From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web09.2765.1665376259875015863 for ; Sun, 09 Oct 2022 21:30:59 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=HmqUnHyC; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: qi1.zhang@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1665376259; x=1696912259; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=20Exjvcf1Q4bJYCoyegsd9bEEVI7VL6vLJ451QFc7Rg=; b=HmqUnHyCVxdplhr1UV5gA1dlbj1AXlKfd88glyQAJRudBYzJpeMvZunU DfaULsanoK6Axu0f7lUyk1Aforz23YWl8B9KcmV/SF30qdtlBv2aCBqD5 +XqLIJ0g8slXB9VbroK/e3f6IEq3+ugPgNu8UUBHt+yXgvT7woHIrwQJF sFlIjjthWBmgSCmvMGLeW3VE9nvKcxI491yp94j9F43djV2H4lIuY04uy FW1on5EkeZChcdeo0GfAf7LiRC0GSmG8WcKe/aVa+icnO0g8H9jwZXkS3 vkHqbHRGIhrDPY8e5BeSMj+xNQPEX90l4fY5NMDra5pevyhStWhYqI9R5 w==; X-IronPort-AV: E=McAfee;i="6500,9779,10495"; a="304125150" X-IronPort-AV: E=Sophos;i="5.95,172,1661842800"; d="scan'208";a="304125150" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Oct 2022 21:30:58 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10495"; a="656798340" X-IronPort-AV: E=Sophos;i="5.95,172,1661842800"; d="scan'208";a="656798340" Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by orsmga008.jf.intel.com with ESMTP; 09 Oct 2022 21:30:58 -0700 Received: from orsmsx607.amr.corp.intel.com (10.22.229.20) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Sun, 9 Oct 2022 21:30:58 -0700 Received: from orsmsx607.amr.corp.intel.com (10.22.229.20) by ORSMSX607.amr.corp.intel.com (10.22.229.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Sun, 9 Oct 2022 21:30:58 -0700 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx607.amr.corp.intel.com (10.22.229.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Frontend Transport; Sun, 9 Oct 2022 21:30:58 -0700 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.170) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2375.31; Sun, 9 Oct 2022 21:30:57 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AVkPPWdeLdgw7imYoSWrp+RKJQ4cZ9cmQTUkMX4eLvThNufHWNnJ0kiU4WHc0HhYaQKS1nqCJkx7C0nWDsqhI7vDbc6DtXX+t7Q4yKKYyHxiG9tXid6ALkdGxxS9ifvGXrFfIJcnP1OVHAy+N+ko/08utfM3cyI1vSfY43fxFdxvjb2jmyzUAfc4dTCfi9WpSxka8lVFSOMb0YWXo+YPabb9qpq3AdOyLkrnBzEXecSoIx4gdm55oxAQV/v4s/x2Qd8szuTzZfAfCistDREDmlA4Qh9VZ3np+fwO3gD36tncdNSFD5ORIF69qgb4M0gUVtcpIZ5fJSptAVXy4hZNgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zHc5fTDbK1nNMYB6yLuRyC/repS4BjIUWGMcH7W189c=; b=oQYPXaZ84o6r6XfSbwwbGMFz17kC8mNXWc6hIQXQ1eWZmisSISbpgRmlKONtPOAO13xbNH/vgomVa2YMNNoXax1VimdlvvBb9911fsZICnNck30f08vnyeb9ok8oMrw2lKRsSH2+jUv7BM2+VC77BtI2gRvsgydAJYg3+XR3OQsLsvbfJ4UW35XVqwdCujReTC7bi6NujSVPAA6saJkyWtaPl80fR9SoSJcTLC2QH5byiHj8iyK01Ujp/wBZzT3Fy8DQfWcbLjgSq561w8P8tjvhM4SJjOD3oxpzyfJw4KhPhpkEqapQEzdLdABgCQZOAX4vupNhM5g3wsJvQFiVjw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from DM8PR11MB5750.namprd11.prod.outlook.com (2603:10b6:8:11::17) by CY8PR11MB7194.namprd11.prod.outlook.com (2603:10b6:930:92::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5709.15; Mon, 10 Oct 2022 04:30:56 +0000 Received: from DM8PR11MB5750.namprd11.prod.outlook.com ([fe80::ca3b:e627:26b5:2ef0]) by DM8PR11MB5750.namprd11.prod.outlook.com ([fe80::ca3b:e627:26b5:2ef0%4]) with mapi id 15.20.5709.015; Mon, 10 Oct 2022 04:30:56 +0000 From: "Qi Zhang" To: "Yao, Jiewen" , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Lu, Xiaoyu1" , "Jiang, Guomin" Subject: Re: [PATCH 1/4] CryptoPkg: add new X509 function definition. Thread-Topic: [PATCH 1/4] CryptoPkg: add new X509 function definition. Thread-Index: AQHY0LxuRe0Ezw/YkEO2r6keHyAGga4G3pOAgAA/afA= Date: Mon, 10 Oct 2022 04:30:55 +0000 Message-ID: References: <9c16b21a486203e1abfc07b89c4935c981e7ef71.1664095355.git.qi1.zhang@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: DM8PR11MB5750:EE_|CY8PR11MB7194:EE_ x-ms-office365-filtering-correlation-id: 36e8dd78-8c22-42f9-cf79-08daaa78393a x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: u0YOUoTGkewInfM8Buxc/922EylhDicEW+brd0JyAzK/th/GodmWsl6qWj4VEKu62esnRR7S3uB2wVoqZGJVs87lyNxeNdVEjg8YLpdgKEofzKhA1eJdyG8lDjMWv6dYI5iM2tEIUMyIN3/Oa0yTNvyKQu78TPxk+xyrWaaridt4m6lPiColBq9+Oh8V6mwgl2lV8tgprnJJBm75lIG13gGQFl/+5U8byhBKWPO2XAHc62uboVJpShATY2wqVfLktBphs0RN8s9nHPJ6lVPO5yGCiYE03UTAHFL5yqDPX+xWt0v8IfrX5frezzMnfmNGoVO45QBQW+2B+0xJPiSHgK+TyU+M9A31utZb//KJpRIDJPx37h1pP4Hr6q7eO6S44U0NW2s+19+JmLDrK2D3GcWkfgkqYUzz+Vzb9Vj9N9fdOCvbZRWhLcMLY9/jeSYp3YveSKTUptY5Wf5sV3nszT4sWqq3mXECcatG63nlzCyCNsNFzlsto3WdOtsFAZmmL/tLToF5Z6mShLJq+EMtID5kBLBZ+n5IJkREAlrMkELKcVHpiVhjUqzDtTZW2FPnqs8C2PC+OUMj6T8pd3QB+eELUAJefL91jTwz51otWWc22r7H83R8GUpf3/lNGQvSE/HfWiCwKBOv1pNd5J2Rm2oOpQOWegntfWSolT1FokKACKT1m4VYeQwy+kWrgumwoGmcUpgypuk+qhoWnTc7YXI33Y1zxr6BVa+XT/1OYxqIihqDuvR6CyGlIVE6powuxf84Fkad8DRV7Lb1YC1A+3aZmzTPvdClf2oC5xRWlDqrO3rW2WSZF2uDePfvmlcVT9/JyAkNY47WS9hp4d9qug== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM8PR11MB5750.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(346002)(136003)(366004)(39860400002)(376002)(396003)(451199015)(316002)(30864003)(19627235002)(76116006)(66556008)(66946007)(66446008)(86362001)(66476007)(64756008)(5660300002)(2906002)(8936002)(8676002)(52536014)(33656002)(110136005)(4326008)(41300700001)(186003)(38100700002)(54906003)(83380400001)(55016003)(38070700005)(71200400001)(478600001)(122000001)(966005)(82960400001)(9686003)(26005)(7696005)(6506007)(107886003)(53546011);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?6MBQoNXk5HzUWKzl2fmS8fDV6nb9jsDtxTRGEDqb+ZCJP+zRsY8u1y+4N6mi?= =?us-ascii?Q?dvyQ+coY3O1cBt0o4jysUJJotawmdqgT1+YI5kOvXetjgzJP2s4YL7NyAzSI?= =?us-ascii?Q?T1+Hh65eCeaBUpUb/e6pw77xZNOExUGnX2rU2O4+29mz3an/S5AG/UF5cEAz?= =?us-ascii?Q?RthAeB9aQ+yTCCQVnBsiPOUkhjmJ6X6pC3RcNVOB5LA+xGRL0Wo4rk8JxMSX?= =?us-ascii?Q?L5W8ItIPQo+R5jmA2bOy7pLm54vDkx11K1db2EBv1astyu7tlpiWD3zwj/kI?= =?us-ascii?Q?YDYfUOQEGaaik+uoyrmMWsL5JEVgdRUiM4bF/V5HPFQ5+Ql00i73pGiZqHrJ?= =?us-ascii?Q?/tuFreRZTkWdUalXmiwSacEkmcntbr2WdJrXkg9w7cOplyZVcnGRNPRQhukq?= =?us-ascii?Q?j+QnhihgUd38Akuc510fdRNA8BoJVkxvHm1qGFfy2mDGv1o24fjY/McmyXBr?= =?us-ascii?Q?KGj9gGmMhxFub2DzS93UuHdkuMWu3klE0bWk1jgO8QOEnP2vYWKv1KD7IrPl?= =?us-ascii?Q?DeC0s4AjnQf5esjcINZo3kiRIWrKrTDRYPxlKqQ6CGLVcInpC4dsO5RVPzUb?= =?us-ascii?Q?yIOZQXPernDr08efi7dsmkyTPT4NvWnm0ASJd7tbo84IpvLUR66eoJOlr2SV?= =?us-ascii?Q?FgZSsFozm1hGWKiYr0jEKXnEz9ezZ/mdEo8MVpIjtacHZpPnLY2c2att6fos?= =?us-ascii?Q?gi2KQOX1+zRLjmzhUSZIeuLr0IAA+bNS0GoddWGE9x31QSw9MP3/SZVnPTAn?= =?us-ascii?Q?45n2etIWoxdWC1fMmr0wzL5Fuk780FolTWHXZPdznm9qzErR62ixDqLmOmVe?= =?us-ascii?Q?cHdDcuGpmGJ3SRgoZ9Fy9fYI8+X8mXvc84JpZTch2OrXkbWheFm21h5xCteR?= =?us-ascii?Q?6W55yZ5hevyjPJODniKmyEaikXihwpNYU9ddYQgDRCKJU0ZgoYj0FDuvZkIE?= =?us-ascii?Q?TC+avfG3kZfkRE53o6GtIA4bDfS6v6diWsjER/IL7Zvn3UHZT2g+myMA7oJv?= =?us-ascii?Q?2SN3nUJG+Hfrcme7UgHv0h/EKjtSl9Fp6bB8CsDP2T0y4uNV6mNUrTILMQDe?= =?us-ascii?Q?ZDrk9OBbBRmWoQSEZD1iJTwMQlw3e56CVjiVQGPfFYwmt00QYyK1ucN075Gz?= =?us-ascii?Q?v3Naw5G5MvDyrZOw6Em8VgC22R702Z1aiYoXqQJxeNvR4O1vWynU9P3o175U?= =?us-ascii?Q?FQQzjqTzfmWacR0LJd8bTrTjUhPdBQoOptuZfB5jG9bUG98gIScqBkrFV+Ag?= =?us-ascii?Q?0TDeUuwtXYuSE4eIkgRxRincs6Wv8dJEb1ktme0HA3aEGtfF6I2uPjDrZoOS?= =?us-ascii?Q?A3OyMiwbI9eNLf42Fww8G5YjgOpx0lzkLzhJZMVil87qfMgEziP6RGI9P0c7?= =?us-ascii?Q?kn77VIVbcdfSPiCf+fkP6rZ5v58TYe9E2jG+3e90Rontwg3ljWMPQ/nhGZ0V?= =?us-ascii?Q?UsaVAyV+ofYFZU9tb56Fp+sB2Mlpf5BiL6o1IZb0t7a2djmoFCT3Co3DIdUC?= =?us-ascii?Q?gdDOciVNBitcEX0meOYZDsgL0QEILP9tJ305sos/Abws+3+Vuz/jeDwVZcKI?= =?us-ascii?Q?nXlywNxaZVx0UTrPFWC74RtB+C4w/TuDJIcC5K72?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM8PR11MB5750.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 36e8dd78-8c22-42f9-cf79-08daaa78393a X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Oct 2022 04:30:55.9143 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: VkWLcvqxwoMWyV/9kPmu0ap48mWEcGP6dk6NSZRV5hO4xQXq9JWDWf5L73RxFC4NVQpl8yW6IFJvOSRNmuPz0A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR11MB7194 Return-Path: qi1.zhang@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Sorry for confusing. This function is to format DataTimeStr to a DataTime o= bject through DataTime buffer. So will change the function name to X509FormatDateTime() and modify this co= mment to "Format DataTimeStr to a DataTime object in DataTime buffer". Thanks! -----Original Message----- From: Yao, Jiewen =20 Sent: Monday, October 10, 2022 8:34 AM To: Zhang, Qi1 ; devel@edk2.groups.io Cc: Wang, Jian J ; Lu, Xiaoyu1 ; Jiang, Guomin Subject: RE: [PATCH 1/4] CryptoPkg: add new X509 function definition. Hi I feel the function name X509SetDateTime() is very confusing. From the func= tion comment, it means: "Format a DateTime object into DataTime Buffer". I also find the comment in X509GetValidity(), "x509SetDateTime to get a Dat= eTime object from a DateTimeStr" It seems "DataTimeStr" is " DateTime string like YYYYMMDDhhmmssZ " So what is the relationship among "DateTime object", "DateTime Buffer", and= "DateTime Str" ? > -----Original Message----- > From: Zhang, Qi1 > Sent: Sunday, September 25, 2022 4:54 PM > To: devel@edk2.groups.io > Cc: Zhang, Qi1 ; Yao, Jiewen=20 > ; Wang, Jian J ; Lu,=20 > Xiaoyu1 ; Jiang, Guomin > Subject: [PATCH 1/4] CryptoPkg: add new X509 function definition. >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4082 >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Xiaoyu Lu > Cc: Guomin Jiang > Signed-off-by: Qi Zhang > --- > CryptoPkg/Include/Library/BaseCryptLib.h | 374 > +++++++++++++++++++++++ > 1 file changed, 374 insertions(+) >=20 > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > b/CryptoPkg/Include/Library/BaseCryptLib.h > index 3026299e29..d7bf29c93f 100644 > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > @@ -2459,6 +2459,380 @@ ImageTimestampVerify ( > OUT EFI_TIME *SigningTime >=20 > ); >=20 >=20 >=20 > +/** >=20 > + Retrieve the version from one X.509 certificate. >=20 > + >=20 > + If Cert is NULL, then return FALSE. >=20 > + If CertSize is 0, then return FALSE. >=20 > + If this interface is not supported, then return FALSE. >=20 > + >=20 > + @param[in] Cert Pointer to the DER-encoded X509 certifica= te. >=20 > + @param[in] CertSize Size of the X509 certificate in bytes. >=20 > + @param[out] Version Pointer to the retrieved version integer. >=20 > + >=20 > + @retval TRUE The certificate version retrieved successfully. >=20 > + @retval FALSE If Cert is NULL or CertSize is Zero. >=20 > + @retval FALSE The operation is not supported. >=20 > + >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +X509GetVersion ( >=20 > + IN CONST UINT8 *Cert, >=20 > + IN UINTN CertSize, >=20 > + OUT UINTN *Version >=20 > + ); >=20 > + >=20 > +/** >=20 > + Retrieve the serialNumber from one X.509 certificate. >=20 > + >=20 > + If Cert is NULL, then return FALSE. >=20 > + If CertSize is 0, then return FALSE. >=20 > + If this interface is not supported, then return FALSE. >=20 > + >=20 > + @param[in] Cert Pointer to the DER-encoded X509 certifica= te. >=20 > + @param[in] CertSize Size of the X509 certificate in bytes. >=20 > + @param[out] SerialNumber Pointer to the retrieved certificate > SerialNumber bytes. >=20 > + @param[in, out] SerialNumberSize The size in bytes of the=20 > + SerialNumber > buffer on input, >=20 > + and the size of buffer returned SerialNum= ber on output. >=20 > + >=20 > + @retval TRUE The certificate serialNumber retrieve= d > successfully. >=20 > + @retval FALSE If Cert is NULL or CertSize is Zero. >=20 > + If SerialNumberSize is NULL. >=20 > + If Certificate is invalid. >=20 > + @retval FALSE If no SerialNumber exists. >=20 > + @retval FALSE If the SerialNumber is NULL. The requ= ired buffer > size >=20 > + (including the final null) is=20 > + returned in the >=20 > + SerialNumberSize parameter. >=20 > + @retval FALSE The operation is not supported. >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +X509GetSerialNumber ( >=20 > + IN CONST UINT8 *Cert, >=20 > + IN UINTN CertSize, >=20 > + OUT UINT8 *SerialNumber, OPTIONAL >=20 > + IN OUT UINTN *SerialNumberSize >=20 > + ); >=20 > + >=20 > +/** >=20 > + Retrieve the issuer bytes from one X.509 certificate. >=20 > + >=20 > + If Cert is NULL, then return FALSE. >=20 > + If CertIssuerSize is NULL, then return FALSE. >=20 > + If this interface is not supported, then return FALSE. >=20 > + >=20 > + @param[in] Cert Pointer to the DER-encoded X509 certifica= te. >=20 > + @param[in] CertSize Size of the X509 certificate in bytes. >=20 > + @param[out] CertIssuer Pointer to the retrieved certificate subje= ct > bytes. >=20 > + @param[in, out] CertIssuerSize The size in bytes of the CertIssuer=20 > + buffer > on input, >=20 > + and the size of buffer returned CertSubje= ct on output. >=20 > + >=20 > + @retval TRUE The certificate issuer retrieved successfully. >=20 > + @retval FALSE Invalid certificate, or the CertIssuerSize is too=20 > + small for > the result. >=20 > + The CertIssuerSize will be updated with the required s= ize. >=20 > + @retval FALSE This interface is not supported. >=20 > + >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +X509GetIssuerName ( >=20 > + IN CONST UINT8 *Cert, >=20 > + IN UINTN CertSize, >=20 > + OUT UINT8 *CertIssuer, >=20 > + IN OUT UINTN *CertIssuerSize >=20 > + ); >=20 > + >=20 > +/** >=20 > + Retrieve the Signature Algorithm from one X.509 certificate. >=20 > + >=20 > + @param[in] Cert Pointer to the DER-encoded X509 certi= ficate. >=20 > + @param[in] CertSize Size of the X509 certificate in bytes= . >=20 > + @param[out] Oid Signature Algorithm Object identifier= buffer. >=20 > + @param[in,out] OidSize Signature Algorithm Object identifier= buffer > size >=20 > + >=20 > + @retval TRUE The certificate Extension data retrieved succes= sfully. >=20 > + @retval FALSE If Cert is NULL. >=20 > + If OidSize is NULL. >=20 > + If Oid is not NULL and *OidSize is 0. >=20 > + If Certificate is invalid. >=20 > + @retval FALSE If no SignatureType. >=20 > + @retval FALSE If the Oid is NULL. The required buff= er size >=20 > + is returned in the OidSize. >=20 > + @retval FALSE The operation is not supported. >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +X509GetSignatureAlgorithm ( >=20 > + IN CONST UINT8 *Cert, >=20 > + IN UINTN CertSize, >=20 > + OUT UINT8 *Oid, OPTIONAL >=20 > + IN OUT UINTN *OidSize >=20 > + ); >=20 > + >=20 > +/** >=20 > + Retrieve Extension data from one X.509 certificate. >=20 > + >=20 > + @param[in] Cert Pointer to the DER-encoded X509 certi= ficate. >=20 > + @param[in] CertSize Size of the X509 certificate in bytes= . >=20 > + @param[in] Oid Object identifier buffer >=20 > + @param[in] OidSize Object identifier buffer size >=20 > + @param[out] ExtensionData Extension bytes. >=20 > + @param[in, out] ExtensionDataSize Extension bytes size. >=20 > + >=20 > + @retval TRUE The certificate Extension data retrie= ved > successfully. >=20 > + @retval FALSE If Cert is NULL. >=20 > + If ExtensionDataSize is NULL. >=20 > + If ExtensionData is not NULL and=20 > + *ExtensionDataSize is > 0. >=20 > + If Certificate is invalid. >=20 > + @retval FALSE If no Extension entry match Oid. >=20 > + @retval FALSE If the ExtensionData is NULL. The req= uired > buffer size >=20 > + is returned in the ExtensionDataSize = parameter. >=20 > + @retval FALSE The operation is not supported. >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +X509GetExtensionData ( >=20 > + IN CONST UINT8 *Cert, >=20 > + IN UINTN CertSize, >=20 > + IN CONST UINT8 *Oid, >=20 > + IN UINTN OidSize, >=20 > + OUT UINT8 *ExtensionData, >=20 > + IN OUT UINTN *ExtensionDataSize >=20 > + ); >=20 > + >=20 > +/** >=20 > + Retrieve the Validity from one X.509 certificate >=20 > + >=20 > + If Cert is NULL, then return FALSE. >=20 > + If CertIssuerSize is NULL, then return FALSE. >=20 > + If this interface is not supported, then return FALSE. >=20 > + >=20 > + @param[in] Cert Pointer to the DER-encoded X509 certifica= te. >=20 > + @param[in] CertSize Size of the X509 certificate in bytes. >=20 > + @param[in] From notBefore Pointer to DateTime object. >=20 > + @param[in,out] FromSize notBefore DateTime object size. >=20 > + @param[in] To notAfter Pointer to DateTime object. >=20 > + @param[in,out] ToSize notAfter DateTime object size. >=20 > + >=20 > + Note: X509CompareDateTime to compare DateTime oject >=20 > + x509SetDateTime to get a DateTime object from a DateTimeStr >=20 > + >=20 > + @retval TRUE The certificate Validity retrieved successfully. >=20 > + @retval FALSE Invalid certificate, or Validity retrieve failed. >=20 > + @retval FALSE This interface is not supported. >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +X509GetValidity ( >=20 > + IN CONST UINT8 *Cert, >=20 > + IN UINTN CertSize, >=20 > + IN UINT8 *From, >=20 > + IN OUT UINTN *FromSize, >=20 > + IN UINT8 *To, >=20 > + IN OUT UINTN *ToSize >=20 > + ); >=20 > + >=20 > +/** >=20 > + Format a DateTime object into DataTime Buffer >=20 > + >=20 > + If DateTimeStr is NULL, then return FALSE. >=20 > + If DateTimeSize is NULL, then return FALSE. >=20 > + If this interface is not supported, then return FALSE. >=20 > + >=20 > + @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ >=20 > + Ref:=20 > + https://www.w3.org/TR/NOTE-datetime >=20 > + Z stand for UTC time >=20 > + @param[out] DateTime Pointer to a DateTime object. >=20 > + @param[in,out] DateTimeSize DateTime object buffer size. >=20 > + >=20 > + @retval TRUE The DateTime object create successful= ly. >=20 > + @retval FALSE If DateTimeStr is NULL. >=20 > + If DateTimeSize is NULL. >=20 > + If DateTime is not NULL and *DateTime= Size is 0. >=20 > + If Year Month Day Hour Minute=20 > + Second combination is > invalid datetime. >=20 > + @retval FALSE If the DateTime is NULL. The required= buffer > size >=20 > + (including the final null) is=20 > + returned in the >=20 > + DateTimeSize parameter. >=20 > + @retval FALSE The operation is not supported. >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +X509SetDateTime ( >=20 > + IN CHAR8 *DateTimeStr, >=20 > + OUT VOID *DateTime, >=20 > + IN OUT UINTN *DateTimeSize >=20 > + ); >=20 > + >=20 > +/** >=20 > + Compare DateTime1 object and DateTime2 object. >=20 > + >=20 > + If DateTime1 is NULL, then return -2. >=20 > + If DateTime2 is NULL, then return -2. >=20 > + If DateTime1 =3D=3D DateTime2, then return 0 >=20 > + If DateTime1 > DateTime2, then return 1 >=20 > + If DateTime1 < DateTime2, then return -1 >=20 > + >=20 > + @param[in] DateTime1 Pointer to a DateTime Ojbect >=20 > + @param[in] DateTime2 Pointer to a DateTime Object >=20 > + >=20 > + @retval 0 If DateTime1 =3D=3D DateTime2 >=20 > + @retval 1 If DateTime1 > DateTime2 >=20 > + @retval -1 If DateTime1 < DateTime2 >=20 > +**/ >=20 > +INT32 >=20 > +EFIAPI >=20 > +X509CompareDateTime ( >=20 > + IN CONST VOID *DateTime1, >=20 > + IN CONST VOID *DateTime2 >=20 > + ); >=20 > + >=20 > +/** >=20 > + Retrieve the Key Usage from one X.509 certificate. >=20 > + >=20 > + @param[in] Cert Pointer to the DER-encoded X509 certi= ficate. >=20 > + @param[in] CertSize Size of the X509 certificate in bytes= . >=20 > + @param[out] Usage Key Usage (CRYPTO_X509_KU_*) >=20 > + >=20 > + @retval TRUE The certificate Key Usage retrieved successfully. >=20 > + @retval FALSE Invalid certificate, or Usage is NULL >=20 > + @retval FALSE This interface is not supported. >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +X509GetKeyUsage ( >=20 > + IN CONST UINT8 *Cert, >=20 > + IN UINTN CertSize, >=20 > + OUT UINTN *Usage >=20 > + ); >=20 > + >=20 > +/** >=20 > + Retrieve the Extended Key Usage from one X.509 certificate. >=20 > + >=20 > + @param[in] Cert Pointer to the DER-encoded X509 certi= ficate. >=20 > + @param[in] CertSize Size of the X509 certificate in bytes= . >=20 > + @param[out] Usage Key Usage bytes. >=20 > + @param[in, out] UsageSize Key Usage buffer sizs in bytes. >=20 > + >=20 > + @retval TRUE The Usage bytes retrieve successfully= . >=20 > + @retval FALSE If Cert is NULL. >=20 > + If CertSize is NULL. >=20 > + If Usage is not NULL and *UsageSize i= s 0. >=20 > + If Cert is invalid. >=20 > + @retval FALSE If the Usage is NULL. The required bu= ffer size >=20 > + is returned in the UsageSize paramete= r. >=20 > + @retval FALSE The operation is not supported. >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +X509GetExtendedKeyUsage ( >=20 > + IN CONST UINT8 *Cert, >=20 > + IN UINTN CertSize, >=20 > + OUT UINT8 *Usage, >=20 > + IN OUT UINTN *UsageSize >=20 > + ); >=20 > + >=20 > +/** >=20 > + Verify one X509 certificate was issued by the trusted CA. >=20 > + @param[in] RootCert Trusted Root Certificate buffer >=20 > + >=20 > + @param[in] RootCertLength Trusted Root Certificate buffer leng= th >=20 > + @param[in] CertChain One or more ASN.1 DER-encoded X.509 > certificates >=20 > + where the first certificate is=20 > + signed by the Root >=20 > + Certificate or is the Root=20 > + Cerificate itself. and >=20 > + subsequent cerificate is signed=20 > + by the preceding >=20 > + cerificate. >=20 > + @param[in] CertChainLength Total length of the certificate chai= n, in > bytes. >=20 > + >=20 > + @retval TRUE All cerificates was issued by the first certificate in > X509Certchain. >=20 > + @retval FALSE Invalid certificate or the certificate was not=20 > + issued by the > given >=20 > + trusted CA. >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +X509VerifyCertChain ( >=20 > + IN CONST UINT8 *RootCert, >=20 > + IN UINTN RootCertLength, >=20 > + IN CONST UINT8 *CertChain, >=20 > + IN UINTN CertChainLength >=20 > + ); >=20 > + >=20 > +/** >=20 > + Get one X509 certificate from CertChain. >=20 > + >=20 > + @param[in] CertChain One or more ASN.1 DER-encoded X.509 > certificates >=20 > + where the first certificate is=20 > + signed by the Root >=20 > + Certificate or is the Root=20 > + Cerificate itself. and >=20 > + subsequent cerificate is signed=20 > + by the preceding >=20 > + cerificate. >=20 > + @param[in] CertChainLength Total length of the certificate chai= n, in > bytes. >=20 > + >=20 > + @param[in] CertIndex Index of certificate. If index is -1= indecate > the >=20 > + last certificate in CertChain. >=20 > + >=20 > + @param[out] Cert The certificate at the index of Cert= Chain. >=20 > + @param[out] CertLength The length certificate at the index = of > CertChain. >=20 > + >=20 > + @retval TRUE Success. >=20 > + @retval FALSE Failed to get certificate from certificate chain. >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +X509GetCertFromCertChain ( >=20 > + IN CONST UINT8 *CertChain, >=20 > + IN UINTN CertChainLength, >=20 > + IN CONST INT32 CertIndex, >=20 > + OUT CONST UINT8 **Cert, >=20 > + OUT UINTN *CertLength >=20 > + ); >=20 > + >=20 > +/** >=20 > + Retrieve the tag and length of the tag. >=20 > + >=20 > + @param Ptr The position in the ASN.1 data >=20 > + @param End End of data >=20 > + @param Length The variable that will receive the length >=20 > + @param Tag The expected tag >=20 > + >=20 > + @retval TRUE Get tag successful >=20 > + @retval FALSe Failed to get tag or tag not match >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +Asn1GetTag ( >=20 > + IN OUT UINT8 **Ptr, >=20 > + IN UINT8 *End, >=20 > + OUT UINTN *Length, >=20 > + IN UINT32 Tag >=20 > + ); >=20 > + >=20 > +/** >=20 > + Retrieve the basic constraints from one X.509 certificate. >=20 > + >=20 > + @param[in] Cert Pointer to the DER-encoded X5= 09 > certificate. >=20 > + @param[in] CertSize size of the X509 certificate = in bytes. >=20 > + @param[out] BasicConstraints basic constraints bytes. >=20 > + @param[in, out] BasicConstraintsSize basic constraints buffer sizs= in > bytes. >=20 > + >=20 > + @retval TRUE The basic constraints retrieve succes= sfully. >=20 > + @retval FALSE If cert is NULL. >=20 > + If cert_size is NULL. >=20 > + If basic_constraints is not NULL=20 > + and > *basic_constraints_size is 0. >=20 > + If cert is invalid. >=20 > + @retval FALSE The required buffer size is small. >=20 > + The return buffer size is=20 > + basic_constraints_size > parameter. >=20 > + @retval FALSE If no Extension entry match oid. >=20 > + @retval FALSE The operation is not supported. >=20 > + **/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +X509GetExtendedBasicConstraints ( >=20 > + CONST UINT8 *Cert, >=20 > + UINTN CertSize, >=20 > + UINT8 *BasicConstraints, >=20 > + UINTN *BasicConstraintsSize >=20 > + ); >=20 > + >=20 > // > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >=20 > // DH Key Exchange Primitive >=20 > // > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >=20 > -- > 2.26.2.windows.1