Reviewed-by: Long Qin <qin.l...@intel.com>
Best Regards & Thanks, LONG, Qin -----Original Message----- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of chenc2 Sent: Tuesday, November 7, 2017 9:05 AM To: edk2-devel@lists.01.org Cc: Zhang, Chao B <chao.b.zh...@intel.com>; Long, Qin <qin.l...@intel.com> Subject: [edk2] [PATCH 2/2] SecurityPkg/AuthVariableLib: Use EFI_CERT_DATA to parse certificate The function Pkcs7GetSigners return certificate stack as binary buffer. Use EFI_CERT_DATA to parsing certificate stack more clearly, and access certificate by the field of EFI_CERT_DATA structure. Cc: Long Qin <qin.l...@intel.com> Cc: Zhang Chao <chao.b.zh...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: chenc2 <chen.a.c...@intel.com> --- SecurityPkg/Library/AuthVariableLib/AuthService.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c index 6cbeb98535..213a524f27 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c @@ -1828,6 +1828,7 @@ VerifyTimeBasedPayload ( UINT8 *CertsInCertDb; UINT32 CertsSizeinDb; UINT8 Sha256Digest[SHA256_DIGEST_SIZE]; + EFI_CERT_DATA *CertDataPtr; // // 1. TopLevelCert is the top-level issuer certificate in signature Signer Cert Chain @@ -1841,6 +1842,7 @@ VerifyTimeBasedPayload ( SignerCerts = NULL; TopLevelCert = NULL; CertsInCertDb = NULL; + CertDataPtr = NULL; // // When the attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is @@ -2098,9 +2100,10 @@ VerifyTimeBasedPayload ( // // Check hash of signer cert CommonName + Top-level issuer tbsCertificate against data in CertDb // + CertDataPtr = (EFI_CERT_DATA *)(SignerCerts + 1); Status = CalculatePrivAuthVarSignChainSHA256Digest( - SignerCerts + sizeof(UINT8) + sizeof(UINT32), - ReadUnaligned32 ((UINT32 *)(SignerCerts + sizeof(UINT8))), + CertDataPtr->CertDataBuffer, + ReadUnaligned32 ((UINT32 + *)&(CertDataPtr->CertDataLength)), TopLevelCert, TopLevelCertSize, Sha256Digest @@ -2135,12 +2138,13 @@ VerifyTimeBasedPayload ( // // When adding a new common authenticated variable, always save Hash of cn of signer cert + tbsCertificate of Top-level issuer // + CertDataPtr = (EFI_CERT_DATA *)(SignerCerts + 1); Status = InsertCertsToDb ( VariableName, VendorGuid, Attributes, - SignerCerts + sizeof(UINT8) + sizeof(UINT32), - ReadUnaligned32 ((UINT32 *)(SignerCerts + sizeof(UINT8))), + CertDataPtr->CertDataBuffer, + ReadUnaligned32 ((UINT32 + *)&(CertDataPtr->CertDataLength)), TopLevelCert, TopLevelCertSize ); -- 2.13.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel