]> git.proxmox.com Git - mirror_edk2.git/blame - CryptoPkg/Include/Library/BaseCryptLib.h
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
CryptoPkg/BaseCryptLib: Add MARCO to disable the deprecated MD5
[mirror_edk2.git] / CryptoPkg / Include / Library / BaseCryptLib.h
CommitLineData
97f98500
HT		 1/** @file\r
2 Defines base cryptographic library APIs.\r
3 The Base Cryptographic Library provides implementations of basic cryptography\r
a8c44645 4 primitives (Hash Serials, HMAC, RSA, Diffie-Hellman, etc) for UEFI security\r
5 functionality enabling.\r
97f98500 6\r
9a1f14ad 7Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>\r
2009f6b4 8SPDX-License-Identifier: BSD-2-Clause-Patent\r
97f98500
HT		 9\r
10**/\r
11\r
12#ifndef __BASE_CRYPT_LIB_H__\r
13#define __BASE_CRYPT_LIB_H__\r
14\r
9e8841b4
QL		 15#include <Uefi/UefiBaseType.h>\r
16\r
97f98500
HT		 17///\r
18/// MD5 digest size in bytes\r
19///\r
20#define MD5_DIGEST_SIZE 16\r
21\r
22///\r
23/// SHA-1 digest size in bytes.\r
24///\r
25#define SHA1_DIGEST_SIZE 20\r
26\r
27///\r
28/// SHA-256 digest size in bytes\r
29///\r
30#define SHA256_DIGEST_SIZE 32\r
31\r
2ac68e8b
QL		 32///\r
33/// SHA-384 digest size in bytes\r
34///\r
35#define SHA384_DIGEST_SIZE 48\r
36\r
37///\r
38/// SHA-512 digest size in bytes\r
39///\r
40#define SHA512_DIGEST_SIZE 64\r
41\r
f0718d1d
LX		 42///\r
43/// SM3 digest size in bytes\r
44///\r
45#define SM3_256_DIGEST_SIZE 32\r
46\r
a8c44645 47///\r
48/// TDES block size in bytes\r
49///\r
50#define TDES_BLOCK_SIZE 8\r
51\r
52///\r
53/// AES block size in bytes\r
54///\r
55#define AES_BLOCK_SIZE 16\r
56\r
97f98500
HT		 57///\r
58/// RSA Key Tags Definition used in RsaSetKey() function for key component identification.\r
59///\r
60typedef enum {\r
61 RsaKeyN, ///< RSA public Modulus (N)\r
62 RsaKeyE, ///< RSA Public exponent (e)\r
63 RsaKeyD, ///< RSA Private exponent (d)\r
64 RsaKeyP, ///< RSA secret prime factor of Modulus (p)\r
65 RsaKeyQ, ///< RSA secret prime factor of Modules (q)\r
66 RsaKeyDp, ///< p's CRT exponent (== d mod (p - 1))\r
67 RsaKeyDq, ///< q's CRT exponent (== d mod (q - 1))\r
68 RsaKeyQInv ///< The CRT coefficient (== 1/q mod p)\r
69} RSA_KEY_TAG;\r
70\r
71//=====================================================================================\r
72// One-Way Cryptographic Hash Primitives\r
73//=====================================================================================\r
74\r
acfd5557 75#ifndef DISABLE_MD5_DEPRECATED_INTERFACES\r
97f98500
HT		 76/**\r
77 Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.\r
78\r
532616bb 79 If this interface is not supported, then return zero.\r
80\r
97f98500 81 @return The size, in bytes, of the context buffer required for MD5 hash operations.\r
532616bb 82 @retval 0 This interface is not supported.\r
97f98500
HT		 83\r
84**/\r
85UINTN\r
86EFIAPI\r
87Md5GetContextSize (\r
88 VOID\r
89 );\r
90\r
97f98500
HT		 91/**\r
92 Initializes user-supplied memory pointed by Md5Context as MD5 hash context for\r
93 subsequent use.\r
94\r
16d2c32c 95 If Md5Context is NULL, then return FALSE.\r
532616bb 96 If this interface is not supported, then return FALSE.\r
97f98500 97\r
a8c44645 98 @param[out] Md5Context Pointer to MD5 context being initialized.\r
97f98500
HT		 99\r
100 @retval TRUE MD5 context initialization succeeded.\r
101 @retval FALSE MD5 context initialization failed.\r
532616bb 102 @retval FALSE This interface is not supported.\r
97f98500
HT		 103\r
104**/\r
105BOOLEAN\r
106EFIAPI\r
107Md5Init (\r
a8c44645 108 OUT VOID *Md5Context\r
97f98500
HT		 109 );\r
110\r
a8c44645 111/**\r
112 Makes a copy of an existing MD5 context.\r
113\r
16d2c32c 114 If Md5Context is NULL, then return FALSE.\r
115 If NewMd5Context is NULL, then return FALSE.\r
532616bb 116 If this interface is not supported, then return FALSE.\r
a8c44645 117\r
118 @param[in] Md5Context Pointer to MD5 context being copied.\r
119 @param[out] NewMd5Context Pointer to new MD5 context.\r
120\r
121 @retval TRUE MD5 context copy succeeded.\r
122 @retval FALSE MD5 context copy failed.\r
532616bb 123 @retval FALSE This interface is not supported.\r
a8c44645 124\r
125**/\r
126BOOLEAN\r
127EFIAPI\r
128Md5Duplicate (\r
129 IN CONST VOID *Md5Context,\r
130 OUT VOID *NewMd5Context\r
131 );\r
97f98500
HT		 132\r
133/**\r
a8c44645 134 Digests the input data and updates MD5 context.\r
135\r
136 This function performs MD5 digest on a data buffer of the specified size.\r
137 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
2998af86 138 MD5 context should be already correctly initialized by Md5Init(), and should not be finalized\r
a8c44645 139 by Md5Final(). Behavior with invalid context is undefined.\r
97f98500 140\r
16d2c32c 141 If Md5Context is NULL, then return FALSE.\r
532616bb 142 If this interface is not supported, then return FALSE.\r
97f98500
HT		 143\r
144 @param[in, out] Md5Context Pointer to the MD5 context.\r
145 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
a8c44645 146 @param[in] DataSize Size of Data buffer in bytes.\r
97f98500
HT		 147\r
148 @retval TRUE MD5 data digest succeeded.\r
a8c44645 149 @retval FALSE MD5 data digest failed.\r
532616bb 150 @retval FALSE This interface is not supported.\r
97f98500
HT		 151\r
152**/\r
153BOOLEAN\r
154EFIAPI\r
155Md5Update (\r
156 IN OUT VOID *Md5Context,\r
157 IN CONST VOID *Data,\r
a8c44645 158 IN UINTN DataSize\r
97f98500
HT		 159 );\r
160\r
97f98500 161/**\r
a8c44645 162 Completes computation of the MD5 digest value.\r
163\r
164 This function completes MD5 hash computation and retrieves the digest value into\r
165 the specified memory. After this function has been called, the MD5 context cannot\r
166 be used again.\r
2998af86 167 MD5 context should be already correctly initialized by Md5Init(), and should not be\r
a8c44645 168 finalized by Md5Final(). Behavior with invalid MD5 context is undefined.\r
97f98500 169\r
16d2c32c 170 If Md5Context is NULL, then return FALSE.\r
171 If HashValue is NULL, then return FALSE.\r
532616bb 172 If this interface is not supported, then return FALSE.\r
97f98500 173\r
a8c44645 174 @param[in, out] Md5Context Pointer to the MD5 context.\r
97f98500
HT		 175 @param[out] HashValue Pointer to a buffer that receives the MD5 digest\r
176 value (16 bytes).\r
177\r
178 @retval TRUE MD5 digest computation succeeded.\r
179 @retval FALSE MD5 digest computation failed.\r
532616bb 180 @retval FALSE This interface is not supported.\r
97f98500
HT		 181\r
182**/\r
183BOOLEAN\r
184EFIAPI\r
185Md5Final (\r
186 IN OUT VOID *Md5Context,\r
187 OUT UINT8 *HashValue\r
188 );\r
189\r
b7d1ba0a
QL		 190/**\r
191 Computes the MD5 message digest of a input data buffer.\r
192\r
193 This function performs the MD5 message digest of a given data buffer, and places\r
194 the digest value into the specified memory.\r
195\r
196 If this interface is not supported, then return FALSE.\r
197\r
198 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
199 @param[in] DataSize Size of Data buffer in bytes.\r
200 @param[out] HashValue Pointer to a buffer that receives the MD5 digest\r
201 value (16 bytes).\r
202\r
203 @retval TRUE MD5 digest computation succeeded.\r
204 @retval FALSE MD5 digest computation failed.\r
205 @retval FALSE This interface is not supported.\r
206\r
207**/\r
208BOOLEAN\r
209EFIAPI\r
210Md5HashAll (\r
211 IN CONST VOID *Data,\r
212 IN UINTN DataSize,\r
213 OUT UINT8 *HashValue\r
214 );\r
acfd5557 215#endif\r
b7d1ba0a 216\r
97f98500
HT		 217/**\r
218 Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations.\r
219\r
532616bb 220 If this interface is not supported, then return zero.\r
221\r
97f98500 222 @return The size, in bytes, of the context buffer required for SHA-1 hash operations.\r
532616bb 223 @retval 0 This interface is not supported.\r
97f98500
HT		 224\r
225**/\r
226UINTN\r
227EFIAPI\r
228Sha1GetContextSize (\r
229 VOID\r
230 );\r
231\r
97f98500 232/**\r
a8c44645 233 Initializes user-supplied memory pointed by Sha1Context as SHA-1 hash context for\r
97f98500
HT		 234 subsequent use.\r
235\r
16d2c32c 236 If Sha1Context is NULL, then return FALSE.\r
532616bb 237 If this interface is not supported, then return FALSE.\r
97f98500 238\r
a8c44645 239 @param[out] Sha1Context Pointer to SHA-1 context being initialized.\r
97f98500 240\r
a8c44645 241 @retval TRUE SHA-1 context initialization succeeded.\r
242 @retval FALSE SHA-1 context initialization failed.\r
532616bb 243 @retval FALSE This interface is not supported.\r
97f98500
HT		 244\r
245**/\r
246BOOLEAN\r
247EFIAPI\r
248Sha1Init (\r
a8c44645 249 OUT VOID *Sha1Context\r
97f98500
HT		 250 );\r
251\r
a8c44645 252/**\r
253 Makes a copy of an existing SHA-1 context.\r
254\r
16d2c32c 255 If Sha1Context is NULL, then return FALSE.\r
256 If NewSha1Context is NULL, then return FALSE.\r
532616bb 257 If this interface is not supported, then return FALSE.\r
a8c44645 258\r
259 @param[in] Sha1Context Pointer to SHA-1 context being copied.\r
260 @param[out] NewSha1Context Pointer to new SHA-1 context.\r
261\r
262 @retval TRUE SHA-1 context copy succeeded.\r
263 @retval FALSE SHA-1 context copy failed.\r
532616bb 264 @retval FALSE This interface is not supported.\r
a8c44645 265\r
266**/\r
267BOOLEAN\r
268EFIAPI\r
269Sha1Duplicate (\r
270 IN CONST VOID *Sha1Context,\r
271 OUT VOID *NewSha1Context\r
272 );\r
97f98500
HT		 273\r
274/**\r
a8c44645 275 Digests the input data and updates SHA-1 context.\r
276\r
277 This function performs SHA-1 digest on a data buffer of the specified size.\r
278 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
2998af86 279 SHA-1 context should be already correctly initialized by Sha1Init(), and should not be finalized\r
a8c44645 280 by Sha1Final(). Behavior with invalid context is undefined.\r
97f98500 281\r
16d2c32c 282 If Sha1Context is NULL, then return FALSE.\r
532616bb 283 If this interface is not supported, then return FALSE.\r
97f98500
HT		 284\r
285 @param[in, out] Sha1Context Pointer to the SHA-1 context.\r
286 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
a8c44645 287 @param[in] DataSize Size of Data buffer in bytes.\r
97f98500
HT		 288\r
289 @retval TRUE SHA-1 data digest succeeded.\r
a8c44645 290 @retval FALSE SHA-1 data digest failed.\r
532616bb 291 @retval FALSE This interface is not supported.\r
97f98500
HT		 292\r
293**/\r
294BOOLEAN\r
295EFIAPI\r
296Sha1Update (\r
297 IN OUT VOID *Sha1Context,\r
298 IN CONST VOID *Data,\r
a8c44645 299 IN UINTN DataSize\r
97f98500
HT		 300 );\r
301\r
97f98500 302/**\r
a8c44645 303 Completes computation of the SHA-1 digest value.\r
304\r
305 This function completes SHA-1 hash computation and retrieves the digest value into\r
306 the specified memory. After this function has been called, the SHA-1 context cannot\r
307 be used again.\r
2998af86 308 SHA-1 context should be already correctly initialized by Sha1Init(), and should not be\r
a8c44645 309 finalized by Sha1Final(). Behavior with invalid SHA-1 context is undefined.\r
