dasharo/slimbootloader
0
0
Fork 0
mirror of https://github.com/Dasharo/slimbootloader.git synced 2026-03-06 15:26:20 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
f63f7f808c222677bcd9ddf203378a0ec4eaceea
slimbootloader/BootloaderCommonPkg/Library/SecureBootLib/SecureBootHash.c
T
Subash Lakkimsetti 53f088f9d5 Hash Store: Restructuring Hash Store definition 
HASH_STORE_TABLE is updated and HASH_STORE_DATA is added
to provide info with variable length sizes. Usage bits would
notify for multiple component/key using the same hash.
These data structure would optimize the hash store size
in storage.

PcdHashStoreSize would define the size of Hash store
to allocate in bios bootup.

Signed-off-by: Subash Lakkimsetti <subashx.lakkimsetti@intel.com>
2019-12-06 15:48:53 -07:00

98 lines
3.0 KiB
C
Raw Blame History

/** @file
Secure boot library routines to provide hash verification.
Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <Library/DebugLib.h>
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/CryptoLib.h>
#include <Library/SecureBootLib.h>
#include <Library/BootloaderCommonLib.h>
/**
Verify data block hash with the built-in one.
@param[in] Data Data buffer pointer.
@param[in] Length Data buffer size.
@param[in] HashAlg Specify hash algrothsm.
@param[in] ComponentType Component type.
@param[in,out] Hash On input, expected hash value when ComponentType is not used.
On output, calculated hash value when verification succeeds.
@retval RETURN_SUCCESS Hash verification succeeded.
@retval RETRUN_INVALID_PARAMETER Hash parameter is not valid.
@retval RETURN_NOT_FOUND Hash data for ComponentType is not found.
@retval RETURN_UNSUPPORTED Hash component type is not supported.
@retval RETURN_SECURITY_VIOLATION Hash verification failed.
**/
RETURN_STATUS
DoHashVerify (
IN CONST UINT8 *Data,
IN UINT32 Length,
IN UINT8 HashAlg,
IN UINT8 ComponentType,
IN OUT UINT8 *Hash
)
{
RETURN_STATUS Status;
UINT8 Digest[SHA256_DIGEST_SIZE];
CONST UINT8 *HashData;
UINT8 HashType;
if (HashAlg != HASH_TYPE_SHA256) {
return RETURN_UNSUPPORTED;
}
// Get expected hash to compare with
if (ComponentType >= COMP_TYPE_INVALID) {
HashData = Hash;
} else {
Status = GetComponentHash (ComponentType, &HashData, &HashType);
if (RETURN_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Warning: Component (%d) verification is bypassed.\n", ComponentType));
return Status;
}
}
if (HashData == NULL) {
return RETURN_INVALID_PARAMETER;
}
Sha256 (Data, Length, Digest);
if (CompareMem (HashData, (VOID *)Digest, SHA256_DIGEST_SIZE)) {
Status = RETURN_SECURITY_VIOLATION;
DEBUG ((DEBUG_ERROR, "Hash check fail for component type (%d)\n", ComponentType));
DEBUG_CODE_BEGIN();
DEBUG ((DEBUG_INFO, "First 32Bytes Input Data\n"));
DumpHex (2, 0, SHA256_DIGEST_SIZE, (VOID *)Data);
DEBUG ((DEBUG_INFO, "Last 32Bytes Input Data\n"));
DumpHex (2, 0, SHA256_DIGEST_SIZE, (VOID *) (Data + Length - 32));
DEBUG ((DEBUG_INFO, "Image Digest\n"));
DumpHex (2, 0, SHA256_DIGEST_SIZE, (VOID *)Digest);
DEBUG ((DEBUG_INFO, "HashStore Digest\n"));
DumpHex (2, 0, SHA256_DIGEST_SIZE, (VOID *)HashData);
DEBUG_CODE_END();
} else {
if ((Hash != NULL) && (HashData != Hash)) {
CopyMem (Hash, Digest, sizeof(Digest));
}
Status = RETURN_SUCCESS;
DEBUG ((DEBUG_INFO, "HASH Verification Success! Component Type (%d)\n", ComponentType));
}
return Status;
}
Reference in New Issue View Git Blame Copy Permalink