[PATCH 1/4] CryptoPkg: add new X509 function definition.

Home Messages Hashtags Subgroups Calendar

#94283

[PATCH 1/4] CryptoPkg: add new X509 function definition.

Qi Zhang #94283 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4082 Cc: Jiewen Yao <jiewen.yao@...> Cc: Jian J Wang <jian.j.wang@...> Cc: Xiaoyu Lu <xiaoyu1.lu@...> Cc: Guomin Jiang <guomin.jiang@...> Signed-off-by: Qi Zhang <qi1.zhang@...> --- CryptoPkg/Include/Library/BaseCryptLib.h \| 374 +++++++++++++++++++++++ 1 file changed, 374 insertions(+) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 3026299e29..d7bf29c93f 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -2459,6 +2459,380 @@ ImageTimestampVerify ( OUT EFI_TIME SigningTime=0D );=0D =0D +/=0D + Retrieve the version from one X.509 certificate.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertSize is 0, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] Version Pointer to the retrieved version integer.=0D +=0D + @retval TRUE The certificate version retrieved successfully.=0D + @retval FALSE If Cert is NULL or CertSize is Zero.=0D + @retval FALSE The operation is not supported.=0D +=0D +/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetVersion (=0D + IN CONST UINT8 Cert,=0D + IN UINTN CertSize,=0D + OUT UINTN Version=0D + );=0D +=0D +/=0D + Retrieve the serialNumber from one X.509 certificate.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertSize is 0, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] SerialNumber Pointer to the retrieved certificate Seria= lNumber bytes.=0D + @param[in, out] SerialNumberSize The size in bytes of the SerialNumber = buffer on input,=0D + and the size of buffer returned SerialNumbe= r on output.=0D +=0D + @retval TRUE The certificate serialNumber retrieved = successfully.=0D + @retval FALSE If Cert is NULL or CertSize is Zero.=0D + If SerialNumberSize is NULL.=0D + If Certificate is invalid.=0D + @retval FALSE If no SerialNumber exists.=0D + @retval FALSE If the SerialNumber is NULL. The requir= ed buffer size=0D + (including the final null) is returned = in the=0D + SerialNumberSize parameter.=0D + @retval FALSE The operation is not supported.=0D +/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetSerialNumber (=0D + IN CONST UINT8 Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 SerialNumber, OPTIONAL=0D + IN OUT UINTN SerialNumberSize=0D + );=0D +=0D +/=0D + Retrieve the issuer bytes from one X.509 certificate.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertIssuerSize is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] CertIssuer Pointer to the retrieved certificate subject= bytes.=0D + @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buff= er on input,=0D + and the size of buffer returned CertSubject= on output.=0D +=0D + @retval TRUE The certificate issuer retrieved successfully.=0D + @retval FALSE Invalid certificate, or the CertIssuerSize is too small = for the result.=0D + The CertIssuerSize will be updated with the required siz= e.=0D + @retval FALSE This interface is not supported.=0D +=0D +/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetIssuerName (=0D + IN CONST UINT8 Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 CertIssuer,=0D + IN OUT UINTN CertIssuerSize=0D + );=0D +=0D +/=0D + Retrieve the Signature Algorithm from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] Oid Signature Algorithm Object identifier b= uffer.=0D + @param[in,out] OidSize Signature Algorithm Object identifier b= uffer size=0D +=0D + @retval TRUE The certificate Extension data retrieved successf= ully.=0D + @retval FALSE If Cert is NULL.=0D + If OidSize is NULL.=0D + If Oid is not NULL and OidSize is 0.=0D + If Certificate is invalid.=0D + @retval FALSE If no SignatureType.=0D + @retval FALSE If the Oid is NULL. The required buffer= size=0D + is returned in the OidSize.=0D + @retval FALSE The operation is not supported.=0D +*/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetSignatureAlgorithm (=0D + IN CONST UINT8 Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 Oid, OPTIONAL=0D + IN OUT UINTN OidSize=0D + );=0D +=0D +/*=0D + Retrieve Extension data from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[in] Oid Object identifier buffer=0D + @param[in] OidSize Object identifier buffer size=0D + @param[out] ExtensionData Extension bytes.=0D + @param[in, out] ExtensionDataSize Extension bytes size.=0D +=0D + @retval TRUE The certificate Extension data retrieve= d successfully.=0D + @retval FALSE If Cert is NULL.=0D + If ExtensionDataSize is NULL.=0D + If ExtensionData is not NULL and Exten= sionDataSize is 0.=0D + If Certificate is invalid.=0D + @retval FALSE If no Extension entry match Oid.=0D + @retval FALSE If the ExtensionData is NULL. The requi= red buffer size=0D + is returned in the ExtensionDataSize pa= rameter.=0D + @retval FALSE The operation is not supported.=0D +*/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetExtensionData (=0D + IN CONST UINT8 Cert,=0D + IN UINTN CertSize,=0D + IN CONST UINT8 Oid,=0D + IN UINTN OidSize,=0D + OUT UINT8 ExtensionData,=0D + IN OUT UINTN ExtensionDataSize=0D + );=0D +=0D +/=0D + Retrieve the Validity from one X.509 certificate=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertIssuerSize is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[in] From notBefore Pointer to DateTime object.=0D + @param[in,out] FromSize notBefore DateTime object size.=0D + @param[in] To notAfter Pointer to DateTime object.=0D + @param[in,out] ToSize notAfter DateTime object size.=0D +=0D + Note: X509CompareDateTime to compare DateTime oject=0D + x509SetDateTime to get a DateTime object from a DateTimeStr=0D +=0D + @retval TRUE The certificate Validity retrieved successfully.=0D + @retval FALSE Invalid certificate, or Validity retrieve failed.=0D + @retval FALSE This interface is not supported.=0D +/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetValidity (=0D + IN CONST UINT8 Cert,=0D + IN UINTN CertSize,=0D + IN UINT8 From,=0D + IN OUT UINTN FromSize,=0D + IN UINT8 To,=0D + IN OUT UINTN ToSize=0D + );=0D +=0D +/*=0D + Format a DateTime object into DataTime Buffer=0D +=0D + If DateTimeStr is NULL, then return FALSE.=0D + If DateTimeSize is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ=0D + Ref: https://www.w3.org/TR/NOTE-datetim= e=0D + Z stand for UTC time=0D + @param[out] DateTime Pointer to a DateTime object.=0D + @param[in,out] DateTimeSize DateTime object buffer size.=0D +=0D + @retval TRUE The DateTime object create successfully= .=0D + @retval FALSE If DateTimeStr is NULL.=0D + If DateTimeSize is NULL.=0D + If DateTime is not NULL and DateTimeSi= ze is 0.=0D + If Year Month Day Hour Minute Second co= mbination is invalid datetime.=0D + @retval FALSE If the DateTime is NULL. The required b= uffer size=0D + (including the final null) is returned = in the=0D + DateTimeSize parameter.=0D + @retval FALSE The operation is not supported.=0D +*/=0D +BOOLEAN=0D +EFIAPI=0D +X509SetDateTime (=0D + IN CHAR8 DateTimeStr,=0D + OUT VOID DateTime,=0D + IN OUT UINTN DateTimeSize=0D + );=0D +=0D +/=0D + Compare DateTime1 object and DateTime2 object.=0D +=0D + If DateTime1 is NULL, then return -2.=0D + If DateTime2 is NULL, then return -2.=0D + If DateTime1 =3D=3D DateTime2, then return 0=0D + If DateTime1 > DateTime2, then return 1=0D + If DateTime1 < DateTime2, then return -1=0D +=0D + @param[in] DateTime1 Pointer to a DateTime Ojbect=0D + @param[in] DateTime2 Pointer to a DateTime Object=0D +=0D + @retval 0 If DateTime1 =3D=3D DateTime2=0D + @retval 1 If DateTime1 > DateTime2=0D + @retval -1 If DateTime1 < DateTime2=0D +/=0D +INT32=0D +EFIAPI=0D +X509CompareDateTime (=0D + IN CONST VOID DateTime1,=0D + IN CONST VOID DateTime2=0D + );=0D +=0D +/*=0D + Retrieve the Key Usage from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] Usage Key Usage (CRYPTO_X509_KU_)=0D +=0D + @retval TRUE The certificate Key Usage retrieved successfully.=0D + @retval FALSE Invalid certificate, or Usage is NULL=0D + @retval FALSE This interface is not supported.=0D +*/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetKeyUsage (=0D + IN CONST UINT8 Cert,=0D + IN UINTN CertSize,=0D + OUT UINTN Usage=0D + );=0D +=0D +/=0D + Retrieve the Extended Key Usage from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] Usage Key Usage bytes.=0D + @param[in, out] UsageSize Key Usage buffer sizs in bytes.=0D +=0D + @retval TRUE The Usage bytes retrieve successfully.= =0D + @retval FALSE If Cert is NULL.=0D + If CertSize is NULL.=0D + If Usage is not NULL and UsageSize is = 0.=0D + If Cert is invalid.=0D + @retval FALSE If the Usage is NULL. The required buff= er size=0D + is returned in the UsageSize parameter.= =0D + @retval FALSE The operation is not supported.=0D +*/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetExtendedKeyUsage (=0D + IN CONST UINT8 Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 Usage,=0D + IN OUT UINTN UsageSize=0D + );=0D +=0D +/=0D + Verify one X509 certificate was issued by the trusted CA.=0D + @param[in] RootCert Trusted Root Certificate buffer=0D +=0D + @param[in] RootCertLength Trusted Root Certificate buffer length= =0D + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates=0D + where the first certificate is signed = by the Root=0D + Certificate or is the Root Cerificate = itself. and=0D + subsequent cerificate is signed by the= preceding=0D + cerificate.=0D + @param[in] CertChainLength Total length of the certificate chain,= in bytes.=0D +=0D + @retval TRUE All cerificates was issued by the first certificate in X= 509Certchain.=0D + @retval FALSE Invalid certificate or the certificate was not issued by= the given=0D + trusted CA.=0D +/=0D +BOOLEAN=0D +EFIAPI=0D +X509VerifyCertChain (=0D + IN CONST UINT8 RootCert,=0D + IN UINTN RootCertLength,=0D + IN CONST UINT8 CertChain,=0D + IN UINTN CertChainLength=0D + );=0D +=0D +/=0D + Get one X509 certificate from CertChain.=0D +=0D + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates=0D + where the first certificate is signed = by the Root=0D + Certificate or is the Root Cerificate = itself. and=0D + subsequent cerificate is signed by the= preceding=0D + cerificate.=0D + @param[in] CertChainLength Total length of the certificate chain,= in bytes.=0D +=0D + @param[in] CertIndex Index of certificate. If index is -1 i= ndecate the=0D + last certificate in CertChain.=0D +=0D + @param[out] Cert The certificate at the index of CertCh= ain.=0D + @param[out] CertLength The length certificate at the index of= CertChain.=0D +=0D + @retval TRUE Success.=0D + @retval FALSE Failed to get certificate from certificate chain.=0D +/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetCertFromCertChain (=0D + IN CONST UINT8 CertChain,=0D + IN UINTN CertChainLength,=0D + IN CONST INT32 CertIndex,=0D + OUT CONST UINT8 Cert,=0D + OUT UINTN CertLength=0D + );=0D +=0D +/=0D + Retrieve the tag and length of the tag.=0D +=0D + @param Ptr The position in the ASN.1 data=0D + @param End End of data=0D + @param Length The variable that will receive the length=0D + @param Tag The expected tag=0D +=0D + @retval TRUE Get tag successful=0D + @retval FALSe Failed to get tag or tag not match=0D +/=0D +BOOLEAN=0D +EFIAPI=0D +Asn1GetTag (=0D + IN OUT UINT8 *Ptr,=0D + IN UINT8 End,=0D + OUT UINTN Length,=0D + IN UINT32 Tag=0D + );=0D +=0D +/=0D + Retrieve the basic constraints from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509= certificate.=0D + @param[in] CertSize size of the X509 certificate in= bytes.=0D + @param[out] BasicConstraints basic constraints bytes.=0D + @param[in, out] BasicConstraintsSize basic constraints buffer sizs i= n bytes.=0D +=0D + @retval TRUE The basic constraints retrieve successf= ully.=0D + @retval FALSE If cert is NULL.=0D + If cert_size is NULL.=0D + If basic_constraints is not NULL and b= asic_constraints_size is 0.=0D + If cert is invalid.=0D + @retval FALSE The required buffer size is small.=0D + The return buffer size is basic_constra= ints_size parameter.=0D + @retval FALSE If no Extension entry match oid.=0D + @retval FALSE The operation is not supported.=0D + */=0D +BOOLEAN=0D +EFIAPI=0D +X509GetExtendedBasicConstraints (=0D + CONST UINT8 Cert,=0D + UINTN CertSize,=0D + UINT8 BasicConstraints,=0D + UINTN BasicConstraintsSize=0D + );=0D +=0D // =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0D // DH Key Exchange Primitive=0D // =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0D --=20 2.26.2.windows.1
More All Messages By This Member

View All 3 Messages In Topic

#94283

Join devel@edk2.groups.io to automatically receive all group messages.

Home Hashtags Subgroups Calendar About Features Pricing Updates Terms Help Twitter