TianoCore EDK2 master
Loading...
Searching...
No Matches
Macros | Functions
CryptX509.c File Reference
#include "InternalCryptLib.h"
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <crypto/asn1.h>
#include <openssl/asn1.h>
#include <openssl/rsa.h>

Go to the source code of this file.

Macros

#define OID_EXT_KEY_USAGE   { 0x55, 0x1D, 0x25 }
 
#define OID_BASIC_CONSTRAINTS   { 0x55, 0x1D, 0x13 }
 
#define CRYPTO_ASN1_TAG_CLASS_MASK   0xC0
 
#define CRYPTO_ASN1_TAG_PC_MASK   0x20
 
#define CRYPTO_ASN1_TAG_VALUE_MASK   0x1F
 

Functions

BOOLEAN EFIAPI X509ConstructCertificate (IN CONST UINT8 *Cert, IN UINTN CertSize, OUT UINT8 **SingleX509Cert)
 
BOOLEAN EFIAPI X509ConstructCertificateStackV (IN OUT UINT8 **X509Stack, IN VA_LIST Args)
 
BOOLEAN EFIAPI X509ConstructCertificateStack (IN OUT UINT8 **X509Stack,...)
 
VOID EFIAPI X509Free (IN VOID *X509Cert)
 
VOID EFIAPI X509StackFree (IN VOID *X509Stack)
 
BOOLEAN EFIAPI X509GetSubjectName (IN CONST UINT8 *Cert, IN UINTN CertSize, OUT UINT8 *CertSubject, IN OUT UINTN *SubjectSize)
 
STATIC RETURN_STATUS InternalX509GetNIDName (IN CONST UINT8 *Cert, IN UINTN CertSize, IN INT32 Request_NID, OUT CHAR8 *CommonName OPTIONAL, IN OUT UINTN *CommonNameSize)
 
RETURN_STATUS EFIAPI X509GetCommonName (IN CONST UINT8 *Cert, IN UINTN CertSize, OUT CHAR8 *CommonName OPTIONAL, IN OUT UINTN *CommonNameSize)
 
RETURN_STATUS EFIAPI X509GetOrganizationName (IN CONST UINT8 *Cert, IN UINTN CertSize, OUT CHAR8 *NameBuffer OPTIONAL, IN OUT UINTN *NameBufferSize)
 
BOOLEAN EFIAPI RsaGetPublicKeyFromX509 (IN CONST UINT8 *Cert, IN UINTN CertSize, OUT VOID **RsaContext)
 
BOOLEAN EFIAPI X509VerifyCert (IN CONST UINT8 *Cert, IN UINTN CertSize, IN CONST UINT8 *CACert, IN UINTN CACertSize)
 
BOOLEAN EFIAPI X509GetTBSCert (IN CONST UINT8 *Cert, IN UINTN CertSize, OUT UINT8 **TBSCert, OUT UINTN *TBSCertSize)
 
BOOLEAN EFIAPI EcGetPublicKeyFromX509 (IN CONST UINT8 *Cert, IN UINTN CertSize, OUT VOID **EcContext)
 
BOOLEAN EFIAPI X509GetVersion (IN CONST UINT8 *Cert, IN UINTN CertSize, OUT UINTN *Version)
 
BOOLEAN EFIAPI X509GetSerialNumber (IN CONST UINT8 *Cert, IN UINTN CertSize, OUT UINT8 *SerialNumber, OPTIONAL IN OUT UINTN *SerialNumberSize)
 
BOOLEAN EFIAPI X509GetIssuerName (IN CONST UINT8 *Cert, IN UINTN CertSize, OUT UINT8 *CertIssuer, IN OUT UINTN *CertIssuerSize)
 
BOOLEAN EFIAPI X509GetSignatureAlgorithm (IN CONST UINT8 *Cert, IN UINTN CertSize, OUT UINT8 *Oid, OPTIONAL IN OUT UINTN *OidSize)
 
BOOLEAN EFIAPI X509GetExtensionData (IN CONST UINT8 *Cert, IN UINTN CertSize, IN CONST UINT8 *Oid, IN UINTN OidSize, OUT UINT8 *ExtensionData, IN OUT UINTN *ExtensionDataSize)
 
BOOLEAN EFIAPI X509GetExtendedKeyUsage (IN CONST UINT8 *Cert, IN UINTN CertSize, OUT UINT8 *Usage, IN OUT UINTN *UsageSize)
 
BOOLEAN EFIAPI X509GetValidity (IN CONST UINT8 *Cert, IN UINTN CertSize, IN UINT8 *From, IN OUT UINTN *FromSize, IN UINT8 *To, IN OUT UINTN *ToSize)
 
BOOLEAN EFIAPI X509FormatDateTime (IN CONST CHAR8 *DateTimeStr, OUT VOID *DateTime, IN OUT UINTN *DateTimeSize)
 
INT32 EFIAPI X509CompareDateTime (IN CONST VOID *DateTime1, IN CONST VOID *DateTime2)
 
BOOLEAN EFIAPI X509GetKeyUsage (IN CONST UINT8 *Cert, IN UINTN CertSize, OUT UINTN *Usage)
 
BOOLEAN EFIAPI X509VerifyCertChain (IN CONST UINT8 *RootCert, IN UINTN RootCertLength, IN CONST UINT8 *CertChain, IN UINTN CertChainLength)
 
BOOLEAN EFIAPI X509GetCertFromCertChain (IN CONST UINT8 *CertChain, IN UINTN CertChainLength, IN CONST INT32 CertIndex, OUT CONST UINT8 **Cert, OUT UINTN *CertLength)
 
BOOLEAN EFIAPI Asn1GetTag (IN OUT UINT8 **Ptr, IN CONST UINT8 *End, OUT UINTN *Length, IN UINT32 Tag)
 
BOOLEAN EFIAPI X509GetExtendedBasicConstraints (CONST UINT8 *Cert, UINTN CertSize, UINT8 *BasicConstraints, UINTN *BasicConstraintsSize)
 

Detailed Description

X.509 Certificate Handler Wrapper Implementation over OpenSSL.

Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent

Definition in file CryptX509.c.

Macro Definition Documentation

◆ CRYPTO_ASN1_TAG_CLASS_MASK

#define CRYPTO_ASN1_TAG_CLASS_MASK   0xC0

Definition at line 23 of file CryptX509.c.

◆ CRYPTO_ASN1_TAG_PC_MASK

#define CRYPTO_ASN1_TAG_PC_MASK   0x20

Definition at line 24 of file CryptX509.c.

◆ CRYPTO_ASN1_TAG_VALUE_MASK

#define CRYPTO_ASN1_TAG_VALUE_MASK   0x1F

Definition at line 25 of file CryptX509.c.

◆ OID_BASIC_CONSTRAINTS

#define OID_BASIC_CONSTRAINTS   { 0x55, 0x1D, 0x13 }

Definition at line 18 of file CryptX509.c.

◆ OID_EXT_KEY_USAGE

#define OID_EXT_KEY_USAGE   { 0x55, 0x1D, 0x25 }

Definition at line 17 of file CryptX509.c.

Function Documentation

◆ Asn1GetTag()

BOOLEAN EFIAPI Asn1GetTag ( IN OUT UINT8 **  Ptr,
IN CONST UINT8 *  End,
OUT UINTN Length,
IN UINT32  Tag 
)

Retrieve the tag and length of the tag.

Parameters
PtrThe position in the ASN.1 data
EndEnd of data
LengthThe variable that will receive the length
TagThe expected tag
Return values
TRUEGet tag successful
FALSeFailed to get tag or tag not match

Definition at line 1884 of file CryptX509.c.

◆ EcGetPublicKeyFromX509()

BOOLEAN EFIAPI EcGetPublicKeyFromX509 ( IN CONST UINT8 *  Cert,
IN UINTN  CertSize,
OUT VOID **  EcContext 
)

Retrieve the EC Public Key from one DER-encoded X509 certificate.

Parameters
[in]CertPointer to the DER-encoded X509 certificate.
[in]CertSizeSize of the X509 certificate in bytes.
[out]EcContextPointer to new-generated EC DSA context which contain the retrieved EC public key component. Use EcFree() function to free the resource.

If Cert is NULL, then return FALSE. If EcContext is NULL, then return FALSE.

Return values
TRUEEC Public Key was retrieved successfully.
FALSEFail to retrieve EC public key from X509 certificate.

Definition at line 878 of file CryptX509.c.

◆ InternalX509GetNIDName()

STATIC RETURN_STATUS InternalX509GetNIDName ( IN CONST UINT8 *  Cert,
IN UINTN  CertSize,
IN INT32  Request_NID,
OUT CHAR8 *CommonName  OPTIONAL,
IN OUT UINTN CommonNameSize 
)

Retrieve a string from one X.509 certificate base on the Request_NID.

Parameters
[in]CertPointer to the DER-encoded X509 certificate.
[in]CertSizeSize of the X509 certificate in bytes.
[in]Request_NIDNID of string to obtain
[out]CommonNameBuffer to contain the retrieved certificate common name string (UTF8). At most CommonNameSize bytes will be written and the string will be null terminated. May be NULL in order to determine the size buffer needed.
[in,out]CommonNameSizeThe size in bytes of the CommonName buffer on input, and the size of buffer returned CommonName on output. If CommonName is NULL then the amount of space needed in buffer (including the final null) is returned.
Return values
RETURN_SUCCESSThe certificate CommonName retrieved successfully.
RETURN_INVALID_PARAMETERIf Cert is NULL. If CommonNameSize is NULL. If CommonName is not NULL and *CommonNameSize is 0. If Certificate is invalid.
RETURN_NOT_FOUNDIf no NID Name entry exists.
RETURN_BUFFER_TOO_SMALLIf the CommonName is NULL. The required buffer size (including the final null) is returned in the CommonNameSize parameter.
RETURN_UNSUPPORTEDThe operation is not supported.

Definition at line 369 of file CryptX509.c.

◆ RsaGetPublicKeyFromX509()

BOOLEAN EFIAPI RsaGetPublicKeyFromX509 ( IN CONST UINT8 *  Cert,
IN UINTN  CertSize,
OUT VOID **  RsaContext 
)

Retrieve the RSA Public Key from one DER-encoded X509 certificate.

Parameters
[in]CertPointer to the DER-encoded X509 certificate.
[in]CertSizeSize of the X509 certificate in bytes.
[out]RsaContextPointer to new-generated RSA context which contain the retrieved RSA public key component. Use RsaFree() function to free the resource.

If Cert is NULL, then return FALSE. If RsaContext is NULL, then return FALSE.

Return values
TRUERSA Public Key was retrieved successfully.
FALSEFail to retrieve RSA public key from X509 certificate.

Definition at line 580 of file CryptX509.c.

◆ X509CompareDateTime()

INT32 EFIAPI X509CompareDateTime ( IN CONST VOID *  DateTime1,
IN CONST VOID *  DateTime2 
)

Compare DateTime1 object and DateTime2 object.

If DateTime1 is NULL, then return -2. If DateTime2 is NULL, then return -2. If DateTime1 == DateTime2, then return 0 If DateTime1 > DateTime2, then return 1 If DateTime1 < DateTime2, then return -1

Parameters
[in]DateTime1Pointer to a DateTime Ojbect
[in]DateTime2Pointer to a DateTime Object
Return values
0If DateTime1 == DateTime2
1If DateTime1 > DateTime2
-1If DateTime1 < DateTime2

Definition at line 1618 of file CryptX509.c.

◆ X509ConstructCertificate()

BOOLEAN EFIAPI X509ConstructCertificate ( IN CONST UINT8 *  Cert,
IN UINTN  CertSize,
OUT UINT8 **  SingleX509Cert 
)

Construct a X509 object from DER-encoded certificate data.

If Cert is NULL, then return FALSE. If SingleX509Cert is NULL, then return FALSE.

Parameters
[in]CertPointer to the DER-encoded certificate data.
[in]CertSizeThe size of certificate data in bytes.
[out]SingleX509CertThe generated X509 object.
Return values
TRUEThe X509 object generation succeeded.
FALSEThe operation failed.

Definition at line 43 of file CryptX509.c.

◆ X509ConstructCertificateStack()

BOOLEAN EFIAPI X509ConstructCertificateStack ( IN OUT UINT8 **  X509Stack,
  ... 
)

Construct a X509 stack object from a list of DER-encoded certificate data.

If X509Stack is NULL, then return FALSE.

Parameters
[in,out]X509StackOn input, pointer to an existing or NULL X509 stack object. On output, pointer to the X509 stack object with new inserted X509 certificate.
...A list of DER-encoded single certificate data followed by certificate size. A NULL terminates the list. The pairs are the arguments to X509ConstructCertificate().
Return values
TRUEThe X509 stack construction succeeded.
FALSEThe construction operation failed.

Definition at line 190 of file CryptX509.c.

◆ X509ConstructCertificateStackV()

BOOLEAN EFIAPI X509ConstructCertificateStackV ( IN OUT UINT8 **  X509Stack,
IN VA_LIST  Args 
)

Construct a X509 stack object from a list of DER-encoded certificate data.

If X509Stack is NULL, then return FALSE. If this interface is not supported, then return FALSE.

Parameters
[in,out]X509StackOn input, pointer to an existing or NULL X509 stack object. On output, pointer to the X509 stack object with new inserted X509 certificate.
[in]ArgsVA_LIST marker for the variable argument list. A list of DER-encoded single certificate data followed by certificate size. A NULL terminates the list. The pairs are the arguments to X509ConstructCertificate().
Return values
TRUEThe X509 stack construction succeeded.
FALSEThe construction operation failed.
FALSEThis interface is not supported.

Definition at line 94 of file CryptX509.c.

◆ X509FormatDateTime()

BOOLEAN EFIAPI X509FormatDateTime ( IN CONST CHAR8 *  DateTimeStr,
OUT VOID *  DateTime,
IN OUT UINTN DateTimeSize 
)

Format a DateTimeStr to DataTime object in DataTime Buffer

If DateTimeStr is NULL, then return FALSE. If DateTimeSize is NULL, then return FALSE. If this interface is not supported, then return FALSE.

Parameters
[in]DateTimeStrDateTime string like YYYYMMDDhhmmssZ Ref: https://www.w3.org/TR/NOTE-datetime Z stand for UTC time
[out]DateTimePointer to a DateTime object.
[in,out]DateTimeSizeDateTime object buffer size.
Return values
TRUEThe DateTime object create successfully.
FALSEIf DateTimeStr is NULL. If DateTimeSize is NULL. If DateTime is not NULL and *DateTimeSize is 0. If Year Month Day Hour Minute Second combination is invalid datetime.
FALSEIf the DateTime is NULL. The required buffer size (including the final null) is returned in the DateTimeSize parameter.
FALSEThe operation is not supported.

Definition at line 1550 of file CryptX509.c.

◆ X509Free()

VOID EFIAPI X509Free ( IN VOID *  X509Cert)

Release the specified X509 object.

If X509Cert is NULL, then return FALSE.

Parameters
[in]X509CertPointer to the X509 object to be released.

Definition at line 214 of file CryptX509.c.

◆ X509GetCertFromCertChain()

BOOLEAN EFIAPI X509GetCertFromCertChain ( IN CONST UINT8 *  CertChain,
IN UINTN  CertChainLength,
IN CONST INT32  CertIndex,
OUT CONST UINT8 **  Cert,
OUT UINTN CertLength 
)

Get one X509 certificate from CertChain.

Parameters
[in]CertChainOne or more ASN.1 DER-encoded X.509 certificates where the first certificate is signed by the Root Certificate or is the Root Certificate itself. and subsequent certificate is signed by the preceding certificate.
[in]CertChainLengthTotal length of the certificate chain, in bytes.
[in]CertIndexIndex of certificate.
[out]CertThe certificate at the index of CertChain.
[out]CertLengthThe length certificate at the index of CertChain.
Return values
TRUESuccess.
FALSEFailed to get certificate from certificate chain.

