From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 8D3A1D80F71 for ; Thu, 1 Feb 2024 02:09:52 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=YkH9DJgi+P2ssAdPq2oYMiEG6cqUcXGeSkCbC8zgtDU=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1706753391; v=1; b=WMVxOtRSUyQAriF/9uJN31syKMNV7PagbR+0Hvlz8nFhBF3S0Qlrfbtsu0nn5wkxTa8O+SeI LxldOOb6O+ZYpqoa+y76/h7RUNlorZqXssvoPA8CtopabopUkYQiouS7F2U813aNmiRfCq3w8tM aHwytKYs33GPm/t2Tq/CVhG4= X-Received: by 127.0.0.2 with SMTP id CXBRYY7687511xBv3yxYr2VW; Wed, 31 Jan 2024 18:09:51 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.15]) by mx.groups.io with SMTP id smtpd.web11.6188.1706753390067486612 for ; Wed, 31 Jan 2024 18:09:50 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10969"; a="3646226" X-IronPort-AV: E=Sophos;i="6.05,233,1701158400"; d="scan'208";a="3646226" X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orvoesa107.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Jan 2024 18:09:50 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10969"; a="961784118" X-IronPort-AV: E=Sophos;i="6.05,233,1701158400"; d="scan'208";a="961784118" X-Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by orsmga005.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 31 Jan 2024 18:09:49 -0800 X-Received: from orsmsx612.amr.corp.intel.com (10.22.229.25) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 31 Jan 2024 18:09:49 -0800 X-Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by ORSMSX612.amr.corp.intel.com (10.22.229.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 31 Jan 2024 18:09:48 -0800 X-Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Wed, 31 Jan 2024 18:09:48 -0800 X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.169) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Wed, 31 Jan 2024 18:09:48 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=igEfadYxN2ar7K2Z0EPLC/Xpp0wo1AKvNONDPYsw3317KZkJnzBo858W22+RKEBkUyU68JW1Pi1i04zFhgCZwvhMUQxcVVbHOqCOnwBTOxLtGYSqt353XhYjQ08VYvY5g0CgTGRSCoSiuJwAq6FsmPh2tNimXHAuhxhlBUEPteQQB4zmT9g25sOGLBNv/JJN6kHS4Ft9o6Co2btnEgi56YG3Ml/biTic4i2l2nOlx1K/kCKT+pVnbx1JlBa4ITP0tzPaXCc2Ty+zwnzMNnJ5J3ESNxj849/TLh8iAqO6Ft4dazjSOL1ZGOLIAP9fdkIfpzIL+UUCKu7fTTrHPWC+xw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4NEgmzdw9iGaDUcpdcp5/OJq9skSgeiVTuqMXXOWaxY=; b=Fegc6XMNYPDqA4k1lOZNl+p7llV4i29nDoeN9m36m1TbS4QDr+04gsdAVUx+u24wINUrvb0QyAM9MQdYYZ89rtuWaczJVyMm5YKvEA/R26fDzjSHngi4hUVt1cYAtRYHNugeIqxqv3w0x0wRiD07lvTNZYO22OGN/2yDU9PCKfCHo+ZP3s5sGL2bRQZKV2vaViHRBnZQNBYgK1whVYo+l3WR2jmTG0FhUtyf3Rw5rrqv5CCNRXe4/GulSmsA1lx97hSLfgDWLEZsTM8XRi1oYNc9UMMdf8bmaZ2QibU8qK27toqUP5wt3FDp53iJyIkxd8jGbBQvMYD3yFJp/fm6MA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by DS7PR11MB5968.namprd11.prod.outlook.com (2603:10b6:8:73::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.34; Thu, 1 Feb 2024 02:09:42 +0000 X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::92a7:f6a2:9262:d150]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::92a7:f6a2:9262:d150%3]) with mapi id 15.20.7228.029; Thu, 1 Feb 2024 02:09:42 +0000 From: "Yao, Jiewen" To: Nhi Pham , "Hou, Wenxing" , "devel@edk2.groups.io" CC: Tam Chi Nguyen , "Li, Yi1" Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg: Add new API to get PKCS7 Signature Thread-Topic: [PATCH 1/1] CryptoPkg: Add new API to get PKCS7 Signature Thread-Index: AQHaUz+2sFoq/sMwsUWINzXvFSGMFrDyG8UAgAAAz4CAAqPoYA== Date: Thu, 1 Feb 2024 02:09:42 +0000 Message-ID: References: <20240130054428.3838412-1-nhi@os.amperecomputing.com> <32f064a1-f435-4173-92e0-9dfd7e708317@os.amperecomputing.com> In-Reply-To: <32f064a1-f435-4173-92e0-9dfd7e708317@os.amperecomputing.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|DS7PR11MB5968:EE_ x-ms-office365-filtering-correlation-id: 7a6da8b9-a550-485b-aa06-08dc22cadabf x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: dGTkt6XVqvL+E9mLJcMwsGFPCWYZ9Ssu/Y71QHK+jIddyST2dv8DwFZlcJyFJuygo2CoVCfNIduZmdHG9oGxhnIaC1mZ4CRgO09/ifgIhifN11Wl9b1rWdVnMv470O5wAvwMUVmkqUGXx74F3DOHlpTedvRhouYmxu93NyUa5LeC9unhlzZiKLiwkVQJaR6gu4xWm/KPpysxzbbzFpsrGl1WJslat0InTnA5e4il89jajzX3rLGzdrp5BZCFKAJMMUhnOVQ0O90pNU/iZ/zg4jKTC1+pdt1KDoOvxnxRDoJHDTwRCfV+JlpbFMpzQYcbN0DlIqBgdNtj0K5lgK3ACOoHXeylnwcZgbnFtoK03qgHT8Q9AbSV81qs1cWKLHuKnxkLi1FJHacoDXQWPaTjrkOZP2Lc1AxQOmnow5sHm15kZCefftYKQczE9yvsyj4kkxnfYcAYNJEfB03+pxc1kESU3iTgvZ/SJZNacty0jlUfu9I1pHTD4NDUBfT80d8ZVQ8Y/W93KmWk5Qgf5I18vdjH5pxNcEPzXDDF7ZSpHL+gOdSnKJQns3mY+gvlIFZJKX3dy2WBsTTVn4In1ky0zgjmfYJ4Lpkb/eaBA5lFptc= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?/ExaEavRlia1gsOvlNe18L4t0tdrbDcFM+zvCah2WIpkfw9hjImFPsuw9gfn?= =?us-ascii?Q?NyipJf/byi+dRHCOdkQnRBOgxBd1cWJPuYrh0PeDCEmCGVdPuVAiZh/Zru+y?= =?us-ascii?Q?RTOf+eYkFvKrCx0IlFCGOR2QIbZkRaJO8fHyn0PORtW/mzQP6QmGBdMVmfHz?= =?us-ascii?Q?9qYHdV+RN2guPMXQmQMrDpQnxxJZ76oxRx+kazLFA80xwJFzqn/of6wt1yC8?= =?us-ascii?Q?42x+/7t7nYb+jWPGq6oPGAwd7vGbfD3fyXq1129T28oZ2a1PS4SPrH/+mBE3?= =?us-ascii?Q?+Z6XIkzii0KtD0gNG+keAKWfLtZOwqYOdexIqAW9AsULKQQLhIYklvV00ftj?= =?us-ascii?Q?BIPBIu6nxNT2ZKOg71BHz7AF0mdN3aSv5e25AqkLNOQraMH72jQhM3TD/ZyH?= =?us-ascii?Q?8tnmls3UHJPY4lKa6ZBIIYW5dsVPZorGig/Y6g0rKQt3S2OVqJThlnJ6q3sr?= =?us-ascii?Q?Xtm3UMJ6hq6F7CUKErvDzY/g9YFlFpXGFIamhFjjfgtcd5jCH+eDEE7Xx2Rm?= =?us-ascii?Q?YkGgkSo2OiyHFM3RFBYD9y87g6BLbZLxnKfWL9embPjOt5tmPRdssV8tPjh2?= =?us-ascii?Q?DENNIfUJoJ+Fo1x7T54g4PWJltgRJR2XrM/PCffNICUdg2U48OxrJlTB1IQ2?= =?us-ascii?Q?0x74Zzj6evSeAfhVN+bdZbuDmY8AwYIDUh9cCPM5CvAMRW/7Pn/DFVawH/HS?= =?us-ascii?Q?KF2plrZjzVac4ejLChDSdpE9oODU9ntHLR51xIZZI4Yq+DJBWMC1fHNpZKva?= =?us-ascii?Q?qOQj6no9La2eIYRaIlE1f4RzbNBS42FUppgc6oCP/0rDkEwXA44cgSyQZP8N?= =?us-ascii?Q?dhs3oiEKphH2ydL+EJS8Aqd868qLUEBfhBwP4nTIXz+FjdgXg53RNjRtdbmt?= =?us-ascii?Q?WYyREOTiR/eyqG4DEqHJEeH3XGHQX/YfpME0Z6TCpgNI4aUolocXQw2jlU/u?= =?us-ascii?Q?7qwYIt3oR95KqSz/2g2hIfcIngtnAyLMBAW8Wnty7uoAq97O5Yw+xm6HdwQh?= =?us-ascii?Q?r9ztf/5WORBUWdBdWdJgDQnztdzUPVNn4RCrsfI8JCEThbSxSVpiw9QWOQG+?= =?us-ascii?Q?HwvEH1zsIe9vP/9SQE7aNYIhrEW3X5cINbh4PfJ6b5VcT1MGY0Z713h8VlSe?= =?us-ascii?Q?SWeK+P7Ni+XcV5KxZUfFaYFNPCcsPq/SfvEbsyTearvHgBrqzTNrz+Nf9JAs?= =?us-ascii?Q?qf9cFTbuYBAoWPb713HweGDVEO/IIWpEPWnCwSCIaGe3i7q2mJeVN/P6rp1X?= =?us-ascii?Q?TZ3ekUcaqXhJxnd0WWIajxPh1OYM9GoXTFCLaBBy8T+hJXZ0MYiW3lh/b8PR?= =?us-ascii?Q?S6Z0mByR+1pfqroLiOH7OMPKdAwMtnai+tB/25GxuTqpNkHqtET5ID0NlCLB?= =?us-ascii?Q?nRpvx+IV4XBc1PrtnrAnZFxs9/THWT44aqft8EqpRHWlMY/RZc7WtnrqUDAw?= =?us-ascii?Q?AIaeYTYGrgldt89tTFOgEPiwt+GcA+GxGxcImQvEMxDuQyDzeeCb5+OmwWC2?= =?us-ascii?Q?bFTAhhznlW0OZTCiFkbs7gM0sLiary7jnHcGU1wZc3Q0fZbxn5NwsVreV/Hq?= =?us-ascii?Q?cM1DY8eiBOwSRS0aL4XkBw8BDZIzw9I1edeKZPQt?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7a6da8b9-a550-485b-aa06-08dc22cadabf X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Feb 2024 02:09:42.8471 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: n/qboW7yeanflrcQkLRFXKiWrOpGfRokLvXfqvuzCXtmFOhhdeqtl9/IMaSfp3NmxJd4a8ULcU8wyg2IqrJW4w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR11MB5968 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: BxAanovjilfhRhLL72aQTpIOx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=WMVxOtRS; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}") Hi Nhi Would you please: 1) File an issue in Bugzilla - https://bugzilla.tianocore.org/=20 2) Share with us the usage of this new API. We are trying to understand why it is needed. Thank you Yao, Jiewen > -----Original Message----- > From: Nhi Pham > Sent: Tuesday, January 30, 2024 5:49 PM > To: Hou, Wenxing ; devel@edk2.groups.io > Cc: Tam Chi Nguyen ; Yao, Jiewen > ; Li, Yi1 > Subject: Re: [PATCH 1/1] CryptoPkg: Add new API to get PKCS7 Signature >=20 > Thanks Wenxing. I'll do that. >=20 > Regards, > Nhi >=20 > On 1/30/2024 4:46 PM, Hou, Wenxing wrote: > > Hi Pham, > > > > Thanks for your contribution. > > > > I think there are two works you need to do: > > Firstly, submit an EDKII PR to ensure the patch can pass the CI. > > Secondly, add unit-test to test the new API(such as: get signature the= n > compare). > > > > > > Thanks > > Wenxing > > > > > > -----Original Message----- > > From: Nhi Pham > > Sent: Tuesday, January 30, 2024 1:44 PM > > To: devel@edk2.groups.io > > Cc: Tam Chi Nguyen ; Yao, Jiewen > ; Hou, Wenxing ; Li, Yi1 > ; Nhi Pham > > Subject: [PATCH 1/1] CryptoPkg: Add new API to get PKCS7 Signature > > > > From: Tam Chi Nguyen > > > > This patch adds a new Pkcs7GetSignature() API to support extracting the > signature data from PKCS7 certificate. > > > > Cc: Jiewen Yao > > Cc: Wenxing Hou > > Cc: Yi Li > > Signed-off-by: Nhi Pham > > --- > > CryptoPkg/Include/Library/BaseCryptLib.h | 29 ++++= + > > CryptoPkg/Private/Protocol/Crypto.h | 29 ++++= + > > CryptoPkg/Driver/Crypto.c | 33 ++++= ++ > > CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 120 > ++++++++++++++++++++ > > CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c | 33 ++++= ++ > > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 32 ++++= ++ > > 6 files changed, 276 insertions(+) > > > > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > b/CryptoPkg/Include/Library/BaseCryptLib.h > > index a52bd91ad664..d52a91244482 100644 > > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > > @@ -5,6 +5,7 @@ > > functionality enabling. > > > > Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved. > > +Copyright (c) 2024, Ampere Computing LLC. All rights reserved.
> > SPDX-License-Identifier: BSD-2-Clause-Patent > > > > **/ > > @@ -2471,6 +2472,34 @@ ImageTimestampVerify ( > > OUT EFI_TIME *SigningTime > > ); > > > > +/** > > + Get the data signature from PKCS#7 signed data as described in "PKCS= #7: > > + Cryptographic Message Syntax Standard". The input signed data could > > +be wrapped > > + in a ContentInfo structure. > > + > > + If P7Data, Signature, SignatureLength is NULL, then return FALSE. > > + If P7Length overflow, then return FALSE. > > + If this interface is not supported, then return FALSE. > > + > > + @param[in] P7Data Pointer to the PKCS#7 message to verify. > > + @param[in] P7Length Length of the PKCS#7 message in bytes. > > + @param[out] Signature Pointer to Signature data > > + @param[out] SignatureLength Length of signature in bytes. > > + > > + @retval TRUE The operation is finished successfully. > > + @retval FALSE Error occurs during the operation. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Pkcs7GetSignature ( > > + IN CONST UINT8 *P7Data, > > + IN UINTN P7Length, > > + OUT UINT8 **Signature, > > + OUT UINTN *SignatureLength > > + ); > > + > > /** > > Retrieve the version from one X.509 certificate. > > > > diff --git a/CryptoPkg/Private/Protocol/Crypto.h > b/CryptoPkg/Private/Protocol/Crypto.h > > index 0e0b1d94018d..d228cea0453b 100644 > > --- a/CryptoPkg/Private/Protocol/Crypto.h > > +++ b/CryptoPkg/Private/Protocol/Crypto.h > > @@ -3,6 +3,7 @@ > > > > Copyright (C) Microsoft Corporation. All rights reserved. > > Copyright (c) 2020 - 2022, Intel Corporation. All rights reserved.<= BR> > > + Copyright (c) 2024, Ampere Computing LLC. All rights reserved.
> > SPDX-License-Identifier: BSD-2-Clause-Patent > > > > **/ > > @@ -1036,6 +1037,34 @@ BOOLEAN > > OUT EFI_TIME *SigningTime > > ); > > > > +/** > > + Get the data signature from PKCS#7 signed data as described in "PKCS= #7: > > + Cryptographic Message Syntax Standard". The input signed data could > > +be wrapped > > + in a ContentInfo structure. > > + > > + If P7Data, Signature, SignatureLength is NULL, then return FALSE. > > + If P7Length overflow, then return FALSE. > > + If this interface is not supported, then return FALSE. > > + > > + @param[in] P7Data Pointer to the PKCS#7 message to verify. > > + @param[in] P7Length Length of the PKCS#7 message in bytes. > > + @param[out] Signature Pointer to Signature data > > + @param[out] SignatureLength Length of signature in bytes. > > + > > + @retval TRUE The operation is finished successfully. > > + @retval FALSE Error occurs during the operation. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +typedef > > +BOOLEAN > > +(EFIAPI *EDKII_CRYPTO_PKCS7_GET_SIGNATURE) ( > > + IN CONST UINT8 *P7Data, > > + IN UINTN P7Length, > > + OUT UINT8 **Signature, > > + OUT UINTN *SignatureLength > > + ); > > + > > // > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > // DH Key Exchange Primitive > > // > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c inde= x > bdbb4863a97e..83094e73c33a 100644 > > --- a/CryptoPkg/Driver/Crypto.c > > +++ b/CryptoPkg/Driver/Crypto.c > > @@ -4,6 +4,7 @@ > > > > Copyright (C) Microsoft Corporation. All rights reserved. > > Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<= BR> > > + Copyright (c) 2024, Ampere Computing LLC. All rights reserved.
> > SPDX-License-Identifier: BSD-2-Clause-Patent > > > > **/ > > @@ -3910,6 +3911,37 @@ CryptoServiceImageTimestampVerify ( > > return CALL_BASECRYPTLIB (Pkcs.Services.ImageTimestampVerify, > ImageTimestampVerify, (AuthData, DataSize, TsaCert, CertSize, SigningTime= ), > FALSE); } > > > > +/** > > + Get the data signature from PKCS#7 signed data as described in "PKCS= #7: > > + Cryptographic Message Syntax Standard". The input signed data could > > +be wrapped > > + in a ContentInfo structure. > > + > > + If P7Data, Signature, SignatureLength is NULL, then return FALSE. > > + If P7Length overflow, then return FALSE. > > + If this interface is not supported, then return FALSE. > > + > > + @param[in] P7Data Pointer to the PKCS#7 message to verify. > > + @param[in] P7Length Length of the PKCS#7 message in bytes. > > + @param[out] Signature Pointer to Signature data > > + @param[out] SignatureLength Length of signature in bytes. > > + > > + @retval TRUE The operation is finished successfully. > > + @retval FALSE Error occurs during the operation. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +CryptoServicePkcs7GetSignature ( > > + IN CONST UINT8 *P7Data, > > + IN UINTN P7Length, > > + OUT UINT8 **Signature, > > + OUT UINTN *SignatureLength > > + ) > > +{ > > + return CALL_BASECRYPTLIB (Pkcs.Services.Pkcs7GetSignature, > > +Pkcs7GetSignature, (P7Data, P7Length, Signature, SignatureLength), > > +FALSE); } > > + > > // > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > // DH Key Exchange Primitive > > // > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > @@ -6748,6 +6780,7 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { > > CryptoServicePkcs7GetCertificatesList, > > CryptoServiceAuthenticodeVerify, > > CryptoServiceImageTimestampVerify, > > + CryptoServicePkcs7GetSignature, > > /// DH > > CryptoServiceDhNew, > > CryptoServiceDhFree, > > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c > > index 4e5a14e35210..9e3fccf1bb4e 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c > > @@ -11,6 +11,7 @@ > > Variable and will do basic check for data structure. > > > > Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved. > > +Copyright (c) 2024, Ampere Computing LLC. All rights reserved.
> > SPDX-License-Identifier: BSD-2-Clause-Patent > > > > **/ > > @@ -926,3 +927,122 @@ _Exit: > > > > return Status; > > } > > + > > +/** > > + Get the data signature from PKCS#7 signed data as described in "PKCS= #7: > > + Cryptographic Message Syntax Standard". The input signed data could > > +be wrapped > > + in a ContentInfo structure. > > + > > + If P7Data, Signature, SignatureLength is NULL, then return FALSE. > > + If P7Length overflow, then return FALSE. > > + If this interface is not supported, then return FALSE. > > + > > + @param[in] P7Data Pointer to the PKCS#7 message to verify. > > + @param[in] P7Length Length of the PKCS#7 message in bytes. > > + @param[out] Signature Pointer to Signature data > > + @param[out] SignatureLength Length of signature in bytes. > > + > > + @retval TRUE The operation is finished successfully. > > + @retval FALSE Error occurs during the operation. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Pkcs7GetSignature ( > > + IN CONST UINT8 *P7Data, > > + IN UINTN P7Length, > > + OUT UINT8 **Signature, > > + OUT UINTN *SignatureLength > > + ) > > +{ > > + PKCS7 *Pkcs7; > > + BOOLEAN Wrapped; > > + BOOLEAN Status; > > + UINT8 *SignedData; > > + UINT8 *Temp; > > + UINTN SignedDataSize; > > + STACK_OF (PKCS7_SIGNER_INFO) *SignerInfos; > > + PKCS7_SIGNER_INFO *SignInfo; > > + ASN1_OCTET_STRING *EncDigest; > > + > > + if ((P7Data =3D=3D NULL) || (P7Length > INT_MAX) || > > + (Signature =3D=3D NULL && SignatureLength =3D=3D NULL)) { > > + return FALSE; > > + } > > + > > + Status =3D WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, > > + &SignedDataSize); if (!Status) { > > + return Status; > > + } > > + > > + Status =3D FALSE; > > + Pkcs7 =3D NULL; > > + // > > + // Retrieve PKCS#7 Data (DER encoding) // if (SignedDataSize > > > + INT_MAX) { > > + goto _Exit; > > + } > > + > > + Temp =3D SignedData; > > + Pkcs7 =3D d2i_PKCS7 (NULL, (const unsigned char **) &Temp, (int) > > + SignedDataSize); if (Pkcs7 =3D=3D NULL) { > > + goto _Exit; > > + } > > + > > + // > > + // Check if it's PKCS#7 Signed Data (for Authenticode Scenario) // > > + if (!PKCS7_type_is_signed (Pkcs7)) { > > + goto _Exit; > > + } > > + > > + // > > + // Check if there is one and only one signer. > > + // > > + SignerInfos =3D PKCS7_get_signer_info (Pkcs7); if (!SignerInfos || > > + (sk_PKCS7_SIGNER_INFO_num (SignerInfos) !=3D 1)) { > > + goto _Exit; > > + } > > + > > + // > > + // Locate the TimeStamp CounterSignature. > > + // > > + SignInfo =3D sk_PKCS7_SIGNER_INFO_value (SignerInfos, 0); if (SignI= nfo > > + =3D=3D NULL) { > > + goto _Exit; > > + } > > + > > + // > > + // Locate Message Digest which will be the data to be time-stamped. > > + // > > + EncDigest =3D SignInfo->enc_digest; > > + if (EncDigest =3D=3D NULL) { > > + goto _Exit; > > + } > > + > > + *SignatureLength =3D EncDigest->length; if (Signature !=3D NULL) { > > + if (*Signature =3D=3D NULL) { > > + Status =3D FALSE; > > + goto _Exit; > > + } > > + CopyMem ((VOID *)*Signature, EncDigest->data, EncDigest->length); > > + Status =3D TRUE; > > + } > > + > > +_Exit: > > + // > > + // Release Resources > > + // > > + if (!Wrapped) { > > + free (SignedData); > > + } > > + if (Pkcs7 !=3D NULL) { > > + PKCS7_free (Pkcs7); > > + } > > + > > + return Status; > > +} > > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c > > index b9b7960126de..a080bbfc4237 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c > > @@ -3,6 +3,7 @@ > > real capabilities. > > > > Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved. > > +Copyright (c) 2024, Ampere Computing LLC. All rights reserved.
> > SPDX-License-Identifier: BSD-2-Clause-Patent > > > > **/ > > @@ -161,3 +162,35 @@ Pkcs7GetAttachedContent ( > > ASSERT (FALSE); > > return FALSE; > > } > > + > > +/** > > + Get the data signature from PKCS#7 signed data as described in "PKCS= #7: > > + Cryptographic Message Syntax Standard". The input signed data could > > +be wrapped > > + in a ContentInfo structure. > > + > > + If P7Data, Signature, SignatureLength is NULL, then return FALSE. > > + If P7Length overflow, then return FALSE. > > + If this interface is not supported, then return FALSE. > > + > > + @param[in] P7Data Pointer to the PKCS#7 message to verify. > > + @param[in] P7Length Length of the PKCS#7 message in bytes. > > + @param[out] Signature Pointer to Signature data > > + @param[out] SignatureLength Length of signature in bytes. > > + > > + @retval TRUE The operation is finished successfully. > > + @retval FALSE Error occurs during the operation. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Pkcs7GetSignature ( > > + IN CONST UINT8 *P7Data, > > + IN UINTN P7Length, > > + OUT UINT8 **Signature, > > + OUT UINTN *SignatureLength > > + ) > > +{ > > + ASSERT (FALSE); > > + return FALSE; > > +} > > diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > > index 4e31bc278e0f..55d7b17688a0 100644 > > --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > > +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > > @@ -4,6 +4,7 @@ > > > > Copyright (C) Microsoft Corporation. All rights reserved. > > Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<= BR> > > + Copyright (c) 2024, Ampere Computing LLC. All rights reserved.
> > SPDX-License-Identifier: BSD-2-Clause-Patent > > > > **/ > > @@ -3146,6 +3147,37 @@ ImageTimestampVerify ( > > CALL_CRYPTO_SERVICE (ImageTimestampVerify, (AuthData, DataSize, > TsaCert, CertSize, SigningTime), FALSE); } > > > > +/** > > + Get the data signature from PKCS#7 signed data as described in "PKCS= #7: > > + Cryptographic Message Syntax Standard". The input signed data could > > +be wrapped > > + in a ContentInfo structure. > > + > > + If P7Data, Signature, SignatureLength is NULL, then return FALSE. > > + If P7Length overflow, then return FALSE. > > + If this interface is not supported, then return FALSE. > > + > > + @param[in] P7Data Pointer to the PKCS#7 message to verify. > > + @param[in] P7Length Length of the PKCS#7 message in bytes. > > + @param[out] Signature Pointer to Signature data > > + @param[out] SignatureLength Length of signature in bytes. > > + > > + @retval TRUE The operation is finished successfully. > > + @retval FALSE Error occurs during the operation. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Pkcs7GetSignature ( > > + IN CONST UINT8 *P7Data, > > + IN UINTN P7Length, > > + OUT UINT8 **Signature, > > + OUT UINTN *SignatureLength > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Pkcs7GetSignature, (P7Data, P7Length, Signature= , > > +SignatureLength), FALSE); } > > + > > // > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > // DH Key Exchange Primitive > > // > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > -- > > 2.25.1 > > -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114927): https://edk2.groups.io/g/devel/message/114927 Mute This Topic: https://groups.io/mt/104048629/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-