]>
git.proxmox.com Git - mirror_edk2.git/blob - CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
d3b1a907aad9c5ae8138f0c242f15e56e633da0b
2 PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL.
4 Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
15 #include "InternalCryptLib.h"
17 #include <openssl/objects.h>
18 #include <openssl/x509.h>
19 #include <openssl/pkcs7.h>
22 Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
23 Syntax Standard, version 1.5". This interface is only intended to be used for
24 application to perform PKCS#7 functionality validation.
26 @param[in] PrivateKey Pointer to the PEM-formatted private key data for
28 @param[in] PrivateKeySize Size of the PEM private key data in bytes.
29 @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM
31 @param[in] InData Pointer to the content to be signed.
32 @param[in] InDataSize Size of InData in bytes.
33 @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with.
34 @param[in] OtherCerts Pointer to an optional additional set of certificates to
35 include in the PKCS#7 signedData (e.g. any intermediate
37 @param[out] SignedData Pointer to output PKCS#7 signedData.
38 @param[out] SignedDataSize Size of SignedData in bytes.
40 @retval TRUE PKCS#7 data signing succeeded.
41 @retval FALSE PKCS#7 data signing failed.
47 IN CONST UINT8
*PrivateKey
,
48 IN UINTN PrivateKeySize
,
49 IN CONST UINT8
*KeyPassword
,
53 IN UINT8
*OtherCerts OPTIONAL
,
54 OUT UINT8
**SignedData
,
55 OUT UINTN
*SignedDataSize
68 // Check input parameters.
70 if (PrivateKey
== NULL
|| KeyPassword
== NULL
|| InData
== NULL
||
71 SignCert
== NULL
|| SignedData
== NULL
|| SignedDataSize
== NULL
|| InDataSize
> INT_MAX
) {
82 // Retrieve RSA private key from PEM data.
84 Status
= RsaGetPrivateKeyFromPem (
87 (CONST CHAR8
*) KeyPassword
,
97 // Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling
99 if (EVP_add_digest (EVP_md5 ()) == 0) {
102 if (EVP_add_digest (EVP_sha1 ()) == 0) {
105 if (EVP_add_digest (EVP_sha256 ()) == 0) {
109 RandomSeed (NULL
, 0);
112 // Construct OpenSSL EVP_PKEY for private key.
114 Key
= EVP_PKEY_new ();
118 if (EVP_PKEY_assign_RSA (Key
, (RSA
*) RsaContext
) == 0) {
123 // Convert the data to be signed to BIO format.
125 DataBio
= BIO_new (BIO_s_mem ());
126 if (DataBio
== NULL
) {
130 if (BIO_write (DataBio
, InData
, (int) InDataSize
) <= 0) {
135 // Create the PKCS#7 signedData structure.
140 (STACK_OF(X509
) *) OtherCerts
,
142 PKCS7_BINARY
| PKCS7_NOATTR
| PKCS7_DETACHED
149 // Convert PKCS#7 signedData structure into DER-encoded buffer.
151 P7DataSize
= i2d_PKCS7 (Pkcs7
, NULL
);
152 if (P7DataSize
<= 19) {
156 P7Data
= malloc (P7DataSize
);
157 if (P7Data
== NULL
) {
162 P7DataSize
= i2d_PKCS7 (Pkcs7
, (unsigned char **) &Tmp
);
163 ASSERT (P7DataSize
> 19);
166 // Strip ContentInfo to content only for signeddata. The data be trimmed off
167 // is totally 19 bytes.
169 *SignedDataSize
= P7DataSize
- 19;
170 *SignedData
= malloc (*SignedDataSize
);
171 if (*SignedData
== NULL
) {
172 OPENSSL_free (P7Data
);
176 CopyMem (*SignedData
, P7Data
+ 19, *SignedDataSize
);
178 OPENSSL_free (P7Data
);
190 if (DataBio
!= NULL
) {