Revision: 16339
http://sourceforge.net/p/edk2/code/16339
Author: qlong
Date: 2014-11-12 08:51:45 +0000 (Wed, 12 Nov 2014)
Log Message:
-----------
CryptoPkg Updates to support RFC3161 timestamp signature verification.
The main changes includes:
1. Enabling SHA384 and SHA512 digest algorithm; (Sha512.c)
2. RFC 3161 timestamp signature verification support; (CryptTs.c)
3. Fixed one ASN.1 length encoding issue in Authenticode verification routine.
(CryptAuthenticode.c)
4. Add the corresponding test cases in Cryptest utility (SHA384 & SHA512 &
Timestamp verification)
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <[email protected]>
Reviewed-by: Guo Dong <[email protected]>
Reviewed-by: Ting Ye <[email protected]>
Modified Paths:
--------------
trunk/edk2/CryptoPkg/Application/Cryptest/Cryptest.c
trunk/edk2/CryptoPkg/Application/Cryptest/Cryptest.h
trunk/edk2/CryptoPkg/Application/Cryptest/Cryptest.inf
trunk/edk2/CryptoPkg/Application/Cryptest/DhVerify.c
trunk/edk2/CryptoPkg/Application/Cryptest/HashVerify.c
trunk/edk2/CryptoPkg/Include/Library/BaseCryptLib.h
trunk/edk2/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
trunk/edk2/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
trunk/edk2/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
trunk/edk2/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
trunk/edk2/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
trunk/edk2/CryptoPkg/Library/OpensslLib/OpensslLib.inf
Added Paths:
-----------
trunk/edk2/CryptoPkg/Application/Cryptest/TSVerify.c
trunk/edk2/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha512.c
trunk/edk2/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha512Null.c
trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptTsNull.c
trunk/edk2/CryptoPkg/Library/IntrinsicLib/Ia32/
trunk/edk2/CryptoPkg/Library/IntrinsicLib/Ia32/MathLShiftS64.S
trunk/edk2/CryptoPkg/Library/IntrinsicLib/Ia32/MathLShiftS64.c
trunk/edk2/CryptoPkg/Library/IntrinsicLib/Ia32/MathRShiftU64.S
trunk/edk2/CryptoPkg/Library/IntrinsicLib/Ia32/MathRShiftU64.c
Removed Paths:
-------------
trunk/edk2/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/
Modified: trunk/edk2/CryptoPkg/Application/Cryptest/Cryptest.c
===================================================================
--- trunk/edk2/CryptoPkg/Application/Cryptest/Cryptest.c 2014-11-12
08:26:03 UTC (rev 16338)
+++ trunk/edk2/CryptoPkg/Application/Cryptest/Cryptest.c 2014-11-12
08:51:45 UTC (rev 16339)
@@ -1,7 +1,7 @@
-/** @file
+/** @file
Application for Cryptographic Primitives Validation.
-Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -73,6 +73,11 @@
return Status;
}
+ Status = ValidateTSCounterSignature ();
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
Status = ValidateCryptDh ();
if (EFI_ERROR (Status)) {
return Status;
@@ -84,4 +89,4 @@
}
return EFI_SUCCESS;
-}
+}
\ No newline at end of file
Modified: trunk/edk2/CryptoPkg/Application/Cryptest/Cryptest.h
===================================================================
--- trunk/edk2/CryptoPkg/Application/Cryptest/Cryptest.h 2014-11-12
08:26:03 UTC (rev 16338)
+++ trunk/edk2/CryptoPkg/Application/Cryptest/Cryptest.h 2014-11-12
08:51:45 UTC (rev 16339)
@@ -1,7 +1,7 @@
-/** @file
+/** @file
Application for Cryptographic Primitives Validation.
-Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -109,6 +109,18 @@
);
/**
+ Validate UEFI-OpenSSL RFC3161 Timestamp CounterSignature Verification
Interfaces.
+
+ @retval EFI_SUCCESS Validation succeeded.
+ @retval EFI_ABORTED Validation failed.
+
+**/
+EFI_STATUS
+ValidateTSCounterSignature (
+ VOID
+ );
+
+/**
Validate UEFI-OpenSSL DH Interfaces.
@retval EFI_SUCCESS Validation succeeded.
@@ -132,4 +144,4 @@
VOID
);
-#endif
+#endif
\ No newline at end of file
Modified: trunk/edk2/CryptoPkg/Application/Cryptest/Cryptest.inf
===================================================================
--- trunk/edk2/CryptoPkg/Application/Cryptest/Cryptest.inf 2014-11-12
08:26:03 UTC (rev 16338)
+++ trunk/edk2/CryptoPkg/Application/Cryptest/Cryptest.inf 2014-11-12
08:51:45 UTC (rev 16339)
@@ -38,6 +38,7 @@
RsaVerify.c
RsaVerify2.c
AuthenticodeVerify.c
+ TSVerify.c
DhVerify.c
RandVerify.c
@@ -57,4 +58,4 @@
[UserExtensions.TianoCore."ExtraFiles"]
CryptestExtra.uni
-
\ No newline at end of file
+
Modified: trunk/edk2/CryptoPkg/Application/Cryptest/DhVerify.c
===================================================================
--- trunk/edk2/CryptoPkg/Application/Cryptest/DhVerify.c 2014-11-12
08:26:03 UTC (rev 16338)
+++ trunk/edk2/CryptoPkg/Application/Cryptest/DhVerify.c 2014-11-12
08:51:45 UTC (rev 16339)
@@ -1,7 +1,7 @@
-/** @file
+/** @file
Application for Diffie-Hellman Primitives Validation.
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -42,6 +42,14 @@
Print (L"\nUEFI-OpenSSL DH Engine Testing:\n");
//
+ // Initialize Key Length
+ //
+ PublicKey1Length = sizeof (PublicKey1);
+ PublicKey2Length = sizeof (PublicKey2);
+ Key1Length = sizeof (Key1);
+ Key2Length = sizeof (Key2);
+
+ //
// Generate & Initialize DH Context
//
Print (L"- Context1 ... ");
@@ -114,4 +122,4 @@
Print (L"[Pass]\n");
return EFI_SUCCESS;
-}
+}
\ No newline at end of file
Modified: trunk/edk2/CryptoPkg/Application/Cryptest/HashVerify.c
===================================================================
--- trunk/edk2/CryptoPkg/Application/Cryptest/HashVerify.c 2014-11-12
08:26:03 UTC (rev 16338)
+++ trunk/edk2/CryptoPkg/Application/Cryptest/HashVerify.c 2014-11-12
08:51:45 UTC (rev 16339)
@@ -1,7 +1,7 @@
-/** @file
+/** @file
Application for Hash Primitives Validation.
-Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -54,6 +54,25 @@
0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10, 0xff, 0x61,
0xf2, 0x00, 0x15, 0xad
};
+//
+// Result for SHA-384("abc"). (From "D.1 SHA-384 Example" of NIST FIPS 180-2)
+//
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Sha384Digest[SHA384_DIGEST_SIZE] = {
+ 0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b, 0xb5, 0xa0, 0x3d, 0x69,
0x9a, 0xc6, 0x50, 0x07,
+ 0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63, 0x1a, 0x8b, 0x60, 0x5a,
0x43, 0xff, 0x5b, 0xed,
+ 0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23, 0x58, 0xba, 0xec, 0xa1,
0x34, 0xc8, 0x25, 0xa7
+ };
+
+//
+// Result for SHA-512("abc"). (From "C.1 SHA-512 Example" of NIST FIPS 180-2)
+//
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Sha512Digest[SHA512_DIGEST_SIZE] = {
+ 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, 0xcc, 0x41, 0x73, 0x49,
0xae, 0x20, 0x41, 0x31,
+ 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2, 0x0a, 0x9e, 0xee, 0xe6,
0x4b, 0x55, 0xd3, 0x9a,
+ 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8, 0x36, 0xba, 0x3c, 0x23,
0xa3, 0xfe, 0xeb, 0xbd,
+ 0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e, 0x2a, 0x9a, 0xc9, 0x4f,
0xa5, 0x4c, 0xa4, 0x9f
+ };
+
/**
Validate UEFI-OpenSSL Digest Interfaces.
@@ -76,7 +95,7 @@
DataSize = AsciiStrLen (HashData);
Print (L"- MD4: ");
-
+
//
// MD4 Digest Validation
//
@@ -234,6 +253,86 @@
}
Print (L"[Pass]\n");
-
+
+ Print (L"- SHA384: ");
+
+ //
+ // SHA384 Digest Validation
+ //
+ ZeroMem (Digest, MAX_DIGEST_SIZE);
+ CtxSize = Sha384GetContextSize ();
+ HashCtx = AllocatePool (CtxSize);
+
+ Print (L"Init... ");
+ Status = Sha384Init (HashCtx);
+ if (!Status) {
+ Print (L"[Fail]");
+ return EFI_ABORTED;
+ }
+
+ Print (L"Update... ");
+ Status = Sha384Update (HashCtx, HashData, DataSize);
+ if (!Status) {
+ Print (L"[Fail]");
+ return EFI_ABORTED;
+ }
+
+ Print (L"Finalize... ");
+ Status = Sha384Final (HashCtx, Digest);
+ if (!Status) {
+ Print (L"[Fail]");
+ return EFI_ABORTED;
+ }
+
+ FreePool (HashCtx);
+
+ Print (L"Check Value... ");
+ if (CompareMem (Digest, Sha384Digest, SHA384_DIGEST_SIZE) != 0) {
+ Print (L"[Fail]");
+ return EFI_ABORTED;
+ }
+
+ Print (L"[Pass]\n");
+
+ Print (L"- SHA512: ");
+
+ //
+ // SHA512 Digest Validation
+ //
+ ZeroMem (Digest, MAX_DIGEST_SIZE);
+ CtxSize = Sha512GetContextSize ();
+ HashCtx = AllocatePool (CtxSize);
+
+ Print (L"Init... ");
+ Status = Sha512Init (HashCtx);
+ if (!Status) {
+ Print (L"[Fail]");
+ return EFI_ABORTED;
+ }
+
+ Print (L"Update... ");
+ Status = Sha512Update (HashCtx, HashData, DataSize);
+ if (!Status) {
+ Print (L"[Fail]");
+ return EFI_ABORTED;
+ }
+
+ Print (L"Finalize... ");
+ Status = Sha512Final (HashCtx, Digest);
+ if (!Status) {
+ Print (L"[Fail]");
+ return EFI_ABORTED;
+ }
+
+ FreePool (HashCtx);
+
+ Print (L"Check Value... ");
+ if (CompareMem (Digest, Sha512Digest, SHA512_DIGEST_SIZE) != 0) {
+ Print (L"[Fail]");
+ return EFI_ABORTED;
+ }
+
+ Print (L"[Pass]\n");
+
return EFI_SUCCESS;
}
Added: trunk/edk2/CryptoPkg/Application/Cryptest/TSVerify.c
===================================================================
--- trunk/edk2/CryptoPkg/Application/Cryptest/TSVerify.c
(rev 0)
+++ trunk/edk2/CryptoPkg/Application/Cryptest/TSVerify.c 2014-11-12
08:51:45 UTC (rev 16339)
@@ -0,0 +1,501 @@
+/** @file
+ Sample Implementation for RFC3161 Time Stamping Verification.
+
+Copyright (c) 2014, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD
License
+which accompanies this distribution. The full text of the license may be
found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "Cryptest.h"
+
+//
+// Sample Authenticode Data with RFC3161 time stamping signature.
+// The data retrieved from one signed sample UEFI image, which is generated by
MSFT's signtool
+// utility in conjunction with RFC3161 timestamping, as the following command:
+// signtool sign /ac <xxx.cer> / f <xxx.pfx> /p <pass> /fd <digestAlg>
+// /tr http://timestamp.comodoca.com/rfc3161 sample.efi
