+/**\r
+ Performs TDES decryption on a data buffer of the specified size in ECB mode.\r
+\r
+ This function performs TDES decryption on data buffer pointed by Input, of specified\r
+ size of InputSize, in ECB mode.\r
+ InputSize must be multiple of block size (8 bytes). This function does not perform\r
+ padding. Caller must perform padding, if necessary, to ensure valid input data size.\r
+ TdesContext should be already correctly initialized by TdesInit(). Behavior with\r
+ invalid TDES context is undefined.\r
+\r
+ If TdesContext is NULL, then ASSERT().\r
+ If Input is NULL, then ASSERT().\r
+ If InputSize is not multiple of block size (8 bytes), then ASSERT().\r
+ If Output is NULL, then ASSERT().\r
+\r
+ @param[in] TdesContext Pointer to the TDES context.\r
+ @param[in] Input Pointer to the buffer containing the data to be decrypted.\r
+ @param[in] InputSize Size of the Input buffer in bytes.\r
+ @param[out] Output Pointer to a buffer that receives the TDES decryption output.\r
+\r
+ @retval TRUE TDES decryption succeeded.\r
+ @retval FALSE TDES decryption failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+TdesEcbDecrypt (\r
+ IN VOID *TdesContext,\r
+ IN CONST UINT8 *Input,\r
+ IN UINTN InputSize,\r
+ OUT UINT8 *Output\r
+ );\r
+\r
+/**\r
+ Performs TDES encryption on a data buffer of the specified size in CBC mode.\r
+\r
+ This function performs TDES encryption on data buffer pointed by Input, of specified\r
+ size of InputSize, in CBC mode.\r
+ InputSize must be multiple of block size (8 bytes). This function does not perform\r
+ padding. Caller must perform padding, if necessary, to ensure valid input data size.\r
+ Initialization vector should be one block size (8 bytes).\r
+ TdesContext should be already correctly initialized by TdesInit(). Behavior with\r
+ invalid TDES context is undefined.\r
+\r
+ If TdesContext is NULL, then ASSERT().\r
+ If Input is NULL, then ASSERT().\r
+ If InputSize is not multiple of block size (8 bytes), then ASSERT().\r
+ If Ivec is NULL, then ASSERT().\r
+ If Output is NULL, then ASSERT().\r
+\r
+ @param[in] TdesContext Pointer to the TDES context.\r
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.\r
+ @param[in] InputSize Size of the Input buffer in bytes.\r
+ @param[in] Ivec Pointer to initialization vector.\r
+ @param[out] Output Pointer to a buffer that receives the TDES encryption output.\r
+\r
+ @retval TRUE TDES encryption succeeded.\r
+ @retval FALSE TDES encryption failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+TdesCbcEncrypt (\r
+ IN VOID *TdesContext,\r
+ IN CONST UINT8 *Input,\r
+ IN UINTN InputSize,\r
+ IN CONST UINT8 *Ivec,\r
+ OUT UINT8 *Output\r
+ );\r
+\r
+/**\r
+ Performs TDES decryption on a data buffer of the specified size in CBC mode.\r
+\r
+ This function performs TDES decryption on data buffer pointed by Input, of specified\r
+ size of InputSize, in CBC mode.\r
+ InputSize must be multiple of block size (8 bytes). This function does not perform\r
+ padding. Caller must perform padding, if necessary, to ensure valid input data size.\r
+ Initialization vector should be one block size (8 bytes).\r
+ TdesContext should be already correctly initialized by TdesInit(). Behavior with\r
+ invalid TDES context is undefined.\r
+\r
+ If TdesContext is NULL, then ASSERT().\r
+ If Input is NULL, then ASSERT().\r
+ If InputSize is not multiple of block size (8 bytes), then ASSERT().\r
+ If Ivec is NULL, then ASSERT().\r
+ If Output is NULL, then ASSERT().\r
+\r
+ @param[in] TdesContext Pointer to the TDES context.\r
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.\r
+ @param[in] InputSize Size of the Input buffer in bytes.\r
+ @param[in] Ivec Pointer to initialization vector.\r
+ @param[out] Output Pointer to a buffer that receives the TDES encryption output.\r
+\r
+ @retval TRUE TDES decryption succeeded.\r
+ @retval FALSE TDES decryption failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+TdesCbcDecrypt (\r
+ IN VOID *TdesContext,\r
+ IN CONST UINT8 *Input,\r
+ IN UINTN InputSize,\r
+ IN CONST UINT8 *Ivec,\r
+ OUT UINT8 *Output\r
+ );\r
+\r
+/**\r
+ Retrieves the size, in bytes, of the context buffer required for AES operations.\r
+\r
+ @return The size, in bytes, of the context buffer required for AES operations.\r
+\r
+**/\r
+UINTN\r
+EFIAPI\r
+AesGetContextSize (\r
+ VOID\r
+ );\r
+\r
+/**\r
+ Initializes user-supplied memory as AES context for subsequent use.\r
+\r
+ This function initializes user-supplied memory pointed by AesContext as AES context.\r
+ In addtion, it sets up all AES key materials for subsequent encryption and decryption\r
+ operations.\r
+ There are 3 options for key length, 128 bits, 192 bits, and 256 bits.\r
+\r
+ If AesContext is NULL, then ASSERT().\r
+ If Key is NULL, then ASSERT().\r
+ If KeyLength is not valid, then ASSERT().\r
+\r
+ @param[out] AesContext Pointer to AES context being initialized.\r
+ @param[in] Key Pointer to the user-supplied AES key.\r
+ @param[in] KeyLength Length of AES key in bits.\r
+\r
+ @retval TRUE AES context initialization succeeded.\r
+ @retval FALSE AES context initialization failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+AesInit (\r
+ OUT VOID *AesContext,\r
+ IN CONST UINT8 *Key,\r
+ IN UINTN KeyLength\r
+ );\r
+\r
+/**\r
+ Performs AES encryption on a data buffer of the specified size in ECB mode.\r
+\r
+ This function performs AES encryption on data buffer pointed by Input, of specified\r
+ size of InputSize, in ECB mode.\r
+ InputSize must be multiple of block size (16 bytes). This function does not perform\r
+ padding. Caller must perform padding, if necessary, to ensure valid input data size.\r
+ AesContext should be already correctly initialized by AesInit(). Behavior with\r
+ invalid AES context is undefined.\r
+\r
+ If AesContext is NULL, then ASSERT().\r
+ If Input is NULL, then ASSERT().\r
+ If InputSize is not multiple of block size (16 bytes), then ASSERT().\r
+ If Output is NULL, then ASSERT().\r
+\r
+ @param[in] AesContext Pointer to the AES context.\r
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.\r
+ @param[in] InputSize Size of the Input buffer in bytes.\r
+ @param[out] Output Pointer to a buffer that receives the AES encryption output.\r
+\r
+ @retval TRUE AES encryption succeeded.\r
+ @retval FALSE AES encryption failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+AesEcbEncrypt (\r
+ IN VOID *AesContext,\r
+ IN CONST UINT8 *Input,\r
+ IN UINTN InputSize,\r
+ OUT UINT8 *Output\r
+ );\r
+\r
+/**\r
+ Performs AES decryption on a data buffer of the specified size in ECB mode.\r
+\r
+ This function performs AES decryption on data buffer pointed by Input, of specified\r
+ size of InputSize, in ECB mode.\r
+ InputSize must be multiple of block size (16 bytes). This function does not perform\r
+ padding. Caller must perform padding, if necessary, to ensure valid input data size.\r
+ AesContext should be already correctly initialized by AesInit(). Behavior with\r
+ invalid AES context is undefined.\r
+\r
+ If AesContext is NULL, then ASSERT().\r
+ If Input is NULL, then ASSERT().\r
+ If InputSize is not multiple of block size (16 bytes), then ASSERT().\r
+ If Output is NULL, then ASSERT().\r
+\r
+ @param[in] AesContext Pointer to the AES context.\r
+ @param[in] Input Pointer to the buffer containing the data to be decrypted.\r
+ @param[in] InputSize Size of the Input buffer in bytes.\r
+ @param[out] Output Pointer to a buffer that receives the AES decryption output.\r
+\r
+ @retval TRUE AES decryption succeeded.\r
+ @retval FALSE AES decryption failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+AesEcbDecrypt (\r
+ IN VOID *AesContext,\r
+ IN CONST UINT8 *Input,\r
+ IN UINTN InputSize,\r
+ OUT UINT8 *Output\r
+ );\r
+\r
+/**\r
+ Performs AES encryption on a data buffer of the specified size in CBC mode.\r
+\r
+ This function performs AES encryption on data buffer pointed by Input, of specified\r
+ size of InputSize, in CBC mode.\r
+ InputSize must be multiple of block size (16 bytes). This function does not perform\r
+ padding. Caller must perform padding, if necessary, to ensure valid input data size.\r
+ Initialization vector should be one block size (16 bytes).\r
+ AesContext should be already correctly initialized by AesInit(). Behavior with\r
+ invalid AES context is undefined.\r
+\r
+ If AesContext is NULL, then ASSERT().\r
+ If Input is NULL, then ASSERT().\r
+ If InputSize is not multiple of block size (16 bytes), then ASSERT().\r
+ If Ivec is NULL, then ASSERT().\r
+ If Output is NULL, then ASSERT().\r
+\r
+ @param[in] AesContext Pointer to the AES context.\r
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.\r
+ @param[in] InputSize Size of the Input buffer in bytes.\r
+ @param[in] Ivec Pointer to initialization vector.\r
+ @param[out] Output Pointer to a buffer that receives the AES encryption output.\r
+\r
+ @retval TRUE AES encryption succeeded.\r
+ @retval FALSE AES encryption failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+AesCbcEncrypt (\r
+ IN VOID *AesContext,\r
+ IN CONST UINT8 *Input,\r
+ IN UINTN InputSize,\r
+ IN CONST UINT8 *Ivec,\r
+ OUT UINT8 *Output\r
+ );\r
+\r
+/**\r
+ Performs AES decryption on a data buffer of the specified size in CBC mode.\r
+\r
+ This function performs AES decryption on data buffer pointed by Input, of specified\r
+ size of InputSize, in CBC mode.\r
+ InputSize must be multiple of block size (16 bytes). This function does not perform\r
+ padding. Caller must perform padding, if necessary, to ensure valid input data size.\r
+ Initialization vector should be one block size (16 bytes).\r
+ AesContext should be already correctly initialized by AesInit(). Behavior with\r
+ invalid AES context is undefined.\r
+\r
+ If AesContext is NULL, then ASSERT().\r
+ If Input is NULL, then ASSERT().\r
+ If InputSize is not multiple of block size (16 bytes), then ASSERT().\r
+ If Ivec is NULL, then ASSERT().\r
+ If Output is NULL, then ASSERT().\r
+\r
+ @param[in] AesContext Pointer to the AES context.\r
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.\r
+ @param[in] InputSize Size of the Input buffer in bytes.\r
+ @param[in] Ivec Pointer to initialization vector.\r
+ @param[out] Output Pointer to a buffer that receives the AES encryption output.\r
+\r
+ @retval TRUE AES decryption succeeded.\r
+ @retval FALSE AES decryption failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+AesCbcDecrypt (\r
+ IN VOID *AesContext,\r
+ IN CONST UINT8 *Input,\r
+ IN UINTN InputSize,\r
+ IN CONST UINT8 *Ivec,\r
+ OUT UINT8 *Output\r
+ );\r
+\r
+/**\r
+ Retrieves the size, in bytes, of the context buffer required for ARC4 operations.\r
+\r
+ @return The size, in bytes, of the context buffer required for ARC4 operations.\r
+\r
+**/\r
+UINTN\r
+EFIAPI\r
+Arc4GetContextSize (\r
+ VOID\r
+ );\r
+\r
+/**\r
+ Initializes user-supplied memory as ARC4 context for subsequent use.\r
+\r
+ This function initializes user-supplied memory pointed by Arc4Context as ARC4 context.\r
+ In addtion, it sets up all ARC4 key materials for subsequent encryption and decryption\r
+ operations.\r
+\r
+ If Arc4Context is NULL, then ASSERT().\r
+ If Key is NULL, then ASSERT().\r
+ If KeySize does not in the range of [5, 256] bytes, then ASSERT().\r
+\r
+ @param[out] Arc4Context Pointer to ARC4 context being initialized.\r
+ @param[in] Key Pointer to the user-supplied ARC4 key.\r
+ @param[in] KeySize Size of ARC4 key in bytes.\r
+\r
+ @retval TRUE ARC4 context initialization succeeded.\r
+ @retval FALSE ARC4 context initialization failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Arc4Init (\r
+ OUT VOID *Arc4Context,\r
+ IN CONST UINT8 *Key,\r
+ IN UINTN KeySize\r
+ );\r
+\r
+/**\r
+ Performs ARC4 encryption on a data buffer of the specified size.\r
+\r
+ This function performs ARC4 encryption on data buffer pointed by Input, of specified\r
+ size of InputSize.\r
+ Arc4Context should be already correctly initialized by Arc4Init(). Behavior with\r
+ invalid ARC4 context is undefined.\r
+\r
+ If Arc4Context is NULL, then ASSERT().\r
+ If Input is NULL, then ASSERT().\r
+ If Output is NULL, then ASSERT().\r
+\r
+ @param[in] Arc4Context Pointer to the ARC4 context.\r
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.\r
+ @param[in] InputSize Size of the Input buffer in bytes.\r
+ @param[out] Output Pointer to a buffer that receives the ARC4 encryption output.\r
+\r
+ @retval TRUE ARC4 encryption succeeded.\r
+ @retval FALSE ARC4 encryption failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Arc4Encrypt (\r
+ IN OUT VOID *Arc4Context,\r
+ IN CONST UINT8 *Input,\r
+ IN UINTN InputSize,\r
+ OUT UINT8 *Output\r
+ );\r
+\r
+/**\r
+ Performs ARC4 decryption on a data buffer of the specified size.\r
+\r
+ This function performs ARC4 decryption on data buffer pointed by Input, of specified\r
+ size of InputSize.\r
+ Arc4Context should be already correctly initialized by Arc4Init(). Behavior with\r
+ invalid ARC4 context is undefined.\r
+\r
+ If Arc4Context is NULL, then ASSERT().\r
+ If Input is NULL, then ASSERT().\r
+ If Output is NULL, then ASSERT().\r
+\r
+ @param[in] Arc4Context Pointer to the ARC4 context.\r
+ @param[in] Input Pointer to the buffer containing the data to be decrypted.\r
+ @param[in] InputSize Size of the Input buffer in bytes.\r
+ @param[out] Output Pointer to a buffer that receives the ARC4 decryption output.\r
+\r
+ @retval TRUE ARC4 decryption succeeded.\r
+ @retval FALSE ARC4 decryption failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Arc4Decrypt (\r
+ IN OUT VOID *Arc4Context,\r
+ IN UINT8 *Input,\r
+ IN UINTN InputSize,\r