97f98500 310\r
16d2c32c 311 If Sha1Context is NULL, then return FALSE.\r
312 If HashValue is NULL, then return FALSE.\r
532616bb 313 If this interface is not supported, then return FALSE.\r
97f98500 314\r
a8c44645 315 @param[in, out] Sha1Context Pointer to the SHA-1 context.\r
97f98500
HT		 316 @param[out] HashValue Pointer to a buffer that receives the SHA-1 digest\r
317 value (20 bytes).\r
318\r
319 @retval TRUE SHA-1 digest computation succeeded.\r
320 @retval FALSE SHA-1 digest computation failed.\r
532616bb 321 @retval FALSE This interface is not supported.\r
97f98500
HT		 322\r
323**/\r
324BOOLEAN\r
325EFIAPI\r
326Sha1Final (\r
327 IN OUT VOID *Sha1Context,\r
328 OUT UINT8 *HashValue\r
329 );\r
330\r
b7d1ba0a
QL		 331/**\r
332 Computes the SHA-1 message digest of a input data buffer.\r
333\r
334 This function performs the SHA-1 message digest of a given data buffer, and places\r
335 the digest value into the specified memory.\r
336\r
337 If this interface is not supported, then return FALSE.\r
338\r
339 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
340 @param[in] DataSize Size of Data buffer in bytes.\r
341 @param[out] HashValue Pointer to a buffer that receives the SHA-1 digest\r
342 value (20 bytes).\r
343\r
344 @retval TRUE SHA-1 digest computation succeeded.\r
345 @retval FALSE SHA-1 digest computation failed.\r
346 @retval FALSE This interface is not supported.\r
347\r
348**/\r
349BOOLEAN\r
350EFIAPI\r
351Sha1HashAll (\r
352 IN CONST VOID *Data,\r
353 IN UINTN DataSize,\r
354 OUT UINT8 *HashValue\r
355 );\r
356\r
97f98500 357/**\r
a8c44645 358 Retrieves the size, in bytes, of the context buffer required for SHA-256 hash operations.\r
97f98500 359\r
a8c44645 360 @return The size, in bytes, of the context buffer required for SHA-256 hash operations.\r
97f98500
HT		 361\r
362**/\r
363UINTN\r
364EFIAPI\r
365Sha256GetContextSize (\r
366 VOID\r
367 );\r
368\r
97f98500
HT		 369/**\r
370 Initializes user-supplied memory pointed by Sha256Context as SHA-256 hash context for\r
371 subsequent use.\r
372\r
16d2c32c 373 If Sha256Context is NULL, then return FALSE.\r
97f98500 374\r
a8c44645 375 @param[out] Sha256Context Pointer to SHA-256 context being initialized.\r
97f98500
HT		 376\r
377 @retval TRUE SHA-256 context initialization succeeded.\r
378 @retval FALSE SHA-256 context initialization failed.\r
379\r
380**/\r
381BOOLEAN\r
382EFIAPI\r
383Sha256Init (\r
a8c44645 384 OUT VOID *Sha256Context\r
97f98500
HT		 385 );\r
386\r
a8c44645 387/**\r
388 Makes a copy of an existing SHA-256 context.\r
389\r
16d2c32c 390 If Sha256Context is NULL, then return FALSE.\r
391 If NewSha256Context is NULL, then return FALSE.\r
532616bb 392 If this interface is not supported, then return FALSE.\r
a8c44645 393\r
394 @param[in] Sha256Context Pointer to SHA-256 context being copied.\r
395 @param[out] NewSha256Context Pointer to new SHA-256 context.\r
396\r
397 @retval TRUE SHA-256 context copy succeeded.\r
398 @retval FALSE SHA-256 context copy failed.\r
532616bb 399 @retval FALSE This interface is not supported.\r
a8c44645 400\r
401**/\r
402BOOLEAN\r
403EFIAPI\r
404Sha256Duplicate (\r
405 IN CONST VOID *Sha256Context,\r
406 OUT VOID *NewSha256Context\r
407 );\r
97f98500
HT		 408\r
409/**\r
a8c44645 410 Digests the input data and updates SHA-256 context.\r
411\r
412 This function performs SHA-256 digest on a data buffer of the specified size.\r
413 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
2998af86 414 SHA-256 context should be already correctly initialized by Sha256Init(), and should not be finalized\r
a8c44645 415 by Sha256Final(). Behavior with invalid context is undefined.\r
97f98500 416\r
16d2c32c 417 If Sha256Context is NULL, then return FALSE.\r
97f98500
HT		 418\r
419 @param[in, out] Sha256Context Pointer to the SHA-256 context.\r
420 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
a8c44645 421 @param[in] DataSize Size of Data buffer in bytes.\r
97f98500
HT		 422\r
423 @retval TRUE SHA-256 data digest succeeded.\r
a8c44645 424 @retval FALSE SHA-256 data digest failed.\r
97f98500
HT		 425\r
426**/\r
427BOOLEAN\r
428EFIAPI\r
429Sha256Update (\r
430 IN OUT VOID *Sha256Context,\r
431 IN CONST VOID *Data,\r
a8c44645 432 IN UINTN DataSize\r
97f98500
HT		 433 );\r
434\r
97f98500 435/**\r
a8c44645 436 Completes computation of the SHA-256 digest value.\r
437\r
438 This function completes SHA-256 hash computation and retrieves the digest value into\r
439 the specified memory. After this function has been called, the SHA-256 context cannot\r
440 be used again.\r
2998af86 441 SHA-256 context should be already correctly initialized by Sha256Init(), and should not be\r
a8c44645 442 finalized by Sha256Final(). Behavior with invalid SHA-256 context is undefined.\r
97f98500 443\r
16d2c32c 444 If Sha256Context is NULL, then return FALSE.\r
445 If HashValue is NULL, then return FALSE.\r
97f98500 446\r
a8c44645 447 @param[in, out] Sha256Context Pointer to the SHA-256 context.\r
97f98500
HT		 448 @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest\r
449 value (32 bytes).\r
450\r
451 @retval TRUE SHA-256 digest computation succeeded.\r
452 @retval FALSE SHA-256 digest computation failed.\r
453\r
454**/\r
455BOOLEAN\r
456EFIAPI\r
457Sha256Final (\r
458 IN OUT VOID *Sha256Context,\r
459 OUT UINT8 *HashValue\r
460 );\r
461\r
b7d1ba0a
QL		 462/**\r
463 Computes the SHA-256 message digest of a input data buffer.\r
464\r
465 This function performs the SHA-256 message digest of a given data buffer, and places\r
466 the digest value into the specified memory.\r
467\r
468 If this interface is not supported, then return FALSE.\r
469\r
470 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
471 @param[in] DataSize Size of Data buffer in bytes.\r
472 @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest\r
473 value (32 bytes).\r
474\r
475 @retval TRUE SHA-256 digest computation succeeded.\r
476 @retval FALSE SHA-256 digest computation failed.\r
477 @retval FALSE This interface is not supported.\r
478\r
479**/\r
480BOOLEAN\r
481EFIAPI\r
482Sha256HashAll (\r
483 IN CONST VOID *Data,\r
484 IN UINTN DataSize,\r
485 OUT UINT8 *HashValue\r
486 );\r
487\r
2ac68e8b
QL		 488/**\r
489 Retrieves the size, in bytes, of the context buffer required for SHA-384 hash operations.\r
490\r
491 @return The size, in bytes, of the context buffer required for SHA-384 hash operations.\r
492\r
493**/\r
494UINTN\r
495EFIAPI\r
496Sha384GetContextSize (\r
497 VOID\r
498 );\r
499\r
500/**\r
501 Initializes user-supplied memory pointed by Sha384Context as SHA-384 hash context for\r
502 subsequent use.\r
503\r
504 If Sha384Context is NULL, then return FALSE.\r
505\r
506 @param[out] Sha384Context Pointer to SHA-384 context being initialized.\r
507\r
508 @retval TRUE SHA-384 context initialization succeeded.\r
509 @retval FALSE SHA-384 context initialization failed.\r
510\r
511**/\r
512BOOLEAN\r
513EFIAPI\r
514Sha384Init (\r
515 OUT VOID *Sha384Context\r
516 );\r
517\r
518/**\r
519 Makes a copy of an existing SHA-384 context.\r
520\r
521 If Sha384Context is NULL, then return FALSE.\r
522 If NewSha384Context is NULL, then return FALSE.\r
523 If this interface is not supported, then return FALSE.\r
524\r
525 @param[in] Sha384Context Pointer to SHA-384 context being copied.\r
526 @param[out] NewSha384Context Pointer to new SHA-384 context.\r
527\r
528 @retval TRUE SHA-384 context copy succeeded.\r
529 @retval FALSE SHA-384 context copy failed.\r
530 @retval FALSE This interface is not supported.\r
531\r
532**/\r
533BOOLEAN\r
534EFIAPI\r
535Sha384Duplicate (\r
536 IN CONST VOID *Sha384Context,\r
537 OUT VOID *NewSha384Context\r
538 );\r
539\r
540/**\r
541 Digests the input data and updates SHA-384 context.\r
542\r
543 This function performs SHA-384 digest on a data buffer of the specified size.\r
544 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
2998af86 545 SHA-384 context should be already correctly initialized by Sha384Init(), and should not be finalized\r
2ac68e8b
QL		 546 by Sha384Final(). Behavior with invalid context is undefined.\r
547\r
548 If Sha384Context is NULL, then return FALSE.\r
549\r
550 @param[in, out] Sha384Context Pointer to the SHA-384 context.\r
551 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
552 @param[in] DataSize Size of Data buffer in bytes.\r
553\r
554 @retval TRUE SHA-384 data digest succeeded.\r
555 @retval FALSE SHA-384 data digest failed.\r
556\r
557**/\r
558BOOLEAN\r
559EFIAPI\r
560Sha384Update (\r
561 IN OUT VOID *Sha384Context,\r
562 IN CONST VOID *Data,\r
563 IN UINTN DataSize\r
564 );\r
565\r
566/**\r
567 Completes computation of the SHA-384 digest value.\r
568\r
569 This function completes SHA-384 hash computation and retrieves the digest value into\r
570 the specified memory. After this function has been called, the SHA-384 context cannot\r
571 be used again.\r
2998af86 572 SHA-384 context should be already correctly initialized by Sha384Init(), and should not be\r
2ac68e8b
QL		 573 finalized by Sha384Final(). Behavior with invalid SHA-384 context is undefined.\r
574\r
575 If Sha384Context is NULL, then return FALSE.\r
576 If HashValue is NULL, then return FALSE.\r
577\r
578 @param[in, out] Sha384Context Pointer to the SHA-384 context.\r
579 @param[out] HashValue Pointer to a buffer that receives the SHA-384 digest\r
580 value (48 bytes).\r
581\r
582 @retval TRUE SHA-384 digest computation succeeded.\r
583 @retval FALSE SHA-384 digest computation failed.\r
584\r
585**/\r
586BOOLEAN\r
587EFIAPI\r
588Sha384Final (\r
589 IN OUT VOID *Sha384Context,\r
590 OUT UINT8 *HashValue\r
591 );\r
592\r
b7d1ba0a
QL		 593/**\r
594 Computes the SHA-384 message digest of a input data buffer.\r
595\r
596 This function performs the SHA-384 message digest of a given data buffer, and places\r
597 the digest value into the specified memory.\r
598\r
599 If this interface is not supported, then return FALSE.\r
600\r
601 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
602 @param[in] DataSize Size of Data buffer in bytes.\r
603 @param[out] HashValue Pointer to a buffer that receives the SHA-384 digest\r
604 value (48 bytes).\r
605\r
606 @retval TRUE SHA-384 digest computation succeeded.\r
607 @retval FALSE SHA-384 digest computation failed.\r
608 @retval FALSE This interface is not supported.\r
609\r
610**/\r
611BOOLEAN\r
612EFIAPI\r
613Sha384HashAll (\r
614 IN CONST VOID *Data,\r
615 IN UINTN DataSize,\r
616 OUT UINT8 *HashValue\r
617 );\r
618\r
2ac68e8b
QL		 619/**\r
620 Retrieves the size, in bytes, of the context buffer required for SHA-512 hash operations.\r
621\r
622 @return The size, in bytes, of the context buffer required for SHA-512 hash operations.\r
623\r
624**/\r
625UINTN\r
626EFIAPI\r
627Sha512GetContextSize (\r
628 VOID\r
629 );\r
630\r
631/**\r
632 Initializes user-supplied memory pointed by Sha512Context as SHA-512 hash context for\r
633 subsequent use.\r
634\r
635 If Sha512Context is NULL, then return FALSE.\r
636\r
637 @param[out] Sha512Context Pointer to SHA-512 context being initialized.\r
638\r
639 @retval TRUE SHA-512 context initialization succeeded.\r
640 @retval FALSE SHA-512 context initialization failed.\r
641\r
642**/\r
643BOOLEAN\r
644EFIAPI\r
645Sha512Init (\r
646 OUT VOID *Sha512Context\r
647 );\r
648\r
649/**\r
650 Makes a copy of an existing SHA-512 context.\r
651\r
652 If Sha512Context is NULL, then return FALSE.\r
653 If NewSha512Context is NULL, then return FALSE.\r
654 If this interface is not supported, then return FALSE.\r
655\r
656 @param[in] Sha512Context Pointer to SHA-512 context being copied.\r
657 @param[out] NewSha512Context Pointer to new SHA-512 context.\r
658\r
659 @retval TRUE SHA-512 context copy succeeded.\r
660 @retval FALSE SHA-512 context copy failed.\r
661 @retval FALSE This interface is not supported.\r
662\r
663**/\r
664BOOLEAN\r
665EFIAPI\r
666Sha512Duplicate (\r
667 IN CONST VOID *Sha512Context,\r
668 OUT VOID *NewSha512Context\r
669 );\r
670\r
671/**\r
672 Digests the input data and updates SHA-512 context.\r
673\r
674 This function performs SHA-512 digest on a data buffer of the specified size.\r
675 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
2998af86 676 SHA-512 context should be already correctly initialized by Sha512Init(), and should not be finalized\r
2ac68e8b
QL		 677 by Sha512Final(). Behavior with invalid context is undefined.\r
678\r
679 If Sha512Context is NULL, then return FALSE.\r
680\r
681 @param[in, out] Sha512Context Pointer to the SHA-512 context.\r
682 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
683 @param[in] DataSize Size of Data buffer in bytes.\r
684\r
685 @retval TRUE SHA-512 data digest succeeded.\r
686 @retval FALSE SHA-512 data digest failed.\r
687\r
688**/\r
689BOOLEAN\r
690EFIAPI\r
691Sha512Update (\r
692 IN OUT VOID *Sha512Context,\r
693 IN CONST VOID *Data,\r
694 IN UINTN DataSize\r
695 );\r
696\r
697/**\r
698 Completes computation of the SHA-512 digest value.\r
699\r
700 This function completes SHA-512 hash computation and retrieves the digest value into\r
701 the specified memory. After this function has been called, the SHA-512 context cannot\r
702 be used again.\r
2998af86 703 SHA-512 context should be already correctly initialized by Sha512Init(), and should not be\r
2ac68e8b
QL		 704 finalized by Sha512Final(). Behavior with invalid SHA-512 context is undefined.\r
705\r
706 If Sha512Context is NULL, then return FALSE.\r
707 If HashValue is NULL, then return FALSE.\r
708\r
709 @param[in, out] Sha512Context Pointer to the SHA-512 context.\r
710 @param[out] HashValue Pointer to a buffer that receives the SHA-512 digest\r
711 value (64 bytes).\r
712\r
713 @retval TRUE SHA-512 digest computation succeeded.\r
714 @retval FALSE SHA-512 digest computation failed.\r
715\r
716**/\r
717BOOLEAN\r
718EFIAPI\r
719Sha512Final (\r
720 IN OUT VOID *Sha512Context,\r
721 OUT UINT8 *HashValue\r
722 );\r
97f98500 723\r
b7d1ba0a
QL		 724/**\r
725 Computes the SHA-512 message digest of a input data buffer.\r
726\r
727 This function performs the SHA-512 message digest of a given data buffer, and places\r
728 the digest value into the specified memory.\r
729\r
730 If this interface is not supported, then return FALSE.\r
731\r
732 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
733 @param[in] DataSize Size of Data buffer in bytes.\r
734 @param[out] HashValue Pointer to a buffer that receives the SHA-512 digest\r
735 value (64 bytes).\r
736\r
737 @retval TRUE SHA-512 digest computation succeeded.\r
738 @retval FALSE SHA-512 digest computation failed.\r
739 @retval FALSE This interface is not supported.\r
740\r
741**/\r
742BOOLEAN\r
743EFIAPI\r
744Sha512HashAll (\r
745 IN CONST VOID *Data,\r
746 IN UINTN DataSize,\r
747 OUT UINT8 *HashValue\r
748 );\r
749\r
f0718d1d
LX		 750/**\r
751 Retrieves the size, in bytes, of the context buffer required for SM3 hash operations.\r
752\r
753 @return The size, in bytes, of the context buffer required for SM3 hash operations.\r
754\r
755**/\r
756UINTN\r
757EFIAPI\r
758Sm3GetContextSize (\r
759 VOID\r
760 );\r
761\r
762/**\r
763 Initializes user-supplied memory pointed by Sm3Context as SM3 hash context for\r
764 subsequent use.\r
765\r
766 If Sm3Context is NULL, then return FALSE.\r
767\r
768 @param[out] Sm3Context Pointer to SM3 context being initialized.\r
769\r
770 @retval TRUE SM3 context initialization succeeded.\r
771 @retval FALSE SM3 context initialization failed.\r
772\r
773**/\r
774BOOLEAN\r
775EFIAPI\r
776Sm3Init (\r
777 OUT VOID *Sm3Context\r
778 );\r
779\r
780/**\r
781 Makes a copy of an existing SM3 context.\r
782\r
783 If Sm3Context is NULL, then return FALSE.\r
784 If NewSm3Context is NULL, then return FALSE.\r
785 If this interface is not supported, then return FALSE.\r
786\r
787 @param[in] Sm3Context Pointer to SM3 context being copied.\r
788 @param[out] NewSm3Context Pointer to new SM3 context.\r
789\r
790 @retval TRUE SM3 context copy succeeded.\r
791 @retval FALSE SM3 context copy failed.\r
792 @retval FALSE This interface is not supported.\r
793\r
794**/\r
795BOOLEAN\r
796EFIAPI\r
797Sm3Duplicate (\r
798 IN CONST VOID *Sm3Context,\r
799 OUT VOID *NewSm3Context\r
800 );\r
801\r
802/**\r
803 Digests the input data and updates SM3 context.\r
804\r
805 This function performs SM3 digest on a data buffer of the specified size.\r
806 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
807 SM3 context should be already correctly initialized by Sm3Init(), and should not be finalized\r
808 by Sm3Final(). Behavior with invalid context is undefined.\r
809\r
810 If Sm3Context is NULL, then return FALSE.\r
811\r
812 @param[in, out] Sm3Context Pointer to the SM3 context.\r
813 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
814 @param[in] DataSize Size of Data buffer in bytes.\r
815\r
816 @retval TRUE SM3 data digest succeeded.\r
817 @retval FALSE SM3 data digest failed.\r
818\r
819**/\r
820BOOLEAN\r
821EFIAPI\r
822Sm3Update (\r
823 IN OUT VOID *Sm3Context,\r
824 IN CONST VOID *Data,\r
825 IN UINTN DataSize\r
826 );\r
827\r
828/**\r
829 Completes computation of the SM3 digest value.\r
830\r
831 This function completes SM3 hash computation and retrieves the digest value into\r
832 the specified memory. After this function has been called, the SM3 context cannot\r
833 be used again.\r
834 SM3 context should be already correctly initialized by Sm3Init(), and should not be\r
835 finalized by Sm3Final(). Behavior with invalid SM3 context is undefined.\r
836\r
837 If Sm3Context is NULL, then return FALSE.\r
838 If HashValue is NULL, then return FALSE.\r
839\r
840 @param[in, out] Sm3Context Pointer to the SM3 context.\r
841 @param[out] HashValue Pointer to a buffer that receives the SM3 digest\r
842 value (32 bytes).\r
843\r
844 @retval TRUE SM3 digest computation succeeded.\r
845 @retval FALSE SM3 digest computation failed.\r
846\r
847**/\r
848BOOLEAN\r
849EFIAPI\r
850Sm3Final (\r
851 IN OUT VOID *Sm3Context,\r
852 OUT UINT8 *HashValue\r
853 );\r
854\r
855/**\r
856 Computes the SM3 message digest of a input data buffer.\r
857\r
858 This function performs the SM3 message digest of a given data buffer, and places\r
859 the digest value into the specified memory.\r
860\r
861 If this interface is not supported, then return FALSE.\r
862\r
863 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
864 @param[in] DataSize Size of Data buffer in bytes.\r
865 @param[out] HashValue Pointer to a buffer that receives the SM3 digest\r
866 value (32 bytes).\r
867\r
868 @retval TRUE SM3 digest computation succeeded.\r
869 @retval FALSE SM3 digest computation failed.\r
870 @retval FALSE This interface is not supported.\r
871\r
872**/\r
873BOOLEAN\r
874EFIAPI\r
875Sm3HashAll (\r
876 IN CONST VOID *Data,\r
877 IN UINTN DataSize,\r
878 OUT UINT8 *HashValue\r
879 );\r
880\r
97f98500
HT		 881//=====================================================================================\r
882// MAC (Message Authentication Code) Primitive\r
883//=====================================================================================\r
884\r
4c270243
QL		 885/**\r
886 Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.\r
887\r
888 @return Pointer to the HMAC_CTX context that has been initialized.\r
889 If the allocations fails, HmacSha256New() returns NULL.\r
890\r
891**/\r
892VOID *\r
893EFIAPI\r
894HmacSha256New (\r
895 VOID\r
896 );\r
897\r
898/**\r
899 Release the specified HMAC_CTX context.\r
900\r
901 @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released.\r
902\r
903**/\r
904VOID\r
905EFIAPI\r
906HmacSha256Free (\r
907 IN VOID *HmacSha256Ctx\r
908 );\r
909\r
72009c62 910/**\r
a23fdff6
JW		 911 Set user-supplied key for subsequent use. It must be done before any\r
912 calling to HmacSha256Update().\r
72009c62
QL		 913\r
914 If HmacSha256Context is NULL, then return FALSE.\r
915 If this interface is not supported, then return FALSE.\r
916\r
a23fdff6 917 @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.\r
72009c62
QL		 918 @param[in] Key Pointer to the user-supplied key.\r
919 @param[in] KeySize Key size in bytes.\r
920\r
a23fdff6
JW		 921 @retval TRUE The Key is set successfully.\r
922 @retval FALSE The Key is set unsuccessfully.\r
72009c62
QL		 923 @retval FALSE This interface is not supported.\r
924\r
925**/\r
926BOOLEAN\r
927EFIAPI\r
a23fdff6 928HmacSha256SetKey (\r
72009c62
QL		 929 OUT VOID *HmacSha256Context,\r
930 IN CONST UINT8 *Key,\r
931 IN UINTN KeySize\r
932 );\r
933\r
934/**\r
935 Makes a copy of an existing HMAC-SHA256 context.\r
936\r
937 If HmacSha256Context is NULL, then return FALSE.\r
938 If NewHmacSha256Context is NULL, then return FALSE.\r
939 If this interface is not supported, then return FALSE.\r
940\r
941 @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied.\r
942 @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context.\r
943\r
944 @retval TRUE HMAC-SHA256 context copy succeeded.\r
945 @retval FALSE HMAC-SHA256 context copy failed.\r
946 @retval FALSE This interface is not supported.\r
947\r
948**/\r
949BOOLEAN\r
950EFIAPI\r
951HmacSha256Duplicate (\r
952 IN CONST VOID *HmacSha256Context,\r
953 OUT VOID *NewHmacSha256Context\r
954 );\r
955\r
956/**\r
957 Digests the input data and updates HMAC-SHA256 context.\r
958\r
959 This function performs HMAC-SHA256 digest on a data buffer of the specified size.\r
960 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
a23fdff6
JW		 961 HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized\r
962 by HmacSha256Final(). Behavior with invalid context is undefined.\r
72009c62
QL		 963\r
964 If HmacSha256Context is NULL, then return FALSE.\r
965 If this interface is not supported, then return FALSE.\r
966\r
967 @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.\r
968 @param[in] Data Pointer to the buffer containing the data to be digested.\r
969 @param[in] DataSize Size of Data buffer in bytes.\r
970\r
971 @retval TRUE HMAC-SHA256 data digest succeeded.\r
972 @retval FALSE HMAC-SHA256 data digest failed.\r
973 @retval FALSE This interface is not supported.\r
974\r
975**/\r
976BOOLEAN\r
977EFIAPI\r
978HmacSha256Update (\r
979 IN OUT VOID *HmacSha256Context,\r
980 IN CONST VOID *Data,\r
981 IN UINTN DataSize\r
982 );\r
983\r
984/**\r
985 Completes computation of the HMAC-SHA256 digest value.\r
986\r
987 This function completes HMAC-SHA256 hash computation and retrieves the digest value into\r
988 the specified memory. After this function has been called, the HMAC-SHA256 context cannot\r
989 be used again.\r
a23fdff6
JW		 990 HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized\r
991 by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined.\r
72009c62
QL		 992\r
993 If HmacSha256Context is NULL, then return FALSE.\r
68ae7cd6 994 If HmacValue is NULL, then return FALSE.\r
72009c62
QL		 995 If this interface is not supported, then return FALSE.\r
996\r
997 @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.\r
68ae7cd6 998 @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest\r
72009c62
QL		 999 value (32 bytes).\r
1000\r
1001 @retval TRUE HMAC-SHA256 digest computation succeeded.\r
1002 @retval FALSE HMAC-SHA256 digest computation failed.\r
1003 @retval FALSE This interface is not supported.\r
1004\r
1005**/\r
1006BOOLEAN\r
1007EFIAPI\r
1008HmacSha256Final (\r
1009 IN OUT VOID *HmacSha256Context,\r
1010 OUT UINT8 *HmacValue\r
1011 );\r
1012\r
97f98500
HT		 1013//=====================================================================================\r
1014// Symmetric Cryptography Primitive\r
1015//=====================================================================================\r
1016\r
a8c44645 1017/**\r
1018 Retrieves the size, in bytes, of the context buffer required for AES operations.\r
1019\r
532616bb 1020 If this interface is not supported, then return zero.\r
1021\r
a8c44645 1022 @return The size, in bytes, of the context buffer required for AES operations.\r
532616bb 1023 @retval 0 This interface is not supported.\r
a8c44645 1024\r
1025**/\r
1026UINTN\r
1027EFIAPI\r
1028AesGetContextSize (\r
1029 VOID\r
1030 );\r
1031\r
1032/**\r
1033 Initializes user-supplied memory as AES context for subsequent use.\r
1034\r
1035 This function initializes user-supplied memory pointed by AesContext as AES context.\r
6b8ebcb8 1036 In addition, it sets up all AES key materials for subsequent encryption and decryption\r
a8c44645 1037 operations.\r
1038 There are 3 options for key length, 128 bits, 192 bits, and 256 bits.\r
1039\r
16d2c32c 1040 If AesContext is NULL, then return FALSE.\r
1041 If Key is NULL, then return FALSE.\r
1042 If KeyLength is not valid, then return FALSE.\r
532616bb 1043 If this interface is not supported, then return FALSE.\r
a8c44645 1044\r
1045 @param[out] AesContext Pointer to AES context being initialized.\r
1046 @param[in] Key Pointer to the user-supplied AES key.\r
1047 @param[in] KeyLength Length of AES key in bits.\r
1048\r
1049 @retval TRUE AES context initialization succeeded.\r
1050 @retval FALSE AES context initialization failed.\r
532616bb 1051 @retval FALSE This interface is not supported.\r
a8c44645 1052\r
1053**/\r
1054BOOLEAN\r
1055EFIAPI\r
1056AesInit (\r
1057 OUT VOID *AesContext,\r
1058 IN CONST UINT8 *Key,\r
1059 IN UINTN KeyLength\r
1060 );\r
1061\r
a8c44645 1062/**\r
1063 Performs AES encryption on a data buffer of the specified size in CBC mode.\r
1064\r
1065 This function performs AES encryption on data buffer pointed by Input, of specified\r
1066 size of InputSize, in CBC mode.\r
1067 InputSize must be multiple of block size (16 bytes). This function does not perform\r
1068 padding. Caller must perform padding, if necessary, to ensure valid input data size.\r
1069 Initialization vector should be one block size (16 bytes).\r
1070 AesContext should be already correctly initialized by AesInit(). Behavior with\r
1071 invalid AES context is undefined.\r
1072\r
16d2c32c 1073 If AesContext is NULL, then return FALSE.\r
1074 If Input is NULL, then return FALSE.\r
1075 If InputSize is not multiple of block size (16 bytes), then return FALSE.\r
1076 If Ivec is NULL, then return FALSE.\r
1077 If Output is NULL, then return FALSE.\r
532616bb 1078 If this interface is not supported, then return FALSE.\r
a8c44645 1079\r
1080 @param[in] AesContext Pointer to the AES context.\r
1081 @param[in] Input Pointer to the buffer containing the data to be encrypted.\r
1082 @param[in] InputSize Size of the Input buffer in bytes.\r
1083 @param[in] Ivec Pointer to initialization vector.\r
1084 @param[out] Output Pointer to a buffer that receives the AES encryption output.\r
1085\r
1086 @retval TRUE AES encryption succeeded.\r
1087 @retval FALSE AES encryption failed.\r
532616bb 1088 @retval FALSE This interface is not supported.\r
a8c44645 1089\r
1090**/\r
1091BOOLEAN\r
1092EFIAPI\r
1093AesCbcEncrypt (\r
1094 IN VOID *AesContext,\r
1095 IN CONST UINT8 *Input,\r
1096 IN UINTN InputSize,\r
1097 IN CONST UINT8 *Ivec,\r
1098 OUT UINT8 *Output\r
1099 );\r
1100\r
1101/**\r
1102 Performs AES decryption on a data buffer of the specified size in CBC mode.\r
1103\r
1104 This function performs AES decryption on data buffer pointed by Input, of specified\r
1105 size of InputSize, in CBC mode.\r
1106 InputSize must be multiple of block size (16 bytes). This function does not perform\r
1107 padding. Caller must perform padding, if necessary, to ensure valid input data size.\r
1108 Initialization vector should be one block size (16 bytes).\r
1109 AesContext should be already correctly initialized by AesInit(). Behavior with\r
1110 invalid AES context is undefined.\r
1111\r
16d2c32c 1112 If AesContext is NULL, then return FALSE.\r
1113 If Input is NULL, then return FALSE.\r
1114 If InputSize is not multiple of block size (16 bytes), then return FALSE.\r
1115 If Ivec is NULL, then return FALSE.\r
1116 If Output is NULL, then return FALSE.\r
532616bb 1117 If this interface is not supported, then return FALSE.\r
a8c44645 1118\r
1119 @param[in] AesContext Pointer to the AES context.\r
1120 @param[in] Input Pointer to the buffer containing the data to be encrypted.\r
1121 @param[in] InputSize Size of the Input buffer in bytes.\r
1122 @param[in] Ivec Pointer to initialization vector.\r
1123 @param[out] Output Pointer to a buffer that receives the AES encryption output.\r
1124\r
1125 @retval TRUE AES decryption succeeded.\r
1126 @retval FALSE AES decryption failed.\r
532616bb 1127 @retval FALSE This interface is not supported.\r
a8c44645 1128\r
1129**/\r
1130BOOLEAN\r
1131EFIAPI\r
1132AesCbcDecrypt (\r
1133 IN VOID *AesContext,\r
1134 IN CONST UINT8 *Input,\r
1135 IN UINTN InputSize,\r
1136 IN CONST UINT8 *Ivec,\r
1137 OUT UINT8 *Output\r
1138 );\r
1139\r
97f98500
HT		 1140//=====================================================================================\r
1141// Asymmetric Cryptography Primitive\r
1142//=====================================================================================\r
1143\r
1144/**\r
a8c44645 1145 Allocates and initializes one RSA context for subsequent use.\r
97f98500 1146\r
a8c44645 1147 @return Pointer to the RSA context that has been initialized.\r
97f98500
HT		 1148 If the allocations fails, RsaNew() returns NULL.\r
1149\r
1150**/\r
1151VOID *\r
1152EFIAPI\r
1153RsaNew (\r
1154 VOID\r
1155 );\r
1156\r
97f98500 1157/**\r
a8c44645 1158 Release the specified RSA context.\r
1159\r
16d2c32c 1160 If RsaContext is NULL, then return FALSE.\r
97f98500
HT		 1161\r
1162 @param[in] RsaContext Pointer to the RSA context to be released.\r
1163\r
1164**/\r
1165VOID\r
1166EFIAPI\r
1167RsaFree (\r
1168 IN VOID *RsaContext\r
1169 );\r
1170\r
97f98500 1171/**\r
a8c44645 1172 Sets the tag-designated key component into the established RSA context.\r
1173\r
1174 This function sets the tag-designated RSA key component into the established\r
1175 RSA context from the user-specified non-negative integer (octet string format\r
1176 represented in RSA PKCS#1).\r
2998af86 1177 If BigNumber is NULL, then the specified key component in RSA context is cleared.\r
97f98500 1178\r
16d2c32c 1179 If RsaContext is NULL, then return FALSE.\r
97f98500
HT		 1180\r
1181 @param[in, out] RsaContext Pointer to RSA context being set.\r
1182 @param[in] KeyTag Tag of RSA key component being set.\r
1183 @param[in] BigNumber Pointer to octet integer buffer.\r
2998af86 1184 If NULL, then the specified key component in RSA\r
a8c44645 1185 context is cleared.\r
1186 @param[in] BnSize Size of big number buffer in bytes.\r
1187 If BigNumber is NULL, then it is ignored.\r
97f98500 1188\r
a8c44645 1189 @retval TRUE RSA key component was set successfully.\r
1190 @retval FALSE Invalid RSA key component tag.\r
97f98500
HT		 1191\r
1192**/\r
1193BOOLEAN\r
1194EFIAPI\r
1195RsaSetKey (\r
a8c44645 1196 IN OUT VOID *RsaContext,\r
1197 IN RSA_KEY_TAG KeyTag,\r
1198 IN CONST UINT8 *BigNumber,\r
1199 IN UINTN BnSize\r
1200 );\r
1201\r
1202/**\r
1203 Gets the tag-designated RSA key component from the established RSA context.\r
1204\r
1205 This function retrieves the tag-designated RSA key component from the\r
1206 established RSA context as a non-negative integer (octet string format\r
1207 represented in RSA PKCS#1).\r
1208 If specified key component has not been set or has been cleared, then returned\r
1209 BnSize is set to 0.\r
1210 If the BigNumber buffer is too small to hold the contents of the key, FALSE\r
1211 is returned and BnSize is set to the required buffer size to obtain the key.\r
1212\r
16d2c32c 1213 If RsaContext is NULL, then return FALSE.\r
1214 If BnSize is NULL, then return FALSE.\r
1215 If BnSize is large enough but BigNumber is NULL, then return FALSE.\r
532616bb 1216 If this interface is not supported, then return FALSE.\r
a8c44645 1217\r
1218 @param[in, out] RsaContext Pointer to RSA context being set.\r
1219 @param[in] KeyTag Tag of RSA key component being set.\r
1220 @param[out] BigNumber Pointer to octet integer buffer.\r
1221 @param[in, out] BnSize On input, the size of big number buffer in bytes.\r
1222 On output, the size of data returned in big number buffer in bytes.\r
1223\r
1224 @retval TRUE RSA key component was retrieved successfully.\r
1225 @retval FALSE Invalid RSA key component tag.\r
1226 @retval FALSE BnSize is too small.\r
532616bb 1227 @retval FALSE This interface is not supported.\r
a8c44645 1228\r
1229**/\r
1230BOOLEAN\r
1231EFIAPI\r
1232RsaGetKey (\r
1233 IN OUT VOID *RsaContext,\r
1234 IN RSA_KEY_TAG KeyTag,\r
1235 OUT UINT8 *BigNumber,\r
1236 IN OUT UINTN *BnSize\r
1237 );\r
1238\r
1239/**\r
1240 Generates RSA key components.\r
1241\r
1242 This function generates RSA key components. It takes RSA public exponent E and\r
1243 length in bits of RSA modulus N as input, and generates all key components.\r
1244 If PublicExponent is NULL, the default RSA public exponent (0x10001) will be used.\r
1245\r
1246 Before this function can be invoked, pseudorandom number generator must be correctly\r
1247 initialized by RandomSeed().\r
1248\r
16d2c32c 1249 If RsaContext is NULL, then return FALSE.\r
532616bb 1250 If this interface is not supported, then return FALSE.\r
a8c44645 1251\r
1252 @param[in, out] RsaContext Pointer to RSA context being set.\r
1253 @param[in] ModulusLength Length of RSA modulus N in bits.\r
1254 @param[in] PublicExponent Pointer to RSA public exponent.\r
2ac68e8b 1255 @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.\r
a8c44645 1256\r
1257 @retval TRUE RSA key component was generated successfully.\r
1258 @retval FALSE Invalid RSA key component tag.\r
532616bb 1259 @retval FALSE This interface is not supported.\r
a8c44645 1260\r
1261**/\r
1262BOOLEAN\r
1263EFIAPI\r
1264RsaGenerateKey (\r
1265 IN OUT VOID *RsaContext,\r
1266 IN UINTN ModulusLength,\r
1267 IN CONST UINT8 *PublicExponent,\r
1268 IN UINTN PublicExponentSize\r
1269 );\r
1270\r
1271/**\r
1272 Validates key components of RSA context.\r
952bd229
QL		 1273 NOTE: This function performs integrity checks on all the RSA key material, so\r
1274 the RSA key structure must contain all the private key data.\r
a8c44645 1275\r
2998af86 1276 This function validates key components of RSA context in following aspects:\r
a8c44645 1277 - Whether p is a prime\r
1278 - Whether q is a prime\r
1279 - Whether n = p * q\r
1280 - Whether d*e = 1 mod lcm(p-1,q-1)\r
1281\r
16d2c32c 1282 If RsaContext is NULL, then return FALSE.\r
532616bb 1283 If this interface is not supported, then return FALSE.\r
a8c44645 1284\r
1285 @param[in] RsaContext Pointer to RSA context to check.\r
1286\r
1287 @retval TRUE RSA key components are valid.\r
1288 @retval FALSE RSA key components are not valid.\r
532616bb 1289 @retval FALSE This interface is not supported.\r
a8c44645 1290\r
1291**/\r
1292BOOLEAN\r
1293EFIAPI\r
1294RsaCheckKey (\r
1295 IN VOID *RsaContext\r
97f98500
HT		 1296 );\r
1297\r
a8c44645 1298/**\r
1299 Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.\r
1300\r
1301 This function carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme defined in\r
1302 RSA PKCS#1.\r
1303 If the Signature buffer is too small to hold the contents of signature, FALSE\r
1304 is returned and SigSize is set to the required buffer size to obtain the signature.\r
1305\r
16d2c32c 1306 If RsaContext is NULL, then return FALSE.\r
1307 If MessageHash is NULL, then return FALSE.\r
1308 If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.\r
1309 If SigSize is large enough but Signature is NULL, then return FALSE.\r
532616bb 1310 If this interface is not supported, then return FALSE.\r
a8c44645 1311\r
1312 @param[in] RsaContext Pointer to RSA context for signature generation.\r
1313 @param[in] MessageHash Pointer to octet message hash to be signed.\r
1314 @param[in] HashSize Size of the message hash in bytes.\r
1315 @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature.\r
1316 @param[in, out] SigSize On input, the size of Signature buffer in bytes.\r
b7d320f8 1317 On output, the size of data returned in Signature buffer in bytes.\r
a8c44645 1318\r
1319 @retval TRUE Signature successfully generated in PKCS1-v1_5.\r
1320 @retval FALSE Signature generation failed.\r
1321 @retval FALSE SigSize is too small.\r
532616bb 1322 @retval FALSE This interface is not supported.\r
a8c44645 1323\r
1324**/\r
1325BOOLEAN\r
1326EFIAPI\r
1327RsaPkcs1Sign (\r
1328 IN VOID *RsaContext,\r
1329 IN CONST UINT8 *MessageHash,\r
1330 IN UINTN HashSize,\r
1331 OUT UINT8 *Signature,\r
1332 IN OUT UINTN *SigSize\r
1333 );\r
97f98500
HT		 1334\r
1335/**\r
1336 Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in\r
1337 RSA PKCS#1.\r
1338\r
16d2c32c 1339 If RsaContext is NULL, then return FALSE.\r
1340 If MessageHash is NULL, then return FALSE.\r
1341 If Signature is NULL, then return FALSE.\r
1342 If HashSize is not equal to the size of MD5, SHA-1, SHA-256 digest, then return FALSE.\r
97f98500
HT		 1343\r
1344 @param[in] RsaContext Pointer to RSA context for signature verification.\r
1345 @param[in] MessageHash Pointer to octet message hash to be checked.\r
a8c44645 1346 @param[in] HashSize Size of the message hash in bytes.\r
97f98500 1347 @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.\r
a8c44645 1348 @param[in] SigSize Size of signature in bytes.\r
97f98500 1349\r
a8c44645 1350 @retval TRUE Valid signature encoded in PKCS1-v1_5.\r
1351 @retval FALSE Invalid signature or invalid RSA context.\r
97f98500
HT		 1352\r
1353**/\r
1354BOOLEAN\r
1355EFIAPI\r
1356RsaPkcs1Verify (\r
1357 IN VOID *RsaContext,\r
1358 IN CONST UINT8 *MessageHash,\r
a8c44645 1359 IN UINTN HashSize,\r
8c5720b4 1360 IN CONST UINT8 *Signature,\r
a8c44645 1361 IN UINTN SigSize\r
97f98500
HT		 1362 );\r
1363\r
4a567c96 1364/**\r
1365 Retrieve the RSA Private Key from the password-protected PEM key data.\r
1366\r
532616bb 1367 If PemData is NULL, then return FALSE.\r
1368 If RsaContext is NULL, then return FALSE.\r
1369 If this interface is not supported, then return FALSE.\r
1370\r
4a567c96 1371 @param[in] PemData Pointer to the PEM-encoded key data to be retrieved.\r
1372 @param[in] PemSize Size of the PEM key data in bytes.\r
1373 @param[in] Password NULL-terminated passphrase used for encrypted PEM key data.\r
1374 @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved\r
1375 RSA private key component. Use RsaFree() function to free the\r
1376 resource.\r
1377\r
4a567c96 1378 @retval TRUE RSA Private Key was retrieved successfully.\r
1379 @retval FALSE Invalid PEM key data or incorrect password.\r
532616bb 1380 @retval FALSE This interface is not supported.\r
4a567c96 1381\r
1382**/\r
1383BOOLEAN\r
1384EFIAPI\r
1385RsaGetPrivateKeyFromPem (\r
1386 IN CONST UINT8 *PemData,\r
1387 IN UINTN PemSize,\r
1388 IN CONST CHAR8 *Password,\r
1389 OUT VOID **RsaContext\r
1390 );\r
1391\r
1392/**\r
1393 Retrieve the RSA Public Key from one DER-encoded X509 certificate.\r
1394\r
532616bb 1395 If Cert is NULL, then return FALSE.\r
1396 If RsaContext is NULL, then return FALSE.\r
1397 If this interface is not supported, then return FALSE.\r
1398\r
4a567c96 1399 @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
1400 @param[in] CertSize Size of the X509 certificate in bytes.\r
1401 @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved\r
1402 RSA public key component. Use RsaFree() function to free the\r
1403 resource.\r
1404\r
4a567c96 1405 @retval TRUE RSA Public Key was retrieved successfully.\r
1406 @retval FALSE Fail to retrieve RSA public key from X509 certificate.\r
532616bb 1407 @retval FALSE This interface is not supported.\r
4a567c96 1408\r
1409**/\r
1410BOOLEAN\r
1411EFIAPI\r
1412RsaGetPublicKeyFromX509 (\r
1413 IN CONST UINT8 *Cert,\r
1414 IN UINTN CertSize,\r
1415 OUT VOID **RsaContext\r
1416 );\r
1417\r
1418/**\r
1419 Retrieve the subject bytes from one X.509 certificate.\r
1420\r
532616bb 1421 If Cert is NULL, then return FALSE.\r
1422 If SubjectSize is NULL, then return FALSE.\r
1423 If this interface is not supported, then return FALSE.\r
1424\r
4a567c96 1425 @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
1426 @param[in] CertSize Size of the X509 certificate in bytes.\r
1427 @param[out] CertSubject Pointer to the retrieved certificate subject bytes.\r
1428 @param[in, out] SubjectSize The size in bytes of the CertSubject buffer on input,\r
1429 and the size of buffer returned CertSubject on output.\r
1430\r
4a567c96 1431 @retval TRUE The certificate subject retrieved successfully.\r
1432 @retval FALSE Invalid certificate, or the SubjectSize is too small for the result.\r
1433 The SubjectSize will be updated with the required size.\r
532616bb 1434 @retval FALSE This interface is not supported.\r
4a567c96 1435\r
1436**/\r
1437BOOLEAN\r
1438EFIAPI\r
1439X509GetSubjectName (\r
1440 IN CONST UINT8 *Cert,\r
1441 IN UINTN CertSize,\r
1442 OUT UINT8 *CertSubject,\r
1443 IN OUT UINTN *SubjectSize\r
1444 );\r
1445\r
5b7c2245
QL		 1446/**\r
1447 Retrieve the common name (CN) string from one X.509 certificate.\r
1448\r
1449 @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
1450 @param[in] CertSize Size of the X509 certificate in bytes.\r
1451 @param[out] CommonName Buffer to contain the retrieved certificate common\r
0b6457ef 1452 name string (UTF8). At most CommonNameSize bytes will be\r
5b7c2245
QL		 1453 written and the string will be null terminated. May be\r
1454 NULL in order to determine the size buffer needed.\r
1455 @param[in,out] CommonNameSize The size in bytes of the CommonName buffer on input,\r
1456 and the size of buffer returned CommonName on output.\r
1457 If CommonName is NULL then the amount of space needed\r
1458 in buffer (including the final null) is returned.\r
1459\r
1460 @retval RETURN_SUCCESS The certificate CommonName retrieved successfully.\r
1461 @retval RETURN_INVALID_PARAMETER If Cert is NULL.\r
1462 If CommonNameSize is NULL.\r
1463 If CommonName is not NULL and *CommonNameSize is 0.\r
1464 If Certificate is invalid.\r
1465 @retval RETURN_NOT_FOUND If no CommonName entry exists.\r
1466 @retval RETURN_BUFFER_TOO_SMALL If the CommonName is NULL. The required buffer size\r
630f67dd 1467 (including the final null) is returned in the\r
5b7c2245
QL		 1468 CommonNameSize parameter.\r
1469 @retval RETURN_UNSUPPORTED The operation is not supported.\r
1470\r
1471**/\r
1472RETURN_STATUS\r
1473EFIAPI\r
1474X509GetCommonName (\r
1475 IN CONST UINT8 *Cert,\r
1476 IN UINTN CertSize,\r
1477 OUT CHAR8 *CommonName, OPTIONAL\r
1478 IN OUT UINTN *CommonNameSize\r
1479 );\r
1480\r
e2a673b8
BB		 1481/**\r
1482 Retrieve the organization name (O) string from one X.509 certificate.\r
1483\r
1484 @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
1485 @param[in] CertSize Size of the X509 certificate in bytes.\r
1486 @param[out] NameBuffer Buffer to contain the retrieved certificate organization\r
1487 name string. At most NameBufferSize bytes will be\r
1488 written and the string will be null terminated. May be\r
1489 NULL in order to determine the size buffer needed.\r
1490 @param[in,out] NameBufferSize The size in bytes of the Name buffer on input,\r
1491 and the size of buffer returned Name on output.\r
1492 If NameBuffer is NULL then the amount of space needed\r
1493 in buffer (including the final null) is returned.\r
1494\r
1495 @retval RETURN_SUCCESS The certificate Organization Name retrieved successfully.\r
1496 @retval RETURN_INVALID_PARAMETER If Cert is NULL.\r
1497 If NameBufferSize is NULL.\r
1498 If NameBuffer is not NULL and *CommonNameSize is 0.\r
1499 If Certificate is invalid.\r
1500 @retval RETURN_NOT_FOUND If no Organization Name entry exists.\r
1501 @retval RETURN_BUFFER_TOO_SMALL If the NameBuffer is NULL. The required buffer size\r
1502 (including the final null) is returned in the\r
1503 CommonNameSize parameter.\r
1504 @retval RETURN_UNSUPPORTED The operation is not supported.\r
1505\r
1506**/\r
1507RETURN_STATUS\r
1508EFIAPI\r
1509X509GetOrganizationName (\r
1510 IN CONST UINT8 *Cert,\r
1511 IN UINTN CertSize,\r
1512 OUT CHAR8 *NameBuffer, OPTIONAL\r
1513 IN OUT UINTN *NameBufferSize\r
1514 );\r
1515\r
4a567c96 1516/**\r
1517 Verify one X509 certificate was issued by the trusted CA.\r
1518\r
532616bb 1519 If Cert is NULL, then return FALSE.\r
1520 If CACert is NULL, then return FALSE.\r
1521 If this interface is not supported, then return FALSE.\r
1522\r
4a567c96 1523 @param[in] Cert Pointer to the DER-encoded X509 certificate to be verified.\r
1524 @param[in] CertSize Size of the X509 certificate in bytes.\r
1525 @param[in] CACert Pointer to the DER-encoded trusted CA certificate.\r
1526 @param[in] CACertSize Size of the CA Certificate in bytes.\r
1527\r
4a567c96 1528 @retval TRUE The certificate was issued by the trusted CA.\r
1529 @retval FALSE Invalid certificate or the certificate was not issued by the given\r
1530 trusted CA.\r
532616bb 1531 @retval FALSE This interface is not supported.\r
4a567c96 1532\r
1533**/\r
1534BOOLEAN\r
1535EFIAPI\r
1536X509VerifyCert (\r
1537 IN CONST UINT8 *Cert,\r
1538 IN UINTN CertSize,\r
1539 IN CONST UINT8 *CACert,\r
1540 IN UINTN CACertSize\r
1541 );\r
1542\r
b7d320f8 1543/**\r
1544 Construct a X509 object from DER-encoded certificate data.\r
1545\r
16d2c32c 1546 If Cert is NULL, then return FALSE.\r
1547 If SingleX509Cert is NULL, then return FALSE.\r
532616bb 1548 If this interface is not supported, then return FALSE.\r
b7d320f8 1549\r
1550 @param[in] Cert Pointer to the DER-encoded certificate data.\r
1551 @param[in] CertSize The size of certificate data in bytes.\r
1552 @param[out] SingleX509Cert The generated X509 object.\r
1553\r
1554 @retval TRUE The X509 object generation succeeded.\r
1555 @retval FALSE The operation failed.\r
532616bb 1556 @retval FALSE This interface is not supported.\r
b7d320f8 1557\r
1558**/\r
1559BOOLEAN\r
1560EFIAPI\r
1561X509ConstructCertificate (\r
1562 IN CONST UINT8 *Cert,\r
1563 IN UINTN CertSize,\r
1564 OUT UINT8 **SingleX509Cert\r
1565 );\r
1566\r
66862136
MK		 1567/**\r
1568 Construct a X509 stack object from a list of DER-encoded certificate data.\r
1569\r
1570 If X509Stack is NULL, then return FALSE.\r
1571 If this interface is not supported, then return FALSE.\r
1572\r
1573 @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object.\r
1574 On output, pointer to the X509 stack object with new\r
1575 inserted X509 certificate.\r
1576 @param[in] Args VA_LIST marker for the variable argument list.\r
1577 A list of DER-encoded single certificate data followed\r
1578 by certificate size. A NULL terminates the list. The\r
1579 pairs are the arguments to X509ConstructCertificate().\r
1580\r
1581 @retval TRUE The X509 stack construction succeeded.\r
1582 @retval FALSE The construction operation failed.\r
1583 @retval FALSE This interface is not supported.\r
1584\r
1585**/\r
1586BOOLEAN\r
1587EFIAPI\r
1588X509ConstructCertificateStackV (\r
1589 IN OUT UINT8 **X509Stack,\r
1590 IN VA_LIST Args\r
1591 );\r
1592\r
b7d320f8 1593/**\r
1594 Construct a X509 stack object from a list of DER-encoded certificate data.\r
1595\r
16d2c32c 1596 If X509Stack is NULL, then return FALSE.\r
532616bb 1597 If this interface is not supported, then return FALSE.\r
b7d320f8 1598\r
952bd229 1599 @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object.\r
b7d320f8 1600 On output, pointer to the X509 stack object with new\r
1601 inserted X509 certificate.\r
1602 @param ... A list of DER-encoded single certificate data followed\r
1603 by certificate size. A NULL terminates the list. The\r
1604 pairs are the arguments to X509ConstructCertificate().\r
2ac68e8b 1605\r
b7d320f8 1606 @retval TRUE The X509 stack construction succeeded.\r
1607 @retval FALSE The construction operation failed.\r
532616bb 1608 @retval FALSE This interface is not supported.\r
b7d320f8 1609\r
1610**/\r
1611BOOLEAN\r
1612EFIAPI\r
1613X509ConstructCertificateStack (\r
1614 IN OUT UINT8 **X509Stack,\r
2ac68e8b 1615 ...\r
b7d320f8 1616 );\r
1617\r
1618/**\r
1619 Release the specified X509 object.\r
1620\r
532616bb 1621 If the interface is not supported, then ASSERT().\r
b7d320f8 1622\r
1623 @param[in] X509Cert Pointer to the X509 object to be released.\r
1624\r
1625**/\r
1626VOID\r
1627EFIAPI\r
1628X509Free (\r
1629 IN VOID *X509Cert\r
1630 );\r
1631\r
1632/**\r
1633 Release the specified X509 stack object.\r
1634\r
532616bb 1635 If the interface is not supported, then ASSERT().\r
b7d320f8 1636\r
1637 @param[in] X509Stack Pointer to the X509 stack object to be released.\r
1638\r
1639**/\r
1640VOID\r
1641EFIAPI\r
1642X509StackFree (\r
1643 IN VOID *X509Stack\r
1644 );\r
1645\r
12d95665
LQ		 1646/**\r
1647 Retrieve the TBSCertificate from one given X.509 certificate.\r
1648\r
1649 @param[in] Cert Pointer to the given DER-encoded X509 certificate.\r
1650 @param[in] CertSize Size of the X509 certificate in bytes.\r
1651 @param[out] TBSCert DER-Encoded To-Be-Signed certificate.\r
1652 @param[out] TBSCertSize Size of the TBS certificate in bytes.\r
1653\r
1654 If Cert is NULL, then return FALSE.\r
1655 If TBSCert is NULL, then return FALSE.\r
1656 If TBSCertSize is NULL, then return FALSE.\r
1657 If this interface is not supported, then return FALSE.\r
1658\r
1659 @retval TRUE The TBSCertificate was retrieved successfully.\r
1660 @retval FALSE Invalid X.509 certificate.\r
1661\r
1662**/\r
1663BOOLEAN\r
1664EFIAPI\r
1665X509GetTBSCert (\r
1666 IN CONST UINT8 *Cert,\r
1667 IN UINTN CertSize,\r
1668 OUT UINT8 **TBSCert,\r
1669 OUT UINTN *TBSCertSize\r
1670 );\r
1671\r
a8f37449
QL		 1672/**\r
1673 Derives a key from a password using a salt and iteration count, based on PKCS#5 v2.0\r
1674 password based encryption key derivation function PBKDF2, as specified in RFC 2898.\r
1675\r
1676 If Password or Salt or OutKey is NULL, then return FALSE.\r
1677 If the hash algorithm could not be determined, then return FALSE.\r
1678 If this interface is not supported, then return FALSE.\r
1679\r
1680 @param[in] PasswordLength Length of input password in bytes.\r
1681 @param[in] Password Pointer to the array for the password.\r
1682 @param[in] SaltLength Size of the Salt in bytes.\r
1683 @param[in] Salt Pointer to the Salt.\r
1684 @param[in] IterationCount Number of iterations to perform. Its value should be\r
1685 greater than or equal to 1.\r
1686 @param[in] DigestSize Size of the message digest to be used (eg. SHA256_DIGEST_SIZE).\r
1687 NOTE: DigestSize will be used to determine the hash algorithm.\r
1688 Only SHA1_DIGEST_SIZE or SHA256_DIGEST_SIZE is supported.\r
1689 @param[in] KeyLength Size of the derived key buffer in bytes.\r
1690 @param[out] OutKey Pointer to the output derived key buffer.\r
1691\r
1692 @retval TRUE A key was derived successfully.\r
1693 @retval FALSE One of the pointers was NULL or one of the sizes was too large.\r
1694 @retval FALSE The hash algorithm could not be determined from the digest size.\r
1695 @retval FALSE The key derivation operation failed.\r
1696 @retval FALSE This interface is not supported.\r
1697\r
1698**/\r
1699BOOLEAN\r
1700EFIAPI\r
1701Pkcs5HashPassword (\r
1702 IN UINTN PasswordLength,\r
1703 IN CONST CHAR8 *Password,\r
1704 IN UINTN SaltLength,\r
1705 IN CONST UINT8 *Salt,\r
1706 IN UINTN IterationCount,\r
1707 IN UINTN DigestSize,\r
1708 IN UINTN KeyLength,\r
1709 OUT UINT8 *OutKey\r
1710 );\r
1711\r
aed90bee
BB		 1712/**\r
1713 Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the\r
1714 encrypted message in a newly allocated buffer.\r
1715\r
1716 Things that can cause a failure include:\r
1717 - X509 key size does not match any known key size.\r
1718 - Fail to parse X509 certificate.\r
1719 - Fail to allocate an intermediate buffer.\r
1720 - Null pointer provided for a non-optional parameter.\r
1721 - Data size is too large for the provided key size (max size is a function of key size\r
1722 and hash digest size).\r
1723\r
1724 @param[in] PublicKey A pointer to the DER-encoded X509 certificate that\r
1725 will be used to encrypt the data.\r
1726 @param[in] PublicKeySize Size of the X509 cert buffer.\r
1727 @param[in] InData Data to be encrypted.\r
1728 @param[in] InDataSize Size of the data buffer.\r
1729 @param[in] PrngSeed [Optional] If provided, a pointer to a random seed buffer\r
1730 to be used when initializing the PRNG. NULL otherwise.\r
1731 @param[in] PrngSeedSize [Optional] If provided, size of the random seed buffer.\r
1732 0 otherwise.\r
1733 @param[out] EncryptedData Pointer to an allocated buffer containing the encrypted\r
1734 message.\r
1735 @param[out] EncryptedDataSize Size of the encrypted message buffer.\r
1736\r
1737 @retval TRUE Encryption was successful.\r
1738 @retval FALSE Encryption failed.\r
1739\r
1740**/\r
1741BOOLEAN\r
1742EFIAPI\r
1743Pkcs1v2Encrypt (\r
1744 IN CONST UINT8 *PublicKey,\r
1745 IN UINTN PublicKeySize,\r
1746 IN UINT8 *InData,\r
1747 IN UINTN InDataSize,\r
1748 IN CONST UINT8 *PrngSeed, OPTIONAL\r
1749 IN UINTN PrngSeedSize, OPTIONAL\r
1750 OUT UINT8 **EncryptedData,\r
1751 OUT UINTN *EncryptedDataSize\r
1752 );\r
1753\r
3702637a 1754/**\r
1755 The 3rd parameter of Pkcs7GetSigners will return all embedded\r
1756 X.509 certificate in one given PKCS7 signature. The format is:\r
1757 //\r
1758 // UINT8 CertNumber;\r
1759 // UINT32 Cert1Length;\r
1760 // UINT8 Cert1[];\r
1761 // UINT32 Cert2Length;\r
1762 // UINT8 Cert2[];\r
1763 // ...\r
1764 // UINT32 CertnLength;\r
1765 // UINT8 Certn[];\r
1766 //\r
1767\r
1768 The two following C-structure are used for parsing CertStack more clearly.\r
1769**/\r
1770#pragma pack(1)\r
1771\r
1772typedef struct {\r
1773 UINT32 CertDataLength; // The length in bytes of X.509 certificate.\r
1774 UINT8 CertDataBuffer[0]; // The X.509 certificate content (DER).\r
1775} EFI_CERT_DATA;\r
1776\r
1777typedef struct {\r
1778 UINT8 CertNumber; // Number of X.509 certificate.\r
1779 //EFI_CERT_DATA CertArray[]; // An array of X.509 certificate.\r
1780} EFI_CERT_STACK;\r
1781\r
1782#pragma pack()\r
1783\r
e8b4eb04 1784/**\r
1785 Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:\r
1786 Cryptographic Message Syntax Standard". The input signed data could be wrapped\r
1787 in a ContentInfo structure.\r
1788\r
1789 If P7Data, CertStack, StackLength, TrustedCert or CertLength is NULL, then\r
2998af86 1790 return FALSE. If P7Length overflow, then return FALSE.\r
532616bb 1791 If this interface is not supported, then return FALSE.\r
e8b4eb04 1792\r
1793 @param[in] P7Data Pointer to the PKCS#7 message to verify.\r
1794 @param[in] P7Length Length of the PKCS#7 message in bytes.\r
1795 @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.\r
6fe575d0
LQ		 1796 It's caller's responsibility to free the buffer with\r
