#include "InternalCryptLib.h"
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/pkcs7.h>

Data Structures
struct	TS_MESSAGE_IMPRINT

struct	TS_ACCURACY

struct	TS_TST_INFO

Functions
GLOBAL_REMOVE_IF_UNREFERENCED	DECLARE_ASN1_FUNCTIONS (TS_MESSAGE_IMPRINT)

GLOBAL_REMOVE_IF_UNREFERENCED	DECLARE_ASN1_FUNCTIONS (TS_ACCURACY)

GLOBAL_REMOVE_IF_UNREFERENCED	DECLARE_ASN1_FUNCTIONS (TS_TST_INFO)

STATIC BOOLEAN	ConvertAsn1TimeToEfiTime (IN ASN1_TIME Asn1Time, OUT EFI_TIME EfiTime)

STATIC BOOLEAN	CheckTSTInfo (IN CONST TS_TST_INFO TstInfo, IN CONST UINT8 TimestampedData, IN UINTN DataSize)

STATIC BOOLEAN	TimestampTokenVerify (IN CONST UINT8 TSToken, IN UINTN TokenSize, IN CONST UINT8 TsaCert, IN UINTN CertSize, IN CONST UINT8 TimestampedData, IN UINTN DataSize, OUT EFI_TIME SigningTime)

BOOLEAN EFIAPI	ImageTimestampVerify (IN CONST UINT8 AuthData, IN UINTN DataSize, IN CONST UINT8 TsaCert, IN UINTN CertSize, OUT EFI_TIME *SigningTime)

Variables
GLOBAL_REMOVE_IF_UNREFERENCED const UINT8	mSpcRFC3161OidValue []

Detailed Description

RFC3161 Timestamp Countersignature Verification over OpenSSL. The timestamp is generated by a TimeStamping Authority (TSA) and asserts that a publisher's signature existed before the specified time. The timestamp extends the lifetime of the signature when a signing certificate expires or is later revoked.

Copyright (c) 2014 - 2017, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent

Definition in file CryptTs.c.

Function Documentation

◆ CheckTSTInfo()

STATIC BOOLEAN CheckTSTInfo	(	IN CONST TS_TST_INFO *	TstInfo,
		IN CONST UINT8 *	TimestampedData,
		IN UINTN	DataSize
	)

Check the validity of TimeStamp Token Information.

Parameters

[in]	TstInfo	Pointer to the TS_TST_INFO structure.
[in]	TimestampedData	Pointer to the data to be time-stamped.
[in]	DataSize	Size of timestamped data in bytes.

Return values

TRUE	The TimeStamp Token Information is valid.
FALSE	Invalid TimeStamp Token Information.

NOTE: Need to check if the requested and returned policies. We have no information about the Requested TSA Policy.

Definition at line 245 of file CryptTs.c.

◆ ConvertAsn1TimeToEfiTime()

STATIC BOOLEAN ConvertAsn1TimeToEfiTime	(	IN ASN1_TIME *	Asn1Time,
		OUT EFI_TIME *	EfiTime
	)

Convert ASN.1 GeneralizedTime to EFI Time.

Parameters

[in]	Asn1Time	Pointer to the ASN.1 GeneralizedTime to be converted.
[out]	SigningTime	Return the corresponding EFI Time.

Return values

TRUE	The time conversion succeeds.
FALSE	Invalid parameters.

Definition at line 162 of file CryptTs.c.

◆ DECLARE_ASN1_FUNCTIONS() [1/3]

GLOBAL_REMOVE_IF_UNREFERENCED DECLARE_ASN1_FUNCTIONS ( TS_ACCURACY )

Definition at line 78 of file CryptTs.c.

◆ DECLARE_ASN1_FUNCTIONS() [2/3]

GLOBAL_REMOVE_IF_UNREFERENCED DECLARE_ASN1_FUNCTIONS ( TS_MESSAGE_IMPRINT )

Definition at line 47 of file CryptTs.c.

◆ DECLARE_ASN1_FUNCTIONS() [3/3]

GLOBAL_REMOVE_IF_UNREFERENCED DECLARE_ASN1_FUNCTIONS ( TS_TST_INFO )

Definition at line 130 of file CryptTs.c.

◆ ImageTimestampVerify()

BOOLEAN EFIAPI ImageTimestampVerify	(	IN CONST UINT8 *	AuthData,
		IN UINTN	DataSize,
		IN CONST UINT8 *	TsaCert,
		IN UINTN	CertSize,
		OUT EFI_TIME *	SigningTime
	)

Verifies the validity of a RFC3161 Timestamp CounterSignature embedded in PE/COFF Authenticode signature.

If AuthData is NULL, then return FALSE.

Parameters

[in]	AuthData	Pointer to the Authenticode Signature retrieved from signed PE/COFF image to be verified.
[in]	DataSize	Size of the Authenticode Signature in bytes.
[in]	TsaCert	Pointer to a trusted/root TSA certificate encoded in DER, which is used for TSA certificate chain verification.
[in]	CertSize	Size of the trusted certificate in bytes.
[out]	SigningTime	Return the time of timestamp generation time if the timestamp signature is valid.

Return values

TRUE	The specified Authenticode includes a valid RFC3161 Timestamp CounterSignature.
FALSE	No valid RFC3161 Timestamp CounterSignature in the specified Authenticode data.

Definition at line 555 of file CryptTs.c.

◆ TimestampTokenVerify()

STATIC BOOLEAN TimestampTokenVerify	(	IN CONST UINT8 *	TSToken,
		IN UINTN	TokenSize,
		IN CONST UINT8 *	TsaCert,
		IN UINTN	CertSize,
		IN CONST UINT8 *	TimestampedData,
		IN UINTN	DataSize,
		OUT EFI_TIME *	SigningTime
	)

Verifies the validity of a TimeStamp Token as described in RFC 3161 ("Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)").

If TSToken is NULL, then return FALSE. If TimestampedData is NULL, then return FALSE.

Parameters

[in]	TSToken	Pointer to the RFC3161 TimeStamp Token, which is generated by a TSA and located in the software publisher's SignerInfo structure.
[in]	TokenSize	Size of the TimeStamp Token in bytes.
[in]	TsaCert	Pointer to a trusted/root TSA certificate encoded in DER.
[in]	CertSize	Size of the trusted TSA certificate in bytes.
[in]	TimestampedData	Pointer to the data to be time-stamped.
[in]	DataSize	Size of timestamped data in bytes.
[out]	SigningTime	Return the time of timestamp generation time if the timestamp signature is valid.

Return values

TRUE	The specified timestamp token is valid.
FALSE	Invalid timestamp token.

Definition at line 375 of file CryptTs.c.

Variable Documentation

◆ mSpcRFC3161OidValue

GLOBAL_REMOVE_IF_UNREFERENCED const UINT8 mSpcRFC3161OidValue[]

Initial value:

= {
  0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x03, 0x03, 0x01
}

Definition at line 24 of file CryptTs.c.

Data Structures

Functions

Variables

Detailed Description

Function Documentation

◆ CheckTSTInfo()

◆ ConvertAsn1TimeToEfiTime()

◆ DECLARE_ASN1_FUNCTIONS() [1/3]

◆ DECLARE_ASN1_FUNCTIONS() [2/3]

◆ DECLARE_ASN1_FUNCTIONS() [3/3]

◆ ImageTimestampVerify()

◆ TimestampTokenVerify()

Variable Documentation

◆ mSpcRFC3161OidValue