]>
git.proxmox.com Git - mirror_edk2.git/blob - CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
bc804015624d91468e02b12d03b60f202ac23113
2 PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL.
4 Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
15 #include "InternalCryptLib.h"
17 #include <openssl/objects.h>
18 #include <openssl/x509.h>
19 #include <openssl/pkcs7.h>
22 Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
23 Syntax Standard, version 1.5". This interface is only intended to be used for
24 application to perform PKCS#7 functionality validation.
26 @param[in] PrivateKey Pointer to the PEM-formatted private key data for
28 @param[in] PrivateKeySize Size of the PEM private key data in bytes.
29 @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM
31 @param[in] InData Pointer to the content to be signed.
32 @param[in] InDataSize Size of InData in bytes.
33 @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with.
34 @param[in] OtherCerts Pointer to an optional additional set of certificates to
35 include in the PKCS#7 signedData (e.g. any intermediate
37 @param[out] SignedData Pointer to output PKCS#7 signedData. It's caller's
38 responsibility to free the buffer with FreePool().
39 @param[out] SignedDataSize Size of SignedData in bytes.
41 @retval TRUE PKCS#7 data signing succeeded.
42 @retval FALSE PKCS#7 data signing failed.
48 IN CONST UINT8
*PrivateKey
,
49 IN UINTN PrivateKeySize
,
50 IN CONST UINT8
*KeyPassword
,
54 IN UINT8
*OtherCerts OPTIONAL
,
55 OUT UINT8
**SignedData
,
56 OUT UINTN
*SignedDataSize
69 // Check input parameters.
71 if (PrivateKey
== NULL
|| KeyPassword
== NULL
|| InData
== NULL
||
72 SignCert
== NULL
|| SignedData
== NULL
|| SignedDataSize
== NULL
|| InDataSize
> INT_MAX
) {
83 // Retrieve RSA private key from PEM data.
85 Status
= RsaGetPrivateKeyFromPem (
88 (CONST CHAR8
*) KeyPassword
,
98 // Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling
100 if (EVP_add_digest (EVP_md5 ()) == 0) {
103 if (EVP_add_digest (EVP_sha1 ()) == 0) {
106 if (EVP_add_digest (EVP_sha256 ()) == 0) {
110 RandomSeed (NULL
, 0);
113 // Construct OpenSSL EVP_PKEY for private key.
115 Key
= EVP_PKEY_new ();
119 if (EVP_PKEY_assign_RSA (Key
, (RSA
*) RsaContext
) == 0) {
124 // Convert the data to be signed to BIO format.
126 DataBio
= BIO_new (BIO_s_mem ());
127 if (DataBio
== NULL
) {
131 if (BIO_write (DataBio
, InData
, (int) InDataSize
) <= 0) {
136 // Create the PKCS#7 signedData structure.
141 (STACK_OF(X509
) *) OtherCerts
,
143 PKCS7_BINARY
| PKCS7_NOATTR
| PKCS7_DETACHED
150 // Convert PKCS#7 signedData structure into DER-encoded buffer.
152 P7DataSize
= i2d_PKCS7 (Pkcs7
, NULL
);
153 if (P7DataSize
<= 19) {
157 P7Data
= malloc (P7DataSize
);
158 if (P7Data
== NULL
) {
163 P7DataSize
= i2d_PKCS7 (Pkcs7
, (unsigned char **) &Tmp
);
164 ASSERT (P7DataSize
> 19);
167 // Strip ContentInfo to content only for signeddata. The data be trimmed off
168 // is totally 19 bytes.
170 *SignedDataSize
= P7DataSize
- 19;
171 *SignedData
= AllocatePool (*SignedDataSize
);
172 if (*SignedData
== NULL
) {
173 OPENSSL_free (P7Data
);
177 CopyMem (*SignedData
, P7Data
+ 19, *SignedDataSize
);
179 OPENSSL_free (P7Data
);
191 if (DataBio
!= NULL
) {