diff options
| author | Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> | 2017-08-04 12:10:50 -0400 |
|---|---|---|
| committer | Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> | 2017-08-04 12:10:50 -0400 |
| commit | bbfd2ab18f52600aa41f061b2da9a2afe2a9d6ac (patch) | |
| tree | 56132d617fff7c4f05e67024ec872d88fcafa92d /Cryptlib/Pk | |
| download | efi-boot-shim-upstream/0.9+1474479173.6c180c6.tar.gz efi-boot-shim-upstream/0.9+1474479173.6c180c6.zip | |
Import Upstream version 0.9+1474479173.6c180c6upstream/0.9+1474479173.6c180c6
Diffstat (limited to 'Cryptlib/Pk')
| -rw-r--r-- | Cryptlib/Pk/CryptAuthenticode.c | 198 | ||||
| -rw-r--r-- | Cryptlib/Pk/CryptDhNull.c | 156 | ||||
| -rw-r--r-- | Cryptlib/Pk/CryptPkcs7SignNull.c | 59 | ||||
| -rw-r--r-- | Cryptlib/Pk/CryptPkcs7Verify.c | 1004 | ||||
| -rw-r--r-- | Cryptlib/Pk/CryptRsaBasic.c | 336 | ||||
| -rw-r--r-- | Cryptlib/Pk/CryptRsaExtNull.c | 125 | ||||
| -rw-r--r-- | Cryptlib/Pk/CryptTs.c | 657 | ||||
| -rw-r--r-- | Cryptlib/Pk/CryptX509.c | 580 |
8 files changed, 3115 insertions, 0 deletions
diff --git a/Cryptlib/Pk/CryptAuthenticode.c b/Cryptlib/Pk/CryptAuthenticode.c new file mode 100644 index 00000000..857281d7 --- /dev/null +++ b/Cryptlib/Pk/CryptAuthenticode.c @@ -0,0 +1,198 @@ +/** @file
+ Authenticode Portable Executable Signature Verification over OpenSSL.
+
+ Caution: This module requires additional review when modified.
+ This library will have external input - signature (e.g. PE/COFF Authenticode).
+ This external input must be validated carefully to avoid security issue like
+ buffer overflow, integer overflow.
+
+ AuthenticodeVerify() will get PE/COFF Authenticode and will do basic check for
+ data structure.
+
+Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+
+//
+// OID ASN.1 Value for SPC_INDIRECT_DATA_OBJID
+//
+UINT8 mSpcIndirectOidValue[] = {
+ 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x04
+ };
+
+/**
+ Verifies the validility of a PE/COFF Authenticode Signature as described in "Windows
+ Authenticode Portable Executable Signature Format".
+
+ If AuthData is NULL, then return FALSE.
+ If ImageHash is NULL, then return FALSE.
+
+ Caution: This function may receive untrusted input.
+ PE/COFF Authenticode is external input, so this function will do basic check for
+ Authenticode data structure.
+
+ @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed
+ PE/COFF image to be verified.
+ @param[in] DataSize Size of the Authenticode Signature in bytes.
+ @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
+ is used for certificate chain verification.
+ @param[in] CertSize Size of the trusted certificate in bytes.
+ @param[in] ImageHash Pointer to the original image file hash value. The procudure
+ for calculating the image hash value is described in Authenticode
+ specification.
+ @param[in] HashSize Size of Image hash value in bytes.
+
+ @retval TRUE The specified Authenticode Signature is valid.
+ @retval FALSE Invalid Authenticode Signature.
+
+**/
+BOOLEAN
+EFIAPI
+AuthenticodeVerify (
+ IN CONST UINT8 *AuthData,
+ IN UINTN DataSize,
+ IN CONST UINT8 *TrustedCert,
+ IN UINTN CertSize,
+ IN CONST UINT8 *ImageHash,
+ IN UINTN HashSize
+ )
+{
+ BOOLEAN Status;
+ PKCS7 *Pkcs7;
+ CONST UINT8 *Temp;
+ CONST UINT8 *OrigAuthData;
+ UINT8 *SpcIndirectDataContent;
+ UINT8 Asn1Byte;
+ UINTN ContentSize;
+ CONST UINT8 *SpcIndirectDataOid;
+
+ //
+ // Check input parameters.
+ //
+ if ((AuthData == NULL) || (TrustedCert == NULL) || (ImageHash == NULL)) {
+ return FALSE;
+ }
+
+ if ((DataSize > INT_MAX) || (CertSize > INT_MAX) || (HashSize > INT_MAX)) {
+ return FALSE;
+ }
+
+ Status = FALSE;
+ Pkcs7 = NULL;
+ OrigAuthData = AuthData;
+
+ //
+ // Retrieve & Parse PKCS#7 Data (DER encoding) from Authenticode Signature
+ //
+ Temp = AuthData;
+ Pkcs7 = d2i_PKCS7 (NULL, &Temp, (int)DataSize);
+ if (Pkcs7 == NULL) {
+ goto _Exit;
+ }
+
+ //
+ // Check if it's PKCS#7 Signed Data (for Authenticode Scenario)
+ //
+ if (!PKCS7_type_is_signed (Pkcs7)) {
+ goto _Exit;
+ }
+
+ //
+ // NOTE: OpenSSL PKCS7 Decoder didn't work for Authenticode-format signed data due to
+ // some authenticode-specific structure. Use opaque ASN.1 string to retrieve
+ // PKCS#7 ContentInfo here.
+ //
+ SpcIndirectDataOid = OBJ_get0_data(Pkcs7->d.sign->contents->type);
+ if (OBJ_length(Pkcs7->d.sign->contents->type) != sizeof(mSpcIndirectOidValue) ||
+ CompareMem (
+ SpcIndirectDataOid,
+ mSpcIndirectOidValue,
+ sizeof (mSpcIndirectOidValue)
+ ) != 0) {
+ //
+ // Un-matched SPC_INDIRECT_DATA_OBJID.
+ //
+ goto _Exit;
+ }
+
+
+ SpcIndirectDataContent = (UINT8 *)(Pkcs7->d.sign->contents->d.other->value.asn1_string->data);
+
+ //
+ // Retrieve the SEQUENCE data size from ASN.1-encoded SpcIndirectDataContent.
+ //
+ Asn1Byte = *(SpcIndirectDataContent + 1);
+
+ if ((Asn1Byte & 0x80) == 0) {
+ //
+ // Short Form of Length Encoding (Length < 128)
+ //
+ ContentSize = (UINTN) (Asn1Byte & 0x7F);
+ //
+ // Skip the SEQUENCE Tag;
+ //
+ SpcIndirectDataContent += 2;
+
+ } else if ((Asn1Byte & 0x81) == 0x81) {
+ //
+ // Long Form of Length Encoding (128 <= Length < 255, Single Octet)
+ //
+ ContentSize = (UINTN) (*(UINT8 *)(SpcIndirectDataContent + 2));
+ //
+ // Skip the SEQUENCE Tag;
+ //
+ SpcIndirectDataContent += 3;
+
+ } else if ((Asn1Byte & 0x82) == 0x82) {
+ //
+ // Long Form of Length Encoding (Length > 255, Two Octet)
+ //
+ ContentSize = (UINTN) (*(UINT8 *)(SpcIndirectDataContent + 2));
+ ContentSize = (ContentSize << 8) + (UINTN)(*(UINT8 *)(SpcIndirectDataContent + 3));
+ //
+ // Skip the SEQUENCE Tag;
+ //
+ SpcIndirectDataContent += 4;
+
+ } else {
+ goto _Exit;
+ }
+
+ //
+ // Compare the original file hash value to the digest retrieve from SpcIndirectDataContent
+ // defined in Authenticode
+ // NOTE: Need to double-check HashLength here!
+ //
+ if (CompareMem (SpcIndirectDataContent + ContentSize - HashSize, ImageHash, HashSize) != 0) {
+ //
+ // Un-matched PE/COFF Hash Value
+ //
+ goto _Exit;
+ }
+
+ //
+ // Verifies the PKCS#7 Signed Data in PE/COFF Authenticode Signature
+ //
+ Status = (BOOLEAN) Pkcs7Verify (OrigAuthData, DataSize, TrustedCert, CertSize, SpcIndirectDataContent, ContentSize);
+
+_Exit:
+ //
+ // Release Resources
+ //
+ PKCS7_free (Pkcs7);
+
+ return Status;
+}
diff --git a/Cryptlib/Pk/CryptDhNull.c b/Cryptlib/Pk/CryptDhNull.c new file mode 100644 index 00000000..35045db3 --- /dev/null +++ b/Cryptlib/Pk/CryptDhNull.c @@ -0,0 +1,156 @@ +/** @file
+ Diffie-Hellman Wrapper Implementation which does not provide
+ real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Allocates and Initializes one Diffie-Hellman Context for subsequent use.
+
+ @return Pointer to the Diffie-Hellman Context that has been initialized.
+ If the interface is not supported, DhNew() returns NULL.
+
+**/
+VOID *
+EFIAPI
+DhNew (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+/**
+ Release the specified DH context.
+
+ If the interface is not supported, then ASSERT().
+
+ @param[in] DhContext Pointer to the DH context to be released.
+
+**/
+VOID
+EFIAPI
+DhFree (
+ IN VOID *DhContext
+ )
+{
+ ASSERT (FALSE);
+}
+
+/**
+ Generates DH parameter.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] DhContext Pointer to the DH context.
+ @param[in] Generator Value of generator.
+ @param[in] PrimeLength Length in bits of prime to be generated.
+ @param[out] Prime Pointer to the buffer to receive the generated prime number.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+DhGenerateParameter (
+ IN OUT VOID *DhContext,
+ IN UINTN Generator,
+ IN UINTN PrimeLength,
+ OUT UINT8 *Prime
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Sets generator and prime parameters for DH.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] DhContext Pointer to the DH context.
+ @param[in] Generator Value of generator.
+ @param[in] PrimeLength Length in bits of prime to be generated.
+ @param[in] Prime Pointer to the prime number.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+DhSetParameter (
+ IN OUT VOID *DhContext,
+ IN UINTN Generator,
+ IN UINTN PrimeLength,
+ IN CONST UINT8 *Prime
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Generates DH public key.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] DhContext Pointer to the DH context.
+ @param[out] PublicKey Pointer to the buffer to receive generated public key.
+ @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes.
+ On output, the size of data returned in PublicKey buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+DhGenerateKey (
+ IN OUT VOID *DhContext,
+ OUT UINT8 *PublicKey,
+ IN OUT UINTN *PublicKeySize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Computes exchanged common key.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] DhContext Pointer to the DH context.
+ @param[in] PeerPublicKey Pointer to the peer's public key.
+ @param[in] PeerPublicKeySize Size of peer's public key in bytes.
+ @param[out] Key Pointer to the buffer to receive generated key.
+ @param[in, out] KeySize On input, the size of Key buffer in bytes.
+ On output, the size of data returned in Key buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+DhComputeKey (
+ IN OUT VOID *DhContext,
+ IN CONST UINT8 *PeerPublicKey,
+ IN UINTN PeerPublicKeySize,
+ OUT UINT8 *Key,
+ IN OUT UINTN *KeySize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/Cryptlib/Pk/CryptPkcs7SignNull.c b/Cryptlib/Pk/CryptPkcs7SignNull.c new file mode 100644 index 00000000..539bb6b7 --- /dev/null +++ b/Cryptlib/Pk/CryptPkcs7SignNull.c @@ -0,0 +1,59 @@ +/** @file
+ PKCS#7 SignedData Sign Wrapper Implementation which does not provide real
+ capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
+ Syntax Standard, version 1.5". This interface is only intended to be used for
+ application to perform PKCS#7 functionality validation.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] PrivateKey Pointer to the PEM-formatted private key data for
+ data signing.
+ @param[in] PrivateKeySize Size of the PEM private key data in bytes.
+ @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM
+ key data.
+ @param[in] InData Pointer to the content to be signed.
+ @param[in] InDataSize Size of InData in bytes.
+ @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with.
+ @param[in] OtherCerts Pointer to an optional additional set of certificates to
+ include in the PKCS#7 signedData (e.g. any intermediate
+ CAs in the chain).
+ @param[out] SignedData Pointer to output PKCS#7 signedData.
+ @param[out] SignedDataSize Size of SignedData in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Pkcs7Sign (
+ IN CONST UINT8 *PrivateKey,
+ IN UINTN PrivateKeySize,
+ IN CONST UINT8 *KeyPassword,
+ IN UINT8 *InData,
+ IN UINTN InDataSize,
+ IN UINT8 *SignCert,
+ IN UINT8 *OtherCerts OPTIONAL,
+ OUT UINT8 **SignedData,
+ OUT UINTN *SignedDataSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
diff --git a/Cryptlib/Pk/CryptPkcs7Verify.c b/Cryptlib/Pk/CryptPkcs7Verify.c new file mode 100644 index 00000000..efa3796a --- /dev/null +++ b/Cryptlib/Pk/CryptPkcs7Verify.c @@ -0,0 +1,1004 @@ +/** @file
+ PKCS#7 SignedData Verification Wrapper Implementation over OpenSSL.
+
+ Caution: This module requires additional review when modified.
+ This library will have external input - signature (e.g. UEFI Authenticated
+ Variable). It may by input in SMM mode.
+ This external input must be validated carefully to avoid security issue like
+ buffer overflow, integer overflow.
+
+ WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated
+ Variable and will do basic check for data structure.
+
+Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pkcs7.h>
+
+UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 };
+
+/**
+ Check input P7Data is a wrapped ContentInfo structure or not. If not construct
+ a new structure to wrap P7Data.
+
+ Caution: This function may receive untrusted input.
+ UEFI Authenticated Variable is external input, so this function will do basic
+ check for PKCS#7 data structure.
+
+ @param[in] P7Data Pointer to the PKCS#7 message to verify.
+ @param[in] P7Length Length of the PKCS#7 message in bytes.
+ @param[out] WrapFlag If TRUE P7Data is a ContentInfo structure, otherwise
+ return FALSE.
+ @param[out] WrapData If return status of this function is TRUE:
+ 1) when WrapFlag is TRUE, pointer to P7Data.
+ 2) when WrapFlag is FALSE, pointer to a new ContentInfo
+ structure. It's caller's responsibility to free this
+ buffer.
+ @param[out] WrapDataSize Length of ContentInfo structure in bytes.
+
+ @retval TRUE The operation is finished successfully.
+ @retval FALSE The operation is failed due to lack of resources.
+
+**/
+BOOLEAN
+WrapPkcs7Data (
+ IN CONST UINT8 *P7Data,
+ IN UINTN P7Length,
+ OUT BOOLEAN *WrapFlag,
+ OUT UINT8 **WrapData,
+ OUT UINTN *WrapDataSize
+ )
+{
+ BOOLEAN Wrapped;
+ UINT8 *SignedData;
+
+ //
+ // Check whether input P7Data is a wrapped ContentInfo structure or not.
+ //
+ Wrapped = FALSE;
+ if ((P7Data[4] == 0x06) && (P7Data[5] == 0x09)) {
+ if (CompareMem (P7Data + 6, mOidValue, sizeof (mOidValue)) == 0) {
+ if ((P7Data[15] == 0xA0) && (P7Data[16] == 0x82)) {
+ Wrapped = TRUE;
+ }
+ }
+ }
+
+ if (Wrapped) {
+ *WrapData = (UINT8 *) P7Data;
+ *WrapDataSize = P7Length;
+ } else {
+ //
+ // Wrap PKCS#7 signeddata to a ContentInfo structure - add a header in 19 bytes.
+ //
+ *WrapDataSize = P7Length + 19;
+ *WrapData = malloc (*WrapDataSize);
+ if (*WrapData == NULL) {
+ *WrapFlag = Wrapped;
+ return FALSE;
+ }
+
+ SignedData = *WrapData;
+
+ //
+ // Part1: 0x30, 0x82.
+ //
+ SignedData[0] = 0x30;
+ SignedData[1] = 0x82;
+
+ //
+ // Part2: Length1 = P7Length + 19 - 4, in big endian.
+ //
+ SignedData[2] = (UINT8) (((UINT16) (*WrapDataSize - 4)) >> 8);
+ SignedData[3] = (UINT8) (((UINT16) (*WrapDataSize - 4)) & 0xff);
+
+ //
+ // Part3: 0x06, 0x09.
+ //
+ SignedData[4] = 0x06;
+ SignedData[5] = 0x09;
+
+ //
+ // Part4: OID value -- 0x2A 0x86 0x48 0x86 0xF7 0x0D 0x01 0x07 0x02.
+ //
+ CopyMem (SignedData + 6, mOidValue, sizeof (mOidValue));
+
+ //
+ // Part5: 0xA0, 0x82.
+ //
+ SignedData[15] = 0xA0;
+ SignedData[16] = 0x82;
+
+ //
+ // Part6: Length2 = P7Length, in big endian.
+ //
+ SignedData[17] = (UINT8) (((UINT16) P7Length) >> 8);
+ SignedData[18] = (UINT8) (((UINT16) P7Length) & 0xff);
+
+ //
+ // Part7: P7Data.
+ //
+ CopyMem (SignedData + 19, P7Data, P7Length);
+ }
+
+ *WrapFlag = Wrapped;
+ return TRUE;
+}
+
+/**
+ Pop single certificate from STACK_OF(X509).
+
+ If X509Stack, Cert, or CertSize is NULL, then return FALSE.
+
+ @param[in] X509Stack Pointer to a X509 stack object.
+ @param[out] Cert Pointer to a X509 certificate.
+ @param[out] CertSize Length of output X509 certificate in bytes.
+
+ @retval TRUE The X509 stack pop succeeded.
+ @retval FALSE The pop operation failed.
+
+**/
+BOOLEAN
+X509PopCertificate (
+ IN VOID *X509Stack,
+ OUT UINT8 **Cert,
+ OUT UINTN *CertSize
+ )
+{
+ BIO *CertBio;
+ X509 *X509Cert;
+ STACK_OF(X509) *CertStack;
+ BOOLEAN Status;
+ INT32 Result;
+ INT32 Length;
+ VOID *Buffer;
+
+ Status = FALSE;
+
+ if ((X509Stack == NULL) || (Cert == NULL) || (CertSize == NULL)) {
+ return Status;
+ }
+
+ CertStack = (STACK_OF(X509) *) X509Stack;
+
+ X509Cert = sk_X509_pop (CertStack);
+
+ if (X509Cert == NULL) {
+ return Status;
+ }
+
+ Buffer = NULL;
+
+ CertBio = BIO_new (BIO_s_mem ());
+ if (CertBio == NULL) {
+ return Status;
+ }
+
+ Result = i2d_X509_bio (CertBio, X509Cert);
+ if (Result == 0) {
+ goto _Exit;
+ }
+
+ Length = (INT32)(((BUF_MEM *) CertBio->ptr)->length);
+ if (Length <= 0) {
+ goto _Exit;
+ }
+
+ Buffer = malloc (Length);
+ if (Buffer == NULL) {
+ goto _Exit;
+ }
+
+ Result = BIO_read (CertBio, Buffer, Length);
+ if (Result != Length) {
+ goto _Exit;
+ }
+
+ *Cert = Buffer;
+ *CertSize = Length;
+
+ Status = TRUE;
+
+_Exit:
+
+ BIO_free (CertBio);
+
+ if (!Status && (Buffer != NULL)) {
+ free (Buffer);
+ }
+
+ return Status;
+}
+
+/**
+ Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:
+ Cryptographic Message Syntax Standard". The input signed data could be wrapped
+ in a ContentInfo structure.
+
+ If P7Data, CertStack, StackLength, TrustedCert or CertLength is NULL, then
+ return FALSE. If P7Length overflow, then return FAlSE.
+
+ Caution: This function may receive untrusted input.
+ UEFI Authenticated Variable is external input, so this function will do basic
+ check for PKCS#7 data structure.
+
+ @param[in] P7Data Pointer to the PKCS#7 message to verify.
+ @param[in] P7Length Length of the PKCS#7 message in bytes.
+ @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.
+ It's caller's responsiblity to free the buffer.
+ @param[out] StackLength Length of signer's certificates in bytes.
+ @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.
+ It's caller's responsiblity to free the buffer.
+ @param[out] CertLength Length of the trusted certificate in bytes.
+
+ @retval TRUE The operation is finished successfully.
+ @retval FALSE Error occurs during the operation.
+
+**/
+BOOLEAN
+EFIAPI
+Pkcs7GetSigners (
+ IN CONST UINT8 *P7Data,
+ IN UINTN P7Length,
+ OUT UINT8 **CertStack,
+ OUT UINTN *StackLength,
+ OUT UINT8 **TrustedCert,
+ OUT UINTN *CertLength
+ )
+{
+ PKCS7 *Pkcs7;
+ BOOLEAN Status;
+ UINT8 *SignedData;
+ CONST UINT8 *Temp;
+ UINTN SignedDataSize;
+ BOOLEAN Wrapped;
+ STACK_OF(X509) *Stack;
+ UINT8 Index;
+ UINT8 *CertBuf;
+ UINT8 *OldBuf;
+ UINTN BufferSize;
+ UINTN OldSize;
+ UINT8 *SingleCert;
+ UINTN SingleCertSize;
+
+ if ((P7Data == NULL) || (CertStack == NULL) || (StackLength == NULL) ||
+ (TrustedCert == NULL) || (CertLength == NULL) || (P7Length > INT_MAX)) {
+ return FALSE;
+ }
+
+ Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize);
+ if (!Status) {
+ return Status;
+ }
+
+ Status = FALSE;
+ Pkcs7 = NULL;
+ Stack = NULL;
+ CertBuf = NULL;
+ OldBuf = NULL;
+ SingleCert = NULL;
+
+ //
+ // Retrieve PKCS#7 Data (DER encoding)
+ //
+ if (SignedDataSize > INT_MAX) {
+ goto _Exit;
+ }
+
+ Temp = SignedData;
+ Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &Temp, (int) SignedDataSize);
+ if (Pkcs7 == NULL) {
+ goto _Exit;
+ }
+
+ //
+ // Check if it's PKCS#7 Signed Data (for Authenticode Scenario)
+ //
+ if (!PKCS7_type_is_signed (Pkcs7)) {
+ goto _Exit;
+ }
+
+ Stack = PKCS7_get0_signers(Pkcs7, NULL, PKCS7_BINARY);
+ if (Stack == NULL) {
+ goto _Exit;
+ }
+
+ //
+ // Convert CertStack to buffer in following format:
+ // UINT8 CertNumber;
+ // UINT32 Cert1Length;
+ // UINT8 Cert1[];
+ // UINT32 Cert2Length;
+ // UINT8 Cert2[];
+ // ...
+ // UINT32 CertnLength;
+ // UINT8 Certn[];
+ //
+ BufferSize = sizeof (UINT8);
+ OldSize = BufferSize;
+
+ for (Index = 0; ; Index++) {
+ Status = X509PopCertificate (Stack, &SingleCert, &SingleCertSize);
+ if (!Status) {
+ break;
+ }
+
+ OldSize = BufferSize;
+ OldBuf = CertBuf;
+ BufferSize = OldSize + SingleCertSize + sizeof (UINT32);
+ CertBuf = malloc (BufferSize);
+
+ if (CertBuf == NULL) {
+ goto _Exit;
+ }
+
+ if (OldBuf != NULL) {
+ CopyMem (CertBuf, OldBuf, OldSize);
+ free (OldBuf);
+ OldBuf = NULL;
+ }
+
+ WriteUnaligned32 ((UINT32 *) (CertBuf + OldSize), (UINT32) SingleCertSize);
+ CopyMem (CertBuf + OldSize + sizeof (UINT32), SingleCert, SingleCertSize);
+
+ free (SingleCert);
+ SingleCert = NULL;
+ }
+
+ if (CertBuf != NULL) {
+ //
+ // Update CertNumber.
+ //
+ CertBuf[0] = Index;
+
+ *CertLength = BufferSize - OldSize - sizeof (UINT32);
+ *TrustedCert = malloc (*CertLength);
+ if (*TrustedCert == NULL) {
+ goto _Exit;
+ }
+
+ CopyMem (*TrustedCert, CertBuf + OldSize + sizeof (UINT32), *CertLength);
+ *CertStack = CertBuf;
+ *StackLength = BufferSize;
+ Status = TRUE;
+ }
+
+_Exit:
+ //
+ // Release Resources
+ //
+ if (!Wrapped) {
+ free (SignedData);
+ }
+
+ if (Pkcs7 != NULL) {
+ PKCS7_free (Pkcs7);
+ }
+
+ if (Stack != NULL) {
+ sk_X509_pop_free(Stack, X509_free);
+ }
+
+ if (SingleCert != NULL) {
+ free (SingleCert);
+ }
+
+ if (!Status && (CertBuf != NULL)) {
+ free (CertBuf);
+ *CertStack = NULL;
+ }
+
+ if (OldBuf != NULL) {
+ free (OldBuf);
+ }
+
+ return Status;
+}
+
+/**
+ Wrap function to use free() to free allocated memory for certificates.
+
+ @param[in] Certs Pointer to the certificates to be freed.
+
+**/
+VOID
+EFIAPI
+Pkcs7FreeSigners (
+ IN UINT8 *Certs
+ )
+{
+ if (Certs == NULL) {
+ return;
+ }
+
+ free (Certs);
+}
+
+/**
+ Retrieves all embedded certificates from PKCS#7 signed data as described in "PKCS #7:
+ Cryptographic Message Syntax Standard", and outputs two certificate lists chained and
+ unchained to the signer's certificates.
+ The input signed data could be wrapped in a ContentInfo structure.
+
+ @param[in] P7Data Pointer to the PKCS#7 message.
+ @param[in] P7Length Length of the PKCS#7 message in bytes.
+ @param[out] SignerChainCerts Pointer to the certificates list chained to signer's
+ certificate. It's caller's responsiblity to free the buffer.
+ @param[out] ChainLength Length of the chained certificates list buffer in bytes.
+ @param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's
+ responsiblity to free the buffer.
+ @param[out] UnchainLength Length of the unchained certificates list buffer in bytes.
+
+ @retval TRUE The operation is finished successfully.
+ @retval FALSE Error occurs during the operation.
+
+**/
+BOOLEAN
+EFIAPI
+Pkcs7GetCertificatesList (
+ IN CONST UINT8 *P7Data,
+ IN UINTN P7Length,
+ OUT UINT8 **SignerChainCerts,
+ OUT UINTN *ChainLength,
+ OUT UINT8 **UnchainCerts,
+ OUT UINTN *UnchainLength
+ )
+{
+ BOOLEAN Status;
+ UINT8 *NewP7Data;
+ UINTN NewP7Length;
+ BOOLEAN Wrapped;
+ UINT8 Index;
+ PKCS7 *Pkcs7;
+ X509_STORE_CTX CertCtx;
+ STACK_OF(X509) *Signers;
+ X509 *Signer;
+ X509 *Cert;
+ X509 *TempCert;
+ X509 *Issuer;
+ UINT8 *CertBuf;
+ UINT8 *OldBuf;
+ UINTN BufferSize;
+ UINTN OldSize;
+ UINT8 *SingleCert;
+ UINTN CertSize;
+
+ //
+ // Initializations
+ //
+ Status = FALSE;
+ NewP7Data = NULL;
+ Pkcs7 = NULL;
+ Cert = NULL;
+ TempCert = NULL;
+ SingleCert = NULL;
+ CertBuf = NULL;
+ OldBuf = NULL;
+ Signers = NULL;
+
+ ZeroMem (&CertCtx, sizeof (CertCtx));
+
+ //
+ // Parameter Checking
+ //
+ if ((P7Data == NULL) || (SignerChainCerts == NULL) || (ChainLength == NULL) ||
+ (UnchainCerts == NULL) || (UnchainLength == NULL) || (P7Length > INT_MAX)) {
+ return Status;
+ }
+
+ *SignerChainCerts = NULL;
+ *ChainLength = 0;
+ *UnchainCerts = NULL;
+ *UnchainLength = 0;
+
+ //
+ // Construct a new PKCS#7 data wrapping with ContentInfo structure if needed.
+ //
+ Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &NewP7Data, &NewP7Length);
+ if (!Status || (NewP7Length > INT_MAX)) {
+ goto _Error;
+ }
+
+ //
+ // Decodes PKCS#7 SignedData
+ //
+ Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &NewP7Data, (int) NewP7Length);
+ if ((Pkcs7 == NULL) || (!PKCS7_type_is_signed (Pkcs7))) {
+ goto _Error;
+ }
+
+ //
+ // Obtains Signer's Certificate from PKCS#7 data
+ // NOTE: Only one signer case will be handled in this function, which means SignerInfos
+ // should include only one signer's certificate.
+ //
+ Signers = PKCS7_get0_signers (Pkcs7, NULL, PKCS7_BINARY);
+ if ((Signers == NULL) || (sk_X509_num (Signers) != 1)) {
+ goto _Error;
+ }
+ Signer = sk_X509_value (Signers, 0);
+
+ if (!X509_STORE_CTX_init (&CertCtx, NULL, Signer, Pkcs7->d.sign->cert)) {
+ goto _Error;
+ }
+ //
+ // Initialize Chained & Untrusted stack
+ //
+ if (CertCtx.chain == NULL) {
+ if (((CertCtx.chain = sk_X509_new_null ()) == NULL) ||
+ (!sk_X509_push (CertCtx.chain, CertCtx.cert))) {
+ goto _Error;
+ }
+ }
+ (VOID)sk_X509_delete_ptr (CertCtx.untrusted, Signer);
+
+ //
+ // Build certificates stack chained from Signer's certificate.
+ //
+ Cert = Signer;
+ for (; ;) {
+ //
+ // Self-Issue checking
+ //
+ if (CertCtx.check_issued (&CertCtx, Cert, Cert)) {
+ break;
+ }
+
+ //
+ // Found the issuer of the current certificate
+ //
+ if (CertCtx.untrusted != NULL) {
+ Issuer = NULL;
+ for (Index = 0; Index < sk_X509_num (CertCtx.untrusted); Index++) {
+ TempCert = sk_X509_value (CertCtx.untrusted, Index);
+ if (CertCtx.check_issued (&CertCtx, Cert, TempCert)) {
+ Issuer = TempCert;
+ break;
+ }
+ }
+ if (Issuer != NULL) {
+ if (!sk_X509_push (CertCtx.chain, Issuer)) {
+ goto _Error;
+ }
+ (VOID)sk_X509_delete_ptr (CertCtx.untrusted, Issuer);
+
+ Cert = Issuer;
+ continue;
+ }
+ }
+
+ break;
+ }
+
+ //
+ // Converts Chained and Untrusted Certificate to Certificate Buffer in following format:
+ // UINT8 CertNumber;
+ // UINT32 Cert1Length;
+ // UINT8 Cert1[];
+ // UINT32 Cert2Length;
+ // UINT8 Cert2[];
+ // ...
+ // UINT32 CertnLength;
+ // UINT8 Certn[];
+ //
+
+ if (CertCtx.chain != NULL) {
+ BufferSize = sizeof (UINT8);
+ OldSize = BufferSize;
+ CertBuf = NULL;
+
+ for (Index = 0; ; Index++) {
+ Status = X509PopCertificate (CertCtx.chain, &SingleCert, &CertSize);
+ if (!Status) {
+ break;
+ }
+
+ OldSize = BufferSize;
+ OldBuf = CertBuf;
+ BufferSize = OldSize + CertSize + sizeof (UINT32);
+ CertBuf = malloc (BufferSize);
+
+ if (CertBuf == NULL) {
+ Status = FALSE;
+ goto _Error;
+ }
+ if (OldBuf != NULL) {
+ CopyMem (CertBuf, OldBuf, OldSize);
+ free (OldBuf);
+ OldBuf = NULL;
+ }
+
+ WriteUnaligned32 ((UINT32 *) (CertBuf + OldSize), (UINT32) CertSize);
+ CopyMem (CertBuf + OldSize + sizeof (UINT32), SingleCert, CertSize);
+
+ free (SingleCert);
+ SingleCert = NULL;
+ }
+
+ if (CertBuf != NULL) {
+ //
+ // Update CertNumber.
+ //
+ CertBuf[0] = Index;
+
+ *SignerChainCerts = CertBuf;
+ *ChainLength = BufferSize;
+ }
+ }
+
+ if (CertCtx.untrusted != NULL) {
+ BufferSize = sizeof (UINT8);
+ OldSize = BufferSize;
+ CertBuf = NULL;
+
+ for (Index = 0; ; Index++) {
+ Status = X509PopCertificate (CertCtx.untrusted, &SingleCert, &CertSize);
+ if (!Status) {
+ break;
+ }
+
+ OldSize = BufferSize;
+ OldBuf = CertBuf;
+ BufferSize = OldSize + CertSize + sizeof (UINT32);
+ CertBuf = malloc (BufferSize);
+
+ if (CertBuf == NULL) {
+ Status = FALSE;
+ goto _Error;
+ }
+ if (OldBuf != NULL) {
+ CopyMem (CertBuf, OldBuf, OldSize);
+ free (OldBuf);
+ OldBuf = NULL;
+ }
+
+ WriteUnaligned32 ((UINT32 *) (CertBuf + OldSize), (UINT32) CertSize);
+ CopyMem (CertBuf + OldSize + sizeof (UINT32), SingleCert, CertSize);
+
+ free (SingleCert);
+ SingleCert = NULL;
+ }
+
+ if (CertBuf != NULL) {
+ //
+ // Update CertNumber.
+ //
+ CertBuf[0] = Index;
+
+ *UnchainCerts = CertBuf;
+ *UnchainLength = BufferSize;
+ }
+ }
+
+ Status = TRUE;
+
+_Error:
+ //
+ // Release Resources.
+ //
+ if (!Wrapped && (NewP7Data != NULL)) {
+ free (NewP7Data);
+ }
+
+ if (Pkcs7 != NULL) {
+ PKCS7_free (Pkcs7);
+ }
+ sk_X509_free (Signers);
+
+ X509_STORE_CTX_cleanup (&CertCtx);
+
+ if (SingleCert != NULL) {
+ free (SingleCert);
+ }
+
+ if (OldBuf != NULL) {
+ free (OldBuf);
+ }
+
+ if (!Status && (CertBuf != NULL)) {
+ free (CertBuf);
+ *SignerChainCerts = NULL;
+ *UnchainCerts = NULL;
+ }
+
+ return Status;
+}
+
+/**
+ Verifies the validility of a PKCS#7 signed data as described in "PKCS #7:
+ Cryptographic Message Syntax Standard". The input signed data could be wrapped
+ in a ContentInfo structure.
