CryptoPkg Updates to support RFC3161 timestamp signature verification.
The main changes includes: 1. Enabling SHA384 and SHA512 digest algorithm; (Sha512.c) 2. RFC 3161 timestamp signature verification support; (CryptTs.c) 3. Fixed one ASN.1 length encoding issue in Authenticode verification routine. (CryptAuthenticode.c) 4. Add the corresponding test cases in Cryptest utility (SHA384 & SHA512 & Timestamp verification) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16339 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
48
CryptoPkg/Library/BaseCryptLib/Pk/CryptTsNull.c
Normal file
48
CryptoPkg/Library/BaseCryptLib/Pk/CryptTsNull.c
Normal file
@@ -0,0 +1,48 @@
|
||||
/** @file
|
||||
RFC3161 Timestamp Countersignature Verification Wrapper Implementation which does
|
||||
not provide real capabilities.
|
||||
|
||||
Copyright (c) 2014, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Verifies the validility of a RFC3161 Timestamp CounterSignature embedded in PE/COFF Authenticode
|
||||
signature.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] AuthData Pointer to the Authenticode Signature retrieved from signed
|
||||
PE/COFF image to be verified.
|
||||
@param[in] DataSize Size of the Authenticode Signature in bytes.
|
||||
@param[in] TsaCert Pointer to a trusted/root TSA certificate encoded in DER, which
|
||||
is used for TSA certificate chain verification.
|
||||
@param[in] CertSize Size of the trusted certificate in bytes.
|
||||
@param[out] SigningTime Return the time of timestamp generation time if the timestamp
|
||||
signature is valid.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
ImageTimestampVerify (
|
||||
IN CONST UINT8 *AuthData,
|
||||
IN UINTN DataSize,
|
||||
IN CONST UINT8 *TsaCert,
|
||||
IN UINTN CertSize,
|
||||
OUT EFI_TIME *SigningTime
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
Reference in New Issue
Block a user