+//
+GLOBAL_REMOVE_IF_UNREFERENCED UINT8 AuthenticodeWithTS[] = {
+ 0x30, 0x82, 0x0c, 0x00, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
0x01, 0x07, 0x02, 0xa0,
+ 0x82, 0x0b, 0xf1, 0x30, 0x82, 0x0b, 0xed, 0x02, 0x01, 0x01, 0x31, 0x0f,
0x30, 0x0d, 0x06, 0x09,
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30,
0x78, 0x06, 0x0a, 0x2b,
+ 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x04, 0xa0, 0x6a, 0x30,
0x68, 0x30, 0x33, 0x06,
+ 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x0f, 0x30,
0x25, 0x03, 0x01, 0x00,
+ 0xa0, 0x20, 0xa2, 0x1e, 0x80, 0x1c, 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x3c,
0x00, 0x4f, 0x00, 0x62,
+ 0x00, 0x73, 0x00, 0x6f, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x74, 0x00, 0x65,
0x00, 0x3e, 0x00, 0x3e,
+ 0x00, 0x3e, 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
0x65, 0x03, 0x04, 0x02,
+ 0x01, 0x05, 0x00, 0x04, 0x20, 0x1e, 0x9e, 0x74, 0x31, 0xe1, 0x3e, 0x51,
0x46, 0xab, 0xce, 0x10,
+ 0x0d, 0x7c, 0x38, 0x66, 0x34, 0xd4, 0xdd, 0x04, 0xa5, 0xe7, 0x75, 0x40,
0xdd, 0x99, 0x73, 0xf3,
+ 0x2a, 0x54, 0x3e, 0xa8, 0x18, 0xa0, 0x82, 0x01, 0xee, 0x30, 0x82, 0x01,
0xea, 0x30, 0x82, 0x01,
+ 0x57, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x2c, 0x65, 0xcf, 0xcf,
0xdd, 0x61, 0x7b, 0xa4,
+ 0x41, 0xad, 0x26, 0x1b, 0x63, 0xce, 0x91, 0x0f, 0x30, 0x09, 0x06, 0x05,
0x2b, 0x0e, 0x03, 0x02,
+ 0x1d, 0x05, 0x00, 0x30, 0x13, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55,
0x04, 0x03, 0x13, 0x08,
+ 0x54, 0x65, 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d,
0x31, 0x34, 0x30, 0x37,
+ 0x32, 0x38, 0x30, 0x37, 0x33, 0x38, 0x35, 0x39, 0x5a, 0x17, 0x0d, 0x33,
0x39, 0x31, 0x32, 0x33,
+ 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x12, 0x31, 0x10,
0x30, 0x0e, 0x06, 0x03,
+ 0x55, 0x04, 0x03, 0x13, 0x07, 0x54, 0x65, 0x73, 0x74, 0x53, 0x75, 0x62,
0x30, 0x81, 0x9f, 0x30,
+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
0x05, 0x00, 0x03, 0x81,
+ 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0x94, 0xa6, 0x02,
0x15, 0x87, 0xd6, 0xbf,
+ 0x71, 0xe8, 0xc6, 0x68, 0xf6, 0x9f, 0x66, 0x09, 0x6c, 0xe7, 0x39, 0x52,
0xf4, 0x4e, 0xaf, 0xf5,
+ 0xe0, 0xba, 0x0f, 0xfd, 0xe6, 0x77, 0xa9, 0x71, 0x5b, 0x5c, 0x92, 0x50,
0x1d, 0xfd, 0x9b, 0x6e,
+ 0x52, 0x92, 0x9e, 0x3a, 0x75, 0x86, 0x41, 0x2a, 0x41, 0x30, 0x1b, 0x67,
0x66, 0x91, 0xde, 0x71,
+ 0x84, 0xe0, 0x90, 0xc3, 0x50, 0x36, 0x78, 0xb5, 0xa0, 0x1e, 0x72, 0xde,
0xe7, 0x66, 0x42, 0x4f,
+ 0x59, 0x5e, 0x3d, 0xf3, 0x85, 0x82, 0x0b, 0xa8, 0x26, 0x2d, 0xd9, 0xe3,
0x14, 0xda, 0x9d, 0x2e,
+ 0x3f, 0x53, 0x4d, 0x8d, 0x10, 0xbf, 0xa4, 0x7c, 0xe5, 0xaf, 0x3a, 0xa6,
0xaf, 0x49, 0x64, 0xb0,
+ 0x60, 0x17, 0x87, 0x71, 0x77, 0x59, 0x52, 0xe5, 0x5a, 0xed, 0x96, 0x7d,
0x7e, 0x5d, 0xc1, 0xef,
+ 0x6b, 0xfb, 0x80, 0xc5, 0x2b, 0x10, 0xfe, 0xe7, 0xd3, 0x02, 0x03, 0x01,
0x00, 0x01, 0xa3, 0x48,
+ 0x30, 0x46, 0x30, 0x44, 0x06, 0x03, 0x55, 0x1d, 0x01, 0x04, 0x3d, 0x30,
0x3b, 0x80, 0x10, 0x19,
+ 0x8d, 0x48, 0xa1, 0xb9, 0xf3, 0x5e, 0x3c, 0x13, 0xb4, 0x08, 0xb6, 0xd9,
0xf3, 0x4f, 0x0a, 0xa1,
+ 0x15, 0x30, 0x13, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03,
0x13, 0x08, 0x54, 0x65,
+ 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x82, 0x10, 0x27, 0xcb, 0x16, 0x33,
0x8b, 0xed, 0x4d, 0xa8,
+ 0x47, 0xf0, 0x86, 0x47, 0x10, 0xef, 0x15, 0xd9, 0x30, 0x09, 0x06, 0x05,
0x2b, 0x0e, 0x03, 0x02,
+ 0x1d, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x51, 0x94, 0xed, 0x7a, 0x5c,
0x0b, 0x34, 0x16, 0x9c,
+ 0xf4, 0x5f, 0x88, 0x16, 0xa8, 0x4b, 0x13, 0xfc, 0xa4, 0x0a, 0xc7, 0xd9,
0x20, 0xb1, 0x93, 0xc5,
+ 0x81, 0x4f, 0x35, 0x3a, 0x89, 0x10, 0x04, 0xc4, 0xcc, 0x10, 0x34, 0xc3,
0x15, 0x57, 0x06, 0x97,
+ 0xee, 0x06, 0x2f, 0xf3, 0x24, 0xa1, 0xe6, 0x3a, 0x89, 0x4d, 0xb4, 0x7b,
0x12, 0x87, 0x90, 0x8c,
+ 0xfc, 0x5b, 0xb0, 0xf0, 0xdd, 0xaa, 0x3a, 0x24, 0x6d, 0x55, 0x47, 0x8a,
0xf2, 0x61, 0x08, 0x7a,
+ 0x59, 0x5f, 0x6e, 0x7b, 0xcb, 0x34, 0xbe, 0xb6, 0x5d, 0xcb, 0x60, 0xae,
0xc4, 0xda, 0x62, 0xbb,
+ 0x7f, 0x17, 0x1e, 0x73, 0xd1, 0x4e, 0x9f, 0x6e, 0xd3, 0xc8, 0x35, 0x58,
0x30, 0xd2, 0x89, 0xe5,
+ 0x22, 0x5e, 0x86, 0xac, 0x7a, 0x56, 0xd6, 0x70, 0xdb, 0x54, 0x10, 0x6c,
0xd3, 0xd5, 0x38, 0xfb,
+ 0x69, 0xcb, 0x4f, 0x36, 0x83, 0xc2, 0xe8, 0x31, 0x82, 0x09, 0x69, 0x30,
0x82, 0x09, 0x65, 0x02,
+ 0x01, 0x01, 0x30, 0x27, 0x30, 0x13, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03,
0x55, 0x04, 0x03, 0x13,
+ 0x08, 0x54, 0x65, 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x02, 0x10, 0x2c,
0x65, 0xcf, 0xcf, 0xdd,
+ 0x61, 0x7b, 0xa4, 0x41, 0xad, 0x26, 0x1b, 0x63, 0xce, 0x91, 0x0f, 0x30,
0x0d, 0x06, 0x09, 0x60,
+ 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0xa0, 0x5e,
0x30, 0x10, 0x06, 0x0a,
+ 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x0c, 0x31, 0x02,
0x30, 0x00, 0x30, 0x19,
+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x03, 0x31,
0x0c, 0x06, 0x0a, 0x2b,
+ 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x04, 0x30, 0x2f, 0x06,
0x09, 0x2a, 0x86, 0x48,
+ 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x04, 0x31, 0x22, 0x04, 0x20, 0x97, 0x6e,
0x29, 0x47, 0xc4, 0x03,
+ 0x68, 0x70, 0x1c, 0x99, 0x2c, 0x61, 0xb0, 0xbc, 0xde, 0x77, 0xe1, 0xa1,
0xeb, 0x4c, 0x1c, 0xac,
+ 0x4c, 0x64, 0xf6, 0x43, 0x96, 0x94, 0x0b, 0xc0, 0xbb, 0x03, 0x30, 0x0d,
0x06, 0x09, 0x2a, 0x86,
+ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x81, 0x80,
0x85, 0x93, 0xad, 0x93,
+ 0x92, 0x9e, 0xa4, 0x94, 0x30, 0x02, 0xe1, 0xc8, 0xcd, 0x37, 0xb2, 0xe1,
0xcb, 0xb2, 0x0f, 0x1c,
+ 0x67, 0xd1, 0xc9, 0xeb, 0x4d, 0x68, 0x85, 0x97, 0x5a, 0xa6, 0x0c, 0x03,
0xc7, 0x86, 0xae, 0xb3,
+ 0x35, 0xb4, 0x1d, 0x0e, 0x95, 0x5f, 0xed, 0x37, 0x13, 0x6b, 0x1e, 0x94,
0x80, 0xf1, 0xac, 0x55,
+ 0x73, 0xd1, 0x31, 0xf9, 0xad, 0x13, 0x7b, 0x26, 0xbf, 0xe7, 0x55, 0x7b,
0xb2, 0xf9, 0x21, 0x42,
+ 0x23, 0x64, 0xe6, 0x45, 0x03, 0x67, 0xcb, 0x42, 0xd3, 0x71, 0x3f, 0xd5,
0x29, 0x17, 0x4b, 0x49,
+ 0x45, 0x0e, 0x8b, 0xba, 0x1f, 0x15, 0x5a, 0x7f, 0x7b, 0x5e, 0x9b, 0x22,
0x46, 0xa7, 0x9c, 0x0d,
+ 0x25, 0x9c, 0x76, 0x25, 0x02, 0xc8, 0x15, 0x00, 0x51, 0xe6, 0x73, 0x39,
0xac, 0x8d, 0x41, 0x7b,
+ 0xc8, 0x42, 0xc9, 0xdb, 0x1b, 0x16, 0x13, 0xf6, 0x44, 0x32, 0xef, 0x17,
0xa1, 0x82, 0x08, 0x34,
+ 0x30, 0x82, 0x08, 0x30, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
0x37, 0x03, 0x03, 0x01,
+ 0x31, 0x82, 0x08, 0x20,
+ 0x30, 0x82, 0x08, 0x1c, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
0x01, 0x07, 0x02, 0xa0,
+ 0x82, 0x08, 0x0d, 0x30, 0x82, 0x08, 0x09, 0x02, 0x01, 0x03, 0x31, 0x0b,
0x30, 0x09, 0x06, 0x05,
+ 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x30, 0x81, 0xf6, 0x06, 0x0b,
0x2a, 0x86, 0x48, 0x86,
+ 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01, 0x04, 0xa0, 0x81, 0xe6, 0x04, 0x81,
0xe3, 0x30, 0x81, 0xe0,
+ 0x02, 0x01, 0x01, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xb2, 0x31,
0x02, 0x01, 0x01, 0x30,
+ 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00,
0x04, 0x14, 0xcd, 0x06,
+ 0xf0, 0xbd, 0x8b, 0xcd, 0x5c, 0x2e, 0x5a, 0x7c, 0x42, 0x56, 0x2c, 0x20,
0x4a, 0x15, 0xcb, 0x1d,
+ 0x8b, 0x0e, 0x02, 0x15, 0x00, 0xb6, 0xff, 0x47, 0x05, 0xb6, 0x2d, 0x15,
0xac, 0x3f, 0x5d, 0xd9,
+ 0xcf, 0x9d, 0x54, 0x35, 0x56, 0x7c, 0xc1, 0x6e, 0x8b, 0x18, 0x0f, 0x32,
0x30, 0x31, 0x34, 0x30,
+ 0x37, 0x32, 0x38, 0x30, 0x38, 0x35, 0x30, 0x30, 0x33, 0x5a, 0xa0, 0x81,
0x83, 0xa4, 0x81, 0x80,
+ 0x30, 0x7e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
0x02, 0x47, 0x42, 0x31,
+ 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x12, 0x47, 0x72,
0x65, 0x61, 0x74, 0x65,
+ 0x72, 0x20, 0x4d, 0x61, 0x6e, 0x63, 0x68, 0x65, 0x73, 0x74, 0x65, 0x72,
0x31, 0x10, 0x30, 0x0e,
+ 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x53, 0x61, 0x6c, 0x66, 0x6f,
0x72, 0x64, 0x31, 0x1a,
+ 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x11, 0x43, 0x4f, 0x4d,
0x4f, 0x44, 0x4f, 0x20,
+ 0x43, 0x41, 0x20, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x65, 0x64, 0x31, 0x24,
0x30, 0x22, 0x06, 0x03,
+ 0x55, 0x04, 0x03, 0x13, 0x1b, 0x43, 0x4f, 0x4d, 0x4f, 0x44, 0x4f, 0x20,
0x54, 0x69, 0x6d, 0x65,
+ 0x20, 0x53, 0x74, 0x61, 0x6d, 0x70, 0x69, 0x6e, 0x67, 0x20, 0x53, 0x69,
0x67, 0x6e, 0x65, 0x72,
+ 0xa0, 0x82, 0x04, 0x97, 0x30, 0x82, 0x04, 0x93, 0x30, 0x82, 0x03, 0x7b,
0xa0, 0x03, 0x02, 0x01,
+ 0x02, 0x02, 0x10, 0x47, 0x8a, 0x8e, 0xfb, 0x59, 0xe1, 0xd8, 0x3f, 0x0c,
0xe1, 0x42, 0xd2, 0xa2,
+ 0x87, 0x07, 0xbe, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x05,
+ 0x05, 0x00, 0x30, 0x81, 0x95, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
0x04, 0x06, 0x13, 0x02,
+ 0x55, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13,
0x02, 0x55, 0x54, 0x31,
+ 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x0e, 0x53, 0x61,
0x6c, 0x74, 0x20, 0x4c,
+ 0x61, 0x6b, 0x65, 0x20, 0x43, 0x69, 0x74, 0x79, 0x31, 0x1e, 0x30, 0x1c,
0x06, 0x03, 0x55, 0x04,
+ 0x0a, 0x13, 0x15, 0x54, 0x68, 0x65, 0x20, 0x55, 0x53, 0x45, 0x52, 0x54,
0x52, 0x55, 0x53, 0x54,
+ 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x21, 0x30, 0x1f,
0x06, 0x03, 0x55, 0x04,
+ 0x0b, 0x13, 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77,
0x77, 0x2e, 0x75, 0x73,
+ 0x65, 0x72, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x31,
0x1d, 0x30, 0x1b, 0x06,
+ 0x03, 0x55, 0x04, 0x03, 0x13, 0x14, 0x55, 0x54, 0x4e, 0x2d, 0x55, 0x53,
0x45, 0x52, 0x46, 0x69,
+ 0x72, 0x73, 0x74, 0x2d, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x30, 0x1e,
0x17, 0x0d, 0x31, 0x30,
+ 0x30, 0x35, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17,
0x0d, 0x31, 0x35, 0x30,
+ 0x35, 0x31, 0x30, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x7e,
0x31, 0x0b, 0x30, 0x09,
+ 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x1b, 0x30,
