- Generated on Fri Nov 15 2024 18:01:28 for TianoCore EDK2 by
1.9.6
|
TianoCore EDK2 master
|
Go to the source code of this file.
Functions | |
| STATIC VOID | MbedTlsPkcs7Init (MbedtlsPkcs7 *Pkcs7) |
| STATIC INT32 | MbedTlsPkcs7GetNextContentLen (UINT8 **Ptr, UINT8 *End, UINTN *Len) |
| STATIC INT32 | MbedTlsPkcs7GetVersion (UINT8 **Ptr, UINT8 *End, INT32 *Ver) |
| STATIC INT32 | Pkcs7GetContentInfoType (UINT8 **Ptr, UINT8 *End, mbedtls_asn1_buf *Pkcs7) |
| STATIC INT32 | MbedTlsPkcs7GetDigestAlgorithm (UINT8 **Ptr, UINT8 *End, mbedtls_x509_buf *Alg) |
| STATIC INT32 | MbedTlsPkcs7GetDigestAlgorithmSet (UINT8 **Ptr, UINT8 *End, mbedtls_x509_buf *Alg) |
| STATIC INT32 | MbedTlsPkcs7GetCertificates (UINT8 **Ptr, INTN Plen, mbedtls_x509_crt *Certs) |
| STATIC INT32 | Pkcs7GetSignature (UINT8 **Ptr, UINT8 *End, mbedtls_asn1_buf *Signature) |
| STATIC INT32 | MbedTlsPkcs7GetSignersInfoSet (UINT8 **Ptr, UINT8 *End, MbedtlsPkcs7SignerInfo *SignersSet) |
| STATIC INT32 | Pkcs7GetSignedData (UINT8 *Buffer, INTN BufferLen, MbedtlsPkcs7SignedData *SignedData) |
| STATIC INT32 | MbedtlsPkcs7ParseDer (CONST UINT8 *Buffer, INTN BufferLen, MbedtlsPkcs7 *Pkcs7) |
| STATIC INT32 | MbedtlsPkcs7SignedDataVerifySigners (MbedtlsPkcs7SignerInfo *SignerInfo, mbedtls_x509_crt *Cert, CONST UINT8 *Data, INTN DataLen) |
| STATIC mbedtls_x509_crt * | MbedTlsPkcs7FindSignerCert (MbedtlsPkcs7SignerInfo *SignerInfo, mbedtls_x509_crt *Certs) |
| STATIC BOOLEAN | MbedTlsPkcs7VerifyCert (mbedtls_x509_crt *Ca, mbedtls_x509_crl *CaCrl, mbedtls_x509_crt *End) |
| STATIC BOOLEAN | MbedTlsPkcs7VerifyCertChain (MbedtlsPkcs7 *Pkcs7, mbedtls_x509_crt *Ca, mbedtls_x509_crt *End) |
| STATIC BOOLEAN | MbedTlsPkcs7SignedDataVerify (MbedtlsPkcs7 *Pkcs7, mbedtls_x509_crt *TrustCert, CONST UINT8 *Data, INTN DataLen) |
| BOOLEAN | WrapPkcs7Data (IN CONST UINT8 *P7Data, IN UINTN P7Length, OUT BOOLEAN *WrapFlag, OUT UINT8 **WrapData, OUT UINTN *WrapDataSize) |
| BOOLEAN EFIAPI | Pkcs7Verify (IN CONST UINT8 *P7Data, IN UINTN P7Length, IN CONST UINT8 *TrustedCert, IN UINTN CertLength, IN CONST UINT8 *InData, IN UINTN DataLength) |
| VOID EFIAPI | Pkcs7FreeSigners (IN UINT8 *Certs) |
| BOOLEAN EFIAPI | Pkcs7GetSigners (IN CONST UINT8 *P7Data, IN UINTN P7Length, OUT UINT8 **CertStack, OUT UINTN *StackLength, OUT UINT8 **TrustedCert, OUT UINTN *CertLength) |
| BOOLEAN EFIAPI | Pkcs7GetCertificatesList (IN CONST UINT8 *P7Data, IN UINTN P7Length, OUT UINT8 **SignerChainCerts, OUT UINTN *ChainLength, OUT UINT8 **UnchainCerts, OUT UINTN *UnchainLength) |
Variables | |
| STATIC mbedtls_x509_crt_profile | gCompatProfile |
PKCS#7 SignedData Sign Wrapper and PKCS#7 SignedData Verification Wrapper Implementation over mbedtls.
RFC 8422 - Elliptic Curve Cryptography (ECC) Cipher Suites FIPS 186-4 - Digital Signature Standard (DSS)
Copyright (c) 2024, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent
Definition in file CryptPkcs7VerifyCommon.c.
| STATIC mbedtls_x509_crt * MbedTlsPkcs7FindSignerCert | ( | MbedtlsPkcs7SignerInfo * | SignerInfo, |
| mbedtls_x509_crt * | Certs | ||
| ) |
Find signer cert in MbedtlsPkcs7SignerInfo.
| [in] | SignerInfo | MbedtlsPkcs7 SignerInfo. |
| [in] | Certs | MbedtlsPkcs7 SignerInfo certs. |
| cert | Signer Cert. |
Definition at line 766 of file CryptPkcs7VerifyCommon.c.
certificates :: SET OF ExtendedCertificateOrCertificate, ExtendedCertificateOrCertificate ::= CHOICE { certificate Certificate – x509, extendedCertificate[0] IMPLICIT ExtendedCertificate }.
| [in] | Ptr | The start of the buffer. |
| [in] | Plen | The buffer len. |
| [out] | Certs | mbedtls_x509_crt cert. |
| 0 | Success. |
| negative | A negative MBEDTLS_ERR_ASN1_XXX error code on failure. |
Definition at line 227 of file CryptPkcs7VerifyCommon.c.
| STATIC INT32 MbedTlsPkcs7GetDigestAlgorithm | ( | UINT8 ** | Ptr, |
| UINT8 * | End, | ||
| mbedtls_x509_buf * | Alg | ||
| ) |
DigestAlgorithmIdentifier ::= AlgorithmIdentifier.
| [in] | Ptr | The start of the buffer. |
| [in] | End | The end of the buffer. |
| [out] | Alg | MbedtlsPkcs7 AlgorithmIdentifier. |
| 0 | Success. |
| negative | A negative MBEDTLS_ERR_ASN1_XXX error code on failure. |
Definition at line 162 of file CryptPkcs7VerifyCommon.c.
| STATIC INT32 MbedTlsPkcs7GetDigestAlgorithmSet | ( | UINT8 ** | Ptr, |
| UINT8 * | End, | ||
| mbedtls_x509_buf * | Alg | ||
| ) |
DigestAlgorithmIdentifiers :: SET of DigestAlgorithmIdentifier.
| [in] | Ptr | The start of the buffer. |
| [in] | End | The end of the buffer. |
| [out] | Alg | MbedtlsPkcs7 AlgorithmIdentifier. |
| 0 | Success. |
| negative | A negative MBEDTLS_ERR_ASN1_XXX error code on failure. |
Definition at line 186 of file CryptPkcs7VerifyCommon.c.
Get Pkcs7 Next Content Len.
| [in] | Ptr | The start of the buffer. |
| [in] | End | The end of the buffer. |
| [out] | Len | MbedtlsPkcs7 Content Len. |
| 0 | Success. |
| negative | A negative MBEDTLS_ERR_ASN1_XXX error code on failure. |
Definition at line 69 of file CryptPkcs7VerifyCommon.c.
| STATIC INT32 MbedTlsPkcs7GetSignersInfoSet | ( | UINT8 ** | Ptr, |
| UINT8 * | End, | ||
| MbedtlsPkcs7SignerInfo * | SignersSet | ||
| ) |
SignerInfo ::= SEQUENCE { version Version; issuerAndSerialNumber IssuerAndSerialNumber, digestAlgorithm DigestAlgorithmIdentifier, authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL, digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier, encryptedDigest EncryptedDigest, unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL.
| [in] | Ptr | The start of the buffer. |
| [in] | End | The end of the buffer. |
| [out] | SignersSet | MbedtlsPkcs7SignerInfo. |
| 0 | Success. |
| negative | A negative MBEDTLS_ERR_ASN1_XXX error code on failure. |
Definition at line 292 of file CryptPkcs7VerifyCommon.c.
