diff options
| author | Qi Zhang <qi1.zhang@intel.com> | 2022-10-12 10:47:58 +0800 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2022-10-12 05:56:00 +0000 |
| commit | f21a1d48fe7200c80f893d805f49410836443cc5 (patch) | |
| tree | 3e2a693d027e8b11e30d87b09421256f26597224 /CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | |
| parent | f80580f56b267c96f16f985dbf707b2f96947da4 (diff) | |
| download | edk2-f21a1d48fe7200c80f893d805f49410836443cc5.tar.gz edk2-f21a1d48fe7200c80f893d805f49410836443cc5.tar.bz2 edk2-f21a1d48fe7200c80f893d805f49410836443cc5.zip | |
CryptoPkg: Add EC key retrieving and signature interface.
This patch is used to retrieve EC key from PEM and X509 and
carry out the EC-DSA signature and verify it.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4102
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Diffstat (limited to 'CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c')
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c index e6bb45e641..58d3f27b11 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c @@ -842,3 +842,86 @@ X509GetTBSCert ( return TRUE;
}
+
+/**
+ Retrieve the EC Public Key from one DER-encoded X509 certificate.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[out] EcContext Pointer to new-generated EC DSA context which contain the retrieved
+ EC public key component. Use EcFree() function to free the
+ resource.
+
+ If Cert is NULL, then return FALSE.
+ If EcContext is NULL, then return FALSE.
+
+ @retval TRUE EC Public Key was retrieved successfully.
+ @retval FALSE Fail to retrieve EC public key from X509 certificate.
+
+**/
+BOOLEAN
+EFIAPI
+EcGetPublicKeyFromX509 (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ OUT VOID **EcContext
+ )
+{
+ #if FixedPcdGetBool (PcdOpensslEcEnabled)
+ BOOLEAN Status;
+ EVP_PKEY *Pkey;
+ X509 *X509Cert;
+
+ //
+ // Check input parameters.
+ //
+ if ((Cert == NULL) || (EcContext == NULL)) {
+ return FALSE;
+ }
+
+ Pkey = NULL;
+ X509Cert = NULL;
+
+ //
+ // Read DER-encoded X509 Certificate and Construct X509 object.
+ //
+ Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert);
+ if ((X509Cert == NULL) || (!Status)) {
+ Status = FALSE;
+ goto _Exit;
+ }
+
+ Status = FALSE;
+
+ //
+ // Retrieve and check EVP_PKEY data from X509 Certificate.
+ //
+ Pkey = X509_get_pubkey (X509Cert);
+ if ((Pkey == NULL) || (EVP_PKEY_id (Pkey) != EVP_PKEY_EC)) {
+ goto _Exit;
+ }
+
+ //
+ // Duplicate EC Context from the retrieved EVP_PKEY.
+ //
+ if ((*EcContext = EC_KEY_dup (EVP_PKEY_get0_EC_KEY (Pkey))) != NULL) {
+ Status = TRUE;
+ }
+
+_Exit:
+ //
+ // Release Resources.
+ //
+ if (X509Cert != NULL) {
+ X509_free (X509Cert);
+ }
+
+ if (Pkey != NULL) {
+ EVP_PKEY_free (Pkey);
+ }
+
+ return Status;
+ #else
+ return FALSE;
+ #endif
+}
|