]> git.proxmox.com Git - mirror_edk2.git/blame - CryptoPkg/Include/Library/BaseCryptLib.h
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ArmVirtPkg: Change OPTIONAL keyword usage style
[mirror_edk2.git] / CryptoPkg / Include / Library / BaseCryptLib.h
CommitLineData
97f98500
HT		 1/** @file\r
2 Defines base cryptographic library APIs.\r
3 The Base Cryptographic Library provides implementations of basic cryptography\r
a8c44645 4 primitives (Hash Serials, HMAC, RSA, Diffie-Hellman, etc) for UEFI security\r
5 functionality enabling.\r
97f98500 6\r
9a1f14ad 7Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>\r
2009f6b4 8SPDX-License-Identifier: BSD-2-Clause-Patent\r
97f98500
HT		 9\r
10**/\r
11\r
12#ifndef __BASE_CRYPT_LIB_H__\r
13#define __BASE_CRYPT_LIB_H__\r
14\r
9e8841b4
QL		 15#include <Uefi/UefiBaseType.h>\r
16\r
97f98500
HT		 17///\r
18/// MD5 digest size in bytes\r
19///\r
20#define MD5_DIGEST_SIZE 16\r
21\r
22///\r
23/// SHA-1 digest size in bytes.\r
24///\r
25#define SHA1_DIGEST_SIZE 20\r
26\r
27///\r
28/// SHA-256 digest size in bytes\r
29///\r
30#define SHA256_DIGEST_SIZE 32\r
31\r
2ac68e8b
QL		 32///\r
33/// SHA-384 digest size in bytes\r
34///\r
35#define SHA384_DIGEST_SIZE 48\r
36\r
37///\r
38/// SHA-512 digest size in bytes\r
39///\r
40#define SHA512_DIGEST_SIZE 64\r
41\r
f0718d1d
LX		 42///\r
43/// SM3 digest size in bytes\r
44///\r
45#define SM3_256_DIGEST_SIZE 32\r
46\r
a8c44645 47///\r
48/// TDES block size in bytes\r
49///\r
50#define TDES_BLOCK_SIZE 8\r
51\r
52///\r
53/// AES block size in bytes\r
54///\r
55#define AES_BLOCK_SIZE 16\r
56\r
97f98500
HT		 57///\r
58/// RSA Key Tags Definition used in RsaSetKey() function for key component identification.\r
59///\r
60typedef enum {\r
61 RsaKeyN, ///< RSA public Modulus (N)\r
62 RsaKeyE, ///< RSA Public exponent (e)\r
63 RsaKeyD, ///< RSA Private exponent (d)\r
64 RsaKeyP, ///< RSA secret prime factor of Modulus (p)\r
65 RsaKeyQ, ///< RSA secret prime factor of Modules (q)\r
66 RsaKeyDp, ///< p's CRT exponent (== d mod (p - 1))\r
67 RsaKeyDq, ///< q's CRT exponent (== d mod (q - 1))\r
68 RsaKeyQInv ///< The CRT coefficient (== 1/q mod p)\r
69} RSA_KEY_TAG;\r
70\r
71//=====================================================================================\r
72// One-Way Cryptographic Hash Primitives\r
73//=====================================================================================\r
74\r
e6a12a0f 75#ifdef ENABLE_MD5_DEPRECATED_INTERFACES\r
97f98500
HT		 76/**\r
77 Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.\r
78\r
532616bb 79 If this interface is not supported, then return zero.\r
80\r
97f98500 81 @return The size, in bytes, of the context buffer required for MD5 hash operations.\r
532616bb 82 @retval 0 This interface is not supported.\r
97f98500
HT		 83\r
84**/\r
85UINTN\r
86EFIAPI\r
87Md5GetContextSize (\r
88 VOID\r
89 );\r
90\r
97f98500
HT		 91/**\r
92 Initializes user-supplied memory pointed by Md5Context as MD5 hash context for\r
93 subsequent use.\r
94\r
16d2c32c 95 If Md5Context is NULL, then return FALSE.\r
532616bb 96 If this interface is not supported, then return FALSE.\r
97f98500 97\r
a8c44645 98 @param[out] Md5Context Pointer to MD5 context being initialized.\r
97f98500
HT		 99\r
100 @retval TRUE MD5 context initialization succeeded.\r
101 @retval FALSE MD5 context initialization failed.\r
532616bb 102 @retval FALSE This interface is not supported.\r
97f98500
HT		 103\r
104**/\r
105BOOLEAN\r
106EFIAPI\r
107Md5Init (\r
a8c44645 108 OUT VOID *Md5Context\r
97f98500
HT		 109 );\r
110\r
a8c44645 111/**\r
112 Makes a copy of an existing MD5 context.\r
113\r
16d2c32c 114 If Md5Context is NULL, then return FALSE.\r
115 If NewMd5Context is NULL, then return FALSE.\r
532616bb 116 If this interface is not supported, then return FALSE.\r
a8c44645 117\r
118 @param[in] Md5Context Pointer to MD5 context being copied.\r
119 @param[out] NewMd5Context Pointer to new MD5 context.\r
120\r
121 @retval TRUE MD5 context copy succeeded.\r
122 @retval FALSE MD5 context copy failed.\r
532616bb 123 @retval FALSE This interface is not supported.\r
a8c44645 124\r
125**/\r
126BOOLEAN\r
127EFIAPI\r
128Md5Duplicate (\r
129 IN CONST VOID *Md5Context,\r
130 OUT VOID *NewMd5Context\r
131 );\r
97f98500
HT		 132\r
133/**\r
a8c44645 134 Digests the input data and updates MD5 context.\r
135\r
136 This function performs MD5 digest on a data buffer of the specified size.\r
137 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
2998af86 138 MD5 context should be already correctly initialized by Md5Init(), and should not be finalized\r
a8c44645 139 by Md5Final(). Behavior with invalid context is undefined.\r
97f98500 140\r
16d2c32c 141 If Md5Context is NULL, then return FALSE.\r
532616bb 142 If this interface is not supported, then return FALSE.\r
97f98500
HT		 143\r
144 @param[in, out] Md5Context Pointer to the MD5 context.\r
145 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
a8c44645 146 @param[in] DataSize Size of Data buffer in bytes.\r
97f98500
HT		 147\r
148 @retval TRUE MD5 data digest succeeded.\r
a8c44645 149 @retval FALSE MD5 data digest failed.\r
532616bb 150 @retval FALSE This interface is not supported.\r
97f98500
HT		 151\r
152**/\r
153BOOLEAN\r
154EFIAPI\r
155Md5Update (\r
156 IN OUT VOID *Md5Context,\r
157 IN CONST VOID *Data,\r
a8c44645 158 IN UINTN DataSize\r
97f98500
HT		 159 );\r
160\r
97f98500 161/**\r
a8c44645 162 Completes computation of the MD5 digest value.\r
163\r
164 This function completes MD5 hash computation and retrieves the digest value into\r
165 the specified memory. After this function has been called, the MD5 context cannot\r
166 be used again.\r
2998af86 167 MD5 context should be already correctly initialized by Md5Init(), and should not be\r
a8c44645 168 finalized by Md5Final(). Behavior with invalid MD5 context is undefined.\r
97f98500 169\r
16d2c32c 170 If Md5Context is NULL, then return FALSE.\r
171 If HashValue is NULL, then return FALSE.\r
532616bb 172 If this interface is not supported, then return FALSE.\r
97f98500 173\r
a8c44645 174 @param[in, out] Md5Context Pointer to the MD5 context.\r
97f98500
HT		 175 @param[out] HashValue Pointer to a buffer that receives the MD5 digest\r
176 value (16 bytes).\r
177\r
178 @retval TRUE MD5 digest computation succeeded.\r
179 @retval FALSE MD5 digest computation failed.\r
532616bb 180 @retval FALSE This interface is not supported.\r
97f98500
HT		 181\r
182**/\r
183BOOLEAN\r
184EFIAPI\r
185Md5Final (\r
186 IN OUT VOID *Md5Context,\r
187 OUT UINT8 *HashValue\r
188 );\r
189\r
b7d1ba0a
QL		 190/**\r
191 Computes the MD5 message digest of a input data buffer.\r
192\r
193 This function performs the MD5 message digest of a given data buffer, and places\r
194 the digest value into the specified memory.\r
195\r
196 If this interface is not supported, then return FALSE.\r
197\r
198 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
199 @param[in] DataSize Size of Data buffer in bytes.\r
200 @param[out] HashValue Pointer to a buffer that receives the MD5 digest\r
201 value (16 bytes).\r
202\r
203 @retval TRUE MD5 digest computation succeeded.\r
204 @retval FALSE MD5 digest computation failed.\r
205 @retval FALSE This interface is not supported.\r
206\r
207**/\r
208BOOLEAN\r
209EFIAPI\r
210Md5HashAll (\r
211 IN CONST VOID *Data,\r
212 IN UINTN DataSize,\r
213 OUT UINT8 *HashValue\r
214 );\r
acfd5557 215#endif\r
b7d1ba0a 216\r
0f01cec5 217#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES\r
97f98500
HT		 218/**\r
219 Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations.\r
220\r
532616bb 221 If this interface is not supported, then return zero.\r
222\r
97f98500 223 @return The size, in bytes, of the context buffer required for SHA-1 hash operations.\r
532616bb 224 @retval 0 This interface is not supported.\r
97f98500
HT		 225\r
226**/\r
227UINTN\r
228EFIAPI\r
229Sha1GetContextSize (\r
230 VOID\r
231 );\r
232\r
97f98500 233/**\r
a8c44645 234 Initializes user-supplied memory pointed by Sha1Context as SHA-1 hash context for\r
97f98500
HT		 235 subsequent use.\r
236\r
16d2c32c 237 If Sha1Context is NULL, then return FALSE.\r
532616bb 238 If this interface is not supported, then return FALSE.\r
97f98500 239\r
a8c44645 240 @param[out] Sha1Context Pointer to SHA-1 context being initialized.\r
97f98500 241\r
a8c44645 242 @retval TRUE SHA-1 context initialization succeeded.\r
243 @retval FALSE SHA-1 context initialization failed.\r
532616bb 244 @retval FALSE This interface is not supported.\r
97f98500
HT		 245\r
246**/\r
247BOOLEAN\r
248EFIAPI\r
249Sha1Init (\r
a8c44645 250 OUT VOID *Sha1Context\r
97f98500
HT		 251 );\r
252\r
a8c44645 253/**\r
254 Makes a copy of an existing SHA-1 context.\r
255\r
16d2c32c 256 If Sha1Context is NULL, then return FALSE.\r
257 If NewSha1Context is NULL, then return FALSE.\r
532616bb 258 If this interface is not supported, then return FALSE.\r
a8c44645 259\r
260 @param[in] Sha1Context Pointer to SHA-1 context being copied.\r
261 @param[out] NewSha1Context Pointer to new SHA-1 context.\r
262\r
263 @retval TRUE SHA-1 context copy succeeded.\r
264 @retval FALSE SHA-1 context copy failed.\r
532616bb 265 @retval FALSE This interface is not supported.\r
a8c44645 266\r
267**/\r
268BOOLEAN\r
269EFIAPI\r
270Sha1Duplicate (\r
271 IN CONST VOID *Sha1Context,\r
272 OUT VOID *NewSha1Context\r
273 );\r
97f98500
HT		 274\r
275/**\r
a8c44645 276 Digests the input data and updates SHA-1 context.\r
277\r
278 This function performs SHA-1 digest on a data buffer of the specified size.\r
279 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
2998af86 280 SHA-1 context should be already correctly initialized by Sha1Init(), and should not be finalized\r
a8c44645 281 by Sha1Final(). Behavior with invalid context is undefined.\r
97f98500 282\r
16d2c32c 283 If Sha1Context is NULL, then return FALSE.\r
532616bb 284 If this interface is not supported, then return FALSE.\r
97f98500
HT		 285\r
286 @param[in, out] Sha1Context Pointer to the SHA-1 context.\r
287 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
a8c44645 288 @param[in] DataSize Size of Data buffer in bytes.\r
97f98500
HT		 289\r
290 @retval TRUE SHA-1 data digest succeeded.\r
a8c44645 291 @retval FALSE SHA-1 data digest failed.\r
532616bb 292 @retval FALSE This interface is not supported.\r
97f98500
HT		 293\r
294**/\r
295BOOLEAN\r
296EFIAPI\r
297Sha1Update (\r
298 IN OUT VOID *Sha1Context,\r
299 IN CONST VOID *Data,\r
a8c44645 300 IN UINTN DataSize\r
97f98500
HT		 301 );\r
302\r
97f98500 303/**\r
a8c44645 304 Completes computation of the SHA-1 digest value.\r
305\r
306 This function completes SHA-1 hash computation and retrieves the digest value into\r
307 the specified memory. After this function has been called, the SHA-1 context cannot\r
308 be used again.\r
2998af86 309 SHA-1 context should be already correctly initialized by Sha1Init(), and should not be\r
a8c44645 310 finalized by Sha1Final(). Behavior with invalid SHA-1 context is undefined.\r
97f98500 311\r
16d2c32c 312 If Sha1Context is NULL, then return FALSE.\r
313 If HashValue is NULL, then return FALSE.\r
532616bb 314 If this interface is not supported, then return FALSE.\r
97f98500 315\r
a8c44645 316 @param[in, out] Sha1Context Pointer to the SHA-1 context.\r
97f98500
