X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=CryptoPkg%2FInclude%2FLibrary%2FBaseCryptLib.h;h=3755cfab4051d005a7a3a24402f8c902bc19d8bd;hb=c8f46130f88d0816ec6de8a8b69c63dcdd94e3a6;hp=b99401661cb98a2a89b278a32ff96e44ccaf9912;hpb=b6174e2d09bd03b71e13f8b842c92ae44b25a3ff;p=mirror_edk2.git diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index b99401661c..3755cfab40 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -72,6 +72,7 @@ typedef enum { // One-Way Cryptographic Hash Primitives //===================================================================================== +#ifdef ENABLE_MD5_DEPRECATED_INTERFACES /** Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. @@ -211,7 +212,9 @@ Md5HashAll ( IN UINTN DataSize, OUT UINT8 *HashValue ); +#endif +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES /** Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations. @@ -351,6 +354,7 @@ Sha1HashAll ( IN UINTN DataSize, OUT UINT8 *HashValue ); +#endif /** Retrieves the size, in bytes, of the context buffer required for SHA-256 hash operations. @@ -880,139 +884,6 @@ Sm3HashAll ( // MAC (Message Authentication Code) Primitive //===================================================================================== -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use. - - If this interface is not supported, then return NULL. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacSha1New() returns NULL. - @return NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacSha1New ( - VOID - ); - -/** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. - - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacSha1Free ( - IN VOID *HmacSha1Ctx - ); - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE The Key is set successfully. - @retval FALSE The Key is set unsuccessfully. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1SetKey ( - OUT VOID *HmacSha1Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ); - -/** - Makes a copy of an existing HMAC-SHA1 context. - - If HmacSha1Context is NULL, then return FALSE. - If NewHmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied. - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. - - @retval TRUE HMAC-SHA1 context copy succeeded. - @retval FALSE HMAC-SHA1 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Duplicate ( - IN CONST VOID *HmacSha1Context, - OUT VOID *NewHmacSha1Context - ); - -/** - Digests the input data and updates HMAC-SHA1 context. - - This function performs HMAC-SHA1 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discontinuous data streams. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized by - HmacSha1Final(). Behavior with invalid context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[in] Data Pointer to the buffer containing the data to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-SHA1 data digest succeeded. - @retval FALSE HMAC-SHA1 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Update ( - IN OUT VOID *HmacSha1Context, - IN CONST VOID *Data, - IN UINTN DataSize - ); - -/** - Completes computation of the HMAC-SHA1 digest value. - - This function completes HMAC-SHA1 hash computation and retrieves the digest value into - the specified memory. After this function has been called, the HMAC-SHA1 context cannot - be used again. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized - by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest - value (20 bytes). - - @retval TRUE HMAC-SHA1 digest computation succeeded. - @retval FALSE HMAC-SHA1 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Final ( - IN OUT VOID *HmacSha1Context, - OUT UINT8 *HmacValue - ); - /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use. @@ -1492,6 +1363,80 @@ RsaPkcs1Verify ( IN UINTN SigSize ); +/** + Carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme. + + This function carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme defined in + RFC 8017. + Mask generation function is the same as the message digest algorithm. + If the Signature buffer is too small to hold the contents of signature, FALSE + is returned and SigSize is set to the required buffer size to obtain the signature. + + If RsaContext is NULL, then return FALSE. + If Message is NULL, then return FALSE. + If MsgSize is zero or > INT_MAX, then return FALSE. + If DigestLen is NOT 32, 48 or 64, return FALSE. + If SaltLen is not equal to DigestLen, then return FALSE. + If SigSize is large enough but Signature is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] RsaContext Pointer to RSA context for signature generation. + @param[in] Message Pointer to octet message to be signed. + @param[in] MsgSize Size of the message in bytes. + @param[in] DigestLen Length of the digest in bytes to be used for RSA signature operation. + @param[in] SaltLen Length of the salt in bytes to be used for PSS encoding. + @param[out] Signature Pointer to buffer to receive RSA PSS signature. + @param[in, out] SigSize On input, the size of Signature buffer in bytes. + On output, the size of data returned in Signature buffer in bytes. + + @retval TRUE Signature successfully generated in RSASSA-PSS. + @retval FALSE Signature generation failed. + @retval FALSE SigSize is too small. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +RsaPssSign ( + IN VOID *RsaContext, + IN CONST UINT8 *Message, + IN UINTN MsgSize, + IN UINT16 DigestLen, + IN UINT16 SaltLen, + OUT UINT8 *Signature, + IN OUT UINTN *SigSize + ); + +/** + Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017. + Implementation determines salt length automatically from the signature encoding. + Mask generation function is the same as the message digest algorithm. + Salt length should be equal to digest length. + + @param[in] RsaContext Pointer to RSA context for signature verification. + @param[in] Message Pointer to octet message to be verified. + @param[in] MsgSize Size of the message in bytes. + @param[in] Signature Pointer to RSASSA-PSS signature to be verified. + @param[in] SigSize Size of signature in bytes. + @param[in] DigestLen Length of digest for RSA operation. + @param[in] SaltLen Salt length for PSS encoding. + + @retval TRUE Valid signature encoded in RSASSA-PSS. + @retval FALSE Invalid signature or invalid RSA context. + +**/ +BOOLEAN +EFIAPI +RsaPssVerify ( + IN VOID *RsaContext, + IN CONST UINT8 *Message, + IN UINTN MsgSize, + IN CONST UINT8 *Signature, + IN UINTN SigSize, + IN UINT16 DigestLen, + IN UINT16 SaltLen + ); + /** Retrieve the RSA Private Key from the password-protected PEM key data. @@ -1605,7 +1550,7 @@ EFIAPI X509GetCommonName ( IN CONST UINT8 *Cert, IN UINTN CertSize, - OUT CHAR8 *CommonName, OPTIONAL + OUT CHAR8 *CommonName OPTIONAL, IN OUT UINTN *CommonNameSize ); @@ -1640,7 +1585,7 @@ EFIAPI X509GetOrganizationName ( IN CONST UINT8 *Cert, IN UINTN CertSize, - OUT CHAR8 *NameBuffer, OPTIONAL + OUT CHAR8 *NameBuffer OPTIONAL, IN OUT UINTN *NameBufferSize ); @@ -1876,8 +1821,8 @@ Pkcs1v2Encrypt ( IN UINTN PublicKeySize, IN UINT8 *InData, IN UINTN InDataSize, - IN CONST UINT8 *PrngSeed, OPTIONAL - IN UINTN PrngSeedSize, OPTIONAL + IN CONST UINT8 *PrngSeed OPTIONAL, + IN UINTN PrngSeedSize OPTIONAL, OUT UINT8 **EncryptedData, OUT UINTN *EncryptedDataSize );