid, then skip test key detection\r |
| 75 | //\r |
| 76 | PublicKeyDataXdr = PcdGetPtr (PcdFmpDevicePkcs7CertBufferXdr);\r |
| 77 | PublicKeyDataXdrEnd = PublicKeyDataXdr + PcdGetSize (PcdFmpDevicePkcs7CertBufferXdr);\r |
| 78 | if (PublicKeyDataXdr == NULL || PublicKeyDataXdr == PublicKeyDataXdrEnd) {\r |
| 79 | return;\r |
| 80 | }\r |
| 81 | \r |
| 82 | //\r |
| 83 | // Allocate hash context buffer required for SHA 256\r |
| 84 | //\r |
| 85 | HashContext = AllocatePool (Sha256GetContextSize ());\r |
| 86 | if (HashContext == NULL) {\r |
| 87 | TestKeyUsed = TRUE;\r |
| 88 | }\r |
| 89 | \r |
| 90 | //\r |
| 91 | // Loop through all keys in PcdFmpDevicePkcs7CertBufferXdr\r |
| 92 | //\r |
| 93 | while (!TestKeyUsed && PublicKeyDataXdr < PublicKeyDataXdrEnd) {\r |
| 94 | if (PublicKeyDataXdr + sizeof (UINT32) > PublicKeyDataXdrEnd) {\r |
| 95 | //\r |
| 96 | // Key data extends beyond end of PCD\r |
| 97 | //\r |
| 98 | break;\r |
| 99 | }\r |
| 100 | //\r |
| 101 | // Read key length stored in big endian format\r |
| 102 | //\r |
| 103 | PublicKeyDataLength = SwapBytes32 (*(UINT32 *)(PublicKeyDataXdr));\r |
| 104 | //\r |
| 105 | // Point to the start of the key data\r |
| 106 | //\r |
| 107 | PublicKeyDataXdr += sizeof (UINT32);\r |
| 108 | if (PublicKeyDataXdr + PublicKeyDataLength > PublicKeyDataXdrEnd) {\r |
| 109 | //\r |
| 110 | // Key data extends beyond end of PCD\r |
| 111 | //\r |
| 112 | break;\r |
| 113 | }\r |
| 114 | \r |
| 115 | //\r |
| 116 | // Hash public key from PcdFmpDevicePkcs7CertBufferXdr using SHA256.\r |
| 117 | // If error occurs computing SHA256, then assume test key is in use.\r |
| 118 | //\r |
| 119 | ZeroMem (Digest, SHA256_DIGEST_SIZE);\r |
| 120 | if (!Sha256Init (HashContext)) {\r |
| 121 | TestKeyUsed = TRUE;\r |
| 122 | break;\r |
| 123 | }\r |
| 124 | if (!Sha256Update (HashContext, PublicKeyDataXdr, PublicKeyDataLength)) {\r |
| 125 | TestKeyUsed = TRUE;\r |
| 126 | break;\r |
| 127 | }\r |
| 128 | if (!Sha256Final (HashContext, Digest)) {\r |
| 129 | TestKeyUsed = TRUE;\r |
| 130 | break;\r |
| 131 | }\r |
| 132 | \r |
| 133 | //\r |
| 134 | // Check if SHA256 hash of public key matches SHA256 hash of test key\r |
| 135 | //\r |
| 136 | if (CompareMem (Digest, PcdGetPtr (PcdFmpDeviceTestKeySha256Digest), SHA256_DIGEST_SIZE) == 0) {\r |
| 137 | TestKeyUsed = TRUE;\r |
| 138 | break;\r |
| 139 | }\r |
| 140 | \r |
| 141 | //\r |
| 142 | // Point to start of next key\r |
| 143 | //\r |
| 144 | PublicKeyDataXdr += PublicKeyDataLength;\r |
| 145 | PublicKeyDataXdr = (UINT8 *)ALIGN_POINTER (PublicKeyDataXdr, sizeof (UINT32));\r |
| 146 | }\r |
| 147 | \r |
| 148 | //\r |
| 149 | // Free hash context buffer required for SHA 256\r |
| 150 | //\r |
| 151 | if (HashContext != NULL) {\r |
| 152 | FreePool (HashContext);\r |
| 153 | HashContext = NULL;\r |
| 154 | }\r |
| 155 | \r |
| 156 | //\r |
| 157 | // If test key detected or an error occured checking for the test key, then\r |
| 158 | // set PcdTestKeyUsed to TRUE.\r |
| 159 | //\r |
| 160 | if (TestKeyUsed) {\r |
| 161 | DEBUG ((DEBUG_INFO, "FmpDxe: Test key detected in PcdFmpDevicePkcs7CertBufferXdr.\n"));\r |
| 162 | PcdSetBoolS (PcdTestKeyUsed, TRUE);\r |
| 163 | } else {\r |
| 164 | DEBUG ((DEBUG_INFO, "FmpDxe: No test key detected in PcdFmpDevicePkcs7CertBufferXdr.\n"));\r |
| 165 | }\r |
| 166 | }\r |