From 97f98500c1d40eba76210961e90ea5d354bcbc18 Mon Sep 17 00:00:00 2001 From: hhtian Date: Mon, 1 Nov 2010 06:30:58 +0000 Subject: [PATCH] Add CryptoPkg (from UDK2010.UP3) git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10987 6f19259b-4bc3-4df7-8a09-765794883524 --- .../Application/Cryptest/AuthenticodeVerify.c | 658 ++++++++++++++++++ CryptoPkg/Application/Cryptest/Cryptest.c | 372 ++++++++++ CryptoPkg/Application/Cryptest/Cryptest.inf | 47 ++ CryptoPkg/CryptRuntimeDxe/CryptRuntime.c | 248 +++++++ CryptoPkg/CryptRuntimeDxe/CryptRuntime.h | 186 +++++ CryptoPkg/CryptRuntimeDxe/CryptRuntimeDxe.inf | 49 ++ CryptoPkg/CryptoPkg.dec | 39 ++ CryptoPkg/CryptoPkg.dsc | 123 ++++ CryptoPkg/Include/Library/BaseCryptLib.h | 425 +++++++++++ CryptoPkg/Include/OpenSslSupport.h | 238 +++++++ CryptoPkg/Include/Protocol/RuntimeCrypt.h | 204 ++++++ CryptoPkg/Include/arpa/inet.h | 16 + CryptoPkg/Include/assert.h | 16 + CryptoPkg/Include/ctype.h | 16 + CryptoPkg/Include/dirent.h | 16 + CryptoPkg/Include/errno.h | 16 + CryptoPkg/Include/limits.h | 16 + CryptoPkg/Include/malloc.h | 16 + CryptoPkg/Include/math.h | 16 + CryptoPkg/Include/netdb.h | 16 + CryptoPkg/Include/netinet/in.h | 16 + CryptoPkg/Include/openssl/README | 1 + CryptoPkg/Include/sgtty.h | 16 + CryptoPkg/Include/signal.h | 16 + CryptoPkg/Include/stdarg.h | 16 + CryptoPkg/Include/stddef.h | 15 + CryptoPkg/Include/stdio.h | 16 + CryptoPkg/Include/stdlib.h | 16 + CryptoPkg/Include/string.h | 16 + CryptoPkg/Include/strings.h | 15 + CryptoPkg/Include/sys/ioctl.h | 16 + CryptoPkg/Include/sys/param.h | 16 + CryptoPkg/Include/sys/socket.h | 16 + CryptoPkg/Include/sys/stat.h | 16 + CryptoPkg/Include/sys/time.h | 16 + CryptoPkg/Include/sys/times.h | 16 + CryptoPkg/Include/sys/types.h | 16 + CryptoPkg/Include/sys/un.h | 16 + CryptoPkg/Include/syslog.h | 15 + CryptoPkg/Include/time.h | 15 + CryptoPkg/Include/unistd.h | 15 + .../Library/BaseCryptLib/BaseCryptLib.inf | 79 +++ .../Library/BaseCryptLib/Hash/CryptMd5.c | 145 ++++ .../Library/BaseCryptLib/Hash/CryptSha1.c | 145 ++++ .../Library/BaseCryptLib/Hash/CryptSha256.c | 145 ++++ .../Library/BaseCryptLib/PeiCryptLib.inf | 77 ++ .../Library/BaseCryptLib/Pk/CryptPkcs7.c | 160 +++++ CryptoPkg/Library/BaseCryptLib/Pk/CryptRsa.c | 277 ++++++++ .../Library/BaseCryptLib/RuntimeCryptLib.inf | 81 +++ .../BaseCryptLib/SysCall/BaseMemAllocation.c | 42 ++ .../Library/BaseCryptLib/SysCall/CrtWrapper.c | 281 ++++++++ .../BaseCryptLib/SysCall/HelperWrapper.c | 54 ++ .../BaseCryptLib/SysCall/Ia32/Alloca.S | 59 ++ .../BaseCryptLib/SysCall/Ia32/MathDivU64x64.S | 83 +++ .../BaseCryptLib/SysCall/Ia32/MathDivU64x64.c | 88 +++ .../BaseCryptLib/SysCall/Ia32/MathLShiftS64.S | 62 ++ .../BaseCryptLib/SysCall/Ia32/MathLShiftS64.c | 54 ++ .../SysCall/Ia32/MathMultS64x64.S | 77 ++ .../SysCall/Ia32/MathMultS64x64.c | 79 +++ .../BaseCryptLib/SysCall/Ia32/MathRShiftU64.S | 66 ++ .../BaseCryptLib/SysCall/Ia32/MathRShiftU64.c | 57 ++ .../SysCall/Ia32/MathReminderU64x64.S | 89 +++ .../SysCall/Ia32/MathReminderU64x64.c | 93 +++ .../SysCall/RuntimeMemAllocation.c | 438 ++++++++++++ .../BaseCryptLib/SysCall/TimerWrapper.c | 102 +++ .../BaseCryptLibRuntimeCryptProtocol.inf | 49 ++ .../RuntimeDxeIpfCryptLib.c | 390 +++++++++++ CryptoPkg/Library/IntrinsicLib/CopyMem.c | 23 + .../Library/IntrinsicLib/IntrinsicLib.inf | 56 ++ .../Library/IntrinsicLib/MemoryIntrinsics.c | 27 + .../OpensslLib/EDKII_openssl-0.9.8l.patch | 92 +++ CryptoPkg/Library/OpensslLib/Install.cmd | 71 ++ CryptoPkg/Library/OpensslLib/Install.sh | 73 ++ CryptoPkg/Library/OpensslLib/OpensslLib.inf | 579 +++++++++++++++ CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt | 61 ++ CryptoPkg/Library/OpensslLib/buildinf.h | 2 + 76 files changed, 7305 insertions(+) create mode 100644 CryptoPkg/Application/Cryptest/AuthenticodeVerify.c create mode 100644 CryptoPkg/Application/Cryptest/Cryptest.c create mode 100644 CryptoPkg/Application/Cryptest/Cryptest.inf create mode 100644 CryptoPkg/CryptRuntimeDxe/CryptRuntime.c create mode 100644 CryptoPkg/CryptRuntimeDxe/CryptRuntime.h create mode 100644 CryptoPkg/CryptRuntimeDxe/CryptRuntimeDxe.inf create mode 100644 CryptoPkg/CryptoPkg.dec create mode 100644 CryptoPkg/CryptoPkg.dsc create mode 100644 CryptoPkg/Include/Library/BaseCryptLib.h create mode 100644 CryptoPkg/Include/OpenSslSupport.h create mode 100644 CryptoPkg/Include/Protocol/RuntimeCrypt.h create mode 100644 CryptoPkg/Include/arpa/inet.h create mode 100644 CryptoPkg/Include/assert.h create mode 100644 CryptoPkg/Include/ctype.h create mode 100644 CryptoPkg/Include/dirent.h create mode 100644 CryptoPkg/Include/errno.h create mode 100644 CryptoPkg/Include/limits.h create mode 100644 CryptoPkg/Include/malloc.h create mode 100644 CryptoPkg/Include/math.h create mode 100644 CryptoPkg/Include/netdb.h create mode 100644 CryptoPkg/Include/netinet/in.h create mode 100644 CryptoPkg/Include/openssl/README create mode 100644 CryptoPkg/Include/sgtty.h create mode 100644 CryptoPkg/Include/signal.h create mode 100644 CryptoPkg/Include/stdarg.h create mode 100644 CryptoPkg/Include/stddef.h create mode 100644 CryptoPkg/Include/stdio.h create mode 100644 CryptoPkg/Include/stdlib.h create mode 100644 CryptoPkg/Include/string.h create mode 100644 CryptoPkg/Include/strings.h create mode 100644 CryptoPkg/Include/sys/ioctl.h create mode 100644 CryptoPkg/Include/sys/param.h create mode 100644 CryptoPkg/Include/sys/socket.h create mode 100644 CryptoPkg/Include/sys/stat.h create mode 100644 CryptoPkg/Include/sys/time.h create mode 100644 CryptoPkg/Include/sys/times.h create mode 100644 CryptoPkg/Include/sys/types.h create mode 100644 CryptoPkg/Include/sys/un.h create mode 100644 CryptoPkg/Include/syslog.h create mode 100644 CryptoPkg/Include/time.h create mode 100644 CryptoPkg/Include/unistd.h create mode 100644 CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf create mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c create mode 100644 CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf create mode 100644 CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Pk/CryptRsa.c create mode 100644 CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf create mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c create mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c create mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/HelperWrapper.c create mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/Alloca.S create mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathDivU64x64.S create mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathDivU64x64.c create mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathLShiftS64.S create mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathLShiftS64.c create mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathMultS64x64.S create mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathMultS64x64.c create mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathRShiftU64.S create mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathRShiftU64.c create mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathReminderU64x64.S create mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathReminderU64x64.c create mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c create mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c create mode 100644 CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/BaseCryptLibRuntimeCryptProtocol.inf create mode 100644 CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c create mode 100644 CryptoPkg/Library/IntrinsicLib/CopyMem.c create mode 100644 CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf create mode 100644 CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c create mode 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8l.patch create mode 100644 CryptoPkg/Library/OpensslLib/Install.cmd create mode 100644 CryptoPkg/Library/OpensslLib/Install.sh create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLib.inf create mode 100644 CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt create mode 100644 CryptoPkg/Library/OpensslLib/buildinf.h diff --git a/CryptoPkg/Application/Cryptest/AuthenticodeVerify.c b/CryptoPkg/Application/Cryptest/AuthenticodeVerify.c new file mode 100644 index 0000000000..72c4092f82 --- /dev/null +++ b/CryptoPkg/Application/Cryptest/AuthenticodeVerify.c @@ -0,0 +1,658 @@ +/** @file + Sample Implementation for Microsoft Authenticode Verification. + +Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include +#include + +#include + +// +// DER encoding of SpcIndirectDataContent (Authenticode-specific Structure) +// Last 20 bytes data should be the SHA-1 digest value of PE/COFF image +// +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 SpcIndirectDataContentwithSha1[] = { + 0x30, 0x33, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x0F, 0x30, 0x25, + 0x03, 0x01, 0x00, 0xA0, 0x20, 0xA2, 0x1E, 0x80, 0x1C, 0x00, 0x3C, 0x00, 0x3C, 0x00, 0x3C, 0x00, + 0x4F, 0x00, 0x62, 0x00, 0x73, 0x00, 0x6F, 0x00, 0x6C, 0x00, 0x65, 0x00, 0x74, 0x00, 0x65, 0x00, + 0x3E, 0x00, 0x3E, 0x00, 0x3E, 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, + 0x05, 0x00, 0x04, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + +// +// DER encoding of SpcIndirectDataContent (Authenticode-specific Structure) +// Last 16 bytes data should be the MD5 digest value of PE/COFF image +// NOTE: Authenticode also support MD5 digest. Disable MD5 support here since MD5 +// has been marked as "Deprecated, do not use". +// +#if 0 +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 SpcIndirectDataContentwithMd5[] = { + 0x30, 0x33, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x0F, 0x30, 0x25, + 0x03, 0x01, 0x00, 0xA0, 0x20, 0xA2, 0x1E, 0x80, 0x1C, 0x00, 0x3C, 0x00, 0x3C, 0x00, 0x3C, 0x00, + 0x4F, 0x00, 0x62, 0x00, 0x73, 0x00, 0x6F, 0x00, 0x6C, 0x00, 0x65, 0x00, 0x74, 0x00, 0x65, 0x00, + 0x3E, 0x00, 0x3E, 0x00, 0x3E, 0x30, 0x20, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x02, 0x05, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00 + }; +#endif + +// +// Sample PE/COFF Image Hash Value. +// This value should be calculated following MSFT's Authenticode Specification +// +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 PeHash[] = { + 0x44, 0xFD, 0x4F, 0xA9, 0x17, 0xEE, 0xAC, 0xCF, 0x1F, 0x0B, 0xE3, 0xA1, 0x4D, 0x5B, 0xA6, 0x61, + 0x82, 0x97, 0xC4, 0xB6 + }; + +// +// Sample Authenticode Data (from MSFT Win7 BootLoader: bootmgfw.efi) +// This data should be retrieved from signed PE/COFF image according to SECURITY +// directory in PE/COFF Header +// +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 Authenticode[] = { + 0x30, 0x82, 0x1C, 0x43, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02, 0xA0, + 0x82, 0x1C, 0x34, 0x30, 0x82, 0x1C, 0x30, 0x02, 0x01, 0x01, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x05, + 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x30, 0x68, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, + 0x82, 0x37, 0x02, 0x01, 0x04, 0xA0, 0x5A, 0x30, 0x58, 0x30, 0x33, 0x06, 0x0A, 0x2B, 0x06, 0x01, + 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x0F, 0x30, 0x25, 0x03, 0x01, 0x00, 0xA0, 0x20, 0xA2, 0x1E, + 0x80, 0x1C, 0x00, 0x3C, 0x00, 0x3C, 0x00, 0x3C, 0x00, 0x4F, 0x00, 0x62, 0x00, 0x73, 0x00, 0x6F, + 0x00, 0x6C, 0x00, 0x65, 0x00, 0x74, 0x00, 0x65, 0x00, 0x3E, 0x00, 0x3E, 0x00, 0x3E, 0x30, 0x21, + 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14, 0x44, 0xFD, 0x4F, + 0xA9, 0x17, 0xEE, 0xAC, 0xCF, 0x1F, 0x0B, 0xE3, 0xA1, 0x4D, 0x5B, 0xA6, 0x61, 0x82, 0x97, 0xC4, + 0xB6, 0xA0, 0x82, 0x17, 0x18, 0x30, 0x82, 0x04, 0xCA, 0x30, 0x82, 0x03, 0xB2, 0xA0, 0x03, 0x02, + 0x01, 0x02, 0x02, 0x0A, 0x61, 0x03, 0xDC, 0xF6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C, 0x30, 0x0D, + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x77, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, + 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, + 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6D, + 0x6F, 0x6E, 0x64, 0x31, 0x1E, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x15, 0x4D, 0x69, + 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x43, 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, + 0x69, 0x6F, 0x6E, 0x31, 0x21, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x18, 0x4D, 0x69, + 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x54, 0x69, 0x6D, 0x65, 0x2D, 0x53, 0x74, 0x61, + 0x6D, 0x70, 0x20, 0x50, 0x43, 0x41, 0x30, 0x1E, 0x17, 0x0D, 0x30, 0x38, 0x30, 0x37, 0x32, 0x35, + 0x31, 0x39, 0x31, 0x32, 0x35, 0x30, 0x5A, 0x17, 0x0D, 0x31, 0x31, 0x30, 0x37, 0x32, 0x35, 0x31, + 0x39, 0x32, 0x32, 0x35, 0x30, 0x5A, 0x30, 0x81, 0xB3, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, + 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6D, 0x6F, 0x6E, 0x64, 0x31, 0x1E, 0x30, + 0x1C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x15, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, + 0x74, 0x20, 0x43, 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x31, 0x0D, 0x30, + 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x04, 0x4D, 0x4F, 0x50, 0x52, 0x31, 0x27, 0x30, 0x25, + 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x1E, 0x6E, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x20, 0x44, + 0x53, 0x45, 0x20, 0x45, 0x53, 0x4E, 0x3A, 0x31, 0x35, 0x39, 0x43, 0x2D, 0x41, 0x33, 0x46, 0x37, + 0x2D, 0x32, 0x35, 0x37, 0x30, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1C, + 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x54, 0x69, 0x6D, 0x65, 0x2D, 0x53, + 0x74, 0x61, 0x6D, 0x70, 0x20, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x30, 0x82, 0x01, 0x22, + 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC0, 0xED, 0x81, + 0x14, 0xA1, 0x5E, 0x77, 0xC0, 0x5B, 0xF4, 0x76, 0x89, 0x62, 0xFA, 0xAD, 0x7C, 0x68, 0x14, 0xB4, + 0xF7, 0xBD, 0x35, 0xD8, 0x13, 0x79, 0x5A, 0x17, 0xCA, 0xD9, 0x6C, 0x51, 0x45, 0x62, 0x26, 0x7A, + 0x2F, 0x1F, 0xD8, 0xEA, 0xC1, 0x6E, 0x01, 0x17, 0xF9, 0xC3, 0xA6, 0x1F, 0x67, 0xDB, 0x51, 0xB0, + 0x2C, 0xDE, 0x8A, 0x17, 0xED, 0xFF, 0x20, 0xAD, 0x34, 0xEA, 0x98, 0xFB, 0xA5, 0xD6, 0x2A, 0xD2, + 0xF1, 0x44, 0x27, 0x07, 0x5A, 0x2D, 0x3A, 0x93, 0xFF, 0x56, 0x53, 0xB0, 0xC8, 0xF5, 0xF3, 0x03, + 0xF2, 0x49, 0xCC, 0x16, 0xD0, 0xF5, 0x00, 0x4C, 0x58, 0xF8, 0x9B, 0xF5, 0x07, 0x25, 0xB1, 0x66, + 0x17, 0xC0, 0xBD, 0xC8, 0xD2, 0x52, 0x85, 0x8D, 0xC2, 0x2B, 0x38, 0xB2, 0xC3, 0x36, 0xBE, 0xF9, + 0x87, 0xDA, 0xF4, 0x8E, 0x5D, 0x43, 0xD7, 0x06, 0xBF, 0x99, 0x05, 0x9F, 0xA4, 0xCE, 0xFE, 0xAB, + 0x8D, 0x61, 0x63, 0xE7, 0x39, 0xC5, 0xF3, 0x18, 0xF6, 0xD8, 0xFC, 0x31, 0x36, 0x69, 0x72, 0x5A, + 0xA2, 0x1A, 0x4C, 0x3E, 0xEA, 0x87, 0x25, 0x42, 0x9D, 0xD1, 0x3E, 0xF1, 0x97, 0xD2, 0x18, 0x32, + 0x93, 0x70, 0x55, 0x53, 0x81, 0x1E, 0xE3, 0x3B, 0x0D, 0xE8, 0xBE, 0x82, 0x78, 0x6D, 0xE6, 0xFA, + 0xCD, 0x98, 0xA4, 0x6F, 0xDB, 0xEE, 0x66, 0xF4, 0x95, 0xC8, 0xCD, 0x35, 0xC9, 0x9E, 0xBB, 0x36, + 0x0D, 0x83, 0x96, 0x94, 0x26, 0xA7, 0x90, 0xE0, 0xA9, 0x34, 0x3B, 0xD5, 0xC0, 0x9E, 0x3E, 0xF0, + 0xD4, 0x47, 0x8D, 0x86, 0x0C, 0x82, 0xA4, 0x58, 0x30, 0x3A, 0x1C, 0x76, 0xE3, 0xAD, 0x95, 0x66, + 0xB4, 0xB7, 0xFD, 0x09, 0x8A, 0x05, 0x60, 0x0F, 0xA3, 0x0F, 0xE2, 0x93, 0x96, 0x58, 0x22, 0x9C, + 0x9D, 0x2B, 0xDB, 0xA2, 0x94, 0x18, 0x90, 0x95, 0x02, 0xBD, 0x06, 0x40, 0x95, 0x02, 0x03, 0x01, + 0x00, 0x01, 0xA3, 0x82, 0x01, 0x19, 0x30, 0x82, 0x01, 0x15, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, + 0x0E, 0x04, 0x16, 0x04, 0x14, 0xD2, 0xED, 0x0D, 0x1E, 0x24, 0xBB, 0x37, 0xA9, 0xD8, 0x20, 0x6A, + 0x4D, 0x1D, 0xD2, 0x16, 0xD5, 0x2E, 0xBE, 0x9E, 0xEB, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, + 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x23, 0x34, 0xF8, 0xD9, 0x52, 0x46, 0x70, 0x0A, 0xED, 0x40, + 0xFB, 0x76, 0xFB, 0xB3, 0x2B, 0xB0, 0xC3, 0x35, 0xB3, 0x0F, 0x30, 0x54, 0x06, 0x03, 0x55, 0x1D, + 0x1F, 0x04, 0x4D, 0x30, 0x4B, 0x30, 0x49, 0xA0, 0x47, 0xA0, 0x45, 0x86, 0x43, 0x68, 0x74, 0x74, + 0x70, 0x3A, 0x2F, 0x2F, 0x63, 0x72, 0x6C, 0x2E, 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, + 0x74, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x70, 0x6B, 0x69, 0x2F, 0x63, 0x72, 0x6C, 0x2F, 0x70, 0x72, + 0x6F, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2F, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, + 0x54, 0x69, 0x6D, 0x65, 0x53, 0x74, 0x61, 0x6D, 0x70, 0x50, 0x43, 0x41, 0x2E, 0x63, 0x72, 0x6C, + 0x30, 0x58, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x4C, 0x30, 0x4A, + 0x30, 0x48, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3C, 0x68, 0x74, + 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x77, 0x77, 0x77, 0x2E, 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, + 0x66, 0x74, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x70, 0x6B, 0x69, 0x2F, 0x63, 0x65, 0x72, 0x74, 0x73, + 0x2F, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x54, 0x69, 0x6D, 0x65, 0x53, 0x74, + 0x61, 0x6D, 0x70, 0x50, 0x43, 0x41, 0x2E, 0x63, 0x72, 0x74, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1D, + 0x25, 0x04, 0x0C, 0x30, 0x0A, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x06, 0xC0, 0x30, + 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, + 0x01, 0x01, 0x00, 0x9C, 0x0A, 0x55, 0xC8, 0xCC, 0x44, 0x13, 0x34, 0x0C, 0xD8, 0x63, 0x27, 0x76, + 0x7D, 0x3E, 0xFA, 0x38, 0x32, 0x83, 0x53, 0x9D, 0xF2, 0x08, 0xF9, 0x32, 0xF5, 0xC5, 0x6E, 0x70, + 0xA1, 0xC9, 0xB1, 0x63, 0x6B, 0x19, 0x9D, 0x09, 0x67, 0xD9, 0x9D, 0xEB, 0x8A, 0x6A, 0xDB, 0x60, + 0x66, 0xE9, 0xE9, 0x52, 0x26, 0xF3, 0x3B, 0xC6, 0x6A, 0xD3, 0xC2, 0x52, 0xBE, 0xA8, 0xB9, 0xEB, + 0x6A, 0xAA, 0x78, 0x8C, 0xC9, 0x16, 0x7D, 0x90, 0x95, 0xA0, 0xCC, 0x21, 0xB3, 0x9E, 0x81, 0xBD, + 0xCD, 0xC1, 0x8B, 0x29, 0xBD, 0x62, 0x25, 0xEF, 0x09, 0x57, 0xE7, 0x86, 0x4E, 0x2A, 0xEC, 0x80, + 0xCA, 0xBB, 0xFC, 0x21, 0x16, 0xC4, 0x3F, 0x4E, 0x52, 0x19, 0xE6, 0x0E, 0xB1, 0xD8, 0xC1, 0xC2, + 0x79, 0x90, 0x64, 0xB4, 0x50, 0x73, 0x10, 0x35, 0x5E, 0x5D, 0x11, 0xC1, 0xB8, 0xBA, 0xAA, 0xCF, + 0x52, 0xF6, 0x80, 0x91, 0x00, 0xE6, 0xEF, 0x51, 0x43, 0x46, 0xE9, 0xD0, 0xE8, 0x94, 0xF6, 0x2C, + 0x24, 0x0D, 0x8A, 0xC6, 0xB2, 0x31, 0x8A, 0xA3, 0x7E, 0x36, 0x6C, 0xA4, 0x05, 0x4C, 0x67, 0x07, + 0x2A, 0xBB, 0xBB, 0x10, 0xA5, 0xA5, 0x30, 0x1A, 0x72, 0xD0, 0x06, 0x20, 0x3B, 0x24, 0x93, 0x5B, + 0x15, 0xD9, 0x39, 0x93, 0xD3, 0x73, 0x2D, 0x1A, 0xC4, 0xD4, 0x6C, 0x1E, 0xA1, 0x08, 0xEC, 0xF6, + 0x31, 0xB8, 0x6B, 0x4B, 0xEC, 0xEE, 0x5C, 0x33, 0x02, 0x14, 0x32, 0x8C, 0x7C, 0x11, 0x20, 0x2F, + 0x20, 0x03, 0x7F, 0xF9, 0x0C, 0x9D, 0xB8, 0xD3, 0x9E, 0x5F, 0xD6, 0x08, 0xFC, 0x81, 0xA0, 0x99, + 0xB8, 0xBB, 0x55, 0x6E, 0xCD, 0x42, 0x4B, 0x3A, 0x4D, 0x8C, 0x14, 0x2B, 0xCA, 0xC8, 0x12, 0xD3, + 0x62, 0x6E, 0xEA, 0x0D, 0x0A, 0x9D, 0x09, 0xA3, 0x66, 0xD9, 0x79, 0x4F, 0x8E, 0x1A, 0xA2, 0xFF, + 0xCC, 0x98, 0x04, 0x30, 0x82, 0x05, 0x96, 0x30, 0x82, 0x04, 0x7E, 0xA0, 0x03, 0x02, 0x01, 0x02, + 0x02, 0x0A, 0x61, 0x01, 0xC6, 0xC1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, 0x81, 0x31, 0x0B, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, + 0x03, 0x55, 0x04, 0x08, 0x13, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6D, 0x6F, + 0x6E, 0x64, 0x31, 0x1E, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x15, 0x4D, 0x69, 0x63, + 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x43, 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, 0x69, + 0x6F, 0x6E, 0x31, 0x2B, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x4D, 0x69, 0x63, + 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6E, 0x64, 0x6F, 0x77, 0x73, 0x20, 0x56, + 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x50, 0x43, 0x41, 0x30, + 0x1E, 0x17, 0x0D, 0x30, 0x38, 0x31, 0x30, 0x32, 0x32, 0x32, 0x30, 0x33, 0x39, 0x32, 0x32, 0x5A, + 0x17, 0x0D, 0x31, 0x30, 0x30, 0x31, 0x32, 0x32, 0x32, 0x30, 0x34, 0x39, 0x32, 0x32, 0x5A, 0x30, + 0x7F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, + 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, + 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, + 0x64, 0x6D, 0x6F, 0x6E, 0x64, 0x31, 0x1E, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x15, + 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x43, 0x6F, 0x72, 0x70, 0x6F, 0x72, + 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x04, + 0x4D, 0x4F, 0x50, 0x52, 0x31, 0x1A, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x11, 0x4D, + 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6E, 0x64, 0x6F, 0x77, 0x73, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, + 0x00, 0xDC, 0x3A, 0xD3, 0x44, 0xF4, 0x6E, 0x20, 0x9F, 0xDD, 0xA4, 0x0E, 0x82, 0x4E, 0xC7, 0x86, + 0x5E, 0x63, 0xCC, 0xCA, 0xE5, 0x42, 0x53, 0x4B, 0x85, 0xFA, 0x5D, 0x71, 0x6C, 0xCF, 0x76, 0x0C, + 0x18, 0x8B, 0xA6, 0x0D, 0xF5, 0x4A, 0xF7, 0xFE, 0x17, 0xF2, 0x90, 0xCC, 0x62, 0xC7, 0x24, 0xAD, + 0x9B, 0x9A, 0xE1, 0x45, 0x3B, 0x61, 0xD8, 0x0D, 0x05, 0x69, 0xC7, 0xCD, 0x88, 0x2A, 0xB8, 0xB9, + 0x18, 0x1E, 0x60, 0x10, 0x5F, 0x88, 0xC6, 0xD2, 0x82, 0x4E, 0x6D, 0x49, 0xC5, 0xBE, 0x5C, 0x12, + 0x86, 0x48, 0x85, 0x89, 0x91, 0x81, 0xCD, 0x1B, 0xAD, 0x1F, 0xB7, 0x2D, 0x67, 0x79, 0xF1, 0x7B, + 0x9F, 0x25, 0x87, 0x14, 0x76, 0x5F, 0xE3, 0x0E, 0x64, 0xA1, 0x72, 0x61, 0x25, 0xE5, 0x75, 0x69, + 0xC5, 0x14, 0xF1, 0x5F, 0x07, 0x56, 0xA4, 0x0D, 0x70, 0x06, 0x23, 0xA7, 0x6C, 0xDD, 0x82, 0xAE, + 0xD9, 0x9B, 0x47, 0xA4, 0xA5, 0x6C, 0x08, 0xB0, 0x58, 0xF1, 0x53, 0x6A, 0x4F, 0xDA, 0x85, 0x61, + 0xCB, 0x02, 0x7B, 0x49, 0xAF, 0x1F, 0xBB, 0xE0, 0xD7, 0xB9, 0x5E, 0xDB, 0x73, 0x89, 0x76, 0xC1, + 0x3A, 0xBB, 0x0D, 0xF5, 0x97, 0xF0, 0x88, 0x5D, 0x69, 0x77, 0x80, 0xCF, 0xF1, 0x7E, 0x03, 0x9F, + 0x73, 0x6D, 0xDE, 0x05, 0xB8, 0x2F, 0x77, 0xB5, 0x54, 0x55, 0x45, 0xD0, 0xD2, 0x38, 0xBD, 0x96, + 0xE3, 0xF7, 0xEA, 0x40, 0xE5, 0xAC, 0x19, 0xFC, 0x71, 0xCB, 0x28, 0x27, 0xAA, 0x71, 0xA1, 0x72, + 0xB5, 0x12, 0x27, 0xC1, 0x51, 0xF6, 0x36, 0xC5, 0xC0, 0xC7, 0x7B, 0x3A, 0x3A, 0x93, 0x37, 0x04, + 0xCC, 0xEE, 0x0B, 0x69, 0x78, 0x64, 0x75, 0x41, 0xB6, 0x78, 0x22, 0x0F, 0x77, 0x84, 0xF7, 0x4B, + 0x8D, 0x46, 0x65, 0x92, 0x5B, 0x4D, 0x56, 0x6B, 0x75, 0x04, 0x46, 0x3F, 0x0B, 0x1B, 0xB4, 0x19, + 0xBF, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x02, 0x0F, 0x30, 0x82, 0x02, 0x0B, 0x30, 0x1F, + 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x18, 0x30, 0x16, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, + 0x07, 0x03, 0x03, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x0A, 0x03, 0x06, 0x30, + 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xA1, 0xE6, 0xC3, 0x65, 0xD0, 0xE6, + 0xE8, 0x28, 0x62, 0xC2, 0xF3, 0xC2, 0x23, 0xA6, 0x1C, 0x49, 0x82, 0x0B, 0xD5, 0x53, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80, 0x30, 0x1F, + 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x90, 0x8B, 0x11, + 0xA5, 0x70, 0xED, 0xE0, 0xF9, 0xA9, 0xC0, 0xAC, 0x08, 0xC7, 0xB5, 0xF4, 0x82, 0xB1, 0x3C, 0xC5, + 0x4A, 0x30, 0x7B, 0x06, 0x03, 0x55, 0x1D, 0x1F, 0x04, 0x74, 0x30, 0x72, 0x30, 0x70, 0xA0, 0x6E, + 0xA0, 0x6C, 0x86, 0x34, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x63, 0x72, 0x6C, 0x2E, 0x6D, + 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x70, 0x6B, 0x69, + 0x2F, 0x63, 0x72, 0x6C, 0x2F, 0x70, 0x72, 0x6F, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2F, 0x57, 0x69, + 0x6E, 0x50, 0x43, 0x41, 0x2E, 0x63, 0x72, 0x6C, 0x86, 0x34, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, + 0x2F, 0x77, 0x77, 0x77, 0x2E, 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x2E, 0x63, + 0x6F, 0x6D, 0x2F, 0x70, 0x6B, 0x69, 0x2F, 0x63, 0x72, 0x6C, 0x2F, 0x70, 0x72, 0x6F, 0x64, 0x75, + 0x63, 0x74, 0x73, 0x2F, 0x57, 0x69, 0x6E, 0x50, 0x43, 0x41, 0x2E, 0x63, 0x72, 0x6C, 0x30, 0x52, + 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x46, 0x30, 0x44, 0x30, 0x42, + 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x36, 0x68, 0x74, 0x74, 0x70, + 0x3A, 0x2F, 0x2F, 0x77, 0x77, 0x77, 0x2E, 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, + 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x70, 0x6B, 0x69, 0x2F, 0x63, 0x65, 0x72, 0x74, 0x73, 0x2F, 0x4D, + 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x57, 0x69, 0x6E, 0x50, 0x43, 0x41, 0x2E, 0x63, + 0x72, 0x74, 0x30, 0x81, 0xC6, 0x06, 0x03, 0x55, 0x1D, 0x20, 0x04, 0x81, 0xBE, 0x30, 0x81, 0xBB, + 0x30, 0x81, 0xB8, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x2F, 0x30, 0x81, + 0xAA, 0x30, 0x40, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x34, 0x68, + 0x74, 0x74, 0x70, 0x73, 0x3A, 0x2F, 0x2F, 0x77, 0x77, 0x77, 0x2E, 0x6D, 0x69, 0x63, 0x72, 0x6F, + 0x73, 0x6F, 0x66, 0x74, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x70, 0x6B, 0x69, 0x2F, 0x73, 0x73, 0x6C, + 0x2F, 0x63, 0x70, 0x73, 0x2F, 0x57, 0x69, 0x6E, 0x64, 0x6F, 0x77, 0x73, 0x50, 0x43, 0x41, 0x2E, + 0x68, 0x74, 0x6D, 0x30, 0x66, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x02, 0x30, + 0x5A, 0x1E, 0x58, 0x00, 0x43, 0x00, 0x6F, 0x00, 0x70, 0x00, 0x79, 0x00, 0x72, 0x00, 0x69, 0x00, + 0x67, 0x00, 0x68, 0x00, 0x74, 0x00, 0x20, 0x00, 0xA9, 0x00, 0x20, 0x00, 0x31, 0x00, 0x39, 0x00, + 0x39, 0x00, 0x39, 0x00, 0x2D, 0x00, 0x32, 0x00, 0x30, 0x00, 0x30, 0x00, 0x35, 0x00, 0x20, 0x00, + 0x4D, 0x00, 0x69, 0x00, 0x63, 0x00, 0x72, 0x00, 0x6F, 0x00, 0x73, 0x00, 0x6F, 0x00, 0x66, 0x00, + 0x74, 0x00, 0x20, 0x00, 0x43, 0x00, 0x6F, 0x00, 0x72, 0x00, 0x70, 0x00, 0x6F, 0x00, 0x72, 0x00, + 0x61, 0x00, 0x74, 0x00, 0x69, 0x00, 0x6F, 0x00, 0x6E, 0x00, 0x2E, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x73, + 0x5F, 0xCA, 0x80, 0x1C, 0x60, 0x46, 0x6F, 0xB9, 0x34, 0x9D, 0x88, 0xE3, 0xBE, 0x22, 0x8C, 0xFA, + 0xE6, 0x58, 0x9A, 0xAB, 0x7B, 0x1A, 0x97, 0xFD, 0xED, 0x2E, 0x39, 0xCC, 0x59, 0x5B, 0x1D, 0x7A, + 0x06, 0x8A, 0xBB, 0x43, 0x93, 0x7B, 0x1E, 0xA1, 0x88, 0x53, 0xDF, 0x44, 0xF8, 0x53, 0xA9, 0xEA, + 0xF6, 0x67, 0x1B, 0x3A, 0x78, 0x84, 0x11, 0x6A, 0x6F, 0x29, 0x47, 0x90, 0x0A, 0x0C, 0x7B, 0x22, + 0x77, 0x4E, 0x6F, 0xB8, 0x64, 0x29, 0xDF, 0x06, 0xC7, 0xC8, 0x73, 0x84, 0xD6, 0x66, 0xA0, 0xCA, + 0xD9, 0x5A, 0x26, 0x82, 0x57, 0xF9, 0xE3, 0x4F, 0x39, 0xAF, 0x2E, 0x8E, 0xB1, 0x06, 0x5B, 0x72, + 0xF2, 0x37, 0x32, 0xAE, 0x4E, 0xCE, 0x3C, 0x7D, 0xB0, 0x12, 0x2B, 0x9E, 0xA5, 0x75, 0xE3, 0x43, + 0xA6, 0x12, 0x8B, 0x06, 0x14, 0x98, 0x77, 0xE3, 0x58, 0x32, 0x25, 0x60, 0x07, 0x8C, 0x59, 0x71, + 0xA7, 0x71, 0x41, 0xB3, 0x06, 0x8D, 0x5C, 0xEF, 0x9C, 0x7F, 0x5A, 0x22, 0x6D, 0xB7, 0xD3, 0xD9, + 0xF5, 0xA6, 0x1B, 0x52, 0xDE, 0xF5, 0x7E, 0x76, 0x7C, 0xFE, 0xF4, 0xC8, 0x23, 0x1A, 0x4B, 0x25, + 0xEB, 0xE4, 0xEE, 0xAF, 0x10, 0x0B, 0x55, 0xC3, 0xD8, 0xC1, 0x17, 0x85, 0x61, 0x6F, 0xD3, 0x3F, + 0xB6, 0xE9, 0xEC, 0x84, 0xA5, 0xEE, 0x6D, 0xB2, 0xFF, 0xE8, 0x6C, 0x95, 0xAB, 0x2B, 0x5E, 0xC8, + 0x85, 0xC3, 0x11, 0x60, 0xAC, 0xFA, 0x02, 0x05, 0xF1, 0x7B, 0xDA, 0xC3, 0x69, 0x49, 0x96, 0xA5, + 0x70, 0xF9, 0x65, 0x66, 0x46, 0x10, 0x8D, 0x34, 0xE9, 0x21, 0x94, 0x3C, 0x0F, 0x71, 0x4A, 0x1C, + 0xEA, 0x1F, 0xF7, 0x23, 0xA6, 0x87, 0x60, 0x34, 0xE9, 0x14, 0xE1, 0xDE, 0x03, 0x59, 0xB4, 0x02, + 0x1D, 0x3A, 0xAF, 0xE3, 0x55, 0x05, 0xF5, 0xED, 0xC1, 0xF4, 0xE4, 0x5D, 0x0E, 0xD3, 0x97, 0x30, + 0x82, 0x06, 0x07, 0x30, 0x82, 0x03, 0xEF, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x0A, 0x61, 0x16, + 0x68, 0x34, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1C, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x5F, 0x31, 0x13, 0x30, 0x11, 0x06, 0x0A, 0x09, + 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x19, 0x16, 0x03, 0x63, 0x6F, 0x6D, 0x31, 0x19, + 0x30, 0x17, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x19, 0x16, 0x09, + 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x31, 0x2D, 0x30, 0x2B, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x13, 0x24, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x52, 0x6F, + 0x6F, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, + 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1E, 0x17, 0x0D, 0x30, 0x37, 0x30, 0x34, + 0x30, 0x33, 0x31, 0x32, 0x35, 0x33, 0x30, 0x39, 0x5A, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x34, 0x30, + 0x33, 0x31, 0x33, 0x30, 0x33, 0x30, 0x39, 0x5A, 0x30, 0x77, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, + 0x13, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6D, 0x6F, 0x6E, 0x64, 0x31, 0x1E, + 0x30, 0x1C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x15, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, + 0x66, 0x74, 0x20, 0x43, 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x31, 0x21, + 0x30, 0x1F, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x18, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, + 0x66, 0x74, 0x20, 0x54, 0x69, 0x6D, 0x65, 0x2D, 0x53, 0x74, 0x61, 0x6D, 0x70, 0x20, 0x50, 0x43, + 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, + 0x01, 0x00, 0x9F, 0xA1, 0x6C, 0xB1, 0xDF, 0xDB, 0x48, 0x92, 0x2A, 0x7C, 0x6B, 0x2E, 0x19, 0xE1, + 0xBD, 0xE2, 0xE3, 0xC5, 0x99, 0x51, 0x23, 0x50, 0xAD, 0xCE, 0xDD, 0x18, 0x4E, 0x24, 0x0F, 0xEE, + 0xD1, 0xA7, 0xD1, 0x4C, 0xAD, 0x74, 0x30, 0x20, 0x11, 0xEB, 0x07, 0xD5, 0x54, 0x95, 0x15, 0x49, + 0x94, 0x1B, 0x42, 0x92, 0xAE, 0x98, 0x5C, 0x30, 0x26, 0xDA, 0x00, 0x6B, 0xE8, 0x7B, 0xBD, 0xEC, + 0x89, 0x07, 0x0F, 0xF7, 0x0E, 0x04, 0x98, 0xF0, 0x89, 0xCC, 0x1F, 0xCB, 0x33, 0x24, 0x87, 0x9D, + 0xF2, 0xF4, 0x67, 0x1C, 0x2C, 0xFC, 0x7B, 0xE7, 0x88, 0x1D, 0xEA, 0xE7, 0x4E, 0xA3, 0xA1, 0xC1, + 0x23, 0x53, 0xCA, 0x8D, 0xFA, 0x45, 0xCF, 0x09, 0xD0, 0x5E, 0xAF, 0xD0, 0xB0, 0x42, 0x04, 0xA2, + 0xF9, 0xA6, 0x6C, 0x93, 0x67, 0xD7, 0x28, 0xDC, 0x46, 0x53, 0xB0, 0x86, 0xD0, 0xE5, 0x28, 0x46, + 0x2E, 0x27, 0xAC, 0x86, 0x4F, 0x55, 0x52, 0x0C, 0xE4, 0x03, 0x2C, 0xFB, 0x6A, 0x90, 0x90, 0x30, + 0x6E, 0x87, 0xF3, 0x59, 0x30, 0x9D, 0xFA, 0x7E, 0xD6, 0x97, 0xB3, 0xE8, 0x21, 0x97, 0x7E, 0xF8, + 0xD2, 0x13, 0xF3, 0x08, 0xB7, 0x53, 0x6D, 0x52, 0xB4, 0x45, 0x90, 0x9F, 0x48, 0x00, 0x4A, 0x47, + 0x66, 0x11, 0x27, 0x29, 0x66, 0xA8, 0x97, 0xE4, 0xD3, 0x06, 0x81, 0x4A, 0xA2, 0xF9, 0x84, 0xA7, + 0x11, 0x47, 0x14, 0x09, 0x82, 0x9F, 0x84, 0xED, 0x55, 0x78, 0xFE, 0x01, 0x9A, 0x1D, 0x50, 0x08, + 0x85, 0x00, 0x10, 0x30, 0x46, 0xED, 0xB7, 0xDE, 0x23, 0x46, 0xBB, 0xC4, 0x2D, 0x54, 0x9F, 0xAF, + 0x1E, 0x78, 0x41, 0x31, 0x77, 0xCC, 0x9B, 0xDF, 0x3B, 0x83, 0x93, 0xA1, 0x61, 0x02, 0xB5, 0x1D, + 0x0D, 0xB1, 0xFC, 0xF7, 0x9B, 0xB2, 0x01, 0xCE, 0x22, 0x4B, 0x54, 0xFF, 0xF9, 0x05, 0xC3, 0xC2, + 0x20, 0x0B, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0xAB, 0x30, 0x82, 0x01, 0xA7, 0x30, + 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, + 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x23, 0x34, 0xF8, 0xD9, 0x52, + 0x46, 0x70, 0x0A, 0xED, 0x40, 0xFB, 0x76, 0xFB, 0xB3, 0x2B, 0xB0, 0xC3, 0x35, 0xB3, 0x0F, 0x30, + 0x0B, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x10, 0x06, 0x09, + 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x81, + 0x98, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0x90, 0x30, 0x81, 0x8D, 0x80, 0x14, 0x0E, 0xAC, + 0x82, 0x60, 0x40, 0x56, 0x27, 0x97, 0xE5, 0x25, 0x13, 0xFC, 0x2A, 0xE1, 0x0A, 0x53, 0x95, 0x59, + 0xE4, 0xA4, 0xA1, 0x63, 0xA4, 0x61, 0x30, 0x5F, 0x31, 0x13, 0x30, 0x11, 0x06, 0x0A, 0x09, 0x92, + 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x19, 0x16, 0x03, 0x63, 0x6F, 0x6D, 0x31, 0x19, 0x30, + 0x17, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x19, 0x16, 0x09, 0x6D, + 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x31, 0x2D, 0x30, 0x2B, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x13, 0x24, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x52, 0x6F, 0x6F, + 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, + 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, 0x82, 0x10, 0x79, 0xAD, 0x16, 0xA1, 0x4A, 0xA0, 0xA5, + 0xAD, 0x4C, 0x73, 0x58, 0xF4, 0x07, 0x13, 0x2E, 0x65, 0x30, 0x50, 0x06, 0x03, 0x55, 0x1D, 0x1F, + 0x04, 0x49, 0x30, 0x47, 0x30, 0x45, 0xA0, 0x43, 0xA0, 0x41, 0x86, 0x3F, 0x68, 0x74, 0x74, 0x70, + 0x3A, 0x2F, 0x2F, 0x63, 0x72, 0x6C, 0x2E, 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, + 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x70, 0x6B, 0x69, 0x2F, 0x63, 0x72, 0x6C, 0x2F, 0x70, 0x72, 0x6F, + 0x64, 0x75, 0x63, 0x74, 0x73, 0x2F, 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x72, + 0x6F, 0x6F, 0x74, 0x63, 0x65, 0x72, 0x74, 0x2E, 0x63, 0x72, 0x6C, 0x30, 0x54, 0x06, 0x08, 0x2B, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x48, 0x30, 0x46, 0x30, 0x44, 0x06, 0x08, 0x2B, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x38, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, + 0x77, 0x77, 0x77, 0x2E, 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x2E, 0x63, 0x6F, + 0x6D, 0x2F, 0x70, 0x6B, 0x69, 0x2F, 0x63, 0x65, 0x72, 0x74, 0x73, 0x2F, 0x4D, 0x69, 0x63, 0x72, + 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x52, 0x6F, 0x6F, 0x74, 0x43, 0x65, 0x72, 0x74, 0x2E, 0x63, 0x72, + 0x74, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x0C, 0x30, 0x0A, 0x06, 0x08, 0x2B, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x03, 0x08, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x10, 0x97, 0x8A, 0xC3, 0x5C, 0x03, + 0x44, 0x36, 0xDD, 0xE9, 0xB4, 0xAD, 0x77, 0xDB, 0xCE, 0x79, 0x51, 0x4D, 0x01, 0xB1, 0x2E, 0x74, + 0x71, 0x5B, 0x6D, 0x0C, 0x13, 0xAB, 0xCE, 0xBE, 0x7B, 0x8F, 0xB8, 0x2E, 0xD4, 0x12, 0xA2, 0x8C, + 0x6D, 0x62, 0xB8, 0x57, 0x02, 0xCB, 0x4E, 0x20, 0x13, 0x50, 0x99, 0xDD, 0x7A, 0x40, 0xE2, 0x57, + 0xBB, 0xAF, 0x58, 0x9A, 0x1C, 0xE1, 0x1D, 0x01, 0x86, 0xAC, 0xBB, 0x78, 0xF2, 0x8B, 0xD0, 0xEC, + 0x3B, 0x01, 0xEE, 0xE2, 0xBE, 0x8F, 0x0A, 0x05, 0xC8, 0x8D, 0x48, 0xE2, 0xF0, 0x53, 0x15, 0xDD, + 0x4F, 0xAB, 0x92, 0xE4, 0xE7, 0x8D, 0x6A, 0xD5, 0x80, 0xC1, 0xE6, 0x94, 0xF2, 0x06, 0x2F, 0x85, + 0x03, 0xE9, 0x91, 0x2A, 0x24, 0x22, 0x70, 0xFB, 0xF6, 0xFC, 0xE4, 0x78, 0x99, 0x2E, 0x0D, 0xF7, + 0x07, 0xE2, 0x70, 0xBC, 0x18, 0x4E, 0x9D, 0x8E, 0x6B, 0x0A, 0x72, 0x95, 0xB8, 0xA1, 0x39, 0x9C, + 0x67, 0x2D, 0xC5, 0x51, 0x0E, 0xEA, 0x62, 0x5C, 0x3F, 0x16, 0x98, 0x8B, 0x20, 0x3F, 0xE2, 0x07, + 0x1A, 0x32, 0xF9, 0xCC, 0x31, 0x4A, 0x76, 0x31, 0x3D, 0x2B, 0x72, 0x0B, 0xC8, 0xEA, 0x70, 0x3D, + 0xFF, 0x85, 0x0A, 0x13, 0xDF, 0xC2, 0x0A, 0x61, 0x8E, 0xF0, 0xD7, 0xB8, 0x17, 0xEB, 0x4E, 0x8B, + 0x7F, 0xC5, 0x35, 0x2B, 0x5E, 0xA3, 0xBF, 0xEB, 0xBC, 0x7D, 0x0B, 0x42, 0x7B, 0xD4, 0x53, 0x72, + 0x21, 0xEE, 0x30, 0xCA, 0xBB, 0x78, 0x65, 0x5C, 0x5B, 0x01, 0x17, 0x0A, 0x14, 0x0E, 0xD2, 0xDA, + 0x14, 0x98, 0xF5, 0x3C, 0xB9, 0x66, 0x58, 0xB3, 0x2D, 0x2F, 0xE7, 0xF9, 0x85, 0x86, 0xCC, 0x51, + 0x56, 0xE8, 0x9D, 0x70, 0x94, 0x6C, 0xAC, 0x39, 0x4C, 0xD4, 0xF6, 0x79, 0xBF, 0xAA, 0x18, 0x7A, + 0x62, 0x29, 0xEF, 0xA2, 0x9B, 0x29, 0x34, 0x06, 0x77, 0x1A, 0x62, 0xC9, 0x3D, 0x1E, 0x6D, 0x1F, + 0x82, 0xF0, 0x0B, 0xC7, 0x2C, 0xBB, 0xCF, 0x43, 0xB3, 0xE5, 0xF9, 0xEC, 0x7D, 0xB5, 0xE3, 0xA4, + 0xA8, 0x74, 0x35, 0xB8, 0x4E, 0xC5, 0x71, 0x23, 0x12, 0x26, 0x76, 0x0B, 0x3C, 0x52, 0x8C, 0x71, + 0x5A, 0x46, 0x43, 0x14, 0xBC, 0xB3, 0xB3, 0xB0, 0x4D, 0x67, 0xC8, 0x9F, 0x42, 0xFF, 0x80, 0x79, + 0x21, 0x80, 0x9E, 0x15, 0x30, 0x66, 0xE8, 0x42, 0x12, 0x5E, 0x1A, 0xC8, 0x9E, 0x22, 0x21, 0xD0, + 0x43, 0xE9, 0x2B, 0xE9, 0xBB, 0xF4, 0x48, 0xCC, 0x2C, 0xD4, 0xD8, 0x32, 0x80, 0x4C, 0x26, 0x2A, + 0x48, 0x24, 0x5F, 0x5A, 0xEA, 0x56, 0xEF, 0xA6, 0xDE, 0x99, 0x9D, 0xCA, 0x3A, 0x6F, 0xBD, 0x81, + 0x27, 0x74, 0x06, 0x11, 0xEE, 0x76, 0x21, 0xBF, 0x9B, 0x82, 0xC1, 0x27, 0x54, 0xB6, 0xB1, 0x6A, + 0x3D, 0x89, 0xA1, 0x76, 0x61, 0xB4, 0x6E, 0xA1, 0x13, 0xA6, 0xBF, 0xAA, 0x47, 0xF0, 0x12, 0x6F, + 0xFD, 0x8A, 0x32, 0x6C, 0xB2, 0xFE, 0xDF, 0x51, 0xC8, 0x8C, 0x23, 0xC9, 0x66, 0xBD, 0x9D, 0x1D, + 0x87, 0x12, 0x64, 0x02, 0x3D, 0x2D, 0xAF, 0x59, 0x8F, 0xB8, 0xE4, 0x21, 0xE5, 0xB5, 0xB0, 0xCA, + 0x63, 0xB4, 0x78, 0x54, 0x05, 0xD4, 0x41, 0x2E, 0x50, 0xAC, 0x94, 0xB0, 0xA5, 0x78, 0xAB, 0xB3, + 0xA0, 0x96, 0x75, 0x1A, 0xD9, 0x92, 0x87, 0x13, 0x75, 0x22, 0x2F, 0x32, 0xA8, 0x08, 0x6E, 0xA0, + 0x5B, 0x8C, 0x25, 0xBF, 0xA0, 0xEF, 0x84, 0xCA, 0x21, 0xD6, 0xEB, 0x1E, 0x4F, 0xC9, 0x9A, 0xEE, + 0x49, 0xE0, 0xF7, 0x01, 0x65, 0x6F, 0x89, 0x0B, 0x7D, 0xC8, 0x69, 0xC8, 0xE6, 0x6E, 0xEA, 0xA7, + 0x97, 0xCE, 0x31, 0x29, 0xFF, 0x0E, 0xC5, 0x5B, 0x5C, 0xD8, 0x4D, 0x1B, 0xA1, 0xD8, 0xFA, 0x2F, + 0x9E, 0x3F, 0x2E, 0x55, 0x16, 0x6B, 0xC9, 0x13, 0xA3, 0xFD, 0x30, 0x82, 0x06, 0xA1, 0x30, 0x82, + 0x04, 0x89, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x0A, 0x61, 0x07, 0x02, 0xDC, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x0B, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, + 0x05, 0x00, 0x30, 0x5F, 0x31, 0x13, 0x30, 0x11, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, + 0x2C, 0x64, 0x01, 0x19, 0x16, 0x03, 0x63, 0x6F, 0x6D, 0x31, 0x19, 0x30, 0x17, 0x06, 0x0A, 0x09, + 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x19, 0x16, 0x09, 0x6D, 0x69, 0x63, 0x72, 0x6F, + 0x73, 0x6F, 0x66, 0x74, 0x31, 0x2D, 0x30, 0x2B, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x24, 0x4D, + 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, + 0x69, 0x74, 0x79, 0x30, 0x1E, 0x17, 0x0D, 0x30, 0x35, 0x30, 0x39, 0x31, 0x35, 0x32, 0x31, 0x35, + 0x35, 0x34, 0x31, 0x5A, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x33, 0x31, 0x35, 0x32, 0x32, 0x30, 0x35, + 0x34, 0x31, 0x5A, 0x30, 0x81, 0x81, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0A, 0x57, 0x61, + 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6D, 0x6F, 0x6E, 0x64, 0x31, 0x1E, 0x30, 0x1C, 0x06, 0x03, + 0x55, 0x04, 0x0A, 0x13, 0x15, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x43, + 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x31, 0x2B, 0x30, 0x29, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x13, 0x22, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x57, + 0x69, 0x6E, 0x64, 0x6F, 0x77, 0x73, 0x20, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, + 0x69, 0x6F, 0x6E, 0x20, 0x50, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, + 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC5, 0xAC, 0x93, 0x4E, 0xE6, 0x4A, 0x11, 0x9E, + 0x37, 0xD0, 0x35, 0xD2, 0xB0, 0x06, 0x5C, 0x83, 0x14, 0xA5, 0x61, 0x92, 0xFC, 0xFE, 0xB3, 0x89, + 0xC1, 0xE6, 0xCD, 0xC8, 0x1F, 0x31, 0x84, 0x09, 0x91, 0x34, 0x46, 0x92, 0x2C, 0xB8, 0xEE, 0x2C, + 0xC5, 0x20, 0x73, 0xC4, 0xE8, 0x1A, 0xD8, 0x8D, 0xCE, 0x7A, 0x68, 0xB5, 0x66, 0x78, 0x8B, 0xE5, + 0x60, 0x15, 0xA2, 0xF6, 0x29, 0x5A, 0x1D, 0x5E, 0x5D, 0xFC, 0x62, 0xD3, 0xC1, 0x5C, 0x29, 0x89, + 0xFB, 0x33, 0xF8, 0x16, 0x95, 0x36, 0xDD, 0xB1, 0x46, 0x74, 0x69, 0x72, 0x53, 0xD5, 0xAA, 0xE8, + 0x8A, 0x99, 0x1A, 0xD8, 0xF7, 0x67, 0x09, 0xD9, 0x09, 0x20, 0x22, 0x38, 0x7A, 0xD6, 0x03, 0x23, + 0xD7, 0x89, 0x9F, 0x1C, 0x01, 0xB7, 0x51, 0xDF, 0x98, 0x66, 0x2A, 0x02, 0x8B, 0x06, 0xEC, 0xE4, + 0x29, 0xEF, 0x5B, 0x42, 0x17, 0x15, 0x97, 0x51, 0x8D, 0x7D, 0x25, 0x0A, 0xAF, 0x25, 0xE8, 0xDE, + 0xDC, 0x9B, 0x67, 0x16, 0x0A, 0x56, 0x73, 0x9D, 0xB3, 0x1D, 0x85, 0x83, 0x0B, 0x7E, 0x33, 0x2B, + 0x62, 0x33, 0xCE, 0x1C, 0x20, 0x81, 0x4B, 0x5E, 0xD3, 0xC6, 0x49, 0xB8, 0xF6, 0x2E, 0xD3, 0x4E, + 0xB0, 0x71, 0x44, 0x46, 0x64, 0x3E, 0xDE, 0x43, 0x66, 0x04, 0xB9, 0xCC, 0x83, 0x48, 0x3A, 0xC5, + 0x36, 0x7A, 0x04, 0x48, 0x0B, 0x89, 0x02, 0x3D, 0x63, 0xA2, 0x01, 0x76, 0x29, 0x97, 0x75, 0xE9, + 0x01, 0xE6, 0x00, 0x97, 0x09, 0x92, 0xF8, 0xE2, 0x27, 0xF0, 0x29, 0x67, 0x43, 0x77, 0xC3, 0x50, + 0x96, 0x53, 0x31, 0xE1, 0xB6, 0x71, 0x8B, 0xEC, 0x77, 0xC7, 0x7C, 0x31, 0x48, 0xD5, 0xB8, 0x25, + 0x22, 0x8C, 0x00, 0xF7, 0x28, 0x38, 0x7A, 0xBD, 0x7C, 0xC7, 0x3F, 0xCD, 0x40, 0x26, 0x77, 0xDD, + 0x00, 0x00, 0x11, 0x9A, 0x95, 0xBE, 0x1F, 0xDB, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x02, + 0x3A, 0x30, 0x82, 0x02, 0x36, 0x30, 0x10, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, + 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, + 0x04, 0x14, 0x90, 0x8B, 0x11, 0xA5, 0x70, 0xED, 0xE0, 0xF9, 0xA9, 0xC0, 0xAC, 0x08, 0xC7, 0xB5, + 0xF4, 0x82, 0xB1, 0x3C, 0xC5, 0x4A, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x04, 0x04, 0x03, + 0x02, 0x01, 0xC6, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xFF, 0x30, 0x81, 0x98, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0x90, 0x30, + 0x81, 0x8D, 0x80, 0x14, 0x0E, 0xAC, 0x82, 0x60, 0x40, 0x56, 0x27, 0x97, 0xE5, 0x25, 0x13, 0xFC, + 0x2A, 0xE1, 0x0A, 0x53, 0x95, 0x59, 0xE4, 0xA4, 0xA1, 0x63, 0xA4, 0x61, 0x30, 0x5F, 0x31, 0x13, + 0x30, 0x11, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x19, 0x16, 0x03, + 0x63, 0x6F, 0x6D, 0x31, 0x19, 0x30, 0x17, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, + 0x64, 0x01, 0x19, 0x16, 0x09, 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x31, 0x2D, + 0x30, 0x2B, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x24, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, + 0x66, 0x74, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, 0x82, 0x10, 0x79, + 0xAD, 0x16, 0xA1, 0x4A, 0xA0, 0xA5, 0xAD, 0x4C, 0x73, 0x58, 0xF4, 0x07, 0x13, 0x2E, 0x65, 0x30, + 0x50, 0x06, 0x03, 0x55, 0x1D, 0x1F, 0x04, 0x49, 0x30, 0x47, 0x30, 0x45, 0xA0, 0x43, 0xA0, 0x41, + 0x86, 0x3F, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x63, 0x72, 0x6C, 0x2E, 0x6D, 0x69, 0x63, + 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x70, 0x6B, 0x69, 0x2F, 0x63, + 0x72, 0x6C, 0x2F, 0x70, 0x72, 0x6F, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2F, 0x6D, 0x69, 0x63, 0x72, + 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x72, 0x6F, 0x6F, 0x74, 0x63, 0x65, 0x72, 0x74, 0x2E, 0x63, 0x72, + 0x6C, 0x30, 0x54, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x48, 0x30, + 0x46, 0x30, 0x44, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x38, 0x68, + 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x77, 0x77, 0x77, 0x2E, 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, + 0x6F, 0x66, 0x74, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x70, 0x6B, 0x69, 0x2F, 0x63, 0x65, 0x72, 0x74, + 0x73, 0x2F, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x52, 0x6F, 0x6F, 0x74, 0x43, + 0x65, 0x72, 0x74, 0x2E, 0x63, 0x72, 0x74, 0x30, 0x81, 0x80, 0x06, 0x03, 0x55, 0x1D, 0x20, 0x04, + 0x79, 0x30, 0x77, 0x30, 0x75, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x2F, + 0x30, 0x68, 0x30, 0x66, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x02, 0x30, 0x5A, + 0x1E, 0x58, 0x00, 0x43, 0x00, 0x6F, 0x00, 0x70, 0x00, 0x79, 0x00, 0x72, 0x00, 0x69, 0x00, 0x67, + 0x00, 0x68, 0x00, 0x74, 0x00, 0x20, 0x00, 0xA9, 0x00, 0x20, 0x00, 0x31, 0x00, 0x39, 0x00, 0x39, + 0x00, 0x39, 0x00, 0x2D, 0x00, 0x32, 0x00, 0x30, 0x00, 0x30, 0x00, 0x35, 0x00, 0x20, 0x00, 0x4D, + 0x00, 0x69, 0x00, 0x63, 0x00, 0x72, 0x00, 0x6F, 0x00, 0x73, 0x00, 0x6F, 0x00, 0x66, 0x00, 0x74, + 0x00, 0x20, 0x00, 0x43, 0x00, 0x6F, 0x00, 0x72, 0x00, 0x70, 0x00, 0x6F, 0x00, 0x72, 0x00, 0x61, + 0x00, 0x74, 0x00, 0x69, 0x00, 0x6F, 0x00, 0x6E, 0x00, 0x2E, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, + 0x25, 0x04, 0x18, 0x30, 0x16, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03, 0x06, + 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x0A, 0x03, 0x06, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x25, + 0x31, 0xA1, 0x58, 0xEA, 0x52, 0xE5, 0xE1, 0x17, 0x0C, 0xE6, 0xF1, 0x3F, 0x78, 0xA3, 0x3F, 0x72, + 0xAF, 0xA7, 0x57, 0x10, 0x53, 0x89, 0x10, 0x5E, 0x32, 0x9C, 0xB6, 0x70, 0xC3, 0x15, 0x2B, 0x4D, + 0x15, 0x30, 0x34, 0xE8, 0xC0, 0x6A, 0xE4, 0x1C, 0xD3, 0x2E, 0x20, 0x65, 0x48, 0xD7, 0x1B, 0x98, + 0x62, 0x21, 0xBA, 0x45, 0x9F, 0x4A, 0xEC, 0xDB, 0x2F, 0x09, 0x19, 0x51, 0xE5, 0xED, 0x32, 0x19, + 0x51, 0x2F, 0xE1, 0xDD, 0xFB, 0xC6, 0x52, 0xFD, 0xEB, 0xC6, 0x82, 0x25, 0x42, 0x03, 0x09, 0xA6, + 0x38, 0xB6, 0x36, 0x1F, 0xCC, 0xC9, 0x80, 0xBB, 0x5A, 0x69, 0x18, 0x31, 0xC3, 0xB3, 0xA0, 0xB3, + 0x67, 0x47, 0xBE, 0x9D, 0xC7, 0xE2, 0x3F, 0x96, 0xB3, 0x88, 0xF8, 0x19, 0xBE, 0x39, 0xB9, 0xE9, + 0x95, 0xCE, 0xFC, 0x7C, 0xAF, 0xA8, 0xCD, 0xD0, 0x41, 0x90, 0xE0, 0xD5, 0xB3, 0x1C, 0x2F, 0x68, + 0xBB, 0xDB, 0x0F, 0x6C, 0x6A, 0xDD, 0xF2, 0xAF, 0xDE, 0xF2, 0xB5, 0xDE, 0x0D, 0xB6, 0xA6, 0x5A, + 0xF0, 0x86, 0x0A, 0xB9, 0x6D, 0x99, 0x4B, 0x3F, 0x7B, 0x2D, 0x01, 0x84, 0x6C, 0x8F, 0x87, 0xDC, + 0x7F, 0x8F, 0xAB, 0x14, 0x88, 0xD0, 0x06, 0x91, 0x34, 0xBE, 0x1B, 0x82, 0x22, 0xA4, 0xBC, 0x55, + 0x8A, 0xAD, 0x9B, 0xFC, 0x73, 0x14, 0x10, 0xC4, 0xC9, 0x19, 0x1E, 0x07, 0x7D, 0x9B, 0x0E, 0xC0, + 0x95, 0x26, 0x5D, 0xC6, 0x1F, 0xAC, 0xB4, 0xF2, 0x7E, 0xBA, 0x25, 0x70, 0x4A, 0x7B, 0xD7, 0x8E, + 0xD1, 0x9D, 0xA0, 0x13, 0x49, 0x7A, 0xB0, 0x02, 0x52, 0x52, 0x24, 0xF4, 0xAF, 0xDD, 0x40, 0x2D, + 0xE5, 0x3E, 0x32, 0x58, 0xB3, 0x4A, 0x6A, 0xDD, 0x11, 0x59, 0xAA, 0x2D, 0xBC, 0xA4, 0xA0, 0x73, + 0x38, 0xF9, 0x40, 0x77, 0x6B, 0x34, 0x19, 0x57, 0xCD, 0x38, 0x68, 0x27, 0x82, 0xF8, 0xD1, 0x6F, + 0xEB, 0x23, 0xC0, 0x3F, 0x52, 0xF3, 0x4E, 0xD5, 0x02, 0x3E, 0x6A, 0x9A, 0x2B, 0xC1, 0xF5, 0x31, + 0x71, 0xDB, 0x41, 0x4D, 0x3B, 0xDE, 0xEF, 0xAD, 0xAF, 0x1F, 0x88, 0x65, 0x43, 0x1B, 0x51, 0xB7, + 0x9A, 0x75, 0xCA, 0x8E, 0x69, 0x49, 0x10, 0x8F, 0x78, 0x8A, 0x74, 0x45, 0xB9, 0x09, 0x8E, 0x73, + 0x77, 0x07, 0x32, 0x4A, 0x4B, 0xD7, 0x68, 0x2B, 0x98, 0xC5, 0xBA, 0x54, 0xEA, 0x3F, 0xCB, 0xA2, + 0x00, 0x8C, 0xBB, 0xD8, 0x10, 0x58, 0xF2, 0xDB, 0xDC, 0x9B, 0xCD, 0xD8, 0xEA, 0x48, 0x43, 0xE2, + 0x4A, 0x7E, 0x65, 0xB2, 0xDC, 0xF5, 0x2D, 0x4E, 0x25, 0x67, 0xA8, 0xE0, 0xB5, 0xBA, 0xA7, 0xDD, + 0x7E, 0x5E, 0xC1, 0x4C, 0x02, 0x74, 0xC9, 0xB3, 0x6E, 0xE3, 0xF8, 0xF0, 0x0B, 0xED, 0xFC, 0xB9, + 0x29, 0xC5, 0x5B, 0xC9, 0x36, 0x51, 0x90, 0xDB, 0x78, 0x7D, 0xB9, 0x32, 0x0F, 0x5E, 0x76, 0xD2, + 0x15, 0x5C, 0x3B, 0x37, 0x21, 0xC6, 0xDB, 0xC9, 0x19, 0x6E, 0xED, 0x74, 0x2A, 0x5C, 0x2C, 0x0B, + 0x51, 0x49, 0x45, 0x53, 0xB0, 0xB2, 0xB3, 0x23, 0xD4, 0xA1, 0xB0, 0x5F, 0x0D, 0x19, 0xCD, 0x14, + 0xA7, 0xE3, 0x3C, 0x9B, 0x97, 0x72, 0x94, 0x14, 0xDF, 0xFF, 0xC1, 0x90, 0x1B, 0xA5, 0xDF, 0xF5, + 0xA9, 0xF3, 0x1B, 0x17, 0xDA, 0xB5, 0xFC, 0x44, 0xE0, 0xE8, 0xE2, 0x3C, 0xA2, 0x7A, 0xBB, 0xBB, + 0x65, 0xE6, 0x4D, 0xB1, 0xB5, 0x15, 0xA1, 0xD9, 0x67, 0x3B, 0xB0, 0x0C, 0x7D, 0x3B, 0xE9, 0xEE, + 0x51, 0x2A, 0x47, 0xF5, 0x15, 0x0F, 0x8C, 0xAD, 0x5D, 0x2E, 0x35, 0xDF, 0xF4, 0xA4, 0x2E, 0xF6, + 0x13, 0x37, 0x5A, 0x2B, 0xE8, 0x55, 0x9A, 0x49, 0x2C, 0x97, 0xCE, 0x9D, 0x01, 0x9E, 0x97, 0x46, + 0x5C, 0xD9, 0x2D, 0xBC, 0x24, 0x5A, 0x95, 0x59, 0x6F, 0x4D, 0xCA, 0x9D, 0xD6, 0x57, 0x26, 0x31, + 0x82, 0x04, 0x96, 0x30, 0x82, 0x04, 0x92, 0x02, 0x01, 0x01, 0x30, 0x81, 0x90, 0x30, 0x81, 0x81, + 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, + 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, + 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, + 0x6D, 0x6F, 0x6E, 0x64, 0x31, 0x1E, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x15, 0x4D, + 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x43, 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, + 0x74, 0x69, 0x6F, 0x6E, 0x31, 0x2B, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x4D, + 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6E, 0x64, 0x6F, 0x77, 0x73, + 0x20, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x50, 0x43, + 0x41, 0x02, 0x0A, 0x61, 0x01, 0xC6, 0xC1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x30, 0x09, 0x06, + 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0xA0, 0x81, 0xBA, 0x30, 0x19, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x03, 0x31, 0x0C, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, + 0x01, 0x82, 0x37, 0x02, 0x01, 0x04, 0x30, 0x1C, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, + 0x37, 0x02, 0x01, 0x0B, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, + 0x37, 0x02, 0x01, 0x15, 0x30, 0x23, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, + 0x04, 0x31, 0x16, 0x04, 0x14, 0xC5, 0xC5, 0xC1, 0xC3, 0x46, 0xC4, 0x12, 0xB9, 0x38, 0xED, 0xE5, + 0x7E, 0x66, 0x78, 0x4E, 0x8F, 0x55, 0x10, 0x7D, 0xAC, 0x30, 0x5A, 0x06, 0x0A, 0x2B, 0x06, 0x01, + 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x0C, 0x31, 0x4C, 0x30, 0x4A, 0xA0, 0x24, 0x80, 0x22, 0x00, + 0x4D, 0x00, 0x69, 0x00, 0x63, 0x00, 0x72, 0x00, 0x6F, 0x00, 0x73, 0x00, 0x6F, 0x00, 0x66, 0x00, + 0x74, 0x00, 0x20, 0x00, 0x57, 0x00, 0x69, 0x00, 0x6E, 0x00, 0x64, 0x00, 0x6F, 0x00, 0x77, 0x00, + 0x73, 0xA1, 0x22, 0x80, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x77, 0x77, 0x77, 0x2E, + 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x77, 0x69, + 0x6E, 0x64, 0x6F, 0x77, 0x73, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x01, 0x00, 0xC0, 0x53, 0x19, 0xE7, 0x27, 0xE6, 0xD6, 0xD7, + 0xA8, 0xAE, 0xA0, 0xE6, 0x4C, 0xEF, 0x9A, 0xBC, 0x1D, 0x19, 0xD4, 0xC5, 0x7F, 0x7C, 0x71, 0xFF, + 0x14, 0x7C, 0xAD, 0x7A, 0x8F, 0x2D, 0x0F, 0x40, 0x38, 0x9B, 0x83, 0x09, 0xEE, 0xF5, 0x34, 0x92, + 0xB4, 0x85, 0x34, 0x7C, 0xBA, 0x9B, 0x58, 0x5D, 0xA6, 0x15, 0xDE, 0x99, 0xBF, 0x25, 0x89, 0xDB, + 0xC0, 0x3A, 0x98, 0x21, 0x1C, 0x25, 0x09, 0xBD, 0x41, 0xAA, 0x0F, 0x90, 0x6C, 0x62, 0xE9, 0xBD, + 0x1D, 0xDD, 0x7C, 0xA4, 0x1F, 0x19, 0x3F, 0xC8, 0x11, 0xF5, 0x1C, 0x9E, 0xEA, 0x2E, 0x1A, 0xCE, + 0x5A, 0x61, 0x8A, 0x77, 0xFA, 0x65, 0x1F, 0x03, 0xB4, 0x45, 0x02, 0x0F, 0xB4, 0x0E, 0xB9, 0x44, + 0xF6, 0x75, 0xF6, 0x67, 0x91, 0xAD, 0xFA, 0xF9, 0xC3, 0xFA, 0x63, 0x91, 0x58, 0xFE, 0x40, 0xDF, + 0x92, 0x6B, 0x59, 0x42, 0x44, 0x66, 0xD2, 0x88, 0x49, 0x59, 0x29, 0x1D, 0x6A, 0xF9, 0x93, 0x9B, + 0xD5, 0x38, 0x84, 0x96, 0xD7, 0xAF, 0xBA, 0xEC, 0x29, 0x8D, 0x06, 0x8C, 0x8B, 0xF4, 0xA1, 0x56, + 0x0F, 0x78, 0x3F, 0x35, 0xCB, 0x12, 0x8A, 0x85, 0xD5, 0x7C, 0xFC, 0x63, 0xDD, 0x72, 0xA1, 0x13, + 0xD3, 0x25, 0x4A, 0x59, 0x21, 0xD0, 0xC6, 0x47, 0x9F, 0x22, 0xF7, 0xF8, 0x32, 0xA2, 0x05, 0x2B, + 0x53, 0xC5, 0x96, 0x98, 0x0D, 0x39, 0x02, 0xAD, 0x85, 0xF7, 0x18, 0x73, 0x34, 0x12, 0x7F, 0x5A, + 0xCB, 0xE1, 0xA2, 0xFB, 0x4E, 0x25, 0x81, 0xF0, 0x9F, 0x7A, 0x79, 0xDB, 0x4F, 0x4B, 0x66, 0x44, + 0x30, 0x8E, 0x0D, 0x57, 0x23, 0xD3, 0x7F, 0x60, 0x87, 0xDE, 0xD0, 0x4C, 0x90, 0x90, 0x84, 0x64, + 0x70, 0xE8, 0x15, 0x65, 0xCA, 0x18, 0xF8, 0x9A, 0xB6, 0x0C, 0x24, 0xF5, 0xDF, 0xC3, 0x47, 0xE2, + 0x7C, 0xAD, 0x91, 0x70, 0x6D, 0xF8, 0x43, 0xE9, 0xA1, 0x82, 0x02, 0x1D, 0x30, 0x82, 0x02, 0x19, + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x06, 0x31, 0x82, 0x02, 0x0A, 0x30, + 0x82, 0x02, 0x06, 0x02, 0x01, 0x01, 0x30, 0x81, 0x85, 0x30, 0x77, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x13, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6D, 0x6F, 0x6E, 0x64, 0x31, + 0x1E, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x15, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, + 0x6F, 0x66, 0x74, 0x20, 0x43, 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x31, + 0x21, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x18, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, + 0x6F, 0x66, 0x74, 0x20, 0x54, 0x69, 0x6D, 0x65, 0x2D, 0x53, 0x74, 0x61, 0x6D, 0x70, 0x20, 0x50, + 0x43, 0x41, 0x02, 0x0A, 0x61, 0x03, 0xDC, 0xF6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C, 0x30, 0x07, + 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0xA0, 0x5D, 0x30, 0x18, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x03, 0x31, 0x0B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x07, 0x01, 0x30, 0x1C, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x05, + 0x31, 0x0F, 0x17, 0x0D, 0x30, 0x39, 0x30, 0x34, 0x32, 0x32, 0x30, 0x35, 0x35, 0x34, 0x33, 0x34, + 0x5A, 0x30, 0x23, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x04, 0x31, 0x16, + 0x04, 0x14, 0x74, 0xD7, 0x54, 0xA0, 0xC0, 0x9E, 0x62, 0xF0, 0xDD, 0x92, 0xDC, 0xD6, 0x96, 0x34, + 0xA1, 0x0B, 0xF0, 0xD5, 0xB5, 0x3A, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x01, 0x05, 0x05, 0x00, 0x04, 0x82, 0x01, 0x00, 0x8D, 0x16, 0xB5, 0xC8, 0x3D, 0xBC, 0x8A, + 0xB5, 0xC3, 0x23, 0xF3, 0x33, 0xB0, 0xFA, 0x75, 0xAD, 0xAC, 0x53, 0x0D, 0x5C, 0xF4, 0xD9, 0xBE, + 0x63, 0xEB, 0x0D, 0x6F, 0x69, 0x63, 0x91, 0xF8, 0x8E, 0x67, 0x03, 0xE1, 0xC6, 0x2E, 0xCD, 0x9C, + 0xEB, 0xDD, 0x9C, 0xCA, 0x65, 0x4A, 0xBB, 0xF2, 0xF4, 0x1C, 0x85, 0x44, 0xD6, 0x58, 0x70, 0x2E, + 0x3B, 0xFE, 0x97, 0xD0, 0xEC, 0x72, 0x77, 0x20, 0xA8, 0x20, 0xAC, 0xF0, 0xED, 0x86, 0xC4, 0xFF, + 0x3A, 0x3D, 0x40, 0xD9, 0xF6, 0xD5, 0x99, 0xBE, 0xCC, 0xD2, 0xD8, 0xBA, 0x71, 0x51, 0x60, 0xAA, + 0x72, 0x36, 0x13, 0x8B, 0x0A, 0xA9, 0xD6, 0xF5, 0x36, 0xE0, 0x44, 0x6B, 0xC1, 0x44, 0x42, 0x43, + 0x56, 0x1A, 0xD6, 0xF1, 0x5A, 0x98, 0xCC, 0xBA, 0xA9, 0x4C, 0xCF, 0xC9, 0x86, 0xC3, 0x5B, 0x1C, + 0xDF, 0x75, 0x22, 0x54, 0x6A, 0xF0, 0x18, 0x34, 0x0B, 0x29, 0xB0, 0x26, 0x07, 0x59, 0xB6, 0x52, + 0x7B, 0x69, 0x74, 0x11, 0x1B, 0xB8, 0x29, 0x19, 0x36, 0x0E, 0xB7, 0x65, 0xCB, 0x87, 0x09, 0x9E, + 0x03, 0x28, 0x6C, 0xDB, 0xA7, 0xFB, 0xDF, 0xC7, 0xF7, 0xCE, 0x0D, 0xC2, 0xBA, 0xEA, 0x3C, 0xE8, + 0x43, 0x1E, 0x7F, 0xF2, 0x64, 0xDA, 0x87, 0x89, 0xC0, 0xCD, 0x67, 0xE4, 0x84, 0x9B, 0xA7, 0x77, + 0xFA, 0x6C, 0x69, 0x19, 0x5B, 0xD1, 0xF7, 0xD9, 0x07, 0x91, 0x50, 0xDD, 0x98, 0x26, 0x10, 0xE3, + 0x2E, 0x39, 0x62, 0xF0, 0x56, 0xE9, 0xD9, 0x5C, 0x85, 0x67, 0x9B, 0x2F, 0xDE, 0xD1, 0x00, 0x45, + 0x0E, 0x99, 0x1F, 0xDF, 0x7E, 0xC9, 0x10, 0x56, 0xC7, 0x00, 0x6D, 0x5F, 0x23, 0x57, 0x12, 0x84, + 0xCD, 0xAC, 0x82, 0xAE, 0x39, 0x52, 0xA5, 0x19, 0x23, 0xA3, 0x6B, 0xE7, 0x49, 0x8F, 0x86, 0x74, + 0x46, 0x41, 0x2A, 0x0F, 0x3D, 0x29, 0xB7, 0xAE, 0x8C, 0x00 + }; + +// +// Sample MSFT's root certificate for code signing. +// A trusted certificate with self-signing, will be used to construct the certificate chains for +// authority checking. +// +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 MsftRootCert[] = { + 0x30, 0x82, 0x05, 0x99, 0x30, 0x82, 0x03, 0x81, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x79, + 0xAD, 0x16, 0xA1, 0x4A, 0xA0, 0xA5, 0xAD, 0x4C, 0x73, 0x58, 0xF4, 0x07, 0x13, 0x2E, 0x65, 0x30, + 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x5F, + 0x31, 0x13, 0x30, 0x11, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x19, + 0x16, 0x03, 0x63, 0x6F, 0x6D, 0x31, 0x19, 0x30, 0x17, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, + 0xF2, 0x2C, 0x64, 0x01, 0x19, 0x16, 0x09, 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, + 0x31, 0x2D, 0x30, 0x2B, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x24, 0x4D, 0x69, 0x63, 0x72, 0x6F, + 0x73, 0x6F, 0x66, 0x74, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, 0x30, + 0x1E, 0x17, 0x0D, 0x30, 0x31, 0x30, 0x35, 0x30, 0x39, 0x32, 0x33, 0x31, 0x39, 0x32, 0x32, 0x5A, + 0x17, 0x0D, 0x32, 0x31, 0x30, 0x35, 0x30, 0x39, 0x32, 0x33, 0x32, 0x38, 0x31, 0x33, 0x5A, 0x30, + 0x5F, 0x31, 0x13, 0x30, 0x11, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, + 0x19, 0x16, 0x03, 0x63, 0x6F, 0x6D, 0x31, 0x19, 0x30, 0x17, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, + 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x19, 0x16, 0x09, 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, + 0x74, 0x31, 0x2D, 0x30, 0x2B, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x24, 0x4D, 0x69, 0x63, 0x72, + 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, + 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, + 0x30, 0x82, 0x02, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0F, 0x00, 0x30, 0x82, 0x02, 0x0A, 0x02, 0x82, 0x02, 0x01, + 0x00, 0xF3, 0x5D, 0xFA, 0x80, 0x67, 0xD4, 0x5A, 0xA7, 0xA9, 0x0C, 0x2C, 0x90, 0x20, 0xD0, 0x35, + 0x08, 0x3C, 0x75, 0x84, 0xCD, 0xB7, 0x07, 0x89, 0x9C, 0x89, 0xDA, 0xDE, 0xCE, 0xC3, 0x60, 0xFA, + 0x91, 0x68, 0x5A, 0x9E, 0x94, 0x71, 0x29, 0x18, 0x76, 0x7C, 0xC2, 0xE0, 0xC8, 0x25, 0x76, 0x94, + 0x0E, 0x58, 0xFA, 0x04, 0x34, 0x36, 0xE6, 0xDF, 0xAF, 0xF7, 0x80, 0xBA, 0xE9, 0x58, 0x0B, 0x2B, + 0x93, 0xE5, 0x9D, 0x05, 0xE3, 0x77, 0x22, 0x91, 0xF7, 0x34, 0x64, 0x3C, 0x22, 0x91, 0x1D, 0x5E, + 0xE1, 0x09, 0x90, 0xBC, 0x14, 0xFE, 0xFC, 0x75, 0x58, 0x19, 0xE1, 0x79, 0xB7, 0x07, 0x92, 0xA3, + 0xAE, 0x88, 0x59, 0x08, 0xD8, 0x9F, 0x07, 0xCA, 0x03, 0x58, 0xFC, 0x68, 0x29, 0x6D, 0x32, 0xD7, + 0xD2, 0xA8, 0xCB, 0x4B, 0xFC, 0xE1, 0x0B, 0x48, 0x32, 0x4F, 0xE6, 0xEB, 0xB8, 0xAD, 0x4F, 0xE4, + 0x5C, 0x6F, 0x13, 0x94, 0x99, 0xDB, 0x95, 0xD5, 0x75, 0xDB, 0xA8, 0x1A, 0xB7, 0x94, 0x91, 0xB4, + 0x77, 0x5B, 0xF5, 0x48, 0x0C, 0x8F, 0x6A, 0x79, 0x7D, 0x14, 0x70, 0x04, 0x7D, 0x6D, 0xAF, 0x90, + 0xF5, 0xDA, 0x70, 0xD8, 0x47, 0xB7, 0xBF, 0x9B, 0x2F, 0x6C, 0xE7, 0x05, 0xB7, 0xE1, 0x11, 0x60, + 0xAC, 0x79, 0x91, 0x14, 0x7C, 0xC5, 0xD6, 0xA6, 0xE4, 0xE1, 0x7E, 0xD5, 0xC3, 0x7E, 0xE5, 0x92, + 0xD2, 0x3C, 0x00, 0xB5, 0x36, 0x82, 0xDE, 0x79, 0xE1, 0x6D, 0xF3, 0xB5, 0x6E, 0xF8, 0x9F, 0x33, + 0xC9, 0xCB, 0x52, 0x7D, 0x73, 0x98, 0x36, 0xDB, 0x8B, 0xA1, 0x6B, 0xA2, 0x95, 0x97, 0x9B, 0xA3, + 0xDE, 0xC2, 0x4D, 0x26, 0xFF, 0x06, 0x96, 0x67, 0x25, 0x06, 0xC8, 0xE7, 0xAC, 0xE4, 0xEE, 0x12, + 0x33, 0x95, 0x31, 0x99, 0xC8, 0x35, 0x08, 0x4E, 0x34, 0xCA, 0x79, 0x53, 0xD5, 0xB5, 0xBE, 0x63, + 0x32, 0x59, 0x40, 0x36, 0xC0, 0xA5, 0x4E, 0x04, 0x4D, 0x3D, 0xDB, 0x5B, 0x07, 0x33, 0xE4, 0x58, + 0xBF, 0xEF, 0x3F, 0x53, 0x64, 0xD8, 0x42, 0x59, 0x35, 0x57, 0xFD, 0x0F, 0x45, 0x7C, 0x24, 0x04, + 0x4D, 0x9E, 0xD6, 0x38, 0x74, 0x11, 0x97, 0x22, 0x90, 0xCE, 0x68, 0x44, 0x74, 0x92, 0x6F, 0xD5, + 0x4B, 0x6F, 0xB0, 0x86, 0xE3, 0xC7, 0x36, 0x42, 0xA0, 0xD0, 0xFC, 0xC1, 0xC0, 0x5A, 0xF9, 0xA3, + 0x61, 0xB9, 0x30, 0x47, 0x71, 0x96, 0x0A, 0x16, 0xB0, 0x91, 0xC0, 0x42, 0x95, 0xEF, 0x10, 0x7F, + 0x28, 0x6A, 0xE3, 0x2A, 0x1F, 0xB1, 0xE4, 0xCD, 0x03, 0x3F, 0x77, 0x71, 0x04, 0xC7, 0x20, 0xFC, + 0x49, 0x0F, 0x1D, 0x45, 0x88, 0xA4, 0xD7, 0xCB, 0x7E, 0x88, 0xAD, 0x8E, 0x2D, 0xEC, 0x45, 0xDB, + 0xC4, 0x51, 0x04, 0xC9, 0x2A, 0xFC, 0xEC, 0x86, 0x9E, 0x9A, 0x11, 0x97, 0x5B, 0xDE, 0xCE, 0x53, + 0x88, 0xE6, 0xE2, 0xB7, 0xFD, 0xAC, 0x95, 0xC2, 0x28, 0x40, 0xDB, 0xEF, 0x04, 0x90, 0xDF, 0x81, + 0x33, 0x39, 0xD9, 0xB2, 0x45, 0xA5, 0x23, 0x87, 0x06, 0xA5, 0x55, 0x89, 0x31, 0xBB, 0x06, 0x2D, + 0x60, 0x0E, 0x41, 0x18, 0x7D, 0x1F, 0x2E, 0xB5, 0x97, 0xCB, 0x11, 0xEB, 0x15, 0xD5, 0x24, 0xA5, + 0x94, 0xEF, 0x15, 0x14, 0x89, 0xFD, 0x4B, 0x73, 0xFA, 0x32, 0x5B, 0xFC, 0xD1, 0x33, 0x00, 0xF9, + 0x59, 0x62, 0x70, 0x07, 0x32, 0xEA, 0x2E, 0xAB, 0x40, 0x2D, 0x7B, 0xCA, 0xDD, 0x21, 0x67, 0x1B, + 0x30, 0x99, 0x8F, 0x16, 0xAA, 0x23, 0xA8, 0x41, 0xD1, 0xB0, 0x6E, 0x11, 0x9B, 0x36, 0xC4, 0xDE, + 0x40, 0x74, 0x9C, 0xE1, 0x58, 0x65, 0xC1, 0x60, 0x1E, 0x7A, 0x5B, 0x38, 0xC8, 0x8F, 0xBB, 0x04, + 0x26, 0x7C, 0xD4, 0x16, 0x40, 0xE5, 0xB6, 0x6B, 0x6C, 0xAA, 0x86, 0xFD, 0x00, 0xBF, 0xCE, 0xC1, + 0x35, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x51, 0x30, 0x4F, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x1D, + 0x0F, 0x04, 0x04, 0x03, 0x02, 0x01, 0xC6, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, + 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, + 0x16, 0x04, 0x14, 0x0E, 0xAC, 0x82, 0x60, 0x40, 0x56, 0x27, 0x97, 0xE5, 0x25, 0x13, 0xFC, 0x2A, + 0xE1, 0x0A, 0x53, 0x95, 0x59, 0xE4, 0xA4, 0x30, 0x10, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, + 0x82, 0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0xC5, 0x11, 0x4D, + 0x03, 0x3A, 0x60, 0xDD, 0x5D, 0x52, 0x11, 0x77, 0x8F, 0xB2, 0xBB, 0x36, 0xC8, 0xB2, 0x05, 0xBF, + 0xB4, 0xB7, 0xA8, 0xD8, 0x20, 0x9D, 0x5C, 0x13, 0x03, 0xB6, 0x1C, 0x22, 0xFA, 0x06, 0x13, 0x35, + 0xB6, 0xC8, 0x63, 0xD4, 0x9A, 0x47, 0x6F, 0x26, 0x57, 0xD2, 0x55, 0xF1, 0x04, 0xB1, 0x26, 0x5F, + 0xD6, 0xA9, 0x50, 0x68, 0xA0, 0xBC, 0xD2, 0xB8, 0x6E, 0xCC, 0xC3, 0xE9, 0xAC, 0xDF, 0x19, 0xCD, + 0x78, 0xAC, 0x59, 0x74, 0xAC, 0x66, 0x34, 0x36, 0xC4, 0x1B, 0x3E, 0x6C, 0x38, 0x4C, 0x33, 0x0E, + 0x30, 0x12, 0x0D, 0xA3, 0x26, 0xFE, 0x51, 0x53, 0x00, 0xFF, 0xAF, 0x5A, 0x4E, 0x84, 0x0D, 0x0F, + 0x1F, 0xE4, 0x6D, 0x05, 0x2E, 0x4E, 0x85, 0x4B, 0x8D, 0x6C, 0x33, 0x6F, 0x54, 0xD2, 0x64, 0xAB, + 0xBF, 0x50, 0xAF, 0x7D, 0x7A, 0x39, 0xA0, 0x37, 0xED, 0x63, 0x03, 0x0F, 0xFC, 0x13, 0x06, 0xCE, + 0x16, 0x36, 0xD4, 0x54, 0x3B, 0x95, 0x1B, 0x51, 0x62, 0x3A, 0xE5, 0x4D, 0x17, 0xD4, 0x05, 0x39, + 0x92, 0x9A, 0x27, 0xA8, 0x5B, 0xAA, 0xBD, 0xEC, 0xBB, 0xBE, 0xE3, 0x20, 0x89, 0x60, 0x71, 0x6C, + 0x56, 0xB3, 0xA5, 0x13, 0xD0, 0x6D, 0x0E, 0x23, 0x7E, 0x95, 0x03, 0xED, 0x68, 0x3D, 0xF2, 0xD8, + 0x63, 0xB8, 0x6B, 0x4D, 0xB6, 0xE8, 0x30, 0xB5, 0xE1, 0xCA, 0x94, 0x4B, 0xF7, 0xA2, 0xAA, 0x5D, + 0x99, 0x30, 0xB2, 0x3D, 0xA7, 0xC2, 0x51, 0x6C, 0x28, 0x20, 0x01, 0x24, 0x27, 0x2B, 0x4B, 0x00, + 0xB7, 0x9D, 0x11, 0x6B, 0x70, 0xBE, 0xB2, 0x10, 0x82, 0xBC, 0x0C, 0x9B, 0x68, 0xD0, 0x8D, 0x3B, + 0x24, 0x87, 0xAA, 0x99, 0x28, 0x72, 0x9D, 0x33, 0x5F, 0x59, 0x90, 0xBD, 0xF5, 0xDE, 0x93, 0x9E, + 0x3A, 0x62, 0x5A, 0x34, 0x39, 0xE2, 0x88, 0x55, 0x1D, 0xB9, 0x06, 0xB0, 0xC1, 0x89, 0x6B, 0x2D, + 0xD7, 0x69, 0xC3, 0x19, 0x12, 0x36, 0x84, 0xD0, 0xC9, 0xA0, 0xDA, 0xFF, 0x2F, 0x69, 0x78, 0xB2, + 0xE5, 0x7A, 0xDA, 0xEB, 0xD7, 0x0C, 0xC0, 0xF7, 0xBD, 0x63, 0x17, 0xB8, 0x39, 0x13, 0x38, 0xA2, + 0x36, 0x5B, 0x7B, 0xF2, 0x85, 0x56, 0x6A, 0x1D, 0x64, 0x62, 0xC1, 0x38, 0xE2, 0xAA, 0xBF, 0x51, + 0x66, 0xA2, 0x94, 0xF5, 0x12, 0x9C, 0x66, 0x22, 0x10, 0x6B, 0xF2, 0xB7, 0x30, 0x92, 0x2D, 0xF2, + 0x29, 0xF0, 0x3D, 0x3B, 0x14, 0x43, 0x68, 0xA2, 0xF1, 0x9C, 0x29, 0x37, 0xCB, 0xCE, 0x38, 0x20, + 0x25, 0x6D, 0x7C, 0x67, 0xF3, 0x7E, 0x24, 0x12, 0x24, 0x03, 0x08, 0x81, 0x47, 0xEC, 0xA5, 0x9E, + 0x97, 0xF5, 0x18, 0xD7, 0xCF, 0xBB, 0xD5, 0xEF, 0x76, 0x96, 0xEF, 0xFD, 0xCE, 0xDB, 0x56, 0x9D, + 0x95, 0xA0, 0x42, 0xF9, 0x97, 0x58, 0xE1, 0xD7, 0x31, 0x22, 0xD3, 0x5F, 0x59, 0xE6, 0x3E, 0x6E, + 0x22, 0x00, 0xEA, 0x43, 0x84, 0xB6, 0x25, 0xDB, 0xD9, 0xF3, 0x08, 0x56, 0x68, 0xC0, 0x64, 0x6B, + 0x1D, 0x7C, 0xEC, 0xB6, 0x93, 0xA2, 0x62, 0x57, 0x6E, 0x2E, 0xD8, 0xE7, 0x58, 0x8F, 0xC4, 0x31, + 0x49, 0x26, 0xDD, 0xDE, 0x29, 0x35, 0x87, 0xF5, 0x30, 0x71, 0x70, 0x5B, 0x14, 0x3C, 0x69, 0xBD, + 0x89, 0x12, 0x7D, 0xEB, 0x2E, 0xA3, 0xFE, 0xD8, 0x7F, 0x9E, 0x82, 0x5A, 0x52, 0x0A, 0x2B, 0xC1, + 0x43, 0x2B, 0xD9, 0x30, 0x88, 0x9F, 0xC8, 0x10, 0xFB, 0x89, 0x8D, 0xE6, 0xA1, 0x85, 0x75, 0x33, + 0x7E, 0x6C, 0x9E, 0xDB, 0x73, 0x13, 0x64, 0x62, 0x69, 0xA5, 0x2F, 0x7D, 0xCA, 0x96, 0x6D, 0x9F, + 0xF8, 0x04, 0x4D, 0x30, 0x92, 0x3D, 0x6E, 0x21, 0x14, 0x21, 0xC9, 0x3D, 0xE0, 0xC3, 0xFD, 0x8A, + 0x6B, 0x9D, 0x4A, 0xFD, 0xD1, 0xA1, 0x9D, 0x99, 0x43, 0x77, 0x3F, 0xB0, 0xDA +}; + + +/** + Validate MSFT Authenticode using PKCS#7 Verification Interfaces. + + @return EFI_SUCCESS Validation succeeds. + +**/ +BOOLEAN +AuthenticodeVerify ( + VOID + ) +{ + UINT8 *SpcIndirectDataContent; + UINTN Size; + BOOLEAN Status; + + // + // Construct SpcIndirectDataContent with the SHA-1 digest calculated from PE/COFF image + // + Size = sizeof (SpcIndirectDataContentwithSha1); + SpcIndirectDataContent = (UINT8 *)AllocatePool (Size); + CopyMem (SpcIndirectDataContent, SpcIndirectDataContentwithSha1, Size); + CopyMem (SpcIndirectDataContent + Size - SHA1_DIGEST_SIZE, PeHash, SHA1_DIGEST_SIZE); + + // + // Verify Authenticode struct. SpcIndirectDataContent will be regarded as opaque data for + // PKCS#7 signed data verification. + // + Status = Pkcs7Verify ( + Authenticode, + sizeof (Authenticode), + MsftRootCert, + sizeof (MsftRootCert), + SpcIndirectDataContent, + Size + ); + FreePool (SpcIndirectDataContent); + + return Status; +} diff --git a/CryptoPkg/Application/Cryptest/Cryptest.c b/CryptoPkg/Application/Cryptest/Cryptest.c new file mode 100644 index 0000000000..6afe299d1e --- /dev/null +++ b/CryptoPkg/Application/Cryptest/Cryptest.c @@ -0,0 +1,372 @@ +/** @file + Application for Cryptographic Primitives Validation. + +Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include +#include +#include +#include +#include +#include + +#include + +// +// Max Known Digest Size is SHA512 Output (64 bytes) by far +// +#define MAX_DIGEST_SIZE 64 + +// +// Message string for digest validation +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 *HashData = "abc"; + +// +// Result for MD5("abc"). (From "A.5 Test suite" of IETF RFC1321) +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Md5Digest[MD5_DIGEST_SIZE] = { + 0x90, 0x01, 0x50, 0x98, 0x3c, 0xd2, 0x4f, 0xb0, 0xd6, 0x96, 0x3f, 0x7d, 0x28, 0xe1, 0x7f, 0x72 + }; + +// +// Result for SHA-1("abc"). (From "A.1 SHA-1 Example" of NIST FIPS 180-2) +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Sha1Digest[SHA1_DIGEST_SIZE] = { + 0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a, 0xba, 0x3e, 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c, + 0x9c, 0xd0, 0xd8, 0x9d + }; + +// +// Result for SHA-256("abc"). (From "B.1 SHA-256 Example" of NIST FIPS 180-2) +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Sha256Digest[SHA256_DIGEST_SIZE] = { + 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, + 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad + }; + +// +// RSA PKCS#1 Validation Data from OpenSSL "Fips_rsa_selftest.c" +// + +// Public Modulus of RSA Key +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 RsaN[] = { + 0xBB, 0xF8, 0x2F, 0x09, 0x06, 0x82, 0xCE, 0x9C, 0x23, 0x38, 0xAC, 0x2B, 0x9D, 0xA8, 0x71, 0xF7, + 0x36, 0x8D, 0x07, 0xEE, 0xD4, 0x10, 0x43, 0xA4, 0x40, 0xD6, 0xB6, 0xF0, 0x74, 0x54, 0xF5, 0x1F, + 0xB8, 0xDF, 0xBA, 0xAF, 0x03, 0x5C, 0x02, 0xAB, 0x61, 0xEA, 0x48, 0xCE, 0xEB, 0x6F, 0xCD, 0x48, + 0x76, 0xED, 0x52, 0x0D, 0x60, 0xE1, 0xEC, 0x46, 0x19, 0x71, 0x9D, 0x8A, 0x5B, 0x8B, 0x80, 0x7F, + 0xAF, 0xB8, 0xE0, 0xA3, 0xDF, 0xC7, 0x37, 0x72, 0x3E, 0xE6, 0xB4, 0xB7, 0xD9, 0x3A, 0x25, 0x84, + 0xEE, 0x6A, 0x64, 0x9D, 0x06, 0x09, 0x53, 0x74, 0x88, 0x34, 0xB2, 0x45, 0x45, 0x98, 0x39, 0x4E, + 0xE0, 0xAA, 0xB1, 0x2D, 0x7B, 0x61, 0xA5, 0x1F, 0x52, 0x7A, 0x9A, 0x41, 0xF6, 0xC1, 0x68, 0x7F, + 0xE2, 0x53, 0x72, 0x98, 0xCA, 0x2A, 0x8F, 0x59, 0x46, 0xF8, 0xE5, 0xFD, 0x09, 0x1D, 0xBD, 0xCB + }; + +// Public Exponent of RSA Key +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 RsaE[] = { 0x11 }; + +// Known Answer Test (KAT) Data for RSA PKCS#1 Signing +GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 RsaSignData[] = "OpenSSL FIPS 140-2 Public Key RSA KAT"; + +// Known Signature for the above message, under SHA-1 Digest +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 RsaPkcs1Signature[] = { + 0x71, 0xEE, 0x1A, 0xC0, 0xFE, 0x01, 0x93, 0x54, 0x79, 0x5C, 0xF2, 0x4C, 0x4A, 0xFD, 0x1A, 0x05, + 0x8F, 0x64, 0xB1, 0x6D, 0x61, 0x33, 0x8D, 0x9B, 0xE7, 0xFD, 0x60, 0xA3, 0x83, 0xB5, 0xA3, 0x51, + 0x55, 0x77, 0x90, 0xCF, 0xDC, 0x22, 0x37, 0x8E, 0xD0, 0xE1, 0xAE, 0x09, 0xE3, 0x3D, 0x1E, 0xF8, + 0x80, 0xD1, 0x8B, 0xC2, 0xEC, 0x0A, 0xD7, 0x6B, 0x88, 0x8B, 0x8B, 0xA1, 0x20, 0x22, 0xBE, 0x59, + 0x5B, 0xE0, 0x23, 0x24, 0xA1, 0x49, 0x30, 0xBA, 0xA9, 0x9E, 0xE8, 0xB1, 0x8A, 0x62, 0x16, 0xBF, + 0x4E, 0xCA, 0x2E, 0x4E, 0xBC, 0x29, 0xA8, 0x67, 0x13, 0xB7, 0x9F, 0x1D, 0x04, 0x44, 0xE5, 0x5F, + 0x35, 0x07, 0x11, 0xBC, 0xED, 0x19, 0x37, 0x21, 0xCF, 0x23, 0x48, 0x1F, 0x72, 0x05, 0xDE, 0xE6, + 0xE8, 0x7F, 0x33, 0x8A, 0x76, 0x4B, 0x2F, 0x95, 0xDF, 0xF1, 0x5F, 0x84, 0x80, 0xD9, 0x46, 0xB4 + }; + +/** + Validate MSFT Authenticode using PKCS#7 Verification Interfaces. + + @return EFI_SUCCESS Validation succeeds. + +**/ +BOOLEAN +AuthenticodeVerify ( + VOID + ); + +/** + Validate UEFI-OpenSSL Digest Interfaces. + + @return EFI_SUCCESS Validation succeeded. + +**/ +EFI_STATUS +ValidateCryptDigest ( + VOID + ) +{ + UINTN CtxSize; + VOID *HashCtx; + UINTN DataSize; + UINT8 Digest[MAX_DIGEST_SIZE]; + UINTN Index; + BOOLEAN Status; + + Print (L" UEFI-OpenSSL Hash Engine Testing (Hashing(\"abc\")): "); + DataSize = AsciiStrLen (HashData); + + // + // MD5 Digest Validation + // + ZeroMem (Digest, MAX_DIGEST_SIZE); + CtxSize = Md5GetContextSize (); + HashCtx = AllocatePool (CtxSize); + Status = Md5Init (HashCtx); + Status = Md5Update (HashCtx, HashData, DataSize); + Status = Md5Final (HashCtx, Digest); + FreePool (HashCtx); + Print (L"\n - MD5 Digest: \n = 0x"); + for (Index = 0; Index < MD5_DIGEST_SIZE; Index++) { + Print (L"%02x", Digest[Index]); + } + if (CompareMem (Digest, Md5Digest, MD5_DIGEST_SIZE) == 0) { + Print (L" [Pass]"); + } else { + Print (L" [Failed]"); + } + + // + // SHA-1 Digest Validation + // + ZeroMem (Digest, MAX_DIGEST_SIZE); + CtxSize = Sha1GetContextSize (); + HashCtx = AllocatePool (CtxSize); + Status = Sha1Init (HashCtx); + Status = Sha1Update (HashCtx, HashData, DataSize); + Status = Sha1Final (HashCtx, Digest); + FreePool (HashCtx); + Print (L"\n - SHA-1 Digest: \n = 0x"); + for (Index = 0; Index < SHA1_DIGEST_SIZE; Index++) { + Print (L"%02x", Digest[Index]); + } + if (CompareMem (Digest, Sha1Digest, SHA1_DIGEST_SIZE) == 0) { + Print (L" [Pass]"); + } else { + Print (L" [Failed]"); + } + + // + // SHA256 Digest Validation + // + ZeroMem (Digest, MAX_DIGEST_SIZE); + CtxSize = Sha256GetContextSize (); + HashCtx = AllocatePool (CtxSize); + Status = Sha256Init (HashCtx); + Status = Sha256Update (HashCtx, HashData, DataSize); + Status = Sha256Final (HashCtx, Digest); + FreePool (HashCtx); + Print (L"\n - SHA-256 Digest: \n = 0x"); + for (Index = 0; Index < SHA256_DIGEST_SIZE; Index++) { + Print (L"%02x", Digest[Index]); + } + if (CompareMem (Digest, Sha256Digest, SHA256_DIGEST_SIZE) == 0) { + Print (L" [Pass]"); + } else { + Print (L" [Failed]"); + } + + Print (L"\n"); + + return EFI_SUCCESS; +} + + +/** + Validate UEFI-OpenSSL Message Authentication Codes Interfaces. + + @return EFI_SUCCESS Validation succeeded. + +**/ +EFI_STATUS +ValidateCryptHmac ( + VOID + ) +{ + Print (L"\n UEFI-OpenSSL HMAC Engine Testing: "); + Print (L"\n ==> No HMAC Support in Base Crypto Library!\n"); + + return EFI_SUCCESS; +} + + +/** + Validate UEFI-OpenSSL Block Ciphers (Symmetric Crypto) Interfaces. + + @return EFI_SUCCESS Validation succeeded. + +**/ +EFI_STATUS +ValidateCryptBlockCipher ( + VOID + ) +{ + Print (L"\n UEFI-OpenSSL Block Cipher Engine Testing: "); + Print (L"\n ==> No Block Cipher Support in Base Crypto Library!\n"); + + return EFI_SUCCESS; +} + + +/** + Validate UEFI-OpenSSL RSA Interfaces. + + @return EFI_SUCCESS Validation succeeded. + +**/ +EFI_STATUS +ValidateCryptRsa ( + VOID + ) +{ + VOID *Rsa; + UINT8 mHash[SHA1_DIGEST_SIZE]; + UINTN HashSize; + UINTN CtxSize; + VOID *Sha1Ctx; + UINT8 *Signature; + UINTN SigSize; + BOOLEAN Status; + + Print (L"\n UEFI-OpenSSL RSA Engine Testing: "); + + // + // Generate & Initialize RSA Context + // + Rsa = RsaNew (); + Print (L"\n - Generate RSA Context .............. "); + if (Rsa != NULL) { + Print (L"[Pass]"); + } else { + Print (L"[Failed]"); + } + + // + // Set RSA Key Components + // NOTE: Only N and E are needed to be set as RSA public key for signature verification + // + Print (L"\n - Set RSA Key Components ............ "); + Status = RsaSetKey (Rsa, RsaKeyN, RsaN, sizeof (RsaN)); + Status = RsaSetKey (Rsa, RsaKeyE, RsaE, sizeof (RsaE)); + if (Status) { + Print (L"[Pass]"); + } else { + Print (L"[Failed]"); + } + + // + // SHA-1 Digest Message for PKCS#1 Signature + // + Print (L"\n - Hash Original Message ............. "); + HashSize = SHA1_DIGEST_SIZE; + ZeroMem (mHash, HashSize); + CtxSize = Sha1GetContextSize (); + Sha1Ctx = AllocatePool (CtxSize); + Status = Sha1Init (Sha1Ctx); + Status = Sha1Update (Sha1Ctx, RsaSignData, AsciiStrLen (RsaSignData)); + Status = Sha1Final (Sha1Ctx, mHash); + FreePool (Sha1Ctx); + if (Status) { + Print (L"[Pass]"); + } else { + Print (L"[Failed]"); + } + + // + // Verify RSA PKCS#1-encoded Signature + // + Print (L"\n - PKCS#1 Signature Verification ..... "); + SigSize = sizeof (RsaPkcs1Signature); + Signature = (UINT8 *)AllocatePool (SigSize); + CopyMem (Signature, RsaPkcs1Signature, SigSize); + Status = RsaPkcs1Verify (Rsa, mHash, HashSize, Signature, SigSize); + if (Status) { + Print (L"[Pass]"); + } else { + Print (L"[Failed]"); + } + + // + // Release Resources + // + RsaFree (Rsa); + Print (L"\n - Release RSA Context ............... [Pass]"); + + Print (L"\n"); + + return EFI_SUCCESS; +} + +/** + Validate UEFI-OpenSSL PKCS#7 Verification Interfaces. + + @return EFI_SUCCESS Validation succeeded. + +**/ +EFI_STATUS +ValidateAuthenticode ( + VOID + ) +{ + Print (L"\n UEFI-OpenSSL PKCS#7-Signed-Data Testing: "); + + Print (L"\n - Authenticode (PKCS#7 Signed Data) Verification ... "); + + if (AuthenticodeVerify ()) { + Print (L"[Pass]"); + } else { + Print (L"[Failed]"); + } + + Print (L"\n"); + + return EFI_SUCCESS; +} + + +/** + Entry Point of Cryptographic Validation Utility. + + @param ImageHandle The image handle of the UEFI Application. + @param SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval other Some error occurs when executing this entry point. + +**/ +EFI_STATUS +EFIAPI +CryptestMain ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + + Print (L"\nUEFI-OpenSSL Wrapper Cryptosystem Testing: \n"); + Print (L"-------------------------------------------- \n"); + + Status = EFI_SUCCESS; + Status = ValidateCryptDigest (); + Status = ValidateCryptHmac (); + Status = ValidateCryptBlockCipher (); + Status = ValidateCryptRsa (); + Status = ValidateAuthenticode (); + + return Status; +} diff --git a/CryptoPkg/Application/Cryptest/Cryptest.inf b/CryptoPkg/Application/Cryptest/Cryptest.inf new file mode 100644 index 0000000000..85172944a8 --- /dev/null +++ b/CryptoPkg/Application/Cryptest/Cryptest.inf @@ -0,0 +1,47 @@ +## @file +# UEFI Application for the Validation of cryptography library +# (based on OpenSSL 0.9.8l). +# This is a shell application that will test the crypto library. +# +# Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Cryptest + FILE_GUID = fb925ac7-192a-9567-8586-7c6f5f710607 + MODULE_TYPE = UEFI_APPLICATION + VERSION_STRING = 1.0 + ENTRY_POINT = CryptestMain + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF +# + +[Sources] + Cryptest.c + AuthenticodeVerify.c + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + UefiApplicationEntryPoint + UefiLib + BaseLib + UefiBootServicesTableLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + BaseCryptLib diff --git a/CryptoPkg/CryptRuntimeDxe/CryptRuntime.c b/CryptoPkg/CryptRuntimeDxe/CryptRuntime.c new file mode 100644 index 0000000000..ff20da49e9 --- /dev/null +++ b/CryptoPkg/CryptRuntimeDxe/CryptRuntime.c @@ -0,0 +1,248 @@ +/** @file + Runtime Cryptographic Driver Implementation, which produce one crypto + protocol. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "CryptRuntime.h" + +// +// The handle onto which the Runtime Crypt Protocol instance is installed +// +EFI_HANDLE mRuntimeCryptHandle = NULL; + +// +// The Runtime Crypt Protocol instance produced by this driver +// +EFI_RUNTIME_CRYPT_PROTOCOL mRuntimeCryptProtocol = { + RuntimeCryptSha256GetContextSize, + RuntimeCryptSha256Init, + RuntimeCryptSha256Update, + RuntimeCryptSha256Final, + RuntimeCryptRsaNew, + RuntimeCryptRsaFree, + RuntimeCryptRsaSetKey, + RuntimeCryptRsaPkcs1Verify +}; + +/** + Retrieves the size, in bytes, of the context buffer required for SHA-256 operations. + + @return The size, in bytes, of the context buffer required for SHA-256 operations. + +**/ +UINTN +EFIAPI +RuntimeCryptSha256GetContextSize ( + VOID + ) +{ + return Sha256GetContextSize (); +} + +/** + Initializes user-supplied memory pointed by Sha256Context as SHA-256 hash context for + subsequent use. + + If Sha256Context is NULL, then ASSERT(). + + @param[in, out] Sha256Context Pointer to SHA-256 Context being initialized. + + @retval TRUE SHA-256 context initialization succeeded. + @retval FALSE SHA-256 context initialization failed. + +**/ +BOOLEAN +EFIAPI +RuntimeCryptSha256Init ( + IN OUT VOID *Sha256Context + ) +{ + return Sha256Init (Sha256Context); +} + +/** + Performs SHA-256 digest on a data buffer of the specified length. This function can + be called multiple times to compute the digest of long or discontinuous data streams. + + If Sha256Context is NULL, then ASSERT(). + + @param[in, out] Sha256Context Pointer to the SHA-256 context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataLength Length of Data buffer in bytes. + + @retval TRUE SHA-256 data digest succeeded. + @retval FALSE Invalid SHA-256 context. After Sha256Final function has been called, the + SHA-256 context cannot be reused. + +**/ +BOOLEAN +EFIAPI +RuntimeCryptSha256Update ( + IN OUT VOID *Sha256Context, + IN CONST VOID *Data, + IN UINTN DataLength + ) +{ + return Sha256Update (Sha256Context, Data, DataLength); +} + +/** + Completes SHA-256 hash computation and retrieves the digest value into the specified + memory. After this function has been called, the SHA-256 context cannot be used again. + + If Sha256Context is NULL, then ASSERT(). + If HashValue is NULL, then ASSERT(). + + @param[in, out] Sha256Context Pointer to SHA-256 context + @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest + value (32 bytes). + + @retval TRUE SHA-256 digest computation succeeded. + @retval FALSE SHA-256 digest computation failed. + +**/ +BOOLEAN +EFIAPI +RuntimeCryptSha256Final ( + IN OUT VOID *Sha256Context, + OUT UINT8 *HashValue + ) +{ + return Sha256Final (Sha256Context, HashValue); +} + +/** + Allocates and Initializes one RSA Context for subsequent use. + + @return Pointer to the RSA Context that has been initialized. + If the allocations fails, RsaNew() returns NULL. + +**/ +VOID * +EFIAPI +RuntimeCryptRsaNew ( + VOID + ) +{ + return RsaNew (); +} + +/** + Release the specified RSA Context. + + @param[in] RsaContext Pointer to the RSA context to be released. + +**/ +VOID +EFIAPI +RuntimeCryptRsaFree ( + IN VOID *RsaContext + ) +{ + RsaFree (RsaContext); +} + +/** + Sets the tag-designated RSA key component into the established RSA context from + the user-specified nonnegative integer (octet string format represented in RSA + PKCS#1). + + If RsaContext is NULL, then ASSERT(). + + @param[in, out] RsaContext Pointer to RSA context being set. + @param[in] KeyTag Tag of RSA key component being set. + @param[in] BigNumber Pointer to octet integer buffer. + @param[in] BnLength Length of big number buffer in bytes. + + @return TRUE RSA key component was set successfully. + @return FALSE Invalid RSA key component tag. + +**/ +BOOLEAN +EFIAPI +RuntimeCryptRsaSetKey ( + IN OUT VOID *RsaContext, + IN RSA_KEY_TAG KeyTag, + IN CONST UINT8 *BigNumber, + IN UINTN BnLength + ) +{ + return RsaSetKey (RsaContext, KeyTag, BigNumber, BnLength); +} + +/** + Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in + RSA PKCS#1. + + If RsaContext is NULL, then ASSERT(). + If MessageHash is NULL, then ASSERT(). + If Signature is NULL, then ASSERT(). + If HashLength is not equal to the size of MD5, SHA-1 or SHA-256 digest, then ASSERT(). + + @param[in] RsaContext Pointer to RSA context for signature verification. + @param[in] MessageHash Pointer to octet message hash to be checked. + @param[in] HashLength Length of the message hash in bytes. + @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified. + @param[in] SigLength Length of signature in bytes. + + @return TRUE Valid signature encoded in PKCS1-v1_5. + @return FALSE Invalid signature or invalid RSA context. + +**/ +BOOLEAN +EFIAPI +RuntimeCryptRsaPkcs1Verify ( + IN VOID *RsaContext, + IN CONST UINT8 *MessageHash, + IN UINTN HashLength, + IN UINT8 *Signature, + IN UINTN SigLength + ) +{ + return RsaPkcs1Verify (RsaContext, MessageHash, HashLength, Signature, SigLength); +} + +/** + Entry Point for Runtime Cryptographic Driver. + + This function installs Runtime Crypt Protocol. + + @param ImageHandle Image handle of this driver. + @param SystemTable a Pointer to the EFI System Table. + + @retval EFI_SUCEESS Runtime Crypt Protocol is successfully installed + @return Others Some error occurs when installing Runtime Crypt Protocol. + +**/ +EFI_STATUS +EFIAPI +CryptRuntimeDriverInitialize ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + + // + // Install the Runtime Crypt Protocol onto a new handle + // + Status = gBS->InstallMultipleProtocolInterfaces ( + &mRuntimeCryptHandle, + &gEfiRuntimeCryptProtocolGuid, + &mRuntimeCryptProtocol, + NULL + ); + ASSERT_EFI_ERROR (Status); + + return Status; +} diff --git a/CryptoPkg/CryptRuntimeDxe/CryptRuntime.h b/CryptoPkg/CryptRuntimeDxe/CryptRuntime.h new file mode 100644 index 0000000000..312d7b49e1 --- /dev/null +++ b/CryptoPkg/CryptRuntimeDxe/CryptRuntime.h @@ -0,0 +1,186 @@ +/** @file + Header file of Runtime Cryptographic Driver. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef _CRYPT_RUNTIME_H_ +#define _CRYPT_RUNTIME_H_ + +#include + +#include + +#include +#include +#include +#include + +/** + Retrieves the size, in bytes, of the context buffer required for SHA-256 operations. + + @return The size, in bytes, of the context buffer required for SHA-256 operations. + +**/ +UINTN +EFIAPI +RuntimeCryptSha256GetContextSize ( + VOID + ); + + +/** + Initializes user-supplied memory pointed by Sha256Context as SHA-256 hash context for + subsequent use. + + If Sha256Context is NULL, then ASSERT(). + + @param[in, out] Sha256Context Pointer to SHA-256 Context being initialized. + + @retval TRUE SHA-256 context initialization succeeded. + @retval FALSE SHA-256 context initialization failed. + +**/ +BOOLEAN +EFIAPI +RuntimeCryptSha256Init ( + IN OUT VOID *Sha256Context + ); + + +/** + Performs SHA-256 digest on a data buffer of the specified length. This function can + be called multiple times to compute the digest of long or discontinuous data streams. + + If Sha256Context is NULL, then ASSERT(). + + @param[in, out] Sha256Context Pointer to the SHA-256 context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataLength Length of Data buffer in bytes. + + @retval TRUE SHA-256 data digest succeeded. + @retval FALSE Invalid SHA-256 context. After Sha256Final function has been called, the + SHA-256 context cannot be reused. + +**/ +BOOLEAN +EFIAPI +RuntimeCryptSha256Update ( + IN OUT VOID *Sha256Context, + IN CONST VOID *Data, + IN UINTN DataLength + ); + + +/** + Completes SHA-256 hash computation and retrieves the digest value into the specified + memory. After this function has been called, the SHA-256 context cannot be used again. + + If Sha256Context is NULL, then ASSERT(). + If HashValue is NULL, then ASSERT(). + + @param[in, out] Sha256Context Pointer to SHA-256 context + @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest + value (32 bytes). + + @retval TRUE SHA-256 digest computation succeeded. + @retval FALSE SHA-256 digest computation failed. + +**/ +BOOLEAN +EFIAPI +RuntimeCryptSha256Final ( + IN OUT VOID *Sha256Context, + OUT UINT8 *HashValue + ); + +/** + Allocates and Initializes one RSA Context for subsequent use. + + @return Pointer to the RSA Context that has been initialized. + If the allocations fails, RsaNew() returns NULL. + +**/ +VOID * +EFIAPI +RuntimeCryptRsaNew ( + VOID + ); + + +/** + Release the specified RSA Context. + + @param[in] RsaContext Pointer to the RSA context to be released. + +**/ +VOID +EFIAPI +RuntimeCryptRsaFree ( + IN VOID *RsaContext + ); + +/** + Sets the tag-designated RSA key component into the established RSA context from + the user-specified nonnegative integer (octet string format represented in RSA + PKCS#1). + + If RsaContext is NULL, then ASSERT(). + + @param[in, out] RsaContext Pointer to RSA context being set. + @param[in] KeyTag Tag of RSA key component being set. + @param[in] BigNumber Pointer to octet integer buffer. + @param[in] BnLength Length of big number buffer in bytes. + + @return TRUE RSA key component was set successfully. + @return FALSE Invalid RSA key component tag. + +**/ +BOOLEAN +EFIAPI +RuntimeCryptRsaSetKey ( + IN OUT VOID *RsaContext, + IN RSA_KEY_TAG KeyTag, + IN CONST UINT8 *BigNumber, + IN UINTN BnLength + ); + + +/** + Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in + RSA PKCS#1. + + If RsaContext is NULL, then ASSERT(). + If MessageHash is NULL, then ASSERT(). + If Signature is NULL, then ASSERT(). + If HashLength is not equal to the size of MD5, SHA-1 or SHA-256 digest, then ASSERT(). + + @param[in] RsaContext Pointer to RSA context for signature verification. + @param[in] MessageHash Pointer to octet message hash to be checked. + @param[in] HashLength Length of the message hash in bytes. + @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified. + @param[in] SigLength Length of signature in bytes. + + @return TRUE Valid signature encoded in PKCS1-v1_5. + @return FALSE Invalid signature or invalid RSA context. + +**/ +BOOLEAN +EFIAPI +RuntimeCryptRsaPkcs1Verify ( + IN VOID *RsaContext, + IN CONST UINT8 *MessageHash, + IN UINTN HashLength, + IN UINT8 *Signature, + IN UINTN SigLength + ); + +#endif diff --git a/CryptoPkg/CryptRuntimeDxe/CryptRuntimeDxe.inf b/CryptoPkg/CryptRuntimeDxe/CryptRuntimeDxe.inf new file mode 100644 index 0000000000..7625c40050 --- /dev/null +++ b/CryptoPkg/CryptRuntimeDxe/CryptRuntimeDxe.inf @@ -0,0 +1,49 @@ +## @file +# Component description file for Cryptographic Runtime Driver. +# +# Copyright (c) 2010, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = CryptRuntimeDxe + FILE_GUID = 858031F3-96A2-406E-ABCC-ED264A3A31D6 + MODULE_TYPE = DXE_RUNTIME_DRIVER + VERSION_STRING = 1.0 + + ENTRY_POINT = CryptRuntimeDriverInitialize + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF +# + +[Sources] + CryptRuntime.h + CryptRuntime.c + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + UefiDriverEntryPoint + UefiBootServicesTableLib + DebugLib + UefiRuntimeLib + BaseCryptLib + +[Protocols] + gEfiRuntimeCryptProtocolGuid ## PRODUCES + +[Depex] + TRUE diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec new file mode 100644 index 0000000000..d1adfd8281 --- /dev/null +++ b/CryptoPkg/CryptoPkg.dec @@ -0,0 +1,39 @@ +## @file +# Package for cryptography modules. +# +# This Package provides cryptographic-related libraries for UEFI +# security modules. +# +# Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +################################################################################ +# +# Defines Section - statements that will be processed to create a Makefile. +# +################################################################################ +[Defines] + DEC_SPECIFICATION = 0x00010005 + PACKAGE_NAME = CryptoPkg + PACKAGE_GUID = 36470E80-36F2-4ba0-8CC8-937C7D9FF888 + PACKAGE_VERSION = 0.91 + +[Includes] + Include + +[LibraryClasses] + ## @libraryclass Provides basic library functions for cryptographic primitives. + ## + BaseCryptLib|Include/Library/BaseCryptLib.h + +[Protocols] + ## Include/Protocol/RuntimeCrypt.h + gEfiRuntimeCryptProtocolGuid = { 0xe1475e0c, 0x1746, 0x4802, {0x86, 0x2e, 0x1, 0x1c, 0x2c, 0x2d, 0x9d, 0x86 }} diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc new file mode 100644 index 0000000000..c5a7d4a549 --- /dev/null +++ b/CryptoPkg/CryptoPkg.dsc @@ -0,0 +1,123 @@ +## @file +# Cryptographic Library Package for UEFI Security Implementation. +# +# Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +################################################################################ +# +# Defines Section - statements that will be processed to create a Makefile. +# +################################################################################ +[Defines] + PLATFORM_NAME = CryptoPkg + PLATFORM_GUID = E1063286-6C8C-4c25-AEF0-67A9A5B6E6B6 + PLATFORM_VERSION = 0.91 + DSC_SPECIFICATION = 0x00010005 + OUTPUT_DIRECTORY = Build/CryptoPkg + SUPPORTED_ARCHITECTURES = IA32|X64|IPF|EBC + BUILD_TARGETS = DEBUG|RELEASE + SKUID_IDENTIFIER = DEFAULT + +################################################################################ +# +# Library Class section - list of all Library Classes needed by this Platform. +# +################################################################################ +[LibraryClasses] + BaseLib|MdePkg/Library/BaseLib/BaseLib.inf + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf + MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf + DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf + PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf + UefiLib|MdePkg/Library/UefiLib/UefiLib.inf + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf + UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf + UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf + UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf + UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf + UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiApplicationEntryPoint.inf + + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + +[LibraryClasses.common.PEIM] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + +[LibraryClasses.common.DXE_DRIVER] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + +[LibraryClasses.common.DXE_RUNTIME_DRIVER] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf + +[LibraryClasses.common.DXE_SAL_DRIVER] + BaseCryptLib|CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/BaseCryptLibRuntimeCryptProtocol.inf + +[LibraryClasses.common.UEFI_DRIVER] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + +[LibraryClasses.common.UEFI_APPLICATION] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + +################################################################################ +# +# Pcd Section - list of all EDK II PCD Entries defined by this Platform +# +################################################################################ +[PcdsFeatureFlag] + gEfiMdePkgTokenSpaceGuid.PcdComponentNameDisable|FALSE + gEfiMdePkgTokenSpaceGuid.PcdDriverDiagnosticsDisable|FALSE + gEfiMdePkgTokenSpaceGuid.PcdComponentName2Disable|TRUE + gEfiMdePkgTokenSpaceGuid.PcdDriverDiagnostics2Disable|TRUE + +[PcdsFixedAtBuild] + gEfiMdePkgTokenSpaceGuid.PcdMaximumUnicodeStringLength|1000000 + gEfiMdePkgTokenSpaceGuid.PcdMaximumAsciiStringLength|1000000 + gEfiMdePkgTokenSpaceGuid.PcdMaximumLinkedListLength|1000000 + + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x0f + gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000000 + gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06 + gEfiMdePkgTokenSpaceGuid.PcdDebugClearMemoryValue|0xAF + gEfiMdePkgTokenSpaceGuid.PcdPerformanceLibraryPropertyMask|0 + gEfiMdePkgTokenSpaceGuid.PcdPostCodePropertyMask|0 + gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|320 + +################################################################################################### +# +# Components Section - list of the modules and components that will be processed by compilation +# tools and the EDK II tools to generate PE32/PE32+/Coff image files. +# +# Note: The EDK II DSC file is not used to specify how compiled binary images get placed +# into firmware volume images. This section is just a list of modules to compile from +# source into UEFI-compliant binaries. +# It is the FDF file that contains information on combining binary files into firmware +# volume images, whose concept is beyond UEFI and is described in PI specification. +# Binary modules do not need to be listed in this section, as they should be +# specified in the FDF file. For example: Shell binary (Shell_Full.efi), FAT binary (Fat.efi), +# Logo (Logo.bmp), and etc. +# There may also be modules listed in this section that are not required in the FDF file, +# When a module listed here is excluded from FDF file, then UEFI-compliant binary will be +# generated for it, but the binary will not be put into any firmware volume. +# +################################################################################################### +[Components] + CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf + + CryptoPkg/Application/Cryptest/Cryptest.inf + + CryptoPkg/CryptRuntimeDxe/CryptRuntimeDxe.inf + +[Components.IPF] + CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/BaseCryptLibRuntimeCryptProtocol.inf diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h new file mode 100644 index 0000000000..556026e1be --- /dev/null +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -0,0 +1,425 @@ +/** @file + Defines base cryptographic library APIs. + The Base Cryptographic Library provides implementations of basic cryptography + primitives (MD5, SHA-1, SHA-256, RSA, etc) for UEFI security functionality enabling. + +Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef __BASE_CRYPT_LIB_H__ +#define __BASE_CRYPT_LIB_H__ + +/// +/// MD5 digest size in bytes +/// +#define MD5_DIGEST_SIZE 16 + +/// +/// SHA-1 digest size in bytes. +/// +#define SHA1_DIGEST_SIZE 20 + +/// +/// SHA-256 digest size in bytes +/// +#define SHA256_DIGEST_SIZE 32 + +/// +/// RSA Key Tags Definition used in RsaSetKey() function for key component identification. +/// +typedef enum { + RsaKeyN, ///< RSA public Modulus (N) + RsaKeyE, ///< RSA Public exponent (e) + RsaKeyD, ///< RSA Private exponent (d) + RsaKeyP, ///< RSA secret prime factor of Modulus (p) + RsaKeyQ, ///< RSA secret prime factor of Modules (q) + RsaKeyDp, ///< p's CRT exponent (== d mod (p - 1)) + RsaKeyDq, ///< q's CRT exponent (== d mod (q - 1)) + RsaKeyQInv ///< The CRT coefficient (== 1/q mod p) +} RSA_KEY_TAG; + +//===================================================================================== +// One-Way Cryptographic Hash Primitives +//===================================================================================== + +/** + Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. + + @return The size, in bytes, of the context buffer required for MD5 hash operations. + +**/ +UINTN +EFIAPI +Md5GetContextSize ( + VOID + ); + + +/** + Initializes user-supplied memory pointed by Md5Context as MD5 hash context for + subsequent use. + + If Md5Context is NULL, then ASSERT(). + + @param[in, out] Md5Context Pointer to MD5 Context being initialized. + + @retval TRUE MD5 context initialization succeeded. + @retval FALSE MD5 context initialization failed. + +**/ +BOOLEAN +EFIAPI +Md5Init ( + IN OUT VOID *Md5Context + ); + + +/** + Performs MD5 digest on a data buffer of the specified length. This function can + be called multiple times to compute the digest of long or discontinuous data streams. + + If Md5Context is NULL, then ASSERT(). + + @param[in, out] Md5Context Pointer to the MD5 context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataLength Length of Data buffer in bytes. + + @retval TRUE MD5 data digest succeeded. + @retval FALSE Invalid MD5 context. After Md5Final function has been called, the + MD5 context cannot be reused. + +**/ +BOOLEAN +EFIAPI +Md5Update ( + IN OUT VOID *Md5Context, + IN CONST VOID *Data, + IN UINTN DataLength + ); + + +/** + Completes MD5 hash computation and retrieves the digest value into the specified + memory. After this function has been called, the MD5 context cannot be used again. + + If Md5Context is NULL, then ASSERT(). + If HashValue is NULL, then ASSERT(). + + @param[in, out] Md5Context Pointer to the MD5 context + @param[out] HashValue Pointer to a buffer that receives the MD5 digest + value (16 bytes). + + @retval TRUE MD5 digest computation succeeded. + @retval FALSE MD5 digest computation failed. + +**/ +BOOLEAN +EFIAPI +Md5Final ( + IN OUT VOID *Md5Context, + OUT UINT8 *HashValue + ); + + +/** + Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations. + + @return The size, in bytes, of the context buffer required for SHA-1 hash operations. + +**/ +UINTN +EFIAPI +Sha1GetContextSize ( + VOID + ); + + +/** + Initializes user-supplied memory pointed by Sha1Context as the SHA-1 hash context for + subsequent use. + + If Sha1Context is NULL, then ASSERT(). + + @param[in, out] Sha1Context Pointer to the SHA-1 Context being initialized. + + @retval TRUE SHA-1 initialization succeeded. + @retval FALSE SHA-1 initialization failed. + +**/ +BOOLEAN +EFIAPI +Sha1Init ( + IN OUT VOID *Sha1Context + ); + + +/** + Performs SHA-1 digest on a data buffer of the specified length. This function can + be called multiple times to compute the digest of long or discontinuous data streams. + + If Sha1Context is NULL, then ASSERT(). + + @param[in, out] Sha1Context Pointer to the SHA-1 context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataLength Length of Data buffer in bytes. + + @retval TRUE SHA-1 data digest succeeded. + @retval FALSE Invalid SHA-1 context. After Sha1Final function has been called, the + SHA-1 context cannot be reused. + +**/ +BOOLEAN +EFIAPI +Sha1Update ( + IN OUT VOID *Sha1Context, + IN CONST VOID *Data, + IN UINTN DataLength + ); + + +/** + Completes SHA-1 hash computation and retrieves the digest value into the specified + memory. After this function has been called, the SHA-1 context cannot be used again. + + If Sha1Context is NULL, then ASSERT(). + If HashValue is NULL, then ASSERT(). + + @param[in, out] Sha1Context Pointer to the SHA-1 context + @param[out] HashValue Pointer to a buffer that receives the SHA-1 digest + value (20 bytes). + + @retval TRUE SHA-1 digest computation succeeded. + @retval FALSE SHA-1 digest computation failed. + +**/ +BOOLEAN +EFIAPI +Sha1Final ( + IN OUT VOID *Sha1Context, + OUT UINT8 *HashValue + ); + + +/** + Retrieves the size, in bytes, of the context buffer required for SHA-256 operations. + + @return The size, in bytes, of the context buffer required for SHA-256 operations. + +**/ +UINTN +EFIAPI +Sha256GetContextSize ( + VOID + ); + + +/** + Initializes user-supplied memory pointed by Sha256Context as SHA-256 hash context for + subsequent use. + + If Sha256Context is NULL, then ASSERT(). + + @param[in, out] Sha256Context Pointer to SHA-256 Context being initialized. + + @retval TRUE SHA-256 context initialization succeeded. + @retval FALSE SHA-256 context initialization failed. + +**/ +BOOLEAN +EFIAPI +Sha256Init ( + IN OUT VOID *Sha256Context + ); + + +/** + Performs SHA-256 digest on a data buffer of the specified length. This function can + be called multiple times to compute the digest of long or discontinuous data streams. + + If Sha256Context is NULL, then ASSERT(). + + @param[in, out] Sha256Context Pointer to the SHA-256 context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataLength Length of Data buffer in bytes. + + @retval TRUE SHA-256 data digest succeeded. + @retval FALSE Invalid SHA-256 context. After Sha256Final function has been called, the + SHA-256 context cannot be reused. + +**/ +BOOLEAN +EFIAPI +Sha256Update ( + IN OUT VOID *Sha256Context, + IN CONST VOID *Data, + IN UINTN DataLength + ); + + +/** + Completes SHA-256 hash computation and retrieves the digest value into the specified + memory. After this function has been called, the SHA-256 context cannot be used again. + + If Sha256Context is NULL, then ASSERT(). + If HashValue is NULL, then ASSERT(). + + @param[in, out] Sha256Context Pointer to SHA-256 context + @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest + value (32 bytes). + + @retval TRUE SHA-256 digest computation succeeded. + @retval FALSE SHA-256 digest computation failed. + +**/ +BOOLEAN +EFIAPI +Sha256Final ( + IN OUT VOID *Sha256Context, + OUT UINT8 *HashValue + ); + + +//===================================================================================== +// MAC (Message Authentication Code) Primitive +//===================================================================================== + +/// +/// No MAC supports for minimum scope required by UEFI +/// + + +//===================================================================================== +// Symmetric Cryptography Primitive +//===================================================================================== + +/// +/// No symmetric cryptographic supports for minimum scope required by UEFI +/// + + +//===================================================================================== +// Asymmetric Cryptography Primitive +//===================================================================================== + +/** + Allocates and Initializes one RSA Context for subsequent use. + + @return Pointer to the RSA Context that has been initialized. + If the allocations fails, RsaNew() returns NULL. + +**/ +VOID * +EFIAPI +RsaNew ( + VOID + ); + + +/** + Release the specified RSA Context. + + @param[in] RsaContext Pointer to the RSA context to be released. + +**/ +VOID +EFIAPI +RsaFree ( + IN VOID *RsaContext + ); + + +/** + Sets the tag-designated RSA key component into the established RSA context from + the user-specified nonnegative integer (octet string format represented in RSA + PKCS#1). + + If RsaContext is NULL, then ASSERT(). + + @param[in, out] RsaContext Pointer to RSA context being set. + @param[in] KeyTag Tag of RSA key component being set. + @param[in] BigNumber Pointer to octet integer buffer. + @param[in] BnLength Length of big number buffer in bytes. + + @return TRUE RSA key component was set successfully. + @return FALSE Invalid RSA key component tag. + +**/ +BOOLEAN +EFIAPI +RsaSetKey ( + IN OUT VOID *RsaContext, + IN RSA_KEY_TAG KeyTag, + IN CONST UINT8 *BigNumber, + IN UINTN BnLength + ); + + +/** + Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in + RSA PKCS#1. + + If RsaContext is NULL, then ASSERT(). + If MessageHash is NULL, then ASSERT(). + If Signature is NULL, then ASSERT(). + If HashLength is not equal to the size of MD5, SHA-1 or SHA-256 digest, then ASSERT(). + + @param[in] RsaContext Pointer to RSA context for signature verification. + @param[in] MessageHash Pointer to octet message hash to be checked. + @param[in] HashLength Length of the message hash in bytes. + @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified. + @param[in] SigLength Length of signature in bytes. + + @return TRUE Valid signature encoded in PKCS1-v1_5. + @return FALSE Invalid signature or invalid RSA context. + +**/ +BOOLEAN +EFIAPI +RsaPkcs1Verify ( + IN VOID *RsaContext, + IN CONST UINT8 *MessageHash, + IN UINTN HashLength, + IN UINT8 *Signature, + IN UINTN SigLength + ); + + +/** + Verifies the validility of a PKCS#7 signed data as described in "PKCS #7: Cryptographic + Message Syntax Standard". + + If P7Data is NULL, then ASSERT(). + + @param[in] P7Data Pointer to the PKCS#7 message to verify. + @param[in] P7Length Length of the PKCS#7 message in bytes. + @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which + is used for certificate chain verification. + @param[in] CertLength Length of the trusted certificate in bytes. + @param[in] InData Pointer to the content to be verified. + @param[in] DataLength Length of InData in bytes. + + @return TRUE The specified PKCS#7 signed data is valid. + @return FALSE Invalid PKCS#7 signed data. + +**/ +BOOLEAN +EFIAPI +Pkcs7Verify ( + IN CONST UINT8 *P7Data, + IN UINTN P7Length, + IN CONST UINT8 *TrustedCert, + IN UINTN CertLength, + IN CONST UINT8 *InData, + IN UINTN DataLength + ); + + +#endif // __BASE_CRYPT_LIB_H__ diff --git a/CryptoPkg/Include/OpenSslSupport.h b/CryptoPkg/Include/OpenSslSupport.h new file mode 100644 index 0000000000..1c51cdb302 --- /dev/null +++ b/CryptoPkg/Include/OpenSslSupport.h @@ -0,0 +1,238 @@ +/** @file + Root include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef __OPEN_SSL_SUPPORT_H__ +#define __OPEN_SSL_SUPPORT_H__ + +#include +#include +#include +#include +#include + +// +// File operations are not required for building Open SSL, +// so FILE is mapped to VOID * to pass build +// +typedef VOID *FILE; + +// +// Map all va_xxxx elements to VA_xxx defined in MdePkg/Include/Base.h +// +#define va_list VA_LIST +#define va_arg VA_ARG +#define va_start VA_START +#define va_end VA_END + +// +// #defines from EFI Application Toolkit required to buiild Open SSL +// +#define ENOMEM 12 /* Cannot allocate memory */ +#define EINVAL 22 /* Invalid argument */ +#define BUFSIZ 1024 /* size of buffer used by setbuf */ +#define INT_MAX 2147483647 /* max value for an int */ +#define INT_MIN (-2147483647-1) /* min value for an int */ +#define LONG_MAX 2147483647L /* max value for a long */ +#define LONG_MIN (-2147483647-1) /* min value for a long */ +#define ULONG_MAX 0xffffffff /* max value for an unsigned long */ +#define LOG_DAEMON (3<<3) /* system daemons */ +#define LOG_EMERG 0 /* system is unusable */ +#define LOG_ALERT 1 /* action must be taken immediately */ +#define LOG_CRIT 2 /* critical conditions */ +#define LOG_ERR 3 /* error conditions */ +#define LOG_WARNING 4 /* warning conditions */ +#define LOG_NOTICE 5 /* normal but significant condition */ +#define LOG_INFO 6 /* informational */ +#define LOG_DEBUG 7 /* debug-level messages */ +#define LOG_PID 0x01 /* log the pid with each message */ +#define LOG_CONS 0x02 /* log on the console if errors in sending */ + +// +// Macros from EFI Application Toolkit required to buiild Open SSL +// +/* The offsetof() macro calculates the offset of a structure member + in its structure. Unfortunately this cannot be written down + portably, hence it is provided by a Standard C header file. + For pre-Standard C compilers, here is a version that usually works + (but watch out!): */ +#define offsetof(type, member) ( (int) & ((type*)0) -> member ) + +// +// Basic types from EFI Application Toolkit required to buiild Open SSL +// +typedef UINTN size_t; +typedef INTN ssize_t; +typedef INT64 off_t; +typedef UINT16 mode_t; +typedef long time_t; +typedef unsigned long clock_t; +typedef UINT32 uid_t; +typedef UINT32 gid_t; +typedef UINT32 ino_t; +typedef UINT32 dev_t; +typedef UINT16 nlink_t; +typedef int pid_t; +typedef void *DIR; +typedef void __sighandler_t (int); + +// +// Structures from EFI Application Toolkit required to buiild Open SSL +// +struct tm { + int tm_sec; /* seconds after the minute [0-60] */ + int tm_min; /* minutes after the hour [0-59] */ + int tm_hour; /* hours since midnight [0-23] */ + int tm_mday; /* day of the month [1-31] */ + int tm_mon; /* months since January [0-11] */ + int tm_year; /* years since 1900 */ + int tm_wday; /* days since Sunday [0-6] */ + int tm_yday; /* days since January 1 [0-365] */ + int tm_isdst; /* Daylight Savings Time flag */ + long tm_gmtoff; /* offset from CUT in seconds */ + char *tm_zone; /* timezone abbreviation */ +}; + +struct dirent { + UINT32 d_fileno; /* file number of entry */ + UINT16 d_reclen; /* length of this record */ + UINT8 d_type; /* file type, see below */ + UINT8 d_namlen; /* length of string in d_name */ + char d_name[255 + 1]; /* name must be no longer than this */ +}; + +struct stat { + dev_t st_dev; /* inode's device */ + ino_t st_ino; /* inode's number */ + mode_t st_mode; /* inode protection mode */ + nlink_t st_nlink; /* number of hard links */ + uid_t st_uid; /* user ID of the file's owner */ + gid_t st_gid; /* group ID of the file's group */ + dev_t st_rdev; /* device type */ + time_t st_atime; /* time of last access */ + long st_atimensec; /* nsec of last access */ + time_t st_mtime; /* time of last data modification */ + long st_mtimensec; /* nsec of last data modification */ + time_t st_ctime; /* time of last file status change */ + long st_ctimensec; /* nsec of last file status change */ + off_t st_size; /* file size, in bytes */ + INT64 st_blocks; /* blocks allocated for file */ + UINT32 st_blksize; /* optimal blocksize for I/O */ + UINT32 st_flags; /* user defined flags for file */ + UINT32 st_gen; /* file generation number */ + INT32 st_lspare; + INT64 st_qspare[2]; +}; + +// +// Externs from EFI Application Toolkit required to buiild Open SSL +// +extern int errno; + +// +// Function prototypes from EFI Application Toolkit required to buiild Open SSL +// +void *malloc (size_t); +void *realloc (void *, size_t); +void free (void *); +int isdigit (int); +int isspace (int); +int tolower (int); +int isupper (int); +int isxdigit (int); +int isalnum (int); +void *memcpy (void *, const void *, size_t); +void *memset (void *, int, size_t); +void *memchr (const void *, int, size_t); +int memcmp (const void *, const void *, size_t); +void *memmove (void *, const void *, size_t); +int strcmp (const char *, const char *); +int strncmp (const char *, const char *, size_t); +char *strcpy (char *, const char *); +char *strncpy (char *, const char *, size_t); +size_t strlen (const char *); +char *strcat (char *, const char *); +char *strchr (const char *, int); +int strcasecmp (const char *, const char *); +int strncasecmp (const char *, const char *, size_t); +char *strncpy (char *, const char *, size_t); +int strncmp (const char *, const char *, size_t); +char *strrchr (const char *, int); +unsigned long strtoul (const char *, char **, int); +long strtol (const char *, char **, int); +int printf (const char *, ...); +int sscanf (const char *, const char *, ...); +int open (const char *, int, ...); +int chmod (const char *, mode_t); +int stat (const char *, struct stat *); +off_t lseek (int, off_t, int); +ssize_t read (int, void *, size_t); +ssize_t write (int, const void *, size_t); +int close (int); +FILE *fopen (const char *, const char *); +size_t fread (void *, size_t, size_t, FILE *); +size_t fwrite (const void *, size_t, size_t, FILE *); +char *fgets (char *, int, FILE *); +int fputs (const char *, FILE *); +int fprintf (FILE *, const char *, ...); +int vfprintf (FILE *, const char *, VA_LIST); +int fflush (FILE *); +int fclose (FILE *); +DIR *opendir (const char *); +struct dirent *readdir (DIR *); +int closedir (DIR *); +void openlog (const char *, int, int); +void closelog (void); +void syslog (int, const char *, ...); +time_t time (time_t *); +struct tm *localtime (const time_t *); +struct tm *gmtime (const time_t *); +struct tm *gmtime_r (const time_t *, struct tm *); +uid_t getuid (void); +uid_t geteuid (void); +gid_t getgid (void); +gid_t getegid (void); +void qsort (void *, size_t, size_t, int (*)(const void *, const void *)); +char *getenv (const char *); +void exit (int); +void abort (void); +__sighandler_t *signal (int, __sighandler_t *); + +// +// Global variables from EFI Application Toolkit required to buiild Open SSL +// +FILE *stderr; +FILE *stdin; +FILE *stdout; + +// +// Macros that directly map functions to BaseLib, BaseMemoryLib, and DebugLib functions +// +#define memcpy(dest,source,count) CopyMem(dest,source,(UINTN)(count)) +#define memset(dest,ch,count) SetMem(dest,(UINTN)(count),(UINT8)(ch)) +#define memchr(buf,ch,count) ScanMem8(buf,(UINTN)(count),(UINT8)ch) +#define memcmp(buf1,buf2,count) (int)(CompareMem(buf1,buf2,(UINTN)(count))) +#define strcmp AsciiStrCmp +#define strncmp(string1,string2,count) (int)(AsciiStrnCmp(string1,string2,(UINTN)(count))) +#define strcpy(strDest,strSource) AsciiStrCpy(strDest,strSource) +#define strncpy(strDest,strSource,count) AsciiStrnCpy(strDest,strSource,(UINTN)count) +#define strlen(str) (size_t)(AsciiStrLen(str)) +#define strcat(strDest,strSource) AsciiStrCat(strDest,strSource) +#define strchr(str,ch) ScanMem8((VOID *)(str),AsciiStrSize(str),(UINT8)ch) +#define abort() ASSERT (FALSE) +#define assert(expression) +#define localtime(timer) NULL +#define gmtime(timer) NULL +#define gmtime_r(timer,result) (result = NULL) + +#endif diff --git a/CryptoPkg/Include/Protocol/RuntimeCrypt.h b/CryptoPkg/Include/Protocol/RuntimeCrypt.h new file mode 100644 index 0000000000..bb97d9102e --- /dev/null +++ b/CryptoPkg/Include/Protocol/RuntimeCrypt.h @@ -0,0 +1,204 @@ +/** @file + The runtime cryptographic protocol. + Only limited crypto primitives (SHA-256 and RSA) are provided for runtime + authenticated variable service. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef __EFI_RUNTIME_CRYPT_PROTOCOL_H__ +#define __EFI_RUNTIME_CRYPT_PROTOCOL_H__ + +#include + +/// +/// Runtime Cryptographic Protocol GUID. +/// +#define EFI_RUNTIME_CRYPT_PROTOCOL_GUID \ + { \ + 0xe1475e0c, 0x1746, 0x4802, { 0x86, 0x2e, 0x1, 0x1c, 0x2c, 0x2d, 0x9d, 0x86 } \ + } + +/** + Retrieves the size, in bytes, of the context buffer required for SHA-256 operations. + + @return The size, in bytes, of the context buffer required for SHA-256 operations. + +**/ +typedef +UINTN +(EFIAPI *EFI_RUNTIME_CRYPT_SHA256_GET_CONTEXT_SIZE) ( + VOID + ); + + +/** + Initializes user-supplied memory pointed by Sha256Context as SHA-256 hash context for + subsequent use. + + If Sha256Context is NULL, then ASSERT(). + + @param[in, out] Sha256Context Pointer to SHA-256 Context being initialized. + + @retval TRUE SHA-256 context initialization succeeded. + @retval FALSE SHA-256 context initialization failed. + +**/ +typedef +BOOLEAN +(EFIAPI *EFI_RUNTIME_CRYPT_SHA256_INIT) ( + IN OUT VOID *Sha256Context + ); + + +/** + Performs SHA-256 digest on a data buffer of the specified length. This function can + be called multiple times to compute the digest of long or discontinuous data streams. + + If Sha256Context is NULL, then ASSERT(). + + @param[in, out] Sha256Context Pointer to the SHA-256 context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataLength Length of Data buffer in bytes. + + @retval TRUE SHA-256 data digest succeeded. + @retval FALSE Invalid SHA-256 context. After Sha256Final function has been called, the + SHA-256 context cannot be reused. + +**/ +typedef +BOOLEAN +(EFIAPI *EFI_RUNTIME_CRYPT_SHA256_UPDATE) ( + IN OUT VOID *Sha256Context, + IN CONST VOID *Data, + IN UINTN DataLength + ); + + +/** + Completes SHA-256 hash computation and retrieves the digest value into the specified + memory. After this function has been called, the SHA-256 context cannot be used again. + + If Sha256Context is NULL, then ASSERT(). + If HashValue is NULL, then ASSERT(). + + @param[in, out] Sha256Context Pointer to SHA-256 context + @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest + value (32 bytes). + + @retval TRUE SHA-256 digest computation succeeded. + @retval FALSE SHA-256 digest computation failed. + +**/ +typedef +BOOLEAN +(EFIAPI *EFI_RUNTIME_CRYPT_SHA256_FINAL) ( + IN OUT VOID *Sha256Context, + OUT UINT8 *HashValue + ); + + +/** + Allocates and Initializes one RSA Context for subsequent use. + + @return Pointer to the RSA Context that has been initialized. + If the allocations fails, RsaNew() returns NULL. + +**/ +typedef +VOID * +(EFIAPI *EFI_RUNTIME_CRYPT_RSA_NEW) ( + VOID + ); + +/** + Release the specified RSA Context. + + @param[in] RsaContext Pointer to the RSA context to be released. + +**/ +typedef +VOID +(EFIAPI *EFI_RUNTIME_CRYPT_RSA_FREE) ( + IN VOID *RsaContext + ); + +/** + Sets the tag-designated RSA key component into the established RSA context from + the user-specified nonnegative integer (octet string format represented in RSA + PKCS#1). + + If RsaContext is NULL, then ASSERT(). + + @param[in, out] RsaContext Pointer to RSA context being set. + @param[in] KeyTag Tag of RSA key component being set. + @param[in] BigNumber Pointer to octet integer buffer. + @param[in] BnLength Length of big number buffer in bytes. + + @return TRUE RSA key component was set successfully. + @return FALSE Invalid RSA key component tag. + +**/ +typedef +BOOLEAN +(EFIAPI *EFI_RUNTIME_CRYPT_RSA_SET_KEY) ( + IN OUT VOID *RsaContext, + IN RSA_KEY_TAG KeyTag, + IN CONST UINT8 *BigNumber, + IN UINTN BnLength + ); + +/** + Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in + RSA PKCS#1. + + If RsaContext is NULL, then ASSERT(). + If MessageHash is NULL, then ASSERT(). + If Signature is NULL, then ASSERT(). + If HashLength is not equal to the size of MD5, SHA-1 or SHA-256 digest, then ASSERT(). + + @param[in] RsaContext Pointer to RSA context for signature verification. + @param[in] MessageHash Pointer to octet message hash to be checked. + @param[in] HashLength Length of the message hash in bytes. + @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified. + @param[in] SigLength Length of signature in bytes. + + @return TRUE Valid signature encoded in PKCS1-v1_5. + @return FALSE Invalid signature or invalid RSA context. + +**/ +typedef +BOOLEAN +(EFIAPI *EFI_RUNTIME_CRYPT_RSA_PKCS1_VERIFY) ( + IN VOID *RsaContext, + IN CONST UINT8 *MessageHash, + IN UINTN HashLength, + IN UINT8 *Signature, + IN UINTN SigLength + ); + +/// +/// Runtime Cryptographic Protocol Structure. +/// +typedef struct { + EFI_RUNTIME_CRYPT_SHA256_GET_CONTEXT_SIZE Sha256GetContextSize; + EFI_RUNTIME_CRYPT_SHA256_INIT Sha256Init; + EFI_RUNTIME_CRYPT_SHA256_UPDATE Sha256Update; + EFI_RUNTIME_CRYPT_SHA256_FINAL Sha256Final; + EFI_RUNTIME_CRYPT_RSA_NEW RsaNew; + EFI_RUNTIME_CRYPT_RSA_FREE RsaFree; + EFI_RUNTIME_CRYPT_RSA_SET_KEY RsaSetKey; + EFI_RUNTIME_CRYPT_RSA_PKCS1_VERIFY RsaPkcs1Verify; +} EFI_RUNTIME_CRYPT_PROTOCOL; + +extern EFI_GUID gEfiRuntimeCryptProtocolGuid; + +#endif diff --git a/CryptoPkg/Include/arpa/inet.h b/CryptoPkg/Include/arpa/inet.h new file mode 100644 index 0000000000..ee07f6bcb5 --- /dev/null +++ b/CryptoPkg/Include/arpa/inet.h @@ -0,0 +1,16 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + diff --git a/CryptoPkg/Include/assert.h b/CryptoPkg/Include/assert.h new file mode 100644 index 0000000000..ee07f6bcb5 --- /dev/null +++ b/CryptoPkg/Include/assert.h @@ -0,0 +1,16 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + diff --git a/CryptoPkg/Include/ctype.h b/CryptoPkg/Include/ctype.h new file mode 100644 index 0000000000..ee07f6bcb5 --- /dev/null +++ b/CryptoPkg/Include/ctype.h @@ -0,0 +1,16 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + diff --git a/CryptoPkg/Include/dirent.h b/CryptoPkg/Include/dirent.h new file mode 100644 index 0000000000..ee07f6bcb5 --- /dev/null +++ b/CryptoPkg/Include/dirent.h @@ -0,0 +1,16 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + diff --git a/CryptoPkg/Include/errno.h b/CryptoPkg/Include/errno.h new file mode 100644 index 0000000000..ee07f6bcb5 --- /dev/null +++ b/CryptoPkg/Include/errno.h @@ -0,0 +1,16 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + diff --git a/CryptoPkg/Include/limits.h b/CryptoPkg/Include/limits.h new file mode 100644 index 0000000000..ee07f6bcb5 --- /dev/null +++ b/CryptoPkg/Include/limits.h @@ -0,0 +1,16 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + diff --git a/CryptoPkg/Include/malloc.h b/CryptoPkg/Include/malloc.h new file mode 100644 index 0000000000..ee07f6bcb5 --- /dev/null +++ b/CryptoPkg/Include/malloc.h @@ -0,0 +1,16 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + diff --git a/CryptoPkg/Include/math.h b/CryptoPkg/Include/math.h new file mode 100644 index 0000000000..a21f5543cd --- /dev/null +++ b/CryptoPkg/Include/math.h @@ -0,0 +1,16 @@ +/** @file + Include file to support building OPEN SSL + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + diff --git a/CryptoPkg/Include/netdb.h b/CryptoPkg/Include/netdb.h new file mode 100644 index 0000000000..ee07f6bcb5 --- /dev/null +++ b/CryptoPkg/Include/netdb.h @@ -0,0 +1,16 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + diff --git a/CryptoPkg/Include/netinet/in.h b/CryptoPkg/Include/netinet/in.h new file mode 100644 index 0000000000..ee07f6bcb5 --- /dev/null +++ b/CryptoPkg/Include/netinet/in.h @@ -0,0 +1,16 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + diff --git a/CryptoPkg/Include/openssl/README b/CryptoPkg/Include/openssl/README new file mode 100644 index 0000000000..15940109a9 --- /dev/null +++ b/CryptoPkg/Include/openssl/README @@ -0,0 +1 @@ +This directory contains all the public include files from the OpenSSL project. diff --git a/CryptoPkg/Include/sgtty.h b/CryptoPkg/Include/sgtty.h new file mode 100644 index 0000000000..ee07f6bcb5 --- /dev/null +++ b/CryptoPkg/Include/sgtty.h @@ -0,0 +1,16 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + diff --git a/CryptoPkg/Include/signal.h b/CryptoPkg/Include/signal.h new file mode 100644 index 0000000000..ee07f6bcb5 --- /dev/null +++ b/CryptoPkg/Include/signal.h @@ -0,0 +1,16 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + diff --git a/CryptoPkg/Include/stdarg.h b/CryptoPkg/Include/stdarg.h new file mode 100644 index 0000000000..ee07f6bcb5 --- /dev/null +++ b/CryptoPkg/Include/stdarg.h @@ -0,0 +1,16 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + diff --git a/CryptoPkg/Include/stddef.h b/CryptoPkg/Include/stddef.h new file mode 100644 index 0000000000..8dfc36ffb0 --- /dev/null +++ b/CryptoPkg/Include/stddef.h @@ -0,0 +1,15 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include diff --git a/CryptoPkg/Include/stdio.h b/CryptoPkg/Include/stdio.h new file mode 100644 index 0000000000..ee07f6bcb5 --- /dev/null +++ b/CryptoPkg/Include/stdio.h @@ -0,0 +1,16 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + diff --git a/CryptoPkg/Include/stdlib.h b/CryptoPkg/Include/stdlib.h new file mode 100644 index 0000000000..ee07f6bcb5 --- /dev/null +++ b/CryptoPkg/Include/stdlib.h @@ -0,0 +1,16 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + diff --git a/CryptoPkg/Include/string.h b/CryptoPkg/Include/string.h new file mode 100644 index 0000000000..ee07f6bcb5 --- /dev/null +++ b/CryptoPkg/Include/string.h @@ -0,0 +1,16 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + diff --git a/CryptoPkg/Include/strings.h b/CryptoPkg/Include/strings.h new file mode 100644 index 0000000000..8dfc36ffb0 --- /dev/null +++ b/CryptoPkg/Include/strings.h @@ -0,0 +1,15 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include diff --git a/CryptoPkg/Include/sys/ioctl.h b/CryptoPkg/Include/sys/ioctl.h new file mode 100644 index 0000000000..ee07f6bcb5 --- /dev/null +++ b/CryptoPkg/Include/sys/ioctl.h @@ -0,0 +1,16 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + diff --git a/CryptoPkg/Include/sys/param.h b/CryptoPkg/Include/sys/param.h new file mode 100644 index 0000000000..ee07f6bcb5 --- /dev/null +++ b/CryptoPkg/Include/sys/param.h @@ -0,0 +1,16 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + diff --git a/CryptoPkg/Include/sys/socket.h b/CryptoPkg/Include/sys/socket.h new file mode 100644 index 0000000000..ee07f6bcb5 --- /dev/null +++ b/CryptoPkg/Include/sys/socket.h @@ -0,0 +1,16 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + diff --git a/CryptoPkg/Include/sys/stat.h b/CryptoPkg/Include/sys/stat.h new file mode 100644 index 0000000000..ee07f6bcb5 --- /dev/null +++ b/CryptoPkg/Include/sys/stat.h @@ -0,0 +1,16 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + diff --git a/CryptoPkg/Include/sys/time.h b/CryptoPkg/Include/sys/time.h new file mode 100644 index 0000000000..ee07f6bcb5 --- /dev/null +++ b/CryptoPkg/Include/sys/time.h @@ -0,0 +1,16 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + diff --git a/CryptoPkg/Include/sys/times.h b/CryptoPkg/Include/sys/times.h new file mode 100644 index 0000000000..ee07f6bcb5 --- /dev/null +++ b/CryptoPkg/Include/sys/times.h @@ -0,0 +1,16 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + diff --git a/CryptoPkg/Include/sys/types.h b/CryptoPkg/Include/sys/types.h new file mode 100644 index 0000000000..ee07f6bcb5 --- /dev/null +++ b/CryptoPkg/Include/sys/types.h @@ -0,0 +1,16 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + diff --git a/CryptoPkg/Include/sys/un.h b/CryptoPkg/Include/sys/un.h new file mode 100644 index 0000000000..ee07f6bcb5 --- /dev/null +++ b/CryptoPkg/Include/sys/un.h @@ -0,0 +1,16 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + diff --git a/CryptoPkg/Include/syslog.h b/CryptoPkg/Include/syslog.h new file mode 100644 index 0000000000..8dfc36ffb0 --- /dev/null +++ b/CryptoPkg/Include/syslog.h @@ -0,0 +1,15 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include diff --git a/CryptoPkg/Include/time.h b/CryptoPkg/Include/time.h new file mode 100644 index 0000000000..8dfc36ffb0 --- /dev/null +++ b/CryptoPkg/Include/time.h @@ -0,0 +1,15 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include diff --git a/CryptoPkg/Include/unistd.h b/CryptoPkg/Include/unistd.h new file mode 100644 index 0000000000..8dfc36ffb0 --- /dev/null +++ b/CryptoPkg/Include/unistd.h @@ -0,0 +1,15 @@ +/** @file + Include file to support building OpenSSL Crypto Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf new file mode 100644 index 0000000000..5395da06a7 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -0,0 +1,79 @@ +## @file +# Cryptographic Library Instance for DXE_DRIVER. +# +# Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = BaseCryptLib + FILE_GUID = be3bb803-91b6-4da0-bd91-a8b21c18ca5d + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = BaseCryptLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF +# + +[Sources] + Hash/CryptMd5.c + Hash/CryptSha1.c + Hash/CryptSha256.c + Pk/CryptRsa.c + Pk/CryptPkcs7.c + + SysCall/CrtWrapper.c + SysCall/TimerWrapper.c + SysCall/BaseMemAllocation.c + +[Sources.Ia32] + SysCall/HelperWrapper.c + + SysCall/Ia32/MathMultS64x64.c | MSFT + SysCall/Ia32/MathDivU64x64.c | MSFT + SysCall/Ia32/MathReminderU64x64.c | MSFT + SysCall/Ia32/MathLShiftS64.c | MSFT + SysCall/Ia32/MathRShiftU64.c | MSFT + + SysCall/Ia32/MathMultS64x64.c | INTEL + SysCall/Ia32/MathDivU64x64.c | INTEL + SysCall/Ia32/MathReminderU64x64.c | INTEL + SysCall/Ia32/MathLShiftS64.c | INTEL + SysCall/Ia32/MathRShiftU64.c | INTEL + + SysCall/Ia32/MathMultS64x64.S | GCC + SysCall/Ia32/MathDivU64x64.S | GCC + SysCall/Ia32/MathReminderU64x64.S | GCC + SysCall/Ia32/MathLShiftS64.S | GCC + SysCall/Ia32/MathRShiftU64.S | GCC + + SysCall/Ia32/Alloca.S | GCC + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + MemoryAllocationLib + DebugLib + OpensslLib + IntrinsicLib + +# +# Remove these [BuildOptions] after this library is cleaned up +# +[BuildOptions] + GCC:*_GCC44_IA32_CC_FLAGS = "-D__cdecl=__attribute__((cdecl))" "-D__declspec(t)=__attribute__((t))" diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c new file mode 100644 index 0000000000..99471a0176 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c @@ -0,0 +1,145 @@ +/** @file + MD5 Digest Wrapper Implementation over OpenSSL. + +Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include + +#include +#include + + +/** + Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. + + @return The size, in bytes, of the context buffer required for MD5 hash operations. + +**/ +UINTN +EFIAPI +Md5GetContextSize ( + VOID + ) +{ + // + // Retrieves the OpenSSL MD5 Context Size + // + return (UINTN)(sizeof (MD5_CTX)); +} + + +/** + Initializes user-supplied memory pointed by Md5Context as MD5 hash context for + subsequent use. + + If Md5Context is NULL, then ASSERT(). + + @param[in, out] Md5Context Pointer to MD5 Context being initialized. + + @retval TRUE MD5 context initialization succeeded. + @retval FALSE MD5 context initialization failed. + +**/ +BOOLEAN +EFIAPI +Md5Init ( + IN OUT VOID *Md5Context + ) +{ + // + // ASSERT if Md5Context is NULL. + // + ASSERT (Md5Context != NULL); + + // + // OpenSSL MD5 Context Initialization + // + return (BOOLEAN) (MD5_Init ((MD5_CTX *)Md5Context)); +} + + +/** + Performs MD5 digest on a data buffer of the specified length. This function can + be called multiple times to compute the digest of long or discontinuous data streams. + + If Md5Context is NULL, then ASSERT(). + + @param[in, out] Md5Context Pointer to the MD5 context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataLength Length of Data buffer in bytes. + + @retval TRUE MD5 data digest succeeded. + @retval FALSE Invalid MD5 context. After Md5Final function has been called, the + MD5 context cannot be reused. + +**/ +BOOLEAN +EFIAPI +Md5Update ( + IN OUT VOID *Md5Context, + IN CONST VOID *Data, + IN UINTN DataLength + ) +{ + // + // ASSERT if Md5Context is NULL + // + ASSERT (Md5Context != NULL); + + // + // ASSERT if invalid parameters, in case that only DataLength was checked in OpenSSL + // + if (Data == NULL) { + ASSERT (DataLength == 0); + } + + // + // OpenSSL MD5 Hash Update + // + return (BOOLEAN) (MD5_Update ((MD5_CTX *)Md5Context, Data, DataLength)); +} + + +/** + Completes MD5 hash computation and retrieves the digest value into the specified + memory. After this function has been called, the MD5 context cannot be used again. + + If Md5Context is NULL, then ASSERT(). + If HashValue is NULL, then ASSERT(). + + @param[in, out] Md5Context Pointer to the MD5 context + @param[out] HashValue Pointer to a buffer that receives the MD5 digest + value (16 bytes). + + @retval TRUE MD5 digest computation succeeded. + @retval FALSE MD5 digest computation failed. + +**/ +BOOLEAN +EFIAPI +Md5Final ( + IN OUT VOID *Md5Context, + OUT UINT8 *HashValue + ) +{ + // + // ASSERT if Md5Context is NULL or HashValue is NULL + // + ASSERT (Md5Context != NULL); + ASSERT (HashValue != NULL); + + // + // OpenSSL MD5 Hash Finalization + // + return (BOOLEAN) (MD5_Final (HashValue, (MD5_CTX *)Md5Context)); +} diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c new file mode 100644 index 0000000000..d774059300 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c @@ -0,0 +1,145 @@ +/** @file + SHA-1 Digest Wrapper Implementation over OpenSSL. + +Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include + +#include +#include + + +/** + Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations. + + @return The size, in bytes, of the context buffer required for SHA-1 hash operations. + +**/ +UINTN +EFIAPI +Sha1GetContextSize ( + VOID + ) +{ + // + // Retrieves OpenSSL SHA Context Size + // + return (UINTN)(sizeof (SHA_CTX)); +} + + +/** + Initializes user-supplied memory pointed by Sha1Context as the SHA-1 hash context for + subsequent use. + + If Sha1Context is NULL, then ASSERT(). + + @param[in, out] Sha1Context Pointer to the SHA-1 Context being initialized. + + @retval TRUE SHA-1 initialization succeeded. + @retval FALSE SHA-1 initialization failed. + +**/ +BOOLEAN +EFIAPI +Sha1Init ( + IN OUT VOID *Sha1Context + ) +{ + // + // ASSERT if Sha1Context is NULL + // + ASSERT (Sha1Context != NULL); + + // + // OpenSSL SHA-1 Context Initialization + // + return (BOOLEAN) (SHA1_Init ((SHA_CTX *)Sha1Context)); +} + + +/** + Performs SHA-1 digest on a data buffer of the specified length. This function can + be called multiple times to compute the digest of long or discontinuous data streams. + + If Sha1Context is NULL, then ASSERT(). + + @param[in, out] Sha1Context Pointer to the SHA-1 context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataLength Length of Data buffer in bytes. + + @retval TRUE SHA-1 data digest succeeded. + @retval FALSE Invalid SHA-1 context. After Sha1Final function has been called, the + SHA-1 context cannot be reused. + +**/ +BOOLEAN +EFIAPI +Sha1Update ( + IN OUT VOID *Sha1Context, + IN CONST VOID *Data, + IN UINTN DataLength + ) +{ + // + // ASSERT if Sha1Context is NULL + // + ASSERT (Sha1Context != NULL); + + // + // ASSERT if invalid parameters, in case that only DataLength was checked in OpenSSL + // + if (Data == NULL) { + ASSERT (DataLength == 0); + } + + // + // OpenSSL SHA-1 Hash Update + // + return (BOOLEAN) (SHA1_Update ((SHA_CTX *)Sha1Context, Data, DataLength)); +} + + +/** + Completes SHA-1 hash computation and retrieves the digest value into the specified + memory. After this function has been called, the SHA-1 context cannot be used again. + + If Sha1Context is NULL, then ASSERT(). + If HashValue is NULL, then ASSERT(). + + @param[in, out] Sha1Context Pointer to the SHA-1 context + @param[out] HashValue Pointer to a buffer that receives the SHA-1 digest + value (20 bytes). + + @retval TRUE SHA-1 digest computation succeeded. + @retval FALSE SHA-1 digest computation failed. + +**/ +BOOLEAN +EFIAPI +Sha1Final ( + IN OUT VOID *Sha1Context, + OUT UINT8 *HashValue + ) +{ + // + // ASSERT if Sha1Context is NULL or HashValue is NULL + // + ASSERT (Sha1Context != NULL); + ASSERT (HashValue != NULL); + + // + // OpenSSL SHA-1 Hash Finalization + // + return (BOOLEAN) (SHA1_Final (HashValue, (SHA_CTX *)Sha1Context)); +} diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c new file mode 100644 index 0000000000..9b566a4c59 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c @@ -0,0 +1,145 @@ +/** @file + SHA-256 Digest Wrapper Implementation over OpenSSL. + +Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include + +#include +#include + + +/** + Retrieves the size, in bytes, of the context buffer required for SHA-256 operations. + + @return The size, in bytes, of the context buffer required for SHA-256 operations. + +**/ +UINTN +EFIAPI +Sha256GetContextSize ( + VOID + ) +{ + // + // Retrieves OpenSSL SHA-256 Context Size + // + return (UINTN)(sizeof (SHA256_CTX)); +} + + +/** + Initializes user-supplied memory pointed by Sha256Context as SHA-256 hash context for + subsequent use. + + If Sha256Context is NULL, then ASSERT(). + + @param[in, out] Sha256Context Pointer to SHA-256 Context being initialized. + + @retval TRUE SHA-256 context initialization succeeded. + @retval FALSE SHA-256 context initialization failed. + +**/ +BOOLEAN +EFIAPI +Sha256Init ( + IN OUT VOID *Sha256Context + ) +{ + // + // ASSERT if Sha256Context is NULL + // + ASSERT (Sha256Context != NULL); + + // + // OpenSSL SHA-256 Context Initialization + // + return (BOOLEAN) (SHA256_Init ((SHA256_CTX *)Sha256Context)); +} + + +/** + Performs SHA-256 digest on a data buffer of the specified length. This function can + be called multiple times to compute the digest of long or discontinuous data streams. + + If Sha256Context is NULL, then ASSERT(). + + @param[in, out] Sha256Context Pointer to the SHA-256 context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataLength Length of Data buffer in bytes. + + @retval TRUE SHA-256 data digest succeeded. + @retval FALSE Invalid SHA-256 context. After Sha256Final function has been called, the + SHA-256 context cannot be reused. + +**/ +BOOLEAN +EFIAPI +Sha256Update ( + IN OUT VOID *Sha256Context, + IN CONST VOID *Data, + IN UINTN DataLength + ) +{ + // + // ASSERT if Sha256Context is NULL + // + ASSERT (Sha256Context != NULL); + + // + // ASSERT if invalid parameters, in case that only DataLength was checked in OpenSSL + // + if (Data == NULL) { + ASSERT (DataLength == 0); + } + + // + // OpenSSL SHA-256 Hash Update + // + return (BOOLEAN) (SHA256_Update ((SHA256_CTX *)Sha256Context, Data, DataLength)); +} + + +/** + Completes SHA-256 hash computation and retrieves the digest value into the specified + memory. After this function has been called, the SHA-256 context cannot be used again. + + If Sha256Context is NULL, then ASSERT(). + If HashValue is NULL, then ASSERT(). + + @param[in, out] Sha256Context Pointer to SHA-256 context + @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest + value (32 bytes). + + @retval TRUE SHA-256 digest computation succeeded. + @retval FALSE SHA-256 digest computation failed. + +**/ +BOOLEAN +EFIAPI +Sha256Final ( + IN OUT VOID *Sha256Context, + OUT UINT8 *HashValue + ) +{ + // + // ASSERT if Sha256Context is NULL or HashValue is NULL + // + ASSERT (Sha256Context != NULL); + ASSERT (HashValue != NULL); + + // + // OpenSSL SHA-256 Hash Finalization + // + return (BOOLEAN) (SHA256_Final (HashValue, (SHA256_CTX *)Sha256Context)); +} diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf new file mode 100644 index 0000000000..30061a68ff --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -0,0 +1,77 @@ +## @file +# Cryptographic Library Instance for PEIM. +# +# Copyright (c) 2010, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = PeiCryptLib + FILE_GUID = 9a2a4375-194c-4e97-9f67-547ec98d96ca + MODULE_TYPE = PEIM + VERSION_STRING = 1.0 + LIBRARY_CLASS = BaseCryptLib|PEIM PEI_CORE SEC + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + Hash/CryptMd5.c + Hash/CryptSha1.c + Hash/CryptSha256.c + Pk/CryptRsa.c + + SysCall/CrtWrapper.c + SysCall/HelperWrapper.c + SysCall/BaseMemAllocation.c + +[Sources.Ia32] + SysCall/Ia32/MathMultS64x64.c | MSFT + SysCall/Ia32/MathDivU64x64.c | MSFT + SysCall/Ia32/MathReminderU64x64.c | MSFT + SysCall/Ia32/MathLShiftS64.c | MSFT + SysCall/Ia32/MathRShiftU64.c | MSFT + + SysCall/Ia32/MathMultS64x64.c | INTEL + SysCall/Ia32/MathDivU64x64.c | INTEL + SysCall/Ia32/MathReminderU64x64.c | INTEL + SysCall/Ia32/MathLShiftS64.c | INTEL + SysCall/Ia32/MathRShiftU64.c | INTEL + + SysCall/Ia32/MathMultS64x64.S | GCC + SysCall/Ia32/MathDivU64x64.S | GCC + SysCall/Ia32/MathReminderU64x64.S | GCC + SysCall/Ia32/MathLShiftS64.S | GCC + SysCall/Ia32/MathRShiftU64.S | GCC + + SysCall/Ia32/Alloca.S | GCC + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + MemoryAllocationLib + DebugLib + OpensslLib + IntrinsicLib + +# +# Remove these [BuildOptions] after this library is cleaned up +# +[BuildOptions] + GCC:*_GCC44_IA32_CC_FLAGS = "-D__cdecl=__attribute__((cdecl))" "-D__declspec(t)=__attribute__((t))" + diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7.c new file mode 100644 index 0000000000..d0a6ea544a --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7.c @@ -0,0 +1,160 @@ +/** @file + PKCS#7 SignedData Verification Wrapper Implementation over OpenSSL. + +Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include +#include + +#include +#include +#include +#include + + +/** + Verifies the validility of a PKCS#7 signed data as described in "PKCS #7: Cryptographic + Message Syntax Standard". + + If P7Data is NULL, then ASSERT(). + + @param[in] P7Data Pointer to the PKCS#7 message to verify. + @param[in] P7Length Length of the PKCS#7 message in bytes. + @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which + is used for certificate chain verification. + @param[in] CertLength Length of the trusted certificate in bytes. + @param[in] InData Pointer to the content to be verified. + @param[in] DataLength Length of InData in bytes. + + @return TRUE The specified PKCS#7 signed data is valid. + @return FALSE Invalid PKCS#7 signed data. + +**/ +BOOLEAN +EFIAPI +Pkcs7Verify ( + IN CONST UINT8 *P7Data, + IN UINTN P7Length, + IN CONST UINT8 *TrustedCert, + IN UINTN CertLength, + IN CONST UINT8 *InData, + IN UINTN DataLength + ) +{ + PKCS7 *Pkcs7; + UINT8 *Content; + BIO *CertBio; + BIO *DataBio; + BOOLEAN Status; + X509 *Cert; + X509_STORE *CertStore; + + // + // ASSERT if P7Data is NULL + // + ASSERT (P7Data != NULL); + + Status = FALSE; + Pkcs7 = NULL; + CertBio = NULL; + DataBio = NULL; + Cert = NULL; + CertStore = NULL; + + // + // Register & Initialize necessary digest algorithms for PKCS#7 Handling + // + EVP_add_digest (EVP_md5()); + EVP_add_digest (EVP_sha1()); + EVP_add_digest (EVP_sha256()); + + // + // Retrieve PKCS#7 Data (DER encoding) + // + Pkcs7 = d2i_PKCS7 (NULL, &P7Data, (int)P7Length); + if (Pkcs7 == NULL) { + goto _Exit; + } + + // + // Check if it's PKCS#7 Signed Data (for Authenticode Scenario) + // + if (!PKCS7_type_is_signed (Pkcs7)) { + goto _Exit; + } + + // + // Check PKCS#7 embedded signed content with InData. + // + if (InData != NULL) { + // + // NOTE: PKCS7_dataDecode() didn't work for Authenticode-format signed data due to + // some authenticode-specific structure. Use opaque ASN.1 string to retrieve + // PKCS#7 ContentInfo here. + // + Content = (UINT8 *)(Pkcs7->d.sign->contents->d.other->value.asn1_string->data); + + // Ignore two bytes for DER encoding of ASN.1 "SEQUENCE" + if (CompareMem (Content + 2, InData, DataLength) != 0) { + goto _Exit; + } + } + + // + // Read DER-encoded root certificate and Construct X509 Certificate + // + CertBio = BIO_new (BIO_s_mem ()); + BIO_write (CertBio, TrustedCert, (int)CertLength); + if (CertBio == NULL) { + goto _Exit; + } + Cert = d2i_X509_bio (CertBio, NULL); + if (Cert == NULL) { + goto _Exit; + } + + // + // Setup X509 Store for trusted certificate + // + CertStore = X509_STORE_new (); + if (CertStore == NULL) { + goto _Exit; + } + if (!(X509_STORE_add_cert (CertStore, Cert))) { + goto _Exit; + } + + // + // For generic PKCS#7 handling, InData may be NULL if the content is present + // in PKCS#7 structure. So ignore NULL checking here. + // + DataBio = BIO_new (BIO_s_mem ()); + BIO_write (DataBio, InData, (int)DataLength); + + // + // Verifies the PKCS#7 signedData structure + // + Status = (BOOLEAN) PKCS7_verify (Pkcs7, NULL, CertStore, DataBio, NULL, 0); + +_Exit: + // + // Release Resources + // + BIO_free (DataBio); + BIO_free (CertBio); + X509_free (Cert); + X509_STORE_free (CertStore); + PKCS7_free (Pkcs7); + + return Status; +} diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsa.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsa.c new file mode 100644 index 0000000000..763213ab6b --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsa.c @@ -0,0 +1,277 @@ +/** @file + RSA Asymmetric Cipher Wrapper Implementation over OpenSSL. + +Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include +#include + +#include +#include + + +/** + Allocates and Initializes one RSA Context for subsequent use. + + @return Pointer to the RSA Context that has been initialized. + If the allocations fails, RsaNew() returns NULL. + +**/ +VOID * +EFIAPI +RsaNew ( + VOID + ) +{ + // + // Allocates & Initializes RSA Context by OpenSSL RSA_new() + // + return (VOID *)RSA_new (); +} + + +/** + Release the specified RSA Context. + + @param[in] RsaContext Pointer to the RSA context to be released. + +**/ +VOID +EFIAPI +RsaFree ( + IN VOID *RsaContext + ) +{ + // + // Free OpenSSL RSA Context + // + RSA_free ((RSA *)RsaContext); +} + + +/** + Sets the tag-designated RSA key component into the established RSA context from + the user-specified nonnegative integer (octet string format represented in RSA + PKCS#1). + + If RsaContext is NULL, then ASSERT(). + + @param[in, out] RsaContext Pointer to RSA context being set. + @param[in] KeyTag Tag of RSA key component being set. + @param[in] BigNumber Pointer to octet integer buffer. + @param[in] BnLength Length of big number buffer in bytes. + + @return TRUE RSA key component was set successfully. + @return FALSE Invalid RSA key component tag. + +**/ +BOOLEAN +EFIAPI +RsaSetKey ( + IN OUT VOID *RsaContext, + IN RSA_KEY_TAG KeyTag, + IN CONST UINT8 *BigNumber, + IN UINTN BnLength + ) +{ + RSA *RsaKey; + + // + // ASSERT if RsaContext is NULL + // + ASSERT (RsaContext != NULL); + + + RsaKey = (RSA *)RsaContext; + // + // Set RSA Key Components by converting octet string to OpenSSL BN representation. + // NOTE: For RSA public key (used in signature verification), only public components + // (N, e) are needed. + // + switch (KeyTag) { + + // + // RSA Public Modulus (N) + // + case RsaKeyN: + if (RsaKey->n != NULL) { + BN_free (RsaKey->n); + } + RsaKey->n = BN_bin2bn (BigNumber, (int)BnLength, RsaKey->n); + break; + + // + // RSA Public Exponent (e) + // + case RsaKeyE: + if (RsaKey->e != NULL) { + BN_free (RsaKey->e); + } + RsaKey->e = BN_bin2bn (BigNumber, (int)BnLength, RsaKey->e); + break; + + // + // RSA Private Exponent (d) + // + case RsaKeyD: + if (RsaKey->d != NULL) { + BN_free (RsaKey->d); + } + RsaKey->d = BN_bin2bn (BigNumber, (int)BnLength, RsaKey->d); + break; + + // + // RSA Secret Prime Factor of Modulus (p) + // + case RsaKeyP: + if (RsaKey->p != NULL) { + BN_free (RsaKey->p); + } + RsaKey->p = BN_bin2bn (BigNumber, (int)BnLength, RsaKey->p); + break; + + // + // RSA Secret Prime Factor of Modules (q) + // + case RsaKeyQ: + if (RsaKey->q != NULL) { + BN_free (RsaKey->q); + } + RsaKey->q = BN_bin2bn (BigNumber, (int)BnLength, RsaKey->q); + break; + + // + // p's CRT Exponent (== d mod (p - 1)) + // + case RsaKeyDp: + if (RsaKey->dmp1 != NULL) { + BN_free (RsaKey->dmp1); + } + RsaKey->dmp1 = BN_bin2bn (BigNumber, (int)BnLength, RsaKey->dmp1); + break; + + // + // q's CRT Exponent (== d mod (q - 1)) + // + case RsaKeyDq: + if (RsaKey->dmq1 != NULL) { + BN_free (RsaKey->dmq1); + } + RsaKey->dmq1 = BN_bin2bn (BigNumber, (int)BnLength, RsaKey->dmq1); + break; + + // + // The CRT Coefficient (== 1/q mod p) + // + case RsaKeyQInv: + if (RsaKey->iqmp != NULL) { + BN_free (RsaKey->iqmp); + } + RsaKey->iqmp = BN_bin2bn (BigNumber, (int)BnLength, RsaKey->iqmp); + break; + + default: + return FALSE; + } + + return TRUE; +} + + +/** + Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in + RSA PKCS#1. + + If RsaContext is NULL, then ASSERT(). + If MessageHash is NULL, then ASSERT(). + If Signature is NULL, then ASSERT(). + If HashLength is not equal to the size of MD5, SHA-1 or SHA-256 digest, then ASSERT(). + + @param[in] RsaContext Pointer to RSA context for signature verification. + @param[in] MessageHash Pointer to octet message hash to be checked. + @param[in] HashLength Length of the message hash in bytes. + @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified. + @param[in] SigLength Length of signature in bytes. + + @return TRUE Valid signature encoded in PKCS1-v1_5. + @return FALSE Invalid signature or invalid RSA context. + +**/ +BOOLEAN +EFIAPI +RsaPkcs1Verify ( + IN VOID *RsaContext, + IN CONST UINT8 *MessageHash, + IN UINTN HashLength, + IN UINT8 *Signature, + IN UINTN SigLength + ) +{ + INTN Length; + + // + // ASSERT if RsaContext, MessageHash or Signature is NULL + // + ASSERT (RsaContext != NULL); + ASSERT (MessageHash != NULL); + ASSERT (Signature != NULL); + + // + // ASSERT if unsupported hash length: + // Only MD5, SHA-1 or SHA-256 digest size is supported + // + ASSERT ((HashLength == MD5_DIGEST_SIZE) || (HashLength == SHA1_DIGEST_SIZE) || + (HashLength == SHA256_DIGEST_SIZE)); + + // + // RSA PKCS#1 Signature Decoding using OpenSSL RSA Decryption with Public Key + // + Length = RSA_public_decrypt ( + (int)SigLength, + Signature, + Signature, + RsaContext, + RSA_PKCS1_PADDING + ); + + // + // Invalid RSA Key or PKCS#1 Padding Checking Failed (if Length < 0) + // NOTE: Length should be the addition of HashLength and some DER value. + // Ignore more strict length checking here. + // + if (Length < (INTN) HashLength) { + return FALSE; + } + + // + // Validate the MessageHash and Decoded Signature + // NOTE: The decoded Signature should be the DER encoding of the DigestInfo value + // DigestInfo ::= SEQUENCE { + // digestAlgorithm AlgorithmIdentifier + // digest OCTET STRING + // } + // Then Memory Comparing should skip the DER value of the underlying SEQUENCE + // type and AlgorithmIdentifier. + // + if (CompareMem (MessageHash, Signature + Length - HashLength, HashLength) == 0) { + // + // Valid RSA PKCS#1 Signature + // + return TRUE; + } else { + // + // Failed to verification + // + return FALSE; + } +} diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf new file mode 100644 index 0000000000..d31095be20 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -0,0 +1,81 @@ +## @file +# Cryptographic Library Instance for DXE_RUNTIME_DRIVER +# +# Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = RuntimeCryptLib + FILE_GUID = 78189cc0-727d-46a4-84ea-f7dd860de64a + MODULE_TYPE = DXE_RUNTIME_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = BaseCryptLib + CONSTRUCTOR = RuntimeCryptLibConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF +# + +[Sources] + Hash/CryptMd5.c + Hash/CryptSha1.c + Hash/CryptSha256.c + Pk/CryptRsa.c + + SysCall/CrtWrapper.c + SysCall/TimerWrapper.c + SysCall/HelperWrapper.c + SysCall/RuntimeMemAllocation.c + +[Sources.Ia32] + SysCall/Ia32/MathMultS64x64.c | MSFT + SysCall/Ia32/MathDivU64x64.c | MSFT + SysCall/Ia32/MathReminderU64x64.c | MSFT + SysCall/Ia32/MathLShiftS64.c | MSFT + SysCall/Ia32/MathRShiftU64.c | MSFT + + SysCall/Ia32/MathMultS64x64.c | INTEL + SysCall/Ia32/MathDivU64x64.c | INTEL + SysCall/Ia32/MathReminderU64x64.c | INTEL + SysCall/Ia32/MathLShiftS64.c | INTEL + SysCall/Ia32/MathRShiftU64.c | INTEL + + SysCall/Ia32/MathMultS64x64.S | GCC + SysCall/Ia32/MathDivU64x64.S | GCC + SysCall/Ia32/MathReminderU64x64.S | GCC + SysCall/Ia32/MathLShiftS64.S | GCC + SysCall/Ia32/MathRShiftU64.S | GCC + + SysCall/Ia32/Alloca.S | GCC + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + MemoryAllocationLib + UefiBootServicesTableLib + UefiRuntimeServicesTableLib + DebugLib + OpensslLib + IntrinsicLib + +# +# Remove these [BuildOptions] after this library is cleaned up +# +[BuildOptions] + GCC:*_GCC44_IA32_CC_FLAGS = "-D__cdecl=__attribute__((cdecl))" "-D__declspec(t)=__attribute__((t))" + diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c b/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c new file mode 100644 index 0000000000..68bc25aba6 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c @@ -0,0 +1,42 @@ +/** @file + Base Memory Allocation Routines Wrapper for Crypto library over OpenSSL + during PEI & DXE phases. + +Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + +// +// -- Memory-Allocation Routines -- +// + +/* Allocates memory blocks */ +void *malloc (size_t size) +{ + return AllocatePool ((UINTN)size); +} + +/* Reallocate memory blocks */ +void *realloc (void *ptr, size_t size) +{ + // + // BUG: hardcode OldSize == size! We have no any knowledge about + // memory size of original pointer ptr. + // + return ReallocatePool ((UINTN)size, (UINTN)size, ptr); +} + +/* De-allocates or frees a memory block */ +void free (void *ptr) +{ + FreePool (ptr); +} diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c new file mode 100644 index 0000000000..4bef42ee7a --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c @@ -0,0 +1,281 @@ +/** @file + C Run-Time Libraries (CRT) Wrapper Implementation for OpenSSL-based + Cryptographic Library. + +Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + +typedef +INTN +(*SORT_COMPARE)( + IN VOID *Buffer1, + IN VOID *Buffer2 + ); + +// +// Duplicated from EDKII BaseSortLib for qsort() wrapper +// +STATIC +VOID +QuickSortWorker ( + IN OUT VOID *BufferToSort, + IN CONST UINTN Count, + IN CONST UINTN ElementSize, + IN SORT_COMPARE CompareFunction, + IN VOID *Buffer + ) +{ + VOID *Pivot; + UINTN LoopCount; + UINTN NextSwapLocation; + + ASSERT(BufferToSort != NULL); + ASSERT(CompareFunction != NULL); + ASSERT(Buffer != NULL); + + if (Count < 2 || ElementSize < 1) { + return; + } + + NextSwapLocation = 0; + + // + // Pick a pivot (we choose last element) + // + Pivot = ((UINT8 *)BufferToSort + ((Count - 1) * ElementSize)); + + // + // Now get the pivot such that all on "left" are below it + // and everything "right" are above it + // + for (LoopCount = 0; LoopCount < Count - 1; LoopCount++) + { + // + // If the element is less than the pivot + // + if (CompareFunction ((VOID *)((UINT8 *)BufferToSort + ((LoopCount) * ElementSize)), Pivot) <= 0) { + // + // Swap + // + CopyMem (Buffer, (UINT8 *)BufferToSort + (NextSwapLocation * ElementSize), ElementSize); + CopyMem ((UINT8 *)BufferToSort + (NextSwapLocation * ElementSize), (UINT8 *)BufferToSort + ((LoopCount) * ElementSize), ElementSize); + CopyMem ((UINT8 *)BufferToSort + ((LoopCount) * ElementSize), Buffer, ElementSize); + + // + // Increment NextSwapLocation + // + NextSwapLocation++; + } + } + // + // Swap pivot to it's final position (NextSwapLocaiton) + // + CopyMem (Buffer, Pivot, ElementSize); + CopyMem (Pivot, (UINT8 *)BufferToSort + (NextSwapLocation * ElementSize), ElementSize); + CopyMem ((UINT8 *)BufferToSort + (NextSwapLocation * ElementSize), Buffer, ElementSize); + + // + // Now recurse on 2 paritial lists. Neither of these will have the 'pivot' element. + // IE list is sorted left half, pivot element, sorted right half... + // + QuickSortWorker ( + BufferToSort, + NextSwapLocation, + ElementSize, + CompareFunction, + Buffer + ); + + QuickSortWorker ( + (UINT8 *)BufferToSort + (NextSwapLocation + 1) * ElementSize, + Count - NextSwapLocation - 1, + ElementSize, + CompareFunction, + Buffer + ); + + return; +} + +//--------------------------------------------------------- +// Standard C Run-time Library Interface Wrapper +//--------------------------------------------------------- + +// +// -- String Manipulation Routines -- +// + +/* Scan a string for the last occurrence of a character */ +char *strrchr (const char *str, int c) +{ + char * save; + + for (save = NULL; ; ++str) { + if (*str == c) { + save = (char *)str; + } + if (*str == 0) { + return (save); + } + } +} + +/* Read formatted data from a string */ +int sscanf (const char *buffer, const char *format, ...) +{ + // + // Null sscanf() function implementation to satisfy the linker, since + // no direct functionality logic dependency in present UEFI cases. + // + return 0; +} + +// +// -- Character Classification Routines -- +// + +/* Determines if a particular character is a decimal-digit character */ +int isdigit (int c) +{ + // + // ::= [0-9] + // + return (('0' <= (c)) && ((c) <= '9')); +} + +/* Determine if an integer represents character that is a hex digit */ +int isxdigit (int c) +{ + // + // ::= [0-9] | [a-f] | [A-F] + // + return ((('0' <= (c)) && ((c) <= '9')) || + (('a' <= (c)) && ((c) <= 'f')) || + (('A' <= (c)) && ((c) <= 'F'))); +} + +/* Determines if a particular character represents a space character */ +int isspace (int c) +{ + // + // ::= [ ] + // + return ((c) == ' '); +} + +/* Determine if a particular character is an alphanumeric character */ +int isalnum (int c) +{ + // + // ::= [0-9] | [a-z] | [A-Z] + // + return ((('0' <= (c)) && ((c) <= '9')) || + (('a' <= (c)) && ((c) <= 'z')) || + (('A' <= (c)) && ((c) <= 'Z'))); +} + +/* Determines if a particular character is in upper case */ +int isupper (int c) +{ + // + // := [A-Z] + // + return (('A' <= (c)) && ((c) <= 'Z')); +} + +// +// -- Data Conversion Routines -- +// + +/* Convert strings to a long-integer value */ +long strtol (const char *nptr, char **endptr, int base) +{ + // + // Null strtol() function implementation to satisfy the linker, since there is + // no direct functionality logic dependency in present UEFI cases. + // + return 0; +} + +/* Convert strings to an unsigned long-integer value */ +unsigned long strtoul (const char *nptr, char **endptr, int base) +{ + // + // Null strtoul() function implementation to satisfy the linker, since there is + // no direct functionality logic dependency in present UEFI cases. + // + return 0; +} + +/* Convert character to lowercase */ +int tolower (int c) +{ + if (('A' <= (c)) && ((c) <= 'Z')) { + return (c - ('A' - 'a')); + } + return (c); +} + +// +// -- Searching and Sorting Routines -- +// + +/* Performs a quick sort */ +void qsort (void *base, size_t num, size_t width, int (*compare)(const void *, const void *)) +{ + VOID *Buffer; + + ASSERT (base != NULL); + ASSERT (compare != NULL); + + Buffer = AllocatePool (width); + ASSERT (Buffer != NULL); + + // + // Re-use PerformQuickSort() function Implementation in EDKII BaseSortLib. + // + QuickSortWorker (base, (UINTN)num, (UINTN)width, (SORT_COMPARE)compare, Buffer); + + FreePool (Buffer); + return; +} + +// +// -- Process and Environment Control Routines -- +// + +/* Get a value from the current environment */ +char *getenv (const char *varname) +{ + // + // Null getenv() function implementation to satisfy the linker, since there is + // no direct functionality logic dependency in present UEFI cases. + // + return NULL; +} + +// +// -- Stream I/O Routines -- +// + +/* Write formatted output using a pointer to a list of arguments */ +int vfprintf (FILE *stream, const char *format, VA_LIST arg) +{ + return 0; +} + +/* Write data to a stream */ +size_t fwrite (const void *buffer, size_t size, size_t count, FILE *stream) +{ + return 0; +} diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/HelperWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/HelperWrapper.c new file mode 100644 index 0000000000..bf4399ca08 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/HelperWrapper.c @@ -0,0 +1,54 @@ +/** @file + Wrapper Implementation of Helper Routines produced by the C Compiler + for the OpenSSL-based Cryptographic Library. + +Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + +//--------------------------------------------------------- +// Helper Routines Wrapper +//--------------------------------------------------------- + +/* Divides a 64-bit signed value with a 64-bit signed value and returns + a 64-bit signed quotient and reminder */ +void _aulldvrm () +{ + // + // Null _aulldvrm() Math function implementation to satisfy the linker, since + // there is no direct functionality logic dependency in present UEFI cases. + // + return; +} + + +/* Converts a scalar double-precision floating point value to a 32-bit integer */ +long _ftol2_sse (double dblSource) +{ + // + // OpenSSL uses this function due to using floating-point inside it. + // It is only present in 32-bit versions of the compiler. + // Null _ftol2_sse() function implementation to satisfy the linker, since + // there is no direct functionality logic dependency in present UEFI cases. + // + return 0; +} + +/* Converts a scalar double-precision floating point value to a 32-bit integer */ +long _ftol2 (double dblSource) +{ + // + // Null _ftol2() function implementation to satisfy the linker, since + // there is no direct functionality logic dependency in present UEFI cases. + // + return 0; +} diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/Alloca.S b/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/Alloca.S new file mode 100644 index 0000000000..8496833ac8 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/Alloca.S @@ -0,0 +1,59 @@ +#------------------------------------------------------------------------------ +# +# Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php. +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +# Module Name: +# +# Alloca.S +# +# Abstract: +# +# Implementation for allocation of automatically reclaimed memory, which is +# used to allocate space off the runtime stack. +# (NOTE: There is a assumption in this code that the page size equal to 4K) +# +#------------------------------------------------------------------------------ + + + .686: + .code: + +ASM_GLOBAL ASM_PFX(_alloca) + +#------------------------------------------------------------------------------ +# +# void __cdecl _alloca (unsigned size) +# +#------------------------------------------------------------------------------ +ASM_PFX(_alloca): + + pushl %ecx + cmpl $0x1000, %eax + leal 8(%esp), %ecx + jb LastPage + +ProbePages: + subl $0x1000, %ecx + subl $0x1000, %eax + testl %eax, 0(%ecx) + cmpl $0x1000, %eax + jae ProbePages + +LastPage: + subl %eax, %ecx + movl %esp, %eax + testl %eax, 0(%ecx) + + movl %ecx, %esp + movl 0(%eax), %ecx + movl 4(%eax), %eax + pushl %eax + + ret diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathDivU64x64.S b/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathDivU64x64.S new file mode 100644 index 0000000000..f46d5b84f4 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathDivU64x64.S @@ -0,0 +1,83 @@ +#------------------------------------------------------------------------------ +# +# Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php. +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +# Module Name: +# +# MathDivU64x64.S +# +# Abstract: +# +# 64-bit Math Worker Function. +# Divides a 64-bit unsigned value with a 64-bit unsigned value and returns +# a 64-bit unsigned result. +# +#------------------------------------------------------------------------------ + + .686: + .code: + +ASM_GLOBAL ASM_PFX(__udivdi3), ASM_PFX(DivU64x64Remainder) + +#------------------------------------------------------------------------------ +# +# void __cdecl __udivdi3 (void) +# +#------------------------------------------------------------------------------ +ASM_PFX(__udivdi3): + # Original local stack when calling __udivdi3 + # ----------------- + # | | + # |---------------| + # | | + # |-- Divisor --| + # | | + # |---------------| + # | | + # |-- Dividend --| + # | | + # |---------------| + # | ReturnAddr** | + # ESP---->|---------------| + # + + # + # Set up the local stack for NULL Reminder pointer + # + xorl %eax, %eax + push %eax + + # + # Set up the local stack for Divisor parameter + # + movl 20(%esp), %eax + push %eax + movl 20(%esp), %eax + push %eax + + # + # Set up the local stack for Dividend parameter + # + movl 20(%esp), %eax + push %eax + movl 20(%esp), %eax + push %eax + + # + # Call native DivU64x64Remainder of BaseLib + # + jmp ASM_PFX(DivU64x64Remainder) + + # + # Adjust stack + # + addl $20, %esp + + ret $16 diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathDivU64x64.c b/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathDivU64x64.c new file mode 100644 index 0000000000..4011653ae5 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathDivU64x64.c @@ -0,0 +1,88 @@ +/** @file + 64-bit Math Worker Function. + The 32-bit versions of C compiler generate calls to library routines + to handle 64-bit math. These functions use non-standard calling conventions. + +Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + + +/* + * Divides a 64-bit unsigned value with a 64-bit unsigned value and returns + * a 64-bit unsigned result. + */ +__declspec(naked) void __cdecl _aulldiv (void) +{ + // + // Wrapper Implementation over EDKII DivU64x64Reminder() routine + // UINT64 + // EFIAPI + // DivU64x64Remainder ( + // IN UINT64 Dividend, + // IN UINT64 Divisor, + // OUT UINT64 *Remainder OPTIONAL + // ) + // + _asm { + + ; Original local stack when calling _aulldiv + ; ----------------- + ; | | + ; |---------------| + ; | | + ; |-- Divisor --| + ; | | + ; |---------------| + ; | | + ; |-- Dividend --| + ; | | + ; |---------------| + ; | ReturnAddr** | + ; ESP---->|---------------| + ; + + ; + ; Set up the local stack for NULL Reminder pointer + ; + xor eax, eax + push eax + + ; + ; Set up the local stack for Divisor parameter + ; + mov eax, [esp + 20] + push eax + mov eax, [esp + 20] + push eax + + ; + ; Set up the local stack for Dividend parameter + ; + mov eax, [esp + 20] + push eax + mov eax, [esp + 20] + push eax + + ; + ; Call native DivU64x64Remainder of BaseLib + ; + call DivU64x64Remainder + + ; + ; Adjust stack + ; + add esp, 20 + + ret 16 + } +} diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathLShiftS64.S b/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathLShiftS64.S new file mode 100644 index 0000000000..e89f553a08 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathLShiftS64.S @@ -0,0 +1,62 @@ +#------------------------------------------------------------------------------ +# +# Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php. +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +# Module Name: +# +# MathLShiftS64.S +# +# Abstract: +# +# 64-bit Math Worker Function. +# Shifts a 64-bit signed value left by a certain number of bits. +# +#------------------------------------------------------------------------------ + + .686: + .code: + +ASM_GLOBAL ASM_PFX(__ashldi3) + +#------------------------------------------------------------------------------ +# +# void __cdecl __ashldi3 (void) +# +#------------------------------------------------------------------------------ +ASM_PFX(__ashldi3): + # + # Handle shifting of 64 or more bits (return 0) + # + cmpb $64, %cl + jae ReturnZero + + # + # Handle shifting of between 0 and 31 bits + # + cmpb $32, %cl + jae More32 + shld %cl, %eax, %edx + shl %cl, %eax + ret + + # + # Handle shifting of between 32 and 63 bits + # +More32: + movl %eax, %edx + xor %eax, %eax + and $31, %cl + shl %cl, %edx + ret + +ReturnZero: + xor %eax, %eax + xor %edx, %edx + ret diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathLShiftS64.c b/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathLShiftS64.c new file mode 100644 index 0000000000..2ea628a007 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathLShiftS64.c @@ -0,0 +1,54 @@ +/** @file + 64-bit Math Worker Function. + The 32-bit versions of C compiler generate calls to library routines + to handle 64-bit math. These functions use non-standard calling conventions. + +Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + + +/* + * Shifts a 64-bit signed value left by a particular number of bits. + */ +__declspec(naked) void __cdecl _allshl (void) +{ + _asm { + ; + ; Handle shifting of 64 or more bits (return 0) + ; + cmp cl, 64 + jae short ReturnZero + + ; + ; Handle shifting of between 0 and 31 bits + ; + cmp cl, 32 + jae short More32 + shld edx, eax, cl + shl eax, cl + ret + + ; + ; Handle shifting of between 32 and 63 bits + ; +More32: + mov edx, eax + xor eax, eax + and cl, 31 + shl edx, cl + ret + +ReturnZero: + xor eax,eax + xor edx,edx + ret + } +} diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathMultS64x64.S b/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathMultS64x64.S new file mode 100644 index 0000000000..8a5f330e45 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathMultS64x64.S @@ -0,0 +1,77 @@ +#------------------------------------------------------------------------------ +# +# Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php. +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +# Module Name: +# +# MathMultS64x64.S +# +# Abstract: +# +# 64-bit Math Worker Function. +# Multiplies a 64-bit signed or unsigned value by a 64-bit signed or unsigned value +# and returns a 64-bit result +# +#------------------------------------------------------------------------------ + + .686: + .code: + +ASM_GLOBAL ASM_PFX(_mulll), ASM_PFX(MultS64x64) + +#------------------------------------------------------------------------------ +# +# void __cdecl __mulll (void) +# +#------------------------------------------------------------------------------ +ASM_PFX(__mulll): + # Original local stack when calling __mulll + # ----------------- + # | | + # |---------------| + # | | + # |--Multiplier --| + # | | + # |---------------| + # | | + # |--Multiplicand-| + # | | + # |---------------| + # | ReturnAddr** | + # ESP---->|---------------| + # + + # + # Set up the local stack for Multiplicand parameter + # + movl 16(%esp), %eax + push %eax + movl 16(%esp), %eax + push %eax + + # + # Set up the local stack for Multiplier parameter + # + movl 16(%esp), %eax + push %eax + movl 16(%esp), %eax + push %eax + + # + # Call native MulS64x64 of BaseLib + # + jmp ASM_PFX(MultS64x64) + + # + # Adjust stack + # + add $16, %esp + + ret $16 diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathMultS64x64.c b/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathMultS64x64.c new file mode 100644 index 0000000000..17a20bf629 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathMultS64x64.c @@ -0,0 +1,79 @@ +/** @file + 64-bit Math Worker Function. + The 32-bit versions of C compiler generate calls to library routines + to handle 64-bit math. These functions use non-standard calling conventions. + +Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + +/* + * Multiplies a 64-bit signed or unsigned value by a 64-bit signed or unsigned value + * and returns a 64-bit result. + */ +__declspec(naked) void __cdecl _allmul (void) +{ + // + // Wrapper Implementation over EDKII MultS64x64() routine + // INT64 + // EFIAPI + // MultS64x64 ( + // IN INT64 Multiplicand, + // IN INT64 Multiplier + // ) + // + _asm { + ; Original local stack when calling _allmul + ; ----------------- + ; | | + ; |---------------| + ; | | + ; |--Multiplier --| + ; | | + ; |---------------| + ; | | + ; |--Multiplicand-| + ; | | + ; |---------------| + ; | ReturnAddr** | + ; ESP---->|---------------| + ; + + ; + ; Set up the local stack for Multiplicand parameter + ; + mov eax, [esp + 16] + push eax + mov eax, [esp + 16] + push eax + + ; + ; Set up the local stack for Multiplier parameter + ; + mov eax, [esp + 16] + push eax + mov eax, [esp + 16] + push eax + + ; + ; Call native MulS64x64 of BaseLib + ; + call MultS64x64 + + ; + ; Adjust stack + ; + add esp, 16 + + ret 16 + } +} diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathRShiftU64.S b/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathRShiftU64.S new file mode 100644 index 0000000000..3a8a132564 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathRShiftU64.S @@ -0,0 +1,66 @@ +#------------------------------------------------------------------------------ +# +# Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php. +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +# Module Name: +# +# MathRShiftU64.S +# +# Abstract: +# +# 64-bit Math Worker Function. +# Shifts a 64-bit unsigned value right by a certain number of bits. +# +#------------------------------------------------------------------------------ + + + .686: + .code: + +ASM_GLOBAL ASM_PFX(__ashrdi3) + +#------------------------------------------------------------------------------ +# +# void __cdecl __ashrdi3 (void) +# +#------------------------------------------------------------------------------ +ASM_PFX(__ashrdi3): + # + # Checking: Only handle 64bit shifting or more + # + cmpb $64, %cl + jae _Exit + + # + # Handle shifting between 0 and 31 bits + # + cmpb $32, %cl + jae More32 + shrd %cl, %edx, %eax + shr %cl, %edx + ret + + # + # Handle shifting of 32-63 bits + # +More32: + movl %edx, %eax + xor %edx, %edx + and $32, %cl + shr %cl, %eax + ret + + # + # Invalid number (less then 32bits), return 0 + # +_Exit: + xor %eax, %eax + xor %edx, %edx + ret diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathRShiftU64.c b/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathRShiftU64.c new file mode 100644 index 0000000000..b7224d6455 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathRShiftU64.c @@ -0,0 +1,57 @@ +/** @file + 64-bit Math Worker Function. + The 32-bit versions of C compiler generate calls to library routines + to handle 64-bit math. These functions use non-standard calling conventions. + +Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + + +/* + * Shifts a 64-bit unsigned value right by a certain number of bits. + */ +__declspec(naked) void __cdecl _aullshr (void) +{ + _asm { + ; + ; Checking: Only handle 64bit shifting or more + ; + cmp cl, 64 + jae _Exit + + ; + ; Handle shifting between 0 and 31 bits + ; + cmp cl, 32 + jae More32 + shrd eax, edx, cl + shr edx, cl + ret + + ; + ; Handle shifting of 32-63 bits + ; +More32: + mov eax, edx + xor edx, edx + and cl, 31 + shr eax, cl + ret + + ; + ; Invalid number (less then 32bits), return 0 + ; +_Exit: + xor eax, eax + xor edx, edx + ret + } +} diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathReminderU64x64.S b/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathReminderU64x64.S new file mode 100644 index 0000000000..7c1f971644 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathReminderU64x64.S @@ -0,0 +1,89 @@ +#------------------------------------------------------------------------------ +# +# Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php. +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +# Module Name: +# +# MathReminderU64x64.S +# +# Abstract: +# +# 64-bit Math Worker Function. +# Divides a 64-bit unsigned value by another 64-bit unsigned value and returns +# the 64-bit unsigned remainder +# +#------------------------------------------------------------------------------ + + .686: + .code: + +ASM_GLOBAL ASM_PFX(__umoddi3), ASM_PFX(DivU64x64Remainder) + +#------------------------------------------------------------------------------ +# +# void __cdecl __umoddi3 (void) +# +#------------------------------------------------------------------------------ +ASM_PFX(__umoddi3): + # Original local stack when calling __umoddi3 + # ----------------- + # | | + # |---------------| + # | | + # |-- Divisor --| + # | | + # |---------------| + # | | + # |-- Dividend --| + # | | + # |---------------| + # | ReturnAddr** | + # ESP---->|---------------| + # + + # + # Set up the local stack for Reminder pointer + # + sub $8, %esp + push %esp + + # + # Set up the local stack for Divisor parameter + # + movl 28(%esp), %eax + push %eax + movl 28(%esp), %eax + push %eax + + # + # Set up the local stack for Dividend parameter + # + movl 28(%esp), %eax + push %eax + movl 28(%esp), %eax + push %eax + + # + # Call native DivU64x64Remainder of BaseLib + # + jmp ASM_PFX(DivU64x64Remainder) + + # + # Put the Reminder in EDX:EAX as return value + # + movl 20(%esp), %eax + movl 24(%esp), %edx + + # + # Adjust stack + # + add $28, %esp + + ret $16 diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathReminderU64x64.c b/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathReminderU64x64.c new file mode 100644 index 0000000000..be70770ebb --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/MathReminderU64x64.c @@ -0,0 +1,93 @@ +/** @file + 64-bit Math Worker Function. + The 32-bit versions of C compiler generate calls to library routines + to handle 64-bit math. These functions use non-standard calling conventions. + +Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + + +/* + * Divides a 64-bit unsigned value by another 64-bit unsigned value and returns + * the 64-bit unsigned remainder. + */ +__declspec(naked) void __cdecl _aullrem(void) +{ + // + // Wrapper Implementation over EDKII DivU64x64Remainder() routine + // UINT64 + // EFIAPI + // DivU64x64Remainder ( + // IN UINT64 Dividend, + // IN UINT64 Divisor, + // OUT UINT64 *Remainder OPTIONAL + // ) + // + _asm { + ; Original local stack when calling _aullrem + ; ----------------- + ; | | + ; |---------------| + ; | | + ; |-- Divisor --| + ; | | + ; |---------------| + ; | | + ; |-- Dividend --| + ; | | + ; |---------------| + ; | ReturnAddr** | + ; ESP---->|---------------| + ; + + ; + ; Set up the local stack for Reminder pointer + ; + sub esp, 8 + push esp + + ; + ; Set up the local stack for Divisor parameter + ; + mov eax, [esp + 28] + push eax + mov eax, [esp + 28] + push eax + + ; + ; Set up the local stack for Dividend parameter + ; + mov eax, [esp + 28] + push eax + mov eax, [esp + 28] + push eax + + ; + ; Call native DivU64x64Remainder of BaseLib + ; + call DivU64x64Remainder + + ; + ; Put the Reminder in EDX:EAX as return value + ; + mov eax, [esp + 20] + mov edx, [esp + 24] + + ; + ; Adjust stack + ; + add esp, 28 + + ret 16 + } +} diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c b/CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c new file mode 100644 index 0000000000..f615ae8f90 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c @@ -0,0 +1,438 @@ +/** @file + Light-weight Memory Management Routines for OpenSSL-based Crypto + Library at Runtime Phase. + +Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include +#include +#include + +//---------------------------------------------------------------- +// Initial version. Needs further optimizations. +//---------------------------------------------------------------- + +// +// Definitions for Runtime Memory Operations +// +#define RT_PAGE_SIZE 0x200 +#define RT_PAGE_MASK 0x1FF +#define RT_PAGE_SHIFT 9 + +#define RT_SIZE_TO_PAGES(a) (((a) >> RT_PAGE_SHIFT) + (((a) & RT_PAGE_MASK) ? 1 : 0)) +#define RT_PAGES_TO_SIZE(a) ((a) << RT_PAGE_SHIFT) + +// +// Page Flag Definitions +// +#define RT_PAGE_FREE 0x00000000 +#define RT_PAGE_USED 0x00000001 + +#define MIN_REQUIRED_BLOCKS 24 + +// +// Memory Page Table +// +typedef struct { + UINTN StartPageOffset; // Offset of the starting page allocated. + // Only available for USED pages. + UINT32 PageFlag; // Page Attributes. +} RT_MEMORY_PAGE_ENTRY; + +typedef struct { + UINTN PageCount; + UINTN LastEmptyPageOffset; + UINT8 *DataAreaBase; // Pointer to data Area. + RT_MEMORY_PAGE_ENTRY Pages[1]; // Page Table Entries. +} RT_MEMORY_PAGE_TABLE; + +// +// Global Page Table for Runtime Cryptographic Provider. +// +RT_MEMORY_PAGE_TABLE *mRTPageTable = NULL; + +// +// Event for Runtime Address Conversion. +// +EFI_EVENT mVirtualAddressChangeEvent; + + +/** + Initializes pre-allocated memory pointed by ScratchBuffer for subsequent + runtime use. + + @param[in, out] ScratchBuffer Pointer to user-supplied memory buffer. + @param[in] ScratchBufferSize Size of supplied buffer in bytes. + + @retval EFI_SUCCESS Successful initialization. + +**/ +EFI_STATUS +InitializeScratchMemory ( + IN OUT UINT8 *ScratchBuffer, + IN UINTN ScratchBufferSize + ) +{ + UINTN Index; + UINTN MemorySize; + + // + // Parameters Checking + // + if (ScratchBuffer == NULL) { + return EFI_INVALID_PARAMETER; + } + + if (ScratchBufferSize < MIN_REQUIRED_BLOCKS * 1024) { + return EFI_BUFFER_TOO_SMALL; + } + + mRTPageTable = (RT_MEMORY_PAGE_TABLE *)ScratchBuffer; + + // + // Initialize Internal Page Table for Memory Management + // + SetMem (mRTPageTable, ScratchBufferSize, 0xFF); + MemorySize = ScratchBufferSize - sizeof (RT_MEMORY_PAGE_TABLE) + sizeof (RT_MEMORY_PAGE_ENTRY); + + mRTPageTable->PageCount = MemorySize / (RT_PAGE_SIZE + sizeof (RT_MEMORY_PAGE_ENTRY)); + mRTPageTable->LastEmptyPageOffset = 0x0; + + for (Index = 0; Index < mRTPageTable->PageCount; Index++) { + mRTPageTable->Pages[Index].PageFlag = RT_PAGE_FREE; + mRTPageTable->Pages[Index].StartPageOffset = 0; + } + + mRTPageTable->DataAreaBase = ScratchBuffer + sizeof (RT_MEMORY_PAGE_TABLE) + + (mRTPageTable->PageCount - 1) * sizeof (RT_MEMORY_PAGE_ENTRY); + + return EFI_SUCCESS; +} + + +/** + Look-up Free memory Region for object allocation. + + @param[in] AllocationSize Bytes to be allocated. + + @return Return available page offset for object allocation. + +**/ +UINTN +LookupFreeMemRegion ( + IN UINTN AllocationSize + ) +{ + UINTN StartPageIndex; + UINTN Index; + UINTN SubIndex; + UINTN ReqPages; + + StartPageIndex = RT_SIZE_TO_PAGES (mRTPageTable->LastEmptyPageOffset); + ReqPages = RT_SIZE_TO_PAGES (AllocationSize); + + // + // Look up the free memory region with in current memory map table. + // + for (Index = StartPageIndex; Index <= (mRTPageTable->PageCount - ReqPages); ) { + // + // Check consecutive ReqPages pages. + // + for (SubIndex = 0; SubIndex < ReqPages; SubIndex++) { + if ((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED) != 0) { + break; + } + } + + if (SubIndex == ReqPages) { + // + // Succeed! Return the Starting Offset. + // + return RT_PAGES_TO_SIZE (Index); + } + + // + // Failed! Skip current free memory pages and adjacent Used pages + // + while ((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED) != 0) { + SubIndex++; + } + + Index += SubIndex; + } + + // + // Look up the free memory region from the beginning of the memory table + // until the StartCursorOffset + // + for (Index = 0; Index < (StartPageIndex - ReqPages); ) { + // + // Check Consecutive ReqPages Pages. + // + for (SubIndex = 0; SubIndex < ReqPages; SubIndex++) { + if ((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED) != 0) { + break; + } + } + + if (SubIndex == ReqPages) { + // + // Succeed! Return the Starting Offset. + // + return RT_PAGES_TO_SIZE (Index); + } + + // + // Failed! Skip current adjacent Used pages + // + while ((SubIndex < (StartPageIndex - ReqPages)) && + ((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED) != 0)) { + SubIndex++; + } + + Index += SubIndex; + } + + // + // No availabe region for object allocation! + // + return (UINTN)(-1); +} + + +/** + Allocates a buffer at runtime phase. + + @param[in] AllocationSize Bytes to be allocated. + + @return A pointer to the allocated buffer or NULL if allocation fails. + +**/ +VOID * +RuntimeAllocateMem ( + IN UINTN AllocationSize + ) +{ + UINT8 *AllocPtr; + UINTN ReqPages; + UINTN Index; + UINTN StartPage; + UINTN AllocOffset; + + AllocPtr = NULL; + ReqPages = 0; + + // + // Look for available consecutive memory region starting from LastEmptyPageOffset. + // If no proper memory region found, look up from the beginning. + // If still not found, return NULL to indicate failed allocation. + // + AllocOffset = LookupFreeMemRegion (AllocationSize); + if (AllocOffset == (UINTN)(-1)) { + return NULL; + } + + // + // Allocates consecutive memory pages with length of Size. Update the page + // table status. Returns the starting address. + // + ReqPages = RT_SIZE_TO_PAGES (AllocationSize); + AllocPtr = mRTPageTable->DataAreaBase + AllocOffset; + StartPage = RT_SIZE_TO_PAGES (AllocOffset); + Index = 0; + while (Index < ReqPages) { + mRTPageTable->Pages[StartPage + Index].PageFlag |= RT_PAGE_USED; + mRTPageTable->Pages[StartPage + Index].StartPageOffset = AllocOffset; + + Index++; + } + + mRTPageTable->LastEmptyPageOffset = AllocOffset + RT_PAGES_TO_SIZE (ReqPages); + + ZeroMem (AllocPtr, AllocationSize); + + // + // Returns a void pointer to the allocated space + // + return AllocPtr; +} + + +/** + Frees a buffer that was previously allocated at runtime phase. + + @param[in] Buffer Pointer to the buffer to free. + +**/ +VOID +RuntimeFreeMem ( + IN VOID *Buffer + ) +{ + UINTN StartOffset; + UINTN StartPageIndex; + + StartOffset = (UINTN) ((UINT8 *)Buffer - mRTPageTable->DataAreaBase); + StartPageIndex = RT_SIZE_TO_PAGES (mRTPageTable->Pages[RT_SIZE_TO_PAGES(StartOffset)].StartPageOffset); + + while (StartPageIndex < mRTPageTable->PageCount) { + if (((mRTPageTable->Pages[StartPageIndex].PageFlag & RT_PAGE_USED) != 0) && + (mRTPageTable->Pages[StartPageIndex].StartPageOffset == StartOffset)) { + // + // Free this page + // + mRTPageTable->Pages[StartPageIndex].PageFlag &= ~RT_PAGE_USED; + mRTPageTable->Pages[StartPageIndex].PageFlag |= RT_PAGE_FREE; + mRTPageTable->Pages[StartPageIndex].StartPageOffset = 0; + + StartPageIndex++; + } else { + break; + } + } + + return; +} + + +/** + Notification function of EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE. + + This is a notification function registered on EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE + event. It converts a pointer to a new virtual address. + + @param[in] Event The event whose notification function is being invoked. + @param[in] Context The pointer to the notification function's context. + +**/ +VOID +EFIAPI +RuntimeCryptLibAddressChangeEvent ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + // + // Converts a pointer for runtime memory management to a new virtual address. + // + EfiConvertPointer (0x0, (VOID **) &mRTPageTable->DataAreaBase); + EfiConvertPointer (0x0, (VOID **) &mRTPageTable); +} + + +/** + Constructor routine for runtime crypt library instance. + + The constructor function pre-allocates space for runtime cryptographic operation. + + @param ImageHandle The firmware allocated handle for the EFI image. + @param SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The construction succeeded. + @retval EFI_OUT_OF_RESOURCE Failed to allocate memory. + +**/ +EFI_STATUS +EFIAPI +RuntimeCryptLibConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + VOID *Buffer; + + // + // Pre-allocates runtime space for possible cryptographic operations + // + Buffer = AllocateRuntimePool (MIN_REQUIRED_BLOCKS * 1024); + Status = InitializeScratchMemory (Buffer, MIN_REQUIRED_BLOCKS * 1024); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Create address change event + // + Status = gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_NOTIFY, + RuntimeCryptLibAddressChangeEvent, + NULL, + &gEfiEventVirtualAddressChangeGuid, + &mVirtualAddressChangeEvent + ); + ASSERT_EFI_ERROR (Status); + + return Status; +} + + +// +// -- Memory-Allocation Routines Wrapper for UEFI-OpenSSL Library -- +// + +/* Allocates memory blocks */ +void *malloc (size_t size) +{ + return RuntimeAllocateMem ((UINTN)size); +} + +/* Reallocate memory blocks */ +void *realloc (void *ptr, size_t size) +{ + VOID *NewPtr; + UINTN StartOffset; + UINTN StartPageIndex; + UINTN PageCount; + + // + // Get Original Size of ptr + // + StartOffset = (UINTN) ((UINT8 *)ptr - mRTPageTable->DataAreaBase); + StartPageIndex = RT_SIZE_TO_PAGES (mRTPageTable->Pages[RT_SIZE_TO_PAGES (StartOffset)].StartPageOffset); + PageCount = 0; + while (StartPageIndex < mRTPageTable->PageCount) { + if (((mRTPageTable->Pages[StartPageIndex].PageFlag & RT_PAGE_USED) != 0) && + (mRTPageTable->Pages[StartPageIndex].StartPageOffset == StartOffset)) { + StartPageIndex++; + PageCount++; + } else { + break; + } + } + + if (size <= RT_PAGES_TO_SIZE (PageCount)) { + // + // Return the original pointer, if Caller try to reduce region size; + // + return ptr; + } + + NewPtr = RuntimeAllocateMem ((UINTN) size); + if (NewPtr == NULL) { + return NULL; + } + + CopyMem (NewPtr, ptr, RT_PAGES_TO_SIZE (PageCount)); + + RuntimeFreeMem (ptr); + + return NewPtr; +} + +/* Deallocates or frees a memory block */ +void free (void *ptr) +{ + RuntimeFreeMem (ptr); +} diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c new file mode 100644 index 0000000000..20928e1595 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c @@ -0,0 +1,102 @@ +/** @file + C Run-Time Libraries (CRT) Time Management Routines Wrapper Implementation + for OpenSSL-based Cryptographic Library (used in DXE & RUNTIME). + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include +#include + +// +// -- Time Management Routines -- +// + +#define IsLeap(y) (((y) % 4) == 0 && (((y) % 100) != 0 || ((y) % 400) == 0)) +#define SECSPERHOUR (60 * 60) +#define SECSPERDAY (24 * SECSPERHOUR) + +// +// The arrays give the cumulative number of days up to the first of the +// month number used as the index (1 -> 12) for regular and leap years. +// The value at index 13 is for the whole year. +// +UINTN CumulativeDays[2][14] = { + { + 0, + 0, + 31, + 31 + 28, + 31 + 28 + 31, + 31 + 28 + 31 + 30, + 31 + 28 + 31 + 30 + 31, + 31 + 28 + 31 + 30 + 31 + 30, + 31 + 28 + 31 + 30 + 31 + 30 + 31, + 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31, + 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30, + 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31, + 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30, + 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30 + 31 + }, + { + 0, + 0, + 31, + 31 + 29, + 31 + 29 + 31, + 31 + 29 + 31 + 30, + 31 + 29 + 31 + 30 + 31, + 31 + 29 + 31 + 30 + 31 + 30, + 31 + 29 + 31 + 30 + 31 + 30 + 31, + 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31, + 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30, + 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31, + 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30, + 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30 + 31 + } +}; + +/* Get the system time as seconds elapsed since midnight, January 1, 1970. */ +//INTN time( +// INTN *timer +// ) +time_t time (time_t *timer) +{ + EFI_TIME Time; + UINTN Year; + + // + // Get the current time and date information + // + gRT->GetTime (&Time, NULL); + + // + // Years Handling + // UTime should now be set to 00:00:00 on Jan 1 of the current year. + // + for (Year = 1970, *timer = 0; Year != Time.Year; Year++) { + *timer = *timer + (time_t)(CumulativeDays[IsLeap(Year)][13] * SECSPERDAY); + } + + // + // Add in number of seconds for current Month, Day, Hour, Minute, Seconds, and TimeZone adjustment + // + *timer = *timer + + (time_t)((Time.TimeZone != EFI_UNSPECIFIED_TIMEZONE) ? (Time.TimeZone * 60) : 0) + + (time_t)(CumulativeDays[IsLeap(Time.Year)][Time.Month] * SECSPERDAY) + + (time_t)(((Time.Day > 0) ? Time.Day - 1 : 0) * SECSPERDAY) + + (time_t)(Time.Hour * SECSPERHOUR) + + (time_t)(Time.Minute * 60) + + (time_t)Time.Second; + + return *timer; +} diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/BaseCryptLibRuntimeCryptProtocol.inf b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/BaseCryptLibRuntimeCryptProtocol.inf new file mode 100644 index 0000000000..0f1b0eb093 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/BaseCryptLibRuntimeCryptProtocol.inf @@ -0,0 +1,49 @@ +## @file +# Cryptographic Library Instance based on Runtime Crypt Protocol. +# This instance will be only used by the Authenticated Variable driver for IPF. +# +# Copyright (c) 2010, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = BaseCryptLibRuntimeCryptProtocol + FILE_GUID = BBB31581-855A-44D7-A550-8A585D9B2DE9 + MODULE_TYPE = DXE_RUNTIME_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = BaseCryptLib|DXE_RUNTIME_DRIVER DXE_SAL_DRIVER + CONSTRUCTOR = RuntimeDxeIpfCryptLibConstructor + DESTRUCTOR = RuntimeDxeIpfCryptLibDestructor +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IPF +# + +[Sources] + RuntimeDxeIpfCryptLib.c + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + DebugLib + +[Guids] + gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event + +[Protocols] + gEfiRuntimeCryptProtocolGuid ## CONSUMES + +[Depex] + gEfiRuntimeCryptProtocolGuid diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c new file mode 100644 index 0000000000..7f893b91df --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c @@ -0,0 +1,390 @@ +/** @file + Implementation of The runtime cryptographic library instance (for IPF). + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + +#include +#include +#include +#include + +#include + +#include + +EFI_RUNTIME_CRYPT_PROTOCOL *mCryptProtocol = NULL; +EFI_EVENT mIpfCryptLibVirtualNotifyEvent; + +/** + Notification function of EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE, which converts + pointer to new virtual address. + + @param Event Event whose notification function is being invoked. + @param Context Pointer to the notification function's context + +**/ +VOID +EFIAPI +IpfCryptLibAddressChangeEvent ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + // + // Convert Address of Runtime Crypto Protocol. + // + EfiConvertPointer (0x0, (VOID **) &mCryptProtocol); +} + +/** + Constructor of IPF Crypto Library Instance. + This function locates the Runtime Crypt Protocol and register notification + function for EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event. + + @param ImageHandle The firmware allocated handle for the EFI image. + @param SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. + +**/ +EFI_STATUS +EFIAPI +RuntimeDxeIpfCryptLibConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + + // + // Locate Runtime Crypt Protocol Instance + // + Status = gBS->LocateProtocol ( + &gEfiRuntimeCryptProtocolGuid, + NULL, + (VOID**) &mCryptProtocol + ); + ASSERT_EFI_ERROR (Status); + ASSERT (mCryptProtocol != NULL); + + // + // Register SetVirtualAddressMap () notify function + // + Status = gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_NOTIFY, + IpfCryptLibAddressChangeEvent, + NULL, + &gEfiEventVirtualAddressChangeGuid, + &mIpfCryptLibVirtualNotifyEvent + ); + ASSERT_EFI_ERROR (Status); + + return Status; +} + +/** + Destructor of IPF Crypto Library Instance. + + @param ImageHandle The firmware allocated handle for the EFI image. + @param SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The destructor completed successfully. + @retval Other value The destructor did not complete successfully. + +**/ +EFI_STATUS +EFIAPI +RuntimeDxeIpfCryptLibDestructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + + // + // Close the Set Virtual Address Map event + // + Status = gBS->CloseEvent (mIpfCryptLibVirtualNotifyEvent); + ASSERT_EFI_ERROR (Status); + + return Status; +} + +/** + Check whether crypto service provided by Runtime Crypt protocol is ready to use. + + Crypto service is available if the call is in physical mode prior to + SetVirtualAddressMap() or virtual mode after SetVirtualAddressMap(). If either + of these two conditions are met, this routine will return TRUE; if neither of + these conditions are met, this routine will return FALSE. + + @retval TRUE The Crypto service is ready to use. + @retval FALSE The Crypto service is not available. + +**/ +BOOLEAN +EFIAPI +InternalIsCryptServiveAvailable ( + VOID + ) +{ + INT64 CpuMode; + BOOLEAN GoneVirtual; + + CpuMode = AsmCpuVirtual(); + if (CpuMode < 0) { + // + // CPU is in mixed mode, return failing the operation gracefully. + // + return FALSE; + } + + GoneVirtual = EfiGoneVirtual(); + + if ((CpuMode > 0) && !GoneVirtual) { + // + // CPU is in virtual mode, but SetVirtualAddressMap() has not been called, + // so return failing the operation gracefully. + // + return FALSE; + } + + if ((CpuMode == 0) && GoneVirtual) { + // + // CPU is in physical mode, but SetVirtualAddressMap() has been called, + // so return failing the operation gracefully. + // + return FALSE; + } + + return TRUE; +} + +/** + Retrieves the size, in bytes, of the context buffer required for SHA-256 operations. + + @return The size, in bytes, of the context buffer required for SHA-256 operations. + +**/ +UINTN +EFIAPI +Sha256GetContextSize ( + VOID + ) +{ + if (!InternalIsCryptServiveAvailable ()) { + return 0; + } + + return mCryptProtocol->Sha256GetContextSize (); +} + +/** + Initializes user-supplied memory pointed by Sha256Context as SHA-256 hash context for + subsequent use. + + If Sha256Context is NULL, then ASSERT(). + + @param[in, out] Sha256Context Pointer to SHA-256 Context being initialized. + + @retval TRUE SHA-256 context initialization succeeded. + @retval FALSE SHA-256 context initialization failed. + +**/ +BOOLEAN +EFIAPI +Sha256Init ( + IN OUT VOID *Sha256Context + ) +{ + if (!InternalIsCryptServiveAvailable ()) { + return FALSE; + } + + return mCryptProtocol->Sha256Init (Sha256Context); +} + + +/** + Performs SHA-256 digest on a data buffer of the specified length. This function can + be called multiple times to compute the digest of long or discontinuous data streams. + + If Sha256Context is NULL, then ASSERT(). + + @param[in, out] Sha256Context Pointer to the SHA-256 context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataLength Length of Data buffer in bytes. + + @retval TRUE SHA-256 data digest succeeded. + @retval FALSE Invalid SHA-256 context. After Sha256Final function has been called, the + SHA-256 context cannot be reused. + +**/ +BOOLEAN +EFIAPI +Sha256Update ( + IN OUT VOID *Sha256Context, + IN CONST VOID *Data, + IN UINTN DataLength + ) +{ + if (!InternalIsCryptServiveAvailable ()) { + return FALSE; + } + + return mCryptProtocol->Sha256Update (Sha256Context, Data, DataLength); +} + +/** + Completes SHA-256 hash computation and retrieves the digest value into the specified + memory. After this function has been called, the SHA-256 context cannot be used again. + + If Sha256Context is NULL, then ASSERT(). + If HashValue is NULL, then ASSERT(). + + @param[in, out] Sha256Context Pointer to SHA-256 context + @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest + value (32 bytes). + + @retval TRUE SHA-256 digest computation succeeded. + @retval FALSE SHA-256 digest computation failed. + +**/ +BOOLEAN +EFIAPI +Sha256Final ( + IN OUT VOID *Sha256Context, + OUT UINT8 *HashValue + ) +{ + if (!InternalIsCryptServiveAvailable ()) { + return FALSE; + } + + return mCryptProtocol->Sha256Final (Sha256Context, HashValue); +} + +/** + Allocates and Initializes one RSA Context for subsequent use. + + @return Pointer to the RSA Context that has been initialized. + If the allocations fails, RsaNew() returns NULL. + +**/ +VOID * +EFIAPI +RsaNew ( + VOID + ) +{ + if (!InternalIsCryptServiveAvailable ()) { + return FALSE; + } + + return mCryptProtocol->RsaNew (); +} + +/** + Release the specified RSA Context. + + @param[in] RsaContext Pointer to the RSA context to be released. + +**/ +VOID +EFIAPI +RsaFree ( + IN VOID *RsaContext + ) +{ + if (!InternalIsCryptServiveAvailable ()) { + return; + } + + mCryptProtocol->RsaFree (RsaContext); +} + +/** + Sets the tag-designated RSA key component into the established RSA context from + the user-specified nonnegative integer (octet string format represented in RSA + PKCS#1). + + If RsaContext is NULL, then ASSERT(). + + @param[in, out] RsaContext Pointer to RSA context being set. + @param[in] KeyTag Tag of RSA key component being set. + @param[in] BigNumber Pointer to octet integer buffer. + @param[in] BnLength Length of big number buffer in bytes. + + @return TRUE RSA key component was set successfully. + @return FALSE Invalid RSA key component tag. + +**/ +BOOLEAN +EFIAPI +RsaSetKey ( + IN OUT VOID *RsaContext, + IN RSA_KEY_TAG KeyTag, + IN CONST UINT8 *BigNumber, + IN UINTN BnLength + ) +{ + if (!InternalIsCryptServiveAvailable ()) { + return FALSE; + } + + return mCryptProtocol->RsaSetKey (RsaContext, KeyTag, BigNumber, BnLength); +} + +/** + Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in + RSA PKCS#1. + + If RsaContext is NULL, then ASSERT(). + If MessageHash is NULL, then ASSERT(). + If Signature is NULL, then ASSERT(). + If HashLength is not equal to the size of MD5, SHA-1 or SHA-256 digest, then ASSERT(). + + @param[in] RsaContext Pointer to RSA context for signature verification. + @param[in] MessageHash Pointer to octet message hash to be checked. + @param[in] HashLength Length of the message hash in bytes. + @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified. + @param[in] SigLength Length of signature in bytes. + + @return TRUE Valid signature encoded in PKCS1-v1_5. + @return FALSE Invalid signature or invalid RSA context. + +**/ +BOOLEAN +EFIAPI +RsaPkcs1Verify ( + IN VOID *RsaContext, + IN CONST UINT8 *MessageHash, + IN UINTN HashLength, + IN UINT8 *Signature, + IN UINTN SigLength + ) +{ + if (!InternalIsCryptServiveAvailable ()) { + return FALSE; + } + + return mCryptProtocol->RsaPkcs1Verify ( + RsaContext, + MessageHash, + HashLength, + Signature, + SigLength + ); +} diff --git a/CryptoPkg/Library/IntrinsicLib/CopyMem.c b/CryptoPkg/Library/IntrinsicLib/CopyMem.c new file mode 100644 index 0000000000..6cc52b22e1 --- /dev/null +++ b/CryptoPkg/Library/IntrinsicLib/CopyMem.c @@ -0,0 +1,23 @@ +/** @file + Intrinsic Memory Routines Wrapper Implementation for OpenSSL-based + Cryptographic Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include + +/* Copies bytes between buffers */ +void * memcpy (void *dest, const void *src, unsigned int count) +{ + return CopyMem (dest, src, (UINTN)count); +} diff --git a/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf b/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf new file mode 100644 index 0000000000..e830c6afac --- /dev/null +++ b/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf @@ -0,0 +1,56 @@ +## @file +# Intrinsic Routines Wrapper Library Instance. +# +# Copyright (c) 2010, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = BaseIntrinsicLib + FILE_GUID = 63850097-3E97-4c4f-A52D-C811A0106105 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = IntrinsicLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF +# + +[Sources] + MemoryIntrinsics.c + +[Sources.IA32] + CopyMem.c + +[Sources.X64] + CopyMem.c + +[Sources.IPF] + CopyMem.c | MSFT + CopyMem.c | INTEL +# +# In tools_def.txt, GCC rename symbol name memcpy to be CopyMem for IPF, +# i.e. "DEFINE GCC_IPF_SYMRENAME_FLAGS = --redefine-sym memcpy=CopyMem", +# so there will be no source file CopyMem.c for GCC compiler family. +# + +[Packages] + MdePkg/MdePkg.dec + +[LibraryClasses] + BaseMemoryLib + +[BuildOptions] + MSFT:*_*_*_CC_FLAGS = /GL- /Oi- + INTEL:*_*_*_CC_FLAGS = /Oi- + GCC:*_*_*_CC_FLAGS = -fno-builtin diff --git a/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c b/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c new file mode 100644 index 0000000000..48e0c52c36 --- /dev/null +++ b/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c @@ -0,0 +1,27 @@ +/** @file + Intrinsic Memory Routines Wrapper Implementation for OpenSSL-based + Cryptographic Library. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include + +/* OpenSSL will use floating point support, and C compiler produces the _fltused + symbol by default. Simply define this symbol here to satisfy the linker. */ +int _fltused = 1; + +/* Sets buffers to a specified character */ +void * memset (void *dest, char ch, unsigned int count) +{ + return SetMem (dest, (UINTN)count, (UINT8)ch); +} diff --git a/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8l.patch b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8l.patch new file mode 100644 index 0000000000..2ff6ee0f8c --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/EDKII_openssl-0.9.8l.patch @@ -0,0 +1,92 @@ +--- crypto/bio/bss_file.c Thu Jan 15 17:14:12 1970 ++++ crypto/bio/bss_file.c Thu Jan 15 17:14:12 1970 +@@ -421,6 +421,23 @@ + return(ret); + } + ++#else ++ ++BIO_METHOD *BIO_s_file(void) ++ { ++ return NULL; ++ } ++ ++BIO *BIO_new_file(const char *filename, const char *mode) ++ { ++ return NULL; ++ } ++ ++BIO *BIO_new_fp(FILE *stream, int close_flag) ++ { ++ return NULL; ++ } ++ + #endif /* OPENSSL_NO_STDIO */ + + #endif /* HEADER_BSS_FILE_C */ +--- crypto/rand/rand_egd.c Thu Jan 15 17:14:12 1970 ++++ crypto/rand/rand_egd.c Thu Jan 15 17:14:12 1970 +@@ -95,7 +95,7 @@ + * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. + */ + +-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) ++#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI) + int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) + { + return(-1); +--- crypto/rand/rand_unix.c Thu Jan 15 17:14:12 1970 ++++ crypto/rand/rand_unix.c Thu Jan 15 17:14:12 1970 +@@ -116,7 +116,7 @@ + #include + #include "rand_lcl.h" + +-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) ++#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI)) + + #include + #include +@@ -322,7 +322,7 @@ + #endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */ + + +-#if defined(OPENSSL_SYS_VXWORKS) ++#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) + int RAND_poll(void) + { + return 0; +--- crypto/x509/x509_vfy.c Thu Jan 15 17:14:12 1970 ++++ crypto/x509/x509_vfy.c Thu Jan 15 17:14:12 1970 +@@ -391,7 +391,12 @@ + + static int check_chain_extensions(X509_STORE_CTX *ctx) + { +-#ifdef OPENSSL_NO_CHAIN_VERIFY ++//#ifdef OPENSSL_NO_CHAIN_VERIFY ++#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI) ++ /* ++ NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting ++ in Authenticode Signing Certificates. ++ */ + return 1; + #else + int i, ok=0, must_be_ca, plen = 0; +@@ -904,6 +909,10 @@ + + static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) + { ++#if defined(OPENSSL_SYS_UEFI) ++ /* Bypass Certificate Time Checking for UEFI version. */ ++ return 1; ++#else + time_t *ptime; + int i; + +@@ -947,6 +956,7 @@ + } + + return 1; ++#endif + } + + static int internal_verify(X509_STORE_CTX *ctx) diff --git a/CryptoPkg/Library/OpensslLib/Install.cmd b/CryptoPkg/Library/OpensslLib/Install.cmd new file mode 100644 index 0000000000..8dd91c0ab1 --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/Install.cmd @@ -0,0 +1,71 @@ +cd openssl-0.9.8l +copy e_os2.h ..\..\..\Include\openssl +copy crypto\crypto.h ..\..\..\Include\openssl +copy crypto\tmdiff.h ..\..\..\Include\openssl +copy crypto\opensslv.h ..\..\..\Include\openssl +copy crypto\opensslconf.h ..\..\..\Include\openssl +copy crypto\ebcdic.h ..\..\..\Include\openssl +copy crypto\symhacks.h ..\..\..\Include\openssl +copy crypto\ossl_typ.h ..\..\..\Include\openssl +copy crypto\md2\md2.h ..\..\..\Include\openssl +copy crypto\md4\md4.h ..\..\..\Include\openssl +copy crypto\md5\md5.h ..\..\..\Include\openssl +copy crypto\sha\sha.h ..\..\..\Include\openssl +copy crypto\hmac\hmac.h ..\..\..\Include\openssl +copy crypto\ripemd\ripemd.h ..\..\..\Include\openssl +copy crypto\des\des.h ..\..\..\Include\openssl +copy crypto\des\des_old.h ..\..\..\Include\openssl +copy crypto\rc2\rc2.h ..\..\..\Include\openssl +copy crypto\rc4\rc4.h ..\..\..\Include\openssl +copy crypto\idea\idea.h ..\..\..\Include\openssl +copy crypto\bf\blowfish.h ..\..\..\Include\openssl +copy crypto\cast\cast.h ..\..\..\Include\openssl +copy crypto\aes\aes.h ..\..\..\Include\openssl +copy crypto\bn\bn.h ..\..\..\Include\openssl +copy crypto\rsa\rsa.h ..\..\..\Include\openssl +copy crypto\dsa\dsa.h ..\..\..\Include\openssl +copy crypto\dso\dso.h ..\..\..\Include\openssl +copy crypto\dh\dh.h ..\..\..\Include\openssl +copy crypto\ec\ec.h ..\..\..\Include\openssl +copy crypto\ecdh\ecdh.h ..\..\..\Include\openssl +copy crypto\ecdsa\ecdsa.h ..\..\..\Include\openssl +copy crypto\buffer\buffer.h ..\..\..\Include\openssl +copy crypto\bio\bio.h ..\..\..\Include\openssl +copy crypto\stack\stack.h ..\..\..\Include\openssl +copy crypto\stack\safestack.h ..\..\..\Include\openssl +copy crypto\lhash\lhash.h ..\..\..\Include\openssl +copy crypto\rand\rand.h ..\..\..\Include\openssl +copy crypto\err\err.h ..\..\..\Include\openssl +copy crypto\objects\objects.h ..\..\..\Include\openssl +copy crypto\objects\obj_mac.h ..\..\..\Include\openssl +copy crypto\evp\evp.h ..\..\..\Include\openssl +copy crypto\asn1\asn1.h ..\..\..\Include\openssl +copy crypto\asn1\asn1_mac.h ..\..\..\Include\openssl +copy crypto\asn1\asn1t.h ..\..\..\Include\openssl +copy crypto\pem\pem.h ..\..\..\Include\openssl +copy crypto\pem\pem2.h ..\..\..\Include\openssl +copy crypto\x509\x509.h ..\..\..\Include\openssl +copy crypto\x509\x509_vfy.h ..\..\..\Include\openssl +copy crypto\x509v3\x509v3.h ..\..\..\Include\openssl +copy crypto\conf\conf.h ..\..\..\Include\openssl +copy crypto\conf\conf_api.h ..\..\..\Include\openssl +copy crypto\txt_db\txt_db.h ..\..\..\Include\openssl +copy crypto\pkcs7\pkcs7.h ..\..\..\Include\openssl +copy crypto\pkcs12\pkcs12.h ..\..\..\Include\openssl +copy crypto\comp\comp.h ..\..\..\Include\openssl +copy crypto\engine\engine.h ..\..\..\Include\openssl +copy crypto\ocsp\ocsp.h ..\..\..\Include\openssl +copy crypto\ui\ui.h ..\..\..\Include\openssl +copy crypto\ui\ui_compat.h ..\..\..\Include\openssl +copy crypto\krb5\krb5_asn.h ..\..\..\Include\openssl +copy crypto\store\store.h ..\..\..\Include\openssl +copy crypto\pqueue\pqueue.h ..\..\..\Include\openssl +copy crypto\pqueue\pq_compat.h ..\..\..\Include\openssl +copy ssl\ssl.h ..\..\..\Include\openssl +copy ssl\ssl2.h ..