2 Common interfaces to call Security library.
4 Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
6 SPDX-License-Identifier: BSD-2-Clause-Patent
10 #include "IpSecCryptIo.h"
12 // The informations for the supported Encrypt/Decrpt Alogrithm.
14 GLOBAL_REMOVE_IF_UNREFERENCED ENCRYPT_ALGORITHM mIpsecEncryptAlgorithmList
[IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE
] = {
15 {IKE_EALG_NULL
, 0, 0, 1, NULL
, NULL
, NULL
, NULL
},
16 {IKE_EALG_NONE
, 0, 0, 1, NULL
, NULL
, NULL
, NULL
},
17 {IKE_EALG_3DESCBC
, 24, 8, 8, TdesGetContextSize
, TdesInit
, TdesCbcEncrypt
, TdesCbcDecrypt
},
18 {IKE_EALG_AESCBC
, 16, 16, 16, AesGetContextSize
, AesInit
, AesCbcEncrypt
, AesCbcDecrypt
}
22 // The informations for the supported Authentication algorithm
24 GLOBAL_REMOVE_IF_UNREFERENCED AUTH_ALGORITHM mIpsecAuthAlgorithmList
[IPSEC_AUTH_ALGORITHM_LIST_SIZE
] = {
25 {IKE_AALG_NONE
, 0, 0, 0, NULL
, NULL
, NULL
, NULL
},
26 {IKE_AALG_NULL
, 0, 0, 0, NULL
, NULL
, NULL
, NULL
},
27 {IKE_AALG_SHA1HMAC
, 20, 12, 64, HmacSha1GetContextSize
, HmacSha1Init
, HmacSha1Update
, HmacSha1Final
}
31 // The information for the supported Hash aglorithm
33 GLOBAL_REMOVE_IF_UNREFERENCED HASH_ALGORITHM mIpsecHashAlgorithmList
[IPSEC_HASH_ALGORITHM_LIST_SIZE
] = {
34 {IKE_AALG_NONE
, 0, 0, 0, NULL
, NULL
, NULL
, NULL
},
35 {IKE_AALG_NULL
, 0, 0, 0, NULL
, NULL
, NULL
, NULL
},
36 {IKE_AALG_SHA1HMAC
, 20, 12, 64, Sha1GetContextSize
, Sha1Init
, Sha1Update
, Sha1Final
}
39 BOOLEAN mInitialRandomSeed
= FALSE
;
42 Get the block size of specified encryption algorithm.
44 @param[in] AlgorithmId The encryption algorithm ID.
46 @return The value of block size.
50 IpSecGetEncryptBlockSize (
56 for (Index
= 0; Index
< IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE
; Index
++) {
57 if (AlgorithmId
== mIpsecEncryptAlgorithmList
[Index
].AlgorithmId
) {
58 return mIpsecEncryptAlgorithmList
[Index
].BlockSize
;
66 Get the key length of the specified encryption algorithm.
68 @param[in] AlgorithmId The encryption algorithm ID.
70 @return The value of key length.
74 IpSecGetEncryptKeyLength (
80 for (Index
= 0; Index
< IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE
; Index
++) {
81 if (AlgorithmId
== mIpsecEncryptAlgorithmList
[Index
].AlgorithmId
) {
82 return mIpsecEncryptAlgorithmList
[Index
].KeyLength
;
90 Get the IV size of the specified encryption algorithm.
92 @param[in] AlgorithmId The encryption algorithm ID.
94 @return The value of IV size.
98 IpSecGetEncryptIvLength (
104 for (Index
= 0; Index
< IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE
; Index
++) {
105 if (AlgorithmId
== mIpsecEncryptAlgorithmList
[Index
].AlgorithmId
) {
106 return mIpsecEncryptAlgorithmList
[Index
].IvLength
;
114 Get the HMAC digest length by the specified Algorithm ID.
116 @param[in] AlgorithmId The specified Alogrithm ID.
118 @return The digest length of the specified Authentication Algorithm ID.
122 IpSecGetHmacDigestLength (
128 for (Index
= 0; Index
< IPSEC_AUTH_ALGORITHM_LIST_SIZE
; Index
++) {
129 if (mIpsecAuthAlgorithmList
[Index
].AlgorithmId
== AlgorithmId
) {
131 // Return the Digest Length of the Algorithm.
133 return mIpsecAuthAlgorithmList
[Index
].DigestLength
;
141 Get the ICV size of the specified Authenticaion algorithm.
143 @param[in] AlgorithmId The Authentication algorithm ID.
145 @return The value of ICV size.
155 for (Index
= 0; Index
< IPSEC_AUTH_ALGORITHM_LIST_SIZE
; Index
++) {
156 if (AlgorithmId
== mIpsecAuthAlgorithmList
[Index
].AlgorithmId
) {
157 return mIpsecAuthAlgorithmList
[Index
].IcvLength
;
165 Generate a random data for IV. If the IvSize is zero, not needed to create
166 IV and return EFI_SUCCESS.
168 @param[in] IvBuffer The pointer of the IV buffer.
169 @param[in] IvSize The IV size in bytes.
171 @retval EFI_SUCCESS Create a random data for IV.
181 return IpSecCryptoIoGenerateRandomBytes (IvBuffer
, IvSize
);
188 Get index of the specified encryption algorithm from the mIpsecEncryptAlgorithmList.
190 @param[in] AlgorithmId The encryption algorithm ID.
196 IpSecGetIndexFromEncList (
202 for (Index
= 0; Index
< IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE
; Index
++) {
203 if (AlgorithmId
== mIpsecEncryptAlgorithmList
[Index
].AlgorithmId
) {
212 Get index of the specified encryption algorithm from the mIpsecAuthAlgorithmList.
214 @param[in] AlgorithmId The encryption algorithm ID.
220 IpSecGetIndexFromAuthList (
226 for (Index
= 0; Index
< IPSEC_AUTH_ALGORITHM_LIST_SIZE
; Index
++) {
227 if (AlgorithmId
== mIpsecAuthAlgorithmList
[Index
].AlgorithmId
) {
229 // The BlockSize is same with IvSize.
241 This function calls relevant encryption interface from CryptoLib according to
242 the input algorithm ID. The InData should be multiple of block size. This function
243 doesn't perform the padding. If it has the Ivec data, the length of it should be
244 same with the block size. The block size is different from the different algorithm.
246 @param[in] AlgorithmId The Algorithm identification defined in RFC.
247 @param[in] Key Pointer to the buffer containing encrypting key.
248 @param[in] KeyBits The length of the key in bits.
249 @param[in] Ivec Point to the buffer containing the Initialization
251 @param[in] InData Point to the buffer containing the data to be
253 @param[in] InDataLength The length of InData in Bytes.
254 @param[out] OutData Point to the buffer that receives the encryption
257 @retval EFI_UNSUPPORTED The input Algorithm is not supported.
258 @retval EFI_OUT_OF_RESOURCE The required resource can't be allocated.
259 @retval EFI_SUCCESS The operation completed successfully.
263 IpSecCryptoIoEncrypt (
264 IN CONST UINT8 AlgorithmId
,
266 IN CONST UINTN KeyBits
,
267 IN CONST UINT8
*Ivec
, OPTIONAL
269 IN UINTN InDataLength
,
278 Status
= EFI_UNSUPPORTED
;
280 switch (AlgorithmId
) {
284 CopyMem (OutData
, InData
, InDataLength
);
287 case IKE_EALG_3DESCBC
:
288 case IKE_EALG_AESCBC
:
289 Index
= IpSecGetIndexFromEncList (AlgorithmId
);
296 ContextSize
= mIpsecEncryptAlgorithmList
[Index
].CipherGetContextSize ();
297 Context
= AllocateZeroPool (ContextSize
);
299 if (Context
== NULL
) {
300 return EFI_OUT_OF_RESOURCES
;
305 if (mIpsecEncryptAlgorithmList
[Index
].CipherInitiate (Context
, Key
, KeyBits
)) {
306 if (mIpsecEncryptAlgorithmList
[Index
].CipherEncrypt (Context
, InData
, InDataLength
, Ivec
, OutData
)) {
307 Status
= EFI_SUCCESS
;
317 if (Context
!= NULL
) {
327 This function calls relevant Decryption interface from CryptoLib according to
328 the input algorithm ID. The InData should be multiple of block size. This function
329 doesn't perform the padding. If it has the Ivec data, the length of it should be
330 same with the block size. The block size is different from the different algorithm.
332 @param[in] AlgorithmId The Algorithm identification defined in RFC.
333 @param[in] Key Pointer to the buffer containing encrypting key.
334 @param[in] KeyBits The length of the key in bits.
335 @param[in] Ivec Point to the buffer containing the Initialization
337 @param[in] InData Point to the buffer containing the data to be
339 @param[in] InDataLength The length of InData in Bytes.
