[PATCH 2/4] CryptoPkg: add new X509 function.
|
Qi Zhang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4082
Cc: Jiewen Yao <jiewen.yao@...> Cc: Jian J Wang <jian.j.wang@...> Cc: Xiaoyu Lu <xiaoyu1.lu@...> Cc: Guomin Jiang <guomin.jiang@...> Signed-off-by: Qi Zhang <qi1.zhang@...> --- CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 1036 +++++++++++++++++ .../Library/BaseCryptLib/Pk/CryptX509Null.c | 429 +++++++ .../BaseCryptLibNull/Pk/CryptX509Null.c | 429 +++++++ 3 files changed, 1894 insertions(+) diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Libr= ary/BaseCryptLib/Pk/CryptX509.c index e6bb45e641..4cb3c9f814 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c @@ -8,8 +8,22 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =0D #include "InternalCryptLib.h"=0D #include <openssl/x509.h>=0D +#include <openssl/x509v3.h>=0D +#include <crypto/asn1.h>=0D +#include <openssl/asn1.h>=0D #include <openssl/rsa.h>=0D =0D +/* OID*/=0D +#define OID_EXT_KEY_USAGE { 0x55, 0x1D, 0x25 }=0D +#define OID_BASIC_CONSTRAINTS { 0x55, 0x1D, 0x13 }=0D +=0D +static CONST UINT8 mOidExtKeyUsage[] =3D OID_EXT_KEY_USAGE;=0D +static CONST UINT8 mOidBasicConstraints[] =3D OID_BASIC_CONSTRAINTS;=0D +=0D +#define CRYPTO_ASN1_TAG_CLASS_MASK 0xC0=0D +#define CRYPTO_ASN1_TAG_PC_MASK 0x20=0D +#define CRYPTO_ASN1_TAG_VALUE_MASK 0x1F=0D +=0D /**=0D Construct a X509 object from DER-encoded certificate data.=0D =0D @@ -842,3 +856,1025 @@ X509GetTBSCert ( =0D return TRUE;=0D }=0D +=0D +/**=0D + Retrieve the version from one X.509 certificate.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertSize is 0, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] Version Pointer to the retrieved version integer.=0D +=0D + @retval TRUE The certificate version retrieved successfully.=0D + @retval FALSE If Cert is NULL or CertSize is Zero.=0D + @retval FALSE The operation is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetVersion (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINTN *Version=0D + )=0D +{=0D + BOOLEAN Status;=0D + X509 *X509Cert;=0D +=0D + X509Cert =3D NULL;=0D + Status =3D X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Ce= rt);=0D + if ((X509Cert =3D=3D NULL) || (!Status)) {=0D + //=0D + // Invalid X.509 Certificate=0D + //=0D + Status =3D FALSE;=0D + }=0D +=0D + if (Status) {=0D + *Version =3D X509_get_version (X509Cert);=0D + }=0D +=0D + if (X509Cert !=3D NULL) {=0D + X509_free (X509Cert);=0D + }=0D +=0D + return Status;=0D +}=0D +=0D +/**=0D + Retrieve the serialNumber from one X.509 certificate.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertSize is 0, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] SerialNumber Pointer to the retrieved certificate Seria= lNumber bytes.=0D + @param[in, out] SerialNumberSize The size in bytes of the SerialNumber = buffer on input,=0D + and the size of buffer returned SerialNumbe= r on output.=0D +=0D + @retval TRUE The certificate serialNumber retrieved = successfully.=0D + @retval FALSE If Cert is NULL or CertSize is Zero.=0D + If SerialNumberSize is NULL.=0D + If Certificate is invalid.=0D + @retval FALSE If no SerialNumber exists.=0D + @retval FALSE If the SerialNumber is NULL. The requir= ed buffer size=0D + (including the final null) is returned = in the=0D + SerialNumberSize parameter.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetSerialNumber (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *SerialNumber, OPTIONAL=0D + IN OUT UINTN *SerialNumberSize=0D + )=0D +{=0D + BOOLEAN Status;=0D + X509 *X509Cert;=0D + ASN1_INTEGER *Asn1Integer;=0D +=0D + Status =3D FALSE;=0D + //=0D + // Check input parameters.=0D + //=0D + if ((Cert =3D=3D NULL) || (SerialNumberSize =3D=3D NULL)) {=0D + return Status;=0D + }=0D +=0D + X509Cert =3D NULL;=0D +=0D + //=0D + // Read DER-encoded X509 Certificate and Construct X509 object.=0D + //=0D + Status =3D X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert= );=0D + if ((X509Cert =3D=3D NULL) || (!Status)) {=0D + *SerialNumberSize =3D 0;=0D + Status =3D FALSE;=0D + goto _Exit;=0D + }=0D +=0D + //=0D + // Retrieve subject name from certificate object.=0D + //=0D + Asn1Integer =3D X509_get_serialNumber (X509Cert);=0D + if (Asn1Integer =3D=3D NULL) {=0D + *SerialNumberSize =3D 0;=0D + Status =3D FALSE;=0D + goto _Exit;=0D + }=0D +=0D + if (*SerialNumberSize < (UINTN)Asn1Integer->length) {=0D + *SerialNumberSize =3D (UINTN)Asn1Integer->length;=0D + Status =3D FALSE;=0D + goto _Exit;=0D + }=0D +=0D + if (SerialNumber !=3D NULL) {=0D + CopyMem (SerialNumber, Asn1Integer->data, *SerialNumberSize);=0D + Status =3D TRUE;=0D + }=0D +=0D + *SerialNumberSize =3D (UINTN)Asn1Integer->length;=0D +=0D +_Exit:=0D + //=0D + // Release Resources.=0D + //=0D + if (X509Cert !=3D NULL) {=0D + X509_free (X509Cert);=0D + }=0D +=0D + return Status;=0D +}=0D +=0D +/**=0D + Retrieve the issuer bytes from one X.509 certificate.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertIssuerSize is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] CertIssuer Pointer to the retrieved certificate subject= bytes.=0D + @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buff= er on input,=0D + and the size of buffer returned CertSubject= on output.=0D +=0D + @retval TRUE The certificate issuer retrieved successfully.=0D + @retval FALSE Invalid certificate, or the CertIssuerSize is too small = for the result.=0D + The CertIssuerSize will be updated with the required siz= e.=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetIssuerName (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *CertIssuer,=0D + IN OUT UINTN *CertIssuerSize=0D + )=0D +{=0D + BOOLEAN Status;=0D + X509 *X509Cert;=0D + X509_NAME *X509Name;=0D + UINTN X509NameSize;=0D +=0D + //=0D + // Check input parameters.=0D + //=0D + if ((Cert =3D=3D NULL) || (CertIssuerSize =3D=3D NULL)) {=0D + return FALSE;=0D + }=0D +=0D + X509Cert =3D NULL;=0D +=0D + //=0D + // Read DER-encoded X509 Certificate and Construct X509 object.=0D + //=0D + Status =3D X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert= );=0D + if ((X509Cert =3D=3D NULL) || (!Status)) {=0D + Status =3D FALSE;=0D + goto _Exit;=0D + }=0D +=0D + Status =3D FALSE;=0D +=0D + //=0D + // Retrieve subject name from certificate object.=0D + //=0D + X509Name =3D X509_get_subject_name (X509Cert);=0D + if (X509Name =3D=3D NULL) {=0D + goto _Exit;=0D + }=0D +=0D + X509NameSize =3D i2d_X509_NAME (X509Name, NULL);=0D + if (*CertIssuerSize < X509NameSize) {=0D + *CertIssuerSize =3D X509NameSize;=0D + goto _Exit;=0D + }=0D +=0D + *CertIssuerSize =3D X509NameSize;=0D + if (CertIssuer !=3D NULL) {=0D + i2d_X509_NAME (X509Name, &CertIssuer);=0D + Status =3D TRUE;=0D + }=0D +=0D +_Exit:=0D + //=0D + // Release Resources.=0D + //=0D + if (X509Cert !=3D NULL) {=0D + X509_free (X509Cert);=0D + }=0D +=0D + return Status;=0D +}=0D +=0D +/**=0D + Retrieve the Signature Algorithm from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] Oid Signature Algorithm Object identifier b= uffer.=0D + @param[in,out] OidSize Signature Algorithm Object identifier b= uffer size=0D +=0D + @retval TRUE The certificate Extension data retrieved successf= ully.=0D + @retval FALSE If Cert is NULL.=0D + If OidSize is NULL.=0D + If Oid is not NULL and *OidSize is 0.=0D + If Certificate is invalid.=0D + @retval FALSE If no SignatureType.=0D + @retval FALSE If the Oid is NULL. The required buffer= size=0D + is returned in the OidSize.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetSignatureAlgorithm (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *Oid, OPTIONAL=0D + IN OUT UINTN *OidSize=0D + )=0D +{=0D + BOOLEAN Status;=0D + X509 *X509Cert;=0D + int Nid;=0D + ASN1_OBJECT *Asn1Obj;=0D +=0D + //=0D + // Check input parameters.=0D + //=0D + if ((Cert =3D=3D NULL) || (OidSize =3D=3D NULL) || (CertSize =3D=3D 0)) = {=0D + return FALSE;=0D + }=0D +=0D + X509Cert =3D NULL;=0D + Status =3D FALSE;=0D +=0D + //=0D + // Read DER-encoded X509 Certificate and Construct X509 object.=0D + //=0D + Status =3D X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert= );=0D + if ((X509Cert =3D=3D NULL) || (!Status)) {=0D + Status =3D FALSE;=0D + goto _Exit;=0D + }=0D +=0D + //=0D + // Retrieve subject name from certificate object.=0D + //=0D + Nid =3D X509_get_signature_nid (X509Cert);=0D + if (Nid =3D=3D NID_undef) {=0D + *OidSize =3D 0;=0D + Status =3D FALSE;=0D + goto _Exit;=0D + }=0D +=0D + Asn1Obj =3D OBJ_nid2obj (Nid);=0D + if (Asn1Obj =3D=3D NULL) {=0D + *OidSize =3D 0;=0D + Status =3D FALSE;=0D + goto _Exit;=0D + }=0D +=0D + if (*OidSize < (UINTN)Asn1Obj->length) {=0D + *OidSize =3D Asn1Obj->length;=0D + Status =3D FALSE;=0D + goto _Exit;=0D + }=0D +=0D + if (Oid !=3D NULL) {=0D + CopyMem (Oid, Asn1Obj->data, Asn1Obj->length);=0D + }=0D +=0D + *OidSize =3D Asn1Obj->length;=0D + Status =3D TRUE;=0D +=0D +_Exit:=0D + //=0D + // Release Resources.=0D + //=0D + if (X509Cert !=3D NULL) {=0D + X509_free (X509Cert);=0D + }=0D +=0D + return Status;=0D +}=0D +=0D +/**=0D + Retrieve Extension data from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[in] Oid Object identifier buffer=0D + @param[in] OidSize Object identifier buffer size=0D + @param[out] ExtensionData Extension bytes.=0D + @param[in, out] ExtensionDataSize Extension bytes size.=0D +=0D + @retval TRUE The certificate Extension data retrieve= d successfully.=0D + @retval FALSE If Cert is NULL.=0D + If ExtensionDataSize is NULL.=0D + If ExtensionData is not NULL and *Exten= sionDataSize is 0.=0D + If Certificate is invalid.=0D + @retval FALSE If no Extension entry match Oid.=0D + @retval FALSE If the ExtensionData is NULL. The requi= red buffer size=0D + is returned in the ExtensionDataSize pa= rameter.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetExtensionData (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + IN CONST UINT8 *Oid,=0D + IN UINTN OidSize,=0D + OUT UINT8 *ExtensionData,=0D + IN OUT UINTN *ExtensionDataSize=0D + )=0D +{=0D + BOOLEAN Status;=0D + INTN i;=0D + X509 *X509Cert;=0D +=0D + CONST STACK_OF (X509_EXTENSION) *Extensions;=0D + ASN1_OBJECT *Asn1Obj;=0D + ASN1_OCTET_STRING *Asn1Oct;=0D + X509_EXTENSION *Ext;=0D + UINTN ObjLength;=0D + UINTN OctLength;=0D +=0D + //=0D + // Check input parameters.=0D + //=0D + if ((Cert =3D=3D NULL) || (CertSize =3D=3D 0) || (Oid =3D=3D NULL) || (O= idSize =3D=3D 0) || (ExtensionDataSize =3D=3D NULL)) {=0D + return FALSE;=0D + }=0D +=0D + X509Cert =3D NULL;=0D + Status =3D FALSE;=0D +=0D + //=0D + // Read DER-encoded X509 Certificate and Construct X509 object.=0D + //=0D + Status =3D X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert= );=0D + if ((X509Cert =3D=3D NULL) || (!Status)) {=0D + *ExtensionDataSize =3D 0;=0D + goto Cleanup;=0D + }=0D +=0D + //=0D + // Retrieve Extensions from certificate object.=0D + //=0D + Extensions =3D X509_get0_extensions (X509Cert);=0D + if (sk_X509_EXTENSION_num (Extensions) <=3D 0) {=0D + *ExtensionDataSize =3D 0;=0D + goto Cleanup;=0D + }=0D +=0D + //=0D + // Traverse Extensions=0D + //=0D + Status =3D FALSE;=0D + Asn1Oct =3D NULL;=0D + OctLength =3D 0;=0D + for (i =3D 0; i < sk_X509_EXTENSION_num (Extensions); i++) {=0D + Ext =3D sk_X509_EXTENSION_value (Extensions, (int)i);=0D + if (Ext =3D=3D NULL) {=0D + continue;=0D + }=0D +=0D + Asn1Obj =3D X509_EXTENSION_get_object (Ext);=0D + if (Asn1Obj =3D=3D NULL) {=0D + continue;=0D + }=0D +=0D + Asn1Oct =3D X509_EXTENSION_get_data (Ext);=0D + if (Asn1Oct =3D=3D NULL) {=0D + continue;=0D + }=0D +=0D + ObjLength =3D OBJ_length (Asn1Obj);=0D + OctLength =3D ASN1_STRING_length (Asn1Oct);=0D + if ((OidSize =3D=3D ObjLength) && (CompareMem (OBJ_get0_data (Asn1Obj)= , Oid, OidSize) =3D=3D 0)) {=0D + //=0D + // Extension Found=0D + //=0D + Status =3D TRUE;=0D + break;=0D + }=0D +=0D + //=0D + // reset to 0 if not found=0D + //=0D + OctLength =3D 0;=0D + }=0D +=0D + if (Status) {=0D + if (*ExtensionDataSize < OctLength) {=0D + *ExtensionDataSize =3D OctLength;=0D + Status =3D FALSE;=0D + goto Cleanup;=0D + }=0D +=0D + if (Asn1Oct !=3D NULL) {=0D + CopyMem (ExtensionData, ASN1_STRING_get0_data (Asn1Oct), OctLength);= =0D + }=0D +=0D + *ExtensionDataSize =3D OctLength;=0D + } else {=0D + *ExtensionDataSize =3D 0;=0D + }=0D +=0D +Cleanup:=0D + //=0D + // Release Resources.=0D + //=0D + if (X509Cert !=3D NULL) {=0D + X509_free (X509Cert);=0D + }=0D +=0D + return Status;=0D +}=0D +=0D +/**=0D + Retrieve the Extended Key Usage from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] Usage Key Usage bytes.=0D + @param[in, out] UsageSize Key Usage buffer sizs in bytes.=0D +=0D + @retval TRUE The Usage bytes retrieve successfully.