]>
Commit | Line | Data |
---|---|---|
532616bb | 1 | /** @file\r |
2 | PKCS#7 SignedData Verification Wrapper Implementation which does not provide\r | |
3 | real capabilities.\r | |
4 | \r | |
630f67dd | 5 | Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>\r |
532616bb | 6 | This program and the accompanying materials\r |
7 | are licensed and made available under the terms and conditions of the BSD License\r | |
8 | which accompanies this distribution. The full text of the license may be found at\r | |
9 | http://opensource.org/licenses/bsd-license.php\r | |
10 | \r | |
11 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
12 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
13 | \r | |
14 | **/\r | |
15 | \r | |
16 | #include "InternalCryptLib.h"\r | |
17 | \r | |
18 | /**\r | |
19 | Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:\r | |
20 | Cryptographic Message Syntax Standard". The input signed data could be wrapped\r | |
21 | in a ContentInfo structure.\r | |
22 | \r | |
23 | Return FALSE to indicate this interface is not supported.\r | |
24 | \r | |
25 | @param[in] P7Data Pointer to the PKCS#7 message to verify.\r | |
26 | @param[in] P7Length Length of the PKCS#7 message in bytes.\r | |
27 | @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.\r | |
6fe575d0 LQ |
28 | It's caller's responsibility to free the buffer with\r |
29 | Pkcs7FreeSigners().\r | |
3702637a | 30 | This data structure is EFI_CERT_STACK type.\r |
532616bb | 31 | @param[out] StackLength Length of signer's certificates in bytes.\r |
32 | @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.\r | |
6fe575d0 LQ |
33 | It's caller's responsibility to free the buffer with\r |
34 | Pkcs7FreeSigners().\r | |
532616bb | 35 | @param[out] CertLength Length of the trusted certificate in bytes.\r |
36 | \r | |
37 | @retval FALSE This interface is not supported.\r | |
38 | \r | |
39 | **/\r | |
40 | BOOLEAN\r | |
41 | EFIAPI\r | |
42 | Pkcs7GetSigners (\r | |
43 | IN CONST UINT8 *P7Data,\r | |
44 | IN UINTN P7Length,\r | |
45 | OUT UINT8 **CertStack,\r | |
46 | OUT UINTN *StackLength,\r | |
47 | OUT UINT8 **TrustedCert,\r | |
48 | OUT UINTN *CertLength\r | |
49 | )\r | |
50 | {\r | |
51 | ASSERT (FALSE);\r | |
52 | return FALSE;\r | |
53 | }\r | |
54 | \r | |
55 | /**\r | |
56 | Wrap function to use free() to free allocated memory for certificates.\r | |
57 | \r | |
58 | If the interface is not supported, then ASSERT().\r | |
630f67dd | 59 | \r |
532616bb | 60 | @param[in] Certs Pointer to the certificates to be freed.\r |
61 | \r | |
62 | **/\r | |
63 | VOID\r | |
64 | EFIAPI\r | |
65 | Pkcs7FreeSigners (\r | |
66 | IN UINT8 *Certs\r | |
67 | )\r | |
68 | {\r | |
69 | ASSERT (FALSE);\r | |
70 | }\r | |
71 | \r | |
45419de6 QL |
72 | /**\r |
73 | Retrieves all embedded certificates from PKCS#7 signed data as described in "PKCS #7:\r | |
74 | Cryptographic Message Syntax Standard", and outputs two certificate lists chained and\r | |
75 | unchained to the signer's certificates.\r | |
76 | The input signed data could be wrapped in a ContentInfo structure.\r | |
77 | \r | |
78 | @param[in] P7Data Pointer to the PKCS#7 message.\r | |
79 | @param[in] P7Length Length of the PKCS#7 message in bytes.\r | |
0f5f6b3d | 80 | @param[out] SignerChainCerts Pointer to the certificates list chained to signer's\r |
6fe575d0 LQ |
81 | certificate. It's caller's responsibility to free the buffer\r |
82 | with Pkcs7FreeSigners().\r | |
3702637a | 83 | This data structure is EFI_CERT_STACK type.\r |
45419de6 QL |
84 | @param[out] ChainLength Length of the chained certificates list buffer in bytes.\r |
85 | @param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's\r | |
6fe575d0 | 86 | responsibility to free the buffer with Pkcs7FreeSigners().\r |
3702637a | 87 | This data structure is EFI_CERT_STACK type.\r |
45419de6 QL |
88 | @param[out] UnchainLength Length of the unchained certificates list buffer in bytes.\r |
89 | \r | |
90 | @retval TRUE The operation is finished successfully.\r | |
91 | @retval FALSE Error occurs during the operation.\r | |
92 | \r | |
93 | **/\r | |
94 | BOOLEAN\r | |
95 | EFIAPI\r | |
96 | Pkcs7GetCertificatesList (\r | |
97 | IN CONST UINT8 *P7Data,\r | |
98 | IN UINTN P7Length,\r | |
99 | OUT UINT8 **SignerChainCerts,\r | |
100 | OUT UINTN *ChainLength,\r | |
101 | OUT UINT8 **UnchainCerts,\r | |
102 | OUT UINTN *UnchainLength\r | |
103 | )\r | |
104 | {\r | |
105 | ASSERT (FALSE);\r | |
106 | return FALSE;\r | |
107 | }\r | |
108 | \r | |
532616bb | 109 | /**\r |
2998af86 | 110 | Verifies the validity of a PKCS#7 signed data as described in "PKCS #7:\r |
532616bb | 111 | Cryptographic Message Syntax Standard". The input signed data could be wrapped\r |
112 | in a ContentInfo structure.\r | |
113 | \r | |
114 | Return FALSE to indicate this interface is not supported.\r | |
115 | \r | |
116 | @param[in] P7Data Pointer to the PKCS#7 message to verify.\r | |
117 | @param[in] P7Length Length of the PKCS#7 message in bytes.\r | |
118 | @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which\r | |
119 | is used for certificate chain verification.\r | |
120 | @param[in] CertLength Length of the trusted certificate in bytes.\r | |
121 | @param[in] InData Pointer to the content to be verified.\r | |
122 | @param[in] DataLength Length of InData in bytes.\r | |
123 | \r | |
124 | @retval FALSE This interface is not supported.\r | |
125 | \r | |
126 | **/\r | |
127 | BOOLEAN\r | |
128 | EFIAPI\r | |
129 | Pkcs7Verify (\r | |
130 | IN CONST UINT8 *P7Data,\r | |
131 | IN UINTN P7Length,\r | |
132 | IN CONST UINT8 *TrustedCert,\r | |
133 | IN UINTN CertLength,\r | |
134 | IN CONST UINT8 *InData,\r | |
135 | IN UINTN DataLength\r | |
136 | )\r | |
137 | {\r | |
138 | ASSERT (FALSE);\r | |
139 | return FALSE;\r | |
140 | }\r | |
afeb55e4 QL |
141 | \r |
142 | /**\r | |
143 | Extracts the attached content from a PKCS#7 signed data if existed. The input signed\r | |
144 | data could be wrapped in a ContentInfo structure.\r | |
145 | \r | |
146 | Return FALSE to indicate this interface is not supported.\r | |
147 | \r | |
148 | @param[in] P7Data Pointer to the PKCS#7 signed data to process.\r | |
149 | @param[in] P7Length Length of the PKCS#7 signed data in bytes.\r | |
150 | @param[out] Content Pointer to the extracted content from the PKCS#7 signedData.\r | |
6fe575d0 | 151 | It's caller's responsibility to free the buffer with FreePool().\r |
afeb55e4 QL |
152 | @param[out] ContentSize The size of the extracted content in bytes.\r |
153 | \r | |
154 | @retval TRUE The P7Data was correctly formatted for processing.\r | |
155 | @retval FALSE The P7Data was not correctly formatted for processing.\r | |
156 | \r | |
b134fe98 | 157 | **/\r |
afeb55e4 QL |
158 | BOOLEAN\r |
159 | EFIAPI\r | |
160 | Pkcs7GetAttachedContent (\r | |
161 | IN CONST UINT8 *P7Data,\r | |
162 | IN UINTN P7Length,\r | |
163 | OUT VOID **Content,\r | |
164 | OUT UINTN *ContentSize\r | |
165 | )\r | |
166 | {\r | |
167 | ASSERT (FALSE);\r | |
168 | return FALSE;\r | |
169 | }\r |