From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web10.1276.1665362059181470344 for ; Sun, 09 Oct 2022 17:34:19 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=IQl3YryN; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: jiewen.yao@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1665362059; x=1696898059; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=72LStf/UhkHTDV0ugcqOAJRiJKMa/T3LY3gjivepIQc=; b=IQl3YryNuUncha27reNl4GdtwKxU9SNHAdNNW5IDea3f+k9QoDWZfFgH zltyUZPR2dySW7zAVo6powVP5lr30TrxsPnJwTz88JtmDVhB8twh5Qpkc DZfk1hi1lc4FIogeixxeNU9BdBGWtGhuKL9vjP7HQPL8POI+nr3CLyB6y bTcJzOzk2RarSiCEKvGdesY739ravbccHEK5k2HTevMsUU1FUWZ1976me VUdRX+2cW/T3yoJOG4/nxOQEr9gqyt7+j7QgX9nwAqPNq1wH7ETRmYCQz vV9Mgyt0pkpWJXXTeuOsCioMihRYNqQO0KuQ8XQeMhPAeQm0+IxOTa6VX g==; X-IronPort-AV: E=McAfee;i="6500,9779,10495"; a="366076222" X-IronPort-AV: E=Sophos;i="5.95,172,1661842800"; d="scan'208";a="366076222" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Oct 2022 17:34:18 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10495"; a="625797608" X-IronPort-AV: E=Sophos;i="5.95,172,1661842800"; d="scan'208";a="625797608" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by orsmga002.jf.intel.com with ESMTP; 09 Oct 2022 17:34:18 -0700 Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Sun, 9 Oct 2022 17:34:18 -0700 Received: from fmsmsx608.amr.corp.intel.com (10.18.126.88) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Sun, 9 Oct 2022 17:34:17 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx608.amr.corp.intel.com (10.18.126.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Frontend Transport; Sun, 9 Oct 2022 17:34:17 -0700 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.170) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2375.31; Sun, 9 Oct 2022 17:34:17 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=He3k3lO/+X56O+4bBl65qBACZU5eoerQZo9OPHeo9VRsLclV/rZCwiAH2iW0OFWb/ODaqGRw2FO+uEm9fGVeXnxL9dNvMCQFblrsmi6HnvnesvqcnYx9iQrj+jxlBrXOJMWXHOURUfYXUHBLgvy5kihAi3ed5HyhpqMk4yG8xV4ugkacexBaQQiZ1tFuZlizmtEDXZlBrp8wxWyfnwhPZj27RyKno3YlVS/UuWxqQKEVkMPvosYz5pkTzfmWEOF2L+hg9m6oeo6e17yp8afk9AGr4VGd+UBn5Xjv1aqIFS8betmOmCiwcu6iY75SqQJlqgstD2TEDwbSUKahlpwTjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QwyfXsvAnxqOXporiBvIxLOxik2BUJ0vdKEbNBKUH8I=; b=TBhQEKQWR6vkEsjBQLXGhOny0A46jQIcF+9gPg0ymK67IPuvD5JQt/h5zOTM1OLm6u8mZn+q2AwpV520JfGT6XdjkxntCcaaDTzmh9xvqBgmsQHjZXVvvJ/Kt1jKK70ezamKWaYhm1J1Li6wg8iCNYgHaZ0vptW3jypzak99zwATwoSlVP/aR+aAyzIejIYfyWCMRGS8lCaFw3u+sMiC0lPW8RIhQ45xbmIR8NQV8z54FKdbgUkt7J6sVqyFp7b2Ea5Fc353rmEm9mByeGuD2ziN3TDjGRKLt+DW4IO9tCvRBd5+mNGvNAqn5iIHW1t0+pQh5i7ywIXdG5mmlAW8xA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by PH0PR11MB4998.namprd11.prod.outlook.com (2603:10b6:510:32::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.28; Mon, 10 Oct 2022 00:34:15 +0000 Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::76b0:750c:a322:5acf]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::76b0:750c:a322:5acf%6]) with mapi id 15.20.5709.015; Mon, 10 Oct 2022 00:34:15 +0000 From: "Yao, Jiewen" To: "Zhang, Qi1" , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Lu, Xiaoyu1" , "Jiang, Guomin" Subject: Re: [PATCH 1/4] CryptoPkg: add new X509 function definition. Thread-Topic: [PATCH 1/4] CryptoPkg: add new X509 function definition. Thread-Index: AQHY0LxuNq0PcQznBEKt/4qoqsIu664G3A7g Date: Mon, 10 Oct 2022 00:34:15 +0000 Message-ID: References: <9c16b21a486203e1abfc07b89c4935c981e7ef71.1664095355.git.qi1.zhang@intel.com> In-Reply-To: <9c16b21a486203e1abfc07b89c4935c981e7ef71.1664095355.git.qi1.zhang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.6.500.17 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|PH0PR11MB4998:EE_ x-ms-office365-filtering-correlation-id: de8f27dc-afeb-4e02-c659-08daaa5728d6 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: T8+F5DT4Ch/eYB6b36iCAv578WaZTj4OCUeob8IJk1KCIF4zbAVf1CyF2oEpDmjH+aUhvk3aOBk5S1cXL4zWCokTSXQ3uYjbXZcCZWVJo/NBK81sDetqRvfh9T01uX6dn8bLX0w+zwzOZLP/lzi1tJ0kAR0SMBuw7TyHvLfTt40CHB+5o6k5neKhpSRkFSa5AZHJVf5EQYNTN5prPJxGqwcQ36JRwFdLQ1Wpmaf0joDuLlsSA04qRiCpbXOKwfMfvEQNislTsnjE99O56LXfRxymI4jkCV5+dwqRmfXscAz5QEbYvjdYtUxKrIB74W0LTxokJlDUCR3Eb0rQ5Rnvq4vTiO8bpDtLcc/P8XnTO9wfePGzliY0Ov2YGqP0LStQk9uGfVE45rrlMSO5DDjaQRpVPyfFYwF0vqnGjZMYhJgpz71/wbgYAI/DLJsr/WpqNmXfLyWqT/TbWjWgIjim0Dn2a1IH13Zn4XULvhx98w31jLBvBJJqFSR+o/6RIK4rq1X9V2oP1M6Z9Zjrb6iC8LmsEdvPOCzaJImc37rH3RH35zGFAjPqO5iHeiebUXjBGY85YGJACkSrMs1CBSv46+/EIXvWs8clr+bWKXgBAJpnsQ1V51glhBx2rfDDyPjTPOuZKfBHhXjAhy421yRdJoeWBgt3cRAe3rSzTTy0pcEvmqgl5eD3yQiJruhoZ0bbdIQZ2nB7/8lrqYt6gDsxVsCQffC7eHw2ytkTiRRPL6TK5QO1pyRgNqvv5/1W0A4aba3T8s9nV57rEZ7/p47SSwxuoqvFQroC/LrmjhJQKsJYERIJ+1bw3kOo0IEHyNa5IcK2xdtpCY1YBIiA4ZreVg== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(136003)(346002)(366004)(39860400002)(376002)(396003)(451199015)(316002)(55016003)(7696005)(6506007)(107886003)(53546011)(71200400001)(38100700002)(122000001)(478600001)(966005)(2906002)(66946007)(76116006)(66446008)(5660300002)(4326008)(8676002)(64756008)(66476007)(30864003)(86362001)(52536014)(66556008)(33656002)(8936002)(41300700001)(82960400001)(19627235002)(54906003)(110136005)(38070700005)(186003)(83380400001)(26005)(9686003);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?NTAXowL+U8N7ziwbbP6pJhCK8r2W7svCpfVo70xFgd0W3azK88RXKmkctLB+?= =?us-ascii?Q?joDvN/x8dsUAP+SW2FiZJrtLPq+yy2Z4OIwu/lG0AgyMOXMS3pDZWnIexxGk?= =?us-ascii?Q?G7dmMLgJtILkCwTKLhPlRsa4hfLhaJ86L28hIUOkdZ13rot6z1AQaM91O3gh?= =?us-ascii?Q?j0aJRXXV4zMtkBzSP3uvH7lifuD7Sh/pluSokQPXCwNS2l5na24GvMFZn9/v?= =?us-ascii?Q?+Q6P+wmmvouLdhxHICNH+XMubrd7vS8TgSygq2bR6QSjwhz9CcHEdu5SwyC/?= =?us-ascii?Q?4y5dFGCJcXUciWCnl97f2ol+T7rKzR0pKp8yVebrgMSI9JwK8yZMtV+sEr2D?= =?us-ascii?Q?8i5lEhF5RfYwJtCeadHqInFVVkZcJhlQ1XAkAbIdoKjUrckQ9/ok9OG4XI1y?= =?us-ascii?Q?b8v3kE/+1igSL3qcpkOuk5bKG58kPWDutA7Iabcu7q7XF8xJCU8Z5+q38Ome?= =?us-ascii?Q?pc4lYAPpeiiLR9/uMHLBxeWWPopq8lGuPRquOuHPahXVVn+lkyR4rTfGFoys?= =?us-ascii?Q?pnZTzR5uxxWCXs9ta6XGSeITtVwDCfsfOidKrBQ9G1CJDUEqEhE4rHTXJZVQ?= =?us-ascii?Q?LZdEOnqIKeeao0dF/q+vwGZsWJewtf6rG9txIpIQpjXFL/iHIKxfeEReFroM?= =?us-ascii?Q?J3vt0/L6WTQ5EiahtaN9LYhTiYQMyEmL42EeSDwTev03ZoDY5R3gIFtFy4Q8?= =?us-ascii?Q?Xgxl+BZFjQpVyxjPLR3xMLjBax3sghJQr7j/Qr7wZfuBN7CinfCCBW42WWbF?= =?us-ascii?Q?s6LQw4ufLHy8pmCnEn99HHabLgkl7i43UximuBBS7LPvV7NCZFl0edJeXYV5?= =?us-ascii?Q?W/jIiE+NSTCbWLBQpiQBhLD1/bE/vNqU5TVT/6rloT+vwwdaqSPNE9fmNIc6?= =?us-ascii?Q?SGYOgRnSEBj2/uP7anCuj2CG2myNyocje9dng78236GB4qj2cj6rybLjLObK?= =?us-ascii?Q?a6/DJjJxKMcLtGl+87BMaNnF7Ph2et2825tBSdEqQRHRBfPgNqyE9c/5sBgy?= =?us-ascii?Q?w/ndqr5SggIHDh1QLByCeA7GrnlPVscIe+FKFN6vYGA57n1Wqj4j5vt58/kk?= =?us-ascii?Q?O0oQK//yMpXPv4F5xl5Zjn2yq39W6UZWoeoqMPECHWa4RJ3LBuoTyiSIPoEV?= =?us-ascii?Q?g0CB0ogcun153z+gxrDaDRsJiHmfGKLJCd0ML2YKFCpxvo2icL+iXN9c5jMC?= =?us-ascii?Q?/E/h3je2TOqOmgzflyvFW9HF7FymrsEHvUx2LjhdMGrohRJxwsdoVXK2RIz8?= =?us-ascii?Q?fXDqVFnbzvbN9zVXNYnSG+Wp7BZiFp167KGqYun+2kOGgvb75PAAi6/oh9aW?= =?us-ascii?Q?QewGoOuO6Ko1gXdKiXRl2a3/Ss7IWGEbc1zK7dYccI/zyR0Dj1N9EIfTvzr9?= =?us-ascii?Q?GL9RJT9TSHh9xOreTLE+BCc3qB3EUqX6Z5nLvirshzdqombsaV6Pc3AGBemG?= =?us-ascii?Q?zhJ+ReJOjBLS0fSgRS0tw6vFQjk1Suv0ACFg6eCjiKIlvOWI+q3vflBIdnrt?= =?us-ascii?Q?xCR44+Olh8Ox3Il6yJaEKojPEM0Hq1thTzhBJwoKDB3zEYAZ2nSGyt0+sv6V?= =?us-ascii?Q?xLQFd3HYUAuNUQLgSHg2nnxcbTECGdvrdtkaU6UY?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: de8f27dc-afeb-4e02-c659-08daaa5728d6 X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Oct 2022 00:34:15.0231 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: NbvIa5uCdCUCJMWNid26aj+5vps260nkF+N+X4d4Gja4CI/OS851CtWrgzeYtHj8irRfPv+icRJ8qeUFLtErDA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4998 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi I feel the function name X509SetDateTime() is very confusing. From the func= tion comment, it means: "Format a DateTime object into DataTime Buffer". I also find the comment in X509GetValidity(), "x509SetDateTime to get a Dat= eTime object from a DateTimeStr" It seems "DataTimeStr" is " DateTime string like YYYYMMDDhhmmssZ " So what is the relationship among "DateTime object", "DateTime Buffer", and= "DateTime Str" ? > -----Original Message----- > From: Zhang, Qi1 > Sent: Sunday, September 25, 2022 4:54 PM > To: devel@edk2.groups.io > Cc: Zhang, Qi1 ; Yao, Jiewen > ; Wang, Jian J ; Lu, Xiaoyu1 > ; Jiang, Guomin > Subject: [PATCH 1/4] CryptoPkg: add new X509 function definition. >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4082 >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Xiaoyu Lu > Cc: Guomin Jiang > Signed-off-by: Qi Zhang > --- > CryptoPkg/Include/Library/BaseCryptLib.h | 374 > +++++++++++++++++++++++ > 1 file changed, 374 insertions(+) >=20 > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > b/CryptoPkg/Include/Library/BaseCryptLib.h > index 3026299e29..d7bf29c93f 100644 > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > @@ -2459,6 +2459,380 @@ ImageTimestampVerify ( > OUT EFI_TIME *SigningTime >=20 > ); >=20 >=20 >=20 > +/** >=20 > + Retrieve the version from one X.509 certificate. >=20 > + >=20 > + If Cert is NULL, then return FALSE. >=20 > + If CertSize is 0, then return FALSE. >=20 > + If this interface is not supported, then return FALSE. >=20 > + >=20 > + @param[in] Cert Pointer to the DER-encoded X509 certifica= te. >=20 > + @param[in] CertSize Size of the X509 certificate in bytes. >=20 > + @param[out] Version Pointer to the retrieved version integer. >=20 > + >=20 > + @retval TRUE The certificate version retrieved successfully. >=20 > + @retval FALSE If Cert is NULL or CertSize is Zero. >=20 > + @retval FALSE The operation is not supported. >=20 > + >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +X509GetVersion ( >=20 > + IN CONST UINT8 *Cert, >=20 > + IN UINTN CertSize, >=20 > + OUT UINTN *Version >=20 > + ); >=20 > + >=20 > +/** >=20 > + Retrieve the serialNumber from one X.509 certificate. >=20 > + >=20 > + If Cert is NULL, then return FALSE. >=20 > + If CertSize is 0, then return FALSE. >=20 > + If this interface is not supported, then return FALSE. >=20 > + >=20 > + @param[in] Cert Pointer to the DER-encoded X509 certifica= te. >=20 > + @param[in] CertSize Size of the X509 certificate in bytes. >=20 > + @param[out] SerialNumber Pointer to the retrieved certificate > SerialNumber bytes. >=20 > + @param[in, out] SerialNumberSize The size in bytes of the SerialNumbe= r > buffer on input, >=20 > + and the size of buffer returned SerialNum= ber on output. >=20 > + >=20 > + @retval TRUE The certificate serialNumber retrieve= d > successfully. >=20 > + @retval FALSE If Cert is NULL or CertSize is Zero. >=20 > + If SerialNumberSize is NULL. >=20 > + If Certificate is invalid. >=20 > + @retval FALSE If no SerialNumber exists. >=20 > + @retval FALSE If the SerialNumber is NULL. The requ= ired buffer > size >=20 > + (including the final null) is returne= d in the >=20 > + SerialNumberSize parameter. >=20 > + @retval FALSE The operation is not supported. >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +X509GetSerialNumber ( >=20 > + IN CONST UINT8 *Cert, >=20 > + IN UINTN CertSize, >=20 > + OUT UINT8 *SerialNumber, OPTIONAL >=20 > + IN OUT UINTN *SerialNumberSize >=20 > + ); >=20 > + >=20 > +/** >=20 > + Retrieve the issuer bytes from one X.509 certificate. >=20 > + >=20 > + If Cert is NULL, then return FALSE. >=20 > + If CertIssuerSize is NULL, then return FALSE. >=20 > + If this interface is not supported, then return FALSE. >=20 > + >=20 > + @param[in] Cert Pointer to the DER-encoded X509 certifica= te. >=20 > + @param[in] CertSize Size of the X509 certificate in bytes. >=20 > + @param[out] CertIssuer Pointer to the retrieved certificate subje= ct > bytes. >=20 > + @param[in, out] CertIssuerSize The size in bytes of the CertIssuer bu= ffer > on input, >=20 > + and the size of buffer returned CertSubje= ct on output. >=20 > + >=20 > + @retval TRUE The certificate issuer retrieved successfully. >=20 > + @retval FALSE Invalid certificate, or the CertIssuerSize is too smal= l for > the result. >=20 > + The CertIssuerSize will be updated with the required s= ize. >=20 > + @retval FALSE This interface is not supported. >=20 > + >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +X509GetIssuerName ( >=20 > + IN CONST UINT8 *Cert, >=20 > + IN UINTN CertSize, >=20 > + OUT UINT8 *CertIssuer, >=20 > + IN OUT UINTN *CertIssuerSize >=20 > + ); >=20 > + >=20 > +/** >=20 > + Retrieve the Signature Algorithm from one X.509 certificate. >=20 > + >=20 > + @param[in] Cert Pointer to the DER-encoded X509 certi= ficate. >=20 > + @param[in] CertSize Size of the X509 certificate in bytes= . >=20 > + @param[out] Oid Signature Algorithm Object identifier= buffer. >=20 > + @param[in,out] OidSize Signature Algorithm Object identifier= buffer > size >=20 > + >=20 > + @retval TRUE The certificate Extension data retrieved succes= sfully. >=20 > + @retval FALSE If Cert is NULL. >=20 > + If OidSize is NULL. >=20 > + If Oid is not NULL and *OidSize is 0. >=20 > + If Certificate is invalid. >=20 > + @retval FALSE If no SignatureType. >=20 > + @retval FALSE If the Oid is NULL. The required buff= er size >=20 > + is returned in the OidSize. >=20 > + @retval FALSE The operation is not supported. >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +X509GetSignatureAlgorithm ( >=20 > + IN CONST UINT8 *Cert, >=20 > + IN UINTN CertSize, >=20 > + OUT UINT8 *Oid, OPTIONAL >=20 > + IN OUT UINTN *OidSize >=20 > + ); >=20 > + >=20 > +/** >=20 > + Retrieve Extension data from one X.509 certificate. >=20 > + >=20 > + @param[in] Cert Pointer to the DER-encoded X509 certi= ficate. >=20 > + @param[in] CertSize Size of the X509 certificate in bytes= . >=20 > + @param[in] Oid Object identifier buffer >=20 > + @param[in] OidSize Object identifier buffer size >=20 > + @param[out] ExtensionData Extension bytes. >=20 > + @param[in, out] ExtensionDataSize Extension bytes size. >=20 > + >=20 > + @retval TRUE The certificate Extension data retrie= ved > successfully. >=20 > + @retval FALSE If Cert is NULL. >=20 > + If ExtensionDataSize is NULL. >=20 > + If ExtensionData is not NULL and *Ext= ensionDataSize is > 0. >=20 > + If Certificate is invalid. >=20 > + @retval FALSE If no Extension entry match Oid. >=20 > + @retval FALSE If the ExtensionData is NULL. The req= uired > buffer size >=20 > + is returned in the ExtensionDataSize = parameter. >=20 > + @retval FALSE The operation is not supported. >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +X509GetExtensionData ( >=20 > + IN CONST UINT8 *Cert, >=20 > + IN UINTN CertSize, >=20 > + IN CONST UINT8 *Oid, >=20 > + IN UINTN OidSize, >=20 > + OUT UINT8 *ExtensionData, >=20 > + IN OUT UINTN *ExtensionDataSize >=20 > + ); >=20 > + >=20 > +/** >=20 > + Retrieve the Validity from one X.509 certificate >=20 > + >=20 > + If Cert is NULL, then return FALSE. >=20 > + If CertIssuerSize is NULL, then return FALSE. >=20 > + If this interface is not supported, then return FALSE. >=20 > + >=20 > + @param[in] Cert Pointer to the DER-encoded X509 certifica= te. >=20 > + @param[in] CertSize Size of the X509 certificate in bytes. >=20 > + @param[in] From notBefore Pointer to DateTime object. >=20 > + @param[in,out] FromSize notBefore DateTime object size. >=20 > + @param[in] To notAfter Pointer to DateTime object. >=20 > + @param[in,out] ToSize notAfter DateTime object size. >=20 > + >=20 > + Note: X509CompareDateTime to compare DateTime oject >=20 > + x509SetDateTime to get a DateTime object from a DateTimeStr >=20 > + >=20 > + @retval TRUE The certificate Validity retrieved successfully. >=20 > + @retval FALSE Invalid certificate, or Validity retrieve failed. >=20 > + @retval FALSE This interface is not supported. >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +X509GetValidity ( >=20 > + IN CONST UINT8 *Cert, >=20 > + IN UINTN CertSize, >=20 > + IN UINT8 *From, >=20 > + IN OUT UINTN *FromSize, >=20 > + IN UINT8 *To, >=20 > + IN OUT UINTN *ToSize >=20 > + ); >=20 > + >=20 > +/** >=20 > + Format a DateTime object into DataTime Buffer >=20 > + >=20 > + If DateTimeStr is NULL, then return FALSE. >=20 > + If DateTimeSize is NULL, then return FALSE. >=20 > + If this interface is not supported, then return FALSE. >=20 > + >=20 > + @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ >=20 > + Ref: https://www.w3.org/TR/NOTE-datet= ime >=20 > + Z stand for UTC time >=20 > + @param[out] DateTime Pointer to a DateTime object. >=20 > + @param[in,out] DateTimeSize DateTime object buffer size. >=20 > + >=20 > + @retval TRUE The DateTime object create successful= ly. >=20 > + @retval FALSE If DateTimeStr is NULL. >=20 > + If DateTimeSize is NULL. >=20 > + If DateTime is not NULL and *DateTime= Size is 0. >=20 > + If Year Month Day Hour Minute Second = combination is > invalid datetime. >=20 > + @retval FALSE If the DateTime is NULL. The required= buffer > size >=20 > + (including the final null) is returne= d in the >=20 > + DateTimeSize parameter. >=20 > + @retval FALSE The operation is not supported. >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +X509SetDateTime ( >=20 > + IN CHAR8 *DateTimeStr, >=20 > + OUT VOID *DateTime, >=20 > + IN OUT UINTN *DateTimeSize >=20 > + ); >=20 > + >=20 > +/** >=20 > + Compare DateTime1 object and DateTime2 object. >=20 > + >=20 > + If DateTime1 is NULL, then return -2. >=20 > + If DateTime2 is NULL, then return -2. >=20 > + If DateTime1 =3D=3D DateTime2, then return 0 >=20 > + If DateTime1 > DateTime2, then return 1 >=20 > + If DateTime1 < DateTime2, then return -1 >=20 > + >=20 > + @param[in] DateTime1 Pointer to a DateTime Ojbect >=20 > + @param[in] DateTime2 Pointer to a DateTime Object >=20 > + >=20 > + @retval 0 If DateTime1 =3D=3D DateTime2 >=20 > + @retval 1 If DateTime1 > DateTime2 >=20 > + @retval -1 If DateTime1 < DateTime2 >=20 > +**/ >=20 > +INT32 >=20 > +EFIAPI >=20 > +X509CompareDateTime ( >=20 > + IN CONST VOID *DateTime1, >=20 > + IN CONST VOID *DateTime2 >=20 > + ); >=20 > + >=20 > +/** >=20 > + Retrieve the Key Usage from one X.509 certificate. >=20 > + >=20 > + @param[in] Cert Pointer to the DER-encoded X509 certi= ficate. >=20 > + @param[in] CertSize Size of the X509 certificate in bytes= . >=20 > + @param[out] Usage Key Usage (CRYPTO_X509_KU_*) >=20 > + >=20 > + @retval TRUE The certificate Key Usage retrieved successfully. >=20 > + @retval FALSE Invalid certificate, or Usage is NULL >=20 > + @retval FALSE This interface is not supported. >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +X509GetKeyUsage ( >=20 > + IN CONST UINT8 *Cert, >=20 > + IN UINTN CertSize, >=20 > + OUT UINTN *Usage >=20 > + ); >=20 > + >=20 > +/** >=20 > + Retrieve the Extended Key Usage from one X.509 certificate. >=20 > + >=20 > + @param[in] Cert Pointer to the DER-encoded X509 certi= ficate. >=20 > + @param[in] CertSize Size of the X509 certificate in bytes= . >=20 > + @param[out] Usage Key Usage bytes. >=20 > + @param[in, out] UsageSize Key Usage buffer sizs in bytes. >=20 > + >=20 > + @retval TRUE The Usage bytes retrieve successfully= . >=20 > + @retval FALSE If Cert is NULL. >=20 > + If CertSize is NULL. >=20 > + If Usage is not NULL and *UsageSize i= s 0. >=20 > + If Cert is invalid. >=20 > + @retval FALSE If the Usage is NULL. The required bu= ffer size >=20 > + is returned in the UsageSize paramete= r. >=20 > + @retval FALSE The operation is not supported. >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +X509GetExtendedKeyUsage ( >=20 > + IN CONST UINT8 *Cert, >=20 > + IN UINTN CertSize, >=20 > + OUT UINT8 *Usage, >=20 > + IN OUT UINTN *UsageSize >=20 > + ); >=20 > + >=20 > +/** >=20 > + Verify one X509 certificate was issued by the trusted CA. >=20 > + @param[in] RootCert Trusted Root Certificate buffer >=20 > + >=20 > + @param[in] RootCertLength Trusted Root Certificate buffer leng= th >=20 > + @param[in] CertChain One or more ASN.1 DER-encoded X.509 > certificates >=20 > + where the first certificate is signe= d by the Root >=20 > + Certificate or is the Root Cerificat= e itself. and >=20 > + subsequent cerificate is signed by t= he preceding >=20 > + cerificate. >=20 > + @param[in] CertChainLength Total length of the certificate chai= n, in > bytes. >=20 > + >=20 > + @retval TRUE All cerificates was issued by the first certificate in > X509Certchain. >=20 > + @retval FALSE Invalid certificate or the certificate was not issued = by the > given >=20 > + trusted CA. >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +X509VerifyCertChain ( >=20 > + IN CONST UINT8 *RootCert, >=20 > + IN UINTN RootCertLength, >=20 > + IN CONST UINT8 *CertChain, >=20 > + IN UINTN CertChainLength >=20 > + ); >=20 > + >=20 > +/** >=20 > + Get one X509 certificate from CertChain. >=20 > + >=20 > + @param[in] CertChain One or more ASN.1 DER-encoded X.509 > certificates >=20 > + where the first certificate is signe= d by the Root >=20 > + Certificate or is the Root Cerificat= e itself. and >=20 > + subsequent cerificate is signed by t= he preceding >=20 > + cerificate. >=20 > + @param[in] CertChainLength Total length of the certificate chai= n, in > bytes. >=20 > + >=20 > + @param[in] CertIndex Index of certificate. If index is -1= indecate > the >=20 > + last certificate in CertChain. >=20 > + >=20 > + @param[out] Cert The certificate at the index of Cert= Chain. >=20 > + @param[out] CertLength The length certificate at the index = of > CertChain. >=20 > + >=20 > + @retval TRUE Success. >=20 > + @retval FALSE Failed to get certificate from certificate chain. >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +X509GetCertFromCertChain ( >=20 > + IN CONST UINT8 *CertChain, >=20 > + IN UINTN CertChainLength, >=20 > + IN CONST INT32 CertIndex, >=20 > + OUT CONST UINT8 **Cert, >=20 > + OUT UINTN *CertLength >=20 > + ); >=20 > + >=20 > +/** >=20 > + Retrieve the tag and length of the tag. >=20 > + >=20 > + @param Ptr The position in the ASN.1 data >=20 > + @param End End of data >=20 > + @param Length The variable that will receive the length >=20 > + @param Tag The expected tag >=20 > + >=20 > + @retval TRUE Get tag successful >=20 > + @retval FALSe Failed to get tag or tag not match >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +Asn1GetTag ( >=20 > + IN OUT UINT8 **Ptr, >=20 > + IN UINT8 *End, >=20 > + OUT UINTN *Length, >=20 > + IN UINT32 Tag >=20 > + ); >=20 > + >=20 > +/** >=20 > + Retrieve the basic constraints from one X.509 certificate. >=20 > + >=20 > + @param[in] Cert Pointer to the DER-encoded X5= 09 > certificate. >=20 > + @param[in] CertSize size of the X509 certificate = in bytes. >=20 > + @param[out] BasicConstraints basic constraints bytes. >=20 > + @param[in, out] BasicConstraintsSize basic constraints buffer sizs= in > bytes. >=20 > + >=20 > + @retval TRUE The basic constraints retrieve succes= sfully. >=20 > + @retval FALSE If cert is NULL. >=20 > + If cert_size is NULL. >=20 > + If basic_constraints is not NULL and > *basic_constraints_size is 0. >=20 > + If cert is invalid. >=20 > + @retval FALSE The required buffer size is small. >=20 > + The return buffer size is basic_const= raints_size > parameter. >=20 > + @retval FALSE If no Extension entry match oid. >=20 > + @retval FALSE The operation is not supported. >=20 > + **/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +X509GetExtendedBasicConstraints ( >=20 > + CONST UINT8 *Cert, >=20 > + UINTN CertSize, >=20 > + UINT8 *BasicConstraints, >=20 > + UINTN *BasicConstraintsSize >=20 > + ); >=20 > + >=20 > // > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >=20 > // DH Key Exchange Primitive >=20 > // > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >=20 > -- > 2.26.2.windows.1