From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 88DEE1A1DEF for ; Fri, 30 Sep 2016 05:23:04 -0700 (PDT) Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga104.jf.intel.com with ESMTP; 30 Sep 2016 05:23:04 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,272,1473145200"; d="scan'208";a="1064437771" Received: from gchen32-mobl.ccr.corp.intel.com (HELO jyao1-MOBL.ccr.corp.intel.com) ([10.254.214.75]) by fmsmga002.fm.intel.com with ESMTP; 30 Sep 2016 05:23:02 -0700 From: Jiewen Yao To: edk2-devel@lists.01.org Cc: Feng Tian , Star Zeng , Michael D Kinney , Liming Gao , Chao Zhang Date: Fri, 30 Sep 2016 20:21:39 +0800 Message-Id: <1475238128-22448-22-git-send-email-jiewen.yao@intel.com> X-Mailer: git-send-email 2.7.4.windows.1 In-Reply-To: <1475238128-22448-1-git-send-email-jiewen.yao@intel.com> References: <1475238128-22448-1-git-send-email-jiewen.yao@intel.com> Subject: [PATCH V2 21/50] SecurityPkg/FmpAuthenticationPkcs7Lib: Add PKCS7 NULL class for FMP. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Sep 2016 12:23:04 -0000 This is a NULL class for FmpAuthenticationLib. It provides PKCS7 based FMP authentication. Cc: Feng Tian Cc: Star Zeng Cc: Michael D Kinney Cc: Liming Gao Cc: Chao Zhang Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao Reviewed-by: Chao Zhang --- SecurityPkg/Library/FmpAuthenticationPkcs7Lib/FmpAuthenticationPkcs7Lib.c | 147 ++++++++++++++++++++ SecurityPkg/Library/FmpAuthenticationPkcs7Lib/FmpAuthenticationPkcs7Lib.inf | 52 +++++++ SecurityPkg/Library/FmpAuthenticationPkcs7Lib/FmpAuthenticationPkcs7Lib.uni | 26 ++++ 3 files changed, 225 insertions(+) diff --git a/SecurityPkg/Library/FmpAuthenticationPkcs7Lib/FmpAuthenticationPkcs7Lib.c b/SecurityPkg/Library/FmpAuthenticationPkcs7Lib/FmpAuthenticationPkcs7Lib.c new file mode 100644 index 0000000..bff06a1 --- /dev/null +++ b/SecurityPkg/Library/FmpAuthenticationPkcs7Lib/FmpAuthenticationPkcs7Lib.c @@ -0,0 +1,147 @@ +/** @file + FMP Authentication PKCS7 handler. + + Caution: This module requires additional review when modified. + This module will have external input - capsule image. + This external input must be validated carefully to avoid security issue like + buffer overflow, integer overflow. + + FmpAuthenticatedHandlerPkcs7() will receive untrusted input and do basic + validation. + + Copyright (c) 2016, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +#include + +STATIC UINT8 *mPkcs7Cert; +STATIC UINTN mPkcs7CertSize; + +/** + The handler is used to do the authentication for FMP capsule based upon + EFI_FIRMWARE_IMAGE_AUTHENTICATION. + + Caution: This function may receive untrusted input. + + This function assumes the caller ExecuteFmpAuthenticationHandler() + already did basic validation for EFI_FIRMWARE_IMAGE_AUTHENTICATION. + + @param[in] Image Points to the new FMP authentication image, + start from EFI_FIRMWARE_IMAGE_AUTHENTICATION. + @param[in] ImageSize Size of the authentication image in bytes. + @param[out] LastAttemptStatus The last attempt status, which will be recorded + in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR. + + @retval RETURN_SUCCESS Authentication pass. + @retval RETURN_SECURITY_VIOLATION Authentication fail. + The detail reson is recorded in LastAttemptStatus. +**/ +RETURN_STATUS +EFIAPI +FmpAuthenticatedHandlerPkcs7( + IN VOID *Image, + IN UINTN ImageSize, + OUT UINT32 *LastAttemptStatus + ) +{ + RETURN_STATUS Status; + EFI_FIRMWARE_IMAGE_AUTHENTICATION *ImageAuthentication; + BOOLEAN CryptoStatus; + VOID *P7Data; + UINTN P7Length; + UINTN ImageOffset; + UINT64 MonotonicCount; + UINT64 Backup; + + DEBUG((DEBUG_INFO, "FmpAuthenticatedHandlerPkcs7 - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize)); + + ImageAuthentication = (EFI_FIRMWARE_IMAGE_AUTHENTICATION *)Image; + MonotonicCount = ImageAuthentication->MonotonicCount; + ImageOffset = ImageAuthentication->AuthInfo.Hdr.dwLength; + P7Length = ImageAuthentication->AuthInfo.Hdr.dwLength - (sizeof(WIN_CERTIFICATE) + sizeof(EFI_GUID)); + P7Data = AllocateCopyPool (P7Length, ImageAuthentication->AuthInfo.CertData); + if (P7Data == NULL) { + // + // If PKCS7 signature verification fails, AUTH tested failed bit is set. + // + DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerPkcs7: P7Data == NULL\n")); + *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES; + Status = RETURN_OUT_OF_RESOURCES; + goto Done; + } + + // It is a signature across the variable data and the Monotonic Count value. + CopyMem(&Backup, (UINT8 *)Image + ImageOffset, sizeof(Backup)); + CopyMem((UINT8 *)Image + ImageOffset, &MonotonicCount, sizeof(MonotonicCount)); + CryptoStatus = Pkcs7Verify( + P7Data, + P7Length, + mPkcs7Cert, + mPkcs7CertSize, + (UINT8 *)Image + ImageOffset, + ImageSize - ImageOffset + ); + CopyMem((UINT8 *)Image + ImageOffset, &Backup, sizeof(Backup)); + FreePool(P7Data); + if (!CryptoStatus) { + // + // If PKCS7 signature verification fails, AUTH tested failed bit is set. + // + DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerPkcs7: Pkcs7Verify() failed\n")); + *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR; + Status = RETURN_SECURITY_VIOLATION; + goto Done; + } + DEBUG((DEBUG_INFO, "FmpAuthenticatedHandlerPkcs7: PASS verification\n")); + + *LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS; + Status = RETURN_SUCCESS; + +Done: + return Status; +} + +/** + The constructor function to register FMP authentication handler. + + @retval RETURN_SUCCESS The constructor successfully . +**/ +RETURN_STATUS +EFIAPI +FmpAuthenticationPkcs7LibConstructor( + VOID + ) +{ + RETURN_STATUS Status; + + mPkcs7CertSize = PcdGetSize(PcdPkcs7CertBuffer); + mPkcs7Cert = AllocateCopyPool(mPkcs7CertSize, PcdGetPtr(PcdPkcs7CertBuffer)); + ASSERT(mPkcs7Cert != NULL); + + Status = RegisterFmpAuthenticationHandler(&gEfiCertPkcs7Guid, FmpAuthenticatedHandlerPkcs7); + ASSERT_EFI_ERROR(Status); + + return RETURN_SUCCESS; +} diff --git a/SecurityPkg/Library/FmpAuthenticationPkcs7Lib/FmpAuthenticationPkcs7Lib.inf b/SecurityPkg/Library/FmpAuthenticationPkcs7Lib/FmpAuthenticationPkcs7Lib.inf new file mode 100644 index 0000000..99fa2be --- /dev/null +++ b/SecurityPkg/Library/FmpAuthenticationPkcs7Lib/FmpAuthenticationPkcs7Lib.inf @@ -0,0 +1,52 @@ +## @file +# FMP Authentication PKCS7 handler. +# +# Copyright (c) 2016, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = FmpAuthenticationPkcs7Lib + MODULE_UNI_FILE = FmpAuthenticationPkcs7Lib.uni + FILE_GUID = F4EA205B-7345-452C-9D62-53BA6F3B8910 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = NULL + CONSTRUCTOR = FmpAuthenticationPkcs7LibConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF EBC +# + +[Sources] + FmpAuthenticationPkcs7Lib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + BaseCryptLib + FmpAuthenticationLib + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer + +[Guids] + gEfiCertPkcs7Guid diff --git a/SecurityPkg/Library/FmpAuthenticationPkcs7Lib/FmpAuthenticationPkcs7Lib.uni b/SecurityPkg/Library/FmpAuthenticationPkcs7Lib/FmpAuthenticationPkcs7Lib.uni new file mode 100644 index 0000000..d327e53 --- /dev/null +++ b/SecurityPkg/Library/FmpAuthenticationPkcs7Lib/FmpAuthenticationPkcs7Lib.uni @@ -0,0 +1,26 @@ +// /** @file +// FMP Authentication PKCS7 handler. +// +// This library provide FMP Authentication PKCS7 handler to verify EFI_FIRMWARE_IMAGE_AUTHENTICATION. +// +// Caution: This module requires additional review when modified. +// This library will have external input - capsule image. +// This external input must be validated carefully to avoid security issues such as +// buffer overflow or integer overflow. +// +// Copyright (c) 2016, Intel Corporation. All rights reserved.
+// +// This program and the accompanying materials +// are licensed and made available under the terms and conditions of the BSD License +// which accompanies this distribution. The full text of the license may be found at +// http://opensource.org/licenses/bsd-license.php +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "FMP Authentication PKCS7 handler." + +#string STR_MODULE_DESCRIPTION #language en-US "This library provide FMP Authentication PKCS7 handler to verify EFI_FIRMWARE_IMAGE_AUTHENTICATION." + -- 2.7.4.windows.1