1 /** @file
2 PKCS#7 SignedData Verification Wrapper Implementation which does not provide
3 real capabilities.
4
5 Copyright (c) 2012 - 2015, Intel Corporation. All rights reserved.<BR>
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php
10
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13
14 **/
15
16 #include "InternalCryptLib.h"
17
18 /**
19 Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:
20 Cryptographic Message Syntax Standard". The input signed data could be wrapped
21 in a ContentInfo structure.
22
23 Return FALSE to indicate this interface is not supported.
24
25 @param[in] P7Data Pointer to the PKCS#7 message to verify.
26 @param[in] P7Length Length of the PKCS#7 message in bytes.
27 @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.
28 It's caller's responsiblity to free the buffer.
29 @param[out] StackLength Length of signer's certificates in bytes.
30 @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.
31 It's caller's responsiblity to free the buffer.
32 @param[out] CertLength Length of the trusted certificate in bytes.
33
34 @retval FALSE This interface is not supported.
35
36 **/
37 BOOLEAN
38 EFIAPI
Pkcs7GetSigners(IN CONST UINT8 * P7Data,IN UINTN P7Length,OUT UINT8 ** CertStack,OUT UINTN * StackLength,OUT UINT8 ** TrustedCert,OUT UINTN * CertLength)39 Pkcs7GetSigners (
40 IN CONST UINT8 *P7Data,
41 IN UINTN P7Length,
42 OUT UINT8 **CertStack,
43 OUT UINTN *StackLength,
44 OUT UINT8 **TrustedCert,
45 OUT UINTN *CertLength
46 )
47 {
48 ASSERT (FALSE);
49 return FALSE;
50 }
51
52 /**
53 Wrap function to use free() to free allocated memory for certificates.
54
55 If the interface is not supported, then ASSERT().
56
57 @param[in] Certs Pointer to the certificates to be freed.
58
59 **/
60 VOID
61 EFIAPI
Pkcs7FreeSigners(IN UINT8 * Certs)62 Pkcs7FreeSigners (
63 IN UINT8 *Certs
64 )
65 {
66 ASSERT (FALSE);
67 }
68
69 /**
70 Retrieves all embedded certificates from PKCS#7 signed data as described in "PKCS #7:
71 Cryptographic Message Syntax Standard", and outputs two certificate lists chained and
72 unchained to the signer's certificates.
73 The input signed data could be wrapped in a ContentInfo structure.
74
75 @param[in] P7Data Pointer to the PKCS#7 message.
76 @param[in] P7Length Length of the PKCS#7 message in bytes.
77 @param[out] SignerChainCerts Pointer to the certificates list chained to signer's
78 certificate. It's caller's responsiblity to free the buffer.
79 @param[out] ChainLength Length of the chained certificates list buffer in bytes.
80 @param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's
81 responsiblity to free the buffer.
82 @param[out] UnchainLength Length of the unchained certificates list buffer in bytes.
83
84 @retval TRUE The operation is finished successfully.
85 @retval FALSE Error occurs during the operation.
86
87 **/
88 BOOLEAN
89 EFIAPI
Pkcs7GetCertificatesList(IN CONST UINT8 * P7Data,IN UINTN P7Length,OUT UINT8 ** SignerChainCerts,OUT UINTN * ChainLength,OUT UINT8 ** UnchainCerts,OUT UINTN * UnchainLength)90 Pkcs7GetCertificatesList (
91 IN CONST UINT8 *P7Data,
92 IN UINTN P7Length,
93 OUT UINT8 **SignerChainCerts,
94 OUT UINTN *ChainLength,
95 OUT UINT8 **UnchainCerts,
96 OUT UINTN *UnchainLength
97 )
98 {
99 ASSERT (FALSE);
100 return FALSE;
101 }
102
103 /**
104 Verifies the validility of a PKCS#7 signed data as described in "PKCS #7:
105 Cryptographic Message Syntax Standard". The input signed data could be wrapped
106 in a ContentInfo structure.
107
108 Return FALSE to indicate this interface is not supported.
109
110 @param[in] P7Data Pointer to the PKCS#7 message to verify.
111 @param[in] P7Length Length of the PKCS#7 message in bytes.
112 @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
113 is used for certificate chain verification.
114 @param[in] CertLength Length of the trusted certificate in bytes.
115 @param[in] InData Pointer to the content to be verified.
116 @param[in] DataLength Length of InData in bytes.
117
118 @retval FALSE This interface is not supported.
119
120 **/
121 BOOLEAN
122 EFIAPI
Pkcs7Verify(IN CONST UINT8 * P7Data,IN UINTN P7Length,IN CONST UINT8 * TrustedCert,IN UINTN CertLength,IN CONST UINT8 * InData,IN UINTN DataLength)123 Pkcs7Verify (
124 IN CONST UINT8 *P7Data,
125 IN UINTN P7Length,
126 IN CONST UINT8 *TrustedCert,
127 IN UINTN CertLength,
128 IN CONST UINT8 *InData,
129 IN UINTN DataLength
130 )
131 {
132 ASSERT (FALSE);
133 return FALSE;
134 }
135
136 /**
137 Extracts the attached content from a PKCS#7 signed data if existed. The input signed
138 data could be wrapped in a ContentInfo structure.
139
140 Return FALSE to indicate this interface is not supported.
141
142 @param[in] P7Data Pointer to the PKCS#7 signed data to process.
143 @param[in] P7Length Length of the PKCS#7 signed data in bytes.
144 @param[out] Content Pointer to the extracted content from the PKCS#7 signedData.
145 It's caller's responsiblity to free the buffer.
146 @param[out] ContentSize The size of the extracted content in bytes.
147
148 @retval TRUE The P7Data was correctly formatted for processing.
149 @retval FALSE The P7Data was not correctly formatted for processing.
150
151 **/
152 BOOLEAN
153 EFIAPI
Pkcs7GetAttachedContent(IN CONST UINT8 * P7Data,IN UINTN P7Length,OUT VOID ** Content,OUT UINTN * ContentSize)154 Pkcs7GetAttachedContent (
155 IN CONST UINT8 *P7Data,
156 IN UINTN P7Length,
157 OUT VOID **Content,
158 OUT UINTN *ContentSize
159 )
160 {
161 ASSERT (FALSE);
162 return FALSE;
163 }
164