Commit 669f2b58 authored by Jeff Fan's avatar Jeff Fan Committed by vanjeff
Browse files

Copy head(r18255) from main trunk excluding UNI files.



Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: default avatarJeff Fan <jeff.fan@intel.com>
Signed-off-by: default avatarHao Wu <hao.a.wu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2010.SR1@18304 6f19259b-4bc3-4df7-8a09-765794883524
parent dcfa39fd
Include/openssl
Library/OpensslLib/openssl-*/
/** @file
/** @file
Application for Cryptographic Primitives Validation.
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
......@@ -73,6 +73,11 @@ CryptestMain (
return Status;
}
Status = ValidateTSCounterSignature ();
if (EFI_ERROR (Status)) {
return Status;
}
Status = ValidateCryptDh ();
if (EFI_ERROR (Status)) {
return Status;
......@@ -84,4 +89,4 @@ CryptestMain (
}
return EFI_SUCCESS;
}
}
\ No newline at end of file
/** @file
/** @file
Application for Cryptographic Primitives Validation.
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
......@@ -108,6 +108,18 @@ ValidateAuthenticode (
VOID
);
/**
Validate UEFI-OpenSSL RFC3161 Timestamp CounterSignature Verification Interfaces.
@retval EFI_SUCCESS Validation succeeded.
@retval EFI_ABORTED Validation failed.
**/
EFI_STATUS
ValidateTSCounterSignature (
VOID
);
/**
Validate UEFI-OpenSSL DH Interfaces.
......@@ -132,4 +144,4 @@ ValidateCryptPrng (
VOID
);
#endif
#endif
\ No newline at end of file
......@@ -37,6 +37,7 @@
RsaVerify.c
RsaVerify2.c
AuthenticodeVerify.c
TSVerify.c
DhVerify.c
RandVerify.c
......
/** @file
/** @file
Application for Diffie-Hellman Primitives Validation.
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
......@@ -41,6 +41,14 @@ ValidateCryptDh (
Print (L"\nUEFI-OpenSSL DH Engine Testing:\n");
//
// Initialize Key Length
//
PublicKey1Length = sizeof (PublicKey1);
PublicKey2Length = sizeof (PublicKey2);
Key1Length = sizeof (Key1);
Key2Length = sizeof (Key2);
//
// Generate & Initialize DH Context
//
......@@ -114,4 +122,4 @@ ValidateCryptDh (
Print (L"[Pass]\n");
return EFI_SUCCESS;
}
}
\ No newline at end of file
/** @file
/** @file
Application for Hash Primitives Validation.
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
......@@ -54,6 +54,25 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Sha256Digest[SHA256_DIGEST_SIZE] = {
0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
};
//
// Result for SHA-384("abc"). (From "D.1 SHA-384 Example" of NIST FIPS 180-2)
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Sha384Digest[SHA384_DIGEST_SIZE] = {
0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b, 0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07,
0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63, 0x1a, 0x8b, 0x60, 0x5a, 0x43, 0xff, 0x5b, 0xed,
0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23, 0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7
};
//
// Result for SHA-512("abc"). (From "C.1 SHA-512 Example" of NIST FIPS 180-2)
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Sha512Digest[SHA512_DIGEST_SIZE] = {
0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31,
0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2, 0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a,
0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8, 0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd,
0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e, 0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f
};
/**
Validate UEFI-OpenSSL Digest Interfaces.
