/** @file\r
\r
- This library registers RSA 2048 SHA 256 guided section handler \r
+ This library registers RSA 2048 SHA 256 guided section handler\r
to parse RSA 2048 SHA 256 encapsulation section and extract raw data.\r
- It uses the BaseCrypyLib based on OpenSSL to authenticate the signature.\r
+ It uses the BaseCryptLib based on OpenSSL to authenticate the signature.\r
\r
-Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution. The full text of the license may be found at \r
-http://opensource.org/licenses/bsd-license.php \r
- \r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
/// RSA 2048 SHA 256 Guided Section header\r
///\r
typedef struct {\r
- EFI_GUID_DEFINED_SECTION GuidedSectionHeader; ///< EFI guided section header\r
- EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature\r
+ EFI_GUID_DEFINED_SECTION GuidedSectionHeader; ///< EFI guided section header\r
+ EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature\r
} RSA_2048_SHA_256_SECTION_HEADER;\r
\r
typedef struct {\r
- EFI_GUID_DEFINED_SECTION2 GuidedSectionHeader; ///< EFI guided section header\r
- EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature\r
+ EFI_GUID_DEFINED_SECTION2 GuidedSectionHeader; ///< EFI guided section header\r
+ EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature\r
} RSA_2048_SHA_256_SECTION2_HEADER;\r
\r
///\r
/// Public Exponent of RSA Key.\r
///\r
-CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };\r
+CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };\r
\r
/**\r
\r
GetInfo gets raw data size and attribute of the input guided section.\r
- It first checks whether the input guid section is supported. \r
+ It first checks whether the input guid section is supported.\r
If not, EFI_INVALID_PARAMETER will return.\r
\r
@param InputSection Buffer containing the input GUIDed section to be processed.\r
@param ScratchBufferSize The size of ScratchBuffer.\r
@param SectionAttribute The attribute of the input guided section.\r
\r
- @retval EFI_SUCCESS The size of destination buffer, the size of scratch buffer and \r
+ @retval EFI_SUCCESS The size of destination buffer, the size of scratch buffer and\r
the attribute of the input section are successfully retrieved.\r
@retval EFI_INVALID_PARAMETER The GUID in InputSection does not match this instance guid.\r
\r
// Check whether the input guid section is recognized.\r
//\r
if (!CompareGuid (\r
- &gEfiCertTypeRsa2048Sha256Guid,\r
- &(((EFI_GUID_DEFINED_SECTION2 *) InputSection)->SectionDefinitionGuid))) {\r
+ &gEfiCertTypeRsa2048Sha256Guid,\r
+ &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid)\r
+ ))\r
+ {\r
return EFI_INVALID_PARAMETER;\r
}\r
+\r
//\r
// Retrieve the size and attribute of the input section data.\r
//\r
- *SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *) InputSection)->Attributes;\r
+ *SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *)InputSection)->Attributes;\r
*ScratchBufferSize = 0;\r
- *OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION2_HEADER);\r
+ *OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION2_HEADER);\r
} else {\r
//\r
// Check whether the input guid section is recognized.\r
//\r
if (!CompareGuid (\r
- &gEfiCertTypeRsa2048Sha256Guid,\r
- &(((EFI_GUID_DEFINED_SECTION *) InputSection)->SectionDefinitionGuid))) {\r
+ &gEfiCertTypeRsa2048Sha256Guid,\r
+ &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid)\r
+ ))\r
+ {\r
return EFI_INVALID_PARAMETER;\r
}\r
+\r
//\r
// Retrieve the size and attribute of the input section data.\r
//\r
- *SectionAttribute = ((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes;\r
+ *SectionAttribute = ((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes;\r
*ScratchBufferSize = 0;\r
- *OutputBufferSize = SECTION_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION_HEADER);\r
+ *OutputBufferSize = SECTION_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION_HEADER);\r
}\r
\r
return EFI_SUCCESS;\r
\r
Extraction handler tries to extract raw data from the input guided section.\r
It also does authentication check for RSA 2048 SHA 256 signature in the input guided section.\r
- It first checks whether the input guid section is supported. \r
+ It first checks whether the input guid section is supported.\r
If not, EFI_INVALID_PARAMETER will return.\r
\r
@param InputSection Buffer containing the input GUIDed section to be processed.\r
Rsa2048Sha256GuidedSectionHandler (\r
IN CONST VOID *InputSection,\r
OUT VOID **OutputBuffer,\r
- IN VOID *ScratchBuffer, OPTIONAL\r
+ IN VOID *ScratchBuffer OPTIONAL,\r
OUT UINT32 *AuthenticationStatus\r
)\r
{\r
UINTN PublicKeyBufferSize;\r
VOID *HashContext;\r
VOID *Rsa;\r
- \r
+\r
HashContext = NULL;\r
Rsa = NULL;\r
- \r
+\r
if (IS_SECTION2 (InputSection)) {\r
//\r
// Check whether the input guid section is recognized.\r
//\r
if (!CompareGuid (\r
- &gEfiCertTypeRsa2048Sha256Guid,\r
- &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid))) {\r
+ &gEfiCertTypeRsa2048Sha256Guid,\r
+ &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid)\r
+ ))\r
+ {\r
return EFI_INVALID_PARAMETER;\r
}\r
- \r
+\r
//\r
// Get the RSA 2048 SHA 256 information.\r
//\r
- CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION2_HEADER *) InputSection)->CertBlockRsa2048Sha256;\r
+ CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION2_HEADER *)InputSection)->CertBlockRsa2048Sha256;\r
OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION2_HEADER);\r
if ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_PROCESSING_REQUIRED) != 0) {\r
- PERF_START (NULL, "RsaCopy", "PEI", 0);\r
+ PERF_INMODULE_BEGIN ("PeiRsaCopy");\r
CopyMem (*OutputBuffer, (UINT8 *)InputSection + sizeof (RSA_2048_SHA_256_SECTION2_HEADER), OutputBufferSize);\r
- PERF_END (NULL, "RsaCopy", "PEI", 0);\r
+ PERF_INMODULE_END ("PeiRsaCopy");\r
} else {\r
*OutputBuffer = (UINT8 *)InputSection + sizeof (RSA_2048_SHA_256_SECTION2_HEADER);\r
}\r
// Check whether the input guid section is recognized.\r
//\r
if (!CompareGuid (\r
- &gEfiCertTypeRsa2048Sha256Guid,\r
- &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid))) {\r
+ &gEfiCertTypeRsa2048Sha256Guid,\r
+ &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid)\r
+ ))\r
+ {\r
return EFI_INVALID_PARAMETER;\r
}\r
- \r
+\r
//\r
// Get the RSA 2048 SHA 256 information.\r
//\r
CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION_HEADER *)InputSection)->CertBlockRsa2048Sha256;\r
OutputBufferSize = SECTION_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION_HEADER);\r
if ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_PROCESSING_REQUIRED) != 0) {\r
- PERF_START (NULL, "RsaCopy", "PEI", 0);\r
+ PERF_INMODULE_BEGIN ("PeiRsaCopy");\r
CopyMem (*OutputBuffer, (UINT8 *)InputSection + sizeof (RSA_2048_SHA_256_SECTION_HEADER), OutputBufferSize);\r
- PERF_END (NULL, "RsaCopy", "PEI", 0);\r
+ PERF_INMODULE_END ("PeiRsaCopy");\r
} else {\r
*OutputBuffer = (UINT8 *)InputSection + sizeof (RSA_2048_SHA_256_SECTION_HEADER);\r
}\r
//\r
// Implicitly RSA 2048 SHA 256 GUIDed section should have STATUS_VALID bit set\r
//\r
- ASSERT ((((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) != 0);\r
+ ASSERT ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) != 0);\r
*AuthenticationStatus = EFI_AUTH_STATUS_IMAGE_SIGNED;\r
}\r
\r
//\r
- // All paths from here return EFI_SUCESS and result is returned in AuthenticationStatus\r
+ // All paths from here return EFI_SUCCESS and result is returned in AuthenticationStatus\r
