PKCS#7 is a general-purpose cryptographic standard (defined by RFC2315,\r
available at http://tools.ietf.org/html/rfc2315).\r
\r
-Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials are licensed and made available under\r
-the terms and conditions of the BSD License that accompanies this distribution.\r
-The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php.\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
\r
typedef struct _EFI_PKCS7_VERIFY_PROTOCOL EFI_PKCS7_VERIFY_PROTOCOL;\r
\r
-\r
/**\r
Processes a buffer containing binary DER-encoded PKCS7 signature.\r
The signed data content may be embedded within the buffer or separated. Funtion\r
**/\r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_PKCS7_VERIFY_BUFFER) (\r
+(EFIAPI *EFI_PKCS7_VERIFY_BUFFER)(\r
IN EFI_PKCS7_VERIFY_PROTOCOL *This,\r
IN VOID *SignedData,\r
IN UINTN SignedDataSize,\r
verifies the signature of the content is valid and signing certificate was not revoked\r
and is contained within a list of trusted signers.\r
\r
+ Note: because this function uses hashes and the specification contains a variety of\r
+ hash choices, you should be aware that the check against the RevokedDb list\r
+ will improperly succeed if the signature is revoked using a different hash\r
+ algorithm. For this reason, you should either cycle through all UEFI supported\r
+ hashes to see if one is forbidden, or rely on a single hash choice only if the\r
+ UEFI signature authority only signs and revokes with a single hash (at time\r
+ of writing, this hash choice is SHA256).\r
+\r
@param[in] This Pointer to EFI_PKCS7_VERIFY_PROTOCOL instance.\r
@param[in] Signature Points to buffer containing ASN.1 DER-encoded PKCS\r
detached signature.\r
**/\r
typedef\r
EFI_STATUS\r
-(EFIAPI *EFI_PKCS7_VERIFY_SIGNATURE) (\r
+(EFIAPI *EFI_PKCS7_VERIFY_SIGNATURE)(\r
IN EFI_PKCS7_VERIFY_PROTOCOL *This,\r
IN VOID *Signature,\r
IN UINTN SignatureSize,\r
/// Support of other hash algorithms is optional.\r
///\r
struct _EFI_PKCS7_VERIFY_PROTOCOL {\r
- EFI_PKCS7_VERIFY_BUFFER VerifyBuffer;\r
- EFI_PKCS7_VERIFY_SIGNATURE VerifySignature;\r
+ EFI_PKCS7_VERIFY_BUFFER VerifyBuffer;\r
+ EFI_PKCS7_VERIFY_SIGNATURE VerifySignature;\r
};\r
\r
-extern EFI_GUID gEfiPkcs7VerifyProtocolGuid;\r
+extern EFI_GUID gEfiPkcs7VerifyProtocolGuid;\r
\r
#endif\r