X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=CryptoPkg%2FApplication%2FCryptest%2FRsaVerify2.c;h=9db43d6eef7aed481a1674b2f24b36d29e6e21d9;hp=adac99a9d7182c4d92fb41c667281b2b2d114ec1;hb=5b7c22450591a9e20ff54b970c11087ccfff563d;hpb=4a567c9690db97ecbf982e9428727f073bada504
diff --git a/CryptoPkg/Application/Cryptest/RsaVerify2.c b/CryptoPkg/Application/Cryptest/RsaVerify2.c
index adac99a9d7..9db43d6eef 100644
--- a/CryptoPkg/Application/Cryptest/RsaVerify2.c
+++ b/CryptoPkg/Application/Cryptest/RsaVerify2.c
@@ -1,7 +1,7 @@
/** @file
Application for RSA Key Retrieving (from PEM and X509) & Signature Validation.
-Copyright (c) 2010, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -187,6 +187,11 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 MsgHash[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09
};
+//
+// Payload for PKCS#7 Signing & Verification Validation.
+//
+GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 *Payload = "Payload Data for PKCS#7 Signing";
+
/**
Validate UEFI-OpenSSL RSA Key Retrieving & Signature Interfaces.
@@ -199,13 +204,17 @@ ValidateCryptRsa2 (
VOID
)
{
- BOOLEAN Status;
- VOID *RsaPrivKey;
- VOID *RsaPubKey;
- UINT8 *Signature;
- UINTN SigSize;
- UINT8 *Subject;
- UINTN SubjectSize;
+ BOOLEAN Status;
+ VOID *RsaPrivKey;
+ VOID *RsaPubKey;
+ UINT8 *Signature;
+ UINTN SigSize;
+ UINT8 *Subject;
+ UINTN SubjectSize;
+ RETURN_STATUS ReturnStatus;
+ CHAR8 CommonName[64];
+ CHAR16 CommonNameUnicode[64];
+ UINTN CommonNameSize;
Print (L"\nUEFI-OpenSSL RSA Key Retrieving Testing: ");
@@ -214,7 +223,7 @@ ValidateCryptRsa2 (
//
Print (L"\n- Retrieve RSA Private Key for PEM ...");
Status = RsaGetPrivateKeyFromPem (TestKeyPem, sizeof (TestKeyPem), PemPass, &RsaPrivKey);
- if (Status == FALSE) {
+ if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
} else {
@@ -227,7 +236,7 @@ ValidateCryptRsa2 (
Print (L"\n- Retrieve RSA Public Key from X509 ... ");
RsaPubKey = NULL;
Status = RsaGetPublicKeyFromX509 (TestCert, sizeof (TestCert), &RsaPubKey);
- if (Status == FALSE) {
+ if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
} else {
@@ -281,6 +290,20 @@ ValidateCryptRsa2 (
Print (L"[Pass]");
}
+ //
+ // Get CommonName from X509 Certificate Subject
+ //
+ CommonNameSize = 64;
+ ZeroMem (CommonName, CommonNameSize);
+ ReturnStatus = X509GetCommonName (TestCert, sizeof (TestCert), CommonName, &CommonNameSize);
+ if (RETURN_ERROR (ReturnStatus)) {
+ Print (L"\n - Retrieving Common Name - [Fail]");
+ return EFI_ABORTED;
+ } else {
+ AsciiStrToUnicodeStrS (CommonName, CommonNameUnicode, CommonNameSize);
+ Print (L"\n - Retrieving Common Name = \"%s\" (Size = %d)", CommonNameUnicode, CommonNameSize);
+ }
+
//
// X509 Certificate Verification.
//
@@ -303,3 +326,88 @@ ValidateCryptRsa2 (
return EFI_SUCCESS;
}
+
+/**
+ Validate UEFI-OpenSSL PKCS#7 Signing & Verification Interfaces.
+
+ @retval EFI_SUCCESS Validation succeeded.
+ @retval EFI_ABORTED Validation failed.
+
+**/
+EFI_STATUS
+ValidateCryptPkcs7 (
+ VOID
+ )
+{
+ BOOLEAN Status;
+ UINT8 *P7SignedData;
+ UINTN P7SignedDataSize;
+ UINT8 *SignCert;
+
+ P7SignedData = NULL;
+ SignCert = NULL;
+
+ Print (L"\nUEFI-OpenSSL PKCS#7 Signing & Verification Testing: ");
+
+ Print (L"\n- Create PKCS#7 signedData ...");
+
+ //
+ // Construct Signer Certificate from RAW data.
+ //
+ Status = X509ConstructCertificate (TestCert, sizeof (TestCert), (UINT8 **) &SignCert);
+ if (!Status || SignCert == NULL) {
+ Print (L"[Fail]");
+ goto _Exit;
+ } else {
+ Print (L"[Pass]");
+ }
+
+ //
+ // Create PKCS#7 signedData on Payload.
+ // Note: Caller should release P7SignedData manually.
+ //
+ Status = Pkcs7Sign (
+ TestKeyPem,
+ sizeof (TestKeyPem),
+ (CONST UINT8 *) PemPass,
+ (UINT8 *) Payload,
+ AsciiStrLen (Payload),
+ SignCert,
+ NULL,
+ &P7SignedData,
+ &P7SignedDataSize
+ );
+ if (!Status || P7SignedDataSize == 0) {
+ Print (L"[Fail]");
+ goto _Exit;
+ } else {
+ Print (L"[Pass]");
+ }
+
+ Print (L"\n- Verify PKCS#7 signedData ...");
+
+ Status = Pkcs7Verify (
+ P7SignedData,
+ P7SignedDataSize,
+ TestCACert,
+ sizeof (TestCACert),
+ (UINT8 *) Payload,
+ AsciiStrLen (Payload)
+ );
+ if (!Status) {
+ Print (L"[Fail]");
+ } else {
+ Print (L"[Pass]");
+ }
+
+_Exit:
+ if (P7SignedData != NULL) {
+ FreePool (P7SignedData);
+ }
+ if (SignCert != NULL) {
+ X509Free (SignCert);
+ }
+
+ Print (L"\n");
+ return EFI_SUCCESS;
+}