......@@ -76,7 +95,7 @@ ValidateCryptDigest (
DataSize = AsciiStrLen (HashData);
Print (L"- MD4: ");
//
// MD4 Digest Validation
//
......@@ -234,6 +253,86 @@ ValidateCryptDigest (
}
Print (L"[Pass]\n");
Print (L"- SHA384: ");
//
// SHA384 Digest Validation
//
ZeroMem (Digest, MAX_DIGEST_SIZE);
CtxSize = Sha384GetContextSize ();
HashCtx = AllocatePool (CtxSize);
Print (L"Init... ");
Status = Sha384Init (HashCtx);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"Update... ");
Status = Sha384Update (HashCtx, HashData, DataSize);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"Finalize... ");
Status = Sha384Final (HashCtx, Digest);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
FreePool (HashCtx);
Print (L"Check Value... ");
if (CompareMem (Digest, Sha384Digest, SHA384_DIGEST_SIZE) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"[Pass]\n");
Print (L"- SHA512: ");
//
// SHA512 Digest Validation
//
ZeroMem (Digest, MAX_DIGEST_SIZE);
CtxSize = Sha512GetContextSize ();
HashCtx = AllocatePool (CtxSize);
Print (L"Init... ");
Status = Sha512Init (HashCtx);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"Update... ");
Status = Sha512Update (HashCtx, HashData, DataSize);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"Finalize... ");
Status = Sha512Final (HashCtx, Digest);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
FreePool (HashCtx);
Print (L"Check Value... ");
if (CompareMem (Digest, Sha512Digest, SHA512_DIGEST_SIZE) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"[Pass]\n");
return EFI_SUCCESS;
}
This diff is collapsed.
......@@ -34,9 +34,9 @@ To make a contribution to a TianoCore project, follow these steps.
Contributions using other licenses might be accepted, but further
review will be required.
=======================================
= Change Description / Commit Message =
=======================================
=====================================================
= Change Description / Commit Message / Patch Email =
=====================================================
Your change description should use the standard format for a
commit message, and must include your "Signed-off-by" signature
......@@ -44,7 +44,32 @@ and the "Contributed-under" message.
== Sample Change Description / Commit Message =
=== Definitions for sample change description ===
=== Start of sample patch email message ===
From: Contributor Name <contributor@example.com>
Subject: [PATCH] CodeModule: Brief-single-line-summary
Full-commit-message
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Contributor Name <contributor@example.com>
---
An extra message for the patch email which will not be considered part
of the commit message can be added here.
Patch content inline or attached
=== End of sample patch email message ===
=== Notes for sample patch email ===
* The first line of commit message is taken from the email's subject
line following [PATCH]. The remaining portion of the commit message
is the email's content until the '---' line.
* git format-patch is one way to create this format
=== Definitions for sample patch email ===
* "CodeModule" is a short idenfier for the affected code. For
example MdePkg, or MdeModulePkg UsbBusDxe.
......@@ -58,15 +83,6 @@ and the "Contributed-under" message.
* "Signed-off-by" is the contributor's signature identifying them
by their real/legal name and their email address.
=== Start of sample change description / commit message ===
CodeModule: Brief-single-line-summary
Full-commit-message
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Contributor Name <contributor@email.server>
=== End of sample change description / commit message ===
========================================
= TianoCore Contribution Agreement 1.0 =
========================================
......
......@@ -4,7 +4,7 @@
# This Package provides cryptographic-related libraries for UEFI security modules.
# It also provides a test application to test libraries.
#
# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
......@@ -19,7 +19,7 @@
DEC_SPECIFICATION = 0x00010005
PACKAGE_NAME = CryptoPkg
PACKAGE_GUID = 36470E80-36F2-4ba0-8CC8-937C7D9FF888
PACKAGE_VERSION = 0.94
PACKAGE_VERSION = 0.96
[Includes]
Include
......
## @file
# Cryptographic Library Package for UEFI Security Implementation.
#
# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
......@@ -20,7 +20,7 @@
[Defines]
PLATFORM_NAME = CryptoPkg
PLATFORM_GUID = E1063286-6C8C-4c25-AEF0-67A9A5B6E6B6
PLATFORM_VERSION = 0.94
PLATFORM_VERSION = 0.96
DSC_SPECIFICATION = 0x00010005
OUTPUT_DIRECTORY = Build/CryptoPkg
SUPPORTED_ARCHITECTURES = IA32|X64|IPF|ARM|AARCH64
......
