From 62ba0febf517138a01c7a5f6d221ce6a2e4c28b6 Mon Sep 17 00:00:00 2001
From: chenc2 <chen.a.chen@intel.com>
Date: Tue, 7 Nov 2017 09:01:26 +0800
Subject: SecurityPkg/AuthVariableLib: Use EFI_CERT_DATA to parse certificate

The function Pkcs7GetSigners return certificate stack as binary buffer.
Use EFI_CERT_DATA to parsing certificate stack more clearly, and access
certificate by the field of EFI_CERT_DATA structure.

Cc: Long Qin <qin.long@intel.com>
Cc: Zhang Chao <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: chenc2 <chen.a.chen@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Zhang Chao <chao.b.zhang@intel.com>
---
 SecurityPkg/Library/AuthVariableLib/AuthService.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'SecurityPkg/Library')

diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c
index 6cbeb98535..213a524f27 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -1828,6 +1828,7 @@ VerifyTimeBasedPayload (
   UINT8                            *CertsInCertDb;
   UINT32                           CertsSizeinDb;
   UINT8                            Sha256Digest[SHA256_DIGEST_SIZE];
+  EFI_CERT_DATA                    *CertDataPtr;
 
   //
   // 1. TopLevelCert is the top-level issuer certificate in signature Signer Cert Chain
@@ -1841,6 +1842,7 @@ VerifyTimeBasedPayload (
   SignerCerts            = NULL;
   TopLevelCert           = NULL;
   CertsInCertDb          = NULL;
+  CertDataPtr            = NULL;
 
   //
   // When the attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is
@@ -2098,9 +2100,10 @@ VerifyTimeBasedPayload (
         //
         // Check hash of signer cert CommonName + Top-level issuer tbsCertificate against data in CertDb
         //
+        CertDataPtr = (EFI_CERT_DATA *)(SignerCerts + 1);
         Status = CalculatePrivAuthVarSignChainSHA256Digest(
-                   SignerCerts + sizeof(UINT8) + sizeof(UINT32),
-                   ReadUnaligned32 ((UINT32 *)(SignerCerts + sizeof(UINT8))),
+                   CertDataPtr->CertDataBuffer,
+                   ReadUnaligned32 ((UINT32 *)&(CertDataPtr->CertDataLength)),
                    TopLevelCert,
                    TopLevelCertSize,
                    Sha256Digest
@@ -2135,12 +2138,13 @@ VerifyTimeBasedPayload (
       //
       // When adding a new common authenticated variable, always save Hash of cn of signer cert + tbsCertificate of Top-level issuer
       //
+      CertDataPtr = (EFI_CERT_DATA *)(SignerCerts + 1);
       Status = InsertCertsToDb (
                  VariableName,
                  VendorGuid,
                  Attributes,
-                 SignerCerts + sizeof(UINT8) + sizeof(UINT32),
-                 ReadUnaligned32 ((UINT32 *)(SignerCerts + sizeof(UINT8))),
+                 CertDataPtr->CertDataBuffer,
+                 ReadUnaligned32 ((UINT32 *)&(CertDataPtr->CertDataLength)),
                  TopLevelCert,
                  TopLevelCertSize
                  );
-- 
cgit v1.2.3