0x19, 0x06, 0x03, 0x55,
+ 0x04, 0x08, 0x13, 0x12, 0x47, 0x72, 0x65, 0x61, 0x74, 0x65, 0x72, 0x20,
0x4d, 0x61, 0x6e, 0x63,
+ 0x68, 0x65, 0x73, 0x74, 0x65, 0x72, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
0x55, 0x04, 0x07, 0x13,
+ 0x07, 0x53, 0x61, 0x6c, 0x66, 0x6f, 0x72, 0x64, 0x31, 0x1a, 0x30, 0x18,
0x06, 0x03, 0x55, 0x04,
+ 0x0a, 0x13, 0x11, 0x43, 0x4f, 0x4d, 0x4f, 0x44, 0x4f, 0x20, 0x43, 0x41,
0x20, 0x4c, 0x69, 0x6d,
+ 0x69, 0x74, 0x65, 0x64, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, 0x04,
0x03, 0x13, 0x1b, 0x43,
+ 0x4f, 0x4d, 0x4f, 0x44, 0x4f, 0x20, 0x54, 0x69, 0x6d, 0x65, 0x20, 0x53,
0x74, 0x61, 0x6d, 0x70,
+ 0x69, 0x6e, 0x67, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x65, 0x72, 0x30, 0x82,
0x01, 0x22, 0x30, 0x0d,
+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
0x00, 0x03, 0x82, 0x01,
+ 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbc,
0x35, 0xa0, 0x36, 0x70,
+ 0x22, 0x81, 0x11, 0xc3, 0xb2, 0x83, 0xb9, 0xd3, 0x28, 0xc6, 0x36, 0xcd,
0x25, 0x6b, 0xa9, 0x7b,
+ 0xb2, 0x1c, 0xf6, 0x9b, 0x51, 0x9c, 0xef, 0x35, 0xf4, 0xed, 0x08, 0x8e,
0x5e, 0x38, 0x08, 0xf8,
+ 0x77, 0x3c, 0x0a, 0x42, 0xe0, 0xf3, 0x70, 0xdc, 0xa3, 0xd7, 0xca, 0xf5,
0x4c, 0x0b, 0xcf, 0xff,
+ 0x22, 0x9c, 0x0a, 0x7e, 0x68, 0xd6, 0x09, 0xa2, 0x2a, 0x84, 0x7b, 0xa6,
0x9d, 0xb4, 0xa9, 0xc1,
+ 0x33, 0xe2, 0xef, 0x1f, 0x17, 0x48, 0xca, 0x3a, 0xcd, 0x46, 0xe6, 0xc5,
0xaa, 0x77, 0xbd, 0xe3,
+ 0x77, 0x9a, 0xfa, 0x47, 0x53, 0x40, 0x28, 0x59, 0x43, 0x93, 0xf1, 0xa4,
0x81, 0xea, 0xef, 0x80,
+ 0xb5, 0x4f, 0xa7, 0x08, 0xce, 0xba, 0x6e, 0xbc, 0xca, 0x76, 0x0c, 0x97,
0x64, 0x59, 0x86, 0x24,
+ 0xbb, 0x3d, 0x82, 0x90, 0xa8, 0x55, 0xb1, 0x92, 0xd3, 0xa0, 0xa7, 0x05,
0xac, 0x9f, 0x53, 0x25,
+ 0x08, 0x10, 0x47, 0x99, 0xcd, 0x98, 0xde, 0x68, 0xe5, 0xb4, 0x50, 0x78,
0xa3, 0xaf, 0x01, 0xcc,
+ 0x59, 0x43, 0x58, 0xe4, 0x76, 0x6e, 0x7e, 0xac, 0xc7, 0xe2, 0x9e, 0x1f,
0x4f, 0xb0, 0x47, 0x2d,
+ 0xc8, 0x0c, 0xa3, 0x49, 0x27, 0x80, 0x75, 0x8c, 0xbb, 0x06, 0x91, 0x65,
0x0f, 0x90, 0x9b, 0xf4,
+ 0xba, 0xd1, 0x81, 0xc8, 0x5c, 0x6a, 0xec, 0x14, 0xe9, 0x25, 0x09, 0xbf,
0x23, 0x16, 0xf4, 0x95,
+ 0x46, 0x40, 0x40, 0x21, 0xbb, 0x83, 0x96, 0xfd, 0x86, 0x1f, 0x7a, 0xc8,
0x0d, 0x10, 0x8e, 0xa2,
+ 0xf8, 0x19, 0x07, 0x58, 0x7f, 0x9f, 0xbd, 0x37, 0x02, 0x60, 0xf2, 0xa4,
0xe9, 0x9d, 0x44, 0x3f,
+ 0x30, 0x05, 0xe4, 0xa7, 0x70, 0x99, 0x51, 0x9a, 0xe8, 0x17, 0xf1, 0x55,
0xca, 0xb2, 0x61, 0x89,
+ 0x65, 0x46, 0xa7, 0x6a, 0xf2, 0x58, 0x46, 0x7e, 0xaa, 0xa0, 0x07, 0x02,
0x03, 0x01, 0x00, 0x01,
+ 0xa3, 0x81, 0xf4, 0x30, 0x81, 0xf1, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d,
0x23, 0x04, 0x18, 0x30,
+ 0x16, 0x80, 0x14, 0xda, 0xed, 0x64, 0x74, 0x14, 0x9c, 0x14, 0x3c, 0xab,
0xdd, 0x99, 0xa9, 0xbd,
+ 0x5b, 0x28, 0x4d, 0x8b, 0x3c, 0xc9, 0xd8, 0x30, 0x1d, 0x06, 0x03, 0x55,
0x1d, 0x0e, 0x04, 0x16,
+ 0x04, 0x14, 0x2e, 0x2d, 0xb0, 0x0a, 0x44, 0x4a, 0xd3, 0x87, 0xc0, 0x02,
0x07, 0xce, 0x97, 0x7d,
+ 0x50, 0x62, 0x20, 0xfd, 0x0f, 0x83, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d,
0x0f, 0x01, 0x01, 0xff,
+ 0x04, 0x04, 0x03, 0x02, 0x06, 0xc0, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d,
0x13, 0x01, 0x01, 0xff,
+ 0x04, 0x02, 0x30, 0x00, 0x30, 0x16, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01,
0x01, 0xff, 0x04, 0x0c,
+ 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08,
0x30, 0x42, 0x06, 0x03,
+ 0x55, 0x1d, 0x1f, 0x04, 0x3b, 0x30, 0x39, 0x30, 0x37, 0xa0, 0x35, 0xa0,
0x33, 0x86, 0x31, 0x68,
+ 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x75, 0x73,
0x65, 0x72, 0x74, 0x72,
+ 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x55, 0x54, 0x4e, 0x2d,
0x55, 0x53, 0x45, 0x52,
+ 0x46, 0x69, 0x72, 0x73, 0x74, 0x2d, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74,
0x2e, 0x63, 0x72, 0x6c,
+ 0x30, 0x35, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01,
0x04, 0x29, 0x30, 0x27,
+ 0x30, 0x25, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01,
0x86, 0x19, 0x68, 0x74,
+ 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x75, 0x73,
0x65, 0x72, 0x74, 0x72,
+ 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x0d, 0x06, 0x09, 0x2a,
0x86, 0x48, 0x86, 0xf7,
+ 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xc8,
0xfb, 0x63, 0xf8, 0x0b,
+ 0x75, 0x75, 0x2c, 0x3a, 0xf1, 0xf2, 0x13, 0xa7, 0x2d, 0xb6, 0xa3, 0x1a,
0x9c, 0xad, 0x01, 0x07,
+ 0xd3, 0x34, 0x8e, 0x77, 0xe0, 0xc2, 0x6e, 0xae, 0x02, 0x5d, 0x48, 0x4f,
0xa4, 0xd2, 0x21, 0xb6,
+ 0x36, 0xfd, 0x2a, 0x35, 0x43, 0x7c, 0x6b, 0xdf, 0x80, 0x87, 0x0b, 0x15,
0xf0, 0x76, 0x32, 0x00,
+ 0xb4, 0xce, 0xb5, 0x67, 0xa4, 0x2f, 0x2f, 0x20, 0x1b, 0x9c, 0x54, 0x9e,
0x83, 0x3f, 0x1f, 0x5f,
+ 0x14, 0x95, 0x62, 0x82, 0x0f, 0x22, 0x41, 0x22, 0x1f, 0x70, 0xb3, 0xf3,
0xf7, 0x42, 0xde, 0x6c,
+ 0x51, 0xcd, 0x4b, 0xf8, 0x21, 0xac, 0x9b, 0x3b, 0x8c, 0xb1, 0xe5, 0xe6,
0x28, 0x8f, 0xce, 0x2a,
+ 0x8a, 0xf9, 0xaa, 0x52, 0x4d, 0x8c, 0x5b, 0x77, 0xba, 0x4d, 0x5a, 0x58,
0xdb, 0xbb, 0x6a, 0x04,
+ 0xcc, 0x52, 0x1e, 0x9d, 0xe2, 0x28, 0x37, 0x0e, 0xbb, 0xe7, 0x0e, 0x91,
0xc7, 0xf8, 0xdb, 0xf1,
+ 0x81, 0x98, 0xeb, 0xcd, 0x37, 0xb3, 0x0e, 0xab, 0x65, 0xd3, 0x62, 0xec,
0x3a, 0xa5, 0x76, 0xeb,
+ 0x13, 0xa8, 0x35, 0x93, 0xc9, 0x2e, 0x0a, 0x01, 0xec, 0xc0, 0xe8, 0xcc,
0x3d, 0x7e, 0xb6, 0xeb,
+ 0xe2, 0xc1, 0xec, 0xd3, 0x14, 0x92, 0x82, 0x66, 0x87, 0x50, 0xdc, 0xfd,
0x50, 0x97, 0xac, 0xb3,
+ 0x4a, 0x76, 0x73, 0x06, 0xc4, 0x86, 0x11, 0x3a, 0xb3, 0x5f, 0x43, 0x04,
0x52, 0x6f, 0xea, 0xb3,
+ 0xd0, 0x74, 0x36, 0x4c, 0xca, 0xf1, 0x1b, 0x79, 0x84, 0x37, 0x70, 0x63,
0xad, 0x74, 0xb9, 0xaa,
+ 0x0e, 0xf3, 0x98, 0xb0, 0x86, 0x08, 0xeb, 0xdb, 0xe0, 0x1f, 0x8c, 0x10,
0xf2, 0x39, 0x64, 0x9b,
+ 0xae, 0x4f, 0x0a, 0x2c, 0x92, 0x8a, 0x4f, 0x18, 0xb5, 0x91, 0xe5, 0x8d,
0x1a, 0x93, 0x5f, 0x1f,
+ 0xae, 0xf1, 0xa6, 0xf0, 0x2e, 0x97, 0xd0, 0xd2, 0xf6, 0x2b, 0x3c, 0x31,
0x82, 0x02, 0x61, 0x30,
+ 0x82, 0x02, 0x5d, 0x02, 0x01, 0x01, 0x30, 0x81, 0xaa, 0x30, 0x81, 0x95,
0x31, 0x0b, 0x30, 0x09,
+ 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b, 0x30,
0x09, 0x06, 0x03, 0x55,
+ 0x04, 0x08, 0x13, 0x02, 0x55, 0x54, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03,
0x55, 0x04, 0x07, 0x13,
+ 0x0e, 0x53, 0x61, 0x6c, 0x74, 0x20, 0x4c, 0x61, 0x6b, 0x65, 0x20, 0x43,
0x69, 0x74, 0x79, 0x31,
+ 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x54, 0x68,
0x65, 0x20, 0x55, 0x53,
+ 0x45, 0x52, 0x54, 0x52, 0x55, 0x53, 0x54, 0x20, 0x4e, 0x65, 0x74, 0x77,
0x6f, 0x72, 0x6b, 0x31,
+ 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x18, 0x68, 0x74,
0x74, 0x70, 0x3a, 0x2f,
+ 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x72, 0x75,
0x73, 0x74, 0x2e, 0x63,
+ 0x6f, 0x6d, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
0x14, 0x55, 0x54, 0x4e,
+ 0x2d, 0x55, 0x53, 0x45, 0x52, 0x46, 0x69, 0x72, 0x73, 0x74, 0x2d, 0x4f,
0x62, 0x6a, 0x65, 0x63,
+ 0x74, 0x02, 0x10, 0x47, 0x8a, 0x8e, 0xfb, 0x59, 0xe1, 0xd8, 0x3f, 0x0c,
0xe1, 0x42, 0xd2, 0xa2,
+ 0x87, 0x07, 0xbe, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a,
0x05, 0x00, 0xa0, 0x81,
+ 0x8c, 0x30, 0x1a, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
0x09, 0x03, 0x31, 0x0d,
+ 0x06, 0x0b, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01,
0x04, 0x30, 0x1c, 0x06,
+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x05, 0x31, 0x0f,
0x17, 0x0d, 0x31, 0x34,
+ 0x30, 0x37, 0x32, 0x38, 0x30, 0x38, 0x35, 0x30, 0x30, 0x33, 0x5a, 0x30,
0x23, 0x06, 0x09, 0x2a,
+ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x04, 0x31, 0x16, 0x04, 0x14,
0x7a, 0xad, 0x35, 0xdc,
+ 0x5b, 0xd6, 0x00, 0xd7, 0x44, 0xac, 0x80, 0x8f, 0x4f, 0xb6, 0xb4, 0x03,
0x62, 0x34, 0x53, 0xdc,
+ 0x30, 0x2b, 0x06, 0x0b, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09,
0x10, 0x02, 0x0c, 0x31,
+ 0x1c, 0x30, 0x1a, 0x30, 0x18, 0x30, 0x16, 0x04, 0x14, 0x3d, 0xbb, 0x6d,
0xb5, 0x08, 0x5c, 0x6d,
+ 0xd5, 0xa1, 0xca, 0x7f, 0x9c, 0xf8, 0x4e, 0xcb, 0x1a, 0x39, 0x10, 0xca,
0xc8, 0x30, 0x0d, 0x06,
+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00,
0x04, 0x82, 0x01, 0x00,
+ 0x73, 0x64, 0xb9, 0xa3, 0x54, 0x6f, 0x50, 0x97, 0x01, 0xa7, 0xf6, 0x0d,
0xb8, 0xce, 0x4b, 0xaa,
+ 0x43, 0xa2, 0x8f, 0xa3, 0xea, 0x93, 0xf2, 0xa3, 0xd0, 0x46, 0xde, 0xdd,
0x45, 0xe5, 0x94, 0x5a,
+ 0x45, 0xc2, 0x13, 0x1b, 0x90, 0x9b, 0xcf, 0x73, 0xcd, 0x28, 0x70, 0xf0,
0xf4, 0x54, 0xb5, 0x2d,
+ 0x31, 0xf9, 0xf3, 0x2d, 0x38, 0x78, 0xfe, 0x68, 0xea, 0x3c, 0xc0, 0xbe,
0x0b, 0x5a, 0x91, 0x49,
+ 0x63, 0xeb, 0x26, 0x32, 0x5b, 0x86, 0xcf, 0xe5, 0x8a, 0xa5, 0x9d, 0xe6,
0x4b, 0x57, 0x91, 0x8f,
+ 0x3c, 0xdc, 0xa6, 0x53, 0xd8, 0xdb, 0x8a, 0xfd, 0x3e, 0x7e, 0x19, 0x6f,
0x27, 0x72, 0x95, 0xc2,
+ 0x79, 0x73, 0xdf, 0xfb, 0x08, 0x5c, 0x5b, 0xc8, 0xb7, 0x94, 0x75, 0x88,
0x7a, 0x9a, 0x85, 0x9f,
+ 0x1b, 0xa3, 0x98, 0x30, 0x91, 0xee, 0xc0, 0x52, 0xd2, 0x75, 0x9c, 0xcb,
0x45, 0x0d, 0x94, 0x43,
+ 0x67, 0x7a, 0x49, 0x1c, 0xb1, 0x89, 0x9d, 0x6e, 0xfa, 0x87, 0xd2, 0x4d,
0x6e, 0x74, 0x90, 0xf5,
+ 0x80, 0x8c, 0x92, 0xda, 0xd9, 0xa1, 0x48, 0x20, 0x31, 0x02, 0x79, 0xde,
0xe3, 0xbd, 0x09, 0x04,
+ 0xa8, 0xd4, 0x99, 0xd7, 0x3b, 0xea, 0xf8, 0xdf, 0xb3, 0xb9, 0xd7, 0xa3,
0x36, 0xa1, 0xdb, 0xd3,
+ 0xec, 0x65, 0x8c, 0xb8, 0x8f, 0xfb, 0xd6, 0xef, 0x9c, 0x32, 0x3e, 0xab,
0x20, 0x74, 0xb9, 0x65,
+ 0x4c, 0xc6, 0x15, 0x2f, 0x31, 0x2a, 0x34, 0x3e, 0x84, 0x09, 0xb4, 0x75,
0xbc, 0xbe, 0xaf, 0xb3,
+ 0x9e, 0x85, 0xf1, 0xbb, 0x99, 0x1a, 0x07, 0xbd, 0x20, 0xa6, 0xed, 0xcf,
0xd1, 0xa6, 0x9a, 0x22,
+ 0xb2, 0x6d, 0x75, 0xf4, 0x23, 0x58, 0x13, 0x78, 0x73, 0x1a, 0xb2, 0x84,
0xde, 0xad, 0xe8, 0x6d,
+ 0xe6, 0xe7, 0x5c, 0xb6, 0xe6, 0x5b, 0x10, 0x37, 0x1f, 0xe3, 0x6e, 0xbd,
0x83, 0xd7, 0x51, 0xb1,
+ 0x00, 0x00, 0x00, 0x00, 0x0a
+ };
+
+//
+// The RFC3161 timestamping counterSignature retrieved from the above
AuthenticodeWithTS.
