+/**\r
+ Calculate SHA256 digest of SignerCert CommonName + ToplevelCert tbsCertificate\r
+ SignerCert and ToplevelCert are inside the signer certificate chain.\r
+\r
+ @param[in] SignerCert A pointer to SignerCert data.\r
+ @param[in] SignerCertSize Length of SignerCert data.\r
+ @param[in] TopLevelCert A pointer to TopLevelCert data.\r
+ @param[in] TopLevelCertSize Length of TopLevelCert data.\r
+ @param[out] Sha256Digest Sha256 digest calculated.\r
+\r
+ @return EFI_ABORTED Digest process failed.\r
+ @return EFI_SUCCESS SHA256 Digest is succesfully calculated.\r
+\r
+**/\r
+EFI_STATUS\r
+CalculatePrivAuthVarSignChainSHA256Digest(\r
+ IN UINT8 *SignerCert,\r
+ IN UINTN SignerCertSize,\r
+ IN UINT8 *TopLevelCert,\r
+ IN UINTN TopLevelCertSize,\r
+ OUT UINT8 *Sha256Digest\r
+ )\r
+{\r
+ UINT8 *TbsCert;\r
+ UINTN TbsCertSize;\r
+ UINT8 CertCommonName[128];\r
+ UINTN CertCommonNameSize;\r
+ BOOLEAN CryptoStatus;\r
+ EFI_STATUS Status;\r
+\r
+ CertCommonNameSize = sizeof(CertCommonName);\r
+\r
+ //\r
+ // Get SignerCert CommonName\r
+ //\r
+ Status = X509GetCommonName(SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize);\r
+ if (EFI_ERROR(Status)) {\r
+ DEBUG((DEBUG_INFO, "%a Get SignerCert CommonName failed with status %x\n", __FUNCTION__, Status));\r
+ return EFI_ABORTED;\r
+ }\r
+\r
+ //\r
+ // Get TopLevelCert tbsCertificate\r
+ //\r
+ if (!X509GetTBSCert(TopLevelCert, TopLevelCertSize, &TbsCert, &TbsCertSize)) {\r
+ DEBUG((DEBUG_INFO, "%a Get Top-level Cert tbsCertificate failed!\n", __FUNCTION__));\r
+ return EFI_ABORTED;\r
+ }\r
+\r
+ //\r
+ // Digest SignerCert CN + TopLevelCert tbsCertificate\r
+ //\r
+ ZeroMem (Sha256Digest, SHA256_DIGEST_SIZE);\r
+ CryptoStatus = Sha256Init (mHashCtx);\r
+ if (!CryptoStatus) {\r
+ return EFI_ABORTED;\r
+ }\r
+\r
+ //\r
+ // '\0' is forced in CertCommonName. No overflow issue\r
+ //\r
+ CryptoStatus = Sha256Update (mHashCtx, CertCommonName, AsciiStrLen((CHAR8 *)CertCommonName));\r
+ if (!CryptoStatus) {\r
+ return EFI_ABORTED;\r
+ }\r
+\r
+ CryptoStatus = Sha256Update (mHashCtx, TbsCert, TbsCertSize);\r
+ if (!CryptoStatus) {\r
+ return EFI_ABORTED;\r
+ }\r
+\r
+ CryptoStatus = Sha256Final (mHashCtx, Sha256Digest);\r
+ if (!CryptoStatus) {\r
+ return EFI_ABORTED;\r
+ }\r
+\r
+ return EFI_SUCCESS;\r
+}\r
+\r