340 @param[out] OutData Pointer to the buffer that receives the decryption
343 @retval EFI_UNSUPPORTED The input Algorithm is not supported.
344 @retval EFI_OUT_OF_RESOURCE The required resource can't be allocated.
345 @retval EFI_SUCCESS The operation completed successfully.
349 IpSecCryptoIoDecrypt (
350 IN CONST UINT8 AlgorithmId
,
352 IN CONST UINTN KeyBits
,
353 IN CONST UINT8
*Ivec
, OPTIONAL
355 IN UINTN InDataLength
,
364 Status
= EFI_UNSUPPORTED
;
366 switch (AlgorithmId
) {
370 CopyMem (OutData
, InData
, InDataLength
);
373 case IKE_EALG_3DESCBC
:
374 case IKE_EALG_AESCBC
:
375 Index
= IpSecGetIndexFromEncList(AlgorithmId
);
383 ContextSize
= mIpsecEncryptAlgorithmList
[Index
].CipherGetContextSize();
384 Context
= AllocateZeroPool (ContextSize
);
385 if (Context
== NULL
) {
386 return EFI_OUT_OF_RESOURCES
;
392 if (mIpsecEncryptAlgorithmList
[Index
].CipherInitiate (Context
, Key
, KeyBits
)) {
393 if (mIpsecEncryptAlgorithmList
[Index
].CipherDecrypt (Context
, InData
, InDataLength
, Ivec
, OutData
)) {
394 Status
= EFI_SUCCESS
;
403 if (Context
!= NULL
) {
411 Digests the Payload with key and store the result into the OutData.
413 This function calls relevant Hmac interface from CryptoLib according to
414 the input algorithm ID. It computes all datas from InDataFragment and output
415 the result into the OutData buffer. If the OutDataSize is larger than the related
416 HMAC algorithm output size, return EFI_INVALID_PARAMETER.
418 @param[in] AlgorithmId The authentication Identification.
419 @param[in] Key Pointer of the authentication key.
420 @param[in] KeyLength The length of the Key in bytes.
421 @param[in] InDataFragment The list contains all data to be authenticated.
422 @param[in] FragmentCount The size of the InDataFragment.
423 @param[out] OutData For in, the buffer to receive the output data.
424 For out, the buffer contains the authenticated data.
425 @param[in] OutDataSize The size of the buffer of OutData.
427 @retval EFI_UNSUPPORTED If the AuthAlg is not in the support list.
428 @retval EFI_INVALID_PARAMETER The OutData buffer size is larger than algorithm digest size.
429 @retval EFI_SUCCESS Authenticate the payload successfully.
430 @retval otherwise Authentication of the payload fails.
435 IN CONST UINT8 AlgorithmId
,
438 IN HASH_DATA_FRAGMENT
*InDataFragment
,
439 IN UINTN FragmentCount
,
452 Status
= EFI_UNSUPPORTED
;
455 OutHashSize
= IpSecGetHmacDigestLength (AlgorithmId
);
457 // If the expected hash data size is larger than the related Hash algorithm
458 // output length, return EFI_INVALID_PARAMETER.
460 if (OutDataSize
> OutHashSize
) {
461 return EFI_INVALID_PARAMETER
;
463 OutHashData
= AllocatePool (OutHashSize
);
465 if (OutHashData
== NULL
) {
466 return EFI_OUT_OF_RESOURCES
;
469 switch (AlgorithmId
) {
475 case IKE_AALG_SHA1HMAC
:
476 Index
= IpSecGetIndexFromAuthList (AlgorithmId
);
484 ContextSize
= mIpsecAuthAlgorithmList
[Index
].HmacGetContextSize();
485 HashContext
= AllocateZeroPool (ContextSize
);
487 if (HashContext
== NULL
) {
488 Status
= EFI_OUT_OF_RESOURCES
;
493 // Initiate HMAC context and hash the input data.
495 if (mIpsecAuthAlgorithmList
[Index
].HmacInitiate(HashContext
, Key
, KeyLength
)) {
496 for (FragmentIndex
= 0; FragmentIndex
< FragmentCount
; FragmentIndex
++) {
497 if (!mIpsecAuthAlgorithmList
[Index
].HmacUpdate (
499 InDataFragment
[FragmentIndex
].Data
,
500 InDataFragment
[FragmentIndex
].DataSize
506 if (mIpsecAuthAlgorithmList
[Index
].HmacFinal (HashContext
, OutHashData
)) {
508 // In some cases, like the Icv computing, the Icv size might be less than
509 // the key length size, so copy the part of hash data to the OutData.
511 CopyMem (OutData
, OutHashData
, OutDataSize
);
512 Status
= EFI_SUCCESS
;
523 if (HashContext
!= NULL
) {
524 FreePool (HashContext
);
526 if (OutHashData
!= NULL
) {
527 FreePool (OutHashData
);
534 Digests the Payload and store the result into the OutData.
536 This function calls relevant Hash interface from CryptoLib according to
537 the input algorithm ID. It computes all datas from InDataFragment and output
538 the result into the OutData buffer. If the OutDataSize is larger than the related
539 Hash algorithm output size, return EFI_INVALID_PARAMETER.
541 @param[in] AlgorithmId The authentication Identification.
542 @param[in] InDataFragment A list contains all data to be authenticated.
543 @param[in] FragmentCount The size of the InDataFragment.
544 @param[out] OutData For in, the buffer to receive the output data.
545 For out, the buffer contains the authenticated data.
546 @param[in] OutDataSize The size of the buffer of OutData.
548 @retval EFI_UNSUPPORTED If the AuthAlg is not in the support list.
549 @retval EFI_SUCCESS Authenticated the payload successfully.
550 @retval EFI_INVALID_PARAMETER If the OutDataSize is larger than the related Hash
551 algorithm could handle.
552 @retval otherwise Authentication of the payload failed.
557 IN CONST UINT8 AlgorithmId
,
558 IN HASH_DATA_FRAGMENT
*InDataFragment
,
559 IN UINTN FragmentCount
,
572 Status
= EFI_UNSUPPORTED
;
575 OutHashSize
= IpSecGetHmacDigestLength (AlgorithmId
);
577 // If the expected hash data size is larger than the related Hash algorithm
578 // output length, return EFI_INVALID_PARAMETER.
580 if (OutDataSize
> OutHashSize
) {
581 return EFI_INVALID_PARAMETER
;
583 OutHashData
= AllocatePool (OutHashSize
);
584 if (OutHashData
== NULL
) {
585 return EFI_OUT_OF_RESOURCES
;
588 switch (AlgorithmId
) {
594 case IKE_AALG_SHA1HMAC
:
595 Index
= IpSecGetIndexFromAuthList (AlgorithmId
);
602 ContextSize
= mIpsecHashAlgorithmList
[Index
].HashGetContextSize();
603 HashContext
= AllocateZeroPool (ContextSize
);
604 if (HashContext
== NULL
) {
605 Status
= EFI_OUT_OF_RESOURCES
;
610 // Initiate Hash context and hash the input data.
612 if (mIpsecHashAlgorithmList
[Index
].HashInitiate(HashContext
)) {
613 for (FragmentIndex
= 0; FragmentIndex
< FragmentCount
; FragmentIndex
++) {
614 if (!mIpsecHashAlgorithmList
[Index
].HashUpdate (
616 InDataFragment
[FragmentIndex
].Data
,
617 InDataFragment
[FragmentIndex
].DataSize
623 if (mIpsecHashAlgorithmList
[Index
].HashFinal (HashContext
, OutHashData
)) {
625 // In some cases, like the Icv computing, the Icv size might be less than
626 // the key length size, so copy the part of hash data to the OutData.
628 CopyMem (OutData
, OutHashData
, OutDataSize
);
629 Status
= EFI_SUCCESS
;
640 if (HashContext
!= NULL
) {
641 FreePool (HashContext
);
643 if (OutHashData
!= NULL
) {
644 FreePool (OutHashData
);
651 Generates the Diffie-Hellman public key.
653 This function first initiate a DHContext, then call the DhSetParameter() to set
654 the prime and primelength, at end call the DhGenerateKey() to generates random
655 secret exponent, and computes the public key. The output returned via parameter
656 PublicKey and PublicKeySize. DH context is updated accordingly. If the PublicKey
657 buffer is too small to hold the public key, EFI_INVALID_PARAMETER is returned
658 and PublicKeySize is set to the required buffer size to obtain the public key.
660 @param[in, out] DhContext Pointer to the DH context.
661 @param[in] Generator Value of generator.
662 @param[in] PrimeLength Length in bits of prime to be generated.
663 @param[in] Prime Pointer to the buffer to receive the generated
665 @param[out] PublicKey Pointer to the buffer to receive generated public key.
666 @param[in, out] PublicKeySize For in, the size of PublicKey buffer in bytes.
667 For out, the size of data returned in PublicKey
670 @retval EFI_SUCCESS The operation performs successfully.
671 @retval Otherwise The operation is failed.
675 IpSecCryptoIoDhGetPublicKey (
676 IN OUT UINT8
**DhContext
,
678 IN UINTN PrimeLength
,
679 IN CONST UINT8
*Prime
,
680 OUT UINT8
*PublicKey
,
681 IN OUT UINTN
*PublicKeySize
686 *DhContext
= DhNew ();
687 ASSERT (*DhContext
!= NULL
);
688 if (!DhSetParameter (*DhContext
, Generator
, PrimeLength
, Prime
)) {
689 Status
= EFI_INVALID_PARAMETER
;
693 if (!DhGenerateKey (*DhContext
, PublicKey
, PublicKeySize
)) {
694 Status
= EFI_INVALID_PARAMETER
;
700 if (*DhContext
!= NULL
) {
709 Generates exchanged common key.
711 Given peer's public key, this function computes the exchanged common key, based
712 on its own context including value of prime modulus and random secret exponent.
714 @param[in, out] DhContext Pointer to the DH context.
715 @param[in] PeerPublicKey Pointer to the peer's Public Key.
716 @param[in] PeerPublicKeySize Size of peer's public key in bytes.
717 @param[out] Key Pointer to the buffer to receive generated key.
718 @param[in, out] KeySize For in, the size of Key buffer in bytes.
719 For out, the size of data returned in Key
722 @retval EFI_SUCCESS The operation performs successfully.
723 @retval Otherwise The operation is failed.
727 IpSecCryptoIoDhComputeKey (
728 IN OUT UINT8
*DhContext
,
729 IN CONST UINT8
*PeerPublicKey
,
730 IN UINTN PeerPublicKeySize
,
732 IN OUT UINTN
*KeySize
735 if (!DhComputeKey (DhContext
, PeerPublicKey
, PeerPublicKeySize
, Key
, KeySize
)) {
736 return EFI_INVALID_PARAMETER
;
743 Releases the DH context. If DhContext is NULL, return EFI_INVALID_PARAMETER.
745 @param[in, out] DhContext Pointer to the DH context to be freed.
747 @retval EFI_SUCCESS The operation performs successfully.
748 @retval EFI_INVALID_PARAMETER The DhContext is NULL.
752 IpSecCryptoIoFreeDh (
753 IN OUT UINT8
**DhContext
756 if (*DhContext
== NULL
) {
757 return EFI_INVALID_PARAMETER
;
765 Generates random numbers of specified size.
767 If the Random Generator wasn't initiated, initiate it first, then call RandomBytes.
769 @param[out] OutBuffer Pointer to buffer to receive random value.
770 @param[in] Bytes Size of random bytes to generate.
772 @retval EFI_SUCCESS The operation performs successfully.
773 @retval Otherwise The operation is failed.
777 IpSecCryptoIoGenerateRandomBytes (
778 OUT UINT8
* OutBuffer
,
782 if (!mInitialRandomSeed
) {
783 RandomSeed (NULL
, 0);
784 mInitialRandomSeed
= TRUE
;
786 if (RandomBytes (OutBuffer
, Bytes
)) {
789 return EFI_INVALID_PARAMETER
;
794 Authenticate data with the certificate.
796 @param[in] InData Pointer to the Data to be signed.
797 @param[in] InDataSize InData size in bytes.
798 @param[in] PrivateKey Pointer to the private key.
799 @param[in] PrivateKeySize The size of Private Key in bytes.
800 @param[in] KeyPassWord Pointer to the password for retrieving private key.
801 @param[in] KeyPwdSize The size of Key Password in bytes.
802 @param[out] OutData The pointer to the signed data.
803 @param[in, out] OutDataSize Pointer to contain the size of out data.
807 IpSecCryptoIoAuthDataWithCertificate (
810 IN UINT8
*PrivateKey
,
811 IN UINTN PrivateKeySize
,
812 IN UINT8
*KeyPassWord
,
815 IN OUT UINTN
*OutDataSize
826 // Retrieve RSA Private Key from password-protected PEM data
828 RsaGetPrivateKeyFromPem (
829 (CONST UINT8
*)PrivateKey
,
831 (CONST CHAR8
*)KeyPassWord
,
832 (VOID
**) &RsaContext
834 if (RsaContext
== NULL
) {
842 if (!RsaPkcs1Sign (RsaContext
, InData
, InDataSize
, Signature
, &SigSize
)) {
843 Signature
= AllocateZeroPool (SigSize
);
848 RsaPkcs1Sign (RsaContext
, InData
, InDataSize
, Signature
, &SigSize
);
850 *OutData
= Signature
;
851 *OutDataSize
= SigSize
;
853 if (RsaContext
!= NULL
) {
854 RsaFree (RsaContext
);
859 Verify the singed data with the public key which is contained in a certificate.
861 @param[in] InCert Pointer to the Certificate which contains the
863 @param[in] CertLen The size of Certificate in bytes.
