///\r
/// Public Exponent of RSA Key.\r
///\r
-STATIC CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };\r
+STATIC CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };\r
\r
/**\r
The handler is used to do the authentication for FMP capsule based upon\r
IN UINTN PublicKeyDataLength\r
)\r
{\r
- RETURN_STATUS Status;\r
- EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlockRsa2048Sha256;\r
- BOOLEAN CryptoStatus;\r
- UINT8 Digest[SHA256_DIGEST_SIZE];\r
- UINT8 *PublicKey;\r
- UINTN PublicKeyBufferSize;\r
- VOID *HashContext;\r
- VOID *Rsa;\r
+ RETURN_STATUS Status;\r
+ EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlockRsa2048Sha256;\r
+ BOOLEAN CryptoStatus;\r
+ UINT8 Digest[SHA256_DIGEST_SIZE];\r
+ UINT8 *PublicKey;\r
+ UINTN PublicKeyBufferSize;\r
+ VOID *HashContext;\r
+ VOID *Rsa;\r
\r
DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerRsa2048Sha256 - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize));\r
\r
- if (Image->AuthInfo.Hdr.dwLength != OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof(EFI_CERT_BLOCK_RSA_2048_SHA256)) {\r
- DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - dwLength: 0x%04x, dwLength - 0x%04x\n", (UINTN)Image->AuthInfo.Hdr.dwLength, (UINTN)OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof(EFI_CERT_BLOCK_RSA_2048_SHA256)));\r
+ if (Image->AuthInfo.Hdr.dwLength != OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256)) {\r
+ DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - dwLength: 0x%04x, dwLength - 0x%04x\n", (UINTN)Image->AuthInfo.Hdr.dwLength, (UINTN)OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256)));\r
return RETURN_INVALID_PARAMETER;\r
}\r
\r
CertBlockRsa2048Sha256 = (EFI_CERT_BLOCK_RSA_2048_SHA256 *)Image->AuthInfo.CertData;\r
- if (!CompareGuid(&CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid)) {\r
- DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - HashType: %g, expect - %g\n", &CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid));\r
+ if (!CompareGuid (&CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid)) {\r
+ DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - HashType: %g, expect - %g\n", &CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid));\r
return RETURN_INVALID_PARAMETER;\r
}\r
\r
HashContext = NULL;\r
- Rsa = NULL;\r
+ Rsa = NULL;\r
\r
//\r
// Allocate hash context buffer required for SHA 256\r
Status = RETURN_OUT_OF_RESOURCES;\r
goto Done;\r
}\r
- CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey));\r
+\r
+ CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));\r
if (!CryptoStatus) {\r
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n"));\r
Status = RETURN_OUT_OF_RESOURCES;\r
goto Done;\r
}\r
- CryptoStatus = Sha256Final (HashContext, Digest);\r
+\r
+ CryptoStatus = Sha256Final (HashContext, Digest);\r
if (!CryptoStatus) {\r
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Final() failed\n"));\r
Status = RETURN_OUT_OF_RESOURCES;\r
//\r
// Fail if the PublicKey is not one of the public keys in the input PublicKeyData.\r
//\r
- PublicKey = (VOID *)PublicKeyData;\r
+ PublicKey = (VOID *)PublicKeyData;\r
PublicKeyBufferSize = PublicKeyDataLength;\r
- CryptoStatus = FALSE;\r
+ CryptoStatus = FALSE;\r
while (PublicKeyBufferSize != 0) {\r
if (CompareMem (Digest, PublicKey, SHA256_DIGEST_SIZE) == 0) {\r
CryptoStatus = TRUE;\r
break;\r
}\r
- PublicKey = PublicKey + SHA256_DIGEST_SIZE;\r
+\r
+ PublicKey = PublicKey + SHA256_DIGEST_SIZE;\r
PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE;\r
}\r
+\r
if (!CryptoStatus) {\r
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Public key in section is not supported\n"));\r
Status = RETURN_SECURITY_VIOLATION;\r
// Set RSA Key Components.\r
// NOTE: Only N and E are needed to be set as RSA public key for signature verification.\r
//\r
- CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey));\r
+ CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));\r
if (!CryptoStatus) {\r
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaSetKey(RsaKeyN) failed\n"));\r
Status = RETURN_OUT_OF_RESOURCES;\r
goto Done;\r
}\r
+\r
CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));\r
if (!CryptoStatus) {\r
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n"));\r
// It is a signature across the variable data and the Monotonic Count value.\r
CryptoStatus = Sha256Update (\r
HashContext,\r
- (UINT8 *)Image + sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength,\r
- ImageSize - sizeof(Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength\r
+ (UINT8 *)Image + sizeof (Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength,\r
+ ImageSize - sizeof (Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength\r
);\r
if (!CryptoStatus) {\r
- DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n"));\r
+ DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n"));\r
Status = RETURN_OUT_OF_RESOURCES;\r
goto Done;\r
}\r
+\r
CryptoStatus = Sha256Update (\r
HashContext,\r
(UINT8 *)&Image->MonotonicCount,\r
- sizeof(Image->MonotonicCount)\r
+ sizeof (Image->MonotonicCount)\r
);\r
if (!CryptoStatus) {\r
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n"));\r
Status = RETURN_OUT_OF_RESOURCES;\r
goto Done;\r
}\r
- CryptoStatus = Sha256Final (HashContext, Digest);\r
+\r
+ CryptoStatus = Sha256Final (HashContext, Digest);\r
if (!CryptoStatus) {\r
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Final() failed\n"));\r
Status = RETURN_OUT_OF_RESOURCES;\r
Status = RETURN_SECURITY_VIOLATION;\r
goto Done;\r
}\r
+\r
DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerRsa2048Sha256: PASS verification\n"));\r
\r
Status = RETURN_SUCCESS;\r
if (Rsa != NULL) {\r
RsaFree (Rsa);\r
}\r
+\r
if (HashContext != NULL) {\r
FreePool (HashContext);\r
}\r
IN UINTN PublicKeyDataLength\r
)\r
{\r
- GUID *CertType;\r
- EFI_STATUS Status;\r
+ GUID *CertType;\r
+ EFI_STATUS Status;\r
\r
if ((Image == NULL) || (ImageSize == 0)) {\r
return RETURN_UNSUPPORTED;\r
return RETURN_UNSUPPORTED;\r
}\r
\r
- if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) {\r
- DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));\r
+ if (ImageSize < sizeof (EFI_FIRMWARE_IMAGE_AUTHENTICATION)) {\r
+ DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));\r
return RETURN_INVALID_PARAMETER;\r
}\r
- if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) {\r
- DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n"));\r
+\r
+ if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) {\r
+ DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n"));\r
return RETURN_INVALID_PARAMETER;\r
}\r
- if ((UINTN) Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof(UINT64)) {\r
- DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n"));\r
+\r
+ if ((UINTN)Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof (UINT64)) {\r
+ DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n"));\r
return RETURN_INVALID_PARAMETER;\r
}\r
- if (ImageSize <= sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) {\r
- DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));\r
+\r
+ if (ImageSize <= sizeof (Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) {\r
+ DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));\r
return RETURN_INVALID_PARAMETER;\r
}\r
+\r
if (Image->AuthInfo.Hdr.wRevision != 0x0200) {\r
- DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200));\r
+ DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200));\r
return RETURN_INVALID_PARAMETER;\r
}\r
+\r
if (Image->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) {\r
- DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID));\r
+ DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID));\r
return RETURN_INVALID_PARAMETER;\r
}\r
\r
CertType = &Image->AuthInfo.CertType;\r
- DEBUG((DEBUG_INFO, "AuthenticateFmpImage - CertType: %g\n", CertType));\r
+ DEBUG ((DEBUG_INFO, "AuthenticateFmpImage - CertType: %g\n", CertType));\r
\r
if (CompareGuid (&gEfiCertTypeRsa2048Sha256Guid, CertType)) {\r
//\r
//\r
return RETURN_UNSUPPORTED;\r
}\r
-\r