[edk2-devel] [Patch 2/2] SecurityPkg: Add support for SHA-384/SHA-512 digest algos

Wadhawan, Divneil R divneil.r.wadhawan at intel.com
Wed Dec 9 18:32:43 UTC 2020 

o Existing implementation of Authenticated Variables only
  support SHA-256 digest algorithms in signing scheme.

o This has been extended to support SHA-384 and SHA-512 algorithms

Cc: Jiewen Yao <jiewen.yao at intel.com>
Cc: Jian J Wang <jian.j.wang at intel.com>
Cc: Min Xu <min.m.xu at intel.com>
Cc: Michael D Kinney <michael.d.kinney at intel.com>

Signed-off-by: Divneil Rai Wadhawan <divneil.r.wadhawan at intel.com>
---
 SecurityPkg/Library/AuthVariableLib/AuthService.c |  8 +++--
 AuthVariableDigestUpdate.md                       | 41 +++++++++++++++++++++++
 2 files changed, 47 insertions(+), 2 deletions(-)
 create mode 100644 AuthVariableDigestUpdate.md

diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c
index 4fb609504d..8f024c42a8 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -35,6 +35,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
 
 CONST UINT8 mSha256OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01 };
+CONST UINT8 mSha384OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02 };
+CONST UINT8 mSha512OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03 };
 
 //
 // Requirement for different signature type which have been defined in UEFI spec.
@@ -1901,7 +1903,7 @@ VerifyTimeBasedPayload (
 
   //
   // SignedData.digestAlgorithms shall contain the digest algorithm used when preparing the
-  // signature. Only a digest algorithm of SHA-256 is accepted.
+  // signature. Digest algorithm of SHA-256, SHA-384, SHA-512 are accepted.
   //
   //    According to PKCS#7 Definition:
   //        SignedData ::= SEQUENCE {
@@ -1916,7 +1918,9 @@ VerifyTimeBasedPayload (
   if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
     if (SigDataSize >= (13 + sizeof (mSha256OidValue))) {
       if (((*(SigData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) ||
-           (CompareMem (SigData + 13, &mSha256OidValue, sizeof (mSha256OidValue)) != 0)) {
+           ((CompareMem (SigData + 13, &mSha256OidValue, sizeof (mSha256OidValue)) != 0) &&
+            (CompareMem (SigData + 13, &mSha384OidValue, sizeof (mSha384OidValue)) != 0) &&
+            (CompareMem (SigData + 13, &mSha512OidValue, sizeof (mSha512OidValue)) != 0))) {
           return EFI_SECURITY_VIOLATION;
         }
     }
diff --git a/AuthVariableDigestUpdate.md b/AuthVariableDigestUpdate.md
new file mode 100644
index 0000000000..10992845a4
--- /dev/null
+++ b/AuthVariableDigestUpdate.md
@@ -0,0 +1,41 @@
+# Title: Digest Algorithm flexibility in Authenticated Variable signatures
+
+# Status: Draft
+
+# Document: UEFI Specification Version 2.8
+
+# License
+
+SPDX-License-Identifier: CC-BY-4.0
+
+# Submitter: [TianoCore Community](https://www.tianocore.org)
+
+# Summary of the change
+EFI_VARIABLE_AUTHENTICATION_2 specifies the SignedData.digestAlgorithms to be always
+SHA256. The implication is that the signing algorithm can use RSA keys greater than
+2048 bits, but the digest algorithm remains SHA256. The proposed change is to allow
+digest algorithm to be greater than SHA256.
+
+# Benefits of the change
+This brings agility to the signing mechanism of Authenticated variables by allowing
+it to sign a larger digest.
+
+# Impact of the change
+There is no impact on the existing Authenticated variables.
+
+# Detailed description of the change [normative updates]
+
+<b>Bold text</b> indicates the proposed change
+
+8.2.2 Using the EFI_VARIABLE_AUTHENTICATION_2 descriptor
+When the attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is set, then the Data buffer shall begin with an instance of a complete (and serialized) ...
+
+Construct a DER-encoded PKCS #7 version 1.5 SignedData (see [RFC2315]) with the signed content as follows:
+
+a. SignedData.version shall be set to 1
+
+b. SignedData.digestAlgorithms shall contain the digest algorithm used when preparing the signature. <b>Only a digest algorithm greater than or equal to SHA-256 is accepted.</b>
+
+
+# Special Instructions
+NA
-- 
2.16.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#68569): https://edk2.groups.io/g/devel/message/68569
Mute This Topic: https://groups.io/mt/78836226/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list