580.65.06

2026-01-30 04:59:46 +00:00 · 2025-08-04 11:15:02 -07:00
parent d890313300
commit 307159f262
1315 changed files with 477791 additions and 279973 deletions
--- a/kernel-open/nvidia/hal/library/cryptlib/cryptlib_cert.h
+++ b/kernel-open/nvidia/hal/library/cryptlib/cryptlib_cert.h
@@ -1,6 +1,6 @@
 /**
 *  Copyright Notice:
- *  Copyright 2021-2022 DMTF. All rights reserved.
+ *  Copyright 2021-2024 DMTF. All rights reserved.
 *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
 **/

@@ -35,10 +35,10 @@ extern bool libspdm_asn1_get_tag(uint8_t **ptr, const uint8_t *end, size_t *leng
 * @param[in, out] subject_size  The size in bytes of the cert_subject buffer on input,
 *                               and the size of buffer returned cert_subject on output.
 *
- * @retval  true   The certificate subject retrieved successfully.
- * @retval  false  Invalid certificate, or the subject_size is too small for the result.
- *                 The subject_size will be updated with the required size.
- * @retval  false  This interface is not supported.
+ * @retval  true   If the subject_size is not equal 0. The certificate subject retrieved successfully.
+ * @retval  true   If the subject_size is equal 0. The certificate parse successful. But the cert doesn't have subject.
+ * @retval  false  If the subject_size is not equal 0. The certificate subject retrieved successfully.But the subject_size is too small for the result.
+ * @retval  false  If the subject_size is equal 0. Invalid certificate.
 **/
 extern bool libspdm_x509_get_subject_name(const uint8_t *cert, size_t cert_size,
                                          uint8_t *cert_subject,
@@ -80,6 +80,25 @@ extern bool libspdm_x509_get_serial_number(const uint8_t *cert, size_t cert_size
                                           uint8_t *serial_number,
                                           size_t *serial_number_size);

+#if LIBSPDM_ADDITIONAL_CHECK_CERT
+/**
+ * Retrieve the signature algorithm from one X.509 certificate.
+ *
+ * @param[in]      cert       Pointer to the DER-encoded X509 certificate.
+ * @param[in]      cert_size  Size of the X509 certificate in bytes.
+ * @param[out]     oid        Signature algorithm Object identifier buffer.
+ * @param[in,out]  oid_size   Signature algorithm Object identifier buffer size.
+ *
+ * @retval  true    if the oid_size is equal 0, the cert parse successfully, but cert doesn't have signature algo.
+ * @retval  true    if the oid_size is not equal 0, the cert parse and get signature algo successfully.
+ * @retval  false   if the oid_size is equal 0, the cert parse failed.
+ * @retval  false   if the oid_size is not equal 0, the cert parse and get signature algo successfully, but the input buffer size is small.
+ **/
+extern bool libspdm_x509_get_signature_algorithm(const uint8_t *cert,
+                                                 size_t cert_size, uint8_t *oid,
+                                                 size_t *oid_size);
+#endif /* LIBSPDM_ADDITIONAL_CHECK_CERT */
+
 /**
 * Retrieve the issuer bytes from one X.509 certificate.
 *
@@ -93,10 +112,10 @@ extern bool libspdm_x509_get_serial_number(const uint8_t *cert, size_t cert_size
 * @param[in, out] issuer_size  The size in bytes of the cert_issuer buffer on input,
 *                              and the size of buffer returned cert_issuer on output.
 *
- * @retval  true   The certificate issuer retrieved successfully.
- * @retval  false  Invalid certificate, or the issuer_size is too small for the result.
- *                 The issuer_size will be updated with the required size.
- * @retval  false  This interface is not supported.
+ * @retval  true   If the issuer_size is not equal 0. The certificate issuer retrieved successfully.
+ * @retval  true   If the issuer_size is equal 0. The certificate parse successful. But the cert doesn't have issuer.
+ * @retval  false  If the issuer_size is not equal 0. The certificate issuer retrieved successfully. But the issuer_size is too small for the result.
+ * @retval  false  If the issuer_size is equal 0. Invalid certificate.
 **/
 extern bool libspdm_x509_get_issuer_name(const uint8_t *cert, size_t cert_size,
                                         uint8_t *cert_issuer,
@@ -112,8 +131,11 @@ extern bool libspdm_x509_get_issuer_name(const uint8_t *cert, size_t cert_size,
 * @param[out]     extension_data       Extension bytes.
 * @param[in, out] extension_data_size  Extension bytes size.
 *
- * @retval  true
- * @retval  false
+ * @retval true   If the returned extension_data_size == 0, it means that cert and oid are valid, but the oid extension is not found;
+ *                If the returned extension_data_size != 0, it means that cert and oid are valid, and the oid extension is found;
+ * @retval false  If the returned extension_data_size == 0, it means that cert or oid are invalid;
+ *                If the returned extension_data_size != 0, it means that cert and oid are valid, and the oid extension is found,
+ *                                                          but the store buffer is too small.
 **/
 extern bool libspdm_x509_get_extension_data(const uint8_t *cert, size_t cert_size,
                                            const uint8_t *oid, size_t oid_size,
@@ -137,9 +159,14 @@ extern bool libspdm_x509_get_extension_data(const uint8_t *cert, size_t cert_siz
 * Note: libspdm_x509_compare_date_time to compare date_time oject
 *       x509SetDateTime to get a date_time object from a date_time_str
 *
- * @retval  true   The certificate Validity retrieved successfully.
- * @retval  false  Invalid certificate, or Validity retrieve failed.
- * @retval  false  This interface is not supported.
+ * @retval  true   if the from_size and from_size are not equal 0.
+ *                 The certificate Validity retrieved successfully.
+ * @retval  true   if the from_size and from_size are equal 0.
+ *                 The certificate Validity does not exist.
+ * @retval  false  if the from_size and from_size are not equal 0.
+ *                 The certificate Validity retrieved successfully, but the input buffer size is small.
+ * @retval  false  if the from_size and from_size are equal 0.
+ *                 Invalid certificate, or Validity retrieve failed.
 **/
 extern bool libspdm_x509_get_validity(const uint8_t *cert, size_t cert_size,
                                      uint8_t *from, size_t *from_size, uint8_t *to,
@@ -189,9 +216,9 @@ extern int32_t libspdm_x509_compare_date_time(const void *date_time1, const void
 * @param[in]      cert_size  Size of the X509 certificate in bytes.
 * @param[out]     usage      Key usage (LIBSPDM_CRYPTO_X509_KU_*)
 *
- * @retval  true   The certificate key usage retrieved successfully.
- * @retval  false  Invalid certificate, or usage is NULL
- * @retval  false  This interface is not supported.
+ * @retval  true   if the usage is no equal 0. The certificate key usage retrieved successfully.
+ * @retval  true   if the usage is equal 0. The certificate parse successfully, but the cert doesn't have key usage.
+ * @retval  false  Invalid certificate, or usage is NULL.
 **/
 extern bool libspdm_x509_get_key_usage(const uint8_t *cert, size_t cert_size, size_t *usage);

@@ -203,8 +230,11 @@ extern bool libspdm_x509_get_key_usage(const uint8_t *cert, size_t cert_size, si
 * @param[out]     usage       Key usage bytes.
 * @param[in, out] usage_size  Key usage buffer size in bytes.
 *
- * @retval  true
- * @retval  false
+ * @retval true   If the returned usage_size == 0, it means that cert and oid are valid, but the Extended key usage is not found;
+ *                If the returned usage_size != 0, it means that cert and oid are valid, and the Extended key usage is found;
+ * @retval false  If the returned usage_size == 0, it means that cert or oid are invalid;
+ *                If the returned usage_size != 0, it means that cert and oid are valid, and the Extended key usage is found,
+ *                                                 but the store buffer is too small.
 **/
 extern bool libspdm_x509_get_extended_key_usage(const uint8_t *cert,
                                                size_t cert_size, uint8_t *usage,
@@ -218,8 +248,11 @@ extern bool libspdm_x509_get_extended_key_usage(const uint8_t *cert,
 * @param[out]     basic_constraints        Basic constraints bytes.
 * @param[in, out] basic_constraints_size   Basic constraints buffer size in bytes.
 *
- * @retval  true
- * @retval  false
+ * @retval true   If the returned basic_constraints_size == 0, it means that cert and oid are valid, but the basic_constraints is not found;
+ *                If the returned basic_constraints_size != 0, it means that cert and oid are valid, and the basic_constraints is found;
+ * @retval false  If the returned basic_constraints_size == 0, it means that cert or oid are invalid;
+ *                If the returned basic_constraints_size != 0, it means that cert and oid are valid, and the basic_constraints is found,
+ *                                                             but the store buffer is too small.
 **/
 extern bool libspdm_x509_get_extended_basic_constraints(const uint8_t *cert,
                                                        size_t cert_size,