HT		 317 @param[out] HashValue Pointer to a buffer that receives the SHA-1 digest\r
318 value (20 bytes).\r
319\r
320 @retval TRUE SHA-1 digest computation succeeded.\r
321 @retval FALSE SHA-1 digest computation failed.\r
532616bb 322 @retval FALSE This interface is not supported.\r
97f98500
HT		 323\r
324**/\r
325BOOLEAN\r
326EFIAPI\r
327Sha1Final (\r
328 IN OUT VOID *Sha1Context,\r
329 OUT UINT8 *HashValue\r
330 );\r
331\r
b7d1ba0a
QL		 332/**\r
333 Computes the SHA-1 message digest of a input data buffer.\r
334\r
335 This function performs the SHA-1 message digest of a given data buffer, and places\r
336 the digest value into the specified memory.\r
337\r
338 If this interface is not supported, then return FALSE.\r
339\r
340 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
341 @param[in] DataSize Size of Data buffer in bytes.\r
342 @param[out] HashValue Pointer to a buffer that receives the SHA-1 digest\r
343 value (20 bytes).\r
344\r
345 @retval TRUE SHA-1 digest computation succeeded.\r
346 @retval FALSE SHA-1 digest computation failed.\r
347 @retval FALSE This interface is not supported.\r
348\r
349**/\r
350BOOLEAN\r
351EFIAPI\r
352Sha1HashAll (\r
353 IN CONST VOID *Data,\r
354 IN UINTN DataSize,\r
355 OUT UINT8 *HashValue\r
356 );\r
0f01cec5 357#endif\r
b7d1ba0a 358\r
97f98500 359/**\r
a8c44645 360 Retrieves the size, in bytes, of the context buffer required for SHA-256 hash operations.\r
97f98500 361\r
a8c44645 362 @return The size, in bytes, of the context buffer required for SHA-256 hash operations.\r
97f98500
HT		 363\r
364**/\r
365UINTN\r
366EFIAPI\r
367Sha256GetContextSize (\r
368 VOID\r
369 );\r
370\r
97f98500
HT		 371/**\r
372 Initializes user-supplied memory pointed by Sha256Context as SHA-256 hash context for\r
373 subsequent use.\r
374\r
16d2c32c 375 If Sha256Context is NULL, then return FALSE.\r
97f98500 376\r
a8c44645 377 @param[out] Sha256Context Pointer to SHA-256 context being initialized.\r
97f98500
HT		 378\r
379 @retval TRUE SHA-256 context initialization succeeded.\r
380 @retval FALSE SHA-256 context initialization failed.\r
381\r
382**/\r
383BOOLEAN\r
384EFIAPI\r
385Sha256Init (\r
a8c44645 386 OUT VOID *Sha256Context\r
97f98500
HT		 387 );\r
388\r
a8c44645 389/**\r
390 Makes a copy of an existing SHA-256 context.\r
391\r
16d2c32c 392 If Sha256Context is NULL, then return FALSE.\r
393 If NewSha256Context is NULL, then return FALSE.\r
532616bb 394 If this interface is not supported, then return FALSE.\r
a8c44645 395\r
396 @param[in] Sha256Context Pointer to SHA-256 context being copied.\r
397 @param[out] NewSha256Context Pointer to new SHA-256 context.\r
398\r
399 @retval TRUE SHA-256 context copy succeeded.\r
400 @retval FALSE SHA-256 context copy failed.\r
532616bb 401 @retval FALSE This interface is not supported.\r
a8c44645 402\r
403**/\r
404BOOLEAN\r
405EFIAPI\r
406Sha256Duplicate (\r
407 IN CONST VOID *Sha256Context,\r
408 OUT VOID *NewSha256Context\r
409 );\r
97f98500
HT		 410\r
411/**\r
a8c44645 412 Digests the input data and updates SHA-256 context.\r
413\r
414 This function performs SHA-256 digest on a data buffer of the specified size.\r
415 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
2998af86 416 SHA-256 context should be already correctly initialized by Sha256Init(), and should not be finalized\r
a8c44645 417 by Sha256Final(). Behavior with invalid context is undefined.\r
97f98500 418\r
16d2c32c 419 If Sha256Context is NULL, then return FALSE.\r
97f98500
HT		 420\r
421 @param[in, out] Sha256Context Pointer to the SHA-256 context.\r
422 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
a8c44645 423 @param[in] DataSize Size of Data buffer in bytes.\r
97f98500
HT		 424\r
425 @retval TRUE SHA-256 data digest succeeded.\r
a8c44645 426 @retval FALSE SHA-256 data digest failed.\r
97f98500
HT		 427\r
428**/\r
429BOOLEAN\r
430EFIAPI\r
431Sha256Update (\r
432 IN OUT VOID *Sha256Context,\r
433 IN CONST VOID *Data,\r
a8c44645 434 IN UINTN DataSize\r
97f98500
HT		 435 );\r
436\r
97f98500 437/**\r
a8c44645 438 Completes computation of the SHA-256 digest value.\r
439\r
440 This function completes SHA-256 hash computation and retrieves the digest value into\r
441 the specified memory. After this function has been called, the SHA-256 context cannot\r
442 be used again.\r
2998af86 443 SHA-256 context should be already correctly initialized by Sha256Init(), and should not be\r
a8c44645 444 finalized by Sha256Final(). Behavior with invalid SHA-256 context is undefined.\r
97f98500 445\r
16d2c32c 446 If Sha256Context is NULL, then return FALSE.\r
447 If HashValue is NULL, then return FALSE.\r
97f98500 448\r
a8c44645 449 @param[in, out] Sha256Context Pointer to the SHA-256 context.\r
97f98500
HT		 450 @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest\r
451 value (32 bytes).\r
452\r
453 @retval TRUE SHA-256 digest computation succeeded.\r
454 @retval FALSE SHA-256 digest computation failed.\r
455\r
456**/\r
457BOOLEAN\r
458EFIAPI\r
459Sha256Final (\r
460 IN OUT VOID *Sha256Context,\r
461 OUT UINT8 *HashValue\r
462 );\r
463\r
b7d1ba0a
QL		 464/**\r
465 Computes the SHA-256 message digest of a input data buffer.\r
466\r
467 This function performs the SHA-256 message digest of a given data buffer, and places\r
468 the digest value into the specified memory.\r
469\r
470 If this interface is not supported, then return FALSE.\r
471\r
472 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
473 @param[in] DataSize Size of Data buffer in bytes.\r
474 @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest\r
475 value (32 bytes).\r
476\r
477 @retval TRUE SHA-256 digest computation succeeded.\r
478 @retval FALSE SHA-256 digest computation failed.\r
479 @retval FALSE This interface is not supported.\r
480\r
481**/\r
482BOOLEAN\r
483EFIAPI\r
484Sha256HashAll (\r
485 IN CONST VOID *Data,\r
486 IN UINTN DataSize,\r
487 OUT UINT8 *HashValue\r
488 );\r
489\r
2ac68e8b
QL		 490/**\r
491 Retrieves the size, in bytes, of the context buffer required for SHA-384 hash operations.\r
492\r
493 @return The size, in bytes, of the context buffer required for SHA-384 hash operations.\r
494\r
495**/\r
496UINTN\r
497EFIAPI\r
498Sha384GetContextSize (\r
499 VOID\r
500 );\r
501\r
502/**\r
503 Initializes user-supplied memory pointed by Sha384Context as SHA-384 hash context for\r
504 subsequent use.\r
505\r
506 If Sha384Context is NULL, then return FALSE.\r
507\r
508 @param[out] Sha384Context Pointer to SHA-384 context being initialized.\r
509\r
510 @retval TRUE SHA-384 context initialization succeeded.\r
511 @retval FALSE SHA-384 context initialization failed.\r
512\r
513**/\r
514BOOLEAN\r
515EFIAPI\r
516Sha384Init (\r
517 OUT VOID *Sha384Context\r
518 );\r
519\r
520/**\r
521 Makes a copy of an existing SHA-384 context.\r
522\r
523 If Sha384Context is NULL, then return FALSE.\r
524 If NewSha384Context is NULL, then return FALSE.\r
525 If this interface is not supported, then return FALSE.\r
526\r
527 @param[in] Sha384Context Pointer to SHA-384 context being copied.\r
528 @param[out] NewSha384Context Pointer to new SHA-384 context.\r
529\r
530 @retval TRUE SHA-384 context copy succeeded.\r
531 @retval FALSE SHA-384 context copy failed.\r
532 @retval FALSE This interface is not supported.\r
533\r
534**/\r
535BOOLEAN\r
536EFIAPI\r
537Sha384Duplicate (\r
538 IN CONST VOID *Sha384Context,\r
539 OUT VOID *NewSha384Context\r
540 );\r
541\r
542/**\r
543 Digests the input data and updates SHA-384 context.\r
544\r
545 This function performs SHA-384 digest on a data buffer of the specified size.\r
546 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
2998af86 547 SHA-384 context should be already correctly initialized by Sha384Init(), and should not be finalized\r
2ac68e8b
QL		 548 by Sha384Final(). Behavior with invalid context is undefined.\r
549\r
550 If Sha384Context is NULL, then return FALSE.\r
551\r
552 @param[in, out] Sha384Context Pointer to the SHA-384 context.\r
553 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
554 @param[in] DataSize Size of Data buffer in bytes.\r
555\r
556 @retval TRUE SHA-384 data digest succeeded.\r
557 @retval FALSE SHA-384 data digest failed.\r
558\r
559**/\r
560BOOLEAN\r
561EFIAPI\r
562Sha384Update (\r
563 IN OUT VOID *Sha384Context,\r
564 IN CONST VOID *Data,\r
565 IN UINTN DataSize\r
566 );\r
567\r
568/**\r
569 Completes computation of the SHA-384 digest value.\r
570\r
571 This function completes SHA-384 hash computation and retrieves the digest value into\r
572 the specified memory. After this function has been called, the SHA-384 context cannot\r
573 be used again.\r
2998af86 574 SHA-384 context should be already correctly initialized by Sha384Init(), and should not be\r
2ac68e8b
QL		 575 finalized by Sha384Final(). Behavior with invalid SHA-384 context is undefined.\r
576\r
577 If Sha384Context is NULL, then return FALSE.\r
578 If HashValue is NULL, then return FALSE.\r
579\r
580 @param[in, out] Sha384Context Pointer to the SHA-384 context.\r
581 @param[out] HashValue Pointer to a buffer that receives the SHA-384 digest\r
582 value (48 bytes).\r
583\r
584 @retval TRUE SHA-384 digest computation succeeded.\r
585 @retval FALSE SHA-384 digest computation failed.\r
586\r
587**/\r
588BOOLEAN\r
589EFIAPI\r
590Sha384Final (\r
591 IN OUT VOID *Sha384Context,\r
592 OUT UINT8 *HashValue\r
593 );\r
594\r
b7d1ba0a
QL		 595/**\r
596 Computes the SHA-384 message digest of a input data buffer.\r
597\r
598 This function performs the SHA-384 message digest of a given data buffer, and places\r
599 the digest value into the specified memory.\r
600\r
601 If this interface is not supported, then return FALSE.\r
602\r
603 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
604 @param[in] DataSize Size of Data buffer in bytes.\r
605 @param[out] HashValue Pointer to a buffer that receives the SHA-384 digest\r
606 value (48 bytes).\r
607\r
608 @retval TRUE SHA-384 digest computation succeeded.\r
609 @retval FALSE SHA-384 digest computation failed.\r
610 @retval FALSE This interface is not supported.\r
611\r
612**/\r
613BOOLEAN\r
614EFIAPI\r
615Sha384HashAll (\r
616 IN CONST VOID *Data,\r
617 IN UINTN DataSize,\r
618 OUT UINT8 *HashValue\r
619 );\r
620\r
2ac68e8b
QL		 621/**\r
622 Retrieves the size, in bytes, of the context buffer required for SHA-512 hash operations.\r
623\r
624 @return The size, in bytes, of the context buffer required for SHA-512 hash operations.\r
625\r
626**/\r
627UINTN\r
628EFIAPI\r
629Sha512GetContextSize (\r
630 VOID\r
631 );\r
632\r
633/**\r
634 Initializes user-supplied memory pointed by Sha512Context as SHA-512 hash context for\r
635 subsequent use.\r
636\r
637 If Sha512Context is NULL, then return FALSE.\r
638\r
639 @param[out] Sha512Context Pointer to SHA-512 context being initialized.\r
640\r
641 @retval TRUE SHA-512 context initialization succeeded.\r
642 @retval FALSE SHA-512 context initialization failed.\r
643\r
644**/\r
645BOOLEAN\r
646EFIAPI\r
647Sha512Init (\r
648 OUT VOID *Sha512Context\r
649 );\r
650\r
651/**\r
652 Makes a copy of an existing SHA-512 context.\r
653\r
654 If Sha512Context is NULL, then return FALSE.\r
655 If NewSha512Context is NULL, then return FALSE.\r
656 If this interface is not supported, then return FALSE.\r
657\r
658 @param[in] Sha512Context Pointer to SHA-512 context being copied.\r
659 @param[out] NewSha512Context Pointer to new SHA-512 context.\r
660\r
661 @retval TRUE SHA-512 context copy succeeded.\r
662 @retval FALSE SHA-512 context copy failed.\r
663 @retval FALSE This interface is not supported.\r
664\r
665**/\r
666BOOLEAN\r
667EFIAPI\r
668Sha512Duplicate (\r
669 IN CONST VOID *Sha512Context,\r
670 OUT VOID *NewSha512Context\r
671 );\r
672\r
673/**\r
674 Digests the input data and updates SHA-512 context.\r
675\r
676 This function performs SHA-512 digest on a data buffer of the specified size.\r
677 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
2998af86 678 SHA-512 context should be already correctly initialized by Sha512Init(), and should not be finalized\r
2ac68e8b
QL		 679 by Sha512Final(). Behavior with invalid context is undefined.\r
680\r
681 If Sha512Context is NULL, then return FALSE.\r
682\r
683 @param[in, out] Sha512Context Pointer to the SHA-512 context.\r
684 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
685 @param[in] DataSize Size of Data buffer in bytes.\r
686\r
687 @retval TRUE SHA-512 data digest succeeded.\r
688 @retval FALSE SHA-512 data digest failed.\r
689\r
690**/\r
691BOOLEAN\r
692EFIAPI\r
693Sha512Update (\r
694 IN OUT VOID *Sha512Context,\r
695 IN CONST VOID *Data,\r
696 IN UINTN DataSize\r
697 );\r
698\r
699/**\r
700 Completes computation of the SHA-512 digest value.\r
701\r
702 This function completes SHA-512 hash computation and retrieves the digest value into\r
703 the specified memory. After this function has been called, the SHA-512 context cannot\r
704 be used again.\r
2998af86 705 SHA-512 context should be already correctly initialized by Sha512Init(), and should not be\r
2ac68e8b
QL		 706 finalized by Sha512Final(). Behavior with invalid SHA-512 context is undefined.\r
707\r
708 If Sha512Context is NULL, then return FALSE.\r
709 If HashValue is NULL, then return FALSE.\r
710\r
711 @param[in, out] Sha512Context Pointer to the SHA-512 context.\r
712 @param[out] HashValue Pointer to a buffer that receives the SHA-512 digest\r
713 value (64 bytes).\r
714\r
715 @retval TRUE SHA-512 digest computation succeeded.\r
716 @retval FALSE SHA-512 digest computation failed.\r
717\r
718**/\r
719BOOLEAN\r
720EFIAPI\r
721Sha512Final (\r
722 IN OUT VOID *Sha512Context,\r
723 OUT UINT8 *HashValue\r
724 );\r
97f98500 725\r
b7d1ba0a
QL		 726/**\r
727 Computes the SHA-512 message digest of a input data buffer.\r
728\r
729 This function performs the SHA-512 message digest of a given data buffer, and places\r
730 the digest value into the specified memory.\r
731\r
732 If this interface is not supported, then return FALSE.\r
733\r
734 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
735 @param[in] DataSize Size of Data buffer in bytes.\r
736 @param[out] HashValue Pointer to a buffer that receives the SHA-512 digest\r
737 value (64 bytes).\r
738\r
739 @retval TRUE SHA-512 digest computation succeeded.\r
740 @retval FALSE SHA-512 digest computation failed.\r
741 @retval FALSE This interface is not supported.\r
742\r
743**/\r
744BOOLEAN\r
745EFIAPI\r
746Sha512HashAll (\r
747 IN CONST VOID *Data,\r
748 IN UINTN DataSize,\r
749 OUT UINT8 *HashValue\r
750 );\r
751\r
f0718d1d
LX		 752/**\r
753 Retrieves the size, in bytes, of the context buffer required for SM3 hash operations.\r
754\r
755 @return The size, in bytes, of the context buffer required for SM3 hash operations.\r
756\r
757**/\r
758UINTN\r
759EFIAPI\r
760Sm3GetContextSize (\r
761 VOID\r
762 );\r
763\r
764/**\r
765 Initializes user-supplied memory pointed by Sm3Context as SM3 hash context for\r
766 subsequent use.\r
767\r
768 If Sm3Context is NULL, then return FALSE.\r
769\r
770 @param[out] Sm3Context Pointer to SM3 context being initialized.\r
771\r
772 @retval TRUE SM3 context initialization succeeded.\r
773 @retval FALSE SM3 context initialization failed.\r
774\r
775**/\r
776BOOLEAN\r
777EFIAPI\r
778Sm3Init (\r
779 OUT VOID *Sm3Context\r
780 );\r
781\r
782/**\r
783 Makes a copy of an existing SM3 context.\r
784\r
785 If Sm3Context is NULL, then return FALSE.\r
786 If NewSm3Context is NULL, then return FALSE.\r
787 If this interface is not supported, then return FALSE.\r
788\r
789 @param[in] Sm3Context Pointer to SM3 context being copied.\r
790 @param[out] NewSm3Context Pointer to new SM3 context.\r
791\r
792 @retval TRUE SM3 context copy succeeded.\r
793 @retval FALSE SM3 context copy failed.\r
794 @retval FALSE This interface is not supported.\r
795\r
796**/\r
797BOOLEAN\r
798EFIAPI\r
799Sm3Duplicate (\r
800 IN CONST VOID *Sm3Context,\r
801 OUT VOID *NewSm3Context\r
802 );\r
803\r
804/**\r
805 Digests the input data and updates SM3 context.\r
806\r
807 This function performs SM3 digest on a data buffer of the specified size.\r
808 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
809 SM3 context should be already correctly initialized by Sm3Init(), and should not be finalized\r
810 by Sm3Final(). Behavior with invalid context is undefined.\r
811\r
812 If Sm3Context is NULL, then return FALSE.\r
813\r
814 @param[in, out] Sm3Context Pointer to the SM3 context.\r
815 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
816 @param[in] DataSize Size of Data buffer in bytes.\r
817\r
818 @retval TRUE SM3 data digest succeeded.\r
819 @retval FALSE SM3 data digest failed.\r
820\r
821**/\r
822BOOLEAN\r
823EFIAPI\r
824Sm3Update (\r
825 IN OUT VOID *Sm3Context,\r
826 IN CONST VOID *Data,\r
827 IN UINTN DataSize\r
828 );\r
829\r
830/**\r
831 Completes computation of the SM3 digest value.\r
832\r
833 This function completes SM3 hash computation and retrieves the digest value into\r
834 the specified memory. After this function has been called, the SM3 context cannot\r
835 be used again.\r
836 SM3 context should be already correctly initialized by Sm3Init(), and should not be\r
837 finalized by Sm3Final(). Behavior with invalid SM3 context is undefined.\r
838\r
839 If Sm3Context is NULL, then return FALSE.\r
840 If HashValue is NULL, then return FALSE.\r
841\r
842 @param[in, out] Sm3Context Pointer to the SM3 context.\r
843 @param[out] HashValue Pointer to a buffer that receives the SM3 digest\r
844 value (32 bytes).\r
845\r
846 @retval TRUE SM3 digest computation succeeded.\r
847 @retval FALSE SM3 digest computation failed.\r
848\r
849**/\r
850BOOLEAN\r
851EFIAPI\r
852Sm3Final (\r
853 IN OUT VOID *Sm3Context,\r
854 OUT UINT8 *HashValue\r
855 );\r
856\r
857/**\r
858 Computes the SM3 message digest of a input data buffer.\r
859\r
860 This function performs the SM3 message digest of a given data buffer, and places\r
861 the digest value into the specified memory.\r
862\r
863 If this interface is not supported, then return FALSE.\r
864\r
865 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
866 @param[in] DataSize Size of Data buffer in bytes.\r
867 @param[out] HashValue Pointer to a buffer that receives the SM3 digest\r
868 value (32 bytes).\r
869\r
870 @retval TRUE SM3 digest computation succeeded.\r
871 @retval FALSE SM3 digest computation failed.\r
872 @retval FALSE This interface is not supported.\r
873\r
874**/\r
875BOOLEAN\r
876EFIAPI\r
877Sm3HashAll (\r
878 IN CONST VOID *Data,\r
879 IN UINTN DataSize,\r
880 OUT UINT8 *HashValue\r
881 );\r
882\r
97f98500
HT		 883//=====================================================================================\r
884// MAC (Message Authentication Code) Primitive\r
885//=====================================================================================\r
886\r
4c270243
QL		 887/**\r
888 Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.\r
889\r
890 @return Pointer to the HMAC_CTX context that has been initialized.\r
891 If the allocations fails, HmacSha256New() returns NULL.\r
892\r
893**/\r
894VOID *\r
895EFIAPI\r
896HmacSha256New (\r
897 VOID\r
898 );\r
899\r
900/**\r
901 Release the specified HMAC_CTX context.\r
902\r
903 @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released.\r
904\r
905**/\r
906VOID\r
907EFIAPI\r
908HmacSha256Free (\r
909 IN VOID *HmacSha256Ctx\r
910 );\r
911\r
72009c62 912/**\r
a23fdff6
JW		 913 Set user-supplied key for subsequent use. It must be done before any\r
914 calling to HmacSha256Update().\r
72009c62
QL		 915\r
916 If HmacSha256Context is NULL, then return FALSE.\r
917 If this interface is not supported, then return FALSE.\r
918\r
a23fdff6 919 @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.\r
72009c62
QL		 920 @param[in] Key Pointer to the user-supplied key.\r
921 @param[in] KeySize Key size in bytes.\r
922\r
a23fdff6
JW		 923 @retval TRUE The Key is set successfully.\r
924 @retval FALSE The Key is set unsuccessfully.\r
72009c62
QL		 925 @retval FALSE This interface is not supported.\r
926\r
927**/\r
928BOOLEAN\r
929EFIAPI\r
a23fdff6 930HmacSha256SetKey (\r
72009c62
QL		 931 OUT VOID *HmacSha256Context,\r
932 IN CONST UINT8 *Key,\r
933 IN UINTN KeySize\r
934 );\r
935\r
936/**\r
937 Makes a copy of an existing HMAC-SHA256 context.\r
938\r
939 If HmacSha256Context is NULL, then return FALSE.\r
940 If NewHmacSha256Context is NULL, then return FALSE.\r
941 If this interface is not supported, then return FALSE.\r
942\r
943 @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied.\r
944 @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context.\r
945\r
946 @retval TRUE HMAC-SHA256 context copy succeeded.\r
947 @retval FALSE HMAC-SHA256 context copy failed.\r
948 @retval FALSE This interface is not supported.\r
949\r
950**/\r
951BOOLEAN\r
952EFIAPI\r
953HmacSha256Duplicate (\r
954 IN CONST VOID *HmacSha256Context,\r
955 OUT VOID *NewHmacSha256Context\r
956 );\r
957\r
958/**\r
959 Digests the input data and updates HMAC-SHA256 context.\r
960\r
961 This function performs HMAC-SHA256 digest on a data buffer of the specified size.\r
962 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
a23fdff6
JW		 963 HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized\r
964 by HmacSha256Final(). Behavior with invalid context is undefined.\r
72009c62
QL		 965\r
966 If HmacSha256Context is NULL, then return FALSE.\r
967 If this interface is not supported, then return FALSE.\r
968\r
969 @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.\r
970 @param[in] Data Pointer to the buffer containing the data to be digested.\r
971 @param[in] DataSize Size of Data buffer in bytes.\r
972\r
973 @retval TRUE HMAC-SHA256 data digest succeeded.\r
974 @retval FALSE HMAC-SHA256 data digest failed.\r
975 @retval FALSE This interface is not supported.\r
976\r
977**/\r
978BOOLEAN\r
979EFIAPI\r
980HmacSha256Update (\r
981 IN OUT VOID *HmacSha256Context,\r
982 IN CONST VOID *Data,\r
983 IN UINTN DataSize\r
984 );\r
985\r
986/**\r
987 Completes computation of the HMAC-SHA256 digest value.\r
988\r
989 This function completes HMAC-SHA256 hash computation and retrieves the digest value into\r
990 the specified memory. After this function has been called, the HMAC-SHA256 context cannot\r
991 be used again.\r
a23fdff6
JW		 992 HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized\r
993 by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined.\r
72009c62
QL		 994\r
995 If HmacSha256Context is NULL, then return FALSE.\r
68ae7cd6 996 If HmacValue is NULL, then return FALSE.\r
72009c62
QL		 997 If this interface is not supported, then return FALSE.\r
998\r
999 @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.\r
68ae7cd6 1000 @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest\r
72009c62
QL		 1001 value (32 bytes).\r
1002\r
1003 @retval TRUE HMAC-SHA256 digest computation succeeded.\r
1004 @retval FALSE HMAC-SHA256 digest computation failed.\r
1005 @retval FALSE This interface is not supported.\r
1006\r
1007**/\r
1008BOOLEAN\r
1009EFIAPI\r
1010HmacSha256Final (\r
1011 IN OUT VOID *HmacSha256Context,\r
1012 OUT UINT8 *HmacValue\r
1013 );\r
1014\r
97f98500
HT		 1015//=====================================================================================\r
1016// Symmetric Cryptography Primitive\r
1017//=====================================================================================\r
1018\r
a8c44645 1019/**\r
1020 Retrieves the size, in bytes, of the context buffer required for AES operations.\r
1021\r
532616bb 1022 If this interface is not supported, then return zero.\r
1023\r
a8c44645 1024 @return The size, in bytes, of the context buffer required for AES operations.\r
532616bb 1025 @retval 0 This interface is not supported.\r
a8c44645 1026\r
1027**/\r
1028UINTN\r
1029EFIAPI\r
1030AesGetContextSize (\r
1031 VOID\r
1032 );\r
1033\r
1034/**\r
1035 Initializes user-supplied memory as AES context for subsequent use.\r
1036\r
1037 This function initializes user-supplied memory pointed by AesContext as AES context.\r
6b8ebcb8 1038 In addition, it sets up all AES key materials for subsequent encryption and decryption\r
a8c44645 1039 operations.\r
1040 There are 3 options for key length, 128 bits, 192 bits, and 256 bits.\r
1041\r
16d2c32c 1042 If AesContext is NULL, then return FALSE.\r
1043 If Key is NULL, then return FALSE.\r
1044 If KeyLength is not valid, then return FALSE.\r
532616bb 1045 If this interface is not supported, then return FALSE.\r
a8c44645 1046\r
1047 @param[out] AesContext Pointer to AES context being initialized.\r
1048 @param[in] Key Pointer to the user-supplied AES key.\r
1049 @param[in] KeyLength Length of AES key in bits.\r
1050\r
1051 @retval TRUE AES context initialization succeeded.\r
1052 @retval FALSE AES context initialization failed.\r
532616bb 1053 @retval FALSE This interface is not supported.\r
a8c44645 1054\r
1055**/\r
1056BOOLEAN\r
1057EFIAPI\r
1058AesInit (\r
1059 OUT VOID *AesContext,\r
1060 IN CONST UINT8 *Key,\r
1061 IN UINTN KeyLength\r
1062 );\r
1063\r
a8c44645 1064/**\r
1065 Performs AES encryption on a data buffer of the specified size in CBC mode.\r
1066\r
1067 This function performs AES encryption on data buffer pointed by Input, of specified\r
1068 size of InputSize, in CBC mode.\r
1069 InputSize must be multiple of block size (16 bytes). This function does not perform\r
1070 padding. Caller must perform padding, if necessary, to ensure valid input data size.\r
1071 Initialization vector should be one block size (16 bytes).\r
1072 AesContext should be already correctly initialized by AesInit(). Behavior with\r
1073 invalid AES context is undefined.\r
1074\r
16d2c32c 1075 If AesContext is NULL, then return FALSE.\r
1076 If Input is NULL, then return FALSE.\r
1077 If InputSize is not multiple of block size (16 bytes), then return FALSE.\r
1078 If Ivec is NULL, then return FALSE.\r
1079 If Output is NULL, then return FALSE.\r
532616bb 1080 If this interface is not supported, then return FALSE.\r
a8c44645 1081\r
1082 @param[in] AesContext Pointer to the AES context.\r
1083 @param[in] Input Pointer to the buffer containing the data to be encrypted.\r
1084 @param[in] InputSize Size of the Input buffer in bytes.\r
1085 @param[in] Ivec Pointer to initialization vector.\r
1086 @param[out] Output Pointer to a buffer that receives the AES encryption output.\r
1087\r
1088 @retval TRUE AES encryption succeeded.\r
1089 @retval FALSE AES encryption failed.\r
532616bb 1090 @retval FALSE This interface is not supported.\r
a8c44645 1091\r
1092**/\r
1093BOOLEAN\r
1094EFIAPI\r
1095AesCbcEncrypt (\r
1096 IN VOID *AesContext,\r
1097 IN CONST UINT8 *Input,\r
1098 IN UINTN InputSize,\r
1099 IN CONST UINT8 *Ivec,\r
1100 OUT UINT8 *Output\r
1101 );\r
1102\r
1103/**\r
1104 Performs AES decryption on a data buffer of the specified size in CBC mode.\r
1105\r
1106 This function performs AES decryption on data buffer pointed by Input, of specified\r
1107 size of InputSize, in CBC mode.\r
1108 InputSize must be multiple of block size (16 bytes). This function does not perform\r
1109 padding. Caller must perform padding, if necessary, to ensure valid input data size.\r
1110 Initialization vector should be one block size (16 bytes).\r
1111 AesContext should be already correctly initialized by AesInit(). Behavior with\r
1112 invalid AES context is undefined.\r
1113\r
16d2c32c 1114 If AesContext is NULL, then return FALSE.\r
1115 If Input is NULL, then return FALSE.\r
1116 If InputSize is not multiple of block size (16 bytes), then return FALSE.\r
1117 If Ivec is NULL, then return FALSE.\r
1118 If Output is NULL, then return FALSE.\r
532616bb 1119 If this interface is not supported, then return FALSE.\r
a8c44645 1120\r
1121 @param[in] AesContext Pointer to the AES context.\r
1122 @param[in] Input Pointer to the buffer containing the data to be encrypted.\r
1123 @param[in] InputSize Size of the Input buffer in bytes.\r
1124 @param[in] Ivec Pointer to initialization vector.\r
1125 @param[out] Output Pointer to a buffer that receives the AES encryption output.\r
1126\r
1127 @retval TRUE AES decryption succeeded.\r
1128 @retval FALSE AES decryption failed.\r
532616bb 1129 @retval FALSE This interface is not supported.\r
a8c44645 1130\r
1131**/\r
1132BOOLEAN\r
1133EFIAPI\r
1134AesCbcDecrypt (\r
1135 IN VOID *AesContext,\r
1136 IN CONST UINT8 *Input,\r
1137 IN UINTN InputSize,\r
1138 IN CONST UINT8 *Ivec,\r
1139 OUT UINT8 *Output\r
1140 );\r
1141\r
97f98500
HT		 1142//=====================================================================================\r
1143// Asymmetric Cryptography Primitive\r
1144//=====================================================================================\r
1145\r
1146/**\r
a8c44645 1147 Allocates and initializes one RSA context for subsequent use.\r
97f98500 1148\r
a8c44645 1149 @return Pointer to the RSA context that has been initialized.\r
97f98500
HT		 1150 If the allocations fails, RsaNew() returns NULL.\r
1151\r
1152**/\r
1153VOID *\r
1154EFIAPI\r
1155RsaNew (\r
1156 VOID\r
1157 );\r
1158\r
97f98500 1159/**\r
a8c44645 1160 Release the specified RSA context.\r
1161\r
16d2c32c 1162 If RsaContext is NULL, then return FALSE.\r
97f98500
HT		 1163\r
1164 @param[in] RsaContext Pointer to the RSA context to be released.\r
1165\r
1166**/\r
1167VOID\r
1168EFIAPI\r
1169RsaFree (\r
1170 IN VOID *RsaContext\r
1171 );\r
1172\r
97f98500 1173/**\r
a8c44645 1174 Sets the tag-designated key component into the established RSA context.\r
1175\r
1176 This function sets the tag-designated RSA key component into the established\r
1177 RSA context from the user-specified non-negative integer (octet string format\r
1178 represented in RSA PKCS#1).\r
2998af86 1179 If BigNumber is NULL, then the specified key component in RSA context is cleared.\r
97f98500 1180\r
16d2c32c 1181 If RsaContext is NULL, then return FALSE.\r
97f98500
HT		 1182\r
1183 @param[in, out] RsaContext Pointer to RSA context being set.\r
1184 @param[in] KeyTag Tag of RSA key component being set.\r
1185 @param[in] BigNumber Pointer to octet integer buffer.\r
2998af86 1186 If NULL, then the specified key component in RSA\r
a8c44645 1187 context is cleared.\r
1188 @param[in] BnSize Size of big number buffer in bytes.\r
1189 If BigNumber is NULL, then it is ignored.\r
97f98500 1190\r
a8c44645 1191 @retval TRUE RSA key component was set successfully.\r
1192 @retval FALSE Invalid RSA key component tag.\r
97f98500
HT		 1193\r
1194**/\r
1195BOOLEAN\r
1196EFIAPI\r
1197RsaSetKey (\r
a8c44645 1198 IN OUT VOID *RsaContext,\r
1199 IN RSA_KEY_TAG KeyTag,\r
1200 IN CONST UINT8 *BigNumber,\r
1201 IN UINTN BnSize\r
1202 );\r
1203\r
1204/**\r
1205 Gets the tag-designated RSA key component from the established RSA context.\r
1206\r
1207 This function retrieves the tag-designated RSA key component from the\r
1208 established RSA context as a non-negative integer (octet string format\r
1209 represented in RSA PKCS#1).\r
1210 If specified key component has not been set or has been cleared, then returned\r
1211 BnSize is set to 0.\r
1212 If the BigNumber buffer is too small to hold the contents of the key, FALSE\r
1213 is returned and BnSize is set to the required buffer size to obtain the key.\r
1214\r
16d2c32c 1215 If RsaContext is NULL, then return FALSE.\r
1216 If BnSize is NULL, then return FALSE.\r
1217 If BnSize is large enough but BigNumber is NULL, then return FALSE.\r
532616bb 1218 If this interface is not supported, then return FALSE.\r
a8c44645 1219\r
1220 @param[in, out] RsaContext Pointer to RSA context being set.\r
1221 @param[in] KeyTag Tag of RSA key component being set.\r
1222 @param[out] BigNumber Pointer to octet integer buffer.\r
1223 @param[in, out] BnSize On input, the size of big number buffer in bytes.\r
1224 On output, the size of data returned in big number buffer in bytes.\r
1225\r
1226 @retval TRUE RSA key component was retrieved successfully.\r
1227 @retval FALSE Invalid RSA key component tag.\r
1228 @retval FALSE BnSize is too small.\r
532616bb 1229 @retval FALSE This interface is not supported.\r
a8c44645 1230\r
1231**/\r
1232BOOLEAN\r
1233EFIAPI\r
1234RsaGetKey (\r
1235 IN OUT VOID *RsaContext,\r
1236 IN RSA_KEY_TAG KeyTag,\r
1237 OUT UINT8 *BigNumber,\r
1238 IN OUT UINTN *BnSize\r
1239 );\r
1240\r
1241/**\r
1242 Generates RSA key components.\r
1243\r
1244 This function generates RSA key components. It takes RSA public exponent E and\r
1245 length in bits of RSA modulus N as input, and generates all key components.\r
1246 If PublicExponent is NULL, the default RSA public exponent (0x10001) will be used.\r
1247\r
1248 Before this function can be invoked, pseudorandom number generator must be correctly\r
1249 initialized by RandomSeed().\r
1250\r
16d2c32c 1251 If RsaContext is NULL, then return FALSE.\r
532616bb 1252 If this interface is not supported, then return FALSE.\r
a8c44645 1253\r
1254 @param[in, out] RsaContext Pointer to RSA context being set.\r
1255 @param[in] ModulusLength Length of RSA modulus N in bits.\r
1256 @param[in] PublicExponent Pointer to RSA public exponent.\r
2ac68e8b 1257 @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.\r
a8c44645 1258\r
1259 @retval TRUE RSA key component was generated successfully.\r
1260 @retval FALSE Invalid RSA key component tag.\r
532616bb 1261 @retval FALSE This interface is not supported.\r
a8c44645 1262\r
1263**/\r
1264BOOLEAN\r
1265EFIAPI\r
1266RsaGenerateKey (\r
1267 IN OUT VOID *RsaContext,\r
1268 IN UINTN ModulusLength,\r
1269 IN CONST UINT8 *PublicExponent,\r
1270 IN UINTN PublicExponentSize\r
1271 );\r
1272\r
1273/**\r
1274 Validates key components of RSA context.\r
952bd229
QL		 1275 NOTE: This function performs integrity checks on all the RSA key material, so\r
1276 the RSA key structure must contain all the private key data.\r
a8c44645 1277\r
2998af86 1278 This function validates key components of RSA context in following aspects:\r
a8c44645 1279 - Whether p is a prime\r
1280 - Whether q is a prime\r
1281 - Whether n = p * q\r
1282 - Whether d*e = 1 mod lcm(p-1,q-1)\r
1283\r
16d2c32c 1284 If RsaContext is NULL, then return FALSE.\r
532616bb 1285 If this interface is not supported, then return FALSE.\r
a8c44645 1286\r
1287 @param[in] RsaContext Pointer to RSA context to check.\r
1288\r
1289 @retval TRUE RSA key components are valid.\r
1290 @retval FALSE RSA key components are not valid.\r
532616bb 1291 @retval FALSE This interface is not supported.\r
a8c44645 1292\r
1293**/\r
1294BOOLEAN\r
1295EFIAPI\r
1296RsaCheckKey (\r
1297 IN VOID *RsaContext\r
97f98500
HT		 1298 );\r
1299\r
a8c44645 1300/**\r
1301 Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.\r
1302\r
1303 This function carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme defined in\r
1304 RSA PKCS#1.\r
1305 If the Signature buffer is too small to hold the contents of signature, FALSE\r
1306 is returned and SigSize is set to the required buffer size to obtain the signature.\r
1307\r
16d2c32c 1308 If RsaContext is NULL, then return FALSE.\r
1309 If MessageHash is NULL, then return FALSE.\r
1310 If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.\r
1311 If SigSize is large enough but Signature is NULL, then return FALSE.\r
532616bb 1312 If this interface is not supported, then return FALSE.\r
a8c44645 1313\r
1314 @param[in] RsaContext Pointer to RSA context for signature generation.\r
1315 @param[in] MessageHash Pointer to octet message hash to be signed.\r
1316 @param[in] HashSize Size of the message hash in bytes.\r
1317 @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature.\r
1318 @param[in, out] SigSize On input, the size of Signature buffer in bytes.\r
b7d320f8 1319 On output, the size of data returned in Signature buffer in bytes.\r
a8c44645 1320\r
1321 @retval TRUE Signature successfully generated in PKCS1-v1_5.\r
1322 @retval FALSE Signature generation failed.\r
1323 @retval FALSE SigSize is too small.\r
532616bb 1324 @retval FALSE This interface is not supported.\r
a8c44645 1325\r
1326**/\r
1327BOOLEAN\r
1328EFIAPI\r
1329RsaPkcs1Sign (\r
1330 IN VOID *RsaContext,\r
1331 IN CONST UINT8 *MessageHash,\r
1332 IN UINTN HashSize,\r
1333 OUT UINT8 *Signature,\r
1334 IN OUT UINTN *SigSize\r
1335 );\r
97f98500
HT		 1336\r
1337/**\r
1338 Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in\r
1339 RSA PKCS#1.\r
1340\r
16d2c32c 1341 If RsaContext is NULL, then return FALSE.\r
1342 If MessageHash is NULL, then return FALSE.\r
1343 If Signature is NULL, then return FALSE.\r
1344 If HashSize is not equal to the size of MD5, SHA-1, SHA-256 digest, then return FALSE.\r
97f98500
HT		 1345\r
1346 @param[in] RsaContext Pointer to RSA context for signature verification.\r
1347 @param[in] MessageHash Pointer to octet message hash to be checked.\r
a8c44645 1348 @param[in] HashSize Size of the message hash in bytes.\r
97f98500 1349 @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.\r
a8c44645 1350 @param[in] SigSize Size of signature in bytes.\r
97f98500 1351\r
a8c44645 1352 @retval TRUE Valid signature encoded in PKCS1-v1_5.\r
1353 @retval FALSE Invalid signature or invalid RSA context.\r
97f98500
HT		 1354\r
1355**/\r
1356BOOLEAN\r
1357EFIAPI\r
1358RsaPkcs1Verify (\r
1359 IN VOID *RsaContext,\r
1360 IN CONST UINT8 *MessageHash,\r
a8c44645 1361 IN UINTN HashSize,\r
8c5720b4 1362 IN CONST UINT8 *Signature,\r
a8c44645 1363 IN UINTN SigSize\r
97f98500
HT		 1364 );\r
1365\r
22ac5cc9
SA		 1366/**\r
1367 Carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme.\r
1368\r
1369 This function carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme defined in\r
1370 RFC 8017.\r
1371 Mask generation function is the same as the message digest algorithm.\r
1372 If the Signature buffer is too small to hold the contents of signature, FALSE\r
1373 is returned and SigSize is set to the required buffer size to obtain the signature.\r
1374\r
1375 If RsaContext is NULL, then return FALSE.\r
1376 If Message is NULL, then return FALSE.\r
1377 If MsgSize is zero or > INT_MAX, then return FALSE.\r
1378 If DigestLen is NOT 32, 48 or 64, return FALSE.\r
20ca5288 1379 If SaltLen is not equal to DigestLen, then return FALSE.\r
22ac5cc9
SA		 1380 If SigSize is large enough but Signature is NULL, then return FALSE.\r
1381 If this interface is not supported, then return FALSE.\r
1382\r
1383 @param[in] RsaContext Pointer to RSA context for signature generation.\r
1384 @param[in] Message Pointer to octet message to be signed.\r
1385 @param[in] MsgSize Size of the message in bytes.\r
1386 @param[in] DigestLen Length of the digest in bytes to be used for RSA signature operation.\r
1387 @param[in] SaltLen Length of the salt in bytes to be used for PSS encoding.\r
1388 @param[out] Signature Pointer to buffer to receive RSA PSS signature.\r
1389 @param[in, out] SigSize On input, the size of Signature buffer in bytes.\r
1390 On output, the size of data returned in Signature buffer in bytes.\r
1391\r
1392 @retval TRUE Signature successfully generated in RSASSA-PSS.\r
1393 @retval FALSE Signature generation failed.\r
1394 @retval FALSE SigSize is too small.\r
1395 @retval FALSE This interface is not supported.\r
1396\r
1397**/\r
1398BOOLEAN\r
1399EFIAPI\r
1400RsaPssSign (\r
1401 IN VOID *RsaContext,\r
1402 IN CONST UINT8 *Message,\r
1403 IN UINTN MsgSize,\r
1404 IN UINT16 DigestLen,\r
1405 IN UINT16 SaltLen,\r
1406 OUT UINT8 *Signature,\r
1407 IN OUT UINTN *SigSize\r
1408 );\r
1409\r
1410/**\r
1411 Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017.\r
1412 Implementation determines salt length automatically from the signature encoding.\r
1413 Mask generation function is the same as the message digest algorithm.\r
20ca5288 1414 Salt length should be equal to digest length.\r
22ac5cc9
SA		 1415\r
1416 @param[in] RsaContext Pointer to RSA context for signature verification.\r
1417 @param[in] Message Pointer to octet message to be verified.\r
1418 @param[in] MsgSize Size of the message in bytes.\r
1419 @param[in] Signature Pointer to RSASSA-PSS signature to be verified.\r
1420 @param[in] SigSize Size of signature in bytes.\r
1421 @param[in] DigestLen Length of digest for RSA operation.\r
1422 @param[in] SaltLen Salt length for PSS encoding.\r
1423\r
1424 @retval TRUE Valid signature encoded in RSASSA-PSS.\r
1425 @retval FALSE Invalid signature or invalid RSA context.\r
1426\r
1427**/\r
1428BOOLEAN\r
1429EFIAPI\r
1430RsaPssVerify (\r
1431 IN VOID *RsaContext,\r
1432 IN CONST UINT8 *Message,\r
1433 IN UINTN MsgSize,\r
1434 IN CONST UINT8 *Signature,\r
1435 IN UINTN SigSize,\r
1436 IN UINT16 DigestLen,\r
1437 IN UINT16 SaltLen\r
1438 );\r
1439\r
4a567c96 1440/**\r
1441 Retrieve the RSA Private Key from the password-protected PEM key data.\r
1442\r
532616bb 1443 If PemData is NULL, then return FALSE.\r
1444 If RsaContext is NULL, then return FALSE.\r
1445 If this interface is not supported, then return FALSE.\r
1446\r
4a567c96 1447 @param[in] PemData Pointer to the PEM-encoded key data to be retrieved.\r
1448 @param[in] PemSize Size of the PEM key data in bytes.\r
1449 @param[in] Password NULL-terminated passphrase used for encrypted PEM key data.\r
1450 @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved\r
1451 RSA private key component. Use RsaFree() function to free the\r
1452 resource.\r
1453\r
4a567c96 1454 @retval TRUE RSA Private Key was retrieved successfully.\r
1455 @retval FALSE Invalid PEM key data or incorrect password.\r
532616bb 1456 @retval FALSE This interface is not supported.\r
4a567c96 1457\r
1458**/\r
1459BOOLEAN\r
1460EFIAPI\r
1461RsaGetPrivateKeyFromPem (\r
1462 IN CONST UINT8 *PemData,\r
1463 IN UINTN PemSize,\r
1464 IN CONST CHAR8 *Password,\r
1465 OUT VOID **RsaContext\r
1466 );\r
1467\r
1468/**\r
1469 Retrieve the RSA Public Key from one DER-encoded X509 certificate.\r
1470\r
532616bb 1471 If Cert is NULL, then return FALSE.\r
1472 If RsaContext is NULL, then return FALSE.\r
1473 If this interface is not supported, then return FALSE.\r
1474\r
4a567c96 1475 @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
1476 @param[in] CertSize Size of the X509 certificate in bytes.\r
1477 @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved\r
1478 RSA public key component. Use RsaFree() function to free the\r
1479 resource.\r
1480\r
4a567c96 1481 @retval TRUE RSA Public Key was retrieved successfully.\r
1482 @retval FALSE Fail to retrieve RSA public key from X509 certificate.\r
532616bb 1483 @retval FALSE This interface is not supported.\r
4a567c96 1484\r
1485**/\r
1486BOOLEAN\r
1487EFIAPI\r
1488RsaGetPublicKeyFromX509 (\r
1489 IN CONST UINT8 *Cert,\r
1490 IN UINTN CertSize,\r
1491 OUT VOID **RsaContext\r
1492 );\r
1493\r
1494/**\r
1495 Retrieve the subject bytes from one X.509 certificate.\r
1496\r
532616bb 1497 If Cert is NULL, then return FALSE.\r
1498 If SubjectSize is NULL, then return FALSE.\r
1499 If this interface is not supported, then return FALSE.\r
1500\r
4a567c96 1501 @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
1502 @param[in] CertSize Size of the X509 certificate in bytes.\r
1503 @param[out] CertSubject Pointer to the retrieved certificate subject bytes.\r
1504 @param[in, out] SubjectSize The size in bytes of the CertSubject buffer on input,\r
1505 and the size of buffer returned CertSubject on output.\r
1506\r
4a567c96 1507 @retval TRUE The certificate subject retrieved successfully.\r
1508 @retval FALSE Invalid certificate, or the SubjectSize is too small for the result.\r
1509 The SubjectSize will be updated with the required size.\r
532616bb 1510 @retval FALSE This interface is not supported.\r
4a567c96 1511\r
1512**/\r
1513BOOLEAN\r
1514EFIAPI\r
1515X509GetSubjectName (\r
1516 IN CONST UINT8 *Cert,\r
1517 IN UINTN CertSize,\r
1518 OUT UINT8 *CertSubject,\r
1519 IN OUT UINTN *SubjectSize\r
1520 );\r
1521\r
5b7c2245
QL		 1522/**\r
1523 Retrieve the common name (CN) string from one X.509 certificate.\r
1524\r
1525 @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
1526 @param[in] CertSize Size of the X509 certificate in bytes.\r
1527 @param[out] CommonName Buffer to contain the retrieved certificate common\r
0b6457ef 1528 name string (UTF8). At most CommonNameSize bytes will be\r
5b7c2245
QL		 1529 written and the string will be null terminated. May be\r
1530 NULL in order to determine the size buffer needed.\r
1531 @param[in,out] CommonNameSize The size in bytes of the CommonName buffer on input,\r
1532 and the size of buffer returned CommonName on output.\r
1533 If CommonName is NULL then the amount of space needed\r
1534 in buffer (including the final null) is returned.\r
1535\r
1536 @retval RETURN_SUCCESS The certificate CommonName retrieved successfully.\r
1537 @retval RETURN_INVALID_PARAMETER If Cert is NULL.\r
1538 If CommonNameSize is NULL.\r
1539 If CommonName is not NULL and *CommonNameSize is 0.\r
1540 If Certificate is invalid.\r
1541 @retval RETURN_NOT_FOUND If no CommonName entry exists.\r
1542 @retval RETURN_BUFFER_TOO_SMALL If the CommonName is NULL. The required buffer size\r
630f67dd 1543 (including the final null) is returned in the\r
5b7c2245
QL		 1544 CommonNameSize parameter.\r
1545 @retval RETURN_UNSUPPORTED The operation is not supported.\r
1546\r
1547**/\r
1548RETURN_STATUS\r
1549EFIAPI\r
1550X509GetCommonName (\r
1551 IN CONST UINT8 *Cert,\r
1552 IN UINTN CertSize,\r
1553 OUT CHAR8 *CommonName, OPTIONAL\r
1554 IN OUT UINTN *CommonNameSize\r
1555 );\r
1556\r
e2a673b8
BB		 1557/**\r
1558 Retrieve the organization name (O) string from one X.509 certificate.\r
1559\r
1560 @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
1561 @param[in] CertSize Size of the X509 certificate in bytes.\r
1562 @param[out] NameBuffer Buffer to contain the retrieved certificate organization\r
1563 name string. At most NameBufferSize bytes will be\r
1564 written and the string will be null terminated. May be\r
1565 NULL in order to determine the size buffer needed.\r
1566 @param[in,out] NameBufferSize The size in bytes of the Name buffer on input,\r
1567 and the size of buffer returned Name on output.\r
1568 If NameBuffer is NULL then the amount of space needed\r
1569 in buffer (including the final null) is returned.\r
1570\r
1571 @retval RETURN_SUCCESS The certificate Organization Name retrieved successfully.\r
1572 @retval RETURN_INVALID_PARAMETER If Cert is NULL.\r
1573 If NameBufferSize is NULL.\r
1574 If NameBuffer is not NULL and *CommonNameSize is 0.\r
1575 If Certificate is invalid.\r
1576 @retval RETURN_NOT_FOUND If no Organization Name entry exists.\r
1577 @retval RETURN_BUFFER_TOO_SMALL If the NameBuffer is NULL. The required buffer size\r
1578 (including the final null) is returned in the\r
1579 CommonNameSize parameter.\r
1580 @retval RETURN_UNSUPPORTED The operation is not supported.\r
1581\r
1582**/\r
1583RETURN_STATUS\r
1584EFIAPI\r
1585X509GetOrganizationName (\r
1586 IN CONST UINT8 *Cert,\r
1587 IN UINTN CertSize,\r
1588 OUT CHAR8 *NameBuffer, OPTIONAL\r
1589 IN OUT UINTN *NameBufferSize\r
1590 );\r
1591\r
4a567c96 1592/**\r
1593 Verify one X509 certificate was issued by the trusted CA.\r
1594\r
532616bb 1595 If Cert is NULL, then return FALSE.\r
1596 If CACert is NULL, then return FALSE.\r
1597 If this interface is not supported, then return FALSE.\r
1598\r
4a567c96 1599 @param[in] Cert Pointer to the DER-encoded X509 certificate to be verified.\r
1600 @param[in] CertSize Size of the X509 certificate in bytes.\r
1601 @param[in] CACert Pointer to the DER-encoded trusted CA certificate.\r
1602 @param[in] CACertSize Size of the CA Certificate in bytes.\r
1603\r
4a567c96 1604 @retval TRUE The certificate was issued by the trusted CA.\r
1605 @retval FALSE Invalid certificate or the certificate was not issued by the given\r
1606 trusted CA.\r
532616bb 1607 @retval FALSE This interface is not supported.\r
4a567c96 1608\r
1609**/\r
1610BOOLEAN\r
1611EFIAPI\r
1612X509VerifyCert (\r
1613 IN CONST UINT8 *Cert,\r
1614 IN UINTN CertSize,\r
1615 IN CONST UINT8 *CACert,\r
1616 IN UINTN CACertSize\r
1617 );\r
1618\r
b7d320f8 1619/**\r
1620 Construct a X509 object from DER-encoded certificate data.\r
1621\r
16d2c32c 1622 If Cert is NULL, then return FALSE.\r
1623 If SingleX509Cert is NULL, then return FALSE.\r
532616bb 1624 If this interface is not supported, then return FALSE.\r
b7d320f8 1625\r
1626 @param[in] Cert Pointer to the DER-encoded certificate data.\r
1627 @param[in] CertSize The size of certificate data in bytes.\r
1628 @param[out] SingleX509Cert The generated X509 object.\r
1629\r
1630 @retval TRUE The X509 object generation succeeded.\r
1631 @retval FALSE The operation failed.\r
532616bb 1632 @retval FALSE This interface is not supported.\r
b7d320f8 1633\r
1634**/\r
1635BOOLEAN\r
1636EFIAPI\r
1637X509ConstructCertificate (\r
1638 IN CONST UINT8 *Cert,\r
1639 IN UINTN CertSize,\r
1640 OUT UINT8 **SingleX509Cert\r
1641 );\r
1642\r
66862136
MK		 1643/**\r
1644 Construct a X509 stack object from a list of DER-encoded certificate data.\r
1645\r
1646 If X509Stack is NULL, then return FALSE.\r
1647 If this interface is not supported, then return FALSE.\r
1648\r
1649 @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object.\r
1650 On output, pointer to the X509 stack object with new\r
1651 inserted X509 certificate.\r
1652 @param[in] Args VA_LIST marker for the variable argument list.\r
1653 A list of DER-encoded single certificate data followed\r
1654 by certificate size. A NULL terminates the list. The\r
1655 pairs are the arguments to X509ConstructCertificate().\r
1656\r
1657 @retval TRUE The X509 stack construction succeeded.\r
1658 @retval FALSE The construction operation failed.\r
1659 @retval FALSE This interface is not supported.\r
1660\r
1661**/\r
1662BOOLEAN\r
1663EFIAPI\r
1664X509ConstructCertificateStackV (\r
1665 IN OUT UINT8 **X509Stack,\r
1666 IN VA_LIST Args\r
1667 );\r
1668\r
b7d320f8 1669/**\r
1670 Construct a X509 stack object from a list of DER-encoded certificate data.\r
1671\r
16d2c32c 1672 If X509Stack is NULL, then return FALSE.\r
532616bb 1673 If this interface is not supported, then return FALSE.\r
b7d320f8 1674\r
952bd229 1675 @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object.\r
b7d320f8 1676 On output, pointer to the X509 stack object with new\r
1677 inserted X509 certificate.\r
1678 @param ... A list of DER-encoded single certificate data followed\r
1679 by certificate size. A NULL terminates the list. The\r
1680 pairs are the arguments to X509ConstructCertificate().\r
2ac68e8b 1681\r
b7d320f8 1682 @retval TRUE The X509 stack construction succeeded.\r
1683 @retval FALSE The construction operation failed.\r
532616bb 1684 @retval FALSE This interface is not supported.\r
b7d320f8 1685\r
1686**/\r
1687BOOLEAN\r
1688EFIAPI\r
1689X509ConstructCertificateStack (\r
1690 IN OUT UINT8 **X509Stack,\r
2ac68e8b 1691 ...\r
b7d320f8 1692 );\r
1693\r
1694/**\r
1695 Release the specified X509 object.\r
1696\r
532616bb 1697 If the interface is not supported, then ASSERT().\r
b7d320f8 1698\r
1699 @param[in] X509Cert Pointer to the X509 object to be released.\r
1700\r
1701**/\r
1702VOID\r
1703EFIAPI\r
1704X509Free (\r
1705 IN VOID *X509Cert\r
1706 );\r
1707\r
1708/**\r
1709 Release the specified X509 stack object.\r
1710\r
532616bb 1711 If the interface is not supported, then ASSERT().\r
b7d320f8 1712\r
1713 @param[in] X509Stack Pointer to the X509 stack object to be released.\r
1714\r
1715**/\r
1716VOID\r
1717EFIAPI\r
1718X509StackFree (\r
1719 IN VOID *X509Stack\r
1720 );\r
1721\r
12d95665
LQ		 1722/**\r
1723 Retrieve the TBSCertificate from one given X.509 certificate.\r
1724\r
1725 @param[in] Cert Pointer to the given DER-encoded X509 certificate.\r
1726 @param[in] CertSize Size of the X509 certificate in bytes.\r
1727 @param[out] TBSCert DER-Encoded To-Be-Signed certificate.\r
1728 @param[out] TBSCertSize Size of the TBS certificate in bytes.\r
1729\r
1730 If Cert is NULL, then return FALSE.\r
1731 If TBSCert is NULL, then return FALSE.\r
1732 If TBSCertSize is NULL, then return FALSE.\r
1733 If this interface is not supported, then return FALSE.\r
1734\r
1735 @retval TRUE The TBSCertificate was retrieved successfully.\r
1736 @retval FALSE Invalid X.509 certificate.\r
1737\r
1738**/\r
1739BOOLEAN\r
1740EFIAPI\r
1741X509GetTBSCert (\r
1742 IN CONST UINT8 *Cert,\r
1743 IN UINTN CertSize,\r
1744 OUT UINT8 **TBSCert,\r
1745 OUT UINTN *TBSCertSize\r
1746 );\r
1747\r
a8f37449
QL		 1748/**\r
1749 Derives a key from a password using a salt and iteration count, based on PKCS#5 v2.0\r
1750 password based encryption key derivation function PBKDF2, as specified in RFC 2898.\r
1751\r
1752 If Password or Salt or OutKey is NULL, then return FALSE.\r
1753 If the hash algorithm could not be determined, then return FALSE.\r
1754 If this interface is not supported, then return FALSE.\r
1755\r
1756 @param[in] PasswordLength Length of input password in bytes.\r
1757 @param[in] Password Pointer to the array for the password.\r
1758 @param[in] SaltLength Size of the Salt in bytes.\r
1759 @param[in] Salt Pointer to the Salt.\r
1760 @param[in] IterationCount Number of iterations to perform. Its value should be\r
1761 greater than or equal to 1.\r
1762 @param[in] DigestSize Size of the message digest to be used (eg. SHA256_DIGEST_SIZE).\r
1763 NOTE: DigestSize will be used to determine the hash algorithm.\r
1764 Only SHA1_DIGEST_SIZE or SHA256_DIGEST_SIZE is supported.\r
1765 @param[in] KeyLength Size of the derived key buffer in bytes.\r
1766 @param[out] OutKey Pointer to the output derived key buffer.\r
1767\r
1768 @retval TRUE A key was derived successfully.\r
1769 @retval FALSE One of the pointers was NULL or one of the sizes was too large.\r
1770 @retval FALSE The hash algorithm could not be determined from the digest size.\r
1771 @retval FALSE The key derivation operation failed.\r
1772 @retval FALSE This interface is not supported.\r
1773\r
1774**/\r
1775BOOLEAN\r
1776EFIAPI\r
1777Pkcs5HashPassword (\r
1778 IN UINTN PasswordLength,\r
1779 IN CONST CHAR8 *Password,\r
1780 IN UINTN SaltLength,\r
1781 IN CONST UINT8 *Salt,\r
1782 IN UINTN IterationCount,\r
1783 IN UINTN DigestSize,\r
1784 IN UINTN KeyLength,\r
1785 OUT UINT8 *OutKey\r
1786 );\r
1787\r
aed90bee
BB		 1788/**\r
1789 Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the\r
1790 encrypted message in a newly allocated buffer.\r
1791\r
1792 Things that can cause a failure include:\r
1793 - X509 key size does not match any known key size.\r
1794 - Fail to parse X509 certificate.\r
1795 - Fail to allocate an intermediate buffer.\r
1796 - Null pointer provided for a non-optional parameter.\r
1797 - Data size is too large for the provided key size (max size is a function of key size\r
1798 and hash digest size).\r
1799\r
1800 @param[in] PublicKey A pointer to the DER-encoded X509 certificate that\r
1801 will be used to encrypt the data.\r
1802 @param[in] PublicKeySize Size of the X509 cert buffer.\r
1803 @param[in] InData Data to be encrypted.\r
1804 @param[in] InDataSize Size of the data buffer.\r
1805 @param[in] PrngSeed [Optional] If provided, a pointer to a random seed buffer\r
1806 to be used when initializing the PRNG. NULL otherwise.\r
1807 @param[in] PrngSeedSize [Optional] If provided, size of the random seed buffer.\r
1808 0 otherwise.\r
1809 @param[out] EncryptedData Pointer to an allocated buffer containing the encrypted\r
1810 message.\r
1811 @param[out] EncryptedDataSize Size of the encrypted message buffer.\r
1812\r
1813 @retval TRUE Encryption was successful.\r
1814 @retval FALSE Encryption failed.\r
1815\r
1816**/\r
1817BOOLEAN\r
1818EFIAPI\r
1819Pkcs1v2Encrypt (\r
1820 IN CONST UINT8 *PublicKey,\r
1821 IN UINTN PublicKeySize,\r
1822 IN UINT8 *InData,\r
1823 IN UINTN InDataSize,\r
1824 IN CONST UINT8 *PrngSeed, OPTIONAL\r
1825 IN UINTN PrngSeedSize, OPTIONAL\r
1826 OUT UINT8 **EncryptedData,\r
1827 OUT UINTN *EncryptedDataSize\r
1828 );\r
1829\r
3702637a 1830/**\r
1831 The 3rd parameter of Pkcs7GetSigners will return all embedded\r
1832 X.509 certificate in one given PKCS7 signature. The format is:\r
1833 //\r
1834 // UINT8 CertNumber;\r
1835 // UINT32 Cert1Length;\r
1836 // UINT8 Cert1[];\r
1837 // UINT32 Cert2Length;\r
1838 // UINT8 Cert2[];\r
1839 // ...\r
1840 // UINT32 CertnLength;\r
1841 // UINT8 Certn[];\r
1842 //\r
1843\r
1844 The two following C-structure are used for parsing CertStack more clearly.\r
1845**/\r
1846#pragma pack(1)\r
1847\r
1848typedef struct {\r
1849 UINT32 CertDataLength; // The length in bytes of X.509 certificate.\r
1850 UINT8 CertDataBuffer[0]; // The X.509 certificate content (DER).\r
1851} EFI_CERT_DATA;\r
1852\r
1853typedef struct {\r
1854 UINT8 CertNumber; // Number of X.509 certificate.\r
1855 //EFI_CERT_DATA CertArray[]; // An array of X.509 certificate.\r
1856} EFI_CERT_STACK;\r
1857\r
1858#pragma pack()\r
1859\r
e8b4eb04 1860/**\r
1861 Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:\r
1862 Cryptographic Message Syntax Standard". The input signed data could be wrapped\r
1863 in a ContentInfo structure.\r
1864\r
1865 If P7Data, CertStack, StackLength, TrustedCert or CertLength is NULL, then\r
2998af86 1866 return FALSE. If P7Length overflow, then return FALSE.\r
532616bb 1867 If this interface is not supported, then return FALSE.\r
e8b4eb04 1868\r
1869 @param[in] P7Data Pointer to the PKCS#7 message to verify.\r
1870 @param[in] P7Length Length of the PKCS#7 message in bytes.\r
1871 @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.\r
6fe575d0
LQ		 1872 It's caller's responsibility to free the buffer with\r
1873 Pkcs7FreeSigners().\r
3702637a 1874 This data structure is EFI_CERT_STACK type.\r
e8b4eb04 1875 @param[out] StackLength Length of signer's certificates in bytes.\r
1876 @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.\r
6fe575d0
LQ		 1877 It's caller's responsibility to free the buffer with\r
1878 Pkcs7FreeSigners().\r
e8b4eb04 1879 @param[out] CertLength Length of the trusted certificate in bytes.\r
1880\r
1881 @retval TRUE The operation is finished successfully.\r
1882 @retval FALSE Error occurs during the operation.\r
532616bb 1883 @retval FALSE This interface is not supported.\r
e8b4eb04 1884\r
1885**/\r
1886BOOLEAN\r
1887EFIAPI\r
1888Pkcs7GetSigners (\r
1889 IN CONST UINT8 *P7Data,\r
1890 IN UINTN P7Length,\r
1891 OUT UINT8 **CertStack,\r
1892 OUT UINTN *StackLength,\r
1893 OUT UINT8 **TrustedCert,\r
1894 OUT UINTN *CertLength\r
1895 );\r
1896\r
1897/**\r
1898 Wrap function to use free() to free allocated memory for certificates.\r
1899\r
532616bb 1900 If this interface is not supported, then ASSERT().\r
1901\r
e8b4eb04 1902 @param[in] Certs Pointer to the certificates to be freed.\r
1903\r
1904**/\r
1905VOID\r
1906EFIAPI\r
1907Pkcs7FreeSigners (\r
1908 IN UINT8 *Certs\r
45419de6
QL		 1909 );\r
1910\r
1911/**\r
1912 Retrieves all embedded certificates from PKCS#7 signed data as described in "PKCS #7:\r
1913 Cryptographic Message Syntax Standard", and outputs two certificate lists chained and\r
1914 unchained to the signer's certificates.\r
1915 The input signed data could be wrapped in a ContentInfo structure.\r
1916\r
1917 @param[in] P7Data Pointer to the PKCS#7 message.\r
1918 @param[in] P7Length Length of the PKCS#7 message in bytes.\r
0f5f6b3d 1919 @param[out] SignerChainCerts Pointer to the certificates list chained to signer's\r
6fe575d0
LQ		 1920 certificate. It's caller's responsibility to free the buffer\r
1921 with Pkcs7FreeSigners().\r
3702637a 1922 This data structure is EFI_CERT_STACK type.\r
45419de6
QL		 1923 @param[out] ChainLength Length of the chained certificates list buffer in bytes.\r
1924 @param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's\r
6fe575d0 1925 responsibility to free the buffer with Pkcs7FreeSigners().\r
3702637a 1926 This data structure is EFI_CERT_STACK type.\r
45419de6
QL		 1927 @param[out] UnchainLength Length of the unchained certificates list buffer in bytes.\r
1928\r
1929 @retval TRUE The operation is finished successfully.\r
1930 @retval FALSE Error occurs during the operation.\r
1931\r
1932**/\r
1933BOOLEAN\r
1934EFIAPI\r
1935Pkcs7GetCertificatesList (\r
1936 IN CONST UINT8 *P7Data,\r
1937 IN UINTN P7Length,\r
1938 OUT UINT8 **SignerChainCerts,\r
1939 OUT UINTN *ChainLength,\r
1940 OUT UINT8 **UnchainCerts,\r
1941 OUT UINTN *UnchainLength\r
e8b4eb04 1942 );\r
1943\r
b7d320f8 1944/**\r
1945 Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message\r
1946 Syntax Standard, version 1.5". This interface is only intended to be used for\r
1947 application to perform PKCS#7 functionality validation.\r
1948\r
532616bb 1949 If this interface is not supported, then return FALSE.\r
1950\r
b7d320f8 1951 @param[in] PrivateKey Pointer to the PEM-formatted private key data for\r
1952 data signing.\r
1953 @param[in] PrivateKeySize Size of the PEM private key data in bytes.\r
1954 @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM\r
1955 key data.\r
1956 @param[in] InData Pointer to the content to be signed.\r
1957 @param[in] InDataSize Size of InData in bytes.\r
1958 @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with.\r
1959 @param[in] OtherCerts Pointer to an optional additional set of certificates to\r
1960 include in the PKCS#7 signedData (e.g. any intermediate\r
1961 CAs in the chain).\r
6fe575d0
LQ		 1962 @param[out] SignedData Pointer to output PKCS#7 signedData. It's caller's\r
1963 responsibility to free the buffer with FreePool().\r
b7d320f8 1964 @param[out] SignedDataSize Size of SignedData in bytes.\r
1965\r
1966 @retval TRUE PKCS#7 data signing succeeded.\r
1967 @retval FALSE PKCS#7 data signing failed.\r
532616bb 1968 @retval FALSE This interface is not supported.\r
b7d320f8 1969\r
1970**/\r
1971BOOLEAN\r
1972EFIAPI\r
1973Pkcs7Sign (\r
1974 IN CONST UINT8 *PrivateKey,\r
1975 IN UINTN PrivateKeySize,\r
1976 IN CONST UINT8 *KeyPassword,\r
1977 IN UINT8 *InData,\r
1978 IN UINTN InDataSize,\r
1979 IN UINT8 *SignCert,\r
1980 IN UINT8 *OtherCerts OPTIONAL,\r
1981 OUT UINT8 **SignedData,\r
1982 OUT UINTN *SignedDataSize\r
1983 );\r
1984\r
97f98500 1985/**\r
2998af86 1986 Verifies the validity of a PKCS#7 signed data as described in "PKCS #7:\r
e8b4eb04 1987 Cryptographic Message Syntax Standard". The input signed data could be wrapped\r
1988 in a ContentInfo structure.\r
97f98500 1989\r
e8b4eb04 1990 If P7Data, TrustedCert or InData is NULL, then return FALSE.\r
2998af86 1991 If P7Length, CertLength or DataLength overflow, then return FALSE.\r
532616bb 1992 If this interface is not supported, then return FALSE.\r
97f98500
HT		 1993\r
1994 @param[in] P7Data Pointer to the PKCS#7 message to verify.\r
e8b4eb04 1995 @param[in] P7Length Length of the PKCS#7 message in bytes.\r
97f98500
HT		 1996 @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which\r
1997 is used for certificate chain verification.\r
e8b4eb04 1998 @param[in] CertLength Length of the trusted certificate in bytes.\r
97f98500 1999 @param[in] InData Pointer to the content to be verified.\r
e8b4eb04 2000 @param[in] DataLength Length of InData in bytes.\r
97f98500 2001\r
a8c44645 2002 @retval TRUE The specified PKCS#7 signed data is valid.\r
2003 @retval FALSE Invalid PKCS#7 signed data.\r
532616bb 2004 @retval FALSE This interface is not supported.\r
97f98500
HT		 2005\r
2006**/\r
2007BOOLEAN\r
2008EFIAPI\r
2009Pkcs7Verify (\r
2010 IN CONST UINT8 *P7Data,\r
e8b4eb04 2011 IN UINTN P7Length,\r
97f98500 2012 IN CONST UINT8 *TrustedCert,\r
e8b4eb04 2013 IN UINTN CertLength,\r
97f98500 2014 IN CONST UINT8 *InData,\r
e8b4eb04 2015 IN UINTN DataLength\r
a8c44645 2016 );\r
2017\r
1796a394
BB		 2018/**\r
2019 This function receives a PKCS7 formatted signature, and then verifies that\r
2020 the specified Enhanced or Extended Key Usages (EKU's) are present in the end-entity\r
2021 leaf signing certificate.\r
2022 Note that this function does not validate the certificate chain.\r
2023\r
2024 Applications for custom EKU's are quite flexible. For example, a policy EKU\r
2025 may be present in an Issuing Certificate Authority (CA), and any sub-ordinate\r
2026 certificate issued might also contain this EKU, thus constraining the\r
2027 sub-ordinate certificate. Other applications might allow a certificate\r
2028 embedded in a device to specify that other Object Identifiers (OIDs) are\r
2029 present which contains binary data specifying custom capabilities that\r
2030 the device is able to do.\r
2031\r
2032 @param[in] Pkcs7Signature The PKCS#7 signed information content block. An array\r
2033 containing the content block with both the signature,\r
2034 the signer's certificate, and any necessary intermediate\r
2035 certificates.\r
2036 @param[in] Pkcs7SignatureSize Number of bytes in Pkcs7Signature.\r
2037 @param[in] RequiredEKUs Array of null-terminated strings listing OIDs of\r
2038 required EKUs that must be present in the signature.\r
2039 @param[in] RequiredEKUsSize Number of elements in the RequiredEKUs string array.\r
2040 @param[in] RequireAllPresent If this is TRUE, then all of the specified EKU's\r
2041 must be present in the leaf signer. If it is\r
2042 FALSE, then we will succeed if we find any\r
2043 of the specified EKU's.\r
2044\r
2045 @retval EFI_SUCCESS The required EKUs were found in the signature.\r
2046 @retval EFI_INVALID_PARAMETER A parameter was invalid.\r
2047 @retval EFI_NOT_FOUND One or more EKU's were not found in the signature.\r
2048\r
2049**/\r
2050RETURN_STATUS\r
2051EFIAPI\r
2052VerifyEKUsInPkcs7Signature (\r
2053 IN CONST UINT8 *Pkcs7Signature,\r
2054 IN CONST UINT32 SignatureSize,\r
2055 IN CONST CHAR8 *RequiredEKUs[],\r
2056 IN CONST UINT32 RequiredEKUsSize,\r
2057 IN BOOLEAN RequireAllPresent\r
2058 );\r
2059\r
afeb55e4
QL		 2060/**\r
2061 Extracts the attached content from a PKCS#7 signed data if existed. The input signed\r
2062 data could be wrapped in a ContentInfo structure.\r
2063\r
2064 If P7Data, Content, or ContentSize is NULL, then return FALSE. If P7Length overflow,\r
2998af86 2065 then return FALSE. If the P7Data is not correctly formatted, then return FALSE.\r
afeb55e4
QL		 2066\r
2067 Caution: This function may receive untrusted input. So this function will do\r
2068 basic check for PKCS#7 data structure.\r
2069\r
2070 @param[in] P7Data Pointer to the PKCS#7 signed data to process.\r
2071 @param[in] P7Length Length of the PKCS#7 signed data in bytes.\r
2072 @param[out] Content Pointer to the extracted content from the PKCS#7 signedData.\r
6fe575d0 2073 It's caller's responsibility to free the buffer with FreePool().\r
afeb55e4
QL		 2074 @param[out] ContentSize The size of the extracted content in bytes.\r
2075\r
2076 @retval TRUE The P7Data was correctly formatted for processing.\r
2077 @retval FALSE The P7Data was not correctly formatted for processing.\r
2078\r
0c9fc4b1 2079**/\r
afeb55e4
QL		 2080BOOLEAN\r
2081EFIAPI\r
2082Pkcs7GetAttachedContent (\r
2083 IN CONST UINT8 *P7Data,\r
2084 IN UINTN P7Length,\r
2085 OUT VOID **Content,\r
2086 OUT UINTN *ContentSize\r
2087 );\r
2088\r
b7d320f8 2089/**\r
2998af86 2090 Verifies the validity of a PE/COFF Authenticode Signature as described in "Windows\r
b7d320f8 2091 Authenticode Portable Executable Signature Format".\r
2092\r
16d2c32c 2093 If AuthData is NULL, then return FALSE.\r
2094 If ImageHash is NULL, then return FALSE.\r
532616bb 2095 If this interface is not supported, then return FALSE.\r
b7d320f8 2096\r
2097 @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed\r
2098 PE/COFF image to be verified.\r
2099 @param[in] DataSize Size of the Authenticode Signature in bytes.\r
2100 @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which\r
2101 is used for certificate chain verification.\r
2102 @param[in] CertSize Size of the trusted certificate in bytes.\r
2998af86 2103 @param[in] ImageHash Pointer to the original image file hash value. The procedure\r
b7d320f8 2104 for calculating the image hash value is described in Authenticode\r
2105 specification.\r
2106 @param[in] HashSize Size of Image hash value in bytes.\r
2107\r
2108 @retval TRUE The specified Authenticode Signature is valid.\r
2109 @retval FALSE Invalid Authenticode Signature.\r
532616bb 2110 @retval FALSE This interface is not supported.\r
b7d320f8 2111\r
2112**/\r
2113BOOLEAN\r
2114EFIAPI\r
2115AuthenticodeVerify (\r
2116 IN CONST UINT8 *AuthData,\r
2117 IN UINTN DataSize,\r
2118 IN CONST UINT8 *TrustedCert,\r
2119 IN UINTN CertSize,\r
2120 IN CONST UINT8 *ImageHash,\r
2121 IN UINTN HashSize\r
2122 );\r
2123\r
2ac68e8b 2124/**\r
2998af86 2125 Verifies the validity of a RFC3161 Timestamp CounterSignature embedded in PE/COFF Authenticode\r
2ac68e8b
QL		 2126 signature.\r
2127\r
2128 If AuthData is NULL, then return FALSE.\r
12d95665 2129 If this interface is not supported, then return FALSE.\r
2ac68e8b
QL		 2130\r
2131 @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed\r
2132 PE/COFF image to be verified.\r
2133 @param[in] DataSize Size of the Authenticode Signature in bytes.\r
2134 @param[in] TsaCert Pointer to a trusted/root TSA certificate encoded in DER, which\r
2135 is used for TSA certificate chain verification.\r
2136 @param[in] CertSize Size of the trusted certificate in bytes.\r
2137 @param[out] SigningTime Return the time of timestamp generation time if the timestamp\r
2138 signature is valid.\r
2139\r
2140 @retval TRUE The specified Authenticode includes a valid RFC3161 Timestamp CounterSignature.\r
2141 @retval FALSE No valid RFC3161 Timestamp CounterSignature in the specified Authenticode data.\r
2142\r
2143**/\r
2144BOOLEAN\r
2145EFIAPI\r
2146ImageTimestampVerify (\r
2147 IN CONST UINT8 *AuthData,\r
2148 IN UINTN DataSize,\r
2149 IN CONST UINT8 *TsaCert,\r
2150 IN UINTN CertSize,\r
2151 OUT EFI_TIME *SigningTime\r
2152 );\r
2153\r
a8c44645 2154//=====================================================================================\r
2155// DH Key Exchange Primitive\r
2156//=====================================================================================\r
2157\r
2158/**\r
2159 Allocates and Initializes one Diffie-Hellman Context for subsequent use.\r
2160\r
2161 @return Pointer to the Diffie-Hellman Context that has been initialized.\r
2162 If the allocations fails, DhNew() returns NULL.\r
532616bb 2163 If the interface is not supported, DhNew() returns NULL.\r
a8c44645 2164\r
2165**/\r
2166VOID *\r
2167EFIAPI\r
2168DhNew (\r
2169 VOID\r
2170 );\r
2171\r
2172/**\r
2173 Release the specified DH context.\r
2174\r
532616bb 2175 If the interface is not supported, then ASSERT().\r
a8c44645 2176\r
2177 @param[in] DhContext Pointer to the DH context to be released.\r
2178\r
2179**/\r
2180VOID\r
2181EFIAPI\r
2182DhFree (\r
2183 IN VOID *DhContext\r
2184 );\r
2185\r
2186/**\r
2187 Generates DH parameter.\r
2188\r
2189 Given generator g, and length of prime number p in bits, this function generates p,\r
2190 and sets DH context according to value of g and p.\r
2ac68e8b 2191\r
a8c44645 2192 Before this function can be invoked, pseudorandom number generator must be correctly\r
2193 initialized by RandomSeed().\r
2194\r
16d2c32c 2195 If DhContext is NULL, then return FALSE.\r
2196 If Prime is NULL, then return FALSE.\r
532616bb 2197 If this interface is not supported, then return FALSE.\r
a8c44645 2198\r
2199 @param[in, out] DhContext Pointer to the DH context.\r
2200 @param[in] Generator Value of generator.\r
2201 @param[in] PrimeLength Length in bits of prime to be generated.\r
2202 @param[out] Prime Pointer to the buffer to receive the generated prime number.\r
2203\r
2998af86 2204 @retval TRUE DH parameter generation succeeded.\r
a8c44645 2205 @retval FALSE Value of Generator is not supported.\r
2206 @retval FALSE PRNG fails to generate random prime number with PrimeLength.\r
532616bb 2207 @retval FALSE This interface is not supported.\r
a8c44645 2208\r
2209**/\r
2210BOOLEAN\r
2211EFIAPI\r
2212DhGenerateParameter (\r
2213 IN OUT VOID *DhContext,\r
2214 IN UINTN Generator,\r
2215 IN UINTN PrimeLength,\r
2216 OUT UINT8 *Prime\r
2217 );\r
2218\r
2219/**\r
2220 Sets generator and prime parameters for DH.\r
2221\r
2222 Given generator g, and prime number p, this function and sets DH\r
2223 context accordingly.\r
2224\r
16d2c32c 2225 If DhContext is NULL, then return FALSE.\r
2226 If Prime is NULL, then return FALSE.\r
532616bb 2227 If this interface is not supported, then return FALSE.\r
a8c44645 2228\r
2229 @param[in, out] DhContext Pointer to the DH context.\r
2230 @param[in] Generator Value of generator.\r
2231 @param[in] PrimeLength Length in bits of prime to be generated.\r
2232 @param[in] Prime Pointer to the prime number.\r
2233\r
2998af86 2234 @retval TRUE DH parameter setting succeeded.\r
a8c44645 2235 @retval FALSE Value of Generator is not supported.\r
2236 @retval FALSE Value of Generator is not suitable for the Prime.\r
2237 @retval FALSE Value of Prime is not a prime number.\r
2238 @retval FALSE Value of Prime is not a safe prime number.\r
532616bb 2239 @retval FALSE This interface is not supported.\r
a8c44645 2240\r
2241**/\r
2242BOOLEAN\r
2243EFIAPI\r
2244DhSetParameter (\r
2245 IN OUT VOID *DhContext,\r
2246 IN UINTN Generator,\r
2247 IN UINTN PrimeLength,\r
2248 IN CONST UINT8 *Prime\r
97f98500
HT		 2249 );\r
2250\r
a8c44645 2251/**\r
2252 Generates DH public key.\r
2253\r
2ac68e8b 2254 This function generates random secret exponent, and computes the public key, which is\r
a8c44645 2255 returned via parameter PublicKey and PublicKeySize. DH context is updated accordingly.\r
2256 If the PublicKey buffer is too small to hold the public key, FALSE is returned and\r
2257 PublicKeySize is set to the required buffer size to obtain the public key.\r
2258\r
16d2c32c 2259 If DhContext is NULL, then return FALSE.\r
2260 If PublicKeySize is NULL, then return FALSE.\r
2261 If PublicKeySize is large enough but PublicKey is NULL, then return FALSE.\r
532616bb 2262 If this interface is not supported, then return FALSE.\r
a8c44645 2263\r
2264 @param[in, out] DhContext Pointer to the DH context.\r
2265 @param[out] PublicKey Pointer to the buffer to receive generated public key.\r
2266 @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes.\r
2267 On output, the size of data returned in PublicKey buffer in bytes.\r
2268\r
2269 @retval TRUE DH public key generation succeeded.\r
2270 @retval FALSE DH public key generation failed.\r
2271 @retval FALSE PublicKeySize is not large enough.\r
532616bb 2272 @retval FALSE This interface is not supported.\r
a8c44645 2273\r
2274**/\r
2275BOOLEAN\r
2276EFIAPI\r
2277DhGenerateKey (\r
2278 IN OUT VOID *DhContext,\r
2279 OUT UINT8 *PublicKey,\r
2280 IN OUT UINTN *PublicKeySize\r
2281 );\r
2282\r
2283/**\r
2284 Computes exchanged common key.\r
2285\r
2286 Given peer's public key, this function computes the exchanged common key, based on its own\r
dda39f3a 2287 context including value of prime modulus and random secret exponent.\r
a8c44645 2288\r
16d2c32c 2289 If DhContext is NULL, then return FALSE.\r
2290 If PeerPublicKey is NULL, then return FALSE.\r
2291 If KeySize is NULL, then return FALSE.\r
dda39f3a 2292 If Key is NULL, then return FALSE.\r
2293 If KeySize is not large enough, then return FALSE.\r
532616bb 2294 If this interface is not supported, then return FALSE.\r
a8c44645 2295\r
2296 @param[in, out] DhContext Pointer to the DH context.\r
2297 @param[in] PeerPublicKey Pointer to the peer's public key.\r
2298 @param[in] PeerPublicKeySize Size of peer's public key in bytes.\r
2299 @param[out] Key Pointer to the buffer to receive generated key.\r
2300 @param[in, out] KeySize On input, the size of Key buffer in bytes.\r
2301 On output, the size of data returned in Key buffer in bytes.\r
2302\r
2303 @retval TRUE DH exchanged key generation succeeded.\r
2304 @retval FALSE DH exchanged key generation failed.\r
2305 @retval FALSE KeySize is not large enough.\r
532616bb 2306 @retval FALSE This interface is not supported.\r
a8c44645 2307\r
2308**/\r
2309BOOLEAN\r
2310EFIAPI\r
2311DhComputeKey (\r
2312 IN OUT VOID *DhContext,\r
2313 IN CONST UINT8 *PeerPublicKey,\r
2314 IN UINTN PeerPublicKeySize,\r
2315 OUT UINT8 *Key,\r
2316 IN OUT UINTN *KeySize\r
2317 );\r
2318\r
2319//=====================================================================================\r
2320// Pseudo-Random Generation Primitive\r
2321//=====================================================================================\r
2322\r
2323/**\r
2324 Sets up the seed value for the pseudorandom number generator.\r
2325\r
2326 This function sets up the seed value for the pseudorandom number generator.\r
2327 If Seed is not NULL, then the seed passed in is used.\r
2328 If Seed is NULL, then default seed is used.\r
532616bb 2329 If this interface is not supported, then return FALSE.\r
a8c44645 2330\r
2331 @param[in] Seed Pointer to seed value.\r
2332 If NULL, default seed is used.\r
2333 @param[in] SeedSize Size of seed value.\r
2334 If Seed is NULL, this parameter is ignored.\r
2335\r
2336 @retval TRUE Pseudorandom number generator has enough entropy for random generation.\r
2337 @retval FALSE Pseudorandom number generator does not have enough entropy for random generation.\r
532616bb 2338 @retval FALSE This interface is not supported.\r
a8c44645 2339\r
2340**/\r
2341BOOLEAN\r
2342EFIAPI\r
2343RandomSeed (\r
2344 IN CONST UINT8 *Seed OPTIONAL,\r
2345 IN UINTN SeedSize\r
2346 );\r
2347\r
2348/**\r
2349 Generates a pseudorandom byte stream of the specified size.\r
2350\r
16d2c32c 2351 If Output is NULL, then return FALSE.\r
532616bb 2352 If this interface is not supported, then return FALSE.\r
a8c44645 2353\r
2354 @param[out] Output Pointer to buffer to receive random value.\r
2998af86 2355 @param[in] Size Size of random bytes to generate.\r
a8c44645 2356\r
2357 @retval TRUE Pseudorandom byte stream generated successfully.\r
2358 @retval FALSE Pseudorandom number generator fails to generate due to lack of entropy.\r
532616bb 2359 @retval FALSE This interface is not supported.\r
a8c44645 2360\r
2361**/\r
2362BOOLEAN\r
2363EFIAPI\r
2364RandomBytes (\r
2365 OUT UINT8 *Output,\r
2366 IN UINTN Size\r
2367 );\r
97f98500 2368\r
4b1b7c19
GW		 2369//=====================================================================================\r
2370// Key Derivation Function Primitive\r
2371//=====================================================================================\r
2372\r
2373/**\r
2374 Derive key data using HMAC-SHA256 based KDF.\r
2375\r
2376 @param[in] Key Pointer to the user-supplied key.\r
2377 @param[in] KeySize Key size in bytes.\r
2378 @param[in] Salt Pointer to the salt(non-secret) value.\r
2379 @param[in] SaltSize Salt size in bytes.\r
2380 @param[in] Info Pointer to the application specific info.\r
2381 @param[in] InfoSize Info size in bytes.\r
944bd5cf 2382 @param[out] Out Pointer to buffer to receive hkdf value.\r
4b1b7c19
GW		 2383 @param[in] OutSize Size of hkdf bytes to generate.\r
2384\r
2385 @retval TRUE Hkdf generated successfully.\r
2386 @retval FALSE Hkdf generation failed.\r
2387\r
2388**/\r
2389BOOLEAN\r
2390EFIAPI\r
2391HkdfSha256ExtractAndExpand (\r
2392 IN CONST UINT8 *Key,\r
2393 IN UINTN KeySize,\r
2394 IN CONST UINT8 *Salt,\r
2395 IN UINTN SaltSize,\r
2396 IN CONST UINT8 *Info,\r
2397 IN UINTN InfoSize,\r
2398 OUT UINT8 *Out,\r
2399 IN UINTN OutSize\r
2400 );\r
2401\r
afeb55e4 2402#endif // __BASE_CRYPT_LIB_H__\r
EFI Development Kit II mirror for PVE