+ OUT UINT8 *Output\r
+ );\r
+\r
+/**\r
+ Resets the ARC4 context to the initial state.\r
+\r
+ The function resets the ARC4 context to the state it had immediately after the\r
+ ARC4Init() function call.\r
+ Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but ARC4 context\r
+ should be already correctly initialized by ARC4Init().\r
+\r
+ If Arc4Context is NULL, then ASSERT().\r
+\r
+ @param[in, out] Arc4Context Pointer to the ARC4 context.\r
+\r
+ @retval TRUE ARC4 reset succeeded.\r
+ @retval FALSE ARC4 reset failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Arc4Reset (\r
+ IN OUT VOID *Arc4Context\r
+ );\r
+\r
+//=====================================================================================\r
+// Asymmetric Cryptography Primitive\r
+//=====================================================================================\r
+\r
+/**\r
+ Allocates and initializes one RSA context for subsequent use.\r
+\r
+ @return Pointer to the RSA context that has been initialized.\r
+ If the allocations fails, RsaNew() returns NULL.\r
+\r
+**/\r
+VOID *\r
+EFIAPI\r
+RsaNew (\r
+ VOID\r
+ );\r
+\r
+/**\r
+ Release the specified RSA context.\r
+\r
+ If RsaContext is NULL, then ASSERT().\r
+\r
+ @param[in] RsaContext Pointer to the RSA context to be released.\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+RsaFree (\r
+ IN VOID *RsaContext\r
+ );\r
+\r
+/**\r
+ Sets the tag-designated key component into the established RSA context.\r
+\r
+ This function sets the tag-designated RSA key component into the established\r
+ RSA context from the user-specified non-negative integer (octet string format\r
+ represented in RSA PKCS#1).\r
+ If BigNumber is NULL, then the specified key componenet in RSA context is cleared.\r
+\r
+ If RsaContext is NULL, then ASSERT().\r
+\r
+ @param[in, out] RsaContext Pointer to RSA context being set.\r
+ @param[in] KeyTag Tag of RSA key component being set.\r
+ @param[in] BigNumber Pointer to octet integer buffer.\r
+ If NULL, then the specified key componenet in RSA\r
+ context is cleared.\r
+ @param[in] BnSize Size of big number buffer in bytes.\r
+ If BigNumber is NULL, then it is ignored.\r
+\r
+ @retval TRUE RSA key component was set successfully.\r
+ @retval FALSE Invalid RSA key component tag.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+RsaSetKey (\r
+ IN OUT VOID *RsaContext,\r
+ IN RSA_KEY_TAG KeyTag,\r
+ IN CONST UINT8 *BigNumber,\r
+ IN UINTN BnSize\r
+ );\r
+\r
+/**\r
+ Gets the tag-designated RSA key component from the established RSA context.\r
+\r
+ This function retrieves the tag-designated RSA key component from the\r
+ established RSA context as a non-negative integer (octet string format\r
+ represented in RSA PKCS#1).\r
+ If specified key component has not been set or has been cleared, then returned\r
+ BnSize is set to 0.\r
+ If the BigNumber buffer is too small to hold the contents of the key, FALSE\r
+ is returned and BnSize is set to the required buffer size to obtain the key.\r
+\r
+ If RsaContext is NULL, then ASSERT().\r
+ If BnSize is NULL, then ASSERT().\r
+ If BnSize is large enough but BigNumber is NULL, then ASSERT().\r
+\r
+ @param[in, out] RsaContext Pointer to RSA context being set.\r
+ @param[in] KeyTag Tag of RSA key component being set.\r
+ @param[out] BigNumber Pointer to octet integer buffer.\r
+ @param[in, out] BnSize On input, the size of big number buffer in bytes.\r
+ On output, the size of data returned in big number buffer in bytes.\r
+\r
+ @retval TRUE RSA key component was retrieved successfully.\r
+ @retval FALSE Invalid RSA key component tag.\r
+ @retval FALSE BnSize is too small.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+RsaGetKey (\r
+ IN OUT VOID *RsaContext,\r
+ IN RSA_KEY_TAG KeyTag,\r
+ OUT UINT8 *BigNumber,\r
+ IN OUT UINTN *BnSize\r
+ );\r
+\r
+/**\r
+ Generates RSA key components.\r
+\r
+ This function generates RSA key components. It takes RSA public exponent E and\r
+ length in bits of RSA modulus N as input, and generates all key components.\r
+ If PublicExponent is NULL, the default RSA public exponent (0x10001) will be used.\r
+\r
+ Before this function can be invoked, pseudorandom number generator must be correctly\r
+ initialized by RandomSeed().\r
+\r
+ If RsaContext is NULL, then ASSERT().\r
+\r
+ @param[in, out] RsaContext Pointer to RSA context being set.\r
+ @param[in] ModulusLength Length of RSA modulus N in bits.\r
+ @param[in] PublicExponent Pointer to RSA public exponent.\r
+ @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes. \r
+\r
+ @retval TRUE RSA key component was generated successfully.\r
+ @retval FALSE Invalid RSA key component tag.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+RsaGenerateKey (\r
+ IN OUT VOID *RsaContext,\r
+ IN UINTN ModulusLength,\r
+ IN CONST UINT8 *PublicExponent,\r
+ IN UINTN PublicExponentSize\r
+ );\r
+\r
+/**\r
+ Validates key components of RSA context.\r
+\r
+ This function validates key compoents of RSA context in following aspects:\r
+ - Whether p is a prime\r
+ - Whether q is a prime\r
+ - Whether n = p * q\r
+ - Whether d*e = 1 mod lcm(p-1,q-1)\r
+\r
+ If RsaContext is NULL, then ASSERT().\r
+\r
+ @param[in] RsaContext Pointer to RSA context to check.\r
+\r
+ @retval TRUE RSA key components are valid.\r
+ @retval FALSE RSA key components are not valid.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+RsaCheckKey (\r
+ IN VOID *RsaContext\r
+ );\r
+\r
+/**\r
+ Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.\r
+\r
+ This function carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme defined in\r
+ RSA PKCS#1.\r
+ If the Signature buffer is too small to hold the contents of signature, FALSE\r
+ is returned and SigSize is set to the required buffer size to obtain the signature.\r
+\r
+ If RsaContext is NULL, then ASSERT().\r
+ If MessageHash is NULL, then ASSERT().\r
+ If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then ASSERT().\r
+ If SigSize is large enough but Signature is NULL, then ASSERT().\r
+\r
+ @param[in] RsaContext Pointer to RSA context for signature generation.\r
+ @param[in] MessageHash Pointer to octet message hash to be signed.\r
+ @param[in] HashSize Size of the message hash in bytes.\r
+ @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature.\r
+ @param[in, out] SigSize On input, the size of Signature buffer in bytes.\r
+ On output, the size of data returned in Signature buffer in bytes.\r
+\r
+ @retval TRUE Signature successfully generated in PKCS1-v1_5.\r
+ @retval FALSE Signature generation failed.\r
+ @retval FALSE SigSize is too small.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+RsaPkcs1Sign (\r
+ IN VOID *RsaContext,\r
+ IN CONST UINT8 *MessageHash,\r
+ IN UINTN HashSize,\r
+ OUT UINT8 *Signature,\r
+ IN OUT UINTN *SigSize\r
+ );\r
+\r
+/**\r
+ Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in\r
+ RSA PKCS#1.\r
+\r
+ If RsaContext is NULL, then ASSERT().\r
+ If MessageHash is NULL, then ASSERT().\r
+ If Signature is NULL, then ASSERT().\r
+ If HashSize is not equal to the size of MD5, SHA-1, SHA-256 digest, then ASSERT().\r
+\r
+ @param[in] RsaContext Pointer to RSA context for signature verification.\r
+ @param[in] MessageHash Pointer to octet message hash to be checked.\r
+ @param[in] HashSize Size of the message hash in bytes.\r
+ @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.\r
+ @param[in] SigSize Size of signature in bytes.\r
+\r
+ @retval TRUE Valid signature encoded in PKCS1-v1_5.\r
+ @retval FALSE Invalid signature or invalid RSA context.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+RsaPkcs1Verify (\r
+ IN VOID *RsaContext,\r
+ IN CONST UINT8 *MessageHash,\r
+ IN UINTN HashSize,\r
+ IN UINT8 *Signature,\r
+ IN UINTN SigSize\r
+ );\r
+\r
+/**\r
+ Retrieve the RSA Private Key from the password-protected PEM key data.\r
+\r
+ @param[in] PemData Pointer to the PEM-encoded key data to be retrieved.\r
+ @param[in] PemSize Size of the PEM key data in bytes.\r
+ @param[in] Password NULL-terminated passphrase used for encrypted PEM key data.\r
+ @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved\r
+ RSA private key component. Use RsaFree() function to free the\r
+ resource.\r
+\r
+ If PemData is NULL, then ASSERT().\r
+ If RsaContext is NULL, then ASSERT().\r
+\r
+ @retval TRUE RSA Private Key was retrieved successfully.\r
+ @retval FALSE Invalid PEM key data or incorrect password.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+RsaGetPrivateKeyFromPem (\r
+ IN CONST UINT8 *PemData,\r
+ IN UINTN PemSize,\r
+ IN CONST CHAR8 *Password,\r
+ OUT VOID **RsaContext\r
+ );\r
+\r
+/**\r
+ Retrieve the RSA Public Key from one DER-encoded X509 certificate.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved\r
+ RSA public key component. Use RsaFree() function to free the\r
+ resource.\r
+\r
+ If Cert is NULL, then ASSERT().\r
+ If RsaContext is NULL, then ASSERT().\r
+\r
+ @retval TRUE RSA Public Key was retrieved successfully.\r
+ @retval FALSE Fail to retrieve RSA public key from X509 certificate.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+RsaGetPublicKeyFromX509 (\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ OUT VOID **RsaContext\r
+ );\r
+\r
+/**\r
+ Retrieve the subject bytes from one X.509 certificate.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[out] CertSubject Pointer to the retrieved certificate subject bytes.\r
+ @param[in, out] SubjectSize The size in bytes of the CertSubject buffer on input,\r
+ and the size of buffer returned CertSubject on output.\r
+\r
+ If Cert is NULL, then ASSERT().\r
+ If SubjectSize is NULL, then ASSERT().\r
+\r
+ @retval TRUE The certificate subject retrieved successfully.\r
+ @retval FALSE Invalid certificate, or the SubjectSize is too small for the result.\r
+ The SubjectSize will be updated with the required size.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+X509GetSubjectName (\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ OUT UINT8 *CertSubject,\r
+ IN OUT UINTN *SubjectSize\r
+ );\r
+\r
+/**\r
+ Verify one X509 certificate was issued by the trusted CA.\r
+\r
+ @param[in] Cert Pointer to the DER-encoded X509 certificate to be verified.\r
+ @param[in] CertSize Size of the X509 certificate in bytes.\r
+ @param[in] CACert Pointer to the DER-encoded trusted CA certificate.\r
+ @param[in] CACertSize Size of the CA Certificate in bytes.\r
+\r
+ If Cert is NULL, then ASSERT().\r
+ If CACert is NULL, then ASSERT().\r
+\r
+ @retval TRUE The certificate was issued by the trusted CA.\r
+ @retval FALSE Invalid certificate or the certificate was not issued by the given\r
+ trusted CA.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+X509VerifyCert (\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ IN CONST UINT8 *CACert,\r
+ IN UINTN CACertSize\r
+ );\r
+\r
+/**\r
+ Construct a X509 object from DER-encoded certificate data.\r
+\r
+ If Cert is NULL, then ASSERT().\r
+ If SingleX509Cert is NULL, then ASSERT().\r
+\r
+ @param[in] Cert Pointer to the DER-encoded certificate data.\r
+ @param[in] CertSize The size of certificate data in bytes.\r
+ @param[out] SingleX509Cert The generated X509 object.\r
+\r
+ @retval TRUE The X509 object generation succeeded.\r
+ @retval FALSE The operation failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+X509ConstructCertificate (\r
+ IN CONST UINT8 *Cert,\r
+ IN UINTN CertSize,\r
+ OUT UINT8 **SingleX509Cert\r
+ );\r
+\r
+/**\r
+ Construct a X509 stack object from a list of DER-encoded certificate data.\r
+\r
+ If X509Stack is NULL, then ASSERT().\r
+\r
+ @param[in, out] X509Stack On input, pointer to an existing X509 stack object.\r
+ On output, pointer to the X509 stack object with new\r
+ inserted X509 certificate.\r
+ @param ... A list of DER-encoded single certificate data followed\r
+ by certificate size. A NULL terminates the list. The\r
+ pairs are the arguments to X509ConstructCertificate().\r
+ \r
+ @retval TRUE The X509 stack construction succeeded.\r
+ @retval FALSE The construction operation failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+X509ConstructCertificateStack (\r
+ IN OUT UINT8 **X509Stack,\r
+ ... \r
+ );\r
+\r
+/**\r
+ Release the specified X509 object.\r
+\r
+ If X509Cert is NULL, then ASSERT().\r
+\r
+ @param[in] X509Cert Pointer to the X509 object to be released.\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+X509Free (\r
+ IN VOID *X509Cert\r
+ );\r
+\r
+/**\r
+ Release the specified X509 stack object.\r
+\r
+ If X509Stack is NULL, then ASSERT().\r
+\r
+ @param[in] X509Stack Pointer to the X509 stack object to be released.\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+X509StackFree (\r
+ IN VOID *X509Stack\r
+ );\r
+\r
+/**\r
+ Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message\r
+ Syntax Standard, version 1.5". This interface is only intended to be used for\r
+ application to perform PKCS#7 functionality validation.\r
+\r
+ @param[in] PrivateKey Pointer to the PEM-formatted private key data for\r
+ data signing.\r
+ @param[in] PrivateKeySize Size of the PEM private key data in bytes.\r
+ @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM\r
+ key data.\r
+ @param[in] InData Pointer to the content to be signed.\r
+ @param[in] InDataSize Size of InData in bytes.\r
+ @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with.\r
+ @param[in] OtherCerts Pointer to an optional additional set of certificates to\r
+ include in the PKCS#7 signedData (e.g. any intermediate\r
+ CAs in the chain).\r
+ @param[out] SignedData Pointer to output PKCS#7 signedData.\r
+ @param[out] SignedDataSize Size of SignedData in bytes.\r
+\r
