From: Zhichao Gao <zhichao.gao@intel.com>
To: edk2-devel@lists.01.org
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>,
Ting Ye <ting.ye@intel.com>, Gang Wei <gang.wei@intel.com>,
Wang Jian J <jian.j.wang@intel.com>,
Liming Gao <liming.gao@intel.com>,
Sean Brogan <sean.brogan@microsoft.com>,
Michael Turner <Michael.Turner@microsoft.com>
Subject: [PATCH 2/6] CryptoPkg/BaseCryptLib: Add new API to get organization name
Date: Mon, 25 Mar 2019 12:01:09 +0800 [thread overview]
Message-ID: <20190325040113.18848-3-zhichao.gao@intel.com> (raw)
In-Reply-To: <20190325040113.18848-1-zhichao.gao@intel.com>
From: Bret Barkelew <Bret.Barkelew@microsoft.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1401
Implement a common function to get the NID name. And use
this function to get common name and organization name.
Add a null function API X509GetOrganizationName of null
function source file.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Gang Wei <gang.wei@intel.com>
Cc: Wang Jian J <jian.j.wang@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael Turner <Michael.Turner@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
---
CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 102 +++++++++++++++++++---
CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c | 32 +++++++
2 files changed, 122 insertions(+), 12 deletions(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
index 75337ed32b..bcdefabbb7 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
@@ -298,10 +298,11 @@ _Exit:
}
/**
- Retrieve the common name (CN) string from one X.509 certificate.
+ Retrieve a string from one X.509 certificate base on the Request_NID.
@param[in] Cert Pointer to the DER-encoded X509 certificate.
@param[in] CertSize Size of the X509 certificate in bytes.
+ @param[in] Request_NID NID of string to obtain
@param[out] CommonName Buffer to contain the retrieved certificate common
name string (UTF8). At most CommonNameSize bytes will be
written and the string will be null terminated. May be
@@ -316,20 +317,21 @@ _Exit:
If CommonNameSize is NULL.
If CommonName is not NULL and *CommonNameSize is 0.
If Certificate is invalid.
- @retval RETURN_NOT_FOUND If no CommonName entry exists.
+ @retval RETURN_NOT_FOUND If no NID Name entry exists.
@retval RETURN_BUFFER_TOO_SMALL If the CommonName is NULL. The required buffer size
(including the final null) is returned in the
CommonNameSize parameter.
@retval RETURN_UNSUPPORTED The operation is not supported.
**/
+STATIC
RETURN_STATUS
-EFIAPI
-X509GetCommonName (
- IN CONST UINT8 *Cert,
- IN UINTN CertSize,
- OUT CHAR8 *CommonName, OPTIONAL
- IN OUT UINTN *CommonNameSize
+InternalX509GetNIDName (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ IN INT32 Request_NID,
+ OUT CHAR8 *CommonName, OPTIONAL
+ IN OUT UINTN *CommonNameSize
)
{
RETURN_STATUS ReturnStatus;
@@ -381,12 +383,12 @@ X509GetCommonName (
}
//
- // Retrieve the CommonName information from X.509 Subject
+ // Retrive the string from X.509 Subject base on the Request_NID
//
- Index = X509_NAME_get_index_by_NID (X509Name, NID_commonName, -1);
+ Index = X509_NAME_get_index_by_NID (X509Name, Request_NID, -1);
if (Index < 0) {
//
- // No CommonName entry exists in X509_NAME object
+ // No Request_NID name entry exists in X509_NAME object
//
*CommonNameSize = 0;
ReturnStatus = RETURN_NOT_FOUND;
@@ -408,7 +410,7 @@ X509GetCommonName (
Length = ASN1_STRING_to_UTF8 (&UTF8Name, EntryData);
if (Length < 0) {
//
- // Fail to convert the commonName string
+ // Fail to convert the Name string
//
*CommonNameSize = 0;
ReturnStatus = RETURN_INVALID_PARAMETER;
@@ -439,6 +441,82 @@ _Exit:
return ReturnStatus;
}
+/**
+ Retrieve the common name (CN) string from one X.509 certificate.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[out] CommonName Buffer to contain the retrieved certificate common
+ name string. At most CommonNameSize bytes will be
+ written and the string will be null terminated. May be
+ NULL in order to determine the size buffer needed.
+ @param[in,out] CommonNameSize The size in bytes of the CommonName buffer on input,
+ and the size of buffer returned CommonName on output.
+ If CommonName is NULL then the amount of space needed
+ in buffer (including the final null) is returned.
+
+ @retval RETURN_SUCCESS The certificate CommonName retrieved successfully.
+ @retval RETURN_INVALID_PARAMETER If Cert is NULL.
+ If CommonNameSize is NULL.
+ If CommonName is not NULL and *CommonNameSize is 0.
+ If Certificate is invalid.
