sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update CryptoPkg for new ciphers (HMAC, Block Cipher, etc) supports.

Browse Source 
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10997 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
qlong
2010-11-02 06:06:38 +00:00
parent 85c0b5ee7f
commit a8c4464502
32 changed files with 5292 additions and 610 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
CryptoPkg/Application/Cryptest/AuthenticodeVerify.c
View File

@@ -12,11 +12,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/BaseCryptLib.h>
#include "Cryptest.h"
//
// DER encoding of SpcIndirectDataContent (Authenticode-specific Structure)
@@ -656,3 +652,30 @@ AuthenticodeVerify (
return Status;
}
/**
Validate UEFI-OpenSSL PKCS#7 Verification Interfaces.
@retval EFI_SUCCESS Validation succeeded.
@retval EFI_ABORTED Validation failed.
**/
EFI_STATUS
ValidateAuthenticode (
VOID
)
{
Print (L"\nUEFI-OpenSSL PKCS#7-Signed-Data Testing: ");
Print (L"\n- Authenticode (PKCS#7 Signed Data) Verification ... ");
if (AuthenticodeVerify ()) {
Print (L"[Pass]");
} else {
Print (L"[Fail]");
}
Print (L"\n");
return EFI_SUCCESS;
}

473
CryptoPkg/Application/Cryptest/BlockCipherVerify.c Normal file
View File

@@ -0,0 +1,473 @@
/** @file
Application for Block Cipher Primitives Validation.
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "Cryptest.h"
//
// TDES test vectors are extracted from OpenSSL 0.9.8l, crypto\des\destest.c
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 TdesEcbData[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 TdesEcbKey[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 TdesEcbCipher[] = {
0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7,
};
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 TdesEcb2Cipher[] = {
0x92, 0x95, 0xB5, 0x9B, 0xB3, 0x84, 0x73, 0x6E,
};
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 TdesCbcData[] = {
0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x20,
0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
0x68, 0x65, 0x20, 0x74, 0x69, 0x6D, 0x65, 0x20
};
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 TdesCbcKey[] = {
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
};
GLOBAL_REMOVE_IF_UNREFERENCED UINT8 TdesCbcIvec[] = {
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
};
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 TdesCbc3Cipher[] = {
0x3F, 0xE3, 0x01, 0xC9, 0x62, 0xAC, 0x01, 0xD0,
0x22, 0x13, 0x76, 0x3C, 0x1C, 0xBD, 0x4C, 0xDC,
0x79, 0x96, 0x57, 0xC0, 0x64, 0xEC, 0xF5, 0xD4
};
//
// AES test vectors are from NIST KAT of AES
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Aes128EcbData[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Aes128EcbKey[] = {
0x10, 0xa5, 0x88, 0x69, 0xd7, 0x4b, 0xe5, 0xa3, 0x74, 0xcf, 0x86, 0x7c, 0xfb, 0x47, 0x38, 0x59
};
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Aes128EcbCipher[] = {
0x6d, 0x25, 0x1e, 0x69, 0x44, 0xb0, 0x51, 0xe0, 0x4e, 0xaa, 0x6f, 0xb4, 0xdb, 0xf7, 0x84, 0x65
};
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Aes192EcbData[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Aes192EcbKey[] = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
};
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Aes192EcbCipher[] = {
0xdd, 0x8a, 0x49, 0x35, 0x14, 0x23, 0x1c, 0xbf, 0x56, 0xec, 0xce, 0xe4, 0xc4, 0x08, 0x89, 0xfb
};
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Aes256EcbData[] = {
0x01, 0x47, 0x30, 0xf8, 0x0a, 0xc6, 0x25, 0xfe, 0x84, 0xf0, 0x26, 0xc6, 0x0b, 0xfd, 0x54, 0x7d
};
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Aes256EcbKey[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Aes256EcbCipher[] = {
0x5c, 0x9d, 0x84, 0x4e, 0xd4, 0x6f, 0x98, 0x85, 0x08, 0x5e, 0x5d, 0x6a, 0x4f, 0x94, 0xc7, 0xd7
};
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Aes128CbcData[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
};
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Aes128CbcKey[] = {
0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0, 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a
};
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Aes128CbcIvec[] = {
0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28, 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58
};
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Aes128CbcCipher[] = {
0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a, 0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a,
0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9, 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1
};
//
// ARC4 Test Vector defined in "Appendix A.1 Test Vectors from [CRYPTLIB]" of
// IETF Draft draft-kaukonen-cipher-arcfour-03 ("A Stream Cipher Encryption Algorithm 'Arcfour'").
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Arc4Data[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Arc4Key[] = {
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF
};
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Arc4Cipher[] = {
0x74, 0x94, 0xC2, 0xE7, 0x10, 0x4B, 0x08, 0x79
};
/**
Validate UEFI-OpenSSL Block Ciphers (Symmetric Crypto) Interfaces.
@retval EFI_SUCCESS Validation succeeded.
@retval EFI_ABORTED Validation failed.
**/
EFI_STATUS
ValidateCryptBlockCipher (
VOID
)
{
UINTN CtxSize;
VOID *CipherCtx;
UINT8 Encrypt[256];
UINT8 Decrypt[256];
BOOLEAN Status;
Print (L"\nUEFI-OpenSSL Block Cipher Engine Testing: ");
CtxSize = TdesGetContextSize ();
CipherCtx = AllocatePool (CtxSize);
Print (L"\n- TDES Validation: ");
Print (L"ECB... ");
//
// TDES ECB Validation
//
ZeroMem (Encrypt, sizeof (Encrypt));
ZeroMem (Decrypt, sizeof (Decrypt));