......@@ -4,7 +4,7 @@
primitives (Hash Serials, HMAC, RSA, Diffie-Hellman, etc) for UEFI security
functionality enabling.
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
......@@ -18,6 +18,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#ifndef __BASE_CRYPT_LIB_H__
#define __BASE_CRYPT_LIB_H__
#include <Uefi/UefiBaseType.h>
///
/// MD4 digest size in bytes
///
......@@ -38,6 +40,16 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
///
#define SHA256_DIGEST_SIZE 32
///
/// SHA-384 digest size in bytes
///
#define SHA384_DIGEST_SIZE 48
///
/// SHA-512 digest size in bytes
///
#define SHA512_DIGEST_SIZE 64
///
/// TDES block size in bytes
///
......@@ -513,6 +525,215 @@ Sha256Final (
OUT UINT8 *HashValue
);
/**
Retrieves the size, in bytes, of the context buffer required for SHA-384 hash operations.
@return The size, in bytes, of the context buffer required for SHA-384 hash operations.
**/
UINTN
EFIAPI
Sha384GetContextSize (
VOID
);
/**
Initializes user-supplied memory pointed by Sha384Context as SHA-384 hash context for
subsequent use.
If Sha384Context is NULL, then return FALSE.
@param[out] Sha384Context Pointer to SHA-384 context being initialized.
@retval TRUE SHA-384 context initialization succeeded.
@retval FALSE SHA-384 context initialization failed.
**/
BOOLEAN
EFIAPI
Sha384Init (
OUT VOID *Sha384Context
);
/**
Makes a copy of an existing SHA-384 context.
If Sha384Context is NULL, then return FALSE.
If NewSha384Context is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in] Sha384Context Pointer to SHA-384 context being copied.
@param[out] NewSha384Context Pointer to new SHA-384 context.
@retval TRUE SHA-384 context copy succeeded.
@retval FALSE SHA-384 context copy failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Sha384Duplicate (
IN CONST VOID *Sha384Context,
OUT VOID *NewSha384Context
);
/**
Digests the input data and updates SHA-384 context.
This function performs SHA-384 digest on a data buffer of the specified size.
It can be called multiple times to compute the digest of long or discontinuous data streams.
SHA-384 context should be already correctly intialized by Sha384Init(), and should not be finalized
by Sha384Final(). Behavior with invalid context is undefined.
If Sha384Context is NULL, then return FALSE.
@param[in, out] Sha384Context Pointer to the SHA-384 context.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataSize Size of Data buffer in bytes.
@retval TRUE SHA-384 data digest succeeded.
@retval FALSE SHA-384 data digest failed.
**/
BOOLEAN
EFIAPI
Sha384Update (
IN OUT VOID *Sha384Context,
IN CONST VOID *Data,
IN UINTN DataSize
);
/**
Completes computation of the SHA-384 digest value.
This function completes SHA-384 hash computation and retrieves the digest value into
the specified memory. After this function has been called, the SHA-384 context cannot
be used again.
SHA-384 context should be already correctly intialized by Sha384Init(), and should not be
finalized by Sha384Final(). Behavior with invalid SHA-384 context is undefined.
If Sha384Context is NULL, then return FALSE.
If HashValue is NULL, then return FALSE.
@param[in, out] Sha384Context Pointer to the SHA-384 context.
@param[out] HashValue Pointer to a buffer that receives the SHA-384 digest
value (48 bytes).
@retval TRUE SHA-384 digest computation succeeded.
@retval FALSE SHA-384 digest computation failed.
**/
BOOLEAN
EFIAPI
Sha384Final (
IN OUT VOID *Sha384Context,
OUT UINT8 *HashValue
);
/**
Retrieves the size, in bytes, of the context buffer required for SHA-512 hash operations.
@return The size, in bytes, of the context buffer required for SHA-512 hash operations.
**/
UINTN
EFIAPI
Sha512GetContextSize (
VOID
);
/**
Initializes user-supplied memory pointed by Sha512Context as SHA-512 hash context for
subsequent use.
If Sha512Context is NULL, then return FALSE.
@param[out] Sha512Context Pointer to SHA-512 context being initialized.
@retval TRUE SHA-512 context initialization succeeded.
@retval FALSE SHA-512 context initialization failed.
**/
BOOLEAN
EFIAPI
Sha512Init (
OUT VOID *Sha512Context
);
/**
Makes a copy of an existing SHA-512 context.
If Sha512Context is NULL, then return FALSE.
If NewSha512Context is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in] Sha512Context Pointer to SHA-512 context being copied.
@param[out] NewSha512Context Pointer to new SHA-512 context.
@retval TRUE SHA-512 context copy succeeded.
@retval FALSE SHA-512 context copy failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Sha512Duplicate (
IN CONST VOID *Sha512Context,
OUT VOID *NewSha512Context
);
/**
Digests the input data and updates SHA-512 context.
This function performs SHA-512 digest on a data buffer of the specified size.
It can be called multiple times to compute the digest of long or discontinuous data streams.
SHA-512 context should be already correctly intialized by Sha512Init(), and should not be finalized
by Sha512Final(). Behavior with invalid context is undefined.
If Sha512Context is NULL, then return FALSE.
@param[in, out] Sha512Context Pointer to the SHA-512 context.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataSize Size of Data buffer in bytes.
@retval TRUE SHA-512 data digest succeeded.
@retval FALSE SHA-512 data digest failed.
**/
BOOLEAN
EFIAPI
Sha512Update (
IN OUT VOID *Sha512Context,
IN CONST VOID *Data,
IN UINTN DataSize
);
/**
Completes computation of the SHA-512 digest value.
This function completes SHA-512 hash computation and retrieves the digest value into
the specified memory. After this function has been called, the SHA-512 context cannot
be used again.
SHA-512 context should be already correctly intialized by Sha512Init(), and should not be
finalized by Sha512Final(). Behavior with invalid SHA-512 context is undefined.
If Sha512Context is NULL, then return FALSE.
If HashValue is NULL, then return FALSE.
@param[in, out] Sha512Context Pointer to the SHA-512 context.
@param[out] HashValue Pointer to a buffer that receives the SHA-512 digest
value (64 bytes).
@retval TRUE SHA-512 digest computation succeeded.
@retval FALSE SHA-512 digest computation failed.
**/
BOOLEAN
EFIAPI
Sha512Final (
IN OUT VOID *Sha512Context,
OUT UINT8 *HashValue
);
//=====================================================================================
// MAC (Message Authentication Code) Primitive
......@@ -754,7 +975,6 @@ HmacSha1Final (
OUT UINT8 *HmacValue
);
//=====================================================================================
// Symmetric Cryptography Primitive
//=====================================================================================
......@@ -1395,7 +1615,7 @@ RsaGetKey (
@param[in, out] RsaContext Pointer to RSA context being set.
@param[in] ModulusLength Length of RSA modulus N in bits.
@param[in] PublicExponent Pointer to RSA public exponent.
@param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.
@param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.
@retval TRUE RSA key component was generated successfully.
@retval FALSE Invalid RSA key component tag.
......@@ -1413,6 +1633,8 @@ RsaGenerateKey (
/**
Validates key components of RSA context.
NOTE: This function performs integrity checks on all the RSA key material, so
the RSA key structure must contain all the private key data.
This function validates key compoents of RSA context in following aspects:
- Whether p is a prime
......@@ -1519,7 +1741,6 @@ RsaPkcs1Verify (
@retval TRUE RSA Private Key was retrieved successfully.
@retval FALSE Invalid PEM key data or incorrect password.
@retval FALSE This interface is not supported.
**/
BOOLEAN
......@@ -1642,13 +1863,13 @@ X509ConstructCertificate (
If X509Stack is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in, out] X509Stack On input, pointer to an existing X509 stack object.
@param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object.
On output, pointer to the X509 stack object with new