CryptoPkg/BaseCryptLib: Add C-structure to matching certificate stack

The parameter CertStack of Pkcs7GetSigners will return all embedded X.509
certificate in one given PKCS7 signature. The format is:
//
// UINT8  CertNumber;
// UINT32 Cert1Length;
// UINT8  Cert1[];
// UINT32 Cert2Length;
// UINT8  Cert2[];
// ...
// UINT32 CertnLength;
// UINT8  Certn[];
//
Add EFI_CERT_STACK and EFI_CERT_DATA structure, these two C-structure are
used for parsing CertStack more clearly.

Cc: Long Qin <qin.long@intel.com>
Cc: Zhang Chao <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: chenc2 <chen.a.chen@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Zhang Chao <chao.b.zhang@intel.com>

diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index e2b6a956664b96ee8e50f8c75d59a24c7b926f42..027ea09febd57f9443510ec93597ca97e2991967 100644 (file)
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -2376,6 +2376,36 @@ Pkcs5HashPassword (
   OUT UINT8        *OutKey\r
   );\r
 \r
+/**\r
+  The 3rd parameter of Pkcs7GetSigners will return all embedded\r
+  X.509 certificate in one given PKCS7 signature. The format is:\r
+  //\r
+  // UINT8  CertNumber;\r
+  // UINT32 Cert1Length;\r
+  // UINT8  Cert1[];\r
+  // UINT32 Cert2Length;\r
+  // UINT8  Cert2[];\r
+  // ...\r
+  // UINT32 CertnLength;\r
+  // UINT8  Certn[];\r
+  //\r
+\r
+  The two following C-structure are used for parsing CertStack more clearly.\r
+**/\r
+#pragma pack(1)\r
+\r
+typedef struct {\r
+  UINT32    CertDataLength;       // The length in bytes of X.509 certificate.\r
+  UINT8     CertDataBuffer[0];    // The X.509 certificate content (DER).\r
+} EFI_CERT_DATA;\r
+\r
+typedef struct {\r
+  UINT8             CertNumber;   // Number of X.509 certificate.\r
+  //EFI_CERT_DATA   CertArray[];  // An array of X.509 certificate.\r
+} EFI_CERT_STACK;\r
+\r
+#pragma pack()\r
+\r
 /**\r
   Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:\r
   Cryptographic Message Syntax Standard". The input signed data could be wrapped\r
@@ -2390,6 +2420,7 @@ Pkcs5HashPassword (
   @param[out] CertStack    Pointer to Signer's certificates retrieved from P7Data.\r
                            It's caller's responsibility to free the buffer with\r
                            Pkcs7FreeSigners().\r
+                           This data structure is EFI_CERT_STACK type.\r
   @param[out] StackLength  Length of signer's certificates in bytes.\r
   @param[out] TrustedCert  Pointer to a trusted certificate from Signer's certificates.\r
                            It's caller's responsibility to free the buffer with\r
@@ -2437,9 +2468,11 @@ Pkcs7FreeSigners (
   @param[out] SignerChainCerts  Pointer to the certificates list chained to signer's\r
                                 certificate. It's caller's responsibility to free the buffer\r
                                 with Pkcs7FreeSigners().\r
+                                This data structure is EFI_CERT_STACK type.\r
   @param[out] ChainLength       Length of the chained certificates list buffer in bytes.\r
   @param[out] UnchainCerts      Pointer to the unchained certificates lists. It's caller's\r
                                 responsibility to free the buffer with Pkcs7FreeSigners().\r
+                                This data structure is EFI_CERT_STACK type.\r
   @param[out] UnchainLength     Length of the unchained certificates list buffer in bytes.\r
 \r
   @retval  TRUE         The operation is finished successfully.\r

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
index 296df028b130a45d7f1562197ea1d3b31e2ff42d..fe8e5950f9f3ec754f6d6dd54a502b4740c00691 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
@@ -242,6 +242,7 @@ _Exit:
   @param[out] CertStack    Pointer to Signer's certificates retrieved from P7Data.\r
                            It's caller's responsibility to free the buffer with\r
                            Pkcs7FreeSigners().\r
+                           This data structure is EFI_CERT_STACK type.\r
   @param[out] StackLength  Length of signer's certificates in bytes.\r
   @param[out] TrustedCert  Pointer to a trusted certificate from Signer's certificates.\r
                            It's caller's responsibility to free the buffer with\r
@@ -442,9 +443,11 @@ Pkcs7FreeSigners (
   @param[out] SignerChainCerts  Pointer to the certificates list chained to signer's\r
                                 certificate. It's caller's responsibility to free the buffer\r
                                 with Pkcs7FreeSigners().\r
+                                This data structure is EFI_CERT_STACK type.\r
   @param[out] ChainLength       Length of the chained certificates list buffer in bytes.\r
   @param[out] UnchainCerts      Pointer to the unchained certificates lists. It's caller's\r
                                 responsibility to free the buffer with Pkcs7FreeSigners().\r
+                                This data structure is EFI_CERT_STACK type.\r
   @param[out] UnchainLength     Length of the unchained certificates list buffer in bytes.\r
 \r
   @retval  TRUE         The operation is finished successfully.\r

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c
index d3e8ec89a74b95c4503272626154fbf3276e75d3..5490b1f3d66d903b471b0614bd7805d6c126f29d 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c
@@ -27,6 +27,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
   @param[out] CertStack    Pointer to Signer's certificates retrieved from P7Data.\r
                            It's caller's responsibility to free the buffer with\r
                            Pkcs7FreeSigners().\r
+                           This data structure is EFI_CERT_STACK type.\r
   @param[out] StackLength  Length of signer's certificates in bytes.\r
   @param[out] TrustedCert  Pointer to a trusted certificate from Signer's certificates.\r
                            It's caller's responsibility to free the buffer with\r
@@ -79,9 +80,11 @@ Pkcs7FreeSigners (
   @param[out] SignerChainCerts  Pointer to the certificates list chained to signer's\r
                                 certificate. It's caller's responsibility to free the buffer\r
                                 with Pkcs7FreeSigners().\r
+                                This data structure is EFI_CERT_STACK type.\r
   @param[out] ChainLength       Length of the chained certificates list buffer in bytes.\r
   @param[out] UnchainCerts      Pointer to the unchained certificates lists. It's caller's\r
                                 responsibility to free the buffer with Pkcs7FreeSigners().\r
+                                This data structure is EFI_CERT_STACK type.\r
   @param[out] UnchainLength     Length of the unchained certificates list buffer in bytes.\r
 \r
   @retval  TRUE         The operation is finished successfully.\r