/** @file\r
Common interfaces to call Security library.\r
\r
- Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>\r
+ Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r
\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
//\r
GLOBAL_REMOVE_IF_UNREFERENCED ENCRYPT_ALGORITHM mIpsecEncryptAlgorithmList[IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE] = {\r
{IKE_EALG_NULL, 0, 0, 1, NULL, NULL, NULL, NULL},\r
- {IKE_EALG_NONE, 0, 0, 1, NULL, NULL, NULL, NULL}, \r
+ {IKE_EALG_NONE, 0, 0, 1, NULL, NULL, NULL, NULL},\r
{IKE_EALG_3DESCBC, 24, 8, 8, TdesGetContextSize, TdesInit, TdesCbcEncrypt, TdesCbcDecrypt},\r
{IKE_EALG_AESCBC, 16, 16, 16, AesGetContextSize, AesInit, AesCbcEncrypt, AesCbcDecrypt}\r
};\r
if (IvSize != 0) {\r
return IpSecCryptoIoGenerateRandomBytes (IvBuffer, IvSize);\r
}\r
- \r
+\r
return EFI_SUCCESS;\r
}\r
\r
@param[in] AlgorithmId The encryption algorithm ID.\r
\r
@return the index.\r
- \r
+\r
**/\r
UINTN\r
IpSecGetIndexFromEncList (\r
)\r
{\r
UINT8 Index;\r
- \r
+\r
for (Index = 0; Index < IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE; Index++) {\r
if (AlgorithmId == mIpsecEncryptAlgorithmList[Index].AlgorithmId) {\r
return Index;\r
}\r
}\r
- \r
+\r
return (UINTN) -1;\r
}\r
\r
@param[in] AlgorithmId The encryption algorithm ID.\r
\r
@return the index.\r
- \r
+\r
**/\r
UINTN\r
IpSecGetIndexFromAuthList (\r
)\r
{\r
UINT8 Index;\r
- \r
+\r
for (Index = 0; Index < IPSEC_AUTH_ALGORITHM_LIST_SIZE; Index++) {\r
if (AlgorithmId == mIpsecAuthAlgorithmList[Index].AlgorithmId) {\r
//\r
return Index;\r
}\r
}\r
- \r
+\r
return (UINTN) -1;\r
}\r
\r
IN UINTN InDataLength,\r
OUT UINT8 *OutData\r
)\r
-{ \r
+{\r
UINTN Index;\r
UINTN ContextSize;\r
UINT8 *Context;\r
EFI_STATUS Status;\r
- \r
+\r
Status = EFI_UNSUPPORTED;\r
- \r
+\r
switch (AlgorithmId) {\r
\r
case IKE_EALG_NULL:\r
if (Context != NULL) {\r
FreePool (Context);\r
}\r
- \r
+\r
return Status;\r
}\r
\r
IN UINTN InDataLength,\r
OUT UINT8 *OutData\r
)\r
-{ \r
+{\r
UINTN Index;\r
UINTN ContextSize;\r
UINT8 *Context;\r
//\r
if (mIpsecEncryptAlgorithmList[Index].CipherInitiate (Context, Key, KeyBits)) {\r
if (mIpsecEncryptAlgorithmList[Index].CipherDecrypt (Context, InData, InDataLength, Ivec, OutData)) {\r
- Status = EFI_SUCCESS; \r
+ Status = EFI_SUCCESS;\r
}\r
}\r
break;\r
the input algorithm ID. It computes all datas from InDataFragment and output\r
the result into the OutData buffer. If the OutDataSize is larger than the related\r
HMAC algorithm output size, return EFI_INVALID_PARAMETER.\r
- \r
+\r
@param[in] AlgorithmId The authentication Identification.\r
@param[in] Key Pointer of the authentication key.\r
@param[in] KeyLength The length of the Key in bytes.\r
}\r
\r
goto Exit;\r
- } \r
- \r
+ }\r
+\r
default:\r
return Status;\r
}\r
\r
Status = EFI_UNSUPPORTED;\r
OutHashData = NULL;\r
- \r
+\r
OutHashSize = IpSecGetHmacDigestLength (AlgorithmId);\r
//\r
// If the expected hash data size is larger than the related Hash algorithm\r
- // output length, return EFI_INVALID_PARAMETER. \r
+ // output length, return EFI_INVALID_PARAMETER.\r
//\r
if (OutDataSize > OutHashSize) {\r
return EFI_INVALID_PARAMETER;\r
if (OutHashData == NULL) {\r
return EFI_OUT_OF_RESOURCES;\r
}\r
- \r
+\r
switch (AlgorithmId) {\r
\r
case IKE_AALG_NONE:\r
Status = EFI_OUT_OF_RESOURCES;\r
goto Exit;\r
}\r
- \r
+\r
//\r
// Initiate Hash context and hash the input data.\r
//\r
// In some cases, like the Icv computing, the Icv size might be less than\r
// the key length size, so copy the part of hash data to the OutData.\r
//\r
- CopyMem (OutData, OutHashData, OutDataSize); \r
+ CopyMem (OutData, OutHashData, OutDataSize);\r
Status = EFI_SUCCESS;\r
}\r
- \r
- goto Exit; \r
- } \r
- \r
+\r
+ goto Exit;\r
+ }\r
+\r
default:\r
return Status;\r
}\r
IN CONST UINT8 *Prime,\r
OUT UINT8 *PublicKey,\r
IN OUT UINTN *PublicKeySize\r
- ) \r
+ )\r
{\r
EFI_STATUS Status;\r
- \r
+\r
*DhContext = DhNew ();\r
ASSERT (*DhContext != NULL);\r
if (!DhSetParameter (*DhContext, Generator, PrimeLength, Prime)) {\r
DhFree (*DhContext);\r
DhContext = NULL;\r
}\r
- \r
+\r
return Status;\r
}\r
\r
**/\r
EFI_STATUS\r
IpSecCryptoIoDhComputeKey (\r
- IN OUT UINT8 *DhContext, \r
+ IN OUT UINT8 *DhContext,\r
IN CONST UINT8 *PeerPublicKey,\r
IN UINTN PeerPublicKeySize,\r
OUT UINT8 *Key,\r
\r
@retval EFI_SUCCESS The operation performs successfully.\r
@retval EFI_INVALID_PARAMETER The DhContext is NULL.\r
- \r
+\r
**/\r
EFI_STATUS\r
IpSecCryptoIoFreeDh (\r
IN OUT UINT8 **DhContext\r
)\r
-{ \r
+{\r
if (*DhContext == NULL) {\r
return EFI_INVALID_PARAMETER;\r
}\r
@param[in] KeyPwdSize The size of Key Password in bytes.\r
@param[out] OutData The pointer to the signed data.\r
@param[in, out] OutDataSize Pointer to contain the size of out data.\r
- \r
+\r
**/\r
VOID\r
IpSecCryptoIoAuthDataWithCertificate (\r
UINT8 *RsaContext;\r
UINT8 *Signature;\r
UINTN SigSize;\r
- \r
+\r
SigSize = 0;\r
RsaContext = NULL;\r
\r
//\r
// Sign data\r
//\r
- Signature = NULL; \r
+ Signature = NULL;\r
if (!RsaPkcs1Sign (RsaContext, InData, InDataSize, Signature, &SigSize)) {\r
Signature = AllocateZeroPool (SigSize);\r
} else {\r
return;\r
- } \r
+ }\r
\r
RsaPkcs1Sign (RsaContext, InData, InDataSize, Signature, &SigSize);\r
\r
\r
@retval TRUE Valid signature encoded in PKCS1-v1_5.\r
@retval FALSE Invalid signature or invalid RSA context.\r
- \r
+\r
**/\r
BOOLEAN\r
IpSecCryptoIoVerifySignDataByCertificate (\r
// Retrieve the RSA public Key from Certificate\r
//\r
RsaGetPublicKeyFromX509 ((CONST UINT8 *)InCert, CertLen, (VOID **)&RsaContext);\r
- \r
+\r
//\r
// Verify data\r
//\r
}\r
\r
*PublicKeyLen = 0;\r
- \r
+\r
RsaGetKey (RsaContext, RsaKeyN, NULL, PublicKeyLen);\r
- \r
+\r
*PublicKey = AllocateZeroPool (*PublicKeyLen);\r
if (*PublicKey == NULL) {\r
Status = EFI_OUT_OF_RESOURCES;\r
@param[in] CertSize The size of the X509 certificate in bytes.\r
@param[out] CertSubject Pointer to the retrieved certificate subject.\r
@param[out] SubjectSize The size of Certificate Subject in bytes.\r
- \r
+\r
@retval EFI_SUCCESS Retrieved the certificate subject successfully.\r
@retval EFI_INVALID_PARAMETER The certificate is malformed.\r
- \r
+\r
**/\r
EFI_STATUS\r
IpSecCryptoIoGetSubjectFromCert (\r