From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Permerror (SPF Permanent Error: More than 10 MX records returned) identity=mailfrom; client-ip=134.134.136.20; helo=mga02.intel.com; envelope-from=qin.long@intel.com; receiver=edk2-devel@lists.01.org Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 4F380221EA0A1 for ; Mon, 11 Dec 2017 07:51:05 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Dec 2017 07:55:42 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.45,392,1508828400"; d="scan'208";a="584981" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by fmsmga002.fm.intel.com with ESMTP; 11 Dec 2017 07:55:42 -0800 Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.319.2; Mon, 11 Dec 2017 07:55:42 -0800 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.213]) by SHSMSX104.ccr.corp.intel.com ([169.254.5.152]) with mapi id 14.03.0319.002; Mon, 11 Dec 2017 23:55:40 +0800 From: "Long, Qin" To: Wim Vervoorn , "edk2-devel@lists.01.org" Thread-Topic: Timebased Auth Variable driver should ensure AuthAlgorithm is SHA256 before further verification Thread-Index: AdNya9oyZYrbEV5DRNS+dLMp5NzAlAAKHWrg Date: Mon, 11 Dec 2017 15:55:40 +0000 Message-ID: References: <5492e8b3cf5e4d48ab401e085a6a25e9@Eltsrv03.Eltan.local> In-Reply-To: <5492e8b3cf5e4d48ab401e085a6a25e9@Eltsrv03.Eltan.local> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiOWIxYmQ4YjUtMTFhYS00ZWQwLTg2YTctM2U4MGNhZDM1NWY4IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjIuNS4xOCIsIlRydXN0ZWRMYWJlbEhhc2giOiIxbnpVdklyZUZWcFNKK3JTMVZCdXRcL2xZdHE0SGVyeUg4dnRWcU1pOXNVdnlDKzczYmZRK3lPZ1dGMkZYSkcxMCJ9 x-ctpclassification: CTP_IC dlp-product: dlpe-windows dlp-version: 11.0.0.116 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: Timebased Auth Variable driver should ensure AuthAlgorithm is SHA256 before further verification X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Dec 2017 15:51:05 -0000 Content-Language: en-US Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, Wim Vervoorn, Yes, the logic here is a little tricky. We wouldn't like to introduce the f= ull ASN.1 parse interfaces to handle the encoding data check. So as the com= ments states, the digestAlgorithms field usually has the fixed offset (base= d on two bytes of length encoding) in one PKCS#7 signedData structure. So t= he new codes (added by that commit) used this assumption to check the Sha25= 6 OID directly.=20 // // SignedData.digestAlgorithms shall contain the digest algorithm used wh= en preparing the // signature. Only a digest algorithm of SHA-256 is accepted. // // According to PKCS#7 Definition: // SignedData ::=3D SEQUENCE { // version Version, // digestAlgorithms DigestAlgorithmIdentifiers, // contentInfo ContentInfo, // .... } // The DigestAlgorithmIdentifiers can be used to determine the hash al= gorithm=20 // in VARIABLE_AUTHENTICATION_2 descriptor. // This field has the fixed offset (+13) and be calculated based on tw= o bytes of length encoding. // ...... One typical ASN.1 structure of PKCS7 Signature is ContentInfo { contentType =3D 1.2.840.113549.1.7.2 //(signedData) content { SignedData { version =3D 1 ... } } } But please note, the PKCS#7 signedData definition for Authenticated Variabl= e in UEFI spec didn't include the contentType fields. So if you used some t= hird-party tool (e.g. OpenSSL) to generate the signedData, you need to stri= p-off some bytes.=20 See more discussion & clarifications from https://bugzilla.tianocore.org/sh= ow_bug.cgi?id=3D586 And share us the binary data for more analysis if you still have verificati= on issues.=20 Best Regards & Thanks, LONG, Qin -----Original Message----- From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Wim = Vervoorn Sent: Monday, December 11, 2017 6:40 PM To: edk2-devel@lists.01.org Subject: [edk2] Timebased Auth Variable driver should ensure AuthAlgorithm = is SHA256 before further verification Hello, We ran into issues with the Timebased Authenticated variable handling. In commit: c035e37335ae43229d7e68de74a65f2c01ebc0af This was added. This assumed the very first tag will be the Sha256 Oid. We = have noticed situations where this is the case. The question is if the check below represents the specification and the too= ls generating the databuffer should be changed. Or if this check is not cor= rect. It seems to me that the data should be parsed to check for the correc= t OID and not assume this is the first one if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != =3D 0) { if (SigDataSize >=3D (13 + sizeof (mSha256OidValue))) { if (((*(SigData + 1) & TWO_BYTE_ENCODE) !=3D TWO_BYTE_ENCODE) ||=20 (CompareMem (SigData + 13, &mSha256OidValue, sizeof (mSha256OidV= alue)) !=3D 0)) { return EFI_SECURITY_VIOLATION; } } } ---- Modified: SecurityPkg/Library/AuthVariableLib/AuthService.c Modified: SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h Best Regards, Wim Vervoorn Eltan B.V. Ambachtstraat 23 5481 SM Schijndel The Netherlands T : +31-(0)73-594 46 64 E : wvervoorn@eltan.com W : http://www.eltan.com "THIS MESSAGE CONTAINS CONFIDENTIAL INFORMATION. UNLESS YOU ARE THE INTENDE= D RECIPIENT OF THIS MESSAGE, ANY USE OF THIS MESSAGE IS STRICTLY PROHIBITED= . IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY NOTIFY THE= SENDER BY TELEPHONE +31-(0)73-5944664 OR REPLY EMAIL, AND IMMEDIATELY DELE= TE THIS MESSAGE AND ALL COPIES."=A0 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel