[EXTERNAL] [edk2-devel] [Patch 2/2] SecurityPkg: Add support for SHA-384/SHA-512 digest algos

Michael D Kinney michael.d.kinney at intel.com
Wed Dec 9 21:46:30 UTC 2020 

Hi Bret,

I think these patches are intended for an edk2-staging branch following Code First Process.  Not root of edk2 repo.

Though unit tests for auth variables in their current form could be something that could be considered for edk2 repo now and add the unit tests for SHA extensions to edk2-staging.

Mike

From: Bret Barkelew <Bret.Barkelew at microsoft.com>
Sent: Wednesday, December 9, 2020 12:21 PM
To: devel at edk2.groups.io; Wadhawan, Divneil R <divneil.r.wadhawan at intel.com>
Cc: Yao, Jiewen <jiewen.yao at intel.com>; Wang, Jian J <jian.j.wang at intel.com>; Xu, Min M <min.m.xu at intel.com>; Kinney, Michael D <michael.d.kinney at intel.com>
Subject: RE: [EXTERNAL] [edk2-devel] [Patch 2/2] SecurityPkg: Add support for SHA-384/SHA-512 digest algos

What’s with the Markdown file being added to the root directory? Is that a mistake or part of a different release process?

Thanks!

- Bret

From: Wadhawan, Divneil R via groups.io<mailto:divneil.r.wadhawan=intel.com at groups.io>
Sent: Wednesday, December 9, 2020 10:33 AM
To: devel at edk2.groups.io<mailto:devel at edk2.groups.io>
Cc: Yao, Jiewen<mailto:jiewen.yao at intel.com>; Jian J Wang<mailto:jian.j.wang at intel.com>; Min Xu<mailto:min.m.xu at intel.com>; Kinney, Michael D<mailto:michael.d.kinney at intel.com>
Subject: [EXTERNAL] [edk2-devel] [Patch 2/2] SecurityPkg: Add support for SHA-384/SHA-512 digest algos

o Existing implementation of Authenticated Variables only
  support SHA-256 digest algorithms in signing scheme.

o This has been extended to support SHA-384 and SHA-512 algorithms

Cc: Jiewen Yao <jiewen.yao at intel.com<mailto:jiewen.yao at intel.com>>
Cc: Jian J Wang <jian.j.wang at intel.com<mailto:jian.j.wang at intel.com>>
Cc: Min Xu <min.m.xu at intel.com<mailto:min.m.xu at intel.com>>
Cc: Michael D Kinney <michael.d.kinney at intel.com<mailto:michael.d.kinney at intel.com>>

Signed-off-by: Divneil Rai Wadhawan <divneil.r.wadhawan at intel.com<mailto:divneil.r.wadhawan at intel.com>>
---
 SecurityPkg/Library/AuthVariableLib/AuthService.c |  8 +++--
 AuthVariableDigestUpdate.md                       | 41 +++++++++++++++++++++++
 2 files changed, 47 insertions(+), 2 deletions(-)
 create mode 100644 AuthVariableDigestUpdate.md

diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c
index 4fb609504d..8f024c42a8 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -35,6 +35,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };

 CONST UINT8 mSha256OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01 };
+CONST UINT8 mSha384OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02 };
+CONST UINT8 mSha512OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03 };

 //
 // Requirement for different signature type which have been defined in UEFI spec.
@@ -1901,7 +1903,7 @@ VerifyTimeBasedPayload (

   //
   // SignedData.digestAlgorithms shall contain the digest algorithm used when preparing the
-  // signature. Only a digest algorithm of SHA-256 is accepted.
+  // signature. Digest algorithm of SHA-256, SHA-384, SHA-512 are accepted.
   //
   //    According to PKCS#7 Definition:
   //        SignedData ::= SEQUENCE {
@@ -1916,7 +1918,9 @@ VerifyTimeBasedPayload (
   if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
     if (SigDataSize >= (13 + sizeof (mSha256OidValue))) {
       if (((*(SigData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) ||
-           (CompareMem (SigData + 13, &mSha256OidValue, sizeof (mSha256OidValue)) != 0)) {
+           ((CompareMem (SigData + 13, &mSha256OidValue, sizeof (mSha256OidValue)) != 0) &&
+            (CompareMem (SigData + 13, &mSha384OidValue, sizeof (mSha384OidValue)) != 0) &&
+            (CompareMem (SigData + 13, &mSha512OidValue, sizeof (mSha512OidValue)) != 0))) {
           return EFI_SECURITY_VIOLATION;
         }
     }
diff --git a/AuthVariableDigestUpdate.md b/AuthVariableDigestUpdate.md
new file mode 100644
index 0000000000..10992845a4
--- /dev/null
+++ b/AuthVariableDigestUpdate.md
@@ -0,0 +1,41 @@
+# Title: Digest Algorithm flexibility in Authenticated Variable signatures
+
+# Status: Draft
+
+# Document: UEFI Specification Version 2.8
+
+# License
+
+SPDX-License-Identifier: CC-BY-4.0
+
+# Submitter: [TianoCore Community](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.tianocore.org%2F&data=04%7C01%7CBret.Barkelew%40microsoft.com%7C5b6eb98d1288493a5f7f08d89c70f78b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637431356285650012%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=7mtSkIFgxu5iIg519YwkxjFfx6DeXOVJT67j58dHSK4%3D&reserved=0)
+
+# Summary of the change
+EFI_VARIABLE_AUTHENTICATION_2 specifies the SignedData.digestAlgorithms to be always
+SHA256. The implication is that the signing algorithm can use RSA keys greater than
+2048 bits, but the digest algorithm remains SHA256. The proposed change is to allow
+digest algorithm to be greater than SHA256.
+
+# Benefits of the change
+This brings agility to the signing mechanism of Authenticated variables by allowing
+it to sign a larger digest.
+
+# Impact of the change
+There is no impact on the existing Authenticated variables.
+
+# Detailed description of the change [normative updates]
+
+<b>Bold text</b> indicates the proposed change
+
+8.2.2 Using the EFI_VARIABLE_AUTHENTICATION_2 descriptor
+When the attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is set, then the Data buffer shall begin with an instance of a complete (and serialized) ...
+
+Construct a DER-encoded PKCS #7 version 1.5 SignedData (see [RFC2315]) with the signed content as follows:
+
+a. SignedData.version shall be set to 1
+
+b. SignedData.digestAlgorithms shall contain the digest algorithm used when preparing the signature. <b>Only a digest algorithm greater than or equal to SHA-256 is accepted.</b>
+
+
+# Special Instructions
+NA
--
2.16.2.windows.1







-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#68605): https://edk2.groups.io/g/devel/message/68605
Mute This Topic: https://groups.io/mt/78838684/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/edk2-devel-archive/attachments/20201209/846ceead/attachment.htm>

More information about the edk2-devel-archive mailing list