return CALL_BASECRYPTLIB (X509.Services.GetTBSCert, X509GetTBSCert, (Cert, CertSize, TBSCert, TBSCertSize), FALSE);\r
}\r
\r
+/**\r
+ Retrieve the version from one X.509 certificate.\r
+\r
+ If Cert is NULL, then return FALSE.\r
+ If CertSize is 0, then return FALSE.\r
+ If this interface is not supported, then return FALSE.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[out] Version Pointer to the retrieved version integer.\r
+\r
+ @retval TRUE The certificate version retrieved successfully.\r
+ @retval FALSE If Cert is NULL or CertSize is Zero.\r
+ @retval FALSE The operation is not supported.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+CryptoServiceX509GetVersion (\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ OUT UINTN *Version\r
+ )\r
+{\r
+ return CALL_BASECRYPTLIB (X509.Services.GetVersion, X509GetVersion, (Cert, CertSize, Version), FALSE);\r
+}\r
+\r
+/**\r
+ Retrieve the serialNumber from one X.509 certificate.\r
+\r
+ If Cert is NULL, then return FALSE.\r
+ If CertSize is 0, then return FALSE.\r
+ If this interface is not supported, then return FALSE.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[out] SerialNumber Pointer to the retrieved certificate SerialNumber bytes.\r
+ @param[in, out] SerialNumberSize The size in bytes of the SerialNumber buffer on input,\r
+ and the size of buffer returned SerialNumber on output.\r
+\r
+ @retval TRUE The certificate serialNumber retrieved successfully.\r
+ @retval FALSE If Cert is NULL or CertSize is Zero.\r
+ If SerialNumberSize is NULL.\r
+ If Certificate is invalid.\r
+ @retval FALSE If no SerialNumber exists.\r
+ @retval FALSE If the SerialNumber is NULL. The required buffer size\r
+ (including the final null) is returned in the\r
+ SerialNumberSize parameter.\r
+ @retval FALSE The operation is not supported.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+CryptoServiceX509GetSerialNumber (\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ OUT UINT8 *SerialNumber, OPTIONAL\r
+ IN OUT UINTN *SerialNumberSize\r
+ )\r
+{\r
+ return CALL_BASECRYPTLIB (X509.Services.GetSerialNumber, X509GetSerialNumber, (Cert, CertSize, SerialNumber, SerialNumberSize), FALSE);\r
+}\r
+\r
+/**\r
+ Retrieve the issuer bytes from one X.509 certificate.\r
+\r
+ If Cert is NULL, then return FALSE.\r
+ If CertIssuerSize is NULL, then return FALSE.\r
+ If this interface is not supported, then return FALSE.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[out] CertIssuer Pointer to the retrieved certificate subject bytes.\r
+ @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buffer on input,\r
+ and the size of buffer returned CertSubject on output.\r
+\r
+ @retval TRUE The certificate issuer retrieved successfully.\r
+ @retval FALSE Invalid certificate, or the CertIssuerSize is too small for the result.\r
+ The CertIssuerSize will be updated with the required size.\r
+ @retval FALSE This interface is not supported.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+CryptoServiceX509GetIssuerName (\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ OUT UINT8 *CertIssuer,\r
+ IN OUT UINTN *CertIssuerSize\r
+ )\r
+{\r
+ return CALL_BASECRYPTLIB (X509.Services.GetIssuerName, X509GetIssuerName, (Cert, CertSize, CertIssuer, CertIssuerSize), FALSE);\r
+}\r
+\r
+/**\r
+ Retrieve the Signature Algorithm from one X.509 certificate.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[out] Oid Signature Algorithm Object identifier buffer.\r
+ @param[in,out] OidSize Signature Algorithm Object identifier buffer size\r
+\r
+ @retval TRUE The certificate Extension data retrieved successfully.\r
+ @retval FALSE If Cert is NULL.\r
+ If OidSize is NULL.\r
+ If Oid is not NULL and *OidSize is 0.\r
+ If Certificate is invalid.\r
+ @retval FALSE If no SignatureType.\r
+ @retval FALSE If the Oid is NULL. The required buffer size\r
+ is returned in the OidSize.\r
+ @retval FALSE The operation is not supported.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+CryptoServiceX509GetSignatureAlgorithm (\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ OUT UINT8 *Oid, OPTIONAL\r
+ IN OUT UINTN *OidSize\r
+ )\r
+{\r
+ return CALL_BASECRYPTLIB (X509.Services.GetSignatureAlgorithm, X509GetSignatureAlgorithm, (Cert, CertSize, Oid, OidSize), FALSE);\r
+}\r
+\r
+/**\r
+ Retrieve Extension data from one X.509 certificate.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[in] Oid Object identifier buffer\r
+ @param[in] OidSize Object identifier buffer size\r
+ @param[out] ExtensionData Extension bytes.\r
+ @param[in, out] ExtensionDataSize Extension bytes size.\r
+\r
+ @retval TRUE The certificate Extension data retrieved successfully.\r
+ @retval FALSE If Cert is NULL.\r
+ If ExtensionDataSize is NULL.\r
+ If ExtensionData is not NULL and *ExtensionDataSize is 0.\r
+ If Certificate is invalid.\r
+ @retval FALSE If no Extension entry match Oid.\r
+ @retval FALSE If the ExtensionData is NULL. The required buffer size\r
+ is returned in the ExtensionDataSize parameter.\r
+ @retval FALSE The operation is not supported.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+CryptoServiceX509GetExtensionData (\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ IN CONST UINT8 *Oid,\r
+ IN UINTN OidSize,\r
+ OUT UINT8 *ExtensionData,\r
+ IN OUT UINTN *ExtensionDataSize\r
+ )\r
+{\r
+ return CALL_BASECRYPTLIB (X509.Services.GetExtensionData, X509GetExtensionData, (Cert, CertSize, Oid, OidSize, ExtensionData, ExtensionDataSize), FALSE);\r
+}\r
+\r
+/**\r
+ Retrieve the Extended Key Usage from one X.509 certificate.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[out] Usage Key Usage bytes.\r
+ @param[in, out] UsageSize Key Usage buffer sizs in bytes.\r
+\r
+ @retval TRUE The Usage bytes retrieve successfully.\r
+ @retval FALSE If Cert is NULL.\r
+ If CertSize is NULL.\r
+ If Usage is not NULL and *UsageSize is 0.\r
+ If Cert is invalid.\r
+ @retval FALSE If the Usage is NULL. The required buffer size\r
+ is returned in the UsageSize parameter.\r
+ @retval FALSE The operation is not supported.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+CryptoServiceX509GetExtendedKeyUsage (\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ OUT UINT8 *Usage,\r
+ IN OUT UINTN *UsageSize\r
+ )\r
+{\r
+ return CALL_BASECRYPTLIB (X509.Services.GetExtendedKeyUsage, X509GetExtendedKeyUsage, (Cert, CertSize, Usage, UsageSize), FALSE);\r
+}\r
+\r
+/**\r
+ Retrieve the Validity from one X.509 certificate\r
+\r
+ If Cert is NULL, then return FALSE.\r
+ If CertIssuerSize is NULL, then return FALSE.\r
+ If this interface is not supported, then return FALSE.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[in] From notBefore Pointer to DateTime object.\r
+ @param[in,out] FromSize notBefore DateTime object size.\r
+ @param[in] To notAfter Pointer to DateTime object.\r
+ @param[in,out] ToSize notAfter DateTime object size.\r
+\r
+ Note: X509CompareDateTime to compare DateTime oject\r
+ x509SetDateTime to get a DateTime object from a DateTimeStr\r
+\r
+ @retval TRUE The certificate Validity retrieved successfully.\r
+ @retval FALSE Invalid certificate, or Validity retrieve failed.\r
+ @retval FALSE This interface is not supported.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+CryptoServiceX509GetValidity (\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ IN UINT8 *From,\r
+ IN OUT UINTN *FromSize,\r
+ IN UINT8 *To,\r
+ IN OUT UINTN *ToSize\r
+ )\r
+{\r
+ return CALL_BASECRYPTLIB (X509.Services.GetValidity, X509GetValidity, (Cert, CertSize, From, FromSize, To, ToSize), FALSE);\r
+}\r
+\r
+/**\r
+ Format a DateTimeStr to DataTime object in DataTime Buffer\r
+\r
+ If DateTimeStr is NULL, then return FALSE.\r
+ If DateTimeSize is NULL, then return FALSE.\r
+ If this interface is not supported, then return FALSE.\r
+\r
+ @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ\r
+ Ref: https://www.w3.org/TR/NOTE-datetime\r
+ Z stand for UTC time\r
+ @param[out] DateTime Pointer to a DateTime object.\r
+ @param[in,out] DateTimeSize DateTime object buffer size.\r
+\r
+ @retval TRUE The DateTime object create successfully.\r
+ @retval FALSE If DateTimeStr is NULL.\r
+ If DateTimeSize is NULL.\r
+ If DateTime is not NULL and *DateTimeSize is 0.\r
+ If Year Month Day Hour Minute Second combination is invalid datetime.\r
+ @retval FALSE If the DateTime is NULL. The required buffer size\r
+ (including the final null) is returned in the\r
+ DateTimeSize parameter.\r
+ @retval FALSE The operation is not supported.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+CryptoServiceX509FormatDateTime (\r
+ IN CONST CHAR8 *DateTimeStr,\r
+ OUT VOID *DateTime,\r
+ IN OUT UINTN *DateTimeSize\r
+ )\r
+{\r
+ return CALL_BASECRYPTLIB (X509.Services.FormatDateTime, X509FormatDateTime, (DateTimeStr, DateTime, DateTimeSize), FALSE);\r
+}\r
+\r
+/**\r
+ Compare DateTime1 object and DateTime2 object.\r
+\r
+ If DateTime1 is NULL, then return -2.\r
+ If DateTime2 is NULL, then return -2.\r
+ If DateTime1 == DateTime2, then return 0\r
+ If DateTime1 > DateTime2, then return 1\r
+ If DateTime1 < DateTime2, then return -1\r
+\r
+ @param[in] DateTime1 Pointer to a DateTime Ojbect\r
+ @param[in] DateTime2 Pointer to a DateTime Object\r
+\r
+ @retval 0 If DateTime1 == DateTime2\r
+ @retval 1 If DateTime1 > DateTime2\r
+ @retval -1 If DateTime1 < DateTime2\r
+**/\r
+INT32\r
+EFIAPI\r
+CryptoServiceX509CompareDateTime (\r
+ IN CONST VOID *DateTime1,\r
+ IN CONST VOID *DateTime2\r
+ )\r
+{\r
+ return CALL_BASECRYPTLIB (X509.Services.CompareDateTime, X509CompareDateTime, (DateTime1, DateTime2), FALSE);\r
+}\r
+\r
+/**\r
+ Retrieve the Key Usage from one X.509 certificate.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[out] Usage Key Usage (CRYPTO_X509_KU_*)\r
+\r
+ @retval TRUE The certificate Key Usage retrieved successfully.\r
+ @retval FALSE Invalid certificate, or Usage is NULL\r
+ @retval FALSE This interface is not supported.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+CryptoServiceX509GetKeyUsage (\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ OUT UINTN *Usage\r
+ )\r
+{\r
+ return CALL_BASECRYPTLIB (X509.Services.GetKeyUsage, X509GetKeyUsage, (Cert, CertSize, Usage), FALSE);\r
+}\r
+\r
+/**\r
+ Verify one X509 certificate was issued by the trusted CA.\r
+ @param[in] RootCert Trusted Root Certificate buffer\r
+\r
+ @param[in] RootCertLength Trusted Root Certificate buffer length\r
+ @param[in] CertChain One or more ASN.1 DER-encoded X.509 certificates\r
+ where the first certificate is signed by the Root\r
+ Certificate or is the Root Cerificate itself. and\r
+ subsequent cerificate is signed by the preceding\r
+ cerificate.\r
+ @param[in] CertChainLength Total length of the certificate chain, in bytes.\r
+\r
+ @retval TRUE All cerificates was issued by the first certificate in X509Certchain.\r
+ @retval FALSE Invalid certificate or the certificate was not issued by the given\r
+ trusted CA.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+CryptoServiceX509VerifyCertChain (\r
+ IN CONST UINT8 *RootCert,\r
+ IN UINTN RootCertLength,\r
+ IN CONST UINT8 *CertChain,\r
+ IN UINTN CertChainLength\r
+ )\r
+{\r
+ return CALL_BASECRYPTLIB (X509.Services.VerifyCertChain, X509VerifyCertChain, (RootCert, RootCertLength, CertChain, CertChainLength), FALSE);\r
+}\r
+\r
+/**\r
+ Get one X509 certificate from CertChain.\r
+\r
+ @param[in] CertChain One or more ASN.1 DER-encoded X.509 certificates\r
+ where the first certificate is signed by the Root\r
+ Certificate or is the Root Cerificate itself. and\r
+ subsequent cerificate is signed by the preceding\r
+ cerificate.\r
+ @param[in] CertChainLength Total length of the certificate chain, in bytes.\r
+\r
+ @param[in] CertIndex Index of certificate.\r
+\r
+ @param[out] Cert The certificate at the index of CertChain.\r
+ @param[out] CertLength The length certificate at the index of CertChain.\r
+\r
+ @retval TRUE Success.\r
+ @retval FALSE Failed to get certificate from certificate chain.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+CryptoServiceX509GetCertFromCertChain (\r
+ IN CONST UINT8 *CertChain,\r
+ IN UINTN CertChainLength,\r
+ IN CONST INT32 CertIndex,\r
+ OUT CONST UINT8 **Cert,\r
+ OUT UINTN *CertLength\r
+ )\r
+{\r
+ return CALL_BASECRYPTLIB (X509.Services.GetCertFromCertChain, X509GetCertFromCertChain, (CertChain, CertChainLength, CertIndex, Cert, CertLength), FALSE);\r
+}\r
+\r
+/**\r
+ Retrieve the tag and length of the tag.\r
+\r
+ @param Ptr The position in the ASN.1 data\r
+ @param End End of data\r
+ @param Length The variable that will receive the length\r
+ @param Tag The expected tag\r
+\r
+ @retval TRUE Get tag successful\r
+ @retval FALSe Failed to get tag or tag not match\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+CryptoServiceAsn1GetTag (\r
+ IN OUT UINT8 **Ptr,\r
+ IN CONST UINT8 *End,\r
+ OUT UINTN *Length,\r
+ IN UINT32 Tag\r
+ )\r
+{\r
+ return CALL_BASECRYPTLIB (X509.Services.Asn1GetTag, Asn1GetTag, (Ptr, End, Length, Tag), FALSE);\r
+}\r
+\r
+/**\r
+ Retrieve the basic constraints from one X.509 certificate.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize size of the X509 certificate in bytes.\r
+ @param[out] BasicConstraints basic constraints bytes.\r
+ @param[in, out] BasicConstraintsSize basic constraints buffer sizs in bytes.\r
+\r
+ @retval TRUE The basic constraints retrieve successfully.\r
+ @retval FALSE If cert is NULL.\r
+ If cert_size is NULL.\r
+ If basic_constraints is not NULL and *basic_constraints_size is 0.\r
+ If cert is invalid.\r
+ @retval FALSE The required buffer size is small.\r
+ The return buffer size is basic_constraints_size parameter.\r
+ @retval FALSE If no Extension entry match oid.\r
+ @retval FALSE The operation is not supported.\r
+ **/\r
+BOOLEAN\r
+EFIAPI\r
+CryptoServiceX509GetExtendedBasicConstraints (\r
+ CONST UINT8 *Cert,\r
+ UINTN CertSize,\r
+ UINT8 *BasicConstraints,\r
+ UINTN *BasicConstraintsSize\r
+ )\r
+{\r
+ return CALL_BASECRYPTLIB (X509.Services.GetExtendedBasicConstraints, X509GetExtendedBasicConstraints, (Cert, CertSize, BasicConstraints, BasicConstraintsSize), FALSE);\r
+}\r
+\r
/**\r
Derives a key from a password using a salt and iteration count, based on PKCS#5 v2.0\r
password based encryption key derivation function PBKDF2, as specified in RFC 2898.\r
CryptoServiceEcGetPublicKeyFromX509,\r
CryptoServiceEcGetPrivateKeyFromPem,\r
CryptoServiceEcDsaSign,\r
- CryptoServiceEcDsaVerify\r
+ CryptoServiceEcDsaVerify,\r
+ /// X509 (Continued)\r
+ CryptoServiceX509GetVersion,\r
+ CryptoServiceX509GetSerialNumber,\r
+ CryptoServiceX509GetIssuerName,\r
+ CryptoServiceX509GetSignatureAlgorithm,\r
+ CryptoServiceX509GetExtensionData,\r
+ CryptoServiceX509GetExtendedKeyUsage,\r
+ CryptoServiceX509GetValidity,\r
+ CryptoServiceX509FormatDateTime,\r
+ CryptoServiceX509CompareDateTime,\r
+ CryptoServiceX509GetKeyUsage,\r
+ CryptoServiceX509VerifyCertChain,\r
+ CryptoServiceX509GetCertFromCertChain,\r
+ CryptoServiceAsn1GetTag,\r
+ CryptoServiceX509GetExtendedBasicConstraints\r
};\r
} Sha512;\r
union {\r
struct {\r
- UINT8 GetSubjectName : 1;\r
- UINT8 GetCommonName : 1;\r
- UINT8 GetOrganizationName : 1;\r
- UINT8 VerifyCert : 1;\r
- UINT8 ConstructCertificate : 1;\r
- UINT8 ConstructCertificateStack : 1;\r
- UINT8 ConstructCertificateStackV : 1;\r
- UINT8 Free : 1;\r
- UINT8 StackFree : 1;\r
- UINT8 GetTBSCert : 1;\r
+ UINT8 GetSubjectName : 1;\r
+ UINT8 GetCommonName : 1;\r
+ UINT8 GetOrganizationName : 1;\r
+ UINT8 VerifyCert : 1;\r
+ UINT8 ConstructCertificate : 1;\r
+ UINT8 ConstructCertificateStack : 1;\r
+ UINT8 ConstructCertificateStackV : 1;\r
+ UINT8 Free : 1;\r
+ UINT8 StackFree : 1;\r
+ UINT8 GetTBSCert : 1;\r
+ UINT8 GetVersion : 1;\r
+ UINT8 GetSerialNumber : 1;\r
+ UINT8 GetIssuerName : 1;\r
+ UINT8 GetSignatureAlgorithm : 1;\r
+ UINT8 GetExtensionData : 1;\r
+ UINT8 GetExtendedKeyUsage : 1;\r
+ UINT8 GetValidity : 1;\r
+ UINT8 FormatDateTime : 1;\r
+ UINT8 CompareDateTime : 1;\r
+ UINT8 GetKeyUsage : 1;\r
+ UINT8 VerifyCertChain : 1;\r
+ UINT8 GetCertFromCertChain : 1;\r
+ UINT8 Asn1GetTag : 1;\r
+ UINT8 GetExtendedBasicConstraints : 1;\r
} Services;\r
UINT32 Family;\r
} X509;\r
CALL_CRYPTO_SERVICE (X509GetTBSCert, (Cert, CertSize, TBSCert, TBSCertSize), FALSE);\r
}\r
\r
+/**\r
+ Retrieve the version from one X.509 certificate.\r
+\r
+ If Cert is NULL, then return FALSE.\r
+ If CertSize is 0, then return FALSE.\r
+ If this interface is not supported, then return FALSE.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[out] Version Pointer to the retrieved version integer.\r
+\r
+ @retval TRUE The certificate version retrieved successfully.\r
+ @retval FALSE If Cert is NULL or CertSize is Zero.\r
+ @retval FALSE The operation is not supported.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+X509GetVersion (\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ OUT UINTN *Version\r
+ )\r
+{\r
+ CALL_CRYPTO_SERVICE (X509GetVersion, (Cert, CertSize, Version), FALSE);\r
+}\r
+\r
+/**\r
+ Retrieve the serialNumber from one X.509 certificate.\r
+\r
+ If Cert is NULL, then return FALSE.\r
+ If CertSize is 0, then return FALSE.\r
+ If this interface is not supported, then return FALSE.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[out] SerialNumber Pointer to the retrieved certificate SerialNumber bytes.\r
+ @param[in, out] SerialNumberSize The size in bytes of the SerialNumber buffer on input,\r
+ and the size of buffer returned SerialNumber on output.\r
+\r
+ @retval TRUE The certificate serialNumber retrieved successfully.\r
+ @retval FALSE If Cert is NULL or CertSize is Zero.\r
+ If SerialNumberSize is NULL.\r
+ If Certificate is invalid.\r
+ @retval FALSE If no SerialNumber exists.\r
+ @retval FALSE If the SerialNumber is NULL. The required buffer size\r
+ (including the final null) is returned in the\r
+ SerialNumberSize parameter.\r
+ @retval FALSE The operation is not supported.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+X509GetSerialNumber (\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ OUT UINT8 *SerialNumber, OPTIONAL\r
+ IN OUT UINTN *SerialNumberSize\r
+ )\r
+{\r
+ CALL_CRYPTO_SERVICE (X509GetSerialNumber, (Cert, CertSize, SerialNumber, SerialNumberSize), FALSE);\r
+}\r
+\r
+/**\r
+ Retrieve the issuer bytes from one X.509 certificate.\r
+\r
+ If Cert is NULL, then return FALSE.\r
+ If CertIssuerSize is NULL, then return FALSE.\r
+ If this interface is not supported, then return FALSE.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[out] CertIssuer Pointer to the retrieved certificate subject bytes.\r
+ @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buffer on input,\r
+ and the size of buffer returned CertSubject on output.\r
+\r
+ @retval TRUE The certificate issuer retrieved successfully.\r
+ @retval FALSE Invalid certificate, or the CertIssuerSize is too small for the result.\r
+ The CertIssuerSize will be updated with the required size.\r
+ @retval FALSE This interface is not supported.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+X509GetIssuerName (\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ OUT UINT8 *CertIssuer,\r
+ IN OUT UINTN *CertIssuerSize\r
+ )\r
+{\r
+ CALL_CRYPTO_SERVICE (X509GetIssuerName, (Cert, CertSize, CertIssuer, CertIssuerSize), FALSE);\r
+}\r
+\r
+/**\r
+ Retrieve the Signature Algorithm from one X.509 certificate.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[out] Oid Signature Algorithm Object identifier buffer.\r
+ @param[in,out] OidSize Signature Algorithm Object identifier buffer size\r
+\r
+ @retval TRUE The certificate Extension data retrieved successfully.\r
+ @retval FALSE If Cert is NULL.\r
+ If OidSize is NULL.\r
+ If Oid is not NULL and *OidSize is 0.\r
+ If Certificate is invalid.\r
+ @retval FALSE If no SignatureType.\r
+ @retval FALSE If the Oid is NULL. The required buffer size\r
+ is returned in the OidSize.\r
+ @retval FALSE The operation is not supported.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+X509GetSignatureAlgorithm (\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ OUT UINT8 *Oid, OPTIONAL\r
+ IN OUT UINTN *OidSize\r
+ )\r
+{\r
+ CALL_CRYPTO_SERVICE (X509GetSignatureAlgorithm, (Cert, CertSize, Oid, OidSize), FALSE);\r
+}\r
+\r
+/**\r
+ Retrieve Extension data from one X.509 certificate.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[in] Oid Object identifier buffer\r
+ @param[in] OidSize Object identifier buffer size\r
+ @param[out] ExtensionData Extension bytes.\r
+ @param[in, out] ExtensionDataSize Extension bytes size.\r
+\r
+ @retval TRUE The certificate Extension data retrieved successfully.\r
+ @retval FALSE If Cert is NULL.\r
+ If ExtensionDataSize is NULL.\r
+ If ExtensionData is not NULL and *ExtensionDataSize is 0.\r
+ If Certificate is invalid.\r
+ @retval FALSE If no Extension entry match Oid.\r
+ @retval FALSE If the ExtensionData is NULL. The required buffer size\r
+ is returned in the ExtensionDataSize parameter.\r
+ @retval FALSE The operation is not supported.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+X509GetExtensionData (\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ IN CONST UINT8 *Oid,\r
+ IN UINTN OidSize,\r
+ OUT UINT8 *ExtensionData,\r
+ IN OUT UINTN *ExtensionDataSize\r
+ )\r
+{\r
+ CALL_CRYPTO_SERVICE (X509GetExtensionData, (Cert, CertSize, Oid, OidSize, ExtensionData, ExtensionDataSize), FALSE);\r
+}\r
+\r
+/**\r
+ Retrieve the Extended Key Usage from one X.509 certificate.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[out] Usage Key Usage bytes.\r
+ @param[in, out] UsageSize Key Usage buffer sizs in bytes.\r
+\r
+ @retval TRUE The Usage bytes retrieve successfully.\r
+ @retval FALSE If Cert is NULL.\r
+ If CertSize is NULL.\r
+ If Usage is not NULL and *UsageSize is 0.\r
+ If Cert is invalid.\r
+ @retval FALSE If the Usage is NULL. The required buffer size\r
+ is returned in the UsageSize parameter.\r
+ @retval FALSE The operation is not supported.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+X509GetExtendedKeyUsage (\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ OUT UINT8 *Usage,\r
+ IN OUT UINTN *UsageSize\r
+ )\r
+{\r
+ CALL_CRYPTO_SERVICE (X509GetExtendedKeyUsage, (Cert, CertSize, Usage, UsageSize), FALSE);\r
+}\r
+\r
+/**\r
+ Retrieve the Validity from one X.509 certificate\r
+\r
+ If Cert is NULL, then return FALSE.\r
+ If CertIssuerSize is NULL, then return FALSE.\r
+ If this interface is not supported, then return FALSE.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[in] From notBefore Pointer to DateTime object.\r
+ @param[in,out] FromSize notBefore DateTime object size.\r
+ @param[in] To notAfter Pointer to DateTime object.\r
+ @param[in,out] ToSize notAfter DateTime object size.\r
+\r
+ Note: X509CompareDateTime to compare DateTime oject\r
+ x509SetDateTime to get a DateTime object from a DateTimeStr\r
+\r
+ @retval TRUE The certificate Validity retrieved successfully.\r
+ @retval FALSE Invalid certificate, or Validity retrieve failed.\r
+ @retval FALSE This interface is not supported.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+X509GetValidity (\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ IN UINT8 *From,\r
+ IN OUT UINTN *FromSize,\r
+ IN UINT8 *To,\r
+ IN OUT UINTN *ToSize\r
+ )\r
+{\r
+ CALL_CRYPTO_SERVICE (X509GetValidity, (Cert, CertSize, From, FromSize, To, ToSize), FALSE);\r
+}\r
+\r
+/**\r
+ Format a DateTimeStr to DataTime object in DataTime Buffer\r
+\r
+ If DateTimeStr is NULL, then return FALSE.\r
+ If DateTimeSize is NULL, then return FALSE.\r
+ If this interface is not supported, then return FALSE.\r
+\r
+ @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ\r
+ Ref: https://www.w3.org/TR/NOTE-datetime\r
+ Z stand for UTC time\r
+ @param[out] DateTime Pointer to a DateTime object.\r
+ @param[in,out] DateTimeSize DateTime object buffer size.\r
+\r
+ @retval TRUE The DateTime object create successfully.\r
+ @retval FALSE If DateTimeStr is NULL.\r
+ If DateTimeSize is NULL.\r
+ If DateTime is not NULL and *DateTimeSize is 0.\r
+ If Year Month Day Hour Minute Second combination is invalid datetime.\r
+ @retval FALSE If the DateTime is NULL. The required buffer size\r
+ (including the final null) is returned in the\r
+ DateTimeSize parameter.\r
+ @retval FALSE The operation is not supported.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+X509FormatDateTime (\r
+ IN CONST CHAR8 *DateTimeStr,\r
+ OUT VOID *DateTime,\r
+ IN OUT UINTN *DateTimeSize\r
+ )\r
+{\r
+ CALL_CRYPTO_SERVICE (X509FormatDateTime, (DateTimeStr, DateTime, DateTimeSize), FALSE);\r
+}\r
+\r
+/**\r
+ Compare DateTime1 object and DateTime2 object.\r
+\r
+ If DateTime1 is NULL, then return -2.\r
+ If DateTime2 is NULL, then return -2.\r
+ If DateTime1 == DateTime2, then return 0\r
+ If DateTime1 > DateTime2, then return 1\r
+ If DateTime1 < DateTime2, then return -1\r
+\r
+ @param[in] DateTime1 Pointer to a DateTime Ojbect\r
+ @param[in] DateTime2 Pointer to a DateTime Object\r
+\r
+ @retval 0 If DateTime1 == DateTime2\r
+ @retval 1 If DateTime1 > DateTime2\r
+ @retval -1 If DateTime1 < DateTime2\r
+**/\r
+INT32\r
+EFIAPI\r
+X509CompareDateTime (\r
+ IN CONST VOID *DateTime1,\r
+ IN CONST VOID *DateTime2\r
+ )\r
+{\r
+ CALL_CRYPTO_SERVICE (X509CompareDateTime, (DateTime1, DateTime2), FALSE);\r
+}\r
+\r
+/**\r
+ Retrieve the Key Usage from one X.509 certificate.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[out] Usage Key Usage (CRYPTO_X509_KU_*)\r
+\r
+ @retval TRUE The certificate Key Usage retrieved successfully.\r
+ @retval FALSE Invalid certificate, or Usage is NULL\r
+ @retval FALSE This interface is not supported.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+X509GetKeyUsage (\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ OUT UINTN *Usage\r
+ )\r
+{\r
+ CALL_CRYPTO_SERVICE (X509GetKeyUsage, (Cert, CertSize, Usage), FALSE);\r
+}\r
+\r
+/**\r
+ Verify one X509 certificate was issued by the trusted CA.\r
+ @param[in] RootCert Trusted Root Certificate buffer\r
+\r
+ @param[in] RootCertLength Trusted Root Certificate buffer length\r
+ @param[in] CertChain One or more ASN.1 DER-encoded X.509 certificates\r
+ where the first certificate is signed by the Root\r
+ Certificate or is the Root Cerificate itself. and\r
+ subsequent cerificate is signed by the preceding\r
+ cerificate.\r
+ @param[in] CertChainLength Total length of the certificate chain, in bytes.\r
+\r
+ @retval TRUE All cerificates was issued by the first certificate in X509Certchain.\r
+ @retval FALSE Invalid certificate or the certificate was not issued by the given\r
+ trusted CA.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+X509VerifyCertChain (\r
+ IN CONST UINT8 *RootCert,\r
+ IN UINTN RootCertLength,\r
+ IN CONST UINT8 *CertChain,\r
+ IN UINTN CertChainLength\r
+ )\r
+{\r
+ CALL_CRYPTO_SERVICE (X509VerifyCertChain, (RootCert, RootCertLength, CertChain, CertChainLength), FALSE);\r
+}\r
+\r
+/**\r
+ Get one X509 certificate from CertChain.\r
+\r
+ @param[in] CertChain One or more ASN.1 DER-encoded X.509 certificates\r
+ where the first certificate is signed by the Root\r
+ Certificate or is the Root Cerificate itself. and\r
+ subsequent cerificate is signed by the preceding\r
+ cerificate.\r
+ @param[in] CertChainLength Total length of the certificate chain, in bytes.\r
+\r
+ @param[in] CertIndex Index of certificate.\r
+\r
+ @param[out] Cert The certificate at the index of CertChain.\r
+ @param[out] CertLength The length certificate at the index of CertChain.\r
+\r
+ @retval TRUE Success.\r
+ @retval FALSE Failed to get certificate from certificate chain.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+X509GetCertFromCertChain (\r
+ IN CONST UINT8 *CertChain,\r
+ IN UINTN CertChainLength,\r
+ IN CONST INT32 CertIndex,\r
+ OUT CONST UINT8 **Cert,\r
+ OUT UINTN *CertLength\r
+ )\r
+{\r
+ CALL_CRYPTO_SERVICE (X509GetCertFromCertChain, (CertChain, CertChainLength, CertIndex, Cert, CertLength), FALSE);\r
+}\r
+\r
+/**\r
+ Retrieve the tag and length of the tag.\r
+\r
+ @param Ptr The position in the ASN.1 data\r
+ @param End End of data\r
+ @param Length The variable that will receive the length\r
+ @param Tag The expected tag\r
+\r
+ @retval TRUE Get tag successful\r
+ @retval FALSe Failed to get tag or tag not match\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Asn1GetTag (\r
+ IN OUT UINT8 **Ptr,\r
+ IN CONST UINT8 *End,\r
+ OUT UINTN *Length,\r
+ IN UINT32 Tag\r
+ )\r
+{\r
+ CALL_CRYPTO_SERVICE (Asn1GetTag, (Ptr, End, Length, Tag), FALSE);\r
+}\r
+\r
+/**\r
+ Retrieve the basic constraints from one X.509 certificate.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize size of the X509 certificate in bytes.\r
+ @param[out] BasicConstraints basic constraints bytes.\r
+ @param[in, out] BasicConstraintsSize basic constraints buffer sizs in bytes.\r
+\r
+ @retval TRUE The basic constraints retrieve successfully.\r
+ @retval FALSE If cert is NULL.\r
+ If cert_size is NULL.\r
+ If basic_constraints is not NULL and *basic_constraints_size is 0.\r
+ If cert is invalid.\r
+ @retval FALSE The required buffer size is small.\r
+ The return buffer size is basic_constraints_size parameter.\r
+ @retval FALSE If no Extension entry match oid.\r
+ @retval FALSE The operation is not supported.\r
+ **/\r
+BOOLEAN\r
+EFIAPI\r
+X509GetExtendedBasicConstraints (\r
+ CONST UINT8 *Cert,\r
+ UINTN CertSize,\r
+ UINT8 *BasicConstraints,\r
+ UINTN *BasicConstraintsSize\r
+ )\r
+{\r
+ CALL_CRYPTO_SERVICE (X509GetExtendedBasicConstraints, (Cert, CertSize, BasicConstraints, BasicConstraintsSize), FALSE);\r
+}\r
+\r
/**\r
Derives a key from a password using a salt and iteration count, based on PKCS#5 v2.0\r
password based encryption key derivation function PBKDF2, as specified in RFC 2898.\r
/// the EDK II Crypto Protocol is extended, this version define must be\r
/// increased.\r
///\r
-#define EDKII_CRYPTO_VERSION 15\r
+#define EDKII_CRYPTO_VERSION 16\r
\r
///\r
/// EDK II Crypto Protocol forward declaration\r
OUT UINTN *TBSCertSize\r
);\r
\r
+/**\r
+ Retrieve the version from one X.509 certificate.\r
+\r
+ If Cert is NULL, then return FALSE.\r
+ If CertSize is 0, then return FALSE.\r
+ If this interface is not supported, then return FALSE.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[out] Version Pointer to the retrieved version integer.\r
+\r
+ @retval TRUE The certificate version retrieved successfully.\r
+ @retval FALSE If Cert is NULL or CertSize is Zero.\r
+ @retval FALSE The operation is not supported.\r
+\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *EDKII_CRYPTO_X509_GET_VERSION)(\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ OUT UINTN *Version\r
+ );\r
+\r
+/**\r
+ Retrieve the serialNumber from one X.509 certificate.\r
+\r
+ If Cert is NULL, then return FALSE.\r
+ If CertSize is 0, then return FALSE.\r
+ If this interface is not supported, then return FALSE.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[out] SerialNumber Pointer to the retrieved certificate SerialNumber bytes.\r
+ @param[in, out] SerialNumberSize The size in bytes of the SerialNumber buffer on input,\r
+ and the size of buffer returned SerialNumber on output.\r
+\r
+ @retval TRUE The certificate serialNumber retrieved successfully.\r
+ @retval FALSE If Cert is NULL or CertSize is Zero.\r
+ If SerialNumberSize is NULL.\r
+ If Certificate is invalid.\r
+ @retval FALSE If no SerialNumber exists.\r
+ @retval FALSE If the SerialNumber is NULL. The required buffer size\r
+ (including the final null) is returned in the\r
+ SerialNumberSize parameter.\r
+ @retval FALSE The operation is not supported.\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *EDKII_CRYPTO_X509_GET_SERIAL_NUMBER)(\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ OUT UINT8 *SerialNumber, OPTIONAL\r
+ IN OUT UINTN *SerialNumberSize\r
+ );\r
+\r
+/**\r
+ Retrieve the issuer bytes from one X.509 certificate.\r
+\r
+ If Cert is NULL, then return FALSE.\r
+ If CertIssuerSize is NULL, then return FALSE.\r
+ If this interface is not supported, then return FALSE.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[out] CertIssuer Pointer to the retrieved certificate subject bytes.\r
+ @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buffer on input,\r
+ and the size of buffer returned CertSubject on output.\r
+\r
+ @retval TRUE The certificate issuer retrieved successfully.\r
+ @retval FALSE Invalid certificate, or the CertIssuerSize is too small for the result.\r
+ The CertIssuerSize will be updated with the required size.\r
+ @retval FALSE This interface is not supported.\r
+\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *EDKII_CRYPTO_X509_GET_ISSUER_NAME)(\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ OUT UINT8 *CertIssuer,\r
+ IN OUT UINTN *CertIssuerSize\r
+ );\r
+\r
+/**\r
+ Retrieve the Signature Algorithm from one X.509 certificate.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[out] Oid Signature Algorithm Object identifier buffer.\r
+ @param[in,out] OidSize Signature Algorithm Object identifier buffer size\r
+\r
+ @retval TRUE The certificate Extension data retrieved successfully.\r
+ @retval FALSE If Cert is NULL.\r
+ If OidSize is NULL.\r
+ If Oid is not NULL and *OidSize is 0.\r
+ If Certificate is invalid.\r
+ @retval FALSE If no SignatureType.\r
+ @retval FALSE If the Oid is NULL. The required buffer size\r
+ is returned in the OidSize.\r
+ @retval FALSE The operation is not supported.\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *EDKII_CRYPTO_X509_GET_SIGNATURE_ALGORITHM)(\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ OUT UINT8 *Oid, OPTIONAL\r
+ IN OUT UINTN *OidSize\r
+ );\r
+\r
+/**\r
+ Retrieve Extension data from one X.509 certificate.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[in] Oid Object identifier buffer\r
+ @param[in] OidSize Object identifier buffer size\r
+ @param[out] ExtensionData Extension bytes.\r
+ @param[in, out] ExtensionDataSize Extension bytes size.\r
+\r
+ @retval TRUE The certificate Extension data retrieved successfully.\r
+ @retval FALSE If Cert is NULL.\r
+ If ExtensionDataSize is NULL.\r
+ If ExtensionData is not NULL and *ExtensionDataSize is 0.\r
+ If Certificate is invalid.\r
+ @retval FALSE If no Extension entry match Oid.\r
+ @retval FALSE If the ExtensionData is NULL. The required buffer size\r
+ is returned in the ExtensionDataSize parameter.\r
+ @retval FALSE The operation is not supported.\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *EDKII_CRYPTO_X509_GET_EXTENSION_DATA)(\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ IN CONST UINT8 *Oid,\r
+ IN UINTN OidSize,\r
+ OUT UINT8 *ExtensionData,\r
+ IN OUT UINTN *ExtensionDataSize\r
+ );\r
+\r
+/**\r
+ Retrieve the Extended Key Usage from one X.509 certificate.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[out] Usage Key Usage bytes.\r
+ @param[in, out] UsageSize Key Usage buffer sizs in bytes.\r
+\r
+ @retval TRUE The Usage bytes retrieve successfully.\r
+ @retval FALSE If Cert is NULL.\r
+ If CertSize is NULL.\r
+ If Usage is not NULL and *UsageSize is 0.\r
+ If Cert is invalid.\r
+ @retval FALSE If the Usage is NULL. The required buffer size\r
+ is returned in the UsageSize parameter.\r
+ @retval FALSE The operation is not supported.\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *EDKII_CRYPTO_X509_GET_EXTENDED_KEY_USAGE)(\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ OUT UINT8 *Usage,\r
+ IN OUT UINTN *UsageSize\r
+ );\r
+\r
+/**\r
+ Retrieve the Validity from one X.509 certificate\r
+\r
+ If Cert is NULL, then return FALSE.\r
+ If CertIssuerSize is NULL, then return FALSE.\r
+ If this interface is not supported, then return FALSE.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[out] From notBefore Pointer to DateTime object.\r
+ @param[in,out] FromSize notBefore DateTime object size.\r
+ @param[out] To notAfter Pointer to DateTime object.\r
+ @param[in,out] ToSize notAfter DateTime object size.\r
+\r
+ Note: X509CompareDateTime to compare DateTime oject\r
+ x509SetDateTime to get a DateTime object from a DateTimeStr\r
+\r
+ @retval TRUE The certificate Validity retrieved successfully.\r
+ @retval FALSE Invalid certificate, or Validity retrieve failed.\r
+ @retval FALSE This interface is not supported.\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *EDKII_CRYPTO_X509_GET_VALIDITY)(\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ IN UINT8 *From,\r
+ IN OUT UINTN *FromSize,\r
+ IN UINT8 *To,\r
+ IN OUT UINTN *ToSize\r
+ );\r
+\r
+/**\r
+ Format a DateTimeStr to DataTime object in DataTime Buffer\r
+\r
+ If DateTimeStr is NULL, then return FALSE.\r
+ If DateTimeSize is NULL, then return FALSE.\r
+ If this interface is not supported, then return FALSE.\r
+\r
+ @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ\r
+ Ref: https://www.w3.org/TR/NOTE-datetime\r
+ Z stand for UTC time\r
+ @param[in,out] DateTime Pointer to a DateTime object.\r
+ @param[in,out] DateTimeSize DateTime object buffer size.\r
+\r
+ @retval TRUE The DateTime object create successfully.\r
+ @retval FALSE If DateTimeStr is NULL.\r
+ If DateTimeSize is NULL.\r
+ If DateTime is not NULL and *DateTimeSize is 0.\r
+ If Year Month Day Hour Minute Second combination is invalid datetime.\r
+ @retval FALSE If the DateTime is NULL. The required buffer size\r
+ (including the final null) is returned in the\r
+ DateTimeSize parameter.\r
+ @retval FALSE The operation is not supported.\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *EDKII_CRYPTO_X509_FORMAT_DATE_TIME)(\r
+ IN CONST CHAR8 *DateTimeStr,\r
+ OUT VOID *DateTime,\r
+ IN OUT UINTN *DateTimeSize\r
+ );\r
+\r
+/**\r
+ Compare DateTime1 object and DateTime2 object.\r
+\r
+ If DateTime1 is NULL, then return -2.\r
+ If DateTime2 is NULL, then return -2.\r
+ If DateTime1 == DateTime2, then return 0\r
+ If DateTime1 > DateTime2, then return 1\r
+ If DateTime1 < DateTime2, then return -1\r
+\r
+ @param[in] DateTime1 Pointer to a DateTime Ojbect\r
+ @param[in] DateTime2 Pointer to a DateTime Object\r
+\r
+ @retval 0 If DateTime1 == DateTime2\r
+ @retval 1 If DateTime1 > DateTime2\r
+ @retval -1 If DateTime1 < DateTime2\r
+**/\r
+typedef\r
+INT32\r
+(EFIAPI *EDKII_CRYPTO_X509_COMPARE_DATE_TIME)(\r
+ IN CONST VOID *DateTime1,\r
+ IN CONST VOID *DateTime2\r
+ );\r
+\r
+/**\r
+ Retrieve the Key Usage from one X.509 certificate.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[out] Usage Key Usage (CRYPTO_X509_KU_*)\r
+\r
+ @retval TRUE The certificate Key Usage retrieved successfully.\r
+ @retval FALSE Invalid certificate, or Usage is NULL\r
+ @retval FALSE This interface is not supported.\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *EDKII_CRYPTO_X509_GET_KEY_USAGE)(\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ OUT UINTN *Usage\r
+ );\r
+\r
+/**\r
+ Verify one X509 certificate was issued by the trusted CA.\r
+\r
+ @param[in] CertChain One or more ASN.1 DER-encoded X.509 certificates\r
+ where the first certificate is signed by the Root\r
+ Certificate or is the Root Cerificate itself. and\r
+ subsequent cerificate is signed by the preceding\r
+ cerificate.\r
+ @param[in] CertChainLength Total length of the certificate chain, in bytes.\r
+\r
+ @param[in] RootCert Trusted Root Certificate buffer\r
+\r
+ @param[in] RootCertLength Trusted Root Certificate buffer length\r
+\r
+ @retval TRUE All cerificates was issued by the first certificate in X509Certchain.\r
+ @retval FALSE Invalid certificate or the certificate was not issued by the given\r
+ trusted CA.\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *EDKII_CRYPTO_X509_VERIFY_CERT_CHAIN)(\r
+ IN CONST UINT8 *RootCert,\r
+ IN UINTN RootCertLength,\r
+ IN CONST UINT8 *CertChain,\r
+ IN UINTN CertChainLength\r
+ );\r
+\r
+/**\r
+ Get one X509 certificate from CertChain.\r
+\r
+ @param[in] CertChain One or more ASN.1 DER-encoded X.509 certificates\r
+ where the first certificate is signed by the Root\r
+ Certificate or is the Root Cerificate itself. and\r
+ subsequent cerificate is signed by the preceding\r
+ cerificate.\r
+ @param[in] CertChainLength Total length of the certificate chain, in bytes.\r
+\r
+ @param[in] CertIndex Index of certificate.\r
+\r
+ @param[out] Cert The certificate at the index of CertChain.\r
+ @param[out] CertLength The length certificate at the index of CertChain.\r
+\r
+ @retval TRUE Success.\r
+ @retval FALSE Failed to get certificate from certificate chain.\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *EDKII_CRYPTO_X509_GET_CERT_FROM_CERT_CHAIN)(\r
+ IN CONST UINT8 *CertChain,\r
+ IN UINTN CertChainLength,\r
+ IN CONST INT32 CertIndex,\r
+ OUT CONST UINT8 **Cert,\r
+ OUT UINTN *CertLength\r
+ );\r
+\r
+/**\r
+ Retrieve the tag and length of the tag.\r
+\r
+ @param Ptr The position in the ASN.1 data\r
+ @param End End of data\r
+ @param Length The variable that will receive the length\r
+ @param Tag The expected tag\r
+\r
+ @retval TRUE Get tag successful\r
+ @retval FALSe Failed to get tag or tag not match\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *EDKII_CRYPTO_ASN1_GET_TAG)(\r
+ IN OUT UINT8 **Ptr,\r
+ IN CONST UINT8 *End,\r
+ OUT UINTN *Length,\r
+ IN UINT32 Tag\r
+ );\r
+\r
+/**\r
+ Retrieve the basic constraints from one X.509 certificate.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize size of the X509 certificate in bytes.\r
+ @param[out] BasicConstraints basic constraints bytes.\r
+ @param[in, out] BasicConstraintsSize basic constraints buffer sizs in bytes.\r
+\r
+ @retval TRUE The basic constraints retrieve successfully.\r
+ @retval FALSE If cert is NULL.\r
+ If cert_size is NULL.\r
+ If basic_constraints is not NULL and *basic_constraints_size is 0.\r
+ If cert is invalid.\r
+ @retval FALSE The required buffer size is small.\r
+ The return buffer size is basic_constraints_size parameter.\r
+ @retval FALSE If no Extension entry match oid.\r
+ @retval FALSE The operation is not supported.\r
+ **/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *EDKII_CRYPTO_X509_GET_EXTENDED_BASIC_CONSTRAINTS)(\r
+ CONST UINT8 *Cert,\r
+ UINTN CertSize,\r
+ UINT8 *BasicConstraints,\r
+ UINTN *BasicConstraintsSize\r
+ );\r
+\r
// =====================================================================================\r
// Symmetric Cryptography Primitive\r
// =====================================================================================\r
EDKII_CRYPTO_EC_GET_PRIVATE_KEY_FROM_PEM EcGetPrivateKeyFromPem;\r
EDKII_CRYPTO_EC_DSA_SIGN EcDsaSign;\r
EDKII_CRYPTO_EC_DSA_VERIFY EcDsaVerify;\r
+ /// X509 (Continued)\r
+ EDKII_CRYPTO_X509_GET_VERSION X509GetVersion;\r
+ EDKII_CRYPTO_X509_GET_SERIAL_NUMBER X509GetSerialNumber;\r
+ EDKII_CRYPTO_X509_GET_ISSUER_NAME X509GetIssuerName;\r
+ EDKII_CRYPTO_X509_GET_SIGNATURE_ALGORITHM X509GetSignatureAlgorithm;\r
+ EDKII_CRYPTO_X509_GET_EXTENSION_DATA X509GetExtensionData;\r
+ EDKII_CRYPTO_X509_GET_EXTENDED_KEY_USAGE X509GetExtendedKeyUsage;\r
+ EDKII_CRYPTO_X509_GET_VALIDITY X509GetValidity;\r
+ EDKII_CRYPTO_X509_FORMAT_DATE_TIME X509FormatDateTime;\r
+ EDKII_CRYPTO_X509_COMPARE_DATE_TIME X509CompareDateTime;\r
+ EDKII_CRYPTO_X509_GET_KEY_USAGE X509GetKeyUsage;\r
+ EDKII_CRYPTO_X509_VERIFY_CERT_CHAIN X509VerifyCertChain;\r
+ EDKII_CRYPTO_X509_GET_CERT_FROM_CERT_CHAIN X509GetCertFromCertChain;\r
+ EDKII_CRYPTO_ASN1_GET_TAG Asn1GetTag;\r
+ EDKII_CRYPTO_X509_GET_EXTENDED_BASIC_CONSTRAINTS X509GetExtendedBasicConstraints;\r
};\r
\r
extern GUID gEdkiiCryptoProtocolGuid;\r
projects / mirror_edk2.git / commitdiff