sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CryptoPkg/BaseCryptLib: Add C-structure to matching certificate stack

Browse Source 
The parameter CertStack of Pkcs7GetSigners will return all embedded X.509
certificate in one given PKCS7 signature. The format is:
//
// UINT8  CertNumber;
// UINT32 Cert1Length;
// UINT8  Cert1[];
// UINT32 Cert2Length;
// UINT8  Cert2[];
// ...
// UINT32 CertnLength;
// UINT8  Certn[];
//
Add EFI_CERT_STACK and EFI_CERT_DATA structure, these two C-structure are
used for parsing CertStack more clearly.

Cc: Long Qin <qin.long@intel.com>
Cc: Zhang Chao <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: chenc2 <chen.a.chen@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Zhang Chao <chao.b.zhang@intel.com>
This commit is contained in:
chenc2
2017-11-07 08:56:56 +08:00
committed by Zhang, Chao B
parent 829633e3a8
commit 3702637a52
3 changed files with 39 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
CryptoPkg/Include/Library/BaseCryptLib.h
View File

@@ -2376,6 +2376,36 @@ Pkcs5HashPassword (
OUT UINT8 *OutKey OUT UINT8 *OutKey
); );
/**
The 3rd parameter of Pkcs7GetSigners will return all embedded
X.509 certificate in one given PKCS7 signature. The format is:
//
// UINT8 CertNumber;
// UINT32 Cert1Length;
// UINT8 Cert1[];
// UINT32 Cert2Length;
// UINT8 Cert2[];
// ...
// UINT32 CertnLength;
// UINT8 Certn[];
//
The two following C-structure are used for parsing CertStack more clearly.
**/
#pragma pack(1)
typedef struct {
UINT32 CertDataLength; // The length in bytes of X.509 certificate.
UINT8 CertDataBuffer[0]; // The X.509 certificate content (DER).
} EFI_CERT_DATA;
typedef struct {
UINT8 CertNumber; // Number of X.509 certificate.
//EFI_CERT_DATA CertArray[]; // An array of X.509 certificate.
} EFI_CERT_STACK;
#pragma pack()
/** /**
Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7: Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:
Cryptographic Message Syntax Standard". The input signed data could be wrapped Cryptographic Message Syntax Standard". The input signed data could be wrapped
@@ -2390,6 +2420,7 @@ Pkcs5HashPassword (
@param[out] CertStack Pointer to Signer's certificates retrieved from P7Data. @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.
It's caller's responsibility to free the buffer with It's caller's responsibility to free the buffer with
Pkcs7FreeSigners(). Pkcs7FreeSigners().
This data structure is EFI_CERT_STACK type.
@param[out] StackLength Length of signer's certificates in bytes. @param[out] StackLength Length of signer's certificates in bytes.
@param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates. @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.
It's caller's responsibility to free the buffer with It's caller's responsibility to free the buffer with
@@ -2437,9 +2468,11 @@ Pkcs7FreeSigners (
@param[out] SignerChainCerts Pointer to the certificates list chained to signer's @param[out] SignerChainCerts Pointer to the certificates list chained to signer's
certificate. It's caller's responsibility to free the buffer certificate. It's caller's responsibility to free the buffer
with Pkcs7FreeSigners(). with Pkcs7FreeSigners().
This data structure is EFI_CERT_STACK type.
@param[out] ChainLength Length of the chained certificates list buffer in bytes. @param[out] ChainLength Length of the chained certificates list buffer in bytes.
@param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's @param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's
responsibility to free the buffer with Pkcs7FreeSigners(). responsibility to free the buffer with Pkcs7FreeSigners().
This data structure is EFI_CERT_STACK type.
@param[out] UnchainLength Length of the unchained certificates list buffer in bytes. @param[out] UnchainLength Length of the unchained certificates list buffer in bytes.
@retval TRUE The operation is finished successfully. @retval TRUE The operation is finished successfully.

3
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
View File

@@ -242,6 +242,7 @@ _Exit:
@param[out] CertStack Pointer to Signer's certificates retrieved from P7Data. @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.
It's caller's responsibility to free the buffer with It's caller's responsibility to free the buffer with
Pkcs7FreeSigners(). Pkcs7FreeSigners().
This data structure is EFI_CERT_STACK type.
@param[out] StackLength Length of signer's certificates in bytes. @param[out] StackLength Length of signer's certificates in bytes.
@param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates. @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.
It's caller's responsibility to free the buffer with It's caller's responsibility to free the buffer with
@@ -442,9 +443,11 @@ Pkcs7FreeSigners (
@param[out] SignerChainCerts Pointer to the certificates list chained to signer's @param[out] SignerChainCerts Pointer to the certificates list chained to signer's
certificate. It's caller's responsibility to free the buffer certificate. It's caller's responsibility to free the buffer
with Pkcs7FreeSigners(). with Pkcs7FreeSigners().
This data structure is EFI_CERT_STACK type.
@param[out] ChainLength Length of the chained certificates list buffer in bytes. @param[out] ChainLength Length of the chained certificates list buffer in bytes.
@param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's @param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's
responsibility to free the buffer with Pkcs7FreeSigners(). responsibility to free the buffer with Pkcs7FreeSigners().
This data structure is EFI_CERT_STACK type.
@param[out] UnchainLength Length of the unchained certificates list buffer in bytes. @param[out] UnchainLength Length of the unchained certificates list buffer in bytes.
@retval TRUE The operation is finished successfully. @retval TRUE The operation is finished successfully.

3
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c
View File

@@ -27,6 +27,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
@param[out] CertStack Pointer to Signer's certificates retrieved from P7Data. @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.
It's caller's responsibility to free the buffer with It's caller's responsibility to free the buffer with
Pkcs7FreeSigners(). Pkcs7FreeSigners().
This data structure is EFI_CERT_STACK type.
@param[out] StackLength Length of signer's certificates in bytes. @param[out] StackLength Length of signer's certificates in bytes.
@param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates. @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.
It's caller's responsibility to free the buffer with It's caller's responsibility to free the buffer with
@@ -79,9 +80,11 @@ Pkcs7FreeSigners (
@param[out] SignerChainCerts Pointer to the certificates list chained to signer's @param[out] SignerChainCerts Pointer to the certificates list chained to signer's
certificate. It's caller's responsibility to free the buffer certificate. It's caller's responsibility to free the buffer
with Pkcs7FreeSigners(). with Pkcs7FreeSigners().
This data structure is EFI_CERT_STACK type.
@param[out] ChainLength Length of the chained certificates list buffer in bytes. @param[out] ChainLength Length of the chained certificates list buffer in bytes.
@param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's @param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's
responsibility to free the buffer with Pkcs7FreeSigners(). responsibility to free the buffer with Pkcs7FreeSigners().
This data structure is EFI_CERT_STACK type.
@param[out] UnchainLength Length of the unchained certificates list buffer in bytes. @param[out] UnchainLength Length of the unchained certificates list buffer in bytes.
@retval TRUE The operation is finished successfully. @retval TRUE The operation is finished successfully.