= =0D + @retval FALSE If Cert is NULL.=0D + If CertSize is NULL.=0D + If Usage is not NULL and *UsageSize is = 0.=0D + If Cert is invalid.=0D + @retval FALSE If the Usage is NULL. The required buff= er size=0D + is returned in the UsageSize parameter.= =0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetExtendedKeyUsage (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *Usage,=0D + IN OUT UINTN *UsageSize=0D + )=0D +{=0D + BOOLEAN Status;=0D +=0D + Status =3D X509GetExtensionData (Cert, CertSize, mOidExtKeyUsage, sizeof= (mOidExtKeyUsage), Usage, UsageSize);=0D + return Status;=0D +}=0D +=0D +/**=0D + Retrieve the Validity from one X.509 certificate=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertIssuerSize is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] From notBefore Pointer to DateTime object.=0D + @param[in,out] FromSize notBefore DateTime object size.=0D + @param[out] To notAfter Pointer to DateTime object.=0D + @param[in,out] ToSize notAfter DateTime object size.=0D +=0D + Note: X509CompareDateTime to compare DateTime oject=0D + x509SetDateTime to get a DateTime object from a DateTimeStr=0D +=0D + @retval TRUE The certificate Validity retrieved successfully.=0D + @retval FALSE Invalid certificate, or Validity retrieve failed.=0D + @retval FALSE This interface is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetValidity (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + IN UINT8 *From,=0D + IN OUT UINTN *FromSize,=0D + IN UINT8 *To,=0D + IN OUT UINTN *ToSize=0D + )=0D +{=0D + BOOLEAN Status;=0D + X509 *X509Cert;=0D + CONST ASN1_TIME *F;=0D + CONST ASN1_TIME *T;=0D + UINTN TSize;=0D + UINTN FSize;=0D +=0D + //=0D + // Check input parameters.=0D + //=0D + if ((Cert =3D=3D NULL) || (FromSize =3D=3D NULL) || (ToSize =3D=3D NULL)= || (CertSize =3D=3D 0)) {=0D + return FALSE;=0D + }=0D +=0D + X509Cert =3D NULL;=0D + Status =3D FALSE;=0D +=0D + //=0D + // Read DER-encoded X509 Certificate and Construct X509 object.=0D + //=0D + Status =3D X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert= );=0D + if ((X509Cert =3D=3D NULL) || (!Status)) {=0D + goto _Exit;=0D + }=0D +=0D + //=0D + // Retrieve Validity from/to from certificate object.=0D + //=0D + F =3D X509_get0_notBefore (X509Cert);=0D + T =3D X509_get0_notAfter (X509Cert);=0D +=0D + if ((F =3D=3D NULL) || (T =3D=3D NULL)) {=0D + goto _Exit;=0D + }=0D +=0D + FSize =3D sizeof (ASN1_TIME) + F->length;=0D + if (*FromSize < FSize) {=0D + *FromSize =3D FSize;=0D + goto _Exit;=0D + }=0D +=0D + *FromSize =3D FSize;=0D + if (From !=3D NULL) {=0D + CopyMem (From, F, sizeof (ASN1_TIME));=0D + ((ASN1_TIME *)From)->data =3D From + sizeof (ASN1_TIME);=0D + CopyMem (From + sizeof (ASN1_TIME), F->data, F->length);=0D + }=0D +=0D + TSize =3D sizeof (ASN1_TIME) + T->length;=0D + if (*ToSize < TSize) {=0D + *ToSize =3D TSize;=0D + goto _Exit;=0D + }=0D +=0D + *ToSize =3D TSize;=0D + if (To !=3D NULL) {=0D + CopyMem (To, T, sizeof (ASN1_TIME));=0D + ((ASN1_TIME *)To)->data =3D To + sizeof (ASN1_TIME);=0D + CopyMem (To + sizeof (ASN1_TIME), T->data, T->length);=0D + }=0D +=0D + Status =3D TRUE;=0D +=0D +_Exit:=0D + //=0D + // Release Resources.=0D + //=0D + if (X509Cert !=3D NULL) {=0D + X509_free (X509Cert);=0D + }=0D +=0D + return Status;=0D +}=0D +=0D +/**=0D + Format a DateTime object into DataTime Buffer=0D +=0D + If DateTimeStr is NULL, then return FALSE.=0D + If DateTimeSize is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ=0D + Ref: https://www.w3.org/TR/NOTE-datetim= e=0D + Z stand for UTC time=0D + @param[out] DateTime Pointer to a DateTime object.=0D + @param[in,out] DateTimeSize DateTime object buffer size.=0D +=0D + @retval TRUE The DateTime object create successfully= .=0D + @retval FALSE If DateTimeStr is NULL.=0D + If DateTimeSize is NULL.=0D + If DateTime is not NULL and *DateTimeSi= ze is 0.=0D + If Year Month Day Hour Minute Second co= mbination is invalid datetime.=0D + @retval FALSE If the DateTime is NULL. The required b= uffer size=0D + (including the final null) is returned = in the=0D + DateTimeSize parameter.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509SetDateTime (=0D + IN CHAR8 *DateTimeStr,=0D + OUT VOID *DateTime,=0D + IN OUT UINTN *DateTimeSize=0D + )=0D +{=0D + BOOLEAN Status;=0D + INT32 Ret;=0D + ASN1_TIME *Dt;=0D + UINTN DSize;=0D +=0D + Dt =3D NULL;=0D + Status =3D FALSE;=0D +=0D + Dt =3D ASN1_TIME_new ();=0D + if (Dt =3D=3D NULL) {=0D + Status =3D FALSE;=0D + goto Cleanup;=0D + }=0D +=0D + Ret =3D ASN1_TIME_set_string_X509 (Dt, DateTimeStr);=0D + if (Ret !=3D 1) {=0D + Status =3D FALSE;=0D + goto Cleanup;=0D + }=0D +=0D + DSize =3D sizeof (ASN1_TIME) + Dt->length;=0D + if (*DateTimeSize < DSize) {=0D + *DateTimeSize =3D DSize;=0D + Status =3D FALSE;=0D + goto Cleanup;=0D + }=0D +=0D + *DateTimeSize =3D DSize;=0D + if (DateTime !=3D NULL) {=0D + CopyMem (DateTime, Dt, sizeof (ASN1_TIME));=0D + ((ASN1_TIME *)DateTime)->data =3D (UINT8 *)DateTime + sizeof (ASN1_TIM= E);=0D + CopyMem ((UINT8 *)DateTime + sizeof (ASN1_TIME), Dt->data, Dt->length)= ;=0D + }=0D +=0D + Status =3D TRUE;=0D +=0D +Cleanup:=0D + if (Dt !=3D NULL) {=0D + ASN1_TIME_free (Dt);=0D + }=0D +=0D + return Status;=0D +}=0D +=0D +/**=0D + Compare DateTime1 object and DateTime2 object.=0D +=0D + If DateTime1 is NULL, then return -2.=0D + If DateTime2 is NULL, then return -2.=0D + If DateTime1 =3D=3D DateTime2, then return 0=0D + If DateTime1 > DateTime2, then return 1=0D + If DateTime1 < DateTime2, then return -1=0D +=0D + @param[in] DateTime1 Pointer to a DateTime Ojbect=0D + @param[in] DateTime2 Pointer to a DateTime Object=0D +=0D + @retval 0 If DateTime1 =3D=3D DateTime2=0D + @retval 1 If DateTime1 > DateTime2=0D + @retval -1 If DateTime1 < DateTime2=0D +**/=0D +INT32=0D +EFIAPI=0D +X509CompareDateTime (=0D + IN CONST VOID *DateTime1,=0D + IN CONST VOID *DateTime2=0D + )=0D +{=0D + return (INT32)ASN1_TIME_compare (DateTime1, DateTime2);=0D +}=0D +=0D +/**=0D + Retrieve the Key Usage from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] Usage Key Usage (CRYPTO_X509_KU_*)=0D +=0D + @retval TRUE The certificate Key Usage retrieved successfully.=0D + @retval FALSE Invalid certificate, or Usage is NULL=0D + @retval FALSE This interface is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetKeyUsage (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINTN *Usage=0D + )=0D +{=0D + BOOLEAN Status;=0D + X509 *X509Cert;=0D +=0D + //=0D + // Check input parameters.