\..\..\Include\openssl +copy ssl\ssl3.h ..\..\..\Include\openssl +copy ssl\ssl23.h ..\..\..\Include\openssl +copy ssl\tls1.h ..\..\..\Include\openssl +copy ssl\dtls1.h ..\..\..\Include\openssl +copy ssl\kssl.h ..\..\..\Include\openssl +cd .. \ No newline at end of file diff --git a/CryptoPkg/Library/OpensslLib/Install.sh b/CryptoPkg/Library/OpensslLib/Install.sh new file mode 100644 index 0000000000..43b6cb4946 --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/Install.sh @@ -0,0 +1,73 @@ +#!/bin/sh + +cd openssl-0.9.8l +cp e_os2.h ../../../Include/openssl +cp crypto/crypto.h ../../../Include/openssl +cp crypto/tmdiff.h ../../../Include/openssl +cp crypto/opensslv.h ../../../Include/openssl +cp crypto/opensslconf.h ../../../Include/openssl +cp crypto/ebcdic.h ../../../Include/openssl +cp crypto/symhacks.h ../../../Include/openssl +cp crypto/ossl_typ.h ../../../Include/openssl +cp crypto/md2/md2.h ../../../Include/openssl +cp crypto/md4/md4.h ../../../Include/openssl +cp crypto/md5/md5.h ../../../Include/openssl +cp crypto/sha/sha.h ../../../Include/openssl +cp crypto/hmac/hmac.h ../../../Include/openssl +cp crypto/ripemd/ripemd.h ../../../Include/openssl +cp crypto/des/des.h ../../../Include/openssl +cp crypto/des/des_old.h ../../../Include/openssl +cp crypto/rc2/rc2.h ../../../Include/openssl +cp crypto/rc4/rc4.h ../../../Include/openssl +cp crypto/idea/idea.h ../../../Include/openssl +cp crypto/bf/blowfish.h ../../../Include/openssl +cp crypto/cast/cast.h ../../../Include/openssl +cp crypto/aes/aes.h ../../../Include/openssl +cp crypto/bn/bn.h ../../../Include/openssl +cp crypto/rsa/rsa.h ../../../Include/openssl +cp crypto/dsa/dsa.h ../../../Include/openssl +cp crypto/dso/dso.h ../../../Include/openssl +cp crypto/dh/dh.h ../../../Include/openssl +cp crypto/ec/ec.h ../../../Include/openssl +cp crypto/ecdh/ecdh.h ../../../Include/openssl +cp crypto/ecdsa/ecdsa.h ../../../Include/openssl +cp crypto/buffer/buffer.h ../../../Include/openssl +cp crypto/bio/bio.h ../../../Include/openssl +cp crypto/stack/stack.h ../../../Include/openssl +cp crypto/stack/safestack.h ../../../Include/openssl +cp crypto/lhash/lhash.h ../../../Include/openssl +cp crypto/rand/rand.h ../../../Include/openssl +cp crypto/err/err.h ../../../Include/openssl +cp crypto/objects/objects.h ../../../Include/openssl +cp crypto/objects/obj_mac.h ../../../Include/openssl +cp crypto/evp/evp.h ../../../Include/openssl +cp crypto/asn1/asn1.h ../../../Include/openssl +cp crypto/asn1/asn1_mac.h ../../../Include/openssl +cp crypto/asn1/asn1t.h ../../../Include/openssl +cp crypto/pem/pem.h ../../../Include/openssl +cp crypto/pem/pem2.h ../../../Include/openssl +cp crypto/x509/x509.h ../../../Include/openssl +cp crypto/x509/x509_vfy.h ../../../Include/openssl +cp crypto/x509v3/x509v3.h ../../../Include/openssl +cp crypto/conf/conf.h ../../../Include/openssl +cp crypto/conf/conf_api.h ../../../Include/openssl +cp crypto/txt_db/txt_db.h ../../../Include/openssl +cp crypto/pkcs7/pkcs7.h ../../../Include/openssl +cp crypto/pkcs12/pkcs12.h ../../../Include/openssl +cp crypto/comp/comp.h ../../../Include/openssl +cp crypto/engine/engine.h ../../../Include/openssl +cp crypto/ocsp/ocsp.h ../../../Include/openssl +cp crypto/ui/ui.h ../../../Include/openssl +cp crypto/ui/ui_compat.h ../../../Include/openssl +cp crypto/krb5/krb5_asn.h ../../../Include/openssl +cp crypto/store/store.h ../../../Include/openssl +cp crypto/pqueue/pqueue.h ../../../Include/openssl +cp crypto/pqueue/pq_compat.h ../../../Include/openssl +cp ssl/ssl.h ../../../Include/openssl +cp ssl/ssl2.h ../../../Include/openssl +cp ssl/ssl3.h ../../../Include/openssl +cp ssl/ssl23.h ../../../Include/openssl +cp ssl/tls1.h ../../../Include/openssl +cp ssl/dtls1.h ../../../Include/openssl +cp ssl/kssl.h ../../../Include/openssl +cd .. diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf new file mode 100644 index 0000000000..1e1a840bd1 --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -0,0 +1,579 @@ +## @file +# OpenSSL Library implementation. +# +# Copyright (c) 2010, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = OpensslLib + FILE_GUID = C873A7D0-9824-409f-9B42-2C158B992E69 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = OpensslLib + OPENSSL_PATH = openssl-0.9.8l + OPENSSL_FLAGS = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM + +# +# OPENSSL_FLAGS is set to define the following flags to be compatible with +# EDK II build system and UEFI executiuon environment +# +# OPENSSL_SYSNAME_UWIN +# OPENSSL_SYS_UEFI +# L_ENDIAN +# _CRT_SECURE_NO_DEPRECATE +# _CRT_NONSTDC_NO_DEPRECATE +# OPENSSL_NO_CAMELLIA +# OPENSSL_NO_SEED +# OPENSSL_NO_RC5 +# OPENSSL_NO_MDC2 +# OPENSSL_NO_SOCK +# OPENSSL_NO_CMS +# OPENSSL_NO_JPAKE +# OPENSSL_NO_CAPIENG +# OPENSSL_NO_ERR +# OPENSSL_NO_KRB5 +# OPENSSL_NO_DYNAMIC_ENGINE +# GETPID_IS_MEANINGLESS +# OPENSSL_NO_STDIO +# OPENSSL_NO_FP_API +# OPENSSL_NO_DGRAM +# OPENSSL_NO_ASM +# + +# +# VALID_ARCHITECTURES = IA32 X64 IPF +# + +[Sources] + $(OPENSSL_PATH)/e_os.h + $(OPENSSL_PATH)/crypto/cryptlib.c + $(OPENSSL_PATH)/crypto/dyn_lck.c + $(OPENSSL_PATH)/crypto/mem.c + $(OPENSSL_PATH)/crypto/mem_clr.c + $(OPENSSL_PATH)/crypto/mem_dbg.c + $(OPENSSL_PATH)/crypto/cversion.c + $(OPENSSL_PATH)/crypto/ex_data.c + + # + # Not required for UEFI. + # + # $(OPENSSL_PATH)/crypto/tmdiff.c + + $(OPENSSL_PATH)/crypto/cpt_err.c + $(OPENSSL_PATH)/crypto/ebcdic.c + $(OPENSSL_PATH)/crypto/uid.c + $(OPENSSL_PATH)/crypto/o_time.c + $(OPENSSL_PATH)/crypto/o_str.c + $(OPENSSL_PATH)/crypto/o_dir.c + $(OPENSSL_PATH)/crypto/o_init.c + $(OPENSSL_PATH)/crypto/fips_err.c + $(OPENSSL_PATH)/crypto/md2/md2_dgst.c + $(OPENSSL_PATH)/crypto/md2/md2_one.c + $(OPENSSL_PATH)/crypto/md4/md4_dgst.c + $(OPENSSL_PATH)/crypto/md4/md4_one.c + $(OPENSSL_PATH)/crypto/md5/md5_dgst.c + $(OPENSSL_PATH)/crypto/md5/md5_one.c + $(OPENSSL_PATH)/crypto/sha/sha_dgst.c + $(OPENSSL_PATH)/crypto/sha/sha1dgst.c + $(OPENSSL_PATH)/crypto/sha/sha_one.c + $(OPENSSL_PATH)/crypto/sha/sha1_one.c + $(OPENSSL_PATH)/crypto/sha/sha256.c + $(OPENSSL_PATH)/crypto/sha/sha512.c + $(OPENSSL_PATH)/crypto/hmac/hmac.c + $(OPENSSL_PATH)/crypto/ripemd/rmd_dgst.c + $(OPENSSL_PATH)/crypto/ripemd/rmd_one.c + $(OPENSSL_PATH)/crypto/des/des_lib.c + $(OPENSSL_PATH)/crypto/des/set_key.c + $(OPENSSL_PATH)/crypto/des/ecb_enc.c + $(OPENSSL_PATH)/crypto/des/cbc_enc.c + $(OPENSSL_PATH)/crypto/des/ecb3_enc.c + $(OPENSSL_PATH)/crypto/des/cfb64enc.c + $(OPENSSL_PATH)/crypto/des/cfb64ede.c + $(OPENSSL_PATH)/crypto/des/cfb_enc.c + $(OPENSSL_PATH)/crypto/des/ofb64ede.c + $(OPENSSL_PATH)/crypto/des/enc_read.c + $(OPENSSL_PATH)/crypto/des/enc_writ.c + $(OPENSSL_PATH)/crypto/des/ofb64enc.c + $(OPENSSL_PATH)/crypto/des/ofb_enc.c + $(OPENSSL_PATH)/crypto/des/str2key.c + $(OPENSSL_PATH)/crypto/des/pcbc_enc.c + $(OPENSSL_PATH)/crypto/des/qud_cksm.c + $(OPENSSL_PATH)/crypto/des/rand_key.c + $(OPENSSL_PATH)/crypto/des/des_enc.c + $(OPENSSL_PATH)/crypto/des/fcrypt_b.c + $(OPENSSL_PATH)/crypto/des/fcrypt.c + $(OPENSSL_PATH)/crypto/des/xcbc_enc.c + $(OPENSSL_PATH)/crypto/des/rpc_enc.c + $(OPENSSL_PATH)/crypto/des/cbc_cksm.c + $(OPENSSL_PATH)/crypto/des/ede_cbcm_enc.c + $(OPENSSL_PATH)/crypto/des/des_old.c + $(OPENSSL_PATH)/crypto/des/des_old2.c + $(OPENSSL_PATH)/crypto/des/read2pwd.c + $(OPENSSL_PATH)/crypto/rc2/rc2_ecb.c + $(OPENSSL_PATH)/crypto/rc2/rc2_skey.c + $(OPENSSL_PATH)/crypto/rc2/rc2_cbc.c + $(OPENSSL_PATH)/crypto/rc2/rc2cfb64.c + $(OPENSSL_PATH)/crypto/rc2/rc2ofb64.c + $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c + $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c + $(OPENSSL_PATH)/crypto/rc4/rc4_fblk.c + $(OPENSSL_PATH)/crypto/idea/i_cbc.c + $(OPENSSL_PATH)/crypto/idea/i_cfb64.c + $(OPENSSL_PATH)/crypto/idea/i_ofb64.c + $(OPENSSL_PATH)/crypto/idea/i_ecb.c + $(OPENSSL_PATH)/crypto/idea/i_skey.c + $(OPENSSL_PATH)/crypto/bf/bf_skey.c + $(OPENSSL_PATH)/crypto/bf/bf_ecb.c + $(OPENSSL_PATH)/crypto/bf/bf_enc.c + $(OPENSSL_PATH)/crypto/bf/bf_cfb64.c + $(OPENSSL_PATH)/crypto/bf/bf_ofb64.c + $(OPENSSL_PATH)/crypto/cast/c_skey.c + $(OPENSSL_PATH)/crypto/cast/c_ecb.c + $(OPENSSL_PATH)/crypto/cast/c_enc.c + $(OPENSSL_PATH)/crypto/cast/c_cfb64.c + $(OPENSSL_PATH)/crypto/cast/c_ofb64.c + $(OPENSSL_PATH)/crypto/aes/aes_misc.c + $(OPENSSL_PATH)/crypto/aes/aes_ecb.c + $(OPENSSL_PATH)/crypto/aes/aes_cfb.c + $(OPENSSL_PATH)/crypto/aes/aes_ofb.c + $(OPENSSL_PATH)/crypto/aes/aes_ctr.c + $(OPENSSL_PATH)/crypto/aes/aes_ige.c + $(OPENSSL_PATH)/crypto/aes/aes_wrap.c + $(OPENSSL_PATH)/crypto/aes/aes_core.c + $(OPENSSL_PATH)/crypto/aes/aes_cbc.c + $(OPENSSL_PATH)/crypto/bn/bn_add.c + $(OPENSSL_PATH)/crypto/bn/bn_div.c + $(OPENSSL_PATH)/crypto/bn/bn_exp.c + $(OPENSSL_PATH)/crypto/bn/bn_lib.c + $(OPENSSL_PATH)/crypto/bn/bn_ctx.c + $(OPENSSL_PATH)/crypto/bn/bn_mul.c + $(OPENSSL_PATH)/crypto/bn/bn_mod.c + $(OPENSSL_PATH)/crypto/bn/bn_print.c + $(OPENSSL_PATH)/crypto/bn/bn_rand.c + $(OPENSSL_PATH)/crypto/bn/bn_shift.c + $(OPENSSL_PATH)/crypto/bn/bn_word.c + $(OPENSSL_PATH)/crypto/bn/bn_blind.c + $(OPENSSL_PATH)/crypto/bn/bn_kron.c + $(OPENSSL_PATH)/crypto/bn/bn_sqrt.c + $(OPENSSL_PATH)/crypto/bn/bn_gcd.c + $(OPENSSL_PATH)/crypto/bn/bn_prime.c + $(OPENSSL_PATH)/crypto/bn/bn_err.c + $(OPENSSL_PATH)/crypto/bn/bn_sqr.c + $(OPENSSL_PATH)/crypto/bn/bn_asm.c + $(OPENSSL_PATH)/crypto/bn/bn_recp.c + $(OPENSSL_PATH)/crypto/bn/bn_mont.c + $(OPENSSL_PATH)/crypto/bn/bn_mpi.c + $(OPENSSL_PATH)/crypto/bn/bn_exp2.c + $(OPENSSL_PATH)/crypto/bn/bn_gf2m.c + $(OPENSSL_PATH)/crypto/bn/bn_nist.c + $(OPENSSL_PATH)/crypto/bn/bn_depr.c + $(OPENSSL_PATH)/crypto/bn/bn_x931p.c + $(OPENSSL_PATH)/crypto/bn/bn_const.c + $(OPENSSL_PATH)/crypto/bn/bn_opt.c + $(OPENSSL_PATH)/crypto/rsa/rsa_eay.c + $(OPENSSL_PATH)/crypto/rsa/rsa_gen.c + $(OPENSSL_PATH)/crypto/rsa/rsa_lib.c + $(OPENSSL_PATH)/crypto/rsa/rsa_sign.c + $(OPENSSL_PATH)/crypto/rsa/rsa_saos.c + $(OPENSSL_PATH)/crypto/rsa/rsa_err.c + $(OPENSSL_PATH)/crypto/rsa/rsa_pk1.c + $(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c + $(OPENSSL_PATH)/crypto/rsa/rsa_none.c + $(OPENSSL_PATH)/crypto/rsa/rsa_oaep.c + $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c + $(OPENSSL_PATH)/crypto/rsa/rsa_null.c + $(OPENSSL_PATH)/crypto/rsa/rsa_pss.c + $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c + $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c + $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c + $(OPENSSL_PATH)/crypto/rsa/rsa_depr.c + $(OPENSSL_PATH)/crypto/rsa/rsa_eng.c + $(OPENSSL_PATH)/crypto/dsa/dsa_gen.c + $(OPENSSL_PATH)/crypto/dsa/dsa_key.c + $(OPENSSL_PATH)/crypto/dsa/dsa_lib.c + $(OPENSSL_PATH)/crypto/dsa/dsa_asn1.c + $(OPENSSL_PATH)/crypto/dsa/dsa_vrf.c + $(OPENSSL_PATH)/crypto/dsa/dsa_sign.c + $(OPENSSL_PATH)/crypto/dsa/dsa_err.c + $(OPENSSL_PATH)/crypto/dsa/dsa_ossl.c + $(OPENSSL_PATH)/crypto/dsa/dsa_depr.c + $(OPENSSL_PATH)/crypto/dsa/dsa_utl.c + $(OPENSSL_PATH)/crypto/dso/dso_dl.c + $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c + $(OPENSSL_PATH)/crypto/dso/dso_err.c + $(OPENSSL_PATH)/crypto/dso/dso_lib.c + $(OPENSSL_PATH)/crypto/dso/dso_null.c + $(OPENSSL_PATH)/crypto/dso/dso_openssl.c + $(OPENSSL_PATH)/crypto/dso/dso_win32.c + $(OPENSSL_PATH)/crypto/dso/dso_vms.c + $(OPENSSL_PATH)/crypto/dh/dh_asn1.c + $(OPENSSL_PATH)/crypto/dh/dh_gen.c + $(OPENSSL_PATH)/crypto/dh/dh_key.c + $(OPENSSL_PATH)/crypto/dh/dh_lib.c + $(OPENSSL_PATH)/crypto/dh/dh_check.c + $(OPENSSL_PATH)/crypto/dh/dh_err.c + $(OPENSSL_PATH)/crypto/dh/dh_depr.c + $(OPENSSL_PATH)/crypto/ec/ec_lib.c + $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c + $(OPENSSL_PATH)/crypto/ec/ecp_mont.c + $(OPENSSL_PATH)/crypto/ec/ecp_nist.c + $(OPENSSL_PATH)/crypto/ec/ec_cvt.c + $(OPENSSL_PATH)/crypto/ec/ec_mult.c + $(OPENSSL_PATH)/crypto/ec/ec_err.c + $(OPENSSL_PATH)/crypto/ec/ec_curve.c + $(OPENSSL_PATH)/crypto/ec/ec_check.c + $(OPENSSL_PATH)/crypto/ec/ec_print.c + $(OPENSSL_PATH)/crypto/ec/ec_asn1.c + $(OPENSSL_PATH)/crypto/ec/ec_key.c + $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c + $(OPENSSL_PATH)/crypto/ec/ec2_mult.c + $(OPENSSL_PATH)/crypto/ecdh/ech_lib.c + $(OPENSSL_PATH)/crypto/ecdh/ech_ossl.c + $(OPENSSL_PATH)/crypto/ecdh/ech_key.c + $(OPENSSL_PATH)/crypto/ecdh/ech_err.c + $(OPENSSL_PATH)/crypto/ecdsa/ecs_lib.c + $(OPENSSL_PATH)/crypto/ecdsa/ecs_asn1.c + $(OPENSSL_PATH)/crypto/ecdsa/ecs_ossl.c + $(OPENSSL_PATH)/crypto/ecdsa/ecs_sign.c + $(OPENSSL_PATH)/crypto/ecdsa/ecs_vrf.c + $(OPENSSL_PATH)/crypto/ecdsa/ecs_err.c + $(OPENSSL_PATH)/crypto/buffer/buffer.c + $(OPENSSL_PATH)/crypto/buffer/buf_str.c + $(OPENSSL_PATH)/crypto/buffer/buf_err.c + $(OPENSSL_PATH)/crypto/bio/bio_lib.c + $(OPENSSL_PATH)/crypto/bio/bio_cb.c + $(OPENSSL_PATH)/crypto/bio/bio_err.c + $(OPENSSL_PATH)/crypto/bio/bss_mem.c + $(OPENSSL_PATH)/crypto/bio/bss_null.c + $(OPENSSL_PATH)/crypto/bio/bss_fd.c + $(OPENSSL_PATH)/crypto/bio/bss_file.c + $(OPENSSL_PATH)/crypto/bio/bf_null.c + $(OPENSSL_PATH)/crypto/bio/bf_buff.c + $(OPENSSL_PATH)/crypto/bio/b_print.c + $(OPENSSL_PATH)/crypto/bio/b_dump.c + $(OPENSSL_PATH)/crypto/bio/bf_nbio.c + $(OPENSSL_PATH)/crypto/bio/bss_log.c + $(OPENSSL_PATH)/crypto/bio/bss_bio.c + $(OPENSSL_PATH)/crypto/bio/bss_dgram.c + $(OPENSSL_PATH)/crypto/stack/stack.c + $(OPENSSL_PATH)/crypto/lhash/lhash.c + $(OPENSSL_PATH)/crypto/lhash/lh_stats.c + $(OPENSSL_PATH)/crypto/rand/md_rand.c + $(OPENSSL_PATH)/crypto/rand/randfile.c + $(OPENSSL_PATH)/crypto/rand/rand_lib.c + $(OPENSSL_PATH)/crypto/rand/rand_eng.c + $(OPENSSL_PATH)/crypto/rand/rand_err.c + $(OPENSSL_PATH)/crypto/rand/rand_egd.c + $(OPENSSL_PATH)/crypto/rand/rand_win.c + $(OPENSSL_PATH)/crypto/rand/rand_unix.c + $(OPENSSL_PATH)/crypto/rand/rand_os2.c + $(OPENSSL_PATH)/crypto/rand/rand_nw.c + $(OPENSSL_PATH)/crypto/err/err.c + $(OPENSSL_PATH)/crypto/err/err_def.c + $(OPENSSL_PATH)/crypto/err/err_all.c + $(OPENSSL_PATH)/crypto/err/err_prn.c + $(OPENSSL_PATH)/crypto/err/err_str.c + $(OPENSSL_PATH)/crypto/err/err_bio.c + $(OPENSSL_PATH)/crypto/objects/o_names.c + $(OPENSSL_PATH)/crypto/objects/obj_dat.c + $(OPENSSL_PATH)/crypto/objects/obj_lib.c + $(OPENSSL_PATH)/crypto/objects/obj_err.c + $(OPENSSL_PATH)/crypto/evp/encode.c + $(OPENSSL_PATH)/crypto/evp/digest.c + $(OPENSSL_PATH)/crypto/evp/dig_eng.c + $(OPENSSL_PATH)/crypto/evp/evp_enc.c + $(OPENSSL_PATH)/crypto/evp/evp_key.c + $(OPENSSL_PATH)/crypto/evp/evp_acnf.c + $(OPENSSL_PATH)/crypto/evp/evp_cnf.c + $(OPENSSL_PATH)/crypto/evp/e_des.c + $(OPENSSL_PATH)/crypto/evp/e_bf.c + $(OPENSSL_PATH)/crypto/evp/e_idea.c + $(OPENSSL_PATH)/crypto/evp/e_des3.c + $(OPENSSL_PATH)/crypto/evp/e_rc4.c + $(OPENSSL_PATH)/crypto/evp/e_aes.c + $(OPENSSL_PATH)/crypto/evp/names.c + $(OPENSSL_PATH)/crypto/evp/e_xcbc_d.c + $(OPENSSL_PATH)/crypto/evp/e_rc2.c + $(OPENSSL_PATH)/crypto/evp/e_cast.c + $(OPENSSL_PATH)/crypto/evp/e_rc5.c + $(OPENSSL_PATH)/crypto/evp/enc_min.c + $(OPENSSL_PATH)/crypto/evp/m_null.c + $(OPENSSL_PATH)/crypto/evp/m_md2.c + $(OPENSSL_PATH)/crypto/evp/m_md4.c + $(OPENSSL_PATH)/crypto/evp/m_md5.c + $(OPENSSL_PATH)/crypto/evp/m_sha.c + $(OPENSSL_PATH)/crypto/evp/m_sha1.c + $(OPENSSL_PATH)/crypto/evp/m_dss.c + $(OPENSSL_PATH)/crypto/evp/m_dss1.c + $(OPENSSL_PATH)/crypto/evp/m_ripemd.c + $(OPENSSL_PATH)/crypto/evp/m_ecdsa.c + $(OPENSSL_PATH)/crypto/evp/p_open.c + $(OPENSSL_PATH)/crypto/evp/p_seal.c + $(OPENSSL_PATH)/crypto/evp/p_sign.c + $(OPENSSL_PATH)/crypto/evp/p_verify.c + $(OPENSSL_PATH)/crypto/evp/p_lib.c + $(OPENSSL_PATH)/crypto/evp/p_enc.c + $(OPENSSL_PATH)/crypto/evp/p_dec.c + $(OPENSSL_PATH)/crypto/evp/bio_md.c + $(OPENSSL_PATH)/crypto/evp/bio_b64.c + $(OPENSSL_PATH)/crypto/evp/bio_enc.c + $(OPENSSL_PATH)/crypto/evp/evp_err.c + $(OPENSSL_PATH)/crypto/evp/e_null.c + $(OPENSSL_PATH)/crypto/evp/c_all.c + $(OPENSSL_PATH)/crypto/evp/c_allc.c + $(OPENSSL_PATH)/crypto/evp/c_alld.c + $(OPENSSL_PATH)/crypto/evp/evp_lib.c + $(OPENSSL_PATH)/crypto/evp/bio_ok.c + $(OPENSSL_PATH)/crypto/evp/evp_pkey.c + $(OPENSSL_PATH)/crypto/evp/evp_pbe.c + $(OPENSSL_PATH)/crypto/evp/p5_crpt.c + $(OPENSSL_PATH)/crypto/evp/p5_crpt2.c + $(OPENSSL_PATH)/crypto/evp/e_old.c + $(OPENSSL_PATH)/crypto/asn1/a_object.c + $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c + $(OPENSSL_PATH)/crypto/asn1/a_utctm.c + $(OPENSSL_PATH)/crypto/asn1/a_gentm.c + $(OPENSSL_PATH)/crypto/asn1/a_time.c + $(OPENSSL_PATH)/crypto/asn1/a_int.c + $(OPENSSL_PATH)/crypto/asn1/a_octet.c + $(OPENSSL_PATH)/crypto/asn1/a_print.c + $(OPENSSL_PATH)/crypto/asn1/a_type.c + $(OPENSSL_PATH)/crypto/asn1/a_set.c + $(OPENSSL_PATH)/crypto/asn1/a_dup.c + $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c + $(OPENSSL_PATH)/crypto/asn1/a_i2d_fp.c + $(OPENSSL_PATH)/crypto/asn1/a_enum.c + $(OPENSSL_PATH)/crypto/asn1/a_utf8.c + $(OPENSSL_PATH)/crypto/asn1/a_sign.c + $(OPENSSL_PATH)/crypto/asn1/a_digest.c + $(OPENSSL_PATH)/crypto/asn1/a_verify.c + $(OPENSSL_PATH)/crypto/asn1/a_mbstr.c + $(OPENSSL_PATH)/crypto/asn1/a_strex.c + $(OPENSSL_PATH)/crypto/asn1/x_algor.c + $(OPENSSL_PATH)/crypto/asn1/x_val.c + $(OPENSSL_PATH)/crypto/asn1/x_pubkey.c + $(OPENSSL_PATH)/crypto/asn1/x_sig.c + $(OPENSSL_PATH)/crypto/asn1/x_req.c + $(OPENSSL_PATH)/crypto/asn1/x_attrib.c + $(OPENSSL_PATH)/crypto/asn1/x_bignum.c + $(OPENSSL_PATH)/crypto/asn1/x_long.c + $(OPENSSL_PATH)/crypto/asn1/x_name.c + $(OPENSSL_PATH)/crypto/asn1/x_x509.c + $(OPENSSL_PATH)/crypto/asn1/x_x509a.c + $(OPENSSL_PATH)/crypto/asn1/x_crl.c + $(OPENSSL_PATH)/crypto/asn1/x_info.c + $(OPENSSL_PATH)/crypto/asn1/x_spki.c + $(OPENSSL_PATH)/crypto/asn1/nsseq.c + $(OPENSSL_PATH)/crypto/asn1/d2i_pu.c + $(OPENSSL_PATH)/crypto/asn1/d2i_pr.c + $(OPENSSL_PATH)/crypto/asn1/i2d_pu.c + $(OPENSSL_PATH)/crypto/asn1/i2d_pr.c + $(OPENSSL_PATH)/crypto/asn1/t_req.c + $(OPENSSL_PATH)/crypto/asn1/t_x509.c + $(OPENSSL_PATH)/crypto/asn1/t_x509a.c + $(OPENSSL_PATH)/crypto/asn1/t_crl.c + $(OPENSSL_PATH)/crypto/asn1/t_pkey.c + $(OPENSSL_PATH)/crypto/asn1/t_spki.c + $(OPENSSL_PATH)/crypto/asn1/t_bitst.c + $(OPENSSL_PATH)/crypto/asn1/tasn_new.c + $(OPENSSL_PATH)/crypto/asn1/tasn_fre.c + $(OPENSSL_PATH)/crypto/asn1/tasn_enc.c + $(OPENSSL_PATH)/crypto/asn1/tasn_dec.c + $(OPENSSL_PATH)/crypto/asn1/tasn_utl.c + $(OPENSSL_PATH)/crypto/asn1/tasn_typ.c + $(OPENSSL_PATH)/crypto/asn1/f_int.c + $(OPENSSL_PATH)/crypto/asn1/f_string.c + $(OPENSSL_PATH)/crypto/asn1/n_pkey.c + $(OPENSSL_PATH)/crypto/asn1/f_enum.c + $(OPENSSL_PATH)/crypto/asn1/a_hdr.c + $(OPENSSL_PATH)/crypto/asn1/x_pkey.c + $(OPENSSL_PATH)/crypto/asn1/a_bool.c + $(OPENSSL_PATH)/crypto/asn1/x_exten.c + $(OPENSSL_PATH)/crypto/asn1/asn_mime.c + $(OPENSSL_PATH)/crypto/asn1/asn1_gen.c + $(OPENSSL_PATH)/crypto/asn1/asn1_par.c + $(OPENSSL_PATH)/crypto/asn1/asn1_lib.c + $(OPENSSL_PATH)/crypto/asn1/asn1_err.c + $(OPENSSL_PATH)/crypto/asn1/a_meth.c + $(OPENSSL_PATH)/crypto/asn1/a_bytes.c + $(OPENSSL_PATH)/crypto/asn1/a_strnid.c + $(OPENSSL_PATH)/crypto/asn1/evp_asn1.c + $(OPENSSL_PATH)/crypto/asn1/asn_pack.c + $(OPENSSL_PATH)/crypto/asn1/p5_pbe.c + $(OPENSSL_PATH)/crypto/asn1/p5_pbev2.c + $(OPENSSL_PATH)/crypto/asn1/p8_pkey.c + $(OPENSSL_PATH)/crypto/asn1/asn_moid.c + $(OPENSSL_PATH)/crypto/pem/pem_sign.c + $(OPENSSL_PATH)/crypto/pem/pem_seal.c + $(OPENSSL_PATH)/crypto/pem/pem_info.c + $(OPENSSL_PATH)/crypto/pem/pem_lib.c + $(OPENSSL_PATH)/crypto/pem/pem_all.c + $(OPENSSL_PATH)/crypto/pem/pem_err.c + $(OPENSSL_PATH)/crypto/pem/pem_x509.c + $(OPENSSL_PATH)/crypto/pem/pem_xaux.c + $(OPENSSL_PATH)/crypto/pem/pem_oth.c + $(OPENSSL_PATH)/crypto/pem/pem_pk8.c + $(OPENSSL_PATH)/crypto/pem/pem_pkey.c + $(OPENSSL_PATH)/crypto/x509/x509_def.c + $(OPENSSL_PATH)/crypto/x509/x509_d2.c + $(OPENSSL_PATH)/crypto/x509/x509_r2x.c + $(OPENSSL_PATH)/crypto/x509/x509_cmp.c + $(OPENSSL_PATH)/crypto/x509/x509_obj.c + $(OPENSSL_PATH)/crypto/x509/x509_req.c + $(OPENSSL_PATH)/crypto/x509/x509spki.c + $(OPENSSL_PATH)/crypto/x509/x509_vfy.c + $(OPENSSL_PATH)/crypto/x509/x509_set.c + $(OPENSSL_PATH)/crypto/x509/x509cset.c + $(OPENSSL_PATH)/crypto/x509/x509rset.c + $(OPENSSL_PATH)/crypto/x509/x509_err.c + $(OPENSSL_PATH)/crypto/x509/x509name.c + $(OPENSSL_PATH)/crypto/x509/x509_v3.c + $(OPENSSL_PATH)/crypto/x509/x509_ext.c + $(OPENSSL_PATH)/crypto/x509/x509_att.c + $(OPENSSL_PATH)/crypto/x509/x509type.c + $(OPENSSL_PATH)/crypto/x509/x509_lu.c + $(OPENSSL_PATH)/crypto/x509/x_all.c + $(OPENSSL_PATH)/crypto/x509/x509_txt.c + $(OPENSSL_PATH)/crypto/x509/x509_trs.c + $(OPENSSL_PATH)/crypto/x509/by_file.c + $(OPENSSL_PATH)/crypto/x509/by_dir.c + $(OPENSSL_PATH)/crypto/x509/x509_vpm.c + $(OPENSSL_PATH)/crypto/x509v3/v3_bcons.c + $(OPENSSL_PATH)/crypto/x509v3/v3_bitst.c + $(OPENSSL_PATH)/crypto/x509v3/v3_conf.c + $(OPENSSL_PATH)/crypto/x509v3/v3_extku.c + $(OPENSSL_PATH)/crypto/x509v3/v3_ia5.c + $(OPENSSL_PATH)/crypto/x509v3/v3_lib.c + $(OPENSSL_PATH)/crypto/x509v3/v3_prn.c + $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c + $(OPENSSL_PATH)/crypto/x509v3/v3err.c + $(OPENSSL_PATH)/crypto/x509v3/v3_genn.c + $(OPENSSL_PATH)/crypto/x509v3/v3_alt.c + $(OPENSSL_PATH)/crypto/x509v3/v3_skey.c + $(OPENSSL_PATH)/crypto/x509v3/v3_akey.c + $(OPENSSL_PATH)/crypto/x509v3/v3_pku.c + $(OPENSSL_PATH)/crypto/x509v3/v3_int.c + $(OPENSSL_PATH)/crypto/x509v3/v3_enum.c + $(OPENSSL_PATH)/crypto/x509v3/v3_sxnet.c + $(OPENSSL_PATH)/crypto/x509v3/v3_cpols.c + $(OPENSSL_PATH)/crypto/x509v3/v3_crld.c + $(OPENSSL_PATH)/crypto/x509v3/v3_purp.c + $(OPENSSL_PATH)/crypto/x509v3/v3_info.c + $(OPENSSL_PATH)/crypto/x509v3/v3_ocsp.c + $(OPENSSL_PATH)/crypto/x509v3/v3_akeya.c + $(OPENSSL_PATH)/crypto/x509v3/v3_pmaps.c + $(OPENSSL_PATH)/crypto/x509v3/v3_pcons.c + $(OPENSSL_PATH)/crypto/x509v3/v3_ncons.c + $(OPENSSL_PATH)/crypto/x509v3/v3_pcia.c + $(OPENSSL_PATH)/crypto/x509v3/v3_pci.c + $(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c + $(OPENSSL_PATH)/crypto/x509v3/pcy_node.c + $(OPENSSL_PATH)/crypto/x509v3/pcy_data.c + $(OPENSSL_PATH)/crypto/x509v3/pcy_map.c + $(OPENSSL_PATH)/crypto/x509v3/pcy_tree.c + $(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c + $(OPENSSL_PATH)/crypto/x509v3/v3_asid.c + $(OPENSSL_PATH)/crypto/x509v3/v3_addr.c + $(OPENSSL_PATH)/crypto/conf/conf_err.c + $(OPENSSL_PATH)/crypto/conf/conf_lib.c + $(OPENSSL_PATH)/crypto/conf/conf_api.c + $(OPENSSL_PATH)/crypto/conf/conf_def.c + $(OPENSSL_PATH)/crypto/conf/conf_mod.c + $(OPENSSL_PATH)/crypto/conf/conf_mall.c + $(OPENSSL_PATH)/crypto/conf/conf_sap.c + $(OPENSSL_PATH)/crypto/txt_db/txt_db.c + $(OPENSSL_PATH)/crypto/pkcs7/pk7_asn1.c + $(OPENSSL_PATH)/crypto/pkcs7/pk7_lib.c + $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c + $(OPENSSL_PATH)/crypto/pkcs7/pk7_doit.c + $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c + $(OPENSSL_PATH)/crypto/pkcs7/pk7_attr.c + $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c + $(OPENSSL_PATH)/crypto/pkcs12/p12_add.c + $(OPENSSL_PATH)/crypto/pkcs12/p12_asn.c + $(OPENSSL_PATH)/crypto/pkcs12/p12_attr.c + $(OPENSSL_PATH)/crypto/pkcs12/p12_crpt.c + $(OPENSSL_PATH)/crypto/pkcs12/p12_crt.c + $(OPENSSL_PATH)/crypto/pkcs12/p12_decr.c + $(OPENSSL_PATH)/crypto/pkcs12/p12_init.c + $(OPENSSL_PATH)/crypto/pkcs12/p12_key.c + $(OPENSSL_PATH)/crypto/pkcs12/p12_kiss.c + $(OPENSSL_PATH)/crypto/pkcs12/p12_mutl.c + $(OPENSSL_PATH)/crypto/pkcs12/p12_utl.c + $(OPENSSL_PATH)/crypto/pkcs12/p12_npas.c + $(OPENSSL_PATH)/crypto/pkcs12/pk12err.c + $(OPENSSL_PATH)/crypto/pkcs12/p12_p8d.c + $(OPENSSL_PATH)/crypto/pkcs12/p12_p8e.c + $(OPENSSL_PATH)/crypto/comp/comp_lib.c + $(OPENSSL_PATH)/crypto/comp/comp_err.c + $(OPENSSL_PATH)/crypto/comp/c_rle.c + $(OPENSSL_PATH)/crypto/comp/c_zlib.c + $(OPENSSL_PATH)/crypto/engine/eng_err.c + $(OPENSSL_PATH)/crypto/engine/eng_lib.c + $(OPENSSL_PATH)/crypto/engine/eng_list.c + $(OPENSSL_PATH)/crypto/engine/eng_init.c + $(OPENSSL_PATH)/crypto/engine/eng_ctrl.c + $(OPENSSL_PATH)/crypto/engine/eng_table.c + $(OPENSSL_PATH)/crypto/engine/eng_pkey.c + $(OPENSSL_PATH)/crypto/engine/eng_fat.c + $(OPENSSL_PATH)/crypto/engine/eng_all.c + $(OPENSSL_PATH)/crypto/engine/tb_rsa.c + $(OPENSSL_PATH)/crypto/engine/tb_dsa.c + $(OPENSSL_PATH)/crypto/engine/tb_ecdsa.c + $(OPENSSL_PATH)/crypto/engine/tb_dh.c + $(OPENSSL_PATH)/crypto/engine/tb_ecdh.c + $(OPENSSL_PATH)/crypto/engine/tb_rand.c + $(OPENSSL_PATH)/crypto/engine/tb_store.c + $(OPENSSL_PATH)/crypto/engine/tb_cipher.c + $(OPENSSL_PATH)/crypto/engine/tb_digest.c + $(OPENSSL_PATH)/crypto/engine/eng_openssl.c + $(OPENSSL_PATH)/crypto/engine/eng_cnf.c + $(OPENSSL_PATH)/crypto/engine/eng_dyn.c + $(OPENSSL_PATH)/crypto/engine/eng_cryptodev.c + $(OPENSSL_PATH)/crypto/engine/eng_padlock.c + $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c + $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c + $(OPENSSL_PATH)/crypto/ocsp/ocsp_ht.c + $(OPENSSL_PATH)/crypto/ocsp/ocsp_lib.c + $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c + $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c + $(OPENSSL_PATH)/crypto/ocsp/ocsp_prn.c + $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c + $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c + $(OPENSSL_PATH)/crypto/ui/ui_err.c + $(OPENSSL_PATH)/crypto/ui/ui_lib.c + + # + # Not required when OPENSSL_NO_STDIO is set, which is is for UEFI. + # + # $(OPENSSL_PATH)/crypto/ui/ui_openssl.c + + $(OPENSSL_PATH)/crypto/ui/ui_util.c + $(OPENSSL_PATH)/crypto/ui/ui_compat.c + $(OPENSSL_PATH)/crypto/krb5/krb5_asn.c + $(OPENSSL_PATH)/crypto/store/str_err.c + $(OPENSSL_PATH)/crypto/store/str_lib.c + $(OPENSSL_PATH)/crypto/store/str_meth.c + $(OPENSSL_PATH)/crypto/store/str_mem.c + $(OPENSSL_PATH)/crypto/pqueue/pqueue.c + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + DebugLib + +[BuildOptions] + MSFT:*_*_*_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /WX- /GL- + INTEL:*_*_*_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /WX- + GCC:*_*_*_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w diff --git a/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt new file mode 100644 index 0000000000..c35f88d55e --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt @@ -0,0 +1,61 @@ + +================================================================================ + Introduction +================================================================================ + OpenSSL is a well-known open source implementation of SSL and TLS protocols. +The core library implements the basic cryptographic functions and provides various +utility functions. The OpenSSL library is widely used in variety of security +products development as base crypto provider. (See http://www.openssl.org for more +information for OpenSSL). + UEFI (Unified Extensible Firmware Interface) is a specification detailing the +interfaces between OS and platform firmware. Several security features were +introduced (e.g. Authenticated Variable Service, Driver Signing, etc) from UEFI +2.2 (http://www.uefi.org). These security features highly depends on the +cryptography. This patch will enable openssl building under UEFI environment. + + +================================================================================ + OpenSSL-Version +================================================================================ + Current supported OpenSSL version for UEFI Crypto Library is 0.9.8l. + http://www.openssl.org/source/openssl-0.9.8l.tar.gz + + +================================================================================ + HOW to Install Openssl for UEFI Building +================================================================================ +1. Download OpenSSL 0.9.8l from official website: + http://www.openssl.org/source/openssl-0.9.8l.tar.gz + + NOTE: Some web browsers may rename the downloaded TAR file to openssl-0.9.8l.tar.tar. + When you do the download, rename the "openssl-0.9.8l.tar.tar" to + "openssl-0.9.8l.tar.gz" or rename the local downloaded file with ".tar.tar" + extension to ".tar.gz". + +2. Extract TAR into CryptoPkg/Library/OpenSslLib/openssl-0.9.8l + + NOTE: If you use WinZip to unpack the openssl source in Windows, please + uncheck the WinZip smart CR/LF conversion option (WINZIP: Options --> + Configuration --> Miscellaneous --> "TAR file smart CR/LF conversion"). + +3. Apply this patch: EDKII_openssl-0.9.8l.patch, and make installation + + For Windows Environment: + ------------------------ + 1) Make sure the patch utility has been installed in your machine. + Install Cygwin or get the patch utility binary from + http://gnuwin32.sourceforge.net/packages/patch.htm + 2) cd $(WORKSPACE)\CryptoPkg\Library\OpensslLib\openssl-0.9.8l + 3) patch -p0 -i ..\EDKII_openssl-0.9.8l.patch + 4) cd .. + 5) install.cmd + + For Linux* Environment: + ----------------------- + 1) Make sure the patch utility has been installed in your machine. + Patch utility is available from http://directory.fsf.org/project/patch/ + 2) cd $(WORKSPACE)/CryptoPkg/Library/OpensslLib/openssl-0.9.8l + 3) patch -p0 -i ../EDKII_openssl-0.9.8l.patch + 4) cd .. + 5) ./install.sh + diff --git a/CryptoPkg/Library/OpensslLib/buildinf.h b/CryptoPkg/Library/OpensslLib/buildinf.h new file mode 100644 index 0000000000..673bf787c1 --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/buildinf.h @@ -0,0 +1,2 @@ +#define PLATFORM "UEFI" +#define DATE "Mon Mar 8 14:17:05 PDT 2010" -- 2.39.2