/** @file | |
PKCS#7 SignedData Verification Wrapper Implementation which does not provide | |
real capabilities. | |
Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR> | |
SPDX-License-Identifier: BSD-2-Clause-Patent | |
**/ | |
#include "InternalCryptLib.h" | |
/** | |
Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7: | |
Cryptographic Message Syntax Standard". The input signed data could be wrapped | |
in a ContentInfo structure. | |
Return FALSE to indicate this interface is not supported. | |
@param[in] P7Data Pointer to the PKCS#7 message to verify. | |
@param[in] P7Length Length of the PKCS#7 message in bytes. | |
@param[out] CertStack Pointer to Signer's certificates retrieved from P7Data. | |
It's caller's responsibility to free the buffer with | |
Pkcs7FreeSigners(). | |
This data structure is EFI_CERT_STACK type. | |
@param[out] StackLength Length of signer's certificates in bytes. | |
@param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates. | |
It's caller's responsibility to free the buffer with | |
Pkcs7FreeSigners(). | |
@param[out] CertLength Length of the trusted certificate in bytes. | |
@retval FALSE This interface is not supported. | |
**/ | |
BOOLEAN | |
EFIAPI | |
Pkcs7GetSigners ( | |
IN CONST UINT8 *P7Data, | |
IN UINTN P7Length, | |
OUT UINT8 **CertStack, | |
OUT UINTN *StackLength, | |
OUT UINT8 **TrustedCert, | |
OUT UINTN *CertLength | |
) | |
{ | |
ASSERT (FALSE); | |
return FALSE; | |
} | |
/** | |
Wrap function to use free() to free allocated memory for certificates. | |
If the interface is not supported, then ASSERT(). | |
@param[in] Certs Pointer to the certificates to be freed. | |
**/ | |
VOID | |
EFIAPI | |
Pkcs7FreeSigners ( | |
IN UINT8 *Certs | |
) | |
{ | |
ASSERT (FALSE); | |
} | |
/** | |
Retrieves all embedded certificates from PKCS#7 signed data as described in "PKCS #7: | |
Cryptographic Message Syntax Standard", and outputs two certificate lists chained and | |
unchained to the signer's certificates. | |
The input signed data could be wrapped in a ContentInfo structure. | |
@param[in] P7Data Pointer to the PKCS#7 message. | |
@param[in] P7Length Length of the PKCS#7 message in bytes. | |
@param[out] SignerChainCerts Pointer to the certificates list chained to signer's | |
certificate. It's caller's responsibility to free the buffer | |
with Pkcs7FreeSigners(). | |
This data structure is EFI_CERT_STACK type. | |
@param[out] ChainLength Length of the chained certificates list buffer in bytes. | |
@param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's | |
responsibility to free the buffer with Pkcs7FreeSigners(). | |
This data structure is EFI_CERT_STACK type. | |
@param[out] UnchainLength Length of the unchained certificates list buffer in bytes. | |
@retval TRUE The operation is finished successfully. | |
@retval FALSE Error occurs during the operation. | |
**/ | |
BOOLEAN | |
EFIAPI | |
Pkcs7GetCertificatesList ( | |
IN CONST UINT8 *P7Data, | |
IN UINTN P7Length, | |
OUT UINT8 **SignerChainCerts, | |
OUT UINTN *ChainLength, | |
OUT UINT8 **UnchainCerts, | |
OUT UINTN *UnchainLength | |
) | |
{ | |
ASSERT (FALSE); | |
return FALSE; | |
} | |
/** | |
Verifies the validity of a PKCS#7 signed data as described in "PKCS #7: | |
Cryptographic Message Syntax Standard". The input signed data could be wrapped | |
in a ContentInfo structure. | |
Return FALSE to indicate this interface is not supported. | |
@param[in] P7Data Pointer to the PKCS#7 message to verify. | |
@param[in] P7Length Length of the PKCS#7 message in bytes. | |
@param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which | |
is used for certificate chain verification. | |
@param[in] CertLength Length of the trusted certificate in bytes. | |
@param[in] InData Pointer to the content to be verified. | |
@param[in] DataLength Length of InData in bytes. | |
@retval FALSE This interface is not supported. | |
**/ | |
BOOLEAN | |
EFIAPI | |
Pkcs7Verify ( | |
IN CONST UINT8 *P7Data, | |
IN UINTN P7Length, | |
IN CONST UINT8 *TrustedCert, | |
IN UINTN CertLength, | |
IN CONST UINT8 *InData, | |
IN UINTN DataLength | |
) | |
{ | |
ASSERT (FALSE); | |
return FALSE; | |
} | |
/** | |
Extracts the attached content from a PKCS#7 signed data if existed. The input signed | |
data could be wrapped in a ContentInfo structure. | |
Return FALSE to indicate this interface is not supported. | |
@param[in] P7Data Pointer to the PKCS#7 signed data to process. | |
@param[in] P7Length Length of the PKCS#7 signed data in bytes. | |
@param[out] Content Pointer to the extracted content from the PKCS#7 signedData. | |
It's caller's responsibility to free the buffer with FreePool(). | |
@param[out] ContentSize The size of the extracted content in bytes. | |
@retval TRUE The P7Data was correctly formatted for processing. | |
@retval FALSE The P7Data was not correctly formatted for processing. | |
**/ | |
BOOLEAN | |
EFIAPI | |
Pkcs7GetAttachedContent ( | |
IN CONST UINT8 *P7Data, | |
IN UINTN P7Length, | |
OUT VOID **Content, | |
OUT UINTN *ContentSize | |
) | |
{ | |
ASSERT (FALSE); | |
return FALSE; | |
} |