tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SecurityPkg/AuthVariableLib: Use EFI_CERT_DATA to parse certificate 

The function Pkcs7GetSigners return certificate stack as binary buffer.
Use EFI_CERT_DATA to parsing certificate stack more clearly, and access
certificate by the field of EFI_CERT_DATA structure.

Cc: Long Qin <qin.long@intel.com>
Cc: Zhang Chao <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: chenc2 <chen.a.chen@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Zhang Chao <chao.b.zhang@intel.com>
This commit is contained in:
chenc2 2017-11-07 09:01:26 +08:00 committed by Zhang, Chao B
parent 3702637a52
commit 62ba0febf5
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
SecurityPkg/Library/AuthVariableLib/AuthService.c
View File

@ -1828,6 +1828,7 @@ VerifyTimeBasedPayload (
UINT8 *CertsInCertDb; UINT8 *CertsInCertDb;
UINT32 CertsSizeinDb; UINT32 CertsSizeinDb;
UINT8 Sha256Digest[SHA256_DIGEST_SIZE]; UINT8 Sha256Digest[SHA256_DIGEST_SIZE];
EFI_CERT_DATA *CertDataPtr;
// //
// 1. TopLevelCert is the top-level issuer certificate in signature Signer Cert Chain // 1. TopLevelCert is the top-level issuer certificate in signature Signer Cert Chain
@ -1841,6 +1842,7 @@ VerifyTimeBasedPayload (
SignerCerts = NULL; SignerCerts = NULL;
TopLevelCert = NULL; TopLevelCert = NULL;
CertsInCertDb = NULL; CertsInCertDb = NULL;
CertDataPtr = NULL;
// //
// When the attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is // When the attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is
@ -2098,9 +2100,10 @@ VerifyTimeBasedPayload (
// //
// Check hash of signer cert CommonName + Top-level issuer tbsCertificate against data in CertDb // Check hash of signer cert CommonName + Top-level issuer tbsCertificate against data in CertDb
// //
CertDataPtr = (EFI_CERT_DATA *)(SignerCerts + 1);
Status = CalculatePrivAuthVarSignChainSHA256Digest( Status = CalculatePrivAuthVarSignChainSHA256Digest(
SignerCerts + sizeof(UINT8) + sizeof(UINT32), CertDataPtr->CertDataBuffer,
ReadUnaligned32 ((UINT32 *)(SignerCerts + sizeof(UINT8))), ReadUnaligned32 ((UINT32 *)&(CertDataPtr->CertDataLength)),
TopLevelCert, TopLevelCert,
TopLevelCertSize, TopLevelCertSize,
Sha256Digest Sha256Digest
@ -2135,12 +2138,13 @@ VerifyTimeBasedPayload (
// //
// When adding a new common authenticated variable, always save Hash of cn of signer cert + tbsCertificate of Top-level issuer // When adding a new common authenticated variable, always save Hash of cn of signer cert + tbsCertificate of Top-level issuer
// //
CertDataPtr = (EFI_CERT_DATA *)(SignerCerts + 1);
Status = InsertCertsToDb ( Status = InsertCertsToDb (
VariableName, VariableName,
VendorGuid, VendorGuid,
Attributes, Attributes,
SignerCerts + sizeof(UINT8) + sizeof(UINT32), CertDataPtr->CertDataBuffer,
ReadUnaligned32 ((UINT32 *)(SignerCerts + sizeof(UINT8))), ReadUnaligned32 ((UINT32 *)&(CertDataPtr->CertDataLength)),
TopLevelCert, TopLevelCert,
TopLevelCertSize TopLevelCertSize
); );