1797 Pkcs7FreeSigners().\r
3702637a 1798 This data structure is EFI_CERT_STACK type.\r
e8b4eb04 1799 @param[out] StackLength Length of signer's certificates in bytes.\r
1800 @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.\r
6fe575d0
LQ		 1801 It's caller's responsibility to free the buffer with\r
1802 Pkcs7FreeSigners().\r
e8b4eb04 1803 @param[out] CertLength Length of the trusted certificate in bytes.\r
1804\r
1805 @retval TRUE The operation is finished successfully.\r
1806 @retval FALSE Error occurs during the operation.\r
532616bb 1807 @retval FALSE This interface is not supported.\r
e8b4eb04 1808\r
1809**/\r
1810BOOLEAN\r
1811EFIAPI\r
1812Pkcs7GetSigners (\r
1813 IN CONST UINT8 *P7Data,\r
1814 IN UINTN P7Length,\r
1815 OUT UINT8 **CertStack,\r
1816 OUT UINTN *StackLength,\r
1817 OUT UINT8 **TrustedCert,\r
1818 OUT UINTN *CertLength\r
1819 );\r
1820\r
1821/**\r
1822 Wrap function to use free() to free allocated memory for certificates.\r
1823\r
532616bb 1824 If this interface is not supported, then ASSERT().\r
1825\r
e8b4eb04 1826 @param[in] Certs Pointer to the certificates to be freed.\r
1827\r
1828**/\r
1829VOID\r
1830EFIAPI\r
1831Pkcs7FreeSigners (\r
1832 IN UINT8 *Certs\r
45419de6
QL		 1833 );\r
1834\r
1835/**\r
1836 Retrieves all embedded certificates from PKCS#7 signed data as described in "PKCS #7:\r
1837 Cryptographic Message Syntax Standard", and outputs two certificate lists chained and\r
1838 unchained to the signer's certificates.\r
1839 The input signed data could be wrapped in a ContentInfo structure.\r
1840\r
1841 @param[in] P7Data Pointer to the PKCS#7 message.\r
1842 @param[in] P7Length Length of the PKCS#7 message in bytes.\r
0f5f6b3d 1843 @param[out] SignerChainCerts Pointer to the certificates list chained to signer's\r
6fe575d0
LQ		 1844 certificate. It's caller's responsibility to free the buffer\r
1845 with Pkcs7FreeSigners().\r
3702637a 1846 This data structure is EFI_CERT_STACK type.\r
45419de6
QL		 1847 @param[out] ChainLength Length of the chained certificates list buffer in bytes.\r
1848 @param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's\r
6fe575d0 1849 responsibility to free the buffer with Pkcs7FreeSigners().\r
3702637a 1850 This data structure is EFI_CERT_STACK type.\r
45419de6
QL		 1851 @param[out] UnchainLength Length of the unchained certificates list buffer in bytes.\r
1852\r
1853 @retval TRUE The operation is finished successfully.\r
1854 @retval FALSE Error occurs during the operation.\r
1855\r
1856**/\r
1857BOOLEAN\r
1858EFIAPI\r
1859Pkcs7GetCertificatesList (\r
1860 IN CONST UINT8 *P7Data,\r
1861 IN UINTN P7Length,\r
1862 OUT UINT8 **SignerChainCerts,\r
1863 OUT UINTN *ChainLength,\r
1864 OUT UINT8 **UnchainCerts,\r
1865 OUT UINTN *UnchainLength\r
e8b4eb04 1866 );\r
1867\r
b7d320f8 1868/**\r
1869 Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message\r
1870 Syntax Standard, version 1.5". This interface is only intended to be used for\r
1871 application to perform PKCS#7 functionality validation.\r
1872\r
532616bb 1873 If this interface is not supported, then return FALSE.\r
1874\r
b7d320f8 1875 @param[in] PrivateKey Pointer to the PEM-formatted private key data for\r
1876 data signing.\r
1877 @param[in] PrivateKeySize Size of the PEM private key data in bytes.\r
1878 @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM\r
1879 key data.\r
1880 @param[in] InData Pointer to the content to be signed.\r
1881 @param[in] InDataSize Size of InData in bytes.\r
1882 @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with.\r
1883 @param[in] OtherCerts Pointer to an optional additional set of certificates to\r
1884 include in the PKCS#7 signedData (e.g. any intermediate\r
1885 CAs in the chain).\r
6fe575d0
LQ		 1886 @param[out] SignedData Pointer to output PKCS#7 signedData. It's caller's\r
1887 responsibility to free the buffer with FreePool().\r
b7d320f8 1888 @param[out] SignedDataSize Size of SignedData in bytes.\r
1889\r
1890 @retval TRUE PKCS#7 data signing succeeded.\r
1891 @retval FALSE PKCS#7 data signing failed.\r
532616bb 1892 @retval FALSE This interface is not supported.\r
b7d320f8 1893\r
1894**/\r
1895BOOLEAN\r
1896EFIAPI\r
1897Pkcs7Sign (\r
1898 IN CONST UINT8 *PrivateKey,\r
1899 IN UINTN PrivateKeySize,\r
1900 IN CONST UINT8 *KeyPassword,\r
1901 IN UINT8 *InData,\r
1902 IN UINTN InDataSize,\r
1903 IN UINT8 *SignCert,\r
1904 IN UINT8 *OtherCerts OPTIONAL,\r
1905 OUT UINT8 **SignedData,\r
1906 OUT UINTN *SignedDataSize\r
1907 );\r
1908\r
97f98500 1909/**\r
2998af86 1910 Verifies the validity of a PKCS#7 signed data as described in "PKCS #7:\r
e8b4eb04 1911 Cryptographic Message Syntax Standard". The input signed data could be wrapped\r
1912 in a ContentInfo structure.\r
97f98500 1913\r
e8b4eb04 1914 If P7Data, TrustedCert or InData is NULL, then return FALSE.\r
2998af86 1915 If P7Length, CertLength or DataLength overflow, then return FALSE.\r
532616bb 1916 If this interface is not supported, then return FALSE.\r
97f98500
HT		 1917\r
1918 @param[in] P7Data Pointer to the PKCS#7 message to verify.\r
e8b4eb04 1919 @param[in] P7Length Length of the PKCS#7 message in bytes.\r
97f98500
HT		 1920 @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which\r
1921 is used for certificate chain verification.\r
e8b4eb04 1922 @param[in] CertLength Length of the trusted certificate in bytes.\r
97f98500 1923 @param[in] InData Pointer to the content to be verified.\r
e8b4eb04 1924 @param[in] DataLength Length of InData in bytes.\r
97f98500 1925\r
a8c44645 1926 @retval TRUE The specified PKCS#7 signed data is valid.\r
1927 @retval FALSE Invalid PKCS#7 signed data.\r
532616bb 1928 @retval FALSE This interface is not supported.\r
97f98500
HT		 1929\r
1930**/\r
1931BOOLEAN\r
1932EFIAPI\r
1933Pkcs7Verify (\r
1934 IN CONST UINT8 *P7Data,\r
e8b4eb04 1935 IN UINTN P7Length,\r
97f98500 1936 IN CONST UINT8 *TrustedCert,\r
e8b4eb04 1937 IN UINTN CertLength,\r
97f98500 1938 IN CONST UINT8 *InData,\r
e8b4eb04 1939 IN UINTN DataLength\r
a8c44645 1940 );\r
1941\r
1796a394
BB		 1942/**\r
1943 This function receives a PKCS7 formatted signature, and then verifies that\r
1944 the specified Enhanced or Extended Key Usages (EKU's) are present in the end-entity\r
1945 leaf signing certificate.\r
1946 Note that this function does not validate the certificate chain.\r
1947\r
1948 Applications for custom EKU's are quite flexible. For example, a policy EKU\r
1949 may be present in an Issuing Certificate Authority (CA), and any sub-ordinate\r
1950 certificate issued might also contain this EKU, thus constraining the\r
1951 sub-ordinate certificate. Other applications might allow a certificate\r
1952 embedded in a device to specify that other Object Identifiers (OIDs) are\r
1953 present which contains binary data specifying custom capabilities that\r
1954 the device is able to do.\r
1955\r
1956 @param[in] Pkcs7Signature The PKCS#7 signed information content block. An array\r
1957 containing the content block with both the signature,\r
1958 the signer's certificate, and any necessary intermediate\r
1959 certificates.\r
1960 @param[in] Pkcs7SignatureSize Number of bytes in Pkcs7Signature.\r
1961 @param[in] RequiredEKUs Array of null-terminated strings listing OIDs of\r
1962 required EKUs that must be present in the signature.\r
1963 @param[in] RequiredEKUsSize Number of elements in the RequiredEKUs string array.\r
1964 @param[in] RequireAllPresent If this is TRUE, then all of the specified EKU's\r
1965 must be present in the leaf signer. If it is\r
1966 FALSE, then we will succeed if we find any\r
1967 of the specified EKU's.\r
1968\r
1969 @retval EFI_SUCCESS The required EKUs were found in the signature.\r
1970 @retval EFI_INVALID_PARAMETER A parameter was invalid.\r
1971 @retval EFI_NOT_FOUND One or more EKU's were not found in the signature.\r
1972\r
1973**/\r
1974RETURN_STATUS\r
1975EFIAPI\r
1976VerifyEKUsInPkcs7Signature (\r
1977 IN CONST UINT8 *Pkcs7Signature,\r
1978 IN CONST UINT32 SignatureSize,\r
1979 IN CONST CHAR8 *RequiredEKUs[],\r
1980 IN CONST UINT32 RequiredEKUsSize,\r
1981 IN BOOLEAN RequireAllPresent\r
1982 );\r
1983\r
afeb55e4
QL		 1984/**\r
1985 Extracts the attached content from a PKCS#7 signed data if existed. The input signed\r
1986 data could be wrapped in a ContentInfo structure.\r
1987\r
1988 If P7Data, Content, or ContentSize is NULL, then return FALSE. If P7Length overflow,\r
2998af86 1989 then return FALSE. If the P7Data is not correctly formatted, then return FALSE.\r
afeb55e4
QL		 1990\r
1991 Caution: This function may receive untrusted input. So this function will do\r
1992 basic check for PKCS#7 data structure.\r
1993\r
1994 @param[in] P7Data Pointer to the PKCS#7 signed data to process.\r
1995 @param[in] P7Length Length of the PKCS#7 signed data in bytes.\r
1996 @param[out] Content Pointer to the extracted content from the PKCS#7 signedData.\r
6fe575d0 1997 It's caller's responsibility to free the buffer with FreePool().\r
afeb55e4
QL		 1998 @param[out] ContentSize The size of the extracted content in bytes.\r
1999\r
2000 @retval TRUE The P7Data was correctly formatted for processing.\r
2001 @retval FALSE The P7Data was not correctly formatted for processing.\r
2002\r
0c9fc4b1 2003**/\r
afeb55e4
QL		 2004BOOLEAN\r
2005EFIAPI\r
2006Pkcs7GetAttachedContent (\r
2007 IN CONST UINT8 *P7Data,\r
2008 IN UINTN P7Length,\r
2009 OUT VOID **Content,\r
2010 OUT UINTN *ContentSize\r
2011 );\r
2012\r
b7d320f8 2013/**\r
2998af86 2014 Verifies the validity of a PE/COFF Authenticode Signature as described in "Windows\r
b7d320f8 2015 Authenticode Portable Executable Signature Format".\r
2016\r
16d2c32c 2017 If AuthData is NULL, then return FALSE.\r
2018 If ImageHash is NULL, then return FALSE.\r
532616bb 2019 If this interface is not supported, then return FALSE.\r
b7d320f8 2020\r
2021 @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed\r
2022 PE/COFF image to be verified.\r
2023 @param[in] DataSize Size of the Authenticode Signature in bytes.\r
2024 @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which\r
2025 is used for certificate chain verification.\r
2026 @param[in] CertSize Size of the trusted certificate in bytes.\r
2998af86 2027 @param[in] ImageHash Pointer to the original image file hash value. The procedure\r
b7d320f8 2028 for calculating the image hash value is described in Authenticode\r
2029 specification.\r
2030 @param[in] HashSize Size of Image hash value in bytes.\r
2031\r
2032 @retval TRUE The specified Authenticode Signature is valid.\r
2033 @retval FALSE Invalid Authenticode Signature.\r
532616bb 2034 @retval FALSE This interface is not supported.\r
b7d320f8 2035\r
2036**/\r
2037BOOLEAN\r
2038EFIAPI\r
2039AuthenticodeVerify (\r
2040 IN CONST UINT8 *AuthData,\r
2041 IN UINTN DataSize,\r
2042 IN CONST UINT8 *TrustedCert,\r
2043 IN UINTN CertSize,\r
2044 IN CONST UINT8 *ImageHash,\r
2045 IN UINTN HashSize\r
2046 );\r
2047\r
2ac68e8b 2048/**\r
2998af86 2049 Verifies the validity of a RFC3161 Timestamp CounterSignature embedded in PE/COFF Authenticode\r
2ac68e8b
QL		 2050 signature.\r
2051\r
2052 If AuthData is NULL, then return FALSE.\r
12d95665 2053 If this interface is not supported, then return FALSE.\r
2ac68e8b
QL		 2054\r
2055 @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed\r
2056 PE/COFF image to be verified.\r
2057 @param[in] DataSize Size of the Authenticode Signature in bytes.\r
2058 @param[in] TsaCert Pointer to a trusted/root TSA certificate encoded in DER, which\r
2059 is used for TSA certificate chain verification.\r
2060 @param[in] CertSize Size of the trusted certificate in bytes.\r
2061 @param[out] SigningTime Return the time of timestamp generation time if the timestamp\r
2062 signature is valid.\r
2063\r
2064 @retval TRUE The specified Authenticode includes a valid RFC3161 Timestamp CounterSignature.\r
2065 @retval FALSE No valid RFC3161 Timestamp CounterSignature in the specified Authenticode data.\r
2066\r
2067**/\r
2068BOOLEAN\r
2069EFIAPI\r
2070ImageTimestampVerify (\r
2071 IN CONST UINT8 *AuthData,\r
2072 IN UINTN DataSize,\r
2073 IN CONST UINT8 *TsaCert,\r
2074 IN UINTN CertSize,\r
2075 OUT EFI_TIME *SigningTime\r
2076 );\r
2077\r
a8c44645 2078//=====================================================================================\r
2079// DH Key Exchange Primitive\r
2080//=====================================================================================\r
2081\r
2082/**\r
2083 Allocates and Initializes one Diffie-Hellman Context for subsequent use.\r
2084\r
2085 @return Pointer to the Diffie-Hellman Context that has been initialized.\r
2086 If the allocations fails, DhNew() returns NULL.\r
532616bb 2087 If the interface is not supported, DhNew() returns NULL.\r
a8c44645 2088\r
2089**/\r
2090VOID *\r
2091EFIAPI\r
2092DhNew (\r
2093 VOID\r
2094 );\r
2095\r
2096/**\r
2097 Release the specified DH context.\r
2098\r
532616bb 2099 If the interface is not supported, then ASSERT().\r
a8c44645 2100\r
2101 @param[in] DhContext Pointer to the DH context to be released.\r
2102\r
2103**/\r
2104VOID\r
2105EFIAPI\r
2106DhFree (\r
2107 IN VOID *DhContext\r
2108 );\r
2109\r
2110/**\r
2111 Generates DH parameter.\r
2112\r
2113 Given generator g, and length of prime number p in bits, this function generates p,\r
2114 and sets DH context according to value of g and p.\r
2ac68e8b 2115\r
a8c44645 2116 Before this function can be invoked, pseudorandom number generator must be correctly\r
2117 initialized by RandomSeed().\r
2118\r
16d2c32c 2119 If DhContext is NULL, then return FALSE.\r
2120 If Prime is NULL, then return FALSE.\r
532616bb 2121 If this interface is not supported, then return FALSE.\r
a8c44645 2122\r
2123 @param[in, out] DhContext Pointer to the DH context.\r
2124 @param[in] Generator Value of generator.\r
2125 @param[in] PrimeLength Length in bits of prime to be generated.\r
2126 @param[out] Prime Pointer to the buffer to receive the generated prime number.\r
2127\r
2998af86 2128 @retval TRUE DH parameter generation succeeded.\r
a8c44645 2129 @retval FALSE Value of Generator is not supported.\r
2130 @retval FALSE PRNG fails to generate random prime number with PrimeLength.\r
532616bb 2131 @retval FALSE This interface is not supported.\r
a8c44645 2132\r
2133**/\r
2134BOOLEAN\r
2135EFIAPI\r
2136DhGenerateParameter (\r
2137 IN OUT VOID *DhContext,\r
2138 IN UINTN Generator,\r
2139 IN UINTN PrimeLength,\r
2140 OUT UINT8 *Prime\r
2141 );\r
2142\r
2143/**\r
2144 Sets generator and prime parameters for DH.\r
2145\r
2146 Given generator g, and prime number p, this function and sets DH\r
2147 context accordingly.\r
2148\r
16d2c32c 2149 If DhContext is NULL, then return FALSE.\r
2150 If Prime is NULL, then return FALSE.\r
532616bb 2151 If this interface is not supported, then return FALSE.\r
a8c44645 2152\r
2153 @param[in, out] DhContext Pointer to the DH context.\r
2154 @param[in] Generator Value of generator.\r
2155 @param[in] PrimeLength Length in bits of prime to be generated.\r
2156 @param[in] Prime Pointer to the prime number.\r
2157\r
2998af86 2158 @retval TRUE DH parameter setting succeeded.\r
a8c44645 2159 @retval FALSE Value of Generator is not supported.\r
2160 @retval FALSE Value of Generator is not suitable for the Prime.\r
2161 @retval FALSE Value of Prime is not a prime number.\r
2162 @retval FALSE Value of Prime is not a safe prime number.\r
532616bb 2163 @retval FALSE This interface is not supported.\r
a8c44645 2164\r
2165**/\r
2166BOOLEAN\r
2167EFIAPI\r
2168DhSetParameter (\r
2169 IN OUT VOID *DhContext,\r
2170 IN UINTN Generator,\r
2171 IN UINTN PrimeLength,\r
2172 IN CONST UINT8 *Prime\r
97f98500
HT		 2173 );\r
2174\r
a8c44645 2175/**\r
2176 Generates DH public key.\r
2177\r
2ac68e8b 2178 This function generates random secret exponent, and computes the public key, which is\r
a8c44645 2179 returned via parameter PublicKey and PublicKeySize. DH context is updated accordingly.\r
2180 If the PublicKey buffer is too small to hold the public key, FALSE is returned and\r
2181 PublicKeySize is set to the required buffer size to obtain the public key.\r
2182\r
16d2c32c 2183 If DhContext is NULL, then return FALSE.\r
2184 If PublicKeySize is NULL, then return FALSE.\r
2185 If PublicKeySize is large enough but PublicKey is NULL, then return FALSE.\r
532616bb 2186 If this interface is not supported, then return FALSE.\r
a8c44645 2187\r
2188 @param[in, out] DhContext Pointer to the DH context.\r
2189 @param[out] PublicKey Pointer to the buffer to receive generated public key.\r
2190 @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes.\r
2191 On output, the size of data returned in PublicKey buffer in bytes.\r
2192\r
2193 @retval TRUE DH public key generation succeeded.\r
2194 @retval FALSE DH public key generation failed.\r
2195 @retval FALSE PublicKeySize is not large enough.\r
532616bb 2196 @retval FALSE This interface is not supported.\r
a8c44645 2197\r
2198**/\r
2199BOOLEAN\r
2200EFIAPI\r
2201DhGenerateKey (\r
2202 IN OUT VOID *DhContext,\r
2203 OUT UINT8 *PublicKey,\r
2204 IN OUT UINTN *PublicKeySize\r
2205 );\r
2206\r
2207/**\r
2208 Computes exchanged common key.\r
2209\r
2210 Given peer's public key, this function computes the exchanged common key, based on its own\r
dda39f3a 2211 context including value of prime modulus and random secret exponent.\r
a8c44645 2212\r
16d2c32c 2213 If DhContext is NULL, then return FALSE.\r
2214 If PeerPublicKey is NULL, then return FALSE.\r
2215 If KeySize is NULL, then return FALSE.\r
dda39f3a 2216 If Key is NULL, then return FALSE.\r
2217 If KeySize is not large enough, then return FALSE.\r
532616bb 2218 If this interface is not supported, then return FALSE.\r
a8c44645 2219\r
2220 @param[in, out] DhContext Pointer to the DH context.\r
2221 @param[in] PeerPublicKey Pointer to the peer's public key.\r
2222 @param[in] PeerPublicKeySize Size of peer's public key in bytes.\r
2223 @param[out] Key Pointer to the buffer to receive generated key.\r
2224 @param[in, out] KeySize On input, the size of Key buffer in bytes.\r
2225 On output, the size of data returned in Key buffer in bytes.\r
2226\r
2227 @retval TRUE DH exchanged key generation succeeded.\r
2228 @retval FALSE DH exchanged key generation failed.\r
2229 @retval FALSE KeySize is not large enough.\r
532616bb 2230 @retval FALSE This interface is not supported.\r
a8c44645 2231\r
2232**/\r
2233BOOLEAN\r
2234EFIAPI\r
2235DhComputeKey (\r
2236 IN OUT VOID *DhContext,\r
2237 IN CONST UINT8 *PeerPublicKey,\r
2238 IN UINTN PeerPublicKeySize,\r
2239 OUT UINT8 *Key,\r
2240 IN OUT UINTN *KeySize\r
2241 );\r
2242\r
2243//=====================================================================================\r
2244// Pseudo-Random Generation Primitive\r
2245//=====================================================================================\r
2246\r
2247/**\r
2248 Sets up the seed value for the pseudorandom number generator.\r
2249\r
2250 This function sets up the seed value for the pseudorandom number generator.\r
2251 If Seed is not NULL, then the seed passed in is used.\r
2252 If Seed is NULL, then default seed is used.\r
532616bb 2253 If this interface is not supported, then return FALSE.\r
a8c44645 2254\r
2255 @param[in] Seed Pointer to seed value.\r
2256 If NULL, default seed is used.\r
2257 @param[in] SeedSize Size of seed value.\r
2258 If Seed is NULL, this parameter is ignored.\r
2259\r
2260 @retval TRUE Pseudorandom number generator has enough entropy for random generation.\r
2261 @retval FALSE Pseudorandom number generator does not have enough entropy for random generation.\r
532616bb 2262 @retval FALSE This interface is not supported.\r
a8c44645 2263\r
2264**/\r
2265BOOLEAN\r
2266EFIAPI\r
2267RandomSeed (\r
2268 IN CONST UINT8 *Seed OPTIONAL,\r
2269 IN UINTN SeedSize\r
2270 );\r
2271\r
2272/**\r
2273 Generates a pseudorandom byte stream of the specified size.\r
2274\r
16d2c32c 2275 If Output is NULL, then return FALSE.\r
532616bb 2276 If this interface is not supported, then return FALSE.\r
a8c44645 2277\r
2278 @param[out] Output Pointer to buffer to receive random value.\r
2998af86 2279 @param[in] Size Size of random bytes to generate.\r
a8c44645 2280\r
2281 @retval TRUE Pseudorandom byte stream generated successfully.\r
2282 @retval FALSE Pseudorandom number generator fails to generate due to lack of entropy.\r
532616bb 2283 @retval FALSE This interface is not supported.\r
a8c44645 2284\r
2285**/\r
2286BOOLEAN\r
2287EFIAPI\r
2288RandomBytes (\r
2289 OUT UINT8 *Output,\r
2290 IN UINTN Size\r
2291 );\r
97f98500 2292\r
4b1b7c19
GW		 2293//=====================================================================================\r
2294// Key Derivation Function Primitive\r
2295//=====================================================================================\r
2296\r
2297/**\r
2298 Derive key data using HMAC-SHA256 based KDF.\r
2299\r
2300 @param[in] Key Pointer to the user-supplied key.\r
2301 @param[in] KeySize Key size in bytes.\r
2302 @param[in] Salt Pointer to the salt(non-secret) value.\r
2303 @param[in] SaltSize Salt size in bytes.\r
2304 @param[in] Info Pointer to the application specific info.\r
2305 @param[in] InfoSize Info size in bytes.\r
944bd5cf 2306 @param[out] Out Pointer to buffer to receive hkdf value.\r
4b1b7c19
GW		 2307 @param[in] OutSize Size of hkdf bytes to generate.\r
2308\r
2309 @retval TRUE Hkdf generated successfully.\r
2310 @retval FALSE Hkdf generation failed.\r
2311\r
2312**/\r
2313BOOLEAN\r
2314EFIAPI\r
2315HkdfSha256ExtractAndExpand (\r
2316 IN CONST UINT8 *Key,\r
2317 IN UINTN KeySize,\r
2318 IN CONST UINT8 *Salt,\r
2319 IN UINTN SaltSize,\r
2320 IN CONST UINT8 *Info,\r
2321 IN UINTN InfoSize,\r
2322 OUT UINT8 *Out,\r
2323 IN UINTN OutSize\r
2324 );\r
2325\r
afeb55e4 2326#endif // __BASE_CRYPT_LIB_H__\r
EFI Development Kit II mirror for PVE