docs/master/_detect_test_key_8c_source.html

#include "FmpDxe.h"


VOID

DetectTestKey (

  VOID

  )

{

  BOOLEAN  TestKeyUsed;

  UINTN    PublicKeyDataLength;

  UINT8    *PublicKeyDataXdr;

  UINT8    *PublicKeyDataXdrEnd;

  VOID     *HashContext;

  UINT8    Digest[SHA256_DIGEST_SIZE];

  UINTN    TestKeyDigestSize;


  //

  // If PcdFmpDeviceTestKeySha256Digest is not exactly SHA256_DIGEST_SIZE bytes,

  // then skip the test key detection.

  //

  TestKeyDigestSize = PcdGetSize (PcdFmpDeviceTestKeySha256Digest);

  if (TestKeyDigestSize != SHA256_DIGEST_SIZE) {

    return;

  }


  //

  // If PcdTestKeyUsed is already TRUE, then skip test key detection

  //

  TestKeyUsed = PcdGetBool (PcdTestKeyUsed);

  if (TestKeyUsed) {

    return;

  }


  //

  // If PcdFmpDevicePkcs7CertBufferXdr is invalid, then skip test key detection

  //

  PublicKeyDataXdr    = PcdGetPtr (PcdFmpDevicePkcs7CertBufferXdr);

  PublicKeyDataXdrEnd = PublicKeyDataXdr + PcdGetSize (PcdFmpDevicePkcs7CertBufferXdr);

  if ((PublicKeyDataXdr == NULL) || (PublicKeyDataXdr == PublicKeyDataXdrEnd)) {

    return;

  }


  //

  // Allocate hash context buffer required for SHA 256

  //

  HashContext = AllocatePool (Sha256GetContextSize ());

  if (HashContext == NULL) {

    TestKeyUsed = TRUE;

  }


  //

  // Loop through all keys in PcdFmpDevicePkcs7CertBufferXdr

  //

  while (!TestKeyUsed && PublicKeyDataXdr < PublicKeyDataXdrEnd) {

    if (PublicKeyDataXdr + sizeof (UINT32) > PublicKeyDataXdrEnd) {

      //

      // Key data extends beyond end of PCD

      //

      break;

    }


    //

    // Read key length stored in big endian format

    //

    PublicKeyDataLength = SwapBytes32 (*(UINT32 *)(PublicKeyDataXdr));

    //

    // Point to the start of the key data

    //

    PublicKeyDataXdr += sizeof (UINT32);

    if (PublicKeyDataXdr + PublicKeyDataLength > PublicKeyDataXdrEnd) {

      //

      // Key data extends beyond end of PCD

      //

      break;

    }


    //

    // Hash public key from PcdFmpDevicePkcs7CertBufferXdr using SHA256.

    // If error occurs computing SHA256, then assume test key is in use.

    //

    ZeroMem (Digest, SHA256_DIGEST_SIZE);

    if (!Sha256Init (HashContext)) {

      TestKeyUsed = TRUE;

      break;

    }


    if (!Sha256Update (HashContext, PublicKeyDataXdr, PublicKeyDataLength)) {

      TestKeyUsed = TRUE;

      break;

    }


    if (!Sha256Final (HashContext, Digest)) {

      TestKeyUsed = TRUE;

      break;

    }


    //

    // Check if SHA256 hash of public key matches SHA256 hash of test key

    //

    if (CompareMem (Digest, PcdGetPtr (PcdFmpDeviceTestKeySha256Digest), SHA256_DIGEST_SIZE) == 0) {

      TestKeyUsed = TRUE;

      break;

    }


    //

    // Point to start of next key

    //

    PublicKeyDataXdr += PublicKeyDataLength;

    PublicKeyDataXdr  = (UINT8 *)ALIGN_POINTER (PublicKeyDataXdr, sizeof (UINT32));

  }


  //

  // Free hash context buffer required for SHA 256

  //

  if (HashContext != NULL) {

    FreePool (HashContext);

    HashContext = NULL;

  }


  //

  // If test key detected or an error occurred checking for the test key, then

  // set PcdTestKeyUsed to TRUE.

  //

  if (TestKeyUsed) {

    DEBUG ((DEBUG_INFO, "FmpDxe(%s): Test key detected in PcdFmpDevicePkcs7CertBufferXdr.\n", mImageIdName));

    PcdSetBoolS (PcdTestKeyUsed, TRUE);

  } else {

    DEBUG ((DEBUG_INFO, "FmpDxe(%s): No test key detected in PcdFmpDevicePkcs7CertBufferXdr.\n", mImageIdName));

  }

}

UINTN
UINT64 UINTN
Definition: ProcessorBind.h:112

Sha256GetContextSize
UINTN EFIAPI Sha256GetContextSize(VOID)
Definition: CryptSha256.c:20

Sha256Init
BOOLEAN EFIAPI Sha256Init(OUT VOID *Sha256Context)
Definition: CryptSha256.c:44

Sha256Final
BOOLEAN EFIAPI Sha256Final(IN OUT VOID *Sha256Context, OUT UINT8 *HashValue)
Definition: CryptSha256.c:161

SHA256_DIGEST_SIZE
#define SHA256_DIGEST_SIZE
Definition: BaseCryptLib.h:44

Sha256Update
BOOLEAN EFIAPI Sha256Update(IN OUT VOID *Sha256Context, IN CONST VOID *Data, IN UINTN DataSize)
Definition: CryptSha256.c:113

SwapBytes32
UINT32 EFIAPI SwapBytes32(IN UINT32 Value)
Definition: SwapBytes32.c:25

CompareMem
INTN EFIAPI CompareMem(IN CONST VOID *DestinationBuffer, IN CONST VOID *SourceBuffer, IN UINTN Length)
Definition: CompareMemWrapper.c:45

ZeroMem
VOID *EFIAPI ZeroMem(OUT VOID *Buffer, IN UINTN Length)
Definition: ZeroMemWrapper.c:38

DetectTestKey
VOID DetectTestKey(VOID)
Definition: DetectTestKey.c:23

FreePool
VOID EFIAPI FreePool(IN VOID *Buffer)
Definition: MemoryAllocationLib.c:266

mImageIdName
CHAR16 * mImageIdName
Definition: FmpDxe.c:101

FmpDxe.h

NULL
#define NULL
Definition: Base.h:319

ALIGN_POINTER
#define ALIGN_POINTER(Pointer, Alignment)
Definition: Base.h:963

TRUE
#define TRUE
Definition: Base.h:301

DEBUG
#define DEBUG(Expression)
Definition: DebugLib.h:434

PcdGetSize
#define PcdGetSize(TokenName)
Definition: PcdLib.h:440

PcdSetBoolS
#define PcdSetBoolS(TokenName, Value)
Definition: PcdLib.h:549

PcdGetBool
#define PcdGetBool(TokenName)
Definition: PcdLib.h:401

PcdGetPtr
#define PcdGetPtr(TokenName)
Definition: PcdLib.h:388

AllocatePool
VOID *EFIAPI AllocatePool(IN UINTN AllocationSize)
Definition: MemoryAllocationLib.c:195