From a817d084257fef5ba9cc091cb54323b7b1b6f637 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Tue, 19 Jun 2012 13:01:54 -0400 Subject: [PATCH] Remove old files --- Cryptlib/Pk/CryptAuthenticode.c.bak | 151 -------------------------- Cryptlib/Pk/CryptAuthenticode.c.bak~ | 153 --------------------------- Cryptlib/Pk/CryptAuthenticode.c~ | 151 -------------------------- 3 files changed, 455 deletions(-) delete mode 100644 Cryptlib/Pk/CryptAuthenticode.c.bak delete mode 100644 Cryptlib/Pk/CryptAuthenticode.c.bak~ delete mode 100644 Cryptlib/Pk/CryptAuthenticode.c~ diff --git a/Cryptlib/Pk/CryptAuthenticode.c.bak b/Cryptlib/Pk/CryptAuthenticode.c.bak deleted file mode 100644 index a1f8c58..0000000 --- a/Cryptlib/Pk/CryptAuthenticode.c.bak +++ /dev/null @@ -1,151 +0,0 @@ -/** @file - Authenticode Portable Executable Signature Verification over OpenSSL. - -Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include "InternalCryptLib.h" - -#include -#include -#include - - -/** - Verifies the validility of a PE/COFF Authenticode Signature as described in "Windows - Authenticode Portable Executable Signature Format". - - If AuthData is NULL, then return FALSE. - If ImageHash is NULL, then return FALSE. - - @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed - PE/COFF image to be verified. - @param[in] DataSize Size of the Authenticode Signature in bytes. - @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which - is used for certificate chain verification. - @param[in] CertSize Size of the trusted certificate in bytes. - @param[in] ImageHash Pointer to the original image file hash value. The procudure - for calculating the image hash value is described in Authenticode - specification. - @param[in] HashSize Size of Image hash value in bytes. - - @retval TRUE The specified Authenticode Signature is valid. - @retval FALSE Invalid Authenticode Signature. - -**/ -BOOLEAN -EFIAPI -AuthenticodeVerify ( - IN CONST UINT8 *AuthData, - IN UINTN DataSize, - IN CONST UINT8 *TrustedCert, - IN UINTN CertSize, - IN CONST UINT8 *ImageHash, - IN UINTN HashSize - ) -{ - BOOLEAN Status; - PKCS7 *Pkcs7; - CONST UINT8 *OrigAuthData; - UINT8 *SpcIndirectDataContent; - UINT8 Asn1Byte; - UINTN ContentSize; - - // - // Check input parameters. - // - if ((AuthData == NULL) || (TrustedCert == NULL) || (ImageHash == NULL)) { - return FALSE; - } - - if ((DataSize > INT_MAX) || (CertSize > INT_MAX) || (HashSize > INT_MAX)) { - return FALSE; - } - - Status = FALSE; - Pkcs7 = NULL; - OrigAuthData = AuthData; - - // - // Retrieve & Parse PKCS#7 Data (DER encoding) from Authenticode Signature - // - Pkcs7 = d2i_PKCS7 (NULL, &AuthData, (int)DataSize); - if (Pkcs7 == NULL) { - goto _Exit; - } - - // - // Check if it's PKCS#7 Signed Data (for Authenticode Scenario) - // - if (!PKCS7_type_is_signed (Pkcs7)) { - goto _Exit; - } - - // - // NOTE: OpenSSL PKCS7 Decoder didn't work for Authenticode-format signed data due to - // some authenticode-specific structure. Use opaque ASN.1 string to retrieve - // PKCS#7 ContentInfo here. - // - SpcIndirectDataContent = (UINT8 *)(Pkcs7->d.sign->contents->d.other->value.asn1_string->data); - - // - // Retrieve the SEQUENCE data size from ASN.1-encoded SpcIndirectDataContent. - // - Asn1Byte = *(SpcIndirectDataContent + 1); - - if ((Asn1Byte & 0x80) == 0) { - // - // Short Form of Length Encoding - // - ContentSize = (UINTN) (Asn1Byte & 0x7F); - // - // Skip the SEQUENCE Tag; - // - SpcIndirectDataContent += 2; - } else if ((Asn1Byte & 0x82) == 0x82) { - // - // Long Form of Length Encoding, only support two bytes. - // - ContentSize = (UINTN) (*(SpcIndirectDataContent + 2)); - ContentSize = (ContentSize << 8) + (UINTN)(*(SpcIndirectDataContent + 3)); - // - // Skip the SEQUENCE Tag; - // - SpcIndirectDataContent += 4; - } else { - goto _Exit; - } - - // - // Compare the original file hash value to the digest retrieve from SpcIndirectDataContent - // defined in Authenticode - // NOTE: Need to double-check HashLength here! - // - if (CompareMem (SpcIndirectDataContent + ContentSize - HashSize, ImageHash, HashSize) != 0) { - // - // Un-matched PE/COFF Hash Value - // - goto _Exit; - } - - // - // Verifies the PKCS#7 Signed Data in PE/COFF Authenticode Signature - // - Status = (BOOLEAN) Pkcs7Verify (OrigAuthData, DataSize, TrustedCert, CertSize, SpcIndirectDataContent, ContentSize); - -_Exit: - // - // Release Resources - // - PKCS7_free (Pkcs7); - - return Status; -} diff --git a/Cryptlib/Pk/CryptAuthenticode.c.bak~ b/Cryptlib/Pk/CryptAuthenticode.c.bak~ deleted file mode 100644 index 849dfb0..0000000 --- a/Cryptlib/Pk/CryptAuthenticode.c.bak~ +++ /dev/null @@ -1,153 +0,0 @@ -/** @file - Authenticode Portable Executable Signature Verification over OpenSSL. - -Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include "InternalCryptLib.h" - -#include -#include -#include - - -/** - Verifies the validility of a PE/COFF Authenticode Signature as described in "Windows - Authenticode Portable Executable Signature Format". - - If AuthData is NULL, then return FALSE. - If ImageHash is NULL, then return FALSE. - - @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed - PE/COFF image to be verified. - @param[in] DataSize Size of the Authenticode Signature in bytes. - @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which - is used for certificate chain verification. - @param[in] CertSize Size of the trusted certificate in bytes. - @param[in] ImageHash Pointer to the original image file hash value. The procudure - for calculating the image hash value is described in Authenticode - specification. - @param[in] HashSize Size of Image hash value in bytes. - - @retval TRUE The specified Authenticode Signature is valid. - @retval FALSE Invalid Authenticode Signature. - -**/ -BOOLEAN -EFIAPI -AuthenticodeVerify ( - IN CONST UINT8 *AuthData, - IN UINTN DataSize, - IN CONST UINT8 *TrustedCert, - IN UINTN CertSize, - IN CONST UINT8 *ImageHash, - IN UINTN HashSize - ) -{ - BOOLEAN Status; - PKCS7 *Pkcs7; - CONST UINT8 *OrigAuthData; - UINT8 *SpcIndirectDataContent; - UINT8 Asn1Byte; - UINTN ContentSize; - - // - // Check input parameters. - // - if ((AuthData == NULL) || (TrustedCert == NULL) || (ImageHash == NULL)) { - return FALSE; - } - - if ((DataSize > INT_MAX) || (CertSize > INT_MAX) || (HashSize > INT_MAX)) { - return FALSE; - } - - Status = FALSE; - Pkcs7 = NULL; - OrigAuthData = AuthData; - - Print(L"1\n"); - - // - // Retrieve & Parse PKCS#7 Data (DER encoding) from Authenticode Signature - // - Pkcs7 = d2i_PKCS7 (NULL, &AuthData, (int)DataSize); - if (Pkcs7 == NULL) { - goto _Exit; - } - - // - // Check if it's PKCS#7 Signed Data (for Authenticode Scenario) - // - if (!PKCS7_type_is_signed (Pkcs7)) { - goto _Exit; - } - - // - // NOTE: OpenSSL PKCS7 Decoder didn't work for Authenticode-format signed data due to - // some authenticode-specific structure. Use opaque ASN.1 string to retrieve - // PKCS#7 ContentInfo here. - // - SpcIndirectDataContent = (UINT8 *)(Pkcs7->d.sign->contents->d.other->value.asn1_string->data); - - // - // Retrieve the SEQUENCE data size from ASN.1-encoded SpcIndirectDataContent. - // - Asn1Byte = *(SpcIndirectDataContent + 1); - - if ((Asn1Byte & 0x80) == 0) { - // - // Short Form of Length Encoding - // - ContentSize = (UINTN) (Asn1Byte & 0x7F); - // - // Skip the SEQUENCE Tag; - // - SpcIndirectDataContent += 2; - } else if ((Asn1Byte & 0x82) == 0x82) { - // - // Long Form of Length Encoding, only support two bytes. - // - ContentSize = (UINTN) (*(SpcIndirectDataContent + 2)); - ContentSize = (ContentSize << 8) + (UINTN)(*(SpcIndirectDataContent + 3)); - // - // Skip the SEQUENCE Tag; - // - SpcIndirectDataContent += 4; - } else { - goto _Exit; - } - - // - // Compare the original file hash value to the digest retrieve from SpcIndirectDataContent - // defined in Authenticode - // NOTE: Need to double-check HashLength here! - // - if (CompareMem (SpcIndirectDataContent + ContentSize - HashSize, ImageHash, HashSize) != 0) { - // - // Un-matched PE/COFF Hash Value - // - goto _Exit; - } - - // - // Verifies the PKCS#7 Signed Data in PE/COFF Authenticode Signature - // - Status = (BOOLEAN) Pkcs7Verify (OrigAuthData, DataSize, TrustedCert, CertSize, SpcIndirectDataContent, ContentSize); - -_Exit: - // - // Release Resources - // - PKCS7_free (Pkcs7); - - return Status; -} diff --git a/Cryptlib/Pk/CryptAuthenticode.c~ b/Cryptlib/Pk/CryptAuthenticode.c~ deleted file mode 100644 index a1f8c58..0000000 --- a/Cryptlib/Pk/CryptAuthenticode.c~ +++ /dev/null @@ -1,151 +0,0 @@ -/** @file - Authenticode Portable Executable Signature Verification over OpenSSL. - -Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include "InternalCryptLib.h" - -#include -#include -#include - - -/** - Verifies the validility of a PE/COFF Authenticode Signature as described in "Windows - Authenticode Portable Executable Signature Format". - - If AuthData is NULL, then return FALSE. - If ImageHash is NULL, then return FALSE. - - @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed - PE/COFF image to be verified. - @param[in] DataSize Size of the Authenticode Signature in bytes. - @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which - is used for certificate chain verification. - @param[in] CertSize Size of the trusted certificate in bytes. - @param[in] ImageHash Pointer to the original image file hash value. The procudure - for calculating the image hash value is described in Authenticode - specification. - @param[in] HashSize Size of Image hash value in bytes. - - @retval TRUE The specified Authenticode Signature is valid. - @retval FALSE Invalid Authenticode Signature. - -**/ -BOOLEAN -EFIAPI -AuthenticodeVerify ( - IN CONST UINT8 *AuthData, - IN UINTN DataSize, - IN CONST UINT8 *TrustedCert, - IN UINTN CertSize, - IN CONST UINT8 *ImageHash, - IN UINTN HashSize - ) -{ - BOOLEAN Status; - PKCS7 *Pkcs7; - CONST UINT8 *OrigAuthData; - UINT8 *SpcIndirectDataContent; - UINT8 Asn1Byte; - UINTN ContentSize; - - // - // Check input parameters. - // - if ((AuthData == NULL) || (TrustedCert == NULL) || (ImageHash == NULL)) { - return FALSE; - } - - if ((DataSize > INT_MAX) || (CertSize > INT_MAX) || (HashSize > INT_MAX)) { - return FALSE; - } - - Status = FALSE; - Pkcs7 = NULL; - OrigAuthData = AuthData; - - // - // Retrieve & Parse PKCS#7 Data (DER encoding) from Authenticode Signature - // - Pkcs7 = d2i_PKCS7 (NULL, &AuthData, (int)DataSize); - if (Pkcs7 == NULL) { - goto _Exit; - } - - // - // Check if it's PKCS#7 Signed Data (for Authenticode Scenario) - // - if (!PKCS7_type_is_signed (Pkcs7)) { - goto _Exit; - } - - // - // NOTE: OpenSSL PKCS7 Decoder didn't work for Authenticode-format signed data due to - // some authenticode-specific structure. Use opaque ASN.1 string to retrieve - // PKCS#7 ContentInfo here. - // - SpcIndirectDataContent = (UINT8 *)(Pkcs7->d.sign->contents->d.other->value.asn1_string->data); - - // - // Retrieve the SEQUENCE data size from ASN.1-encoded SpcIndirectDataContent. - // - Asn1Byte = *(SpcIndirectDataContent + 1); - - if ((Asn1Byte & 0x80) == 0) { - // - // Short Form of Length Encoding - // - ContentSize = (UINTN) (Asn1Byte & 0x7F); - // - // Skip the SEQUENCE Tag; - // - SpcIndirectDataContent += 2; - } else if ((Asn1Byte & 0x82) == 0x82) { - // - // Long Form of Length Encoding, only support two bytes. - // - ContentSize = (UINTN) (*(SpcIndirectDataContent + 2)); - ContentSize = (ContentSize << 8) + (UINTN)(*(SpcIndirectDataContent + 3)); - // - // Skip the SEQUENCE Tag; - // - SpcIndirectDataContent += 4; - } else { - goto _Exit; - } - - // - // Compare the original file hash value to the digest retrieve from SpcIndirectDataContent - // defined in Authenticode - // NOTE: Need to double-check HashLength here! - // - if (CompareMem (SpcIndirectDataContent + ContentSize - HashSize, ImageHash, HashSize) != 0) { - // - // Un-matched PE/COFF Hash Value - // - goto _Exit; - } - - // - // Verifies the PKCS#7 Signed Data in PE/COFF Authenticode Signature - // - Status = (BOOLEAN) Pkcs7Verify (OrigAuthData, DataSize, TrustedCert, CertSize, SpcIndirectDataContent, ContentSize); - -_Exit: - // - // Release Resources - // - PKCS7_free (Pkcs7); - - return Status; -}