| STATIC INT32 MbedTlsPkcs7GetVersion | ( | UINT8 ** | Ptr, |
| UINT8 * | End, | ||
| INT32 * | Ver | ||
| ) |
Get Pkcs7 Version..
| [in] | Ptr | The start of the buffer. |
| [in] | End | The end of the buffer. |
| [out] | Ver | MbedtlsPkcs7 Version. |
| 0 | Success. |
| negative | A negative MBEDTLS_ERR_ASN1_XXX error code on failure. |
Definition at line 93 of file CryptPkcs7VerifyCommon.c.
| STATIC VOID MbedTlsPkcs7Init | ( | MbedtlsPkcs7 * | Pkcs7 | ) |
Init MbedtlsPkcs7.
| [in] | Pkcs7 | MbedtlsPkcs7. |
Definition at line 50 of file CryptPkcs7VerifyCommon.c.
| STATIC INT32 MbedtlsPkcs7ParseDer | ( | CONST UINT8 * | Buffer, |
| INTN | BufferLen, | ||
| MbedtlsPkcs7 * | Pkcs7 | ||
| ) |
Parse MbedtlsPkcs7 to Der format.
| [in] | Buffer | The start of the buffer. |
| [in] | BufferLen | The len the buffer. |
| [out] | Pkcs7 | MbedtlsPkcs7. |
| 0 | Success. |
| negative | A negative MBEDTLS_ERR_ASN1_XXX error code on failure. |
Definition at line 594 of file CryptPkcs7VerifyCommon.c.
| STATIC BOOLEAN MbedTlsPkcs7SignedDataVerify | ( | MbedtlsPkcs7 * | Pkcs7, |
| mbedtls_x509_crt * | TrustCert, | ||
| CONST UINT8 * | Data, | ||
| INTN | DataLen | ||
| ) |
MbedTlsPkcs7 Verify SignedData.
| [in] | Pkcs7 | MbedtlsPkcs7. |
| [in] | TrustCert | CA cert. |
| [in] | Data | Pointer for data. |
| [in] | DataLen | The len the buffer. |
| TRUE | Verify successfully. |
| FALSE | Verify failed. |
Definition at line 880 of file CryptPkcs7VerifyCommon.c.
| STATIC INT32 MbedtlsPkcs7SignedDataVerifySigners | ( | MbedtlsPkcs7SignerInfo * | SignerInfo, |
| mbedtls_x509_crt * | Cert, | ||
| CONST UINT8 * | Data, | ||
| INTN | DataLen | ||
| ) |
MbedtlsPkcs7 verify MbedtlsPkcs7SignerInfo.
| [in] | SignerInfo | MbedtlsPkcs7 SignerInfo. |
| [in] | Cert | cert. |
| [in] | Data | Pointer for data. |
| [in] | DataLen | The len the buffer. |
| 0 | Success. |
| negative | A negative MBEDTLS_ERR_ASN1_XXX error code on failure. |
Definition at line 664 of file CryptPkcs7VerifyCommon.c.
| STATIC BOOLEAN MbedTlsPkcs7VerifyCert | ( | mbedtls_x509_crt * | Ca, |
| mbedtls_x509_crl * | CaCrl, | ||
| mbedtls_x509_crt * | End | ||
| ) |
verify cert.
| [in] | Ca | CA cert. |
| [in] | CaCrl | CRL. |
| [in] | End | Cert which need be verified. |
| TRUE | Verify successfully. |
| FALSE | Verify failed. |
Definition at line 805 of file CryptPkcs7VerifyCommon.c.
| STATIC BOOLEAN MbedTlsPkcs7VerifyCertChain | ( | MbedtlsPkcs7 * | Pkcs7, |
| mbedtls_x509_crt * | Ca, | ||
| mbedtls_x509_crt * | End | ||
| ) |
verify cert chain.
| [in] | Pkcs7 | MbedtlsPkcs7. |
| [in] | Ca | CA cert. |
| [in] | End | Cert which need be verified. |
| TRUE | Verify successfully. |
| FALSE | Verify failed. |
Definition at line 835 of file CryptPkcs7VerifyCommon.c.