=0D + //=0D + if ((Cert =3D=3D NULL) || (Usage =3D=3D NULL)) {=0D + return FALSE;=0D + }=0D +=0D + X509Cert =3D NULL;=0D + Status =3D FALSE;=0D +=0D + //=0D + // Read DER-encoded X509 Certificate and Construct X509 object.=0D + //=0D + Status =3D X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert= );=0D + if ((X509Cert =3D=3D NULL) || (!Status)) {=0D + goto _Exit;=0D + }=0D +=0D + //=0D + // Retrieve subject name from certificate object.=0D + //=0D + *Usage =3D X509_get_key_usage (X509Cert);=0D + if (*Usage =3D=3D NID_undef) {=0D + goto _Exit;=0D + }=0D +=0D + Status =3D TRUE;=0D +=0D +_Exit:=0D + //=0D + // Release Resources.=0D + //=0D + if (X509Cert !=3D NULL) {=0D + X509_free (X509Cert);=0D + }=0D +=0D + return Status;=0D +}=0D +=0D +/**=0D + Verify one X509 certificate was issued by the trusted CA.=0D + @param[in] RootCert Trusted Root Certificate buffer=0D +=0D + @param[in] RootCertLength Trusted Root Certificate buffer length= =0D + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates=0D + where the first certificate is signed = by the Root=0D + Certificate or is the Root Cerificate = itself. and=0D + subsequent cerificate is signed by the= preceding=0D + cerificate.=0D + @param[in] CertChainLength Total length of the certificate chain,= in bytes.=0D +=0D + @retval TRUE All cerificates was issued by the first certificate in X= 509Certchain.=0D + @retval FALSE Invalid certificate or the certificate was not issued by= the given=0D + trusted CA.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509VerifyCertChain (=0D + IN CONST UINT8 *RootCert,=0D + IN UINTN RootCertLength,=0D + IN CONST UINT8 *CertChain,=0D + IN UINTN CertChainLength=0D + )=0D +{=0D + CONST UINT8 *TmpPtr;=0D + UINTN Length;=0D + UINT32 Asn1Tag;=0D + UINT32 ObjClass;=0D + CONST UINT8 *CurrentCert;=0D + UINTN CurrentCertLen;=0D + CONST UINT8 *PrecedingCert;=0D + UINTN PrecedingCertLen;=0D + BOOLEAN VerifyFlag;=0D + INT32 Ret;=0D +=0D + PrecedingCert =3D RootCert;=0D + PrecedingCertLen =3D RootCertLength;=0D +=0D + CurrentCert =3D CertChain;=0D + Length =3D 0;=0D + CurrentCertLen =3D 0;=0D +=0D + VerifyFlag =3D FALSE;=0D + while (TRUE) {=0D + TmpPtr =3D CurrentCert;=0D + Ret =3D ASN1_get_object (=0D + (CONST UINT8 **)&TmpPtr,=0D + (long *)&Length,=0D + (int *)&Asn1Tag,=0D + (int *)&ObjClass,=0D + (long)(CertChainLength + CertChain - TmpPtr)=0D + );=0D + if ((Asn1Tag !=3D V_ASN1_SEQUENCE) || (Ret =3D=3D 0x80)) {=0D + break;=0D + }=0D +=0D + //=0D + // Calculate CurrentCert length;=0D + //=0D + CurrentCertLen =3D TmpPtr - CurrentCert + Length;=0D +=0D + //=0D + // Verify CurrentCert with preceding cert;=0D + //=0D + VerifyFlag =3D X509VerifyCert (CurrentCert, CurrentCertLen, PrecedingC= ert, PrecedingCertLen);=0D + if (VerifyFlag =3D=3D FALSE) {=0D + break;=0D + }=0D +=0D + //=0D + // move Current cert to Preceding cert=0D + //=0D + PrecedingCertLen =3D CurrentCertLen;=0D + PrecedingCert =3D CurrentCert;=0D +=0D + //=0D + // Move to next=0D + //=0D + CurrentCert =3D CurrentCert + CurrentCertLen;=0D + }=0D +=0D + return VerifyFlag;=0D +}=0D +=0D +/**=0D + Get one X509 certificate from CertChain.=0D +=0D + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates=0D + where the first certificate is signed = by the Root=0D + Certificate or is the Root Cerificate = itself. and=0D + subsequent cerificate is signed by the= preceding=0D + cerificate.=0D + @param[in] CertChainLength Total length of the certificate chain,= in bytes.=0D +=0D + @param[in] CertIndex Index of certificate.=0D +=0D + @param[out] Cert The certificate at the index of CertCh= ain.=0D + @param[out] CertLength The length certificate at the index of= CertChain.=0D +=0D + @retval TRUE Success.=0D + @retval FALSE Failed to get certificate from certificate chain.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetCertFromCertChain (=0D + IN CONST UINT8 *CertChain,=0D + IN UINTN CertChainLength,=0D + IN CONST INT32 CertIndex,=0D + OUT CONST UINT8 **Cert,=0D + OUT UINTN *CertLength=0D + )=0D +{=0D + UINTN Asn1Len;=0D + INT32 CurrentIndex;=0D + UINTN CurrentCertLen;=0D + CONST UINT8 *CurrentCert;=0D + CONST UINT8 *TmpPtr;=0D + INT32 Ret;=0D + UINT32 Asn1Tag;=0D + UINT32 ObjClass;=0D +=0D + //=0D + // Check input parameters.=0D + //=0D + if ((CertChain =3D=3D NULL) || (Cert =3D=3D NULL) ||=0D + (CertIndex < -1) || (CertLength =3D=3D NULL))=0D + {=0D + return FALSE;=0D + }=0D +=0D + Asn1Len =3D 0;=0D + CurrentCertLen =3D 0;=0D + CurrentCert =3D CertChain;=0D + CurrentIndex =3D -1;=0D +=0D + //=0D + // Traverse the certificate chain=0D + //=0D + while (TRUE) {=0D + TmpPtr =3D CurrentCert;=0D +=0D + // Get asn1 object and taglen=0D + Ret =3D ASN1_get_object (=0D + (CONST UINT8 **)&TmpPtr,=0D + (long *)&Asn1Len,=0D + (int *)&Asn1Tag,=0D + (int *)&ObjClass,=0D + (long)(CertChainLength + CertChain - TmpPtr)=0D + );=0D + if ((Asn1Tag !=3D V_ASN1_SEQUENCE) || (Ret =3D=3D 0x80)) {=0D + break;=0D + }=0D +=0D + //=0D + // Calculate CurrentCert length;=0D + //=0D + CurrentCertLen =3D TmpPtr - CurrentCert + Asn1Len;=0D + CurrentIndex++;=0D +=0D + if (CurrentIndex =3D=3D CertIndex) {=0D + *Cert =3D CurrentCert;=0D + *CertLength =3D CurrentCertLen;=0D + return TRUE;=0D + }=0D +=0D + //=0D + // Move to next=0D + //=0D + CurrentCert =3D CurrentCert + CurrentCertLen;=0D + }=0D +=0D + //=0D + // If CertIndex is -1, Return the last certificate=0D + //=0D + if ((CertIndex =3D=3D -1) && (CurrentIndex >=3D 0)) {=0D + *Cert =3D CurrentCert - CurrentCertLen;=0D + *CertLength =3D CurrentCertLen;=0D + return TRUE;=0D + }=0D +=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the tag and length of the tag.=0D +=0D + @param Ptr The position in the ASN.1 data=0D + @param End End of data=0D + @param Length The variable that will receive the length=0D + @param Tag The expected tag=0D +=0D + @retval TRUE Get tag successful=0D + @retval FALSe Failed to get tag or tag not match=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Asn1GetTag (=0D + IN OUT UINT8 **Ptr,=0D + IN UINT8 *End,=0D + OUT UINTN *Length,=0D + IN UINT32 Tag=0D + )=0D +{=0D + UINT8 *PtrOld;=0D + INT32 ObjTag;=0D + INT32 ObjCls;=0D + long ObjLength;=0D +=0D + //=0D + // Save Ptr position=0D + //=0D + PtrOld =3D *Ptr;=0D +=0D + ASN1_get_object ((CONST UINT8 **)Ptr, &ObjLength, &ObjTag, &ObjCls, (INT= 32)(End - (*Ptr)));=0D + if ((ObjTag =3D=3D (INT32)(Tag & CRYPTO_ASN1_TAG_VALUE_MASK)) &&=0D + (ObjCls =3D=3D (INT32)(Tag & CRYPTO_ASN1_TAG_CLASS_MASK)))=0D + {=0D + *Length =3D (UINTN)ObjLength;=0D + return TRUE;=0D + } else {=0D + //=0D + // if doesn't match Tag, restore Ptr to origin Ptr=0D + //=0D + *Ptr =3D PtrOld;=0D + return FALSE;=0D + }=0D +}=0D +=0D +/**=0D + Retrieve the basic constraints from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509= certificate.