+ @retval RETURN_NOT_FOUND If no CommonName entry exists.
+ @retval RETURN_BUFFER_TOO_SMALL If the CommonName is NULL. The required buffer size
+ (including the final null) is returned in the
+ CommonNameSize parameter.
+ @retval RETURN_UNSUPPORTED The operation is not supported.
+
+**/
+RETURN_STATUS
+EFIAPI
+X509GetCommonName (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ OUT CHAR8 *CommonName, OPTIONAL
+ IN OUT UINTN *CommonNameSize
+ )
+{
+ return InternalX509GetNIDName (Cert, CertSize, NID_commonName, CommonName, CommonNameSize);
+}
+
+/**
+ Retrieve the organization name (ON) string from one X.509 certificate.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[out] NameBuffer Buffer to contain the retrieved certificate organization
+ name string. At most NameBufferSize bytes will be
+ written and the string will be null terminated. May be
+ NULL in order to determine the size buffer needed.
+ @param[in,out] NameBufferSize The size in bytes of the Name buffer on input,
+ and the size of buffer returned Name on output.
+ If NameBuffer is NULL then the amount of space needed
+ in buffer (including the final null) is returned.
+
+ @retval RETURN_SUCCESS The certificate Organization Name retrieved successfully.
+ @retval RETURN_INVALID_PARAMETER If Cert is NULL.
+ If NameBufferSize is NULL.
+ If NameBuffer is not NULL and *CommonNameSize is 0.
+ If Certificate is invalid.
+ @retval RETURN_NOT_FOUND If no Organization Name entry exists.
+ @retval RETURN_BUFFER_TOO_SMALL If the NameBuffer is NULL. The required buffer size
+ (including the final null) is returned in the
+ CommonNameSize parameter.
+ @retval RETURN_UNSUPPORTED The operation is not supported.
+
+**/
+RETURN_STATUS
+EFIAPI
+X509GetOrganizationName (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ OUT CHAR8 *NameBuffer, OPTIONAL
+ IN OUT UINTN *NameBufferSize
+ )
+{
+ return InternalX509GetNIDName (Cert, CertSize, NID_organizationName, NameBuffer, NameBufferSize);
+}
+
/**
Retrieve the RSA Public Key from one DER-encoded X509 certificate.
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c
index 31cae46154..cfbb02791f 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c
@@ -159,6 +159,38 @@ X509GetCommonName (
return RETURN_UNSUPPORTED;
}
+/**
+ Retrieve the organization name (ON) string from one X.509 certificate.
+
+ Return RETURN_UNSUPPORTED to indicate this interface is not supported.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[out] NameBuffer Buffer to contain the retrieved certificate organization
+ name string. At most NameBufferSize bytes will be
+ written and the string will be null terminated. May be
+ NULL in order to determine the size buffer needed.
+ @param[in,out] NameBufferSize The size in bytes of the Name buffer on input,
+ and the size of buffer returned Name on output.
+ If NameBuffer is NULL then the amount of space needed
+ in buffer (including the final null) is returned.
+
+ @retval RETURN_UNSUPPORTED The operation is not supported.
+
+**/
+RETURN_STATUS
+EFIAPI
+X509GetOrganizationName (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ OUT CHAR8 *NameBuffer, OPTIONAL
+ IN OUT UINTN *NameBufferSize
+ )
+{
+ ASSERT (FALSE);
+ return RETURN_UNSUPPORTED;
+}
+
/**
Retrieve the RSA Public Key from one DER-encoded X509 certificate.
--
2.16.2.windows.1
next prev parent reply other threads:[~2019-03-25 4:01 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-25 4:01 [PATCH 0/6] Add new APIs for BaseCryptLib Zhichao Gao
2019-03-25 4:01 ` [PATCH 1/6] CryptoPkg/BaseCryptLib.h: Add new API to get organization name Zhichao Gao
2019-03-25 4:01 ` Zhichao Gao [this message]
2019-03-25 4:01 ` [PATCH 3/6] CryptoPkg/BaseCryptLib.h: Add new API VerifyEKUsInPkcs7Signature Zhichao Gao
2019-03-25 4:01 ` [PATCH 4/6] CryptoPkg/BaseCryptLib: " Zhichao Gao
2019-03-25 4:01 ` [PATCH 5/6] CryptoPkg/BaseCryptLib.h: Add PKCS1v2 (RSAES-OAEP) support Zhichao Gao
2019-03-25 4:01 ` [PATCH 6/6] CryptoPkg/BaseCryptLib: " Zhichao Gao
2019-03-25 8:22 ` [PATCH 0/6] Add new APIs for BaseCryptLib Yao, Jiewen
2019-03-28 4:04 ` Gao, Zhichao
2019-04-17 5:57 ` [edk2] " Gao, Zhichao
2019-04-17 6:09 ` Wang, Jian J
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190325040113.18848-3-zhichao.gao@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox