From afeb55e4a67ed42eb1f822d06776166dfd7c4140 Mon Sep 17 00:00:00 2001 From: Qin Long Date: Fri, 19 Jun 2015 02:44:20 +0000 Subject: CryptoPkg: Add one new API for PKCS7 Verification Protocol Support This patch adds one new API (Pkcs7GetAttachedContent) to support PKCS7 Verification Protocol defined in UEFI 2.5. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long Reviewed-by: Chao Zhang git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17669 6f19259b-4bc3-4df7-8a09-765794883524 --- CryptoPkg/Include/Library/BaseCryptLib.h | 33 ++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) (limited to 'CryptoPkg/Include') diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index bc36ac7fd1..364fa3ca15 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -4,7 +4,7 @@ primitives (Hash Serials, HMAC, RSA, Diffie-Hellman, etc) for UEFI security functionality enabling. -Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -2053,6 +2053,35 @@ Pkcs7Verify ( IN UINTN DataLength ); +/** + Extracts the attached content from a PKCS#7 signed data if existed. The input signed + data could be wrapped in a ContentInfo structure. + + If P7Data, Content, or ContentSize is NULL, then return FALSE. If P7Length overflow, + then return FAlSE. If the P7Data is not correctly formatted, then return FALSE. + + Caution: This function may receive untrusted input. So this function will do + basic check for PKCS#7 data structure. + + @param[in] P7Data Pointer to the PKCS#7 signed data to process. + @param[in] P7Length Length of the PKCS#7 signed data in bytes. + @param[out] Content Pointer to the extracted content from the PKCS#7 signedData. + It's caller's responsiblity to free the buffer. + @param[out] ContentSize The size of the extracted content in bytes. + + @retval TRUE The P7Data was correctly formatted for processing. + @retval FALSE The P7Data was not correctly formatted for processing. + +*/ +BOOLEAN +EFIAPI +Pkcs7GetAttachedContent ( + IN CONST UINT8 *P7Data, + IN UINTN P7Length, + OUT VOID **Content, + OUT UINTN *ContentSize + ); + /** Verifies the validility of a PE/COFF Authenticode Signature as described in "Windows Authenticode Portable Executable Signature Format". @@ -2333,4 +2362,4 @@ RandomBytes ( IN UINTN Size ); -#endif // __BASE_CRYPT_LIB_H__ \ No newline at end of file +#endif // __BASE_CRYPT_LIB_H__ -- cgit v1.2.3