From 98d0671e1bb0a3165bee52893b3eba2a20677a51 Mon Sep 17 00:00:00 2001 From: Qi Zhang Date: Mon, 12 Dec 2022 12:57:21 +0800 Subject: [PATCH] =?UTF-8?q?DeviceSecurityTestPkg=EF=BC=9A=20Add=20DeviceSe?= =?UTF-8?q?curity=20test=20support?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jiewen Yao Signed-off-by: Wenxing Hou --- .../DeviceSecurityTestPkg.dec | 87 + .../DeviceSecurityTestPkg.dsc | 305 +++ DeviceSecurityTestPkg/Example/spdm_comid.json | 125 + .../Example/spdm_coswid.json | 86 + .../Example/spdm_event_v1.log | 174 ++ .../Example/spdm_event_v2.bin | Bin 0 -> 8476 bytes .../Example/spdm_event_v2.log | 1204 +++++++++ DeviceSecurityTestPkg/Example/spdm_swid.xml | 51 + .../IndustryStandard/PcieDoeCapbility.h | 74 + .../Include/Ppi/DeviceSecurity.h | 143 ++ .../Include/Ppi/DeviceSecurityPolicy.h | 134 + DeviceSecurityTestPkg/Include/Ppi/Spdm.h | 196 ++ DeviceSecurityTestPkg/Include/Ppi/SpdmIo.h | 91 + .../Include/PrivateTest/Ppi/SpdmTest.h | 125 + .../Include/PrivateTest/Protocol/SpdmTest.h | 123 + DeviceSecurityTestPkg/Include/Protocol/Spdm.h | 201 ++ .../Include/Protocol/SpdmIo.h | 92 + .../Include/Test/TestConfig.h | 38 + .../SpdmDeviceSecurityDxe/SpdmCommunication.c | 457 ++++ .../SpdmDeviceSecurityDxe/SpdmDeviceIo.c | 58 + .../SpdmDeviceSecurityDxe.c | 680 +++++ .../SpdmDeviceSecurityDxe.h | 233 ++ .../SpdmDeviceSecurityDxe.inf | 71 + .../SpdmDeviceSecurityPei/SpdmCommunication.c | 372 +++ .../SpdmDeviceAuthentication.c | 102 + .../SpdmDeviceSecurityPei/SpdmDeviceIo.c | 52 + .../SpdmDeviceMeasurement.c | 419 ++++ .../SpdmDeviceSecurityPei.c | 538 ++++ .../SpdmDeviceSecurityPei.h | 233 ++ .../SpdmDeviceSecurityPei.inf | 72 + DeviceSecurityTestPkg/Test/Cryperf/Cryperf.c | 108 + DeviceSecurityTestPkg/Test/Cryperf/Cryperf.h | 62 + .../Test/Cryperf/Cryperf.inf | 50 + DeviceSecurityTestPkg/Test/Cryperf/EcPerf.c | 149 ++ DeviceSecurityTestPkg/Test/Cryperf/RsaPerf.c | 99 + .../Test/Cryptest/AeadVerify.c | 221 ++ .../Test/Cryptest/AuthenticodeVerify.c | 1049 ++++++++ .../Test/Cryptest/BlockCipherVerify.c | 104 + .../Test/Cryptest/Cryptest.c | 150 ++ .../Test/Cryptest/Cryptest.h | 219 ++ .../Test/Cryptest/Cryptest.inf | 64 + .../Test/Cryptest/Cryptest.uni | 22 + .../Test/Cryptest/CryptestExtra.uni | 20 + .../Test/Cryptest/DhVerify.c | 197 ++ .../Test/Cryptest/EcVerify.c | 192 ++ .../Test/Cryptest/EcVerify2.c | 154 ++ .../Test/Cryptest/HashVerify.c | 235 ++ .../Test/Cryptest/HmacVerify.c | 100 + .../Test/Cryptest/MacVerify.c | 172 ++ .../Test/Cryptest/Pkcs5Pbkdf2Verify.c | 95 + .../Test/Cryptest/RandVerify.c | 68 + .../Test/Cryptest/RsaVerify.c | 432 ++++ .../Test/Cryptest/RsaVerify2.c | 589 +++++ .../Test/Cryptest/TSVerify.c | 364 +++ .../Test/DeployCert/DeployCert.c | 655 +++++ .../Test/DeployCert/DeployCert.inf | 50 + .../Test/DeployCert/EccTestRootCer.c | 408 +++ .../Test/DeployCert/EccTestRootKey.c | 78 + .../Test/DeployCert/Key/EccTestCertChain2.der | Bin 0 -> 1493 bytes .../Test/DeployCert/Key/EccTestCertChain3.der | Bin 0 -> 1714 bytes .../Test/DeployCert/Key/EccTestRoot.cer | Bin 0 -> 470 bytes .../Test/DeployCert/Key/EccTestRoot.crt | 12 + .../Test/DeployCert/Key/EccTestRoot.key | 8 + .../Test/DeployCert/Key/EccTestRootCer2.der | Bin 0 -> 468 bytes .../Test/DeployCert/Key/EccTestRootCer3.der | Bin 0 -> 541 bytes .../Test/DeployCert/Key/EccTestRootKey2.key | 6 + .../Test/DeployCert/Key/EccTestRootKey3.key | 8 + .../Test/DeployCert/Key/TestCertChain2.der | Bin 0 -> 2480 bytes .../Test/DeployCert/Key/TestCertChain3.der | Bin 0 -> 3632 bytes .../Test/DeployCert/Key/TestCertChain4.der | Bin 0 -> 3760 bytes .../Test/DeployCert/Key/TestRoot.cer | Bin 0 -> 865 bytes .../Test/DeployCert/Key/TestRoot.crt | 21 + .../Test/DeployCert/Key/TestRoot.key | 27 + .../Test/DeployCert/Key/TestRootCer2.der | Bin 0 -> 797 bytes .../Test/DeployCert/Key/TestRootCer3.der | Bin 0 -> 1309 bytes .../Test/DeployCert/Key/TestRootCer4.der | Bin 0 -> 1309 bytes .../Test/DeployCert/Key/TestRootKey2.key | 28 + .../Test/DeployCert/Key/TestRootKey3.key | 40 + .../Test/DeployCert/Key/TestRootKey4.key | 52 + .../Test/DeployCert/TestRootCer.c | 1173 +++++++++ .../Test/DeployCert/TestRootKey.c | 603 +++++ .../Test/DeployCert/Tool/BinToHex.c | 85 + .../Test/DeployCert/Tool/DumpToHex.c | 141 ++ .../Test/DeployCert/readme.txt | 21 + .../DeviceSecurityPolicyStub.c | 248 ++ .../DeviceSecurityPolicyStub.inf | 44 + .../HashLibBaseCryptoRouterCommon.c | 74 + .../HashLibBaseCryptoRouterCommon.h | 38 + .../HashLibBaseCryptoRouterTestStub.c | 203 ++ .../HashLibBaseCryptoRouterTestStub.inf | 41 + .../Test/PciIoPciDoeStub/PciIoPciDoeStub.c | 1150 +++++++++ .../Test/PciIoPciDoeStub/PciIoPciDoeStub.inf | 55 + .../Test/PciIoPciDoeStub/SpdmDeviceIo.c | 32 + .../Test/PciIoPciDoeStub/SpdmStub.h | 102 + .../Test/PciIoPciDoeStub/SpdmStubTest.c | 173 ++ .../Test/PciIoStub/PciIoStub.c | 706 ++++++ .../Test/PciIoStub/PciIoStub.inf | 39 + .../SpdmDeviceSecretLibTestStub.c | 975 ++++++++ .../SpdmDeviceSecretLibTestStub.inf | 44 + .../cryptlib_ext.h | 668 +++++ .../spdm_crypt_ext.c | 262 ++ .../spdm_crypt_ext_lib.h | 95 + .../Test/SpdmPciDoeStub/SpdmPciDoeStub.c | 489 ++++ .../Test/SpdmPciDoeStub/SpdmPciDoeStub.h | 42 + .../Test/SpdmPciDoeStub/SpdmPciDoeStub.inf | 43 + .../Test/SpdmStub/SpdmDeviceIo.c | 32 + .../Test/SpdmStub/SpdmStub.c | 423 ++++ .../Test/SpdmStub/SpdmStub.h | 102 + .../Test/SpdmStub/SpdmStub.inf | 56 + .../Test/SpdmStub/SpdmStubTest.c | 173 ++ .../Test/Tcg2DumpLog/Tcg2DumpLog.c | 2203 +++++++++++++++++ .../Test/Tcg2DumpLog/Tcg2DumpLog.inf | 59 + .../Test/Tcg2Stub/Tcg2Stub.c | 1330 ++++++++++ .../Test/Tcg2Stub/Tcg2Stub.inf | 47 + .../Test/TestSpdm/TestSpdm.c | 344 +++ .../Test/TestSpdm/TestSpdm.inf | 46 + .../Tpm2DeviceLibTestStub.c | 54 + .../Tpm2DeviceLibTestStub.inf | 41 + .../DeviceSecurityPolicyStubPei.c | 208 ++ .../DeviceSecurityPolicyStubPei.inf | 38 + .../TestPei/PciIoStubPei/PciIoStubPei.c | 347 +++ .../TestPei/PciIoStubPei/PciIoStubPei.inf | 37 + .../SpdmDeviceSecretLibTestStubPei.c | 310 +++ .../SpdmDeviceSecretLibTestStubPei.inf | 38 + .../TestPei/SpdmStubPei/SpdmDeviceIo.c | 34 + .../TestPei/SpdmStubPei/SpdmStubPei.c | 217 ++ .../TestPei/SpdmStubPei/SpdmStubPei.h | 72 + .../TestPei/SpdmStubPei/SpdmStubPei.inf | 52 + .../TestPei/SpdmStubPei/SpdmStubTestPei.c | 164 ++ .../TestPei/TestSpdmPei/TestSpdmPei.c | 329 +++ .../TestPei/TestSpdmPei/TestSpdmPei.inf | 48 + DeviceSecurityTestPkg/readme.md | 113 + 132 files changed, 27307 insertions(+) create mode 100644 DeviceSecurityTestPkg/DeviceSecurityTestPkg.dec create mode 100644 DeviceSecurityTestPkg/DeviceSecurityTestPkg.dsc create mode 100644 DeviceSecurityTestPkg/Example/spdm_comid.json create mode 100644 DeviceSecurityTestPkg/Example/spdm_coswid.json create mode 100644 DeviceSecurityTestPkg/Example/spdm_event_v1.log create mode 100644 DeviceSecurityTestPkg/Example/spdm_event_v2.bin create mode 100644 DeviceSecurityTestPkg/Example/spdm_event_v2.log create mode 100644 DeviceSecurityTestPkg/Example/spdm_swid.xml create mode 100644 DeviceSecurityTestPkg/Include/IndustryStandard/PcieDoeCapbility.h create mode 100644 DeviceSecurityTestPkg/Include/Ppi/DeviceSecurity.h create mode 100644 DeviceSecurityTestPkg/Include/Ppi/DeviceSecurityPolicy.h create mode 100644 DeviceSecurityTestPkg/Include/Ppi/Spdm.h create mode 100644 DeviceSecurityTestPkg/Include/Ppi/SpdmIo.h create mode 100644 DeviceSecurityTestPkg/Include/PrivateTest/Ppi/SpdmTest.h create mode 100644 DeviceSecurityTestPkg/Include/PrivateTest/Protocol/SpdmTest.h create mode 100644 DeviceSecurityTestPkg/Include/Protocol/Spdm.h create mode 100644 DeviceSecurityTestPkg/Include/Protocol/SpdmIo.h create mode 100644 DeviceSecurityTestPkg/Include/Test/TestConfig.h create mode 100644 DeviceSecurityTestPkg/SpdmDeviceSecurityDxe/SpdmCommunication.c create mode 100644 DeviceSecurityTestPkg/SpdmDeviceSecurityDxe/SpdmDeviceIo.c create mode 100644 DeviceSecurityTestPkg/SpdmDeviceSecurityDxe/SpdmDeviceSecurityDxe.c create mode 100644 DeviceSecurityTestPkg/SpdmDeviceSecurityDxe/SpdmDeviceSecurityDxe.h create mode 100644 DeviceSecurityTestPkg/SpdmDeviceSecurityDxe/SpdmDeviceSecurityDxe.inf create mode 100644 DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmCommunication.c create mode 100644 DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmDeviceAuthentication.c create mode 100644 DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmDeviceIo.c create mode 100644 DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmDeviceMeasurement.c create mode 100644 DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmDeviceSecurityPei.c create mode 100644 DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmDeviceSecurityPei.h create mode 100644 DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmDeviceSecurityPei.inf create mode 100644 DeviceSecurityTestPkg/Test/Cryperf/Cryperf.c create mode 100644 DeviceSecurityTestPkg/Test/Cryperf/Cryperf.h create mode 100644 DeviceSecurityTestPkg/Test/Cryperf/Cryperf.inf create mode 100644 DeviceSecurityTestPkg/Test/Cryperf/EcPerf.c create mode 100644 DeviceSecurityTestPkg/Test/Cryperf/RsaPerf.c create mode 100644 DeviceSecurityTestPkg/Test/Cryptest/AeadVerify.c create mode 100644 DeviceSecurityTestPkg/Test/Cryptest/AuthenticodeVerify.c create mode 100644 DeviceSecurityTestPkg/Test/Cryptest/BlockCipherVerify.c create mode 100644 DeviceSecurityTestPkg/Test/Cryptest/Cryptest.c create mode 100644 DeviceSecurityTestPkg/Test/Cryptest/Cryptest.h create mode 100644 DeviceSecurityTestPkg/Test/Cryptest/Cryptest.inf create mode 100644 DeviceSecurityTestPkg/Test/Cryptest/Cryptest.uni create mode 100644 DeviceSecurityTestPkg/Test/Cryptest/CryptestExtra.uni create mode 100644 DeviceSecurityTestPkg/Test/Cryptest/DhVerify.c create mode 100644 DeviceSecurityTestPkg/Test/Cryptest/EcVerify.c create mode 100644 DeviceSecurityTestPkg/Test/Cryptest/EcVerify2.c create mode 100644 DeviceSecurityTestPkg/Test/Cryptest/HashVerify.c create mode 100644 DeviceSecurityTestPkg/Test/Cryptest/HmacVerify.c create mode 100644 DeviceSecurityTestPkg/Test/Cryptest/MacVerify.c create mode 100644 DeviceSecurityTestPkg/Test/Cryptest/Pkcs5Pbkdf2Verify.c create mode 100644 DeviceSecurityTestPkg/Test/Cryptest/RandVerify.c create mode 100644 DeviceSecurityTestPkg/Test/Cryptest/RsaVerify.c create mode 100644 DeviceSecurityTestPkg/Test/Cryptest/RsaVerify2.c create mode 100644 DeviceSecurityTestPkg/Test/Cryptest/TSVerify.c create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/DeployCert.c create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/DeployCert.inf create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/EccTestRootCer.c create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/EccTestRootKey.c create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestCertChain2.der create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestCertChain3.der create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestRoot.cer create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestRoot.crt create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestRoot.key create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestRootCer2.der create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestRootCer3.der create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestRootKey2.key create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestRootKey3.key create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/Key/TestCertChain2.der create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/Key/TestCertChain3.der create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/Key/TestCertChain4.der create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/Key/TestRoot.cer create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/Key/TestRoot.crt create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/Key/TestRoot.key create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/Key/TestRootCer2.der create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/Key/TestRootCer3.der create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/Key/TestRootCer4.der create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/Key/TestRootKey2.key create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/Key/TestRootKey3.key create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/Key/TestRootKey4.key create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/TestRootCer.c create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/TestRootKey.c create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/Tool/BinToHex.c create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/Tool/DumpToHex.c create mode 100644 DeviceSecurityTestPkg/Test/DeployCert/readme.txt create mode 100644 DeviceSecurityTestPkg/Test/DeviceSecurityPolicyStub/DeviceSecurityPolicyStub.c create mode 100644 DeviceSecurityTestPkg/Test/DeviceSecurityPolicyStub/DeviceSecurityPolicyStub.inf create mode 100644 DeviceSecurityTestPkg/Test/HashLibBaseCryptoRouterTestStub/HashLibBaseCryptoRouterCommon.c create mode 100644 DeviceSecurityTestPkg/Test/HashLibBaseCryptoRouterTestStub/HashLibBaseCryptoRouterCommon.h create mode 100644 DeviceSecurityTestPkg/Test/HashLibBaseCryptoRouterTestStub/HashLibBaseCryptoRouterTestStub.c create mode 100644 DeviceSecurityTestPkg/Test/HashLibBaseCryptoRouterTestStub/HashLibBaseCryptoRouterTestStub.inf create mode 100644 DeviceSecurityTestPkg/Test/PciIoPciDoeStub/PciIoPciDoeStub.c create mode 100644 DeviceSecurityTestPkg/Test/PciIoPciDoeStub/PciIoPciDoeStub.inf create mode 100644 DeviceSecurityTestPkg/Test/PciIoPciDoeStub/SpdmDeviceIo.c create mode 100644 DeviceSecurityTestPkg/Test/PciIoPciDoeStub/SpdmStub.h create mode 100644 DeviceSecurityTestPkg/Test/PciIoPciDoeStub/SpdmStubTest.c create mode 100644 DeviceSecurityTestPkg/Test/PciIoStub/PciIoStub.c create mode 100644 DeviceSecurityTestPkg/Test/PciIoStub/PciIoStub.inf create mode 100644 DeviceSecurityTestPkg/Test/SpdmDeviceSecretLibTestStub/SpdmDeviceSecretLibTestStub.c create mode 100644 DeviceSecurityTestPkg/Test/SpdmDeviceSecretLibTestStub/SpdmDeviceSecretLibTestStub.inf create mode 100644 DeviceSecurityTestPkg/Test/SpdmDeviceSecretLibTestStub/cryptlib_ext.h create mode 100644 DeviceSecurityTestPkg/Test/SpdmDeviceSecretLibTestStub/spdm_crypt_ext.c create mode 100644 DeviceSecurityTestPkg/Test/SpdmDeviceSecretLibTestStub/spdm_crypt_ext_lib.h create mode 100644 DeviceSecurityTestPkg/Test/SpdmPciDoeStub/SpdmPciDoeStub.c create mode 100644 DeviceSecurityTestPkg/Test/SpdmPciDoeStub/SpdmPciDoeStub.h create mode 100644 DeviceSecurityTestPkg/Test/SpdmPciDoeStub/SpdmPciDoeStub.inf create mode 100644 DeviceSecurityTestPkg/Test/SpdmStub/SpdmDeviceIo.c create mode 100644 DeviceSecurityTestPkg/Test/SpdmStub/SpdmStub.c create mode 100644 DeviceSecurityTestPkg/Test/SpdmStub/SpdmStub.h create mode 100644 DeviceSecurityTestPkg/Test/SpdmStub/SpdmStub.inf create mode 100644 DeviceSecurityTestPkg/Test/SpdmStub/SpdmStubTest.c create mode 100644 DeviceSecurityTestPkg/Test/Tcg2DumpLog/Tcg2DumpLog.c create mode 100644 DeviceSecurityTestPkg/Test/Tcg2DumpLog/Tcg2DumpLog.inf create mode 100644 DeviceSecurityTestPkg/Test/Tcg2Stub/Tcg2Stub.c create mode 100644 DeviceSecurityTestPkg/Test/Tcg2Stub/Tcg2Stub.inf create mode 100644 DeviceSecurityTestPkg/Test/TestSpdm/TestSpdm.c create mode 100644 DeviceSecurityTestPkg/Test/TestSpdm/TestSpdm.inf create mode 100644 DeviceSecurityTestPkg/Test/Tpm2DeviceLibTestStub/Tpm2DeviceLibTestStub.c create mode 100644 DeviceSecurityTestPkg/Test/Tpm2DeviceLibTestStub/Tpm2DeviceLibTestStub.inf create mode 100644 DeviceSecurityTestPkg/TestPei/DeviceSecurityPolicyStubPei/DeviceSecurityPolicyStubPei.c create mode 100644 DeviceSecurityTestPkg/TestPei/DeviceSecurityPolicyStubPei/DeviceSecurityPolicyStubPei.inf create mode 100644 DeviceSecurityTestPkg/TestPei/PciIoStubPei/PciIoStubPei.c create mode 100644 DeviceSecurityTestPkg/TestPei/PciIoStubPei/PciIoStubPei.inf create mode 100644 DeviceSecurityTestPkg/TestPei/SpdmDeviceSecretLibTestStubPei/SpdmDeviceSecretLibTestStubPei.c create mode 100644 DeviceSecurityTestPkg/TestPei/SpdmDeviceSecretLibTestStubPei/SpdmDeviceSecretLibTestStubPei.inf create mode 100644 DeviceSecurityTestPkg/TestPei/SpdmStubPei/SpdmDeviceIo.c create mode 100644 DeviceSecurityTestPkg/TestPei/SpdmStubPei/SpdmStubPei.c create mode 100644 DeviceSecurityTestPkg/TestPei/SpdmStubPei/SpdmStubPei.h create mode 100644 DeviceSecurityTestPkg/TestPei/SpdmStubPei/SpdmStubPei.inf create mode 100644 DeviceSecurityTestPkg/TestPei/SpdmStubPei/SpdmStubTestPei.c create mode 100644 DeviceSecurityTestPkg/TestPei/TestSpdmPei/TestSpdmPei.c create mode 100644 DeviceSecurityTestPkg/TestPei/TestSpdmPei/TestSpdmPei.inf create mode 100644 DeviceSecurityTestPkg/readme.md diff --git a/DeviceSecurityTestPkg/DeviceSecurityTestPkg.dec b/DeviceSecurityTestPkg/DeviceSecurityTestPkg.dec new file mode 100644 index 00000000000..9472a5b1c0f --- /dev/null +++ b/DeviceSecurityTestPkg/DeviceSecurityTestPkg.dec @@ -0,0 +1,87 @@ +## @file +# This package provides EDKII Device Security related support. +# +# Copyright (c) 2019, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + DEC_SPECIFICATION = 0x00010005 + PACKAGE_NAME = DeviceSecurityTestPkg + PACKAGE_GUID = 575E6A14-ACD5-4101-A74C-747D49D17AC9 + PACKAGE_VERSION = 0.1 + +[Includes] + Include + ../SecurityPkg/DeviceSecurity/SpdmLib/Include + ../SecurityPkg/DeviceSecurity/SpdmLib/libspdm/include + +[Includes.Common.Private] + #Library/SpdmLib/Include + #Library/SpdmLib/libspdm/include + Include/PrivateTest + +[LibraryClasses] + ## @libraryclass Perform SPDM (following SPDM spec) and measure data to TPM (following TCG PFP spec). + ## + #SpdmSecurityLib|Include/Library/SpdmSecurityLib.h + +[Guids] + gEfiDeviceSecurityPkgTokenSpaceGuid = { 0x506945e8, 0x7603, 0x49ee, { 0xbf, 0x36, 0x6c, 0x28, 0x74, 0xca, 0x26, 0xdc }} + + gEfiDeviceSecurityPkgTestConfig = { 0x6761aa6c, 0x41bf, 0x4a38, { 0x84, 0x93, 0x26, 0x6b, 0x11, 0x98, 0x44, 0xfc }} + + gEfiDeviceSecuritySpdmUidGuid = {0xe37b5665, 0x5ef9, 0x4e7e, {0xb4, 0x91, 0xd6, 0x78, 0xab, 0xff, 0xfb, 0xcb }} + +[Ppis] + + ## Include/Ppi/DeviceSecurity.h + gEdkiiDeviceSecurityPpiGuid = {0x4b05faa, 0x7f36, 0x4dc5, {0xbf, 0xb3, 0x42, 0xde, 0x30, 0xbc, 0x3d, 0x80}} + + + ## Include/Ppi/DeviceSecurityPolicy.h + gEdkiiDeviceSecurityPolicyPpiGuid = {0x5b7b8831, 0xb15b, 0x4e39, {0xad, 0xfc, 0x88, 0x4d, 0x5a, 0x89, 0xf7, 0x4a}} + + ## Include/Ppi/SpdmIo.h + gSpdmIoPpiGuid = {0x02320bff, 0x6b67, 0x4acc, {0x8b, 0x37, 0x45, 0xf4, 0x20, 0xfa, 0x9f, 0x98}} + + ## Include/Ppi/Spdm.h + gSpdmPpiGuid = {0x0a1227b3, 0x0f30, 0x4639, {0xbe, 0xb3, 0xb4, 0x60, 0x77, 0x35, 0xee, 0x89}} + + ## Include/PrivateTest/Ppi/SpdmTest.h + gSpdmTestPpiGuid = {0x9580d073, 0x5c95, 0x469f, {0x9a, 0xbe, 0xd4, 0xbc, 0xb7, 0x5f, 0xbf, 0x5c}} + +[Protocols] + ## Include/Protocol/DeviceSecurityPolicy.h + gEdkiiDeviceSecurityPolicyProtocolGuid = {0x9e15104a, 0x9e7c, 0x437d, {0xb1, 0xf0, 0x6c, 0xbb, 0xfb, 0x75, 0xdc, 0x87}} + + ## Include/Protocol/SpdmIo.h + gSpdmIoProtocolGuid = {0x78cad8aa, 0x7f4, 0x4c9b, {0x95, 0x5e, 0x85, 0x73, 0x2e, 0x37, 0x21, 0x96}} + + ## Include/Protocol/Spdm.h + gSpdmProtocolGuid = {0x4f96162, 0x9ed8, 0x4499, {0x96, 0xd8, 0x58, 0x8c, 0x6d, 0xc6, 0x11, 0x5d}} + + ## Include/PrivateTest/Protocol/SpdmTest.h + gSpdmTestProtocolGuid = {0xcbd8291b, 0x824a, 0x4b28, {0xad, 0x1f, 0x71, 0x1e, 0xc5, 0x4d, 0x13, 0x31}} + +[PcdsFixedAtBuild, PcdsPatchableInModule] + ## PCD to indicate the BaseAsymAlgo in negotiate algorithm message. + # Please refer to MdePkg\Include\IndustryStandard\Spdm.h, SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_xxx. + gEfiDeviceSecurityPkgTokenSpaceGuid.PcdSpdmBaseAsymAlgo|0x01|UINT32|0x00000001 + + ## PCD to indicate the BaseHashAlgo in negotiate algorithm message. + # Please refer to MdePkg\Include\IndustryStandard\Spdm.h, SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_xxx. + gEfiDeviceSecurityPkgTokenSpaceGuid.PcdSpdmBaseHashAlgo|0x01|UINT32|0x00000002 + + ## PCD to indicate the DHENamedGroup in negotiate algorithm message. + # Please refer to MdePkg\Include\IndustryStandard\Spdm.h, SPDM_ALGORITHMS_DHE_NAMED_GROUP_xxx. + gEfiDeviceSecurityPkgTokenSpaceGuid.PcdSpdmDHENamedGroup|0x01|UINT16|0x00000003 + + ## PCD to indicate the AEADCipherSuite in negotiate algorithm message. + # Please refer to MdePkg\Include\IndustryStandard\Spdm.h, SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_xxx. + gEfiDeviceSecurityPkgTokenSpaceGuid.PcdSpdmAEADCipherSuite|0x01|UINT16|0x00000004 + + ## PCD to indicate the KeySchedule in negotiate algorithm message. + # Please refer to MdePkg\Include\IndustryStandard\Spdm.h, SPDM_ALGORITHMS_KEY_SCHEDULE_xxx. + gEfiDeviceSecurityPkgTokenSpaceGuid.PcdSpdmKeySchedule|0x01|UINT16|0x00000005 diff --git a/DeviceSecurityTestPkg/DeviceSecurityTestPkg.dsc b/DeviceSecurityTestPkg/DeviceSecurityTestPkg.dsc new file mode 100644 index 00000000000..9ff9c9a81aa --- /dev/null +++ b/DeviceSecurityTestPkg/DeviceSecurityTestPkg.dsc @@ -0,0 +1,305 @@ +## @file +# This package provides EDKII Device Security related support. +# +# Copyright (c) 2019, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + PLATFORM_NAME = DeviceSecurityTestPkg + PLATFORM_GUID = A4818FC3-1896-4F51-85CA-91F0A1FEBB58 + PLATFORM_VERSION = 0.1 + DSC_SPECIFICATION = 0x00010005 + OUTPUT_DIRECTORY = Build/DeviceSecurityTestPkg + SUPPORTED_ARCHITECTURES = AARCH64|ARM|IA32|X64 + BUILD_TARGETS = DEBUG|RELEASE|NOOPT + SKUID_IDENTIFIER = DEFAULT + +#DEFINE CRYPT_LIB = OPENSSL +#DEFINE CRYPT_LIB = MBEDTLS +DEFINE CRYPT_LIB = OPENSSL + +[LibraryClasses] + # + # Entry point + # + PeiCoreEntryPoint|MdePkg/Library/PeiCoreEntryPoint/PeiCoreEntryPoint.inf + PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf + DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf + UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf + UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiApplicationEntryPoint.inf + # + # Basic + # + BaseLib|MdePkg/Library/BaseLib/BaseLib.inf + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf + SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf + PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf + IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf + PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf + PciCf8Lib|MdePkg/Library/BasePciCf8Lib/BasePciCf8Lib.inf + PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.inf + CacheMaintenanceLib|MdePkg/Library/BaseCacheMaintenanceLib/BaseCacheMaintenanceLib.inf + PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf + PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeCoffGetEntryPointLib.inf + SortLib|MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf + # + # UEFI & PI + # + UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf + UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf + UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf + UefiLib|MdePkg/Library/UefiLib/UefiLib.inf + UefiHiiServicesLib|MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServicesLib.inf + HiiLib|MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf + UefiDecompressLib|MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.inf + PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/PeiServicesTablePointerLib.inf + PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf + DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf + DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf + # + # Generic Modules + # + UefiUsbLib|MdePkg/Library/UefiUsbLib/UefiUsbLib.inf + UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf + SecurityManagementLib|MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf + TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf + SerialPortLib|MdePkg/Library/BaseSerialPortLibNull/BaseSerialPortLibNull.inf + CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf + CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf + # + # Misc + # + DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf + DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf + ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf + PeCoffExtraActionLib|MdePkg/Library/BasePeCoffExtraActionLibNull/BasePeCoffExtraActionLibNull.inf + PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf + DebugAgentLib|MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf + PlatformHookLib|MdeModulePkg/Library/BasePlatformHookLibNull/BasePlatformHookLibNull.inf + ResetSystemLib|MdeModulePkg/Library/BaseResetSystemLibNull/BaseResetSystemLibNull.inf + SmbusLib|MdePkg/Library/DxeSmbusLib/DxeSmbusLib.inf + S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf + CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNull/CpuExceptionHandlerLibNull.inf + PlatformBootManagerLib|MdeModulePkg/Library/PlatformBootManagerLibNull/PlatformBootManagerLibNull.inf + PciHostBridgeLib|MdeModulePkg/Library/PciHostBridgeLibNull/PciHostBridgeLibNull.inf + TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf + AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf + FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + # + # Ec enabled in OpensslLibFull + # + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFull.inf + RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf + + RegisterFilterLib|MdePkg/Library/RegisterFilterLibNull/RegisterFilterLibNull.inf + + SpdmDeviceSecretLib|SecurityPkg/DeviceSecurity/SpdmLib/SpdmDeviceSecretLibNull.inf + SpdmCryptLib|SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf + SpdmCommonLib|SecurityPkg/DeviceSecurity/SpdmLib/SpdmCommonLib.inf + SpdmRequesterLib|SecurityPkg/DeviceSecurity/SpdmLib/SpdmRequesterLib.inf + SpdmResponderLib|SecurityPkg/DeviceSecurity/SpdmLib/SpdmResponderLib.inf + SpdmSecuredMessageLib|SecurityPkg/DeviceSecurity/SpdmLib/SpdmSecuredMessageLib.inf + SpdmTransportMctpLib|SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportMctpLib.inf + SpdmTransportPciDoeLib|SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportPciDoeLib.inf + SpdmSecurityLib|SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf + + CryptlibWrapper|SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.inf + PlatformLibWrapper|SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.inf + MemLibWrapper|SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf + +[LibraryClasses.ARM] + ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf + + # + # It is not possible to prevent the ARM compiler for generic intrinsic functions. + # This library provides the instrinsic functions generate by a given compiler. + # And NULL mean link this library into all ARM images. + # + NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf + + # Add support for GCC stack protector + NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf + +[LibraryClasses.common.PEI_CORE] + HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf + MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf + +[LibraryClasses.common.PEIM] + HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf + MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf + LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxPeiLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + +[LibraryClasses.common.DXE_CORE] + HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf + MemoryAllocationLib|MdeModulePkg/Library/DxeCoreMemoryAllocationLib/DxeCoreMemoryAllocationLib.inf + +[LibraryClasses.common.DXE_DRIVER] + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf +!if $(CRYPT_LIB) == MBEDTLS + BaseCryptLib|CryptoMbedTlsPkg/Library/BaseCryptLib/BaseCryptLib.inf +!else + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +!endif +!if $(TARGET) == DEBUG + DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebugLibReportStatusCode.inf + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf +!endif + DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf + + CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf + +[LibraryClasses.common.DXE_RUNTIME_DRIVER] + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf + DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf + + CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf + +[LibraryClasses.common.SMM_CORE] + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + MemoryAllocationLib|MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemoryAllocationLib.inf + SmmServicesTableLib|MdeModulePkg/Library/PiSmmCoreSmmServicesTableLib/PiSmmCoreSmmServicesTableLib.inf + SmmCorePlatformHookLib|MdeModulePkg/Library/SmmCorePlatformHookLibNull/SmmCorePlatformHookLibNull.inf + SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf + +[LibraryClasses.common.DXE_SMM_DRIVER] + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf + MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAllocationLib.inf + SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf + SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf + +[LibraryClasses.common.UEFI_DRIVER] + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf +!if $(CRYPT_LIB) == MBEDTLS + BaseCryptLib|CryptoMbedTlsPkg/Library/BaseCryptLib/BaseCryptLib.inf +!else + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +!endif +!if $(TARGET) == DEBUG + DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebugLibReportStatusCode.inf + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf +!endif + DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf + +[LibraryClasses.common.UEFI_APPLICATION] + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf +!if $(CRYPT_LIB) == MBEDTLS + BaseCryptLib|CryptoMbedTlsPkg/Library/BaseCryptLib/BaseCryptLib.inf +!else + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +!endif +!if $(TARGET) == DEBUG + DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebugLibReportStatusCode.inf + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf +!endif + DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf + ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf + FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf + ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf + SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf + +[PcdsFixedAtBuild] +!if $(TARGET) == DEBUG + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x1f + gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80080046 + gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x07 +!else + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x0 + gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x0 + gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x0 +!endif + +################################################################################################### +# +# Components Section - list of the modules and components that will be processed by compilation +# tools and the EDK II tools to generate PE32/PE32+/Coff image files. +# +# Note: The EDK II DSC file is not used to specify how compiled binary images get placed +# into firmware volume images. This section is just a list of modules to compile from +# source into UEFI-compliant binaries. +# It is the FDF file that contains information on combining binary files into firmware +# volume images, whose concept is beyond UEFI and is described in PI specification. +# Binary modules do not need to be listed in this section, as they should be +# specified in the FDF file. For example: Shell binary (Shell_Full.efi), FAT binary (Fat.efi), +# Logo (Logo.bmp), and etc. +# There may also be modules listed in this section that are not required in the FDF file, +# When a module listed here is excluded from FDF file, then UEFI-compliant binary will be +# generated for it, but the binary will not be put into any firmware volume. +# +################################################################################################### + +[Components] + DeviceSecurityTestPkg/SpdmDeviceSecurityDxe/SpdmDeviceSecurityDxe.inf + DeviceSecurityTestPkg/Test/DeviceSecurityPolicyStub/DeviceSecurityPolicyStub.inf + DeviceSecurityTestPkg/Test/Tcg2Stub/Tcg2Stub.inf { + + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf + Tpm2DeviceLib|DeviceSecurityTestPkg/Test/Tpm2DeviceLibTestStub/Tpm2DeviceLibTestStub.inf + HashLib|DeviceSecurityTestPkg/Test/HashLibBaseCryptoRouterTestStub/HashLibBaseCryptoRouterTestStub.inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf + } + DeviceSecurityTestPkg/Test/PciIoStub/PciIoStub.inf + DeviceSecurityTestPkg/Test/SpdmStub/SpdmStub.inf { + + SpdmDeviceSecretLib|DeviceSecurityTestPkg/Test/SpdmDeviceSecretLibTestStub/SpdmDeviceSecretLibTestStub.inf + } + DeviceSecurityTestPkg/Test/TestSpdm/TestSpdm.inf + DeviceSecurityTestPkg/Test/DeployCert/DeployCert.inf { + + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf + } + + + DeviceSecurityTestPkg/Test/PciIoPciDoeStub/PciIoPciDoeStub.inf { + + SpdmDeviceSecretLib|DeviceSecurityTestPkg/Test/SpdmDeviceSecretLibTestStub/SpdmDeviceSecretLibTestStub.inf + } + DeviceSecurityTestPkg/Test/SpdmPciDoeStub/SpdmPciDoeStub.inf + + #DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmDeviceSecurityPei.inf + #DeviceSecurityTestPkg/TestPei/DeviceSecurityPolicyStubPei/DeviceSecurityPolicyStubPei.inf + #DeviceSecurityTestPkg/TestPei/PciIoStubPei/PciIoStubPei.inf + #DeviceSecurityTestPkg/TestPei/SpdmStubPei/SpdmStubPei.inf { + # + # SpdmDeviceSecretLib|DeviceSecurityTestPkg/TestPei/SpdmDeviceSecretLibTestStubPei/SpdmDeviceSecretLibTestStubPei.inf + #} + #DeviceSecurityTestPkg/TestPei/TestSpdmPei/TestSpdmPei.inf + +!if $(CRYPT_LIB) == MBEDTLS + CryptoMbedTlsPkg/Test/Cryptest/Cryptest.inf +!else + DeviceSecurityTestPkg/Test/Cryptest/Cryptest.inf +!endif + DeviceSecurityTestPkg/Test/Cryperf/Cryperf.inf + + DeviceSecurityTestPkg/Test/Tcg2DumpLog/Tcg2DumpLog.inf { + + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf + } + +[BuildOptions] + *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES + + MSFT:DEBUG_*_*_CC_FLAGS = /Od /Oy- + MSFT:NOOPT_*_*_CC_FLAGS = /Od /Oy- + + MSFT:*_*_*_DLINK_FLAGS = /ALIGN:4096 /FILEALIGN:4096 /SUBSYSTEM:CONSOLE + + MSFT:DEBUG_*_*_DLINK_FLAGS = /EXPORT:InitializeDriver=$(IMAGE_ENTRY_POINT) /BASE:0x10000 + MSFT:NOOPT_*_*_DLINK_FLAGS = /EXPORT:InitializeDriver=$(IMAGE_ENTRY_POINT) /BASE:0x10000 diff --git a/DeviceSecurityTestPkg/Example/spdm_comid.json b/DeviceSecurityTestPkg/Example/spdm_comid.json new file mode 100644 index 00000000000..da2bd97889c --- /dev/null +++ b/DeviceSecurityTestPkg/Example/spdm_comid.json @@ -0,0 +1,125 @@ +{ + "corim": { // #6.501 (unsigned-corim-map) + "corim.id": "d0c996b044a6a4ce43e5541800123f0a", // 0 + "corim.tags": [ + { // 1: #6.506 (concise-mid-tag) + "comid.tag-identity": { // 1 + "comid.tag-id": "3f06af63a93c11e4979700505690773f", // 0 + "comid.tag-version": 0 // 1 + }, + "comid.entity": { // 2 + "comid.entity-name": "device_entity_name_AAA", // 0 + "comid.reg-id": "http://www.device_vendor.com", // 1 + "comid.role": [ // 2 + "comid.tag-creator", // 0 + "comid.creator" // 1 + ] + }, + "comid.triples": { // 4 + "comid.reference-triples": [ // 0 + [ + { + "comid.class": { // 0 + "comid.class-id": "67b28b6c34cc40a19117ab5b05911e37", // 0 + "comid.vendor": "device_vendor", // 1 + "comid.model": "device_model_AAA", // 2 + "comid.layer": 1, // 3 + "comid.index": 1 // 4 + } + }, + { + "comid.mval": { // 1 + "comid.digests": [ // 2 + [ + "SHA_256", // 1 + "C8BED0AF5473E956F38C0DEF7C0B5047FF756A6A7E666F5F3FB956C5C1652B1E" + ] + ] + } + } + ], + [ + { + "comid.class": { // 0 + "comid.class-id": "67b28b6c34cc40a19117ab5b05911e37", // 0 + "comid.vendor": "device_vendor", // 1 + "comid.model": "device_model_AAA", // 2 + "comid.layer": 1, // 3 + "comid.index": 2 // 4 + } + }, + { + "comid.mval": { // 1 + "comid.digests": [ // 2 + [ + "SHA_256", // 1 + "C6F392711FFFABBEA5986F8E2CEF7F6BAD3BC4BDA1664259406E4675FC66ED8E" + ] + ] + } + } + ], + [ + { + "comid.class": { // 0 + "comid.class-id": "67b28b6c34cc40a19117ab5b05911e37", // 0 + "comid.vendor": "device_vendor", // 1 + "comid.model": "device_model_AAA", // 2 + "comid.layer": 1, // 3 + "comid.index": 3 // 4 + } + }, + { + "comid.mval": { // 1 + "comid.digests": [ // 2 + [ + "SHA_256", // 1 + "C3BE3AAD7A60E53C9BAA8F52219CEF642C32085AD8D42FB42C62D6CF7875D441" + ] + ] + } + } + ], + [ + { + "comid.class": { // 0 + "comid.class-id": "67b28b6c34cc40a19117ab5b05911e37", // 0 + "comid.vendor": "device_vendor", // 1 + "comid.model": "device_model_AAA", // 2 + "comid.layer": 1, // 3 + "comid.index": 4 // 4 + } + }, + { + "comid.mval": { // 1 + "comid.digests": [ // 2 + [ + "SHA_256", // 1 + "946901532CEC8B44733B6BE24618C3BAF940E3EC23191693FA1932AC2E6241C5" + ] + ] + } + } + ], + [ + { + "comid.class": { // 0 + "comid.class-id": "67b28b6c34cc40a19117ab5b05911e37", // 0 + "comid.vendor": "device_vendor", // 1 + "comid.model": "device_model_AAA", // 2 + "comid.layer": 1, // 3 + "comid.index": 16 // 4 + } + }, + { + "comid.mval": { + "comid.svn": 7 // 1 : #6.552 (tagged-svn) + } + } + ] + ] + } + } + ] + } +} \ No newline at end of file diff --git a/DeviceSecurityTestPkg/Example/spdm_coswid.json b/DeviceSecurityTestPkg/Example/spdm_coswid.json new file mode 100644 index 00000000000..7a00a0d0a66 --- /dev/null +++ b/DeviceSecurityTestPkg/Example/spdm_coswid.json @@ -0,0 +1,86 @@ +{ + "corim": { // #6.501 (unsigned-corim-map) + "corim.id": "6F8FE7AF-57A0-4087-83DB-D9D95AB237D4", // 0 + "corim.tags": [ + { // 1: #6.505 (concise-coswid-tag) + "tag-id": "C43C3BDB-74E6-4336-8676-79B3D405FAEA", // 0 + "tag-version": 0, // 12 + "software-name": "device_software_name_AAA", // 1 + "software-version": "device_firmware_version_01", // 13 + "corpus": false, // 8 + "patch": false, // 9 + "supplemental": false, // 11 + "software-meta": [ // 5 + { + "colloquial-version": "device_colloquial_version_1.0", // 45 + "edition": "device_edition_1.0", // 47 + "product": "device_product_AAA", // 52 + "revision": "device_revision_3.7.6" // 54 + } + ], + "entity": [ // 2 + { + "entity-name": "device_entity_name_AAA", // 31 + "role": [ // 33 + "softwareCreator", // 2 + "tagCreator" // 1 + ], + "thumbprint": [ // 34 + "SHA_256", // 1 + "1234567812345678123456781234567812345678123456781234567812345678" + ], + "reg-id": "http://www.device_vendor.com" // 32 + } + ], + "link": [ // 4 + { + "href": "https://github.com/device_vendor/device_AAA", // 38 + "rel": 4 // 40 + } + ], + "payload": { // 6 + "directory": { // 16 + "fs-name": "Device_FS", // 24 + "location": "DeviceBin", // 23 + "path-elements": { // 26 + "file": [ // 17 + { + "fs-name": "Rom.bin", // 24 + "size": 65536, // 20 + "hash": [ // 7 + "SHA_256", // 1 + "C8BED0AF5473E956F38C0DEF7C0B5047FF756A6A7E666F5F3FB956C5C1652B1E" + ] + }, + { + "fs-name": "Firmware.bin", // 24 + "size": 65536, // 20 + "hash": [ // 7 + "SHA_256", // 1 + "C6F392711FFFABBEA5986F8E2CEF7F6BAD3BC4BDA1664259406E4675FC66ED8E" + ] + }, + { + "fs-name": "HwConfig.bin", // 24 + "size": 4096, // 20 + "hash": [ // 7 + "SHA_256", // 1 + "C3BE3AAD7A60E53C9BAA8F52219CEF642C32085AD8D42FB42C62D6CF7875D441" + ] + }, + { + "fs-name": "FwConfig.bin", // 24 + "size": 4096, // 20 + "hash": [ // 7 + "SHA_256", // 1 + "946901532CEC8B44733B6BE24618C3BAF940E3EC23191693FA1932AC2E6241C5" + ] + } + ] + } + } + } + } + ] + } +} \ No newline at end of file diff --git a/DeviceSecurityTestPkg/Example/spdm_event_v1.log b/DeviceSecurityTestPkg/Example/spdm_event_v1.log new file mode 100644 index 00000000000..683d509056b --- /dev/null +++ b/DeviceSecurityTestPkg/Example/spdm_event_v1.log @@ -0,0 +1,174 @@ +Parameter -I: PcrIndex = 0xFFFFFFFF +Parameter -L: LogFormat = 0xFFFFFFFF +Parameter -E: CalculateExpected = 0 +Parameter -BIN: BinayFileName = +ERROR: Tcg2Protocol->GetEventLog(0x1) - Invalid Parameter +EventLogFormat: (0x2) +EventLogLocation: (0x1CD39D33000) +Tcg2Event: + Event: + PCRIndex - 0 + EventType - 0x00000003 + Digest - 0000000000000000000000000000000000000000 + EventSize - 0x00000021 +0000: 53706563204944204576656E743033000000000000020002010000000C003000 +0020: 00 + EventData - Type: EV_NO_ACTION + Unknown EV_NO_ACTION + TCG_EfiSpecIDEventStruct: + signature - 'Spec ID Event03 ' + platformClass - 0x00000000 + specVersion - 2.0.0 + uintnSize - 0x02 + numberOfAlgorithms - 0x00000001 + digest(0) + algorithmId - 0x000C + digestSize - 0x0030 + vendorInfoSize - 0x00 + vendorInfo - + Event: + PCRIndex - 2 + EventType - 0x800000E1 + DigestCount: 0x00000001 + HashAlgo : 0x000C + Digest(0): 82B096EA8A595240F38E2621A9C1ED48303225B93DF5CC9751E052020072A5B3F607EBBF09ABA41467948B5D8CA86326 + EventSize - 0x00000071 +0000: 5350444D20446576696365205365630000007100020000000100000001012300 +0020: 0020007EB24A18990EE4C958C89773DA6CC9FBC5C278357762D02EC6AB947EB2 +0040: 8726FF160000000000000002010C00D041030A000000000101060000007FFF04 +0060: 00000010008680600B0002080186800000 + EventData - Type: EV_EFI_SPDM_FIRMWARE_BLOB + Signature - 'SPDM Device Sec ' + Version - 0x0000 + Length - 0x0071 + SpdmHashAlgo - 0x00000002 + DeviceType - 0x00000001 + SpdmMeasurementBlock: + Index - 0x01 + MeasurementSpec - 0x01 + MeasurementSize - 0x0023 + Measurement: + DMTFSpecMeasurementValueType - 0x00 + DMTFSpecMeasurementValueSize - 0x0020 + DMTFSpecMeasurementValue - 7EB24A18990EE4C958C89773DA6CC9FBC5C278357762D02EC6AB947EB28726FF + DevicePathLength - 0x0000000000000016 + DevicePath - PciRoot(0x0)/Pci(0x0,0x0) + DeviceSecurityEventData - PCI Context + Version - 0x0000 + Length - 0x0010 + VendorId - 0x8086 + DeviceId - 0x0B60 + RevisionID - 0x00 + ClassCode - 0x010802 + SubsystemVendorID - 0x8086 + SubsystemID - 0x0000 + Event: + PCRIndex - 2 + EventType - 0x800000E1 + DigestCount: 0x00000001 + HashAlgo : 0x000C + Digest(0): 5DED1B92195CB96962F34498F762CDBC29859671AD811A58678E62B6290826938F2404BA4FFFF1718A65ABF8EAB9A1D6 + EventSize - 0x00000071 +0000: 5350444D20446576696365205365630000007100020000000100000001012300 +0020: 0120009E50F90FD035924A202C1F5C5246ACC40AB0C3211366E89F0C5D9CF42A +0040: 6A8D78160000000000000002010C00D041030A000000000101060000007FFF04 +0060: 00000010008680600B0002080186800000 + EventData - Type: EV_EFI_SPDM_FIRMWARE_BLOB + Signature - 'SPDM Device Sec ' + Version - 0x0000 + Length - 0x0071 + SpdmHashAlgo - 0x00000002 + DeviceType - 0x00000001 + SpdmMeasurementBlock: + Index - 0x01 + MeasurementSpec - 0x01 + MeasurementSize - 0x0023 + Measurement: + DMTFSpecMeasurementValueType - 0x01 + DMTFSpecMeasurementValueSize - 0x0020 + DMTFSpecMeasurementValue - 9E50F90FD035924A202C1F5C5246ACC40AB0C3211366E89F0C5D9CF42A6A8D78 + DevicePathLength - 0x0000000000000016 + DevicePath - PciRoot(0x0)/Pci(0x0,0x0) + DeviceSecurityEventData - PCI Context + Version - 0x0000 + Length - 0x0010 + VendorId - 0x8086 + DeviceId - 0x0B60 + RevisionID - 0x00 + ClassCode - 0x010802 + SubsystemVendorID - 0x8086 + SubsystemID - 0x0000 + Event: + PCRIndex - 3 + EventType - 0x800000E2 + DigestCount: 0x00000001 + HashAlgo : 0x000C + Digest(0): 92ABD029F8F665B7E76EF7367A1115A00C50994C482058413C239EA39403A5FD9B88B678F5C0DAADC641D3A0DB7ED557 + EventSize - 0x00000071 +0000: 5350444D20446576696365205365630000007100020000000100000001012300 +0020: 022000262CAFD9AEC68ED56EA179EC74E067D73711E60DE530D50AA0F3D6087B +0040: AD0677160000000000000002010C00D041030A000000000101060000007FFF04 +0060: 00000010008680600B0002080186800000 + EventData - Type: EV_EFI_SPDM_FIRMWARE_CONFIG + Signature - 'SPDM Device Sec ' + Version - 0x0000 + Length - 0x0071 + SpdmHashAlgo - 0x00000002 + DeviceType - 0x00000001 + SpdmMeasurementBlock: + Index - 0x01 + MeasurementSpec - 0x01 + MeasurementSize - 0x0023 + Measurement: + DMTFSpecMeasurementValueType - 0x02 + DMTFSpecMeasurementValueSize - 0x0020 + DMTFSpecMeasurementValue - 262CAFD9AEC68ED56EA179EC74E067D73711E60DE530D50AA0F3D6087BAD0677 + DevicePathLength - 0x0000000000000016 + DevicePath - PciRoot(0x0)/Pci(0x0,0x0) + DeviceSecurityEventData - PCI Context + Version - 0x0000 + Length - 0x0010 + VendorId - 0x8086 + DeviceId - 0x0B60 + RevisionID - 0x00 + ClassCode - 0x010802 + SubsystemVendorID - 0x8086 + SubsystemID - 0x0000 + Event: + PCRIndex - 3 + EventType - 0x800000E2 + DigestCount: 0x00000001 + HashAlgo : 0x000C + Digest(0): 297CA75B7CC29D526A3881A02401DC7550C260A13943C3AF20E186EA889E732CB5C98F2E8400727CD13A20553B73342D + EventSize - 0x00000071 +0000: 5350444D20446576696365205365630000007100020000000100000001012300 +0020: 0320003C902E18125F2DA0E87B76F334A19335925453713E04E52A6606244BFF +0040: 74F4CA160000000000000002010C00D041030A000000000101060000007FFF04 +0060: 00000010008680600B0002080186800000 + EventData - Type: EV_EFI_SPDM_FIRMWARE_CONFIG + Signature - 'SPDM Device Sec ' + Version - 0x0000 + Length - 0x0071 + SpdmHashAlgo - 0x00000002 + DeviceType - 0x00000001 + SpdmMeasurementBlock: + Index - 0x01 + MeasurementSpec - 0x01 + MeasurementSize - 0x0023 + Measurement: + DMTFSpecMeasurementValueType - 0x03 + DMTFSpecMeasurementValueSize - 0x0020 + DMTFSpecMeasurementValue - 3C902E18125F2DA0E87B76F334A19335925453713E04E52A6606244BFF74F4CA + DevicePathLength - 0x0000000000000016 + DevicePath - PciRoot(0x0)/Pci(0x0,0x0) + DeviceSecurityEventData - PCI Context + Version - 0x0000 + Length - 0x0010 + VendorId - 0x8086 + DeviceId - 0x0B60 + RevisionID - 0x00 + ClassCode - 0x010802 + SubsystemVendorID - 0x8086 + SubsystemID - 0x0000 +FinalEventsTable: NOT FOUND +Tcg2Event end diff --git a/DeviceSecurityTestPkg/Example/spdm_event_v2.bin b/DeviceSecurityTestPkg/Example/spdm_event_v2.bin new file mode 100644 index 0000000000000000000000000000000000000000..f870ff5f12136959b7891dc85587bc42002e1d0d GIT binary patch literal 8476 zcmeHMc|26#`@eT)>}20FO_pRIM0O2h-(rxhB!=wEAX&1MT`E!$5?Le5N6M1ym271x zqC`U0B>VEclTUrCZ@+J!-yh%qIGu44U<$q#2oT+e717NUSDza^(hGz}?*V1#DGG7Sh)kpSr3;v8r;Qn(2M zPEGIV=8bnjdE*J*C?gyOrHVl#S!pCB(Bfz*w6r+XTCmbc61$RrcYiZG495Na?LZO$ z9tNWY&|xr2SQzv)dl^kiX|SwLq_Xz2HL9T>h7*-N?pl()&fwMPT1kF?n6(^syr09R z+vK>->kwBN0rhIN%qia8)scIcX5@M$dg*l*ll=ht^R8|dRH57C=Ah90b)zUuh0=+D z2YgrT;!A~`R%8^8aXtE{YKzBoHSC8@blBlTS|3DSR@zpi?2&DI zHusFfM0jejGsQe%pmpg^R85`gSpM-cTE|SmYo@e1RJMQV$EubG8zC*y-{fA?tCTkj zag@0?g}U_6JQTapQrz(P?H$GD3X{Cd_Gzlx)B{4FbwuU&6>u{MG}t#B8e&+RFP}(4 znO{l|l6DhG#$kn28OXhTd-ryeAAI|Mw8`kvA==6{HmV z+=tw=>2HLfT4Noa3kMpWWEM^(k9h1dpVn}#(oMWr=s@ad*JSuXp*?$_SKd0WoW*e? zh_hmNiG7iMyQKfj_uX>?!^>+DWEs~6y#KgFYgpj--5anpV zDH<8zefdsyJXCGT_ z&Wu-wwHkv{L6QpJ{@4wjCq+ZAbiL_BFA9F9fcK(@G<0R+DjmEQk zoJuy%Z=h#VpZXb1P$(J<))bwq@3o*L%UV)-VQd1%<2s%S(l1A!DR$SbG}U&{UNx{| zUMpF>IhFN|bX-aKMdZES>|B|qAtk{h zKKZ>Jy7R;M4o-UKcO}-d+}!q~W*40oxKftpvo|z5^>+b)zOR;>9o|pNjo@wLW{clJ zY^cQ@#_FN4cwa|bJPL=mm4HDy;&|enh;@)==L(4c3$cL;45S9SFmOtu41%Ok8@!DG z7>GTn_CPb#F|AZAohz99s`8R*HZhH5C;8d<^z||9&@hTUAWirW*#80hKVbg{?EirM zFTfrhhRA?;X4DQ72Em^Q!EcD`kF;0%N7^fGfff=MK=bdAX4Frlnb`Gm#oIaBc;ivF zcrR~s7?}C}-M_G4@B+kw!5CN=7z#Y=6xl2DE;MIhthJCr2q9?XE0(3B+R%4bNl3t* zGf4V)yXRtO3~%8DYd?=C=QP*3p3WXn(0$91V63V(JjB#n$atqsZO~{)jhpUv8K+W_ zv^!v4vB`h`NVUBeGGO9S@iDxWnPR%%zIz@i;|d!W?aIo^Lb(6h%|mb+eQK#M;5oGU zf?2LFYgikH&$;7twggbN(*fJBmcBJcW=iVMGfIYxVN#F%b@UES7-P5qD8WZ)Zhht@ zS8tecUKr*?+?yB(za^%FTl4jz-2YG^FC0E=c-JaF+e3qlUZUCBpKRS)+Xyd7%^L4L zHXUS?(KBb)c5FmZ9Z9&YDnhcBb@2QnZuC?~=naO)=ZtcZA#80<1l zZA2?>qHPnroQp%!x*DX%>koF>McFAx4n+?2XP(BsLwmTc^^eBU^fU8Mq}t*L#@#1OdtzItfE`GwE>&jYoS4|5_ZFfM8AsilF@HzfX| zG^cBc%di~C$y$*-<-b@G)A?9g^!~^601c6Fd9!w%n#kv$+NDFTYt!)&&~Cu>~gQ1*Az77KE;3WoQi39h@U|}li>VOXZ7QXMcJ8^2%ZE^kE~Y( z^VYjx?yELr-AHuxU^gCd4~x;tVQ;&NyU5>vz96nqsD{!@4s(AESslwy>Vvyfc;06r z=R^3J1ElGzlZ;tgqB1(lHuQU(ySJV&)-Y_SABn~2o4^mSfMNzmKG5Z^kBSNh zALUQ<9en)m+>{J0iT5YD)t7+kBrj5}d_*SJ$)JLYtFUHz0FxS=$4ntl zmE5E`^qK}A;Z;DX?+HcfQxHbs{>G@E_sIVbWqt=)`^ER6d3PX->nF(a!h8A<@DOZ$ z#jF2}+CgH}4nk2o2m*;3pFEv;k#$qf+&trt>C(#Pkod{%zJs&P$^v|s%h6X2M-6Yu zKI4~2cMfR~SlIteYw!fWrEx^R~EODA0w_qA*fYY6pRKT>R6qpGJScSH-Tp=K;6E+Kh9O8TIT zEE+BN4P;PgTz#Y<-{BvY#2k-m3&?0Xxp!acrodSY`?ZP~IZ|toGo(PdKx{z~x6wbrv5W0A)`4er#1v68J2h4k7tg>QKqQ(}wg9}X$?B!j4op$y5dsLsI zCP9E_mG(B`J(tJqQ;V^f#TuO=wrReY`!Fx+y}P!OQBQ=$bv_76@zQ|P>vZ(t1Tym?5=MvyEMD}_Rt?&iX@5ITFYRy)-t5zAr(?rb{tAR(kL265pZ(<=1X+k z05WC1sO0?v90a_7CknBr-E3SPZBaxl{!)mkJz}BVNg1kYVsv%Y^flA~)ED)CYko9} z>H5GMmcbS|CAc%~aE!f(=AZ#@ve&driP_2va@Ff+BMPGe*n+rQ4A~=fd!qB)%%G)z zXB5*jyHPjH6!N-HE_<#!5VM_czkSC} zH3hOec`a$5UY39P$#0J(Hw9<*Nr4t}=9$uiv~3Y?7{lby#ED$I0o8y}Pw?rD=0L zUI_W~C;3NLoC9$wO0&|zuFhg3=C*=#@*m9%$x;`0+3rK&#`D+p*qZZsS3GFzrV1)A zRpJLc|2M9{AXh*X(DEt4bI+Ue_t~(YiT~LZVy1iK z+gsV7*TmkONC4~4X-<+ zg}8btscwVMX=uG)nM~AwHF?i>@;@_q3uFYs=>TPDA_A(!1?Zvrv*|x#Celvs0%^_3 z^nROhjJ0Ka()1WI+kH?({krR2!P7~;@r_k$CFyJ=S@w#4R((wN1{TnIzr#$H9p|7x z&00?lgEKKw(^Jzo#zD~YyYi!L+D1}ae}z$=DaHC*O3ZBf_t>2Am$vF + + + + + + + + + + + + \ No newline at end of file diff --git a/DeviceSecurityTestPkg/Include/IndustryStandard/PcieDoeCapbility.h b/DeviceSecurityTestPkg/Include/IndustryStandard/PcieDoeCapbility.h new file mode 100644 index 00000000000..177ece3b8e0 --- /dev/null +++ b/DeviceSecurityTestPkg/Include/IndustryStandard/PcieDoeCapbility.h @@ -0,0 +1,74 @@ +/** @file + PCIe DOE Capability structure definitions + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _PCIE_DOE_CAPBILITY_H_ +#define _PCIE_DOE_CAPBILITY_H_ + +#include + +// +// The Data Object Exchange PCI Express Extended Capability definitions. +// Based on section x.x.x of PCI Express Base Specification x.x. +// +#define PCI_EXPRESS_EXTENDED_CAPABILITY_DOE_ID 0x002E +#define PCI_EXPRESS_EXTENDED_CAPABILITY_DOE_VER1 0x1 + +// +// Register offsets from Data Object Exchange PCIe Ext Cap Header +// +#define PCI_EXPRESS_REG_DOE_CAPABILITIES_OFFSET 0x04 +#define PCI_EXPRESS_REG_DOE_CONTROL_OFFSET 0x08 +#define PCI_EXPRESS_REG_DOE_STATUS_OFFSET 0x0C +#define PCI_EXPRESS_REG_DOE_WRITE_DATA_MAILBOX_OFFSET 0x10 +#define PCI_EXPRESS_REG_DOE_READ_DATA_MAILBOX_OFFSET 0x14 + + +#pragma pack(1) + +typedef union { + struct { + UINT32 InterruptSupport : 1; // bit 0 + UINT32 DoeInterruptMessageNumber : 11; // bit 1:11 + UINT32 Reserved : 20; // Reserved bit 12:31 + } Bits; + UINT32 Uint32; +} PCI_EXPRESS_REG_DOE_CAPABILITIES; + +typedef union { + struct { + UINT32 DoeAbort : 1; // bit 0 + UINT32 DoeInterruptEnable : 1; // bit 1 + UINT32 Reserved : 29; // Reserved bit 2:30 + UINT32 DoeGo : 1; // bit 31 + } Bits; + UINT32 Uint32; +} PCI_EXPRESS_REG_DOE_CONTROL; + +typedef union { + struct { + UINT32 DoeBusy : 1; // bit 0 + UINT32 DoeInterruptStatus : 1; // bit 1 + UINT32 DoeError : 1; // bit 2 + UINT32 Reserved : 28; // Reserved bit 3:30 + UINT32 DataObjectReady : 1; // bit 31 + } Bits; + UINT32 Uint32; +} PCI_EXPRESS_REG_DOE_STATUS; + +typedef struct { + PCI_EXPRESS_EXTENDED_CAPABILITIES_HEADER Header; + PCI_EXPRESS_REG_DOE_CAPABILITIES Capability; + PCI_EXPRESS_REG_DOE_CONTROL Control; + PCI_EXPRESS_REG_DOE_STATUS Status; + UINT32 DoeWriteDataMailbox; + UINT32 DoeReadDataMailbox; +} PCI_EXPRESS_EXTENDED_CAPABILITIES_DOE; + +#pragma pack() + +#endif \ No newline at end of file diff --git a/DeviceSecurityTestPkg/Include/Ppi/DeviceSecurity.h b/DeviceSecurityTestPkg/Include/Ppi/DeviceSecurity.h new file mode 100644 index 00000000000..a163e0e5a0f --- /dev/null +++ b/DeviceSecurityTestPkg/Include/Ppi/DeviceSecurity.h @@ -0,0 +1,143 @@ +/** @file + Device Security PPI definition. + + It is used to authenticate a device based upon the platform policy. + It is similar to the EFI_SECURITY_ARCH_PPI, which is used to verify a image. + +Copyright (c) 2019, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + + +#ifndef __DEVICE_SECURITY_H__ +#define __DEVICE_SECURITY_H__ + +// +// Device Security PPI GUID value +// +#define EDKII_DEVICE_SECURITY_PPI_GUID \ + { \ + 0x4b05faa, 0x7f36, 0x4dc5, { 0xbf, 0xb3, 0x42, 0xde, 0x30, 0xbc, 0x3d, 0x80 } \ + } + +// +// Forward reference for pure ANSI compatability +// +typedef struct _EDKII_DEVICE_SECURITY_PPI EDKII_DEVICE_SECURITY_PPI; + +// +// Revision The revision to which the DEVICE_SECURITY interface adheres. +// All future revisions must be backwards compatible. +// If a future version is not back wards compatible it is not the same GUID. +// +#define EDKII_DEVICE_SECURITY_PPI_REVISION 0x00010000 + +// +// The device identifier. +// +typedef struct { + /// + /// Version of this data structure. + /// + UINT32 Version; + /// + /// Type of the device. + /// This field is also served as a device Access protocol GUID. + /// The device access protocol is installed on the DeviceHandle. + /// The device access protocol is device specific. + /// EDKII_DEVICE_IDENTIFIER_TYPE_PCI_GUID means the device access protocol is PciIo. + /// EDKII_DEVICE_IDENTIFIER_TYPE_USB_GUID means the device access protocol is UsbIo. + /// + EFI_GUID DeviceType; + /// + /// The handle created for this device. + /// NOTE: This might be a temporary handle. + /// If the device is not authenticated, this handle shall be uninstalled. + /// + /// As minimal requirement, there should be 2 protocols installed on the device handle. + /// 1) An EFI_DEVICE_PATH_PROTOCOL with EFI_DEVICE_PATH_PROTOCOL_GUID. + /// 2) A device access protocol with EDKII_DEVICE_IDENTIFIER_TYPE_xxx_GUID. + /// If the device is PCI device, the EFI_PCI_IO_PROTOCOL is installed with + /// EDKII_DEVICE_IDENTIFIER_TYPE_PCI_GUID. + /// If the device is USB device, the EFI_USB_IO_PROTOCOL is installed with + /// EDKII_DEVICE_IDENTIFIER_TYPE_USB_GUID. + /// + /// The device access protocol is required, because the verifier need have a way + /// to communciate with the device hardware to get the measurement or do the + /// challenge/response for the device authentication. + /// + /// NOTE: We don't use EFI_PCI_IO_PROTOCOL_GUID or EFI_USB_IO_PROTOCOL_GUID here, + /// because we don't want to expose a real protocol. A platform may have driver + /// register a protocol notify function. Installing a real protocol may cause + /// the callback function being executed before the device is authenticated. + /// + EFI_HANDLE DeviceHandle; +} EDKII_DEVICE_IDENTIFIER; + +// +// Revision The revision to which the DEVICE_IDENTIFIER interface adheres. +// All future revisions must be backwards compatible. +// +#define EDKII_DEVICE_IDENTIFIER_REVISION 0x00010000 + +/** + The device driver uses this service to measure and/or verify a device. + + The flow in device driver is: + 1) Device driver discovers a new device. + 2) Device driver creates an EFI_DEVICE_PATH_PROTOCOL. + 3) Device driver creates a device access protocol. e.g. + EFI_PCI_IO_PROTOCOL for PCI device. + EFI_USB_IO_PROTOCOL for USB device. + EFI_EXT_SCSI_PASS_THRU_PROTOCOL for SCSI device. + EFI_ATA_PASS_THRU_PROTOCOL for ATA device. + EFI_NVM_EXPRESS_PASS_THRU_PROTOCOL for NVMe device. + EFI_SD_MMC_PASS_THRU_PROTOCOL for SD/MMC device. + 4) Device driver installs the EFI_DEVICE_PATH_PROTOCOL with EFI_DEVICE_PATH_PROTOCOL_GUID, + and the device access protocol with EDKII_DEVICE_IDENTIFIER_TYPE_xxx_GUID. + Once it is done, a DeviceHandle is returned. + 5) Device driver creates EDKII_DEVICE_IDENTIFIER with EDKII_DEVICE_IDENTIFIER_TYPE_xxx_GUID + and the DeviceHandle. + 6) Device driver calls DeviceAuthenticate(). + 7) If DeviceAuthenticate() returns EFI_SECURITY_VIOLATION, the device driver uninstalls + all protocols on this handle. + 8) If DeviceAuthenticate() returns EFI_SUCCESS, the device driver installs the device access + protocol with a real protocol GUID. e.g. + EFI_PCI_IO_PROTOCOL with EFI_PCI_IO_PROTOCOL_GUID. + EFI_USB_IO_PROTOCOL with EFI_USB_IO_PROTOCOL_GUID. + + @param[in] This The protocol instance pointer. + @param[in] DeviceId The Identifier for the device. + + @retval EFI_SUCCESS The device specified by the DeviceId passed the measurement + and/or authentication based upon the platform policy. + If TCG measurement is required, the measurement is extended to TPM PCR. + @retval EFI_SECURITY_VIOLATION The device fails to return the measurement data. + @retval EFI_SECURITY_VIOLATION The device fails to response the authentication request. + @retval EFI_SECURITY_VIOLATION The system fails to verify the device based upon the authentication response. + @retval EFI_SECURITY_VIOLATION The system fails to extend the measurement to TPM PCR. +**/ +typedef +EFI_STATUS +(EFIAPI *EDKII_DEVICE_AUTHENTICATE)( + IN EDKII_DEVICE_SECURITY_PPI *This, + IN EDKII_DEVICE_IDENTIFIER *DeviceId + ); + +/// +/// Device Security PPI structure. +/// It is similar to the EFI_SECURITY_ARCH_PPI, which is used to verify a image. +/// This PPI is used to authenticate a device based upon the platform policy. +/// +struct _EDKII_DEVICE_SECURITY_PPI { + UINT64 Revision; + EDKII_DEVICE_AUTHENTICATE DeviceAuthenticate; +}; + +/// +/// Device Security PPI GUID variable. +/// +extern EFI_GUID gEdkiiDeviceSecurityPpiGuid; + +#endif diff --git a/DeviceSecurityTestPkg/Include/Ppi/DeviceSecurityPolicy.h b/DeviceSecurityTestPkg/Include/Ppi/DeviceSecurityPolicy.h new file mode 100644 index 00000000000..cfdaa579814 --- /dev/null +++ b/DeviceSecurityTestPkg/Include/Ppi/DeviceSecurityPolicy.h @@ -0,0 +1,134 @@ +/** @file + Platform Device Security Policy PPI definition + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + + +#ifndef __EDKII_DEVICE_SECURITY_POLICY_PPI_H__ +#define __EDKII_DEVICE_SECURITY_POLICY_PPI_H__ + +#include +#include + +typedef struct _EDKII_DEVICE_SECURITY_POLICY_PPI EDKII_DEVICE_SECURITY_POLICY_PPI; + +// +// Revision The revision to which the DEVICE_SECURITY_POLICY PPI interface adheres. +// All future revisions must be backwards compatible. +// If a future version is not back wards compatible it is not the same GUID. +// +#define EDKII_DEVICE_SECURITY_POLICY_PPI_REVISION 0x00010000 + +// +// Revision The revision to which the DEVICE_SECURITY_POLICY structure adheres. +// All future revisions must be backwards compatible. +// +#define EDKII_DEVICE_SECURITY_POLICY_REVISION 0x00010000 + +/// +/// The macro for the policy defined in EDKII_DEVICE_SECURITY_POLICY +/// +#define EDKII_DEVICE_MEASUREMENT_REQUIRED BIT0 +#define EDKII_DEVICE_AUTHENTICATION_REQUIRED BIT0 + +/// +/// The device security policy data structure +/// +typedef struct { + UINT32 Revision; + UINT32 MeasurementPolicy; + UINT32 AuthenticationPolicy; +} EDKII_DEVICE_SECURITY_POLICY; + +// +// Revision The revision to which the DEVICE_SECURITY_STATE structure adheres. +// All future revisions must be backwards compatible. +// +#define EDKII_DEVICE_SECURITY_STATE_REVISION 0x00010000 + +/// +/// The macro for the state defined in EDKII_DEVICE_SECURITY_STATE +/// +#define EDKII_DEVICE_SECURITY_STATE_SUCCESS 0 +#define EDKII_DEVICE_SECURITY_STATE_ERROR BIT31 +#define EDKII_DEVICE_SECURITY_STATE_ERROR_UEFI_UNSUPPORTED (EDKII_DEVICE_SECURITY_STATE_ERROR + 0x0) +#define EDKII_DEVICE_SECURITY_STATE_ERROR_UEFI_GET_POLICY_PPI (EDKII_DEVICE_SECURITY_STATE_ERROR + 0x1) +#define EDKII_DEVICE_SECURITY_STATE_ERROR_UEFI_OUT_OF_RESOURCE (EDKII_DEVICE_SECURITY_STATE_ERROR + 0x2) +#define EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_NO_CAPABILITIES (EDKII_DEVICE_SECURITY_STATE_ERROR + 0x10) +#define EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_ERROR (EDKII_DEVICE_SECURITY_STATE_ERROR + 0x11) +#define EDKII_DEVICE_SECURITY_STATE_ERROR_TCG_EXTEND_TPM_PCR (EDKII_DEVICE_SECURITY_STATE_ERROR + 0x20) +#define EDKII_DEVICE_SECURITY_STATE_ERROR_MEASUREMENT_AUTH_FAILURE (EDKII_DEVICE_SECURITY_STATE_ERROR + 0x21) +#define EDKII_DEVICE_SECURITY_STATE_ERROR_CHALLENGE_FAILURE (EDKII_DEVICE_SECURITY_STATE_ERROR + 0x30) +#define EDKII_DEVICE_SECURITY_STATE_ERROR_CERTIFIACTE_FAILURE (EDKII_DEVICE_SECURITY_STATE_ERROR + 0x31) +#define EDKII_DEVICE_SECURITY_STATE_ERROR_NO_CERT_PROVISION (EDKII_DEVICE_SECURITY_STATE_ERROR + 0x32) + +/// +/// The device security state data structure +/// +typedef struct { + UINT32 Revision; + UINT32 MeasurementState; + UINT32 AuthenticationState; +} EDKII_DEVICE_SECURITY_STATE; + +/** + This function returns the device security policy associated with the device. + + The device security driver may call this interface to get the platform policy + for the specific device and determine if the measurement or authentication + is required. + + @param[in] This The PPI instance pointer. + @param[in] DeviceId The Identifier for the device. + @param[out] DeviceSecurityPolicy The Device Security Policy associated with the device. + + @retval EFI_SUCCESS The device security policy is returned + @retval EFI_UNSUPPORTED The function is unsupported for the specific Device. +**/ +typedef +EFI_STATUS +(EFIAPI *EDKII_DEVICE_SECURITY_GET_DEVICE_POLICY) ( + IN EDKII_DEVICE_SECURITY_POLICY_PPI *This, + IN EDKII_DEVICE_IDENTIFIER *DeviceId, + OUT EDKII_DEVICE_SECURITY_POLICY *DeviceSecurityPolicy + ); + +/** + This function sets the device state based upon the authentication result. + + The device security driver may call this interface to give the platform + a notify based upon the measurement or authentication result. + If the authentication or measurement fails, the platform may choose: + 1) Do nothing. + 2) Disable this device or slot temporarily and continue boot. + 3) Reset the platform and retry again. + 4) Disable this device or slot permanently. + 5) Any other platform specific action. + + @param[in] This The PPI instance pointer. + @param[in] DeviceId The Identifier for the device. + @param[in] DeviceSecurityState The Device Security state associated with the device. + + @retval EFI_SUCCESS The device state is set. + @retval EFI_UNSUPPORTED The function is unsupported for the specific Device. +**/ +typedef +EFI_STATUS +(EFIAPI *EDKII_DEVICE_SECURITY_NOTIFY_DEVICE_STATE) ( + IN EDKII_DEVICE_SECURITY_POLICY_PPI *This, + IN EDKII_DEVICE_IDENTIFIER *DeviceId, + IN EDKII_DEVICE_SECURITY_STATE *DeviceSecurityState + ); + +struct _EDKII_DEVICE_SECURITY_POLICY_PPI { + UINT32 Revision; + EDKII_DEVICE_SECURITY_GET_DEVICE_POLICY GetDevicePolicy; + EDKII_DEVICE_SECURITY_NOTIFY_DEVICE_STATE NotifyDeviceState; +}; + +extern EFI_GUID gEdkiiDeviceSecurityPolicyPpiGuid; + +#endif diff --git a/DeviceSecurityTestPkg/Include/Ppi/Spdm.h b/DeviceSecurityTestPkg/Include/Ppi/Spdm.h new file mode 100644 index 00000000000..fcf4c054fee --- /dev/null +++ b/DeviceSecurityTestPkg/Include/Ppi/Spdm.h @@ -0,0 +1,196 @@ +/** @file + SPDM PPI definition + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __SPDM_PPI_H__ +#define __SPDM_PPI_H__ + +#include +#include + +typedef struct _SPDM_PPI SPDM_PPI; + +/** + Set a SPDM local Data. + + @param This Indicates a pointer to the calling context. + @param DataType Type of the session data. + @param Data A pointer to the session data. + @param DataSize Size of the session data. + + @retval RETURN_SUCCESS The SPDM session data is set successfully. + @retval RETURN_INVALID_PARAMETER The Data is NULL or the DataType is zero. + @retval RETURN_UNSUPPORTED The DataType is unsupported. + @retval RETURN_ACCESS_DENIED The DataType cannot be set. + @retval RETURN_NOT_READY Current session is not started. +**/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_SET_DATA_FUNC) ( + IN SPDM_PPI *This, + IN SPDM_DATA_TYPE DataType, + IN SPDM_DATA_PARAMETER *Parameter, + IN VOID *Data, + IN UINTN DataSize + ); + +/** + Get a SPDM local or remote Data. + + If the data is session specific, the session ID should be input. + + @param This Indicates a pointer to the calling context. + @param DataType Type of the session data. + @param Data A pointer to the session data. + @param DataSize Size of the session data. On input, it means the size of Data + buffer. On output, it means the size of copied Data buffer if + RETURN_SUCCESS, and means the size of desired Data buffer if + RETURN_BUFFER_TOO_SMALL. + + @retval RETURN_SUCCESS The SPDM session data is set successfully. + @retval RETURN_INVALID_PARAMETER The DataSize is NULL or the Data is NULL and *DataSize is not zero. + @retval RETURN_UNSUPPORTED The DataType is unsupported. + @retval RETURN_NOT_FOUND The DataType cannot be found. + @retval RETURN_NOT_READY The DataType is not ready to return. + @retval RETURN_BUFFER_TOO_SMALL The buffer is too small to hold the data. +**/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_GET_DATA_FUNC) ( + IN SPDM_PPI *This, + IN SPDM_DATA_TYPE DataType, + IN SPDM_DATA_PARAMETER *Parameter, + IN OUT VOID *Data, + IN OUT UINTN *DataSize + ); + +/** + Start a SPDM Session. + + @param This Indicates a pointer to the calling context. + + @retval RETURN_SUCCESS The SPDM session is started. +**/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_START_SESSION_FUNC) ( + IN SPDM_PPI *This, + IN BOOLEAN UsePsk, + IN UINT8 MeasurementHashType, + IN UINT8 SlotNum, + OUT UINT32 *SessionId, + OUT UINT8 *HeartbeatPeriod, + OUT VOID *MeasurementHash + ); + +/** + Stop a SPDM Session. + + @param This Indicates a pointer to the calling context. + + @retval RETURN_SUCCESS The SPDM session is stopped. +**/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_STOP_SESSION_FUNC) ( + IN SPDM_PPI *This, + IN UINT32 SessionId, + IN UINT8 EndSessionAttributes + ); + +/* + Call GetVersion, GetCapabilities, NegotiateAlgorithms + + The negotiated data can be get via GetData. +*/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_INIT_CONNECTION_FUNC) ( + IN SPDM_PPI *This + ); + +/* + Get all digest of the CertificateChains returned from device. + + TotalDigestSize = sizeof(Digest) * Count in SlotMask +*/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_GET_DIGEST_FUNC) ( + IN SPDM_PPI *This, + OUT UINT8 *SlotMask, + OUT VOID *TotalDigestBuffer + ); + +/* + Get CertificateChain in one slot returned from device. +*/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_GET_CERTIFICATE_FUNC) ( + IN SPDM_PPI *This, + IN UINT8 SlotNum, + IN OUT UINTN *CertChainSize, + OUT VOID *CertChain + ); + +/* + Authenticate based upon the key in one slot. +*/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_CHALLENGE_FUNC) ( + IN SPDM_PPI *This, + IN UINT8 SlotNum, + IN UINT8 MeasurementHashType, + OUT VOID *MeasurementHash + ); + +/* + Get measurement +*/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_GET_MEASUREMENT_FUNC) ( + IN SPDM_PPI *This, + IN UINT8 RequestAttribute, + IN UINT8 MeasurementOperation, + IN UINT8 SlotNum, + OUT UINT8 *NumberOfBlocks, + IN OUT UINT32 *MeasurementRecordLength, + OUT VOID *MeasurementRecord + ); + +/* + Send receive SPDM data. +*/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_SEND_RECEIVE_DATA_FUNC) ( + IN SPDM_PPI *This, + IN UINT32 *SessionId, + IN BOOLEAN IsAppMessage, + IN VOID *Request, + IN UINTN RequestSize, + IN OUT VOID *Response, + IN OUT UINTN *ResponseSize + ); + +struct _SPDM_PPI { + SPDM_SET_DATA_FUNC SetData; + SPDM_GET_DATA_FUNC GetData; + SPDM_INIT_CONNECTION_FUNC InitConnection; + SPDM_GET_DIGEST_FUNC GetDigest; + SPDM_GET_CERTIFICATE_FUNC GetCertificate; + SPDM_CHALLENGE_FUNC Challenge; + SPDM_GET_MEASUREMENT_FUNC GetMeasurement; + SPDM_START_SESSION_FUNC StartSession; + SPDM_STOP_SESSION_FUNC StopSession; + SPDM_SEND_RECEIVE_DATA_FUNC SendReceiveData; +}; + +#endif diff --git a/DeviceSecurityTestPkg/Include/Ppi/SpdmIo.h b/DeviceSecurityTestPkg/Include/Ppi/SpdmIo.h new file mode 100644 index 00000000000..3791c704258 --- /dev/null +++ b/DeviceSecurityTestPkg/Include/Ppi/SpdmIo.h @@ -0,0 +1,91 @@ +/** @file + SPDM IO PPI definition + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __SPDM_IO_PPI_H__ +#define __SPDM_IO_PPI_H__ + +#include +#include + +typedef struct _SPDM_IO_PPI SPDM_IO_PPI; + +/** + Send a SPDM transport layer message to a device. + + For requester, the message is an SPDM request. + For responder, the message is an SPDM response. + + @param This Indicates a pointer to the calling context. + @param MessageSize Size in bytes of the message data buffer. + @param Message A pointer to a destination buffer to store the message. + The caller is responsible for having + either implicit or explicit ownership of the buffer. + @param Timeout The timeout, in 100ns units, to use for the execution + of the message. A Timeout value of 0 + means that this function will wait indefinitely for the + message to execute. If Timeout is greater + than zero, then this function will return RETURN_TIMEOUT if the + time required to execute the message is greater + than Timeout. + + @retval RETURN_SUCCESS The SPDM message is sent successfully. + @retval RETURN_DEVICE_ERROR A device error occurs when the SPDM message is sent to the device. + @retval RETURN_INVALID_PARAMETER The Message is NULL or the MessageSize is zero. + @retval RETURN_TIMEOUT A timeout occurred while waiting for the SPDM message + to execute. +**/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_IO_SECURE_SEND_MESSAGE_FUNC) ( + IN SPDM_IO_PPI *This, + IN UINTN MessageSize, + IN VOID *Message, + IN UINT64 Timeout + ); + +/** + Receive a SPDM message from a device. + + For requester, the message is an SPDM response. + For responder, the message is an SPDM request. + + @param This Indicates a pointer to the calling context. + @param MessageSize Size in bytes of the message data buffer. + @param Message A pointer to a destination buffer to store the message. + The caller is responsible for having + either implicit or explicit ownership of the buffer. + @param Timeout The timeout, in 100ns units, to use for the execution + of the message. A Timeout value of 0 + means that this function will wait indefinitely for the + message to execute. If Timeout is greater + than zero, then this function will return RETURN_TIMEOUT if the + time required to execute the message is greater + than Timeout. + + @retval RETURN_SUCCESS The SPDM message is received successfully. + @retval RETURN_DEVICE_ERROR A device error occurs when the SPDM message is received from the device. + @retval RETURN_INVALID_PARAMETER The Message is NULL, MessageSize is NULL or + the *MessageSize is zero. + @retval RETURN_TIMEOUT A timeout occurred while waiting for the SPDM message + to execute. +**/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_IO_SECURE_RECEIVE_MESSAGE_FUNC) ( + IN SPDM_IO_PPI *This, + IN OUT UINTN *MessageSize, + OUT VOID *Message, + IN UINT64 Timeout + ); + +struct _SPDM_IO_PPI { + SPDM_IO_SECURE_SEND_MESSAGE_FUNC SendMessage; + SPDM_IO_SECURE_RECEIVE_MESSAGE_FUNC ReceiveMessage; +}; + +#endif diff --git a/DeviceSecurityTestPkg/Include/PrivateTest/Ppi/SpdmTest.h b/DeviceSecurityTestPkg/Include/PrivateTest/Ppi/SpdmTest.h new file mode 100644 index 00000000000..8ab9f0b245c --- /dev/null +++ b/DeviceSecurityTestPkg/Include/PrivateTest/Ppi/SpdmTest.h @@ -0,0 +1,125 @@ +/** @file + SPDM Test PPI definition + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __SPDM_TEST_PPI_H__ +#define __SPDM_TEST_PPI_H__ + +#include +#include +#include + +typedef struct _SPDM_TEST_PPI SPDM_TEST_PPI; + +/** + Set a SPDM Session Data. + + @param This Indicates a pointer to the calling context. + @param DataType Type of the session data. + @param Data A pointer to the session data. + @param DataSize Size of the session data. + + @retval RETURN_SUCCESS The SPDM session data is set successfully. + @retval RETURN_INVALID_PARAMETER The Data is NULL or the DataType is zero. + @retval RETURN_UNSUPPORTED The DataType is unsupported. + @retval RETURN_ACCESS_DENIED The DataType cannot be set. + @retval RETURN_NOT_READY Current session is not started. +**/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_TEST_SET_DATA) ( + IN SPDM_TEST_PPI *This, + IN SPDM_DATA_TYPE DataType, + IN SPDM_DATA_PARAMETER *Parameter, + IN VOID *Data, + IN UINTN DataSize + ); + +/** + Get a SPDM Session Data. + + @param This Indicates a pointer to the calling context. + @param DataType Type of the session data. + @param Data A pointer to the session data. + @param DataSize Size of the session data. On input, it means the size of Data + buffer. On output, it means the size of copied Data buffer if + RETURN_SUCCESS, and means the size of desired Data buffer if + RETURN_BUFFER_TOO_SMALL. + + @retval RETURN_SUCCESS The SPDM session data is set successfully. + @retval RETURN_INVALID_PARAMETER The DataSize is NULL or the Data is NULL and *DataSize is not zero. + @retval RETURN_UNSUPPORTED The DataType is unsupported. + @retval RETURN_NOT_FOUND The DataType cannot be found. + @retval RETURN_NOT_READY The DataType is not ready to return. + @retval RETURN_BUFFER_TOO_SMALL The buffer is too small to hold the data. +**/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_TEST_GET_DATA) ( + IN SPDM_TEST_PPI *This, + IN SPDM_DATA_TYPE DataType, + IN SPDM_DATA_PARAMETER *Parameter, + IN OUT VOID *Data, + IN OUT UINTN *DataSize + ); + + +/** + Process a packet in the current SPDM session. + + @param This Indicates a pointer to the calling context. + @param Request A pointer to the request data. + @param RequestSize Size of the request data. + @param Response A pointer to the response data. + @param ResponseSize Size of the response data. + On output, it means the size of copied Data buffer if + RETURN_SUCCESS, and means the size of desired Data buffer if + RETURN_BUFFER_TOO_SMALL. + + @retval RETURN_SUCCESS The SPDM request is set successfully. + @retval RETURN_INVALID_PARAMETER The DataSize is NULL or the Data is NULL and *DataSize is not zero. + @retval RETURN_UNSUPPORTED The DataType is unsupported. + @retval RETURN_NOT_FOUND The DataType cannot be found. + @retval RETURN_NOT_READY The DataType is not ready to return. + @retval RETURN_BUFFER_TOO_SMALL The buffer is too small to hold the data. + @retval RETURN_TIMEOUT A timeout occurred while waiting for the SPDM request + to execute. +**/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_TEST_PROCESS_PACKET_CALLBACK) ( + IN VOID *Request, + IN UINTN RequestSize, + OUT VOID *Response, + IN OUT UINTN *ResponseSize + ); + + +/** + Register a callback function to process a packet in the current SPDM session. + + @param This Indicates a pointer to the calling context. + @param Callback Process packet callback function. + + @retval RETURN_SUCCESS The SPDM callback is registered successfully. +**/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_TEST_REGISTER_PROCESS_PACKET_CALLBACK) ( + IN SPDM_TEST_PPI *This, + IN SPDM_TEST_PROCESS_PACKET_CALLBACK Callback + ); + +struct _SPDM_TEST_PPI { + SPDM_TEST_SET_DATA SetData; + SPDM_TEST_GET_DATA GetData; + SPDM_TEST_REGISTER_PROCESS_PACKET_CALLBACK RegisterProcessPacketCallback; +}; + +extern GUID gSpdmTestPpiGuid; + +#endif diff --git a/DeviceSecurityTestPkg/Include/PrivateTest/Protocol/SpdmTest.h b/DeviceSecurityTestPkg/Include/PrivateTest/Protocol/SpdmTest.h new file mode 100644 index 00000000000..e78eee40e02 --- /dev/null +++ b/DeviceSecurityTestPkg/Include/PrivateTest/Protocol/SpdmTest.h @@ -0,0 +1,123 @@ +/** @file + SPDM Test Protocol definition + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __SPDM_TEST_PROTOCOL_H__ +#define __SPDM_TEST_PROTOCOL_H__ + +#include +#include +#include + +typedef struct _SPDM_TEST_PROTOCOL SPDM_TEST_PROTOCOL; + +/** + Set a SPDM Session Data. + + @param This Indicates a pointer to the calling context. + @param DataType Type of the session data. + @param Data A pointer to the session data. + @param DataSize Size of the session data. + + @retval RETURN_SUCCESS The SPDM session data is set successfully. + @retval RETURN_INVALID_PARAMETER The Data is NULL or the DataType is zero. + @retval RETURN_UNSUPPORTED The DataType is unsupported. + @retval RETURN_ACCESS_DENIED The DataType cannot be set. + @retval RETURN_NOT_READY Current session is not started. +**/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_TEST_SET_DATA)( + IN SPDM_TEST_PROTOCOL *This, + IN SPDM_DATA_TYPE DataType, + IN SPDM_DATA_PARAMETER *Parameter, + IN VOID *Data, + IN UINTN DataSize + ); + +/** + Get a SPDM Session Data. + + @param This Indicates a pointer to the calling context. + @param DataType Type of the session data. + @param Data A pointer to the session data. + @param DataSize Size of the session data. On input, it means the size of Data + buffer. On output, it means the size of copied Data buffer if + RETURN_SUCCESS, and means the size of desired Data buffer if + RETURN_BUFFER_TOO_SMALL. + + @retval RETURN_SUCCESS The SPDM session data is set successfully. + @retval RETURN_INVALID_PARAMETER The DataSize is NULL or the Data is NULL and *DataSize is not zero. + @retval RETURN_UNSUPPORTED The DataType is unsupported. + @retval RETURN_NOT_FOUND The DataType cannot be found. + @retval RETURN_NOT_READY The DataType is not ready to return. + @retval RETURN_BUFFER_TOO_SMALL The buffer is too small to hold the data. +**/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_TEST_GET_DATA)( + IN SPDM_TEST_PROTOCOL *This, + IN SPDM_DATA_TYPE DataType, + IN SPDM_DATA_PARAMETER *Parameter, + IN OUT VOID *Data, + IN OUT UINTN *DataSize + ); + +/** + Process a packet in the current SPDM session. + + @param This Indicates a pointer to the calling context. + @param Request A pointer to the request data. + @param RequestSize Size of the request data. + @param Response A pointer to the response data. + @param ResponseSize Size of the response data. + On output, it means the size of copied Data buffer if + RETURN_SUCCESS, and means the size of desired Data buffer if + RETURN_BUFFER_TOO_SMALL. + + @retval RETURN_SUCCESS The SPDM request is set successfully. + @retval RETURN_INVALID_PARAMETER The DataSize is NULL or the Data is NULL and *DataSize is not zero. + @retval RETURN_UNSUPPORTED The DataType is unsupported. + @retval RETURN_NOT_FOUND The DataType cannot be found. + @retval RETURN_NOT_READY The DataType is not ready to return. + @retval RETURN_BUFFER_TOO_SMALL The buffer is too small to hold the data. + @retval RETURN_TIMEOUT A timeout occurred while waiting for the SPDM request + to execute. +**/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_TEST_PROCESS_PACKET_CALLBACK)( + IN VOID *Request, + IN UINTN RequestSize, + OUT VOID *Response, + IN OUT UINTN *ResponseSize + ); + +/** + Register a callback function to process a packet in the current SPDM session. + + @param This Indicates a pointer to the calling context. + @param Callback Process packet callback function. + + @retval RETURN_SUCCESS The SPDM callback is registered successfully. +**/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_TEST_REGISTER_PROCESS_PACKET_CALLBACK)( + IN SPDM_TEST_PROTOCOL *This, + IN SPDM_TEST_PROCESS_PACKET_CALLBACK Callback + ); + +struct _SPDM_TEST_PROTOCOL { + SPDM_TEST_SET_DATA SetData; + SPDM_TEST_GET_DATA GetData; + SPDM_TEST_REGISTER_PROCESS_PACKET_CALLBACK RegisterProcessPacketCallback; +}; + +extern GUID gSpdmTestProtocolGuid; + +#endif diff --git a/DeviceSecurityTestPkg/Include/Protocol/Spdm.h b/DeviceSecurityTestPkg/Include/Protocol/Spdm.h new file mode 100644 index 00000000000..aec60c0cf68 --- /dev/null +++ b/DeviceSecurityTestPkg/Include/Protocol/Spdm.h @@ -0,0 +1,201 @@ +/** @file + SPDM Protocol definition + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __SPDM_PROTOCOL_H__ +#define __SPDM_PROTOCOL_H__ + +#include +#include +#include + +typedef struct _SPDM_PROTOCOL SPDM_PROTOCOL; + +/** + Set a SPDM local Data. + + @param This Indicates a pointer to the calling context. + @param DataType Type of the session data. + @param Data A pointer to the session data. + @param DataSize Size of the session data. + + @retval RETURN_SUCCESS The SPDM session data is set successfully. + @retval RETURN_INVALID_PARAMETER The Data is NULL or the DataType is zero. + @retval RETURN_UNSUPPORTED The DataType is unsupported. + @retval RETURN_ACCESS_DENIED The DataType cannot be set. + @retval RETURN_NOT_READY Current session is not started. +**/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_SET_DATA_FUNC)( + IN SPDM_PROTOCOL *This, + IN SPDM_DATA_TYPE DataType, + IN SPDM_DATA_PARAMETER *Parameter, + IN VOID *Data, + IN UINTN DataSize + ); + +/** + Get a SPDM local or remote Data. + + If the data is session specific, the session ID should be input. + + @param This Indicates a pointer to the calling context. + @param DataType Type of the session data. + @param Data A pointer to the session data. + @param DataSize Size of the session data. On input, it means the size of Data + buffer. On output, it means the size of copied Data buffer if + RETURN_SUCCESS, and means the size of desired Data buffer if + RETURN_BUFFER_TOO_SMALL. + + @retval RETURN_SUCCESS The SPDM session data is set successfully. + @retval RETURN_INVALID_PARAMETER The DataSize is NULL or the Data is NULL and *DataSize is not zero. + @retval RETURN_UNSUPPORTED The DataType is unsupported. + @retval RETURN_NOT_FOUND The DataType cannot be found. + @retval RETURN_NOT_READY The DataType is not ready to return. + @retval RETURN_BUFFER_TOO_SMALL The buffer is too small to hold the data. +**/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_GET_DATA_FUNC)( + IN SPDM_PROTOCOL *This, + IN SPDM_DATA_TYPE DataType, + IN SPDM_DATA_PARAMETER *Parameter, + IN OUT VOID *Data, + IN OUT UINTN *DataSize + ); + +#if (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_EX_CAP) +/** + Start a SPDM Session. + + @param This Indicates a pointer to the calling context. + + @retval RETURN_SUCCESS The SPDM session is started. +**/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_START_SESSION_FUNC)( + IN SPDM_PROTOCOL *This, + IN BOOLEAN UsePsk, + IN UINT8 MeasurementHashType, + IN UINT8 SlotNum, + OUT UINT32 *SessionId, + OUT UINT8 *HeartbeatPeriod, + OUT VOID *MeasurementHash + ); + +/** + Stop a SPDM Session. + + @param This Indicates a pointer to the calling context. + + @retval RETURN_SUCCESS The SPDM session is stopped. +**/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_STOP_SESSION_FUNC)( + IN SPDM_PROTOCOL *This, + IN UINT32 SessionId, + IN UINT8 EndSessionAttributes + ); +#endif + +/* + Call GetVersion, GetCapabilities, NegotiateAlgorithms + + The negotiated data can be get via GetData. +*/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_INIT_CONNECTION_FUNC)( + IN SPDM_PROTOCOL *This + ); + +/* + Get all digest of the CertificateChains returned from device. + + TotalDigestSize = sizeof(Digest) * Count in SlotMask +*/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_GET_DIGEST_FUNC)( + IN SPDM_PROTOCOL *This, + OUT UINT8 *SlotMask, + OUT VOID *TotalDigestBuffer + ); + +/* + Get CertificateChain in one slot returned from device. +*/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_GET_CERTIFICATE_FUNC)( + IN SPDM_PROTOCOL *This, + IN UINT8 SlotNum, + IN OUT UINTN *CertChainSize, + OUT VOID *CertChain + ); + +/* + Authenticate based upon the key in one slot. +*/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_CHALLENGE_FUNC)( + IN SPDM_PROTOCOL *This, + IN UINT8 SlotNum, + IN UINT8 MeasurementHashType, + OUT VOID *MeasurementHash + ); + +/* + Get measurement +*/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_GET_MEASUREMENT_FUNC)( + IN SPDM_PROTOCOL *This, + IN UINT8 RequestAttribute, + IN UINT8 MeasurementOperation, + IN UINT8 SlotNum, + OUT UINT8 *NumberOfBlocks, + IN OUT UINT32 *MeasurementRecordLength, + OUT VOID *MeasurementRecord + ); + +/* + Send receive SPDM data. +*/ +typedef +RETURN_STATUS +(EFIAPI *SPDM_SEND_RECEIVE_DATA_FUNC)( + IN SPDM_PROTOCOL *This, + IN UINT32 *SessionId, + IN BOOLEAN IsAppMessage, + IN VOID *Request, + IN UINTN RequestSize, + IN OUT VOID *Response, + IN OUT UINTN *ResponseSize + ); + +struct _SPDM_PROTOCOL { + SPDM_SET_DATA_FUNC SetData; + SPDM_GET_DATA_FUNC GetData; + SPDM_INIT_CONNECTION_FUNC InitConnection; + SPDM_GET_DIGEST_FUNC GetDigest; + SPDM_GET_CERTIFICATE_FUNC GetCertificate; + SPDM_CHALLENGE_FUNC Challenge; + SPDM_GET_MEASUREMENT_FUNC GetMeasurement; +#if (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_EX_CAP) + SPDM_START_SESSION_FUNC StartSession; + SPDM_STOP_SESSION_FUNC StopSession; +#endif + SPDM_SEND_RECEIVE_DATA_FUNC SendReceiveData; +}; + +#endif diff --git a/DeviceSecurityTestPkg/Include/Protocol/SpdmIo.h b/DeviceSecurityTestPkg/Include/Protocol/SpdmIo.h new file mode 100644 index 00000000000..8433ebc228d --- /dev/null +++ b/DeviceSecurityTestPkg/Include/Protocol/SpdmIo.h @@ -0,0 +1,92 @@ +/** @file + SPDM IO Protocol definition + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __SPDM_IO_PROTOCOL_H__ +#define __SPDM_IO_PROTOCOL_H__ + +#include +#include +#include + +typedef struct _SPDM_IO_PROTOCOL SPDM_IO_PROTOCOL; + +/** + Send a SPDM transport layer message to a device. + + For requester, the message is an SPDM request. + For responder, the message is an SPDM response. + + @param This Indicates a pointer to the calling context. + @param MessageSize Size in bytes of the message data buffer. + @param Message A pointer to a destination buffer to store the message. + The caller is responsible for having + either implicit or explicit ownership of the buffer. + @param Timeout The timeout, in 100ns units, to use for the execution + of the message. A Timeout value of 0 + means that this function will wait indefinitely for the + message to execute. If Timeout is greater + than zero, then this function will return RETURN_TIMEOUT if the + time required to execute the message is greater + than Timeout. + + @retval RETURN_SUCCESS The SPDM message is sent successfully. + @retval RETURN_DEVICE_ERROR A device error occurs when the SPDM message is sent to the device. + @retval RETURN_INVALID_PARAMETER The Message is NULL or the MessageSize is zero. + @retval RETURN_TIMEOUT A timeout occurred while waiting for the SPDM message + to execute. +**/ +typedef +SPDM_RETURN +(*SPDM_IO_SECURE_SEND_MESSAGE_FUNC) ( + IN SPDM_IO_PROTOCOL *This, + IN UINTN MessageSize, + IN CONST VOID *Message, + IN UINT64 Timeout + ); + +/** + Receive a SPDM transport layer message from a device. + + For requester, the message is an SPDM response. + For responder, the message is an SPDM request. + + @param This Indicates a pointer to the calling context. + @param MessageSize Size in bytes of the message data buffer. + @param Message A pointer to a destination buffer to store the message. + The caller is responsible for having + either implicit or explicit ownership of the buffer. + @param Timeout The timeout, in 100ns units, to use for the execution + of the message. A Timeout value of 0 + means that this function will wait indefinitely for the + message to execute. If Timeout is greater + than zero, then this function will return RETURN_TIMEOUT if the + time required to execute the message is greater + than Timeout. + + @retval RETURN_SUCCESS The SPDM message is received successfully. + @retval RETURN_DEVICE_ERROR A device error occurs when the SPDM message is received from the device. + @retval RETURN_INVALID_PARAMETER The Message is NULL, MessageSize is NULL or + the *MessageSize is zero. + @retval RETURN_TIMEOUT A timeout occurred while waiting for the SPDM message + to execute. +**/ +typedef +SPDM_RETURN +(*SPDM_IO_SECURE_RECEIVE_MESSAGE_FUNC) ( + IN SPDM_IO_PROTOCOL *This, + IN OUT UINTN *MessageSize, + OUT VOID **Message, + IN UINT64 Timeout + ); + +struct _SPDM_IO_PROTOCOL { + SPDM_IO_SECURE_SEND_MESSAGE_FUNC SendMessage; + SPDM_IO_SECURE_RECEIVE_MESSAGE_FUNC ReceiveMessage; +}; + +#endif diff --git a/DeviceSecurityTestPkg/Include/Test/TestConfig.h b/DeviceSecurityTestPkg/Include/Test/TestConfig.h new file mode 100644 index 00000000000..f0d6ef78663 --- /dev/null +++ b/DeviceSecurityTestPkg/Include/Test/TestConfig.h @@ -0,0 +1,38 @@ +/** @file + + Copyright (c) 2022, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __TEST_CONFIG_H__ +#define __TEST_CONFIG_H__ + +#define TEST_CONFIG_NO_CONFIG 0 +#define TEST_CONFIG_NO_CERT_CAP 1 +#define TEST_CONFIG_NO_CHAL_CAP 2 +#define TEST_CONFIG_INVALID_CERT_CHAIN 3 +#define TEST_CONFIG_INVALID_CHALLENGE_AUTH_SIGNATURE 4 +#define TEST_CONFIG_INVALID_MEASUREMENT_SIGNATURE 5 +#define TEST_CONFIG_MEAS_CAP_NO_SIG 6 +#define TEST_CONFIG_NO_MEAS_CAP 7 +#define TEST_CONFIG_NO_TRUST_ANCHOR 8 +#define TEST_CONFIG_SECURITY_POLICY_AUTH_ONLY 9 +#define TEST_CONFIG_SECURITY_POLICY_MEAS_ONLY 10 +#define TEST_CONFIG_SECURITY_POLICY_NONE 11 +#define TEST_CONFIG_MEASUREMENT_CONTENT_MODIFIED 12 +#define TEST_CONFIG_RSASSA_3072_SHA_384 13 +#define TEST_CONFIG_RSASSA_4096_SHA_512 14 +#define TEST_CONFIG_ECDSA_ECC_P256_SHA_256 15 +#define TEST_CONFIG_ECDSA_ECC_P384_SHA_384 16 +#define TEST_CONFIG_ECDSA_ECC_P521_SHA_512 17 +#define TEST_CONFIG_SECP_256_R1_AES_256_GCM 18 +#define TEST_CONFIG_SECP_521_R1_CHACHA20_POLY1305 19 +#define TEST_CONFIG_NO_CHAL_CAP_NO_ROOT_CA 20 +#define TEST_CONFIG_MULTIPLE_CERT_IN_DB 21 +#define TEST_CONFIG_DIFF_CERT_IN_DIFF_SLOT 22 +#define TEST_CONFIG_NO_EFI_CERT_X509_GUID_IN_DB 23 +#define TEST_CONFIG_SPDM_MESSAGE_VERSION_11 24 +#define TEST_CONFIG_SPDM_MESSAGE_VERSION_10 25 + +#endif diff --git a/DeviceSecurityTestPkg/SpdmDeviceSecurityDxe/SpdmCommunication.c b/DeviceSecurityTestPkg/SpdmDeviceSecurityDxe/SpdmCommunication.c new file mode 100644 index 00000000000..5ca439da404 --- /dev/null +++ b/DeviceSecurityTestPkg/SpdmDeviceSecurityDxe/SpdmCommunication.c @@ -0,0 +1,457 @@ +/** @file + EDKII Device Security library for SPDM device. + It follows the SPDM Specification. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "SpdmDeviceSecurityDxe.h" + +/** + Set a SPDM Session Data. + + @param This Indicates a pointer to the calling context. + @param DataType Type of the session data. + @param Data A pointer to the session data. + @param DataSize Size of the session data. + + @retval EFI_SUCCESS The SPDM session data is set successfully. + @retval EFI_INVALID_PARAMETER The Data is NULL or the DataType is zero. + @retval EFI_UNSUPPORTED The DataType is unsupported. + @retval EFI_ACCESS_DENIED The DataType cannot be set. + @retval EFI_NOT_READY Current session is not started. +**/ +EFI_STATUS +EFIAPI +SpdmProtocolSetData ( + IN SPDM_PROTOCOL *This, + IN SPDM_DATA_TYPE DataType, + IN SPDM_DATA_PARAMETER *Parameter, + IN VOID *Data, + IN UINTN DataSize + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext; + VOID *SpdmContext; + SPDM_RETURN SpdmReturn; + + SpdmDriverContext = GetSpdmDriverContextViaSpdmProtocol (This); + if (SpdmDriverContext == NULL) { + return EFI_UNSUPPORTED; + } + + SpdmContext = SpdmDriverContext->SpdmContext; + + SpdmReturn = SpdmSetData (SpdmContext, DataType, Parameter, Data, DataSize); + if (LIBSPDM_STATUS_IS_SUCCESS (SpdmReturn)) { + return EFI_SUCCESS; + } else { + return EFI_DEVICE_ERROR; + } +} + +/** + Get a SPDM Session Data. + + @param This Indicates a pointer to the calling context. + @param DataType Type of the session data. + @param Data A pointer to the session data. + @param DataSize Size of the session data. On input, it means the size of Data + buffer. On output, it means the size of copied Data buffer if + EFI_SUCCESS, and means the size of desired Data buffer if + EFI_BUFFER_TOO_SMALL. + + @retval EFI_SUCCESS The SPDM session data is set successfully. + @retval EFI_INVALID_PARAMETER The DataSize is NULL or the Data is NULL and *DataSize is not zero. + @retval EFI_UNSUPPORTED The DataType is unsupported. + @retval EFI_NOT_FOUND The DataType cannot be found. + @retval EFI_NOT_READY The DataType is not ready to return. + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data. +**/ +EFI_STATUS +EFIAPI +SpdmProtocolGetData ( + IN SPDM_PROTOCOL *This, + IN SPDM_DATA_TYPE DataType, + IN SPDM_DATA_PARAMETER *Parameter, + IN OUT VOID *Data, + IN OUT UINTN *DataSize + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext; + VOID *SpdmContext; + SPDM_RETURN SpdmReturn; + + SpdmDriverContext = GetSpdmDriverContextViaSpdmProtocol (This); + if (SpdmDriverContext == NULL) { + return EFI_UNSUPPORTED; + } + + SpdmContext = SpdmDriverContext->SpdmContext; + + SpdmReturn = SpdmGetData (SpdmContext, DataType, Parameter, Data, DataSize); + if (LIBSPDM_STATUS_IS_SUCCESS (SpdmReturn)) { + return EFI_SUCCESS; + } else { + return EFI_DEVICE_ERROR; + } +} + +/* + Call GetVersion, GetCapabilities, NegotiateAlgorithms + + The negotiated data can be get via GetData. +*/ +EFI_STATUS +EFIAPI +SpdmProtocolInitConnection ( + IN SPDM_PROTOCOL *This + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverDeviceContext; + VOID *SpdmContext; + SPDM_RETURN SpdmReturn; + + SpdmDriverDeviceContext = GetSpdmDriverContextViaSpdmProtocol (This); + if (SpdmDriverDeviceContext == NULL) { + return EFI_UNSUPPORTED; + } + + SpdmContext = SpdmDriverDeviceContext->SpdmContext; + + SpdmReturn = SpdmInitConnection (SpdmContext, FALSE); + if (LIBSPDM_STATUS_IS_SUCCESS (SpdmReturn)) { + return EFI_SUCCESS; + } else { + return EFI_DEVICE_ERROR; + } +} + +/* + Get all digest of the CertificateChains returned from device. + + TotalDigestSize = sizeof(Digest) * Count in SlotMask +*/ +EFI_STATUS +EFIAPI +SpdmProtocolGetDigest ( + IN SPDM_PROTOCOL *This, + OUT UINT8 *SlotMask, + OUT VOID *TotalDigestBuffer + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverDeviceContext; + VOID *SpdmContext; + SPDM_RETURN SpdmReturn; + + SpdmDriverDeviceContext = GetSpdmDriverContextViaSpdmProtocol (This); + if (SpdmDriverDeviceContext == NULL) { + return EFI_UNSUPPORTED; + } + + SpdmContext = SpdmDriverDeviceContext->SpdmContext; + + SpdmReturn = SpdmGetDigest (SpdmContext, NULL, SlotMask, TotalDigestBuffer); + if (LIBSPDM_STATUS_IS_SUCCESS (SpdmReturn)) { + return EFI_SUCCESS; + } else { + return EFI_DEVICE_ERROR; + } +} + +/* + Get CertificateChain in one slot returned from device. +*/ +EFI_STATUS +EFIAPI +SpdmProtocolGetCertificate ( + IN SPDM_PROTOCOL *This, + IN UINT8 SlotNum, + IN OUT UINTN *CertChainSize, + OUT VOID *CertChain + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverDeviceContext; + VOID *SpdmContext; + SPDM_RETURN SpdmReturn; + + SpdmDriverDeviceContext = GetSpdmDriverContextViaSpdmProtocol (This); + if (SpdmDriverDeviceContext == NULL) { + return EFI_UNSUPPORTED; + } + + SpdmContext = SpdmDriverDeviceContext->SpdmContext; + + SpdmReturn = SpdmGetCertificate (SpdmContext, NULL, SlotNum, CertChainSize, CertChain); + if (LIBSPDM_STATUS_IS_SUCCESS (SpdmReturn)) { + return EFI_SUCCESS; + } else { + return EFI_DEVICE_ERROR; + } +} + +/* + Authenticate based upon the key in one slot. +*/ +EFI_STATUS +EFIAPI +SpdmProtocolChallenge ( + IN SPDM_PROTOCOL *This, + IN UINT8 SlotNum, + IN UINT8 MeasurementHashType, + OUT VOID *MeasurementHash + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverDeviceContext; + VOID *SpdmContext; + SPDM_RETURN SpdmReturn; + + SpdmDriverDeviceContext = GetSpdmDriverContextViaSpdmProtocol (This); + if (SpdmDriverDeviceContext == NULL) { + return EFI_UNSUPPORTED; + } + + SpdmContext = SpdmDriverDeviceContext->SpdmContext; + + SpdmReturn = SpdmChallenge (SpdmContext, NULL, SlotNum, MeasurementHashType, MeasurementHash, NULL); + if (LIBSPDM_STATUS_IS_SUCCESS (SpdmReturn)) { + return EFI_SUCCESS; + } else { + return EFI_DEVICE_ERROR; + } +} + +/* + Get measurement +*/ +EFI_STATUS +EFIAPI +SpdmProtocolGetMeasurement ( + IN SPDM_PROTOCOL *This, + IN UINT8 RequestAttribute, + IN UINT8 MeasurementOperation, + IN UINT8 SlotNum, + OUT UINT8 *NumberOfBlocks, + OUT UINT32 *MeasurementRecordLength, + OUT VOID *MeasurementRecord + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverDeviceContext; + VOID *SpdmContext; + SPDM_RETURN SpdmReturn; + + SpdmDriverDeviceContext = GetSpdmDriverContextViaSpdmProtocol (This); + if (SpdmDriverDeviceContext == NULL) { + return EFI_UNSUPPORTED; + } + + SpdmContext = SpdmDriverDeviceContext->SpdmContext; + + SpdmReturn = SpdmGetMeasurement ( + SpdmContext, + NULL, + RequestAttribute, + MeasurementOperation, + SlotNum, + NULL, + NumberOfBlocks, + MeasurementRecordLength, + MeasurementRecord + ); + if (LIBSPDM_STATUS_IS_SUCCESS (SpdmReturn)) { + return EFI_SUCCESS; + } else { + return EFI_DEVICE_ERROR; + } +} + +/* + Send receive SPDM data (non session data). +*/ +EFI_STATUS +EFIAPI +SpdmProtocolSendReceiveData ( + IN SPDM_PROTOCOL *This, + IN UINT32 *SessionId, + IN BOOLEAN IsAppMessage, + IN VOID *Request, + IN UINTN RequestSize, + IN OUT VOID *Response, + IN OUT UINTN *ResponseSize + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverDeviceContext; + VOID *SpdmContext; + SPDM_RETURN SpdmReturn; + + SpdmDriverDeviceContext = GetSpdmDriverContextViaSpdmProtocol (This); + if (SpdmDriverDeviceContext == NULL) { + return EFI_UNSUPPORTED; + } + + SpdmContext = SpdmDriverDeviceContext->SpdmContext; + + SpdmReturn = SpdmSendReceiveData (SpdmContext, SessionId, IsAppMessage, Request, RequestSize, Response, ResponseSize); + if (LIBSPDM_STATUS_IS_SUCCESS (SpdmReturn)) { + return EFI_SUCCESS; + } else { + return EFI_DEVICE_ERROR; + } +} + +#if (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_EX_CAP) +/** + Start a SPDM Session. + + @param This Indicates a pointer to the calling context. + + @retval EFI_SUCCESS The SPDM session is started. +**/ +EFI_STATUS +EFIAPI +SpdmProtocolStartSession ( + IN SPDM_PROTOCOL *This, + IN BOOLEAN UsePsk, + IN UINT8 MeasurementHashType, + IN UINT8 SlotNum, + OUT UINT32 *SessionId, + OUT UINT8 *HeartbeatPeriod, + OUT VOID *MeasurementHash + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverDeviceContext; + VOID *SpdmContext; + UINT8 SessionPolicy; + SPDM_RETURN SpdmReturn; + + SpdmDriverDeviceContext = GetSpdmDriverContextViaSpdmProtocol (This); + if (SpdmDriverDeviceContext == NULL) { + return EFI_UNSUPPORTED; + } + + SpdmContext = SpdmDriverDeviceContext->SpdmContext; + + SessionPolicy = SPDM_KEY_EXCHANGE_REQUEST_SESSION_POLICY_TERMINATION_POLICY_RUNTIME_UPDATE; + SpdmReturn = SpdmStartSession ( + SpdmContext, + UsePsk, + MeasurementHashType, + SlotNum, + SessionPolicy, + SessionId, + HeartbeatPeriod, + MeasurementHash + ); + if (LIBSPDM_STATUS_IS_SUCCESS (SpdmReturn)) { + return EFI_SUCCESS; + } else { + return EFI_DEVICE_ERROR; + } +} + +/** + Stop a SPDM Session. + + @param This Indicates a pointer to the calling context. + + @retval EFI_SUCCESS The SPDM session is stopped. +**/ +EFI_STATUS +EFIAPI +SpdmProtocolStopSession ( + IN SPDM_PROTOCOL *This, + IN UINT32 SessionId, + IN UINT8 EndSessionAttributes + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverDeviceContext; + VOID *SpdmContext; + SPDM_RETURN SpdmReturn; + + SpdmDriverDeviceContext = GetSpdmDriverContextViaSpdmProtocol (This); + if (SpdmDriverDeviceContext == NULL) { + return EFI_UNSUPPORTED; + } + + SpdmContext = SpdmDriverDeviceContext->SpdmContext; + + SpdmReturn = SpdmStopSession (SpdmContext, SessionId, EndSessionAttributes); + if (LIBSPDM_STATUS_IS_SUCCESS (SpdmReturn)) { + return EFI_SUCCESS; + } else { + return EFI_DEVICE_ERROR; + } +} +#endif + +SPDM_PROTOCOL mSpdmProtocol = { + SpdmProtocolSetData, + SpdmProtocolGetData, + SpdmProtocolInitConnection, + SpdmProtocolGetDigest, + SpdmProtocolGetCertificate, + SpdmProtocolChallenge, + SpdmProtocolGetMeasurement, +#if (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_EX_CAP) + SpdmProtocolStartSession, + SpdmProtocolStopSession, +#endif + SpdmProtocolSendReceiveData, +}; + +EFI_EVENT mSpdmIoEvent; +VOID *mSpdmIoRegistration; + +VOID +EFIAPI +SpdmIoProtocolCallback ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EFI_STATUS Status; + EFI_HANDLE Handle; + UINTN BufferSize; + + while (TRUE) { + BufferSize = sizeof (EFI_HANDLE); + Handle = NULL; + Status = gBS->LocateHandle ( + ByRegisterNotify, + NULL, + mSpdmIoRegistration, + &BufferSize, + &Handle + ); + if (EFI_ERROR (Status)) { + return; + } + + // + // TBD: Need create SPDM context here. + // + Status = gBS->InstallProtocolInterface ( + &Handle, + &gSpdmProtocolGuid, + EFI_NATIVE_INTERFACE, + (VOID **)&mSpdmProtocol + ); + ASSERT_EFI_ERROR (Status); + } +} + +VOID +InitializeSpdmCommunication ( + VOID + ) +{ + mSpdmIoEvent = EfiCreateProtocolNotifyEvent ( + &gSpdmIoProtocolGuid, + TPL_CALLBACK, + SpdmIoProtocolCallback, + NULL, + &mSpdmIoRegistration + ); +} diff --git a/DeviceSecurityTestPkg/SpdmDeviceSecurityDxe/SpdmDeviceIo.c b/DeviceSecurityTestPkg/SpdmDeviceSecurityDxe/SpdmDeviceIo.c new file mode 100644 index 00000000000..8f78408c747 --- /dev/null +++ b/DeviceSecurityTestPkg/SpdmDeviceSecurityDxe/SpdmDeviceIo.c @@ -0,0 +1,58 @@ +/** @file + EDKII Device Security library for SPDM device. + It follows the SPDM Specification. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "SpdmDeviceSecurityDxe.h" + +SPDM_RETURN +SpdmDeviceSendMessage ( + IN VOID *SpdmContext, + IN UINTN MessageSize, + IN CONST VOID *Message, + IN UINT64 Timeout + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext; + SPDM_IO_PROTOCOL *SpdmIo; + + SpdmDriverContext = GetSpdmDriverContextViaSpdmContext (SpdmContext); + if (SpdmDriverContext == NULL) { + ASSERT (SpdmDriverContext != NULL); + return LIBSPDM_STATUS_INVALID_PARAMETER; + } + SpdmIo = SpdmDriverContext->SpdmIoProtocol; + if (SpdmIo == NULL) { + return LIBSPDM_STATUS_SEND_FAIL; + } + + return SpdmIo->SendMessage (SpdmIo, MessageSize, Message, Timeout); +} + +SPDM_RETURN +SpdmDeviceReceiveMessage ( + IN VOID *SpdmContext, + IN OUT UINTN *MessageSize, + IN OUT VOID **Message, + IN UINT64 Timeout + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext; + SPDM_IO_PROTOCOL *SpdmIo; + + SpdmDriverContext = GetSpdmDriverContextViaSpdmContext (SpdmContext); + if (SpdmDriverContext == NULL) { + ASSERT (SpdmDriverContext != NULL); + return LIBSPDM_STATUS_INVALID_PARAMETER; + } + SpdmIo = SpdmDriverContext->SpdmIoProtocol; + if (SpdmIo == NULL) { + return LIBSPDM_STATUS_RECEIVE_FAIL; + } + + return SpdmIo->ReceiveMessage (SpdmIo, MessageSize, Message, Timeout); +} diff --git a/DeviceSecurityTestPkg/SpdmDeviceSecurityDxe/SpdmDeviceSecurityDxe.c b/DeviceSecurityTestPkg/SpdmDeviceSecurityDxe/SpdmDeviceSecurityDxe.c new file mode 100644 index 00000000000..1b03f7a5703 --- /dev/null +++ b/DeviceSecurityTestPkg/SpdmDeviceSecurityDxe/SpdmDeviceSecurityDxe.c @@ -0,0 +1,680 @@ +/** @file + EDKII Device Security library for SPDM device. + It follows the SPDM Specification. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "SpdmDeviceSecurityDxe.h" +#include "Library/SpdmSecurityLib.h" + +LIST_ENTRY mSpdmDeviceList = INITIALIZE_LIST_HEAD_VARIABLE (mSpdmDeviceList); + +EDKII_DEVICE_SECURITY_POLICY_PROTOCOL *mDeviceSecurityPolicy; + +BOOLEAN mSendReceiveBufferAcquired = FALSE; +UINT8 mSendReceiveBuffer[SPDM_MAX_SENDER_RECEIVER_BUFFER_SIZE]; +UINTN mSendReceiveBufferSize; +VOID *mScratchBuffer; + +/** + Compare two device paths to check if they are exactly same. + + @param DevicePath1 A pointer to the first device path data structure. + @param DevicePath2 A pointer to the second device path data structure. + + @retval TRUE They are same. + @retval FALSE They are not same. + +**/ +BOOLEAN +CompareDevicePath ( + IN EFI_DEVICE_PATH_PROTOCOL *DevicePath1, + IN EFI_DEVICE_PATH_PROTOCOL *DevicePath2 + ) +{ + UINTN Size1; + UINTN Size2; + + Size1 = GetDevicePathSize (DevicePath1); + Size2 = GetDevicePathSize (DevicePath2); + + if (Size1 != Size2) { + return FALSE; + } + + if (CompareMem (DevicePath1, DevicePath2, Size1) != 0) { + return FALSE; + } + + return TRUE; +} + +/** + Record an SPDM device into device list. + + @param[in] SpdmContext The SPDM context for the device. +**/ +VOID +RecordSpdmDeviceInList ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext + ) +{ + SPDM_DEVICE_INSTANCE *NewSpdmDevice; + LIST_ENTRY *SpdmDeviceList; + + SpdmDeviceList = &mSpdmDeviceList; + + NewSpdmDevice = AllocateZeroPool (sizeof (*NewSpdmDevice)); + if (NewSpdmDevice == NULL) { + ASSERT (NewSpdmDevice != NULL); + return; + } + + NewSpdmDevice->Signature = SPDM_DEVICE_INSTANCE_SIGNATURE; + NewSpdmDevice->SpdmDriverContext = SpdmDriverContext; + + InsertTailList (SpdmDeviceList, &NewSpdmDevice->Link); +} + +/** + Return the SPDM device via DeviceId. + + @param[in] DeviceId The Identifier for the device. + + @return The SPDM device context. +**/ +SPDM_DRIVER_DEVICE_CONTEXT * +GetSpdmDriverContextViaDeviceId ( + IN EDKII_DEVICE_IDENTIFIER *DeviceId + ) +{ + LIST_ENTRY *Link; + SPDM_DEVICE_INSTANCE *CurrentSpdmDevice; + LIST_ENTRY *SpdmDeviceList; + + SpdmDeviceList = &mSpdmDeviceList; + + Link = GetFirstNode (SpdmDeviceList); + while (!IsNull (SpdmDeviceList, Link)) { + CurrentSpdmDevice = SPDM_DEVICE_INSTANCE_FROM_LINK (Link); + + if (CurrentSpdmDevice->SpdmDriverContext->DeviceId.DeviceHandle == DeviceId->DeviceHandle) { + return CurrentSpdmDevice->SpdmDriverContext; + } + + Link = GetNextNode (SpdmDeviceList, Link); + } + + return NULL; +} + +/** + Return the SPDM device via Spdm protocol. + + @param[in] Spdm The SPDM protocol instance. + + @return The SPDM device context. +**/ +SPDM_DRIVER_DEVICE_CONTEXT * +GetSpdmDriverContextViaSpdmProtocol ( + IN SPDM_PROTOCOL *SpdmProtocol + ) +{ + LIST_ENTRY *Link; + SPDM_DEVICE_INSTANCE *CurrentSpdmDevice; + LIST_ENTRY *SpdmDeviceList; + + SpdmDeviceList = &mSpdmDeviceList; + + Link = GetFirstNode (SpdmDeviceList); + while (!IsNull (SpdmDeviceList, Link)) { + CurrentSpdmDevice = SPDM_DEVICE_INSTANCE_FROM_LINK (Link); + + if (CurrentSpdmDevice->SpdmDriverContext->SpdmProtocol == SpdmProtocol) { + return CurrentSpdmDevice->SpdmDriverContext; + } + + Link = GetNextNode (SpdmDeviceList, Link); + } + + return NULL; +} + +/** + Return the SPDM device via Spdm Context. + + @param[in] Spdm The SPDM context instance. + + @return The SPDM device context. +**/ +SPDM_DRIVER_DEVICE_CONTEXT * +GetSpdmDriverContextViaSpdmContext ( + IN VOID *SpdmContext + ) +{ + LIST_ENTRY *Link; + SPDM_DEVICE_INSTANCE *CurrentSpdmDevice; + LIST_ENTRY *SpdmDeviceList; + + SpdmDeviceList = &mSpdmDeviceList; + + Link = GetFirstNode (SpdmDeviceList); + while (!IsNull (SpdmDeviceList, Link)) { + CurrentSpdmDevice = SPDM_DEVICE_INSTANCE_FROM_LINK (Link); + + if (CurrentSpdmDevice->SpdmDriverContext->SpdmContext == SpdmContext) { + return CurrentSpdmDevice->SpdmDriverContext; + } + + Link = GetNextNode (SpdmDeviceList, Link); + } + + return NULL; +} + +/** + Record an SPDM device into device list. + + @param[in] SpdmContext The SPDM context for the device. +**/ +VOID +RecordSpdmDeviceInMeasurementList ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext + ) +{ + SpdmDriverContext->IsDeviceMeasured = TRUE; +} + +/** + Check if an SPDM device is recorded in device list. + + @param[in] SpdmContext The SPDM context for the device. + + @retval TRUE The SPDM device is in the list. + @retval FALSE The SPDM device is NOT in the list. +**/ +BOOLEAN +IsSpdmDeviceInMeasurementList ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext + ) +{ + return SpdmDriverContext->IsDeviceMeasured; +} + +/** + Record an SPDM device into device list. + + @param[in] SpdmContext The SPDM context for the device. +**/ +VOID +RecordSpdmDeviceInAuthenticationList ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext + ) +{ + SpdmDriverContext->IsDeviceAuthenticated = TRUE; +} + +/** + Check if an SPDM device is recorded in device list. + + @param[in] SpdmContext The SPDM context for the device. + + @retval TRUE The SPDM device is in the list. + @retval FALSE The SPDM device is NOT in the list. +**/ +BOOLEAN +IsSpdmDeviceInAuthenticationList ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext + ) +{ + return SpdmDriverContext->IsDeviceAuthenticated; +} + +SPDM_RETURN +SpdmDeviceAcquireSenderBuffer ( + VOID *Context, + VOID **MsgBufPtr + ) +{ + ASSERT (!mSendReceiveBufferAcquired); + *MsgBufPtr = mSendReceiveBuffer; + ZeroMem (mSendReceiveBuffer, sizeof (mSendReceiveBuffer)); + mSendReceiveBufferAcquired = TRUE; + + return LIBSPDM_STATUS_SUCCESS; +} + +VOID +SpdmDeviceReleaseSenderBuffer ( + VOID *Context, + CONST VOID *MsgBufPtr + ) +{ + ASSERT (mSendReceiveBufferAcquired); + ASSERT (MsgBufPtr == mSendReceiveBuffer); + mSendReceiveBufferAcquired = FALSE; + + return; +} + +SPDM_RETURN +SpdmDeviceAcquireReceiverBuffer ( + VOID *Context, + VOID **MsgBufPtr + ) +{ + ASSERT (!mSendReceiveBufferAcquired); + *MsgBufPtr = mSendReceiveBuffer; + ZeroMem (mSendReceiveBuffer, sizeof (mSendReceiveBuffer)); + mSendReceiveBufferAcquired = TRUE; + + return LIBSPDM_STATUS_SUCCESS; +} + +VOID +SpdmDeviceReleaseReceiverBuffer ( + VOID *context, + CONST VOID *MsgBufPtr + ) +{ + ASSERT (mSendReceiveBufferAcquired); + ASSERT (MsgBufPtr == mSendReceiveBuffer); + mSendReceiveBufferAcquired = FALSE; + + return; +} + +/** + This function creates the SPDM device contenxt. + + @param[in] DeviceId The Identifier for the device. + + @return SPDM device context +**/ +SPDM_DRIVER_DEVICE_CONTEXT * +CreateSpdmDriverContext ( + IN EDKII_DEVICE_IDENTIFIER *DeviceId + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext; + VOID *SpdmContext; + EFI_STATUS Status; + SPDM_RETURN SpdmReturn; + SPDM_DATA_PARAMETER Parameter; + UINT8 Data8; + UINT16 Data16; + UINT32 Data32; + UINTN ScratchBufferSize; + BOOLEAN IsRequrester; + + SpdmDriverContext = AllocateZeroPool (sizeof (*SpdmDriverContext)); + if (SpdmDriverContext == NULL) { + ASSERT (SpdmDriverContext != NULL); + return NULL; + } + + SpdmContext = AllocateZeroPool (SpdmGetContextSize ()); + if (SpdmContext == NULL) { + ASSERT (SpdmContext != NULL); + FreePool (SpdmDriverContext); + return NULL; + } + + SpdmInitContext (SpdmContext); + + SpdmRegisterDeviceIoFunc (SpdmContext, SpdmDeviceSendMessage, SpdmDeviceReceiveMessage); + // SpdmRegisterTransportLayerFunc (SpdmContext, SPDM_MAX_SPDM_MSG_SIZE, SpdmTransportMctpEncodeMessage, SpdmTransportMctpDecodeMessage); + SpdmRegisterTransportLayerFunc ( + SpdmContext, + SPDM_MAX_SPDM_MSG_SIZE, + SPDM_TRANSPORT_HEADER_SIZE, + SPDM_TRANSPORT_TAIL_SIZE, + SpdmTransportPciDoeEncodeMessage, + SpdmTransportPciDoeDecodeMessage + ); + SpdmRegisterDeviceBufferFunc ( + SpdmContext, + SPDM_SENDER_BUFFER_SIZE, + SPDM_RECEIVER_BUFFER_SIZE, + SpdmDeviceAcquireSenderBuffer, + SpdmDeviceReleaseSenderBuffer, + SpdmDeviceAcquireReceiverBuffer, + SpdmDeviceReleaseReceiverBuffer + ); + + ScratchBufferSize = SpdmGetSizeofRequiredScratchBuffer (SpdmContext); + mScratchBuffer = AllocateZeroPool (ScratchBufferSize); + ASSERT (mScratchBuffer != NULL); + + SpdmSetScratchBuffer (SpdmContext, mScratchBuffer, ScratchBufferSize); + + SpdmDriverContext->SpdmContext = SpdmContext; + + SpdmDriverContext->Signature = SPDM_DRIVER_DEVICE_CONTEXT_SIGNATURE; + CopyMem (&SpdmDriverContext->DeviceId, DeviceId, sizeof (*DeviceId)); + + Status = gBS->HandleProtocol ( + DeviceId->DeviceHandle, + &gSpdmIoProtocolGuid, + (VOID **)&SpdmDriverContext->SpdmIoProtocol + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Locate - SpdmIoProtocol - %r\n", Status)); + goto Error; + } + + Status = gBS->HandleProtocol ( + DeviceId->DeviceHandle, + &gSpdmProtocolGuid, + (VOID **)&SpdmDriverContext->SpdmProtocol + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Locate - SpdmProtocol - %r\n", Status)); + goto Error; + } + + Status = gBS->HandleProtocol ( + DeviceId->DeviceHandle, + &gEfiDevicePathProtocolGuid, + (VOID **)&SpdmDriverContext->DevicePath + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Locate - DevicePath - %r\n", Status)); + goto Error; + } + + #define SPDM_UID 1// TBD - hardcoded + SpdmDriverContext->DeviceUID = SPDM_UID; + + Status = gBS->HandleProtocol ( + DeviceId->DeviceHandle, + &DeviceId->DeviceType, + (VOID **)&SpdmDriverContext->DeviceIo + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Locate - DeviceIo - %r\n", Status)); + // This is optional, only check known device type later. + } + + if (CompareGuid (&DeviceId->DeviceType, &gEdkiiDeviceIdentifierTypePciGuid) || + CompareGuid (&DeviceId->DeviceType, &gEdkiiDeviceIdentifierTypeUsbGuid)) + { + if (SpdmDriverContext->DeviceIo == NULL) { + DEBUG ((DEBUG_ERROR, "Locate - PciIo - %r\n", Status)); + goto Error; + } + } + + // + // Record list before any transaction + // + RecordSpdmDeviceInList (SpdmDriverContext); + + Data8 = 0; + ZeroMem (&Parameter, sizeof (Parameter)); + Parameter.location = SpdmDataLocationLocal; + SpdmSetData (SpdmContext, SpdmDataCapabilityCTExponent, &Parameter, &Data8, sizeof (Data8)); + + Data32 = 0 | + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CERT_CAP | + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHAL_CAP | + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP | + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP | + // SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MUT_AUTH_CAP | +#if (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_EX_CAP) + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP | +#endif + // SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP_REQUESTER | + // SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCAP_CAP | + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HBEAT_CAP | + // SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_UPD_CAP | + // SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP | + // SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP | + 0; + + SpdmSetData (SpdmContext, SpdmDataCapabilityFlags, &Parameter, &Data32, sizeof (Data32)); + + Data8 = SPDM_MEASUREMENT_SPECIFICATION_DMTF; + SpdmSetData (SpdmContext, SpdmDataMeasurementSpec, &Parameter, &Data8, sizeof (Data8)); + Data32 = SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048 | + SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072 | + SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096 | + SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256 | + SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384 | + SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521; + SpdmSetData (SpdmContext, SpdmDataBaseAsymAlgo, &Parameter, &Data32, sizeof (Data32)); + Data32 = SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256 | + SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384 | + SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512; + SpdmSetData (SpdmContext, SpdmDataBaseHashAlgo, &Parameter, &Data32, sizeof (Data32)); + Data16 = SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_256_R1 | + SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_384_R1 | + SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_521_R1; + SpdmSetData (SpdmContext, SpdmDataDHENameGroup, &Parameter, &Data16, sizeof (Data16)); + Data16 = SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_128_GCM | + SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_256_GCM | + SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_CHACHA20_POLY1305; + SpdmSetData (SpdmContext, SpdmDataAEADCipherSuite, &Parameter, &Data16, sizeof (Data16)); + Data16 = SPDM_ALGORITHMS_KEY_SCHEDULE_HMAC_HASH; + SpdmSetData (SpdmContext, SpdmDataKeySchedule, &Parameter, &Data16, sizeof (Data16)); + Data8 = SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1; + SpdmSetData (SpdmContext, SpdmDataOtherParamsSupport, &Parameter, &Data8, sizeof (Data8)); + Data8 = SPDM_MEL_SPECIFICATION_DMTF; + SpdmSetData (SpdmContext, SpdmDataMelSpec, &Parameter, &Data8, sizeof (Data8)); + Data8 = 0x3F; + SpdmSetData (SpdmContext, SpdmDataLocalSupportedSlotMask, &Parameter, &Data8, sizeof (Data8)); + IsRequrester = TRUE; + SpdmReturn = SpdmSetData (SpdmContext, LIBSPDM_DATA_IS_REQUESTER, &Parameter, &IsRequrester, sizeof (IsRequrester)); + if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { + goto Error; + } + + SpdmReturn = SpdmInitConnection (SpdmContext, FALSE); + if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { + DEBUG ((DEBUG_ERROR, "SpdmInitConnection - %p\n", SpdmReturn)); + goto Error; + } + + return SpdmDriverContext; +Error: + FreePool (SpdmDriverContext); + return NULL; +} + +SPDM_RETURN +SpdmIoProtocolDeviceSendMessage ( + IN VOID *SpdmContext, + IN UINTN MessageSize, + IN CONST VOID *Message, + IN UINT64 Timeout + ) +{ + SPDM_IO_PROTOCOL *SpdmIoProtocol; + + SpdmIoProtocol = SpdmGetIoProtocolViaSpdmContext (SpdmContext); + if (SpdmIoProtocol == NULL) { + return LIBSPDM_STATUS_INVALID_PARAMETER; + } + + return SpdmIoProtocol->SendMessage (SpdmIoProtocol, MessageSize, Message, Timeout); +} + +SPDM_RETURN +SpdmIoProtocolDeviceReceiveMessage ( + IN VOID *SpdmContext, + IN OUT UINTN *MessageSize, + IN OUT VOID **Message, + IN UINT64 Timeout + ) +{ + SPDM_IO_PROTOCOL *SpdmIoProtocol; + + SpdmIoProtocol = SpdmGetIoProtocolViaSpdmContext (SpdmContext); + if (SpdmIoProtocol == NULL) { + return LIBSPDM_STATUS_INVALID_PARAMETER; + } + + return SpdmIoProtocol->ReceiveMessage (SpdmIoProtocol, MessageSize, Message, Timeout); +} + +/** + The device driver uses this service to measure and/or verify a device. + + The flow in device driver is: + 1) Device driver discovers a new device. + 2) Device driver creates an EFI_DEVICE_PATH_PROTOCOL. + 3) Device driver creates a device access protocol. e.g. + EFI_PCI_IO_PROTOCOL for PCI device. + EFI_USB_IO_PROTOCOL for USB device. + EFI_EXT_SCSI_PASS_THRU_PROTOCOL for SCSI device. + EFI_ATA_PASS_THRU_PROTOCOL for ATA device. + EFI_NVM_EXPRESS_PASS_THRU_PROTOCOL for NVMe device. + EFI_SD_MMC_PASS_THRU_PROTOCOL for SD/MMC device. + The device driver also creates the SPDM_IO_PROTOCOL. + 4) Device driver installs the EFI_DEVICE_PATH_PROTOCOL with EFI_DEVICE_PATH_PROTOCOL_GUID, + the SPDM_IO_PROTOCOL with SPDM_PROTOCOL_IO_GUID, + and the device access protocol with EDKII_DEVICE_IDENTIFIER_TYPE_xxx_GUID. + Once it is done, a DeviceHandle is returned. + 5) Device driver creates EDKII_DEVICE_IDENTIFIER with EDKII_DEVICE_IDENTIFIER_TYPE_xxx_GUID + and the DeviceHandle. + 6) Device driver calls DeviceAuthenticate(). + 7) If DeviceAuthenticate() returns EFI_SECURITY_VIOLATION, the device driver uninstalls + all protocols on this handle. + 8) If DeviceAuthenticate() returns EFI_SUCCESS, the device driver installs the device access + protocol with a real protocol GUID. e.g. + EFI_PCI_IO_PROTOCOL with EFI_PCI_IO_PROTOCOL_GUID. + EFI_USB_IO_PROTOCOL with EFI_USB_IO_PROTOCOL_GUID. + + @param[in] This The protocol instance pointer. + @param[in] DeviceId The Identifier for the device. + + @retval EFI_SUCCESS The device specified by the DeviceId passed the measurement + and/or authentication based upon the platform policy. + If TCG measurement is required, the measurement is extended to TPM PCR. + @retval EFI_SECURITY_VIOLATION The device fails to return the measurement data. + @retval EFI_SECURITY_VIOLATION The device fails to response the authentication request. + @retval EFI_SECURITY_VIOLATION The system fails to verify the device based upon the authentication response. + @retval EFI_SECURITY_VIOLATION The system fails to extend the measurement to TPM PCR. +**/ +EFI_STATUS +EFIAPI +DeviceAuthentication ( + IN EDKII_DEVICE_SECURITY_PROTOCOL *This, + IN EDKII_DEVICE_IDENTIFIER *DeviceId + ) +{ + EDKII_DEVICE_SECURITY_POLICY DeviceSecurityPolicy; + EDKII_DEVICE_SECURITY_STATE DeviceSecurityState; +#if (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_EX_CAP) + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext; +#endif + EFI_STATUS Status; + EDKII_SPDM_DEVICE_INFO SpdmDeviceInfo; + + if (mDeviceSecurityPolicy == NULL) { + return EFI_SUCCESS; + } + + ZeroMem (&SpdmDeviceInfo, sizeof (SpdmDeviceInfo)); + SpdmDeviceInfo.DeviceId = DeviceId; + SpdmDeviceInfo.SendMessage = SpdmIoProtocolDeviceSendMessage; + SpdmDeviceInfo.ReceiveMessage = SpdmIoProtocolDeviceReceiveMessage; + SpdmDeviceInfo.TransportEncodeMessage = SpdmTransportPciDoeEncodeMessage; + SpdmDeviceInfo.TransportDecodeMessage = SpdmTransportPciDoeDecodeMessage; + + SpdmDeviceInfo.AcquireSenderBuffer = SpdmDeviceAcquireSenderBuffer; + SpdmDeviceInfo.ReleaseSenderBuffer = SpdmDeviceReleaseSenderBuffer; + SpdmDeviceInfo.AcquireReceiverBuffer = SpdmDeviceAcquireReceiverBuffer; + SpdmDeviceInfo.ReleaseReceiverBuffer = SpdmDeviceReleaseReceiverBuffer; + + SpdmDeviceInfo.MaxSpdmMsgSize = SPDM_MAX_SPDM_MSG_SIZE; + SpdmDeviceInfo.TransportHeaderSize = SPDM_TRANSPORT_HEADER_SIZE; + SpdmDeviceInfo.TransportTailSize = SPDM_TRANSPORT_TAIL_SIZE; + SpdmDeviceInfo.SenderBufferSize = SPDM_SENDER_BUFFER_SIZE; + SpdmDeviceInfo.ReceiverBufferSize = SPDM_RECEIVER_BUFFER_SIZE; + + SpdmDeviceInfo.SpdmIoProtocolGuid = &gSpdmIoProtocolGuid; + + DeviceSecurityState.Revision = EDKII_DEVICE_SECURITY_STATE_REVISION; + DeviceSecurityState.MeasurementState = 0x0; + DeviceSecurityState.AuthenticationState = 0x0; + + Status = mDeviceSecurityPolicy->GetDevicePolicy (mDeviceSecurityPolicy, DeviceId, &DeviceSecurityPolicy); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "mDeviceSecurityPolicy->GetDevicePolicy - %r\n", Status)); + DeviceSecurityState.MeasurementState = EDKII_DEVICE_SECURITY_STATE_ERROR_UEFI_GET_POLICY_PROTOCOL; + DeviceSecurityState.AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_UEFI_GET_POLICY_PROTOCOL; + } else { + Status = SpdmDeviceAuthenticationAndMeasurement (&SpdmDeviceInfo, &DeviceSecurityPolicy, &DeviceSecurityState); + } + + Status = mDeviceSecurityPolicy->NotifyDeviceState (mDeviceSecurityPolicy, DeviceId, &DeviceSecurityState); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "mDeviceSecurityPolicy->NotifyDeviceState - %r\n", Status)); + } + +#if (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_EX_CAP) + SpdmDriverContext = GetSpdmDriverContextViaDeviceId (DeviceId); + if (SpdmDriverContext == NULL) { + SpdmDriverContext = CreateSpdmDriverContext (DeviceId); + } + + if (SpdmDriverContext == NULL) { + return EFI_UNSUPPORTED; + } +#endif + + if ((DeviceSecurityState.MeasurementState == 0) && + (DeviceSecurityState.AuthenticationState == 0)) + { + return EFI_SUCCESS; + } else { + return EFI_SECURITY_VIOLATION; + } +} + +EDKII_DEVICE_SECURITY_PROTOCOL mDeviceSecurity = { + EDKII_DEVICE_SECURITY_PROTOCOL_REVISION, + DeviceAuthentication +}; + +/** + Entrypoint of the device security driver. + + @param[in] ImageHandle ImageHandle of the loaded driver + @param[in] SystemTable Pointer to the System Table + + @retval EFI_SUCCESS The Protocol is installed. + @retval EFI_OUT_OF_RESOURCES Not enough resources available to initialize driver. + @retval EFI_DEVICE_ERROR A device error occurred attempting to initialize the driver. + +**/ +EFI_STATUS +EFIAPI +MainEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_HANDLE Handle; + EFI_STATUS Status; + + Status = gBS->LocateProtocol (&gEdkiiDeviceSecurityPolicyProtocolGuid, NULL, (VOID **)&mDeviceSecurityPolicy); + ASSERT_EFI_ERROR (Status); + + Handle = NULL; + Status = gBS->InstallProtocolInterface ( + &Handle, + &gEdkiiDeviceSecurityProtocolGuid, + EFI_NATIVE_INTERFACE, + (VOID **)&mDeviceSecurity + ); + ASSERT_EFI_ERROR (Status); + + InitializeSpdmCommunication (); + + return Status; +} diff --git a/DeviceSecurityTestPkg/SpdmDeviceSecurityDxe/SpdmDeviceSecurityDxe.h b/DeviceSecurityTestPkg/SpdmDeviceSecurityDxe/SpdmDeviceSecurityDxe.h new file mode 100644 index 00000000000..56c7210d0eb --- /dev/null +++ b/DeviceSecurityTestPkg/SpdmDeviceSecurityDxe/SpdmDeviceSecurityDxe.h @@ -0,0 +1,233 @@ +/** @file + EDKII Device Security library for SPDM device. + It follows the SPDM Specification. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __SPDM_DEVICE_SECURTY_DXE_H__ + +#include +#include "hal/base.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifndef SPDM_TRANSPORT_HEADER_SIZE +#define SPDM_TRANSPORT_HEADER_SIZE 64 +#endif +#ifndef SPDM_TRANSPORT_TAIL_SIZE +#define SPDM_TRANSPORT_TAIL_SIZE 64 +#endif +/* define common SPDM_TRANSPORT_ADDITIONAL_SIZE. It should be the biggest one. */ +#ifndef SPDM_TRANSPORT_ADDITIONAL_SIZE +#define SPDM_TRANSPORT_ADDITIONAL_SIZE \ + (SPDM_TRANSPORT_HEADER_SIZE + SPDM_TRANSPORT_TAIL_SIZE) +#endif +#ifndef SPDM_SENDER_BUFFER_SIZE +#define SPDM_SENDER_BUFFER_SIZE (0x1100 + \ + SPDM_TRANSPORT_ADDITIONAL_SIZE) +#endif +#ifndef SPDM_RECEIVER_BUFFER_SIZE +#define SPDM_RECEIVER_BUFFER_SIZE (0x1200 + \ + SPDM_TRANSPORT_ADDITIONAL_SIZE) +#endif +#if (SPDM_SENDER_BUFFER_SIZE > SPDM_RECEIVER_BUFFER_SIZE) +#define SPDM_MAX_SENDER_RECEIVER_BUFFER_SIZE SPDM_SENDER_BUFFER_SIZE +#else +#define SPDM_MAX_SENDER_RECEIVER_BUFFER_SIZE SPDM_RECEIVER_BUFFER_SIZE +#endif +/* Maximum size of a large SPDM message. + * If chunk is unsupported, it must be same as SPDM_DATA_TRANSFER_SIZE. + * If chunk is supported, it must be larger than SPDM_DATA_TRANSFER_SIZE. + * It matches MaxSPDMmsgSize in SPDM specification. */ +#ifndef SPDM_MAX_SPDM_MSG_SIZE +#define SPDM_MAX_SPDM_MSG_SIZE 0x1200 +#endif + +typedef struct { + UINTN Signature; + EDKII_DEVICE_IDENTIFIER DeviceId; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + VOID *DeviceIo; + SPDM_IO_PROTOCOL *SpdmIoProtocol; + // TBD + SPDM_PROTOCOL *SpdmProtocol; + // + // Status + // + BOOLEAN IsDeviceMeasured; + BOOLEAN IsDeviceAuthenticated; + UINT64 DeviceUID; + + VOID *SpdmContext; +} SPDM_DRIVER_DEVICE_CONTEXT; + +#define SPDM_DRIVER_DEVICE_CONTEXT_SIGNATURE SIGNATURE_32 ('S', 'D', 'D', 'C') + +typedef struct { + UINTN Signature; + LIST_ENTRY Link; + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext; +} SPDM_DEVICE_INSTANCE; + +#define SPDM_DEVICE_INSTANCE_SIGNATURE SIGNATURE_32 ('S', 'D', 'C', 'S') +#define SPDM_DEVICE_INSTANCE_FROM_LINK(a) CR (a, SPDM_DEVICE_INSTANCE, Link, SPDM_DEVICE_INSTANCE_SIGNATURE) + +/** + Compare two device paths to check if they are exactly same. + + @param DevicePath1 A pointer to the first device path data structure. + @param DevicePath2 A pointer to the second device path data structure. + + @retval TRUE They are same. + @retval FALSE They are not same. + +**/ +BOOLEAN +CompareDevicePath ( + IN EFI_DEVICE_PATH_PROTOCOL *DevicePath1, + IN EFI_DEVICE_PATH_PROTOCOL *DevicePath2 + ); + +/** + Record an SPDM device into device list. + + @param[in] SpdmContext The SPDM context for the device. +**/ +VOID +RecordSpdmDeviceInMeasurementList ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext + ); + +/** + Check if an SPDM device is recorded in device list. + + @param[in] SpdmContext The SPDM context for the device. + + @retval TRUE The SPDM device is in the list. + @retval FALSE The SPDM device is NOT in the list. +**/ +BOOLEAN +IsSpdmDeviceInMeasurementList ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext + ); + +/** + Record an SPDM device into device list. + + @param[in] SpdmContext The SPDM context for the device. +**/ +VOID +RecordSpdmDeviceInAuthenticationList ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext + ); + +/** + Check if an SPDM device is recorded in device list. + + @param[in] SpdmContext The SPDM context for the device. + + @retval TRUE The SPDM device is in the list. + @retval FALSE The SPDM device is NOT in the list. +**/ +BOOLEAN +IsSpdmDeviceInAuthenticationList ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext + ); + +/** + Return the SPDM device via Spdm protocol. + + @param[in] Spdm The SPDM protocol instance. + + @return The SPDM device context. +**/ +SPDM_DRIVER_DEVICE_CONTEXT * +GetSpdmDriverContextViaSpdmProtocol ( + IN SPDM_PROTOCOL *SpdmProtocol + ); + +/** + Return the SPDM device via Spdm Context. + + @param[in] Spdm The SPDM context instance. + + @return The SPDM device context. +**/ +SPDM_DRIVER_DEVICE_CONTEXT * +GetSpdmDriverContextViaSpdmContext ( + IN VOID *SpdmContext + ); + +/** + The device driver uses this service to measure an SPDM device. + + @param[in] SpdmContext The SPDM context for the device. + @param[out] DeviceSecurityState The Device Security state associated with the device. +**/ +EFI_STATUS +DoDeviceMeasurement ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext, + OUT EDKII_DEVICE_SECURITY_STATE *DeviceSecurityState + ); + +/** + The device driver uses this service to verify an SPDM device. + + @param[in] SpdmContext The SPDM context for the device. + @param[out] DeviceSecurityState The Device Security state associated with the device. +**/ +EFI_STATUS +DoDeviceAuthentication ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext, + OUT EDKII_DEVICE_SECURITY_STATE *DeviceSecurityState + ); + +VOID +InitializeSpdmCommunication ( + VOID + ); + +SPDM_RETURN +SpdmDeviceSendMessage ( + IN VOID *SpdmContext, + IN UINTN MessageSize, + IN CONST VOID *Message, + IN UINT64 Timeout + ); + +SPDM_RETURN +SpdmDeviceReceiveMessage ( + IN VOID *SpdmContext, + IN OUT UINTN *MessageSize, + IN OUT VOID **Message, + IN UINT64 Timeout + ); + +#endif diff --git a/DeviceSecurityTestPkg/SpdmDeviceSecurityDxe/SpdmDeviceSecurityDxe.inf b/DeviceSecurityTestPkg/SpdmDeviceSecurityDxe/SpdmDeviceSecurityDxe.inf new file mode 100644 index 00000000000..07a9abfd7b8 --- /dev/null +++ b/DeviceSecurityTestPkg/SpdmDeviceSecurityDxe/SpdmDeviceSecurityDxe.inf @@ -0,0 +1,71 @@ +## @file +# EDKII Device Security library for SPDM device. +# It follows the SPDM Specification. +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SpdmDeviceSecurityDxe + FILE_GUID = AA1A0732-8AFD-4632-962D-FF855626F501 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = MainEntryPoint + +[Sources] + SpdmDeviceSecurityDxe.h + SpdmDeviceSecurityDxe.c + SpdmCommunication.c + SpdmDeviceIo.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + CryptoPkg/CryptoPkg.dec + SecurityPkg/SecurityPkg.dec + DeviceSecurityTestPkg/DeviceSecurityTestPkg.dec + +[LibraryClasses] + UefiRuntimeServicesTableLib + UefiBootServicesTableLib + UefiDriverEntryPoint + MemoryAllocationLib + DevicePathLib + BaseMemoryLib + PrintLib + DebugLib + UefiLib + PcdLib + TpmMeasurementLib + RngLib + BaseCryptLib + SpdmRequesterLib + SpdmTransportMctpLib + SpdmTransportPciDoeLib + SpdmSecurityLib + CryptlibWrapper + +[Guids] + gEfiDeviceSignatureDatabaseGuid ## CONSUMES + gEfiDeviceSecurityPkgTestConfig ## CONSUMES + +[Protocols] + gEdkiiDeviceSecurityProtocolGuid ## PRODUCES + gSpdmProtocolGuid ## PRODUCES + gEdkiiDeviceSecurityPolicyProtocolGuid ## CONSUMES + gSpdmIoProtocolGuid ## CONSUMES + gEdkiiDeviceIdentifierTypePciGuid ## COMSUMES + gEdkiiDeviceIdentifierTypeUsbGuid ## COMSUMES + +[Pcd] + gEfiDeviceSecurityPkgTokenSpaceGuid.PcdSpdmBaseAsymAlgo ## COMSUMES + gEfiDeviceSecurityPkgTokenSpaceGuid.PcdSpdmBaseHashAlgo ## COMSUMES + gEfiDeviceSecurityPkgTokenSpaceGuid.PcdSpdmDHENamedGroup ## COMSUMES + gEfiDeviceSecurityPkgTokenSpaceGuid.PcdSpdmAEADCipherSuite ## COMSUMES + gEfiDeviceSecurityPkgTokenSpaceGuid.PcdSpdmKeySchedule ## COMSUMES + +[Depex] + gEdkiiDeviceSecurityPolicyProtocolGuid diff --git a/DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmCommunication.c b/DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmCommunication.c new file mode 100644 index 00000000000..1bcb8bb0ecb --- /dev/null +++ b/DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmCommunication.c @@ -0,0 +1,372 @@ +/** @file + EDKII Device Security library for SPDM device. + It follows the SPDM Specification. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "SpdmDeviceSecurityPei.h" + +/** + Set a SPDM Session Data. + + @param This Indicates a pointer to the calling context. + @param DataType Type of the session data. + @param Data A pointer to the session data. + @param DataSize Size of the session data. + + @retval EFI_SUCCESS The SPDM session data is set successfully. + @retval EFI_INVALID_PARAMETER The Data is NULL or the DataType is zero. + @retval EFI_UNSUPPORTED The DataType is unsupported. + @retval EFI_ACCESS_DENIED The DataType cannot be set. + @retval EFI_NOT_READY Current session is not started. +**/ +EFI_STATUS +EFIAPI +SpdmPpiSetData ( + IN SPDM_PPI *This, + IN SPDM_DATA_TYPE DataType, + IN SPDM_DATA_PARAMETER *Parameter, + IN VOID *Data, + IN UINTN DataSize + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext; + VOID *SpdmContext; + + SpdmDriverContext = GetSpdmDriverContextViaSpdmPpi (This); + if (SpdmDriverContext == NULL) { + return EFI_UNSUPPORTED; + } + SpdmContext = SpdmDriverContext->SpdmContext; + + return SpdmSetData (SpdmContext, DataType, Parameter, Data, DataSize); +} + +/** + Get a SPDM Session Data. + + @param This Indicates a pointer to the calling context. + @param DataType Type of the session data. + @param Data A pointer to the session data. + @param DataSize Size of the session data. On input, it means the size of Data + buffer. On output, it means the size of copied Data buffer if + EFI_SUCCESS, and means the size of desired Data buffer if + EFI_BUFFER_TOO_SMALL. + + @retval EFI_SUCCESS The SPDM session data is set successfully. + @retval EFI_INVALID_PARAMETER The DataSize is NULL or the Data is NULL and *DataSize is not zero. + @retval EFI_UNSUPPORTED The DataType is unsupported. + @retval EFI_NOT_FOUND The DataType cannot be found. + @retval EFI_NOT_READY The DataType is not ready to return. + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data. +**/ +EFI_STATUS +EFIAPI +SpdmPpiGetData ( + IN SPDM_PPI *This, + IN SPDM_DATA_TYPE DataType, + IN SPDM_DATA_PARAMETER *Parameter, + IN OUT VOID *Data, + IN OUT UINTN *DataSize + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext; + VOID *SpdmContext; + + SpdmDriverContext = GetSpdmDriverContextViaSpdmPpi (This); + if (SpdmDriverContext == NULL) { + return EFI_UNSUPPORTED; + } + SpdmContext = SpdmDriverContext->SpdmContext; + + return SpdmGetData (SpdmContext, DataType, Parameter, Data, DataSize); +} + +/* + Call GetVersion, GetCapabilities, NegotiateAlgorithms + + The negotiated data can be get via GetData. +*/ +EFI_STATUS +EFIAPI +SpdmPpiInitConnection ( + IN SPDM_PPI *This + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverDeviceContext; + VOID *SpdmContext; + EFI_STATUS Status; + + SpdmDriverDeviceContext = GetSpdmDriverContextViaSpdmPpi (This); + if (SpdmDriverDeviceContext == NULL) { + return EFI_UNSUPPORTED; + } + SpdmContext = SpdmDriverDeviceContext->SpdmContext; + + Status = SpdmInitConnection (SpdmContext, FALSE); + if (EFI_ERROR(Status)) { + return Status; + } + + return EFI_SUCCESS; +} + +/* + Get all digest of the CertificateChains returned from device. + + TotalDigestSize = sizeof(Digest) * Count in SlotMask +*/ +EFI_STATUS +EFIAPI +SpdmPpiGetDigest ( + IN SPDM_PPI *This, + OUT UINT8 *SlotMask, + OUT VOID *TotalDigestBuffer + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverDeviceContext; + VOID *SpdmContext; + + SpdmDriverDeviceContext = GetSpdmDriverContextViaSpdmPpi (This); + if (SpdmDriverDeviceContext == NULL) { + return EFI_UNSUPPORTED; + } + SpdmContext = SpdmDriverDeviceContext->SpdmContext; + + return SpdmGetDigest (SpdmContext, NULL, SlotMask, TotalDigestBuffer); +} + +/* + Get CertificateChain in one slot returned from device. +*/ +EFI_STATUS +EFIAPI +SpdmPpiGetCertificate ( + IN SPDM_PPI *This, + IN UINT8 SlotNum, + IN OUT UINTN *CertChainSize, + OUT VOID *CertChain + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverDeviceContext; + VOID *SpdmContext; + + SpdmDriverDeviceContext = GetSpdmDriverContextViaSpdmPpi (This); + if (SpdmDriverDeviceContext == NULL) { + return EFI_UNSUPPORTED; + } + SpdmContext = SpdmDriverDeviceContext->SpdmContext; + + return SpdmGetCertificate (SpdmContext, NULL, SlotNum, CertChainSize, CertChain); +} + +/* + Authenticate based upon the key in one slot. +*/ +EFI_STATUS +EFIAPI +SpdmPpiChallenge ( + IN SPDM_PPI *This, + IN UINT8 SlotNum, + IN UINT8 MeasurementHashType, + OUT VOID *MeasurementHash + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverDeviceContext; + VOID *SpdmContext; + + SpdmDriverDeviceContext = GetSpdmDriverContextViaSpdmPpi (This); + if (SpdmDriverDeviceContext == NULL) { + return EFI_UNSUPPORTED; + } + SpdmContext = SpdmDriverDeviceContext->SpdmContext; + + return SpdmChallenge (SpdmContext, NULL, SlotNum, MeasurementHashType, MeasurementHash); +} + +/* + Get measurement +*/ +EFI_STATUS +EFIAPI +SpdmPpiGetMeasurement ( + IN SPDM_PPI *This, + IN UINT8 RequestAttribute, + IN UINT8 MeasurementOperation, + IN UINT8 SlotNum, + OUT UINT8 *NumberOfBlocks, + OUT UINT32 *MeasurementRecordLength, + OUT VOID *MeasurementRecord + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverDeviceContext; + VOID *SpdmContext; + + SpdmDriverDeviceContext = GetSpdmDriverContextViaSpdmPpi (This); + if (SpdmDriverDeviceContext == NULL) { + return EFI_UNSUPPORTED; + } + SpdmContext = SpdmDriverDeviceContext->SpdmContext; + + return SpdmGetMeasurement ( + SpdmContext, + NULL, + RequestAttribute, + MeasurementOperation, + SlotNum, + NumberOfBlocks, + MeasurementRecordLength, + MeasurementRecord + ); +} + +/* + Send receive SPDM data (non session data). +*/ +EFI_STATUS +EFIAPI +SpdmPpiSendReceiveData ( + IN SPDM_PPI *This, + IN UINT32 *SessionId, + IN BOOLEAN IsAppMessage, + IN VOID *Request, + IN UINTN RequestSize, + IN OUT VOID *Response, + IN OUT UINTN *ResponseSize + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverDeviceContext; + VOID *SpdmContext; + + SpdmDriverDeviceContext = GetSpdmDriverContextViaSpdmPpi (This); + if (SpdmDriverDeviceContext == NULL) { + return EFI_UNSUPPORTED; + } + SpdmContext = SpdmDriverDeviceContext->SpdmContext; + + return SpdmSendReceiveData (SpdmContext, SessionId, IsAppMessage, Request, RequestSize, Response, ResponseSize); +} + +/** + Start a SPDM Session. + + @param This Indicates a pointer to the calling context. + + @retval EFI_SUCCESS The SPDM session is started. +**/ +EFI_STATUS +EFIAPI +SpdmPpiStartSession ( + IN SPDM_PPI *This, + IN BOOLEAN UsePsk, + IN UINT8 MeasurementHashType, + IN UINT8 SlotNum, + OUT UINT32 *SessionId, + OUT UINT8 *HeartbeatPeriod, + OUT VOID *MeasurementHash + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverDeviceContext; + VOID *SpdmContext; + + SpdmDriverDeviceContext = GetSpdmDriverContextViaSpdmPpi (This); + if (SpdmDriverDeviceContext == NULL) { + return EFI_UNSUPPORTED; + } + SpdmContext = SpdmDriverDeviceContext->SpdmContext; + + return SpdmStartSession ( + SpdmContext, + UsePsk, + MeasurementHashType, + SlotNum, + SessionId, + HeartbeatPeriod, + MeasurementHash + ); +} + +/** + Stop a SPDM Session. + + @param This Indicates a pointer to the calling context. + + @retval EFI_SUCCESS The SPDM session is stopped. +**/ +EFI_STATUS +EFIAPI +SpdmPpiStopSession ( + IN SPDM_PPI *This, + IN UINT32 SessionId, + IN UINT8 EndSessionAttributes + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverDeviceContext; + VOID *SpdmContext; + + SpdmDriverDeviceContext = GetSpdmDriverContextViaSpdmPpi (This); + if (SpdmDriverDeviceContext == NULL) { + return EFI_UNSUPPORTED; + } + SpdmContext = SpdmDriverDeviceContext->SpdmContext; + + return SpdmStopSession (SpdmContext, SessionId, EndSessionAttributes); +} + +SPDM_PPI mSpdmPpi = { + SpdmPpiSetData, + SpdmPpiGetData, + SpdmPpiInitConnection, + SpdmPpiGetDigest, + SpdmPpiGetCertificate, + SpdmPpiChallenge, + SpdmPpiGetMeasurement, + SpdmPpiStartSession, + SpdmPpiStopSession, + SpdmPpiSendReceiveData, +}; + +EFI_PEI_PPI_DESCRIPTOR mSpdmPpiList = { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gSpdmPpiGuid, + &mSpdmPpi +}; + +EFI_EVENT mSpdmIoEvent; +VOID *mSpdmIoRegistration; + +EFI_STATUS +EFIAPI +SpdmIoPpiCallback ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi + ) +{ + EFI_STATUS Status; + + Status = PeiServicesInstallPpi (&mSpdmPpiList); + ASSERT_EFI_ERROR (Status); + + return EFI_SUCCESS; +} + +EFI_PEI_NOTIFY_DESCRIPTOR mSpdmIoPpiNotifyDesc = { + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), + &gSpdmIoPpiGuid, + SpdmIoPpiCallback +}; + +VOID +InitializeSpdmCommunication ( + VOID + ) +{ + EFI_STATUS Status; + + Status = PeiServicesNotifyPpi (&mSpdmIoPpiNotifyDesc); + ASSERT_EFI_ERROR (Status); +} diff --git a/DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmDeviceAuthentication.c b/DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmDeviceAuthentication.c new file mode 100644 index 00000000000..1eeb7a2ad7b --- /dev/null +++ b/DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmDeviceAuthentication.c @@ -0,0 +1,102 @@ +/** @file + EDKII Device Security library for SPDM device. + It follows the SPDM Specification. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "SpdmDeviceSecurityPei.h" + +/** + This function executes SPDM authentication. + + @param[in] SpdmContext The SPDM context for the device. + @param[out] DeviceSecurityState The Device Security state associated with the device. +**/ +EFI_STATUS +DoAuthenticationViaSpdm ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext, + OUT EDKII_DEVICE_SECURITY_STATE *DeviceSecurityState + ) +{ + EFI_STATUS Status; + VOID *SpdmContext; + UINT32 CapabilityFlags; + UINTN DataSize; + UINT8 SlotMask; + UINT8 TotalDigestBuffer[MAX_HASH_SIZE * MAX_SPDM_SLOT_COUNT]; + UINT8 MeasurementHash[MAX_HASH_SIZE]; + UINTN CertChainSize; + UINT8 CertChain[MAX_SPDM_CERT_CHAIN_SIZE]; + SPDM_DATA_PARAMETER Parameter; + + SpdmContext = SpdmDriverContext->SpdmContext; + + ZeroMem (&Parameter, sizeof(Parameter)); + Parameter.location = SpdmDataLocationConnection; + DataSize = sizeof(CapabilityFlags); + SpdmGetData (SpdmContext, SpdmDataCapabilityFlags, &Parameter, &CapabilityFlags, &DataSize); + + if ((CapabilityFlags & SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP) != 0) { + ZeroMem (TotalDigestBuffer, sizeof(TotalDigestBuffer)); + Status = SpdmGetDigest (SpdmContext, NULL, &SlotMask, TotalDigestBuffer); + DeviceSecurityState->AuthenticationState = SpdmGetLastError (SpdmContext); + if (DeviceSecurityState->AuthenticationState != EDKII_DEVICE_SECURITY_STATE_SUCCESS) { + return EFI_DEVICE_ERROR; + } + + CertChainSize = sizeof(CertChain); + ZeroMem (CertChain, sizeof(CertChain)); + Status = SpdmGetCertificate (SpdmContext, NULL, 0, &CertChainSize, CertChain); + DeviceSecurityState->AuthenticationState = SpdmGetLastError (SpdmContext); + if (DeviceSecurityState->AuthenticationState != EDKII_DEVICE_SECURITY_STATE_SUCCESS) { + return EFI_DEVICE_ERROR; + } + } + + ZeroMem (MeasurementHash, sizeof(MeasurementHash)); + Status = SpdmChallenge (SpdmContext, NULL, 0, SPDM_CHALLENGE_REQUEST_NO_MEASUREMENT_SUMMARY_HASH, MeasurementHash); + DeviceSecurityState->AuthenticationState = SpdmGetLastError (SpdmContext); + if (EFI_ERROR(Status)) { + return Status; + } + return EFI_SUCCESS; +} + +/** + The device driver uses this service to verify an SPDM device. + + @param[in] SpdmContext The SPDM context for the device. + @param[out] DeviceSecurityState The Device Security state associated with the device. +**/ +EFI_STATUS +DoDeviceAuthentication ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext, + OUT EDKII_DEVICE_SECURITY_STATE *DeviceSecurityState + ) +{ + EFI_STATUS Status; + VOID *SpdmContext; + + SpdmContext = SpdmDriverContext->SpdmContext; + + DeviceSecurityState->MeasurementState = EDKII_DEVICE_SECURITY_STATE_SUCCESS; + if (IsSpdmDeviceInAuthenticationList (SpdmDriverContext)) { + DeviceSecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_SUCCESS; + return EFI_SUCCESS; + } + + Status = DoAuthenticationViaSpdm (SpdmDriverContext, DeviceSecurityState); + if (Status != EFI_SUCCESS) { + return Status; + } + + if (DeviceSecurityState->AuthenticationState == EDKII_DEVICE_SECURITY_STATE_SUCCESS) { + RecordSpdmDeviceInAuthenticationList (SpdmDriverContext); + } + + return Status; +} + diff --git a/DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmDeviceIo.c b/DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmDeviceIo.c new file mode 100644 index 00000000000..e1139b4661f --- /dev/null +++ b/DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmDeviceIo.c @@ -0,0 +1,52 @@ +/** @file + EDKII Device Security library for SPDM device. + It follows the SPDM Specification. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "SpdmDeviceSecurityPei.h" + +RETURN_STATUS +EFIAPI +SpdmDeviceSendMessage ( + IN VOID *SpdmContext, + IN UINTN MessageSize, + IN VOID *Message, + IN UINT64 Timeout + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext; + SPDM_IO_PPI *SpdmIo; + + SpdmDriverContext = GetSpdmDriverContextViaSpdmContext (SpdmContext); + ASSERT (SpdmDriverContext != NULL); + SpdmIo = SpdmDriverContext->SpdmIoPpi; + if (SpdmIo == NULL) { + return RETURN_NOT_FOUND; + } + return SpdmIo->SendMessage (SpdmIo, MessageSize, Message, Timeout); +} + +RETURN_STATUS +EFIAPI +SpdmDeviceReceiveMessage ( + IN VOID *SpdmContext, + IN OUT UINTN *MessageSize, + IN OUT VOID *Message, + IN UINT64 Timeout + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext; + SPDM_IO_PPI *SpdmIo; + + SpdmDriverContext = GetSpdmDriverContextViaSpdmContext (SpdmContext); + ASSERT (SpdmDriverContext != NULL); + SpdmIo = SpdmDriverContext->SpdmIoPpi; + if (SpdmIo == NULL) { + return RETURN_NOT_FOUND; + } + return SpdmIo->ReceiveMessage (SpdmIo, MessageSize, Message, Timeout); +} diff --git a/DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmDeviceMeasurement.c b/DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmDeviceMeasurement.c new file mode 100644 index 00000000000..80a7853dc15 --- /dev/null +++ b/DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmDeviceMeasurement.c @@ -0,0 +1,419 @@ +/** @file + EDKII Device Security library for SPDM device. + It follows the SPDM Specification. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "SpdmDeviceSecurityPei.h" + +/** + + This function dump raw data. + + @param Data raw data + @param Size raw data size + +**/ +VOID +InternalDumpData ( + IN UINT8 *Data, + IN UINTN Size + ); + +/** + This function returns the SPDM device type for TCG SPDM event. + + @param[in] SpdmContext The SPDM context for the device. + + @return TCG SPDM device type +**/ +UINT32 +GetSpdmDeviceType ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext + ) +{ + if (CompareGuid (&SpdmDriverContext->DeviceId.DeviceType, &gEdkiiDeviceIdentifierTypePciGuid)) { + return TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_TYPE_PCI; + } + if (CompareGuid (&SpdmDriverContext->DeviceId.DeviceType, &gEdkiiDeviceIdentifierTypeUsbGuid)) { + return TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_TYPE_USB; + } + + return TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_TYPE_NULL; +} + +/** + This function returns the SPDM device measurement context size for TCG SPDM event. + + @param[in] SpdmContext The SPDM context for the device. + + @return TCG SPDM device measurement context size +**/ +UINTN +GetDeviceMeasurementContextSize ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext + ) +{ + if (CompareGuid (&SpdmDriverContext->DeviceId.DeviceType, &gEdkiiDeviceIdentifierTypePciGuid)) { + return sizeof(TCG_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT); + } + if (CompareGuid (&SpdmDriverContext->DeviceId.DeviceType, &gEdkiiDeviceIdentifierTypeUsbGuid)) { + // TBD - usb context + return 0; + } + return 0; +} + +/** + This function creates the SPDM PCI device measurement context for TCG SPDM event. + + @param[in] SpdmContext The SPDM context for the device. + @param[in, OUT] DeviceContext The TCG SPDM PCI device measurement context. + @param[in] DeviceContextSize The size of TCG SPDM PCI device measurement context. + + @retval EFI_SUCCESS The TCG SPDM PCI device measurement context is returned. +**/ +EFI_STATUS +CreatePciDeviceMeasurementContext ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext, + IN OUT VOID *DeviceContext, + IN UINTN DeviceContextSize + ) +{ +#if 0 + TCG_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT *PciContext; + PCI_TYPE00 PciData; + EFI_PCI_IO_PROTOCOL *PciIo; + EFI_STATUS Status; + if (DeviceContextSize != sizeof(*PciContext)) { + return EFI_BUFFER_TOO_SMALL; + } + + PciIo = SpdmDriverContext->DeviceIo; + Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint8, 0, sizeof(PciData), &PciData); + ASSERT_EFI_ERROR(Status); + + PciContext = DeviceContext; + PciContext->Version = TCG_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT_VERSION; + PciContext->Length = sizeof(*PciContext); + PciContext->VendorId = PciData.Hdr.VendorId; + PciContext->DeviceId = PciData.Hdr.DeviceId; + PciContext->RevisionID = PciData.Hdr.RevisionID; + PciContext->ClassCode[0] = PciData.Hdr.ClassCode[0]; + PciContext->ClassCode[1] = PciData.Hdr.ClassCode[1]; + PciContext->ClassCode[2] = PciData.Hdr.ClassCode[2]; + if ((PciData.Hdr.HeaderType & HEADER_LAYOUT_CODE) == HEADER_TYPE_DEVICE) { + PciContext->SubsystemVendorID = PciData.Device.SubsystemVendorID; + PciContext->SubsystemID = PciData.Device.SubsystemID; + } else { + PciContext->SubsystemVendorID = 0; + PciContext->SubsystemID = 0; + } +#endif + + return EFI_SUCCESS; +} + +/** + This function creates the SPDM device measurement context for TCG SPDM event. + + @param[in] SpdmContext The SPDM context for the device. + @param[in, OUT] DeviceContext The TCG SPDM device measurement context. + @param[in] DeviceContextSize The size of TCG SPDM device measurement context. + + @retval EFI_SUCCESS The TCG SPDM device measurement context is returned. + @retval EFI_UNSUPPORTED The TCG SPDM device measurement context is unsupported. +**/ +EFI_STATUS +CreateDeviceMeasurementContext ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext, + IN OUT VOID *DeviceContext, + IN UINTN DeviceContextSize + ) +{ + if (CompareGuid (&SpdmDriverContext->DeviceId.DeviceType, &gEdkiiDeviceIdentifierTypePciGuid)) { + return CreatePciDeviceMeasurementContext (SpdmDriverContext, DeviceContext, DeviceContextSize); + } + if (CompareGuid (&SpdmDriverContext->DeviceId.DeviceType, &gEdkiiDeviceIdentifierTypeUsbGuid)) { + return EFI_UNSUPPORTED; + } + return EFI_UNSUPPORTED; +} + +/** + This function extend the PCI digest from the DvSec register. + + @param[in] SpdmContext The SPDM context for the device. + @param[in] MeasurementRecordLength The length of the SPDM measurement record + @param[in] MeasurementRecord The SPDM measurement record + @param[out] DeviceSecurityState The Device Security state associated with the device. +**/ +EFI_STATUS +ExtendMeasurement ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext, + IN UINT32 MeasurementRecordLength, + IN UINT8 *MeasurementRecord + ) +{ + UINT32 PcrIndex; + UINT32 EventType; + VOID *EventLog; + UINT32 EventLogSize; + UINT8 *EventLogPtr; + TCG_DEVICE_SECURITY_EVENT_DATA_HEADER *EventData; + VOID *DeviceContext; + UINTN DeviceContextSize; + EFI_STATUS Status; + SPDM_MEASUREMENT_BLOCK_COMMON_HEADER *SpdmMeasurementBlockCommonHeader; + SPDM_MEASUREMENT_BLOCK_DMTF_HEADER *SpdmMeasurementBlockDmtfHeader; + VOID *Digest; + UINTN DigestSize; + UINTN DevicePathSize; + UINT32 MeasurementHashAlgo; + UINTN DataSize; + VOID *SpdmContext; + SPDM_DATA_PARAMETER Parameter; + + SpdmContext = SpdmDriverContext->SpdmContext; + + ZeroMem (&Parameter, sizeof(Parameter)); + Parameter.location = SpdmDataLocationConnection; + DataSize = sizeof(MeasurementHashAlgo); + Status = SpdmGetData (SpdmContext, SpdmDataMeasurementHashAlgo, &Parameter, &MeasurementHashAlgo, &DataSize); + ASSERT_EFI_ERROR(Status); + + SpdmMeasurementBlockCommonHeader = (VOID *)MeasurementRecord; + SpdmMeasurementBlockDmtfHeader = (VOID *)(SpdmMeasurementBlockCommonHeader + 1); + Digest = (SpdmMeasurementBlockDmtfHeader + 1); + DigestSize = MeasurementRecordLength - sizeof(SPDM_MEASUREMENT_BLOCK_DMTF); + + DEBUG((DEBUG_INFO, "SpdmMeasurementBlockCommonHeader\n")); + DEBUG((DEBUG_INFO, " Index - 0x%02x\n", SpdmMeasurementBlockCommonHeader->index)); + DEBUG((DEBUG_INFO, " MeasurementSpecification - 0x%02x\n", SpdmMeasurementBlockCommonHeader->measurement_specification)); + DEBUG((DEBUG_INFO, " MeasurementSize - 0x%04x\n", SpdmMeasurementBlockCommonHeader->measurement_size)); + DEBUG((DEBUG_INFO, "SpdmMeasurementBlockDmtfHeader\n")); + DEBUG((DEBUG_INFO, " DMTFSpecMeasurementValueType - 0x%02x\n", SpdmMeasurementBlockDmtfHeader->dmtf_spec_measurement_value_type)); + DEBUG((DEBUG_INFO, " DMTFSpecMeasurementValueSize - 0x%04x\n", SpdmMeasurementBlockDmtfHeader->dmtf_spec_measurement_value_size)); + DEBUG((DEBUG_INFO, "Measurement - ")); + InternalDumpData (Digest, DigestSize); + DEBUG((DEBUG_INFO, "\n")); + if (MeasurementRecordLength <= sizeof(SPDM_MEASUREMENT_BLOCK_COMMON_HEADER) + sizeof(SPDM_MEASUREMENT_BLOCK_DMTF_HEADER)) { + return EFI_SECURITY_VIOLATION; + } + if ((SpdmMeasurementBlockCommonHeader->measurement_specification & SPDM_MEASUREMENT_SPECIFICATION_DMTF) == 0) { + return EFI_SECURITY_VIOLATION; + } + if (SpdmMeasurementBlockCommonHeader->measurement_size != MeasurementRecordLength - sizeof(SPDM_MEASUREMENT_BLOCK_COMMON_HEADER)) { + return EFI_SECURITY_VIOLATION; + } + if (SpdmMeasurementBlockDmtfHeader->dmtf_spec_measurement_value_size != SpdmMeasurementBlockCommonHeader->measurement_size - sizeof(SPDM_MEASUREMENT_BLOCK_DMTF_HEADER)) { + return EFI_SECURITY_VIOLATION; + } + + // + // Use PCR 2 for Firmware Blob code. + // + switch (SpdmMeasurementBlockDmtfHeader->dmtf_spec_measurement_value_type & 0x7F) { + case SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_IMMUTABLE_ROM: + case SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_MUTABLE_FIRMWARE: + PcrIndex = 2; + EventType = EV_EFI_SPDM_FIRMWARE_BLOB; + break; + case SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_HARDWARE_CONFIGURATION: + case SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_FIRMWARE_CONFIGURATION: + PcrIndex = 3; + EventType = EV_EFI_SPDM_FIRMWARE_CONFIG; + break; + default: + return EFI_SECURITY_VIOLATION; + } + + DeviceContextSize = GetDeviceMeasurementContextSize (SpdmDriverContext); +#if 0 + DevicePathSize = GetDevicePathSize (SpdmDriverContext->DevicePath); +#endif + DevicePathSize = 10; + EventLogSize = (UINT32)(sizeof(TCG_DEVICE_SECURITY_EVENT_DATA_HEADER) + + MeasurementRecordLength + + sizeof(UINT32) + DevicePathSize + + DeviceContextSize); + EventLog = AllocatePool (EventLogSize); + if (EventLog == NULL) { + return EFI_OUT_OF_RESOURCES; + } + EventLogPtr = EventLog; + + EventData = (VOID *)EventLogPtr; + CopyMem (EventData->Signature, TCG_DEVICE_SECURITY_EVENT_DATA_SIGNATURE, sizeof(EventData->Signature)); + EventData->Version = TCG_DEVICE_SECURITY_EVENT_DATA_VERSION_1; + EventData->Length = (UINT16)EventLogSize; + EventData->SpdmHashAlgo = MeasurementHashAlgo; + EventData->DeviceType = GetSpdmDeviceType (SpdmDriverContext); + + EventLogPtr = (VOID *)(EventData + 1); + CopyMem (EventLogPtr, MeasurementRecord, MeasurementRecordLength); + EventLogPtr += MeasurementRecordLength; + + *(UINT32 *)EventLogPtr = (UINT32)DevicePathSize; + EventLogPtr += sizeof(UINT32); +#if 0 + CopyMem (EventLogPtr, SpdmDriverContext->DevicePath, DevicePathSize); +#endif + EventLogPtr += DevicePathSize; + + if (DeviceContextSize != 0) { + DeviceContext = (VOID *)EventLogPtr; + Status = CreateDeviceMeasurementContext (SpdmDriverContext, DeviceContext, DeviceContextSize); + if (Status != EFI_SUCCESS) { + return EFI_DEVICE_ERROR; + } + } + +#if 0 + Status = TpmMeasureAndLogData ( + PcrIndex, + EventType, + EventLog, + EventLogSize, + Digest, + DigestSize + ); +#endif + DEBUG((DEBUG_INFO, "TpmMeasureAndLogData - %r\n", Status)); + + return Status; +} + +/** + This function executes SPDM measurement and extend to TPM. + + @param[in] SpdmContext The SPDM context for the device. + @param[out] DeviceSecurityState The Device Security state associated with the device. +**/ +EFI_STATUS +SpdmSendReceiveGetMeasurement ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext + ) +{ + EFI_STATUS Status; + UINT8 NumberOfBlocks; + UINT8 NumberOfBlock; + UINT32 MeasurementRecordLength; + UINT8 MeasurementRecord[MAX_SPDM_MEASUREMENT_RECORD_SIZE]; + UINT8 Index; + VOID *SpdmContext; + + SpdmContext = SpdmDriverContext->SpdmContext; + + // + // 1. Query the total number of measurements available. + // + Status = SpdmGetMeasurement ( + SpdmContext, + NULL, + SPDM_GET_MEASUREMENTS_REQUEST_ATTRIBUTES_GENERATE_SIGNATURE, + SPDM_GET_MEASUREMENTS_REQUEST_MEASUREMENT_OPERATION_TOTAL_NUMBER_OF_MEASUREMENTS, + 0, + &NumberOfBlocks, + NULL, + NULL + ); + if (EFI_ERROR(Status)) { + return Status; + } + DEBUG((DEBUG_INFO, "NumberOfBlocks - 0x%x\n", NumberOfBlocks)); + + for (Index = 1; Index <= NumberOfBlocks; Index++) { + DEBUG((DEBUG_INFO, "Index - 0x%x\n", Index)); + // + // 2. query measurement one by one + // TBD get signature in last message only. + // + MeasurementRecordLength = sizeof(MeasurementRecord); + Status = SpdmGetMeasurement ( + SpdmContext, + NULL, + SPDM_GET_MEASUREMENTS_REQUEST_ATTRIBUTES_GENERATE_SIGNATURE, + Index, + 0, + &NumberOfBlock, + &MeasurementRecordLength, + MeasurementRecord + ); + if (EFI_ERROR(Status)) { + return Status; + } + + DEBUG((DEBUG_INFO, "ExtendMeasurement...\n", ExtendMeasurement)); + Status = ExtendMeasurement (SpdmDriverContext, MeasurementRecordLength, MeasurementRecord); + if (Status != EFI_SUCCESS) { + return Status; + } + } + + return EFI_SUCCESS; +} + +/** + This function executes SPDM measurement and extend to TPM. + + @param[in] SpdmContext The SPDM context for the device. + @param[out] DeviceSecurityState The Device Security state associated with the device. +**/ +EFI_STATUS +DoMeasurementViaSpdm ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext, + OUT EDKII_DEVICE_SECURITY_STATE *DeviceSecurityState + ) +{ + EFI_STATUS Status; + VOID *SpdmContext; + + SpdmContext = SpdmDriverContext->SpdmContext; + + Status = SpdmSendReceiveGetMeasurement (SpdmDriverContext); + DeviceSecurityState->MeasurementState = SpdmGetLastError (SpdmContext); + if (EFI_ERROR(Status)) { + return Status; + } + return EFI_SUCCESS; +} + +/** + The device driver uses this service to measure an SPDM device. + + @param[in] SpdmContext The SPDM context for the device. + @param[out] DeviceSecurityState The Device Security state associated with the device. +**/ +EFI_STATUS +DoDeviceMeasurement ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext, + OUT EDKII_DEVICE_SECURITY_STATE *DeviceSecurityState + ) +{ + EFI_STATUS Status; + VOID *SpdmContext; + + SpdmContext = SpdmDriverContext->SpdmContext; + + DeviceSecurityState->MeasurementState = EDKII_DEVICE_SECURITY_STATE_SUCCESS; + if (IsSpdmDeviceInMeasurementList (SpdmDriverContext)) { + return EFI_SUCCESS; + } + + Status = DoMeasurementViaSpdm (SpdmDriverContext, DeviceSecurityState); + if (Status != EFI_SUCCESS) { + DeviceSecurityState->MeasurementState = SpdmGetLastError (SpdmContext); + return Status; + } + + if (DeviceSecurityState->MeasurementState == EDKII_DEVICE_SECURITY_STATE_SUCCESS) { + RecordSpdmDeviceInMeasurementList (SpdmDriverContext); + } + + return Status; +} + diff --git a/DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmDeviceSecurityPei.c b/DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmDeviceSecurityPei.c new file mode 100644 index 00000000000..d382f263195 --- /dev/null +++ b/DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmDeviceSecurityPei.c @@ -0,0 +1,538 @@ +/** @file + EDKII Device Security library for SPDM device. + It follows the SPDM Specification. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "SpdmDeviceSecurityPei.h" + +LIST_ENTRY mSpdmDeviceList = INITIALIZE_LIST_HEAD_VARIABLE(mSpdmDeviceList); + +EDKII_DEVICE_SECURITY_POLICY_PPI *mDeviceSecurityPolicyPpi; + +#if 0 +/** + Compare two device paths to check if they are exactly same. + + @param DevicePath1 A pointer to the first device path data structure. + @param DevicePath2 A pointer to the second device path data structure. + + @retval TRUE They are same. + @retval FALSE They are not same. + +**/ +BOOLEAN +CompareDevicePath ( + IN EFI_DEVICE_PATH_PROTOCOL *DevicePath1, + IN EFI_DEVICE_PATH_PROTOCOL *DevicePath2 + ) +{ + UINTN Size1; + UINTN Size2; + + Size1 = GetDevicePathSize (DevicePath1); + Size2 = GetDevicePathSize (DevicePath2); + + if (Size1 != Size2) { + return FALSE; + } + + if (CompareMem (DevicePath1, DevicePath2, Size1) != 0) { + return FALSE; + } + + return TRUE; +} +#endif + +/** + Record an SPDM device into device list. + + @param[in] SpdmContext The SPDM context for the device. +**/ +VOID +RecordSpdmDeviceInList ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext + ) +{ + SPDM_DEVICE_INSTANCE *NewSpdmDevice; + LIST_ENTRY *SpdmDeviceList; + + SpdmDeviceList = &mSpdmDeviceList; + + NewSpdmDevice = AllocateZeroPool(sizeof(*NewSpdmDevice)); + ASSERT(NewSpdmDevice != NULL); + + NewSpdmDevice->Signature = SPDM_DEVICE_INSTANCE_SIGNATURE; + NewSpdmDevice->SpdmDriverContext = SpdmDriverContext; + + InsertTailList(SpdmDeviceList, &NewSpdmDevice->Link); +} + +/** + Return the SPDM device via DeviceId. + + @param[in] DeviceId The Identifier for the device. + + @return The SPDM device context. +**/ +SPDM_DRIVER_DEVICE_CONTEXT * +GetSpdmDriverContextViaDeviceId ( + IN EDKII_DEVICE_IDENTIFIER *DeviceId + ) +{ + LIST_ENTRY *Link; + SPDM_DEVICE_INSTANCE *CurrentSpdmDevice; + LIST_ENTRY *SpdmDeviceList; + + SpdmDeviceList = &mSpdmDeviceList; + + Link = GetFirstNode(SpdmDeviceList); + while (!IsNull(SpdmDeviceList, Link)) { + CurrentSpdmDevice = SPDM_DEVICE_INSTANCE_FROM_LINK(Link); + + if (CurrentSpdmDevice->SpdmDriverContext->DeviceId.DeviceHandle == DeviceId->DeviceHandle) { + return CurrentSpdmDevice->SpdmDriverContext; + } + + Link = GetNextNode(SpdmDeviceList, Link); + } + + return NULL; +} + +/** + Return the SPDM device via Spdm protocol. + + @param[in] Spdm The SPDM protocol instance. + + @return The SPDM device context. +**/ +SPDM_DRIVER_DEVICE_CONTEXT * +GetSpdmDriverContextViaSpdmPpi ( + IN SPDM_PPI *SpdmPpi + ) +{ + LIST_ENTRY *Link; + SPDM_DEVICE_INSTANCE *CurrentSpdmDevice; + LIST_ENTRY *SpdmDeviceList; + + SpdmDeviceList = &mSpdmDeviceList; + + Link = GetFirstNode(SpdmDeviceList); + while (!IsNull(SpdmDeviceList, Link)) { + CurrentSpdmDevice = SPDM_DEVICE_INSTANCE_FROM_LINK(Link); + + if (CurrentSpdmDevice->SpdmDriverContext->SpdmPpi == SpdmPpi) { + return CurrentSpdmDevice->SpdmDriverContext; + } + + Link = GetNextNode(SpdmDeviceList, Link); + } + + return NULL; +} + +/** + Return the SPDM device via Spdm Context. + + @param[in] Spdm The SPDM context instance. + + @return The SPDM device context. +**/ +SPDM_DRIVER_DEVICE_CONTEXT * +GetSpdmDriverContextViaSpdmContext ( + IN VOID *SpdmContext + ) +{ + LIST_ENTRY *Link; + SPDM_DEVICE_INSTANCE *CurrentSpdmDevice; + LIST_ENTRY *SpdmDeviceList; + + SpdmDeviceList = &mSpdmDeviceList; + + Link = GetFirstNode(SpdmDeviceList); + while (!IsNull(SpdmDeviceList, Link)) { + CurrentSpdmDevice = SPDM_DEVICE_INSTANCE_FROM_LINK(Link); + + if (CurrentSpdmDevice->SpdmDriverContext->SpdmContext == SpdmContext) { + return CurrentSpdmDevice->SpdmDriverContext; + } + + Link = GetNextNode(SpdmDeviceList, Link); + } + + return NULL; +} + +/** + Record an SPDM device into device list. + + @param[in] SpdmContext The SPDM context for the device. +**/ +VOID +RecordSpdmDeviceInMeasurementList ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext + ) +{ + SpdmDriverContext->IsDeviceMeasured = TRUE; +} + +/** + Check if an SPDM device is recorded in device list. + + @param[in] SpdmContext The SPDM context for the device. + + @retval TRUE The SPDM device is in the list. + @retval FALSE The SPDM device is NOT in the list. +**/ +BOOLEAN +IsSpdmDeviceInMeasurementList ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext + ) +{ + return SpdmDriverContext->IsDeviceMeasured; +} + +/** + Record an SPDM device into device list. + + @param[in] SpdmContext The SPDM context for the device. +**/ +VOID +RecordSpdmDeviceInAuthenticationList ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext + ) +{ + SpdmDriverContext->IsDeviceAuthenticated = TRUE; +} + +/** + Check if an SPDM device is recorded in device list. + + @param[in] SpdmContext The SPDM context for the device. + + @retval TRUE The SPDM device is in the list. + @retval FALSE The SPDM device is NOT in the list. +**/ +BOOLEAN +IsSpdmDeviceInAuthenticationList ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext + ) +{ + return SpdmDriverContext->IsDeviceAuthenticated; +} + +/** + This function creates the SPDM device contenxt. + + @param[in] DeviceId The Identifier for the device. + + @return SPDM device context +**/ +SPDM_DRIVER_DEVICE_CONTEXT * +CreateSpdmDriverContext ( + IN EDKII_DEVICE_IDENTIFIER *DeviceId + ) +{ + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext; + VOID *SpdmContext; + EFI_STATUS Status; + VOID *Data; + UINTN DataSize; + SPDM_DATA_PARAMETER Parameter; + UINT8 Data8; + UINT16 Data16; + UINT32 Data32; + BOOLEAN HasRspPubCert; + EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi; + UINTN SpdmContextSize; + BOOLEAN IsRequrester; + + SpdmDriverContext = AllocateZeroPool (sizeof(*SpdmDriverContext)); + ASSERT(SpdmDriverContext != NULL); + SpdmContextSize = SpdmGetContextSize(); + DEBUG ((DEBUG_INFO, "SpdmContextSize - 0x%x\n", SpdmContextSize)); + SpdmContext = AllocatePages (EFI_SIZE_TO_PAGES(SpdmContextSize)); + ASSERT(SpdmContext != NULL); + SpdmInitContext (SpdmContext); + SpdmRegisterDeviceIoFunc (SpdmContext, SpdmDeviceSendMessage, SpdmDeviceReceiveMessage); + SpdmRegisterTransportLayerFunc (SpdmContext, + SPDM_MAX_SPDM_MSG_SIZE, + SPDM_MAX_SPDM_MSG_SIZE, + SPDM_TRANSPORT_HEADER_SIZE, + SPDM_TRANSPORT_TAIL_SIZE,SpdmTransportMctpEncodeMessage); +// SpdmRegisterTransportLayerFunc (SpdmContext, SPDM_MAX_SPDM_MSG_SIZE, SpdmTransportPciDoeEncodeMessage, SpdmTransportPciDoeDecodeMessage); + + SpdmDriverContext->SpdmContext = SpdmContext; + + SpdmDriverContext->Signature = SPDM_DRIVER_DEVICE_CONTEXT_SIGNATURE; + CopyMem (&SpdmDriverContext->DeviceId, DeviceId, sizeof(*DeviceId)); + + DEBUG ((DEBUG_ERROR, "CreateSpdmDriverContext\n")); + + Status = PeiServicesLocatePpi ( + &gSpdmIoPpiGuid, + 0, + NULL, + (VOID**)&SpdmDriverContext->SpdmIoPpi + ); + if (EFI_ERROR(Status)) { + DEBUG ((DEBUG_ERROR, "Locate - SpdmIoPpi - %r\n", Status)); + goto Error; + } + + Status = PeiServicesLocatePpi ( + &gSpdmPpiGuid, + 0, + NULL, + (VOID**)&SpdmDriverContext->SpdmPpi + ); + if (EFI_ERROR(Status)) { + DEBUG ((DEBUG_ERROR, "Locate - SpdmPpi - %r\n", Status)); + goto Error; + } +#if 0 + Status = gBS->HandleProtocol ( + DeviceId->DeviceHandle, + &gEfiDevicePathProtocolGuid, + (VOID **)&SpdmDriverContext->DevicePath + ); + if (EFI_ERROR(Status)) { + DEBUG ((DEBUG_ERROR, "Locate - DevicePath - %r\n", Status)); + goto Error; + } + + Status = gBS->HandleProtocol ( + DeviceId->DeviceHandle, + &DeviceId->DeviceType, + (VOID **)&SpdmDriverContext->DeviceIo + ); + if (EFI_ERROR(Status)) { + DEBUG ((DEBUG_ERROR, "Locate - DeviceIo - %r\n", Status)); + // This is optional, only check known device type later. + } + + if (CompareGuid (&DeviceId->DeviceType, &gEdkiiDeviceIdentifierTypePciGuid) || + CompareGuid (&DeviceId->DeviceType, &gEdkiiDeviceIdentifierTypeUsbGuid)) { + if (SpdmDriverContext->DeviceIo == NULL) { + DEBUG ((DEBUG_ERROR, "Locate - PciIo - %r\n", Status)); + goto Error; + } + } +#endif + + // + // Record list before any transaction + // + RecordSpdmDeviceInList (SpdmDriverContext); + + Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **) &VariablePpi); + ASSERT_EFI_ERROR (Status); + + HasRspPubCert = FALSE; + Data8 = 0; + ZeroMem (&Parameter, sizeof(Parameter)); + Parameter.location = SpdmDataLocationLocal; + SpdmSetData (SpdmContext, SpdmDataCapabilityCTExponent, &Parameter, &Data8, sizeof(Data8)); + + Data32 = 0 | +// SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CERT_CAP | +// SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHAL_CAP | + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP | + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP | +// SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MUT_AUTH_CAP | + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP | + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP_REQUESTER | +// SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCAP_CAP | + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HBEAT_CAP | + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_UPD_CAP | + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP | +// SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP | + 0; + if (!HasRspPubCert) { + Data32 &= ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHAL_CAP; + } else { + Data32 |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHAL_CAP; + } + SpdmSetData (SpdmContext, SpdmDataCapabilityFlags, &Parameter, &Data32, sizeof(Data32)); + + Data8 = SPDM_MEASUREMENT_SPECIFICATION_DMTF; + SpdmSetData (SpdmContext, SpdmDataMeasurementSpec, &Parameter, &Data8, sizeof(Data8)); + Data32 = SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048; + SpdmSetData (SpdmContext, SpdmDataBaseAsymAlgo, &Parameter, &Data32, sizeof(Data32)); + Data32 = SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256; + SpdmSetData (SpdmContext, SpdmDataBaseHashAlgo, &Parameter, &Data32, sizeof(Data32)); + Data16 = SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_2048; + SpdmSetData (SpdmContext, SpdmDataDHENameGroup, &Parameter, &Data16, sizeof(Data16)); + Data16 = SPDM_ALGORITHMS_KEY_SCHEDULE_HMAC_HASH; + SpdmSetData (SpdmContext, SpdmDataAEADCipherSuite, &Parameter, &Data16, sizeof(Data16)); + Data16 = SPDM_ALGORITHMS_KEY_SCHEDULE_HMAC_HASH; + SpdmSetData (SpdmContext, SpdmDataKeySchedule, &Parameter, &Data16, sizeof(Data16)); + IsRequrester = TRUE; + SpdmReturn = SpdmSetData (SpdmContext, LIBSPDM_DATA_IS_REQUESTER, &Parameter, &IsRequrester, sizeof (IsRequrester)); + if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { + goto Error; + } + Status = SpdmInitConnection (SpdmContext, FALSE); + if (EFI_ERROR(Status)) { + DEBUG ((DEBUG_ERROR, "SpdmInitConnection - %r\n", Status)); + goto Error; + } + + return SpdmDriverContext; +Error: + FreePool (SpdmDriverContext); + return NULL; +} + +/** + The device driver uses this service to measure and/or verify a device. + + The flow in device driver is: + 1) Device driver discovers a new device. + 2) Device driver creates an EFI_DEVICE_PATH_PROTOCOL. + 3) Device driver creates a device access protocol. e.g. + EFI_PCI_IO_PROTOCOL for PCI device. + EFI_USB_IO_PROTOCOL for USB device. + EFI_EXT_SCSI_PASS_THRU_PROTOCOL for SCSI device. + EFI_ATA_PASS_THRU_PROTOCOL for ATA device. + EFI_NVM_EXPRESS_PASS_THRU_PROTOCOL for NVMe device. + EFI_SD_MMC_PASS_THRU_PROTOCOL for SD/MMC device. + The device driver also creates the SPDM_IO_PROTOCOL. + 4) Device driver installs the EFI_DEVICE_PATH_PROTOCOL with EFI_DEVICE_PATH_PROTOCOL_GUID, + the SPDM_IO_PROTOCOL with SPDM_PROTOCOL_IO_GUID, + and the device access protocol with EDKII_DEVICE_IDENTIFIER_TYPE_xxx_GUID. + Once it is done, a DeviceHandle is returned. + 5) Device driver creates EDKII_DEVICE_IDENTIFIER with EDKII_DEVICE_IDENTIFIER_TYPE_xxx_GUID + and the DeviceHandle. + 6) Device driver calls DeviceAuthenticate(). + 7) If DeviceAuthenticate() returns EFI_SECURITY_VIOLATION, the device driver uninstalls + all protocols on this handle. + 8) If DeviceAuthenticate() returns EFI_SUCCESS, the device driver installs the device access + protocol with a real protocol GUID. e.g. + EFI_PCI_IO_PROTOCOL with EFI_PCI_IO_PROTOCOL_GUID. + EFI_USB_IO_PROTOCOL with EFI_USB_IO_PROTOCOL_GUID. + + @param[in] This The protocol instance pointer. + @param[in] DeviceId The Identifier for the device. + + @retval EFI_SUCCESS The device specified by the DeviceId passed the measurement + and/or authentication based upon the platform policy. + If TCG measurement is required, the measurement is extended to TPM PCR. + @retval EFI_SECURITY_VIOLATION The device fails to return the measurement data. + @retval EFI_SECURITY_VIOLATION The device fails to response the authentication request. + @retval EFI_SECURITY_VIOLATION The system fails to verify the device based upon the authentication response. + @retval EFI_SECURITY_VIOLATION The system fails to extend the measurement to TPM PCR. +**/ +EFI_STATUS +EFIAPI +DeviceAuthentication ( + IN EDKII_DEVICE_SECURITY_PPI *This, + IN EDKII_DEVICE_IDENTIFIER *DeviceId + ) +{ + EDKII_DEVICE_SECURITY_POLICY DeviceSecurityPolicy; + EDKII_DEVICE_SECURITY_STATE DeviceSecurityState; + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext; + EFI_STATUS Status; + + if (mDeviceSecurityPolicyPpi == NULL) { + return EFI_SUCCESS; + } + + SpdmDriverContext = GetSpdmDriverContextViaDeviceId (DeviceId); + if (SpdmDriverContext == NULL) { + SpdmDriverContext = CreateSpdmDriverContext (DeviceId); + } + if (SpdmDriverContext == NULL) { + return EFI_UNSUPPORTED; + } + + DeviceSecurityState.Revision = EDKII_DEVICE_SECURITY_STATE_REVISION; + DeviceSecurityState.MeasurementState = 0x0; + DeviceSecurityState.AuthenticationState = 0x0; + + Status = mDeviceSecurityPolicyPpi->GetDevicePolicy (mDeviceSecurityPolicyPpi, DeviceId, &DeviceSecurityPolicy); + if (EFI_ERROR(Status)) { + DEBUG((DEBUG_ERROR, "mDeviceSecurityPolicy->GetDevicePolicy - %r\n", Status)); + DeviceSecurityState.MeasurementState = EDKII_DEVICE_SECURITY_STATE_ERROR_UEFI_GET_POLICY_PPI; + DeviceSecurityState.AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_UEFI_GET_POLICY_PPI; + } else { + if ((DeviceSecurityPolicy.AuthenticationPolicy & EDKII_DEVICE_AUTHENTICATION_REQUIRED) != 0) { + DoDeviceAuthentication (SpdmDriverContext, &DeviceSecurityState); + DEBUG((DEBUG_ERROR, "AuthenticationState - 0x%08x\n", DeviceSecurityState.AuthenticationState)); + } + if ((DeviceSecurityPolicy.MeasurementPolicy & EDKII_DEVICE_MEASUREMENT_REQUIRED) != 0) { + DoDeviceMeasurement (SpdmDriverContext, &DeviceSecurityState); + DEBUG((DEBUG_ERROR, "MeasurementState - 0x%08x\n", DeviceSecurityState.MeasurementState)); + } + } + + Status = mDeviceSecurityPolicyPpi->NotifyDeviceState (mDeviceSecurityPolicyPpi, DeviceId, &DeviceSecurityState); + if (EFI_ERROR(Status)) { + DEBUG((DEBUG_ERROR, "mDeviceSecurityPolicy->NotifyDeviceState - %r\n", Status)); + } + + if ((DeviceSecurityState.MeasurementState == 0) && + (DeviceSecurityState.AuthenticationState == 0)) { + return EFI_SUCCESS; + } else { + return EFI_SECURITY_VIOLATION; + } +} + +EDKII_DEVICE_SECURITY_PPI mDeviceSecurityPpi = { + EDKII_DEVICE_SECURITY_PPI_REVISION, + DeviceAuthentication +}; + +EFI_PEI_PPI_DESCRIPTOR mDeviceSecurityPpiList = { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gEdkiiDeviceSecurityPpiGuid, + &mDeviceSecurityPpi +}; + +/** + Entrypoint of the device security driver. + + @param[in] ImageHandle ImageHandle of the loaded driver + @param[in] SystemTable Pointer to the System Table + + @retval EFI_SUCCESS The Protocol is installed. + @retval EFI_OUT_OF_RESOURCES Not enough resources available to initialize driver. + @retval EFI_DEVICE_ERROR A device error occurred attempting to initialize the driver. + +**/ +EFI_STATUS +EFIAPI +MainEntryPoint ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + EFI_STATUS Status; + + Status = PeiServicesLocatePpi ( + &gEdkiiDeviceSecurityPolicyPpiGuid, + 0, + NULL, + (VOID**)&mDeviceSecurityPolicyPpi + ); + if (EFI_ERROR(Status)) { + return Status; + } + + // + // install Device Security Services + // + Status = PeiServicesInstallPpi (&mDeviceSecurityPpiList); + ASSERT_EFI_ERROR (Status); + + InitializeSpdmCommunication (); + + return Status; +} diff --git a/DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmDeviceSecurityPei.h b/DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmDeviceSecurityPei.h new file mode 100644 index 00000000000..ee48ddd133d --- /dev/null +++ b/DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmDeviceSecurityPei.h @@ -0,0 +1,233 @@ +/** @file + EDKII Device Security library for SPDM device. + It follows the SPDM Specification. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __SPDM_DEVICE_SECURTY_PEI_H__ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifndef SPDM_TRANSPORT_HEADER_SIZE +#define SPDM_TRANSPORT_HEADER_SIZE 64 +#endif +#ifndef SPDM_TRANSPORT_TAIL_SIZE +#define SPDM_TRANSPORT_TAIL_SIZE 64 +#endif +/* define common SPDM_TRANSPORT_ADDITIONAL_SIZE. It should be the biggest one. */ +#ifndef SPDM_TRANSPORT_ADDITIONAL_SIZE +#define SPDM_TRANSPORT_ADDITIONAL_SIZE \ + (SPDM_TRANSPORT_HEADER_SIZE + SPDM_TRANSPORT_TAIL_SIZE) +#endif +#ifndef SPDM_SENDER_BUFFER_SIZE +#define SPDM_SENDER_BUFFER_SIZE (0x1100 + \ + SPDM_TRANSPORT_ADDITIONAL_SIZE) +#endif +#ifndef SPDM_RECEIVER_BUFFER_SIZE +#define SPDM_RECEIVER_BUFFER_SIZE (0x1200 + \ + SPDM_TRANSPORT_ADDITIONAL_SIZE) +#endif +#if (SPDM_SENDER_BUFFER_SIZE > SPDM_RECEIVER_BUFFER_SIZE) +#define SPDM_MAX_SENDER_RECEIVER_BUFFER_SIZE SPDM_SENDER_BUFFER_SIZE +#else +#define SPDM_MAX_SENDER_RECEIVER_BUFFER_SIZE SPDM_RECEIVER_BUFFER_SIZE +#endif +/* Maximum size of a large SPDM message. + * If chunk is unsupported, it must be same as SPDM_DATA_TRANSFER_SIZE. + * If chunk is supported, it must be larger than SPDM_DATA_TRANSFER_SIZE. + * It matches MaxSPDMmsgSize in SPDM specification. */ +#ifndef SPDM_MAX_SPDM_MSG_SIZE +#define SPDM_MAX_SPDM_MSG_SIZE 0x1200 +#endif + +typedef struct { + UINTN Signature; + EDKII_DEVICE_IDENTIFIER DeviceId; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + VOID *DeviceIo; + SPDM_IO_PPI *SpdmIoPpi; + //TBD + SPDM_PPI *SpdmPpi; + // + // Status + // + BOOLEAN IsDeviceMeasured; + BOOLEAN IsDeviceAuthenticated; + + VOID *SpdmContext; +} SPDM_DRIVER_DEVICE_CONTEXT; + +#define SPDM_DRIVER_DEVICE_CONTEXT_SIGNATURE SIGNATURE_32 ('S', 'D', 'D', 'C') + +typedef struct { + UINTN Signature; + LIST_ENTRY Link; + SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext; +} SPDM_DEVICE_INSTANCE; + +#define SPDM_DEVICE_INSTANCE_SIGNATURE SIGNATURE_32 ('S', 'D', 'C', 'S') +#define SPDM_DEVICE_INSTANCE_FROM_LINK(a) CR (a, SPDM_DEVICE_INSTANCE, Link, SPDM_DEVICE_INSTANCE_SIGNATURE) + +/** + Compare two device paths to check if they are exactly same. + + @param DevicePath1 A pointer to the first device path data structure. + @param DevicePath2 A pointer to the second device path data structure. + + @retval TRUE They are same. + @retval FALSE They are not same. + +**/ +BOOLEAN +CompareDevicePath ( + IN EFI_DEVICE_PATH_PROTOCOL *DevicePath1, + IN EFI_DEVICE_PATH_PROTOCOL *DevicePath2 + ); + +/** + Record an SPDM device into device list. + + @param[in] SpdmContext The SPDM context for the device. +**/ +VOID +RecordSpdmDeviceInMeasurementList ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext + ); + +/** + Check if an SPDM device is recorded in device list. + + @param[in] SpdmContext The SPDM context for the device. + + @retval TRUE The SPDM device is in the list. + @retval FALSE The SPDM device is NOT in the list. +**/ +BOOLEAN +IsSpdmDeviceInMeasurementList ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext + ); + +/** + Record an SPDM device into device list. + + @param[in] SpdmContext The SPDM context for the device. +**/ +VOID +RecordSpdmDeviceInAuthenticationList ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext + ); + +/** + Check if an SPDM device is recorded in device list. + + @param[in] SpdmContext The SPDM context for the device. + + @retval TRUE The SPDM device is in the list. + @retval FALSE The SPDM device is NOT in the list. +**/ +BOOLEAN +IsSpdmDeviceInAuthenticationList ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext + ); + +/** + Return the SPDM device via Spdm protocol. + + @param[in] Spdm The SPDM protocol instance. + + @return The SPDM device context. +**/ +SPDM_DRIVER_DEVICE_CONTEXT * +GetSpdmDriverContextViaSpdmPpi ( + IN SPDM_PPI *SpdmPpi + ); + +/** + Return the SPDM device via Spdm Context. + + @param[in] Spdm The SPDM context instance. + + @return The SPDM device context. +**/ +SPDM_DRIVER_DEVICE_CONTEXT * +GetSpdmDriverContextViaSpdmContext ( + IN VOID *SpdmContext + ); + +/** + The device driver uses this service to measure an SPDM device. + + @param[in] SpdmContext The SPDM context for the device. + @param[out] DeviceSecurityState The Device Security state associated with the device. +**/ +EFI_STATUS +DoDeviceMeasurement ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext, + OUT EDKII_DEVICE_SECURITY_STATE *DeviceSecurityState + ); + +/** + The device driver uses this service to verify an SPDM device. + + @param[in] SpdmContext The SPDM context for the device. + @param[out] DeviceSecurityState The Device Security state associated with the device. +**/ +EFI_STATUS +DoDeviceAuthentication ( + IN SPDM_DRIVER_DEVICE_CONTEXT *SpdmDriverContext, + OUT EDKII_DEVICE_SECURITY_STATE *DeviceSecurityState + ); + +VOID +InitializeSpdmCommunication ( + VOID + ); + +RETURN_STATUS +EFIAPI +SpdmDeviceSendMessage ( + IN VOID *SpdmContext, + IN UINTN MessageSize, + IN VOID *Message, + IN UINT64 Timeout + ); + +RETURN_STATUS +EFIAPI +SpdmDeviceReceiveMessage ( + IN VOID *SpdmContext, + IN OUT UINTN *MessageSize, + IN OUT VOID *Message, + IN UINT64 Timeout + ); + +#endif \ No newline at end of file diff --git a/DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmDeviceSecurityPei.inf b/DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmDeviceSecurityPei.inf new file mode 100644 index 00000000000..bbe09b773e2 --- /dev/null +++ b/DeviceSecurityTestPkg/SpdmDeviceSecurityPei/SpdmDeviceSecurityPei.inf @@ -0,0 +1,72 @@ +## @file +# EDKII Device Security library for SPDM device. +# It follows the SPDM Specification. +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SpdmDeviceSecurityPei + FILE_GUID = B46EBE29-69BB-4811-A9E0-DCD2D94A43CD + MODULE_TYPE = PEIM + VERSION_STRING = 1.0 + ENTRY_POINT = MainEntryPoint + +[Sources] + SpdmDeviceSecurityPei.h + SpdmDeviceSecurityPei.c + SpdmDeviceMeasurement.c + SpdmDeviceAuthentication.c + SpdmCommunication.c + SpdmDeviceIo.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + CryptoPkg/CryptoPkg.dec + DeviceSecurityTestPkg/DeviceSecurityTestPkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + PeiServicesLib + PeiServicesTablePointerLib + PeimEntryPoint + MemoryAllocationLib + BaseMemoryLib + PrintLib + DebugLib + PcdLib + RngLib + BaseCryptLib + SpdmRequesterLib + SpdmTransportMctpLib + SpdmTransportPciDoeLib + +[Ppis] + gEdkiiDeviceSecurityPpiGuid ## PRODUCES + gEdkiiDeviceSecurityPolicyPpiGuid ## CONSUMES + gSpdmIoPpiGuid ## CONSUMES + gSpdmPpiGuid ## PRODUCES + gEfiPeiReadOnlyVariable2PpiGuid ## CONSUMES + +[Guids] + gEfiDeviceSignatureDatabaseGuid ## CONSUMES + gEdkiiCertSpdmCertChainGuid ## CONSUMES + +[Protocols] + gEdkiiDeviceIdentifierTypePciGuid ## COMSUMES + gEdkiiDeviceIdentifierTypeUsbGuid ## COMSUMES + +[Pcd] + gEfiDeviceSecurityPkgTokenSpaceGuid.PcdSpdmBaseAsymAlgo ## COMSUMES + gEfiDeviceSecurityPkgTokenSpaceGuid.PcdSpdmBaseHashAlgo ## COMSUMES + gEfiDeviceSecurityPkgTokenSpaceGuid.PcdSpdmDHENamedGroup ## COMSUMES + gEfiDeviceSecurityPkgTokenSpaceGuid.PcdSpdmAEADCipherSuite ## COMSUMES + gEfiDeviceSecurityPkgTokenSpaceGuid.PcdSpdmKeySchedule ## COMSUMES + +[Depex] + gEdkiiDeviceSecurityPolicyPpiGuid AND + gSpdmIoPpiGuid \ No newline at end of file diff --git a/DeviceSecurityTestPkg/Test/Cryperf/Cryperf.c b/DeviceSecurityTestPkg/Test/Cryperf/Cryperf.c new file mode 100644 index 00000000000..d3d356ee052 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Cryperf/Cryperf.c @@ -0,0 +1,108 @@ +/** @file + Application for Cryptographic Primitives Validation. + +Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "Cryperf.h" + +#define SECOND_PER_MICROSECOND (1000 * 1000) +#define SECOND_PER_NANOSECOND (1000 * 1000 * 1000) +#define MICROSECOND_PER_NANOSECOND (1000) +UINT64 TscPerSec; + +#define ITERATION 1 + +UINTN +GetIteration ( + VOID + ) +{ + return ITERATION; +} + +VOID +Calibrate ( + VOID + ) +{ + UINT64 StartTsc; + UINT64 EndTsc; + EFI_TPL OldTpl; + UINT32 MHz; + + Print (L"Calibrate 1 Second ...\n"); + OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL); + StartTsc = AsmReadTsc (); + gBS->Stall (SECOND_PER_MICROSECOND); + EndTsc = AsmReadTsc (); + gBS->RestoreTPL (OldTpl); + TscPerSec = EndTsc - StartTsc; + MHz = (UINT32)DivU64x32Remainder (TscPerSec, SIZE_1MB, NULL); + Print (L"Calibration Done: %d.%d GHz\n", MHz / 1000, MHz % 1000); +} + +UINT64 +TscToMicrosecond ( + IN UINT64 Tsc + ) +{ + return DivU64x64Remainder (MultU64x32 (Tsc, SECOND_PER_MICROSECOND), TscPerSec, NULL); + // return DivU64x64Remainder (Tsc, DivU64x32Remainder (TscPerSec, SECOND_PER_MICROSECOND, NULL), NULL); +} + +UINT64 +TscToNanosecond ( + IN UINT64 Tsc + ) +{ + // return DivU64x64Remainder (MultU64x32 (Tsc, SECOND_PER_NANOSECOND), TscPerSec, NULL); + return DivU64x64Remainder (MultU64x32 (Tsc, MICROSECOND_PER_NANOSECOND), DivU64x32Remainder (TscPerSec, SECOND_PER_MICROSECOND, NULL), NULL); +} + +/** + Entry Point of Cryptographic Validation Utility. + + @param ImageHandle The image handle of the UEFI Application. + @param SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval other Some error occurs when executing this entry point. + +**/ +EFI_STATUS +EFIAPI +CryperfMain ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status = EFI_SUCCESS; + + Print (L"\nUEFI-OpenSSL Wrapper Cryptosystem Performance Test: \n"); + Print (L"-------------------------------------------- \n"); + + Calibrate (); + + RandomSeed (NULL, 0); + + Status = ValidateCryptRsa (); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = ValidateCryptEc (); + if (EFI_ERROR (Status)) { + return Status; + } + + return EFI_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/Test/Cryperf/Cryperf.h b/DeviceSecurityTestPkg/Test/Cryperf/Cryperf.h new file mode 100644 index 00000000000..b7993fa4112 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Cryperf/Cryperf.h @@ -0,0 +1,62 @@ +/** @file + Application for Cryptographic Primitives Validation. + +Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef __CRYPERF_H__ +#define __CRYPERF_H__ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +UINTN +GetIteration ( + VOID + ); + +UINT64 +TscToMicrosecond ( + IN UINT64 Tsc + ); + +/** + Validate UEFI-OpenSSL RSA Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptRsa ( + VOID + ); + +/** + Validate UEFI-OpenSSL EC Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptEc ( + VOID + ); + +#endif diff --git a/DeviceSecurityTestPkg/Test/Cryperf/Cryperf.inf b/DeviceSecurityTestPkg/Test/Cryperf/Cryperf.inf new file mode 100644 index 00000000000..723171626e5 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Cryperf/Cryperf.inf @@ -0,0 +1,50 @@ +## @file +# Shell application that will test the crypto library. +# +# UEFI Application for the Validation of cryptography library (based on OpenSSL-1.0.2j). +# +# Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Cryperf + FILE_GUID = fb925ac7-192a-9567-8586-7c6f5f710607 + MODULE_TYPE = UEFI_APPLICATION + VERSION_STRING = 1.0 + ENTRY_POINT = CryperfMain + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF +# + +[Sources] + Cryperf.h + Cryperf.c + RsaPerf.c + EcPerf.c + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + UefiApplicationEntryPoint + UefiLib + BaseLib + UefiBootServicesTableLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + BaseCryptLib + \ No newline at end of file diff --git a/DeviceSecurityTestPkg/Test/Cryperf/EcPerf.c b/DeviceSecurityTestPkg/Test/Cryperf/EcPerf.c new file mode 100644 index 00000000000..5d160085b47 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Cryperf/EcPerf.c @@ -0,0 +1,149 @@ +/** @file + Application for Elliptic Curve Primitives Validation. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "Cryperf.h" + +typedef struct { + UINTN Nid; + CHAR8 *Str; + UINTN SignSize; +} NID_STRING; + +NID_STRING mNidString[] = { + { CRYPTO_NID_SECP256R1, "P-256", 0x48 }, + { CRYPTO_NID_SECP384R1, "P-384", 0x68 }, + { CRYPTO_NID_SECP521R1, "P-521", 0x8A }, +}; + +CHAR8 * +NidToString ( + IN UINTN Nid + ) +{ + UINTN Index; + + for (Index = 0; Index < ARRAY_SIZE (mNidString); Index++) { + if (mNidString[Index].Nid == Nid) { + return mNidString[Index].Str; + } + } + + return ""; +} + +EFI_STATUS +TestEcDsa ( + IN UINTN Nid, + IN UINTN HashBit + ) +{ + VOID *Ec; + UINT8 HashValue[SHA512_DIGEST_SIZE]; + UINTN HashSize = HashBit / 8; + UINT8 Signature[512]; + UINTN SigSize = sizeof (Signature); + UINT8 Public[66 * 2]; + UINTN PublicLength = sizeof (Public); + BOOLEAN Status; + UINT64 StartTsc; + UINT64 EndTsc; + UINTN Iteration = GetIteration (); + UINTN Index; + UINTN HashNid; + + switch (HashSize) { + case 256 / 8: + HashNid = CRYPTO_NID_SHA256; + break; + case 384 / 8: + HashNid = CRYPTO_NID_SHA384; + break; + case 512 / 8: + HashNid = CRYPTO_NID_SHA512; + break; + } + + Ec = EcNewByNid (Nid); + if (Ec == NULL) { + goto Error; + } + + Status = EcGenerateKey (Ec, Public, &PublicLength); + if (!Status) { + goto Error; + } + + HashSize = sizeof (HashValue); + SigSize = sizeof (Signature); + + Print (L"EC-DSA(%a)/SHA%d Signature Generation .. ", NidToString (Nid), HashBit); + StartTsc = AsmReadTsc (); + for (Index = 0; Index < Iteration; Index++) { + Status = EcDsaSign (Ec, HashNid, HashValue, HashSize, Signature, &SigSize); + } + + EndTsc = AsmReadTsc (); + if (!Status) { + goto Error; + } + + Print (L"[Pass] - %duS\n", TscToMicrosecond ((EndTsc - StartTsc) / Iteration)); + + Print (L"EC-DSA(%a)/SHA%d Signature Verification . ", NidToString (Nid), HashBit); + StartTsc = AsmReadTsc (); + for (Index = 0; Index < Iteration; Index++) { + Status = EcDsaVerify (Ec, HashNid, HashValue, HashSize, Signature, SigSize); + } + + EndTsc = AsmReadTsc (); + if (!Status) { + goto Error; + } + + Print (L"[Pass] - %duS\n", TscToMicrosecond ((EndTsc - StartTsc) / Iteration)); + + EcFree (Ec); + return EFI_SUCCESS; +Error: + Print (L"[Fail]\n"); + EcFree (Ec); + return EFI_ABORTED; +} + +/** + Validate UEFI-OpenSSL EC Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptEc ( + VOID + ) +{ + Print (L"\nUEFI-OpenSSL EC-DSA Signing Verification Testing:\n"); + + TestEcDsa (CRYPTO_NID_SECP256R1, 256); + TestEcDsa (CRYPTO_NID_SECP256R1, 384); + TestEcDsa (CRYPTO_NID_SECP256R1, 512); + TestEcDsa (CRYPTO_NID_SECP384R1, 256); + TestEcDsa (CRYPTO_NID_SECP384R1, 384); + TestEcDsa (CRYPTO_NID_SECP384R1, 512); + TestEcDsa (CRYPTO_NID_SECP521R1, 256); + TestEcDsa (CRYPTO_NID_SECP521R1, 384); + TestEcDsa (CRYPTO_NID_SECP521R1, 512); + + return EFI_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/Test/Cryperf/RsaPerf.c b/DeviceSecurityTestPkg/Test/Cryperf/RsaPerf.c new file mode 100644 index 00000000000..981e11fde59 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Cryperf/RsaPerf.c @@ -0,0 +1,99 @@ +/** @file + Application for RSA Primitives Validation. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "Cryperf.h" + +EFI_STATUS +TestRsaSsa ( + IN UINTN KeyBit, + IN UINTN HashBit + ) +{ + VOID *Rsa; + UINT8 HashValue[SHA512_DIGEST_SIZE]; + UINTN HashSize = HashBit / 8; + UINT8 Signature[4096 / 8]; + UINTN SigSize = KeyBit / 8; + BOOLEAN Status; + UINT64 StartTsc; + UINT64 EndTsc; + UINTN Iteration = GetIteration (); + UINTN Index; + + Rsa = RsaNew (); + if (Rsa == NULL) { + goto Error; + } + + Status = RsaGenerateKey (Rsa, 1024, NULL, 0); + if (!Status) { + goto Error; + } + + Print (L"RSA-SSA%d/SHA%d Signature Generation ... ", KeyBit, HashBit); + StartTsc = AsmReadTsc (); + for (Index = 0; Index < Iteration; Index++) { + Status = RsaPkcs1Sign (Rsa, HashValue, HashSize, Signature, &SigSize); + } + + EndTsc = AsmReadTsc (); + if (!Status) { + goto Error; + } + + Print (L"[Pass] - %duS\n", TscToMicrosecond ((EndTsc - StartTsc) / Iteration)); + + Print (L"RSA-SSA%d/SHA%d Signature Verification ... ", KeyBit, HashBit); + StartTsc = AsmReadTsc (); + for (Index = 0; Index < Iteration; Index++) { + Status = RsaPkcs1Verify (Rsa, HashValue, HashSize, Signature, SigSize); + } + + EndTsc = AsmReadTsc (); + if (!Status) { + goto Error; + } + + Print (L"[Pass] - %duS\n", TscToMicrosecond ((EndTsc - StartTsc) / Iteration)); + + RsaFree (Rsa); + return EFI_SUCCESS; +Error: + Print (L"[Fail]\n"); + RsaFree (Rsa); + return EFI_ABORTED; +} + +/** + Validate UEFI-OpenSSL RSA Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptRsa ( + VOID + ) +{ + Print (L"\nUEFI-OpenSSL RSA Engine Testing: \n"); + + TestRsaSsa (2048, 256); + TestRsaSsa (3072, 384); + TestRsaSsa (4096, 512); + + Print (L"\n"); + + return EFI_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/Test/Cryptest/AeadVerify.c b/DeviceSecurityTestPkg/Test/Cryptest/AeadVerify.c new file mode 100644 index 00000000000..b018f1e1bb8 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Cryptest/AeadVerify.c @@ -0,0 +1,221 @@ +/** @file + Application for Authenticated Encryption with Associated Data + (AEAD) Validation. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "Cryptest.h" + +VOID +InternalDumpData ( + IN UINT8 *Data, + IN UINTN Size + ); + +/* AES-CCM test data from NIST public test vectors */ + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 ccm_key[] = { + 0xce, 0xb0, 0x09, 0xae, 0xa4, 0x45, 0x44, 0x51, 0xfe, 0xad, 0xf0, 0xe6, + 0xb3, 0x6f, 0x45, 0x55, 0x5d, 0xd0, 0x47, 0x23, 0xba, 0xa4, 0x48, 0xe8 +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 ccm_nonce[] = { + 0x76, 0x40, 0x43, 0xc4, 0x94, 0x60, 0xb7 +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 ccm_adata[] = { + 0x6e, 0x80, 0xdd, 0x7f, 0x1b, 0xad, 0xf3, 0xa1, 0xc9, 0xab, 0x25, 0xc7, + 0x5f, 0x10, 0xbd, 0xe7, 0x8c, 0x23, 0xfa, 0x0e, 0xb8, 0xf9, 0xaa, 0xa5, + 0x3a, 0xde, 0xfb, 0xf4, 0xcb, 0xf7, 0x8f, 0xe4 +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 ccm_pt[] = { + 0xc8, 0xd2, 0x75, 0xf9, 0x19, 0xe1, 0x7d, 0x7f, 0xe6, 0x9c, 0x2a, 0x1f, + 0x58, 0x93, 0x9d, 0xfe, 0x4d, 0x40, 0x37, 0x91, 0xb5, 0xdf, 0x13, 0x10 +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 ccm_ct[] = { + 0x8a, 0x0f, 0x3d, 0x82, 0x29, 0xe4, 0x8e, 0x74, 0x87, 0xfd, 0x95, 0xa2, + 0x8a, 0xd3, 0x92, 0xc8, 0x0b, 0x36, 0x81, 0xd4, 0xfb, 0xc7, 0xbb, 0xfd +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 ccm_tag[] = { + 0x2d, 0xd6, 0xef, 0x1c, 0x45, 0xd4, 0xcc, 0xb7, 0x23, 0xdc, 0x07, 0x44, + 0x14, 0xdb, 0x50, 0x6d +}; + +/* AES-GCM test data from NIST public test vectors */ + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 gcm_key[] = { + 0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66, + 0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69, + 0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 gcm_iv[] = { + 0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, 0xee, 0xd0, 0x66, 0x84 +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 gcm_pt[] = { + 0xf5, 0x6e, 0x87, 0x05, 0x5b, 0xc3, 0x2d, 0x0e, 0xeb, 0x31, 0xb2, 0xea, + 0xcc, 0x2b, 0xf2, 0xa5 +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 gcm_aad[] = { + 0x4d, 0x23, 0xc3, 0xce, 0xc3, 0x34, 0xb4, 0x9b, 0xdb, 0x37, 0x0c, 0x43, + 0x7f, 0xec, 0x78, 0xde +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 gcm_ct[] = { + 0xf7, 0x26, 0x44, 0x13, 0xa8, 0x4c, 0x0e, 0x7c, 0xd5, 0x36, 0x86, 0x7e, + 0xb9, 0xf2, 0x17, 0x36 +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 gcm_tag[] = { + 0x67, 0xba, 0x05, 0x10, 0x26, 0x2a, 0xe4, 0x87, 0xd7, 0x37, 0xee, 0x62, + 0x98, 0xf7, 0x7e, 0x0c +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 ChaCha20Poly1305_pt[] = { + 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, + 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, + 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, + 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, + 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, + 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, + 0x74, 0x2e, +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 ChaCha20Poly1305_aad[] = { + 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 ChaCha20Poly1305_key[] = { + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 ChaCha20Poly1305_iv[] = { + 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 ChaCha20Poly1305_ct[] = { + 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2, + 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe, 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, + 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12, 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b, + 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36, + 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c, 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, + 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94, 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc, + 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b, + 0x61, 0x16, +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 ChaCha20Poly1305_tag[] = { + 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a, 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91, +}; + +/** + Validate UEFI-OpenSSL AEAD Ciphers Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptAeadCipher ( + VOID + ) +{ + BOOLEAN Status; + UINT8 OutBuffer[1024]; + UINTN OutBufferSize; + UINT8 OutTag[1024]; + UINTN OutTagSize; + + Print (L"\nUEFI-OpenSSL AEAD Testing: "); + + Print (L"\n- AES-GCM Encryption: "); + OutBufferSize = sizeof (OutBuffer); + OutTagSize = sizeof (gcm_tag); + Status = AeadAesGcmEncrypt ( + gcm_key, + sizeof (gcm_key), + gcm_iv, + sizeof (gcm_iv), + gcm_aad, + sizeof (gcm_aad), + gcm_pt, + sizeof (gcm_pt), + OutTag, + OutTagSize, + OutBuffer, + &OutBufferSize + ); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + if (OutBufferSize != sizeof (gcm_ct)) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + if (CompareMem (OutBuffer, gcm_ct, sizeof (gcm_ct)) != 0) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + if (CompareMem (OutTag, gcm_tag, sizeof (gcm_tag)) != 0) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"[Pass]"); + + Print (L"\n- AES-GCM Decryption: "); + Status = AeadAesGcmDecrypt ( + gcm_key, + sizeof (gcm_key), + gcm_iv, + sizeof (gcm_iv), + gcm_aad, + sizeof (gcm_aad), + gcm_ct, + sizeof (gcm_ct), + gcm_tag, + sizeof (gcm_tag), + OutBuffer, + &OutBufferSize + ); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + if (OutBufferSize != sizeof (gcm_pt)) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + if (CompareMem (OutBuffer, gcm_pt, sizeof (gcm_pt)) != 0) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"[Pass]"); + + Print (L"\n"); + + return EFI_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/Test/Cryptest/AuthenticodeVerify.c b/DeviceSecurityTestPkg/Test/Cryptest/AuthenticodeVerify.c new file mode 100644 index 00000000000..2a8c44db031 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Cryptest/AuthenticodeVerify.c @@ -0,0 +1,1049 @@ +/** @file + Sample Implementation for Microsoft Authenticode Verification. + +Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "Cryptest.h" + +// +// Sample PE/COFF Image Hash Value (Digested by SHA-1). +// This value should be calculated following MSFT's Authenticode Specification +// +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 PeSha1Hash[] = { + 0x44, 0xFD, 0x4F, 0xA9, 0x17, 0xEE, 0xAC, 0xCF, 0x1F, 0x0B, 0xE3, 0xA1, 0x4D, 0x5B, 0xA6, 0x61, + 0x82, 0x97, 0xC4, 0xB6 +}; + +// +// Sample PE/COFF Image Hash Value (Digested by SHA-256). +// +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 PeSha256Hash[] = { + 0x61, 0x82, 0xB7, 0xF8, 0x8C, 0xFF, 0xC2, 0xEB, 0x79, 0x6E, 0x9D, 0xA9, 0xDD, 0x39, 0x52, 0xDD, + 0x36, 0xDD, 0xF1, 0x43, 0x27, 0x58, 0x8C, 0xA7, 0xCC, 0xAE, 0xDE, 0xDD, 0x3C, 0x02, 0x12, 0x49 +}; + +// +// Sample Authenticode Data with SHA-1 hash algorithm. +// This data should be retrieved from signed PE/COFF image according to SECURITY +// directory in PE/COFF Header. +// +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 AuthenticodeWithSha1[] = { + 0x30, 0x82, 0x1C, 0x43, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02, 0xA0, + 0x82, 0x1C, 0x34, 0x30, 0x82, 0x1C, 0x30, 0x02, 0x01, 0x01, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x05, + 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x30, 0x68, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, + 0x82, 0x37, 0x02, 0x01, 0x04, 0xA0, 0x5A, 0x30, 0x58, 0x30, 0x33, 0x06, 0x0A, 0x2B, 0x06, 0x01, + 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x0F, 0x30, 0x25, 0x03, 0x01, 0x00, 0xA0, 0x20, 0xA2, 0x1E, + 0x80, 0x1C, 0x00, 0x3C, 0x00, 0x3C, 0x00, 0x3C, 0x00, 0x4F, 0x00, 0x62, 0x00, 0x73, 0x00, 0x6F, + 0x00, 0x6C, 0x00, 0x65, 0x00, 0x74, 0x00, 0x65, 0x00, 0x3E, 0x00, 0x3E, 0x00, 0x3E, 0x30, 0x21, + 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14, 0x44, 0xFD, 0x4F, + 0xA9, 0x17, 0xEE, 0xAC, 0xCF, 0x1F, 0x0B, 0xE3, 0xA1, 0x4D, 0x5B, 0xA6, 0x61, 0x82, 0x97, 0xC4, + 0xB6, 0xA0, 0x82, 0x17, 0x18, 0x30, 0x82, 0x04, 0xCA, 0x30, 0x82, 0x03, 0xB2, 0xA0, 0x03, 0x02, + 0x01, 0x02, 0x02, 0x0A, 0x61, 0x03, 0xDC, 0xF6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C, 0x30, 0x0D, + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x77, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, + 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, + 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6D, + 0x6F, 0x6E, 0x64, 0x31, 0x1E, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x15, 0x4D, 0x69, + 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x43, 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, + 0x69, 0x6F, 0x6E, 0x31, 0x21, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x18, 0x4D, 0x69, + 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x54, 0x69, 0x6D, 0x65, 0x2D, 0x53, 0x74, 0x61, + 0x6D, 0x70, 0x20, 0x50, 0x43, 0x41, 0x30, 0x1E, 0x17, 0x0D, 0x30, 0x38, 0x30, 0x37, 0x32, 0x35, + 0x31, 0x39, 0x31, 0x32, 0x35, 0x30, 0x5A, 0x17, 0x0D, 0x31, 0x31, 0x30, 0x37, 0x32, 0x35, 0x31, + 0x39, 0x32, 0x32, 0x35, 0x30, 0x5A, 0x30, 0x81, 0xB3, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, + 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6D, 0x6F, 0x6E, 0x64, 0x31, 0x1E, 0x30, + 0x1C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x15, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, + 0x74, 0x20, 0x43, 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x31, 0x0D, 0x30, + 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x04, 0x4D, 0x4F, 0x50, 0x52, 0x31, 0x27, 0x30, 0x25, + 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x1E, 0x6E, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x20, 0x44, + 0x53, 0x45, 0x20, 0x45, 0x53, 0x4E, 0x3A, 0x31, 0x35, 0x39, 0x43, 0x2D, 0x41, 0x33, 0x46, 0x37, + 0x2D, 0x32, 0x35, 0x37, 0x30, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1C, + 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x54, 0x69, 0x6D, 0x65, 0x2D, 0x53, + 0x74, 0x61, 0x6D, 0x70, 0x20, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x30, 0x82, 0x01, 0x22, + 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC0, 0xED, 0x81, + 0x14, 0xA1, 0x5E, 0x77, 0xC0, 0x5B, 0xF4, 0x76, 0x89, 0x62, 0xFA, 0xAD, 0x7C, 0x68, 0x14, 0xB4, + 0xF7, 0xBD, 0x35, 0xD8, 0x13, 0x79, 0x5A, 0x17, 0xCA, 0xD9, 0x6C, 0x51, 0x45, 0x62, 0x26, 0x7A, + 0x2F, 0x1F, 0xD8, 0xEA, 0xC1, 0x6E, 0x01, 0x17, 0xF9, 0xC3, 0xA6, 0x1F, 0x67, 0xDB, 0x51, 0xB0, + 0x2C, 0xDE, 0x8A, 0x17, 0xED, 0xFF, 0x20, 0xAD, 0x34, 0xEA, 0x98, 0xFB, 0xA5, 0xD6, 0x2A, 0xD2, + 0xF1, 0x44, 0x27, 0x07, 0x5A, 0x2D, 0x3A, 0x93, 0xFF, 0x56, 0x53, 0xB0, 0xC8, 0xF5, 0xF3, 0x03, + 0xF2, 0x49, 0xCC, 0x16, 0xD0, 0xF5, 0x00, 0x4C, 0x58, 0xF8, 0x9B, 0xF5, 0x07, 0x25, 0xB1, 0x66, + 0x17, 0xC0, 0xBD, 0xC8, 0xD2, 0x52, 0x85, 0x8D, 0xC2, 0x2B, 0x38, 0xB2, 0xC3, 0x36, 0xBE, 0xF9, + 0x87, 0xDA, 0xF4, 0x8E, 0x5D, 0x43, 0xD7, 0x06, 0xBF, 0x99, 0x05, 0x9F, 0xA4, 0xCE, 0xFE, 0xAB, + 0x8D, 0x61, 0x63, 0xE7, 0x39, 0xC5, 0xF3, 0x18, 0xF6, 0xD8, 0xFC, 0x31, 0x36, 0x69, 0x72, 0x5A, + 0xA2, 0x1A, 0x4C, 0x3E, 0xEA, 0x87, 0x25, 0x42, 0x9D, 0xD1, 0x3E, 0xF1, 0x97, 0xD2, 0x18, 0x32, + 0x93, 0x70, 0x55, 0x53, 0x81, 0x1E, 0xE3, 0x3B, 0x0D, 0xE8, 0xBE, 0x82, 0x78, 0x6D, 0xE6, 0xFA, + 0xCD, 0x98, 0xA4, 0x6F, 0xDB, 0xEE, 0x66, 0xF4, 0x95, 0xC8, 0xCD, 0x35, 0xC9, 0x9E, 0xBB, 0x36, + 0x0D, 0x83, 0x96, 0x94, 0x26, 0xA7, 0x90, 0xE0, 0xA9, 0x34, 0x3B, 0xD5, 0xC0, 0x9E, 0x3E, 0xF0, + 0xD4, 0x47, 0x8D, 0x86, 0x0C, 0x82, 0xA4, 0x58, 0x30, 0x3A, 0x1C, 0x76, 0xE3, 0xAD, 0x95, 0x66, + 0xB4, 0xB7, 0xFD, 0x09, 0x8A, 0x05, 0x60, 0x0F, 0xA3, 0x0F, 0xE2, 0x93, 0x96, 0x58, 0x22, 0x9C, + 0x9D, 0x2B, 0xDB, 0xA2, 0x94, 0x18, 0x90, 0x95, 0x02, 0xBD, 0x06, 0x40, 0x95, 0x02, 0x03, 0x01, + 0x00, 0x01, 0xA3, 0x82, 0x01, 0x19, 0x30, 0x82, 0x01, 0x15, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, + 0x0E, 0x04, 0x16, 0x04, 0x14, 0xD2, 0xED, 0x0D, 0x1E, 0x24, 0xBB, 0x37, 0xA9, 0xD8, 0x20, 0x6A, + 0x4D, 0x1D, 0xD2, 0x16, 0xD5, 0x2E, 0xBE, 0x9E, 0xEB, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, + 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x23, 0x34, 0xF8, 0xD9, 0x52, 0x46, 0x70, 0x0A, 0xED, 0x40, + 0xFB, 0x76, 0xFB, 0xB3, 0x2B, 0xB0, 0xC3, 0x35, 0xB3, 0x0F, 0x30, 0x54, 0x06, 0x03, 0x55, 0x1D, + 0x1F, 0x04, 0x4D, 0x30, 0x4B, 0x30, 0x49, 0xA0, 0x47, 0xA0, 0x45, 0x86, 0x43, 0x68, 0x74, 0x74, + 0x70, 0x3A, 0x2F, 0x2F, 0x63, 0x72, 0x6C, 0x2E, 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, + 0x74, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x70, 0x6B, 0x69, 0x2F, 0x63, 0x72, 0x6C, 0x2F, 0x70, 0x72, + 0x6F, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2F, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, + 0x54, 0x69, 0x6D, 0x65, 0x53, 0x74, 0x61, 0x6D, 0x70, 0x50, 0x43, 0x41, 0x2E, 0x63, 0x72, 0x6C, + 0x30, 0x58, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x4C, 0x30, 0x4A, + 0x30, 0x48, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3C, 0x68, 0x74, + 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x77, 0x77, 0x77, 0x2E, 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, + 0x66, 0x74, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x70, 0x6B, 0x69, 0x2F, 0x63, 0x65, 0x72, 0x74, 0x73, + 0x2F, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x54, 0x69, 0x6D, 0x65, 0x53, 0x74, + 0x61, 0x6D, 0x70, 0x50, 0x43, 0x41, 0x2E, 0x63, 0x72, 0x74, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1D, + 0x25, 0x04, 0x0C, 0x30, 0x0A, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x06, 0xC0, 0x30, + 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, + 0x01, 0x01, 0x00, 0x9C, 0x0A, 0x55, 0xC8, 0xCC, 0x44, 0x13, 0x34, 0x0C, 0xD8, 0x63, 0x27, 0x76, + 0x7D, 0x3E, 0xFA, 0x38, 0x32, 0x83, 0x53, 0x9D, 0xF2, 0x08, 0xF9, 0x32, 0xF5, 0xC5, 0x6E, 0x70, + 0xA1, 0xC9, 0xB1, 0x63, 0x6B, 0x19, 0x9D, 0x09, 0x67, 0xD9, 0x9D, 0xEB, 0x8A, 0x6A, 0xDB, 0x60, + 0x66, 0xE9, 0xE9, 0x52, 0x26, 0xF3, 0x3B, 0xC6, 0x6A, 0xD3, 0xC2, 0x52, 0xBE, 0xA8, 0xB9, 0xEB, + 0x6A, 0xAA, 0x78, 0x8C, 0xC9, 0x16, 0x7D, 0x90, 0x95, 0xA0, 0xCC, 0x21, 0xB3, 0x9E, 0x81, 0xBD, + 0xCD, 0xC1, 0x8B, 0x29, 0xBD, 0x62, 0x25, 0xEF, 0x09, 0x57, 0xE7, 0x86, 0x4E, 0x2A, 0xEC, 0x80, + 0xCA, 0xBB, 0xFC, 0x21, 0x16, 0xC4, 0x3F, 0x4E, 0x52, 0x19, 0xE6, 0x0E, 0xB1, 0xD8, 0xC1, 0xC2, + 0x79, 0x90, 0x64, 0xB4, 0x50, 0x73, 0x10, 0x35, 0x5E, 0x5D, 0x11, 0xC1, 0xB8, 0xBA, 0xAA, 0xCF, + 0x52, 0xF6, 0x80, 0x91, 0x00, 0xE6, 0xEF, 0x51, 0x43, 0x46, 0xE9, 0xD0, 0xE8, 0x94, 0xF6, 0x2C, + 0x24, 0x0D, 0x8A, 0xC6, 0xB2, 0x31, 0x8A, 0xA3, 0x7E, 0x36, 0x6C, 0xA4, 0x05, 0x4C, 0x67, 0x07, + 0x2A, 0xBB, 0xBB, 0x10, 0xA5, 0xA5, 0x30, 0x1A, 0x72, 0xD0, 0x06, 0x20, 0x3B, 0x24, 0x93, 0x5B, + 0x15, 0xD9, 0x39, 0x93, 0xD3, 0x73, 0x2D, 0x1A, 0xC4, 0xD4, 0x6C, 0x1E, 0xA1, 0x08, 0xEC, 0xF6, + 0x31, 0xB8, 0x6B, 0x4B, 0xEC, 0xEE, 0x5C, 0x33, 0x02, 0x14, 0x32, 0x8C, 0x7C, 0x11, 0x20, 0x2F, + 0x20, 0x03, 0x7F, 0xF9, 0x0C, 0x9D, 0xB8, 0xD3, 0x9E, 0x5F, 0xD6, 0x08, 0xFC, 0x81, 0xA0, 0x99, + 0xB8, 0xBB, 0x55, 0x6E, 0xCD, 0x42, 0x4B, 0x3A, 0x4D, 0x8C, 0x14, 0x2B, 0xCA, 0xC8, 0x12, 0xD3, + 0x62, 0x6E, 0xEA, 0x0D, 0x0A, 0x9D, 0x09, 0xA3, 0x66, 0xD9, 0x79, 0x4F, 0x8E, 0x1A, 0xA2, 0xFF, + 0xCC, 0x98, 0x04, 0x30, 0x82, 0x05, 0x96, 0x30, 0x82, 0x04, 0x7E, 0xA0, 0x03, 0x02, 0x01, 0x02, + 0x02, 0x0A, 0x61, 0x01, 0xC6, 0xC1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, 0x81, 0x31, 0x0B, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, + 0x03, 0x55, 0x04, 0x08, 0x13, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6D, 0x6F, + 0x6E, 0x64, 0x31, 0x1E, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x15, 0x4D, 0x69, 0x63, + 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x43, 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, 0x69, + 0x6F, 0x6E, 0x31, 0x2B, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x4D, 0x69, 0x63, + 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6E, 0x64, 0x6F, 0x77, 0x73, 0x20, 0x56, + 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x50, 0x43, 0x41, 0x30, + 0x1E, 0x17, 0x0D, 0x30, 0x38, 0x31, 0x30, 0x32, 0x32, 0x32, 0x30, 0x33, 0x39, 0x32, 0x32, 0x5A, + 0x17, 0x0D, 0x31, 0x30, 0x30, 0x31, 0x32, 0x32, 0x32, 0x30, 0x34, 0x39, 0x32, 0x32, 0x5A, 0x30, + 0x7F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, + 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, + 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, + 0x64, 0x6D, 0x6F, 0x6E, 0x64, 0x31, 0x1E, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x15, + 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x43, 0x6F, 0x72, 0x70, 0x6F, 0x72, + 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x04, + 0x4D, 0x4F, 0x50, 0x52, 0x31, 0x1A, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x11, 0x4D, + 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6E, 0x64, 0x6F, 0x77, 0x73, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, + 0x00, 0xDC, 0x3A, 0xD3, 0x44, 0xF4, 0x6E, 0x20, 0x9F, 0xDD, 0xA4, 0x0E, 0x82, 0x4E, 0xC7, 0x86, + 0x5E, 0x63, 0xCC, 0xCA, 0xE5, 0x42, 0x53, 0x4B, 0x85, 0xFA, 0x5D, 0x71, 0x6C, 0xCF, 0x76, 0x0C, + 0x18, 0x8B, 0xA6, 0x0D, 0xF5, 0x4A, 0xF7, 0xFE, 0x17, 0xF2, 0x90, 0xCC, 0x62, 0xC7, 0x24, 0xAD, + 0x9B, 0x9A, 0xE1, 0x45, 0x3B, 0x61, 0xD8, 0x0D, 0x05, 0x69, 0xC7, 0xCD, 0x88, 0x2A, 0xB8, 0xB9, + 0x18, 0x1E, 0x60, 0x10, 0x5F, 0x88, 0xC6, 0xD2, 0x82, 0x4E, 0x6D, 0x49, 0xC5, 0xBE, 0x5C, 0x12, + 0x86, 0x48, 0x85, 0x89, 0x91, 0x81, 0xCD, 0x1B, 0xAD, 0x1F, 0xB7, 0x2D, 0x67, 0x79, 0xF1, 0x7B, + 0x9F, 0x25, 0x87, 0x14, 0x76, 0x5F, 0xE3, 0x0E, 0x64, 0xA1, 0x72, 0x61, 0x25, 0xE5, 0x75, 0x69, + 0xC5, 0x14, 0xF1, 0x5F, 0x07, 0x56, 0xA4, 0x0D, 0x70, 0x06, 0x23, 0xA7, 0x6C, 0xDD, 0x82, 0xAE, + 0xD9, 0x9B, 0x47, 0xA4, 0xA5, 0x6C, 0x08, 0xB0, 0x58, 0xF1, 0x53, 0x6A, 0x4F, 0xDA, 0x85, 0x61, + 0xCB, 0x02, 0x7B, 0x49, 0xAF, 0x1F, 0xBB, 0xE0, 0xD7, 0xB9, 0x5E, 0xDB, 0x73, 0x89, 0x76, 0xC1, + 0x3A, 0xBB, 0x0D, 0xF5, 0x97, 0xF0, 0x88, 0x5D, 0x69, 0x77, 0x80, 0xCF, 0xF1, 0x7E, 0x03, 0x9F, + 0x73, 0x6D, 0xDE, 0x05, 0xB8, 0x2F, 0x77, 0xB5, 0x54, 0x55, 0x45, 0xD0, 0xD2, 0x38, 0xBD, 0x96, + 0xE3, 0xF7, 0xEA, 0x40, 0xE5, 0xAC, 0x19, 0xFC, 0x71, 0xCB, 0x28, 0x27, 0xAA, 0x71, 0xA1, 0x72, + 0xB5, 0x12, 0x27, 0xC1, 0x51, 0xF6, 0x36, 0xC5, 0xC0, 0xC7, 0x7B, 0x3A, 0x3A, 0x93, 0x37, 0x04, + 0xCC, 0xEE, 0x0B, 0x69, 0x78, 0x64, 0x75, 0x41, 0xB6, 0x78, 0x22, 0x0F, 0x77, 0x84, 0xF7, 0x4B, + 0x8D, 0x46, 0x65, 0x92, 0x5B, 0x4D, 0x56, 0x6B, 0x75, 0x04, 0x46, 0x3F, 0x0B, 0x1B, 0xB4, 0x19, + 0xBF, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x02, 0x0F, 0x30, 0x82, 0x02, 0x0B, 0x30, 0x1F, + 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x18, 0x30, 0x16, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, + 0x07, 0x03, 0x03, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x0A, 0x03, 0x06, 0x30, + 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xA1, 0xE6, 0xC3, 0x65, 0xD0, 0xE6, + 0xE8, 0x28, 0x62, 0xC2, 0xF3, 0xC2, 0x23, 0xA6, 0x1C, 0x49, 0x82, 0x0B, 0xD5, 0x53, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80, 0x30, 0x1F, + 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x90, 0x8B, 0x11, + 0xA5, 0x70, 0xED, 0xE0, 0xF9, 0xA9, 0xC0, 0xAC, 0x08, 0xC7, 0xB5, 0xF4, 0x82, 0xB1, 0x3C, 0xC5, + 0x4A, 0x30, 0x7B, 0x06, 0x03, 0x55, 0x1D, 0x1F, 0x04, 0x74, 0x30, 0x72, 0x30, 0x70, 0xA0, 0x6E, + 0xA0, 0x6C, 0x86, 0x34, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x63, 0x72, 0x6C, 0x2E, 0x6D, + 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x70, 0x6B, 0x69, + 0x2F, 0x63, 0x72, 0x6C, 0x2F, 0x70, 0x72, 0x6F, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2F, 0x57, 0x69, + 0x6E, 0x50, 0x43, 0x41, 0x2E, 0x63, 0x72, 0x6C, 0x86, 0x34, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, + 0x2F, 0x77, 0x77, 0x77, 0x2E, 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x2E, 0x63, + 0x6F, 0x6D, 0x2F, 0x70, 0x6B, 0x69, 0x2F, 0x63, 0x72, 0x6C, 0x2F, 0x70, 0x72, 0x6F, 0x64, 0x75, + 0x63, 0x74, 0x73, 0x2F, 0x57, 0x69, 0x6E, 0x50, 0x43, 0x41, 0x2E, 0x63, 0x72, 0x6C, 0x30, 0x52, + 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x46, 0x30, 0x44, 0x30, 0x42, + 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x36, 0x68, 0x74, 0x74, 0x70, + 0x3A, 0x2F, 0x2F, 0x77, 0x77, 0x77, 0x2E, 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, + 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x70, 0x6B, 0x69, 0x2F, 0x63, 0x65, 0x72, 0x74, 0x73, 0x2F, 0x4D, + 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x57, 0x69, 0x6E, 0x50, 0x43, 0x41, 0x2E, 0x63, + 0x72, 0x74, 0x30, 0x81, 0xC6, 0x06, 0x03, 0x55, 0x1D, 0x20, 0x04, 0x81, 0xBE, 0x30, 0x81, 0xBB, + 0x30, 0x81, 0xB8, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x2F, 0x30, 0x81, + 0xAA, 0x30, 0x40, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x34, 0x68, + 0x74, 0x74, 0x70, 0x73, 0x3A, 0x2F, 0x2F, 0x77, 0x77, 0x77, 0x2E, 0x6D, 0x69, 0x63, 0x72, 0x6F, + 0x73, 0x6F, 0x66, 0x74, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x70, 0x6B, 0x69, 0x2F, 0x73, 0x73, 0x6C, + 0x2F, 0x63, 0x70, 0x73, 0x2F, 0x57, 0x69, 0x6E, 0x64, 0x6F, 0x77, 0x73, 0x50, 0x43, 0x41, 0x2E, + 0x68, 0x74, 0x6D, 0x30, 0x66, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x02, 0x30, + 0x5A, 0x1E, 0x58, 0x00, 0x43, 0x00, 0x6F, 0x00, 0x70, 0x00, 0x79, 0x00, 0x72, 0x00, 0x69, 0x00, + 0x67, 0x00, 0x68, 0x00, 0x74, 0x00, 0x20, 0x00, 0xA9, 0x00, 0x20, 0x00, 0x31, 0x00, 0x39, 0x00, + 0x39, 0x00, 0x39, 0x00, 0x2D, 0x00, 0x32, 0x00, 0x30, 0x00, 0x30, 0x00, 0x35, 0x00, 0x20, 0x00, + 0x4D, 0x00, 0x69, 0x00, 0x63, 0x00, 0x72, 0x00, 0x6F, 0x00, 0x73, 0x00, 0x6F, 0x00, 0x66, 0x00, + 0x74, 0x00, 0x20, 0x00, 0x43, 0x00, 0x6F, 0x00, 0x72, 0x00, 0x70, 0x00, 0x6F, 0x00, 0x72, 0x00, + 0x61, 0x00, 0x74, 0x00, 0x69, 0x00, 0x6F, 0x00, 0x6E, 0x00, 0x2E, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x73, + 0x5F, 0xCA, 0x80, 0x1C, 0x60, 0x46, 0x6F, 0xB9, 0x34, 0x9D, 0x88, 0xE3, 0xBE, 0x22, 0x8C, 0xFA, + 0xE6, 0x58, 0x9A, 0xAB, 0x7B, 0x1A, 0x97, 0xFD, 0xED, 0x2E, 0x39, 0xCC, 0x59, 0x5B, 0x1D, 0x7A, + 0x06, 0x8A, 0xBB, 0x43, 0x93, 0x7B, 0x1E, 0xA1, 0x88, 0x53, 0xDF, 0x44, 0xF8, 0x53, 0xA9, 0xEA, + 0xF6, 0x67, 0x1B, 0x3A, 0x78, 0x84, 0x11, 0x6A, 0x6F, 0x29, 0x47, 0x90, 0x0A, 0x0C, 0x7B, 0x22, + 0x77, 0x4E, 0x6F, 0xB8, 0x64, 0x29, 0xDF, 0x06, 0xC7, 0xC8, 0x73, 0x84, 0xD6, 0x66, 0xA0, 0xCA, + 0xD9, 0x5A, 0x26, 0x82, 0x57, 0xF9, 0xE3, 0x4F, 0x39, 0xAF, 0x2E, 0x8E, 0xB1, 0x06, 0x5B, 0x72, + 0xF2, 0x37, 0x32, 0xAE, 0x4E, 0xCE, 0x3C, 0x7D, 0xB0, 0x12, 0x2B, 0x9E, 0xA5, 0x75, 0xE3, 0x43, + 0xA6, 0x12, 0x8B, 0x06, 0x14, 0x98, 0x77, 0xE3, 0x58, 0x32, 0x25, 0x60, 0x07, 0x8C, 0x59, 0x71, + 0xA7, 0x71, 0x41, 0xB3, 0x06, 0x8D, 0x5C, 0xEF, 0x9C, 0x7F, 0x5A, 0x22, 0x6D, 0xB7, 0xD3, 0xD9, + 0xF5, 0xA6, 0x1B, 0x52, 0xDE, 0xF5, 0x7E, 0x76, 0x7C, 0xFE, 0xF4, 0xC8, 0x23, 0x1A, 0x4B, 0x25, + 0xEB, 0xE4, 0xEE, 0xAF, 0x10, 0x0B, 0x55, 0xC3, 0xD8, 0xC1, 0x17, 0x85, 0x61, 0x6F, 0xD3, 0x3F, + 0xB6, 0xE9, 0xEC, 0x84, 0xA5, 0xEE, 0x6D, 0xB2, 0xFF, 0xE8, 0x6C, 0x95, 0xAB, 0x2B, 0x5E, 0xC8, + 0x85, 0xC3, 0x11, 0x60, 0xAC, 0xFA, 0x02, 0x05, 0xF1, 0x7B, 0xDA, 0xC3, 0x69, 0x49, 0x96, 0xA5, + 0x70, 0xF9, 0x65, 0x66, 0x46, 0x10, 0x8D, 0x34, 0xE9, 0x21, 0x94, 0x3C, 0x0F, 0x71, 0x4A, 0x1C, + 0xEA, 0x1F, 0xF7, 0x23, 0xA6, 0x87, 0x60, 0x34, 0xE9, 0x14, 0xE1, 0xDE, 0x03, 0x59, 0xB4, 0x02, + 0x1D, 0x3A, 0xAF, 0xE3, 0x55, 0x05, 0xF5, 0xED, 0xC1, 0xF4, 0xE4, 0x5D, 0x0E, 0xD3, 0x97, 0x30, + 0x82, 0x06, 0x07, 0x30, 0x82, 0x03, 0xEF, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x0A, 0x61, 0x16, + 0x68, 0x34, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1C, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x5F, 0x31, 0x13, 0x30, 0x11, 0x06, 0x0A, 0x09, + 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x19, 0x16, 0x03, 0x63, 0x6F, 0x6D, 0x31, 0x19, + 0x30, 0x17, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x19, 0x16, 0x09, + 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x31, 0x2D, 0x30, 0x2B, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x13, 0x24, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x52, 0x6F, + 0x6F, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, + 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1E, 0x17, 0x0D, 0x30, 0x37, 0x30, 0x34, + 0x30, 0x33, 0x31, 0x32, 0x35, 0x33, 0x30, 0x39, 0x5A, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x34, 0x30, + 0x33, 0x31, 0x33, 0x30, 0x33, 0x30, 0x39, 0x5A, 0x30, 0x77, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, + 0x13, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6D, 0x6F, 0x6E, 0x64, 0x31, 0x1E, + 0x30, 0x1C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x15, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, + 0x66, 0x74, 0x20, 0x43, 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x31, 0x21, + 0x30, 0x1F, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x18, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, + 0x66, 0x74, 0x20, 0x54, 0x69, 0x6D, 0x65, 0x2D, 0x53, 0x74, 0x61, 0x6D, 0x70, 0x20, 0x50, 0x43, + 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, + 0x01, 0x00, 0x9F, 0xA1, 0x6C, 0xB1, 0xDF, 0xDB, 0x48, 0x92, 0x2A, 0x7C, 0x6B, 0x2E, 0x19, 0xE1, + 0xBD, 0xE2, 0xE3, 0xC5, 0x99, 0x51, 0x23, 0x50, 0xAD, 0xCE, 0xDD, 0x18, 0x4E, 0x24, 0x0F, 0xEE, + 0xD1, 0xA7, 0xD1, 0x4C, 0xAD, 0x74, 0x30, 0x20, 0x11, 0xEB, 0x07, 0xD5, 0x54, 0x95, 0x15, 0x49, + 0x94, 0x1B, 0x42, 0x92, 0xAE, 0x98, 0x5C, 0x30, 0x26, 0xDA, 0x00, 0x6B, 0xE8, 0x7B, 0xBD, 0xEC, + 0x89, 0x07, 0x0F, 0xF7, 0x0E, 0x04, 0x98, 0xF0, 0x89, 0xCC, 0x1F, 0xCB, 0x33, 0x24, 0x87, 0x9D, + 0xF2, 0xF4, 0x67, 0x1C, 0x2C, 0xFC, 0x7B, 0xE7, 0x88, 0x1D, 0xEA, 0xE7, 0x4E, 0xA3, 0xA1, 0xC1, + 0x23, 0x53, 0xCA, 0x8D, 0xFA, 0x45, 0xCF, 0x09, 0xD0, 0x5E, 0xAF, 0xD0, 0xB0, 0x42, 0x04, 0xA2, + 0xF9, 0xA6, 0x6C, 0x93, 0x67, 0xD7, 0x28, 0xDC, 0x46, 0x53, 0xB0, 0x86, 0xD0, 0xE5, 0x28, 0x46, + 0x2E, 0x27, 0xAC, 0x86, 0x4F, 0x55, 0x52, 0x0C, 0xE4, 0x03, 0x2C, 0xFB, 0x6A, 0x90, 0x90, 0x30, + 0x6E, 0x87, 0xF3, 0x59, 0x30, 0x9D, 0xFA, 0x7E, 0xD6, 0x97, 0xB3, 0xE8, 0x21, 0x97, 0x7E, 0xF8, + 0xD2, 0x13, 0xF3, 0x08, 0xB7, 0x53, 0x6D, 0x52, 0xB4, 0x45, 0x90, 0x9F, 0x48, 0x00, 0x4A, 0x47, + 0x66, 0x11, 0x27, 0x29, 0x66, 0xA8, 0x97, 0xE4, 0xD3, 0x06, 0x81, 0x4A, 0xA2, 0xF9, 0x84, 0xA7, + 0x11, 0x47, 0x14, 0x09, 0x82, 0x9F, 0x84, 0xED, 0x55, 0x78, 0xFE, 0x01, 0x9A, 0x1D, 0x50, 0x08, + 0x85, 0x00, 0x10, 0x30, 0x46, 0xED, 0xB7, 0xDE, 0x23, 0x46, 0xBB, 0xC4, 0x2D, 0x54, 0x9F, 0xAF, + 0x1E, 0x78, 0x41, 0x31, 0x77, 0xCC, 0x9B, 0xDF, 0x3B, 0x83, 0x93, 0xA1, 0x61, 0x02, 0xB5, 0x1D, + 0x0D, 0xB1, 0xFC, 0xF7, 0x9B, 0xB2, 0x01, 0xCE, 0x22, 0x4B, 0x54, 0xFF, 0xF9, 0x05, 0xC3, 0xC2, + 0x20, 0x0B, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0xAB, 0x30, 0x82, 0x01, 0xA7, 0x30, + 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, + 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x23, 0x34, 0xF8, 0xD9, 0x52, + 0x46, 0x70, 0x0A, 0xED, 0x40, 0xFB, 0x76, 0xFB, 0xB3, 0x2B, 0xB0, 0xC3, 0x35, 0xB3, 0x0F, 0x30, + 0x0B, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x10, 0x06, 0x09, + 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x81, + 0x98, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0x90, 0x30, 0x81, 0x8D, 0x80, 0x14, 0x0E, 0xAC, + 0x82, 0x60, 0x40, 0x56, 0x27, 0x97, 0xE5, 0x25, 0x13, 0xFC, 0x2A, 0xE1, 0x0A, 0x53, 0x95, 0x59, + 0xE4, 0xA4, 0xA1, 0x63, 0xA4, 0x61, 0x30, 0x5F, 0x31, 0x13, 0x30, 0x11, 0x06, 0x0A, 0x09, 0x92, + 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x19, 0x16, 0x03, 0x63, 0x6F, 0x6D, 0x31, 0x19, 0x30, + 0x17, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x19, 0x16, 0x09, 0x6D, + 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x31, 0x2D, 0x30, 0x2B, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x13, 0x24, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x52, 0x6F, 0x6F, + 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, + 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, 0x82, 0x10, 0x79, 0xAD, 0x16, 0xA1, 0x4A, 0xA0, 0xA5, + 0xAD, 0x4C, 0x73, 0x58, 0xF4, 0x07, 0x13, 0x2E, 0x65, 0x30, 0x50, 0x06, 0x03, 0x55, 0x1D, 0x1F, + 0x04, 0x49, 0x30, 0x47, 0x30, 0x45, 0xA0, 0x43, 0xA0, 0x41, 0x86, 0x3F, 0x68, 0x74, 0x74, 0x70, + 0x3A, 0x2F, 0x2F, 0x63, 0x72, 0x6C, 0x2E, 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, + 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x70, 0x6B, 0x69, 0x2F, 0x63, 0x72, 0x6C, 0x2F, 0x70, 0x72, 0x6F, + 0x64, 0x75, 0x63, 0x74, 0x73, 0x2F, 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x72, + 0x6F, 0x6F, 0x74, 0x63, 0x65, 0x72, 0x74, 0x2E, 0x63, 0x72, 0x6C, 0x30, 0x54, 0x06, 0x08, 0x2B, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x48, 0x30, 0x46, 0x30, 0x44, 0x06, 0x08, 0x2B, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x38, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, + 0x77, 0x77, 0x77, 0x2E, 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x2E, 0x63, 0x6F, + 0x6D, 0x2F, 0x70, 0x6B, 0x69, 0x2F, 0x63, 0x65, 0x72, 0x74, 0x73, 0x2F, 0x4D, 0x69, 0x63, 0x72, + 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x52, 0x6F, 0x6F, 0x74, 0x43, 0x65, 0x72, 0x74, 0x2E, 0x63, 0x72, + 0x74, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x0C, 0x30, 0x0A, 0x06, 0x08, 0x2B, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x03, 0x08, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x10, 0x97, 0x8A, 0xC3, 0x5C, 0x03, + 0x44, 0x36, 0xDD, 0xE9, 0xB4, 0xAD, 0x77, 0xDB, 0xCE, 0x79, 0x51, 0x4D, 0x01, 0xB1, 0x2E, 0x74, + 0x71, 0x5B, 0x6D, 0x0C, 0x13, 0xAB, 0xCE, 0xBE, 0x7B, 0x8F, 0xB8, 0x2E, 0xD4, 0x12, 0xA2, 0x8C, + 0x6D, 0x62, 0xB8, 0x57, 0x02, 0xCB, 0x4E, 0x20, 0x13, 0x50, 0x99, 0xDD, 0x7A, 0x40, 0xE2, 0x57, + 0xBB, 0xAF, 0x58, 0x9A, 0x1C, 0xE1, 0x1D, 0x01, 0x86, 0xAC, 0xBB, 0x78, 0xF2, 0x8B, 0xD0, 0xEC, + 0x3B, 0x01, 0xEE, 0xE2, 0xBE, 0x8F, 0x0A, 0x05, 0xC8, 0x8D, 0x48, 0xE2, 0xF0, 0x53, 0x15, 0xDD, + 0x4F, 0xAB, 0x92, 0xE4, 0xE7, 0x8D, 0x6A, 0xD5, 0x80, 0xC1, 0xE6, 0x94, 0xF2, 0x06, 0x2F, 0x85, + 0x03, 0xE9, 0x91, 0x2A, 0x24, 0x22, 0x70, 0xFB, 0xF6, 0xFC, 0xE4, 0x78, 0x99, 0x2E, 0x0D, 0xF7, + 0x07, 0xE2, 0x70, 0xBC, 0x18, 0x4E, 0x9D, 0x8E, 0x6B, 0x0A, 0x72, 0x95, 0xB8, 0xA1, 0x39, 0x9C, + 0x67, 0x2D, 0xC5, 0x51, 0x0E, 0xEA, 0x62, 0x5C, 0x3F, 0x16, 0x98, 0x8B, 0x20, 0x3F, 0xE2, 0x07, + 0x1A, 0x32, 0xF9, 0xCC, 0x31, 0x4A, 0x76, 0x31, 0x3D, 0x2B, 0x72, 0x0B, 0xC8, 0xEA, 0x70, 0x3D, + 0xFF, 0x85, 0x0A, 0x13, 0xDF, 0xC2, 0x0A, 0x61, 0x8E, 0xF0, 0xD7, 0xB8, 0x17, 0xEB, 0x4E, 0x8B, + 0x7F, 0xC5, 0x35, 0x2B, 0x5E, 0xA3, 0xBF, 0xEB, 0xBC, 0x7D, 0x0B, 0x42, 0x7B, 0xD4, 0x53, 0x72, + 0x21, 0xEE, 0x30, 0xCA, 0xBB, 0x78, 0x65, 0x5C, 0x5B, 0x01, 0x17, 0x0A, 0x14, 0x0E, 0xD2, 0xDA, + 0x14, 0x98, 0xF5, 0x3C, 0xB9, 0x66, 0x58, 0xB3, 0x2D, 0x2F, 0xE7, 0xF9, 0x85, 0x86, 0xCC, 0x51, + 0x56, 0xE8, 0x9D, 0x70, 0x94, 0x6C, 0xAC, 0x39, 0x4C, 0xD4, 0xF6, 0x79, 0xBF, 0xAA, 0x18, 0x7A, + 0x62, 0x29, 0xEF, 0xA2, 0x9B, 0x29, 0x34, 0x06, 0x77, 0x1A, 0x62, 0xC9, 0x3D, 0x1E, 0x6D, 0x1F, + 0x82, 0xF0, 0x0B, 0xC7, 0x2C, 0xBB, 0xCF, 0x43, 0xB3, 0xE5, 0xF9, 0xEC, 0x7D, 0xB5, 0xE3, 0xA4, + 0xA8, 0x74, 0x35, 0xB8, 0x4E, 0xC5, 0x71, 0x23, 0x12, 0x26, 0x76, 0x0B, 0x3C, 0x52, 0x8C, 0x71, + 0x5A, 0x46, 0x43, 0x14, 0xBC, 0xB3, 0xB3, 0xB0, 0x4D, 0x67, 0xC8, 0x9F, 0x42, 0xFF, 0x80, 0x79, + 0x21, 0x80, 0x9E, 0x15, 0x30, 0x66, 0xE8, 0x42, 0x12, 0x5E, 0x1A, 0xC8, 0x9E, 0x22, 0x21, 0xD0, + 0x43, 0xE9, 0x2B, 0xE9, 0xBB, 0xF4, 0x48, 0xCC, 0x2C, 0xD4, 0xD8, 0x32, 0x80, 0x4C, 0x26, 0x2A, + 0x48, 0x24, 0x5F, 0x5A, 0xEA, 0x56, 0xEF, 0xA6, 0xDE, 0x99, 0x9D, 0xCA, 0x3A, 0x6F, 0xBD, 0x81, + 0x27, 0x74, 0x06, 0x11, 0xEE, 0x76, 0x21, 0xBF, 0x9B, 0x82, 0xC1, 0x27, 0x54, 0xB6, 0xB1, 0x6A, + 0x3D, 0x89, 0xA1, 0x76, 0x61, 0xB4, 0x6E, 0xA1, 0x13, 0xA6, 0xBF, 0xAA, 0x47, 0xF0, 0x12, 0x6F, + 0xFD, 0x8A, 0x32, 0x6C, 0xB2, 0xFE, 0xDF, 0x51, 0xC8, 0x8C, 0x23, 0xC9, 0x66, 0xBD, 0x9D, 0x1D, + 0x87, 0x12, 0x64, 0x02, 0x3D, 0x2D, 0xAF, 0x59, 0x8F, 0xB8, 0xE4, 0x21, 0xE5, 0xB5, 0xB0, 0xCA, + 0x63, 0xB4, 0x78, 0x54, 0x05, 0xD4, 0x41, 0x2E, 0x50, 0xAC, 0x94, 0xB0, 0xA5, 0x78, 0xAB, 0xB3, + 0xA0, 0x96, 0x75, 0x1A, 0xD9, 0x92, 0x87, 0x13, 0x75, 0x22, 0x2F, 0x32, 0xA8, 0x08, 0x6E, 0xA0, + 0x5B, 0x8C, 0x25, 0xBF, 0xA0, 0xEF, 0x84, 0xCA, 0x21, 0xD6, 0xEB, 0x1E, 0x4F, 0xC9, 0x9A, 0xEE, + 0x49, 0xE0, 0xF7, 0x01, 0x65, 0x6F, 0x89, 0x0B, 0x7D, 0xC8, 0x69, 0xC8, 0xE6, 0x6E, 0xEA, 0xA7, + 0x97, 0xCE, 0x31, 0x29, 0xFF, 0x0E, 0xC5, 0x5B, 0x5C, 0xD8, 0x4D, 0x1B, 0xA1, 0xD8, 0xFA, 0x2F, + 0x9E, 0x3F, 0x2E, 0x55, 0x16, 0x6B, 0xC9, 0x13, 0xA3, 0xFD, 0x30, 0x82, 0x06, 0xA1, 0x30, 0x82, + 0x04, 0x89, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x0A, 0x61, 0x07, 0x02, 0xDC, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x0B, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, + 0x05, 0x00, 0x30, 0x5F, 0x31, 0x13, 0x30, 0x11, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, + 0x2C, 0x64, 0x01, 0x19, 0x16, 0x03, 0x63, 0x6F, 0x6D, 0x31, 0x19, 0x30, 0x17, 0x06, 0x0A, 0x09, + 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x19, 0x16, 0x09, 0x6D, 0x69, 0x63, 0x72, 0x6F, + 0x73, 0x6F, 0x66, 0x74, 0x31, 0x2D, 0x30, 0x2B, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x24, 0x4D, + 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, + 0x69, 0x74, 0x79, 0x30, 0x1E, 0x17, 0x0D, 0x30, 0x35, 0x30, 0x39, 0x31, 0x35, 0x32, 0x31, 0x35, + 0x35, 0x34, 0x31, 0x5A, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x33, 0x31, 0x35, 0x32, 0x32, 0x30, 0x35, + 0x34, 0x31, 0x5A, 0x30, 0x81, 0x81, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0A, 0x57, 0x61, + 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6D, 0x6F, 0x6E, 0x64, 0x31, 0x1E, 0x30, 0x1C, 0x06, 0x03, + 0x55, 0x04, 0x0A, 0x13, 0x15, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x43, + 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x31, 0x2B, 0x30, 0x29, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x13, 0x22, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x57, + 0x69, 0x6E, 0x64, 0x6F, 0x77, 0x73, 0x20, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, + 0x69, 0x6F, 0x6E, 0x20, 0x50, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, + 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC5, 0xAC, 0x93, 0x4E, 0xE6, 0x4A, 0x11, 0x9E, + 0x37, 0xD0, 0x35, 0xD2, 0xB0, 0x06, 0x5C, 0x83, 0x14, 0xA5, 0x61, 0x92, 0xFC, 0xFE, 0xB3, 0x89, + 0xC1, 0xE6, 0xCD, 0xC8, 0x1F, 0x31, 0x84, 0x09, 0x91, 0x34, 0x46, 0x92, 0x2C, 0xB8, 0xEE, 0x2C, + 0xC5, 0x20, 0x73, 0xC4, 0xE8, 0x1A, 0xD8, 0x8D, 0xCE, 0x7A, 0x68, 0xB5, 0x66, 0x78, 0x8B, 0xE5, + 0x60, 0x15, 0xA2, 0xF6, 0x29, 0x5A, 0x1D, 0x5E, 0x5D, 0xFC, 0x62, 0xD3, 0xC1, 0x5C, 0x29, 0x89, + 0xFB, 0x33, 0xF8, 0x16, 0x95, 0x36, 0xDD, 0xB1, 0x46, 0x74, 0x69, 0x72, 0x53, 0xD5, 0xAA, 0xE8, + 0x8A, 0x99, 0x1A, 0xD8, 0xF7, 0x67, 0x09, 0xD9, 0x09, 0x20, 0x22, 0x38, 0x7A, 0xD6, 0x03, 0x23, + 0xD7, 0x89, 0x9F, 0x1C, 0x01, 0xB7, 0x51, 0xDF, 0x98, 0x66, 0x2A, 0x02, 0x8B, 0x06, 0xEC, 0xE4, + 0x29, 0xEF, 0x5B, 0x42, 0x17, 0x15, 0x97, 0x51, 0x8D, 0x7D, 0x25, 0x0A, 0xAF, 0x25, 0xE8, 0xDE, + 0xDC, 0x9B, 0x67, 0x16, 0x0A, 0x56, 0x73, 0x9D, 0xB3, 0x1D, 0x85, 0x83, 0x0B, 0x7E, 0x33, 0x2B, + 0x62, 0x33, 0xCE, 0x1C, 0x20, 0x81, 0x4B, 0x5E, 0xD3, 0xC6, 0x49, 0xB8, 0xF6, 0x2E, 0xD3, 0x4E, + 0xB0, 0x71, 0x44, 0x46, 0x64, 0x3E, 0xDE, 0x43, 0x66, 0x04, 0xB9, 0xCC, 0x83, 0x48, 0x3A, 0xC5, + 0x36, 0x7A, 0x04, 0x48, 0x0B, 0x89, 0x02, 0x3D, 0x63, 0xA2, 0x01, 0x76, 0x29, 0x97, 0x75, 0xE9, + 0x01, 0xE6, 0x00, 0x97, 0x09, 0x92, 0xF8, 0xE2, 0x27, 0xF0, 0x29, 0x67, 0x43, 0x77, 0xC3, 0x50, + 0x96, 0x53, 0x31, 0xE1, 0xB6, 0x71, 0x8B, 0xEC, 0x77, 0xC7, 0x7C, 0x31, 0x48, 0xD5, 0xB8, 0x25, + 0x22, 0x8C, 0x00, 0xF7, 0x28, 0x38, 0x7A, 0xBD, 0x7C, 0xC7, 0x3F, 0xCD, 0x40, 0x26, 0x77, 0xDD, + 0x00, 0x00, 0x11, 0x9A, 0x95, 0xBE, 0x1F, 0xDB, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x02, + 0x3A, 0x30, 0x82, 0x02, 0x36, 0x30, 0x10, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, + 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, + 0x04, 0x14, 0x90, 0x8B, 0x11, 0xA5, 0x70, 0xED, 0xE0, 0xF9, 0xA9, 0xC0, 0xAC, 0x08, 0xC7, 0xB5, + 0xF4, 0x82, 0xB1, 0x3C, 0xC5, 0x4A, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x04, 0x04, 0x03, + 0x02, 0x01, 0xC6, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xFF, 0x30, 0x81, 0x98, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0x90, 0x30, + 0x81, 0x8D, 0x80, 0x14, 0x0E, 0xAC, 0x82, 0x60, 0x40, 0x56, 0x27, 0x97, 0xE5, 0x25, 0x13, 0xFC, + 0x2A, 0xE1, 0x0A, 0x53, 0x95, 0x59, 0xE4, 0xA4, 0xA1, 0x63, 0xA4, 0x61, 0x30, 0x5F, 0x31, 0x13, + 0x30, 0x11, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x19, 0x16, 0x03, + 0x63, 0x6F, 0x6D, 0x31, 0x19, 0x30, 0x17, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, + 0x64, 0x01, 0x19, 0x16, 0x09, 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x31, 0x2D, + 0x30, 0x2B, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x24, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, + 0x66, 0x74, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, 0x82, 0x10, 0x79, + 0xAD, 0x16, 0xA1, 0x4A, 0xA0, 0xA5, 0xAD, 0x4C, 0x73, 0x58, 0xF4, 0x07, 0x13, 0x2E, 0x65, 0x30, + 0x50, 0x06, 0x03, 0x55, 0x1D, 0x1F, 0x04, 0x49, 0x30, 0x47, 0x30, 0x45, 0xA0, 0x43, 0xA0, 0x41, + 0x86, 0x3F, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x63, 0x72, 0x6C, 0x2E, 0x6D, 0x69, 0x63, + 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x70, 0x6B, 0x69, 0x2F, 0x63, + 0x72, 0x6C, 0x2F, 0x70, 0x72, 0x6F, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2F, 0x6D, 0x69, 0x63, 0x72, + 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x72, 0x6F, 0x6F, 0x74, 0x63, 0x65, 0x72, 0x74, 0x2E, 0x63, 0x72, + 0x6C, 0x30, 0x54, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x48, 0x30, + 0x46, 0x30, 0x44, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x38, 0x68, + 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x77, 0x77, 0x77, 0x2E, 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, + 0x6F, 0x66, 0x74, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x70, 0x6B, 0x69, 0x2F, 0x63, 0x65, 0x72, 0x74, + 0x73, 0x2F, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x52, 0x6F, 0x6F, 0x74, 0x43, + 0x65, 0x72, 0x74, 0x2E, 0x63, 0x72, 0x74, 0x30, 0x81, 0x80, 0x06, 0x03, 0x55, 0x1D, 0x20, 0x04, + 0x79, 0x30, 0x77, 0x30, 0x75, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x2F, + 0x30, 0x68, 0x30, 0x66, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x02, 0x30, 0x5A, + 0x1E, 0x58, 0x00, 0x43, 0x00, 0x6F, 0x00, 0x70, 0x00, 0x79, 0x00, 0x72, 0x00, 0x69, 0x00, 0x67, + 0x00, 0x68, 0x00, 0x74, 0x00, 0x20, 0x00, 0xA9, 0x00, 0x20, 0x00, 0x31, 0x00, 0x39, 0x00, 0x39, + 0x00, 0x39, 0x00, 0x2D, 0x00, 0x32, 0x00, 0x30, 0x00, 0x30, 0x00, 0x35, 0x00, 0x20, 0x00, 0x4D, + 0x00, 0x69, 0x00, 0x63, 0x00, 0x72, 0x00, 0x6F, 0x00, 0x73, 0x00, 0x6F, 0x00, 0x66, 0x00, 0x74, + 0x00, 0x20, 0x00, 0x43, 0x00, 0x6F, 0x00, 0x72, 0x00, 0x70, 0x00, 0x6F, 0x00, 0x72, 0x00, 0x61, + 0x00, 0x74, 0x00, 0x69, 0x00, 0x6F, 0x00, 0x6E, 0x00, 0x2E, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, + 0x25, 0x04, 0x18, 0x30, 0x16, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03, 0x06, + 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x0A, 0x03, 0x06, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x25, + 0x31, 0xA1, 0x58, 0xEA, 0x52, 0xE5, 0xE1, 0x17, 0x0C, 0xE6, 0xF1, 0x3F, 0x78, 0xA3, 0x3F, 0x72, + 0xAF, 0xA7, 0x57, 0x10, 0x53, 0x89, 0x10, 0x5E, 0x32, 0x9C, 0xB6, 0x70, 0xC3, 0x15, 0x2B, 0x4D, + 0x15, 0x30, 0x34, 0xE8, 0xC0, 0x6A, 0xE4, 0x1C, 0xD3, 0x2E, 0x20, 0x65, 0x48, 0xD7, 0x1B, 0x98, + 0x62, 0x21, 0xBA, 0x45, 0x9F, 0x4A, 0xEC, 0xDB, 0x2F, 0x09, 0x19, 0x51, 0xE5, 0xED, 0x32, 0x19, + 0x51, 0x2F, 0xE1, 0xDD, 0xFB, 0xC6, 0x52, 0xFD, 0xEB, 0xC6, 0x82, 0x25, 0x42, 0x03, 0x09, 0xA6, + 0x38, 0xB6, 0x36, 0x1F, 0xCC, 0xC9, 0x80, 0xBB, 0x5A, 0x69, 0x18, 0x31, 0xC3, 0xB3, 0xA0, 0xB3, + 0x67, 0x47, 0xBE, 0x9D, 0xC7, 0xE2, 0x3F, 0x96, 0xB3, 0x88, 0xF8, 0x19, 0xBE, 0x39, 0xB9, 0xE9, + 0x95, 0xCE, 0xFC, 0x7C, 0xAF, 0xA8, 0xCD, 0xD0, 0x41, 0x90, 0xE0, 0xD5, 0xB3, 0x1C, 0x2F, 0x68, + 0xBB, 0xDB, 0x0F, 0x6C, 0x6A, 0xDD, 0xF2, 0xAF, 0xDE, 0xF2, 0xB5, 0xDE, 0x0D, 0xB6, 0xA6, 0x5A, + 0xF0, 0x86, 0x0A, 0xB9, 0x6D, 0x99, 0x4B, 0x3F, 0x7B, 0x2D, 0x01, 0x84, 0x6C, 0x8F, 0x87, 0xDC, + 0x7F, 0x8F, 0xAB, 0x14, 0x88, 0xD0, 0x06, 0x91, 0x34, 0xBE, 0x1B, 0x82, 0x22, 0xA4, 0xBC, 0x55, + 0x8A, 0xAD, 0x9B, 0xFC, 0x73, 0x14, 0x10, 0xC4, 0xC9, 0x19, 0x1E, 0x07, 0x7D, 0x9B, 0x0E, 0xC0, + 0x95, 0x26, 0x5D, 0xC6, 0x1F, 0xAC, 0xB4, 0xF2, 0x7E, 0xBA, 0x25, 0x70, 0x4A, 0x7B, 0xD7, 0x8E, + 0xD1, 0x9D, 0xA0, 0x13, 0x49, 0x7A, 0xB0, 0x02, 0x52, 0x52, 0x24, 0xF4, 0xAF, 0xDD, 0x40, 0x2D, + 0xE5, 0x3E, 0x32, 0x58, 0xB3, 0x4A, 0x6A, 0xDD, 0x11, 0x59, 0xAA, 0x2D, 0xBC, 0xA4, 0xA0, 0x73, + 0x38, 0xF9, 0x40, 0x77, 0x6B, 0x34, 0x19, 0x57, 0xCD, 0x38, 0x68, 0x27, 0x82, 0xF8, 0xD1, 0x6F, + 0xEB, 0x23, 0xC0, 0x3F, 0x52, 0xF3, 0x4E, 0xD5, 0x02, 0x3E, 0x6A, 0x9A, 0x2B, 0xC1, 0xF5, 0x31, + 0x71, 0xDB, 0x41, 0x4D, 0x3B, 0xDE, 0xEF, 0xAD, 0xAF, 0x1F, 0x88, 0x65, 0x43, 0x1B, 0x51, 0xB7, + 0x9A, 0x75, 0xCA, 0x8E, 0x69, 0x49, 0x10, 0x8F, 0x78, 0x8A, 0x74, 0x45, 0xB9, 0x09, 0x8E, 0x73, + 0x77, 0x07, 0x32, 0x4A, 0x4B, 0xD7, 0x68, 0x2B, 0x98, 0xC5, 0xBA, 0x54, 0xEA, 0x3F, 0xCB, 0xA2, + 0x00, 0x8C, 0xBB, 0xD8, 0x10, 0x58, 0xF2, 0xDB, 0xDC, 0x9B, 0xCD, 0xD8, 0xEA, 0x48, 0x43, 0xE2, + 0x4A, 0x7E, 0x65, 0xB2, 0xDC, 0xF5, 0x2D, 0x4E, 0x25, 0x67, 0xA8, 0xE0, 0xB5, 0xBA, 0xA7, 0xDD, + 0x7E, 0x5E, 0xC1, 0x4C, 0x02, 0x74, 0xC9, 0xB3, 0x6E, 0xE3, 0xF8, 0xF0, 0x0B, 0xED, 0xFC, 0xB9, + 0x29, 0xC5, 0x5B, 0xC9, 0x36, 0x51, 0x90, 0xDB, 0x78, 0x7D, 0xB9, 0x32, 0x0F, 0x5E, 0x76, 0xD2, + 0x15, 0x5C, 0x3B, 0x37, 0x21, 0xC6, 0xDB, 0xC9, 0x19, 0x6E, 0xED, 0x74, 0x2A, 0x5C, 0x2C, 0x0B, + 0x51, 0x49, 0x45, 0x53, 0xB0, 0xB2, 0xB3, 0x23, 0xD4, 0xA1, 0xB0, 0x5F, 0x0D, 0x19, 0xCD, 0x14, + 0xA7, 0xE3, 0x3C, 0x9B, 0x97, 0x72, 0x94, 0x14, 0xDF, 0xFF, 0xC1, 0x90, 0x1B, 0xA5, 0xDF, 0xF5, + 0xA9, 0xF3, 0x1B, 0x17, 0xDA, 0xB5, 0xFC, 0x44, 0xE0, 0xE8, 0xE2, 0x3C, 0xA2, 0x7A, 0xBB, 0xBB, + 0x65, 0xE6, 0x4D, 0xB1, 0xB5, 0x15, 0xA1, 0xD9, 0x67, 0x3B, 0xB0, 0x0C, 0x7D, 0x3B, 0xE9, 0xEE, + 0x51, 0x2A, 0x47, 0xF5, 0x15, 0x0F, 0x8C, 0xAD, 0x5D, 0x2E, 0x35, 0xDF, 0xF4, 0xA4, 0x2E, 0xF6, + 0x13, 0x37, 0x5A, 0x2B, 0xE8, 0x55, 0x9A, 0x49, 0x2C, 0x97, 0xCE, 0x9D, 0x01, 0x9E, 0x97, 0x46, + 0x5C, 0xD9, 0x2D, 0xBC, 0x24, 0x5A, 0x95, 0x59, 0x6F, 0x4D, 0xCA, 0x9D, 0xD6, 0x57, 0x26, 0x31, + 0x82, 0x04, 0x96, 0x30, 0x82, 0x04, 0x92, 0x02, 0x01, 0x01, 0x30, 0x81, 0x90, 0x30, 0x81, 0x81, + 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, + 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, + 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, + 0x6D, 0x6F, 0x6E, 0x64, 0x31, 0x1E, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x15, 0x4D, + 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x43, 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, + 0x74, 0x69, 0x6F, 0x6E, 0x31, 0x2B, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x4D, + 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6E, 0x64, 0x6F, 0x77, 0x73, + 0x20, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x50, 0x43, + 0x41, 0x02, 0x0A, 0x61, 0x01, 0xC6, 0xC1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x30, 0x09, 0x06, + 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0xA0, 0x81, 0xBA, 0x30, 0x19, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x03, 0x31, 0x0C, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, + 0x01, 0x82, 0x37, 0x02, 0x01, 0x04, 0x30, 0x1C, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, + 0x37, 0x02, 0x01, 0x0B, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, + 0x37, 0x02, 0x01, 0x15, 0x30, 0x23, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, + 0x04, 0x31, 0x16, 0x04, 0x14, 0xC5, 0xC5, 0xC1, 0xC3, 0x46, 0xC4, 0x12, 0xB9, 0x38, 0xED, 0xE5, + 0x7E, 0x66, 0x78, 0x4E, 0x8F, 0x55, 0x10, 0x7D, 0xAC, 0x30, 0x5A, 0x06, 0x0A, 0x2B, 0x06, 0x01, + 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x0C, 0x31, 0x4C, 0x30, 0x4A, 0xA0, 0x24, 0x80, 0x22, 0x00, + 0x4D, 0x00, 0x69, 0x00, 0x63, 0x00, 0x72, 0x00, 0x6F, 0x00, 0x73, 0x00, 0x6F, 0x00, 0x66, 0x00, + 0x74, 0x00, 0x20, 0x00, 0x57, 0x00, 0x69, 0x00, 0x6E, 0x00, 0x64, 0x00, 0x6F, 0x00, 0x77, 0x00, + 0x73, 0xA1, 0x22, 0x80, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x77, 0x77, 0x77, 0x2E, + 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x77, 0x69, + 0x6E, 0x64, 0x6F, 0x77, 0x73, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x01, 0x00, 0xC0, 0x53, 0x19, 0xE7, 0x27, 0xE6, 0xD6, 0xD7, + 0xA8, 0xAE, 0xA0, 0xE6, 0x4C, 0xEF, 0x9A, 0xBC, 0x1D, 0x19, 0xD4, 0xC5, 0x7F, 0x7C, 0x71, 0xFF, + 0x14, 0x7C, 0xAD, 0x7A, 0x8F, 0x2D, 0x0F, 0x40, 0x38, 0x9B, 0x83, 0x09, 0xEE, 0xF5, 0x34, 0x92, + 0xB4, 0x85, 0x34, 0x7C, 0xBA, 0x9B, 0x58, 0x5D, 0xA6, 0x15, 0xDE, 0x99, 0xBF, 0x25, 0x89, 0xDB, + 0xC0, 0x3A, 0x98, 0x21, 0x1C, 0x25, 0x09, 0xBD, 0x41, 0xAA, 0x0F, 0x90, 0x6C, 0x62, 0xE9, 0xBD, + 0x1D, 0xDD, 0x7C, 0xA4, 0x1F, 0x19, 0x3F, 0xC8, 0x11, 0xF5, 0x1C, 0x9E, 0xEA, 0x2E, 0x1A, 0xCE, + 0x5A, 0x61, 0x8A, 0x77, 0xFA, 0x65, 0x1F, 0x03, 0xB4, 0x45, 0x02, 0x0F, 0xB4, 0x0E, 0xB9, 0x44, + 0xF6, 0x75, 0xF6, 0x67, 0x91, 0xAD, 0xFA, 0xF9, 0xC3, 0xFA, 0x63, 0x91, 0x58, 0xFE, 0x40, 0xDF, + 0x92, 0x6B, 0x59, 0x42, 0x44, 0x66, 0xD2, 0x88, 0x49, 0x59, 0x29, 0x1D, 0x6A, 0xF9, 0x93, 0x9B, + 0xD5, 0x38, 0x84, 0x96, 0xD7, 0xAF, 0xBA, 0xEC, 0x29, 0x8D, 0x06, 0x8C, 0x8B, 0xF4, 0xA1, 0x56, + 0x0F, 0x78, 0x3F, 0x35, 0xCB, 0x12, 0x8A, 0x85, 0xD5, 0x7C, 0xFC, 0x63, 0xDD, 0x72, 0xA1, 0x13, + 0xD3, 0x25, 0x4A, 0x59, 0x21, 0xD0, 0xC6, 0x47, 0x9F, 0x22, 0xF7, 0xF8, 0x32, 0xA2, 0x05, 0x2B, + 0x53, 0xC5, 0x96, 0x98, 0x0D, 0x39, 0x02, 0xAD, 0x85, 0xF7, 0x18, 0x73, 0x34, 0x12, 0x7F, 0x5A, + 0xCB, 0xE1, 0xA2, 0xFB, 0x4E, 0x25, 0x81, 0xF0, 0x9F, 0x7A, 0x79, 0xDB, 0x4F, 0x4B, 0x66, 0x44, + 0x30, 0x8E, 0x0D, 0x57, 0x23, 0xD3, 0x7F, 0x60, 0x87, 0xDE, 0xD0, 0x4C, 0x90, 0x90, 0x84, 0x64, + 0x70, 0xE8, 0x15, 0x65, 0xCA, 0x18, 0xF8, 0x9A, 0xB6, 0x0C, 0x24, 0xF5, 0xDF, 0xC3, 0x47, 0xE2, + 0x7C, 0xAD, 0x91, 0x70, 0x6D, 0xF8, 0x43, 0xE9, 0xA1, 0x82, 0x02, 0x1D, 0x30, 0x82, 0x02, 0x19, + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x06, 0x31, 0x82, 0x02, 0x0A, 0x30, + 0x82, 0x02, 0x06, 0x02, 0x01, 0x01, 0x30, 0x81, 0x85, 0x30, 0x77, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x13, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6D, 0x6F, 0x6E, 0x64, 0x31, + 0x1E, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x15, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, + 0x6F, 0x66, 0x74, 0x20, 0x43, 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x31, + 0x21, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x18, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, + 0x6F, 0x66, 0x74, 0x20, 0x54, 0x69, 0x6D, 0x65, 0x2D, 0x53, 0x74, 0x61, 0x6D, 0x70, 0x20, 0x50, + 0x43, 0x41, 0x02, 0x0A, 0x61, 0x03, 0xDC, 0xF6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C, 0x30, 0x07, + 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0xA0, 0x5D, 0x30, 0x18, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x03, 0x31, 0x0B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x07, 0x01, 0x30, 0x1C, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x05, + 0x31, 0x0F, 0x17, 0x0D, 0x30, 0x39, 0x30, 0x34, 0x32, 0x32, 0x30, 0x35, 0x35, 0x34, 0x33, 0x34, + 0x5A, 0x30, 0x23, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x04, 0x31, 0x16, + 0x04, 0x14, 0x74, 0xD7, 0x54, 0xA0, 0xC0, 0x9E, 0x62, 0xF0, 0xDD, 0x92, 0xDC, 0xD6, 0x96, 0x34, + 0xA1, 0x0B, 0xF0, 0xD5, 0xB5, 0x3A, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x01, 0x05, 0x05, 0x00, 0x04, 0x82, 0x01, 0x00, 0x8D, 0x16, 0xB5, 0xC8, 0x3D, 0xBC, 0x8A, + 0xB5, 0xC3, 0x23, 0xF3, 0x33, 0xB0, 0xFA, 0x75, 0xAD, 0xAC, 0x53, 0x0D, 0x5C, 0xF4, 0xD9, 0xBE, + 0x63, 0xEB, 0x0D, 0x6F, 0x69, 0x63, 0x91, 0xF8, 0x8E, 0x67, 0x03, 0xE1, 0xC6, 0x2E, 0xCD, 0x9C, + 0xEB, 0xDD, 0x9C, 0xCA, 0x65, 0x4A, 0xBB, 0xF2, 0xF4, 0x1C, 0x85, 0x44, 0xD6, 0x58, 0x70, 0x2E, + 0x3B, 0xFE, 0x97, 0xD0, 0xEC, 0x72, 0x77, 0x20, 0xA8, 0x20, 0xAC, 0xF0, 0xED, 0x86, 0xC4, 0xFF, + 0x3A, 0x3D, 0x40, 0xD9, 0xF6, 0xD5, 0x99, 0xBE, 0xCC, 0xD2, 0xD8, 0xBA, 0x71, 0x51, 0x60, 0xAA, + 0x72, 0x36, 0x13, 0x8B, 0x0A, 0xA9, 0xD6, 0xF5, 0x36, 0xE0, 0x44, 0x6B, 0xC1, 0x44, 0x42, 0x43, + 0x56, 0x1A, 0xD6, 0xF1, 0x5A, 0x98, 0xCC, 0xBA, 0xA9, 0x4C, 0xCF, 0xC9, 0x86, 0xC3, 0x5B, 0x1C, + 0xDF, 0x75, 0x22, 0x54, 0x6A, 0xF0, 0x18, 0x34, 0x0B, 0x29, 0xB0, 0x26, 0x07, 0x59, 0xB6, 0x52, + 0x7B, 0x69, 0x74, 0x11, 0x1B, 0xB8, 0x29, 0x19, 0x36, 0x0E, 0xB7, 0x65, 0xCB, 0x87, 0x09, 0x9E, + 0x03, 0x28, 0x6C, 0xDB, 0xA7, 0xFB, 0xDF, 0xC7, 0xF7, 0xCE, 0x0D, 0xC2, 0xBA, 0xEA, 0x3C, 0xE8, + 0x43, 0x1E, 0x7F, 0xF2, 0x64, 0xDA, 0x87, 0x89, 0xC0, 0xCD, 0x67, 0xE4, 0x84, 0x9B, 0xA7, 0x77, + 0xFA, 0x6C, 0x69, 0x19, 0x5B, 0xD1, 0xF7, 0xD9, 0x07, 0x91, 0x50, 0xDD, 0x98, 0x26, 0x10, 0xE3, + 0x2E, 0x39, 0x62, 0xF0, 0x56, 0xE9, 0xD9, 0x5C, 0x85, 0x67, 0x9B, 0x2F, 0xDE, 0xD1, 0x00, 0x45, + 0x0E, 0x99, 0x1F, 0xDF, 0x7E, 0xC9, 0x10, 0x56, 0xC7, 0x00, 0x6D, 0x5F, 0x23, 0x57, 0x12, 0x84, + 0xCD, 0xAC, 0x82, 0xAE, 0x39, 0x52, 0xA5, 0x19, 0x23, 0xA3, 0x6B, 0xE7, 0x49, 0x8F, 0x86, 0x74, + 0x46, 0x41, 0x2A, 0x0F, 0x3D, 0x29, 0xB7, 0xAE, 0x8C, 0x00 +}; + +// +// Sample Authenticode Data with SHA-256 hash algorithm. +// This data should be retrieved from signed PE/COFF image according to SECURITY +// directory in PE/COFF Header. +// +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 AuthenticodeWithSha256[] = { + 0x30, 0x82, 0x0e, 0xd1, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, + 0x82, 0x0e, 0xc2, 0x30, 0x82, 0x0e, 0xbe, 0x02, 0x01, 0x01, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, 0x5c, 0x06, 0x0a, 0x2b, + 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x04, 0xa0, 0x4e, 0x30, 0x4c, 0x30, 0x17, 0x06, + 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x0f, 0x30, 0x09, 0x03, 0x01, 0x00, + 0xa0, 0x04, 0xa2, 0x02, 0x80, 0x00, 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, + 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20, 0x61, 0x82, 0xb7, 0xf8, 0x8c, 0xff, 0xc2, + 0xeb, 0x79, 0x6e, 0x9d, 0xa9, 0xdd, 0x39, 0x52, 0xdd, 0x36, 0xdd, 0xf1, 0x43, 0x27, 0x58, 0x8c, + 0xa7, 0xcc, 0xae, 0xde, 0xdd, 0x3c, 0x02, 0x12, 0x49, 0xa0, 0x82, 0x0c, 0x0a, 0x30, 0x82, 0x05, + 0xe5, 0x30, 0x82, 0x03, 0xcd, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x0a, 0x61, 0x03, 0x5f, 0x09, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x90, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, + 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, + 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, + 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3a, 0x30, 0x38, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x31, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, + 0x20, 0x54, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x67, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x30, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x30, 0x30, 0x36, + 0x32, 0x31, 0x32, 0x32, 0x35, 0x35, 0x30, 0x31, 0x5a, 0x17, 0x0d, 0x31, 0x34, 0x30, 0x36, 0x32, + 0x31, 0x32, 0x33, 0x30, 0x35, 0x30, 0x31, 0x5a, 0x30, 0x81, 0x81, 0x31, 0x13, 0x30, 0x11, 0x06, + 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16, 0x03, 0x63, 0x6f, 0x6d, + 0x31, 0x19, 0x30, 0x17, 0x06, 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, + 0x16, 0x09, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x31, 0x14, 0x30, 0x12, 0x06, + 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16, 0x04, 0x63, 0x6f, 0x72, + 0x70, 0x31, 0x17, 0x30, 0x15, 0x06, 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, + 0x19, 0x16, 0x07, 0x72, 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x13, 0x17, 0x4d, 0x53, 0x49, 0x54, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, + 0x6f, 0x64, 0x65, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x41, 0x20, 0x33, 0x30, 0x82, 0x01, 0x22, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x9b, 0x71, 0xdd, + 0x0d, 0x32, 0x2d, 0x08, 0xe8, 0x2d, 0x01, 0x90, 0x9c, 0xdf, 0x9f, 0x32, 0x58, 0x8b, 0x47, 0xd0, + 0xfe, 0x9a, 0x6b, 0x40, 0x5e, 0x76, 0xa2, 0x10, 0x00, 0x0e, 0xd2, 0x8f, 0xce, 0xa1, 0x5f, 0x42, + 0xa7, 0x0b, 0x5e, 0x83, 0xc2, 0xe9, 0x06, 0xa6, 0x0a, 0xb4, 0x3d, 0x30, 0x50, 0xdb, 0x35, 0x43, + 0x2c, 0xd3, 0xc3, 0xc6, 0x3c, 0xc9, 0xb5, 0x88, 0xfc, 0x0b, 0xe6, 0xa3, 0x71, 0x47, 0xce, 0xfd, + 0x88, 0x62, 0xa4, 0x25, 0xe2, 0x4e, 0x1b, 0x79, 0x3d, 0xe3, 0xbf, 0x8b, 0x84, 0x2d, 0x64, 0x25, + 0xa5, 0xfa, 0x8e, 0x30, 0xae, 0xe3, 0x34, 0x7d, 0x27, 0xf3, 0x5e, 0xf4, 0x05, 0x60, 0xc6, 0x0f, + 0x1a, 0x1b, 0x9e, 0xaf, 0x21, 0x37, 0xa9, 0xd9, 0xb6, 0xb7, 0x6a, 0x54, 0x4b, 0x5e, 0xa0, 0x75, + 0xb5, 0x9a, 0xc4, 0xb6, 0xbe, 0x28, 0xe3, 0x3b, 0xf7, 0x5a, 0x08, 0x77, 0xd9, 0x39, 0x4a, 0x2a, + 0x7a, 0xf8, 0xf4, 0xfe, 0xe8, 0x12, 0x54, 0x41, 0x11, 0x55, 0xc8, 0xc7, 0x98, 0x3e, 0x64, 0xa5, + 0xbb, 0xda, 0x6b, 0xa4, 0xaa, 0x29, 0x8c, 0x9f, 0x27, 0x55, 0x25, 0xe7, 0xfd, 0x31, 0x70, 0x60, + 0x1d, 0xd3, 0xc4, 0xf2, 0xb9, 0xef, 0x92, 0x4a, 0x9f, 0xc8, 0x4c, 0x93, 0xe7, 0x19, 0xa8, 0x4e, + 0xbc, 0xe3, 0x62, 0xf4, 0xe0, 0x6e, 0xec, 0x45, 0x6e, 0x61, 0x4e, 0xad, 0x58, 0xe0, 0xf0, 0xea, + 0xf7, 0x74, 0x2c, 0xdf, 0x1b, 0xf6, 0x43, 0x3c, 0x84, 0xc2, 0x8c, 0x0b, 0xb4, 0xbd, 0x4a, 0x57, + 0xa6, 0x0c, 0x4e, 0x9e, 0x73, 0x43, 0x5f, 0x2d, 0xaf, 0x22, 0xf4, 0xa6, 0xfd, 0x5a, 0x87, 0xb9, + 0xbe, 0x6f, 0x9e, 0x1d, 0x99, 0xc8, 0xdf, 0x95, 0xc2, 0x02, 0xad, 0x7d, 0x4a, 0xf3, 0xba, 0x5d, + 0xe8, 0x7b, 0x6e, 0x57, 0xe5, 0x3a, 0x02, 0xf8, 0xd3, 0x01, 0x15, 0xae, 0x4f, 0x02, 0x03, 0x01, + 0x00, 0x01, 0xa3, 0x82, 0x01, 0x4c, 0x30, 0x82, 0x01, 0x48, 0x30, 0x10, 0x06, 0x09, 0x2b, 0x06, + 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, + 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x4e, 0xfe, 0x61, 0x39, 0x6f, 0xca, 0xc5, 0x64, 0xe0, + 0x20, 0xb6, 0xda, 0xc1, 0xb9, 0x52, 0x0e, 0xca, 0xdf, 0x8e, 0xfe, 0x30, 0x19, 0x06, 0x09, 0x2b, + 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, + 0x00, 0x62, 0x00, 0x43, 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, + 0x02, 0x01, 0x86, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, + 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, + 0x30, 0x16, 0x80, 0x14, 0xa3, 0x01, 0x04, 0x7e, 0x30, 0x88, 0x33, 0xeb, 0xb9, 0x31, 0x9c, 0xca, + 0xeb, 0x85, 0x76, 0x67, 0xfc, 0x65, 0xb4, 0xd1, 0x30, 0x59, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, + 0x52, 0x30, 0x50, 0x30, 0x4e, 0xa0, 0x4c, 0xa0, 0x4a, 0x86, 0x48, 0x68, 0x74, 0x74, 0x70, 0x3a, + 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, + 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x64, + 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x54, 0x65, 0x73, 0x52, 0x6f, 0x6f, 0x43, 0x65, + 0x72, 0x41, 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x31, 0x37, 0x2e, + 0x63, 0x72, 0x6c, 0x30, 0x5d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, + 0x51, 0x30, 0x4f, 0x30, 0x4d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, + 0x41, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, + 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, + 0x72, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x54, 0x65, 0x73, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, + 0x41, 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x31, 0x37, 0x2e, 0x63, + 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, + 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x91, 0x2d, 0x11, 0x36, 0xd1, 0x2c, 0x5e, 0x21, 0x77, 0x62, + 0x1a, 0xa1, 0xcf, 0x9a, 0x7e, 0x62, 0x2d, 0xc9, 0x90, 0xb9, 0x0e, 0x3d, 0x71, 0x0d, 0xa0, 0x4a, + 0x48, 0xad, 0xe1, 0xd6, 0xb0, 0x73, 0x4a, 0x51, 0x4b, 0x4c, 0xb2, 0x6b, 0x88, 0x0a, 0x5a, 0xb7, + 0xe9, 0x55, 0x67, 0x43, 0x8b, 0xf1, 0x9d, 0xcc, 0x52, 0x03, 0xaf, 0xac, 0x85, 0xe9, 0xd3, 0x75, + 0xce, 0xe5, 0x6f, 0x8b, 0x3c, 0x80, 0x81, 0xab, 0xd1, 0xd1, 0x73, 0x0d, 0x6b, 0xb0, 0x51, 0xb8, + 0xa2, 0x5e, 0x0c, 0x09, 0xe5, 0xa6, 0xbc, 0x54, 0x49, 0xe5, 0x54, 0x38, 0x5a, 0xb7, 0x43, 0xd2, + 0x75, 0x34, 0x52, 0xdd, 0x35, 0x79, 0x95, 0x98, 0xd5, 0x3c, 0xc6, 0xda, 0x46, 0xb2, 0xd8, 0xa0, + 0xa7, 0xcc, 0x30, 0x31, 0x0f, 0x4b, 0xeb, 0xb7, 0x02, 0xab, 0x2b, 0x38, 0xd2, 0xb7, 0x27, 0xc2, + 0xc7, 0x0d, 0x62, 0xa4, 0xc0, 0x48, 0xf4, 0x1a, 0x48, 0x79, 0x7d, 0xe1, 0x31, 0xa4, 0x5d, 0x19, + 0xd0, 0x18, 0x17, 0x00, 0xca, 0xe3, 0x5d, 0x0b, 0xc1, 0x85, 0x7f, 0xf1, 0xbe, 0xd3, 0xcb, 0x97, + 0xf4, 0x1b, 0x62, 0x0f, 0xd7, 0x14, 0x38, 0x8d, 0xb2, 0x2e, 0x98, 0xd4, 0x41, 0x6a, 0xb0, 0xb5, + 0x84, 0xee, 0xd8, 0x2c, 0x2d, 0x13, 0xfc, 0x50, 0x1d, 0x9a, 0x6f, 0x31, 0x87, 0x1c, 0xe0, 0xd0, + 0xd0, 0xd3, 0x24, 0x52, 0xdf, 0x12, 0x8d, 0xfb, 0xf7, 0x7f, 0x33, 0x04, 0x17, 0x7a, 0x8b, 0xe3, + 0xbd, 0x7c, 0x1e, 0xa2, 0x2a, 0x91, 0x76, 0xd9, 0xfc, 0x43, 0x17, 0xa7, 0x0a, 0xa1, 0xd9, 0xc6, + 0x3c, 0x3a, 0x42, 0xed, 0xb7, 0x12, 0xcd, 0x9e, 0xdd, 0xfe, 0x91, 0x9d, 0x98, 0xb5, 0x35, 0xe8, + 0x94, 0xdd, 0x9a, 0xce, 0xd4, 0xf4, 0xac, 0xca, 0xa6, 0xcd, 0x59, 0x3d, 0xde, 0x44, 0xbf, 0x0e, + 0x82, 0xe5, 0xdf, 0x5c, 0xe3, 0x49, 0xcb, 0x01, 0xa0, 0x7f, 0x7b, 0xe2, 0x25, 0x21, 0xab, 0x95, + 0x50, 0x1e, 0x9f, 0xea, 0x77, 0x56, 0x47, 0x74, 0x73, 0xf2, 0x25, 0x1b, 0x0e, 0x36, 0xb9, 0xa2, + 0x57, 0xbf, 0x2c, 0x57, 0xbc, 0xe4, 0xfb, 0x88, 0xb1, 0x83, 0x56, 0xd8, 0x3c, 0xe0, 0x7c, 0xfd, + 0x11, 0x9f, 0xde, 0xe1, 0xb7, 0xd4, 0xc6, 0x23, 0xaf, 0xae, 0xc7, 0x5e, 0x4f, 0xc5, 0x23, 0x74, + 0x98, 0x38, 0x74, 0x9d, 0x0d, 0x0d, 0x6d, 0xf4, 0xde, 0x28, 0x44, 0x41, 0xd8, 0x22, 0x68, 0xe7, + 0x57, 0xa7, 0x66, 0x74, 0xb5, 0xc3, 0x31, 0x24, 0xe2, 0x7c, 0xd5, 0x52, 0x5d, 0x8a, 0xd2, 0x4e, + 0x14, 0xbb, 0x08, 0xd3, 0x1a, 0x31, 0x12, 0x04, 0x58, 0x9b, 0x3a, 0x99, 0x78, 0x93, 0x51, 0x3f, + 0x0b, 0x85, 0xce, 0xde, 0x09, 0x58, 0xf9, 0x96, 0x1b, 0x91, 0x11, 0xa0, 0x68, 0x53, 0x33, 0xcb, + 0xbe, 0x08, 0x89, 0xcc, 0x95, 0x55, 0xae, 0x06, 0x78, 0x27, 0x99, 0xa2, 0x56, 0xef, 0xae, 0x95, + 0x0a, 0x7f, 0x0d, 0xeb, 0x43, 0x0c, 0xc6, 0x9e, 0x3f, 0x80, 0xbb, 0xc4, 0x74, 0x03, 0x9d, 0xb8, + 0x1a, 0xaa, 0xbc, 0xcb, 0x1e, 0x03, 0xfb, 0xd8, 0x49, 0x89, 0x9d, 0x20, 0xaa, 0x25, 0x4b, 0x47, + 0x67, 0xf4, 0xa7, 0x0d, 0x8d, 0x76, 0x30, 0xc6, 0x48, 0xce, 0xdd, 0x8d, 0xfa, 0xbe, 0xda, 0xb4, + 0xeb, 0x3d, 0xd8, 0x0c, 0x3b, 0x15, 0x9a, 0xd1, 0x83, 0x85, 0xe5, 0xe3, 0x92, 0xaa, 0x3b, 0xad, + 0x34, 0x0c, 0x39, 0xf1, 0x7f, 0x75, 0xae, 0xe8, 0x70, 0xb0, 0xfd, 0xf2, 0x8e, 0x29, 0xda, 0xdc, + 0x09, 0x4f, 0x8a, 0x7b, 0x63, 0xbe, 0x1e, 0x8a, 0xc3, 0x58, 0xd1, 0x03, 0xbe, 0x37, 0xe9, 0xed, + 0x32, 0x26, 0xa8, 0x0c, 0xfe, 0xed, 0x12, 0xa7, 0x63, 0x04, 0xb3, 0x92, 0x97, 0xd9, 0x46, 0xa3, + 0x33, 0x33, 0x9c, 0x5b, 0xbc, 0x54, 0x30, 0x82, 0x06, 0x1d, 0x30, 0x82, 0x05, 0x05, 0xa0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x0a, 0x4e, 0x30, 0xa5, 0xbb, 0x00, 0x00, 0x00, 0x12, 0x7b, 0xf2, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, + 0x81, 0x31, 0x13, 0x30, 0x11, 0x06, 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, + 0x19, 0x16, 0x03, 0x63, 0x6f, 0x6d, 0x31, 0x19, 0x30, 0x17, 0x06, 0x0a, 0x09, 0x92, 0x26, 0x89, + 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16, 0x09, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, + 0x74, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, + 0x19, 0x16, 0x04, 0x63, 0x6f, 0x72, 0x70, 0x31, 0x17, 0x30, 0x15, 0x06, 0x0a, 0x09, 0x92, 0x26, + 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16, 0x07, 0x72, 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, + 0x31, 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x17, 0x4d, 0x53, 0x49, 0x54, 0x20, + 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x6f, 0x64, 0x65, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x41, + 0x20, 0x33, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30, 0x34, 0x32, 0x31, 0x30, 0x33, 0x33, 0x33, + 0x34, 0x39, 0x5a, 0x17, 0x0d, 0x31, 0x33, 0x30, 0x34, 0x32, 0x30, 0x30, 0x33, 0x33, 0x33, 0x34, + 0x39, 0x5a, 0x30, 0x70, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, + 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, + 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, + 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, + 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x13, 0x11, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6e, + 0x64, 0x6f, 0x77, 0x73, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, + 0x02, 0x82, 0x01, 0x01, 0x00, 0xca, 0x9f, 0xcb, 0x8c, 0x5e, 0x61, 0x19, 0xb5, 0x37, 0x72, 0xd1, + 0xe2, 0x88, 0x1f, 0x37, 0x56, 0xce, 0xa8, 0x88, 0x05, 0x3e, 0xe8, 0xa6, 0x8d, 0xfd, 0x0b, 0x30, + 0x63, 0x54, 0x89, 0x1d, 0xda, 0x11, 0x70, 0x5a, 0x06, 0x00, 0x86, 0xd7, 0x7f, 0xe6, 0x21, 0x70, + 0x41, 0x81, 0x26, 0x4b, 0x6e, 0xc7, 0x02, 0xe2, 0xbf, 0x61, 0x45, 0x04, 0x2f, 0x45, 0xbc, 0xd2, + 0x0d, 0xf6, 0xac, 0xda, 0x91, 0x6d, 0xc6, 0x60, 0xad, 0xb3, 0x0b, 0x32, 0xe5, 0x13, 0x95, 0x96, + 0x02, 0x4e, 0x10, 0xad, 0x2e, 0x6c, 0xb0, 0xc7, 0x65, 0x6d, 0xea, 0x89, 0x91, 0x67, 0x73, 0x5d, + 0x05, 0x12, 0x9f, 0x95, 0x74, 0x6a, 0x6d, 0xb0, 0x6a, 0xd8, 0x94, 0x9b, 0xb0, 0x70, 0x79, 0xb0, + 0x85, 0x42, 0xe7, 0xd7, 0x19, 0xc4, 0x33, 0xfd, 0xac, 0xbe, 0x2b, 0xd5, 0x7e, 0x5a, 0xa9, 0xc7, + 0xa7, 0x68, 0x53, 0xed, 0xaa, 0x51, 0x2a, 0x6b, 0xac, 0x5a, 0xd7, 0x6e, 0xcf, 0x68, 0x60, 0x90, + 0xc7, 0xda, 0xd1, 0xe7, 0xf2, 0x53, 0x4a, 0x01, 0xaf, 0xe8, 0xb1, 0x29, 0x91, 0xab, 0x4c, 0x58, + 0x64, 0xe6, 0xb6, 0xcc, 0xdc, 0x0f, 0x43, 0xf2, 0x87, 0x15, 0xf8, 0x73, 0x06, 0xb8, 0x1f, 0xaa, + 0xf2, 0x66, 0x49, 0x82, 0xca, 0xf0, 0xdd, 0x4c, 0x7c, 0xd5, 0xe7, 0x59, 0xb7, 0xc6, 0xd3, 0x81, + 0x29, 0x5c, 0xce, 0xe4, 0xfd, 0xf7, 0xeb, 0x58, 0x6b, 0x50, 0x79, 0x72, 0x83, 0x4d, 0x59, 0xec, + 0xd1, 0xd2, 0xfc, 0x3a, 0x10, 0xc5, 0x7a, 0xba, 0x90, 0xea, 0xfd, 0x54, 0xc7, 0xc8, 0x58, 0x2d, + 0x84, 0xe5, 0x5b, 0x51, 0x98, 0x2c, 0x36, 0x7c, 0x42, 0x2b, 0xb1, 0x62, 0x4b, 0x0f, 0xf9, 0x72, + 0xd3, 0x3f, 0x99, 0xc8, 0xb4, 0x02, 0x17, 0x39, 0xe5, 0x0b, 0xf2, 0x5d, 0x2d, 0x7f, 0x23, 0x41, + 0xcd, 0x58, 0x3a, 0x25, 0x75, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x02, 0xa5, 0x30, 0x82, + 0x02, 0xa1, 0x30, 0x3d, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x07, 0x04, + 0x30, 0x30, 0x2e, 0x06, 0x26, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x08, 0x83, 0xcf, + 0x89, 0x4d, 0xad, 0xf2, 0x02, 0x85, 0xa1, 0x9f, 0x0c, 0x82, 0xfa, 0xca, 0x7d, 0x81, 0xe1, 0xfb, + 0x74, 0x81, 0x4f, 0x84, 0x9a, 0xf1, 0x69, 0x85, 0xa1, 0xad, 0x1d, 0x02, 0x01, 0x64, 0x02, 0x01, + 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80, 0x30, 0x29, + 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x0a, 0x04, 0x1c, 0x30, 0x1a, 0x30, + 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x0a, 0x03, 0x06, 0x30, 0x0a, 0x06, + 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x25, + 0x04, 0x18, 0x30, 0x16, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x0a, 0x03, 0x06, + 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, + 0x0e, 0x04, 0x16, 0x04, 0x14, 0xc9, 0x5a, 0xb3, 0x11, 0x02, 0x66, 0x71, 0x8c, 0x5b, 0x06, 0x80, + 0x8a, 0x6d, 0x4f, 0x5b, 0xf2, 0xb5, 0x67, 0x45, 0xb5, 0x30, 0x30, 0x06, 0x03, 0x55, 0x1d, 0x11, + 0x04, 0x29, 0x30, 0x27, 0xa0, 0x25, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, + 0x02, 0x03, 0xa0, 0x17, 0x0c, 0x15, 0x77, 0x69, 0x6e, 0x63, 0x62, 0x6c, 0x64, 0x40, 0x6d, 0x69, + 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1f, 0x06, 0x03, 0x55, + 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x4e, 0xfe, 0x61, 0x39, 0x6f, 0xca, 0xc5, 0x64, + 0xe0, 0x20, 0xb6, 0xda, 0xc1, 0xb9, 0x52, 0x0e, 0xca, 0xdf, 0x8e, 0xfe, 0x30, 0x81, 0xe8, 0x06, + 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x81, 0xe0, 0x30, 0x81, 0xdd, 0x30, 0x81, 0xda, 0xa0, 0x81, 0xd7, + 0xa0, 0x81, 0xd4, 0x86, 0x36, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x6f, 0x72, 0x70, + 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x4d, 0x53, 0x49, 0x54, 0x25, 0x32, 0x30, 0x54, + 0x65, 0x73, 0x74, 0x25, 0x32, 0x30, 0x43, 0x6f, 0x64, 0x65, 0x53, 0x69, 0x67, 0x6e, 0x25, 0x32, + 0x30, 0x43, 0x41, 0x25, 0x32, 0x30, 0x33, 0x2e, 0x63, 0x72, 0x6c, 0x86, 0x4d, 0x68, 0x74, 0x74, + 0x70, 0x3a, 0x2f, 0x2f, 0x6d, 0x73, 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, + 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x6d, 0x73, 0x63, 0x6f, + 0x72, 0x70, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x4d, 0x53, 0x49, 0x54, 0x25, 0x32, 0x30, 0x54, 0x65, + 0x73, 0x74, 0x25, 0x32, 0x30, 0x43, 0x6f, 0x64, 0x65, 0x53, 0x69, 0x67, 0x6e, 0x25, 0x32, 0x30, + 0x43, 0x41, 0x25, 0x32, 0x30, 0x33, 0x2e, 0x63, 0x72, 0x6c, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, + 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x6d, 0x73, 0x63, 0x6f, 0x72, 0x70, 0x2f, + 0x63, 0x72, 0x6c, 0x2f, 0x4d, 0x53, 0x49, 0x54, 0x25, 0x32, 0x30, 0x54, 0x65, 0x73, 0x74, 0x25, + 0x32, 0x30, 0x43, 0x6f, 0x64, 0x65, 0x53, 0x69, 0x67, 0x6e, 0x25, 0x32, 0x30, 0x43, 0x41, 0x25, + 0x32, 0x30, 0x33, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x81, 0xa9, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x01, 0x01, 0x04, 0x81, 0x9c, 0x30, 0x81, 0x99, 0x30, 0x42, 0x06, 0x08, 0x2b, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x36, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, + 0x6f, 0x72, 0x70, 0x70, 0x6b, 0x69, 0x2f, 0x61, 0x69, 0x61, 0x2f, 0x4d, 0x53, 0x49, 0x54, 0x25, + 0x32, 0x30, 0x54, 0x65, 0x73, 0x74, 0x25, 0x32, 0x30, 0x43, 0x6f, 0x64, 0x65, 0x53, 0x69, 0x67, + 0x6e, 0x25, 0x32, 0x30, 0x43, 0x41, 0x25, 0x32, 0x30, 0x33, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x53, + 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x47, 0x68, 0x74, 0x74, 0x70, + 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x6d, 0x73, 0x63, 0x6f, 0x72, 0x70, 0x2f, + 0x4d, 0x53, 0x49, 0x54, 0x25, 0x32, 0x30, 0x54, 0x65, 0x73, 0x74, 0x25, 0x32, 0x30, 0x43, 0x6f, + 0x64, 0x65, 0x53, 0x69, 0x67, 0x6e, 0x25, 0x32, 0x30, 0x43, 0x41, 0x25, 0x32, 0x30, 0x33, 0x2e, + 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x97, 0x6d, 0x52, 0x46, 0x65, 0x08, 0x60, 0x01, 0x12, + 0x7a, 0x26, 0xaa, 0xd9, 0xc3, 0x15, 0xec, 0xc6, 0xae, 0x0b, 0x75, 0xe4, 0xd5, 0xe0, 0x31, 0xf6, + 0xda, 0xc0, 0xb1, 0x1b, 0x7b, 0x8a, 0x07, 0xda, 0x2f, 0x82, 0x4a, 0x21, 0x89, 0xe6, 0x61, 0x97, + 0xe4, 0x3a, 0x38, 0xd8, 0x0a, 0x26, 0x4e, 0x83, 0x54, 0xbf, 0x32, 0xe3, 0x64, 0x36, 0x61, 0x40, + 0x75, 0x55, 0xf1, 0xaa, 0x34, 0xb2, 0xd3, 0x45, 0x8d, 0x79, 0x9a, 0x93, 0x0b, 0x9f, 0x5a, 0xb3, + 0x5b, 0xcf, 0x0d, 0x28, 0x00, 0x46, 0x68, 0xe7, 0x36, 0xc9, 0xe6, 0xd2, 0x03, 0x2d, 0x1c, 0x2b, + 0x24, 0x79, 0x32, 0xfb, 0xd8, 0x43, 0xb4, 0x0e, 0xd0, 0x37, 0x3b, 0x5e, 0x15, 0xbf, 0x8a, 0x00, + 0x56, 0x00, 0x95, 0x00, 0xd4, 0x71, 0x09, 0xe1, 0x84, 0xfa, 0x6e, 0xc5, 0x75, 0x2f, 0xe1, 0x83, + 0x7b, 0x66, 0xe2, 0x22, 0x75, 0x23, 0x6a, 0xf3, 0x83, 0xfc, 0x94, 0xf8, 0x51, 0x6d, 0x40, 0x6d, + 0x20, 0x7e, 0xb0, 0xe9, 0xac, 0xa8, 0x28, 0x04, 0xa0, 0x1a, 0x3c, 0x88, 0x7e, 0x7e, 0x3b, 0x96, + 0xe9, 0xd0, 0x4b, 0xfa, 0xfa, 0x34, 0x4a, 0x4f, 0xe7, 0xe8, 0x76, 0x16, 0x20, 0xc0, 0x10, 0xca, + 0x1f, 0x7a, 0xde, 0x54, 0xfd, 0xb7, 0xf0, 0xea, 0x8f, 0xe2, 0xcb, 0xa5, 0x1c, 0x58, 0x18, 0x57, + 0x6c, 0x7d, 0x06, 0xde, 0x8c, 0xbd, 0x45, 0xd7, 0x28, 0x86, 0x13, 0x42, 0xaa, 0x4a, 0x9a, 0x50, + 0xc5, 0x76, 0x7f, 0x63, 0x99, 0xd0, 0x90, 0x92, 0xd6, 0xc9, 0x21, 0xf2, 0xb8, 0x66, 0x9c, 0x96, + 0x53, 0xd2, 0xe5, 0xc4, 0xdd, 0x3a, 0x7c, 0x06, 0xae, 0xb1, 0x7a, 0xb4, 0x36, 0x04, 0x9d, 0xe6, + 0x2a, 0xe4, 0x6a, 0x56, 0xd0, 0x9a, 0x98, 0xa2, 0xbf, 0x6f, 0x43, 0xf2, 0xb0, 0x5b, 0xfd, 0xd9, + 0xfa, 0x08, 0x17, 0xc8, 0x3c, 0x61, 0xf1, 0x31, 0x82, 0x02, 0x3a, 0x30, 0x82, 0x02, 0x36, 0x02, + 0x01, 0x01, 0x30, 0x81, 0x90, 0x30, 0x81, 0x81, 0x31, 0x13, 0x30, 0x11, 0x06, 0x0a, 0x09, 0x92, + 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16, 0x03, 0x63, 0x6f, 0x6d, 0x31, 0x19, 0x30, + 0x17, 0x06, 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16, 0x09, 0x6d, + 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x09, 0x92, + 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16, 0x04, 0x63, 0x6f, 0x72, 0x70, 0x31, 0x17, + 0x30, 0x15, 0x06, 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16, 0x07, + 0x72, 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x13, 0x17, 0x4d, 0x53, 0x49, 0x54, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x6f, 0x64, 0x65, + 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x41, 0x20, 0x33, 0x02, 0x0a, 0x4e, 0x30, 0xa5, 0xbb, 0x00, + 0x00, 0x00, 0x12, 0x7b, 0xf2, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, + 0x02, 0x01, 0x05, 0x00, 0xa0, 0x7c, 0x30, 0x10, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, + 0x37, 0x02, 0x01, 0x0c, 0x31, 0x02, 0x30, 0x00, 0x30, 0x19, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x09, 0x03, 0x31, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, + 0x02, 0x01, 0x04, 0x30, 0x1c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, + 0x0b, 0x31, 0x0e, 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, + 0x15, 0x30, 0x2f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x04, 0x31, 0x22, + 0x04, 0x20, 0x25, 0x60, 0x6e, 0xc8, 0x66, 0x72, 0x73, 0xb0, 0x71, 0x7b, 0x82, 0x09, 0x8c, 0x27, + 0xe8, 0xb1, 0x4a, 0x36, 0x1c, 0x81, 0x36, 0xb4, 0x1b, 0x44, 0xdf, 0x09, 0x82, 0x8b, 0xf9, 0xb6, + 0x1c, 0x65, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x04, 0x82, 0x01, 0x00, 0x01, 0xb7, 0x8e, 0x46, 0x9b, 0xb4, 0x18, 0xcd, 0xf6, 0x39, 0x8f, + 0x82, 0x79, 0xbc, 0x96, 0x55, 0x7e, 0xd7, 0x84, 0x8f, 0x18, 0x37, 0x48, 0x4e, 0x8f, 0x25, 0x6f, + 0x1a, 0x6c, 0x60, 0xe9, 0xc1, 0x5f, 0x65, 0xec, 0xb0, 0x4b, 0x35, 0x98, 0x8a, 0x31, 0x6b, 0xfd, + 0xa9, 0xd2, 0x28, 0xa7, 0x00, 0xd0, 0x5c, 0x97, 0x2e, 0x3d, 0x19, 0x96, 0x75, 0xc2, 0x9a, 0xa7, + 0x4e, 0x2d, 0x3c, 0x6a, 0xd7, 0xd1, 0x81, 0x96, 0x2e, 0x06, 0x54, 0x82, 0xe9, 0x87, 0xa2, 0x53, + 0x63, 0x6a, 0xda, 0x72, 0xa3, 0x41, 0x4f, 0x14, 0xc5, 0x3d, 0x41, 0x7d, 0xbb, 0xd7, 0x29, 0x11, + 0x96, 0x14, 0x60, 0x5f, 0xb9, 0xd3, 0x47, 0xb6, 0x23, 0x97, 0x64, 0xf6, 0xe1, 0xac, 0x6c, 0x4d, + 0xa9, 0x58, 0xc2, 0x35, 0xbf, 0x02, 0xee, 0x29, 0xd4, 0x52, 0x80, 0x25, 0xa1, 0x7e, 0xbe, 0x21, + 0xcd, 0x04, 0x3c, 0x4d, 0x7d, 0xdb, 0x9b, 0x13, 0x71, 0x35, 0x13, 0x8d, 0x16, 0x0a, 0x40, 0x7b, + 0x63, 0x45, 0x00, 0x11, 0xc5, 0x3e, 0xc8, 0x21, 0x37, 0xc9, 0xbc, 0xd2, 0x0f, 0x82, 0x21, 0xf9, + 0x2f, 0xde, 0xb3, 0x1c, 0x9b, 0x67, 0xb6, 0x5a, 0xb8, 0x74, 0xa0, 0x30, 0xd8, 0x86, 0x1f, 0xd9, + 0x08, 0x45, 0xf9, 0x6b, 0xe8, 0x57, 0xda, 0xb7, 0x14, 0xf7, 0x63, 0x97, 0xfd, 0x87, 0x61, 0x1e, + 0x95, 0x6f, 0xba, 0x53, 0x40, 0x5e, 0x9f, 0x49, 0xf6, 0xe7, 0x3c, 0x59, 0xd9, 0x78, 0x08, 0x4c, + 0xa6, 0x4a, 0xa2, 0x05, 0x42, 0xa7, 0x77, 0xbc, 0x44, 0x7b, 0xed, 0xdb, 0x77, 0x63, 0x4c, 0x63, + 0x22, 0xb6, 0x17, 0x3f, 0x4f, 0x33, 0xed, 0xa6, 0xd9, 0x0f, 0x74, 0xfa, 0x97, 0x8d, 0x98, 0x55, + 0x42, 0x14, 0x76, 0xd4, 0x89, 0x07, 0xf2, 0x30, 0x5a, 0x27, 0x96, 0x1b, 0x92, 0x70, 0x5a, 0x83, + 0x89, 0x0f, 0xdb, 0x47, 0x7a, 0x00, 0x00, 0x00, 0x0a +}; + +// +// Sample root certificate for code signing. +// A trusted certificate with self-signing, will be used to construct the certificate chains for +// authority checking. +// +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 TestRootCert1[] = { + 0x30, 0x82, 0x05, 0x99, 0x30, 0x82, 0x03, 0x81, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x79, + 0xAD, 0x16, 0xA1, 0x4A, 0xA0, 0xA5, 0xAD, 0x4C, 0x73, 0x58, 0xF4, 0x07, 0x13, 0x2E, 0x65, 0x30, + 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x5F, + 0x31, 0x13, 0x30, 0x11, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x19, + 0x16, 0x03, 0x63, 0x6F, 0x6D, 0x31, 0x19, 0x30, 0x17, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, + 0xF2, 0x2C, 0x64, 0x01, 0x19, 0x16, 0x09, 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, + 0x31, 0x2D, 0x30, 0x2B, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x24, 0x4D, 0x69, 0x63, 0x72, 0x6F, + 0x73, 0x6F, 0x66, 0x74, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, 0x30, + 0x1E, 0x17, 0x0D, 0x30, 0x31, 0x30, 0x35, 0x30, 0x39, 0x32, 0x33, 0x31, 0x39, 0x32, 0x32, 0x5A, + 0x17, 0x0D, 0x32, 0x31, 0x30, 0x35, 0x30, 0x39, 0x32, 0x33, 0x32, 0x38, 0x31, 0x33, 0x5A, 0x30, + 0x5F, 0x31, 0x13, 0x30, 0x11, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, + 0x19, 0x16, 0x03, 0x63, 0x6F, 0x6D, 0x31, 0x19, 0x30, 0x17, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, + 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x19, 0x16, 0x09, 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, + 0x74, 0x31, 0x2D, 0x30, 0x2B, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x24, 0x4D, 0x69, 0x63, 0x72, + 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, + 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, + 0x30, 0x82, 0x02, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0F, 0x00, 0x30, 0x82, 0x02, 0x0A, 0x02, 0x82, 0x02, 0x01, + 0x00, 0xF3, 0x5D, 0xFA, 0x80, 0x67, 0xD4, 0x5A, 0xA7, 0xA9, 0x0C, 0x2C, 0x90, 0x20, 0xD0, 0x35, + 0x08, 0x3C, 0x75, 0x84, 0xCD, 0xB7, 0x07, 0x89, 0x9C, 0x89, 0xDA, 0xDE, 0xCE, 0xC3, 0x60, 0xFA, + 0x91, 0x68, 0x5A, 0x9E, 0x94, 0x71, 0x29, 0x18, 0x76, 0x7C, 0xC2, 0xE0, 0xC8, 0x25, 0x76, 0x94, + 0x0E, 0x58, 0xFA, 0x04, 0x34, 0x36, 0xE6, 0xDF, 0xAF, 0xF7, 0x80, 0xBA, 0xE9, 0x58, 0x0B, 0x2B, + 0x93, 0xE5, 0x9D, 0x05, 0xE3, 0x77, 0x22, 0x91, 0xF7, 0x34, 0x64, 0x3C, 0x22, 0x91, 0x1D, 0x5E, + 0xE1, 0x09, 0x90, 0xBC, 0x14, 0xFE, 0xFC, 0x75, 0x58, 0x19, 0xE1, 0x79, 0xB7, 0x07, 0x92, 0xA3, + 0xAE, 0x88, 0x59, 0x08, 0xD8, 0x9F, 0x07, 0xCA, 0x03, 0x58, 0xFC, 0x68, 0x29, 0x6D, 0x32, 0xD7, + 0xD2, 0xA8, 0xCB, 0x4B, 0xFC, 0xE1, 0x0B, 0x48, 0x32, 0x4F, 0xE6, 0xEB, 0xB8, 0xAD, 0x4F, 0xE4, + 0x5C, 0x6F, 0x13, 0x94, 0x99, 0xDB, 0x95, 0xD5, 0x75, 0xDB, 0xA8, 0x1A, 0xB7, 0x94, 0x91, 0xB4, + 0x77, 0x5B, 0xF5, 0x48, 0x0C, 0x8F, 0x6A, 0x79, 0x7D, 0x14, 0x70, 0x04, 0x7D, 0x6D, 0xAF, 0x90, + 0xF5, 0xDA, 0x70, 0xD8, 0x47, 0xB7, 0xBF, 0x9B, 0x2F, 0x6C, 0xE7, 0x05, 0xB7, 0xE1, 0x11, 0x60, + 0xAC, 0x79, 0x91, 0x14, 0x7C, 0xC5, 0xD6, 0xA6, 0xE4, 0xE1, 0x7E, 0xD5, 0xC3, 0x7E, 0xE5, 0x92, + 0xD2, 0x3C, 0x00, 0xB5, 0x36, 0x82, 0xDE, 0x79, 0xE1, 0x6D, 0xF3, 0xB5, 0x6E, 0xF8, 0x9F, 0x33, + 0xC9, 0xCB, 0x52, 0x7D, 0x73, 0x98, 0x36, 0xDB, 0x8B, 0xA1, 0x6B, 0xA2, 0x95, 0x97, 0x9B, 0xA3, + 0xDE, 0xC2, 0x4D, 0x26, 0xFF, 0x06, 0x96, 0x67, 0x25, 0x06, 0xC8, 0xE7, 0xAC, 0xE4, 0xEE, 0x12, + 0x33, 0x95, 0x31, 0x99, 0xC8, 0x35, 0x08, 0x4E, 0x34, 0xCA, 0x79, 0x53, 0xD5, 0xB5, 0xBE, 0x63, + 0x32, 0x59, 0x40, 0x36, 0xC0, 0xA5, 0x4E, 0x04, 0x4D, 0x3D, 0xDB, 0x5B, 0x07, 0x33, 0xE4, 0x58, + 0xBF, 0xEF, 0x3F, 0x53, 0x64, 0xD8, 0x42, 0x59, 0x35, 0x57, 0xFD, 0x0F, 0x45, 0x7C, 0x24, 0x04, + 0x4D, 0x9E, 0xD6, 0x38, 0x74, 0x11, 0x97, 0x22, 0x90, 0xCE, 0x68, 0x44, 0x74, 0x92, 0x6F, 0xD5, + 0x4B, 0x6F, 0xB0, 0x86, 0xE3, 0xC7, 0x36, 0x42, 0xA0, 0xD0, 0xFC, 0xC1, 0xC0, 0x5A, 0xF9, 0xA3, + 0x61, 0xB9, 0x30, 0x47, 0x71, 0x96, 0x0A, 0x16, 0xB0, 0x91, 0xC0, 0x42, 0x95, 0xEF, 0x10, 0x7F, + 0x28, 0x6A, 0xE3, 0x2A, 0x1F, 0xB1, 0xE4, 0xCD, 0x03, 0x3F, 0x77, 0x71, 0x04, 0xC7, 0x20, 0xFC, + 0x49, 0x0F, 0x1D, 0x45, 0x88, 0xA4, 0xD7, 0xCB, 0x7E, 0x88, 0xAD, 0x8E, 0x2D, 0xEC, 0x45, 0xDB, + 0xC4, 0x51, 0x04, 0xC9, 0x2A, 0xFC, 0xEC, 0x86, 0x9E, 0x9A, 0x11, 0x97, 0x5B, 0xDE, 0xCE, 0x53, + 0x88, 0xE6, 0xE2, 0xB7, 0xFD, 0xAC, 0x95, 0xC2, 0x28, 0x40, 0xDB, 0xEF, 0x04, 0x90, 0xDF, 0x81, + 0x33, 0x39, 0xD9, 0xB2, 0x45, 0xA5, 0x23, 0x87, 0x06, 0xA5, 0x55, 0x89, 0x31, 0xBB, 0x06, 0x2D, + 0x60, 0x0E, 0x41, 0x18, 0x7D, 0x1F, 0x2E, 0xB5, 0x97, 0xCB, 0x11, 0xEB, 0x15, 0xD5, 0x24, 0xA5, + 0x94, 0xEF, 0x15, 0x14, 0x89, 0xFD, 0x4B, 0x73, 0xFA, 0x32, 0x5B, 0xFC, 0xD1, 0x33, 0x00, 0xF9, + 0x59, 0x62, 0x70, 0x07, 0x32, 0xEA, 0x2E, 0xAB, 0x40, 0x2D, 0x7B, 0xCA, 0xDD, 0x21, 0x67, 0x1B, + 0x30, 0x99, 0x8F, 0x16, 0xAA, 0x23, 0xA8, 0x41, 0xD1, 0xB0, 0x6E, 0x11, 0x9B, 0x36, 0xC4, 0xDE, + 0x40, 0x74, 0x9C, 0xE1, 0x58, 0x65, 0xC1, 0x60, 0x1E, 0x7A, 0x5B, 0x38, 0xC8, 0x8F, 0xBB, 0x04, + 0x26, 0x7C, 0xD4, 0x16, 0x40, 0xE5, 0xB6, 0x6B, 0x6C, 0xAA, 0x86, 0xFD, 0x00, 0xBF, 0xCE, 0xC1, + 0x35, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x51, 0x30, 0x4F, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x1D, + 0x0F, 0x04, 0x04, 0x03, 0x02, 0x01, 0xC6, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, + 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, + 0x16, 0x04, 0x14, 0x0E, 0xAC, 0x82, 0x60, 0x40, 0x56, 0x27, 0x97, 0xE5, 0x25, 0x13, 0xFC, 0x2A, + 0xE1, 0x0A, 0x53, 0x95, 0x59, 0xE4, 0xA4, 0x30, 0x10, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, + 0x82, 0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0xC5, 0x11, 0x4D, + 0x03, 0x3A, 0x60, 0xDD, 0x5D, 0x52, 0x11, 0x77, 0x8F, 0xB2, 0xBB, 0x36, 0xC8, 0xB2, 0x05, 0xBF, + 0xB4, 0xB7, 0xA8, 0xD8, 0x20, 0x9D, 0x5C, 0x13, 0x03, 0xB6, 0x1C, 0x22, 0xFA, 0x06, 0x13, 0x35, + 0xB6, 0xC8, 0x63, 0xD4, 0x9A, 0x47, 0x6F, 0x26, 0x57, 0xD2, 0x55, 0xF1, 0x04, 0xB1, 0x26, 0x5F, + 0xD6, 0xA9, 0x50, 0x68, 0xA0, 0xBC, 0xD2, 0xB8, 0x6E, 0xCC, 0xC3, 0xE9, 0xAC, 0xDF, 0x19, 0xCD, + 0x78, 0xAC, 0x59, 0x74, 0xAC, 0x66, 0x34, 0x36, 0xC4, 0x1B, 0x3E, 0x6C, 0x38, 0x4C, 0x33, 0x0E, + 0x30, 0x12, 0x0D, 0xA3, 0x26, 0xFE, 0x51, 0x53, 0x00, 0xFF, 0xAF, 0x5A, 0x4E, 0x84, 0x0D, 0x0F, + 0x1F, 0xE4, 0x6D, 0x05, 0x2E, 0x4E, 0x85, 0x4B, 0x8D, 0x6C, 0x33, 0x6F, 0x54, 0xD2, 0x64, 0xAB, + 0xBF, 0x50, 0xAF, 0x7D, 0x7A, 0x39, 0xA0, 0x37, 0xED, 0x63, 0x03, 0x0F, 0xFC, 0x13, 0x06, 0xCE, + 0x16, 0x36, 0xD4, 0x54, 0x3B, 0x95, 0x1B, 0x51, 0x62, 0x3A, 0xE5, 0x4D, 0x17, 0xD4, 0x05, 0x39, + 0x92, 0x9A, 0x27, 0xA8, 0x5B, 0xAA, 0xBD, 0xEC, 0xBB, 0xBE, 0xE3, 0x20, 0x89, 0x60, 0x71, 0x6C, + 0x56, 0xB3, 0xA5, 0x13, 0xD0, 0x6D, 0x0E, 0x23, 0x7E, 0x95, 0x03, 0xED, 0x68, 0x3D, 0xF2, 0xD8, + 0x63, 0xB8, 0x6B, 0x4D, 0xB6, 0xE8, 0x30, 0xB5, 0xE1, 0xCA, 0x94, 0x4B, 0xF7, 0xA2, 0xAA, 0x5D, + 0x99, 0x30, 0xB2, 0x3D, 0xA7, 0xC2, 0x51, 0x6C, 0x28, 0x20, 0x01, 0x24, 0x27, 0x2B, 0x4B, 0x00, + 0xB7, 0x9D, 0x11, 0x6B, 0x70, 0xBE, 0xB2, 0x10, 0x82, 0xBC, 0x0C, 0x9B, 0x68, 0xD0, 0x8D, 0x3B, + 0x24, 0x87, 0xAA, 0x99, 0x28, 0x72, 0x9D, 0x33, 0x5F, 0x59, 0x90, 0xBD, 0xF5, 0xDE, 0x93, 0x9E, + 0x3A, 0x62, 0x5A, 0x34, 0x39, 0xE2, 0x88, 0x55, 0x1D, 0xB9, 0x06, 0xB0, 0xC1, 0x89, 0x6B, 0x2D, + 0xD7, 0x69, 0xC3, 0x19, 0x12, 0x36, 0x84, 0xD0, 0xC9, 0xA0, 0xDA, 0xFF, 0x2F, 0x69, 0x78, 0xB2, + 0xE5, 0x7A, 0xDA, 0xEB, 0xD7, 0x0C, 0xC0, 0xF7, 0xBD, 0x63, 0x17, 0xB8, 0x39, 0x13, 0x38, 0xA2, + 0x36, 0x5B, 0x7B, 0xF2, 0x85, 0x56, 0x6A, 0x1D, 0x64, 0x62, 0xC1, 0x38, 0xE2, 0xAA, 0xBF, 0x51, + 0x66, 0xA2, 0x94, 0xF5, 0x12, 0x9C, 0x66, 0x22, 0x10, 0x6B, 0xF2, 0xB7, 0x30, 0x92, 0x2D, 0xF2, + 0x29, 0xF0, 0x3D, 0x3B, 0x14, 0x43, 0x68, 0xA2, 0xF1, 0x9C, 0x29, 0x37, 0xCB, 0xCE, 0x38, 0x20, + 0x25, 0x6D, 0x7C, 0x67, 0xF3, 0x7E, 0x24, 0x12, 0x24, 0x03, 0x08, 0x81, 0x47, 0xEC, 0xA5, 0x9E, + 0x97, 0xF5, 0x18, 0xD7, 0xCF, 0xBB, 0xD5, 0xEF, 0x76, 0x96, 0xEF, 0xFD, 0xCE, 0xDB, 0x56, 0x9D, + 0x95, 0xA0, 0x42, 0xF9, 0x97, 0x58, 0xE1, 0xD7, 0x31, 0x22, 0xD3, 0x5F, 0x59, 0xE6, 0x3E, 0x6E, + 0x22, 0x00, 0xEA, 0x43, 0x84, 0xB6, 0x25, 0xDB, 0xD9, 0xF3, 0x08, 0x56, 0x68, 0xC0, 0x64, 0x6B, + 0x1D, 0x7C, 0xEC, 0xB6, 0x93, 0xA2, 0x62, 0x57, 0x6E, 0x2E, 0xD8, 0xE7, 0x58, 0x8F, 0xC4, 0x31, + 0x49, 0x26, 0xDD, 0xDE, 0x29, 0x35, 0x87, 0xF5, 0x30, 0x71, 0x70, 0x5B, 0x14, 0x3C, 0x69, 0xBD, + 0x89, 0x12, 0x7D, 0xEB, 0x2E, 0xA3, 0xFE, 0xD8, 0x7F, 0x9E, 0x82, 0x5A, 0x52, 0x0A, 0x2B, 0xC1, + 0x43, 0x2B, 0xD9, 0x30, 0x88, 0x9F, 0xC8, 0x10, 0xFB, 0x89, 0x8D, 0xE6, 0xA1, 0x85, 0x75, 0x33, + 0x7E, 0x6C, 0x9E, 0xDB, 0x73, 0x13, 0x64, 0x62, 0x69, 0xA5, 0x2F, 0x7D, 0xCA, 0x96, 0x6D, 0x9F, + 0xF8, 0x04, 0x4D, 0x30, 0x92, 0x3D, 0x6E, 0x21, 0x14, 0x21, 0xC9, 0x3D, 0xE0, 0xC3, 0xFD, 0x8A, + 0x6B, 0x9D, 0x4A, 0xFD, 0xD1, 0xA1, 0x9D, 0x99, 0x43, 0x77, 0x3F, 0xB0, 0xDA +}; + +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 TestRootCert2[] = { + 0x30, 0x82, 0x05, 0xfd, 0x30, 0x82, 0x03, 0xe5, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x74, + 0x45, 0xc8, 0x78, 0x4e, 0x0c, 0xc9, 0x96, 0x4a, 0xb4, 0x2f, 0xbc, 0xda, 0x29, 0xe1, 0xbc, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, + 0x90, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, + 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, + 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, + 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, + 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3a, 0x30, 0x38, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x31, + 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x54, 0x65, 0x73, 0x74, 0x69, 0x6e, + 0x67, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, + 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, + 0x30, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x30, 0x30, 0x36, 0x31, 0x37, 0x32, 0x30, 0x35, 0x38, 0x30, + 0x32, 0x5a, 0x17, 0x0d, 0x33, 0x35, 0x30, 0x36, 0x31, 0x37, 0x32, 0x31, 0x30, 0x34, 0x31, 0x31, + 0x5a, 0x30, 0x81, 0x90, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, + 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, + 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, + 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, + 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3a, 0x30, 0x38, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x13, 0x31, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x54, 0x65, 0x73, + 0x74, 0x69, 0x6e, 0x67, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, + 0x32, 0x30, 0x31, 0x30, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, + 0x02, 0x82, 0x02, 0x01, 0x00, 0x95, 0xe3, 0xa8, 0xc1, 0xb9, 0x9c, 0x26, 0x54, 0xb0, 0x99, 0xef, + 0x26, 0x1f, 0xac, 0x1e, 0xc7, 0x30, 0x80, 0xbb, 0xf5, 0x3f, 0xf2, 0xe4, 0xbb, 0xf8, 0xfe, 0x06, + 0x6a, 0x0a, 0xa6, 0x88, 0xbc, 0xb4, 0x8c, 0x45, 0xe0, 0x70, 0x55, 0x19, 0x88, 0xb4, 0x05, 0xcb, + 0xb5, 0xc1, 0xa1, 0xfa, 0xd4, 0x7c, 0xc2, 0x42, 0x53, 0x07, 0x9c, 0x54, 0x56, 0xa8, 0x97, 0xe0, + 0x94, 0x69, 0xbe, 0x13, 0x24, 0xef, 0xe5, 0x8a, 0x29, 0x9c, 0xa6, 0xd0, 0x2b, 0x2f, 0x8a, 0xa6, + 0xe8, 0x79, 0x44, 0x2e, 0x8b, 0xea, 0xc9, 0xbe, 0xb8, 0x54, 0x86, 0x53, 0xbe, 0x07, 0x24, 0x34, + 0x54, 0x15, 0x22, 0x20, 0x01, 0x7b, 0x8a, 0x46, 0xfb, 0xd2, 0x91, 0x07, 0x95, 0x09, 0xb0, 0x56, + 0x11, 0xcc, 0x76, 0xb2, 0xd0, 0x1f, 0x44, 0x79, 0x52, 0x34, 0x28, 0xec, 0x4f, 0x49, 0xc2, 0xcb, + 0x61, 0xd3, 0x86, 0xdc, 0xe4, 0xa3, 0x7e, 0x55, 0x9e, 0x9f, 0xee, 0x10, 0x6f, 0xcf, 0xe1, 0x3d, + 0xf8, 0xb7, 0x84, 0x79, 0xa2, 0x3b, 0x8d, 0x1c, 0xb0, 0x81, 0x7c, 0xe4, 0x44, 0x07, 0xe4, 0xce, + 0x46, 0xb0, 0x98, 0x83, 0x8d, 0x87, 0x8f, 0xe5, 0xf5, 0xae, 0x40, 0x7a, 0xf1, 0xed, 0x3d, 0x9b, + 0x9a, 0x7c, 0x4a, 0xd1, 0xb9, 0xc3, 0x94, 0x05, 0x7b, 0xdc, 0xda, 0xb8, 0xce, 0xdc, 0x1e, 0x6c, + 0xcf, 0xd9, 0x9e, 0x37, 0xef, 0xc3, 0x5a, 0x36, 0x7b, 0x90, 0x86, 0x45, 0xdc, 0xf6, 0x2e, 0xca, + 0xdd, 0xee, 0xde, 0x27, 0xd9, 0x74, 0x9a, 0x69, 0xf5, 0xd9, 0x5d, 0x09, 0x2d, 0x45, 0x41, 0xcc, + 0xb7, 0xc2, 0x82, 0xd4, 0x2a, 0x8c, 0x16, 0x25, 0x92, 0x97, 0x3d, 0x94, 0x4e, 0x89, 0x33, 0x7e, + 0x5b, 0x03, 0x54, 0xcd, 0xb0, 0x83, 0xa0, 0x8e, 0x41, 0xb7, 0x87, 0x8d, 0xd9, 0x05, 0x63, 0x52, + 0xf6, 0xee, 0xe6, 0x4e, 0x13, 0x9d, 0x54, 0xcd, 0x49, 0xfe, 0xe3, 0x8b, 0x3b, 0x50, 0x9b, 0x48, + 0xbb, 0xb2, 0xe5, 0x92, 0xd4, 0xab, 0xa0, 0xc5, 0x10, 0xaf, 0x3e, 0xb1, 0x45, 0x21, 0x34, 0x90, + 0xdc, 0xad, 0xb9, 0xf7, 0xfe, 0x21, 0xae, 0xee, 0x50, 0x58, 0x7a, 0x3a, 0xe5, 0xaa, 0xd8, 0xe3, + 0x82, 0xd6, 0xcf, 0x6d, 0x4d, 0xc9, 0x15, 0xac, 0x9c, 0x31, 0x17, 0xa5, 0x16, 0xa7, 0x42, 0xf6, + 0xda, 0x12, 0x78, 0xa7, 0x66, 0x90, 0xec, 0xfc, 0xcd, 0x01, 0x63, 0xff, 0xf0, 0x0e, 0xba, 0xe1, + 0xcd, 0xf0, 0xdb, 0x6b, 0x9a, 0x0f, 0xf6, 0x0f, 0x04, 0x01, 0x09, 0xbc, 0x9f, 0xce, 0xb7, 0x6c, + 0x51, 0x70, 0x57, 0x08, 0x1b, 0xff, 0x79, 0x9a, 0x52, 0x5d, 0xba, 0xac, 0x14, 0xe5, 0x3b, 0x67, + 0xcf, 0x2c, 0x52, 0xde, 0x27, 0x9a, 0x34, 0x03, 0x6e, 0x25, 0x48, 0xb0, 0x19, 0x74, 0xfc, 0x4d, + 0x98, 0xc2, 0x4b, 0x8c, 0x92, 0xe1, 0x88, 0xae, 0x48, 0x2a, 0xab, 0xab, 0xcd, 0x14, 0x4d, 0xb6, + 0x61, 0x0e, 0xa1, 0x09, 0x8f, 0x2c, 0xdb, 0x45, 0xaf, 0x7d, 0x3b, 0x81, 0x56, 0x08, 0xc9, 0x3b, + 0x41, 0xb7, 0x64, 0x9f, 0x5d, 0x2e, 0x12, 0x7f, 0xb9, 0x69, 0x29, 0x1f, 0x52, 0x45, 0x4a, 0x23, + 0xc6, 0xaf, 0xb6, 0xb2, 0x38, 0x72, 0x9d, 0x08, 0x33, 0xff, 0xd0, 0xcf, 0x89, 0xb6, 0xea, 0x6e, + 0x85, 0x44, 0x94, 0x3e, 0x91, 0x59, 0xeb, 0xef, 0x9e, 0xbd, 0x9b, 0x9c, 0x1a, 0x47, 0x03, 0x4e, + 0xa2, 0x17, 0x96, 0xfa, 0x62, 0x0b, 0xe8, 0x53, 0xb6, 0x4e, 0xe3, 0xe8, 0x2a, 0x73, 0x59, 0xe2, + 0x13, 0xb8, 0xf8, 0x5a, 0x7e, 0xc6, 0xe2, 0x0a, 0xdd, 0x4a, 0x43, 0xcc, 0xc3, 0x77, 0x3b, 0x7a, + 0x31, 0x04, 0x0a, 0xc1, 0x84, 0x96, 0x3a, 0x63, 0x6e, 0x1a, 0x3e, 0x0a, 0x0c, 0x25, 0xb8, 0x7e, + 0xb5, 0x52, 0x0c, 0xb9, 0xab, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x51, 0x30, 0x4f, 0x30, 0x0b, + 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, + 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, + 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa3, 0x01, 0x04, 0x7e, 0x30, 0x88, 0x33, 0xeb, 0xb9, + 0x31, 0x9c, 0xca, 0xeb, 0x85, 0x76, 0x67, 0xfc, 0x65, 0xb4, 0xd1, 0x30, 0x10, 0x06, 0x09, 0x2b, + 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, + 0x00, 0x49, 0x8b, 0xc1, 0xfc, 0x4f, 0xe8, 0xe4, 0x2d, 0x67, 0x92, 0x9a, 0x76, 0x05, 0xba, 0xd1, + 0xbc, 0x98, 0xe4, 0x2b, 0xba, 0x1f, 0x66, 0x5f, 0x66, 0x23, 0xcf, 0x1c, 0x27, 0xeb, 0xb4, 0xaa, + 0xdd, 0xa0, 0x17, 0x20, 0x55, 0x72, 0x33, 0xb1, 0x76, 0xde, 0xc9, 0x6d, 0x0d, 0x3c, 0x2d, 0x0a, + 0x08, 0x24, 0x2d, 0xec, 0x38, 0x96, 0x7a, 0x83, 0xf1, 0x27, 0x50, 0x3c, 0x86, 0x09, 0xdd, 0x0d, + 0x41, 0xce, 0xaa, 0x5e, 0xf3, 0x8f, 0x7a, 0x3e, 0x3e, 0xf1, 0xf0, 0xba, 0x8b, 0x72, 0xdd, 0x36, + 0xa1, 0x69, 0x05, 0x5b, 0x7c, 0xec, 0xe7, 0x70, 0x63, 0x8d, 0x1d, 0x6e, 0xc0, 0xfd, 0x3a, 0x03, + 0xf1, 0x10, 0x3e, 0x90, 0xd7, 0x7b, 0x7a, 0xdc, 0xea, 0x60, 0xec, 0x2f, 0x53, 0xfd, 0x19, 0x1d, + 0x3a, 0xa1, 0x74, 0x08, 0xc2, 0x7b, 0x3c, 0xe0, 0x50, 0xac, 0x21, 0xd7, 0xb6, 0xdd, 0xdd, 0x3c, + 0x44, 0x1b, 0xf7, 0xf3, 0x44, 0x3e, 0x6c, 0x96, 0xe0, 0xc0, 0x9f, 0xe6, 0xef, 0xdd, 0xdd, 0xb1, + 0xa6, 0x68, 0x61, 0x6c, 0x5e, 0x9e, 0xf9, 0xff, 0x9a, 0x06, 0xa4, 0x6a, 0xcd, 0x9e, 0x75, 0x43, + 0x89, 0x9b, 0xcb, 0x85, 0xf6, 0xdc, 0x0c, 0x46, 0x4a, 0x8c, 0x9b, 0xac, 0x11, 0xa6, 0x63, 0x45, + 0xfb, 0xfc, 0xde, 0x20, 0xee, 0xce, 0x67, 0x9f, 0x3d, 0xd0, 0x93, 0xdb, 0x39, 0xfb, 0xea, 0x5e, + 0x4b, 0xfc, 0xd6, 0x20, 0xf1, 0x95, 0x36, 0x08, 0x8c, 0xb2, 0xb3, 0xa1, 0x97, 0x1b, 0x41, 0x19, + 0xb0, 0xac, 0xfe, 0xe2, 0xd5, 0xab, 0x7d, 0xd9, 0x26, 0xd4, 0xdc, 0xbd, 0x1f, 0x38, 0xc0, 0xe3, + 0x86, 0xdf, 0x24, 0xe7, 0xf5, 0x3e, 0x09, 0xca, 0x4d, 0xa1, 0xba, 0x16, 0xc3, 0x4a, 0xb1, 0xfc, + 0x72, 0x98, 0xcf, 0x0e, 0x92, 0xfa, 0x57, 0x45, 0xe9, 0x48, 0x4d, 0xc6, 0xa2, 0x7c, 0x3b, 0x72, + 0x63, 0xac, 0x4e, 0xf4, 0x74, 0xe9, 0x2b, 0x57, 0xac, 0xab, 0x32, 0x88, 0x0b, 0xa9, 0x10, 0x67, + 0x53, 0x7e, 0xd2, 0x62, 0xd2, 0xfa, 0x68, 0xe8, 0x9d, 0x5b, 0xae, 0xcd, 0xe0, 0xe5, 0xe2, 0x06, + 0x96, 0x0c, 0x34, 0x32, 0xf6, 0xbc, 0x25, 0xad, 0x98, 0xf3, 0x32, 0x60, 0xbe, 0x14, 0xd3, 0x78, + 0xd1, 0x10, 0x6f, 0xff, 0x32, 0xe3, 0x9e, 0x3d, 0x88, 0xda, 0xb3, 0x32, 0x0a, 0xcf, 0x20, 0x65, + 0x47, 0x78, 0xaa, 0xa5, 0x4b, 0x87, 0x6a, 0x83, 0xdc, 0x1a, 0x5a, 0x2a, 0xdf, 0x70, 0x61, 0xaf, + 0x35, 0x32, 0xe0, 0x59, 0xa1, 0x9f, 0x0b, 0x14, 0x7a, 0xaa, 0xab, 0x42, 0x0b, 0x6b, 0xff, 0xfb, + 0x34, 0xcb, 0x9d, 0x96, 0xd7, 0x26, 0x2a, 0x13, 0x3b, 0xe3, 0xdf, 0x11, 0xe6, 0x86, 0x7d, 0x0d, + 0x09, 0x11, 0x93, 0x4b, 0xa4, 0xf6, 0xd2, 0x07, 0xc2, 0xcd, 0xc8, 0xbe, 0xf5, 0x67, 0xf7, 0xae, + 0x05, 0xce, 0x16, 0xfe, 0x90, 0xc9, 0x4a, 0x98, 0x1b, 0x24, 0x69, 0x78, 0x90, 0xf9, 0x34, 0x8e, + 0x37, 0xe8, 0x6e, 0x1d, 0xdc, 0xcf, 0x4f, 0xe7, 0xd2, 0x64, 0x40, 0x1d, 0xc4, 0x30, 0xba, 0xd5, + 0x08, 0x88, 0x67, 0x4b, 0x0f, 0xb8, 0xe5, 0x59, 0xe9, 0x18, 0xd8, 0x0c, 0x60, 0x68, 0xae, 0x7f, + 0xea, 0x91, 0x55, 0xbe, 0xeb, 0xf1, 0xa7, 0x8e, 0xd8, 0x5d, 0x50, 0x3e, 0xbf, 0xd5, 0x69, 0x57, + 0x95, 0x8f, 0xa7, 0xff, 0xe4, 0x09, 0x3f, 0x08, 0x80, 0x97, 0x32, 0x42, 0xb8, 0x82, 0x43, 0x82, + 0x6f, 0x8b, 0x0b, 0x93, 0xda, 0x19, 0xbf, 0x63, 0x4e, 0x5f, 0x9f, 0xed, 0x2c, 0x22, 0xb6, 0x20, + 0x5f, 0x70, 0x44, 0xfa, 0x89, 0x59, 0x93, 0xb0, 0x7b, 0x12, 0x0f, 0x5e, 0x62, 0x62, 0x51, 0x11, + 0xbd, 0xba, 0x5a, 0xd0, 0xce, 0xa1, 0xb6, 0xef, 0x80, 0x20, 0xe6, 0x73, 0x4b, 0x11, 0x06, 0x56, + 0xe2, 0x0a +}; + +// +// OID ASN.1 Value for Hash Algorithms +// +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 HashOidValue[] = { + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, // OBJ_md5 + 0x2B, 0x0E, 0x03, 0x02, 0x1A, // OBJ_sha1 + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, // OBJ_sha224 + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, // OBJ_sha256 + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, // OBJ_sha384 + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, // OBJ_sha512 +}; + +/** + Validate MSFT Authenticode Signature. + + @retval TRUE Validation succeeded. + @retval FALSE Validation failed. + +**/ +BOOLEAN +VerifyAuthenticode ( + VOID + ) +{ + BOOLEAN Status; + + Status = FALSE; + Print (L"\n- PE/COFF Authenticode (Digested by SHA-1) Verification ... "); + + // + // Sample Code: Demonstrate how to check the Hash algorithm in PE/COFF Authenticode. + // According to PKCS#7 Definition: + // SignedData ::= SEQUENCE { + // version Version, + // digestAlgorithms DigestAlgorithmIdentifiers, + // contentInfo ContentInfo, + // .... } + // The DigestAlgorithmIdentifiers can be used to determine the hash algorithm in PE/COFF hashing + // This field has the fixed offset (+32) in final Authenticode ASN.1 data. + // + if (CompareMem (AuthenticodeWithSha1 + 32, &HashOidValue[8], 5) == 0) { + // + // Verify Authenticode signature. + // The PeHash value should be calculated following MSFT's Authenticode Specification. + // + Status = AuthenticodeVerify ( + AuthenticodeWithSha1, + sizeof (AuthenticodeWithSha1), + TestRootCert1, + sizeof (TestRootCert1), + PeSha1Hash, + SHA1_DIGEST_SIZE + ); + if (Status) { + Print (L"[Pass]"); + } else { + Print (L"[Fail]"); + } + } else { + Print (L"[Invalid Hash]"); + } + + Print (L"\n- PE/COFF Authenticode (Digested by SHA-256) Verification ... "); + + if (CompareMem (AuthenticodeWithSha256 + 32, &HashOidValue[22], 9) == 0) { + Status = AuthenticodeVerify ( + AuthenticodeWithSha256, + sizeof (AuthenticodeWithSha256), + TestRootCert2, + sizeof (TestRootCert2), + PeSha256Hash, + SHA256_DIGEST_SIZE + ); + if (Status) { + Print (L"[Pass]"); + } else { + Print (L"[Fail]"); + } + } else { + Print (L"[Invalid Hash]"); + } + + return Status; +} + +/** + Validate UEFI-OpenSSL Authenticode Verification Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateAuthenticode ( + VOID + ) +{ + BOOLEAN Status; + + Print (L"\nUEFI-OpenSSL Authenticode Testing: "); + + Status = VerifyAuthenticode (); + + Print (L"\n"); + + if (Status) { + return EFI_SUCCESS; + } else { + return EFI_ABORTED; + } +} diff --git a/DeviceSecurityTestPkg/Test/Cryptest/BlockCipherVerify.c b/DeviceSecurityTestPkg/Test/Cryptest/BlockCipherVerify.c new file mode 100644 index 00000000000..edb1e4f9440 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Cryptest/BlockCipherVerify.c @@ -0,0 +1,104 @@ +/** @file + Application for Block Cipher Primitives Validation. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "Cryptest.h" + +// +// AES test vectors are from NIST KAT of AES +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Aes128CbcData[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Aes128CbcKey[] = { + 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0, 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Aes128CbcIvec[] = { + 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28, 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Aes128CbcCipher[] = { + 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a, 0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a, + 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9, 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 +}; + +/** + Validate UEFI-OpenSSL Block Ciphers (Symmetric Crypto) Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptBlockCipher ( + VOID + ) +{ + UINTN CtxSize; + VOID *CipherCtx; + UINT8 Encrypt[256]; + UINT8 Decrypt[256]; + BOOLEAN Status; + + Print (L"\nUEFI-OpenSSL Block Cipher Engine Testing: "); + + CtxSize = AesGetContextSize (); + CipherCtx = AllocatePool (CtxSize); + + Print (L"\n- AES Validation: "); + + Print (L"CBC-128... "); + + // + // AES-128 CBC Validation + // + ZeroMem (Encrypt, sizeof (Encrypt)); + ZeroMem (Decrypt, sizeof (Decrypt)); + + Status = AesInit (CipherCtx, Aes128CbcKey, 128); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Status = AesCbcEncrypt (CipherCtx, Aes128CbcData, sizeof (Aes128CbcData), Aes128CbcIvec, Encrypt); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Status = AesCbcDecrypt (CipherCtx, Encrypt, sizeof (Aes128CbcData), Aes128CbcIvec, Decrypt); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + if (CompareMem (Encrypt, Aes128CbcCipher, sizeof (Aes128CbcCipher)) != 0) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + if (CompareMem (Decrypt, Aes128CbcData, sizeof (Aes128CbcData)) != 0) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"[Pass]"); + + Print (L"\n"); + + return EFI_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/Test/Cryptest/Cryptest.c b/DeviceSecurityTestPkg/Test/Cryptest/Cryptest.c new file mode 100644 index 00000000000..2cad9c38ff8 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Cryptest/Cryptest.c @@ -0,0 +1,150 @@ +/** @file + Application for Cryptographic Primitives Validation. + +Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "Cryptest.h" + +VOID +InternalDumpData ( + IN UINT8 *Data, + IN UINTN Size + ) +{ + UINTN Index; + + for (Index = 0; Index < Size; Index++) { + DEBUG ((EFI_D_INFO, "%02x ", (UINTN)Data[Index])); + } +} + +VOID +InternalDumpHex ( + IN UINT8 *Data, + IN UINTN Size + ) +{ + UINTN Index; + UINTN Count; + UINTN Left; + + #define COLUME_SIZE (16 * 2) + + Count = Size / COLUME_SIZE; + Left = Size % COLUME_SIZE; + for (Index = 0; Index < Count; Index++) { + DEBUG ((EFI_D_INFO, "%04x: ", Index * COLUME_SIZE)); + InternalDumpData (Data + Index * COLUME_SIZE, COLUME_SIZE); + DEBUG ((EFI_D_INFO, "\n")); + } + + if (Left != 0) { + DEBUG ((EFI_D_INFO, "%04x: ", Index * COLUME_SIZE)); + InternalDumpData (Data + Index * COLUME_SIZE, Left); + DEBUG ((EFI_D_INFO, "\n")); + } +} + +/** + Entry Point of Cryptographic Validation Utility. + + @param ImageHandle The image handle of the UEFI Application. + @param SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval other Some error occurs when executing this entry point. + +**/ +EFI_STATUS +EFIAPI +CryptestMain ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + + Print (L"\nUEFI-OpenSSL Wrapper Cryptosystem Testing: \n"); + Print (L"-------------------------------------------- \n"); + + RandomSeed (NULL, 0); + + Status = ValidateCryptDigest (); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = ValidateCryptHmac (); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = ValidateCryptBlockCipher (); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = ValidateCryptAeadCipher (); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = ValidateCryptRsa (); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = ValidateCryptRsa2 (); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = ValidateCryptPkcs5Pbkdf2 (); + if (EFI_ERROR (Status)) { + return Status; + } + + #if 1 + Status = ValidateCryptPkcs7 (); + if (EFI_ERROR (Status)) { + return Status; + } + + #endif + + Status = ValidateAuthenticode (); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = ValidateTSCounterSignature (); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = ValidateCryptEc (); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = ValidateCryptEc2 (); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = ValidateCryptPrng (); + if (EFI_ERROR (Status)) { + return Status; + } + + return EFI_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/Test/Cryptest/Cryptest.h b/DeviceSecurityTestPkg/Test/Cryptest/Cryptest.h new file mode 100644 index 00000000000..e35e85d322a --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Cryptest/Cryptest.h @@ -0,0 +1,219 @@ +/** @file + Application for Cryptographic Primitives Validation. + +Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef __CRYPTEST_H__ +#define __CRYPTEST_H__ + +#include +#include +#include +#include +#include +#include +#include +#include + +/** + Validate UEFI-OpenSSL Digest Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptDigest ( + VOID + ); + +/** + Validate UEFI-OpenSSL Message Authentication Codes Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptHmac ( + VOID + ); + +/** + Validate UEFI-OpenSSL Block Ciphers (Symmetric Crypto) Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptBlockCipher ( + VOID + ); + +/** + Validate UEFI-OpenSSL Message Authentication Codes Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptMac ( + VOID + ); + +/** + Validate UEFI-OpenSSL AEAD Ciphers Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptAeadCipher ( + VOID + ); + +/** + Validate UEFI-OpenSSL RSA Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptRsa ( + VOID + ); + +/** + Validate UEFI-OpenSSL RSA Key Retrieving (from PEM & X509) & Signature Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptRsa2 ( + VOID + ); + +/** + Validate UEFI-OpenSSL PKCS#5 PBKDF2 Interface. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptPkcs5Pbkdf2 ( + VOID + ); + +/** + Validate UEFI-OpenSSL PKCS#7 Signing & Verification Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptPkcs7 ( + VOID + ); + +/** + Validate UEFI-OpenSSL Authenticode Verification Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateAuthenticode ( + VOID + ); + +/** + Validate UEFI-OpenSSL RFC3161 Timestamp CounterSignature Verification Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateTSCounterSignature ( + VOID + ); + +/** + Validate UEFI-OpenSSL DH Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptDh ( + VOID + ); + +/** + Validate UEFI-OpenSSL EC Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptEc ( + VOID + ); + +/** + Validate UEFI-OpenSSL EC Key Retrieving (from PEM & X509) & Signature Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptEc2 ( + VOID + ); + +/** + Validate UEFI-OpenSSL PKCS#7 Signing & Verification Interfaces for EC. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptPkcs7Ec ( + VOID + ); + +/** + Validate UEFI-OpenSSL pseudorandom number generator interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptPrng ( + VOID + ); + +#endif diff --git a/DeviceSecurityTestPkg/Test/Cryptest/Cryptest.inf b/DeviceSecurityTestPkg/Test/Cryptest/Cryptest.inf new file mode 100644 index 00000000000..0dee87d9b79 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Cryptest/Cryptest.inf @@ -0,0 +1,64 @@ +## @file +# Shell application that will test the crypto library. +# +# UEFI Application for the Validation of cryptography library (based on OpenSSL-1.0.2j). +# +# Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Cryptest + MODULE_UNI_FILE = Cryptest.uni + FILE_GUID = fb925ac7-192a-9567-8586-7c6f5f710607 + MODULE_TYPE = UEFI_APPLICATION + VERSION_STRING = 1.0 + ENTRY_POINT = CryptestMain + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF +# + +[Sources] + Cryptest.h + Cryptest.c + HashVerify.c + HmacVerify.c + BlockCipherVerify.c + AeadVerify.c + RsaVerify.c + RsaVerify2.c + Pkcs5Pbkdf2Verify.c + AuthenticodeVerify.c + TSVerify.c + EcVerify.c + EcVerify2.c + RandVerify.c + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + UefiApplicationEntryPoint + UefiLib + BaseLib + UefiBootServicesTableLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + BaseCryptLib + +[UserExtensions.TianoCore."ExtraFiles"] + CryptestExtra.uni + diff --git a/DeviceSecurityTestPkg/Test/Cryptest/Cryptest.uni b/DeviceSecurityTestPkg/Test/Cryptest/Cryptest.uni new file mode 100644 index 00000000000..34f55498b31 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Cryptest/Cryptest.uni @@ -0,0 +1,22 @@ +// /** @file +// Shell application that will test the crypto library. +// +// UEFI Application for the Validation of cryptography library (based on OpenSSL 0.9.8zb). +// +// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
+// +// This program and the accompanying materials +// are licensed and made available under the terms and conditions of the BSD License +// which accompanies this distribution. The full text of the license may be found at +// http://opensource.org/licenses/bsd-license.php +// +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "Shell application that will test the crypto library" + +#string STR_MODULE_DESCRIPTION #language en-US "UEFI Application for the Validation of cryptography library (based on OpenSSL 0.9.8zb)." + diff --git a/DeviceSecurityTestPkg/Test/Cryptest/CryptestExtra.uni b/DeviceSecurityTestPkg/Test/Cryptest/CryptestExtra.uni new file mode 100644 index 00000000000..530faa593c8 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Cryptest/CryptestExtra.uni @@ -0,0 +1,20 @@ +// /** @file +// Cryptest Localized Strings and Content +// +// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+// +// This program and the accompanying materials +// are licensed and made available under the terms and conditions of the BSD License +// which accompanies this distribution. The full text of the license may be found at +// http://opensource.org/licenses/bsd-license.php +// +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +// +// **/ + +#string STR_PROPERTIES_MODULE_NAME +#language en-US +"Cryptest module" + + diff --git a/DeviceSecurityTestPkg/Test/Cryptest/DhVerify.c b/DeviceSecurityTestPkg/Test/Cryptest/DhVerify.c new file mode 100644 index 00000000000..2d35ba5ab74 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Cryptest/DhVerify.c @@ -0,0 +1,197 @@ +/** @file + Application for Diffie-Hellman Primitives Validation. + +Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "Cryptest.h" + +/** + Validate UEFI-OpenSSL DH Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptDh ( + VOID + ) +{ + VOID *Dh1; + VOID *Dh2; + UINT8 Prime[64]; + UINT8 PublicKey1[64]; + UINTN PublicKey1Length; + UINT8 PublicKey2[64]; + UINTN PublicKey2Length; + UINT8 Key1[64]; + UINTN Key1Length; + UINT8 Key2[64]; + UINTN Key2Length; + BOOLEAN Status; + UINT8 FFPublicKey1[256]; + UINTN FFPublicKey1Length; + UINT8 FFPublicKey2[256]; + UINTN FFPublicKey2Length; + UINT8 FFKey1[256]; + UINTN FFKey1Length; + UINT8 FFKey2[256]; + UINTN FFKey2Length; + + Print (L"\nUEFI-OpenSSL DH Engine Testing:\n"); + + if (0) { + // + // Initialize Key Length + // + PublicKey1Length = sizeof (PublicKey1); + PublicKey2Length = sizeof (PublicKey2); + Key1Length = sizeof (Key1); + Key2Length = sizeof (Key2); + + // + // Generate & Initialize DH Context + // + Print (L"- Context1 ... "); + Dh1 = DhNew (); + if (Dh1 == NULL) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Context2 ... "); + Dh2 = DhNew (); + if (Dh2 == NULL) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Parameter1 ... "); + Status = DhGenerateParameter (Dh1, 2, 64, Prime); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Parameter2 ... "); + Status = DhSetParameter (Dh2, 2, 64, Prime); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Generate key1 ... "); + Status = DhGenerateKey (Dh1, PublicKey1, &PublicKey1Length); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Generate key2 ... "); + Status = DhGenerateKey (Dh2, PublicKey2, &PublicKey2Length); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Compute key1 ... "); + Status = DhComputeKey (Dh1, PublicKey2, PublicKey2Length, Key1, &Key1Length); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Compute key2 ... "); + Status = DhComputeKey (Dh2, PublicKey1, PublicKey1Length, Key2, &Key2Length); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Compare Keys ... "); + if (Key1Length != Key2Length) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + if (CompareMem (Key1, Key2, Key1Length) != 0) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"[Pass]\n"); + } + + // + // + // + FFPublicKey1Length = sizeof (FFPublicKey1); + FFPublicKey2Length = sizeof (FFPublicKey2); + FFKey1Length = sizeof (FFKey1); + FFKey2Length = sizeof (FFKey2); + Print (L"- Context1 ... "); + Dh1 = DhNewByNid (CRYPTO_NID_FFDHE2048); + if (Dh1 == NULL) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Context2 ... "); + Dh2 = DhNewByNid (CRYPTO_NID_FFDHE2048); + if (Dh2 == NULL) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Generate key1 ... "); + Status = DhGenerateKey (Dh1, FFPublicKey1, &FFPublicKey1Length); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Generate key2 ... "); + Status = DhGenerateKey (Dh2, FFPublicKey2, &FFPublicKey2Length); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Compute key1 ... "); + Status = DhComputeKey (Dh1, FFPublicKey2, FFPublicKey2Length, FFKey1, &FFKey1Length); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Compute key2 ... "); + Status = DhComputeKey (Dh2, FFPublicKey1, FFPublicKey1Length, FFKey2, &FFKey2Length); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Compare Keys ... "); + if (FFKey1Length != FFKey2Length) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + if (CompareMem (FFKey1, FFKey2, FFKey1Length) != 0) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"[Pass]\n"); + + return EFI_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/Test/Cryptest/EcVerify.c b/DeviceSecurityTestPkg/Test/Cryptest/EcVerify.c new file mode 100644 index 00000000000..6baa6514766 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Cryptest/EcVerify.c @@ -0,0 +1,192 @@ +/** @file + Application for Elliptic Curve Primitives Validation. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "Cryptest.h" + +/** + Validate UEFI-OpenSSL EC Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptEc ( + VOID + ) +{ + VOID *Ec1; + VOID *Ec2; + UINT8 Public1[66 * 2]; + UINTN Public1Length; + UINT8 Public2[66 * 2]; + UINTN Public2Length; + UINT8 Key1[32]; + UINTN Key1Length; + UINT8 Key2[32]; + UINTN Key2Length; + UINT8 HashValue[SHA256_DIGEST_SIZE]; + UINTN HashSize; + UINT8 Signature[66 * 2]; + UINTN SigSize; + BOOLEAN Status; + + Print (L"\nUEFI-OpenSSL EC-DH Key Exchange Testing:\n"); + + // + // Initialize Key Length + // + Public1Length = sizeof (Public1); + Public2Length = sizeof (Public2); + Key1Length = sizeof (Key1); + Key2Length = sizeof (Key2); + + // + // Generate & Initialize EC Context + // + Print (L"- Context1 ... "); + Ec1 = EcNewByNid (CRYPTO_NID_SECP256R1); + if (Ec1 == NULL) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Context2 ... "); + Ec2 = EcNewByNid (CRYPTO_NID_SECP256R1); + if (Ec2 == NULL) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + // + // Verify EC-DH + // + Print (L"Generate key1 ... "); + Status = EcGenerateKey (Ec1, Public1, &Public1Length); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Generate key2 ... "); + Status = EcGenerateKey (Ec2, Public2, &Public2Length); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Compute key1 ... "); + Status = EcDhComputeKey (Ec1, Public2, Public2Length, NULL, Key1, &Key1Length); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Compute key2 ... "); + Status = EcDhComputeKey (Ec2, Public1, Public1Length, NULL, Key2, &Key2Length); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Compare Keys ... "); + if (Key1Length != Key2Length) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + if (CompareMem (Key1, Key2, Key1Length) != 0) { + Print (L"[Fail]"); + return EFI_ABORTED; + } else { + Print (L"[Pass]\n"); + } + + EcFree (Ec1); + EcFree (Ec2); + + Print (L"\nUEFI-OpenSSL EC-DSA Signing Verification Testing:\n"); + + Public1Length = sizeof (Public1); + Public2Length = sizeof (Public2); + + Print (L"- Context1 ... "); + Ec1 = EcNewByNid (CRYPTO_NID_SECP256R1); + if (Ec1 == NULL) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Context2 ... "); + Ec2 = EcNewByNid (CRYPTO_NID_SECP521R1); + if (Ec2 == NULL) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Compute key1 ... "); + Status = EcGenerateKey (Ec1, Public1, &Public1Length); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Compute key2 ... "); + Status = EcGenerateKey (Ec2, Public2, &Public2Length); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + // + // Verify EC-DSA + // + HashSize = sizeof (HashValue); + SigSize = sizeof (Signature); + Print (L"\n- EC-DSA Signing ... "); + Status = EcDsaSign (Ec1, CRYPTO_NID_SHA256, HashValue, HashSize, Signature, &SigSize); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"EC-DSA Verification ... "); + Status = EcDsaVerify (Ec1, CRYPTO_NID_SHA256, HashValue, HashSize, Signature, SigSize); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } else { + Print (L"[Pass]\n"); + } + + HashSize = sizeof (HashValue); + SigSize = sizeof (Signature); + Print (L"- EC-DSA Signing ... "); + Status = EcDsaSign (Ec2, CRYPTO_NID_SHA256, HashValue, HashSize, Signature, &SigSize); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"EC-DSA Verification ... "); + Status = EcDsaVerify (Ec2, CRYPTO_NID_SHA256, HashValue, HashSize, Signature, SigSize); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } else { + Print (L"[Pass]\n"); + } + + return EFI_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/Test/Cryptest/EcVerify2.c b/DeviceSecurityTestPkg/Test/Cryptest/EcVerify2.c new file mode 100644 index 00000000000..d9fb77acdfe --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Cryptest/EcVerify2.c @@ -0,0 +1,154 @@ +/** @file + Application for Elliptic Curve Key Retrieving (from PEM and X509) & Signature Validation. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "Cryptest.h" + +// +// Root CA X509 Certificate for X509 Verification Routine (Generated by OpenSSL utility). +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 EccTestRootCer[] = { + 0x30, 0x82, 0x01, 0xd2, 0x30, 0x82, 0x01, 0x77, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, + 0xcc, 0x10, 0x45, 0x50, 0xaf, 0x50, 0x1b, 0xe2, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x04, 0x03, 0x02, 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, + 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, + 0x0a, 0x0c, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67, + 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x30, 0x1e, 0x17, 0x0d, 0x32, + 0x30, 0x30, 0x32, 0x32, 0x37, 0x31, 0x32, 0x30, 0x32, 0x31, 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x30, + 0x30, 0x32, 0x32, 0x34, 0x31, 0x32, 0x30, 0x32, 0x31, 0x30, 0x5a, 0x30, 0x45, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, + 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, + 0x74, 0x64, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x11, 0xa4, 0x06, + 0x65, 0xb6, 0x79, 0x6e, 0x72, 0xb6, 0xd8, 0x09, 0x84, 0x92, 0x86, 0x11, 0x09, 0xde, 0xea, 0xd0, + 0x0c, 0x60, 0xf1, 0x8a, 0xff, 0x7c, 0xde, 0xce, 0xec, 0x07, 0xba, 0xa5, 0xb8, 0xd5, 0x17, 0xe5, + 0x62, 0x33, 0x2d, 0x88, 0xb1, 0x9a, 0xe6, 0xf3, 0x09, 0x43, 0x0e, 0xa9, 0xf7, 0x3c, 0xe9, 0x20, + 0xba, 0xbd, 0xb1, 0x3c, 0x03, 0x89, 0x1e, 0x2a, 0xff, 0x6e, 0x08, 0xff, 0x2e, 0xa3, 0x50, 0x30, + 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x62, 0xe6, 0xd9, 0xa0, + 0xee, 0x38, 0x18, 0x83, 0xfa, 0xe3, 0xed, 0x44, 0xa4, 0x37, 0xfd, 0x4a, 0x04, 0xdf, 0xe1, 0xd5, + 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x62, 0xe6, 0xd9, + 0xa0, 0xee, 0x38, 0x18, 0x83, 0xfa, 0xe3, 0xed, 0x44, 0xa4, 0x37, 0xfd, 0x4a, 0x04, 0xdf, 0xe1, + 0xd5, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, + 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, + 0x02, 0x21, 0x00, 0x99, 0x2f, 0x43, 0xeb, 0xdc, 0x4e, 0x53, 0xc7, 0xc1, 0xbd, 0xed, 0x95, 0xdc, + 0xae, 0xd3, 0x75, 0xfa, 0xc4, 0xf7, 0xa4, 0x61, 0x00, 0x57, 0xce, 0xf3, 0xe0, 0x23, 0xf6, 0xf0, + 0x41, 0x6f, 0xb5, 0x02, 0x21, 0x00, 0xf3, 0x97, 0x11, 0x06, 0x61, 0x10, 0xc7, 0x35, 0xe9, 0xf8, + 0x3b, 0x59, 0xec, 0xf5, 0x51, 0xa0, 0xa6, 0x64, 0x6e, 0xe1, 0x44, 0xc7, 0xe1, 0xa2, 0xce, 0x90, + 0x7f, 0xae, 0xad, 0xf4, 0xa9, 0xfa, +}; + +// +// PEM Key data for EC Private Key Retrieving. +// (Generated by OpenSSL utility). +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 EccTestPemKey[] = { + 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x45, 0x43, 0x20, 0x50, 0x41, + 0x52, 0x41, 0x4d, 0x45, 0x54, 0x45, 0x52, 0x53, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x42, 0x67, + 0x67, 0x71, 0x68, 0x6b, 0x6a, 0x4f, 0x50, 0x51, 0x4d, 0x42, 0x42, 0x77, 0x3d, 0x3d, 0x0a, 0x2d, + 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x45, 0x43, 0x20, 0x50, 0x41, 0x52, 0x41, 0x4d, + 0x45, 0x54, 0x45, 0x52, 0x53, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, + 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x45, 0x43, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, + 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x48, 0x63, 0x43, 0x41, 0x51, + 0x45, 0x45, 0x49, 0x4d, 0x4a, 0x54, 0x69, 0x75, 0x34, 0x56, 0x54, 0x54, 0x57, 0x68, 0x78, 0x4b, + 0x62, 0x51, 0x65, 0x78, 0x6e, 0x30, 0x43, 0x58, 0x41, 0x77, 0x33, 0x44, 0x57, 0x6b, 0x6f, 0x78, + 0x79, 0x77, 0x6b, 0x7a, 0x46, 0x50, 0x62, 0x32, 0x48, 0x68, 0x5a, 0x6e, 0x5a, 0x52, 0x6f, 0x41, + 0x6f, 0x47, 0x43, 0x43, 0x71, 0x47, 0x53, 0x4d, 0x34, 0x39, 0x0a, 0x41, 0x77, 0x45, 0x48, 0x6f, + 0x55, 0x51, 0x44, 0x51, 0x67, 0x41, 0x45, 0x45, 0x61, 0x51, 0x47, 0x5a, 0x62, 0x5a, 0x35, 0x62, + 0x6e, 0x4b, 0x32, 0x32, 0x41, 0x6d, 0x45, 0x6b, 0x6f, 0x59, 0x52, 0x43, 0x64, 0x37, 0x71, 0x30, + 0x41, 0x78, 0x67, 0x38, 0x59, 0x72, 0x2f, 0x66, 0x4e, 0x37, 0x4f, 0x37, 0x41, 0x65, 0x36, 0x70, + 0x62, 0x6a, 0x56, 0x46, 0x2b, 0x56, 0x69, 0x4d, 0x79, 0x32, 0x49, 0x0a, 0x73, 0x5a, 0x72, 0x6d, + 0x38, 0x77, 0x6c, 0x44, 0x44, 0x71, 0x6e, 0x33, 0x50, 0x4f, 0x6b, 0x67, 0x75, 0x72, 0x32, 0x78, + 0x50, 0x41, 0x4f, 0x4a, 0x48, 0x69, 0x72, 0x2f, 0x62, 0x67, 0x6a, 0x2f, 0x4c, 0x67, 0x3d, 0x3d, + 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x45, 0x43, 0x20, 0x50, 0x52, 0x49, + 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, +}; + +// +// Payload for PKCS#7 Signing & Verification Validation. +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 *EcPayload = "Payload Data for PKCS#7 EC Signing"; + +/** + Validate UEFI-OpenSSL EC Key Retrieving (from PEM & X509) & Signature Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptEc2 ( + VOID + ) +{ + BOOLEAN Status; + VOID *EcPrivKey; + VOID *EcPubKey; + UINT8 HashValue[SHA256_DIGEST_SIZE]; + UINTN HashSize; + UINT8 Signature[512]; // 0x48/72, 0x68/104, 0x8A/138 + UINTN SigSize; + + Print (L"\nUEFI-OpenSSL EC Key Retrieving Testing: "); + + // + // Retrieve EC private key from PEM data. + // + Print (L"\n- Retrieve EC Private Key for PEM ..."); + Status = EcGetPrivateKeyFromPem (EccTestPemKey, sizeof (EccTestPemKey), NULL, &EcPrivKey); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } else { + Print (L"[Pass]"); + } + + // + // Retrieve EC public key from X509 Certificate. + // + Print (L"\n- Retrieve EC Public Key from X509 ... "); + Status = EcGetPublicKeyFromX509 (EccTestRootCer, sizeof (EccTestRootCer), &EcPubKey); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } else { + Print (L"[Pass]"); + } + + // + // Verify EC-DSA + // + HashSize = sizeof (HashValue); + SigSize = sizeof (Signature); + Print (L"\n- EC-DSA Signing ... "); + Status = EcDsaSign (EcPrivKey, CRYPTO_NID_SHA256, HashValue, HashSize, Signature, &SigSize); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } else { + Print (L"[Pass]"); + } + + Print (L"\n- EC-DSA Verification ... "); + Status = EcDsaVerify (EcPubKey, CRYPTO_NID_SHA256, HashValue, HashSize, Signature, SigSize); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } else { + Print (L"[Pass]\n"); + } + + return EFI_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/Test/Cryptest/HashVerify.c b/DeviceSecurityTestPkg/Test/Cryptest/HashVerify.c new file mode 100644 index 00000000000..a14f587b3fb --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Cryptest/HashVerify.c @@ -0,0 +1,235 @@ +/** @file + Application for Hash Primitives Validation. + +Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "Cryptest.h" + +// +// Max Known Digest Size is SHA512 Output (64 bytes) by far +// +#define MAX_DIGEST_SIZE 64 + +// +// Message string for digest validation +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 *HashData = "abc"; + +// +// Result for SHA-256("abc"). (From "B.1 SHA-256 Example" of NIST FIPS 180-2) +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Sha256Digest[SHA256_DIGEST_SIZE] = { + 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, + 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad +}; + +// +// Result for SHA-384("abc"). (From "D.1 SHA-384 Example" of NIST FIPS 180-2) +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Sha384Digest[SHA384_DIGEST_SIZE] = { + 0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b, 0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07, + 0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63, 0x1a, 0x8b, 0x60, 0x5a, 0x43, 0xff, 0x5b, 0xed, + 0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23, 0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7 +}; + +// +// Result for SHA-512("abc"). (From "C.1 SHA-512 Example" of NIST FIPS 180-2) +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Sha512Digest[SHA512_DIGEST_SIZE] = { + 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31, + 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2, 0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a, + 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8, 0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd, + 0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e, 0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f +}; + +/** + Validate UEFI-OpenSSL Digest Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptDigest ( + VOID + ) +{ + UINTN CtxSize; + VOID *HashCtx; + UINTN DataSize; + UINT8 Digest[MAX_DIGEST_SIZE]; + BOOLEAN Status; + + Print (L" UEFI-OpenSSL Hash Engine Testing:\n"); + DataSize = AsciiStrLen (HashData); + + Print (L"- SHA256: "); + + // + // SHA256 Digest Validation + // + ZeroMem (Digest, MAX_DIGEST_SIZE); + CtxSize = Sha256GetContextSize (); + HashCtx = AllocatePool (CtxSize); + + Print (L"Init... "); + Status = Sha256Init (HashCtx); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Update... "); + Status = Sha256Update (HashCtx, HashData, DataSize); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Finalize... "); + Status = Sha256Final (HashCtx, Digest); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + FreePool (HashCtx); + + Print (L"Check Value... "); + if (CompareMem (Digest, Sha256Digest, SHA256_DIGEST_SIZE) != 0) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"HashAll... "); + ZeroMem (Digest, SHA256_DIGEST_SIZE); + Status = Sha256HashAll (HashData, DataSize, Digest); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + if (CompareMem (Digest, Sha256Digest, SHA256_DIGEST_SIZE) != 0) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"[Pass]\n"); + + Print (L"- SHA384: "); + + // + // SHA384 Digest Validation + // + ZeroMem (Digest, MAX_DIGEST_SIZE); + CtxSize = Sha384GetContextSize (); + HashCtx = AllocatePool (CtxSize); + + Print (L"Init... "); + Status = Sha384Init (HashCtx); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Update... "); + Status = Sha384Update (HashCtx, HashData, DataSize); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Finalize... "); + Status = Sha384Final (HashCtx, Digest); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + FreePool (HashCtx); + + Print (L"Check Value... "); + if (CompareMem (Digest, Sha384Digest, SHA384_DIGEST_SIZE) != 0) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"HashAll... "); + ZeroMem (Digest, SHA384_DIGEST_SIZE); + Status = Sha384HashAll (HashData, DataSize, Digest); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + if (CompareMem (Digest, Sha384Digest, SHA384_DIGEST_SIZE) != 0) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"[Pass]\n"); + + Print (L"- SHA512: "); + + // + // SHA512 Digest Validation + // + ZeroMem (Digest, MAX_DIGEST_SIZE); + CtxSize = Sha512GetContextSize (); + HashCtx = AllocatePool (CtxSize); + + Print (L"Init... "); + Status = Sha512Init (HashCtx); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Update... "); + Status = Sha512Update (HashCtx, HashData, DataSize); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Finalize... "); + Status = Sha512Final (HashCtx, Digest); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + FreePool (HashCtx); + + Print (L"Check Value... "); + if (CompareMem (Digest, Sha512Digest, SHA512_DIGEST_SIZE) != 0) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"HashAll... "); + ZeroMem (Digest, SHA512_DIGEST_SIZE); + Status = Sha512HashAll (HashData, DataSize, Digest); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + if (CompareMem (Digest, Sha512Digest, SHA512_DIGEST_SIZE) != 0) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"[Pass]\n"); + + return EFI_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/Test/Cryptest/HmacVerify.c b/DeviceSecurityTestPkg/Test/Cryptest/HmacVerify.c new file mode 100644 index 00000000000..a26dd4a4b79 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Cryptest/HmacVerify.c @@ -0,0 +1,100 @@ +/** @file + Application for HMAC Primitives Validation. + +Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "Cryptest.h" + +// +// Max Known Digest Size is SHA512 Output (64 bytes) by far +// +#define MAX_DIGEST_SIZE 64 + +// +// Data string for HMAC validation +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 *HmacData = "Hi There"; + +// +// Key value for HMAC-SHA-256 validation. (From "4. Test Vectors" of IETF RFC4231) +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha256Key[20] = { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b +}; + +// +// Result for HMAC-SHA-256 ("Hi There"). (From "4. Test Vectors" of IETF RFC4231) +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 HmacSha256Digest[] = { + 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b, + 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7 +}; + +/** + Validate UEFI-OpenSSL Message Authentication Codes Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptHmac ( + VOID + ) +{ + VOID *HmacCtx; + UINT8 Digest[MAX_DIGEST_SIZE]; + BOOLEAN Status; + + Print (L" \nUEFI-OpenSSL HMAC Engine Testing:\n"); + + Print (L"- HMAC-SHA256: "); + // + // HMAC-SHA-256 Digest Validation + // + ZeroMem (Digest, MAX_DIGEST_SIZE); + HmacCtx = HmacSha256New (); + + Print (L"Init... "); + Status = HmacSha256SetKey (HmacCtx, HmacSha256Key, sizeof (HmacSha256Key)); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Update... "); + Status = HmacSha256Update (HmacCtx, HmacData, 8); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Finalize... "); + Status = HmacSha256Final (HmacCtx, Digest); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + HmacSha256Free (HmacCtx); + + Print (L"Check Value... "); + if (CompareMem (Digest, HmacSha256Digest, SHA256_DIGEST_SIZE) != 0) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"[Pass]\n"); + + return EFI_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/Test/Cryptest/MacVerify.c b/DeviceSecurityTestPkg/Test/Cryptest/MacVerify.c new file mode 100644 index 00000000000..adb2318d8e7 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Cryptest/MacVerify.c @@ -0,0 +1,172 @@ +/** @file + Application for MAC Primitives Validation. + +Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "Cryptest.h" + +// +// Data string for CMAC validation +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 CmacData[] = { + 0x6b, 0xc1, 0xbe, 0xe2, + 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, + 0x73, 0x93, 0x17, 0x2a +}; + +// +// Key value for CMAC +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 CmacKey[16] = { + 0x2b, 0x7e, 0x15, 0x16, + 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, + 0x09, 0xcf, 0x4f, 0x3c +}; + +// +// Result for CMAC +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 CmacResult[16] = { + 0x07, 0x0a, 0x16, 0xb4, + 0x6b, 0x4d, 0x41, 0x44, + 0xf7, 0x9b, 0xdd, 0x9d, + 0xd0, 0x4a, 0x28, 0x7c +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 GmacKey[32] = { + 0xE3, 0xC0, 0x8A, 0x8F, 0x06, 0xC6, 0xE3, 0xAD, + 0x95, 0xA7, 0x05, 0x57, 0xB2, 0x3F, 0x75, 0x48, + 0x3C, 0xE3, 0x30, 0x21, 0xA9, 0xC7, 0x2B, 0x70, + 0x25, 0x66, 0x62, 0x04, 0xC6, 0x9C, 0x0B, 0x72 +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 GmacIv[12] = { + 0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81, 0xB2, 0xC2, 0x84, 0x65 +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 GmacData[] = { + 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63, 0x7A, 0x0D, + 0x46, 0xDF, 0x99, 0x8D, 0x88, 0xE5, 0x22, 0x2A, + 0xB2, 0xC2, 0x84, 0x65, 0x12, 0x15, 0x35, 0x24, + 0xC0, 0x89, 0x5E, 0x81, 0x08, 0x00, 0x0F, 0x10, + 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, + 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, + 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, + 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, + 0x31, 0x32, 0x33, 0x34, 0x00, 0x01 +}; + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 GmacResult[16] = { + 0x2F, 0x0B, 0xC5, 0xAF, 0x40, 0x9E, 0x06, 0xD6, + 0x09, 0xEA, 0x8B, 0x7D, 0x0F, 0xA5, 0xEA, 0x50 +}; + +/** + Validate UEFI-OpenSSL Message Authentication Codes Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptMac ( + VOID + ) +{ + VOID *CmacCtx; + VOID *GmacCtx; + UINT8 MacResult[16]; + BOOLEAN Status; + + Print (L" \nUEFI-OpenSSL CMAC Engine Testing:\n"); + + Print (L"- CMAC-AES: "); + + CmacCtx = CmacAesNew (); + + Print (L"Init... "); + Status = CmacAesInit (CmacCtx, CmacKey, sizeof (CmacKey)); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Update... "); + Status = CmacAesUpdate (CmacCtx, CmacData, sizeof (CmacData)); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Finalize... "); + Status = CmacAesFinal (CmacCtx, MacResult); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + CmacAesFree (CmacCtx); + + Print (L"Check Value... "); + if (CompareMem (MacResult, CmacResult, 16) != 0) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"[Pass]\n"); + + Print (L"- GMAC-AES: "); + + GmacCtx = GmacAesNew (); + + Print (L"Init... "); + Status = GmacAesInit (GmacCtx, GmacKey, sizeof (GmacKey)); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"SetIv... "); + Status = GmacAesSetIv (GmacCtx, GmacIv, sizeof (GmacIv)); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Update... "); + Status = GmacAesUpdate (GmacCtx, GmacData, sizeof (GmacData)); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"Finalize... "); + Status = GmacAesFinal (GmacCtx, MacResult); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + GmacAesFree (GmacCtx); + + Print (L"Check Value... "); + if (CompareMem (MacResult, GmacResult, 16) != 0) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Print (L"[Pass]\n"); + + return EFI_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/Test/Cryptest/Pkcs5Pbkdf2Verify.c b/DeviceSecurityTestPkg/Test/Cryptest/Pkcs5Pbkdf2Verify.c new file mode 100644 index 00000000000..a7fc1bbd644 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Cryptest/Pkcs5Pbkdf2Verify.c @@ -0,0 +1,95 @@ +/** @file + Application for PKCS#5 PBKDF2 Function Validation. + +Copyright (c) 2016, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "Cryptest.h" + +// +// PBKDF2 HMAC-SHA1 Test Vector from RFC6070 +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 *Password = "password"; // Input Password +GLOBAL_REMOVE_IF_UNREFERENCED UINTN PassLen = 8; // Length of Input Password +GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 *Salt = "salt"; // Input Salt +GLOBAL_REMOVE_IF_UNREFERENCED UINTN SaltLen = 4; // Length of Input Salt +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINTN Count = 2; // InterationCount +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINTN KeyLen = 20; // Length of derived key +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 DerivedKey[] = { + // Expected output key + 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c, 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0, + 0xd8, 0xde, 0x89, 0x57 +}; + +/** + Validate UEFI-OpenSSL PKCS#5 PBKDF2 Interface. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptPkcs5Pbkdf2 ( + VOID + ) +{ + BOOLEAN Status; + UINT8 *OutKey; + + Print (L"\nUEFI-OpenSSL PKCS#5 PBKDF2 Testing: "); + Print (L"\n- PKCS#5 PBKDF2 Verification: "); + + OutKey = AllocatePool (KeyLen); + if (OutKey == NULL) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + // + // Verify PKCS#5 PBKDF2 Key Derivation Function + // + Print (L"Deriving Key... "); + Status = Pkcs5HashPassword ( + PassLen, + Password, + SaltLen, + (CONST UINT8 *)Salt, + Count, + SHA1_DIGEST_SIZE, + KeyLen, + OutKey + ); + + if (!Status) { + Print (L"[Fail]"); + FreePool (OutKey); + return EFI_ABORTED; + } + + // + // Check the output key with the expected key result + // + Print (L"Check Derived Key... "); + if (CompareMem (OutKey, DerivedKey, KeyLen) != 0) { + Print (L"[Fail]"); + FreePool (OutKey); + return EFI_ABORTED; + } + + Print (L"[Pass]\n"); + + // + // Release Resources + // + FreePool (OutKey); + + return EFI_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/Test/Cryptest/RandVerify.c b/DeviceSecurityTestPkg/Test/Cryptest/RandVerify.c new file mode 100644 index 00000000000..7ad08c61ca0 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Cryptest/RandVerify.c @@ -0,0 +1,68 @@ +/** @file + Application for Pseudorandom Number Generator Validation. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "Cryptest.h" + +#define RANDOM_NUMBER_SIZE 256 + +CONST UINT8 SeedString[] = "This is the random seed for PRNG verification."; + +UINT8 PreviousRandomBuffer[RANDOM_NUMBER_SIZE] = { 0x0 }; + +UINT8 RandomBuffer[RANDOM_NUMBER_SIZE] = { 0x0 }; + +/** + Validate UEFI-OpenSSL pseudorandom number generator interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptPrng ( + VOID + ) +{ + UINTN Index; + BOOLEAN Status; + + Print (L" \nUEFI-OpenSSL PRNG Engine Testing:\n"); + + Print (L"- Random Generation..."); + + Status = RandomSeed (SeedString, sizeof (SeedString)); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + for (Index = 0; Index < 10; Index++) { + Status = RandomBytes (RandomBuffer, RANDOM_NUMBER_SIZE); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + if (CompareMem (PreviousRandomBuffer, RandomBuffer, RANDOM_NUMBER_SIZE) == 0) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + CopyMem (PreviousRandomBuffer, RandomBuffer, RANDOM_NUMBER_SIZE); + } + + Print (L"[Pass]\n"); + + return EFI_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/Test/Cryptest/RsaVerify.c b/DeviceSecurityTestPkg/Test/Cryptest/RsaVerify.c new file mode 100644 index 00000000000..0659b55bd97 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Cryptest/RsaVerify.c @@ -0,0 +1,432 @@ +/** @file + Application for RSA Primitives Validation. + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "Cryptest.h" + +#define RSA_MODULUS_LENGTH 512 + +// +// RSA2048 PKCS#1 Validation Data +// + +// +// Public Modulus of RSA2048 Key +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 RsaN[] = { + 0xDB, 0x10, 0x1A, 0xC2, 0xA3, 0xF1, 0xDC, 0xFF, 0x13, 0x6B, 0xED, 0x44, 0xDF, 0xF0, 0x02, 0x6D, + 0x13, 0xC7, 0x88, 0xDA, 0x70, 0x6B, 0x54, 0xF1, 0xE8, 0x27, 0xDC, 0xC3, 0x0F, 0x99, 0x6A, 0xFA, + 0xC6, 0x67, 0xFF, 0x1D, 0x1E, 0x3C, 0x1D, 0xC1, 0xB5, 0x5F, 0x6C, 0xC0, 0xB2, 0x07, 0x3A, 0x6D, + 0x41, 0xE4, 0x25, 0x99, 0xAC, 0xFC, 0xD2, 0x0F, 0x02, 0xD3, 0xD1, 0x54, 0x06, 0x1A, 0x51, 0x77, + 0xBD, 0xB6, 0xBF, 0xEA, 0xA7, 0x5C, 0x06, 0xA9, 0x5D, 0x69, 0x84, 0x45, 0xD7, 0xF5, 0x05, 0xBA, + 0x47, 0xF0, 0x1B, 0xD7, 0x2B, 0x24, 0xEC, 0xCB, 0x9B, 0x1B, 0x10, 0x8D, 0x81, 0xA0, 0xBE, 0xB1, + 0x8C, 0x33, 0xE4, 0x36, 0xB8, 0x43, 0xEB, 0x19, 0x2A, 0x81, 0x8D, 0xDE, 0x81, 0x0A, 0x99, 0x48, + 0xB6, 0xF6, 0xBC, 0xCD, 0x49, 0x34, 0x3A, 0x8F, 0x26, 0x94, 0xE3, 0x28, 0x82, 0x1A, 0x7C, 0x8F, + 0x59, 0x9F, 0x45, 0xE8, 0x5D, 0x1A, 0x45, 0x76, 0x04, 0x56, 0x05, 0xA1, 0xD0, 0x1B, 0x8C, 0x77, + 0x6D, 0xAF, 0x53, 0xFA, 0x71, 0xE2, 0x67, 0xE0, 0x9A, 0xFE, 0x03, 0xA9, 0x85, 0xD2, 0xC9, 0xAA, + 0xBA, 0x2A, 0xBC, 0xF4, 0xA0, 0x08, 0xF5, 0x13, 0x98, 0x13, 0x5D, 0xF0, 0xD9, 0x33, 0x34, 0x2A, + 0x61, 0xC3, 0x89, 0x55, 0xF0, 0xAE, 0x1A, 0x9C, 0x22, 0xEE, 0x19, 0x05, 0x8D, 0x32, 0xFE, 0xEC, + 0x9C, 0x84, 0xBA, 0xB7, 0xF9, 0x6C, 0x3A, 0x4F, 0x07, 0xFC, 0x45, 0xEB, 0x12, 0xE5, 0x7B, 0xFD, + 0x55, 0xE6, 0x29, 0x69, 0xD1, 0xC2, 0xE8, 0xB9, 0x78, 0x59, 0xF6, 0x79, 0x10, 0xC6, 0x4E, 0xEB, + 0x6A, 0x5E, 0xB9, 0x9A, 0xC7, 0xC4, 0x5B, 0x63, 0xDA, 0xA3, 0x3F, 0x5E, 0x92, 0x7A, 0x81, 0x5E, + 0xD6, 0xB0, 0xE2, 0x62, 0x8F, 0x74, 0x26, 0xC2, 0x0C, 0xD3, 0x9A, 0x17, 0x47, 0xE6, 0x8E, 0xAB +}; + +// +// Public Exponent of RSA2048 Key +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 RsaE[] = { 0x01, 0x00, 0x01 }; + +// +// Private Exponent of RSA2048 Key +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 RsaD[] = { + 0x52, 0x41, 0xF4, 0xDA, 0x7B, 0xB7, 0x59, 0x55, 0xCA, 0xD4, 0x2F, 0x0F, 0x3A, 0xCB, 0xA4, 0x0D, + 0x93, 0x6C, 0xCC, 0x9D, 0xC1, 0xB2, 0xFB, 0xFD, 0xAE, 0x40, 0x31, 0xAC, 0x69, 0x52, 0x21, 0x92, + 0xB3, 0x27, 0xDF, 0xEA, 0xEE, 0x2C, 0x82, 0xBB, 0xF7, 0x40, 0x32, 0xD5, 0x14, 0xC4, 0x94, 0x12, + 0xEC, 0xB8, 0x1F, 0xCA, 0x59, 0xE3, 0xC1, 0x78, 0xF3, 0x85, 0xD8, 0x47, 0xA5, 0xD7, 0x02, 0x1A, + 0x65, 0x79, 0x97, 0x0D, 0x24, 0xF4, 0xF0, 0x67, 0x6E, 0x75, 0x2D, 0xBF, 0x10, 0x3D, 0xA8, 0x7D, + 0xEF, 0x7F, 0x60, 0xE4, 0xE6, 0x05, 0x82, 0x89, 0x5D, 0xDF, 0xC6, 0xD2, 0x6C, 0x07, 0x91, 0x33, + 0x98, 0x42, 0xF0, 0x02, 0x00, 0x25, 0x38, 0xC5, 0x85, 0x69, 0x8A, 0x7D, 0x2F, 0x95, 0x6C, 0x43, + 0x9A, 0xB8, 0x81, 0xE2, 0xD0, 0x07, 0x35, 0xAA, 0x05, 0x41, 0xC9, 0x1E, 0xAF, 0xE4, 0x04, 0x3B, + 0x19, 0xB8, 0x73, 0xA2, 0xAC, 0x4B, 0x1E, 0x66, 0x48, 0xD8, 0x72, 0x1F, 0xAC, 0xF6, 0xCB, 0xBC, + 0x90, 0x09, 0xCA, 0xEC, 0x0C, 0xDC, 0xF9, 0x2C, 0xD7, 0xEB, 0xAE, 0xA3, 0xA4, 0x47, 0xD7, 0x33, + 0x2F, 0x8A, 0xCA, 0xBC, 0x5E, 0xF0, 0x77, 0xE4, 0x97, 0x98, 0x97, 0xC7, 0x10, 0x91, 0x7D, 0x2A, + 0xA6, 0xFF, 0x46, 0x83, 0x97, 0xDE, 0xE9, 0xE2, 0x17, 0x03, 0x06, 0x14, 0xE2, 0xD7, 0xB1, 0x1D, + 0x77, 0xAF, 0x51, 0x27, 0x5B, 0x5E, 0x69, 0xB8, 0x81, 0xE6, 0x11, 0xC5, 0x43, 0x23, 0x81, 0x04, + 0x62, 0xFF, 0xE9, 0x46, 0xB8, 0xD8, 0x44, 0xDB, 0xA5, 0xCC, 0x31, 0x54, 0x34, 0xCE, 0x3E, 0x82, + 0xD6, 0xBF, 0x7A, 0x0B, 0x64, 0x21, 0x6D, 0x88, 0x7E, 0x5B, 0x45, 0x12, 0x1E, 0x63, 0x8D, 0x49, + 0xA7, 0x1D, 0xD9, 0x1E, 0x06, 0xCD, 0xE8, 0xBA, 0x2C, 0x8C, 0x69, 0x32, 0xEA, 0xBE, 0x60, 0x71 +}; + +// +// signature input message +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 RsaSignData[] = "OpenSSL FIPS 140-2 Public Key RSA KAT"; + +// +// RSA2048 SHA-256 PAD_PKCS1 signature for the above message. +// This is not FIPS 140-2 KAT, because the padding way is different. +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 RsaPkcs1Signature[] = { + 0x6E, 0x5F, 0xB3, 0x06, 0x47, 0x20, 0xE7, 0x94, 0xCE, 0xC1, 0x82, 0xD1, 0xC4, 0x8A, 0x05, 0x8F, + 0xED, 0xE7, 0x81, 0x04, 0xE6, 0x1C, 0x42, 0xE1, 0x58, 0x14, 0x5E, 0xC1, 0xE2, 0x9F, 0xBB, 0x30, + 0x43, 0xF5, 0x00, 0x54, 0x73, 0x8F, 0xF7, 0xBF, 0xE5, 0x1C, 0x18, 0xF8, 0xFB, 0xF0, 0x44, 0x0A, + 0x9E, 0xC9, 0x94, 0xF7, 0x41, 0xEF, 0x5A, 0xA7, 0x66, 0x8B, 0xB3, 0x59, 0xD7, 0xAD, 0x07, 0x81, + 0x57, 0x67, 0x6E, 0x71, 0xD9, 0xDC, 0xD6, 0x06, 0x70, 0x19, 0x49, 0xB9, 0xF4, 0x1E, 0x1E, 0x77, + 0x7C, 0xB1, 0xE9, 0xA7, 0x8D, 0xE2, 0x99, 0x9A, 0x06, 0x5E, 0xB8, 0xB0, 0x6A, 0x00, 0x9B, 0x95, + 0x11, 0xF3, 0x80, 0x89, 0x56, 0xCE, 0xE0, 0x21, 0xF2, 0xB5, 0x7A, 0x22, 0x47, 0x0E, 0xD2, 0xB8, + 0x90, 0x0A, 0x3C, 0x0F, 0x00, 0xB5, 0x7D, 0xC1, 0xB0, 0x9D, 0x7A, 0x2D, 0x6D, 0x7D, 0x34, 0x8B, + 0xF5, 0xCB, 0xCF, 0x7A, 0xEB, 0x4A, 0xDD, 0x75, 0x1C, 0x34, 0x74, 0xE7, 0x4C, 0x2A, 0x51, 0xD6, + 0x8B, 0x48, 0xCA, 0x99, 0x9F, 0x73, 0x18, 0xB6, 0x19, 0x03, 0x8A, 0x22, 0xB9, 0x8F, 0x08, 0x6C, + 0xD6, 0x6B, 0x6F, 0xBE, 0x56, 0xD2, 0x50, 0x75, 0xA9, 0x1C, 0x66, 0x47, 0x4B, 0x4F, 0x75, 0xCD, + 0x02, 0x82, 0xC3, 0xF4, 0x29, 0xAF, 0x8F, 0x31, 0xD1, 0xBE, 0x4B, 0x93, 0x31, 0x04, 0x8A, 0xD0, + 0x09, 0xC7, 0x3C, 0x20, 0xD5, 0xCC, 0xDC, 0xF6, 0xEA, 0xA8, 0x16, 0x1A, 0x3C, 0x63, 0x3C, 0xEF, + 0x63, 0xD4, 0xC1, 0xC0, 0x23, 0xE9, 0x95, 0xCF, 0x96, 0xC3, 0x6B, 0xCA, 0x61, 0xDA, 0x8F, 0xC2, + 0x2A, 0xE4, 0xEF, 0x80, 0xF1, 0x9B, 0x31, 0xFE, 0xE6, 0x58, 0x3F, 0xA9, 0x49, 0x7B, 0xDC, 0xAE, + 0x1B, 0x6D, 0x68, 0x98, 0x55, 0x9D, 0x73, 0xF0, 0xCC, 0x23, 0xC0, 0x84, 0x46, 0x67, 0x35, 0x54 +}; + +// +// Default public key 0x10001 = 65537 +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 DefaultPublicKey[] = { + 0x01, 0x00, 0x01 +}; + +/** + Validate UEFI-OpenSSL RSA Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptRsa ( + VOID + ) +{ + VOID *Rsa; + UINT8 HashValue[SHA256_DIGEST_SIZE]; + UINTN HashSize; + UINTN CtxSize; + VOID *Sha1Ctx; + UINT8 *Signature; + UINTN SigSize; + BOOLEAN Status; + UINTN KeySize; + UINT8 *KeyBuffer; + + Print (L"\nUEFI-OpenSSL RSA Engine Testing: "); + + // + // Generate & Initialize RSA Context + // + Rsa = RsaNew (); + Print (L"\n- Generate RSA Context ... "); + if (Rsa == NULL) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + // + // Set/Get RSA Key Components + // + Print (L"Set/Get RSA Key Components ... "); + + // + // Set/Get RSA Key N + // + Status = RsaSetKey (Rsa, RsaKeyN, RsaN, sizeof (RsaN)); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + KeySize = 0; + Status = RsaGetKey (Rsa, RsaKeyN, NULL, &KeySize); + if (Status || (KeySize != sizeof (RsaN))) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + KeyBuffer = AllocatePool (KeySize); + Status = RsaGetKey (Rsa, RsaKeyN, KeyBuffer, &KeySize); + if (!Status || (KeySize != sizeof (RsaN))) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + if (CompareMem (KeyBuffer, RsaN, KeySize) != 0) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + FreePool (KeyBuffer); + + // + // Set/Get RSA Key E + // + Status = RsaSetKey (Rsa, RsaKeyE, RsaE, sizeof (RsaE)); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + KeySize = 0; + Status = RsaGetKey (Rsa, RsaKeyE, NULL, &KeySize); + if (Status || (KeySize != sizeof (RsaE))) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + KeyBuffer = AllocatePool (KeySize); + Status = RsaGetKey (Rsa, RsaKeyE, KeyBuffer, &KeySize); + if (!Status || (KeySize != sizeof (RsaE))) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + if (CompareMem (KeyBuffer, RsaE, KeySize) != 0) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + FreePool (KeyBuffer); + + // + // Clear/Get RSA Key Components + // + Print (L"Clear/Get RSA Key Components ... "); + + // + // Clear/Get RSA Key N + // + Status = RsaSetKey (Rsa, RsaKeyN, NULL, 0); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + KeySize = 1; + Status = RsaGetKey (Rsa, RsaKeyN, NULL, &KeySize); + if (!Status || (KeySize != 0)) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + // + // Clear/Get RSA Key E + // + Status = RsaSetKey (Rsa, RsaKeyE, NULL, 0); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + KeySize = 1; + Status = RsaGetKey (Rsa, RsaKeyE, NULL, &KeySize); + if (!Status || (KeySize != 0)) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + // + // Generate RSA Key Components + // + Print (L"Generate RSA Key Components ... "); + + Status = RsaGenerateKey (Rsa, RSA_MODULUS_LENGTH, NULL, 0); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + KeySize = RSA_MODULUS_LENGTH / 8; + KeyBuffer = AllocatePool (KeySize); + Status = RsaGetKey (Rsa, RsaKeyE, KeyBuffer, &KeySize); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + if ((KeySize != 3) || + (CompareMem (KeyBuffer, DefaultPublicKey, 3) != 0)) + { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + KeySize = RSA_MODULUS_LENGTH / 8; + Status = RsaGetKey (Rsa, RsaKeyN, KeyBuffer, &KeySize); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + if (KeySize != RSA_MODULUS_LENGTH / 8) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + if (!RsaCheckKey (Rsa)) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + // + // Check invalid RSA key components + // + Print (L"Check Invalid RSA Key Components ... "); + + Status = RsaSetKey (Rsa, RsaKeyN, RsaN, sizeof (RsaN)); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + if (RsaCheckKey (Rsa)) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Status = RsaSetKey (Rsa, RsaKeyN, KeyBuffer, KeySize); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + if (!RsaCheckKey (Rsa)) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Status = RsaSetKey (Rsa, RsaKeyE, RsaE, sizeof (RsaE)); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + if (!RsaCheckKey (Rsa)) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + FreePool (KeyBuffer); + + // + // SHA-1 Digest Message for PKCS#1 Signature + // + Print (L"Hash Original Message ... "); + HashSize = SHA256_DIGEST_SIZE; + ZeroMem (HashValue, HashSize); + CtxSize = Sha256GetContextSize (); + Sha1Ctx = AllocatePool (CtxSize); + + Status = Sha256Init (Sha1Ctx); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Status = Sha256Update (Sha1Ctx, RsaSignData, AsciiStrLen (RsaSignData)); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Status = Sha256Final (Sha1Ctx, HashValue); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + FreePool (Sha1Ctx); + + // + // Sign RSA PKCS#1-encoded Signature + // + Print (L"PKCS#1 Signature ... "); + + RsaFree (Rsa); + + Rsa = RsaNew (); + if (Rsa == NULL) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Status = RsaSetKey (Rsa, RsaKeyN, RsaN, sizeof (RsaN)); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Status = RsaSetKey (Rsa, RsaKeyE, RsaE, sizeof (RsaE)); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Status = RsaSetKey (Rsa, RsaKeyD, RsaD, sizeof (RsaD)); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + SigSize = 0; + Status = RsaPkcs1Sign (Rsa, HashValue, HashSize, NULL, &SigSize); + if (Status || (SigSize == 0)) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Signature = AllocatePool (SigSize); + Status = RsaPkcs1Sign (Rsa, HashValue, HashSize, Signature, &SigSize); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + if (SigSize != sizeof (RsaPkcs1Signature)) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + if (CompareMem (Signature, RsaPkcs1Signature, SigSize) != 0) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + // + // Verify RSA PKCS#1-encoded Signature + // + + Print (L"PKCS#1 Signature Verification ... "); + + Status = RsaPkcs1Verify (Rsa, HashValue, HashSize, Signature, SigSize); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + // + // Release Resources + // + RsaFree (Rsa); + Print (L"Release RSA Context ... [Pass]"); + + Print (L"\n"); + + return EFI_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/Test/Cryptest/RsaVerify2.c b/DeviceSecurityTestPkg/Test/Cryptest/RsaVerify2.c new file mode 100644 index 00000000000..b2741b09cc6 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Cryptest/RsaVerify2.c @@ -0,0 +1,589 @@ +/** @file + Application for RSA Key Retrieving (from PEM and X509) & Signature Validation. + +Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "Cryptest.h" + +// +// X509 Cert Data for RSA Public Key Retrieving and X509 Verification (Generated by OpenSSL utility). +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 TestCert[] = { + 0x30, 0x82, 0x04, 0x96, 0x30, 0x82, 0x02, 0x7E, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, + 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, + 0x17, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0C, 0x69, 0x6E, 0x74, 0x65, + 0x6C, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x41, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x38, + 0x32, 0x34, 0x30, 0x36, 0x31, 0x38, 0x32, 0x33, 0x5A, 0x17, 0x0D, 0x33, 0x30, 0x30, 0x38, 0x32, + 0x32, 0x30, 0x36, 0x31, 0x38, 0x32, 0x33, 0x5A, 0x30, 0x26, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0C, 0x1B, 0x69, 0x6E, 0x74, 0x65, 0x6C, 0x20, 0x52, 0x53, 0x41, 0x20, 0x69, + 0x6E, 0x74, 0x65, 0x72, 0x6D, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x63, 0x65, 0x72, 0x74, + 0x30, 0x82, 0x01, 0xA2, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x8F, 0x00, 0x30, 0x82, 0x01, 0x8A, 0x02, 0x82, 0x01, 0x81, + 0x00, 0xC9, 0x7D, 0x37, 0xF1, 0x14, 0xF6, 0xEE, 0x44, 0xE7, 0xD2, 0x5B, 0xAC, 0xA8, 0xAB, 0xF9, + 0x15, 0xEE, 0x64, 0x72, 0x43, 0x6C, 0x31, 0xF1, 0x5D, 0xBD, 0xC8, 0x84, 0xF7, 0x38, 0x5D, 0x46, + 0xE0, 0xDA, 0x86, 0xA7, 0x70, 0x48, 0x70, 0x56, 0x85, 0xD2, 0xC7, 0xD6, 0xDF, 0x21, 0x90, 0xD0, + 0x4A, 0xD5, 0xC5, 0x5C, 0x5B, 0x53, 0x49, 0x71, 0x82, 0x04, 0x35, 0x5F, 0x2C, 0xDB, 0xAB, 0x35, + 0xBC, 0x62, 0x7C, 0x33, 0xD1, 0x99, 0xBC, 0x40, 0xAF, 0x11, 0xDB, 0xDA, 0x55, 0xB0, 0x7B, 0x02, + 0x14, 0x40, 0x8E, 0x55, 0x89, 0x96, 0xAF, 0x04, 0x75, 0x5E, 0xBC, 0x75, 0x2A, 0xFC, 0x2C, 0xCE, + 0x6B, 0x69, 0x49, 0x2B, 0xF3, 0xC5, 0x71, 0x44, 0xD1, 0x12, 0x54, 0xA7, 0xCD, 0x8C, 0x26, 0x84, + 0x4E, 0x64, 0x72, 0xE1, 0x17, 0x74, 0x4D, 0x58, 0x9F, 0x93, 0x52, 0x47, 0x87, 0xE0, 0x4C, 0xAD, + 0x3C, 0xAD, 0x62, 0xCB, 0x71, 0x05, 0x92, 0x68, 0xFD, 0x64, 0x43, 0xD4, 0xB0, 0x86, 0x30, 0xC0, + 0xB4, 0xD0, 0x42, 0x96, 0x1E, 0x80, 0x05, 0x5B, 0xE3, 0x2C, 0xB6, 0xA1, 0xD2, 0xDF, 0x76, 0x7C, + 0xAA, 0xFA, 0xC3, 0xDC, 0x43, 0x1A, 0x57, 0xC8, 0x6D, 0x5D, 0xB9, 0xDF, 0x0E, 0x67, 0xD3, 0x58, + 0x6B, 0x02, 0x8D, 0x84, 0xCD, 0x31, 0xBD, 0xAD, 0x9D, 0x00, 0x45, 0x81, 0x44, 0xDA, 0xCF, 0x8E, + 0xFD, 0xE2, 0x09, 0xA2, 0x68, 0x5A, 0x97, 0x37, 0x61, 0x05, 0x28, 0x93, 0x77, 0xD5, 0xAB, 0x08, + 0x70, 0x09, 0x68, 0x6E, 0x94, 0x4E, 0x31, 0x5E, 0x56, 0xF3, 0x0F, 0x29, 0x8C, 0x32, 0x3E, 0x43, + 0xA1, 0xB1, 0x98, 0x6B, 0x89, 0xDB, 0xFF, 0xC8, 0x51, 0x26, 0xAD, 0xCB, 0xA5, 0xFC, 0xF4, 0xE8, + 0x5F, 0xA1, 0xCD, 0x2A, 0x3F, 0xDC, 0x64, 0x95, 0x82, 0x27, 0x6A, 0x8B, 0x3F, 0x0A, 0x4A, 0xEF, + 0x26, 0xF7, 0x0D, 0x42, 0xA2, 0x1A, 0xEE, 0xAD, 0x7C, 0xB0, 0xC3, 0x51, 0x61, 0x73, 0x69, 0xFA, + 0x70, 0xED, 0xD3, 0x04, 0x91, 0xDE, 0x3E, 0x07, 0xCF, 0xC9, 0x38, 0xBD, 0xF3, 0xE6, 0x66, 0x73, + 0x91, 0x22, 0x91, 0x73, 0x84, 0xFE, 0xF2, 0x29, 0xBA, 0xE5, 0x78, 0x5D, 0xD7, 0x40, 0x47, 0x78, + 0x4F, 0x73, 0xB9, 0xE0, 0xB5, 0x8A, 0x64, 0x5B, 0xA0, 0xD6, 0x32, 0x54, 0x25, 0xF5, 0x5A, 0x86, + 0xEE, 0xBA, 0x0C, 0x29, 0xA9, 0x2A, 0xAB, 0x05, 0x51, 0x79, 0x31, 0xEF, 0x67, 0x43, 0x21, 0xD8, + 0x51, 0x22, 0x60, 0x6B, 0xDD, 0x26, 0x6E, 0xEA, 0x6E, 0x5A, 0x0F, 0x0F, 0x9F, 0x97, 0x90, 0x8D, + 0xB6, 0xFE, 0xDB, 0xA6, 0xFE, 0xE4, 0xCD, 0xE7, 0x6E, 0x8E, 0x12, 0x94, 0xB9, 0x36, 0x91, 0xFA, + 0xD2, 0x79, 0x09, 0x5D, 0x07, 0xB2, 0x85, 0x23, 0x32, 0xF7, 0x68, 0x98, 0xFB, 0x9D, 0xFF, 0x01, + 0xA9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x5E, 0x30, 0x5C, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, + 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x04, + 0x04, 0x03, 0x02, 0x01, 0xFE, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, + 0x3E, 0x12, 0xBF, 0xAC, 0x0E, 0x27, 0xD4, 0x07, 0x83, 0x81, 0xB6, 0x42, 0xD9, 0xC0, 0xE5, 0xF1, + 0x32, 0xF7, 0xA3, 0x2B, 0x30, 0x20, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x01, 0x01, 0xFF, 0x04, 0x16, + 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x93, 0x02, 0xC1, 0xB8, 0x5E, 0xA0, + 0xDA, 0x59, 0xB6, 0x3A, 0x36, 0x21, 0x94, 0xA0, 0xAA, 0x82, 0x00, 0x74, 0x5E, 0xEB, 0x8F, 0x3C, + 0x2E, 0xD5, 0x4E, 0xB8, 0x3E, 0xA5, 0xD6, 0x2B, 0x1F, 0x90, 0x77, 0xE8, 0x8B, 0xA4, 0xB0, 0xE2, + 0x9F, 0x8A, 0x47, 0x62, 0xEE, 0x7D, 0xC1, 0x50, 0x97, 0xC1, 0xB8, 0x78, 0x64, 0xB6, 0x81, 0xA0, + 0x6C, 0x0C, 0x67, 0x6C, 0x39, 0xD6, 0x41, 0x1F, 0x44, 0xAD, 0xF5, 0xEA, 0x59, 0x65, 0x51, 0x4D, + 0x60, 0x46, 0xE1, 0x8E, 0xA5, 0x14, 0x44, 0x53, 0x1E, 0x6F, 0x7D, 0x96, 0x9C, 0x41, 0x4B, 0x2B, + 0x3F, 0x7B, 0xB3, 0xCE, 0xAC, 0x89, 0x66, 0x90, 0xD3, 0xCF, 0xED, 0x73, 0xE4, 0x82, 0x33, 0xFE, + 0x3A, 0xB4, 0x86, 0x51, 0x59, 0x00, 0x76, 0x37, 0x2A, 0x75, 0xE3, 0xA4, 0x7E, 0xF8, 0xFE, 0x8D, + 0x73, 0x02, 0x66, 0x23, 0x51, 0x29, 0x75, 0xCA, 0xB3, 0x5C, 0xDF, 0xD2, 0x18, 0x70, 0x34, 0x94, + 0x3C, 0xB1, 0x18, 0xA9, 0x82, 0x92, 0x5C, 0xB0, 0x48, 0x11, 0x57, 0xB0, 0xD9, 0x18, 0x5A, 0x6A, + 0x9F, 0x4E, 0x8C, 0x74, 0xD7, 0x67, 0x91, 0xEF, 0x93, 0x81, 0xB1, 0xD2, 0x26, 0x66, 0xC3, 0x66, + 0xFA, 0x4E, 0xDA, 0xD9, 0x46, 0x10, 0xC9, 0xCC, 0xFE, 0xD6, 0xEF, 0x88, 0x60, 0x0B, 0xFC, 0x42, + 0xC9, 0x60, 0xFD, 0x33, 0xB5, 0xFB, 0xEB, 0x74, 0x1E, 0x5D, 0xA6, 0x0F, 0x28, 0xC3, 0xB2, 0xBC, + 0x8E, 0xB5, 0x47, 0xC2, 0x18, 0xFA, 0x31, 0xE4, 0x7E, 0xB0, 0x28, 0x8E, 0x6F, 0x90, 0xCC, 0x20, + 0xE0, 0x3D, 0xC8, 0xC9, 0x9D, 0x5F, 0x12, 0x3C, 0x4E, 0x2B, 0x28, 0xD8, 0x4F, 0x3E, 0xC4, 0xAD, + 0xD6, 0xD1, 0xF0, 0x30, 0xA6, 0xF1, 0x10, 0x4E, 0xF1, 0x23, 0x7B, 0xB5, 0xA1, 0xE0, 0x25, 0xA4, + 0x32, 0x49, 0x30, 0x2B, 0x04, 0xB2, 0x1D, 0x31, 0x9C, 0x67, 0x09, 0xBF, 0xBB, 0xB0, 0x6E, 0xC5, + 0x7E, 0xD0, 0xB2, 0xB1, 0x45, 0xEB, 0xAB, 0x95, 0x05, 0xE8, 0x33, 0x5E, 0x66, 0xBA, 0x93, 0x81, + 0x06, 0xED, 0x91, 0x36, 0x5B, 0x20, 0x49, 0x63, 0xDB, 0x6C, 0xDA, 0xED, 0x9B, 0x9D, 0xAF, 0x07, + 0xD2, 0x6E, 0xAD, 0x11, 0xB0, 0x8F, 0x05, 0xBA, 0x40, 0xD8, 0x58, 0x01, 0x98, 0x02, 0x91, 0x28, + 0x35, 0x2A, 0x7D, 0x9D, 0xEE, 0xEE, 0x34, 0xB4, 0xF6, 0xCB, 0x7B, 0xDC, 0x5D, 0x34, 0x61, 0x83, + 0xA7, 0xC4, 0x54, 0xAE, 0x25, 0x6D, 0x92, 0x8D, 0xED, 0xE1, 0xA9, 0xC7, 0x53, 0x0F, 0xAA, 0x50, + 0x62, 0x9F, 0x1A, 0xE4, 0x0A, 0x0E, 0x06, 0x5C, 0xC9, 0x97, 0xEB, 0x09, 0xDB, 0x22, 0xEC, 0x65, + 0x79, 0x72, 0xBF, 0xCA, 0x70, 0xB5, 0x4F, 0x32, 0x9D, 0xCA, 0x91, 0x0E, 0xA8, 0xE3, 0x1B, 0x80, + 0x29, 0x50, 0x91, 0x74, 0x66, 0x58, 0xEC, 0x85, 0xAC, 0xB3, 0x56, 0xA1, 0x1A, 0x6E, 0xA0, 0xA6, + 0xDC, 0xC1, 0xC7, 0xC1, 0x95, 0xEB, 0x44, 0x30, 0x72, 0x70, 0xC0, 0x76, 0xA0, 0x0F, 0xBD, 0xCB, + 0xD7, 0x75, 0xC7, 0xEB, 0x6A, 0xD8, 0x57, 0x49, 0x3D, 0xF4, 0x61, 0xCB, 0xC1, 0x2B, 0xE1, 0xF2, + 0x3E, 0x5F, 0xA2, 0x13, 0xA5, 0x2C, 0x55, 0x96, 0x88, 0xF5, 0xE8, 0xD0, 0x46, 0xB6, 0x36, 0xD7, + 0x77, 0x22, 0xF6, 0x39, 0xF5, 0xE2, 0x48, 0x9A, 0x72, 0x4A, 0x4D, 0xC5, 0x39, 0x5B, 0x92, 0xB6, + 0x46, 0x33, 0xAF, 0x95, 0x4E, 0x89, 0x73, 0xB3, 0x73, 0xEF, 0xC6, 0xEC, 0xFC, 0x55, 0xDD, 0x59, + 0x2A, 0x7C, 0xE2, 0x59, 0x1A, 0xA5, 0x5A, 0xA7, 0xC9, 0xF2, 0x63, 0x2F, 0x7C, 0x05, 0x05, 0x0D, + 0x1A, 0xDD, 0x95, 0xCB, 0xCB, 0xCB, 0x77, 0x82, 0x6E, 0x35, 0x69, 0x98, 0x33, 0xD4, 0x96, 0x58, + 0x7D, 0xFF, 0xB0, 0x58, 0x1C, 0xCC, 0x8D, 0x85, 0x20, 0x3E +}; + +// +// Test CA X509 Certificate for X509 Verification Routine (Generated by OpenSSL utility). +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 TestCACert[] = { + 0x30, 0x82, 0x05, 0x0F, 0x30, 0x82, 0x02, 0xF7, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x37, + 0xBB, 0xBC, 0x04, 0xE1, 0xAA, 0x4A, 0xB6, 0xB4, 0x70, 0xAE, 0x36, 0x79, 0x8E, 0xE5, 0xC0, 0x72, + 0x5B, 0x54, 0x7B, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, + 0x05, 0x00, 0x30, 0x17, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0C, 0x69, + 0x6E, 0x74, 0x65, 0x6C, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x41, 0x30, 0x1E, 0x17, 0x0D, 0x32, + 0x30, 0x30, 0x38, 0x32, 0x34, 0x30, 0x36, 0x31, 0x38, 0x32, 0x31, 0x5A, 0x17, 0x0D, 0x33, 0x30, + 0x30, 0x38, 0x32, 0x32, 0x30, 0x36, 0x31, 0x38, 0x32, 0x31, 0x5A, 0x30, 0x17, 0x31, 0x15, 0x30, + 0x13, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0C, 0x69, 0x6E, 0x74, 0x65, 0x6C, 0x20, 0x52, 0x53, + 0x41, 0x20, 0x43, 0x41, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0F, 0x00, 0x30, 0x82, 0x02, 0x0A, + 0x02, 0x82, 0x02, 0x01, 0x00, 0xA3, 0x1B, 0xD9, 0xBD, 0xFB, 0xAA, 0x37, 0x97, 0xC7, 0xCD, 0xC4, + 0xA2, 0x90, 0x03, 0xDD, 0xEB, 0xB1, 0x57, 0x42, 0xD4, 0x6D, 0x38, 0xDD, 0xDA, 0x50, 0x25, 0xD1, + 0x19, 0xE4, 0xCB, 0xEE, 0xAB, 0x0C, 0x1D, 0xF0, 0x6E, 0x12, 0x68, 0x44, 0x93, 0x26, 0x83, 0x08, + 0x55, 0x39, 0xE0, 0x01, 0xB0, 0xB6, 0xCA, 0x1D, 0x05, 0xE0, 0x32, 0x27, 0xD6, 0x2D, 0x89, 0x14, + 0x6F, 0x45, 0x29, 0x99, 0xA5, 0xF1, 0xC2, 0x75, 0xC4, 0x8E, 0x9F, 0x09, 0x0B, 0x84, 0xD3, 0x39, + 0x48, 0x36, 0x18, 0xF8, 0xC2, 0x93, 0x21, 0x43, 0xCB, 0x5D, 0x4D, 0xD2, 0xC0, 0x2E, 0x53, 0x76, + 0x4C, 0x10, 0xD8, 0x52, 0xB1, 0xE6, 0x41, 0xF0, 0xCB, 0xEE, 0xDC, 0xB7, 0xA9, 0x25, 0x10, 0xCD, + 0x8B, 0x53, 0xCF, 0x65, 0x9A, 0xA2, 0x08, 0x63, 0x89, 0x92, 0x27, 0x3A, 0x6C, 0x9F, 0x35, 0x62, + 0xEC, 0xA8, 0xBD, 0xFB, 0x13, 0x08, 0x53, 0x1E, 0xE1, 0xE4, 0x0E, 0x57, 0xBB, 0xD1, 0xD3, 0x0F, + 0x5B, 0x0A, 0x3E, 0xDE, 0x80, 0xB0, 0x9A, 0xF8, 0x77, 0x1D, 0x41, 0xBF, 0xE4, 0x48, 0x01, 0xFA, + 0x0E, 0xA9, 0xAB, 0xDB, 0x3A, 0x91, 0x3B, 0x52, 0xA4, 0xA9, 0x6C, 0xDA, 0x3B, 0xF4, 0x78, 0xDC, + 0x10, 0xA7, 0xB3, 0x72, 0x49, 0x11, 0xA8, 0xD6, 0x4C, 0x9E, 0x91, 0xC6, 0x9D, 0x86, 0xEE, 0xEF, + 0x04, 0x7F, 0xD8, 0x89, 0x18, 0xF4, 0xD7, 0x37, 0x24, 0x78, 0xDF, 0x99, 0x1E, 0x86, 0xCD, 0x97, + 0xEF, 0xE9, 0xE5, 0x23, 0xB4, 0xEF, 0x25, 0x57, 0x8E, 0x7C, 0x53, 0x65, 0xE2, 0xFC, 0xA5, 0xB6, + 0xCD, 0xE8, 0x5B, 0x5E, 0x4A, 0x47, 0xF2, 0x8D, 0xE6, 0x11, 0x52, 0x4B, 0x52, 0x21, 0x48, 0xDB, + 0x9A, 0x2D, 0x87, 0x9C, 0x1B, 0x5A, 0xEC, 0x5C, 0xED, 0x16, 0x93, 0xB7, 0x40, 0x98, 0x04, 0xC8, + 0x07, 0x7F, 0xF9, 0x79, 0xB2, 0x05, 0xC9, 0x79, 0xE5, 0x49, 0xA9, 0xDF, 0xBA, 0xD0, 0xAC, 0xEA, + 0xA7, 0xB2, 0x27, 0x6B, 0x58, 0xE7, 0xCE, 0x14, 0x03, 0x84, 0xFA, 0x63, 0xE6, 0x11, 0x56, 0xCD, + 0xDB, 0x99, 0x55, 0x98, 0xA7, 0xF1, 0xCC, 0x1F, 0xE9, 0xF5, 0xAA, 0x63, 0x0F, 0x48, 0x0C, 0xFC, + 0xFC, 0x4D, 0xB7, 0x4E, 0x37, 0x5E, 0x29, 0x1D, 0xD7, 0xEF, 0x07, 0x1D, 0x80, 0x81, 0xC1, 0xA4, + 0x25, 0x5D, 0x47, 0xBF, 0xAD, 0xA9, 0x10, 0xC8, 0x1C, 0x67, 0x3E, 0x7A, 0x07, 0x43, 0xC0, 0x79, + 0x94, 0xC3, 0x29, 0xD8, 0xEF, 0xBD, 0xB4, 0x69, 0xC6, 0xD0, 0x7F, 0x94, 0x7C, 0x6E, 0xD0, 0xBA, + 0x2E, 0xBA, 0x65, 0xA4, 0xA3, 0x14, 0x11, 0x86, 0xBE, 0xB3, 0xB7, 0xC9, 0x3F, 0x8B, 0xBB, 0xB5, + 0x36, 0x18, 0x51, 0x71, 0xAE, 0x48, 0xB0, 0xE4, 0x8E, 0x5C, 0x76, 0xF5, 0xD1, 0x2B, 0x40, 0x0C, + 0x68, 0x7B, 0x10, 0xB8, 0xD2, 0x3D, 0x20, 0x7D, 0x61, 0xCB, 0x7A, 0x3A, 0x28, 0xF4, 0xAF, 0x99, + 0x8D, 0x99, 0xF8, 0xF0, 0x4E, 0xBF, 0x03, 0x41, 0x23, 0xDE, 0xF2, 0xF2, 0xA5, 0x80, 0x4A, 0x1A, + 0x54, 0x4A, 0xF3, 0xFB, 0x2C, 0x92, 0x4C, 0x2E, 0xA8, 0x3D, 0x40, 0x85, 0x34, 0xDF, 0x26, 0xCE, + 0xF5, 0xAA, 0xFB, 0x7A, 0x9C, 0xA7, 0xF0, 0xAB, 0x7D, 0x5F, 0x08, 0x4A, 0x6F, 0x98, 0x0C, 0xBA, + 0xC3, 0xEE, 0xA0, 0x3B, 0x1F, 0x28, 0xC4, 0x12, 0x44, 0xB4, 0xF1, 0xAB, 0xCA, 0xB3, 0xBD, 0x5B, + 0x4B, 0x75, 0x22, 0x39, 0x34, 0xAE, 0x9D, 0x2F, 0x54, 0xEA, 0x00, 0xCD, 0xAE, 0xFF, 0x26, 0xC5, + 0xCF, 0x5F, 0x3D, 0xCB, 0xD2, 0x9B, 0x09, 0x4B, 0x49, 0x1B, 0x29, 0x68, 0xE4, 0xFE, 0x99, 0x7B, + 0x8B, 0xF1, 0xB8, 0xBC, 0x78, 0x1B, 0x17, 0x07, 0x20, 0xA8, 0x16, 0x50, 0x41, 0xE6, 0xAA, 0x3A, + 0xEC, 0x63, 0x4C, 0x64, 0x15, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x53, 0x30, 0x51, 0x30, 0x1D, + 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x9B, 0x58, 0x2B, 0x4E, 0x21, 0x11, 0x31, + 0x25, 0xD3, 0x62, 0x53, 0xF7, 0x4F, 0xC1, 0xD6, 0x47, 0x2A, 0x2D, 0xD5, 0x1B, 0x30, 0x1F, 0x06, + 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9B, 0x58, 0x2B, 0x4E, 0x21, 0x11, + 0x31, 0x25, 0xD3, 0x62, 0x53, 0xF7, 0x4F, 0xC1, 0xD6, 0x47, 0x2A, 0x2D, 0xD5, 0x1B, 0x30, 0x0F, + 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, + 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, + 0x02, 0x01, 0x00, 0x94, 0x09, 0xA4, 0x20, 0x37, 0x3F, 0x17, 0xAF, 0xB8, 0x02, 0xB8, 0x70, 0x9C, + 0xBA, 0x8D, 0xC2, 0x0C, 0xD6, 0x02, 0xE3, 0xB4, 0xF8, 0xBF, 0x7D, 0xE4, 0x0A, 0xDD, 0x10, 0x39, + 0x0A, 0x3A, 0x22, 0xF4, 0x8B, 0x3A, 0xE2, 0x77, 0xC0, 0xAC, 0xEB, 0xB7, 0xB4, 0xD3, 0x00, 0x5C, + 0x2A, 0xC4, 0xE7, 0x41, 0xEE, 0x4E, 0xE7, 0x79, 0xC9, 0xD3, 0xC2, 0x58, 0x6E, 0xF4, 0xFC, 0xBF, + 0xE6, 0x41, 0xCF, 0xBB, 0xD5, 0xCE, 0x73, 0x43, 0x64, 0x00, 0xDA, 0x2F, 0xB4, 0x90, 0x1D, 0xBA, + 0xD3, 0x4B, 0xA4, 0x36, 0x7D, 0x69, 0x0A, 0xCC, 0xE1, 0xEC, 0xE1, 0x18, 0x54, 0x34, 0xC8, 0x7E, + 0xF9, 0xDB, 0x43, 0xC3, 0xBB, 0x0E, 0x37, 0xC6, 0x61, 0xD1, 0x4B, 0xF8, 0x71, 0x93, 0x57, 0x4B, + 0x58, 0x8D, 0x49, 0x44, 0xB1, 0x6E, 0x11, 0x9C, 0xE1, 0xF9, 0xB9, 0x44, 0xA2, 0xB5, 0xB6, 0x73, + 0x1D, 0xB1, 0x99, 0xBD, 0x5A, 0x88, 0xC6, 0x51, 0xB5, 0x4B, 0xFF, 0xB7, 0x02, 0xBA, 0x97, 0xA3, + 0xB9, 0x1B, 0x9B, 0x36, 0x40, 0xC0, 0x94, 0x77, 0x8C, 0xBD, 0xA6, 0x68, 0x6E, 0x21, 0x18, 0x84, + 0xFE, 0xEA, 0xAA, 0x75, 0x4D, 0x14, 0x41, 0xAD, 0x43, 0x49, 0xAC, 0x91, 0x74, 0xA1, 0xF7, 0xE6, + 0x7B, 0x7E, 0x59, 0xA9, 0xA2, 0xFB, 0xBC, 0x76, 0xA8, 0xDC, 0x22, 0xB8, 0x86, 0x87, 0x18, 0xB5, + 0xC6, 0x3D, 0x00, 0x11, 0x7E, 0x17, 0x10, 0x56, 0xAF, 0x11, 0x00, 0x78, 0xE0, 0x84, 0x64, 0xE6, + 0x5E, 0xE2, 0x47, 0x79, 0xA5, 0xC7, 0xEF, 0xEA, 0xD4, 0x9D, 0x4C, 0xBE, 0x90, 0x9B, 0x20, 0x0D, + 0xAD, 0xB9, 0x82, 0x4C, 0x47, 0x15, 0x70, 0xE5, 0x7F, 0x2C, 0x6A, 0x39, 0x93, 0x45, 0xE2, 0xA7, + 0xDA, 0x4C, 0xF1, 0x3D, 0xB7, 0x87, 0xD8, 0xD6, 0x81, 0xFD, 0x8F, 0x31, 0xEE, 0xC7, 0xCC, 0x31, + 0x46, 0x37, 0x4F, 0x50, 0x32, 0x06, 0xB7, 0x18, 0x3F, 0x6B, 0xA2, 0x90, 0x56, 0xD6, 0xA3, 0x4E, + 0x5F, 0x3F, 0x56, 0x66, 0xD0, 0x66, 0xB0, 0x3A, 0x63, 0xD3, 0x09, 0xB7, 0x30, 0xCE, 0x8F, 0x00, + 0x38, 0x97, 0x87, 0x07, 0xA8, 0xA5, 0x99, 0x47, 0x37, 0x59, 0xA3, 0x7F, 0x67, 0x2D, 0x2F, 0xE9, + 0xFF, 0xC9, 0x21, 0x91, 0x0F, 0xD0, 0x27, 0xB0, 0xE3, 0x86, 0xA1, 0x07, 0x80, 0x18, 0x20, 0xCF, + 0x7E, 0x3F, 0xED, 0x4C, 0xB7, 0x7F, 0xDE, 0x18, 0x0A, 0x02, 0xC9, 0x2B, 0xAA, 0x52, 0xF2, 0x72, + 0x79, 0x6B, 0x62, 0x8A, 0x1B, 0x14, 0x44, 0x03, 0x7E, 0xF0, 0x7E, 0xF0, 0x6C, 0xB1, 0xC9, 0x60, + 0xBC, 0xEA, 0xD3, 0xC6, 0xCE, 0xB9, 0x5E, 0xBF, 0x51, 0x4A, 0x22, 0xFC, 0x5D, 0xD7, 0x11, 0x58, + 0x82, 0x3A, 0x7D, 0x9C, 0x50, 0xB6, 0x11, 0x6B, 0x62, 0xFE, 0x72, 0x39, 0x64, 0xA3, 0x0B, 0x97, + 0xD4, 0x48, 0x58, 0xE0, 0xD8, 0xAF, 0x9B, 0x45, 0x2C, 0xCB, 0x28, 0xFC, 0x76, 0x17, 0x37, 0x2F, + 0xF9, 0x5D, 0xA4, 0x4A, 0x83, 0x05, 0xAB, 0x28, 0x0C, 0x8C, 0xDC, 0x12, 0xCA, 0xB5, 0xFA, 0x13, + 0xBF, 0x65, 0x2B, 0x2E, 0x8D, 0xB7, 0xB7, 0x19, 0x82, 0x30, 0x53, 0x54, 0x83, 0xF2, 0x85, 0xE1, + 0x52, 0x5F, 0xEE, 0xD3, 0x38, 0x8D, 0x4C, 0xB9, 0x0C, 0x2A, 0xDC, 0x36, 0xBF, 0x90, 0xBE, 0x53, + 0x46, 0xE2, 0xD9, 0x25, 0x57, 0x0C, 0x17, 0x85, 0xF1, 0x8F, 0xE9, 0xE1, 0xB7, 0x94, 0x00, 0x0C, + 0x53, 0xBB, 0x29, 0x05, 0xD0, 0x1B, 0x96, 0x5E, 0x4F, 0xAA, 0x20, 0x72, 0x06, 0x0F, 0x8F, 0x8F, + 0xD4, 0xA6, 0xB4, 0x0C, 0xAD, 0xE1, 0x86, 0x7F, 0xA0, 0xD1, 0x2E, 0xC0, 0x13, 0x08, 0x92, 0x6B, + 0xD4, 0x66, 0x16, 0x35, 0xB6, 0xC9, 0x9E, 0x2C, 0xC7, 0x8A, 0xB2, 0xB5, 0xFF, 0xA5, 0xB4, 0xD0, + 0x28, 0x38, 0x0B +}; + +// +// Password-protected PEM Key data for RSA Private Key Retrieving (encryption key is "client"). +// (Generated by OpenSSL utility). +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 TestKeyPem[] = { + 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x42, 0x45, 0x47, 0x49, 0x4E, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, + 0x54, 0x45, 0x20, 0x4B, 0x45, 0x59, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0D, 0x0A, 0x4D, 0x49, 0x49, + 0x47, 0x2F, 0x51, 0x49, 0x42, 0x41, 0x44, 0x41, 0x4E, 0x42, 0x67, 0x6B, 0x71, 0x68, 0x6B, 0x69, + 0x47, 0x39, 0x77, 0x30, 0x42, 0x41, 0x51, 0x45, 0x46, 0x41, 0x41, 0x53, 0x43, 0x42, 0x75, 0x63, + 0x77, 0x67, 0x67, 0x62, 0x6A, 0x41, 0x67, 0x45, 0x41, 0x41, 0x6F, 0x49, 0x42, 0x67, 0x51, 0x44, + 0x4A, 0x66, 0x54, 0x66, 0x78, 0x46, 0x50, 0x62, 0x75, 0x52, 0x4F, 0x66, 0x53, 0x0D, 0x0A, 0x57, + 0x36, 0x79, 0x6F, 0x71, 0x2F, 0x6B, 0x56, 0x37, 0x6D, 0x52, 0x79, 0x51, 0x32, 0x77, 0x78, 0x38, + 0x56, 0x32, 0x39, 0x79, 0x49, 0x54, 0x33, 0x4F, 0x46, 0x31, 0x47, 0x34, 0x4E, 0x71, 0x47, 0x70, + 0x33, 0x42, 0x49, 0x63, 0x46, 0x61, 0x46, 0x30, 0x73, 0x66, 0x57, 0x33, 0x79, 0x47, 0x51, 0x30, + 0x45, 0x72, 0x56, 0x78, 0x56, 0x78, 0x62, 0x55, 0x30, 0x6C, 0x78, 0x67, 0x67, 0x51, 0x31, 0x0D, + 0x0A, 0x58, 0x79, 0x7A, 0x62, 0x71, 0x7A, 0x57, 0x38, 0x59, 0x6E, 0x77, 0x7A, 0x30, 0x5A, 0x6D, + 0x38, 0x51, 0x4B, 0x38, 0x52, 0x32, 0x39, 0x70, 0x56, 0x73, 0x48, 0x73, 0x43, 0x46, 0x45, 0x43, + 0x4F, 0x56, 0x59, 0x6D, 0x57, 0x72, 0x77, 0x52, 0x31, 0x58, 0x72, 0x78, 0x31, 0x4B, 0x76, 0x77, + 0x73, 0x7A, 0x6D, 0x74, 0x70, 0x53, 0x53, 0x76, 0x7A, 0x78, 0x58, 0x46, 0x45, 0x30, 0x52, 0x4A, + 0x55, 0x0D, 0x0A, 0x70, 0x38, 0x32, 0x4D, 0x4A, 0x6F, 0x52, 0x4F, 0x5A, 0x48, 0x4C, 0x68, 0x46, + 0x33, 0x52, 0x4E, 0x57, 0x4A, 0x2B, 0x54, 0x55, 0x6B, 0x65, 0x48, 0x34, 0x45, 0x79, 0x74, 0x50, + 0x4B, 0x31, 0x69, 0x79, 0x33, 0x45, 0x46, 0x6B, 0x6D, 0x6A, 0x39, 0x5A, 0x45, 0x50, 0x55, 0x73, + 0x49, 0x59, 0x77, 0x77, 0x4C, 0x54, 0x51, 0x51, 0x70, 0x59, 0x65, 0x67, 0x41, 0x56, 0x62, 0x34, + 0x79, 0x79, 0x32, 0x0D, 0x0A, 0x6F, 0x64, 0x4C, 0x66, 0x64, 0x6E, 0x79, 0x71, 0x2B, 0x73, 0x50, + 0x63, 0x51, 0x78, 0x70, 0x58, 0x79, 0x47, 0x31, 0x64, 0x75, 0x64, 0x38, 0x4F, 0x5A, 0x39, 0x4E, + 0x59, 0x61, 0x77, 0x4B, 0x4E, 0x68, 0x4D, 0x30, 0x78, 0x76, 0x61, 0x32, 0x64, 0x41, 0x45, 0x57, + 0x42, 0x52, 0x4E, 0x72, 0x50, 0x6A, 0x76, 0x33, 0x69, 0x43, 0x61, 0x4A, 0x6F, 0x57, 0x70, 0x63, + 0x33, 0x59, 0x51, 0x55, 0x6F, 0x0D, 0x0A, 0x6B, 0x33, 0x66, 0x56, 0x71, 0x77, 0x68, 0x77, 0x43, + 0x57, 0x68, 0x75, 0x6C, 0x45, 0x34, 0x78, 0x58, 0x6C, 0x62, 0x7A, 0x44, 0x79, 0x6D, 0x4D, 0x4D, + 0x6A, 0x35, 0x44, 0x6F, 0x62, 0x47, 0x59, 0x61, 0x34, 0x6E, 0x62, 0x2F, 0x38, 0x68, 0x52, 0x4A, + 0x71, 0x33, 0x4C, 0x70, 0x66, 0x7A, 0x30, 0x36, 0x46, 0x2B, 0x68, 0x7A, 0x53, 0x6F, 0x2F, 0x33, + 0x47, 0x53, 0x56, 0x67, 0x69, 0x64, 0x71, 0x0D, 0x0A, 0x69, 0x7A, 0x38, 0x4B, 0x53, 0x75, 0x38, + 0x6D, 0x39, 0x77, 0x31, 0x43, 0x6F, 0x68, 0x72, 0x75, 0x72, 0x58, 0x79, 0x77, 0x77, 0x31, 0x46, + 0x68, 0x63, 0x32, 0x6E, 0x36, 0x63, 0x4F, 0x33, 0x54, 0x42, 0x4A, 0x48, 0x65, 0x50, 0x67, 0x66, + 0x50, 0x79, 0x54, 0x69, 0x39, 0x38, 0x2B, 0x5A, 0x6D, 0x63, 0x35, 0x45, 0x69, 0x6B, 0x58, 0x4F, + 0x45, 0x2F, 0x76, 0x49, 0x70, 0x75, 0x75, 0x56, 0x34, 0x0D, 0x0A, 0x58, 0x64, 0x64, 0x41, 0x52, + 0x33, 0x68, 0x50, 0x63, 0x37, 0x6E, 0x67, 0x74, 0x59, 0x70, 0x6B, 0x57, 0x36, 0x44, 0x57, 0x4D, + 0x6C, 0x51, 0x6C, 0x39, 0x56, 0x71, 0x47, 0x37, 0x72, 0x6F, 0x4D, 0x4B, 0x61, 0x6B, 0x71, 0x71, + 0x77, 0x56, 0x52, 0x65, 0x54, 0x48, 0x76, 0x5A, 0x30, 0x4D, 0x68, 0x32, 0x46, 0x45, 0x69, 0x59, + 0x47, 0x76, 0x64, 0x4A, 0x6D, 0x37, 0x71, 0x62, 0x6C, 0x6F, 0x50, 0x0D, 0x0A, 0x44, 0x35, 0x2B, + 0x58, 0x6B, 0x49, 0x32, 0x32, 0x2F, 0x74, 0x75, 0x6D, 0x2F, 0x75, 0x54, 0x4E, 0x35, 0x32, 0x36, + 0x4F, 0x45, 0x70, 0x53, 0x35, 0x4E, 0x70, 0x48, 0x36, 0x30, 0x6E, 0x6B, 0x4A, 0x58, 0x51, 0x65, + 0x79, 0x68, 0x53, 0x4D, 0x79, 0x39, 0x32, 0x69, 0x59, 0x2B, 0x35, 0x33, 0x2F, 0x41, 0x61, 0x6B, + 0x43, 0x41, 0x77, 0x45, 0x41, 0x41, 0x51, 0x4B, 0x43, 0x41, 0x59, 0x42, 0x36, 0x0D, 0x0A, 0x53, + 0x33, 0x69, 0x43, 0x36, 0x58, 0x69, 0x66, 0x55, 0x6B, 0x39, 0x71, 0x7A, 0x4A, 0x33, 0x56, 0x6D, + 0x74, 0x77, 0x4B, 0x78, 0x62, 0x46, 0x4E, 0x38, 0x55, 0x4A, 0x67, 0x5A, 0x65, 0x48, 0x42, 0x36, + 0x55, 0x31, 0x62, 0x53, 0x47, 0x6A, 0x46, 0x4E, 0x6F, 0x45, 0x73, 0x72, 0x63, 0x42, 0x6E, 0x46, + 0x31, 0x68, 0x4D, 0x7A, 0x59, 0x7A, 0x69, 0x44, 0x48, 0x69, 0x78, 0x44, 0x74, 0x76, 0x39, 0x0D, + 0x0A, 0x4F, 0x46, 0x64, 0x41, 0x54, 0x79, 0x4D, 0x4B, 0x74, 0x43, 0x47, 0x64, 0x79, 0x33, 0x44, + 0x4D, 0x75, 0x2F, 0x52, 0x58, 0x72, 0x57, 0x63, 0x35, 0x68, 0x49, 0x54, 0x4E, 0x55, 0x47, 0x31, + 0x79, 0x5A, 0x34, 0x44, 0x7A, 0x39, 0x62, 0x51, 0x54, 0x70, 0x50, 0x73, 0x78, 0x36, 0x52, 0x55, + 0x6A, 0x30, 0x6F, 0x4C, 0x67, 0x51, 0x6D, 0x6F, 0x63, 0x71, 0x38, 0x52, 0x33, 0x35, 0x61, 0x6F, + 0x6F, 0x0D, 0x0A, 0x4D, 0x33, 0x4E, 0x72, 0x2B, 0x48, 0x45, 0x78, 0x6C, 0x62, 0x79, 0x4D, 0x69, + 0x58, 0x55, 0x6E, 0x46, 0x64, 0x48, 0x45, 0x53, 0x77, 0x2B, 0x33, 0x4D, 0x36, 0x63, 0x78, 0x73, + 0x78, 0x4C, 0x59, 0x4E, 0x6C, 0x36, 0x59, 0x53, 0x44, 0x6F, 0x43, 0x42, 0x41, 0x77, 0x78, 0x4A, + 0x4D, 0x34, 0x71, 0x31, 0x5A, 0x7A, 0x48, 0x2F, 0x2B, 0x31, 0x7A, 0x30, 0x4E, 0x6B, 0x43, 0x43, + 0x6C, 0x55, 0x30, 0x0D, 0x0A, 0x2B, 0x74, 0x56, 0x6E, 0x47, 0x63, 0x6B, 0x6D, 0x35, 0x70, 0x49, + 0x6A, 0x48, 0x38, 0x47, 0x41, 0x52, 0x4D, 0x69, 0x53, 0x64, 0x72, 0x59, 0x65, 0x6F, 0x4E, 0x51, + 0x43, 0x5A, 0x2F, 0x4B, 0x4A, 0x71, 0x75, 0x47, 0x4B, 0x4F, 0x74, 0x5A, 0x36, 0x6D, 0x69, 0x6A, + 0x6F, 0x67, 0x4B, 0x79, 0x53, 0x2F, 0x6B, 0x2B, 0x38, 0x4E, 0x59, 0x66, 0x36, 0x57, 0x44, 0x4A, + 0x2F, 0x50, 0x49, 0x67, 0x6B, 0x0D, 0x0A, 0x63, 0x30, 0x38, 0x4A, 0x35, 0x2B, 0x42, 0x50, 0x7A, + 0x42, 0x4A, 0x51, 0x59, 0x67, 0x66, 0x55, 0x64, 0x4E, 0x2B, 0x76, 0x46, 0x6B, 0x54, 0x6E, 0x79, + 0x66, 0x72, 0x6F, 0x69, 0x74, 0x33, 0x42, 0x71, 0x54, 0x36, 0x56, 0x45, 0x53, 0x55, 0x57, 0x53, + 0x46, 0x56, 0x59, 0x71, 0x38, 0x35, 0x57, 0x76, 0x58, 0x6B, 0x76, 0x50, 0x79, 0x55, 0x6D, 0x79, + 0x46, 0x5A, 0x58, 0x61, 0x2B, 0x74, 0x6A, 0x0D, 0x0A, 0x52, 0x74, 0x56, 0x68, 0x63, 0x68, 0x4E, + 0x49, 0x44, 0x65, 0x71, 0x73, 0x33, 0x44, 0x56, 0x7A, 0x79, 0x36, 0x45, 0x55, 0x6A, 0x79, 0x30, + 0x62, 0x58, 0x35, 0x5A, 0x48, 0x6E, 0x67, 0x58, 0x42, 0x4B, 0x4D, 0x57, 0x56, 0x68, 0x56, 0x36, + 0x52, 0x34, 0x65, 0x65, 0x44, 0x70, 0x71, 0x71, 0x4B, 0x51, 0x42, 0x4E, 0x74, 0x57, 0x47, 0x32, + 0x75, 0x6C, 0x37, 0x34, 0x73, 0x4A, 0x53, 0x7A, 0x77, 0x0D, 0x0A, 0x52, 0x67, 0x48, 0x39, 0x56, + 0x69, 0x70, 0x73, 0x53, 0x56, 0x4C, 0x6A, 0x34, 0x73, 0x69, 0x41, 0x38, 0x66, 0x72, 0x52, 0x75, + 0x39, 0x33, 0x52, 0x34, 0x43, 0x72, 0x50, 0x31, 0x4F, 0x32, 0x2B, 0x6A, 0x57, 0x5A, 0x67, 0x51, + 0x36, 0x67, 0x2F, 0x49, 0x6A, 0x4E, 0x4D, 0x77, 0x7A, 0x74, 0x37, 0x4B, 0x6D, 0x61, 0x44, 0x75, + 0x6E, 0x4A, 0x6A, 0x52, 0x4D, 0x55, 0x4B, 0x4F, 0x53, 0x4F, 0x38, 0x0D, 0x0A, 0x71, 0x77, 0x54, + 0x66, 0x68, 0x78, 0x67, 0x51, 0x79, 0x4F, 0x4D, 0x57, 0x49, 0x73, 0x39, 0x31, 0x69, 0x4D, 0x63, + 0x58, 0x4B, 0x66, 0x59, 0x6D, 0x7A, 0x61, 0x4E, 0x77, 0x66, 0x66, 0x4A, 0x47, 0x51, 0x65, 0x72, + 0x2F, 0x49, 0x48, 0x59, 0x57, 0x79, 0x50, 0x75, 0x4B, 0x36, 0x57, 0x4D, 0x46, 0x4B, 0x53, 0x68, + 0x6B, 0x77, 0x47, 0x2F, 0x36, 0x5A, 0x4E, 0x42, 0x48, 0x52, 0x41, 0x45, 0x43, 0x0D, 0x0A, 0x67, + 0x63, 0x45, 0x41, 0x37, 0x78, 0x6F, 0x71, 0x5A, 0x75, 0x54, 0x59, 0x66, 0x7A, 0x6B, 0x62, 0x55, + 0x77, 0x55, 0x58, 0x62, 0x30, 0x75, 0x35, 0x4A, 0x57, 0x69, 0x6E, 0x77, 0x69, 0x76, 0x6D, 0x59, + 0x6E, 0x41, 0x75, 0x59, 0x53, 0x64, 0x55, 0x77, 0x48, 0x69, 0x4D, 0x5A, 0x68, 0x44, 0x36, 0x4E, + 0x6A, 0x51, 0x70, 0x41, 0x41, 0x6C, 0x48, 0x6E, 0x78, 0x31, 0x39, 0x6C, 0x6A, 0x54, 0x50, 0x0D, + 0x0A, 0x4E, 0x72, 0x30, 0x6E, 0x39, 0x52, 0x6A, 0x76, 0x44, 0x47, 0x4C, 0x62, 0x38, 0x6E, 0x38, + 0x42, 0x52, 0x33, 0x4C, 0x64, 0x79, 0x67, 0x52, 0x63, 0x52, 0x79, 0x75, 0x38, 0x39, 0x59, 0x7A, + 0x58, 0x4F, 0x2F, 0x67, 0x71, 0x70, 0x6B, 0x6F, 0x52, 0x45, 0x35, 0x51, 0x6D, 0x54, 0x35, 0x51, + 0x46, 0x36, 0x30, 0x72, 0x37, 0x55, 0x35, 0x31, 0x63, 0x48, 0x54, 0x77, 0x65, 0x59, 0x73, 0x46, + 0x46, 0x0D, 0x0A, 0x33, 0x2B, 0x76, 0x33, 0x37, 0x51, 0x59, 0x71, 0x4F, 0x55, 0x41, 0x72, 0x34, + 0x31, 0x74, 0x50, 0x73, 0x50, 0x38, 0x4E, 0x71, 0x64, 0x4E, 0x65, 0x4C, 0x71, 0x32, 0x79, 0x47, + 0x5A, 0x47, 0x50, 0x32, 0x59, 0x50, 0x63, 0x30, 0x69, 0x30, 0x42, 0x76, 0x71, 0x32, 0x2F, 0x38, + 0x32, 0x67, 0x6F, 0x33, 0x74, 0x6B, 0x41, 0x4E, 0x73, 0x59, 0x4A, 0x56, 0x72, 0x30, 0x48, 0x68, + 0x43, 0x68, 0x58, 0x0D, 0x0A, 0x69, 0x51, 0x69, 0x72, 0x50, 0x4C, 0x30, 0x43, 0x47, 0x58, 0x33, + 0x79, 0x6E, 0x30, 0x79, 0x77, 0x50, 0x58, 0x34, 0x34, 0x2F, 0x71, 0x4F, 0x64, 0x59, 0x69, 0x69, + 0x46, 0x37, 0x78, 0x42, 0x6C, 0x42, 0x4B, 0x78, 0x34, 0x54, 0x76, 0x75, 0x4C, 0x6F, 0x2F, 0x64, + 0x43, 0x65, 0x76, 0x4F, 0x64, 0x38, 0x54, 0x4E, 0x7A, 0x35, 0x6D, 0x53, 0x6C, 0x44, 0x46, 0x39, + 0x6E, 0x6A, 0x31, 0x51, 0x66, 0x0D, 0x0A, 0x37, 0x6B, 0x5A, 0x70, 0x41, 0x6F, 0x48, 0x42, 0x41, + 0x4E, 0x65, 0x36, 0x6A, 0x72, 0x33, 0x68, 0x42, 0x75, 0x72, 0x58, 0x56, 0x6D, 0x62, 0x66, 0x57, + 0x58, 0x49, 0x34, 0x37, 0x52, 0x76, 0x44, 0x61, 0x6C, 0x74, 0x30, 0x49, 0x38, 0x65, 0x48, 0x32, + 0x72, 0x68, 0x59, 0x6D, 0x2F, 0x51, 0x61, 0x31, 0x61, 0x4F, 0x4F, 0x74, 0x66, 0x59, 0x61, 0x43, + 0x62, 0x43, 0x36, 0x6E, 0x4D, 0x61, 0x37, 0x0D, 0x0A, 0x4A, 0x57, 0x2B, 0x53, 0x6F, 0x78, 0x35, + 0x34, 0x6F, 0x6B, 0x73, 0x39, 0x64, 0x6C, 0x66, 0x78, 0x61, 0x65, 0x4C, 0x56, 0x67, 0x39, 0x6C, + 0x5A, 0x58, 0x61, 0x4A, 0x5A, 0x58, 0x45, 0x4A, 0x74, 0x4A, 0x66, 0x30, 0x35, 0x5A, 0x5A, 0x53, + 0x77, 0x72, 0x59, 0x79, 0x5A, 0x75, 0x4A, 0x58, 0x38, 0x45, 0x65, 0x79, 0x55, 0x31, 0x37, 0x50, + 0x78, 0x4A, 0x78, 0x37, 0x57, 0x6C, 0x31, 0x6E, 0x34, 0x0D, 0x0A, 0x6A, 0x41, 0x35, 0x53, 0x41, + 0x2F, 0x76, 0x62, 0x5A, 0x62, 0x31, 0x6C, 0x59, 0x4E, 0x51, 0x2B, 0x37, 0x4A, 0x43, 0x44, 0x74, + 0x53, 0x62, 0x4E, 0x47, 0x79, 0x53, 0x54, 0x71, 0x68, 0x49, 0x32, 0x4B, 0x41, 0x58, 0x43, 0x6D, + 0x68, 0x49, 0x70, 0x63, 0x31, 0x64, 0x45, 0x45, 0x47, 0x30, 0x32, 0x6C, 0x61, 0x44, 0x6F, 0x75, + 0x4D, 0x31, 0x4E, 0x75, 0x55, 0x56, 0x6F, 0x2B, 0x46, 0x59, 0x44, 0x0D, 0x0A, 0x57, 0x42, 0x41, + 0x59, 0x66, 0x30, 0x42, 0x72, 0x2F, 0x42, 0x6B, 0x6F, 0x5A, 0x31, 0x33, 0x65, 0x2F, 0x46, 0x31, + 0x30, 0x54, 0x48, 0x35, 0x2F, 0x45, 0x77, 0x38, 0x38, 0x2F, 0x72, 0x39, 0x75, 0x68, 0x4B, 0x73, + 0x6D, 0x30, 0x72, 0x43, 0x73, 0x38, 0x6B, 0x66, 0x64, 0x39, 0x2B, 0x53, 0x56, 0x65, 0x68, 0x76, + 0x61, 0x51, 0x6A, 0x56, 0x49, 0x31, 0x47, 0x48, 0x35, 0x6E, 0x47, 0x7A, 0x4B, 0x0D, 0x0A, 0x43, + 0x79, 0x4C, 0x74, 0x76, 0x59, 0x76, 0x35, 0x51, 0x51, 0x4B, 0x42, 0x77, 0x51, 0x44, 0x48, 0x4E, + 0x2B, 0x6A, 0x75, 0x64, 0x47, 0x79, 0x43, 0x6A, 0x45, 0x56, 0x64, 0x42, 0x64, 0x67, 0x42, 0x7A, + 0x6E, 0x6B, 0x45, 0x56, 0x30, 0x2B, 0x33, 0x74, 0x44, 0x59, 0x76, 0x2F, 0x4D, 0x4A, 0x59, 0x42, + 0x70, 0x70, 0x53, 0x42, 0x39, 0x38, 0x4C, 0x52, 0x38, 0x67, 0x43, 0x6B, 0x37, 0x45, 0x35, 0x0D, + 0x0A, 0x71, 0x34, 0x47, 0x32, 0x62, 0x4B, 0x37, 0x77, 0x45, 0x53, 0x34, 0x35, 0x73, 0x4A, 0x39, + 0x7A, 0x55, 0x77, 0x51, 0x53, 0x4D, 0x4F, 0x69, 0x4D, 0x41, 0x78, 0x42, 0x41, 0x78, 0x4D, 0x39, + 0x51, 0x2F, 0x42, 0x4D, 0x61, 0x35, 0x62, 0x46, 0x36, 0x63, 0x6F, 0x2F, 0x2F, 0x45, 0x6F, 0x59, + 0x4F, 0x71, 0x5A, 0x58, 0x53, 0x31, 0x31, 0x53, 0x59, 0x5A, 0x34, 0x41, 0x4C, 0x44, 0x52, 0x32, + 0x64, 0x0D, 0x0A, 0x44, 0x48, 0x62, 0x73, 0x6B, 0x4F, 0x50, 0x4D, 0x61, 0x72, 0x62, 0x61, 0x6E, + 0x4E, 0x53, 0x6B, 0x38, 0x38, 0x63, 0x49, 0x6A, 0x70, 0x52, 0x43, 0x79, 0x68, 0x6A, 0x37, 0x49, + 0x33, 0x66, 0x78, 0x38, 0x50, 0x2F, 0x2F, 0x4B, 0x70, 0x42, 0x44, 0x52, 0x34, 0x6F, 0x77, 0x74, + 0x50, 0x4B, 0x76, 0x56, 0x2F, 0x71, 0x6C, 0x4D, 0x6B, 0x58, 0x46, 0x2F, 0x42, 0x70, 0x5A, 0x6D, + 0x7A, 0x72, 0x58, 0x0D, 0x0A, 0x61, 0x47, 0x66, 0x74, 0x6B, 0x6E, 0x43, 0x4A, 0x78, 0x38, 0x63, + 0x76, 0x6B, 0x54, 0x36, 0x44, 0x7A, 0x41, 0x50, 0x4D, 0x30, 0x36, 0x6A, 0x73, 0x32, 0x38, 0x76, + 0x59, 0x59, 0x4B, 0x77, 0x43, 0x56, 0x72, 0x62, 0x53, 0x53, 0x32, 0x74, 0x55, 0x78, 0x6A, 0x63, + 0x31, 0x44, 0x72, 0x4C, 0x72, 0x4E, 0x43, 0x47, 0x6B, 0x53, 0x32, 0x64, 0x6A, 0x35, 0x45, 0x6E, + 0x4C, 0x35, 0x35, 0x41, 0x41, 0x0D, 0x0A, 0x2F, 0x67, 0x69, 0x61, 0x35, 0x33, 0x37, 0x30, 0x36, + 0x43, 0x58, 0x32, 0x74, 0x55, 0x6B, 0x43, 0x67, 0x63, 0x41, 0x53, 0x4E, 0x4E, 0x6C, 0x31, 0x4A, + 0x76, 0x65, 0x70, 0x66, 0x44, 0x44, 0x37, 0x6A, 0x36, 0x41, 0x42, 0x35, 0x74, 0x49, 0x45, 0x42, + 0x4E, 0x4D, 0x47, 0x45, 0x75, 0x41, 0x75, 0x4A, 0x38, 0x59, 0x4B, 0x78, 0x74, 0x65, 0x71, 0x6D, + 0x31, 0x55, 0x71, 0x62, 0x35, 0x48, 0x6C, 0x0D, 0x0A, 0x79, 0x6A, 0x37, 0x46, 0x48, 0x6F, 0x71, + 0x36, 0x72, 0x76, 0x4B, 0x79, 0x33, 0x75, 0x4A, 0x4C, 0x59, 0x51, 0x7A, 0x35, 0x59, 0x70, 0x2B, + 0x4A, 0x50, 0x6F, 0x4F, 0x63, 0x4E, 0x44, 0x37, 0x6A, 0x61, 0x67, 0x70, 0x66, 0x2B, 0x45, 0x43, + 0x30, 0x44, 0x6E, 0x67, 0x6C, 0x54, 0x65, 0x48, 0x48, 0x30, 0x62, 0x31, 0x6A, 0x33, 0x31, 0x6C, + 0x58, 0x74, 0x79, 0x56, 0x67, 0x48, 0x52, 0x4F, 0x7A, 0x0D, 0x0A, 0x53, 0x51, 0x66, 0x76, 0x4C, + 0x31, 0x63, 0x6F, 0x72, 0x62, 0x52, 0x4D, 0x52, 0x52, 0x6D, 0x32, 0x2B, 0x4D, 0x59, 0x32, 0x58, + 0x4D, 0x62, 0x32, 0x51, 0x72, 0x55, 0x2B, 0x59, 0x51, 0x38, 0x35, 0x7A, 0x68, 0x65, 0x62, 0x56, + 0x36, 0x63, 0x44, 0x30, 0x48, 0x52, 0x43, 0x51, 0x44, 0x45, 0x32, 0x6C, 0x53, 0x37, 0x35, 0x7A, + 0x33, 0x47, 0x2F, 0x64, 0x64, 0x72, 0x63, 0x38, 0x4B, 0x63, 0x67, 0x0D, 0x0A, 0x46, 0x49, 0x34, + 0x74, 0x55, 0x48, 0x57, 0x63, 0x39, 0x4C, 0x31, 0x4B, 0x35, 0x6E, 0x5A, 0x65, 0x33, 0x6E, 0x34, + 0x78, 0x4E, 0x56, 0x71, 0x37, 0x37, 0x6D, 0x54, 0x49, 0x45, 0x6C, 0x65, 0x65, 0x57, 0x57, 0x55, + 0x6E, 0x5A, 0x52, 0x4E, 0x75, 0x33, 0x6F, 0x6E, 0x74, 0x30, 0x2B, 0x48, 0x32, 0x4C, 0x54, 0x4A, + 0x70, 0x5A, 0x45, 0x39, 0x57, 0x69, 0x46, 0x4C, 0x38, 0x35, 0x4D, 0x65, 0x76, 0x0D, 0x0A, 0x72, + 0x59, 0x7A, 0x58, 0x45, 0x2F, 0x54, 0x69, 0x72, 0x59, 0x36, 0x52, 0x44, 0x52, 0x56, 0x78, 0x4B, + 0x63, 0x45, 0x43, 0x67, 0x63, 0x42, 0x58, 0x6C, 0x53, 0x6C, 0x6C, 0x45, 0x6F, 0x54, 0x4F, 0x41, + 0x39, 0x77, 0x57, 0x66, 0x6B, 0x57, 0x77, 0x4A, 0x69, 0x2B, 0x32, 0x56, 0x56, 0x4F, 0x69, 0x7A, + 0x34, 0x75, 0x38, 0x72, 0x6E, 0x37, 0x6C, 0x34, 0x36, 0x4A, 0x39, 0x78, 0x61, 0x35, 0x51, 0x0D, + 0x0A, 0x71, 0x62, 0x59, 0x45, 0x6F, 0x33, 0x66, 0x5A, 0x30, 0x47, 0x59, 0x41, 0x54, 0x44, 0x67, + 0x36, 0x78, 0x52, 0x43, 0x57, 0x32, 0x75, 0x62, 0x74, 0x2B, 0x6B, 0x39, 0x42, 0x44, 0x46, 0x4D, + 0x46, 0x73, 0x52, 0x34, 0x6B, 0x39, 0x31, 0x45, 0x78, 0x63, 0x42, 0x54, 0x44, 0x65, 0x2B, 0x6B, + 0x36, 0x6B, 0x35, 0x47, 0x54, 0x72, 0x78, 0x5A, 0x66, 0x4D, 0x75, 0x56, 0x2F, 0x31, 0x58, 0x67, + 0x5A, 0x0D, 0x0A, 0x38, 0x5A, 0x79, 0x37, 0x38, 0x4D, 0x64, 0x36, 0x32, 0x49, 0x4D, 0x78, 0x62, + 0x71, 0x34, 0x6E, 0x56, 0x63, 0x44, 0x52, 0x74, 0x4E, 0x70, 0x70, 0x35, 0x34, 0x33, 0x59, 0x57, + 0x70, 0x71, 0x77, 0x63, 0x67, 0x64, 0x79, 0x6F, 0x78, 0x4A, 0x6F, 0x4D, 0x6E, 0x37, 0x50, 0x50, + 0x54, 0x77, 0x67, 0x4C, 0x37, 0x43, 0x4B, 0x4B, 0x74, 0x36, 0x58, 0x65, 0x68, 0x76, 0x75, 0x62, + 0x41, 0x49, 0x45, 0x0D, 0x0A, 0x35, 0x65, 0x31, 0x49, 0x34, 0x58, 0x7A, 0x54, 0x57, 0x6F, 0x53, + 0x54, 0x54, 0x61, 0x4C, 0x48, 0x57, 0x56, 0x52, 0x47, 0x41, 0x41, 0x2F, 0x70, 0x33, 0x56, 0x75, + 0x37, 0x53, 0x63, 0x36, 0x7A, 0x79, 0x54, 0x78, 0x51, 0x6A, 0x4A, 0x73, 0x52, 0x78, 0x42, 0x41, + 0x74, 0x5A, 0x47, 0x47, 0x53, 0x66, 0x76, 0x42, 0x5A, 0x6B, 0x57, 0x4B, 0x2B, 0x44, 0x75, 0x71, + 0x4F, 0x76, 0x6F, 0x36, 0x38, 0x0D, 0x0A, 0x44, 0x4B, 0x4B, 0x38, 0x51, 0x73, 0x76, 0x43, 0x38, + 0x6F, 0x44, 0x47, 0x72, 0x6B, 0x5A, 0x49, 0x43, 0x52, 0x49, 0x43, 0x7A, 0x37, 0x34, 0x3D, 0x0D, + 0x0A, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x45, 0x4E, 0x44, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, + 0x45, 0x20, 0x4B, 0x45, 0x59, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0D, 0x0A +}; + +// +// Password for private key retrieving from encrypted PEM ("TestKeyPem"). +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 *PemPass = "client"; + +// +// Message Hash for Signing & Verification Validation. +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 MsgHash[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, + 0x00, 0x01 +}; + +// +// Payload for PKCS#7 Signing & Verification Validation. +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 *Payload = "Payload Data for PKCS#7 Signing"; + +/** + Validate UEFI-OpenSSL RSA Key Retrieving & Signature Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptRsa2 ( + VOID + ) +{ + BOOLEAN Status; + VOID *RsaPrivKey; + VOID *RsaPubKey; + UINT8 *Signature; + UINTN SigSize; + UINT8 *Subject; + UINTN SubjectSize; + RETURN_STATUS ReturnStatus; + CHAR8 CommonName[64]; + CHAR16 CommonNameUnicode[64]; + UINTN CommonNameSize; + + Print (L"\nUEFI-OpenSSL RSA Key Retrieving Testing: "); + + // + // Retrieve RSA private key from encrypted PEM data. + // + Print (L"\n- Retrieve RSA Private Key for PEM ..."); + Status = RsaGetPrivateKeyFromPem (TestKeyPem, sizeof (TestKeyPem), PemPass, &RsaPrivKey); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } else { + Print (L"[Pass]"); + } + + // + // Retrieve RSA public key from X509 Certificate. + // + Print (L"\n- Retrieve RSA Public Key from X509 ... "); + RsaPubKey = NULL; + Status = RsaGetPublicKeyFromX509 (TestCert, sizeof (TestCert), &RsaPubKey); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } else { + Print (L"[Pass]"); + } + + // + // Generate RSA PKCS#1 Signature. + // + Print (L"\n- PKCS#1 Signature ... "); + SigSize = 0; + Status = RsaPkcs1Sign (RsaPrivKey, MsgHash, SHA256_DIGEST_SIZE, NULL, &SigSize); + if (Status || (SigSize == 0)) { + Print (L"[Fail]"); + return EFI_ABORTED; + } + + Signature = AllocatePool (SigSize); + Status = RsaPkcs1Sign (RsaPrivKey, MsgHash, SHA256_DIGEST_SIZE, Signature, &SigSize); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } else { + Print (L"[Pass]"); + } + + // + // Verify RSA PKCS#1-encoded Signature. + // + Print (L"\n- PKCS#1 Signature Verification ... "); + Status = RsaPkcs1Verify (RsaPubKey, MsgHash, SHA256_DIGEST_SIZE, Signature, SigSize); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } else { + Print (L"[Pass]"); + } + + // + // X509 Certificate Subject Retrieving. + // + Print (L"\n- X509 Certificate Subject Bytes Retrieving ... "); + SubjectSize = 0; + Status = X509GetSubjectName (TestCert, sizeof (TestCert), NULL, &SubjectSize); + Subject = (UINT8 *)AllocatePool (SubjectSize); + Status = X509GetSubjectName (TestCert, sizeof (TestCert), Subject, &SubjectSize); + if (!Status) { + Print (L"[Fail]"); + return EFI_ABORTED; + } else { + Print (L"[Pass]"); + } + + // + // Get CommonName from X509 Certificate Subject + // + CommonNameSize = 64; + ZeroMem (CommonName, CommonNameSize); + ReturnStatus = X509GetCommonName (TestCert, sizeof (TestCert), CommonName, &CommonNameSize); + if (RETURN_ERROR (ReturnStatus)) { + Print (L"\n - Retrieving Common Name - [Fail]"); + return EFI_ABORTED; + } else { + AsciiStrToUnicodeStrS (CommonName, CommonNameUnicode, CommonNameSize); + Print (L"\n - Retrieving Common Name = \"%s\" (Size = %d)", CommonNameUnicode, CommonNameSize); + } + + // + // X509 Certificate Verification. + // + Print (L"\n- X509 Certificate Verification with Trusted CA ..."); + Status = X509VerifyCert (TestCert, sizeof (TestCert), TestCACert, sizeof (TestCACert)); + if (!Status) { + Print (L"[Fail]\n"); + return EFI_ABORTED; + } else { + Print (L"[Pass]\n"); + } + + // + // Release Resources. + // + RsaFree (RsaPubKey); + RsaFree (RsaPrivKey); + FreePool (Signature); + FreePool (Subject); + + return EFI_SUCCESS; +} + +/** + Validate UEFI-OpenSSL PKCS#7 Signing & Verification Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateCryptPkcs7 ( + VOID + ) +{ + BOOLEAN Status; + UINT8 *P7SignedData; + UINTN P7SignedDataSize; + UINT8 *SignCert; + + P7SignedData = NULL; + SignCert = NULL; + + Print (L"\nUEFI-OpenSSL PKCS#7 Signing & Verification Testing: "); + + Print (L"\n- Create PKCS#7 signedData ..."); + + // + // Construct Signer Certificate from RAW data. + // + Status = X509ConstructCertificate (TestCert, sizeof (TestCert), (UINT8 **)&SignCert); + if (!Status || (SignCert == NULL)) { + Print (L"[Fail]"); + goto _Exit; + } else { + Print (L"[Pass]"); + } + + // + // Create PKCS#7 signedData on Payload. + // Note: Caller should release P7SignedData manually. + // + Status = Pkcs7Sign ( + TestKeyPem, + sizeof (TestKeyPem), + (CONST UINT8 *)PemPass, + (UINT8 *)Payload, + AsciiStrLen (Payload), + SignCert, + NULL, + &P7SignedData, + &P7SignedDataSize + ); + if (!Status || (P7SignedDataSize == 0)) { + Print (L"[Fail]"); + goto _Exit; + } else { + Print (L"[Pass]"); + } + + Print (L"\n- Verify PKCS#7 signedData ..."); + + Status = Pkcs7Verify ( + P7SignedData, + P7SignedDataSize, + TestCACert, + sizeof (TestCACert), + (UINT8 *)Payload, + AsciiStrLen (Payload) + ); + if (!Status) { + Print (L"[Fail]"); + } else { + Print (L"[Pass]"); + } + +_Exit: + if (P7SignedData != NULL) { + FreePool (P7SignedData); + } + + if (SignCert != NULL) { + X509Free (SignCert); + } + + Print (L"\n"); + return EFI_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/Test/Cryptest/TSVerify.c b/DeviceSecurityTestPkg/Test/Cryptest/TSVerify.c new file mode 100644 index 00000000000..bc1279047a0 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Cryptest/TSVerify.c @@ -0,0 +1,364 @@ +/** @file + Sample Implementation for RFC3161 Time Stamping Verification. + +Copyright (c) 2014, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "Cryptest.h" + +// +// Sample Authenticode Data with RFC3161 time stamping signature. +// The data retrieved from one signed sample UEFI image, which is generated by MSFT's signtool +// utility in conjunction with RFC3161 timestamping, as the following command: +// signtool sign /ac / f /p /fd +// /tr http://timestamp.comodoca.com/rfc3161 sample.efi +// +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 AuthenticodeWithTS[] = { + 0x30, 0x82, 0x0c, 0x00, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, + 0x82, 0x0b, 0xf1, 0x30, 0x82, 0x0b, 0xed, 0x02, 0x01, 0x01, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, 0x78, 0x06, 0x0a, 0x2b, + 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x04, 0xa0, 0x6a, 0x30, 0x68, 0x30, 0x33, 0x06, + 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x0f, 0x30, 0x25, 0x03, 0x01, 0x00, + 0xa0, 0x20, 0xa2, 0x1e, 0x80, 0x1c, 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x4f, 0x00, 0x62, + 0x00, 0x73, 0x00, 0x6f, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x74, 0x00, 0x65, 0x00, 0x3e, 0x00, 0x3e, + 0x00, 0x3e, 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, + 0x01, 0x05, 0x00, 0x04, 0x20, 0x1e, 0x9e, 0x74, 0x31, 0xe1, 0x3e, 0x51, 0x46, 0xab, 0xce, 0x10, + 0x0d, 0x7c, 0x38, 0x66, 0x34, 0xd4, 0xdd, 0x04, 0xa5, 0xe7, 0x75, 0x40, 0xdd, 0x99, 0x73, 0xf3, + 0x2a, 0x54, 0x3e, 0xa8, 0x18, 0xa0, 0x82, 0x01, 0xee, 0x30, 0x82, 0x01, 0xea, 0x30, 0x82, 0x01, + 0x57, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x2c, 0x65, 0xcf, 0xcf, 0xdd, 0x61, 0x7b, 0xa4, + 0x41, 0xad, 0x26, 0x1b, 0x63, 0xce, 0x91, 0x0f, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, + 0x1d, 0x05, 0x00, 0x30, 0x13, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x08, + 0x54, 0x65, 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x30, 0x37, + 0x32, 0x38, 0x30, 0x37, 0x33, 0x38, 0x35, 0x39, 0x5a, 0x17, 0x0d, 0x33, 0x39, 0x31, 0x32, 0x33, + 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x13, 0x07, 0x54, 0x65, 0x73, 0x74, 0x53, 0x75, 0x62, 0x30, 0x81, 0x9f, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, + 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0x94, 0xa6, 0x02, 0x15, 0x87, 0xd6, 0xbf, + 0x71, 0xe8, 0xc6, 0x68, 0xf6, 0x9f, 0x66, 0x09, 0x6c, 0xe7, 0x39, 0x52, 0xf4, 0x4e, 0xaf, 0xf5, + 0xe0, 0xba, 0x0f, 0xfd, 0xe6, 0x77, 0xa9, 0x71, 0x5b, 0x5c, 0x92, 0x50, 0x1d, 0xfd, 0x9b, 0x6e, + 0x52, 0x92, 0x9e, 0x3a, 0x75, 0x86, 0x41, 0x2a, 0x41, 0x30, 0x1b, 0x67, 0x66, 0x91, 0xde, 0x71, + 0x84, 0xe0, 0x90, 0xc3, 0x50, 0x36, 0x78, 0xb5, 0xa0, 0x1e, 0x72, 0xde, 0xe7, 0x66, 0x42, 0x4f, + 0x59, 0x5e, 0x3d, 0xf3, 0x85, 0x82, 0x0b, 0xa8, 0x26, 0x2d, 0xd9, 0xe3, 0x14, 0xda, 0x9d, 0x2e, + 0x3f, 0x53, 0x4d, 0x8d, 0x10, 0xbf, 0xa4, 0x7c, 0xe5, 0xaf, 0x3a, 0xa6, 0xaf, 0x49, 0x64, 0xb0, + 0x60, 0x17, 0x87, 0x71, 0x77, 0x59, 0x52, 0xe5, 0x5a, 0xed, 0x96, 0x7d, 0x7e, 0x5d, 0xc1, 0xef, + 0x6b, 0xfb, 0x80, 0xc5, 0x2b, 0x10, 0xfe, 0xe7, 0xd3, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x48, + 0x30, 0x46, 0x30, 0x44, 0x06, 0x03, 0x55, 0x1d, 0x01, 0x04, 0x3d, 0x30, 0x3b, 0x80, 0x10, 0x19, + 0x8d, 0x48, 0xa1, 0xb9, 0xf3, 0x5e, 0x3c, 0x13, 0xb4, 0x08, 0xb6, 0xd9, 0xf3, 0x4f, 0x0a, 0xa1, + 0x15, 0x30, 0x13, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x08, 0x54, 0x65, + 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x82, 0x10, 0x27, 0xcb, 0x16, 0x33, 0x8b, 0xed, 0x4d, 0xa8, + 0x47, 0xf0, 0x86, 0x47, 0x10, 0xef, 0x15, 0xd9, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, + 0x1d, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x51, 0x94, 0xed, 0x7a, 0x5c, 0x0b, 0x34, 0x16, 0x9c, + 0xf4, 0x5f, 0x88, 0x16, 0xa8, 0x4b, 0x13, 0xfc, 0xa4, 0x0a, 0xc7, 0xd9, 0x20, 0xb1, 0x93, 0xc5, + 0x81, 0x4f, 0x35, 0x3a, 0x89, 0x10, 0x04, 0xc4, 0xcc, 0x10, 0x34, 0xc3, 0x15, 0x57, 0x06, 0x97, + 0xee, 0x06, 0x2f, 0xf3, 0x24, 0xa1, 0xe6, 0x3a, 0x89, 0x4d, 0xb4, 0x7b, 0x12, 0x87, 0x90, 0x8c, + 0xfc, 0x5b, 0xb0, 0xf0, 0xdd, 0xaa, 0x3a, 0x24, 0x6d, 0x55, 0x47, 0x8a, 0xf2, 0x61, 0x08, 0x7a, + 0x59, 0x5f, 0x6e, 0x7b, 0xcb, 0x34, 0xbe, 0xb6, 0x5d, 0xcb, 0x60, 0xae, 0xc4, 0xda, 0x62, 0xbb, + 0x7f, 0x17, 0x1e, 0x73, 0xd1, 0x4e, 0x9f, 0x6e, 0xd3, 0xc8, 0x35, 0x58, 0x30, 0xd2, 0x89, 0xe5, + 0x22, 0x5e, 0x86, 0xac, 0x7a, 0x56, 0xd6, 0x70, 0xdb, 0x54, 0x10, 0x6c, 0xd3, 0xd5, 0x38, 0xfb, + 0x69, 0xcb, 0x4f, 0x36, 0x83, 0xc2, 0xe8, 0x31, 0x82, 0x09, 0x69, 0x30, 0x82, 0x09, 0x65, 0x02, + 0x01, 0x01, 0x30, 0x27, 0x30, 0x13, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, + 0x08, 0x54, 0x65, 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x02, 0x10, 0x2c, 0x65, 0xcf, 0xcf, 0xdd, + 0x61, 0x7b, 0xa4, 0x41, 0xad, 0x26, 0x1b, 0x63, 0xce, 0x91, 0x0f, 0x30, 0x0d, 0x06, 0x09, 0x60, + 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0xa0, 0x5e, 0x30, 0x10, 0x06, 0x0a, + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x0c, 0x31, 0x02, 0x30, 0x00, 0x30, 0x19, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x03, 0x31, 0x0c, 0x06, 0x0a, 0x2b, + 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x04, 0x30, 0x2f, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x04, 0x31, 0x22, 0x04, 0x20, 0x97, 0x6e, 0x29, 0x47, 0xc4, 0x03, + 0x68, 0x70, 0x1c, 0x99, 0x2c, 0x61, 0xb0, 0xbc, 0xde, 0x77, 0xe1, 0xa1, 0xeb, 0x4c, 0x1c, 0xac, + 0x4c, 0x64, 0xf6, 0x43, 0x96, 0x94, 0x0b, 0xc0, 0xbb, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x81, 0x80, 0x85, 0x93, 0xad, 0x93, + 0x92, 0x9e, 0xa4, 0x94, 0x30, 0x02, 0xe1, 0xc8, 0xcd, 0x37, 0xb2, 0xe1, 0xcb, 0xb2, 0x0f, 0x1c, + 0x67, 0xd1, 0xc9, 0xeb, 0x4d, 0x68, 0x85, 0x97, 0x5a, 0xa6, 0x0c, 0x03, 0xc7, 0x86, 0xae, 0xb3, + 0x35, 0xb4, 0x1d, 0x0e, 0x95, 0x5f, 0xed, 0x37, 0x13, 0x6b, 0x1e, 0x94, 0x80, 0xf1, 0xac, 0x55, + 0x73, 0xd1, 0x31, 0xf9, 0xad, 0x13, 0x7b, 0x26, 0xbf, 0xe7, 0x55, 0x7b, 0xb2, 0xf9, 0x21, 0x42, + 0x23, 0x64, 0xe6, 0x45, 0x03, 0x67, 0xcb, 0x42, 0xd3, 0x71, 0x3f, 0xd5, 0x29, 0x17, 0x4b, 0x49, + 0x45, 0x0e, 0x8b, 0xba, 0x1f, 0x15, 0x5a, 0x7f, 0x7b, 0x5e, 0x9b, 0x22, 0x46, 0xa7, 0x9c, 0x0d, + 0x25, 0x9c, 0x76, 0x25, 0x02, 0xc8, 0x15, 0x00, 0x51, 0xe6, 0x73, 0x39, 0xac, 0x8d, 0x41, 0x7b, + 0xc8, 0x42, 0xc9, 0xdb, 0x1b, 0x16, 0x13, 0xf6, 0x44, 0x32, 0xef, 0x17, 0xa1, 0x82, 0x08, 0x34, + 0x30, 0x82, 0x08, 0x30, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x03, 0x03, 0x01, + 0x31, 0x82, 0x08, 0x20, + 0x30, 0x82, 0x08, 0x1c, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, + 0x82, 0x08, 0x0d, 0x30, 0x82, 0x08, 0x09, 0x02, 0x01, 0x03, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x05, + 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x30, 0x81, 0xf6, 0x06, 0x0b, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01, 0x04, 0xa0, 0x81, 0xe6, 0x04, 0x81, 0xe3, 0x30, 0x81, 0xe0, + 0x02, 0x01, 0x01, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xb2, 0x31, 0x02, 0x01, 0x01, 0x30, + 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0xcd, 0x06, + 0xf0, 0xbd, 0x8b, 0xcd, 0x5c, 0x2e, 0x5a, 0x7c, 0x42, 0x56, 0x2c, 0x20, 0x4a, 0x15, 0xcb, 0x1d, + 0x8b, 0x0e, 0x02, 0x15, 0x00, 0xb6, 0xff, 0x47, 0x05, 0xb6, 0x2d, 0x15, 0xac, 0x3f, 0x5d, 0xd9, + 0xcf, 0x9d, 0x54, 0x35, 0x56, 0x7c, 0xc1, 0x6e, 0x8b, 0x18, 0x0f, 0x32, 0x30, 0x31, 0x34, 0x30, + 0x37, 0x32, 0x38, 0x30, 0x38, 0x35, 0x30, 0x30, 0x33, 0x5a, 0xa0, 0x81, 0x83, 0xa4, 0x81, 0x80, + 0x30, 0x7e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, + 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x12, 0x47, 0x72, 0x65, 0x61, 0x74, 0x65, + 0x72, 0x20, 0x4d, 0x61, 0x6e, 0x63, 0x68, 0x65, 0x73, 0x74, 0x65, 0x72, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x53, 0x61, 0x6c, 0x66, 0x6f, 0x72, 0x64, 0x31, 0x1a, + 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x11, 0x43, 0x4f, 0x4d, 0x4f, 0x44, 0x4f, 0x20, + 0x43, 0x41, 0x20, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x65, 0x64, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x13, 0x1b, 0x43, 0x4f, 0x4d, 0x4f, 0x44, 0x4f, 0x20, 0x54, 0x69, 0x6d, 0x65, + 0x20, 0x53, 0x74, 0x61, 0x6d, 0x70, 0x69, 0x6e, 0x67, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x65, 0x72, + 0xa0, 0x82, 0x04, 0x97, 0x30, 0x82, 0x04, 0x93, 0x30, 0x82, 0x03, 0x7b, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x10, 0x47, 0x8a, 0x8e, 0xfb, 0x59, 0xe1, 0xd8, 0x3f, 0x0c, 0xe1, 0x42, 0xd2, 0xa2, + 0x87, 0x07, 0xbe, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, + 0x05, 0x00, 0x30, 0x81, 0x95, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x02, 0x55, 0x54, 0x31, + 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x0e, 0x53, 0x61, 0x6c, 0x74, 0x20, 0x4c, + 0x61, 0x6b, 0x65, 0x20, 0x43, 0x69, 0x74, 0x79, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, + 0x0a, 0x13, 0x15, 0x54, 0x68, 0x65, 0x20, 0x55, 0x53, 0x45, 0x52, 0x54, 0x52, 0x55, 0x53, 0x54, + 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, + 0x0b, 0x13, 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x75, 0x73, + 0x65, 0x72, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1d, 0x30, 0x1b, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x13, 0x14, 0x55, 0x54, 0x4e, 0x2d, 0x55, 0x53, 0x45, 0x52, 0x46, 0x69, + 0x72, 0x73, 0x74, 0x2d, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x30, + 0x30, 0x35, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x31, 0x35, 0x30, + 0x35, 0x31, 0x30, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x7e, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x13, 0x12, 0x47, 0x72, 0x65, 0x61, 0x74, 0x65, 0x72, 0x20, 0x4d, 0x61, 0x6e, 0x63, + 0x68, 0x65, 0x73, 0x74, 0x65, 0x72, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, + 0x07, 0x53, 0x61, 0x6c, 0x66, 0x6f, 0x72, 0x64, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, + 0x0a, 0x13, 0x11, 0x43, 0x4f, 0x4d, 0x4f, 0x44, 0x4f, 0x20, 0x43, 0x41, 0x20, 0x4c, 0x69, 0x6d, + 0x69, 0x74, 0x65, 0x64, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1b, 0x43, + 0x4f, 0x4d, 0x4f, 0x44, 0x4f, 0x20, 0x54, 0x69, 0x6d, 0x65, 0x20, 0x53, 0x74, 0x61, 0x6d, 0x70, + 0x69, 0x6e, 0x67, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x65, 0x72, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, + 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbc, 0x35, 0xa0, 0x36, 0x70, + 0x22, 0x81, 0x11, 0xc3, 0xb2, 0x83, 0xb9, 0xd3, 0x28, 0xc6, 0x36, 0xcd, 0x25, 0x6b, 0xa9, 0x7b, + 0xb2, 0x1c, 0xf6, 0x9b, 0x51, 0x9c, 0xef, 0x35, 0xf4, 0xed, 0x08, 0x8e, 0x5e, 0x38, 0x08, 0xf8, + 0x77, 0x3c, 0x0a, 0x42, 0xe0, 0xf3, 0x70, 0xdc, 0xa3, 0xd7, 0xca, 0xf5, 0x4c, 0x0b, 0xcf, 0xff, + 0x22, 0x9c, 0x0a, 0x7e, 0x68, 0xd6, 0x09, 0xa2, 0x2a, 0x84, 0x7b, 0xa6, 0x9d, 0xb4, 0xa9, 0xc1, + 0x33, 0xe2, 0xef, 0x1f, 0x17, 0x48, 0xca, 0x3a, 0xcd, 0x46, 0xe6, 0xc5, 0xaa, 0x77, 0xbd, 0xe3, + 0x77, 0x9a, 0xfa, 0x47, 0x53, 0x40, 0x28, 0x59, 0x43, 0x93, 0xf1, 0xa4, 0x81, 0xea, 0xef, 0x80, + 0xb5, 0x4f, 0xa7, 0x08, 0xce, 0xba, 0x6e, 0xbc, 0xca, 0x76, 0x0c, 0x97, 0x64, 0x59, 0x86, 0x24, + 0xbb, 0x3d, 0x82, 0x90, 0xa8, 0x55, 0xb1, 0x92, 0xd3, 0xa0, 0xa7, 0x05, 0xac, 0x9f, 0x53, 0x25, + 0x08, 0x10, 0x47, 0x99, 0xcd, 0x98, 0xde, 0x68, 0xe5, 0xb4, 0x50, 0x78, 0xa3, 0xaf, 0x01, 0xcc, + 0x59, 0x43, 0x58, 0xe4, 0x76, 0x6e, 0x7e, 0xac, 0xc7, 0xe2, 0x9e, 0x1f, 0x4f, 0xb0, 0x47, 0x2d, + 0xc8, 0x0c, 0xa3, 0x49, 0x27, 0x80, 0x75, 0x8c, 0xbb, 0x06, 0x91, 0x65, 0x0f, 0x90, 0x9b, 0xf4, + 0xba, 0xd1, 0x81, 0xc8, 0x5c, 0x6a, 0xec, 0x14, 0xe9, 0x25, 0x09, 0xbf, 0x23, 0x16, 0xf4, 0x95, + 0x46, 0x40, 0x40, 0x21, 0xbb, 0x83, 0x96, 0xfd, 0x86, 0x1f, 0x7a, 0xc8, 0x0d, 0x10, 0x8e, 0xa2, + 0xf8, 0x19, 0x07, 0x58, 0x7f, 0x9f, 0xbd, 0x37, 0x02, 0x60, 0xf2, 0xa4, 0xe9, 0x9d, 0x44, 0x3f, + 0x30, 0x05, 0xe4, 0xa7, 0x70, 0x99, 0x51, 0x9a, 0xe8, 0x17, 0xf1, 0x55, 0xca, 0xb2, 0x61, 0x89, + 0x65, 0x46, 0xa7, 0x6a, 0xf2, 0x58, 0x46, 0x7e, 0xaa, 0xa0, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, + 0xa3, 0x81, 0xf4, 0x30, 0x81, 0xf1, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, + 0x16, 0x80, 0x14, 0xda, 0xed, 0x64, 0x74, 0x14, 0x9c, 0x14, 0x3c, 0xab, 0xdd, 0x99, 0xa9, 0xbd, + 0x5b, 0x28, 0x4d, 0x8b, 0x3c, 0xc9, 0xd8, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, + 0x04, 0x14, 0x2e, 0x2d, 0xb0, 0x0a, 0x44, 0x4a, 0xd3, 0x87, 0xc0, 0x02, 0x07, 0xce, 0x97, 0x7d, + 0x50, 0x62, 0x20, 0xfd, 0x0f, 0x83, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, + 0x04, 0x04, 0x03, 0x02, 0x06, 0xc0, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, + 0x04, 0x02, 0x30, 0x00, 0x30, 0x16, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x0c, + 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08, 0x30, 0x42, 0x06, 0x03, + 0x55, 0x1d, 0x1f, 0x04, 0x3b, 0x30, 0x39, 0x30, 0x37, 0xa0, 0x35, 0xa0, 0x33, 0x86, 0x31, 0x68, + 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x72, + 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x55, 0x54, 0x4e, 0x2d, 0x55, 0x53, 0x45, 0x52, + 0x46, 0x69, 0x72, 0x73, 0x74, 0x2d, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x2e, 0x63, 0x72, 0x6c, + 0x30, 0x35, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x29, 0x30, 0x27, + 0x30, 0x25, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x19, 0x68, 0x74, + 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x72, + 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xc8, 0xfb, 0x63, 0xf8, 0x0b, + 0x75, 0x75, 0x2c, 0x3a, 0xf1, 0xf2, 0x13, 0xa7, 0x2d, 0xb6, 0xa3, 0x1a, 0x9c, 0xad, 0x01, 0x07, + 0xd3, 0x34, 0x8e, 0x77, 0xe0, 0xc2, 0x6e, 0xae, 0x02, 0x5d, 0x48, 0x4f, 0xa4, 0xd2, 0x21, 0xb6, + 0x36, 0xfd, 0x2a, 0x35, 0x43, 0x7c, 0x6b, 0xdf, 0x80, 0x87, 0x0b, 0x15, 0xf0, 0x76, 0x32, 0x00, + 0xb4, 0xce, 0xb5, 0x67, 0xa4, 0x2f, 0x2f, 0x20, 0x1b, 0x9c, 0x54, 0x9e, 0x83, 0x3f, 0x1f, 0x5f, + 0x14, 0x95, 0x62, 0x82, 0x0f, 0x22, 0x41, 0x22, 0x1f, 0x70, 0xb3, 0xf3, 0xf7, 0x42, 0xde, 0x6c, + 0x51, 0xcd, 0x4b, 0xf8, 0x21, 0xac, 0x9b, 0x3b, 0x8c, 0xb1, 0xe5, 0xe6, 0x28, 0x8f, 0xce, 0x2a, + 0x8a, 0xf9, 0xaa, 0x52, 0x4d, 0x8c, 0x5b, 0x77, 0xba, 0x4d, 0x5a, 0x58, 0xdb, 0xbb, 0x6a, 0x04, + 0xcc, 0x52, 0x1e, 0x9d, 0xe2, 0x28, 0x37, 0x0e, 0xbb, 0xe7, 0x0e, 0x91, 0xc7, 0xf8, 0xdb, 0xf1, + 0x81, 0x98, 0xeb, 0xcd, 0x37, 0xb3, 0x0e, 0xab, 0x65, 0xd3, 0x62, 0xec, 0x3a, 0xa5, 0x76, 0xeb, + 0x13, 0xa8, 0x35, 0x93, 0xc9, 0x2e, 0x0a, 0x01, 0xec, 0xc0, 0xe8, 0xcc, 0x3d, 0x7e, 0xb6, 0xeb, + 0xe2, 0xc1, 0xec, 0xd3, 0x14, 0x92, 0x82, 0x66, 0x87, 0x50, 0xdc, 0xfd, 0x50, 0x97, 0xac, 0xb3, + 0x4a, 0x76, 0x73, 0x06, 0xc4, 0x86, 0x11, 0x3a, 0xb3, 0x5f, 0x43, 0x04, 0x52, 0x6f, 0xea, 0xb3, + 0xd0, 0x74, 0x36, 0x4c, 0xca, 0xf1, 0x1b, 0x79, 0x84, 0x37, 0x70, 0x63, 0xad, 0x74, 0xb9, 0xaa, + 0x0e, 0xf3, 0x98, 0xb0, 0x86, 0x08, 0xeb, 0xdb, 0xe0, 0x1f, 0x8c, 0x10, 0xf2, 0x39, 0x64, 0x9b, + 0xae, 0x4f, 0x0a, 0x2c, 0x92, 0x8a, 0x4f, 0x18, 0xb5, 0x91, 0xe5, 0x8d, 0x1a, 0x93, 0x5f, 0x1f, + 0xae, 0xf1, 0xa6, 0xf0, 0x2e, 0x97, 0xd0, 0xd2, 0xf6, 0x2b, 0x3c, 0x31, 0x82, 0x02, 0x61, 0x30, + 0x82, 0x02, 0x5d, 0x02, 0x01, 0x01, 0x30, 0x81, 0xaa, 0x30, 0x81, 0x95, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x13, 0x02, 0x55, 0x54, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, + 0x0e, 0x53, 0x61, 0x6c, 0x74, 0x20, 0x4c, 0x61, 0x6b, 0x65, 0x20, 0x43, 0x69, 0x74, 0x79, 0x31, + 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x54, 0x68, 0x65, 0x20, 0x55, 0x53, + 0x45, 0x52, 0x54, 0x52, 0x55, 0x53, 0x54, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, + 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, + 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, + 0x6f, 0x6d, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x14, 0x55, 0x54, 0x4e, + 0x2d, 0x55, 0x53, 0x45, 0x52, 0x46, 0x69, 0x72, 0x73, 0x74, 0x2d, 0x4f, 0x62, 0x6a, 0x65, 0x63, + 0x74, 0x02, 0x10, 0x47, 0x8a, 0x8e, 0xfb, 0x59, 0xe1, 0xd8, 0x3f, 0x0c, 0xe1, 0x42, 0xd2, 0xa2, + 0x87, 0x07, 0xbe, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0xa0, 0x81, + 0x8c, 0x30, 0x1a, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x03, 0x31, 0x0d, + 0x06, 0x0b, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01, 0x04, 0x30, 0x1c, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x05, 0x31, 0x0f, 0x17, 0x0d, 0x31, 0x34, + 0x30, 0x37, 0x32, 0x38, 0x30, 0x38, 0x35, 0x30, 0x30, 0x33, 0x5a, 0x30, 0x23, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x04, 0x31, 0x16, 0x04, 0x14, 0x7a, 0xad, 0x35, 0xdc, + 0x5b, 0xd6, 0x00, 0xd7, 0x44, 0xac, 0x80, 0x8f, 0x4f, 0xb6, 0xb4, 0x03, 0x62, 0x34, 0x53, 0xdc, + 0x30, 0x2b, 0x06, 0x0b, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x02, 0x0c, 0x31, + 0x1c, 0x30, 0x1a, 0x30, 0x18, 0x30, 0x16, 0x04, 0x14, 0x3d, 0xbb, 0x6d, 0xb5, 0x08, 0x5c, 0x6d, + 0xd5, 0xa1, 0xca, 0x7f, 0x9c, 0xf8, 0x4e, 0xcb, 0x1a, 0x39, 0x10, 0xca, 0xc8, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x01, 0x00, + 0x73, 0x64, 0xb9, 0xa3, 0x54, 0x6f, 0x50, 0x97, 0x01, 0xa7, 0xf6, 0x0d, 0xb8, 0xce, 0x4b, 0xaa, + 0x43, 0xa2, 0x8f, 0xa3, 0xea, 0x93, 0xf2, 0xa3, 0xd0, 0x46, 0xde, 0xdd, 0x45, 0xe5, 0x94, 0x5a, + 0x45, 0xc2, 0x13, 0x1b, 0x90, 0x9b, 0xcf, 0x73, 0xcd, 0x28, 0x70, 0xf0, 0xf4, 0x54, 0xb5, 0x2d, + 0x31, 0xf9, 0xf3, 0x2d, 0x38, 0x78, 0xfe, 0x68, 0xea, 0x3c, 0xc0, 0xbe, 0x0b, 0x5a, 0x91, 0x49, + 0x63, 0xeb, 0x26, 0x32, 0x5b, 0x86, 0xcf, 0xe5, 0x8a, 0xa5, 0x9d, 0xe6, 0x4b, 0x57, 0x91, 0x8f, + 0x3c, 0xdc, 0xa6, 0x53, 0xd8, 0xdb, 0x8a, 0xfd, 0x3e, 0x7e, 0x19, 0x6f, 0x27, 0x72, 0x95, 0xc2, + 0x79, 0x73, 0xdf, 0xfb, 0x08, 0x5c, 0x5b, 0xc8, 0xb7, 0x94, 0x75, 0x88, 0x7a, 0x9a, 0x85, 0x9f, + 0x1b, 0xa3, 0x98, 0x30, 0x91, 0xee, 0xc0, 0x52, 0xd2, 0x75, 0x9c, 0xcb, 0x45, 0x0d, 0x94, 0x43, + 0x67, 0x7a, 0x49, 0x1c, 0xb1, 0x89, 0x9d, 0x6e, 0xfa, 0x87, 0xd2, 0x4d, 0x6e, 0x74, 0x90, 0xf5, + 0x80, 0x8c, 0x92, 0xda, 0xd9, 0xa1, 0x48, 0x20, 0x31, 0x02, 0x79, 0xde, 0xe3, 0xbd, 0x09, 0x04, + 0xa8, 0xd4, 0x99, 0xd7, 0x3b, 0xea, 0xf8, 0xdf, 0xb3, 0xb9, 0xd7, 0xa3, 0x36, 0xa1, 0xdb, 0xd3, + 0xec, 0x65, 0x8c, 0xb8, 0x8f, 0xfb, 0xd6, 0xef, 0x9c, 0x32, 0x3e, 0xab, 0x20, 0x74, 0xb9, 0x65, + 0x4c, 0xc6, 0x15, 0x2f, 0x31, 0x2a, 0x34, 0x3e, 0x84, 0x09, 0xb4, 0x75, 0xbc, 0xbe, 0xaf, 0xb3, + 0x9e, 0x85, 0xf1, 0xbb, 0x99, 0x1a, 0x07, 0xbd, 0x20, 0xa6, 0xed, 0xcf, 0xd1, 0xa6, 0x9a, 0x22, + 0xb2, 0x6d, 0x75, 0xf4, 0x23, 0x58, 0x13, 0x78, 0x73, 0x1a, 0xb2, 0x84, 0xde, 0xad, 0xe8, 0x6d, + 0xe6, 0xe7, 0x5c, 0xb6, 0xe6, 0x5b, 0x10, 0x37, 0x1f, 0xe3, 0x6e, 0xbd, 0x83, 0xd7, 0x51, 0xb1, + 0x00, 0x00, 0x00, 0x00, 0x0a +}; + +// +// The Comodo Time Stamping Signer Certificate Used for the verification of TimeStamp signature. +// +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 TSTrustedCert[] = { + 0x30, 0x82, 0x04, 0x93, 0x30, 0x82, 0x03, 0x7b, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x47, + 0x8a, 0x8e, 0xfb, 0x59, 0xe1, 0xd8, 0x3f, 0x0c, 0xe1, 0x42, 0xd2, 0xa2, 0x87, 0x07, 0xbe, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x81, + 0x95, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x02, 0x55, 0x54, 0x31, 0x17, 0x30, 0x15, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x13, 0x0e, 0x53, 0x61, 0x6c, 0x74, 0x20, 0x4c, 0x61, 0x6b, 0x65, 0x20, + 0x43, 0x69, 0x74, 0x79, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x54, + 0x68, 0x65, 0x20, 0x55, 0x53, 0x45, 0x52, 0x54, 0x52, 0x55, 0x53, 0x54, 0x20, 0x4e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x18, 0x68, + 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x72, + 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x13, 0x14, 0x55, 0x54, 0x4e, 0x2d, 0x55, 0x53, 0x45, 0x52, 0x46, 0x69, 0x72, 0x73, 0x74, 0x2d, + 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x30, 0x30, 0x35, 0x31, 0x30, + 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x31, 0x35, 0x30, 0x35, 0x31, 0x30, 0x32, + 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x7e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x12, + 0x47, 0x72, 0x65, 0x61, 0x74, 0x65, 0x72, 0x20, 0x4d, 0x61, 0x6e, 0x63, 0x68, 0x65, 0x73, 0x74, + 0x65, 0x72, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x53, 0x61, 0x6c, + 0x66, 0x6f, 0x72, 0x64, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x11, 0x43, + 0x4f, 0x4d, 0x4f, 0x44, 0x4f, 0x20, 0x43, 0x41, 0x20, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x65, 0x64, + 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1b, 0x43, 0x4f, 0x4d, 0x4f, 0x44, + 0x4f, 0x20, 0x54, 0x69, 0x6d, 0x65, 0x20, 0x53, 0x74, 0x61, 0x6d, 0x70, 0x69, 0x6e, 0x67, 0x20, + 0x53, 0x69, 0x67, 0x6e, 0x65, 0x72, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, + 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbc, 0x35, 0xa0, 0x36, 0x70, 0x22, 0x81, 0x11, 0xc3, + 0xb2, 0x83, 0xb9, 0xd3, 0x28, 0xc6, 0x36, 0xcd, 0x25, 0x6b, 0xa9, 0x7b, 0xb2, 0x1c, 0xf6, 0x9b, + 0x51, 0x9c, 0xef, 0x35, 0xf4, 0xed, 0x08, 0x8e, 0x5e, 0x38, 0x08, 0xf8, 0x77, 0x3c, 0x0a, 0x42, + 0xe0, 0xf3, 0x70, 0xdc, 0xa3, 0xd7, 0xca, 0xf5, 0x4c, 0x0b, 0xcf, 0xff, 0x22, 0x9c, 0x0a, 0x7e, + 0x68, 0xd6, 0x09, 0xa2, 0x2a, 0x84, 0x7b, 0xa6, 0x9d, 0xb4, 0xa9, 0xc1, 0x33, 0xe2, 0xef, 0x1f, + 0x17, 0x48, 0xca, 0x3a, 0xcd, 0x46, 0xe6, 0xc5, 0xaa, 0x77, 0xbd, 0xe3, 0x77, 0x9a, 0xfa, 0x47, + 0x53, 0x40, 0x28, 0x59, 0x43, 0x93, 0xf1, 0xa4, 0x81, 0xea, 0xef, 0x80, 0xb5, 0x4f, 0xa7, 0x08, + 0xce, 0xba, 0x6e, 0xbc, 0xca, 0x76, 0x0c, 0x97, 0x64, 0x59, 0x86, 0x24, 0xbb, 0x3d, 0x82, 0x90, + 0xa8, 0x55, 0xb1, 0x92, 0xd3, 0xa0, 0xa7, 0x05, 0xac, 0x9f, 0x53, 0x25, 0x08, 0x10, 0x47, 0x99, + 0xcd, 0x98, 0xde, 0x68, 0xe5, 0xb4, 0x50, 0x78, 0xa3, 0xaf, 0x01, 0xcc, 0x59, 0x43, 0x58, 0xe4, + 0x76, 0x6e, 0x7e, 0xac, 0xc7, 0xe2, 0x9e, 0x1f, 0x4f, 0xb0, 0x47, 0x2d, 0xc8, 0x0c, 0xa3, 0x49, + 0x27, 0x80, 0x75, 0x8c, 0xbb, 0x06, 0x91, 0x65, 0x0f, 0x90, 0x9b, 0xf4, 0xba, 0xd1, 0x81, 0xc8, + 0x5c, 0x6a, 0xec, 0x14, 0xe9, 0x25, 0x09, 0xbf, 0x23, 0x16, 0xf4, 0x95, 0x46, 0x40, 0x40, 0x21, + 0xbb, 0x83, 0x96, 0xfd, 0x86, 0x1f, 0x7a, 0xc8, 0x0d, 0x10, 0x8e, 0xa2, 0xf8, 0x19, 0x07, 0x58, + 0x7f, 0x9f, 0xbd, 0x37, 0x02, 0x60, 0xf2, 0xa4, 0xe9, 0x9d, 0x44, 0x3f, 0x30, 0x05, 0xe4, 0xa7, + 0x70, 0x99, 0x51, 0x9a, 0xe8, 0x17, 0xf1, 0x55, 0xca, 0xb2, 0x61, 0x89, 0x65, 0x46, 0xa7, 0x6a, + 0xf2, 0x58, 0x46, 0x7e, 0xaa, 0xa0, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xf4, 0x30, + 0x81, 0xf1, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xda, + 0xed, 0x64, 0x74, 0x14, 0x9c, 0x14, 0x3c, 0xab, 0xdd, 0x99, 0xa9, 0xbd, 0x5b, 0x28, 0x4d, 0x8b, + 0x3c, 0xc9, 0xd8, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x2e, 0x2d, + 0xb0, 0x0a, 0x44, 0x4a, 0xd3, 0x87, 0xc0, 0x02, 0x07, 0xce, 0x97, 0x7d, 0x50, 0x62, 0x20, 0xfd, + 0x0f, 0x83, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, + 0x06, 0xc0, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08, 0x30, 0x42, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, + 0x3b, 0x30, 0x39, 0x30, 0x37, 0xa0, 0x35, 0xa0, 0x33, 0x86, 0x31, 0x68, 0x74, 0x74, 0x70, 0x3a, + 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, + 0x63, 0x6f, 0x6d, 0x2f, 0x55, 0x54, 0x4e, 0x2d, 0x55, 0x53, 0x45, 0x52, 0x46, 0x69, 0x72, 0x73, + 0x74, 0x2d, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x35, 0x06, 0x08, + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x29, 0x30, 0x27, 0x30, 0x25, 0x06, 0x08, + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x19, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, + 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, + 0x63, 0x6f, 0x6d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, + 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xc8, 0xfb, 0x63, 0xf8, 0x0b, 0x75, 0x75, 0x2c, 0x3a, + 0xf1, 0xf2, 0x13, 0xa7, 0x2d, 0xb6, 0xa3, 0x1a, 0x9c, 0xad, 0x01, 0x07, 0xd3, 0x34, 0x8e, 0x77, + 0xe0, 0xc2, 0x6e, 0xae, 0x02, 0x5d, 0x48, 0x4f, 0xa4, 0xd2, 0x21, 0xb6, 0x36, 0xfd, 0x2a, 0x35, + 0x43, 0x7c, 0x6b, 0xdf, 0x80, 0x87, 0x0b, 0x15, 0xf0, 0x76, 0x32, 0x00, 0xb4, 0xce, 0xb5, 0x67, + 0xa4, 0x2f, 0x2f, 0x20, 0x1b, 0x9c, 0x54, 0x9e, 0x83, 0x3f, 0x1f, 0x5f, 0x14, 0x95, 0x62, 0x82, + 0x0f, 0x22, 0x41, 0x22, 0x1f, 0x70, 0xb3, 0xf3, 0xf7, 0x42, 0xde, 0x6c, 0x51, 0xcd, 0x4b, 0xf8, + 0x21, 0xac, 0x9b, 0x3b, 0x8c, 0xb1, 0xe5, 0xe6, 0x28, 0x8f, 0xce, 0x2a, 0x8a, 0xf9, 0xaa, 0x52, + 0x4d, 0x8c, 0x5b, 0x77, 0xba, 0x4d, 0x5a, 0x58, 0xdb, 0xbb, 0x6a, 0x04, 0xcc, 0x52, 0x1e, 0x9d, + 0xe2, 0x28, 0x37, 0x0e, 0xbb, 0xe7, 0x0e, 0x91, 0xc7, 0xf8, 0xdb, 0xf1, 0x81, 0x98, 0xeb, 0xcd, + 0x37, 0xb3, 0x0e, 0xab, 0x65, 0xd3, 0x62, 0xec, 0x3a, 0xa5, 0x76, 0xeb, 0x13, 0xa8, 0x35, 0x93, + 0xc9, 0x2e, 0x0a, 0x01, 0xec, 0xc0, 0xe8, 0xcc, 0x3d, 0x7e, 0xb6, 0xeb, 0xe2, 0xc1, 0xec, 0xd3, + 0x14, 0x92, 0x82, 0x66, 0x87, 0x50, 0xdc, 0xfd, 0x50, 0x97, 0xac, 0xb3, 0x4a, 0x76, 0x73, 0x06, + 0xc4, 0x86, 0x11, 0x3a, 0xb3, 0x5f, 0x43, 0x04, 0x52, 0x6f, 0xea, 0xb3, 0xd0, 0x74, 0x36, 0x4c, + 0xca, 0xf1, 0x1b, 0x79, 0x84, 0x37, 0x70, 0x63, 0xad, 0x74, 0xb9, 0xaa, 0x0e, 0xf3, 0x98, 0xb0, + 0x86, 0x08, 0xeb, 0xdb, 0xe0, 0x1f, 0x8c, 0x10, 0xf2, 0x39, 0x64, 0x9b, 0xae, 0x4f, 0x0a, 0x2c, + 0x92, 0x8a, 0x4f, 0x18, 0xb5, 0x91, 0xe5, 0x8d, 0x1a, 0x93, 0x5f, 0x1f, 0xae, 0xf1, 0xa6, 0xf0, + 0x2e, 0x97, 0xd0, 0xd2, 0xf6, 0x2b, 0x3c, 0x0a +}; + +/** + Validate MSFT Authenticode & Timestamping CounterSignature. + + @retval TRUE Validation succeeded. + @retval FALSE Validation failed. + +**/ +BOOLEAN +VerifyTSCounterSignature ( + VOID + ) +{ + BOOLEAN Status; + EFI_TIME SigningTime; + + Status = FALSE; + + Print (L"\n- Verify RFC3161 TimeStamp CounterSignature in PE/COFF Authenticode ... "); + // + // Verify RFC3161 Timestamp CounterSignature. + // + Status = ImageTimestampVerify ( + AuthenticodeWithTS, + sizeof (AuthenticodeWithTS), + TSTrustedCert, + sizeof (TSTrustedCert), + &SigningTime + ); + if (Status) { + Print (L"[Pass]\n"); + Print (L" --> The PE/COFF was signed at <%t>", &SigningTime); + } else { + Print (L"[Fail]"); + } + + return Status; +} + +/** + Validate UEFI-OpenSSL RFC3161 Timestamp CounterSignature Verification Interfaces. + + @retval EFI_SUCCESS Validation succeeded. + @retval EFI_ABORTED Validation failed. + +**/ +EFI_STATUS +ValidateTSCounterSignature ( + VOID + ) +{ + BOOLEAN Status; + + Print (L"\nUEFI-OpenSSL RFC3161 Timestamp Signature Testing: "); + + Status = VerifyTSCounterSignature (); + + Print (L"\n"); + + if (Status) { + return EFI_SUCCESS; + } else { + return EFI_ABORTED; + } +} diff --git a/DeviceSecurityTestPkg/Test/DeployCert/DeployCert.c b/DeviceSecurityTestPkg/Test/DeployCert/DeployCert.c new file mode 100644 index 00000000000..c2fd9c655e7 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/DeployCert/DeployCert.c @@ -0,0 +1,655 @@ +/** @file + EDKII DeployCert + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define SHA256_HASH_SIZE 32 +#define SHA384_HASH_SIZE 48 +#define SHA512_HASH_SIZE 64 + +extern UINT8 TestRootCer[]; +extern UINTN TestRootCerSize; + +extern UINT8 TestCertChain[]; +extern UINTN TestCertChainSize; + +extern UINT8 TestRootKey[]; +extern UINTN TestRootKeySize; + +extern UINT8 TestRootCer2[]; +extern UINTN TestRootCer2Size; + +extern UINT8 TestCertChain2[]; +extern UINTN TestCertChain2Size; + +extern UINT8 TestRootKey2[]; +extern UINTN TestRootKey2Size; + +extern UINT8 TestRootCer3[]; +extern UINTN TestRootCer3Size; + +extern UINT8 TestCertChain3[]; +extern UINTN TestCertChain3Size; + +extern UINT8 TestRootKey3[]; +extern UINTN TestRootKey3Size; + +extern UINT8 TestRootCer4[]; +extern UINTN TestRootCer4Size; + +extern UINT8 TestCertChain4[]; +extern UINTN TestCertChain4Size; + +extern UINT8 TestRootKey4[]; +extern UINTN TestRootKey4Size; + +extern UINT8 EccTestRootCer[]; +extern UINTN EccTestRootCerSize; + +extern UINT8 EccTestCertChain[]; +extern UINTN EccTestCertChainSize; + +extern UINT8 EccTestRootKey[]; +extern UINTN EccTestRootKeySize; + +extern UINT8 EccTestRootCer2[]; +extern UINTN EccTestRootCer2Size; + +extern UINT8 EccTestCertChain2[]; +extern UINTN EccTestCertChain2Size; + +extern UINT8 EccTestRootKey2[]; +extern UINTN EccTestRootKey2Size; + +extern UINT8 EccTestRootCer3[]; +extern UINTN EccTestRootCer3Size; + +extern UINT8 EccTestCertChain3[]; +extern UINTN EccTestCertChain3Size; + +extern UINT8 EccTestRootKey3[]; +extern UINTN EccTestRootKey3Size; + +SHELL_PARAM_ITEM mParamList[] = { + { L"-P", TypeFlag }, + { L"-T", TypeValue }, + { NULL, TypeMax }, +}; + +typedef BOOLEAN (EFIAPI *ShaHashAllFunc)( + CONST VOID *Data, + UINTN DataSize, + UINT8 *HashValue + ); + +EFI_STATUS +EFIAPI +MeasureVariable ( + IN UINT32 PcrIndex, + IN UINT32 EventType, + IN CHAR16 *VarName, + IN EFI_GUID *VendorGuid, + IN VOID *VarData, + IN UINTN VarSize + ) +{ + EFI_STATUS Status; + UINTN VarNameLength; + UEFI_VARIABLE_DATA *VarLog; + UINT32 VarLogSize; + + ASSERT ((VarSize == 0 && VarData == NULL) || (VarSize != 0 && VarData != NULL)); + + VarNameLength = StrLen (VarName); + VarLogSize = (UINT32)(sizeof (*VarLog) + VarNameLength * sizeof (*VarName) + VarSize + - sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData)); + + VarLog = (UEFI_VARIABLE_DATA *)AllocateZeroPool (VarLogSize); + if (VarLog == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + CopyMem (&VarLog->VariableName, VendorGuid, sizeof (VarLog->VariableName)); + VarLog->UnicodeNameLength = VarNameLength; + VarLog->VariableDataLength = VarSize; + CopyMem ( + VarLog->UnicodeName, + VarName, + VarNameLength * sizeof (*VarName) + ); + if (VarSize != 0) { + CopyMem ( + (CHAR16 *)VarLog->UnicodeName + VarNameLength, + VarData, + VarSize + ); + } + + DEBUG ((EFI_D_INFO, "VariableDxe: MeasureVariable (Pcr - %x, EventType - %x, ", (UINTN)7, (UINTN)EV_EFI_SPDM_DEVICE_POLICY)); + DEBUG ((EFI_D_INFO, "VariableName - %s, VendorGuid - %g)\n", VarName, VendorGuid)); + + Status = TpmMeasureAndLogData ( + PcrIndex, + EventType, + VarLog, + VarLogSize, + VarLog, + VarLogSize + ); + FreePool (VarLog); + return Status; +} + +EFI_STATUS +EFIAPI +DeleteNvIndex ( + UINT32 Index + ) +{ + EFI_STATUS Status; + + Status = Tpm2NvUndefineSpace (TPM_RH_OWNER, Index, NULL); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Delete TPM NV index failed, Index: %x, Status: %r\n", Index, Status)); + } + + return Status; +} + +EFI_STATUS +EFIAPI +CreateNvIndex ( + TPMI_RH_NV_INDEX NvIndex, + TPMI_ALG_HASH HashAlg + ) +{ + EFI_STATUS Status; + TPMI_RH_PROVISION AuthHandle; + TPM2B_NV_PUBLIC PublicInfo; + TPM2B_AUTH NullAuth; + TPM2B_NAME PubName; + UINT16 DataSize; + + Status = Tpm2NvReadPublic (NvIndex, &PublicInfo, &PubName); + if ((Status != EFI_SUCCESS) && (Status != EFI_NOT_FOUND)) { + DEBUG ((DEBUG_ERROR, "%a - Failed to read the index! %r\n", __FUNCTION__, Status)); + Status = EFI_DEVICE_ERROR; + return Status; + } + + if (Status == EFI_SUCCESS) { + // Already defined, do nothing + Status = EFI_ALREADY_STARTED; + return Status; + } + + DataSize = GetHashSizeFromAlgo (HashAlg); + + ZeroMem (&PublicInfo, sizeof (PublicInfo)); + PublicInfo.size = sizeof (TPMI_RH_NV_INDEX) + + sizeof (TPMI_ALG_HASH) + + sizeof (TPMA_NV) + + sizeof (UINT16) + + sizeof (UINT16); + + PublicInfo.nvPublic.nvIndex = NvIndex; + PublicInfo.nvPublic.nameAlg = HashAlg; + PublicInfo.nvPublic.authPolicy.size = 0; + PublicInfo.nvPublic.dataSize = DataSize; + PublicInfo.nvPublic.attributes.TPMA_NV_PPWRITE = 1; + PublicInfo.nvPublic.attributes.TPMA_NV_EXTEND = 1; + PublicInfo.nvPublic.attributes.TPMA_NV_WRITEALL = 1; + PublicInfo.nvPublic.attributes.TPMA_NV_PPREAD = 1; + PublicInfo.nvPublic.attributes.TPMA_NV_OWNERREAD = 1; + PublicInfo.nvPublic.attributes.TPMA_NV_AUTHREAD = 1; + PublicInfo.nvPublic.attributes.TPMA_NV_POLICYREAD = 1; + PublicInfo.nvPublic.attributes.TPMA_NV_NO_DA = 1; + PublicInfo.nvPublic.attributes.TPMA_NV_ORDERLY = 1; + PublicInfo.nvPublic.attributes.TPMA_NV_CLEAR_STCLEAR = 1; + PublicInfo.nvPublic.attributes.TPMA_NV_PLATFORMCREATE = 1; + + AuthHandle = TPM_RH_PLATFORM; + ZeroMem (&NullAuth, sizeof (NullAuth)); + + return Tpm2NvDefineSpace ( + AuthHandle, + NULL, + &NullAuth, + &PublicInfo + ); +} + +EFI_STATUS +EFIAPI +ProvisionNvIndex ( + VOID + ) +{ + EFI_STATUS Status; + UINT16 DataSize; + TPMI_RH_NV_AUTH AuthHandle; + UINT16 Offset; + TPM2B_MAX_BUFFER OutData; + UINT16 Index; + + Status = CreateNvIndex ( + TCG_NV_EXTEND_INDEX_FOR_INSTANCE, + TPM_ALG_SHA256 + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "CreateNvIndex (INSTANCE) Status- %r\n", Status)); + } + + Status = CreateNvIndex ( + TCG_NV_EXTEND_INDEX_FOR_DYNAMIC, + TPM_ALG_SHA256 + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "CreateNvIndex (DYNAMIC) Status- %r\n", Status)); + } + + DataSize = GetHashSizeFromAlgo (TPM_ALG_SHA256); + Offset = 0; + + AuthHandle = TPM_RH_PLATFORM; + ZeroMem (&OutData, sizeof (OutData)); + Status = Tpm2NvRead ( + AuthHandle, + TCG_NV_EXTEND_INDEX_FOR_INSTANCE, + NULL, + DataSize, + Offset, + &OutData + ); + if (Status == EFI_SUCCESS) { + DEBUG ((DEBUG_ERROR, "NvIndex 0x%x\n", TCG_NV_EXTEND_INDEX_FOR_INSTANCE)); + DEBUG ((DEBUG_ERROR, "Data Size: 0x%x\n", OutData.size)); + for (Index = 0; Index < OutData.size; Index++ ) { + DEBUG ((DEBUG_ERROR, "%02x", OutData.buffer[Index])); + } + + DEBUG ((DEBUG_ERROR, "\n")); + } + + ZeroMem (&OutData, sizeof (OutData)); + Status = Tpm2NvRead ( + AuthHandle, + TCG_NV_EXTEND_INDEX_FOR_DYNAMIC, + NULL, + DataSize, + Offset, + &OutData + ); + if (Status == EFI_SUCCESS) { + DEBUG ((DEBUG_ERROR, "NvIndex 0x%x\n", TCG_NV_EXTEND_INDEX_FOR_DYNAMIC)); + DEBUG ((DEBUG_ERROR, "Data Size: 0x%x\n", OutData.size)); + for (Index = 0; Index < OutData.size; Index++ ) { + DEBUG ((DEBUG_ERROR, "%02x", OutData.buffer[Index])); + } + + DEBUG ((DEBUG_ERROR, "\n")); + } + + return Status; +} + +EFI_STATUS +EFIAPI +MainEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + SPDM_CERT_CHAIN *ResponderCertChain; + UINTN ResponderCertChainSize; + UINT8 *CertChain; + UINTN CertChainSize; + EFI_SIGNATURE_LIST *SignatureList; + EFI_SIGNATURE_LIST *DbList; + EFI_SIGNATURE_DATA *CertData; + UINTN SignatureListSize; + UINTN SignatureHeaderSize; + UINTN DbSize; + UINT8 *RootCert; + UINTN RootCertSize; + LIST_ENTRY *ParamPackage; + CHAR16 *TestConfigName; + UINT8 TestConfig; + UINTN HashSize; + ShaHashAllFunc ShaHashAll; + UINT8 *RootKey; + UINTN RootKeySize; + + Status = ShellCommandLineParse (mParamList, &ParamPackage, NULL, TRUE); + if (EFI_ERROR (Status)) { + Print (L"ERROR: Incorrect command line.\n"); + return Status; + } + + if (ShellCommandLineGetFlag (ParamPackage, L"-P")) { + Status = ProvisionNvIndex (); + Print (L"ProvisionNvIndex - Status %r\n", Status); + } + + TestConfigName = (CHAR16 *)ShellCommandLineGetValue (ParamPackage, L"-T"); + if (TestConfigName == NULL) { + TestConfig = 0; + } else { + TestConfig = (UINT8)StrDecimalToUintn (TestConfigName); + } + + Print (L"TestConfig - %d\n", TestConfig); + + Status = gRT->SetVariable ( + L"SpdmTestConfig", + &gEfiDeviceSecurityPkgTestConfig, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, + sizeof (UINT8), + &TestConfig + ); + + switch (TestConfig) { + case TEST_CONFIG_NO_TRUST_ANCHOR: + CertChain = TestCertChain2; + CertChainSize = TestCertChain2Size; + RootCert = TestRootCer; + RootCertSize = TestRootCerSize; + HashSize = SHA256_HASH_SIZE; + ShaHashAll = Sha256HashAll; + RootKey = TestRootKey2; + RootKeySize = TestRootKey2Size; + break; + + case TEST_CONFIG_RSASSA_3072_SHA_384: + CertChain = TestCertChain3; + CertChainSize = TestCertChain3Size; + RootCert = TestRootCer3; + RootCertSize = TestRootCer3Size; + HashSize = SHA384_HASH_SIZE; + ShaHashAll = Sha384HashAll; + RootKey = TestRootKey3; + RootKeySize = TestRootKey3Size; + break; + + case TEST_CONFIG_RSASSA_4096_SHA_512: + CertChain = TestCertChain4; + CertChainSize = TestCertChain4Size; + RootCert = TestRootCer4; + RootCertSize = TestRootCer4Size; + HashSize = SHA512_HASH_SIZE; + ShaHashAll = Sha512HashAll; + RootKey = TestRootKey4; + RootKeySize = TestRootKey4Size; + break; + + case TEST_CONFIG_ECDSA_ECC_P256_SHA_256: + CertChain = EccTestCertChain; + CertChainSize = EccTestCertChainSize; + RootCert = EccTestRootCer; + RootCertSize = EccTestRootCerSize; + HashSize = SHA256_HASH_SIZE; + ShaHashAll = Sha256HashAll; + RootKey = EccTestRootKey; + RootKeySize = EccTestRootKeySize; + break; + + case TEST_CONFIG_ECDSA_ECC_P384_SHA_384: + CertChain = EccTestCertChain2; + CertChainSize = EccTestCertChain2Size; + RootCert = EccTestRootCer2; + RootCertSize = EccTestRootCer2Size; + HashSize = SHA384_HASH_SIZE; + ShaHashAll = Sha384HashAll; + RootKey = EccTestRootKey2; + RootKeySize = EccTestRootKey2Size; + break; + + case TEST_CONFIG_ECDSA_ECC_P521_SHA_512: + CertChain = EccTestCertChain3; + CertChainSize = EccTestCertChain3Size; + RootCert = EccTestRootCer3; + RootCertSize = EccTestRootCer3Size; + HashSize = SHA512_HASH_SIZE; + ShaHashAll = Sha512HashAll; + RootKey = EccTestRootKey3; + RootKeySize = EccTestRootKey3Size; + break; + + default: + CertChain = TestCertChain; + CertChainSize = TestCertChainSize; + RootCert = TestRootCer; + RootCertSize = TestRootCerSize; + HashSize = SHA256_HASH_SIZE; + ShaHashAll = Sha256HashAll; + RootKey = TestRootKey; + RootKeySize = TestRootKeySize; + break; + } + + if (TestConfig != TEST_CONFIG_NO_CHAL_CAP_NO_ROOT_CA) { + if (TestConfig == TEST_CONFIG_MULTIPLE_CERT_IN_DB) { + // + // In this test config, The database has two signature lists. + // The first one contains two siganture data for two root certs. + // The second one contains one signature data for one root cert + // which matches the cert chain of the responder. + // + SignatureHeaderSize = 0; + DbSize = sizeof (EFI_SIGNATURE_LIST) + SignatureHeaderSize + 2 * (sizeof (EFI_GUID) + EccTestRootCer3Size) + + sizeof (EFI_SIGNATURE_LIST) + SignatureHeaderSize + sizeof (EFI_GUID) + TestRootCerSize; + DbList = AllocateZeroPool (DbSize); + ASSERT (DbList != NULL); + SignatureList = DbList; + RootCert = EccTestRootCer3; + RootCertSize = EccTestRootCer3Size; + SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + SignatureHeaderSize + 2 * (sizeof (EFI_GUID) + RootCertSize); + CopyGuid (&SignatureList->SignatureType, &gEfiCertX509Guid); + SignatureList->SignatureListSize = (UINT32)SignatureListSize; + SignatureList->SignatureHeaderSize = (UINT32)SignatureHeaderSize; + SignatureList->SignatureSize = (UINT32)(sizeof (EFI_GUID) + RootCertSize); + CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)SignatureList + sizeof (EFI_SIGNATURE_LIST)); + CopyGuid (&CertData->SignatureOwner, &gEfiCallerIdGuid); + CopyMem ( + (UINT8 *)CertData->SignatureData, + RootCert, + RootCertSize + ); + CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)CertData + SignatureList->SignatureSize); + CopyGuid (&CertData->SignatureOwner, &gEfiCallerIdGuid); + CopyMem ( + (UINT8 *)CertData->SignatureData, + RootCert, + RootCertSize + ); + + RootCert = TestRootCer; + RootCertSize = TestRootCerSize; + SignatureList = (EFI_SIGNATURE_LIST *)((UINT8 *)SignatureList + SignatureList->SignatureListSize); + SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + SignatureHeaderSize + sizeof (EFI_GUID) + RootCertSize; + CopyGuid (&SignatureList->SignatureType, &gEfiCertX509Guid); + SignatureList->SignatureListSize = (UINT32)SignatureListSize; + SignatureList->SignatureHeaderSize = (UINT32)SignatureHeaderSize; + SignatureList->SignatureSize = (UINT32)(sizeof (EFI_GUID) + RootCertSize); + CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)SignatureList + sizeof (EFI_SIGNATURE_LIST)); + CopyGuid (&CertData->SignatureOwner, &gEfiCallerIdGuid); + CopyMem ( + (UINT8 *)CertData->SignatureData, + RootCert, + RootCertSize + ); + } else if (TestConfig == TEST_CONFIG_NO_EFI_CERT_X509_GUID_IN_DB) { + SignatureHeaderSize = 0; + DbSize = sizeof (EFI_SIGNATURE_LIST) + SignatureHeaderSize + sizeof (EFI_GUID) + RootCertSize; + DbList = AllocateZeroPool (DbSize); + SignatureList = DbList; + SignatureListSize = DbSize; + ASSERT (SignatureList != NULL); + // Here the SignatureType is gEfiCertSha256Guid, not gEfiCertX509Guid. + CopyGuid (&SignatureList->SignatureType, &gEfiCertSha256Guid); + SignatureList->SignatureListSize = (UINT32)SignatureListSize; + SignatureList->SignatureHeaderSize = (UINT32)SignatureHeaderSize; + SignatureList->SignatureSize = (UINT32)(sizeof (EFI_GUID) + RootCertSize); + CertData = (VOID *)((UINT8 *)SignatureList + sizeof (EFI_SIGNATURE_LIST)); + CopyGuid (&CertData->SignatureOwner, &gEfiCallerIdGuid); + CopyMem ( + (UINT8 *)SignatureList + sizeof (EFI_SIGNATURE_LIST) + SignatureHeaderSize + sizeof (EFI_GUID), + RootCert, + RootCertSize + ); + } else { + SignatureHeaderSize = 0; + DbSize = sizeof (EFI_SIGNATURE_LIST) + SignatureHeaderSize + sizeof (EFI_GUID) + RootCertSize; + DbList = AllocateZeroPool (DbSize); + SignatureList = DbList; + SignatureListSize = DbSize; + ASSERT (SignatureList != NULL); + CopyGuid (&SignatureList->SignatureType, &gEfiCertX509Guid); + SignatureList->SignatureListSize = (UINT32)SignatureListSize; + SignatureList->SignatureHeaderSize = (UINT32)SignatureHeaderSize; + SignatureList->SignatureSize = (UINT32)(sizeof (EFI_GUID) + RootCertSize); + CertData = (VOID *)((UINT8 *)SignatureList + sizeof (EFI_SIGNATURE_LIST)); + CopyGuid (&CertData->SignatureOwner, &gEfiCallerIdGuid); + CopyMem ( + (UINT8 *)SignatureList + sizeof (EFI_SIGNATURE_LIST) + SignatureHeaderSize + sizeof (EFI_GUID), + RootCert, + RootCertSize + ); + } + Status = gRT->SetVariable ( + EFI_DEVICE_SECURITY_DATABASE, + &gEfiDeviceSignatureDatabaseGuid, + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS, + DbSize, + DbList + ); + ASSERT_EFI_ERROR (Status); + FreePool (DbList); + } + + ResponderCertChainSize = sizeof (SPDM_CERT_CHAIN) + HashSize + CertChainSize; + ResponderCertChain = AllocateZeroPool (ResponderCertChainSize); + ASSERT (ResponderCertChain != NULL); + ResponderCertChain->Length = (UINT16)ResponderCertChainSize; + ResponderCertChain->Reserved = 0; + if (TestConfig != TEST_CONFIG_INVALID_CERT_CHAIN) { + if (TestConfig == TEST_CONFIG_NO_TRUST_ANCHOR) { + ShaHashAll (TestRootCer2, TestRootCer2Size, (VOID *)(ResponderCertChain + 1)); + } else { + ShaHashAll (RootCert, RootCertSize, (VOID *)(ResponderCertChain + 1)); + } + } + + CopyMem ( + (UINT8 *)ResponderCertChain + sizeof (SPDM_CERT_CHAIN) + HashSize, + CertChain, + CertChainSize + ); + + Status = gRT->SetVariable ( + L"ProvisionSpdmCertChain", + &gEfiDeviceSecurityPkgTestConfig, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, + ResponderCertChainSize, + ResponderCertChain + ); + ASSERT_EFI_ERROR (Status); + FreePool (ResponderCertChain); + + // Provision the second Spdm CertChain, a valid certificate chain, + // but its trust anchor does not match the UEFI device signature variable. + ResponderCertChainSize = sizeof (SPDM_CERT_CHAIN) + SHA256_HASH_SIZE + TestCertChain2Size; + ResponderCertChain = AllocateZeroPool (ResponderCertChainSize); + ASSERT (ResponderCertChain != NULL); + ResponderCertChain->Length = (UINT16)ResponderCertChainSize; + ResponderCertChain->Reserved = 0; + Sha256HashAll (TestRootCer2, TestRootCer2Size, (VOID *)(ResponderCertChain + 1)); + + CopyMem ( + (UINT8 *)ResponderCertChain + sizeof (SPDM_CERT_CHAIN) + SHA256_HASH_SIZE, + TestCertChain2, + TestCertChain2Size + ); + + Status = gRT->SetVariable ( + L"ProvisionSpdmCertChain_2", + &gEfiDeviceSecurityPkgTestConfig, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, + ResponderCertChainSize, + ResponderCertChain + ); + ASSERT_EFI_ERROR (Status); + FreePool (ResponderCertChain); + + { + // + // TBD - we need only include the root-cert, instead of the CertChain + // BUGBUG: Hardcode here to pass measurement at first + // + SignatureHeaderSize = 0; + SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + SignatureHeaderSize + sizeof (EFI_GUID) + RootCertSize; + SignatureList = AllocateZeroPool (SignatureListSize); + ASSERT (SignatureList != NULL); + CopyGuid (&SignatureList->SignatureType, &gEfiCertX509Guid); + SignatureList->SignatureListSize = (UINT32)SignatureListSize; + SignatureList->SignatureHeaderSize = (UINT32)SignatureHeaderSize; + SignatureList->SignatureSize = (UINT32)(sizeof (EFI_GUID) + RootCertSize); + CertData = (VOID *)((UINT8 *)SignatureList + sizeof (EFI_SIGNATURE_LIST)); + CopyGuid (&CertData->SignatureOwner, &gEfiCallerIdGuid); + CopyMem ( + (UINT8 *)SignatureList + sizeof (EFI_SIGNATURE_LIST) + SignatureHeaderSize + sizeof (EFI_GUID), + RootCert, + RootCertSize + ); + + MeasureVariable ( + PCR_INDEX_FOR_SIGNATURE_DB, + EV_EFI_SPDM_DEVICE_POLICY, + EFI_DEVICE_SECURITY_DATABASE, + &gEfiDeviceSignatureDatabaseGuid, + SignatureList, + SignatureListSize + ); + FreePool (SignatureList); + } + + Status = gRT->SetVariable ( + L"PrivDevKey", + &gEfiDeviceSignatureDatabaseGuid, + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS, + RootKeySize, + RootKey + ); + + ASSERT_EFI_ERROR (Status); + + return EFI_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/Test/DeployCert/DeployCert.inf b/DeviceSecurityTestPkg/Test/DeployCert/DeployCert.inf new file mode 100644 index 00000000000..acc96b1fc25 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/DeployCert/DeployCert.inf @@ -0,0 +1,50 @@ +## @file +# EDKII DeployCert +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = DeployCert + FILE_GUID = 73774DF9-BADC-4611-AA41-B12AE468B27C + MODULE_TYPE = UEFI_APPLICATION + VERSION_STRING = 1.0 + ENTRY_POINT = MainEntryPoint + +[Sources] + DeployCert.c + TestRootCer.c + TestRootKey.c + EccTestRootCer.c + EccTestRootKey.c + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + DeviceSecurityTestPkg/DeviceSecurityTestPkg.dec + ShellPkg/ShellPkg.dec + +[LibraryClasses] + UefiRuntimeServicesTableLib + UefiBootServicesTableLib + UefiApplicationEntryPoint + MemoryAllocationLib + DevicePathLib + BaseMemoryLib + PrintLib + DebugLib + BaseCryptLib + TpmMeasurementLib + Tpm2CommandLib + ShellLib + +[Guids] + gEfiDeviceSignatureDatabaseGuid ## PRODUCE + gEfiCertX509Guid + gEfiDeviceSecurityPkgTestConfig ## PRODUCE + gEfiCertSha256Guid diff --git a/DeviceSecurityTestPkg/Test/DeployCert/EccTestRootCer.c b/DeviceSecurityTestPkg/Test/DeployCert/EccTestRootCer.c new file mode 100644 index 00000000000..405b6810d9c --- /dev/null +++ b/DeviceSecurityTestPkg/Test/DeployCert/EccTestRootCer.c @@ -0,0 +1,408 @@ +/** @file + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +// ECDSA_ECC_P256_SHA_256: ECDSA_ECC_NIST_P256 + SHA_256 +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 EccTestRootCer[] = { + 0x30, 0x82, 0x01, 0x93, 0x30, 0x82, 0x01, 0x39, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x3e, + 0x5b, 0x5f, 0x73, 0x26, 0xd5, 0xda, 0xaf, 0x80, 0x78, 0x42, 0x0f, 0xd0, 0x65, 0x06, 0xda, 0xeb, + 0x7f, 0x94, 0x78, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, + 0x1f, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x69, 0x6e, 0x74, 0x65, + 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x43, 0x41, + 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x30, 0x37, 0x34, 0x33, + 0x5a, 0x17, 0x0d, 0x33, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x36, 0x30, 0x37, 0x34, 0x33, 0x5a, + 0x30, 0x1f, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x69, 0x6e, 0x74, + 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x43, + 0x41, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x7e, 0x5f, 0xd8, 0x53, + 0x2d, 0xd6, 0x8c, 0x48, 0x9c, 0x52, 0xf6, 0x03, 0x60, 0x95, 0xc0, 0x31, 0x8c, 0xb0, 0xa8, 0x71, + 0x52, 0x79, 0x23, 0xa9, 0xac, 0xbf, 0xc0, 0xfb, 0x88, 0xb9, 0x68, 0x41, 0xf4, 0x42, 0xfd, 0x1b, + 0x27, 0x40, 0x59, 0x79, 0x52, 0x44, 0xc3, 0x00, 0xa7, 0xe4, 0x6a, 0xf7, 0x6e, 0x35, 0xdc, 0xb4, + 0x00, 0xcd, 0x95, 0x47, 0x85, 0xcc, 0x98, 0x3e, 0x88, 0xf4, 0x4d, 0x43, 0xa3, 0x53, 0x30, 0x51, + 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x8a, 0x7f, 0x3a, 0x92, 0x4a, + 0xca, 0x7e, 0x15, 0xc4, 0x5c, 0x75, 0x58, 0x5f, 0xfa, 0xbf, 0xa0, 0x26, 0x03, 0xbc, 0xf1, 0x30, + 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x8a, 0x7f, 0x3a, 0x92, + 0x4a, 0xca, 0x7e, 0x15, 0xc4, 0x5c, 0x75, 0x58, 0x5f, 0xfa, 0xbf, 0xa0, 0x26, 0x03, 0xbc, 0xf1, + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, + 0xff, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, + 0x30, 0x45, 0x02, 0x21, 0x00, 0xbc, 0xca, 0xa9, 0x71, 0x1e, 0x8d, 0xd2, 0xf8, 0xcd, 0xa8, 0x39, + 0x00, 0x74, 0x24, 0x4a, 0x12, 0x2b, 0x56, 0x7c, 0x99, 0x85, 0xc0, 0x97, 0x89, 0x1d, 0xa9, 0xa5, + 0x14, 0x4f, 0x3c, 0x63, 0xc6, 0x02, 0x20, 0x47, 0x87, 0xa5, 0xb2, 0x3a, 0x06, 0x55, 0xdf, 0x27, + 0x7b, 0x93, 0x3f, 0xc9, 0x9d, 0x2a, 0x6c, 0x6c, 0x63, 0x98, 0x16, 0x6a, 0x83, 0x29, 0x50, 0x78, + 0xfd, 0x84, 0x30, 0xa5, 0x45, 0xa5, 0xbf, +}; +UINTN EccTestRootCerSize = sizeof (EccTestRootCer); + +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 EccTestCertChain[] = { + 0x30, 0x82, 0x01, 0x93, 0x30, 0x82, 0x01, 0x39, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x3e, + 0x5b, 0x5f, 0x73, 0x26, 0xd5, 0xda, 0xaf, 0x80, 0x78, 0x42, 0x0f, 0xd0, 0x65, 0x06, 0xda, 0xeb, + 0x7f, 0x94, 0x78, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, + 0x1f, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x69, 0x6e, 0x74, 0x65, + 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x43, 0x41, + 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x30, 0x37, 0x34, 0x33, + 0x5a, 0x17, 0x0d, 0x33, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x36, 0x30, 0x37, 0x34, 0x33, 0x5a, + 0x30, 0x1f, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x69, 0x6e, 0x74, + 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x43, + 0x41, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x7e, 0x5f, 0xd8, 0x53, + 0x2d, 0xd6, 0x8c, 0x48, 0x9c, 0x52, 0xf6, 0x03, 0x60, 0x95, 0xc0, 0x31, 0x8c, 0xb0, 0xa8, 0x71, + 0x52, 0x79, 0x23, 0xa9, 0xac, 0xbf, 0xc0, 0xfb, 0x88, 0xb9, 0x68, 0x41, 0xf4, 0x42, 0xfd, 0x1b, + 0x27, 0x40, 0x59, 0x79, 0x52, 0x44, 0xc3, 0x00, 0xa7, 0xe4, 0x6a, 0xf7, 0x6e, 0x35, 0xdc, 0xb4, + 0x00, 0xcd, 0x95, 0x47, 0x85, 0xcc, 0x98, 0x3e, 0x88, 0xf4, 0x4d, 0x43, 0xa3, 0x53, 0x30, 0x51, + 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x8a, 0x7f, 0x3a, 0x92, 0x4a, + 0xca, 0x7e, 0x15, 0xc4, 0x5c, 0x75, 0x58, 0x5f, 0xfa, 0xbf, 0xa0, 0x26, 0x03, 0xbc, 0xf1, 0x30, + 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x8a, 0x7f, 0x3a, 0x92, + 0x4a, 0xca, 0x7e, 0x15, 0xc4, 0x5c, 0x75, 0x58, 0x5f, 0xfa, 0xbf, 0xa0, 0x26, 0x03, 0xbc, 0xf1, + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, + 0xff, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, + 0x30, 0x45, 0x02, 0x21, 0x00, 0xbc, 0xca, 0xa9, 0x71, 0x1e, 0x8d, 0xd2, 0xf8, 0xcd, 0xa8, 0x39, + 0x00, 0x74, 0x24, 0x4a, 0x12, 0x2b, 0x56, 0x7c, 0x99, 0x85, 0xc0, 0x97, 0x89, 0x1d, 0xa9, 0xa5, + 0x14, 0x4f, 0x3c, 0x63, 0xc6, 0x02, 0x20, 0x47, 0x87, 0xa5, 0xb2, 0x3a, 0x06, 0x55, 0xdf, 0x27, + 0x7b, 0x93, 0x3f, 0xc9, 0x9d, 0x2a, 0x6c, 0x6c, 0x63, 0x98, 0x16, 0x6a, 0x83, 0x29, 0x50, 0x78, + 0xfd, 0x84, 0x30, 0xa5, 0x45, 0xa5, 0xbf, 0x30, 0x82, 0x01, 0x99, 0x30, 0x82, 0x01, 0x40, 0xa0, + 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x04, 0x03, 0x02, 0x30, 0x1f, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, + 0x69, 0x6e, 0x74, 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, + 0x36, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, + 0x30, 0x37, 0x34, 0x33, 0x5a, 0x17, 0x0d, 0x33, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x36, 0x30, + 0x37, 0x34, 0x33, 0x5a, 0x30, 0x2e, 0x31, 0x2c, 0x30, 0x2a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, + 0x23, 0x69, 0x6e, 0x74, 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, + 0x35, 0x36, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, + 0x63, 0x65, 0x72, 0x74, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xd8, + 0x46, 0x42, 0x44, 0x3a, 0x83, 0x45, 0x8c, 0xcd, 0xd9, 0xdf, 0xee, 0xa8, 0x41, 0xf0, 0xb4, 0xfe, + 0x7f, 0xd1, 0x5c, 0x5a, 0xdd, 0xfd, 0xb2, 0x23, 0x31, 0x45, 0x54, 0xe5, 0x3c, 0x9d, 0x14, 0x72, + 0x02, 0x17, 0x29, 0xb3, 0x63, 0x95, 0x75, 0xae, 0x0f, 0x86, 0x58, 0x08, 0x62, 0x0d, 0x5d, 0xf8, + 0x94, 0xa5, 0xc0, 0xee, 0xea, 0x0a, 0x21, 0x1c, 0x5b, 0x96, 0xda, 0xb4, 0x31, 0xd2, 0xeb, 0xa3, + 0x5e, 0x30, 0x5c, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, + 0xff, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0xfe, 0x30, 0x1d, + 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x3d, 0xdd, 0xa4, 0xbc, 0xdc, 0x82, 0xfb, + 0xf3, 0x83, 0x94, 0x80, 0x3f, 0x87, 0x8f, 0xde, 0x43, 0xac, 0xfb, 0x2b, 0x57, 0x30, 0x20, 0x06, + 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, + 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, + 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, + 0x02, 0x20, 0x6f, 0x60, 0xaa, 0x04, 0x48, 0x27, 0xd0, 0xe9, 0xf7, 0xc7, 0x5a, 0x14, 0x97, 0x10, + 0xc4, 0xa3, 0xfa, 0xc8, 0xe3, 0xb6, 0xea, 0x8f, 0x88, 0xb3, 0x01, 0xfd, 0x7e, 0x88, 0x86, 0x4f, + 0x48, 0xf9, 0x02, 0x20, 0x4c, 0x1b, 0xd4, 0x0d, 0xab, 0x2f, 0x08, 0xde, 0x47, 0x87, 0x17, 0xbc, + 0xdb, 0xd1, 0xd5, 0x61, 0x5b, 0x4e, 0x3e, 0x87, 0xa0, 0x5c, 0x4c, 0x3b, 0xe7, 0xff, 0xa6, 0x75, + 0xdc, 0x8d, 0x06, 0x79, 0x30, 0x82, 0x02, 0x01, 0x30, 0x82, 0x01, 0xa7, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x01, 0x03, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, + 0x30, 0x2e, 0x31, 0x2c, 0x30, 0x2a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x23, 0x69, 0x6e, 0x74, + 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x63, 0x65, 0x72, 0x74, + 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x32, 0x32, 0x38, 0x30, 0x39, 0x32, 0x38, 0x35, 0x33, + 0x5a, 0x17, 0x0d, 0x33, 0x32, 0x30, 0x32, 0x32, 0x36, 0x30, 0x39, 0x32, 0x38, 0x35, 0x33, 0x5a, + 0x30, 0x2b, 0x31, 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x20, 0x69, 0x6e, 0x74, + 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x72, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x20, 0x63, 0x65, 0x72, 0x74, 0x30, 0x59, 0x30, + 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xdb, 0xc2, 0xb2, 0xb7, 0x83, 0x3c, 0xc8, 0x85, + 0xe4, 0x3d, 0xe1, 0xf3, 0xba, 0xe2, 0xf2, 0x90, 0x8e, 0x30, 0x25, 0x14, 0xe1, 0xf7, 0xa9, 0x82, + 0x29, 0xdb, 0x9d, 0x76, 0x2f, 0x80, 0x11, 0x32, 0xee, 0xab, 0xe2, 0x68, 0xd1, 0x22, 0xe7, 0xbd, + 0xb4, 0x71, 0x27, 0xc8, 0x79, 0xfb, 0xdc, 0x7c, 0x9e, 0x33, 0xa6, 0x67, 0xc2, 0x10, 0x47, 0x36, + 0x32, 0xc5, 0xa1, 0xaa, 0x6b, 0x2b, 0xaa, 0xc9, 0xa3, 0x81, 0xb8, 0x30, 0x81, 0xb5, 0x30, 0x0c, + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0b, 0x06, 0x03, + 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x05, 0xe0, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, + 0x04, 0x16, 0x04, 0x14, 0x33, 0x07, 0x1f, 0x56, 0xbc, 0x9e, 0xc3, 0xa5, 0x41, 0xcd, 0x8d, 0x7e, + 0x35, 0xdb, 0xab, 0x8c, 0x18, 0xc9, 0x91, 0xb6, 0x30, 0x31, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, + 0x2a, 0x30, 0x28, 0xa0, 0x26, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1c, 0x82, 0x12, + 0x01, 0xa0, 0x18, 0x0c, 0x16, 0x41, 0x43, 0x4d, 0x45, 0x3a, 0x57, 0x49, 0x44, 0x47, 0x45, 0x54, + 0x3a, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x30, 0x2a, 0x06, 0x03, 0x55, + 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x20, 0x30, 0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, + 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, 0x30, 0x1a, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, + 0x83, 0x1c, 0x82, 0x12, 0x06, 0x04, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1c, + 0x82, 0x12, 0x02, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, + 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x60, 0xc0, 0x0c, 0x08, 0x6a, 0xac, 0x86, 0x11, 0x29, 0xcd, + 0x3e, 0xa9, 0xa2, 0x69, 0x04, 0x39, 0xab, 0xbc, 0xb2, 0x84, 0x34, 0xa2, 0x9e, 0xbd, 0x3e, 0x7a, + 0x18, 0x38, 0x1e, 0x2c, 0x6b, 0x8d, 0x02, 0x21, 0x00, 0x84, 0xf6, 0x00, 0xa5, 0x91, 0xc5, 0xa3, + 0xd2, 0x40, 0x30, 0x24, 0x4b, 0x4d, 0x4b, 0x0f, 0xd2, 0x98, 0x5c, 0x69, 0xc8, 0x2d, 0x1f, 0x66, + 0xbc, 0xab, 0xf5, 0x82, 0xda, 0x35, 0xad, 0x8c, 0x72, +}; +UINTN EccTestCertChainSize = sizeof (EccTestCertChain); + +// ECDSA_ECC_P384_SHA_384: ECDSA_ECC_NIST_P384 + SHA_384 +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 EccTestRootCer2[] = { + 0x30, 0x82, 0x01, 0xd0, 0x30, 0x82, 0x01, 0x56, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x00, + 0xca, 0x2f, 0x39, 0xe8, 0xfa, 0x16, 0xfd, 0xb0, 0x34, 0x0c, 0x85, 0x50, 0x8f, 0x5d, 0x07, 0xe2, + 0x6e, 0x48, 0x34, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03, 0x30, + 0x1f, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x69, 0x6e, 0x74, 0x65, + 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x43, 0x41, + 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x30, 0x38, 0x33, 0x33, + 0x5a, 0x17, 0x0d, 0x33, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x36, 0x30, 0x38, 0x33, 0x33, 0x5a, + 0x30, 0x1f, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x69, 0x6e, 0x74, + 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x43, + 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, + 0x2b, 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0x92, 0x2f, 0xd3, 0xbd, 0x8b, 0x60, 0xbb, + 0xf7, 0x5e, 0xe4, 0x80, 0x25, 0x14, 0x10, 0x47, 0x8c, 0x79, 0xad, 0x82, 0xfb, 0x41, 0x3a, 0xc4, + 0xad, 0x39, 0xf8, 0x01, 0x1a, 0x9d, 0x47, 0x29, 0x90, 0xd6, 0xbb, 0x86, 0x41, 0x07, 0x8d, 0x86, + 0x66, 0x11, 0xda, 0x6d, 0xc9, 0xed, 0x9b, 0x0e, 0x2a, 0xa1, 0x2a, 0x51, 0xc2, 0xdd, 0x55, 0xab, + 0x3d, 0x1d, 0x7b, 0x3c, 0x3d, 0x38, 0x28, 0x80, 0x72, 0x61, 0x20, 0x3e, 0x25, 0xf9, 0x99, 0x39, + 0x82, 0x4e, 0x4a, 0xba, 0x93, 0xd1, 0xab, 0x1f, 0xce, 0x5a, 0x9b, 0x3d, 0xbe, 0xa5, 0xbc, 0x1b, + 0x96, 0xf0, 0xb7, 0xb5, 0xfb, 0x10, 0xf9, 0x23, 0x90, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, + 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x14, 0xc4, 0xe7, 0xa6, 0x7c, 0x63, 0x3f, 0xdf, + 0x13, 0xf2, 0xb1, 0x36, 0x56, 0x63, 0xf9, 0xc1, 0xea, 0xdd, 0x78, 0x10, 0x30, 0x1f, 0x06, 0x03, + 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x14, 0xc4, 0xe7, 0xa6, 0x7c, 0x63, 0x3f, + 0xdf, 0x13, 0xf2, 0xb1, 0x36, 0x56, 0x63, 0xf9, 0xc1, 0xea, 0xdd, 0x78, 0x10, 0x30, 0x0f, 0x06, + 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0a, + 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, + 0x31, 0x00, 0xd7, 0x9c, 0x7f, 0x26, 0x91, 0x34, 0xa5, 0x2b, 0x79, 0xea, 0x66, 0x15, 0x00, 0x88, + 0x0a, 0x4d, 0xe7, 0xad, 0x71, 0xc6, 0x2e, 0xe4, 0x7e, 0x37, 0xe1, 0x86, 0xeb, 0xe8, 0x55, 0xb0, + 0x2f, 0xc5, 0xf3, 0xa9, 0xe0, 0x90, 0xf9, 0x0b, 0x82, 0xc5, 0xdf, 0x4a, 0x35, 0x9a, 0x0d, 0x35, + 0x38, 0x4b, 0x02, 0x30, 0x40, 0xa7, 0xfe, 0x70, 0x39, 0x7b, 0x4b, 0xd7, 0xc2, 0x28, 0x72, 0x93, + 0x93, 0x0c, 0x62, 0x12, 0x14, 0xf0, 0x70, 0x74, 0x0f, 0xfc, 0xb1, 0x21, 0x60, 0x40, 0x6d, 0x13, + 0xa3, 0x59, 0x0e, 0x27, 0x06, 0xc1, 0x73, 0x4e, 0xca, 0x40, 0x4c, 0x2d, 0xf5, 0x96, 0x48, 0x66, + 0x05, 0xb1, 0xa6, 0x08, +}; +UINTN EccTestRootCer2Size = sizeof (EccTestRootCer2); + +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 EccTestCertChain2[] = { + 0x30, 0x82, 0x01, 0xd0, 0x30, 0x82, 0x01, 0x56, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x00, + 0xca, 0x2f, 0x39, 0xe8, 0xfa, 0x16, 0xfd, 0xb0, 0x34, 0x0c, 0x85, 0x50, 0x8f, 0x5d, 0x07, 0xe2, + 0x6e, 0x48, 0x34, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03, 0x30, + 0x1f, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x69, 0x6e, 0x74, 0x65, + 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x43, 0x41, + 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x30, 0x38, 0x33, 0x33, + 0x5a, 0x17, 0x0d, 0x33, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x36, 0x30, 0x38, 0x33, 0x33, 0x5a, + 0x30, 0x1f, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x69, 0x6e, 0x74, + 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x43, + 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, + 0x2b, 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0x92, 0x2f, 0xd3, 0xbd, 0x8b, 0x60, 0xbb, + 0xf7, 0x5e, 0xe4, 0x80, 0x25, 0x14, 0x10, 0x47, 0x8c, 0x79, 0xad, 0x82, 0xfb, 0x41, 0x3a, 0xc4, + 0xad, 0x39, 0xf8, 0x01, 0x1a, 0x9d, 0x47, 0x29, 0x90, 0xd6, 0xbb, 0x86, 0x41, 0x07, 0x8d, 0x86, + 0x66, 0x11, 0xda, 0x6d, 0xc9, 0xed, 0x9b, 0x0e, 0x2a, 0xa1, 0x2a, 0x51, 0xc2, 0xdd, 0x55, 0xab, + 0x3d, 0x1d, 0x7b, 0x3c, 0x3d, 0x38, 0x28, 0x80, 0x72, 0x61, 0x20, 0x3e, 0x25, 0xf9, 0x99, 0x39, + 0x82, 0x4e, 0x4a, 0xba, 0x93, 0xd1, 0xab, 0x1f, 0xce, 0x5a, 0x9b, 0x3d, 0xbe, 0xa5, 0xbc, 0x1b, + 0x96, 0xf0, 0xb7, 0xb5, 0xfb, 0x10, 0xf9, 0x23, 0x90, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, + 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x14, 0xc4, 0xe7, 0xa6, 0x7c, 0x63, 0x3f, 0xdf, + 0x13, 0xf2, 0xb1, 0x36, 0x56, 0x63, 0xf9, 0xc1, 0xea, 0xdd, 0x78, 0x10, 0x30, 0x1f, 0x06, 0x03, + 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x14, 0xc4, 0xe7, 0xa6, 0x7c, 0x63, 0x3f, + 0xdf, 0x13, 0xf2, 0xb1, 0x36, 0x56, 0x63, 0xf9, 0xc1, 0xea, 0xdd, 0x78, 0x10, 0x30, 0x0f, 0x06, + 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0a, + 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, + 0x31, 0x00, 0xd7, 0x9c, 0x7f, 0x26, 0x91, 0x34, 0xa5, 0x2b, 0x79, 0xea, 0x66, 0x15, 0x00, 0x88, + 0x0a, 0x4d, 0xe7, 0xad, 0x71, 0xc6, 0x2e, 0xe4, 0x7e, 0x37, 0xe1, 0x86, 0xeb, 0xe8, 0x55, 0xb0, + 0x2f, 0xc5, 0xf3, 0xa9, 0xe0, 0x90, 0xf9, 0x0b, 0x82, 0xc5, 0xdf, 0x4a, 0x35, 0x9a, 0x0d, 0x35, + 0x38, 0x4b, 0x02, 0x30, 0x40, 0xa7, 0xfe, 0x70, 0x39, 0x7b, 0x4b, 0xd7, 0xc2, 0x28, 0x72, 0x93, + 0x93, 0x0c, 0x62, 0x12, 0x14, 0xf0, 0x70, 0x74, 0x0f, 0xfc, 0xb1, 0x21, 0x60, 0x40, 0x6d, 0x13, + 0xa3, 0x59, 0x0e, 0x27, 0x06, 0xc1, 0x73, 0x4e, 0xca, 0x40, 0x4c, 0x2d, 0xf5, 0x96, 0x48, 0x66, + 0x05, 0xb1, 0xa6, 0x08, 0x30, 0x82, 0x01, 0xd7, 0x30, 0x82, 0x01, 0x5d, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x01, 0x01, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03, + 0x30, 0x1f, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x69, 0x6e, 0x74, + 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x43, + 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x30, 0x38, 0x33, + 0x34, 0x5a, 0x17, 0x0d, 0x33, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x36, 0x30, 0x38, 0x33, 0x34, + 0x5a, 0x30, 0x2e, 0x31, 0x2c, 0x30, 0x2a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x23, 0x69, 0x6e, + 0x74, 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x63, 0x65, 0x72, + 0x74, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, + 0x2b, 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0x12, 0xaf, 0x50, 0xbf, 0xaf, 0xfb, 0xc8, + 0x03, 0x23, 0x41, 0x27, 0xfa, 0xef, 0xec, 0x35, 0xc4, 0xae, 0x96, 0xcb, 0xf4, 0xae, 0xfb, 0x74, + 0x58, 0x6b, 0xf5, 0x8f, 0x60, 0x38, 0x28, 0x76, 0x0b, 0x29, 0xa4, 0xca, 0xf4, 0x6c, 0x2d, 0x59, + 0x28, 0xf5, 0xab, 0x92, 0xb7, 0x6b, 0x6f, 0x3a, 0xc0, 0x91, 0x9f, 0x45, 0xd1, 0x3c, 0xa0, 0xc8, + 0x80, 0x67, 0xff, 0x4b, 0x9f, 0xe8, 0x01, 0x17, 0x08, 0xcb, 0x4c, 0x17, 0x23, 0xc2, 0xf0, 0x07, + 0xe4, 0xcd, 0x37, 0x26, 0x9f, 0x41, 0xa4, 0xfe, 0x7d, 0x80, 0x1c, 0x23, 0x43, 0xcb, 0x53, 0x6c, + 0xc1, 0x0f, 0x5f, 0x4a, 0xc8, 0x6a, 0x31, 0xe6, 0xee, 0xa3, 0x5e, 0x30, 0x5c, 0x30, 0x0c, 0x06, + 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0b, 0x06, 0x03, 0x55, + 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0xfe, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, + 0x16, 0x04, 0x14, 0x42, 0xbc, 0xed, 0xba, 0xd1, 0x5a, 0x68, 0xdf, 0x71, 0x41, 0xf8, 0xa5, 0x0e, + 0x36, 0xca, 0xf5, 0xdf, 0x52, 0x50, 0x09, 0x30, 0x20, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, + 0xff, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, + 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x04, 0x03, 0x03, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, 0x00, 0x9a, 0xfd, 0xd5, + 0x7e, 0x34, 0x74, 0x19, 0x09, 0xe1, 0x26, 0x45, 0xf2, 0xbc, 0x3f, 0x25, 0xd4, 0x47, 0x22, 0x19, + 0x68, 0x23, 0xe4, 0x6a, 0xe5, 0x35, 0xd6, 0x9a, 0x4e, 0xa5, 0x23, 0xb2, 0xd3, 0xc0, 0x9a, 0x68, + 0x88, 0xce, 0x99, 0x59, 0x9d, 0x55, 0x18, 0x96, 0x4d, 0xd3, 0x1c, 0x3b, 0x52, 0x02, 0x30, 0x1c, + 0x08, 0xde, 0x61, 0x7f, 0x5b, 0xa7, 0xc8, 0x6b, 0xaf, 0x8d, 0x9d, 0xf5, 0x3a, 0xc1, 0x54, 0xe5, + 0x5f, 0x21, 0xc7, 0x69, 0x57, 0xdb, 0x63, 0xc4, 0x45, 0x09, 0x66, 0xab, 0x70, 0xab, 0xc0, 0xbf, + 0xb2, 0xc0, 0x6a, 0x7f, 0x51, 0xda, 0xe8, 0xae, 0x93, 0xc4, 0x43, 0x33, 0x4a, 0x07, 0xa4, 0x30, + 0x82, 0x02, 0x22, 0x30, 0x82, 0x01, 0xa8, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x03, 0x30, + 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03, 0x30, 0x2e, 0x31, 0x2c, 0x30, + 0x2a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x23, 0x69, 0x6e, 0x74, 0x65, 0x6c, 0x20, 0x74, 0x65, + 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, + 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x63, 0x65, 0x72, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x32, + 0x32, 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x30, 0x38, 0x33, 0x34, 0x5a, 0x17, 0x0d, 0x33, 0x32, + 0x30, 0x31, 0x30, 0x33, 0x30, 0x36, 0x30, 0x38, 0x33, 0x34, 0x5a, 0x30, 0x2b, 0x31, 0x29, 0x30, + 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x6c, 0x20, 0x74, 0x65, + 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x64, 0x65, 0x72, 0x20, 0x63, 0x65, 0x72, 0x74, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, + 0x8c, 0xf8, 0x84, 0x9d, 0x11, 0x07, 0x49, 0xca, 0x1c, 0xd0, 0xb5, 0x11, 0xbc, 0xe3, 0x4f, 0x38, + 0x3c, 0xf0, 0xc5, 0x8d, 0x73, 0x5a, 0xa7, 0x63, 0x7e, 0x5f, 0x62, 0x60, 0x7f, 0x10, 0x43, 0x34, + 0xc8, 0x4f, 0x2c, 0xbc, 0x70, 0x8f, 0x4d, 0xa2, 0xfd, 0x4e, 0x03, 0x89, 0x16, 0x49, 0xca, 0x40, + 0x6a, 0x91, 0x18, 0x09, 0x7f, 0x27, 0xef, 0xe4, 0xa6, 0x26, 0x1a, 0xfd, 0xd4, 0xd1, 0x57, 0xdb, + 0x5b, 0x1b, 0x75, 0x05, 0xf9, 0x15, 0x9d, 0x33, 0x34, 0xbe, 0x90, 0xb7, 0x5e, 0xd7, 0x05, 0xb9, + 0x73, 0x85, 0x1e, 0x4a, 0xd3, 0x00, 0x5b, 0x7d, 0x10, 0x68, 0xbf, 0x4f, 0xca, 0xe6, 0x38, 0x4c, + 0xa3, 0x81, 0x9c, 0x30, 0x81, 0x99, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, + 0x04, 0x02, 0x30, 0x00, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x05, + 0xe0, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x1d, 0xee, 0x4b, 0x09, + 0x37, 0x82, 0xed, 0x77, 0x92, 0x71, 0xa7, 0x4e, 0x3c, 0xad, 0x32, 0xad, 0xb8, 0xf7, 0x8e, 0x9b, + 0x30, 0x31, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x2a, 0x30, 0x28, 0xa0, 0x26, 0x06, 0x0a, 0x2b, + 0x06, 0x01, 0x04, 0x01, 0x83, 0x1c, 0x82, 0x12, 0x01, 0xa0, 0x18, 0x0c, 0x16, 0x41, 0x43, 0x4d, + 0x45, 0x3a, 0x57, 0x49, 0x44, 0x47, 0x45, 0x54, 0x3a, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x30, 0x30, 0x2a, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x20, 0x30, + 0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, + 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, 0x30, + 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03, 0x03, 0x68, 0x00, 0x30, 0x65, + 0x02, 0x30, 0x09, 0x0d, 0x98, 0x7a, 0xd6, 0xd1, 0x9a, 0x43, 0x45, 0x1e, 0xbb, 0xc1, 0x0b, 0x23, + 0x2e, 0xa4, 0x8a, 0x10, 0x32, 0xdb, 0xe1, 0x89, 0xbe, 0xda, 0x6a, 0x51, 0x36, 0x24, 0x48, 0x1f, + 0x2f, 0x66, 0xa2, 0x6b, 0xdb, 0xab, 0x78, 0x5e, 0x4a, 0x5c, 0x57, 0x36, 0x9e, 0xae, 0x72, 0x80, + 0x6e, 0x2d, 0x02, 0x31, 0x00, 0x86, 0xd5, 0xd5, 0x6c, 0x2b, 0x90, 0xfb, 0x3d, 0xb6, 0x84, 0x68, + 0x93, 0xd3, 0xbd, 0xd8, 0xfc, 0x0d, 0x64, 0x77, 0x36, 0x90, 0x8a, 0xe4, 0xbb, 0xd9, 0x60, 0x3b, + 0x78, 0x9b, 0x58, 0x9a, 0x31, 0x71, 0xcb, 0x83, 0xb8, 0xfe, 0x54, 0x6a, 0xab, 0xf8, 0x3b, 0x07, + 0x8b, 0xe0, 0xce, 0x26, 0x6f, +}; +UINTN EccTestCertChain2Size = sizeof (EccTestCertChain2); + +// ECDSA_ECC_P521_SHA_512: ECDSA_ECC_NIST_P521 + SHA_512 +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 EccTestRootCer3[] = { + 0x30, 0x82, 0x02, 0x19, 0x30, 0x82, 0x01, 0x7c, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x06, + 0x93, 0x4b, 0x72, 0xc2, 0x47, 0x33, 0x7d, 0x5c, 0x44, 0xac, 0x80, 0xd5, 0xd6, 0x8b, 0x18, 0x14, + 0x45, 0xed, 0x83, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04, 0x30, + 0x1f, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x69, 0x6e, 0x74, 0x65, + 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x43, 0x41, + 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x30, 0x39, 0x30, 0x34, + 0x5a, 0x17, 0x0d, 0x33, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x36, 0x30, 0x39, 0x30, 0x34, 0x5a, + 0x30, 0x1f, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x69, 0x6e, 0x74, + 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x43, + 0x41, 0x30, 0x81, 0x9b, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, + 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23, 0x03, 0x81, 0x86, 0x00, 0x04, 0x01, 0xfd, 0x99, 0xd7, 0x3b, + 0x4c, 0xed, 0xa5, 0x1a, 0xac, 0xe2, 0x6d, 0x47, 0x40, 0x13, 0x18, 0xc6, 0x44, 0x9a, 0xf6, 0x55, + 0x76, 0xfa, 0x90, 0xc4, 0x98, 0x6f, 0xf3, 0x00, 0x00, 0x5a, 0xe0, 0x14, 0x53, 0xfb, 0x43, 0xa2, + 0xc1, 0x38, 0x31, 0x2c, 0x1c, 0xac, 0x2b, 0xb0, 0x20, 0xf6, 0x0e, 0xdf, 0x38, 0xa5, 0x6c, 0xa8, + 0x77, 0x81, 0xa1, 0x79, 0x24, 0xbb, 0xcd, 0x77, 0x27, 0x96, 0xe3, 0x1a, 0xdd, 0x00, 0xd3, 0x3d, + 0xb5, 0xc4, 0x61, 0x12, 0x25, 0x9b, 0xc0, 0xc0, 0xdd, 0x7b, 0x89, 0x7b, 0xd6, 0xad, 0xe4, 0x53, + 0x47, 0xde, 0xab, 0x11, 0xcb, 0x45, 0xe4, 0xef, 0xcb, 0x4e, 0x97, 0xd6, 0x11, 0x73, 0x15, 0x6b, + 0x6a, 0x33, 0x21, 0xcb, 0xc9, 0xdc, 0xab, 0x5b, 0x94, 0xfe, 0x07, 0x75, 0xd7, 0x32, 0x4c, 0x72, + 0xe2, 0xe4, 0x17, 0xd8, 0xab, 0x70, 0x89, 0x67, 0xee, 0x9e, 0x80, 0x87, 0x96, 0xc7, 0x90, 0xa3, + 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x97, 0x5f, + 0xa9, 0xf5, 0xf4, 0xf4, 0x91, 0xfb, 0x80, 0xed, 0xcf, 0xad, 0x2b, 0x9d, 0xd0, 0x99, 0x4e, 0x5a, + 0xf1, 0x6f, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x97, + 0x5f, 0xa9, 0xf5, 0xf4, 0xf4, 0x91, 0xfb, 0x80, 0xed, 0xcf, 0xad, 0x2b, 0x9d, 0xd0, 0x99, 0x4e, + 0x5a, 0xf1, 0x6f, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xff, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04, + 0x03, 0x81, 0x8a, 0x00, 0x30, 0x81, 0x86, 0x02, 0x41, 0x0f, 0x78, 0x41, 0xdf, 0x4e, 0x74, 0xab, + 0xe5, 0x73, 0xa5, 0x9f, 0x8f, 0xfd, 0x53, 0xc3, 0xf9, 0x80, 0xbf, 0x27, 0x41, 0x3d, 0xf7, 0x82, + 0x9e, 0x16, 0x01, 0xf4, 0x17, 0x7f, 0xcf, 0x8c, 0x73, 0x37, 0x2d, 0x71, 0xe9, 0x7b, 0x32, 0xe7, + 0xae, 0x9d, 0x9f, 0xa4, 0x36, 0xd2, 0xfc, 0xeb, 0xa8, 0x0a, 0x3b, 0x81, 0x5c, 0x3b, 0x1e, 0x62, + 0x95, 0x31, 0x7e, 0xe4, 0x0e, 0x4b, 0x47, 0x21, 0x04, 0x5a, 0x02, 0x41, 0x09, 0x87, 0x7f, 0x41, + 0x66, 0xe0, 0x27, 0x6c, 0xae, 0x95, 0x1c, 0x5a, 0x9f, 0x96, 0xeb, 0x5a, 0xe8, 0x4e, 0x68, 0xf1, + 0x32, 0x22, 0x07, 0x6a, 0xa6, 0x52, 0xc8, 0xbb, 0xa6, 0xe7, 0x69, 0x28, 0x08, 0xe2, 0x9f, 0x08, + 0xb2, 0x38, 0xf6, 0xf0, 0x4d, 0x3f, 0x10, 0xfb, 0x2d, 0x76, 0x4b, 0x61, 0xad, 0xe6, 0xfb, 0x80, + 0xe8, 0xe4, 0x21, 0x73, 0xdf, 0x89, 0x2e, 0x54, 0x56, 0xaf, 0x1e, 0x4d, 0x59, +}; +UINTN EccTestRootCer3Size = sizeof (EccTestRootCer3); + +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 EccTestCertChain3[] = { + 0x30, 0x82, 0x02, 0x19, 0x30, 0x82, 0x01, 0x7c, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x06, + 0x93, 0x4b, 0x72, 0xc2, 0x47, 0x33, 0x7d, 0x5c, 0x44, 0xac, 0x80, 0xd5, 0xd6, 0x8b, 0x18, 0x14, + 0x45, 0xed, 0x83, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04, 0x30, + 0x1f, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x69, 0x6e, 0x74, 0x65, + 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x43, 0x41, + 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x30, 0x39, 0x30, 0x34, + 0x5a, 0x17, 0x0d, 0x33, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x36, 0x30, 0x39, 0x30, 0x34, 0x5a, + 0x30, 0x1f, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x69, 0x6e, 0x74, + 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x43, + 0x41, 0x30, 0x81, 0x9b, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, + 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23, 0x03, 0x81, 0x86, 0x00, 0x04, 0x01, 0xfd, 0x99, 0xd7, 0x3b, + 0x4c, 0xed, 0xa5, 0x1a, 0xac, 0xe2, 0x6d, 0x47, 0x40, 0x13, 0x18, 0xc6, 0x44, 0x9a, 0xf6, 0x55, + 0x76, 0xfa, 0x90, 0xc4, 0x98, 0x6f, 0xf3, 0x00, 0x00, 0x5a, 0xe0, 0x14, 0x53, 0xfb, 0x43, 0xa2, + 0xc1, 0x38, 0x31, 0x2c, 0x1c, 0xac, 0x2b, 0xb0, 0x20, 0xf6, 0x0e, 0xdf, 0x38, 0xa5, 0x6c, 0xa8, + 0x77, 0x81, 0xa1, 0x79, 0x24, 0xbb, 0xcd, 0x77, 0x27, 0x96, 0xe3, 0x1a, 0xdd, 0x00, 0xd3, 0x3d, + 0xb5, 0xc4, 0x61, 0x12, 0x25, 0x9b, 0xc0, 0xc0, 0xdd, 0x7b, 0x89, 0x7b, 0xd6, 0xad, 0xe4, 0x53, + 0x47, 0xde, 0xab, 0x11, 0xcb, 0x45, 0xe4, 0xef, 0xcb, 0x4e, 0x97, 0xd6, 0x11, 0x73, 0x15, 0x6b, + 0x6a, 0x33, 0x21, 0xcb, 0xc9, 0xdc, 0xab, 0x5b, 0x94, 0xfe, 0x07, 0x75, 0xd7, 0x32, 0x4c, 0x72, + 0xe2, 0xe4, 0x17, 0xd8, 0xab, 0x70, 0x89, 0x67, 0xee, 0x9e, 0x80, 0x87, 0x96, 0xc7, 0x90, 0xa3, + 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x97, 0x5f, + 0xa9, 0xf5, 0xf4, 0xf4, 0x91, 0xfb, 0x80, 0xed, 0xcf, 0xad, 0x2b, 0x9d, 0xd0, 0x99, 0x4e, 0x5a, + 0xf1, 0x6f, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x97, + 0x5f, 0xa9, 0xf5, 0xf4, 0xf4, 0x91, 0xfb, 0x80, 0xed, 0xcf, 0xad, 0x2b, 0x9d, 0xd0, 0x99, 0x4e, + 0x5a, 0xf1, 0x6f, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xff, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04, + 0x03, 0x81, 0x8a, 0x00, 0x30, 0x81, 0x86, 0x02, 0x41, 0x0f, 0x78, 0x41, 0xdf, 0x4e, 0x74, 0xab, + 0xe5, 0x73, 0xa5, 0x9f, 0x8f, 0xfd, 0x53, 0xc3, 0xf9, 0x80, 0xbf, 0x27, 0x41, 0x3d, 0xf7, 0x82, + 0x9e, 0x16, 0x01, 0xf4, 0x17, 0x7f, 0xcf, 0x8c, 0x73, 0x37, 0x2d, 0x71, 0xe9, 0x7b, 0x32, 0xe7, + 0xae, 0x9d, 0x9f, 0xa4, 0x36, 0xd2, 0xfc, 0xeb, 0xa8, 0x0a, 0x3b, 0x81, 0x5c, 0x3b, 0x1e, 0x62, + 0x95, 0x31, 0x7e, 0xe4, 0x0e, 0x4b, 0x47, 0x21, 0x04, 0x5a, 0x02, 0x41, 0x09, 0x87, 0x7f, 0x41, + 0x66, 0xe0, 0x27, 0x6c, 0xae, 0x95, 0x1c, 0x5a, 0x9f, 0x96, 0xeb, 0x5a, 0xe8, 0x4e, 0x68, 0xf1, + 0x32, 0x22, 0x07, 0x6a, 0xa6, 0x52, 0xc8, 0xbb, 0xa6, 0xe7, 0x69, 0x28, 0x08, 0xe2, 0x9f, 0x08, + 0xb2, 0x38, 0xf6, 0xf0, 0x4d, 0x3f, 0x10, 0xfb, 0x2d, 0x76, 0x4b, 0x61, 0xad, 0xe6, 0xfb, 0x80, + 0xe8, 0xe4, 0x21, 0x73, 0xdf, 0x89, 0x2e, 0x54, 0x56, 0xaf, 0x1e, 0x4d, 0x59, 0x30, 0x82, 0x02, + 0x22, 0x30, 0x82, 0x01, 0x83, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0a, 0x06, + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04, 0x30, 0x1f, 0x31, 0x1d, 0x30, 0x1b, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x69, 0x6e, 0x74, 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, + 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, + 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x30, 0x39, 0x30, 0x34, 0x5a, 0x17, 0x0d, 0x33, 0x32, 0x30, + 0x31, 0x30, 0x33, 0x30, 0x36, 0x30, 0x39, 0x30, 0x34, 0x5a, 0x30, 0x2e, 0x31, 0x2c, 0x30, 0x2a, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x23, 0x69, 0x6e, 0x74, 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, + 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, + 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x63, 0x65, 0x72, 0x74, 0x30, 0x81, 0x9b, 0x30, 0x10, 0x06, + 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23, 0x03, + 0x81, 0x86, 0x00, 0x04, 0x00, 0xad, 0xde, 0x64, 0xf7, 0xff, 0xe0, 0x56, 0x80, 0xdd, 0x69, 0x5c, + 0x7d, 0xc9, 0x39, 0xdb, 0x28, 0x8d, 0x28, 0xc2, 0x2b, 0xaa, 0xf9, 0x15, 0x91, 0x9b, 0x1a, 0xab, + 0xf4, 0x89, 0xc9, 0x38, 0x9c, 0xb9, 0x4a, 0x40, 0x70, 0x25, 0x6e, 0x08, 0x99, 0xd5, 0xe4, 0xb7, + 0x0b, 0x76, 0xb1, 0xca, 0x4b, 0x48, 0xc3, 0x22, 0x9f, 0x60, 0x2e, 0xbf, 0xc9, 0x5b, 0xa5, 0xe8, + 0x09, 0x70, 0xcc, 0xf4, 0xaf, 0xa6, 0x00, 0x26, 0x67, 0xbb, 0xc0, 0x0d, 0x9d, 0xe3, 0xcb, 0xb9, + 0x45, 0x8e, 0xed, 0xf6, 0x97, 0x8a, 0x0f, 0xba, 0xe8, 0x6e, 0x01, 0x50, 0xf0, 0xa2, 0x7d, 0xd8, + 0xae, 0x94, 0x61, 0x15, 0x87, 0x29, 0x04, 0x74, 0xeb, 0x7e, 0x63, 0x54, 0xd6, 0x85, 0xf5, 0x3c, + 0x25, 0x80, 0x11, 0xb3, 0x52, 0x0f, 0x52, 0xe9, 0x07, 0xbf, 0xe1, 0xe4, 0x0d, 0x93, 0x22, 0x21, + 0x08, 0x0a, 0xc2, 0x9f, 0xa5, 0x5a, 0x34, 0xa9, 0xa3, 0x5e, 0x30, 0x5c, 0x30, 0x0c, 0x06, 0x03, + 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, + 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0xfe, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, + 0x04, 0x14, 0x73, 0x8d, 0xab, 0x91, 0xcb, 0x62, 0x9a, 0xbb, 0x9f, 0x2d, 0xba, 0xe9, 0x5a, 0x2c, + 0xaf, 0x9b, 0x98, 0xc6, 0x4a, 0x31, 0x30, 0x20, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, + 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x04, 0x03, 0x04, 0x03, 0x81, 0x8c, 0x00, 0x30, 0x81, 0x88, 0x02, 0x42, 0x01, 0x17, 0xdf, + 0x1c, 0x3c, 0x39, 0xc7, 0xa4, 0xee, 0xb7, 0xa9, 0xdc, 0x04, 0x19, 0x8f, 0x75, 0xcb, 0x09, 0x83, + 0xca, 0x76, 0xef, 0xa0, 0xbd, 0xa9, 0x7a, 0xee, 0xc2, 0x1d, 0x63, 0xbc, 0xa5, 0x11, 0x41, 0x14, + 0x50, 0x89, 0xf5, 0x25, 0xdf, 0x13, 0xee, 0xed, 0xe4, 0xc2, 0x1c, 0xa6, 0x89, 0x72, 0x1b, 0x15, + 0xef, 0x30, 0x96, 0x22, 0xd3, 0x45, 0x4f, 0x76, 0xa7, 0xd1, 0x25, 0x39, 0x31, 0x3c, 0x03, 0x02, + 0x42, 0x00, 0x89, 0x29, 0xfd, 0x9d, 0x8f, 0xc2, 0x1f, 0xa6, 0x79, 0xd5, 0x82, 0x01, 0xa8, 0xe6, + 0xfb, 0xe4, 0xe1, 0xce, 0xff, 0x99, 0x4c, 0x1d, 0x67, 0xf5, 0xd4, 0xaf, 0x9e, 0x4d, 0x9e, 0x4e, + 0xc1, 0x35, 0xa3, 0xb5, 0x4b, 0x8e, 0x4e, 0x63, 0x8a, 0x81, 0x4e, 0xf3, 0xbf, 0xc7, 0x76, 0x9a, + 0xfb, 0xc4, 0xb9, 0xd5, 0x43, 0xae, 0x1b, 0xea, 0xca, 0xc9, 0x9a, 0xfc, 0x78, 0x7f, 0x1d, 0xc3, + 0xe9, 0x1c, 0x52, 0x30, 0x82, 0x02, 0x6b, 0x30, 0x82, 0x01, 0xce, 0xa0, 0x03, 0x02, 0x01, 0x02, + 0x02, 0x01, 0x03, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04, 0x30, + 0x2e, 0x31, 0x2c, 0x30, 0x2a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x23, 0x69, 0x6e, 0x74, 0x65, + 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x63, 0x65, 0x72, 0x74, 0x30, + 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x30, 0x39, 0x30, 0x35, 0x5a, + 0x17, 0x0d, 0x33, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x36, 0x30, 0x39, 0x30, 0x35, 0x5a, 0x30, + 0x2b, 0x31, 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x20, 0x69, 0x6e, 0x74, 0x65, + 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x20, 0x72, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x20, 0x63, 0x65, 0x72, 0x74, 0x30, 0x81, 0x9b, 0x30, + 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, + 0x23, 0x03, 0x81, 0x86, 0x00, 0x04, 0x00, 0xfa, 0x28, 0x99, 0xa3, 0x86, 0xe3, 0x51, 0x8c, 0xf2, + 0x06, 0x7e, 0xf1, 0x5b, 0xb9, 0x80, 0x42, 0x27, 0xd3, 0x6a, 0x0c, 0x16, 0x96, 0x78, 0xe4, 0x33, + 0x13, 0x03, 0xfd, 0xb4, 0x7b, 0x13, 0xf5, 0xc2, 0x82, 0xde, 0xa5, 0x32, 0xa6, 0xbd, 0xf3, 0x47, + 0x9a, 0xf0, 0x5e, 0x2d, 0x43, 0xf6, 0x5f, 0xda, 0x32, 0x14, 0x3b, 0xec, 0x23, 0xd6, 0xec, 0xe7, + 0xf2, 0xe8, 0x4b, 0xa3, 0xd8, 0xd4, 0xd7, 0xe6, 0x01, 0xb7, 0x90, 0x2a, 0x5c, 0xf5, 0x7a, 0xf6, + 0xb2, 0x64, 0x38, 0xa3, 0xfe, 0x71, 0x8b, 0xa4, 0x69, 0x35, 0x92, 0xed, 0xe3, 0x71, 0xec, 0x7c, + 0xfe, 0xc8, 0x4c, 0x95, 0x72, 0x87, 0xa2, 0xee, 0x9c, 0x9c, 0x30, 0x28, 0xec, 0x27, 0x10, 0x9b, + 0x22, 0xe1, 0xba, 0x60, 0x61, 0x5c, 0x03, 0x06, 0x9a, 0xa2, 0xec, 0x77, 0x39, 0x80, 0xda, 0x15, + 0x91, 0xf0, 0x2f, 0x1a, 0x8b, 0x30, 0x8c, 0x8f, 0xae, 0xbb, 0xa3, 0x81, 0x9c, 0x30, 0x81, 0x99, + 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0b, + 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x05, 0xe0, 0x30, 0x1d, 0x06, 0x03, 0x55, + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xb6, 0xdd, 0x84, 0x73, 0x20, 0x1e, 0x4b, 0xdf, 0x40, 0x25, + 0xa5, 0x23, 0x8a, 0x9f, 0xed, 0xe1, 0xbc, 0x3d, 0x1b, 0x09, 0x30, 0x31, 0x06, 0x03, 0x55, 0x1d, + 0x11, 0x04, 0x2a, 0x30, 0x28, 0xa0, 0x26, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1c, + 0x82, 0x12, 0x01, 0xa0, 0x18, 0x0c, 0x16, 0x41, 0x43, 0x4d, 0x45, 0x3a, 0x57, 0x49, 0x44, 0x47, + 0x45, 0x54, 0x3a, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x30, 0x2a, 0x06, + 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x20, 0x30, 0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, + 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, + 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x04, 0x03, 0x04, 0x03, 0x81, 0x8a, 0x00, 0x30, 0x81, 0x86, 0x02, 0x41, 0x06, 0xcc, + 0x48, 0x5e, 0xad, 0xb5, 0xa9, 0xb0, 0x7d, 0x5c, 0x57, 0x3a, 0x89, 0xe2, 0x17, 0x19, 0x6d, 0x3c, + 0x6c, 0xf7, 0x14, 0x4e, 0xb2, 0xc4, 0xeb, 0x60, 0x12, 0x0b, 0xb9, 0x74, 0x8d, 0xb7, 0xfa, 0xed, + 0xc1, 0xa2, 0x53, 0x5b, 0x4b, 0x37, 0x29, 0x22, 0x74, 0xe5, 0xfa, 0x74, 0x20, 0x87, 0x27, 0xc3, + 0xdd, 0x23, 0x5d, 0xfa, 0xbb, 0x9f, 0x9f, 0x87, 0xa1, 0xb5, 0x1a, 0xd0, 0xee, 0xde, 0xec, 0x02, + 0x41, 0x68, 0xd4, 0x74, 0xab, 0x88, 0xd0, 0xae, 0xb6, 0x82, 0x96, 0xfd, 0x76, 0x03, 0xc2, 0x05, + 0xc2, 0xda, 0xf8, 0x2d, 0x19, 0x20, 0xa7, 0xb9, 0xb0, 0x53, 0x97, 0xca, 0x3f, 0x69, 0x35, 0x4a, + 0xc9, 0x17, 0x7a, 0xe9, 0x19, 0xbb, 0x60, 0xba, 0xb7, 0x2a, 0xad, 0x58, 0x69, 0xf2, 0x4f, 0x45, + 0xf4, 0xf7, 0xb1, 0x36, 0xfd, 0x0d, 0x91, 0xbb, 0x5e, 0xdb, 0xff, 0x5b, 0xc6, 0x03, 0xaf, 0x26, + 0x14, 0x49, +}; +UINTN EccTestCertChain3Size = sizeof (EccTestCertChain3); diff --git a/DeviceSecurityTestPkg/Test/DeployCert/EccTestRootKey.c b/DeviceSecurityTestPkg/Test/DeployCert/EccTestRootKey.c new file mode 100644 index 00000000000..55b0bc8581c --- /dev/null +++ b/DeviceSecurityTestPkg/Test/DeployCert/EccTestRootKey.c @@ -0,0 +1,78 @@ +/** @file + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 EccTestRootKey[] = { + 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, + 0x54, 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0d, 0x0a, 0x4d, 0x49, 0x47, + 0x48, 0x41, 0x67, 0x45, 0x41, 0x4d, 0x42, 0x4d, 0x47, 0x42, 0x79, 0x71, 0x47, 0x53, 0x4d, 0x34, + 0x39, 0x41, 0x67, 0x45, 0x47, 0x43, 0x43, 0x71, 0x47, 0x53, 0x4d, 0x34, 0x39, 0x41, 0x77, 0x45, + 0x48, 0x42, 0x47, 0x30, 0x77, 0x61, 0x77, 0x49, 0x42, 0x41, 0x51, 0x51, 0x67, 0x41, 0x2b, 0x4c, + 0x62, 0x6d, 0x4a, 0x57, 0x58, 0x56, 0x30, 0x79, 0x6f, 0x7a, 0x58, 0x36, 0x2b, 0x0d, 0x0a, 0x6d, + 0x62, 0x54, 0x6c, 0x39, 0x67, 0x58, 0x42, 0x38, 0x43, 0x43, 0x33, 0x34, 0x30, 0x4d, 0x34, 0x44, + 0x7a, 0x79, 0x68, 0x39, 0x66, 0x6d, 0x2b, 0x79, 0x6d, 0x61, 0x68, 0x52, 0x41, 0x4e, 0x43, 0x41, + 0x41, 0x54, 0x62, 0x77, 0x72, 0x4b, 0x33, 0x67, 0x7a, 0x7a, 0x49, 0x68, 0x65, 0x51, 0x39, 0x34, + 0x66, 0x4f, 0x36, 0x34, 0x76, 0x4b, 0x51, 0x6a, 0x6a, 0x41, 0x6c, 0x46, 0x4f, 0x48, 0x33, 0x0d, + 0x0a, 0x71, 0x59, 0x49, 0x70, 0x32, 0x35, 0x31, 0x32, 0x4c, 0x34, 0x41, 0x52, 0x4d, 0x75, 0x36, + 0x72, 0x34, 0x6d, 0x6a, 0x52, 0x49, 0x75, 0x65, 0x39, 0x74, 0x48, 0x45, 0x6e, 0x79, 0x48, 0x6e, + 0x37, 0x33, 0x48, 0x79, 0x65, 0x4d, 0x36, 0x5a, 0x6e, 0x77, 0x68, 0x42, 0x48, 0x4e, 0x6a, 0x4c, + 0x46, 0x6f, 0x61, 0x70, 0x72, 0x4b, 0x36, 0x72, 0x4a, 0x0d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, + 0x45, 0x4e, 0x44, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, + 0x2d, 0x2d, 0x2d, 0x2d, 0x0d, 0x0a, +}; +UINTN EccTestRootKeySize = sizeof (EccTestRootKey); + +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 EccTestRootKey2[] = { + 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, + 0x54, 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0d, 0x0a, 0x4d, 0x49, 0x47, + 0x32, 0x41, 0x67, 0x45, 0x41, 0x4d, 0x42, 0x41, 0x47, 0x42, 0x79, 0x71, 0x47, 0x53, 0x4d, 0x34, + 0x39, 0x41, 0x67, 0x45, 0x47, 0x42, 0x53, 0x75, 0x42, 0x42, 0x41, 0x41, 0x69, 0x42, 0x49, 0x47, + 0x65, 0x4d, 0x49, 0x47, 0x62, 0x41, 0x67, 0x45, 0x42, 0x42, 0x44, 0x41, 0x30, 0x2b, 0x54, 0x77, + 0x35, 0x6e, 0x43, 0x36, 0x34, 0x6c, 0x34, 0x51, 0x43, 0x6a, 0x4f, 0x57, 0x63, 0x0d, 0x0a, 0x79, + 0x2b, 0x48, 0x4f, 0x36, 0x52, 0x58, 0x51, 0x31, 0x4b, 0x77, 0x62, 0x4c, 0x74, 0x34, 0x63, 0x67, + 0x74, 0x4e, 0x6d, 0x4c, 0x68, 0x72, 0x4b, 0x33, 0x4b, 0x37, 0x64, 0x65, 0x7a, 0x38, 0x34, 0x59, + 0x56, 0x67, 0x42, 0x34, 0x51, 0x33, 0x74, 0x66, 0x7a, 0x55, 0x44, 0x70, 0x4b, 0x4b, 0x68, 0x5a, + 0x41, 0x4e, 0x69, 0x41, 0x41, 0x53, 0x4d, 0x2b, 0x49, 0x53, 0x64, 0x45, 0x51, 0x64, 0x4a, 0x0d, + 0x0a, 0x79, 0x68, 0x7a, 0x51, 0x74, 0x52, 0x47, 0x38, 0x34, 0x30, 0x38, 0x34, 0x50, 0x50, 0x44, + 0x46, 0x6a, 0x58, 0x4e, 0x61, 0x70, 0x32, 0x4e, 0x2b, 0x58, 0x32, 0x4a, 0x67, 0x66, 0x78, 0x42, + 0x44, 0x4e, 0x4d, 0x68, 0x50, 0x4c, 0x4c, 0x78, 0x77, 0x6a, 0x30, 0x32, 0x69, 0x2f, 0x55, 0x34, + 0x44, 0x69, 0x52, 0x5a, 0x4a, 0x79, 0x6b, 0x42, 0x71, 0x6b, 0x52, 0x67, 0x4a, 0x66, 0x79, 0x66, + 0x76, 0x0d, 0x0a, 0x35, 0x4b, 0x59, 0x6d, 0x47, 0x76, 0x33, 0x55, 0x30, 0x56, 0x66, 0x62, 0x57, + 0x78, 0x74, 0x31, 0x42, 0x66, 0x6b, 0x56, 0x6e, 0x54, 0x4d, 0x30, 0x76, 0x70, 0x43, 0x33, 0x58, + 0x74, 0x63, 0x46, 0x75, 0x58, 0x4f, 0x46, 0x48, 0x6b, 0x72, 0x54, 0x41, 0x46, 0x74, 0x39, 0x45, + 0x47, 0x69, 0x2f, 0x54, 0x38, 0x72, 0x6d, 0x4f, 0x45, 0x77, 0x3d, 0x0d, 0x0a, 0x2d, 0x2d, 0x2d, + 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, 0x45, + 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0d, 0x0a, +}; +UINTN EccTestRootKey2Size = sizeof (EccTestRootKey2); + +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 EccTestRootKey3[] = { + 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, + 0x54, 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0d, 0x0a, 0x4d, 0x49, 0x48, + 0x75, 0x41, 0x67, 0x45, 0x41, 0x4d, 0x42, 0x41, 0x47, 0x42, 0x79, 0x71, 0x47, 0x53, 0x4d, 0x34, + 0x39, 0x41, 0x67, 0x45, 0x47, 0x42, 0x53, 0x75, 0x42, 0x42, 0x41, 0x41, 0x6a, 0x42, 0x49, 0x48, + 0x57, 0x4d, 0x49, 0x48, 0x54, 0x41, 0x67, 0x45, 0x42, 0x42, 0x45, 0x49, 0x42, 0x70, 0x45, 0x38, + 0x31, 0x72, 0x51, 0x57, 0x34, 0x34, 0x4d, 0x30, 0x57, 0x37, 0x4e, 0x31, 0x67, 0x0d, 0x0a, 0x46, + 0x63, 0x73, 0x70, 0x32, 0x61, 0x34, 0x47, 0x56, 0x6d, 0x79, 0x6c, 0x6f, 0x73, 0x55, 0x30, 0x79, + 0x66, 0x53, 0x32, 0x50, 0x38, 0x36, 0x4c, 0x6b, 0x48, 0x72, 0x70, 0x37, 0x54, 0x6d, 0x72, 0x2f, + 0x75, 0x54, 0x36, 0x6a, 0x44, 0x54, 0x42, 0x74, 0x42, 0x37, 0x42, 0x66, 0x46, 0x67, 0x4b, 0x4d, + 0x70, 0x43, 0x44, 0x47, 0x42, 0x75, 0x59, 0x31, 0x54, 0x52, 0x4f, 0x54, 0x79, 0x34, 0x50, 0x0d, + 0x0a, 0x47, 0x67, 0x44, 0x2b, 0x73, 0x73, 0x47, 0x68, 0x67, 0x59, 0x6b, 0x44, 0x67, 0x59, 0x59, + 0x41, 0x42, 0x41, 0x44, 0x36, 0x4b, 0x4a, 0x6d, 0x6a, 0x68, 0x75, 0x4e, 0x52, 0x6a, 0x50, 0x49, + 0x47, 0x66, 0x76, 0x46, 0x62, 0x75, 0x59, 0x42, 0x43, 0x4a, 0x39, 0x4e, 0x71, 0x44, 0x42, 0x61, + 0x57, 0x65, 0x4f, 0x51, 0x7a, 0x45, 0x77, 0x50, 0x39, 0x74, 0x48, 0x73, 0x54, 0x39, 0x63, 0x4b, + 0x43, 0x0d, 0x0a, 0x33, 0x71, 0x55, 0x79, 0x70, 0x72, 0x33, 0x7a, 0x52, 0x35, 0x72, 0x77, 0x58, + 0x69, 0x31, 0x44, 0x39, 0x6c, 0x2f, 0x61, 0x4d, 0x68, 0x51, 0x37, 0x37, 0x43, 0x50, 0x57, 0x37, + 0x4f, 0x66, 0x79, 0x36, 0x45, 0x75, 0x6a, 0x32, 0x4e, 0x54, 0x58, 0x35, 0x67, 0x47, 0x33, 0x6b, + 0x43, 0x70, 0x63, 0x39, 0x58, 0x72, 0x32, 0x73, 0x6d, 0x51, 0x34, 0x6f, 0x2f, 0x35, 0x78, 0x69, + 0x36, 0x52, 0x70, 0x0d, 0x0a, 0x4e, 0x5a, 0x4c, 0x74, 0x34, 0x33, 0x48, 0x73, 0x66, 0x50, 0x37, + 0x49, 0x54, 0x4a, 0x56, 0x79, 0x68, 0x36, 0x4c, 0x75, 0x6e, 0x4a, 0x77, 0x77, 0x4b, 0x4f, 0x77, + 0x6e, 0x45, 0x4a, 0x73, 0x69, 0x34, 0x62, 0x70, 0x67, 0x59, 0x56, 0x77, 0x44, 0x42, 0x70, 0x71, + 0x69, 0x37, 0x48, 0x63, 0x35, 0x67, 0x4e, 0x6f, 0x56, 0x6b, 0x66, 0x41, 0x76, 0x47, 0x6f, 0x73, + 0x77, 0x6a, 0x49, 0x2b, 0x75, 0x0d, 0x0a, 0x75, 0x77, 0x3d, 0x3d, 0x0d, 0x0a, 0x2d, 0x2d, 0x2d, + 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, 0x45, + 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0d, 0x0a, +}; +UINTN EccTestRootKey3Size = sizeof (EccTestRootKey3); diff --git a/DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestCertChain2.der b/DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestCertChain2.der new file mode 100644 index 0000000000000000000000000000000000000000..612513582fce915cca89a0195f6603856f905c08 GIT binary patch literal 1493 zcmXqLV!U9`#2B`KnTe5!Nrd5)zU7NwVt+T7@U#Z>$Fe`l^Dr^sV&l+i^EhYA!pv+S zZzyXZ&Bh$c!ptL*nOBmUqfnAsT%zFW9AIQ>rr_*oAScdiWMp7yU}|7yU}0<=CC+OM z;u=G_gbgS&5MW~m+sDMn#;V=O!l1;Q#K1C1|MK4Mgx%lco;0Y62)OrDu5J45Xmw<* zC`weYQ~f#9vdPbD z*W`<<<?p6pG$b+PnStJa^8n7$i2PqI{Wc<&^q zvMUIOKWYS;phlocl!2b1j)4{=1t?>t0FX#gZfZ(qVo9n(a%xeD0gm_-S|6}~{qGaZ z%8u&4-oG(DvToYxFYA7nL}Y*MPq5G^PwDpq{i3PleTB)TOF7<-}R!+f)fqt z|GnqGU=-&#?IW&y=mYzcv*v2^9hdy8ZIDrRJ{_EMkU!q*M3&*RcZ=f;Vhnh|@d1kr zZV->3g$0<@{~<-S)1J4xE=FbCFLeB|l+Wzc*ZV;MoCXRYwW^?)6f+QEJ@h-$qeNuSx-%`&GK8Syy^0RSs5MYW=75p zm6+yxS;jhu$v}qVUSfUp@)OzXd*^<&IvDaaUh#Nl`0eB)uAFJB3sxW4zv)0$ec-JZ z>n0y@Huhp)V$j5-1dQ4h(5Pibb_K~XLnx-T4K)qaAu+9h8Pi3n#Rd6!DXB$xqq*lt z%UnTr&r>oNwhHcf>~CT7;b?Dh)bixI_@sn-0cVpF{yKXK`h6Gu^<(Z7^E~B{HBo}I zUj6-(WolA?uUrhj9W7nT`crhSvB|y(+vBdY?ksMV^SaCsT`Q2W-~ZGz3!lY}a|{}1 zLL(X!T}%cH28f7eeSj3vvhTb(&70nqPbysQXS3F5?T+t#vkeSE5iQ7~WuUP@jg1Q! z&n%41GEG8^3nX~N9G!h#t-?KB++9Pg42_IUOwG(KEDgY^ACfi{4CLS`0x504#W<1U z2a-w*IC*DOUAs8T*;Q`$L2hNeC0znWw;y)yyOkAars5&5pSCFb_Uei_ub6PNdFzTA z@^pbkM%&e^IocC`+iq*gn0$HfjX%68E<2(Lb6u>ux9Um Ia84~B048keGXMYp literal 0 HcmV?d00001 diff --git a/DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestCertChain3.der b/DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestCertChain3.der new file mode 100644 index 0000000000000000000000000000000000000000..e4ca1d6339af45eb395c2786ebb875a4d266409a GIT binary patch literal 1714 zcmXqLVv;myVys!f%*4pVB*He?yXcU+aczvtnue>_x+O$h-!>a?v2kd%d7QIlVP-Lq zHUoG4lpt`Q*d@PkQ3)MGBPkUFf}kUurx4<66ZAr zagCu|!Uisx5q zuL(zH8@F^yrEB zjnxI6>F?$>v`;%eVR5iQpn)vV|FV26Vk{!l<5zzD@@3-hhPUU}YR|ne(=X~{zJWYQ zTA4+{K&%0~0)CJJVMfOPEUX61Kngj4nH#$p3>w>*9Qi98@B5XkepCfvGT-J>-)^bTx4eOrpdAlpJL@_yX zw%0qRJy6eCH&rHT{G!E)C&n)FXtO+(8Qz!OdQRS#KFjj>`=lHNhl@g8R{5lL6VX(W>Nx)6y>I- zWG0rRDkP^Cl^Ebm7z}IgrF{SYAgtkTW=!o#%i9{g8i%x3{S=)zTWa-}&XX2%c6vD! zsOE9Zy!vE2ciF~M-X4dQ<|pXwKN-FB1!uvTFYA{vsHN{dz&rQx>7A~9Z@*3N;@|Zm zk1^oGqS_nlrX-5CYqFHQu1gNN*80^(wLx%m5P#51_Wci^@J?1zWt7hP*)xuL85$^n)T)A#gqVQ{ z8;3RV4sNZ=W2JS=L!3E&ASIn$l%g|FY#5RV@u|n3H ztnz9TsnN2%pWSDD zh|_ic7Jth~#QKf$wKvZ{z3^Uq<<3SV7MFzJuyg<*xZ}AMUZ0<}@$_r5QmMEdz}OYHVD!xIltO%+cA`)hgW6#oaZ;%FxKz#MI2(!qNbo-5|+K!9Wh4xR8<=T#OSr7U6{w z+Zm6zwOdzisErA?>U<~DSru{8rKE!(H)(>4th2=Xp1W!L@pK0oK oQoQP=~tTx=X#Z64=rS(up&Tn)JmIN6v(S=fY` z977F-4Fo|P4j!)H{M=OC;F83WR6|7rd5|C%kA!DlNorAEYKcO4W=eWyNwGpeNu`2M zNs57-IIod`fsv89p^<@+p+S^5uQ7;g0_9T6nn(j-Hg>SvnHZs-U}j`zc4A-=T*8*R ztun7@+YQc^No|6h_g-D#N%+|HzvkY#H|)EX?zk%cG|5=EW8@w- zkuVTzz^;G?q+ghY)qt6i@jr4fGkY=^xG^a*%+z;&eaA2O_`$tzr`}n2x%AhO?@JOH z!q0tvp#1HFWByj4lF!ox*%Aego4)*E9r@;K;DTi-c@JHVKU{QfLjAh6UsnDC0C^dp A8UO$Q literal 0 HcmV?d00001 diff --git a/DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestRoot.crt b/DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestRoot.crt new file mode 100644 index 00000000000..28a7b371aa6 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestRoot.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB0jCCAXegAwIBAgIJAMwQRVCvUBviMAoGCCqGSM49BAMCMEUxCzAJBgNVBAYT +AkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRn +aXRzIFB0eSBMdGQwHhcNMjAwMjI3MTIwMjEwWhcNMzAwMjI0MTIwMjEwWjBFMQsw +CQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJu +ZXQgV2lkZ2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEaQG +ZbZ5bnK22AmEkoYRCd7q0Axg8Yr/fN7O7Ae6pbjVF+ViMy2IsZrm8wlDDqn3POkg +ur2xPAOJHir/bgj/LqNQME4wHQYDVR0OBBYEFGLm2aDuOBiD+uPtRKQ3/UoE3+HV +MB8GA1UdIwQYMBaAFGLm2aDuOBiD+uPtRKQ3/UoE3+HVMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDSQAwRgIhAJkvQ+vcTlPHwb3tldyu03X6xPekYQBXzvPgI/bw +QW+1AiEA85cRBmEQxzXp+DtZ7PVRoKZkbuFEx+GizpB/rq30qfo= +-----END CERTIFICATE----- diff --git a/DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestRoot.key b/DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestRoot.key new file mode 100644 index 00000000000..b2ad12ec789 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestRoot.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIMJTiu4VTTWhxKbQexn0CXAw3DWkoxywkzFPb2HhZnZRoAoGCCqGSM49 +AwEHoUQDQgAEEaQGZbZ5bnK22AmEkoYRCd7q0Axg8Yr/fN7O7Ae6pbjVF+ViMy2I +sZrm8wlDDqn3POkgur2xPAOJHir/bgj/Lg== +-----END EC PRIVATE KEY----- diff --git a/DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestRootCer2.der b/DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestRootCer2.der new file mode 100644 index 0000000000000000000000000000000000000000..a22856bf185e4e84b011222e38c900021f04c25e GIT binary patch literal 468 zcmXqLV!U9`#2B`KnTe5!Nrd5)zU7NwVt+T7@U#Z>$Fe`l^Dr^sV&l+i^EhYA!pv+S zZzyXZ&Bh$c!ptL*nOBmUqfnAsT%zFW9AIQ>rr_*oAScdiWMp7yU}|7yU}0<=CC+OM z;u=G_gbgS&5MW~m+sDMn#;V=O!l1;Q#K1C1|MK4Mgx%lco;0Y62)OrDu5J45Xmw<* zC`weYQ~f#9vdPbD z*W`<<<?p6pG$b+PnStJa^8n7$i2PqI{Wc<&_x+O$h-!>a?v2kd%d7QIlVP-Lq zHUoG4lpt`Q*d@PkQ3)MGBPkUFf}kUurx4<66ZAr zagCu|!Uisx5q zuL(zH8@F^yrEB zjnxI6>F?$>v`;%eVR5iQpn)vV|FV26Vk{!l<5zzD@@3-hhPUU}YR|ne(=X~{zJWYQ zTA4+{K&%0~0)CJJVMfOPEUX61Kngj4nH#$p3>w>*9Qi98@B5XkepCfvGT-J>-)^bTx4eOrpdAlpJL@_yX zw%0qRJy6eCH&rHT{G!E)C&n)FXtNx07%Z#)&Kwi literal 0 HcmV?d00001 diff --git a/DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestRootKey2.key b/DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestRootKey2.key new file mode 100644 index 00000000000..d1b8c13a131 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestRootKey2.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDA0+Tw5nC64l4QCjOWc +y+HO6RXQ1KwbLt4cgtNmLhrK3K7dez84YVgB4Q3tfzUDpKKhZANiAASM+ISdEQdJ +yhzQtRG84084PPDFjXNap2N+X2JgfxBDNMhPLLxwj02i/U4DiRZJykBqkRgJfyfv +5KYmGv3U0VfbWxt1BfkVnTM0vpC3XtcFuXOFHkrTAFt9EGi/T8rmOEw= +-----END PRIVATE KEY----- diff --git a/DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestRootKey3.key b/DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestRootKey3.key new file mode 100644 index 00000000000..d2e81f5acbb --- /dev/null +++ b/DeviceSecurityTestPkg/Test/DeployCert/Key/EccTestRootKey3.key @@ -0,0 +1,8 @@ +-----BEGIN PRIVATE KEY----- +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBpE81rQW44M0W7N1g +Fcsp2a4GVmylosU0yfS2P86LkHrp7Tmr/uT6jDTBtB7BfFgKMpCDGBuY1TROTy4P +GgD+ssGhgYkDgYYABAD6KJmjhuNRjPIGfvFbuYBCJ9NqDBaWeOQzEwP9tHsT9cKC +3qUypr3zR5rwXi1D9l/aMhQ77CPW7Ofy6Euj2NTX5gG3kCpc9Xr2smQ4o/5xi6Rp +NZLt43HsfP7ITJVyh6LunJwwKOwnEJsi4bpgYVwDBpqi7Hc5gNoVkfAvGoswjI+u +uw== +-----END PRIVATE KEY----- diff --git a/DeviceSecurityTestPkg/Test/DeployCert/Key/TestCertChain2.der b/DeviceSecurityTestPkg/Test/DeployCert/Key/TestCertChain2.der new file mode 100644 index 0000000000000000000000000000000000000000..9ef23a7fed13396bd60fd147f00a5826b82d3dd9 GIT binary patch literal 2480 zcmb8wc{o%H9|!O`vnX2_LK1_Kv7|F&C=}V((O9zAB}PKX$QEfvQG{Gu_N18PDkNLV zw`~5!WfK=EXkO~EE!=L~Z$_Js} zwbMQNT0P}_7(2yv&ozUX*#VG~g;ge8KYWoB0N4=_P#7x&3bMdXz+oIbXFYvM9w=WD z*%xJIu7T3h07V2iaX3&Bhr{9&6czBc0-OrWh*ka(|KVvWAini=00IJ|0$dP~3a~+` z005z#%b8D`OILgJ(##AyLEy-AG?Q0tW%aq_HnIGYlG!uoT_aAT5vATyP6^h69!d0) zp#zgAmKUbu3tCj=Drt*e9Rd`h{BQ>6m!>T7m>@*=MVR}`$kaR0EI4H~H|x1qE=|MH zpEWZs03{}cW)gkfqxg2KTb~askCyHT%mxJUiT1tdhI>&5BSNcZftDLxQ|X8Usr-H) zJ4RI@CdSYs1t0ZFm8cGE+SR(T1s^INmud?g%*6;~x3!8yS+1x;d;Daxc@~`u*Yl1% zz!8Y2CFx}uHRY*oe8lwyXW~rayi=M7_^RtSDg1)w{P9*=Os#Z~)xI%vOyfgpyC;P0m7Jvt!-ycnb~##66Jt1ujg!<@GCLQF7eT;4^cR3(O)=vvXkvWck1cWf$2};_Gs*!_+l2?G_!xN zSPas@j-UL3;uJrfszJG=Y2dFq;ID zH}`T1r~XL&J$c^JRc|%@Fe^t@t~dgt0{M564WDMRb1E9mbC~ARq2t&EcjWbU70Eut()kjq@DJh9DRHrnS7_rgP23<-~C0zFl6Aa zrV_&(jfigS)UdTMVh5=(6cfkJO&kEQtw;Z`%UdKUD&w(RBz%vcELIwn+H{24=4d1O zoFh4(b@U~noJc;tOaT8K#y!!_PBXbOS9H6rldX;U)ElT_{Ve*>K=!Be+{HahQknT0(8sN#5uu*=ipa5>Q zwgv?evpr4rz{JAK+NyUum zUwLZhztEqK4_11qpR&1qC}Ne(o)X$PJYoMZ3OSEcS!qUTKIt^mjB98_3lP5u#FTIOB9lsebS5iL z*fX7$I^u3@*Ag8-S#*iG-{{)+wa7BEKKt6)D@-HqOe5w$jKH?_=>OaDUt|`Slgz$tWPC_uZ!b@0lF$F@9y|-l8j?8|vqP9><9I>VJ+oct| z9feX=tJ_q7bygKSoW*Wcmu8zuxP zkPq|f>`SKJH>;v#gJNthM5?)e+w?+72Pr8(#BA(66oi1k#2|*Yh}oUPd-3&}o2!y2 z=i5tG0#uC}_Iwb#A%+Jo17dFPXJKQ4fdgT}R3va)kb_@Ci=d-oWuUF6W1+(Q`QsIp z4jonoL7AV(P@u?9T3e9)yvDk1mA-Skbya|#T2{qJZ0p4}PAz$l`%!Ign%XUWDjH08 zNvz&8k(M=eEFnYw9nD(Lu6-yS-y;3+>8^`sr_xU7+Slxe_!OSN%X(j|Qsbt3(WP#x zI84jfIFKtM&1J@ZmVY|lxnnOa)*yU?_z_VU= zdBg0Hfn4kN7%bO*|E-uf4R_&~!m*Gh?WC^(v8?>P Zl+pu1+#v^j3e?M;13GJT**MVHe*wM7*uMY( literal 0 HcmV?d00001 diff --git a/DeviceSecurityTestPkg/Test/DeployCert/Key/TestCertChain3.der b/DeviceSecurityTestPkg/Test/DeployCert/Key/TestCertChain3.der new file mode 100644 index 0000000000000000000000000000000000000000..7733b985cb5e4c00e0e2a3915da787caac4dd25d GIT binary patch literal 3632 zcmb8wcR1B=9|v&Xvp6_pk8tc+e9c2f$=(^~XC_;+j^jiK*`#A-6EYH6*+sIIWMwNU zp;Do2;o;Zs*VEJWT-Wb;{<`naeShxj^UwQw-C!u31q_7(c~A%dfzTshXZwnlO{6aQ z*|hK%NXcKbW*z}i2&8bNX5=Oc04U)kAe%TV$c%tuVNgmM7Y~A?8z;fho4{#gtjwvR z4014`BqTs_P#TmG7nhc{U_wbAm6Csz|L{5#!u{(w08Ro8g;0}#p%8LNC5;7z1;ad6U1W1 z)6_|wu$)1o1&zC%Q9*PR5o4ikjcCpnf);tjbFM07Vk%(A0GPOPf9j&6)3A+-?c3!SzxBXQmgY zY69jnPLoNcjZN9fm?^En|O3AhGDg8k^LE6 zxgRpU?1~d%J)=}T(acU3{`L*J&Rji0H|A~ZQ&gXo6La#13I?7ZONlUZLOl@JVfX8p zI*~XN3y@~STp{;aqj?Il-Z6iOR<3bcuI;eEFG_3|c338pRTA2<_RHlo=X!@4>tmEs zza^Qy0#Bf-vI}Fft!_7s%dy{qSANC69dFH@pURz-Yl$ye(h=;%O|r)u2+j6Z*hD$y z7@*JaJEkn%vkT(<8X085X@bty#(4Hpkfx?i70XW;vo4vKr64C8s@_1L00~fF3>t#$ zhY4h-f-%DAImGxVU~sSN^UP=|f=4HY1Kv~vqK~e5V9X%nwg28gebhh)00%HQ2t8bW zjoo3&4`TKGdT}B)lq+HhJ0~;&Hush(v!gJUMxz~8z=iaE}UZ@^%YX-iUVDhVf}IMPG7BV^v!ycZ)+KHIm%|Tk)wb`t{vY1 zXll?_l_z|A?@&9cx^ z%zcaf18rRQMj@H$nQ_15U^O)i)_99sblMM=hRqtPRbqy>{MRVQPU7`tQbf4~u8Uk|BK= z>(;gfjmrp^OD6A}$09{BV@>H%E_3yt|`=i!H&C)7}wJ z07HTNU#I^GBM^TGBXAuO3WSi9($Iz{ay3*EBaSyg`N?$G-*A%mvYnfou0VJ=T)x)~ z8ALp&VYJcC(Yg%vU0k`>T7?sH?cgOXY|d{zYoFK39hG%$_FM&g@coEMoNvXa^B+H}{b2DNRBFPkz>6s}D!on10tmV(PAZ_-k>_IMySR1w{z z&xRZP_T_u;TrI!gfV7Yg=?${1)Do+?ErZyy*{Tk@-aM*5=+$_X&DuKE?g|h@l4E6E z63>)B4|Xx?ifK`+(6wza2Mt8|Z!7!xAxfWnU2|$@;}Fr2G7i~&7*q31)qdUalxSgk z1x9%U*-T}114+G3Z(oKmcLb@ zII5^&u*2_l{};2^hHGn<>0~ND7iNCKjQ2uqwHWar=TR@;5lM_7J%UUG0l?v;P~hhd z@@oSAHY(ods&c_yyvz6Nk}BhyH`*$XBS1}KTPkUYC9;|!QgdU&ia|<6f;>U32(fnd zPAeEI{T|QfW47t~5y$VdmbJe{8HtW!*C+V4TclD4yD+IOn0T~cUa*evKj%ezYd@HF z;ds{@w1XQU4~p}$Ug;a{qb2gHlU6@Dh_f~;(A6gkr?ogHp40HLLSV{XFif~yeMMra zdWEveH3r+wYrdz)iKPgRQVn)!><~_xY`)u=`pBet);X}B&qE|*X3R5fA;+6TFn}93 zQb6Wmyno3p%a zm{hf#*4Qq5`Q~Y&3Ot7Ayy|14Nx!7knaaxB#@4K|b-4kFlP-wbz_Vp^XL-s}^;vQF z;y}jc((o!OE)5nHK;M>b3se~`&AKWtrcGpU6HZ5$__aI})Ml4ZG zX3@MI*}UpudEYX_!bSr;rCS>pt~zBEwPb02+TnZm11dKb?UIHLokpXLipM~{A=Bk< z&Vg#k*DX3-JYJ#5?$jVlNJKFSYjfqoh!7T|U+BHxv*3PnBG{WWq3VjKq~g+=;ZEAy zmQCbJ>qDasE;x=H&`_RkWleJsR1Imzt*=UF)EJE#<*lRUBYZ9m5QGx++aEITRv#MW zdT7*(zl?(ZmXZHYnSUZnP@Es+{XrJ{Z)D*ey>Xr%4vzT$&8woOrJnrGAsj9CE+8Bb zpQFF-G(6i>_ZV*;wg1ul%eUoVZ0uwmq_KjjUJNChs6FiEq;R}a_;WU+*7oXpK#^&o zk~FU_oZ;8yzNIy5ykE|tO>d87^jA8HYh#B6k(J14sbA)3m zpC7}xLO*XgJ`v3ojrb~6_gGOSr|-)qj&@Or*r(u%NtuO23q)LhMe9Z7mToph=Kci+ zNw?cumArB?o@`vGgg8Rez+1C+r7BkcktOWraUbFO=Z>tiCf?)~)H@rAvO9bSBEwT@ zG7b{CZhTJJ3pYC5w{NxZUmYmZ-HUv8#ShKo&38d0NB;W;qc*98=UbEPW+`x#E4B)u zJ-^qr(AT~6!>f>NFeKwIv5wqygh9bPegyd;STG=rEtD3>W2R(OR?$;CWvZpBp=NSQTtZSxS_UI42ZF*sk>dn8 ze$w^}azD?IzeO2(^v@y7-AZ&C@6W6=CB#1?89pVup<|Qih)x|sYd86`lLPE8iiFf< zTNUNf{gMoPl7pDN3ui}p=R)N7+}HQg7$SjUSF+ye)Bd!4>@uoBD}F}3WhQP$EIK>#V}7PIJnw|Q+@9ZpNQYWk}s!x zO7L)uzF~U~PDgCYBP+HxkiTh@MMwz~yOK0#TpoVabk?(&s$Z!{z(En8PBMr?ykK%| zx8`4E)7<~VB4t}(ZqROE#bp2d&Ce-f^sPKVvT=g-Nrk#qHq-Yj1=w-e*v-~)Tbh;I z7W~n1Z3;0v+#sB~S literal 0 HcmV?d00001 diff --git a/DeviceSecurityTestPkg/Test/DeployCert/Key/TestCertChain4.der b/DeviceSecurityTestPkg/Test/DeployCert/Key/TestCertChain4.der new file mode 100644 index 0000000000000000000000000000000000000000..d0eb588a1bf032dac9626c83583a9546b107a7a3 GIT binary patch literal 3760 zcmb8xWmHt_8VB$xLb~g!bc^hvQ@|OHlysNC3@K8Agn%$~$^ijIx)g^l>29P%N{d4v^ws;tN#@Js<^xN%26yWjGVSfDhG!K}jg>o!qS*S=_DfyR&HPD6k+D zfUESRLP7u>5Cz2GLPFxk^rXTUrSPBSKm3h>u>Cv^j0b{ZAmktb10jN7AYjml@G&?k zgkOSj(bQ09@^c7H+~VDQX%xBVXuJrLJ)}f$UcA-PYKQB|V2DZMn#o8{^o$PUVa@u6 zKpq0wz-+;j2pmk_V{W~cAAZex4E8W50pnlFXrHNJ#uM2{0V8kEEZ{L3yH{*k*#3A} z`563RP(Qq9Hii&;i$^q0*-IlYzRwmXz~0{$Ek-o9;dE-EezFn>_HLQ$DI2KuNzbJ! z-?*t*(ZB3mfItoCEFa!i*>^h3wOLqsfcSQBx!crG>bc{S;n_QW6T4;tx9XE!4in%| z*6@v1ivUTeKnYulBQWAMSAM-S6X#PlyXLwq(_Z{le5hZ^S*edJbKe1XBMWtq(DE9Y z;i}biMJM?=^`;Bh%ta;=%DQA#iCan~zQm(+$b1xOIXuc4;k@L&_UysTT6$#mGFCAR zYtTm+NHH@JyxP5Ika?sxLdJv*Luo`C^9ylJO|kc-T)&afv-yZa43^?eRNJj0aQw6$ zT^nJY)2Qy*3#!VBwOZ$IJ8ajakgYfpE*=t`rxU#8lHaSxkwr3Q)G4Fl&^}O`zbY}O z?Md$_6}4!Ia<#o=!%;^!?W|GevOo8&Bt)iD%AfRMd_#|HN5>v$-QV1TG$MJQi?7`c zF?G|Ju+lGJQ0VEFev(bRf!yvLfjSx`2d(Dnv@?)EWj5!lM1E9 zy>2`bai}F%YC5k%AjUKHtTp^L|GWj#*@t*Ugr3OaE!nua&Mv!Z-=$=;FFKf))w(rI zXD9#z%RHwi{0EL;@Glwp2h090p~T-MlrRSP;k*F%4@X&karB~eyJwBIw{*8=L0P-G z0~m1j&(r^a5&ZZZMsOqq0}ceGHZ!RD)@zsS!)s6dPyzN{rHzUYtvcE4Tvu$IM&lG% zukyUVv16%>U!l%K#6nwY)mZP7Vkgd`n=v$U3AX+GdN8_K)p{%Et`r}Hy?>iJij?g2 zQ>v82Jc%K**v+&vKgMb#f9yI<*LIY{mU_43Xd9xVRuqu0mUcSgQf6r0<+Gtv=9F%g z#oE-ztGxt&a-QC-kUCjr(5gxnhj^@jHxYRkVXSPiTM6YOH%5?UO z1|{tv-_@QXe^+qS>9yl?+nDkDb|a%gmzSsY$0++2{jTI!x5cpWjT##X zqjq|%j3qcfB0s9h^Nhp#_iG6zfnl0RVi zk1E6$6*&xce!PDF$t;o#$7*aBa@5NL=U{)7RyvKK7YA4_dO0shq628~3HkBCcz6U* z@Lz9`pA+yOqsr{7(9+{wl~~rucX+g1oPx!wud}SM;`DSvjc&Ix*}eYjhO+Fq+ZfBf!k_Zk}Cp)E+Weq$3x~oL( zyYNCKFgGoW1)Z$M5II6eQE^bmob~=p!JgHzCFzC0QBTwCr`6XgH|3lMJ@t)Wa2v0U z1i9Nipv|zSNlav?k4_lXCtZj>J}3;w9Wu*|S?2kK<&1i{t`nW*(i^$FSF2#1?A0OG zfF`=7Var~fDRH2h<`)=tzqz5Sj>?yl*(1g)m!{{ov&Uy3Gbvmyr&8+pH$$@qXQ57H za4%yiPXfCSa^zhaw1j&SgPDjEWK-7As;vl$kG3n3!82ERSUeAb<53PT&W6d!G6{Zm z6+XGkBTX8*d4{XxgLKxbsK+@?P25mrAs69A@Tv+5J=!{^85plKGhDO|)_Hhm=D6it z0NDEZ1y1KrqoBWJJbYc0yab{pr;|T;$$0 zQV_ARBh?)R`q)dJge25859(J9h%mSKmfcj9R@(#+Yha4PBlBbOuLYWOIn?}xlI|^z zQP;H>o*yiYeY}#^e0pci4$rDSP@CQRs|n)d=<=86UznB>CrWZYeMG}&d#_C}zMAsr zwI8Idd@Mas_D#Z+z>Qp@6p76vrYiSgENNhVHDArfe|bo$@GGL`h;@$^&Nt02`#nqy zk<%JBEjLF-x7Crf^Kr(i%x^umkrNeL=hyQdzPM(f%~LEcq0nzGAoC{Xq{Do1IOh7M z)A#h+UG6youMN=YlFOy?tj;y1`8xGS9!npbv$-m4QsLtjxb2`gaf`WSMT#f6Z|zDR zlIzkxfKxtEL_KvrG3s@cY2L*95+yJFkih%y?TPWqW5Z>@7HtlezzGbXR?2KaRzUyt8$WC~kneUDGw& z|Gl5c^jT0;9}Q;@c!3;}VQ4Z2=@?o6L>Oykn^nIeV0_wMCX!?$Yt^7Nlb+xjal3W> zom&_Brr2chj^_tON~vyDdyY1uWRdv%xXi&_@vUF+Y<3!L>z zBzT9NRA#aZzwbw3<@niROwnUXYi@rmPhG^0`pbtiZ3RmW(K(nf zaL{E86*!ZDgiZl*TT#kD8F@=lR|+m9EFvl7btg_xt8ZEAeo7{hRj>g~u9wGg=S0iyw^^7FAmdgiFq-VWRuwEz{6=^=t*? zb&Eu{2f{g%6TKrnk4Y`dy+Ep2o*3U1eYYX%SnJ$}vgDHvMbPij8gEL^l%&NP#Zwr&e8k4(Lt2TU8pU)iC$hJ=(waX&Rc`Bz(sJ|gC(uXmbg$*&T{8N aQW5>sin7P$BGijGZy7hgZ)a~qgZ>R@S9R$C literal 0 HcmV?d00001 diff --git a/DeviceSecurityTestPkg/Test/DeployCert/Key/TestRoot.cer b/DeviceSecurityTestPkg/Test/DeployCert/Key/TestRoot.cer new file mode 100644 index 0000000000000000000000000000000000000000..7b0ec13149521971ab3dffb0f19f3966407a9015 GIT binary patch literal 865 zcmXqLVvaRvVsc%;%*4pV#L4hWd)@zs-Gw&|c-c6$+C196^D;7WvoaXC8gd(OvN4CU zun99ch8hYR2!c2qJY2!~xv9FrC5a`ehKdIAAVDr33D3Ne)S|r95{2;0l=RG!VugT` zN(G;i6azVNULykoLql^zBNGcl<0x@nV-VK_%B7YyO^iy&9$;i;U~XdMXE11Dldd=idCRKK5~&Uv~HV?e}`SHdSBlsr_D_{djp=qf(XNM)6M~ z+4k~lPSvKoOsxE0E0LEI{#@@P>y*v=)%kjEIWI~s`M2?7Mn=r$WU0V|Z7cWL2>qT| ztDv*kCSIZbz=JolE-mnyzU5b>uGdT3tgH9f^UiLmx!LP2D%7@i?#sRYtq)C%xaS&c~WZaucV>r(T-Y}17+oH1)=-pTH5xodG(U;B5Wh|R%&=Q&O>K3DJJ(A{5l zVpG+PQ+v)O*8N|UF3iNt$iTQbz`)Ny78ql)d@N!tB2RRz*Di{Z71zA`LSFoM!=|$V zI!nP3Dyz&QVIbCkT>%eBzc34{0W%}xf8;O+CK_OvGcvgT_{J?>9g zyT9p{{WUSiLOIXf-EWWB967h9*DY2O7GwY`(+5apGx@q|B+@;&~zDlQ$ML0d} zT66!dJl}^CFS8kqSQQjcl;pn_`&Y#z`*6-;wN1gVt2anFZratkY3+o4v*H(ItpBk4 zCeA921_2mzeEM;y#0CXK)U;qFB literal 0 HcmV?d00001 diff --git a/DeviceSecurityTestPkg/Test/DeployCert/Key/TestRoot.crt b/DeviceSecurityTestPkg/Test/DeployCert/Key/TestRoot.crt new file mode 100644 index 00000000000..51400c0ca30 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/DeployCert/Key/TestRoot.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDXTCCAkWgAwIBAgIJAPorrv/hi3HZMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQwHhcNMjAwMTE3MTI0ODEzWhcNMzAwMTE0MTI0ODEzWjBF +MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 +ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEA0imcGFicZWfgFMcXQ87s+XvG8bZOa4vvt96NirJ704x993dr46dmgSJ6 +EbEX8hRrPx+syn1k6WF5/30YbmxX5y7xBZSzvycOjNpDomN0/rHxaGhcs2MaUcGG +qb48EvuRfSAsozxfIH/A4Oya0qBKl7T6WS1K6T1q1d4Hbs20fNmNSxUShq2d6b1P +heE0Mgucw9d3WR8eRZCLnQvS/RkZyAz4MLtPE0O0Qy3z09G/HlXHVCWYb57J1usU +KrDlI+fOufzdXS1itcml7NrjOd1EfP92stDUCVysmdxrjYTdON0vK/thFDzB/s8I +ygHnJ4oILb92yLJ62Mq8zmF+/6JnEwIDAQABo1AwTjAdBgNVHQ4EFgQU5Cw7raJa +HRcp3egfF8eAss1QLKUwHwYDVR0jBBgwFoAU5Cw7raJaHRcp3egfF8eAss1QLKUw +DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEARfjzDVcPbdhuhDere1Yp +TbE54F+pmdkLkzm3g09XLXThjx3fXKvvYY51xAcQ3h+LELMJCR/nx8XRZ0dyssVW +449krb+C2j/WFkFxHkm7i+3EPMTOrI1GXSgRte2JzK+XYj/5clLZMfbO0tt/TSLL +xlhC5Yqs390fDvDI6WsBMgUgIch0b+sW/noCHeGcoyayU+t7sBpBsrqJsq2Qvppf +oGiv8Lvx7XzPkk4oiLyNcYyMFNnZUXFjC8dt604mfNvJCku2mEa/YwRXjxBXctrn +eGmBrsdJnBhozSxe4j1Pcz8xTDgIyseFNNN+BNPF0DkA3AOirKPZTpo70/AZBHZG ++A== +-----END CERTIFICATE----- diff --git a/DeviceSecurityTestPkg/Test/DeployCert/Key/TestRoot.key b/DeviceSecurityTestPkg/Test/DeployCert/Key/TestRoot.key new file mode 100644 index 00000000000..67933a3abae --- /dev/null +++ b/DeviceSecurityTestPkg/Test/DeployCert/Key/TestRoot.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA0imcGFicZWfgFMcXQ87s+XvG8bZOa4vvt96NirJ704x993dr +46dmgSJ6EbEX8hRrPx+syn1k6WF5/30YbmxX5y7xBZSzvycOjNpDomN0/rHxaGhc +s2MaUcGGqb48EvuRfSAsozxfIH/A4Oya0qBKl7T6WS1K6T1q1d4Hbs20fNmNSxUS +hq2d6b1PheE0Mgucw9d3WR8eRZCLnQvS/RkZyAz4MLtPE0O0Qy3z09G/HlXHVCWY +b57J1usUKrDlI+fOufzdXS1itcml7NrjOd1EfP92stDUCVysmdxrjYTdON0vK/th +FDzB/s8IygHnJ4oILb92yLJ62Mq8zmF+/6JnEwIDAQABAoIBAGBd6hCT2Sr6hZqh +a/6QzMLdSe0d3jmcUhBqwVZe3z6yxjQKE3OxF+SQzY59OPCtAjxQpue2teX553oK +f4Bqt6fvM1+OvxkgrKBTmP3GQyhiqcJpUFCFWdUxOzFsZJmDt0O71BwJm8kIK4Y3 +mAqKq4mC1+S6SwZGPk3Q4HGja2Zvekm/KEPivaaf9BIxvt72i1MVe9hDMfEmhGW8 +ESC6KC7MjUXr362XfchluABX9gsMJuxLcHzSjceCOj0CHN4Ek3f4hj1qzDIu2ws/ +XumPZuiWHGATUbbg0d9ZyTW+Tj/yw7HP2OZy2TmO4w2ou2lBoIHooRtvGfRsXHhG +/ckxQbkCgYEA882JzO4hLCSj004ZAiK6lI6NQHgLdk+VrLmYBZpTdiWTw2gOP8Ys +A53AopnmKuHg58vqbJQpKQKq7+QLY0zacQXlgebJYjaUdsYlrgsgL49ZO+EVJQZt +3pCQcdmj6Amqemm6xX9OwwR9P1UvEtot17ydbIlA8sO9l4qUq0yeAF8CgYEA3K06 +kGzUbsJ4eRcYxCtMI8lvMgAEVDWG1KnpfcvDsppH1I83EY3/CITjpjW0JvBw8A4P +KAEnsVIxdRVyeMiMoi6O7RNgLiZLypF4mEHlEuJGyO3db+bxoG72smmSq2ixEbqH +mQg3qUqvdHwTLhum/JvR3EeRla6vpu7wnTYNxc0CgYBCgfFzfAqElkIypH1h/cNU +P0b9LUJDNhaolcCI1r6p3jpe9gXdE9xx6BjiwoTtccz+rrv2frxzuYyUAGuy3QZC +Cs+/DgwlxKnfdNJWliZjkwFOumogPY6/RkSBKlPyOqDM4AbZVY9Q1+qq2jwLMoWK +8qMnNpIHJ6qSqnU//ZiklQKBgQDTFIOjJ+Yet7eCo/wVkBC5XnEVE30Qi06X1pq3 +sBNVoEs6325eRUOAA5S5JD9Yy75LcDdBHbG45BTYmJYxQCt86ineTR0/p3PxpCoF +AWq7IGNyyEt6QR44RkuEpoUbnf1ZJuGTGJAdR4oCUrgJ73tPv0ACgxaXZUsw0vam +edC8tQKBgQDVwoSRyrDUvqML5tzZ3vmCp/nfVjGPhTfVjFbXYnBfyIiauj5d/1g4 +H2vSuvltnOM1fw4Iq13ZHTplXQOCbVJEKeb7nLHk6FeNhGqSAS68ImblK9lRK6GW +qdkgYwYWcBmuDzZgh87ppTdB29KH7Hi8aBjrawVlQ2rhAFcUeFoZ1A== +-----END RSA PRIVATE KEY----- diff --git a/DeviceSecurityTestPkg/Test/DeployCert/Key/TestRootCer2.der b/DeviceSecurityTestPkg/Test/DeployCert/Key/TestRootCer2.der new file mode 100644 index 0000000000000000000000000000000000000000..5f1f56a9b50f456c24be694328194bc117889969 GIT binary patch literal 797 zcmXqLVwN;$Vq#pt%*4pVB*JiTNwk~oP5YUJ&D@O{k{zCXAMP6PvThY}UMS-)h#B zz~!>nt$)q)om;lLNa-)r5MOxyoLqOcQ=E5A2wA zUL@fEx0HbQQ@1LNXggFpjW zU<}Cev52vV#G1a_6vjILZ~w39zu&NFrc84-?lq7HNh`BR7>G4sSHKTaAk4`4pM}+c z8Au@qJ1~}k!OqCgonRDvocHvrvdvx#Hy61duQj#}xxMaL?BU|;N$Y>lyrP`1vEs;z z@=B&Pi(j3&UCzkz^uUWYU%e?$uDxVY>~U8po){Fc==i~Rm20dUdabEY;>)N&9(EXo}Q(m}u|JXA{;I{>r zvXJnyhMBw`kB=|a6W;o}z|NyNJkgqeqVJ=fLQkeeia1SAsbSdrbk}lG$AdXnYNpE{ zX0G6WWF;f@VXBzU1r_a(=6b7Zni}8A!e+O;-64PM)%C{NNqMiIZCNQaebM%ufW?is aML)}V)!tp=WcDang|+wOCC8``Z*BlsicALp literal 0 HcmV?d00001 diff --git a/DeviceSecurityTestPkg/Test/DeployCert/Key/TestRootCer3.der b/DeviceSecurityTestPkg/Test/DeployCert/Key/TestRootCer3.der new file mode 100644 index 0000000000000000000000000000000000000000..459708672dc7db99f2429e766a76db6cb3dae335 GIT binary patch literal 1309 zcmXqLVwE&#VrE>x%*4pVB*MnxbY|)M5RJyro@kRHB!Pl+v+=i?F?NPcq>D8e>|DAht7xt~Lj!D^F9}zx9DR(;4(txS1 zl>&9=WV~muU$0he%V63xZH8Lb_cAt*dw-59gzie+b|E+8mC3-1Q@-^3d6Zx5kW-QP? zaB|9)iAvtHn$`Qoj~wLKK0`?P=EY3)`3KAAhHvElcf`bUpQ>G$(5*^#ZA<1u!Z~&h z*0XCrE%M#8+5OpR#Yr!x#(3qwWQ|Y1Z=kvTs*lWmDAqpY#bG*#+PjRzPn|5ot^^IVu*C7#8Id5*?@Q{g_ zk%4h>utA`KEHDMi^0A1qh{)-yah`*#T2IFxfFO2wDgpZ)iIIEB55YpI6q3TPfwfdHXZa(|>_hb;jBYG#Pq?{5Zn320p`z`~3Xwd#utE+iv@DC-u+m$TS zLuX&yVk`6Pq7`O7X&^^@thx#BCID<7*DDtYrK>seic znd_8Z8SZVmrY_0mduLW;eLa7Sp!J6rOxN{PC6E04_^+j?QhC<)sGFoJAruB^OE^j-K;7epTqx%*4pVBqDj?;zvWzM_~%5JQq~eT&`7j5uRwk%f_kI=F#?@mywZ| zmBB#9P|84pjX9KsnMW`)uOu}`p(M4qL?I~HQNh{KKu(<3$jHFZz|_FZ(8$O*0``lL4HTx;~+SJ4+w^xO%S{ITQp8{MVOE_>t?G^QGSzmY3{ zP-j_(PU=;b>cx|r>NZGbF7S`l=-Mm5!hd+dN{z^?x$6?w9PYp1`J3_nxv-8CcY8Tj zyK9(E@T~A(I_XsUBVFawhkDGouD;3p8}0Y!MI&S7fqN%5p50kBZ;8;RH%_jbPe09H z>70Bv`00;guWxxjmZUv=QRe*fyUg*J2&>sSQ!d<%uf6^`R@Z&^^nxFg4Ve`?-W*J5 zuw>R9d937BI#Z*mN-~K1tg0=*b*zP7RMA^1r$gFI-mb%zskyYG&D;SM$0SJzeeE zzB>FAN29=<>n$&je+ggkEA%3t)av$R|DGsqBek11l~2vmvzvV4ZM}*a%dASSoyWa& zf6v&Rva>UF@m|03lMGuI_9ea6KJ?>ofPn4hU&ias>pu|FcQ06WGE`+D&(+AIHeOkW z&+c6I(&AoFxptZl(8~Eokne_9CnMh0mB<7d$b+PnStJa^8n7$i z2PqI{Wc<&?I&P5J5G zgmss{P2zei$=4f{*EN%InWxBgNu%Ah9g`f=S^k86i+j%y zafrudy0t|24vq)y^(I2$H8tngUUz#Mr(dR`{{E&^eNOi(m9wkg1g(9e8M*W%Ykz@e zW#Eh3uiMJMEvqd2u#Ua<8{g*wk8lRL4UQ(OpW5wTuy0@HKbNgSGex$(7g#%E?lxVU zx7sR)3%GM<74qz#xW1H`!s@T;r+BWaW3WIs8uh%J{Lfv?Jq1 z_Vj5HyV_L0>@hZ}-JrDd_s64}^SE|vTdscbM9OFP!-q8sA1OEGFfTpvsrhEFOYgEX zhc}m|+CK5A{j~SRMxT4OLd=t{uaiD|FTna(W#=^iZ7=`wa)^gaa&i6 + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +// Default_NO_CONFIG: RSASSA_2048 + SHA_256 +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 TestRootCer[] = { + 0x30, 0x82, 0x05, 0x19, 0x30, 0x82, 0x03, 0x01, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x1D, + 0xAF, 0x4E, 0xF1, 0x99, 0xBF, 0xEE, 0xE2, 0x6D, 0x7E, 0x4A, 0xAC, 0xAC, 0x20, 0x00, 0xEB, 0x78, + 0xF6, 0x6A, 0xE9, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, + 0x05, 0x00, 0x30, 0x1C, 0x31, 0x1A, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x11, 0x69, + 0x6E, 0x74, 0x65, 0x6C, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x41, + 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x32, 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x31, 0x31, 0x30, 0x35, + 0x5A, 0x17, 0x0D, 0x33, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x36, 0x31, 0x31, 0x30, 0x35, 0x5A, + 0x30, 0x1C, 0x31, 0x1A, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x11, 0x69, 0x6E, 0x74, + 0x65, 0x6C, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x41, 0x30, 0x82, + 0x02, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x03, 0x82, 0x02, 0x0F, 0x00, 0x30, 0x82, 0x02, 0x0A, 0x02, 0x82, 0x02, 0x01, 0x00, 0xD5, + 0x13, 0x55, 0xB1, 0x0D, 0x44, 0x17, 0x6A, 0x06, 0x39, 0x66, 0xEE, 0xBC, 0x43, 0x81, 0xEA, 0xE0, + 0x93, 0x3F, 0x70, 0xB5, 0x5B, 0x07, 0xDE, 0xA0, 0x24, 0x47, 0xD0, 0xF8, 0x99, 0xE6, 0x50, 0x17, + 0xB4, 0x02, 0x60, 0xD9, 0x1A, 0x6C, 0xD3, 0x55, 0x60, 0x61, 0xDE, 0x80, 0x6D, 0x38, 0x29, 0x46, + 0xBB, 0x45, 0xA2, 0xEB, 0x24, 0x1C, 0xBB, 0x87, 0x1F, 0x14, 0xED, 0x3A, 0xD5, 0x32, 0xD5, 0x11, + 0x4B, 0xF4, 0x99, 0x78, 0x00, 0x11, 0x8D, 0x6D, 0x6E, 0x5A, 0x0B, 0x81, 0xFF, 0x08, 0x59, 0x01, + 0x2B, 0xF0, 0x9B, 0x52, 0x88, 0x41, 0xB6, 0x3E, 0x62, 0x7B, 0xBD, 0x25, 0x96, 0x64, 0x8E, 0xB1, + 0x2B, 0x6A, 0xF8, 0x39, 0x93, 0x0A, 0x6B, 0x3F, 0x8C, 0x2B, 0x35, 0x6E, 0x80, 0x32, 0x86, 0xF6, + 0x0F, 0x1E, 0x8C, 0xD4, 0x4E, 0x77, 0xBE, 0xAF, 0xE5, 0x4C, 0x47, 0x66, 0xDD, 0x62, 0xCE, 0x64, + 0x65, 0x80, 0xCA, 0xBD, 0x87, 0x94, 0x3E, 0xFF, 0x3D, 0x0A, 0xD4, 0x39, 0xCC, 0xD1, 0xEF, 0xD1, + 0x1A, 0x55, 0x2C, 0xEB, 0xDC, 0xCF, 0x9A, 0x59, 0x92, 0xDA, 0xCA, 0xF6, 0xAE, 0x88, 0xBC, 0xC0, + 0x43, 0xE5, 0xA9, 0x60, 0xB2, 0x0F, 0x69, 0xA2, 0x2A, 0x98, 0x56, 0x0F, 0x4B, 0x0B, 0x63, 0xB3, + 0x4E, 0x8B, 0x43, 0xB4, 0x7F, 0x52, 0x1E, 0x5A, 0x9E, 0xDF, 0xA7, 0x98, 0x4D, 0xB9, 0x3B, 0x58, + 0x80, 0x69, 0x38, 0xB7, 0xEB, 0x20, 0x91, 0xBF, 0x59, 0x81, 0x44, 0xFC, 0xC6, 0xAF, 0xC2, 0xC8, + 0xE1, 0xAE, 0x3D, 0xC5, 0xB6, 0x55, 0xA8, 0xA2, 0xCD, 0xEC, 0x0B, 0xBE, 0x9C, 0x34, 0x2B, 0xF5, + 0x4B, 0x2E, 0x3B, 0x26, 0xAA, 0x22, 0x12, 0x29, 0xC2, 0x66, 0xC2, 0x40, 0xDD, 0x12, 0xFA, 0xF0, + 0xB4, 0xE8, 0x95, 0x20, 0x59, 0x91, 0x9E, 0x7D, 0x36, 0x6E, 0x2D, 0x99, 0x53, 0x44, 0x2B, 0x43, + 0x12, 0x08, 0x74, 0x76, 0xD5, 0x21, 0xD3, 0x08, 0x37, 0xE1, 0xE6, 0xE3, 0xC4, 0x67, 0x88, 0x29, + 0xEA, 0x06, 0x97, 0x9F, 0x61, 0x0D, 0x5D, 0x39, 0x17, 0x03, 0x87, 0x89, 0x35, 0xE0, 0xD5, 0x87, + 0xA1, 0x5B, 0x0C, 0x3C, 0x35, 0x3D, 0xD6, 0x6F, 0xDD, 0x6F, 0xA5, 0x11, 0x9F, 0x80, 0x20, 0xCA, + 0x8B, 0x67, 0xD2, 0x2C, 0x7C, 0x51, 0x68, 0x15, 0x2C, 0x9C, 0x08, 0x86, 0xC8, 0x6C, 0xF0, 0x9D, + 0xC2, 0x98, 0xB9, 0x6E, 0x31, 0xAF, 0x2B, 0x34, 0x9C, 0xE3, 0xD0, 0xE9, 0x85, 0x37, 0x2B, 0x1F, + 0x21, 0xD2, 0xB9, 0xA4, 0x8D, 0x3F, 0xA3, 0x1A, 0x9F, 0x7D, 0x1B, 0xB6, 0xE0, 0xF6, 0x19, 0xF4, + 0x19, 0xF8, 0x50, 0xA7, 0x1B, 0xEC, 0xB9, 0xBB, 0xA4, 0xD2, 0x20, 0xF3, 0xED, 0xC7, 0xA7, 0x94, + 0x2B, 0x0B, 0x9A, 0x74, 0xB8, 0xBA, 0xD7, 0x42, 0x97, 0xAB, 0xB4, 0xE9, 0xBE, 0x1E, 0x07, 0x0C, + 0x05, 0x55, 0x54, 0xBA, 0x05, 0x73, 0x99, 0xF2, 0x29, 0x88, 0x69, 0x4F, 0x1B, 0x2E, 0x87, 0x7B, + 0x74, 0x94, 0xAE, 0xC2, 0x2F, 0x3C, 0x90, 0xB5, 0x5C, 0x01, 0x46, 0xC6, 0x42, 0xFB, 0xA9, 0xAD, + 0x82, 0x1B, 0xD9, 0x38, 0xBE, 0x0D, 0x72, 0x4C, 0x06, 0x03, 0x92, 0xC2, 0xC8, 0x7F, 0x7B, 0xD4, + 0x86, 0x83, 0xB8, 0x62, 0xD9, 0xF7, 0x2F, 0xC1, 0x57, 0x88, 0x85, 0xA5, 0x61, 0xC5, 0x93, 0xFC, + 0x17, 0xE0, 0x98, 0x11, 0x88, 0x0D, 0x03, 0x0B, 0x6E, 0x01, 0x16, 0xCC, 0xF2, 0x3C, 0x5F, 0x61, + 0x8C, 0x27, 0x31, 0xCA, 0x4D, 0x35, 0x7A, 0xC1, 0xF3, 0xFE, 0x06, 0xFF, 0xCA, 0x7B, 0x96, 0xAD, + 0x0D, 0xFF, 0x9E, 0x12, 0x44, 0x51, 0x6E, 0xF4, 0xAA, 0x2E, 0xCE, 0xE8, 0xC7, 0xA6, 0xE9, 0xAE, + 0xC0, 0xBE, 0xDE, 0x7B, 0x93, 0x3D, 0x1D, 0xF9, 0xFB, 0x4D, 0xA7, 0x0B, 0x73, 0xFB, 0x7B, 0x02, + 0x03, 0x01, 0x00, 0x01, 0xA3, 0x53, 0x30, 0x51, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, + 0x16, 0x04, 0x14, 0x03, 0xFE, 0xB0, 0x3F, 0x09, 0xE5, 0xE1, 0xF4, 0x2E, 0x87, 0xFB, 0x41, 0x86, + 0xF6, 0x76, 0xD3, 0x93, 0xBE, 0x96, 0x85, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, + 0x30, 0x16, 0x80, 0x14, 0x03, 0xFE, 0xB0, 0x3F, 0x09, 0xE5, 0xE1, 0xF4, 0x2E, 0x87, 0xFB, 0x41, + 0x86, 0xF6, 0x76, 0xD3, 0x93, 0xBE, 0x96, 0x85, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, + 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x02, 0x15, 0x73, + 0x60, 0x10, 0xBC, 0x95, 0xAC, 0x63, 0x15, 0x09, 0x6B, 0x0C, 0x09, 0x4A, 0x74, 0xCD, 0xE3, 0x58, + 0xCC, 0x6C, 0xF3, 0x55, 0x80, 0xE9, 0x75, 0x47, 0x2C, 0x80, 0x4E, 0x5F, 0xFE, 0xBD, 0x2E, 0xD7, + 0x42, 0x89, 0x44, 0x57, 0xBE, 0x51, 0x84, 0x53, 0xB6, 0x40, 0x80, 0xD6, 0xCC, 0xE2, 0x80, 0x22, + 0x53, 0xD9, 0x31, 0x65, 0xF9, 0x3C, 0x8B, 0x7B, 0xE6, 0xA6, 0x6E, 0xFD, 0x9D, 0x27, 0xE5, 0xCD, + 0xFD, 0x82, 0xCF, 0xD6, 0x18, 0xBE, 0xA6, 0xED, 0x72, 0xCE, 0x5F, 0x45, 0x12, 0x6A, 0xAA, 0x95, + 0x42, 0x25, 0x28, 0x8B, 0xFC, 0x4B, 0xC9, 0xAD, 0xDD, 0xDB, 0x4C, 0x74, 0x10, 0x2E, 0x90, 0x2A, + 0x06, 0x4F, 0x2E, 0xB4, 0x54, 0xB9, 0xC0, 0x60, 0xB9, 0x4D, 0xEE, 0x59, 0x1C, 0x18, 0x8D, 0xD1, + 0x49, 0xC3, 0xE9, 0x1B, 0xF1, 0xFC, 0xC3, 0x83, 0x1F, 0x6A, 0xB0, 0xFC, 0x8D, 0xFC, 0x30, 0xED, + 0x9C, 0xCB, 0x78, 0x52, 0xE8, 0x09, 0x3D, 0x4F, 0xDC, 0xBC, 0xAD, 0x84, 0xC1, 0xD5, 0x5A, 0x0A, + 0x07, 0xA3, 0xF6, 0x42, 0xD7, 0x54, 0x55, 0x01, 0x8E, 0x53, 0xCE, 0xCB, 0x2A, 0x11, 0xF7, 0x89, + 0x7E, 0xAF, 0x6F, 0x4C, 0xB9, 0x56, 0x4A, 0x67, 0x4A, 0xF9, 0x4F, 0x64, 0x15, 0xFA, 0xB0, 0xF9, + 0x97, 0xE2, 0xF6, 0xA8, 0xF4, 0xE7, 0x0A, 0x7A, 0x83, 0x4E, 0xF6, 0xE9, 0xAC, 0x5E, 0xD9, 0xA8, + 0xEA, 0x6B, 0x06, 0xCB, 0x2C, 0x41, 0xC1, 0x7E, 0xF5, 0x79, 0xFC, 0x7C, 0x05, 0x06, 0x8F, 0x27, + 0xAA, 0x3B, 0x61, 0x82, 0x72, 0x55, 0xA9, 0xA0, 0xA0, 0xA5, 0x69, 0x2F, 0x95, 0x40, 0xFC, 0xFE, + 0x4A, 0x0F, 0x7D, 0x8C, 0x89, 0xAA, 0xC0, 0x1D, 0x87, 0x03, 0xA1, 0xCE, 0xEE, 0x23, 0x4F, 0xC5, + 0x7C, 0xB4, 0xB6, 0x2B, 0x6F, 0x05, 0x30, 0xC9, 0x16, 0x51, 0xDF, 0xC7, 0x16, 0x3C, 0x08, 0x38, + 0x20, 0xF9, 0xC5, 0xE0, 0x4A, 0xFA, 0xCB, 0x8C, 0xC3, 0xC5, 0xBB, 0x5C, 0xAD, 0xCA, 0xC2, 0x52, + 0x45, 0x2F, 0x54, 0x70, 0x78, 0x33, 0x70, 0xC2, 0xED, 0x68, 0xF1, 0x89, 0x67, 0xA3, 0x19, 0x24, + 0xCB, 0x8F, 0x99, 0x1B, 0x28, 0x81, 0x6C, 0x4E, 0x25, 0xB1, 0x27, 0x3D, 0x9F, 0xE7, 0x3D, 0xA7, + 0x73, 0x9E, 0x4C, 0x1A, 0x63, 0x8E, 0xF9, 0xA7, 0xB6, 0x21, 0xE7, 0x4C, 0xDF, 0xFB, 0x36, 0x47, + 0xDA, 0x2D, 0xBB, 0x52, 0x55, 0xF8, 0x44, 0x0D, 0x0C, 0xDE, 0xE2, 0x13, 0x42, 0x1B, 0xA2, 0xAD, + 0xA0, 0x0F, 0x39, 0x6C, 0x78, 0x32, 0x7A, 0x03, 0x9E, 0x55, 0x4E, 0x43, 0xF7, 0x0C, 0x35, 0xD9, + 0x1D, 0x2C, 0x0F, 0x30, 0x30, 0x3E, 0x09, 0xE2, 0x31, 0xA6, 0xB0, 0x1E, 0xA9, 0xF5, 0x4B, 0xA1, + 0x74, 0x09, 0x50, 0xD4, 0xD3, 0xD3, 0x3E, 0x76, 0xB1, 0x67, 0xFC, 0x51, 0xB0, 0x93, 0x22, 0xC4, + 0x6B, 0x8A, 0x27, 0x45, 0x19, 0x3B, 0x35, 0x91, 0x61, 0x36, 0xE7, 0x9C, 0xF6, 0xDA, 0x96, 0x30, + 0x7D, 0xF4, 0x11, 0xC4, 0x3F, 0x35, 0x4E, 0x7A, 0xD6, 0x6E, 0xB6, 0xEA, 0xE7, 0x66, 0x6F, 0x23, + 0x5C, 0x53, 0x76, 0x53, 0xFC, 0x35, 0x93, 0xE5, 0xFC, 0xB9, 0x6B, 0xB9, 0xD3, 0x6C, 0x48, 0x66, + 0x6F, 0xD7, 0x10, 0x6E, 0x25, 0x72, 0x71, 0x31, 0xFA, 0xC0, 0xDF, 0x31, 0xCA, 0xD1, 0xAF, 0xC2, + 0x8E, 0xA5, 0xCA, 0xD7, 0x3F, 0x4E, 0xDE, 0x47, 0xD5, 0x8E, 0xFC, 0x75, 0xB6, 0x71, 0x83, 0xD9, + 0xFD, 0x11, 0x35, 0x81, 0xBF, 0x10, 0x0D, 0x3E, 0x50, 0x45, 0x07, 0x39, 0x08, 0x73, 0x7A, 0x0B, + 0x21, 0x32, 0xAF, 0xF4, 0x99, 0xEB, 0x4D, 0xD4, 0xE8, 0x2A, 0x06, 0x98, 0x43, 0xBB, 0xBB, 0x11, + 0x63, 0x99, 0xA8, 0x41, 0x22, 0xE8, 0x86, 0x79, 0x4B, 0x53, 0xB7, 0x73, 0x1B, +}; +UINTN TestRootCerSize = sizeof (TestRootCer); + +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 TestCertChain[] = { + 0x30, 0x82, 0x05, 0x19, 0x30, 0x82, 0x03, 0x01, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x1D, + 0xAF, 0x4E, 0xF1, 0x99, 0xBF, 0xEE, 0xE2, 0x6D, 0x7E, 0x4A, 0xAC, 0xAC, 0x20, 0x00, 0xEB, 0x78, + 0xF6, 0x6A, 0xE9, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, + 0x05, 0x00, 0x30, 0x1C, 0x31, 0x1A, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x11, 0x69, + 0x6E, 0x74, 0x65, 0x6C, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x41, + 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x32, 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x31, 0x31, 0x30, 0x35, + 0x5A, 0x17, 0x0D, 0x33, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x36, 0x31, 0x31, 0x30, 0x35, 0x5A, + 0x30, 0x1C, 0x31, 0x1A, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x11, 0x69, 0x6E, 0x74, + 0x65, 0x6C, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x41, 0x30, 0x82, + 0x02, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x03, 0x82, 0x02, 0x0F, 0x00, 0x30, 0x82, 0x02, 0x0A, 0x02, 0x82, 0x02, 0x01, 0x00, 0xD5, + 0x13, 0x55, 0xB1, 0x0D, 0x44, 0x17, 0x6A, 0x06, 0x39, 0x66, 0xEE, 0xBC, 0x43, 0x81, 0xEA, 0xE0, + 0x93, 0x3F, 0x70, 0xB5, 0x5B, 0x07, 0xDE, 0xA0, 0x24, 0x47, 0xD0, 0xF8, 0x99, 0xE6, 0x50, 0x17, + 0xB4, 0x02, 0x60, 0xD9, 0x1A, 0x6C, 0xD3, 0x55, 0x60, 0x61, 0xDE, 0x80, 0x6D, 0x38, 0x29, 0x46, + 0xBB, 0x45, 0xA2, 0xEB, 0x24, 0x1C, 0xBB, 0x87, 0x1F, 0x14, 0xED, 0x3A, 0xD5, 0x32, 0xD5, 0x11, + 0x4B, 0xF4, 0x99, 0x78, 0x00, 0x11, 0x8D, 0x6D, 0x6E, 0x5A, 0x0B, 0x81, 0xFF, 0x08, 0x59, 0x01, + 0x2B, 0xF0, 0x9B, 0x52, 0x88, 0x41, 0xB6, 0x3E, 0x62, 0x7B, 0xBD, 0x25, 0x96, 0x64, 0x8E, 0xB1, + 0x2B, 0x6A, 0xF8, 0x39, 0x93, 0x0A, 0x6B, 0x3F, 0x8C, 0x2B, 0x35, 0x6E, 0x80, 0x32, 0x86, 0xF6, + 0x0F, 0x1E, 0x8C, 0xD4, 0x4E, 0x77, 0xBE, 0xAF, 0xE5, 0x4C, 0x47, 0x66, 0xDD, 0x62, 0xCE, 0x64, + 0x65, 0x80, 0xCA, 0xBD, 0x87, 0x94, 0x3E, 0xFF, 0x3D, 0x0A, 0xD4, 0x39, 0xCC, 0xD1, 0xEF, 0xD1, + 0x1A, 0x55, 0x2C, 0xEB, 0xDC, 0xCF, 0x9A, 0x59, 0x92, 0xDA, 0xCA, 0xF6, 0xAE, 0x88, 0xBC, 0xC0, + 0x43, 0xE5, 0xA9, 0x60, 0xB2, 0x0F, 0x69, 0xA2, 0x2A, 0x98, 0x56, 0x0F, 0x4B, 0x0B, 0x63, 0xB3, + 0x4E, 0x8B, 0x43, 0xB4, 0x7F, 0x52, 0x1E, 0x5A, 0x9E, 0xDF, 0xA7, 0x98, 0x4D, 0xB9, 0x3B, 0x58, + 0x80, 0x69, 0x38, 0xB7, 0xEB, 0x20, 0x91, 0xBF, 0x59, 0x81, 0x44, 0xFC, 0xC6, 0xAF, 0xC2, 0xC8, + 0xE1, 0xAE, 0x3D, 0xC5, 0xB6, 0x55, 0xA8, 0xA2, 0xCD, 0xEC, 0x0B, 0xBE, 0x9C, 0x34, 0x2B, 0xF5, + 0x4B, 0x2E, 0x3B, 0x26, 0xAA, 0x22, 0x12, 0x29, 0xC2, 0x66, 0xC2, 0x40, 0xDD, 0x12, 0xFA, 0xF0, + 0xB4, 0xE8, 0x95, 0x20, 0x59, 0x91, 0x9E, 0x7D, 0x36, 0x6E, 0x2D, 0x99, 0x53, 0x44, 0x2B, 0x43, + 0x12, 0x08, 0x74, 0x76, 0xD5, 0x21, 0xD3, 0x08, 0x37, 0xE1, 0xE6, 0xE3, 0xC4, 0x67, 0x88, 0x29, + 0xEA, 0x06, 0x97, 0x9F, 0x61, 0x0D, 0x5D, 0x39, 0x17, 0x03, 0x87, 0x89, 0x35, 0xE0, 0xD5, 0x87, + 0xA1, 0x5B, 0x0C, 0x3C, 0x35, 0x3D, 0xD6, 0x6F, 0xDD, 0x6F, 0xA5, 0x11, 0x9F, 0x80, 0x20, 0xCA, + 0x8B, 0x67, 0xD2, 0x2C, 0x7C, 0x51, 0x68, 0x15, 0x2C, 0x9C, 0x08, 0x86, 0xC8, 0x6C, 0xF0, 0x9D, + 0xC2, 0x98, 0xB9, 0x6E, 0x31, 0xAF, 0x2B, 0x34, 0x9C, 0xE3, 0xD0, 0xE9, 0x85, 0x37, 0x2B, 0x1F, + 0x21, 0xD2, 0xB9, 0xA4, 0x8D, 0x3F, 0xA3, 0x1A, 0x9F, 0x7D, 0x1B, 0xB6, 0xE0, 0xF6, 0x19, 0xF4, + 0x19, 0xF8, 0x50, 0xA7, 0x1B, 0xEC, 0xB9, 0xBB, 0xA4, 0xD2, 0x20, 0xF3, 0xED, 0xC7, 0xA7, 0x94, + 0x2B, 0x0B, 0x9A, 0x74, 0xB8, 0xBA, 0xD7, 0x42, 0x97, 0xAB, 0xB4, 0xE9, 0xBE, 0x1E, 0x07, 0x0C, + 0x05, 0x55, 0x54, 0xBA, 0x05, 0x73, 0x99, 0xF2, 0x29, 0x88, 0x69, 0x4F, 0x1B, 0x2E, 0x87, 0x7B, + 0x74, 0x94, 0xAE, 0xC2, 0x2F, 0x3C, 0x90, 0xB5, 0x5C, 0x01, 0x46, 0xC6, 0x42, 0xFB, 0xA9, 0xAD, + 0x82, 0x1B, 0xD9, 0x38, 0xBE, 0x0D, 0x72, 0x4C, 0x06, 0x03, 0x92, 0xC2, 0xC8, 0x7F, 0x7B, 0xD4, + 0x86, 0x83, 0xB8, 0x62, 0xD9, 0xF7, 0x2F, 0xC1, 0x57, 0x88, 0x85, 0xA5, 0x61, 0xC5, 0x93, 0xFC, + 0x17, 0xE0, 0x98, 0x11, 0x88, 0x0D, 0x03, 0x0B, 0x6E, 0x01, 0x16, 0xCC, 0xF2, 0x3C, 0x5F, 0x61, + 0x8C, 0x27, 0x31, 0xCA, 0x4D, 0x35, 0x7A, 0xC1, 0xF3, 0xFE, 0x06, 0xFF, 0xCA, 0x7B, 0x96, 0xAD, + 0x0D, 0xFF, 0x9E, 0x12, 0x44, 0x51, 0x6E, 0xF4, 0xAA, 0x2E, 0xCE, 0xE8, 0xC7, 0xA6, 0xE9, 0xAE, + 0xC0, 0xBE, 0xDE, 0x7B, 0x93, 0x3D, 0x1D, 0xF9, 0xFB, 0x4D, 0xA7, 0x0B, 0x73, 0xFB, 0x7B, 0x02, + 0x03, 0x01, 0x00, 0x01, 0xA3, 0x53, 0x30, 0x51, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, + 0x16, 0x04, 0x14, 0x03, 0xFE, 0xB0, 0x3F, 0x09, 0xE5, 0xE1, 0xF4, 0x2E, 0x87, 0xFB, 0x41, 0x86, + 0xF6, 0x76, 0xD3, 0x93, 0xBE, 0x96, 0x85, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, + 0x30, 0x16, 0x80, 0x14, 0x03, 0xFE, 0xB0, 0x3F, 0x09, 0xE5, 0xE1, 0xF4, 0x2E, 0x87, 0xFB, 0x41, + 0x86, 0xF6, 0x76, 0xD3, 0x93, 0xBE, 0x96, 0x85, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, + 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x02, 0x15, 0x73, + 0x60, 0x10, 0xBC, 0x95, 0xAC, 0x63, 0x15, 0x09, 0x6B, 0x0C, 0x09, 0x4A, 0x74, 0xCD, 0xE3, 0x58, + 0xCC, 0x6C, 0xF3, 0x55, 0x80, 0xE9, 0x75, 0x47, 0x2C, 0x80, 0x4E, 0x5F, 0xFE, 0xBD, 0x2E, 0xD7, + 0x42, 0x89, 0x44, 0x57, 0xBE, 0x51, 0x84, 0x53, 0xB6, 0x40, 0x80, 0xD6, 0xCC, 0xE2, 0x80, 0x22, + 0x53, 0xD9, 0x31, 0x65, 0xF9, 0x3C, 0x8B, 0x7B, 0xE6, 0xA6, 0x6E, 0xFD, 0x9D, 0x27, 0xE5, 0xCD, + 0xFD, 0x82, 0xCF, 0xD6, 0x18, 0xBE, 0xA6, 0xED, 0x72, 0xCE, 0x5F, 0x45, 0x12, 0x6A, 0xAA, 0x95, + 0x42, 0x25, 0x28, 0x8B, 0xFC, 0x4B, 0xC9, 0xAD, 0xDD, 0xDB, 0x4C, 0x74, 0x10, 0x2E, 0x90, 0x2A, + 0x06, 0x4F, 0x2E, 0xB4, 0x54, 0xB9, 0xC0, 0x60, 0xB9, 0x4D, 0xEE, 0x59, 0x1C, 0x18, 0x8D, 0xD1, + 0x49, 0xC3, 0xE9, 0x1B, 0xF1, 0xFC, 0xC3, 0x83, 0x1F, 0x6A, 0xB0, 0xFC, 0x8D, 0xFC, 0x30, 0xED, + 0x9C, 0xCB, 0x78, 0x52, 0xE8, 0x09, 0x3D, 0x4F, 0xDC, 0xBC, 0xAD, 0x84, 0xC1, 0xD5, 0x5A, 0x0A, + 0x07, 0xA3, 0xF6, 0x42, 0xD7, 0x54, 0x55, 0x01, 0x8E, 0x53, 0xCE, 0xCB, 0x2A, 0x11, 0xF7, 0x89, + 0x7E, 0xAF, 0x6F, 0x4C, 0xB9, 0x56, 0x4A, 0x67, 0x4A, 0xF9, 0x4F, 0x64, 0x15, 0xFA, 0xB0, 0xF9, + 0x97, 0xE2, 0xF6, 0xA8, 0xF4, 0xE7, 0x0A, 0x7A, 0x83, 0x4E, 0xF6, 0xE9, 0xAC, 0x5E, 0xD9, 0xA8, + 0xEA, 0x6B, 0x06, 0xCB, 0x2C, 0x41, 0xC1, 0x7E, 0xF5, 0x79, 0xFC, 0x7C, 0x05, 0x06, 0x8F, 0x27, + 0xAA, 0x3B, 0x61, 0x82, 0x72, 0x55, 0xA9, 0xA0, 0xA0, 0xA5, 0x69, 0x2F, 0x95, 0x40, 0xFC, 0xFE, + 0x4A, 0x0F, 0x7D, 0x8C, 0x89, 0xAA, 0xC0, 0x1D, 0x87, 0x03, 0xA1, 0xCE, 0xEE, 0x23, 0x4F, 0xC5, + 0x7C, 0xB4, 0xB6, 0x2B, 0x6F, 0x05, 0x30, 0xC9, 0x16, 0x51, 0xDF, 0xC7, 0x16, 0x3C, 0x08, 0x38, + 0x20, 0xF9, 0xC5, 0xE0, 0x4A, 0xFA, 0xCB, 0x8C, 0xC3, 0xC5, 0xBB, 0x5C, 0xAD, 0xCA, 0xC2, 0x52, + 0x45, 0x2F, 0x54, 0x70, 0x78, 0x33, 0x70, 0xC2, 0xED, 0x68, 0xF1, 0x89, 0x67, 0xA3, 0x19, 0x24, + 0xCB, 0x8F, 0x99, 0x1B, 0x28, 0x81, 0x6C, 0x4E, 0x25, 0xB1, 0x27, 0x3D, 0x9F, 0xE7, 0x3D, 0xA7, + 0x73, 0x9E, 0x4C, 0x1A, 0x63, 0x8E, 0xF9, 0xA7, 0xB6, 0x21, 0xE7, 0x4C, 0xDF, 0xFB, 0x36, 0x47, + 0xDA, 0x2D, 0xBB, 0x52, 0x55, 0xF8, 0x44, 0x0D, 0x0C, 0xDE, 0xE2, 0x13, 0x42, 0x1B, 0xA2, 0xAD, + 0xA0, 0x0F, 0x39, 0x6C, 0x78, 0x32, 0x7A, 0x03, 0x9E, 0x55, 0x4E, 0x43, 0xF7, 0x0C, 0x35, 0xD9, + 0x1D, 0x2C, 0x0F, 0x30, 0x30, 0x3E, 0x09, 0xE2, 0x31, 0xA6, 0xB0, 0x1E, 0xA9, 0xF5, 0x4B, 0xA1, + 0x74, 0x09, 0x50, 0xD4, 0xD3, 0xD3, 0x3E, 0x76, 0xB1, 0x67, 0xFC, 0x51, 0xB0, 0x93, 0x22, 0xC4, + 0x6B, 0x8A, 0x27, 0x45, 0x19, 0x3B, 0x35, 0x91, 0x61, 0x36, 0xE7, 0x9C, 0xF6, 0xDA, 0x96, 0x30, + 0x7D, 0xF4, 0x11, 0xC4, 0x3F, 0x35, 0x4E, 0x7A, 0xD6, 0x6E, 0xB6, 0xEA, 0xE7, 0x66, 0x6F, 0x23, + 0x5C, 0x53, 0x76, 0x53, 0xFC, 0x35, 0x93, 0xE5, 0xFC, 0xB9, 0x6B, 0xB9, 0xD3, 0x6C, 0x48, 0x66, + 0x6F, 0xD7, 0x10, 0x6E, 0x25, 0x72, 0x71, 0x31, 0xFA, 0xC0, 0xDF, 0x31, 0xCA, 0xD1, 0xAF, 0xC2, + 0x8E, 0xA5, 0xCA, 0xD7, 0x3F, 0x4E, 0xDE, 0x47, 0xD5, 0x8E, 0xFC, 0x75, 0xB6, 0x71, 0x83, 0xD9, + 0xFD, 0x11, 0x35, 0x81, 0xBF, 0x10, 0x0D, 0x3E, 0x50, 0x45, 0x07, 0x39, 0x08, 0x73, 0x7A, 0x0B, + 0x21, 0x32, 0xAF, 0xF4, 0x99, 0xEB, 0x4D, 0xD4, 0xE8, 0x2A, 0x06, 0x98, 0x43, 0xBB, 0xBB, 0x11, + 0x63, 0x99, 0xA8, 0x41, 0x22, 0xE8, 0x86, 0x79, 0x4B, 0x53, 0xB7, 0x73, 0x1B, 0x30, 0x82, 0x04, + 0xA0, 0x30, 0x82, 0x02, 0x88, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x1C, 0x31, 0x1A, + 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x11, 0x69, 0x6E, 0x74, 0x65, 0x6C, 0x20, 0x74, + 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x41, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x32, + 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x31, 0x31, 0x30, 0x36, 0x5A, 0x17, 0x0D, 0x33, 0x32, 0x30, + 0x31, 0x30, 0x33, 0x30, 0x36, 0x31, 0x31, 0x30, 0x36, 0x5A, 0x30, 0x2B, 0x31, 0x29, 0x30, 0x27, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x20, 0x69, 0x6E, 0x74, 0x65, 0x6C, 0x20, 0x74, 0x65, 0x73, + 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x6D, 0x65, 0x64, 0x69, 0x61, + 0x74, 0x65, 0x20, 0x63, 0x65, 0x72, 0x74, 0x30, 0x82, 0x01, 0xA2, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x8F, 0x00, 0x30, + 0x82, 0x01, 0x8A, 0x02, 0x82, 0x01, 0x81, 0x00, 0xD1, 0xCF, 0x2D, 0x21, 0x38, 0xE4, 0x81, 0xA6, + 0xF2, 0xE5, 0xCA, 0xAC, 0x09, 0x2B, 0x04, 0x2A, 0x52, 0x76, 0x2F, 0xA3, 0x4B, 0x43, 0xC2, 0xD6, + 0xB5, 0x3E, 0x2B, 0x29, 0x6F, 0x1B, 0x7D, 0x36, 0x60, 0xCD, 0x71, 0xF4, 0xCF, 0x8A, 0x24, 0xAC, + 0x8F, 0x5F, 0x78, 0x70, 0xC9, 0x84, 0x48, 0xFB, 0x1D, 0xCB, 0xEE, 0x34, 0x3C, 0x4C, 0xE1, 0x1A, + 0x92, 0x54, 0x43, 0x45, 0xE0, 0xDD, 0x14, 0xD5, 0xAC, 0x13, 0xAE, 0xCC, 0x45, 0xDC, 0x52, 0xDD, + 0x45, 0x22, 0x10, 0xAB, 0xB2, 0x1B, 0x3E, 0xAD, 0x36, 0x6F, 0x00, 0x59, 0xB6, 0xFD, 0x27, 0xB8, + 0x57, 0xBB, 0x66, 0x72, 0x1E, 0x7B, 0xE8, 0xC7, 0xAF, 0x5E, 0x65, 0x5C, 0x58, 0x3D, 0x9E, 0x78, + 0x26, 0xB7, 0x70, 0x9A, 0xE7, 0x3C, 0xFC, 0x90, 0x64, 0xB2, 0xB2, 0xB2, 0x80, 0x22, 0xB3, 0x1C, + 0x23, 0x73, 0x6A, 0xE3, 0xCB, 0x5B, 0x4E, 0x29, 0x71, 0xDD, 0xFD, 0xD7, 0x15, 0x3A, 0xD6, 0xA3, + 0xE0, 0x4A, 0x53, 0x65, 0xA6, 0xAE, 0x6A, 0x83, 0xB0, 0x00, 0x3F, 0x64, 0x4B, 0x01, 0xCD, 0x97, + 0xB1, 0xE1, 0x54, 0x1E, 0xA2, 0x33, 0x4E, 0xF0, 0x13, 0x33, 0x80, 0xE5, 0x41, 0x9C, 0x5E, 0xB3, + 0x5D, 0xAE, 0x53, 0x2C, 0x41, 0x51, 0xF2, 0x00, 0x3E, 0x03, 0xE2, 0x0D, 0xA4, 0xF5, 0x24, 0x08, + 0x46, 0xC2, 0xED, 0x6B, 0xF2, 0xE0, 0x1B, 0x04, 0xB7, 0xE8, 0xDA, 0x85, 0xA4, 0x2F, 0x4B, 0x53, + 0xFA, 0x76, 0x72, 0x0A, 0x28, 0xBF, 0x3C, 0xA8, 0x85, 0x03, 0xEE, 0x51, 0xB5, 0x5C, 0xA9, 0xA5, + 0x70, 0x47, 0x07, 0x11, 0x32, 0xC5, 0x5F, 0x7A, 0x07, 0xFB, 0x5F, 0x4A, 0x52, 0x65, 0x33, 0x0C, + 0x17, 0x8E, 0x74, 0xE5, 0xEC, 0x7D, 0x52, 0xA0, 0xD4, 0xEF, 0x64, 0xCC, 0x5E, 0xE2, 0x3D, 0x46, + 0x1E, 0x73, 0xAB, 0x43, 0x2D, 0x05, 0xFA, 0xA3, 0x6D, 0x86, 0x02, 0xE7, 0xC8, 0x5F, 0x44, 0xFE, + 0xEB, 0x14, 0x73, 0x2D, 0xF4, 0x0B, 0x72, 0x49, 0xE3, 0xEF, 0x55, 0x05, 0x1B, 0x2F, 0xF9, 0x73, + 0xEB, 0xED, 0xCC, 0x5E, 0x52, 0x17, 0x43, 0x94, 0x85, 0xC7, 0x0E, 0x73, 0x89, 0x22, 0xDC, 0x02, + 0x5F, 0x99, 0x69, 0x58, 0x16, 0x89, 0x1E, 0x6F, 0x75, 0xF8, 0xD3, 0xE7, 0x0A, 0xB1, 0x01, 0x42, + 0x71, 0xA6, 0xC5, 0xB2, 0xD0, 0xC0, 0x75, 0x96, 0x2E, 0xC2, 0x32, 0x49, 0x0A, 0xE8, 0x85, 0xBD, + 0x22, 0x4C, 0x95, 0xD4, 0xF8, 0x2D, 0x72, 0x05, 0x4F, 0x0E, 0x56, 0x9C, 0xC3, 0x30, 0x3D, 0xFD, + 0x30, 0x63, 0x92, 0x72, 0x6B, 0xAF, 0x80, 0x9D, 0xD0, 0xC2, 0x36, 0xE7, 0xC1, 0x37, 0xD0, 0x64, + 0x88, 0x64, 0x3C, 0x33, 0xDD, 0x87, 0xDD, 0xD9, 0xA2, 0x79, 0x44, 0xD8, 0x25, 0x84, 0x0E, 0xFD, + 0x9D, 0xD6, 0xC1, 0x7A, 0x2D, 0x23, 0x08, 0x9D, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x5E, 0x30, + 0x5C, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, + 0x0B, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x04, 0x04, 0x03, 0x02, 0x01, 0xFE, 0x30, 0x1D, 0x06, 0x03, + 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x46, 0xCD, 0xB4, 0x52, 0x02, 0x29, 0x26, 0xC7, 0x52, + 0x23, 0x81, 0x65, 0xCD, 0x87, 0x2F, 0x96, 0x1B, 0x01, 0x2C, 0xC5, 0x30, 0x20, 0x06, 0x03, 0x55, + 0x1D, 0x25, 0x01, 0x01, 0xFF, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, + 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, + 0x00, 0x71, 0x14, 0xCA, 0xFE, 0x03, 0x92, 0xC6, 0x88, 0x52, 0x76, 0x43, 0xD9, 0x8A, 0xF7, 0x22, + 0x94, 0xEF, 0x40, 0xA7, 0xC3, 0x7B, 0x6F, 0xB4, 0xD0, 0x42, 0xC3, 0x59, 0x1F, 0x77, 0xEF, 0xAC, + 0x18, 0xCE, 0x7C, 0xAB, 0x48, 0x85, 0x22, 0xF1, 0x50, 0x2C, 0xE0, 0x63, 0x4D, 0x9D, 0x0E, 0xED, + 0x38, 0xFF, 0xD9, 0xED, 0x3C, 0x7E, 0x3E, 0x84, 0xB1, 0xA7, 0x78, 0x62, 0x37, 0x39, 0x6D, 0xD5, + 0x5D, 0x46, 0x9A, 0x6F, 0x63, 0xC2, 0xA7, 0x90, 0xF9, 0x7A, 0xA7, 0x4B, 0xA2, 0x8A, 0xA8, 0x50, + 0x13, 0x16, 0x9C, 0x4F, 0xCC, 0x28, 0x58, 0x6C, 0x9F, 0x65, 0x6E, 0xF0, 0x9A, 0x92, 0x59, 0x94, + 0xA4, 0xB5, 0xFD, 0x8F, 0xF0, 0x7C, 0x1E, 0xBA, 0xC3, 0x21, 0x13, 0xFB, 0x33, 0xBA, 0xAD, 0x4B, + 0x1D, 0x42, 0x23, 0x16, 0x8B, 0x3E, 0xCD, 0xB5, 0x69, 0x9C, 0x7C, 0xA1, 0x9B, 0x92, 0xC1, 0x2F, + 0x9C, 0x89, 0x3F, 0x28, 0x24, 0x67, 0x48, 0x47, 0xF0, 0xB1, 0xC0, 0xF0, 0x4C, 0xBF, 0xF6, 0x64, + 0xDE, 0x33, 0xC3, 0xD6, 0x5B, 0xE6, 0xC3, 0xDD, 0xA5, 0xBA, 0x42, 0x02, 0x0F, 0xBC, 0xBE, 0xDE, + 0x14, 0x12, 0x7C, 0xFB, 0xE6, 0xBB, 0xDD, 0xF2, 0x6B, 0xD7, 0x75, 0xE6, 0xF5, 0xDA, 0xBE, 0xE9, + 0xBF, 0xA6, 0x87, 0x09, 0x41, 0x6C, 0x9D, 0x19, 0x9C, 0xB1, 0x7C, 0x89, 0x9F, 0x32, 0xB3, 0x0A, + 0x59, 0x10, 0xC6, 0x8C, 0xA0, 0x5B, 0xDA, 0xA6, 0xA3, 0xF8, 0x33, 0x77, 0x7A, 0xF4, 0xB0, 0x8A, + 0xCF, 0xC8, 0x3F, 0x2E, 0xB8, 0xF1, 0x9E, 0x7B, 0x47, 0x2D, 0x85, 0x3B, 0x58, 0xCD, 0x4B, 0xBC, + 0x87, 0xD2, 0xF3, 0xCD, 0x36, 0x80, 0x9B, 0x4A, 0x0F, 0x24, 0x30, 0x1D, 0x3F, 0x6F, 0x56, 0xCF, + 0x6E, 0x2D, 0xCF, 0xA8, 0x17, 0xD5, 0x97, 0x0B, 0x22, 0xA6, 0x59, 0xEF, 0xEF, 0xD4, 0x9A, 0x0E, + 0x6F, 0xB9, 0xF0, 0x48, 0x2A, 0x54, 0x22, 0x77, 0x27, 0x90, 0x84, 0x42, 0x56, 0x85, 0x80, 0x78, + 0x4F, 0xD9, 0x14, 0x2A, 0xF0, 0x5D, 0x6B, 0x46, 0x60, 0x3D, 0xAD, 0xA5, 0xA2, 0xB9, 0x04, 0x23, + 0x92, 0x1B, 0x70, 0xA3, 0xDB, 0xAA, 0xF0, 0x5F, 0x1C, 0xD8, 0x26, 0xBB, 0x51, 0x17, 0xFC, 0x93, + 0x6D, 0x70, 0x19, 0x54, 0xE2, 0x6F, 0x82, 0x8A, 0x49, 0xA6, 0x19, 0xCC, 0x97, 0x53, 0x90, 0x27, + 0xD9, 0x8D, 0xAA, 0x8C, 0xC3, 0x2B, 0xBC, 0x0A, 0x72, 0x3A, 0x41, 0xB8, 0xFA, 0x1E, 0xBB, 0x8B, + 0x27, 0x06, 0x75, 0x53, 0x91, 0xAC, 0x8D, 0x75, 0xF2, 0xA6, 0xEA, 0x85, 0x7E, 0x34, 0x06, 0x9E, + 0xF9, 0xE9, 0x13, 0xA3, 0xFE, 0x2E, 0x38, 0x4B, 0x3F, 0x61, 0x11, 0x1F, 0x6B, 0xD3, 0xFE, 0xC9, + 0x13, 0xBC, 0x12, 0xFE, 0xBC, 0xFF, 0xAA, 0x38, 0x73, 0x8A, 0x73, 0x8C, 0xCF, 0xCC, 0xD3, 0xE7, + 0xBA, 0x98, 0xFD, 0xF4, 0xF5, 0xF6, 0xA9, 0xC8, 0x07, 0x5B, 0x16, 0xAE, 0x76, 0x86, 0x24, 0x25, + 0xCC, 0x7C, 0xDB, 0x1E, 0x7F, 0xC4, 0xE4, 0xD3, 0x89, 0x5A, 0x91, 0x6A, 0x9C, 0x93, 0x03, 0xD2, + 0xD2, 0xC0, 0x29, 0x69, 0x58, 0x52, 0x6C, 0xCA, 0x91, 0x7D, 0xD2, 0x3D, 0xC7, 0x2F, 0x8A, 0x4E, + 0x55, 0x03, 0x34, 0x16, 0x01, 0x2F, 0x4F, 0x57, 0xEA, 0x10, 0xA7, 0xFB, 0xE3, 0x2E, 0x2C, 0x7F, + 0x5D, 0x27, 0x93, 0x74, 0x95, 0x25, 0x1A, 0x1E, 0x54, 0x1A, 0xB6, 0xE1, 0xDC, 0xC8, 0xE4, 0x84, + 0xEB, 0x38, 0x0F, 0x05, 0x74, 0xF3, 0x3A, 0xF9, 0xD8, 0x00, 0x43, 0xE9, 0x24, 0x1E, 0x45, 0xB4, + 0xE2, 0x38, 0x8B, 0x6A, 0x4F, 0xB6, 0x0B, 0x1D, 0xAC, 0xBC, 0xEC, 0xDA, 0x41, 0x9C, 0x7F, 0xA8, + 0x15, 0x09, 0x3B, 0x0B, 0x99, 0xC4, 0x48, 0xDD, 0xDE, 0x0D, 0x65, 0x86, 0x72, 0xAA, 0x0A, 0x4E, + 0x71, 0x30, 0x82, 0x03, 0xEB, 0x30, 0x82, 0x02, 0x53, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, + 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, + 0x30, 0x2B, 0x31, 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x20, 0x69, 0x6E, 0x74, + 0x65, 0x6C, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x69, 0x6E, 0x74, 0x65, + 0x72, 0x6D, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x63, 0x65, 0x72, 0x74, 0x30, 0x1E, 0x17, + 0x0D, 0x32, 0x32, 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x31, 0x31, 0x30, 0x36, 0x5A, 0x17, 0x0D, + 0x33, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x36, 0x31, 0x31, 0x30, 0x36, 0x5A, 0x30, 0x28, 0x31, + 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x1D, 0x69, 0x6E, 0x74, 0x65, 0x6C, 0x20, + 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x72, 0x65, 0x71, 0x75, 0x73, 0x65, 0x74, + 0x65, 0x72, 0x20, 0x63, 0x65, 0x72, 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, + 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0x93, 0x47, 0xF3, 0x71, 0x6B, 0x24, 0x1E, 0xC0, + 0xEB, 0x6B, 0x22, 0x23, 0xE7, 0xC8, 0x10, 0x9D, 0xB2, 0xEF, 0x1E, 0x65, 0xE9, 0xFF, 0xD6, 0x37, + 0xEE, 0xC5, 0x3F, 0x29, 0x25, 0x94, 0xB4, 0x30, 0x97, 0x51, 0xE3, 0x51, 0xA4, 0x39, 0xD1, 0x27, + 0x32, 0x9E, 0x6B, 0x80, 0xC2, 0x29, 0xF2, 0x28, 0xD1, 0x49, 0xDC, 0x62, 0x27, 0x5B, 0x3F, 0xCE, + 0x83, 0xD7, 0x7B, 0x09, 0x37, 0x48, 0x16, 0x7F, 0x2E, 0x6E, 0xFA, 0x67, 0xAA, 0x92, 0x17, 0xCB, + 0xFF, 0x4B, 0xE3, 0x1B, 0xD1, 0xA6, 0xE3, 0x6C, 0x4D, 0x9F, 0x9E, 0xC7, 0x01, 0xED, 0x9F, 0x14, + 0xB0, 0x34, 0x44, 0xA2, 0x88, 0x28, 0xF2, 0x3F, 0xAD, 0xF2, 0xF7, 0x51, 0x8C, 0xFE, 0x43, 0x73, + 0xFA, 0x8D, 0x2F, 0x63, 0x8C, 0x0E, 0xE5, 0x27, 0xDC, 0x12, 0x81, 0x26, 0xEA, 0x92, 0x67, 0x7D, + 0xC9, 0xFC, 0xEC, 0x4C, 0xCC, 0x79, 0x4D, 0x2D, 0xFE, 0xF6, 0x63, 0xB7, 0x63, 0xCA, 0x70, 0x24, + 0xE0, 0x23, 0x53, 0x92, 0xE8, 0x56, 0xB7, 0x85, 0x6D, 0x25, 0x9E, 0xE0, 0x24, 0xA8, 0x5C, 0xE0, + 0x0F, 0xC1, 0xB6, 0x20, 0x2F, 0x85, 0x2A, 0x67, 0xF6, 0x1B, 0x58, 0x60, 0x5A, 0x14, 0xDA, 0xC2, + 0x03, 0x10, 0x79, 0x33, 0x3C, 0x41, 0xC6, 0xBE, 0xD2, 0xEE, 0x2F, 0x65, 0xD5, 0xAD, 0x9C, 0xC6, + 0x09, 0xAE, 0x26, 0xF2, 0xAC, 0xC2, 0x65, 0x12, 0x74, 0x09, 0xE8, 0x89, 0x66, 0xF6, 0x95, 0xB8, + 0x6A, 0x5F, 0x96, 0xC2, 0x3C, 0x9F, 0x01, 0x52, 0xA8, 0xC8, 0x4E, 0xD8, 0xBA, 0x95, 0x38, 0x5B, + 0xF8, 0xC6, 0x43, 0x54, 0xAC, 0x63, 0x90, 0xD4, 0xDE, 0x11, 0x40, 0x27, 0xE5, 0x12, 0x1D, 0x72, + 0xA2, 0xEC, 0xAD, 0x0A, 0x8B, 0x68, 0x21, 0x9D, 0xEA, 0x16, 0x70, 0x5F, 0x32, 0x3A, 0xED, 0x4F, + 0x0B, 0xB2, 0x44, 0x1F, 0x44, 0x9B, 0x4C, 0x03, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x81, 0x9C, + 0x30, 0x81, 0x99, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x02, 0x30, + 0x00, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x04, 0x04, 0x03, 0x02, 0x05, 0xE0, 0x30, 0x1D, + 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x7C, 0x69, 0x5E, 0x84, 0xBB, 0xC7, 0x6B, + 0xFC, 0x45, 0x70, 0xA4, 0x4B, 0x1E, 0x67, 0x70, 0x04, 0xA4, 0x37, 0xDD, 0x72, 0x30, 0x31, 0x06, + 0x03, 0x55, 0x1D, 0x11, 0x04, 0x2A, 0x30, 0x28, 0xA0, 0x26, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, + 0x01, 0x83, 0x1C, 0x82, 0x12, 0x01, 0xA0, 0x18, 0x0C, 0x16, 0x41, 0x43, 0x4D, 0x45, 0x3A, 0x57, + 0x49, 0x44, 0x47, 0x45, 0x54, 0x3A, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, + 0x30, 0x2A, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x01, 0x01, 0xFF, 0x04, 0x20, 0x30, 0x1E, 0x06, 0x08, + 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x03, 0x02, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x81, 0x00, + 0x8E, 0x19, 0x08, 0xEC, 0x7A, 0xCC, 0x6D, 0x04, 0x5F, 0xB7, 0xF9, 0xD2, 0xCD, 0x76, 0xEE, 0x44, + 0x1B, 0x7C, 0x19, 0xCB, 0x18, 0xDD, 0x60, 0x50, 0x3A, 0x54, 0xB1, 0x75, 0x17, 0xF6, 0xCE, 0x19, + 0x15, 0x09, 0x9E, 0x5B, 0xFC, 0x5C, 0xB3, 0x20, 0x8D, 0xCB, 0x9D, 0xFC, 0x23, 0x12, 0x68, 0x87, + 0x55, 0x0D, 0x3B, 0x5F, 0x9F, 0x4E, 0xB2, 0x17, 0x13, 0x0B, 0xC4, 0x6F, 0xBE, 0x43, 0x75, 0xA6, + 0xB7, 0x3C, 0x0E, 0xE0, 0xDF, 0x84, 0xE5, 0x88, 0x46, 0x08, 0xC3, 0x36, 0x1B, 0x31, 0x02, 0x92, + 0x7C, 0x53, 0xC4, 0x08, 0x63, 0x3E, 0x46, 0x75, 0xD7, 0x35, 0x9A, 0xD0, 0x76, 0x71, 0xF9, 0x57, + 0x97, 0xC7, 0x3C, 0x3B, 0xCE, 0x7A, 0x82, 0x95, 0x15, 0x8E, 0x20, 0xCC, 0x7B, 0xA0, 0xC4, 0x68, + 0x21, 0x26, 0x9C, 0xFD, 0x29, 0x83, 0x41, 0x19, 0x98, 0xB6, 0x8A, 0x3A, 0x06, 0x5F, 0x01, 0x1B, + 0x80, 0xAC, 0x33, 0xD9, 0x0C, 0x9C, 0xEA, 0x70, 0xD7, 0xF5, 0x1E, 0xB0, 0x78, 0x24, 0xBC, 0x59, + 0xAF, 0x07, 0xC6, 0x16, 0x46, 0xDD, 0x9D, 0x00, 0x9A, 0xC8, 0x9A, 0x04, 0x19, 0x4D, 0x62, 0xA9, + 0x4F, 0x7C, 0x05, 0x24, 0x93, 0xC6, 0x01, 0xC5, 0xB2, 0x89, 0xE8, 0x62, 0x47, 0xBE, 0xA3, 0xD1, + 0x9C, 0x47, 0x31, 0x06, 0x16, 0x6B, 0x3B, 0xF8, 0xAD, 0xB0, 0x4C, 0xFB, 0x2B, 0x6B, 0x8E, 0x88, + 0x53, 0x70, 0x75, 0x40, 0x30, 0xAF, 0xFE, 0xC5, 0xF3, 0x0F, 0x86, 0x8F, 0x58, 0x56, 0x67, 0xBD, + 0x15, 0x1F, 0x8A, 0x5C, 0xA3, 0x8A, 0x9A, 0x88, 0xE5, 0xF2, 0xD3, 0x7F, 0xAC, 0x56, 0x34, 0x21, + 0x24, 0xF7, 0xDE, 0x9D, 0x97, 0x9B, 0xE6, 0x20, 0xD6, 0x3D, 0x48, 0x73, 0x29, 0x23, 0xF9, 0x0F, + 0xAB, 0x04, 0xE6, 0x1D, 0x70, 0xEE, 0xCB, 0x5A, 0xE5, 0x8A, 0xF4, 0xBC, 0x4B, 0xAD, 0x18, 0xEC, + 0x25, 0x8A, 0xB8, 0x91, 0xF9, 0x53, 0xF4, 0xE4, 0xCE, 0xA7, 0x54, 0xF6, 0x83, 0x66, 0x07, 0xC5, + 0x51, 0x48, 0x20, 0x54, 0x5B, 0x5D, 0xC1, 0x80, 0x04, 0x17, 0x89, 0x14, 0x5A, 0x06, 0x34, 0x86, + 0xDB, 0x8B, 0xAF, 0x04, 0x24, 0xD9, 0xBD, 0xA8, 0x27, 0x09, 0x51, 0xFE, 0x6E, 0x47, 0x3C, 0x29, + 0x0A, 0x64, 0x3E, 0x0F, 0x00, 0xF1, 0xD9, 0xDC, 0xE9, 0xD1, 0x3C, 0xCF, 0xA4, 0xA9, 0x4F, 0x54, + 0x02, 0xCF, 0xA1, 0x40, 0x49, 0x61, 0x2A, 0x07, 0xA2, 0x44, 0x35, 0x20, 0x20, 0x56, 0x1C, 0x27, + 0xA2, 0xFF, 0x07, 0x3E, 0x8B, 0xFE, 0x60, 0x42, 0x75, 0x0C, 0xE3, 0x8F, 0xEE, 0x33, 0x8D, 0xFC, + 0x3B, 0x53, 0x36, 0x39, 0x10, 0x1A, 0xE3, 0xD2, 0x09, 0x7B, 0x00, 0xD0, 0xBD, 0x39, 0xF4, 0xCC, + 0xE3, 0x42, 0xD4, 0xA5, 0x2D, 0x0B, 0x58, 0xDF, 0x24, 0x7F, 0x85, 0x0A, 0xF2, 0x17, 0x76, 0xDD, +}; +UINTN TestCertChainSize = sizeof (TestCertChain); + +// NO_TRUST_ANCHOR: RSASSA_2048 + SHA_256 +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 TestRootCer2[] = { + 0x30, 0x82, 0x03, 0x19, 0x30, 0x82, 0x02, 0x01, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x00, + 0xc1, 0xa4, 0x5b, 0x46, 0x3d, 0xd9, 0x3f, 0x99, 0x71, 0x83, 0x0b, 0x81, 0x68, 0x19, 0x88, 0x49, + 0x8e, 0xf0, 0xdd, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, 0x30, 0x1c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x11, 0x69, + 0x6e, 0x74, 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x41, + 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x35, 0x32, 0x32, 0x31, 0x32, 0x33, 0x35, 0x33, 0x34, + 0x5a, 0x17, 0x0d, 0x33, 0x32, 0x30, 0x35, 0x31, 0x39, 0x31, 0x32, 0x33, 0x35, 0x33, 0x34, 0x5a, + 0x30, 0x1c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x11, 0x69, 0x6e, 0x74, + 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x41, 0x30, 0x82, + 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa8, + 0x6d, 0xa3, 0xf5, 0x9b, 0xf4, 0x9c, 0x3e, 0xb0, 0xc5, 0x52, 0x52, 0x31, 0xea, 0x4d, 0x0c, 0x9e, + 0x61, 0x52, 0x2e, 0x3b, 0xce, 0x09, 0x72, 0x7e, 0x6a, 0xea, 0xf9, 0xc5, 0x81, 0x9e, 0xd6, 0xf4, + 0x70, 0xc0, 0x22, 0xa8, 0xa8, 0x50, 0x27, 0xdf, 0x81, 0x5e, 0x18, 0xc3, 0x30, 0x6c, 0x96, 0xc1, + 0xb3, 0xe0, 0x2d, 0xeb, 0x55, 0xf9, 0xf6, 0xee, 0x93, 0xac, 0xcd, 0x3b, 0x2c, 0xba, 0xa8, 0xf7, + 0x6f, 0xd1, 0x17, 0x81, 0x50, 0x2e, 0xe1, 0x9d, 0x0d, 0xf3, 0xcb, 0x9f, 0x22, 0x8e, 0x7a, 0x05, + 0xd5, 0x7b, 0x03, 0x6b, 0xc5, 0x8a, 0x9a, 0xa2, 0x8d, 0x06, 0x32, 0x39, 0x3e, 0x6a, 0x58, 0xf4, + 0xd3, 0x66, 0xcb, 0xe1, 0x8d, 0xf2, 0x42, 0x9d, 0x75, 0x01, 0xb3, 0x4e, 0xae, 0x52, 0x23, 0xd8, + 0xd5, 0xe6, 0x34, 0xd0, 0x57, 0x98, 0xf2, 0x2d, 0xf9, 0xe6, 0xb5, 0x07, 0x79, 0xa1, 0x01, 0x18, + 0x34, 0x95, 0x5c, 0xd7, 0x24, 0xc8, 0xa5, 0x8b, 0x2f, 0x87, 0x7f, 0xbd, 0xf0, 0x01, 0xcd, 0x8c, + 0xd4, 0xed, 0x9c, 0x05, 0x2d, 0x9a, 0x16, 0x76, 0xec, 0xd1, 0xe6, 0x3b, 0x00, 0x4e, 0x4c, 0x02, + 0x3c, 0xac, 0xec, 0x47, 0xb5, 0x36, 0x82, 0x60, 0x0a, 0x44, 0xbd, 0x46, 0x8f, 0xac, 0xe7, 0xb9, + 0xb4, 0xb5, 0x44, 0x1a, 0x2f, 0xa6, 0x28, 0x17, 0xa1, 0xcf, 0xce, 0x1e, 0x8b, 0x56, 0xfa, 0x3b, + 0x02, 0xd6, 0x76, 0x2b, 0xa1, 0x11, 0xf7, 0x64, 0xae, 0xff, 0xa7, 0x3c, 0xab, 0x32, 0x4d, 0x50, + 0x62, 0x25, 0xc1, 0xb7, 0x9d, 0xc0, 0xb8, 0x9a, 0xcf, 0x14, 0x50, 0xff, 0xf6, 0x64, 0x50, 0xef, + 0x95, 0xf5, 0x63, 0x9b, 0x6c, 0x30, 0xd3, 0xd4, 0x5f, 0x27, 0x34, 0xf6, 0x42, 0xf5, 0x4f, 0xce, + 0xa8, 0x8e, 0xc3, 0x29, 0x7a, 0x57, 0x1d, 0xe8, 0x53, 0x28, 0x9e, 0xdd, 0xed, 0x2c, 0x8b, 0x02, + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, + 0x16, 0x04, 0x14, 0x5d, 0x35, 0xee, 0xb2, 0x56, 0x05, 0x9f, 0xfd, 0x8f, 0xfa, 0x97, 0xfb, 0xec, + 0x06, 0x29, 0x64, 0x96, 0x43, 0x33, 0x8d, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, + 0x30, 0x16, 0x80, 0x14, 0x5d, 0x35, 0xee, 0xb2, 0x56, 0x05, 0x9f, 0xfd, 0x8f, 0xfa, 0x97, 0xfb, + 0xec, 0x06, 0x29, 0x64, 0x96, 0x43, 0x33, 0x8d, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, + 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x8b, 0x60, 0x32, + 0x53, 0xc7, 0x0d, 0xcb, 0xea, 0x76, 0xb3, 0x4a, 0xa1, 0xb3, 0x72, 0x47, 0xc7, 0x7d, 0x33, 0x3d, + 0x54, 0xdb, 0xae, 0xe6, 0x5d, 0xc3, 0x73, 0xd7, 0x62, 0xaf, 0xfb, 0x99, 0xd4, 0x23, 0x6f, 0x28, + 0xa8, 0xc4, 0xa8, 0x77, 0x79, 0x02, 0xac, 0xa3, 0xea, 0xcc, 0xdb, 0x77, 0x01, 0x04, 0xe5, 0xc0, + 0xe8, 0x86, 0x4d, 0x2e, 0x94, 0xe4, 0xd6, 0xe9, 0x04, 0x21, 0x8c, 0x47, 0x20, 0x73, 0x91, 0x52, + 0x50, 0xa2, 0xc7, 0xc1, 0xee, 0x79, 0x9c, 0xb6, 0x91, 0x19, 0x41, 0x08, 0xea, 0xf3, 0x52, 0x7f, + 0xcb, 0xef, 0x26, 0x1b, 0x21, 0x8e, 0x12, 0x49, 0x5b, 0x16, 0x73, 0xc2, 0x0c, 0xad, 0xcd, 0xc8, + 0x80, 0x3f, 0xf4, 0xf5, 0x68, 0xc0, 0x8d, 0x7f, 0xb6, 0x1a, 0xc6, 0x67, 0xf4, 0xb3, 0x66, 0x09, + 0xd7, 0x4d, 0x2e, 0x8a, 0xba, 0xb0, 0xc2, 0xdf, 0xf9, 0xe3, 0x64, 0xe8, 0x44, 0x4b, 0xf8, 0xbc, + 0x94, 0x10, 0xfb, 0x38, 0x0a, 0x23, 0x12, 0x13, 0xa6, 0x80, 0x99, 0x0d, 0x48, 0xe3, 0xc7, 0xa5, + 0x2e, 0x13, 0xb5, 0xfb, 0x70, 0x3e, 0x48, 0x83, 0x57, 0x61, 0x3b, 0x0f, 0x91, 0x4d, 0xe2, 0xb9, + 0x12, 0xe4, 0x96, 0x59, 0x14, 0x42, 0x97, 0x64, 0x7c, 0x00, 0xbd, 0xe5, 0xba, 0xa7, 0x15, 0x41, + 0xc1, 0x6c, 0xd4, 0x7c, 0x97, 0x1f, 0xc3, 0x03, 0x78, 0x0f, 0xe2, 0x3a, 0x1c, 0x1a, 0xf0, 0x95, + 0x16, 0x2c, 0xd0, 0x24, 0x2b, 0x54, 0x83, 0x7f, 0x3a, 0xd6, 0x29, 0x28, 0xf6, 0x76, 0x56, 0x9b, + 0x84, 0xed, 0xb8, 0x1f, 0xc6, 0xea, 0xd7, 0x81, 0x9b, 0x62, 0x6e, 0xeb, 0xe6, 0xb4, 0xa9, 0x12, + 0x97, 0xa2, 0xb7, 0x6c, 0x50, 0xa3, 0x81, 0xdb, 0x15, 0xf3, 0x1e, 0x4a, 0x7d, 0xdd, 0xa4, 0x42, + 0x36, 0xe2, 0x53, 0x24, 0x05, 0x8d, 0xc9, 0xd2, 0x41, 0x5a, 0x54, 0x4b, 0x0b, +}; +UINTN TestRootCer2Size = sizeof (TestRootCer2); + +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 TestCertChain2[] = { + 0x30, 0x82, 0x03, 0x19, 0x30, 0x82, 0x02, 0x01, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x00, + 0xc1, 0xa4, 0x5b, 0x46, 0x3d, 0xd9, 0x3f, 0x99, 0x71, 0x83, 0x0b, 0x81, 0x68, 0x19, 0x88, 0x49, + 0x8e, 0xf0, 0xdd, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, 0x30, 0x1c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x11, 0x69, + 0x6e, 0x74, 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x41, + 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x35, 0x32, 0x32, 0x31, 0x32, 0x33, 0x35, 0x33, 0x34, + 0x5a, 0x17, 0x0d, 0x33, 0x32, 0x30, 0x35, 0x31, 0x39, 0x31, 0x32, 0x33, 0x35, 0x33, 0x34, 0x5a, + 0x30, 0x1c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x11, 0x69, 0x6e, 0x74, + 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x41, 0x30, 0x82, + 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa8, + 0x6d, 0xa3, 0xf5, 0x9b, 0xf4, 0x9c, 0x3e, 0xb0, 0xc5, 0x52, 0x52, 0x31, 0xea, 0x4d, 0x0c, 0x9e, + 0x61, 0x52, 0x2e, 0x3b, 0xce, 0x09, 0x72, 0x7e, 0x6a, 0xea, 0xf9, 0xc5, 0x81, 0x9e, 0xd6, 0xf4, + 0x70, 0xc0, 0x22, 0xa8, 0xa8, 0x50, 0x27, 0xdf, 0x81, 0x5e, 0x18, 0xc3, 0x30, 0x6c, 0x96, 0xc1, + 0xb3, 0xe0, 0x2d, 0xeb, 0x55, 0xf9, 0xf6, 0xee, 0x93, 0xac, 0xcd, 0x3b, 0x2c, 0xba, 0xa8, 0xf7, + 0x6f, 0xd1, 0x17, 0x81, 0x50, 0x2e, 0xe1, 0x9d, 0x0d, 0xf3, 0xcb, 0x9f, 0x22, 0x8e, 0x7a, 0x05, + 0xd5, 0x7b, 0x03, 0x6b, 0xc5, 0x8a, 0x9a, 0xa2, 0x8d, 0x06, 0x32, 0x39, 0x3e, 0x6a, 0x58, 0xf4, + 0xd3, 0x66, 0xcb, 0xe1, 0x8d, 0xf2, 0x42, 0x9d, 0x75, 0x01, 0xb3, 0x4e, 0xae, 0x52, 0x23, 0xd8, + 0xd5, 0xe6, 0x34, 0xd0, 0x57, 0x98, 0xf2, 0x2d, 0xf9, 0xe6, 0xb5, 0x07, 0x79, 0xa1, 0x01, 0x18, + 0x34, 0x95, 0x5c, 0xd7, 0x24, 0xc8, 0xa5, 0x8b, 0x2f, 0x87, 0x7f, 0xbd, 0xf0, 0x01, 0xcd, 0x8c, + 0xd4, 0xed, 0x9c, 0x05, 0x2d, 0x9a, 0x16, 0x76, 0xec, 0xd1, 0xe6, 0x3b, 0x00, 0x4e, 0x4c, 0x02, + 0x3c, 0xac, 0xec, 0x47, 0xb5, 0x36, 0x82, 0x60, 0x0a, 0x44, 0xbd, 0x46, 0x8f, 0xac, 0xe7, 0xb9, + 0xb4, 0xb5, 0x44, 0x1a, 0x2f, 0xa6, 0x28, 0x17, 0xa1, 0xcf, 0xce, 0x1e, 0x8b, 0x56, 0xfa, 0x3b, + 0x02, 0xd6, 0x76, 0x2b, 0xa1, 0x11, 0xf7, 0x64, 0xae, 0xff, 0xa7, 0x3c, 0xab, 0x32, 0x4d, 0x50, + 0x62, 0x25, 0xc1, 0xb7, 0x9d, 0xc0, 0xb8, 0x9a, 0xcf, 0x14, 0x50, 0xff, 0xf6, 0x64, 0x50, 0xef, + 0x95, 0xf5, 0x63, 0x9b, 0x6c, 0x30, 0xd3, 0xd4, 0x5f, 0x27, 0x34, 0xf6, 0x42, 0xf5, 0x4f, 0xce, + 0xa8, 0x8e, 0xc3, 0x29, 0x7a, 0x57, 0x1d, 0xe8, 0x53, 0x28, 0x9e, 0xdd, 0xed, 0x2c, 0x8b, 0x02, + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, + 0x16, 0x04, 0x14, 0x5d, 0x35, 0xee, 0xb2, 0x56, 0x05, 0x9f, 0xfd, 0x8f, 0xfa, 0x97, 0xfb, 0xec, + 0x06, 0x29, 0x64, 0x96, 0x43, 0x33, 0x8d, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, + 0x30, 0x16, 0x80, 0x14, 0x5d, 0x35, 0xee, 0xb2, 0x56, 0x05, 0x9f, 0xfd, 0x8f, 0xfa, 0x97, 0xfb, + 0xec, 0x06, 0x29, 0x64, 0x96, 0x43, 0x33, 0x8d, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, + 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x8b, 0x60, 0x32, + 0x53, 0xc7, 0x0d, 0xcb, 0xea, 0x76, 0xb3, 0x4a, 0xa1, 0xb3, 0x72, 0x47, 0xc7, 0x7d, 0x33, 0x3d, + 0x54, 0xdb, 0xae, 0xe6, 0x5d, 0xc3, 0x73, 0xd7, 0x62, 0xaf, 0xfb, 0x99, 0xd4, 0x23, 0x6f, 0x28, + 0xa8, 0xc4, 0xa8, 0x77, 0x79, 0x02, 0xac, 0xa3, 0xea, 0xcc, 0xdb, 0x77, 0x01, 0x04, 0xe5, 0xc0, + 0xe8, 0x86, 0x4d, 0x2e, 0x94, 0xe4, 0xd6, 0xe9, 0x04, 0x21, 0x8c, 0x47, 0x20, 0x73, 0x91, 0x52, + 0x50, 0xa2, 0xc7, 0xc1, 0xee, 0x79, 0x9c, 0xb6, 0x91, 0x19, 0x41, 0x08, 0xea, 0xf3, 0x52, 0x7f, + 0xcb, 0xef, 0x26, 0x1b, 0x21, 0x8e, 0x12, 0x49, 0x5b, 0x16, 0x73, 0xc2, 0x0c, 0xad, 0xcd, 0xc8, + 0x80, 0x3f, 0xf4, 0xf5, 0x68, 0xc0, 0x8d, 0x7f, 0xb6, 0x1a, 0xc6, 0x67, 0xf4, 0xb3, 0x66, 0x09, + 0xd7, 0x4d, 0x2e, 0x8a, 0xba, 0xb0, 0xc2, 0xdf, 0xf9, 0xe3, 0x64, 0xe8, 0x44, 0x4b, 0xf8, 0xbc, + 0x94, 0x10, 0xfb, 0x38, 0x0a, 0x23, 0x12, 0x13, 0xa6, 0x80, 0x99, 0x0d, 0x48, 0xe3, 0xc7, 0xa5, + 0x2e, 0x13, 0xb5, 0xfb, 0x70, 0x3e, 0x48, 0x83, 0x57, 0x61, 0x3b, 0x0f, 0x91, 0x4d, 0xe2, 0xb9, + 0x12, 0xe4, 0x96, 0x59, 0x14, 0x42, 0x97, 0x64, 0x7c, 0x00, 0xbd, 0xe5, 0xba, 0xa7, 0x15, 0x41, + 0xc1, 0x6c, 0xd4, 0x7c, 0x97, 0x1f, 0xc3, 0x03, 0x78, 0x0f, 0xe2, 0x3a, 0x1c, 0x1a, 0xf0, 0x95, + 0x16, 0x2c, 0xd0, 0x24, 0x2b, 0x54, 0x83, 0x7f, 0x3a, 0xd6, 0x29, 0x28, 0xf6, 0x76, 0x56, 0x9b, + 0x84, 0xed, 0xb8, 0x1f, 0xc6, 0xea, 0xd7, 0x81, 0x9b, 0x62, 0x6e, 0xeb, 0xe6, 0xb4, 0xa9, 0x12, + 0x97, 0xa2, 0xb7, 0x6c, 0x50, 0xa3, 0x81, 0xdb, 0x15, 0xf3, 0x1e, 0x4a, 0x7d, 0xdd, 0xa4, 0x42, + 0x36, 0xe2, 0x53, 0x24, 0x05, 0x8d, 0xc9, 0xd2, 0x41, 0x5a, 0x54, 0x4b, 0x0b, 0x30, 0x82, 0x03, + 0x20, 0x30, 0x82, 0x02, 0x08, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x1c, 0x31, 0x1a, + 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x11, 0x69, 0x6e, 0x74, 0x65, 0x6c, 0x20, 0x74, + 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, + 0x30, 0x35, 0x32, 0x32, 0x31, 0x32, 0x35, 0x39, 0x34, 0x31, 0x5a, 0x17, 0x0d, 0x33, 0x32, 0x30, + 0x35, 0x31, 0x39, 0x31, 0x32, 0x35, 0x39, 0x34, 0x31, 0x5a, 0x30, 0x2b, 0x31, 0x29, 0x30, 0x27, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, + 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, + 0x74, 0x65, 0x20, 0x63, 0x65, 0x72, 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, + 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x1f, 0xd2, 0xd2, 0x52, 0x2c, 0xb7, 0x68, + 0x24, 0xd0, 0x5a, 0x63, 0x5a, 0x59, 0x53, 0xed, 0xda, 0x02, 0x4a, 0xc7, 0xf0, 0x24, 0x37, 0xdd, + 0xa1, 0xf1, 0x71, 0x10, 0xb2, 0xd6, 0xf8, 0x73, 0xa7, 0xbb, 0x57, 0xe7, 0xf9, 0xe2, 0xd0, 0x9f, + 0x65, 0xc3, 0x4e, 0x4a, 0xf2, 0x91, 0x87, 0x4c, 0xde, 0xc1, 0xa8, 0x06, 0x65, 0x51, 0xd4, 0x88, + 0x50, 0x68, 0x4b, 0x4e, 0x7d, 0x95, 0x62, 0x4d, 0xda, 0xb0, 0xd4, 0x9c, 0x1a, 0x1c, 0x02, 0xd8, + 0xfd, 0x39, 0x30, 0x74, 0x3b, 0x63, 0xf5, 0xdc, 0x40, 0xce, 0xa8, 0x51, 0xea, 0xf7, 0x70, 0x58, + 0xcb, 0xc1, 0xbd, 0xbb, 0x0d, 0xbf, 0xc1, 0xe1, 0xc9, 0x85, 0x42, 0x9c, 0xd6, 0x77, 0x28, 0x2c, + 0xa7, 0xcb, 0x66, 0x7d, 0x27, 0x43, 0x93, 0x97, 0x9c, 0x19, 0x7c, 0x02, 0x2f, 0x1b, 0x81, 0xe6, + 0xbc, 0xe0, 0x91, 0x0e, 0x74, 0x59, 0x6b, 0x14, 0x30, 0xf5, 0x2a, 0xda, 0xae, 0x96, 0xbf, 0xd5, + 0xcf, 0x28, 0x35, 0xbe, 0xa3, 0x57, 0xdb, 0xc7, 0xe0, 0x2c, 0x32, 0x34, 0x44, 0xf7, 0x24, 0xbd, + 0x93, 0x09, 0xef, 0x48, 0x0b, 0x1e, 0x0b, 0xd7, 0xb1, 0xd6, 0x22, 0x44, 0x4b, 0xd4, 0x65, 0x0a, + 0x04, 0xeb, 0x89, 0xe7, 0x31, 0xfa, 0x61, 0xf1, 0x1d, 0x49, 0x54, 0x1a, 0x11, 0x56, 0xc7, 0xab, + 0x77, 0x8a, 0xe2, 0x29, 0xae, 0x20, 0xec, 0x4f, 0x36, 0xeb, 0xd5, 0xcc, 0xa4, 0x9b, 0x4c, 0x0a, + 0xbe, 0xcd, 0x78, 0x86, 0xeb, 0xd8, 0xfb, 0x66, 0xdc, 0xeb, 0xe7, 0xf6, 0xe1, 0x6c, 0xa3, 0x0f, + 0x53, 0x34, 0x31, 0x45, 0x70, 0xe2, 0xda, 0xfb, 0xed, 0x70, 0x8a, 0x00, 0xd5, 0xfe, 0x4c, 0xc0, + 0x01, 0xb6, 0x84, 0x83, 0xe6, 0x16, 0x57, 0x7a, 0x78, 0x10, 0x3e, 0xdc, 0x5d, 0x31, 0x2b, 0xe8, + 0xb1, 0xa3, 0x79, 0xa6, 0xc6, 0xb9, 0x10, 0xe9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x5e, 0x30, + 0x5c, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, + 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0xfe, 0x30, 0x1d, 0x06, 0x03, + 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x23, 0x22, 0x47, 0x1c, 0xe8, 0x73, 0xd3, 0x1c, 0xfb, + 0xec, 0xaf, 0xaa, 0xe8, 0xf1, 0x2a, 0x74, 0xd9, 0x34, 0x89, 0x66, 0x30, 0x20, 0x06, 0x03, 0x55, + 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, + 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, + 0x00, 0x45, 0xd9, 0x79, 0x49, 0x47, 0x7c, 0xde, 0x4d, 0x9a, 0x14, 0x35, 0xad, 0x28, 0x23, 0x28, + 0xc8, 0x4e, 0xb9, 0xef, 0x51, 0xca, 0xa7, 0x3e, 0x71, 0xf3, 0xc1, 0xbc, 0xe9, 0xde, 0xba, 0x6f, + 0x3f, 0x5e, 0x59, 0xa0, 0x37, 0x87, 0xfb, 0x0a, 0x5c, 0x81, 0x7f, 0xc9, 0xe1, 0xea, 0x5c, 0xaf, + 0x8b, 0x12, 0xf5, 0x32, 0x3a, 0xfa, 0xcc, 0x20, 0x42, 0xb6, 0xd2, 0x52, 0x42, 0x91, 0xc8, 0xc9, + 0x24, 0x17, 0x50, 0xf3, 0x17, 0x91, 0x51, 0xbb, 0x93, 0x27, 0x3c, 0xd1, 0xc1, 0xdb, 0x77, 0x7f, + 0xba, 0x14, 0x51, 0x25, 0x99, 0x8f, 0xfb, 0x4a, 0xa4, 0x3c, 0xde, 0xb3, 0x8a, 0x66, 0x29, 0x25, + 0x01, 0x9b, 0x6f, 0xd7, 0x51, 0x11, 0xb8, 0x86, 0x34, 0xea, 0x1e, 0xe5, 0xa4, 0x7f, 0x1c, 0x78, + 0xeb, 0x81, 0xe0, 0x01, 0x23, 0x38, 0x46, 0xb1, 0xf4, 0x8a, 0x84, 0x47, 0x51, 0x7f, 0x78, 0x9d, + 0x52, 0x23, 0x05, 0x6b, 0x12, 0x73, 0xa9, 0xc2, 0x93, 0x12, 0xa2, 0xe5, 0x20, 0xc6, 0xa6, 0x0f, + 0xfd, 0x72, 0x72, 0x47, 0x10, 0x01, 0x24, 0xfe, 0x24, 0xcc, 0x6c, 0x85, 0x6c, 0xe1, 0xbe, 0x35, + 0x2a, 0xc6, 0x5a, 0x60, 0x7d, 0x8e, 0x76, 0xe2, 0xde, 0x73, 0x7c, 0xfe, 0xb5, 0xb1, 0x63, 0xc6, + 0x18, 0xe2, 0xee, 0x50, 0xca, 0xb1, 0x5e, 0x40, 0x39, 0x7f, 0xf9, 0x7c, 0xb9, 0x5a, 0x28, 0x67, + 0x27, 0x95, 0xcb, 0x0d, 0x63, 0xdd, 0x95, 0x39, 0xa6, 0x91, 0x87, 0x40, 0xe3, 0x0e, 0x02, 0xd3, + 0xf4, 0xda, 0xd1, 0x64, 0x80, 0xb7, 0x37, 0x41, 0x36, 0xb2, 0x99, 0xa1, 0xb9, 0x9e, 0x82, 0x82, + 0xb0, 0x67, 0x9f, 0xa7, 0x1c, 0x6e, 0x9c, 0xa8, 0x9a, 0xe3, 0x6b, 0x4c, 0x5b, 0xcd, 0x8d, 0x78, + 0x81, 0xf7, 0x66, 0x87, 0xa9, 0xc9, 0x68, 0xd8, 0xfc, 0xb1, 0x56, 0x8a, 0xc7, 0xa1, 0x88, 0x69, + 0x84, 0x30, 0x82, 0x03, 0x6b, 0x30, 0x82, 0x02, 0x53, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, + 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, + 0x30, 0x2b, 0x31, 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x20, 0x69, 0x6e, 0x74, + 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x63, 0x65, 0x72, 0x74, 0x30, 0x1e, 0x17, + 0x0d, 0x32, 0x32, 0x30, 0x35, 0x32, 0x32, 0x31, 0x33, 0x30, 0x30, 0x34, 0x33, 0x5a, 0x17, 0x0d, + 0x33, 0x32, 0x30, 0x35, 0x31, 0x39, 0x31, 0x33, 0x30, 0x30, 0x34, 0x33, 0x5a, 0x30, 0x28, 0x31, + 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1d, 0x69, 0x6e, 0x74, 0x65, 0x6c, 0x20, + 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, + 0x65, 0x72, 0x20, 0x63, 0x65, 0x72, 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, + 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb1, 0x24, 0x15, 0x0f, 0x17, 0xd0, 0x00, 0xa7, + 0xe6, 0xc0, 0x21, 0xed, 0x28, 0x9e, 0x03, 0x45, 0x18, 0xee, 0x75, 0x09, 0x39, 0x73, 0x4a, 0x6a, + 0x29, 0xbd, 0xf7, 0xf4, 0x20, 0x04, 0xf2, 0x51, 0x0d, 0xf5, 0xc7, 0x57, 0x55, 0x34, 0x86, 0x9a, + 0x11, 0x9b, 0x6e, 0x94, 0x10, 0xe0, 0xe2, 0x7a, 0xbf, 0x25, 0xe6, 0xc4, 0x20, 0x6d, 0x60, 0x18, + 0x61, 0xf6, 0xaa, 0xce, 0xa5, 0xf8, 0x4a, 0xd0, 0x12, 0xa1, 0xb0, 0xfa, 0x3e, 0xf6, 0xb5, 0x50, + 0xe3, 0x5a, 0x81, 0xdb, 0x5b, 0x9b, 0xb2, 0x6a, 0xa3, 0x25, 0x79, 0x97, 0xce, 0x7b, 0x30, 0x55, + 0xcf, 0x2c, 0xab, 0x17, 0xcc, 0x60, 0x65, 0x03, 0x41, 0xb8, 0xcb, 0x92, 0xfd, 0x23, 0xf0, 0xba, + 0x88, 0xe9, 0xfb, 0xe9, 0xf8, 0x6e, 0x46, 0xce, 0x8d, 0xd6, 0xaa, 0xf5, 0x3d, 0xeb, 0x97, 0xd4, + 0x94, 0x05, 0x79, 0x41, 0xcf, 0xb7, 0xb5, 0x7a, 0xef, 0xf5, 0xe2, 0xe8, 0xa7, 0x91, 0x54, 0xc1, + 0xa8, 0xe9, 0x44, 0x0f, 0xa8, 0x42, 0x75, 0x72, 0xa3, 0x6d, 0x14, 0x33, 0x3b, 0xb3, 0xd5, 0xb9, + 0xc0, 0x48, 0x24, 0xc7, 0x2c, 0x44, 0x9d, 0x36, 0x70, 0x14, 0xd1, 0x01, 0x58, 0x56, 0xfc, 0x48, + 0xd1, 0x87, 0x91, 0x6b, 0xb8, 0x3a, 0x97, 0xd5, 0x12, 0x1b, 0xb2, 0x5b, 0xb5, 0xf2, 0xe3, 0xcc, + 0x4d, 0x61, 0x67, 0x64, 0xb8, 0x33, 0x6b, 0xc1, 0x11, 0x3f, 0x9f, 0x9e, 0xeb, 0x33, 0x22, 0x60, + 0x2b, 0x21, 0x48, 0x45, 0xf4, 0x61, 0x4e, 0x21, 0x73, 0x8f, 0xb4, 0x96, 0x21, 0x73, 0x9f, 0x0b, + 0xd8, 0x2b, 0xef, 0xac, 0xa9, 0x43, 0x4a, 0xff, 0x7a, 0x59, 0xfa, 0x1c, 0xff, 0xdf, 0x34, 0xaa, + 0xc8, 0xea, 0x18, 0x81, 0x00, 0xe7, 0xf5, 0x3f, 0x0b, 0xf8, 0x51, 0x70, 0x90, 0xbb, 0x8b, 0x2b, + 0x7a, 0x8e, 0x59, 0x75, 0x8a, 0x3e, 0x6b, 0xfd, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0x9c, + 0x30, 0x81, 0x99, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, + 0x00, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x05, 0xe0, 0x30, 0x1d, + 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x15, 0xa3, 0x13, 0x7b, 0xd9, 0xfe, 0x6a, + 0x68, 0x36, 0x1f, 0x0d, 0xdc, 0x7e, 0x57, 0x17, 0x82, 0x41, 0xc0, 0x0b, 0xaa, 0x30, 0x31, 0x06, + 0x03, 0x55, 0x1d, 0x11, 0x04, 0x2a, 0x30, 0x28, 0xa0, 0x26, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, + 0x01, 0x83, 0x1c, 0x82, 0x12, 0x01, 0xa0, 0x18, 0x0c, 0x16, 0x41, 0x43, 0x4d, 0x45, 0x3a, 0x57, + 0x49, 0x44, 0x47, 0x45, 0x54, 0x3a, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, + 0x30, 0x2a, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x20, 0x30, 0x1e, 0x06, 0x08, + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x03, 0x02, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, + 0x98, 0x85, 0x17, 0xc1, 0x9a, 0xb7, 0xbb, 0x14, 0x50, 0xcf, 0xd7, 0x32, 0xc9, 0xed, 0xf8, 0x70, + 0xe9, 0x76, 0x82, 0x5a, 0x90, 0x51, 0x5b, 0xf8, 0xf1, 0xb1, 0xde, 0x9c, 0x66, 0x95, 0xbd, 0x19, + 0xea, 0x9b, 0x9f, 0xed, 0x40, 0x94, 0x9d, 0x2e, 0xdf, 0xa8, 0x58, 0x47, 0x5b, 0xd0, 0xe0, 0x9c, + 0x34, 0xcd, 0x29, 0xaf, 0xbc, 0x0e, 0x7b, 0x69, 0xed, 0x9b, 0x55, 0x46, 0x5c, 0xc0, 0x07, 0x87, + 0xf1, 0x86, 0x94, 0x13, 0x09, 0xa9, 0x21, 0xba, 0x41, 0x90, 0x6b, 0xb1, 0x7e, 0xd5, 0x82, 0x22, + 0x03, 0x43, 0x4c, 0x4c, 0x79, 0x0f, 0x87, 0x9b, 0x66, 0xef, 0x5c, 0xf0, 0x16, 0xee, 0x93, 0x4e, + 0x4f, 0x82, 0x34, 0xd6, 0xd8, 0x4e, 0x32, 0x2d, 0xd5, 0x5d, 0x65, 0x83, 0x95, 0x58, 0x03, 0x32, + 0x4d, 0x1e, 0x4b, 0x4b, 0x35, 0xbb, 0x0a, 0x8b, 0xcc, 0x7d, 0x7d, 0x67, 0x5b, 0xaa, 0x42, 0x6c, + 0x04, 0x9f, 0xd9, 0xd4, 0x70, 0x03, 0x5c, 0x12, 0x79, 0x0f, 0xff, 0xa5, 0xe2, 0x06, 0x88, 0x92, + 0x5f, 0xb2, 0x50, 0xee, 0x04, 0x6a, 0x13, 0x42, 0x8d, 0xd7, 0x25, 0x9a, 0x89, 0xc2, 0xc8, 0x4c, + 0xe2, 0x77, 0xc3, 0x4e, 0xa6, 0xc0, 0x12, 0xb9, 0x66, 0x98, 0x2b, 0x02, 0xfe, 0x6c, 0xc7, 0x49, + 0xf8, 0xac, 0xdd, 0x70, 0x40, 0x79, 0x10, 0x4d, 0x6f, 0xc6, 0x4d, 0x35, 0x39, 0x3f, 0x58, 0xae, + 0xdc, 0x11, 0x0c, 0xb6, 0x1c, 0xc5, 0xb8, 0x1a, 0xab, 0x02, 0xd7, 0x24, 0xd6, 0x8c, 0x73, 0xe8, + 0x7b, 0x33, 0x77, 0x31, 0x01, 0xd2, 0x99, 0xc8, 0x34, 0xf0, 0x1f, 0x61, 0x10, 0x31, 0x23, 0x79, + 0x1c, 0x8f, 0x00, 0xcb, 0x44, 0x96, 0xfc, 0x78, 0x8f, 0x09, 0x16, 0xd7, 0x81, 0xb5, 0x2d, 0x7a, + 0x10, 0x7d, 0x2f, 0x72, 0xac, 0x3f, 0xb8, 0x64, 0x78, 0xd2, 0xc0, 0x46, 0x0a, 0x0c, 0x24, 0x31, +}; +UINTN TestCertChain2Size = sizeof (TestCertChain2); + +// RSASSA_3072_SHA_384: RSASSA_3072 + SHA_384 +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 TestRootCer3[] = { + 0x30, 0x82, 0x05, 0x19, 0x30, 0x82, 0x03, 0x01, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x06, + 0x04, 0x42, 0xcc, 0xa5, 0xef, 0x54, 0x34, 0x6a, 0x79, 0x60, 0xbe, 0x26, 0xa3, 0x34, 0x3b, 0x80, + 0x5e, 0x18, 0xd4, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0c, + 0x05, 0x00, 0x30, 0x1c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x11, 0x69, + 0x6e, 0x74, 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x41, + 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x31, 0x31, 0x35, 0x35, + 0x5a, 0x17, 0x0d, 0x33, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x36, 0x31, 0x31, 0x35, 0x35, 0x5a, + 0x30, 0x1c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x11, 0x69, 0x6e, 0x74, + 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x41, 0x30, 0x82, + 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, 0x02, 0x01, 0x00, 0xa1, + 0x7c, 0x02, 0x68, 0xf0, 0xb2, 0x36, 0xa3, 0x8c, 0xbf, 0x7b, 0x06, 0x24, 0x5f, 0x7b, 0x66, 0x26, + 0x21, 0x14, 0x06, 0xda, 0xb0, 0x32, 0x37, 0xe6, 0xf8, 0x8e, 0x32, 0x25, 0xad, 0xef, 0x52, 0x88, + 0x15, 0x11, 0xdc, 0xd5, 0xf6, 0xc6, 0x7e, 0x39, 0x04, 0xbe, 0x5e, 0xdf, 0xa0, 0xe7, 0x29, 0x14, + 0x39, 0x5d, 0xfd, 0x54, 0x06, 0xe7, 0x99, 0xc9, 0x96, 0xd9, 0x4b, 0x83, 0x9e, 0xd0, 0x52, 0xe6, + 0x47, 0xa8, 0xc4, 0x87, 0x7e, 0x13, 0x0b, 0x32, 0x7e, 0xd8, 0xf2, 0x8e, 0x12, 0x99, 0x68, 0xf4, + 0x2d, 0xd8, 0x30, 0xf5, 0xb5, 0x5f, 0x0b, 0x31, 0xab, 0xfe, 0xbc, 0x22, 0xd5, 0x92, 0xea, 0xc2, + 0xfc, 0xff, 0x43, 0x8d, 0x6d, 0xa1, 0x8e, 0xab, 0x7b, 0x5c, 0x64, 0xbb, 0x7f, 0x58, 0x57, 0x94, + 0x22, 0x6d, 0x97, 0x02, 0xa5, 0x50, 0x95, 0x45, 0x79, 0x10, 0x7e, 0xce, 0x1c, 0x4b, 0x9b, 0xaf, + 0xaf, 0x26, 0x7b, 0x3d, 0x00, 0x35, 0x82, 0x96, 0x98, 0x26, 0x6a, 0xf7, 0x76, 0x06, 0x48, 0xde, + 0xfc, 0xc5, 0x22, 0x6c, 0x90, 0x6b, 0x7f, 0xb6, 0x34, 0x7b, 0x40, 0xdb, 0xe7, 0xda, 0xb4, 0x74, + 0x1d, 0xd7, 0xaa, 0x99, 0x5a, 0x58, 0xc5, 0x83, 0xe3, 0x16, 0x7b, 0xe3, 0xee, 0x71, 0xe7, 0x2e, + 0xe2, 0x0e, 0xfe, 0x74, 0x3d, 0xf5, 0x27, 0x77, 0x77, 0xe8, 0x3e, 0xf1, 0x0d, 0x0e, 0x66, 0xce, + 0xac, 0xfb, 0xb7, 0x67, 0xf4, 0xb7, 0x81, 0x37, 0xfb, 0x23, 0x36, 0x5a, 0x15, 0xd2, 0x61, 0x19, + 0xeb, 0x0a, 0x9f, 0x34, 0x1f, 0x99, 0xc2, 0x98, 0xa0, 0x2b, 0xc0, 0xc9, 0x94, 0xb4, 0x91, 0x22, + 0x4b, 0x9a, 0x83, 0x27, 0x8f, 0x17, 0xc4, 0xc1, 0x08, 0xb7, 0x98, 0x12, 0x23, 0xd9, 0xd1, 0x69, + 0x27, 0x9f, 0xc1, 0x77, 0x9d, 0x57, 0xb1, 0x0b, 0xfe, 0xc4, 0x34, 0x39, 0xbe, 0x25, 0x3e, 0x56, + 0x12, 0xda, 0x79, 0x07, 0x2b, 0x39, 0x03, 0xc2, 0x13, 0x6c, 0x3e, 0x40, 0x3b, 0x9b, 0x7d, 0xf2, + 0xa2, 0x4d, 0xb2, 0xb3, 0x47, 0xe6, 0xcb, 0x21, 0x92, 0xe9, 0x95, 0x5c, 0x4a, 0x6f, 0xe9, 0x05, + 0x5f, 0x67, 0xdf, 0x30, 0x29, 0xb7, 0xd5, 0x4c, 0x1c, 0xf4, 0x85, 0x3a, 0xfb, 0xd0, 0xca, 0x1e, + 0x9a, 0x0e, 0x7d, 0xcc, 0x27, 0x03, 0x8c, 0x49, 0x45, 0x9f, 0xe9, 0x9a, 0x71, 0x62, 0xa7, 0x91, + 0x04, 0xc7, 0xd5, 0x0e, 0xc7, 0x88, 0x18, 0x66, 0x5a, 0x7a, 0x63, 0xb7, 0x4c, 0x67, 0x21, 0xc7, + 0x29, 0x8c, 0xe5, 0x60, 0x63, 0x95, 0x44, 0xcb, 0xad, 0x8d, 0x9e, 0xa2, 0xd1, 0xa3, 0xcf, 0xcd, + 0x10, 0x95, 0x85, 0x58, 0x66, 0x0d, 0xb9, 0x27, 0xfa, 0x1d, 0x79, 0xc3, 0xda, 0x2c, 0x91, 0xde, + 0x8b, 0x01, 0x07, 0x99, 0x89, 0x78, 0x0a, 0x76, 0xf4, 0x11, 0xc9, 0x30, 0x1a, 0xa6, 0x59, 0xba, + 0x1f, 0x41, 0xb3, 0x66, 0xef, 0xb4, 0xc3, 0x5a, 0x72, 0xe7, 0x32, 0xf9, 0xa4, 0xc3, 0x5b, 0x94, + 0x08, 0xaf, 0x74, 0xc2, 0x55, 0x63, 0xef, 0xad, 0x11, 0x50, 0xca, 0xd1, 0xb8, 0xb6, 0x89, 0x3e, + 0x96, 0xf3, 0x92, 0x58, 0xdd, 0x30, 0x2c, 0x0d, 0xb0, 0x9c, 0xa4, 0x89, 0x9c, 0x5c, 0xa1, 0xbb, + 0xd7, 0x39, 0x1d, 0xa6, 0x05, 0xaf, 0xf2, 0x72, 0xe2, 0xd7, 0xc0, 0x9f, 0xe5, 0xda, 0x9f, 0xd9, + 0x39, 0xbe, 0x8f, 0xa9, 0xeb, 0x4b, 0x28, 0xca, 0x70, 0xd9, 0x1d, 0x8f, 0x4f, 0x29, 0xe0, 0xca, + 0xae, 0x60, 0x87, 0x66, 0x9e, 0x4f, 0x1f, 0x40, 0x26, 0x65, 0x95, 0xeb, 0xab, 0x62, 0x7e, 0x20, + 0xf2, 0x86, 0x7e, 0x54, 0x20, 0x54, 0x1f, 0x9c, 0x4a, 0x37, 0x6f, 0xca, 0x0b, 0x07, 0x96, 0x96, + 0xda, 0xa7, 0x3b, 0xd8, 0x53, 0x1a, 0xeb, 0x54, 0x58, 0x95, 0x09, 0xd9, 0xb7, 0xb0, 0xe1, 0x02, + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, + 0x16, 0x04, 0x14, 0x1e, 0x2f, 0x25, 0x0b, 0x04, 0x05, 0x71, 0x8a, 0xe5, 0x18, 0x1f, 0x34, 0x74, + 0x6e, 0xc4, 0x37, 0x1e, 0x05, 0xbb, 0xb3, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, + 0x30, 0x16, 0x80, 0x14, 0x1e, 0x2f, 0x25, 0x0b, 0x04, 0x05, 0x71, 0x8a, 0xe5, 0x18, 0x1f, 0x34, + 0x74, 0x6e, 0xc4, 0x37, 0x1e, 0x05, 0xbb, 0xb3, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, + 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0c, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x11, 0x38, 0x11, + 0xc7, 0x80, 0x82, 0xcf, 0xfa, 0x5d, 0xc9, 0xd1, 0xf9, 0xd4, 0xad, 0x17, 0x3a, 0x22, 0x6d, 0xec, + 0xed, 0xf9, 0x51, 0x49, 0x4f, 0xa0, 0x2a, 0x7b, 0x74, 0xc7, 0x6f, 0x79, 0xde, 0x84, 0xb2, 0x5b, + 0xe8, 0x59, 0x37, 0x13, 0x77, 0x89, 0x7a, 0x1b, 0xa9, 0x76, 0x70, 0xf7, 0xa6, 0x62, 0xfa, 0x4d, + 0x87, 0xa0, 0x27, 0xc4, 0x88, 0xc8, 0xa6, 0xec, 0x73, 0x57, 0x0a, 0x7d, 0x0a, 0xef, 0xde, 0x79, + 0x09, 0xf5, 0x7d, 0xc4, 0x99, 0x53, 0x84, 0x40, 0xf9, 0x42, 0xe7, 0x11, 0xb2, 0x1c, 0xb5, 0xe2, + 0xa5, 0x21, 0x91, 0x0d, 0x02, 0x96, 0x21, 0xfb, 0x48, 0xf9, 0x91, 0x15, 0x7f, 0x3c, 0x46, 0xb5, + 0x55, 0x54, 0x69, 0x39, 0x5e, 0xdf, 0x51, 0x72, 0x17, 0x67, 0xd0, 0x66, 0xb5, 0x0f, 0xec, 0xbc, + 0x02, 0xee, 0x67, 0xdf, 0x26, 0xe9, 0x51, 0x6a, 0xc8, 0x7d, 0x8a, 0x71, 0x19, 0x3e, 0x0f, 0x0a, + 0x91, 0x25, 0x89, 0xce, 0xe7, 0x90, 0x8f, 0x32, 0x0d, 0xcc, 0x92, 0x07, 0xb2, 0x77, 0x6d, 0x34, + 0xd2, 0xb5, 0x1c, 0x2c, 0x63, 0xbb, 0x6f, 0xf6, 0x2d, 0xce, 0xc3, 0x5f, 0x50, 0x1d, 0xd5, 0x77, + 0x29, 0x43, 0xc5, 0x8e, 0x30, 0x6b, 0x41, 0x04, 0xce, 0x8e, 0xe4, 0x3f, 0x7c, 0xb2, 0xb8, 0x77, + 0x9b, 0xe1, 0xa2, 0x61, 0x5b, 0x81, 0x75, 0x87, 0x60, 0xd9, 0xb8, 0x1e, 0xa3, 0x19, 0x39, 0xc2, + 0x72, 0xb7, 0x03, 0x20, 0x59, 0xc5, 0xde, 0x3d, 0x4c, 0xa0, 0xa3, 0x58, 0x6e, 0x48, 0x4a, 0x93, + 0xe0, 0xe6, 0xd3, 0x3e, 0x83, 0x46, 0x9f, 0xba, 0xf1, 0x80, 0xf6, 0x97, 0x9e, 0xcc, 0xd1, 0xc1, + 0xa3, 0x9a, 0x6d, 0x49, 0x13, 0xd9, 0x32, 0x20, 0xd5, 0x15, 0x43, 0xf6, 0x30, 0x31, 0x27, 0x6c, + 0x67, 0x88, 0x6c, 0x5b, 0xa4, 0x5b, 0x2f, 0x6d, 0xf8, 0x1d, 0xe9, 0x12, 0x8e, 0xc6, 0xf6, 0xa4, + 0x08, 0x57, 0x40, 0xd7, 0x79, 0x94, 0x7f, 0x45, 0x45, 0x37, 0x55, 0x53, 0xf8, 0x22, 0x2e, 0xdb, + 0x79, 0x04, 0x97, 0x55, 0x9b, 0xd1, 0xb4, 0x3d, 0x1a, 0x99, 0xb6, 0xb2, 0xef, 0x90, 0xfe, 0xc4, + 0x30, 0xbe, 0x49, 0x86, 0x9e, 0x44, 0x0b, 0x94, 0x7a, 0x77, 0x92, 0x30, 0x7e, 0x9f, 0xa6, 0xd1, + 0x95, 0x4e, 0x1c, 0x8f, 0x3c, 0xd4, 0x4d, 0x1f, 0x6d, 0x1f, 0x5d, 0x2e, 0x55, 0x19, 0xd9, 0xf9, + 0x05, 0xcd, 0x2d, 0x30, 0x99, 0xae, 0x22, 0xea, 0x31, 0xbd, 0x82, 0xd6, 0x27, 0x19, 0x06, 0x4d, + 0xdc, 0x9a, 0x59, 0x7f, 0x7f, 0x0f, 0x5c, 0x11, 0x3b, 0xf0, 0xe8, 0x02, 0xd7, 0x2e, 0x25, 0x19, + 0xc4, 0xf9, 0xf1, 0xfe, 0x84, 0x72, 0x79, 0x23, 0x9a, 0xb7, 0x5a, 0x72, 0x80, 0x0b, 0x7e, 0xa8, + 0x43, 0x99, 0x4a, 0xd1, 0xc7, 0x34, 0x7d, 0xfa, 0xe2, 0xfa, 0xeb, 0x9c, 0xa7, 0xed, 0xf2, 0x79, + 0x13, 0xa2, 0x2f, 0x9a, 0x64, 0x2a, 0xef, 0x33, 0xbf, 0x5e, 0x66, 0x23, 0x22, 0xd7, 0xb6, 0x34, + 0x43, 0x14, 0x58, 0x29, 0x19, 0xa1, 0x1a, 0xc3, 0x5b, 0x9c, 0xfb, 0x5f, 0xaa, 0x55, 0xc3, 0xa4, + 0xdd, 0x04, 0x0e, 0x31, 0x97, 0x76, 0xc9, 0xfb, 0x8d, 0x53, 0x25, 0x51, 0x71, 0x60, 0x2f, 0xc1, + 0x6d, 0x54, 0x8d, 0x62, 0xde, 0x3c, 0xd0, 0x4f, 0x68, 0x52, 0xe0, 0xe5, 0x30, 0x97, 0x29, 0x5c, + 0x13, 0x3e, 0x4d, 0x32, 0x3c, 0xff, 0xa5, 0xd7, 0xa9, 0x96, 0x35, 0x91, 0x03, 0x73, 0x19, 0xad, + 0x8d, 0x58, 0x4d, 0x49, 0x54, 0x0c, 0xf8, 0x40, 0xb7, 0x7a, 0x49, 0x59, 0x45, 0x1d, 0x07, 0x55, + 0x6d, 0xb4, 0xc4, 0x1d, 0xb2, 0xd5, 0xbc, 0xca, 0x62, 0x73, 0xc5, 0x83, 0x45, 0x7d, 0xb9, 0xce, + 0xa8, 0x8f, 0xc6, 0xd2, 0x31, 0x9a, 0x8b, 0x08, 0x09, 0x77, 0x16, 0xb5, 0xf4, +}; +UINTN TestRootCer3Size = sizeof (TestRootCer3); + +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 TestCertChain3[] = { + 0x30, 0x82, 0x05, 0x19, 0x30, 0x82, 0x03, 0x01, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x06, + 0x04, 0x42, 0xcc, 0xa5, 0xef, 0x54, 0x34, 0x6a, 0x79, 0x60, 0xbe, 0x26, 0xa3, 0x34, 0x3b, 0x80, + 0x5e, 0x18, 0xd4, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0c, + 0x05, 0x00, 0x30, 0x1c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x11, 0x69, + 0x6e, 0x74, 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x41, + 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x31, 0x31, 0x35, 0x35, + 0x5a, 0x17, 0x0d, 0x33, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x36, 0x31, 0x31, 0x35, 0x35, 0x5a, + 0x30, 0x1c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x11, 0x69, 0x6e, 0x74, + 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x41, 0x30, 0x82, + 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, 0x02, 0x01, 0x00, 0xa1, + 0x7c, 0x02, 0x68, 0xf0, 0xb2, 0x36, 0xa3, 0x8c, 0xbf, 0x7b, 0x06, 0x24, 0x5f, 0x7b, 0x66, 0x26, + 0x21, 0x14, 0x06, 0xda, 0xb0, 0x32, 0x37, 0xe6, 0xf8, 0x8e, 0x32, 0x25, 0xad, 0xef, 0x52, 0x88, + 0x15, 0x11, 0xdc, 0xd5, 0xf6, 0xc6, 0x7e, 0x39, 0x04, 0xbe, 0x5e, 0xdf, 0xa0, 0xe7, 0x29, 0x14, + 0x39, 0x5d, 0xfd, 0x54, 0x06, 0xe7, 0x99, 0xc9, 0x96, 0xd9, 0x4b, 0x83, 0x9e, 0xd0, 0x52, 0xe6, + 0x47, 0xa8, 0xc4, 0x87, 0x7e, 0x13, 0x0b, 0x32, 0x7e, 0xd8, 0xf2, 0x8e, 0x12, 0x99, 0x68, 0xf4, + 0x2d, 0xd8, 0x30, 0xf5, 0xb5, 0x5f, 0x0b, 0x31, 0xab, 0xfe, 0xbc, 0x22, 0xd5, 0x92, 0xea, 0xc2, + 0xfc, 0xff, 0x43, 0x8d, 0x6d, 0xa1, 0x8e, 0xab, 0x7b, 0x5c, 0x64, 0xbb, 0x7f, 0x58, 0x57, 0x94, + 0x22, 0x6d, 0x97, 0x02, 0xa5, 0x50, 0x95, 0x45, 0x79, 0x10, 0x7e, 0xce, 0x1c, 0x4b, 0x9b, 0xaf, + 0xaf, 0x26, 0x7b, 0x3d, 0x00, 0x35, 0x82, 0x96, 0x98, 0x26, 0x6a, 0xf7, 0x76, 0x06, 0x48, 0xde, + 0xfc, 0xc5, 0x22, 0x6c, 0x90, 0x6b, 0x7f, 0xb6, 0x34, 0x7b, 0x40, 0xdb, 0xe7, 0xda, 0xb4, 0x74, + 0x1d, 0xd7, 0xaa, 0x99, 0x5a, 0x58, 0xc5, 0x83, 0xe3, 0x16, 0x7b, 0xe3, 0xee, 0x71, 0xe7, 0x2e, + 0xe2, 0x0e, 0xfe, 0x74, 0x3d, 0xf5, 0x27, 0x77, 0x77, 0xe8, 0x3e, 0xf1, 0x0d, 0x0e, 0x66, 0xce, + 0xac, 0xfb, 0xb7, 0x67, 0xf4, 0xb7, 0x81, 0x37, 0xfb, 0x23, 0x36, 0x5a, 0x15, 0xd2, 0x61, 0x19, + 0xeb, 0x0a, 0x9f, 0x34, 0x1f, 0x99, 0xc2, 0x98, 0xa0, 0x2b, 0xc0, 0xc9, 0x94, 0xb4, 0x91, 0x22, + 0x4b, 0x9a, 0x83, 0x27, 0x8f, 0x17, 0xc4, 0xc1, 0x08, 0xb7, 0x98, 0x12, 0x23, 0xd9, 0xd1, 0x69, + 0x27, 0x9f, 0xc1, 0x77, 0x9d, 0x57, 0xb1, 0x0b, 0xfe, 0xc4, 0x34, 0x39, 0xbe, 0x25, 0x3e, 0x56, + 0x12, 0xda, 0x79, 0x07, 0x2b, 0x39, 0x03, 0xc2, 0x13, 0x6c, 0x3e, 0x40, 0x3b, 0x9b, 0x7d, 0xf2, + 0xa2, 0x4d, 0xb2, 0xb3, 0x47, 0xe6, 0xcb, 0x21, 0x92, 0xe9, 0x95, 0x5c, 0x4a, 0x6f, 0xe9, 0x05, + 0x5f, 0x67, 0xdf, 0x30, 0x29, 0xb7, 0xd5, 0x4c, 0x1c, 0xf4, 0x85, 0x3a, 0xfb, 0xd0, 0xca, 0x1e, + 0x9a, 0x0e, 0x7d, 0xcc, 0x27, 0x03, 0x8c, 0x49, 0x45, 0x9f, 0xe9, 0x9a, 0x71, 0x62, 0xa7, 0x91, + 0x04, 0xc7, 0xd5, 0x0e, 0xc7, 0x88, 0x18, 0x66, 0x5a, 0x7a, 0x63, 0xb7, 0x4c, 0x67, 0x21, 0xc7, + 0x29, 0x8c, 0xe5, 0x60, 0x63, 0x95, 0x44, 0xcb, 0xad, 0x8d, 0x9e, 0xa2, 0xd1, 0xa3, 0xcf, 0xcd, + 0x10, 0x95, 0x85, 0x58, 0x66, 0x0d, 0xb9, 0x27, 0xfa, 0x1d, 0x79, 0xc3, 0xda, 0x2c, 0x91, 0xde, + 0x8b, 0x01, 0x07, 0x99, 0x89, 0x78, 0x0a, 0x76, 0xf4, 0x11, 0xc9, 0x30, 0x1a, 0xa6, 0x59, 0xba, + 0x1f, 0x41, 0xb3, 0x66, 0xef, 0xb4, 0xc3, 0x5a, 0x72, 0xe7, 0x32, 0xf9, 0xa4, 0xc3, 0x5b, 0x94, + 0x08, 0xaf, 0x74, 0xc2, 0x55, 0x63, 0xef, 0xad, 0x11, 0x50, 0xca, 0xd1, 0xb8, 0xb6, 0x89, 0x3e, + 0x96, 0xf3, 0x92, 0x58, 0xdd, 0x30, 0x2c, 0x0d, 0xb0, 0x9c, 0xa4, 0x89, 0x9c, 0x5c, 0xa1, 0xbb, + 0xd7, 0x39, 0x1d, 0xa6, 0x05, 0xaf, 0xf2, 0x72, 0xe2, 0xd7, 0xc0, 0x9f, 0xe5, 0xda, 0x9f, 0xd9, + 0x39, 0xbe, 0x8f, 0xa9, 0xeb, 0x4b, 0x28, 0xca, 0x70, 0xd9, 0x1d, 0x8f, 0x4f, 0x29, 0xe0, 0xca, + 0xae, 0x60, 0x87, 0x66, 0x9e, 0x4f, 0x1f, 0x40, 0x26, 0x65, 0x95, 0xeb, 0xab, 0x62, 0x7e, 0x20, + 0xf2, 0x86, 0x7e, 0x54, 0x20, 0x54, 0x1f, 0x9c, 0x4a, 0x37, 0x6f, 0xca, 0x0b, 0x07, 0x96, 0x96, + 0xda, 0xa7, 0x3b, 0xd8, 0x53, 0x1a, 0xeb, 0x54, 0x58, 0x95, 0x09, 0xd9, 0xb7, 0xb0, 0xe1, 0x02, + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, + 0x16, 0x04, 0x14, 0x1e, 0x2f, 0x25, 0x0b, 0x04, 0x05, 0x71, 0x8a, 0xe5, 0x18, 0x1f, 0x34, 0x74, + 0x6e, 0xc4, 0x37, 0x1e, 0x05, 0xbb, 0xb3, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, + 0x30, 0x16, 0x80, 0x14, 0x1e, 0x2f, 0x25, 0x0b, 0x04, 0x05, 0x71, 0x8a, 0xe5, 0x18, 0x1f, 0x34, + 0x74, 0x6e, 0xc4, 0x37, 0x1e, 0x05, 0xbb, 0xb3, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, + 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0c, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x11, 0x38, 0x11, + 0xc7, 0x80, 0x82, 0xcf, 0xfa, 0x5d, 0xc9, 0xd1, 0xf9, 0xd4, 0xad, 0x17, 0x3a, 0x22, 0x6d, 0xec, + 0xed, 0xf9, 0x51, 0x49, 0x4f, 0xa0, 0x2a, 0x7b, 0x74, 0xc7, 0x6f, 0x79, 0xde, 0x84, 0xb2, 0x5b, + 0xe8, 0x59, 0x37, 0x13, 0x77, 0x89, 0x7a, 0x1b, 0xa9, 0x76, 0x70, 0xf7, 0xa6, 0x62, 0xfa, 0x4d, + 0x87, 0xa0, 0x27, 0xc4, 0x88, 0xc8, 0xa6, 0xec, 0x73, 0x57, 0x0a, 0x7d, 0x0a, 0xef, 0xde, 0x79, + 0x09, 0xf5, 0x7d, 0xc4, 0x99, 0x53, 0x84, 0x40, 0xf9, 0x42, 0xe7, 0x11, 0xb2, 0x1c, 0xb5, 0xe2, + 0xa5, 0x21, 0x91, 0x0d, 0x02, 0x96, 0x21, 0xfb, 0x48, 0xf9, 0x91, 0x15, 0x7f, 0x3c, 0x46, 0xb5, + 0x55, 0x54, 0x69, 0x39, 0x5e, 0xdf, 0x51, 0x72, 0x17, 0x67, 0xd0, 0x66, 0xb5, 0x0f, 0xec, 0xbc, + 0x02, 0xee, 0x67, 0xdf, 0x26, 0xe9, 0x51, 0x6a, 0xc8, 0x7d, 0x8a, 0x71, 0x19, 0x3e, 0x0f, 0x0a, + 0x91, 0x25, 0x89, 0xce, 0xe7, 0x90, 0x8f, 0x32, 0x0d, 0xcc, 0x92, 0x07, 0xb2, 0x77, 0x6d, 0x34, + 0xd2, 0xb5, 0x1c, 0x2c, 0x63, 0xbb, 0x6f, 0xf6, 0x2d, 0xce, 0xc3, 0x5f, 0x50, 0x1d, 0xd5, 0x77, + 0x29, 0x43, 0xc5, 0x8e, 0x30, 0x6b, 0x41, 0x04, 0xce, 0x8e, 0xe4, 0x3f, 0x7c, 0xb2, 0xb8, 0x77, + 0x9b, 0xe1, 0xa2, 0x61, 0x5b, 0x81, 0x75, 0x87, 0x60, 0xd9, 0xb8, 0x1e, 0xa3, 0x19, 0x39, 0xc2, + 0x72, 0xb7, 0x03, 0x20, 0x59, 0xc5, 0xde, 0x3d, 0x4c, 0xa0, 0xa3, 0x58, 0x6e, 0x48, 0x4a, 0x93, + 0xe0, 0xe6, 0xd3, 0x3e, 0x83, 0x46, 0x9f, 0xba, 0xf1, 0x80, 0xf6, 0x97, 0x9e, 0xcc, 0xd1, 0xc1, + 0xa3, 0x9a, 0x6d, 0x49, 0x13, 0xd9, 0x32, 0x20, 0xd5, 0x15, 0x43, 0xf6, 0x30, 0x31, 0x27, 0x6c, + 0x67, 0x88, 0x6c, 0x5b, 0xa4, 0x5b, 0x2f, 0x6d, 0xf8, 0x1d, 0xe9, 0x12, 0x8e, 0xc6, 0xf6, 0xa4, + 0x08, 0x57, 0x40, 0xd7, 0x79, 0x94, 0x7f, 0x45, 0x45, 0x37, 0x55, 0x53, 0xf8, 0x22, 0x2e, 0xdb, + 0x79, 0x04, 0x97, 0x55, 0x9b, 0xd1, 0xb4, 0x3d, 0x1a, 0x99, 0xb6, 0xb2, 0xef, 0x90, 0xfe, 0xc4, + 0x30, 0xbe, 0x49, 0x86, 0x9e, 0x44, 0x0b, 0x94, 0x7a, 0x77, 0x92, 0x30, 0x7e, 0x9f, 0xa6, 0xd1, + 0x95, 0x4e, 0x1c, 0x8f, 0x3c, 0xd4, 0x4d, 0x1f, 0x6d, 0x1f, 0x5d, 0x2e, 0x55, 0x19, 0xd9, 0xf9, + 0x05, 0xcd, 0x2d, 0x30, 0x99, 0xae, 0x22, 0xea, 0x31, 0xbd, 0x82, 0xd6, 0x27, 0x19, 0x06, 0x4d, + 0xdc, 0x9a, 0x59, 0x7f, 0x7f, 0x0f, 0x5c, 0x11, 0x3b, 0xf0, 0xe8, 0x02, 0xd7, 0x2e, 0x25, 0x19, + 0xc4, 0xf9, 0xf1, 0xfe, 0x84, 0x72, 0x79, 0x23, 0x9a, 0xb7, 0x5a, 0x72, 0x80, 0x0b, 0x7e, 0xa8, + 0x43, 0x99, 0x4a, 0xd1, 0xc7, 0x34, 0x7d, 0xfa, 0xe2, 0xfa, 0xeb, 0x9c, 0xa7, 0xed, 0xf2, 0x79, + 0x13, 0xa2, 0x2f, 0x9a, 0x64, 0x2a, 0xef, 0x33, 0xbf, 0x5e, 0x66, 0x23, 0x22, 0xd7, 0xb6, 0x34, + 0x43, 0x14, 0x58, 0x29, 0x19, 0xa1, 0x1a, 0xc3, 0x5b, 0x9c, 0xfb, 0x5f, 0xaa, 0x55, 0xc3, 0xa4, + 0xdd, 0x04, 0x0e, 0x31, 0x97, 0x76, 0xc9, 0xfb, 0x8d, 0x53, 0x25, 0x51, 0x71, 0x60, 0x2f, 0xc1, + 0x6d, 0x54, 0x8d, 0x62, 0xde, 0x3c, 0xd0, 0x4f, 0x68, 0x52, 0xe0, 0xe5, 0x30, 0x97, 0x29, 0x5c, + 0x13, 0x3e, 0x4d, 0x32, 0x3c, 0xff, 0xa5, 0xd7, 0xa9, 0x96, 0x35, 0x91, 0x03, 0x73, 0x19, 0xad, + 0x8d, 0x58, 0x4d, 0x49, 0x54, 0x0c, 0xf8, 0x40, 0xb7, 0x7a, 0x49, 0x59, 0x45, 0x1d, 0x07, 0x55, + 0x6d, 0xb4, 0xc4, 0x1d, 0xb2, 0xd5, 0xbc, 0xca, 0x62, 0x73, 0xc5, 0x83, 0x45, 0x7d, 0xb9, 0xce, + 0xa8, 0x8f, 0xc6, 0xd2, 0x31, 0x9a, 0x8b, 0x08, 0x09, 0x77, 0x16, 0xb5, 0xf4, 0x30, 0x82, 0x04, + 0xa0, 0x30, 0x82, 0x02, 0x88, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0c, 0x05, 0x00, 0x30, 0x1c, 0x31, 0x1a, + 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x11, 0x69, 0x6e, 0x74, 0x65, 0x6c, 0x20, 0x74, + 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, + 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x31, 0x31, 0x35, 0x36, 0x5a, 0x17, 0x0d, 0x33, 0x32, 0x30, + 0x31, 0x30, 0x33, 0x30, 0x36, 0x31, 0x31, 0x35, 0x36, 0x5a, 0x30, 0x2b, 0x31, 0x29, 0x30, 0x27, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, + 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, + 0x74, 0x65, 0x20, 0x63, 0x65, 0x72, 0x74, 0x30, 0x82, 0x01, 0xa2, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x8f, 0x00, 0x30, + 0x82, 0x01, 0x8a, 0x02, 0x82, 0x01, 0x81, 0x00, 0xaa, 0x11, 0x12, 0x84, 0x91, 0x21, 0xb7, 0xaf, + 0x8d, 0x85, 0x1b, 0xbb, 0x03, 0x26, 0x08, 0x4c, 0xf5, 0xe1, 0x20, 0x0a, 0xca, 0x1c, 0x50, 0xe3, + 0xdb, 0xae, 0x06, 0x6e, 0x64, 0x75, 0xab, 0xbc, 0x02, 0xd0, 0x06, 0xb9, 0xb3, 0x16, 0x60, 0x4a, + 0x9e, 0x49, 0x75, 0x03, 0x77, 0xe7, 0xf0, 0xab, 0xc0, 0xb0, 0x70, 0x2f, 0x6b, 0xc3, 0x24, 0x07, + 0xa4, 0xbc, 0xa2, 0xc0, 0x42, 0x63, 0xa0, 0xc0, 0x22, 0x87, 0x9b, 0x80, 0xe0, 0x50, 0xae, 0x05, + 0xd0, 0xe8, 0xd4, 0x54, 0x8e, 0x77, 0xae, 0xec, 0x5d, 0xe9, 0x95, 0x33, 0xd8, 0xe5, 0x98, 0x87, + 0x06, 0xa5, 0x5f, 0x0d, 0xb0, 0x3b, 0xa3, 0xe0, 0xb0, 0xd8, 0x09, 0x1b, 0xc6, 0x71, 0xc5, 0x81, + 0x09, 0x74, 0xfd, 0x3f, 0x23, 0xbc, 0x01, 0xf1, 0x3b, 0x4c, 0x17, 0xe5, 0xf9, 0x86, 0x8d, 0x30, + 0x66, 0x75, 0xd7, 0x39, 0x1c, 0x34, 0xac, 0x97, 0x91, 0x44, 0x48, 0xf8, 0x09, 0x89, 0x28, 0x8d, + 0x70, 0x3c, 0x87, 0x5d, 0x44, 0x95, 0xf1, 0xce, 0x74, 0xe7, 0xa7, 0xea, 0x46, 0x6e, 0x85, 0xe3, + 0x83, 0xb6, 0x7d, 0x9d, 0x5f, 0x50, 0x1d, 0xc1, 0xd6, 0x25, 0x9c, 0x0c, 0x8e, 0x2e, 0x05, 0x4a, + 0x0a, 0x35, 0x9c, 0xa9, 0xe5, 0xac, 0x95, 0x70, 0x9f, 0x0a, 0xbb, 0x49, 0x41, 0x5e, 0x6e, 0xb9, + 0x39, 0xd1, 0xae, 0x88, 0xbb, 0x4e, 0x1c, 0x70, 0xd0, 0xf3, 0xee, 0xfc, 0xca, 0xe3, 0xb4, 0x26, + 0x28, 0xcf, 0x35, 0x29, 0x76, 0x07, 0x8c, 0x08, 0x9b, 0x96, 0xa9, 0x5c, 0xe3, 0xf8, 0x4f, 0x8b, + 0xac, 0xe0, 0xb0, 0xc3, 0x13, 0xca, 0xa0, 0x0e, 0x56, 0x14, 0x45, 0x23, 0x41, 0x58, 0xc1, 0xc4, + 0x45, 0xa8, 0x27, 0x74, 0x2b, 0x94, 0x8b, 0x38, 0x69, 0x91, 0x40, 0xad, 0xcd, 0x7f, 0x69, 0x52, + 0xc5, 0x89, 0xbe, 0x45, 0xae, 0x4c, 0x61, 0xb7, 0x59, 0x30, 0x4f, 0x2e, 0x26, 0xa1, 0x41, 0x79, + 0x79, 0x06, 0xaa, 0xcd, 0x71, 0x80, 0x66, 0xc2, 0x1c, 0x1e, 0x2b, 0x4b, 0x34, 0x53, 0x81, 0xfb, + 0xba, 0x89, 0xb3, 0xcb, 0x44, 0x63, 0xf5, 0x65, 0x3a, 0x2e, 0xa4, 0x98, 0xae, 0x37, 0x41, 0xd4, + 0x09, 0xbc, 0x00, 0x4f, 0xdb, 0x1f, 0x1f, 0x0f, 0x5a, 0x35, 0x6d, 0x4d, 0x66, 0xc2, 0xdb, 0x7e, + 0x9e, 0x7b, 0xae, 0xe7, 0xba, 0xf9, 0xc0, 0x0d, 0x69, 0xaa, 0x85, 0xcc, 0xfa, 0x58, 0x0f, 0xc4, + 0x1e, 0x87, 0xd6, 0x5c, 0xb8, 0x1f, 0x47, 0xa7, 0x65, 0x1f, 0xa7, 0x7f, 0x7a, 0xde, 0x08, 0x33, + 0xa2, 0xfd, 0x49, 0xc4, 0xd7, 0x9a, 0x09, 0x43, 0x62, 0xdb, 0xd3, 0xff, 0x2f, 0xcb, 0xae, 0x71, + 0x44, 0xd1, 0xd9, 0xc8, 0x9d, 0x2b, 0xf5, 0x9b, 0xea, 0xda, 0xd4, 0x19, 0xf3, 0xbb, 0xa9, 0xb6, + 0x02, 0xf4, 0x58, 0x33, 0x96, 0x81, 0x25, 0x33, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x5e, 0x30, + 0x5c, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, + 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0xfe, 0x30, 0x1d, 0x06, 0x03, + 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x1c, 0xd2, 0xb4, 0xb3, 0xef, 0x13, 0x36, 0xaf, 0xed, + 0xa4, 0x9a, 0xec, 0x37, 0xd7, 0xca, 0x03, 0x61, 0x49, 0x16, 0x72, 0x30, 0x20, 0x06, 0x03, 0x55, + 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, + 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0c, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, + 0x00, 0x8f, 0x76, 0x7c, 0x41, 0xa3, 0xa8, 0x72, 0x69, 0xfc, 0x8a, 0x33, 0x43, 0xd7, 0xf7, 0x8c, + 0xc1, 0xaf, 0x1b, 0x06, 0x30, 0x48, 0x53, 0x61, 0x0e, 0x35, 0x02, 0x5b, 0x09, 0xb2, 0x15, 0x86, + 0x48, 0xf6, 0xf6, 0x5c, 0x15, 0x34, 0x43, 0x32, 0x0a, 0x90, 0x45, 0xa5, 0x06, 0xf4, 0x42, 0xa6, + 0xc0, 0x30, 0x8b, 0x35, 0xe8, 0x72, 0x25, 0x76, 0x58, 0xf7, 0x6b, 0xea, 0x70, 0x26, 0x76, 0xf4, + 0x9b, 0xfe, 0xf8, 0x0c, 0x86, 0x1f, 0x87, 0x1d, 0x4e, 0x74, 0x77, 0xc2, 0x5a, 0x96, 0x0f, 0x7f, + 0x69, 0x17, 0x45, 0xe6, 0x54, 0x6e, 0xbe, 0x37, 0xd3, 0x1a, 0xd4, 0x26, 0xcd, 0x24, 0x1f, 0x73, + 0x4a, 0xb9, 0xdb, 0x69, 0x1e, 0xe4, 0xca, 0x7e, 0xfa, 0x70, 0xcf, 0x0a, 0x7e, 0x8e, 0x71, 0x5e, + 0xf0, 0xcc, 0xd5, 0xcc, 0x12, 0x8d, 0x24, 0x46, 0x07, 0xb2, 0xc8, 0xff, 0x8e, 0x5e, 0x58, 0xa3, + 0x4c, 0x4e, 0x08, 0x84, 0x12, 0x5a, 0x10, 0x31, 0x9e, 0xb7, 0xea, 0xae, 0x27, 0xda, 0x63, 0x28, + 0x83, 0x2a, 0xad, 0x46, 0xf0, 0x32, 0xeb, 0xb2, 0xf0, 0x0c, 0xb0, 0x6b, 0x89, 0x55, 0xc6, 0x24, + 0x59, 0xfd, 0x4d, 0x20, 0x55, 0x0b, 0x7f, 0x87, 0x44, 0x7f, 0x64, 0xb8, 0xc3, 0x2a, 0x92, 0xd9, + 0xbc, 0xa8, 0xb8, 0x96, 0xbd, 0x54, 0xbc, 0xe0, 0x67, 0x7d, 0xce, 0x25, 0x6e, 0x2b, 0x99, 0xde, + 0xd6, 0x6f, 0x97, 0xe6, 0x9e, 0x73, 0x1e, 0x28, 0x7b, 0x22, 0x70, 0xd4, 0xa3, 0x08, 0x6e, 0x53, + 0xfe, 0x6a, 0x6c, 0x9b, 0x77, 0x8d, 0x2a, 0x88, 0x71, 0x18, 0xcf, 0x71, 0x3f, 0x90, 0x46, 0x1e, + 0x81, 0x33, 0x48, 0x70, 0xf6, 0x16, 0xbb, 0x01, 0x0b, 0x53, 0xa0, 0x14, 0x46, 0xd8, 0x66, 0x9a, + 0xfb, 0xb6, 0xbc, 0x00, 0x9a, 0x2d, 0x47, 0x2a, 0x09, 0x50, 0xe2, 0x6f, 0x06, 0x8b, 0x6e, 0xd8, + 0xd9, 0x44, 0x5b, 0xdb, 0x47, 0xf9, 0xa4, 0xdc, 0xe1, 0xc9, 0x91, 0x43, 0x05, 0x89, 0x23, 0x5d, + 0x44, 0xbf, 0x52, 0xd9, 0x79, 0x92, 0xf1, 0xde, 0xaf, 0xaf, 0xa1, 0x53, 0x5e, 0x1a, 0x38, 0xb5, + 0x9f, 0x7b, 0x91, 0xd9, 0x69, 0x06, 0xb4, 0x7d, 0x42, 0xac, 0x13, 0x42, 0x23, 0xac, 0x96, 0x4e, + 0x1a, 0x70, 0x72, 0xa7, 0x7d, 0x16, 0xbc, 0xaa, 0x84, 0xb0, 0x0e, 0x21, 0x47, 0x19, 0x43, 0x01, + 0x4e, 0x61, 0x13, 0xf8, 0x30, 0x43, 0xd5, 0xaa, 0x9b, 0x7c, 0x3b, 0x2f, 0x4a, 0x8d, 0x15, 0x6b, + 0x28, 0xe7, 0xf0, 0x1b, 0xf4, 0x82, 0xf8, 0x3b, 0x29, 0xad, 0x23, 0x45, 0xdb, 0x2a, 0x52, 0xcc, + 0xb9, 0x99, 0xd1, 0x60, 0x2f, 0x91, 0x2f, 0x36, 0xe7, 0x59, 0xc2, 0x09, 0xbc, 0xf1, 0x6e, 0x5b, + 0xb1, 0x5b, 0x99, 0x5a, 0x60, 0x47, 0x30, 0x3a, 0x4c, 0xb4, 0x8e, 0x84, 0x44, 0xda, 0x5c, 0x87, + 0xeb, 0x5b, 0x59, 0x3f, 0x64, 0xfc, 0xc6, 0xb9, 0x0e, 0x6c, 0x19, 0x4a, 0xa9, 0xb7, 0xc3, 0x4b, + 0xb8, 0x52, 0xf6, 0xae, 0xbf, 0x01, 0xa2, 0x51, 0x17, 0x75, 0xc6, 0x20, 0xcf, 0xb2, 0x02, 0xf2, + 0xf8, 0x13, 0x4c, 0x72, 0x72, 0x3c, 0xa5, 0x62, 0x3a, 0xd0, 0x19, 0x81, 0x85, 0xa7, 0x00, 0x1a, + 0xbc, 0xaf, 0xe6, 0xd4, 0x29, 0x55, 0x37, 0x4e, 0xa4, 0x73, 0xfe, 0xc7, 0xe6, 0x6d, 0x93, 0xd8, + 0x7f, 0x73, 0x07, 0x90, 0xb0, 0x78, 0x6f, 0x33, 0x3d, 0xeb, 0xf4, 0x51, 0xfa, 0x97, 0xe2, 0xbe, + 0xf7, 0x09, 0xf0, 0xc0, 0xba, 0x52, 0xc3, 0x21, 0x05, 0x70, 0x0a, 0x01, 0x47, 0x41, 0xdb, 0xc0, + 0x1a, 0x97, 0x64, 0x28, 0x44, 0x81, 0xc2, 0x70, 0xf5, 0xf1, 0x35, 0x99, 0xb3, 0x52, 0xd5, 0x52, + 0xa0, 0xf5, 0x0d, 0xe5, 0x85, 0x76, 0x6a, 0xcf, 0x74, 0x29, 0x90, 0x4e, 0xc2, 0xba, 0x18, 0xfb, + 0xb2, 0x30, 0x82, 0x04, 0x6b, 0x30, 0x82, 0x02, 0xd3, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, + 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0c, 0x05, 0x00, + 0x30, 0x2b, 0x31, 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x20, 0x69, 0x6e, 0x74, + 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x63, 0x65, 0x72, 0x74, 0x30, 0x1e, 0x17, + 0x0d, 0x32, 0x32, 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x31, 0x31, 0x35, 0x36, 0x5a, 0x17, 0x0d, + 0x33, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x36, 0x31, 0x31, 0x35, 0x36, 0x5a, 0x30, 0x28, 0x31, + 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1d, 0x69, 0x6e, 0x74, 0x65, 0x6c, 0x20, + 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, + 0x65, 0x72, 0x20, 0x63, 0x65, 0x72, 0x74, 0x30, 0x82, 0x01, 0xa2, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x8f, 0x00, 0x30, + 0x82, 0x01, 0x8a, 0x02, 0x82, 0x01, 0x81, 0x00, 0xa5, 0xbb, 0xeb, 0xc7, 0xa2, 0xc4, 0xd1, 0x70, + 0x12, 0x55, 0xa8, 0x01, 0x2a, 0x7b, 0x8f, 0x9e, 0x4e, 0xf5, 0x66, 0xd2, 0xe0, 0xbb, 0xb5, 0xbf, + 0x72, 0x59, 0x87, 0xfe, 0xea, 0x59, 0xee, 0xf3, 0xef, 0x7f, 0x55, 0x8b, 0xd9, 0xb5, 0x02, 0xb8, + 0xae, 0x17, 0xb6, 0x2f, 0x0d, 0x38, 0x91, 0x4a, 0xd2, 0x71, 0x66, 0x3c, 0x1b, 0xaf, 0x2a, 0xed, + 0x9c, 0x16, 0x49, 0xf9, 0xf1, 0xf5, 0x7b, 0xa5, 0x57, 0xa4, 0x3e, 0x35, 0x14, 0x5c, 0x99, 0x1a, + 0x05, 0x74, 0x7f, 0x0f, 0xca, 0x63, 0xad, 0x84, 0x4f, 0x37, 0x96, 0xf9, 0x28, 0x15, 0x7b, 0x0e, + 0x13, 0x7d, 0x97, 0xf7, 0x7f, 0xb7, 0xd6, 0x7e, 0x5e, 0x27, 0xa5, 0x6c, 0x0e, 0xef, 0x4b, 0xd8, + 0xd8, 0x35, 0x9d, 0xcc, 0x86, 0xb0, 0x0e, 0x02, 0xca, 0x1c, 0x64, 0x6f, 0x82, 0xd5, 0x6f, 0xb5, + 0x8f, 0x6b, 0xd6, 0x57, 0xeb, 0x9e, 0xe6, 0xb2, 0x1d, 0x1c, 0x0d, 0xe1, 0xd6, 0xb1, 0xfc, 0x3b, + 0x84, 0x9f, 0x7b, 0xd8, 0xd6, 0x20, 0x21, 0x2f, 0x86, 0xae, 0x0e, 0xa0, 0x58, 0x37, 0x8e, 0x5b, + 0x5d, 0xee, 0xf6, 0x3c, 0xd6, 0xbd, 0xc3, 0xe2, 0x62, 0xd1, 0xe5, 0x0d, 0xcc, 0x57, 0xfd, 0xac, + 0xa4, 0x71, 0x55, 0xf4, 0x52, 0x73, 0x11, 0xc4, 0x4f, 0x90, 0x72, 0x58, 0x12, 0xeb, 0x2b, 0x01, + 0x69, 0xf2, 0x10, 0x7a, 0xc9, 0xe8, 0x73, 0x32, 0x9a, 0x9a, 0x86, 0x79, 0x6c, 0x07, 0xea, 0x1a, + 0xa9, 0x83, 0x46, 0x94, 0x4b, 0xee, 0x53, 0x04, 0xe4, 0xa6, 0x2f, 0x51, 0xa8, 0xb3, 0x47, 0xac, + 0x24, 0xb5, 0x65, 0x05, 0x37, 0xaf, 0xcd, 0x10, 0x37, 0x6b, 0x03, 0xed, 0xf8, 0x65, 0xc8, 0x2e, + 0x9f, 0x2e, 0x85, 0xf2, 0x34, 0xb5, 0xbf, 0x3d, 0x43, 0x9e, 0xcc, 0xee, 0xf7, 0x70, 0x12, 0xe7, + 0x3e, 0x8d, 0xcc, 0x3c, 0x6b, 0x37, 0x95, 0xe0, 0x02, 0x88, 0x27, 0x85, 0x8a, 0xdd, 0x12, 0x71, + 0x0e, 0x6c, 0x98, 0x58, 0xda, 0x08, 0x6d, 0xee, 0x04, 0x02, 0x98, 0x62, 0xfd, 0xf1, 0x33, 0x78, + 0x2d, 0x8f, 0x08, 0xd7, 0x29, 0xa9, 0x8d, 0xd4, 0x11, 0xb7, 0x24, 0xb3, 0xf4, 0x78, 0xb0, 0x8b, + 0x4e, 0xbd, 0x5b, 0x04, 0x93, 0x1b, 0x76, 0x2a, 0xb6, 0xcd, 0x65, 0x1a, 0xe0, 0x54, 0x73, 0x0a, + 0xae, 0x0f, 0xfa, 0xf6, 0x91, 0x38, 0xfa, 0x25, 0xff, 0x2b, 0xd2, 0xda, 0x97, 0x36, 0x64, 0x32, + 0x9f, 0x6c, 0x25, 0x66, 0x9c, 0xe6, 0x8c, 0xc4, 0x6d, 0xf9, 0x9d, 0xbe, 0x26, 0x7c, 0xcf, 0xac, + 0x4c, 0xfd, 0x86, 0xe4, 0x78, 0x79, 0x1f, 0x17, 0x73, 0x25, 0x5f, 0x2b, 0x9e, 0x3b, 0xfc, 0xf6, + 0x16, 0x4a, 0x07, 0x32, 0x6f, 0xe2, 0x54, 0x9c, 0xbc, 0x34, 0x30, 0xd5, 0x21, 0x8b, 0xb0, 0x06, + 0x4a, 0xe5, 0xfd, 0xc5, 0xe6, 0xcc, 0xc6, 0xeb, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0x9c, + 0x30, 0x81, 0x99, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, + 0x00, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x05, 0xe0, 0x30, 0x1d, + 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xe5, 0xe9, 0x3d, 0x40, 0x24, 0xd3, 0xd8, + 0xd8, 0xc1, 0xe5, 0x51, 0xda, 0x45, 0xa2, 0x9b, 0x7c, 0x1e, 0x05, 0xaa, 0x93, 0x30, 0x31, 0x06, + 0x03, 0x55, 0x1d, 0x11, 0x04, 0x2a, 0x30, 0x28, 0xa0, 0x26, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, + 0x01, 0x83, 0x1c, 0x82, 0x12, 0x01, 0xa0, 0x18, 0x0c, 0x16, 0x41, 0x43, 0x4d, 0x45, 0x3a, 0x57, + 0x49, 0x44, 0x47, 0x45, 0x54, 0x3a, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, + 0x30, 0x2a, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x20, 0x30, 0x1e, 0x06, 0x08, + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x03, 0x02, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0c, 0x05, 0x00, 0x03, 0x82, 0x01, 0x81, 0x00, + 0x09, 0xad, 0x6c, 0xa9, 0x4b, 0xb8, 0xb1, 0xde, 0xf5, 0x17, 0x90, 0x8f, 0xcb, 0x00, 0xd2, 0x3a, + 0x38, 0xf6, 0x4b, 0x60, 0x91, 0x65, 0x1f, 0x96, 0xd1, 0x1f, 0x4a, 0xbb, 0x7a, 0x1d, 0x0a, 0x01, + 0x1d, 0xd3, 0xa5, 0x29, 0x46, 0x38, 0xc0, 0x3d, 0x39, 0x98, 0x79, 0x92, 0x4f, 0x76, 0x94, 0x7e, + 0x18, 0x73, 0xa4, 0xe0, 0xd5, 0x24, 0xe3, 0x81, 0x3b, 0xfd, 0x6d, 0xf5, 0xfd, 0x97, 0x15, 0x86, + 0x01, 0xa7, 0x6b, 0x08, 0xca, 0xdb, 0x3f, 0x7a, 0x12, 0x25, 0x1d, 0x36, 0x44, 0x7e, 0xf0, 0x74, + 0xdc, 0x30, 0x0f, 0x9f, 0x0d, 0x52, 0xd1, 0xb3, 0x75, 0x52, 0xc2, 0x94, 0x2e, 0x0c, 0x4e, 0x16, + 0x03, 0xfc, 0xb1, 0x7d, 0x98, 0x0c, 0xed, 0x82, 0xb1, 0xae, 0xaa, 0x6c, 0xcb, 0x46, 0x47, 0xb9, + 0xa6, 0x36, 0x8d, 0x17, 0x66, 0x01, 0x67, 0xaf, 0xd5, 0x7f, 0x23, 0x55, 0x01, 0x01, 0x42, 0x0f, + 0xac, 0x6a, 0x9c, 0xaa, 0xac, 0x59, 0x15, 0x68, 0x3d, 0x3d, 0x54, 0xa3, 0xf4, 0x95, 0x6b, 0xda, + 0xb0, 0x44, 0x1a, 0xfb, 0xc1, 0x29, 0x80, 0x8d, 0x52, 0x86, 0x46, 0x8f, 0xa0, 0xff, 0x57, 0x93, + 0xb4, 0xf1, 0x59, 0xe8, 0x0d, 0xb2, 0x3c, 0x51, 0x36, 0x7b, 0x10, 0xda, 0x04, 0x2d, 0x2f, 0x37, + 0xc9, 0x0b, 0x1e, 0x21, 0xc1, 0xd2, 0x96, 0x77, 0xab, 0xd2, 0x2c, 0x8f, 0xf8, 0x55, 0x0a, 0xef, + 0x95, 0xec, 0x90, 0x6e, 0x65, 0x88, 0x8c, 0x61, 0x50, 0x05, 0x13, 0x8d, 0xbb, 0xa0, 0x08, 0xa7, + 0x5e, 0x4f, 0x3b, 0x93, 0x60, 0x9b, 0x74, 0x95, 0x83, 0x2f, 0x78, 0x92, 0xe3, 0x53, 0xad, 0x84, + 0x7c, 0x57, 0xe0, 0x6f, 0xa7, 0x0e, 0xce, 0x3e, 0xa5, 0x27, 0x64, 0x3d, 0x72, 0x98, 0x00, 0xd0, + 0x70, 0x06, 0xd3, 0x17, 0x6b, 0xc2, 0x5e, 0x26, 0xf1, 0x1c, 0x48, 0xfe, 0x56, 0x5a, 0x95, 0xf9, + 0x27, 0xe3, 0xd0, 0x62, 0xcf, 0xf0, 0x54, 0xfe, 0x5d, 0x93, 0xed, 0x95, 0x2f, 0x14, 0xc0, 0x23, + 0x01, 0x94, 0x53, 0x90, 0x5e, 0x2d, 0x3c, 0xb5, 0xf1, 0x1c, 0x57, 0xe8, 0xf0, 0xa3, 0x55, 0xd7, + 0x04, 0xd6, 0x93, 0xc0, 0xd7, 0x61, 0x11, 0xf0, 0xa1, 0x5a, 0x26, 0x88, 0x8e, 0xd7, 0x51, 0xeb, + 0x19, 0x5e, 0x09, 0xd3, 0xf8, 0x0f, 0xad, 0x8a, 0x5a, 0x2b, 0xad, 0xb3, 0x13, 0x33, 0x97, 0x47, + 0x84, 0x53, 0x38, 0x21, 0xad, 0x99, 0x4f, 0x5f, 0x8a, 0x52, 0xe0, 0xdd, 0xca, 0x8d, 0x67, 0x30, + 0x16, 0xd2, 0xc1, 0xf8, 0x09, 0xe6, 0x81, 0x36, 0xc6, 0x30, 0x68, 0xcb, 0xa2, 0x9b, 0xab, 0xb0, + 0x4e, 0x12, 0xb3, 0x1e, 0x2f, 0x04, 0x73, 0xfe, 0x67, 0xdb, 0xff, 0x3b, 0x6f, 0xf6, 0xcc, 0xd2, + 0x38, 0x5a, 0x50, 0x89, 0x8c, 0xa2, 0x3c, 0x12, 0x28, 0x04, 0x7b, 0x14, 0xe7, 0x0c, 0x68, 0xc4, +}; +UINTN TestCertChain3Size = sizeof (TestCertChain3); + +// RSASSA_4096_SHA_512: RSASSA_4096 + SHA_512 +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 TestRootCer4[] = { + 0x30, 0x82, 0x05, 0x19, 0x30, 0x82, 0x03, 0x01, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x19, + 0xd0, 0xd1, 0xf1, 0x31, 0x49, 0xe2, 0x56, 0x20, 0xca, 0x49, 0xa0, 0x7a, 0x7c, 0xd3, 0x7d, 0x27, + 0x44, 0x13, 0x91, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d, + 0x05, 0x00, 0x30, 0x1c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x11, 0x69, + 0x6e, 0x74, 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x41, + 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x31, 0x32, 0x32, 0x37, + 0x5a, 0x17, 0x0d, 0x33, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x36, 0x31, 0x32, 0x32, 0x37, 0x5a, + 0x30, 0x1c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x11, 0x69, 0x6e, 0x74, + 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x41, 0x30, 0x82, + 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, 0x02, 0x01, 0x00, 0xd1, + 0x33, 0xfb, 0x01, 0x96, 0x85, 0x2b, 0x38, 0x19, 0xe3, 0x5c, 0x58, 0x53, 0xd8, 0xee, 0x85, 0x14, + 0x90, 0xe3, 0x6b, 0xa6, 0x3b, 0x63, 0x0f, 0x77, 0xd3, 0x92, 0x34, 0x44, 0x23, 0x85, 0xaf, 0x55, + 0xe0, 0x37, 0xc1, 0x61, 0x62, 0xf2, 0x26, 0x94, 0xce, 0x85, 0x5b, 0xbd, 0xea, 0x5b, 0xd1, 0xc8, + 0x8c, 0xdc, 0x53, 0x19, 0xf8, 0xb8, 0xeb, 0xec, 0x2d, 0xa5, 0x43, 0x44, 0xbc, 0x1f, 0x60, 0x28, + 0x95, 0x30, 0xf7, 0xd8, 0x6d, 0x1f, 0xc1, 0x2c, 0xa6, 0x88, 0x2c, 0x65, 0xd5, 0x04, 0x7b, 0xa3, + 0x93, 0x82, 0x7e, 0xb0, 0x19, 0x69, 0xa0, 0x4f, 0x5d, 0x28, 0x8a, 0xbd, 0x10, 0x04, 0x0f, 0xc3, + 0xa0, 0xa9, 0x28, 0x59, 0xd5, 0x6d, 0xae, 0x61, 0xac, 0xc3, 0x8f, 0xd0, 0x49, 0xfb, 0x01, 0xdf, + 0xce, 0x56, 0x88, 0xc8, 0xdd, 0x8d, 0x08, 0xab, 0x47, 0x28, 0x35, 0x90, 0x49, 0x78, 0x4f, 0xa5, + 0x92, 0xca, 0x67, 0xe2, 0x2d, 0x23, 0xcb, 0xc2, 0x8c, 0x36, 0x0a, 0xd5, 0xec, 0x6e, 0xfd, 0x5b, + 0x4e, 0xfc, 0xe8, 0x81, 0x01, 0x79, 0xc0, 0xde, 0xc8, 0xb1, 0xcd, 0xb9, 0x7a, 0x9e, 0xa4, 0x12, + 0xb2, 0xec, 0x42, 0x45, 0xb3, 0xcb, 0xe5, 0x6f, 0xa9, 0x43, 0x63, 0xcd, 0x53, 0xe5, 0xf8, 0x73, + 0x4a, 0xf6, 0x6e, 0xf8, 0xa4, 0x66, 0xe1, 0xe8, 0x76, 0x43, 0xf9, 0xf7, 0x1c, 0xc7, 0x5c, 0x58, + 0x3a, 0x9b, 0x6c, 0x94, 0xd0, 0xdd, 0x5f, 0x7d, 0xd7, 0xf3, 0x5d, 0x2d, 0x47, 0xbb, 0x97, 0x70, + 0xf8, 0x93, 0x31, 0x03, 0x21, 0x88, 0xec, 0xc1, 0x60, 0x80, 0x39, 0x03, 0x2d, 0xaf, 0x22, 0x9a, + 0x6c, 0x30, 0xd1, 0x78, 0xde, 0xb2, 0x2e, 0xc5, 0xa0, 0xe2, 0x7a, 0xb1, 0xdd, 0xea, 0x71, 0xe5, + 0x3c, 0xc3, 0xae, 0xf5, 0x37, 0xcf, 0xcb, 0x48, 0x6f, 0x48, 0xca, 0x26, 0xa0, 0xf6, 0x6a, 0xe2, + 0x3e, 0xa1, 0x63, 0xf7, 0x93, 0xc0, 0xb7, 0x44, 0x9f, 0x71, 0x51, 0xbe, 0x1d, 0x53, 0x97, 0x9b, + 0x13, 0xed, 0x70, 0x01, 0x5d, 0x70, 0x3c, 0x8a, 0x03, 0x21, 0xe4, 0x62, 0xb4, 0xe2, 0xe4, 0x9c, + 0x0b, 0x09, 0x28, 0x48, 0xf8, 0x1f, 0xfa, 0x8a, 0x61, 0xd0, 0xd3, 0x25, 0x89, 0x6f, 0xe4, 0x74, + 0xea, 0x99, 0x76, 0xdc, 0xea, 0x9e, 0x8a, 0xa2, 0xe5, 0xab, 0x45, 0x87, 0xab, 0x57, 0xca, 0x08, + 0x81, 0x10, 0xdc, 0xd7, 0x84, 0xe9, 0xc7, 0xf4, 0x57, 0xa0, 0xfa, 0x55, 0xd1, 0x0e, 0x1a, 0xab, + 0x87, 0x63, 0x4f, 0x8c, 0x5a, 0x2b, 0x32, 0x26, 0xd9, 0xd9, 0x23, 0xca, 0x9a, 0x2e, 0x3e, 0x93, + 0xc8, 0xed, 0x7f, 0x24, 0x36, 0x04, 0x9a, 0x79, 0x0a, 0xb9, 0xc7, 0x4a, 0x2d, 0xfb, 0x98, 0xbb, + 0x64, 0xb9, 0x89, 0x65, 0xa3, 0xbd, 0x4e, 0x77, 0xc9, 0x00, 0xb5, 0xa1, 0x8e, 0x62, 0xeb, 0x2b, + 0xc2, 0xf8, 0xc3, 0x50, 0x10, 0x3d, 0xb3, 0xfa, 0x33, 0xae, 0xcf, 0x2f, 0xe0, 0x16, 0x2f, 0x47, + 0x70, 0xa6, 0xc9, 0x55, 0x24, 0xa1, 0x0c, 0xd5, 0x59, 0xc5, 0x3c, 0x4a, 0x6a, 0xc3, 0xcd, 0xb9, + 0xa6, 0xe9, 0x38, 0xde, 0x52, 0x77, 0x17, 0x6c, 0x3a, 0x8b, 0xe3, 0x61, 0x63, 0x71, 0x67, 0x09, + 0x66, 0x24, 0xba, 0x16, 0xdb, 0x6f, 0x4f, 0xb1, 0x70, 0xf6, 0xde, 0xf9, 0xaf, 0x85, 0x3c, 0xc5, + 0x3a, 0x7e, 0x0d, 0x7b, 0x92, 0xbc, 0xc8, 0x3d, 0xc4, 0xc4, 0xf4, 0x00, 0xeb, 0x7e, 0x5e, 0x60, + 0x0d, 0x89, 0x97, 0xf6, 0x26, 0x2a, 0xc3, 0x72, 0x43, 0xd9, 0x42, 0x5a, 0x08, 0xb4, 0x7d, 0x80, + 0xce, 0x32, 0x98, 0xef, 0x56, 0x96, 0x66, 0x92, 0x57, 0x3f, 0xf3, 0x5f, 0x2d, 0xba, 0x14, 0x48, + 0x6a, 0x51, 0xbf, 0xb6, 0x9d, 0xff, 0x00, 0x2d, 0xb4, 0xa2, 0x25, 0xaa, 0x97, 0xdd, 0xdb, 0x02, + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, + 0x16, 0x04, 0x14, 0xb1, 0x9e, 0x95, 0x91, 0x27, 0x11, 0x3a, 0x43, 0xf8, 0x52, 0x4d, 0xb0, 0xea, + 0xc9, 0x58, 0xed, 0x7e, 0x74, 0x1c, 0x51, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, + 0x30, 0x16, 0x80, 0x14, 0xb1, 0x9e, 0x95, 0x91, 0x27, 0x11, 0x3a, 0x43, 0xf8, 0x52, 0x4d, 0xb0, + 0xea, 0xc9, 0x58, 0xed, 0x7e, 0x74, 0x1c, 0x51, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, + 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x4c, 0xe5, 0xc9, + 0xbd, 0x86, 0x62, 0x70, 0x2d, 0x84, 0x4a, 0x7b, 0xeb, 0x6b, 0x87, 0xb9, 0x7e, 0xa0, 0x4d, 0xa5, + 0xf8, 0x31, 0xdd, 0x06, 0x1d, 0xfd, 0x83, 0x7e, 0x71, 0x68, 0x9f, 0xcb, 0x55, 0x58, 0x58, 0x66, + 0x77, 0x5c, 0x6c, 0x3f, 0xd5, 0x44, 0x68, 0xdd, 0x90, 0x8d, 0xbc, 0xb9, 0x98, 0x18, 0x19, 0xd9, + 0x12, 0xc6, 0x37, 0x63, 0xae, 0x80, 0xda, 0x80, 0x56, 0xe1, 0xe2, 0x36, 0xe3, 0xb6, 0x47, 0x6c, + 0x75, 0x7c, 0x7a, 0x54, 0x59, 0x42, 0x98, 0xc2, 0xc3, 0xeb, 0xd8, 0x29, 0x71, 0xc6, 0x57, 0x00, + 0xe5, 0x28, 0x19, 0x37, 0xf4, 0xa4, 0x1a, 0x23, 0x1f, 0x00, 0x50, 0xf2, 0x2b, 0x98, 0xcb, 0xc5, + 0x73, 0xf5, 0x63, 0x02, 0x91, 0x12, 0x3a, 0xc2, 0x82, 0x09, 0x80, 0x4a, 0xd3, 0x84, 0x48, 0xbf, + 0xc3, 0x91, 0x24, 0x37, 0xba, 0x7e, 0xc4, 0xf5, 0x44, 0x71, 0x85, 0x4f, 0x75, 0x33, 0xe9, 0xd0, + 0xa8, 0x26, 0xd7, 0xc0, 0xe2, 0xc8, 0x87, 0x16, 0x1c, 0x29, 0xb8, 0x61, 0x75, 0x84, 0x78, 0xb2, + 0xa9, 0xd4, 0xeb, 0xb1, 0x28, 0xcb, 0xd0, 0x5c, 0x17, 0x05, 0x89, 0x8a, 0xb3, 0xf4, 0xc8, 0x74, + 0x39, 0xe9, 0x3b, 0x08, 0xb9, 0xed, 0x3f, 0x65, 0xb6, 0x97, 0x7c, 0x77, 0xcb, 0x8d, 0x60, 0xae, + 0xd3, 0xf6, 0x92, 0x0a, 0xe3, 0x19, 0x0e, 0x8d, 0x52, 0x6e, 0x8a, 0x99, 0x01, 0xa6, 0x35, 0x4e, + 0x60, 0x77, 0xe6, 0xdc, 0xfd, 0x39, 0x45, 0xd5, 0xec, 0x64, 0xc1, 0x6d, 0x96, 0x84, 0xda, 0xab, + 0x19, 0x32, 0xbb, 0x7d, 0x88, 0x92, 0x40, 0x67, 0x04, 0xfc, 0x55, 0xf6, 0x5e, 0xef, 0x00, 0x58, + 0xc2, 0x0c, 0x44, 0x97, 0x3b, 0x18, 0x8b, 0xb8, 0x08, 0xe0, 0x87, 0x7f, 0x34, 0x12, 0x57, 0x7c, + 0x7c, 0xcf, 0xad, 0xd7, 0x46, 0xe5, 0x5e, 0x2f, 0x76, 0x24, 0x27, 0xef, 0xd9, 0x1a, 0x7f, 0x6c, + 0x8b, 0xaa, 0x24, 0xcd, 0xab, 0xec, 0x52, 0xad, 0xec, 0x29, 0x59, 0xa5, 0xc9, 0x05, 0x8f, 0x70, + 0x29, 0x79, 0x51, 0xe8, 0xdb, 0xeb, 0x86, 0x77, 0xf6, 0xa6, 0x79, 0x71, 0xf0, 0xae, 0x07, 0x7d, + 0xf6, 0x0e, 0xf3, 0x70, 0x48, 0x57, 0x00, 0x1e, 0xb0, 0x41, 0x34, 0xab, 0xe5, 0x3e, 0xbf, 0xa0, + 0xbe, 0xbe, 0x69, 0xfe, 0x44, 0xb5, 0x12, 0x99, 0x14, 0xb5, 0xef, 0x10, 0xad, 0x98, 0x9d, 0xb6, + 0x2d, 0x3c, 0xed, 0x2b, 0x24, 0xc3, 0x70, 0x0b, 0x6d, 0x9a, 0x71, 0x0c, 0xbf, 0x92, 0x47, 0xb4, + 0x9f, 0x55, 0xcc, 0x06, 0xa2, 0xf4, 0x80, 0x78, 0xf0, 0x35, 0xc1, 0xcc, 0x3e, 0x93, 0x40, 0x96, + 0x9d, 0x33, 0x95, 0xa6, 0x1d, 0x1f, 0xbb, 0x06, 0x40, 0xfb, 0x66, 0xf5, 0x01, 0xf1, 0x89, 0x75, + 0x88, 0x68, 0xe8, 0x6b, 0x97, 0x96, 0x58, 0xba, 0x86, 0x25, 0xf4, 0xbc, 0x33, 0x34, 0x7d, 0xb0, + 0x22, 0xb9, 0xfb, 0xf1, 0xc5, 0x29, 0x9e, 0x0a, 0xbb, 0x2b, 0x39, 0xab, 0xe8, 0xe4, 0x1a, 0x4c, + 0xbb, 0xe1, 0xe1, 0x7c, 0xa1, 0xe2, 0x23, 0x82, 0x6c, 0x03, 0xa5, 0xc8, 0xf2, 0x83, 0xd9, 0x8d, + 0x44, 0x8d, 0xa6, 0xcc, 0xc3, 0xb3, 0x75, 0x65, 0x3d, 0xe4, 0x4c, 0x7d, 0xf2, 0xbd, 0xe8, 0xb1, + 0x4c, 0xde, 0x3d, 0x12, 0x03, 0x92, 0xd7, 0xae, 0x1b, 0xcd, 0xde, 0x50, 0x3b, 0xc6, 0x79, 0x89, + 0x96, 0x4f, 0xb6, 0xe9, 0xfd, 0x0d, 0x08, 0x17, 0x54, 0x92, 0x44, 0x43, 0xf8, 0x51, 0x3f, 0xb0, + 0x5c, 0xe0, 0x4a, 0x07, 0x36, 0x28, 0xd5, 0x99, 0xc1, 0x88, 0x4d, 0x2b, 0xe0, 0x60, 0x44, 0x6f, + 0x7a, 0x0b, 0xd1, 0x34, 0x17, 0x0a, 0x60, 0xd2, 0x0e, 0xd6, 0x5e, 0x53, 0xf3, 0x23, 0x4b, 0xca, + 0x09, 0x97, 0x5d, 0xf0, 0x53, 0x82, 0xa8, 0xb6, 0x54, 0xb8, 0x1a, 0xff, 0x63, +}; +UINTN TestRootCer4Size = sizeof (TestRootCer4); + +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 TestCertChain4[] = { + 0x30, 0x82, 0x05, 0x19, 0x30, 0x82, 0x03, 0x01, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x19, + 0xd0, 0xd1, 0xf1, 0x31, 0x49, 0xe2, 0x56, 0x20, 0xca, 0x49, 0xa0, 0x7a, 0x7c, 0xd3, 0x7d, 0x27, + 0x44, 0x13, 0x91, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d, + 0x05, 0x00, 0x30, 0x1c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x11, 0x69, + 0x6e, 0x74, 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x41, + 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x31, 0x32, 0x32, 0x37, + 0x5a, 0x17, 0x0d, 0x33, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x36, 0x31, 0x32, 0x32, 0x37, 0x5a, + 0x30, 0x1c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x11, 0x69, 0x6e, 0x74, + 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x41, 0x30, 0x82, + 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, 0x02, 0x01, 0x00, 0xd1, + 0x33, 0xfb, 0x01, 0x96, 0x85, 0x2b, 0x38, 0x19, 0xe3, 0x5c, 0x58, 0x53, 0xd8, 0xee, 0x85, 0x14, + 0x90, 0xe3, 0x6b, 0xa6, 0x3b, 0x63, 0x0f, 0x77, 0xd3, 0x92, 0x34, 0x44, 0x23, 0x85, 0xaf, 0x55, + 0xe0, 0x37, 0xc1, 0x61, 0x62, 0xf2, 0x26, 0x94, 0xce, 0x85, 0x5b, 0xbd, 0xea, 0x5b, 0xd1, 0xc8, + 0x8c, 0xdc, 0x53, 0x19, 0xf8, 0xb8, 0xeb, 0xec, 0x2d, 0xa5, 0x43, 0x44, 0xbc, 0x1f, 0x60, 0x28, + 0x95, 0x30, 0xf7, 0xd8, 0x6d, 0x1f, 0xc1, 0x2c, 0xa6, 0x88, 0x2c, 0x65, 0xd5, 0x04, 0x7b, 0xa3, + 0x93, 0x82, 0x7e, 0xb0, 0x19, 0x69, 0xa0, 0x4f, 0x5d, 0x28, 0x8a, 0xbd, 0x10, 0x04, 0x0f, 0xc3, + 0xa0, 0xa9, 0x28, 0x59, 0xd5, 0x6d, 0xae, 0x61, 0xac, 0xc3, 0x8f, 0xd0, 0x49, 0xfb, 0x01, 0xdf, + 0xce, 0x56, 0x88, 0xc8, 0xdd, 0x8d, 0x08, 0xab, 0x47, 0x28, 0x35, 0x90, 0x49, 0x78, 0x4f, 0xa5, + 0x92, 0xca, 0x67, 0xe2, 0x2d, 0x23, 0xcb, 0xc2, 0x8c, 0x36, 0x0a, 0xd5, 0xec, 0x6e, 0xfd, 0x5b, + 0x4e, 0xfc, 0xe8, 0x81, 0x01, 0x79, 0xc0, 0xde, 0xc8, 0xb1, 0xcd, 0xb9, 0x7a, 0x9e, 0xa4, 0x12, + 0xb2, 0xec, 0x42, 0x45, 0xb3, 0xcb, 0xe5, 0x6f, 0xa9, 0x43, 0x63, 0xcd, 0x53, 0xe5, 0xf8, 0x73, + 0x4a, 0xf6, 0x6e, 0xf8, 0xa4, 0x66, 0xe1, 0xe8, 0x76, 0x43, 0xf9, 0xf7, 0x1c, 0xc7, 0x5c, 0x58, + 0x3a, 0x9b, 0x6c, 0x94, 0xd0, 0xdd, 0x5f, 0x7d, 0xd7, 0xf3, 0x5d, 0x2d, 0x47, 0xbb, 0x97, 0x70, + 0xf8, 0x93, 0x31, 0x03, 0x21, 0x88, 0xec, 0xc1, 0x60, 0x80, 0x39, 0x03, 0x2d, 0xaf, 0x22, 0x9a, + 0x6c, 0x30, 0xd1, 0x78, 0xde, 0xb2, 0x2e, 0xc5, 0xa0, 0xe2, 0x7a, 0xb1, 0xdd, 0xea, 0x71, 0xe5, + 0x3c, 0xc3, 0xae, 0xf5, 0x37, 0xcf, 0xcb, 0x48, 0x6f, 0x48, 0xca, 0x26, 0xa0, 0xf6, 0x6a, 0xe2, + 0x3e, 0xa1, 0x63, 0xf7, 0x93, 0xc0, 0xb7, 0x44, 0x9f, 0x71, 0x51, 0xbe, 0x1d, 0x53, 0x97, 0x9b, + 0x13, 0xed, 0x70, 0x01, 0x5d, 0x70, 0x3c, 0x8a, 0x03, 0x21, 0xe4, 0x62, 0xb4, 0xe2, 0xe4, 0x9c, + 0x0b, 0x09, 0x28, 0x48, 0xf8, 0x1f, 0xfa, 0x8a, 0x61, 0xd0, 0xd3, 0x25, 0x89, 0x6f, 0xe4, 0x74, + 0xea, 0x99, 0x76, 0xdc, 0xea, 0x9e, 0x8a, 0xa2, 0xe5, 0xab, 0x45, 0x87, 0xab, 0x57, 0xca, 0x08, + 0x81, 0x10, 0xdc, 0xd7, 0x84, 0xe9, 0xc7, 0xf4, 0x57, 0xa0, 0xfa, 0x55, 0xd1, 0x0e, 0x1a, 0xab, + 0x87, 0x63, 0x4f, 0x8c, 0x5a, 0x2b, 0x32, 0x26, 0xd9, 0xd9, 0x23, 0xca, 0x9a, 0x2e, 0x3e, 0x93, + 0xc8, 0xed, 0x7f, 0x24, 0x36, 0x04, 0x9a, 0x79, 0x0a, 0xb9, 0xc7, 0x4a, 0x2d, 0xfb, 0x98, 0xbb, + 0x64, 0xb9, 0x89, 0x65, 0xa3, 0xbd, 0x4e, 0x77, 0xc9, 0x00, 0xb5, 0xa1, 0x8e, 0x62, 0xeb, 0x2b, + 0xc2, 0xf8, 0xc3, 0x50, 0x10, 0x3d, 0xb3, 0xfa, 0x33, 0xae, 0xcf, 0x2f, 0xe0, 0x16, 0x2f, 0x47, + 0x70, 0xa6, 0xc9, 0x55, 0x24, 0xa1, 0x0c, 0xd5, 0x59, 0xc5, 0x3c, 0x4a, 0x6a, 0xc3, 0xcd, 0xb9, + 0xa6, 0xe9, 0x38, 0xde, 0x52, 0x77, 0x17, 0x6c, 0x3a, 0x8b, 0xe3, 0x61, 0x63, 0x71, 0x67, 0x09, + 0x66, 0x24, 0xba, 0x16, 0xdb, 0x6f, 0x4f, 0xb1, 0x70, 0xf6, 0xde, 0xf9, 0xaf, 0x85, 0x3c, 0xc5, + 0x3a, 0x7e, 0x0d, 0x7b, 0x92, 0xbc, 0xc8, 0x3d, 0xc4, 0xc4, 0xf4, 0x00, 0xeb, 0x7e, 0x5e, 0x60, + 0x0d, 0x89, 0x97, 0xf6, 0x26, 0x2a, 0xc3, 0x72, 0x43, 0xd9, 0x42, 0x5a, 0x08, 0xb4, 0x7d, 0x80, + 0xce, 0x32, 0x98, 0xef, 0x56, 0x96, 0x66, 0x92, 0x57, 0x3f, 0xf3, 0x5f, 0x2d, 0xba, 0x14, 0x48, + 0x6a, 0x51, 0xbf, 0xb6, 0x9d, 0xff, 0x00, 0x2d, 0xb4, 0xa2, 0x25, 0xaa, 0x97, 0xdd, 0xdb, 0x02, + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, + 0x16, 0x04, 0x14, 0xb1, 0x9e, 0x95, 0x91, 0x27, 0x11, 0x3a, 0x43, 0xf8, 0x52, 0x4d, 0xb0, 0xea, + 0xc9, 0x58, 0xed, 0x7e, 0x74, 0x1c, 0x51, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, + 0x30, 0x16, 0x80, 0x14, 0xb1, 0x9e, 0x95, 0x91, 0x27, 0x11, 0x3a, 0x43, 0xf8, 0x52, 0x4d, 0xb0, + 0xea, 0xc9, 0x58, 0xed, 0x7e, 0x74, 0x1c, 0x51, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, + 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x4c, 0xe5, 0xc9, + 0xbd, 0x86, 0x62, 0x70, 0x2d, 0x84, 0x4a, 0x7b, 0xeb, 0x6b, 0x87, 0xb9, 0x7e, 0xa0, 0x4d, 0xa5, + 0xf8, 0x31, 0xdd, 0x06, 0x1d, 0xfd, 0x83, 0x7e, 0x71, 0x68, 0x9f, 0xcb, 0x55, 0x58, 0x58, 0x66, + 0x77, 0x5c, 0x6c, 0x3f, 0xd5, 0x44, 0x68, 0xdd, 0x90, 0x8d, 0xbc, 0xb9, 0x98, 0x18, 0x19, 0xd9, + 0x12, 0xc6, 0x37, 0x63, 0xae, 0x80, 0xda, 0x80, 0x56, 0xe1, 0xe2, 0x36, 0xe3, 0xb6, 0x47, 0x6c, + 0x75, 0x7c, 0x7a, 0x54, 0x59, 0x42, 0x98, 0xc2, 0xc3, 0xeb, 0xd8, 0x29, 0x71, 0xc6, 0x57, 0x00, + 0xe5, 0x28, 0x19, 0x37, 0xf4, 0xa4, 0x1a, 0x23, 0x1f, 0x00, 0x50, 0xf2, 0x2b, 0x98, 0xcb, 0xc5, + 0x73, 0xf5, 0x63, 0x02, 0x91, 0x12, 0x3a, 0xc2, 0x82, 0x09, 0x80, 0x4a, 0xd3, 0x84, 0x48, 0xbf, + 0xc3, 0x91, 0x24, 0x37, 0xba, 0x7e, 0xc4, 0xf5, 0x44, 0x71, 0x85, 0x4f, 0x75, 0x33, 0xe9, 0xd0, + 0xa8, 0x26, 0xd7, 0xc0, 0xe2, 0xc8, 0x87, 0x16, 0x1c, 0x29, 0xb8, 0x61, 0x75, 0x84, 0x78, 0xb2, + 0xa9, 0xd4, 0xeb, 0xb1, 0x28, 0xcb, 0xd0, 0x5c, 0x17, 0x05, 0x89, 0x8a, 0xb3, 0xf4, 0xc8, 0x74, + 0x39, 0xe9, 0x3b, 0x08, 0xb9, 0xed, 0x3f, 0x65, 0xb6, 0x97, 0x7c, 0x77, 0xcb, 0x8d, 0x60, 0xae, + 0xd3, 0xf6, 0x92, 0x0a, 0xe3, 0x19, 0x0e, 0x8d, 0x52, 0x6e, 0x8a, 0x99, 0x01, 0xa6, 0x35, 0x4e, + 0x60, 0x77, 0xe6, 0xdc, 0xfd, 0x39, 0x45, 0xd5, 0xec, 0x64, 0xc1, 0x6d, 0x96, 0x84, 0xda, 0xab, + 0x19, 0x32, 0xbb, 0x7d, 0x88, 0x92, 0x40, 0x67, 0x04, 0xfc, 0x55, 0xf6, 0x5e, 0xef, 0x00, 0x58, + 0xc2, 0x0c, 0x44, 0x97, 0x3b, 0x18, 0x8b, 0xb8, 0x08, 0xe0, 0x87, 0x7f, 0x34, 0x12, 0x57, 0x7c, + 0x7c, 0xcf, 0xad, 0xd7, 0x46, 0xe5, 0x5e, 0x2f, 0x76, 0x24, 0x27, 0xef, 0xd9, 0x1a, 0x7f, 0x6c, + 0x8b, 0xaa, 0x24, 0xcd, 0xab, 0xec, 0x52, 0xad, 0xec, 0x29, 0x59, 0xa5, 0xc9, 0x05, 0x8f, 0x70, + 0x29, 0x79, 0x51, 0xe8, 0xdb, 0xeb, 0x86, 0x77, 0xf6, 0xa6, 0x79, 0x71, 0xf0, 0xae, 0x07, 0x7d, + 0xf6, 0x0e, 0xf3, 0x70, 0x48, 0x57, 0x00, 0x1e, 0xb0, 0x41, 0x34, 0xab, 0xe5, 0x3e, 0xbf, 0xa0, + 0xbe, 0xbe, 0x69, 0xfe, 0x44, 0xb5, 0x12, 0x99, 0x14, 0xb5, 0xef, 0x10, 0xad, 0x98, 0x9d, 0xb6, + 0x2d, 0x3c, 0xed, 0x2b, 0x24, 0xc3, 0x70, 0x0b, 0x6d, 0x9a, 0x71, 0x0c, 0xbf, 0x92, 0x47, 0xb4, + 0x9f, 0x55, 0xcc, 0x06, 0xa2, 0xf4, 0x80, 0x78, 0xf0, 0x35, 0xc1, 0xcc, 0x3e, 0x93, 0x40, 0x96, + 0x9d, 0x33, 0x95, 0xa6, 0x1d, 0x1f, 0xbb, 0x06, 0x40, 0xfb, 0x66, 0xf5, 0x01, 0xf1, 0x89, 0x75, + 0x88, 0x68, 0xe8, 0x6b, 0x97, 0x96, 0x58, 0xba, 0x86, 0x25, 0xf4, 0xbc, 0x33, 0x34, 0x7d, 0xb0, + 0x22, 0xb9, 0xfb, 0xf1, 0xc5, 0x29, 0x9e, 0x0a, 0xbb, 0x2b, 0x39, 0xab, 0xe8, 0xe4, 0x1a, 0x4c, + 0xbb, 0xe1, 0xe1, 0x7c, 0xa1, 0xe2, 0x23, 0x82, 0x6c, 0x03, 0xa5, 0xc8, 0xf2, 0x83, 0xd9, 0x8d, + 0x44, 0x8d, 0xa6, 0xcc, 0xc3, 0xb3, 0x75, 0x65, 0x3d, 0xe4, 0x4c, 0x7d, 0xf2, 0xbd, 0xe8, 0xb1, + 0x4c, 0xde, 0x3d, 0x12, 0x03, 0x92, 0xd7, 0xae, 0x1b, 0xcd, 0xde, 0x50, 0x3b, 0xc6, 0x79, 0x89, + 0x96, 0x4f, 0xb6, 0xe9, 0xfd, 0x0d, 0x08, 0x17, 0x54, 0x92, 0x44, 0x43, 0xf8, 0x51, 0x3f, 0xb0, + 0x5c, 0xe0, 0x4a, 0x07, 0x36, 0x28, 0xd5, 0x99, 0xc1, 0x88, 0x4d, 0x2b, 0xe0, 0x60, 0x44, 0x6f, + 0x7a, 0x0b, 0xd1, 0x34, 0x17, 0x0a, 0x60, 0xd2, 0x0e, 0xd6, 0x5e, 0x53, 0xf3, 0x23, 0x4b, 0xca, + 0x09, 0x97, 0x5d, 0xf0, 0x53, 0x82, 0xa8, 0xb6, 0x54, 0xb8, 0x1a, 0xff, 0x63, 0x30, 0x82, 0x04, + 0xa0, 0x30, 0x82, 0x02, 0x88, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d, 0x05, 0x00, 0x30, 0x1c, 0x31, 0x1a, + 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x11, 0x69, 0x6e, 0x74, 0x65, 0x6c, 0x20, 0x74, + 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, + 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x31, 0x32, 0x32, 0x38, 0x5a, 0x17, 0x0d, 0x33, 0x32, 0x30, + 0x31, 0x30, 0x33, 0x30, 0x36, 0x31, 0x32, 0x32, 0x38, 0x5a, 0x30, 0x2b, 0x31, 0x29, 0x30, 0x27, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, + 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, + 0x74, 0x65, 0x20, 0x63, 0x65, 0x72, 0x74, 0x30, 0x82, 0x01, 0xa2, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x8f, 0x00, 0x30, + 0x82, 0x01, 0x8a, 0x02, 0x82, 0x01, 0x81, 0x00, 0x9c, 0xbf, 0x18, 0x4b, 0x7c, 0xbb, 0x52, 0xaf, + 0xf6, 0x31, 0xb9, 0xfd, 0x7d, 0x63, 0x80, 0x69, 0x78, 0xb0, 0xbd, 0x45, 0x7b, 0x62, 0xc5, 0x22, + 0x68, 0x71, 0xe8, 0x66, 0x6e, 0xd3, 0x90, 0x41, 0x21, 0x1e, 0x28, 0xda, 0x3e, 0xf2, 0x61, 0x49, + 0x06, 0xb3, 0x4e, 0x1a, 0x0a, 0x20, 0x15, 0xb0, 0x62, 0xbd, 0xbb, 0x7a, 0x9a, 0x68, 0x37, 0x20, + 0x54, 0x9f, 0xcf, 0xd1, 0x09, 0x04, 0xf1, 0x9b, 0x2e, 0x84, 0x64, 0xbf, 0x4b, 0x65, 0xef, 0xa3, + 0x6b, 0x3a, 0x2a, 0x02, 0x23, 0xcb, 0xf1, 0x13, 0x8b, 0x0d, 0x0e, 0xb7, 0x98, 0x12, 0x9a, 0x95, + 0xa5, 0x38, 0xcf, 0x5d, 0x8e, 0xed, 0x9d, 0xff, 0x7d, 0x19, 0xb6, 0x44, 0x2b, 0x8e, 0xeb, 0x14, + 0xc6, 0xf1, 0x8b, 0x6a, 0xef, 0x4e, 0xc7, 0x39, 0xd3, 0xc2, 0x43, 0xc4, 0xb9, 0x35, 0x30, 0x40, + 0xb6, 0x3b, 0x6e, 0xfa, 0x26, 0x49, 0x18, 0xbf, 0xf3, 0x2a, 0x66, 0x16, 0x49, 0x25, 0x3b, 0xc1, + 0x3d, 0xab, 0x66, 0xbb, 0x92, 0x4c, 0xa8, 0x01, 0xe7, 0x6c, 0x17, 0x2d, 0xa4, 0x63, 0x8a, 0x13, + 0x68, 0xc3, 0xb7, 0xe0, 0xba, 0x5e, 0x28, 0xbe, 0x0a, 0xa7, 0x2a, 0xf9, 0x2a, 0x63, 0xbe, 0xfb, + 0x92, 0xf8, 0xb5, 0xbb, 0x46, 0xff, 0x43, 0xd5, 0x9b, 0x9e, 0x7a, 0xc7, 0x9e, 0xea, 0x20, 0xa6, + 0x54, 0x0c, 0x5b, 0x0b, 0xc7, 0xe8, 0x73, 0x2c, 0x88, 0xb1, 0x5e, 0x44, 0xa2, 0xbb, 0x84, 0xa6, + 0xfb, 0xa7, 0xa2, 0x2f, 0xd7, 0xe7, 0xa6, 0xab, 0x4d, 0x67, 0x29, 0x43, 0x12, 0x83, 0x46, 0x65, + 0x7f, 0xb8, 0xe3, 0xb6, 0x29, 0x56, 0x3e, 0x85, 0xe3, 0x1c, 0xf1, 0x89, 0x7d, 0x06, 0x75, 0x4b, + 0x17, 0x19, 0x73, 0xf7, 0x7b, 0x31, 0x25, 0x7a, 0x77, 0x1e, 0x5c, 0xd3, 0x54, 0x3d, 0xe9, 0x39, + 0xee, 0x0f, 0x77, 0x56, 0x0e, 0x53, 0x0f, 0x60, 0xa9, 0x4c, 0x44, 0x72, 0x2f, 0xf8, 0x37, 0xf3, + 0x50, 0x76, 0xf3, 0x89, 0x75, 0xf3, 0x4e, 0x6c, 0x5e, 0xe5, 0x55, 0xe2, 0x9c, 0xde, 0x51, 0x99, + 0x67, 0xbe, 0xf7, 0x0a, 0xaa, 0x15, 0xa8, 0x3c, 0xc5, 0xc8, 0xd3, 0x83, 0x96, 0xf2, 0x44, 0xd4, + 0xb9, 0xfd, 0x43, 0x40, 0x69, 0x27, 0xde, 0xef, 0x99, 0x5b, 0x2e, 0xd4, 0xa9, 0xfa, 0xc5, 0x78, + 0xf2, 0x7a, 0x4d, 0x5a, 0x19, 0xfe, 0xf1, 0xbd, 0x19, 0x41, 0xc6, 0x78, 0x77, 0x65, 0xe6, 0x8b, + 0x69, 0xc0, 0x56, 0xc6, 0x97, 0xaa, 0x4d, 0x36, 0xab, 0x92, 0xbd, 0x4f, 0xec, 0x93, 0x0d, 0xca, + 0x27, 0x95, 0x75, 0x81, 0xbf, 0x3a, 0xc8, 0xbe, 0x32, 0x9c, 0xce, 0x07, 0xa4, 0xd1, 0xbe, 0xd6, + 0xd9, 0xc7, 0xef, 0x29, 0xa5, 0x3f, 0xda, 0x0e, 0xa1, 0x01, 0x0d, 0x3b, 0xb4, 0xe4, 0xd3, 0xdc, + 0xd8, 0x4e, 0x63, 0xf3, 0x62, 0x68, 0x6a, 0xf5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x5e, 0x30, + 0x5c, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, + 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0xfe, 0x30, 0x1d, 0x06, 0x03, + 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x0c, 0x9f, 0x6c, 0xb6, 0xab, 0xc6, 0x44, 0xd3, 0x78, + 0x60, 0xe2, 0x6a, 0x69, 0xfa, 0x9d, 0xb0, 0xdb, 0x43, 0x17, 0x37, 0x30, 0x20, 0x06, 0x03, 0x55, + 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, + 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, + 0x00, 0xb1, 0x69, 0xb5, 0x64, 0x3b, 0xd6, 0xc6, 0xb4, 0xab, 0x21, 0x8a, 0xd4, 0x05, 0x15, 0x26, + 0x25, 0x2f, 0xae, 0x4b, 0xb7, 0xa1, 0x62, 0xab, 0x37, 0x15, 0xd0, 0x52, 0x59, 0x2e, 0x38, 0x64, + 0x44, 0x31, 0x07, 0xc6, 0x28, 0x53, 0x95, 0x72, 0xd0, 0x63, 0x01, 0xe7, 0x00, 0xba, 0x6a, 0x54, + 0x85, 0xcd, 0x6d, 0x96, 0x96, 0xa6, 0xdd, 0xe3, 0xba, 0x6e, 0x03, 0x47, 0xc3, 0xd0, 0xc7, 0x3c, + 0x13, 0x69, 0x51, 0xaf, 0xe0, 0xce, 0xff, 0xb2, 0xad, 0x5a, 0xc9, 0xfa, 0x5d, 0x5e, 0xe3, 0x8b, + 0x97, 0xe7, 0x25, 0xc3, 0x5d, 0x96, 0x9c, 0xed, 0x9e, 0x5a, 0xf0, 0x27, 0xd0, 0xde, 0xd0, 0x5b, + 0x02, 0x2e, 0xe3, 0x61, 0x0a, 0x1a, 0x30, 0x11, 0x11, 0x6e, 0xc4, 0xa3, 0xf1, 0x3f, 0x5e, 0x08, + 0xce, 0xaf, 0x04, 0xb9, 0xd1, 0xc7, 0x9c, 0x30, 0x49, 0xa3, 0x3d, 0xb5, 0x63, 0xa5, 0x03, 0x89, + 0x17, 0x97, 0x3d, 0xb3, 0xb6, 0x4e, 0xfd, 0xd5, 0xdc, 0x33, 0xe7, 0xa5, 0x22, 0x3f, 0x0a, 0x04, + 0x56, 0x02, 0xc2, 0x84, 0xb8, 0xff, 0x10, 0x82, 0xe4, 0x88, 0x64, 0x68, 0x62, 0xbc, 0x89, 0x64, + 0xfd, 0xf8, 0x92, 0xcd, 0x19, 0x88, 0x56, 0xa3, 0xd1, 0xc4, 0x79, 0xab, 0x38, 0xef, 0xb6, 0x84, + 0xbc, 0xaa, 0x02, 0xc4, 0x51, 0x7f, 0xb3, 0x07, 0x23, 0x44, 0x04, 0x02, 0x49, 0xde, 0xfa, 0x4c, + 0xbc, 0xcd, 0xa9, 0xa2, 0x52, 0x61, 0xd8, 0x49, 0x90, 0xcc, 0x4a, 0x63, 0x24, 0xda, 0xc9, 0x75, + 0x9d, 0xf6, 0xc0, 0xa0, 0x9f, 0xfc, 0x04, 0xb7, 0x86, 0xc0, 0x64, 0xbc, 0x18, 0xab, 0xbc, 0x82, + 0xd8, 0x2d, 0xbf, 0x6a, 0x29, 0x80, 0xd6, 0xf8, 0x20, 0xf3, 0x2b, 0x27, 0xde, 0x1e, 0xa1, 0x13, + 0xca, 0x2b, 0xfc, 0xf2, 0xb0, 0xd8, 0xb1, 0xbc, 0xf2, 0x1b, 0x6b, 0x48, 0x13, 0x7c, 0xe1, 0xa7, + 0x4a, 0x81, 0xa4, 0x9d, 0xa1, 0x20, 0x64, 0x97, 0x4c, 0x18, 0x8a, 0xd1, 0x16, 0x10, 0xb3, 0xf7, + 0xba, 0x1f, 0xa1, 0xda, 0xff, 0x41, 0x69, 0x21, 0x6c, 0xc0, 0x96, 0xa7, 0x2d, 0xfa, 0xc8, 0xbe, + 0xdd, 0xe7, 0xe9, 0xb7, 0x4a, 0x42, 0x3f, 0x6f, 0xce, 0x77, 0x56, 0x5a, 0xa7, 0x27, 0x5a, 0xea, + 0xd1, 0x83, 0x74, 0x68, 0x76, 0x15, 0x9f, 0x69, 0x14, 0x95, 0x95, 0x23, 0x17, 0x8c, 0x93, 0xd3, + 0x56, 0x0d, 0xe1, 0x8c, 0xfb, 0xf7, 0xac, 0x88, 0xe2, 0xf8, 0x1f, 0x3c, 0xd5, 0x61, 0xa5, 0x7a, + 0x87, 0xa3, 0xd3, 0x78, 0x71, 0xeb, 0x0a, 0xff, 0xa4, 0x17, 0x59, 0x70, 0xda, 0x4c, 0xb3, 0x21, + 0xd8, 0xc9, 0x53, 0x0b, 0x4f, 0x03, 0x95, 0x72, 0x9d, 0xab, 0xb1, 0xaa, 0xff, 0x48, 0x24, 0x63, + 0xbe, 0xe0, 0xe1, 0x18, 0xf3, 0xf9, 0x72, 0x64, 0xb5, 0xfa, 0xb2, 0xe5, 0x97, 0x23, 0x89, 0xd6, + 0xb4, 0xe4, 0xdb, 0xde, 0xf1, 0xa2, 0xd6, 0xdc, 0x02, 0xdc, 0x9a, 0x26, 0x70, 0xfd, 0x3a, 0x4e, + 0x06, 0x42, 0x86, 0xa1, 0xce, 0xdd, 0x03, 0x6e, 0x0e, 0x31, 0x78, 0x5a, 0x3a, 0x77, 0x07, 0x68, + 0xdf, 0x3f, 0x0f, 0xc6, 0x4f, 0x15, 0x08, 0xf4, 0x38, 0xce, 0xa0, 0x43, 0xfc, 0x44, 0xbe, 0xa1, + 0xcf, 0xe9, 0x67, 0x34, 0x63, 0x2a, 0x15, 0xc6, 0x95, 0x18, 0x77, 0xa4, 0x49, 0xd0, 0x37, 0xa5, + 0x43, 0xe2, 0x28, 0x49, 0x88, 0xae, 0xa2, 0x04, 0x3f, 0x3d, 0x1a, 0x2f, 0xee, 0x71, 0x33, 0xfc, + 0x6b, 0x28, 0x3b, 0x0d, 0x86, 0xed, 0xff, 0xe2, 0xb4, 0x2a, 0x02, 0xc5, 0xbb, 0x4a, 0x4e, 0x90, + 0x6e, 0xd9, 0xd7, 0x3e, 0x4b, 0x20, 0x0f, 0x34, 0x29, 0x43, 0x29, 0x4b, 0x2f, 0x32, 0x7f, 0xef, + 0xfb, 0x14, 0xcd, 0xd6, 0xba, 0x5d, 0x58, 0xe3, 0x65, 0x84, 0x53, 0x7b, 0x5f, 0xdc, 0xfb, 0xc0, + 0x00, 0x30, 0x82, 0x04, 0xeb, 0x30, 0x82, 0x03, 0x53, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, + 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d, 0x05, 0x00, + 0x30, 0x2b, 0x31, 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x20, 0x69, 0x6e, 0x74, + 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x63, 0x65, 0x72, 0x74, 0x30, 0x1e, 0x17, + 0x0d, 0x32, 0x32, 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x31, 0x32, 0x32, 0x39, 0x5a, 0x17, 0x0d, + 0x33, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x36, 0x31, 0x32, 0x32, 0x39, 0x5a, 0x30, 0x28, 0x31, + 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1d, 0x69, 0x6e, 0x74, 0x65, 0x6c, 0x20, + 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, + 0x65, 0x72, 0x20, 0x63, 0x65, 0x72, 0x74, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, + 0x82, 0x02, 0x0a, 0x02, 0x82, 0x02, 0x01, 0x00, 0xd4, 0xbd, 0x10, 0x0a, 0x22, 0x23, 0x44, 0x4e, + 0x6c, 0x2d, 0xca, 0x23, 0xaf, 0x94, 0x85, 0x93, 0xba, 0xbf, 0xce, 0x56, 0xb5, 0xcd, 0x34, 0x1f, + 0xc0, 0x7c, 0xb1, 0x42, 0x4b, 0x3b, 0x4c, 0xed, 0x30, 0x43, 0xea, 0x01, 0x10, 0xac, 0xfa, 0x5e, + 0xfb, 0x0f, 0xf5, 0xa9, 0x50, 0xde, 0xa3, 0x13, 0x2b, 0xac, 0x39, 0x74, 0xc0, 0x6c, 0x8b, 0x2e, + 0x52, 0xe1, 0x9b, 0xf7, 0xe4, 0xd5, 0xe6, 0x1d, 0x9d, 0xbf, 0xfd, 0x5f, 0xea, 0x68, 0x05, 0x62, + 0xbb, 0x81, 0x52, 0x23, 0x79, 0xf5, 0x5b, 0x43, 0xfc, 0xfa, 0x1c, 0xf0, 0x9b, 0xf0, 0x1a, 0xe4, + 0x95, 0xd7, 0xaf, 0xa3, 0xe7, 0xe6, 0x64, 0x31, 0xdd, 0xc9, 0x2c, 0xd7, 0x19, 0xaa, 0xd9, 0x75, + 0xc9, 0x69, 0xce, 0x15, 0xb4, 0x8f, 0x3b, 0xcd, 0xb1, 0xf9, 0x38, 0x5c, 0x07, 0x72, 0x0f, 0x38, + 0xb0, 0x44, 0xab, 0xa5, 0x0b, 0x12, 0xb2, 0x7a, 0x19, 0xaf, 0xbc, 0x1f, 0xaa, 0xe0, 0xb6, 0x22, + 0x2b, 0x1c, 0xcf, 0x48, 0xac, 0xf5, 0x43, 0xb8, 0xfa, 0x21, 0xf4, 0x15, 0x31, 0x2a, 0xdb, 0x23, + 0x3d, 0xfe, 0x87, 0x36, 0x43, 0xa3, 0xc1, 0x87, 0xdb, 0x3f, 0xde, 0x0e, 0x16, 0xef, 0xc4, 0x96, + 0xf2, 0xe6, 0xdc, 0x62, 0xb1, 0x7d, 0xeb, 0x8e, 0xbd, 0x25, 0x63, 0x8e, 0xba, 0x7d, 0xc8, 0xda, + 0x31, 0xe3, 0xea, 0x57, 0x52, 0x28, 0xae, 0x37, 0x38, 0x41, 0xcb, 0x5e, 0x2d, 0x3c, 0xcc, 0x8d, + 0xfc, 0xc4, 0x5e, 0xe3, 0xd0, 0x8d, 0x2e, 0xed, 0x6e, 0xfe, 0x9e, 0xb9, 0xf3, 0x27, 0xde, 0x07, + 0x78, 0xec, 0x00, 0xfd, 0xe4, 0x70, 0x09, 0xb2, 0xa1, 0xc5, 0xea, 0x48, 0xe0, 0xba, 0x4e, 0x7f, + 0x75, 0xe4, 0xdf, 0x6f, 0xa2, 0x26, 0xb3, 0x66, 0x9c, 0x31, 0xd6, 0xb3, 0xe2, 0xf1, 0x83, 0x90, + 0x37, 0x60, 0xde, 0xe5, 0x45, 0x10, 0x94, 0xa4, 0xd2, 0x68, 0xaf, 0x7b, 0x0f, 0x54, 0x17, 0x76, + 0x31, 0x11, 0x94, 0x45, 0x63, 0x98, 0x6f, 0xf8, 0x5b, 0xb7, 0x04, 0x40, 0x0d, 0xdb, 0x51, 0xd7, + 0xf0, 0x3c, 0x4a, 0x63, 0x88, 0xdf, 0xaf, 0x58, 0xca, 0x3b, 0x4e, 0x1a, 0x5c, 0xcb, 0xcf, 0x6d, + 0xa0, 0x05, 0x21, 0xa6, 0x50, 0x40, 0xfb, 0xd5, 0xe2, 0xa6, 0x3a, 0xfc, 0xf7, 0x62, 0x42, 0x86, + 0x9c, 0x31, 0x64, 0xe1, 0x7d, 0xdf, 0x1f, 0xf4, 0xbe, 0x01, 0x3e, 0x54, 0xe0, 0x4b, 0xe2, 0x81, + 0x9f, 0xd2, 0xb8, 0x3a, 0x67, 0x5f, 0xce, 0x87, 0xd2, 0x01, 0xa5, 0x25, 0x1f, 0xcb, 0xd2, 0x8c, + 0xc6, 0xbb, 0xbd, 0xcb, 0xe2, 0x20, 0x62, 0x0f, 0xc5, 0xc1, 0xf4, 0x0a, 0x90, 0xcd, 0x27, 0xc3, + 0x50, 0x71, 0xa2, 0x7e, 0xda, 0x7d, 0x34, 0xdb, 0xff, 0x83, 0x8b, 0xca, 0x14, 0x25, 0xc8, 0x01, + 0xe1, 0x0f, 0x02, 0x9f, 0x58, 0x5b, 0xd5, 0x02, 0xc4, 0xd1, 0xeb, 0xe7, 0x08, 0x8e, 0x5d, 0x67, + 0xa1, 0xbb, 0xe8, 0x2d, 0x5a, 0xfd, 0xc3, 0xb1, 0x34, 0x96, 0x66, 0x3d, 0x62, 0xbc, 0x51, 0xdc, + 0x9e, 0x93, 0x71, 0x89, 0x4d, 0xc1, 0xeb, 0xd4, 0x72, 0xc6, 0x64, 0x42, 0x36, 0xd8, 0xae, 0xf2, + 0x77, 0xdf, 0x45, 0x11, 0x3a, 0xc7, 0x4b, 0x69, 0x24, 0xc2, 0x0a, 0x97, 0x34, 0xcb, 0x1d, 0x70, + 0x63, 0xa8, 0x58, 0xf9, 0x72, 0x50, 0xd1, 0xd4, 0x58, 0xf5, 0x55, 0xc4, 0x76, 0x10, 0xc9, 0x63, + 0xe5, 0x37, 0x29, 0xea, 0xcb, 0xef, 0xa5, 0x81, 0xdd, 0x78, 0x95, 0x07, 0xd4, 0xab, 0xd8, 0x49, + 0x1a, 0x68, 0x88, 0x73, 0x7d, 0x10, 0x62, 0x6c, 0xee, 0x60, 0xd5, 0x45, 0x75, 0xd9, 0x51, 0xde, + 0xf6, 0xd5, 0xa5, 0x4e, 0x34, 0x68, 0x13, 0xf0, 0xdf, 0xff, 0x52, 0x41, 0x61, 0x22, 0x53, 0xba, + 0xae, 0xcf, 0x3f, 0xcf, 0x93, 0x57, 0xe8, 0x87, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0x9c, + 0x30, 0x81, 0x99, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, + 0x00, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x05, 0xe0, 0x30, 0x1d, + 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x3f, 0xf3, 0x87, 0xfa, 0xb0, 0x68, 0xca, + 0xb2, 0xfe, 0x0b, 0xa2, 0xb4, 0x8e, 0xb8, 0x82, 0x22, 0x05, 0x83, 0x34, 0xff, 0x30, 0x31, 0x06, + 0x03, 0x55, 0x1d, 0x11, 0x04, 0x2a, 0x30, 0x28, 0xa0, 0x26, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, + 0x01, 0x83, 0x1c, 0x82, 0x12, 0x01, 0xa0, 0x18, 0x0c, 0x16, 0x41, 0x43, 0x4d, 0x45, 0x3a, 0x57, + 0x49, 0x44, 0x47, 0x45, 0x54, 0x3a, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, + 0x30, 0x2a, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x20, 0x30, 0x1e, 0x06, 0x08, + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x03, 0x02, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d, 0x05, 0x00, 0x03, 0x82, 0x01, 0x81, 0x00, + 0x9c, 0xb1, 0xbd, 0x1f, 0x21, 0x61, 0xf3, 0x79, 0xe9, 0x46, 0x7e, 0xe7, 0x6c, 0xac, 0x31, 0x9f, + 0x93, 0xfa, 0xb8, 0xcd, 0x5a, 0x7b, 0x93, 0x87, 0xd7, 0xa8, 0x3f, 0x05, 0x3f, 0x2b, 0xd8, 0x79, + 0xd3, 0x50, 0xd9, 0x6e, 0x34, 0x16, 0x6a, 0x24, 0x51, 0x8e, 0xd6, 0x36, 0x00, 0x57, 0xe6, 0xc9, + 0x5d, 0x3b, 0x8f, 0x4b, 0xc6, 0x58, 0x66, 0xd5, 0x34, 0xc3, 0xb6, 0x00, 0x4e, 0x5c, 0x65, 0x08, + 0x82, 0x59, 0x56, 0x6b, 0x2a, 0xad, 0x72, 0x2b, 0x38, 0x7a, 0x26, 0x17, 0x12, 0x3b, 0x9e, 0x52, + 0xa8, 0x1f, 0x32, 0x61, 0xc3, 0xf8, 0x29, 0x0c, 0xe4, 0xc8, 0x3a, 0x2c, 0x49, 0x68, 0x93, 0x93, + 0x13, 0xdb, 0x3a, 0xa4, 0xe9, 0xf2, 0x2d, 0x43, 0x35, 0xc1, 0x3e, 0xeb, 0xc7, 0x33, 0x0c, 0xe3, + 0x0b, 0xd3, 0x7c, 0x33, 0x3c, 0x30, 0xd8, 0x1a, 0xb3, 0xb8, 0xea, 0x10, 0xbb, 0x6a, 0xd5, 0xec, + 0xd8, 0x2d, 0x99, 0x05, 0xdc, 0xcc, 0x08, 0xec, 0xe1, 0xe2, 0xed, 0x1e, 0x59, 0x62, 0x8d, 0x6e, + 0x5e, 0xb5, 0x74, 0x23, 0x9c, 0xbe, 0x64, 0x06, 0x50, 0x97, 0xf2, 0x29, 0x12, 0x23, 0xb6, 0x92, + 0xf9, 0x35, 0x7d, 0x79, 0xe3, 0x1a, 0x9a, 0xe2, 0xf2, 0x9f, 0xe2, 0x9a, 0x63, 0xee, 0x4c, 0xa7, + 0xad, 0x24, 0x51, 0x8c, 0x9e, 0x89, 0x59, 0x74, 0x68, 0xcc, 0x9f, 0x11, 0x30, 0x14, 0x2f, 0x69, + 0xe1, 0x6f, 0xe0, 0xd0, 0x0e, 0xae, 0x5b, 0xb5, 0x31, 0x08, 0x76, 0x72, 0xa8, 0x49, 0xdf, 0x7e, + 0x9a, 0x90, 0x7d, 0x53, 0x64, 0x94, 0x30, 0x73, 0xca, 0xde, 0x0d, 0xb4, 0x05, 0xe2, 0xa5, 0xcb, + 0xed, 0x73, 0xf8, 0x33, 0xd5, 0xbd, 0x7c, 0x9f, 0xc1, 0xf7, 0x27, 0xae, 0x7f, 0xd3, 0xac, 0xad, + 0xb6, 0x65, 0x2d, 0x88, 0x39, 0xdc, 0x4c, 0x82, 0x8c, 0xca, 0x40, 0x61, 0x9d, 0x64, 0x05, 0xbb, + 0x22, 0xa9, 0x0f, 0xba, 0xe3, 0x0a, 0x67, 0xf7, 0x33, 0xa3, 0xd8, 0xd7, 0xc9, 0xd1, 0xc8, 0x8f, + 0x0d, 0x61, 0xb2, 0x78, 0x00, 0x4b, 0xa1, 0x77, 0x82, 0x7c, 0xe8, 0x56, 0x72, 0xcf, 0x13, 0x8e, + 0x65, 0xa4, 0x7b, 0x3d, 0x0f, 0xd8, 0x6a, 0xad, 0x03, 0xfe, 0x8c, 0x0f, 0xf2, 0x63, 0x9e, 0xfd, + 0x03, 0xf3, 0xcb, 0xfc, 0x41, 0x35, 0x64, 0xe4, 0x1e, 0x69, 0x87, 0x8c, 0xd0, 0xc2, 0x21, 0xcf, + 0xc2, 0x30, 0x0f, 0xc3, 0x24, 0xc9, 0x9b, 0xbd, 0x6a, 0x35, 0x12, 0x74, 0x32, 0xc2, 0xa2, 0xbe, + 0x17, 0x40, 0x38, 0x83, 0xfb, 0xaf, 0xac, 0x90, 0x79, 0x4f, 0x11, 0xa9, 0x70, 0x2f, 0xf1, 0x75, + 0x20, 0x9d, 0xb5, 0x67, 0x0b, 0xac, 0x2f, 0x3f, 0x61, 0xf2, 0xdf, 0x96, 0xad, 0x17, 0xd9, 0xe8, + 0x49, 0x75, 0x1c, 0xad, 0x63, 0xa7, 0x90, 0x79, 0x3c, 0x72, 0x7d, 0xf9, 0xff, 0xd2, 0x86, 0x83, +}; +UINTN TestCertChain4Size = sizeof (TestCertChain4); diff --git a/DeviceSecurityTestPkg/Test/DeployCert/TestRootKey.c b/DeviceSecurityTestPkg/Test/DeployCert/TestRootKey.c new file mode 100644 index 00000000000..dc3d630a5ca --- /dev/null +++ b/DeviceSecurityTestPkg/Test/DeployCert/TestRootKey.c @@ -0,0 +1,603 @@ +/** @file + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 TestRootKey[] = { + 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x42, 0x45, 0x47, 0x49, 0x4E, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, + 0x54, 0x45, 0x20, 0x4B, 0x45, 0x59, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0D, 0x0A, 0x4D, 0x49, 0x49, + 0x45, 0x76, 0x67, 0x49, 0x42, 0x41, 0x44, 0x41, 0x4E, 0x42, 0x67, 0x6B, 0x71, 0x68, 0x6B, 0x69, + 0x47, 0x39, 0x77, 0x30, 0x42, 0x41, 0x51, 0x45, 0x46, 0x41, 0x41, 0x53, 0x43, 0x42, 0x4B, 0x67, + 0x77, 0x67, 0x67, 0x53, 0x6B, 0x41, 0x67, 0x45, 0x41, 0x41, 0x6F, 0x49, 0x42, 0x41, 0x51, 0x43, + 0x54, 0x52, 0x2F, 0x4E, 0x78, 0x61, 0x79, 0x51, 0x65, 0x77, 0x4F, 0x74, 0x72, 0x0D, 0x0A, 0x49, + 0x69, 0x50, 0x6E, 0x79, 0x42, 0x43, 0x64, 0x73, 0x75, 0x38, 0x65, 0x5A, 0x65, 0x6E, 0x2F, 0x31, + 0x6A, 0x66, 0x75, 0x78, 0x54, 0x38, 0x70, 0x4A, 0x5A, 0x53, 0x30, 0x4D, 0x4A, 0x64, 0x52, 0x34, + 0x31, 0x47, 0x6B, 0x4F, 0x64, 0x45, 0x6E, 0x4D, 0x70, 0x35, 0x72, 0x67, 0x4D, 0x49, 0x70, 0x38, + 0x69, 0x6A, 0x52, 0x53, 0x64, 0x78, 0x69, 0x4A, 0x31, 0x73, 0x2F, 0x7A, 0x6F, 0x50, 0x58, 0x0D, + 0x0A, 0x65, 0x77, 0x6B, 0x33, 0x53, 0x42, 0x5A, 0x2F, 0x4C, 0x6D, 0x37, 0x36, 0x5A, 0x36, 0x71, + 0x53, 0x46, 0x38, 0x76, 0x2F, 0x53, 0x2B, 0x4D, 0x62, 0x30, 0x61, 0x62, 0x6A, 0x62, 0x45, 0x32, + 0x66, 0x6E, 0x73, 0x63, 0x42, 0x37, 0x5A, 0x38, 0x55, 0x73, 0x44, 0x52, 0x45, 0x6F, 0x6F, 0x67, + 0x6F, 0x38, 0x6A, 0x2B, 0x74, 0x38, 0x76, 0x64, 0x52, 0x6A, 0x50, 0x35, 0x44, 0x63, 0x2F, 0x71, + 0x4E, 0x0D, 0x0A, 0x4C, 0x32, 0x4F, 0x4D, 0x44, 0x75, 0x55, 0x6E, 0x33, 0x42, 0x4B, 0x42, 0x4A, + 0x75, 0x71, 0x53, 0x5A, 0x33, 0x33, 0x4A, 0x2F, 0x4F, 0x78, 0x4D, 0x7A, 0x48, 0x6C, 0x4E, 0x4C, + 0x66, 0x37, 0x32, 0x59, 0x37, 0x64, 0x6A, 0x79, 0x6E, 0x41, 0x6B, 0x34, 0x43, 0x4E, 0x54, 0x6B, + 0x75, 0x68, 0x57, 0x74, 0x34, 0x56, 0x74, 0x4A, 0x5A, 0x37, 0x67, 0x4A, 0x4B, 0x68, 0x63, 0x34, + 0x41, 0x2F, 0x42, 0x0D, 0x0A, 0x74, 0x69, 0x41, 0x76, 0x68, 0x53, 0x70, 0x6E, 0x39, 0x68, 0x74, + 0x59, 0x59, 0x46, 0x6F, 0x55, 0x32, 0x73, 0x49, 0x44, 0x45, 0x48, 0x6B, 0x7A, 0x50, 0x45, 0x48, + 0x47, 0x76, 0x74, 0x4C, 0x75, 0x4C, 0x32, 0x58, 0x56, 0x72, 0x5A, 0x7A, 0x47, 0x43, 0x61, 0x34, + 0x6D, 0x38, 0x71, 0x7A, 0x43, 0x5A, 0x52, 0x4A, 0x30, 0x43, 0x65, 0x69, 0x4A, 0x5A, 0x76, 0x61, + 0x56, 0x75, 0x47, 0x70, 0x66, 0x0D, 0x0A, 0x6C, 0x73, 0x49, 0x38, 0x6E, 0x77, 0x46, 0x53, 0x71, + 0x4D, 0x68, 0x4F, 0x32, 0x4C, 0x71, 0x56, 0x4F, 0x46, 0x76, 0x34, 0x78, 0x6B, 0x4E, 0x55, 0x72, + 0x47, 0x4F, 0x51, 0x31, 0x4E, 0x34, 0x52, 0x51, 0x43, 0x66, 0x6C, 0x45, 0x68, 0x31, 0x79, 0x6F, + 0x75, 0x79, 0x74, 0x43, 0x6F, 0x74, 0x6F, 0x49, 0x5A, 0x33, 0x71, 0x46, 0x6E, 0x42, 0x66, 0x4D, + 0x6A, 0x72, 0x74, 0x54, 0x77, 0x75, 0x79, 0x0D, 0x0A, 0x52, 0x42, 0x39, 0x45, 0x6D, 0x30, 0x77, + 0x44, 0x41, 0x67, 0x4D, 0x42, 0x41, 0x41, 0x45, 0x43, 0x67, 0x67, 0x45, 0x41, 0x44, 0x67, 0x5A, + 0x2F, 0x44, 0x32, 0x44, 0x31, 0x6D, 0x70, 0x77, 0x69, 0x6A, 0x78, 0x77, 0x38, 0x4D, 0x52, 0x6C, + 0x6A, 0x51, 0x37, 0x46, 0x44, 0x68, 0x6A, 0x43, 0x4D, 0x58, 0x52, 0x6D, 0x6F, 0x54, 0x2B, 0x75, + 0x6D, 0x76, 0x53, 0x4E, 0x67, 0x43, 0x74, 0x7A, 0x4A, 0x0D, 0x0A, 0x76, 0x44, 0x6D, 0x61, 0x6A, + 0x37, 0x6F, 0x56, 0x79, 0x64, 0x62, 0x50, 0x4D, 0x55, 0x75, 0x63, 0x73, 0x65, 0x50, 0x6D, 0x73, + 0x53, 0x2B, 0x49, 0x64, 0x69, 0x78, 0x72, 0x53, 0x79, 0x4D, 0x2B, 0x65, 0x4F, 0x6D, 0x31, 0x6B, + 0x66, 0x63, 0x69, 0x64, 0x56, 0x41, 0x56, 0x72, 0x33, 0x44, 0x70, 0x31, 0x47, 0x6E, 0x42, 0x75, + 0x6E, 0x6B, 0x65, 0x6B, 0x6F, 0x71, 0x66, 0x69, 0x75, 0x37, 0x49, 0x0D, 0x0A, 0x59, 0x5A, 0x66, + 0x38, 0x4F, 0x5A, 0x6E, 0x49, 0x57, 0x57, 0x38, 0x43, 0x4F, 0x7A, 0x73, 0x44, 0x48, 0x6D, 0x73, + 0x62, 0x56, 0x31, 0x52, 0x59, 0x36, 0x77, 0x49, 0x7A, 0x51, 0x48, 0x63, 0x74, 0x39, 0x2F, 0x33, + 0x34, 0x53, 0x2B, 0x45, 0x72, 0x50, 0x32, 0x56, 0x38, 0x75, 0x61, 0x48, 0x63, 0x47, 0x72, 0x38, + 0x53, 0x51, 0x6F, 0x62, 0x38, 0x64, 0x62, 0x2F, 0x50, 0x47, 0x57, 0x4E, 0x50, 0x0D, 0x0A, 0x39, + 0x5A, 0x6B, 0x50, 0x32, 0x2F, 0x54, 0x68, 0x41, 0x6E, 0x36, 0x78, 0x58, 0x38, 0x6B, 0x51, 0x4B, + 0x6D, 0x78, 0x62, 0x44, 0x71, 0x2B, 0x6A, 0x65, 0x71, 0x45, 0x79, 0x48, 0x6F, 0x38, 0x5A, 0x6E, + 0x4E, 0x39, 0x47, 0x70, 0x5A, 0x4D, 0x69, 0x79, 0x31, 0x70, 0x71, 0x69, 0x30, 0x64, 0x2B, 0x6D, + 0x2B, 0x4D, 0x75, 0x6D, 0x73, 0x56, 0x64, 0x70, 0x59, 0x79, 0x45, 0x32, 0x38, 0x39, 0x4A, 0x0D, + 0x0A, 0x57, 0x53, 0x6C, 0x47, 0x39, 0x66, 0x4C, 0x4C, 0x59, 0x4E, 0x6C, 0x66, 0x43, 0x6E, 0x52, + 0x57, 0x37, 0x79, 0x68, 0x59, 0x4E, 0x78, 0x69, 0x51, 0x41, 0x63, 0x39, 0x50, 0x4A, 0x37, 0x75, + 0x69, 0x56, 0x6F, 0x42, 0x57, 0x7A, 0x31, 0x6D, 0x35, 0x33, 0x59, 0x77, 0x65, 0x4B, 0x65, 0x57, + 0x78, 0x64, 0x4B, 0x4E, 0x77, 0x65, 0x56, 0x6B, 0x33, 0x38, 0x4B, 0x37, 0x67, 0x55, 0x64, 0x4B, + 0x5A, 0x0D, 0x0A, 0x53, 0x30, 0x4B, 0x58, 0x6C, 0x6E, 0x2F, 0x71, 0x6D, 0x41, 0x35, 0x73, 0x63, + 0x2F, 0x64, 0x46, 0x46, 0x61, 0x65, 0x47, 0x31, 0x49, 0x6F, 0x6B, 0x34, 0x7A, 0x59, 0x72, 0x58, + 0x6F, 0x66, 0x76, 0x6F, 0x44, 0x72, 0x4F, 0x32, 0x47, 0x48, 0x63, 0x6D, 0x51, 0x4B, 0x42, 0x67, + 0x51, 0x44, 0x44, 0x6B, 0x35, 0x74, 0x41, 0x41, 0x79, 0x32, 0x63, 0x4E, 0x76, 0x68, 0x36, 0x45, + 0x4A, 0x77, 0x5A, 0x0D, 0x0A, 0x36, 0x78, 0x55, 0x71, 0x44, 0x42, 0x71, 0x35, 0x53, 0x67, 0x63, + 0x34, 0x44, 0x67, 0x42, 0x43, 0x57, 0x35, 0x30, 0x67, 0x4D, 0x57, 0x42, 0x69, 0x34, 0x51, 0x48, + 0x69, 0x31, 0x72, 0x55, 0x4E, 0x54, 0x4F, 0x51, 0x36, 0x5A, 0x46, 0x75, 0x6F, 0x50, 0x32, 0x4D, + 0x38, 0x34, 0x64, 0x6C, 0x67, 0x71, 0x72, 0x71, 0x5A, 0x6C, 0x50, 0x75, 0x52, 0x71, 0x33, 0x35, + 0x35, 0x30, 0x46, 0x50, 0x59, 0x0D, 0x0A, 0x73, 0x54, 0x75, 0x51, 0x35, 0x65, 0x47, 0x79, 0x39, + 0x75, 0x41, 0x76, 0x72, 0x55, 0x63, 0x4F, 0x4F, 0x58, 0x54, 0x78, 0x48, 0x57, 0x43, 0x71, 0x77, + 0x4E, 0x50, 0x36, 0x52, 0x52, 0x78, 0x76, 0x73, 0x75, 0x38, 0x37, 0x77, 0x37, 0x31, 0x7A, 0x61, + 0x78, 0x6E, 0x6B, 0x6D, 0x43, 0x39, 0x6D, 0x58, 0x30, 0x37, 0x50, 0x73, 0x72, 0x78, 0x64, 0x74, + 0x58, 0x4B, 0x76, 0x70, 0x68, 0x42, 0x6D, 0x0D, 0x0A, 0x66, 0x48, 0x4E, 0x75, 0x4C, 0x6C, 0x35, + 0x62, 0x55, 0x71, 0x67, 0x6A, 0x4B, 0x64, 0x63, 0x5A, 0x36, 0x6A, 0x4C, 0x6E, 0x4D, 0x33, 0x67, + 0x6E, 0x5A, 0x77, 0x4B, 0x42, 0x67, 0x51, 0x44, 0x41, 0x79, 0x4A, 0x64, 0x75, 0x42, 0x6A, 0x65, + 0x69, 0x6D, 0x2B, 0x75, 0x46, 0x75, 0x43, 0x32, 0x37, 0x6E, 0x52, 0x39, 0x79, 0x42, 0x52, 0x63, + 0x64, 0x48, 0x58, 0x33, 0x44, 0x41, 0x7A, 0x6E, 0x66, 0x0D, 0x0A, 0x68, 0x38, 0x64, 0x6B, 0x53, + 0x6C, 0x32, 0x79, 0x33, 0x39, 0x2F, 0x72, 0x70, 0x6A, 0x63, 0x74, 0x39, 0x63, 0x6F, 0x31, 0x67, + 0x47, 0x39, 0x36, 0x45, 0x2B, 0x42, 0x33, 0x78, 0x6D, 0x6E, 0x45, 0x63, 0x6F, 0x55, 0x39, 0x30, + 0x30, 0x52, 0x44, 0x55, 0x48, 0x35, 0x2B, 0x4F, 0x49, 0x6D, 0x77, 0x43, 0x43, 0x72, 0x69, 0x71, + 0x35, 0x34, 0x74, 0x42, 0x6D, 0x37, 0x79, 0x51, 0x32, 0x36, 0x47, 0x0D, 0x0A, 0x32, 0x43, 0x43, + 0x49, 0x55, 0x33, 0x42, 0x55, 0x34, 0x47, 0x79, 0x72, 0x56, 0x64, 0x54, 0x75, 0x4E, 0x56, 0x41, + 0x44, 0x4C, 0x4B, 0x4E, 0x63, 0x4D, 0x35, 0x36, 0x44, 0x73, 0x32, 0x6A, 0x57, 0x4B, 0x76, 0x51, + 0x6A, 0x32, 0x6A, 0x38, 0x50, 0x78, 0x4C, 0x47, 0x32, 0x39, 0x67, 0x47, 0x77, 0x6A, 0x58, 0x6D, + 0x2B, 0x68, 0x4A, 0x63, 0x71, 0x32, 0x30, 0x58, 0x76, 0x73, 0x30, 0x44, 0x6A, 0x0D, 0x0A, 0x38, + 0x34, 0x65, 0x59, 0x30, 0x72, 0x66, 0x68, 0x42, 0x51, 0x4B, 0x42, 0x67, 0x51, 0x43, 0x32, 0x72, + 0x44, 0x37, 0x39, 0x47, 0x6A, 0x72, 0x57, 0x78, 0x79, 0x31, 0x73, 0x37, 0x65, 0x69, 0x76, 0x2B, + 0x4C, 0x68, 0x71, 0x37, 0x71, 0x56, 0x6A, 0x58, 0x62, 0x62, 0x43, 0x62, 0x36, 0x6C, 0x6B, 0x55, + 0x61, 0x66, 0x41, 0x4D, 0x76, 0x35, 0x68, 0x50, 0x4F, 0x4D, 0x44, 0x47, 0x69, 0x49, 0x2F, 0x0D, + 0x0A, 0x79, 0x77, 0x72, 0x39, 0x55, 0x31, 0x47, 0x64, 0x49, 0x35, 0x2B, 0x77, 0x64, 0x51, 0x38, + 0x52, 0x30, 0x45, 0x57, 0x38, 0x50, 0x38, 0x42, 0x39, 0x76, 0x68, 0x33, 0x43, 0x37, 0x34, 0x66, + 0x78, 0x52, 0x52, 0x46, 0x71, 0x39, 0x4A, 0x7A, 0x4D, 0x43, 0x50, 0x55, 0x36, 0x38, 0x76, 0x45, + 0x45, 0x59, 0x7A, 0x78, 0x4D, 0x48, 0x58, 0x46, 0x31, 0x36, 0x2B, 0x66, 0x53, 0x77, 0x67, 0x79, + 0x65, 0x0D, 0x0A, 0x64, 0x42, 0x59, 0x70, 0x7A, 0x31, 0x6B, 0x37, 0x33, 0x64, 0x52, 0x77, 0x68, + 0x49, 0x6A, 0x35, 0x61, 0x4A, 0x6E, 0x33, 0x4F, 0x32, 0x33, 0x66, 0x5A, 0x53, 0x51, 0x36, 0x31, + 0x62, 0x52, 0x4A, 0x31, 0x59, 0x49, 0x48, 0x62, 0x72, 0x33, 0x70, 0x4E, 0x4A, 0x6F, 0x68, 0x52, + 0x65, 0x70, 0x49, 0x70, 0x55, 0x78, 0x6F, 0x55, 0x4E, 0x57, 0x77, 0x6A, 0x77, 0x4B, 0x42, 0x67, + 0x48, 0x56, 0x38, 0x0D, 0x0A, 0x43, 0x53, 0x54, 0x49, 0x37, 0x7A, 0x44, 0x4F, 0x75, 0x6F, 0x71, + 0x45, 0x51, 0x6F, 0x4B, 0x61, 0x62, 0x32, 0x5A, 0x71, 0x43, 0x62, 0x72, 0x35, 0x6C, 0x51, 0x47, + 0x36, 0x50, 0x70, 0x4F, 0x6C, 0x79, 0x48, 0x4B, 0x72, 0x43, 0x30, 0x30, 0x4F, 0x4F, 0x41, 0x55, + 0x42, 0x42, 0x35, 0x47, 0x66, 0x76, 0x33, 0x6F, 0x35, 0x61, 0x6A, 0x5A, 0x49, 0x56, 0x4C, 0x78, + 0x4A, 0x6B, 0x33, 0x31, 0x66, 0x0D, 0x0A, 0x6D, 0x53, 0x6D, 0x6A, 0x54, 0x57, 0x2B, 0x45, 0x5A, + 0x34, 0x48, 0x2B, 0x62, 0x4A, 0x4A, 0x31, 0x64, 0x38, 0x55, 0x70, 0x64, 0x7A, 0x7A, 0x54, 0x4E, + 0x64, 0x75, 0x34, 0x45, 0x6D, 0x78, 0x6B, 0x32, 0x2F, 0x61, 0x59, 0x65, 0x74, 0x57, 0x4F, 0x36, + 0x30, 0x72, 0x44, 0x42, 0x50, 0x2B, 0x69, 0x52, 0x37, 0x2B, 0x58, 0x66, 0x58, 0x71, 0x63, 0x44, + 0x70, 0x63, 0x4F, 0x52, 0x2B, 0x35, 0x30, 0x0D, 0x0A, 0x77, 0x4E, 0x48, 0x30, 0x6D, 0x41, 0x66, + 0x42, 0x41, 0x39, 0x69, 0x50, 0x4E, 0x56, 0x70, 0x6C, 0x37, 0x58, 0x4B, 0x59, 0x6C, 0x52, 0x4E, + 0x4F, 0x43, 0x2B, 0x48, 0x58, 0x4B, 0x4D, 0x32, 0x43, 0x52, 0x50, 0x6C, 0x79, 0x4F, 0x52, 0x4D, + 0x4E, 0x41, 0x6F, 0x47, 0x42, 0x41, 0x4C, 0x50, 0x66, 0x58, 0x5A, 0x53, 0x55, 0x37, 0x67, 0x41, + 0x33, 0x6E, 0x52, 0x79, 0x49, 0x41, 0x79, 0x57, 0x4A, 0x0D, 0x0A, 0x54, 0x58, 0x7A, 0x54, 0x4D, + 0x6B, 0x69, 0x68, 0x56, 0x68, 0x4C, 0x44, 0x73, 0x33, 0x36, 0x7A, 0x74, 0x4A, 0x45, 0x79, 0x53, + 0x4B, 0x52, 0x43, 0x48, 0x67, 0x4B, 0x2B, 0x7A, 0x50, 0x42, 0x6D, 0x57, 0x54, 0x79, 0x44, 0x55, + 0x66, 0x4E, 0x46, 0x63, 0x4E, 0x33, 0x35, 0x36, 0x62, 0x31, 0x6A, 0x62, 0x2B, 0x58, 0x30, 0x66, + 0x4B, 0x6B, 0x72, 0x47, 0x78, 0x41, 0x76, 0x73, 0x61, 0x75, 0x34, 0x0D, 0x0A, 0x36, 0x79, 0x51, + 0x6B, 0x57, 0x79, 0x49, 0x55, 0x59, 0x32, 0x64, 0x38, 0x45, 0x4F, 0x76, 0x45, 0x36, 0x6F, 0x4B, + 0x79, 0x6D, 0x54, 0x56, 0x53, 0x32, 0x4A, 0x76, 0x57, 0x4A, 0x7A, 0x32, 0x57, 0x4D, 0x51, 0x59, + 0x5A, 0x59, 0x45, 0x4D, 0x71, 0x48, 0x47, 0x47, 0x45, 0x6A, 0x34, 0x77, 0x4A, 0x42, 0x41, 0x53, + 0x4F, 0x50, 0x72, 0x34, 0x65, 0x45, 0x4D, 0x32, 0x33, 0x56, 0x6F, 0x4B, 0x55, 0x0D, 0x0A, 0x72, + 0x77, 0x41, 0x2F, 0x30, 0x71, 0x4A, 0x36, 0x43, 0x4C, 0x75, 0x54, 0x59, 0x36, 0x4A, 0x79, 0x42, + 0x6F, 0x4F, 0x38, 0x68, 0x71, 0x42, 0x72, 0x0D, 0x0A, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x45, 0x4E, + 0x44, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4B, 0x45, 0x59, 0x2D, 0x2D, 0x2D, + 0x2D, 0x2D, 0x0D, 0x0A, +}; +UINTN TestRootKeySize = sizeof (TestRootKey); + +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 TestRootKey2[] = { + 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, + 0x54, 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x45, + 0x76, 0x51, 0x49, 0x42, 0x41, 0x44, 0x41, 0x4e, 0x42, 0x67, 0x6b, 0x71, 0x68, 0x6b, 0x69, 0x47, + 0x39, 0x77, 0x30, 0x42, 0x41, 0x51, 0x45, 0x46, 0x41, 0x41, 0x53, 0x43, 0x42, 0x4b, 0x63, 0x77, + 0x67, 0x67, 0x53, 0x6a, 0x41, 0x67, 0x45, 0x41, 0x41, 0x6f, 0x49, 0x42, 0x41, 0x51, 0x43, 0x78, + 0x4a, 0x42, 0x55, 0x50, 0x46, 0x39, 0x41, 0x41, 0x70, 0x2b, 0x62, 0x41, 0x0a, 0x49, 0x65, 0x30, + 0x6f, 0x6e, 0x67, 0x4e, 0x46, 0x47, 0x4f, 0x35, 0x31, 0x43, 0x54, 0x6c, 0x7a, 0x53, 0x6d, 0x6f, + 0x70, 0x76, 0x66, 0x66, 0x30, 0x49, 0x41, 0x54, 0x79, 0x55, 0x51, 0x33, 0x31, 0x78, 0x31, 0x64, + 0x56, 0x4e, 0x49, 0x61, 0x61, 0x45, 0x5a, 0x74, 0x75, 0x6c, 0x42, 0x44, 0x67, 0x34, 0x6e, 0x71, + 0x2f, 0x4a, 0x65, 0x62, 0x45, 0x49, 0x47, 0x31, 0x67, 0x47, 0x47, 0x48, 0x32, 0x0a, 0x71, 0x73, + 0x36, 0x6c, 0x2b, 0x45, 0x72, 0x51, 0x45, 0x71, 0x47, 0x77, 0x2b, 0x6a, 0x37, 0x32, 0x74, 0x56, + 0x44, 0x6a, 0x57, 0x6f, 0x48, 0x62, 0x57, 0x35, 0x75, 0x79, 0x61, 0x71, 0x4d, 0x6c, 0x65, 0x5a, + 0x66, 0x4f, 0x65, 0x7a, 0x42, 0x56, 0x7a, 0x79, 0x79, 0x72, 0x46, 0x38, 0x78, 0x67, 0x5a, 0x51, + 0x4e, 0x42, 0x75, 0x4d, 0x75, 0x53, 0x2f, 0x53, 0x50, 0x77, 0x75, 0x6f, 0x6a, 0x70, 0x0a, 0x2b, + 0x2b, 0x6e, 0x34, 0x62, 0x6b, 0x62, 0x4f, 0x6a, 0x64, 0x61, 0x71, 0x39, 0x54, 0x33, 0x72, 0x6c, + 0x39, 0x53, 0x55, 0x42, 0x58, 0x6c, 0x42, 0x7a, 0x37, 0x65, 0x31, 0x65, 0x75, 0x2f, 0x31, 0x34, + 0x75, 0x69, 0x6e, 0x6b, 0x56, 0x54, 0x42, 0x71, 0x4f, 0x6c, 0x45, 0x44, 0x36, 0x68, 0x43, 0x64, + 0x58, 0x4b, 0x6a, 0x62, 0x52, 0x51, 0x7a, 0x4f, 0x37, 0x50, 0x56, 0x75, 0x63, 0x42, 0x49, 0x0a, + 0x4a, 0x4d, 0x63, 0x73, 0x52, 0x4a, 0x30, 0x32, 0x63, 0x42, 0x54, 0x52, 0x41, 0x56, 0x68, 0x57, + 0x2f, 0x45, 0x6a, 0x52, 0x68, 0x35, 0x46, 0x72, 0x75, 0x44, 0x71, 0x58, 0x31, 0x52, 0x49, 0x62, + 0x73, 0x6c, 0x75, 0x31, 0x38, 0x75, 0x50, 0x4d, 0x54, 0x57, 0x46, 0x6e, 0x5a, 0x4c, 0x67, 0x7a, + 0x61, 0x38, 0x45, 0x52, 0x50, 0x35, 0x2b, 0x65, 0x36, 0x7a, 0x4d, 0x69, 0x59, 0x43, 0x73, 0x68, + 0x0a, 0x53, 0x45, 0x58, 0x30, 0x59, 0x55, 0x34, 0x68, 0x63, 0x34, 0x2b, 0x30, 0x6c, 0x69, 0x46, + 0x7a, 0x6e, 0x77, 0x76, 0x59, 0x4b, 0x2b, 0x2b, 0x73, 0x71, 0x55, 0x4e, 0x4b, 0x2f, 0x33, 0x70, + 0x5a, 0x2b, 0x68, 0x7a, 0x2f, 0x33, 0x7a, 0x53, 0x71, 0x79, 0x4f, 0x6f, 0x59, 0x67, 0x51, 0x44, + 0x6e, 0x39, 0x54, 0x38, 0x4c, 0x2b, 0x46, 0x46, 0x77, 0x6b, 0x4c, 0x75, 0x4c, 0x4b, 0x33, 0x71, + 0x4f, 0x0a, 0x57, 0x58, 0x57, 0x4b, 0x50, 0x6d, 0x76, 0x39, 0x41, 0x67, 0x4d, 0x42, 0x41, 0x41, + 0x45, 0x43, 0x67, 0x67, 0x45, 0x41, 0x4c, 0x65, 0x7a, 0x62, 0x35, 0x4e, 0x6a, 0x59, 0x6e, 0x59, + 0x4c, 0x71, 0x53, 0x54, 0x2f, 0x43, 0x65, 0x37, 0x68, 0x54, 0x77, 0x72, 0x4e, 0x50, 0x42, 0x31, + 0x72, 0x48, 0x34, 0x55, 0x4d, 0x57, 0x75, 0x52, 0x47, 0x2b, 0x57, 0x6a, 0x56, 0x2b, 0x38, 0x73, + 0x2f, 0x65, 0x0a, 0x33, 0x61, 0x79, 0x37, 0x30, 0x4b, 0x52, 0x59, 0x6a, 0x56, 0x4d, 0x70, 0x53, + 0x41, 0x62, 0x74, 0x52, 0x56, 0x43, 0x53, 0x59, 0x45, 0x4a, 0x55, 0x54, 0x4e, 0x37, 0x58, 0x58, + 0x49, 0x57, 0x56, 0x79, 0x46, 0x7a, 0x4b, 0x54, 0x4b, 0x39, 0x4e, 0x76, 0x68, 0x70, 0x47, 0x66, + 0x31, 0x71, 0x78, 0x76, 0x6b, 0x61, 0x4e, 0x33, 0x52, 0x50, 0x57, 0x2f, 0x4f, 0x63, 0x49, 0x4f, + 0x37, 0x35, 0x33, 0x0a, 0x34, 0x37, 0x78, 0x64, 0x68, 0x6a, 0x50, 0x62, 0x2b, 0x54, 0x4e, 0x49, + 0x4d, 0x6d, 0x64, 0x75, 0x48, 0x6b, 0x4f, 0x79, 0x44, 0x33, 0x54, 0x34, 0x6d, 0x6e, 0x67, 0x30, + 0x76, 0x44, 0x47, 0x77, 0x55, 0x33, 0x46, 0x7a, 0x58, 0x47, 0x78, 0x43, 0x77, 0x55, 0x52, 0x32, + 0x74, 0x6b, 0x58, 0x30, 0x73, 0x73, 0x4c, 0x66, 0x59, 0x79, 0x7a, 0x30, 0x48, 0x67, 0x4c, 0x62, + 0x62, 0x78, 0x6f, 0x73, 0x0a, 0x61, 0x48, 0x53, 0x54, 0x76, 0x71, 0x36, 0x68, 0x49, 0x65, 0x51, + 0x74, 0x36, 0x2b, 0x77, 0x74, 0x49, 0x6b, 0x56, 0x4a, 0x56, 0x74, 0x42, 0x66, 0x32, 0x79, 0x69, + 0x74, 0x55, 0x64, 0x43, 0x56, 0x79, 0x62, 0x41, 0x52, 0x52, 0x70, 0x49, 0x4e, 0x79, 0x44, 0x55, + 0x32, 0x38, 0x57, 0x51, 0x61, 0x79, 0x4c, 0x69, 0x6d, 0x48, 0x2f, 0x30, 0x48, 0x57, 0x2b, 0x67, + 0x79, 0x53, 0x38, 0x50, 0x4c, 0x0a, 0x77, 0x66, 0x63, 0x42, 0x76, 0x77, 0x6c, 0x2b, 0x70, 0x30, + 0x6b, 0x6c, 0x71, 0x6b, 0x54, 0x51, 0x59, 0x4c, 0x35, 0x4b, 0x47, 0x67, 0x62, 0x59, 0x5a, 0x4d, + 0x33, 0x2f, 0x59, 0x54, 0x50, 0x65, 0x37, 0x6e, 0x4c, 0x66, 0x73, 0x63, 0x4e, 0x47, 0x42, 0x68, + 0x57, 0x66, 0x64, 0x2f, 0x30, 0x72, 0x46, 0x32, 0x42, 0x33, 0x6d, 0x6f, 0x78, 0x6e, 0x6e, 0x57, + 0x75, 0x55, 0x59, 0x2b, 0x41, 0x59, 0x0a, 0x2b, 0x46, 0x78, 0x63, 0x4f, 0x54, 0x53, 0x62, 0x47, + 0x47, 0x38, 0x64, 0x4d, 0x43, 0x75, 0x57, 0x64, 0x79, 0x59, 0x2f, 0x30, 0x6c, 0x51, 0x4c, 0x43, + 0x76, 0x35, 0x36, 0x5a, 0x41, 0x37, 0x33, 0x35, 0x57, 0x6c, 0x42, 0x70, 0x6c, 0x78, 0x67, 0x67, + 0x51, 0x4b, 0x42, 0x67, 0x51, 0x44, 0x72, 0x61, 0x61, 0x43, 0x6c, 0x46, 0x52, 0x6d, 0x51, 0x51, + 0x57, 0x78, 0x32, 0x6e, 0x4d, 0x7a, 0x79, 0x0a, 0x36, 0x48, 0x56, 0x39, 0x6a, 0x6f, 0x75, 0x30, + 0x57, 0x4d, 0x34, 0x73, 0x2f, 0x6b, 0x30, 0x4e, 0x4d, 0x32, 0x52, 0x6a, 0x6f, 0x63, 0x50, 0x37, + 0x64, 0x55, 0x6f, 0x2b, 0x6f, 0x59, 0x31, 0x6b, 0x39, 0x4b, 0x68, 0x37, 0x51, 0x4b, 0x39, 0x6d, + 0x66, 0x51, 0x37, 0x51, 0x6b, 0x69, 0x58, 0x75, 0x68, 0x57, 0x69, 0x50, 0x47, 0x6e, 0x75, 0x76, + 0x5a, 0x74, 0x47, 0x79, 0x2f, 0x51, 0x49, 0x66, 0x0a, 0x2f, 0x64, 0x73, 0x31, 0x5a, 0x46, 0x37, + 0x59, 0x47, 0x48, 0x78, 0x74, 0x66, 0x4e, 0x56, 0x69, 0x69, 0x30, 0x69, 0x6e, 0x4a, 0x72, 0x46, + 0x64, 0x67, 0x49, 0x78, 0x75, 0x46, 0x6c, 0x53, 0x32, 0x53, 0x39, 0x78, 0x64, 0x44, 0x55, 0x74, + 0x39, 0x57, 0x52, 0x6b, 0x6b, 0x49, 0x42, 0x63, 0x59, 0x36, 0x73, 0x75, 0x42, 0x6e, 0x67, 0x50, + 0x31, 0x30, 0x30, 0x7a, 0x7a, 0x37, 0x57, 0x71, 0x43, 0x0a, 0x4b, 0x68, 0x6d, 0x55, 0x58, 0x31, + 0x7a, 0x6e, 0x78, 0x4f, 0x6d, 0x4a, 0x57, 0x35, 0x38, 0x64, 0x50, 0x6a, 0x56, 0x79, 0x43, 0x5a, + 0x33, 0x46, 0x58, 0x51, 0x4b, 0x42, 0x67, 0x51, 0x44, 0x41, 0x6f, 0x65, 0x46, 0x43, 0x79, 0x4f, + 0x59, 0x48, 0x65, 0x75, 0x58, 0x55, 0x35, 0x77, 0x57, 0x55, 0x34, 0x44, 0x6b, 0x2f, 0x53, 0x4c, + 0x62, 0x6e, 0x39, 0x57, 0x74, 0x6c, 0x4a, 0x51, 0x7a, 0x5a, 0x0a, 0x76, 0x51, 0x55, 0x4d, 0x66, + 0x5a, 0x48, 0x33, 0x36, 0x75, 0x58, 0x67, 0x4e, 0x66, 0x49, 0x74, 0x66, 0x39, 0x59, 0x78, 0x67, + 0x6d, 0x53, 0x64, 0x66, 0x48, 0x4a, 0x79, 0x69, 0x52, 0x68, 0x71, 0x2f, 0x67, 0x4c, 0x39, 0x57, + 0x51, 0x52, 0x31, 0x36, 0x51, 0x45, 0x56, 0x59, 0x44, 0x55, 0x30, 0x49, 0x49, 0x30, 0x73, 0x53, + 0x46, 0x70, 0x6f, 0x52, 0x7a, 0x45, 0x43, 0x72, 0x65, 0x4b, 0x6d, 0x0a, 0x72, 0x6b, 0x6f, 0x45, + 0x6e, 0x59, 0x54, 0x70, 0x6b, 0x6d, 0x59, 0x62, 0x49, 0x56, 0x65, 0x59, 0x66, 0x34, 0x66, 0x2f, + 0x64, 0x62, 0x76, 0x76, 0x38, 0x4f, 0x4d, 0x33, 0x7a, 0x31, 0x36, 0x63, 0x73, 0x7a, 0x2b, 0x32, + 0x79, 0x35, 0x6b, 0x4a, 0x6c, 0x48, 0x71, 0x67, 0x56, 0x2f, 0x48, 0x79, 0x30, 0x66, 0x6e, 0x2f, + 0x49, 0x55, 0x6c, 0x53, 0x77, 0x4e, 0x76, 0x37, 0x2b, 0x33, 0x79, 0x79, 0x0a, 0x47, 0x6e, 0x43, + 0x33, 0x78, 0x48, 0x55, 0x33, 0x49, 0x51, 0x4b, 0x42, 0x67, 0x47, 0x69, 0x69, 0x44, 0x54, 0x58, + 0x79, 0x74, 0x2b, 0x63, 0x48, 0x50, 0x54, 0x64, 0x48, 0x49, 0x45, 0x30, 0x44, 0x42, 0x31, 0x32, + 0x6b, 0x49, 0x76, 0x49, 0x6f, 0x32, 0x70, 0x4c, 0x6a, 0x41, 0x4d, 0x70, 0x53, 0x51, 0x6c, 0x65, + 0x4b, 0x53, 0x66, 0x71, 0x56, 0x4f, 0x6b, 0x65, 0x32, 0x4e, 0x49, 0x74, 0x66, 0x0a, 0x74, 0x78, + 0x62, 0x35, 0x50, 0x44, 0x79, 0x34, 0x62, 0x77, 0x4a, 0x44, 0x51, 0x7a, 0x72, 0x4e, 0x37, 0x78, + 0x68, 0x54, 0x39, 0x41, 0x2b, 0x56, 0x43, 0x72, 0x57, 0x63, 0x67, 0x50, 0x70, 0x4a, 0x4d, 0x63, + 0x70, 0x38, 0x62, 0x79, 0x39, 0x72, 0x53, 0x72, 0x71, 0x37, 0x56, 0x6e, 0x69, 0x7a, 0x59, 0x62, + 0x70, 0x78, 0x6c, 0x7a, 0x6e, 0x77, 0x37, 0x66, 0x6e, 0x73, 0x55, 0x51, 0x43, 0x70, 0x0a, 0x6e, + 0x53, 0x74, 0x36, 0x77, 0x6b, 0x66, 0x58, 0x64, 0x7a, 0x59, 0x34, 0x55, 0x53, 0x76, 0x52, 0x43, + 0x46, 0x7a, 0x33, 0x4a, 0x39, 0x6c, 0x32, 0x62, 0x6d, 0x69, 0x6f, 0x36, 0x4d, 0x4d, 0x73, 0x42, + 0x53, 0x79, 0x4f, 0x61, 0x6c, 0x50, 0x56, 0x6b, 0x4e, 0x74, 0x74, 0x62, 0x72, 0x35, 0x6e, 0x72, + 0x51, 0x65, 0x66, 0x77, 0x4a, 0x45, 0x39, 0x41, 0x6f, 0x47, 0x42, 0x41, 0x4a, 0x34, 0x4f, 0x0a, + 0x74, 0x5a, 0x52, 0x6b, 0x33, 0x30, 0x6e, 0x58, 0x37, 0x32, 0x6c, 0x48, 0x76, 0x65, 0x36, 0x77, + 0x4a, 0x49, 0x6a, 0x6d, 0x6b, 0x78, 0x32, 0x30, 0x34, 0x38, 0x2f, 0x30, 0x48, 0x4a, 0x30, 0x30, + 0x57, 0x55, 0x59, 0x73, 0x61, 0x6d, 0x37, 0x76, 0x30, 0x48, 0x71, 0x75, 0x43, 0x4f, 0x36, 0x49, + 0x62, 0x43, 0x6e, 0x6e, 0x67, 0x63, 0x4d, 0x75, 0x37, 0x34, 0x46, 0x48, 0x4f, 0x44, 0x2f, 0x68, + 0x0a, 0x2b, 0x48, 0x59, 0x45, 0x61, 0x6f, 0x4b, 0x4e, 0x45, 0x78, 0x53, 0x46, 0x41, 0x6d, 0x4b, + 0x70, 0x4b, 0x75, 0x7a, 0x67, 0x32, 0x54, 0x32, 0x69, 0x33, 0x48, 0x59, 0x45, 0x55, 0x32, 0x72, + 0x4d, 0x71, 0x33, 0x4d, 0x71, 0x42, 0x48, 0x72, 0x61, 0x59, 0x75, 0x6c, 0x7a, 0x37, 0x44, 0x6e, + 0x32, 0x75, 0x70, 0x4a, 0x44, 0x2b, 0x6c, 0x63, 0x67, 0x59, 0x6d, 0x2f, 0x53, 0x75, 0x53, 0x44, + 0x2b, 0x0a, 0x65, 0x78, 0x4c, 0x7a, 0x37, 0x37, 0x68, 0x4b, 0x6d, 0x6d, 0x75, 0x69, 0x66, 0x61, + 0x58, 0x74, 0x34, 0x4b, 0x45, 0x55, 0x6f, 0x4f, 0x4e, 0x44, 0x31, 0x37, 0x7a, 0x6b, 0x56, 0x79, + 0x61, 0x55, 0x52, 0x31, 0x53, 0x68, 0x34, 0x45, 0x50, 0x42, 0x41, 0x6f, 0x47, 0x41, 0x57, 0x36, + 0x45, 0x6c, 0x72, 0x44, 0x6f, 0x43, 0x6e, 0x66, 0x4f, 0x4e, 0x78, 0x41, 0x66, 0x58, 0x71, 0x46, + 0x30, 0x38, 0x0a, 0x6f, 0x32, 0x52, 0x30, 0x44, 0x65, 0x7a, 0x4d, 0x55, 0x76, 0x33, 0x73, 0x58, + 0x50, 0x4f, 0x74, 0x73, 0x4e, 0x72, 0x70, 0x65, 0x4d, 0x42, 0x70, 0x2f, 0x46, 0x31, 0x78, 0x6f, + 0x69, 0x6d, 0x2f, 0x34, 0x39, 0x66, 0x6e, 0x36, 0x73, 0x57, 0x47, 0x78, 0x71, 0x58, 0x4e, 0x4f, + 0x56, 0x73, 0x74, 0x45, 0x70, 0x57, 0x4e, 0x71, 0x49, 0x67, 0x76, 0x66, 0x71, 0x4e, 0x37, 0x63, + 0x46, 0x72, 0x71, 0x0a, 0x54, 0x67, 0x30, 0x4d, 0x50, 0x6a, 0x48, 0x4e, 0x61, 0x6d, 0x64, 0x35, + 0x6e, 0x31, 0x63, 0x4c, 0x68, 0x31, 0x39, 0x36, 0x37, 0x5a, 0x6f, 0x70, 0x66, 0x2b, 0x67, 0x5a, + 0x79, 0x2b, 0x4c, 0x59, 0x4e, 0x67, 0x53, 0x46, 0x4d, 0x64, 0x6d, 0x65, 0x39, 0x59, 0x68, 0x43, + 0x57, 0x61, 0x32, 0x39, 0x73, 0x76, 0x4d, 0x65, 0x57, 0x4b, 0x37, 0x79, 0x72, 0x78, 0x53, 0x70, + 0x63, 0x49, 0x63, 0x6a, 0x0a, 0x57, 0x63, 0x79, 0x4f, 0x2f, 0x31, 0x66, 0x33, 0x64, 0x74, 0x52, + 0x66, 0x66, 0x5a, 0x68, 0x76, 0x47, 0x63, 0x2b, 0x75, 0x7a, 0x77, 0x38, 0x3d, 0x0a, 0x2d, 0x2d, + 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, + 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, +}; +UINTN TestRootKey2Size = sizeof (TestRootKey2); + +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 TestRootKey3[] = { + 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, + 0x54, 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0d, 0x0a, 0x4d, 0x49, 0x49, + 0x47, 0x2f, 0x51, 0x49, 0x42, 0x41, 0x44, 0x41, 0x4e, 0x42, 0x67, 0x6b, 0x71, 0x68, 0x6b, 0x69, + 0x47, 0x39, 0x77, 0x30, 0x42, 0x41, 0x51, 0x45, 0x46, 0x41, 0x41, 0x53, 0x43, 0x42, 0x75, 0x63, + 0x77, 0x67, 0x67, 0x62, 0x6a, 0x41, 0x67, 0x45, 0x41, 0x41, 0x6f, 0x49, 0x42, 0x67, 0x51, 0x43, + 0x6c, 0x75, 0x2b, 0x76, 0x48, 0x6f, 0x73, 0x54, 0x52, 0x63, 0x42, 0x4a, 0x56, 0x0d, 0x0a, 0x71, + 0x41, 0x45, 0x71, 0x65, 0x34, 0x2b, 0x65, 0x54, 0x76, 0x56, 0x6d, 0x30, 0x75, 0x43, 0x37, 0x74, + 0x62, 0x39, 0x79, 0x57, 0x59, 0x66, 0x2b, 0x36, 0x6c, 0x6e, 0x75, 0x38, 0x2b, 0x39, 0x2f, 0x56, + 0x59, 0x76, 0x5a, 0x74, 0x51, 0x4b, 0x34, 0x72, 0x68, 0x65, 0x32, 0x4c, 0x77, 0x30, 0x34, 0x6b, + 0x55, 0x72, 0x53, 0x63, 0x57, 0x59, 0x38, 0x47, 0x36, 0x38, 0x71, 0x37, 0x5a, 0x77, 0x57, 0x0d, + 0x0a, 0x53, 0x66, 0x6e, 0x78, 0x39, 0x58, 0x75, 0x6c, 0x56, 0x36, 0x51, 0x2b, 0x4e, 0x52, 0x52, + 0x63, 0x6d, 0x52, 0x6f, 0x46, 0x64, 0x48, 0x38, 0x50, 0x79, 0x6d, 0x4f, 0x74, 0x68, 0x45, 0x38, + 0x33, 0x6c, 0x76, 0x6b, 0x6f, 0x46, 0x58, 0x73, 0x4f, 0x45, 0x33, 0x32, 0x58, 0x39, 0x33, 0x2b, + 0x33, 0x31, 0x6e, 0x35, 0x65, 0x4a, 0x36, 0x56, 0x73, 0x44, 0x75, 0x39, 0x4c, 0x32, 0x4e, 0x67, + 0x31, 0x0d, 0x0a, 0x6e, 0x63, 0x79, 0x47, 0x73, 0x41, 0x34, 0x43, 0x79, 0x68, 0x78, 0x6b, 0x62, + 0x34, 0x4c, 0x56, 0x62, 0x37, 0x57, 0x50, 0x61, 0x39, 0x5a, 0x58, 0x36, 0x35, 0x37, 0x6d, 0x73, + 0x68, 0x30, 0x63, 0x44, 0x65, 0x48, 0x57, 0x73, 0x66, 0x77, 0x37, 0x68, 0x4a, 0x39, 0x37, 0x32, + 0x4e, 0x59, 0x67, 0x49, 0x53, 0x2b, 0x47, 0x72, 0x67, 0x36, 0x67, 0x57, 0x44, 0x65, 0x4f, 0x57, + 0x31, 0x33, 0x75, 0x0d, 0x0a, 0x39, 0x6a, 0x7a, 0x57, 0x76, 0x63, 0x50, 0x69, 0x59, 0x74, 0x48, + 0x6c, 0x44, 0x63, 0x78, 0x58, 0x2f, 0x61, 0x79, 0x6b, 0x63, 0x56, 0x58, 0x30, 0x55, 0x6e, 0x4d, + 0x52, 0x78, 0x45, 0x2b, 0x51, 0x63, 0x6c, 0x67, 0x53, 0x36, 0x79, 0x73, 0x42, 0x61, 0x66, 0x49, + 0x51, 0x65, 0x73, 0x6e, 0x6f, 0x63, 0x7a, 0x4b, 0x61, 0x6d, 0x6f, 0x5a, 0x35, 0x62, 0x41, 0x66, + 0x71, 0x47, 0x71, 0x6d, 0x44, 0x0d, 0x0a, 0x52, 0x70, 0x52, 0x4c, 0x37, 0x6c, 0x4d, 0x45, 0x35, + 0x4b, 0x59, 0x76, 0x55, 0x61, 0x69, 0x7a, 0x52, 0x36, 0x77, 0x6b, 0x74, 0x57, 0x55, 0x46, 0x4e, + 0x36, 0x2f, 0x4e, 0x45, 0x44, 0x64, 0x72, 0x41, 0x2b, 0x33, 0x34, 0x5a, 0x63, 0x67, 0x75, 0x6e, + 0x79, 0x36, 0x46, 0x38, 0x6a, 0x53, 0x31, 0x76, 0x7a, 0x31, 0x44, 0x6e, 0x73, 0x7a, 0x75, 0x39, + 0x33, 0x41, 0x53, 0x35, 0x7a, 0x36, 0x4e, 0x0d, 0x0a, 0x7a, 0x44, 0x78, 0x72, 0x4e, 0x35, 0x58, + 0x67, 0x41, 0x6f, 0x67, 0x6e, 0x68, 0x59, 0x72, 0x64, 0x45, 0x6e, 0x45, 0x4f, 0x62, 0x4a, 0x68, + 0x59, 0x32, 0x67, 0x68, 0x74, 0x37, 0x67, 0x51, 0x43, 0x6d, 0x47, 0x4c, 0x39, 0x38, 0x54, 0x4e, + 0x34, 0x4c, 0x59, 0x38, 0x49, 0x31, 0x79, 0x6d, 0x70, 0x6a, 0x64, 0x51, 0x52, 0x74, 0x79, 0x53, + 0x7a, 0x39, 0x48, 0x69, 0x77, 0x69, 0x30, 0x36, 0x39, 0x0d, 0x0a, 0x57, 0x77, 0x53, 0x54, 0x47, + 0x33, 0x59, 0x71, 0x74, 0x73, 0x31, 0x6c, 0x47, 0x75, 0x42, 0x55, 0x63, 0x77, 0x71, 0x75, 0x44, + 0x2f, 0x72, 0x32, 0x6b, 0x54, 0x6a, 0x36, 0x4a, 0x66, 0x38, 0x72, 0x30, 0x74, 0x71, 0x58, 0x4e, + 0x6d, 0x51, 0x79, 0x6e, 0x32, 0x77, 0x6c, 0x5a, 0x70, 0x7a, 0x6d, 0x6a, 0x4d, 0x52, 0x74, 0x2b, + 0x5a, 0x32, 0x2b, 0x4a, 0x6e, 0x7a, 0x50, 0x72, 0x45, 0x7a, 0x39, 0x0d, 0x0a, 0x68, 0x75, 0x52, + 0x34, 0x65, 0x52, 0x38, 0x58, 0x63, 0x79, 0x56, 0x66, 0x4b, 0x35, 0x34, 0x37, 0x2f, 0x50, 0x59, + 0x57, 0x53, 0x67, 0x63, 0x79, 0x62, 0x2b, 0x4a, 0x55, 0x6e, 0x4c, 0x77, 0x30, 0x4d, 0x4e, 0x55, + 0x68, 0x69, 0x37, 0x41, 0x47, 0x53, 0x75, 0x58, 0x39, 0x78, 0x65, 0x62, 0x4d, 0x78, 0x75, 0x73, + 0x43, 0x41, 0x77, 0x45, 0x41, 0x41, 0x51, 0x4b, 0x43, 0x41, 0x59, 0x41, 0x75, 0x0d, 0x0a, 0x45, + 0x4e, 0x57, 0x77, 0x58, 0x36, 0x57, 0x6c, 0x4d, 0x53, 0x6c, 0x6e, 0x64, 0x5a, 0x4d, 0x64, 0x59, + 0x38, 0x71, 0x2f, 0x6a, 0x65, 0x4c, 0x58, 0x2b, 0x62, 0x56, 0x4e, 0x64, 0x32, 0x38, 0x48, 0x4d, + 0x61, 0x75, 0x44, 0x52, 0x31, 0x42, 0x49, 0x41, 0x72, 0x57, 0x48, 0x42, 0x78, 0x67, 0x67, 0x49, + 0x78, 0x66, 0x6d, 0x6a, 0x54, 0x30, 0x35, 0x2f, 0x6b, 0x6f, 0x47, 0x64, 0x78, 0x76, 0x38, 0x0d, + 0x0a, 0x38, 0x6c, 0x67, 0x67, 0x54, 0x50, 0x47, 0x62, 0x56, 0x51, 0x41, 0x56, 0x6b, 0x65, 0x70, + 0x50, 0x50, 0x70, 0x52, 0x6e, 0x6d, 0x4c, 0x79, 0x6d, 0x4c, 0x63, 0x72, 0x44, 0x45, 0x69, 0x73, + 0x52, 0x61, 0x52, 0x67, 0x49, 0x49, 0x35, 0x45, 0x68, 0x49, 0x61, 0x32, 0x44, 0x48, 0x67, 0x75, + 0x54, 0x41, 0x4b, 0x56, 0x37, 0x66, 0x42, 0x39, 0x6b, 0x70, 0x66, 0x35, 0x78, 0x38, 0x73, 0x53, + 0x64, 0x0d, 0x0a, 0x46, 0x78, 0x66, 0x37, 0x75, 0x51, 0x72, 0x36, 0x59, 0x67, 0x4e, 0x32, 0x6f, + 0x36, 0x32, 0x39, 0x6f, 0x69, 0x48, 0x43, 0x31, 0x4c, 0x71, 0x66, 0x6a, 0x2f, 0x38, 0x6c, 0x70, + 0x43, 0x38, 0x71, 0x39, 0x69, 0x5a, 0x56, 0x75, 0x63, 0x41, 0x70, 0x44, 0x30, 0x6a, 0x59, 0x43, + 0x32, 0x50, 0x43, 0x63, 0x53, 0x5a, 0x53, 0x78, 0x4d, 0x49, 0x76, 0x67, 0x6b, 0x33, 0x43, 0x45, + 0x48, 0x64, 0x4e, 0x0d, 0x0a, 0x55, 0x41, 0x50, 0x77, 0x76, 0x5a, 0x52, 0x7a, 0x6c, 0x53, 0x47, + 0x2b, 0x30, 0x65, 0x4b, 0x48, 0x4c, 0x61, 0x66, 0x4d, 0x76, 0x50, 0x72, 0x71, 0x56, 0x37, 0x4e, + 0x38, 0x6f, 0x5a, 0x33, 0x69, 0x39, 0x7a, 0x32, 0x55, 0x38, 0x33, 0x58, 0x59, 0x63, 0x6d, 0x42, + 0x4c, 0x48, 0x66, 0x30, 0x74, 0x42, 0x51, 0x43, 0x6e, 0x47, 0x2f, 0x4f, 0x55, 0x63, 0x51, 0x79, + 0x39, 0x39, 0x34, 0x61, 0x65, 0x0d, 0x0a, 0x69, 0x58, 0x65, 0x37, 0x4a, 0x74, 0x4c, 0x56, 0x36, + 0x67, 0x52, 0x4f, 0x54, 0x66, 0x6c, 0x2b, 0x2f, 0x53, 0x2b, 0x30, 0x71, 0x44, 0x30, 0x6a, 0x62, + 0x39, 0x6a, 0x73, 0x62, 0x6f, 0x59, 0x4d, 0x35, 0x74, 0x35, 0x47, 0x57, 0x61, 0x71, 0x6f, 0x2b, + 0x58, 0x76, 0x59, 0x46, 0x41, 0x36, 0x7a, 0x41, 0x5a, 0x32, 0x6b, 0x43, 0x43, 0x6d, 0x78, 0x50, + 0x36, 0x61, 0x38, 0x4e, 0x41, 0x54, 0x54, 0x0d, 0x0a, 0x55, 0x7a, 0x37, 0x37, 0x73, 0x4b, 0x70, + 0x68, 0x39, 0x38, 0x32, 0x46, 0x47, 0x6f, 0x2b, 0x59, 0x42, 0x52, 0x68, 0x79, 0x6c, 0x58, 0x77, + 0x70, 0x44, 0x34, 0x72, 0x45, 0x67, 0x58, 0x6d, 0x79, 0x4f, 0x36, 0x4c, 0x44, 0x65, 0x38, 0x75, + 0x33, 0x58, 0x4b, 0x35, 0x51, 0x37, 0x33, 0x42, 0x69, 0x32, 0x53, 0x39, 0x72, 0x4e, 0x6b, 0x72, + 0x69, 0x65, 0x4a, 0x5a, 0x67, 0x56, 0x64, 0x69, 0x74, 0x0d, 0x0a, 0x70, 0x6c, 0x36, 0x33, 0x5a, + 0x41, 0x74, 0x66, 0x78, 0x49, 0x50, 0x73, 0x53, 0x65, 0x43, 0x61, 0x33, 0x37, 0x59, 0x76, 0x51, + 0x4a, 0x61, 0x4e, 0x2b, 0x7a, 0x53, 0x2f, 0x4c, 0x66, 0x37, 0x6e, 0x78, 0x57, 0x69, 0x2b, 0x62, + 0x4a, 0x64, 0x75, 0x36, 0x38, 0x77, 0x76, 0x36, 0x76, 0x59, 0x41, 0x34, 0x53, 0x69, 0x73, 0x6f, + 0x76, 0x66, 0x6f, 0x76, 0x65, 0x62, 0x38, 0x44, 0x34, 0x53, 0x52, 0x0d, 0x0a, 0x4d, 0x67, 0x61, + 0x45, 0x58, 0x2b, 0x4d, 0x4f, 0x43, 0x68, 0x49, 0x37, 0x62, 0x6e, 0x44, 0x50, 0x64, 0x58, 0x54, + 0x35, 0x4c, 0x65, 0x4c, 0x78, 0x75, 0x6a, 0x55, 0x33, 0x77, 0x37, 0x4f, 0x57, 0x56, 0x53, 0x79, + 0x35, 0x30, 0x42, 0x74, 0x6b, 0x6f, 0x35, 0x79, 0x42, 0x70, 0x7a, 0x33, 0x49, 0x78, 0x4f, 0x47, + 0x6a, 0x68, 0x6f, 0x4d, 0x75, 0x6b, 0x61, 0x53, 0x73, 0x72, 0x51, 0x45, 0x43, 0x0d, 0x0a, 0x67, + 0x63, 0x45, 0x41, 0x32, 0x77, 0x68, 0x49, 0x5a, 0x58, 0x65, 0x73, 0x49, 0x30, 0x70, 0x78, 0x69, + 0x7a, 0x5a, 0x5a, 0x50, 0x31, 0x45, 0x34, 0x6a, 0x57, 0x59, 0x51, 0x73, 0x42, 0x4e, 0x58, 0x67, + 0x66, 0x6b, 0x35, 0x73, 0x4a, 0x52, 0x68, 0x4f, 0x4e, 0x7a, 0x42, 0x33, 0x41, 0x36, 0x45, 0x41, + 0x46, 0x4c, 0x55, 0x53, 0x37, 0x53, 0x6f, 0x6f, 0x52, 0x38, 0x6d, 0x67, 0x73, 0x6f, 0x43, 0x0d, + 0x0a, 0x4a, 0x54, 0x72, 0x45, 0x64, 0x30, 0x57, 0x42, 0x66, 0x74, 0x43, 0x66, 0x6e, 0x57, 0x42, + 0x56, 0x6a, 0x4f, 0x45, 0x68, 0x6c, 0x76, 0x45, 0x6a, 0x52, 0x35, 0x65, 0x75, 0x6f, 0x66, 0x4b, + 0x55, 0x6d, 0x76, 0x39, 0x70, 0x4e, 0x65, 0x4d, 0x5a, 0x33, 0x2f, 0x74, 0x73, 0x31, 0x68, 0x33, + 0x44, 0x68, 0x66, 0x73, 0x65, 0x7a, 0x61, 0x6a, 0x50, 0x31, 0x6f, 0x4e, 0x46, 0x37, 0x47, 0x4b, + 0x4b, 0x0d, 0x0a, 0x43, 0x34, 0x4a, 0x76, 0x32, 0x79, 0x32, 0x4e, 0x35, 0x6d, 0x4b, 0x43, 0x61, + 0x4f, 0x51, 0x6b, 0x54, 0x32, 0x65, 0x33, 0x72, 0x47, 0x42, 0x37, 0x6e, 0x66, 0x74, 0x35, 0x70, + 0x63, 0x6a, 0x51, 0x57, 0x50, 0x47, 0x78, 0x78, 0x6f, 0x6d, 0x32, 0x45, 0x31, 0x72, 0x4e, 0x50, + 0x38, 0x45, 0x34, 0x67, 0x2f, 0x44, 0x2f, 0x54, 0x49, 0x6a, 0x65, 0x52, 0x5a, 0x37, 0x2f, 0x35, + 0x76, 0x39, 0x63, 0x0d, 0x0a, 0x4c, 0x51, 0x39, 0x2f, 0x2b, 0x6d, 0x6d, 0x30, 0x32, 0x70, 0x52, + 0x6b, 0x59, 0x48, 0x7a, 0x76, 0x7a, 0x34, 0x67, 0x67, 0x4c, 0x50, 0x32, 0x32, 0x72, 0x35, 0x58, + 0x62, 0x77, 0x54, 0x69, 0x36, 0x6e, 0x38, 0x39, 0x63, 0x46, 0x76, 0x4a, 0x6f, 0x66, 0x72, 0x59, + 0x35, 0x63, 0x5a, 0x61, 0x73, 0x45, 0x2b, 0x70, 0x63, 0x4d, 0x72, 0x6f, 0x51, 0x67, 0x6e, 0x48, + 0x2b, 0x61, 0x63, 0x4e, 0x74, 0x0d, 0x0a, 0x4c, 0x48, 0x6e, 0x52, 0x41, 0x6f, 0x48, 0x42, 0x41, + 0x4d, 0x47, 0x30, 0x79, 0x45, 0x7a, 0x64, 0x48, 0x54, 0x4d, 0x67, 0x57, 0x56, 0x73, 0x55, 0x75, + 0x77, 0x6b, 0x6c, 0x6e, 0x43, 0x37, 0x36, 0x6b, 0x55, 0x6b, 0x59, 0x58, 0x67, 0x2f, 0x50, 0x65, + 0x76, 0x4d, 0x33, 0x64, 0x4c, 0x63, 0x34, 0x4c, 0x4d, 0x42, 0x39, 0x33, 0x65, 0x53, 0x51, 0x32, + 0x62, 0x64, 0x42, 0x65, 0x50, 0x64, 0x77, 0x0d, 0x0a, 0x55, 0x73, 0x48, 0x74, 0x39, 0x61, 0x2b, + 0x37, 0x34, 0x6e, 0x32, 0x4a, 0x43, 0x31, 0x35, 0x6b, 0x6b, 0x4a, 0x41, 0x48, 0x69, 0x53, 0x55, + 0x37, 0x55, 0x42, 0x57, 0x48, 0x77, 0x78, 0x6c, 0x4b, 0x4a, 0x6f, 0x35, 0x4b, 0x6e, 0x64, 0x55, + 0x53, 0x52, 0x4e, 0x65, 0x73, 0x31, 0x72, 0x32, 0x79, 0x4e, 0x62, 0x41, 0x30, 0x64, 0x56, 0x79, + 0x61, 0x6a, 0x4b, 0x78, 0x45, 0x2f, 0x41, 0x58, 0x66, 0x0d, 0x0a, 0x43, 0x70, 0x63, 0x51, 0x2f, + 0x2f, 0x53, 0x71, 0x36, 0x64, 0x64, 0x76, 0x71, 0x30, 0x76, 0x6d, 0x73, 0x63, 0x48, 0x64, 0x54, + 0x66, 0x49, 0x56, 0x76, 0x30, 0x6c, 0x77, 0x4d, 0x75, 0x51, 0x62, 0x4a, 0x61, 0x76, 0x31, 0x52, + 0x54, 0x31, 0x32, 0x57, 0x79, 0x38, 0x78, 0x66, 0x5a, 0x77, 0x78, 0x39, 0x43, 0x72, 0x47, 0x34, + 0x65, 0x78, 0x35, 0x78, 0x75, 0x4e, 0x65, 0x49, 0x47, 0x38, 0x48, 0x0d, 0x0a, 0x78, 0x33, 0x76, + 0x52, 0x38, 0x35, 0x49, 0x70, 0x44, 0x4b, 0x31, 0x43, 0x41, 0x43, 0x38, 0x6c, 0x4b, 0x50, 0x32, + 0x50, 0x58, 0x38, 0x7a, 0x31, 0x74, 0x6e, 0x37, 0x69, 0x35, 0x47, 0x38, 0x46, 0x42, 0x34, 0x4f, + 0x75, 0x4e, 0x63, 0x53, 0x47, 0x37, 0x32, 0x6f, 0x6a, 0x68, 0x63, 0x48, 0x53, 0x78, 0x55, 0x4f, + 0x35, 0x37, 0x73, 0x58, 0x78, 0x51, 0x6d, 0x65, 0x6b, 0x5a, 0x4a, 0x6a, 0x42, 0x0d, 0x0a, 0x77, + 0x7a, 0x45, 0x36, 0x77, 0x5a, 0x71, 0x6e, 0x2b, 0x77, 0x4b, 0x42, 0x77, 0x51, 0x43, 0x42, 0x56, + 0x56, 0x43, 0x36, 0x61, 0x59, 0x48, 0x42, 0x6a, 0x50, 0x47, 0x69, 0x7a, 0x45, 0x4c, 0x43, 0x75, + 0x6f, 0x6a, 0x30, 0x4a, 0x58, 0x4a, 0x78, 0x4a, 0x64, 0x71, 0x6b, 0x4b, 0x71, 0x2b, 0x2f, 0x37, + 0x72, 0x33, 0x42, 0x76, 0x38, 0x6a, 0x51, 0x30, 0x64, 0x6c, 0x72, 0x2f, 0x33, 0x7a, 0x50, 0x0d, + 0x0a, 0x2f, 0x79, 0x73, 0x62, 0x69, 0x4c, 0x4e, 0x4b, 0x77, 0x31, 0x47, 0x6b, 0x2f, 0x69, 0x43, + 0x49, 0x64, 0x51, 0x68, 0x55, 0x41, 0x34, 0x68, 0x63, 0x65, 0x30, 0x66, 0x49, 0x32, 0x68, 0x37, + 0x6c, 0x62, 0x42, 0x6e, 0x79, 0x36, 0x6b, 0x50, 0x35, 0x36, 0x4b, 0x32, 0x4c, 0x49, 0x49, 0x6e, + 0x56, 0x67, 0x66, 0x59, 0x44, 0x5a, 0x67, 0x6b, 0x4d, 0x48, 0x61, 0x4d, 0x59, 0x65, 0x41, 0x48, + 0x6d, 0x0d, 0x0a, 0x57, 0x6d, 0x6e, 0x76, 0x4e, 0x72, 0x43, 0x52, 0x4e, 0x6c, 0x5a, 0x68, 0x47, + 0x58, 0x4a, 0x48, 0x4c, 0x34, 0x7a, 0x38, 0x6e, 0x75, 0x70, 0x32, 0x57, 0x56, 0x42, 0x2f, 0x65, + 0x72, 0x54, 0x67, 0x47, 0x6c, 0x43, 0x6b, 0x4a, 0x70, 0x76, 0x63, 0x49, 0x73, 0x6d, 0x7a, 0x32, + 0x33, 0x4f, 0x6e, 0x30, 0x69, 0x55, 0x72, 0x4a, 0x4a, 0x44, 0x52, 0x74, 0x70, 0x78, 0x53, 0x66, + 0x48, 0x6d, 0x6a, 0x0d, 0x0a, 0x6a, 0x61, 0x59, 0x42, 0x34, 0x6a, 0x4d, 0x6c, 0x43, 0x57, 0x41, + 0x36, 0x55, 0x30, 0x36, 0x30, 0x5a, 0x4c, 0x71, 0x66, 0x33, 0x73, 0x4f, 0x75, 0x6e, 0x64, 0x64, + 0x55, 0x36, 0x67, 0x4a, 0x6c, 0x7a, 0x71, 0x4b, 0x53, 0x35, 0x36, 0x42, 0x4e, 0x5a, 0x64, 0x76, + 0x39, 0x42, 0x59, 0x70, 0x52, 0x47, 0x6d, 0x35, 0x4e, 0x63, 0x2f, 0x68, 0x54, 0x64, 0x43, 0x37, + 0x44, 0x79, 0x37, 0x30, 0x4a, 0x0d, 0x0a, 0x54, 0x77, 0x6a, 0x30, 0x6e, 0x61, 0x38, 0x6d, 0x63, + 0x48, 0x6b, 0x45, 0x72, 0x43, 0x45, 0x43, 0x67, 0x63, 0x41, 0x35, 0x58, 0x32, 0x56, 0x51, 0x4e, + 0x74, 0x47, 0x57, 0x4f, 0x67, 0x65, 0x64, 0x54, 0x59, 0x65, 0x55, 0x54, 0x76, 0x70, 0x79, 0x67, + 0x36, 0x36, 0x53, 0x65, 0x74, 0x41, 0x70, 0x57, 0x4b, 0x65, 0x75, 0x38, 0x41, 0x62, 0x32, 0x32, + 0x59, 0x47, 0x50, 0x78, 0x66, 0x66, 0x35, 0x0d, 0x0a, 0x34, 0x64, 0x6c, 0x4b, 0x53, 0x4f, 0x38, + 0x65, 0x51, 0x72, 0x75, 0x51, 0x53, 0x76, 0x33, 0x51, 0x2f, 0x68, 0x49, 0x34, 0x59, 0x6d, 0x58, + 0x6d, 0x6f, 0x46, 0x79, 0x63, 0x2f, 0x45, 0x35, 0x6e, 0x6f, 0x36, 0x69, 0x31, 0x70, 0x38, 0x39, + 0x6d, 0x5a, 0x79, 0x73, 0x43, 0x54, 0x43, 0x46, 0x78, 0x59, 0x59, 0x62, 0x59, 0x5a, 0x6f, 0x33, + 0x34, 0x41, 0x35, 0x65, 0x5a, 0x53, 0x41, 0x42, 0x57, 0x0d, 0x0a, 0x33, 0x45, 0x4f, 0x38, 0x4a, + 0x6e, 0x61, 0x4b, 0x2b, 0x71, 0x50, 0x31, 0x57, 0x49, 0x69, 0x6e, 0x48, 0x42, 0x52, 0x45, 0x78, + 0x67, 0x4e, 0x7a, 0x61, 0x4c, 0x48, 0x50, 0x6e, 0x4d, 0x2b, 0x67, 0x57, 0x30, 0x61, 0x62, 0x35, + 0x73, 0x70, 0x37, 0x2b, 0x33, 0x70, 0x74, 0x38, 0x79, 0x68, 0x39, 0x36, 0x74, 0x64, 0x5a, 0x4a, + 0x41, 0x78, 0x7a, 0x50, 0x65, 0x78, 0x32, 0x32, 0x77, 0x39, 0x42, 0x0d, 0x0a, 0x62, 0x6c, 0x51, + 0x31, 0x4e, 0x63, 0x54, 0x66, 0x66, 0x65, 0x74, 0x63, 0x78, 0x6a, 0x4f, 0x68, 0x58, 0x39, 0x30, + 0x73, 0x56, 0x2f, 0x63, 0x62, 0x2f, 0x36, 0x4b, 0x6a, 0x62, 0x31, 0x72, 0x4e, 0x70, 0x78, 0x31, + 0x56, 0x65, 0x62, 0x68, 0x31, 0x46, 0x59, 0x56, 0x44, 0x51, 0x45, 0x38, 0x57, 0x6c, 0x57, 0x7a, + 0x47, 0x41, 0x42, 0x31, 0x32, 0x36, 0x67, 0x6d, 0x5a, 0x5a, 0x4c, 0x48, 0x50, 0x0d, 0x0a, 0x47, + 0x51, 0x55, 0x31, 0x45, 0x32, 0x44, 0x6b, 0x53, 0x63, 0x65, 0x5a, 0x68, 0x6a, 0x43, 0x66, 0x73, + 0x51, 0x38, 0x43, 0x67, 0x63, 0x42, 0x76, 0x57, 0x5a, 0x4c, 0x34, 0x59, 0x67, 0x58, 0x5a, 0x50, + 0x4a, 0x66, 0x48, 0x55, 0x4e, 0x56, 0x76, 0x59, 0x58, 0x59, 0x2f, 0x52, 0x79, 0x71, 0x74, 0x56, + 0x51, 0x73, 0x6f, 0x42, 0x66, 0x4d, 0x6f, 0x39, 0x48, 0x36, 0x6f, 0x6c, 0x5a, 0x6e, 0x64, 0x0d, + 0x0a, 0x55, 0x74, 0x57, 0x4f, 0x6e, 0x6e, 0x53, 0x30, 0x45, 0x42, 0x7a, 0x79, 0x43, 0x4d, 0x4f, + 0x67, 0x65, 0x4d, 0x70, 0x4d, 0x44, 0x64, 0x36, 0x72, 0x76, 0x38, 0x4f, 0x5a, 0x4f, 0x6a, 0x70, + 0x52, 0x54, 0x41, 0x4b, 0x6e, 0x68, 0x54, 0x46, 0x4d, 0x74, 0x39, 0x65, 0x4b, 0x71, 0x52, 0x6e, + 0x4e, 0x35, 0x33, 0x52, 0x46, 0x49, 0x66, 0x39, 0x75, 0x2f, 0x63, 0x36, 0x36, 0x32, 0x6d, 0x67, + 0x4e, 0x0d, 0x0a, 0x50, 0x64, 0x73, 0x48, 0x79, 0x55, 0x37, 0x67, 0x58, 0x59, 0x61, 0x58, 0x79, + 0x52, 0x38, 0x41, 0x53, 0x76, 0x69, 0x78, 0x48, 0x69, 0x74, 0x4c, 0x6c, 0x6a, 0x72, 0x65, 0x77, + 0x49, 0x70, 0x42, 0x44, 0x77, 0x6f, 0x41, 0x4b, 0x66, 0x38, 0x31, 0x41, 0x35, 0x37, 0x2b, 0x6b, + 0x49, 0x68, 0x4f, 0x4f, 0x72, 0x65, 0x4c, 0x4d, 0x64, 0x56, 0x34, 0x74, 0x48, 0x55, 0x71, 0x6e, + 0x4c, 0x2f, 0x31, 0x0d, 0x0a, 0x63, 0x69, 0x45, 0x6f, 0x30, 0x6c, 0x50, 0x51, 0x51, 0x73, 0x52, + 0x57, 0x4a, 0x38, 0x56, 0x6d, 0x34, 0x7a, 0x38, 0x6f, 0x6c, 0x4f, 0x2f, 0x2b, 0x71, 0x78, 0x71, + 0x78, 0x53, 0x67, 0x49, 0x77, 0x54, 0x34, 0x39, 0x6e, 0x34, 0x6f, 0x36, 0x79, 0x51, 0x72, 0x2f, + 0x64, 0x6a, 0x59, 0x4c, 0x4d, 0x4c, 0x30, 0x61, 0x37, 0x36, 0x66, 0x78, 0x63, 0x4f, 0x48, 0x4f, + 0x52, 0x2b, 0x35, 0x43, 0x6d, 0x0d, 0x0a, 0x35, 0x37, 0x45, 0x45, 0x74, 0x4d, 0x2b, 0x43, 0x41, + 0x63, 0x71, 0x52, 0x74, 0x35, 0x51, 0x5a, 0x51, 0x57, 0x49, 0x67, 0x6d, 0x35, 0x77, 0x3d, 0x0d, + 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, + 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0d, 0x0a, +}; +UINTN TestRootKey3Size = sizeof (TestRootKey3); + +GLOBAL_REMOVE_IF_UNREFERENCED UINT8 TestRootKey4[] = { + 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, + 0x54, 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0d, 0x0a, 0x4d, 0x49, 0x49, + 0x4a, 0x51, 0x77, 0x49, 0x42, 0x41, 0x44, 0x41, 0x4e, 0x42, 0x67, 0x6b, 0x71, 0x68, 0x6b, 0x69, + 0x47, 0x39, 0x77, 0x30, 0x42, 0x41, 0x51, 0x45, 0x46, 0x41, 0x41, 0x53, 0x43, 0x43, 0x53, 0x30, + 0x77, 0x67, 0x67, 0x6b, 0x70, 0x41, 0x67, 0x45, 0x41, 0x41, 0x6f, 0x49, 0x43, 0x41, 0x51, 0x44, + 0x55, 0x76, 0x52, 0x41, 0x4b, 0x49, 0x69, 0x4e, 0x45, 0x54, 0x6d, 0x77, 0x74, 0x0d, 0x0a, 0x79, + 0x69, 0x4f, 0x76, 0x6c, 0x49, 0x57, 0x54, 0x75, 0x72, 0x2f, 0x4f, 0x56, 0x72, 0x58, 0x4e, 0x4e, + 0x42, 0x2f, 0x41, 0x66, 0x4c, 0x46, 0x43, 0x53, 0x7a, 0x74, 0x4d, 0x37, 0x54, 0x42, 0x44, 0x36, + 0x67, 0x45, 0x51, 0x72, 0x50, 0x70, 0x65, 0x2b, 0x77, 0x2f, 0x31, 0x71, 0x56, 0x44, 0x65, 0x6f, + 0x78, 0x4d, 0x72, 0x72, 0x44, 0x6c, 0x30, 0x77, 0x47, 0x79, 0x4c, 0x4c, 0x6c, 0x4c, 0x68, 0x0d, + 0x0a, 0x6d, 0x2f, 0x66, 0x6b, 0x31, 0x65, 0x59, 0x64, 0x6e, 0x62, 0x2f, 0x39, 0x58, 0x2b, 0x70, + 0x6f, 0x42, 0x57, 0x4b, 0x37, 0x67, 0x56, 0x49, 0x6a, 0x65, 0x66, 0x56, 0x62, 0x51, 0x2f, 0x7a, + 0x36, 0x48, 0x50, 0x43, 0x62, 0x38, 0x42, 0x72, 0x6b, 0x6c, 0x64, 0x65, 0x76, 0x6f, 0x2b, 0x66, + 0x6d, 0x5a, 0x44, 0x48, 0x64, 0x79, 0x53, 0x7a, 0x58, 0x47, 0x61, 0x72, 0x5a, 0x64, 0x63, 0x6c, + 0x70, 0x0d, 0x0a, 0x7a, 0x68, 0x57, 0x30, 0x6a, 0x7a, 0x76, 0x4e, 0x73, 0x66, 0x6b, 0x34, 0x58, + 0x41, 0x64, 0x79, 0x44, 0x7a, 0x69, 0x77, 0x52, 0x4b, 0x75, 0x6c, 0x43, 0x78, 0x4b, 0x79, 0x65, + 0x68, 0x6d, 0x76, 0x76, 0x42, 0x2b, 0x71, 0x34, 0x4c, 0x59, 0x69, 0x4b, 0x78, 0x7a, 0x50, 0x53, + 0x4b, 0x7a, 0x31, 0x51, 0x37, 0x6a, 0x36, 0x49, 0x66, 0x51, 0x56, 0x4d, 0x53, 0x72, 0x62, 0x49, + 0x7a, 0x33, 0x2b, 0x0d, 0x0a, 0x68, 0x7a, 0x5a, 0x44, 0x6f, 0x38, 0x47, 0x48, 0x32, 0x7a, 0x2f, + 0x65, 0x44, 0x68, 0x62, 0x76, 0x78, 0x4a, 0x62, 0x79, 0x35, 0x74, 0x78, 0x69, 0x73, 0x58, 0x33, + 0x72, 0x6a, 0x72, 0x30, 0x6c, 0x59, 0x34, 0x36, 0x36, 0x66, 0x63, 0x6a, 0x61, 0x4d, 0x65, 0x50, + 0x71, 0x56, 0x31, 0x49, 0x6f, 0x72, 0x6a, 0x63, 0x34, 0x51, 0x63, 0x74, 0x65, 0x4c, 0x54, 0x7a, + 0x4d, 0x6a, 0x66, 0x7a, 0x45, 0x0d, 0x0a, 0x58, 0x75, 0x50, 0x51, 0x6a, 0x53, 0x37, 0x74, 0x62, + 0x76, 0x36, 0x65, 0x75, 0x66, 0x4d, 0x6e, 0x33, 0x67, 0x64, 0x34, 0x37, 0x41, 0x44, 0x39, 0x35, + 0x48, 0x41, 0x4a, 0x73, 0x71, 0x48, 0x46, 0x36, 0x6b, 0x6a, 0x67, 0x75, 0x6b, 0x35, 0x2f, 0x64, + 0x65, 0x54, 0x66, 0x62, 0x36, 0x49, 0x6d, 0x73, 0x32, 0x61, 0x63, 0x4d, 0x64, 0x61, 0x7a, 0x34, + 0x76, 0x47, 0x44, 0x6b, 0x44, 0x64, 0x67, 0x0d, 0x0a, 0x33, 0x75, 0x56, 0x46, 0x45, 0x4a, 0x53, + 0x6b, 0x30, 0x6d, 0x69, 0x76, 0x65, 0x77, 0x39, 0x55, 0x46, 0x33, 0x59, 0x78, 0x45, 0x5a, 0x52, + 0x46, 0x59, 0x35, 0x68, 0x76, 0x2b, 0x46, 0x75, 0x33, 0x42, 0x45, 0x41, 0x4e, 0x32, 0x31, 0x48, + 0x58, 0x38, 0x44, 0x78, 0x4b, 0x59, 0x34, 0x6a, 0x66, 0x72, 0x31, 0x6a, 0x4b, 0x4f, 0x30, 0x34, + 0x61, 0x58, 0x4d, 0x76, 0x50, 0x62, 0x61, 0x41, 0x46, 0x0d, 0x0a, 0x49, 0x61, 0x5a, 0x51, 0x51, + 0x50, 0x76, 0x56, 0x34, 0x71, 0x59, 0x36, 0x2f, 0x50, 0x64, 0x69, 0x51, 0x6f, 0x61, 0x63, 0x4d, + 0x57, 0x54, 0x68, 0x66, 0x64, 0x38, 0x66, 0x39, 0x4c, 0x34, 0x42, 0x50, 0x6c, 0x54, 0x67, 0x53, + 0x2b, 0x4b, 0x42, 0x6e, 0x39, 0x4b, 0x34, 0x4f, 0x6d, 0x64, 0x66, 0x7a, 0x6f, 0x66, 0x53, 0x41, + 0x61, 0x55, 0x6c, 0x48, 0x38, 0x76, 0x53, 0x6a, 0x4d, 0x61, 0x37, 0x0d, 0x0a, 0x76, 0x63, 0x76, + 0x69, 0x49, 0x47, 0x49, 0x50, 0x78, 0x63, 0x48, 0x30, 0x43, 0x70, 0x44, 0x4e, 0x4a, 0x38, 0x4e, + 0x51, 0x63, 0x61, 0x4a, 0x2b, 0x32, 0x6e, 0x30, 0x30, 0x32, 0x2f, 0x2b, 0x44, 0x69, 0x38, 0x6f, + 0x55, 0x4a, 0x63, 0x67, 0x42, 0x34, 0x51, 0x38, 0x43, 0x6e, 0x31, 0x68, 0x62, 0x31, 0x51, 0x4c, + 0x45, 0x30, 0x65, 0x76, 0x6e, 0x43, 0x49, 0x35, 0x64, 0x5a, 0x36, 0x47, 0x37, 0x0d, 0x0a, 0x36, + 0x43, 0x31, 0x61, 0x2f, 0x63, 0x4f, 0x78, 0x4e, 0x4a, 0x5a, 0x6d, 0x50, 0x57, 0x4b, 0x38, 0x55, + 0x64, 0x79, 0x65, 0x6b, 0x33, 0x47, 0x4a, 0x54, 0x63, 0x48, 0x72, 0x31, 0x48, 0x4c, 0x47, 0x5a, + 0x45, 0x49, 0x32, 0x32, 0x4b, 0x37, 0x79, 0x64, 0x39, 0x39, 0x46, 0x45, 0x54, 0x72, 0x48, 0x53, + 0x32, 0x6b, 0x6b, 0x77, 0x67, 0x71, 0x58, 0x4e, 0x4d, 0x73, 0x64, 0x63, 0x47, 0x4f, 0x6f, 0x0d, + 0x0a, 0x57, 0x50, 0x6c, 0x79, 0x55, 0x4e, 0x48, 0x55, 0x57, 0x50, 0x56, 0x56, 0x78, 0x48, 0x59, + 0x51, 0x79, 0x57, 0x50, 0x6c, 0x4e, 0x79, 0x6e, 0x71, 0x79, 0x2b, 0x2b, 0x6c, 0x67, 0x64, 0x31, + 0x34, 0x6c, 0x51, 0x66, 0x55, 0x71, 0x39, 0x68, 0x4a, 0x47, 0x6d, 0x69, 0x49, 0x63, 0x33, 0x30, + 0x51, 0x59, 0x6d, 0x7a, 0x75, 0x59, 0x4e, 0x56, 0x46, 0x64, 0x64, 0x6c, 0x52, 0x33, 0x76, 0x62, + 0x56, 0x0d, 0x0a, 0x70, 0x55, 0x34, 0x30, 0x61, 0x42, 0x50, 0x77, 0x33, 0x2f, 0x39, 0x53, 0x51, + 0x57, 0x45, 0x69, 0x55, 0x37, 0x71, 0x75, 0x7a, 0x7a, 0x2f, 0x50, 0x6b, 0x31, 0x66, 0x6f, 0x68, + 0x77, 0x49, 0x44, 0x41, 0x51, 0x41, 0x42, 0x41, 0x6f, 0x49, 0x43, 0x41, 0x41, 0x73, 0x55, 0x4d, + 0x59, 0x4b, 0x6c, 0x6c, 0x6e, 0x71, 0x58, 0x4c, 0x76, 0x45, 0x50, 0x68, 0x74, 0x34, 0x38, 0x2b, + 0x4e, 0x76, 0x68, 0x0d, 0x0a, 0x72, 0x4e, 0x31, 0x39, 0x44, 0x49, 0x69, 0x38, 0x50, 0x79, 0x38, + 0x53, 0x44, 0x31, 0x55, 0x70, 0x66, 0x39, 0x51, 0x59, 0x77, 0x68, 0x75, 0x33, 0x55, 0x77, 0x6a, + 0x67, 0x53, 0x55, 0x57, 0x72, 0x41, 0x34, 0x44, 0x43, 0x71, 0x5a, 0x42, 0x2b, 0x6f, 0x35, 0x2f, + 0x78, 0x6e, 0x79, 0x68, 0x69, 0x59, 0x51, 0x53, 0x36, 0x69, 0x39, 0x78, 0x74, 0x39, 0x2f, 0x48, + 0x31, 0x35, 0x62, 0x38, 0x44, 0x0d, 0x0a, 0x47, 0x52, 0x32, 0x44, 0x34, 0x6a, 0x77, 0x36, 0x6b, + 0x35, 0x4b, 0x36, 0x51, 0x47, 0x48, 0x53, 0x6c, 0x79, 0x47, 0x43, 0x6e, 0x2b, 0x6b, 0x53, 0x6d, + 0x73, 0x45, 0x30, 0x4e, 0x75, 0x4a, 0x53, 0x6e, 0x32, 0x48, 0x70, 0x51, 0x6b, 0x6c, 0x77, 0x54, + 0x46, 0x79, 0x46, 0x66, 0x6f, 0x31, 0x52, 0x4b, 0x2b, 0x47, 0x5a, 0x54, 0x62, 0x7a, 0x78, 0x32, + 0x35, 0x57, 0x45, 0x70, 0x42, 0x4f, 0x70, 0x0d, 0x0a, 0x51, 0x68, 0x5a, 0x61, 0x54, 0x4a, 0x54, + 0x33, 0x44, 0x2f, 0x65, 0x32, 0x43, 0x38, 0x35, 0x54, 0x6a, 0x6b, 0x79, 0x33, 0x4b, 0x53, 0x46, + 0x4b, 0x78, 0x63, 0x64, 0x72, 0x58, 0x6e, 0x44, 0x58, 0x46, 0x2b, 0x2f, 0x2f, 0x6b, 0x2b, 0x70, + 0x4e, 0x39, 0x5a, 0x4d, 0x70, 0x4d, 0x34, 0x48, 0x72, 0x42, 0x70, 0x56, 0x55, 0x39, 0x34, 0x53, + 0x4b, 0x33, 0x42, 0x75, 0x58, 0x71, 0x70, 0x74, 0x39, 0x0d, 0x0a, 0x6f, 0x6f, 0x7a, 0x59, 0x35, + 0x50, 0x37, 0x6c, 0x6d, 0x51, 0x72, 0x62, 0x56, 0x50, 0x7a, 0x61, 0x79, 0x33, 0x6a, 0x35, 0x2f, + 0x51, 0x57, 0x32, 0x63, 0x70, 0x64, 0x70, 0x74, 0x34, 0x30, 0x4e, 0x62, 0x68, 0x59, 0x6c, 0x4b, + 0x41, 0x55, 0x77, 0x56, 0x58, 0x58, 0x62, 0x6a, 0x31, 0x43, 0x2f, 0x51, 0x46, 0x78, 0x53, 0x78, + 0x4b, 0x67, 0x68, 0x58, 0x50, 0x48, 0x65, 0x65, 0x47, 0x51, 0x72, 0x0d, 0x0a, 0x46, 0x4a, 0x32, + 0x46, 0x68, 0x35, 0x45, 0x36, 0x38, 0x64, 0x36, 0x74, 0x51, 0x37, 0x76, 0x31, 0x4b, 0x70, 0x53, + 0x47, 0x74, 0x67, 0x41, 0x4e, 0x6e, 0x47, 0x2f, 0x2f, 0x6f, 0x39, 0x6a, 0x6c, 0x64, 0x64, 0x37, + 0x67, 0x2f, 0x47, 0x76, 0x52, 0x69, 0x66, 0x56, 0x32, 0x62, 0x76, 0x7a, 0x39, 0x51, 0x36, 0x43, + 0x62, 0x59, 0x52, 0x62, 0x74, 0x5a, 0x4c, 0x6b, 0x39, 0x44, 0x4e, 0x43, 0x55, 0x0d, 0x0a, 0x4d, + 0x56, 0x64, 0x50, 0x42, 0x67, 0x63, 0x45, 0x61, 0x44, 0x74, 0x42, 0x6b, 0x53, 0x49, 0x6c, 0x4f, + 0x35, 0x36, 0x6e, 0x45, 0x32, 0x31, 0x35, 0x54, 0x6a, 0x61, 0x57, 0x2f, 0x73, 0x38, 0x38, 0x4e, + 0x41, 0x39, 0x39, 0x52, 0x79, 0x5a, 0x59, 0x2b, 0x78, 0x51, 0x37, 0x68, 0x48, 0x75, 0x53, 0x78, + 0x50, 0x5a, 0x6e, 0x78, 0x39, 0x42, 0x4e, 0x6f, 0x73, 0x4e, 0x69, 0x52, 0x2f, 0x47, 0x6c, 0x0d, + 0x0a, 0x67, 0x64, 0x6a, 0x37, 0x4f, 0x47, 0x44, 0x69, 0x58, 0x74, 0x41, 0x4a, 0x4b, 0x37, 0x6f, + 0x51, 0x76, 0x74, 0x79, 0x52, 0x75, 0x4f, 0x71, 0x49, 0x34, 0x4c, 0x43, 0x4f, 0x6e, 0x34, 0x55, + 0x57, 0x72, 0x36, 0x6d, 0x35, 0x47, 0x41, 0x46, 0x35, 0x77, 0x75, 0x54, 0x31, 0x30, 0x6f, 0x4e, + 0x35, 0x62, 0x35, 0x52, 0x48, 0x44, 0x69, 0x76, 0x70, 0x33, 0x33, 0x6e, 0x47, 0x62, 0x35, 0x7a, + 0x74, 0x0d, 0x0a, 0x57, 0x5a, 0x53, 0x43, 0x44, 0x45, 0x59, 0x4b, 0x74, 0x6c, 0x33, 0x50, 0x64, + 0x45, 0x68, 0x48, 0x37, 0x4a, 0x46, 0x72, 0x79, 0x73, 0x46, 0x59, 0x71, 0x2f, 0x35, 0x61, 0x65, + 0x44, 0x65, 0x4c, 0x77, 0x53, 0x6f, 0x4a, 0x75, 0x2b, 0x44, 0x47, 0x71, 0x74, 0x5a, 0x6a, 0x69, + 0x44, 0x37, 0x59, 0x45, 0x6d, 0x67, 0x38, 0x4c, 0x37, 0x6e, 0x78, 0x56, 0x49, 0x6c, 0x76, 0x58, + 0x6c, 0x33, 0x6d, 0x0d, 0x0a, 0x42, 0x4c, 0x71, 0x34, 0x49, 0x30, 0x53, 0x41, 0x76, 0x73, 0x4a, + 0x4b, 0x45, 0x4f, 0x2b, 0x2f, 0x44, 0x6d, 0x4c, 0x78, 0x4f, 0x74, 0x31, 0x56, 0x68, 0x49, 0x39, + 0x4f, 0x4b, 0x64, 0x39, 0x37, 0x7a, 0x49, 0x37, 0x57, 0x6e, 0x55, 0x56, 0x78, 0x5a, 0x35, 0x59, + 0x34, 0x62, 0x66, 0x37, 0x67, 0x74, 0x68, 0x73, 0x73, 0x6f, 0x6f, 0x4e, 0x77, 0x47, 0x56, 0x76, + 0x6c, 0x78, 0x41, 0x6b, 0x61, 0x0d, 0x0a, 0x76, 0x4a, 0x54, 0x64, 0x70, 0x6c, 0x38, 0x33, 0x72, + 0x54, 0x41, 0x78, 0x79, 0x51, 0x6f, 0x57, 0x31, 0x43, 0x30, 0x70, 0x71, 0x79, 0x46, 0x78, 0x37, + 0x45, 0x49, 0x73, 0x63, 0x4c, 0x51, 0x72, 0x30, 0x5a, 0x4a, 0x4b, 0x77, 0x63, 0x50, 0x73, 0x2f, + 0x62, 0x6b, 0x78, 0x30, 0x67, 0x57, 0x74, 0x35, 0x48, 0x4d, 0x41, 0x41, 0x7a, 0x67, 0x70, 0x31, + 0x4e, 0x49, 0x64, 0x61, 0x75, 0x2f, 0x61, 0x0d, 0x0a, 0x31, 0x48, 0x44, 0x6b, 0x4e, 0x4a, 0x69, + 0x6a, 0x55, 0x2f, 0x73, 0x51, 0x30, 0x46, 0x78, 0x6e, 0x55, 0x4c, 0x53, 0x78, 0x41, 0x6f, 0x49, + 0x42, 0x41, 0x51, 0x44, 0x2f, 0x47, 0x30, 0x68, 0x34, 0x4a, 0x6a, 0x70, 0x35, 0x56, 0x33, 0x2f, + 0x76, 0x4d, 0x33, 0x33, 0x61, 0x64, 0x2f, 0x30, 0x30, 0x44, 0x77, 0x61, 0x67, 0x59, 0x43, 0x6c, + 0x34, 0x42, 0x78, 0x52, 0x48, 0x55, 0x6a, 0x44, 0x69, 0x0d, 0x0a, 0x48, 0x4b, 0x4c, 0x62, 0x4f, + 0x58, 0x70, 0x37, 0x68, 0x6c, 0x7a, 0x58, 0x73, 0x55, 0x5a, 0x72, 0x33, 0x52, 0x43, 0x47, 0x35, + 0x41, 0x78, 0x6f, 0x31, 0x2f, 0x6d, 0x63, 0x6e, 0x4b, 0x4b, 0x65, 0x4e, 0x52, 0x70, 0x63, 0x44, + 0x32, 0x4c, 0x49, 0x6e, 0x43, 0x4d, 0x6a, 0x6b, 0x73, 0x6b, 0x38, 0x4f, 0x75, 0x33, 0x74, 0x6d, + 0x46, 0x6c, 0x43, 0x64, 0x63, 0x33, 0x39, 0x2b, 0x37, 0x65, 0x64, 0x0d, 0x0a, 0x6b, 0x38, 0x54, + 0x56, 0x30, 0x4f, 0x32, 0x37, 0x57, 0x4f, 0x6f, 0x65, 0x56, 0x6f, 0x4c, 0x4a, 0x71, 0x6d, 0x67, + 0x4b, 0x37, 0x2f, 0x59, 0x5a, 0x71, 0x38, 0x59, 0x55, 0x6a, 0x68, 0x4f, 0x4e, 0x69, 0x34, 0x51, + 0x38, 0x4c, 0x44, 0x68, 0x43, 0x36, 0x76, 0x39, 0x45, 0x50, 0x34, 0x34, 0x4a, 0x54, 0x53, 0x66, + 0x4c, 0x55, 0x70, 0x6c, 0x50, 0x58, 0x79, 0x4a, 0x44, 0x77, 0x72, 0x45, 0x4c, 0x0d, 0x0a, 0x61, + 0x6d, 0x6a, 0x35, 0x73, 0x56, 0x6b, 0x56, 0x4d, 0x4f, 0x49, 0x35, 0x56, 0x45, 0x63, 0x55, 0x66, + 0x2f, 0x41, 0x78, 0x58, 0x30, 0x54, 0x79, 0x33, 0x69, 0x65, 0x6c, 0x61, 0x72, 0x63, 0x67, 0x32, + 0x4e, 0x67, 0x6f, 0x46, 0x42, 0x5a, 0x74, 0x69, 0x32, 0x65, 0x34, 0x53, 0x41, 0x6d, 0x47, 0x46, + 0x32, 0x73, 0x4a, 0x74, 0x35, 0x33, 0x4a, 0x47, 0x39, 0x51, 0x67, 0x55, 0x6f, 0x6c, 0x41, 0x0d, + 0x0a, 0x51, 0x4d, 0x50, 0x4f, 0x4d, 0x52, 0x76, 0x48, 0x7a, 0x52, 0x42, 0x61, 0x42, 0x67, 0x73, + 0x57, 0x79, 0x62, 0x68, 0x56, 0x36, 0x6e, 0x4e, 0x4e, 0x6b, 0x48, 0x58, 0x61, 0x5a, 0x50, 0x4c, + 0x2b, 0x57, 0x4d, 0x34, 0x78, 0x63, 0x58, 0x31, 0x77, 0x47, 0x4e, 0x36, 0x75, 0x54, 0x70, 0x48, + 0x6a, 0x6f, 0x53, 0x50, 0x69, 0x71, 0x58, 0x57, 0x77, 0x66, 0x47, 0x6f, 0x56, 0x35, 0x78, 0x33, + 0x4b, 0x0d, 0x0a, 0x37, 0x69, 0x6c, 0x6d, 0x6f, 0x38, 0x7a, 0x48, 0x6b, 0x35, 0x59, 0x50, 0x31, + 0x41, 0x73, 0x41, 0x31, 0x43, 0x78, 0x4e, 0x4e, 0x52, 0x64, 0x6b, 0x78, 0x76, 0x46, 0x6b, 0x7a, + 0x77, 0x63, 0x73, 0x65, 0x31, 0x49, 0x32, 0x36, 0x46, 0x4e, 0x4c, 0x30, 0x30, 0x5a, 0x71, 0x76, + 0x47, 0x78, 0x50, 0x41, 0x6f, 0x49, 0x42, 0x41, 0x51, 0x44, 0x56, 0x65, 0x38, 0x74, 0x59, 0x42, + 0x4d, 0x5a, 0x54, 0x0d, 0x0a, 0x73, 0x61, 0x67, 0x53, 0x30, 0x6f, 0x4d, 0x5a, 0x2b, 0x38, 0x63, + 0x2f, 0x64, 0x4b, 0x42, 0x75, 0x2f, 0x38, 0x63, 0x78, 0x77, 0x64, 0x76, 0x50, 0x71, 0x38, 0x71, + 0x6c, 0x77, 0x4e, 0x2b, 0x38, 0x46, 0x6f, 0x55, 0x49, 0x32, 0x39, 0x58, 0x67, 0x33, 0x31, 0x64, + 0x66, 0x44, 0x65, 0x47, 0x72, 0x51, 0x57, 0x61, 0x6b, 0x39, 0x65, 0x4c, 0x71, 0x56, 0x32, 0x71, + 0x4a, 0x48, 0x47, 0x36, 0x4d, 0x0d, 0x0a, 0x51, 0x54, 0x42, 0x43, 0x65, 0x53, 0x53, 0x67, 0x6c, + 0x65, 0x57, 0x33, 0x52, 0x6f, 0x5a, 0x33, 0x6b, 0x73, 0x70, 0x78, 0x35, 0x32, 0x39, 0x76, 0x59, + 0x4f, 0x6b, 0x41, 0x36, 0x42, 0x31, 0x61, 0x43, 0x39, 0x49, 0x6b, 0x34, 0x6b, 0x78, 0x43, 0x33, + 0x46, 0x46, 0x77, 0x6b, 0x61, 0x51, 0x48, 0x4e, 0x6f, 0x36, 0x6d, 0x45, 0x74, 0x48, 0x56, 0x55, + 0x58, 0x44, 0x42, 0x58, 0x6d, 0x4d, 0x47, 0x0d, 0x0a, 0x48, 0x4c, 0x66, 0x69, 0x38, 0x39, 0x4c, + 0x36, 0x77, 0x78, 0x42, 0x55, 0x30, 0x6a, 0x6e, 0x6b, 0x4f, 0x44, 0x38, 0x73, 0x42, 0x6e, 0x5a, + 0x30, 0x30, 0x4e, 0x39, 0x47, 0x4f, 0x6d, 0x72, 0x36, 0x51, 0x41, 0x50, 0x54, 0x43, 0x50, 0x2b, + 0x4a, 0x41, 0x45, 0x37, 0x38, 0x57, 0x66, 0x64, 0x77, 0x61, 0x59, 0x54, 0x56, 0x34, 0x5a, 0x33, + 0x75, 0x72, 0x74, 0x45, 0x47, 0x56, 0x6d, 0x4e, 0x66, 0x0d, 0x0a, 0x36, 0x30, 0x48, 0x30, 0x54, + 0x56, 0x72, 0x33, 0x44, 0x50, 0x6b, 0x32, 0x53, 0x30, 0x4e, 0x53, 0x6d, 0x54, 0x7a, 0x53, 0x6c, + 0x4a, 0x48, 0x7a, 0x37, 0x39, 0x68, 0x30, 0x79, 0x4d, 0x33, 0x31, 0x54, 0x61, 0x70, 0x52, 0x4b, + 0x46, 0x6f, 0x46, 0x72, 0x4e, 0x70, 0x57, 0x78, 0x6b, 0x4c, 0x73, 0x6b, 0x6c, 0x57, 0x50, 0x30, + 0x76, 0x66, 0x54, 0x6b, 0x69, 0x51, 0x4d, 0x35, 0x30, 0x50, 0x4b, 0x0d, 0x0a, 0x50, 0x78, 0x4b, + 0x53, 0x50, 0x6d, 0x2b, 0x70, 0x44, 0x45, 0x4e, 0x43, 0x5a, 0x35, 0x6e, 0x2f, 0x33, 0x35, 0x6e, + 0x31, 0x30, 0x55, 0x6c, 0x70, 0x37, 0x30, 0x74, 0x48, 0x33, 0x70, 0x56, 0x34, 0x42, 0x69, 0x78, + 0x62, 0x34, 0x6d, 0x4e, 0x73, 0x4b, 0x56, 0x30, 0x4a, 0x42, 0x65, 0x75, 0x6c, 0x6c, 0x50, 0x52, + 0x58, 0x54, 0x68, 0x70, 0x47, 0x76, 0x49, 0x43, 0x39, 0x42, 0x77, 0x32, 0x4d, 0x0d, 0x0a, 0x6e, + 0x48, 0x6b, 0x42, 0x74, 0x45, 0x30, 0x74, 0x55, 0x78, 0x70, 0x4a, 0x41, 0x6f, 0x49, 0x42, 0x41, + 0x46, 0x69, 0x42, 0x54, 0x61, 0x34, 0x70, 0x6a, 0x53, 0x58, 0x6c, 0x2f, 0x6f, 0x4f, 0x74, 0x65, + 0x4a, 0x39, 0x66, 0x2b, 0x35, 0x2b, 0x68, 0x43, 0x75, 0x70, 0x2f, 0x45, 0x6b, 0x51, 0x4c, 0x4b, + 0x4c, 0x54, 0x70, 0x78, 0x66, 0x33, 0x63, 0x63, 0x33, 0x2f, 0x64, 0x50, 0x43, 0x6f, 0x34, 0x0d, + 0x0a, 0x33, 0x6d, 0x4d, 0x53, 0x70, 0x4e, 0x7a, 0x74, 0x4d, 0x44, 0x75, 0x73, 0x53, 0x4d, 0x58, + 0x6a, 0x45, 0x44, 0x32, 0x4f, 0x64, 0x6a, 0x69, 0x76, 0x4d, 0x62, 0x72, 0x34, 0x74, 0x34, 0x76, + 0x6a, 0x35, 0x36, 0x6b, 0x43, 0x31, 0x77, 0x41, 0x6e, 0x62, 0x62, 0x35, 0x39, 0x6d, 0x5a, 0x49, + 0x65, 0x4c, 0x74, 0x35, 0x4d, 0x41, 0x31, 0x4d, 0x50, 0x48, 0x6a, 0x34, 0x55, 0x49, 0x7a, 0x5a, + 0x5a, 0x0d, 0x0a, 0x54, 0x62, 0x68, 0x43, 0x79, 0x56, 0x4e, 0x50, 0x35, 0x4a, 0x4c, 0x4f, 0x31, + 0x37, 0x48, 0x6d, 0x54, 0x32, 0x31, 0x34, 0x4d, 0x54, 0x35, 0x74, 0x52, 0x65, 0x35, 0x65, 0x5a, + 0x52, 0x4b, 0x4b, 0x56, 0x77, 0x2b, 0x46, 0x67, 0x54, 0x43, 0x6d, 0x37, 0x51, 0x52, 0x30, 0x58, + 0x71, 0x34, 0x54, 0x30, 0x6c, 0x35, 0x78, 0x34, 0x46, 0x79, 0x57, 0x69, 0x56, 0x37, 0x2f, 0x63, + 0x57, 0x6d, 0x52, 0x0d, 0x0a, 0x73, 0x52, 0x71, 0x30, 0x71, 0x34, 0x68, 0x6f, 0x4c, 0x70, 0x76, + 0x69, 0x63, 0x70, 0x68, 0x55, 0x44, 0x4b, 0x73, 0x75, 0x44, 0x2b, 0x53, 0x38, 0x64, 0x70, 0x6e, + 0x4a, 0x42, 0x6c, 0x4c, 0x78, 0x42, 0x34, 0x58, 0x2b, 0x73, 0x42, 0x63, 0x75, 0x62, 0x72, 0x74, + 0x4c, 0x55, 0x64, 0x6d, 0x67, 0x35, 0x77, 0x4a, 0x6a, 0x77, 0x43, 0x78, 0x6a, 0x69, 0x38, 0x73, + 0x77, 0x62, 0x48, 0x50, 0x77, 0x0d, 0x0a, 0x4b, 0x42, 0x6b, 0x6a, 0x65, 0x5a, 0x74, 0x70, 0x56, + 0x71, 0x4f, 0x77, 0x47, 0x46, 0x71, 0x7a, 0x6f, 0x4c, 0x2b, 0x70, 0x51, 0x45, 0x69, 0x50, 0x35, + 0x4e, 0x46, 0x77, 0x6a, 0x31, 0x56, 0x68, 0x75, 0x33, 0x66, 0x37, 0x32, 0x45, 0x2b, 0x42, 0x36, + 0x32, 0x4a, 0x4b, 0x36, 0x6f, 0x4c, 0x56, 0x56, 0x7a, 0x54, 0x4d, 0x48, 0x79, 0x44, 0x31, 0x61, + 0x62, 0x57, 0x72, 0x5a, 0x48, 0x4e, 0x6c, 0x0d, 0x0a, 0x4e, 0x36, 0x32, 0x38, 0x49, 0x69, 0x6b, + 0x69, 0x63, 0x31, 0x42, 0x42, 0x2b, 0x43, 0x44, 0x46, 0x69, 0x4b, 0x41, 0x78, 0x31, 0x30, 0x70, + 0x4f, 0x61, 0x71, 0x4b, 0x55, 0x44, 0x62, 0x6f, 0x44, 0x7a, 0x61, 0x31, 0x67, 0x4f, 0x36, 0x38, + 0x43, 0x67, 0x67, 0x45, 0x42, 0x41, 0x4c, 0x54, 0x52, 0x58, 0x73, 0x45, 0x56, 0x67, 0x6a, 0x6f, + 0x66, 0x54, 0x6f, 0x46, 0x71, 0x78, 0x6c, 0x6f, 0x36, 0x0d, 0x0a, 0x74, 0x46, 0x2b, 0x64, 0x30, + 0x38, 0x6c, 0x51, 0x59, 0x5a, 0x4a, 0x57, 0x5a, 0x57, 0x79, 0x33, 0x55, 0x44, 0x51, 0x6d, 0x63, + 0x68, 0x70, 0x6f, 0x5a, 0x4a, 0x50, 0x46, 0x52, 0x35, 0x6c, 0x6f, 0x38, 0x69, 0x4c, 0x7a, 0x71, + 0x67, 0x47, 0x59, 0x71, 0x6d, 0x7a, 0x73, 0x53, 0x78, 0x38, 0x37, 0x6e, 0x57, 0x4f, 0x32, 0x72, + 0x6a, 0x65, 0x6a, 0x65, 0x31, 0x48, 0x43, 0x4d, 0x2f, 0x44, 0x45, 0x0d, 0x0a, 0x4a, 0x63, 0x61, + 0x66, 0x4f, 0x49, 0x4f, 0x4d, 0x31, 0x47, 0x57, 0x33, 0x70, 0x64, 0x34, 0x4c, 0x6b, 0x69, 0x38, + 0x50, 0x61, 0x74, 0x54, 0x37, 0x45, 0x43, 0x6e, 0x6e, 0x64, 0x72, 0x70, 0x6d, 0x79, 0x35, 0x2f, + 0x78, 0x36, 0x36, 0x47, 0x6b, 0x5a, 0x78, 0x78, 0x6f, 0x38, 0x6b, 0x75, 0x67, 0x36, 0x45, 0x55, + 0x51, 0x51, 0x67, 0x56, 0x4b, 0x53, 0x38, 0x49, 0x78, 0x7a, 0x4c, 0x42, 0x53, 0x0d, 0x0a, 0x69, + 0x63, 0x47, 0x65, 0x4d, 0x69, 0x53, 0x49, 0x4d, 0x35, 0x47, 0x42, 0x67, 0x39, 0x47, 0x62, 0x6e, + 0x4a, 0x46, 0x71, 0x4a, 0x33, 0x51, 0x41, 0x78, 0x6e, 0x78, 0x33, 0x73, 0x61, 0x43, 0x44, 0x6e, + 0x32, 0x4d, 0x45, 0x66, 0x4a, 0x30, 0x38, 0x38, 0x71, 0x4d, 0x4a, 0x72, 0x76, 0x41, 0x63, 0x4a, + 0x37, 0x55, 0x62, 0x64, 0x4a, 0x34, 0x6f, 0x73, 0x44, 0x74, 0x52, 0x54, 0x63, 0x76, 0x55, 0x0d, + 0x0a, 0x74, 0x44, 0x78, 0x31, 0x63, 0x50, 0x64, 0x45, 0x44, 0x59, 0x30, 0x37, 0x41, 0x34, 0x67, + 0x2b, 0x7a, 0x50, 0x4c, 0x56, 0x70, 0x67, 0x53, 0x77, 0x6e, 0x4b, 0x4b, 0x53, 0x37, 0x2f, 0x54, + 0x41, 0x6e, 0x45, 0x70, 0x46, 0x4d, 0x53, 0x67, 0x5a, 0x4a, 0x64, 0x6c, 0x6b, 0x30, 0x6a, 0x33, + 0x6b, 0x47, 0x52, 0x37, 0x49, 0x76, 0x74, 0x56, 0x4e, 0x71, 0x4e, 0x67, 0x76, 0x67, 0x2f, 0x6f, + 0x47, 0x0d, 0x0a, 0x42, 0x65, 0x33, 0x33, 0x76, 0x43, 0x74, 0x4b, 0x59, 0x36, 0x67, 0x65, 0x64, + 0x50, 0x55, 0x43, 0x46, 0x70, 0x77, 0x76, 0x2f, 0x68, 0x2b, 0x6a, 0x38, 0x75, 0x78, 0x38, 0x69, + 0x73, 0x4e, 0x78, 0x49, 0x58, 0x6a, 0x6b, 0x42, 0x39, 0x79, 0x2b, 0x6c, 0x6c, 0x70, 0x67, 0x4c, + 0x38, 0x64, 0x63, 0x49, 0x42, 0x70, 0x37, 0x48, 0x39, 0x48, 0x4b, 0x4d, 0x6e, 0x2f, 0x73, 0x44, + 0x44, 0x5a, 0x6f, 0x0d, 0x0a, 0x6e, 0x65, 0x6b, 0x43, 0x67, 0x67, 0x45, 0x42, 0x41, 0x4e, 0x46, + 0x7a, 0x48, 0x69, 0x31, 0x53, 0x36, 0x71, 0x34, 0x45, 0x71, 0x49, 0x72, 0x48, 0x4c, 0x78, 0x74, + 0x32, 0x79, 0x67, 0x54, 0x36, 0x61, 0x63, 0x4c, 0x78, 0x32, 0x51, 0x68, 0x36, 0x4e, 0x4f, 0x39, + 0x4d, 0x76, 0x61, 0x43, 0x65, 0x37, 0x70, 0x65, 0x6d, 0x4b, 0x68, 0x6a, 0x56, 0x58, 0x77, 0x45, + 0x31, 0x53, 0x36, 0x6c, 0x70, 0x0d, 0x0a, 0x38, 0x58, 0x49, 0x77, 0x5a, 0x4b, 0x67, 0x32, 0x4d, + 0x53, 0x70, 0x79, 0x56, 0x62, 0x43, 0x68, 0x6d, 0x31, 0x61, 0x62, 0x71, 0x6c, 0x33, 0x4f, 0x68, + 0x69, 0x56, 0x48, 0x56, 0x35, 0x32, 0x47, 0x59, 0x72, 0x64, 0x6f, 0x56, 0x6c, 0x43, 0x59, 0x74, + 0x30, 0x56, 0x53, 0x35, 0x77, 0x4f, 0x41, 0x48, 0x55, 0x63, 0x51, 0x4e, 0x52, 0x50, 0x6a, 0x6f, + 0x59, 0x53, 0x30, 0x39, 0x46, 0x66, 0x4c, 0x0d, 0x0a, 0x33, 0x35, 0x6b, 0x51, 0x65, 0x65, 0x45, + 0x71, 0x33, 0x49, 0x66, 0x2f, 0x61, 0x55, 0x48, 0x7a, 0x2f, 0x5a, 0x55, 0x50, 0x2b, 0x58, 0x64, + 0x37, 0x65, 0x6e, 0x6d, 0x77, 0x43, 0x65, 0x72, 0x2b, 0x39, 0x52, 0x52, 0x77, 0x2f, 0x56, 0x4d, + 0x46, 0x45, 0x55, 0x68, 0x33, 0x2f, 0x75, 0x41, 0x69, 0x50, 0x42, 0x44, 0x77, 0x74, 0x67, 0x43, + 0x67, 0x47, 0x33, 0x39, 0x34, 0x4d, 0x71, 0x4f, 0x51, 0x0d, 0x0a, 0x76, 0x30, 0x37, 0x6b, 0x70, + 0x35, 0x43, 0x72, 0x6c, 0x6a, 0x50, 0x6d, 0x76, 0x65, 0x70, 0x54, 0x46, 0x55, 0x61, 0x79, 0x52, + 0x69, 0x38, 0x62, 0x31, 0x65, 0x71, 0x58, 0x50, 0x67, 0x4f, 0x54, 0x42, 0x57, 0x59, 0x76, 0x7a, + 0x79, 0x75, 0x71, 0x30, 0x52, 0x55, 0x54, 0x56, 0x61, 0x4b, 0x78, 0x69, 0x4a, 0x66, 0x48, 0x71, + 0x5a, 0x62, 0x42, 0x76, 0x39, 0x52, 0x79, 0x4e, 0x79, 0x59, 0x6e, 0x0d, 0x0a, 0x61, 0x74, 0x71, + 0x45, 0x6a, 0x6d, 0x53, 0x4f, 0x46, 0x73, 0x4c, 0x6b, 0x59, 0x6c, 0x4c, 0x6a, 0x44, 0x32, 0x2b, + 0x65, 0x6f, 0x33, 0x48, 0x53, 0x44, 0x46, 0x34, 0x64, 0x6e, 0x72, 0x45, 0x56, 0x37, 0x32, 0x79, + 0x77, 0x6a, 0x59, 0x77, 0x2b, 0x79, 0x2f, 0x67, 0x53, 0x76, 0x4c, 0x6a, 0x31, 0x70, 0x55, 0x33, + 0x47, 0x6b, 0x76, 0x30, 0x2b, 0x51, 0x37, 0x68, 0x41, 0x31, 0x48, 0x31, 0x58, 0x0d, 0x0a, 0x32, + 0x2f, 0x79, 0x69, 0x49, 0x31, 0x62, 0x4a, 0x77, 0x30, 0x58, 0x4e, 0x73, 0x55, 0x78, 0x45, 0x30, + 0x77, 0x4d, 0x69, 0x33, 0x79, 0x50, 0x35, 0x47, 0x72, 0x76, 0x6e, 0x6f, 0x33, 0x45, 0x3d, 0x0d, + 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, + 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0d, 0x0a, +}; +UINTN TestRootKey4Size = sizeof (TestRootKey4); diff --git a/DeviceSecurityTestPkg/Test/DeployCert/Tool/BinToHex.c b/DeviceSecurityTestPkg/Test/DeployCert/Tool/BinToHex.c new file mode 100644 index 00000000000..03b872cb049 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/DeployCert/Tool/BinToHex.c @@ -0,0 +1,85 @@ +/** @file + BinToHex tool + + Copyright (c) 2010, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + +char gname[1024]; +char oname[1024]; + +int +main (int argc, char **argv) +{ + FILE *in_file; + FILE *out_file; + + if (argc != 2) { + printf ("Invalid Parameter!\n"); + return 1; + } + + in_file = fopen (argv[1], "rb"); + if (in_file == NULL) { + printf ("Input file error!\n"); + return 1; + } + + strcpy (gname, argv[1]); + gname[strlen (gname) - 4] = 0; + + strcpy (oname, gname); + strcat (oname, ".c"); + + out_file = fopen (oname, "wb"); + if (out_file == NULL) { + printf ("Output file error!\n"); + fclose (out_file); + return 1; + } + + file_convert (in_file, out_file); + + fclose (in_file); + fclose (out_file); + + return 0; +} + +int +file_convert (FILE *in_file, FILE *out_file) +{ + char rdata; + char cdata[64]; + int result; + int index; + + sprintf (cdata, "UINT8 %s[]= {\r\n", gname); + fwrite (cdata, strlen(cdata), 1, out_file); + + index = 0; + while ((result = fread (&rdata, sizeof(char), 1, in_file)) != 0) { + sprintf (cdata, "0x%02x, ", (unsigned char)rdata); + fwrite (cdata, strlen(cdata), 1, out_file); + index ++; + if (index % 16 == 0) { + sprintf (cdata, "\r\n"); + fwrite (cdata, strlen(cdata), 1, out_file); + } + } + + sprintf (cdata, "};\r\n"); + fwrite (cdata, strlen(cdata), 1, out_file); + + return 0; +} + diff --git a/DeviceSecurityTestPkg/Test/DeployCert/Tool/DumpToHex.c b/DeviceSecurityTestPkg/Test/DeployCert/Tool/DumpToHex.c new file mode 100644 index 00000000000..b167850aff5 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/DeployCert/Tool/DumpToHex.c @@ -0,0 +1,141 @@ +/** @file + BinToHex tool + + Copyright (c) 2010, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include + +char gname[1024]; +char oname[1024]; + +int +main (int argc, char **argv) +{ + FILE *in_file; + FILE *out_file; + + if (argc != 2) { + printf ("Invalid Parameter!\n"); + return 1; + } + + in_file = fopen (argv[1], "rb"); + if (in_file == NULL) { + printf ("Input file error!\n"); + return 1; + } + + strcpy (gname, argv[1]); + gname[strlen (gname) - 4] = 0; + + strcpy (oname, gname); + strcat (oname, ".c"); + + out_file = fopen (oname, "wb"); + if (out_file == NULL) { + printf ("Output file error!\n"); + fclose (out_file); + return 1; + } + + file_convert (in_file, out_file); + + fclose (in_file); + fclose (out_file); + + return 0; +} + +int +CharToNum ( + char ch + ) +{ + if (ch >= '0' && ch <= '9') { + return ch - '0'; + } + if (ch >= 'a' && ch <= 'z') { + return ch - 'a' + 10; + } + if (ch >= 'A' && ch <= 'Z') { + return ch - 'A' + 10; + } + __asm int 3; + return 0; +} + +int +StrToNum ( + char *str + ) +{ + char high = *str; + char low = *(str+1); + + return (CharToNum(high) << 4) + CharToNum(low); +} + +int +StrXToNum ( + char *str, + int count + ) +{ + int num = 0; + int index; + for (index = 0; index < count; index++, str++) { + num = (num << 4) + CharToNum(*str); + } + return num; +} + +int +file_convert (FILE *in_file, FILE *out_file) +{ + char cdata[64]; + int result; + int index; + int number; + int line; + char temp_str[sizeof(" 00000000: 86 80 60 0B 46 01 10 00-00 02 08 01 00 00 00 00 *..`.F...........*") + 1]; + + sprintf (cdata, "UINT8 %s[]= {\r\n", gname); + fwrite (cdata, strlen(cdata), 1, out_file); + + index = 0; + while (1) { + for (index = 0; index < sizeof(temp_str); index++) { + temp_str[index] = fgetc(in_file); + if (feof(in_file)) { + break; + } + } + if (index != sizeof(temp_str)) { + break; + } + line = StrXToNum (&temp_str[2], 8); + for (index = 0; index < 16; index++) { + number = StrXToNum (&temp_str[12 + index * 3], 2); + sprintf (cdata, "0x%02x, ", (unsigned char)number); + fwrite (cdata, strlen(cdata), 1, out_file); + } + sprintf (cdata, " // %08x \r\n", line); + fwrite (cdata, strlen(cdata), 1, out_file); + } + + sprintf (cdata, "};\r\n"); + fwrite (cdata, strlen(cdata), 1, out_file); + + return 0; +} + diff --git a/DeviceSecurityTestPkg/Test/DeployCert/readme.txt b/DeviceSecurityTestPkg/Test/DeployCert/readme.txt new file mode 100644 index 00000000000..9ef449e2b3d --- /dev/null +++ b/DeviceSecurityTestPkg/Test/DeployCert/readme.txt @@ -0,0 +1,21 @@ +==== RSA ==== +Generate a root key: + + openssl genrsa -out TestRoot.key 2048 + +Generate a self-signed root certificate: + + openssl req -extensions v3_ca -new -x509 -days 3650 -key TestRoot.key -out TestRoot.crt + openssl x509 -in TestRoot.crt -out TestRoot.cer -outform DER + openssl x509 -inform DER -in TestRoot.cer -outform PEM -out TestRoot.pub.pem + +==== ECC ==== +Generate a root key: (secp256r1/NIST P-256) + + openssl ecparam -out EccTestRoot.key -name prime256v1 -genkey + +Generate a self-signed root certificate: + + openssl req -extensions v3_ca -new -x509 -days 3650 -key EccTestRoot.key -out EccTestRoot.crt + openssl x509 -in EccTestRoot.crt -out EccTestRoot.cer -outform DER + openssl x509 -inform DER -in EccTestRoot.cer -outform PEM -out EccTestRoot.pub.pem diff --git a/DeviceSecurityTestPkg/Test/DeviceSecurityPolicyStub/DeviceSecurityPolicyStub.c b/DeviceSecurityTestPkg/Test/DeviceSecurityPolicyStub/DeviceSecurityPolicyStub.c new file mode 100644 index 00000000000..ad98b542264 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/DeviceSecurityPolicyStub/DeviceSecurityPolicyStub.c @@ -0,0 +1,248 @@ +/** @file + EDKII Device Security Policy Stub + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include "hal/base.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +EDKII_DEVICE_SECURITY_POLICY mDeviceSecurityPolicyNone = { + EDKII_DEVICE_SECURITY_POLICY_REVISION, + 0, + 0, +}; + +EDKII_DEVICE_SECURITY_POLICY mDeviceSecurityPolicyFull = { + EDKII_DEVICE_SECURITY_POLICY_REVISION, + EDKII_DEVICE_MEASUREMENT_REQUIRED, + EDKII_DEVICE_AUTHENTICATION_REQUIRED +}; + +EDKII_DEVICE_SECURITY_POLICY mDeviceSecurityPolicyAuthOnly = { + EDKII_DEVICE_SECURITY_POLICY_REVISION, + 0, + EDKII_DEVICE_AUTHENTICATION_REQUIRED +}; + +EDKII_DEVICE_SECURITY_POLICY mDeviceSecurityPolicyMeasOnly = { + EDKII_DEVICE_SECURITY_POLICY_REVISION, + EDKII_DEVICE_MEASUREMENT_REQUIRED, + 0 +}; + +/** + This function returns the device security policy associated with the device. + + The device security driver may call this interface to get the platform policy + for the specific device and determine if the measurement or authentication + is required. + + @param[in] This The protocol instance pointer. + @param[in] DeviceId The Identifier for the device. + @param[out] DeviceSecurityPolicy The Device Security Policy associated with the device. + + @retval EFI_SUCCESS The device security policy is returned + @retval EFI_UNSUPPORTED The function is unsupported for the specific Device. +**/ +EFI_STATUS +EFIAPI +GetDevicePolicy ( + IN EDKII_DEVICE_SECURITY_POLICY_PROTOCOL *This, + IN EDKII_DEVICE_IDENTIFIER *DeviceId, + OUT EDKII_DEVICE_SECURITY_POLICY *DeviceSecurityPolicy + ) +{ + EFI_STATUS Status; + EFI_PCI_IO_PROTOCOL *PciIo; + UINT16 PciVendorId; + UINT16 PciDeviceId; + UINT8 TestConfig; + UINTN TestConfigSize; + + TestConfigSize = sizeof(UINT8); + Status = gRT->GetVariable ( + L"SpdmTestConfig", + &gEfiDeviceSecurityPkgTestConfig, + NULL, + &TestConfigSize, + &TestConfig + ); + if (EFI_ERROR (Status)) { + return Status; + } + + CopyMem (DeviceSecurityPolicy, &mDeviceSecurityPolicyNone, sizeof (EDKII_DEVICE_SECURITY_POLICY)); + + DEBUG ((DEBUG_INFO, "GetDevicePolicy - 0x%g\n", &DeviceId->DeviceType)); + + if (!CompareGuid (&DeviceId->DeviceType, &gEdkiiDeviceIdentifierTypePciGuid)) { + return EFI_SUCCESS; + } + + Status = gBS->HandleProtocol ( + DeviceId->DeviceHandle, + &gEdkiiDeviceIdentifierTypePciGuid, + (VOID **)&PciIo + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Locate - DeviceIdentifierTypePci - %r\n", Status)); + return EFI_SUCCESS; + } + + Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16, PCI_VENDOR_ID_OFFSET, 1, &PciVendorId); + ASSERT_EFI_ERROR (Status); + Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16, PCI_DEVICE_ID_OFFSET, 1, &PciDeviceId); + ASSERT_EFI_ERROR (Status); + DEBUG ((DEBUG_INFO, "PCI Info - %04x:%04x\n", PciVendorId, PciDeviceId)); + + if (TestConfig == TEST_CONFIG_SECURITY_POLICY_AUTH_ONLY) { + CopyMem (DeviceSecurityPolicy, &mDeviceSecurityPolicyAuthOnly, sizeof (EDKII_DEVICE_SECURITY_POLICY)); + } else if (TestConfig == TEST_CONFIG_SECURITY_POLICY_MEAS_ONLY) { + CopyMem (DeviceSecurityPolicy, &mDeviceSecurityPolicyMeasOnly, sizeof (EDKII_DEVICE_SECURITY_POLICY)); + } else if (TestConfig == TEST_CONFIG_SECURITY_POLICY_NONE) { + CopyMem (DeviceSecurityPolicy, &mDeviceSecurityPolicyNone, sizeof (EDKII_DEVICE_SECURITY_POLICY)); + } else { + CopyMem (DeviceSecurityPolicy, &mDeviceSecurityPolicyFull, sizeof (EDKII_DEVICE_SECURITY_POLICY)); + } + + return EFI_SUCCESS; +} + +/** + This function sets the device state based upon the authentication result. + + The device security driver may call this interface to give the platform + a notify based upon the measurement or authentication result. + If the authentication or measurement fails, the platform may choose: + 1) Do nothing. + 2) Disable this device or slot temporarily and continue boot. + 3) Reset the platform and retry again. + 4) Disable this device or slot permanently. + 5) Any other platform specific action. + + @param[in] This The protocol instance pointer. + @param[in] DeviceId The Identifier for the device. + @param[in] DeviceSecurityState The Device Security state associated with the device. + + @retval EFI_SUCCESS The device state is set + @retval EFI_UNSUPPORTED The function is unsupported for the specific Device. +**/ +EFI_STATUS +EFIAPI +NotifyDeviceState ( + IN EDKII_DEVICE_SECURITY_POLICY_PROTOCOL *This, + IN EDKII_DEVICE_IDENTIFIER *DeviceId, + IN EDKII_DEVICE_SECURITY_STATE *DeviceSecurityState + ) +{ + EFI_STATUS Status; + EFI_PCI_IO_PROTOCOL *PciIo; + UINT16 PciVendorId; + UINT16 PciDeviceId; + UINTN Segment; + UINTN Bus; + UINTN Device; + UINTN Function; + + DEBUG ((DEBUG_INFO, "NotifyDeviceState - 0x%g\n", &DeviceId->DeviceType)); + + if (!CompareGuid (&DeviceId->DeviceType, &gEdkiiDeviceIdentifierTypePciGuid)) { + return EFI_SUCCESS; + } + + Status = gBS->HandleProtocol ( + DeviceId->DeviceHandle, + &gEdkiiDeviceIdentifierTypePciGuid, + (VOID **)&PciIo + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Locate - DeviceIdentifierTypePci - %r\n", Status)); + return EFI_SUCCESS; + } + + Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16, PCI_VENDOR_ID_OFFSET, 1, &PciVendorId); + ASSERT_EFI_ERROR (Status); + Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16, PCI_DEVICE_ID_OFFSET, 1, &PciDeviceId); + ASSERT_EFI_ERROR (Status); + DEBUG ((DEBUG_INFO, "PCI Info - %04x:%04x\n", PciVendorId, PciDeviceId)); + + Status = PciIo->GetLocation ( + PciIo, + &Segment, + &Bus, + &Device, + &Function + ); + if (!EFI_ERROR (Status)) { + DEBUG (( + DEBUG_INFO, + "PCI Loc - %04x:%02x:%02x:%02x\n", + Segment, + Bus, + Device, + Function + )); + } + + DEBUG (( + DEBUG_INFO, + "State - Measurement - 0x%08x, Authentication - 0x%08x\n", + DeviceSecurityState->MeasurementState, + DeviceSecurityState->AuthenticationState + )); + + return EFI_SUCCESS; +} + +EDKII_DEVICE_SECURITY_POLICY_PROTOCOL mDeviceSecurityPolicy = { + EDKII_DEVICE_SECURITY_POLICY_PROTOCOL_REVISION, + GetDevicePolicy, + NotifyDeviceState, +}; + +/** + Entrypoint of the device security driver. + + @param[in] ImageHandle ImageHandle of the loaded driver + @param[in] SystemTable Pointer to the System Table + + @retval EFI_SUCCESS The Protocol is installed. + @retval EFI_OUT_OF_RESOURCES Not enough resources available to initialize driver. + @retval EFI_DEVICE_ERROR A device error occurred attempting to initialize the driver. + +**/ +EFI_STATUS +EFIAPI +MainEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_HANDLE Handle; + EFI_STATUS Status; + + Handle = NULL; + Status = gBS->InstallProtocolInterface ( + &Handle, + &gEdkiiDeviceSecurityPolicyProtocolGuid, + EFI_NATIVE_INTERFACE, + &mDeviceSecurityPolicy + ); + ASSERT_EFI_ERROR (Status); + + return Status; +} diff --git a/DeviceSecurityTestPkg/Test/DeviceSecurityPolicyStub/DeviceSecurityPolicyStub.inf b/DeviceSecurityTestPkg/Test/DeviceSecurityPolicyStub/DeviceSecurityPolicyStub.inf new file mode 100644 index 00000000000..f959abec19a --- /dev/null +++ b/DeviceSecurityTestPkg/Test/DeviceSecurityPolicyStub/DeviceSecurityPolicyStub.inf @@ -0,0 +1,44 @@ +## @file +# EDKII Device Security Policy Stub +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = DeviceSecurityPolicyStub + FILE_GUID = E3152C9F-8549-46C2-8B09-40EA0AE116F3 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = MainEntryPoint + +[Sources] + DeviceSecurityPolicyStub.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + DeviceSecurityTestPkg/DeviceSecurityTestPkg.dec + +[LibraryClasses] + UefiRuntimeServicesTableLib + UefiBootServicesTableLib + UefiDriverEntryPoint + MemoryAllocationLib + DevicePathLib + BaseMemoryLib + PrintLib + DebugLib + +[Protocols] + gEdkiiDeviceSecurityPolicyProtocolGuid ## PRODUCES + gEdkiiDeviceIdentifierTypePciGuid ## COMSUMES + +[Depex] + TRUE + +[Guids] + gEfiDeviceSecurityPkgTestConfig ## CONSUMES diff --git a/DeviceSecurityTestPkg/Test/HashLibBaseCryptoRouterTestStub/HashLibBaseCryptoRouterCommon.c b/DeviceSecurityTestPkg/Test/HashLibBaseCryptoRouterTestStub/HashLibBaseCryptoRouterCommon.c new file mode 100644 index 00000000000..10133808447 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/HashLibBaseCryptoRouterTestStub/HashLibBaseCryptoRouterCommon.c @@ -0,0 +1,74 @@ +/** @file + This is BaseCrypto router support function. + +Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include + +typedef struct { + EFI_GUID Guid; + UINT32 Mask; +} TPM2_HASH_MASK; + +TPM2_HASH_MASK mTpm2HashMask[] = { + { HASH_ALGORITHM_SHA1_GUID, HASH_ALG_SHA1 }, + { HASH_ALGORITHM_SHA256_GUID, HASH_ALG_SHA256 }, + { HASH_ALGORITHM_SHA384_GUID, HASH_ALG_SHA384 }, + { HASH_ALGORITHM_SHA512_GUID, HASH_ALG_SHA512 }, + { HASH_ALGORITHM_SM3_256_GUID, HASH_ALG_SM3_256 }, +}; + +/** + The function get hash mask info from algorithm. + + @param HashGuid Hash Guid + + @return HashMask +**/ +UINT32 +EFIAPI +Tpm2GetHashMaskFromAlgo ( + IN EFI_GUID *HashGuid + ) +{ + UINTN Index; + + for (Index = 0; Index < sizeof (mTpm2HashMask)/sizeof (mTpm2HashMask[0]); Index++) { + if (CompareGuid (HashGuid, &mTpm2HashMask[Index].Guid)) { + return mTpm2HashMask[Index].Mask; + } + } + + return 0; +} + +/** + The function set digest to digest list. + + @param DigestList digest list + @param Digest digest data +**/ +VOID +EFIAPI +Tpm2SetHashToDigestList ( + IN OUT TPML_DIGEST_VALUES *DigestList, + IN TPML_DIGEST_VALUES *Digest + ) +{ + CopyMem ( + &DigestList->digests[DigestList->count], + &Digest->digests[0], + sizeof (Digest->digests[0]) + ); + DigestList->count++; +} diff --git a/DeviceSecurityTestPkg/Test/HashLibBaseCryptoRouterTestStub/HashLibBaseCryptoRouterCommon.h b/DeviceSecurityTestPkg/Test/HashLibBaseCryptoRouterTestStub/HashLibBaseCryptoRouterCommon.h new file mode 100644 index 00000000000..987d794028d --- /dev/null +++ b/DeviceSecurityTestPkg/Test/HashLibBaseCryptoRouterTestStub/HashLibBaseCryptoRouterCommon.h @@ -0,0 +1,38 @@ +/** @file + This is BaseCrypto router support function definition. + +Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _HASH_LIB_BASE_CRYPTO_ROUTER_COMMON_H_ +#define _HASH_LIB_BASE_CRYPTO_ROUTER_COMMON_H_ + +/** + The function get hash mask info from algorithm. + + @param HashGuid Hash Guid + + @return HashMask +**/ +UINT32 +EFIAPI +Tpm2GetHashMaskFromAlgo ( + IN EFI_GUID *HashGuid + ); + +/** + The function set digest to digest list. + + @param DigestList digest list + @param Digest digest data +**/ +VOID +EFIAPI +Tpm2SetHashToDigestList ( + IN OUT TPML_DIGEST_VALUES *DigestList, + IN TPML_DIGEST_VALUES *Digest + ); + +#endif diff --git a/DeviceSecurityTestPkg/Test/HashLibBaseCryptoRouterTestStub/HashLibBaseCryptoRouterTestStub.c b/DeviceSecurityTestPkg/Test/HashLibBaseCryptoRouterTestStub/HashLibBaseCryptoRouterTestStub.c new file mode 100644 index 00000000000..3681b6b9646 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/HashLibBaseCryptoRouterTestStub/HashLibBaseCryptoRouterTestStub.c @@ -0,0 +1,203 @@ +/** @file + This library is BaseCrypto router. It will redirect hash request to each individual + hash handler registered, such as SHA1, SHA256. + Platform can use PcdTpm2HashMask to mask some hash engines. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include + +#include "HashLibBaseCryptoRouterCommon.h" + +HASH_INTERFACE mHashInterface[HASH_COUNT] = { + { + { 0 }, NULL, NULL, NULL + } +}; +UINTN mHashInterfaceCount = 0; + +/** + Start hash sequence. + + @param HashHandle Hash handle. + + @retval EFI_SUCCESS Hash sequence start and HandleHandle returned. + @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. +**/ +EFI_STATUS +EFIAPI +HashStart ( + OUT HASH_HANDLE *HashHandle + ) +{ + HASH_HANDLE *HashCtx; + UINTN Index; + + if (mHashInterfaceCount == 0) { + return EFI_UNSUPPORTED; + } + + HashCtx = AllocatePool (sizeof (*HashCtx) * mHashInterfaceCount); + ASSERT (HashCtx != NULL); + + for (Index = 0; Index < mHashInterfaceCount; Index++) { + mHashInterface[Index].HashInit (&HashCtx[Index]); + } + + *HashHandle = (HASH_HANDLE)HashCtx; + + return EFI_SUCCESS; +} + +/** + Update hash sequence data. + + @param HashHandle Hash handle. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + + @retval EFI_SUCCESS Hash sequence updated. +**/ +EFI_STATUS +EFIAPI +HashUpdate ( + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen + ) +{ + HASH_HANDLE *HashCtx; + UINTN Index; + + if (mHashInterfaceCount == 0) { + return EFI_UNSUPPORTED; + } + + HashCtx = (HASH_HANDLE *)HashHandle; + + for (Index = 0; Index < mHashInterfaceCount; Index++) { + mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen); + } + + return EFI_SUCCESS; +} + +/** + Hash sequence complete and extend to PCR. + + @param HashHandle Hash handle. + @param PcrIndex PCR to be extended. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + @param DigestList Digest list. + + @retval EFI_SUCCESS Hash sequence complete and DigestList is returned. +**/ +EFI_STATUS +EFIAPI +HashCompleteAndExtend ( + IN HASH_HANDLE HashHandle, + IN TPMI_DH_PCR PcrIndex, + IN VOID *DataToHash, + IN UINTN DataToHashLen, + OUT TPML_DIGEST_VALUES *DigestList + ) +{ + TPML_DIGEST_VALUES Digest; + HASH_HANDLE *HashCtx; + UINTN Index; + + if (mHashInterfaceCount == 0) { + return EFI_UNSUPPORTED; + } + + HashCtx = (HASH_HANDLE *)HashHandle; + ZeroMem (DigestList, sizeof (*DigestList)); + + for (Index = 0; Index < mHashInterfaceCount; Index++) { + mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen); + mHashInterface[Index].HashFinal (HashCtx[Index], &Digest); + Tpm2SetHashToDigestList (DigestList, &Digest); + } + + if (PcrIndex < 24) { + // + // Extend to TPM PCR + // + } else { + // + // Extend to TPM NvIndex + // + } + + FreePool (HashCtx); + + return EFI_SUCCESS; +} + +/** + Hash data and extend to PCR. + + @param PcrIndex PCR to be extended. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + @param DigestList Digest list. + + @retval EFI_SUCCESS Hash data and DigestList is returned. +**/ +EFI_STATUS +EFIAPI +HashAndExtend ( + IN TPMI_DH_PCR PcrIndex, + IN VOID *DataToHash, + IN UINTN DataToHashLen, + OUT TPML_DIGEST_VALUES *DigestList + ) +{ + HASH_HANDLE HashHandle; + EFI_STATUS Status; + + if (mHashInterfaceCount == 0) { + return EFI_UNSUPPORTED; + } + + HashStart (&HashHandle); + HashUpdate (HashHandle, DataToHash, DataToHashLen); + Status = HashCompleteAndExtend (HashHandle, PcrIndex, NULL, 0, DigestList); + + return Status; +} + +/** + This service register Hash. + + @param HashInterface Hash interface + + @retval EFI_SUCCESS This hash interface is registered successfully. + @retval EFI_UNSUPPORTED System does not support register this interface. + @retval EFI_ALREADY_STARTED System already register this interface. +**/ +EFI_STATUS +EFIAPI +RegisterHashInterfaceLib ( + IN HASH_INTERFACE *HashInterface + ) +{ + if (mHashInterfaceCount >= sizeof (mHashInterface)/sizeof (mHashInterface[0])) { + return EFI_OUT_OF_RESOURCES; + } + + CopyMem (&mHashInterface[mHashInterfaceCount], HashInterface, sizeof (*HashInterface)); + mHashInterfaceCount++; + + return EFI_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/Test/HashLibBaseCryptoRouterTestStub/HashLibBaseCryptoRouterTestStub.inf b/DeviceSecurityTestPkg/Test/HashLibBaseCryptoRouterTestStub/HashLibBaseCryptoRouterTestStub.inf new file mode 100644 index 00000000000..c4cfc77a2d1 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/HashLibBaseCryptoRouterTestStub/HashLibBaseCryptoRouterTestStub.inf @@ -0,0 +1,41 @@ +## @file +# Provides hash service by registered hash handler +# +# This library is BaseCrypto router. It will redirect hash request to each individual +# hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to +# mask some hash engines. +# +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = HashLibBaseCryptoRouterTestStub + FILE_GUID = A4FA3C3D-DD08-45F2-B398-1FDFB0743BB0 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = HashLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + HashLibBaseCryptoRouterCommon.h + HashLibBaseCryptoRouterCommon.c + HashLibBaseCryptoRouterTestStub.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + Tpm2CommandLib + MemoryAllocationLib diff --git a/DeviceSecurityTestPkg/Test/PciIoPciDoeStub/PciIoPciDoeStub.c b/DeviceSecurityTestPkg/Test/PciIoPciDoeStub/PciIoPciDoeStub.c new file mode 100644 index 00000000000..1bc38a20075 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/PciIoPciDoeStub/PciIoPciDoeStub.c @@ -0,0 +1,1150 @@ +/** @file + EDKII PciIo Stub for PCIe DOE Capability test + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "SpdmStub.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +SPDM_TEST_DEVICE_CONTEXT mSpdmTestDeviceContext = { + SPDM_TEST_DEVICE_CONTEXT_SIGNATURE, + NULL, +}; + +#define SLOT_NUMBER 2 + +VOID *mSpdmContext = NULL; + +BOOLEAN mSendReceiveBufferAcquired = FALSE; +UINT8 mSendReceiveBuffer[SPDM_MAX_SENDER_RECEIVER_BUFFER_SIZE]; +UINTN mSendReceiveBufferSize; +VOID *mScratchBuffer; + +#pragma pack(1) +typedef struct { + UINT32 VendorID : 16; // bit 0:15 + UINT32 DataObjectType : 8; // bit 16:23 + UINT32 Reserved : 8; // bit 24:31 +} DATA_OBJECT_HEADER1; + +typedef struct { + UINT32 Length : 18; // bit 0:17 + UINT32 Reserved : 14; // bit 18:31 +} DATA_OBJECT_HEADER2; +#pragma pack() + +#define DATA_OBJECT_HEADER_TOTAL_SIZE (sizeof(DATA_OBJECT_HEADER1) + sizeof(DATA_OBJECT_HEADER2)) + +// +// mMailboxDataIn +// +UINT8 mRequestDataBuffer[SPDM_MAX_SENDER_RECEIVER_BUFFER_SIZE]; +UINTN mRequestDataSize = 0; +UINTN mRequestDataWriteIndex = 0; + +// +// mMailboxDataOut +// +UINT8 mResponseDataBuffer[SPDM_MAX_SENDER_RECEIVER_BUFFER_SIZE]; +UINT8 *mResponseDataBufferPtr; +UINTN mResponseDataSize = 0; +UINTN mResponseDataReadIndex = 0; +// +// Simulate PCIe DOE capability offset. +// +#define SIMULATED_PCIE_DOE_CAP_OFFSET 0x880 + +// +// Simulate Pci Device Path. +// +#define gPciRootBridge(Segment) \ + { \ + { \ + ACPI_DEVICE_PATH, \ + ACPI_DP, \ + { \ + (UINT8) (sizeof (ACPI_HID_DEVICE_PATH)), \ + (UINT8) ((sizeof (ACPI_HID_DEVICE_PATH)) >> 8) \ + }, \ + }, \ + EISA_PNP_ID (0x0A03), \ + (Segment) \ + } + +#define gPci(Device, Function) \ + { \ + { \ + HARDWARE_DEVICE_PATH, \ + HW_PCI_DP, \ + { \ + (UINT8) (sizeof (PCI_DEVICE_PATH)), \ + (UINT8) ((sizeof (PCI_DEVICE_PATH)) >> 8) \ + } \ + }, \ + (Function), \ + (Device) \ + } + +#define gEndEntire \ + { \ + END_DEVICE_PATH_TYPE, END_ENTIRE_DEVICE_PATH_SUBTYPE, { END_DEVICE_PATH_LENGTH, 0 } \ + } + +typedef struct { + ACPI_HID_DEVICE_PATH PciRootBridge; + PCI_DEVICE_PATH PciDevice; + EFI_DEVICE_PATH End; +} TEST_PCI_DEVICE_PATH; + +TEST_PCI_DEVICE_PATH mTestPciDevicePath = { gPciRootBridge (0), gPci (0, 0), gEndEntire }; + +UINT8 *mPciDeviceBuffer; + +EFI_STATUS +EFIAPI +PciIoStubPollMem ( + IN EFI_PCI_IO_PROTOCOL *This, + IN EFI_PCI_IO_PROTOCOL_WIDTH Width, + IN UINT8 BarIndex, + IN UINT64 Offset, + IN UINT64 Mask, + IN UINT64 Value, + IN UINT64 Delay, + OUT UINT64 *Result + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubPollIo ( + IN EFI_PCI_IO_PROTOCOL *This, + IN EFI_PCI_IO_PROTOCOL_WIDTH Width, + IN UINT8 BarIndex, + IN UINT64 Offset, + IN UINT64 Mask, + IN UINT64 Value, + IN UINT64 Delay, + OUT UINT64 *Result + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubMemRead ( + IN EFI_PCI_IO_PROTOCOL *This, + IN EFI_PCI_IO_PROTOCOL_WIDTH Width, + IN UINT8 BarIndex, + IN UINT64 Offset, + IN UINTN Count, + IN OUT VOID *Buffer + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubMemWrite ( + IN EFI_PCI_IO_PROTOCOL *This, + IN EFI_PCI_IO_PROTOCOL_WIDTH Width, + IN UINT8 BarIndex, + IN UINT64 Offset, + IN UINTN Count, + IN OUT VOID *Buffer + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubIoRead ( + IN EFI_PCI_IO_PROTOCOL *This, + IN EFI_PCI_IO_PROTOCOL_WIDTH Width, + IN UINT8 BarIndex, + IN UINT64 Offset, + IN UINTN Count, + IN OUT VOID *Buffer + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubIoWrite ( + IN EFI_PCI_IO_PROTOCOL *This, + IN EFI_PCI_IO_PROTOCOL_WIDTH Width, + IN UINT8 BarIndex, + IN UINT64 Offset, + IN UINTN Count, + IN OUT VOID *Buffer + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubConfigRead ( + IN EFI_PCI_IO_PROTOCOL *This, + IN EFI_PCI_IO_PROTOCOL_WIDTH Width, + IN UINT32 Offset, + IN UINTN Count, + IN OUT VOID *Buffer + ) +{ + UINTN Size; + + switch (Width) { + case EfiPciIoWidthUint8: + Size = sizeof (UINT8); + break; + case EfiPciIoWidthUint16: + Size = sizeof (UINT16); + break; + case EfiPciIoWidthUint32: + Size = sizeof (UINT32); + break; + case EfiPciIoWidthUint64: + Size = sizeof (UINT64); + break; + default: + ASSERT (FALSE); + return EFI_UNSUPPORTED; + } + + if (Offset >= 0x1000) { + ASSERT (FALSE); + return EFI_UNSUPPORTED; + } + + if (Count >= (0x1000 - Offset)/Size) { + ASSERT (FALSE); + return EFI_UNSUPPORTED; + } + + if (Offset == SIMULATED_PCIE_DOE_CAP_OFFSET + PCI_EXPRESS_REG_DOE_READ_DATA_MAILBOX_OFFSET) { + // + // Get data from mResponseDataBuffer. + // + if (mResponseDataReadIndex + Size * Count > sizeof (mResponseDataBuffer)) { + return EFI_DEVICE_ERROR; + } + + CopyMem ((UINT8 *)Buffer, mResponseDataBufferPtr + mResponseDataReadIndex, Size * Count); + mResponseDataReadIndex += Size * Count; + + if (mResponseDataReadIndex >= mResponseDataSize) { + DEBUG ((DEBUG_ERROR, " [PciIoCfg] Read response data is complete!\n")); + + // + // Simulate clearing "Data Object Ready" bit. + // + DEBUG ((DEBUG_ERROR, " [PciIoCfg] Simulate clearing 'Data Object Ready' bit.\n")); + *(UINT32 *)(mPciDeviceBuffer + SIMULATED_PCIE_DOE_CAP_OFFSET + PCI_EXPRESS_REG_DOE_STATUS_OFFSET) = 0; + + // + // Reset the points and index. + // + ZeroMem (mResponseDataBuffer, sizeof (mResponseDataBuffer)); + mResponseDataReadIndex = 0; + mResponseDataSize = 0; + } + } else { + CopyMem (Buffer, mPciDeviceBuffer + Offset, Size * Count); + } + + return EFI_SUCCESS; +} + +EFI_STATUS +EFIAPI +PciIoStubConfigWrite ( + IN EFI_PCI_IO_PROTOCOL *This, + IN EFI_PCI_IO_PROTOCOL_WIDTH Width, + IN UINT32 Offset, + IN UINTN Count, + IN OUT VOID *Buffer + ) +{ + UINTN Size; + SPDM_RETURN SpdmReturn; + UINT32 *SessionId; + BOOLEAN IsAppMessage; + UINT32 TmpSessionId; + UINT32 *SessionIdPtr; + + switch (Width) { + case EfiPciIoWidthUint8: + Size = sizeof (UINT8); + break; + case EfiPciIoWidthUint16: + Size = sizeof (UINT16); + break; + case EfiPciIoWidthUint32: + Size = sizeof (UINT32); + break; + case EfiPciIoWidthUint64: + Size = sizeof (UINT64); + break; + default: + ASSERT (FALSE); + return EFI_UNSUPPORTED; + } + + if (Offset >= 0x1000) { + ASSERT (FALSE); + return EFI_UNSUPPORTED; + } + + if (Count >= (0x1000 - Offset)/Size) { + ASSERT (FALSE); + return EFI_UNSUPPORTED; + } + + if (Offset == SIMULATED_PCIE_DOE_CAP_OFFSET + PCI_EXPRESS_REG_DOE_WRITE_DATA_MAILBOX_OFFSET) { + if (mRequestDataWriteIndex + Size * Count > sizeof (mRequestDataBuffer)) { + return EFI_DEVICE_ERROR; + } + + CopyMem (mRequestDataBuffer + mRequestDataWriteIndex, (UINT8 *)Buffer, Size * Count); + mRequestDataWriteIndex += Size * Count; + } else if (Offset == SIMULATED_PCIE_DOE_CAP_OFFSET + PCI_EXPRESS_REG_DOE_CONTROL_OFFSET) { + if (((PCI_EXPRESS_REG_DOE_CONTROL *)Buffer)->Bits.DoeGo) { + // + // Create and inital mResponseDataBuffer. + // + mRequestDataSize = mRequestDataWriteIndex; + mResponseDataSize = sizeof (mResponseDataBuffer); + DEBUG ((DEBUG_ERROR, " [PciIoCfg] Get ResponseData via SpdmProcessRequest and SpdmBuildResponse.\n")); + + SessionId = NULL; + SpdmReturn = SpdmProcessRequest ( + mSpdmContext, + &SessionId, + &IsAppMessage, + mRequestDataSize, + mRequestDataBuffer + ); + if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { + DEBUG ((DEBUG_ERROR, "SpdmProcessRequest - %p\n", SpdmReturn)); + return EFI_DEVICE_ERROR; + } + + if (SessionId != NULL) { + TmpSessionId = *SessionId; + SessionIdPtr = &TmpSessionId; + } else { + SessionIdPtr = NULL; + } + + mResponseDataBufferPtr = mResponseDataBuffer; + SpdmReturn = SpdmBuildResponse (mSpdmContext, SessionIdPtr, IsAppMessage, &mResponseDataSize, (VOID **)&mResponseDataBufferPtr); + if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { + DEBUG ((DEBUG_ERROR, "SpdmBuildResponse - %p\n", SpdmReturn)); + return EFI_DEVICE_ERROR; + } + + DEBUG ((DEBUG_INFO, " [PciIoCfg] SpdmBuildResponse - %p ResponseDataSize = 0x%x\n", SpdmReturn, mResponseDataSize)); + + if (LIBSPDM_STATUS_IS_SUCCESS (SpdmReturn)) { + // + // Simulate setting "Data Object Ready" bit. + // + DEBUG ((DEBUG_ERROR, " [PciIoCfg] Simulate setting 'Data Object Ready' bit.\n")); + *(UINT32 *)(mPciDeviceBuffer + SIMULATED_PCIE_DOE_CAP_OFFSET + PCI_EXPRESS_REG_DOE_STATUS_OFFSET) = 0x80000000; + + // + // Reset the points and index. + // + ZeroMem (mRequestDataBuffer, sizeof (mRequestDataBuffer)); + mRequestDataWriteIndex = 0; + mRequestDataSize = 0; + mResponseDataReadIndex = 0; + } + } + } else { + // Ignore the Pci config write + } + + return EFI_SUCCESS; +} + +EFI_STATUS +EFIAPI +PciIoStubCopyMem ( + IN EFI_PCI_IO_PROTOCOL *This, + IN EFI_PCI_IO_PROTOCOL_WIDTH Width, + IN UINT8 DestBarIndex, + IN UINT64 DestOffset, + IN UINT8 SrcBarIndex, + IN UINT64 SrcOffset, + IN UINTN Count + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubMap ( + IN EFI_PCI_IO_PROTOCOL *This, + IN EFI_PCI_IO_PROTOCOL_OPERATION Operation, + IN VOID *HostAddress, + IN OUT UINTN *NumberOfBytes, + OUT EFI_PHYSICAL_ADDRESS *DeviceAddress, + OUT VOID **Mapping + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubUnmap ( + IN EFI_PCI_IO_PROTOCOL *This, + IN VOID *Mapping + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubAllocateBuffer ( + IN EFI_PCI_IO_PROTOCOL *This, + IN EFI_ALLOCATE_TYPE Type, + IN EFI_MEMORY_TYPE MemoryType, + IN UINTN Pages, + OUT VOID **HostAddress, + IN UINT64 Attributes + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubFreeBuffer ( + IN EFI_PCI_IO_PROTOCOL *This, + IN UINTN Pages, + IN VOID *HostAddress + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubFlush ( + IN EFI_PCI_IO_PROTOCOL *This + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubGetLocation ( + IN EFI_PCI_IO_PROTOCOL *This, + OUT UINTN *Segment, + OUT UINTN *Bus, + OUT UINTN *Device, + OUT UINTN *Function + ) +{ + *Segment = 0; + *Bus = 0; + *Device = 0; + *Function = 0; + return EFI_SUCCESS; +} + +EFI_STATUS +EFIAPI +PciIoStubAttributes ( + IN EFI_PCI_IO_PROTOCOL *This, + IN EFI_PCI_IO_PROTOCOL_ATTRIBUTE_OPERATION Operation, + IN UINT64 Attributes, + OUT UINT64 *Result OPTIONAL + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubGetBarAttributes ( + IN EFI_PCI_IO_PROTOCOL *This, + IN UINT8 BarIndex, + OUT UINT64 *Supports, OPTIONAL + OUT VOID **Resources OPTIONAL + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubSetBarAttributes ( + IN EFI_PCI_IO_PROTOCOL *This, + IN UINT64 Attributes, + IN UINT8 BarIndex, + IN OUT UINT64 *Offset, + IN OUT UINT64 *Length + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_PCI_IO_PROTOCOL mPciIoStubInterface = { + PciIoStubPollMem, + PciIoStubPollIo, + { + PciIoStubMemRead, + PciIoStubMemWrite + }, + { + PciIoStubIoRead, + PciIoStubIoWrite + }, + { + PciIoStubConfigRead, + PciIoStubConfigWrite + }, + PciIoStubCopyMem, + PciIoStubMap, + PciIoStubUnmap, + PciIoStubAllocateBuffer, + PciIoStubFreeBuffer, + PciIoStubFlush, + PciIoStubGetLocation, + PciIoStubAttributes, + PciIoStubGetBarAttributes, + PciIoStubSetBarAttributes, + 0, + NULL +}; + +UINT8 mPciConfigTemplate[] = { + 0x86, 0x80, 0x60, 0x0b, 0x46, 0x01, 0x10, 0x00, 0x00, 0x02, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00, // 00000000 + 0x04, 0x00, 0x10, 0x93, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000010 + 0x04, 0x00, 0x00, 0x93, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x86, 0x80, 0x00, 0x00, // 00000020 + 0x00, 0x00, 0xff, 0xff, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x01, 0x00, 0x00, // 00000030 + 0x01, 0x50, 0x03, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000040 + 0x11, 0x60, 0x87, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000050 + 0x10, 0xa0, 0x02, 0x00, 0x22, 0x8c, 0x00, 0x10, 0x37, 0x29, 0x09, 0x00, 0x44, 0x8c, 0x45, 0x00, // 00000060 + 0x02, 0x00, 0x43, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000070 + 0x00, 0x00, 0x00, 0x00, 0x1f, 0x08, 0x31, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1e, 0x00, 0x00, 0x00, // 00000080 + 0x04, 0x00, 0x1f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000090 + 0x05, 0xc0, 0x8a, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000000a0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000000b0 + 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000000c0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000000d0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000000e0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000000f0 + 0x01, 0x00, 0x02, 0x15, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x30, 0x20, 0x06, 0x00, // 00000100 + 0x00, 0x20, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0xa0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000110 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000120 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000130 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000140 + 0x02, 0x00, 0x01, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000150 + 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000160 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000170 + 0x04, 0x00, 0x01, 0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000180 + 0x0e, 0x00, 0x01, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000190 + 0x10, 0x00, 0x01, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x20, 0x00, // 000001a0 + 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x60, 0x0b, 0xff, 0xff, 0x00, 0x00, // 000001b0 + 0x01, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000001c0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000001d0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000001e0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000001f0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000200 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000210 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000220 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000230 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000240 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000250 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000260 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000270 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000280 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000290 + 0x19, 0x00, 0x01, 0x2d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x27, 0x00, 0x27, // 000002a0 + 0x00, 0x27, 0x00, 0x27, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000002b0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000002c0 + 0x18, 0x00, 0x01, 0x32, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000002d0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000002e0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000002f0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000300 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000310 + 0x25, 0x00, 0x01, 0x33, 0x01, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000320 + 0x26, 0x00, 0x01, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000330 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000340 + 0xf0, 0xf0, 0xf0, 0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000350 + 0x27, 0x00, 0x01, 0x45, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000360 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000370 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000380 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000390 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000003a0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000003b0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000003c0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000003d0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000003e0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000003f0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000400 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000410 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000420 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000430 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000440 + 0x1b, 0x00, 0x01, 0x46, 0x06, 0x1f, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000450 + 0x23, 0x00, 0x01, 0x70, 0x86, 0x80, 0x01, 0x07, 0x3e, 0x00, 0x01, 0x03, 0x0b, 0x00, 0x03, 0x00, // 00000460 * + 0x92, 0x97, 0xb5, 0x98, 0xbb, 0x23, 0x87, 0x68, 0x74, 0x25, 0x80, 0x75, 0xe5, 0x65, 0xe5, 0xa6, // 00000470 + 0x07, 0x3b, 0x01, 0xbd, 0x62, 0x6f, 0x8d, 0xa7, 0x76, 0x7f, 0x05, 0x24, 0xe5, 0x3d, 0x32, 0xfd, // 00000480 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000490 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000004a0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000004b0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000004c0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000004d0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000004e0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000004f0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000500 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000510 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000520 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000530 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000540 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000550 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000560 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000570 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000580 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000590 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000005a0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000005b0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000005c0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000005d0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000005e0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000005f0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000600 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000610 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000620 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000630 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000640 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000650 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000660 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000670 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000680 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000690 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000006a0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000006b0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000006c0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000006d0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000006e0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000006f0 + 0x1e, 0x00, 0x01, 0x88, 0x1f, 0x00, 0x28, 0x00, 0x00, 0x00, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, // 00000700 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000710 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000720 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000730 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000740 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000750 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000760 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000770 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000780 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000790 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000007a0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000007b0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000007c0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000007d0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000007e0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000007f0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000800 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000810 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000820 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000830 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000840 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000850 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000860 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000870 + 0x2e, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000880 * SIMULATED_PCIE_DOE_CAP_OFFSET + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000890 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000008a0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000008b0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000008c0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000008d0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000008e0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000008f0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000900 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000910 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000920 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000930 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000940 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000950 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000960 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000970 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000980 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000990 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000009a0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000009b0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000009c0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000009d0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000009e0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000009f0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a00 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a10 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a20 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a30 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a40 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a50 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a60 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a70 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a80 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a90 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000aa0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ab0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ac0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ad0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ae0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000af0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b00 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b10 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b20 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b30 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b40 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b50 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b60 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b70 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b80 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b90 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ba0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000bb0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000bc0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000bd0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000be0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000bf0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c00 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c10 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c20 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c30 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c40 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c50 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c60 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c70 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c80 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c90 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ca0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000cb0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000cc0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000cd0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ce0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000cf0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d00 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d10 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d20 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d30 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d40 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d50 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d60 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d70 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d80 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d90 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000da0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000db0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000dc0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000dd0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000de0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000df0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e00 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e10 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e20 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e30 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e40 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e50 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e60 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e70 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e80 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e90 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ea0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000eb0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ec0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ed0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ee0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ef0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f00 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f10 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f20 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f30 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f40 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f50 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f60 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f70 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f80 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f90 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000fa0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000fb0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000fc0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000fd0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000fe0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ff0 +}; + +EFI_HANDLE mPciIoHandle; + +SPDM_RETURN +SpdmDeviceAcquireSenderBuffer ( + VOID *Context, + VOID **MsgBufPtr + ) +{ + ASSERT (!mSendReceiveBufferAcquired); + *MsgBufPtr = mSendReceiveBuffer; + ZeroMem (mSendReceiveBuffer, sizeof (mSendReceiveBuffer)); + mSendReceiveBufferAcquired = TRUE; + + return LIBSPDM_STATUS_SUCCESS; +} + +VOID +SpdmDeviceReleaseSenderBuffer ( + VOID *Context, + CONST VOID *MsgBufPtr + ) +{ + ASSERT (mSendReceiveBufferAcquired); + ASSERT (MsgBufPtr == mSendReceiveBuffer); + mSendReceiveBufferAcquired = FALSE; + + return; +} + +SPDM_RETURN +SpdmDeviceAcquireReceiverBuffer ( + VOID *Context, + VOID **MsgBufPtr + ) +{ + ASSERT (!mSendReceiveBufferAcquired); + *MsgBufPtr = mSendReceiveBuffer; + ZeroMem (mSendReceiveBuffer, sizeof (mSendReceiveBuffer)); + mSendReceiveBufferAcquired = TRUE; + + return LIBSPDM_STATUS_SUCCESS; +} + +VOID +SpdmDeviceReleaseReceiverBuffer ( + VOID *context, + CONST VOID *MsgBufPtr + ) +{ + ASSERT (mSendReceiveBufferAcquired); + ASSERT (MsgBufPtr == mSendReceiveBuffer); + mSendReceiveBufferAcquired = FALSE; + + return; +} + +EFI_STATUS +EFIAPI +MainEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + UINT8 Index; + VOID *CertChain; + UINTN CertChainSize; + VOID *SpdmContext; + SPDM_DATA_PARAMETER Parameter; + UINT8 Data8; + UINT16 Data16; + UINT32 Data32; + BOOLEAN HasRspPubCert; + BOOLEAN HasRspPrivKey; + UINTN ScratchBufferSize; + UINT8 TestConfig; + UINTN TestConfigSize; + SPDM_VERSION_NUMBER SpdmVersion; + + TestConfigSize = sizeof (UINT8); + Status = gRT->GetVariable ( + L"SpdmTestConfig", + &gEfiDeviceSecurityPkgTestConfig, + NULL, + &TestConfigSize, + &TestConfig + ); + if (EFI_ERROR (Status)) { + return Status; + } + + mPciDeviceBuffer = AllocateZeroPool (0x1000); + ASSERT (mPciDeviceBuffer != NULL); + CopyMem (mPciDeviceBuffer, mPciConfigTemplate, 0x1000); + + Status = gBS->InstallMultipleProtocolInterfaces ( + &mPciIoHandle, + &gEdkiiDeviceIdentifierTypePciGuid, + &mPciIoStubInterface, + &gEfiDevicePathProtocolGuid, + (EFI_DEVICE_PATH_PROTOCOL *)&mTestPciDevicePath, + NULL + ); + DEBUG ((DEBUG_ERROR, "[PciIoPciDoeStub] InstallProtocolInterface (DeviceIdTypePci & DevicePath) - %r\n", Status)); + + DEBUG ((DEBUG_ERROR, "[PciIoPciDoeStub] Create and initial SpdmContext structure\n")); + + SpdmContext = AllocateZeroPool (SpdmGetContextSize ()); + mSpdmContext = SpdmContext; + ASSERT (SpdmContext != NULL); + SpdmInitContext (SpdmContext); + + if (TestConfig == TEST_CONFIG_SPDM_MESSAGE_VERSION_11) { + ZeroMem (&Parameter, sizeof (Parameter)); + Parameter.location = SpdmDataLocationLocal; + SpdmVersion = SPDM_MESSAGE_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT; + SpdmSetData (SpdmContext, SpdmDataSpdmVersion, &Parameter, &SpdmVersion, sizeof (SpdmVersion)); + } else if (TestConfig == TEST_CONFIG_SPDM_MESSAGE_VERSION_10) { + ZeroMem (&Parameter, sizeof (Parameter)); + Parameter.location = SpdmDataLocationLocal; + SpdmVersion = SPDM_MESSAGE_VERSION_10 << SPDM_VERSION_NUMBER_SHIFT_BIT; + SpdmSetData (SpdmContext, SpdmDataSpdmVersion, &Parameter, &SpdmVersion, sizeof (SpdmVersion)); + } + + mSpdmTestDeviceContext.SpdmContext = SpdmContext; + + SpdmRegisterDeviceIoFunc (SpdmContext, SpdmDeviceSendMessage, SpdmDeviceReceiveMessage); + // SpdmRegisterTransportLayerFunc (SpdmContext, SPDM_MAX_SPDM_MSG_SIZE, SpdmTransportMctpEncodeMessage, SpdmTransportMctpDecodeMessage); + SpdmRegisterTransportLayerFunc ( + SpdmContext, + SPDM_MAX_SPDM_MSG_SIZE, + SPDM_TRANSPORT_HEADER_SIZE, + SPDM_TRANSPORT_TAIL_SIZE, + SpdmTransportPciDoeEncodeMessage, + SpdmTransportPciDoeDecodeMessage + ); + SpdmRegisterDeviceBufferFunc ( + SpdmContext, + SPDM_SENDER_BUFFER_SIZE, + SPDM_RECEIVER_BUFFER_SIZE, + SpdmDeviceAcquireSenderBuffer, + SpdmDeviceReleaseSenderBuffer, + SpdmDeviceAcquireReceiverBuffer, + SpdmDeviceReleaseReceiverBuffer + ); + + ScratchBufferSize = SpdmGetSizeofRequiredScratchBuffer (SpdmContext); + mScratchBuffer = AllocateZeroPool (ScratchBufferSize); + ASSERT (mScratchBuffer != NULL); + + SpdmSetScratchBuffer (SpdmContext, mScratchBuffer, ScratchBufferSize); + + Status = GetVariable2 ( + L"ProvisionSpdmCertChain", + &gEfiDeviceSecurityPkgTestConfig, + &CertChain, + &CertChainSize + ); + if (!EFI_ERROR (Status)) { + HasRspPubCert = TRUE; + // BUGBUG: Assume only 1 SPDM cert. + + ZeroMem (&Parameter, sizeof (Parameter)); + Parameter.location = SpdmDataLocationLocal; + + for (Index = 0; Index < SLOT_NUMBER; Index++) { + Parameter.additional_data[0] = Index; + SpdmSetData (SpdmContext, SpdmDataLocalPublicCertChain, &Parameter, CertChain, CertChainSize); + } + + // do not free it + } else { + HasRspPubCert = FALSE; + } + + // Change the PublicCertChain in slot_0, keep the above original PublicCertChain in slot_1. + if (TestConfig == TEST_CONFIG_DIFF_CERT_IN_DIFF_SLOT) { + Status = GetVariable2 ( + L"ProvisionSpdmCertChain_2", + &gEfiDeviceSecurityPkgTestConfig, + &CertChain, + &CertChainSize + ); + if (!EFI_ERROR (Status)) { + HasRspPubCert = TRUE; + Parameter.additional_data[0] = 0; + SpdmSetData (SpdmContext, SpdmDataLocalPublicCertChain, &Parameter, CertChain, CertChainSize); + + // do not free it + } else { + HasRspPubCert = FALSE; + } + } + + HasRspPrivKey = TRUE; + + Data32 = SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP | + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP | + // SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_NO_SIG | + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG | +#if (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_EX_CAP) + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCRYPT_CAP | + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MAC_CAP | + // SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MUT_AUTH_CAP | + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP | +#endif + // SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP_RESPONDER | + // SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP_RESPONDER_WITH_CONTEXT | + // SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCAP_CAP | + // SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HBEAT_CAP | + // SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_UPD_CAP | +#if (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_EX_CAP) + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP | +#endif + // SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PUB_KEY_ID_CAP | + 0; + if (!HasRspPubCert) { + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP; + } else { + Data32 |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP; + } + + if (!HasRspPrivKey) { + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP; + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG; + Data32 |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_NO_SIG; + } else { + Data32 |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP; + Data32 |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG; + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_NO_SIG; + } + + if (TestConfig == TEST_CONFIG_NO_CERT_CAP) { + // If certificates or public keys are not enabled then these capabilities cannot be enabled. + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP; + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP; + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP; + } else if ((TestConfig == TEST_CONFIG_NO_CHAL_CAP) || (TestConfig == TEST_CONFIG_NO_CHAL_CAP_NO_ROOT_CA)) { + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP; + } else if (TestConfig == TEST_CONFIG_MEAS_CAP_NO_SIG) { + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG; + Data32 |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_NO_SIG; + } else if (TestConfig == TEST_CONFIG_NO_MEAS_CAP) { + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG; + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_NO_SIG; + } + + SpdmSetData (SpdmContext, SpdmDataCapabilityFlags, &Parameter, &Data32, sizeof (Data32)); + + if ((TestConfig == TEST_CONFIG_NO_MEAS_CAP) || (TestConfig == TEST_CONFIG_NO_CERT_CAP)) { + Data8 = 0; + } else { + Data8 = SPDM_MEASUREMENT_SPECIFICATION_DMTF; + } + + SpdmSetData (SpdmContext, SpdmDataMeasurementSpec, &Parameter, &Data8, sizeof (Data8)); + if ((TestConfig == TEST_CONFIG_NO_MEAS_CAP) || (TestConfig == TEST_CONFIG_NO_CERT_CAP)) { + Data32 = 0; + } else { + Data32 = SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA_256; + } + + SpdmSetData (SpdmContext, SpdmDataMeasurementHashAlgo, &Parameter, &Data32, sizeof (Data32)); + if (TestConfig == TEST_CONFIG_RSASSA_3072_SHA_384) { + Data32 = SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072; + } else if (TestConfig == TEST_CONFIG_RSASSA_4096_SHA_512) { + Data32 = SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096; + } else if (TestConfig == TEST_CONFIG_ECDSA_ECC_P256_SHA_256) { + Data32 = SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256; + } else if (TestConfig == TEST_CONFIG_ECDSA_ECC_P384_SHA_384) { + Data32 = SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384; + } else if (TestConfig == TEST_CONFIG_ECDSA_ECC_P521_SHA_512) { + Data32 = SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521; + } else { + Data32 = SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048; + } + + SpdmSetData (SpdmContext, SpdmDataBaseAsymAlgo, &Parameter, &Data32, sizeof (Data32)); + if (TestConfig == TEST_CONFIG_RSASSA_3072_SHA_384) { + Data32 = SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384; + } else if (TestConfig == TEST_CONFIG_RSASSA_4096_SHA_512) { + Data32 = SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512; + } else if (TestConfig == TEST_CONFIG_ECDSA_ECC_P256_SHA_256) { + Data32 = SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256; + } else if (TestConfig == TEST_CONFIG_ECDSA_ECC_P384_SHA_384) { + Data32 = SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384; + } else if (TestConfig == TEST_CONFIG_ECDSA_ECC_P521_SHA_512) { + Data32 = SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512; + } else { + Data32 = SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256; + } + + SpdmSetData (SpdmContext, SpdmDataBaseHashAlgo, &Parameter, &Data32, sizeof (Data32)); + if (TestConfig == TEST_CONFIG_SECP_256_R1_AES_256_GCM) { + Data16 = SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_256_R1; + } else if (TestConfig == TEST_CONFIG_SECP_521_R1_CHACHA20_POLY1305) { + Data16 = SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_521_R1; + } else { + Data16 = SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_384_R1; + } + SpdmSetData (SpdmContext, SpdmDataDHENameGroup, &Parameter, &Data16, sizeof (Data16)); + if (TestConfig == TEST_CONFIG_SECP_256_R1_AES_256_GCM) { + Data16 = SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_256_GCM; + } else if (TestConfig == TEST_CONFIG_SECP_521_R1_CHACHA20_POLY1305) { + Data16 = SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_CHACHA20_POLY1305; + } else { + Data16 = SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_128_GCM; + } + SpdmSetData (SpdmContext, SpdmDataAEADCipherSuite, &Parameter, &Data16, sizeof (Data16)); + Data16 = SPDM_ALGORITHMS_KEY_SCHEDULE_HMAC_HASH; + SpdmSetData (SpdmContext, SpdmDataKeySchedule, &Parameter, &Data16, sizeof (Data16)); + Data8 = SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1; + SpdmSetData (SpdmContext, SpdmDataOtherParamsSupport, &Parameter, &Data8, sizeof (Data8)); + Data8 = SPDM_MEL_SPECIFICATION_DMTF; + SpdmSetData (SpdmContext, SpdmDataMelSpec, &Parameter, &Data8, sizeof (Data8)); + Data8 = 0x3F; + SpdmSetData (SpdmContext, SpdmDataLocalSupportedSlotMask, &Parameter, &Data8, sizeof (Data8)); + + InitializeSpdmTest (&mSpdmTestDeviceContext); + + return Status; +} diff --git a/DeviceSecurityTestPkg/Test/PciIoPciDoeStub/PciIoPciDoeStub.inf b/DeviceSecurityTestPkg/Test/PciIoPciDoeStub/PciIoPciDoeStub.inf new file mode 100644 index 00000000000..273edc7f4bb --- /dev/null +++ b/DeviceSecurityTestPkg/Test/PciIoPciDoeStub/PciIoPciDoeStub.inf @@ -0,0 +1,55 @@ +## @file +# EDKII PciIo Stub for PCIe DOE Capability test +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = PciIoPciDoeStub + FILE_GUID = D8DB395D-AE5B-408A-8526-610DAA4FE7B7 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = MainEntryPoint + +[Sources] + PciIoPciDoeStub.c + SpdmStubTest.c + SpdmStub.h + SpdmDeviceIo.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + CryptoPkg/CryptoPkg.dec + SecurityPkg/SecurityPkg.dec + DeviceSecurityTestPkg/DeviceSecurityTestPkg.dec + +[LibraryClasses] + UefiRuntimeServicesTableLib + UefiBootServicesTableLib + UefiDriverEntryPoint + MemoryAllocationLib + DevicePathLib + BaseMemoryLib + PrintLib + DebugLib + UefiLib + RngLib + BaseCryptLib + SpdmResponderLib + SpdmTransportPciDoeLib + CryptlibWrapper + +[Guids] + gEfiDeviceSignatureDatabaseGuid ## CONSUMES + +[Protocols] + gEdkiiDeviceIdentifierTypePciGuid ## PRODUCES + gEfiDevicePathProtocolGuid ## PRODUCES + gSpdmTestProtocolGuid ## PRODUCES + +[Depex] + TRUE diff --git a/DeviceSecurityTestPkg/Test/PciIoPciDoeStub/SpdmDeviceIo.c b/DeviceSecurityTestPkg/Test/PciIoPciDoeStub/SpdmDeviceIo.c new file mode 100644 index 00000000000..47f8ef98f8e --- /dev/null +++ b/DeviceSecurityTestPkg/Test/PciIoPciDoeStub/SpdmDeviceIo.c @@ -0,0 +1,32 @@ +/** @file + EDKII Device Security library for SPDM device. + It follows the SPDM Specification. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "SpdmStub.h" + +SPDM_RETURN +SpdmDeviceSendMessage ( + IN VOID *SpdmContext, + IN UINTN MessageSize, + IN CONST VOID *Message, + IN UINT64 Timeout + ) +{ + return LIBSPDM_STATUS_SUCCESS; +} + +SPDM_RETURN +SpdmDeviceReceiveMessage ( + IN VOID *SpdmContext, + IN OUT UINTN *MessageSize, + IN OUT VOID **Message, + IN UINT64 Timeout + ) +{ + return LIBSPDM_STATUS_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/Test/PciIoPciDoeStub/SpdmStub.h b/DeviceSecurityTestPkg/Test/PciIoPciDoeStub/SpdmStub.h new file mode 100644 index 00000000000..3412fdfefa1 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/PciIoPciDoeStub/SpdmStub.h @@ -0,0 +1,102 @@ +/** @file + EDKII SpdmIo Stub + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _SPDM_STUB_H_ +#define _SPDM_STUB_H_ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +typedef struct { + UINTN Signature; + EFI_HANDLE SpdmHandle; + SPDM_IO_PROTOCOL SpdmIoProtocol; + SPDM_TEST_PROTOCOL SpdmTestProtocol; + SPDM_TEST_PROCESS_PACKET_CALLBACK ProcessPacketCallback; + VOID *SpdmContext; +} SPDM_TEST_DEVICE_CONTEXT; + +#define SPDM_TEST_DEVICE_CONTEXT_SIGNATURE SIGNATURE_32 ('S', 'T', 'D', 'C') +#define SPDM_TEST_DEVICE_CONTEXT_FROM_SPDM_TEST_PROTOCOL(a) CR (a, SPDM_TEST_DEVICE_CONTEXT, SpdmTestProtocol, SPDM_TEST_DEVICE_CONTEXT_SIGNATURE) +#define SPDM_TEST_DEVICE_CONTEXT_FROM_SPDM_IO_PROTOCOL(a) CR (a, SPDM_TEST_DEVICE_CONTEXT, SpdmIoProtocol, SPDM_TEST_DEVICE_CONTEXT_SIGNATURE) + +#ifndef SPDM_TRANSPORT_HEADER_SIZE +#define SPDM_TRANSPORT_HEADER_SIZE 64 +#endif +#ifndef SPDM_TRANSPORT_TAIL_SIZE +#define SPDM_TRANSPORT_TAIL_SIZE 64 +#endif +/* define common SPDM_TRANSPORT_ADDITIONAL_SIZE. It should be the biggest one. */ +#ifndef SPDM_TRANSPORT_ADDITIONAL_SIZE +#define SPDM_TRANSPORT_ADDITIONAL_SIZE \ + (SPDM_TRANSPORT_HEADER_SIZE + SPDM_TRANSPORT_TAIL_SIZE) +#endif +#ifndef SPDM_SENDER_BUFFER_SIZE +#define SPDM_SENDER_BUFFER_SIZE (0x1100 + \ + SPDM_TRANSPORT_ADDITIONAL_SIZE) +#endif +#ifndef SPDM_RECEIVER_BUFFER_SIZE +#define SPDM_RECEIVER_BUFFER_SIZE (0x1200 + \ + SPDM_TRANSPORT_ADDITIONAL_SIZE) +#endif +#if (SPDM_SENDER_BUFFER_SIZE > SPDM_RECEIVER_BUFFER_SIZE) +#define SPDM_MAX_SENDER_RECEIVER_BUFFER_SIZE SPDM_SENDER_BUFFER_SIZE +#else +#define SPDM_MAX_SENDER_RECEIVER_BUFFER_SIZE SPDM_RECEIVER_BUFFER_SIZE +#endif +/* Maximum size of a large SPDM message. + * If chunk is unsupported, it must be same as SPDM_DATA_TRANSFER_SIZE. + * If chunk is supported, it must be larger than SPDM_DATA_TRANSFER_SIZE. + * It matches MaxSPDMmsgSize in SPDM specification. */ +#ifndef SPDM_MAX_SPDM_MSG_SIZE +#define SPDM_MAX_SPDM_MSG_SIZE 0x1200 +#endif + +VOID +InitializeSpdmTest ( + IN OUT SPDM_TEST_DEVICE_CONTEXT *SpdmTestDeviceContext + ); + +SPDM_RETURN +SpdmDeviceSendMessage ( + IN VOID *SpdmContext, + IN UINTN MessageSize, + IN CONST VOID *Message, + IN UINT64 Timeout + ); + +SPDM_RETURN +SpdmDeviceReceiveMessage ( + IN VOID *SpdmContext, + IN OUT UINTN *MessageSize, + IN OUT VOID **Message, + IN UINT64 Timeout + ); + +extern EFI_HANDLE mSpdmHandle; + +#endif diff --git a/DeviceSecurityTestPkg/Test/PciIoPciDoeStub/SpdmStubTest.c b/DeviceSecurityTestPkg/Test/PciIoPciDoeStub/SpdmStubTest.c new file mode 100644 index 00000000000..be160ba1888 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/PciIoPciDoeStub/SpdmStubTest.c @@ -0,0 +1,173 @@ +/** @file + EDKII SpdmIo Stub + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "SpdmStub.h" + +extern SPDM_TEST_DEVICE_CONTEXT mSpdmTestDeviceContext; + +SPDM_RETURN +SpdmGetResponseVendorDefinedRequest ( + IN VOID *SpdmContext, + IN CONST UINT32 *SessionId, + IN BOOLEAN IsAppMessage, + IN UINTN RequestSize, + IN CONST VOID *Request, + IN OUT UINTN *ResponseSize, + OUT VOID *Response + ) +{ + EFI_STATUS Status; + SPDM_TEST_DEVICE_CONTEXT *SpdmTestContext; + + SpdmTestContext = &mSpdmTestDeviceContext; + + if (SpdmTestContext->ProcessPacketCallback == NULL) { + SpdmGenerateErrorResponse (SpdmContext, SPDM_ERROR_CODE_INVALID_REQUEST, 0, ResponseSize, Response); + return LIBSPDM_STATUS_SUCCESS; + } + + Status = SpdmTestContext->ProcessPacketCallback ( + (VOID *)Request, + RequestSize, + Response, + ResponseSize + ); + if (EFI_ERROR (Status)) { + SpdmGenerateErrorResponse (SpdmContext, SPDM_ERROR_CODE_INVALID_REQUEST, 0, ResponseSize, Response); + return LIBSPDM_STATUS_SUCCESS; + } + + return LIBSPDM_STATUS_SUCCESS; +} + +/** + Set a SPDM Session Data. + + @param This Indicates a pointer to the calling context. + @param DataType Type of the session data. + @param Data A pointer to the session data. + @param DataSize Size of the session data. + + @retval EFI_SUCCESS The SPDM session data is set successfully. + @retval EFI_INVALID_PARAMETER The Data is NULL or the DataType is zero. + @retval EFI_UNSUPPORTED The DataType is unsupported. + @retval EFI_ACCESS_DENIED The DataType cannot be set. + @retval EFI_NOT_READY Current session is not started. +**/ +EFI_STATUS +EFIAPI +SpdmTestProtocolSetData ( + IN SPDM_TEST_PROTOCOL *This, + IN SPDM_DATA_TYPE DataType, + IN SPDM_DATA_PARAMETER *Parameter, + IN VOID *Data, + IN UINTN DataSize + ) +{ + VOID *SpdmContext; + SPDM_TEST_DEVICE_CONTEXT *SpdmTestContext; + SPDM_RETURN SpdmReturn; + + SpdmTestContext = SPDM_TEST_DEVICE_CONTEXT_FROM_SPDM_TEST_PROTOCOL (This); + SpdmContext = SpdmTestContext->SpdmContext; + + SpdmReturn = SpdmSetData (SpdmContext, DataType, Parameter, Data, DataSize); + if (LIBSPDM_STATUS_IS_SUCCESS (SpdmReturn)) { + return EFI_SUCCESS; + } else { + return EFI_DEVICE_ERROR; + } +} + +/** + Get a SPDM Session Data. + + @param This Indicates a pointer to the calling context. + @param DataType Type of the session data. + @param Data A pointer to the session data. + @param DataSize Size of the session data. On input, it means the size of Data + buffer. On output, it means the size of copied Data buffer if + EFI_SUCCESS, and means the size of desired Data buffer if + EFI_BUFFER_TOO_SMALL. + + @retval EFI_SUCCESS The SPDM session data is set successfully. + @retval EFI_INVALID_PARAMETER The DataSize is NULL or the Data is NULL and *DataSize is not zero. + @retval EFI_UNSUPPORTED The DataType is unsupported. + @retval EFI_NOT_FOUND The DataType cannot be found. + @retval EFI_NOT_READY The DataType is not ready to return. + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data. +**/ +EFI_STATUS +EFIAPI +SpdmTestProtocolGetData ( + IN SPDM_TEST_PROTOCOL *This, + IN SPDM_DATA_TYPE DataType, + IN SPDM_DATA_PARAMETER *Parameter, + IN OUT VOID *Data, + IN OUT UINTN *DataSize + ) +{ + VOID *SpdmContext; + SPDM_TEST_DEVICE_CONTEXT *SpdmTestContext; + SPDM_RETURN SpdmReturn; + + SpdmTestContext = SPDM_TEST_DEVICE_CONTEXT_FROM_SPDM_TEST_PROTOCOL (This); + SpdmContext = SpdmTestContext->SpdmContext; + + SpdmReturn = SpdmGetData (SpdmContext, DataType, Parameter, Data, DataSize); + if (LIBSPDM_STATUS_IS_SUCCESS (SpdmReturn)) { + return EFI_SUCCESS; + } else { + return EFI_DEVICE_ERROR; + } +} + +/** + Register a callback function to process a packet in the current SPDM session. + + @param This Indicates a pointer to the calling context. + @param Callback Process packet callback function. + + @retval EFI_SUCCESS The SPDM callback is registered successfully. +**/ +EFI_STATUS +EFIAPI +SpdmTestProtocolRegisterProcessPacketCallback ( + IN SPDM_TEST_PROTOCOL *This, + IN SPDM_TEST_PROCESS_PACKET_CALLBACK Callback + ) +{ + SPDM_TEST_DEVICE_CONTEXT *SpdmTestContext; + + SpdmTestContext = SPDM_TEST_DEVICE_CONTEXT_FROM_SPDM_TEST_PROTOCOL (This); + SpdmTestContext->ProcessPacketCallback = Callback; + return EFI_SUCCESS; +} + +VOID +InitializeSpdmTest ( + IN OUT SPDM_TEST_DEVICE_CONTEXT *SpdmTestDeviceContext + ) +{ + EFI_STATUS Status; + + SpdmTestDeviceContext->SpdmTestProtocol.SetData = SpdmTestProtocolSetData; + SpdmTestDeviceContext->SpdmTestProtocol.GetData = SpdmTestProtocolGetData; + SpdmTestDeviceContext->SpdmTestProtocol.RegisterProcessPacketCallback = SpdmTestProtocolRegisterProcessPacketCallback; + Status = gBS->InstallProtocolInterface ( + &SpdmTestDeviceContext->SpdmHandle, + &gSpdmTestProtocolGuid, + EFI_NATIVE_INTERFACE, + &SpdmTestDeviceContext->SpdmTestProtocol + ); + if (EFI_ERROR (Status)) { + return; + } + + SpdmRegisterGetResponseFunc (SpdmTestDeviceContext->SpdmContext, SpdmGetResponseVendorDefinedRequest); +} diff --git a/DeviceSecurityTestPkg/Test/PciIoStub/PciIoStub.c b/DeviceSecurityTestPkg/Test/PciIoStub/PciIoStub.c new file mode 100644 index 00000000000..7b6ae0d4fd0 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/PciIoStub/PciIoStub.c @@ -0,0 +1,706 @@ +/** @file + EDKII PciIo Stub + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include + +#define gPciRootBridge(Segment) \ + { \ + { \ + ACPI_DEVICE_PATH, \ + ACPI_DP, \ + { \ + (UINT8) (sizeof (ACPI_HID_DEVICE_PATH)), \ + (UINT8) ((sizeof (ACPI_HID_DEVICE_PATH)) >> 8) \ + }, \ + }, \ + EISA_PNP_ID (0x0A03), \ + (Segment) \ + } + +#define gPci(Device, Function) \ + { \ + { \ + HARDWARE_DEVICE_PATH, \ + HW_PCI_DP, \ + { \ + (UINT8) (sizeof (PCI_DEVICE_PATH)), \ + (UINT8) ((sizeof (PCI_DEVICE_PATH)) >> 8) \ + } \ + }, \ + (Function), \ + (Device) \ + } + +#define gEndEntire \ + { \ + END_DEVICE_PATH_TYPE, END_ENTIRE_DEVICE_PATH_SUBTYPE, { END_DEVICE_PATH_LENGTH, 0 } \ + } + +typedef struct { + ACPI_HID_DEVICE_PATH PciRootBridge; + PCI_DEVICE_PATH PciDevice; + EFI_DEVICE_PATH End; +} TEST_PCI_DEVICE_PATH; + +TEST_PCI_DEVICE_PATH mTestPciDevicePath = { gPciRootBridge (0), gPci (0, 0), gEndEntire }; + +UINT8 *mPciDeviceBuffer; + +EFI_STATUS +EFIAPI +PciIoStubPollMem ( + IN EFI_PCI_IO_PROTOCOL *This, + IN EFI_PCI_IO_PROTOCOL_WIDTH Width, + IN UINT8 BarIndex, + IN UINT64 Offset, + IN UINT64 Mask, + IN UINT64 Value, + IN UINT64 Delay, + OUT UINT64 *Result + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubPollIo ( + IN EFI_PCI_IO_PROTOCOL *This, + IN EFI_PCI_IO_PROTOCOL_WIDTH Width, + IN UINT8 BarIndex, + IN UINT64 Offset, + IN UINT64 Mask, + IN UINT64 Value, + IN UINT64 Delay, + OUT UINT64 *Result + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubMemRead ( + IN EFI_PCI_IO_PROTOCOL *This, + IN EFI_PCI_IO_PROTOCOL_WIDTH Width, + IN UINT8 BarIndex, + IN UINT64 Offset, + IN UINTN Count, + IN OUT VOID *Buffer + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubMemWrite ( + IN EFI_PCI_IO_PROTOCOL *This, + IN EFI_PCI_IO_PROTOCOL_WIDTH Width, + IN UINT8 BarIndex, + IN UINT64 Offset, + IN UINTN Count, + IN OUT VOID *Buffer + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubIoRead ( + IN EFI_PCI_IO_PROTOCOL *This, + IN EFI_PCI_IO_PROTOCOL_WIDTH Width, + IN UINT8 BarIndex, + IN UINT64 Offset, + IN UINTN Count, + IN OUT VOID *Buffer + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubIoWrite ( + IN EFI_PCI_IO_PROTOCOL *This, + IN EFI_PCI_IO_PROTOCOL_WIDTH Width, + IN UINT8 BarIndex, + IN UINT64 Offset, + IN UINTN Count, + IN OUT VOID *Buffer + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubConfigRead ( + IN EFI_PCI_IO_PROTOCOL *This, + IN EFI_PCI_IO_PROTOCOL_WIDTH Width, + IN UINT32 Offset, + IN UINTN Count, + IN OUT VOID *Buffer + ) +{ + UINTN Size; + + switch (Width) { + case EfiPciIoWidthUint8: + Size = sizeof (UINT8); + break; + case EfiPciIoWidthUint16: + Size = sizeof (UINT16); + break; + case EfiPciIoWidthUint32: + Size = sizeof (UINT32); + break; + case EfiPciIoWidthUint64: + Size = sizeof (UINT64); + break; + default: + ASSERT (FALSE); + return EFI_UNSUPPORTED; + } + + if (Offset >= 0x1000) { + ASSERT (FALSE); + return EFI_UNSUPPORTED; + } + + if (Count >= (0x1000 - Offset)/Size) { + ASSERT (FALSE); + return EFI_UNSUPPORTED; + } + + CopyMem (Buffer, mPciDeviceBuffer + Offset, Size * Count); + return EFI_SUCCESS; +} + +EFI_STATUS +EFIAPI +PciIoStubConfigWrite ( + IN EFI_PCI_IO_PROTOCOL *This, + IN EFI_PCI_IO_PROTOCOL_WIDTH Width, + IN UINT32 Offset, + IN UINTN Count, + IN OUT VOID *Buffer + ) +{ + UINTN Size; + UINTN Index; + UINTN TotalSize; + + // UINTN FinalOffset; + // UINT8 Data; + + switch (Width) { + case EfiPciIoWidthUint8: + Size = sizeof (UINT8); + break; + case EfiPciIoWidthUint16: + Size = sizeof (UINT16); + break; + case EfiPciIoWidthUint32: + Size = sizeof (UINT32); + break; + case EfiPciIoWidthUint64: + Size = sizeof (UINT64); + break; + default: + ASSERT (FALSE); + return EFI_UNSUPPORTED; + } + + if (Offset >= 0x1000) { + ASSERT (FALSE); + return EFI_UNSUPPORTED; + } + + if (Count >= (0x1000 - Offset)/Size) { + ASSERT (FALSE); + return EFI_UNSUPPORTED; + } + + // + // Write per byte + // + TotalSize = Size * Count; + for (Index = 0; Index < TotalSize; Index++) { + // FinalOffset = Offset + Index; + // Data = *((UINT8 *)Buffer + Index); + // Ignore the write + } + + return EFI_SUCCESS; +} + +EFI_STATUS +EFIAPI +PciIoStubCopyMem ( + IN EFI_PCI_IO_PROTOCOL *This, + IN EFI_PCI_IO_PROTOCOL_WIDTH Width, + IN UINT8 DestBarIndex, + IN UINT64 DestOffset, + IN UINT8 SrcBarIndex, + IN UINT64 SrcOffset, + IN UINTN Count + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubMap ( + IN EFI_PCI_IO_PROTOCOL *This, + IN EFI_PCI_IO_PROTOCOL_OPERATION Operation, + IN VOID *HostAddress, + IN OUT UINTN *NumberOfBytes, + OUT EFI_PHYSICAL_ADDRESS *DeviceAddress, + OUT VOID **Mapping + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubUnmap ( + IN EFI_PCI_IO_PROTOCOL *This, + IN VOID *Mapping + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubAllocateBuffer ( + IN EFI_PCI_IO_PROTOCOL *This, + IN EFI_ALLOCATE_TYPE Type, + IN EFI_MEMORY_TYPE MemoryType, + IN UINTN Pages, + OUT VOID **HostAddress, + IN UINT64 Attributes + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubFreeBuffer ( + IN EFI_PCI_IO_PROTOCOL *This, + IN UINTN Pages, + IN VOID *HostAddress + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubFlush ( + IN EFI_PCI_IO_PROTOCOL *This + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubGetLocation ( + IN EFI_PCI_IO_PROTOCOL *This, + OUT UINTN *Segment, + OUT UINTN *Bus, + OUT UINTN *Device, + OUT UINTN *Function + ) +{ + *Segment = 0; + *Bus = 0; + *Device = 0; + *Function = 0; + return EFI_SUCCESS; +} + +EFI_STATUS +EFIAPI +PciIoStubAttributes ( + IN EFI_PCI_IO_PROTOCOL *This, + IN EFI_PCI_IO_PROTOCOL_ATTRIBUTE_OPERATION Operation, + IN UINT64 Attributes, + OUT UINT64 *Result OPTIONAL + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubGetBarAttributes ( + IN EFI_PCI_IO_PROTOCOL *This, + IN UINT8 BarIndex, + OUT UINT64 *Supports, OPTIONAL + OUT VOID **Resources OPTIONAL + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +EFIAPI +PciIoStubSetBarAttributes ( + IN EFI_PCI_IO_PROTOCOL *This, + IN UINT64 Attributes, + IN UINT8 BarIndex, + IN OUT UINT64 *Offset, + IN OUT UINT64 *Length + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_PCI_IO_PROTOCOL mPciIoStubInterface = { + PciIoStubPollMem, + PciIoStubPollIo, + { + PciIoStubMemRead, + PciIoStubMemWrite + }, + { + PciIoStubIoRead, + PciIoStubIoWrite + }, + { + PciIoStubConfigRead, + PciIoStubConfigWrite + }, + PciIoStubCopyMem, + PciIoStubMap, + PciIoStubUnmap, + PciIoStubAllocateBuffer, + PciIoStubFreeBuffer, + PciIoStubFlush, + PciIoStubGetLocation, + PciIoStubAttributes, + PciIoStubGetBarAttributes, + PciIoStubSetBarAttributes, + 0, + NULL +}; + +UINT8 mPciConfigTemplate[] = { + 0x86, 0x80, 0x60, 0x0b, 0x46, 0x01, 0x10, 0x00, 0x00, 0x02, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00, // 00000000 + 0x04, 0x00, 0x10, 0x93, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000010 + 0x04, 0x00, 0x00, 0x93, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x86, 0x80, 0x00, 0x00, // 00000020 + 0x00, 0x00, 0xff, 0xff, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x01, 0x00, 0x00, // 00000030 + 0x01, 0x50, 0x03, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000040 + 0x11, 0x60, 0x87, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000050 + 0x10, 0xa0, 0x02, 0x00, 0x22, 0x8c, 0x00, 0x10, 0x37, 0x29, 0x09, 0x00, 0x44, 0x8c, 0x45, 0x00, // 00000060 + 0x02, 0x00, 0x43, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000070 + 0x00, 0x00, 0x00, 0x00, 0x1f, 0x08, 0x31, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1e, 0x00, 0x00, 0x00, // 00000080 + 0x04, 0x00, 0x1f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000090 + 0x05, 0xc0, 0x8a, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000000a0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000000b0 + 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000000c0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000000d0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000000e0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000000f0 + 0x01, 0x00, 0x02, 0x15, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x30, 0x20, 0x06, 0x00, // 00000100 + 0x00, 0x20, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0xa0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000110 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000120 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000130 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000140 + 0x02, 0x00, 0x01, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000150 + 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000160 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000170 + 0x04, 0x00, 0x01, 0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000180 + 0x0e, 0x00, 0x01, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000190 + 0x10, 0x00, 0x01, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x20, 0x00, // 000001a0 + 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x60, 0x0b, 0xff, 0xff, 0x00, 0x00, // 000001b0 + 0x01, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000001c0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000001d0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000001e0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000001f0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000200 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000210 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000220 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000230 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000240 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000250 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000260 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000270 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000280 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000290 + 0x19, 0x00, 0x01, 0x2d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x27, 0x00, 0x27, // 000002a0 + 0x00, 0x27, 0x00, 0x27, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000002b0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000002c0 + 0x18, 0x00, 0x01, 0x32, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000002d0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000002e0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000002f0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000300 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000310 + 0x25, 0x00, 0x01, 0x33, 0x01, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000320 + 0x26, 0x00, 0x01, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000330 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000340 + 0xf0, 0xf0, 0xf0, 0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000350 + 0x27, 0x00, 0x01, 0x45, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000360 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000370 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000380 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000390 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000003a0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000003b0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000003c0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000003d0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000003e0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000003f0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000400 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000410 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000420 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000430 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000440 + 0x1b, 0x00, 0x01, 0x46, 0x06, 0x1f, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000450 + 0x23, 0x00, 0x01, 0x70, 0x86, 0x80, 0x01, 0x07, 0x3e, 0x00, 0x01, 0x03, 0x0b, 0x00, 0x03, 0x00, // 00000460 * + 0x92, 0x97, 0xb5, 0x98, 0xbb, 0x23, 0x87, 0x68, 0x74, 0x25, 0x80, 0x75, 0xe5, 0x65, 0xe5, 0xa6, // 00000470 + 0x07, 0x3b, 0x01, 0xbd, 0x62, 0x6f, 0x8d, 0xa7, 0x76, 0x7f, 0x05, 0x24, 0xe5, 0x3d, 0x32, 0xfd, // 00000480 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000490 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000004a0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000004b0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000004c0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000004d0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000004e0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000004f0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000500 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000510 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000520 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000530 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000540 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000550 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000560 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000570 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000580 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000590 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000005a0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000005b0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000005c0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000005d0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000005e0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000005f0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000600 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000610 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000620 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000630 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000640 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000650 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000660 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000670 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000680 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000690 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000006a0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000006b0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000006c0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000006d0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000006e0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000006f0 + 0x1e, 0x00, 0x01, 0x00, 0x1f, 0x00, 0x28, 0x00, 0x00, 0x00, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, // 00000700 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000710 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000720 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000730 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000740 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000750 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000760 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000770 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000780 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000790 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000007a0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000007b0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000007c0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000007d0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000007e0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000007f0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000800 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000810 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000820 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000830 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000840 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000850 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000860 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000870 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000880 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000890 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000008a0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000008b0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000008c0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000008d0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000008e0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000008f0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000900 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000910 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000920 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000930 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000940 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000950 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000960 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000970 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000980 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000990 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000009a0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000009b0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000009c0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000009d0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000009e0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000009f0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a00 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a10 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a20 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a30 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a40 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a50 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a60 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a70 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a80 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a90 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000aa0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ab0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ac0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ad0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ae0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000af0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b00 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b10 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b20 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b30 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b40 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b50 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b60 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b70 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b80 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b90 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ba0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000bb0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000bc0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000bd0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000be0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000bf0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c00 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c10 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c20 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c30 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c40 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c50 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c60 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c70 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c80 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c90 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ca0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000cb0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000cc0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000cd0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ce0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000cf0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d00 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d10 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d20 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d30 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d40 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d50 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d60 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d70 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d80 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d90 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000da0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000db0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000dc0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000dd0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000de0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000df0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e00 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e10 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e20 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e30 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e40 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e50 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e60 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e70 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e80 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e90 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ea0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000eb0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ec0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ed0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ee0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ef0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f00 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f10 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f20 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f30 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f40 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f50 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f60 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f70 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f80 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f90 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000fa0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000fb0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000fc0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000fd0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000fe0 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ff0 +}; + +EFI_HANDLE mPciIoHandle; + +EFI_STATUS +EFIAPI +MainEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + + mPciDeviceBuffer = AllocatePool (0x1000); + ASSERT (mPciDeviceBuffer != NULL); + CopyMem (mPciDeviceBuffer, mPciConfigTemplate, 0x1000); + + Status = gBS->InstallMultipleProtocolInterfaces ( + &mPciIoHandle, + &gEdkiiDeviceIdentifierTypePciGuid, + &mPciIoStubInterface, + &gEfiDevicePathProtocolGuid, + &mTestPciDevicePath, + NULL + ); + + return Status; +} diff --git a/DeviceSecurityTestPkg/Test/PciIoStub/PciIoStub.inf b/DeviceSecurityTestPkg/Test/PciIoStub/PciIoStub.inf new file mode 100644 index 00000000000..456f5533ba9 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/PciIoStub/PciIoStub.inf @@ -0,0 +1,39 @@ +## @file +# EDKII PciIo Stub +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = PciIoStub + FILE_GUID = 458C071F-2229-4BEF-887A-95222470D45D + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = MainEntryPoint + +[Sources] + PciIoStub.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + UefiRuntimeServicesTableLib + UefiBootServicesTableLib + UefiDriverEntryPoint + MemoryAllocationLib + DevicePathLib + BaseMemoryLib + PrintLib + DebugLib + +[Protocols] + gEdkiiDeviceIdentifierTypePciGuid ## PRODUCES + gEfiDevicePathProtocolGuid ## PRODUCES + +[Depex] + TRUE diff --git a/DeviceSecurityTestPkg/Test/SpdmDeviceSecretLibTestStub/SpdmDeviceSecretLibTestStub.c b/DeviceSecurityTestPkg/Test/SpdmDeviceSecretLibTestStub/SpdmDeviceSecretLibTestStub.c new file mode 100644 index 00000000000..e408372fc96 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/SpdmDeviceSecretLibTestStub/SpdmDeviceSecretLibTestStub.c @@ -0,0 +1,975 @@ +/** +@file +UEFI OS based application. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include "hal/base.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "library/spdm_crypt_lib.h" +#include "hal/library/memlib.h" +#include +#include "spdm_crypt_ext_lib.h" + +#define LIBSPDM_MEASUREMENT_BLOCK_HASH_NUMBER 4 +#define LIBSPDM_MEASUREMENT_BLOCK_NUMBER (LIBSPDM_MEASUREMENT_BLOCK_HASH_NUMBER /*Index - 1~4*/ +\ + 1 /*SVN - 0x10*/ + \ + 1 /*Manifest - 0xFD*/ + 1 /*DEVICE_MODE - 0xFE*/ ) +#define LIBSPDM_MEASUREMENT_RAW_DATA_SIZE 72 +#define LIBSPDM_MEASUREMENT_MANIFEST_SIZE 128 +#define LIBSPDM_MEASUREMENT_INDEX_SVN 0x10 + +#define LIBSPDM_TEST_PSK_DATA_STRING "TestPskData" +#define LIBSPDM_TEST_PSK_HINT_STRING "TestPskHint" + +#define LIBSPDM_TEST_CERT_MAXINT16 1 +#define LIBSPDM_TEST_CERT_MAXUINT16 2 +#define LIBSPDM_LIBSPDM_TEST_CERT_MAXUINT16_LARGER 3 +#define LIBSPDM_TEST_CERT_SMALL 4 + +#define MEASUREMENT_BLOCK_NUMBER 5 +#define MEASUREMENT_MANIFEST_SIZE 128 + +#define TEST_PSK_DATA_STRING "TestPskData" +#define TEST_PSK_HINT_STRING "TestPskHint" + +/** + * Fill image hash measurement block. + * + * @return measurement block size. + **/ +UINTN +SpdmFillMeasurementImageHashBlock ( + BOOLEAN use_bit_stream, + UINT32 measurement_hash_algo, + UINT8 measurements_index, + SPDM_MEASUREMENT_BLOCK_DMTF *measurement_block + ) +{ + UINTN hash_size; + UINT8 data[LIBSPDM_MEASUREMENT_RAW_DATA_SIZE]; + BOOLEAN result; + + hash_size = SpdmGetMeasurementHashSize (measurement_hash_algo); + + measurement_block->MeasurementBlockCommonHeader + .Index = measurements_index; + measurement_block->MeasurementBlockCommonHeader + .MeasurementSpecification = + SPDM_MEASUREMENT_SPECIFICATION_DMTF; + + SetMem (data, sizeof (data), (uint8_t)(measurements_index)); + + if (!use_bit_stream) { + measurement_block->MeasurementBlockDmtfHeader + .DMTFSpecMeasurementValueType = + (measurements_index - 1); + measurement_block->MeasurementBlockDmtfHeader + .DMTFSpecMeasurementValueSize = + (uint16_t)hash_size; + + measurement_block->MeasurementBlockCommonHeader + .MeasurementSize = + (uint16_t)(sizeof (SPDM_MEASUREMENT_BLOCK_DMTF_HEADER) + + (uint16_t)hash_size); + + result = SpdmMeasurementHashAll ( + measurement_hash_algo, + data, + sizeof (data), + (void *)(measurement_block + 1) + ); + if (!result) { + return 0; + } + + return sizeof (spdm_measurement_block_dmtf_t) + hash_size; + } else { + measurement_block->MeasurementBlockDmtfHeader + .DMTFSpecMeasurementValueType = + (measurements_index - 1) | + SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_RAW_BIT_STREAM; + measurement_block->MeasurementBlockDmtfHeader + .DMTFSpecMeasurementValueSize = + (uint16_t)sizeof (data); + + measurement_block->MeasurementBlockCommonHeader + .MeasurementSize = + (uint16_t)(sizeof (SPDM_MEASUREMENT_BLOCK_DMTF_HEADER) + + (uint16_t)sizeof (data)); + + CopyMem ((void *)(measurement_block + 1), data, sizeof (data)); + + return sizeof (spdm_measurement_block_dmtf_t) + sizeof (data); + } +} + +/** + * Fill svn measurement block. + * + * @return measurement block size. + **/ +UINTN +SpdmFillMeasurementSvnBlock ( + SPDM_MEASUREMENT_BLOCK_DMTF *measurement_block + ) +{ + spdm_measurements_secure_version_number_t svn; + + measurement_block->MeasurementBlockCommonHeader + .Index = LIBSPDM_MEASUREMENT_INDEX_SVN; + measurement_block->MeasurementBlockCommonHeader + .MeasurementSpecification = + SPDM_MEASUREMENT_SPECIFICATION_DMTF; + + svn = 0x7; + + measurement_block->MeasurementBlockDmtfHeader + .DMTFSpecMeasurementValueType = + SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_SECURE_VERSION_NUMBER | + SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_RAW_BIT_STREAM; + measurement_block->MeasurementBlockDmtfHeader + .DMTFSpecMeasurementValueSize = + (uint16_t)sizeof (svn); + + measurement_block->MeasurementBlockCommonHeader + .MeasurementSize = + (uint16_t)(sizeof (SPDM_MEASUREMENT_BLOCK_DMTF_HEADER) + + (uint16_t)sizeof (svn)); + + CopyMem ((void *)(measurement_block + 1), (void *)&svn, sizeof (svn)); + + return sizeof (spdm_measurement_block_dmtf_t) + sizeof (svn); +} + +/** + * Fill manifest measurement block. + * + * @return measurement block size. + **/ +UINTN +SpdmFillMeasurementManifestBlock ( + SPDM_MEASUREMENT_BLOCK_DMTF *measurement_block + ) +{ + UINT8 data[LIBSPDM_MEASUREMENT_MANIFEST_SIZE]; + + measurement_block->MeasurementBlockCommonHeader + .Index = SPDM_MEASUREMENT_BLOCK_MEASUREMENT_INDEX_MEASUREMENT_MANIFEST; + measurement_block->MeasurementBlockCommonHeader + .MeasurementSpecification = + SPDM_MEASUREMENT_SPECIFICATION_DMTF; + + SetMem ( + data, + sizeof (data), + (uint8_t)SPDM_MEASUREMENT_BLOCK_MEASUREMENT_INDEX_MEASUREMENT_MANIFEST + ); + + measurement_block->MeasurementBlockDmtfHeader + .DMTFSpecMeasurementValueType = + SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_MEASUREMENT_MANIFEST | + SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_RAW_BIT_STREAM; + measurement_block->MeasurementBlockDmtfHeader + .DMTFSpecMeasurementValueSize = + (uint16_t)sizeof (data); + + measurement_block->MeasurementBlockCommonHeader + .MeasurementSize = + (uint16_t)(sizeof (SPDM_MEASUREMENT_BLOCK_DMTF_HEADER) + + (uint16_t)sizeof (data)); + + CopyMem ((void *)(measurement_block + 1), data, sizeof (data)); + + return sizeof (spdm_measurement_block_dmtf_t) + sizeof (data); +} + +/** + * Fill device mode measurement block. + * + * @return measurement block size. + **/ +UINTN +SpdmFillMeasurementDeviceModeBlock ( + SPDM_MEASUREMENT_BLOCK_DMTF *measurement_block + ) +{ + spdm_measurements_device_mode_t device_mode; + + measurement_block->MeasurementBlockCommonHeader + .Index = SPDM_MEASUREMENT_BLOCK_MEASUREMENT_INDEX_DEVICE_MODE; + measurement_block->MeasurementBlockCommonHeader + .MeasurementSpecification = + SPDM_MEASUREMENT_SPECIFICATION_DMTF; + + device_mode.operational_mode_capabilities = + SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_MANUFACTURING_MODE | + SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_VALIDATION_MODE | + SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_NORMAL_MODE | + SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_RECOVERY_MODE | + SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_RMA_MODE | + SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_DECOMMISSIONED_MODE; + device_mode.operational_mode_state = + SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_NORMAL_MODE; + device_mode.device_mode_capabilities = + SPDM_MEASUREMENT_DEVICE_MODE_NON_INVASIVE_DEBUG_MODE_IS_ACTIVE | + SPDM_MEASUREMENT_DEVICE_MODE_INVASIVE_DEBUG_MODE_IS_ACTIVE | + SPDM_MEASUREMENT_DEVICE_MODE_NON_INVASIVE_DEBUG_MODE_HAS_BEEN_ACTIVE | + SPDM_MEASUREMENT_DEVICE_MODE_INVASIVE_DEBUG_MODE_HAS_BEEN_ACTIVE | + SPDM_MEASUREMENT_DEVICE_MODE_INVASIVE_DEBUG_MODE_HAS_BEEN_ACTIVE_AFTER_MFG; + device_mode.device_mode_state = + SPDM_MEASUREMENT_DEVICE_MODE_NON_INVASIVE_DEBUG_MODE_IS_ACTIVE | + SPDM_MEASUREMENT_DEVICE_MODE_INVASIVE_DEBUG_MODE_HAS_BEEN_ACTIVE_AFTER_MFG; + + measurement_block->MeasurementBlockDmtfHeader + .DMTFSpecMeasurementValueType = + SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_DEVICE_MODE | + SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_RAW_BIT_STREAM; + measurement_block->MeasurementBlockDmtfHeader + .DMTFSpecMeasurementValueSize = + (uint16_t)sizeof (device_mode); + + measurement_block->MeasurementBlockCommonHeader + .MeasurementSize = + (uint16_t)(sizeof (SPDM_MEASUREMENT_BLOCK_DMTF_HEADER) + + (uint16_t)sizeof (device_mode)); + + CopyMem ( + (void *)(measurement_block + 1), + (void *)&device_mode, + sizeof (device_mode) + ); + + return sizeof (spdm_measurement_block_dmtf_t) + sizeof (device_mode); +} + +/** + Collect the device measurement. + + @param MeasurementSpecification Indicates the measurement specification. + It must align with MeasurementSpecification (SPDM_MEASUREMENT_BLOCK_HEADER_SPECIFICATION_*) + @param MeasurementHashAlgo Indicates the measurement hash algorithm. + It must align with MeasurementHashAlgo (SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_*) + @param DeviceMeasurementCount The count of the device measurement block. + @param DeviceMeasurement A pointer to a destination buffer to store the concatenation of all device measurement blocks. + @param DeviceMeasurementSize On input, indicates the size in bytes of the destination buffer. + On output, indicates the size in bytes of all device measurement blocks in the buffer. + + @retval TRUE the device measurement collection success and measurement is returned. + @retval FALSE the device measurement collection fail. +**/ +SPDM_RETURN +SpdmMeasurementCollectionFunc ( + SPDM_VERSION_NUMBER spdm_version, + UINT8 measurement_specification, + UINT32 measurement_hash_algo, + UINT8 measurements_index, + UINT8 request_attribute, + UINT8 *content_changed, + UINT8 *measurements_count, + VOID *measurements, + UINTN *measurements_size + ) +{ + SPDM_MEASUREMENT_BLOCK_DMTF *measurement_block; + UINTN hash_size; + UINT8 index; + UINTN total_size_needed; + BOOLEAN use_bit_stream; + UINTN measurement_block_size; + EFI_STATUS Status; + UINT8 TestConfig; + UINTN TestConfigSize; + + TestConfigSize = sizeof (UINT8); + Status = gRT->GetVariable ( + L"SpdmTestConfig", + &gEfiDeviceSecurityPkgTestConfig, + NULL, + &TestConfigSize, + &TestConfig + ); + if (EFI_ERROR (Status)) { + return LIBSPDM_STATUS_INVALID_PARAMETER; + } + + ASSERT ( + measurement_specification == + SPDM_MEASUREMENT_SPECIFICATION_DMTF + ); + + if (measurement_specification != + SPDM_MEASUREMENT_SPECIFICATION_DMTF) + { + return LIBSPDM_STATUS_UNSUPPORTED_CAP; + } + + hash_size = SpdmGetMeasurementHashSize (measurement_hash_algo); + ASSERT (hash_size != 0); + + use_bit_stream = false; + if ((measurement_hash_algo == SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_RAW_BIT_STREAM_ONLY) || + ((request_attribute & SPDM_GET_MEASUREMENTS_REQUEST_ATTRIBUTES_RAW_BIT_STREAM_REQUESTED) != + 0)) + { + use_bit_stream = true; + } + + if (measurements_index == + SPDM_GET_MEASUREMENTS_REQUEST_MEASUREMENT_OPERATION_TOTAL_NUMBER_OF_MEASUREMENTS) + { + *measurements_count = LIBSPDM_MEASUREMENT_BLOCK_NUMBER; + return RETURN_SUCCESS; + } else if (measurements_index == + SPDM_GET_MEASUREMENTS_REQUEST_MEASUREMENT_OPERATION_ALL_MEASUREMENTS) + { + /* Calculate total_size_needed based on hash algo selected. + * If we have an hash algo, then the first HASH_NUMBER elements will be + * hash values, otherwise HASH_NUMBER raw bitstream values.*/ + if (!use_bit_stream) { + total_size_needed = + LIBSPDM_MEASUREMENT_BLOCK_HASH_NUMBER * + (sizeof (spdm_measurement_block_dmtf_t) + hash_size); + } else { + total_size_needed = + LIBSPDM_MEASUREMENT_BLOCK_HASH_NUMBER * + (sizeof (spdm_measurement_block_dmtf_t) + LIBSPDM_MEASUREMENT_RAW_DATA_SIZE); + } + + /* Next one - SVN is always raw bitstream data.*/ + total_size_needed += + (sizeof (spdm_measurement_block_dmtf_t) + + sizeof (spdm_measurements_secure_version_number_t)); + /* Next one - manifest is always raw bitstream data.*/ + total_size_needed += + (sizeof (spdm_measurement_block_dmtf_t) + LIBSPDM_MEASUREMENT_MANIFEST_SIZE); + /* Next one - device_mode is always raw bitstream data.*/ + total_size_needed += + (sizeof (spdm_measurement_block_dmtf_t) + sizeof (spdm_measurements_device_mode_t)); + + ASSERT (total_size_needed <= *measurements_size); + if (total_size_needed > *measurements_size) { + return LIBSPDM_STATUS_BUFFER_TOO_SMALL; + } + + *measurements_size = total_size_needed; + *measurements_count = LIBSPDM_MEASUREMENT_BLOCK_NUMBER; + measurement_block = measurements; + + /* The first HASH_NUMBER blocks may be hash values or raw bitstream*/ + for (index = 1; index <= LIBSPDM_MEASUREMENT_BLOCK_HASH_NUMBER; index++) { + measurement_block_size = SpdmFillMeasurementImageHashBlock ( + use_bit_stream, + measurement_hash_algo, + index, + measurement_block + ); + if (measurement_block_size == 0) { + return LIBSPDM_STATUS_MEAS_INTERNAL_ERROR; + } + + measurement_block = (void *)((uint8_t *)measurement_block + measurement_block_size); + } + + /* Next one - SVN is always raw bitstream data.*/ + { + measurement_block_size = SpdmFillMeasurementSvnBlock (measurement_block); + measurement_block = (void *)((uint8_t *)measurement_block + measurement_block_size); + } + /* Next one - manifest is always raw bitstream data.*/ + { + measurement_block_size = SpdmFillMeasurementManifestBlock (measurement_block); + measurement_block = (void *)((uint8_t *)measurement_block + measurement_block_size); + } + /* Next one - device_mode is always raw bitstream data.*/ + { + measurement_block_size = SpdmFillMeasurementDeviceModeBlock (measurement_block); + measurement_block = (void *)((uint8_t *)measurement_block + measurement_block_size); + } + + return LIBSPDM_STATUS_SUCCESS; + } else { + /* One Index */ + if (measurements_index <= LIBSPDM_MEASUREMENT_BLOCK_HASH_NUMBER) { + if (!use_bit_stream) { + total_size_needed = + sizeof (spdm_measurement_block_dmtf_t) + + hash_size; + } else { + total_size_needed = + sizeof (spdm_measurement_block_dmtf_t) + + LIBSPDM_MEASUREMENT_RAW_DATA_SIZE; + } + + ASSERT (total_size_needed <= *measurements_size); + if (total_size_needed > *measurements_size) { + return LIBSPDM_STATUS_BUFFER_TOO_SMALL; + } + + *measurements_count = 1; + *measurements_size = total_size_needed; + + measurement_block = measurements; + measurement_block_size = SpdmFillMeasurementImageHashBlock ( + use_bit_stream, + measurement_hash_algo, + measurements_index, + measurement_block + ); + if (measurement_block_size == 0) { + return LIBSPDM_STATUS_MEAS_INTERNAL_ERROR; + } + } else if (measurements_index == LIBSPDM_MEASUREMENT_INDEX_SVN) { + total_size_needed = + sizeof (spdm_measurement_block_dmtf_t) + + sizeof (spdm_measurements_secure_version_number_t); + ASSERT (total_size_needed <= *measurements_size); + if (total_size_needed > *measurements_size) { + return LIBSPDM_STATUS_BUFFER_TOO_SMALL; + } + + *measurements_count = 1; + *measurements_size = total_size_needed; + + measurement_block = measurements; + measurement_block_size = SpdmFillMeasurementSvnBlock (measurement_block); + if (measurement_block_size == 0) { + return LIBSPDM_STATUS_MEAS_INTERNAL_ERROR; + } + } else if (measurements_index == + SPDM_MEASUREMENT_BLOCK_MEASUREMENT_INDEX_MEASUREMENT_MANIFEST) + { + total_size_needed = + sizeof (spdm_measurement_block_dmtf_t) + + LIBSPDM_MEASUREMENT_MANIFEST_SIZE; + ASSERT (total_size_needed <= *measurements_size); + if (total_size_needed > *measurements_size) { + return LIBSPDM_STATUS_BUFFER_TOO_SMALL; + } + + *measurements_count = 1; + *measurements_size = total_size_needed; + + measurement_block = measurements; + measurement_block_size = SpdmFillMeasurementManifestBlock (measurement_block); + if (measurement_block_size == 0) { + return LIBSPDM_STATUS_MEAS_INTERNAL_ERROR; + } + } else if (measurements_index == SPDM_MEASUREMENT_BLOCK_MEASUREMENT_INDEX_DEVICE_MODE) { + total_size_needed = + sizeof (spdm_measurement_block_dmtf_t) + + sizeof (spdm_measurements_device_mode_t); + ASSERT (total_size_needed <= *measurements_size); + if (total_size_needed > *measurements_size) { + return LIBSPDM_STATUS_BUFFER_TOO_SMALL; + } + + *measurements_count = 1; + *measurements_size = total_size_needed; + + measurement_block = measurements; + measurement_block_size = SpdmFillMeasurementDeviceModeBlock (measurement_block); + if (measurement_block_size == 0) { + return LIBSPDM_STATUS_MEAS_INTERNAL_ERROR; + } + } else { + *measurements_count = 0; + return LIBSPDM_STATUS_MEAS_INVALID_INDEX; + } + } + + if ((content_changed != NULL) && + ((spdm_version >> SPDM_VERSION_NUMBER_SHIFT_BIT) >= SPDM_MESSAGE_VERSION_12)) + { + /* return content change*/ + if ((request_attribute & SPDM_GET_MEASUREMENTS_REQUEST_ATTRIBUTES_GENERATE_SIGNATURE) != + 0) + { + if (TestConfig == TEST_CONFIG_MEASUREMENT_CONTENT_MODIFIED) { + *content_changed = SPDM_MEASUREMENTS_RESPONSE_CONTENT_CHANGE_DETECTED; + } else { + *content_changed = SPDM_MEASUREMENTS_RESPONSE_CONTENT_NO_CHANGE_DETECTED; + } + } else { + *content_changed = SPDM_MEASUREMENTS_RESPONSE_CONTENT_CHANGE_NO_DETECTION; + } + } + + return LIBSPDM_STATUS_SUCCESS; +} + +BOOLEAN +SpdmGenerateMeasurementSummaryHash ( + IN SPDM_VERSION_NUMBER SpdmVersion, + IN UINT32 base_hash_algo, + IN UINT8 measurement_specification, + IN UINT32 measurement_hash_algo, + IN UINT8 measurement_summary_hash_type, + OUT UINT8 *measurement_summary_hash, + IN OUT UINTN *measurement_summary_hash_size + ) +{ + UINT8 measurement_data[LIBSPDM_MAX_MEASUREMENT_RECORD_SIZE]; + UINTN index; + SPDM_MEASUREMENT_BLOCK_DMTF *cached_measurment_block; + UINTN measurment_data_size; + UINTN measurment_block_size; + UINT8 device_measurement[LIBSPDM_MAX_MEASUREMENT_RECORD_SIZE]; + UINT8 device_measurement_count; + UINTN device_measurement_size; + RETURN_STATUS status; + BOOLEAN result; + + switch (measurement_summary_hash_type) { + case SPDM_CHALLENGE_REQUEST_NO_MEASUREMENT_SUMMARY_HASH: + break; + + case SPDM_CHALLENGE_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH: + case SPDM_CHALLENGE_REQUEST_ALL_MEASUREMENTS_HASH: + if (*measurement_summary_hash_size != SpdmGetHashSize (base_hash_algo)) { + return false; + } + + /* get all measurement data*/ + device_measurement_size = sizeof (device_measurement); + status = SpdmMeasurementCollectionFunc ( + SpdmVersion, + measurement_specification, + measurement_hash_algo, + 0xFF, /* Get all measurements*/ + 0, + NULL, + &device_measurement_count, + device_measurement, + &device_measurement_size + ); + if (LIBSPDM_STATUS_IS_ERROR (status)) { + return false; + } + + /* double confirm that MeasurmentData internal size is correct*/ + measurment_data_size = 0; + cached_measurment_block = (void *)device_measurement; + for (index = 0; index < device_measurement_count; index++) { + measurment_block_size = + sizeof (SPDM_MEASUREMENT_BLOCK_COMMON_HEADER) + + cached_measurment_block + ->MeasurementBlockCommonHeader + .MeasurementSize; + ASSERT ( + cached_measurment_block + ->MeasurementBlockCommonHeader + .MeasurementSize == + sizeof (SPDM_MEASUREMENT_BLOCK_DMTF_HEADER) + + cached_measurment_block + ->MeasurementBlockDmtfHeader + .DMTFSpecMeasurementValueSize + ); + measurment_data_size += + cached_measurment_block + ->MeasurementBlockCommonHeader + .MeasurementSize; + cached_measurment_block = + (void *)((UINTN)cached_measurment_block + + measurment_block_size); + } + + ASSERT ( + measurment_data_size <= + LIBSPDM_MAX_MEASUREMENT_RECORD_SIZE + ); + + /* get required data and hash them*/ + cached_measurment_block = (void *)device_measurement; + measurment_data_size = 0; + for (index = 0; index < device_measurement_count; index++) { + measurment_block_size = + sizeof (SPDM_MEASUREMENT_BLOCK_COMMON_HEADER) + + cached_measurment_block + ->MeasurementBlockCommonHeader + .MeasurementSize; + /* filter unneeded data*/ + if (((measurement_summary_hash_type == + SPDM_CHALLENGE_REQUEST_ALL_MEASUREMENTS_HASH) && + ((cached_measurment_block + ->MeasurementBlockDmtfHeader + .DMTFSpecMeasurementValueType & + SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_MASK) < + SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_MEASUREMENT_MANIFEST)) || + ((cached_measurment_block + ->MeasurementBlockDmtfHeader + .DMTFSpecMeasurementValueType & + SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_MASK) == + SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_IMMUTABLE_ROM)) + { + libspdm_copy_mem ( + &measurement_data[measurment_data_size], + sizeof (measurement_data) + - (&measurement_data[measurment_data_size] - measurement_data), + &cached_measurment_block->MeasurementBlockDmtfHeader, + cached_measurment_block->MeasurementBlockCommonHeader + .MeasurementSize + ); + + measurment_data_size += + cached_measurment_block + ->MeasurementBlockCommonHeader + .MeasurementSize; + } + + cached_measurment_block = + (void *)((UINTN)cached_measurment_block + + measurment_block_size); + } + + result = SpdmHashAll ( + base_hash_algo, + measurement_data, + measurment_data_size, + measurement_summary_hash + ); + if (!result) { + return false; + } + + break; + default: + return false; + break; + } + + return true; +} + +size_t libspdm_secret_lib_meas_opaque_data_size; + +BOOLEAN +SpdmMeasurementOpaqueData( + uint16_t spdm_version, + uint8_t measurement_specification, + uint32_t measurement_hash_algo, + uint8_t measurement_index, + uint8_t request_attribute, + void *opaque_data, + size_t *opaque_data_size) +{ + size_t index; + + ASSERT(libspdm_secret_lib_meas_opaque_data_size <= *opaque_data_size); + + *opaque_data_size = libspdm_secret_lib_meas_opaque_data_size; + + for (index = 0; index < *opaque_data_size; index++) + { + ((uint8_t *)opaque_data)[index] = (uint8_t)index; + } + + return true; +} + + +size_t libspdm_secret_lib_challenge_opaque_data_size; + +bool SpdmChallengeOpaqueData( + spdm_version_number_t spdm_version, + uint8_t slot_id, + uint8_t *measurement_summary_hash, + size_t measurement_summary_hash_size, + void *opaque_data, + size_t *opaque_data_size) +{ + size_t index; + + ASSERT(libspdm_secret_lib_challenge_opaque_data_size <= *opaque_data_size); + + *opaque_data_size = libspdm_secret_lib_challenge_opaque_data_size; + + for (index = 0; index < *opaque_data_size; index++) + { + ((uint8_t *)opaque_data)[index] = (uint8_t)index; + } + + return true; +} + + + +/** + Sign an SPDM message data. + + @param ReqBaseAsymAlg Indicates the signing algorithm. + @param BaseHashAlgo Indicates the hash algorithm. + @param MessageHash A pointer to a message hash to be signed. + @param HashSize The size in bytes of the message hash to be signed. + @param Signature A pointer to a destination buffer to store the signature. + @param SigSize On input, indicates the size in bytes of the destination buffer to store the signature. + On output, indicates the size in bytes of the signature in the buffer. + + @retval TRUE signing success. + @retval FALSE signing fail. +**/ +BOOLEAN +SpdmRequesterDataSignFunc ( + IN SPDM_VERSION_NUMBER SpdmVersion, + IN UINT8 OpCode, + IN UINT16 ReqBaseAsymAlg, + IN UINT32 BaseHashAlgo, + IN BOOLEAN IsDataHash, + IN CONST UINT8 *MessageHash, + IN UINTN HashSize, + OUT UINT8 *Signature, + IN OUT UINTN *SigSize + ) +{ + return FALSE; +} + +/** + Sign an SPDM message data. + + @param BaseAsymAlgo Indicates the signing algorithm. + @param BaseHashAlgo Indicates the hash algorithm. + @param MessageHash A pointer to a message hash to be signed. + @param HashSize The size in bytes of the message hash to be signed. + @param Signature A pointer to a destination buffer to store the signature. + @param SigSize On input, indicates the size in bytes of the destination buffer to store the signature. + On output, indicates the size in bytes of the signature in the buffer. + + @retval TRUE signing success. + @retval FALSE signing fail. +**/ +BOOLEAN +SpdmResponderDataSignFunc ( + IN SPDM_VERSION_NUMBER SpdmVersion, + IN UINT8 OpCode, + IN UINT32 BaseAsymAlgo, + IN UINT32 BaseHashAlgo, + IN BOOLEAN IsDataHash, + IN CONST UINT8 *MessageHash, + IN UINTN HashSize, + OUT UINT8 *Signature, + IN OUT UINTN *SigSize + ) +{ + EFI_STATUS Status; + VOID *Context; + VOID *PrivatePem; + UINTN PrivatePemSize; + BOOLEAN Result; + UINT8 TestConfig; + UINTN TestConfigSize; + + Status = GetVariable2 ( + L"PrivDevKey", + &gEfiDeviceSignatureDatabaseGuid, + &PrivatePem, + &PrivatePemSize + ); + if (EFI_ERROR (Status)) { + return FALSE; + } + + TestConfigSize = sizeof (UINT8); + Status = gRT->GetVariable ( + L"SpdmTestConfig", + &gEfiDeviceSecurityPkgTestConfig, + NULL, + &TestConfigSize, + &TestConfig + ); + if (EFI_ERROR (Status)) { + return FALSE; + } + + Result = SpdmAsymGetPrivateKeyFromPem (BaseAsymAlgo, PrivatePem, PrivatePemSize, NULL, &Context); + if (!Result) { + return FALSE; + } + + if (IsDataHash) { + Result = SpdmAsymSignHash ( + SpdmVersion, + OpCode, + BaseAsymAlgo, + BaseHashAlgo, + Context, + MessageHash, + HashSize, + Signature, + SigSize + ); + } else { + Result = SpdmAsymSign ( + SpdmVersion, + OpCode, + BaseAsymAlgo, + BaseHashAlgo, + Context, + MessageHash, + HashSize, + Signature, + SigSize + ); + } + + if ( ( (OpCode == SPDM_CHALLENGE_AUTH) + && (TestConfig == TEST_CONFIG_INVALID_CHALLENGE_AUTH_SIGNATURE)) + || ( (OpCode == SPDM_MEASUREMENTS) + && (TestConfig == TEST_CONFIG_INVALID_MEASUREMENT_SIGNATURE))) + { + *Signature = 0; + } + + SpdmAsymFree (BaseAsymAlgo, Context); + FreePool (PrivatePem); + + return Result; +} + +UINT8 mMyZeroFilledBuffer[64]; +UINT8 gBinStr0[0x12] = { + 0x00, 0x00, // Length - To be filled + 0x73, 0x70, 0x64, 0x6d, 0x31, 0x2e, 0x31, 0x00, // Version: 'spdm1.1/0' + 0x64, 0x65, 0x72, 0x69, 0x76, 0x65, 0x64, 0x00, // label: 'derived/0' +}; + +/** + Derive HMAC-based Expand Key Derivation Function (HKDF) Expand, based upon the negotiated HKDF algorithm. + + @param BaseHashAlgo Indicates the hash algorithm. + @param PskHint Pointer to the user-supplied PSK Hint. + @param PskHintSize PSK Hint size in bytes. + @param Info Pointer to the application specific info. + @param InfoSize Info size in bytes. + @param Out Pointer to buffer to receive hkdf value. + @param OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. +**/ +BOOLEAN +SpdmPskHandshakeSecretHkdfExpandFunc ( + IN SPDM_VERSION_NUMBER SpdmVersion, + IN UINT32 BaseHashAlgo, + IN CONST UINT8 *PskHint, OPTIONAL + IN UINTN PskHintSize, OPTIONAL + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + VOID *Psk; + UINTN PskSize; + UINTN HashSize; + BOOLEAN Result; + UINT8 HandshakeSecret[64]; + + Psk = TEST_PSK_DATA_STRING; + PskSize = sizeof (TEST_PSK_DATA_STRING); + + HashSize = SpdmGetHashSize (BaseHashAlgo); + + Result = SpdmHmacAll (BaseHashAlgo, mMyZeroFilledBuffer, HashSize, Psk, PskSize, HandshakeSecret); + if (!Result) { + return Result; + } + + Result = SpdmHkdfExpand (BaseHashAlgo, HandshakeSecret, HashSize, Info, InfoSize, Out, OutSize); + ZeroMem (HandshakeSecret, HashSize); + + return Result; +} + +/** + Derive HMAC-based Expand Key Derivation Function (HKDF) Expand, based upon the negotiated HKDF algorithm. + + @param BaseHashAlgo Indicates the hash algorithm. + @param PskHint Pointer to the user-supplied PSK Hint. + @param PskHintSize PSK Hint size in bytes. + @param Info Pointer to the application specific info. + @param InfoSize Info size in bytes. + @param Out Pointer to buffer to receive hkdf value. + @param OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. +**/ +BOOLEAN +SpdmPskMasterSecretHkdfExpandFunc ( + IN SPDM_VERSION_NUMBER SpdmVersion, + IN UINT32 BaseHashAlgo, + IN CONST UINT8 *PskHint, OPTIONAL + IN UINTN PskHintSize, OPTIONAL + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + VOID *Psk; + UINTN PskSize; + UINTN HashSize; + BOOLEAN Result; + UINT8 HandshakeSecret[64]; + UINT8 Salt1[64]; + UINT8 MasterSecret[64]; + + Psk = TEST_PSK_DATA_STRING; + PskSize = sizeof (TEST_PSK_DATA_STRING); + + HashSize = SpdmGetHashSize (BaseHashAlgo); + + Result = SpdmHmacAll (BaseHashAlgo, mMyZeroFilledBuffer, HashSize, Psk, PskSize, HandshakeSecret); + if (!Result) { + return Result; + } + + *(UINT16 *)gBinStr0 = (UINT16)HashSize; + Result = SpdmHkdfExpand (BaseHashAlgo, HandshakeSecret, HashSize, gBinStr0, sizeof (gBinStr0), Salt1, HashSize); + ZeroMem (HandshakeSecret, HashSize); + if (!Result) { + return Result; + } + + Result = SpdmHmacAll (BaseHashAlgo, Salt1, HashSize, mMyZeroFilledBuffer, HashSize, MasterSecret); + ZeroMem (Salt1, HashSize); + if (!Result) { + return Result; + } + + Result = SpdmHkdfExpand (BaseHashAlgo, MasterSecret, HashSize, Info, InfoSize, Out, OutSize); + ZeroMem (MasterSecret, HashSize); + + return Result; +} + +BOOLEAN +EFIAPI +SpdmGenCsrFun ( + UINT32 BaseHashAlgo, + UINT32 BaseAsymAlgo, + BOOLEAN *NeedReset, + UINT8 *RequesterInfo, + UINTN RequesterInfoLength, + UINTN *CsrLen, + UINT8 **CsrPointer + ) +{ + return FALSE; +} diff --git a/DeviceSecurityTestPkg/Test/SpdmDeviceSecretLibTestStub/SpdmDeviceSecretLibTestStub.inf b/DeviceSecurityTestPkg/Test/SpdmDeviceSecretLibTestStub/SpdmDeviceSecretLibTestStub.inf new file mode 100644 index 00000000000..f2564df3d23 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/SpdmDeviceSecretLibTestStub/SpdmDeviceSecretLibTestStub.inf @@ -0,0 +1,44 @@ +## @file +# SPDM library. +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SpdmDeviceSecretLibTestStub + FILE_GUID = FFEAEED6-BC03-46EC-AF9D-874FD56A3B1A + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = SpdmDeviceSecretLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 AARCH64 +# + +[Sources] + SpdmDeviceSecretLibTestStub.c + spdm_crypt_ext.c + spdm_crypt_ext_lib.h + cryptlib_ext.h + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + DeviceSecurityTestPkg/DeviceSecurityTestPkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + SpdmCryptLib + +[Guids] + gEfiDeviceSecurityPkgTestConfig ## CONSUMES diff --git a/DeviceSecurityTestPkg/Test/SpdmDeviceSecretLibTestStub/cryptlib_ext.h b/DeviceSecurityTestPkg/Test/SpdmDeviceSecretLibTestStub/cryptlib_ext.h new file mode 100644 index 00000000000..5a6555415d5 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/SpdmDeviceSecretLibTestStub/cryptlib_ext.h @@ -0,0 +1,668 @@ +/** + * Copyright Notice: + * Copyright 2021-2022 DMTF. All rights reserved. + * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md + **/ + +#ifndef CRYPTLIB_EXT_H +#define CRYPTLIB_EXT_H + +#include "hal/base.h" + +/** + * Retrieve the common name (CN) string from one X.509 certificate. + * + * @param[in] cert Pointer to the DER-encoded X509 certificate. + * @param[in] cert_size Size of the X509 certificate in bytes. + * @param[out] common_name Buffer to contain the retrieved certificate common + * name string (UTF8). At most common_name_size bytes will be + * written and the string will be null terminated. May be + * NULL in order to determine the size buffer needed. + * @param[in,out] common_name_size The size in bytes of the common_name buffer on input, + * and the size of buffer returned common_name on output. + * If common_name is NULL then the amount of space needed + * in buffer (including the final null) is returned. + * + * @retval true + * @retval false + **/ +extern bool libspdm_x509_get_common_name(const uint8_t *cert, size_t cert_size, + char *common_name, + size_t *common_name_size); + +/** + * Retrieve the organization name (O) string from one X.509 certificate. + * + * @param[in] cert Pointer to the DER-encoded X509 certificate. + * @param[in] cert_size Size of the X509 certificate in bytes. + * @param[out] name_buffer Buffer to contain the retrieved certificate organization + * name string. At most name_buffer_size bytes will be + * written and the string will be null terminated. May be + * NULL in order to determine the size buffer needed. + * @param[in,out] name_buffer_size The size in bytes of the name buffer on input, + * and the size of buffer returned name on output. + * If name_buffer is NULL then the amount of space needed + * in buffer (including the final null) is returned. + * + * @retval true + * @retval false + **/ +extern bool libspdm_x509_get_organization_name(const uint8_t *cert, size_t cert_size, + char *name_buffer, + size_t *name_buffer_size); + +/** + * Retrieve the issuer common name (CN) string from one X.509 certificate. + * + * @param[in] cert Pointer to the DER-encoded X509 certificate. + * @param[in] cert_size Size of the X509 certificate in bytes. + * @param[out] common_name Buffer to contain the retrieved certificate issuer common + * name string. At most common_name_size bytes will be + * written and the string will be null terminated. May be + * NULL in order to determine the size buffer needed. + * @param[in,out] common_name_size The size in bytes of the common_name buffer on input, + * and the size of buffer returned common_name on output. + * If common_name is NULL then the amount of space needed + * in buffer (including the final null) is returned. + * + * @retval true + * @retval false + **/ +extern bool libspdm_x509_get_issuer_common_name(const uint8_t *cert, size_t cert_size, + char *common_name, + size_t *common_name_size); + +/** + * Retrieve the issuer organization name (O) string from one X.509 certificate. + * + * @param[in] cert Pointer to the DER-encoded X509 certificate. + * @param[in] cert_size Size of the X509 certificate in bytes. + * @param[out] name_buffer Buffer to contain the retrieved certificate issuer organization + * name string. At most name_buffer_size bytes will be + * written and the string will be null terminated. May be + * NULL in order to determine the size buffer needed. + * @param[in,out] name_buffer_size The size in bytes of the name buffer on input, + * and the size of buffer returned name on output. + * If name_buffer is NULL then the amount of space needed + * in buffer (including the final null) is returned. + * + * @retval true + * @retval false + **/ +extern bool libspdm_x509_get_issuer_orgnization_name(const uint8_t *cert, size_t cert_size, + char *name_buffer, + size_t *name_buffer_size); + +/** + * Retrieve the signature algorithm from one X.509 certificate. + * + * @param[in] cert Pointer to the DER-encoded X509 certificate. + * @param[in] cert_size Size of the X509 certificate in bytes. + * @param[out] oid Signature algorithm Object identifier buffer. + * @param[in,out] oid_size Signature algorithm Object identifier buffer size. + * + * @retval true + * @retval false + **/ +extern bool libspdm_x509_get_signature_algorithm(const uint8_t *cert, + size_t cert_size, uint8_t *oid, + size_t *oid_size); + +/** + * Construct a X509 object from DER-encoded certificate data. + * + * If cert is NULL, then return false. + * If single_x509_cert is NULL, then return false. + * If this interface is not supported, then return false. + * + * @param[in] cert Pointer to the DER-encoded certificate data. + * @param[in] cert_size The size of certificate data