Status = TdesInit (CipherCtx, TdesEcbKey, 64);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Status = TdesEcbEncrypt (CipherCtx, TdesEcbData, 8, Encrypt);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Status = TdesEcbDecrypt (CipherCtx, Encrypt, 8, Decrypt);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (CompareMem (Encrypt, TdesEcbCipher, 8) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (CompareMem (Decrypt, TdesEcbData, 8) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"EDE2 ECB... ");
//
// TDES EDE2 ECB Validation
//
ZeroMem (Encrypt, sizeof (Encrypt));
ZeroMem (Decrypt, sizeof (Decrypt));
Status = TdesInit (CipherCtx, TdesEcbKey, 128);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Status = TdesEcbEncrypt (CipherCtx, TdesEcbData, 8, Encrypt);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Status = TdesEcbDecrypt (CipherCtx, Encrypt, 8, Decrypt);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (CompareMem (Encrypt, TdesEcb2Cipher, 8) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (CompareMem (Decrypt, TdesEcbData, 8) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"EDE3 CBC... ");
//
// TDES EDE3 CBC Validation
//
ZeroMem (Encrypt, 256);
ZeroMem (Decrypt, 256);
Status = TdesInit (CipherCtx, TdesCbcKey, 192);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Status = TdesCbcEncrypt (CipherCtx, TdesCbcData, sizeof (TdesCbcData), TdesCbcIvec, Encrypt);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Status = TdesCbcDecrypt (CipherCtx, Encrypt, sizeof (TdesCbcData), TdesCbcIvec, Decrypt);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (CompareMem (Encrypt, TdesCbc3Cipher, sizeof (TdesCbc3Cipher)) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (CompareMem (Decrypt, TdesCbcData, sizeof (TdesCbcData)) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"[Pass]");
FreePool (CipherCtx);
CtxSize = AesGetContextSize ();
CipherCtx = AllocatePool (CtxSize);
Print (L"\n- AES Validation: ");
Print (L"ECB-128... ");
//
// AES-128 ECB Validation
//
ZeroMem (Encrypt, sizeof (Encrypt));
ZeroMem (Decrypt, sizeof (Decrypt));
Status = AesInit (CipherCtx, Aes128EcbKey, 128);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Status = AesEcbEncrypt (CipherCtx, Aes128EcbData, sizeof (Aes128EcbData), Encrypt);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Status = AesEcbDecrypt (CipherCtx, Encrypt, sizeof (Aes128EcbData), Decrypt);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (CompareMem (Encrypt, Aes128EcbCipher, sizeof (Aes128EcbCipher)) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (CompareMem (Decrypt, Aes128EcbData, sizeof (Aes128EcbData)) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"ECB-192... ");
//
// AES-192 ECB Validation
//
ZeroMem (Encrypt, sizeof (Encrypt));
ZeroMem (Decrypt, sizeof (Decrypt));
Status = AesInit (CipherCtx, Aes192EcbKey, 192);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Status = AesEcbEncrypt (CipherCtx, Aes192EcbData, sizeof (Aes192EcbData), Encrypt);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Status = AesEcbDecrypt (CipherCtx, Encrypt, sizeof (Aes192EcbData), Decrypt);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (CompareMem (Encrypt, Aes192EcbCipher, sizeof (Aes192EcbCipher)) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (CompareMem (Decrypt, Aes192EcbData, sizeof (Aes192EcbData)) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"ECB-256... ");
//
// AES-256 ECB Validation
//
ZeroMem (Encrypt, sizeof (Encrypt));
ZeroMem (Decrypt, sizeof (Decrypt));
Status = AesInit (CipherCtx, Aes256EcbKey, 256);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Status = AesEcbEncrypt (CipherCtx, Aes256EcbData, sizeof (Aes256EcbData), Encrypt);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Status = AesEcbDecrypt (CipherCtx, Encrypt, sizeof (Aes256EcbData), Decrypt);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (CompareMem (Encrypt, Aes256EcbCipher, sizeof (Aes256EcbCipher)) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (CompareMem (Decrypt, Aes256EcbData, sizeof (Aes256EcbData)) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"CBC-128... ");
//
// AES-128 CBC Validation
//
ZeroMem (Encrypt, sizeof (Encrypt));
ZeroMem (Decrypt, sizeof (Decrypt));
Status = AesInit (CipherCtx, Aes128CbcKey, 128);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Status = AesCbcEncrypt (CipherCtx, Aes128CbcData, sizeof (Aes128CbcData), Aes128CbcIvec, Encrypt);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Status = AesCbcDecrypt (CipherCtx, Encrypt, sizeof (Aes128CbcData), Aes128CbcIvec, Decrypt);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (CompareMem (Encrypt, Aes128CbcCipher, sizeof (Aes128CbcCipher)) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (CompareMem (Decrypt, Aes128CbcData, sizeof (Aes128CbcData)) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"[Pass]");
Print (L"\n- ARC4 Validation: ");
//
// ARC4 Validation
//
CtxSize = Arc4GetContextSize ();
CipherCtx = AllocatePool (CtxSize);
ZeroMem (Encrypt, sizeof (Encrypt));
ZeroMem (Decrypt, sizeof (Decrypt));
Status = Arc4Init (CipherCtx, Arc4Key, sizeof (Arc4Key));
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Status = Arc4Encrypt (CipherCtx, Arc4Data, sizeof (Arc4Data), Encrypt);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Status = Arc4Reset (CipherCtx);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Status = Arc4Decrypt (CipherCtx, Encrypt, sizeof (Arc4Data), Decrypt);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (CompareMem (Encrypt, Arc4Cipher, sizeof (Arc4Cipher)) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (CompareMem (Decrypt, Arc4Data, sizeof (Arc4Data)) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"[Pass]");
Print (L"\n");
return EFI_SUCCESS;
}

371
CryptoPkg/Application/Cryptest/Cryptest.c
View File

@@ -12,332 +12,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include <Uefi.h>
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/UefiLib.h>
#include <Library/UefiApplicationEntryPoint.h>
#include <Library/DebugLib.h>
#include <Library/BaseCryptLib.h>
//
// Max Known Digest Size is SHA512 Output (64 bytes) by far
//
#define MAX_DIGEST_SIZE 64
//
// Message string for digest validation
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 *HashData = "abc";
//
// Result for MD5("abc"). (From "A.5 Test suite" of IETF RFC1321)
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Md5Digest[MD5_DIGEST_SIZE] = {
0x90, 0x01, 0x50, 0x98, 0x3c, 0xd2, 0x4f, 0xb0, 0xd6, 0x96, 0x3f, 0x7d, 0x28, 0xe1, 0x7f, 0x72
};
//
// Result for SHA-1("abc"). (From "A.1 SHA-1 Example" of NIST FIPS 180-2)
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Sha1Digest[SHA1_DIGEST_SIZE] = {
0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a, 0xba, 0x3e, 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c,
0x9c, 0xd0, 0xd8, 0x9d
};
//
// Result for SHA-256("abc"). (From "B.1 SHA-256 Example" of NIST FIPS 180-2)
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Sha256Digest[SHA256_DIGEST_SIZE] = {
0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
};
//
// RSA PKCS#1 Validation Data from OpenSSL "Fips_rsa_selftest.c"
//
// Public Modulus of RSA Key
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 RsaN[] = {
0xBB, 0xF8, 0x2F, 0x09, 0x06, 0x82, 0xCE, 0x9C, 0x23, 0x38, 0xAC, 0x2B, 0x9D, 0xA8, 0x71, 0xF7,
0x36, 0x8D, 0x07, 0xEE, 0xD4, 0x10, 0x43, 0xA4, 0x40, 0xD6, 0xB6, 0xF0, 0x74, 0x54, 0xF5, 0x1F,
0xB8, 0xDF, 0xBA, 0xAF, 0x03, 0x5C, 0x02, 0xAB, 0x61, 0xEA, 0x48, 0xCE, 0xEB, 0x6F, 0xCD, 0x48,
0x76, 0xED, 0x52, 0x0D, 0x60, 0xE1, 0xEC, 0x46, 0x19, 0x71, 0x9D, 0x8A, 0x5B, 0x8B, 0x80, 0x7F,
0xAF, 0xB8, 0xE0, 0xA3, 0xDF, 0xC7, 0x37, 0x72, 0x3E, 0xE6, 0xB4, 0xB7, 0xD9, 0x3A, 0x25, 0x84,
0xEE, 0x6A, 0x64, 0x9D, 0x06, 0x09, 0x53, 0x74, 0x88, 0x34, 0xB2, 0x45, 0x45, 0x98, 0x39, 0x4E,
0xE0, 0xAA, 0xB1, 0x2D, 0x7B, 0x61, 0xA5, 0x1F, 0x52, 0x7A, 0x9A, 0x41, 0xF6, 0xC1, 0x68, 0x7F,
0xE2, 0x53, 0x72, 0x98, 0xCA, 0x2A, 0x8F, 0x59, 0x46, 0xF8, 0xE5, 0xFD, 0x09, 0x1D, 0xBD, 0xCB
};
// Public Exponent of RSA Key
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 RsaE[] = { 0x11 };
// Known Answer Test (KAT) Data for RSA PKCS#1 Signing
GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 RsaSignData[] = "OpenSSL FIPS 140-2 Public Key RSA KAT";
// Known Signature for the above message, under SHA-1 Digest
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 RsaPkcs1Signature[] = {
0x71, 0xEE, 0x1A, 0xC0, 0xFE, 0x01, 0x93, 0x54, 0x79, 0x5C, 0xF2, 0x4C, 0x4A, 0xFD, 0x1A, 0x05,
0x8F, 0x64, 0xB1, 0x6D, 0x61, 0x33, 0x8D, 0x9B, 0xE7, 0xFD, 0x60, 0xA3, 0x83, 0xB5, 0xA3, 0x51,
0x55, 0x77, 0x90, 0xCF, 0xDC, 0x22, 0x37, 0x8E, 0xD0, 0xE1, 0xAE, 0x09, 0xE3, 0x3D, 0x1E, 0xF8,
0x80, 0xD1, 0x8B, 0xC2, 0xEC, 0x0A, 0xD7, 0x6B, 0x88, 0x8B, 0x8B, 0xA1, 0x20, 0x22, 0xBE, 0x59,
0x5B, 0xE0, 0x23, 0x24, 0xA1, 0x49, 0x30, 0xBA, 0xA9, 0x9E, 0xE8, 0xB1, 0x8A, 0x62, 0x16, 0xBF,
0x4E, 0xCA, 0x2E, 0x4E, 0xBC, 0x29, 0xA8, 0x67, 0x13, 0xB7, 0x9F, 0x1D, 0x04, 0x44, 0xE5, 0x5F,
0x35, 0x07, 0x11, 0xBC, 0xED, 0x19, 0x37, 0x21, 0xCF, 0x23, 0x48, 0x1F, 0x72, 0x05, 0xDE, 0xE6,
0xE8, 0x7F, 0x33, 0x8A, 0x76, 0x4B, 0x2F, 0x95, 0xDF, 0xF1, 0x5F, 0x84, 0x80, 0xD9, 0x46, 0xB4
};
/**
Validate MSFT Authenticode using PKCS#7 Verification Interfaces.
@return EFI_SUCCESS Validation succeeds.
**/
BOOLEAN
AuthenticodeVerify (
VOID
);
/**
Validate UEFI-OpenSSL Digest Interfaces.
@return EFI_SUCCESS Validation succeeded.
**/
EFI_STATUS
ValidateCryptDigest (
VOID
)
{
UINTN CtxSize;
VOID *HashCtx;
UINTN DataSize;
UINT8 Digest[MAX_DIGEST_SIZE];
UINTN Index;
BOOLEAN Status;
Print (L" UEFI-OpenSSL Hash Engine Testing (Hashing(\"abc\")): ");
DataSize = AsciiStrLen (HashData);
//
// MD5 Digest Validation
//
ZeroMem (Digest, MAX_DIGEST_SIZE);
CtxSize = Md5GetContextSize ();
HashCtx = AllocatePool (CtxSize);
Status = Md5Init (HashCtx);
Status = Md5Update (HashCtx, HashData, DataSize);
Status = Md5Final (HashCtx, Digest);
FreePool (HashCtx);
Print (L"\n - MD5 Digest: \n = 0x");
for (Index = 0; Index < MD5_DIGEST_SIZE; Index++) {
Print (L"%02x", Digest[Index]);
}
if (CompareMem (Digest, Md5Digest, MD5_DIGEST_SIZE) == 0) {
Print (L" [Pass]");
} else {
Print (L" [Failed]");
}
//
// SHA-1 Digest Validation
//
ZeroMem (Digest, MAX_DIGEST_SIZE);
CtxSize = Sha1GetContextSize ();
HashCtx = AllocatePool (CtxSize);
Status = Sha1Init (HashCtx);
Status = Sha1Update (HashCtx, HashData, DataSize);
