[PATCH 1/4] CryptoPkg: add new X509 function definition.


Qi Zhang
 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4082

Cc: Jiewen Yao <jiewen.yao@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Xiaoyu Lu <xiaoyu1.lu@...>
Cc: Guomin Jiang <guomin.jiang@...>
Signed-off-by: Qi Zhang <qi1.zhang@...>
---
CryptoPkg/Include/Library/BaseCryptLib.h | 374 +++++++++++++++++++++++
1 file changed, 374 insertions(+)

diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L=
ibrary/BaseCryptLib.h
index 3026299e29..d7bf29c93f 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -2459,6 +2459,380 @@ ImageTimestampVerify (
OUT EFI_TIME *SigningTime=0D
);=0D
=0D
+/**=0D
+ Retrieve the version from one X.509 certificate.=0D
+=0D
+ If Cert is NULL, then return FALSE.=0D
+ If CertSize is 0, then return FALSE.=0D
+ If this interface is not supported, then return FALSE.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certificate=
.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=0D
+ @param[out] Version Pointer to the retrieved version integer.=0D
+=0D
+ @retval TRUE The certificate version retrieved successfully.=0D
+ @retval FALSE If Cert is NULL or CertSize is Zero.=0D
+ @retval FALSE The operation is not supported.=0D
+=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetVersion (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ OUT UINTN *Version=0D
+ );=0D
+=0D
+/**=0D
+ Retrieve the serialNumber from one X.509 certificate.=0D
+=0D
+ If Cert is NULL, then return FALSE.=0D
+ If CertSize is 0, then return FALSE.=0D
+ If this interface is not supported, then return FALSE.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certificate=
.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=0D
+ @param[out] SerialNumber Pointer to the retrieved certificate Seria=
lNumber bytes.=0D
+ @param[in, out] SerialNumberSize The size in bytes of the SerialNumber =
buffer on input,=0D
+ and the size of buffer returned SerialNumbe=
r on output.=0D
+=0D
+ @retval TRUE The certificate serialNumber retrieved =
successfully.=0D
+ @retval FALSE If Cert is NULL or CertSize is Zero.=0D
+ If SerialNumberSize is NULL.=0D
+ If Certificate is invalid.=0D
+ @retval FALSE If no SerialNumber exists.=0D
+ @retval FALSE If the SerialNumber is NULL. The requir=
ed buffer size=0D
+ (including the final null) is returned =
in the=0D
+ SerialNumberSize parameter.=0D
+ @retval FALSE The operation is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetSerialNumber (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ OUT UINT8 *SerialNumber, OPTIONAL=0D
+ IN OUT UINTN *SerialNumberSize=0D
+ );=0D
+=0D
+/**=0D
+ Retrieve the issuer bytes from one X.509 certificate.=0D
+=0D
+ If Cert is NULL, then return FALSE.=0D
+ If CertIssuerSize is NULL, then return FALSE.=0D
+ If this interface is not supported, then return FALSE.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certificate=
.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=0D
+ @param[out] CertIssuer Pointer to the retrieved certificate subject=
bytes.=0D
+ @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buff=
er on input,=0D
+ and the size of buffer returned CertSubject=
on output.=0D
+=0D
+ @retval TRUE The certificate issuer retrieved successfully.=0D
+ @retval FALSE Invalid certificate, or the CertIssuerSize is too small =
for the result.=0D
+ The CertIssuerSize will be updated with the required siz=
e.=0D
+ @retval FALSE This interface is not supported.=0D
+=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetIssuerName (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ OUT UINT8 *CertIssuer,=0D
+ IN OUT UINTN *CertIssuerSize=0D
+ );=0D
+=0D
+/**=0D
+ Retrieve the Signature Algorithm from one X.509 certificate.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certifi=
cate.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=
=0D
+ @param[out] Oid Signature Algorithm Object identifier b=
uffer.=0D
+ @param[in,out] OidSize Signature Algorithm Object identifier b=
uffer size=0D
+=0D
+ @retval TRUE The certificate Extension data retrieved successf=
ully.=0D
+ @retval FALSE If Cert is NULL.=0D
+ If OidSize is NULL.=0D
+ If Oid is not NULL and *OidSize is 0.=0D
+ If Certificate is invalid.=0D
+ @retval FALSE If no SignatureType.=0D
+ @retval FALSE If the Oid is NULL. The required buffer=
size=0D
+ is returned in the OidSize.=0D
+ @retval FALSE The operation is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetSignatureAlgorithm (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ OUT UINT8 *Oid, OPTIONAL=0D
+ IN OUT UINTN *OidSize=0D
+ );=0D
+=0D
+/**=0D
+ Retrieve Extension data from one X.509 certificate.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certifi=
cate.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=
=0D
+ @param[in] Oid Object identifier buffer=0D
+ @param[in] OidSize Object identifier buffer size=0D
+ @param[out] ExtensionData Extension bytes.=0D
+ @param[in, out] ExtensionDataSize Extension bytes size.=0D
+=0D
+ @retval TRUE The certificate Extension data retrieve=
d successfully.=0D
+ @retval FALSE If Cert is NULL.=0D
+ If ExtensionDataSize is NULL.=0D
+ If ExtensionData is not NULL and *Exten=
sionDataSize is 0.=0D
+ If Certificate is invalid.=0D
+ @retval FALSE If no Extension entry match Oid.=0D
+ @retval FALSE If the ExtensionData is NULL. The requi=
red buffer size=0D
+ is returned in the ExtensionDataSize pa=
rameter.=0D
+ @retval FALSE The operation is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetExtensionData (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ IN CONST UINT8 *Oid,=0D
+ IN UINTN OidSize,=0D
+ OUT UINT8 *ExtensionData,=0D
+ IN OUT UINTN *ExtensionDataSize=0D
+ );=0D
+=0D
+/**=0D
+ Retrieve the Validity from one X.509 certificate=0D
+=0D
+ If Cert is NULL, then return FALSE.=0D
+ If CertIssuerSize is NULL, then return FALSE.=0D
+ If this interface is not supported, then return FALSE.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certificate=
.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=0D
+ @param[in] From notBefore Pointer to DateTime object.=0D
+ @param[in,out] FromSize notBefore DateTime object size.=0D
+ @param[in] To notAfter Pointer to DateTime object.=0D
+ @param[in,out] ToSize notAfter DateTime object size.=0D
+=0D
+ Note: X509CompareDateTime to compare DateTime oject=0D
+ x509SetDateTime to get a DateTime object from a DateTimeStr=0D
+=0D
+ @retval TRUE The certificate Validity retrieved successfully.=0D
+ @retval FALSE Invalid certificate, or Validity retrieve failed.=0D
+ @retval FALSE This interface is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetValidity (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ IN UINT8 *From,=0D
+ IN OUT UINTN *FromSize,=0D
+ IN UINT8 *To,=0D
+ IN OUT UINTN *ToSize=0D
+ );=0D
+=0D
+/**=0D
+ Format a DateTime object into DataTime Buffer=0D
+=0D
+ If DateTimeStr is NULL, then return FALSE.=0D
+ If DateTimeSize is NULL, then return FALSE.=0D
+ If this interface is not supported, then return FALSE.=0D
+=0D
+ @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ=0D
+ Ref: https://www.w3.org/TR/NOTE-datetim=
e=0D
+ Z stand for UTC time=0D
+ @param[out] DateTime Pointer to a DateTime object.=0D
+ @param[in,out] DateTimeSize DateTime object buffer size.=0D
+=0D
+ @retval TRUE The DateTime object create successfully=
.=0D
+ @retval FALSE If DateTimeStr is NULL.=0D
+ If DateTimeSize is NULL.=0D
+ If DateTime is not NULL and *DateTimeSi=
ze is 0.=0D
+ If Year Month Day Hour Minute Second co=
mbination is invalid datetime.=0D
+ @retval FALSE If the DateTime is NULL. The required b=
uffer size=0D
+ (including the final null) is returned =
in the=0D
+ DateTimeSize parameter.=0D
+ @retval FALSE The operation is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509SetDateTime (=0D
+ IN CHAR8 *DateTimeStr,=0D
+ OUT VOID *DateTime,=0D
+ IN OUT UINTN *DateTimeSize=0D
+ );=0D
+=0D
+/**=0D
+ Compare DateTime1 object and DateTime2 object.=0D
+=0D
+ If DateTime1 is NULL, then return -2.=0D
+ If DateTime2 is NULL, then return -2.=0D
+ If DateTime1 =3D=3D DateTime2, then return 0=0D
+ If DateTime1 > DateTime2, then return 1=0D
+ If DateTime1 < DateTime2, then return -1=0D
+=0D
+ @param[in] DateTime1 Pointer to a DateTime Ojbect=0D
+ @param[in] DateTime2 Pointer to a DateTime Object=0D
+=0D
+ @retval 0 If DateTime1 =3D=3D DateTime2=0D
+ @retval 1 If DateTime1 > DateTime2=0D
+ @retval -1 If DateTime1 < DateTime2=0D
+**/=0D
+INT32=0D
+EFIAPI=0D
+X509CompareDateTime (=0D
+ IN CONST VOID *DateTime1,=0D
+ IN CONST VOID *DateTime2=0D
+ );=0D
+=0D
+/**=0D
+ Retrieve the Key Usage from one X.509 certificate.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certifi=
cate.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=
=0D
+ @param[out] Usage Key Usage (CRYPTO_X509_KU_*)=0D
+=0D
+ @retval TRUE The certificate Key Usage retrieved successfully.=0D
+ @retval FALSE Invalid certificate, or Usage is NULL=0D
+ @retval FALSE This interface is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetKeyUsage (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ OUT UINTN *Usage=0D
+ );=0D
+=0D
+/**=0D
+ Retrieve the Extended Key Usage from one X.509 certificate.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certifi=
cate.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=
=0D
+ @param[out] Usage Key Usage bytes.=0D
+ @param[in, out] UsageSize Key Usage buffer sizs in bytes.=0D
+=0D
+ @retval TRUE The Usage bytes retrieve successfully.=
=0D
+ @retval FALSE If Cert is NULL.=0D
+ If CertSize is NULL.=0D
+ If Usage is not NULL and *UsageSize is =
0.=0D
+ If Cert is invalid.=0D
+ @retval FALSE If the Usage is NULL. The required buff=
er size=0D
+ is returned in the UsageSize parameter.=
=0D
+ @retval FALSE The operation is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetExtendedKeyUsage (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ OUT UINT8 *Usage,=0D
+ IN OUT UINTN *UsageSize=0D
+ );=0D
+=0D
+/**=0D
+ Verify one X509 certificate was issued by the trusted CA.=0D
+ @param[in] RootCert Trusted Root Certificate buffer=0D
+=0D
+ @param[in] RootCertLength Trusted Root Certificate buffer length=
=0D
+ @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce=
rtificates=0D
+ where the first certificate is signed =
by the Root=0D
+ Certificate or is the Root Cerificate =
itself. and=0D
+ subsequent cerificate is signed by the=
preceding=0D
+ cerificate.=0D
+ @param[in] CertChainLength Total length of the certificate chain,=
in bytes.=0D
+=0D
+ @retval TRUE All cerificates was issued by the first certificate in X=
509Certchain.=0D
+ @retval FALSE Invalid certificate or the certificate was not issued by=
the given=0D
+ trusted CA.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509VerifyCertChain (=0D
+ IN CONST UINT8 *RootCert,=0D
+ IN UINTN RootCertLength,=0D
+ IN CONST UINT8 *CertChain,=0D
+ IN UINTN CertChainLength=0D
+ );=0D
+=0D
+/**=0D
+ Get one X509 certificate from CertChain.=0D
+=0D
+ @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce=
rtificates=0D
+ where the first certificate is signed =
by the Root=0D
+ Certificate or is the Root Cerificate =
itself. and=0D
+ subsequent cerificate is signed by the=
preceding=0D
+ cerificate.=0D
+ @param[in] CertChainLength Total length of the certificate chain,=
in bytes.=0D
+=0D
+ @param[in] CertIndex Index of certificate. If index is -1 i=
ndecate the=0D
+ last certificate in CertChain.=0D
+=0D
+ @param[out] Cert The certificate at the index of CertCh=
ain.=0D
+ @param[out] CertLength The length certificate at the index of=
CertChain.=0D
+=0D
+ @retval TRUE Success.=0D
+ @retval FALSE Failed to get certificate from certificate chain.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetCertFromCertChain (=0D
+ IN CONST UINT8 *CertChain,=0D
+ IN UINTN CertChainLength,=0D
+ IN CONST INT32 CertIndex,=0D
+ OUT CONST UINT8 **Cert,=0D
+ OUT UINTN *CertLength=0D
+ );=0D
+=0D
+/**=0D
+ Retrieve the tag and length of the tag.=0D
+=0D
+ @param Ptr The position in the ASN.1 data=0D
+ @param End End of data=0D
+ @param Length The variable that will receive the length=0D
+ @param Tag The expected tag=0D
+=0D
+ @retval TRUE Get tag successful=0D
+ @retval FALSe Failed to get tag or tag not match=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+Asn1GetTag (=0D
+ IN OUT UINT8 **Ptr,=0D
+ IN UINT8 *End,=0D
+ OUT UINTN *Length,=0D
+ IN UINT32 Tag=0D
+ );=0D
+=0D
+/**=0D
+ Retrieve the basic constraints from one X.509 certificate.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509=
certificate.=0D
+ @param[in] CertSize size of the X509 certificate in=
bytes.=0D
+ @param[out] BasicConstraints basic constraints bytes.=0D
+ @param[in, out] BasicConstraintsSize basic constraints buffer sizs i=
n bytes.=0D
+=0D
+ @retval TRUE The basic constraints retrieve successf=
ully.=0D
+ @retval FALSE If cert is NULL.=0D
+ If cert_size is NULL.=0D
+ If basic_constraints is not NULL and *b=
asic_constraints_size is 0.=0D
+ If cert is invalid.=0D
+ @retval FALSE The required buffer size is small.=0D
+ The return buffer size is basic_constra=
ints_size parameter.=0D
+ @retval FALSE If no Extension entry match oid.=0D
+ @retval FALSE The operation is not supported.=0D
+ **/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetExtendedBasicConstraints (=0D
+ CONST UINT8 *Cert,=0D
+ UINTN CertSize,=0D
+ UINT8 *BasicConstraints,=0D
+ UINTN *BasicConstraintsSize=0D
+ );=0D
+=0D
// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0D
// DH Key Exchange Primitive=0D
// =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0D
--=20
2.26.2.windows.1

Join devel@edk2.groups.io to automatically receive all group messages.