From e8b4eb041777a361c2fb81b34c8ab65951ff8c46 Mon Sep 17 00:00:00 2001 From: tye1 Date: Sat, 31 Mar 2012 04:49:02 +0000 Subject: Add two new interfaces Pkcs7GetSigners and Pkcs7FreeSigners to BaseCryptLib. Signed-off by: tye1 Reviewed-by: geekboy15a Reviewed-by: sfu5 Reviewed-by: gdong1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13158 6f19259b-4bc3-4df7-8a09-765794883524 --- CryptoPkg/Include/Library/BaseCryptLib.h | 64 +++++++++++++++++++++++++++----- 1 file changed, 55 insertions(+), 9 deletions(-) (limited to 'CryptoPkg/Include') diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 69b9a888f..ffd83ada6 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1574,6 +1574,50 @@ X509StackFree ( IN VOID *X509Stack ); +/** + Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7: + Cryptographic Message Syntax Standard". The input signed data could be wrapped + in a ContentInfo structure. + + If P7Data, CertStack, StackLength, TrustedCert or CertLength is NULL, then + return FALSE. If P7Length overflow, then return FAlSE. + + @param[in] P7Data Pointer to the PKCS#7 message to verify. + @param[in] P7Length Length of the PKCS#7 message in bytes. + @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data. + It's caller's responsiblity to free the buffer. + @param[out] StackLength Length of signer's certificates in bytes. + @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates. + It's caller's responsiblity to free the buffer. + @param[out] CertLength Length of the trusted certificate in bytes. + + @retval TRUE The operation is finished successfully. + @retval FALSE Error occurs during the operation. + +**/ +BOOLEAN +EFIAPI +Pkcs7GetSigners ( + IN CONST UINT8 *P7Data, + IN UINTN P7Length, + OUT UINT8 **CertStack, + OUT UINTN *StackLength, + OUT UINT8 **TrustedCert, + OUT UINTN *CertLength + ); + +/** + Wrap function to use free() to free allocated memory for certificates. + + @param[in] Certs Pointer to the certificates to be freed. + +**/ +VOID +EFIAPI +Pkcs7FreeSigners ( + IN UINT8 *Certs + ); + /** Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message Syntax Standard, version 1.5". This interface is only intended to be used for @@ -1612,18 +1656,20 @@ Pkcs7Sign ( ); /** - Verifies the validility of a PKCS#7 signed data as described in "PKCS #7: Cryptographic - Message Syntax Standard". + Verifies the validility of a PKCS#7 signed data as described in "PKCS #7: + Cryptographic Message Syntax Standard". The input signed data could be wrapped + in a ContentInfo structure. - If P7Data is NULL, then return FALSE. + If P7Data, TrustedCert or InData is NULL, then return FALSE. + If P7Length, CertLength or DataLength overflow, then return FAlSE. @param[in] P7Data Pointer to the PKCS#7 message to verify. - @param[in] P7Size Size of the PKCS#7 message in bytes. + @param[in] P7Length Length of the PKCS#7 message in bytes. @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which is used for certificate chain verification. - @param[in] CertSize Size of the trusted certificate in bytes. + @param[in] CertLength Length of the trusted certificate in bytes. @param[in] InData Pointer to the content to be verified. - @param[in] DataSize Size of InData in bytes. + @param[in] DataLength Length of InData in bytes. @retval TRUE The specified PKCS#7 signed data is valid. @retval FALSE Invalid PKCS#7 signed data. @@ -1633,11 +1679,11 @@ BOOLEAN EFIAPI Pkcs7Verify ( IN CONST UINT8 *P7Data, - IN UINTN P7Size, + IN UINTN P7Length, IN CONST UINT8 *TrustedCert, - IN UINTN CertSize, + IN UINTN CertLength, IN CONST UINT8 *InData, - IN UINTN DataSize + IN UINTN DataLength ); /** -- cgit v1.2.3