| VOID EFIAPI Pkcs7FreeSigners | ( | IN UINT8 * | Certs | ) |
Wrap function to use free() to free allocated memory for certificates.
| [in] | Certs | Pointer to the certificates to be freed. |
Definition at line 1139 of file CryptPkcs7VerifyCommon.c.
| BOOLEAN EFIAPI Pkcs7GetCertificatesList | ( | IN CONST UINT8 * | P7Data, |
| IN UINTN | P7Length, | ||
| OUT UINT8 ** | SignerChainCerts, | ||
| OUT UINTN * | ChainLength, | ||
| OUT UINT8 ** | UnchainCerts, | ||
| OUT UINTN * | UnchainLength | ||
| ) |
Retrieves all embedded certificates from PKCS#7 signed data as described in "PKCS #7: Cryptographic Message Syntax Standard", and outputs two certificate lists chained and unchained to the signer's certificates. The input signed data could be wrapped in a ContentInfo structure.
| [in] | P7Data | Pointer to the PKCS#7 message. |
| [in] | P7Length | Length of the PKCS#7 message in bytes. |
| [out] | SignerChainCerts | Pointer to the certificates list chained to signer's certificate. It's caller's responsibility to free the buffer with Pkcs7FreeSigners(). This data structure is EFI_CERT_STACK type. |
| [out] | ChainLength | Length of the chained certificates list buffer in bytes. |
| [out] | UnchainCerts | Pointer to the unchained certificates lists. It's caller's responsibility to free the buffer with Pkcs7FreeSigners(). This data structure is EFI_CERT_STACK type. |
| [out] | UnchainLength | Length of the unchained certificates list buffer in bytes. |
| TRUE | The operation is finished successfully. |
| FALSE | Error occurs during the operation. |
Definition at line 1343 of file CryptPkcs7VerifyCommon.c.
| STATIC INT32 Pkcs7GetContentInfoType | ( | UINT8 ** | Ptr, |
| UINT8 * | End, | ||
| mbedtls_asn1_buf * | Pkcs7 | ||
| ) |
ContentInfo ::= SEQUENCE { contentType ContentType, content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }.
| [in] | Ptr | The start of the buffer. |
| [in] | End | The end of the buffer. |
| [out] | Pkcs7 | MbedtlsPkcs7. |
| 0 | Success. |
| negative | A negative MBEDTLS_ERR_ASN1_XXX error code on failure. |
Definition at line 120 of file CryptPkcs7VerifyCommon.c.
| STATIC INT32 Pkcs7GetSignature | ( | UINT8 ** | Ptr, |
| UINT8 * | End, | ||
| mbedtls_asn1_buf * | Signature | ||
| ) |
EncryptedDigest ::= OCTET STRING.
| [in] | Ptr | The start of the buffer. |
| [in] | End | The end of the buffer. |
| [out] | Signature | Signature. |
| 0 | Success. |
| negative | A negative MBEDTLS_ERR_ASN1_XXX error code on failure. |
Definition at line 251 of file CryptPkcs7VerifyCommon.c.
| STATIC INT32 Pkcs7GetSignedData | ( | UINT8 * | Buffer, |
| INTN | BufferLen, | ||
| MbedtlsPkcs7SignedData * | SignedData | ||
| ) |
SignedData ::= SEQUENCE { version Version, digestAlgorithms DigestAlgorithmIdentifiers, contentInfo ContentInfo, certificates [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL, crls [0] IMPLICIT CertificateRevocationLists OPTIONAL, signerInfos SignerInfos }.
| [in] | Buffer | The start of the buffer. |
| [in] | BufferLen | The len the buffer. |
| [out] | SignedData | MbedtlsPkcs7SignedData. |
| 0 | Success. |
| negative | A negative MBEDTLS_ERR_ASN1_XXX error code on failure. |
Definition at line 408 of file CryptPkcs7VerifyCommon.c.
| BOOLEAN EFIAPI Pkcs7GetSigners | ( | IN CONST UINT8 * | P7Data, |
| IN UINTN | P7Length, | ||
| OUT UINT8 ** | CertStack, | ||
| OUT UINTN * | StackLength, | ||
| OUT UINT8 ** | TrustedCert, | ||
| OUT UINTN * | CertLength | ||
| ) |
Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7: Cryptographic Message Syntax Standard". The input signed data could be wrapped in a ContentInfo structure.
If P7Data, CertStack, StackLength, TrustedCert or CertLength is NULL, then return FALSE. If P7Length overflow, then return FALSE.
Caution: This function may receive untrusted input. UEFI Authenticated Variable is external input, so this function will do basic check for PKCS#7 data structure.
| [in] | P7Data | Pointer to the PKCS#7 message to verify. |
| [in] | P7Length | Length of the PKCS#7 message in bytes. |
| [out] | CertStack | Pointer to Signer's certificates retrieved from P7Data. It's caller's responsibility to free the buffer with Pkcs7FreeSigners(). This data structure is EFI_CERT_STACK type. |
| [out] | StackLength | Length of signer's certificates in bytes. |
| [out] | TrustedCert | Pointer to a trusted certificate from Signer's certificates. It's caller's responsibility to free the buffer with Pkcs7FreeSigners(). |
| [out] | CertLength | Length of the trusted certificate in bytes. |
| TRUE | The operation is finished successfully. |
| FALSE | Error occurs during the operation. |
Definition at line 1180 of file CryptPkcs7VerifyCommon.c.
| BOOLEAN EFIAPI Pkcs7Verify | ( | IN CONST UINT8 * | P7Data, |
| IN UINTN | P7Length, | ||
| IN CONST UINT8 * | TrustedCert, | ||
| IN UINTN | CertLength, | ||
| IN CONST UINT8 * | InData, | ||
| IN UINTN | DataLength | ||
| ) |
Verifies the validity of a PKCS#7 signed data as described in "PKCS #7: Cryptographic Message Syntax Standard". The input signed data could be wrapped in a ContentInfo structure.
If P7Data, TrustedCert or InData is NULL, then return FALSE. If P7Length, CertLength or DataLength overflow, then return FALSE. If this interface is not supported, then return FALSE.
| [in] | P7Data | Pointer to the PKCS#7 message to verify. |
| [in] | P7Length | Length of the PKCS#7 message in bytes. |
| [in] | TrustedCert | Pointer to a trusted/root certificate encoded in DER, which is used for certificate chain verification. |
| [in] | CertLength | Length of the trusted certificate in bytes. |
| [in] | InData | Pointer to the content to be verified. |
| [in] | DataLength | Length of InData in bytes. |
| TRUE | The specified PKCS#7 signed data is valid. |
| FALSE | Invalid PKCS#7 signed data. |
| FALSE | This interface is not supported. |
Definition at line 1069 of file CryptPkcs7VerifyCommon.c.
| BOOLEAN WrapPkcs7Data | ( | IN CONST UINT8 * | P7Data, |
| IN UINTN | P7Length, | ||
| OUT BOOLEAN * | WrapFlag, | ||
| OUT UINT8 ** | WrapData, | ||
| OUT UINTN * | WrapDataSize | ||
| ) |
Check input P7Data is a wrapped ContentInfo structure or not. If not construct a new structure to wrap P7Data.
Caution: This function may receive untrusted input. UEFI Authenticated Variable is external input, so this function will do basic check for PKCS#7 data structure.
| [in] | P7Data | Pointer to the PKCS#7 message to verify. |
| [in] | P7Length | Length of the PKCS#7 message in bytes. |
| [out] | WrapFlag | If TRUE P7Data is a ContentInfo structure, otherwise return FALSE. |
| [out] | WrapData | If return status of this function is TRUE: 1) when WrapFlag is TRUE, pointer to P7Data. 2) when WrapFlag is FALSE, pointer to a new ContentInfo structure. It's caller's responsibility to free this buffer. |
| [out] | WrapDataSize | Length of ContentInfo structure in bytes. |
| TRUE | The operation is finished successfully. |
| FALSE | The operation is failed due to lack of resources. |
Definition at line 961 of file CryptPkcs7VerifyCommon.c.
| STATIC mbedtls_x509_crt_profile gCompatProfile |
Definition at line 18 of file CryptPkcs7VerifyCommon.c.
1.9.6