in bytes. + * @param[out] single_x509_cert The generated X509 object. + * + * @retval true The X509 object generation succeeded. + * @retval false The operation failed. + * @retval false This interface is not supported. + **/ +extern bool libspdm_x509_construct_certificate(const uint8_t *cert, size_t cert_size, + uint8_t **single_x509_cert); + +/** + * Construct a X509 stack object from a list of DER-encoded certificate data. + * + * If x509_stack is NULL, then return false. + * If this interface is not supported, then return false. + * + * @param[in, out] x509_stack On input, pointer to an existing or NULL X509 stack object. + * On output, pointer to the X509 stack object with new + * inserted X509 certificate. + * @param ... A list of DER-encoded single certificate data followed + * by certificate size. A NULL terminates the list. The + * pairs are the arguments to libspdm_x509_construct_certificate(). + * + * @retval true The X509 stack construction succeeded. + * @retval false The construction operation failed. + * @retval false This interface is not supported. + **/ +extern bool libspdm_x509_construct_certificate_stack(uint8_t **x509_stack, ...); + +/** + * Release the specified X509 object. + * + * If the interface is not supported, then ASSERT(). + * + * @param[in] x509_cert Pointer to the X509 object to be released. + **/ +extern void libspdm_x509_free(void *x509_cert); + +/** + * Release the specified X509 stack object. + * + * If the interface is not supported, then ASSERT(). + * + * @param[in] x509_stack Pointer to the X509 stack object to be released. + **/ +extern void libspdm_x509_stack_free(void *x509_stack); + +/** + * Retrieve the TBSCertificate from one given X.509 certificate. + * + * @param[in] cert Pointer to the given DER-encoded X509 certificate. + * @param[in] cert_size size of the X509 certificate in bytes. + * @param[out] tbs_cert DER-Encoded to-Be-Signed certificate. + * @param[out] tbs_cert_size size of the TBS certificate in bytes. + * + * If cert is NULL, then return false. + * If tbs_cert is NULL, then return false. + * If tbs_cert_size is NULL, then return false. + * If this interface is not supported, then return false. + * + * @retval true The TBSCertificate was retrieved successfully. + * @retval false Invalid X.509 certificate. + **/ +extern bool libspdm_x509_get_tbs_cert(const uint8_t *cert, size_t cert_size, + uint8_t **tbs_cert, size_t *tbs_cert_size); + +/** + * Retrieve the RSA Private key from the password-protected PEM key data. + * + * If pem_data is NULL, then return false. + * If rsa_context is NULL, then return false. + * If this interface is not supported, then return false. + * + * @param[in] pem_data Pointer to the PEM-encoded key data to be retrieved. + * @param[in] pem_size Size of the PEM key data in bytes. + * @param[in] password NULL-terminated passphrase used for encrypted PEM key data. + * @param[out] rsa_context Pointer to new-generated RSA context which contain the retrieved + * RSA private key component. Use libspdm_rsa_free() function to free the + * resource. + * + * @retval true RSA Private key was retrieved successfully. + * @retval false Invalid PEM key data or incorrect password. + * @retval false This interface is not supported. + **/ +extern bool libspdm_rsa_get_private_key_from_pem(const uint8_t *pem_data, + size_t pem_size, + const char *password, + void **rsa_context); + +/** + * Retrieve the EC Private key from the password-protected PEM key data. + * + * @param[in] pem_data Pointer to the PEM-encoded key data to be retrieved. + * @param[in] pem_size Size of the PEM key data in bytes. + * @param[in] password NULL-terminated passphrase used for encrypted PEM key data. + * @param[out] ec_context Pointer to new-generated EC DSA context which contain the retrieved + * EC private key component. Use libspdm_ec_free() function to free the + * resource. + * + * If pem_data is NULL, then return false. + * If ec_context is NULL, then return false. + * + * @retval true EC Private key was retrieved successfully. + * @retval false Invalid PEM key data or incorrect password. + * + **/ +extern bool libspdm_ec_get_private_key_from_pem(const uint8_t *pem_data, size_t pem_size, + const char *password, + void **ec_context); + +/** + * Retrieve the Ed Private key from the password-protected PEM key data. + * + * @param[in] pem_data Pointer to the PEM-encoded key data to be retrieved. + * @param[in] pem_size Size of the PEM key data in bytes. + * @param[in] password NULL-terminated passphrase used for encrypted PEM key data. + * @param[out] ecd_context Pointer to new-generated Ed DSA context which contain the retrieved + * Ed private key component. Use libspdm_ecd_free() function to free the + * resource. + * + * If pem_data is NULL, then return false. + * If ecd_context is NULL, then return false. + * + * @retval true Ed Private key was retrieved successfully. + * @retval false Invalid PEM key data or incorrect password. + **/ +extern bool libspdm_ecd_get_private_key_from_pem(const uint8_t *pem_data, + size_t pem_size, + const char *password, + void **ecd_context); + +/** + * Retrieve the sm2 Private key from the password-protected PEM key data. + * + * @param[in] pem_data Pointer to the PEM-encoded key data to be retrieved. + * @param[in] pem_size Size of the PEM key data in bytes. + * @param[in] password NULL-terminated passphrase used for encrypted PEM key data. + * @param[out] sm2_context Pointer to new-generated sm2 context which contain the retrieved + * sm2 private key component. Use sm2_free() function to free the + * resource. + * + * If pem_data is NULL, then return false. + * If sm2_context is NULL, then return false. + * + * @retval true sm2 Private key was retrieved successfully. + * @retval false Invalid PEM key data or incorrect password. + * + **/ +extern bool libspdm_sm2_get_private_key_from_pem(const uint8_t *pem_data, + size_t pem_size, + const char *password, + void **sm2_context); + +/** + * Derive key data using HMAC-SHA256 based KDF. + * + * @param[in] key Pointer to the user-supplied key. + * @param[in] key_size Key size in bytes. + * @param[in] salt Pointer to the salt value. + * @param[in] salt_size Salt size in bytes. + * @param[in] info Pointer to the application specific info. + * @param[in] info_size Info size in bytes. + * @param[out] out Pointer to buffer to receive hkdf value. + * @param[in] out_size Size of hkdf bytes to generate. + * + * @retval true Hkdf generated successfully. + * @retval false Hkdf generation failed. + **/ +extern bool libspdm_hkdf_sha256_extract_and_expand(const uint8_t *key, size_t key_size, + const uint8_t *salt, size_t salt_size, + const uint8_t *info, size_t info_size, + uint8_t *out, size_t out_size); + +/** + * Derive key data using HMAC-SHA384 based KDF. + * + * @param[in] key Pointer to the user-supplied key. + * @param[in] key_size Key size in bytes. + * @param[in] salt Pointer to the salt value. + * @param[in] salt_size Salt size in bytes. + * @param[in] info Pointer to the application specific info. + * @param[in] info_size Info size in bytes. + * @param[out] out Pointer to buffer to receive hkdf value. + * @param[in] out_size Size of hkdf bytes to generate. + * + * @retval true Hkdf generated successfully. + * @retval false Hkdf generation failed. + **/ +extern bool libspdm_hkdf_sha384_extract_and_expand(const uint8_t *key, size_t key_size, + const uint8_t *salt, size_t salt_size, + const uint8_t *info, size_t info_size, + uint8_t *out, size_t out_size); + +/** + * Derive key data using HMAC-SHA512 based KDF. + * + * @param[in] key Pointer to the user-supplied key. + * @param[in] key_size Key size in bytes. + * @param[in] salt Pointer to the salt value. + * @param[in] salt_size Salt size in bytes. + * @param[in] info Pointer to the application specific info. + * @param[in] info_size Info size in bytes. + * @param[out] out Pointer to buffer to receive hkdf value. + * @param[in] out_size Size of hkdf bytes to generate. + * + * @retval true Hkdf generated successfully. + * @retval false Hkdf generation failed. + **/ +extern bool libspdm_hkdf_sha512_extract_and_expand(const uint8_t *key, size_t key_size, + const uint8_t *salt, size_t salt_size, + const uint8_t *info, size_t info_size, + uint8_t *out, size_t out_size); + +/** + * Derive SHA3_256 HMAC-based Extract-and-Expand key Derivation Function (HKDF). + * + * @param[in] key Pointer to the user-supplied key. + * @param[in] key_size Key size in bytes. + * @param[in] salt Pointer to the salt value. + * @param[in] salt_size Salt size in bytes. + * @param[in] info Pointer to the application specific info. + * @param[in] info_size Info size in bytes. + * @param[out] out Pointer to buffer to receive hkdf value. + * @param[in] out_size Size of hkdf bytes to generate. + * + * @retval true Hkdf generated successfully. + * @retval false Hkdf generation failed. + **/ +extern bool libspdm_hkdf_sha3_256_extract_and_expand(const uint8_t *key, size_t key_size, + const uint8_t *salt, size_t salt_size, + const uint8_t *info, size_t info_size, + uint8_t *out, size_t out_size); + +/** + * Derive SHA3_384 HMAC-based Extract-and-Expand key Derivation Function (HKDF). + * + * @param[in] key Pointer to the user-supplied key. + * @param[in] key_size Key size in bytes. + * @param[in] salt Pointer to the salt value. + * @param[in] salt_size Salt size in bytes. + * @param[in] info Pointer to the application specific info. + * @param[in] info_size Info size in bytes. + * @param[out] out Pointer to buffer to receive hkdf value. + * @param[in] out_size Size of hkdf bytes to generate. + * + * @retval true Hkdf generated successfully. + * @retval false Hkdf generation failed. + **/ +extern bool libspdm_hkdf_sha3_384_extract_and_expand(const uint8_t *key, size_t key_size, + const uint8_t *salt, size_t salt_size, + const uint8_t *info, size_t info_size, + uint8_t *out, size_t out_size); + +/** + * Derive SHA3_512 HMAC-based Extract-and-Expand key Derivation Function (HKDF). + * + * @param[in] key Pointer to the user-supplied key. + * @param[in] key_size Key size in bytes. + * @param[in] salt Pointer to the salt value. + * @param[in] salt_size Salt size in bytes. + * @param[in] info Pointer to the application specific info. + * @param[in] info_size Info size in bytes. + * @param[out] out Pointer to buffer to receive hkdf value. + * @param[in] out_size Size of hkdf bytes to generate. + * + * @retval true Hkdf generated successfully. + * @retval false Hkdf generation failed. + **/ +extern bool libspdm_hkdf_sha3_512_extract_and_expand(const uint8_t *key, size_t key_size, + const uint8_t *salt, size_t salt_size, + const uint8_t *info, size_t info_size, + uint8_t *out, size_t out_size); + +/** + * Derive SM3_256 HMAC-based Extract-and-Expand key Derivation Function (HKDF). + * + * @param[in] key Pointer to the user-supplied key. + * @param[in] key_size Key size in bytes. + * @param[in] salt Pointer to the salt value. + * @param[in] salt_size Salt size in bytes. + * @param[in] info Pointer to the application specific info. + * @param[in] info_size Info size in bytes. + * @param[out] out Pointer to buffer to receive hkdf value. + * @param[in] out_size Size of hkdf bytes to generate. + * + * @retval true Hkdf generated successfully. + * @retval false Hkdf generation failed. + **/ +extern bool libspdm_hkdf_sm3_256_extract_and_expand(const uint8_t *key, size_t key_size, + const uint8_t *salt, size_t salt_size, + const uint8_t *info, size_t info_size, + uint8_t *out, size_t out_size); + +/** + * Sets the public key component into the established EC context. + * + * For P-256, the public_size is 64. first 32-byte is X, second 32-byte is Y. + * For P-384, the public_size is 96. first 48-byte is X, second 48-byte is Y. + * For P-521, the public_size is 132. first 66-byte is X, second 66-byte is Y. + * + * @param[in, out] ec_context Pointer to EC context being set. + * @param[in] public Pointer to the buffer to receive generated public X,Y. + * @param[in] public_size The size of public buffer in bytes. + * + * @retval true EC public key component was set successfully. + * @retval false Invalid EC public key component. + **/ +extern bool libspdm_ec_set_pub_key(void *ec_context, const uint8_t *public_key, + size_t public_key_size); + +/** + * Sets the private key component into the established EC context. + * + * For P-256, the private_key_size is 32 byte. + * For P-384, the private_key_size is 48 byte. + * For P-521, the private_key_size is 66 byte. + * + * @param[in, out] ec_context Pointer to EC context being set. + * @param[in] private_key Pointer to the private key buffer. + * @param[in] private_key_size The size of private key buffer in bytes. + * + * @retval true EC private key component was set successfully. + * @retval false Invalid EC private key component. + * + **/ +extern bool libspdm_ec_set_priv_key(void *ec_context, const uint8_t *private_key, + size_t private_key_size); + +/** + * Gets the public key component from the established EC context. + * + * For P-256, the public_size is 64. first 32-byte is X, second 32-byte is Y. + * For P-384, the public_size is 96. first 48-byte is X, second 48-byte is Y. + * For P-521, the public_size is 132. first 66-byte is X, second 66-byte is Y. + * + * @param[in, out] ec_context Pointer to EC context being set. + * @param[out] public Pointer to the buffer to receive generated public X,Y. + * @param[in, out] public_size On input, the size of public buffer in bytes. + * On output, the size of data returned in public buffer in bytes. + * + * @retval true EC key component was retrieved successfully. + * @retval false Invalid EC key component. + **/ +extern bool libspdm_ec_get_pub_key(void *ec_context, uint8_t *public_key, size_t *public_key_size); + +/** + * Validates key components of EC context. + * NOTE: This function performs integrity checks on all the EC key material, so + * the EC key structure must contain all the private key data. + * + * If ec_context is NULL, then return false. + * + * @param[in] ec_context Pointer to EC context to check. + * + * @retval true EC key components are valid. + * @retval false EC key components are not valid. + **/ +extern bool libspdm_ec_check_key(const void *ec_context); + +/** + * Sets the public key component into the established Ed context. + * + * For ed25519, the public_size is 32. + * For ed448, the public_size is 57. + * + * @param[in, out] ecd_context Pointer to Ed context being set. + * @param[in] public_key Pointer to the buffer to receive generated public X,Y. + * @param[in] public_size The size of public buffer in bytes. + * + * @retval true Ed public key component was set successfully. + * @retval false Invalid EC public key component. + **/ +extern bool libspdm_ecd_set_pub_key(void *ecd_context, const uint8_t *public_key, + size_t public_key_size); + +/** + * Gets the public key component from the established Ed context. + * + * For ed25519, the public_size is 32. + * For ed448, the public_size is 57. + * + * @param[in, out] ecd_context Pointer to Ed context being set. + * @param[out] public Pointer to the buffer to receive generated public X,Y. + * @param[in, out] public_size On input, the size of public buffer in bytes. + * On output, the size of data returned in public buffer in bytes. + * + * @retval true Ed key component was retrieved successfully. + * @retval false Invalid EC public key component. + **/ +extern bool libspdm_ecd_get_pub_key(void *ecd_context, uint8_t *public_key, + size_t *public_key_size); + +/** + * Validates key components of Ed context. + * NOTE: This function performs integrity checks on all the Ed key material, so + * the Ed key structure must contain all the private key data. + * + * If ecd_context is NULL, then return false. + * + * @param[in] ecd_context Pointer to Ed context to check. + * + * @retval true Ed key components are valid. + * @retval false Ed key components are not valid. + **/ +extern bool libspdm_ecd_check_key(const void *ecd_context); + +/** + * Generates Ed key and returns Ed public key. + * + * For ed25519, the public_size is 32. + * For ed448, the public_size is 57. + * + * If ecd_context is NULL, then return false. + * If public_size is NULL, then return false. + * If public_size is large enough but public is NULL, then return false. + * + * @param[in, out] ecd_context Pointer to the Ed context. + * @param[out] public_key Pointer to the buffer to receive generated public key. + * @param[in, out] public_key_size On input, the size of public buffer in bytes. + * On output, the size of data returned in public buffer in bytes. + * + * @retval true Ed public key generation succeeded. + * @retval false Ed public key generation failed. + * @retval false public_size is not large enough. + **/ +extern bool libspdm_ecd_generate_key(void *ecd_context, uint8_t *public_key, + size_t *public_key_size); + +/** + * Generates DH parameter. + * + * Given generator g, and length of prime number p in bits, this function generates p, + * and sets DH context according to value of g and p. + * + * If dh_context is NULL, then return false. + * If prime is NULL, then return false. + * If this interface is not supported, then return false. + * + * @param[in, out] dh_context Pointer to the DH context. + * @param[in] generator Value of generator. + * @param[in] prime_length Length in bits of prime to be generated. + * @param[out] prime Pointer to the buffer to receive the generated prime number. + * + * @retval true DH parameter generation succeeded. + * @retval false Value of generator is not supported. + * @retval false Random number generator fails to generate random prime number with prime_length. + * @retval false This interface is not supported. + **/ +extern bool libspdm_dh_generate_parameter(void *dh_context, size_t generator, + size_t prime_length, uint8_t *prime); + +/** + * Sets generator and prime parameters for DH. + * + * Given generator g, and prime number p, this function and sets DH context accordingly. + * + * If dh_context is NULL, then return false. + * If prime is NULL, then return false. + * If this interface is not supported, then return false. + * + * @param[in, out] dh_context Pointer to the DH context. + * @param[in] generator Value of generator. + * @param[in] prime_length Length in bits of prime to be generated. + * @param[in] prime Pointer to the prime number. + * + * @retval true DH parameter setting succeeded. + * @retval false Value of generator is not supported. + * @retval false Value of generator is not suitable for the prime. + * @retval false Value of prime is not a prime number. + * @retval false Value of prime is not a safe prime number. + * @retval false This interface is not supported. + **/ +extern bool libspdm_dh_set_parameter(void *dh_context, size_t generator, + size_t prime_length, const uint8_t *prime); + +/** + * Sets the public key component into the established sm2 context. + * + * The public_size is 64. first 32-byte is X, second 32-byte is Y. + * + * @param[in, out] ec_context Pointer to sm2 context being set. + * @param[in] public_key Pointer to the buffer to receive generated public X,Y. + * @param[in] public_key_size The size of public buffer in bytes. + * + * @retval true sm2 public key component was set successfully. + * @retval false Invalid sm2 public key component. + **/ +extern bool libspdm_sm2_dsa_set_pub_key(void *sm2_context, const uint8_t *public_key, + size_t public_key_size); + +/** + * Gets the public key component from the established sm2 context. + * + * The public_size is 64. first 32-byte is X, second 32-byte is Y. + * + * @param[in, out] sm2_context Pointer to sm2 context being set. + * @param[out] public_key Pointer to the buffer to receive generated public X,Y. + * @param[in, out] public_key_size On input, the size of public buffer in bytes. + * On output, the size of data returned in public buffer in bytes. + * + * @retval true sm2 key component was retrieved successfully. + * @retval false Invalid sm2 key component. + **/ +extern bool libspdm_sm2_dsa_get_pub_key(void *sm2_context, uint8_t *public_key, + size_t *public_key_size); + +/** + * Validates key components of sm2 context. + * NOTE: This function performs integrity checks on all the sm2 key material, so + * the sm2 key structure must contain all the private key data. + * + * If sm2_context is NULL, then return false. + * + * @param[in] sm2_context Pointer to sm2 context to check. + * + * @retval true sm2 key components are valid. + * @retval false sm2 key components are not valid. + **/ +extern bool libspdm_sm2_dsa_check_key(const void *sm2_context); + +/** + * Generates sm2 key and returns sm2 public key (X, Y), based upon GB/T 32918.3-2016: SM2 - Part3. + * + * This function generates random secret, and computes the public key (X, Y), which is + * returned via parameter public, public_size. + * X is the first half of public with size being public_size / 2, + * Y is the second half of public with size being public_size / 2. + * sm2 context is updated accordingly. + * If the public buffer is too small to hold the public X, Y, false is returned and + * public_size is set to the required buffer size to obtain the public X, Y. + * + * The public_size is 64. first 32-byte is X, second 32-byte is Y. + * + * If sm2_context is NULL, then return false. + * If public_size is NULL, then return false. + * If public_size is large enough but public is NULL, then return false. + * + * @param[in, out] sm2_context Pointer to the sm2 context. + * @param[out] public_data Pointer to the buffer to receive generated public X,Y. + * @param[in, out] public_size On input, the size of public buffer in bytes. + * On output, the size of data returned in public buffer in bytes. + * + * @retval true sm2 public X,Y generation succeeded. + * @retval false sm2 public X,Y generation failed. + * @retval false public_size is not large enough. + **/ +extern bool libspdm_sm2_dsa_generate_key(void *sm2_context, uint8_t *public_data, + size_t *public_size); + +#endif /* CRYPTLIB_EXT_H */ diff --git a/DeviceSecurityTestPkg/Test/SpdmDeviceSecretLibTestStub/spdm_crypt_ext.c b/DeviceSecurityTestPkg/Test/SpdmDeviceSecretLibTestStub/spdm_crypt_ext.c new file mode 100644 index 00000000000..9a846766c89 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/SpdmDeviceSecretLibTestStub/spdm_crypt_ext.c @@ -0,0 +1,262 @@ +/** + * Copyright Notice: + * Copyright 2021-2022 DMTF. All rights reserved. + * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md + **/ + +#include "internal/libspdm_lib_config.h" +#include "spdm_crypt_ext_lib.h" +#include "hal/library/cryptlib.h" +#include "cryptlib_ext.h" +#include "industry_standard/spdm.h" +#include "hal/library/debuglib.h" + +/** + * Return asymmetric GET_PRIVATE_KEY_FROM_PEM function, based upon the asymmetric algorithm. + * + * @param base_asym_algo SPDM base_asym_algo + * + * @return asymmetric GET_PRIVATE_KEY_FROM_PEM function + **/ +libspdm_asym_get_private_key_from_pem_func +libspdm_get_asym_get_private_key_from_pem(uint32_t base_asym_algo) +{ + switch (base_asym_algo) { + case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048: + case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072: + case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096: + case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048: + case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072: + case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096: +#if (LIBSPDM_RSA_SSA_SUPPORT) || (LIBSPDM_RSA_PSS_SUPPORT) + return libspdm_rsa_get_private_key_from_pem; +#else + LIBSPDM_ASSERT(false); + break; +#endif + case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256: + case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384: + case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521: +#if LIBSPDM_ECDSA_SUPPORT + return libspdm_ec_get_private_key_from_pem; +#else + LIBSPDM_ASSERT(false); + break; +#endif + case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519: + case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448: +#if (LIBSPDM_EDDSA_ED25519_SUPPORT) || (LIBSPDM_EDDSA_ED448_SUPPORT) + return libspdm_ecd_get_private_key_from_pem; +#else + LIBSPDM_ASSERT(false); + break; +#endif + case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256: +#if LIBSPDM_SM2_DSA_SUPPORT + return libspdm_sm2_get_private_key_from_pem; +#else + LIBSPDM_ASSERT(false); + break; +#endif + default: + LIBSPDM_ASSERT(false); + break; + } + + return NULL; +} + +/** + * Retrieve the Private key from the password-protected PEM key data. + * + * @param base_asym_algo SPDM base_asym_algo + * @param pem_data Pointer to the PEM-encoded key data to be retrieved. + * @param pem_size size of the PEM key data in bytes. + * @param password NULL-terminated passphrase used for encrypted PEM key data. + * @param context Pointer to new-generated asymmetric context which contain the retrieved private key component. + * Use libspdm_asym_free() function to free the resource. + * + * @retval true Private key was retrieved successfully. + * @retval false Invalid PEM key data or incorrect password. + **/ +bool libspdm_asym_get_private_key_from_pem(uint32_t base_asym_algo, + const uint8_t *pem_data, + size_t pem_size, + const char *password, + void **context) +{ + libspdm_asym_get_private_key_from_pem_func asym_get_private_key_from_pem; + asym_get_private_key_from_pem = libspdm_get_asym_get_private_key_from_pem(base_asym_algo); + if (asym_get_private_key_from_pem == NULL) { + return false; + } + return asym_get_private_key_from_pem(pem_data, pem_size, password, context); +} + +/** + * Return asymmetric GET_PRIVATE_KEY_FROM_PEM function, based upon the asymmetric algorithm. + * + * @param req_base_asym_alg SPDM req_base_asym_alg + * + * @return asymmetric GET_PRIVATE_KEY_FROM_PEM function + **/ +static libspdm_asym_get_private_key_from_pem_func +libspdm_get_req_asym_get_private_key_from_pem(uint16_t req_base_asym_alg) +{ + return libspdm_get_asym_get_private_key_from_pem(req_base_asym_alg); +} + +/** + * Retrieve the Private key from the password-protected PEM key data. + * + * @param req_base_asym_alg SPDM req_base_asym_alg + * @param pem_data Pointer to the PEM-encoded key data to be retrieved. + * @param pem_size size of the PEM key data in bytes. + * @param password NULL-terminated passphrase used for encrypted PEM key data. + * @param context Pointer to new-generated asymmetric context which contain the retrieved private key component. + * Use libspdm_asym_free() function to free the resource. + * + * @retval true Private key was retrieved successfully. + * @retval false Invalid PEM key data or incorrect password. + **/ +bool libspdm_req_asym_get_private_key_from_pem(uint16_t req_base_asym_alg, + const uint8_t *pem_data, + size_t pem_size, + const char *password, + void **context) +{ + libspdm_asym_get_private_key_from_pem_func asym_get_private_key_from_pem; + asym_get_private_key_from_pem = + libspdm_get_req_asym_get_private_key_from_pem(req_base_asym_alg); + if (asym_get_private_key_from_pem == NULL) { + return false; + } + return asym_get_private_key_from_pem(pem_data, pem_size, password, + context); +} + +/** + * Computes the hash of a input data buffer. + * + * This function performs the hash of a given data buffer, and return the hash value. + * + * @param data Pointer to the buffer containing the data to be hashed. + * @param data_size Size of data buffer in bytes. + * @param hash_value Pointer to a buffer that receives the hash value. + * + * @retval true hash computation succeeded. + * @retval false hash computation failed. + **/ +typedef bool (*libspdm_hash_all_func)(const void *data, size_t data_size, uint8_t *hash_value); + +/** + * Return hash function, based upon the negotiated measurement hash algorithm. + * + * @param measurement_hash_algo SPDM measurement_hash_algo + * + * @return hash function + **/ +static libspdm_hash_all_func libspdm_spdm_measurement_hash_func(uint32_t measurement_hash_algo) +{ + switch (measurement_hash_algo) { + case SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA_256: +#if LIBSPDM_SHA256_SUPPORT + return libspdm_sha256_hash_all; +#else + LIBSPDM_ASSERT(false); + break; +#endif + case SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA_384: +#if LIBSPDM_SHA384_SUPPORT + return libspdm_sha384_hash_all; +#else + LIBSPDM_ASSERT(false); + break; +#endif + case SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA_512: +#if LIBSPDM_SHA512_SUPPORT + return libspdm_sha512_hash_all; +#else + LIBSPDM_ASSERT(false); + break; +#endif + case SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA3_256: +#if LIBSPDM_SHA3_256_SUPPORT + return libspdm_sha3_256_hash_all; +#else + LIBSPDM_ASSERT(false); + break; +#endif + case SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA3_384: +#if LIBSPDM_SHA3_384_SUPPORT + return libspdm_sha3_384_hash_all; +#else + LIBSPDM_ASSERT(false); + break; +#endif + case SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA3_512: +#if LIBSPDM_SHA3_512_SUPPORT + return libspdm_sha3_512_hash_all; +#else + LIBSPDM_ASSERT(false); + break; +#endif + case SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SM3_256: +#if LIBSPDM_SM3_256_SUPPORT + return libspdm_sm3_256_hash_all; +#else + LIBSPDM_ASSERT(false); + break; +#endif + default: + LIBSPDM_ASSERT(false); + break; + } + + return NULL; +} + +bool libspdm_measurement_hash_all(uint32_t measurement_hash_algo, + const void *data, size_t data_size, + uint8_t *hash_value) +{ + libspdm_hash_all_func hash_function; + hash_function = libspdm_spdm_measurement_hash_func(measurement_hash_algo); + if (hash_function == NULL) { + return false; + } + return hash_function(data, data_size, hash_value); +} + +size_t libspdm_get_aysm_nid(uint32_t base_asym_algo) +{ + switch (base_asym_algo) + { + case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048: + return LIBSPDM_CRYPTO_NID_RSASSA2048; + case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072: + return LIBSPDM_CRYPTO_NID_RSASSA3072; + case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096: + return LIBSPDM_CRYPTO_NID_RSASSA4096; + case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048: + return LIBSPDM_CRYPTO_NID_RSAPSS2048; + case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072: + return LIBSPDM_CRYPTO_NID_RSAPSS3072; + case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096: + return LIBSPDM_CRYPTO_NID_RSAPSS4096; + case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256: + return LIBSPDM_CRYPTO_NID_ECDSA_NIST_P256; + case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384: + return LIBSPDM_CRYPTO_NID_ECDSA_NIST_P384; + case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521: + return LIBSPDM_CRYPTO_NID_ECDSA_NIST_P521; + case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519: + return LIBSPDM_CRYPTO_NID_EDDSA_ED25519; + case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448: + return LIBSPDM_CRYPTO_NID_EDDSA_ED448; + case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256: + return LIBSPDM_CRYPTO_NID_SM2_DSA_P256; + default: + return LIBSPDM_CRYPTO_NID_NULL; + } +} diff --git a/DeviceSecurityTestPkg/Test/SpdmDeviceSecretLibTestStub/spdm_crypt_ext_lib.h b/DeviceSecurityTestPkg/Test/SpdmDeviceSecretLibTestStub/spdm_crypt_ext_lib.h new file mode 100644 index 00000000000..52206465e94 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/SpdmDeviceSecretLibTestStub/spdm_crypt_ext_lib.h @@ -0,0 +1,95 @@ +/** + * Copyright Notice: + * Copyright 2021-2022 DMTF. All rights reserved. + * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md + **/ + +#ifndef SPDM_CRYPT_EXT_LIB_H +#define SPDM_CRYPT_EXT_LIB_H + +#include "hal/base.h" + +/** + * Retrieve the Private key from the password-protected PEM key data. + * + * @param pem_data Pointer to the PEM-encoded key data to be retrieved. + * @param pem_size Size of the PEM key data in bytes. + * @param password NULL-terminated passphrase used for encrypted PEM key data. + * @param context Pointer to new-generated asymmetric context which contain the retrieved private + * key component. Use libspdm_asym_free() function to free the resource. + * + * @retval true Private key was retrieved successfully. + * @retval false Invalid PEM key data or incorrect password. + **/ +typedef bool (*libspdm_asym_get_private_key_from_pem_func)(const uint8_t *pem_data, + size_t pem_size, + const char *password, + void **context); + +/** + * Retrieve the Private key from the password-protected PEM key data. + * + * @param base_asym_algo SPDM base_asym_algo + * @param pem_data Pointer to the PEM-encoded key data to be retrieved. + * @param pem_size Size of the PEM key data in bytes. + * @param password NULL-terminated passphrase used for encrypted PEM key data. + * @param context Pointer to new-generated asymmetric context which contain the retrieved + * private key component. + * Use libspdm_asym_free() function to free the resource. + * + * @retval true Private key was retrieved successfully. + * @retval false Invalid PEM key data or incorrect password. + **/ +bool libspdm_asym_get_private_key_from_pem(uint32_t base_asym_algo, + const uint8_t *pem_data, + size_t pem_size, + const char *password, + void **context); + +/** + * Retrieve the Private key from the password-protected PEM key data. + * + * @param req_base_asym_alg SPDM req_base_asym_alg + * @param pem_data Pointer to the PEM-encoded key data to be retrieved. + * @param pem_size Size of the PEM key data in bytes. + * @param password NULL-terminated passphrase used for encrypted PEM key data. + * @param context Pointer to new-generated asymmetric context which contain the + * retrieved private key component. Use libspdm_asym_free() function to + * free the resource. + * + * @retval true Private key was retrieved successfully. + * @retval false Invalid PEM key data or incorrect password. + **/ +bool libspdm_req_asym_get_private_key_from_pem(uint16_t req_base_asym_alg, + const uint8_t *pem_data, + size_t pem_size, + const char *password, + void **context); + +/** + * Return asym NID, based upon the negotiated asym algorithm. + * + * @param base_asym_algo SPDM base_asym_algo + * + * @return asym NID + **/ +size_t libspdm_get_aysm_nid(uint32_t base_asym_algo); + +/** + * Computes the hash of a input data buffer, based upon the negotiated measurement hash algorithm. + * + * This function performs the hash of a given data buffer, and return the hash value. + * + * @param measurement_hash_algo SPDM measurement_hash_algo + * @param data Pointer to the buffer containing the data to be hashed. + * @param data_size Size of data buffer in bytes. + * @param hash_value Pointer to a buffer that receives the hash value. + * + * @retval true Hash computation succeeded. + * @retval false Hash computation failed. + **/ +bool libspdm_measurement_hash_all(uint32_t measurement_hash_algo, + const void *data, size_t data_size, + uint8_t *hash_value); + +#endif /* SPDM_CRYPT_EXT_LIB_H */ diff --git a/DeviceSecurityTestPkg/Test/SpdmPciDoeStub/SpdmPciDoeStub.c b/DeviceSecurityTestPkg/Test/SpdmPciDoeStub/SpdmPciDoeStub.c new file mode 100644 index 00000000000..d00aac4104a --- /dev/null +++ b/DeviceSecurityTestPkg/Test/SpdmPciDoeStub/SpdmPciDoeStub.c @@ -0,0 +1,489 @@ +/** @file + EDKII SpdmIo Stub for PCIe DOE Capability test + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define SPDM_TIMEOUT 1000000 // 1 second + +// Template for SPDM private data structure. +// The pointer to PciIo protocol interface and PCIe DOE capability +// structure offset are assigned dynamically. +// +SPDM_PRIVATE_DATA gSpdmPrivateDataTemplate = { + SPDM_PRIVATE_DATA_SIGNATURE, + { + SpdmIoSendRequest, + SpdmIoReceiveResponse, + } +}; + +EFI_STATUS +LocatePcieDoeCapStructure ( + IN EFI_PCI_IO_PROTOCOL *PciIo, + IN OUT UINT32 *Offset + ) +{ + EFI_STATUS Status; + UINT8 CapPtr; + UINT16 CapHeader; + UINT16 ExtendedCapPtr; + UINT32 ExtendedCapHeader; + + // + // Locate Pcie Capability structure + // + DEBUG ((DEBUG_ERROR, "[LocatePcieDoeCapStructure] Locate PCIe Cap structure ...\n")); + + Status = PciIo->Pci.Read ( + PciIo, + EfiPciIoWidthUint8, + PCI_CAPBILITY_POINTER_OFFSET, + 1, + &CapPtr + ); + if (EFI_ERROR (Status) || (CapPtr == MAX_UINT8)) { + return EFI_UNSUPPORTED; + } + + while (CapPtr != 0) { + Status = PciIo->Pci.Read ( + PciIo, + EfiPciIoWidthUint16, + CapPtr, + 1, + &CapHeader + ); + if (EFI_ERROR (Status) || (CapHeader == MAX_UINT16)) { + CapPtr = 0; + break; + } + + if ((UINT8)CapHeader == EFI_PCI_CAPABILITY_ID_PCIEXP) { + break; + } + + CapPtr = (CapHeader >> 8) & 0xFF; + } + + if (CapPtr == 0) { + return EFI_UNSUPPORTED; + } + + DEBUG ((DEBUG_ERROR, "[LocatePcieDoeCapStructure] PCIe Cap structure is located\n")); + DEBUG ((DEBUG_ERROR, "[LocatePcieDoeCapStructure] Locate PCIe DOE Cap structure ...\n")); + + // + // Locate Doe Extended Capability structure + // + ExtendedCapPtr = EFI_PCIE_CAPABILITY_BASE_OFFSET; + + while (ExtendedCapPtr != 0) { + Status = PciIo->Pci.Read ( + PciIo, + EfiPciIoWidthUint32, + ExtendedCapPtr, + 1, + &ExtendedCapHeader + ); + if (EFI_ERROR (Status) || (ExtendedCapHeader == MAX_UINT32)) { + ExtendedCapPtr = 0; + break; + } + + if ((UINT16)ExtendedCapHeader == PCI_EXPRESS_EXTENDED_CAPABILITY_DOE_ID) { + *Offset = ExtendedCapPtr; + break; + } + + ExtendedCapPtr = (ExtendedCapHeader >> 20) & 0xFFF; + } + + if (ExtendedCapPtr == 0) { + DEBUG ((DEBUG_ERROR, "[LocatePcieDoeCapStructure] PCIe DOE Cap structure is not located.\n")); + return EFI_UNSUPPORTED; + } else { + DEBUG ((DEBUG_ERROR, "[LocatePcieDoeCapStructure] PCIe DOE Cap structure is located. Offset = 0x%x\n", *Offset)); + return EFI_SUCCESS; + } +} + +VOID +PcieDoeControlRead32 ( + IN SPDM_PRIVATE_DATA *Private, + IN OUT UINT32 *Buffer + ) +{ + Private->PciIo->Pci.Read ( + Private->PciIo, + EfiPciIoWidthUint32, + Private->DoeCapabilityOffset + PCI_EXPRESS_REG_DOE_CONTROL_OFFSET, + 1, + Buffer + ); + return; +} + +VOID +PcieDoeControlWrite32 ( + IN SPDM_PRIVATE_DATA *Private, + IN UINT32 *Buffer + ) +{ + Private->PciIo->Pci.Write ( + Private->PciIo, + EfiPciIoWidthUint32, + Private->DoeCapabilityOffset + PCI_EXPRESS_REG_DOE_CONTROL_OFFSET, + 1, + Buffer + ); + return; +} + +VOID +PcieDoeStatusRead32 ( + IN SPDM_PRIVATE_DATA *Private, + IN OUT UINT32 *Buffer + ) +{ + Private->PciIo->Pci.Read ( + Private->PciIo, + EfiPciIoWidthUint32, + Private->DoeCapabilityOffset + PCI_EXPRESS_REG_DOE_STATUS_OFFSET, + 1, + Buffer + ); + return; +} + +VOID +PcieDoeWriteMailboxWrite32 ( + IN SPDM_PRIVATE_DATA *Private, + IN UINT32 *Buffer + ) +{ + Private->PciIo->Pci.Write ( + Private->PciIo, + EfiPciIoWidthUint32, + Private->DoeCapabilityOffset + PCI_EXPRESS_REG_DOE_WRITE_DATA_MAILBOX_OFFSET, + 1, + Buffer + ); + return; +} + +VOID +PcieDoeReadMailboxRead32 ( + IN SPDM_PRIVATE_DATA *Private, + IN OUT UINT32 *Buffer + ) +{ + Private->PciIo->Pci.Read ( + Private->PciIo, + EfiPciIoWidthUint32, + Private->DoeCapabilityOffset + PCI_EXPRESS_REG_DOE_READ_DATA_MAILBOX_OFFSET, + 1, + Buffer + ); + return; +} + +VOID +PcieDoeReadMailboxWrite32 ( + IN SPDM_PRIVATE_DATA *Private, + IN UINT32 *Buffer + ) +{ + Private->PciIo->Pci.Write ( + Private->PciIo, + EfiPciIoWidthUint32, + Private->DoeCapabilityOffset + PCI_EXPRESS_REG_DOE_READ_DATA_MAILBOX_OFFSET, + 1, + Buffer + ); + return; +} + +SPDM_RETURN +SpdmIoSendRequest ( + IN SPDM_IO_PROTOCOL *This, + IN UINTN RequestSize, + IN CONST VOID *Request, + IN UINT64 Timeout + ) +{ + SPDM_RETURN Status; + SPDM_PRIVATE_DATA *SpdmPrivateData = NULL; + UINT32 Index = 0; + PCI_EXPRESS_REG_DOE_CONTROL DoeControl; + PCI_EXPRESS_REG_DOE_STATUS DoeStatus; + UINT64 Delay = 0; + UINT32 DataObjectSize; + UINT8 *DataObjectBuffer; + + DEBUG ((DEBUG_ERROR, "[SpdmIoSendRequest] Start ... \n")); + DEBUG ((DEBUG_ERROR, "[SpdmIoSendRequest] RequestSize = 0x%x \n", RequestSize)); + + if (Request == NULL) { + return LIBSPDM_STATUS_INVALID_PARAMETER; + } + + if (RequestSize == 0) { + return LIBSPDM_STATUS_INVALID_PARAMETER; + } + + SpdmPrivateData = SPDM_PRIVATE_DATA_FROM_SPDM_IO (This); + + DataObjectSize = (UINT32)RequestSize; + DataObjectBuffer = (UINT8 *)Request; + + DEBUG ((DEBUG_ERROR, "[SpdmIoSendData] Start ... \n")); + + if (Timeout == 0) { + Timeout = SPDM_TIMEOUT; + } + + Delay = DivU64x32 (Timeout, 30) + 1; + + do { + // + // Check the DOE Busy bit is Clear to ensure that the DOE instance is ready to receive a DOE request. + // + PcieDoeStatusRead32 (SpdmPrivateData, &DoeStatus.Uint32); + if (DoeStatus.Bits.DoeBusy == 0) { + // + // Write the entire data object a DWORD at a time via the DOE Write Data Mailbox register. + // + DEBUG ((DEBUG_ERROR, "[SpdmIoSendData] 'DOE Busy' bit is cleared. Start writing Mailbox ...\n")); + Index = 0; + do { + PcieDoeWriteMailboxWrite32 (SpdmPrivateData, (UINT32 *)(DataObjectBuffer + Index)); + Index += sizeof (UINT32); + } while (Index < DataObjectSize); + + // + // Write 1b to the DOE Go bit. + // + DEBUG ((DEBUG_ERROR, "[SpdmIoSendData] Set 'DOE Go' bit, the instance start consuming the data object.\n")); + PcieDoeControlRead32 (SpdmPrivateData, &DoeControl.Uint32); + DoeControl.Bits.DoeGo = 1; + PcieDoeControlWrite32 (SpdmPrivateData, &DoeControl.Uint32); + + break; + } else { + // + // Stall for 30 microseconds.. + // + DEBUG ((DEBUG_ERROR, "[SpdmIoSendData] 'DOE Busy' bit is not cleared! Waiting ...\n")); + gBS->Stall (30); + Delay--; + } + } while (Delay != 0); + + if (Delay == 0) { + Status = LIBSPDM_STATUS_SEND_FAIL; + } else { + Status = LIBSPDM_STATUS_SUCCESS; + } + + return Status; +} + +SPDM_RETURN +SpdmIoReceiveResponse ( + IN SPDM_IO_PROTOCOL *This, + IN OUT UINTN *ResponseSize, + IN OUT VOID **Response, + IN UINT64 Timeout + ) +{ + SPDM_RETURN Status; + SPDM_PRIVATE_DATA *SpdmPrivateData = NULL; + UINT8 *ResponseDataObjectBuffer = NULL; + UINT32 ResponseDataObjectSize = 0; + UINT32 DataObjectSize = 0; + UINT32 Index = 0; + PCI_DOE_DATA_OBJECT_HEADER *DataObjectHeader; + PCI_EXPRESS_REG_DOE_STATUS DoeStatus; + UINT32 Data32 = 0; + UINT64 Delay = 0; + + DEBUG ((DEBUG_ERROR, "[SpdmIoReceiveResponse] Start ... \n")); + DEBUG ((DEBUG_ERROR, "[SpdmIoReceiveResponse] ResponseSize = 0x%x \n", *ResponseSize)); + + if (*Response == NULL) { + return LIBSPDM_STATUS_INVALID_PARAMETER; + } + + if (ResponseSize == NULL) { + return LIBSPDM_STATUS_INVALID_PARAMETER; + } + + SpdmPrivateData = SPDM_PRIVATE_DATA_FROM_SPDM_IO (This); + + if (Timeout == 0) { + Timeout = SPDM_TIMEOUT; + } + + Delay = DivU64x32 (Timeout, 30) + 1; + + DataObjectHeader = (PCI_DOE_DATA_OBJECT_HEADER *)*Response; + if (*ResponseSize < sizeof (PCI_DOE_DATA_OBJECT_HEADER)) { + *ResponseSize = sizeof (PCI_DOE_DATA_OBJECT_HEADER); + return LIBSPDM_STATUS_BUFFER_TOO_SMALL; + } + + do { + // + // Poll the Data Object Ready bit. + // + PcieDoeStatusRead32 (SpdmPrivateData, &DoeStatus.Uint32); + + if (DoeStatus.Bits.DataObjectReady == 1) { + DEBUG ((DEBUG_ERROR, "[SpdmIoReceiveResponse] 'Data Object Ready' bit is set. Start reading Mailbox ...\n")); + + // + // Get DataObjectHeader1. + // + PcieDoeReadMailboxRead32 (SpdmPrivateData, (UINT32 *)*Response); + // + // Write to the DOE Read Data Mailbox to indicate a successful read. + // + PcieDoeReadMailboxWrite32 (SpdmPrivateData, &Data32); + + // + // Get DataObjectHeader2. + // + PcieDoeReadMailboxRead32 (SpdmPrivateData, (UINT32 *)*Response + 1); + // + // Write to the DOE Read Data Mailbox to indicate a successful read. + // + PcieDoeReadMailboxWrite32 (SpdmPrivateData, &Data32); + + DataObjectSize = DataObjectHeader->Length * sizeof (UINT32); + DEBUG ((DEBUG_ERROR, "[SpdmIoReceiveResponse] DataObjectSize = 0x%x\n", DataObjectSize)); + + if (DataObjectSize > *ResponseSize) { + *ResponseSize = DataObjectSize; + return LIBSPDM_STATUS_BUFFER_TOO_SMALL; + } + + ResponseDataObjectSize = DataObjectSize - sizeof (PCI_DOE_DATA_OBJECT_HEADER); + ResponseDataObjectBuffer = (UINT8 *)*Response + sizeof (PCI_DOE_DATA_OBJECT_HEADER); + Index = 0; + do { + // + // Read data from the DOE Read Data Mailbox and save it. + // + PcieDoeReadMailboxRead32 (SpdmPrivateData, (UINT32 *)(ResponseDataObjectBuffer + Index)); + Index += sizeof (UINT32); + // + // Write to the DOE Read Data Mailbox to indicate a successful read. + // + PcieDoeReadMailboxWrite32 (SpdmPrivateData, &Data32); + } while (Index < ResponseDataObjectSize); + + *ResponseSize = DataObjectSize; + + break; + } else { + // + // Stall for 30 microseconds.. + // + DEBUG ((DEBUG_ERROR, "[SpdmIoReceiveResponse] 'Data Object Ready' bit is not set! Waiting ...\n")); + gBS->Stall (30); + Delay--; + } + } while (Delay != 0); + + if (Delay == 0) { + Status = LIBSPDM_STATUS_RECEIVE_FAIL; + } else { + Status = LIBSPDM_STATUS_SUCCESS; + } + + return Status; +} + +EFI_STATUS +EFIAPI +MainEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + EFI_HANDLE Handle; + UINTN BufferSize; + EFI_PCI_IO_PROTOCOL *PciIo = NULL; + UINT32 DoeCapOffset = 0; + SPDM_PRIVATE_DATA *SpdmPrivateData = NULL; + + DEBUG ((DEBUG_ERROR, "[SpdmPciDoeStub] Start ... \n")); + + // + // Locate EFI_PCI_IO_PROTOCOL. + // + BufferSize = sizeof (Handle); + Status = gBS->LocateHandle ( + ByProtocol, + &gEdkiiDeviceIdentifierTypePciGuid, + NULL, + &BufferSize, + &Handle + ); + DEBUG ((DEBUG_ERROR, "[SpdmPciDoeStub] LocateHandle (ByProtocol DeviceIdTypePci) - %r (BufferSize = 0x%x)\n", Status, BufferSize)); + ASSERT_EFI_ERROR (Status); + + Status = gBS->HandleProtocol ( + Handle, + &gEdkiiDeviceIdentifierTypePciGuid, + (VOID **)&PciIo + ); + DEBUG ((DEBUG_ERROR, "[SpdmPciDoeStub] HandleProtocol (DeviceIdTypePci) - %r\n", Status)); + ASSERT_EFI_ERROR (Status); + + // + // Locate PCIe DOE Capability. + // + Status = LocatePcieDoeCapStructure (PciIo, &DoeCapOffset); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Create and initial SPDM_PRIVATE_DATA. + // + SpdmPrivateData = AllocateCopyPool (sizeof (*SpdmPrivateData), &gSpdmPrivateDataTemplate); + ASSERT (SpdmPrivateData != NULL); + SpdmPrivateData->DoeCapabilityOffset = DoeCapOffset; + SpdmPrivateData->PciIo = PciIo; + + Handle = NULL; + Status = gBS->InstallProtocolInterface ( + &Handle, + &gSpdmIoProtocolGuid, + EFI_NATIVE_INTERFACE, + &SpdmPrivateData->SpdmIo + ); + DEBUG ((DEBUG_ERROR, "[SpdmPciDoeStub] InstallProtocolInterface (Spdm) - %r\n", Status)); + + return Status; +} diff --git a/DeviceSecurityTestPkg/Test/SpdmPciDoeStub/SpdmPciDoeStub.h b/DeviceSecurityTestPkg/Test/SpdmPciDoeStub/SpdmPciDoeStub.h new file mode 100644 index 00000000000..2ebe1be0b39 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/SpdmPciDoeStub/SpdmPciDoeStub.h @@ -0,0 +1,42 @@ +/** @file + EDKII Spdm Stub for PCIe DOE Capability test + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _SPDM_PCI_DOE_STUB_H_ +#define _SPDM_PCI_DOE_STUB_H_ + +#include +#include +#include + +typedef struct { + UINTN Signature; + SPDM_IO_PROTOCOL SpdmIo; + EFI_PCI_IO_PROTOCOL *PciIo; + UINT32 DoeCapabilityOffset; +} SPDM_PRIVATE_DATA; + +#define SPDM_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('S', 'P', 'D', 'S') +#define SPDM_PRIVATE_DATA_FROM_SPDM_IO(a) CR (a, SPDM_PRIVATE_DATA, SpdmIo, SPDM_PRIVATE_DATA_SIGNATURE) + +SPDM_RETURN +SpdmIoSendRequest ( + IN SPDM_IO_PROTOCOL *This, + IN UINTN RequestSize, + IN CONST VOID *Request, + IN UINT64 Timeout + ); + +SPDM_RETURN +SpdmIoReceiveResponse ( + IN SPDM_IO_PROTOCOL *This, + IN OUT UINTN *ResponseSize, + IN OUT VOID **Response, + IN UINT64 Timeout + ); + +#endif diff --git a/DeviceSecurityTestPkg/Test/SpdmPciDoeStub/SpdmPciDoeStub.inf b/DeviceSecurityTestPkg/Test/SpdmPciDoeStub/SpdmPciDoeStub.inf new file mode 100644 index 00000000000..2dd0de39c7e --- /dev/null +++ b/DeviceSecurityTestPkg/Test/SpdmPciDoeStub/SpdmPciDoeStub.inf @@ -0,0 +1,43 @@ +## @file +# EDKII SpdmIo Stub for PCIe DOE Capability test +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SpdmPciDoeStub + FILE_GUID = F716975E-D48B-4D11-B928-ED7A03E20A3C + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = MainEntryPoint + +[Sources] + SpdmPciDoeStub.c + SpdmPciDoeStub.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + CryptoPkg/CryptoPkg.dec + SecurityPkg/SecurityPkg.dec + DeviceSecurityTestPkg/DeviceSecurityTestPkg.dec + +[LibraryClasses] + UefiRuntimeServicesTableLib + UefiBootServicesTableLib + UefiDriverEntryPoint + MemoryAllocationLib + DevicePathLib + BaseMemoryLib + PrintLib + DebugLib + +[Protocols] + gSpdmIoProtocolGuid ## PRODUCES + gEdkiiDeviceIdentifierTypePciGuid ## COMSUMES + +[Depex] + TRUE diff --git a/DeviceSecurityTestPkg/Test/SpdmStub/SpdmDeviceIo.c b/DeviceSecurityTestPkg/Test/SpdmStub/SpdmDeviceIo.c new file mode 100644 index 00000000000..47f8ef98f8e --- /dev/null +++ b/DeviceSecurityTestPkg/Test/SpdmStub/SpdmDeviceIo.c @@ -0,0 +1,32 @@ +/** @file + EDKII Device Security library for SPDM device. + It follows the SPDM Specification. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "SpdmStub.h" + +SPDM_RETURN +SpdmDeviceSendMessage ( + IN VOID *SpdmContext, + IN UINTN MessageSize, + IN CONST VOID *Message, + IN UINT64 Timeout + ) +{ + return LIBSPDM_STATUS_SUCCESS; +} + +SPDM_RETURN +SpdmDeviceReceiveMessage ( + IN VOID *SpdmContext, + IN OUT UINTN *MessageSize, + IN OUT VOID **Message, + IN UINT64 Timeout + ) +{ + return LIBSPDM_STATUS_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/Test/SpdmStub/SpdmStub.c b/DeviceSecurityTestPkg/Test/SpdmStub/SpdmStub.c new file mode 100644 index 00000000000..59f7dbbff49 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/SpdmStub/SpdmStub.c @@ -0,0 +1,423 @@ +/** @file + EDKII SpdmIo Stub + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "SpdmStub.h" +#include +#include + +#define SLOT_NUMBER 2 + +SPDM_MESSAGE_HEADER *mSpdmIoLastSpdmRequest; +UINTN mSpdmIoLastSpdmRequestSize; + +BOOLEAN mSendReceiveBufferAcquired = FALSE; +UINT8 mSendReceiveBuffer[SPDM_MAX_SENDER_RECEIVER_BUFFER_SIZE]; +UINTN mSendReceiveBufferSize; +VOID *mScratchBuffer; + +SPDM_RETURN +SpdmIoSendMessage ( + IN SPDM_IO_PROTOCOL *This, + IN UINTN MessageSize, + IN CONST VOID *Message, + IN UINT64 Timeout + ) +{ + if (Message == NULL) { + return LIBSPDM_STATUS_INVALID_PARAMETER; + } + + if (MessageSize == 0) { + return LIBSPDM_STATUS_INVALID_PARAMETER; + } + + if (mSpdmIoLastSpdmRequest != NULL) { + FreePool (mSpdmIoLastSpdmRequest); + mSpdmIoLastSpdmRequest = NULL; + } + + mSpdmIoLastSpdmRequestSize = MessageSize; + mSpdmIoLastSpdmRequest = AllocateCopyPool (MessageSize, Message); + + return LIBSPDM_STATUS_SUCCESS; +} + +SPDM_RETURN +SpdmIoReceiveMessage ( + IN SPDM_IO_PROTOCOL *This, + IN OUT UINTN *MessageSize, + OUT VOID **Message, + IN UINT64 Timeout + ) +{ + SPDM_TEST_DEVICE_CONTEXT *SpdmTestContext; + VOID *SpdmContext; + UINT32 *SessionId; + BOOLEAN IsAppMessage; + SPDM_RETURN Status; + UINT32 TmpSessionId; + UINT32 *SessionIdPtr; + + SpdmTestContext = SPDM_TEST_DEVICE_CONTEXT_FROM_SPDM_IO_PROTOCOL (This); + SpdmContext = SpdmTestContext->SpdmContext; + + SessionId = NULL; + + Status = SpdmProcessRequest ( + SpdmContext, + &SessionId, + &IsAppMessage, + mSpdmIoLastSpdmRequestSize, + mSpdmIoLastSpdmRequest + ); + if (LIBSPDM_STATUS_IS_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "SpdmProcessRequest - %p\n", Status)); + return Status; + } + + if (SessionId != NULL) { + TmpSessionId = *SessionId; + SessionIdPtr = &TmpSessionId; + } else { + SessionIdPtr = NULL; + } + + ZeroMem (*Message, *MessageSize); + Status = SpdmBuildResponse (SpdmContext, SessionIdPtr, IsAppMessage, MessageSize, Message); + if (LIBSPDM_STATUS_IS_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "SpdmBuildResponse - %p\n", Status)); + return Status; + } + + return Status; +} + +SPDM_TEST_DEVICE_CONTEXT mSpdmTestDeviceContext = { + SPDM_TEST_DEVICE_CONTEXT_SIGNATURE, + NULL, + { + SpdmIoSendMessage, + SpdmIoReceiveMessage, + }, +}; + +SPDM_RETURN +SpdmDeviceAcquireSenderBuffer ( + VOID *Context, + VOID **MsgBufPtr + ) +{ + ASSERT (!mSendReceiveBufferAcquired); + *MsgBufPtr = mSendReceiveBuffer; + ZeroMem (mSendReceiveBuffer, sizeof (mSendReceiveBuffer)); + mSendReceiveBufferAcquired = TRUE; + + return LIBSPDM_STATUS_SUCCESS; +} + +VOID +SpdmDeviceReleaseSenderBuffer ( + VOID *Context, + CONST VOID *MsgBufPtr + ) +{ + ASSERT (mSendReceiveBufferAcquired); + ASSERT (MsgBufPtr == mSendReceiveBuffer); + mSendReceiveBufferAcquired = FALSE; + + return; +} + +SPDM_RETURN +SpdmDeviceAcquireReceiverBuffer ( + VOID *Context, + VOID **MsgBufPtr + ) +{ + ASSERT (!mSendReceiveBufferAcquired); + *MsgBufPtr = mSendReceiveBuffer; + ZeroMem (mSendReceiveBuffer, sizeof (mSendReceiveBuffer)); + mSendReceiveBufferAcquired = TRUE; + + return LIBSPDM_STATUS_SUCCESS; +} + +VOID +SpdmDeviceReleaseReceiverBuffer ( + VOID *context, + CONST VOID *MsgBufPtr + ) +{ + ASSERT (mSendReceiveBufferAcquired); + ASSERT (MsgBufPtr == mSendReceiveBuffer); + mSendReceiveBufferAcquired = FALSE; + + return; +} + +EFI_STATUS +EFIAPI +MainEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + UINT8 Index; + VOID *CertChain; + UINTN CertChainSize; + VOID *SpdmContext; + SPDM_DATA_PARAMETER Parameter; + UINT8 Data8; + UINT16 Data16; + UINT32 Data32; + BOOLEAN HasRspPubCert; + BOOLEAN HasRspPrivKey; + UINTN ScratchBufferSize; + UINT8 TestConfig; + UINTN TestConfigSize; + SPDM_VERSION_NUMBER SpdmVersion; + BOOLEAN IsRequrester; + + TestConfigSize = sizeof (UINT8); + Status = gRT->GetVariable ( + L"SpdmTestConfig", + &gEfiDeviceSecurityPkgTestConfig, + NULL, + &TestConfigSize, + &TestConfig + ); + if (EFI_ERROR (Status)) { + return Status; + } + + SpdmContext = AllocateZeroPool (SpdmGetContextSize ()); + ASSERT (SpdmContext != NULL); + SpdmInitContext (SpdmContext); + + if (TestConfig == TEST_CONFIG_SPDM_MESSAGE_VERSION_11) { + ZeroMem (&Parameter, sizeof (Parameter)); + Parameter.location = SpdmDataLocationLocal; + SpdmVersion = SPDM_MESSAGE_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT; + SpdmSetData (SpdmContext, SpdmDataSpdmVersion, &Parameter, &SpdmVersion, sizeof (SpdmVersion)); + } else if (TestConfig == TEST_CONFIG_SPDM_MESSAGE_VERSION_10) { + ZeroMem (&Parameter, sizeof (Parameter)); + Parameter.location = SpdmDataLocationLocal; + SpdmVersion = SPDM_MESSAGE_VERSION_10 << SPDM_VERSION_NUMBER_SHIFT_BIT; + SpdmSetData (SpdmContext, SpdmDataSpdmVersion, &Parameter, &SpdmVersion, sizeof (SpdmVersion)); + } + + mSpdmTestDeviceContext.SpdmContext = SpdmContext; + + SpdmRegisterDeviceIoFunc (SpdmContext, SpdmDeviceSendMessage, SpdmDeviceReceiveMessage); + // SpdmRegisterTransportLayerFunc (SpdmContext, SPDM_MAX_SPDM_MSG_SIZE, SpdmTransportMctpEncodeMessage, SpdmTransportMctpDecodeMessage); + SpdmRegisterTransportLayerFunc ( + SpdmContext, + SPDM_MAX_SPDM_MSG_SIZE, + SPDM_TRANSPORT_HEADER_SIZE, + SPDM_TRANSPORT_TAIL_SIZE, + SpdmTransportPciDoeEncodeMessage, + SpdmTransportPciDoeDecodeMessage + ); + SpdmRegisterDeviceBufferFunc ( + SpdmContext, + SPDM_SENDER_BUFFER_SIZE, + SPDM_RECEIVER_BUFFER_SIZE, + SpdmDeviceAcquireSenderBuffer, + SpdmDeviceReleaseSenderBuffer, + SpdmDeviceAcquireReceiverBuffer, + SpdmDeviceReleaseReceiverBuffer + ); + + ScratchBufferSize = SpdmGetSizeofRequiredScratchBuffer (SpdmContext); + mScratchBuffer = AllocateZeroPool (ScratchBufferSize); + ASSERT (mScratchBuffer != NULL); + + SpdmSetScratchBuffer (SpdmContext, mScratchBuffer, ScratchBufferSize); + + Status = GetVariable2 ( + L"ProvisionSpdmCertChain", + &gEfiDeviceSecurityPkgTestConfig, + &CertChain, + &CertChainSize + ); + if (!EFI_ERROR (Status)) { + HasRspPubCert = TRUE; + // BUGBUG: Assume only 1 SPDM cert. + + ZeroMem (&Parameter, sizeof (Parameter)); + Parameter.location = SpdmDataLocationLocal; + + for (Index = 0; Index < SLOT_NUMBER; Index++) { + Parameter.additional_data[0] = Index; + SpdmSetData (SpdmContext, SpdmDataLocalPublicCertChain, &Parameter, CertChain, CertChainSize); + } + + // do not free it + } else { + HasRspPubCert = FALSE; + } + + // Change the PublicCertChain in slot_0, keep the above original PublicCertChain in slot_1. + if (TestConfig == TEST_CONFIG_DIFF_CERT_IN_DIFF_SLOT) { + Status = GetVariable2 ( + L"ProvisionSpdmCertChain_2", + &gEfiDeviceSecurityPkgTestConfig, + &CertChain, + &CertChainSize + ); + if (!EFI_ERROR (Status)) { + HasRspPubCert = TRUE; + Parameter.additional_data[0] = 0; + SpdmSetData (SpdmContext, SpdmDataLocalPublicCertChain, &Parameter, CertChain, CertChainSize); + + // do not free it + } else { + HasRspPubCert = FALSE; + } + } + + HasRspPrivKey = TRUE; + + Data32 = SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP | + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP | + // SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_NO_SIG | + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG | +#if (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_EX_CAP) + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCRYPT_CAP | + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MAC_CAP | + // SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MUT_AUTH_CAP | + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP | +#endif + // SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP_RESPONDER | + // SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP_RESPONDER_WITH_CONTEXT | + // SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCAP_CAP | + // SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HBEAT_CAP | + // SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_UPD_CAP | +#if (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_EX_CAP) + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP | +#endif + // SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PUB_KEY_ID_CAP | + 0; + if (!HasRspPubCert) { + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP; + } else { + Data32 |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP; + } + + if (!HasRspPrivKey) { + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP; + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG; + Data32 |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_NO_SIG; + } else { + Data32 |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP; + Data32 |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG; + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_NO_SIG; + } + + if (TestConfig == TEST_CONFIG_NO_CERT_CAP) { + // If certificates or public keys are not enabled then these capabilities cannot be enabled. + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP; + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP; + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP; + } else if ((TestConfig == TEST_CONFIG_NO_CHAL_CAP) || (TestConfig == TEST_CONFIG_NO_CHAL_CAP_NO_ROOT_CA)) { + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP; + } else if (TestConfig == TEST_CONFIG_MEAS_CAP_NO_SIG) { + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG; + Data32 |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_NO_SIG; + } else if (TestConfig == TEST_CONFIG_NO_MEAS_CAP) { + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG; + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_NO_SIG; + } + + SpdmSetData (SpdmContext, SpdmDataCapabilityFlags, &Parameter, &Data32, sizeof (Data32)); + + if ((TestConfig == TEST_CONFIG_NO_MEAS_CAP) || (TestConfig == TEST_CONFIG_NO_CERT_CAP)) { + Data8 = 0; + } else { + Data8 = SPDM_MEASUREMENT_SPECIFICATION_DMTF; + } + + SpdmSetData (SpdmContext, SpdmDataMeasurementSpec, &Parameter, &Data8, sizeof (Data8)); + if ((TestConfig == TEST_CONFIG_NO_MEAS_CAP) || (TestConfig == TEST_CONFIG_NO_CERT_CAP)) { + Data32 = 0; + } else { + Data32 = SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA_256; + } + + SpdmSetData (SpdmContext, SpdmDataMeasurementHashAlgo, &Parameter, &Data32, sizeof (Data32)); + if (TestConfig == TEST_CONFIG_RSASSA_3072_SHA_384) { + Data32 = SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072; + } else if (TestConfig == TEST_CONFIG_RSASSA_4096_SHA_512) { + Data32 = SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096; + } else if (TestConfig == TEST_CONFIG_ECDSA_ECC_P256_SHA_256) { + Data32 = SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256; + } else if (TestConfig == TEST_CONFIG_ECDSA_ECC_P384_SHA_384) { + Data32 = SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384; + } else if (TestConfig == TEST_CONFIG_ECDSA_ECC_P521_SHA_512) { + Data32 = SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521; + } else { + Data32 = SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048; + } + + SpdmSetData (SpdmContext, SpdmDataBaseAsymAlgo, &Parameter, &Data32, sizeof (Data32)); + if (TestConfig == TEST_CONFIG_RSASSA_3072_SHA_384) { + Data32 = SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384; + } else if (TestConfig == TEST_CONFIG_RSASSA_4096_SHA_512) { + Data32 = SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512; + } else if (TestConfig == TEST_CONFIG_ECDSA_ECC_P256_SHA_256) { + Data32 = SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256; + } else if (TestConfig == TEST_CONFIG_ECDSA_ECC_P384_SHA_384) { + Data32 = SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384; + } else if (TestConfig == TEST_CONFIG_ECDSA_ECC_P521_SHA_512) { + Data32 = SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512; + } else { + Data32 = SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256; + } + + SpdmSetData (SpdmContext, SpdmDataBaseHashAlgo, &Parameter, &Data32, sizeof (Data32)); + if (TestConfig == TEST_CONFIG_SECP_256_R1_AES_256_GCM) { + Data16 = SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_256_R1; + } else if (TestConfig == TEST_CONFIG_SECP_521_R1_CHACHA20_POLY1305) { + Data16 = SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_521_R1; + } else { + Data16 = SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_384_R1; + } + + SpdmSetData (SpdmContext, SpdmDataDHENameGroup, &Parameter, &Data16, sizeof (Data16)); + if (TestConfig == TEST_CONFIG_SECP_256_R1_AES_256_GCM) { + Data16 = SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_256_GCM; + } else if (TestConfig == TEST_CONFIG_SECP_521_R1_CHACHA20_POLY1305) { + Data16 = SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_CHACHA20_POLY1305; + } else { + Data16 = SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_128_GCM; + } + + SpdmSetData (SpdmContext, SpdmDataAEADCipherSuite, &Parameter, &Data16, sizeof (Data16)); + Data16 = SPDM_ALGORITHMS_KEY_SCHEDULE_HMAC_HASH; + SpdmSetData (SpdmContext, SpdmDataKeySchedule, &Parameter, &Data16, sizeof (Data16)); + Data8 = SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1; + SpdmSetData (SpdmContext, SpdmDataOtherParamsSupport, &Parameter, &Data8, sizeof (Data8)); + Data8 = SPDM_MEL_SPECIFICATION_DMTF; + SpdmSetData (SpdmContext, SpdmDataMelSpec, &Parameter, &Data8, sizeof (Data8)); + Data8 = 0x3F; + SpdmSetData (SpdmContext, SpdmDataLocalSupportedSlotMask, &Parameter, &Data8, sizeof (Data8)); + IsRequrester = FALSE; + SpdmSetData (SpdmContext, LIBSPDM_DATA_IS_REQUESTER, &Parameter, &IsRequrester, sizeof (IsRequrester)); + + Status = gBS->InstallProtocolInterface ( + &mSpdmTestDeviceContext.SpdmHandle, + &gSpdmIoProtocolGuid, + EFI_NATIVE_INTERFACE, + &mSpdmTestDeviceContext.SpdmIoProtocol + ); + + InitializeSpdmTest (&mSpdmTestDeviceContext); + + return Status; +} diff --git a/DeviceSecurityTestPkg/Test/SpdmStub/SpdmStub.h b/DeviceSecurityTestPkg/Test/SpdmStub/SpdmStub.h new file mode 100644 index 00000000000..3412fdfefa1 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/SpdmStub/SpdmStub.h @@ -0,0 +1,102 @@ +/** @file + EDKII SpdmIo Stub + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _SPDM_STUB_H_ +#define _SPDM_STUB_H_ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +typedef struct { + UINTN Signature; + EFI_HANDLE SpdmHandle; + SPDM_IO_PROTOCOL SpdmIoProtocol; + SPDM_TEST_PROTOCOL SpdmTestProtocol; + SPDM_TEST_PROCESS_PACKET_CALLBACK ProcessPacketCallback; + VOID *SpdmContext; +} SPDM_TEST_DEVICE_CONTEXT; + +#define SPDM_TEST_DEVICE_CONTEXT_SIGNATURE SIGNATURE_32 ('S', 'T', 'D', 'C') +#define SPDM_TEST_DEVICE_CONTEXT_FROM_SPDM_TEST_PROTOCOL(a) CR (a, SPDM_TEST_DEVICE_CONTEXT, SpdmTestProtocol, SPDM_TEST_DEVICE_CONTEXT_SIGNATURE) +#define SPDM_TEST_DEVICE_CONTEXT_FROM_SPDM_IO_PROTOCOL(a) CR (a, SPDM_TEST_DEVICE_CONTEXT, SpdmIoProtocol, SPDM_TEST_DEVICE_CONTEXT_SIGNATURE) + +#ifndef SPDM_TRANSPORT_HEADER_SIZE +#define SPDM_TRANSPORT_HEADER_SIZE 64 +#endif +#ifndef SPDM_TRANSPORT_TAIL_SIZE +#define SPDM_TRANSPORT_TAIL_SIZE 64 +#endif +/* define common SPDM_TRANSPORT_ADDITIONAL_SIZE. It should be the biggest one. */ +#ifndef SPDM_TRANSPORT_ADDITIONAL_SIZE +#define SPDM_TRANSPORT_ADDITIONAL_SIZE \ + (SPDM_TRANSPORT_HEADER_SIZE + SPDM_TRANSPORT_TAIL_SIZE) +#endif +#ifndef SPDM_SENDER_BUFFER_SIZE +#define SPDM_SENDER_BUFFER_SIZE (0x1100 + \ + SPDM_TRANSPORT_ADDITIONAL_SIZE) +#endif +#ifndef SPDM_RECEIVER_BUFFER_SIZE +#define SPDM_RECEIVER_BUFFER_SIZE (0x1200 + \ + SPDM_TRANSPORT_ADDITIONAL_SIZE) +#endif +#if (SPDM_SENDER_BUFFER_SIZE > SPDM_RECEIVER_BUFFER_SIZE) +#define SPDM_MAX_SENDER_RECEIVER_BUFFER_SIZE SPDM_SENDER_BUFFER_SIZE +#else +#define SPDM_MAX_SENDER_RECEIVER_BUFFER_SIZE SPDM_RECEIVER_BUFFER_SIZE +#endif +/* Maximum size of a large SPDM message. + * If chunk is unsupported, it must be same as SPDM_DATA_TRANSFER_SIZE. + * If chunk is supported, it must be larger than SPDM_DATA_TRANSFER_SIZE. + * It matches MaxSPDMmsgSize in SPDM specification. */ +#ifndef SPDM_MAX_SPDM_MSG_SIZE +#define SPDM_MAX_SPDM_MSG_SIZE 0x1200 +#endif + +VOID +InitializeSpdmTest ( + IN OUT SPDM_TEST_DEVICE_CONTEXT *SpdmTestDeviceContext + ); + +SPDM_RETURN +SpdmDeviceSendMessage ( + IN VOID *SpdmContext, + IN UINTN MessageSize, + IN CONST VOID *Message, + IN UINT64 Timeout + ); + +SPDM_RETURN +SpdmDeviceReceiveMessage ( + IN VOID *SpdmContext, + IN OUT UINTN *MessageSize, + IN OUT VOID **Message, + IN UINT64 Timeout + ); + +extern EFI_HANDLE mSpdmHandle; + +#endif diff --git a/DeviceSecurityTestPkg/Test/SpdmStub/SpdmStub.inf b/DeviceSecurityTestPkg/Test/SpdmStub/SpdmStub.inf new file mode 100644 index 00000000000..3d1cb0b8824 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/SpdmStub/SpdmStub.inf @@ -0,0 +1,56 @@ +## @file +# EDKII SpdmIo Stub +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SpdmStub + FILE_GUID = 29B847DF-E042-4CE1-8BE3-A90B3EEC33AD + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = MainEntryPoint + +[Sources] + SpdmStub.c + SpdmStub.h + SpdmStubTest.c + SpdmDeviceIo.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + CryptoPkg/CryptoPkg.dec + SecurityPkg/SecurityPkg.dec + DeviceSecurityTestPkg/DeviceSecurityTestPkg.dec + +[LibraryClasses] + UefiRuntimeServicesTableLib + UefiBootServicesTableLib + UefiDriverEntryPoint + MemoryAllocationLib + DevicePathLib + BaseMemoryLib + PrintLib + DebugLib + UefiLib + RngLib + BaseCryptLib + SpdmResponderLib + SpdmTransportMctpLib + SpdmTransportPciDoeLib + CryptlibWrapper + +[Guids] + gEfiDeviceSignatureDatabaseGuid ## CONSUMES + gEfiDeviceSecurityPkgTestConfig ## CONSUMES + +[Protocols] + gSpdmIoProtocolGuid ## PRODUCES + gSpdmTestProtocolGuid ## PRODUCES + +[Depex] + TRUE diff --git a/DeviceSecurityTestPkg/Test/SpdmStub/SpdmStubTest.c b/DeviceSecurityTestPkg/Test/SpdmStub/SpdmStubTest.c new file mode 100644 index 00000000000..be160ba1888 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/SpdmStub/SpdmStubTest.c @@ -0,0 +1,173 @@ +/** @file + EDKII SpdmIo Stub + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "SpdmStub.h" + +extern SPDM_TEST_DEVICE_CONTEXT mSpdmTestDeviceContext; + +SPDM_RETURN +SpdmGetResponseVendorDefinedRequest ( + IN VOID *SpdmContext, + IN CONST UINT32 *SessionId, + IN BOOLEAN IsAppMessage, + IN UINTN RequestSize, + IN CONST VOID *Request, + IN OUT UINTN *ResponseSize, + OUT VOID *Response + ) +{ + EFI_STATUS Status; + SPDM_TEST_DEVICE_CONTEXT *SpdmTestContext; + + SpdmTestContext = &mSpdmTestDeviceContext; + + if (SpdmTestContext->ProcessPacketCallback == NULL) { + SpdmGenerateErrorResponse (SpdmContext, SPDM_ERROR_CODE_INVALID_REQUEST, 0, ResponseSize, Response); + return LIBSPDM_STATUS_SUCCESS; + } + + Status = SpdmTestContext->ProcessPacketCallback ( + (VOID *)Request, + RequestSize, + Response, + ResponseSize + ); + if (EFI_ERROR (Status)) { + SpdmGenerateErrorResponse (SpdmContext, SPDM_ERROR_CODE_INVALID_REQUEST, 0, ResponseSize, Response); + return LIBSPDM_STATUS_SUCCESS; + } + + return LIBSPDM_STATUS_SUCCESS; +} + +/** + Set a SPDM Session Data. + + @param This Indicates a pointer to the calling context. + @param DataType Type of the session data. + @param Data A pointer to the session data. + @param DataSize Size of the session data. + + @retval EFI_SUCCESS The SPDM session data is set successfully. + @retval EFI_INVALID_PARAMETER The Data is NULL or the DataType is zero. + @retval EFI_UNSUPPORTED The DataType is unsupported. + @retval EFI_ACCESS_DENIED The DataType cannot be set. + @retval EFI_NOT_READY Current session is not started. +**/ +EFI_STATUS +EFIAPI +SpdmTestProtocolSetData ( + IN SPDM_TEST_PROTOCOL *This, + IN SPDM_DATA_TYPE DataType, + IN SPDM_DATA_PARAMETER *Parameter, + IN VOID *Data, + IN UINTN DataSize + ) +{ + VOID *SpdmContext; + SPDM_TEST_DEVICE_CONTEXT *SpdmTestContext; + SPDM_RETURN SpdmReturn; + + SpdmTestContext = SPDM_TEST_DEVICE_CONTEXT_FROM_SPDM_TEST_PROTOCOL (This); + SpdmContext = SpdmTestContext->SpdmContext; + + SpdmReturn = SpdmSetData (SpdmContext, DataType, Parameter, Data, DataSize); + if (LIBSPDM_STATUS_IS_SUCCESS (SpdmReturn)) { + return EFI_SUCCESS; + } else { + return EFI_DEVICE_ERROR; + } +} + +/** + Get a SPDM Session Data. + + @param This Indicates a pointer to the calling context. + @param DataType Type of the session data. + @param Data A pointer to the session data. + @param DataSize Size of the session data. On input, it means the size of Data + buffer. On output, it means the size of copied Data buffer if + EFI_SUCCESS, and means the size of desired Data buffer if + EFI_BUFFER_TOO_SMALL. + + @retval EFI_SUCCESS The SPDM session data is set successfully. + @retval EFI_INVALID_PARAMETER The DataSize is NULL or the Data is NULL and *DataSize is not zero. + @retval EFI_UNSUPPORTED The DataType is unsupported. + @retval EFI_NOT_FOUND The DataType cannot be found. + @retval EFI_NOT_READY The DataType is not ready to return. + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data. +**/ +EFI_STATUS +EFIAPI +SpdmTestProtocolGetData ( + IN SPDM_TEST_PROTOCOL *This, + IN SPDM_DATA_TYPE DataType, + IN SPDM_DATA_PARAMETER *Parameter, + IN OUT VOID *Data, + IN OUT UINTN *DataSize + ) +{ + VOID *SpdmContext; + SPDM_TEST_DEVICE_CONTEXT *SpdmTestContext; + SPDM_RETURN SpdmReturn; + + SpdmTestContext = SPDM_TEST_DEVICE_CONTEXT_FROM_SPDM_TEST_PROTOCOL (This); + SpdmContext = SpdmTestContext->SpdmContext; + + SpdmReturn = SpdmGetData (SpdmContext, DataType, Parameter, Data, DataSize); + if (LIBSPDM_STATUS_IS_SUCCESS (SpdmReturn)) { + return EFI_SUCCESS; + } else { + return EFI_DEVICE_ERROR; + } +} + +/** + Register a callback function to process a packet in the current SPDM session. + + @param This Indicates a pointer to the calling context. + @param Callback Process packet callback function. + + @retval EFI_SUCCESS The SPDM callback is registered successfully. +**/ +EFI_STATUS +EFIAPI +SpdmTestProtocolRegisterProcessPacketCallback ( + IN SPDM_TEST_PROTOCOL *This, + IN SPDM_TEST_PROCESS_PACKET_CALLBACK Callback + ) +{ + SPDM_TEST_DEVICE_CONTEXT *SpdmTestContext; + + SpdmTestContext = SPDM_TEST_DEVICE_CONTEXT_FROM_SPDM_TEST_PROTOCOL (This); + SpdmTestContext->ProcessPacketCallback = Callback; + return EFI_SUCCESS; +} + +VOID +InitializeSpdmTest ( + IN OUT SPDM_TEST_DEVICE_CONTEXT *SpdmTestDeviceContext + ) +{ + EFI_STATUS Status; + + SpdmTestDeviceContext->SpdmTestProtocol.SetData = SpdmTestProtocolSetData; + SpdmTestDeviceContext->SpdmTestProtocol.GetData = SpdmTestProtocolGetData; + SpdmTestDeviceContext->SpdmTestProtocol.RegisterProcessPacketCallback = SpdmTestProtocolRegisterProcessPacketCallback; + Status = gBS->InstallProtocolInterface ( + &SpdmTestDeviceContext->SpdmHandle, + &gSpdmTestProtocolGuid, + EFI_NATIVE_INTERFACE, + &SpdmTestDeviceContext->SpdmTestProtocol + ); + if (EFI_ERROR (Status)) { + return; + } + + SpdmRegisterGetResponseFunc (SpdmTestDeviceContext->SpdmContext, SpdmGetResponseVendorDefinedRequest); +} diff --git a/DeviceSecurityTestPkg/Test/Tcg2DumpLog/Tcg2DumpLog.c b/DeviceSecurityTestPkg/Test/Tcg2DumpLog/Tcg2DumpLog.c new file mode 100644 index 00000000000..91aecdb5ba8 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Tcg2DumpLog/Tcg2DumpLog.c @@ -0,0 +1,2203 @@ +/** @file + +Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define EV_NO_ACTION ((TCG_EVENTTYPE) 0x00000003) + +typedef struct { + EFI_TCG2_EVENT_LOG_FORMAT LogFormat; +} EFI_TCG2_EVENT_INFO_STRUCT; + +EFI_TCG2_EVENT_INFO_STRUCT mTcg2EventInfo[] = { + { EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 }, + { EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 }, +}; + +typedef +UINTN +(EFIAPI *EFI_HASH_GET_CONTEXT_SIZE)( + VOID + ); + +typedef +BOOLEAN +(EFIAPI *EFI_HASH_INIT)( + OUT VOID *HashContext + ); + +typedef +BOOLEAN +(EFIAPI *EFI_HASH_UPDATE)( + IN OUT VOID *HashContext, + IN CONST VOID *Data, + IN UINTN DataSize + ); + +typedef +BOOLEAN +(EFIAPI *EFI_HASH_FINAL)( + IN OUT VOID *HashContext, + OUT UINT8 *HashValue + ); + +typedef struct { + TPM_ALG_ID HashAlg; + EFI_HASH_GET_CONTEXT_SIZE GetContextSize; + EFI_HASH_INIT Init; + EFI_HASH_UPDATE Update; + EFI_HASH_FINAL Final; +} EFI_HASH_INFO; + +EFI_HASH_INFO mHashInfo[] = { + { TPM_ALG_SHA1, Sha1GetContextSize, Sha1Init, Sha1Update, Sha1Final, }, + { TPM_ALG_SHA256, Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final, }, +}; + +#define PCR_INDEX_ALL 0xFFFFFFFF + +SHELL_PARAM_ITEM mParamList[] = { + { L"-I", TypeValue }, + { L"-L", TypeValue }, + { L"-E", TypeFlag }, + { L"-BIN", TypeValue }, + { L"-C", TypeFlag }, + { L"-A", TypeFlag }, + { L"-?", TypeFlag }, + { L"-h", TypeFlag }, + { NULL, TypeMax }, +}; + +/** + + This function dump raw data. + + @param Data raw data + @param Size raw data size + +**/ +VOID +InternalDumpData ( + IN UINT8 *Data, + IN UINTN Size + ) +{ + UINTN Index; + + for (Index = 0; Index < Size; Index++) { + Print (L"%02x", (UINTN)Data[Index]); + } +} + +/** + + This function dump raw data with colume format. + + @param Data raw data + @param Size raw data size + +**/ +VOID +InternalDumpHex ( + IN UINT8 *Data, + IN UINTN Size + ) +{ + UINTN Index; + UINTN Count; + UINTN Left; + + #define COLUME_SIZE (16 * 2) + + Count = Size / COLUME_SIZE; + Left = Size % COLUME_SIZE; + for (Index = 0; Index < Count; Index++) { + Print (L"%04x: ", Index * COLUME_SIZE); + InternalDumpData (Data + Index * COLUME_SIZE, COLUME_SIZE); + Print (L"\n"); + } + + if (Left != 0) { + Print (L"%04x: ", Index * COLUME_SIZE); + InternalDumpData (Data + Index * COLUME_SIZE, Left); + Print (L"\n"); + } +} + +/** + Dump PCR data. + + @param PcrIndex Pcr index + @param HashAlgo Hash algorithm +**/ +VOID +DumpPcr ( + IN TPMI_DH_PCR PcrIndex, + IN TPM_ALG_ID HashAlgo + ) +{ + EFI_STATUS Status; + TPML_PCR_SELECTION PcrSelectionIn; + UINT32 PcrUpdateCounter; + TPML_PCR_SELECTION PcrSelectionOut; + TPML_DIGEST PcrValues; + UINTN Index; + + ZeroMem (&PcrSelectionIn, sizeof (PcrSelectionIn)); + PcrUpdateCounter = 0; + ZeroMem (&PcrSelectionOut, sizeof (PcrSelectionOut)); + ZeroMem (&PcrValues, sizeof (PcrValues)); + + // + // Fill input + // + PcrSelectionIn.count = 1; + PcrSelectionIn.pcrSelections[0].hash = HashAlgo; + PcrSelectionIn.pcrSelections[0].sizeofSelect = PCR_SELECT_MAX; + PcrSelectionIn.pcrSelections[0].pcrSelect[PcrIndex / 8] = (1 << (PcrIndex % 8)); + Status = Tpm2PcrRead (&PcrSelectionIn, &PcrUpdateCounter, &PcrSelectionOut, &PcrValues); + if (EFI_ERROR (Status)) { + Print (L"Tpm2PcrRead - %r\n", Status); + return; + } + + // + // DumpPcr + // + for (Index = 0; Index < PcrValues.count; Index++) { + Print (L"PCR[%d] (Hash:0x%x): ", PcrIndex, HashAlgo); + InternalDumpData ((UINT8 *)&PcrValues.digests[Index].buffer, PcrValues.digests[Index].size); + Print (L"\n"); + } +} + +/** + Dump Nv data. + + @param NvIndex Nv index + @param HashAlgo Hash algorithm +**/ +VOID +DumpNvIndex ( + IN TPMI_DH_PCR NvIndex, + IN TPMI_ALG_HASH HashAlg + ) +{ + EFI_STATUS Status; + TPMI_RH_NV_AUTH AuthHandle; + UINT16 DataSize; + TPM2B_MAX_BUFFER OutData; + UINT16 Offset; + + AuthHandle = TPM_RH_OWNER; + Offset = 0; + DataSize = GetHashSizeFromAlgo (HashAlg); + ZeroMem (&OutData, sizeof (OutData)); + Status = Tpm2NvRead ( + AuthHandle, + NvIndex, + NULL, + DataSize, + Offset, + &OutData + ); + if (EFI_ERROR (Status)) { + return; + } + + Print (L"PCR[0x%x] (Hash:0x%x): ", NvIndex, HashAlg); + InternalDumpData (OutData.buffer, DataSize); + Print (L"\n"); +} + +EFI_HASH_INFO * +GetHashInfo ( + IN TPM_ALG_ID HashAlg + ) +{ + UINTN Index; + + for (Index = 0; Index < sizeof (mHashInfo)/sizeof (mHashInfo[0]); Index++) { + if (HashAlg == mHashInfo[Index].HashAlg) { + return &mHashInfo[Index]; + } + } + + return NULL; +} + +/** + Get TPML_DIGEST_VALUES compact binary buffer size. + + @param[in] DigestListBin TPML_DIGEST_VALUES compact binary buffer. + + @return TPML_DIGEST_VALUES compact binary buffer size. +**/ +UINT32 +GetDigestListBinSize ( + IN VOID *DigestListBin + ) +{ + UINTN Index; + UINT16 DigestSize; + UINT32 TotalSize; + UINT32 Count; + TPMI_ALG_HASH HashAlg; + + Count = ReadUnaligned32 (DigestListBin); + TotalSize = sizeof (Count); + DigestListBin = (UINT8 *)DigestListBin + sizeof (Count); + for (Index = 0; Index < Count; Index++) { + HashAlg = ReadUnaligned16 (DigestListBin); + TotalSize += sizeof (HashAlg); + DigestListBin = (UINT8 *)DigestListBin + sizeof (HashAlg); + + DigestSize = GetHashSizeFromAlgo (HashAlg); + TotalSize += DigestSize; + DigestListBin = (UINT8 *)DigestListBin + DigestSize; + } + + return TotalSize; +} + +VOID +ExtendEvent ( + IN TPM_ALG_ID HashAlg, + IN OUT VOID *TcgDigest, + IN VOID *NewDigest + ) +{ + VOID *HashCtx; + UINTN CtxSize; + UINT16 DigestSize; + EFI_HASH_INFO *HashInfo; + + DigestSize = GetHashSizeFromAlgo (HashAlg); + + HashInfo = GetHashInfo (HashAlg); + if (HashInfo == NULL) { + SetMem (TcgDigest, DigestSize, 0xFF); + return; + } + + CtxSize = HashInfo->GetContextSize (); + HashCtx = AllocatePool (CtxSize); + if (HashCtx == NULL) { + SetMem (TcgDigest, DigestSize, 0xFF); + return; + } + + HashInfo->Init (HashCtx); + HashInfo->Update (HashCtx, TcgDigest, DigestSize); + HashInfo->Update (HashCtx, NewDigest, DigestSize); + HashInfo->Final (HashCtx, (UINT8 *)TcgDigest); + FreePool (HashCtx); +} + +VOID +ExtendDigestBinEvent ( + IN TPM_ALG_ID HashAlg, + IN OUT VOID *TcgDigest, + IN VOID *DigestBin, + IN UINT32 DigestBinSize + ) +{ + VOID *HashCtx; + UINTN CtxSize; + UINT16 DigestSize; + EFI_HASH_INFO *HashInfo; + + DigestSize = GetHashSizeFromAlgo (HashAlg); + + HashInfo = GetHashInfo (HashAlg); + if (HashInfo == NULL) { + SetMem (TcgDigest, DigestSize, 0xFF); + return; + } + + CtxSize = HashInfo->GetContextSize (); + HashCtx = AllocatePool (CtxSize); + if (HashCtx == NULL) { + SetMem (TcgDigest, DigestSize, 0xFF); + return; + } + + HashInfo->Init (HashCtx); + HashInfo->Update (HashCtx, TcgDigest, DigestSize); + HashInfo->Update (HashCtx, DigestBin, DigestBinSize); + HashInfo->Final (HashCtx, (UINT8 *)TcgDigest); + FreePool (HashCtx); +} + +VOID +DumpTcgSp800155PlatformIdEvent2Struct ( + IN TCG_Sp800_155_PlatformId_Event2 *TcgSp800155PlatformIdEvent2Struct + ) +{ + UINTN Index; + UINT8 *StrSize; + UINT8 *StrBuffer; + UINT32 *Id; + + Print (L" TcgSp800155PlatformIdEvent2Struct:\n"); + Print (L" signature - '"); + for (Index = 0; Index < sizeof (TcgSp800155PlatformIdEvent2Struct->Signature); Index++) { + Print (L"%c", TcgSp800155PlatformIdEvent2Struct->Signature[Index]); + } + + Print (L"'\n"); + Print (L" VendorId - 0x%08x\n", TcgSp800155PlatformIdEvent2Struct->VendorId); + Print (L" ReferenceManifestGuid - %g\n", &TcgSp800155PlatformIdEvent2Struct->ReferenceManifestGuid); + + StrSize = (UINT8 *)(TcgSp800155PlatformIdEvent2Struct + 1); + StrBuffer = StrSize + 1; + Print (L" PlatformManufacturerStrSize - 0x%02x\n", *StrSize); + Print (L" PlatformManufacturerStr - %a\n", StrBuffer); + + StrSize = (UINT8 *)(StrBuffer + *StrSize); + StrBuffer = StrSize + 1; + Print (L" PlatformModelSize - 0x%02x\n", *StrSize); + Print (L" PlatformModel - %a\n", StrBuffer); + + StrSize = (UINT8 *)(StrBuffer + *StrSize); + StrBuffer = StrSize + 1; + Print (L" PlatformVersionSize - 0x%02x\n", *StrSize); + Print (L" PlatformVersion - %a\n", StrBuffer); + + StrSize = (UINT8 *)(StrBuffer + *StrSize); + StrBuffer = StrSize + 1; + Print (L" FirmwareManufacturerStrSize - 0x%02x\n", *StrSize); + Print (L" FirmwareManufacturerStr - %a\n", StrBuffer); + + Id = (UINT32 *)(StrBuffer + *StrSize); + Print (L" FirmwareManufacturerId - 0x%08x\n", *Id); + + StrSize = (UINT8 *)(Id + 1); + StrBuffer = StrSize + 1; + Print (L" FirmwareVersionSize - 0x%02x\n", *StrSize); + Print (L" FirmwareVersion - %a\n", StrBuffer); +} + +VOID +DumpTcgStartupLocalityEventStruct ( + IN TCG_EfiStartupLocalityEvent *TcgStartupLocalityEventStruct + ) +{ + UINTN Index; + + Print (L" TcgStartupLocalityEventStruct:\n"); + Print (L" Signature - '"); + for (Index = 0; Index < sizeof (TcgStartupLocalityEventStruct->Signature); Index++) { + Print (L"%c", TcgStartupLocalityEventStruct->Signature[Index]); + } + + Print (L"'\n"); + Print (L" StartupLocality - 0x%02x\n", TcgStartupLocalityEventStruct->StartupLocality); +} + +VOID +DumpTcgDeviceSecurityEventStruct ( + IN TCG_DEVICE_SECURITY_EVENT_DATA_HEADER *TcgDeviceSecurityEvent + ) +{ + UINTN Index; + TCG_DEVICE_SECURITY_EVENT_DATA_HEADER *EventDataHeader; + SPDM_MEASUREMENT_BLOCK_COMMON_HEADER *CommonHeader; + SPDM_MEASUREMENT_BLOCK_DMTF_HEADER *DmtfHeader; + UINT8 *MeasurementBuffer; + UINT32 DeviceType; + VOID *DeviceContext; + TCG_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT *PciContext; + UINT64 DevicePathLength; + TCG_DEVICE_SECURITY_EVENT_DATA_HEADER2 *EventDataHeader2; + TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK *TcgSpdmMeasurementBlock; + TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN *TcgSpdmCertChain; + SPDM_CERT_CHAIN *SpdmCertChain; + UINT8 *Digest; + UINTN DigestSize; + UINT8 *Cert; + UINTN CertSize; + + EventDataHeader = (TCG_DEVICE_SECURITY_EVENT_DATA_HEADER *)TcgDeviceSecurityEvent; + if (EventDataHeader->Version < TCG_DEVICE_SECURITY_EVENT_DATA_VERSION_2) { + Print (L" TcgDeviceSecurityEvent:\n"); + } else { + Print (L" TcgDeviceSecurityEvent2:\n"); + } + + Print (L" Signature - '"); + for (Index = 0; Index < sizeof (EventDataHeader->Signature); Index++) { + Print (L"%c", EventDataHeader->Signature[Index]); + } + + Print (L"'\n"); + Print (L" Version - 0x%04x\n", EventDataHeader->Version); + if (EventDataHeader->Version < TCG_DEVICE_SECURITY_EVENT_DATA_VERSION_2) { + Print (L" Length - 0x%04x\n", EventDataHeader->Length); + Print (L" SpdmHashAlgo - 0x%08x\n", EventDataHeader->SpdmHashAlgo); + Print (L" DeviceType - 0x%08x\n", EventDataHeader->DeviceType); + DeviceType = EventDataHeader->DeviceType; + + Print (L" SpdmMeasurementBlock:\n"); + CommonHeader = (SPDM_MEASUREMENT_BLOCK_COMMON_HEADER *)((UINT8 *)EventDataHeader + sizeof (TCG_DEVICE_SECURITY_EVENT_DATA_HEADER)); + Print (L" Index - 0x%02x\n", CommonHeader->Index); + Print (L" MeasurementSpec - 0x%02x\n", CommonHeader->MeasurementSpecification); + Print (L" MeasurementSize - 0x%04x\n", CommonHeader->MeasurementSize); + + Print (L" Measurement:\n"); + DmtfHeader = (SPDM_MEASUREMENT_BLOCK_DMTF_HEADER *)((UINT8 *)CommonHeader + sizeof (SPDM_MEASUREMENT_BLOCK_COMMON_HEADER)); + Print (L" DMTFSpecMeasurementValueType - 0x%02x\n", DmtfHeader->DMTFSpecMeasurementValueType); + Print (L" DMTFSpecMeasurementValueSize - 0x%04x\n", DmtfHeader->DMTFSpecMeasurementValueSize); + Print (L" DMTFSpecMeasurementValue - "); + MeasurementBuffer = (UINT8 *)((UINT8 *)DmtfHeader + sizeof (SPDM_MEASUREMENT_BLOCK_DMTF_HEADER)); + for (Index = 0; Index < DmtfHeader->DMTFSpecMeasurementValueSize; Index++) { + Print (L"%02x", MeasurementBuffer[Index]); + } + + Print (L"\n"); + + DeviceContext = (VOID *)(MeasurementBuffer + DmtfHeader->DMTFSpecMeasurementValueSize); + + DevicePathLength = *(UINT64 *)DeviceContext; + DeviceContext = (UINT8 *)DeviceContext + sizeof (UINT64); + Print (L" DevicePathLength - 0x%016lx\n", DevicePathLength); + Print (L" DevicePath - %s\n", ConvertDevicePathToText (DeviceContext, FALSE, FALSE)); + DeviceContext = (UINT8 *)DeviceContext + DevicePathLength; + } else { + EventDataHeader2 = (TCG_DEVICE_SECURITY_EVENT_DATA_HEADER2 *)TcgDeviceSecurityEvent; + Print (L" Length - 0x%08x\n", EventDataHeader2->Length); + Print (L" AuthState - 0x%08x\n", EventDataHeader2->AuthState); + Print (L" DeviceType - 0x%08x\n", EventDataHeader2->DeviceType); + DeviceType = EventDataHeader2->DeviceType; + + Print (L" SubHeaderType - 0x%08x\n", EventDataHeader2->SubHeaderType); + Print (L" SubHeaderLength - 0x%08x\n", EventDataHeader2->SubHeaderLength); + Print (L" SubHeaderUID - 0x%016lx\n", EventDataHeader2->SubHeaderUID); + + DeviceContext = (EventDataHeader2 + 1); + DevicePathLength = *(UINT64 *)DeviceContext; + DeviceContext = (UINT8 *)DeviceContext + sizeof (UINT64); + Print (L" DevicePathLength - 0x%016lx\n", DevicePathLength); + Print (L" DevicePath - %s\n", ConvertDevicePathToText (DeviceContext, FALSE, FALSE)); + DeviceContext = (UINT8 *)DeviceContext + DevicePathLength; + + switch (EventDataHeader2->SubHeaderType) { + case TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_SUB_HEADER_TYPE_SPDM_MEASUREMENT_BLOCK: + if (EventDataHeader2->SubHeaderLength == 0) { + break; + } + + TcgSpdmMeasurementBlock = DeviceContext; + Print (L" SpdmMeasurementBlockSubHeader:\n"); + Print (L" SpdmVersion - 0x%04x\n", TcgSpdmMeasurementBlock->SpdmVersion); + Print (L" SpdmMeasurementBlockCount - 0x%02x\n", TcgSpdmMeasurementBlock->SpdmMeasurementBlockCount); + Print (L" SpdmMeasurementHashAlgo - 0x%08x\n", TcgSpdmMeasurementBlock->SpdmMeasurementHashAlgo); + + Print (L" SpdmMeasurementBlock:\n"); + CommonHeader = (SPDM_MEASUREMENT_BLOCK_COMMON_HEADER *)(TcgSpdmMeasurementBlock + 1); + Print (L" Index - 0x%02x\n", CommonHeader->Index); + Print (L" MeasurementSpec - 0x%02x\n", CommonHeader->MeasurementSpecification); + Print (L" MeasurementSize - 0x%04x\n", CommonHeader->MeasurementSize); + + Print (L" Measurement:\n"); + DmtfHeader = (SPDM_MEASUREMENT_BLOCK_DMTF_HEADER *)((UINT8 *)CommonHeader + sizeof (SPDM_MEASUREMENT_BLOCK_COMMON_HEADER)); + Print (L" DMTFSpecMeasurementValueType - 0x%02x\n", DmtfHeader->DMTFSpecMeasurementValueType); + Print (L" DMTFSpecMeasurementValueSize - 0x%04x\n", DmtfHeader->DMTFSpecMeasurementValueSize); + Print (L" DMTFSpecMeasurementValue - "); + MeasurementBuffer = (UINT8 *)((UINT8 *)DmtfHeader + sizeof (SPDM_MEASUREMENT_BLOCK_DMTF_HEADER)); + for (Index = 0; Index < DmtfHeader->DMTFSpecMeasurementValueSize; Index++) { + Print (L"%02x", MeasurementBuffer[Index]); + } + + Print (L"\n"); + break; + + case TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_SUB_HEADER_TYPE_SPDM_CERT_CHAIN: + if (EventDataHeader2->SubHeaderLength == 0) { + break; + } + + TcgSpdmCertChain = DeviceContext; + Print (L" SpdmCertChainSubHeader:\n"); + Print (L" SpdmVersion - 0x%04x\n", TcgSpdmCertChain->SpdmVersion); + Print (L" SpdmSlotId - 0x%02x\n", TcgSpdmCertChain->SpdmSlotId); + Print (L" SpdmHashAlgo - 0x%08x\n", TcgSpdmCertChain->SpdmHashAlgo); + + if (EventDataHeader->Version < TCG_DEVICE_SECURITY_EVENT_DATA_VERSION_2) { + } else { + if (EventDataHeader2->AuthState == TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_INVALID) { + break; + } + } + Print (L" SpdmCertChain:\n"); + SpdmCertChain = (VOID *)(TcgSpdmCertChain + 1); + Print (L" Length - 0x%04x\n", SpdmCertChain->Length); + + Digest = (VOID *)(SpdmCertChain + 1); + switch (TcgSpdmCertChain->SpdmHashAlgo) { + case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256: + case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256: + DigestSize = 32; + break; + case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384: + case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384: + DigestSize = 48; + break; + case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512: + case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512: + DigestSize = 64; + break; + default: + ASSERT (FALSE); + break; + } + + Print (L" Digest - "); + for (Index = 0; Index < DigestSize; Index++) { + Print (L"%02x", Digest[Index]); + } + + Print (L"\n"); + + Cert = Digest + DigestSize; + CertSize = SpdmCertChain->Length - sizeof (SPDM_CERT_CHAIN) - DigestSize; + Print (L" Cert - "); + + for (Index = 0; Index < CertSize; Index++) { + Print (L"%02x ", Cert[Index]); + + if ((Index + 1) % 0x10 == 0) { + Print (L"\n"); + if (Index + 1 < CertSize) { + Print (L" "); + } + } + } + + if ((CertSize == 0) || (CertSize % 0x10 != 0)) { + Print (L"\n"); + } + + break; + + default: + Print (L" Unknown SubHeader:\n"); + break; + } + + DeviceContext = (VOID *)((UINTN)DeviceContext + EventDataHeader2->SubHeaderLength); + } + + switch (DeviceType) { + case TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_TYPE_NULL: + Print (L" DeviceSecurityEventData - No Context\n"); + break; + case TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_TYPE_PCI: + Print (L" DeviceSecurityEventData - PCI Context\n"); + PciContext = (TCG_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT *)DeviceContext; + Print (L" Version - 0x%04x\n", PciContext->Version); + Print (L" Length - 0x%04x\n", PciContext->Length); + Print (L" VendorId - 0x%04x\n", PciContext->VendorId); + Print (L" DeviceId - 0x%04x\n", PciContext->DeviceId); + Print (L" RevisionID - 0x%02x\n", PciContext->RevisionID); + Print (L" ClassCode - 0x%06x\n", PciContext->ClassCode[2] << 16 | PciContext->ClassCode[1] << 8| PciContext->ClassCode[0]); + Print (L" SubsystemVendorID - 0x%04x\n", PciContext->SubsystemVendorID); + Print (L" SubsystemID - 0x%04x\n", PciContext->SubsystemID); + break; + case TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_TYPE_USB: + Print (L" DeviceSecurityEventData - USB Context\n"); + break; + default: + Print (L" DeviceSecurityEventData - Reserved\n"); + } +} + +VOID +DumpTcgNvIndexInstanceEventStruct ( + IN TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT *TcgNvIndexInstanceEvent + ) +{ + UINTN Index; + + Print (L" TcgNvIndexInstanceEvent:\n"); + Print (L" Signature - '"); + for (Index = 0; Index < sizeof (TcgNvIndexInstanceEvent->Signature); Index++) { + Print (L"%c", TcgNvIndexInstanceEvent->Signature[Index]); + } + + Print (L"'\n"); + Print (L" Version - 0x%04x\n", TcgNvIndexInstanceEvent->Version); + + DumpTcgDeviceSecurityEventStruct ((VOID *)(TcgNvIndexInstanceEvent + 1)); +} + +VOID +DumpTcgNvIndexDynamicEventStruct ( + IN TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT *TcgNvIndexDynamicEvent + ) +{ + UINTN Index; + UINT16 DescriptionSize; + UINT8 *Description; + UINT16 DataSize; + UINT8 *Data; + + Print (L" TcgNvIndexDynamicEvent:\n"); + Print (L" Signature - '"); + for (Index = 0; Index < sizeof (TcgNvIndexDynamicEvent->Signature); Index++) { + Print (L"%c", TcgNvIndexDynamicEvent->Signature[Index]); + } + + Print (L"'\n"); + Print (L" Version - 0x%04x\n", TcgNvIndexDynamicEvent->Version); + Print (L" Uid - 0x%016lx\n", TcgNvIndexDynamicEvent->Uid); + + DescriptionSize = *(UINT16 *)((UINTN)TcgNvIndexDynamicEvent + sizeof (TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT)); + Description = (UINT8 *)((UINTN)TcgNvIndexDynamicEvent + sizeof (TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT) + sizeof (UINT16)); + Print (L" DescriptionSize - 0x%04x\n", DescriptionSize); + Print (L" Description - \""); + for (Index = 0; Index < DescriptionSize; Index++) { + Print (L"%c", Description[Index]); + } + + Print (L"\"\n"); + + DataSize = *(UINT16 *)((UINTN)Description + DescriptionSize); + Data = (UINT8 *)((UINTN)Description + DescriptionSize + sizeof (UINT16)); + Print (L" DataSize - 0x%04x\n", DataSize); + Print (L" Data - "); + for (Index = 0; Index < DataSize; Index++) { + Print (L"%02x", Data[Index]); + } + + Print (L"\n"); +} + +typedef struct { + CHAR16 *VariableName; + EFI_GUID *VendorGuid; +} VARIABLE_TYPE; + +VARIABLE_TYPE mSecureBootDatabaseVariableType[] = { + { EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid }, + { EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid }, + { EFI_DEVICE_SECURITY_DATABASE, &gEfiDeviceSignatureDatabaseGuid }, +}; + +BOOLEAN +IsSecureBootDatabaseVariable ( + IN CHAR16 *VariableName, + IN UINTN VariableNameLength, + IN EFI_GUID *VendorGuid + ) +{ + UINTN Index; + UINTN VariableNameLen; + + for (Index = 0; Index < sizeof (mSecureBootDatabaseVariableType)/sizeof (mSecureBootDatabaseVariableType[0]); Index++) { + VariableNameLen = StrLen (mSecureBootDatabaseVariableType[Index].VariableName); + if ((VariableNameLen == VariableNameLength) && + (CompareMem (VariableName, mSecureBootDatabaseVariableType[Index].VariableName, VariableNameLength * sizeof (CHAR16)) == 0) && + (CompareGuid (VendorGuid, mSecureBootDatabaseVariableType[Index].VendorGuid))) + { + return TRUE; + } + } + + return FALSE; +} + +VOID +DumpSecureBootAuthorityVariable ( + IN VOID *Data, + IN UINTN DataSize + ) +{ + EFI_SIGNATURE_DATA *SignatureData; + UINTN Index; + UINT8 *Signature; + + Print (L" ==================\n"); + SignatureData = Data; + Print (L" EFI_SIGNATURE_DATA :\n"); + Print (L" SignatureOwner - %g\n", &SignatureData->SignatureOwner); + Signature = SignatureData->SignatureData; + Print (L" SignatureData - "); + + for (Index = 0; Index < DataSize - OFFSET_OF (EFI_SIGNATURE_DATA, SignatureData); Index++) { + Print (L"%02x ", Signature[Index]); + + if ((Index + 1) % 0x10 == 0) { + Print (L"\n"); + if (Index + 1 < DataSize - OFFSET_OF (EFI_SIGNATURE_DATA, SignatureData)) { + Print (L" "); + } + } + } + + if ((DataSize - OFFSET_OF (EFI_SIGNATURE_DATA, SignatureData) == 0) || + (DataSize - OFFSET_OF (EFI_SIGNATURE_DATA, SignatureData) % 0x10 != 0)) + { + Print (L"\n"); + } + + Print (L" ==================\n"); +} + +VOID +DumpSecureBootDatabaseVariable ( + IN VOID *Data, + IN UINTN DataSize + ) +{ + EFI_SIGNATURE_LIST *SignatureList; + EFI_SIGNATURE_DATA *SignatureData; + UINT8 *SignatureHeader; + UINTN Index; + UINT8 *Signature; + + Print (L" ==================\n"); + SignatureList = Data; + while ((UINTN)SignatureList < (UINTN)Data + DataSize) { + Print (L" EFI_SIGNATURE_LIST :\n"); + Print (L" SignatureType - %g\n", &SignatureList->SignatureType); + Print (L" SignatureListSize - 0x%08x\n", SignatureList->SignatureListSize); + Print (L" SignatureHeaderSize - 0x%08x\n", SignatureList->SignatureHeaderSize); + Print (L" SignatureSize - 0x%08x\n", SignatureList->SignatureSize); + Print (L" SignatureHeader - "); + SignatureHeader = (VOID *)(SignatureList + 1); + for (Index = 0; Index < SignatureList->SignatureHeaderSize; Index++) { + Print (L"%02x", SignatureHeader[Index]); + } + + Print (L"\n"); + Print (L" EFI_SIGNATURE_DATA :\n"); + SignatureData = (VOID *)((UINTN)SignatureList + sizeof (EFI_SIGNATURE_LIST) + SignatureList->SignatureHeaderSize); + while ((UINTN)SignatureData < (UINTN)SignatureList + SignatureList->SignatureListSize) { + Print (L" SignatureOwner - %g\n", &SignatureData->SignatureOwner); + Signature = SignatureData->SignatureData; + Print (L" SignatureData - "); + + for (Index = 0; Index < SignatureList->SignatureSize - OFFSET_OF (EFI_SIGNATURE_DATA, SignatureData); Index++) { + Print (L"%02x ", Signature[Index]); + + if ((Index + 1) % 0x10 == 0) { + Print (L"\n"); + if (Index + 1 < SignatureList->SignatureSize - OFFSET_OF (EFI_SIGNATURE_DATA, SignatureData)) { + Print (L" "); + } + } + } + + if ((SignatureList->SignatureSize - OFFSET_OF (EFI_SIGNATURE_DATA, SignatureData) == 0) || + (SignatureList->SignatureSize - OFFSET_OF (EFI_SIGNATURE_DATA, SignatureData) % 0x10 != 0)) + { + Print (L"\n"); + } + + SignatureData = (VOID *)((UINTN)SignatureData + SignatureList->SignatureSize); + } + + SignatureList = (VOID *)((UINTN)SignatureList + SignatureList->SignatureListSize); + } + + Print (L" ==================\n"); +} + +VOID +ParseEventData ( + IN TCG_EVENTTYPE EventType, + IN UINT8 *EventBuffer, + IN UINTN EventSize + ) +{ + UINTN Index; + + UEFI_VARIABLE_DATA *UefiVariableData; + UINT8 *VariableData; + + EFI_IMAGE_LOAD_EVENT *EfiImageLoadEvent; + + EFI_PLATFORM_FIRMWARE_BLOB *EfiPlatformFirmwareBlob; + UEFI_PLATFORM_FIRMWARE_BLOB *UefiPlatformFirmwareBlob; + UEFI_PLATFORM_FIRMWARE_BLOB2 *UefiPlatformFirmwareBlob2; + EFI_HANDOFF_TABLE_POINTERS *EfiHandoffTablePointers; + UEFI_HANDOFF_TABLE_POINTERS *UefiHandoffTablePointers; + UEFI_HANDOFF_TABLE_POINTERS2 *UefiHandoffTablePointers2; + + InternalDumpHex (EventBuffer, EventSize); + + switch (EventType) { + case EV_POST_CODE: + Print (L" EventData - Type: EV_POST_CODE\n"); + Print (L" POST CODE - \""); + + for (Index = 0; Index < EventSize; Index++) { + Print (L"%c", EventBuffer[Index]); + } + + Print (L"\"\n"); + + break; + + case EV_NO_ACTION: + Print (L" EventData - Type: EV_NO_ACTION\n"); + + if ((EventSize >= sizeof (TCG_Sp800_155_PlatformId_Event2)) && + (CompareMem (EventBuffer, TCG_Sp800_155_PlatformId_Event2_SIGNATURE, sizeof (TCG_Sp800_155_PlatformId_Event2_SIGNATURE) - 1) == 0)) + { + DumpTcgSp800155PlatformIdEvent2Struct ((TCG_Sp800_155_PlatformId_Event2 *)EventBuffer); + + break; + } + + if ((EventSize >= sizeof (TCG_EfiStartupLocalityEvent)) && + (CompareMem (EventBuffer, TCG_EfiStartupLocalityEvent_SIGNATURE, sizeof (TCG_EfiStartupLocalityEvent_SIGNATURE)) == 0)) + { + DumpTcgStartupLocalityEventStruct ((TCG_EfiStartupLocalityEvent *)EventBuffer); + + break; + } + + if ((EventSize >= sizeof (TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT)) && + (CompareMem (EventBuffer, TCG_NV_EXTEND_INDEX_FOR_INSTANCE_SIGNATURE, sizeof (TCG_NV_EXTEND_INDEX_FOR_INSTANCE_SIGNATURE)) == 0)) + { + DumpTcgNvIndexInstanceEventStruct ((TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT *)EventBuffer); + + break; + } + + if ((EventSize >= sizeof (TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT)) && + (CompareMem (EventBuffer, TCG_NV_EXTEND_INDEX_FOR_DYNAMIC_SIGNATURE, sizeof (TCG_NV_EXTEND_INDEX_FOR_DYNAMIC_SIGNATURE)) == 0)) + { + DumpTcgNvIndexDynamicEventStruct ((TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT *)EventBuffer); + + break; + } + + Print (L" Unknown EV_NO_ACTION\n"); + + break; + + case EV_SEPARATOR: + Print (L" EventData - Type: EV_SEPARATOR\n"); + Print (L" SEPARATOR - 0x%08x\n", *(UINT32 *)EventBuffer); + + break; + + case EV_S_CRTM_VERSION: + Print (L" EventData - Type: EV_S_CRTM_VERSION\n"); + Print (L" CRTM VERSION - L\""); + + for (Index = 0; Index < EventSize; Index += 2) { + Print (L"%c", EventBuffer[Index]); + } + + Print (L"\"\n"); + + break; + + case EV_EFI_VARIABLE_DRIVER_CONFIG: + case EV_EFI_VARIABLE_BOOT: + case EV_EFI_VARIABLE_AUTHORITY: + case EV_EFI_SPDM_DEVICE_POLICY: + case EV_EFI_SPDM_DEVICE_AUTHORITY: + if (EventType == EV_EFI_VARIABLE_DRIVER_CONFIG) { + Print (L" EventData - Type: EV_EFI_VARIABLE_DRIVER_CONFIG\n"); + } else if (EventType == EV_EFI_VARIABLE_BOOT) { + Print (L" EventData - Type: EV_EFI_VARIABLE_AUTHORITY\n"); + } else if (EventType == EV_EFI_VARIABLE_AUTHORITY) { + Print (L" EventData - Type: EV_EFI_VARIABLE_BOOT\n"); + } else if (EventType == EV_EFI_SPDM_DEVICE_POLICY) { + Print (L" EventData - Type: EV_EFI_SPDM_DEVICE_POLICY\n"); + } else if (EventType == EV_EFI_SPDM_DEVICE_AUTHORITY) { + Print (L" EventData - Type: EV_EFI_SPDM_DEVICE_AUTHORITY\n"); + } + + UefiVariableData = (UEFI_VARIABLE_DATA *)EventBuffer; + Print (L" VariableName - %g\n", &UefiVariableData->VariableName); + Print (L" UnicodeNameLength - 0x%016x\n", UefiVariableData->UnicodeNameLength); + Print (L" VariableDataLength - 0x%016x\n", UefiVariableData->VariableDataLength); + + Print (L" UnicodeName - "); + for (Index = 0; Index < UefiVariableData->UnicodeNameLength; Index++) { + Print (L"%c", UefiVariableData->UnicodeName[Index]); + } + + Print (L"\n"); + + VariableData = (UINT8 *)&UefiVariableData->UnicodeName[Index]; + Print (L" VariableData - "); + + for (Index = 0; Index < UefiVariableData->VariableDataLength; Index++) { + Print (L"%02x ", VariableData[Index]); + + if ((Index + 1) % 0x10 == 0) { + Print (L"\n"); + if (Index + 1 < UefiVariableData->VariableDataLength) { + Print (L" "); + } + } + } + + if ((UefiVariableData->VariableDataLength == 0) || (UefiVariableData->VariableDataLength % 0x10 != 0)) { + Print (L"\n"); + } + + if (IsSecureBootDatabaseVariable (UefiVariableData->UnicodeName, (UINTN)UefiVariableData->UnicodeNameLength, &UefiVariableData->VariableName)) { + if ((EventType == EV_EFI_VARIABLE_AUTHORITY) || (EventType == EV_EFI_SPDM_DEVICE_AUTHORITY)) { + DumpSecureBootAuthorityVariable (VariableData, (UINTN)UefiVariableData->VariableDataLength); + } else { + DumpSecureBootDatabaseVariable (VariableData, (UINTN)UefiVariableData->VariableDataLength); + } + } + + break; + + case EV_EFI_BOOT_SERVICES_APPLICATION: + case EV_EFI_BOOT_SERVICES_DRIVER: + case EV_EFI_RUNTIME_SERVICES_DRIVER: + if (EventType == EV_EFI_BOOT_SERVICES_APPLICATION) { + Print (L" EventData - Type: EV_EFI_BOOT_SERVICES_APPLICATION\n"); + } else if (EventType == EV_EFI_BOOT_SERVICES_DRIVER) { + Print (L" EventData - Type: EV_EFI_BOOT_SERVICES_DRIVER\n"); + } else if (EventType == EV_EFI_RUNTIME_SERVICES_DRIVER) { + Print (L" EventData - Type: EV_EFI_RUNTIME_SERVICES_DRIVER\n"); + } + + EfiImageLoadEvent = (EFI_IMAGE_LOAD_EVENT *)EventBuffer; + Print (L" ImageLocationInMemory - 0x%016x\n", EfiImageLoadEvent->ImageLocationInMemory); + Print (L" ImageLengthInMemory - 0x%016x\n", EfiImageLoadEvent->ImageLengthInMemory); + Print (L" ImageLinkTimeAddress - 0x%016x\n", EfiImageLoadEvent->ImageLinkTimeAddress); + Print (L" LengthOfDevicePath - 0x%016x\n", EfiImageLoadEvent->LengthOfDevicePath); + Print (L" DevicePath:\n"); + Print (L" %s\n", ConvertDevicePathToText (EfiImageLoadEvent->DevicePath, FALSE, FALSE)); + + break; + + case EV_EFI_ACTION: + Print (L" EventData - Type: EV_EFI_ACTION\n"); + Print (L" Action String - \""); + + for (Index = 0; Index < EventSize; Index++) { + Print (L"%c", EventBuffer[Index]); + } + + Print (L"\"\n"); + + break; + + case EV_EFI_PLATFORM_FIRMWARE_BLOB: + EfiPlatformFirmwareBlob = (EFI_PLATFORM_FIRMWARE_BLOB *)EventBuffer; + Print (L" EventData - Type: EV_EFI_PLATFORM_FIRMWARE_BLOB\n"); + Print (L" BlobBase - 0x%016x\n", EfiPlatformFirmwareBlob->BlobBase); + Print (L" BlobLength - 0x%016x\n", EfiPlatformFirmwareBlob->BlobLength); + + break; + + case EV_EFI_PLATFORM_FIRMWARE_BLOB2: + UefiPlatformFirmwareBlob2 = (UEFI_PLATFORM_FIRMWARE_BLOB2 *)EventBuffer; + UefiPlatformFirmwareBlob = (UEFI_PLATFORM_FIRMWARE_BLOB *)(EventBuffer + + sizeof (UefiPlatformFirmwareBlob2->BlobDescriptionSize) + + UefiPlatformFirmwareBlob2->BlobDescriptionSize); + Print (L" EventData - Type: EV_EFI_PLATFORM_FIRMWARE_BLOB2\n"); + Print (L" BlobDescriptionSize - 0x%02x\n", UefiPlatformFirmwareBlob2->BlobDescriptionSize); + Print (L" BlobDescription - \""); + for (Index = 0; Index < UefiPlatformFirmwareBlob2->BlobDescriptionSize; Index++) { + Print (L"%c", *(EventBuffer + sizeof (UefiPlatformFirmwareBlob2->BlobDescriptionSize) + Index)); + } + + Print (L"\"\n"); + Print (L" BlobBase - 0x%016x\n", UefiPlatformFirmwareBlob->BlobBase); + Print (L" BlobLength - 0x%016x\n", UefiPlatformFirmwareBlob->BlobLength); + + break; + + case EV_EFI_HANDOFF_TABLES: + EfiHandoffTablePointers = (EFI_HANDOFF_TABLE_POINTERS *)EventBuffer; + Print (L" EventData - Type: EV_EFI_HANDOFF_TABLES\n"); + Print (L" NumberOfTables - 0x%016x\n", EfiHandoffTablePointers->NumberOfTables); + for (Index = 0; Index < EfiHandoffTablePointers->NumberOfTables; Index++) { + Print (L" TableEntry (%d):\n", Index); + Print (L" VendorGuid - %g\n", &EfiHandoffTablePointers->TableEntry[Index].VendorGuid); + Print (L" VendorTable - 0x%016x\n", EfiHandoffTablePointers->TableEntry[Index].VendorTable); + } + + break; + + case EV_EFI_HANDOFF_TABLES2: + UefiHandoffTablePointers2 = (UEFI_HANDOFF_TABLE_POINTERS2 *)EventBuffer; + UefiHandoffTablePointers = (UEFI_HANDOFF_TABLE_POINTERS *)(EventBuffer + + sizeof (UefiHandoffTablePointers2->TableDescriptionSize) + + UefiHandoffTablePointers2->TableDescriptionSize); + Print (L" EventData - Type: EV_EFI_HANDOFF_TABLES2\n"); + Print (L" TableDescriptionSize - 0x%02x\n", UefiHandoffTablePointers2->TableDescriptionSize); + Print (L" TableDescription - \""); + for (Index = 0; Index < UefiHandoffTablePointers2->TableDescriptionSize; Index++) { + Print (L"%c", *(EventBuffer + sizeof (UefiHandoffTablePointers2->TableDescriptionSize) + Index)); + } + + Print (L"\"\n"); + + Print (L" NumberOfTables - 0x%016x\n", UefiHandoffTablePointers->NumberOfTables); + for (Index = 0; Index < UefiHandoffTablePointers->NumberOfTables; Index++) { + Print (L" TableEntry (%d):\n", Index); + Print (L" VendorGuid - %g\n", &UefiHandoffTablePointers->TableEntry[Index].VendorGuid); + Print (L" VendorTable - 0x%016x\n", UefiHandoffTablePointers->TableEntry[Index].VendorTable); + } + + break; + + case EV_EFI_SPDM_FIRMWARE_BLOB: + case EV_EFI_SPDM_FIRMWARE_CONFIG: + if (EventType == EV_EFI_SPDM_FIRMWARE_BLOB) { + Print (L" EventData - Type: EV_EFI_SPDM_FIRMWARE_BLOB\n"); + } else if (EventType == EV_EFI_SPDM_FIRMWARE_CONFIG) { + Print (L" EventData - Type: EV_EFI_SPDM_FIRMWARE_CONFIG\n"); + } + + DumpTcgDeviceSecurityEventStruct ((TCG_DEVICE_SECURITY_EVENT_DATA_HEADER *)EventBuffer); + + break; + + default: + Print (L"Unknown Event Type\n"); + break; + } +} + +VOID +DumpEvent ( + IN TCG_PCR_EVENT_HDR *EventHdr + ) +{ + UINTN Index; + + Print (L" Event:\n"); + Print (L" PCRIndex - %d\n", EventHdr->PCRIndex); + Print (L" EventType - 0x%08x\n", EventHdr->EventType); + Print (L" Digest - "); + for (Index = 0; Index < sizeof (TCG_DIGEST); Index++) { + Print (L"%02x", EventHdr->Digest.digest[Index]); + } + + Print (L"\n"); + Print (L" EventSize - 0x%08x\n", EventHdr->EventSize); + ParseEventData (EventHdr->EventType, (UINT8 *)(EventHdr + 1), EventHdr->EventSize); +} + +/** + This function dump TCG_EfiSpecIDEventStruct. + + @param[in] TcgEfiSpecIdEventStruct A pointer to TCG_EfiSpecIDEventStruct. +**/ +VOID +DumpTcgEfiSpecIdEventStruct ( + IN TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct + ) +{ + TCG_EfiSpecIdEventAlgorithmSize *digestSize; + UINTN Index; + UINT8 *vendorInfoSize; + UINT8 *vendorInfo; + UINT32 numberOfAlgorithms; + + Print (L" TCG_EfiSpecIDEventStruct:\n"); + Print (L" signature - '"); + for (Index = 0; Index < sizeof (TcgEfiSpecIdEventStruct->signature); Index++) { + Print (L"%c", TcgEfiSpecIdEventStruct->signature[Index]); + } + + Print (L"'\n"); + Print (L" platformClass - 0x%08x\n", TcgEfiSpecIdEventStruct->platformClass); + Print (L" specVersion - %d.%d.%d\n", TcgEfiSpecIdEventStruct->specVersionMajor, TcgEfiSpecIdEventStruct->specVersionMinor, TcgEfiSpecIdEventStruct->specErrata); + Print (L" uintnSize - 0x%02x\n", TcgEfiSpecIdEventStruct->uintnSize); + + CopyMem (&numberOfAlgorithms, TcgEfiSpecIdEventStruct + 1, sizeof (numberOfAlgorithms)); + Print (L" numberOfAlgorithms - 0x%08x\n", numberOfAlgorithms); + + digestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof (*TcgEfiSpecIdEventStruct) + sizeof (numberOfAlgorithms)); + for (Index = 0; Index < numberOfAlgorithms; Index++) { + Print (L" digest(%d)\n", Index); + Print (L" algorithmId - 0x%04x\n", digestSize[Index].algorithmId); + Print (L" digestSize - 0x%04x\n", digestSize[Index].digestSize); + } + + vendorInfoSize = (UINT8 *)&digestSize[numberOfAlgorithms]; + Print (L" vendorInfoSize - 0x%02x\n", *vendorInfoSize); + vendorInfo = vendorInfoSize + 1; + Print (L" vendorInfo - "); + for (Index = 0; Index < *vendorInfoSize; Index++) { + Print (L"%02x", vendorInfo[Index]); + } + + Print (L"\n"); +} + +/** + This function get size of TCG_EfiSpecIDEventStruct. + + @param[in] TcgEfiSpecIdEventStruct A pointer to TCG_EfiSpecIDEventStruct. +**/ +UINTN +GetTcgEfiSpecIdEventStructSize ( + IN TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct + ) +{ + TCG_EfiSpecIdEventAlgorithmSize *digestSize; + UINT8 *vendorInfoSize; + UINT32 numberOfAlgorithms; + + CopyMem (&numberOfAlgorithms, TcgEfiSpecIdEventStruct + 1, sizeof (numberOfAlgorithms)); + + digestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof (*TcgEfiSpecIdEventStruct) + sizeof (numberOfAlgorithms)); + vendorInfoSize = (UINT8 *)&digestSize[numberOfAlgorithms]; + return sizeof (TCG_EfiSpecIDEventStruct) + sizeof (UINT32) + (numberOfAlgorithms * sizeof (TCG_EfiSpecIdEventAlgorithmSize)) + sizeof (UINT8) + (*vendorInfoSize); +} + +VOID +DumpEvent2 ( + IN TCG_PCR_EVENT2 *TcgPcrEvent2 + ) +{ + UINTN Index; + UINT32 DigestIndex; + UINT32 DigestCount; + TPMI_ALG_HASH HashAlgo; + UINT32 DigestSize; + UINT8 *DigestBuffer; + UINT32 EventSize; + UINT8 *EventBuffer; + + Print (L" Event:\n"); + if (TcgPcrEvent2->PCRIndex < 24) { + Print (L" PCRIndex - %d\n", TcgPcrEvent2->PCRIndex); + } else { + Print (L" PCRIndex - 0x%08x (NvIndex)\n", TcgPcrEvent2->PCRIndex); + } + + Print (L" EventType - 0x%08x\n", TcgPcrEvent2->EventType); + Print (L" DigestCount: 0x%08x\n", TcgPcrEvent2->Digest.count); + + DigestCount = TcgPcrEvent2->Digest.count; + HashAlgo = TcgPcrEvent2->Digest.digests[0].hashAlg; + DigestBuffer = (UINT8 *)&TcgPcrEvent2->Digest.digests[0].digest; + for (DigestIndex = 0; DigestIndex < DigestCount; DigestIndex++) { + Print (L" HashAlgo : 0x%04x\n", HashAlgo); + Print (L" Digest(%d): ", DigestIndex); + DigestSize = GetHashSizeFromAlgo (HashAlgo); + for (Index = 0; Index < DigestSize; Index++) { + Print (L"%02x", DigestBuffer[Index]); + } + + Print (L"\n"); + // + // Prepare next + // + CopyMem (&HashAlgo, DigestBuffer + DigestSize, sizeof (TPMI_ALG_HASH)); + DigestBuffer = DigestBuffer + DigestSize + sizeof (TPMI_ALG_HASH); + } + + DigestBuffer = DigestBuffer - sizeof (TPMI_ALG_HASH); + + CopyMem (&EventSize, DigestBuffer, sizeof (TcgPcrEvent2->EventSize)); + Print (L" EventSize - 0x%08x\n", EventSize); + EventBuffer = DigestBuffer + sizeof (TcgPcrEvent2->EventSize); + ParseEventData (TcgPcrEvent2->EventType, EventBuffer, EventSize); +} + +UINTN +GetPcrEventSize ( + IN TCG_PCR_EVENT *TcgPcrEvent + ) +{ + return sizeof (TCG_PCR_EVENT_HDR) + TcgPcrEvent->EventSize; +} + +UINTN +GetPcrEvent2Size ( + IN TCG_PCR_EVENT2 *TcgPcrEvent2 + ) +{ + UINT32 DigestIndex; + UINT32 DigestCount; + TPMI_ALG_HASH HashAlgo; + UINT32 DigestSize; + UINT8 *DigestBuffer; + UINT32 EventSize; + UINT8 *EventBuffer; + + DigestCount = TcgPcrEvent2->Digest.count; + HashAlgo = TcgPcrEvent2->Digest.digests[0].hashAlg; + DigestBuffer = (UINT8 *)&TcgPcrEvent2->Digest.digests[0].digest; + for (DigestIndex = 0; DigestIndex < DigestCount; DigestIndex++) { + DigestSize = GetHashSizeFromAlgo (HashAlgo); + // + // Prepare next + // + CopyMem (&HashAlgo, DigestBuffer + DigestSize, sizeof (TPMI_ALG_HASH)); + DigestBuffer = DigestBuffer + DigestSize + sizeof (TPMI_ALG_HASH); + } + + DigestBuffer = DigestBuffer - sizeof (TPMI_ALG_HASH); + + CopyMem (&EventSize, DigestBuffer, sizeof (TcgPcrEvent2->EventSize)); + EventBuffer = DigestBuffer + sizeof (TcgPcrEvent2->EventSize); + + return (UINTN)EventBuffer + EventSize - (UINTN)TcgPcrEvent2; +} + +UINT8 * +GetDigestFromPcrEvent2 ( + IN TCG_PCR_EVENT2 *TcgPcrEvent2, + IN TPMI_ALG_HASH HashAlg + ) +{ + UINT32 DigestIndex; + UINT32 DigestCount; + TPMI_ALG_HASH HashAlgo; + UINT32 DigestSize; + UINT8 *DigestBuffer; + + DigestCount = TcgPcrEvent2->Digest.count; + HashAlgo = TcgPcrEvent2->Digest.digests[0].hashAlg; + DigestBuffer = (UINT8 *)&TcgPcrEvent2->Digest.digests[0].digest; + for (DigestIndex = 0; DigestIndex < DigestCount; DigestIndex++) { + DigestSize = GetHashSizeFromAlgo (HashAlgo); + + if (HashAlg == HashAlgo) { + return DigestBuffer; + } + + // + // Prepare next + // + CopyMem (&HashAlgo, DigestBuffer + DigestSize, sizeof (TPMI_ALG_HASH)); + DigestBuffer = DigestBuffer + DigestSize + sizeof (TPMI_ALG_HASH); + } + + return NULL; +} + +UINT32 +GetTcgSpecIdNumberOfAlgorithms ( + IN TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct + ) +{ + UINT32 numberOfAlgorithms; + + CopyMem (&numberOfAlgorithms, TcgEfiSpecIdEventStruct + 1, sizeof (numberOfAlgorithms)); + return numberOfAlgorithms; +} + +TCG_EfiSpecIdEventAlgorithmSize * +GetTcgSpecIdDigestSize ( + IN TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct + ) +{ + return (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof (*TcgEfiSpecIdEventStruct) + sizeof (UINT32)); +} + +/** + This function dump event log. + + @param[in] EventLogFormat The type of the event log for which the information is requested. + @param[in] EventLogLocation A pointer to the memory address of the event log. + @param[in] EventLogLastEntry If the Event Log contains more than one entry, this is a pointer to the + address of the start of the last entry in the event log in memory. + @param[in] FinalEventsTable A pointer to the memory address of the final event table. +**/ +VOID +DumpEventLog ( + IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat, + IN EFI_PHYSICAL_ADDRESS EventLogLocation, + IN EFI_PHYSICAL_ADDRESS EventLogLastEntry, + IN EFI_TCG2_FINAL_EVENTS_TABLE *FinalEventsTable, + IN UINT32 PcrIndex, + IN BOOLEAN CalculateExpected + ) +{ + TCG_PCR_EVENT_HDR *EventHdr; + UINTN Index; + TCG_DIGEST TcgDigest; + TCG_PCR_EVENT2 *TcgPcrEvent2; + TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct; + UINT32 numberOfAlgorithms; + TCG_EfiSpecIdEventAlgorithmSize *digestSize; + UINT8 *DigestBuffer; + TPMI_ALG_HASH HashAlg; + UINTN NumberOfEvents; + UINT32 AlgoIndex; + TPMU_HA HashDigest; + TPM2B_NV_PUBLIC PublicInfo; + TPM2B_NAME PubName; + EFI_STATUS Status; + + Print (L"EventLogFormat: (0x%x)\n", EventLogFormat); + Print (L"EventLogLocation: (0x%lx)\n", EventLogLocation); + + if (!CalculateExpected) { + Print (L"Tcg2Event:\n"); + switch (EventLogFormat) { + case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2: + EventHdr = (TCG_PCR_EVENT_HDR *)(UINTN)EventLogLocation; + while ((UINTN)EventHdr <= EventLogLastEntry) { + if ((PcrIndex == PCR_INDEX_ALL) || (PcrIndex == EventHdr->PCRIndex)) { + DumpEvent (EventHdr); + } + + EventHdr = (TCG_PCR_EVENT_HDR *)((UINTN)EventHdr + sizeof (TCG_PCR_EVENT_HDR) + EventHdr->EventSize); + } + + if (FinalEventsTable == NULL) { + Print (L"FinalEventsTable: NOT FOUND\n"); + } else { + Print (L"FinalEventsTable: (0x%x)\n", FinalEventsTable); + Print (L" Version: (0x%x)\n", FinalEventsTable->Version); + Print (L" NumberOfEvents: (0x%x)\n", FinalEventsTable->NumberOfEvents); + + EventHdr = (TCG_PCR_EVENT_HDR *)(UINTN)(FinalEventsTable + 1); + for (NumberOfEvents = 0; NumberOfEvents < FinalEventsTable->NumberOfEvents; NumberOfEvents++) { + if ((PcrIndex == PCR_INDEX_ALL) || (PcrIndex == EventHdr->PCRIndex)) { + DumpEvent (EventHdr); + } + + EventHdr = (TCG_PCR_EVENT_HDR *)((UINTN)EventHdr + sizeof (TCG_PCR_EVENT_HDR) + EventHdr->EventSize); + } + } + + break; + + case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2: + EventHdr = (TCG_PCR_EVENT_HDR *)(UINTN)EventLogLocation; + DumpEvent (EventHdr); + TcgEfiSpecIdEventStruct = (TCG_EfiSpecIDEventStruct *)(EventHdr + 1); + DumpTcgEfiSpecIdEventStruct (TcgEfiSpecIdEventStruct); + + TcgPcrEvent2 = (TCG_PCR_EVENT2 *)((UINTN)TcgEfiSpecIdEventStruct + GetTcgEfiSpecIdEventStructSize (TcgEfiSpecIdEventStruct)); + while ((UINTN)TcgPcrEvent2 <= EventLogLastEntry) { + if ((PcrIndex == PCR_INDEX_ALL) || (PcrIndex == TcgPcrEvent2->PCRIndex)) { + DumpEvent2 (TcgPcrEvent2); + } + + TcgPcrEvent2 = (TCG_PCR_EVENT2 *)((UINTN)TcgPcrEvent2 + GetPcrEvent2Size (TcgPcrEvent2)); + } + + if (FinalEventsTable == NULL) { + Print (L"FinalEventsTable: NOT FOUND\n"); + } else { + Print (L"FinalEventsTable: (0x%x)\n", FinalEventsTable); + Print (L" Version: (0x%x)\n", FinalEventsTable->Version); + Print (L" NumberOfEvents: (0x%x)\n", FinalEventsTable->NumberOfEvents); + + TcgPcrEvent2 = (TCG_PCR_EVENT2 *)(UINTN)(FinalEventsTable + 1); + + for (NumberOfEvents = 0; NumberOfEvents < FinalEventsTable->NumberOfEvents; NumberOfEvents++) { + if ((PcrIndex == PCR_INDEX_ALL) || (PcrIndex == TcgPcrEvent2->PCRIndex)) { + DumpEvent2 (TcgPcrEvent2); + } + + TcgPcrEvent2 = (TCG_PCR_EVENT2 *)((UINTN)TcgPcrEvent2 + GetPcrEvent2Size (TcgPcrEvent2)); + } + } + + break; + } + + Print (L"Tcg2Event end\n"); + } else { + switch (EventLogFormat) { + case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2: + ZeroMem (&TcgDigest, sizeof (TcgDigest)); + EventHdr = (TCG_PCR_EVENT_HDR *)(UINTN)EventLogLocation; + while ((UINTN)EventHdr <= EventLogLastEntry) { + if ((PcrIndex == EventHdr->PCRIndex) && (EventHdr->EventType != EV_NO_ACTION)) { + ExtendEvent (TPM_ALG_SHA1, &TcgDigest, &EventHdr->Digest); + } + + EventHdr = (TCG_PCR_EVENT_HDR *)((UINTN)EventHdr + sizeof (TCG_PCR_EVENT_HDR) + EventHdr->EventSize); + } + + if (FinalEventsTable != NULL) { + EventHdr = (TCG_PCR_EVENT_HDR *)(UINTN)(FinalEventsTable + 1); + for (NumberOfEvents = 0; NumberOfEvents < FinalEventsTable->NumberOfEvents; NumberOfEvents++) { + if ((PcrIndex == EventHdr->PCRIndex) && (EventHdr->EventType != EV_NO_ACTION)) { + ExtendEvent (TPM_ALG_SHA1, &TcgDigest, &EventHdr->Digest); + } + + EventHdr = (TCG_PCR_EVENT_HDR *)((UINTN)EventHdr + sizeof (TCG_PCR_EVENT_HDR) + EventHdr->EventSize); + } + } + + Print (L"Tcg2Event Calculated:\n"); + Print (L" PCRIndex - %d\n", PcrIndex); + Print (L" Digest - "); + for (Index = 0; Index < sizeof (TCG_DIGEST); Index++) { + Print (L"%02x", TcgDigest.digest[Index]); + } + + Print (L"\n"); + DumpPcr (PcrIndex, TPM_ALG_SHA1); + break; + + case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2: + EventHdr = (TCG_PCR_EVENT_HDR *)(UINTN)EventLogLocation; + TcgEfiSpecIdEventStruct = (TCG_EfiSpecIDEventStruct *)(EventHdr + 1); + + numberOfAlgorithms = GetTcgSpecIdNumberOfAlgorithms (TcgEfiSpecIdEventStruct); + digestSize = GetTcgSpecIdDigestSize (TcgEfiSpecIdEventStruct); + if (PcrIndex > MAX_PCR_INDEX) { + Status = Tpm2NvReadPublic (PcrIndex, &PublicInfo, &PubName); + if (EFI_ERROR (Status)) { + return; + } + } + + for (AlgoIndex = 0; AlgoIndex < numberOfAlgorithms; AlgoIndex++) { + HashAlg = digestSize[AlgoIndex].algorithmId; + if ((PcrIndex > MAX_PCR_INDEX) && (HashAlg != PublicInfo.nvPublic.nameAlg)) { + continue; + } + + ZeroMem (&HashDigest, sizeof (HashDigest)); + + TcgPcrEvent2 = (TCG_PCR_EVENT2 *)((UINTN)TcgEfiSpecIdEventStruct + GetTcgEfiSpecIdEventStructSize (TcgEfiSpecIdEventStruct)); + while ((UINTN)TcgPcrEvent2 <= EventLogLastEntry) { + if ((PcrIndex <= MAX_PCR_INDEX) && (PcrIndex == TcgPcrEvent2->PCRIndex) && (TcgPcrEvent2->EventType != EV_NO_ACTION)) { + DigestBuffer = GetDigestFromPcrEvent2 (TcgPcrEvent2, HashAlg); + if (DigestBuffer != NULL) { + ExtendEvent (HashAlg, HashDigest.sha1, DigestBuffer); + } + } else if ((PcrIndex > MAX_PCR_INDEX) && (PcrIndex == TcgPcrEvent2->PCRIndex)) { + ExtendDigestBinEvent (HashAlg, HashDigest.sha1, &TcgPcrEvent2->Digest, GetDigestListBinSize (&TcgPcrEvent2->Digest)); + } + + TcgPcrEvent2 = (TCG_PCR_EVENT2 *)((UINTN)TcgPcrEvent2 + GetPcrEvent2Size (TcgPcrEvent2)); + } + + if (FinalEventsTable != NULL) { + TcgPcrEvent2 = (TCG_PCR_EVENT2 *)(UINTN)(FinalEventsTable + 1); + for (NumberOfEvents = 0; NumberOfEvents < FinalEventsTable->NumberOfEvents; NumberOfEvents++) { + if ((PcrIndex == TcgPcrEvent2->PCRIndex) && ((TcgPcrEvent2->EventType != EV_NO_ACTION) || (PcrIndex > MAX_PCR_INDEX))) { + DigestBuffer = GetDigestFromPcrEvent2 (TcgPcrEvent2, HashAlg); + if (DigestBuffer != NULL) { + ExtendEvent (HashAlg, HashDigest.sha1, DigestBuffer); + } + } + + TcgPcrEvent2 = (TCG_PCR_EVENT2 *)((UINTN)TcgPcrEvent2 + GetPcrEvent2Size (TcgPcrEvent2)); + } + } + + Print (L"Tcg2Event Calculated:\n"); + if (PcrIndex <= MAX_PCR_INDEX) { + Print (L" PCRIndex - %d\n", PcrIndex); + } else { + Print (L" PCRIndex - 0x%x\n", PcrIndex); + } + + Print (L" Digest - "); + for (Index = 0; Index < digestSize[AlgoIndex].digestSize; Index++) { + Print (L"%02x", HashDigest.sha1[Index]); + } + + Print (L"\n"); + if (PcrIndex <= MAX_PCR_INDEX) { + DumpPcr (PcrIndex, HashAlg); + } else { + DumpNvIndex (PcrIndex, HashAlg); + } + } + + break; + } + } +} + +VOID +DumpTcg2Capability ( + IN EFI_TCG2_BOOT_SERVICE_CAPABILITY *ProtocolCapability + ) +{ + Print (L"Tcg2 Capability:\n"); + Print (L" Size - 0x%02x\n", ProtocolCapability->Size); + Print (L" StructureVersion - %02x.%02x\n", ProtocolCapability->StructureVersion.Major, ProtocolCapability->StructureVersion.Minor); + Print (L" ProtocolVersion - %02x.%02x\n", ProtocolCapability->StructureVersion.Major, ProtocolCapability->StructureVersion.Minor); + Print (L" HashAlgorithmBitmap - 0x%08x\n", ProtocolCapability->HashAlgorithmBitmap); + Print (L" SupportedEventLogs - 0x%08x\n", ProtocolCapability->SupportedEventLogs); + Print (L" TPMPresentFlag - 0x%02x\n", ProtocolCapability->TPMPresentFlag); + Print (L" MaxCommandSize - 0x%04x\n", ProtocolCapability->MaxCommandSize); + Print (L" MaxResponseSize - 0x%04x\n", ProtocolCapability->MaxResponseSize); + Print (L" ManufacturerID - 0x%08x\n", ProtocolCapability->ManufacturerID); + if ((ProtocolCapability->ProtocolVersion.Major > 0x01) || + ((ProtocolCapability->ProtocolVersion.Major == 0x01) && ((ProtocolCapability->ProtocolVersion.Minor > 0x00)))) + { + Print (L" NumberOfPCRBanks - 0x%08x\n", ProtocolCapability->NumberOfPCRBanks); + Print (L" ActivePcrBanks - 0x%08x\n", ProtocolCapability->ActivePcrBanks); + } + + return; +} + +#pragma pack(1) + +typedef struct { + EFI_ACPI_DESCRIPTION_HEADER Header; + // Flags field is replaced in version 4 and above + // BIT0~15: PlatformClass This field is only valid for version 4 and above + // BIT16~31: Reserved + UINT32 Flags; + UINT64 AddressOfControlArea; + UINT32 StartMethod; + UINT8 PlatformSpecificParameters[12]; // size up to 12 + UINT32 Laml; // Optional + UINT64 Lasa; // Optional +} EFI_TPM2_ACPI_TABLE_V4; + +#pragma pack() + +VOID +DumpAcpiTableHeader ( + EFI_ACPI_DESCRIPTION_HEADER *Header + ) +{ + UINT8 *Signature; + UINT8 *OemTableId; + UINT8 *CreatorId; + + Print ( + L" Table Header:\n" + ); + Signature = (UINT8 *)&Header->Signature; + Print ( + L" Signature ............................................ '%c%c%c%c'\n", + Signature[0], + Signature[1], + Signature[2], + Signature[3] + ); + Print ( + L" Length ............................................... 0x%08x\n", + Header->Length + ); + Print ( + L" Revision ............................................. 0x%02x\n", + Header->Revision + ); + Print ( + L" Checksum ............................................. 0x%02x\n", + Header->Checksum + ); + Print ( + L" OEMID ................................................ '%c%c%c%c%c%c'\n", + Header->OemId[0], + Header->OemId[1], + Header->OemId[2], + Header->OemId[3], + Header->OemId[4], + Header->OemId[5] + ); + OemTableId = (UINT8 *)&Header->OemTableId; + Print ( + L" OEM Table ID ......................................... '%c%c%c%c%c%c%c%c'\n", + OemTableId[0], + OemTableId[1], + OemTableId[2], + OemTableId[3], + OemTableId[4], + OemTableId[5], + OemTableId[6], + OemTableId[7] + ); + Print ( + L" OEM Revision ......................................... 0x%08x\n", + Header->OemRevision + ); + CreatorId = (UINT8 *)&Header->CreatorId; + Print ( + L" Creator ID ........................................... '%c%c%c%c'\n", + CreatorId[0], + CreatorId[1], + CreatorId[2], + CreatorId[3] + ); + Print ( + L" Creator Revision ..................................... 0x%08x\n", + Header->CreatorRevision + ); + + return; +} + +VOID +EFIAPI +DumpAcpiTPM2 ( + VOID *Table + ) +{ + EFI_TPM2_ACPI_TABLE *Tpm2; + EFI_TPM2_ACPI_TABLE_V4 *Tpm2V4; + + Tpm2 = Table; + + // + // Dump Tpm2 table + // + Print ( + L"*****************************************************************************\n" + L"* Trusted Computing Platform 2 Table *\n" + L"*****************************************************************************\n" + ); + + Print ( + L"TPM2 address ............................................. 0x%016lx\n", + (UINT64)(UINTN)Tpm2 + ); + + DumpAcpiTableHeader (&(Tpm2->Header)); + + Print ( + L" Table Contents:\n" + ); + Print ( + L" Flags ................................................ 0x%08x\n", + ((EFI_TPM2_ACPI_TABLE *)Tpm2)->Flags + ); + Print ( + L" Address Of Control Area .............................. 0x%016lx\n", + Tpm2->AddressOfControlArea + ); + Print ( + L" Start Method ......................................... 0x%08x\n", + Tpm2->StartMethod + ); + switch (Tpm2->StartMethod) { + case EFI_TPM2_ACPI_TABLE_START_METHOD_ACPI: + Print ( + L" ACPI\n" + ); + break; + case EFI_TPM2_ACPI_TABLE_START_METHOD_TIS: + Print ( + L" TIS\n" + ); + break; + case EFI_TPM2_ACPI_TABLE_START_METHOD_COMMAND_RESPONSE_BUFFER_INTERFACE: + Print ( + L" CRB\n" + ); + break; + case EFI_TPM2_ACPI_TABLE_START_METHOD_COMMAND_RESPONSE_BUFFER_INTERFACE_WITH_ACPI: + Print ( + L" CRB with ACPI\n" + ); + break; + } + + if ((Tpm2->Header.Revision >= 4) && (Tpm2->Header.Length >= sizeof (EFI_TPM2_ACPI_TABLE_V4))) { + Tpm2V4 = (EFI_TPM2_ACPI_TABLE_V4 *)Tpm2; + Print ( + L" Laml ................................................. 0x%08x\n", + Tpm2V4->Laml + ); + Print ( + L" Lasa ................................................. 0x%016lx\n", + Tpm2V4->Lasa + ); + } + + Print ( + L"*****************************************************************************\n\n" + ); + + return; +} + +VOID +DumpSelectAcpiTable ( + EFI_ACPI_DESCRIPTION_HEADER *Table + ) +{ + if (Table->Signature == EFI_ACPI_5_0_TRUSTED_COMPUTING_PLATFORM_2_TABLE_SIGNATURE) { + DumpAcpiTPM2 (Table); + } +} + +EFI_ACPI_2_0_ROOT_SYSTEM_DESCRIPTION_POINTER * +ScanAcpiRSDP ( + VOID + ) +{ + UINTN Index; + EFI_ACPI_2_0_ROOT_SYSTEM_DESCRIPTION_POINTER *Rsdp; + + Rsdp = NULL; + for (Index = 0; Index < gST->NumberOfTableEntries; Index++) { + if (CompareGuid (&gEfiAcpiTableGuid, &(gST->ConfigurationTable[Index].VendorGuid))) { + Rsdp = gST->ConfigurationTable[Index].VendorTable; + break; + } + } + + return Rsdp; +} + +EFI_ACPI_DESCRIPTION_HEADER * +ScanAcpiRSDT ( + IN EFI_ACPI_2_0_ROOT_SYSTEM_DESCRIPTION_POINTER *Rsdp + ) +{ + return (EFI_ACPI_DESCRIPTION_HEADER *)((UINTN)Rsdp->RsdtAddress); +} + +EFI_ACPI_DESCRIPTION_HEADER * +ScanAcpiXSDT ( + IN EFI_ACPI_2_0_ROOT_SYSTEM_DESCRIPTION_POINTER *Rsdp + ) +{ + return (EFI_ACPI_DESCRIPTION_HEADER *)((UINTN)Rsdp->XsdtAddress); +} + +VOID +DumpAcpiTableWithSign ( + UINT32 TableSign + ) +{ + EFI_ACPI_2_0_ROOT_SYSTEM_DESCRIPTION_POINTER *Rsdp; + EFI_ACPI_DESCRIPTION_HEADER *Rsdt; + EFI_ACPI_DESCRIPTION_HEADER *Xsdt; + EFI_ACPI_DESCRIPTION_HEADER *Table; + UINTN EntryCount; + UINTN Index; + UINT32 *RsdtEntryPtr; + UINT64 *XsdtEntryPtr; + UINT64 TempEntry; + + // + // Scan RSDP + // + Rsdp = ScanAcpiRSDP (); + if (Rsdp == NULL) { + return; + } + + Print (L"Rsdp - 0x%x\n", Rsdp); + + // + // Scan RSDT + // + Rsdt = ScanAcpiRSDT (Rsdp); + Print (L"Rsdt - 0x%x\n", Rsdt); + + // + // Scan XSDT + // + Xsdt = ScanAcpiXSDT (Rsdp); + Print (L"Xsdt - 0x%x\n", Xsdt); + + // + // Dump each table in RSDT + // + if ((Xsdt == NULL) && (Rsdt != NULL)) { + EntryCount = (Rsdt->Length - sizeof (EFI_ACPI_DESCRIPTION_HEADER)) / 4; + RsdtEntryPtr = (UINT32 *)(UINTN)(Rsdt + 1); + for (Index = 0; Index < EntryCount; Index++, RsdtEntryPtr++) { + Table = (EFI_ACPI_DESCRIPTION_HEADER *)((UINTN)(*RsdtEntryPtr)); + if (Table == NULL) { + continue; + } + + Print (L"Table - 0x%x (0x%x)\n", Table, Table->Signature); + if (Table->Signature == TableSign) { + DumpSelectAcpiTable (Table); + } + } + } + + // + // Dump each table in XSDT + // + if (Xsdt != NULL) { + EntryCount = (Xsdt->Length - sizeof (EFI_ACPI_DESCRIPTION_HEADER)) / 8; + XsdtEntryPtr = (UINT64 *)(UINTN)(Xsdt + 1); + CopyMem (&TempEntry, XsdtEntryPtr, sizeof (UINT64)); + for (Index = 0; Index < EntryCount; Index++, XsdtEntryPtr++) { + CopyMem (&TempEntry, XsdtEntryPtr, sizeof (UINT64)); + Table = (EFI_ACPI_DESCRIPTION_HEADER *)((UINTN)TempEntry); + if (Table == NULL) { + continue; + } + + Print (L"Table - 0x%x (0x%x)\n", Table, Table->Signature); + if (Table->Signature == TableSign) { + DumpSelectAcpiTable (Table); + } + } + } + + return; +} + +/** + This function print usage. +**/ +VOID +PrintUsage ( + VOID + ) +{ + Print ( + L"Tcg2DumpLog Version 0.2\n" + L"Copyright (C) Intel Corp 2019. All rights reserved.\n" + L"\n" + ); + Print ( + L"Tcg2DumpLog in EFI Shell Environment.\n" + L"\n" + L"usage: Tcg2DumpLog [-I ] [-L ] [-E] [-BIN ]\n" + L"usage: Tcg2DumpLog [-C]\n" + L"usage: Tcg2DumpLog [-A]\n" + ); + Print ( + L" -I - PcrIndex, the valid value is 0-23|ALL (case sensitive)\n" + L" -L - LogFormat, the bitmask of EventLogFormat (Hex based)\n" + L" -E - Print expected PCR value\n" + L" -BIN - Dump Event Log binary file (Only support TCG2.0 Event Log Format)\n" + L" -C - Dump Tcg2 Capability\n" + L" -A - Dump TPM2 ACPI table\n" + ); + return; +} + +/** + Write a file. + + @param[in] FileName The file to be written. + @param[in] BufferSize The file buffer size + @param[in] Buffer The file buffer + + @retval EFI_SUCCESS Write file successfully + @retval EFI_NOT_FOUND Shell protocol not found + @retval others Write file failed +**/ +EFI_STATUS +WriteFileFromBuffer ( + IN CHAR16 *FileName, + IN UINTN BufferSize, + IN VOID *Buffer + ) +{ + EFI_STATUS Status; + EFI_SHELL_PROTOCOL *ShellProtocol; + SHELL_FILE_HANDLE Handle; + EFI_FILE_INFO *FileInfo; + UINTN TempBufferSize; + + Status = gBS->LocateProtocol ( + &gEfiShellProtocolGuid, + NULL, + (VOID **)&ShellProtocol + ); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Open file by FileName. + // + Status = ShellProtocol->OpenFileByName ( + FileName, + &Handle, + EFI_FILE_MODE_READ | EFI_FILE_MODE_WRITE | EFI_FILE_MODE_CREATE + ); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Empty the file contents. + // + FileInfo = ShellProtocol->GetFileInfo (Handle); + if (FileInfo == NULL) { + ShellProtocol->CloseFile (Handle); + return EFI_DEVICE_ERROR; + } + + // + // If the file size is already 0, then it has been empty. + // + if (FileInfo->FileSize != 0) { + // + // Set the file size to 0. + // + FileInfo->FileSize = 0; + Status = ShellProtocol->SetFileInfo (Handle, FileInfo); + if (EFI_ERROR (Status)) { + FreePool (FileInfo); + ShellProtocol->CloseFile (Handle); + return Status; + } + } + + FreePool (FileInfo); + + // + // Write the file data from the buffer + // + TempBufferSize = BufferSize; + Status = ShellProtocol->WriteFile ( + Handle, + &TempBufferSize, + Buffer + ); + if (EFI_ERROR (Status)) { + ShellProtocol->CloseFile (Handle); + return Status; + } + + ShellProtocol->CloseFile (Handle); + + return EFI_SUCCESS; +} + +/** + The driver's entry point. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval other Some error occurs when executing this entry point. +**/ +EFI_STATUS +EFIAPI +UefiMain ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + LIST_ENTRY *ParamPackage; + CHAR16 *PcrIndexName; + UINT32 PcrIndex; + BOOLEAN CalculateExpected; + CHAR16 *BinayFileName; + EFI_TCG2_PROTOCOL *Tcg2Protocol; + EFI_PHYSICAL_ADDRESS EventLogLocation; + EFI_PHYSICAL_ADDRESS EventLogLastEntry; + BOOLEAN EventLogTruncated; + UINTN Index; + UINT32 LogFormat; + CHAR16 *LogFormatName; + EFI_TCG2_BOOT_SERVICE_CAPABILITY ProtocolCapability; + EFI_TCG2_FINAL_EVENTS_TABLE *FinalEventsTable; + UINTN LastPcrEventSize; + UINTN BufferSize; + UINT8 *Buffer; + + Status = ShellCommandLineParse (mParamList, &ParamPackage, NULL, TRUE); + if (EFI_ERROR (Status)) { + Print (L"ERROR: Incorrect command line.\n"); + return Status; + } + + if ((ParamPackage == NULL) || + ShellCommandLineGetFlag (ParamPackage, L"-?") || + ShellCommandLineGetFlag (ParamPackage, L"-h")) + { + PrintUsage (); + return EFI_SUCCESS; + } + + // + // Dump ACPI + // + if (ShellCommandLineGetFlag (ParamPackage, L"-A")) { + DumpAcpiTableWithSign (EFI_ACPI_5_0_TRUSTED_COMPUTING_PLATFORM_2_TABLE_SIGNATURE); + return EFI_SUCCESS; + } + + // + // Get PcrIndex + // + PcrIndexName = (CHAR16 *)ShellCommandLineGetValue (ParamPackage, L"-I"); + if (PcrIndexName == NULL) { + PcrIndex = PCR_INDEX_ALL; + } else { + if (StrCmp (PcrIndexName, L"ALL") == 0) { + PcrIndex = PCR_INDEX_ALL; + } else { + PcrIndex = (UINT32)StrDecimalToUintn (PcrIndexName); + if (PcrIndex > MAX_PCR_INDEX) { + Print (L"ERROR: PcrIndex too large (%d)!\n", PcrIndex); + return EFI_NOT_FOUND; + } + } + } + + Print (L"Parameter -I: PcrIndex = 0x%x\n", PcrIndex); + + // + // Get LogFormat + // + LogFormatName = (CHAR16 *)ShellCommandLineGetValue (ParamPackage, L"-L"); + if (LogFormatName == NULL) { + LogFormat = 0xFFFFFFFF; + } else { + LogFormat = (UINT32)StrHexToUintn (LogFormatName); + } + + Print (L"Parameter -L: LogFormat = 0x%x\n", LogFormat); + + // + // If we need calculate expected value + // + CalculateExpected = ShellCommandLineGetFlag (ParamPackage, L"-E"); + Print (L"Parameter -E: CalculateExpected = %d\n", CalculateExpected); + + // + // Get BinayFileName + // + BinayFileName = (CHAR16 *)ShellCommandLineGetValue (ParamPackage, L"-BIN"); + Print (L"Parameter -BIN: BinayFileName = %s\n", BinayFileName); + + // + // Get Tcg2 + // + Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&Tcg2Protocol); + if (EFI_ERROR (Status)) { + Print (L"ERROR: Locate Tcg2Protocol - %r\n", Status); + return Status; + } + + ZeroMem (&ProtocolCapability, sizeof (ProtocolCapability)); + ProtocolCapability.Size = sizeof (ProtocolCapability); + Status = Tcg2Protocol->GetCapability ( + Tcg2Protocol, + &ProtocolCapability + ); + if (EFI_ERROR (Status)) { + Print (L"ERROR: Tcg2Protocol->GetCapability - %r\n", Status); + return Status; + } + + // + // Dump capability + // + if (ShellCommandLineGetFlag (ParamPackage, L"-C")) { + DumpTcg2Capability (&ProtocolCapability); + if ((ProtocolCapability.ProtocolVersion.Major < 0x01) || + ((ProtocolCapability.ProtocolVersion.Major == 0x01) && ((ProtocolCapability.ProtocolVersion.Minor == 0x00)))) + { + } else { + UINT32 PCRBanks; + Status = Tcg2Protocol->GetActivePcrBanks ( + Tcg2Protocol, + &PCRBanks + ); + if (!EFI_ERROR (Status)) { + Print (L"CurrentActivePCRBanks - 0x%08x\n", PCRBanks); + } + } + + return EFI_SUCCESS; + } + + for (Index = 0; Index < sizeof (mTcg2EventInfo)/sizeof (mTcg2EventInfo[0]); Index++) { + if ((mTcg2EventInfo[Index].LogFormat & LogFormat) != 0) { + Status = Tcg2Protocol->GetEventLog ( + Tcg2Protocol, + mTcg2EventInfo[Index].LogFormat, + &EventLogLocation, + &EventLogLastEntry, + &EventLogTruncated + ); + if (EFI_ERROR (Status)) { + Print (L"ERROR: Tcg2Protocol->GetEventLog(0x%x) - %r\n", mTcg2EventInfo[Index].LogFormat, Status); + continue; + } + + if (EventLogTruncated) { + Print (L"WARNING: EventLogTruncated\n"); + } + + FinalEventsTable = NULL; + if (mTcg2EventInfo[Index].LogFormat == EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) { + EfiGetSystemConfigurationTable (&gEfiTcg2FinalEventsTableGuid, (VOID **)&FinalEventsTable); + } + + // + // Dump Binary + // + if (BinayFileName != NULL) { + if (mTcg2EventInfo[Index].LogFormat == EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2) { + LastPcrEventSize = GetPcrEventSize ((TCG_PCR_EVENT *)(UINTN)EventLogLastEntry); + } else if (mTcg2EventInfo[Index].LogFormat == EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) { + LastPcrEventSize = GetPcrEvent2Size ((TCG_PCR_EVENT2 *)(UINTN)EventLogLastEntry); + } + + BufferSize = (UINTN)(EventLogLastEntry - EventLogLocation + LastPcrEventSize); + Buffer = (UINT8 *)(UINTN)EventLogLocation; + + Print (L"EventLogSize: 0x%x\n", BufferSize); + Print (L" EventLogLocation: (0x%lx)\n", EventLogLocation); + Print (L" EventLogLastEntry: (0x%lx)\n", EventLogLastEntry); + Print (L" LastPcrEventSize: (0x%lx)\n", LastPcrEventSize); + + if (mTcg2EventInfo[Index].LogFormat == EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2) { + Print (L"Do NOT support to dump event log binary file in TCG1.2 format!\n"); + } else if (mTcg2EventInfo[Index].LogFormat == EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) { + Print (L"DumpEventLogBinFile Start ...\n"); + Status = WriteFileFromBuffer (BinayFileName, BufferSize, Buffer); + Print (L"DumpEventLogBinFile End (Dump to %s %r)\n", BinayFileName, Status); + } + } + + // + // DumpLog + // + if (CalculateExpected && (PcrIndex == PCR_INDEX_ALL)) { + for (PcrIndex = 0; PcrIndex <= MAX_PCR_INDEX; PcrIndex++) { + DumpEventLog (mTcg2EventInfo[Index].LogFormat, EventLogLocation, EventLogLastEntry, NULL, PcrIndex, CalculateExpected); + } + + DumpEventLog (mTcg2EventInfo[Index].LogFormat, EventLogLocation, EventLogLastEntry, NULL, TCG_NV_EXTEND_INDEX_FOR_INSTANCE, CalculateExpected); + DumpEventLog (mTcg2EventInfo[Index].LogFormat, EventLogLocation, EventLogLastEntry, NULL, TCG_NV_EXTEND_INDEX_FOR_DYNAMIC, CalculateExpected); + } else { + DumpEventLog (mTcg2EventInfo[Index].LogFormat, EventLogLocation, EventLogLastEntry, FinalEventsTable, PcrIndex, CalculateExpected); + } + } + } + + return EFI_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/Test/Tcg2DumpLog/Tcg2DumpLog.inf b/DeviceSecurityTestPkg/Test/Tcg2DumpLog/Tcg2DumpLog.inf new file mode 100644 index 00000000000..cafb0c03464 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Tcg2DumpLog/Tcg2DumpLog.inf @@ -0,0 +1,59 @@ +## @file +# +# Copyright (c) 2018, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tcg2DumpLog + FILE_GUID = 684B9FB9-CBC5-4273-8399-740E48D76848 + MODULE_TYPE = UEFI_APPLICATION + VERSION_STRING = 1.0 + ENTRY_POINT = UefiMain + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF +# + +[Sources] + Tcg2DumpLog.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + ShellPkg/ShellPkg.dec + CryptoPkg/CryptoPkg.dec + DeviceSecurityTestPkg/DeviceSecurityTestPkg.dec + +[LibraryClasses] + MemoryAllocationLib + BaseLib + UefiBootServicesTableLib + UefiApplicationEntryPoint + UefiRuntimeServicesTableLib + BaseMemoryLib + DebugLib + Tpm2CommandLib + PrintLib + UefiLib + ShellLib + BaseCryptLib + +[Guids] + gEfiAcpiTableGuid + gEfiImageSecurityDatabaseGuid + gEfiDeviceSignatureDatabaseGuid + +[Protocols] + gEfiTcg2ProtocolGuid ## CONSUMES + gEfiTcg2FinalEventsTableGuid diff --git a/DeviceSecurityTestPkg/Test/Tcg2Stub/Tcg2Stub.c b/DeviceSecurityTestPkg/Test/Tcg2Stub/Tcg2Stub.c new file mode 100644 index 00000000000..ed9ebb3b1a4 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Tcg2Stub/Tcg2Stub.c @@ -0,0 +1,1330 @@ +/** @file + EDKII Tcg2 Stub + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include +#include +#include + +#include + +#include +#include +#include +#include +#include +#include +#include + +#define TCG2_DEFAULT_MAX_COMMAND_SIZE 0x1000 +#define TCG2_DEFAULT_MAX_RESPONSE_SIZE 0x1000 + +typedef struct { + EFI_TCG2_EVENT_LOG_FORMAT LogFormat; +} TCG2_EVENT_INFO_STRUCT; + +TCG2_EVENT_INFO_STRUCT mTcg2EventInfo[] = { + { EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 }, +}; +#define TCG_EVENT_LOG_AREA_COUNT_MAX 1 + +typedef struct { + EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat; + EFI_PHYSICAL_ADDRESS Lasa; + UINT64 Laml; + UINTN EventLogSize; + UINT8 *LastEvent; + BOOLEAN EventLogStarted; + BOOLEAN EventLogTruncated; +} TCG_EVENT_LOG_AREA_STRUCT; + +typedef struct _TCG_DXE_DATA { + EFI_TCG2_BOOT_SERVICE_CAPABILITY BsCap; + TCG_EVENT_LOG_AREA_STRUCT EventLogAreaStruct[TCG_EVENT_LOG_AREA_COUNT_MAX]; +} TCG_DXE_DATA; + +TCG_DXE_DATA mTcgDxeData = { + { + sizeof (EFI_TCG2_BOOT_SERVICE_CAPABILITY), // Size + { 1, 1 }, // StructureVersion + { 1, 1 }, // ProtocolVersion + EFI_TCG2_BOOT_HASH_ALG_SHA384, // HashAlgorithmBitmap + EFI_TCG2_EVENT_LOG_FORMAT_TCG_2, // SupportedEventLogs + TRUE, // TPMPresentFlag + TCG2_DEFAULT_MAX_COMMAND_SIZE, // MaxCommandSize + TCG2_DEFAULT_MAX_RESPONSE_SIZE, // MaxResponseSize + 0, // ManufacturerID + 1, // NumberOfPCRBanks + EFI_TCG2_BOOT_HASH_ALG_SHA384, // ActivePcrBanks + }, +}; + +/** + + This function dump raw data. + + @param Data raw data + @param Size raw data size + +**/ +VOID +InternalDumpData ( + IN UINT8 *Data, + IN UINTN Size + ) +{ + UINTN Index; + + for (Index = 0; Index < Size; Index++) { + DEBUG ((EFI_D_INFO, "%02x ", (UINTN)Data[Index])); + } +} + +/** + + This function initialize TCG_PCR_EVENT2_HDR for EV_NO_ACTION Event Type other than EFI Specification ID event + The behavior is defined by TCG PC Client PFP Spec. Section 9.3.4 EV_NO_ACTION Event Types + + @param[in, out] NoActionEvent Event Header of EV_NO_ACTION Event + @param[in] EventSize Event Size of the EV_NO_ACTION Event + +**/ +VOID +InitNoActionEvent ( + IN OUT TCG_PCR_EVENT2_HDR *NoActionEvent, + IN UINT32 EventSize + ) +{ + UINT32 DigestListCount; + TPMI_ALG_HASH HashAlgId; + UINT8 *DigestBuffer; + + DigestBuffer = (UINT8 *)NoActionEvent->Digests.digests; + DigestListCount = 0; + + NoActionEvent->PCRIndex = 0; + NoActionEvent->EventType = EV_NO_ACTION; + + // + // Set Hash count & hashAlg accordingly, while Digest.digests[n].digest to all 0 + // + ZeroMem (&NoActionEvent->Digests, sizeof (NoActionEvent->Digests)); + + if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA1) != 0) { + HashAlgId = TPM_ALG_SHA1; + CopyMem (DigestBuffer, &HashAlgId, sizeof (TPMI_ALG_HASH)); + DigestBuffer += sizeof (TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId); + DigestListCount++; + } + + if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) { + HashAlgId = TPM_ALG_SHA256; + CopyMem (DigestBuffer, &HashAlgId, sizeof (TPMI_ALG_HASH)); + DigestBuffer += sizeof (TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId); + DigestListCount++; + } + + if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) { + HashAlgId = TPM_ALG_SHA384; + CopyMem (DigestBuffer, &HashAlgId, sizeof (TPMI_ALG_HASH)); + DigestBuffer += sizeof (TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId); + DigestListCount++; + } + + if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) { + HashAlgId = TPM_ALG_SHA512; + CopyMem (DigestBuffer, &HashAlgId, sizeof (TPMI_ALG_HASH)); + DigestBuffer += sizeof (TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId); + DigestListCount++; + } + + if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) { + HashAlgId = TPM_ALG_SM3_256; + CopyMem (DigestBuffer, &HashAlgId, sizeof (TPMI_ALG_HASH)); + DigestBuffer += sizeof (TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId); + DigestListCount++; + } + + // + // Set Digests Count + // + WriteUnaligned32 ((UINT32 *)&NoActionEvent->Digests.count, DigestListCount); + + // + // Set Event Size + // + WriteUnaligned32 ((UINT32 *)DigestBuffer, EventSize); +} + +/** + + This function dump raw data with colume format. + + @param Data raw data + @param Size raw data size + +**/ +VOID +InternalDumpHex ( + IN UINT8 *Data, + IN UINTN Size + ) +{ + UINTN Index; + UINTN Count; + UINTN Left; + + #define COLUME_SIZE (16 * 2) + + Count = Size / COLUME_SIZE; + Left = Size % COLUME_SIZE; + for (Index = 0; Index < Count; Index++) { + DEBUG ((EFI_D_INFO, "%04x: ", Index * COLUME_SIZE)); + InternalDumpData (Data + Index * COLUME_SIZE, COLUME_SIZE); + DEBUG ((EFI_D_INFO, "\n")); + } + + if (Left != 0) { + DEBUG ((EFI_D_INFO, "%04x: ", Index * COLUME_SIZE)); + InternalDumpData (Data + Index * COLUME_SIZE, Left); + DEBUG ((EFI_D_INFO, "\n")); + } +} + +/** + The EFI_TCG2_PROTOCOL GetCapability function call provides protocol + capability information and state information. + + @param[in] This Indicates the calling context + @param[in, out] ProtocolCapability The caller allocates memory for a EFI_TCG2_BOOT_SERVICE_CAPABILITY + structure and sets the size field to the size of the structure allocated. + The callee fills in the fields with the EFI protocol capability information + and the current EFI TCG2 state information up to the number of fields which + fit within the size of the structure passed in. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + The ProtocolCapability variable will not be populated. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. + The ProtocolCapability variable will not be populated. + @retval EFI_BUFFER_TOO_SMALL The ProtocolCapability variable is too small to hold the full response. + It will be partially populated (required Size field will be set). +**/ +EFI_STATUS +EFIAPI +Tcg2GetCapability ( + IN EFI_TCG2_PROTOCOL *This, + IN OUT EFI_TCG2_BOOT_SERVICE_CAPABILITY *ProtocolCapability + ) +{ + DEBUG ((DEBUG_VERBOSE, "Tcg2GetCapability ...\n")); + + if ((This == NULL) || (ProtocolCapability == NULL)) { + return EFI_INVALID_PARAMETER; + } + + DEBUG ((DEBUG_VERBOSE, "Size - 0x%x\n", ProtocolCapability->Size)); + DEBUG ((DEBUG_VERBOSE, " 1.1 - 0x%x\n", sizeof (EFI_TCG2_BOOT_SERVICE_CAPABILITY))); + + if (ProtocolCapability->Size < mTcgDxeData.BsCap.Size) { + ProtocolCapability->Size = mTcgDxeData.BsCap.Size; + return EFI_BUFFER_TOO_SMALL; + } + + CopyMem (ProtocolCapability, &mTcgDxeData.BsCap, mTcgDxeData.BsCap.Size); + DEBUG ((DEBUG_VERBOSE, "Tcg2GetCapability - %r\n", EFI_SUCCESS)); + return EFI_SUCCESS; +} + +/** + This function dump PCR event. + + @param[in] EventHdr TCG PCR event structure. +**/ +VOID +DumpEvent ( + IN TCG_PCR_EVENT_HDR *EventHdr + ) +{ + UINTN Index; + + DEBUG ((EFI_D_INFO, " Event:\n")); + DEBUG ((EFI_D_INFO, " PCRIndex - %d\n", EventHdr->PCRIndex)); + DEBUG ((EFI_D_INFO, " EventType - 0x%08x\n", EventHdr->EventType)); + DEBUG ((EFI_D_INFO, " Digest - ")); + for (Index = 0; Index < sizeof (TCG_DIGEST); Index++) { + DEBUG ((EFI_D_INFO, "%02x ", EventHdr->Digest.digest[Index])); + } + + DEBUG ((EFI_D_INFO, "\n")); + DEBUG ((EFI_D_INFO, " EventSize - 0x%08x\n", EventHdr->EventSize)); + InternalDumpHex ((UINT8 *)(EventHdr + 1), EventHdr->EventSize); +} + +/** + This function dump TCG_EfiSpecIDEventStruct. + + @param[in] TcgEfiSpecIdEventStruct A pointer to TCG_EfiSpecIDEventStruct. +**/ +VOID +DumpTcgEfiSpecIdEventStruct ( + IN TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct + ) +{ + TCG_EfiSpecIdEventAlgorithmSize *DigestSize; + UINTN Index; + UINT8 *VendorInfoSize; + UINT8 *VendorInfo; + UINT32 NumberOfAlgorithms; + + DEBUG ((EFI_D_INFO, " TCG_EfiSpecIDEventStruct:\n")); + DEBUG ((EFI_D_INFO, " signature - '")); + for (Index = 0; Index < sizeof (TcgEfiSpecIdEventStruct->signature); Index++) { + DEBUG ((EFI_D_INFO, "%c", TcgEfiSpecIdEventStruct->signature[Index])); + } + + DEBUG ((EFI_D_INFO, "'\n")); + DEBUG ((EFI_D_INFO, " platformClass - 0x%08x\n", TcgEfiSpecIdEventStruct->platformClass)); + DEBUG ((EFI_D_INFO, " specVersion - %d.%d%d\n", TcgEfiSpecIdEventStruct->specVersionMajor, TcgEfiSpecIdEventStruct->specVersionMinor, TcgEfiSpecIdEventStruct->specErrata)); + DEBUG ((EFI_D_INFO, " uintnSize - 0x%02x\n", TcgEfiSpecIdEventStruct->uintnSize)); + + CopyMem (&NumberOfAlgorithms, TcgEfiSpecIdEventStruct + 1, sizeof (NumberOfAlgorithms)); + DEBUG ((EFI_D_INFO, " NumberOfAlgorithms - 0x%08x\n", NumberOfAlgorithms)); + + DigestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof (*TcgEfiSpecIdEventStruct) + sizeof (NumberOfAlgorithms)); + for (Index = 0; Index < NumberOfAlgorithms; Index++) { + DEBUG ((EFI_D_INFO, " digest(%d)\n", Index)); + DEBUG ((EFI_D_INFO, " algorithmId - 0x%04x\n", DigestSize[Index].algorithmId)); + DEBUG ((EFI_D_INFO, " digestSize - 0x%04x\n", DigestSize[Index].digestSize)); + } + + VendorInfoSize = (UINT8 *)&DigestSize[NumberOfAlgorithms]; + DEBUG ((EFI_D_INFO, " VendorInfoSize - 0x%02x\n", *VendorInfoSize)); + VendorInfo = VendorInfoSize + 1; + DEBUG ((EFI_D_INFO, " VendorInfo - ")); + for (Index = 0; Index < *VendorInfoSize; Index++) { + DEBUG ((EFI_D_INFO, "%02x ", VendorInfo[Index])); + } + + DEBUG ((EFI_D_INFO, "\n")); +} + +/** + This function get size of TCG_EfiSpecIDEventStruct. + + @param[in] TcgEfiSpecIdEventStruct A pointer to TCG_EfiSpecIDEventStruct. +**/ +UINTN +GetTcgEfiSpecIdEventStructSize ( + IN TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct + ) +{ + TCG_EfiSpecIdEventAlgorithmSize *DigestSize; + UINT8 *VendorInfoSize; + UINT32 NumberOfAlgorithms; + + CopyMem (&NumberOfAlgorithms, TcgEfiSpecIdEventStruct + 1, sizeof (NumberOfAlgorithms)); + + DigestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof (*TcgEfiSpecIdEventStruct) + sizeof (NumberOfAlgorithms)); + VendorInfoSize = (UINT8 *)&DigestSize[NumberOfAlgorithms]; + return sizeof (TCG_EfiSpecIDEventStruct) + sizeof (UINT32) + (NumberOfAlgorithms * sizeof (TCG_EfiSpecIdEventAlgorithmSize)) + sizeof (UINT8) + (*VendorInfoSize); +} + +/** + This function dump PCR event 2. + + @param[in] TcgPcrEvent2 TCG PCR event 2 structure. +**/ +VOID +DumpEvent2 ( + IN TCG_PCR_EVENT2 *TcgPcrEvent2 + ) +{ + UINTN Index; + UINT32 DigestIndex; + UINT32 DigestCount; + TPMI_ALG_HASH HashAlgo; + UINT32 DigestSize; + UINT8 *DigestBuffer; + UINT32 EventSize; + UINT8 *EventBuffer; + + DEBUG ((EFI_D_INFO, " Event:\n")); + DEBUG ((EFI_D_INFO, " PCRIndex - %d\n", TcgPcrEvent2->PCRIndex)); + DEBUG ((EFI_D_INFO, " EventType - 0x%08x\n", TcgPcrEvent2->EventType)); + + DEBUG ((EFI_D_INFO, " DigestCount: 0x%08x\n", TcgPcrEvent2->Digest.count)); + + DigestCount = TcgPcrEvent2->Digest.count; + HashAlgo = TcgPcrEvent2->Digest.digests[0].hashAlg; + DigestBuffer = (UINT8 *)&TcgPcrEvent2->Digest.digests[0].digest; + for (DigestIndex = 0; DigestIndex < DigestCount; DigestIndex++) { + DEBUG ((EFI_D_INFO, " HashAlgo : 0x%04x\n", HashAlgo)); + DEBUG ((EFI_D_INFO, " Digest(%d): ", DigestIndex)); + DigestSize = GetHashSizeFromAlgo (HashAlgo); + for (Index = 0; Index < DigestSize; Index++) { + DEBUG ((EFI_D_INFO, "%02x ", DigestBuffer[Index])); + } + + DEBUG ((EFI_D_INFO, "\n")); + // + // Prepare next + // + CopyMem (&HashAlgo, DigestBuffer + DigestSize, sizeof (TPMI_ALG_HASH)); + DigestBuffer = DigestBuffer + DigestSize + sizeof (TPMI_ALG_HASH); + } + + DEBUG ((EFI_D_INFO, "\n")); + DigestBuffer = DigestBuffer - sizeof (TPMI_ALG_HASH); + + CopyMem (&EventSize, DigestBuffer, sizeof (TcgPcrEvent2->EventSize)); + DEBUG ((EFI_D_INFO, " EventSize - 0x%08x\n", EventSize)); + EventBuffer = DigestBuffer + sizeof (TcgPcrEvent2->EventSize); + InternalDumpHex (EventBuffer, EventSize); +} + +/** + This function returns size of TCG PCR event 2. + + @param[in] TcgPcrEvent2 TCG PCR event 2 structure. + + @return size of TCG PCR event 2. +**/ +UINTN +GetPcrEvent2Size ( + IN TCG_PCR_EVENT2 *TcgPcrEvent2 + ) +{ + UINT32 DigestIndex; + UINT32 DigestCount; + TPMI_ALG_HASH HashAlgo; + UINT32 DigestSize; + UINT8 *DigestBuffer; + UINT32 EventSize; + UINT8 *EventBuffer; + + DigestCount = TcgPcrEvent2->Digest.count; + HashAlgo = TcgPcrEvent2->Digest.digests[0].hashAlg; + DigestBuffer = (UINT8 *)&TcgPcrEvent2->Digest.digests[0].digest; + for (DigestIndex = 0; DigestIndex < DigestCount; DigestIndex++) { + DigestSize = GetHashSizeFromAlgo (HashAlgo); + // + // Prepare next + // + CopyMem (&HashAlgo, DigestBuffer + DigestSize, sizeof (TPMI_ALG_HASH)); + DigestBuffer = DigestBuffer + DigestSize + sizeof (TPMI_ALG_HASH); + } + + DigestBuffer = DigestBuffer - sizeof (TPMI_ALG_HASH); + + CopyMem (&EventSize, DigestBuffer, sizeof (TcgPcrEvent2->EventSize)); + EventBuffer = DigestBuffer + sizeof (TcgPcrEvent2->EventSize); + + return (UINTN)EventBuffer + EventSize - (UINTN)TcgPcrEvent2; +} + +/** + This function dump event log. + + @param[in] EventLogFormat The type of the event log for which the information is requested. + @param[in] EventLogLocation A pointer to the memory address of the event log. + @param[in] EventLogLastEntry If the Event Log contains more than one entry, this is a pointer to the + address of the start of the last entry in the event log in memory. + @param[in] FinalEventsTable A pointer to the memory address of the final event table. +**/ +VOID +DumpEventLog ( + IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat, + IN EFI_PHYSICAL_ADDRESS EventLogLocation, + IN EFI_PHYSICAL_ADDRESS EventLogLastEntry, + IN EFI_TCG2_FINAL_EVENTS_TABLE *FinalEventsTable + ) +{ + TCG_PCR_EVENT_HDR *EventHdr; + TCG_PCR_EVENT2 *TcgPcrEvent2; + TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct; + + DEBUG ((EFI_D_INFO, "EventLogFormat: (0x%x)\n", EventLogFormat)); + + switch (EventLogFormat) { + case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2: + // + // Dump first event + // + EventHdr = (TCG_PCR_EVENT_HDR *)(UINTN)EventLogLocation; + DumpEvent (EventHdr); + + TcgEfiSpecIdEventStruct = (TCG_EfiSpecIDEventStruct *)(EventHdr + 1); + DumpTcgEfiSpecIdEventStruct (TcgEfiSpecIdEventStruct); + + TcgPcrEvent2 = (TCG_PCR_EVENT2 *)((UINTN)TcgEfiSpecIdEventStruct + GetTcgEfiSpecIdEventStructSize (TcgEfiSpecIdEventStruct)); + while ((UINTN)TcgPcrEvent2 <= EventLogLastEntry) { + DumpEvent2 (TcgPcrEvent2); + TcgPcrEvent2 = (TCG_PCR_EVENT2 *)((UINTN)TcgPcrEvent2 + GetPcrEvent2Size (TcgPcrEvent2)); + } + + break; + } + + return; +} + +/** + The EFI_TCG2_PROTOCOL Get Event Log function call allows a caller to + retrieve the address of a given event log and its last entry. + + @param[in] This Indicates the calling context + @param[in] EventLogFormat The type of the event log for which the information is requested. + @param[out] EventLogLocation A pointer to the memory address of the event log. + @param[out] EventLogLastEntry If the Event Log contains more than one entry, this is a pointer to the + address of the start of the last entry in the event log in memory. + @param[out] EventLogTruncated If the Event Log is missing at least one entry because an event would + have exceeded the area allocated for events, this value is set to TRUE. + Otherwise, the value will be FALSE and the Event Log will be complete. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect + (e.g. asking for an event log whose format is not supported). +**/ +EFI_STATUS +EFIAPI +Tcg2GetEventLog ( + IN EFI_TCG2_PROTOCOL *This, + IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat, + OUT EFI_PHYSICAL_ADDRESS *EventLogLocation, + OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry, + OUT BOOLEAN *EventLogTruncated + ) +{ + UINTN Index; + + DEBUG ((EFI_D_INFO, "Tcg2GetEventLog ... (0x%x)\n", EventLogFormat)); + + if (This == NULL) { + return EFI_INVALID_PARAMETER; + } + + for (Index = 0; Index < sizeof (mTcg2EventInfo)/sizeof (mTcg2EventInfo[0]); Index++) { + if (EventLogFormat == mTcg2EventInfo[Index].LogFormat) { + break; + } + } + + if (Index == sizeof (mTcg2EventInfo)/sizeof (mTcg2EventInfo[0])) { + return EFI_INVALID_PARAMETER; + } + + if ((mTcg2EventInfo[Index].LogFormat & mTcgDxeData.BsCap.SupportedEventLogs) == 0) { + return EFI_INVALID_PARAMETER; + } + + if (!mTcgDxeData.BsCap.TPMPresentFlag) { + if (EventLogLocation != NULL) { + *EventLogLocation = 0; + } + + if (EventLogLastEntry != NULL) { + *EventLogLastEntry = 0; + } + + if (EventLogTruncated != NULL) { + *EventLogTruncated = FALSE; + } + + return EFI_SUCCESS; + } + + if (EventLogLocation != NULL) { + *EventLogLocation = mTcgDxeData.EventLogAreaStruct[Index].Lasa; + DEBUG ((EFI_D_INFO, "Tcg2GetEventLog (EventLogLocation - %x)\n", *EventLogLocation)); + } + + if (EventLogLastEntry != NULL) { + if (!mTcgDxeData.EventLogAreaStruct[Index].EventLogStarted) { + *EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN)0; + } else { + *EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN)mTcgDxeData.EventLogAreaStruct[Index].LastEvent; + } + + DEBUG ((EFI_D_INFO, "Tcg2GetEventLog (EventLogLastEntry - %x)\n", *EventLogLastEntry)); + } + + if (EventLogTruncated != NULL) { + *EventLogTruncated = mTcgDxeData.EventLogAreaStruct[Index].EventLogTruncated; + DEBUG ((EFI_D_INFO, "Tcg2GetEventLog (EventLogTruncated - %x)\n", *EventLogTruncated)); + } + + DEBUG ((EFI_D_INFO, "Tcg2GetEventLog - %r\n", EFI_SUCCESS)); + + // Dump Event Log for debug purpose + if ((EventLogLocation != NULL) && (EventLogLastEntry != NULL)) { + DumpEventLog (EventLogFormat, *EventLogLocation, *EventLogLastEntry, NULL); + } + + return EFI_SUCCESS; +} + +/** + Return if this is a Tcg800155PlatformIdEvent. + + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure. + @param[in] NewEventHdrSize New event header size. + @param[in] NewEventData Pointer to the new event data. + @param[in] NewEventSize New event data size. + + @retval TRUE This is a Tcg800155PlatformIdEvent. + @retval FALSE This is NOT a Tcg800155PlatformIdEvent. + +**/ +BOOLEAN +Is800155Event ( + IN VOID *NewEventHdr, + IN UINT32 NewEventHdrSize, + IN UINT8 *NewEventData, + IN UINT32 NewEventSize + ) +{ + if ((((TCG_PCR_EVENT2_HDR *)NewEventHdr)->EventType == EV_NO_ACTION) && + (NewEventSize >= sizeof (TCG_Sp800_155_PlatformId_Event2)) && + (CompareMem ( + NewEventData, + TCG_Sp800_155_PlatformId_Event2_SIGNATURE, + sizeof (TCG_Sp800_155_PlatformId_Event2_SIGNATURE) - 1 + ) == 0)) + { + return TRUE; + } + + return FALSE; +} + +/** + Add a new entry to the Event Log. + + @param[in, out] EventLogAreaStruct The event log area data structure + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure. + @param[in] NewEventHdrSize New event header size. + @param[in] NewEventData Pointer to the new event data. + @param[in] NewEventSize New event data size. + + @retval EFI_SUCCESS The new event log entry was added. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + +**/ +EFI_STATUS +TcgCommLogEvent ( + IN OUT TCG_EVENT_LOG_AREA_STRUCT *EventLogAreaStruct, + IN VOID *NewEventHdr, + IN UINT32 NewEventHdrSize, + IN UINT8 *NewEventData, + IN UINT32 NewEventSize + ) +{ + UINTN NewLogSize; + BOOLEAN Record800155Event; + + if (NewEventSize > MAX_ADDRESS - NewEventHdrSize) { + return EFI_OUT_OF_RESOURCES; + } + + NewLogSize = NewEventHdrSize + NewEventSize; + + if (NewLogSize > MAX_ADDRESS - EventLogAreaStruct->EventLogSize) { + return EFI_OUT_OF_RESOURCES; + } + + if (NewLogSize + EventLogAreaStruct->EventLogSize > EventLogAreaStruct->Laml) { + DEBUG ((DEBUG_INFO, " Laml - 0x%x\n", EventLogAreaStruct->Laml)); + DEBUG ((DEBUG_INFO, " NewLogSize - 0x%x\n", NewLogSize)); + DEBUG ((DEBUG_INFO, " LogSize - 0x%x\n", EventLogAreaStruct->EventLogSize)); + DEBUG ((DEBUG_INFO, "TcgCommLogEvent - %r\n", EFI_OUT_OF_RESOURCES)); + return EFI_OUT_OF_RESOURCES; + } + + // + // Check 800-155 event + // Record to 800-155 event offset only. + // If the offset is 0, no need to record. + // + Record800155Event = Is800155Event (NewEventHdr, NewEventHdrSize, NewEventData, NewEventSize); + if (Record800155Event) { + ASSERT (FALSE); + return EFI_SUCCESS; + } + + EventLogAreaStruct->LastEvent = (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->EventLogSize; + EventLogAreaStruct->EventLogSize += NewLogSize; + CopyMem (EventLogAreaStruct->LastEvent, NewEventHdr, NewEventHdrSize); + CopyMem ( + EventLogAreaStruct->LastEvent + NewEventHdrSize, + NewEventData, + NewEventSize + ); + return EFI_SUCCESS; +} + +/** + Add a new entry to the Event Log. + + @param[in] EventLogFormat The type of the event log for which the information is requested. + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure. + @param[in] NewEventHdrSize New event header size. + @param[in] NewEventData Pointer to the new event data. + @param[in] NewEventSize New event data size. + + @retval EFI_SUCCESS The new event log entry was added. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + +**/ +EFI_STATUS +TcgDxeLogEvent ( + IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat, + IN VOID *NewEventHdr, + IN UINT32 NewEventHdrSize, + IN UINT8 *NewEventData, + IN UINT32 NewEventSize + ) +{ + EFI_STATUS Status; + UINTN Index; + TCG_EVENT_LOG_AREA_STRUCT *EventLogAreaStruct; + + for (Index = 0; Index < sizeof (mTcg2EventInfo)/sizeof (mTcg2EventInfo[0]); Index++) { + if (EventLogFormat == mTcg2EventInfo[Index].LogFormat) { + break; + } + } + + if (Index == sizeof (mTcg2EventInfo)/sizeof (mTcg2EventInfo[0])) { + return EFI_INVALID_PARAMETER; + } + + // + // Record to normal event log + // + EventLogAreaStruct = &mTcgDxeData.EventLogAreaStruct[Index]; + + if (EventLogAreaStruct->EventLogTruncated) { + return EFI_VOLUME_FULL; + } + + Status = TcgCommLogEvent ( + EventLogAreaStruct, + NewEventHdr, + NewEventHdrSize, + NewEventData, + NewEventSize + ); + + if (Status == EFI_OUT_OF_RESOURCES) { + EventLogAreaStruct->EventLogTruncated = TRUE; + return EFI_VOLUME_FULL; + } else if (Status == EFI_SUCCESS) { + EventLogAreaStruct->EventLogStarted = TRUE; + } + + return Status; +} + +/** + Get TPML_DIGEST_VALUES compact binary buffer size. + + @param[in] DigestListBin TPML_DIGEST_VALUES compact binary buffer. + + @return TPML_DIGEST_VALUES compact binary buffer size. +**/ +UINT32 +GetDigestListBinSize ( + IN VOID *DigestListBin + ) +{ + UINTN Index; + UINT16 DigestSize; + UINT32 TotalSize; + UINT32 Count; + TPMI_ALG_HASH HashAlg; + + Count = ReadUnaligned32 (DigestListBin); + TotalSize = sizeof (Count); + DigestListBin = (UINT8 *)DigestListBin + sizeof (Count); + for (Index = 0; Index < Count; Index++) { + HashAlg = ReadUnaligned16 (DigestListBin); + TotalSize += sizeof (HashAlg); + DigestListBin = (UINT8 *)DigestListBin + sizeof (HashAlg); + + DigestSize = GetHashSizeFromAlgo (HashAlg); + TotalSize += DigestSize; + DigestListBin = (UINT8 *)DigestListBin + DigestSize; + } + + return TotalSize; +} + +/** + Copy TPML_DIGEST_VALUES compact binary into a buffer + + @param[in,out] Buffer Buffer to hold copied TPML_DIGEST_VALUES compact binary. + @param[in] DigestListBin TPML_DIGEST_VALUES compact binary buffer. + @param[in] HashAlgorithmMask HASH bits corresponding to the desired digests to copy. + @param[out] HashAlgorithmMaskCopied Pointer to HASH bits corresponding to the digests copied. + + @return The end of buffer to hold TPML_DIGEST_VALUES compact binary. +**/ +VOID * +CopyDigestListBinToBuffer ( + IN OUT VOID *Buffer, + IN VOID *DigestListBin, + IN UINT32 HashAlgorithmMask, + OUT UINT32 *HashAlgorithmMaskCopied + ) +{ + UINTN Index; + UINT16 DigestSize; + UINT32 Count; + TPMI_ALG_HASH HashAlg; + UINT32 DigestListCount; + UINT32 *DigestListCountPtr; + + DigestListCountPtr = (UINT32 *)Buffer; + DigestListCount = 0; + (*HashAlgorithmMaskCopied) = 0; + + Count = ReadUnaligned32 (DigestListBin); + Buffer = (UINT8 *)Buffer + sizeof (Count); + DigestListBin = (UINT8 *)DigestListBin + sizeof (Count); + for (Index = 0; Index < Count; Index++) { + HashAlg = ReadUnaligned16 (DigestListBin); + DigestListBin = (UINT8 *)DigestListBin + sizeof (HashAlg); + DigestSize = GetHashSizeFromAlgo (HashAlg); + + if (IsHashAlgSupportedInHashAlgorithmMask (HashAlg, HashAlgorithmMask)) { + CopyMem (Buffer, &HashAlg, sizeof (HashAlg)); + Buffer = (UINT8 *)Buffer + sizeof (HashAlg); + CopyMem (Buffer, DigestListBin, DigestSize); + Buffer = (UINT8 *)Buffer + DigestSize; + DigestListCount++; + (*HashAlgorithmMaskCopied) |= GetHashMaskFromAlgo (HashAlg); + } else { + DEBUG ((DEBUG_ERROR, "WARNING: CopyDigestListBinToBuffer Event log has HashAlg unsupported by PCR bank (0x%x)\n", HashAlg)); + } + + DigestListBin = (UINT8 *)DigestListBin + DigestSize; + } + + WriteUnaligned32 (DigestListCountPtr, DigestListCount); + + return Buffer; +} + +/** + Add a new entry to the Event Log. + + @param[in] DigestList A list of digest. + @param[in,out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. + @param[in] NewEventData Pointer to the new event data. + + @retval EFI_SUCCESS The new event log entry was added. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. +**/ +EFI_STATUS +TcgDxeLogHashEvent ( + IN TPML_DIGEST_VALUES *DigestList, + IN OUT TCG_PCR_EVENT_HDR *NewEventHdr, + IN UINT8 *NewEventData + ) +{ + EFI_STATUS Status; + EFI_TPL OldTpl; + UINTN Index; + EFI_STATUS RetStatus; + TCG_PCR_EVENT2 TcgPcrEvent2; + UINT8 *DigestBuffer; + UINT32 *EventSizePtr; + + DEBUG ((EFI_D_INFO, "SupportedEventLogs - 0x%08x\n", mTcgDxeData.BsCap.SupportedEventLogs)); + + RetStatus = EFI_SUCCESS; + for (Index = 0; Index < sizeof (mTcg2EventInfo)/sizeof (mTcg2EventInfo[0]); Index++) { + if ((mTcgDxeData.BsCap.SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) { + DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", mTcg2EventInfo[Index].LogFormat)); + switch (mTcg2EventInfo[Index].LogFormat) { + case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2: + Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest); + if (!EFI_ERROR (Status)) { + // + // Enter critical region + // + OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL); + Status = TcgDxeLogEvent ( + mTcg2EventInfo[Index].LogFormat, + NewEventHdr, + sizeof (TCG_PCR_EVENT_HDR), + NewEventData, + NewEventHdr->EventSize + ); + if (Status != EFI_SUCCESS) { + RetStatus = Status; + } + + gBS->RestoreTPL (OldTpl); + // + // Exit critical region + // + } + + break; + case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2: + ZeroMem (&TcgPcrEvent2, sizeof (TcgPcrEvent2)); + TcgPcrEvent2.PCRIndex = NewEventHdr->PCRIndex; + TcgPcrEvent2.EventType = NewEventHdr->EventType; + DigestBuffer = (UINT8 *)&TcgPcrEvent2.Digest; + EventSizePtr = CopyDigestListToBuffer (DigestBuffer, DigestList, mTcgDxeData.BsCap.ActivePcrBanks); + CopyMem (EventSizePtr, &NewEventHdr->EventSize, sizeof (NewEventHdr->EventSize)); + + // + // Enter critical region + // + OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL); + Status = TcgDxeLogEvent ( + mTcg2EventInfo[Index].LogFormat, + &TcgPcrEvent2, + sizeof (TcgPcrEvent2.PCRIndex) + sizeof (TcgPcrEvent2.EventType) + GetDigestListBinSize (DigestBuffer) + sizeof (TcgPcrEvent2.EventSize), + NewEventData, + NewEventHdr->EventSize + ); + if (Status != EFI_SUCCESS) { + RetStatus = Status; + } + + gBS->RestoreTPL (OldTpl); + // + // Exit critical region + // + break; + } + } + } + + return RetStatus; +} + +/** + Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result, + and add an entry to the Event Log. + + @param[in] Flags Bitmap providing additional information. + @param[in] HashData Physical address of the start of the data buffer + to be hashed, extended, and logged. + @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData + @param[in, out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. + @param[in] NewEventData Pointer to the new event data. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + +**/ +EFI_STATUS +TcgDxeHashLogExtendEvent ( + IN UINT64 Flags, + IN UINT8 *HashData, + IN UINT64 HashDataLen, + IN OUT TCG_PCR_EVENT_HDR *NewEventHdr, + IN UINT8 *NewEventData + ) +{ + EFI_STATUS Status; + TPML_DIGEST_VALUES DigestList; + TCG_PCR_EVENT2_HDR NoActionEvent; + + if (!mTcgDxeData.BsCap.TPMPresentFlag) { + return EFI_DEVICE_ERROR; + } + + if (NewEventHdr->EventType == EV_NO_ACTION) { + // + // Do not do TPM extend for EV_NO_ACTION + // + if (NewEventHdr->PCRIndex < 24) { + Status = EFI_SUCCESS; + InitNoActionEvent (&NoActionEvent, NewEventHdr->EventSize); + if ((Flags & EFI_TCG2_EXTEND_ONLY) == 0) { + Status = TcgDxeLogHashEvent (&(NoActionEvent.Digests), NewEventHdr, NewEventData); + } + } else { + // + // Extend to NvIndex + // + Status = HashAndExtend ( + NewEventHdr->PCRIndex, + HashData, + (UINTN)HashDataLen, + &DigestList + ); + if (!EFI_ERROR (Status)) { + Status = TcgDxeLogHashEvent (&DigestList, NewEventHdr, NewEventData); + } + } + + return Status; + } + + Status = HashAndExtend ( + NewEventHdr->PCRIndex, + HashData, + (UINTN)HashDataLen, + &DigestList + ); + if (!EFI_ERROR (Status)) { + if ((Flags & EFI_TCG2_EXTEND_ONLY) == 0) { + Status = TcgDxeLogHashEvent (&DigestList, NewEventHdr, NewEventData); + } + } + + if (Status == EFI_DEVICE_ERROR) { + DEBUG ((EFI_D_ERROR, "TcgDxeHashLogExtendEvent - %r. Disable TPM.\n", Status)); + mTcgDxeData.BsCap.TPMPresentFlag = FALSE; + } + + return Status; +} + +/** + The EFI_TCG2_PROTOCOL HashLogExtendEvent function call provides callers with + an opportunity to extend and optionally log events without requiring + knowledge of actual TPM commands. + The extend operation will occur even if this function cannot create an event + log entry (e.g. due to the event log being full). + + @param[in] This Indicates the calling context + @param[in] Flags Bitmap providing additional information. + @param[in] DataToHash Physical address of the start of the data buffer to be hashed. + @param[in] DataToHashLen The length in bytes of the buffer referenced by DataToHash. + @param[in] Event Pointer to data buffer containing information about the event. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + @retval EFI_VOLUME_FULL The extend operation occurred, but the event could not be written to one or more event logs. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. + @retval EFI_UNSUPPORTED The PE/COFF image type is not supported. +**/ +EFI_STATUS +EFIAPI +Tcg2HashLogExtendEvent ( + IN EFI_TCG2_PROTOCOL *This, + IN UINT64 Flags, + IN EFI_PHYSICAL_ADDRESS DataToHash, + IN UINT64 DataToHashLen, + IN EFI_TCG2_EVENT *Event + ) +{ + EFI_STATUS Status; + TCG_PCR_EVENT_HDR NewEventHdr; + + DEBUG ((DEBUG_VERBOSE, "Tcg2HashLogExtendEvent ...\n")); + + if ((This == NULL) || (Event == NULL)) { + return EFI_INVALID_PARAMETER; + } + + // + // Do not check hash data size for EV_NO_ACTION event. + // + if ((Event->Header.EventType != EV_NO_ACTION) && (DataToHash == 0)) { + return EFI_INVALID_PARAMETER; + } + + if (!mTcgDxeData.BsCap.TPMPresentFlag) { + return EFI_DEVICE_ERROR; + } + + if (Event->Size < Event->Header.HeaderSize + sizeof (UINT32)) { + return EFI_INVALID_PARAMETER; + } + + if ((Event->Header.EventType != EV_NO_ACTION) && (Event->Header.PCRIndex > MAX_PCR_INDEX)) { + return EFI_INVALID_PARAMETER; + } + + NewEventHdr.PCRIndex = Event->Header.PCRIndex; + NewEventHdr.EventType = Event->Header.EventType; + NewEventHdr.EventSize = Event->Size - sizeof (UINT32) - Event->Header.HeaderSize; + if ((Flags & PE_COFF_IMAGE) != 0) { + ASSERT (FALSE); + } else { + Status = TcgDxeHashLogExtendEvent ( + Flags, + (UINT8 *)(UINTN)DataToHash, + DataToHashLen, + &NewEventHdr, + Event->Event + ); + } + + DEBUG ((DEBUG_VERBOSE, "Tcg2HashLogExtendEvent - %r\n", Status)); + return Status; +} + +EFI_STATUS +EFIAPI +Tcg2SubmitCommand ( + IN EFI_TCG2_PROTOCOL *This, + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN UINT32 OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +/** + This service returns the currently active PCR banks. + + @param[in] This Indicates the calling context + @param[out] ActivePcrBanks Pointer to the variable receiving the bitmap of currently active PCR banks. + + @retval EFI_SUCCESS The bitmap of active PCR banks was stored in the ActivePcrBanks parameter. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. +**/ +EFI_STATUS +EFIAPI +Tcg2GetActivePCRBanks ( + IN EFI_TCG2_PROTOCOL *This, + OUT UINT32 *ActivePcrBanks + ) +{ + if (ActivePcrBanks == NULL) { + return EFI_INVALID_PARAMETER; + } + + *ActivePcrBanks = mTcgDxeData.BsCap.ActivePcrBanks; + return EFI_SUCCESS; +} + +/** + This service sets the currently active PCR banks. + + @param[in] This Indicates the calling context + @param[in] ActivePcrBanks Bitmap of the requested active PCR banks. At least one bit SHALL be set. + + @retval EFI_SUCCESS The bitmap in ActivePcrBank parameter is already active. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. +**/ +EFI_STATUS +EFIAPI +Tcg2SetActivePCRBanks ( + IN EFI_TCG2_PROTOCOL *This, + IN UINT32 ActivePcrBanks + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +/** + This service retrieves the result of a previous invocation of SetActivePcrBanks. + + @param[in] This Indicates the calling context + @param[out] OperationPresent Non-zero value to indicate a SetActivePcrBank operation was invoked during the last boot. + @param[out] Response The response from the SetActivePcrBank request. + + @retval EFI_SUCCESS The result value could be returned. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. +**/ +EFI_STATUS +EFIAPI +Tcg2GetResultOfSetActivePcrBanks ( + IN EFI_TCG2_PROTOCOL *This, + OUT UINT32 *OperationPresent, + OUT UINT32 *Response + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +EFI_TCG2_PROTOCOL mTcg2Protocol = { + Tcg2GetCapability, + Tcg2GetEventLog, + Tcg2HashLogExtendEvent, + Tcg2SubmitCommand, + Tcg2GetActivePCRBanks, + Tcg2SetActivePCRBanks, + Tcg2GetResultOfSetActivePcrBanks, +}; + +EFI_HANDLE mTcg2Handle; + +/** + Initialize the Event Log and log events passed from the PEI phase. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES Out of memory. + +**/ +EFI_STATUS +SetupEventLog ( + VOID + ) +{ + EFI_STATUS Status; + EFI_PHYSICAL_ADDRESS Lasa; + UINTN Index; + TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct; + UINT8 TempBuf[sizeof (TCG_EfiSpecIDEventStruct) + sizeof (UINT32) + (HASH_COUNT * sizeof (TCG_EfiSpecIdEventAlgorithmSize)) + sizeof (UINT8)]; + TCG_PCR_EVENT_HDR SpecIdEvent; + TCG_EfiSpecIdEventAlgorithmSize *DigestSize; + TCG_EfiSpecIdEventAlgorithmSize *TempDigestSize; + UINT8 *VendorInfoSize; + UINT32 NumberOfAlgorithms; + + DEBUG ((EFI_D_INFO, "SetupEventLog\n")); + + // + // 1. Create Log Area + // + for (Index = 0; Index < sizeof (mTcg2EventInfo)/sizeof (mTcg2EventInfo[0]); Index++) { + if ((mTcgDxeData.BsCap.SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) { + mTcgDxeData.EventLogAreaStruct[Index].EventLogFormat = mTcg2EventInfo[Index].LogFormat; + if (PcdGet8 (PcdTpm2AcpiTableRev) >= 4) { + Status = gBS->AllocatePages ( + AllocateAnyPages, + EfiACPIMemoryNVS, + EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)), + &Lasa + ); + } else { + Status = gBS->AllocatePages ( + AllocateAnyPages, + EfiBootServicesData, + EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)), + &Lasa + ); + } + + if (EFI_ERROR (Status)) { + return Status; + } + + mTcgDxeData.EventLogAreaStruct[Index].Lasa = Lasa; + mTcgDxeData.EventLogAreaStruct[Index].Laml = PcdGet32 (PcdTcgLogAreaMinLen); + + // + // To initialize them as 0xFF is recommended + // because the OS can know the last entry for that. + // + SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcgLogAreaMinLen), 0xFF); + // + // Create first entry for Log Header Entry Data + // + if (mTcg2EventInfo[Index].LogFormat != EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2) { + // + // TcgEfiSpecIdEventStruct + // + TcgEfiSpecIdEventStruct = (TCG_EfiSpecIDEventStruct *)TempBuf; + CopyMem (TcgEfiSpecIdEventStruct->signature, TCG_EfiSpecIDEventStruct_SIGNATURE_03, sizeof (TcgEfiSpecIdEventStruct->signature)); + TcgEfiSpecIdEventStruct->platformClass = PcdGet8 (PcdTpmPlatformClass); + TcgEfiSpecIdEventStruct->specVersionMajor = TCG_EfiSpecIDEventStruct_SPEC_VERSION_MAJOR_TPM2; + TcgEfiSpecIdEventStruct->specVersionMinor = TCG_EfiSpecIDEventStruct_SPEC_VERSION_MINOR_TPM2; + TcgEfiSpecIdEventStruct->specErrata = (UINT8)PcdGet32 (PcdTcgPfpMeasurementRevision); + TcgEfiSpecIdEventStruct->uintnSize = sizeof (UINTN)/sizeof (UINT32); + NumberOfAlgorithms = 0; + DigestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof (*TcgEfiSpecIdEventStruct) + sizeof (NumberOfAlgorithms)); + if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA1) != 0) { + TempDigestSize = DigestSize; + TempDigestSize += NumberOfAlgorithms; + TempDigestSize->algorithmId = TPM_ALG_SHA1; + TempDigestSize->digestSize = SHA1_DIGEST_SIZE; + NumberOfAlgorithms++; + } + + if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) { + TempDigestSize = DigestSize; + TempDigestSize += NumberOfAlgorithms; + TempDigestSize->algorithmId = TPM_ALG_SHA256; + TempDigestSize->digestSize = SHA256_DIGEST_SIZE; + NumberOfAlgorithms++; + } + + if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) { + TempDigestSize = DigestSize; + TempDigestSize += NumberOfAlgorithms; + TempDigestSize->algorithmId = TPM_ALG_SHA384; + TempDigestSize->digestSize = SHA384_DIGEST_SIZE; + NumberOfAlgorithms++; + } + + if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) { + TempDigestSize = DigestSize; + TempDigestSize += NumberOfAlgorithms; + TempDigestSize->algorithmId = TPM_ALG_SHA512; + TempDigestSize->digestSize = SHA512_DIGEST_SIZE; + NumberOfAlgorithms++; + } + + if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) { + TempDigestSize = DigestSize; + TempDigestSize += NumberOfAlgorithms; + TempDigestSize->algorithmId = TPM_ALG_SM3_256; + TempDigestSize->digestSize = SM3_256_DIGEST_SIZE; + NumberOfAlgorithms++; + } + + CopyMem (TcgEfiSpecIdEventStruct + 1, &NumberOfAlgorithms, sizeof (NumberOfAlgorithms)); + TempDigestSize = DigestSize; + TempDigestSize += NumberOfAlgorithms; + VendorInfoSize = (UINT8 *)TempDigestSize; + *VendorInfoSize = 0; + + SpecIdEvent.PCRIndex = 0; + SpecIdEvent.EventType = EV_NO_ACTION; + ZeroMem (&SpecIdEvent.Digest, sizeof (SpecIdEvent.Digest)); + SpecIdEvent.EventSize = (UINT32)GetTcgEfiSpecIdEventStructSize (TcgEfiSpecIdEventStruct); + + // + // Log TcgEfiSpecIdEventStruct as the first Event. Event format is TCG_PCR_EVENT. + // TCG EFI Protocol Spec. Section 5.3 Event Log Header + // TCG PC Client PFP spec. Section 9.2 Measurement Event Entries and Log + // + Status = TcgDxeLogEvent ( + mTcg2EventInfo[Index].LogFormat, + &SpecIdEvent, + sizeof (SpecIdEvent), + (UINT8 *)TcgEfiSpecIdEventStruct, + SpecIdEvent.EventSize + ); + } + } + } + + return Status; +} + +EFI_STATUS +EFIAPI +MainEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + + SetupEventLog (); + + Status = gBS->InstallProtocolInterface ( + &mTcg2Handle, + &gEfiTcg2ProtocolGuid, + EFI_NATIVE_INTERFACE, + &mTcg2Protocol + ); + + return Status; +} diff --git a/DeviceSecurityTestPkg/Test/Tcg2Stub/Tcg2Stub.inf b/DeviceSecurityTestPkg/Test/Tcg2Stub/Tcg2Stub.inf new file mode 100644 index 00000000000..45cda7fd961 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Tcg2Stub/Tcg2Stub.inf @@ -0,0 +1,47 @@ +## @file +# EDKII Tcg2 Stub +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tcg2Stub + FILE_GUID = E21EE580-B4F6-494B-856F-A50B08AAD125 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = MainEntryPoint + +[Sources] + Tcg2Stub.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + MemoryAllocationLib + BaseLib + UefiBootServicesTableLib + UefiDriverEntryPoint + UefiRuntimeServicesTableLib + BaseMemoryLib + DebugLib + Tpm2CommandLib + PrintLib + HashLib + +[Protocols] + gEfiTcg2ProtocolGuid ## PRODUCES + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## CONSUMES + +[Depex] + TRUE diff --git a/DeviceSecurityTestPkg/Test/TestSpdm/TestSpdm.c b/DeviceSecurityTestPkg/Test/TestSpdm/TestSpdm.c new file mode 100644 index 00000000000..e3ffedad31f --- /dev/null +++ b/DeviceSecurityTestPkg/Test/TestSpdm/TestSpdm.c @@ -0,0 +1,344 @@ +/** @file + EDKII TestSpdm + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define USE_PSK 0 + +VOID +InternalDumpData ( + IN UINT8 *Data, + IN UINTN Size + ) +{ + UINTN Index; + + for (Index = 0; Index < Size; Index++) { + Print (L"%02x ", (UINTN)Data[Index]); + } +} + +VOID +InternalDumpHex ( + IN UINT8 *Data, + IN UINTN Size + ) +{ + UINTN Index; + UINTN Count; + UINTN Left; + + #define COLUME_SIZE (16 * 2) + + Count = Size / COLUME_SIZE; + Left = Size % COLUME_SIZE; + for (Index = 0; Index < Count; Index++) { + Print (L"%04x: ", Index * COLUME_SIZE); + InternalDumpData (Data + Index * COLUME_SIZE, COLUME_SIZE); + Print (L"\n"); + } + + if (Left != 0) { + Print (L"%04x: ", Index * COLUME_SIZE); + InternalDumpData (Data + Index * COLUME_SIZE, Left); + Print (L"\n"); + } +} + +VOID +TestPci ( + VOID + ) +{ + EFI_STATUS Status; + SPDM_IO_PROTOCOL *SpdmIo; + EFI_HANDLE Handle; + UINTN BufferSize; + EDKII_DEVICE_SECURITY_PROTOCOL *DeviceSecurity; + EDKII_DEVICE_IDENTIFIER DeviceId; + + Status = gBS->LocateProtocol (&gSpdmIoProtocolGuid, NULL, (VOID **)&SpdmIo); + ASSERT_EFI_ERROR (Status); + + BufferSize = sizeof (Handle); + Status = gBS->LocateHandle ( + ByProtocol, + &gEdkiiDeviceIdentifierTypePciGuid, + NULL, + &BufferSize, + &Handle + ); + ASSERT_EFI_ERROR (Status); + + Status = gBS->InstallProtocolInterface ( + &Handle, + &gSpdmIoProtocolGuid, + EFI_NATIVE_INTERFACE, + SpdmIo + ); + ASSERT_EFI_ERROR (Status); + + Status = gBS->LocateProtocol (&gEdkiiDeviceSecurityProtocolGuid, NULL, (VOID **)&DeviceSecurity); + ASSERT_EFI_ERROR (Status); + + DeviceId.Version = EDKII_DEVICE_IDENTIFIER_REVISION; + CopyGuid (&DeviceId.DeviceType, &gEdkiiDeviceIdentifierTypePciGuid); + DeviceId.DeviceHandle = Handle; + Status = DeviceSecurity->DeviceAuthenticate (DeviceSecurity, &DeviceId); +} + +typedef struct { + SPDM_DATA_TYPE DataType; + CHAR8 *String; +} DATA_TYPE_STRING; + +#pragma pack(1) +#define TEST_PAYLOAD_CLIENT "Hello Client!" +#define TEST_PAYLOAD_SERVER "Hello Server!" +#define TEST_PAYLOAD_LEN (sizeof("Hello XXXXXX!")) +/// +/// SPDM VENDOR_DEFINED request +/// +typedef struct { + SPDM_MESSAGE_HEADER Header; + // Param1 == RSVD + // Param2 == RSVD + UINT16 StandardID; + UINT8 Len; + UINT16 VendorID; + UINT16 PayloadLength; + UINT8 VendorDefinedPayload[TEST_PAYLOAD_LEN]; +} SPDM_VENDOR_DEFINED_REQUEST_MINE; + +/// +/// SPDM VENDOR_DEFINED response +/// +typedef struct { + SPDM_MESSAGE_HEADER Header; + // Param1 == RSVD + // Param2 == RSVD + UINT16 StandardID; + UINT8 Len; + UINT16 VendorID; + UINT16 PayloadLength; + UINT8 VendorDefinedPayload[TEST_PAYLOAD_LEN]; +} SPDM_VENDOR_DEFINED_RESPONSE_MINE; + +#pragma pack() + +SPDM_VENDOR_DEFINED_REQUEST_MINE mVendorDefinedRequest = { + { + SPDM_MESSAGE_VERSION_10, + SPDM_VENDOR_DEFINED_REQUEST, + 0, // Param1 + 0, // Param2 + }, + SPDM_REGISTRY_ID_PCISIG, // StandardID + 2, // Len + 0x8086, // VendorID + TEST_PAYLOAD_LEN, // PayloadLength + { TEST_PAYLOAD_CLIENT } +}; + +SPDM_VENDOR_DEFINED_RESPONSE_MINE mVendorDefinedResponse = { + { + SPDM_MESSAGE_VERSION_10, + SPDM_VENDOR_DEFINED_RESPONSE, + 0, // Param1 + 0, // Param2 + }, + SPDM_REGISTRY_ID_PCISIG, // StandardID + 2, // Len + 0x8086, // VendorID + TEST_PAYLOAD_LEN, // PayloadLength + { TEST_PAYLOAD_SERVER } +}; + +/** + Process a packet in the current SPDM session. + + @param This Indicates a pointer to the calling context. + @param SessionId ID of the session. + @param Request A pointer to the request data. + @param RequestSize Size of the request data. + @param Response A pointer to the response data. + @param ResponseSize Size of the response data. On input, it means the size of Data + buffer. On output, it means the size of copied Data buffer if + EFI_SUCCESS, and means the size of desired Data buffer if + EFI_BUFFER_TOO_SMALL. + + @retval EFI_SUCCESS The SPDM request is set successfully. + @retval EFI_INVALID_PARAMETER The DataSize is NULL or the Data is NULL and *DataSize is not zero. + @retval EFI_UNSUPPORTED The DataType is unsupported. + @retval EFI_NOT_FOUND The DataType cannot be found. + @retval EFI_NOT_READY The DataType is not ready to return. + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data. + @retval EFI_TIMEOUT A timeout occurred while waiting for the SPDM request + to execute. +**/ +EFI_STATUS +EFIAPI +TestSpdmProcessPacketCallback ( + IN VOID *Request, + IN UINTN RequestSize, + OUT VOID *Response, + IN OUT UINTN *ResponseSize + ) +{ + SPDM_VENDOR_DEFINED_REQUEST_MINE *SpmdRequest; + + SpmdRequest = Request; + ASSERT (RequestSize == sizeof (SPDM_VENDOR_DEFINED_REQUEST_MINE)); + ASSERT (SpmdRequest->Header.RequestResponseCode == SPDM_VENDOR_DEFINED_REQUEST); + ASSERT (SpmdRequest->StandardID == SPDM_REGISTRY_ID_PCISIG); + ASSERT (SpmdRequest->VendorID == 0x8086); + ASSERT (SpmdRequest->PayloadLength == TEST_PAYLOAD_LEN); + ASSERT (CompareMem (SpmdRequest->VendorDefinedPayload, TEST_PAYLOAD_CLIENT, TEST_PAYLOAD_LEN) == 0); + + CopyMem (Response, &mVendorDefinedResponse, sizeof (mVendorDefinedResponse)); + *ResponseSize = sizeof (mVendorDefinedResponse); + return EFI_SUCCESS; +} + +VOID +TestSpdmApplication ( + IN SPDM_PROTOCOL *SpdmProtocol, + IN SPDM_TEST_PROTOCOL *SpdmTestProtocol, + IN UINT32 SessionId + ) +{ + EFI_STATUS Status; + SPDM_VENDOR_DEFINED_REQUEST_MINE Request; + UINTN RequestSize; + SPDM_VENDOR_DEFINED_RESPONSE_MINE Response; + UINTN ResponseSize; + + Status = SpdmTestProtocol->RegisterProcessPacketCallback (SpdmTestProtocol, TestSpdmProcessPacketCallback); + + CopyMem (&Request, &mVendorDefinedRequest, sizeof (Request)); + + RequestSize = sizeof (Request); + ResponseSize = sizeof (Response); + Status = SpdmProtocol->SendReceiveData (SpdmProtocol, &SessionId, FALSE, &Request, RequestSize, &Response, &ResponseSize); + ASSERT_EFI_ERROR (Status); + + ASSERT (ResponseSize == sizeof (SPDM_VENDOR_DEFINED_RESPONSE_MINE)); + ASSERT (Response.Header.RequestResponseCode == SPDM_VENDOR_DEFINED_RESPONSE); + ASSERT (Response.StandardID == SPDM_REGISTRY_ID_PCISIG); + ASSERT (Response.VendorID == 0x8086); + ASSERT (Response.PayloadLength == TEST_PAYLOAD_LEN); + ASSERT (CompareMem (Response.VendorDefinedPayload, TEST_PAYLOAD_SERVER, TEST_PAYLOAD_LEN) == 0); +} + +#if (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_EX_CAP) +VOID +TestSpdm ( + VOID + ) +{ + EFI_STATUS Status; + SPDM_PROTOCOL *SpdmProtocol; + SPDM_TEST_PROTOCOL *SpdmTestProtocol; + UINT32 SessionId; + UINT8 HeartbeatPeriod; + UINT8 MeasurementHash[64]; + UINT8 SlotId; + UINT8 TestConfig; + UINTN TestConfigSize; + + TestConfigSize = sizeof(UINT8); + Status = gRT->GetVariable ( + L"SpdmTestConfig", + &gEfiDeviceSecurityPkgTestConfig, + NULL, + &TestConfigSize, + &TestConfig + ); + if (EFI_ERROR (Status)) { + return; + } + + if (TestConfig == TEST_CONFIG_SPDM_MESSAGE_VERSION_10) { + //SPDM 1.0 does not support KEY_EXCHANGE or PSK_EXCHANGE, so skip. + return; + } + + Status = gBS->LocateProtocol (&gSpdmProtocolGuid, NULL, (VOID **)&SpdmProtocol); + ASSERT_EFI_ERROR (Status); + + Status = gBS->LocateProtocol (&gSpdmTestProtocolGuid, NULL, (VOID **)&SpdmTestProtocol); + ASSERT_EFI_ERROR (Status); + + #if USE_PSK + Status = SpdmProtocol->SetData (SpdmProtocol, SpdmDataPsk, NULL, "TestPskData", sizeof ("TestPskData")); + ASSERT_EFI_ERROR (Status); + + Status = SpdmTestProtocol->SetData (SpdmTestProtocol, SpdmDataPsk, NULL, "TestPskData", sizeof ("TestPskData")); + ASSERT_EFI_ERROR (Status); + #endif + + HeartbeatPeriod = 0; + ZeroMem (MeasurementHash, sizeof (MeasurementHash)); + SlotId = 0; + if (TestConfig == TEST_CONFIG_DIFF_CERT_IN_DIFF_SLOT) { + //The valid certificate chain with trust anchor is in slot_1 of responder. + SlotId = 1; + } + Status = SpdmProtocol->StartSession ( + SpdmProtocol, + USE_PSK, + SPDM_CHALLENGE_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH, + SlotId, + &SessionId, + &HeartbeatPeriod, + MeasurementHash + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "StartSession - %r\n", Status)); + return; + } + + TestSpdmApplication (SpdmProtocol, SpdmTestProtocol, SessionId); + + Status = SpdmProtocol->StopSession (SpdmProtocol, SessionId, 0); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "StopSession - %r\n", Status)); + return; + } +} +#endif + +EFI_STATUS +EFIAPI +MainEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + // CpuBreakpoint(); + TestPci (); + +#if (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_EX_CAP) + TestSpdm (); +#endif + return EFI_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/Test/TestSpdm/TestSpdm.inf b/DeviceSecurityTestPkg/Test/TestSpdm/TestSpdm.inf new file mode 100644 index 00000000000..af24d8c20a4 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/TestSpdm/TestSpdm.inf @@ -0,0 +1,46 @@ +## @file +# EDKII TestSpdm +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = TestSpdm + FILE_GUID = 90181C84-FE0D-447C-ABCB-6F6767B287E8 + MODULE_TYPE = UEFI_APPLICATION + VERSION_STRING = 1.0 + ENTRY_POINT = MainEntryPoint + +[Sources] + TestSpdm.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + CryptoPkg/CryptoPkg.dec + SecurityPkg/SecurityPkg.dec + DeviceSecurityTestPkg/DeviceSecurityTestPkg.dec + +[LibraryClasses] + UefiRuntimeServicesTableLib + UefiBootServicesTableLib + UefiApplicationEntryPoint + MemoryAllocationLib + DevicePathLib + BaseMemoryLib + PrintLib + DebugLib + UefiLib + +[Protocols] + gEdkiiDeviceIdentifierTypePciGuid ## CONSUME + gSpdmIoProtocolGuid ## CONSUME + gSpdmProtocolGuid ## CONSUME + gSpdmTestProtocolGuid ## CONSUME + gEdkiiDeviceSecurityProtocolGuid ## CONSUME + +[Guids] + gEfiDeviceSecurityPkgTestConfig ## CONSUMES diff --git a/DeviceSecurityTestPkg/Test/Tpm2DeviceLibTestStub/Tpm2DeviceLibTestStub.c b/DeviceSecurityTestPkg/Test/Tpm2DeviceLibTestStub/Tpm2DeviceLibTestStub.c new file mode 100644 index 00000000000..8acdd43aea7 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Tpm2DeviceLibTestStub/Tpm2DeviceLibTestStub.c @@ -0,0 +1,54 @@ +/** @file + This library is TPM2 DTPM device lib. + Choosing this library means platform uses and only uses DTPM device as TPM2 engine. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include + +/** + This service enables the sending of commands to the TPM2. + + @param[in] InputParameterBlockSize Size of the TPM2 input parameter block. + @param[in] InputParameterBlock Pointer to the TPM2 input parameter block. + @param[in,out] OutputParameterBlockSize Size of the TPM2 output parameter block. + @param[in] OutputParameterBlock Pointer to the TPM2 output parameter block. + + @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. + @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. +**/ +EFI_STATUS +EFIAPI +Tpm2SubmitCommand ( + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock + ) +{ + ASSERT (FALSE); + return EFI_DEVICE_ERROR; +} + +/** + This service requests use TPM2. + + @retval EFI_SUCCESS Get the control of TPM2 chip. + @retval EFI_NOT_FOUND TPM2 not found. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2RequestUseTpm ( + VOID + ) +{ + return EFI_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/Test/Tpm2DeviceLibTestStub/Tpm2DeviceLibTestStub.inf b/DeviceSecurityTestPkg/Test/Tpm2DeviceLibTestStub/Tpm2DeviceLibTestStub.inf new file mode 100644 index 00000000000..5191cad51c5 --- /dev/null +++ b/DeviceSecurityTestPkg/Test/Tpm2DeviceLibTestStub/Tpm2DeviceLibTestStub.inf @@ -0,0 +1,41 @@ +## @file +# Provides TPM 2.0 TIS/PTP functions for DTPM +# +# Spec Compliance Info: +# "TCG PC Client Platform TPM Profile(PTP) Specification Family 2.0 Level 00 Revision 00.43" +# "TCG PC Client Specific TPM Interface Specification(TIS) Version 1.3" +# +# This library implements TIS (TPM Interface Specification) and +# PTP (Platform TPM Profile) functions which is +# used for every TPM 2.0 command. Choosing this library means platform uses and +# only uses TPM 2.0 DTPM device. +# +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tpm2DeviceLibTestStub + FILE_GUID = 73058914-AF24-49E5-B884-8A91668208F4 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = Tpm2DeviceLib +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + Tpm2DeviceLibTestStub.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + DebugLib + diff --git a/DeviceSecurityTestPkg/TestPei/DeviceSecurityPolicyStubPei/DeviceSecurityPolicyStubPei.c b/DeviceSecurityTestPkg/TestPei/DeviceSecurityPolicyStubPei/DeviceSecurityPolicyStubPei.c new file mode 100644 index 00000000000..7900e01fe33 --- /dev/null +++ b/DeviceSecurityTestPkg/TestPei/DeviceSecurityPolicyStubPei/DeviceSecurityPolicyStubPei.c @@ -0,0 +1,208 @@ +/** @file + EDKII Device Security Policy Stub + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +EDKII_DEVICE_SECURITY_POLICY mDeviceSecurityPolicyNone = { + EDKII_DEVICE_SECURITY_POLICY_REVISION, + 0, + 0, +}; + +EDKII_DEVICE_SECURITY_POLICY mDeviceSecurityPolicyFull = { + EDKII_DEVICE_SECURITY_POLICY_REVISION, + EDKII_DEVICE_MEASUREMENT_REQUIRED, + EDKII_DEVICE_AUTHENTICATION_REQUIRED +}; + +/** + This function returns the device security policy associated with the device. + + The device security driver may call this interface to get the platform policy + for the specific device and determine if the measurement or authentication + is required. + + @param[in] This The protocol instance pointer. + @param[in] DeviceId The Identifier for the device. + @param[out] DeviceSecurityPolicy The Device Security Policy associated with the device. + + @retval EFI_SUCCESS The device security policy is returned + @retval EFI_UNSUPPORTED The function is unsupported for the specific Device. +**/ +EFI_STATUS +EFIAPI +GetDevicePolicy ( + IN EDKII_DEVICE_SECURITY_POLICY_PPI *This, + IN EDKII_DEVICE_IDENTIFIER *DeviceId, + OUT EDKII_DEVICE_SECURITY_POLICY *DeviceSecurityPolicy + ) +{ + DEBUG((DEBUG_ERROR, ">>>>>>>>>> GetDevicePolicy!!!\n")); +#if 0 + EFI_STATUS Status; + EFI_PCI_IO_PROTOCOL *PciIo; + UINT16 PciVendorId; + UINT16 PciDeviceId; + + CopyMem (DeviceSecurityPolicy, &mDeviceSecurityPolicyNone, sizeof(EDKII_DEVICE_SECURITY_POLICY)); + + DEBUG ((DEBUG_INFO, "GetDevicePolicy - 0x%g\n", &DeviceId->DeviceType)); + + if (!CompareGuid (&DeviceId->DeviceType, &gEdkiiDeviceIdentifierTypePciGuid)) { + return EFI_SUCCESS; + } + + Status = gBS->HandleProtocol ( + DeviceId->DeviceHandle, + &gEdkiiDeviceIdentifierTypePciGuid, + (VOID **)&PciIo + ); + if (EFI_ERROR(Status)) { + DEBUG ((DEBUG_ERROR, "Locate - DeviceIdentifierTypePci - %r\n", Status)); + return EFI_SUCCESS; + } + + Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16, PCI_VENDOR_ID_OFFSET, 1, &PciVendorId); + ASSERT_EFI_ERROR(Status); + Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16, PCI_DEVICE_ID_OFFSET, 1, &PciDeviceId); + ASSERT_EFI_ERROR(Status); + DEBUG ((DEBUG_INFO, "PCI Info - %04x:%04x\n", PciVendorId, PciDeviceId)); +#endif + + CopyMem (DeviceSecurityPolicy, &mDeviceSecurityPolicyFull, sizeof(EDKII_DEVICE_SECURITY_POLICY)); + + return EFI_SUCCESS; +} + +/** + This function sets the device state based upon the authentication result. + + The device security driver may call this interface to give the platform + a notify based upon the measurement or authentication result. + If the authentication or measurement fails, the platform may choose: + 1) Do nothing. + 2) Disable this device or slot temporarily and continue boot. + 3) Reset the platform and retry again. + 4) Disable this device or slot permanently. + 5) Any other platform specific action. + + @param[in] This The protocol instance pointer. + @param[in] DeviceId The Identifier for the device. + @param[in] DeviceSecurityState The Device Security state associated with the device. + + @retval EFI_SUCCESS The device state is set + @retval EFI_UNSUPPORTED The function is unsupported for the specific Device. +**/ +EFI_STATUS +EFIAPI +NotifyDeviceState ( + IN EDKII_DEVICE_SECURITY_POLICY_PPI *This, + IN EDKII_DEVICE_IDENTIFIER *DeviceId, + IN EDKII_DEVICE_SECURITY_STATE *DeviceSecurityState + ) +{ + DEBUG((DEBUG_ERROR, ">>>>>>>>>> NotifyDeviceState!!!\n")); +#if 0 + EFI_STATUS Status; + EFI_PCI_IO_PROTOCOL *PciIo; + UINT16 PciVendorId; + UINT16 PciDeviceId; + UINTN Segment; + UINTN Bus; + UINTN Device; + UINTN Function; + + DEBUG ((DEBUG_INFO, "NotifyDeviceState - 0x%g\n", &DeviceId->DeviceType)); + + if (!CompareGuid (&DeviceId->DeviceType, &gEdkiiDeviceIdentifierTypePciGuid)) { + return EFI_SUCCESS; + } + + Status = gBS->HandleProtocol ( + DeviceId->DeviceHandle, + &gEdkiiDeviceIdentifierTypePciGuid, + (VOID **)&PciIo + ); + if (EFI_ERROR(Status)) { + DEBUG ((DEBUG_ERROR, "Locate - DeviceIdentifierTypePci - %r\n", Status)); + return EFI_SUCCESS; + } + + Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16, PCI_VENDOR_ID_OFFSET, 1, &PciVendorId); + ASSERT_EFI_ERROR(Status); + Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16, PCI_DEVICE_ID_OFFSET, 1, &PciDeviceId); + ASSERT_EFI_ERROR(Status); + DEBUG ((DEBUG_INFO, "PCI Info - %04x:%04x\n", PciVendorId, PciDeviceId)); + + Status = PciIo->GetLocation ( + PciIo, + &Segment, + &Bus, + &Device, + &Function + ); + if (!EFI_ERROR(Status)) { + DEBUG ((DEBUG_INFO, "PCI Loc - %04x:%02x:%02x:%02x\n", + Segment, Bus, Device, Function)); + } + + DEBUG ((DEBUG_INFO, "State - Measurement - 0x%08x, Authentication - 0x%08x\n", + DeviceSecurityState->MeasurementState, + DeviceSecurityState->AuthenticationState + )); +#endif + + return EFI_SUCCESS; +} + +EDKII_DEVICE_SECURITY_POLICY_PPI mDeviceSecurityPolicyPpi = { + EDKII_DEVICE_SECURITY_POLICY_PPI_REVISION, + GetDevicePolicy, + NotifyDeviceState +}; + +EFI_PEI_PPI_DESCRIPTOR mDeviceSecurityPolicyPpiList = { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gEdkiiDeviceSecurityPolicyPpiGuid, + &mDeviceSecurityPolicyPpi +}; + +/** + Entrypoint of the device security driver. + + @param[in] ImageHandle ImageHandle of the loaded driver + @param[in] SystemTable Pointer to the System Table + + @retval EFI_SUCCESS The Protocol is installed. + @retval EFI_OUT_OF_RESOURCES Not enough resources available to initialize driver. + @retval EFI_DEVICE_ERROR A device error occurred attempting to initialize the driver. + +**/ +EFI_STATUS +EFIAPI +MainEntryPoint ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + EFI_STATUS Status; + + Status = PeiServicesInstallPpi (&mDeviceSecurityPolicyPpiList); + ASSERT_EFI_ERROR (Status); + + return Status; +} diff --git a/DeviceSecurityTestPkg/TestPei/DeviceSecurityPolicyStubPei/DeviceSecurityPolicyStubPei.inf b/DeviceSecurityTestPkg/TestPei/DeviceSecurityPolicyStubPei/DeviceSecurityPolicyStubPei.inf new file mode 100644 index 00000000000..28576602cf7 --- /dev/null +++ b/DeviceSecurityTestPkg/TestPei/DeviceSecurityPolicyStubPei/DeviceSecurityPolicyStubPei.inf @@ -0,0 +1,38 @@ +## @file +# EDKII Device Security Policy Stub +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = DeviceSecurityPolicyStubPei + FILE_GUID = 335A4EFD-0DA9-4B5A-8C28-ECB9EB830C7C + MODULE_TYPE = PEIM + VERSION_STRING = 1.0 + ENTRY_POINT = MainEntryPoint + +[Sources] + DeviceSecurityPolicyStubPei.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + DeviceSecurityTestPkg/DeviceSecurityTestPkg.dec + +[LibraryClasses] + PeimEntryPoint + PeiServicesLib + PeiServicesTablePointerLib + MemoryAllocationLib + BaseMemoryLib + PrintLib + DebugLib + +[Ppis] + gEdkiiDeviceSecurityPolicyPpiGuid ## PRODUCES + +[Depex] + TRUE diff --git a/DeviceSecurityTestPkg/TestPei/PciIoStubPei/PciIoStubPei.c b/DeviceSecurityTestPkg/TestPei/PciIoStubPei/PciIoStubPei.c new file mode 100644 index 00000000000..c1881802ecb --- /dev/null +++ b/DeviceSecurityTestPkg/TestPei/PciIoStubPei/PciIoStubPei.c @@ -0,0 +1,347 @@ +/** @file + EDKII PciIo Stub + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include + +UINT8 *mPciDeviceBuffer; + +EFI_STATUS +EFIAPI +PciStubCfg2Read ( + IN CONST EFI_PEI_SERVICES **PeiServices, + IN CONST EFI_PEI_PCI_CFG2_PPI *This, + IN EFI_PEI_PCI_CFG_PPI_WIDTH Width, + IN UINT64 Address, + IN OUT VOID *Buffer + ) +{ + return EFI_SUCCESS; +} + +EFI_STATUS +EFIAPI +PciStubCfg2Write ( + IN CONST EFI_PEI_SERVICES **PeiServices, + IN CONST EFI_PEI_PCI_CFG2_PPI *This, + IN EFI_PEI_PCI_CFG_PPI_WIDTH Width, + IN UINT64 Address, + IN OUT VOID *Buffer + ) +{ + return EFI_SUCCESS; +} + +EFI_STATUS +EFIAPI +PciStubCfg2Modify ( + IN CONST EFI_PEI_SERVICES **PeiServices, + IN CONST EFI_PEI_PCI_CFG2_PPI *This, + IN EFI_PEI_PCI_CFG_PPI_WIDTH Width, + IN UINT64 Address, + IN VOID *SetBits, + IN VOID *ClearBits + ) +{ + return EFI_SUCCESS; +} + +UINT8 mPciConfigTemplate[]= { +0x86, 0x80, 0x60, 0x0b, 0x46, 0x01, 0x10, 0x00, 0x00, 0x02, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00, // 00000000 +0x04, 0x00, 0x10, 0x93, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000010 +0x04, 0x00, 0x00, 0x93, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x86, 0x80, 0x00, 0x00, // 00000020 +0x00, 0x00, 0xff, 0xff, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x01, 0x00, 0x00, // 00000030 +0x01, 0x50, 0x03, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000040 +0x11, 0x60, 0x87, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000050 +0x10, 0xa0, 0x02, 0x00, 0x22, 0x8c, 0x00, 0x10, 0x37, 0x29, 0x09, 0x00, 0x44, 0x8c, 0x45, 0x00, // 00000060 +0x02, 0x00, 0x43, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000070 +0x00, 0x00, 0x00, 0x00, 0x1f, 0x08, 0x31, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1e, 0x00, 0x00, 0x00, // 00000080 +0x04, 0x00, 0x1f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000090 +0x05, 0xc0, 0x8a, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000000a0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000000b0 +0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000000c0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000000d0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000000e0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000000f0 +0x01, 0x00, 0x02, 0x15, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x30, 0x20, 0x06, 0x00, // 00000100 +0x00, 0x20, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0xa0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000110 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000120 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000130 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000140 +0x02, 0x00, 0x01, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000150 +0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000160 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000170 +0x04, 0x00, 0x01, 0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000180 +0x0e, 0x00, 0x01, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000190 +0x10, 0x00, 0x01, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x20, 0x00, // 000001a0 +0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x60, 0x0b, 0xff, 0xff, 0x00, 0x00, // 000001b0 +0x01, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000001c0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000001d0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000001e0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000001f0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000200 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000210 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000220 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000230 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000240 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000250 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000260 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000270 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000280 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000290 +0x19, 0x00, 0x01, 0x2d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x27, 0x00, 0x27, // 000002a0 +0x00, 0x27, 0x00, 0x27, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000002b0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000002c0 +0x18, 0x00, 0x01, 0x32, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000002d0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000002e0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000002f0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000300 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000310 +0x25, 0x00, 0x01, 0x33, 0x01, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000320 +0x26, 0x00, 0x01, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000330 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000340 +0xf0, 0xf0, 0xf0, 0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000350 +0x27, 0x00, 0x01, 0x45, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000360 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000370 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000380 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000390 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000003a0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000003b0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000003c0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000003d0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000003e0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000003f0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000400 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000410 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000420 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000430 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000440 +0x1b, 0x00, 0x01, 0x46, 0x06, 0x1f, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000450 +0x23, 0x00, 0x01, 0x70, 0x86, 0x80, 0x01, 0x07, 0x3e, 0x00, 0x01, 0x03, 0x0b, 0x00, 0x03, 0x00, // 00000460 * +0x92, 0x97, 0xb5, 0x98, 0xbb, 0x23, 0x87, 0x68, 0x74, 0x25, 0x80, 0x75, 0xe5, 0x65, 0xe5, 0xa6, // 00000470 +0x07, 0x3b, 0x01, 0xbd, 0x62, 0x6f, 0x8d, 0xa7, 0x76, 0x7f, 0x05, 0x24, 0xe5, 0x3d, 0x32, 0xfd, // 00000480 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000490 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000004a0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000004b0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000004c0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000004d0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000004e0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000004f0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000500 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000510 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000520 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000530 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000540 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000550 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000560 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000570 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000580 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000590 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000005a0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000005b0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000005c0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000005d0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000005e0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000005f0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000600 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000610 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000620 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000630 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000640 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000650 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000660 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000670 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000680 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000690 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000006a0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000006b0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000006c0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000006d0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000006e0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000006f0 +0x1e, 0x00, 0x01, 0x00, 0x1f, 0x00, 0x28, 0x00, 0x00, 0x00, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, // 00000700 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000710 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000720 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000730 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000740 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000750 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000760 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000770 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000780 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000790 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000007a0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000007b0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000007c0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000007d0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000007e0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000007f0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000800 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000810 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000820 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000830 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000840 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000850 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000860 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000870 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000880 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000890 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000008a0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000008b0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000008c0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000008d0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000008e0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000008f0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000900 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000910 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000920 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000930 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000940 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000950 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000960 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000970 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000980 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000990 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000009a0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000009b0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000009c0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000009d0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000009e0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 000009f0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a00 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a10 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a20 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a30 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a40 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a50 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a60 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a70 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a80 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000a90 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000aa0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ab0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ac0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ad0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ae0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000af0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b00 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b10 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b20 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b30 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b40 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b50 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b60 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b70 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b80 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000b90 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ba0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000bb0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000bc0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000bd0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000be0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000bf0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c00 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c10 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c20 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c30 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c40 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c50 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c60 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c70 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c80 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000c90 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ca0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000cb0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000cc0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000cd0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ce0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000cf0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d00 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d10 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d20 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d30 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d40 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d50 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d60 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d70 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d80 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000d90 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000da0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000db0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000dc0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000dd0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000de0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000df0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e00 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e10 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e20 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e30 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e40 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e50 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e60 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e70 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e80 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000e90 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ea0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000eb0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ec0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ed0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ee0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ef0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f00 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f10 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f20 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f30 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f40 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f50 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f60 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f70 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f80 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000f90 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000fa0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000fb0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000fc0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000fd0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000fe0 +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 00000ff0 +}; + +EFI_PEI_PCI_CFG2_PPI gPciCfg2Ppi = { + PciStubCfg2Read, + PciStubCfg2Write, + PciStubCfg2Modify, + 0 +}; + +EFI_PEI_PPI_DESCRIPTOR gPciCfg2PpiList = { + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), + &gEfiPciCfg2PpiGuid, + &gPciCfg2Ppi +}; + +EFI_HANDLE mPciIoHandle; + +EFI_STATUS +EFIAPI +MainEntryPoint ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + EFI_STATUS Status; + + (**(EFI_PEI_SERVICES **)PeiServices).PciCfg = &gPciCfg2Ppi; + Status = PeiServicesInstallPpi (&gPciCfg2PpiList); + ASSERT_EFI_ERROR (Status); + + return Status; +} \ No newline at end of file diff --git a/DeviceSecurityTestPkg/TestPei/PciIoStubPei/PciIoStubPei.inf b/DeviceSecurityTestPkg/TestPei/PciIoStubPei/PciIoStubPei.inf new file mode 100644 index 00000000000..d2bab951595 --- /dev/null +++ b/DeviceSecurityTestPkg/TestPei/PciIoStubPei/PciIoStubPei.inf @@ -0,0 +1,37 @@ +## @file +# EDKII PciIo Stub +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = PciIoStubPei + FILE_GUID = 534BA618-26D8-4835-B916-79AEEAB29D17 + MODULE_TYPE = PEIM + VERSION_STRING = 1.0 + ENTRY_POINT = MainEntryPoint + +[Sources] + PciIoStubPei.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + PeiServicesLib + PeiServicesTablePointerLib + PeimEntryPoint + MemoryAllocationLib + BaseMemoryLib + PrintLib + DebugLib + +[Ppis] + gEfiPciCfg2PpiGuid ## PRODUCES + +[Depex] + TRUE diff --git a/DeviceSecurityTestPkg/TestPei/SpdmDeviceSecretLibTestStubPei/SpdmDeviceSecretLibTestStubPei.c b/DeviceSecurityTestPkg/TestPei/SpdmDeviceSecretLibTestStubPei/SpdmDeviceSecretLibTestStubPei.c new file mode 100644 index 00000000000..2872c11fcd4 --- /dev/null +++ b/DeviceSecurityTestPkg/TestPei/SpdmDeviceSecretLibTestStubPei/SpdmDeviceSecretLibTestStubPei.c @@ -0,0 +1,310 @@ +/** +@file +UEFI OS based application. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define MEASUREMENT_BLOCK_NUMBER 5 +#define MEASUREMENT_MANIFEST_SIZE 128 + +#define TEST_PSK_DATA_STRING "TestPskData" +#define TEST_PSK_HINT_STRING "TestPskHint" + +/** + Collect the device measurement. + + @param MeasurementSpecification Indicates the measurement specification. + It must align with MeasurementSpecification (SPDM_MEASUREMENT_BLOCK_HEADER_SPECIFICATION_*) + @param MeasurementHashAlgo Indicates the measurement hash algorithm. + It must align with MeasurementHashAlgo (SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_*) + @param DeviceMeasurementCount The count of the device measurement block. + @param DeviceMeasurement A pointer to a destination buffer to store the concatenation of all device measurement blocks. + @param DeviceMeasurementSize On input, indicates the size in bytes of the destination buffer. + On output, indicates the size in bytes of all device measurement blocks in the buffer. + + @retval TRUE the device measurement collection success and measurement is returned. + @retval FALSE the device measurement collection fail. +**/ +BOOLEAN +EFIAPI +SpdmMeasurementCollectionFunc ( + IN UINT8 MeasurementSpecification, + IN UINT32 MeasurementHashAlgo, + OUT UINT8 *DeviceMeasurementCount, + OUT VOID *DeviceMeasurement, + IN OUT UINTN *DeviceMeasurementSize + ) +{ + SPDM_MEASUREMENT_BLOCK_DMTF *MeasurementBlock; + UINTN HashSize; + UINT8 Index; + UINT8 Data[MEASUREMENT_MANIFEST_SIZE]; + UINTN TotalSize; + + ASSERT (MeasurementSpecification == SPDM_MEASUREMENT_SPECIFICATION_DMTF); + + HashSize = GetSpdmMeasurementHashSize (MeasurementHashAlgo); + + *DeviceMeasurementCount = MEASUREMENT_BLOCK_NUMBER; + TotalSize = (MEASUREMENT_BLOCK_NUMBER - 1) * (sizeof(SPDM_MEASUREMENT_BLOCK_DMTF) + HashSize) + + (sizeof(SPDM_MEASUREMENT_BLOCK_DMTF) + sizeof(Data)); + ASSERT (*DeviceMeasurementSize >= TotalSize); + *DeviceMeasurementSize = TotalSize; + + MeasurementBlock = DeviceMeasurement; + for (Index = 0; Index < MEASUREMENT_BLOCK_NUMBER; Index++) { + MeasurementBlock->Measurement_block_common_header.index = Index + 1; + MeasurementBlock->Measurement_block_common_header.measurement_specification = SPDM_MEASUREMENT_SPECIFICATION_DMTF; + if (Index < 4) { + MeasurementBlock->Measurement_block_dmtf_header.dmtf_spec_measurement_value_type = Index; + MeasurementBlock->Measurement_block_dmtf_header.dmtf_spec_measurement_value_size = (UINT16)HashSize; + } else { + MeasurementBlock->Measurement_block_dmtf_header.dmtf_spec_measurement_value_type = Index | SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_RAW_BIT_STREAM; + MeasurementBlock->Measurement_block_dmtf_header.dmtf_spec_measurement_value_size = (UINT16)sizeof(Data); + } + MeasurementBlock->Measurement_block_common_header.measurement_size = (UINT16)(sizeof(SPDM_MEASUREMENT_BLOCK_DMTF_HEADER) + + MeasurementBlock->Measurement_block_dmtf_header.dmtf_spec_measurement_value_size); + SetMem (Data, sizeof(Data), (UINT8)(Index + 1)); + if (Index < 4) { + SpdmMeasurementHashAll (MeasurementHashAlgo, Data, sizeof(Data), (VOID *)(MeasurementBlock + 1)); + MeasurementBlock = (VOID *)((UINT8 *)MeasurementBlock + sizeof(SPDM_MEASUREMENT_BLOCK_DMTF) + HashSize); + } else { + CopyMem ((VOID *)(MeasurementBlock + 1), Data, sizeof(Data)); + break; + } + } + + return TRUE; +} + +/** + Sign an SPDM message data. + + @param ReqBaseAsymAlg Indicates the signing algorithm. + @param BaseHashAlgo Indicates the hash algorithm. + @param MessageHash A pointer to a message hash to be signed. + @param HashSize The size in bytes of the message hash to be signed. + @param Signature A pointer to a destination buffer to store the signature. + @param SigSize On input, indicates the size in bytes of the destination buffer to store the signature. + On output, indicates the size in bytes of the signature in the buffer. + + @retval TRUE signing success. + @retval FALSE signing fail. +**/ +BOOLEAN +EFIAPI +SpdmRequesterDataSignFunc ( + IN UINT16 ReqBaseAsymAlg, + IN UINT32 BaseHashAlgo, + IN CONST UINT8 *MessageHash, + IN UINTN HashSize, + OUT UINT8 *Signature, + IN OUT UINTN *SigSize + ) +{ + return FALSE; +} + +/** + Sign an SPDM message data. + + @param BaseAsymAlgo Indicates the signing algorithm. + @param BaseHashAlgo Indicates the hash algorithm. + @param MessageHash A pointer to a message hash to be signed. + @param HashSize The size in bytes of the message hash to be signed. + @param Signature A pointer to a destination buffer to store the signature. + @param SigSize On input, indicates the size in bytes of the destination buffer to store the signature. + On output, indicates the size in bytes of the signature in the buffer. + + @retval TRUE signing success. + @retval FALSE signing fail. +**/ +BOOLEAN +EFIAPI +SpdmResponderDataSignFunc ( + IN UINT32 BaseAsymAlgo, + IN UINT32 BaseHashAlgo, + IN CONST UINT8 *MessageHash, + IN UINTN HashSize, + OUT UINT8 *Signature, + IN OUT UINTN *SigSize + ) +{ + EFI_STATUS Status; + VOID *Context; + VOID *PrivatePem; + UINTN PrivatePemSize; + BOOLEAN Result; + EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi; + + Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **) &VariablePpi); + ASSERT_EFI_ERROR (Status); + + PrivatePemSize = 2048; + PrivatePem = AllocateZeroPool (PrivatePemSize); + Status = VariablePpi->GetVariable ( + VariablePpi, + L"PrivDevKey", + &gEfiDeviceSignatureDatabaseGuid, + NULL, + &PrivatePemSize, + (VOID *)PrivatePem + ); + if (EFI_ERROR(Status)) { + return FALSE; + } + + Result = SpdmAsymGetPrivateKeyFromPem (BaseAsymAlgo, PrivatePem, PrivatePemSize, NULL, &Context); + if (!Result) { + return FALSE; + } + Result = SpdmAsymSign ( + BaseAsymAlgo, + BaseHashAlgo, + Context, + MessageHash, + HashSize, + Signature, + SigSize + ); + SpdmAsymFree (BaseAsymAlgo, Context); + FreePool (PrivatePem); + + return Result; +} + +UINT8 mMyZeroFilledBuffer[64]; +UINT8 gBinStr0[0x12] = { + 0x00, 0x00, // Length - To be filled + 0x73, 0x70, 0x64, 0x6d, 0x31, 0x2e, 0x31, 0x00, // Version: 'spdm1.1/0' + 0x64, 0x65, 0x72, 0x69, 0x76, 0x65, 0x64, 0x00, // label: 'derived/0' + }; + +/** + Derive HMAC-based Expand Key Derivation Function (HKDF) Expand, based upon the negotiated HKDF algorithm. + + @param BaseHashAlgo Indicates the hash algorithm. + @param PskHint Pointer to the user-supplied PSK Hint. + @param PskHintSize PSK Hint size in bytes. + @param Info Pointer to the application specific info. + @param InfoSize Info size in bytes. + @param Out Pointer to buffer to receive hkdf value. + @param OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. +**/ +BOOLEAN +EFIAPI +SpdmPskHandshakeSecretHkdfExpandFunc ( + IN UINT32 BaseHashAlgo, + IN CONST UINT8 *PskHint, OPTIONAL + IN UINTN PskHintSize, OPTIONAL + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + VOID *Psk; + UINTN PskSize; + UINTN HashSize; + BOOLEAN Result; + UINT8 HandshakeSecret[64]; + + Psk = TEST_PSK_DATA_STRING; + PskSize = sizeof(TEST_PSK_DATA_STRING); + + HashSize = GetSpdmHashSize (BaseHashAlgo); + + Result = SpdmHmacAll (BaseHashAlgo, mMyZeroFilledBuffer, HashSize, Psk, PskSize, HandshakeSecret); + if (!Result) { + return Result; + } + + Result = SpdmHkdfExpand (BaseHashAlgo, HandshakeSecret, HashSize, Info, InfoSize, Out, OutSize); + ZeroMem (HandshakeSecret, HashSize); + + return Result; +} + +/** + Derive HMAC-based Expand Key Derivation Function (HKDF) Expand, based upon the negotiated HKDF algorithm. + + @param BaseHashAlgo Indicates the hash algorithm. + @param PskHint Pointer to the user-supplied PSK Hint. + @param PskHintSize PSK Hint size in bytes. + @param Info Pointer to the application specific info. + @param InfoSize Info size in bytes. + @param Out Pointer to buffer to receive hkdf value. + @param OutSize Size of hkdf bytes to generate. + + @retval TRUE Hkdf generated successfully. + @retval FALSE Hkdf generation failed. +**/ +BOOLEAN +EFIAPI +SpdmPskMasterSecretHkdfExpandFunc ( + IN UINT32 BaseHashAlgo, + IN CONST UINT8 *PskHint, OPTIONAL + IN UINTN PskHintSize, OPTIONAL + IN CONST UINT8 *Info, + IN UINTN InfoSize, + OUT UINT8 *Out, + IN UINTN OutSize + ) +{ + VOID *Psk; + UINTN PskSize; + UINTN HashSize; + BOOLEAN Result; + UINT8 HandshakeSecret[64]; + UINT8 Salt1[64]; + UINT8 MasterSecret[64]; + + Psk = TEST_PSK_DATA_STRING; + PskSize = sizeof(TEST_PSK_DATA_STRING); + + HashSize = GetSpdmHashSize (BaseHashAlgo); + + Result = SpdmHmacAll (BaseHashAlgo, mMyZeroFilledBuffer, HashSize, Psk, PskSize, HandshakeSecret); + if (!Result) { + return Result; + } + + *(UINT16 *)gBinStr0 = (UINT16)HashSize; + Result = SpdmHkdfExpand (BaseHashAlgo, HandshakeSecret, HashSize, gBinStr0, sizeof(gBinStr0), Salt1, HashSize); + ZeroMem (HandshakeSecret, HashSize); + if (!Result) { + return Result; + } + + Result = SpdmHmacAll (BaseHashAlgo, Salt1, HashSize, mMyZeroFilledBuffer, HashSize, MasterSecret); + ZeroMem (Salt1, HashSize); + if (!Result) { + return Result; + } + + Result = SpdmHkdfExpand (BaseHashAlgo, MasterSecret, HashSize, Info, InfoSize, Out, OutSize); + ZeroMem (MasterSecret, HashSize); + + return Result; +} + diff --git a/DeviceSecurityTestPkg/TestPei/SpdmDeviceSecretLibTestStubPei/SpdmDeviceSecretLibTestStubPei.inf b/DeviceSecurityTestPkg/TestPei/SpdmDeviceSecretLibTestStubPei/SpdmDeviceSecretLibTestStubPei.inf new file mode 100644 index 00000000000..7005ccb25a6 --- /dev/null +++ b/DeviceSecurityTestPkg/TestPei/SpdmDeviceSecretLibTestStubPei/SpdmDeviceSecretLibTestStubPei.inf @@ -0,0 +1,38 @@ +## @file +# SPDM library. +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SpdmDeviceSecretLibTestStubPei + FILE_GUID = 28E72687-9C36-4A73-B001-B255C231D1AD + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = SpdmDeviceSecretLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 AARCH64 +# + +[Sources] + SpdmDeviceSecretLibTestStubPei.c + +[Packages] + MdePkg/MdePkg.dec + DeviceSecurityTestPkg/DeviceSecurityTestPkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + SpdmCryptLib + diff --git a/DeviceSecurityTestPkg/TestPei/SpdmStubPei/SpdmDeviceIo.c b/DeviceSecurityTestPkg/TestPei/SpdmStubPei/SpdmDeviceIo.c new file mode 100644 index 00000000000..fbbe5bfdebc --- /dev/null +++ b/DeviceSecurityTestPkg/TestPei/SpdmStubPei/SpdmDeviceIo.c @@ -0,0 +1,34 @@ +/** @file + EDKII Device Security library for SPDM device. + It follows the SPDM Specification. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "SpdmStubPei.h" + +RETURN_STATUS +EFIAPI +SpdmDeviceSendMessage ( + IN VOID *SpdmContext, + IN UINTN MessageSize, + IN VOID *Message, + IN UINT64 Timeout + ) +{ + return RETURN_SUCCESS; +} + +RETURN_STATUS +EFIAPI +SpdmDeviceReceiveMessage ( + IN VOID *SpdmContext, + IN OUT UINTN *MessageSize, + IN OUT VOID *Message, + IN UINT64 Timeout + ) +{ + return RETURN_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/TestPei/SpdmStubPei/SpdmStubPei.c b/DeviceSecurityTestPkg/TestPei/SpdmStubPei/SpdmStubPei.c new file mode 100644 index 00000000000..7aefa184dc7 --- /dev/null +++ b/DeviceSecurityTestPkg/TestPei/SpdmStubPei/SpdmStubPei.c @@ -0,0 +1,217 @@ +/** @file + EDKII SpdmIo Stub + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "SpdmStubPei.h" + +#define SLOT_NUMBER 2 + +SPDM_MESSAGE_HEADER *mSpdmIoLastSpdmRequest; +UINTN mSpdmIoLastSpdmRequestSize; + +EFI_STATUS +EFIAPI +SpdmIoSendMessage ( + IN SPDM_IO_PPI *This, + IN UINTN MessageSize, + IN VOID *Message, + IN UINT64 Timeout + ) +{ + SPDM_TEST_DEVICE_CONTEXT *SpdmTestContext; + VOID *SpdmContext; + + SpdmTestContext = SPDM_TEST_DEVICE_CONTEXT_FROM_SPDM_IO_PROTOCOL(This); + SpdmContext = SpdmTestContext->SpdmContext; + + if (Message == NULL) { + return EFI_INVALID_PARAMETER; + } + if (MessageSize == 0) { + return EFI_INVALID_PARAMETER; + } + if (mSpdmIoLastSpdmRequest != NULL) { + FreePool (mSpdmIoLastSpdmRequest); + mSpdmIoLastSpdmRequest = NULL; + } + + mSpdmIoLastSpdmRequestSize = MessageSize; + mSpdmIoLastSpdmRequest = AllocateCopyPool (MessageSize, Message); + + return EFI_SUCCESS; +} + +EFI_STATUS +EFIAPI +SpdmIoReceiveMessage ( + IN SPDM_IO_PPI *This, + IN OUT UINTN *MessageSize, + OUT VOID *Message, + IN UINT64 Timeout + ) +{ + SPDM_TEST_DEVICE_CONTEXT *SpdmTestContext; + VOID *SpdmContext; + UINT32 *SessionId; + + SpdmTestContext = SPDM_TEST_DEVICE_CONTEXT_FROM_SPDM_IO_PROTOCOL(This); + SpdmContext = SpdmTestContext->SpdmContext; + + SessionId = NULL; + return SpdmProcessMessage (SpdmContext, &SessionId, mSpdmIoLastSpdmRequest, mSpdmIoLastSpdmRequestSize, Message, MessageSize); +} + +SPDM_TEST_DEVICE_CONTEXT mSpdmTestDeviceContext = { + SPDM_TEST_DEVICE_CONTEXT_SIGNATURE, + NULL, + { + SpdmIoSendMessage, + SpdmIoReceiveMessage, + }, +}; + +EFI_PEI_PPI_DESCRIPTOR mSpdmIoPpiList = { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gSpdmIoPpiGuid, + &mSpdmTestDeviceContext.SpdmIoPpi +}; + +EFI_STATUS +EFIAPI +MainEntryPoint ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + EFI_STATUS Status; + UINT8 Index; + VOID *CertChain; + UINTN CertChainSize; + EFI_SIGNATURE_LIST *SignatureList; + UINTN SignatureListSize; + VOID *SpdmContext; + SPDM_DATA_PARAMETER Parameter; + UINT8 Data8; + UINT16 Data16; + UINT32 Data32; + BOOLEAN HasRspPubCert; + BOOLEAN HasRspPrivKey; + EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi; + UINTN SpdmContextSize; + BOOLEAN IsRequrester; + + SpdmContextSize = SpdmGetContextSize(); + DEBUG ((DEBUG_INFO, "SpdmContextSize - 0x%x\n", SpdmContextSize)); + SpdmContext = AllocatePages (EFI_SIZE_TO_PAGES(SpdmContextSize)); + ASSERT(SpdmContext != NULL); + SpdmInitContext (SpdmContext); + mSpdmTestDeviceContext.SpdmContext = SpdmContext; + SpdmRegisterDeviceIoFunc (SpdmContext, SpdmDeviceSendMessage, SpdmDeviceReceiveMessage); + SpdmRegisterTransportLayerFunc (SpdmContext, + SPDM_MAX_SPDM_MSG_SIZE, + SPDM_TRANSPORT_HEADER_SIZE, + SPDM_TRANSPORT_TAIL_SIZE, + SpdmTransportMctpEncodeMessage, SpdmTransportMctpDecodeMessage); +// SpdmRegisterTransportLayerFunc (SpdmContext, SPDM_MAX_SPDM_MSG_SIZE, SpdmTransportPciDoeEncodeMessage, SpdmTransportPciDoeDecodeMessage); + + Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **) &VariablePpi); + ASSERT_EFI_ERROR (Status); + + //SignatureListSize = sizeof (EFI_SIGNATURE_LIST); + SignatureListSize = 1024; + SignatureList = AllocateZeroPool (SignatureListSize); + Status = VariablePpi->GetVariable ( + VariablePpi, + EFI_DEVICE_SECURITY_DATABASE, + &gEfiDeviceSignatureDatabaseGuid, + NULL, + &SignatureListSize, + SignatureList + ); + if (!EFI_ERROR(Status)) { + HasRspPubCert = TRUE; + // BUGBUG: Assume only 1 SPDM cert. + ASSERT (CompareGuid (&SignatureList->SignatureType, &gEdkiiCertSpdmCertChainGuid)); + ASSERT (SignatureList->SignatureListSize == SignatureList->SignatureListSize); + ASSERT (SignatureList->SignatureHeaderSize == 0); + ASSERT (SignatureList->SignatureSize == SignatureList->SignatureListSize - (sizeof(EFI_SIGNATURE_LIST) + SignatureList->SignatureHeaderSize)); + CertChain = (VOID *)((UINT8 *)SignatureList + + sizeof(EFI_SIGNATURE_LIST) + + SignatureList->SignatureHeaderSize + + sizeof(EFI_GUID)); + CertChainSize = SignatureList->SignatureSize - sizeof(EFI_GUID); + + ZeroMem (&Parameter, sizeof(Parameter)); + Parameter.location = SpdmDataLocationLocal; + + for (Index = 0; Index < SLOT_NUMBER; Index++) { + Parameter.additional_data[0] = Index; + SpdmSetData (SpdmContext, SpdmDataLocalPublicCertChain, &Parameter, CertChain, CertChainSize); + } + // do not free it + } else { + HasRspPubCert = FALSE; + } + + HasRspPrivKey = TRUE; + + Data32 = SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP | + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP | +// SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_NO_SIG | + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG | + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCRYPT_CAP | + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MAC_CAP | +// SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MUT_AUTH_CAP | + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP | +// SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP_RESPONDER | + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP_RESPONDER_WITH_CONTEXT | + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCAP_CAP | + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HBEAT_CAP | + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_UPD_CAP | + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP | +// SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PUB_KEY_ID_CAP | + 0; + if (!HasRspPubCert) { + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP; + } else { + Data32 |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP; + } + if (!HasRspPrivKey) { + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP; + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG; + Data32 |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_NO_SIG; + } else { + Data32 |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP; + Data32 |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG; + Data32 &= ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_NO_SIG; + } + SpdmSetData (SpdmContext, SpdmDataCapabilityFlags, &Parameter, &Data32, sizeof(Data32)); + + Data8 = SPDM_MEASUREMENT_SPECIFICATION_DMTF; + SpdmSetData (SpdmContext, SpdmDataMeasurementSpec, &Parameter, &Data8, sizeof(Data8)); + Data32 = SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA_256; + SpdmSetData (SpdmContext, SpdmDataMeasurementHashAlgo, &Parameter, &Data32, sizeof(Data32)); + Data32 = SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048; + SpdmSetData (SpdmContext, SpdmDataBaseAsymAlgo, &Parameter, &Data32, sizeof(Data32)); + Data32 = SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256; + SpdmSetData (SpdmContext, SpdmDataBaseHashAlgo, &Parameter, &Data32, sizeof(Data32)); + Data16 = SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_2048; + SpdmSetData (SpdmContext, SpdmDataDHENameGroup, &Parameter, &Data16, sizeof(Data16)); + Data16 = SPDM_ALGORITHMS_KEY_SCHEDULE_HMAC_HASH; + SpdmSetData (SpdmContext, SpdmDataAEADCipherSuite, &Parameter, &Data16, sizeof(Data16)); + Data16 = SPDM_ALGORITHMS_KEY_SCHEDULE_HMAC_HASH; + SpdmSetData (SpdmContext, SpdmDataKeySchedule, &Parameter, &Data16, sizeof(Data16)); + IsRequrester = FALSE; + SpdmSetData (SpdmContext, LIBSPDM_DATA_IS_REQUESTER, &Parameter, &IsRequrester, sizeof (IsRequrester)); + + Status = PeiServicesInstallPpi (&mSpdmIoPpiList); + ASSERT_EFI_ERROR (Status); + + InitializeSpdmTest (&mSpdmTestDeviceContext); + + return EFI_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/TestPei/SpdmStubPei/SpdmStubPei.h b/DeviceSecurityTestPkg/TestPei/SpdmStubPei/SpdmStubPei.h new file mode 100644 index 00000000000..b2146e63572 --- /dev/null +++ b/DeviceSecurityTestPkg/TestPei/SpdmStubPei/SpdmStubPei.h @@ -0,0 +1,72 @@ +/** @file + EDKII SpdmIo Stub + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _SPDM_STUB_H_ +#define _SPDM_STUB_H_ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +typedef struct { + UINTN Signature; + EFI_HANDLE SpdmHandle; + SPDM_IO_PPI SpdmIoPpi; + SPDM_TEST_PPI SpdmTestPpi; + SPDM_TEST_PROCESS_PACKET_CALLBACK ProcessPacketCallback; + VOID *SpdmContext; +} SPDM_TEST_DEVICE_CONTEXT; + +#define SPDM_TEST_DEVICE_CONTEXT_SIGNATURE SIGNATURE_32 ('S', 'T', 'D', 'C') +#define SPDM_TEST_DEVICE_CONTEXT_FROM_SPDM_TEST_PROTOCOL(a) CR (a, SPDM_TEST_DEVICE_CONTEXT, SpdmTestPpi, SPDM_TEST_DEVICE_CONTEXT_SIGNATURE) +#define SPDM_TEST_DEVICE_CONTEXT_FROM_SPDM_IO_PROTOCOL(a) CR (a, SPDM_TEST_DEVICE_CONTEXT, SpdmIoPpi, SPDM_TEST_DEVICE_CONTEXT_SIGNATURE) + +VOID +InitializeSpdmTest ( + IN OUT SPDM_TEST_DEVICE_CONTEXT *SpdmTestDeviceContext + ); + +RETURN_STATUS +EFIAPI +SpdmDeviceSendMessage ( + IN VOID *SpdmContext, + IN UINTN MessageSize, + IN VOID *Message, + IN UINT64 Timeout + ); + +RETURN_STATUS +EFIAPI +SpdmDeviceReceiveMessage ( + IN VOID *SpdmContext, + IN OUT UINTN *MessageSize, + IN OUT VOID *Message, + IN UINT64 Timeout + ); + +extern EFI_HANDLE mSpdmHandle; + +#endif + diff --git a/DeviceSecurityTestPkg/TestPei/SpdmStubPei/SpdmStubPei.inf b/DeviceSecurityTestPkg/TestPei/SpdmStubPei/SpdmStubPei.inf new file mode 100644 index 00000000000..b9000af210f --- /dev/null +++ b/DeviceSecurityTestPkg/TestPei/SpdmStubPei/SpdmStubPei.inf @@ -0,0 +1,52 @@ +## @file +# EDKII SpdmIo Stub +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SpdmStubPei + FILE_GUID = 24A32307-378D-4E74-AA38-3A97D161310D + MODULE_TYPE = PEIM + VERSION_STRING = 1.0 + ENTRY_POINT = MainEntryPoint + +[Sources] + SpdmStubPei.c + SpdmStubPei.h + SpdmStubTestPei.c + SpdmDeviceIo.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + CryptoPkg/CryptoPkg.dec + DeviceSecurityTestPkg/DeviceSecurityTestPkg.dec + +[LibraryClasses] + PeiServicesLib + PeiServicesTablePointerLib + PeimEntryPoint + MemoryAllocationLib + BaseMemoryLib + PrintLib + DebugLib + RngLib + BaseCryptLib + SpdmResponderLib + SpdmTransportMctpLib + +[Guids] + gEfiDeviceSignatureDatabaseGuid ## CONSUMES + gEdkiiCertSpdmCertChainGuid ## CONSUMES + +[Ppis] + gEfiPeiReadOnlyVariable2PpiGuid ## CONSUMES + gSpdmIoPpiGuid ## PRODUCES + gSpdmTestPpiGuid ## PRODUCES + +[Depex] + gEfiPeiReadOnlyVariable2PpiGuid \ No newline at end of file diff --git a/DeviceSecurityTestPkg/TestPei/SpdmStubPei/SpdmStubTestPei.c b/DeviceSecurityTestPkg/TestPei/SpdmStubPei/SpdmStubTestPei.c new file mode 100644 index 00000000000..652366a1c6e --- /dev/null +++ b/DeviceSecurityTestPkg/TestPei/SpdmStubPei/SpdmStubTestPei.c @@ -0,0 +1,164 @@ +/** @file + EDKII SpdmIo Stub + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "SpdmStubPei.h" + +extern SPDM_TEST_DEVICE_CONTEXT mSpdmTestDeviceContext; + +EFI_STATUS +EFIAPI +SpdmGetResponseVendorDefinedRequest ( + IN VOID *SpdmContext, + IN UINT32 *SessionId, + IN BOOLEAN IsAppMessage, + IN UINTN RequestSize, + IN VOID *Request, + IN OUT UINTN *ResponseSize, + OUT VOID *Response + ) +{ + EFI_STATUS Status; + SPDM_TEST_DEVICE_CONTEXT *SpdmTestContext; + + SpdmTestContext = &mSpdmTestDeviceContext; + + if (SpdmTestContext->ProcessPacketCallback == NULL) { + SpdmGenerateErrorResponse (SpdmContext, SPDM_ERROR_CODE_INVALID_REQUEST, 0, ResponseSize, Response); + return EFI_SUCCESS; + } + + Status = SpdmTestContext->ProcessPacketCallback ( + Request, + RequestSize, + Response, + ResponseSize + ); + if (EFI_ERROR(Status)) { + SpdmGenerateErrorResponse (SpdmContext, SPDM_ERROR_CODE_INVALID_REQUEST, 0, ResponseSize, Response); + return EFI_SUCCESS; + } + + return EFI_SUCCESS; +} + +/** + Set a SPDM Session Data. + + @param This Indicates a pointer to the calling context. + @param DataType Type of the session data. + @param Data A pointer to the session data. + @param DataSize Size of the session data. + + @retval EFI_SUCCESS The SPDM session data is set successfully. + @retval EFI_INVALID_PARAMETER The Data is NULL or the DataType is zero. + @retval EFI_UNSUPPORTED The DataType is unsupported. + @retval EFI_ACCESS_DENIED The DataType cannot be set. + @retval EFI_NOT_READY Current session is not started. +**/ +EFI_STATUS +EFIAPI +SpdmTestPpiSetData ( + IN SPDM_TEST_PPI *This, + IN SPDM_DATA_TYPE DataType, + IN SPDM_DATA_PARAMETER *Parameter, + IN VOID *Data, + IN UINTN DataSize + ) +{ + VOID *SpdmContext; + SPDM_TEST_DEVICE_CONTEXT *SpdmTestContext; + + SpdmTestContext = SPDM_TEST_DEVICE_CONTEXT_FROM_SPDM_TEST_PROTOCOL(This); + SpdmContext = SpdmTestContext->SpdmContext; + + return SpdmSetData (SpdmContext, DataType, Parameter, Data, DataSize); +} + +/** + Get a SPDM Session Data. + + @param This Indicates a pointer to the calling context. + @param DataType Type of the session data. + @param Data A pointer to the session data. + @param DataSize Size of the session data. On input, it means the size of Data + buffer. On output, it means the size of copied Data buffer if + EFI_SUCCESS, and means the size of desired Data buffer if + EFI_BUFFER_TOO_SMALL. + + @retval EFI_SUCCESS The SPDM session data is set successfully. + @retval EFI_INVALID_PARAMETER The DataSize is NULL or the Data is NULL and *DataSize is not zero. + @retval EFI_UNSUPPORTED The DataType is unsupported. + @retval EFI_NOT_FOUND The DataType cannot be found. + @retval EFI_NOT_READY The DataType is not ready to return. + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data. +**/ +EFI_STATUS +EFIAPI +SpdmTestPpiGetData ( + IN SPDM_TEST_PPI *This, + IN SPDM_DATA_TYPE DataType, + IN SPDM_DATA_PARAMETER *Parameter, + IN OUT VOID *Data, + IN OUT UINTN *DataSize + ) +{ + VOID *SpdmContext; + SPDM_TEST_DEVICE_CONTEXT *SpdmTestContext; + + SpdmTestContext = SPDM_TEST_DEVICE_CONTEXT_FROM_SPDM_TEST_PROTOCOL(This); + SpdmContext = SpdmTestContext->SpdmContext; + + return SpdmGetData (SpdmContext, DataType, Parameter, Data, DataSize); +} + +/** + Register a callback function to process a packet in the current SPDM session. + + @param This Indicates a pointer to the calling context. + @param Callback Process packet callback function. + + @retval EFI_SUCCESS The SPDM callback is registered successfully. +**/ +EFI_STATUS +EFIAPI +SpdmTestPpiRegisterProcessPacketCallback ( + IN SPDM_TEST_PPI *This, + IN SPDM_TEST_PROCESS_PACKET_CALLBACK Callback + ) +{ + SPDM_TEST_DEVICE_CONTEXT *SpdmTestContext; + + SpdmTestContext = SPDM_TEST_DEVICE_CONTEXT_FROM_SPDM_TEST_PROTOCOL(This); + SpdmTestContext->ProcessPacketCallback = Callback; + return EFI_SUCCESS; +} + +VOID +InitializeSpdmTest ( + IN OUT SPDM_TEST_DEVICE_CONTEXT *SpdmTestDeviceContext + ) +{ + EFI_STATUS Status; + + EFI_PEI_PPI_DESCRIPTOR *SpdmTestPpiList; + + SpdmTestDeviceContext->SpdmTestPpi.SetData = SpdmTestPpiSetData; + SpdmTestDeviceContext->SpdmTestPpi.GetData = SpdmTestPpiGetData; + SpdmTestDeviceContext->SpdmTestPpi.RegisterProcessPacketCallback = SpdmTestPpiRegisterProcessPacketCallback; + + SpdmTestPpiList = AllocatePool (sizeof (EFI_PEI_PPI_DESCRIPTOR)); + ASSERT (SpdmTestPpiList != NULL); + + SpdmTestPpiList->Guid = &gSpdmTestPpiGuid; + SpdmTestPpiList->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST; + SpdmTestPpiList->Ppi = &SpdmTestDeviceContext->SpdmTestPpi; + Status = PeiServicesInstallPpi (SpdmTestPpiList); + ASSERT_EFI_ERROR (Status); + + SpdmRegisterGetResponseFunc (SpdmTestDeviceContext->SpdmContext, SpdmGetResponseVendorDefinedRequest); +} diff --git a/DeviceSecurityTestPkg/TestPei/TestSpdmPei/TestSpdmPei.c b/DeviceSecurityTestPkg/TestPei/TestSpdmPei/TestSpdmPei.c new file mode 100644 index 00000000000..35aeb541a65 --- /dev/null +++ b/DeviceSecurityTestPkg/TestPei/TestSpdmPei/TestSpdmPei.c @@ -0,0 +1,329 @@ +/** @file + EDKII TestSpdm + + Copyright (c) 2020, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define USE_PSK 0 + +VOID +InternalDumpData ( + IN UINT8 *Data, + IN UINTN Size + ) +{ + UINTN Index; + for (Index = 0; Index < Size; Index++) { + DEBUG ((DEBUG_INFO, "%02x ", (UINTN)Data[Index])); + } +} + +VOID +InternalDumpHex ( + IN UINT8 *Data, + IN UINTN Size + ) +{ + UINTN Index; + UINTN Count; + UINTN Left; + +#define COLUME_SIZE (16 * 2) + + Count = Size / COLUME_SIZE; + Left = Size % COLUME_SIZE; + for (Index = 0; Index < Count; Index++) { + DEBUG ((DEBUG_INFO, "%04x: ", Index * COLUME_SIZE)); + InternalDumpData (Data + Index * COLUME_SIZE, COLUME_SIZE); + DEBUG ((DEBUG_INFO, "\n")); + } + + if (Left != 0) { + DEBUG ((DEBUG_INFO, "%04x: ", Index * COLUME_SIZE)); + InternalDumpData (Data + Index * COLUME_SIZE, Left); + DEBUG ((DEBUG_INFO, "\n")); + } +} + +VOID +TestPci ( + VOID + ) +{ + EFI_STATUS Status; + EDKII_DEVICE_SECURITY_PPI *DeviceSecurityPpi; + EDKII_DEVICE_IDENTIFIER DeviceId; + + Status = PeiServicesLocatePpi( + &gEdkiiDeviceSecurityPpiGuid, + 0, + NULL, + (VOID**)&DeviceSecurityPpi + ); + if (EFI_ERROR(Status)) { + DEBUG((DEBUG_ERROR, "LocatePpi gEdkiiDeviceSecurityPpiGuid - %r\n", Status)); + return; + } + + DeviceId.Version = EDKII_DEVICE_IDENTIFIER_REVISION; + CopyGuid (&DeviceId.DeviceType, &gEdkiiDeviceIdentifierTypePciGuid); + + Status = DeviceSecurityPpi->DeviceAuthenticate (DeviceSecurityPpi, &DeviceId); + if (EFI_ERROR(Status)) { + DEBUG((DEBUG_ERROR, " DeviceSecurityPpi->DeviceAuthenticate - %r\n", Status)); + return; + } +} + +typedef struct { + SPDM_DATA_TYPE DataType; + CHAR8 *String; +} DATA_TYPE_STRING; + +#pragma pack(1) +#define TEST_PAYLOAD_CLIENT "Hello Client!" +#define TEST_PAYLOAD_SERVER "Hello Server!" +#define TEST_PAYLOAD_LEN (sizeof("Hello XXXXXX!")) +/// +/// SPDM VENDOR_DEFINED request +/// +typedef struct { + SPDM_MESSAGE_HEADER Header; + // Param1 == RSVD + // Param2 == RSVD + UINT16 StandardID; + UINT8 Len; + UINT16 VendorID; + UINT16 PayloadLength; + UINT8 VendorDefinedPayload[TEST_PAYLOAD_LEN]; +} SPDM_VENDOR_DEFINED_REQUEST_MINE; + +/// +/// SPDM VENDOR_DEFINED response +/// +typedef struct { + SPDM_MESSAGE_HEADER Header; + // Param1 == RSVD + // Param2 == RSVD + UINT16 StandardID; + UINT8 Len; + UINT16 VendorID; + UINT16 PayloadLength; + UINT8 VendorDefinedPayload[TEST_PAYLOAD_LEN]; +} SPDM_VENDOR_DEFINED_RESPONSE_MINE; + +#pragma pack() + +SPDM_VENDOR_DEFINED_REQUEST_MINE mVendorDefinedRequest = { + { + SPDM_MESSAGE_VERSION_10, + SPDM_VENDOR_DEFINED_REQUEST, + 0, // Param1 + 0, // Param2 + }, + SPDM_REGISTRY_ID_PCISIG, // StandardID + 2, // Len + 0x8086, // VendorID + TEST_PAYLOAD_LEN, // PayloadLength + {TEST_PAYLOAD_CLIENT} +}; + +SPDM_VENDOR_DEFINED_REQUEST_MINE mVendorDefinedResponse = { + { + SPDM_MESSAGE_VERSION_10, + SPDM_VENDOR_DEFINED_RESPONSE, + 0, // Param1 + 0, // Param2 + }, + SPDM_REGISTRY_ID_PCISIG, // StandardID + 2, // Len + 0x8086, // VendorID + TEST_PAYLOAD_LEN, // PayloadLength + {TEST_PAYLOAD_SERVER} +}; + +/** + Process a packet in the current SPDM session. + + @param This Indicates a pointer to the calling context. + @param SessionId ID of the session. + @param Request A pointer to the request data. + @param RequestSize Size of the request data. + @param Response A pointer to the response data. + @param ResponseSize Size of the response data. On input, it means the size of Data + buffer. On output, it means the size of copied Data buffer if + EFI_SUCCESS, and means the size of desired Data buffer if + EFI_BUFFER_TOO_SMALL. + + @retval EFI_SUCCESS The SPDM request is set successfully. + @retval EFI_INVALID_PARAMETER The DataSize is NULL or the Data is NULL and *DataSize is not zero. + @retval EFI_UNSUPPORTED The DataType is unsupported. + @retval EFI_NOT_FOUND The DataType cannot be found. + @retval EFI_NOT_READY The DataType is not ready to return. + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data. + @retval EFI_TIMEOUT A timeout occurred while waiting for the SPDM request + to execute. +**/ +EFI_STATUS +EFIAPI +TestSpdmProcessPacketCallback ( + IN VOID *Request, + IN UINTN RequestSize, + OUT VOID *Response, + IN OUT UINTN *ResponseSize + ) +{ + SPDM_VENDOR_DEFINED_REQUEST_MINE *SpmdRequest; + SpmdRequest = Request; + ASSERT (RequestSize == sizeof(SPDM_VENDOR_DEFINED_REQUEST_MINE)); + ASSERT (SpmdRequest->Header.request_response_code == SPDM_VENDOR_DEFINED_REQUEST); + ASSERT (SpmdRequest->StandardID == SPDM_REGISTRY_ID_PCISIG); + ASSERT (SpmdRequest->VendorID == 0x8086); + ASSERT (SpmdRequest->PayloadLength == TEST_PAYLOAD_LEN); + ASSERT (CompareMem (SpmdRequest->VendorDefinedPayload, TEST_PAYLOAD_CLIENT, TEST_PAYLOAD_LEN) == 0); + + CopyMem (Response, &mVendorDefinedResponse, sizeof(mVendorDefinedResponse)); + *ResponseSize = sizeof(mVendorDefinedResponse); + return EFI_SUCCESS; +} + +VOID +TestSpdmApplication ( + IN SPDM_PPI *SpdmPpi, + IN SPDM_TEST_PPI *SpdmTestPpi, + IN UINT32 SessionId + ) +{ + EFI_STATUS Status; + SPDM_VENDOR_DEFINED_REQUEST_MINE Request; + UINTN RequestSize; + SPDM_VENDOR_DEFINED_RESPONSE_MINE Response; + UINTN ResponseSize; + + Status = SpdmTestPpi->RegisterProcessPacketCallback (SpdmTestPpi, TestSpdmProcessPacketCallback); + + CopyMem (&Request, &mVendorDefinedRequest, sizeof(Request)); + + RequestSize = sizeof(Request); + ResponseSize = sizeof(Response); + Status = SpdmPpi->SendReceiveData (SpdmPpi, &SessionId, FALSE, &Request, RequestSize, &Response, &ResponseSize); + ASSERT_EFI_ERROR(Status); + + ASSERT (ResponseSize == sizeof(SPDM_VENDOR_DEFINED_RESPONSE_MINE)); + ASSERT (Response.Header.request_response_code == SPDM_VENDOR_DEFINED_RESPONSE); + ASSERT (Response.StandardID == SPDM_REGISTRY_ID_PCISIG); + ASSERT (Response.VendorID == 0x8086); + ASSERT (Response.PayloadLength == TEST_PAYLOAD_LEN); + ASSERT (CompareMem (Response.VendorDefinedPayload, TEST_PAYLOAD_SERVER, TEST_PAYLOAD_LEN) == 0); +} + +VOID +TestSpdm ( + VOID + ) +{ + EFI_STATUS Status; + SPDM_PPI *SpdmPpi; + SPDM_TEST_PPI *SpdmTestPpi; + UINT32 SessionId; + UINT8 HeartbeatPeriod; + UINT8 MeasurementHash[64]; + EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi; + EFI_SIGNATURE_LIST *SignatureList; + UINTN SignatureListSize; + + Status = PeiServicesLocatePpi( + &gSpdmPpiGuid, + 0, + NULL, + (VOID**)&SpdmPpi + ); + ASSERT_EFI_ERROR(Status); + + Status = PeiServicesLocatePpi( + &gSpdmTestPpiGuid, + 0, + NULL, + (VOID**)&SpdmTestPpi + ); + ASSERT_EFI_ERROR(Status); + +#if USE_PSK + Status = SpdmPpi->SetData (SpdmPpi, SpdmDataPsk, NULL, "TestPskData", sizeof("TestPskData")); + ASSERT_EFI_ERROR(Status); + + Status = SpdmTestPpi->SetData (SpdmTestPpi, SpdmDataPsk, NULL, "TestPskData", sizeof("TestPskData")); + ASSERT_EFI_ERROR(Status); +#endif + + // + // Session requires peer certificate for authentication + // + Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **) &VariablePpi); + ASSERT_EFI_ERROR (Status); + SignatureListSize = 1024; + SignatureList = AllocateZeroPool (SignatureListSize); + Status = VariablePpi->GetVariable ( + VariablePpi, + EFI_DEVICE_SECURITY_DATABASE, + &gEfiDeviceSignatureDatabaseGuid, + NULL, + &SignatureListSize, + SignatureList + ); + if (EFI_ERROR(Status)) { + return ; + } + FreePool (SignatureList); + + HeartbeatPeriod = 0; + ZeroMem(MeasurementHash, sizeof(MeasurementHash)); + Status = SpdmPpi->StartSession ( + SpdmPpi, + USE_PSK, + SPDM_CHALLENGE_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH, + 0, + &SessionId, + &HeartbeatPeriod, + MeasurementHash + ); + ASSERT_EFI_ERROR(Status); + + TestSpdmApplication (SpdmPpi, SpdmTestPpi, SessionId); + + Status = SpdmPpi->StopSession (SpdmPpi, SessionId, 0); + ASSERT_EFI_ERROR(Status); +} + +EFI_STATUS +EFIAPI +MainEntryPoint ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + //CpuBreakpoint(); + //CpuDeadLoop(); + TestPci (); + + TestSpdm (); + return EFI_SUCCESS; +} diff --git a/DeviceSecurityTestPkg/TestPei/TestSpdmPei/TestSpdmPei.inf b/DeviceSecurityTestPkg/TestPei/TestSpdmPei/TestSpdmPei.inf new file mode 100644 index 00000000000..83536178ff6 --- /dev/null +++ b/DeviceSecurityTestPkg/TestPei/TestSpdmPei/TestSpdmPei.inf @@ -0,0 +1,48 @@ +## @file +# EDKII TestSpdm +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = TestSpdmPei + FILE_GUID = 24567D1D-EB55-4EEE-A6BB-1FE538CE547A + MODULE_TYPE = PEIM + VERSION_STRING = 1.0 + ENTRY_POINT = MainEntryPoint + +[Sources] + TestSpdmPei.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + CryptoPkg/CryptoPkg.dec + DeviceSecurityTestPkg/DeviceSecurityTestPkg.dec + +[LibraryClasses] + PeiServicesLib + PeiServicesTablePointerLib + PeimEntryPoint + MemoryAllocationLib + BaseMemoryLib + PrintLib + DebugLib + +[Guids] + gEfiDeviceSignatureDatabaseGuid ## CONSUMES + +[Ppis] + gSpdmPpiGuid ## CONSUME + gSpdmTestPpiGuid ## CONSUME + gEdkiiDeviceSecurityPpiGuid ## CONSUME + gEfiPeiReadOnlyVariable2PpiGuid ## CONSUME + +[Protocols] + gEdkiiDeviceIdentifierTypePciGuid ## CONSUME + +[Depex] + gEdkiiDeviceSecurityPpiGuid \ No newline at end of file diff --git a/DeviceSecurityTestPkg/readme.md b/DeviceSecurityTestPkg/readme.md new file mode 100644 index 00000000000..7123392af40 --- /dev/null +++ b/DeviceSecurityTestPkg/readme.md @@ -0,0 +1,113 @@ +# UEFI DeviceSecurity Support + +## Branch Description + +This is a sample implementation for UEFI SPDM requester. + +This branch owner: Jiewen Yao , Wenxing Hou . + +## Feature + +1) A generic [SpdmSecurityLib](../SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLibInternal.h) for device authentication and measurement. + + The implemenation is at [SpdmSecurityLib](../SecurityPkg/DeviceSecurity/SpdmSecurityLib). + + Any driver can link this library to perform SPDM (following SPDM spec) and measure data to TPM (following TCG PFP spec). + +2) A UEFI [SpdmDeviceSecurityDxe](SpdmDeviceSecurityDxe) driver as SPDM requester. + +3) A set of UEFI [Test](Test) stub as SPDM responder. + + All Code can run in UEFI emulation env. + +## Build + +This repo uses below submodules: + + [libspdm](../SecurityPkg/DeviceSecurity/SpdmLib/libspdm). + +Build: + Follow standard EDKII build process for DeviceSecurityTestPkg. + +Run : + Copy all *.efi in Build\DeviceSecurityTestPkg\_\\*.efi to Build\EmulatorPkg\_\\. + + Boot to UEFI shell and run below command: + + ``` + load Tcg2Stub.efi + DeployCert.efi + load DeviceSecurityPolicyStub.efi + load PciIoStub.efi + load SpdmStub.efi + load SpdmDeviceSecurityDxe.efi + TestSpdm.efi + ``` + + To test PCI DOE, boot to UEFI shell and run below command: + + ``` + load Tcg2Stub.efi + DeployCert.efi + load DeviceSecurityPolicyStub.efi + #load PciIoStub.efi + load PciIoPciDoeStub.efi + #load SpdmStub.efi + load SpdmPciDoeStub.efi + load SpdmDeviceSecurityDxe.efi + TestSpdm.efi + ``` + + In EmulatorPkg, the PEI SPDM module can only be launched in second boot, after DeployCert.efi in UEFI shell. + +## TCG SPDM Event Log + + We can use [Tcg2DumpLog](Test/Tcg2DumpLog) to dump the SPDM Event Log defined in TCG [PFP Specification](https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/). + + Sample TCG Event Log can be found at [Example](Example). + +## TCG RIM + + Sample RIM(CoSWID) or CoRIM(CoMID) can be found at [Example](Example). + +## Reference + + * SPDM specification + * DMTF: [DSP0274 - Security Protocol and Data Model (SPDM)](https://www.dmtf.org/dsp/DSP0274) + * DMTF: [DSP0277 - Secured Messages using SPDM](https://www.dmtf.org/dsp/DSP0277) + + * TCG specification (PC Client/Server) + * TCG: [Platform Certificate Profile](https://trustedcomputinggroup.org/resource/tcg-platform-certificate-profile/) + * TCG: [EK Credential Profile](https://trustedcomputinggroup.org/resource/tcg-ek-credential-profile-for-tpm-family-2-0/) + * TCG: [PC Client Platform Firmware Integrity Measurement](https://trustedcomputinggroup.org/resource/tcg-pc-client-platform-firmware-integrity-measurement/) + * TCG: [PC Client Platform Firmware Profile](https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/) + * TCG: [PC Client Platform TPM Profile (PTP)](https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/) + * TCG: [Server Management Domain Firmware Profile](https://trustedcomputinggroup.org/resource/tcg-server-management-domain-firmware-profile-specification/) + + * TCG specification (DICE) + * TCG: [DICE Attestation Architecture](https://trustedcomputinggroup.org/resource/dice-attestation-architecture/) + * TCG: [DICE Layering Architecture](https://trustedcomputinggroup.org/resource/dice-layering-architecture/) + * TCG: [DICE certificate Profile](https://trustedcomputinggroup.org/resource/dice-certificate-profiles/) + * TCG: [DICE Symmetric Identity Based Device Attestation](https://trustedcomputinggroup.org/resource/symmetric-identity-based-device-attestation/) + + * RIM + * TCG: [Reference Integrity Manifest (RIM) Information Model](https://trustedcomputinggroup.org/resource/tcg-reference-integrity-manifest-rim-information-model/) + * TCG: [PC Client Reference Integrity Measurement](https://trustedcomputinggroup.org/resource/tcg-pc-client-reference-integrity-manifest-specification/) + + * SWID: + * NIST: [Software-Identification-SWID](https://csrc.nist.gov/projects/Software-Identification-SWID) + * NIST: NISTID.8060 [Guidelines for the Creation of Interoperable SWID Tags](https://csrc.nist.gov/publications/detail/nistir/8060/final) + + * CoSWID: + * RATS: [Remote Attestation Procedures Architecture](https://datatracker.ietf.org/doc/draft-ietf-rats-architecture/) + * SACM: [Concise Software Identification Tags](https://datatracker.ietf.org/doc/draft-ietf-sacm-coswid/) + * RATS: [Reference Integrity Measurement Extension for Concise Software Identities](https://datatracker.ietf.org/doc/draft-birkholz-rats-coswid-rim/) + + * CoRIM / CoMID: + * RATS: [Concise Reference Integrity Manifest](https://datatracker.ietf.org/doc/draft-birkholz-rats-corim/) + +## Known limitation +This package is only the sample code to show the concept. +It does not have a full validation such as robustness functional test and fuzzing test. It does not meet the production quality yet. +Any codes including the API definition, the libary and the drivers are subject to change. +