//\r
Status = EFI_SUCCESS;\r
- \r
+\r
//\r
// Fail if the HashType is not SHA 256\r
//\r
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;\r
goto Done;\r
}\r
- CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey));\r
+\r
+ CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));\r
if (!CryptoStatus) {\r
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Update() failed\n"));\r
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;\r
goto Done;\r
}\r
- CryptoStatus = Sha256Final (HashContext, Digest);\r
+\r
+ CryptoStatus = Sha256Final (HashContext, Digest);\r
if (!CryptoStatus) {\r
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Final() failed\n"));\r
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;\r
goto Done;\r
}\r
- \r
+\r
//\r
// Fail if the PublicKey is not one of the public keys in PcdRsa2048Sha256PublicKeyBuffer\r
//\r
CryptoStatus = TRUE;\r
break;\r
}\r
- PublicKey = PublicKey + SHA256_DIGEST_SIZE;\r
+\r
+ PublicKey = PublicKey + SHA256_DIGEST_SIZE;\r
PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE;\r
}\r
+\r
if (!CryptoStatus) {\r
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Public key in section is not supported\n"));\r
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;\r
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;\r
goto Done;\r
}\r
- \r
- // \r
+\r
+ //\r
// Set RSA Key Components.\r
// NOTE: Only N and E are needed to be set as RSA public key for signature verification.\r
//\r
- CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey));\r
+ CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));\r
if (!CryptoStatus) {\r
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: RsaSetKey(RsaKeyN) failed\n"));\r
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;\r
goto Done;\r
}\r
+\r
CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));\r
if (!CryptoStatus) {\r
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n"));\r
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;\r
goto Done;\r
}\r
- PERF_START (NULL, "RsaShaData", "PEI", 0);\r
+\r
+ PERF_INMODULE_BEGIN ("PeiRsaShaData");\r
CryptoStatus = Sha256Update (HashContext, *OutputBuffer, OutputBufferSize);\r
- PERF_END (NULL, "RsaShaData", "PEI", 0);\r
+ PERF_INMODULE_END ("PeiRsaShaData");\r
if (!CryptoStatus) {\r
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Update() failed\n"));\r
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;\r
goto Done;\r
}\r
- CryptoStatus = Sha256Final (HashContext, Digest);\r
+\r
+ CryptoStatus = Sha256Final (HashContext, Digest);\r
if (!CryptoStatus) {\r
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Final() failed\n"));\r
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;\r
//\r
// Verify the RSA 2048 SHA 256 signature.\r
//\r
- PERF_START (NULL, "RsaVerify", "PEI", 0);\r
+ PERF_INMODULE_BEGIN ("PeiRsaVerify");\r
CryptoStatus = RsaPkcs1Verify (\r
- Rsa, \r
- Digest, \r
- SHA256_DIGEST_SIZE, \r
- CertBlockRsa2048Sha256->Signature, \r
+ Rsa,\r
+ Digest,\r
+ SHA256_DIGEST_SIZE,\r
+ CertBlockRsa2048Sha256->Signature,\r
sizeof (CertBlockRsa2048Sha256->Signature)\r
);\r
- PERF_END (NULL, "RsaVerify", "PEI", 0);\r
+ PERF_INMODULE_END ("PeiRsaVerify");\r
if (!CryptoStatus) {\r
//\r
// If RSA 2048 SHA 256 signature verification fails, AUTH tested failed bit is set.\r
if (Rsa != NULL) {\r
RsaFree (Rsa);\r
}\r
+\r
if (HashContext != NULL) {\r
FreePool (HashContext);\r
}\r
EFI_STATUS\r
EFIAPI\r
PeiRsa2048Sha256GuidedSectionExtractLibConstructor (\r
- IN EFI_PEI_FILE_HANDLE FileHandle,\r
- IN CONST EFI_PEI_SERVICES **PeiServices\r
+ IN EFI_PEI_FILE_HANDLE FileHandle,\r
+ IN CONST EFI_PEI_SERVICES **PeiServices\r
)\r
{\r
return ExtractGuidedSectionRegisterHandlers (\r