=0D + @param[in] CertSize size of the X509 certificate in= bytes.=0D + @param[out] BasicConstraints basic constraints bytes.=0D + @param[in, out] BasicConstraintsSize basic constraints buffer sizs i= n bytes.=0D +=0D + @retval TRUE The basic constraints retrieve successf= ully.=0D + @retval FALSE If cert is NULL.=0D + If cert_size is NULL.=0D + If basic_constraints is not NULL and *b= asic_constraints_size is 0.=0D + If cert is invalid.=0D + @retval FALSE The required buffer size is small.=0D + The return buffer size is basic_constra= ints_size parameter.=0D + @retval FALSE If no Extension entry match oid.=0D + @retval FALSE The operation is not supported.=0D + **/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetExtendedBasicConstraints (=0D + CONST UINT8 *Cert,=0D + UINTN CertSize,=0D + UINT8 *BasicConstraints,=0D + UINTN *BasicConstraintsSize=0D + )=0D +{=0D + BOOLEAN Status;=0D +=0D + if ((Cert =3D=3D NULL) || (CertSize =3D=3D 0) || (BasicConstraintsSize = =3D=3D NULL)) {=0D + return FALSE;=0D + }=0D +=0D + Status =3D X509GetExtensionData (=0D + (UINT8 *)Cert,=0D + CertSize,=0D + mOidBasicConstraints,=0D + sizeof (mOidBasicConstraints),=0D + BasicConstraints,=0D + BasicConstraintsSize=0D + );=0D +=0D + return Status;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c b/CryptoPkg/= Library/BaseCryptLib/Pk/CryptX509Null.c index 38819723c7..bd2a12fc14 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c @@ -292,3 +292,432 @@ X509GetTBSCert ( ASSERT (FALSE);=0D return FALSE;=0D }=0D +=0D +/**=0D + Retrieve the version from one X.509 certificate.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertSize is 0, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] Version Pointer to the retrieved version integer.=0D +=0D + @retval TRUE The certificate version retrieved successfully.=0D + @retval FALSE If Cert is NULL or CertSize is Zero.=0D + @retval FALSE The operation is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetVersion (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINTN *Version=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the serialNumber from one X.509 certificate.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertSize is 0, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] SerialNumber Pointer to the retrieved certificate Seria= lNumber bytes.=0D + @param[in, out] SerialNumberSize The size in bytes of the SerialNumber = buffer on input,=0D + and the size of buffer returned SerialNumbe= r on output.=0D +=0D + @retval TRUE The certificate serialNumber retrieved = successfully.=0D + @retval FALSE If Cert is NULL or CertSize is Zero.=0D + If SerialNumberSize is NULL.=0D + If Certificate is invalid.=0D + @retval FALSE If no SerialNumber exists.=0D + @retval FALSE If the SerialNumber is NULL. The requir= ed buffer size=0D + (including the final null) is returned = in the=0D + SerialNumberSize parameter.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetSerialNumber (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *SerialNumber, OPTIONAL=0D + IN OUT UINTN *SerialNumberSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the issuer bytes from one X.509 certificate.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertIssuerSize is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] CertIssuer Pointer to the retrieved certificate subject= bytes.=0D + @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buff= er on input,=0D + and the size of buffer returned CertSubject= on output.=0D +=0D + @retval TRUE The certificate issuer retrieved successfully.=0D + @retval FALSE Invalid certificate, or the CertIssuerSize is too small = for the result.=0D + The CertIssuerSize will be updated with the required siz= e.=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetIssuerName (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *CertIssuer,=0D + IN OUT UINTN *CertIssuerSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the Signature Algorithm from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] Oid Signature Algorithm Object identifier b= uffer.=0D + @param[in,out] OidSize Signature Algorithm Object identifier b= uffer size=0D +=0D + @retval TRUE The certificate Extension data retrieved successf= ully.=0D + @retval FALSE If Cert is NULL.=0D + If OidSize is NULL.=0D + If Oid is not NULL and *OidSize is 0.=0D + If Certificate is invalid.=0D + @retval FALSE If no SignatureType.=0D + @retval FALSE If the Oid is NULL. The required buffer= size=0D + is returned in the OidSize.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetSignatureAlgorithm (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *Oid, OPTIONAL=0D + IN OUT UINTN *OidSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve Extension data from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[in] Oid Object identifier buffer=0D + @param[in] OidSize Object identifier buffer size=0D + @param[out] ExtensionData Extension bytes.=0D + @param[in, out] ExtensionDataSize Extension bytes size.=0D +=0D + @retval TRUE The certificate Extension data retrieve= d successfully.=0D + @retval FALSE If Cert is NULL.=0D + If ExtensionDataSize is NULL.=0D + If ExtensionData is not NULL and *Exten= sionDataSize is 0.=0D + If Certificate is invalid.=0D + @retval FALSE If no Extension entry match Oid.=0D + @retval FALSE If the ExtensionData is NULL. The requi= red buffer size=0D + is returned in the ExtensionDataSize pa= rameter.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetExtensionData (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + IN CONST UINT8 *Oid,=0D + IN UINTN OidSize,=0D + OUT UINT8 *ExtensionData,=0D + IN OUT UINTN *ExtensionDataSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the Extended Key Usage from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] Usage Key Usage bytes.