IN VOID *X509Stack\r
);\r
\r
+/**\r
+ Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:\r
+ Cryptographic Message Syntax Standard". The input signed data could be wrapped\r
+ in a ContentInfo structure.\r
+\r
+ If P7Data, CertStack, StackLength, TrustedCert or CertLength is NULL, then\r
+ return FALSE. If P7Length overflow, then return FAlSE.\r
+\r
+ @param[in] P7Data Pointer to the PKCS#7 message to verify.\r
+ @param[in] P7Length Length of the PKCS#7 message in bytes.\r
+ @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.\r
+ It's caller's responsiblity to free the buffer.\r
+ @param[out] StackLength Length of signer's certificates in bytes.\r
+ @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.\r
+ It's caller's responsiblity to free the buffer.\r
+ @param[out] CertLength Length of the trusted certificate in bytes.\r
+\r
+ @retval TRUE The operation is finished successfully.\r
+ @retval FALSE Error occurs during the operation.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Pkcs7GetSigners (\r
+ IN CONST UINT8 *P7Data,\r
+ IN UINTN P7Length,\r
+ OUT UINT8 **CertStack,\r
+ OUT UINTN *StackLength,\r
+ OUT UINT8 **TrustedCert,\r
+ OUT UINTN *CertLength\r
+ );\r
+\r
+/**\r
+ Wrap function to use free() to free allocated memory for certificates.\r
+\r
+ @param[in] Certs Pointer to the certificates to be freed.\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+Pkcs7FreeSigners (\r
+ IN UINT8 *Certs\r
+ );\r
+\r
/**\r
Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message\r
Syntax Standard, version 1.5". This interface is only intended to be used for\r
);\r
\r
/**\r
- Verifies the validility of a PKCS#7 signed data as described in "PKCS #7: Cryptographic\r
- Message Syntax Standard".\r
+ Verifies the validility of a PKCS#7 signed data as described in "PKCS #7:\r
+ Cryptographic Message Syntax Standard". The input signed data could be wrapped\r
+ in a ContentInfo structure.\r
\r
- If P7Data is NULL, then return FALSE.\r
+ If P7Data, TrustedCert or InData is NULL, then return FALSE.\r
+ If P7Length, CertLength or DataLength overflow, then return FAlSE.\r
\r
@param[in] P7Data Pointer to the PKCS#7 message to verify.\r
- @param[in] P7Size Size of the PKCS#7 message in bytes.\r
+ @param[in] P7Length Length of the PKCS#7 message in bytes.\r
@param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which\r
is used for certificate chain verification.\r
- @param[in] CertSize Size of the trusted certificate in bytes.\r
+ @param[in] CertLength Length of the trusted certificate in bytes.\r
@param[in] InData Pointer to the content to be verified.\r
- @param[in] DataSize Size of InData in bytes.\r
+ @param[in] DataLength Length of InData in bytes.\r
\r
@retval TRUE The specified PKCS#7 signed data is valid.\r
@retval FALSE Invalid PKCS#7 signed data.\r
EFIAPI\r
Pkcs7Verify (\r
IN CONST UINT8 *P7Data,\r
- IN UINTN P7Size,\r
+ IN UINTN P7Length,\r
IN CONST UINT8 *TrustedCert,\r
- IN UINTN CertSize,\r
+ IN UINTN CertLength,\r
IN CONST UINT8 *InData,\r
- IN UINTN DataSize\r
+ IN UINTN DataLength\r
);\r
\r
/**\r
projects / mirror_edk2.git / blobdiff