diff options
Diffstat (limited to 'SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c')
| -rw-r--r-- | SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c | 70 |
1 files changed, 44 insertions, 26 deletions
diff --git a/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c b/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c index 96638e26aa..f7ecc9afd8 100644 --- a/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c +++ b/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c @@ -25,19 +25,19 @@ SPDX-License-Identifier: BSD-2-Clause-Patent /// RSA 2048 SHA 256 Guided Section header
///
typedef struct {
- EFI_GUID_DEFINED_SECTION GuidedSectionHeader; ///< EFI guided section header
- EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature
+ EFI_GUID_DEFINED_SECTION GuidedSectionHeader; ///< EFI guided section header
+ EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature
} RSA_2048_SHA_256_SECTION_HEADER;
typedef struct {
- EFI_GUID_DEFINED_SECTION2 GuidedSectionHeader; ///< EFI guided section header
- EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature
+ EFI_GUID_DEFINED_SECTION2 GuidedSectionHeader; ///< EFI guided section header
+ EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature
} RSA_2048_SHA_256_SECTION2_HEADER;
///
/// Public Exponent of RSA Key.
///
-CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
+CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
/**
@@ -69,31 +69,37 @@ Rsa2048Sha256GuidedSectionGetInfo ( // Check whether the input guid section is recognized.
//
if (!CompareGuid (
- &gEfiCertTypeRsa2048Sha256Guid,
- &(((EFI_GUID_DEFINED_SECTION2 *) InputSection)->SectionDefinitionGuid))) {
+ &gEfiCertTypeRsa2048Sha256Guid,
+ &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid)
+ ))
+ {
return EFI_INVALID_PARAMETER;
}
+
//
// Retrieve the size and attribute of the input section data.
//
- *SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *) InputSection)->Attributes;
+ *SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *)InputSection)->Attributes;
*ScratchBufferSize = 0;
- *OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION2_HEADER);
+ *OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION2_HEADER);
} else {
//
// Check whether the input guid section is recognized.
//
if (!CompareGuid (
- &gEfiCertTypeRsa2048Sha256Guid,
- &(((EFI_GUID_DEFINED_SECTION *) InputSection)->SectionDefinitionGuid))) {
+ &gEfiCertTypeRsa2048Sha256Guid,
+ &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid)
+ ))
+ {
return EFI_INVALID_PARAMETER;
}
+
//
// Retrieve the size and attribute of the input section data.
//
- *SectionAttribute = ((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes;
+ *SectionAttribute = ((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes;
*ScratchBufferSize = 0;
- *OutputBufferSize = SECTION_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION_HEADER);
+ *OutputBufferSize = SECTION_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION_HEADER);
}
return EFI_SUCCESS;
@@ -143,15 +149,17 @@ Rsa2048Sha256GuidedSectionHandler ( // Check whether the input guid section is recognized.
//
if (!CompareGuid (
- &gEfiCertTypeRsa2048Sha256Guid,
- &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid))) {
+ &gEfiCertTypeRsa2048Sha256Guid,
+ &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid)
+ ))
+ {
return EFI_INVALID_PARAMETER;
}
//
// Get the RSA 2048 SHA 256 information.
//
- CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION2_HEADER *) InputSection)->CertBlockRsa2048Sha256;
+ CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION2_HEADER *)InputSection)->CertBlockRsa2048Sha256;
OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION2_HEADER);
if ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_PROCESSING_REQUIRED) != 0) {
PERF_INMODULE_BEGIN ("PeiRsaCopy");
@@ -171,8 +179,10 @@ Rsa2048Sha256GuidedSectionHandler ( // Check whether the input guid section is recognized.
//
if (!CompareGuid (
- &gEfiCertTypeRsa2048Sha256Guid,
- &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid))) {
+ &gEfiCertTypeRsa2048Sha256Guid,
+ &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid)
+ ))
+ {
return EFI_INVALID_PARAMETER;
}
@@ -192,7 +202,7 @@ Rsa2048Sha256GuidedSectionHandler ( //
// Implicitly RSA 2048 SHA 256 GUIDed section should have STATUS_VALID bit set
//
- ASSERT ((((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) != 0);
+ ASSERT ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) != 0);
*AuthenticationStatus = EFI_AUTH_STATUS_IMAGE_SIGNED;
}
@@ -230,13 +240,15 @@ Rsa2048Sha256GuidedSectionHandler ( *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
- CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey));
+
+ CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Update() failed\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
- CryptoStatus = Sha256Final (HashContext, Digest);
+
+ CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Final() failed\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
@@ -259,9 +271,11 @@ Rsa2048Sha256GuidedSectionHandler ( CryptoStatus = TRUE;
break;
}
- PublicKey = PublicKey + SHA256_DIGEST_SIZE;
+
+ PublicKey = PublicKey + SHA256_DIGEST_SIZE;
PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE;
}
+
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Public key in section is not supported\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
@@ -282,12 +296,13 @@ Rsa2048Sha256GuidedSectionHandler ( // Set RSA Key Components.
// NOTE: Only N and E are needed to be set as RSA public key for signature verification.
//
- CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey));
+ CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: RsaSetKey(RsaKeyN) failed\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
+
CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n"));
@@ -305,6 +320,7 @@ Rsa2048Sha256GuidedSectionHandler ( *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
+
PERF_INMODULE_BEGIN ("PeiRsaShaData");
CryptoStatus = Sha256Update (HashContext, *OutputBuffer, OutputBufferSize);
PERF_INMODULE_END ("PeiRsaShaData");
@@ -313,7 +329,8 @@ Rsa2048Sha256GuidedSectionHandler ( *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
- CryptoStatus = Sha256Final (HashContext, Digest);
+
+ CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Final() failed\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
@@ -347,6 +364,7 @@ Done: if (Rsa != NULL) {
RsaFree (Rsa);
}
+
if (HashContext != NULL) {
FreePool (HashContext);
}
@@ -369,8 +387,8 @@ Done: EFI_STATUS
EFIAPI
PeiRsa2048Sha256GuidedSectionExtractLibConstructor (
- IN EFI_PEI_FILE_HANDLE FileHandle,
- IN CONST EFI_PEI_SERVICES **PeiServices
+ IN EFI_PEI_FILE_HANDLE FileHandle,
+ IN CONST EFI_PEI_SERVICES **PeiServices
)
{
return ExtractGuidedSectionRegisterHandlers (
|