+
+ If P7Data, TrustedCert or InData is NULL, then return FALSE.
+ If P7Length, CertLength or DataLength overflow, then return FAlSE.
+
+ Caution: This function may receive untrusted input.
+ UEFI Authenticated Variable is external input, so this function will do basic
+ check for PKCS#7 data structure.
+
+ @param[in] P7Data Pointer to the PKCS#7 message to verify.
+ @param[in] P7Length Length of the PKCS#7 message in bytes.
+ @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
+ is used for certificate chain verification.
+ @param[in] CertLength Length of the trusted certificate in bytes.
+ @param[in] InData Pointer to the content to be verified.
+ @param[in] DataLength Length of InData in bytes.
+
+ @retval TRUE The specified PKCS#7 signed data is valid.
+ @retval FALSE Invalid PKCS#7 signed data.
+
+**/
+BOOLEAN
+EFIAPI
+Pkcs7Verify (
+ IN CONST UINT8 *P7Data,
+ IN UINTN P7Length,
+ IN CONST UINT8 *TrustedCert,
+ IN UINTN CertLength,
+ IN CONST UINT8 *InData,
+ IN UINTN DataLength
+ )
+{
+ PKCS7 *Pkcs7;
+ BIO *DataBio;
+ BOOLEAN Status;
+ X509 *Cert;
+ X509_STORE *CertStore;
+ UINT8 *SignedData;
+ CONST UINT8 *Temp;
+ UINTN SignedDataSize;
+ BOOLEAN Wrapped;
+
+ //
+ // Check input parameters.
+ //
+ if (P7Data == NULL || TrustedCert == NULL || InData == NULL ||
+ P7Length > INT_MAX || CertLength > INT_MAX || DataLength > INT_MAX) {
+ return FALSE;
+ }
+
+ Pkcs7 = NULL;
+ DataBio = NULL;
+ Cert = NULL;
+ CertStore = NULL;
+
+ //
+ // Register & Initialize necessary digest algorithms for PKCS#7 Handling
+ //
+ if (EVP_add_digest (EVP_md5 ()) == 0) {
+ return FALSE;
+ }
+ if (EVP_add_digest (EVP_sha1 ()) == 0) {
+ return FALSE;
+ }
+ if (EVP_add_digest (EVP_sha256 ()) == 0) {
+ return FALSE;
+ }
+ if (EVP_add_digest (EVP_sha384 ()) == 0) {
+ return FALSE;
+ }
+ if (EVP_add_digest (EVP_sha512 ()) == 0) {
+ return FALSE;
+ }
+ if (EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA) == 0) {
+ return FALSE;
+ }
+
+ Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize);
+ if (!Status) {
+ return Status;
+ }
+
+ Status = FALSE;
+
+ //
+ // Retrieve PKCS#7 Data (DER encoding)
+ //
+ if (SignedDataSize > INT_MAX) {
+ goto _Exit;
+ }
+
+ Temp = SignedData;
+ Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &Temp, (int) SignedDataSize);
+ if (Pkcs7 == NULL) {
+ goto _Exit;
+ }
+
+ //
+ // Check if it's PKCS#7 Signed Data (for Authenticode Scenario)
+ //
+ if (!PKCS7_type_is_signed (Pkcs7)) {
+ goto _Exit;
+ }
+
+ //
+ // Read DER-encoded root certificate and Construct X509 Certificate
+ //
+ Temp = TrustedCert;
+ Cert = d2i_X509 (NULL, &Temp, (long) CertLength);
+ if (Cert == NULL) {
+ goto _Exit;
+ }
+
+ //
+ // Setup X509 Store for trusted certificate
+ //
+ CertStore = X509_STORE_new ();
+ if (CertStore == NULL) {
+ goto _Exit;
+ }
+ if (!(X509_STORE_add_cert (CertStore, Cert))) {
+ goto _Exit;
+ }
+
+ //
+ // For generic PKCS#7 handling, InData may be NULL if the content is present
+ // in PKCS#7 structure. So ignore NULL checking here.
+ //
+ DataBio = BIO_new (BIO_s_mem ());
+ if (DataBio == NULL) {
+ goto _Exit;
+ }
+
+ if (BIO_write (DataBio, InData, (int) DataLength) <= 0) {
+ goto _Exit;
+ }
+
+ //
+ // Allow partial certificate chains, terminated by a non-self-signed but
+ // still trusted intermediate certificate. Also disable time checks.
+ //
+ X509_STORE_set_flags (CertStore,
+ X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME);
+
+ //
+ // OpenSSL PKCS7 Verification by default checks for SMIME (email signing) and
+ // doesn't support the extended key usage for Authenticode Code Signing.
+ // Bypass the certificate purpose checking by enabling any purposes setting.
+ //
+ X509_STORE_set_purpose (CertStore, X509_PURPOSE_ANY);
+
+ //
+ // Verifies the PKCS#7 signedData structure
+ //
+ Status = (BOOLEAN) PKCS7_verify (Pkcs7, NULL, CertStore, DataBio, NULL, PKCS7_BINARY);
+
+_Exit:
+ //
+ // Release Resources
+ //
+ BIO_free (DataBio);
+ X509_free (Cert);
+ X509_STORE_free (CertStore);
+ PKCS7_free (Pkcs7);
+
+ if (!Wrapped) {
+ OPENSSL_free (SignedData);
+ }
+
+ return Status;
+}
+
+/**
+ Extracts the attached content from a PKCS#7 signed data if existed. The input signed
+ data could be wrapped in a ContentInfo structure.
+
+ If P7Data, Content, or ContentSize is NULL, then return FALSE. If P7Length overflow,
+ then return FAlSE. If the P7Data is not correctly formatted, then return FALSE.
+
+ Caution: This function may receive untrusted input. So this function will do
+ basic check for PKCS#7 data structure.
+
+ @param[in] P7Data Pointer to the PKCS#7 signed data to process.
+ @param[in] P7Length Length of the PKCS#7 signed data in bytes.
+ @param[out] Content Pointer to the extracted content from the PKCS#7 signedData.
+ It's caller's responsiblity to free the buffer.
+ @param[out] ContentSize The size of the extracted content in bytes.
+
+ @retval TRUE The P7Data was correctly formatted for processing.
+ @retval FALSE The P7Data was not correctly formatted for processing.
+
+*/
+BOOLEAN
+EFIAPI
+Pkcs7GetAttachedContent (
+ IN CONST UINT8 *P7Data,
+ IN UINTN P7Length,
+ OUT VOID **Content,
+ OUT UINTN *ContentSize
+ )
+{
+ BOOLEAN Status;
+ PKCS7 *Pkcs7;
+ UINT8 *SignedData;
+ UINTN SignedDataSize;
+ BOOLEAN Wrapped;
+ CONST UINT8 *Temp;
+ ASN1_OCTET_STRING *OctStr;
+
+ //
+ // Check input parameter.
+ //
+ if ((P7Data == NULL) || (P7Length > INT_MAX) || (Content == NULL) || (ContentSize == NULL)) {
+ return FALSE;
+ }
+
+ *Content = NULL;
+ Pkcs7 = NULL;
+ SignedData = NULL;
+ OctStr = NULL;
+
+ Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize);
+ if (!Status || (SignedDataSize > INT_MAX)) {
+ goto _Exit;
+ }
+
+ Status = FALSE;
+
+ //
+ // Decoding PKCS#7 SignedData
+ //
+ Temp = SignedData;
+ Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **)&Temp, (int)SignedDataSize);
+ if (Pkcs7 == NULL) {
+ goto _Exit;
+ }
+
+ //
+ // The type of Pkcs7 must be signedData
+ //
+ if (!PKCS7_type_is_signed (Pkcs7)) {
+ goto _Exit;
+ }
+
+ //
+ // Check for detached or attached content
+ //
+ if (PKCS7_get_detached (Pkcs7)) {
+ //
+ // No Content supplied for PKCS7 detached signedData
+ //
+ *Content = NULL;
+ *ContentSize = 0;
+ } else {
+ //
+ // Retrieve the attached content in PKCS7 signedData
+ //
+ OctStr = Pkcs7->d.sign->contents->d.data;
+ if ((OctStr->length > 0) && (OctStr->data != NULL)) {
+ *ContentSize = OctStr->length;
+ *Content = malloc (*ContentSize);
+ if (*Content == NULL) {
+ *ContentSize = 0;
+ goto _Exit;
+ }
+ CopyMem (*Content, OctStr->data, *ContentSize);
+ }
+ }
+ Status = TRUE;
+
+_Exit:
+ //
+ // Release Resources
+ //
+ PKCS7_free (Pkcs7);
+
+ if (!Wrapped) {
+ OPENSSL_free (SignedData);
+ }
+
+ return Status;
+}
diff --git a/Cryptlib/Pk/CryptRsaBasic.c b/Cryptlib/Pk/CryptRsaBasic.c new file mode 100644 index 00000000..e49db51e --- /dev/null +++ b/Cryptlib/Pk/CryptRsaBasic.c @@ -0,0 +1,336 @@ +/** @file
+ RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
+
+ This file implements following APIs which provide basic capabilities for RSA:
+ 1) RsaNew
+ 2) RsaFree
+ 3) RsaSetKey
+ 4) RsaPkcs1Verify
+
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+
+/**
+ Allocates and initializes one RSA context for subsequent use.
+
+ @return Pointer to the RSA context that has been initialized.
+ If the allocations fails, RsaNew() returns NULL.
+
+**/
+VOID *
+EFIAPI
+RsaNew (
+ VOID
+ )
+{
+ //
+ // Allocates & Initializes RSA Context by OpenSSL RSA_new()
+ //
+ return (VOID *) RSA_new ();
+}
+
+/**
+ Release the specified RSA context.
+
+ @param[in] RsaContext Pointer to the RSA context to be released.
+
+**/
+VOID
+EFIAPI
+RsaFree (
+ IN VOID *RsaContext
+ )
+{
+ //
+ // Free OpenSSL RSA Context
+ //
+ RSA_free ((RSA *) RsaContext);
+}
+
+/**
+ Sets the tag-designated key component into the established RSA context.
+
+ This function sets the tag-designated RSA key component into the established
+ RSA context from the user-specified non-negative integer (octet string format
+ represented in RSA PKCS#1).
+ If BigNumber is NULL, then the specified key componenet in RSA context is cleared.
+
+ If RsaContext is NULL, then return FALSE.
+
+ @param[in, out] RsaContext Pointer to RSA context being set.
+ @param[in] KeyTag Tag of RSA key component being set.
+ @param[in] BigNumber Pointer to octet integer buffer.
+ If NULL, then the specified key componenet in RSA
+ context is cleared.
+ @param[in] BnSize Size of big number buffer in bytes.
+ If BigNumber is NULL, then it is ignored.
+
+ @retval TRUE RSA key component was set successfully.
+ @retval FALSE Invalid RSA key component tag.
+
+**/
+BOOLEAN
+EFIAPI
+RsaSetKey (
+ IN OUT VOID *RsaContext,
+ IN RSA_KEY_TAG KeyTag,
+ IN CONST UINT8 *BigNumber,
+ IN UINTN BnSize
+ )
+{
+ RSA *RsaKey;
+
+ //
+ // Check input parameters.
+ //
+ if (RsaContext == NULL || BnSize > INT_MAX) {
+ return FALSE;
+ }
+
+ RsaKey = (RSA *) RsaContext;
+ //
+ // Set RSA Key Components by converting octet string to OpenSSL BN representation.
+ // NOTE: For RSA public key (used in signature verification), only public components
+ // (N, e) are needed.
