Add two new interfaces Pkcs7GetSigners and Pkcs7FreeSigners to BaseCryptLib.
Signed-off by: tye1 Reviewed-by: geekboy15a Reviewed-by: sfu5 Reviewed-by: gdong1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13158 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
@@ -1574,6 +1574,50 @@ X509StackFree (
|
||||
IN VOID *X509Stack
|
||||
);
|
||||
|
||||
/**
|
||||
Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:
|
||||
Cryptographic Message Syntax Standard". The input signed data could be wrapped
|
||||
in a ContentInfo structure.
|
||||
|
||||
If P7Data, CertStack, StackLength, TrustedCert or CertLength is NULL, then
|
||||
return FALSE. If P7Length overflow, then return FAlSE.
|
||||
|
||||
@param[in] P7Data Pointer to the PKCS#7 message to verify.
|
||||
@param[in] P7Length Length of the PKCS#7 message in bytes.
|
||||
@param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.
|
||||
It's caller's responsiblity to free the buffer.
|
||||
@param[out] StackLength Length of signer's certificates in bytes.
|
||||
@param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.
|
||||
It's caller's responsiblity to free the buffer.
|
||||
@param[out] CertLength Length of the trusted certificate in bytes.
|
||||
|
||||
@retval TRUE The operation is finished successfully.
|
||||
@retval FALSE Error occurs during the operation.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Pkcs7GetSigners (
|
||||
IN CONST UINT8 *P7Data,
|
||||
IN UINTN P7Length,
|
||||
OUT UINT8 **CertStack,
|
||||
OUT UINTN *StackLength,
|
||||
OUT UINT8 **TrustedCert,
|
||||
OUT UINTN *CertLength
|
||||
);
|
||||
|
||||
/**
|
||||
Wrap function to use free() to free allocated memory for certificates.
|
||||
|
||||
@param[in] Certs Pointer to the certificates to be freed.
|
||||
|
||||
**/
|
||||
VOID
|
||||
EFIAPI
|
||||
Pkcs7FreeSigners (
|
||||
IN UINT8 *Certs
|
||||
);
|
||||
|
||||
/**
|
||||
Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
|
||||
Syntax Standard, version 1.5". This interface is only intended to be used for
|
||||
@@ -1612,18 +1656,20 @@ Pkcs7Sign (
|
||||
);
|
||||
|
||||
/**
|
||||
Verifies the validility of a PKCS#7 signed data as described in "PKCS #7: Cryptographic
|
||||
Message Syntax Standard".
|
||||
Verifies the validility of a PKCS#7 signed data as described in "PKCS #7:
|
||||
Cryptographic Message Syntax Standard". The input signed data could be wrapped
|
||||
in a ContentInfo structure.
|
||||
|
||||
If P7Data is NULL, then return FALSE.
|
||||
If P7Data, TrustedCert or InData is NULL, then return FALSE.
|
||||
If P7Length, CertLength or DataLength overflow, then return FAlSE.
|
||||
|
||||
@param[in] P7Data Pointer to the PKCS#7 message to verify.
|
||||
@param[in] P7Size Size of the PKCS#7 message in bytes.
|
||||
@param[in] P7Length Length of the PKCS#7 message in bytes.
|
||||
@param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
|
||||
is used for certificate chain verification.
|
||||
@param[in] CertSize Size of the trusted certificate in bytes.
|
||||
@param[in] CertLength Length of the trusted certificate in bytes.
|
||||
@param[in] InData Pointer to the content to be verified.
|
||||
@param[in] DataSize Size of InData in bytes.
|
||||
@param[in] DataLength Length of InData in bytes.
|
||||
|
||||
@retval TRUE The specified PKCS#7 signed data is valid.
|
||||
@retval FALSE Invalid PKCS#7 signed data.
|
||||
@@ -1633,11 +1679,11 @@ BOOLEAN
|
||||
EFIAPI
|
||||
Pkcs7Verify (
|
||||
IN CONST UINT8 *P7Data,
|
||||
IN UINTN P7Size,
|
||||
IN UINTN P7Length,
|
||||
IN CONST UINT8 *TrustedCert,
|
||||
IN UINTN CertSize,
|
||||
IN UINTN CertLength,
|
||||
IN CONST UINT8 *InData,
|
||||
IN UINTN DataSize
|
||||
IN UINTN DataLength
|
||||
);
|
||||
|
||||
/**
|
||||
|
Reference in New Issue
Block a user