Status = Sha1Final (HashCtx, Digest);
FreePool (HashCtx);
Print (L"\n - SHA-1 Digest: \n = 0x");
for (Index = 0; Index < SHA1_DIGEST_SIZE; Index++) {
Print (L"%02x", Digest[Index]);
}
if (CompareMem (Digest, Sha1Digest, SHA1_DIGEST_SIZE) == 0) {
Print (L" [Pass]");
} else {
Print (L" [Failed]");
}
//
// SHA256 Digest Validation
//
ZeroMem (Digest, MAX_DIGEST_SIZE);
CtxSize = Sha256GetContextSize ();
HashCtx = AllocatePool (CtxSize);
Status = Sha256Init (HashCtx);
Status = Sha256Update (HashCtx, HashData, DataSize);
Status = Sha256Final (HashCtx, Digest);
FreePool (HashCtx);
Print (L"\n - SHA-256 Digest: \n = 0x");
for (Index = 0; Index < SHA256_DIGEST_SIZE; Index++) {
Print (L"%02x", Digest[Index]);
}
if (CompareMem (Digest, Sha256Digest, SHA256_DIGEST_SIZE) == 0) {
Print (L" [Pass]");
} else {
Print (L" [Failed]");
}
Print (L"\n");
return EFI_SUCCESS;
}
/**
Validate UEFI-OpenSSL Message Authentication Codes Interfaces.
@return EFI_SUCCESS Validation succeeded.
**/
EFI_STATUS
ValidateCryptHmac (
VOID
)
{
Print (L"\n UEFI-OpenSSL HMAC Engine Testing: ");
Print (L"\n ==> No HMAC Support in Base Crypto Library!\n");
return EFI_SUCCESS;
}
/**
Validate UEFI-OpenSSL Block Ciphers (Symmetric Crypto) Interfaces.
@return EFI_SUCCESS Validation succeeded.
**/
EFI_STATUS
ValidateCryptBlockCipher (
VOID
)
{
Print (L"\n UEFI-OpenSSL Block Cipher Engine Testing: ");
Print (L"\n ==> No Block Cipher Support in Base Crypto Library!\n");
return EFI_SUCCESS;
}
/**
Validate UEFI-OpenSSL RSA Interfaces.
@return EFI_SUCCESS Validation succeeded.
**/
EFI_STATUS
ValidateCryptRsa (
VOID
)
{
VOID *Rsa;
UINT8 mHash[SHA1_DIGEST_SIZE];
UINTN HashSize;
UINTN CtxSize;
VOID *Sha1Ctx;
UINT8 *Signature;
UINTN SigSize;
BOOLEAN Status;
Print (L"\n UEFI-OpenSSL RSA Engine Testing: ");
//
// Generate & Initialize RSA Context
//
Rsa = RsaNew ();
Print (L"\n - Generate RSA Context .............. ");
if (Rsa != NULL) {
Print (L"[Pass]");
} else {
Print (L"[Failed]");
}
//
// Set RSA Key Components
// NOTE: Only N and E are needed to be set as RSA public key for signature verification
//
Print (L"\n - Set RSA Key Components ............ ");
Status = RsaSetKey (Rsa, RsaKeyN, RsaN, sizeof (RsaN));
Status = RsaSetKey (Rsa, RsaKeyE, RsaE, sizeof (RsaE));
if (Status) {
Print (L"[Pass]");
} else {
Print (L"[Failed]");
}
//
// SHA-1 Digest Message for PKCS#1 Signature
//
Print (L"\n - Hash Original Message ............. ");
HashSize = SHA1_DIGEST_SIZE;
ZeroMem (mHash, HashSize);
CtxSize = Sha1GetContextSize ();
Sha1Ctx = AllocatePool (CtxSize);
Status = Sha1Init (Sha1Ctx);
Status = Sha1Update (Sha1Ctx, RsaSignData, AsciiStrLen (RsaSignData));
Status = Sha1Final (Sha1Ctx, mHash);
FreePool (Sha1Ctx);
if (Status) {
Print (L"[Pass]");
} else {
Print (L"[Failed]");
}
//
// Verify RSA PKCS#1-encoded Signature
//
Print (L"\n - PKCS#1 Signature Verification ..... ");
SigSize = sizeof (RsaPkcs1Signature);
Signature = (UINT8 *)AllocatePool (SigSize);
CopyMem (Signature, RsaPkcs1Signature, SigSize);
Status = RsaPkcs1Verify (Rsa, mHash, HashSize, Signature, SigSize);
if (Status) {
Print (L"[Pass]");
} else {
Print (L"[Failed]");
}
//
// Release Resources
//
RsaFree (Rsa);
Print (L"\n - Release RSA Context ............... [Pass]");
Print (L"\n");
return EFI_SUCCESS;
}
/**
Validate UEFI-OpenSSL PKCS#7 Verification Interfaces.
@return EFI_SUCCESS Validation succeeded.
**/
EFI_STATUS
ValidateAuthenticode (
VOID
)
{
Print (L"\n UEFI-OpenSSL PKCS#7-Signed-Data Testing: ");
Print (L"\n - Authenticode (PKCS#7 Signed Data) Verification ... ");
if (AuthenticodeVerify ()) {
Print (L"[Pass]");
} else {
Print (L"[Failed]");
}
Print (L"\n");
return EFI_SUCCESS;
}
#include "Cryptest.h"
/**
Entry Point of Cryptographic Validation Utility.
@@ -361,12 +36,42 @@ CryptestMain (
Print (L"\nUEFI-OpenSSL Wrapper Cryptosystem Testing: \n");
Print (L"-------------------------------------------- \n");
Status = EFI_SUCCESS;
Status = ValidateCryptDigest ();
Status = ValidateCryptHmac ();
Status = ValidateCryptBlockCipher ();
Status = ValidateCryptRsa ();
Status = ValidateAuthenticode ();
RandomSeed (NULL, 0);
return Status;
Status = ValidateCryptDigest ();
if (EFI_ERROR (Status)) {
return Status;
}
Status = ValidateCryptHmac ();
if (EFI_ERROR (Status)) {
return Status;
}
Status = ValidateCryptBlockCipher ();
if (EFI_ERROR (Status)) {
return Status;
}
Status = ValidateCryptRsa ();
if (EFI_ERROR (Status)) {
return Status;
}
Status = ValidateAuthenticode ();
if (EFI_ERROR (Status)) {
return Status;
}
Status = ValidateCryptDh ();
if (EFI_ERROR (Status)) {
return Status;
}
Status = ValidateCryptPrng ();
if (EFI_ERROR (Status)) {
return Status;
}
return EFI_SUCCESS;
}

111
CryptoPkg/Application/Cryptest/Cryptest.h Normal file
View File

@@ -0,0 +1,111 @@
/** @file
Application for Cryptographic Primitives Validation.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __CRYPTEST_H__
#define __CRYPTEST_H__
#include <Uefi.h>
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/UefiLib.h>
#include <Library/UefiApplicationEntryPoint.h>
#include <Library/DebugLib.h>
#include <Library/BaseCryptLib.h>
/**
Validate UEFI-OpenSSL Digest Interfaces.
@retval EFI_SUCCESS Validation succeeded.
@retval EFI_ABORTED Validation failed.
**/
EFI_STATUS
ValidateCryptDigest (
VOID
);
/**
Validate UEFI-OpenSSL Message Authentication Codes Interfaces.
@retval EFI_SUCCESS Validation succeeded.
@retval EFI_ABORTED Validation failed.
**/
EFI_STATUS
ValidateCryptHmac (
VOID
);
/**
Validate UEFI-OpenSSL Block Ciphers (Symmetric Crypto) Interfaces.
@retval EFI_SUCCESS Validation succeeded.
@retval EFI_ABORTED Validation failed.
**/
EFI_STATUS
ValidateCryptBlockCipher (
VOID
);
/**
Validate UEFI-OpenSSL RSA Interfaces.
@retval EFI_SUCCESS Validation succeeded.
@retval EFI_ABORTED Validation failed.
**/
EFI_STATUS
ValidateCryptRsa (
VOID
);
/**
Validate UEFI-OpenSSL PKCS#7 Verification Interfaces.
@retval EFI_SUCCESS Validation succeeded.
@retval EFI_ABORTED Validation failed.
**/
EFI_STATUS
ValidateAuthenticode (
VOID
);
/**
Validate UEFI-OpenSSL DH Interfaces.
@retval EFI_SUCCESS Validation succeeded.
@retval EFI_ABORTED Validation failed.
**/
EFI_STATUS
ValidateCryptDh (
VOID
);
/**
Validate UEFI-OpenSSL pseudorandom number generator interfaces.
@retval EFI_SUCCESS Validation succeeded.
@retval EFI_ABORTED Validation failed.
**/
EFI_STATUS
ValidateCryptPrng (
VOID
);
#endif

9
CryptoPkg/Application/Cryptest/Cryptest.inf
View File

@@ -29,9 +29,16 @@
#
[Sources]
Cryptest.h
Cryptest.c
HashVerify.c
HmacVerify.c
BlockCipherVerify.c
RsaVerify.c
AuthenticodeVerify.c
DhVerify.c
RandVerify.c
[Packages]
MdePkg/MdePkg.dec
CryptoPkg/CryptoPkg.dec

117
CryptoPkg/Application/Cryptest/DhVerify.c Normal file
View File

@@ -0,0 +1,117 @@
/** @file
Application for Diffie-Hellman Primitives Validation.
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "Cryptest.h"
/**
Validate UEFI-OpenSSL DH Interfaces.
@retval EFI_SUCCESS Validation succeeded.
@retval EFI_ABORTED Validation failed.
**/
EFI_STATUS
ValidateCryptDh (
VOID
)
{
VOID *Dh1;
VOID *Dh2;
UINT8 Prime[64];
UINT8 PublicKey1[64];
UINTN PublicKey1Length;
UINT8 PublicKey2[64];
UINTN PublicKey2Length;
UINT8 Key1[64];
UINTN Key1Length;
UINT8 Key2[64];
UINTN Key2Length;
BOOLEAN Status;
Print (L"\nUEFI-OpenSSL DH Engine Testing:\n");
//
// Generate & Initialize DH Context
//
Print (L"- Context1 ... ");
Dh1 = DhNew ();
if (Dh1 == NULL) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"Context2 ... ");
Dh2 = DhNew ();
if (Dh2 == NULL) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"Parameter1 ... ");
Status = DhGenerateParameter (Dh1, 2, 64, Prime);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"Parameter2 ... ");
Status = DhSetParameter (Dh2, 2, 64, Prime);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"Generate key1 ... ");
Status = DhGenerateKey (Dh1, PublicKey1, &PublicKey1Length);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"Generate key2 ... ");
Status = DhGenerateKey (Dh2, PublicKey2, &PublicKey2Length);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"Compute key1 ... ");
Status = DhComputeKey (Dh1, PublicKey2, PublicKey2Length, Key1, &Key1Length);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"Compute key2 ... ");
Status = DhComputeKey (Dh2, PublicKey1, PublicKey1Length, Key2, &Key2Length);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"Compare Keys ... ");
if (Key1Length != Key2Length) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (CompareMem (Key1, Key2, Key1Length) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"[Pass]\n");
return EFI_SUCCESS;
}

192
CryptoPkg/Application/Cryptest/HashVerify.c Normal file
View File

@@ -0,0 +1,192 @@
/** @file
Application for Hash Primitives Validation.
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "Cryptest.h"
//
// Max Known Digest Size is SHA512 Output (64 bytes) by far
//
#define MAX_DIGEST_SIZE 64
//
// Message string for digest validation
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 *HashData = "abc";
//
// Result for MD5("abc"). (From "A.5 Test suite" of IETF RFC1321)
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Md5Digest[MD5_DIGEST_SIZE] = {
0x90, 0x01, 0x50, 0x98, 0x3c, 0xd2, 0x4f, 0xb0, 0xd6, 0x96, 0x3f, 0x7d, 0x28, 0xe1, 0x7f, 0x72
};
//
// Result for SHA-1("abc"). (From "A.1 SHA-1 Example" of NIST FIPS 180-2)
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Sha1Digest[SHA1_DIGEST_SIZE] = {
0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a, 0xba, 0x3e, 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c,
0x9c, 0xd0, 0xd8, 0x9d
};
//
// Result for SHA-256("abc"). (From "B.1 SHA-256 Example" of NIST FIPS 180-2)
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Sha256Digest[SHA256_DIGEST_SIZE] = {
0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
};
/**
Validate UEFI-OpenSSL Digest Interfaces.
@retval EFI_SUCCESS Validation succeeded.
@retval EFI_ABORTED Validation failed.
**/
EFI_STATUS
ValidateCryptDigest (
VOID
)
{
UINTN CtxSize;
VOID *HashCtx;
UINTN DataSize;
UINT8 Digest[MAX_DIGEST_SIZE];
BOOLEAN Status;
Print (L" UEFI-OpenSSL Hash Engine Testing:\n");
DataSize = AsciiStrLen (HashData);
Print (L"- MD5: ");
//
// MD5 Digest Validation
//
ZeroMem (Digest, MAX_DIGEST_SIZE);
CtxSize = Md5GetContextSize ();
HashCtx = AllocatePool (CtxSize);
Print (L"Init... ");
Status = Md5Init (HashCtx);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"Update... ");
Status = Md5Update (HashCtx, HashData, DataSize);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"Finalize... ");
Status = Md5Final (HashCtx, Digest);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
FreePool (HashCtx);
Print (L"Check Value... ");
if (CompareMem (Digest, Md5Digest, MD5_DIGEST_SIZE) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"[Pass]\n");
Print (L"- SHA1: ");
//
// SHA-1 Digest Validation
//
ZeroMem (Digest, MAX_DIGEST_SIZE);
CtxSize = Sha1GetContextSize ();
HashCtx = AllocatePool (CtxSize);
Print (L"Init... ");
Status = Sha1Init (HashCtx);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"Update... ");
Status = Sha1Update (HashCtx, HashData, DataSize);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"Finalize... ");
Status = Sha1Final (HashCtx, Digest);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
FreePool (HashCtx);
Print (L"Check Value... ");
if (CompareMem (Digest, Sha1Digest, SHA1_DIGEST_SIZE) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"[Pass]\n");
Print (L"- SHA256: ");
//
// SHA256 Digest Validation
//
ZeroMem (Digest, MAX_DIGEST_SIZE);
CtxSize = Sha256GetContextSize ();
HashCtx = AllocatePool (CtxSize);
Print (L"Init... ");
Status = Sha256Init (HashCtx);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"Update... ");
Status = Sha256Update (HashCtx, HashData, DataSize);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"Finalize... ");
Status = Sha256Final (HashCtx, Digest);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
FreePool (HashCtx);
Print (L"Check Value... ");
if (CompareMem (Digest, Sha256Digest, SHA256_DIGEST_SIZE) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"[Pass]\n");
return EFI_SUCCESS;
}