864 @param[in] InCa Pointer to the CA certificate
865 @param[in] CaLen The size of CA certificate in bytes.
866 @param[in] InData Pointer to octet message hash to be checked.
867 @param[in] InDataSize Size of the message hash in bytes.
868 @param[in] Singnature The pointer to the RSA PKCS1-V1_5 signature to be verified.
869 @param[in] SigSize Size of signature in bytes.
871 @retval TRUE Valid signature encoded in PKCS1-v1_5.
872 @retval FALSE Invalid signature or invalid RSA context.
876 IpSecCryptoIoVerifySignDataByCertificate (
883 IN UINT8
*Singnature
,
891 // Create the RSA Context
893 RsaContext
= RsaNew ();
894 if (RsaContext
== NULL
) {
899 // Verify the validity of X509 Certificate
901 if (!X509VerifyCert (InCert
, CertLen
, InCa
, CaLen
)) {
906 // Retrieve the RSA public Key from Certificate
908 RsaGetPublicKeyFromX509 ((CONST UINT8
*)InCert
, CertLen
, (VOID
**)&RsaContext
);
913 Status
= RsaPkcs1Verify (RsaContext
, InData
, InDataSize
, Singnature
, SigSize
);
915 if (RsaContext
!= NULL
) {
916 RsaFree (RsaContext
);
923 Retrieves the RSA Public Key from one X509 certificate (DER format only).
925 @param[in] InCert Pointer to the certificate.
926 @param[in] CertLen The size of the certificate in bytes.
927 @param[out] PublicKey Pointer to the retrieved public key.
928 @param[out] PublicKeyLen Size of Public Key in bytes.
930 @retval EFI_SUCCESS Successfully get the public Key.
931 @retval EFI_INVALID_PARAMETER The certificate is malformed.
935 IpSecCryptoIoGetPublicKeyFromCert (
938 OUT UINT8
**PublicKey
,
939 OUT UINTN
*PublicKeyLen
945 Status
= EFI_SUCCESS
;
948 // Create the RSA Context
950 RsaContext
= RsaNew ();
953 // Retrieve the RSA public key from CA Certificate
955 if (!RsaGetPublicKeyFromX509 ((CONST UINT8
*)InCert
, CertLen
, (VOID
**) &RsaContext
)) {
956 Status
= EFI_INVALID_PARAMETER
;
962 RsaGetKey (RsaContext
, RsaKeyN
, NULL
, PublicKeyLen
);
964 *PublicKey
= AllocateZeroPool (*PublicKeyLen
);
965 if (*PublicKey
== NULL
) {
966 Status
= EFI_OUT_OF_RESOURCES
;
970 if (!RsaGetKey (RsaContext
, RsaKeyN
, *PublicKey
, PublicKeyLen
)) {
971 Status
= EFI_INVALID_PARAMETER
;
975 if (RsaContext
!= NULL
) {
976 RsaFree (RsaContext
);
983 Retrieves the subject name from one X509 certificate (DER format only).
985 @param[in] InCert Pointer to the X509 certificate.
986 @param[in] CertSize The size of the X509 certificate in bytes.
987 @param[out] CertSubject Pointer to the retrieved certificate subject.
988 @param[out] SubjectSize The size of Certificate Subject in bytes.
990 @retval EFI_SUCCESS Retrieved the certificate subject successfully.
991 @retval EFI_INVALID_PARAMETER The certificate is malformed.
995 IpSecCryptoIoGetSubjectFromCert (
998 OUT UINT8
**CertSubject
,
999 OUT UINTN
*SubjectSize
1004 Status
= EFI_SUCCESS
;
1007 X509GetSubjectName (InCert
, CertSize
, *CertSubject
, SubjectSize
);
1009 *CertSubject
= AllocateZeroPool (*SubjectSize
);
1010 if (!X509GetSubjectName (InCert
, CertSize
, *CertSubject
, SubjectSize
)) {
1011 Status
= EFI_INVALID_PARAMETER
;