Definition at line 1792 of file CryptX509.c.

◆ X509GetCommonName()

RETURN_STATUS EFIAPI X509GetCommonName ( IN CONST UINT8 *  Cert,
IN UINTN  CertSize,
OUT CHAR8 *CommonName  OPTIONAL,
IN OUT UINTN CommonNameSize 
)

Retrieve the common name (CN) string from one X.509 certificate.

Parameters
[in]CertPointer to the DER-encoded X509 certificate.
[in]CertSizeSize of the X509 certificate in bytes.
[out]CommonNameBuffer to contain the retrieved certificate common name string. At most CommonNameSize bytes will be written and the string will be null terminated. May be NULL in order to determine the size buffer needed.
[in,out]CommonNameSizeThe size in bytes of the CommonName buffer on input, and the size of buffer returned CommonName on output. If CommonName is NULL then the amount of space needed in buffer (including the final null) is returned.
Return values
RETURN_SUCCESSThe certificate CommonName retrieved successfully.
RETURN_INVALID_PARAMETERIf Cert is NULL. If CommonNameSize is NULL. If CommonName is not NULL and *CommonNameSize is 0. If Certificate is invalid.
RETURN_NOT_FOUNDIf no CommonName entry exists.
RETURN_BUFFER_TOO_SMALLIf the CommonName is NULL. The required buffer size (including the final null) is returned in the CommonNameSize parameter.
RETURN_UNSUPPORTEDThe operation is not supported.

Definition at line 514 of file CryptX509.c.

◆ X509GetExtendedBasicConstraints()

BOOLEAN EFIAPI X509GetExtendedBasicConstraints ( CONST UINT8 *  Cert,
UINTN  CertSize,
UINT8 *  BasicConstraints,
UINTN BasicConstraintsSize 
)

Retrieve the basic constraints from one X.509 certificate.

Parameters
[in]CertPointer to the DER-encoded X509 certificate.
[in]CertSizesize of the X509 certificate in bytes.
[out]BasicConstraintsbasic constraints bytes.
[in,out]BasicConstraintsSizebasic constraints buffer size in bytes.
Return values
TRUEThe basic constraints retrieve successfully.
FALSEIf cert is NULL. If cert_size is NULL. If basic_constraints is not NULL and *basic_constraints_size is 0. If cert is invalid.
FALSEThe required buffer size is small. The return buffer size is basic_constraints_size parameter.
FALSEIf no Extension entry match oid.
FALSEThe operation is not supported.

Definition at line 1938 of file CryptX509.c.

◆ X509GetExtendedKeyUsage()

BOOLEAN EFIAPI X509GetExtendedKeyUsage ( IN CONST UINT8 *  Cert,
IN UINTN  CertSize,
OUT UINT8 *  Usage,
IN OUT UINTN UsageSize 
)

Retrieve the Extended Key Usage from one X.509 certificate.

Parameters
[in]CertPointer to the DER-encoded X509 certificate.
[in]CertSizeSize of the X509 certificate in bytes.
[out]UsageKey Usage bytes.
[in,out]UsageSizeKey Usage buffer size in bytes.
Return values
TRUEThe Usage bytes retrieve successfully.
FALSEIf Cert is NULL. If CertSize is NULL. If Usage is not NULL and *UsageSize is 0. If Cert is invalid.
FALSEIf the Usage is NULL. The required buffer size is returned in the UsageSize parameter.
FALSEThe operation is not supported.

Definition at line 1406 of file CryptX509.c.

◆ X509GetExtensionData()

BOOLEAN EFIAPI X509GetExtensionData ( IN CONST UINT8 *  Cert,
IN UINTN  CertSize,
IN CONST UINT8 *  Oid,
IN UINTN  OidSize,
OUT UINT8 *  ExtensionData,
IN OUT UINTN ExtensionDataSize 
)

Retrieve Extension data from one X.509 certificate.

Parameters
[in]CertPointer to the DER-encoded X509 certificate.
[in]CertSizeSize of the X509 certificate in bytes.
[in]OidObject identifier buffer
[in]OidSizeObject identifier buffer size
[out]ExtensionDataExtension bytes.
[in,out]ExtensionDataSizeExtension bytes size.
Return values
TRUEThe certificate Extension data retrieved successfully.
FALSEIf Cert is NULL. If ExtensionDataSize is NULL. If ExtensionData is not NULL and *ExtensionDataSize is 0. If Certificate is invalid.
FALSEIf no Extension entry match Oid.
FALSEIf the ExtensionData is NULL. The required buffer size is returned in the ExtensionDataSize parameter.
FALSEThe operation is not supported.

Definition at line 1274 of file CryptX509.c.

◆ X509GetIssuerName()

BOOLEAN EFIAPI X509GetIssuerName ( IN CONST UINT8 *  Cert,
IN UINTN  CertSize,
OUT UINT8 *  CertIssuer,
IN OUT UINTN CertIssuerSize 
)

Retrieve the issuer bytes from one X.509 certificate.

If Cert is NULL, then return FALSE. If CertIssuerSize is NULL, then return FALSE. If this interface is not supported, then return FALSE.

Parameters
[in]CertPointer to the DER-encoded X509 certificate.
[in]CertSizeSize of the X509 certificate in bytes.
[out]CertIssuerPointer to the retrieved certificate subject bytes.
[in,out]CertIssuerSizeThe size in bytes of the CertIssuer buffer on input, and the size of buffer returned CertSubject on output.
Return values
TRUEThe certificate issuer retrieved successfully.
FALSEInvalid certificate, or the CertIssuerSize is too small for the result. The CertIssuerSize will be updated with the required size.
FALSEThis interface is not supported.

Definition at line 1097 of file CryptX509.c.

◆ X509GetKeyUsage()

BOOLEAN EFIAPI X509GetKeyUsage ( IN CONST UINT8 *  Cert,
IN UINTN  CertSize,
OUT UINTN Usage 
)

Retrieve the Key Usage from one X.509 certificate.

Parameters
[in]CertPointer to the DER-encoded X509 certificate.
[in]CertSizeSize of the X509 certificate in bytes.
[out]UsageKey Usage (CRYPTO_X509_KU_*)
Return values
TRUEThe certificate Key Usage retrieved successfully.
FALSEInvalid certificate, or Usage is NULL
FALSEThis interface is not supported.

Definition at line 1639 of file CryptX509.c.

◆ X509GetOrganizationName()

RETURN_STATUS EFIAPI X509GetOrganizationName ( IN CONST UINT8 *  Cert,
IN UINTN  CertSize,
OUT CHAR8 *NameBuffer  OPTIONAL,
IN OUT UINTN NameBufferSize 
)

Retrieve the organization name (O) string from one X.509 certificate.

Parameters
[in]CertPointer to the DER-encoded X509 certificate.
[in]CertSizeSize of the X509 certificate in bytes.
[out]NameBufferBuffer to contain the retrieved certificate organization name string. At most NameBufferSize bytes will be written and the string will be null terminated. May be NULL in order to determine the size buffer needed.
[in,out]NameBufferSizeThe size in bytes of the Name buffer on input, and the size of buffer returned Name on output. If NameBuffer is NULL then the amount of space needed in buffer (including the final null) is returned.
Return values
RETURN_SUCCESSThe certificate Organization Name retrieved successfully.
RETURN_INVALID_PARAMETERIf Cert is NULL. If NameBufferSize is NULL. If NameBuffer is not NULL and *CommonNameSize is 0. If Certificate is invalid.
RETURN_NOT_FOUNDIf no Organization Name entry exists.
RETURN_BUFFER_TOO_SMALLIf the NameBuffer is NULL. The required buffer size (including the final null) is returned in the CommonNameSize parameter.
RETURN_UNSUPPORTEDThe operation is not supported.

Definition at line 552 of file CryptX509.c.

◆ X509GetSerialNumber()

BOOLEAN EFIAPI X509GetSerialNumber ( IN CONST UINT8 *  Cert,
IN UINTN  CertSize,
OUT UINT8 *  SerialNumber,
OPTIONAL IN OUT UINTN SerialNumberSize 
)

Retrieve the serialNumber from one X.509 certificate.

If Cert is NULL, then return FALSE. If CertSize is 0, then return FALSE. If this interface is not supported, then return FALSE.

Parameters
[in]CertPointer to the DER-encoded X509 certificate.
[in]CertSizeSize of the X509 certificate in bytes.
[out]SerialNumberPointer to the retrieved certificate SerialNumber bytes.
[in,out]SerialNumberSizeThe size in bytes of the SerialNumber buffer on input, and the size of buffer returned SerialNumber on output.
Return values
TRUEThe certificate serialNumber retrieved successfully.
FALSEIf Cert is NULL or CertSize is Zero. If SerialNumberSize is NULL. If Certificate is invalid.
FALSEIf no SerialNumber exists.
FALSEIf the SerialNumber is NULL. The required buffer size (including the final null) is returned in the SerialNumberSize parameter.
FALSEThe operation is not supported.

Definition at line 1011 of file CryptX509.c.

◆ X509GetSignatureAlgorithm()

BOOLEAN EFIAPI X509GetSignatureAlgorithm ( IN CONST UINT8 *  Cert,
IN UINTN  CertSize,
OUT UINT8 *  Oid,
OPTIONAL IN OUT UINTN OidSize 
)

Retrieve the Signature Algorithm from one X.509 certificate.

Parameters
[in]CertPointer to the DER-encoded X509 certificate.
[in]CertSizeSize of the X509 certificate in bytes.
[out]OidSignature Algorithm Object identifier buffer.
[in,out]OidSizeSignature Algorithm Object identifier buffer size
Return values
TRUEThe certificate Extension data retrieved successfully.
FALSEIf Cert is NULL. If OidSize is NULL. If Oid is not NULL and *OidSize is 0. If Certificate is invalid.
FALSEIf no SignatureType.
FALSEIf the Oid is NULL. The required buffer size is returned in the OidSize.
FALSEThe operation is not supported.

Definition at line 1180 of file CryptX509.c.

◆ X509GetSubjectName()

BOOLEAN EFIAPI X509GetSubjectName ( IN CONST UINT8 *  Cert,
IN UINTN  CertSize,
OUT UINT8 *  CertSubject,
IN OUT UINTN SubjectSize 
)

Retrieve the subject bytes from one X.509 certificate.

Parameters
[in]CertPointer to the DER-encoded X509 certificate.
[in]CertSizeSize of the X509 certificate in bytes.
[out]CertSubjectPointer to the retrieved certificate subject bytes.
[in,out]SubjectSizeThe size in bytes of the CertSubject buffer on input, and the size of buffer returned CertSubject on output.

If Cert is NULL, then return FALSE. If SubjectSize is NULL, then return FALSE.

Return values
TRUEThe certificate subject retrieved successfully.
FALSEInvalid certificate, or the SubjectSize is too small for the result. The SubjectSize will be updated with the required size.

Definition at line 277 of file CryptX509.c.

◆ X509GetTBSCert()

BOOLEAN EFIAPI X509GetTBSCert ( IN CONST UINT8 *  Cert,
IN UINTN  CertSize,
OUT UINT8 **  TBSCert,
OUT UINTN TBSCertSize 
)

Retrieve the TBSCertificate from one given X.509 certificate.

Parameters
[in]CertPointer to the given DER-encoded X509 certificate.
[in]CertSizeSize of the X509 certificate in bytes.
[out]TBSCertDER-Encoded To-Be-Signed certificate.
[out]TBSCertSizeSize of the TBS certificate in bytes.

If Cert is NULL, then return FALSE. If TBSCert is NULL, then return FALSE. If TBSCertSize is NULL, then return FALSE.

Return values
TRUEThe TBSCertificate was retrieved successfully.
FALSEInvalid X.509 certificate.

Definition at line 798 of file CryptX509.c.

◆ X509GetValidity()

BOOLEAN EFIAPI X509GetValidity ( IN CONST UINT8 *  Cert,
IN UINTN  CertSize,
IN UINT8 *  From,
IN OUT UINTN FromSize,
IN UINT8 *  To,
IN OUT UINTN ToSize 
)

Retrieve the Validity from one X.509 certificate

If Cert is NULL, then return FALSE. If CertIssuerSize is NULL, then return FALSE. If this interface is not supported, then return FALSE.

Parameters
[in]CertPointer to the DER-encoded X509 certificate.
[in]CertSizeSize of the X509 certificate in bytes.
[out]FromnotBefore Pointer to DateTime object.
[in,out]FromSizenotBefore DateTime object size.
[out]TonotAfter Pointer to DateTime object.
[in,out]ToSizenotAfter DateTime object size.

Note: X509CompareDateTime to compare DateTime oject x509SetDateTime to get a DateTime object from a DateTimeStr

Return values
TRUEThe certificate Validity retrieved successfully.
FALSEInvalid certificate, or Validity retrieve failed.
FALSEThis interface is not supported.

Definition at line 1442 of file CryptX509.c.

◆ X509GetVersion()

BOOLEAN EFIAPI X509GetVersion ( IN CONST UINT8 *  Cert,
IN UINTN  CertSize,
OUT UINTN Version 
)

Retrieve the version from one X.509 certificate.

If Cert is NULL, then return FALSE. If CertSize is 0, then return FALSE. If this interface is not supported, then return FALSE.

Parameters
[in]CertPointer to the DER-encoded X509 certificate.
[in]CertSizeSize of the X509 certificate in bytes.
[out]VersionPointer to the retrieved version integer.
Return values
TRUEThe certificate version retrieved successfully.
FALSEIf Cert is NULL or CertSize is Zero.
FALSEThe operation is not supported.

Definition at line 957 of file CryptX509.c.

◆ X509StackFree()

VOID EFIAPI X509StackFree ( IN VOID *  X509Stack)

Release the specified X509 stack object.

If X509Stack is NULL, then return FALSE.

Parameters
[in]X509StackPointer to the X509 stack object to be released.

Definition at line 241 of file CryptX509.c.

◆ X509VerifyCert()

BOOLEAN EFIAPI X509VerifyCert ( IN CONST UINT8 *  Cert,
IN UINTN  CertSize,
IN CONST UINT8 *  CACert,
IN UINTN  CACertSize 
)

Verify one X509 certificate was issued by the trusted CA.

Parameters
[in]CertPointer to the DER-encoded X509 certificate to be verified.
[in]CertSizeSize of the X509 certificate in bytes.
[in]CACertPointer to the DER-encoded trusted CA certificate.
[in]CACertSizeSize of the CA Certificate in bytes.

If Cert is NULL, then return FALSE. If CACert is NULL, then return FALSE.

Return values
TRUEThe certificate was issued by the trusted CA.
FALSEInvalid certificate or the certificate was not issued by the given trusted CA.

Definition at line 659 of file CryptX509.c.

◆ X509VerifyCertChain()

BOOLEAN EFIAPI X509VerifyCertChain ( IN CONST UINT8 *  RootCert,
IN UINTN  RootCertLength,
IN CONST UINT8 *  CertChain,
IN UINTN  CertChainLength 
)

Verify one X509 certificate was issued by the trusted CA.

Parameters
[in]RootCertTrusted Root Certificate buffer
[in]RootCertLengthTrusted Root Certificate buffer length
[in]CertChainOne or more ASN.1 DER-encoded X.509 certificates where the first certificate is signed by the Root Certificate or is the Root Certificate itself. and subsequent certificate is signed by the preceding certificate.
[in]CertChainLengthTotal length of the certificate chain, in bytes.
Return values
TRUEAll certificates was issued by the first certificate in X509Certchain.
FALSEInvalid certificate or the certificate was not issued by the given trusted CA.

Definition at line 1705 of file CryptX509.c.