157
CryptoPkg/Application/Cryptest/HmacVerify.c Normal file
View File

@@ -0,0 +1,157 @@
/** @file
Application for HMAC Primitives Validation.
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "Cryptest.h"
//
// Max Known Digest Size is SHA512 Output (64 bytes) by far
//
#define MAX_DIGEST_SIZE 64
//
// Data string for HMAC validation
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 *HmacData = "Hi There";
//
// Key value for HMAC-MD5 validation. (From "2. Test Cases for HMAC-MD5" of IETF RFC2202)
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacMd5Key[16] = {
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
};
//
// Result for HMAC-MD5("Hi There"). (From "2. Test Cases for HMAC-MD5" of IETF RFC2202)
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacMd5Digest[] = {
0x92, 0x94, 0x72, 0x7a, 0x36, 0x38, 0xbb, 0x1c, 0x13, 0xf4, 0x8e, 0xf8, 0x15, 0x8b, 0xfc, 0x9d
};
//
// Key value for HMAC-SHA-1 validation. (From "3. Test Cases for HMAC-SHA-1" of IETF RFC2202)
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha1Key[20] = {
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b
};
//
// Result for HMAC-SHA-1 ("Hi There"). (From "3. Test Cases for HMAC-SHA-1" of IETF RFC2202)
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha1Digest[] = {
0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e,
0xf1, 0x46, 0xbe, 0x00
};
/**
Validate UEFI-OpenSSL Message Authentication Codes Interfaces.
@retval EFI_SUCCESS Validation succeeded.
@retval EFI_ABORTED Validation failed.
**/
EFI_STATUS
ValidateCryptHmac (
VOID
)
{
UINTN CtxSize;
VOID *HmacCtx;
UINT8 Digest[MAX_DIGEST_SIZE];
BOOLEAN Status;
Print (L" \nUEFI-OpenSSL HMAC Engine Testing:\n");
Print (L"- HMAC-MD5: ");
//
// HMAC-MD5 Digest Validation
//
ZeroMem (Digest, MAX_DIGEST_SIZE);
CtxSize = HmacMd5GetContextSize ();
HmacCtx = AllocatePool (CtxSize);
Print (L"Init... ");
Status = HmacMd5Init (HmacCtx, HmacMd5Key, sizeof (HmacMd5Key));
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"Update... ");
Status = HmacMd5Update (HmacCtx, HmacData, 8);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"Finalize... ");
Status = HmacMd5Final (HmacCtx, Digest);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
FreePool (HmacCtx);
Print (L"Check Value... ");
if (CompareMem (Digest, HmacMd5Digest, MD5_DIGEST_SIZE) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"[Pass]\n");
Print (L"- HMAC-SHA1: ");
//
// HMAC-SHA1 Digest Validation
//
ZeroMem (Digest, MAX_DIGEST_SIZE);
CtxSize = HmacSha1GetContextSize ();
HmacCtx = AllocatePool (CtxSize);
Print (L"Init... ");
Status = HmacSha1Init (HmacCtx, HmacSha1Key, sizeof (HmacSha1Key));
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"Update... ");
Status = HmacSha1Update (HmacCtx, HmacData, 8);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"Finalize... ");
Status = HmacSha1Final (HmacCtx, Digest);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
FreePool (HmacCtx);
Print (L"Check Value... ");
if (CompareMem (Digest, HmacSha1Digest, SHA1_DIGEST_SIZE) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Print (L"[Pass]\n");
return EFI_SUCCESS;
}

69
CryptoPkg/Application/Cryptest/RandVerify.c Normal file
View File

@@ -0,0 +1,69 @@
/** @file
Application for Pseudorandom Number Generator Validation.
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "Cryptest.h"
#define RANDOM_NUMBER_SIZE 256
CONST UINT8 SeedString[] = "This is the random seed for PRNG verification.";
UINT8 PreviousRandomBuffer[RANDOM_NUMBER_SIZE] = { 0x0 };
UINT8 RandomBuffer[RANDOM_NUMBER_SIZE] = { 0x0 };
/**
Validate UEFI-OpenSSL pseudorandom number generator interfaces.
@retval EFI_SUCCESS Validation succeeded.
@retval EFI_ABORTED Validation failed.
**/
EFI_STATUS
ValidateCryptPrng (
VOID
)
{
UINTN Index;
BOOLEAN Status;
Print (L" \nUEFI-OpenSSL PRNG Engine Testing:\n");
Print (L"- Random Generation...");
Status = RandomSeed (SeedString, sizeof (SeedString));
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
for (Index = 0; Index < 10; Index ++) {
Status = RandomBytes (RandomBuffer, RANDOM_NUMBER_SIZE);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (CompareMem (PreviousRandomBuffer, RandomBuffer, RANDOM_NUMBER_SIZE) == 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
CopyMem (PreviousRandomBuffer, RandomBuffer, RANDOM_NUMBER_SIZE);
}
Print (L"[Pass]\n");
return EFI_SUCCESS;
}

406
CryptoPkg/Application/Cryptest/RsaVerify.c Normal file
View File

@@ -0,0 +1,406 @@
/** @file
Application for RSA Primitives Validation.
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "Cryptest.h"
#define RSA_MODULUS_LENGTH 512
//
// RSA PKCS#1 Validation Data from OpenSSL "Fips_rsa_selftest.c"
//
//
// Public Modulus of RSA Key
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 RsaN[] = {
0xBB, 0xF8, 0x2F, 0x09, 0x06, 0x82, 0xCE, 0x9C, 0x23, 0x38, 0xAC, 0x2B, 0x9D, 0xA8, 0x71, 0xF7,
0x36, 0x8D, 0x07, 0xEE, 0xD4, 0x10, 0x43, 0xA4, 0x40, 0xD6, 0xB6, 0xF0, 0x74, 0x54, 0xF5, 0x1F,
0xB8, 0xDF, 0xBA, 0xAF, 0x03, 0x5C, 0x02, 0xAB, 0x61, 0xEA, 0x48, 0xCE, 0xEB, 0x6F, 0xCD, 0x48,
0x76, 0xED, 0x52, 0x0D, 0x60, 0xE1, 0xEC, 0x46, 0x19, 0x71, 0x9D, 0x8A, 0x5B, 0x8B, 0x80, 0x7F,
0xAF, 0xB8, 0xE0, 0xA3, 0xDF, 0xC7, 0x37, 0x72, 0x3E, 0xE6, 0xB4, 0xB7, 0xD9, 0x3A, 0x25, 0x84,
0xEE, 0x6A, 0x64, 0x9D, 0x06, 0x09, 0x53, 0x74, 0x88, 0x34, 0xB2, 0x45, 0x45, 0x98, 0x39, 0x4E,
0xE0, 0xAA, 0xB1, 0x2D, 0x7B, 0x61, 0xA5, 0x1F, 0x52, 0x7A, 0x9A, 0x41, 0xF6, 0xC1, 0x68, 0x7F,
0xE2, 0x53, 0x72, 0x98, 0xCA, 0x2A, 0x8F, 0x59, 0x46, 0xF8, 0xE5, 0xFD, 0x09, 0x1D, 0xBD, 0xCB
};
//
// Public Exponent of RSA Key
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 RsaE[] = { 0x11 };
//
// Private Exponent of RSA Key
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 RsaD[] = {
0xA5, 0xDA, 0xFC, 0x53, 0x41, 0xFA, 0xF2, 0x89, 0xC4, 0xB9, 0x88, 0xDB, 0x30, 0xC1, 0xCD, 0xF8,
0x3F, 0x31, 0x25, 0x1E, 0x06, 0x68, 0xB4, 0x27, 0x84, 0x81, 0x38, 0x01, 0x57, 0x96, 0x41, 0xB2,
0x94, 0x10, 0xB3, 0xC7, 0x99, 0x8D, 0x6B, 0xC4, 0x65, 0x74, 0x5E, 0x5C, 0x39, 0x26, 0x69, 0xD6,
0x87, 0x0D, 0xA2, 0xC0, 0x82, 0xA9, 0x39, 0xE3, 0x7F, 0xDC, 0xB8, 0x2E, 0xC9, 0x3E, 0xDA, 0xC9,
0x7F, 0xF3, 0xAD, 0x59, 0x50, 0xAC, 0xCF, 0xBC, 0x11, 0x1C, 0x76, 0xF1, 0xA9, 0x52, 0x94, 0x44,
0xE5, 0x6A, 0xAF, 0x68, 0xC5, 0x6C, 0x09, 0x2C, 0xD3, 0x8D, 0xC3, 0xBE, 0xF5, 0xD2, 0x0A, 0x93,
0x99, 0x26, 0xED, 0x4F, 0x74, 0xA1, 0x3E, 0xDD, 0xFB, 0xE1, 0xA1, 0xCE, 0xCC, 0x48, 0x94, 0xAF,
0x94, 0x28, 0xC2, 0xB7, 0xB8, 0x88, 0x3F, 0xE4, 0x46, 0x3A, 0x4B, 0xC8, 0x5B, 0x1C, 0xB3, 0xC1
};
//
// Known Answer Test (KAT) Data for RSA PKCS#1 Signing
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 RsaSignData[] = "OpenSSL FIPS 140-2 Public Key RSA KAT";
//
// Known Signature for the above message, under SHA-1 Digest
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 RsaPkcs1Signature[] = {
0x71, 0xEE, 0x1A, 0xC0, 0xFE, 0x01, 0x93, 0x54, 0x79, 0x5C, 0xF2, 0x4C, 0x4A, 0xFD, 0x1A, 0x05,
0x8F, 0x64, 0xB1, 0x6D, 0x61, 0x33, 0x8D, 0x9B, 0xE7, 0xFD, 0x60, 0xA3, 0x83, 0xB5, 0xA3, 0x51,
0x55, 0x77, 0x90, 0xCF, 0xDC, 0x22, 0x37, 0x8E, 0xD0, 0xE1, 0xAE, 0x09, 0xE3, 0x3D, 0x1E, 0xF8,
0x80, 0xD1, 0x8B, 0xC2, 0xEC, 0x0A, 0xD7, 0x6B, 0x88, 0x8B, 0x8B, 0xA1, 0x20, 0x22, 0xBE, 0x59,
0x5B, 0xE0, 0x23, 0x24, 0xA1, 0x49, 0x30, 0xBA, 0xA9, 0x9E, 0xE8, 0xB1, 0x8A, 0x62, 0x16, 0xBF,
0x4E, 0xCA, 0x2E, 0x4E, 0xBC, 0x29, 0xA8, 0x67, 0x13, 0xB7, 0x9F, 0x1D, 0x04, 0x44, 0xE5, 0x5F,
0x35, 0x07, 0x11, 0xBC, 0xED, 0x19, 0x37, 0x21, 0xCF, 0x23, 0x48, 0x1F, 0x72, 0x05, 0xDE, 0xE6,
0xE8, 0x7F, 0x33, 0x8A, 0x76, 0x4B, 0x2F, 0x95, 0xDF, 0xF1, 0x5F, 0x84, 0x80, 0xD9, 0x46, 0xB4
};
//
// Default public key 0x10001 = 65537
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 DefaultPublicKey[] = {
0x01, 0x00, 0x01
};
/**
Validate UEFI-OpenSSL RSA Interfaces.
@retval EFI_SUCCESS Validation succeeded.
@retval EFI_ABORTED Validation failed.
**/
EFI_STATUS
ValidateCryptRsa (
VOID
)
{
VOID *Rsa;
UINT8 HashValue[SHA1_DIGEST_SIZE];
UINTN HashSize;
UINTN CtxSize;
VOID *Sha1Ctx;
UINT8 *Signature;
UINTN SigSize;
BOOLEAN Status;
UINTN KeySize;
UINT8 *KeyBuffer;
Print (L"\nUEFI-OpenSSL RSA Engine Testing: ");
//
// Generate & Initialize RSA Context
//
Rsa = RsaNew ();
Print (L"\n- Generate RSA Context ... ");
if (Rsa == NULL) {
Print (L"[Fail]");
return EFI_ABORTED;
}
//
// Set/Get RSA Key Components
//
Print (L"Set/Get RSA Key Components ... ");
//
// Set/Get RSA Key N
//
Status = RsaSetKey (Rsa, RsaKeyN, RsaN, sizeof (RsaN));
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
KeySize = 0;
Status = RsaGetKey (Rsa, RsaKeyN, NULL, &KeySize);
if (Status || KeySize != sizeof (RsaN)) {
Print (L"[Fail]");
return EFI_ABORTED;
}
KeyBuffer = AllocatePool (KeySize);
Status = RsaGetKey (Rsa, RsaKeyN, KeyBuffer, &KeySize);
if (!Status || KeySize != sizeof (RsaN)) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (CompareMem (KeyBuffer, RsaN, KeySize) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
