2019-09-25 19:14:09 +02:00
|
|
|
/** @file
|
|
|
|
PKCS#7 SignedData Verification Wrapper Implementation which does not provide
|
|
|
|
real capabilities.
|
|
|
|
|
|
|
|
Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
|
|
|
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
|
|
|
|
|
|
**/
|
|
|
|
|
|
|
|
#include "InternalCryptLib.h"
|
|
|
|
|
|
|
|
/**
|
|
|
|
Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:
|
|
|
|
Cryptographic Message Syntax Standard". The input signed data could be wrapped
|
|
|
|
in a ContentInfo structure.
|
|
|
|
|
|
|
|
Return FALSE to indicate this interface is not supported.
|
|
|
|
|
|
|
|
@param[in] P7Data Pointer to the PKCS#7 message to verify.
|
|
|
|
@param[in] P7Length Length of the PKCS#7 message in bytes.
|
|
|
|
@param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.
|
|
|
|
It's caller's responsibility to free the buffer with
|
|
|
|
Pkcs7FreeSigners().
|
|
|
|
This data structure is EFI_CERT_STACK type.
|
|
|
|
@param[out] StackLength Length of signer's certificates in bytes.
|
|
|
|
@param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.
|
|
|
|
It's caller's responsibility to free the buffer with
|
|
|
|
Pkcs7FreeSigners().
|
|
|
|
@param[out] CertLength Length of the trusted certificate in bytes.
|
|
|
|
|
|
|
|
@retval FALSE This interface is not supported.
|
|
|
|
|
|
|
|
**/
|
|
|
|
BOOLEAN
|
|
|
|
EFIAPI
|
|
|
|
Pkcs7GetSigners (
|
|
|
|
IN CONST UINT8 *P7Data,
|
|
|
|
IN UINTN P7Length,
|
|
|
|
OUT UINT8 **CertStack,
|
|
|
|
OUT UINTN *StackLength,
|
|
|
|
OUT UINT8 **TrustedCert,
|
|
|
|
OUT UINTN *CertLength
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Wrap function to use free() to free allocated memory for certificates.
|
|
|
|
|
|
|
|
If the interface is not supported, then ASSERT().
|
|
|
|
|
|
|
|
@param[in] Certs Pointer to the certificates to be freed.
|
|
|
|
|
|
|
|
**/
|
|
|
|
VOID
|
|
|
|
EFIAPI
|
|
|
|
Pkcs7FreeSigners (
|
2021-12-05 23:53:54 +01:00
|
|
|
IN UINT8 *Certs
|
2019-09-25 19:14:09 +02:00
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Retrieves all embedded certificates from PKCS#7 signed data as described in "PKCS #7:
|
|
|
|
Cryptographic Message Syntax Standard", and outputs two certificate lists chained and
|
|
|
|
unchained to the signer's certificates.
|
|
|
|
The input signed data could be wrapped in a ContentInfo structure.
|
|
|
|
|
|
|
|
@param[in] P7Data Pointer to the PKCS#7 message.
|
|
|
|
@param[in] P7Length Length of the PKCS#7 message in bytes.
|
|
|
|
@param[out] SignerChainCerts Pointer to the certificates list chained to signer's
|
|
|
|
certificate. It's caller's responsibility to free the buffer
|
|
|
|
with Pkcs7FreeSigners().
|
|
|
|
This data structure is EFI_CERT_STACK type.
|
|
|
|
@param[out] ChainLength Length of the chained certificates list buffer in bytes.
|
|
|
|
@param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's
|
|
|
|
responsibility to free the buffer with Pkcs7FreeSigners().
|
|
|
|
This data structure is EFI_CERT_STACK type.
|
|
|
|
@param[out] UnchainLength Length of the unchained certificates list buffer in bytes.
|
|
|
|
|
|
|
|
@retval TRUE The operation is finished successfully.
|
|
|
|
@retval FALSE Error occurs during the operation.
|
|
|
|
|
|
|
|
**/
|
|
|
|
BOOLEAN
|
|
|
|
EFIAPI
|
|
|
|
Pkcs7GetCertificatesList (
|
|
|
|
IN CONST UINT8 *P7Data,
|
|
|
|
IN UINTN P7Length,
|
|
|
|
OUT UINT8 **SignerChainCerts,
|
|
|
|
OUT UINTN *ChainLength,
|
|
|
|
OUT UINT8 **UnchainCerts,
|
|
|
|
OUT UINTN *UnchainLength
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Verifies the validity of a PKCS#7 signed data as described in "PKCS #7:
|
|
|
|
Cryptographic Message Syntax Standard". The input signed data could be wrapped
|
|
|
|
in a ContentInfo structure.
|
|
|
|
|
|
|
|
Return FALSE to indicate this interface is not supported.
|
|
|
|
|
|
|
|
@param[in] P7Data Pointer to the PKCS#7 message to verify.
|
|
|
|
@param[in] P7Length Length of the PKCS#7 message in bytes.
|
|
|
|
@param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
|
|
|
|
is used for certificate chain verification.
|
|
|
|
@param[in] CertLength Length of the trusted certificate in bytes.
|
|
|
|
@param[in] InData Pointer to the content to be verified.
|
|
|
|
@param[in] DataLength Length of InData in bytes.
|
|
|
|
|
|
|
|
@retval FALSE This interface is not supported.
|
|
|
|
|
|
|
|
**/
|
|
|
|
BOOLEAN
|
|
|
|
EFIAPI
|
|
|
|
Pkcs7Verify (
|
|
|
|
IN CONST UINT8 *P7Data,
|
|
|
|
IN UINTN P7Length,
|
|
|
|
IN CONST UINT8 *TrustedCert,
|
|
|
|
IN UINTN CertLength,
|
|
|
|
IN CONST UINT8 *InData,
|
|
|
|
IN UINTN DataLength
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Extracts the attached content from a PKCS#7 signed data if existed. The input signed
|
|
|
|
data could be wrapped in a ContentInfo structure.
|
|
|
|
|
|
|
|
Return FALSE to indicate this interface is not supported.
|
|
|
|
|
|
|
|
@param[in] P7Data Pointer to the PKCS#7 signed data to process.
|
|
|
|
@param[in] P7Length Length of the PKCS#7 signed data in bytes.
|
|
|
|
@param[out] Content Pointer to the extracted content from the PKCS#7 signedData.
|
|
|
|
It's caller's responsibility to free the buffer with FreePool().
|
|
|
|
@param[out] ContentSize The size of the extracted content in bytes.
|
|
|
|
|
|
|
|
@retval TRUE The P7Data was correctly formatted for processing.
|
|
|
|
@retval FALSE The P7Data was not correctly formatted for processing.
|
|
|
|
|
|
|
|
**/
|
|
|
|
BOOLEAN
|
|
|
|
EFIAPI
|
|
|
|
Pkcs7GetAttachedContent (
|
|
|
|
IN CONST UINT8 *P7Data,
|
|
|
|
IN UINTN P7Length,
|
|
|
|
OUT VOID **Content,
|
|
|
|
OUT UINTN *ContentSize
|
|
|
|
)
|
|
|
|
{
|
|
|
|
ASSERT (FALSE);
|
|
|
|
return FALSE;
|
|
|
|
}
|