From nobody Thu May 9 17:52:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+94932+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94932+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1665401568; cv=none; d=zohomail.com; s=zohoarc; b=ahy9xr15g1HKt3f2vKDHCGxz4E/3COENIk4/x6uAarNeaLRbzz95sprpIsCReZ8OQvVkVUnQOHNiT6sl7eYELHZv0YRRIVvEkr18FPvskpgJxZUdGTMTEB+thWr301SUfPw9FUHqweAWfdMQEIvMUxl1GdF/QR4mu+UqDZgY7K8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1665401568; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=UFZh/GldNoUCr+XIYLVmUJfeeTrC7UUE6m3ul0a+C8A=; b=Uc6pcSYOTGmKfVoT3Zw3uatNW5Wu9eCq6sORXFG0qbOkti8cUxBWG87Bb0SlcZBrXjca427BXmdcw0XT8/nhH9/hKUd79XfnKikY3Jn8qRqm3hQPej5K+D+Vlth/jCmGyhALQJBedeF5hh5sHt10k6BPdImEv0f2/96XJxsIYi8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94932+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1665401568082207.14911287892846; Mon, 10 Oct 2022 04:32:48 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id SPLTYY1788612xrkB2tU3cO6; Mon, 10 Oct 2022 04:32:47 -0700 X-Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web12.5191.1665401566013137258 for ; Mon, 10 Oct 2022 04:32:46 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10495"; a="291489584" X-IronPort-AV: E=Sophos;i="5.95,173,1661842800"; d="scan'208";a="291489584" X-Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Oct 2022 04:32:36 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10495"; a="620990410" X-IronPort-AV: E=Sophos;i="5.95,173,1661842800"; d="scan'208";a="620990410" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.157.129]) by orsmga007.jf.intel.com with ESMTP; 10 Oct 2022 04:32:34 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH V2 1/4] CryptoPkg: add new X509 function definition. Date: Mon, 10 Oct 2022 19:32:25 +0800 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: w0l1CDrBap4iRFQOySbEhHzOx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1665401567; bh=tz2h+Fm9nMwMMGdYAVCv82Av+5l0poxkp6j/kMKZPNU=; h=Cc:Date:From:Reply-To:Subject:To; b=RQbMZkoExBHy7cu8Nox3hcXX4PexJbu3nxJwp6CT0MXBKmMzFjVZE/Bz4e5Clva09dm aF/uCFj/MP80Cww1XC+GMS/p4mxDOsoM8+Sw+7dkJF+CSvLv/fShyKOKI8zGYdX7HtqBF Y/sEot1r1KiignaKrBRhs74Gb8jG1FWc6P0= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1665401568359100002 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4082 Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Qi Zhang --- CryptoPkg/Include/Library/BaseCryptLib.h | 374 +++++++++++++++++++++++ 1 file changed, 374 insertions(+) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index 63c6228368..f9293cb54a 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -2466,6 +2466,380 @@ ImageTimestampVerify ( OUT EFI_TIME *SigningTime ); =20 +/** + Retrieve the version from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertSize is 0, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Version Pointer to the retrieved version integer. + + @retval TRUE The certificate version retrieved successfully. + @retval FALSE If Cert is NULL or CertSize is Zero. + @retval FALSE The operation is not supported. + +**/ +BOOLEAN +EFIAPI +X509GetVersion ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINTN *Version + ); + +/** + Retrieve the serialNumber from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertSize is 0, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] SerialNumber Pointer to the retrieved certificate Seria= lNumber bytes. + @param[in, out] SerialNumberSize The size in bytes of the SerialNumber = buffer on input, + and the size of buffer returned SerialNumbe= r on output. + + @retval TRUE The certificate serialNumber retrieved = successfully. + @retval FALSE If Cert is NULL or CertSize is Zero. + If SerialNumberSize is NULL. + If Certificate is invalid. + @retval FALSE If no SerialNumber exists. + @retval FALSE If the SerialNumber is NULL. The requir= ed buffer size + (including the final null) is returned = in the + SerialNumberSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetSerialNumber ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *SerialNumber, OPTIONAL + IN OUT UINTN *SerialNumberSize + ); + +/** + Retrieve the issuer bytes from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertIssuerSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] CertIssuer Pointer to the retrieved certificate subject= bytes. + @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buff= er on input, + and the size of buffer returned CertSubject= on output. + + @retval TRUE The certificate issuer retrieved successfully. + @retval FALSE Invalid certificate, or the CertIssuerSize is too small = for the result. + The CertIssuerSize will be updated with the required siz= e. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +X509GetIssuerName ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *CertIssuer, + IN OUT UINTN *CertIssuerSize + ); + +/** + Retrieve the Signature Algorithm from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Oid Signature Algorithm Object identifier b= uffer. + @param[in,out] OidSize Signature Algorithm Object identifier b= uffer size + + @retval TRUE The certificate Extension data retrieved successf= ully. + @retval FALSE If Cert is NULL. + If OidSize is NULL. + If Oid is not NULL and *OidSize is 0. + If Certificate is invalid. + @retval FALSE If no SignatureType. + @retval FALSE If the Oid is NULL. The required buffer= size + is returned in the OidSize. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetSignatureAlgorithm ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *Oid, OPTIONAL + IN OUT UINTN *OidSize + ); + +/** + Retrieve Extension data from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[in] Oid Object identifier buffer + @param[in] OidSize Object identifier buffer size + @param[out] ExtensionData Extension bytes. + @param[in, out] ExtensionDataSize Extension bytes size. + + @retval TRUE The certificate Extension data retrieve= d successfully. + @retval FALSE If Cert is NULL. + If ExtensionDataSize is NULL. + If ExtensionData is not NULL and *Exten= sionDataSize is 0. + If Certificate is invalid. + @retval FALSE If no Extension entry match Oid. + @retval FALSE If the ExtensionData is NULL. The requi= red buffer size + is returned in the ExtensionDataSize pa= rameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetExtensionData ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN CONST UINT8 *Oid, + IN UINTN OidSize, + OUT UINT8 *ExtensionData, + IN OUT UINTN *ExtensionDataSize + ); + +/** + Retrieve the Validity from one X.509 certificate + + If Cert is NULL, then return FALSE. + If CertIssuerSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[in] From notBefore Pointer to DateTime object. + @param[in,out] FromSize notBefore DateTime object size. + @param[in] To notAfter Pointer to DateTime object. + @param[in,out] ToSize notAfter DateTime object size. + + Note: X509CompareDateTime to compare DateTime oject + x509SetDateTime to get a DateTime object from a DateTimeStr + + @retval TRUE The certificate Validity retrieved successfully. + @retval FALSE Invalid certificate, or Validity retrieve failed. + @retval FALSE This interface is not supported. +**/ +BOOLEAN +EFIAPI +X509GetValidity ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN UINT8 *From, + IN OUT UINTN *FromSize, + IN UINT8 *To, + IN OUT UINTN *ToSize + ); + +/** + Format a DateTimeStr to DataTime object in DataTime Buffer + + If DateTimeStr is NULL, then return FALSE. + If DateTimeSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ + Ref: https://www.w3.org/TR/NOTE-datetime + Z stand for UTC time + @param[out] DateTime Pointer to a DateTime object. + @param[in,out] DateTimeSize DateTime object buffer size. + + @retval TRUE The DateTime object create successfully. + @retval FALSE If DateTimeStr is NULL. + If DateTimeSize is NULL. + If DateTime is not NULL and *DateTimeSi= ze is 0. + If Year Month Day Hour Minute Second co= mbination is invalid datetime. + @retval FALSE If the DateTime is NULL. The required b= uffer size + (including the final null) is returned = in the + DateTimeSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509FormatDateTime ( + IN CONST CHAR8 *DateTimeStr, + OUT VOID *DateTime, + IN OUT UINTN *DateTimeSize + ); + +/** + Compare DateTime1 object and DateTime2 object. + + If DateTime1 is NULL, then return -2. + If DateTime2 is NULL, then return -2. + If DateTime1 =3D=3D DateTime2, then return 0 + If DateTime1 > DateTime2, then return 1 + If DateTime1 < DateTime2, then return -1 + + @param[in] DateTime1 Pointer to a DateTime Ojbect + @param[in] DateTime2 Pointer to a DateTime Object + + @retval 0 If DateTime1 =3D=3D DateTime2 + @retval 1 If DateTime1 > DateTime2 + @retval -1 If DateTime1 < DateTime2 +**/ +INT32 +EFIAPI +X509CompareDateTime ( + IN CONST VOID *DateTime1, + IN CONST VOID *DateTime2 + ); + +/** + Retrieve the Key Usage from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Usage Key Usage (CRYPTO_X509_KU_*) + + @retval TRUE The certificate Key Usage retrieved successfully. + @retval FALSE Invalid certificate, or Usage is NULL + @retval FALSE This interface is not supported. +**/ +BOOLEAN +EFIAPI +X509GetKeyUsage ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINTN *Usage + ); + +/** + Retrieve the Extended Key Usage from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Usage Key Usage bytes. + @param[in, out] UsageSize Key Usage buffer sizs in bytes. + + @retval TRUE The Usage bytes retrieve successfully. + @retval FALSE If Cert is NULL. + If CertSize is NULL. + If Usage is not NULL and *UsageSize is = 0. + If Cert is invalid. + @retval FALSE If the Usage is NULL. The required buff= er size + is returned in the UsageSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetExtendedKeyUsage ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *Usage, + IN OUT UINTN *UsageSize + ); + +/** + Verify one X509 certificate was issued by the trusted CA. + @param[in] RootCert Trusted Root Certificate buffer + + @param[in] RootCertLength Trusted Root Certificate buffer length + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates + where the first certificate is signed = by the Root + Certificate or is the Root Cerificate = itself. and + subsequent cerificate is signed by the= preceding + cerificate. + @param[in] CertChainLength Total length of the certificate chain,= in bytes. + + @retval TRUE All cerificates was issued by the first certificate in X= 509Certchain. + @retval FALSE Invalid certificate or the certificate was not issued by= the given + trusted CA. +**/ +BOOLEAN +EFIAPI +X509VerifyCertChain ( + IN CONST UINT8 *RootCert, + IN UINTN RootCertLength, + IN CONST UINT8 *CertChain, + IN UINTN CertChainLength + ); + +/** + Get one X509 certificate from CertChain. + + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates + where the first certificate is signed = by the Root + Certificate or is the Root Cerificate = itself. and + subsequent cerificate is signed by the= preceding + cerificate. + @param[in] CertChainLength Total length of the certificate chain,= in bytes. + + @param[in] CertIndex Index of certificate. If index is -1 i= ndecate the + last certificate in CertChain. + + @param[out] Cert The certificate at the index of CertCh= ain. + @param[out] CertLength The length certificate at the index of= CertChain. + + @retval TRUE Success. + @retval FALSE Failed to get certificate from certificate chain. +**/ +BOOLEAN +EFIAPI +X509GetCertFromCertChain ( + IN CONST UINT8 *CertChain, + IN UINTN CertChainLength, + IN CONST INT32 CertIndex, + OUT CONST UINT8 **Cert, + OUT UINTN *CertLength + ); + +/** + Retrieve the tag and length of the tag. + + @param Ptr The position in the ASN.1 data + @param End End of data + @param Length The variable that will receive the length + @param Tag The expected tag + + @retval TRUE Get tag successful + @retval FALSe Failed to get tag or tag not match +**/ +BOOLEAN +EFIAPI +Asn1GetTag ( + IN OUT UINT8 **Ptr, + IN CONST UINT8 *End, + OUT UINTN *Length, + IN UINT32 Tag + ); + +/** + Retrieve the basic constraints from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509= certificate. + @param[in] CertSize size of the X509 certificate in= bytes. + @param[out] BasicConstraints basic constraints bytes. + @param[in, out] BasicConstraintsSize basic constraints buffer sizs i= n bytes. + + @retval TRUE The basic constraints retrieve successf= ully. + @retval FALSE If cert is NULL. + If cert_size is NULL. + If basic_constraints is not NULL and *b= asic_constraints_size is 0. + If cert is invalid. + @retval FALSE The required buffer size is small. + The return buffer size is basic_constra= ints_size parameter. + @retval FALSE If no Extension entry match oid. + @retval FALSE The operation is not supported. + **/ +BOOLEAN +EFIAPI +X509GetExtendedBasicConstraints ( + CONST UINT8 *Cert, + UINTN CertSize, + UINT8 *BasicConstraints, + UINTN *BasicConstraintsSize + ); + // =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D // DH Key Exchange Primitive // =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94932): https://edk2.groups.io/g/devel/message/94932 Mute This Topic: https://groups.io/mt/94234103/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 9 17:52:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+94934+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94934+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1665401568; cv=none; d=zohomail.com; s=zohoarc; b=LzQFYZeWOHdV77iBF8mRjWCodFSODPB3kjrfZltNsAjHGP/MdBb8kY7wntFU9uWYwhDS3AUwlm40lL08Av73iOOJFHbM0PS5wlknmSgz2RFdpfvqi3x8Fs3c0p33AuyiTqxuJZGV37xXXI89DmIxD7nhdaby1eJzJrDXwziB6kI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1665401568; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=AUVkR8Sgd0wz610p7M7uCFELsSns4NMHsVrhvzpqLPM=; b=aVT8LNAWgkptjmzIp3egJGX1VejV0Vo/e+fiAfgP/honT6GVLsE2q+Z5I8fcU+79P4rlaVNLsOTurqYluAY5LcGRIgUg36RU0eov90NpYLPbLVuP2QmNcjfzpF2oUXUVpNutw8k7Q4726ybxuOPbl6RGsiPfGubgjOALixwtoas= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94934+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1665401568928555.8408505022597; Mon, 10 Oct 2022 04:32:48 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 7qnIYY1788612xat5IqX1nck; Mon, 10 Oct 2022 04:32:48 -0700 X-Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web08.5147.1665401566830661551 for ; Mon, 10 Oct 2022 04:32:47 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10495"; a="291489590" X-IronPort-AV: E=Sophos;i="5.95,173,1661842800"; d="scan'208";a="291489590" X-Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Oct 2022 04:32:38 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10495"; a="620990420" X-IronPort-AV: E=Sophos;i="5.95,173,1661842800"; d="scan'208";a="620990420" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.157.129]) by orsmga007.jf.intel.com with ESMTP; 10 Oct 2022 04:32:36 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH V2 2/4] CryptoPkg: add new X509 function. Date: Mon, 10 Oct 2022 19:32:26 +0800 Message-Id: <450a82dd393110e93b135d060333a0dc37285c25.1665401318.git.qi1.zhang@intel.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: CISzaniA8EwFl0RXrAKNVRyTx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1665401568; bh=9gUoc1JKAAFzMwr22fnnOP97iMyPLySr9Q/IyoRD3zk=; h=Cc:Date:From:Reply-To:Subject:To; b=CknCENBmCRmiI5j+fhp+VaOZ0eFFO/vDh+Kq7rkV15tomBFcgaMWcGxJfhoFh8emRiZ +k16j2FnmEatwR/vIwNkxxlkRUUwkFWrflpzOBr5HDb0o6a38v8xEEVqm8aIlna7OeIYA ThQ6OdPyS2pr+WvezQR3c2rls2KyanuTCm0= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1665401570424100017 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4082 Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Qi Zhang --- CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 1036 +++++++++++++++++ .../Library/BaseCryptLib/Pk/CryptX509Null.c | 429 +++++++ .../BaseCryptLibNull/Pk/CryptX509Null.c | 429 +++++++ 3 files changed, 1894 insertions(+) diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Libr= ary/BaseCryptLib/Pk/CryptX509.c index e6bb45e641..cdbccabe32 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c @@ -8,8 +8,22 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 #include "InternalCryptLib.h" #include +#include +#include +#include #include =20 +/* OID*/ +#define OID_EXT_KEY_USAGE { 0x55, 0x1D, 0x25 } +#define OID_BASIC_CONSTRAINTS { 0x55, 0x1D, 0x13 } + +static CONST UINT8 mOidExtKeyUsage[] =3D OID_EXT_KEY_USAGE; +static CONST UINT8 mOidBasicConstraints[] =3D OID_BASIC_CONSTRAINTS; + +#define CRYPTO_ASN1_TAG_CLASS_MASK 0xC0 +#define CRYPTO_ASN1_TAG_PC_MASK 0x20 +#define CRYPTO_ASN1_TAG_VALUE_MASK 0x1F + /** Construct a X509 object from DER-encoded certificate data. =20 @@ -842,3 +856,1025 @@ X509GetTBSCert ( =20 return TRUE; } + +/** + Retrieve the version from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertSize is 0, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Version Pointer to the retrieved version integer. + + @retval TRUE The certificate version retrieved successfully. + @retval FALSE If Cert is NULL or CertSize is Zero. + @retval FALSE The operation is not supported. + +**/ +BOOLEAN +EFIAPI +X509GetVersion ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINTN *Version + ) +{ + BOOLEAN Status; + X509 *X509Cert; + + X509Cert =3D NULL; + Status =3D X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Ce= rt); + if ((X509Cert =3D=3D NULL) || (!Status)) { + // + // Invalid X.509 Certificate + // + Status =3D FALSE; + } + + if (Status) { + *Version =3D X509_get_version (X509Cert); + } + + if (X509Cert !=3D NULL) { + X509_free (X509Cert); + } + + return Status; +} + +/** + Retrieve the serialNumber from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertSize is 0, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] SerialNumber Pointer to the retrieved certificate Seria= lNumber bytes. + @param[in, out] SerialNumberSize The size in bytes of the SerialNumber = buffer on input, + and the size of buffer returned SerialNumbe= r on output. + + @retval TRUE The certificate serialNumber retrieved = successfully. + @retval FALSE If Cert is NULL or CertSize is Zero. + If SerialNumberSize is NULL. + If Certificate is invalid. + @retval FALSE If no SerialNumber exists. + @retval FALSE If the SerialNumber is NULL. The requir= ed buffer size + (including the final null) is returned = in the + SerialNumberSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetSerialNumber ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *SerialNumber, OPTIONAL + IN OUT UINTN *SerialNumberSize + ) +{ + BOOLEAN Status; + X509 *X509Cert; + ASN1_INTEGER *Asn1Integer; + + Status =3D FALSE; + // + // Check input parameters. + // + if ((Cert =3D=3D NULL) || (SerialNumberSize =3D=3D NULL)) { + return Status; + } + + X509Cert =3D NULL; + + // + // Read DER-encoded X509 Certificate and Construct X509 object. + // + Status =3D X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert= ); + if ((X509Cert =3D=3D NULL) || (!Status)) { + *SerialNumberSize =3D 0; + Status =3D FALSE; + goto _Exit; + } + + // + // Retrieve subject name from certificate object. + // + Asn1Integer =3D X509_get_serialNumber (X509Cert); + if (Asn1Integer =3D=3D NULL) { + *SerialNumberSize =3D 0; + Status =3D FALSE; + goto _Exit; + } + + if (*SerialNumberSize < (UINTN)Asn1Integer->length) { + *SerialNumberSize =3D (UINTN)Asn1Integer->length; + Status =3D FALSE; + goto _Exit; + } + + if (SerialNumber !=3D NULL) { + CopyMem (SerialNumber, Asn1Integer->data, *SerialNumberSize); + Status =3D TRUE; + } + + *SerialNumberSize =3D (UINTN)Asn1Integer->length; + +_Exit: + // + // Release Resources. + // + if (X509Cert !=3D NULL) { + X509_free (X509Cert); + } + + return Status; +} + +/** + Retrieve the issuer bytes from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertIssuerSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] CertIssuer Pointer to the retrieved certificate subject= bytes. + @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buff= er on input, + and the size of buffer returned CertSubject= on output. + + @retval TRUE The certificate issuer retrieved successfully. + @retval FALSE Invalid certificate, or the CertIssuerSize is too small = for the result. + The CertIssuerSize will be updated with the required siz= e. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +X509GetIssuerName ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *CertIssuer, + IN OUT UINTN *CertIssuerSize + ) +{ + BOOLEAN Status; + X509 *X509Cert; + X509_NAME *X509Name; + UINTN X509NameSize; + + // + // Check input parameters. + // + if ((Cert =3D=3D NULL) || (CertIssuerSize =3D=3D NULL)) { + return FALSE; + } + + X509Cert =3D NULL; + + // + // Read DER-encoded X509 Certificate and Construct X509 object. + // + Status =3D X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert= ); + if ((X509Cert =3D=3D NULL) || (!Status)) { + Status =3D FALSE; + goto _Exit; + } + + Status =3D FALSE; + + // + // Retrieve subject name from certificate object. + // + X509Name =3D X509_get_subject_name (X509Cert); + if (X509Name =3D=3D NULL) { + goto _Exit; + } + + X509NameSize =3D i2d_X509_NAME (X509Name, NULL); + if (*CertIssuerSize < X509NameSize) { + *CertIssuerSize =3D X509NameSize; + goto _Exit; + } + + *CertIssuerSize =3D X509NameSize; + if (CertIssuer !=3D NULL) { + i2d_X509_NAME (X509Name, &CertIssuer); + Status =3D TRUE; + } + +_Exit: + // + // Release Resources. + // + if (X509Cert !=3D NULL) { + X509_free (X509Cert); + } + + return Status; +} + +/** + Retrieve the Signature Algorithm from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Oid Signature Algorithm Object identifier b= uffer. + @param[in,out] OidSize Signature Algorithm Object identifier b= uffer size + + @retval TRUE The certificate Extension data retrieved successf= ully. + @retval FALSE If Cert is NULL. + If OidSize is NULL. + If Oid is not NULL and *OidSize is 0. + If Certificate is invalid. + @retval FALSE If no SignatureType. + @retval FALSE If the Oid is NULL. The required buffer= size + is returned in the OidSize. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetSignatureAlgorithm ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *Oid, OPTIONAL + IN OUT UINTN *OidSize + ) +{ + BOOLEAN Status; + X509 *X509Cert; + int Nid; + ASN1_OBJECT *Asn1Obj; + + // + // Check input parameters. + // + if ((Cert =3D=3D NULL) || (OidSize =3D=3D NULL) || (CertSize =3D=3D 0)) { + return FALSE; + } + + X509Cert =3D NULL; + Status =3D FALSE; + + // + // Read DER-encoded X509 Certificate and Construct X509 object. + // + Status =3D X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert= ); + if ((X509Cert =3D=3D NULL) || (!Status)) { + Status =3D FALSE; + goto _Exit; + } + + // + // Retrieve subject name from certificate object. + // + Nid =3D X509_get_signature_nid (X509Cert); + if (Nid =3D=3D NID_undef) { + *OidSize =3D 0; + Status =3D FALSE; + goto _Exit; + } + + Asn1Obj =3D OBJ_nid2obj (Nid); + if (Asn1Obj =3D=3D NULL) { + *OidSize =3D 0; + Status =3D FALSE; + goto _Exit; + } + + if (*OidSize < (UINTN)Asn1Obj->length) { + *OidSize =3D Asn1Obj->length; + Status =3D FALSE; + goto _Exit; + } + + if (Oid !=3D NULL) { + CopyMem (Oid, Asn1Obj->data, Asn1Obj->length); + } + + *OidSize =3D Asn1Obj->length; + Status =3D TRUE; + +_Exit: + // + // Release Resources. + // + if (X509Cert !=3D NULL) { + X509_free (X509Cert); + } + + return Status; +} + +/** + Retrieve Extension data from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[in] Oid Object identifier buffer + @param[in] OidSize Object identifier buffer size + @param[out] ExtensionData Extension bytes. + @param[in, out] ExtensionDataSize Extension bytes size. + + @retval TRUE The certificate Extension data retrieve= d successfully. + @retval FALSE If Cert is NULL. + If ExtensionDataSize is NULL. + If ExtensionData is not NULL and *Exten= sionDataSize is 0. + If Certificate is invalid. + @retval FALSE If no Extension entry match Oid. + @retval FALSE If the ExtensionData is NULL. The requi= red buffer size + is returned in the ExtensionDataSize pa= rameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetExtensionData ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN CONST UINT8 *Oid, + IN UINTN OidSize, + OUT UINT8 *ExtensionData, + IN OUT UINTN *ExtensionDataSize + ) +{ + BOOLEAN Status; + INTN i; + X509 *X509Cert; + + CONST STACK_OF (X509_EXTENSION) *Extensions; + ASN1_OBJECT *Asn1Obj; + ASN1_OCTET_STRING *Asn1Oct; + X509_EXTENSION *Ext; + UINTN ObjLength; + UINTN OctLength; + + // + // Check input parameters. + // + if ((Cert =3D=3D NULL) || (CertSize =3D=3D 0) || (Oid =3D=3D NULL) || (O= idSize =3D=3D 0) || (ExtensionDataSize =3D=3D NULL)) { + return FALSE; + } + + X509Cert =3D NULL; + Status =3D FALSE; + + // + // Read DER-encoded X509 Certificate and Construct X509 object. + // + Status =3D X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert= ); + if ((X509Cert =3D=3D NULL) || (!Status)) { + *ExtensionDataSize =3D 0; + goto Cleanup; + } + + // + // Retrieve Extensions from certificate object. + // + Extensions =3D X509_get0_extensions (X509Cert); + if (sk_X509_EXTENSION_num (Extensions) <=3D 0) { + *ExtensionDataSize =3D 0; + goto Cleanup; + } + + // + // Traverse Extensions + // + Status =3D FALSE; + Asn1Oct =3D NULL; + OctLength =3D 0; + for (i =3D 0; i < sk_X509_EXTENSION_num (Extensions); i++) { + Ext =3D sk_X509_EXTENSION_value (Extensions, (int)i); + if (Ext =3D=3D NULL) { + continue; + } + + Asn1Obj =3D X509_EXTENSION_get_object (Ext); + if (Asn1Obj =3D=3D NULL) { + continue; + } + + Asn1Oct =3D X509_EXTENSION_get_data (Ext); + if (Asn1Oct =3D=3D NULL) { + continue; + } + + ObjLength =3D OBJ_length (Asn1Obj); + OctLength =3D ASN1_STRING_length (Asn1Oct); + if ((OidSize =3D=3D ObjLength) && (CompareMem (OBJ_get0_data (Asn1Obj)= , Oid, OidSize) =3D=3D 0)) { + // + // Extension Found + // + Status =3D TRUE; + break; + } + + // + // reset to 0 if not found + // + OctLength =3D 0; + } + + if (Status) { + if (*ExtensionDataSize < OctLength) { + *ExtensionDataSize =3D OctLength; + Status =3D FALSE; + goto Cleanup; + } + + if (Asn1Oct !=3D NULL) { + CopyMem (ExtensionData, ASN1_STRING_get0_data (Asn1Oct), OctLength); + } + + *ExtensionDataSize =3D OctLength; + } else { + *ExtensionDataSize =3D 0; + } + +Cleanup: + // + // Release Resources. + // + if (X509Cert !=3D NULL) { + X509_free (X509Cert); + } + + return Status; +} + +/** + Retrieve the Extended Key Usage from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Usage Key Usage bytes. + @param[in, out] UsageSize Key Usage buffer sizs in bytes. + + @retval TRUE The Usage bytes retrieve successfully. + @retval FALSE If Cert is NULL. + If CertSize is NULL. + If Usage is not NULL and *UsageSize is = 0. + If Cert is invalid. + @retval FALSE If the Usage is NULL. The required buff= er size + is returned in the UsageSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetExtendedKeyUsage ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *Usage, + IN OUT UINTN *UsageSize + ) +{ + BOOLEAN Status; + + Status =3D X509GetExtensionData (Cert, CertSize, mOidExtKeyUsage, sizeof= (mOidExtKeyUsage), Usage, UsageSize); + return Status; +} + +/** + Retrieve the Validity from one X.509 certificate + + If Cert is NULL, then return FALSE. + If CertIssuerSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] From notBefore Pointer to DateTime object. + @param[in,out] FromSize notBefore DateTime object size. + @param[out] To notAfter Pointer to DateTime object. + @param[in,out] ToSize notAfter DateTime object size. + + Note: X509CompareDateTime to compare DateTime oject + x509SetDateTime to get a DateTime object from a DateTimeStr + + @retval TRUE The certificate Validity retrieved successfully. + @retval FALSE Invalid certificate, or Validity retrieve failed. + @retval FALSE This interface is not supported. +**/ +BOOLEAN +EFIAPI +X509GetValidity ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN UINT8 *From, + IN OUT UINTN *FromSize, + IN UINT8 *To, + IN OUT UINTN *ToSize + ) +{ + BOOLEAN Status; + X509 *X509Cert; + CONST ASN1_TIME *F; + CONST ASN1_TIME *T; + UINTN TSize; + UINTN FSize; + + // + // Check input parameters. + // + if ((Cert =3D=3D NULL) || (FromSize =3D=3D NULL) || (ToSize =3D=3D NULL)= || (CertSize =3D=3D 0)) { + return FALSE; + } + + X509Cert =3D NULL; + Status =3D FALSE; + + // + // Read DER-encoded X509 Certificate and Construct X509 object. + // + Status =3D X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert= ); + if ((X509Cert =3D=3D NULL) || (!Status)) { + goto _Exit; + } + + // + // Retrieve Validity from/to from certificate object. + // + F =3D X509_get0_notBefore (X509Cert); + T =3D X509_get0_notAfter (X509Cert); + + if ((F =3D=3D NULL) || (T =3D=3D NULL)) { + goto _Exit; + } + + FSize =3D sizeof (ASN1_TIME) + F->length; + if (*FromSize < FSize) { + *FromSize =3D FSize; + goto _Exit; + } + + *FromSize =3D FSize; + if (From !=3D NULL) { + CopyMem (From, F, sizeof (ASN1_TIME)); + ((ASN1_TIME *)From)->data =3D From + sizeof (ASN1_TIME); + CopyMem (From + sizeof (ASN1_TIME), F->data, F->length); + } + + TSize =3D sizeof (ASN1_TIME) + T->length; + if (*ToSize < TSize) { + *ToSize =3D TSize; + goto _Exit; + } + + *ToSize =3D TSize; + if (To !=3D NULL) { + CopyMem (To, T, sizeof (ASN1_TIME)); + ((ASN1_TIME *)To)->data =3D To + sizeof (ASN1_TIME); + CopyMem (To + sizeof (ASN1_TIME), T->data, T->length); + } + + Status =3D TRUE; + +_Exit: + // + // Release Resources. + // + if (X509Cert !=3D NULL) { + X509_free (X509Cert); + } + + return Status; +} + +/** + Format a DateTimeStr to DataTime object in DataTime Buffer + + If DateTimeStr is NULL, then return FALSE. + If DateTimeSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ + Ref: https://www.w3.org/TR/NOTE-datetime + Z stand for UTC time + @param[out] DateTime Pointer to a DateTime object. + @param[in,out] DateTimeSize DateTime object buffer size. + + @retval TRUE The DateTime object create successfully. + @retval FALSE If DateTimeStr is NULL. + If DateTimeSize is NULL. + If DateTime is not NULL and *DateTimeSi= ze is 0. + If Year Month Day Hour Minute Second co= mbination is invalid datetime. + @retval FALSE If the DateTime is NULL. The required b= uffer size + (including the final null) is returned = in the + DateTimeSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509FormatDateTime ( + IN CONST CHAR8 *DateTimeStr, + OUT VOID *DateTime, + IN OUT UINTN *DateTimeSize + ) +{ + BOOLEAN Status; + INT32 Ret; + ASN1_TIME *Dt; + UINTN DSize; + + Dt =3D NULL; + Status =3D FALSE; + + Dt =3D ASN1_TIME_new (); + if (Dt =3D=3D NULL) { + Status =3D FALSE; + goto Cleanup; + } + + Ret =3D ASN1_TIME_set_string_X509 (Dt, DateTimeStr); + if (Ret !=3D 1) { + Status =3D FALSE; + goto Cleanup; + } + + DSize =3D sizeof (ASN1_TIME) + Dt->length; + if (*DateTimeSize < DSize) { + *DateTimeSize =3D DSize; + Status =3D FALSE; + goto Cleanup; + } + + *DateTimeSize =3D DSize; + if (DateTime !=3D NULL) { + CopyMem (DateTime, Dt, sizeof (ASN1_TIME)); + ((ASN1_TIME *)DateTime)->data =3D (UINT8 *)DateTime + sizeof (ASN1_TIM= E); + CopyMem ((UINT8 *)DateTime + sizeof (ASN1_TIME), Dt->data, Dt->length); + } + + Status =3D TRUE; + +Cleanup: + if (Dt !=3D NULL) { + ASN1_TIME_free (Dt); + } + + return Status; +} + +/** + Compare DateTime1 object and DateTime2 object. + + If DateTime1 is NULL, then return -2. + If DateTime2 is NULL, then return -2. + If DateTime1 =3D=3D DateTime2, then return 0 + If DateTime1 > DateTime2, then return 1 + If DateTime1 < DateTime2, then return -1 + + @param[in] DateTime1 Pointer to a DateTime Ojbect + @param[in] DateTime2 Pointer to a DateTime Object + + @retval 0 If DateTime1 =3D=3D DateTime2 + @retval 1 If DateTime1 > DateTime2 + @retval -1 If DateTime1 < DateTime2 +**/ +INT32 +EFIAPI +X509CompareDateTime ( + IN CONST VOID *DateTime1, + IN CONST VOID *DateTime2 + ) +{ + return (INT32)ASN1_TIME_compare (DateTime1, DateTime2); +} + +/** + Retrieve the Key Usage from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Usage Key Usage (CRYPTO_X509_KU_*) + + @retval TRUE The certificate Key Usage retrieved successfully. + @retval FALSE Invalid certificate, or Usage is NULL + @retval FALSE This interface is not supported. +**/ +BOOLEAN +EFIAPI +X509GetKeyUsage ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINTN *Usage + ) +{ + BOOLEAN Status; + X509 *X509Cert; + + // + // Check input parameters. + // + if ((Cert =3D=3D NULL) || (Usage =3D=3D NULL)) { + return FALSE; + } + + X509Cert =3D NULL; + Status =3D FALSE; + + // + // Read DER-encoded X509 Certificate and Construct X509 object. + // + Status =3D X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert= ); + if ((X509Cert =3D=3D NULL) || (!Status)) { + goto _Exit; + } + + // + // Retrieve subject name from certificate object. + // + *Usage =3D X509_get_key_usage (X509Cert); + if (*Usage =3D=3D NID_undef) { + goto _Exit; + } + + Status =3D TRUE; + +_Exit: + // + // Release Resources. + // + if (X509Cert !=3D NULL) { + X509_free (X509Cert); + } + + return Status; +} + +/** + Verify one X509 certificate was issued by the trusted CA. + @param[in] RootCert Trusted Root Certificate buffer + + @param[in] RootCertLength Trusted Root Certificate buffer length + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates + where the first certificate is signed = by the Root + Certificate or is the Root Cerificate = itself. and + subsequent cerificate is signed by the= preceding + cerificate. + @param[in] CertChainLength Total length of the certificate chain,= in bytes. + + @retval TRUE All cerificates was issued by the first certificate in X= 509Certchain. + @retval FALSE Invalid certificate or the certificate was not issued by= the given + trusted CA. +**/ +BOOLEAN +EFIAPI +X509VerifyCertChain ( + IN CONST UINT8 *RootCert, + IN UINTN RootCertLength, + IN CONST UINT8 *CertChain, + IN UINTN CertChainLength + ) +{ + CONST UINT8 *TmpPtr; + UINTN Length; + UINT32 Asn1Tag; + UINT32 ObjClass; + CONST UINT8 *CurrentCert; + UINTN CurrentCertLen; + CONST UINT8 *PrecedingCert; + UINTN PrecedingCertLen; + BOOLEAN VerifyFlag; + INT32 Ret; + + PrecedingCert =3D RootCert; + PrecedingCertLen =3D RootCertLength; + + CurrentCert =3D CertChain; + Length =3D 0; + CurrentCertLen =3D 0; + + VerifyFlag =3D FALSE; + while (TRUE) { + TmpPtr =3D CurrentCert; + Ret =3D ASN1_get_object ( + (CONST UINT8 **)&TmpPtr, + (long *)&Length, + (int *)&Asn1Tag, + (int *)&ObjClass, + (long)(CertChainLength + CertChain - TmpPtr) + ); + if ((Asn1Tag !=3D V_ASN1_SEQUENCE) || (Ret =3D=3D 0x80)) { + break; + } + + // + // Calculate CurrentCert length; + // + CurrentCertLen =3D TmpPtr - CurrentCert + Length; + + // + // Verify CurrentCert with preceding cert; + // + VerifyFlag =3D X509VerifyCert (CurrentCert, CurrentCertLen, PrecedingC= ert, PrecedingCertLen); + if (VerifyFlag =3D=3D FALSE) { + break; + } + + // + // move Current cert to Preceding cert + // + PrecedingCertLen =3D CurrentCertLen; + PrecedingCert =3D CurrentCert; + + // + // Move to next + // + CurrentCert =3D CurrentCert + CurrentCertLen; + } + + return VerifyFlag; +} + +/** + Get one X509 certificate from CertChain. + + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates + where the first certificate is signed = by the Root + Certificate or is the Root Cerificate = itself. and + subsequent cerificate is signed by the= preceding + cerificate. + @param[in] CertChainLength Total length of the certificate chain,= in bytes. + + @param[in] CertIndex Index of certificate. + + @param[out] Cert The certificate at the index of CertCh= ain. + @param[out] CertLength The length certificate at the index of= CertChain. + + @retval TRUE Success. + @retval FALSE Failed to get certificate from certificate chain. +**/ +BOOLEAN +EFIAPI +X509GetCertFromCertChain ( + IN CONST UINT8 *CertChain, + IN UINTN CertChainLength, + IN CONST INT32 CertIndex, + OUT CONST UINT8 **Cert, + OUT UINTN *CertLength + ) +{ + UINTN Asn1Len; + INT32 CurrentIndex; + UINTN CurrentCertLen; + CONST UINT8 *CurrentCert; + CONST UINT8 *TmpPtr; + INT32 Ret; + UINT32 Asn1Tag; + UINT32 ObjClass; + + // + // Check input parameters. + // + if ((CertChain =3D=3D NULL) || (Cert =3D=3D NULL) || + (CertIndex < -1) || (CertLength =3D=3D NULL)) + { + return FALSE; + } + + Asn1Len =3D 0; + CurrentCertLen =3D 0; + CurrentCert =3D CertChain; + CurrentIndex =3D -1; + + // + // Traverse the certificate chain + // + while (TRUE) { + TmpPtr =3D CurrentCert; + + // Get asn1 object and taglen + Ret =3D ASN1_get_object ( + (CONST UINT8 **)&TmpPtr, + (long *)&Asn1Len, + (int *)&Asn1Tag, + (int *)&ObjClass, + (long)(CertChainLength + CertChain - TmpPtr) + ); + if ((Asn1Tag !=3D V_ASN1_SEQUENCE) || (Ret =3D=3D 0x80)) { + break; + } + + // + // Calculate CurrentCert length; + // + CurrentCertLen =3D TmpPtr - CurrentCert + Asn1Len; + CurrentIndex++; + + if (CurrentIndex =3D=3D CertIndex) { + *Cert =3D CurrentCert; + *CertLength =3D CurrentCertLen; + return TRUE; + } + + // + // Move to next + // + CurrentCert =3D CurrentCert + CurrentCertLen; + } + + // + // If CertIndex is -1, Return the last certificate + // + if ((CertIndex =3D=3D -1) && (CurrentIndex >=3D 0)) { + *Cert =3D CurrentCert - CurrentCertLen; + *CertLength =3D CurrentCertLen; + return TRUE; + } + + return FALSE; +} + +/** + Retrieve the tag and length of the tag. + + @param Ptr The position in the ASN.1 data + @param End End of data + @param Length The variable that will receive the length + @param Tag The expected tag + + @retval TRUE Get tag successful + @retval FALSe Failed to get tag or tag not match +**/ +BOOLEAN +EFIAPI +Asn1GetTag ( + IN OUT UINT8 **Ptr, + IN CONST UINT8 *End, + OUT UINTN *Length, + IN UINT32 Tag + ) +{ + UINT8 *PtrOld; + INT32 ObjTag; + INT32 ObjCls; + long ObjLength; + + // + // Save Ptr position + // + PtrOld =3D *Ptr; + + ASN1_get_object ((CONST UINT8 **)Ptr, &ObjLength, &ObjTag, &ObjCls, (INT= 32)(End - (*Ptr))); + if ((ObjTag =3D=3D (INT32)(Tag & CRYPTO_ASN1_TAG_VALUE_MASK)) && + (ObjCls =3D=3D (INT32)(Tag & CRYPTO_ASN1_TAG_CLASS_MASK))) + { + *Length =3D (UINTN)ObjLength; + return TRUE; + } else { + // + // if doesn't match Tag, restore Ptr to origin Ptr + // + *Ptr =3D PtrOld; + return FALSE; + } +} + +/** + Retrieve the basic constraints from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509= certificate. + @param[in] CertSize size of the X509 certificate in= bytes. + @param[out] BasicConstraints basic constraints bytes. + @param[in, out] BasicConstraintsSize basic constraints buffer sizs i= n bytes. + + @retval TRUE The basic constraints retrieve successf= ully. + @retval FALSE If cert is NULL. + If cert_size is NULL. + If basic_constraints is not NULL and *b= asic_constraints_size is 0. + If cert is invalid. + @retval FALSE The required buffer size is small. + The return buffer size is basic_constra= ints_size parameter. + @retval FALSE If no Extension entry match oid. + @retval FALSE The operation is not supported. + **/ +BOOLEAN +EFIAPI +X509GetExtendedBasicConstraints ( + CONST UINT8 *Cert, + UINTN CertSize, + UINT8 *BasicConstraints, + UINTN *BasicConstraintsSize + ) +{ + BOOLEAN Status; + + if ((Cert =3D=3D NULL) || (CertSize =3D=3D 0) || (BasicConstraintsSize = =3D=3D NULL)) { + return FALSE; + } + + Status =3D X509GetExtensionData ( + (UINT8 *)Cert, + CertSize, + mOidBasicConstraints, + sizeof (mOidBasicConstraints), + BasicConstraints, + BasicConstraintsSize + ); + + return Status; +} diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c b/CryptoPkg/= Library/BaseCryptLib/Pk/CryptX509Null.c index 38819723c7..bf51d0642f 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c @@ -292,3 +292,432 @@ X509GetTBSCert ( ASSERT (FALSE); return FALSE; } + +/** + Retrieve the version from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertSize is 0, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Version Pointer to the retrieved version integer. + + @retval TRUE The certificate version retrieved successfully. + @retval FALSE If Cert is NULL or CertSize is Zero. + @retval FALSE The operation is not supported. + +**/ +BOOLEAN +EFIAPI +X509GetVersion ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINTN *Version + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the serialNumber from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertSize is 0, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] SerialNumber Pointer to the retrieved certificate Seria= lNumber bytes. + @param[in, out] SerialNumberSize The size in bytes of the SerialNumber = buffer on input, + and the size of buffer returned SerialNumbe= r on output. + + @retval TRUE The certificate serialNumber retrieved = successfully. + @retval FALSE If Cert is NULL or CertSize is Zero. + If SerialNumberSize is NULL. + If Certificate is invalid. + @retval FALSE If no SerialNumber exists. + @retval FALSE If the SerialNumber is NULL. The requir= ed buffer size + (including the final null) is returned = in the + SerialNumberSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetSerialNumber ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *SerialNumber, OPTIONAL + IN OUT UINTN *SerialNumberSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the issuer bytes from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertIssuerSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] CertIssuer Pointer to the retrieved certificate subject= bytes. + @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buff= er on input, + and the size of buffer returned CertSubject= on output. + + @retval TRUE The certificate issuer retrieved successfully. + @retval FALSE Invalid certificate, or the CertIssuerSize is too small = for the result. + The CertIssuerSize will be updated with the required siz= e. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +X509GetIssuerName ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *CertIssuer, + IN OUT UINTN *CertIssuerSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the Signature Algorithm from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Oid Signature Algorithm Object identifier b= uffer. + @param[in,out] OidSize Signature Algorithm Object identifier b= uffer size + + @retval TRUE The certificate Extension data retrieved successf= ully. + @retval FALSE If Cert is NULL. + If OidSize is NULL. + If Oid is not NULL and *OidSize is 0. + If Certificate is invalid. + @retval FALSE If no SignatureType. + @retval FALSE If the Oid is NULL. The required buffer= size + is returned in the OidSize. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetSignatureAlgorithm ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *Oid, OPTIONAL + IN OUT UINTN *OidSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve Extension data from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[in] Oid Object identifier buffer + @param[in] OidSize Object identifier buffer size + @param[out] ExtensionData Extension bytes. + @param[in, out] ExtensionDataSize Extension bytes size. + + @retval TRUE The certificate Extension data retrieve= d successfully. + @retval FALSE If Cert is NULL. + If ExtensionDataSize is NULL. + If ExtensionData is not NULL and *Exten= sionDataSize is 0. + If Certificate is invalid. + @retval FALSE If no Extension entry match Oid. + @retval FALSE If the ExtensionData is NULL. The requi= red buffer size + is returned in the ExtensionDataSize pa= rameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetExtensionData ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN CONST UINT8 *Oid, + IN UINTN OidSize, + OUT UINT8 *ExtensionData, + IN OUT UINTN *ExtensionDataSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the Extended Key Usage from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Usage Key Usage bytes. + @param[in, out] UsageSize Key Usage buffer sizs in bytes. + + @retval TRUE The Usage bytes retrieve successfully. + @retval FALSE If Cert is NULL. + If CertSize is NULL. + If Usage is not NULL and *UsageSize is = 0. + If Cert is invalid. + @retval FALSE If the Usage is NULL. The required buff= er size + is returned in the UsageSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetExtendedKeyUsage ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *Usage, + IN OUT UINTN *UsageSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the Validity from one X.509 certificate + + If Cert is NULL, then return FALSE. + If CertIssuerSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[in] From notBefore Pointer to DateTime object. + @param[in,out] FromSize notBefore DateTime object size. + @param[in] To notAfter Pointer to DateTime object. + @param[in,out] ToSize notAfter DateTime object size. + + Note: X509CompareDateTime to compare DateTime oject + x509SetDateTime to get a DateTime object from a DateTimeStr + + @retval TRUE The certificate Validity retrieved successfully. + @retval FALSE Invalid certificate, or Validity retrieve failed. + @retval FALSE This interface is not supported. +**/ +BOOLEAN +EFIAPI +X509GetValidity ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN UINT8 *From, + IN OUT UINTN *FromSize, + IN UINT8 *To, + IN OUT UINTN *ToSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Format a DateTimeStr to DataTime object in DataTime Buffer + + If DateTimeStr is NULL, then return FALSE. + If DateTimeSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ + Ref: https://www.w3.org/TR/NOTE-datetime + Z stand for UTC time + @param[out] DateTime Pointer to a DateTime object. + @param[in,out] DateTimeSize DateTime object buffer size. + + @retval TRUE The DateTime object create successfully. + @retval FALSE If DateTimeStr is NULL. + If DateTimeSize is NULL. + If DateTime is not NULL and *DateTimeSi= ze is 0. + If Year Month Day Hour Minute Second co= mbination is invalid datetime. + @retval FALSE If the DateTime is NULL. The required b= uffer size + (including the final null) is returned = in the + DateTimeSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509FormatDateTime ( + IN CONST CHAR8 *DateTimeStr, + OUT VOID *DateTime, + IN OUT UINTN *DateTimeSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Compare DateTime1 object and DateTime2 object. + + If DateTime1 is NULL, then return -2. + If DateTime2 is NULL, then return -2. + If DateTime1 =3D=3D DateTime2, then return 0 + If DateTime1 > DateTime2, then return 1 + If DateTime1 < DateTime2, then return -1 + + @param[in] DateTime1 Pointer to a DateTime Ojbect + @param[in] DateTime2 Pointer to a DateTime Object + + @retval 0 If DateTime1 =3D=3D DateTime2 + @retval 1 If DateTime1 > DateTime2 + @retval -1 If DateTime1 < DateTime2 +**/ +INT32 +EFIAPI +X509CompareDateTime ( + IN CONST VOID *DateTime1, + IN CONST VOID *DateTime2 + ) +{ + ASSERT (FALSE); + return -3; +} + +/** + Retrieve the Key Usage from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Usage Key Usage (CRYPTO_X509_KU_*) + + @retval TRUE The certificate Key Usage retrieved successfully. + @retval FALSE Invalid certificate, or Usage is NULL + @retval FALSE This interface is not supported. +**/ +BOOLEAN +EFIAPI +X509GetKeyUsage ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINTN *Usage + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Verify one X509 certificate was issued by the trusted CA. + @param[in] RootCert Trusted Root Certificate buffer + + @param[in] RootCertLength Trusted Root Certificate buffer length + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates + where the first certificate is signed = by the Root + Certificate or is the Root Cerificate = itself. and + subsequent cerificate is signed by the= preceding + cerificate. + @param[in] CertChainLength Total length of the certificate chain,= in bytes. + + @retval TRUE All cerificates was issued by the first certificate in X= 509Certchain. + @retval FALSE Invalid certificate or the certificate was not issued by= the given + trusted CA. +**/ +BOOLEAN +EFIAPI +X509VerifyCertChain ( + IN CONST UINT8 *RootCert, + IN UINTN RootCertLength, + IN CONST UINT8 *CertChain, + IN UINTN CertChainLength + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Get one X509 certificate from CertChain. + + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates + where the first certificate is signed = by the Root + Certificate or is the Root Cerificate = itself. and + subsequent cerificate is signed by the= preceding + cerificate. + @param[in] CertChainLength Total length of the certificate chain,= in bytes. + + @param[in] CertIndex Index of certificate. + + @param[out] Cert The certificate at the index of CertCh= ain. + @param[out] CertLength The length certificate at the index of= CertChain. + + @retval TRUE Success. + @retval FALSE Failed to get certificate from certificate chain. +**/ +BOOLEAN +EFIAPI +X509GetCertFromCertChain ( + IN CONST UINT8 *CertChain, + IN UINTN CertChainLength, + IN CONST INT32 CertIndex, + OUT CONST UINT8 **Cert, + OUT UINTN *CertLength + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the tag and length of the tag. + + @param Ptr The position in the ASN.1 data + @param End End of data + @param Length The variable that will receive the length + @param Tag The expected tag + + @retval TRUE Get tag successful + @retval FALSe Failed to get tag or tag not match +**/ +BOOLEAN +EFIAPI +Asn1GetTag ( + IN OUT UINT8 **Ptr, + IN CONST UINT8 *End, + OUT UINTN *Length, + IN UINT32 Tag + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the basic constraints from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509= certificate. + @param[in] CertSize size of the X509 certificate in= bytes. + @param[out] BasicConstraints basic constraints bytes. + @param[in, out] BasicConstraintsSize basic constraints buffer sizs i= n bytes. + + @retval TRUE The basic constraints retrieve successf= ully. + @retval FALSE If cert is NULL. + If cert_size is NULL. + If basic_constraints is not NULL and *b= asic_constraints_size is 0. + If cert is invalid. + @retval FALSE The required buffer size is small. + The return buffer size is basic_constra= ints_size parameter. + @retval FALSE If no Extension entry match oid. + @retval FALSE The operation is not supported. + **/ +BOOLEAN +EFIAPI +X509GetExtendedBasicConstraints ( + CONST UINT8 *Cert, + UINTN CertSize, + UINT8 *BasicConstraints, + UINTN *BasicConstraintsSize + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c b/Crypto= Pkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c index 38819723c7..554d42e21f 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c @@ -292,3 +292,432 @@ X509GetTBSCert ( ASSERT (FALSE); return FALSE; } + +/** + Retrieve the version from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertSize is 0, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Version Pointer to the retrieved version integer. + + @retval TRUE The certificate version retrieved successfully. + @retval FALSE If Cert is NULL or CertSize is Zero. + @retval FALSE The operation is not supported. + +**/ +BOOLEAN +EFIAPI +X509GetVersion ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINTN *Version + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the serialNumber from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertSize is 0, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] SerialNumber Pointer to the retrieved certificate Seria= lNumber bytes. + @param[in, out] SerialNumberSize The size in bytes of the SerialNumber = buffer on input, + and the size of buffer returned SerialNumbe= r on output. + + @retval TRUE The certificate serialNumber retrieved = successfully. + @retval FALSE If Cert is NULL or CertSize is Zero. + If SerialNumberSize is NULL. + If Certificate is invalid. + @retval FALSE If no SerialNumber exists. + @retval FALSE If the SerialNumber is NULL. The requir= ed buffer size + (including the final null) is returned = in the + SerialNumberSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetSerialNumber ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *SerialNumber, OPTIONAL + IN OUT UINTN *SerialNumberSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the issuer bytes from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertIssuerSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] CertIssuer Pointer to the retrieved certificate subject= bytes. + @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buff= er on input, + and the size of buffer returned CertSubject= on output. + + @retval TRUE The certificate issuer retrieved successfully. + @retval FALSE Invalid certificate, or the CertIssuerSize is too small = for the result. + The CertIssuerSize will be updated with the required siz= e. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +X509GetIssuerName ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *CertIssuer, + IN OUT UINTN *CertIssuerSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the Signature Algorithm from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Oid Signature Algorithm Object identifier b= uffer. + @param[in,out] OidSize Signature Algorithm Object identifier b= uffer size + + @retval TRUE The certificate Extension data retrieved successf= ully. + @retval FALSE If Cert is NULL. + If OidSize is NULL. + If Oid is not NULL and *OidSize is 0. + If Certificate is invalid. + @retval FALSE If no SignatureType. + @retval FALSE If the Oid is NULL. The required buffer= size + is returned in the OidSize. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetSignatureAlgorithm ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *Oid, OPTIONAL + IN OUT UINTN *OidSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve Extension data from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[in] Oid Object identifier buffer + @param[in] OidSize Object identifier buffer size + @param[out] ExtensionData Extension bytes. + @param[in, out] ExtensionDataSize Extension bytes size. + + @retval TRUE The certificate Extension data retrieve= d successfully. + @retval FALSE If Cert is NULL. + If ExtensionDataSize is NULL. + If ExtensionData is not NULL and *Exten= sionDataSize is 0. + If Certificate is invalid. + @retval FALSE If no Extension entry match Oid. + @retval FALSE If the ExtensionData is NULL. The requi= red buffer size + is returned in the ExtensionDataSize pa= rameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetExtensionData ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN CONST UINT8 *Oid, + IN UINTN OidSize, + OUT UINT8 *ExtensionData, + IN OUT UINTN *ExtensionDataSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the Extended Key Usage from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Usage Key Usage bytes. + @param[in, out] UsageSize Key Usage buffer sizs in bytes. + + @retval TRUE The Usage bytes retrieve successfully. + @retval FALSE If Cert is NULL. + If CertSize is NULL. + If Usage is not NULL and *UsageSize is = 0. + If Cert is invalid. + @retval FALSE If the Usage is NULL. The required buff= er size + is returned in the UsageSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetExtendedKeyUsage ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *Usage, + IN OUT UINTN *UsageSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the Validity from one X.509 certificate + + If Cert is NULL, then return FALSE. + If CertIssuerSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[in] From notBefore Pointer to DateTime object. + @param[in,out] FromSize notBefore DateTime object size. + @param[in] To notAfter Pointer to DateTime object. + @param[in,out] ToSize notAfter DateTime object size. + + Note: X509CompareDateTime to compare DateTime oject + x509SetDateTime to get a DateTime object from a DateTimeStr + + @retval TRUE The certificate Validity retrieved successfully. + @retval FALSE Invalid certificate, or Validity retrieve failed. + @retval FALSE This interface is not supported. +**/ +BOOLEAN +EFIAPI +X509GetValidity ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN UINT8 *From, + IN OUT UINTN *FromSize, + IN UINT8 *To, + IN OUT UINTN *ToSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Format a DateTimeStr to DataTime object in DataTime Buffer + + If DateTimeStr is NULL, then return FALSE. + If DateTimeSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ + Ref: https://www.w3.org/TR/NOTE-datetime + Z stand for UTC time + @param[out] DateTime Pointer to a DateTime object. + @param[in,out] DateTimeSize DateTime object buffer size. + + @retval TRUE The DateTime object create successfully. + @retval FALSE If DateTimeStr is NULL. + If DateTimeSize is NULL. + If DateTime is not NULL and *DateTimeSi= ze is 0. + If Year Month Day Hour Minute Second co= mbination is invalid datetime. + @retval FALSE If the DateTime is NULL. The required b= uffer size + (including the final null) is returned = in the + DateTimeSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509FormatDateTime ( + IN CONST CHAR8 *DateTimeStr, + OUT VOID *DateTime, + IN OUT UINTN *DateTimeSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Compare DateTime1 object and DateTime2 object. + + If DateTime1 is NULL, then return -2. + If DateTime2 is NULL, then return -2. + If DateTime1 =3D=3D DateTime2, then return 0 + If DateTime1 > DateTime2, then return 1 + If DateTime1 < DateTime2, then return -1 + + @param[in] DateTime1 Pointer to a DateTime Ojbect + @param[in] DateTime2 Pointer to a DateTime Object + + @retval 0 If DateTime1 =3D=3D DateTime2 + @retval 1 If DateTime1 > DateTime2 + @retval -1 If DateTime1 < DateTime2 +**/ +INT32 +EFIAPI +X509CompareDateTime ( + IN CONST VOID *DateTime1, + IN CONST VOID *DateTime2 + ) +{ + ASSERT (FALSE); + return -3; +} + +/** + Retrieve the Key Usage from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Usage Key Usage (CRYPTO_X509_KU_*) + + @retval TRUE The certificate Key Usage retrieved successfully. + @retval FALSE Invalid certificate, or Usage is NULL + @retval FALSE This interface is not supported. +**/ +BOOLEAN +EFIAPI +X509GetKeyUsage ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINTN *Usage + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Verify one X509 certificate was issued by the trusted CA. + @param[in] RootCert Trusted Root Certificate buffer + + @param[in] RootCertLength Trusted Root Certificate buffer length + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates + where the first certificate is signed = by the Root + Certificate or is the Root Cerificate = itself. and + subsequent cerificate is signed by the= preceding + cerificate. + @param[in] CertChainLength Total length of the certificate chain,= in bytes. + + @retval TRUE All cerificates was issued by the first certificate in X= 509Certchain. + @retval FALSE Invalid certificate or the certificate was not issued by= the given + trusted CA. +**/ +BOOLEAN +EFIAPI +X509VerifyCertChain ( + IN CONST UINT8 *RootCert, + IN UINTN RootCertLength, + IN CONST UINT8 *CertChain, + IN UINTN CertChainLength + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Get one X509 certificate from CertChain. + + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates + where the first certificate is signed = by the Root + Certificate or is the Root Cerificate = itself. and + subsequent cerificate is signed by the= preceding + cerificate. + @param[in] CertChainLength Total length of the certificate chain,= in bytes. + + @param[in] CertIndex Index of certificate. + + @param[out] Cert The certificate at the index of CertCh= ain. + @param[out] CertLength The length certificate at the index of= CertChain. + + @retval TRUE Success. + @retval FALSE Failed to get certificate from certificate chain. +**/ +BOOLEAN +EFIAPI +X509GetCertFromCertChain ( + IN CONST UINT8 *CertChain, + IN UINTN CertChainLength, + IN CONST INT32 CertIndex, + OUT CONST UINT8 **Cert, + OUT UINTN *CertLength + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the tag and length of the tag. + + @param Ptr The position in the ASN.1 data + @param End End of data + @param Length The variable that will receive the length + @param Tag The expected tag + + @retval TRUE Get tag successful + @retval FALSe Failed to get tag or tag not match +**/ +BOOLEAN +EFIAPI +Asn1GetTag ( + IN OUT UINT8 **Ptr, + IN CONST UINT8 *End, + OUT UINTN *Length, + IN UINT32 Tag + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the basic constraints from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509= certificate. + @param[in] CertSize size of the X509 certificate in= bytes. + @param[out] BasicConstraints basic constraints bytes. + @param[in, out] BasicConstraintsSize basic constraints buffer sizs i= n bytes. + + @retval TRUE The basic constraints retrieve successf= ully. + @retval FALSE If cert is NULL. + If cert_size is NULL. + If basic_constraints is not NULL and *b= asic_constraints_size is 0. + If cert is invalid. + @retval FALSE The required buffer size is small. + The return buffer size is basic_constra= ints_size parameter. + @retval FALSE If no Extension entry match oid. + @retval FALSE The operation is not supported. + **/ +BOOLEAN +EFIAPI +X509GetExtendedBasicConstraints ( + CONST UINT8 *Cert, + UINTN CertSize, + UINT8 *BasicConstraints, + UINTN *BasicConstraintsSize + ) +{ + ASSERT (FALSE); + return FALSE; +} --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94934): https://edk2.groups.io/g/devel/message/94934 Mute This Topic: https://groups.io/mt/94234106/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 9 17:52:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+94933+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94933+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1665401568; cv=none; d=zohomail.com; s=zohoarc; b=KrV1uHr7RVZUYwjBmu5Dyw95WBhnQBzdsQlMki8lAyr7MEdnH9NPlYnmg62g2pk2ow0imJKsvvxCYMFlvLXgBJrRDmhQakF4R7nQtD/matwK0W7fmW3yWbpTwk1/fiQ2gCP0GPMMU9IDZ4cow13FQuL3xqnHf/cejaKw+HAjZXE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1665401568; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=vkf2tzMCE8vGwOdoEuw1BH5tojnZZvfRvUXCyC9aVIo=; b=GDEWA8KyrTiGXnvE5BIgCSpfoqBapYYGDB08Al4QSSQWSbe1WqnPIqGbFkkY6KgK3W4t3S5XEfTYflr2v9iQ8lFB4BqQZxuridD5e8eufzlstpQr/KBUIb58vwatSQWG8wotL/JGOM7NEPdPl0A+PTF1XrXYBKZ9Bp/16w6InhU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94933+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1665401568283990.2853910625216; Mon, 10 Oct 2022 04:32:48 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id deZsYY1788612x9sv8rFyIUK; Mon, 10 Oct 2022 04:32:47 -0700 X-Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web12.5191.1665401566013137258 for ; Mon, 10 Oct 2022 04:32:47 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10495"; a="291489601" X-IronPort-AV: E=Sophos;i="5.95,173,1661842800"; d="scan'208";a="291489601" X-Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Oct 2022 04:32:41 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10495"; a="620990425" X-IronPort-AV: E=Sophos;i="5.95,173,1661842800"; d="scan'208";a="620990425" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.157.129]) by orsmga007.jf.intel.com with ESMTP; 10 Oct 2022 04:32:39 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH V2 3/4] CryptoPkg: add new X509 function to Crypto Service. Date: Mon, 10 Oct 2022 19:32:27 +0800 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: Y5lPfyKoD8rHrqFu0DAMUVrFx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1665401567; bh=pvCM0dTbHNsolkeSmYoadIOnYhIT//TZNWZl5/+iFqM=; h=Cc:Date:From:Reply-To:Subject:To; b=mHsz5IHVNld28/K01aOy8DeKpm0d5E3BpewsMEpsmpuVPrFzRaetkZlOLaZEzMYAqUD t9zNF7IOTaQltaDr+BhGCsBRHOfcRP+FS6XSsQ1nIZijKqCnsiJ50HFu0nfPQB4bQYL0f dYZjZIUDo6N1sEMKFz8r2sGgGcr2aM7zwso= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1665401570386100012 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4082 Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Qi Zhang --- CryptoPkg/Driver/Crypto.c | 432 +++++++++++++++++- .../Pcd/PcdCryptoServiceFamilyEnable.h | 34 +- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 415 +++++++++++++++++ CryptoPkg/Private/Protocol/Crypto.h | 390 ++++++++++++++++ 4 files changed, 1260 insertions(+), 11 deletions(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index f1ff77855c..82ed28bdd8 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -3086,6 +3086,421 @@ CryptoServiceX509GetTBSCert ( return CALL_BASECRYPTLIB (X509.Services.GetTBSCert, X509GetTBSCert, (Cer= t, CertSize, TBSCert, TBSCertSize), FALSE); } =20 +/** + Retrieve the version from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertSize is 0, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Version Pointer to the retrieved version integer. + + @retval TRUE The certificate version retrieved successfully. + @retval FALSE If Cert is NULL or CertSize is Zero. + @retval FALSE The operation is not supported. + +**/ +BOOLEAN +EFIAPI +CryptoServiceX509GetVersion ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINTN *Version + ) +{ + return CALL_BASECRYPTLIB (X509.Services.GetVersion, X509GetVersion, (Cer= t, CertSize, Version), FALSE); +} + +/** + Retrieve the serialNumber from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertSize is 0, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] SerialNumber Pointer to the retrieved certificate Seria= lNumber bytes. + @param[in, out] SerialNumberSize The size in bytes of the SerialNumber = buffer on input, + and the size of buffer returned SerialNumbe= r on output. + + @retval TRUE The certificate serialNumber retrieved = successfully. + @retval FALSE If Cert is NULL or CertSize is Zero. + If SerialNumberSize is NULL. + If Certificate is invalid. + @retval FALSE If no SerialNumber exists. + @retval FALSE If the SerialNumber is NULL. The requir= ed buffer size + (including the final null) is returned = in the + SerialNumberSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +CryptoServiceX509GetSerialNumber ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *SerialNumber, OPTIONAL + IN OUT UINTN *SerialNumberSize + ) +{ + return CALL_BASECRYPTLIB (X509.Services.GetSerialNumber, X509GetSerialNu= mber, (Cert, CertSize, SerialNumber, SerialNumberSize), FALSE); +} + +/** + Retrieve the issuer bytes from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertIssuerSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] CertIssuer Pointer to the retrieved certificate subject= bytes. + @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buff= er on input, + and the size of buffer returned CertSubject= on output. + + @retval TRUE The certificate issuer retrieved successfully. + @retval FALSE Invalid certificate, or the CertIssuerSize is too small = for the result. + The CertIssuerSize will be updated with the required siz= e. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +CryptoServiceX509GetIssuerName ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *CertIssuer, + IN OUT UINTN *CertIssuerSize + ) +{ + return CALL_BASECRYPTLIB (X509.Services.GetIssuerName, X509GetIssuerName= , (Cert, CertSize, CertIssuer, CertIssuerSize), FALSE); +} + +/** + Retrieve the Signature Algorithm from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Oid Signature Algorithm Object identifier b= uffer. + @param[in,out] OidSize Signature Algorithm Object identifier b= uffer size + + @retval TRUE The certificate Extension data retrieve= d successfully. + @retval FALSE If Cert is NULL. + If OidSize is NULL. + If Oid is not NULL and *OidSize is 0. + If Certificate is invalid. + @retval FALSE If no SignatureType. + @retval FALSE If the Oid is NULL. The required buffer= size + is returned in the OidSize. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +CryptoServiceX509GetSignatureAlgorithm ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *Oid, OPTIONAL + IN OUT UINTN *OidSize + ) +{ + return CALL_BASECRYPTLIB (X509.Services.GetSignatureAlgorithm, X509GetSi= gnatureAlgorithm, (Cert, CertSize, Oid, OidSize), FALSE); +} + +/** + Retrieve Extension data from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[in] Oid Object identifier buffer + @param[in] OidSize Object identifier buffer size + @param[out] ExtensionData Extension bytes. + @param[in, out] ExtensionDataSize Extension bytes size. + + @retval TRUE The certificate Extension data retrieve= d successfully. + @retval FALSE If Cert is NULL. + If ExtensionDataSize is NULL. + If ExtensionData is not NULL and *Exten= sionDataSize is 0. + If Certificate is invalid. + @retval FALSE If no Extension entry match Oid. + @retval FALSE If the ExtensionData is NULL. The requi= red buffer size + is returned in the ExtensionDataSize pa= rameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +CryptoServiceX509GetExtensionData ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN CONST UINT8 *Oid, + IN UINTN OidSize, + OUT UINT8 *ExtensionData, + IN OUT UINTN *ExtensionDataSize + ) +{ + return CALL_BASECRYPTLIB (X509.Services.GetExtensionData, X509GetExtensi= onData, (Cert, CertSize, Oid, OidSize, ExtensionData, ExtensionDataSize), F= ALSE); +} + +/** + Retrieve the Extended Key Usage from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Usage Key Usage bytes. + @param[in, out] UsageSize Key Usage buffer sizs in bytes. + + @retval TRUE The Usage bytes retrieve successfully. + @retval FALSE If Cert is NULL. + If CertSize is NULL. + If Usage is not NULL and *UsageSize is = 0. + If Cert is invalid. + @retval FALSE If the Usage is NULL. The required buff= er size + is returned in the UsageSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +CryptoServiceX509GetExtendedKeyUsage ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *Usage, + IN OUT UINTN *UsageSize + ) +{ + return CALL_BASECRYPTLIB (X509.Services.GetExtendedKeyUsage, X509GetExte= ndedKeyUsage, (Cert, CertSize, Usage, UsageSize), FALSE); +} + +/** + Retrieve the Validity from one X.509 certificate + + If Cert is NULL, then return FALSE. + If CertIssuerSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[in] From notBefore Pointer to DateTime object. + @param[in,out] FromSize notBefore DateTime object size. + @param[in] To notAfter Pointer to DateTime object. + @param[in,out] ToSize notAfter DateTime object size. + + Note: X509CompareDateTime to compare DateTime oject + x509SetDateTime to get a DateTime object from a DateTimeStr + + @retval TRUE The certificate Validity retrieved successfully. + @retval FALSE Invalid certificate, or Validity retrieve failed. + @retval FALSE This interface is not supported. +**/ +BOOLEAN +EFIAPI +CryptoServiceX509GetValidity ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN UINT8 *From, + IN OUT UINTN *FromSize, + IN UINT8 *To, + IN OUT UINTN *ToSize + ) +{ + return CALL_BASECRYPTLIB (X509.Services.GetValidity, X509GetValidity, (C= ert, CertSize, From, FromSize, To, ToSize), FALSE); +} + +/** + Format a DateTimeStr to DataTime object in DataTime Buffer + + If DateTimeStr is NULL, then return FALSE. + If DateTimeSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ + Ref: https://www.w3.org/TR/NOTE-datetime + Z stand for UTC time + @param[out] DateTime Pointer to a DateTime object. + @param[in,out] DateTimeSize DateTime object buffer size. + + @retval TRUE The DateTime object create successfully. + @retval FALSE If DateTimeStr is NULL. + If DateTimeSize is NULL. + If DateTime is not NULL and *DateTimeSi= ze is 0. + If Year Month Day Hour Minute Second co= mbination is invalid datetime. + @retval FALSE If the DateTime is NULL. The required b= uffer size + (including the final null) is returned = in the + DateTimeSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +CryptoServiceX509FormatDateTime ( + IN CONST CHAR8 *DateTimeStr, + OUT VOID *DateTime, + IN OUT UINTN *DateTimeSize + ) +{ + return CALL_BASECRYPTLIB (X509.Services.FormatDateTime, X509FormatDateTi= me, (DateTimeStr, DateTime, DateTimeSize), FALSE); +} + +/** + Compare DateTime1 object and DateTime2 object. + + If DateTime1 is NULL, then return -2. + If DateTime2 is NULL, then return -2. + If DateTime1 =3D=3D DateTime2, then return 0 + If DateTime1 > DateTime2, then return 1 + If DateTime1 < DateTime2, then return -1 + + @param[in] DateTime1 Pointer to a DateTime Ojbect + @param[in] DateTime2 Pointer to a DateTime Object + + @retval 0 If DateTime1 =3D=3D DateTime2 + @retval 1 If DateTime1 > DateTime2 + @retval -1 If DateTime1 < DateTime2 +**/ +INT32 +EFIAPI +CryptoServiceX509CompareDateTime ( + IN CONST VOID *DateTime1, + IN CONST VOID *DateTime2 + ) +{ + return CALL_BASECRYPTLIB (X509.Services.CompareDateTime, X509CompareDate= Time, (DateTime1, DateTime2), FALSE); +} + +/** + Retrieve the Key Usage from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Usage Key Usage (CRYPTO_X509_KU_*) + + @retval TRUE The certificate Key Usage retrieved successfully. + @retval FALSE Invalid certificate, or Usage is NULL + @retval FALSE This interface is not supported. +**/ +BOOLEAN +EFIAPI +CryptoServiceX509GetKeyUsage ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINTN *Usage + ) +{ + return CALL_BASECRYPTLIB (X509.Services.GetKeyUsage, X509GetKeyUsage, (C= ert, CertSize, Usage), FALSE); +} + +/** + Verify one X509 certificate was issued by the trusted CA. + @param[in] RootCert Trusted Root Certificate buffer + + @param[in] RootCertLength Trusted Root Certificate buffer length + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates + where the first certificate is signed = by the Root + Certificate or is the Root Cerificate = itself. and + subsequent cerificate is signed by the= preceding + cerificate. + @param[in] CertChainLength Total length of the certificate chain,= in bytes. + + @retval TRUE All cerificates was issued by the first certificate in X= 509Certchain. + @retval FALSE Invalid certificate or the certificate was not issued by= the given + trusted CA. +**/ +BOOLEAN +EFIAPI +CryptoServiceX509VerifyCertChain ( + IN CONST UINT8 *RootCert, + IN UINTN RootCertLength, + IN CONST UINT8 *CertChain, + IN UINTN CertChainLength + ) +{ + return CALL_BASECRYPTLIB (X509.Services.VerifyCertChain, X509VerifyCertC= hain, (RootCert, RootCertLength, CertChain, CertChainLength), FALSE); +} + +/** + Get one X509 certificate from CertChain. + + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates + where the first certificate is signed = by the Root + Certificate or is the Root Cerificate = itself. and + subsequent cerificate is signed by the= preceding + cerificate. + @param[in] CertChainLength Total length of the certificate chain,= in bytes. + + @param[in] CertIndex Index of certificate. + + @param[out] Cert The certificate at the index of CertCh= ain. + @param[out] CertLength The length certificate at the index of= CertChain. + + @retval TRUE Success. + @retval FALSE Failed to get certificate from certificate chain. +**/ +BOOLEAN +EFIAPI +CryptoServiceX509GetCertFromCertChain ( + IN CONST UINT8 *CertChain, + IN UINTN CertChainLength, + IN CONST INT32 CertIndex, + OUT CONST UINT8 **Cert, + OUT UINTN *CertLength + ) +{ + return CALL_BASECRYPTLIB (X509.Services.GetCertFromCertChain, X509GetCer= tFromCertChain, (CertChain, CertChainLength, CertIndex, Cert, CertLength), = FALSE); +} + +/** + Retrieve the tag and length of the tag. + + @param Ptr The position in the ASN.1 data + @param End End of data + @param Length The variable that will receive the length + @param Tag The expected tag + + @retval TRUE Get tag successful + @retval FALSe Failed to get tag or tag not match +**/ +BOOLEAN +EFIAPI +CryptoServiceAsn1GetTag ( + IN OUT UINT8 **Ptr, + IN CONST UINT8 *End, + OUT UINTN *Length, + IN UINT32 Tag + ) +{ + return CALL_BASECRYPTLIB (X509.Services.Asn1GetTag, Asn1GetTag, (Ptr, En= d, Length, Tag), FALSE); +} + +/** + Retrieve the basic constraints from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509= certificate. + @param[in] CertSize size of the X509 certificate in= bytes. + @param[out] BasicConstraints basic constraints bytes. + @param[in, out] BasicConstraintsSize basic constraints buffer sizs i= n bytes. + + @retval TRUE The basic constraints retrieve successf= ully. + @retval FALSE If cert is NULL. + If cert_size is NULL. + If basic_constraints is not NULL and *b= asic_constraints_size is 0. + If cert is invalid. + @retval FALSE The required buffer size is small. + The return buffer size is basic_constra= ints_size parameter. + @retval FALSE If no Extension entry match oid. + @retval FALSE The operation is not supported. + **/ +BOOLEAN +EFIAPI +CryptoServiceX509GetExtendedBasicConstraints ( + CONST UINT8 *Cert, + UINTN CertSize, + UINT8 *BasicConstraints, + UINTN *BasicConstraintsSize + ) +{ + return CALL_BASECRYPTLIB (X509.Services.GetExtendedBasicConstraints, X50= 9GetExtendedBasicConstraints, (Cert, CertSize, BasicConstraints, BasicConst= raintsSize), FALSE); +} + /** Derives a key from a password using a salt and iteration count, based on= PKCS#5 v2.0 password based encryption key derivation function PBKDF2, as specified i= n RFC 2898. @@ -6416,5 +6831,20 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceTlsSetSignatureAlgoList, CryptoServiceTlsSetEcCurve, /// TLS Get (continued) - CryptoServiceTlsGetExportKey + CryptoServiceTlsGetExportKey, + /// X509 (Continued) + CryptoServiceX509GetVersion, + CryptoServiceX509GetSerialNumber, + CryptoServiceX509GetIssuerName, + CryptoServiceX509GetSignatureAlgorithm, + CryptoServiceX509GetExtensionData, + CryptoServiceX509GetExtendedKeyUsage, + CryptoServiceX509GetValidity, + CryptoServiceX509FormatDateTime, + CryptoServiceX509CompareDateTime, + CryptoServiceX509GetKeyUsage, + CryptoServiceX509VerifyCertChain, + CryptoServiceX509GetCertFromCertChain, + CryptoServiceAsn1GetTag, + CryptoServiceX509GetExtendedBasicConstraints }; diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoP= kg/Include/Pcd/PcdCryptoServiceFamilyEnable.h index 4740589417..9d3651338b 100644 --- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h +++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h @@ -187,16 +187,30 @@ typedef struct { } Sha512; union { struct { - UINT8 GetSubjectName : 1; - UINT8 GetCommonName : 1; - UINT8 GetOrganizationName : 1; - UINT8 VerifyCert : 1; - UINT8 ConstructCertificate : 1; - UINT8 ConstructCertificateStack : 1; - UINT8 ConstructCertificateStackV : 1; - UINT8 Free : 1; - UINT8 StackFree : 1; - UINT8 GetTBSCert : 1; + UINT8 GetSubjectName : 1; + UINT8 GetCommonName : 1; + UINT8 GetOrganizationName : 1; + UINT8 VerifyCert : 1; + UINT8 ConstructCertificate : 1; + UINT8 ConstructCertificateStack : 1; + UINT8 ConstructCertificateStackV : 1; + UINT8 Free : 1; + UINT8 StackFree : 1; + UINT8 GetTBSCert : 1; + UINT8 GetVersion : 1; + UINT8 GetSerialNumber : 1; + UINT8 GetIssuerName : 1; + UINT8 GetSignatureAlgorithm : 1; + UINT8 GetExtensionData : 1; + UINT8 GetExtendedKeyUsage : 1; + UINT8 GetValidity : 1; + UINT8 FormatDateTime : 1; + UINT8 CompareDateTime : 1; + UINT8 GetKeyUsage : 1; + UINT8 VerifyCertChain : 1; + UINT8 GetCertFromCertChain : 1; + UINT8 Asn1GetTag : 1; + UINT8 GetExtendedBasicConstraints : 1; } Services; UINT32 Family; } X509; diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 52b934a545..6862adf061 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -2322,6 +2322,421 @@ X509GetTBSCert ( CALL_CRYPTO_SERVICE (X509GetTBSCert, (Cert, CertSize, TBSCert, TBSCertSi= ze), FALSE); } =20 +/** + Retrieve the version from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertSize is 0, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Version Pointer to the retrieved version integer. + + @retval TRUE The certificate version retrieved successfully. + @retval FALSE If Cert is NULL or CertSize is Zero. + @retval FALSE The operation is not supported. + +**/ +BOOLEAN +EFIAPI +X509GetVersion ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINTN *Version + ) +{ + CALL_CRYPTO_SERVICE (X509GetVersion, (Cert, CertSize, Version), FALSE); +} + +/** + Retrieve the serialNumber from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertSize is 0, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] SerialNumber Pointer to the retrieved certificate Seria= lNumber bytes. + @param[in, out] SerialNumberSize The size in bytes of the SerialNumber = buffer on input, + and the size of buffer returned SerialNumbe= r on output. + + @retval TRUE The certificate serialNumber retrieved = successfully. + @retval FALSE If Cert is NULL or CertSize is Zero. + If SerialNumberSize is NULL. + If Certificate is invalid. + @retval FALSE If no SerialNumber exists. + @retval FALSE If the SerialNumber is NULL. The requir= ed buffer size + (including the final null) is returned = in the + SerialNumberSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetSerialNumber ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *SerialNumber, OPTIONAL + IN OUT UINTN *SerialNumberSize + ) +{ + CALL_CRYPTO_SERVICE (X509GetSerialNumber, (Cert, CertSize, SerialNumber,= SerialNumberSize), FALSE); +} + +/** + Retrieve the issuer bytes from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertIssuerSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] CertIssuer Pointer to the retrieved certificate subject= bytes. + @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buff= er on input, + and the size of buffer returned CertSubject= on output. + + @retval TRUE The certificate issuer retrieved successfully. + @retval FALSE Invalid certificate, or the CertIssuerSize is too small = for the result. + The CertIssuerSize will be updated with the required siz= e. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +X509GetIssuerName ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *CertIssuer, + IN OUT UINTN *CertIssuerSize + ) +{ + CALL_CRYPTO_SERVICE (X509GetIssuerName, (Cert, CertSize, CertIssuer, Cer= tIssuerSize), FALSE); +} + +/** + Retrieve the Signature Algorithm from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Oid Signature Algorithm Object identifier b= uffer. + @param[in,out] OidSize Signature Algorithm Object identifier b= uffer size + + @retval TRUE The certificate Extension data retrieved successf= ully. + @retval FALSE If Cert is NULL. + If OidSize is NULL. + If Oid is not NULL and *OidSize is 0. + If Certificate is invalid. + @retval FALSE If no SignatureType. + @retval FALSE If the Oid is NULL. The required buffer= size + is returned in the OidSize. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetSignatureAlgorithm ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *Oid, OPTIONAL + IN OUT UINTN *OidSize + ) +{ + CALL_CRYPTO_SERVICE (X509GetSignatureAlgorithm, (Cert, CertSize, Oid, Oi= dSize), FALSE); +} + +/** + Retrieve Extension data from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[in] Oid Object identifier buffer + @param[in] OidSize Object identifier buffer size + @param[out] ExtensionData Extension bytes. + @param[in, out] ExtensionDataSize Extension bytes size. + + @retval TRUE The certificate Extension data retrieve= d successfully. + @retval FALSE If Cert is NULL. + If ExtensionDataSize is NULL. + If ExtensionData is not NULL and *Exten= sionDataSize is 0. + If Certificate is invalid. + @retval FALSE If no Extension entry match Oid. + @retval FALSE If the ExtensionData is NULL. The requi= red buffer size + is returned in the ExtensionDataSize pa= rameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetExtensionData ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN CONST UINT8 *Oid, + IN UINTN OidSize, + OUT UINT8 *ExtensionData, + IN OUT UINTN *ExtensionDataSize + ) +{ + CALL_CRYPTO_SERVICE (X509GetExtensionData, (Cert, CertSize, Oid, OidSize= , ExtensionData, ExtensionDataSize), FALSE); +} + +/** + Retrieve the Extended Key Usage from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Usage Key Usage bytes. + @param[in, out] UsageSize Key Usage buffer sizs in bytes. + + @retval TRUE The Usage bytes retrieve successfully. + @retval FALSE If Cert is NULL. + If CertSize is NULL. + If Usage is not NULL and *UsageSize is = 0. + If Cert is invalid. + @retval FALSE If the Usage is NULL. The required buff= er size + is returned in the UsageSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetExtendedKeyUsage ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *Usage, + IN OUT UINTN *UsageSize + ) +{ + CALL_CRYPTO_SERVICE (X509GetExtendedKeyUsage, (Cert, CertSize, Usage, Us= ageSize), FALSE); +} + +/** + Retrieve the Validity from one X.509 certificate + + If Cert is NULL, then return FALSE. + If CertIssuerSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[in] From notBefore Pointer to DateTime object. + @param[in,out] FromSize notBefore DateTime object size. + @param[in] To notAfter Pointer to DateTime object. + @param[in,out] ToSize notAfter DateTime object size. + + Note: X509CompareDateTime to compare DateTime oject + x509SetDateTime to get a DateTime object from a DateTimeStr + + @retval TRUE The certificate Validity retrieved successfully. + @retval FALSE Invalid certificate, or Validity retrieve failed. + @retval FALSE This interface is not supported. +**/ +BOOLEAN +EFIAPI +X509GetValidity ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN UINT8 *From, + IN OUT UINTN *FromSize, + IN UINT8 *To, + IN OUT UINTN *ToSize + ) +{ + CALL_CRYPTO_SERVICE (X509GetValidity, (Cert, CertSize, From, FromSize, T= o, ToSize), FALSE); +} + +/** + Format a DateTimeStr to DataTime object in DataTime Buffer + + If DateTimeStr is NULL, then return FALSE. + If DateTimeSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ + Ref: https://www.w3.org/TR/NOTE-datetime + Z stand for UTC time + @param[out] DateTime Pointer to a DateTime object. + @param[in,out] DateTimeSize DateTime object buffer size. + + @retval TRUE The DateTime object create successfully. + @retval FALSE If DateTimeStr is NULL. + If DateTimeSize is NULL. + If DateTime is not NULL and *DateTimeSi= ze is 0. + If Year Month Day Hour Minute Second co= mbination is invalid datetime. + @retval FALSE If the DateTime is NULL. The required b= uffer size + (including the final null) is returned = in the + DateTimeSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509FormatDateTime ( + IN CONST CHAR8 *DateTimeStr, + OUT VOID *DateTime, + IN OUT UINTN *DateTimeSize + ) +{ + CALL_CRYPTO_SERVICE (X509FormatDateTime, (DateTimeStr, DateTime, DateTim= eSize), FALSE); +} + +/** + Compare DateTime1 object and DateTime2 object. + + If DateTime1 is NULL, then return -2. + If DateTime2 is NULL, then return -2. + If DateTime1 =3D=3D DateTime2, then return 0 + If DateTime1 > DateTime2, then return 1 + If DateTime1 < DateTime2, then return -1 + + @param[in] DateTime1 Pointer to a DateTime Ojbect + @param[in] DateTime2 Pointer to a DateTime Object + + @retval 0 If DateTime1 =3D=3D DateTime2 + @retval 1 If DateTime1 > DateTime2 + @retval -1 If DateTime1 < DateTime2 +**/ +INT32 +EFIAPI +X509CompareDateTime ( + IN CONST VOID *DateTime1, + IN CONST VOID *DateTime2 + ) +{ + CALL_CRYPTO_SERVICE (X509CompareDateTime, (DateTime1, DateTime2), FALSE); +} + +/** + Retrieve the Key Usage from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Usage Key Usage (CRYPTO_X509_KU_*) + + @retval TRUE The certificate Key Usage retrieved successfully. + @retval FALSE Invalid certificate, or Usage is NULL + @retval FALSE This interface is not supported. +**/ +BOOLEAN +EFIAPI +X509GetKeyUsage ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINTN *Usage + ) +{ + CALL_CRYPTO_SERVICE (X509GetKeyUsage, (Cert, CertSize, Usage), FALSE); +} + +/** + Verify one X509 certificate was issued by the trusted CA. + @param[in] RootCert Trusted Root Certificate buffer + + @param[in] RootCertLength Trusted Root Certificate buffer length + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates + where the first certificate is signed = by the Root + Certificate or is the Root Cerificate = itself. and + subsequent cerificate is signed by the= preceding + cerificate. + @param[in] CertChainLength Total length of the certificate chain,= in bytes. + + @retval TRUE All cerificates was issued by the first certificate in X= 509Certchain. + @retval FALSE Invalid certificate or the certificate was not issued by= the given + trusted CA. +**/ +BOOLEAN +EFIAPI +X509VerifyCertChain ( + IN CONST UINT8 *RootCert, + IN UINTN RootCertLength, + IN CONST UINT8 *CertChain, + IN UINTN CertChainLength + ) +{ + CALL_CRYPTO_SERVICE (X509VerifyCertChain, (RootCert, RootCertLength, Cer= tChain, CertChainLength), FALSE); +} + +/** + Get one X509 certificate from CertChain. + + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates + where the first certificate is signed = by the Root + Certificate or is the Root Cerificate = itself. and + subsequent cerificate is signed by the= preceding + cerificate. + @param[in] CertChainLength Total length of the certificate chain,= in bytes. + + @param[in] CertIndex Index of certificate. + + @param[out] Cert The certificate at the index of CertCh= ain. + @param[out] CertLength The length certificate at the index of= CertChain. + + @retval TRUE Success. + @retval FALSE Failed to get certificate from certificate chain. +**/ +BOOLEAN +EFIAPI +X509GetCertFromCertChain ( + IN CONST UINT8 *CertChain, + IN UINTN CertChainLength, + IN CONST INT32 CertIndex, + OUT CONST UINT8 **Cert, + OUT UINTN *CertLength + ) +{ + CALL_CRYPTO_SERVICE (X509GetCertFromCertChain, (CertChain, CertChainLeng= th, CertIndex, Cert, CertLength), FALSE); +} + +/** + Retrieve the tag and length of the tag. + + @param Ptr The position in the ASN.1 data + @param End End of data + @param Length The variable that will receive the length + @param Tag The expected tag + + @retval TRUE Get tag successful + @retval FALSe Failed to get tag or tag not match +**/ +BOOLEAN +EFIAPI +Asn1GetTag ( + IN OUT UINT8 **Ptr, + IN CONST UINT8 *End, + OUT UINTN *Length, + IN UINT32 Tag + ) +{ + CALL_CRYPTO_SERVICE (Asn1GetTag, (Ptr, End, Length, Tag), FALSE); +} + +/** + Retrieve the basic constraints from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509= certificate. + @param[in] CertSize size of the X509 certificate in= bytes. + @param[out] BasicConstraints basic constraints bytes. + @param[in, out] BasicConstraintsSize basic constraints buffer sizs i= n bytes. + + @retval TRUE The basic constraints retrieve successf= ully. + @retval FALSE If cert is NULL. + If cert_size is NULL. + If basic_constraints is not NULL and *b= asic_constraints_size is 0. + If cert is invalid. + @retval FALSE The required buffer size is small. + The return buffer size is basic_constra= ints_size parameter. + @retval FALSE If no Extension entry match oid. + @retval FALSE The operation is not supported. + **/ +BOOLEAN +EFIAPI +X509GetExtendedBasicConstraints ( + CONST UINT8 *Cert, + UINTN CertSize, + UINT8 *BasicConstraints, + UINTN *BasicConstraintsSize + ) +{ + CALL_CRYPTO_SERVICE (X509GetExtendedBasicConstraints, (Cert, CertSize, B= asicConstraints, BasicConstraintsSize), FALSE); +} + /** Derives a key from a password using a salt and iteration count, based on= PKCS#5 v2.0 password based encryption key derivation function PBKDF2, as specified i= n RFC 2898. diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index 6293efa36b..7408e11ec6 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -2351,6 +2351,381 @@ BOOLEAN OUT UINTN *TBSCertSize ); =20 +/** + Retrieve the version from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertSize is 0, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Version Pointer to the retrieved version integer. + + @retval TRUE The certificate version retrieved successfully. + @retval FALSE If Cert is NULL or CertSize is Zero. + @retval FALSE The operation is not supported. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_X509_GET_VERSION)( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINTN *Version + ); + +/** + Retrieve the serialNumber from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertSize is 0, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] SerialNumber Pointer to the retrieved certificate Seria= lNumber bytes. + @param[in, out] SerialNumberSize The size in bytes of the SerialNumber = buffer on input, + and the size of buffer returned SerialNumbe= r on output. + + @retval TRUE The certificate serialNumber retrieved = successfully. + @retval FALSE If Cert is NULL or CertSize is Zero. + If SerialNumberSize is NULL. + If Certificate is invalid. + @retval FALSE If no SerialNumber exists. + @retval FALSE If the SerialNumber is NULL. The requir= ed buffer size + (including the final null) is returned = in the + SerialNumberSize parameter. + @retval FALSE The operation is not supported. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_X509_GET_SERIAL_NUMBER)( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *SerialNumber, OPTIONAL + IN OUT UINTN *SerialNumberSize + ); + +/** + Retrieve the issuer bytes from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertIssuerSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] CertIssuer Pointer to the retrieved certificate subject= bytes. + @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buff= er on input, + and the size of buffer returned CertSubject= on output. + + @retval TRUE The certificate issuer retrieved successfully. + @retval FALSE Invalid certificate, or the CertIssuerSize is too small = for the result. + The CertIssuerSize will be updated with the required siz= e. + @retval FALSE This interface is not supported. + +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_X509_GET_ISSUER_NAME)( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *CertIssuer, + IN OUT UINTN *CertIssuerSize + ); + +/** + Retrieve the Signature Algorithm from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Oid Signature Algorithm Object identifier b= uffer. + @param[in,out] OidSize Signature Algorithm Object identifier b= uffer size + + @retval TRUE The certificate Extension data retrieved successf= ully. + @retval FALSE If Cert is NULL. + If OidSize is NULL. + If Oid is not NULL and *OidSize is 0. + If Certificate is invalid. + @retval FALSE If no SignatureType. + @retval FALSE If the Oid is NULL. The required buffer= size + is returned in the OidSize. + @retval FALSE The operation is not supported. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_X509_GET_SIGNATURE_ALGORITHM)( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *Oid, OPTIONAL + IN OUT UINTN *OidSize + ); + +/** + Retrieve Extension data from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[in] Oid Object identifier buffer + @param[in] OidSize Object identifier buffer size + @param[out] ExtensionData Extension bytes. + @param[in, out] ExtensionDataSize Extension bytes size. + + @retval TRUE The certificate Extension data retrieve= d successfully. + @retval FALSE If Cert is NULL. + If ExtensionDataSize is NULL. + If ExtensionData is not NULL and *Exten= sionDataSize is 0. + If Certificate is invalid. + @retval FALSE If no Extension entry match Oid. + @retval FALSE If the ExtensionData is NULL. The requi= red buffer size + is returned in the ExtensionDataSize pa= rameter. + @retval FALSE The operation is not supported. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_X509_GET_EXTENSION_DATA)( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN CONST UINT8 *Oid, + IN UINTN OidSize, + OUT UINT8 *ExtensionData, + IN OUT UINTN *ExtensionDataSize + ); + +/** + Retrieve the Extended Key Usage from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Usage Key Usage bytes. + @param[in, out] UsageSize Key Usage buffer sizs in bytes. + + @retval TRUE The Usage bytes retrieve successfully. + @retval FALSE If Cert is NULL. + If CertSize is NULL. + If Usage is not NULL and *UsageSize is = 0. + If Cert is invalid. + @retval FALSE If the Usage is NULL. The required buff= er size + is returned in the UsageSize parameter. + @retval FALSE The operation is not supported. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_X509_GET_EXTENDED_KEY_USAGE)( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *Usage, + IN OUT UINTN *UsageSize + ); + +/** + Retrieve the Validity from one X.509 certificate + + If Cert is NULL, then return FALSE. + If CertIssuerSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] From notBefore Pointer to DateTime object. + @param[in,out] FromSize notBefore DateTime object size. + @param[out] To notAfter Pointer to DateTime object. + @param[in,out] ToSize notAfter DateTime object size. + + Note: X509CompareDateTime to compare DateTime oject + x509SetDateTime to get a DateTime object from a DateTimeStr + + @retval TRUE The certificate Validity retrieved successfully. + @retval FALSE Invalid certificate, or Validity retrieve failed. + @retval FALSE This interface is not supported. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_X509_GET_VALIDITY)( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN UINT8 *From, + IN OUT UINTN *FromSize, + IN UINT8 *To, + IN OUT UINTN *ToSize + ); + +/** + Format a DateTimeStr to DataTime object in DataTime Buffer + + If DateTimeStr is NULL, then return FALSE. + If DateTimeSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ + Ref: https://www.w3.org/TR/NOTE-datetime + Z stand for UTC time + @param[in,out] DateTime Pointer to a DateTime object. + @param[in,out] DateTimeSize DateTime object buffer size. + + @retval TRUE The DateTime object create successfully. + @retval FALSE If DateTimeStr is NULL. + If DateTimeSize is NULL. + If DateTime is not NULL and *DateTimeSi= ze is 0. + If Year Month Day Hour Minute Second co= mbination is invalid datetime. + @retval FALSE If the DateTime is NULL. The required b= uffer size + (including the final null) is returned = in the + DateTimeSize parameter. + @retval FALSE The operation is not supported. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_X509_FORMAT_DATE_TIME)( + IN CONST CHAR8 *DateTimeStr, + OUT VOID *DateTime, + IN OUT UINTN *DateTimeSize + ); + +/** + Compare DateTime1 object and DateTime2 object. + + If DateTime1 is NULL, then return -2. + If DateTime2 is NULL, then return -2. + If DateTime1 =3D=3D DateTime2, then return 0 + If DateTime1 > DateTime2, then return 1 + If DateTime1 < DateTime2, then return -1 + + @param[in] DateTime1 Pointer to a DateTime Ojbect + @param[in] DateTime2 Pointer to a DateTime Object + + @retval 0 If DateTime1 =3D=3D DateTime2 + @retval 1 If DateTime1 > DateTime2 + @retval -1 If DateTime1 < DateTime2 +**/ +typedef +INT32 +(EFIAPI *EDKII_CRYPTO_X509_COMPARE_DATE_TIME)( + IN CONST VOID *DateTime1, + IN CONST VOID *DateTime2 + ); + +/** + Retrieve the Key Usage from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Usage Key Usage (CRYPTO_X509_KU_*) + + @retval TRUE The certificate Key Usage retrieved successfully. + @retval FALSE Invalid certificate, or Usage is NULL + @retval FALSE This interface is not supported. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_X509_GET_KEY_USAGE)( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINTN *Usage + ); + +/** + Verify one X509 certificate was issued by the trusted CA. + + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates + where the first certificate is signed = by the Root + Certificate or is the Root Cerificate = itself. and + subsequent cerificate is signed by the= preceding + cerificate. + @param[in] CertChainLength Total length of the certificate chain,= in bytes. + + @param[in] RootCert Trusted Root Certificate buffer + + @param[in] RootCertLength Trusted Root Certificate buffer length + + @retval TRUE All cerificates was issued by the first certificate in X= 509Certchain. + @retval FALSE Invalid certificate or the certificate was not issued by= the given + trusted CA. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_X509_VERIFY_CERT_CHAIN)( + IN CONST UINT8 *RootCert, + IN UINTN RootCertLength, + IN CONST UINT8 *CertChain, + IN UINTN CertChainLength + ); + +/** + Get one X509 certificate from CertChain. + + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates + where the first certificate is signed = by the Root + Certificate or is the Root Cerificate = itself. and + subsequent cerificate is signed by the= preceding + cerificate. + @param[in] CertChainLength Total length of the certificate chain,= in bytes. + + @param[in] CertIndex Index of certificate. + + @param[out] Cert The certificate at the index of CertCh= ain. + @param[out] CertLength The length certificate at the index of= CertChain. + + @retval TRUE Success. + @retval FALSE Failed to get certificate from certificate chain. +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_X509_GET_CERT_FROM_CERT_CHAIN)( + IN CONST UINT8 *CertChain, + IN UINTN CertChainLength, + IN CONST INT32 CertIndex, + OUT CONST UINT8 **Cert, + OUT UINTN *CertLength + ); + +/** + Retrieve the tag and length of the tag. + + @param Ptr The position in the ASN.1 data + @param End End of data + @param Length The variable that will receive the length + @param Tag The expected tag + + @retval TRUE Get tag successful + @retval FALSe Failed to get tag or tag not match +**/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_ASN1_GET_TAG)( + IN OUT UINT8 **Ptr, + IN CONST UINT8 *End, + OUT UINTN *Length, + IN UINT32 Tag + ); + +/** + Retrieve the basic constraints from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509= certificate. + @param[in] CertSize size of the X509 certificate in= bytes. + @param[out] BasicConstraints basic constraints bytes. + @param[in, out] BasicConstraintsSize basic constraints buffer sizs i= n bytes. + + @retval TRUE The basic constraints retrieve successf= ully. + @retval FALSE If cert is NULL. + If cert_size is NULL. + If basic_constraints is not NULL and *b= asic_constraints_size is 0. + If cert is invalid. + @retval FALSE The required buffer size is small. + The return buffer size is basic_constra= ints_size parameter. + @retval FALSE If no Extension entry match oid. + @retval FALSE The operation is not supported. + **/ +typedef +BOOLEAN +(EFIAPI *EDKII_CRYPTO_X509_GET_EXTENDED_BASIC_CONSTRAINTS)( + CONST UINT8 *Cert, + UINTN CertSize, + UINT8 *BasicConstraints, + UINTN *BasicConstraintsSize + ); + // =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D // Symmetric Cryptography Primitive // =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D @@ -5084,6 +5459,21 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_TLS_SET_EC_CURVE TlsSetEcCurve; /// TLS Get (continued) EDKII_CRYPTO_TLS_GET_EXPORT_KEY TlsGetExportKey; + /// X509 (Continued) + EDKII_CRYPTO_X509_GET_VERSION X509GetVersion; + EDKII_CRYPTO_X509_GET_SERIAL_NUMBER X509GetSerialNumber; + EDKII_CRYPTO_X509_GET_ISSUER_NAME X509GetIssuerName; + EDKII_CRYPTO_X509_GET_SIGNATURE_ALGORITHM X509GetSignatureAlgo= rithm; + EDKII_CRYPTO_X509_GET_EXTENSION_DATA X509GetExtensionData; + EDKII_CRYPTO_X509_GET_EXTENDED_KEY_USAGE X509GetExtendedKeyUs= age; + EDKII_CRYPTO_X509_GET_VALIDITY X509GetValidity; + EDKII_CRYPTO_X509_FORMAT_DATE_TIME X509FormatDateTime; + EDKII_CRYPTO_X509_COMPARE_DATE_TIME X509CompareDateTime; + EDKII_CRYPTO_X509_GET_KEY_USAGE X509GetKeyUsage; + EDKII_CRYPTO_X509_VERIFY_CERT_CHAIN X509VerifyCertChain; + EDKII_CRYPTO_X509_GET_CERT_FROM_CERT_CHAIN X509GetCertFromCertC= hain; + EDKII_CRYPTO_ASN1_GET_TAG Asn1GetTag; + EDKII_CRYPTO_X509_GET_EXTENDED_BASIC_CONSTRAINTS X509GetExtendedBasic= Constraints; }; =20 extern GUID gEdkiiCryptoProtocolGuid; --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94933): https://edk2.groups.io/g/devel/message/94933 Mute This Topic: https://groups.io/mt/94234105/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 9 17:52:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+94935+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94935+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1665401569; cv=none; d=zohomail.com; s=zohoarc; b=EOivCYGuroZJg/6l10N+Ml7noRsdi5h3tZ2CWsowM9uQdIdoVG1lZiZQnFQIImIUNEazN7eBBdg9e9LAgWeBnQ2+O/MtwrRq9PiLx6Gc+d2Ni2MI0bwg2dg3ndKp3D7kRa8Q3tK/ju/akhY5tvGYxeTSOW+OEguDW6LV9ap5UGo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1665401569; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=qyPQCl4O3NLKISx5O2XPnaK8+OMeY1Dsh8jg/E5n8cg=; b=YNfUMaL+IDR6LGYhiyuoZmMmRq6S6yvRfleCUaueW/o2wa3G/2AMwt8zVxcK/td9hh4Ki1xxJBYenCCwJIW8m1WWjy+4HLFnVEwC6+rMHMaTVmDUHVT3/wtbmhbXkIZVXAJtEwdQ1wTtb5ao3jYwHTsBGsGe1HiSMyua80LnqRE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94935+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1665401569395331.3798590828454; Mon, 10 Oct 2022 04:32:49 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id wyurYY1788612xyd70tGYUWS; Mon, 10 Oct 2022 04:32:49 -0700 X-Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web12.5191.1665401566013137258 for ; Mon, 10 Oct 2022 04:32:47 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10495"; a="291489610" X-IronPort-AV: E=Sophos;i="5.95,173,1661842800"; d="scan'208";a="291489610" X-Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Oct 2022 04:32:43 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10495"; a="620990434" X-IronPort-AV: E=Sophos;i="5.95,173,1661842800"; d="scan'208";a="620990434" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.157.129]) by orsmga007.jf.intel.com with ESMTP; 10 Oct 2022 04:32:41 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH V2 4/4] CryptoPkg: add Unit Test for X509 new function. Date: Mon, 10 Oct 2022 19:32:28 +0800 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: onW6xkbnSm0Dm0xyjipbx23gx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1665401569; bh=BRe+v98GmbyBbx12GPkPcLjVCrr0Iz3AmTHnMq2jY/s=; h=Cc:Date:From:Reply-To:Subject:To; b=KGpcf2/gvYV2pJ/Ziz9DOME7jWhAq7brkBhXvdeWTbkCGKrM2Qtgk4slh3fAbGHZTVi sZ1tdMX7ktqiS0U25TH3XjUQPhXpWei1mJ9vH+LeiH8vm5jkAM4AKBLX8j1GkidTj1i5W yK3jJopGteQHtxkA/Xp9+z2yMkX3hcW+VU0= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1665401570332100008 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4082 Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Qi Zhang --- .../BaseCryptLib/BaseCryptLibUnitTests.c | 1 + .../Library/BaseCryptLib/TestBaseCryptLib.h | 4 + .../BaseCryptLib/TestBaseCryptLibHost.inf | 1 + .../BaseCryptLib/TestBaseCryptLibShell.inf | 1 + .../UnitTest/Library/BaseCryptLib/X509Tests.c | 631 ++++++++++++++++++ 5 files changed, 638 insertions(+) create mode 100644 CryptoPkg/Test/UnitTest/Library/BaseCryptLib/X509Tests.c diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitT= ests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests= .c index 63bae35b80..5546259488 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/BaseCryptLibUnitTests.c @@ -29,6 +29,7 @@ SUITE_DESC mSuiteDesc[] =3D { { "Aead AES Gcm tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mAeadAesGcmTestNum, mAeadAesGcmTest }, { "Bn verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mBnTestNum, mBnTest }, { "EC verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mEcTestNum, mEcTest }, + { "X509 Verify tests", "CryptoPkg.BaseCryptLib", NULL, NULL,= &mX509TestNum, mX509Test }, }; =20 EFI_STATUS diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.= h b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h index 3a84e63a87..91f3ec41d4 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h @@ -97,6 +97,10 @@ extern TEST_DESC mBnTest[]; =20 extern UINTN mEcTestNum; extern TEST_DESC mEcTest[]; + +extern UINTN mX509TestNum; +extern TEST_DESC mX509Test[]; + /** Creates a framework you can use */ EFI_STATUS EFIAPI diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibH= ost.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost= .inf index 023b796946..07113d6ed6 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf @@ -41,6 +41,7 @@ AeadAesGcmTests.c BnTests.c EcTests.c + X509Tests.c =20 [Packages] MdePkg/MdePkg.dec diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibS= hell.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShe= ll.inf index 5bfd190236..0450b8a29c 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf @@ -40,6 +40,7 @@ AeadAesGcmTests.c BnTests.c EcTests.c + X509Tests.c =20 [Packages] MdePkg/MdePkg.dec diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/X509Tests.c b/Cry= ptoPkg/Test/UnitTest/Library/BaseCryptLib/X509Tests.c new file mode 100644 index 0000000000..b3d11ea330 --- /dev/null +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/X509Tests.c @@ -0,0 +1,631 @@ +/** @file + Application for X509 Cert Validation. + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "TestBaseCryptLib.h" + +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 mOidSubjectAltName[] =3D { 0x55= , 0x1D, 0x11 }; + +// +// use openssl tool to create the test certificates. +// +// openssl req -nodes -x509 -days 3650 -newkey rsa:4096 -keyout ca.key -ou= t ca.cert -sha256 -subj "/CN=3Dintel test RSA CA" +// openssl rsa -in ca.key -outform der -out ca.key.der +// openssl req -nodes -newkey rsa:3072 -keyout inter.key -out inter.req -s= ha256 -batch -subj "/CN=3Dintel test RSA intermediate cert" +// openssl req -nodes -newkey rsa:2048 -keyout end_requester.key -out end_= requester.req -sha256 -batch -subj "/CN=3Dintel test RSA requseter cert" +// openssl req -nodes -newkey rsa:2048 -keyout end_responder.key -out end_= responder.req -sha256 -batch -subj "/CN=3Dintel test RSA responder cert" +// openssl x509 -req -in inter.req -out inter.cert -CA ca.cert -CAkey ca.k= ey -sha256 -days 3650 -set_serial 1 -extensions v3_inter -extfile ../openss= l.cnf +// openssl x509 -req -in end_requester.req -out end_requester.cert -CA int= er.cert -CAkey inter.key -sha256 -days 3650 -set_serial 2 -extensions v3_en= d -extfile ../openssl.cnf +// openssl x509 -req -in end_responder.req -out end_responder.cert -CA int= er.cert -CAkey inter.key -sha256 -days 3650 -set_serial 3 -extensions v3_en= d -extfile ../openssl.cnf +// openssl asn1parse -in ca.cert -out ca.cert.der +// openssl asn1parse -in inter.cert -out inter.cert.der +// openssl asn1parse -in end_requester.cert -out end_requester.cert.der +// cat ca.cert.der inter.cert.der end_requester.cert.der > bundle_requeste= r.certchain.der +// openssl rsa -inform PEM -outform DER -in end_requester.key -out end_req= uester.key.der +// + +// +// dump of inter.cert.der +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 mTestCert[] =3D { + 0x30, 0x82, 0x04, 0xa0, 0x30, 0x82, 0x02, 0x88, 0xa0, 0x03, 0x02, 0x01, = 0x02, 0x02, 0x01, 0x01, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, = 0x0b, 0x05, 0x00, 0x30, + 0x1c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x11, = 0x69, 0x6e, 0x74, 0x65, + 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, = 0x41, 0x30, 0x1e, 0x17, + 0x0d, 0x32, 0x32, 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x31, 0x31, 0x30, = 0x36, 0x5a, 0x17, 0x0d, + 0x33, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x36, 0x31, 0x31, 0x30, 0x36, = 0x5a, 0x30, 0x2b, 0x31, + 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x20, 0x69, 0x6e, = 0x74, 0x65, 0x6c, 0x20, + 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x69, 0x6e, 0x74, = 0x65, 0x72, 0x6d, 0x65, + 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x63, 0x65, 0x72, 0x74, 0x30, 0x82, = 0x01, 0xa2, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, = 0x00, 0x03, 0x82, 0x01, + 0x8f, 0x00, 0x30, 0x82, 0x01, 0x8a, 0x02, 0x82, 0x01, 0x81, 0x00, 0xd1, = 0xcf, 0x2d, 0x21, 0x38, + 0xe4, 0x81, 0xa6, 0xf2, 0xe5, 0xca, 0xac, 0x09, 0x2b, 0x04, 0x2a, 0x52, = 0x76, 0x2f, 0xa3, 0x4b, + 0x43, 0xc2, 0xd6, 0xb5, 0x3e, 0x2b, 0x29, 0x6f, 0x1b, 0x7d, 0x36, 0x60, = 0xcd, 0x71, 0xf4, 0xcf, + 0x8a, 0x24, 0xac, 0x8f, 0x5f, 0x78, 0x70, 0xc9, 0x84, 0x48, 0xfb, 0x1d, = 0xcb, 0xee, 0x34, 0x3c, + 0x4c, 0xe1, 0x1a, 0x92, 0x54, 0x43, 0x45, 0xe0, 0xdd, 0x14, 0xd5, 0xac, = 0x13, 0xae, 0xcc, 0x45, + 0xdc, 0x52, 0xdd, 0x45, 0x22, 0x10, 0xab, 0xb2, 0x1b, 0x3e, 0xad, 0x36, = 0x6f, 0x00, 0x59, 0xb6, + 0xfd, 0x27, 0xb8, 0x57, 0xbb, 0x66, 0x72, 0x1e, 0x7b, 0xe8, 0xc7, 0xaf, = 0x5e, 0x65, 0x5c, 0x58, + 0x3d, 0x9e, 0x78, 0x26, 0xb7, 0x70, 0x9a, 0xe7, 0x3c, 0xfc, 0x90, 0x64, = 0xb2, 0xb2, 0xb2, 0x80, + 0x22, 0xb3, 0x1c, 0x23, 0x73, 0x6a, 0xe3, 0xcb, 0x5b, 0x4e, 0x29, 0x71, = 0xdd, 0xfd, 0xd7, 0x15, + 0x3a, 0xd6, 0xa3, 0xe0, 0x4a, 0x53, 0x65, 0xa6, 0xae, 0x6a, 0x83, 0xb0, = 0x00, 0x3f, 0x64, 0x4b, + 0x01, 0xcd, 0x97, 0xb1, 0xe1, 0x54, 0x1e, 0xa2, 0x33, 0x4e, 0xf0, 0x13, = 0x33, 0x80, 0xe5, 0x41, + 0x9c, 0x5e, 0xb3, 0x5d, 0xae, 0x53, 0x2c, 0x41, 0x51, 0xf2, 0x00, 0x3e, = 0x03, 0xe2, 0x0d, 0xa4, + 0xf5, 0x24, 0x08, 0x46, 0xc2, 0xed, 0x6b, 0xf2, 0xe0, 0x1b, 0x04, 0xb7, = 0xe8, 0xda, 0x85, 0xa4, + 0x2f, 0x4b, 0x53, 0xfa, 0x76, 0x72, 0x0a, 0x28, 0xbf, 0x3c, 0xa8, 0x85, = 0x03, 0xee, 0x51, 0xb5, + 0x5c, 0xa9, 0xa5, 0x70, 0x47, 0x07, 0x11, 0x32, 0xc5, 0x5f, 0x7a, 0x07, = 0xfb, 0x5f, 0x4a, 0x52, + 0x65, 0x33, 0x0c, 0x17, 0x8e, 0x74, 0xe5, 0xec, 0x7d, 0x52, 0xa0, 0xd4, = 0xef, 0x64, 0xcc, 0x5e, + 0xe2, 0x3d, 0x46, 0x1e, 0x73, 0xab, 0x43, 0x2d, 0x05, 0xfa, 0xa3, 0x6d, = 0x86, 0x02, 0xe7, 0xc8, + 0x5f, 0x44, 0xfe, 0xeb, 0x14, 0x73, 0x2d, 0xf4, 0x0b, 0x72, 0x49, 0xe3, = 0xef, 0x55, 0x05, 0x1b, + 0x2f, 0xf9, 0x73, 0xeb, 0xed, 0xcc, 0x5e, 0x52, 0x17, 0x43, 0x94, 0x85, = 0xc7, 0x0e, 0x73, 0x89, + 0x22, 0xdc, 0x02, 0x5f, 0x99, 0x69, 0x58, 0x16, 0x89, 0x1e, 0x6f, 0x75, = 0xf8, 0xd3, 0xe7, 0x0a, + 0xb1, 0x01, 0x42, 0x71, 0xa6, 0xc5, 0xb2, 0xd0, 0xc0, 0x75, 0x96, 0x2e, = 0xc2, 0x32, 0x49, 0x0a, + 0xe8, 0x85, 0xbd, 0x22, 0x4c, 0x95, 0xd4, 0xf8, 0x2d, 0x72, 0x05, 0x4f, = 0x0e, 0x56, 0x9c, 0xc3, + 0x30, 0x3d, 0xfd, 0x30, 0x63, 0x92, 0x72, 0x6b, 0xaf, 0x80, 0x9d, 0xd0, = 0xc2, 0x36, 0xe7, 0xc1, + 0x37, 0xd0, 0x64, 0x88, 0x64, 0x3c, 0x33, 0xdd, 0x87, 0xdd, 0xd9, 0xa2, = 0x79, 0x44, 0xd8, 0x25, + 0x84, 0x0e, 0xfd, 0x9d, 0xd6, 0xc1, 0x7a, 0x2d, 0x23, 0x08, 0x9d, 0x02, = 0x03, 0x01, 0x00, 0x01, + 0xa3, 0x5e, 0x30, 0x5c, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, = 0x05, 0x30, 0x03, 0x01, + 0x01, 0xff, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, = 0x02, 0x01, 0xfe, 0x30, + 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x46, 0xcd, = 0xb4, 0x52, 0x02, 0x29, + 0x26, 0xc7, 0x52, 0x23, 0x81, 0x65, 0xcd, 0x87, 0x2f, 0x96, 0x1b, 0x01, = 0x2c, 0xc5, 0x30, 0x20, + 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x16, 0x30, 0x14, = 0x06, 0x08, 0x2b, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, = 0x05, 0x07, 0x03, 0x02, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, = 0x0b, 0x05, 0x00, 0x03, + 0x82, 0x02, 0x01, 0x00, 0x71, 0x14, 0xca, 0xfe, 0x03, 0x92, 0xc6, 0x88, = 0x52, 0x76, 0x43, 0xd9, + 0x8a, 0xf7, 0x22, 0x94, 0xef, 0x40, 0xa7, 0xc3, 0x7b, 0x6f, 0xb4, 0xd0, = 0x42, 0xc3, 0x59, 0x1f, + 0x77, 0xef, 0xac, 0x18, 0xce, 0x7c, 0xab, 0x48, 0x85, 0x22, 0xf1, 0x50, = 0x2c, 0xe0, 0x63, 0x4d, + 0x9d, 0x0e, 0xed, 0x38, 0xff, 0xd9, 0xed, 0x3c, 0x7e, 0x3e, 0x84, 0xb1, = 0xa7, 0x78, 0x62, 0x37, + 0x39, 0x6d, 0xd5, 0x5d, 0x46, 0x9a, 0x6f, 0x63, 0xc2, 0xa7, 0x90, 0xf9, = 0x7a, 0xa7, 0x4b, 0xa2, + 0x8a, 0xa8, 0x50, 0x13, 0x16, 0x9c, 0x4f, 0xcc, 0x28, 0x58, 0x6c, 0x9f, = 0x65, 0x6e, 0xf0, 0x9a, + 0x92, 0x59, 0x94, 0xa4, 0xb5, 0xfd, 0x8f, 0xf0, 0x7c, 0x1e, 0xba, 0xc3, = 0x21, 0x13, 0xfb, 0x33, + 0xba, 0xad, 0x4b, 0x1d, 0x42, 0x23, 0x16, 0x8b, 0x3e, 0xcd, 0xb5, 0x69, = 0x9c, 0x7c, 0xa1, 0x9b, + 0x92, 0xc1, 0x2f, 0x9c, 0x89, 0x3f, 0x28, 0x24, 0x67, 0x48, 0x47, 0xf0, = 0xb1, 0xc0, 0xf0, 0x4c, + 0xbf, 0xf6, 0x64, 0xde, 0x33, 0xc3, 0xd6, 0x5b, 0xe6, 0xc3, 0xdd, 0xa5, = 0xba, 0x42, 0x02, 0x0f, + 0xbc, 0xbe, 0xde, 0x14, 0x12, 0x7c, 0xfb, 0xe6, 0xbb, 0xdd, 0xf2, 0x6b, = 0xd7, 0x75, 0xe6, 0xf5, + 0xda, 0xbe, 0xe9, 0xbf, 0xa6, 0x87, 0x09, 0x41, 0x6c, 0x9d, 0x19, 0x9c, = 0xb1, 0x7c, 0x89, 0x9f, + 0x32, 0xb3, 0x0a, 0x59, 0x10, 0xc6, 0x8c, 0xa0, 0x5b, 0xda, 0xa6, 0xa3, = 0xf8, 0x33, 0x77, 0x7a, + 0xf4, 0xb0, 0x8a, 0xcf, 0xc8, 0x3f, 0x2e, 0xb8, 0xf1, 0x9e, 0x7b, 0x47, = 0x2d, 0x85, 0x3b, 0x58, + 0xcd, 0x4b, 0xbc, 0x87, 0xd2, 0xf3, 0xcd, 0x36, 0x80, 0x9b, 0x4a, 0x0f, = 0x24, 0x30, 0x1d, 0x3f, + 0x6f, 0x56, 0xcf, 0x6e, 0x2d, 0xcf, 0xa8, 0x17, 0xd5, 0x97, 0x0b, 0x22, = 0xa6, 0x59, 0xef, 0xef, + 0xd4, 0x9a, 0x0e, 0x6f, 0xb9, 0xf0, 0x48, 0x2a, 0x54, 0x22, 0x77, 0x27, = 0x90, 0x84, 0x42, 0x56, + 0x85, 0x80, 0x78, 0x4f, 0xd9, 0x14, 0x2a, 0xf0, 0x5d, 0x6b, 0x46, 0x60, = 0x3d, 0xad, 0xa5, 0xa2, + 0xb9, 0x04, 0x23, 0x92, 0x1b, 0x70, 0xa3, 0xdb, 0xaa, 0xf0, 0x5f, 0x1c, = 0xd8, 0x26, 0xbb, 0x51, + 0x17, 0xfc, 0x93, 0x6d, 0x70, 0x19, 0x54, 0xe2, 0x6f, 0x82, 0x8a, 0x49, = 0xa6, 0x19, 0xcc, 0x97, + 0x53, 0x90, 0x27, 0xd9, 0x8d, 0xaa, 0x8c, 0xc3, 0x2b, 0xbc, 0x0a, 0x72, = 0x3a, 0x41, 0xb8, 0xfa, + 0x1e, 0xbb, 0x8b, 0x27, 0x06, 0x75, 0x53, 0x91, 0xac, 0x8d, 0x75, 0xf2, = 0xa6, 0xea, 0x85, 0x7e, + 0x34, 0x06, 0x9e, 0xf9, 0xe9, 0x13, 0xa3, 0xfe, 0x2e, 0x38, 0x4b, 0x3f, = 0x61, 0x11, 0x1f, 0x6b, + 0xd3, 0xfe, 0xc9, 0x13, 0xbc, 0x12, 0xfe, 0xbc, 0xff, 0xaa, 0x38, 0x73, = 0x8a, 0x73, 0x8c, 0xcf, + 0xcc, 0xd3, 0xe7, 0xba, 0x98, 0xfd, 0xf4, 0xf5, 0xf6, 0xa9, 0xc8, 0x07, = 0x5b, 0x16, 0xae, 0x76, + 0x86, 0x24, 0x25, 0xcc, 0x7c, 0xdb, 0x1e, 0x7f, 0xc4, 0xe4, 0xd3, 0x89, = 0x5a, 0x91, 0x6a, 0x9c, + 0x93, 0x03, 0xd2, 0xd2, 0xc0, 0x29, 0x69, 0x58, 0x52, 0x6c, 0xca, 0x91, = 0x7d, 0xd2, 0x3d, 0xc7, + 0x2f, 0x8a, 0x4e, 0x55, 0x03, 0x34, 0x16, 0x01, 0x2f, 0x4f, 0x57, 0xea, = 0x10, 0xa7, 0xfb, 0xe3, + 0x2e, 0x2c, 0x7f, 0x5d, 0x27, 0x93, 0x74, 0x95, 0x25, 0x1a, 0x1e, 0x54, = 0x1a, 0xb6, 0xe1, 0xdc, + 0xc8, 0xe4, 0x84, 0xeb, 0x38, 0x0f, 0x05, 0x74, 0xf3, 0x3a, 0xf9, 0xd8, = 0x00, 0x43, 0xe9, 0x24, + 0x1e, 0x45, 0xb4, 0xe2, 0x38, 0x8b, 0x6a, 0x4f, 0xb6, 0x0b, 0x1d, 0xac, = 0xbc, 0xec, 0xda, 0x41, + 0x9c, 0x7f, 0xa8, 0x15, 0x09, 0x3b, 0x0b, 0x99, 0xc4, 0x48, 0xdd, 0xde, = 0x0d, 0x65, 0x86, 0x72, + 0xaa, 0x0a, 0x4e, 0x71, +}; + +// +// dump of ca.cert.der +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 mTestCaCert[] =3D { + 0x30, 0x82, 0x05, 0x19, 0x30, 0x82, 0x03, 0x01, 0xa0, 0x03, 0x02, 0x01, = 0x02, 0x02, 0x14, 0x1d, + 0xaf, 0x4e, 0xf1, 0x99, 0xbf, 0xee, 0xe2, 0x6d, 0x7e, 0x4a, 0xac, 0xac, = 0x20, 0x00, 0xeb, 0x78, + 0xf6, 0x6a, 0xe9, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, = 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, 0x30, 0x1c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, = 0x03, 0x0c, 0x11, 0x69, + 0x6e, 0x74, 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, = 0x41, 0x20, 0x43, 0x41, + 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, = 0x31, 0x31, 0x30, 0x35, + 0x5a, 0x17, 0x0d, 0x33, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x36, 0x31, = 0x31, 0x30, 0x35, 0x5a, + 0x30, 0x1c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, = 0x11, 0x69, 0x6e, 0x74, + 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, = 0x43, 0x41, 0x30, 0x82, + 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, = 0x01, 0x01, 0x01, 0x05, + 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, = 0x02, 0x01, 0x00, 0xd5, + 0x13, 0x55, 0xb1, 0x0d, 0x44, 0x17, 0x6a, 0x06, 0x39, 0x66, 0xee, 0xbc, = 0x43, 0x81, 0xea, 0xe0, + 0x93, 0x3f, 0x70, 0xb5, 0x5b, 0x07, 0xde, 0xa0, 0x24, 0x47, 0xd0, 0xf8, = 0x99, 0xe6, 0x50, 0x17, + 0xb4, 0x02, 0x60, 0xd9, 0x1a, 0x6c, 0xd3, 0x55, 0x60, 0x61, 0xde, 0x80, = 0x6d, 0x38, 0x29, 0x46, + 0xbb, 0x45, 0xa2, 0xeb, 0x24, 0x1c, 0xbb, 0x87, 0x1f, 0x14, 0xed, 0x3a, = 0xd5, 0x32, 0xd5, 0x11, + 0x4b, 0xf4, 0x99, 0x78, 0x00, 0x11, 0x8d, 0x6d, 0x6e, 0x5a, 0x0b, 0x81, = 0xff, 0x08, 0x59, 0x01, + 0x2b, 0xf0, 0x9b, 0x52, 0x88, 0x41, 0xb6, 0x3e, 0x62, 0x7b, 0xbd, 0x25, = 0x96, 0x64, 0x8e, 0xb1, + 0x2b, 0x6a, 0xf8, 0x39, 0x93, 0x0a, 0x6b, 0x3f, 0x8c, 0x2b, 0x35, 0x6e, = 0x80, 0x32, 0x86, 0xf6, + 0x0f, 0x1e, 0x8c, 0xd4, 0x4e, 0x77, 0xbe, 0xaf, 0xe5, 0x4c, 0x47, 0x66, = 0xdd, 0x62, 0xce, 0x64, + 0x65, 0x80, 0xca, 0xbd, 0x87, 0x94, 0x3e, 0xff, 0x3d, 0x0a, 0xd4, 0x39, = 0xcc, 0xd1, 0xef, 0xd1, + 0x1a, 0x55, 0x2c, 0xeb, 0xdc, 0xcf, 0x9a, 0x59, 0x92, 0xda, 0xca, 0xf6, = 0xae, 0x88, 0xbc, 0xc0, + 0x43, 0xe5, 0xa9, 0x60, 0xb2, 0x0f, 0x69, 0xa2, 0x2a, 0x98, 0x56, 0x0f, = 0x4b, 0x0b, 0x63, 0xb3, + 0x4e, 0x8b, 0x43, 0xb4, 0x7f, 0x52, 0x1e, 0x5a, 0x9e, 0xdf, 0xa7, 0x98, = 0x4d, 0xb9, 0x3b, 0x58, + 0x80, 0x69, 0x38, 0xb7, 0xeb, 0x20, 0x91, 0xbf, 0x59, 0x81, 0x44, 0xfc, = 0xc6, 0xaf, 0xc2, 0xc8, + 0xe1, 0xae, 0x3d, 0xc5, 0xb6, 0x55, 0xa8, 0xa2, 0xcd, 0xec, 0x0b, 0xbe, = 0x9c, 0x34, 0x2b, 0xf5, + 0x4b, 0x2e, 0x3b, 0x26, 0xaa, 0x22, 0x12, 0x29, 0xc2, 0x66, 0xc2, 0x40, = 0xdd, 0x12, 0xfa, 0xf0, + 0xb4, 0xe8, 0x95, 0x20, 0x59, 0x91, 0x9e, 0x7d, 0x36, 0x6e, 0x2d, 0x99, = 0x53, 0x44, 0x2b, 0x43, + 0x12, 0x08, 0x74, 0x76, 0xd5, 0x21, 0xd3, 0x08, 0x37, 0xe1, 0xe6, 0xe3, = 0xc4, 0x67, 0x88, 0x29, + 0xea, 0x06, 0x97, 0x9f, 0x61, 0x0d, 0x5d, 0x39, 0x17, 0x03, 0x87, 0x89, = 0x35, 0xe0, 0xd5, 0x87, + 0xa1, 0x5b, 0x0c, 0x3c, 0x35, 0x3d, 0xd6, 0x6f, 0xdd, 0x6f, 0xa5, 0x11, = 0x9f, 0x80, 0x20, 0xca, + 0x8b, 0x67, 0xd2, 0x2c, 0x7c, 0x51, 0x68, 0x15, 0x2c, 0x9c, 0x08, 0x86, = 0xc8, 0x6c, 0xf0, 0x9d, + 0xc2, 0x98, 0xb9, 0x6e, 0x31, 0xaf, 0x2b, 0x34, 0x9c, 0xe3, 0xd0, 0xe9, = 0x85, 0x37, 0x2b, 0x1f, + 0x21, 0xd2, 0xb9, 0xa4, 0x8d, 0x3f, 0xa3, 0x1a, 0x9f, 0x7d, 0x1b, 0xb6, = 0xe0, 0xf6, 0x19, 0xf4, + 0x19, 0xf8, 0x50, 0xa7, 0x1b, 0xec, 0xb9, 0xbb, 0xa4, 0xd2, 0x20, 0xf3, = 0xed, 0xc7, 0xa7, 0x94, + 0x2b, 0x0b, 0x9a, 0x74, 0xb8, 0xba, 0xd7, 0x42, 0x97, 0xab, 0xb4, 0xe9, = 0xbe, 0x1e, 0x07, 0x0c, + 0x05, 0x55, 0x54, 0xba, 0x05, 0x73, 0x99, 0xf2, 0x29, 0x88, 0x69, 0x4f, = 0x1b, 0x2e, 0x87, 0x7b, + 0x74, 0x94, 0xae, 0xc2, 0x2f, 0x3c, 0x90, 0xb5, 0x5c, 0x01, 0x46, 0xc6, = 0x42, 0xfb, 0xa9, 0xad, + 0x82, 0x1b, 0xd9, 0x38, 0xbe, 0x0d, 0x72, 0x4c, 0x06, 0x03, 0x92, 0xc2, = 0xc8, 0x7f, 0x7b, 0xd4, + 0x86, 0x83, 0xb8, 0x62, 0xd9, 0xf7, 0x2f, 0xc1, 0x57, 0x88, 0x85, 0xa5, = 0x61, 0xc5, 0x93, 0xfc, + 0x17, 0xe0, 0x98, 0x11, 0x88, 0x0d, 0x03, 0x0b, 0x6e, 0x01, 0x16, 0xcc, = 0xf2, 0x3c, 0x5f, 0x61, + 0x8c, 0x27, 0x31, 0xca, 0x4d, 0x35, 0x7a, 0xc1, 0xf3, 0xfe, 0x06, 0xff, = 0xca, 0x7b, 0x96, 0xad, + 0x0d, 0xff, 0x9e, 0x12, 0x44, 0x51, 0x6e, 0xf4, 0xaa, 0x2e, 0xce, 0xe8, = 0xc7, 0xa6, 0xe9, 0xae, + 0xc0, 0xbe, 0xde, 0x7b, 0x93, 0x3d, 0x1d, 0xf9, 0xfb, 0x4d, 0xa7, 0x0b, = 0x73, 0xfb, 0x7b, 0x02, + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, = 0x55, 0x1d, 0x0e, 0x04, + 0x16, 0x04, 0x14, 0x03, 0xfe, 0xb0, 0x3f, 0x09, 0xe5, 0xe1, 0xf4, 0x2e, = 0x87, 0xfb, 0x41, 0x86, + 0xf6, 0x76, 0xd3, 0x93, 0xbe, 0x96, 0x85, 0x30, 0x1f, 0x06, 0x03, 0x55, = 0x1d, 0x23, 0x04, 0x18, + 0x30, 0x16, 0x80, 0x14, 0x03, 0xfe, 0xb0, 0x3f, 0x09, 0xe5, 0xe1, 0xf4, = 0x2e, 0x87, 0xfb, 0x41, + 0x86, 0xf6, 0x76, 0xd3, 0x93, 0xbe, 0x96, 0x85, 0x30, 0x0f, 0x06, 0x03, = 0x55, 0x1d, 0x13, 0x01, + 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, = 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, = 0x00, 0x02, 0x15, 0x73, + 0x60, 0x10, 0xbc, 0x95, 0xac, 0x63, 0x15, 0x09, 0x6b, 0x0c, 0x09, 0x4a, = 0x74, 0xcd, 0xe3, 0x58, + 0xcc, 0x6c, 0xf3, 0x55, 0x80, 0xe9, 0x75, 0x47, 0x2c, 0x80, 0x4e, 0x5f, = 0xfe, 0xbd, 0x2e, 0xd7, + 0x42, 0x89, 0x44, 0x57, 0xbe, 0x51, 0x84, 0x53, 0xb6, 0x40, 0x80, 0xd6, = 0xcc, 0xe2, 0x80, 0x22, + 0x53, 0xd9, 0x31, 0x65, 0xf9, 0x3c, 0x8b, 0x7b, 0xe6, 0xa6, 0x6e, 0xfd, = 0x9d, 0x27, 0xe5, 0xcd, + 0xfd, 0x82, 0xcf, 0xd6, 0x18, 0xbe, 0xa6, 0xed, 0x72, 0xce, 0x5f, 0x45, = 0x12, 0x6a, 0xaa, 0x95, + 0x42, 0x25, 0x28, 0x8b, 0xfc, 0x4b, 0xc9, 0xad, 0xdd, 0xdb, 0x4c, 0x74, = 0x10, 0x2e, 0x90, 0x2a, + 0x06, 0x4f, 0x2e, 0xb4, 0x54, 0xb9, 0xc0, 0x60, 0xb9, 0x4d, 0xee, 0x59, = 0x1c, 0x18, 0x8d, 0xd1, + 0x49, 0xc3, 0xe9, 0x1b, 0xf1, 0xfc, 0xc3, 0x83, 0x1f, 0x6a, 0xb0, 0xfc, = 0x8d, 0xfc, 0x30, 0xed, + 0x9c, 0xcb, 0x78, 0x52, 0xe8, 0x09, 0x3d, 0x4f, 0xdc, 0xbc, 0xad, 0x84, = 0xc1, 0xd5, 0x5a, 0x0a, + 0x07, 0xa3, 0xf6, 0x42, 0xd7, 0x54, 0x55, 0x01, 0x8e, 0x53, 0xce, 0xcb, = 0x2a, 0x11, 0xf7, 0x89, + 0x7e, 0xaf, 0x6f, 0x4c, 0xb9, 0x56, 0x4a, 0x67, 0x4a, 0xf9, 0x4f, 0x64, = 0x15, 0xfa, 0xb0, 0xf9, + 0x97, 0xe2, 0xf6, 0xa8, 0xf4, 0xe7, 0x0a, 0x7a, 0x83, 0x4e, 0xf6, 0xe9, = 0xac, 0x5e, 0xd9, 0xa8, + 0xea, 0x6b, 0x06, 0xcb, 0x2c, 0x41, 0xc1, 0x7e, 0xf5, 0x79, 0xfc, 0x7c, = 0x05, 0x06, 0x8f, 0x27, + 0xaa, 0x3b, 0x61, 0x82, 0x72, 0x55, 0xa9, 0xa0, 0xa0, 0xa5, 0x69, 0x2f, = 0x95, 0x40, 0xfc, 0xfe, + 0x4a, 0x0f, 0x7d, 0x8c, 0x89, 0xaa, 0xc0, 0x1d, 0x87, 0x03, 0xa1, 0xce, = 0xee, 0x23, 0x4f, 0xc5, + 0x7c, 0xb4, 0xb6, 0x2b, 0x6f, 0x05, 0x30, 0xc9, 0x16, 0x51, 0xdf, 0xc7, = 0x16, 0x3c, 0x08, 0x38, + 0x20, 0xf9, 0xc5, 0xe0, 0x4a, 0xfa, 0xcb, 0x8c, 0xc3, 0xc5, 0xbb, 0x5c, = 0xad, 0xca, 0xc2, 0x52, + 0x45, 0x2f, 0x54, 0x70, 0x78, 0x33, 0x70, 0xc2, 0xed, 0x68, 0xf1, 0x89, = 0x67, 0xa3, 0x19, 0x24, + 0xcb, 0x8f, 0x99, 0x1b, 0x28, 0x81, 0x6c, 0x4e, 0x25, 0xb1, 0x27, 0x3d, = 0x9f, 0xe7, 0x3d, 0xa7, + 0x73, 0x9e, 0x4c, 0x1a, 0x63, 0x8e, 0xf9, 0xa7, 0xb6, 0x21, 0xe7, 0x4c, = 0xdf, 0xfb, 0x36, 0x47, + 0xda, 0x2d, 0xbb, 0x52, 0x55, 0xf8, 0x44, 0x0d, 0x0c, 0xde, 0xe2, 0x13, = 0x42, 0x1b, 0xa2, 0xad, + 0xa0, 0x0f, 0x39, 0x6c, 0x78, 0x32, 0x7a, 0x03, 0x9e, 0x55, 0x4e, 0x43, = 0xf7, 0x0c, 0x35, 0xd9, + 0x1d, 0x2c, 0x0f, 0x30, 0x30, 0x3e, 0x09, 0xe2, 0x31, 0xa6, 0xb0, 0x1e, = 0xa9, 0xf5, 0x4b, 0xa1, + 0x74, 0x09, 0x50, 0xd4, 0xd3, 0xd3, 0x3e, 0x76, 0xb1, 0x67, 0xfc, 0x51, = 0xb0, 0x93, 0x22, 0xc4, + 0x6b, 0x8a, 0x27, 0x45, 0x19, 0x3b, 0x35, 0x91, 0x61, 0x36, 0xe7, 0x9c, = 0xf6, 0xda, 0x96, 0x30, + 0x7d, 0xf4, 0x11, 0xc4, 0x3f, 0x35, 0x4e, 0x7a, 0xd6, 0x6e, 0xb6, 0xea, = 0xe7, 0x66, 0x6f, 0x23, + 0x5c, 0x53, 0x76, 0x53, 0xfc, 0x35, 0x93, 0xe5, 0xfc, 0xb9, 0x6b, 0xb9, = 0xd3, 0x6c, 0x48, 0x66, + 0x6f, 0xd7, 0x10, 0x6e, 0x25, 0x72, 0x71, 0x31, 0xfa, 0xc0, 0xdf, 0x31, = 0xca, 0xd1, 0xaf, 0xc2, + 0x8e, 0xa5, 0xca, 0xd7, 0x3f, 0x4e, 0xde, 0x47, 0xd5, 0x8e, 0xfc, 0x75, = 0xb6, 0x71, 0x83, 0xd9, + 0xfd, 0x11, 0x35, 0x81, 0xbf, 0x10, 0x0d, 0x3e, 0x50, 0x45, 0x07, 0x39, = 0x08, 0x73, 0x7a, 0x0b, + 0x21, 0x32, 0xaf, 0xf4, 0x99, 0xeb, 0x4d, 0xd4, 0xe8, 0x2a, 0x06, 0x98, = 0x43, 0xbb, 0xbb, 0x11, + 0x63, 0x99, 0xa8, 0x41, 0x22, 0xe8, 0x86, 0x79, 0x4b, 0x53, 0xb7, 0x73, = 0x1b, +}; + +// +// dump of bundle_requester.certchain.der +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 mTestBundleCert[] =3D { + 0x30, 0x82, 0x05, 0x19, 0x30, 0x82, 0x03, 0x01, 0xa0, 0x03, 0x02, 0x01, = 0x02, 0x02, 0x14, 0x1d, + 0xaf, 0x4e, 0xf1, 0x99, 0xbf, 0xee, 0xe2, 0x6d, 0x7e, 0x4a, 0xac, 0xac, = 0x20, 0x00, 0xeb, 0x78, + 0xf6, 0x6a, 0xe9, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, = 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, 0x30, 0x1c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, = 0x03, 0x0c, 0x11, 0x69, + 0x6e, 0x74, 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, = 0x41, 0x20, 0x43, 0x41, + 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, = 0x31, 0x31, 0x30, 0x35, + 0x5a, 0x17, 0x0d, 0x33, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x36, 0x31, = 0x31, 0x30, 0x35, 0x5a, + 0x30, 0x1c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, = 0x11, 0x69, 0x6e, 0x74, + 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, = 0x43, 0x41, 0x30, 0x82, + 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, = 0x01, 0x01, 0x01, 0x05, + 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, = 0x02, 0x01, 0x00, 0xd5, + 0x13, 0x55, 0xb1, 0x0d, 0x44, 0x17, 0x6a, 0x06, 0x39, 0x66, 0xee, 0xbc, = 0x43, 0x81, 0xea, 0xe0, + 0x93, 0x3f, 0x70, 0xb5, 0x5b, 0x07, 0xde, 0xa0, 0x24, 0x47, 0xd0, 0xf8, = 0x99, 0xe6, 0x50, 0x17, + 0xb4, 0x02, 0x60, 0xd9, 0x1a, 0x6c, 0xd3, 0x55, 0x60, 0x61, 0xde, 0x80, = 0x6d, 0x38, 0x29, 0x46, + 0xbb, 0x45, 0xa2, 0xeb, 0x24, 0x1c, 0xbb, 0x87, 0x1f, 0x14, 0xed, 0x3a, = 0xd5, 0x32, 0xd5, 0x11, + 0x4b, 0xf4, 0x99, 0x78, 0x00, 0x11, 0x8d, 0x6d, 0x6e, 0x5a, 0x0b, 0x81, = 0xff, 0x08, 0x59, 0x01, + 0x2b, 0xf0, 0x9b, 0x52, 0x88, 0x41, 0xb6, 0x3e, 0x62, 0x7b, 0xbd, 0x25, = 0x96, 0x64, 0x8e, 0xb1, + 0x2b, 0x6a, 0xf8, 0x39, 0x93, 0x0a, 0x6b, 0x3f, 0x8c, 0x2b, 0x35, 0x6e, = 0x80, 0x32, 0x86, 0xf6, + 0x0f, 0x1e, 0x8c, 0xd4, 0x4e, 0x77, 0xbe, 0xaf, 0xe5, 0x4c, 0x47, 0x66, = 0xdd, 0x62, 0xce, 0x64, + 0x65, 0x80, 0xca, 0xbd, 0x87, 0x94, 0x3e, 0xff, 0x3d, 0x0a, 0xd4, 0x39, = 0xcc, 0xd1, 0xef, 0xd1, + 0x1a, 0x55, 0x2c, 0xeb, 0xdc, 0xcf, 0x9a, 0x59, 0x92, 0xda, 0xca, 0xf6, = 0xae, 0x88, 0xbc, 0xc0, + 0x43, 0xe5, 0xa9, 0x60, 0xb2, 0x0f, 0x69, 0xa2, 0x2a, 0x98, 0x56, 0x0f, = 0x4b, 0x0b, 0x63, 0xb3, + 0x4e, 0x8b, 0x43, 0xb4, 0x7f, 0x52, 0x1e, 0x5a, 0x9e, 0xdf, 0xa7, 0x98, = 0x4d, 0xb9, 0x3b, 0x58, + 0x80, 0x69, 0x38, 0xb7, 0xeb, 0x20, 0x91, 0xbf, 0x59, 0x81, 0x44, 0xfc, = 0xc6, 0xaf, 0xc2, 0xc8, + 0xe1, 0xae, 0x3d, 0xc5, 0xb6, 0x55, 0xa8, 0xa2, 0xcd, 0xec, 0x0b, 0xbe, = 0x9c, 0x34, 0x2b, 0xf5, + 0x4b, 0x2e, 0x3b, 0x26, 0xaa, 0x22, 0x12, 0x29, 0xc2, 0x66, 0xc2, 0x40, = 0xdd, 0x12, 0xfa, 0xf0, + 0xb4, 0xe8, 0x95, 0x20, 0x59, 0x91, 0x9e, 0x7d, 0x36, 0x6e, 0x2d, 0x99, = 0x53, 0x44, 0x2b, 0x43, + 0x12, 0x08, 0x74, 0x76, 0xd5, 0x21, 0xd3, 0x08, 0x37, 0xe1, 0xe6, 0xe3, = 0xc4, 0x67, 0x88, 0x29, + 0xea, 0x06, 0x97, 0x9f, 0x61, 0x0d, 0x5d, 0x39, 0x17, 0x03, 0x87, 0x89, = 0x35, 0xe0, 0xd5, 0x87, + 0xa1, 0x5b, 0x0c, 0x3c, 0x35, 0x3d, 0xd6, 0x6f, 0xdd, 0x6f, 0xa5, 0x11, = 0x9f, 0x80, 0x20, 0xca, + 0x8b, 0x67, 0xd2, 0x2c, 0x7c, 0x51, 0x68, 0x15, 0x2c, 0x9c, 0x08, 0x86, = 0xc8, 0x6c, 0xf0, 0x9d, + 0xc2, 0x98, 0xb9, 0x6e, 0x31, 0xaf, 0x2b, 0x34, 0x9c, 0xe3, 0xd0, 0xe9, = 0x85, 0x37, 0x2b, 0x1f, + 0x21, 0xd2, 0xb9, 0xa4, 0x8d, 0x3f, 0xa3, 0x1a, 0x9f, 0x7d, 0x1b, 0xb6, = 0xe0, 0xf6, 0x19, 0xf4, + 0x19, 0xf8, 0x50, 0xa7, 0x1b, 0xec, 0xb9, 0xbb, 0xa4, 0xd2, 0x20, 0xf3, = 0xed, 0xc7, 0xa7, 0x94, + 0x2b, 0x0b, 0x9a, 0x74, 0xb8, 0xba, 0xd7, 0x42, 0x97, 0xab, 0xb4, 0xe9, = 0xbe, 0x1e, 0x07, 0x0c, + 0x05, 0x55, 0x54, 0xba, 0x05, 0x73, 0x99, 0xf2, 0x29, 0x88, 0x69, 0x4f, = 0x1b, 0x2e, 0x87, 0x7b, + 0x74, 0x94, 0xae, 0xc2, 0x2f, 0x3c, 0x90, 0xb5, 0x5c, 0x01, 0x46, 0xc6, = 0x42, 0xfb, 0xa9, 0xad, + 0x82, 0x1b, 0xd9, 0x38, 0xbe, 0x0d, 0x72, 0x4c, 0x06, 0x03, 0x92, 0xc2, = 0xc8, 0x7f, 0x7b, 0xd4, + 0x86, 0x83, 0xb8, 0x62, 0xd9, 0xf7, 0x2f, 0xc1, 0x57, 0x88, 0x85, 0xa5, = 0x61, 0xc5, 0x93, 0xfc, + 0x17, 0xe0, 0x98, 0x11, 0x88, 0x0d, 0x03, 0x0b, 0x6e, 0x01, 0x16, 0xcc, = 0xf2, 0x3c, 0x5f, 0x61, + 0x8c, 0x27, 0x31, 0xca, 0x4d, 0x35, 0x7a, 0xc1, 0xf3, 0xfe, 0x06, 0xff, = 0xca, 0x7b, 0x96, 0xad, + 0x0d, 0xff, 0x9e, 0x12, 0x44, 0x51, 0x6e, 0xf4, 0xaa, 0x2e, 0xce, 0xe8, = 0xc7, 0xa6, 0xe9, 0xae, + 0xc0, 0xbe, 0xde, 0x7b, 0x93, 0x3d, 0x1d, 0xf9, 0xfb, 0x4d, 0xa7, 0x0b, = 0x73, 0xfb, 0x7b, 0x02, + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, = 0x55, 0x1d, 0x0e, 0x04, + 0x16, 0x04, 0x14, 0x03, 0xfe, 0xb0, 0x3f, 0x09, 0xe5, 0xe1, 0xf4, 0x2e, = 0x87, 0xfb, 0x41, 0x86, + 0xf6, 0x76, 0xd3, 0x93, 0xbe, 0x96, 0x85, 0x30, 0x1f, 0x06, 0x03, 0x55, = 0x1d, 0x23, 0x04, 0x18, + 0x30, 0x16, 0x80, 0x14, 0x03, 0xfe, 0xb0, 0x3f, 0x09, 0xe5, 0xe1, 0xf4, = 0x2e, 0x87, 0xfb, 0x41, + 0x86, 0xf6, 0x76, 0xd3, 0x93, 0xbe, 0x96, 0x85, 0x30, 0x0f, 0x06, 0x03, = 0x55, 0x1d, 0x13, 0x01, + 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, = 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, = 0x00, 0x02, 0x15, 0x73, + 0x60, 0x10, 0xbc, 0x95, 0xac, 0x63, 0x15, 0x09, 0x6b, 0x0c, 0x09, 0x4a, = 0x74, 0xcd, 0xe3, 0x58, + 0xcc, 0x6c, 0xf3, 0x55, 0x80, 0xe9, 0x75, 0x47, 0x2c, 0x80, 0x4e, 0x5f, = 0xfe, 0xbd, 0x2e, 0xd7, + 0x42, 0x89, 0x44, 0x57, 0xbe, 0x51, 0x84, 0x53, 0xb6, 0x40, 0x80, 0xd6, = 0xcc, 0xe2, 0x80, 0x22, + 0x53, 0xd9, 0x31, 0x65, 0xf9, 0x3c, 0x8b, 0x7b, 0xe6, 0xa6, 0x6e, 0xfd, = 0x9d, 0x27, 0xe5, 0xcd, + 0xfd, 0x82, 0xcf, 0xd6, 0x18, 0xbe, 0xa6, 0xed, 0x72, 0xce, 0x5f, 0x45, = 0x12, 0x6a, 0xaa, 0x95, + 0x42, 0x25, 0x28, 0x8b, 0xfc, 0x4b, 0xc9, 0xad, 0xdd, 0xdb, 0x4c, 0x74, = 0x10, 0x2e, 0x90, 0x2a, + 0x06, 0x4f, 0x2e, 0xb4, 0x54, 0xb9, 0xc0, 0x60, 0xb9, 0x4d, 0xee, 0x59, = 0x1c, 0x18, 0x8d, 0xd1, + 0x49, 0xc3, 0xe9, 0x1b, 0xf1, 0xfc, 0xc3, 0x83, 0x1f, 0x6a, 0xb0, 0xfc, = 0x8d, 0xfc, 0x30, 0xed, + 0x9c, 0xcb, 0x78, 0x52, 0xe8, 0x09, 0x3d, 0x4f, 0xdc, 0xbc, 0xad, 0x84, = 0xc1, 0xd5, 0x5a, 0x0a, + 0x07, 0xa3, 0xf6, 0x42, 0xd7, 0x54, 0x55, 0x01, 0x8e, 0x53, 0xce, 0xcb, = 0x2a, 0x11, 0xf7, 0x89, + 0x7e, 0xaf, 0x6f, 0x4c, 0xb9, 0x56, 0x4a, 0x67, 0x4a, 0xf9, 0x4f, 0x64, = 0x15, 0xfa, 0xb0, 0xf9, + 0x97, 0xe2, 0xf6, 0xa8, 0xf4, 0xe7, 0x0a, 0x7a, 0x83, 0x4e, 0xf6, 0xe9, = 0xac, 0x5e, 0xd9, 0xa8, + 0xea, 0x6b, 0x06, 0xcb, 0x2c, 0x41, 0xc1, 0x7e, 0xf5, 0x79, 0xfc, 0x7c, = 0x05, 0x06, 0x8f, 0x27, + 0xaa, 0x3b, 0x61, 0x82, 0x72, 0x55, 0xa9, 0xa0, 0xa0, 0xa5, 0x69, 0x2f, = 0x95, 0x40, 0xfc, 0xfe, + 0x4a, 0x0f, 0x7d, 0x8c, 0x89, 0xaa, 0xc0, 0x1d, 0x87, 0x03, 0xa1, 0xce, = 0xee, 0x23, 0x4f, 0xc5, + 0x7c, 0xb4, 0xb6, 0x2b, 0x6f, 0x05, 0x30, 0xc9, 0x16, 0x51, 0xdf, 0xc7, = 0x16, 0x3c, 0x08, 0x38, + 0x20, 0xf9, 0xc5, 0xe0, 0x4a, 0xfa, 0xcb, 0x8c, 0xc3, 0xc5, 0xbb, 0x5c, = 0xad, 0xca, 0xc2, 0x52, + 0x45, 0x2f, 0x54, 0x70, 0x78, 0x33, 0x70, 0xc2, 0xed, 0x68, 0xf1, 0x89, = 0x67, 0xa3, 0x19, 0x24, + 0xcb, 0x8f, 0x99, 0x1b, 0x28, 0x81, 0x6c, 0x4e, 0x25, 0xb1, 0x27, 0x3d, = 0x9f, 0xe7, 0x3d, 0xa7, + 0x73, 0x9e, 0x4c, 0x1a, 0x63, 0x8e, 0xf9, 0xa7, 0xb6, 0x21, 0xe7, 0x4c, = 0xdf, 0xfb, 0x36, 0x47, + 0xda, 0x2d, 0xbb, 0x52, 0x55, 0xf8, 0x44, 0x0d, 0x0c, 0xde, 0xe2, 0x13, = 0x42, 0x1b, 0xa2, 0xad, + 0xa0, 0x0f, 0x39, 0x6c, 0x78, 0x32, 0x7a, 0x03, 0x9e, 0x55, 0x4e, 0x43, = 0xf7, 0x0c, 0x35, 0xd9, + 0x1d, 0x2c, 0x0f, 0x30, 0x30, 0x3e, 0x09, 0xe2, 0x31, 0xa6, 0xb0, 0x1e, = 0xa9, 0xf5, 0x4b, 0xa1, + 0x74, 0x09, 0x50, 0xd4, 0xd3, 0xd3, 0x3e, 0x76, 0xb1, 0x67, 0xfc, 0x51, = 0xb0, 0x93, 0x22, 0xc4, + 0x6b, 0x8a, 0x27, 0x45, 0x19, 0x3b, 0x35, 0x91, 0x61, 0x36, 0xe7, 0x9c, = 0xf6, 0xda, 0x96, 0x30, + 0x7d, 0xf4, 0x11, 0xc4, 0x3f, 0x35, 0x4e, 0x7a, 0xd6, 0x6e, 0xb6, 0xea, = 0xe7, 0x66, 0x6f, 0x23, + 0x5c, 0x53, 0x76, 0x53, 0xfc, 0x35, 0x93, 0xe5, 0xfc, 0xb9, 0x6b, 0xb9, = 0xd3, 0x6c, 0x48, 0x66, + 0x6f, 0xd7, 0x10, 0x6e, 0x25, 0x72, 0x71, 0x31, 0xfa, 0xc0, 0xdf, 0x31, = 0xca, 0xd1, 0xaf, 0xc2, + 0x8e, 0xa5, 0xca, 0xd7, 0x3f, 0x4e, 0xde, 0x47, 0xd5, 0x8e, 0xfc, 0x75, = 0xb6, 0x71, 0x83, 0xd9, + 0xfd, 0x11, 0x35, 0x81, 0xbf, 0x10, 0x0d, 0x3e, 0x50, 0x45, 0x07, 0x39, = 0x08, 0x73, 0x7a, 0x0b, + 0x21, 0x32, 0xaf, 0xf4, 0x99, 0xeb, 0x4d, 0xd4, 0xe8, 0x2a, 0x06, 0x98, = 0x43, 0xbb, 0xbb, 0x11, + 0x63, 0x99, 0xa8, 0x41, 0x22, 0xe8, 0x86, 0x79, 0x4b, 0x53, 0xb7, 0x73, = 0x1b, 0x30, 0x82, 0x04, + 0xa0, 0x30, 0x82, 0x02, 0x88, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, = 0x01, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, = 0x30, 0x1c, 0x31, 0x1a, + 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x11, 0x69, 0x6e, 0x74, = 0x65, 0x6c, 0x20, 0x74, + 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x41, 0x30, 0x1e, = 0x17, 0x0d, 0x32, 0x32, + 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x31, 0x31, 0x30, 0x36, 0x5a, 0x17, = 0x0d, 0x33, 0x32, 0x30, + 0x31, 0x30, 0x33, 0x30, 0x36, 0x31, 0x31, 0x30, 0x36, 0x5a, 0x30, 0x2b, = 0x31, 0x29, 0x30, 0x27, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x6c, = 0x20, 0x74, 0x65, 0x73, + 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, = 0x65, 0x64, 0x69, 0x61, + 0x74, 0x65, 0x20, 0x63, 0x65, 0x72, 0x74, 0x30, 0x82, 0x01, 0xa2, 0x30, = 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, = 0x01, 0x8f, 0x00, 0x30, + 0x82, 0x01, 0x8a, 0x02, 0x82, 0x01, 0x81, 0x00, 0xd1, 0xcf, 0x2d, 0x21, = 0x38, 0xe4, 0x81, 0xa6, + 0xf2, 0xe5, 0xca, 0xac, 0x09, 0x2b, 0x04, 0x2a, 0x52, 0x76, 0x2f, 0xa3, = 0x4b, 0x43, 0xc2, 0xd6, + 0xb5, 0x3e, 0x2b, 0x29, 0x6f, 0x1b, 0x7d, 0x36, 0x60, 0xcd, 0x71, 0xf4, = 0xcf, 0x8a, 0x24, 0xac, + 0x8f, 0x5f, 0x78, 0x70, 0xc9, 0x84, 0x48, 0xfb, 0x1d, 0xcb, 0xee, 0x34, = 0x3c, 0x4c, 0xe1, 0x1a, + 0x92, 0x54, 0x43, 0x45, 0xe0, 0xdd, 0x14, 0xd5, 0xac, 0x13, 0xae, 0xcc, = 0x45, 0xdc, 0x52, 0xdd, + 0x45, 0x22, 0x10, 0xab, 0xb2, 0x1b, 0x3e, 0xad, 0x36, 0x6f, 0x00, 0x59, = 0xb6, 0xfd, 0x27, 0xb8, + 0x57, 0xbb, 0x66, 0x72, 0x1e, 0x7b, 0xe8, 0xc7, 0xaf, 0x5e, 0x65, 0x5c, = 0x58, 0x3d, 0x9e, 0x78, + 0x26, 0xb7, 0x70, 0x9a, 0xe7, 0x3c, 0xfc, 0x90, 0x64, 0xb2, 0xb2, 0xb2, = 0x80, 0x22, 0xb3, 0x1c, + 0x23, 0x73, 0x6a, 0xe3, 0xcb, 0x5b, 0x4e, 0x29, 0x71, 0xdd, 0xfd, 0xd7, = 0x15, 0x3a, 0xd6, 0xa3, + 0xe0, 0x4a, 0x53, 0x65, 0xa6, 0xae, 0x6a, 0x83, 0xb0, 0x00, 0x3f, 0x64, = 0x4b, 0x01, 0xcd, 0x97, + 0xb1, 0xe1, 0x54, 0x1e, 0xa2, 0x33, 0x4e, 0xf0, 0x13, 0x33, 0x80, 0xe5, = 0x41, 0x9c, 0x5e, 0xb3, + 0x5d, 0xae, 0x53, 0x2c, 0x41, 0x51, 0xf2, 0x00, 0x3e, 0x03, 0xe2, 0x0d, = 0xa4, 0xf5, 0x24, 0x08, + 0x46, 0xc2, 0xed, 0x6b, 0xf2, 0xe0, 0x1b, 0x04, 0xb7, 0xe8, 0xda, 0x85, = 0xa4, 0x2f, 0x4b, 0x53, + 0xfa, 0x76, 0x72, 0x0a, 0x28, 0xbf, 0x3c, 0xa8, 0x85, 0x03, 0xee, 0x51, = 0xb5, 0x5c, 0xa9, 0xa5, + 0x70, 0x47, 0x07, 0x11, 0x32, 0xc5, 0x5f, 0x7a, 0x07, 0xfb, 0x5f, 0x4a, = 0x52, 0x65, 0x33, 0x0c, + 0x17, 0x8e, 0x74, 0xe5, 0xec, 0x7d, 0x52, 0xa0, 0xd4, 0xef, 0x64, 0xcc, = 0x5e, 0xe2, 0x3d, 0x46, + 0x1e, 0x73, 0xab, 0x43, 0x2d, 0x05, 0xfa, 0xa3, 0x6d, 0x86, 0x02, 0xe7, = 0xc8, 0x5f, 0x44, 0xfe, + 0xeb, 0x14, 0x73, 0x2d, 0xf4, 0x0b, 0x72, 0x49, 0xe3, 0xef, 0x55, 0x05, = 0x1b, 0x2f, 0xf9, 0x73, + 0xeb, 0xed, 0xcc, 0x5e, 0x52, 0x17, 0x43, 0x94, 0x85, 0xc7, 0x0e, 0x73, = 0x89, 0x22, 0xdc, 0x02, + 0x5f, 0x99, 0x69, 0x58, 0x16, 0x89, 0x1e, 0x6f, 0x75, 0xf8, 0xd3, 0xe7, = 0x0a, 0xb1, 0x01, 0x42, + 0x71, 0xa6, 0xc5, 0xb2, 0xd0, 0xc0, 0x75, 0x96, 0x2e, 0xc2, 0x32, 0x49, = 0x0a, 0xe8, 0x85, 0xbd, + 0x22, 0x4c, 0x95, 0xd4, 0xf8, 0x2d, 0x72, 0x05, 0x4f, 0x0e, 0x56, 0x9c, = 0xc3, 0x30, 0x3d, 0xfd, + 0x30, 0x63, 0x92, 0x72, 0x6b, 0xaf, 0x80, 0x9d, 0xd0, 0xc2, 0x36, 0xe7, = 0xc1, 0x37, 0xd0, 0x64, + 0x88, 0x64, 0x3c, 0x33, 0xdd, 0x87, 0xdd, 0xd9, 0xa2, 0x79, 0x44, 0xd8, = 0x25, 0x84, 0x0e, 0xfd, + 0x9d, 0xd6, 0xc1, 0x7a, 0x2d, 0x23, 0x08, 0x9d, 0x02, 0x03, 0x01, 0x00, = 0x01, 0xa3, 0x5e, 0x30, + 0x5c, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, = 0x01, 0x01, 0xff, 0x30, + 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0xfe, = 0x30, 0x1d, 0x06, 0x03, + 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x46, 0xcd, 0xb4, 0x52, 0x02, = 0x29, 0x26, 0xc7, 0x52, + 0x23, 0x81, 0x65, 0xcd, 0x87, 0x2f, 0x96, 0x1b, 0x01, 0x2c, 0xc5, 0x30, = 0x20, 0x06, 0x03, 0x55, + 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, = 0x06, 0x01, 0x05, 0x05, + 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, = 0x02, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, = 0x03, 0x82, 0x02, 0x01, + 0x00, 0x71, 0x14, 0xca, 0xfe, 0x03, 0x92, 0xc6, 0x88, 0x52, 0x76, 0x43, = 0xd9, 0x8a, 0xf7, 0x22, + 0x94, 0xef, 0x40, 0xa7, 0xc3, 0x7b, 0x6f, 0xb4, 0xd0, 0x42, 0xc3, 0x59, = 0x1f, 0x77, 0xef, 0xac, + 0x18, 0xce, 0x7c, 0xab, 0x48, 0x85, 0x22, 0xf1, 0x50, 0x2c, 0xe0, 0x63, = 0x4d, 0x9d, 0x0e, 0xed, + 0x38, 0xff, 0xd9, 0xed, 0x3c, 0x7e, 0x3e, 0x84, 0xb1, 0xa7, 0x78, 0x62, = 0x37, 0x39, 0x6d, 0xd5, + 0x5d, 0x46, 0x9a, 0x6f, 0x63, 0xc2, 0xa7, 0x90, 0xf9, 0x7a, 0xa7, 0x4b, = 0xa2, 0x8a, 0xa8, 0x50, + 0x13, 0x16, 0x9c, 0x4f, 0xcc, 0x28, 0x58, 0x6c, 0x9f, 0x65, 0x6e, 0xf0, = 0x9a, 0x92, 0x59, 0x94, + 0xa4, 0xb5, 0xfd, 0x8f, 0xf0, 0x7c, 0x1e, 0xba, 0xc3, 0x21, 0x13, 0xfb, = 0x33, 0xba, 0xad, 0x4b, + 0x1d, 0x42, 0x23, 0x16, 0x8b, 0x3e, 0xcd, 0xb5, 0x69, 0x9c, 0x7c, 0xa1, = 0x9b, 0x92, 0xc1, 0x2f, + 0x9c, 0x89, 0x3f, 0x28, 0x24, 0x67, 0x48, 0x47, 0xf0, 0xb1, 0xc0, 0xf0, = 0x4c, 0xbf, 0xf6, 0x64, + 0xde, 0x33, 0xc3, 0xd6, 0x5b, 0xe6, 0xc3, 0xdd, 0xa5, 0xba, 0x42, 0x02, = 0x0f, 0xbc, 0xbe, 0xde, + 0x14, 0x12, 0x7c, 0xfb, 0xe6, 0xbb, 0xdd, 0xf2, 0x6b, 0xd7, 0x75, 0xe6, = 0xf5, 0xda, 0xbe, 0xe9, + 0xbf, 0xa6, 0x87, 0x09, 0x41, 0x6c, 0x9d, 0x19, 0x9c, 0xb1, 0x7c, 0x89, = 0x9f, 0x32, 0xb3, 0x0a, + 0x59, 0x10, 0xc6, 0x8c, 0xa0, 0x5b, 0xda, 0xa6, 0xa3, 0xf8, 0x33, 0x77, = 0x7a, 0xf4, 0xb0, 0x8a, + 0xcf, 0xc8, 0x3f, 0x2e, 0xb8, 0xf1, 0x9e, 0x7b, 0x47, 0x2d, 0x85, 0x3b, = 0x58, 0xcd, 0x4b, 0xbc, + 0x87, 0xd2, 0xf3, 0xcd, 0x36, 0x80, 0x9b, 0x4a, 0x0f, 0x24, 0x30, 0x1d, = 0x3f, 0x6f, 0x56, 0xcf, + 0x6e, 0x2d, 0xcf, 0xa8, 0x17, 0xd5, 0x97, 0x0b, 0x22, 0xa6, 0x59, 0xef, = 0xef, 0xd4, 0x9a, 0x0e, + 0x6f, 0xb9, 0xf0, 0x48, 0x2a, 0x54, 0x22, 0x77, 0x27, 0x90, 0x84, 0x42, = 0x56, 0x85, 0x80, 0x78, + 0x4f, 0xd9, 0x14, 0x2a, 0xf0, 0x5d, 0x6b, 0x46, 0x60, 0x3d, 0xad, 0xa5, = 0xa2, 0xb9, 0x04, 0x23, + 0x92, 0x1b, 0x70, 0xa3, 0xdb, 0xaa, 0xf0, 0x5f, 0x1c, 0xd8, 0x26, 0xbb, = 0x51, 0x17, 0xfc, 0x93, + 0x6d, 0x70, 0x19, 0x54, 0xe2, 0x6f, 0x82, 0x8a, 0x49, 0xa6, 0x19, 0xcc, = 0x97, 0x53, 0x90, 0x27, + 0xd9, 0x8d, 0xaa, 0x8c, 0xc3, 0x2b, 0xbc, 0x0a, 0x72, 0x3a, 0x41, 0xb8, = 0xfa, 0x1e, 0xbb, 0x8b, + 0x27, 0x06, 0x75, 0x53, 0x91, 0xac, 0x8d, 0x75, 0xf2, 0xa6, 0xea, 0x85, = 0x7e, 0x34, 0x06, 0x9e, + 0xf9, 0xe9, 0x13, 0xa3, 0xfe, 0x2e, 0x38, 0x4b, 0x3f, 0x61, 0x11, 0x1f, = 0x6b, 0xd3, 0xfe, 0xc9, + 0x13, 0xbc, 0x12, 0xfe, 0xbc, 0xff, 0xaa, 0x38, 0x73, 0x8a, 0x73, 0x8c, = 0xcf, 0xcc, 0xd3, 0xe7, + 0xba, 0x98, 0xfd, 0xf4, 0xf5, 0xf6, 0xa9, 0xc8, 0x07, 0x5b, 0x16, 0xae, = 0x76, 0x86, 0x24, 0x25, + 0xcc, 0x7c, 0xdb, 0x1e, 0x7f, 0xc4, 0xe4, 0xd3, 0x89, 0x5a, 0x91, 0x6a, = 0x9c, 0x93, 0x03, 0xd2, + 0xd2, 0xc0, 0x29, 0x69, 0x58, 0x52, 0x6c, 0xca, 0x91, 0x7d, 0xd2, 0x3d, = 0xc7, 0x2f, 0x8a, 0x4e, + 0x55, 0x03, 0x34, 0x16, 0x01, 0x2f, 0x4f, 0x57, 0xea, 0x10, 0xa7, 0xfb, = 0xe3, 0x2e, 0x2c, 0x7f, + 0x5d, 0x27, 0x93, 0x74, 0x95, 0x25, 0x1a, 0x1e, 0x54, 0x1a, 0xb6, 0xe1, = 0xdc, 0xc8, 0xe4, 0x84, + 0xeb, 0x38, 0x0f, 0x05, 0x74, 0xf3, 0x3a, 0xf9, 0xd8, 0x00, 0x43, 0xe9, = 0x24, 0x1e, 0x45, 0xb4, + 0xe2, 0x38, 0x8b, 0x6a, 0x4f, 0xb6, 0x0b, 0x1d, 0xac, 0xbc, 0xec, 0xda, = 0x41, 0x9c, 0x7f, 0xa8, + 0x15, 0x09, 0x3b, 0x0b, 0x99, 0xc4, 0x48, 0xdd, 0xde, 0x0d, 0x65, 0x86, = 0x72, 0xaa, 0x0a, 0x4e, + 0x71, 0x30, 0x82, 0x03, 0xeb, 0x30, 0x82, 0x02, 0x53, 0xa0, 0x03, 0x02, = 0x01, 0x02, 0x02, 0x01, + 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, = 0x01, 0x0b, 0x05, 0x00, + 0x30, 0x2b, 0x31, 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, = 0x20, 0x69, 0x6e, 0x74, + 0x65, 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, = 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x63, 0x65, 0x72, = 0x74, 0x30, 0x1e, 0x17, + 0x0d, 0x32, 0x32, 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x31, 0x31, 0x30, = 0x36, 0x5a, 0x17, 0x0d, + 0x33, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x36, 0x31, 0x31, 0x30, 0x36, = 0x5a, 0x30, 0x28, 0x31, + 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1d, 0x69, 0x6e, = 0x74, 0x65, 0x6c, 0x20, + 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x72, 0x65, 0x71, = 0x75, 0x73, 0x65, 0x74, + 0x65, 0x72, 0x20, 0x63, 0x65, 0x72, 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, = 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, = 0x01, 0x0f, 0x00, 0x30, + 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x93, 0x47, 0xf3, 0x71, = 0x6b, 0x24, 0x1e, 0xc0, + 0xeb, 0x6b, 0x22, 0x23, 0xe7, 0xc8, 0x10, 0x9d, 0xb2, 0xef, 0x1e, 0x65, = 0xe9, 0xff, 0xd6, 0x37, + 0xee, 0xc5, 0x3f, 0x29, 0x25, 0x94, 0xb4, 0x30, 0x97, 0x51, 0xe3, 0x51, = 0xa4, 0x39, 0xd1, 0x27, + 0x32, 0x9e, 0x6b, 0x80, 0xc2, 0x29, 0xf2, 0x28, 0xd1, 0x49, 0xdc, 0x62, = 0x27, 0x5b, 0x3f, 0xce, + 0x83, 0xd7, 0x7b, 0x09, 0x37, 0x48, 0x16, 0x7f, 0x2e, 0x6e, 0xfa, 0x67, = 0xaa, 0x92, 0x17, 0xcb, + 0xff, 0x4b, 0xe3, 0x1b, 0xd1, 0xa6, 0xe3, 0x6c, 0x4d, 0x9f, 0x9e, 0xc7, = 0x01, 0xed, 0x9f, 0x14, + 0xb0, 0x34, 0x44, 0xa2, 0x88, 0x28, 0xf2, 0x3f, 0xad, 0xf2, 0xf7, 0x51, = 0x8c, 0xfe, 0x43, 0x73, + 0xfa, 0x8d, 0x2f, 0x63, 0x8c, 0x0e, 0xe5, 0x27, 0xdc, 0x12, 0x81, 0x26, = 0xea, 0x92, 0x67, 0x7d, + 0xc9, 0xfc, 0xec, 0x4c, 0xcc, 0x79, 0x4d, 0x2d, 0xfe, 0xf6, 0x63, 0xb7, = 0x63, 0xca, 0x70, 0x24, + 0xe0, 0x23, 0x53, 0x92, 0xe8, 0x56, 0xb7, 0x85, 0x6d, 0x25, 0x9e, 0xe0, = 0x24, 0xa8, 0x5c, 0xe0, + 0x0f, 0xc1, 0xb6, 0x20, 0x2f, 0x85, 0x2a, 0x67, 0xf6, 0x1b, 0x58, 0x60, = 0x5a, 0x14, 0xda, 0xc2, + 0x03, 0x10, 0x79, 0x33, 0x3c, 0x41, 0xc6, 0xbe, 0xd2, 0xee, 0x2f, 0x65, = 0xd5, 0xad, 0x9c, 0xc6, + 0x09, 0xae, 0x26, 0xf2, 0xac, 0xc2, 0x65, 0x12, 0x74, 0x09, 0xe8, 0x89, = 0x66, 0xf6, 0x95, 0xb8, + 0x6a, 0x5f, 0x96, 0xc2, 0x3c, 0x9f, 0x01, 0x52, 0xa8, 0xc8, 0x4e, 0xd8, = 0xba, 0x95, 0x38, 0x5b, + 0xf8, 0xc6, 0x43, 0x54, 0xac, 0x63, 0x90, 0xd4, 0xde, 0x11, 0x40, 0x27, = 0xe5, 0x12, 0x1d, 0x72, + 0xa2, 0xec, 0xad, 0x0a, 0x8b, 0x68, 0x21, 0x9d, 0xea, 0x16, 0x70, 0x5f, = 0x32, 0x3a, 0xed, 0x4f, + 0x0b, 0xb2, 0x44, 0x1f, 0x44, 0x9b, 0x4c, 0x03, 0x02, 0x03, 0x01, 0x00, = 0x01, 0xa3, 0x81, 0x9c, + 0x30, 0x81, 0x99, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, = 0xff, 0x04, 0x02, 0x30, + 0x00, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, = 0x05, 0xe0, 0x30, 0x1d, + 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x7c, 0x69, 0x5e, = 0x84, 0xbb, 0xc7, 0x6b, + 0xfc, 0x45, 0x70, 0xa4, 0x4b, 0x1e, 0x67, 0x70, 0x04, 0xa4, 0x37, 0xdd, = 0x72, 0x30, 0x31, 0x06, + 0x03, 0x55, 0x1d, 0x11, 0x04, 0x2a, 0x30, 0x28, 0xa0, 0x26, 0x06, 0x0a, = 0x2b, 0x06, 0x01, 0x04, + 0x01, 0x83, 0x1c, 0x82, 0x12, 0x01, 0xa0, 0x18, 0x0c, 0x16, 0x41, 0x43, = 0x4d, 0x45, 0x3a, 0x57, + 0x49, 0x44, 0x47, 0x45, 0x54, 0x3a, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, = 0x37, 0x38, 0x39, 0x30, + 0x30, 0x2a, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x20, = 0x30, 0x1e, 0x06, 0x08, + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, = 0x01, 0x05, 0x05, 0x07, + 0x03, 0x02, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, = 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, = 0x82, 0x01, 0x81, 0x00, + 0x8e, 0x19, 0x08, 0xec, 0x7a, 0xcc, 0x6d, 0x04, 0x5f, 0xb7, 0xf9, 0xd2, = 0xcd, 0x76, 0xee, 0x44, + 0x1b, 0x7c, 0x19, 0xcb, 0x18, 0xdd, 0x60, 0x50, 0x3a, 0x54, 0xb1, 0x75, = 0x17, 0xf6, 0xce, 0x19, + 0x15, 0x09, 0x9e, 0x5b, 0xfc, 0x5c, 0xb3, 0x20, 0x8d, 0xcb, 0x9d, 0xfc, = 0x23, 0x12, 0x68, 0x87, + 0x55, 0x0d, 0x3b, 0x5f, 0x9f, 0x4e, 0xb2, 0x17, 0x13, 0x0b, 0xc4, 0x6f, = 0xbe, 0x43, 0x75, 0xa6, + 0xb7, 0x3c, 0x0e, 0xe0, 0xdf, 0x84, 0xe5, 0x88, 0x46, 0x08, 0xc3, 0x36, = 0x1b, 0x31, 0x02, 0x92, + 0x7c, 0x53, 0xc4, 0x08, 0x63, 0x3e, 0x46, 0x75, 0xd7, 0x35, 0x9a, 0xd0, = 0x76, 0x71, 0xf9, 0x57, + 0x97, 0xc7, 0x3c, 0x3b, 0xce, 0x7a, 0x82, 0x95, 0x15, 0x8e, 0x20, 0xcc, = 0x7b, 0xa0, 0xc4, 0x68, + 0x21, 0x26, 0x9c, 0xfd, 0x29, 0x83, 0x41, 0x19, 0x98, 0xb6, 0x8a, 0x3a, = 0x06, 0x5f, 0x01, 0x1b, + 0x80, 0xac, 0x33, 0xd9, 0x0c, 0x9c, 0xea, 0x70, 0xd7, 0xf5, 0x1e, 0xb0, = 0x78, 0x24, 0xbc, 0x59, + 0xaf, 0x07, 0xc6, 0x16, 0x46, 0xdd, 0x9d, 0x00, 0x9a, 0xc8, 0x9a, 0x04, = 0x19, 0x4d, 0x62, 0xa9, + 0x4f, 0x7c, 0x05, 0x24, 0x93, 0xc6, 0x01, 0xc5, 0xb2, 0x89, 0xe8, 0x62, = 0x47, 0xbe, 0xa3, 0xd1, + 0x9c, 0x47, 0x31, 0x06, 0x16, 0x6b, 0x3b, 0xf8, 0xad, 0xb0, 0x4c, 0xfb, = 0x2b, 0x6b, 0x8e, 0x88, + 0x53, 0x70, 0x75, 0x40, 0x30, 0xaf, 0xfe, 0xc5, 0xf3, 0x0f, 0x86, 0x8f, = 0x58, 0x56, 0x67, 0xbd, + 0x15, 0x1f, 0x8a, 0x5c, 0xa3, 0x8a, 0x9a, 0x88, 0xe5, 0xf2, 0xd3, 0x7f, = 0xac, 0x56, 0x34, 0x21, + 0x24, 0xf7, 0xde, 0x9d, 0x97, 0x9b, 0xe6, 0x20, 0xd6, 0x3d, 0x48, 0x73, = 0x29, 0x23, 0xf9, 0x0f, + 0xab, 0x04, 0xe6, 0x1d, 0x70, 0xee, 0xcb, 0x5a, 0xe5, 0x8a, 0xf4, 0xbc, = 0x4b, 0xad, 0x18, 0xec, + 0x25, 0x8a, 0xb8, 0x91, 0xf9, 0x53, 0xf4, 0xe4, 0xce, 0xa7, 0x54, 0xf6, = 0x83, 0x66, 0x07, 0xc5, + 0x51, 0x48, 0x20, 0x54, 0x5b, 0x5d, 0xc1, 0x80, 0x04, 0x17, 0x89, 0x14, = 0x5a, 0x06, 0x34, 0x86, + 0xdb, 0x8b, 0xaf, 0x04, 0x24, 0xd9, 0xbd, 0xa8, 0x27, 0x09, 0x51, 0xfe, = 0x6e, 0x47, 0x3c, 0x29, + 0x0a, 0x64, 0x3e, 0x0f, 0x00, 0xf1, 0xd9, 0xdc, 0xe9, 0xd1, 0x3c, 0xcf, = 0xa4, 0xa9, 0x4f, 0x54, + 0x02, 0xcf, 0xa1, 0x40, 0x49, 0x61, 0x2a, 0x07, 0xa2, 0x44, 0x35, 0x20, = 0x20, 0x56, 0x1c, 0x27, + 0xa2, 0xff, 0x07, 0x3e, 0x8b, 0xfe, 0x60, 0x42, 0x75, 0x0c, 0xe3, 0x8f, = 0xee, 0x33, 0x8d, 0xfc, + 0x3b, 0x53, 0x36, 0x39, 0x10, 0x1a, 0xe3, 0xd2, 0x09, 0x7b, 0x00, 0xd0, = 0xbd, 0x39, 0xf4, 0xcc, + 0xe3, 0x42, 0xd4, 0xa5, 0x2d, 0x0b, 0x58, 0xdf, 0x24, 0x7f, 0x85, 0x0a, = 0xf2, 0x17, 0x76, 0xdd, +}; + +// +// dump of end_requester.key.der +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 mTestEndCert[] =3D { + 0x30, 0x82, 0x03, 0xeb, 0x30, 0x82, 0x02, 0x53, 0xa0, 0x03, 0x02, 0x01, = 0x02, 0x02, 0x01, 0x02, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, = 0x0b, 0x05, 0x00, 0x30, + 0x2b, 0x31, 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x20, = 0x69, 0x6e, 0x74, 0x65, + 0x6c, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x69, = 0x6e, 0x74, 0x65, 0x72, + 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x63, 0x65, 0x72, 0x74, = 0x30, 0x1e, 0x17, 0x0d, + 0x32, 0x32, 0x30, 0x31, 0x30, 0x35, 0x30, 0x36, 0x31, 0x31, 0x30, 0x36, = 0x5a, 0x17, 0x0d, 0x33, + 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x36, 0x31, 0x31, 0x30, 0x36, 0x5a, = 0x30, 0x28, 0x31, 0x26, + 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1d, 0x69, 0x6e, 0x74, = 0x65, 0x6c, 0x20, 0x74, + 0x65, 0x73, 0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x72, 0x65, 0x71, 0x75, = 0x73, 0x65, 0x74, 0x65, + 0x72, 0x20, 0x63, 0x65, 0x72, 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, = 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, = 0x0f, 0x00, 0x30, 0x82, + 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x93, 0x47, 0xf3, 0x71, 0x6b, = 0x24, 0x1e, 0xc0, 0xeb, + 0x6b, 0x22, 0x23, 0xe7, 0xc8, 0x10, 0x9d, 0xb2, 0xef, 0x1e, 0x65, 0xe9, = 0xff, 0xd6, 0x37, 0xee, + 0xc5, 0x3f, 0x29, 0x25, 0x94, 0xb4, 0x30, 0x97, 0x51, 0xe3, 0x51, 0xa4, = 0x39, 0xd1, 0x27, 0x32, + 0x9e, 0x6b, 0x80, 0xc2, 0x29, 0xf2, 0x28, 0xd1, 0x49, 0xdc, 0x62, 0x27, = 0x5b, 0x3f, 0xce, 0x83, + 0xd7, 0x7b, 0x09, 0x37, 0x48, 0x16, 0x7f, 0x2e, 0x6e, 0xfa, 0x67, 0xaa, = 0x92, 0x17, 0xcb, 0xff, + 0x4b, 0xe3, 0x1b, 0xd1, 0xa6, 0xe3, 0x6c, 0x4d, 0x9f, 0x9e, 0xc7, 0x01, = 0xed, 0x9f, 0x14, 0xb0, + 0x34, 0x44, 0xa2, 0x88, 0x28, 0xf2, 0x3f, 0xad, 0xf2, 0xf7, 0x51, 0x8c, = 0xfe, 0x43, 0x73, 0xfa, + 0x8d, 0x2f, 0x63, 0x8c, 0x0e, 0xe5, 0x27, 0xdc, 0x12, 0x81, 0x26, 0xea, = 0x92, 0x67, 0x7d, 0xc9, + 0xfc, 0xec, 0x4c, 0xcc, 0x79, 0x4d, 0x2d, 0xfe, 0xf6, 0x63, 0xb7, 0x63, = 0xca, 0x70, 0x24, 0xe0, + 0x23, 0x53, 0x92, 0xe8, 0x56, 0xb7, 0x85, 0x6d, 0x25, 0x9e, 0xe0, 0x24, = 0xa8, 0x5c, 0xe0, 0x0f, + 0xc1, 0xb6, 0x20, 0x2f, 0x85, 0x2a, 0x67, 0xf6, 0x1b, 0x58, 0x60, 0x5a, = 0x14, 0xda, 0xc2, 0x03, + 0x10, 0x79, 0x33, 0x3c, 0x41, 0xc6, 0xbe, 0xd2, 0xee, 0x2f, 0x65, 0xd5, = 0xad, 0x9c, 0xc6, 0x09, + 0xae, 0x26, 0xf2, 0xac, 0xc2, 0x65, 0x12, 0x74, 0x09, 0xe8, 0x89, 0x66, = 0xf6, 0x95, 0xb8, 0x6a, + 0x5f, 0x96, 0xc2, 0x3c, 0x9f, 0x01, 0x52, 0xa8, 0xc8, 0x4e, 0xd8, 0xba, = 0x95, 0x38, 0x5b, 0xf8, + 0xc6, 0x43, 0x54, 0xac, 0x63, 0x90, 0xd4, 0xde, 0x11, 0x40, 0x27, 0xe5, = 0x12, 0x1d, 0x72, 0xa2, + 0xec, 0xad, 0x0a, 0x8b, 0x68, 0x21, 0x9d, 0xea, 0x16, 0x70, 0x5f, 0x32, = 0x3a, 0xed, 0x4f, 0x0b, + 0xb2, 0x44, 0x1f, 0x44, 0x9b, 0x4c, 0x03, 0x02, 0x03, 0x01, 0x00, 0x01, = 0xa3, 0x81, 0x9c, 0x30, + 0x81, 0x99, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, = 0x04, 0x02, 0x30, 0x00, + 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x05, = 0xe0, 0x30, 0x1d, 0x06, + 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x7c, 0x69, 0x5e, 0x84, = 0xbb, 0xc7, 0x6b, 0xfc, + 0x45, 0x70, 0xa4, 0x4b, 0x1e, 0x67, 0x70, 0x04, 0xa4, 0x37, 0xdd, 0x72, = 0x30, 0x31, 0x06, 0x03, + 0x55, 0x1d, 0x11, 0x04, 0x2a, 0x30, 0x28, 0xa0, 0x26, 0x06, 0x0a, 0x2b, = 0x06, 0x01, 0x04, 0x01, + 0x83, 0x1c, 0x82, 0x12, 0x01, 0xa0, 0x18, 0x0c, 0x16, 0x41, 0x43, 0x4d, = 0x45, 0x3a, 0x57, 0x49, + 0x44, 0x47, 0x45, 0x54, 0x3a, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, = 0x38, 0x39, 0x30, 0x30, + 0x2a, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x20, 0x30, = 0x1e, 0x06, 0x08, 0x2b, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, = 0x05, 0x05, 0x07, 0x03, + 0x02, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, 0x30, = 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, = 0x01, 0x81, 0x00, 0x8e, + 0x19, 0x08, 0xec, 0x7a, 0xcc, 0x6d, 0x04, 0x5f, 0xb7, 0xf9, 0xd2, 0xcd, = 0x76, 0xee, 0x44, 0x1b, + 0x7c, 0x19, 0xcb, 0x18, 0xdd, 0x60, 0x50, 0x3a, 0x54, 0xb1, 0x75, 0x17, = 0xf6, 0xce, 0x19, 0x15, + 0x09, 0x9e, 0x5b, 0xfc, 0x5c, 0xb3, 0x20, 0x8d, 0xcb, 0x9d, 0xfc, 0x23, = 0x12, 0x68, 0x87, 0x55, + 0x0d, 0x3b, 0x5f, 0x9f, 0x4e, 0xb2, 0x17, 0x13, 0x0b, 0xc4, 0x6f, 0xbe, = 0x43, 0x75, 0xa6, 0xb7, + 0x3c, 0x0e, 0xe0, 0xdf, 0x84, 0xe5, 0x88, 0x46, 0x08, 0xc3, 0x36, 0x1b, = 0x31, 0x02, 0x92, 0x7c, + 0x53, 0xc4, 0x08, 0x63, 0x3e, 0x46, 0x75, 0xd7, 0x35, 0x9a, 0xd0, 0x76, = 0x71, 0xf9, 0x57, 0x97, + 0xc7, 0x3c, 0x3b, 0xce, 0x7a, 0x82, 0x95, 0x15, 0x8e, 0x20, 0xcc, 0x7b, = 0xa0, 0xc4, 0x68, 0x21, + 0x26, 0x9c, 0xfd, 0x29, 0x83, 0x41, 0x19, 0x98, 0xb6, 0x8a, 0x3a, 0x06, = 0x5f, 0x01, 0x1b, 0x80, + 0xac, 0x33, 0xd9, 0x0c, 0x9c, 0xea, 0x70, 0xd7, 0xf5, 0x1e, 0xb0, 0x78, = 0x24, 0xbc, 0x59, 0xaf, + 0x07, 0xc6, 0x16, 0x46, 0xdd, 0x9d, 0x00, 0x9a, 0xc8, 0x9a, 0x04, 0x19, = 0x4d, 0x62, 0xa9, 0x4f, + 0x7c, 0x05, 0x24, 0x93, 0xc6, 0x01, 0xc5, 0xb2, 0x89, 0xe8, 0x62, 0x47, = 0xbe, 0xa3, 0xd1, 0x9c, + 0x47, 0x31, 0x06, 0x16, 0x6b, 0x3b, 0xf8, 0xad, 0xb0, 0x4c, 0xfb, 0x2b, = 0x6b, 0x8e, 0x88, 0x53, + 0x70, 0x75, 0x40, 0x30, 0xaf, 0xfe, 0xc5, 0xf3, 0x0f, 0x86, 0x8f, 0x58, = 0x56, 0x67, 0xbd, 0x15, + 0x1f, 0x8a, 0x5c, 0xa3, 0x8a, 0x9a, 0x88, 0xe5, 0xf2, 0xd3, 0x7f, 0xac, = 0x56, 0x34, 0x21, 0x24, + 0xf7, 0xde, 0x9d, 0x97, 0x9b, 0xe6, 0x20, 0xd6, 0x3d, 0x48, 0x73, 0x29, = 0x23, 0xf9, 0x0f, 0xab, + 0x04, 0xe6, 0x1d, 0x70, 0xee, 0xcb, 0x5a, 0xe5, 0x8a, 0xf4, 0xbc, 0x4b, = 0xad, 0x18, 0xec, 0x25, + 0x8a, 0xb8, 0x91, 0xf9, 0x53, 0xf4, 0xe4, 0xce, 0xa7, 0x54, 0xf6, 0x83, = 0x66, 0x07, 0xc5, 0x51, + 0x48, 0x20, 0x54, 0x5b, 0x5d, 0xc1, 0x80, 0x04, 0x17, 0x89, 0x14, 0x5a, = 0x06, 0x34, 0x86, 0xdb, + 0x8b, 0xaf, 0x04, 0x24, 0xd9, 0xbd, 0xa8, 0x27, 0x09, 0x51, 0xfe, 0x6e, = 0x47, 0x3c, 0x29, 0x0a, + 0x64, 0x3e, 0x0f, 0x00, 0xf1, 0xd9, 0xdc, 0xe9, 0xd1, 0x3c, 0xcf, 0xa4, = 0xa9, 0x4f, 0x54, 0x02, + 0xcf, 0xa1, 0x40, 0x49, 0x61, 0x2a, 0x07, 0xa2, 0x44, 0x35, 0x20, 0x20, = 0x56, 0x1c, 0x27, 0xa2, + 0xff, 0x07, 0x3e, 0x8b, 0xfe, 0x60, 0x42, 0x75, 0x0c, 0xe3, 0x8f, 0xee, = 0x33, 0x8d, 0xfc, 0x3b, + 0x53, 0x36, 0x39, 0x10, 0x1a, 0xe3, 0xd2, 0x09, 0x7b, 0x00, 0xd0, 0xbd, = 0x39, 0xf4, 0xcc, 0xe3, + 0x42, 0xd4, 0xa5, 0x2d, 0x0b, 0x58, 0xdf, 0x24, 0x7f, 0x85, 0x0a, 0xf2, = 0x17, 0x76, 0xdd, +}; + +UNIT_TEST_STATUS +EFIAPI +TestVerifyX509 ( + IN UNIT_TEST_CONTEXT Context + ) +{ + BOOLEAN Status; + CONST UINT8 *LeafCert; + UINTN LeafCertLen; + UINTN CertVersion; + UINT8 Asn1Buffer[1024]; + UINTN Asn1BufferLen; + UINTN SubjectSize; + UINT8 *Subject; + UINT8 EndEertFrom[64]; + UINTN EndEertFromLen; + UINT8 EndEertTo[64]; + UINTN EndEertToLen; + UINT8 DateTime1[64]; + UINT8 DateTime2[64]; + + // + // X509 Certificate Verification. + // + Status =3D X509VerifyCert (mTestCert, sizeof (mTestCert), mTestCaCert, s= izeof (mTestCaCert)); + UT_ASSERT_TRUE (Status); + + // + // X509 Certificate Chain Verification. + // + Status =3D X509VerifyCertChain (mTestCaCert, sizeof (mTestCaCert), mTest= BundleCert, sizeof (mTestBundleCert)); + UT_ASSERT_TRUE (Status); + + // + // X509 Get leaf certificate from cert_chain Verificate. + // + Status =3D X509GetCertFromCertChain (mTestBundleCert, sizeof (mTestBundl= eCert), -1, &LeafCert, &LeafCertLen); + UT_ASSERT_TRUE (Status); + + UT_ASSERT_EQUAL (LeafCertLen, sizeof (mTestEndCert)); + UT_ASSERT_MEM_EQUAL (LeafCert, mTestEndCert, LeafCertLen); + + // + // X509 Get leaf certificate from cert_chain Verificate. + // + Status =3D X509GetCertFromCertChain (mTestBundleCert, sizeof (mTestBundl= eCert), 2, &LeafCert, &LeafCertLen); + UT_ASSERT_TRUE (Status); + + UT_ASSERT_EQUAL (LeafCertLen, sizeof (mTestEndCert)); + UT_ASSERT_MEM_EQUAL (LeafCert, mTestEndCert, LeafCertLen); + + // + // X509 Get root certificate from cert_chain Verificate. + // + Status =3D X509GetCertFromCertChain (mTestBundleCert, sizeof (mTestBundl= eCert), 0, &LeafCert, &LeafCertLen); + UT_ASSERT_TRUE (Status); + + UT_ASSERT_EQUAL (LeafCertLen, sizeof (mTestCaCert)); + UT_ASSERT_MEM_EQUAL (LeafCert, mTestCaCert, LeafCertLen); + + // + // Get version from X509 Certificate. + // + CertVersion =3D 0; + Status =3D X509GetVersion (mTestCert, sizeof (mTestCert), &CertVers= ion); + UT_ASSERT_TRUE (Status); + + // + // Get Serial from X509 Certificate. + // + Asn1BufferLen =3D 1024; + ZeroMem (Asn1Buffer, Asn1BufferLen); + Status =3D X509GetSerialNumber (mTestCert, sizeof (mTestCert), Asn1Buffe= r, &Asn1BufferLen); + UT_ASSERT_TRUE (Status); + + // + // X509 Certificate subject Retrieving. + // + SubjectSize =3D 0; + Status =3D X509GetIssuerName (mTestCert, sizeof (mTestCert), NULL, = &SubjectSize); + UT_ASSERT_TRUE (!Status); + Subject =3D AllocatePool (SubjectSize); + Status =3D X509GetIssuerName (mTestCert, sizeof (mTestCert), Subject, &= SubjectSize); + UT_ASSERT_TRUE (Status); + FreePool (Subject); + + // + // Get X509GetSubjectAltName. + // + Asn1BufferLen =3D 1024; + ZeroMem (Asn1Buffer, Asn1BufferLen); + Status =3D X509GetExtensionData (mTestEndCert, sizeof (mTestEndCert), mO= idSubjectAltName, sizeof (mOidSubjectAltName), Asn1Buffer, &Asn1BufferLen); + UT_ASSERT_TRUE (Status); + + // + // Get X509 Validity. + // + EndEertFromLen =3D 64; + EndEertToLen =3D 64; + Status =3D X509GetValidity ( + mTestEndCert, + sizeof (mTestEndCert), + EndEertFrom, + &EndEertFromLen, + EndEertTo, + &EndEertToLen + ); + UT_ASSERT_TRUE (Status); + + Asn1BufferLen =3D 64; + Status =3D X509FormatDateTime ( + "19700101000000Z", + DateTime1, + &Asn1BufferLen + ); + UT_ASSERT_TRUE (Status && (Asn1BufferLen !=3D 0)); + + Asn1BufferLen =3D 64; + Status =3D X509FormatDateTime ( + "19700201000000Z", + DateTime2, + &Asn1BufferLen + ); + UT_ASSERT_TRUE (Status && (Asn1BufferLen !=3D 0)); + + UT_ASSERT_TRUE (X509CompareDateTime (DateTime1, DateTime2) < 0); + + return UNIT_TEST_PASSED; +} + +TEST_DESC mX509Test[] =3D { + // + // -----Description--------------------------------------Class----------= ------------Function---------------------------------Pre-------------------= --Post---------Context + // + { "TestVerifyX509()", "CryptoPkg.BaseCryptLib.Hkdf", TestVerifyX509, NUL= L, NULL, NULL }, +}; + +UINTN mX509TestNum =3D ARRAY_SIZE (mX509Test); --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94935): https://edk2.groups.io/g/devel/message/94935 Mute This Topic: https://groups.io/mt/94234107/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-