]>
Commit | Line | Data |
---|---|---|
cc01b26e JW |
1 | /** @file\r |
2 | Non-runtime specific implementation of PKCS#7 SignedData Verification Wrapper.\r | |
3 | \r | |
4 | Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>\r | |
2009f6b4 | 5 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
cc01b26e JW |
6 | \r |
7 | **/\r | |
8 | \r | |
9 | #include "InternalCryptLib.h"\r | |
10 | \r | |
11 | #include <openssl/objects.h>\r | |
12 | #include <openssl/x509.h>\r | |
13 | #include <openssl/x509v3.h>\r | |
14 | #include <openssl/pkcs7.h>\r | |
15 | \r | |
469eb461 GJ |
16 | /**\r |
17 | Check the contents of PKCS7 is not data.\r | |
18 | \r | |
19 | It is copied from PKCS7_type_is_other() in pk7_doit.c.\r | |
20 | \r | |
21 | @param[in] P7 Pointer to the location at which the PKCS7 is located.\r | |
22 | \r | |
23 | @retval TRUE If the type is others.\r | |
24 | @retval FALSE If the type is expected.\r | |
25 | **/\r | |
26 | STATIC\r | |
27 | BOOLEAN\r | |
28 | Pkcs7TypeIsOther (\r | |
29 | IN PKCS7 *P7\r | |
30 | )\r | |
31 | {\r | |
32 | BOOLEAN Others;\r | |
33 | INTN Nid = OBJ_obj2nid (P7->type);\r | |
34 | \r | |
35 | switch (Nid) {\r | |
36 | case NID_pkcs7_data:\r | |
37 | case NID_pkcs7_signed:\r | |
38 | case NID_pkcs7_enveloped:\r | |
39 | case NID_pkcs7_signedAndEnveloped:\r | |
40 | case NID_pkcs7_encrypted:\r | |
41 | Others = FALSE;\r | |
42 | break;\r | |
43 | default:\r | |
44 | Others = TRUE;\r | |
45 | }\r | |
46 | \r | |
47 | return Others;\r | |
48 | }\r | |
49 | \r | |
50 | /**\r | |
51 | Get the ASN.1 string for the PKCS7.\r | |
52 | \r | |
53 | It is copied from PKCS7_get_octet_string() in pk7_doit.c.\r | |
54 | \r | |
55 | @param[in] P7 Pointer to the location at which the PKCS7 is located.\r | |
56 | \r | |
57 | @return ASN1_OCTET_STRING ASN.1 string.\r | |
58 | **/\r | |
59 | STATIC\r | |
60 | ASN1_OCTET_STRING*\r | |
61 | Pkcs7GetOctetString (\r | |
62 | IN PKCS7 *P7\r | |
63 | )\r | |
64 | {\r | |
65 | if (PKCS7_type_is_data (P7)) {\r | |
66 | return P7->d.data;\r | |
67 | }\r | |
68 | \r | |
69 | if (Pkcs7TypeIsOther(P7) && (P7->d.other != NULL) &&\r | |
70 | (P7->d.other->type == V_ASN1_OCTET_STRING)) {\r | |
71 | return P7->d.other->value.octet_string;\r | |
72 | }\r | |
73 | \r | |
74 | return NULL;\r | |
75 | }\r | |
76 | \r | |
cc01b26e JW |
77 | /**\r |
78 | Extracts the attached content from a PKCS#7 signed data if existed. The input signed\r | |
79 | data could be wrapped in a ContentInfo structure.\r | |
80 | \r | |
81 | If P7Data, Content, or ContentSize is NULL, then return FALSE. If P7Length overflow,\r | |
82 | then return FALSE. If the P7Data is not correctly formatted, then return FALSE.\r | |
83 | \r | |
84 | Caution: This function may receive untrusted input. So this function will do\r | |
85 | basic check for PKCS#7 data structure.\r | |
86 | \r | |
87 | @param[in] P7Data Pointer to the PKCS#7 signed data to process.\r | |
88 | @param[in] P7Length Length of the PKCS#7 signed data in bytes.\r | |
89 | @param[out] Content Pointer to the extracted content from the PKCS#7 signedData.\r | |
90 | It's caller's responsibility to free the buffer with FreePool().\r | |
91 | @param[out] ContentSize The size of the extracted content in bytes.\r | |
92 | \r | |
93 | @retval TRUE The P7Data was correctly formatted for processing.\r | |
94 | @retval FALSE The P7Data was not correctly formatted for processing.\r | |
95 | \r | |
96 | **/\r | |
97 | BOOLEAN\r | |
98 | EFIAPI\r | |
99 | Pkcs7GetAttachedContent (\r | |
100 | IN CONST UINT8 *P7Data,\r | |
101 | IN UINTN P7Length,\r | |
102 | OUT VOID **Content,\r | |
103 | OUT UINTN *ContentSize\r | |
104 | )\r | |
105 | {\r | |
106 | BOOLEAN Status;\r | |
107 | PKCS7 *Pkcs7;\r | |
108 | UINT8 *SignedData;\r | |
109 | UINTN SignedDataSize;\r | |
110 | BOOLEAN Wrapped;\r | |
111 | CONST UINT8 *Temp;\r | |
112 | ASN1_OCTET_STRING *OctStr;\r | |
113 | \r | |
114 | //\r | |
115 | // Check input parameter.\r | |
116 | //\r | |
117 | if ((P7Data == NULL) || (P7Length > INT_MAX) || (Content == NULL) || (ContentSize == NULL)) {\r | |
118 | return FALSE;\r | |
119 | }\r | |
120 | \r | |
121 | *Content = NULL;\r | |
122 | Pkcs7 = NULL;\r | |
123 | SignedData = NULL;\r | |
124 | OctStr = NULL;\r | |
125 | \r | |
126 | Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize);\r | |
127 | if (!Status || (SignedDataSize > INT_MAX)) {\r | |
128 | goto _Exit;\r | |
129 | }\r | |
130 | \r | |
131 | Status = FALSE;\r | |
132 | \r | |
133 | //\r | |
134 | // Decoding PKCS#7 SignedData\r | |
135 | //\r | |
136 | Temp = SignedData;\r | |
137 | Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **)&Temp, (int)SignedDataSize);\r | |
138 | if (Pkcs7 == NULL) {\r | |
139 | goto _Exit;\r | |
140 | }\r | |
141 | \r | |
142 | //\r | |
143 | // The type of Pkcs7 must be signedData\r | |
144 | //\r | |
145 | if (!PKCS7_type_is_signed (Pkcs7)) {\r | |
146 | goto _Exit;\r | |
147 | }\r | |
148 | \r | |
149 | //\r | |
150 | // Check for detached or attached content\r | |
151 | //\r | |
152 | if (PKCS7_get_detached (Pkcs7)) {\r | |
153 | //\r | |
154 | // No Content supplied for PKCS7 detached signedData\r | |
155 | //\r | |
156 | *Content = NULL;\r | |
157 | *ContentSize = 0;\r | |
158 | } else {\r | |
159 | //\r | |
160 | // Retrieve the attached content in PKCS7 signedData\r | |
161 | //\r | |
469eb461 GJ |
162 | OctStr = Pkcs7GetOctetString (Pkcs7->d.sign->contents);\r |
163 | if (OctStr == NULL) {\r | |
164 | goto _Exit;\r | |
165 | }\r | |
166 | \r | |
cc01b26e JW |
167 | if ((OctStr->length > 0) && (OctStr->data != NULL)) {\r |
168 | *ContentSize = OctStr->length;\r | |
169 | *Content = AllocatePool (*ContentSize);\r | |
170 | if (*Content == NULL) {\r | |
171 | *ContentSize = 0;\r | |
172 | goto _Exit;\r | |
173 | }\r | |
174 | CopyMem (*Content, OctStr->data, *ContentSize);\r | |
175 | }\r | |
176 | }\r | |
177 | Status = TRUE;\r | |
178 | \r | |
179 | _Exit:\r | |
180 | //\r | |
181 | // Release Resources\r | |
182 | //\r | |
183 | PKCS7_free (Pkcs7);\r | |
184 | \r | |
185 | if (!Wrapped) {\r | |
186 | OPENSSL_free (SignedData);\r | |
187 | }\r | |
188 | \r | |
189 | return Status;\r | |
190 | }\r |