From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.65; helo=mga03.intel.com; envelope-from=jiewen.yao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 690902035D11E for ; Mon, 6 Nov 2017 18:39:54 -0800 (PST) Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Nov 2017 18:43:53 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.44,355,1505804400"; d="scan'208";a="1215077323" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by fmsmga001.fm.intel.com with ESMTP; 06 Nov 2017 18:43:53 -0800 Received: from fmsmsx114.amr.corp.intel.com (10.18.116.8) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.319.2; Mon, 6 Nov 2017 18:43:52 -0800 Received: from shsmsx152.ccr.corp.intel.com (10.239.6.52) by FMSMSX114.amr.corp.intel.com (10.18.116.8) with Microsoft SMTP Server (TLS) id 14.3.319.2; Mon, 6 Nov 2017 18:43:52 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.175]) by SHSMSX152.ccr.corp.intel.com ([169.254.6.93]) with mapi id 14.03.0319.002; Tue, 7 Nov 2017 10:43:50 +0800 From: "Yao, Jiewen" To: "Long, Qin" , "Chen, Chen A" , "edk2-devel@lists.01.org" CC: "Zhang, Chao B" Thread-Topic: [PATCH 1/2] CryptoPkg/BaseCryptLib: Add C-structure to matching certificate stack Thread-Index: AQHTV3B+QF3pDfxVyEeDmqx0sJXI7KMINYTw Date: Tue, 7 Nov 2017 02:43:49 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503AA127AD@shsmsx102.ccr.corp.intel.com> References: <20171107010437.17404-1-chen.a.chen@intel.com> In-Reply-To: Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMTFiY2I3MGItOWQ2Ni00MTc5LWE1NTItMzY5NjY2ODdmOTM0IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjIuNS4xOCIsIlRydXN0ZWRMYWJlbEhhc2giOiJ3emJza3duUkFyMStUdjVuWlVHZUxzeFRQeFBDam9NY3R6N3FXZ0REckdRUWRNOG9IcHI2ckNZZktvM3l3OEd2In0= x-ctpclassification: CTP_IC dlp-product: dlpe-windows dlp-version: 11.0.0.116 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH 1/2] CryptoPkg/BaseCryptLib: Add C-structure to matching certificate stack X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Nov 2017 02:39:54 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable It is good to document this data structure. Reviewed-by: Jiewen.yao@intel.com > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Lo= ng, > Qin > Sent: Tuesday, November 7, 2017 10:31 AM > To: Chen, Chen A ; edk2-devel@lists.01.org > Cc: Zhang, Chao B > Subject: Re: [edk2] [PATCH 1/2] CryptoPkg/BaseCryptLib: Add C-structure t= o > matching certificate stack >=20 > Reviewed-by: Long Qin >=20 > One minor comment: please leave one space before the structure name: > +} EFI_CERT_DATA; > and > +} EFI_CERT_STACK; >=20 >=20 > Best Regards & Thanks, > LONG, Qin >=20 > -----Original Message----- > From: Chen, Chen A > Sent: Tuesday, November 7, 2017 9:05 AM > To: edk2-devel@lists.01.org > Cc: Chen, Chen A ; Long, Qin ; > Zhang, Chao B > Subject: [PATCH 1/2] CryptoPkg/BaseCryptLib: Add C-structure to matching > certificate stack >=20 > The parameter CertStack of Pkcs7GetSigners will return all embedded X.509 > certificate in one given PKCS7 signature. The format is: > // > // UINT8 CertNumber; > // UINT32 Cert1Length; > // UINT8 Cert1[]; > // UINT32 Cert2Length; > // UINT8 Cert2[]; > // ... > // UINT32 CertnLength; > // UINT8 Certn[]; > // > Add EFI_CERT_STACK and EFI_CERT_DATA structure, these two C-structure are > used for parsing CertStack more clearly. >=20 > Cc: Long Qin > Cc: Zhang Chao > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: chenc2 > --- > CryptoPkg/Include/Library/BaseCryptLib.h | 33 > ++++++++++++++++++++++ > .../Library/BaseCryptLib/Pk/CryptPkcs7Verify.c | 3 ++ > .../Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c | 3 ++ > 3 files changed, 39 insertions(+) >=20 > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > b/CryptoPkg/Include/Library/BaseCryptLib.h > index e2b6a95666..3fd9a3c911 100644 > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > @@ -2377,6 +2377,36 @@ Pkcs5HashPassword ( > ); >=20 > /** > + The 3rd parameter of Pkcs7GetSigners will return all embedded > + X.509 certificate in one given PKCS7 signature. The format is: > + // > + // UINT8 CertNumber; > + // UINT32 Cert1Length; > + // UINT8 Cert1[]; > + // UINT32 Cert2Length; > + // UINT8 Cert2[]; > + // ... > + // UINT32 CertnLength; > + // UINT8 Certn[]; > + // > + > + The two following C-structure are used for parsing CertStack more clea= rly. > +**/ > +#pragma pack(1) > + > +typedef struct { > + UINT32 CertDataLength; // The length in bytes of X.509 