Enhances PE image hash algorithm in DxeImageVerificationLib and DxeTpmMeasureBootLib.

Signed-off-by: Ye Ting<ting.ye@intel.com>
Reviewed by: Dong, Eric <yong.dong@intel.com>
Reviewed by: Dong, Guo <guo.dong@intel.com>



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13228 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
tye1 2012-04-28 07:48:15 +00:00
parent 20142bd6da
commit 551d808116
2 changed files with 267 additions and 183 deletions

View File

@ -253,6 +253,8 @@ HashPeImage (
UINTN Pos; UINTN Pos;
UINTN SumOfSectionBytes; UINTN SumOfSectionBytes;
EFI_IMAGE_SECTION_HEADER *SectionCache; EFI_IMAGE_SECTION_HEADER *SectionCache;
UINT32 CertSize;
UINT32 NumberOfRvaAndSizes;
HashCtx = NULL; HashCtx = NULL;
SectionHeader = NULL; SectionHeader = NULL;
@ -292,6 +294,7 @@ HashPeImage (
if (!Status) { if (!Status) {
goto Done; goto Done;
} }
// //
// Measuring PE/COFF Image Header; // Measuring PE/COFF Image Header;
// But CheckSum field and SECURITY data directory (certificate) are excluded // But CheckSum field and SECURITY data directory (certificate) are excluded
@ -307,11 +310,13 @@ HashPeImage (
// Use PE32 offset. // Use PE32 offset.
// //
HashSize = (UINTN) ((UINT8 *) (&mNtHeader.Pe32->OptionalHeader.CheckSum) - HashBase); HashSize = (UINTN) ((UINT8 *) (&mNtHeader.Pe32->OptionalHeader.CheckSum) - HashBase);
NumberOfRvaAndSizes = mNtHeader.Pe32->OptionalHeader.NumberOfRvaAndSizes;
} else if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) { } else if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) {
// //
// Use PE32+ offset. // Use PE32+ offset.
// //
HashSize = (UINTN) ((UINT8 *) (&mNtHeader.Pe32Plus->OptionalHeader.CheckSum) - HashBase); HashSize = (UINTN) ((UINT8 *) (&mNtHeader.Pe32Plus->OptionalHeader.CheckSum) - HashBase);
NumberOfRvaAndSizes = mNtHeader.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes;
} else { } else {
// //
// Invalid header magic number. // Invalid header magic number.
@ -324,9 +329,37 @@ HashPeImage (
if (!Status) { if (!Status) {
goto Done; goto Done;
} }
// //
// 5. Skip over the image checksum (it occupies a single ULONG). // 5. Skip over the image checksum (it occupies a single ULONG).
// 6. Get the address of the beginning of the Cert Directory. //
if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
//
// 6. Since there is no Cert Directory in optional header, hash everything
// from the end of the checksum to the end of image header.
//
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
//
// Use PE32 offset.
//
HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - mImageBase);
} else {
//
// Use PE32+ offset.
//
HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - mImageBase);
}
if (HashSize != 0) {
Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
if (!Status) {
goto Done;
}
}
} else {
//
// 7. Hash everything from the end of the checksum to the start of the Cert Directory. // 7. Hash everything from the end of the checksum to the start of the Cert Directory.
// //
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
@ -343,10 +376,13 @@ HashPeImage (
HashSize = (UINTN) ((UINT8 *) (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase); HashSize = (UINTN) ((UINT8 *) (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase);
} }
if (HashSize != 0) {
Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
if (!Status) { if (!Status) {
goto Done; goto Done;
} }
}
// //
// 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.) // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.)
// 9. Hash everything from the end of the Cert Directory to the end of image header. // 9. Hash everything from the end of the Cert Directory to the end of image header.
@ -356,19 +392,23 @@ HashPeImage (
// Use PE32 offset // Use PE32 offset
// //
HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) ((UINT8 *) (&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - mImageBase); HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - mImageBase);
} else { } else {
// //
// Use PE32+ offset. // Use PE32+ offset.
// //
HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) ((UINT8 *) (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - mImageBase); HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - mImageBase);
} }
if (HashSize != 0) {
Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
if (!Status) { if (!Status) {
goto Done; goto Done;
} }
}
}
// //
// 10. Set the SUM_OF_BYTES_HASHED to the size of the header. // 10. Set the SUM_OF_BYTES_HASHED to the size of the header.
// //
@ -398,15 +438,6 @@ HashPeImage (
SumOfSectionBytes += SectionCache->SizeOfRawData; SumOfSectionBytes += SectionCache->SizeOfRawData;
} }
//
// Sanity check for file corruption. Sections raw data size should be smaller
// than Image Size.
//
if (SumOfSectionBytes >= mImageSize) {
Status = FALSE;
goto Done;
}
// //
// 11. Build a temporary table of pointers to all the IMAGE_SECTION_HEADER // 11. Build a temporary table of pointers to all the IMAGE_SECTION_HEADER
// structures in the image. The 'NumberOfSections' field of the image // structures in the image. The 'NumberOfSections' field of the image
@ -465,37 +496,36 @@ HashPeImage (
// //
if (mImageSize > SumOfBytesHashed) { if (mImageSize > SumOfBytesHashed) {
HashBase = mImageBase + SumOfBytesHashed; HashBase = mImageBase + SumOfBytesHashed;
if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
CertSize = 0;
} else {
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
if (mImageSize - SumOfBytesHashed < mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size) {
Status = FALSE;
goto Done;
}
// //
// Use PE32 offset. // Use PE32 offset.
// //
HashSize = (UINTN)( CertSize = mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size;
mImageSize -
mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size -
SumOfBytesHashed);
} else { } else {
if (mImageSize - SumOfBytesHashed < mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size) {
Status = FALSE;
goto Done;
}
// //
// Use PE32+ offset. // Use PE32+ offset.
// //
HashSize = (UINTN)( CertSize = mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size;
mImageSize -
mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size -
SumOfBytesHashed);
} }
}
if (mImageSize > CertSize + SumOfBytesHashed) {
HashSize = (UINTN) (mImageSize - CertSize - SumOfBytesHashed);
Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
if (!Status) { if (!Status) {
goto Done; goto Done;
} }
} else if (mImageSize < CertSize + SumOfBytesHashed) {
Status = FALSE;
goto Done;
} }
}
Status = mHash[HashAlg].HashFinal(HashCtx, mImageDigest); Status = mHash[HashAlg].HashFinal(HashCtx, mImageDigest);
Done: Done:
@ -1183,6 +1213,7 @@ DxeImageVerificationHandler (
UINT32 Policy; UINT32 Policy;
UINT8 *SecureBootEnable; UINT8 *SecureBootEnable;
PE_COFF_LOADER_IMAGE_CONTEXT ImageContext; PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;
UINT32 NumberOfRvaAndSizes;
if (File == NULL) { if (File == NULL) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
@ -1243,6 +1274,8 @@ DxeImageVerificationHandler (
return EFI_SUCCESS; return EFI_SUCCESS;
} }
FreePool (SecureBootEnable);
SetupMode = GetEfiGlobalVariable (EFI_SETUP_MODE_NAME); SetupMode = GetEfiGlobalVariable (EFI_SETUP_MODE_NAME);
// //
@ -1260,13 +1293,16 @@ DxeImageVerificationHandler (
FreePool (SetupMode); FreePool (SetupMode);
return EFI_SUCCESS; return EFI_SUCCESS;
} }
FreePool (SetupMode);
// //
// Read the Dos header. // Read the Dos header.
// //
if (FileBuffer == NULL) { if (FileBuffer == NULL) {
FreePool (SetupMode);
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
mImageBase = (UINT8 *) FileBuffer; mImageBase = (UINT8 *) FileBuffer;
mImageSize = FileSize; mImageSize = FileSize;
@ -1303,7 +1339,8 @@ DxeImageVerificationHandler (
// //
// It is not a valid Pe/Coff file. // It is not a valid Pe/Coff file.
// //
return EFI_ACCESS_DENIED; Status = EFI_ACCESS_DENIED;
goto Done;
} }
Magic = mNtHeader.Pe32->OptionalHeader.Magic; Magic = mNtHeader.Pe32->OptionalHeader.Magic;
@ -1311,29 +1348,21 @@ DxeImageVerificationHandler (
// //
// Use PE32 offset. // Use PE32 offset.
// //
NumberOfRvaAndSizes = mNtHeader.Pe32->OptionalHeader.NumberOfRvaAndSizes;
if (NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
mSecDataDir = (EFI_IMAGE_DATA_DIRECTORY *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; mSecDataDir = (EFI_IMAGE_DATA_DIRECTORY *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
} else if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) { }
} else {
// //
// Use PE32+ offset. // Use PE32+ offset.
// //
NumberOfRvaAndSizes = mNtHeader.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes;
if (NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
mSecDataDir = (EFI_IMAGE_DATA_DIRECTORY *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; mSecDataDir = (EFI_IMAGE_DATA_DIRECTORY *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
} else { }
//
// Invalid header magic number.
//
Status = EFI_INVALID_PARAMETER;
goto Done;
} }
if (mSecDataDir->VirtualAddress >= mImageSize) { if ((mSecDataDir == NULL) || ((mSecDataDir != NULL) && (mSecDataDir->Size == 0))) {
//
// Sanity check to see if this file is corrupted.
//
Status = EFI_INVALID_PARAMETER;
goto Done;
}
if (mSecDataDir->Size == 0) {
// //
// This image is not signed. // This image is not signed.
// //
@ -1474,8 +1503,6 @@ Done:
FreePool (SignatureList); FreePool (SignatureList);
} }
FreePool (SetupMode);
return Status; return Status;
} }

View File

@ -256,7 +256,9 @@ TcgMeasureGptTable (
@retval EFI_SUCCESS Successfully measure image. @retval EFI_SUCCESS Successfully measure image.
@retval EFI_OUT_OF_RESOURCES No enough resource to measure image. @retval EFI_OUT_OF_RESOURCES No enough resource to measure image.
@retval EFI_UNSUPPORTED ImageType is unsupported or PE image is mal-format.
@retval other error value @retval other error value
**/ **/
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
@ -282,14 +284,18 @@ TcgMeasurePeImage (
UINTN HashSize; UINTN HashSize;
UINTN SumOfBytesHashed; UINTN SumOfBytesHashed;
EFI_IMAGE_SECTION_HEADER *SectionHeader; EFI_IMAGE_SECTION_HEADER *SectionHeader;
UINTN Index, Pos; UINTN Index;
UINTN Pos;
UINT16 Magic; UINT16 Magic;
UINT32 EventSize; UINT32 EventSize;
UINT32 EventNumber; UINT32 EventNumber;
EFI_PHYSICAL_ADDRESS EventLogLastEntry; EFI_PHYSICAL_ADDRESS EventLogLastEntry;
EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr; EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr;
UINT32 NumberOfRvaAndSizes;
BOOLEAN HashStatus;
UINT32 CertSize;
Status = EFI_SUCCESS; Status = EFI_UNSUPPORTED;
ImageLoad = NULL; ImageLoad = NULL;
SectionHeader = NULL; SectionHeader = NULL;
Sha1Ctx = NULL; Sha1Ctx = NULL;
@ -326,7 +332,6 @@ TcgMeasurePeImage (
"TcgMeasurePeImage: Unknown subsystem type %d", "TcgMeasurePeImage: Unknown subsystem type %d",
ImageType ImageType
)); ));
Status = EFI_UNSUPPORTED;
goto Finish; goto Finish;
} }
@ -344,8 +349,9 @@ TcgMeasurePeImage (
if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) { if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {
PeCoffHeaderOffset = DosHdr->e_lfanew; PeCoffHeaderOffset = DosHdr->e_lfanew;
} }
if (((EFI_TE_IMAGE_HEADER *)((UINT8 *) (UINTN) ImageAddress + PeCoffHeaderOffset))->Signature
== EFI_TE_IMAGE_HEADER_SIGNATURE) { Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *) (UINTN) ImageAddress + PeCoffHeaderOffset);
if (Hdr.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) {
goto Finish; goto Finish;
} }
@ -367,13 +373,15 @@ TcgMeasurePeImage (
goto Finish; goto Finish;
} }
Sha1Init (Sha1Ctx); HashStatus = Sha1Init (Sha1Ctx);
if (!HashStatus) {
goto Finish;
}
// //
// Measuring PE/COFF Image Header; // Measuring PE/COFF Image Header;
// But CheckSum field and SECURITY data directory (certificate) are excluded // But CheckSum field and SECURITY data directory (certificate) are excluded
// //
Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *) (UINTN) ImageAddress + PeCoffHeaderOffset);
Magic = Hdr.Pe32->OptionalHeader.Magic; Magic = Hdr.Pe32->OptionalHeader.Magic;
// //
@ -385,19 +393,51 @@ TcgMeasurePeImage (
// //
// Use PE32 offset // Use PE32 offset
// //
NumberOfRvaAndSizes = Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes;
HashSize = (UINTN) ((UINT8 *)(&Hdr.Pe32->OptionalHeader.CheckSum) - HashBase); HashSize = (UINTN) ((UINT8 *)(&Hdr.Pe32->OptionalHeader.CheckSum) - HashBase);
} else { } else {
// //
// Use PE32+ offset // Use PE32+ offset
// //
NumberOfRvaAndSizes = Hdr.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes;
HashSize = (UINTN) ((UINT8 *)(&Hdr.Pe32Plus->OptionalHeader.CheckSum) - HashBase); HashSize = (UINTN) ((UINT8 *)(&Hdr.Pe32Plus->OptionalHeader.CheckSum) - HashBase);
} }
Sha1Update (Sha1Ctx, HashBase, HashSize); HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);
if (!HashStatus) {
goto Finish;
}
// //
// 5. Skip over the image checksum (it occupies a single ULONG). // 5. Skip over the image checksum (it occupies a single ULONG).