=0D + @param[in, out] UsageSize Key Usage buffer sizs in bytes.=0D +=0D + @retval TRUE The Usage bytes retrieve successfully.= =0D + @retval FALSE If Cert is NULL.=0D + If CertSize is NULL.=0D + If Usage is not NULL and *UsageSize is = 0.=0D + If Cert is invalid.=0D + @retval FALSE If the Usage is NULL. The required buff= er size=0D + is returned in the UsageSize parameter.= =0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetExtendedKeyUsage (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *Usage,=0D + IN OUT UINTN *UsageSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the Validity from one X.509 certificate=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertIssuerSize is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[in] From notBefore Pointer to DateTime object.=0D + @param[in,out] FromSize notBefore DateTime object size.=0D + @param[in] To notAfter Pointer to DateTime object.=0D + @param[in,out] ToSize notAfter DateTime object size.=0D +=0D + Note: X509CompareDateTime to compare DateTime oject=0D + x509SetDateTime to get a DateTime object from a DateTimeStr=0D +=0D + @retval TRUE The certificate Validity retrieved successfully.=0D + @retval FALSE Invalid certificate, or Validity retrieve failed.=0D + @retval FALSE This interface is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetValidity (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + IN UINT8 *From,=0D + IN OUT UINTN *FromSize,=0D + IN UINT8 *To,=0D + IN OUT UINTN *ToSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Format a DateTime object into DataTime Buffer=0D +=0D + If DateTimeStr is NULL, then return FALSE.=0D + If DateTimeSize is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ=0D + Ref: https://www.w3.org/TR/NOTE-datetim= e=0D + Z stand for UTC time=0D + @param[out] DateTime Pointer to a DateTime object.=0D + @param[in,out] DateTimeSize DateTime object buffer size.=0D +=0D + @retval TRUE The DateTime object create successfully= .=0D + @retval FALSE If DateTimeStr is NULL.=0D + If DateTimeSize is NULL.=0D + If DateTime is not NULL and *DateTimeSi= ze is 0.=0D + If Year Month Day Hour Minute Second co= mbination is invalid datetime.=0D + @retval FALSE If the DateTime is NULL. The required b= uffer size=0D + (including the final null) is returned = in the=0D + DateTimeSize parameter.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509SetDateTime (=0D + IN CHAR8 *DateTimeStr,=0D + OUT VOID *DateTime,=0D + IN OUT UINTN *DateTimeSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Compare DateTime1 object and DateTime2 object.=0D +=0D + If DateTime1 is NULL, then return -2.=0D + If DateTime2 is NULL, then return -2.=0D + If DateTime1 =3D=3D DateTime2, then return 0=0D + If DateTime1 > DateTime2, then return 1=0D + If DateTime1 < DateTime2, then return -1=0D +=0D + @param[in] DateTime1 Pointer to a DateTime Ojbect=0D + @param[in] DateTime2 Pointer to a DateTime Object=0D +=0D + @retval 0 If DateTime1 =3D=3D DateTime2=0D + @retval 1 If DateTime1 > DateTime2=0D + @retval -1 If DateTime1 < DateTime2=0D +**/=0D +INT32=0D +EFIAPI=0D +X509CompareDateTime (=0D + IN CONST VOID *DateTime1,=0D + IN CONST VOID *DateTime2=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return -3;=0D +}=0D +=0D +/**=0D + Retrieve the Key Usage from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] Usage Key Usage (CRYPTO_X509_KU_*)=0D +=0D + @retval TRUE The certificate Key Usage retrieved successfully.=0D + @retval FALSE Invalid certificate, or Usage is NULL=0D + @retval FALSE This interface is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetKeyUsage (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINTN *Usage=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Verify one X509 certificate was issued by the trusted CA.=0D + @param[in] RootCert Trusted Root Certificate buffer=0D +=0D + @param[in] RootCertLength Trusted Root Certificate buffer length= =0D + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates=0D + where the first certificate is signed = by the Root=0D + Certificate or is the Root Cerificate = itself. and=0D + subsequent cerificate is signed by the= preceding=0D + cerificate.=0D + @param[in] CertChainLength Total length of the certificate chain,= in bytes.=0D +=0D + @retval TRUE All cerificates was issued by the first certificate in X= 509Certchain.=0D + @retval FALSE Invalid certificate or the certificate was not issued by= the given=0D + trusted CA.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509VerifyCertChain (=0D + IN CONST UINT8 *RootCert,=0D + IN UINTN RootCertLength,=0D + IN CONST UINT8 *CertChain,=0D + IN UINTN CertChainLength=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Get one X509 certificate from CertChain.=0D +=0D + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates=0D + where the first certificate is signed = by the Root=0D + Certificate or is the Root Cerificate = itself. and=0D + subsequent cerificate is signed by the= preceding=0D + cerificate.=0D + @param[in] CertChainLength Total length of the certificate chain,= in bytes.=0D +=0D + @param[in] CertIndex Index of certificate.=0D +=0D + @param[out] Cert The certificate at the index of CertCh= ain.=0D + @param[out] CertLength The length certificate at the index of= CertChain.=0D +=0D + @retval TRUE Success.=0D + @retval FALSE Failed to get certificate from certificate chain.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetCertFromCertChain (=0D + IN CONST UINT8 *CertChain,=0D + IN UINTN CertChainLength,=0D + IN CONST INT32 CertIndex,=0D + OUT CONST UINT8 **Cert,=0D + OUT UINTN *CertLength=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the tag and length of the tag.=0D +=0D + @param Ptr The position in the ASN.1 data=0D + @param End End of data=0D + @param Length The variable that will receive the length=0D + @param Tag The expected tag=0D +=0D + @retval TRUE Get tag successful=0D + @retval FALSe Failed to get tag or tag not match=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Asn1GetTag (=0D + IN OUT UINT8 **Ptr,=0D + IN UINT8 *End,=0D + OUT UINTN *Length,=0D + IN UINT32 Tag=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the basic constraints from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509= certificate.