+//
+GLOBAL_REMOVE_IF_UNREFERENCED UINT8 TSCounterSignature[] = {
+ 0x30, 0x82, 0x08, 0x1c, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
0x01, 0x07, 0x02, 0xa0,
+ 0x82, 0x08, 0x0d, 0x30, 0x82, 0x08, 0x09, 0x02, 0x01, 0x03, 0x31, 0x0b,
0x30, 0x09, 0x06, 0x05,
+ 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x30, 0x81, 0xf6, 0x06, 0x0b,
0x2a, 0x86, 0x48, 0x86,
+ 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01, 0x04, 0xa0, 0x81, 0xe6, 0x04, 0x81,
0xe3, 0x30, 0x81, 0xe0,
+ 0x02, 0x01, 0x01, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xb2, 0x31,
0x02, 0x01, 0x01, 0x30,
+ 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00,
0x04, 0x14, 0xcd, 0x06,
+ 0xf0, 0xbd, 0x8b, 0xcd, 0x5c, 0x2e, 0x5a, 0x7c, 0x42, 0x56, 0x2c, 0x20,
0x4a, 0x15, 0xcb, 0x1d,
+ 0x8b, 0x0e, 0x02, 0x15, 0x00, 0xb6, 0xff, 0x47, 0x05, 0xb6, 0x2d, 0x15,
0xac, 0x3f, 0x5d, 0xd9,
+ 0xcf, 0x9d, 0x54, 0x35, 0x56, 0x7c, 0xc1, 0x6e, 0x8b, 0x18, 0x0f, 0x32,
0x30, 0x31, 0x34, 0x30,
+ 0x37, 0x32, 0x38, 0x30, 0x38, 0x35, 0x30, 0x30, 0x33, 0x5a, 0xa0, 0x81,
0x83, 0xa4, 0x81, 0x80,
+ 0x30, 0x7e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
0x02, 0x47, 0x42, 0x31,
+ 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x12, 0x47, 0x72,
0x65, 0x61, 0x74, 0x65,
+ 0x72, 0x20, 0x4d, 0x61, 0x6e, 0x63, 0x68, 0x65, 0x73, 0x74, 0x65, 0x72,
0x31, 0x10, 0x30, 0x0e,
+ 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x53, 0x61, 0x6c, 0x66, 0x6f,
0x72, 0x64, 0x31, 0x1a,
+ 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x11, 0x43, 0x4f, 0x4d,
0x4f, 0x44, 0x4f, 0x20,
+ 0x43, 0x41, 0x20, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x65, 0x64, 0x31, 0x24,
0x30, 0x22, 0x06, 0x03,
+ 0x55, 0x04, 0x03, 0x13, 0x1b, 0x43, 0x4f, 0x4d, 0x4f, 0x44, 0x4f, 0x20,
0x54, 0x69, 0x6d, 0x65,
+ 0x20, 0x53, 0x74, 0x61, 0x6d, 0x70, 0x69, 0x6e, 0x67, 0x20, 0x53, 0x69,
0x67, 0x6e, 0x65, 0x72,
+ 0xa0, 0x82, 0x04, 0x97, 0x30, 0x82, 0x04, 0x93, 0x30, 0x82, 0x03, 0x7b,
0xa0, 0x03, 0x02, 0x01,
+ 0x02, 0x02, 0x10, 0x47, 0x8a, 0x8e, 0xfb, 0x59, 0xe1, 0xd8, 0x3f, 0x0c,
0xe1, 0x42, 0xd2, 0xa2,
+ 0x87, 0x07, 0xbe, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x05,
+ 0x05, 0x00, 0x30, 0x81, 0x95, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
0x04, 0x06, 0x13, 0x02,
+ 0x55, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13,
0x02, 0x55, 0x54, 0x31,
+ 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x0e, 0x53, 0x61,
0x6c, 0x74, 0x20, 0x4c,
+ 0x61, 0x6b, 0x65, 0x20, 0x43, 0x69, 0x74, 0x79, 0x31, 0x1e, 0x30, 0x1c,
0x06, 0x03, 0x55, 0x04,
+ 0x0a, 0x13, 0x15, 0x54, 0x68, 0x65, 0x20, 0x55, 0x53, 0x45, 0x52, 0x54,
0x52, 0x55, 0x53, 0x54,
+ 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x21, 0x30, 0x1f,
0x06, 0x03, 0x55, 0x04,
+ 0x0b, 0x13, 0x18, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77,
0x77, 0x2e, 0x75, 0x73,
+ 0x65, 0x72, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x31,
0x1d, 0x30, 0x1b, 0x06,
+ 0x03, 0x55, 0x04, 0x03, 0x13, 0x14, 0x55, 0x54, 0x4e, 0x2d, 0x55, 0x53,
0x45, 0x52, 0x46, 0x69,
+ 0x72, 0x73, 0x74, 0x2d, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x30, 0x1e,
0x17, 0x0d, 0x31, 0x30,
+ 0x30, 0x35, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17,
0x0d, 0x31, 0x35, 0x30,
+ 0x35, 0x31, 0x30, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x7e,
0x31, 0x0b, 0x30, 0x09,
+ 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x1b, 0x30,
0x19, 0x06, 0x03, 0x55,
+ 0x04, 0x08, 0x13, 0x12, 0x47, 0x72, 0x65, 0x61, 0x74, 0x65, 0x72, 0x20,
0x4d, 0x61, 0x6e, 0x63,
+ 0x68, 0x65, 0x73, 0x74, 0x65, 0x72, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
0x55, 0x04, 0x07, 0x13,
+ 0x07, 0x53, 0x61, 0x6c, 0x66, 0x6f, 0x72, 0x64, 0x31, 0x1a, 0x30, 0x18,
0x06, 0x03, 0x55, 0x04,
+ 0x0a, 0x13, 0x11, 0x43, 0x4f, 0x4d, 0x4f, 0x44, 0x4f, 0x20, 0x43, 0x41,
0x20, 0x4c, 0x69, 0x6d,
+ 0x69, 0x74, 0x65, 0x64, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, 0x04,
0x03, 0x13, 0x1b, 0x43,
+ 0x4f, 0x4d, 0x4f, 0x44, 0x4f, 0x20, 0x54, 0x69, 0x6d, 0x65, 0x20, 0x53,
0x74, 0x61, 0x6d, 0x70,
+ 0x69, 0x6e, 0x67, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x65, 0x72, 0x30, 0x82,
0x01, 0x22, 0x30, 0x0d,
+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
0x00, 0x03, 0x82, 0x01,
+ 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbc,
0x35, 0xa0, 0x36, 0x70,
+ 0x22, 0x81, 0x11, 0xc3, 0xb2, 0x83, 0xb9, 0xd3, 0x28, 0xc6, 0x36, 0xcd,
0x25, 0x6b, 0xa9, 0x7b,
+ 0xb2, 0x1c, 0xf6, 0x9b, 0x51, 0x9c, 0xef, 0x35, 0xf4, 0xed, 0x08, 0x8e,
0x5e, 0x38, 0x08, 0xf8,
+ 0x77, 0x3c, 0x0a, 0x42, 0xe0, 0xf3, 0x70, 0xdc, 0xa3, 0xd7, 0xca, 0xf5,
0x4c, 0x0b, 0xcf, 0xff,
+ 0x22, 0x9c, 0x0a, 0x7e, 0x68, 0xd6, 0x09, 0xa2, 0x2a, 0x84, 0x7b, 0xa6,
0x9d, 0xb4, 0xa9, 0xc1,
+ 0x33, 0xe2, 0xef, 0x1f, 0x17, 0x48, 0xca, 0x3a, 0xcd, 0x46, 0xe6, 0xc5,
0xaa, 0x77, 0xbd, 0xe3,
+ 0x77, 0x9a, 0xfa, 0x47, 0x53, 0x40, 0x28, 0x59, 0x43, 0x93, 0xf1, 0xa4,
0x81, 0xea, 0xef, 0x80,
+ 0xb5, 0x4f, 0xa7, 0x08, 0xce, 0xba, 0x6e, 0xbc, 0xca, 0x76, 0x0c, 0x97,
0x64, 0x59, 0x86, 0x24,
+ 0xbb, 0x3d, 0x82, 0x90, 0xa8, 0x55, 0xb1, 0x92, 0xd3, 0xa0, 0xa7, 0x05,
0xac, 0x9f, 0x53, 0x25,
+ 0x08, 0x10, 0x47, 0x99, 0xcd, 0x98, 0xde, 0x68, 0xe5, 0xb4, 0x50, 0x78,
0xa3, 0xaf, 0x01, 0xcc,
+ 0x59, 0x43, 0x58, 0xe4, 0x76, 0x6e, 0x7e, 0xac, 0xc7, 0xe2, 0x9e, 0x1f,
0x4f, 0xb0, 0x47, 0x2d,
+ 0xc8, 0x0c, 0xa3, 0x49, 0x27, 0x80, 0x75, 0x8c, 0xbb, 0x06, 0x91, 0x65,
0x0f, 0x90, 0x9b, 0xf4,
+ 0xba, 0xd1, 0x81, 0xc8, 0x5c, 0x6a, 0xec, 0x14, 0xe9, 0x25, 0x09, 0xbf,
0x23, 0x16, 0xf4, 0x95,
+ 0x46, 0x40, 0x40, 0x21, 0xbb, 0x83, 0x96, 0xfd, 0x86, 0x1f, 0x7a, 0xc8,
0x0d, 0x10, 0x8e, 0xa2,
+ 0xf8, 0x19, 0x07, 0x58, 0x7f, 0x9f, 0xbd, 0x37, 0x02, 0x60, 0xf2, 0xa4,
0xe9, 0x9d, 0x44, 0x3f,
+ 0x30, 0x05, 0xe4, 0xa7, 0x70, 0x99, 0x51, 0x9a, 0xe8, 0x17, 0xf1, 0x55,
0xca, 0xb2, 0x61, 0x89,
+ 0x65, 0x46, 0xa7, 0x6a, 0xf2, 0x58, 0x46, 0x7e, 0xaa, 0xa0, 0x07, 0x02,
0x03, 0x01, 0x00, 0x01,
+ 0xa3, 0x81, 0xf4, 0x30, 0x81, 0xf1, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d,
0x23, 0x04, 0x18, 0x30,
+ 0x16, 0x80, 0x14, 0xda, 0xed, 0x64, 0x74, 0x14, 0x9c, 0x14, 0x3c, 0xab,
0xdd, 0x99, 0xa9, 0xbd,
+ 0x5b, 0x28, 0x4d, 0x8b, 0x3c, 0xc9, 0xd8, 0x30, 0x1d, 0x06, 0x03, 0x55,
0x1d, 0x0e, 0x04, 0x16,
+ 0x04, 0x14, 0x2e, 0x2d, 0xb0, 0x0a, 0x44, 0x4a, 0xd3, 0x87, 0xc0, 0x02,
0x07, 0xce, 0x97, 0x7d,
+ 0x50, 0x62, 0x20, 0xfd, 0x0f, 0x83, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d,
0x0f, 0x01, 0x01, 0xff,
+ 0x04, 0x04, 0x03, 0x02, 0x06, 0xc0, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d,
0x13, 0x01, 0x01, 0xff,
+ 0x04, 0x02, 0x30, 0x00, 0x30, 0x16, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01,
0x01, 0xff, 0x04, 0x0c,
+ 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08,
0x30, 0x42, 0x06, 0x03,
+ 0x55, 0x1d, 0x1f, 0x04, 0x3b, 0x30, 0x39, 0x30, 0x37, 0xa0, 0x35, 0xa0,
0x33, 0x86, 0x31, 0x68,
+ 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x75, 0x73,
0x65, 0x72, 0x74, 0x72,
+ 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x55, 0x54, 0x4e, 0x2d,
0x55, 0x53, 0x45, 0x52,
+ 0x46, 0x69, 0x72, 0x73, 0x74, 0x2d, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74,
0x2e, 0x63, 0x72, 0x6c,
+ 0x30, 0x35, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01,
0x04, 0x29, 0x30, 0x27,
+ 0x30, 0x25, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01,
0x86, 0x19, 0x68, 0x74,
+ 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x75, 0x73,
0x65, 0x72, 0x74, 0x72,
+ 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x0d, 0x06, 0x09, 0x2a,
0x86, 0x48, 0x86, 0xf7,
+ 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xc8,
0xfb, 0x63, 0xf8, 0x0b,
+ 0x75, 0x75, 0x2c, 0x3a, 0xf1, 0xf2, 0x13, 0xa7, 0x2d, 0xb6, 0xa3, 0x1a,
0x9c, 0xad, 0x01, 0x07,
+ 0xd3, 0x34, 0x8e, 0x77, 0xe0, 0xc2, 0x6e, 0xae, 0x02, 0x5d, 0x48, 0x4f,
0xa4, 0xd2, 0x21, 0xb6,
+ 0x36, 0xfd, 0x2a, 0x35, 0x43, 0x7c, 0x6b, 0xdf, 0x80, 0x87, 0x0b, 0x15,
0xf0, 0x76, 0x32, 0x00,
+ 0xb4, 0xce, 0xb5, 0x67, 0xa4, 0x2f, 0x2f, 0x20, 0x1b, 0x9c, 0x54, 0x9e,
0x83, 0x3f, 0x1f, 0x5f,
+ 0x14, 0x95, 0x62, 0x82, 0x0f, 0x22, 0x41, 0x22, 0x1f, 0x70, 0xb3, 0xf3,
0xf7, 0x42, 0xde, 0x6c,
+ 0x51, 0xcd, 0x4b, 0xf8, 0x21, 0xac, 0x9b, 0x3b, 0x8c, 0xb1, 0xe5, 0xe6,
0x28, 0x8f, 0xce, 0x2a,
+ 0x8a, 0xf9, 0xaa, 0x52, 0x4d, 0x8c, 0x5b, 0x77, 0xba, 0x4d, 0x5a, 0x58,
0xdb, 0xbb, 0x6a, 0x04,
+ 0xcc, 0x52, 0x1e, 0x9d, 0xe2, 0x28, 0x37, 0x0e, 0xbb, 0xe7, 0x0e, 0x91,
0xc7, 0xf8, 0xdb, 0xf1,
+ 0x81, 0x98, 0xeb, 0xcd, 0x37, 0xb3, 0x0e, 0xab, 0x65, 0xd3, 0x62, 0xec,
0x3a, 0xa5, 0x76, 0xeb,
+ 0x13, 0xa8, 0x35, 0x93, 0xc9, 0x2e, 0x0a, 0x01, 0xec, 0xc0, 0xe8, 0xcc,
0x3d, 0x7e, 0xb6, 0xeb,
+ 0xe2, 0xc1, 0xec, 0xd3, 0x14, 0x92, 0x82, 0x66, 0x87, 0x50, 0xdc, 0xfd,
0x50, 0x97, 0xac, 0xb3,
+ 0x4a, 0x76, 0x73, 0x06, 0xc4, 0x86, 0x11, 0x3a, 0xb3, 0x5f, 0x43, 0x04,
0x52, 0x6f, 0xea, 0xb3,
+ 0xd0, 0x74, 0x36, 0x4c, 0xca, 0xf1, 0x1b, 0x79, 0x84, 0x37, 0x70, 0x63,
0xad, 0x74, 0xb9, 0xaa,
+ 0x0e, 0xf3, 0x98, 0xb0, 0x86, 0x08, 0xeb, 0xdb, 0xe0, 0x1f, 0x8c, 0x10,
0xf2, 0x39, 0x64, 0x9b,
+ 0xae, 0x4f, 0x0a, 0x2c, 0x92, 0x8a, 0x4f, 0x18, 0xb5, 0x91, 0xe5, 0x8d,
0x1a, 0x93, 0x5f, 0x1f,
+ 0xae, 0xf1, 0xa6, 0xf0, 0x2e, 0x97, 0xd0, 0xd2, 0xf6, 0x2b, 0x3c, 0x31,
0x82, 0x02, 0x61, 0x30,
+ 0x82, 0x02, 0x5d, 0x02, 0x01, 0x01, 0x30, 0x81, 0xaa, 0x30, 0x81, 0x95,
0x31, 0x0b, 0x30, 0x09,
+ 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b, 0x30,
0x09, 0x06, 0x03, 0x55,
+ 0x04, 0x08, 0x13, 0x02, 0x55, 0x54, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03,
0x55, 0x04, 0x07, 0x13,
+ 0x0e, 0x53, 0x61, 0x6c, 0x74, 0x20, 0x4c, 0x61, 0x6b, 0x65, 0x20, 0x43,
0x69, 0x74, 0x79, 0x31,
+ 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x54, 0x68,
0x65, 0x20, 0x55, 0x53,
+ 0x45, 0x52, 0x54, 0x52, 0x55, 0x53, 0x54, 0x20, 0x4e, 0x65, 0x74, 0x77,
0x6f, 0x72, 0x6b, 0x31,
+ 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x18, 0x68, 0x74,
0x74, 0x70, 0x3a, 0x2f,
+ 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x72, 0x75,
0x73, 0x74, 0x2e, 0x63,
+ 0x6f, 0x6d, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
0x14, 0x55, 0x54, 0x4e,
+ 0x2d, 0x55, 0x53, 0x45, 0x52, 0x46, 0x69, 0x72, 0x73, 0x74, 0x2d, 0x4f,
0x62, 0x6a, 0x65, 0x63,
+ 0x74, 0x02, 0x10, 0x47, 0x8a, 0x8e, 0xfb, 0x59, 0xe1, 0xd8, 0x3f, 0x0c,
0xe1, 0x42, 0xd2, 0xa2,
+ 0x87, 0x07, 0xbe, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a,
0x05, 0x00, 0xa0, 0x81,
+ 0x8c, 0x30, 0x1a, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
0x09, 0x03, 0x31, 0x0d,
+ 0x06, 0x0b, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x10, 0x01,
0x04, 0x30, 0x1c, 0x06,
+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x05, 0x31, 0x0f,
0x17, 0x0d, 0x31, 0x34,
+ 0x30, 0x37, 0x32, 0x38, 0x30, 0x38, 0x35, 0x30, 0x30, 0x33, 0x5a, 0x30,
0x23, 0x06, 0x09, 0x2a,
+ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x04, 0x31, 0x16, 0x04, 0x14,
0x7a, 0xad, 0x35, 0xdc,
+ 0x5b, 0xd6, 0x00, 0xd7, 0x44, 0xac, 0x80, 0x8f, 0x4f, 0xb6, 0xb4, 0x03,
0x62, 0x34, 0x53, 0xdc,
+ 0x30, 0x2b, 0x06, 0x0b, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09,
0x10, 0x02, 0x0c, 0x31,
+ 0x1c, 0x30, 0x1a, 0x30, 0x18, 0x30, 0x16, 0x04, 0x14, 0x3d, 0xbb, 0x6d,
0xb5, 0x08, 0x5c, 0x6d,
+ 0xd5, 0xa1, 0xca, 0x7f, 0x9c, 0xf8, 0x4e, 0xcb, 0x1a, 0x39, 0x10, 0xca,
0xc8, 0x30, 0x0d, 0x06,
+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00,
0x04, 0x82, 0x01, 0x00,
+ 0x73, 0x64, 0xb9, 0xa3, 0x54, 0x6f, 0x50, 0x97, 0x01, 0xa7, 0xf6, 0x0d,
0xb8, 0xce, 0x4b, 0xaa,
+ 0x43, 0xa2, 0x8f, 0xa3, 0xea, 0x93, 0xf2, 0xa3, 0xd0, 0x46, 0xde, 0xdd,
0x45, 0xe5, 0x94, 0x5a,
+ 0x45, 0xc2, 0x13, 0x1b, 0x90, 0x9b, 0xcf, 0x73, 0xcd, 0x28, 0x70, 0xf0,
0xf4, 0x54, 0xb5, 0x2d,
+ 0x31, 0xf9, 0xf3, 0x2d, 0x38, 0x78, 0xfe, 0x68, 0xea, 0x3c, 0xc0, 0xbe,
0x0b, 0x5a, 0x91, 0x49,
+ 0x63, 0xeb, 0x26, 0x32, 0x5b, 0x86, 0xcf, 0xe5, 0x8a, 0xa5, 0x9d, 0xe6,
0x4b, 0x57, 0x91, 0x8f,
+ 0x3c, 0xdc, 0xa6, 0x53, 0xd8, 0xdb, 0x8a, 0xfd, 0x3e, 0x7e, 0x19, 0x6f,
0x27, 0x72, 0x95, 0xc2,
+ 0x79, 0x73, 0xdf, 0xfb, 0x08, 0x5c, 0x5b, 0xc8, 0xb7, 0x94, 0x75, 0x88,
0x7a, 0x9a, 0x85, 0x9f,
+ 0x1b, 0xa3, 0x98, 0x30, 0x91, 0xee, 0xc0, 0x52, 0xd2, 0x75, 0x9c, 0xcb,
0x45, 0x0d, 0x94, 0x43,
+ 0x67, 0x7a, 0x49, 0x1c, 0xb1, 0x89, 0x9d, 0x6e, 0xfa, 0x87, 0xd2, 0x4d,
0x6e, 0x74, 0x90, 0xf5,
+ 0x80, 0x8c, 0x92, 0xda, 0xd9, 0xa1, 0x48, 0x20, 0x31, 0x02, 0x79, 0xde,
0xe3, 0xbd, 0x09, 0x04,
+ 0xa8, 0xd4, 0x99, 0xd7, 0x3b, 0xea, 0xf8, 0xdf, 0xb3, 0xb9, 0xd7, 0xa3,
0x36, 0xa1, 0xdb, 0xd3,
+ 0xec, 0x65, 0x8c, 0xb8, 0x8f, 0xfb, 0xd6, 0xef, 0x9c, 0x32, 0x3e, 0xab,
0x20, 0x74, 0xb9, 0x65,
+ 0x4c, 0xc6, 0x15, 0x2f, 0x31, 0x2a, 0x34, 0x3e, 0x84, 0x09, 0xb4, 0x75,
0xbc, 0xbe, 0xaf, 0xb3,
+ 0x9e, 0x85, 0xf1, 0xbb, 0x99, 0x1a, 0x07, 0xbd, 0x20, 0xa6, 0xed, 0xcf,
0xd1, 0xa6, 0x9a, 0x22,
+ 0xb2, 0x6d, 0x75, 0xf4, 0x23, 0x58, 0x13, 0x78, 0x73, 0x1a, 0xb2, 0x84,
0xde, 0xad, 0xe8, 0x6d,
+ 0xe6, 0xe7, 0x5c, 0xb6, 0xe6, 0x5b, 0x10, 0x37, 0x1f, 0xe3, 0x6e, 0xbd,
0x83, 0xd7, 0x51, 0xb1,
+ 0x00, 0x00, 0x00, 0x00, 0x0a
+ };
+
+//
+// The Comodo Time Stamping Signer Certificate Used for the verification of
TimeStamp signature.