// 6. Get the address of the beginning of the Cert Directory. //
if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
//
// 6. Since there is no Cert Directory in optional header, hash everything
// from the end of the checksum to the end of image header.
//
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
//
// Use PE32 offset.
//
HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);
} else {
//
// Use PE32+ offset.
//
HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);
}
if (HashSize != 0) {
HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);
if (!HashStatus) {
goto Finish;
}
}
} else {
//
// 7. Hash everything from the end of the checksum to the start of the Cert Directory. // 7. Hash everything from the end of the checksum to the start of the Cert Directory.
// //
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
@ -414,7 +454,12 @@ TcgMeasurePeImage (
HashSize = (UINTN) ((UINT8 *)(&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase); HashSize = (UINTN) ((UINT8 *)(&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase);
} }
Sha1Update (Sha1Ctx, HashBase, HashSize); if (HashSize != 0) {
HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);
if (!HashStatus) {
goto Finish;
}
}
// //
// 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.) // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.)
@ -425,18 +470,22 @@ TcgMeasurePeImage (
// Use PE32 offset // Use PE32 offset
// //
HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);
(UINTN) ((UINT8 *)(&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - (UINT8 *) (UINTN) ImageAddress);
} else { } else {
// //
// Use PE32+ offset // Use PE32+ offset
// //
HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);
(UINTN) ((UINT8 *)(&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - (UINT8 *) (UINTN) ImageAddress);
} }
Sha1Update (Sha1Ctx, HashBase, HashSize); if (HashSize != 0) {
HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);
if (!HashStatus) {
goto Finish;
}
}
}
// //
// 10. Set the SUM_OF_BYTES_HASHED to the size of the header // 10. Set the SUM_OF_BYTES_HASHED to the size of the header
@ -503,7 +552,10 @@ TcgMeasurePeImage (
HashBase = (UINT8 *) (UINTN) ImageAddress + Section->PointerToRawData; HashBase = (UINT8 *) (UINTN) ImageAddress + Section->PointerToRawData;
HashSize = (UINTN) Section->SizeOfRawData; HashSize = (UINTN) Section->SizeOfRawData;
Sha1Update (Sha1Ctx, HashBase, HashSize); HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);
if (!HashStatus) {
goto Finish;
}
SumOfBytesHashed += HashSize; SumOfBytesHashed += HashSize;
} }
@ -516,37 +568,42 @@ TcgMeasurePeImage (
// //
if (ImageSize > SumOfBytesHashed) { if (ImageSize > SumOfBytesHashed) {
HashBase = (UINT8 *) (UINTN) ImageAddress + SumOfBytesHashed; HashBase = (UINT8 *) (UINTN) ImageAddress + SumOfBytesHashed;
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
if (ImageSize - SumOfBytesHashed < Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size) { if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
Status = EFI_INVALID_PARAMETER; CertSize = 0;
goto Finish;
}
//
// Use PE32 offset
//
HashSize = (UINTN)(ImageSize -
Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size -
SumOfBytesHashed);
} else { } else {
if (ImageSize - SumOfBytesHashed < Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size) { if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
Status = EFI_INVALID_PARAMETER; //
goto Finish; // Use PE32 offset.
//
CertSize = Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size;
} else {
//
// Use PE32+ offset.
//
CertSize = Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size;
} }
//
// Use PE32+ offset
//
HashSize = (UINTN)(ImageSize -
Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size -
SumOfBytesHashed);
} }
Sha1Update (Sha1Ctx, HashBase, HashSize); if (ImageSize > CertSize + SumOfBytesHashed) {
HashSize = (UINTN) (ImageSize - CertSize - SumOfBytesHashed);
HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);
if (!HashStatus) {
goto Finish;
}
} else if (ImageSize < CertSize + SumOfBytesHashed) {
goto Finish;
}
} }
// //
// 17. Finalize the SHA hash. // 17. Finalize the SHA hash.
// //
Sha1Final (Sha1Ctx, (UINT8 *)&TcgEvent->Digest); HashStatus = Sha1Final (Sha1Ctx, (UINT8 *) &TcgEvent->Digest);
if (!HashStatus) {
goto Finish;
}
// //
// Log the PE data // Log the PE data