https://bugzilla.tianocore.org/show_bug.cgi?id=1373 Replace BSD 2-Clause License with BSD+Patent License. This change is based on the following emails: https://lists.01.org/pipermail/edk2-devel/2019-February/036260.html https://lists.01.org/pipermail/edk2-devel/2018-October/030385.html RFCs with detailed process for the license change: V3: https://lists.01.org/pipermail/edk2-devel/2019-March/038116.html V2: https://lists.01.org/pipermail/edk2-devel/2019-March/037669.html V1: https://lists.01.org/pipermail/edk2-devel/2019-March/037500.html Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
		
			
				
	
	
		
			164 lines
		
	
	
		
			5.5 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			164 lines
		
	
	
		
			5.5 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /** @file
 | |
|   PKCS#7 SignedData Verification Wrapper Implementation which does not provide
 | |
|   real capabilities.
 | |
| 
 | |
| Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
 | |
| SPDX-License-Identifier: BSD-2-Clause-Patent
 | |
| 
 | |
| **/
 | |
| 
 | |
| #include "InternalCryptLib.h"
 | |
| 
 | |
| /**
 | |
|   Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:
 | |
|   Cryptographic Message Syntax Standard". The input signed data could be wrapped
 | |
|   in a ContentInfo structure.
 | |
| 
 | |
|   Return FALSE to indicate this interface is not supported.
 | |
| 
 | |
|   @param[in]  P7Data       Pointer to the PKCS#7 message to verify.
 | |
|   @param[in]  P7Length     Length of the PKCS#7 message in bytes.
 | |
|   @param[out] CertStack    Pointer to Signer's certificates retrieved from P7Data.
 | |
|                            It's caller's responsibility to free the buffer with
 | |
|                            Pkcs7FreeSigners().
 | |
|                            This data structure is EFI_CERT_STACK type.
 | |
|   @param[out] StackLength  Length of signer's certificates in bytes.
 | |
|   @param[out] TrustedCert  Pointer to a trusted certificate from Signer's certificates.
 | |
|                            It's caller's responsibility to free the buffer with
 | |
|                            Pkcs7FreeSigners().
 | |
|   @param[out] CertLength   Length of the trusted certificate in bytes.
 | |
| 
 | |
|   @retval FALSE  This interface is not supported.
 | |
| 
 | |
| **/
 | |
| BOOLEAN
 | |
| EFIAPI
 | |
| Pkcs7GetSigners (
 | |
|   IN  CONST UINT8  *P7Data,
 | |
|   IN  UINTN        P7Length,
 | |
|   OUT UINT8        **CertStack,
 | |
|   OUT UINTN        *StackLength,
 | |
|   OUT UINT8        **TrustedCert,
 | |
|   OUT UINTN        *CertLength
 | |
|   )
 | |
| {
 | |
|   ASSERT (FALSE);
 | |
|   return FALSE;
 | |
| }
 | |
| 
 | |
| /**
 | |
|   Wrap function to use free() to free allocated memory for certificates.
 | |
| 
 | |
|   If the interface is not supported, then ASSERT().
 | |
| 
 | |
|   @param[in]  Certs        Pointer to the certificates to be freed.
 | |
| 
 | |
| **/
 | |
| VOID
 | |
| EFIAPI
 | |
| Pkcs7FreeSigners (
 | |
|   IN  UINT8        *Certs
 | |
|   )
 | |
| {
 | |
|   ASSERT (FALSE);
 | |
| }
 | |
| 
 | |
| /**
 | |
|   Retrieves all embedded certificates from PKCS#7 signed data as described in "PKCS #7:
 | |
|   Cryptographic Message Syntax Standard", and outputs two certificate lists chained and
 | |
|   unchained to the signer's certificates.
 | |
|   The input signed data could be wrapped in a ContentInfo structure.
 | |
| 
 | |
|   @param[in]  P7Data            Pointer to the PKCS#7 message.
 | |
|   @param[in]  P7Length          Length of the PKCS#7 message in bytes.
 | |
|   @param[out] SignerChainCerts  Pointer to the certificates list chained to signer's
 | |
|                                 certificate. It's caller's responsibility to free the buffer
 | |
|                                 with Pkcs7FreeSigners().
 | |
|                                 This data structure is EFI_CERT_STACK type.
 | |
|   @param[out] ChainLength       Length of the chained certificates list buffer in bytes.
 | |
|   @param[out] UnchainCerts      Pointer to the unchained certificates lists. It's caller's
 | |
|                                 responsibility to free the buffer with Pkcs7FreeSigners().
 | |
|                                 This data structure is EFI_CERT_STACK type.
 | |
|   @param[out] UnchainLength     Length of the unchained certificates list buffer in bytes.
 | |
| 
 | |
|   @retval  TRUE         The operation is finished successfully.
 | |
|   @retval  FALSE        Error occurs during the operation.
 | |
| 
 | |
| **/
 | |
| BOOLEAN
 | |
| EFIAPI
 | |
| Pkcs7GetCertificatesList (
 | |
|   IN  CONST UINT8  *P7Data,
 | |
|   IN  UINTN        P7Length,
 | |
|   OUT UINT8        **SignerChainCerts,
 | |
|   OUT UINTN        *ChainLength,
 | |
|   OUT UINT8        **UnchainCerts,
 | |
|   OUT UINTN        *UnchainLength
 | |
|   )
 | |
| {
 | |
|   ASSERT (FALSE);
 | |
|   return FALSE;
 | |
| }
 | |
| 
 | |
| /**
 | |
|   Verifies the validity of a PKCS#7 signed data as described in "PKCS #7:
 | |
|   Cryptographic Message Syntax Standard". The input signed data could be wrapped
 | |
|   in a ContentInfo structure.
 | |
| 
 | |
|   Return FALSE to indicate this interface is not supported.
 | |
| 
 | |
|   @param[in]  P7Data       Pointer to the PKCS#7 message to verify.
 | |
|   @param[in]  P7Length     Length of the PKCS#7 message in bytes.
 | |
|   @param[in]  TrustedCert  Pointer to a trusted/root certificate encoded in DER, which
 | |
|                            is used for certificate chain verification.
 | |
|   @param[in]  CertLength   Length of the trusted certificate in bytes.
 | |
|   @param[in]  InData       Pointer to the content to be verified.
 | |
|   @param[in]  DataLength   Length of InData in bytes.
 | |
| 
 | |
|   @retval FALSE  This interface is not supported.
 | |
| 
 | |
| **/
 | |
| BOOLEAN
 | |
| EFIAPI
 | |
| Pkcs7Verify (
 | |
|   IN  CONST UINT8  *P7Data,
 | |
|   IN  UINTN        P7Length,
 | |
|   IN  CONST UINT8  *TrustedCert,
 | |
|   IN  UINTN        CertLength,
 | |
|   IN  CONST UINT8  *InData,
 | |
|   IN  UINTN        DataLength
 | |
|   )
 | |
| {
 | |
|   ASSERT (FALSE);
 | |
|   return FALSE;
 | |
| }
 | |
| 
 | |
| /**
 | |
|   Extracts the attached content from a PKCS#7 signed data if existed. The input signed
 | |
|   data could be wrapped in a ContentInfo structure.
 | |
| 
 | |
|   Return FALSE to indicate this interface is not supported.
 | |
| 
 | |
|   @param[in]   P7Data       Pointer to the PKCS#7 signed data to process.
 | |
|   @param[in]   P7Length     Length of the PKCS#7 signed data in bytes.
 | |
|   @param[out]  Content      Pointer to the extracted content from the PKCS#7 signedData.
 | |
|                             It's caller's responsibility to free the buffer with FreePool().
 | |
|   @param[out]  ContentSize  The size of the extracted content in bytes.
 | |
| 
 | |
|   @retval     TRUE          The P7Data was correctly formatted for processing.
 | |
|   @retval     FALSE         The P7Data was not correctly formatted for processing.
 | |
| 
 | |
| **/
 | |
| BOOLEAN
 | |
| EFIAPI
 | |
| Pkcs7GetAttachedContent (
 | |
|   IN  CONST UINT8  *P7Data,
 | |
|   IN  UINTN        P7Length,
 | |
|   OUT VOID         **Content,
 | |
|   OUT UINTN        *ContentSize
 | |
|   )
 | |
| {
 | |
|   ASSERT (FALSE);
 | |
|   return FALSE;
 | |
| }
 |