certif= icate. > + UINT8 CertDataBuffer[0]; // The X.509 certificate content (DER)= . > +}EFI_CERT_DATA; > + > +typedef struct { > + UINT8 CertNumber; // Number of X.509 certificate. > + //EFI_CERT_DATA CertArray[]; // An array of X.509 certificate. > +}EFI_CERT_STACK; > + > +#pragma pack() > + > +/** > Get the signer's certificates from PKCS#7 signed data as described in = "PKCS #7: > Cryptographic Message Syntax Standard". The input signed data could be > wrapped > in a ContentInfo structure. > @@ -2390,6 +2420,7 @@ Pkcs5HashPassword ( > @param[out] CertStack Pointer to Signer's certificates retrieved fr= om > P7Data. > It's caller's responsibility to free the buff= er with > Pkcs7FreeSigners(). > + This data structure is EFI_CERT_STACK type. > @param[out] StackLength Length of signer's certificates in bytes. > @param[out] TrustedCert Pointer to a trusted certificate from Signer'= s > certificates. > It's caller's responsibility to free the buff= er with > @@ -2437,9 +2468,11 @@ Pkcs7FreeSigners ( > @param[out] SignerChainCerts Pointer to the certificates list chained= to > signer's > certificate. It's caller's responsibilit= y to free > the buffer > with Pkcs7FreeSigners(). > + This data structure is EFI_CERT_STACK > type. > @param[out] ChainLength Length of the chained certificates list > buffer in bytes. > @param[out] UnchainCerts Pointer to the unchained certificates li= sts. > It's caller's > responsibility to free the buffer with > Pkcs7FreeSigners(). > + This data structure is EFI_CERT_STACK > type. > @param[out] UnchainLength Length of the unchained certificates lis= t > buffer in bytes. >=20 > @retval TRUE The operation is finished successfully. > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c > index 296df028b1..fe8e5950f9 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c > @@ -242,6 +242,7 @@ _Exit: > @param[out] CertStack Pointer to Signer's certificates retrieved fr= om > P7Data. > It's caller's responsibility to free the buff= er with > Pkcs7FreeSigners(). > + This data structure is EFI_CERT_STACK type. > @param[out] StackLength Length of signer's certificates in bytes. > @param[out] TrustedCert Pointer to a trusted certificate from Signer'= s > certificates. > It's caller's responsibility to free the buff= er with > @@ -442,9 +443,11 @@ Pkcs7FreeSigners ( > @param[out] SignerChainCerts Pointer to the certificates list chained= to > signer's > certificate. It's caller's responsibilit= y to free > the buffer > with Pkcs7FreeSigners(). > + This data structure is EFI_CERT_STACK > type. > @param[out] ChainLength Length of the chained certificates list > buffer in bytes. > @param[out] UnchainCerts Pointer to the unchained certificates li= sts. > It's caller's > responsibility to free the buffer with > Pkcs7FreeSigners(). > + This data structure is EFI_CERT_STACK > type. > @param[out] UnchainLength Length of the unchained certificates lis= t > buffer in bytes. >=20 > @retval TRUE The operation is finished successfully. > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c > index d3e8ec89a7..5490b1f3d6 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c > @@ -27,6 +27,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, > EITHER EXPRESS OR IMPLIED. > @param[out] CertStack Pointer to Signer's certificates retrieved fr= om > P7Data. > It's caller's responsibility to free the buff= er with > Pkcs7FreeSigners(). > + This data structure is EFI_CERT_STACK type. > @param[out] StackLength Length of signer's certificates in bytes. > @param[out] TrustedCert Pointer to a trusted certificate from Signer'= s > certificates. > It's caller's responsibility to free the buff= er with > @@ -79,9 +80,11 @@ Pkcs7FreeSigners ( > @param[out] SignerChainCerts Pointer to the certificates list chained= to > signer's > certificate. It's caller's responsibilit= y to free > the buffer > with Pkcs7FreeSigners(). > + This data structure is EFI_CERT_STACK > type. > @param[out] ChainLength Length of the chained certificates list > buffer in bytes. > @param[out] UnchainCerts Pointer to the unchained certificates li= sts. > It's caller's > responsibility to free the buffer with > Pkcs7FreeSigners(). > + This data structure is EFI_CERT_STACK > type. > @param[out] UnchainLength Length of the unchained certificates lis= t > buffer in bytes. >=20 > @retval TRUE The operation is finished successfully. > -- > 2.13.2.windows.1 >=20 > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel