Support authentication of uefi priv. variables
To authenticate private uefi variables a fingerprint has to be
calculated based on the common name of the signing certificate's
Subject field and the tbsCertificate of the top-level issuer
certificate.
These variables have a public key certificate attached so the
verify_pkcs7_signature_handler is also reorganized to be able
to verify its own signature with its internal public key.
This commit implements the changes needed for the described
functionality.
Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Change-Id: Ida22977f3ef1a730ea95834ca5c9f9e4ed78d927
diff --git a/components/common/mbedtls/component.cmake b/components/common/mbedtls/component.cmake
new file mode 100644
index 0000000..e04a42f
--- /dev/null
+++ b/components/common/mbedtls/component.cmake
@@ -0,0 +1,13 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+if (NOT DEFINED TGT)
+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
+endif()
+
+target_sources(${TGT} PRIVATE
+ "${CMAKE_CURRENT_LIST_DIR}/mbedtls_utils.c"
+)
diff --git a/components/common/mbedtls/mbedtls_utils.c b/components/common/mbedtls/mbedtls_utils.c
new file mode 100644
index 0000000..e7c97e9
--- /dev/null
+++ b/components/common/mbedtls/mbedtls_utils.c
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <string.h>
+#include "mbedtls_utils.h"
+
+/*
+ * Official value: http://www.oid-info.com/get/2.5.4.3
+ * Hex converter: https://misc.daniel-marschall.de/asn.1/oid-converter/online.php
+ */
+#define CN_OID_TAG (0x06)
+#define CN_OID_LEN (0x03)
+#define CN_OID_VAL {0x55, 0x04, 0x03}
+
+/* Searches for the common name field in an mbedtls_asn1_named_data object */
+const mbedtls_asn1_buf* findCommonName(const mbedtls_asn1_named_data *name)
+{
+ static const uint8_t cn_oid_values[CN_OID_LEN] = CN_OID_VAL;
+
+ while (name)
+ {
+ if (name->oid.tag == CN_OID_TAG && name->oid.len == CN_OID_LEN) {
+ if (name->oid.p != NULL) {
+ if (!memcmp(name->oid.p, cn_oid_values, (size_t) CN_OID_LEN))
+ return &name->val;
+ }
+ }
+
+ name = name->next;
+ }
+
+ return NULL;
+}
diff --git a/components/common/mbedtls/mbedtls_utils.h b/components/common/mbedtls/mbedtls_utils.h
new file mode 100644
index 0000000..0e2f396
--- /dev/null
+++ b/components/common/mbedtls/mbedtls_utils.h
@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef MBEDTLS_UTILS_H
+#define MBEDTLS_UTILS_H
+
+#include <mbedtls/asn1.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+const mbedtls_asn1_buf* findCommonName(const mbedtls_asn1_named_data *name);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_UTILS_H */