+//
+GLOBAL_REMOVE_IF_UNREFERENCED UINT8 TSTrustedCert[] = {
+ 0x30, 0x82, 0x04, 0x93, 0x30, 0x82, 0x03, 0x7b, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x10, 0x47,
+ 0x8a, 0x8e, 0xfb, 0x59, 0xe1, 0xd8, 0x3f, 0x0c, 0xe1, 0x42, 0xd2, 0xa2,
0x87, 0x07, 0xbe, 0x30,
+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05,
0x05, 0x00, 0x30, 0x81,
+ 0x95, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
0x55, 0x53, 0x31, 0x0b,
+ 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x02, 0x55, 0x54, 0x31,
0x17, 0x30, 0x15, 0x06,
+ 0x03, 0x55, 0x04, 0x07, 0x13, 0x0e, 0x53, 0x61, 0x6c, 0x74, 0x20, 0x4c,
0x61, 0x6b, 0x65, 0x20,
+ 0x43, 0x69, 0x74, 0x79, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04,
0x0a, 0x13, 0x15, 0x54,
+ 0x68, 0x65, 0x20, 0x55, 0x53, 0x45, 0x52, 0x54, 0x52, 0x55, 0x53, 0x54,
0x20, 0x4e, 0x65, 0x74,
+ 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04,
0x0b, 0x13, 0x18, 0x68,
+ 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x75, 0x73,
0x65, 0x72, 0x74, 0x72,
+ 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1d, 0x30, 0x1b, 0x06,
0x03, 0x55, 0x04, 0x03,
+ 0x13, 0x14, 0x55, 0x54, 0x4e, 0x2d, 0x55, 0x53, 0x45, 0x52, 0x46, 0x69,
0x72, 0x73, 0x74, 0x2d,
+ 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x30,
0x30, 0x35, 0x31, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x31, 0x35, 0x30,
0x35, 0x31, 0x30, 0x32,
+ 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x7e, 0x31, 0x0b, 0x30, 0x09,
0x06, 0x03, 0x55, 0x04,
+ 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55,
0x04, 0x08, 0x13, 0x12,
+ 0x47, 0x72, 0x65, 0x61, 0x74, 0x65, 0x72, 0x20, 0x4d, 0x61, 0x6e, 0x63,
0x68, 0x65, 0x73, 0x74,
+ 0x65, 0x72, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13,
0x07, 0x53, 0x61, 0x6c,
+ 0x66, 0x6f, 0x72, 0x64, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04,
0x0a, 0x13, 0x11, 0x43,
+ 0x4f, 0x4d, 0x4f, 0x44, 0x4f, 0x20, 0x43, 0x41, 0x20, 0x4c, 0x69, 0x6d,
0x69, 0x74, 0x65, 0x64,
+ 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1b, 0x43,
0x4f, 0x4d, 0x4f, 0x44,
+ 0x4f, 0x20, 0x54, 0x69, 0x6d, 0x65, 0x20, 0x53, 0x74, 0x61, 0x6d, 0x70,
0x69, 0x6e, 0x67, 0x20,
+ 0x53, 0x69, 0x67, 0x6e, 0x65, 0x72, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d,
0x06, 0x09, 0x2a, 0x86,
+ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01,
0x0f, 0x00, 0x30, 0x82,
+ 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbc, 0x35, 0xa0, 0x36, 0x70,
0x22, 0x81, 0x11, 0xc3,
+ 0xb2, 0x83, 0xb9, 0xd3, 0x28, 0xc6, 0x36, 0xcd, 0x25, 0x6b, 0xa9, 0x7b,
0xb2, 0x1c, 0xf6, 0x9b,
+ 0x51, 0x9c, 0xef, 0x35, 0xf4, 0xed, 0x08, 0x8e, 0x5e, 0x38, 0x08, 0xf8,
0x77, 0x3c, 0x0a, 0x42,
+ 0xe0, 0xf3, 0x70, 0xdc, 0xa3, 0xd7, 0xca, 0xf5, 0x4c, 0x0b, 0xcf, 0xff,
0x22, 0x9c, 0x0a, 0x7e,
+ 0x68, 0xd6, 0x09, 0xa2, 0x2a, 0x84, 0x7b, 0xa6, 0x9d, 0xb4, 0xa9, 0xc1,
0x33, 0xe2, 0xef, 0x1f,
+ 0x17, 0x48, 0xca, 0x3a, 0xcd, 0x46, 0xe6, 0xc5, 0xaa, 0x77, 0xbd, 0xe3,
0x77, 0x9a, 0xfa, 0x47,
+ 0x53, 0x40, 0x28, 0x59, 0x43, 0x93, 0xf1, 0xa4, 0x81, 0xea, 0xef, 0x80,
0xb5, 0x4f, 0xa7, 0x08,
+ 0xce, 0xba, 0x6e, 0xbc, 0xca, 0x76, 0x0c, 0x97, 0x64, 0x59, 0x86, 0x24,
0xbb, 0x3d, 0x82, 0x90,
+ 0xa8, 0x55, 0xb1, 0x92, 0xd3, 0xa0, 0xa7, 0x05, 0xac, 0x9f, 0x53, 0x25,
0x08, 0x10, 0x47, 0x99,
+ 0xcd, 0x98, 0xde, 0x68, 0xe5, 0xb4, 0x50, 0x78, 0xa3, 0xaf, 0x01, 0xcc,
0x59, 0x43, 0x58, 0xe4,
+ 0x76, 0x6e, 0x7e, 0xac, 0xc7, 0xe2, 0x9e, 0x1f, 0x4f, 0xb0, 0x47, 0x2d,
0xc8, 0x0c, 0xa3, 0x49,
+ 0x27, 0x80, 0x75, 0x8c, 0xbb, 0x06, 0x91, 0x65, 0x0f, 0x90, 0x9b, 0xf4,
0xba, 0xd1, 0x81, 0xc8,
+ 0x5c, 0x6a, 0xec, 0x14, 0xe9, 0x25, 0x09, 0xbf, 0x23, 0x16, 0xf4, 0x95,
0x46, 0x40, 0x40, 0x21,
+ 0xbb, 0x83, 0x96, 0xfd, 0x86, 0x1f, 0x7a, 0xc8, 0x0d, 0x10, 0x8e, 0xa2,
0xf8, 0x19, 0x07, 0x58,
+ 0x7f, 0x9f, 0xbd, 0x37, 0x02, 0x60, 0xf2, 0xa4, 0xe9, 0x9d, 0x44, 0x3f,
0x30, 0x05, 0xe4, 0xa7,
+ 0x70, 0x99, 0x51, 0x9a, 0xe8, 0x17, 0xf1, 0x55, 0xca, 0xb2, 0x61, 0x89,
0x65, 0x46, 0xa7, 0x6a,
+ 0xf2, 0x58, 0x46, 0x7e, 0xaa, 0xa0, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
0xa3, 0x81, 0xf4, 0x30,
+ 0x81, 0xf1, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,
0x16, 0x80, 0x14, 0xda,
+ 0xed, 0x64, 0x74, 0x14, 0x9c, 0x14, 0x3c, 0xab, 0xdd, 0x99, 0xa9, 0xbd,
0x5b, 0x28, 0x4d, 0x8b,
+ 0x3c, 0xc9, 0xd8, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16,
0x04, 0x14, 0x2e, 0x2d,
+ 0xb0, 0x0a, 0x44, 0x4a, 0xd3, 0x87, 0xc0, 0x02, 0x07, 0xce, 0x97, 0x7d,
0x50, 0x62, 0x20, 0xfd,
+ 0x0f, 0x83, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff,
0x04, 0x04, 0x03, 0x02,
+ 0x06, 0xc0, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
0x04, 0x02, 0x30, 0x00,
+ 0x30, 0x16, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x0c,
0x30, 0x0a, 0x06, 0x08,
+ 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08, 0x30, 0x42, 0x06, 0x03,
0x55, 0x1d, 0x1f, 0x04,
+ 0x3b, 0x30, 0x39, 0x30, 0x37, 0xa0, 0x35, 0xa0, 0x33, 0x86, 0x31, 0x68,
0x74, 0x74, 0x70, 0x3a,
+ 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x72,
0x75, 0x73, 0x74, 0x2e,
+ 0x63, 0x6f, 0x6d, 0x2f, 0x55, 0x54, 0x4e, 0x2d, 0x55, 0x53, 0x45, 0x52,
0x46, 0x69, 0x72, 0x73,
+ 0x74, 0x2d, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x2e, 0x63, 0x72, 0x6c,
0x30, 0x35, 0x06, 0x08,
+ 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x29, 0x30, 0x27,
0x30, 0x25, 0x06, 0x08,
+ 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x19, 0x68, 0x74,
0x74, 0x70, 0x3a, 0x2f,
+ 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x72,
0x75, 0x73, 0x74, 0x2e,
+ 0x63, 0x6f, 0x6d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x05,
+ 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xc8, 0xfb, 0x63, 0xf8, 0x0b,
0x75, 0x75, 0x2c, 0x3a,
+ 0xf1, 0xf2, 0x13, 0xa7, 0x2d, 0xb6, 0xa3, 0x1a, 0x9c, 0xad, 0x01, 0x07,
0xd3, 0x34, 0x8e, 0x77,
+ 0xe0, 0xc2, 0x6e, 0xae, 0x02, 0x5d, 0x48, 0x4f, 0xa4, 0xd2, 0x21, 0xb6,
0x36, 0xfd, 0x2a, 0x35,
+ 0x43, 0x7c, 0x6b, 0xdf, 0x80, 0x87, 0x0b, 0x15, 0xf0, 0x76, 0x32, 0x00,
0xb4, 0xce, 0xb5, 0x67,
+ 0xa4, 0x2f, 0x2f, 0x20, 0x1b, 0x9c, 0x54, 0x9e, 0x83, 0x3f, 0x1f, 0x5f,
0x14, 0x95, 0x62, 0x82,
+ 0x0f, 0x22, 0x41, 0x22, 0x1f, 0x70, 0xb3, 0xf3, 0xf7, 0x42, 0xde, 0x6c,
0x51, 0xcd, 0x4b, 0xf8,
+ 0x21, 0xac, 0x9b, 0x3b, 0x8c, 0xb1, 0xe5, 0xe6, 0x28, 0x8f, 0xce, 0x2a,
0x8a, 0xf9, 0xaa, 0x52,
+ 0x4d, 0x8c, 0x5b, 0x77, 0xba, 0x4d, 0x5a, 0x58, 0xdb, 0xbb, 0x6a, 0x04,
0xcc, 0x52, 0x1e, 0x9d,
+ 0xe2, 0x28, 0x37, 0x0e, 0xbb, 0xe7, 0x0e, 0x91, 0xc7, 0xf8, 0xdb, 0xf1,
0x81, 0x98, 0xeb, 0xcd,
+ 0x37, 0xb3, 0x0e, 0xab, 0x65, 0xd3, 0x62, 0xec, 0x3a, 0xa5, 0x76, 0xeb,
0x13, 0xa8, 0x35, 0x93,
+ 0xc9, 0x2e, 0x0a, 0x01, 0xec, 0xc0, 0xe8, 0xcc, 0x3d, 0x7e, 0xb6, 0xeb,
0xe2, 0xc1, 0xec, 0xd3,
+ 0x14, 0x92, 0x82, 0x66, 0x87, 0x50, 0xdc, 0xfd, 0x50, 0x97, 0xac, 0xb3,
0x4a, 0x76, 0x73, 0x06,
+ 0xc4, 0x86, 0x11, 0x3a, 0xb3, 0x5f, 0x43, 0x04, 0x52, 0x6f, 0xea, 0xb3,
0xd0, 0x74, 0x36, 0x4c,
+ 0xca, 0xf1, 0x1b, 0x79, 0x84, 0x37, 0x70, 0x63, 0xad, 0x74, 0xb9, 0xaa,
0x0e, 0xf3, 0x98, 0xb0,
+ 0x86, 0x08, 0xeb, 0xdb, 0xe0, 0x1f, 0x8c, 0x10, 0xf2, 0x39, 0x64, 0x9b,
0xae, 0x4f, 0x0a, 0x2c,
+ 0x92, 0x8a, 0x4f, 0x18, 0xb5, 0x91, 0xe5, 0x8d, 0x1a, 0x93, 0x5f, 0x1f,
0xae, 0xf1, 0xa6, 0xf0,
+ 0x2e, 0x97, 0xd0, 0xd2, 0xf6, 0x2b, 0x3c, 0x0a
+ };
+
+/**
+ Validate MSFT Authenticode & Timestamping CounterSignature.
+
+ @retval TRUE Validation succeeded.
+ @retval FALSE Validation failed.
+
+**/
+BOOLEAN
+VerifyTSCounterSignature (
+ VOID
+ )
+{
+ BOOLEAN Status;
+ EFI_TIME SigningTime;
+
+ Status = FALSE;
+
+ Print (L"\n- Verify RFC3161 TimeStamp CounterSignature in PE/COFF
Authenticode ... ");
+ //
+ // Verify RFC3161 Timestamp CounterSignature.
+ //
+ Status = ImageTimestampVerify (
+ AuthenticodeWithTS,
+ sizeof (AuthenticodeWithTS),
+ TSTrustedCert,
+ sizeof (TSTrustedCert),
+ &SigningTime
+ );
+ if (Status) {
+ Print (L"[Pass]\n");
+ Print (L" --> The PE/COFF was signed at <%t>", &SigningTime);
+ } else {
+ Print (L"[Fail]");
+ }
+
+ return Status;
+}
+
+/**
+ Validate UEFI-OpenSSL RFC3161 Timestamp CounterSignature Verification
Interfaces.
+
+ @retval EFI_SUCCESS Validation succeeded.
+ @retval EFI_ABORTED Validation failed.
+
+**/
+EFI_STATUS
+ValidateTSCounterSignature (
+ VOID
+ )
+{
+ BOOLEAN Status;
+
+ Print (L"\nUEFI-OpenSSL RFC3161 Timestamp Signature Testing: ");
+
+ Status = VerifyTSCounterSignature ();
+
+ Print (L"\n");
+
+ if (Status) {
+ return EFI_SUCCESS;
+ } else {
+ return EFI_ABORTED;
+ }
+}
Modified: trunk/edk2/CryptoPkg/Include/Library/BaseCryptLib.h
===================================================================
--- trunk/edk2/CryptoPkg/Include/Library/BaseCryptLib.h 2014-11-12 08:26:03 UTC
(rev 16338)
+++ trunk/edk2/CryptoPkg/Include/Library/BaseCryptLib.h 2014-11-12 08:51:45 UTC
(rev 16339)
@@ -4,7 +4,7 @@
primitives (Hash Serials, HMAC, RSA, Diffie-Hellman, etc) for UEFI security
functionality enabling.
-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -39,6 +39,16 @@
#define SHA256_DIGEST_SIZE 32
///
+/// SHA-384 digest size in bytes
+///
+#define SHA384_DIGEST_SIZE 48
+
+///
+/// SHA-512 digest size in bytes
+///
+#define SHA512_DIGEST_SIZE 64
+
+///
/// TDES block size in bytes
///
#define TDES_BLOCK_SIZE 8
@@ -513,7 +523,216 @@
OUT UINT8 *HashValue
);
+/**
+ Retrieves the size, in bytes, of the context buffer required for SHA-384
hash operations.
+ @return The size, in bytes, of the context buffer required for SHA-384 hash
operations.
+
+**/
+UINTN
+EFIAPI
+Sha384GetContextSize (
+ VOID
+ );
+
+/**
+ Initializes user-supplied memory pointed by Sha384Context as SHA-384 hash
context for
+ subsequent use.
+
+ If Sha384Context is NULL, then return FALSE.
+
+ @param[out] Sha384Context Pointer to SHA-384 context being initialized.
+
+ @retval TRUE SHA-384 context initialization succeeded.
+ @retval FALSE SHA-384 context initialization failed.
+
+**/
+BOOLEAN
+EFIAPI
+Sha384Init (
+ OUT VOID *Sha384Context
+ );
+
+/**
+ Makes a copy of an existing SHA-384 context.
+
+ If Sha384Context is NULL, then return FALSE.
+ If NewSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Sha384Context Pointer to SHA-384 context being copied.
+ @param[out] NewSha384Context Pointer to new SHA-384 context.
+
+ @retval TRUE SHA-384 context copy succeeded.
+ @retval FALSE SHA-384 context copy failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Sha384Duplicate (
+ IN CONST VOID *Sha384Context,
+ OUT VOID *NewSha384Context
+ );
+
+/**
+ Digests the input data and updates SHA-384 context.
+
+ This function performs SHA-384 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or
discontinuous data streams.
+ SHA-384 context should be already correctly intialized by Sha384Init(), and
should not be finalized
+ by Sha384Final(). Behavior with invalid context is undefined.
+
+ If Sha384Context is NULL, then return FALSE.
+
+ @param[in, out] Sha384Context Pointer to the SHA-384 context.
+ @param[in] Data Pointer to the buffer containing the data to
be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE SHA-384 data digest succeeded.
+ @retval FALSE SHA-384 data digest failed.
+
+**/
+BOOLEAN
+EFIAPI
+Sha384Update (
+ IN OUT VOID *Sha384Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Completes computation of the SHA-384 digest value.
+
+ This function completes SHA-384 hash computation and retrieves the digest
value into
+ the specified memory. After this function has been called, the SHA-384
context cannot
+ be used again.
+ SHA-384 context should be already correctly intialized by Sha384Init(), and
should not be
+ finalized by Sha384Final(). Behavior with invalid SHA-384 context is
undefined.
+
+ If Sha384Context is NULL, then return FALSE.
+ If HashValue is NULL, then return FALSE.
+
+ @param[in, out] Sha384Context Pointer to the SHA-384 context.
+ @param[out] HashValue Pointer to a buffer that receives the
SHA-384 digest
+ value (48 bytes).
+
+ @retval TRUE SHA-384 digest computation succeeded.
+ @retval FALSE SHA-384 digest computation failed.
+
+**/
+BOOLEAN
+EFIAPI
+Sha384Final (
+ IN OUT VOID *Sha384Context,
+ OUT UINT8 *HashValue
+ );
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for SHA-512
hash operations.
+
+ @return The size, in bytes, of the context buffer required for SHA-512 hash
operations.
+
+**/
+UINTN
+EFIAPI
+Sha512GetContextSize (
+ VOID
+ );
+
+/**
+ Initializes user-supplied memory pointed by Sha512Context as SHA-512 hash
context for
+ subsequent use.
+
+ If Sha512Context is NULL, then return FALSE.
+
+ @param[out] Sha512Context Pointer to SHA-512 context being initialized.
+
+ @retval TRUE SHA-512 context initialization succeeded.
+ @retval FALSE SHA-512 context initialization failed.
+
+**/
+BOOLEAN
+EFIAPI
+Sha512Init (
+ OUT VOID *Sha512Context
+ );
+
+/**
+ Makes a copy of an existing SHA-512 context.
+
+ If Sha512Context is NULL, then return FALSE.
+ If NewSha512Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Sha512Context Pointer to SHA-512 context being copied.
+ @param[out] NewSha512Context Pointer to new SHA-512 context.
+
+ @retval TRUE SHA-512 context copy succeeded.
+ @retval FALSE SHA-512 context copy failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Sha512Duplicate (
+ IN CONST VOID *Sha512Context,
+ OUT VOID *NewSha512Context
+ );
+
+/**
+ Digests the input data and updates SHA-512 context.
+
+ This function performs SHA-512 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or
discontinuous data streams.
+ SHA-512 context should be already correctly intialized by Sha512Init(), and
should not be finalized
+ by Sha512Final(). Behavior with invalid context is undefined.
+
+ If Sha512Context is NULL, then return FALSE.
+
+ @param[in, out] Sha512Context Pointer to the SHA-512 context.
+ @param[in] Data Pointer to the buffer containing the data to
be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE SHA-512 data digest succeeded.
+ @retval FALSE SHA-512 data digest failed.
+
+**/
+BOOLEAN
+EFIAPI
+Sha512Update (
+ IN OUT VOID *Sha512Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Completes computation of the SHA-512 digest value.
+
+ This function completes SHA-512 hash computation and retrieves the digest
value into
+ the specified memory. After this function has been called, the SHA-512
context cannot
+ be used again.
+ SHA-512 context should be already correctly intialized by Sha512Init(), and
should not be
+ finalized by Sha512Final(). Behavior with invalid SHA-512 context is
undefined.
+
+ If Sha512Context is NULL, then return FALSE.
+ If HashValue is NULL, then return FALSE.
+
+ @param[in, out] Sha512Context Pointer to the SHA-512 context.
+ @param[out] HashValue Pointer to a buffer that receives the
SHA-512 digest
+ value (64 bytes).
+
+ @retval TRUE SHA-512 digest computation succeeded.
+ @retval FALSE SHA-512 digest computation failed.
+
+**/
+BOOLEAN
+EFIAPI
+Sha512Final (
+ IN OUT VOID *Sha512Context,
+ OUT UINT8 *HashValue
+ );
+
//=====================================================================================
// MAC (Message Authentication Code) Primitive
//=====================================================================================
@@ -754,7 +973,6 @@
OUT UINT8 *HmacValue
);
-
//=====================================================================================
// Symmetric Cryptography Primitive
//=====================================================================================
@@ -1395,7 +1613,7 @@
@param[in, out] RsaContext Pointer to RSA context being set.
@param[in] ModulusLength Length of RSA modulus N in bits.
@param[in] PublicExponent Pointer to RSA public exponent.
- @param[in] PublicExponentSize Size of RSA public exponent buffer in
bytes.
+ @param[in] PublicExponentSize Size of RSA public exponent buffer in
bytes.
@retval TRUE RSA key component was generated successfully.
@retval FALSE Invalid RSA key component tag.
@@ -1519,7 +1737,6 @@
@retval TRUE RSA Private Key was retrieved successfully.
@retval FALSE Invalid PEM key data or incorrect password.
@retval FALSE This interface is not supported.
-
**/
BOOLEAN
@@ -1648,7 +1865,7 @@
@param ... A list of DER-encoded single certificate data
followed
by certificate size. A NULL terminates the list.
The
pairs are the arguments to
X509ConstructCertificate().
-
+
@retval TRUE The X509 stack construction succeeded.
@retval FALSE The construction operation failed.
@retval FALSE This interface is not supported.
@@ -1658,7 +1875,7 @@
EFIAPI
X509ConstructCertificateStack (
IN OUT UINT8 **X509Stack,
- ...
+ ...
);
/**
@@ -1845,6 +2062,35 @@
IN UINTN HashSize
);
+/**
+ Verifies the validility of a RFC3161 Timestamp CounterSignature embedded in
PE/COFF Authenticode
+ signature.
+
+ If AuthData is NULL, then return FALSE.
+
+ @param[in] AuthData Pointer to the Authenticode Signature retrieved
from signed
+ PE/COFF image to be verified.
+ @param[in] DataSize Size of the Authenticode Signature in bytes.
+ @param[in] TsaCert Pointer to a trusted/root TSA certificate encoded
in DER, which
+ is used for TSA certificate chain verification.
+ @param[in] CertSize Size of the trusted certificate in bytes.
+ @param[out] SigningTime Return the time of timestamp generation time if the
timestamp
+ signature is valid.
+
+ @retval TRUE The specified Authenticode includes a valid RFC3161
Timestamp CounterSignature.
+ @retval FALSE No valid RFC3161 Timestamp CounterSignature in the specified
Authenticode data.
+
+**/
+BOOLEAN
+EFIAPI
+ImageTimestampVerify (
+ IN CONST UINT8 *AuthData,
+ IN UINTN DataSize,
+ IN CONST UINT8 *TsaCert,
+ IN UINTN CertSize,
+ OUT EFI_TIME *SigningTime
+ );
+
//=====================================================================================
// DH Key Exchange Primitive
//=====================================================================================
@@ -1882,7 +2128,7 @@
Given generator g, and length of prime number p in bits, this function
generates p,
and sets DH context according to value of g and p.
-
+
Before this function can be invoked, pseudorandom number generator must be
correctly
initialized by RandomSeed().
@@ -1945,7 +2191,7 @@
/**
Generates DH public key.
- This function generates random secret exponent, and computes the public key,
which is
+ This function generates random secret exponent, and computes the public key,
which is
returned via parameter PublicKey and PublicKeySize. DH context is updated
accordingly.
If the PublicKey buffer is too small to hold the public key, FALSE is
returned and
PublicKeySize is set to the required buffer size to obtain the public key.
@@ -2060,4 +2306,4 @@
IN UINTN Size
);
-#endif // __BASE_CRYPT_LIB_H__
+#endif // __BASE_CRYPT_LIB_H__
\ No newline at end of file
Modified: trunk/edk2/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
===================================================================
--- trunk/edk2/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf 2014-11-12
08:26:03 UTC (rev 16338)
+++ trunk/edk2/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf 2014-11-12
08:51:45 UTC (rev 16339)
@@ -3,7 +3,7 @@
#
# Caution: This module requires additional review when modified.
# This library will have external input - signature.
-# This external input must be validated carefully to avoid security issues
such as
+# This external input must be validated carefully to avoid security issues
such as
# buffer overflow or integer overflow.
#
# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
@@ -11,10 +11,10 @@
# are licensed and made available under the terms and conditions of the BSD
License
# which accompanies this distribution. The full text of the license may be
found at
# http://opensource.org/licenses/bsd-license.php
-#
+#
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
IMPLIED.
-#
+#
##
[Defines]
@@ -38,6 +38,7 @@
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c
+ Hash/CryptSha512.c
Hmac/CryptHmacMd5.c
Hmac/CryptHmacSha1.c
Cipher/CryptAes.c
@@ -50,6 +51,7 @@
Pk/CryptDh.c
Pk/CryptX509.c
Pk/CryptAuthenticode.c
+ Pk/CryptTs.c
Pem/CryptPem.c
SysCall/CrtWrapper.c
@@ -57,24 +59,6 @@
SysCall/BaseMemAllocation.c
[Sources.Ia32]
- SysCall/Ia32/MathMultS64x64.c | MSFT
- SysCall/Ia32/MathDivU64x64.c | MSFT
- SysCall/Ia32/MathReminderU64x64.c | MSFT
- SysCall/Ia32/MathLShiftS64.c | MSFT
- SysCall/Ia32/MathRShiftU64.c | MSFT
-
- SysCall/Ia32/MathMultS64x64.c | INTEL
- SysCall/Ia32/MathDivU64x64.c | INTEL
- SysCall/Ia32/MathReminderU64x64.c | INTEL
- SysCall/Ia32/MathLShiftS64.c | INTEL
- SysCall/Ia32/MathRShiftU64.c | INTEL
-
- SysCall/Ia32/MathMultS64x64.S | GCC
- SysCall/Ia32/MathDivU64x64.S | GCC
- SysCall/Ia32/MathReminderU64x64.S | GCC
- SysCall/Ia32/MathLShiftS64.S | GCC
- SysCall/Ia32/MathRShiftU64.S | GCC
-
Rand/CryptRandTsc.c
[Sources.X64]
@@ -107,4 +91,7 @@
# Remove these [BuildOptions] after this library is cleaned up
#
[BuildOptions]
+ # suppress the following warnings so we do not break the build with
warnings-as-errors:
+ # C4305: truncation from type1 to type2 (Introduced by RFC3161 Timestamp
ASN.1 declarations)
+ MSFT:*_*_X64_CC_FLAGS = /wd4305
GCC:*_GCC44_IA32_CC_FLAGS = "-D__cdecl=__attribute__((cdecl))"
"-D__declspec(t)=__attribute__((t))"
Added: trunk/edk2/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha512.c
===================================================================
--- trunk/edk2/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha512.c
(rev 0)
+++ trunk/edk2/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha512.c
2014-11-12 08:51:45 UTC (rev 16339)
@@ -0,0 +1,354 @@
+/** @file
+ SHA-384 and SHA-512 Digest Wrapper Implementations over OpenSSL.
+
+Copyright (c) 2014, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD
License
+which accompanies this distribution. The full text of the license may be
found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+#include <openssl/sha.h>
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for SHA-384
hash operations.
+
+ @return The size, in bytes, of the context buffer required for SHA-384 hash
operations.
+
+**/
+UINTN
+EFIAPI
+Sha384GetContextSize (
+ VOID
+ )
+{
+ //
+ // Retrieves OpenSSL SHA-384 Context Size
+ //
+ return (UINTN) (sizeof (SHA512_CTX));
+}
+
+/**
+ Initializes user-supplied memory pointed by Sha384Context as SHA-384 hash
context for
+ subsequent use.
+
+ If Sha384Context is NULL, then return FALSE.
+
+ @param[out] Sha384Context Pointer to SHA-384 context being initialized.
+
+ @retval TRUE SHA-384 context initialization succeeded.
+ @retval FALSE SHA-384 context initialization failed.
+
+**/
+BOOLEAN
+EFIAPI
+Sha384Init (
+ OUT VOID *Sha384Context
+ )
+{
+ //
+ // Check input parameters.
+ //
+ if (Sha384Context == NULL) {
+ return FALSE;
+ }
+
+ //
+ // OpenSSL SHA-384 Context Initialization
+ //
+ return (BOOLEAN) (SHA384_Init ((SHA512_CTX *) Sha384Context));
+}
+
+/**
+ Makes a copy of an existing SHA-384 context.
+
+ If Sha384Context is NULL, then return FALSE.
+ If NewSha384Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Sha384Context Pointer to SHA-384 context being copied.
+ @param[out] NewSha384Context Pointer to new SHA-384 context.
+
+ @retval TRUE SHA-384 context copy succeeded.
+ @retval FALSE SHA-384 context copy failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Sha384Duplicate (
+ IN CONST VOID *Sha384Context,
+ OUT VOID *NewSha384Context
+ )
+{
+ //
+ // Check input parameters.
+ //
+ if (Sha384Context == NULL || NewSha384Context == NULL) {
+ return FALSE;
+ }
+
+ CopyMem (NewSha384Context, Sha384Context, sizeof (SHA512_CTX));
+
+ return TRUE;
+}
+
+/**
+ Digests the input data and updates SHA-384 context.
+
+ This function performs SHA-384 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or
discontinuous data streams.
+ SHA-384 context should be already correctly intialized by Sha384Init(), and
should not be finalized
+ by Sha384Final(). Behavior with invalid context is undefined.
+
+ If Sha384Context is NULL, then return FALSE.
+
+ @param[in, out] Sha384Context Pointer to the SHA-384 context.
+ @param[in] Data Pointer to the buffer containing the data to
be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE SHA-384 data digest succeeded.
+ @retval FALSE SHA-384 data digest failed.
+
+**/
+BOOLEAN
+EFIAPI
+Sha384Update (
+ IN OUT VOID *Sha384Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ //
+ // Check input parameters.
+ //
+ if (Sha384Context == NULL) {
+ return FALSE;
+ }
+
+ //
+ // Check invalid parameters, in case that only DataLength was checked in
OpenSSL
+ //
+ if (Data == NULL && DataSize != 0) {
+ return FALSE;
+ }
+
+ //
+ // OpenSSL SHA-384 Hash Update
+ //
+ return (BOOLEAN) (SHA384_Update ((SHA512_CTX *) Sha384Context, Data,
DataSize));
+}
+
+/**
+ Completes computation of the SHA-384 digest value.
+
+ This function completes SHA-384 hash computation and retrieves the digest
value into
+ the specified memory. After this function has been called, the SHA-384
context cannot
+ be used again.
+ SHA-384 context should be already correctly intialized by Sha384Init(), and
should not be
+ finalized by Sha384Final(). Behavior with invalid SHA-384 context is
undefined.
+
+ If Sha384Context is NULL, then return FALSE.
+ If HashValue is NULL, then return FALSE.
+
+ @param[in, out] Sha384Context Pointer to the SHA-384 context.
+ @param[out] HashValue Pointer to a buffer that receives the
SHA-384 digest
+ value (48 bytes).
+
+ @retval TRUE SHA-384 digest computation succeeded.
+ @retval FALSE SHA-384 digest computation failed.
+
+**/
+BOOLEAN
+EFIAPI
+Sha384Final (
+ IN OUT VOID *Sha384Context,
+ OUT UINT8 *HashValue
+ )
+{
+ //
+ // Check input parameters.
+ //
+ if (Sha384Context == NULL || HashValue == NULL) {
+ return FALSE;
+ }
+
+ //
+ // OpenSSL SHA-384 Hash Finalization
+ //
+ return (BOOLEAN) (SHA384_Final (HashValue, (SHA512_CTX *) Sha384Context));
+}
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for SHA-512
hash operations.
+
+ @return The size, in bytes, of the context buffer required for SHA-512 hash
operations.
+
+**/
+UINTN
+EFIAPI
+Sha512GetContextSize (
+ VOID
+ )
+{
+ //
+ // Retrieves OpenSSL SHA-512 Context Size
+ //
+ return (UINTN) (sizeof (SHA512_CTX));
+}
+
+/**
+ Initializes user-supplied memory pointed by Sha512Context as SHA-512 hash
context for
+ subsequent use.
+
+ If Sha512Context is NULL, then return FALSE.
+
+ @param[out] Sha512Context Pointer to SHA-512 context being initialized.
+
+ @retval TRUE SHA-512 context initialization succeeded.
+ @retval FALSE SHA-512 context initialization failed.
+
+**/
+BOOLEAN
+EFIAPI
+Sha512Init (
+ OUT VOID *Sha512Context
+ )
+{
+ //
+ // Check input parameters.
+ //
+ if (Sha512Context == NULL) {
+ return FALSE;
+ }
+
+ //
+ // OpenSSL SHA-512 Context Initialization
+ //
+ return (BOOLEAN) (SHA512_Init ((SHA512_CTX *) Sha512Context));
+}
+
+/**
+ Makes a copy of an existing SHA-512 context.
+
+ If Sha512Context is NULL, then return FALSE.
+ If NewSha512Context is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in] Sha512Context Pointer to SHA-512 context being copied.
+ @param[out] NewSha512Context Pointer to new SHA-512 context.
+
+ @retval TRUE SHA-512 context copy succeeded.
+ @retval FALSE SHA-512 context copy failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Sha512Duplicate (
+ IN CONST VOID *Sha512Context,
+ OUT VOID *NewSha512Context
+ )
+{
+ //
+ // Check input parameters.
+ //
+ if (Sha512Context == NULL || NewSha512Context == NULL) {
+ return FALSE;
+ }
+
+ CopyMem (NewSha512Context, Sha512Context, sizeof (SHA512_CTX));
+
+ return TRUE;
+}
+
+/**
+ Digests the input data and updates SHA-512 context.
+
+ This function performs SHA-512 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or
discontinuous data streams.
+ SHA-512 context should be already correctly intialized by Sha512Init(), and
should not be finalized
+ by Sha512Final(). Behavior with invalid context is undefined.
+
+ If Sha512Context is NULL, then return FALSE.
+
+ @param[in, out] Sha512Context Pointer to the SHA-512 context.
+ @param[in] Data Pointer to the buffer containing the data to
be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE SHA-512 data digest succeeded.
+ @retval FALSE SHA-512 data digest failed.
+
+**/
+BOOLEAN
+EFIAPI
+Sha512Update (
+ IN OUT VOID *Sha512Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ //
+ // Check input parameters.
+ //
+ if (Sha512Context == NULL) {
+ return FALSE;
+ }
+
+ //
+ // Check invalid parameters, in case that only DataLength was checked in
OpenSSL
+ //
+ if (Data == NULL && DataSize != 0) {
+ return FALSE;
+ }
+
+ //
+ // OpenSSL SHA-512 Hash Update
+ //
+ return (BOOLEAN) (SHA512_Update ((SHA512_CTX *) Sha512Context, Data,
DataSize));
+}
+
+/**
+ Completes computation of the SHA-512 digest value.
+
+ This function completes SHA-512 hash computation and retrieves the digest
value into
+ the specified memory. After this function has been called, the SHA-512
context cannot
+ be used again.
+ SHA-512 context should be already correctly intialized by Sha512Init(), and
should not be
+ finalized by Sha512Final(). Behavior with invalid SHA-512 context is
undefined.
+
+ If Sha512Context is NULL, then return FALSE.
+ If HashValue is NULL, then return FALSE.
+
+ @param[in, out] Sha512Context Pointer to the SHA-512 context.
+ @param[out] HashValue Pointer to a buffer that receives the
SHA-512 digest
+ value (64 bytes).
+
+ @retval TRUE SHA-512 digest computation succeeded.
+ @retval FALSE SHA-512 digest computation failed.
+
+**/
+BOOLEAN
+EFIAPI
+Sha512Final (
+ IN OUT VOID *Sha512Context,
+ OUT UINT8 *HashValue
+ )
+{
+ //
+ // Check input parameters.
+ //
+ if (Sha512Context == NULL || HashValue == NULL) {
+ return FALSE;
+ }
+
+ //
+ // OpenSSL SHA-512 Hash Finalization
+ //
+ return (BOOLEAN) (SHA384_Final (HashValue, (SHA512_CTX *) Sha512Context));
+}
Added: trunk/edk2/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha512Null.c
===================================================================
--- trunk/edk2/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha512Null.c
(rev 0)
+++ trunk/edk2/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha512Null.c
2014-11-12 08:51:45 UTC (rev 16339)
@@ -0,0 +1,231 @@
+/** @file
+ SHA-384 and SHA-512 Digest Wrapper Implementations which does not provide
real capabilities.
+
+Copyright (c) 2014, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD
License
+which accompanies this distribution. The full text of the license may be
found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for SHA-384
hash operations.
+
+ Return zero to indicate this interface is not supported.
+
+ @retval 0 This interface is not supported.
+
+**/
+UINTN
+EFIAPI
+Sha384GetContextSize (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+/**
+ Initializes user-supplied memory pointed by Sha384Context as SHA-384 hash
context for
+ subsequent use.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[out] Sha384Context Pointer to SHA-384 context being initialized.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Sha384Init (
+ OUT VOID *Sha384Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Makes a copy of an existing SHA-384 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] Sha384Context Pointer to SHA-384 context being copied.
+ @param[out] NewSha384Context Pointer to new SHA-384 context.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Sha384Duplicate (
+ IN CONST VOID *Sha384Context,
+ OUT VOID *NewSha384Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Digests the input data and updates SHA-384 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] Sha384Context Pointer to the SHA-384 context.
+ @param[in] Data Pointer to the buffer containing the data to
be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Sha384Update (
+ IN OUT VOID *Sha384Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Completes computation of the SHA-384 digest value.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] Sha384Context Pointer to the SHA-384 context.
+ @param[out] HashValue Pointer to a buffer that receives the
SHA-384 digest
+ value (48 bytes).
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Sha384Final (
+ IN OUT VOID *Sha384Context,
+ OUT UINT8 *HashValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for SHA-512
hash operations.
+
+ Return zero to indicate this interface is not supported.
+
+ @retval 0 This interface is not supported.
+
+**/
+UINTN
+EFIAPI
+Sha512GetContextSize (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+/**
+ Initializes user-supplied memory pointed by Sha512Context as SHA-512 hash
context for
+ subsequent use.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[out] Sha512Context Pointer to SHA-512 context being initialized.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Sha512Init (
+ OUT VOID *Sha512Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Makes a copy of an existing SHA-512 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] Sha512Context Pointer to SHA-512 context being copied.
+ @param[out] NewSha512Context Pointer to new SHA-512 context.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Sha512Duplicate (
+ IN CONST VOID *Sha512Context,
+ OUT VOID *NewSha512Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Digests the input data and updates SHA-512 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] Sha512Context Pointer to the SHA-512 context.
+ @param[in] Data Pointer to the buffer containing the data to
be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Sha512Update (
+ IN OUT VOID *Sha512Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Completes computation of the SHA-512 digest value.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] Sha512Context Pointer to the SHA-512 context.
+ @param[out] HashValue Pointer to a buffer that receives the
SHA-512 digest
+ value (64 bytes).
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Sha512Final (
+ IN OUT VOID *Sha512Context,
+ OUT UINT8 *HashValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
Modified: trunk/edk2/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
===================================================================
--- trunk/edk2/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf 2014-11-12
08:26:03 UTC (rev 16338)
+++ trunk/edk2/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf 2014-11-12
08:51:45 UTC (rev 16339)
@@ -3,24 +3,25 @@
#
# Caution: This module requires additional review when modified.
# This library will have external input - signature.
-# This external input must be validated carefully to avoid security issues
such as
+# This external input must be validated carefully to avoid security issues
such as
# buffer overflow or integer overflow.
#
-# Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/
-# TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign
functions,
-# Diffie-Hellman functions, X.509 certificate handler functions, authenticode
-# signature verification functions, PEM handler functions, and pseudorandom
number
-# generator functions are not supported in this instance.
+# Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest
functions,
+# HMAC-MD5 functions, HMAC-SHA1 functions, AES/TDES/ARC4 functions, RSA
external
+# functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions,
X.509
+# certificate handler functions, authenticode signature verification
functions,
+# PEM handler functions, and pseudorandom number generator functions are not
+# supported in this instance.
#
# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD
License
# which accompanies this distribution. The full text of the license may be
found at
# http://opensource.org/licenses/bsd-license.php
-#
+#
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
IMPLIED.
-#
+#
##
[Defines]
@@ -43,6 +44,7 @@
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c
+ Hash/CryptSha512Null.c
Hmac/CryptHmacMd5Null.c
Hmac/CryptHmacSha1Null.c
Cipher/CryptAesNull.c
@@ -57,6 +59,7 @@
Pk/CryptDhNull.c
Pk/CryptX509Null.c
Pk/CryptAuthenticodeNull.c
+ Pk/CryptTsNull.c
Pem/CryptPemNull.c
Rand/CryptRandNull.c
@@ -65,26 +68,6 @@
SysCall/ConstantTimeClock.c
SysCall/BaseMemAllocation.c
-
-[Sources.Ia32]
- SysCall/Ia32/MathMultS64x64.c | MSFT
- SysCall/Ia32/MathDivU64x64.c | MSFT
- SysCall/Ia32/MathReminderU64x64.c | MSFT
- SysCall/Ia32/MathLShiftS64.c | MSFT
- SysCall/Ia32/MathRShiftU64.c | MSFT
-
- SysCall/Ia32/MathMultS64x64.c | INTEL
- SysCall/Ia32/MathDivU64x64.c | INTEL
- SysCall/Ia32/MathReminderU64x64.c | INTEL
- SysCall/Ia32/MathLShiftS64.c | INTEL
- SysCall/Ia32/MathRShiftU64.c | INTEL
-
- SysCall/Ia32/MathMultS64x64.S | GCC
- SysCall/Ia32/MathDivU64x64.S | GCC
- SysCall/Ia32/MathReminderU64x64.S | GCC
- SysCall/Ia32/MathLShiftS64.S | GCC
- SysCall/Ia32/MathRShiftU64.S | GCC
-
[Packages]
MdePkg/MdePkg.dec
CryptoPkg/CryptoPkg.dec
@@ -102,4 +85,3 @@
#
[BuildOptions]
GCC:*_GCC44_IA32_CC_FLAGS = "-D__cdecl=__attribute__((cdecl))"
"-D__declspec(t)=__attribute__((t))"
-
Modified: trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
===================================================================
--- trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
2014-11-12 08:26:03 UTC (rev 16338)
+++ trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
2014-11-12 08:51:45 UTC (rev 16339)
@@ -9,7 +9,7 @@
AuthenticodeVerify() will get PE/COFF Authenticode and will do basic check
for
data structure.
-Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -123,7 +123,7 @@
// Un-matched SPC_INDIRECT_DATA_OBJID.
//
goto _Exit;
- }
+ }
SpcIndirectDataContent = (UINT8
*)(Pkcs7->d.sign->contents->d.other->value.asn1_string->data);
@@ -135,16 +135,27 @@
if ((Asn1Byte & 0x80) == 0) {
//
- // Short Form of Length Encoding
+ // Short Form of Length Encoding (Length < 128)
//
ContentSize = (UINTN) (Asn1Byte & 0x7F);
//
// Skip the SEQUENCE Tag;
//
SpcIndirectDataContent += 2;
+
+ } else if ((Asn1Byte & 0x81) == 0x81) {
+ //
+ // Long Form of Length Encoding (128 <= Length < 255, Single Octet)
+ //
+ ContentSize = (UINTN) (*(UINT8 *)(SpcIndirectDataContent + 2));
+ //
+ // Skip the SEQUENCE Tag;
+ //
+ SpcIndirectDataContent += 3;
+
} else if ((Asn1Byte & 0x82) == 0x82) {
//
- // Long Form of Length Encoding, only support two bytes.
+ // Long Form of Length Encoding (Length > 255, Two Octet)
//
ContentSize = (UINTN) (*(UINT8 *)(SpcIndirectDataContent + 2));
ContentSize = (ContentSize << 8) + (UINTN)(*(UINT8
*)(SpcIndirectDataContent + 3));
@@ -152,6 +163,7 @@
// Skip the SEQUENCE Tag;
//
SpcIndirectDataContent += 4;
+
} else {
goto _Exit;
}
Modified: trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
===================================================================
--- trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
2014-11-12 08:26:03 UTC (rev 16338)
+++ trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
2014-11-12 08:51:45 UTC (rev 16339)
@@ -10,7 +10,7 @@
WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated
Variable and will do basic check for data structure.
-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -123,7 +123,7 @@
@param[in] P7Length Length of the PKCS#7 message in bytes.
@param[out] WrapFlag If TRUE P7Data is a ContentInfo structure, otherwise
return FALSE.
- @param[out] WrapData If return status of this function is TRUE:
+ @param[out] WrapData If return status of this function is TRUE:
1) when WrapFlag is TRUE, pointer to P7Data.
2) when WrapFlag is FALSE, pointer to a new
ContentInfo
structure. It's caller's responsibility to free this
@@ -227,7 +227,7 @@
@param[in] X509Stack Pointer to a X509 stack object.
@param[out] Cert Pointer to a X509 certificate.
@param[out] CertSize Length of output X509 certificate in bytes.
-
+
@retval TRUE The X509 stack pop succeeded.
@retval FALSE The pop operation failed.
@@ -359,7 +359,7 @@
(TrustedCert == NULL) || (CertLength == NULL) || (P7Length > INT_MAX)) {
return FALSE;
}
-
+
Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData,
&SignedDataSize);
if (!Status) {
return Status;
@@ -410,7 +410,7 @@
//
BufferSize = sizeof (UINT8);
OldSize = BufferSize;
-
+
for (Index = 0; ; Index++) {
Status = X509PopCertificate (Stack, &SingleCert, &SingleCertSize);
if (!Status) {
@@ -455,7 +455,7 @@
*CertStack = CertBuf;
*StackLength = BufferSize;
Status = TRUE;
- }
+ }
_Exit:
//
@@ -485,7 +485,7 @@
if (OldBuf != NULL) {
free (OldBuf);
}
-
+
return Status;
}
@@ -556,11 +556,11 @@
//
// Check input parameters.
//
- if (P7Data == NULL || TrustedCert == NULL || InData == NULL ||
+ if (P7Data == NULL || TrustedCert == NULL || InData == NULL ||
P7Length > INT_MAX || CertLength > INT_MAX || DataLength > INT_MAX) {
return FALSE;
}
-
+
Pkcs7 = NULL;
DataBio = NULL;
Cert = NULL;
@@ -578,18 +578,23 @@
if (EVP_add_digest (EVP_sha256 ()) == 0) {
return FALSE;
}
+ if (EVP_add_digest (EVP_sha384 ()) == 0) {
+ return FALSE;
+ }
+ if (EVP_add_digest (EVP_sha512 ()) == 0) {
+ return FALSE;
+ }
if (EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA) == 0) {
return FALSE;
}
-
Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData,
&SignedDataSize);
if (!Status) {
return Status;
}
Status = FALSE;
-
+
//
// Retrieve PKCS#7 Data (DER encoding)
//
@@ -674,4 +679,4 @@
}
return Status;
-}
+}
\ No newline at end of file
Added: trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
===================================================================
--- trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
(rev 0)
+++ trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c 2014-11-12
08:51:45 UTC (rev 16339)
@@ -0,0 +1,724 @@
+/** @file
+ RFC3161 Timestamp Countersignature Verification over OpenSSL.
+ The timestamp is generated by a TimeStamping Authority (TSA) and asserts
that a
+ publisher's signature existed before the specified time. The timestamp
extends
+ the lifetime of the signature when a signing certificate expires or is later
+ revoked.
+
+Copyright (c) 2014, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD
License
+which accompanies this distribution. The full text of the license may be
found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pkcs7.h>
+
+//
+// OID ASN.1 Value for SPC_RFC3161_OBJID ("1.3.6.1.4.1.311.3.3.1")
+//
+UINT8 mSpcRFC3161OidValue[] = {
+ 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x03, 0x03, 0x01
+ };
+
+///
+/// The messageImprint field SHOULD contain the hash of the datum to be
+/// time-stamped. The hash is represented as an OCTET STRING. Its
+/// length MUST match the length of the hash value for that algorithm
+/// (e.g., 20 bytes for SHA-1 or 16 bytes for MD5).
+///
+/// MessageImprint ::= SEQUENCE {
+/// hashAlgorithm AlgorithmIdentifier,
+/// hashedMessage OCTET STRING }
+///
+typedef struct {
+ X509_ALGOR *HashAlgorithm;
+ ASN1_OCTET_STRING *HashedMessage;
+} TS_MESSAGE_IMPRINT;
+
+//
+// ASN.1 Functions for TS_MESSAGE_IMPRINT
+//
+DECLARE_ASN1_FUNCTIONS (TS_MESSAGE_IMPRINT)
+ASN1_SEQUENCE (TS_MESSAGE_IMPRINT) = {
+ ASN1_SIMPLE (TS_MESSAGE_IMPRINT, HashAlgorithm, X509_ALGOR),
+ ASN1_SIMPLE (TS_MESSAGE_IMPRINT, HashedMessage, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END (TS_MESSAGE_IMPRINT)
+IMPLEMENT_ASN1_FUNCTIONS (TS_MESSAGE_IMPRINT)
+
+///
+/// Accuracy represents the time deviation around the UTC time contained
+/// in GeneralizedTime of time-stamp token.
+///
+/// Accuracy ::= SEQUENCE {
+/// seconds INTEGER OPTIONAL,
+/// millis [0] INTEGER (1..999) OPTIONAL,
+/// micros [1] INTEGER (1..999) OPTIONAL }
+///
+typedef struct {
+ ASN1_INTEGER *Seconds;
+ ASN1_INTEGER *Millis;
+ ASN1_INTEGER *Micros;
+} TS_ACCURACY;
+
+//
+// ASN.1 Functions for TS_ACCURACY
+//
+DECLARE_ASN1_FUNCTIONS (TS_ACCURACY)
+ASN1_SEQUENCE (TS_ACCURACY) = {
+ ASN1_OPT (TS_ACCURACY, Seconds, ASN1_INTEGER),
+ ASN1_IMP_OPT (TS_ACCURACY, Millis, ASN1_INTEGER, 0),
+ ASN1_IMP_OPT (TS_ACCURACY, Micros, ASN1_INTEGER, 1)
+} ASN1_SEQUENCE_END (TS_ACCURACY)
+IMPLEMENT_ASN1_FUNCTIONS (TS_ACCURACY)
+
+///
+/// The timestamp token info resulting from a successful timestamp request,
+/// as defined in RFC 3161.
+///
+/// TSTInfo ::= SEQUENCE {
+/// version INTEGER { v1(1) },
+/// policy TSAPolicyId,
+/// messageImprint MessageImprint,
+/// -- MUST have the same value as the similar field in
+/// -- TimeStampReq
+/// serialNumber INTEGER,
+/// -- Time-Stamping users MUST be ready to accommodate integers
+/// -- up to 160 bits.
+/// genTime GeneralizedTime,
+/// accuracy Accuracy OPTIONAL,
+/// ordering BOOLEAN DEFAULT FALSE,
+/// nonce INTEGER OPTIONAL,
+/// -- MUST be present if the similar field was present
+/// -- in TimeStampReq. In that case it MUST have the same value.
+/// tsa [0] GeneralName OPTIONAL,
+/// extensions [1] IMPLICIT Extensions OPTIONAL }
+///
+typedef struct {
+ ASN1_INTEGER *Version;
+ ASN1_OBJECT *Policy;
+ TS_MESSAGE_IMPRINT *MessageImprint;
+ ASN1_INTEGER *SerialNumber;
+ ASN1_GENERALIZEDTIME *GenTime;
+ TS_ACCURACY *Accuracy;
+ ASN1_BOOLEAN Ordering;
+ ASN1_INTEGER *Nonce;
+ GENERAL_NAME *Tsa;
+ STACK_OF(X509_EXTENSION) *Extensions;
+} TS_TST_INFO;
+
+//
+// ASN.1 Functions for TS_TST_INFO
+//
+DECLARE_ASN1_FUNCTIONS (TS_TST_INFO)
+ASN1_SEQUENCE (TS_TST_INFO) = {
+ ASN1_SIMPLE (TS_TST_INFO, Version, ASN1_INTEGER),
+ ASN1_SIMPLE (TS_TST_INFO, Policy, ASN1_OBJECT),
+ ASN1_SIMPLE (TS_TST_INFO, MessageImprint, TS_MESSAGE_IMPRINT),
+ ASN1_SIMPLE (TS_TST_INFO, SerialNumber, ASN1_INTEGER),
+ ASN1_SIMPLE (TS_TST_INFO, GenTime, ASN1_GENERALIZEDTIME),
+ ASN1_OPT (TS_TST_INFO, Accuracy, TS_ACCURACY),
+ ASN1_OPT (TS_TST_INFO, Ordering, ASN1_FBOOLEAN),
+ ASN1_OPT (TS_TST_INFO, Nonce, ASN1_INTEGER),
+ ASN1_EXP_OPT(TS_TST_INFO, Tsa, GENERAL_NAME, 0),
+ ASN1_IMP_SEQUENCE_OF_OPT (TS_TST_INFO, Extensions, X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END (TS_TST_INFO)
+IMPLEMENT_ASN1_FUNCTIONS (TS_TST_INFO)
+
+
+/**
+ Verification callback function to override any existing callbacks in OpenSSL
+ for intermediate TSA certificate supports.
+
+ @param[in] Status Original status before calling this callback.
+ @param[in] Context X509 store context.
+
+ @retval 1 Current X509 certificate is verified successfully.
+ @retval 0 Verification failed.
+
+**/
+int
+TSVerifyCallback (
+ IN int Status,
+ IN X509_STORE_CTX *Context
+ )
+{
+ X509_OBJECT *Obj;
+ INTN Error;
+ INTN Index;
+ INTN Count;
+
+ Obj = NULL;
+ Error = (INTN) X509_STORE_CTX_get_error (Context);
+
+ //
+ // X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT and X509_V_ERR_UNABLE_TO_GET_ISSUER_
+ // CERT_LOCALLY mean a X509 certificate is not self signed and its issuer
+ // can not be found in X509_verify_cert of X509_vfy.c.
+ // In order to support intermediate certificate node, we override the
+ // errors if the certification is obtained from X509 store, i.e. it is
+ // a trusted ceritifcate node that is enrolled by user.
+ // Besides,X509_V_ERR_CERT_UNTRUSTED and
X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
+ // are also ignored to enable such feature.
+ //
+ if ((Error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT) ||
+ (Error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)) {
+ Obj = (X509_OBJECT *) malloc (sizeof (X509_OBJECT));
+ if (Obj == NULL) {
+ return 0;
+ }
+
+ Obj->type = X509_LU_X509;
+ Obj->data.x509 = Context->current_cert;
+
+ CRYPTO_w_lock (CRYPTO_LOCK_X509_STORE);
+
+ if (X509_OBJECT_retrieve_match (Context->ctx->objs, Obj)) {
+ Status = 1;
+ } else {
+ //
+ // If any certificate in the chain is enrolled as trusted certificate,
+ // pass the certificate verification.
+ //
+ if (Error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) {
+ Count = (INTN) sk_X509_num (Context->chain);
+ for (Index = 0; Index < Count; Index++) {
+ Obj->data.x509 = sk_X509_value (Context->chain, (int) Index);
+ if (X509_OBJECT_retrieve_match (Context->ctx->objs, Obj)) {
+ Status = 1;
+ break;
+ }
+ }
+ }
+ }
+
+ CRYPTO_w_unlock (CRYPTO_LOCK_X509_STORE);
+ }
+
+ if ((Error == X509_V_ERR_CERT_UNTRUSTED) ||
+ (Error == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)) {
+ Status = 1;
+ }
+
+ if (Obj != NULL) {
+ OPENSSL_free (Obj);
+ }
+
+ return Status;
+}
+
+/**
+ Convert ASN.1 GeneralizedTime to EFI Time.
+
+ @param[in] Asn1Time Pointer to the ASN.1 GeneralizedTime to be
converted.
+ @param[out] SigningTime Return the corresponding EFI Time.
+
+ @retval TRUE The time convertion succeeds.
+ @retval FALSE Invalid parameters.
+
+**/
+BOOLEAN
+EFIAPI
+ConvertAsn1TimeToEfiTime (
+ IN ASN1_TIME *Asn1Time,
+ OUT EFI_TIME *EfiTime
+ )
+{
+ CONST CHAR8 *Str;
+ UINTN Index;
+
+ if ((Asn1Time == NULL) || (EfiTime == NULL)) {
+ return FALSE;
+ }
+
+ Str = (CONST CHAR8*)Asn1Time->data;
+ SetMem (EfiTime, 0, sizeof (EFI_TIME));
+
+ Index = 0;
+ if (Asn1Time->type == V_ASN1_UTCTIME) { /* two digit year */
+ EfiTime->Year = (Str[Index++] - '0') * 10;
+ EfiTime->Year += (Str[Index++] - '0');
+ if (EfiTime->Year < 70) {
+ EfiTime->Year += 100;
+ }
+ } else if (Asn1Time->type == V_ASN1_GENERALIZEDTIME) { /* four digit year */
+ EfiTime->Year = (Str[Index++] - '0') * 1000;
+ EfiTime->Year += (Str[Index++] - '0') * 100;
+ EfiTime->Year += (Str[Index++] - '0') * 10;
+ EfiTime->Year += (Str[Index++] - '0');
+ if ((EfiTime->Year < 1900) || (EfiTime->Year > 9999)) {
+ return FALSE;
+ }
+ }
+
+ EfiTime->Month = (Str[Index++] - '0') * 10;
+ EfiTime->Month += (Str[Index++] - '0');
+ if ((EfiTime->Month < 1) || (EfiTime->Month > 12)) {
+ return FALSE;
+ }
+
+ EfiTime->Day = (Str[Index++] - '0') * 10;
+ EfiTime->Day += (Str[Index++] - '0');
+ if ((EfiTime->Day < 1) || (EfiTime->Day > 31)) {
+ return FALSE;
+ }
+
+ EfiTime->Hour = (Str[Index++] - '0') * 10;
+ EfiTime->Hour += (Str[Index++] - '0');
+ if (EfiTime->Hour > 23) {
+ return FALSE;
+ }
+
+ EfiTime->Minute = (Str[Index++] - '0') * 10;
+ EfiTime->Minute += (Str[Index++] - '0');
+ if (EfiTime->Minute > 59) {
+ return FALSE;
+ }
+
+ EfiTime->Second = (Str[Index++] - '0') * 10;
+ EfiTime->Second += (Str[Index++] - '0');
+ if (EfiTime->Second > 59) {
+ return FALSE;
+ }
+
+ /* Note: we did not adjust the time based on time zone information */
+
+ return TRUE;
+}
+
+/**
+
+ Check the validity of TimeStamp Token Information.
+
+ @param[in] TstInfo Pointer to the TS_TST_INFO structure.
+ @param[in] TimestampedData Pointer to the data to be time-stamped.
+ @param[in] DataSize Size of timestamped data in bytes.
+
+ @retval TRUE The TimeStamp Token Information is valid.
+ @retval FALSE Invalid TimeStamp Token Information.
+
+**/
+BOOLEAN
+EFIAPI
+CheckTSTInfo (
+ IN CONST TS_TST_INFO *TstInfo,
+ IN CONST UINT8 *TimestampedData,
+ IN UINTN DataSize
+ )
+{
+ BOOLEAN Status;
+ TS_MESSAGE_IMPRINT *Imprint;
+ X509_ALGOR *HashAlgo;
+ CONST EVP_MD *Md;
+ EVP_MD_CTX MdCtx;
+ UINTN MdSize;
+ UINT8 *HashedMsg;
+
+ //
+ // Initialization
+ //
+ Status = FALSE;
+ HashAlgo = NULL;
+ HashedMsg = NULL;
+
+ //
+ // -- Check version number of Timestamp:
+ // The version field (currently v1) describes the version of the
time-stamp token.
+ // Conforming time-stamping servers MUST be able to provide version 1
time-stamp tokens.
+ //
+ if ((ASN1_INTEGER_get (TstInfo->Version)) != 1) {
+ return FALSE;
+ }
+
+ //
+ // -- Check Policies
+ // The policy field MUST indicate the TSA's policy under which the
response was produced.
+ //
+ if (TstInfo->Policy == NULL) {
+ /// NOTE: Need to check if the requested and returned policies.
+ /// We have no information about the Requested TSA Policy.
+ return FALSE;
+ }
+
+ //
+ // -- Compute & Check Message Imprint
+ //
+ Imprint = TstInfo->MessageImprint;
+ HashAlgo = X509_ALGOR_dup (Imprint->HashAlgorithm);
+
+ Md = EVP_get_digestbyobj (HashAlgo->algorithm);
+ if (Md == NULL) {
+ goto _Exit;
+ }
+
+ MdSize = EVP_MD_size (Md);
+ HashedMsg = AllocateZeroPool (MdSize);
+ if (HashedMsg == NULL) {
+ goto _Exit;
+ }
+ EVP_DigestInit (&MdCtx, Md);
+ EVP_DigestUpdate (&MdCtx, TimestampedData, DataSize);
+ EVP_DigestFinal (&MdCtx, HashedMsg, NULL);
+ if ((MdSize == (UINTN)ASN1_STRING_length (Imprint->HashedMessage)) &&
+ (CompareMem (HashedMsg, ASN1_STRING_data (Imprint->HashedMessage),
MdSize) != 0)) {
+ goto _Exit;
+ }
+
+ //
+ // -- Check Nonces
+ //
+ if (TstInfo->Nonce != NULL) {
+ //
+ // Nonces is optional, No error if no nonce is returned;
+ //
+ }
+
+ //
+ // -- Check if the TSA name and signer certificate is matched.
+ //
+ if (TstInfo->Tsa != NULL) {
+ //
+ // Ignored the optional Tsa field checking.
+ //
+ }
+
+ Status = TRUE;
+
+_Exit:
+ X509_ALGOR_free (HashAlgo);
+ if (HashedMsg != NULL) {
+ FreePool (HashedMsg);
+ }
+
+ return Status;
+}
+
+/**
+ Verifies the validility of a TimeStamp Token as described in RFC 3161
("Internet
+ X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)").
+
+ If TSToken is NULL, then return FALSE.
+ If TimestampedData is NULL, then return FALSE.
+
+ @param[in] TSToken Pointer to the RFC3161 TimeStamp Token, which
is generated
+ by a TSA and located in the software
publisher's SignerInfo
+ structure.
@@ Diff output truncated at 100000 characters. @@
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