=0D + @param[in] CertSize size of the X509 certificate in= bytes.=0D + @param[out] BasicConstraints basic constraints bytes.=0D + @param[in, out] BasicConstraintsSize basic constraints buffer sizs i= n bytes.=0D +=0D + @retval TRUE The basic constraints retrieve successf= ully.=0D + @retval FALSE If cert is NULL.=0D + If cert_size is NULL.=0D + If basic_constraints is not NULL and *b= asic_constraints_size is 0.=0D + If cert is invalid.=0D + @retval FALSE The required buffer size is small.=0D + The return buffer size is basic_constra= ints_size parameter.=0D + @retval FALSE If no Extension entry match oid.=0D + @retval FALSE The operation is not supported.=0D + **/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetExtendedBasicConstraints (=0D + CONST UINT8 *Cert,=0D + UINTN CertSize,=0D + UINT8 *BasicConstraints,=0D + UINTN *BasicConstraintsSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c b/Crypto= Pkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c index 38819723c7..0068f00738 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c @@ -292,3 +292,432 @@ X509GetTBSCert ( ASSERT (FALSE);=0D return FALSE;=0D }=0D +=0D +/**=0D + Retrieve the version from one X.509 certificate.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertSize is 0, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] Version Pointer to the retrieved version integer.=0D +=0D + @retval TRUE The certificate version retrieved successfully.=0D + @retval FALSE If Cert is NULL or CertSize is Zero.=0D + @retval FALSE The operation is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetVersion (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINTN *Version=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the serialNumber from one X.509 certificate.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertSize is 0, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] SerialNumber Pointer to the retrieved certificate Seria= lNumber bytes.=0D + @param[in, out] SerialNumberSize The size in bytes of the SerialNumber = buffer on input,=0D + and the size of buffer returned SerialNumbe= r on output.=0D +=0D + @retval TRUE The certificate serialNumber retrieved = successfully.=0D + @retval FALSE If Cert is NULL or CertSize is Zero.=0D + If SerialNumberSize is NULL.=0D + If Certificate is invalid.=0D + @retval FALSE If no SerialNumber exists.=0D + @retval FALSE If the SerialNumber is NULL. The requir= ed buffer size=0D + (including the final null) is returned = in the=0D + SerialNumberSize parameter.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetSerialNumber (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *SerialNumber, OPTIONAL=0D + IN OUT UINTN *SerialNumberSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the issuer bytes from one X.509 certificate.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertIssuerSize is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] CertIssuer Pointer to the retrieved certificate subject= bytes.=0D + @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buff= er on input,=0D + and the size of buffer returned CertSubject= on output.=0D +=0D + @retval TRUE The certificate issuer retrieved successfully.=0D + @retval FALSE Invalid certificate, or the CertIssuerSize is too small = for the result.=0D + The CertIssuerSize will be updated with the required siz= e.=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetIssuerName (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *CertIssuer,=0D + IN OUT UINTN *CertIssuerSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the Signature Algorithm from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] Oid Signature Algorithm Object identifier b= uffer.=0D + @param[in,out] OidSize Signature Algorithm Object identifier b= uffer size=0D +=0D + @retval TRUE The certificate Extension data retrieved successf= ully.=0D + @retval FALSE If Cert is NULL.=0D + If OidSize is NULL.=0D + If Oid is not NULL and *OidSize is 0.=0D + If Certificate is invalid.=0D + @retval FALSE If no SignatureType.=0D + @retval FALSE If the Oid is NULL. The required buffer= size=0D + is returned in the OidSize.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetSignatureAlgorithm (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *Oid, OPTIONAL=0D + IN OUT UINTN *OidSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve Extension data from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[in] Oid Object identifier buffer=0D + @param[in] OidSize Object identifier buffer size=0D + @param[out] ExtensionData Extension bytes.=0D + @param[in, out] ExtensionDataSize Extension bytes size.=0D +=0D + @retval TRUE The certificate Extension data retrieve= d successfully.=0D + @retval FALSE If Cert is NULL.=0D + If ExtensionDataSize is NULL.=0D + If ExtensionData is not NULL and *Exten= sionDataSize is 0.=0D + If Certificate is invalid.=0D + @retval FALSE If no Extension entry match Oid.=0D + @retval FALSE If the ExtensionData is NULL. The requi= red buffer size=0D + is returned in the ExtensionDataSize pa= rameter.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetExtensionData (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + IN CONST UINT8 *Oid,=0D + IN UINTN OidSize,=0D + OUT UINT8 *ExtensionData,=0D + IN OUT UINTN *ExtensionDataSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the Extended Key Usage from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] Usage Key Usage bytes.=0D + @param[in, out] UsageSize Key Usage buffer sizs in bytes.=0D +=0D + @retval TRUE The Usage bytes retrieve successfully.= =0D + @retval FALSE If Cert is NULL.=0D + If CertSize is NULL.=0D + If Usage is not NULL and *UsageSize is = 0.=0D + If Cert is invalid.=0D + @retval FALSE If the Usage is NULL. The required buff= er size=0D + is returned in the UsageSize parameter.= =0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetExtendedKeyUsage (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *Usage,=0D + IN OUT UINTN *UsageSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the Validity from one X.509 certificate=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertIssuerSize is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[in] From notBefore Pointer to DateTime object.=0D + @param[in,out] FromSize notBefore DateTime object size.=0D + @param[in] To notAfter Pointer to DateTime object.=0D + @param[in,out] ToSize notAfter DateTime object size.=0D +=0D + Note: X509CompareDateTime to compare DateTime oject=0D + x509SetDateTime to get a DateTime object from a DateTimeStr=0D +=0D + @retval TRUE The certificate Validity retrieved successfully.=0D + @retval FALSE Invalid certificate, or Validity retrieve failed.=0D + @retval FALSE This interface is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetValidity (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + IN UINT8 *From,=0D + IN OUT UINTN *FromSize,=0D + IN UINT8 *To,=0D + IN OUT UINTN *ToSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Format a DateTime object into DataTime Buffer=0D +=0D + If DateTimeStr is NULL, then return FALSE.=0D + If DateTimeSize is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ=0D + Ref: https://www.w3.org/TR/NOTE-datetim= e=0D + Z stand for UTC time=0D + @param[out] DateTime Pointer to a DateTime object.=0D + @param[in,out] DateTimeSize DateTime object buffer size.=0D +=0D + @retval TRUE The DateTime object create successfully= .=0D + @retval FALSE If DateTimeStr is NULL.=0D + If DateTimeSize is NULL.=0D + If DateTime is not NULL and *DateTimeSi= ze is 0.=0D + If Year Month Day Hour Minute Second co= mbination is invalid datetime.=0D + @retval FALSE If the DateTime is NULL. The required b= uffer size=0D + (including the final null) is returned = in the=0D + DateTimeSize parameter.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509SetDateTime (=0D + IN CHAR8 *DateTimeStr,=0D + OUT VOID *DateTime,=0D + IN OUT UINTN *DateTimeSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Compare DateTime1 object and DateTime2 object.=0D +=0D + If DateTime1 is NULL, then return -2.=0D + If DateTime2 is NULL, then return -2.=0D + If DateTime1 =3D=3D DateTime2, then return 0=0D + If DateTime1 > DateTime2, then return 1=0D + If DateTime1 < DateTime2, then return -1=0D +=0D + @param[in] DateTime1 Pointer to a DateTime Ojbect=0D + @param[in] DateTime2 Pointer to a DateTime Object=0D +=0D + @retval 0 If DateTime1 =3D=3D DateTime2=0D + @retval 1 If DateTime1 > DateTime2=0D + @retval -1 If DateTime1 < DateTime2=0D +**/=0D +INT32=0D +EFIAPI=0D +X509CompareDateTime (=0D + IN CONST VOID *DateTime1,=0D + IN CONST VOID *DateTime2=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return -3;=0D +}=0D +=0D +/**=0D + Retrieve the Key Usage from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] Usage Key Usage (CRYPTO_X509_KU_*)=0D +=0D + @retval TRUE The certificate Key Usage retrieved successfully.=0D + @retval FALSE Invalid certificate, or Usage is NULL=0D + @retval FALSE This interface is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetKeyUsage (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINTN *Usage=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Verify one X509 certificate was issued by the trusted CA.=0D + @param[in] RootCert Trusted Root Certificate buffer=0D +=0D + @param[in] RootCertLength Trusted Root Certificate buffer length= =0D + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates=0D + where the first certificate is signed = by the Root=0D + Certificate or is the Root Cerificate = itself. and=0D + subsequent cerificate is signed by the= preceding=0D + cerificate.=0D + @param[in] CertChainLength Total length of the certificate chain,= in bytes.=0D +=0D + @retval TRUE All cerificates was issued by the first certificate in X= 509Certchain.=0D + @retval FALSE Invalid certificate or the certificate was not issued by= the given=0D + trusted CA.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509VerifyCertChain (=0D + IN CONST UINT8 *RootCert,=0D + IN UINTN RootCertLength,=0D + IN CONST UINT8 *CertChain,=0D + IN UINTN CertChainLength=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Get one X509 certificate from CertChain.=0D +=0D + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates=0D + where the first certificate is signed = by the Root=0D + Certificate or is the Root Cerificate = itself. and=0D + subsequent cerificate is signed by the= preceding=0D + cerificate.=0D + @param[in] CertChainLength Total length of the certificate chain,= in bytes.=0D +=0D + @param[in] CertIndex Index of certificate.=0D +=0D + @param[out] Cert The certificate at the index of CertCh= ain.=0D + @param[out] CertLength The length certificate at the index of= CertChain.=0D +=0D + @retval TRUE Success.=0D + @retval FALSE Failed to get certificate from certificate chain.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetCertFromCertChain (=0D + IN CONST UINT8 *CertChain,=0D + IN UINTN CertChainLength,=0D + IN CONST INT32 CertIndex,=0D + OUT CONST UINT8 **Cert,=0D + OUT UINTN *CertLength=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the tag and length of the tag.=0D +=0D + @param Ptr The position in the ASN.1 data=0D + @param End End of data=0D + @param Length The variable that will receive the length=0D + @param Tag The expected tag=0D +=0D + @retval TRUE Get tag successful=0D + @retval FALSe Failed to get tag or tag not match=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Asn1GetTag (=0D + IN OUT UINT8 **Ptr,=0D + IN UINT8 *End,=0D + OUT UINTN *Length,=0D + IN UINT32 Tag=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the basic constraints from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509= certificate.=0D + @param[in] CertSize size of the X509 certificate in= bytes.=0D + @param[out] BasicConstraints basic constraints bytes.=0D + @param[in, out] BasicConstraintsSize basic constraints buffer sizs i= n bytes.=0D +=0D + @retval TRUE The basic constraints retrieve successf= ully.=0D + @retval FALSE If cert is NULL.=0D + If cert_size is NULL.=0D + If basic_constraints is not NULL and *b= asic_constraints_size is 0.=0D + If cert is invalid.=0D + @retval FALSE The required buffer size is small.=0D + The return buffer size is basic_constra= ints_size parameter.=0D + @retval FALSE If no Extension entry match oid.=0D + @retval FALSE The operation is not supported.=0D + **/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetExtendedBasicConstraints (=0D + CONST UINT8 *Cert,=0D + UINTN CertSize,=0D + UINT8 *BasicConstraints,=0D + UINTN *BasicConstraintsSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D --=20 2.26.2.windows.1 |
|
|