You've already forked slimbootloader
mirror of
https://github.com/Dasharo/slimbootloader.git
synced 2026-03-06 15:26:20 -08:00
Guo Dong
5e10bd1e07
To align with EDK2, update file license to use BSD+Patent license Signed-off-by: Guo Dong <guo.dong@intel.com>
191 lines
5.8 KiB
C
191 lines
5.8 KiB
C
/** @file
|
|
Provides sha256 and RSA2048 verify functions.
|
|
|
|
Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
|
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
|
|
**/
|
|
|
|
|
|
#ifndef __CRYPTO_LIB_H__
|
|
#define __CRYPTO_LIB_H__
|
|
|
|
#include <Uefi/UefiBaseType.h>
|
|
|
|
#define RSA_KEY_VB_SIGNATURE SIGNATURE_32 ('$', '_', 'V', 'B')
|
|
#define RSA_KEY_IPP_SIGNATURE SIGNATURE_32 ('$', 'I', 'P', 'P')
|
|
|
|
#define SIG_TYPE_RSA2048SHA256 0
|
|
|
|
#define SHA256_DIGEST_SIZE 32
|
|
#define RSA2048NUMBYTES 256
|
|
|
|
#define RSA_MOD_SIZE 256 //hardcode n size to be 256
|
|
#define RSA_E_SIZE 4 //hardcode e size to be 4
|
|
|
|
#define RSA_SIGNATURE_AND_KEY_SIZE (RSA2048NUMBYTES + RSA_MOD_SIZE + RSA_E_SIZE + sizeof(UINT32))
|
|
|
|
#define IPP_HASH_CTX_SIZE 256 //IPP Hash context size
|
|
|
|
typedef UINT8 HASH_CTX[IPP_HASH_CTX_SIZE]; //IPP Hash context buffer
|
|
|
|
//
|
|
// RSA verify required key parameter format
|
|
//
|
|
typedef struct {
|
|
UINT32 Signature;
|
|
UINT8 PubKeyData[0];
|
|
} RSA_PUB_KEY;
|
|
|
|
/**
|
|
Computes the SHA-256 message digest of a input data buffer.
|
|
|
|
This function performs the SHA-256 message digest of a given data buffer, and places
|
|
the digest value into the specified memory.
|
|
|
|
@param[in] Data Pointer to the buffer containing the data to be hashed.
|
|
@param[in] Length Length of Data buffer in bytes.
|
|
@param[out] Digest Pointer to a buffer that receives the SHA-256 digest
|
|
value (32 bytes).
|
|
|
|
@retval A pointer to SHA-256 digest value
|
|
**/
|
|
UINT8 *
|
|
Sha256 (
|
|
IN CONST UINT8 *Data,
|
|
IN UINT32 Length,
|
|
OUT UINT8 *Digest
|
|
);
|
|
|
|
/**
|
|
Verifies the RSA signature with PKCS1-v1_5 encoding scheme defined in RSA PKCS#1.
|
|
|
|
@param[in] PubKey Pointer to a pre-processed RSA key data.
|
|
@param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.
|
|
@param[in] SignatureLen Length of the signature in bytes.
|
|
@param[in] SignatureType Now only support signature type SIG_TYPE_RSA2048SHA256.
|
|
@param[in] Hash Pointer to octet message hash to be checked.
|
|
|
|
@retval RETURN_SUCCESS Valid signature.
|
|
@retval RETURN_INVALID_PARAMETER Key or signature format is incorrect.
|
|
@retval RETURN_SECURITY_VIOLATION Invalid signature.
|
|
|
|
**/
|
|
RETURN_STATUS
|
|
RsaVerify (
|
|
CONST RSA_PUB_KEY *PubKey,
|
|
CONST UINT8 *Signature,
|
|
CONST UINT32 SignatureLen,
|
|
CONST UINT8 SignatureType,
|
|
CONST UINT8 *Hash
|
|
);
|
|
|
|
/**
|
|
Computes the HMAC SHA-256 message digest of a input data buffer.
|
|
|
|
This function performs the HMAC SHA-256 message digest of a given data buffer, and places
|
|
the digest value into the specified memory.
|
|
|
|
@param[in] Msg Pointer to the buffer containing the data to be hashed.
|
|
@param[in] MsgLen Length of Data buffer in bytes.
|
|
@param[in] Key Pointer to the secret key.
|
|
@param[in] KeyLen Length of the secret key.
|
|
@param[out] Hmac Pointer to a buffer that receives the HMAC SHA-256 digest
|
|
value (32 bytes).
|
|
@param[in] HmacLen Length of the HMAC SHA-256 buffer in bytes.
|
|
|
|
@retval EFI_SUCCESS Successfully calculated HMAC SHA256
|
|
@retval EFI_PROTOCOL_ERROR Error caused while calculating HMAC SHA256
|
|
**/
|
|
EFI_STATUS
|
|
HmacSha256 (
|
|
IN CONST UINT8 *Msg,
|
|
IN UINT32 MsgLen,
|
|
IN CONST UINT8 *Key,
|
|
IN UINT32 KeyLen,
|
|
OUT UINT8 *Hmac,
|
|
IN UINT32 HmacLen
|
|
);
|
|
|
|
/**
|
|
Wrapper function for HMAC HKDF logic
|
|
|
|
HKDF-Extract(salt, IKM) -> PRK as Ouput
|
|
HKDF-Expand(PRK, info, L) -> OKM as Output
|
|
Method used: SHA-256
|
|
|
|
@param[in] Salt Pointer to the Salt/Nonce data.
|
|
@param[in] SaltLen Length of the Salt/Nonce.
|
|
@param[in] Ikm Input Keying Material. This is the pointer to the secret Key.
|
|
@param[in] IkmLen Length of the secret key.
|
|
@param[in] Info Pointer to the msg/info to be used.
|
|
@param[in] InfoLen Length of the msg.
|
|
@param[out] Okm Output Keying Material. Pointer to the final key that is derived using HKDF algo.
|
|
@param[in] OkmLen Length of the OKM buffer in bytes.
|
|
|
|
Returns non-zero on failure, 0 on success.
|
|
**/
|
|
EFI_STATUS
|
|
HkdfExtractExpand (
|
|
IN CONST UINT8 *Salt,
|
|
IN INT32 SaltLen,
|
|
IN CONST UINT8 *Ikm,
|
|
IN INT32 IkmLen,
|
|
IN CONST UINT8* Info,
|
|
IN INT32 InfoLen,
|
|
OUT UINT8 *Okm,
|
|
IN INT32 OkmLen
|
|
);
|
|
|
|
/**
|
|
Initializes the hash context for SHA256 hashing.
|
|
|
|
@param[in] HashCtx Pointer to the hash context buffer.
|
|
@param[in] HashCtxSize Length of the hash context.
|
|
|
|
@retval RETURN_SUCCESS Success.
|
|
@retval RETURN_BUFFER_TOO_SMALL Hash context buffer size is not large enough.
|
|
@retval RETURN_SECURITY_VIOLATION All other errors.
|
|
**/
|
|
RETURN_STATUS
|
|
Sha256Init (
|
|
IN HASH_CTX *HashCtx,
|
|
IN UINT32 HashCtxSize
|
|
);
|
|
|
|
/**
|
|
Consumes the data for SHA256 hashing.
|
|
This method can be called multiple times to hash separate pieces of data.
|
|
|
|
@param[in] HashCtx Pointer to the hash context buffer.
|
|
@param[in] Msg Data to be hashed.
|
|
@param[in] MsgLen Length of data to be hashed.
|
|
|
|
@retval RETURN_SUCCESS Success.
|
|
@retval RETURN_SECURITY_VIOLATION All other errors.
|
|
**/
|
|
RETURN_STATUS
|
|
Sha256Update (
|
|
IN HASH_CTX *HashCtx,
|
|
IN CONST UINT8 *Msg,
|
|
IN UINT32 MsgLen
|
|
);
|
|
|
|
/**
|
|
Finalizes the SHA256 hashing and returns the hash.
|
|
|
|
@param[in] HashCtx Pointer to the hash context buffer.
|
|
@param[out] Hash Sha256 hash of the data.
|
|
|
|
@retval RETURN_SUCCESS Success.
|
|
@retval RETURN_SECURITY_VIOLATION All other errors.
|
|
**/
|
|
RETURN_STATUS
|
|
Sha256Final (
|
|
IN HASH_CTX *HashCtx,
|
|
OUT UINT8 *Hash
|
|
);
|
|
|
|
#endif
|
|
|