1 /** @file 2 PKCS#7 SignedData Verification Wrapper Implementation which does not provide 3 real capabilities. 4 5 Copyright (c) 2012 - 2015, Intel Corporation. All rights reserved.<BR> 6 This program and the accompanying materials 7 are licensed and made available under the terms and conditions of the BSD License 8 which accompanies this distribution. The full text of the license may be found at 9 http://opensource.org/licenses/bsd-license.php 10 11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 13 14 **/ 15 16 #include "InternalCryptLib.h" 17 18 /** 19 Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7: 20 Cryptographic Message Syntax Standard". The input signed data could be wrapped 21 in a ContentInfo structure. 22 23 Return FALSE to indicate this interface is not supported. 24 25 @param[in] P7Data Pointer to the PKCS#7 message to verify. 26 @param[in] P7Length Length of the PKCS#7 message in bytes. 27 @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data. 28 It's caller's responsiblity to free the buffer. 29 @param[out] StackLength Length of signer's certificates in bytes. 30 @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates. 31 It's caller's responsiblity to free the buffer. 32 @param[out] CertLength Length of the trusted certificate in bytes. 33 34 @retval FALSE This interface is not supported. 35 36 **/ 37 BOOLEAN 38 EFIAPI 39 Pkcs7GetSigners ( 40 IN CONST UINT8 *P7Data, 41 IN UINTN P7Length, 42 OUT UINT8 **CertStack, 43 OUT UINTN *StackLength, 44 OUT UINT8 **TrustedCert, 45 OUT UINTN *CertLength 46 ) 47 { 48 ASSERT (FALSE); 49 return FALSE; 50 } 51 52 /** 53 Wrap function to use free() to free allocated memory for certificates. 54 55 If the interface is not supported, then ASSERT(). 56 57 @param[in] Certs Pointer to the certificates to be freed. 58 59 **/ 60 VOID 61 EFIAPI 62 Pkcs7FreeSigners ( 63 IN UINT8 *Certs 64 ) 65 { 66 ASSERT (FALSE); 67 } 68 69 /** 70 Retrieves all embedded certificates from PKCS#7 signed data as described in "PKCS #7: 71 Cryptographic Message Syntax Standard", and outputs two certificate lists chained and 72 unchained to the signer's certificates. 73 The input signed data could be wrapped in a ContentInfo structure. 74 75 @param[in] P7Data Pointer to the PKCS#7 message. 76 @param[in] P7Length Length of the PKCS#7 message in bytes. 77 @param[out] SignerChainCerts Pointer to the certificates list chained to signer's 78 certificate. It's caller's responsiblity to free the buffer. 79 @param[out] ChainLength Length of the chained certificates list buffer in bytes. 80 @param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's 81 responsiblity to free the buffer. 82 @param[out] UnchainLength Length of the unchained certificates list buffer in bytes. 83 84 @retval TRUE The operation is finished successfully. 85 @retval FALSE Error occurs during the operation. 86 87 **/ 88 BOOLEAN 89 EFIAPI 90 Pkcs7GetCertificatesList ( 91 IN CONST UINT8 *P7Data, 92 IN UINTN P7Length, 93 OUT UINT8 **SignerChainCerts, 94 OUT UINTN *ChainLength, 95 OUT UINT8 **UnchainCerts, 96 OUT UINTN *UnchainLength 97 ) 98 { 99 ASSERT (FALSE); 100 return FALSE; 101 } 102 103 /** 104 Verifies the validility of a PKCS#7 signed data as described in "PKCS #7: 105 Cryptographic Message Syntax Standard". The input signed data could be wrapped 106 in a ContentInfo structure. 107 108 Return FALSE to indicate this interface is not supported. 109 110 @param[in] P7Data Pointer to the PKCS#7 message to verify. 111 @param[in] P7Length Length of the PKCS#7 message in bytes. 112 @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which 113 is used for certificate chain verification. 114 @param[in] CertLength Length of the trusted certificate in bytes. 115 @param[in] InData Pointer to the content to be verified. 116 @param[in] DataLength Length of InData in bytes. 117 118 @retval FALSE This interface is not supported. 119 120 **/ 121 BOOLEAN 122 EFIAPI 123 Pkcs7Verify ( 124 IN CONST UINT8 *P7Data, 125 IN UINTN P7Length, 126 IN CONST UINT8 *TrustedCert, 127 IN UINTN CertLength, 128 IN CONST UINT8 *InData, 129 IN UINTN DataLength 130 ) 131 { 132 ASSERT (FALSE); 133 return FALSE; 134 } 135 136 /** 137 Extracts the attached content from a PKCS#7 signed data if existed. The input signed 138 data could be wrapped in a ContentInfo structure. 139 140 Return FALSE to indicate this interface is not supported. 141 142 @param[in] P7Data Pointer to the PKCS#7 signed data to process. 143 @param[in] P7Length Length of the PKCS#7 signed data in bytes. 144 @param[out] Content Pointer to the extracted content from the PKCS#7 signedData. 145 It's caller's responsiblity to free the buffer. 146 @param[out] ContentSize The size of the extracted content in bytes. 147 148 @retval TRUE The P7Data was correctly formatted for processing. 149 @retval FALSE The P7Data was not correctly formatted for processing. 150 151 **/ 152 BOOLEAN 153 EFIAPI 154 Pkcs7GetAttachedContent ( 155 IN CONST UINT8 *P7Data, 156 IN UINTN P7Length, 157 OUT VOID **Content, 158 OUT UINTN *ContentSize 159 ) 160 { 161 ASSERT (FALSE); 162 return FALSE; 163 } 164
