From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.93; helo=mga11.intel.com; envelope-from=qin.long@intel.com; receiver=edk2-devel@lists.01.org Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id B50D12034EE0C for ; Mon, 6 Nov 2017 18:27:28 -0800 (PST) Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Nov 2017 18:31:27 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.44,355,1505804400"; d="scan'208";a="1215073170" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by fmsmga001.fm.intel.com with ESMTP; 06 Nov 2017 18:31:27 -0800 Received: from fmsmsx119.amr.corp.intel.com (10.18.124.207) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.319.2; Mon, 6 Nov 2017 18:31:27 -0800 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by FMSMSX119.amr.corp.intel.com (10.18.124.207) with Microsoft SMTP Server (TLS) id 14.3.319.2; Mon, 6 Nov 2017 18:31:26 -0800 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.213]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.159]) with mapi id 14.03.0319.002; Tue, 7 Nov 2017 10:31:24 +0800 From: "Long, Qin" To: "Chen, Chen A" , "edk2-devel@lists.01.org" CC: "Zhang, Chao B" Thread-Topic: [edk2] [PATCH 2/2] SecurityPkg/AuthVariableLib: Use EFI_CERT_DATA to parse certificate Thread-Index: AQHTV2RzjT9cBy4ll0iA0KDSqMVVn6MIMiYw Date: Tue, 7 Nov 2017 02:31:25 +0000 Message-ID: References: <20171107010451.15524-1-chen.a.chen@intel.com> In-Reply-To: <20171107010451.15524-1-chen.a.chen@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH 2/2] SecurityPkg/AuthVariableLib: Use EFI_CERT_DATA to parse certificate X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Nov 2017 02:27:28 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Long Qin Best Regards & Thanks, LONG, Qin -----Original Message----- From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of chen= c2 Sent: Tuesday, November 7, 2017 9:05 AM To: edk2-devel@lists.01.org Cc: Zhang, Chao B ; Long, Qin Subject: [edk2] [PATCH 2/2] SecurityPkg/AuthVariableLib: Use EFI_CERT_DATA = to parse certificate The function Pkcs7GetSigners return certificate stack as binary buffer. Use EFI_CERT_DATA to parsing certificate stack more clearly, and access cer= tificate by the field of EFI_CERT_DATA structure. Cc: Long Qin Cc: Zhang Chao Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: chenc2 --- SecurityPkg/Library/AuthVariableLib/AuthService.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPk= g/Library/AuthVariableLib/AuthService.c index 6cbeb98535..213a524f27 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c @@ -1828,6 +1828,7 @@ VerifyTimeBasedPayload ( UINT8 *CertsInCertDb; UINT32 CertsSizeinDb; UINT8 Sha256Digest[SHA256_DIGEST_SIZE]; + EFI_CERT_DATA *CertDataPtr; =20 // // 1. TopLevelCert is the top-level issuer certificate in signature Sign= er Cert Chain @@ -1841,6 +1842,7 @@ VerifyTimeBasedPayload ( SignerCerts =3D NULL; TopLevelCert =3D NULL; CertsInCertDb =3D NULL; + CertDataPtr =3D NULL; =20 // // When the attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS= is @@ -2098,9 +2100,10 @@ VerifyTimeBasedPayload ( // // Check hash of signer cert CommonName + Top-level issuer tbsCert= ificate against data in CertDb // + CertDataPtr =3D (EFI_CERT_DATA *)(SignerCerts + 1); Status =3D CalculatePrivAuthVarSignChainSHA256Digest( - SignerCerts + sizeof(UINT8) + sizeof(UINT32), - ReadUnaligned32 ((UINT32 *)(SignerCerts + sizeof(UINT8)= )), + CertDataPtr->CertDataBuffer, + ReadUnaligned32 ((UINT32=20 + *)&(CertDataPtr->CertDataLength)), TopLevelCert, TopLevelCertSize, Sha256Digest @@ -2135,12 +2138,13 @@ VerifyTimeBasedPayload ( // // When adding a new common authenticated variable, always save Hash= of cn of signer cert + tbsCertificate of Top-level issuer // + CertDataPtr =3D (EFI_CERT_DATA *)(SignerCerts + 1); Status =3D InsertCertsToDb ( VariableName, VendorGuid, Attributes, - SignerCerts + sizeof(UINT8) + sizeof(UINT32), - ReadUnaligned32 ((UINT32 *)(SignerCerts + sizeof(UINT8)))= , + CertDataPtr->CertDataBuffer, + ReadUnaligned32 ((UINT32=20 + *)&(CertDataPtr->CertDataLength)), TopLevelCert, TopLevelCertSize ); -- 2.13.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel