/** @file\r
\r
- This library registers RSA 2048 SHA 256 guided section handler \r
+ This library registers RSA 2048 SHA 256 guided section handler\r
to parse RSA 2048 SHA 256 encapsulation section and extract raw data.\r
It uses the BaseCrypyLib based on OpenSSL to authenticate the signature.\r
\r
-Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution. The full text of the license may be found at \r
-http://opensource.org/licenses/bsd-license.php \r
- \r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
/**\r
\r
GetInfo gets raw data size and attribute of the input guided section.\r
- It first checks whether the input guid section is supported. \r
+ It first checks whether the input guid section is supported.\r
If not, EFI_INVALID_PARAMETER will return.\r
\r
@param InputSection Buffer containing the input GUIDed section to be processed.\r
@param ScratchBufferSize The size of ScratchBuffer.\r
@param SectionAttribute The attribute of the input guided section.\r
\r
- @retval EFI_SUCCESS The size of destination buffer, the size of scratch buffer and \r
- the attribute of the input section are successull retrieved.\r
+ @retval EFI_SUCCESS The size of destination buffer, the size of scratch buffer and\r
+ the attribute of the input section are successfully retrieved.\r
@retval EFI_INVALID_PARAMETER The GUID in InputSection does not match this instance guid.\r
\r
**/\r
//\r
*SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *) InputSection)->Attributes;\r
*ScratchBufferSize = 0;\r
- *OutputBufferSize = SECTION2_SIZE (InputSection) - ((EFI_GUID_DEFINED_SECTION2 *) InputSection)->DataOffset;\r
+ *OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION2_HEADER);\r
} else {\r
//\r
// Check whether the input guid section is recognized.\r
//\r
*SectionAttribute = ((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes;\r
*ScratchBufferSize = 0;\r
- *OutputBufferSize = SECTION_SIZE (InputSection) - ((EFI_GUID_DEFINED_SECTION *) InputSection)->DataOffset;\r
+ *OutputBufferSize = SECTION_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION_HEADER);\r
}\r
\r
return EFI_SUCCESS;\r
\r
Extraction handler tries to extract raw data from the input guided section.\r
It also does authentication check for RSA 2048 SHA 256 signature in the input guided section.\r
- It first checks whether the input guid section is supported. \r
+ It first checks whether the input guid section is supported.\r
If not, EFI_INVALID_PARAMETER will return.\r
\r
@param InputSection Buffer containing the input GUIDed section to be processed.\r
UINTN PublicKeyBufferSize;\r
VOID *HashContext;\r
VOID *Rsa;\r
- \r
+\r
HashContext = NULL;\r
Rsa = NULL;\r
- \r
+\r
if (IS_SECTION2 (InputSection)) {\r
//\r
// Check whether the input guid section is recognized.\r
&(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid))) {\r
return EFI_INVALID_PARAMETER;\r
}\r
- \r
+\r
//\r
// Get the RSA 2048 SHA 256 information.\r
//\r
CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION2_HEADER *) InputSection)->CertBlockRsa2048Sha256;\r
OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION2_HEADER);\r
if ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_PROCESSING_REQUIRED) != 0) {\r
- PERF_START (NULL, "RsaCopy", "PEI", 0);\r
+ PERF_INMODULE_BEGIN ("PeiRsaCopy");\r
CopyMem (*OutputBuffer, (UINT8 *)InputSection + sizeof (RSA_2048_SHA_256_SECTION2_HEADER), OutputBufferSize);\r
- PERF_END (NULL, "RsaCopy", "PEI", 0);\r
+ PERF_INMODULE_END ("PeiRsaCopy");\r
} else {\r
*OutputBuffer = (UINT8 *)InputSection + sizeof (RSA_2048_SHA_256_SECTION2_HEADER);\r
}\r
&(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid))) {\r
return EFI_INVALID_PARAMETER;\r
}\r
- \r
+\r
//\r
// Get the RSA 2048 SHA 256 information.\r
//\r
CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION_HEADER *)InputSection)->CertBlockRsa2048Sha256;\r
OutputBufferSize = SECTION_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION_HEADER);\r
if ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_PROCESSING_REQUIRED) != 0) {\r
- PERF_START (NULL, "RsaCopy", "PEI", 0);\r
+ PERF_INMODULE_BEGIN ("PeiRsaCopy");\r
CopyMem (*OutputBuffer, (UINT8 *)InputSection + sizeof (RSA_2048_SHA_256_SECTION_HEADER), OutputBufferSize);\r
- PERF_END (NULL, "RsaCopy", "PEI", 0);\r
+ PERF_INMODULE_END ("PeiRsaCopy");\r
} else {\r
*OutputBuffer = (UINT8 *)InputSection + sizeof (RSA_2048_SHA_256_SECTION_HEADER);\r
}\r
// All paths from here return EFI_SUCESS and result is returned in AuthenticationStatus\r
//\r
Status = EFI_SUCCESS;\r
- \r
+\r
//\r
// Fail if the HashType is not SHA 256\r
//\r
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;\r
goto Done;\r
}\r
- \r
+\r
//\r
// Fail if the PublicKey is not one of the public keys in PcdRsa2048Sha256PublicKeyBuffer\r
//\r
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;\r
goto Done;\r
}\r
- \r
- // \r
+\r
+ //\r
// Set RSA Key Components.\r
// NOTE: Only N and E are needed to be set as RSA public key for signature verification.\r
//\r
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;\r
goto Done;\r
}\r
- PERF_START (NULL, "RsaShaData", "PEI", 0);\r
+ PERF_INMODULE_BEGIN ("PeiRsaShaData");\r
CryptoStatus = Sha256Update (HashContext, *OutputBuffer, OutputBufferSize);\r
- PERF_END (NULL, "RsaShaData", "PEI", 0);\r
+ PERF_INMODULE_END ("PeiRsaShaData");\r
if (!CryptoStatus) {\r
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Update() failed\n"));\r
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;\r
//\r
// Verify the RSA 2048 SHA 256 signature.\r
//\r
- PERF_START (NULL, "RsaVerify", "PEI", 0);\r
+ PERF_INMODULE_BEGIN ("PeiRsaVerify");\r
CryptoStatus = RsaPkcs1Verify (\r
- Rsa, \r
- Digest, \r
- SHA256_DIGEST_SIZE, \r
- CertBlockRsa2048Sha256->Signature, \r
+ Rsa,\r
+ Digest,\r
+ SHA256_DIGEST_SIZE,\r
+ CertBlockRsa2048Sha256->Signature,\r
sizeof (CertBlockRsa2048Sha256->Signature)\r
);\r
- PERF_END (NULL, "RsaVerify", "PEI", 0);\r
+ PERF_INMODULE_END ("PeiRsaVerify");\r
if (!CryptoStatus) {\r
//\r
// If RSA 2048 SHA 256 signature verification fails, AUTH tested failed bit is set.\r
FreePool (HashContext);\r
}\r
\r
- //\r
- // Temp solution until PeiCore checks AUTH Status.\r
- //\r
- if ((*AuthenticationStatus & (EFI_AUTH_STATUS_TEST_FAILED | EFI_AUTH_STATUS_NOT_TESTED)) != 0) {\r
- Status = EFI_ACCESS_DENIED;\r
- }\r
DEBUG ((DEBUG_VERBOSE, "PeiRsa2048Sha256: Status = %r AuthenticationStatus = %08x\n", Status, *AuthenticationStatus));\r
\r
return Status;\r
projects / mirror_edk2.git / blobdiff