summaryrefslogtreecommitdiff
path: root/CryptoPkg/Include
diff options
context:
space:
mode:
authortye1 <tye1@6f19259b-4bc3-4df7-8a09-765794883524>2012-03-31 04:49:02 +0000
committertye1 <tye1@6f19259b-4bc3-4df7-8a09-765794883524>2012-03-31 04:49:02 +0000
commite8b4eb041777a361c2fb81b34c8ab65951ff8c46 (patch)
tree25556d9946378cdcbc1c419cc88cdf83fac7bcdd /CryptoPkg/Include
parented47ae02744bee893531ef4f9072afd93e4f4efd (diff)
downloadedk2-platforms-e8b4eb041777a361c2fb81b34c8ab65951ff8c46.tar.xz
Add two new interfaces Pkcs7GetSigners and Pkcs7FreeSigners to BaseCryptLib.
Signed-off by: tye1 Reviewed-by: geekboy15a Reviewed-by: sfu5 Reviewed-by: gdong1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13158 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'CryptoPkg/Include')
-rw-r--r--CryptoPkg/Include/Library/BaseCryptLib.h64
1 files changed, 55 insertions, 9 deletions
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index 69b9a888f2..ffd83ada66 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -1575,6 +1575,50 @@ X509StackFree (
);
/**
+ Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:
+ Cryptographic Message Syntax Standard". The input signed data could be wrapped
+ in a ContentInfo structure.
+
+ If P7Data, CertStack, StackLength, TrustedCert or CertLength is NULL, then
+ return FALSE. If P7Length overflow, then return FAlSE.
+
+ @param[in] P7Data Pointer to the PKCS#7 message to verify.
+ @param[in] P7Length Length of the PKCS#7 message in bytes.
+ @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.
+ It's caller's responsiblity to free the buffer.
+ @param[out] StackLength Length of signer's certificates in bytes.
+ @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.
+ It's caller's responsiblity to free the buffer.
+ @param[out] CertLength Length of the trusted certificate in bytes.
+
+ @retval TRUE The operation is finished successfully.
+ @retval FALSE Error occurs during the operation.
+
+**/
+BOOLEAN
+EFIAPI
+Pkcs7GetSigners (
+ IN CONST UINT8 *P7Data,
+ IN UINTN P7Length,
+ OUT UINT8 **CertStack,
+ OUT UINTN *StackLength,
+ OUT UINT8 **TrustedCert,
+ OUT UINTN *CertLength
+ );
+
+/**
+ Wrap function to use free() to free allocated memory for certificates.
+
+ @param[in] Certs Pointer to the certificates to be freed.
+
+**/
+VOID
+EFIAPI
+Pkcs7FreeSigners (
+ IN UINT8 *Certs
+ );
+
+/**
Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
Syntax Standard, version 1.5". This interface is only intended to be used for
application to perform PKCS#7 functionality validation.
@@ -1612,18 +1656,20 @@ Pkcs7Sign (
);
/**
- Verifies the validility of a PKCS#7 signed data as described in "PKCS #7: Cryptographic
- Message Syntax Standard".
+ Verifies the validility of a PKCS#7 signed data as described in "PKCS #7:
+ Cryptographic Message Syntax Standard". The input signed data could be wrapped
+ in a ContentInfo structure.
- If P7Data is NULL, then return FALSE.
+ If P7Data, TrustedCert or InData is NULL, then return FALSE.
+ If P7Length, CertLength or DataLength overflow, then return FAlSE.
@param[in] P7Data Pointer to the PKCS#7 message to verify.
- @param[in] P7Size Size of the PKCS#7 message in bytes.
+ @param[in] P7Length Length of the PKCS#7 message in bytes.
@param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
is used for certificate chain verification.
- @param[in] CertSize Size of the trusted certificate in bytes.
+ @param[in] CertLength Length of the trusted certificate in bytes.
@param[in] InData Pointer to the content to be verified.
- @param[in] DataSize Size of InData in bytes.
+ @param[in] DataLength Length of InData in bytes.
@retval TRUE The specified PKCS#7 signed data is valid.
@retval FALSE Invalid PKCS#7 signed data.
@@ -1633,11 +1679,11 @@ BOOLEAN
EFIAPI
Pkcs7Verify (
IN CONST UINT8 *P7Data,
- IN UINTN P7Size,
+ IN UINTN P7Length,
IN CONST UINT8 *TrustedCert,
- IN UINTN CertSize,
+ IN UINTN CertLength,
IN CONST UINT8 *InData,
- IN UINTN DataSize
+ IN UINTN DataLength
);
/**