CryptoPkg: Add one new API (Pkcs7GetCertificatesList) for certs retrieving.

Adding one new API (Pkcs7GetCertificatesList) to retrieve and sort all
embedded certificates from Pkcs7 signedData. This new API will provide
the support for UEFI 2.5 Secure-Boot AuditMode feature.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18729 6f19259b-4bc3-4df7-8a09-765794883524

1 files changed, 34 insertions, 0 deletions

diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptPkcs7VerifyNull.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptPkcs7VerifyNull.c
index 09b92c7f15..b9affe4275 100644
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptPkcs7VerifyNull.c
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptPkcs7VerifyNull.c
@@ -67,6 +67,40 @@ Pkcs7FreeSigners (
 }

 

 /**

+  Retrieves all embedded certificates from PKCS#7 signed data as described in "PKCS #7:

+  Cryptographic Message Syntax Standard", and outputs two certificate lists chained and

+  unchained to the signer's certificates.

+  The input signed data could be wrapped in a ContentInfo structure.

+

+  @param[in]  P7Data            Pointer to the PKCS#7 message.

+  @param[in]  P7Length          Length of the PKCS#7 message in bytes.

+  @param[out] SingerChainCerts  Pointer to the certificates list chained to signer's

+                                certificate. It's caller's responsiblity to free the buffer.

+  @param[out] ChainLength       Length of the chained certificates list buffer in bytes.

+  @param[out] UnchainCerts      Pointer to the unchained certificates lists. It's caller's

+                                responsiblity to free the buffer.

+  @param[out] UnchainLength     Length of the unchained certificates list buffer in bytes.

+

+  @retval  TRUE         The operation is finished successfully.

+  @retval  FALSE        Error occurs during the operation.

+

+**/

+BOOLEAN

+EFIAPI

+Pkcs7GetCertificatesList (

+  IN  CONST UINT8  *P7Data,

+  IN  UINTN        P7Length,

+  OUT UINT8        **SignerChainCerts,

+  OUT UINTN        *ChainLength,

+  OUT UINT8        **UnchainCerts,

+  OUT UINTN        *UnchainLength

+  )

+{

+  ASSERT (FALSE);

+  return FALSE;

+}

+

+/**

   Verifies the validility of a PKCS#7 signed data as described in "PKCS #7:

   Cryptographic Message Syntax Standard". The input signed data could be wrapped

   in a ContentInfo structure.