diff options
| author | Wenxing Hou <wenxing.hou@intel.com> | 2024-04-07 15:20:48 +0800 |
|---|---|---|
| committer | Liming Gao <gaoliming@byosoft.com.cn> | 2024-05-27 17:24:30 +0800 |
| commit | acfd991b68f099ff0c8eef69f7d3160b86dff573 (patch) | |
| tree | a2792041c440f5be5fa785b64f4740b4e7af96f7 /CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h | |
| parent | 40fa5cf2995e9de6c9853945428f407f208be1e1 (diff) | |
| download | edk2-acfd991b68f099ff0c8eef69f7d3160b86dff573.zip edk2-acfd991b68f099ff0c8eef69f7d3160b86dff573.tar.gz edk2-acfd991b68f099ff0c8eef69f7d3160b86dff573.tar.bz2 | |
CryptoPkg: Add Pkcs7 related functions based on Mbedtls
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
Because the current Mbedlts pkcs7 library doesn't support
authenticatedAttributes
and only support 0 or 1 certificates in Signed data,
the patch implement Pkcs7 by low Mbedtls Api.
And the implementation has pass unit_tes and integration test.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yi Li <yi1.li@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Reviewed-by: Yi Li <yi1.li@intel.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Diffstat (limited to 'CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h')
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h index a30666c..c9f19dd 100644 --- a/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h @@ -38,4 +38,37 @@ MbedtlsRand ( UINT8 *Output,
UINTN Len
);
+
+/**
+ Check input P7Data is a wrapped ContentInfo structure or not. If not construct
+ a new structure to wrap P7Data.
+
+ Caution: This function may receive untrusted input.
+ UEFI Authenticated Variable is external input, so this function will do basic
+ check for PKCS#7 data structure.
+
+ @param[in] P7Data Pointer to the PKCS#7 message to verify.
+ @param[in] P7Length Length of the PKCS#7 message in bytes.
+ @param[out] WrapFlag If TRUE P7Data is a ContentInfo structure, otherwise
+ return FALSE.
+ @param[out] WrapData If return status of this function is TRUE:
+ 1) when WrapFlag is TRUE, pointer to P7Data.
+ 2) when WrapFlag is FALSE, pointer to a new ContentInfo
+ structure. It's caller's responsibility to free this
+ buffer.
+ @param[out] WrapDataSize Length of ContentInfo structure in bytes.
+
+ @retval TRUE The operation is finished successfully.
+ @retval FALSE The operation is failed due to lack of resources.
+
+**/
+BOOLEAN
+WrapPkcs7Data (
+ IN CONST UINT8 *P7Data,
+ IN UINTN P7Length,
+ OUT BOOLEAN *WrapFlag,
+ OUT UINT8 **WrapData,
+ OUT UINTN *WrapDataSize
+ );
+
#endif
|