From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id AB392820F7 for ; Wed, 15 Feb 2017 21:12:20 -0800 (PST) Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Feb 2017 21:12:20 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.35,167,1484035200"; d="scan'208";a="934480274" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by orsmga003.jf.intel.com with ESMTP; 15 Feb 2017 21:12:19 -0800 Received: from fmsmsx115.amr.corp.intel.com (10.18.116.19) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.248.2; Wed, 15 Feb 2017 21:12:19 -0800 Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by fmsmsx115.amr.corp.intel.com (10.18.116.19) with Microsoft SMTP Server (TLS) id 14.3.248.2; Wed, 15 Feb 2017 21:12:19 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.88]) by SHSMSX104.ccr.corp.intel.com ([10.239.4.70]) with mapi id 14.03.0248.002; Thu, 16 Feb 2017 13:12:17 +0800 From: "Zhang, Chao B" To: "Zhang, Lubo" , "edk2-devel@lists.01.org" CC: "Long, Qin" , "Yao, Jiewen" Thread-Topic: [patch] SecurityPkg: enhance secure boot Config Dxe & Time Based AuthVariable. 1. prohibit Image SHA-1 hash option in SecureBootConfigDxe. 2. Timebased Auth Variable driver should ensure AuthAlgorithm is SHA256 before further verification Thread-Index: AQHShm32e2ha1mdFcEq+JA3Syq1stqFrGLMg Date: Thu, 16 Feb 2017 05:12:17 +0000 Message-ID: References: <1487040982-46328-1-git-send-email-lubo.zhang@intel.com> In-Reply-To: <1487040982-46328-1-git-send-email-lubo.zhang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [patch] SecurityPkg: enhance secure boot Config Dxe & Time Based AuthVariable. 1. prohibit Image SHA-1 hash option in SecureBootConfigDxe. 2. Timebased Auth Variable driver should ensure AuthAlgorithm is SHA256 before further verification X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Feb 2017 05:12:20 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Lubo: 1. Please capitalize Hash256OidLength macro definition or simply use siz= eof(mHash256OidValue). Others are good to me. 2. Please run PatchCheck first. The title is too long to meet EDKII chec= k-in log requirement =20 -----Original Message----- From: Zhang, Lubo=20 Sent: Tuesday, February 14, 2017 10:56 AM To: edk2-devel@lists.01.org Cc: Zhang, Chao B ; Long, Qin ;= Yao, Jiewen Subject: [patch] SecurityPkg: enhance secure boot Config Dxe & Time Based A= uthVariable. 1. prohibit Image SHA-1 hash option in SecureBootConfigDxe. 2.= Timebased Auth Variable driver should ensure AuthAlgorithm is SHA256 befor= e further verification Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo Cc: Chao Zhang Cc: Long Qin Cc: Yao Jiewen --- SecurityPkg/Library/AuthVariableLib/AuthService.c | 27 ++++++++++++++++++= +++- .../Library/AuthVariableLib/AuthServiceInternal.h | 5 +++- .../SecureBootConfigDxe/SecureBootConfigImpl.c | 14 ++++------- .../SecureBootConfigDxe/SecureBootConfigImpl.h | 8 ++----- 4 files changed, 36 insertions(+), 18 deletions(-) diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPk= g/Library/AuthVariableLib/AuthService.c index b013d42..75d2290 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c @@ -16,11 +16,11 @@ =20 VerifyTimeBasedPayloadAndUpdate() and VerifyCounterBasedPayload() are su= b function to do verification. They will do basic validation for authentication data structure, then ca= ll crypto library to verify the signature. =20 -Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at http://opens= ource.org/licenses/bsd-license.php =20 @@ -34,10 +34,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITH= ER EXPRESS OR IMPLIED. // // Public Exponent of RSA Key. // CONST UINT8 mRsaE[] =3D { 0x01, 0x00, 0x01 }; =20 +CONST UINT8 mHash256OidValue[] =3D { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,=20 +0x04, 0x02, 0x01 }; + // // Requirement for different signature type which have been defined in UEF= I spec. // These data are used to perform SignatureList format check while setting= PK/KEK variable. // EFI_SIGNATURE_ITEM mSupportSigItem[] =3D { @@ -2243,10 +2245,33 @@ VerifyT= imeBasedPayload ( // SigData =3D CertData->AuthInfo.CertData; SigDataSize =3D CertData->AuthInfo.Hdr.dwLength - (UINT32) (OFFSET_OF (W= IN_CERTIFICATE_UEFI_GUID, CertData)); =20 // + // SignedData.digestAlgorithms shall contain the digest algorithm=20 + used when preparing the // signature. Only a digest algorithm of SHA-256= is accepted. + // + // According to PKCS#7 Definition: + // SignedData ::=3D SEQUENCE { + // version Version, + // digestAlgorithms DigestAlgorithmIdentifiers, + // contentInfo ContentInfo, + // .... } + // The DigestAlgorithmIdentifiers can be used to determine the hash a= lgorithm=20 + // in VARIABLE_AUTHENTICATION_2 descriptor. + // This field has the fixed offset (+13) and be calculated based on t= wo bytes of length encoding. + // + if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != =3D 0) { + if (SigDataSize >=3D (13 + Hash256OidLength)) { + if (((*(SigData + 1) & TWO_BYTE_ENCODE) !=3D TWO_BYTE_ENCODE) ||=20 + (CompareMem (SigData + 13, &mHash256OidValue, Hash256OidLength)= !=3D 0)) { + return EFI_SECURITY_VIOLATION; + } + } + } + + // // Find out the new data payload which follows Pkcs7 SignedData directly= . // PayloadPtr =3D SigData + SigDataSize; PayloadSize =3D DataSize - OFFSET_OF_AUTHINFO2_CERT_DATA - (UINTN) SigDa= taSize; =20 diff --git a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h b/Se= curityPkg/Library/AuthVariableLib/AuthServiceInternal.h index e7c4bf0..f1cf591 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h +++ b/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h @@ -10,11 +10,11 @@ The whole SMM authentication variable design relies on the integrity = of flash part and SMM. which is assumed to be protected by platform. All variable code and met= adata in flash/SMM Memory may not be modified without authorization. If platform fails to protect = these resources, the authentication service provided in this driver will be broken, and t= he behavior is undefined. =20 -Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at http://opens= ource.org/licenses/bsd-license.php =20 @@ -35,10 +35,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITH= ER EXPRESS OR IMPLIED. #include =20 #include #include =20 +#define TWO_BYTE_ENCODE 0x82 +#define Hash256OidLength 9 + /// /// Struct to record signature requirement defined by UEFI spec. /// For SigHeaderSize and SigDataSize, ((UINT32) ~0) means NO exact length= requirement for this field. /// typedef struct { diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBo= otConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/Secu= reBootConfigImpl.c index 0d96185..6f58729 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi= gImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo +++ nfigImpl.c @@ -1,9 +1,9 @@ /** @file HII Config Access protocol implementation of SecureBoot configuration mo= dule. =20 -Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at http://opens= ource.org/licenses/bsd-license.php =20 @@ -61,11 +61,10 @@ UINT8 mHashOidValue[] =3D { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, // OBJ_sha384 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, // OBJ_sha512 }; =20 HASH_TABLE mHash[] =3D { - { L"SHA1", 20, &mHashOidValue[8], 5, Sha1GetContextSize, Sha1Init, = Sha1Update, Sha1Final }, { L"SHA224", 28, &mHashOidValue[13], 9, NULL, NULL, = NULL, NULL }, { L"SHA256", 32, &mHashOidValue[22], 9, Sha256GetContextSize, Sha256Init= , Sha256Update, Sha256Final}, { L"SHA384", 48, &mHashOidValue[31], 9, Sha384GetContextSize, Sha384Init= , Sha384Update, Sha384Final}, { L"SHA512", 64, &mHashOidValue[40], 9, Sha512GetContextSize, Sha512Init= , Sha512Update, Sha512Final} }; @@ -1784,26 +1783,21 @@ HashPeImage ( =20 HashCtx =3D NULL; SectionHeader =3D NULL; Status =3D FALSE; =20 - if ((HashAlg !=3D HASHALG_SHA1) && (HashAlg !=3D HASHALG_SHA256)) { + if (HashAlg !=3D HASHALG_SHA256) { return FALSE; } =20 // // Initialize context of hash. // ZeroMem (mImageDigest, MAX_DIGEST_SIZE); =20 - if (HashAlg =3D=3D HASHALG_SHA1) { - mImageDigestSize =3D SHA1_DIGEST_SIZE; - mCertType =3D gEfiCertSha1Guid; - } else if (HashAlg =3D=3D HASHALG_SHA256) { - mImageDigestSize =3D SHA256_DIGEST_SIZE; - mCertType =3D gEfiCertSha256Guid; - } + mImageDigestSize =3D SHA256_DIGEST_SIZE; + mCertType =3D gEfiCertSha256Guid; =20 CtxSize =3D mHash[HashAlg].GetContextSize(); =20 HashCtx =3D AllocatePool (CtxSize); ASSERT (HashCtx !=3D NULL); diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBo= otConfigImpl.h b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/Secu= reBootConfigImpl.h index 5055a9e..bea9470 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi= gImpl.h +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo +++ nfigImpl.h @@ -1,10 +1,10 @@ /** @file The header file of HII Config Access protocol implementation of SecureBo= ot configuration module. =20 -Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at http://opens= ource.org/licenses/bsd-license.php =20 @@ -65,14 +65,11 @@ extern EFI_IFR_GUID_LABEL *mStartLabel; extern EFI_IFR_GUID_LABEL *mEndLabel; =20 #define MAX_CHAR 480 #define TWO_BYTE_ENCODE 0x82 =20 -// -// SHA-1 digest size in bytes. -// -#define SHA1_DIGEST_SIZE 20 + // // SHA-256 digest size in bytes // #define SHA256_DIGEST_SIZE 32 // @@ -92,11 +89,10 @@ extern EFI_IFR_GUID_LABEL *mEndLabel; #define WIN_CERT_UEFI_RSA2048_SIZE 256 =20 // // Support hash types // -#define HASHALG_SHA1 0x00000000 #define HASHALG_SHA224 0x00000001 #define HASHALG_SHA256 0x00000002 #define HASHALG_SHA384 0x00000003 #define HASHALG_SHA512 0x00000004 #define HASHALG_RAW 0x00000005 -- 1.9.5.msysgit.1