+ //
+ switch (KeyTag) {
+
+ //
+ // RSA Public Modulus (N)
+ //
+ case RsaKeyN:
+ if (RsaKey->n != NULL) {
+ BN_free (RsaKey->n);
+ }
+ RsaKey->n = NULL;
+ if (BigNumber == NULL) {
+ break;
+ }
+ RsaKey->n = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->n);
+ if (RsaKey->n == NULL) {
+ return FALSE;
+ }
+
+ break;
+
+ //
+ // RSA Public Exponent (e)
+ //
+ case RsaKeyE:
+ if (RsaKey->e != NULL) {
+ BN_free (RsaKey->e);
+ }
+ RsaKey->e = NULL;
+ if (BigNumber == NULL) {
+ break;
+ }
+ RsaKey->e = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->e);
+ if (RsaKey->e == NULL) {
+ return FALSE;
+ }
+
+ break;
+
+ //
+ // RSA Private Exponent (d)
+ //
+ case RsaKeyD:
+ if (RsaKey->d != NULL) {
+ BN_free (RsaKey->d);
+ }
+ RsaKey->d = NULL;
+ if (BigNumber == NULL) {
+ break;
+ }
+ RsaKey->d = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->d);
+ if (RsaKey->d == NULL) {
+ return FALSE;
+ }
+
+ break;
+
+ //
+ // RSA Secret Prime Factor of Modulus (p)
+ //
+ case RsaKeyP:
+ if (RsaKey->p != NULL) {
+ BN_free (RsaKey->p);
+ }
+ RsaKey->p = NULL;
+ if (BigNumber == NULL) {
+ break;
+ }
+ RsaKey->p = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->p);
+ if (RsaKey->p == NULL) {
+ return FALSE;
+ }
+
+ break;
+
+ //
+ // RSA Secret Prime Factor of Modules (q)
+ //
+ case RsaKeyQ:
+ if (RsaKey->q != NULL) {
+ BN_free (RsaKey->q);
+ }
+ RsaKey->q = NULL;
+ if (BigNumber == NULL) {
+ break;
+ }
+ RsaKey->q = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->q);
+ if (RsaKey->q == NULL) {
+ return FALSE;
+ }
+
+ break;
+
+ //
+ // p's CRT Exponent (== d mod (p - 1))
+ //
+ case RsaKeyDp:
+ if (RsaKey->dmp1 != NULL) {
+ BN_free (RsaKey->dmp1);
+ }
+ RsaKey->dmp1 = NULL;
+ if (BigNumber == NULL) {
+ break;
+ }
+ RsaKey->dmp1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmp1);
+ if (RsaKey->dmp1 == NULL) {
+ return FALSE;
+ }
+
+ break;
+
+ //
+ // q's CRT Exponent (== d mod (q - 1))
+ //
+ case RsaKeyDq:
+ if (RsaKey->dmq1 != NULL) {
+ BN_free (RsaKey->dmq1);
+ }
+ RsaKey->dmq1 = NULL;
+ if (BigNumber == NULL) {
+ break;
+ }
+ RsaKey->dmq1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmq1);
+ if (RsaKey->dmq1 == NULL) {
+ return FALSE;
+ }
+
+ break;
+
+ //
+ // The CRT Coefficient (== 1/q mod p)
+ //
+ case RsaKeyQInv:
+ if (RsaKey->iqmp != NULL) {
+ BN_free (RsaKey->iqmp);
+ }
+ RsaKey->iqmp = NULL;
+ if (BigNumber == NULL) {
+ break;
+ }
+ RsaKey->iqmp = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->iqmp);
+ if (RsaKey->iqmp == NULL) {
+ return FALSE;
+ }
+
+ break;
+
+ default:
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/**
+ Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in
+ RSA PKCS#1.
+
+ If RsaContext is NULL, then return FALSE.
+ If MessageHash is NULL, then return FALSE.
+ If Signature is NULL, then return FALSE.
+ If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
+
+ @param[in] RsaContext Pointer to RSA context for signature verification.
+ @param[in] MessageHash Pointer to octet message hash to be checked.
+ @param[in] HashSize Size of the message hash in bytes.
+ @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.
+ @param[in] SigSize Size of signature in bytes.
+
+ @retval TRUE Valid signature encoded in PKCS1-v1_5.
+ @retval FALSE Invalid signature or invalid RSA context.
+
+**/
+BOOLEAN
+EFIAPI
+RsaPkcs1Verify (
+ IN VOID *RsaContext,
+ IN CONST UINT8 *MessageHash,
+ IN UINTN HashSize,
+ IN CONST UINT8 *Signature,
+ IN UINTN SigSize
+ )
+{
+ INT32 DigestType;
+ UINT8 *SigBuf;
+
+ //
+ // Check input parameters.
+ //
+ if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) {
+ return FALSE;
+ }
+
+ if (SigSize > INT_MAX || SigSize == 0) {
+ return FALSE;
+ }
+
+ //
+ // Determine the message digest algorithm according to digest size.
+ // Only MD5, SHA-1 or SHA-256 algorithm is supported.
+ //
+ switch (HashSize) {
+ case MD5_DIGEST_SIZE:
+ DigestType = NID_md5;
+ break;
+
+ case SHA1_DIGEST_SIZE:
+ DigestType = NID_sha1;
+ break;
+
+ case SHA256_DIGEST_SIZE:
+ DigestType = NID_sha256;
+ break;
+
+ default:
+ return FALSE;
+ }
+
+ SigBuf = (UINT8 *) Signature;
+ return (BOOLEAN) RSA_verify (
+ DigestType,
+ MessageHash,
+ (UINT32) HashSize,
+ SigBuf,
+ (UINT32) SigSize,
+ (RSA *) RsaContext
+ );
+}
diff --git a/Cryptlib/Pk/CryptRsaExtNull.c b/Cryptlib/Pk/CryptRsaExtNull.c new file mode 100644 index 00000000..e44cdde4 --- /dev/null +++ b/Cryptlib/Pk/CryptRsaExtNull.c @@ -0,0 +1,125 @@ +/** @file
+ RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
+
+ This file does not provide real capabilities for following APIs in RSA handling:
+ 1) RsaGetKey
+ 2) RsaGenerateKey
+ 3) RsaCheckKey
+ 4) RsaPkcs1Sign
+
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Gets the tag-designated RSA key component from the established RSA context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] RsaContext Pointer to RSA context being set.
+ @param[in] KeyTag Tag of RSA key component being set.
+ @param[out] BigNumber Pointer to octet integer buffer.
+ @param[in, out] BnSize On input, the size of big number buffer in bytes.
+ On output, the size of data returned in big number buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+RsaGetKey (
+ IN OUT VOID *RsaContext,
+ IN RSA_KEY_TAG KeyTag,
+ OUT UINT8 *BigNumber,
+ IN OUT UINTN *BnSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Generates RSA key components.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] RsaContext Pointer to RSA context being set.
+ @param[in] ModulusLength Length of RSA modulus N in bits.
+ @param[in] PublicExponent Pointer to RSA public exponent.
+ @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+RsaGenerateKey (
+ IN OUT VOID *RsaContext,
+ IN UINTN ModulusLength,
+ IN CONST UINT8 *PublicExponent,
+ IN UINTN PublicExponentSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Validates key components of RSA context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] RsaContext Pointer to RSA context to check.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+RsaCheckKey (
+ IN VOID *RsaContext
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] RsaContext Pointer to RSA context for signature generation.
+ @param[in] MessageHash Pointer to octet message hash to be signed.
+ @param[in] HashSize Size of the message hash in bytes.
+ @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature.
+ @param[in, out] SigSize On input, the size of Signature buffer in bytes.
+ On output, the size of data returned in Signature buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+RsaPkcs1Sign (
+ IN VOID *RsaContext,
+ IN CONST UINT8 *MessageHash,
+ IN UINTN HashSize,
+ OUT UINT8 *Signature,
+ IN OUT UINTN *SigSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+
diff --git a/Cryptlib/Pk/CryptTs.c b/Cryptlib/Pk/CryptTs.c new file mode 100644 index 00000000..d4958122 --- /dev/null +++ b/Cryptlib/Pk/CryptTs.c @@ -0,0 +1,657 @@ +/** @file
+ RFC3161 Timestamp Countersignature Verification over OpenSSL.
+ The timestamp is generated by a TimeStamping Authority (TSA) and asserts that a
+ publisher's signature existed before the specified time. The timestamp extends
+ the lifetime of the signature when a signing certificate expires or is later
+ revoked.
+
+Copyright (c) 2014 - 2015, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pkcs7.h>
+
+//
+// OID ASN.1 Value for SPC_RFC3161_OBJID ("1.3.6.1.4.1.311.3.3.1")
+//
+UINT8 mSpcRFC3161OidValue[] = {
+ 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x03, 0x03, 0x01
+ };
+
+///
+/// The messageImprint field SHOULD contain the hash of the datum to be
+/// time-stamped. The hash is represented as an OCTET STRING. Its
+/// length MUST match the length of the hash value for that algorithm
+/// (e.g., 20 bytes for SHA-1 or 16 bytes for MD5).
+///
+/// MessageImprint ::= SEQUENCE {
+/// hashAlgorithm AlgorithmIdentifier,
+/// hashedMessage OCTET STRING }
+///
+typedef struct {
+ X509_ALGOR *HashAlgorithm;
+ ASN1_OCTET_STRING *HashedMessage;
+} TS_MESSAGE_IMPRINT;
+
+//
+// ASN.1 Functions for TS_MESSAGE_IMPRINT
+//
+DECLARE_ASN1_FUNCTIONS (TS_MESSAGE_IMPRINT)
+ASN1_SEQUENCE (TS_MESSAGE_IMPRINT) = {
+ ASN1_SIMPLE (TS_MESSAGE_IMPRINT, HashAlgorithm, X509_ALGOR),
+ ASN1_SIMPLE (TS_MESSAGE_IMPRINT, HashedMessage, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END (TS_MESSAGE_IMPRINT)
+IMPLEMENT_ASN1_FUNCTIONS (TS_MESSAGE_IMPRINT)
+
+///
+/// Accuracy represents the time deviation around the UTC time contained
+/// in GeneralizedTime of time-stamp token.
+///
+/// Accuracy ::= SEQUENCE {
+/// seconds INTEGER OPTIONAL,
+/// millis [0] INTEGER (1..999) OPTIONAL,
+/// micros [1] INTEGER (1..999) OPTIONAL }
+///
+typedef struct {
+ ASN1_INTEGER *Seconds;
+ ASN1_INTEGER *Millis;
+ ASN1_INTEGER *Micros;
+} TS_ACCURACY;
+
+//
+// ASN.1 Functions for TS_ACCURACY
+//
+DECLARE_ASN1_FUNCTIONS (TS_ACCURACY)
+ASN1_SEQUENCE (TS_ACCURACY) = {
+ ASN1_OPT (TS_ACCURACY, Seconds, ASN1_INTEGER),
+ ASN1_IMP_OPT (TS_ACCURACY, Millis, ASN1_INTEGER, 0),
+ ASN1_IMP_OPT (TS_ACCURACY, Micros, ASN1_INTEGER, 1)
+} ASN1_SEQUENCE_END (TS_ACCURACY)
+IMPLEMENT_ASN1_FUNCTIONS (TS_ACCURACY)
+
+///
+/// The timestamp token info resulting from a successful timestamp request,
+/// as defined in RFC 3161.
+///
+/// TSTInfo ::= SEQUENCE {
+/// version INTEGER { v1(1) },
+/// policy TSAPolicyId,
+/// messageImprint MessageImprint,
+/// -- MUST have the same value as the similar field in
+/// -- TimeStampReq
+/// serialNumber INTEGER,
+/// -- Time-Stamping users MUST be ready to accommodate integers
+/// -- up to 160 bits.
+/// genTime GeneralizedTime,
+/// accuracy Accuracy OPTIONAL,
+/// ordering BOOLEAN DEFAULT FALSE,
+/// nonce INTEGER OPTIONAL,
+/// -- MUST be present if the similar field was present
+/// -- in TimeStampReq. In that case it MUST have the same value.
+/// tsa [0] GeneralName OPTIONAL,
+/// extensions [1] IMPLICIT Extensions OPTIONAL }
+///
+typedef struct {
+ ASN1_INTEGER *Version;
+ ASN1_OBJECT *Policy;
+ TS_MESSAGE_IMPRINT *MessageImprint;
+ ASN1_INTEGER *SerialNumber;
+ ASN1_GENERALIZEDTIME *GenTime;
+ TS_ACCURACY *Accuracy;
+ ASN1_BOOLEAN Ordering;
+ ASN1_INTEGER *Nonce;
+ GENERAL_NAME *Tsa;
+ STACK_OF(X509_EXTENSION) *Extensions;
+} TS_TST_INFO;
+
+//
+// ASN.1 Functions for TS_TST_INFO
+//
+DECLARE_ASN1_FUNCTIONS (TS_TST_INFO)
+ASN1_SEQUENCE (TS_TST_INFO) = {
+ ASN1_SIMPLE (TS_TST_INFO, Version, ASN1_INTEGER),
+ ASN1_SIMPLE (TS_TST_INFO, Policy, ASN1_OBJECT),
+ ASN1_SIMPLE (TS_TST_INFO, MessageImprint, TS_MESSAGE_IMPRINT),
+ ASN1_SIMPLE (TS_TST_INFO, SerialNumber, ASN1_INTEGER),
+ ASN1_SIMPLE (TS_TST_INFO, GenTime, ASN1_GENERALIZEDTIME),
+ ASN1_OPT (TS_TST_INFO, Accuracy, TS_ACCURACY),
+ ASN1_OPT (TS_TST_INFO, Ordering, ASN1_FBOOLEAN),
+ ASN1_OPT (TS_TST_INFO, Nonce, ASN1_INTEGER),
+ ASN1_EXP_OPT(TS_TST_INFO, Tsa, GENERAL_NAME, 0),
+ ASN1_IMP_SEQUENCE_OF_OPT (TS_TST_INFO, Extensions, X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END (TS_TST_INFO)
+IMPLEMENT_ASN1_FUNCTIONS (TS_TST_INFO)
+
+
+/**
+ Convert ASN.1 GeneralizedTime to EFI Time.
+
+ @param[in] Asn1Time Pointer to the ASN.1 GeneralizedTime to be converted.
+ @param[out] SigningTime Return the corresponding EFI Time.
+
+ @retval TRUE The time convertion succeeds.
+ @retval FALSE Invalid parameters.
+
+**/
+BOOLEAN
+EFIAPI
+ConvertAsn1TimeToEfiTime (
+ IN ASN1_TIME *Asn1Time,
+ OUT EFI_TIME *EfiTime
+ )
+{
+ CONST CHAR8 *Str;
+ UINTN Index;
+
+ if ((Asn1Time == NULL) || (EfiTime == NULL)) {
+ return FALSE;
+ }
+
+ Str = (CONST CHAR8*)Asn1Time->data;
+ SetMem (EfiTime, 0, sizeof (EFI_TIME));
+
+ Index = 0;
+ if (Asn1Time->type == V_ASN1_UTCTIME) { /* two digit year */
+ EfiTime->Year = (Str[Index++] - '0') * 10;
+ EfiTime->Year += (Str[Index++] - '0');
+ if (EfiTime->Year < 70) {
+ EfiTime->Year += 100;
+ }
+ } else if (Asn1Time->type == V_ASN1_GENERALIZEDTIME) { /* four digit year */
+ EfiTime->Year = (Str[Index++] - '0') * 1000;
+ EfiTime->Year += (Str[Index++] - '0') * 100;
+ EfiTime->Year += (Str[Index++] - '0') * 10;
+ EfiTime->Year += (Str[Index++] - '0');
+ if ((EfiTime->Year < 1900) || (EfiTime->Year > 9999)) {
+ return FALSE;
+ }
+ }
+
+ EfiTime->Month = (Str[Index++] - '0') * 10;
+ EfiTime->Month += (Str[Index++] - '0');
+ if ((EfiTime->Month < 1) || (EfiTime->Month > 12)) {
+ return FALSE;
+ }
+
+ EfiTime->Day = (Str[Index++] - '0') * 10;
+ EfiTime->Day += (Str[Index++] - '0');
+ if ((EfiTime->Day < 1) || (EfiTime->Day > 31)) {
+ return FALSE;
+ }
+
+ EfiTime->Hour = (Str[Index++] - '0') * 10;
+ EfiTime->Hour += (Str[Index++] - '0');
+ if (EfiTime->Hour > 23) {
+ return FALSE;
+ }
+
+ EfiTime->Minute = (Str[Index++] - '0') * 10;
+ EfiTime->Minute += (Str[Index++] - '0');
+ if (EfiTime->Minute > 59) {
+ return FALSE;
+ }
+
+ EfiTime->Second = (Str[Index++] - '0') * 10;
+ EfiTime->Second += (Str[Index++] - '0');
+ if (EfiTime->Second > 59) {
+ return FALSE;
+ }
+
+ /* Note: we did not adjust the time based on time zone information */
+
+ return TRUE;
+}
+
+/**
+
+ Check the validity of TimeStamp Token Information.
+
+ @param[in] TstInfo Pointer to the TS_TST_INFO structure.
+ @param[in] TimestampedData Pointer to the data to be time-stamped.
+ @param[in] DataSize Size of timestamped data in bytes.
+
+ @retval TRUE The TimeStamp Token Information is valid.
+ @retval FALSE Invalid TimeStamp Token Information.
+
+**/
+BOOLEAN
+EFIAPI
+CheckTSTInfo (
+ IN CONST TS_TST_INFO *TstInfo,
+ IN CONST UINT8 *TimestampedData,
+ IN UINTN DataSize
+ )
+{
+ BOOLEAN Status;
+ TS_MESSAGE_IMPRINT *Imprint;
+ X509_ALGOR *HashAlgo;
+ CONST EVP_MD *Md;
+ EVP_MD_CTX MdCtx;
+ UINTN MdSize;
+ UINT8 *HashedMsg;
+
+ //
+ // Initialization
+ //
+ Status = FALSE;
+ HashAlgo = NULL;
+ HashedMsg = NULL;
+
+ //
+ // -- Check version number of Timestamp:
+ // The version field (currently v1) describes the version of the time-stamp token.
+ // Conforming time-stamping servers MUST be able to provide version 1 time-stamp tokens.
+ //
+ if ((ASN1_INTEGER_get (TstInfo->Version)) != 1) {
+ return FALSE;
+ }
+
+ //
+ // -- Check Policies
+ // The policy field MUST indicate the TSA's policy under which the response was produced.
+ //
+ if (TstInfo->Policy == NULL) {
+ /// NOTE: Need to check if the requested and returned policies.
+ /// We have no information about the Requested TSA Policy.
+ return FALSE;
+ }
+
+ //
+ // -- Compute & Check Message Imprint
+ //
+ Imprint = TstInfo->MessageImprint;
+ HashAlgo = X509_ALGOR_dup (Imprint->HashAlgorithm);
+
+ Md = EVP_get_digestbyobj (HashAlgo->algorithm);
+ if (Md == NULL) {
+ goto _Exit;
+ }
+
+ MdSize = EVP_MD_size (Md);
+ HashedMsg = AllocateZeroPool (MdSize);
+ if (HashedMsg == NULL) {
+ goto _Exit;
+ }
+ EVP_DigestInit (&MdCtx, Md);
+ EVP_DigestUpdate (&MdCtx, TimestampedData, DataSize);
+ EVP_DigestFinal (&MdCtx, HashedMsg, NULL);
+ if ((MdSize == (UINTN)ASN1_STRING_length (Imprint->HashedMessage)) &&
+ (CompareMem (HashedMsg, ASN1_STRING_data (Imprint->HashedMessage), MdSize) != 0)) {
+ goto _Exit;
+ }
+
+ //
+ // -- Check Nonces
+ //
+ if (TstInfo->Nonce != NULL) {
+ //
+ // Nonces is optional, No error if no nonce is returned;
+ //
+ }
+
+ //
+ // -- Check if the TSA name and signer certificate is matched.
+ //
+ if (TstInfo->Tsa != NULL) {
+ //
+ // Ignored the optional Tsa field checking.
+ //
+ }
+
+ Status = TRUE;
+
+_Exit:
+ X509_ALGOR_free (HashAlgo);
+ if (HashedMsg != NULL) {
+ FreePool (HashedMsg);
+ }
+
+ return Status;
+}
+
+/**
+ Verifies the validility of a TimeStamp Token as described in RFC 3161 ("Internet
+ X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)").
+
+ If TSToken is NULL, then return FALSE.
+ If TimestampedData is NULL, then return FALSE.
+
+ @param[in] TSToken Pointer to the RFC3161 TimeStamp Token, which is generated
+ by a TSA and located in the software publisher's SignerInfo
+ structure.
+ @param[in] TokenSize Size of the TimeStamp Token in bytes.
+ @param[in] TsaCert Pointer to a trusted/root TSA certificate encoded in DER.
+ @param[in] CertSize Size of the trusted TSA certificate in bytes.
+ @param[in] TimestampedData Pointer to the data to be time-stamped.
+ @param[in] DataSize Size of timestamped data in bytes.
+ @param[out] SigningTime Return the time of timestamp generation time if the timestamp
+ signature is valid.
+
+ @retval TRUE The specified timestamp token is valid.
+ @retval FALSE Invalid timestamp token.
+
+**/
+BOOLEAN
+EFIAPI
+TimestampTokenVerify (
+ IN CONST UINT8 *TSToken,
+ IN UINTN TokenSize,
+ IN CONST UINT8 *TsaCert,
+ IN UINTN CertSize,
+ IN CONST UINT8 *TimestampedData,
+ IN UINTN DataSize,
+ OUT EFI_TIME *SigningTime
+ )
+{
+ BOOLEAN Status;
+ CONST UINT8 *TokenTemp;
+ PKCS7 *Pkcs7;
+ X509 *Cert;
+ CONST UINT8 *CertTemp;
+ X509_STORE *CertStore;
+ BIO *OutBio;
+ UINT8 *TstData;
+ UINTN TstSize;
+ CONST UINT8 *TstTemp;
+ TS_TST_INFO *TstInfo;
+
+ Status = FALSE;
+
+ //
+ // Check input parameters
+ //
+ if ((TSToken == NULL) || (TsaCert == NULL) || (TimestampedData == NULL) ||
+ (TokenSize > INT_MAX) || (CertSize > INT_MAX) || (DataSize > INT_MAX)) {
+ return FALSE;
+ }
+
+ //
+ // Initializations
+ //
+ if (SigningTime != NULL) {
+ SetMem (SigningTime, sizeof (EFI_TIME), 0);
+ }
+ Pkcs7 = NULL;
+ Cert = NULL;
+ CertStore = NULL;
+ OutBio = NULL;
+ TstData = NULL;
+ TstInfo = NULL;
+
+ //
+ // TimeStamp Token should contain one valid DER-encoded ASN.1 PKCS#7 structure.
+ //
+ TokenTemp = TSToken;
+ Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &TokenTemp, (int) TokenSize);
+ if (Pkcs7 == NULL) {
+ goto _Exit;
+ }
+
+ //
+ // The timestamp signature (TSA's response) will be one PKCS#7 signed data.
+ //
+ if (!PKCS7_type_is_signed (Pkcs7)) {
+ goto _Exit;
+ }
+
+ //
+ // Read the trusted TSA certificate (DER-encoded), and Construct X509 Certificate.
+ //
+ CertTemp = TsaCert;
+ Cert = d2i_X509 (NULL, &CertTemp, (long) CertSize);
+ if (Cert == NULL) {
+ goto _Exit;
+ }
+
+ //
+ // Setup X509 Store for trusted certificate.
+ //
+ CertStore = X509_STORE_new ();
+ if ((CertStore == NULL) || !(X509_STORE_add_cert (CertStore, Cert))) {
+ goto _Exit;
+ }
+
+ //
+ // Allow partial certificate chains, terminated by a non-self-signed but
+ // still trusted intermediate certificate. Also disable time checks.
+ //
+ X509_STORE_set_flags (CertStore,
+ X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME);
+
+ X509_STORE_set_purpose (CertStore, X509_PURPOSE_ANY);
+
+ //
+ // Verifies the PKCS#7 signedData structure, and output the signed contents.
+ //
+ OutBio = BIO_new (BIO_s_mem ());
+ if (OutBio == NULL) {
+ goto _Exit;
+ }
+ if (!PKCS7_verify (Pkcs7, NULL, CertStore, NULL, OutBio, PKCS7_BINARY)) {
+ goto _Exit;
+ }
+
+ //
+ // Read the signed contents detached in timestamp signature.
+ //
+ TstData = AllocateZeroPool (2048);
+ if (TstData == NULL) {
+ goto _Exit;
+ }
+ TstSize = BIO_read (OutBio, (void *) TstData, 2048);
+
+ //
+ // Construct TS_TST_INFO structure from the signed contents.
+ //
+ TstTemp = TstData;
+ TstInfo = d2i_TS_TST_INFO (NULL, (const unsigned char **) &TstTemp,
+ (int)TstSize);
+ if (TstInfo == NULL) {
+ goto _Exit;
+ }
+
+ //
+ // Check TS_TST_INFO structure.
+ //
+ Status = CheckTSTInfo (TstInfo, TimestampedData, DataSize);
+ if (!Status) {
+ goto _Exit;
+ }
+
+ //
+ // Retrieve the signing time from TS_TST_INFO structure.
+ //
+ if (SigningTime != NULL) {
+ SetMem (SigningTime, sizeof (EFI_TIME), 0);
+ Status = ConvertAsn1TimeToEfiTime (TstInfo->GenTime, SigningTime);
+ }
+
+_Exit:
+ //
+ // Release Resources
+ //
+ PKCS7_free (Pkcs7);
+ X509_free (Cert);
+ X509_STORE_free (CertStore);
+ BIO_free (OutBio);
+ TS_TST_INFO_free (TstInfo);
+
+ if (TstData != NULL) {
+ FreePool (TstData);
+ }
+
+ return Status;
+}
+
+/**
+ Verifies the validility of a RFC3161 Timestamp CounterSignature embedded in PE/COFF Authenticode
+ signature.
+
+ If AuthData is NULL, then return FALSE.
+
+ @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed
+ PE/COFF image to be verified.
+ @param[in] DataSize Size of the Authenticode Signature in bytes.
+ @param[in] TsaCert Pointer to a trusted/root TSA certificate encoded in DER, which
+ is used for TSA certificate chain verification.
+ @param[in] CertSize Size of the trusted certificate in bytes.
+ @param[out] SigningTime Return the time of timestamp generation time if the timestamp
+ signature is valid.
+
+ @retval TRUE The specified Authenticode includes a valid RFC3161 Timestamp CounterSignature.
+ @retval FALSE No valid RFC3161 Timestamp CounterSignature in the specified Authenticode data.
+
+**/
+BOOLEAN
+EFIAPI
+ImageTimestampVerify (
+ IN CONST UINT8 *AuthData,
+ IN UINTN DataSize,
+ IN CONST UINT8 *TsaCert,
+ IN UINTN CertSize,
+ OUT EFI_TIME *SigningTime
+ )
+{
+ BOOLEAN Status;
+ PKCS7 *Pkcs7;
+ CONST UINT8 *Temp;
+ STACK_OF(PKCS7_SIGNER_INFO) *SignerInfos;
+ PKCS7_SIGNER_INFO *SignInfo;
+ UINTN Index;
+ STACK_OF(X509_ATTRIBUTE) *Sk;
+ X509_ATTRIBUTE *Xa;
+ ASN1_OBJECT *XaObj;
+ ASN1_TYPE *Asn1Type;
+ ASN1_OCTET_STRING *EncDigest;
+ UINT8 *TSToken;
+ UINTN TokenSize;
+
+ //
+ // Input Parameters Checking.
+ //
+ if ((AuthData == NULL) || (TsaCert == NULL)) {
+ return FALSE;
+ }
+
+ if ((DataSize > INT_MAX) || (CertSize > INT_MAX)) {
+ return FALSE;
+ }
+
+ //
+ // Register & Initialize necessary digest algorithms for PKCS#7 Handling.
+ //
+ if ((EVP_add_digest (EVP_md5 ()) == 0) || (EVP_add_digest (EVP_sha1 ()) == 0) ||
+ (EVP_add_digest (EVP_sha256 ()) == 0) || (EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0) {
+ return FALSE;
+ }
+
+ //
+ // Initialization.
+ //
+ Status = FALSE;
+ Pkcs7 = NULL;
+ SignInfo = NULL;
+
+ //
+ // Decode ASN.1-encoded Authenticode data into PKCS7 structure.
+ //
+ Temp = AuthData;
+ Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &Temp, (int) DataSize);
+ if (Pkcs7 == NULL) {
+ goto _Exit;
+ }
+
+ //
+ // Check if there is one and only one signer.
+ //
+ SignerInfos = PKCS7_get_signer_info (Pkcs7);
+ if (!SignerInfos || (sk_PKCS7_SIGNER_INFO_num (SignerInfos) != 1)) {
+ goto _Exit;
+ }
+
+ //
+ // Locate the TimeStamp CounterSignature.
+ //
+ SignInfo = sk_PKCS7_SIGNER_INFO_value (SignerInfos, 0);
+ if (SignInfo == NULL) {
+ goto _Exit;
+ }
+
+ //
+ // Locate Message Digest which will be the data to be time-stamped.
+ //
+ EncDigest = SignInfo->enc_digest;
+ if (EncDigest == NULL) {
+ goto _Exit;
+ }
+
+ //
+ // The RFC3161 timestamp counterSignature is contained in unauthenticatedAttributes field
+ // of SignerInfo.
+ //
+ Sk = SignInfo->unauth_attr;
+ if (Sk == NULL) { // No timestamp counterSignature.
+ goto _Exit;
+ }
+
+ Asn1Type = NULL;
+ for (Index = 0; Index < (UINTN) sk_X509_ATTRIBUTE_num (Sk); Index++) {
+ //
+ // Search valid RFC3161 timestamp counterSignature based on OBJID.
+ //
+ Xa = sk_X509_ATTRIBUTE_value (Sk, (int)Index);
+ if (Xa == NULL) {
+ continue;
+ }
+ XaObj = X509_ATTRIBUTE_get0_object(Xa);
+ if (XaObj == NULL) {
+ continue;
+ }
+ if ((OBJ_length(XaObj) != sizeof (mSpcRFC3161OidValue)) ||
+ (CompareMem (OBJ_get0_data(XaObj), mSpcRFC3161OidValue, sizeof (mSpcRFC3161OidValue)) != 0)) {
+ continue;
+ }
+ Asn1Type = X509_ATTRIBUTE_get0_type(Xa, 0);
+ }
+
+ if (Asn1Type == NULL) {
+ Status = FALSE;
+ goto _Exit;
+ }
+ TSToken = Asn1Type->value.octet_string->data;
+ TokenSize = Asn1Type->value.octet_string->length;
+
+ //
+ // TimeStamp counterSignature (Token) verification.
+ //
+ Status = TimestampTokenVerify (
+ TSToken,
+ TokenSize,
+ TsaCert,
+ CertSize,
+ EncDigest->data,
+ EncDigest->length,
+ SigningTime
+ );
+
+_Exit:
+ //
+ // Release Resources
+ //
+ PKCS7_free (Pkcs7);
+
+ return Status;
+}
diff --git a/Cryptlib/Pk/CryptX509.c b/Cryptlib/Pk/CryptX509.c new file mode 100644 index 00000000..7dc45967 --- /dev/null +++ b/Cryptlib/Pk/CryptX509.c @@ -0,0 +1,580 @@ +/** @file
+ X.509 Certificate Handler Wrapper Implementation over OpenSSL.
+
+Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+#include <openssl/x509.h>
+#include <openssl/rsa.h>
+
+/**
+ Construct a X509 object from DER-encoded certificate data.
+
+ If Cert is NULL, then return FALSE.
+ If SingleX509Cert is NULL, then return FALSE.
+
+ @param[in] Cert Pointer to the DER-encoded certificate data.
+ @param[in] CertSize The size of certificate data in bytes.
+ @param[out] SingleX509Cert The generated X509 object.
+
+ @retval TRUE The X509 object generation succeeded.
+ @retval FALSE The operation failed.
+
+**/
+BOOLEAN
+EFIAPI
+X509ConstructCertificate (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ OUT UINT8 **SingleX509Cert
+ )
+{
+ X509 *X509Cert;
+ CONST UINT8 *Temp;
+
+ //
+ // Check input parameters.
+ //
+ if (Cert == NULL || SingleX509Cert == NULL || CertSize > INT_MAX) {
+ return FALSE;
+ }
+
+ //
+ // Read DER-encoded X509 Certificate and Construct X509 object.
+ //
+ Temp = Cert;
+ X509Cert = d2i_X509 (NULL, &Temp, (long) CertSize);
+ if (X509Cert == NULL) {
+ return FALSE;
+ }
+
+ *SingleX509Cert = (UINT8 *) X509Cert;
+
+ return TRUE;
+}
+
+/**
+ Construct a X509 stack object from a list of DER-encoded certificate data.
+
+ If X509Stack is NULL, then return FALSE.
+
+ @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object.
+ On output, pointer to the X509 stack object with new
+ inserted X509 certificate.
+ @param ... A list of DER-encoded single certificate data followed
+ by certificate size. A NULL terminates the list. The
+ pairs are the arguments to X509ConstructCertificate().
+
+ @retval TRUE The X509 stack construction succeeded.
+ @retval FALSE The construction operation failed.
+
+**/
+BOOLEAN
+EFIAPI
+X509ConstructCertificateStack (
+ IN OUT UINT8 **X509Stack,
+ ...
+ )
+{
+ UINT8 *Cert;
+ UINTN CertSize;
+ X509 *X509Cert;
+ STACK_OF(X509) *CertStack;
+ BOOLEAN Status;
+ VA_LIST Args;
+ UINTN Index;
+
+ //
+ // Check input parameters.
+ //
+ if (X509Stack == NULL) {
+ return FALSE;
+ }
+
+ Status = FALSE;
+
+ //
+ // Initialize X509 stack object.
+ //
+ CertStack = (STACK_OF(X509) *) (*X509Stack);
+ if (CertStack == NULL) {
+ CertStack = sk_X509_new_null ();
+ if (CertStack == NULL) {
+ return Status;
+ }
+ }
+
+ VA_START (Args, X509Stack);
+
+ for (Index = 0; ; Index++) {
+ //
+ // If Cert is NULL, then it is the end of the list.
+ //
+ Cert = VA_ARG (Args, UINT8 *);
+ if (Cert == NULL) {
+ break;
+ }
+
+ CertSize = VA_ARG (Args, UINTN);
+ if (CertSize == 0) {
+ break;
+ }
+
+ //
+ // Construct X509 Object from the given DER-encoded certificate data.
+ //
+ X509Cert = NULL;
+ Status = X509ConstructCertificate (
+ (CONST UINT8 *) Cert,
+ CertSize,
+ (UINT8 **) &X509Cert
+ );
+ if (!Status) {
+ if (X509Cert != NULL) {
+ X509_free (X509Cert);
+ }
+ break;
+ }
+
+ //
+ // Insert the new X509 object into X509 stack object.
+ //
+ sk_X509_push (CertStack, X509Cert);
+ }
+
+ VA_END (Args);
+
+ if (!Status) {
+ sk_X509_pop_free (CertStack, X509_free);
+ } else {
+ *X509Stack = (UINT8 *) CertStack;
+ }
+
+ return Status;
+}
+
+/**
+ Release the specified X509 object.
+
+ If X509Cert is NULL, then return FALSE.
+
+ @param[in] X509Cert Pointer to the X509 object to be released.
+
+**/
+VOID
+EFIAPI
+X509Free (
+ IN VOID *X509Cert
+ )
+{
+ //
+ // Check input parameters.
+ //
+ if (X509Cert == NULL) {
+ return;
+ }
+
+ //
+ // Free OpenSSL X509 object.
+ //
+ X509_free ((X509 *) X509Cert);
+}
+
+/**
+ Release the specified X509 stack object.
+
+ If X509Stack is NULL, then return FALSE.
+
+ @param[in] X509Stack Pointer to the X509 stack object to be released.
+
+**/
+VOID
+EFIAPI
+X509StackFree (
+ IN VOID *X509Stack
+ )
+{
+ //
+ // Check input parameters.
+ //
+ if (X509Stack == NULL) {
+ return;
+ }
+
+ //
+ // Free OpenSSL X509 stack object.
+ //
+ sk_X509_pop_free ((STACK_OF(X509) *) X509Stack, X509_free);
+}
+
+/**
+ Retrieve the subject bytes from one X.509 certificate.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[out] CertSubject Pointer to the retrieved certificate subject bytes.
+ @param[in, out] SubjectSize The size in bytes of the CertSubject buffer on input,
+ and the size of buffer returned CertSubject on output.
+
+ If Cert is NULL, then return FALSE.
+ If SubjectSize is NULL, then return FALSE.
+
+ @retval TRUE The certificate subject retrieved successfully.
+ @retval FALSE Invalid certificate, or the SubjectSize is too small for the result.
+ The SubjectSize will be updated with the required size.
+
+**/
+BOOLEAN
+EFIAPI
+X509GetSubjectName (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ OUT UINT8 *CertSubject,
+ IN OUT UINTN *SubjectSize
+ )
+{
+ BOOLEAN Status;
+ X509 *X509Cert;
+ X509_NAME *X509Name;
+ UINTN X509NameSize;
+
+ //
+ // Check input parameters.
+ //
+ if (Cert == NULL || SubjectSize == NULL) {
+ return FALSE;
+ }
+
+ X509Cert = NULL;
+
+ //
+ // Read DER-encoded X509 Certificate and Construct X509 object.
+ //
+ Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);
+ if ((X509Cert == NULL) || (!Status)) {
+ Status = FALSE;
+ goto _Exit;
+ }
+
+ Status = FALSE;
+
+ //
+ // Retrieve subject name from certificate object.
+ //
+ X509Name = X509_get_subject_name (X509Cert);
+ if (X509Name == NULL) {
+ goto _Exit;
+ }
+
+ X509NameSize = i2d_X509_NAME(X509Name, NULL);
+ if (*SubjectSize < X509NameSize) {
+ *SubjectSize = X509NameSize;
+ goto _Exit;
+ }
+ *SubjectSize = X509NameSize;
+ if (CertSubject != NULL) {
+ i2d_X509_NAME(X509Name, &CertSubject);
+ Status = TRUE;
+ }
+
+_Exit:
+ //
+ // Release Resources.
+ //
+ if (X509Cert != NULL) {
+ X509_free (X509Cert);
+ }
+
+ return Status;
+}
+
+/**
+ Retrieve the RSA Public Key from one DER-encoded X509 certificate.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved
+ RSA public key component. Use RsaFree() function to free the
+ resource.
+
+ If Cert is NULL, then return FALSE.
+ If RsaContext is NULL, then return FALSE.
+
+ @retval TRUE RSA Public Key was retrieved successfully.
+ @retval FALSE Fail to retrieve RSA public key from X509 certificate.
+
+**/
+BOOLEAN
+EFIAPI
+RsaGetPublicKeyFromX509 (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ OUT VOID **RsaContext
+ )
+{
+ BOOLEAN Status;
+ EVP_PKEY *Pkey;
+ X509 *X509Cert;
+
+ //
+ // Check input parameters.
+ //
+ if (Cert == NULL || RsaContext == NULL) {
+ return FALSE;
+ }
+
+ Pkey = NULL;
+ X509Cert = NULL;
+
+ //
+ // Read DER-encoded X509 Certificate and Construct X509 object.
+ //
+ Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);
+ if ((X509Cert == NULL) || (!Status)) {
+ Status = FALSE;
+ goto _Exit;
+ }
+
+ Status = FALSE;
+
+ //
+ // Retrieve and check EVP_PKEY data from X509 Certificate.
+ //
+ Pkey = X509_get_pubkey (X509Cert);
+ if ((Pkey == NULL) || (Pkey->type != EVP_PKEY_RSA)) {
+ goto _Exit;
+ }
+
+ //
+ // Duplicate RSA Context from the retrieved EVP_PKEY.
+ //
+ if ((*RsaContext = RSAPublicKey_dup (Pkey->pkey.rsa)) != NULL) {
+ Status = TRUE;
+ }
+
+_Exit:
+ //
+ // Release Resources.
+ //
+ if (X509Cert != NULL) {
+ X509_free (X509Cert);
+ }
+
+ if (Pkey != NULL) {
+ EVP_PKEY_free (Pkey);
+ }
+
+ return Status;
+}
+
+/**
+ Verify one X509 certificate was issued by the trusted CA.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate to be verified.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[in] CACert Pointer to the DER-encoded trusted CA certificate.
+ @param[in] CACertSize Size of the CA Certificate in bytes.
+
+ If Cert is NULL, then return FALSE.
+ If CACert is NULL, then return FALSE.
+
+ @retval TRUE The certificate was issued by the trusted CA.
+ @retval FALSE Invalid certificate or the certificate was not issued by the given
+ trusted CA.
+
+**/
+BOOLEAN
+EFIAPI
+X509VerifyCert (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ IN CONST UINT8 *CACert,
+ IN UINTN CACertSize
+ )
+{
+ BOOLEAN Status;
+ X509 *X509Cert;
+ X509 *X509CACert;
+ X509_STORE *CertStore;
+ X509_STORE_CTX CertCtx;
+
+ //
+ // Check input parameters.
+ //
+ if (Cert == NULL || CACert == NULL) {
+ return FALSE;
+ }
+
+ Status = FALSE;
+ X509Cert = NULL;
+ X509CACert = NULL;
+ CertStore = NULL;
+
+ //
+ // Register & Initialize necessary digest algorithms for certificate verification.
+ //
+ if (EVP_add_digest (EVP_md5 ()) == 0) {
+ goto _Exit;
+ }
+ if (EVP_add_digest (EVP_sha1 ()) == 0) {
+ goto _Exit;
+ }
+ if (EVP_add_digest (EVP_sha256 ()) == 0) {
+ goto _Exit;
+ }
+
+ //
+ // Read DER-encoded certificate to be verified and Construct X509 object.
+ //
+ Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);
+ if ((X509Cert == NULL) || (!Status)) {
+ Status = FALSE;
+ goto _Exit;
+ }
+
+ //
+ // Read DER-encoded root certificate and Construct X509 object.
+ //
+ Status = X509ConstructCertificate (CACert, CACertSize, (UINT8 **) &X509CACert);
+ if ((X509CACert == NULL) || (!Status)) {
+ Status = FALSE;
+ goto _Exit;
+ }
+
+ Status = FALSE;
+
+ //
+ // Set up X509 Store for trusted certificate.
+ //
+ CertStore = X509_STORE_new ();
+ if (CertStore == NULL) {
+ goto _Exit;
+ }
+ if (!(X509_STORE_add_cert (CertStore, X509CACert))) {
+ goto _Exit;
+ }
+
+ //
+ // Allow partial certificate chains, terminated by a non-self-signed but
+ // still trusted intermediate certificate. Also disable time checks.
+ //
+ X509_STORE_set_flags (CertStore,
+ X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME);
+
+ //
+ // Set up X509_STORE_CTX for the subsequent verification operation.
+ //
+ if (!X509_STORE_CTX_init (&CertCtx, CertStore, X509Cert, NULL)) {
+ goto _Exit;
+ }
+
+ //
+ // X509 Certificate Verification.
+ //
+ Status = (BOOLEAN) X509_verify_cert (&CertCtx);
+ X509_STORE_CTX_cleanup (&CertCtx);
+
+_Exit:
+ //
+ // Release Resources.
+ //
+ if (X509Cert != NULL) {
+ X509_free (X509Cert);
+ }
+
+ if (X509CACert != NULL) {
+ X509_free (X509CACert);
+ }
+
+ if (CertStore != NULL) {
+ X509_STORE_free (CertStore);
+ }
+
+ return Status;
+}
+
+/**
+ Retrieve the TBSCertificate from one given X.509 certificate.
+
+ @param[in] Cert Pointer to the given DER-encoded X509 certificate.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[out] TBSCert DER-Encoded To-Be-Signed certificate.
+ @param[out] TBSCertSize Size of the TBS certificate in bytes.
+
+ If Cert is NULL, then return FALSE.
+ If TBSCert is NULL, then return FALSE.
+ If TBSCertSize is NULL, then return FALSE.
+
+ @retval TRUE The TBSCertificate was retrieved successfully.
+ @retval FALSE Invalid X.509 certificate.
+
+**/
+BOOLEAN
+EFIAPI
+X509GetTBSCert (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ OUT UINT8 **TBSCert,
+ OUT UINTN *TBSCertSize
+ )
+{
+ CONST UINT8 *Temp;
+ INTN Asn1Tag;
+ INTN ObjClass;
+ UINTN Length;
+
+ //
+ // Check input parameters.
+ //
+ if ((Cert == NULL) || (TBSCert == NULL) ||
+ (TBSCertSize == NULL) || (CertSize > INT_MAX)) {
+ return FALSE;
+ }
+
+ //
+ // An X.509 Certificate is: (defined in RFC3280)
+ // Certificate ::= SEQUENCE {
+ // tbsCertificate TBSCertificate,
+ // signatureAlgorithm AlgorithmIdentifier,
+ // signature BIT STRING }
+ //
+ // and
+ //
+ // TBSCertificate ::= SEQUENCE {
+ // version [0] Version DEFAULT v1,
+ // ...
+ // }
+ //
+ // So we can just ASN1-parse the x.509 DER-encoded data. If we strip
+ // the first SEQUENCE, the second SEQUENCE is the TBSCertificate.
+ //
+ Temp = Cert;
+ ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)CertSize);
+
+ if (Asn1Tag != V_ASN1_SEQUENCE) {
+ return FALSE;
+ }
+
+ *TBSCert = (UINT8 *)Temp;
+
+ ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)Length);
+ //
+ // Verify the parsed TBSCertificate is one correct SEQUENCE data.
+ //
+ if (Asn1Tag != V_ASN1_SEQUENCE) {
+ return FALSE;
+ }
+
+ *TBSCertSize = Length + (Temp - *TBSCert);
+
+ return TRUE;
+}
|