+ @retval TRUE PKCS#7 data signing succeeded.\r
+ @retval FALSE PKCS#7 data signing failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Pkcs7Sign (\r
+ IN CONST UINT8 *PrivateKey,\r
+ IN UINTN PrivateKeySize,\r
+ IN CONST UINT8 *KeyPassword,\r
+ IN UINT8 *InData,\r
+ IN UINTN InDataSize,\r
+ IN UINT8 *SignCert,\r
+ IN UINT8 *OtherCerts OPTIONAL,\r
+ OUT UINT8 **SignedData,\r
+ OUT UINTN *SignedDataSize\r
+ );\r
+\r
+/**\r
+ Verifies the validility of a PKCS#7 signed data as described in "PKCS #7: Cryptographic\r
+ Message Syntax Standard".\r
+\r
+ If P7Data is NULL, then ASSERT().\r
+\r
+ @param[in] P7Data Pointer to the PKCS#7 message to verify.\r
+ @param[in] P7Size Size of the PKCS#7 message in bytes.\r
+ @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which\r
+ is used for certificate chain verification.\r
+ @param[in] CertSize Size of the trusted certificate in bytes.\r
+ @param[in] InData Pointer to the content to be verified.\r
+ @param[in] DataSize Size of InData in bytes.\r
+\r
+ @retval TRUE The specified PKCS#7 signed data is valid.\r
+ @retval FALSE Invalid PKCS#7 signed data.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Pkcs7Verify (\r
+ IN CONST UINT8 *P7Data,\r
+ IN UINTN P7Size,\r
+ IN CONST UINT8 *TrustedCert,\r
+ IN UINTN CertSize,\r
+ IN CONST UINT8 *InData,\r
+ IN UINTN DataSize\r
+ );\r
+\r
+/**\r
+ Verifies the validility of a PE/COFF Authenticode Signature as described in "Windows\r
+ Authenticode Portable Executable Signature Format".\r
+\r
+ If AuthData is NULL, then ASSERT().\r
+ If ImageHash is NULL, then ASSERT().\r
+\r
+ @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed\r
+ PE/COFF image to be verified.\r
+ @param[in] DataSize Size of the Authenticode Signature in bytes.\r
+ @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which\r
+ is used for certificate chain verification.\r
+ @param[in] CertSize Size of the trusted certificate in bytes.\r
+ @param[in] ImageHash Pointer to the original image file hash value. The procudure\r
+ for calculating the image hash value is described in Authenticode\r
+ specification.\r
+ @param[in] HashSize Size of Image hash value in bytes.\r
+\r
+ @retval TRUE The specified Authenticode Signature is valid.\r
+ @retval FALSE Invalid Authenticode Signature.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+AuthenticodeVerify (\r
+ IN CONST UINT8 *AuthData,\r
+ IN UINTN DataSize,\r
+ IN CONST UINT8 *TrustedCert,\r
+ IN UINTN CertSize,\r
+ IN CONST UINT8 *ImageHash,\r
+ IN UINTN HashSize\r
+ );\r
+\r
+//=====================================================================================\r
+// DH Key Exchange Primitive\r
+//=====================================================================================\r
+\r
+/**\r
+ Allocates and Initializes one Diffie-Hellman Context for subsequent use.\r
+\r
+ @return Pointer to the Diffie-Hellman Context that has been initialized.\r
+ If the allocations fails, DhNew() returns NULL.\r
+\r
+**/\r
+VOID *\r
+EFIAPI\r
+DhNew (\r
+ VOID\r
+ );\r
+\r
+/**\r
+ Release the specified DH context.\r
+\r
+ If DhContext is NULL, then ASSERT().\r
+\r
+ @param[in] DhContext Pointer to the DH context to be released.\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+DhFree (\r
+ IN VOID *DhContext\r
+ );\r
+\r
+/**\r
+ Generates DH parameter.\r
+\r
+ Given generator g, and length of prime number p in bits, this function generates p,\r
+ and sets DH context according to value of g and p.\r
+ \r
+ Before this function can be invoked, pseudorandom number generator must be correctly\r
+ initialized by RandomSeed().\r
+\r
+ If DhContext is NULL, then ASSERT().\r
+ If Prime is NULL, then ASSERT().\r
+\r
+ @param[in, out] DhContext Pointer to the DH context.\r
+ @param[in] Generator Value of generator.\r
+ @param[in] PrimeLength Length in bits of prime to be generated.\r
+ @param[out] Prime Pointer to the buffer to receive the generated prime number.\r
+\r
+ @retval TRUE DH pamameter generation succeeded.\r
+ @retval FALSE Value of Generator is not supported.\r
+ @retval FALSE PRNG fails to generate random prime number with PrimeLength.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+DhGenerateParameter (\r
+ IN OUT VOID *DhContext,\r
+ IN UINTN Generator,\r
+ IN UINTN PrimeLength,\r
+ OUT UINT8 *Prime\r
+ );\r
+\r
+/**\r
+ Sets generator and prime parameters for DH.\r
+\r
+ Given generator g, and prime number p, this function and sets DH\r
+ context accordingly.\r
+\r
+ If DhContext is NULL, then ASSERT().\r
+ If Prime is NULL, then ASSERT().\r
+\r
+ @param[in, out] DhContext Pointer to the DH context.\r
+ @param[in] Generator Value of generator.\r
+ @param[in] PrimeLength Length in bits of prime to be generated.\r
+ @param[in] Prime Pointer to the prime number.\r
+\r
+ @retval TRUE DH pamameter setting succeeded.\r
+ @retval FALSE Value of Generator is not supported.\r
+ @retval FALSE Value of Generator is not suitable for the Prime.\r
+ @retval FALSE Value of Prime is not a prime number.\r
+ @retval FALSE Value of Prime is not a safe prime number.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+DhSetParameter (\r
+ IN OUT VOID *DhContext,\r
+ IN UINTN Generator,\r
+ IN UINTN PrimeLength,\r
+ IN CONST UINT8 *Prime\r
+ );\r
+\r
+/**\r
+ Generates DH public key.\r
+\r
+ This function generates random secret exponent, and computes the public key, which is \r
+ returned via parameter PublicKey and PublicKeySize. DH context is updated accordingly.\r
+ If the PublicKey buffer is too small to hold the public key, FALSE is returned and\r
+ PublicKeySize is set to the required buffer size to obtain the public key.\r
+\r
+ If DhContext is NULL, then ASSERT().\r
+ If PublicKeySize is NULL, then ASSERT().\r
+ If PublicKeySize is large enough but PublicKey is NULL, then ASSERT().\r
+\r
+ @param[in, out] DhContext Pointer to the DH context.\r
+ @param[out] PublicKey Pointer to the buffer to receive generated public key.\r
+ @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes.\r
+ On output, the size of data returned in PublicKey buffer in bytes.\r
+\r
+ @retval TRUE DH public key generation succeeded.\r
+ @retval FALSE DH public key generation failed.\r
+ @retval FALSE PublicKeySize is not large enough.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+DhGenerateKey (\r
+ IN OUT VOID *DhContext,\r
+ OUT UINT8 *PublicKey,\r
+ IN OUT UINTN *PublicKeySize\r
+ );\r
+\r
+/**\r
+ Computes exchanged common key.\r
+\r
+ Given peer's public key, this function computes the exchanged common key, based on its own\r
+ context including value of prime modulus and random secret exponent. \r
+\r
+ If DhContext is NULL, then ASSERT().\r
+ If PeerPublicKey is NULL, then ASSERT().\r
+ If KeySize is NULL, then ASSERT().\r
+ If KeySize is large enough but Key is NULL, then ASSERT().\r
+\r
+ @param[in, out] DhContext Pointer to the DH context.\r
+ @param[in] PeerPublicKey Pointer to the peer's public key.\r
+ @param[in] PeerPublicKeySize Size of peer's public key in bytes.\r
+ @param[out] Key Pointer to the buffer to receive generated key.\r
+ @param[in, out] KeySize On input, the size of Key buffer in bytes.\r
+ On output, the size of data returned in Key buffer in bytes.\r
+\r
+ @retval TRUE DH exchanged key generation succeeded.\r
+ @retval FALSE DH exchanged key generation failed.\r
+ @retval FALSE KeySize is not large enough.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+DhComputeKey (\r
+ IN OUT VOID *DhContext,\r
+ IN CONST UINT8 *PeerPublicKey,\r
+ IN UINTN PeerPublicKeySize,\r
+ OUT UINT8 *Key,\r
+ IN OUT UINTN *KeySize\r
+ );\r
+\r
+//=====================================================================================\r
+// Pseudo-Random Generation Primitive\r
+//=====================================================================================\r
+\r
+/**\r
+ Sets up the seed value for the pseudorandom number generator.\r
+\r
+ This function sets up the seed value for the pseudorandom number generator.\r
+ If Seed is not NULL, then the seed passed in is used.\r
+ If Seed is NULL, then default seed is used.\r
+\r
+ @param[in] Seed Pointer to seed value.\r
+ If NULL, default seed is used.\r
+ @param[in] SeedSize Size of seed value.\r
+ If Seed is NULL, this parameter is ignored.\r
+\r
+ @retval TRUE Pseudorandom number generator has enough entropy for random generation.\r
+ @retval FALSE Pseudorandom number generator does not have enough entropy for random generation.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+RandomSeed (\r
+ IN CONST UINT8 *Seed OPTIONAL,\r
+ IN UINTN SeedSize\r
+ );\r
+\r
+/**\r
+ Generates a pseudorandom byte stream of the specified size.\r
+\r
+ If Output is NULL, then ASSERT().\r
+\r
+ @param[out] Output Pointer to buffer to receive random value.\r
+ @param[in] Size Size of randome bytes to generate.\r
+\r
+ @retval TRUE Pseudorandom byte stream generated successfully.\r
+ @retval FALSE Pseudorandom number generator fails to generate due to lack of entropy.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+RandomBytes (\r
+ OUT UINT8 *Output,\r
+ IN UINTN Size\r
+ );\r