| /** @file | |
| PKCS#7 SignedData Verification Wrapper Implementation which does not provide | |
| real capabilities. | |
| Copyright (c) 2023, Intel Corporation. All rights reserved.<BR> | |
| SPDX-License-Identifier: BSD-2-Clause-Patent | |
| **/ | |
| #include "InternalCryptLib.h" | |
| /** | |
| Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7: | |
| Cryptographic Message Syntax Standard". The input signed data could be wrapped | |
| in a ContentInfo structure. | |
| Return FALSE to indicate this interface is not supported. | |
| @param[in] P7Data Pointer to the PKCS#7 message to verify. | |
| @param[in] P7Length Length of the PKCS#7 message in bytes. | |
| @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data. | |
| It's caller's responsibility to free the buffer with | |
| Pkcs7FreeSigners(). | |
| This data structure is EFI_CERT_STACK type. | |
| @param[out] StackLength Length of signer's certificates in bytes. | |
| @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates. | |
| It's caller's responsibility to free the buffer with | |
| Pkcs7FreeSigners(). | |
| @param[out] CertLength Length of the trusted certificate in bytes. | |
| @retval FALSE This interface is not supported. | |
| **/ | |
| BOOLEAN | |
| EFIAPI | |
| Pkcs7GetSigners ( | |
| IN CONST UINT8 *P7Data, | |
| IN UINTN P7Length, | |
| OUT UINT8 **CertStack, | |
| OUT UINTN *StackLength, | |
| OUT UINT8 **TrustedCert, | |
| OUT UINTN *CertLength | |
| ) | |
| { | |
| ASSERT (FALSE); | |
| return FALSE; | |
| } | |
| /** | |
| Wrap function to use free() to free allocated memory for certificates. | |
| If the interface is not supported, then ASSERT(). | |
| @param[in] Certs Pointer to the certificates to be freed. | |
| **/ | |
| VOID | |
| EFIAPI | |
| Pkcs7FreeSigners ( | |
| IN UINT8 *Certs | |
| ) | |
| { | |
| ASSERT (FALSE); | |
| } | |
| /** | |
| Retrieves all embedded certificates from PKCS#7 signed data as described in "PKCS #7: | |
| Cryptographic Message Syntax Standard", and outputs two certificate lists chained and | |
| unchained to the signer's certificates. | |
| The input signed data could be wrapped in a ContentInfo structure. | |
| @param[in] P7Data Pointer to the PKCS#7 message. | |
| @param[in] P7Length Length of the PKCS#7 message in bytes. | |
| @param[out] SignerChainCerts Pointer to the certificates list chained to signer's | |
| certificate. It's caller's responsibility to free the buffer | |
| with Pkcs7FreeSigners(). | |
| This data structure is EFI_CERT_STACK type. | |
| @param[out] ChainLength Length of the chained certificates list buffer in bytes. | |
| @param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's | |
| responsibility to free the buffer with Pkcs7FreeSigners(). | |
| This data structure is EFI_CERT_STACK type. | |
| @param[out] UnchainLength Length of the unchained certificates list buffer in bytes. | |
| @retval TRUE The operation is finished successfully. | |
| @retval FALSE Error occurs during the operation. | |
| **/ | |
| BOOLEAN | |
| EFIAPI | |
| Pkcs7GetCertificatesList ( | |
| IN CONST UINT8 *P7Data, | |
| IN UINTN P7Length, | |
| OUT UINT8 **SignerChainCerts, | |
| OUT UINTN *ChainLength, | |
| OUT UINT8 **UnchainCerts, | |
| OUT UINTN *UnchainLength | |
| ) | |
| { | |
| ASSERT (FALSE); | |
| return FALSE; | |
| } | |
| /** | |
| Verifies the validity of a PKCS#7 signed data as described in "PKCS #7: | |
| Cryptographic Message Syntax Standard". The input signed data could be wrapped | |
| in a ContentInfo structure. | |
| Return FALSE to indicate this interface is not supported. | |
| @param[in] P7Data Pointer to the PKCS#7 message to verify. | |
| @param[in] P7Length Length of the PKCS#7 message in bytes. | |
| @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which | |
| is used for certificate chain verification. | |
| @param[in] CertLength Length of the trusted certificate in bytes. | |
| @param[in] InData Pointer to the content to be verified. | |
| @param[in] DataLength Length of InData in bytes. | |
| @retval FALSE This interface is not supported. | |
| **/ | |
| BOOLEAN | |
| EFIAPI | |
| Pkcs7Verify ( | |
| IN CONST UINT8 *P7Data, | |
| IN UINTN P7Length, | |
| IN CONST UINT8 *TrustedCert, | |
| IN UINTN CertLength, | |
| IN CONST UINT8 *InData, | |
| IN UINTN DataLength | |
| ) | |
| { | |
| ASSERT (FALSE); | |
| return FALSE; | |
| } | |
| /** | |
| Extracts the attached content from a PKCS#7 signed data if existed. The input signed | |
| data could be wrapped in a ContentInfo structure. | |
| Return FALSE to indicate this interface is not supported. | |
| @param[in] P7Data Pointer to the PKCS#7 signed data to process. | |
| @param[in] P7Length Length of the PKCS#7 signed data in bytes. | |
| @param[out] Content Pointer to the extracted content from the PKCS#7 signedData. | |
| It's caller's responsibility to free the buffer with FreePool(). | |
| @param[out] ContentSize The size of the extracted content in bytes. | |
| @retval TRUE The P7Data was correctly formatted for processing. | |
| @retval FALSE The P7Data was not correctly formatted for processing. | |
| **/ | |
| BOOLEAN | |
| EFIAPI | |
| Pkcs7GetAttachedContent ( | |
| IN CONST UINT8 *P7Data, | |
| IN UINTN P7Length, | |
| OUT VOID **Content, | |
| OUT UINTN *ContentSize | |
| ) | |
| { | |
| ASSERT (FALSE); | |
| return FALSE; | |
| } |