]>
Commit | Line | Data |
---|---|---|
cc01b26e JW |
1 | /** @file\r |
2 | Non-runtime specific implementation of PKCS#7 SignedData Verification Wrapper.\r | |
3 | \r | |
4 | Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>\r | |
2009f6b4 | 5 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
cc01b26e JW |
6 | \r |
7 | **/\r | |
8 | \r | |
9 | #include "InternalCryptLib.h"\r | |
10 | \r | |
11 | #include <openssl/objects.h>\r | |
12 | #include <openssl/x509.h>\r | |
13 | #include <openssl/x509v3.h>\r | |
14 | #include <openssl/pkcs7.h>\r | |
15 | \r | |
469eb461 GJ |
16 | /**\r |
17 | Check the contents of PKCS7 is not data.\r | |
18 | \r | |
19 | It is copied from PKCS7_type_is_other() in pk7_doit.c.\r | |
20 | \r | |
21 | @param[in] P7 Pointer to the location at which the PKCS7 is located.\r | |
22 | \r | |
23 | @retval TRUE If the type is others.\r | |
24 | @retval FALSE If the type is expected.\r | |
25 | **/\r | |
26 | STATIC\r | |
27 | BOOLEAN\r | |
28 | Pkcs7TypeIsOther (\r | |
7c342378 | 29 | IN PKCS7 *P7\r |
469eb461 GJ |
30 | )\r |
31 | {\r | |
7c342378 MK |
32 | BOOLEAN Others;\r |
33 | INTN Nid = OBJ_obj2nid (P7->type);\r | |
469eb461 GJ |
34 | \r |
35 | switch (Nid) {\r | |
36 | case NID_pkcs7_data:\r | |
37 | case NID_pkcs7_signed:\r | |
38 | case NID_pkcs7_enveloped:\r | |
39 | case NID_pkcs7_signedAndEnveloped:\r | |
40 | case NID_pkcs7_encrypted:\r | |
41 | Others = FALSE;\r | |
42 | break;\r | |
43 | default:\r | |
44 | Others = TRUE;\r | |
45 | }\r | |
46 | \r | |
47 | return Others;\r | |
48 | }\r | |
49 | \r | |
50 | /**\r | |
51 | Get the ASN.1 string for the PKCS7.\r | |
52 | \r | |
53 | It is copied from PKCS7_get_octet_string() in pk7_doit.c.\r | |
54 | \r | |
55 | @param[in] P7 Pointer to the location at which the PKCS7 is located.\r | |
56 | \r | |
57 | @return ASN1_OCTET_STRING ASN.1 string.\r | |
58 | **/\r | |
59 | STATIC\r | |
7c342378 | 60 | ASN1_OCTET_STRING *\r |
469eb461 | 61 | Pkcs7GetOctetString (\r |
7c342378 | 62 | IN PKCS7 *P7\r |
469eb461 GJ |
63 | )\r |
64 | {\r | |
65 | if (PKCS7_type_is_data (P7)) {\r | |
66 | return P7->d.data;\r | |
67 | }\r | |
68 | \r | |
7c342378 MK |
69 | if (Pkcs7TypeIsOther (P7) && (P7->d.other != NULL) &&\r |
70 | (P7->d.other->type == V_ASN1_OCTET_STRING))\r | |
71 | {\r | |
469eb461 GJ |
72 | return P7->d.other->value.octet_string;\r |
73 | }\r | |
74 | \r | |
75 | return NULL;\r | |
76 | }\r | |
77 | \r | |
cc01b26e JW |
78 | /**\r |
79 | Extracts the attached content from a PKCS#7 signed data if existed. The input signed\r | |
80 | data could be wrapped in a ContentInfo structure.\r | |
81 | \r | |
82 | If P7Data, Content, or ContentSize is NULL, then return FALSE. If P7Length overflow,\r | |
83 | then return FALSE. If the P7Data is not correctly formatted, then return FALSE.\r | |
84 | \r | |
85 | Caution: This function may receive untrusted input. So this function will do\r | |
86 | basic check for PKCS#7 data structure.\r | |
87 | \r | |
88 | @param[in] P7Data Pointer to the PKCS#7 signed data to process.\r | |
89 | @param[in] P7Length Length of the PKCS#7 signed data in bytes.\r | |
90 | @param[out] Content Pointer to the extracted content from the PKCS#7 signedData.\r | |
91 | It's caller's responsibility to free the buffer with FreePool().\r | |
92 | @param[out] ContentSize The size of the extracted content in bytes.\r | |
93 | \r | |
94 | @retval TRUE The P7Data was correctly formatted for processing.\r | |
95 | @retval FALSE The P7Data was not correctly formatted for processing.\r | |
96 | \r | |
97 | **/\r | |
98 | BOOLEAN\r | |
99 | EFIAPI\r | |
100 | Pkcs7GetAttachedContent (\r | |
101 | IN CONST UINT8 *P7Data,\r | |
102 | IN UINTN P7Length,\r | |
103 | OUT VOID **Content,\r | |
104 | OUT UINTN *ContentSize\r | |
105 | )\r | |
106 | {\r | |
107 | BOOLEAN Status;\r | |
108 | PKCS7 *Pkcs7;\r | |
109 | UINT8 *SignedData;\r | |
110 | UINTN SignedDataSize;\r | |
111 | BOOLEAN Wrapped;\r | |
112 | CONST UINT8 *Temp;\r | |
113 | ASN1_OCTET_STRING *OctStr;\r | |
114 | \r | |
115 | //\r | |
116 | // Check input parameter.\r | |
117 | //\r | |
118 | if ((P7Data == NULL) || (P7Length > INT_MAX) || (Content == NULL) || (ContentSize == NULL)) {\r | |
119 | return FALSE;\r | |
120 | }\r | |
121 | \r | |
122 | *Content = NULL;\r | |
123 | Pkcs7 = NULL;\r | |
124 | SignedData = NULL;\r | |
125 | OctStr = NULL;\r | |
126 | \r | |
127 | Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize);\r | |
128 | if (!Status || (SignedDataSize > INT_MAX)) {\r | |
129 | goto _Exit;\r | |
130 | }\r | |
131 | \r | |
132 | Status = FALSE;\r | |
133 | \r | |
134 | //\r | |
135 | // Decoding PKCS#7 SignedData\r | |
136 | //\r | |
137 | Temp = SignedData;\r | |
138 | Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **)&Temp, (int)SignedDataSize);\r | |
139 | if (Pkcs7 == NULL) {\r | |
140 | goto _Exit;\r | |
141 | }\r | |
142 | \r | |
143 | //\r | |
144 | // The type of Pkcs7 must be signedData\r | |
145 | //\r | |
146 | if (!PKCS7_type_is_signed (Pkcs7)) {\r | |
147 | goto _Exit;\r | |
148 | }\r | |
149 | \r | |
150 | //\r | |
151 | // Check for detached or attached content\r | |
152 | //\r | |
153 | if (PKCS7_get_detached (Pkcs7)) {\r | |
154 | //\r | |
155 | // No Content supplied for PKCS7 detached signedData\r | |
156 | //\r | |
157 | *Content = NULL;\r | |
158 | *ContentSize = 0;\r | |
159 | } else {\r | |
160 | //\r | |
161 | // Retrieve the attached content in PKCS7 signedData\r | |
162 | //\r | |
469eb461 GJ |
163 | OctStr = Pkcs7GetOctetString (Pkcs7->d.sign->contents);\r |
164 | if (OctStr == NULL) {\r | |
165 | goto _Exit;\r | |
166 | }\r | |
167 | \r | |
cc01b26e JW |
168 | if ((OctStr->length > 0) && (OctStr->data != NULL)) {\r |
169 | *ContentSize = OctStr->length;\r | |
170 | *Content = AllocatePool (*ContentSize);\r | |
171 | if (*Content == NULL) {\r | |
172 | *ContentSize = 0;\r | |
173 | goto _Exit;\r | |
174 | }\r | |
7c342378 | 175 | \r |
cc01b26e JW |
176 | CopyMem (*Content, OctStr->data, *ContentSize);\r |
177 | }\r | |
178 | }\r | |
7c342378 | 179 | \r |
cc01b26e JW |
180 | Status = TRUE;\r |
181 | \r | |
182 | _Exit:\r | |
183 | //\r | |
184 | // Release Resources\r | |
185 | //\r | |
186 | PKCS7_free (Pkcs7);\r | |
187 | \r | |
188 | if (!Wrapped) {\r | |
189 | OPENSSL_free (SignedData);\r | |
190 | }\r | |
191 | \r | |
192 | return Status;\r | |
193 | }\r |