From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga02.intel.com (mga02.intel.com [134.134.136.20])
 by mx.groups.io with SMTP id smtpd.web09.199.1607538825216147333
 for <devel@edk2.groups.io>;
 Wed, 09 Dec 2020 10:33:46 -0800
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.20, mailfrom: divneil.r.wadhawan@intel.com)
IronPort-SDR: CreBqDdpZHDmBDmEQuq16y0Bn2Wxzq240oLe/yLhf9cv3k0E4GCmrzCnoTUqnUB/BXiFeF8QdR
 7LefjKabOpNg==
X-IronPort-AV: E=McAfee;i="6000,8403,9830"; a="161177005"
X-IronPort-AV: E=Sophos;i="5.78,405,1599548400"; 
   d="scan'208";a="161177005"
Received: from orsmga008.jf.intel.com ([10.7.209.65])
  by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Dec 2020 10:33:44 -0800
IronPort-SDR: RtF9qLzE9UM2yTdacZd9s8T7CrwpONQod2tZZX5bAV4D1FTOYQFJmPvdddvUZkoO/oCVH0b6aS
 UzfYxGSbfYDA==
X-IronPort-AV: E=Sophos;i="5.78,405,1599548400"; 
   d="scan'208";a="364253181"
Received: from drwadhaw-mobl.gar.corp.intel.com ([10.252.166.106])
  by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Dec 2020 10:33:41 -0800
From: "Wadhawan, Divneil R" <divneil.r.wadhawan@intel.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Min Xu <min.m.xu@intel.com>,
	Michael D Kinney <michael.d.kinney@intel.com>
Subject: [Patch 2/2] SecurityPkg: Add support for SHA-384/SHA-512 digest algos
Date: Thu, 10 Dec 2020 00:02:43 +0530
Message-Id: <20201209183243.30504-3-divneil.r.wadhawan@intel.com>
X-Mailer: git-send-email 2.16.2.windows.1
In-Reply-To: <20201209183243.30504-1-divneil.r.wadhawan@intel.com>
References: <20201209183243.30504-1-divneil.r.wadhawan@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

o Existing implementation of Authenticated Variables only
  support SHA-256 digest algorithms in signing scheme.

o This has been extended to support SHA-384 and SHA-512 algorithms

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>

Signed-off-by: Divneil Rai Wadhawan <divneil.r.wadhawan@intel.com>
---
 SecurityPkg/Library/AuthVariableLib/AuthService.c |  8 +++--
 AuthVariableDigestUpdate.md                       | 41 +++++++++++++++++++++++
 2 files changed, 47 insertions(+), 2 deletions(-)
 create mode 100644 AuthVariableDigestUpdate.md

diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c
index 4fb609504d..8f024c42a8 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -35,6 +35,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
 
 CONST UINT8 mSha256OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01 };
+CONST UINT8 mSha384OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02 };
+CONST UINT8 mSha512OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03 };
 
 //
 // Requirement for different signature type which have been defined in UEFI spec.
@@ -1901,7 +1903,7 @@ VerifyTimeBasedPayload (
 
   //
   // SignedData.digestAlgorithms shall contain the digest algorithm used when preparing the
-  // signature. Only a digest algorithm of SHA-256 is accepted.
+  // signature. Digest algorithm of SHA-256, SHA-384, SHA-512 are accepted.
   //
   //    According to PKCS#7 Definition:
   //        SignedData ::= SEQUENCE {
@@ -1916,7 +1918,9 @@ VerifyTimeBasedPayload (
   if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
     if (SigDataSize >= (13 + sizeof (mSha256OidValue))) {
       if (((*(SigData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) ||
-           (CompareMem (SigData + 13, &mSha256OidValue, sizeof (mSha256OidValue)) != 0)) {
+           ((CompareMem (SigData + 13, &mSha256OidValue, sizeof (mSha256OidValue)) != 0) &&
+            (CompareMem (SigData + 13, &mSha384OidValue, sizeof (mSha384OidValue)) != 0) &&
+            (CompareMem (SigData + 13, &mSha512OidValue, sizeof (mSha512OidValue)) != 0))) {
           return EFI_SECURITY_VIOLATION;
         }
     }
diff --git a/AuthVariableDigestUpdate.md b/AuthVariableDigestUpdate.md
new file mode 100644
index 0000000000..10992845a4
--- /dev/null
+++ b/AuthVariableDigestUpdate.md
@@ -0,0 +1,41 @@
+# Title: Digest Algorithm flexibility in Authenticated Variable signatures
+
+# Status: Draft
+
+# Document: UEFI Specification Version 2.8
+
+# License
+
+SPDX-License-Identifier: CC-BY-4.0
+
+# Submitter: [TianoCore Community](https://www.tianocore.org)
+
+# Summary of the change
+EFI_VARIABLE_AUTHENTICATION_2 specifies the SignedData.digestAlgorithms to be always
+SHA256. The implication is that the signing algorithm can use RSA keys greater than
+2048 bits, but the digest algorithm remains SHA256. The proposed change is to allow
+digest algorithm to be greater than SHA256.
+
+# Benefits of the change
+This brings agility to the signing mechanism of Authenticated variables by allowing
+it to sign a larger digest.
+
+# Impact of the change
+There is no impact on the existing Authenticated variables.
+
+# Detailed description of the change [normative updates]
+
+<b>Bold text</b> indicates the proposed change
+
+8.2.2 Using the EFI_VARIABLE_AUTHENTICATION_2 descriptor
+When the attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is set, then the Data buffer shall begin with an instance of a complete (and serialized) ...
+
+Construct a DER-encoded PKCS #7 version 1.5 SignedData (see [RFC2315]) with the signed content as follows:
+
+a. SignedData.version shall be set to 1
+
+b. SignedData.digestAlgorithms shall contain the digest algorithm used when preparing the signature. <b>Only a digest algorithm greater than or equal to SHA-256 is accepted.</b>
+
+
+# Special Instructions
+NA
-- 
2.16.2.windows.1