FreePool (KeyBuffer);
//
// Set/Get RSA Key E
//
Status = RsaSetKey (Rsa, RsaKeyE, RsaE, sizeof (RsaE));
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
KeySize = 0;
Status = RsaGetKey (Rsa, RsaKeyE, NULL, &KeySize);
if (Status || KeySize != sizeof (RsaE)) {
Print (L"[Fail]");
return EFI_ABORTED;
}
KeyBuffer = AllocatePool (KeySize);
Status = RsaGetKey (Rsa, RsaKeyE, KeyBuffer, &KeySize);
if (!Status || KeySize != sizeof (RsaE)) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (CompareMem (KeyBuffer, RsaE, KeySize) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
FreePool (KeyBuffer);
//
// Clear/Get RSA Key Components
//
Print (L"Clear/Get RSA Key Components ... ");
//
// Clear/Get RSA Key N
//
Status = RsaSetKey (Rsa, RsaKeyN, NULL, 0);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
KeySize = 1;
Status = RsaGetKey (Rsa, RsaKeyN, NULL, &KeySize);
if (!Status || KeySize != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
//
// Clear/Get RSA Key E
//
Status = RsaSetKey (Rsa, RsaKeyE, NULL, 0);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
KeySize = 1;
Status = RsaGetKey (Rsa, RsaKeyE, NULL, &KeySize);
if (!Status || KeySize != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
//
// Generate RSA Key Components
//
Print (L"Generate RSA Key Components ... ");
Status = RsaGenerateKey (Rsa, RSA_MODULUS_LENGTH, NULL, 0);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
KeySize = RSA_MODULUS_LENGTH / 8;
KeyBuffer = AllocatePool (KeySize);
Status = RsaGetKey (Rsa, RsaKeyE, KeyBuffer, &KeySize);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (KeySize != 3 ||
CompareMem (KeyBuffer, DefaultPublicKey, 3) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
KeySize = RSA_MODULUS_LENGTH / 8;
Status = RsaGetKey (Rsa, RsaKeyN, KeyBuffer, &KeySize);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (KeySize != RSA_MODULUS_LENGTH / 8) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (!RsaCheckKey (Rsa)) {
Print (L"[Fail]");
return EFI_ABORTED;
}
//
// Check invalid RSA key components
//
Print (L"Check Invalid RSA Key Components ... ");
Status = RsaSetKey (Rsa, RsaKeyN, RsaN, sizeof (RsaN));
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (RsaCheckKey (Rsa)) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Status = RsaSetKey (Rsa, RsaKeyN, KeyBuffer, KeySize);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (!RsaCheckKey (Rsa)) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Status = RsaSetKey (Rsa, RsaKeyE, RsaE, sizeof (RsaE));
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (RsaCheckKey (Rsa)) {
Print (L"[Fail]");
return EFI_ABORTED;
}
FreePool (KeyBuffer);
//
// SHA-1 Digest Message for PKCS#1 Signature
//
Print (L"Hash Original Message ... ");
HashSize = SHA1_DIGEST_SIZE;
ZeroMem (HashValue, HashSize);
CtxSize = Sha1GetContextSize ();
Sha1Ctx = AllocatePool (CtxSize);
Status = Sha1Init (Sha1Ctx);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Status = Sha1Update (Sha1Ctx, RsaSignData, AsciiStrLen (RsaSignData));
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Status = Sha1Final (Sha1Ctx, HashValue);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
FreePool (Sha1Ctx);
//
// Sign RSA PKCS#1-encoded Signature
//
Print (L"PKCS#1 Signature ... ");
RsaFree (Rsa);
Rsa = RsaNew ();
if (Rsa == NULL) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Status = RsaSetKey (Rsa, RsaKeyN, RsaN, sizeof (RsaN));
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Status = RsaSetKey (Rsa, RsaKeyE, RsaE, sizeof (RsaE));
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Status = RsaSetKey (Rsa, RsaKeyD, RsaD, sizeof (RsaD));
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
SigSize = 0;
Status = RsaPkcs1Sign (Rsa, HashValue, HashSize, NULL, &SigSize);
if (Status || SigSize == 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
Signature = AllocatePool (SigSize);
Status = RsaPkcs1Sign (Rsa, HashValue, HashSize, Signature, &SigSize);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (SigSize != sizeof (RsaPkcs1Signature)) {
Print (L"[Fail]");
return EFI_ABORTED;
}
if (CompareMem (Signature, RsaPkcs1Signature, SigSize) != 0) {
Print (L"[Fail]");
return EFI_ABORTED;
}
//
// Verify RSA PKCS#1-encoded Signature
//
Print (L"PKCS#1 Signature Verification ... ");
Status = RsaPkcs1Verify (Rsa, HashValue, HashSize, Signature, SigSize);
if (!Status) {
Print (L"[Fail]");
return EFI_ABORTED;
}
//
// Release Resources
//
RsaFree (Rsa);
Print (L"Release RSA Context ... [Pass]");
Print (L"\n");
return EFI_SUCCESS;
}