]> git.proxmox.com Git - mirror_edk2.git/blame - CryptoPkg/Private/Protocol/Crypto.h
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
CryptoPkg: Add BigNum API to DXE and protocol
[mirror_edk2.git] / CryptoPkg / Private / Protocol / Crypto.h
CommitLineData
3b0e0430
MK		 1/** @file\r
2 This Protocol provides Crypto services to DXE modules\r
3\r
4 Copyright (C) Microsoft Corporation. All rights reserved.\r
c1e66210 5 Copyright (c) 2020 - 2022, Intel Corporation. All rights reserved.<BR>\r
3b0e0430
MK		 6 SPDX-License-Identifier: BSD-2-Clause-Patent\r
7\r
8**/\r
9\r
10#ifndef __EDKII_CRYPTO_PROTOCOL_H__\r
11#define __EDKII_CRYPTO_PROTOCOL_H__\r
12\r
13#include <Base.h>\r
14#include <Library/BaseCryptLib.h>\r
15#include <Library/PcdLib.h>\r
16\r
17///\r
18/// The version of the EDK II Crypto Protocol.\r
19/// As APIs are added to BaseCryptLib, the EDK II Crypto Protocol is extended\r
20/// with new APIs at the end of the EDK II Crypto Protocol structure. Each time\r
21/// the EDK II Crypto Protocol is extended, this version define must be\r
22/// increased.\r
23///\r
42951543 24#define EDKII_CRYPTO_VERSION 12\r
3b0e0430
MK		 25\r
26///\r
27/// EDK II Crypto Protocol forward declaration\r
28///\r
29typedef struct _EDKII_CRYPTO_PROTOCOL EDKII_CRYPTO_PROTOCOL;\r
30\r
31/**\r
32 Returns the version of the EDK II Crypto Protocol.\r
33\r
34 @return The version of the EDK II Crypto Protocol.\r
35\r
36**/\r
37typedef\r
38UINTN\r
7c342378 39(EFIAPI *EDKII_CRYPTO_GET_VERSION)(\r
3b0e0430
MK		 40 VOID\r
41 );\r
42\r
7c342378 43// =====================================================================================\r
3b0e0430 44// MAC (Message Authentication Code) Primitive\r
7c342378
MK		 45// =====================================================================================\r
46\r
3b0e0430 47/**\r
b6174e2d
ZG		 48 HMAC MD5 is deprecated and unsupported any longer.\r
49 Keep the function field for binary compability.\r
3b0e0430
MK		 50\r
51**/\r
52typedef\r
7c342378
MK		 53VOID *\r
54(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_NEW)(\r
3b0e0430
MK		 55 VOID\r
56 );\r
57\r
3b0e0430
MK		 58typedef\r
59VOID\r
7c342378 60(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FREE)(\r
3b0e0430
MK		 61 IN VOID *HmacMd5Ctx\r
62 );\r
63\r
3b0e0430
MK		 64typedef\r
65BOOLEAN\r
7c342378 66(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_SET_KEY)(\r
3b0e0430
MK		 67 OUT VOID *HmacMd5Context,\r
68 IN CONST UINT8 *Key,\r
69 IN UINTN KeySize\r
70 );\r
71\r
3b0e0430
MK		 72typedef\r
73BOOLEAN\r
7c342378 74(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE)(\r
3b0e0430
MK		 75 IN CONST VOID *HmacMd5Context,\r
76 OUT VOID *NewHmacMd5Context\r
77 );\r
78\r
3b0e0430
MK		 79typedef\r
80BOOLEAN\r
7c342378 81(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE)(\r
3b0e0430
MK		 82 IN OUT VOID *HmacMd5Context,\r
83 IN CONST VOID *Data,\r
84 IN UINTN DataSize\r
85 );\r
86\r
3b0e0430
MK		 87typedef\r
88BOOLEAN\r
7c342378 89(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL)(\r
3b0e0430
MK		 90 IN OUT VOID *HmacMd5Context,\r
91 OUT UINT8 *HmacValue\r
92 );\r
93\r
3b0e0430 94/**\r
c812d320
ZG		 95 HMAC SHA1 is deprecated and unsupported any longer.\r
96 Keep the function field for binary compability.\r
3b0e0430
MK		 97\r
98**/\r
99typedef\r
7c342378
MK		 100VOID *\r
101(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_NEW)(\r
3b0e0430
MK		 102 VOID\r
103 );\r
104\r
3b0e0430
MK		 105typedef\r
106VOID\r
7c342378 107(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FREE)(\r
3b0e0430
MK		 108 IN VOID *HmacSha1Ctx\r
109 );\r
110\r
3b0e0430
MK		 111typedef\r
112BOOLEAN\r
7c342378 113(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_SET_KEY)(\r
3b0e0430
MK		 114 OUT VOID *HmacSha1Context,\r
115 IN CONST UINT8 *Key,\r
116 IN UINTN KeySize\r
117 );\r
118\r
3b0e0430
MK		 119typedef\r
120BOOLEAN\r
7c342378 121(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_DUPLICATE)(\r
3b0e0430
MK		 122 IN CONST VOID *HmacSha1Context,\r
123 OUT VOID *NewHmacSha1Context\r
124 );\r
125\r
3b0e0430
MK		 126typedef\r
127BOOLEAN\r
7c342378 128(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_UPDATE)(\r
3b0e0430
MK		 129 IN OUT VOID *HmacSha1Context,\r
130 IN CONST VOID *Data,\r
131 IN UINTN DataSize\r
132 );\r
133\r
3b0e0430
MK		 134typedef\r
135BOOLEAN\r
7c342378 136(EFIAPI *DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FINAL)(\r
3b0e0430
MK		 137 IN OUT VOID *HmacSha1Context,\r
138 OUT UINT8 *HmacValue\r
139 );\r
140\r
3b0e0430
MK		 141/**\r
142 Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.\r
143\r
144 @return Pointer to the HMAC_CTX context that has been initialized.\r
145 If the allocations fails, HmacSha256New() returns NULL.\r
146\r
147**/\r
148typedef\r
149VOID *\r
7c342378 150(EFIAPI *EDKII_CRYPTO_HMAC_SHA256_NEW)(\r
3b0e0430
MK		 151 VOID\r
152 );\r
153\r
154/**\r
155 Release the specified HMAC_CTX context.\r
156\r
157 @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released.\r
158\r
159**/\r
160typedef\r
161VOID\r
7c342378 162(EFIAPI *EDKII_CRYPTO_HMAC_SHA256_FREE)(\r
3b0e0430
MK		 163 IN VOID *HmacSha256Ctx\r
164 );\r
165\r
3b0e0430
MK		 166/**\r
167 Set user-supplied key for subsequent use. It must be done before any\r
168 calling to HmacSha256Update().\r
169\r
170 If HmacSha256Context is NULL, then return FALSE.\r
171 If this interface is not supported, then return FALSE.\r
172\r
173 @param[out] HmacSha256Context Pointer to HMAC-SHA256 context.\r
174 @param[in] Key Pointer to the user-supplied key.\r
175 @param[in] KeySize Key size in bytes.\r
176\r
177 @retval TRUE The Key is set successfully.\r
178 @retval FALSE The Key is set unsuccessfully.\r
179 @retval FALSE This interface is not supported.\r
180\r
181**/\r
182typedef\r
183BOOLEAN\r
7c342378 184(EFIAPI *EDKII_CRYPTO_HMAC_SHA256_SET_KEY)(\r
3b0e0430
MK		 185 OUT VOID *HmacSha256Context,\r
186 IN CONST UINT8 *Key,\r
187 IN UINTN KeySize\r
188 );\r
189\r
190/**\r
191 Makes a copy of an existing HMAC-SHA256 context.\r
192\r
193 If HmacSha256Context is NULL, then return FALSE.\r
194 If NewHmacSha256Context is NULL, then return FALSE.\r
195 If this interface is not supported, then return FALSE.\r
196\r
197 @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied.\r
198 @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context.\r
199\r
200 @retval TRUE HMAC-SHA256 context copy succeeded.\r
201 @retval FALSE HMAC-SHA256 context copy failed.\r
202 @retval FALSE This interface is not supported.\r
203\r
204**/\r
205typedef\r
206BOOLEAN\r
7c342378 207(EFIAPI *EDKII_CRYPTO_HMAC_SHA256_DUPLICATE)(\r
3b0e0430
MK		 208 IN CONST VOID *HmacSha256Context,\r
209 OUT VOID *NewHmacSha256Context\r
210 );\r
211\r
3b0e0430
MK		 212/**\r
213 Digests the input data and updates HMAC-SHA256 context.\r
214\r
215 This function performs HMAC-SHA256 digest on a data buffer of the specified size.\r
216 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
217 HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized\r
218 by HmacSha256Final(). Behavior with invalid context is undefined.\r
219\r
220 If HmacSha256Context is NULL, then return FALSE.\r
221 If this interface is not supported, then return FALSE.\r
222\r
223 @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.\r
224 @param[in] Data Pointer to the buffer containing the data to be digested.\r
225 @param[in] DataSize Size of Data buffer in bytes.\r
226\r
227 @retval TRUE HMAC-SHA256 data digest succeeded.\r
228 @retval FALSE HMAC-SHA256 data digest failed.\r
229 @retval FALSE This interface is not supported.\r
230\r
231**/\r
232typedef\r
233BOOLEAN\r
7c342378 234(EFIAPI *EDKII_CRYPTO_HMAC_SHA256_UPDATE)(\r
3b0e0430
MK		 235 IN OUT VOID *HmacSha256Context,\r
236 IN CONST VOID *Data,\r
237 IN UINTN DataSize\r
238 );\r
239\r
240/**\r
241 Completes computation of the HMAC-SHA256 digest value.\r
242\r
243 This function completes HMAC-SHA256 hash computation and retrieves the digest value into\r
244 the specified memory. After this function has been called, the HMAC-SHA256 context cannot\r
245 be used again.\r
246 HMAC-SHA256 context should be initialized by HmacSha256New(), and should not be finalized\r
247 by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined.\r
248\r
249 If HmacSha256Context is NULL, then return FALSE.\r
250 If HmacValue is NULL, then return FALSE.\r
251 If this interface is not supported, then return FALSE.\r
252\r
253 @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.\r
254 @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest\r
255 value (32 bytes).\r
256\r
257 @retval TRUE HMAC-SHA256 digest computation succeeded.\r
258 @retval FALSE HMAC-SHA256 digest computation failed.\r
259 @retval FALSE This interface is not supported.\r
260\r
261**/\r
262typedef\r
263BOOLEAN\r
7c342378 264(EFIAPI *EDKII_CRYPTO_HMAC_SHA256_FINAL)(\r
3b0e0430
MK		 265 IN OUT VOID *HmacSha256Context,\r
266 OUT UINT8 *HmacValue\r
267 );\r
268\r
7bb42e32
QZ		 269/**\r
270 Computes the HMAC-SHA256 digest of a input data buffer.\r
271\r
272 This function performs the HMAC-SHA256 digest of a given data buffer, and places\r
273 the digest value into the specified memory.\r
274\r
275 If this interface is not supported, then return FALSE.\r
276\r
277 @param[in] Data Pointer to the buffer containing the data to be digested.\r
278 @param[in] DataSize Size of Data buffer in bytes.\r
279 @param[in] Key Pointer to the user-supplied key.\r
280 @param[in] KeySize Key size in bytes.\r
281 @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest\r
282 value (32 bytes).\r
283\r
284 @retval TRUE HMAC-SHA256 digest computation succeeded.\r
285 @retval FALSE HMAC-SHA256 digest computation failed.\r
286 @retval FALSE This interface is not supported.\r
287\r
288**/\r
289typedef\r
290BOOLEAN\r
291(EFIAPI *EDKII_CRYPTO_HMAC_SHA256_ALL)(\r
292 IN CONST VOID *Data,\r
293 IN UINTN DataSize,\r
294 IN CONST UINT8 *Key,\r
295 IN UINTN KeySize,\r
296 OUT UINT8 *HmacValue\r
297 );\r
298\r
299/**\r
300 Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA384 use.\r
301\r
302 @return Pointer to the HMAC_CTX context that has been initialized.\r
303 If the allocations fails, HmacSha384New() returns NULL.\r
304\r
305**/\r
306typedef\r
307VOID *\r
308(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_NEW)(\r
309 VOID\r
310 );\r
311\r
312/**\r
313 Release the specified HMAC_CTX context.\r
314\r
315 @param[in] HmacSha384Ctx Pointer to the HMAC_CTX context to be released.\r
316\r
317**/\r
318typedef\r
319VOID\r
320(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_FREE)(\r
321 IN VOID *HmacSha384Ctx\r
322 );\r
323\r
324/**\r
325 Set user-supplied key for subsequent use. It must be done before any\r
326 calling to HmacSha384Update().\r
327\r
328 If HmacSha384Context is NULL, then return FALSE.\r
329 If this interface is not supported, then return FALSE.\r
330\r
331 @param[out] HmacSha384Context Pointer to HMAC-SHA384 context.\r
332 @param[in] Key Pointer to the user-supplied key.\r
333 @param[in] KeySize Key size in bytes.\r
334\r
335 @retval TRUE The Key is set successfully.\r
336 @retval FALSE The Key is set unsuccessfully.\r
337 @retval FALSE This interface is not supported.\r
338\r
339**/\r
340typedef\r
341BOOLEAN\r
342(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_SET_KEY)(\r
343 OUT VOID *HmacSha384Context,\r
344 IN CONST UINT8 *Key,\r
345 IN UINTN KeySize\r
346 );\r
347\r
348/**\r
349 Makes a copy of an existing HMAC-SHA384 context.\r
350\r
351 If HmacSha384Context is NULL, then return FALSE.\r
352 If NewHmacSha384Context is NULL, then return FALSE.\r
353 If this interface is not supported, then return FALSE.\r
354\r
355 @param[in] HmacSha384Context Pointer to HMAC-SHA384 context being copied.\r
356 @param[out] NewHmacSha384Context Pointer to new HMAC-SHA384 context.\r
357\r
358 @retval TRUE HMAC-SHA384 context copy succeeded.\r
359 @retval FALSE HMAC-SHA384 context copy failed.\r
360 @retval FALSE This interface is not supported.\r
361\r
362**/\r
363typedef\r
364BOOLEAN\r
365(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_DUPLICATE)(\r
366 IN CONST VOID *HmacSha384Context,\r
367 OUT VOID *NewHmacSha384Context\r
368 );\r
369\r
370/**\r
371 Digests the input data and updates HMAC-SHA384 context.\r
372\r
373 This function performs HMAC-SHA384 digest on a data buffer of the specified size.\r
374 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
375 HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized\r
376 by HmacSha384Final(). Behavior with invalid context is undefined.\r
377\r
378 If HmacSha384Context is NULL, then return FALSE.\r
379 If this interface is not supported, then return FALSE.\r
380\r
381 @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.\r
382 @param[in] Data Pointer to the buffer containing the data to be digested.\r
383 @param[in] DataSize Size of Data buffer in bytes.\r
384\r
385 @retval TRUE HMAC-SHA384 data digest succeeded.\r
386 @retval FALSE HMAC-SHA384 data digest failed.\r
387 @retval FALSE This interface is not supported.\r
388\r
389**/\r
390typedef\r
391BOOLEAN\r
392(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_UPDATE)(\r
393 IN OUT VOID *HmacSha384Context,\r
394 IN CONST VOID *Data,\r
395 IN UINTN DataSize\r
396 );\r
397\r
398/**\r
399 Completes computation of the HMAC-SHA384 digest value.\r
400\r
401 This function completes HMAC-SHA384 hash computation and retrieves the digest value into\r
402 the specified memory. After this function has been called, the HMAC-SHA384 context cannot\r
403 be used again.\r
404 HMAC-SHA384 context should be initialized by HmacSha384New(), and should not be finalized\r
405 by HmacSha384Final(). Behavior with invalid HMAC-SHA384 context is undefined.\r
406\r
407 If HmacSha384Context is NULL, then return FALSE.\r
408 If HmacValue is NULL, then return FALSE.\r
409 If this interface is not supported, then return FALSE.\r
410\r
411 @param[in, out] HmacSha384Context Pointer to the HMAC-SHA384 context.\r
412 @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest\r
413 value (48 bytes).\r
414\r
415 @retval TRUE HMAC-SHA384 digest computation succeeded.\r
416 @retval FALSE HMAC-SHA384 digest computation failed.\r
417 @retval FALSE This interface is not supported.\r
418\r
419**/\r
420typedef\r
421BOOLEAN\r
422(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_FINAL)(\r
423 IN OUT VOID *HmacSha384Context,\r
424 OUT UINT8 *HmacValue\r
425 );\r
426\r
427/**\r
428 Computes the HMAC-SHA384 digest of a input data buffer.\r
429\r
430 This function performs the HMAC-SHA384 digest of a given data buffer, and places\r
431 the digest value into the specified memory.\r
432\r
433 If this interface is not supported, then return FALSE.\r
434\r
435 @param[in] Data Pointer to the buffer containing the data to be digested.\r
436 @param[in] DataSize Size of Data buffer in bytes.\r
437 @param[in] Key Pointer to the user-supplied key.\r
438 @param[in] KeySize Key size in bytes.\r
439 @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA384 digest\r
440 value (48 bytes).\r
441\r
442 @retval TRUE HMAC-SHA384 digest computation succeeded.\r
443 @retval FALSE HMAC-SHA384 digest computation failed.\r
444 @retval FALSE This interface is not supported.\r
445\r
446**/\r
447typedef\r
448BOOLEAN\r
449(EFIAPI *EDKII_CRYPTO_HMAC_SHA384_ALL)(\r
450 IN CONST VOID *Data,\r
451 IN UINTN DataSize,\r
452 IN CONST UINT8 *Key,\r
453 IN UINTN KeySize,\r
454 OUT UINT8 *HmacValue\r
455 );\r
456\r
7c342378 457// =====================================================================================\r
3b0e0430 458// One-Way Cryptographic Hash Primitives\r
7c342378 459// =====================================================================================\r
3b0e0430
MK		 460\r
461/**\r
0a6fc3d0
ZG		 462 MD4 is deprecated and unsupported any longer.\r
463 Keep the function field for binary compability.\r
3b0e0430
MK		 464\r
465**/\r
466typedef\r
467UINTN\r
7c342378 468(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE)(\r
3b0e0430
MK		 469 VOID\r
470 );\r
471\r
3b0e0430
MK		 472typedef\r
473BOOLEAN\r
7c342378 474(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_INIT)(\r
3b0e0430
MK		 475 OUT VOID *Md4Context\r
476 );\r
477\r
3b0e0430
MK		 478typedef\r
479BOOLEAN\r
7c342378 480(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_DUPLICATE)(\r
3b0e0430
MK		 481 IN CONST VOID *Md4Context,\r
482 OUT VOID *NewMd4Context\r
483 );\r
484\r
3b0e0430
MK		 485typedef\r
486BOOLEAN\r
7c342378 487(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_UPDATE)(\r
3b0e0430
MK		 488 IN OUT VOID *Md4Context,\r
489 IN CONST VOID *Data,\r
490 IN UINTN DataSize\r
491 );\r
492\r
3b0e0430
MK		 493typedef\r
494BOOLEAN\r
7c342378 495(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_FINAL)(\r
3b0e0430
MK		 496 IN OUT VOID *Md4Context,\r
497 OUT UINT8 *HashValue\r
498 );\r
499\r
3b0e0430
MK		 500typedef\r
501BOOLEAN\r
7c342378 502(EFIAPI *DEPRECATED_EDKII_CRYPTO_MD4_HASH_ALL)(\r
3b0e0430
MK		 503 IN CONST VOID *Data,\r
504 IN UINTN DataSize,\r
505 OUT UINT8 *HashValue\r
506 );\r
507\r
508// ----------------------------------------------------------------------------\r
509\r
510/**\r
511 Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.\r
512\r
513 If this interface is not supported, then return zero.\r
514\r
515 @return The size, in bytes, of the context buffer required for MD5 hash operations.\r
516 @retval 0 This interface is not supported.\r
517\r
518**/\r
519typedef\r
520UINTN\r
7c342378 521(EFIAPI *EDKII_CRYPTO_MD5_GET_CONTEXT_SIZE)(\r
3b0e0430
MK		 522 VOID\r
523 );\r
524\r
525/**\r
526 Initializes user-supplied memory pointed by Md5Context as MD5 hash context for\r
527 subsequent use.\r
528\r
529 If Md5Context is NULL, then return FALSE.\r
530 If this interface is not supported, then return FALSE.\r
531\r
532 @param[out] Md5Context Pointer to MD5 context being initialized.\r
533\r
534 @retval TRUE MD5 context initialization succeeded.\r
535 @retval FALSE MD5 context initialization failed.\r
536 @retval FALSE This interface is not supported.\r
537\r
538**/\r
539typedef\r
540BOOLEAN\r
7c342378
MK		 541(EFIAPI *EDKII_CRYPTO_MD5_INIT)(\r
542 OUT VOID *Md5Context\r
543 );\r
3b0e0430
MK		 544\r
545/**\r
546 Makes a copy of an existing MD5 context.\r
547\r
548 If Md5Context is NULL, then return FALSE.\r
549 If NewMd5Context is NULL, then return FALSE.\r
550 If this interface is not supported, then return FALSE.\r
551\r
552 @param[in] Md5Context Pointer to MD5 context being copied.\r
553 @param[out] NewMd5Context Pointer to new MD5 context.\r
554\r
555 @retval TRUE MD5 context copy succeeded.\r
556 @retval FALSE MD5 context copy failed.\r
557 @retval FALSE This interface is not supported.\r
558\r
559**/\r
560typedef\r
561BOOLEAN\r
7c342378
MK		 562(EFIAPI *EDKII_CRYPTO_MD5_DUPLICATE)(\r
563 IN CONST VOID *Md5Context,\r
564 OUT VOID *NewMd5Context\r
565 );\r
3b0e0430
MK		 566\r
567/**\r
568 Digests the input data and updates MD5 context.\r
569\r
570 This function performs MD5 digest on a data buffer of the specified size.\r
571 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
572 MD5 context should be already correctly initialized by Md5Init(), and should not be finalized\r
573 by Md5Final(). Behavior with invalid context is undefined.\r
574\r
575 If Md5Context is NULL, then return FALSE.\r
576 If this interface is not supported, then return FALSE.\r
577\r
578 @param[in, out] Md5Context Pointer to the MD5 context.\r
579 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
580 @param[in] DataSize Size of Data buffer in bytes.\r
581\r
582 @retval TRUE MD5 data digest succeeded.\r
583 @retval FALSE MD5 data digest failed.\r
584 @retval FALSE This interface is not supported.\r
585\r
586**/\r
587typedef\r
588BOOLEAN\r
7c342378
MK		 589(EFIAPI *EDKII_CRYPTO_MD5_UPDATE)(\r
590 IN OUT VOID *Md5Context,\r
591 IN CONST VOID *Data,\r
592 IN UINTN DataSize\r
593 );\r
3b0e0430
MK		 594\r
595/**\r
596 Completes computation of the MD5 digest value.\r
597\r
598 This function completes MD5 hash computation and retrieves the digest value into\r
599 the specified memory. After this function has been called, the MD5 context cannot\r
600 be used again.\r
601 MD5 context should be already correctly initialized by Md5Init(), and should not be\r
602 finalized by Md5Final(). Behavior with invalid MD5 context is undefined.\r
603\r
604 If Md5Context is NULL, then return FALSE.\r
605 If HashValue is NULL, then return FALSE.\r
606 If this interface is not supported, then return FALSE.\r
607\r
608 @param[in, out] Md5Context Pointer to the MD5 context.\r
609 @param[out] HashValue Pointer to a buffer that receives the MD5 digest\r
610 value (16 bytes).\r
611\r
612 @retval TRUE MD5 digest computation succeeded.\r
613 @retval FALSE MD5 digest computation failed.\r
614 @retval FALSE This interface is not supported.\r
615\r
616**/\r
617typedef\r
618BOOLEAN\r
7c342378
MK		 619(EFIAPI *EDKII_CRYPTO_MD5_FINAL)(\r
620 IN OUT VOID *Md5Context,\r
621 OUT UINT8 *HashValue\r
622 );\r
3b0e0430
MK		 623\r
624/**\r
625 Computes the MD5 message digest of a input data buffer.\r
626\r
627 This function performs the MD5 message digest of a given data buffer, and places\r
628 the digest value into the specified memory.\r
629\r
630 If this interface is not supported, then return FALSE.\r
631\r
632 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
633 @param[in] DataSize Size of Data buffer in bytes.\r
634 @param[out] HashValue Pointer to a buffer that receives the MD5 digest\r
635 value (16 bytes).\r
636\r
637 @retval TRUE MD5 digest computation succeeded.\r
638 @retval FALSE MD5 digest computation failed.\r
639 @retval FALSE This interface is not supported.\r
640\r
641**/\r
642typedef\r
643BOOLEAN\r
7c342378
MK		 644(EFIAPI *EDKII_CRYPTO_MD5_HASH_ALL)(\r
645 IN CONST VOID *Data,\r
646 IN UINTN DataSize,\r
647 OUT UINT8 *HashValue\r
648 );\r
3b0e0430 649\r
7c342378 650// =====================================================================================\r
3b0e0430 651// PKCS\r
7c342378 652// =====================================================================================\r
3b0e0430
MK		 653\r
654/**\r
655 Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the encrypted message in\r
656 in a newly allocated buffer.\r
657\r
658 Things that can cause a failure include:\r
659 - X509 key size does not match any known key size.\r
660 - Fail to parse X509 certificate.\r
661 - Fail to allocate an intermediate buffer.\r
662 - NULL pointer provided for a non-optional parameter.\r
663 - Data size is too large for the provided key size (max size is a function of key size and hash digest size).\r
664\r
665 @param[in] PublicKey A pointer to the DER-encoded X509 certificate that will be used to encrypt the data.\r
666 @param[in] PublicKeySize Size of the X509 cert buffer.\r
667 @param[in] InData Data to be encrypted.\r
668 @param[in] InDataSize Size of the data buffer.\r
669 @param[in] PrngSeed [Optional] If provided, a pointer to a random seed buffer to be used when initializing the PRNG. NULL otherwise.\r
670 @param[in] PrngSeedSize [Optional] If provided, size of the random seed buffer. 0 otherwise.\r
671 @param[out] EncryptedData Pointer to an allocated buffer containing the encrypted message.\r
672 @param[out] EncryptedDataSize Size of the encrypted message buffer.\r
673\r
674 @retval TRUE Encryption was successful.\r
675 @retval FALSE Encryption failed.\r
676\r
677**/\r
678typedef\r
679BOOLEAN\r
7c342378
MK		 680(EFIAPI *EDKII_CRYPTO_PKCS1_ENCRYPT_V2)(\r
681 IN CONST UINT8 *PublicKey,\r
682 IN UINTN PublicKeySize,\r
683 IN UINT8 *InData,\r
684 IN UINTN InDataSize,\r
685 IN CONST UINT8 *PrngSeed OPTIONAL,\r
686 IN UINTN PrngSeedSize OPTIONAL,\r
687 OUT UINT8 **EncryptedData,\r
688 OUT UINTN *EncryptedDataSize\r
689 );\r
3b0e0430
MK		 690\r
691// ---------------------------------------------\r
692// PKCS5\r
693\r
694/**\r
695 Derives a key from a password using a salt and iteration count, based on PKCS#5 v2.0\r
696 password based encryption key derivation function PBKDF2, as specified in RFC 2898.\r
697\r
698 If Password or Salt or OutKey is NULL, then return FALSE.\r
699 If the hash algorithm could not be determined, then return FALSE.\r
700 If this interface is not supported, then return FALSE.\r
701\r
702 @param[in] PasswordLength Length of input password in bytes.\r
703 @param[in] Password Pointer to the array for the password.\r
704 @param[in] SaltLength Size of the Salt in bytes.\r
705 @param[in] Salt Pointer to the Salt.\r
706 @param[in] IterationCount Number of iterations to perform. Its value should be\r
707 greater than or equal to 1.\r
708 @param[in] DigestSize Size of the message digest to be used (eg. SHA256_DIGEST_SIZE).\r
709 NOTE: DigestSize will be used to determine the hash algorithm.\r
710 Only SHA1_DIGEST_SIZE or SHA256_DIGEST_SIZE is supported.\r
711 @param[in] KeyLength Size of the derived key buffer in bytes.\r
712 @param[out] OutKey Pointer to the output derived key buffer.\r
713\r
714 @retval TRUE A key was derived successfully.\r
715 @retval FALSE One of the pointers was NULL or one of the sizes was too large.\r
716 @retval FALSE The hash algorithm could not be determined from the digest size.\r
717 @retval FALSE The key derivation operation failed.\r
718 @retval FALSE This interface is not supported.\r
719\r
720**/\r
721typedef\r
722BOOLEAN\r
7c342378 723(EFIAPI *EDKII_CRYPTO_PKCS5_PW_HASH)(\r
3b0e0430
MK		 724 IN UINTN PasswordSize,\r
725 IN CONST CHAR8 *Password,\r
726 IN UINTN SaltSize,\r
727 IN CONST UINT8 *Salt,\r
728 IN UINTN IterationCount,\r
729 IN UINTN DigestSize,\r
730 IN UINTN OutputSize,\r
731 OUT UINT8 *Output\r
732 );\r
733\r
3b0e0430
MK		 734// ---------------------------------------------\r
735// PKCS7\r
736\r
737/**\r
738 Verifies the validity of a PKCS#7 signed data as described in "PKCS #7:\r
739 Cryptographic Message Syntax Standard". The input signed data could be wrapped\r
740 in a ContentInfo structure.\r
741\r
742 If P7Data, TrustedCert or InData is NULL, then return FALSE.\r
743 If P7Length, CertLength or DataLength overflow, then return FALSE.\r
744 If this interface is not supported, then return FALSE.\r
745\r
746 @param[in] P7Data Pointer to the PKCS#7 message to verify.\r
747 @param[in] P7Length Length of the PKCS#7 message in bytes.\r
748 @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which\r
749 is used for certificate chain verification.\r
750 @param[in] CertLength Length of the trusted certificate in bytes.\r
751 @param[in] InData Pointer to the content to be verified.\r
752 @param[in] DataLength Length of InData in bytes.\r
753\r
754 @retval TRUE The specified PKCS#7 signed data is valid.\r
755 @retval FALSE Invalid PKCS#7 signed data.\r
756 @retval FALSE This interface is not supported.\r
757\r
758**/\r
759typedef\r
760BOOLEAN\r
7c342378
MK		 761(EFIAPI *EDKII_CRYPTO_PKCS7_VERIFY)(\r
762 IN CONST UINT8 *P7Data,\r
763 IN UINTN P7DataLength,\r
764 IN CONST UINT8 *TrustedCert,\r
765 IN UINTN TrustedCertLength,\r
766 IN CONST UINT8 *Data,\r
767 IN UINTN DataLength\r
768 );\r
3b0e0430
MK		 769\r
770/**\r
771 VerifyEKUsInPkcs7Signature()\r
772\r
773 This function receives a PKCS7 formatted signature, and then verifies that\r
774 the specified Enhanced or Extended Key Usages (EKU's) are present in the end-entity\r
775 leaf signing certificate.\r
776\r
777 Note that this function does not validate the certificate chain.\r
778\r
779 Applications for custom EKU's are quite flexible. For example, a policy EKU\r
780 may be present in an Issuing Certificate Authority (CA), and any sub-ordinate\r
781 certificate issued might also contain this EKU, thus constraining the\r
782 sub-ordinate certificate. Other applications might allow a certificate\r
783 embedded in a device to specify that other Object Identifiers (OIDs) are\r
784 present which contains binary data specifying custom capabilities that\r
785 the device is able to do.\r
786\r
787 @param[in] Pkcs7Signature - The PKCS#7 signed information content block. An array\r
788 containing the content block with both the signature,\r
789 the signer's certificate, and any necessary intermediate\r
790 certificates.\r
791\r
792 @param[in] Pkcs7SignatureSize - Number of bytes in Pkcs7Signature.\r
793\r
794 @param[in] RequiredEKUs - Array of null-terminated strings listing OIDs of\r
795 required EKUs that must be present in the signature.\r
796\r
797 @param[in] RequiredEKUsSize - Number of elements in the RequiredEKUs string array.\r
798\r
799 @param[in] RequireAllPresent - If this is TRUE, then all of the specified EKU's\r
800 must be present in the leaf signer. If it is\r
801 FALSE, then we will succeed if we find any\r
802 of the specified EKU's.\r
803\r
804 @retval EFI_SUCCESS - The required EKUs were found in the signature.\r
805 @retval EFI_INVALID_PARAMETER - A parameter was invalid.\r
806 @retval EFI_NOT_FOUND - One or more EKU's were not found in the signature.\r
807\r
808**/\r
809typedef\r
810EFI_STATUS\r
7c342378
MK		 811(EFIAPI *EDKII_CRYPTO_PKCS7_VERIFY_EKU)(\r
812 IN CONST UINT8 *Pkcs7Signature,\r
813 IN CONST UINT32 SignatureSize,\r
814 IN CONST CHAR8 *RequiredEKUs[],\r
815 IN CONST UINT32 RequiredEKUsSize,\r
816 IN BOOLEAN RequireAllPresent\r
817 );\r
3b0e0430
MK		 818\r
819/**\r
820 Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:\r
821 Cryptographic Message Syntax Standard". The input signed data could be wrapped\r
822 in a ContentInfo structure.\r
823\r
824 If P7Data, CertStack, StackLength, TrustedCert or CertLength is NULL, then\r
825 return FALSE. If P7Length overflow, then return FALSE.\r
826 If this interface is not supported, then return FALSE.\r
827\r
828 @param[in] P7Data Pointer to the PKCS#7 message to verify.\r
829 @param[in] P7Length Length of the PKCS#7 message in bytes.\r
830 @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.\r
831 It's caller's responsibility to free the buffer with\r
832 Pkcs7FreeSigners().\r
833 This data structure is EFI_CERT_STACK type.\r
834 @param[out] StackLength Length of signer's certificates in bytes.\r
835 @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.\r
836 It's caller's responsibility to free the buffer with\r
837 Pkcs7FreeSigners().\r
838 @param[out] CertLength Length of the trusted certificate in bytes.\r
839\r
840 @retval TRUE The operation is finished successfully.\r
841 @retval FALSE Error occurs during the operation.\r
842 @retval FALSE This interface is not supported.\r
843\r
844**/\r
845typedef\r
846BOOLEAN\r
7c342378 847(EFIAPI *EDKII_CRYPTO_PKCS7_GET_SIGNERS)(\r
3b0e0430
MK		 848 IN CONST UINT8 *P7Data,\r
849 IN UINTN P7Length,\r
850 OUT UINT8 **CertStack,\r
851 OUT UINTN *StackLength,\r
852 OUT UINT8 **TrustedCert,\r
853 OUT UINTN *CertLength\r
854 );\r
855\r
856/**\r
857 Wrap function to use free() to free allocated memory for certificates.\r
858\r
859 If this interface is not supported, then ASSERT().\r
860\r
861 @param[in] Certs Pointer to the certificates to be freed.\r
862\r
863**/\r
864typedef\r
865VOID\r
7c342378 866(EFIAPI *EDKII_CRYPTO_PKCS7_FREE_SIGNERS)(\r
3b0e0430
MK		 867 IN UINT8 *Certs\r
868 );\r
869\r
870/**\r
871 Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message\r
872 Syntax Standard, version 1.5". This interface is only intended to be used for\r
873 application to perform PKCS#7 functionality validation.\r
874\r
875 If this interface is not supported, then return FALSE.\r
876\r
877 @param[in] PrivateKey Pointer to the PEM-formatted private key data for\r
878 data signing.\r
879 @param[in] PrivateKeySize Size of the PEM private key data in bytes.\r
880 @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM\r
881 key data.\r
882 @param[in] InData Pointer to the content to be signed.\r
883 @param[in] InDataSize Size of InData in bytes.\r
884 @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with.\r
885 @param[in] OtherCerts Pointer to an optional additional set of certificates to\r
886 include in the PKCS#7 signedData (e.g. any intermediate\r
887 CAs in the chain).\r
888 @param[out] SignedData Pointer to output PKCS#7 signedData. It's caller's\r
889 responsibility to free the buffer with FreePool().\r
890 @param[out] SignedDataSize Size of SignedData in bytes.\r
891\r
892 @retval TRUE PKCS#7 data signing succeeded.\r
893 @retval FALSE PKCS#7 data signing failed.\r
894 @retval FALSE This interface is not supported.\r
895\r
896**/\r
897typedef\r
898BOOLEAN\r
7c342378 899(EFIAPI *EDKII_CRYPTO_PKCS7_SIGN)(\r
3b0e0430
MK		 900 IN CONST UINT8 *PrivateKey,\r
901 IN UINTN PrivateKeySize,\r
902 IN CONST UINT8 *KeyPassword,\r
903 IN UINT8 *InData,\r
904 IN UINTN InDataSize,\r
905 IN UINT8 *SignCert,\r
906 IN UINT8 *OtherCerts OPTIONAL,\r
907 OUT UINT8 **SignedData,\r
908 OUT UINTN *SignedDataSize\r
909 );\r
910\r
911/**\r
912 Extracts the attached content from a PKCS#7 signed data if existed. The input signed\r
913 data could be wrapped in a ContentInfo structure.\r
914\r
915 If P7Data, Content, or ContentSize is NULL, then return FALSE. If P7Length overflow,\r
916 then return FALSE. If the P7Data is not correctly formatted, then return FALSE.\r
917\r
918 Caution: This function may receive untrusted input. So this function will do\r
919 basic check for PKCS#7 data structure.\r
920\r
921 @param[in] P7Data Pointer to the PKCS#7 signed data to process.\r
922 @param[in] P7Length Length of the PKCS#7 signed data in bytes.\r
923 @param[out] Content Pointer to the extracted content from the PKCS#7 signedData.\r
924 It's caller's responsibility to free the buffer with FreePool().\r
925 @param[out] ContentSize The size of the extracted content in bytes.\r
926\r
927 @retval TRUE The P7Data was correctly formatted for processing.\r
928 @retval FALSE The P7Data was not correctly formatted for processing.\r
929\r
930\r
931**/\r
932typedef\r
933BOOLEAN\r
7c342378 934(EFIAPI *EDKII_CRYPTO_PKCS7_GET_ATTACHED_CONTENT)(\r
3b0e0430
MK		 935 IN CONST UINT8 *P7Data,\r
936 IN UINTN P7Length,\r
937 OUT VOID **Content,\r
938 OUT UINTN *ContentSize\r
939 );\r
940\r
941/**\r
942 Retrieves all embedded certificates from PKCS#7 signed data as described in "PKCS #7:\r
943 Cryptographic Message Syntax Standard", and outputs two certificate lists chained and\r
944 unchained to the signer's certificates.\r
945 The input signed data could be wrapped in a ContentInfo structure.\r
946\r
947 @param[in] P7Data Pointer to the PKCS#7 message.\r
948 @param[in] P7Length Length of the PKCS#7 message in bytes.\r
949 @param[out] SignerChainCerts Pointer to the certificates list chained to signer's\r
950 certificate. It's caller's responsibility to free the buffer\r
951 with Pkcs7FreeSigners().\r
952 This data structure is EFI_CERT_STACK type.\r
953 @param[out] ChainLength Length of the chained certificates list buffer in bytes.\r
954 @param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's\r
955 responsibility to free the buffer with Pkcs7FreeSigners().\r
956 This data structure is EFI_CERT_STACK type.\r
957 @param[out] UnchainLength Length of the unchained certificates list buffer in bytes.\r
958\r
959 @retval TRUE The operation is finished successfully.\r
960 @retval FALSE Error occurs during the operation.\r
961\r
962**/\r
963typedef\r
964BOOLEAN\r
7c342378 965(EFIAPI *EDKII_CRYPTO_PKCS7_GET_CERTIFICATES_LIST)(\r
3b0e0430
MK		 966 IN CONST UINT8 *P7Data,\r
967 IN UINTN P7Length,\r
968 OUT UINT8 **SignerChainCerts,\r
969 OUT UINTN *ChainLength,\r
970 OUT UINT8 **UnchainCerts,\r
971 OUT UINTN *UnchainLength\r
972 );\r
973\r
974/**\r
975 Verifies the validity of a PE/COFF Authenticode Signature as described in "Windows\r
976 Authenticode Portable Executable Signature Format".\r
977\r
978 If AuthData is NULL, then return FALSE.\r
979 If ImageHash is NULL, then return FALSE.\r
980 If this interface is not supported, then return FALSE.\r
981\r
982 @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed\r
983 PE/COFF image to be verified.\r
984 @param[in] DataSize Size of the Authenticode Signature in bytes.\r
985 @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which\r
986 is used for certificate chain verification.\r
987 @param[in] CertSize Size of the trusted certificate in bytes.\r
988 @param[in] ImageHash Pointer to the original image file hash value. The procedure\r
989 for calculating the image hash value is described in Authenticode\r
990 specification.\r
991 @param[in] HashSize Size of Image hash value in bytes.\r
992\r
993 @retval TRUE The specified Authenticode Signature is valid.\r
994 @retval FALSE Invalid Authenticode Signature.\r
995 @retval FALSE This interface is not supported.\r
996\r
997**/\r
998typedef\r
999BOOLEAN\r
7c342378 1000(EFIAPI *EDKII_CRYPTO_AUTHENTICODE_VERIFY)(\r
3b0e0430
MK		 1001 IN CONST UINT8 *AuthData,\r
1002 IN UINTN DataSize,\r
1003 IN CONST UINT8 *TrustedCert,\r
1004 IN UINTN CertSize,\r
1005 IN CONST UINT8 *ImageHash,\r
1006 IN UINTN HashSize\r
1007 );\r
1008\r
1009/**\r
1010 Verifies the validity of a RFC3161 Timestamp CounterSignature embedded in PE/COFF Authenticode\r
1011 signature.\r
1012\r
1013 If AuthData is NULL, then return FALSE.\r
1014 If this interface is not supported, then return FALSE.\r
1015\r
1016 @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed\r
1017 PE/COFF image to be verified.\r
1018 @param[in] DataSize Size of the Authenticode Signature in bytes.\r
1019 @param[in] TsaCert Pointer to a trusted/root TSA certificate encoded in DER, which\r
1020 is used for TSA certificate chain verification.\r
1021 @param[in] CertSize Size of the trusted certificate in bytes.\r
1022 @param[out] SigningTime Return the time of timestamp generation time if the timestamp\r
1023 signature is valid.\r
1024\r
1025 @retval TRUE The specified Authenticode includes a valid RFC3161 Timestamp CounterSignature.\r
1026 @retval FALSE No valid RFC3161 Timestamp CounterSignature in the specified Authenticode data.\r
1027\r
1028**/\r
1029typedef\r
1030BOOLEAN\r
7c342378 1031(EFIAPI *EDKII_CRYPTO_IMAGE_TIMESTAMP_VERIFY)(\r
3b0e0430
MK		 1032 IN CONST UINT8 *AuthData,\r
1033 IN UINTN DataSize,\r
1034 IN CONST UINT8 *TsaCert,\r
1035 IN UINTN CertSize,\r
1036 OUT EFI_TIME *SigningTime\r
1037 );\r
1038\r
7c342378 1039// =====================================================================================\r
3b0e0430 1040// DH Key Exchange Primitive\r
7c342378 1041// =====================================================================================\r
3b0e0430
MK		 1042\r
1043/**\r
1044 Allocates and Initializes one Diffie-Hellman Context for subsequent use.\r
1045\r
1046 @return Pointer to the Diffie-Hellman Context that has been initialized.\r
1047 If the allocations fails, DhNew() returns NULL.\r
1048 If the interface is not supported, DhNew() returns NULL.\r
1049\r
1050**/\r
1051typedef\r
7c342378
MK		 1052VOID *\r
1053(EFIAPI *EDKII_CRYPTO_DH_NEW)(\r
3b0e0430
MK		 1054 VOID\r
1055 );\r
1056\r
1057/**\r
1058 Release the specified DH context.\r
1059\r
1060 If the interface is not supported, then ASSERT().\r
1061\r
1062 @param[in] DhContext Pointer to the DH context to be released.\r
1063\r
1064**/\r
1065typedef\r
1066VOID\r
7c342378 1067(EFIAPI *EDKII_CRYPTO_DH_FREE)(\r
3b0e0430
MK		 1068 IN VOID *DhContext\r
1069 );\r
1070\r
1071/**\r
1072 Generates DH parameter.\r
1073\r
1074 Given generator g, and length of prime number p in bits, this function generates p,\r
1075 and sets DH context according to value of g and p.\r
1076\r
1077 Before this function can be invoked, pseudorandom number generator must be correctly\r
1078 initialized by RandomSeed().\r
1079\r
1080 If DhContext is NULL, then return FALSE.\r
1081 If Prime is NULL, then return FALSE.\r
1082 If this interface is not supported, then return FALSE.\r
1083\r
1084 @param[in, out] DhContext Pointer to the DH context.\r
1085 @param[in] Generator Value of generator.\r
1086 @param[in] PrimeLength Length in bits of prime to be generated.\r
1087 @param[out] Prime Pointer to the buffer to receive the generated prime number.\r
1088\r
1089 @retval TRUE DH parameter generation succeeded.\r
1090 @retval FALSE Value of Generator is not supported.\r
1091 @retval FALSE PRNG fails to generate random prime number with PrimeLength.\r
1092 @retval FALSE This interface is not supported.\r
1093\r
1094**/\r
1095typedef\r
1096BOOLEAN\r
7c342378 1097(EFIAPI *EDKII_CRYPTO_DH_GENERATE_PARAMETER)(\r
3b0e0430
MK		 1098 IN OUT VOID *DhContext,\r
1099 IN UINTN Generator,\r
1100 IN UINTN PrimeLength,\r
1101 OUT UINT8 *Prime\r
1102 );\r
1103\r
1104/**\r
1105 Sets generator and prime parameters for DH.\r
1106\r
1107 Given generator g, and prime number p, this function and sets DH\r
1108 context accordingly.\r
1109\r
1110 If DhContext is NULL, then return FALSE.\r
1111 If Prime is NULL, then return FALSE.\r
1112 If this interface is not supported, then return FALSE.\r
1113\r
1114 @param[in, out] DhContext Pointer to the DH context.\r
1115 @param[in] Generator Value of generator.\r
1116 @param[in] PrimeLength Length in bits of prime to be generated.\r
1117 @param[in] Prime Pointer to the prime number.\r
1118\r
1119 @retval TRUE DH parameter setting succeeded.\r
1120 @retval FALSE Value of Generator is not supported.\r
1121 @retval FALSE Value of Generator is not suitable for the Prime.\r
1122 @retval FALSE Value of Prime is not a prime number.\r
1123 @retval FALSE Value of Prime is not a safe prime number.\r
1124 @retval FALSE This interface is not supported.\r
1125\r
1126**/\r
1127typedef\r
1128BOOLEAN\r
7c342378 1129(EFIAPI *EDKII_CRYPTO_DH_SET_PARAMETER)(\r
3b0e0430
MK		 1130 IN OUT VOID *DhContext,\r
1131 IN UINTN Generator,\r
1132 IN UINTN PrimeLength,\r
1133 IN CONST UINT8 *Prime\r
1134 );\r
1135\r
1136/**\r
1137 Generates DH public key.\r
1138\r
1139 This function generates random secret exponent, and computes the public key, which is\r
1140 returned via parameter PublicKey and PublicKeySize. DH context is updated accordingly.\r
1141 If the PublicKey buffer is too small to hold the public key, FALSE is returned and\r
1142 PublicKeySize is set to the required buffer size to obtain the public key.\r
1143\r
1144 If DhContext is NULL, then return FALSE.\r
1145 If PublicKeySize is NULL, then return FALSE.\r
1146 If PublicKeySize is large enough but PublicKey is NULL, then return FALSE.\r
1147 If this interface is not supported, then return FALSE.\r
1148\r
1149 @param[in, out] DhContext Pointer to the DH context.\r
1150 @param[out] PublicKey Pointer to the buffer to receive generated public key.\r
1151 @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes.\r
1152 On output, the size of data returned in PublicKey buffer in bytes.\r
1153\r
1154 @retval TRUE DH public key generation succeeded.\r
1155 @retval FALSE DH public key generation failed.\r
1156 @retval FALSE PublicKeySize is not large enough.\r
1157 @retval FALSE This interface is not supported.\r
1158\r
1159**/\r
1160typedef\r
1161BOOLEAN\r
7c342378 1162(EFIAPI *EDKII_CRYPTO_DH_GENERATE_KEY)(\r
3b0e0430
MK		 1163 IN OUT VOID *DhContext,\r
1164 OUT UINT8 *PublicKey,\r
1165 IN OUT UINTN *PublicKeySize\r
1166 );\r
1167\r
1168/**\r
1169 Computes exchanged common key.\r
1170\r
1171 Given peer's public key, this function computes the exchanged common key, based on its own\r
1172 context including value of prime modulus and random secret exponent.\r
1173\r
1174 If DhContext is NULL, then return FALSE.\r
1175 If PeerPublicKey is NULL, then return FALSE.\r
1176 If KeySize is NULL, then return FALSE.\r
1177 If Key is NULL, then return FALSE.\r
1178 If KeySize is not large enough, then return FALSE.\r
1179 If this interface is not supported, then return FALSE.\r
1180\r
1181 @param[in, out] DhContext Pointer to the DH context.\r
1182 @param[in] PeerPublicKey Pointer to the peer's public key.\r
1183 @param[in] PeerPublicKeySize Size of peer's public key in bytes.\r
1184 @param[out] Key Pointer to the buffer to receive generated key.\r
1185 @param[in, out] KeySize On input, the size of Key buffer in bytes.\r
1186 On output, the size of data returned in Key buffer in bytes.\r
1187\r
1188 @retval TRUE DH exchanged key generation succeeded.\r
1189 @retval FALSE DH exchanged key generation failed.\r
1190 @retval FALSE KeySize is not large enough.\r
1191 @retval FALSE This interface is not supported.\r
1192\r
1193**/\r
1194typedef\r
1195BOOLEAN\r
7c342378 1196(EFIAPI *EDKII_CRYPTO_DH_COMPUTE_KEY)(\r
3b0e0430
MK		 1197 IN OUT VOID *DhContext,\r
1198 IN CONST UINT8 *PeerPublicKey,\r
1199 IN UINTN PeerPublicKeySize,\r
1200 OUT UINT8 *Key,\r
1201 IN OUT UINTN *KeySize\r
1202 );\r
1203\r
7c342378 1204// =====================================================================================\r
3b0e0430 1205// Pseudo-Random Generation Primitive\r
7c342378 1206// =====================================================================================\r
3b0e0430
MK		 1207\r
1208/**\r
1209 Sets up the seed value for the pseudorandom number generator.\r
1210\r
1211 This function sets up the seed value for the pseudorandom number generator.\r
1212 If Seed is not NULL, then the seed passed in is used.\r
1213 If Seed is NULL, then default seed is used.\r
1214 If this interface is not supported, then return FALSE.\r
1215\r
1216 @param[in] Seed Pointer to seed value.\r
1217 If NULL, default seed is used.\r
1218 @param[in] SeedSize Size of seed value.\r
1219 If Seed is NULL, this parameter is ignored.\r
1220\r
1221 @retval TRUE Pseudorandom number generator has enough entropy for random generation.\r
1222 @retval FALSE Pseudorandom number generator does not have enough entropy for random generation.\r
1223 @retval FALSE This interface is not supported.\r
1224\r
1225**/\r
1226typedef\r
1227BOOLEAN\r
7c342378 1228(EFIAPI *EDKII_CRYPTO_RANDOM_SEED)(\r
3b0e0430
MK		 1229 IN CONST UINT8 *Seed OPTIONAL,\r
1230 IN UINTN SeedSize\r
1231 );\r
1232\r
1233/**\r
1234 Generates a pseudorandom byte stream of the specified size.\r
1235\r
1236 If Output is NULL, then return FALSE.\r
1237 If this interface is not supported, then return FALSE.\r
1238\r
1239 @param[out] Output Pointer to buffer to receive random value.\r
1240 @param[in] Size Size of random bytes to generate.\r
1241\r
1242 @retval TRUE Pseudorandom byte stream generated successfully.\r
1243 @retval FALSE Pseudorandom number generator fails to generate due to lack of entropy.\r
1244 @retval FALSE This interface is not supported.\r
1245\r
1246**/\r
1247typedef\r
1248BOOLEAN\r
7c342378 1249(EFIAPI *EDKII_CRYPTO_RANDOM_BYTES)(\r
3b0e0430
MK		 1250 OUT UINT8 *Output,\r
1251 IN UINTN Size\r
1252 );\r
1253\r
1254/**\r
1255 Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in\r
1256 RSA PKCS#1.\r
1257\r
1258 If RsaContext is NULL, then return FALSE.\r
1259 If MessageHash is NULL, then return FALSE.\r
1260 If Signature is NULL, then return FALSE.\r
1261 If HashSize is not equal to the size of MD5, SHA-1, SHA-256 digest, then return FALSE.\r
1262\r
1263 @param[in] RsaContext Pointer to RSA context for signature verification.\r
1264 @param[in] MessageHash Pointer to octet message hash to be checked.\r
1265 @param[in] HashSize Size of the message hash in bytes.\r
1266 @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.\r
1267 @param[in] SigSize Size of signature in bytes.\r
1268\r
1269 @retval TRUE Valid signature encoded in PKCS1-v1_5.\r
1270 @retval FALSE Invalid signature or invalid RSA context.\r
1271\r
1272**/\r
1273typedef\r
1274BOOLEAN\r
7c342378 1275(EFIAPI *EDKII_CRYPTO_RSA_VERIFY_PKCS1)(\r
3b0e0430
MK		 1276 IN VOID *RsaContext,\r
1277 IN CONST UINT8 *MessageHash,\r
1278 IN UINTN HashSize,\r
1279 IN CONST UINT8 *Signature,\r
1280 IN UINTN SigSize\r
1281 );\r
1282\r
3b0e0430
MK		 1283/**\r
1284 Allocates and initializes one RSA context for subsequent use.\r
1285\r
1286 @return Pointer to the RSA context that has been initialized.\r
1287 If the allocations fails, RsaNew() returns NULL.\r
1288\r
1289**/\r
1290typedef\r
7c342378
MK		 1291VOID *\r
1292(EFIAPI *EDKII_CRYPTO_RSA_NEW)(\r
3b0e0430
MK		 1293 VOID\r
1294 );\r
1295\r
1296/**\r
1297 Release the specified RSA context.\r
1298\r
1299 If RsaContext is NULL, then return FALSE.\r
1300\r
1301 @param[in] RsaContext Pointer to the RSA context to be released.\r
1302\r
1303**/\r
1304typedef\r
1305VOID\r
7c342378 1306(EFIAPI *EDKII_CRYPTO_RSA_FREE)(\r
3b0e0430
MK		 1307 IN VOID *RsaContext\r
1308 );\r
1309\r
1310/**\r
1311 Sets the tag-designated key component into the established RSA context.\r
1312\r
1313 This function sets the tag-designated RSA key component into the established\r
1314 RSA context from the user-specified non-negative integer (octet string format\r
1315 represented in RSA PKCS#1).\r
1316 If BigNumber is NULL, then the specified key component in RSA context is cleared.\r
1317\r
1318 If RsaContext is NULL, then return FALSE.\r
1319\r
1320 @param[in, out] RsaContext Pointer to RSA context being set.\r
1321 @param[in] KeyTag Tag of RSA key component being set.\r
1322 @param[in] BigNumber Pointer to octet integer buffer.\r
1323 If NULL, then the specified key component in RSA\r
1324 context is cleared.\r
1325 @param[in] BnSize Size of big number buffer in bytes.\r
1326 If BigNumber is NULL, then it is ignored.\r
1327\r
1328 @retval TRUE RSA key component was set successfully.\r
1329 @retval FALSE Invalid RSA key component tag.\r
1330\r
1331**/\r
1332typedef\r
1333BOOLEAN\r
7c342378 1334(EFIAPI *EDKII_CRYPTO_RSA_SET_KEY)(\r
3b0e0430
MK		 1335 IN OUT VOID *RsaContext,\r
1336 IN RSA_KEY_TAG KeyTag,\r
1337 IN CONST UINT8 *BigNumber,\r
1338 IN UINTN BnSize\r
1339 );\r
1340\r
1341/**\r
1342 Gets the tag-designated RSA key component from the established RSA context.\r
1343\r
1344 This function retrieves the tag-designated RSA key component from the\r
1345 established RSA context as a non-negative integer (octet string format\r
1346 represented in RSA PKCS#1).\r
1347 If specified key component has not been set or has been cleared, then returned\r
1348 BnSize is set to 0.\r
1349 If the BigNumber buffer is too small to hold the contents of the key, FALSE\r
1350 is returned and BnSize is set to the required buffer size to obtain the key.\r
1351\r
1352 If RsaContext is NULL, then return FALSE.\r
1353 If BnSize is NULL, then return FALSE.\r
1354 If BnSize is large enough but BigNumber is NULL, then return FALSE.\r
1355 If this interface is not supported, then return FALSE.\r
1356\r
1357 @param[in, out] RsaContext Pointer to RSA context being set.\r
1358 @param[in] KeyTag Tag of RSA key component being set.\r
1359 @param[out] BigNumber Pointer to octet integer buffer.\r
1360 @param[in, out] BnSize On input, the size of big number buffer in bytes.\r
1361 On output, the size of data returned in big number buffer in bytes.\r
1362\r
1363 @retval TRUE RSA key component was retrieved successfully.\r
1364 @retval FALSE Invalid RSA key component tag.\r
1365 @retval FALSE BnSize is too small.\r
1366 @retval FALSE This interface is not supported.\r
1367\r
1368**/\r
1369typedef\r
1370BOOLEAN\r
7c342378 1371(EFIAPI *EDKII_CRYPTO_RSA_GET_KEY)(\r
3b0e0430
MK		 1372 IN OUT VOID *RsaContext,\r
1373 IN RSA_KEY_TAG KeyTag,\r
1374 OUT UINT8 *BigNumber,\r
1375 IN OUT UINTN *BnSize\r
1376 );\r
1377\r
1378/**\r
1379 Generates RSA key components.\r
1380\r
1381 This function generates RSA key components. It takes RSA public exponent E and\r
1382 length in bits of RSA modulus N as input, and generates all key components.\r
1383 If PublicExponent is NULL, the default RSA public exponent (0x10001) will be used.\r
1384\r
1385 Before this function can be invoked, pseudorandom number generator must be correctly\r
1386 initialized by RandomSeed().\r
1387\r
1388 If RsaContext is NULL, then return FALSE.\r
1389 If this interface is not supported, then return FALSE.\r
1390\r
1391 @param[in, out] RsaContext Pointer to RSA context being set.\r
1392 @param[in] ModulusLength Length of RSA modulus N in bits.\r
1393 @param[in] PublicExponent Pointer to RSA public exponent.\r
1394 @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.\r
1395\r
1396 @retval TRUE RSA key component was generated successfully.\r
1397 @retval FALSE Invalid RSA key component tag.\r
1398 @retval FALSE This interface is not supported.\r
1399\r
1400**/\r
1401typedef\r
1402BOOLEAN\r
7c342378 1403(EFIAPI *EDKII_CRYPTO_RSA_GENERATE_KEY)(\r
3b0e0430
MK		 1404 IN OUT VOID *RsaContext,\r
1405 IN UINTN ModulusLength,\r
1406 IN CONST UINT8 *PublicExponent,\r
1407 IN UINTN PublicExponentSize\r
1408 );\r
1409\r
1410/**\r
1411 Validates key components of RSA context.\r
1412 NOTE: This function performs integrity checks on all the RSA key material, so\r
1413 the RSA key structure must contain all the private key data.\r
1414\r
1415 This function validates key components of RSA context in following aspects:\r
1416 - Whether p is a prime\r
1417 - Whether q is a prime\r
1418 - Whether n = p * q\r
1419 - Whether d*e = 1 mod lcm(p-1,q-1)\r
1420\r
1421 If RsaContext is NULL, then return FALSE.\r
1422 If this interface is not supported, then return FALSE.\r
1423\r
1424 @param[in] RsaContext Pointer to RSA context to check.\r
1425\r
1426 @retval TRUE RSA key components are valid.\r
1427 @retval FALSE RSA key components are not valid.\r
1428 @retval FALSE This interface is not supported.\r
1429\r
1430**/\r
1431typedef\r
1432BOOLEAN\r
7c342378 1433(EFIAPI *EDKII_CRYPTO_RSA_CHECK_KEY)(\r
3b0e0430
MK		 1434 IN VOID *RsaContext\r
1435 );\r
1436\r
1437/**\r
1438 Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.\r
1439\r
1440 This function carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme defined in\r
1441 RSA PKCS#1.\r
1442 If the Signature buffer is too small to hold the contents of signature, FALSE\r
1443 is returned and SigSize is set to the required buffer size to obtain the signature.\r
1444\r
1445 If RsaContext is NULL, then return FALSE.\r
1446 If MessageHash is NULL, then return FALSE.\r
1447 If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.\r
1448 If SigSize is large enough but Signature is NULL, then return FALSE.\r
1449 If this interface is not supported, then return FALSE.\r
1450\r
1451 @param[in] RsaContext Pointer to RSA context for signature generation.\r
1452 @param[in] MessageHash Pointer to octet message hash to be signed.\r
1453 @param[in] HashSize Size of the message hash in bytes.\r
1454 @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature.\r
1455 @param[in, out] SigSize On input, the size of Signature buffer in bytes.\r
1456 On output, the size of data returned in Signature buffer in bytes.\r
1457\r
1458 @retval TRUE Signature successfully generated in PKCS1-v1_5.\r
1459 @retval FALSE Signature generation failed.\r
1460 @retval FALSE SigSize is too small.\r
1461 @retval FALSE This interface is not supported.\r
1462\r
1463**/\r
1464typedef\r
1465BOOLEAN\r
7c342378 1466(EFIAPI *EDKII_CRYPTO_RSA_PKCS1_SIGN)(\r
3b0e0430
MK		 1467 IN VOID *RsaContext,\r
1468 IN CONST UINT8 *MessageHash,\r
1469 IN UINTN HashSize,\r
1470 OUT UINT8 *Signature,\r
1471 IN OUT UINTN *SigSize\r
1472 );\r
1473\r
1474/**\r
1475 Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in\r
1476 RSA PKCS#1.\r
1477\r
1478 If RsaContext is NULL, then return FALSE.\r
1479 If MessageHash is NULL, then return FALSE.\r
1480 If Signature is NULL, then return FALSE.\r
1481 If HashSize is not equal to the size of MD5, SHA-1, SHA-256 digest, then return FALSE.\r
1482\r
1483 @param[in] RsaContext Pointer to RSA context for signature verification.\r
1484 @param[in] MessageHash Pointer to octet message hash to be checked.\r
1485 @param[in] HashSize Size of the message hash in bytes.\r
1486 @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.\r
1487 @param[in] SigSize Size of signature in bytes.\r
1488\r
1489 @retval TRUE Valid signature encoded in PKCS1-v1_5.\r
1490 @retval FALSE Invalid signature or invalid RSA context.\r
1491\r
1492**/\r
1493typedef\r
1494BOOLEAN\r
7c342378 1495(EFIAPI *EDKII_CRYPTO_RSA_PKCS1_VERIFY)(\r
3b0e0430
MK		 1496 IN VOID *RsaContext,\r
1497 IN CONST UINT8 *MessageHash,\r
1498 IN UINTN HashSize,\r
1499 IN CONST UINT8 *Signature,\r
1500 IN UINTN SigSize\r
1501 );\r
1502\r
1503/**\r
1504 Retrieve the RSA Private Key from the password-protected PEM key data.\r
1505\r
1506 If PemData is NULL, then return FALSE.\r
1507 If RsaContext is NULL, then return FALSE.\r
1508 If this interface is not supported, then return FALSE.\r
1509\r
1510 @param[in] PemData Pointer to the PEM-encoded key data to be retrieved.\r
1511 @param[in] PemSize Size of the PEM key data in bytes.\r
1512 @param[in] Password NULL-terminated passphrase used for encrypted PEM key data.\r
1513 @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved\r
1514 RSA private key component. Use RsaFree() function to free the\r
1515 resource.\r
1516\r
1517 @retval TRUE RSA Private Key was retrieved successfully.\r
1518 @retval FALSE Invalid PEM key data or incorrect password.\r
1519 @retval FALSE This interface is not supported.\r
1520\r
1521**/\r
1522typedef\r
1523BOOLEAN\r
7c342378 1524(EFIAPI *EDKII_CRYPTO_RSA_GET_PRIVATE_KEY_FROM_PEM)(\r
3b0e0430
MK		 1525 IN CONST UINT8 *PemData,\r
1526 IN UINTN PemSize,\r
1527 IN CONST CHAR8 *Password,\r
1528 OUT VOID **RsaContext\r
1529 );\r
1530\r
1531/**\r
1532 Retrieve the RSA Public Key from one DER-encoded X509 certificate.\r
1533\r
1534 If Cert is NULL, then return FALSE.\r
1535 If RsaContext is NULL, then return FALSE.\r
1536 If this interface is not supported, then return FALSE.\r
1537\r
1538 @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
1539 @param[in] CertSize Size of the X509 certificate in bytes.\r
1540 @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved\r
1541 RSA public key component. Use RsaFree() function to free the\r
1542 resource.\r
1543\r
1544 @retval TRUE RSA Public Key was retrieved successfully.\r
1545 @retval FALSE Fail to retrieve RSA public key from X509 certificate.\r
1546 @retval FALSE This interface is not supported.\r
1547\r
1548**/\r
1549typedef\r
1550BOOLEAN\r
7c342378 1551(EFIAPI *EDKII_CRYPTO_RSA_GET_PUBLIC_KEY_FROM_X509)(\r
3b0e0430
MK		 1552 IN CONST UINT8 *Cert,\r
1553 IN UINTN CertSize,\r
1554 OUT VOID **RsaContext\r
1555 );\r
1556\r
7c342378 1557// ----------------------------------------\r
3b0e0430 1558// SHA\r
7c342378 1559// ----------------------------------------\r
3b0e0430
MK		 1560\r
1561/**\r
1562 Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations.\r
1563\r
1564 If this interface is not supported, then return zero.\r
1565\r
1566 @return The size, in bytes, of the context buffer required for SHA-1 hash operations.\r
1567 @retval 0 This interface is not supported.\r
1568\r
1569**/\r
1570typedef\r
1571UINTN\r
7c342378 1572(EFIAPI *EDKII_CRYPTO_SHA1_GET_CONTEXT_SIZE)(\r
3b0e0430
MK		 1573 VOID\r
1574 );\r
1575\r
1576/**\r
1577 Initializes user-supplied memory pointed by Sha1Context as SHA-1 hash context for\r
1578 subsequent use.\r
1579\r
1580 If Sha1Context is NULL, then return FALSE.\r
1581 If this interface is not supported, then return FALSE.\r
1582\r
1583 @param[out] Sha1Context Pointer to SHA-1 context being initialized.\r
1584\r
1585 @retval TRUE SHA-1 context initialization succeeded.\r
1586 @retval FALSE SHA-1 context initialization failed.\r
1587 @retval FALSE This interface is not supported.\r
1588\r
1589**/\r
1590typedef\r
1591BOOLEAN\r
7c342378 1592(EFIAPI *EDKII_CRYPTO_SHA1_INIT)(\r
3b0e0430
MK		 1593 OUT VOID *Sha1Context\r
1594 );\r
1595\r
1596/**\r
1597 Makes a copy of an existing SHA-1 context.\r
1598\r
1599 If Sha1Context is NULL, then return FALSE.\r
1600 If NewSha1Context is NULL, then return FALSE.\r
1601 If this interface is not supported, then return FALSE.\r
1602\r
1603 @param[in] Sha1Context Pointer to SHA-1 context being copied.\r
1604 @param[out] NewSha1Context Pointer to new SHA-1 context.\r
1605\r
1606 @retval TRUE SHA-1 context copy succeeded.\r
1607 @retval FALSE SHA-1 context copy failed.\r
1608 @retval FALSE This interface is not supported.\r
1609\r
1610**/\r
1611typedef\r
1612BOOLEAN\r
7c342378 1613(EFIAPI *EDKII_CRYPTO_SHA1_DUPLICATE)(\r
3b0e0430
MK		 1614 IN CONST VOID *Sha1Context,\r
1615 OUT VOID *NewSha1Context\r
1616 );\r
1617\r
1618/**\r
1619 Digests the input data and updates SHA-1 context.\r
1620\r
1621 This function performs SHA-1 digest on a data buffer of the specified size.\r
1622 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
1623 SHA-1 context should be already correctly initialized by Sha1Init(), and should not be finalized\r
1624 by Sha1Final(). Behavior with invalid context is undefined.\r
1625\r
1626 If Sha1Context is NULL, then return FALSE.\r
1627 If this interface is not supported, then return FALSE.\r
1628\r
1629 @param[in, out] Sha1Context Pointer to the SHA-1 context.\r
1630 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
1631 @param[in] DataSize Size of Data buffer in bytes.\r
1632\r
1633 @retval TRUE SHA-1 data digest succeeded.\r
1634 @retval FALSE SHA-1 data digest failed.\r
1635 @retval FALSE This interface is not supported.\r
1636\r
1637**/\r
1638typedef\r
1639BOOLEAN\r
7c342378 1640(EFIAPI *EDKII_CRYPTO_SHA1_UPDATE)(\r
3b0e0430
MK		 1641 IN OUT VOID *Sha1Context,\r
1642 IN CONST VOID *Data,\r
1643 IN UINTN DataSize\r
1644 );\r
1645\r
1646/**\r
1647 Completes computation of the SHA-1 digest value.\r
1648\r
1649 This function completes SHA-1 hash computation and retrieves the digest value into\r
1650 the specified memory. After this function has been called, the SHA-1 context cannot\r
1651 be used again.\r
1652 SHA-1 context should be already correctly initialized by Sha1Init(), and should not be\r
1653 finalized by Sha1Final(). Behavior with invalid SHA-1 context is undefined.\r
1654\r
1655 If Sha1Context is NULL, then return FALSE.\r
1656 If HashValue is NULL, then return FALSE.\r
1657 If this interface is not supported, then return FALSE.\r
1658\r
1659 @param[in, out] Sha1Context Pointer to the SHA-1 context.\r
1660 @param[out] HashValue Pointer to a buffer that receives the SHA-1 digest\r
1661 value (20 bytes).\r
1662\r
1663 @retval TRUE SHA-1 digest computation succeeded.\r
1664 @retval FALSE SHA-1 digest computation failed.\r
1665 @retval FALSE This interface is not supported.\r
1666\r
1667**/\r
1668typedef\r
1669BOOLEAN\r
7c342378 1670(EFIAPI *EDKII_CRYPTO_SHA1_FINAL)(\r
3b0e0430
MK		 1671 IN OUT VOID *Sha1Context,\r
1672 OUT UINT8 *HashValue\r
1673 );\r
1674\r
1675/**\r
1676 Computes the SHA-1 message digest of a input data buffer.\r
1677\r
1678 This function performs the SHA-1 message digest of a given data buffer, and places\r
1679 the digest value into the specified memory.\r
1680\r
1681 If this interface is not supported, then return FALSE.\r
1682\r
1683 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
1684 @param[in] DataSize Size of Data buffer in bytes.\r
1685 @param[out] HashValue Pointer to a buffer that receives the SHA-1 digest\r
1686 value (20 bytes).\r
1687\r
1688 @retval TRUE SHA-1 digest computation succeeded.\r
1689 @retval FALSE SHA-1 digest computation failed.\r
1690 @retval FALSE This interface is not supported.\r
1691\r
1692**/\r
1693typedef\r
1694BOOLEAN\r
7c342378 1695(EFIAPI *EDKII_CRYPTO_SHA1_HASH_ALL)(\r
3b0e0430
MK		 1696 IN CONST VOID *Data,\r
1697 IN UINTN DataSize,\r
1698 OUT UINT8 *HashValue\r
1699 );\r
1700\r
1701/**\r
1702 Retrieves the size, in bytes, of the context buffer required for SHA-256 hash operations.\r
1703\r
1704 @return The size, in bytes, of the context buffer required for SHA-256 hash operations.\r
1705\r
1706**/\r
1707typedef\r
1708UINTN\r
7c342378 1709(EFIAPI *EDKII_CRYPTO_SHA256_GET_CONTEXT_SIZE)(\r
3b0e0430 1710 VOID\r
7c342378 1711 );\r
3b0e0430
MK		 1712\r
1713/**\r
1714 Initializes user-supplied memory pointed by Sha256Context as SHA-256 hash context for\r
1715 subsequent use.\r
1716\r
1717 If Sha256Context is NULL, then return FALSE.\r
1718\r
1719 @param[out] Sha256Context Pointer to SHA-256 context being initialized.\r
1720\r
1721 @retval TRUE SHA-256 context initialization succeeded.\r
1722 @retval FALSE SHA-256 context initialization failed.\r
1723\r
1724**/\r
1725typedef\r
1726BOOLEAN\r
7c342378 1727(EFIAPI *EDKII_CRYPTO_SHA256_INIT)(\r
3b0e0430
MK		 1728 OUT VOID *Sha256Context\r
1729 );\r
1730\r
1731/**\r
1732 Makes a copy of an existing SHA-256 context.\r
1733\r
1734 If Sha256Context is NULL, then return FALSE.\r
1735 If NewSha256Context is NULL, then return FALSE.\r
1736 If this interface is not supported, then return FALSE.\r
1737\r
1738 @param[in] Sha256Context Pointer to SHA-256 context being copied.\r
1739 @param[out] NewSha256Context Pointer to new SHA-256 context.\r
1740\r
1741 @retval TRUE SHA-256 context copy succeeded.\r
1742 @retval FALSE SHA-256 context copy failed.\r
1743 @retval FALSE This interface is not supported.\r
1744\r
1745**/\r
1746typedef\r
1747BOOLEAN\r
7c342378 1748(EFIAPI *EDKII_CRYPTO_SHA256_DUPLICATE)(\r
3b0e0430
MK		 1749 IN CONST VOID *Sha256Context,\r
1750 OUT VOID *NewSha256Context\r
1751 );\r
1752\r
1753/**\r
1754 Digests the input data and updates SHA-256 context.\r
1755\r
1756 This function performs SHA-256 digest on a data buffer of the specified size.\r
1757 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
1758 SHA-256 context should be already correctly initialized by Sha256Init(), and should not be finalized\r
1759 by Sha256Final(). Behavior with invalid context is undefined.\r
1760\r
1761 If Sha256Context is NULL, then return FALSE.\r
1762\r
1763 @param[in, out] Sha256Context Pointer to the SHA-256 context.\r
1764 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
1765 @param[in] DataSize Size of Data buffer in bytes.\r
1766\r
1767 @retval TRUE SHA-256 data digest succeeded.\r
1768 @retval FALSE SHA-256 data digest failed.\r
1769\r
1770**/\r
1771typedef\r
1772BOOLEAN\r
7c342378 1773(EFIAPI *EDKII_CRYPTO_SHA256_UPDATE)(\r
3b0e0430
MK		 1774 IN OUT VOID *Sha256Context,\r
1775 IN CONST VOID *Data,\r
1776 IN UINTN DataSize\r
1777 );\r
1778\r
1779/**\r
1780 Completes computation of the SHA-256 digest value.\r
1781\r
1782 This function completes SHA-256 hash computation and retrieves the digest value into\r
1783 the specified memory. After this function has been called, the SHA-256 context cannot\r
1784 be used again.\r
1785 SHA-256 context should be already correctly initialized by Sha256Init(), and should not be\r
1786 finalized by Sha256Final(). Behavior with invalid SHA-256 context is undefined.\r
1787\r
1788 If Sha256Context is NULL, then return FALSE.\r
1789 If HashValue is NULL, then return FALSE.\r
1790\r
1791 @param[in, out] Sha256Context Pointer to the SHA-256 context.\r
1792 @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest\r
1793 value (32 bytes).\r
1794\r
1795 @retval TRUE SHA-256 digest computation succeeded.\r
1796 @retval FALSE SHA-256 digest computation failed.\r
1797\r
1798**/\r
1799typedef\r
1800BOOLEAN\r
7c342378 1801(EFIAPI *EDKII_CRYPTO_SHA256_FINAL)(\r
3b0e0430
MK		 1802 IN OUT VOID *Sha256Context,\r
1803 OUT UINT8 *HashValue\r
1804 );\r
1805\r
1806/**\r
1807 Computes the SHA-256 message digest of a input data buffer.\r
1808\r
1809 This function performs the SHA-256 message digest of a given data buffer, and places\r
1810 the digest value into the specified memory.\r
1811\r
1812 If this interface is not supported, then return FALSE.\r
1813\r
1814 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
1815 @param[in] DataSize Size of Data buffer in bytes.\r
1816 @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest\r
1817 value (32 bytes).\r
1818\r
1819 @retval TRUE SHA-256 digest computation succeeded.\r
1820 @retval FALSE SHA-256 digest computation failed.\r
1821 @retval FALSE This interface is not supported.\r
1822\r
1823**/\r
1824typedef\r
1825BOOLEAN\r
7c342378 1826(EFIAPI *EDKII_CRYPTO_SHA256_HASH_ALL)(\r
3b0e0430
MK		 1827 IN CONST VOID *Data,\r
1828 IN UINTN DataSize,\r
1829 OUT UINT8 *HashValue\r
1830 );\r
1831\r
3b0e0430
MK		 1832/**\r
1833 Retrieves the size, in bytes, of the context buffer required for SHA-384 hash operations.\r
1834 If this interface is not supported, then return zero.\r
1835\r
1836 @return The size, in bytes, of the context buffer required for SHA-384 hash operations.\r
1837 @retval 0 This interface is not supported.\r
1838\r
1839**/\r
1840typedef\r
1841UINTN\r
7c342378 1842(EFIAPI *EDKII_CRYPTO_SHA384_GET_CONTEXT_SIZE)(\r
3b0e0430
MK		 1843 VOID\r
1844 );\r
1845\r
3b0e0430
MK		 1846/**\r
1847 Initializes user-supplied memory pointed by Sha384Context as SHA-384 hash context for\r
1848 subsequent use.\r
1849\r
1850 If Sha384Context is NULL, then return FALSE.\r
1851\r
1852 @param[out] Sha384Context Pointer to SHA-384 context being initialized.\r
1853\r
1854 @retval TRUE SHA-384 context initialization succeeded.\r
1855 @retval FALSE SHA-384 context initialization failed.\r
1856\r
1857**/\r
1858typedef\r
1859BOOLEAN\r
7c342378 1860(EFIAPI *EDKII_CRYPTO_SHA384_INIT)(\r
3b0e0430
MK		 1861 OUT VOID *Sha384Context\r
1862 );\r
1863\r
3b0e0430
MK		 1864/**\r
1865 Makes a copy of an existing SHA-384 context.\r
1866\r
1867 If Sha384Context is NULL, then return FALSE.\r
1868 If NewSha384Context is NULL, then return FALSE.\r
1869 If this interface is not supported, then return FALSE.\r
1870\r
1871 @param[in] Sha384Context Pointer to SHA-384 context being copied.\r
1872 @param[out] NewSha384Context Pointer to new SHA-384 context.\r
1873\r
1874 @retval TRUE SHA-384 context copy succeeded.\r
1875 @retval FALSE SHA-384 context copy failed.\r
1876 @retval FALSE This interface is not supported.\r
1877\r
1878**/\r
1879typedef\r
1880BOOLEAN\r
7c342378 1881(EFIAPI *EDKII_CRYPTO_SHA384_DUPLICATE)(\r
3b0e0430
MK		 1882 IN CONST VOID *Sha384Context,\r
1883 OUT VOID *NewSha384Context\r
1884 );\r
1885\r
3b0e0430
MK		 1886/**\r
1887 Digests the input data and updates SHA-384 context.\r
1888\r
1889 This function performs SHA-384 digest on a data buffer of the specified size.\r
1890 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
1891 SHA-384 context should be already correctly initialized by Sha384Init(), and should not be finalized\r
1892 by Sha384Final(). Behavior with invalid context is undefined.\r
1893\r
1894 If Sha384Context is NULL, then return FALSE.\r
1895\r
1896 @param[in, out] Sha384Context Pointer to the SHA-384 context.\r
1897 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
1898 @param[in] DataSize Size of Data buffer in bytes.\r
1899\r
1900 @retval TRUE SHA-384 data digest succeeded.\r
1901 @retval FALSE SHA-384 data digest failed.\r
1902\r
1903**/\r
1904typedef\r
1905BOOLEAN\r
7c342378 1906(EFIAPI *EDKII_CRYPTO_SHA384_UPDATE)(\r
3b0e0430
MK		 1907 IN OUT VOID *Sha384Context,\r
1908 IN CONST VOID *Data,\r
1909 IN UINTN DataSize\r
1910 );\r
1911\r
3b0e0430
MK		 1912/**\r
1913 Completes computation of the SHA-384 digest value.\r
1914\r
1915 This function completes SHA-384 hash computation and retrieves the digest value into\r
1916 the specified memory. After this function has been called, the SHA-384 context cannot\r
1917 be used again.\r
1918 SHA-384 context should be already correctly initialized by Sha384Init(), and should not be\r
1919 finalized by Sha384Final(). Behavior with invalid SHA-384 context is undefined.\r
1920\r
1921 If Sha384Context is NULL, then return FALSE.\r
1922 If HashValue is NULL, then return FALSE.\r
1923\r
1924 @param[in, out] Sha384Context Pointer to the SHA-384 context.\r
1925 @param[out] HashValue Pointer to a buffer that receives the SHA-384 digest\r
1926 value (48 bytes).\r
1927\r
1928 @retval TRUE SHA-384 digest computation succeeded.\r
1929 @retval FALSE SHA-384 digest computation failed.\r
1930\r
1931**/\r
1932typedef\r
1933BOOLEAN\r
7c342378 1934(EFIAPI *EDKII_CRYPTO_SHA384_FINAL)(\r
3b0e0430
MK		 1935 IN OUT VOID *Sha384Context,\r
1936 OUT UINT8 *HashValue\r
1937 );\r
1938\r
3b0e0430
MK		 1939/**\r
1940 Computes the SHA-384 message digest of a input data buffer.\r
1941\r
1942 This function performs the SHA-384 message digest of a given data buffer, and places\r
1943 the digest value into the specified memory.\r
1944\r
1945 If this interface is not supported, then return FALSE.\r
1946\r
1947 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
1948 @param[in] DataSize Size of Data buffer in bytes.\r
1949 @param[out] HashValue Pointer to a buffer that receives the SHA-384 digest\r
1950 value (48 bytes).\r
1951\r
1952 @retval TRUE SHA-384 digest computation succeeded.\r
1953 @retval FALSE SHA-384 digest computation failed.\r
1954 @retval FALSE This interface is not supported.\r
1955\r
1956**/\r
1957typedef\r
1958BOOLEAN\r
7c342378 1959(EFIAPI *EDKII_CRYPTO_SHA384_HASH_ALL)(\r
3b0e0430
MK		 1960 IN CONST VOID *Data,\r
1961 IN UINTN DataSize,\r
1962 OUT UINT8 *HashValue\r
1963 );\r
1964\r
1965/**\r
1966 Retrieves the size, in bytes, of the context buffer required for SHA-512 hash operations.\r
1967\r
1968 @return The size, in bytes, of the context buffer required for SHA-512 hash operations.\r
1969\r
1970**/\r
1971typedef\r
1972UINTN\r
7c342378 1973(EFIAPI *EDKII_CRYPTO_SHA512_GET_CONTEXT_SIZE)(\r
3b0e0430
MK		 1974 VOID\r
1975 );\r
1976\r
3b0e0430
MK		 1977/**\r
1978 Initializes user-supplied memory pointed by Sha512Context as SHA-512 hash context for\r
1979 subsequent use.\r
1980\r
1981 If Sha512Context is NULL, then return FALSE.\r
1982\r
1983 @param[out] Sha512Context Pointer to SHA-512 context being initialized.\r
1984\r
1985 @retval TRUE SHA-512 context initialization succeeded.\r
1986 @retval FALSE SHA-512 context initialization failed.\r
1987\r
1988**/\r
1989typedef\r
1990BOOLEAN\r
7c342378 1991(EFIAPI *EDKII_CRYPTO_SHA512_INIT)(\r
3b0e0430
MK		 1992 OUT VOID *Sha512Context\r
1993 );\r
1994\r
3b0e0430
MK		 1995/**\r
1996 Makes a copy of an existing SHA-512 context.\r
1997\r
1998 If Sha512Context is NULL, then return FALSE.\r
1999 If NewSha512Context is NULL, then return FALSE.\r
2000 If this interface is not supported, then return FALSE.\r
2001\r
2002 @param[in] Sha512Context Pointer to SHA-512 context being copied.\r
2003 @param[out] NewSha512Context Pointer to new SHA-512 context.\r
2004\r
2005 @retval TRUE SHA-512 context copy succeeded.\r
2006 @retval FALSE SHA-512 context copy failed.\r
2007 @retval FALSE This interface is not supported.\r
2008\r
2009**/\r
2010typedef\r
2011BOOLEAN\r
7c342378 2012(EFIAPI *EDKII_CRYPTO_SHA512_DUPLICATE)(\r
3b0e0430
MK		 2013 IN CONST VOID *Sha512Context,\r
2014 OUT VOID *NewSha512Context\r
2015 );\r
2016\r
2017/**\r
2018 Digests the input data and updates SHA-512 context.\r
2019\r
2020 This function performs SHA-512 digest on a data buffer of the specified size.\r
2021 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
2022 SHA-512 context should be already correctly initialized by Sha512Init(), and should not be finalized\r
2023 by Sha512Final(). Behavior with invalid context is undefined.\r
2024\r
2025 If Sha512Context is NULL, then return FALSE.\r
2026\r
2027 @param[in, out] Sha512Context Pointer to the SHA-512 context.\r
2028 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
2029 @param[in] DataSize Size of Data buffer in bytes.\r
2030\r
2031 @retval TRUE SHA-512 data digest succeeded.\r
2032 @retval FALSE SHA-512 data digest failed.\r
2033\r
2034**/\r
2035typedef\r
2036BOOLEAN\r
7c342378 2037(EFIAPI *EDKII_CRYPTO_SHA512_UPDATE)(\r
3b0e0430
MK		 2038 IN OUT VOID *Sha512Context,\r
2039 IN CONST VOID *Data,\r
2040 IN UINTN DataSize\r
2041 );\r
2042\r
3b0e0430
MK		 2043/**\r
2044 Completes computation of the SHA-512 digest value.\r
2045\r
2046 This function completes SHA-512 hash computation and retrieves the digest value into\r
2047 the specified memory. After this function has been called, the SHA-512 context cannot\r
2048 be used again.\r
2049 SHA-512 context should be already correctly initialized by Sha512Init(), and should not be\r
2050 finalized by Sha512Final(). Behavior with invalid SHA-512 context is undefined.\r
2051\r
2052 If Sha512Context is NULL, then return FALSE.\r
2053 If HashValue is NULL, then return FALSE.\r
2054\r
2055 @param[in, out] Sha512Context Pointer to the SHA-512 context.\r
2056 @param[out] HashValue Pointer to a buffer that receives the SHA-512 digest\r
2057 value (64 bytes).\r
2058\r
2059 @retval TRUE SHA-512 digest computation succeeded.\r
2060 @retval FALSE SHA-512 digest computation failed.\r
2061\r
2062**/\r
2063typedef\r
2064BOOLEAN\r
7c342378 2065(EFIAPI *EDKII_CRYPTO_SHA512_FINAL)(\r
3b0e0430
MK		 2066 IN OUT VOID *Sha512Context,\r
2067 OUT UINT8 *HashValue\r
2068 );\r
2069\r
2070/**\r
2071 Computes the SHA-512 message digest of a input data buffer.\r
2072\r
2073 This function performs the SHA-512 message digest of a given data buffer, and places\r
2074 the digest value into the specified memory.\r
2075\r
2076 If this interface is not supported, then return FALSE.\r
2077\r
2078 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
2079 @param[in] DataSize Size of Data buffer in bytes.\r
2080 @param[out] HashValue Pointer to a buffer that receives the SHA-512 digest\r
2081 value (64 bytes).\r
2082\r
2083 @retval TRUE SHA-512 digest computation succeeded.\r
2084 @retval FALSE SHA-512 digest computation failed.\r
2085 @retval FALSE This interface is not supported.\r
2086\r
2087**/\r
2088typedef\r
2089BOOLEAN\r
7c342378 2090(EFIAPI *EDKII_CRYPTO_SHA512_HASH_ALL)(\r
3b0e0430
MK		 2091 IN CONST VOID *Data,\r
2092 IN UINTN DataSize,\r
2093 OUT UINT8 *HashValue\r
2094 );\r
2095\r
7c342378 2096// ----------------------------------------------------------------------------\r
3b0e0430 2097// X509\r
7c342378 2098// ----------------------------------------------------------------------------\r
3b0e0430
MK		 2099\r
2100/**\r
2101 Retrieve the subject bytes from one X.509 certificate.\r
2102\r
2103 If Cert is NULL, then return FALSE.\r
2104 If SubjectSize is NULL, then return FALSE.\r
2105 If this interface is not supported, then return FALSE.\r
2106\r
2107 @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
2108 @param[in] CertSize Size of the X509 certificate in bytes.\r
2109 @param[out] CertSubject Pointer to the retrieved certificate subject bytes.\r
2110 @param[in, out] SubjectSize The size in bytes of the CertSubject buffer on input,\r
2111 and the size of buffer returned CertSubject on output.\r
2112\r
2113 @retval TRUE The certificate subject retrieved successfully.\r
2114 @retval FALSE Invalid certificate, or the SubjectSize is too small for the result.\r
2115 The SubjectSize will be updated with the required size.\r
2116 @retval FALSE This interface is not supported.\r
2117\r
2118**/\r
2119typedef\r
2120BOOLEAN\r
7c342378 2121(EFIAPI *EDKII_CRYPTO_X509_GET_SUBJECT_NAME)(\r
3b0e0430
MK		 2122 IN CONST UINT8 *Cert,\r
2123 IN UINTN CertSize,\r
2124 OUT UINT8 *CertSubject,\r
2125 IN OUT UINTN *SubjectSize\r
2126 );\r
2127\r
2128/**\r
2129 Retrieve the common name (CN) string from one X.509 certificate.\r
2130\r
2131 @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
2132 @param[in] CertSize Size of the X509 certificate in bytes.\r
2133 @param[out] CommonName Buffer to contain the retrieved certificate common\r
2134 name string (UTF8). At most CommonNameSize bytes will be\r
2135 written and the string will be null terminated. May be\r
2136 NULL in order to determine the size buffer needed.\r
2137 @param[in,out] CommonNameSize The size in bytes of the CommonName buffer on input,\r
2138 and the size of buffer returned CommonName on output.\r
2139 If CommonName is NULL then the amount of space needed\r
2140 in buffer (including the final null) is returned.\r
2141\r
2142 @retval RETURN_SUCCESS The certificate CommonName retrieved successfully.\r
2143 @retval RETURN_INVALID_PARAMETER If Cert is NULL.\r
2144 If CommonNameSize is NULL.\r
2145 If CommonName is not NULL and *CommonNameSize is 0.\r
2146 If Certificate is invalid.\r
2147 @retval RETURN_NOT_FOUND If no CommonName entry exists.\r
2148 @retval RETURN_BUFFER_TOO_SMALL If the CommonName is NULL. The required buffer size\r
2149 (including the final null) is returned in the\r
2150 CommonNameSize parameter.\r
2151 @retval RETURN_UNSUPPORTED The operation is not supported.\r
2152\r
2153**/\r
2154typedef\r
2155EFI_STATUS\r
7c342378 2156(EFIAPI *EDKII_CRYPTO_X509_GET_COMMON_NAME)(\r
3b0e0430
MK		 2157 IN CONST UINT8 *Cert,\r
2158 IN UINTN CertSize,\r
c8f46130 2159 OUT CHAR8 *CommonName OPTIONAL,\r
3b0e0430
MK		 2160 IN OUT UINTN *CommonNameSize\r
2161 );\r
2162\r
2163/**\r
2164 Retrieve the organization name (O) string from one X.509 certificate.\r
2165\r
2166 @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
2167 @param[in] CertSize Size of the X509 certificate in bytes.\r
2168 @param[out] NameBuffer Buffer to contain the retrieved certificate organization\r
2169 name string. At most NameBufferSize bytes will be\r
2170 written and the string will be null terminated. May be\r
2171 NULL in order to determine the size buffer needed.\r
2172 @param[in,out] NameBufferSiz e The size in bytes of the Name buffer on input,\r
2173 and the size of buffer returned Name on output.\r
2174 If NameBuffer is NULL then the amount of space needed\r
2175 in buffer (including the final null) is returned.\r
2176\r
2177 @retval RETURN_SUCCESS The certificate Organization Name retrieved successfully.\r
2178 @retval RETURN_INVALID_PARAMETER If Cert is NULL.\r
2179 If NameBufferSize is NULL.\r
2180 If NameBuffer is not NULL and *CommonNameSize is 0.\r
2181 If Certificate is invalid.\r
2182 @retval RETURN_NOT_FOUND If no Organization Name entry exists.\r
2183 @retval RETURN_BUFFER_TOO_SMALL If the NameBuffer is NULL. The required buffer size\r
2184 (including the final null) is returned in the\r
2185 CommonNameSize parameter.\r
2186 @retval RETURN_UNSUPPORTED The operation is not supported.\r
2187\r
2188**/\r
2189typedef\r
2190EFI_STATUS\r
7c342378 2191(EFIAPI *EDKII_CRYPTO_X509_GET_ORGANIZATION_NAME)(\r
3b0e0430
MK		 2192 IN CONST UINT8 *Cert,\r
2193 IN UINTN CertSize,\r
c8f46130 2194 OUT CHAR8 *NameBuffer OPTIONAL,\r
3b0e0430
MK		 2195 IN OUT UINTN *NameBufferSize\r
2196 );\r
2197\r
2198/**\r
2199 Verify one X509 certificate was issued by the trusted CA.\r
2200\r
2201 If Cert is NULL, then return FALSE.\r
2202 If CACert is NULL, then return FALSE.\r
2203 If this interface is not supported, then return FALSE.\r
2204\r
2205 @param[in] Cert Pointer to the DER-encoded X509 certificate to be verified.\r
2206 @param[in] CertSize Size of the X509 certificate in bytes.\r
2207 @param[in] CACert Pointer to the DER-encoded trusted CA certificate.\r
2208 @param[in] CACertSize Size of the CA Certificate in bytes.\r
2209\r
2210 @retval TRUE The certificate was issued by the trusted CA.\r
2211 @retval FALSE Invalid certificate or the certificate was not issued by the given\r
2212 trusted CA.\r
2213 @retval FALSE This interface is not supported.\r
2214\r
2215**/\r
2216typedef\r
2217BOOLEAN\r
7c342378 2218(EFIAPI *EDKII_CRYPTO_X509_VERIFY_CERT)(\r
3b0e0430
MK		 2219 IN CONST UINT8 *Cert,\r
2220 IN UINTN CertSize,\r
2221 IN CONST UINT8 *CACert,\r
2222 IN UINTN CACertSize\r
2223 );\r
2224\r
2225/**\r
2226 Construct a X509 object from DER-encoded certificate data.\r
2227\r
2228 If Cert is NULL, then return FALSE.\r
2229 If SingleX509Cert is NULL, then return FALSE.\r
2230 If this interface is not supported, then return FALSE.\r
2231\r
2232 @param[in] Cert Pointer to the DER-encoded certificate data.\r
2233 @param[in] CertSize The size of certificate data in bytes.\r
2234 @param[out] SingleX509Cert The generated X509 object.\r
2235\r
2236 @retval TRUE The X509 object generation succeeded.\r
2237 @retval FALSE The operation failed.\r
2238 @retval FALSE This interface is not supported.\r
2239\r
2240**/\r
2241typedef\r
2242BOOLEAN\r
7c342378 2243(EFIAPI *EDKII_CRYPTO_X509_CONSTRUCT_CERTIFICATE)(\r
3b0e0430
MK		 2244 IN CONST UINT8 *Cert,\r
2245 IN UINTN CertSize,\r
2246 OUT UINT8 **SingleX509Cert\r
2247 );\r
2248\r
2249/**\r
2250 Construct a X509 stack object from a list of DER-encoded certificate data.\r
2251\r
2252 If X509Stack is NULL, then return FALSE.\r
2253 If this interface is not supported, then return FALSE.\r
2254\r
2255 @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object.\r
2256 On output, pointer to the X509 stack object with new\r
2257 inserted X509 certificate.\r
2258 @param ... A list of DER-encoded single certificate data followed\r
2259 by certificate size. A NULL terminates the list. The\r
2260 pairs are the arguments to X509ConstructCertificate().\r
2261\r
2262 @retval TRUE The X509 stack construction succeeded.\r
2263 @retval FALSE The construction operation failed.\r
2264 @retval FALSE This interface is not supported.\r
2265\r
2266**/\r
2267typedef\r
2268BOOLEAN\r
7c342378 2269(EFIAPI *EDKII_CRYPTO_X509_CONSTRUCT_CERTIFICATE_STACK)(\r
3b0e0430
MK		 2270 IN OUT UINT8 **X509Stack,\r
2271 ...\r
2272 );\r
2273\r
2274/**\r
2275 Construct a X509 stack object from a list of DER-encoded certificate data.\r
2276\r
2277 If X509Stack is NULL, then return FALSE.\r
2278 If this interface is not supported, then return FALSE.\r
2279\r
2280 @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object.\r
2281 On output, pointer to the X509 stack object with new\r
2282 inserted X509 certificate.\r
2283 @param[in] Args VA_LIST marker for the variable argument list.\r
2284 A list of DER-encoded single certificate data followed\r
2285 by certificate size. A NULL terminates the list. The\r
2286 pairs are the arguments to X509ConstructCertificate().\r
2287\r
2288 @retval TRUE The X509 stack construction succeeded.\r
2289 @retval FALSE The construction operation failed.\r
2290 @retval FALSE This interface is not supported.\r
2291\r
2292**/\r
2293typedef\r
2294BOOLEAN\r
7c342378 2295(EFIAPI *EDKII_CRYPTO_X509_CONSTRUCT_CERTIFICATE_STACK_V)(\r
3b0e0430
MK		 2296 IN OUT UINT8 **X509Stack,\r
2297 IN VA_LIST Args\r
2298 );\r
2299\r
2300/**\r
2301 Release the specified X509 object.\r
2302\r
2303 If the interface is not supported, then ASSERT().\r
2304\r
2305 @param[in] X509Cert Pointer to the X509 object to be released.\r
2306\r
2307**/\r
2308typedef\r
2309VOID\r
7c342378 2310(EFIAPI *EDKII_CRYPTO_X509_FREE)(\r
3b0e0430
MK		 2311 IN VOID *X509Cert\r
2312 );\r
2313\r
2314/**\r
2315 Release the specified X509 stack object.\r
2316\r
2317 If the interface is not supported, then ASSERT().\r
2318\r
2319 @param[in] X509Stack Pointer to the X509 stack object to be released.\r
2320\r
2321**/\r
2322typedef\r
2323VOID\r
7c342378 2324(EFIAPI *EDKII_CRYPTO_X509_STACK_FREE)(\r
3b0e0430
MK		 2325 IN VOID *X509Stack\r
2326 );\r
2327\r
2328/**\r
2329 Retrieve the TBSCertificate from one given X.509 certificate.\r
2330\r
2331 @param[in] Cert Pointer to the given DER-encoded X509 certificate.\r
2332 @param[in] CertSize Size of the X509 certificate in bytes.\r
2333 @param[out] TBSCert DER-Encoded To-Be-Signed certificate.\r
2334 @param[out] TBSCertSize Size of the TBS certificate in bytes.\r
2335\r
2336 If Cert is NULL, then return FALSE.\r
2337 If TBSCert is NULL, then return FALSE.\r
2338 If TBSCertSize is NULL, then return FALSE.\r
2339 If this interface is not supported, then return FALSE.\r
2340\r
2341 @retval TRUE The TBSCertificate was retrieved successfully.\r
2342 @retval FALSE Invalid X.509 certificate.\r
2343\r
2344**/\r
2345typedef\r
2346BOOLEAN\r
7c342378 2347(EFIAPI *EDKII_CRYPTO_X509_GET_TBS_CERT)(\r
3b0e0430
MK		 2348 IN CONST UINT8 *Cert,\r
2349 IN UINTN CertSize,\r
2350 OUT UINT8 **TBSCert,\r
2351 OUT UINTN *TBSCertSize\r
2352 );\r
2353\r
7c342378 2354// =====================================================================================\r
3b0e0430 2355// Symmetric Cryptography Primitive\r
7c342378 2356// =====================================================================================\r
3b0e0430
MK		 2357\r
2358/**\r
b8af2c9e
ZG		 2359 TDES is deprecated and unsupported any longer.\r
2360 Keep the function field for binary compability.\r
3b0e0430
MK		 2361\r
2362**/\r
2363typedef\r
2364UINTN\r
7c342378 2365(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE)(\r
3b0e0430
MK		 2366 VOID\r
2367 );\r
2368\r
3b0e0430
MK		 2369typedef\r
2370BOOLEAN\r
7c342378 2371(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_INIT)(\r
3b0e0430
MK		 2372 OUT VOID *TdesContext,\r
2373 IN CONST UINT8 *Key,\r
2374 IN UINTN KeyLength\r
2375 );\r
2376\r
3b0e0430
MK		 2377typedef\r
2378BOOLEAN\r
7c342378 2379(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_ECB_ENCRYPT)(\r
3b0e0430
MK		 2380 IN VOID *TdesContext,\r
2381 IN CONST UINT8 *Input,\r
2382 IN UINTN InputSize,\r
2383 OUT UINT8 *Output\r
2384 );\r
2385\r
3b0e0430
MK		 2386typedef\r
2387BOOLEAN\r
7c342378 2388(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT)(\r
3b0e0430
MK		 2389 IN VOID *TdesContext,\r
2390 IN CONST UINT8 *Input,\r
2391 IN UINTN InputSize,\r
2392 OUT UINT8 *Output\r
2393 );\r
2394\r
3b0e0430
MK		 2395typedef\r
2396BOOLEAN\r
7c342378 2397(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT)(\r
3b0e0430
MK		 2398 IN VOID *TdesContext,\r
2399 IN CONST UINT8 *Input,\r
2400 IN UINTN InputSize,\r
2401 IN CONST UINT8 *Ivec,\r
2402 OUT UINT8 *Output\r
2403 );\r
2404\r
3b0e0430
MK		 2405typedef\r
2406BOOLEAN\r
7c342378 2407(EFIAPI *DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT)(\r
3b0e0430
MK		 2408 IN VOID *TdesContext,\r
2409 IN CONST UINT8 *Input,\r
2410 IN UINTN InputSize,\r
2411 IN CONST UINT8 *Ivec,\r
2412 OUT UINT8 *Output\r
2413 );\r
2414\r
2415/**\r
2416 Retrieves the size, in bytes, of the context buffer required for AES operations.\r
2417\r
2418 If this interface is not supported, then return zero.\r
2419\r
2420 @return The size, in bytes, of the context buffer required for AES operations.\r
2421 @retval 0 This interface is not supported.\r
2422\r
2423**/\r
2424typedef\r
2425UINTN\r
7c342378 2426(EFIAPI *EDKII_CRYPTO_AES_GET_CONTEXT_SIZE)(\r
3b0e0430
MK		 2427 VOID\r
2428 );\r
2429\r
2430/**\r
2431 Initializes user-supplied memory as AES context for subsequent use.\r
2432\r
2433 This function initializes user-supplied memory pointed by AesContext as AES context.\r
2434 In addition, it sets up all AES key materials for subsequent encryption and decryption\r
2435 operations.\r
2436 There are 3 options for key length, 128 bits, 192 bits, and 256 bits.\r
2437\r
2438 If AesContext is NULL, then return FALSE.\r
2439 If Key is NULL, then return FALSE.\r
2440 If KeyLength is not valid, then return FALSE.\r
2441 If this interface is not supported, then return FALSE.\r
2442\r
2443 @param[out] AesContext Pointer to AES context being initialized.\r
2444 @param[in] Key Pointer to the user-supplied AES key.\r
2445 @param[in] KeyLength Length of AES key in bits.\r
2446\r
2447 @retval TRUE AES context initialization succeeded.\r
2448 @retval FALSE AES context initialization failed.\r
2449 @retval FALSE This interface is not supported.\r
2450\r
2451**/\r
2452typedef\r
2453BOOLEAN\r
7c342378 2454(EFIAPI *EDKII_CRYPTO_AES_INIT)(\r
3b0e0430
MK		 2455 OUT VOID *AesContext,\r
2456 IN CONST UINT8 *Key,\r
2457 IN UINTN KeyLength\r
2458 );\r
2459\r
2460/**\r
80e28dce
ZG		 2461 AES ECB Mode is deprecated and unsupported any longer.\r
2462 Keep the function field for binary compability.\r
3b0e0430
MK		 2463\r
2464**/\r
2465typedef\r
2466BOOLEAN\r
7c342378 2467(EFIAPI *DEPRECATED_EDKII_CRYPTO_AES_ECB_ENCRYPT)(\r
3b0e0430
MK		 2468 IN VOID *AesContext,\r
2469 IN CONST UINT8 *Input,\r
2470 IN UINTN InputSize,\r
2471 OUT UINT8 *Output\r
2472 );\r
2473\r
3b0e0430
MK		 2474typedef\r
2475BOOLEAN\r
7c342378 2476(EFIAPI *DEPRECATED_EDKII_CRYPTO_AES_ECB_DECRYPT)(\r
3b0e0430
MK		 2477 IN VOID *AesContext,\r
2478 IN CONST UINT8 *Input,\r
2479 IN UINTN InputSize,\r
2480 OUT UINT8 *Output\r
2481 );\r
2482\r
2483/**\r
2484 Performs AES encryption on a data buffer of the specified size in CBC mode.\r
2485\r
2486 This function performs AES encryption on data buffer pointed by Input, of specified\r
2487 size of InputSize, in CBC mode.\r
2488 InputSize must be multiple of block size (16 bytes). This function does not perform\r
2489 padding. Caller must perform padding, if necessary, to ensure valid input data size.\r
2490 Initialization vector should be one block size (16 bytes).\r
2491 AesContext should be already correctly initialized by AesInit(). Behavior with\r
2492 invalid AES context is undefined.\r
2493\r
2494 If AesContext is NULL, then return FALSE.\r
2495 If Input is NULL, then return FALSE.\r
2496 If InputSize is not multiple of block size (16 bytes), then return FALSE.\r
2497 If Ivec is NULL, then return FALSE.\r
2498 If Output is NULL, then return FALSE.\r
2499 If this interface is not supported, then return FALSE.\r
2500\r
2501 @param[in] AesContext Pointer to the AES context.\r
2502 @param[in] Input Pointer to the buffer containing the data to be encrypted.\r
2503 @param[in] InputSize Size of the Input buffer in bytes.\r
2504 @param[in] Ivec Pointer to initialization vector.\r
2505 @param[out] Output Pointer to a buffer that receives the AES encryption output.\r
2506\r
2507 @retval TRUE AES encryption succeeded.\r
2508 @retval FALSE AES encryption failed.\r
2509 @retval FALSE This interface is not supported.\r
2510\r
2511**/\r
2512typedef\r
2513BOOLEAN\r
7c342378 2514(EFIAPI *EDKII_CRYPTO_AES_CBC_ENCRYPT)(\r
3b0e0430
MK		 2515 IN VOID *AesContext,\r
2516 IN CONST UINT8 *Input,\r
2517 IN UINTN InputSize,\r
2518 IN CONST UINT8 *Ivec,\r
2519 OUT UINT8 *Output\r
2520 );\r
2521\r
2522/**\r
2523 Performs AES decryption on a data buffer of the specified size in CBC mode.\r
2524\r
2525 This function performs AES decryption on data buffer pointed by Input, of specified\r
2526 size of InputSize, in CBC mode.\r
2527 InputSize must be multiple of block size (16 bytes). This function does not perform\r
2528 padding. Caller must perform padding, if necessary, to ensure valid input data size.\r
2529 Initialization vector should be one block size (16 bytes).\r
2530 AesContext should be already correctly initialized by AesInit(). Behavior with\r
2531 invalid AES context is undefined.\r
2532\r
2533 If AesContext is NULL, then return FALSE.\r
2534 If Input is NULL, then return FALSE.\r
2535 If InputSize is not multiple of block size (16 bytes), then return FALSE.\r
2536 If Ivec is NULL, then return FALSE.\r
2537 If Output is NULL, then return FALSE.\r
2538 If this interface is not supported, then return FALSE.\r
2539\r
2540 @param[in] AesContext Pointer to the AES context.\r
2541 @param[in] Input Pointer to the buffer containing the data to be encrypted.\r
2542 @param[in] InputSize Size of the Input buffer in bytes.\r
2543 @param[in] Ivec Pointer to initialization vector.\r
2544 @param[out] Output Pointer to a buffer that receives the AES encryption output.\r
2545\r
2546 @retval TRUE AES decryption succeeded.\r
2547 @retval FALSE AES decryption failed.\r
2548 @retval FALSE This interface is not supported.\r
2549\r
2550**/\r
2551typedef\r
2552BOOLEAN\r
7c342378 2553(EFIAPI *EDKII_CRYPTO_AES_CBC_DECRYPT)(\r
3b0e0430
MK		 2554 IN VOID *AesContext,\r
2555 IN CONST UINT8 *Input,\r
2556 IN UINTN InputSize,\r
2557 IN CONST UINT8 *Ivec,\r
2558 OUT UINT8 *Output\r
2559 );\r
2560\r
2561/**\r
c22a32e1
ZG		 2562 ARC4 is deprecated and unsupported any longer.\r
2563 Keep the function field for binary compability.\r
3b0e0430
MK		 2564\r
2565**/\r
2566typedef\r
2567UINTN\r
7c342378 2568(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE)(\r
3b0e0430
MK		 2569 VOID\r
2570 );\r
2571\r
3b0e0430
MK		 2572typedef\r
2573BOOLEAN\r
7c342378 2574(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_INIT)(\r
3b0e0430
MK		 2575 OUT VOID *Arc4Context,\r
2576 IN CONST UINT8 *Key,\r
2577 IN UINTN KeySize\r
2578 );\r
2579\r
3b0e0430
MK		 2580typedef\r
2581BOOLEAN\r
7c342378 2582(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_ENCRYPT)(\r
3b0e0430
MK		 2583 IN OUT VOID *Arc4Context,\r
2584 IN CONST UINT8 *Input,\r
2585 IN UINTN InputSize,\r
2586 OUT UINT8 *Output\r
2587 );\r
2588\r
3b0e0430
MK		 2589typedef\r
2590BOOLEAN\r
7c342378 2591(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_DECRYPT)(\r
3b0e0430
MK		 2592 IN OUT VOID *Arc4Context,\r
2593 IN UINT8 *Input,\r
2594 IN UINTN InputSize,\r
2595 OUT UINT8 *Output\r
2596 );\r
2597\r
3b0e0430
MK		 2598typedef\r
2599BOOLEAN\r
7c342378 2600(EFIAPI *DEPRECATED_EDKII_CRYPTO_ARC4_RESET)(\r
3b0e0430
MK		 2601 IN OUT VOID *Arc4Context\r
2602 );\r
2603\r
3b0e0430
MK		 2604/**\r
2605 Retrieves the size, in bytes, of the context buffer required for SM3 hash operations.\r
2606\r
2607 If this interface is not supported, then return zero.\r
2608\r
2609 @return The size, in bytes, of the context buffer required for SM3 hash operations.\r
2610 @retval 0 This interface is not supported.\r
2611\r
2612**/\r
2613typedef\r
2614UINTN\r
7c342378 2615(EFIAPI *EDKII_CRYPTO_SM3_GET_CONTEXT_SIZE)(\r
3b0e0430
MK		 2616 VOID\r
2617 );\r
2618\r
2619/**\r
2620 Initializes user-supplied memory pointed by Sm3Context as SM3 hash context for\r
2621 subsequent use.\r
2622\r
2623 If Sm3Context is NULL, then return FALSE.\r
2624 If this interface is not supported, then return FALSE.\r
2625\r
2626 @param[out] Sm3Context Pointer to SM3 context being initialized.\r
2627\r
2628 @retval TRUE SM3 context initialization succeeded.\r
2629 @retval FALSE SM3 context initialization failed.\r
2630 @retval FALSE This interface is not supported.\r
2631\r
2632**/\r
2633typedef\r
2634BOOLEAN\r
7c342378
MK		 2635(EFIAPI *EDKII_CRYPTO_SM3_INIT)(\r
2636 OUT VOID *Sm3Context\r
2637 );\r
3b0e0430
MK		 2638\r
2639/**\r
2640 Makes a copy of an existing SM3 context.\r
2641\r
2642 If Sm3Context is NULL, then return FALSE.\r
2643 If NewSm3Context is NULL, then return FALSE.\r
2644 If this interface is not supported, then return FALSE.\r
2645\r
2646 @param[in] Sm3Context Pointer to SM3 context being copied.\r
2647 @param[out] NewSm3Context Pointer to new SM3 context.\r
2648\r
2649 @retval TRUE SM3 context copy succeeded.\r
2650 @retval FALSE SM3 context copy failed.\r
2651 @retval FALSE This interface is not supported.\r
2652\r
2653**/\r
2654typedef\r
2655BOOLEAN\r
7c342378
MK		 2656(EFIAPI *EDKII_CRYPTO_SM3_DUPLICATE)(\r
2657 IN CONST VOID *Sm3Context,\r
2658 OUT VOID *NewSm3Context\r
2659 );\r
3b0e0430
MK		 2660\r
2661/**\r
2662 Digests the input data and updates SM3 context.\r
2663\r
2664 This function performs SM3 digest on a data buffer of the specified size.\r
2665 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
2666 SM3 context should be already correctly initialized by Sm3Init(), and should not be finalized\r
2667 by Sm3Final(). Behavior with invalid context is undefined.\r
2668\r
2669 If Sm3Context is NULL, then return FALSE.\r
2670 If this interface is not supported, then return FALSE.\r
2671\r
2672 @param[in, out] Sm3Context Pointer to the SM3 context.\r
2673 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
2674 @param[in] DataSize Size of Data buffer in bytes.\r
2675\r
2676 @retval TRUE SM3 data digest succeeded.\r
2677 @retval FALSE SM3 data digest failed.\r
2678 @retval FALSE This interface is not supported.\r
2679\r
2680**/\r
2681typedef\r
2682BOOLEAN\r
7c342378
MK		 2683(EFIAPI *EDKII_CRYPTO_SM3_UPDATE)(\r
2684 IN OUT VOID *Sm3Context,\r
2685 IN CONST VOID *Data,\r
2686 IN UINTN DataSize\r
2687 );\r
3b0e0430
MK		 2688\r
2689/**\r
2690 Completes computation of the SM3 digest value.\r
2691\r
2692 This function completes SM3 hash computation and retrieves the digest value into\r
2693 the specified memory. After this function has been called, the SM3 context cannot\r
2694 be used again.\r
2695 SM3 context should be already correctly initialized by Sm3Init(), and should not be\r
2696 finalized by Sm3Final(). Behavior with invalid SM3 context is undefined.\r
2697\r
2698 If Sm3Context is NULL, then return FALSE.\r
2699 If HashValue is NULL, then return FALSE.\r
2700 If this interface is not supported, then return FALSE.\r
2701\r
2702 @param[in, out] Sm3Context Pointer to the SM3 context.\r
2703 @param[out] HashValue Pointer to a buffer that receives the SM3 digest\r
2704 value (16 bytes).\r
2705\r
2706 @retval TRUE SM3 digest computation succeeded.\r
2707 @retval FALSE SM3 digest computation failed.\r
2708 @retval FALSE This interface is not supported.\r
2709\r
2710**/\r
2711typedef\r
2712BOOLEAN\r
7c342378
MK		 2713(EFIAPI *EDKII_CRYPTO_SM3_FINAL)(\r
2714 IN OUT VOID *Sm3Context,\r
2715 OUT UINT8 *HashValue\r
2716 );\r
3b0e0430
MK		 2717\r
2718/**\r
2719 Computes the SM3 message digest of a input data buffer.\r
2720\r
2721 This function performs the SM3 message digest of a given data buffer, and places\r
2722 the digest value into the specified memory.\r
2723\r
2724 If this interface is not supported, then return FALSE.\r
2725\r
2726 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
2727 @param[in] DataSize Size of Data buffer in bytes.\r
2728 @param[out] HashValue Pointer to a buffer that receives the SM3 digest\r
2729 value (16 bytes).\r
2730\r
2731 @retval TRUE SM3 digest computation succeeded.\r
2732 @retval FALSE SM3 digest computation failed.\r
2733 @retval FALSE This interface is not supported.\r
2734\r
2735**/\r
2736typedef\r
2737BOOLEAN\r
7c342378
MK		 2738(EFIAPI *EDKII_CRYPTO_SM3_HASH_ALL)(\r
2739 IN CONST VOID *Data,\r
2740 IN UINTN DataSize,\r
2741 OUT UINT8 *HashValue\r
2742 );\r
3b0e0430
MK		 2743\r
2744/**\r
2745 Derive key data using HMAC-SHA256 based KDF.\r
2746\r
2747 @param[in] Key Pointer to the user-supplied key.\r
2748 @param[in] KeySize Key size in bytes.\r
2749 @param[in] Salt Pointer to the salt(non-secret) value.\r
2750 @param[in] SaltSize Salt size in bytes.\r
2751 @param[in] Info Pointer to the application specific info.\r
2752 @param[in] InfoSize Info size in bytes.\r
2753 @param[out] Out Pointer to buffer to receive hkdf value.\r
2754 @param[in] OutSize Size of hkdf bytes to generate.\r
2755\r
2756 @retval TRUE Hkdf generated successfully.\r
2757 @retval FALSE Hkdf generation failed.\r
2758\r
2759**/\r
2760typedef\r
2761BOOLEAN\r
7c342378 2762(EFIAPI *EDKII_CRYPTO_HKDF_SHA_256_EXTRACT_AND_EXPAND)(\r
3b0e0430
MK		 2763 IN CONST UINT8 *Key,\r
2764 IN UINTN KeySize,\r
2765 IN CONST UINT8 *Salt,\r
2766 IN UINTN SaltSize,\r
2767 IN CONST UINT8 *Info,\r
2768 IN UINTN InfoSize,\r
2769 OUT UINT8 *Out,\r
2770 IN UINTN OutSize\r
2771 );\r
2772\r
13364762
QZ		 2773/**\r
2774 Derive SHA256 HMAC-based Extract key Derivation Function (HKDF).\r
2775\r
2776 @param[in] Key Pointer to the user-supplied key.\r
2777 @param[in] KeySize key size in bytes.\r
2778 @param[in] Salt Pointer to the salt(non-secret) value.\r
2779 @param[in] SaltSize salt size in bytes.\r
2780 @param[out] PrkOut Pointer to buffer to receive hkdf value.\r
2781 @param[in] PrkOutSize size of hkdf bytes to generate.\r
2782\r
2783 @retval true Hkdf generated successfully.\r
2784 @retval false Hkdf generation failed.\r
2785\r
2786**/\r
2787typedef\r
2788BOOLEAN\r
2789(EFIAPI *EDKII_CRYPTO_HKDF_SHA_256_EXTRACT)(\r
2790 IN CONST UINT8 *Key,\r
2791 IN UINTN KeySize,\r
2792 IN CONST UINT8 *Salt,\r
2793 IN UINTN SaltSize,\r
2794 OUT UINT8 *PrkOut,\r
2795 UINTN PrkOutSize\r
2796 );\r
2797\r
2798/**\r
2799 Derive SHA256 HMAC-based Expand Key Derivation Function (HKDF).\r
2800\r
2801 @param[in] Prk Pointer to the user-supplied key.\r
2802 @param[in] PrkSize Key size in bytes.\r
2803 @param[in] Info Pointer to the application specific info.\r
2804 @param[in] InfoSize Info size in bytes.\r
2805 @param[out] Out Pointer to buffer to receive hkdf value.\r
2806 @param[in] OutSize Size of hkdf bytes to generate.\r
2807\r
2808 @retval TRUE Hkdf generated successfully.\r
2809 @retval FALSE Hkdf generation failed.\r
2810\r
2811**/\r
2812typedef\r
2813BOOLEAN\r
2814(EFIAPI *EDKII_CRYPTO_HKDF_SHA_256_EXPAND)(\r
2815 IN CONST UINT8 *Prk,\r
2816 IN UINTN PrkSize,\r
2817 IN CONST UINT8 *Info,\r
2818 IN UINTN InfoSize,\r
2819 OUT UINT8 *Out,\r
2820 IN UINTN OutSize\r
2821 );\r
2822\r
2823/**\r
2824 Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).\r
2825\r
2826 @param[in] Key Pointer to the user-supplied key.\r
2827 @param[in] KeySize Key size in bytes.\r
2828 @param[in] Salt Pointer to the salt(non-secret) value.\r
2829 @param[in] SaltSize Salt size in bytes.\r
2830 @param[in] Info Pointer to the application specific info.\r
2831 @param[in] InfoSize Info size in bytes.\r
2832 @param[out] Out Pointer to buffer to receive hkdf value.\r
2833 @param[in] OutSize Size of hkdf bytes to generate.\r
2834\r
2835 @retval TRUE Hkdf generated successfully.\r
2836 @retval FALSE Hkdf generation failed.\r
2837\r
2838**/\r
2839typedef\r
2840BOOLEAN\r
2841(EFIAPI *EDKII_CRYPTO_HKDF_SHA_384_EXTRACT_AND_EXPAND)(\r
2842 IN CONST UINT8 *Key,\r
2843 IN UINTN KeySize,\r
2844 IN CONST UINT8 *Salt,\r
2845 IN UINTN SaltSize,\r
2846 IN CONST UINT8 *Info,\r
2847 IN UINTN InfoSize,\r
2848 OUT UINT8 *Out,\r
2849 IN UINTN OutSize\r
2850 );\r
2851\r
2852/**\r
2853 Derive SHA384 HMAC-based Extract-and-Expand Key Derivation Function (HKDF).\r
2854\r
2855 @param[in] Key Pointer to the user-supplied key.\r
2856 @param[in] KeySize Key size in bytes.\r
2857 @param[in] Salt Pointer to the salt(non-secret) value.\r
2858 @param[in] SaltSize Salt size in bytes.\r
2859 @param[in] Info Pointer to the application specific info.\r
2860 @param[in] InfoSize Info size in bytes.\r
2861 @param[out] Out Pointer to buffer to receive hkdf value.\r
2862 @param[in] OutSize Size of hkdf bytes to generate.\r
2863\r
2864 @retval TRUE Hkdf generated successfully.\r
2865 @retval FALSE Hkdf generation failed.\r
2866\r
2867**/\r
2868typedef\r
2869BOOLEAN\r
2870(EFIAPI *EDKII_CRYPTO_HKDF_SHA_384_EXTRACT)(\r
2871 IN CONST UINT8 *Key,\r
2872 IN UINTN KeySize,\r
2873 IN CONST UINT8 *Salt,\r
2874 IN UINTN SaltSize,\r
2875 OUT UINT8 *PrkOut,\r
2876 UINTN PrkOutSize\r
2877 );\r
2878\r
2879/**\r
2880 Derive SHA384 HMAC-based Expand Key Derivation Function (HKDF).\r
2881\r
2882 @param[in] Prk Pointer to the user-supplied key.\r
2883 @param[in] PrkSize Key size in bytes.\r
2884 @param[in] Info Pointer to the application specific info.\r
2885 @param[in] InfoSize Info size in bytes.\r
2886 @param[out] Out Pointer to buffer to receive hkdf value.\r
2887 @param[in] OutSize Size of hkdf bytes to generate.\r
2888\r
2889 @retval TRUE Hkdf generated successfully.\r
2890 @retval FALSE Hkdf generation failed.\r
2891\r
2892**/\r
2893typedef\r
2894BOOLEAN\r
2895(EFIAPI *EDKII_CRYPTO_HKDF_SHA_384_EXPAND)(\r
2896 IN CONST UINT8 *Prk,\r
2897 IN UINTN PrkSize,\r
2898 IN CONST UINT8 *Info,\r
2899 IN UINTN InfoSize,\r
2900 OUT UINT8 *Out,\r
2901 IN UINTN OutSize\r
2902 );\r
2903\r
3b0e0430
MK		 2904/**\r
2905 Initializes the OpenSSL library.\r
2906\r
2907 This function registers ciphers and digests used directly and indirectly\r
2908 by SSL/TLS, and initializes the readable error messages.\r
2909 This function must be called before any other action takes places.\r
2910\r
2911 @retval TRUE The OpenSSL library has been initialized.\r
2912 @retval FALSE Failed to initialize the OpenSSL library.\r
2913\r
2914**/\r
2915typedef\r
2916BOOLEAN\r
7c342378 2917(EFIAPI *EDKII_CRYPTO_TLS_INITIALIZE)(\r
3b0e0430
MK		 2918 VOID\r
2919 );\r
2920\r
2921/**\r
2922 Free an allocated SSL_CTX object.\r
2923\r
2924 @param[in] TlsCtx Pointer to the SSL_CTX object to be released.\r
2925\r
2926**/\r
2927typedef\r
2928VOID\r
7c342378 2929(EFIAPI *EDKII_CRYPTO_TLS_CTX_FREE)(\r
3b0e0430
MK		 2930 IN VOID *TlsCtx\r
2931 );\r
2932\r
2933/**\r
2934 Creates a new SSL_CTX object as framework to establish TLS/SSL enabled\r
2935 connections.\r
2936\r
2937 @param[in] MajorVer Major Version of TLS/SSL Protocol.\r
2938 @param[in] MinorVer Minor Version of TLS/SSL Protocol.\r
2939\r
2940 @return Pointer to an allocated SSL_CTX object.\r
2941 If the creation failed, TlsCtxNew() returns NULL.\r
2942\r
2943**/\r
2944typedef\r
2945VOID *\r
7c342378 2946(EFIAPI *EDKII_CRYPTO_TLS_CTX_NEW)(\r
3b0e0430
MK		 2947 IN UINT8 MajorVer,\r
2948 IN UINT8 MinorVer\r
2949 );\r
2950\r
2951/**\r
2952 Free an allocated TLS object.\r
2953\r
2954 This function removes the TLS object pointed to by Tls and frees up the\r
2955 allocated memory. If Tls is NULL, nothing is done.\r
2956\r
2957 @param[in] Tls Pointer to the TLS object to be freed.\r
2958\r
2959**/\r
2960typedef\r
2961VOID\r
7c342378 2962(EFIAPI *EDKII_CRYPTO_TLS_FREE)(\r
3b0e0430
MK		 2963 IN VOID *Tls\r
2964 );\r
2965\r
2966/**\r
2967 Create a new TLS object for a connection.\r
2968\r
2969 This function creates a new TLS object for a connection. The new object\r
2970 inherits the setting of the underlying context TlsCtx: connection method,\r
2971 options, verification setting.\r
2972\r
2973 @param[in] TlsCtx Pointer to the SSL_CTX object.\r
2974\r
2975 @return Pointer to an allocated SSL object.\r
2976 If the creation failed, TlsNew() returns NULL.\r
2977\r
2978**/\r
2979typedef\r
2980VOID *\r
7c342378 2981(EFIAPI *EDKII_CRYPTO_TLS_NEW)(\r
3b0e0430
MK		 2982 IN VOID *TlsCtx\r
2983 );\r
2984\r
2985/**\r
2986 Checks if the TLS handshake was done.\r
2987\r
2988 This function will check if the specified TLS handshake was done.\r
2989\r
2990 @param[in] Tls Pointer to the TLS object for handshake state checking.\r
2991\r
2992 @retval TRUE The TLS handshake was done.\r
2993 @retval FALSE The TLS handshake was not done.\r
2994\r
2995**/\r
2996typedef\r
2997BOOLEAN\r
7c342378 2998(EFIAPI *EDKII_CRYPTO_TLS_IN_HANDSHAKE)(\r
3b0e0430
MK		 2999 IN VOID *Tls\r
3000 );\r
3001\r
3002/**\r
3003 Perform a TLS/SSL handshake.\r
3004\r
3005 This function will perform a TLS/SSL handshake.\r
3006\r
3007 @param[in] Tls Pointer to the TLS object for handshake operation.\r
3008 @param[in] BufferIn Pointer to the most recently received TLS Handshake packet.\r
3009 @param[in] BufferInSize Packet size in bytes for the most recently received TLS\r
3010 Handshake packet.\r
3011 @param[out] BufferOut Pointer to the buffer to hold the built packet.\r
3012 @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is\r
3013 the buffer size provided by the caller. On output, it\r
3014 is the buffer size in fact needed to contain the\r
3015 packet.\r
3016\r
3017 @retval EFI_SUCCESS The required TLS packet is built successfully.\r
3018 @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
3019 Tls is NULL.\r
3020 BufferIn is NULL but BufferInSize is NOT 0.\r
3021 BufferInSize is 0 but BufferIn is NOT NULL.\r
3022 BufferOutSize is NULL.\r
3023 BufferOut is NULL if *BufferOutSize is not zero.\r
3024 @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.\r
3025 @retval EFI_ABORTED Something wrong during handshake.\r
3026\r
3027**/\r
3028typedef\r
3029EFI_STATUS\r
7c342378 3030(EFIAPI *EDKII_CRYPTO_TLS_DO_HANDSHAKE)(\r
3b0e0430 3031 IN VOID *Tls,\r
c8f46130
MK		 3032 IN UINT8 *BufferIn OPTIONAL,\r
3033 IN UINTN BufferInSize OPTIONAL,\r
7c342378 3034 OUT UINT8 *BufferOut OPTIONAL,\r
3b0e0430
MK		 3035 IN OUT UINTN *BufferOutSize\r
3036 );\r
3037\r
3038/**\r
3039 Handle Alert message recorded in BufferIn. If BufferIn is NULL and BufferInSize is zero,\r
3040 TLS session has errors and the response packet needs to be Alert message based on error type.\r
3041\r
3042 @param[in] Tls Pointer to the TLS object for state checking.\r
3043 @param[in] BufferIn Pointer to the most recently received TLS Alert packet.\r
3044 @param[in] BufferInSize Packet size in bytes for the most recently received TLS\r
3045 Alert packet.\r
3046 @param[out] BufferOut Pointer to the buffer to hold the built packet.\r
3047 @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is\r
3048 the buffer size provided by the caller. On output, it\r
3049 is the buffer size in fact needed to contain the\r
3050 packet.\r
3051\r
3052 @retval EFI_SUCCESS The required TLS packet is built successfully.\r
3053 @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
3054 Tls is NULL.\r
3055 BufferIn is NULL but BufferInSize is NOT 0.\r
3056 BufferInSize is 0 but BufferIn is NOT NULL.\r
3057 BufferOutSize is NULL.\r
3058 BufferOut is NULL if *BufferOutSize is not zero.\r
3059 @retval EFI_ABORTED An error occurred.\r
3060 @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.\r
3061\r
3062**/\r
3063typedef\r
3064EFI_STATUS\r
7c342378 3065(EFIAPI *EDKII_CRYPTO_TLS_HANDLE_ALERT)(\r
3b0e0430 3066 IN VOID *Tls,\r
c8f46130
MK		 3067 IN UINT8 *BufferIn OPTIONAL,\r
3068 IN UINTN BufferInSize OPTIONAL,\r
7c342378 3069 OUT UINT8 *BufferOut OPTIONAL,\r
3b0e0430
MK		 3070 IN OUT UINTN *BufferOutSize\r
3071 );\r
3072\r
3073/**\r
3074 Build the CloseNotify packet.\r
3075\r
3076 @param[in] Tls Pointer to the TLS object for state checking.\r
3077 @param[in, out] Buffer Pointer to the buffer to hold the built packet.\r
3078 @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is\r
3079 the buffer size provided by the caller. On output, it\r
3080 is the buffer size in fact needed to contain the\r
3081 packet.\r
3082\r
3083 @retval EFI_SUCCESS The required TLS packet is built successfully.\r
3084 @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
3085 Tls is NULL.\r
3086 BufferSize is NULL.\r
3087 Buffer is NULL if *BufferSize is not zero.\r
3088 @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.\r
3089\r
3090**/\r
3091typedef\r
3092EFI_STATUS\r
7c342378 3093(EFIAPI *EDKII_CRYPTO_TLS_CLOSE_NOTIFY)(\r
3b0e0430
MK		 3094 IN VOID *Tls,\r
3095 IN OUT UINT8 *Buffer,\r
3096 IN OUT UINTN *BufferSize\r
3097 );\r
3098\r
3099/**\r
3100 Attempts to read bytes from one TLS object and places the data in Buffer.\r
3101\r
3102 This function will attempt to read BufferSize bytes from the TLS object\r
3103 and places the data in Buffer.\r
3104\r
3105 @param[in] Tls Pointer to the TLS object.\r
3106 @param[in,out] Buffer Pointer to the buffer to store the data.\r
3107 @param[in] BufferSize The size of Buffer in bytes.\r
3108\r
3109 @retval >0 The amount of data successfully read from the TLS object.\r
3110 @retval <=0 No data was successfully read.\r
3111\r
3112**/\r
3113typedef\r
3114INTN\r
7c342378 3115(EFIAPI *EDKII_CRYPTO_TLS_CTRL_TRAFFIC_OUT)(\r
3b0e0430
MK		 3116 IN VOID *Tls,\r
3117 IN OUT VOID *Buffer,\r
3118 IN UINTN BufferSize\r
3119 );\r
3120\r
3121/**\r
3122 Attempts to write data from the buffer to TLS object.\r
3123\r
3124 This function will attempt to write BufferSize bytes data from the Buffer\r
3125 to the TLS object.\r
3126\r
3127 @param[in] Tls Pointer to the TLS object.\r
3128 @param[in] Buffer Pointer to the data buffer.\r
3129 @param[in] BufferSize The size of Buffer in bytes.\r
3130\r
3131 @retval >0 The amount of data successfully written to the TLS object.\r
3132 @retval <=0 No data was successfully written.\r
3133\r
3134**/\r
3135typedef\r
3136INTN\r
7c342378 3137(EFIAPI *EDKII_CRYPTO_TLS_CTRL_TRAFFIC_IN)(\r
3b0e0430
MK		 3138 IN VOID *Tls,\r
3139 IN VOID *Buffer,\r
3140 IN UINTN BufferSize\r
3141 );\r
3142\r
3143/**\r
3144 Attempts to read bytes from the specified TLS connection into the buffer.\r
3145\r
3146 This function tries to read BufferSize bytes data from the specified TLS\r
3147 connection into the Buffer.\r
3148\r
3149 @param[in] Tls Pointer to the TLS connection for data reading.\r
3150 @param[in,out] Buffer Pointer to the data buffer.\r
3151 @param[in] BufferSize The size of Buffer in bytes.\r
3152\r
3153 @retval >0 The read operation was successful, and return value is the\r
3154 number of bytes actually read from the TLS connection.\r
3155 @retval <=0 The read operation was not successful.\r
3156\r
3157**/\r
3158typedef\r
3159INTN\r
7c342378 3160(EFIAPI *EDKII_CRYPTO_TLS_READ)(\r
3b0e0430
MK		 3161 IN VOID *Tls,\r
3162 IN OUT VOID *Buffer,\r
3163 IN UINTN BufferSize\r
3164 );\r
3165\r
3166/**\r
3167 Attempts to write data to a TLS connection.\r
3168\r
3169 This function tries to write BufferSize bytes data from the Buffer into the\r
3170 specified TLS connection.\r
3171\r
3172 @param[in] Tls Pointer to the TLS connection for data writing.\r
3173 @param[in] Buffer Pointer to the data buffer.\r
3174 @param[in] BufferSize The size of Buffer in bytes.\r
3175\r
3176 @retval >0 The write operation was successful, and return value is the\r
3177 number of bytes actually written to the TLS connection.\r
3178 @retval <=0 The write operation was not successful.\r
3179\r
3180**/\r
3181typedef\r
3182INTN\r
7c342378 3183(EFIAPI *EDKII_CRYPTO_TLS_WRITE)(\r
3b0e0430
MK		 3184 IN VOID *Tls,\r
3185 IN VOID *Buffer,\r
3186 IN UINTN BufferSize\r
3187 );\r
3188\r
3189/**\r
3190 Set a new TLS/SSL method for a particular TLS object.\r
3191\r
3192 This function sets a new TLS/SSL method for a particular TLS object.\r
3193\r
3194 @param[in] Tls Pointer to a TLS object.\r
3195 @param[in] MajorVer Major Version of TLS/SSL Protocol.\r
3196 @param[in] MinorVer Minor Version of TLS/SSL Protocol.\r
3197\r
3198 @retval EFI_SUCCESS The TLS/SSL method was set successfully.\r
3199 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
3200 @retval EFI_UNSUPPORTED Unsupported TLS/SSL method.\r
3201\r
3202**/\r
3203typedef\r
3204EFI_STATUS\r
7c342378 3205(EFIAPI *EDKII_CRYPTO_TLS_SET_VERSION)(\r
3b0e0430
MK		 3206 IN VOID *Tls,\r
3207 IN UINT8 MajorVer,\r
3208 IN UINT8 MinorVer\r
3209 );\r
3210\r
3211/**\r
3212 Set TLS object to work in client or server mode.\r
3213\r
3214 This function prepares a TLS object to work in client or server mode.\r
3215\r
3216 @param[in] Tls Pointer to a TLS object.\r
3217 @param[in] IsServer Work in server mode.\r
3218\r
3219 @retval EFI_SUCCESS The TLS/SSL work mode was set successfully.\r
3220 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
3221 @retval EFI_UNSUPPORTED Unsupported TLS/SSL work mode.\r
3222\r
3223**/\r
3224typedef\r
3225EFI_STATUS\r
7c342378 3226(EFIAPI *EDKII_CRYPTO_TLS_SET_CONNECTION_END)(\r
3b0e0430
MK		 3227 IN VOID *Tls,\r
3228 IN BOOLEAN IsServer\r
3229 );\r
3230\r
3231/**\r
3232 Set the ciphers list to be used by the TLS object.\r
3233\r
3234 This function sets the ciphers for use by a specified TLS object.\r
3235\r
3236 @param[in] Tls Pointer to a TLS object.\r
3237 @param[in] CipherId Array of UINT16 cipher identifiers. Each UINT16\r
3238 cipher identifier comes from the TLS Cipher Suite\r
3239 Registry of the IANA, interpreting Byte1 and Byte2\r
3240 in network (big endian) byte order.\r
3241 @param[in] CipherNum The number of cipher in the list.\r
3242\r
3243 @retval EFI_SUCCESS The ciphers list was set successfully.\r
3244 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
3245 @retval EFI_UNSUPPORTED No supported TLS cipher was found in CipherId.\r
3246 @retval EFI_OUT_OF_RESOURCES Memory allocation failed.\r
3247\r
3248**/\r
3249typedef\r
3250EFI_STATUS\r
7c342378 3251(EFIAPI *EDKII_CRYPTO_TLS_SET_CIPHER_LIST)(\r
3b0e0430
MK		 3252 IN VOID *Tls,\r
3253 IN UINT16 *CipherId,\r
3254 IN UINTN CipherNum\r
3255 );\r
3256\r
3257/**\r
3258 Set the compression method for TLS/SSL operations.\r
3259\r
3260 This function handles TLS/SSL integrated compression methods.\r
3261\r
3262 @param[in] CompMethod The compression method ID.\r
3263\r
3264 @retval EFI_SUCCESS The compression method for the communication was\r
3265 set successfully.\r
3266 @retval EFI_UNSUPPORTED Unsupported compression method.\r
3267\r
3268**/\r
3269typedef\r
3270EFI_STATUS\r
7c342378 3271(EFIAPI *EDKII_CRYPTO_TLS_SET_COMPRESSION_METHOD)(\r
3b0e0430
MK		 3272 IN UINT8 CompMethod\r
3273 );\r
3274\r
3275/**\r
3276 Set peer certificate verification mode for the TLS connection.\r
3277\r
3278 This function sets the verification mode flags for the TLS connection.\r
3279\r
3280 @param[in] Tls Pointer to the TLS object.\r
3281 @param[in] VerifyMode A set of logically or'ed verification mode flags.\r
3282\r
3283**/\r
3284typedef\r
3285VOID\r
7c342378 3286(EFIAPI *EDKII_CRYPTO_TLS_SET_VERIFY)(\r
3b0e0430
MK		 3287 IN VOID *Tls,\r
3288 IN UINT32 VerifyMode\r
3289 );\r
3290\r
3291/**\r
3292 Set the specified host name to be verified.\r
3293\r
3294 @param[in] Tls Pointer to the TLS object.\r
3295 @param[in] Flags The setting flags during the validation.\r
3296 @param[in] HostName The specified host name to be verified.\r
3297\r
3298 @retval EFI_SUCCESS The HostName setting was set successfully.\r
3299 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
3300 @retval EFI_ABORTED Invalid HostName setting.\r
3301\r
3302**/\r
3303typedef\r
3304EFI_STATUS\r
7c342378 3305(EFIAPI *EDKII_CRYPTO_TLS_SET_VERIFY_HOST)(\r
3b0e0430
MK		 3306 IN VOID *Tls,\r
3307 IN UINT32 Flags,\r
3308 IN CHAR8 *HostName\r
3309 );\r
3310\r
3311/**\r
3312 Sets a TLS/SSL session ID to be used during TLS/SSL connect.\r
3313\r
3314 This function sets a session ID to be used when the TLS/SSL connection is\r
3315 to be established.\r
3316\r
3317 @param[in] Tls Pointer to the TLS object.\r
3318 @param[in] SessionId Session ID data used for session resumption.\r
3319 @param[in] SessionIdLen Length of Session ID in bytes.\r
3320\r
3321 @retval EFI_SUCCESS Session ID was set successfully.\r
3322 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
3323 @retval EFI_UNSUPPORTED No available session for ID setting.\r
3324\r
3325**/\r
3326typedef\r
3327EFI_STATUS\r
7c342378 3328(EFIAPI *EDKII_CRYPTO_TLS_SET_SESSIONID)(\r
3b0e0430
MK		 3329 IN VOID *Tls,\r
3330 IN UINT8 *SessionId,\r
3331 IN UINT16 SessionIdLen\r
3332 );\r
3333\r
3334/**\r
3335 Adds the CA to the cert store when requesting Server or Client authentication.\r
3336\r
3337 This function adds the CA certificate to the list of CAs when requesting\r
3338 Server or Client authentication for the chosen TLS connection.\r
3339\r
3340 @param[in] Tls Pointer to the TLS object.\r
3341 @param[in] Data Pointer to the data buffer of a DER-encoded binary\r
3342 X.509 certificate or PEM-encoded X.509 certificate.\r
3343 @param[in] DataSize The size of data buffer in bytes.\r
3344\r
3345 @retval EFI_SUCCESS The operation succeeded.\r
3346 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
3347 @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.\r
3348 @retval EFI_ABORTED Invalid X.509 certificate.\r
3349\r
3350**/\r
3351typedef\r
3352EFI_STATUS\r
7c342378 3353(EFIAPI *EDKII_CRYPTO_TLS_SET_CA_CERTIFICATE)(\r
3b0e0430
MK		 3354 IN VOID *Tls,\r
3355 IN VOID *Data,\r
3356 IN UINTN DataSize\r
3357 );\r
3358\r
3359/**\r
3360 Loads the local public certificate into the specified TLS object.\r
3361\r
3362 This function loads the X.509 certificate into the specified TLS object\r
3363 for TLS negotiation.\r
3364\r
3365 @param[in] Tls Pointer to the TLS object.\r
3366 @param[in] Data Pointer to the data buffer of a DER-encoded binary\r
3367 X.509 certificate or PEM-encoded X.509 certificate.\r
3368 @param[in] DataSize The size of data buffer in bytes.\r
3369\r
3370 @retval EFI_SUCCESS The operation succeeded.\r
3371 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
3372 @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.\r
3373 @retval EFI_ABORTED Invalid X.509 certificate.\r
3374\r
3375**/\r
3376typedef\r
3377EFI_STATUS\r
7c342378 3378(EFIAPI *EDKII_CRYPTO_TLS_SET_HOST_PUBLIC_CERT)(\r
3b0e0430
MK		 3379 IN VOID *Tls,\r
3380 IN VOID *Data,\r
3381 IN UINTN DataSize\r
3382 );\r
3383\r
3384/**\r
3385 Adds the local private key to the specified TLS object.\r
3386\r
3387 This function adds the local private key (PEM-encoded RSA or PKCS#8 private\r
3388 key) into the specified TLS object for TLS negotiation.\r
3389\r
3390 @param[in] Tls Pointer to the TLS object.\r
3391 @param[in] Data Pointer to the data buffer of a PEM-encoded RSA\r
3392 or PKCS#8 private key.\r
3393 @param[in] DataSize The size of data buffer in bytes.\r
3394\r
3395 @retval EFI_SUCCESS The operation succeeded.\r
3396 @retval EFI_UNSUPPORTED This function is not supported.\r
3397 @retval EFI_ABORTED Invalid private key data.\r
3398\r
3399**/\r
3400typedef\r
3401EFI_STATUS\r
7c342378 3402(EFIAPI *EDKII_CRYPTO_TLS_SET_HOST_PRIVATE_KEY)(\r
3b0e0430
MK		 3403 IN VOID *Tls,\r
3404 IN VOID *Data,\r
3405 IN UINTN DataSize\r
3406 );\r
3407\r
3408/**\r
3409 Adds the CA-supplied certificate revocation list for certificate validation.\r
3410\r
3411 This function adds the CA-supplied certificate revocation list data for\r
3412 certificate validity checking.\r
3413\r
3414 @param[in] Data Pointer to the data buffer of a DER-encoded CRL data.\r
3415 @param[in] DataSize The size of data buffer in bytes.\r
3416\r
3417 @retval EFI_SUCCESS The operation succeeded.\r
3418 @retval EFI_UNSUPPORTED This function is not supported.\r
3419 @retval EFI_ABORTED Invalid CRL data.\r
3420\r
3421**/\r
3422typedef\r
3423EFI_STATUS\r
7c342378 3424(EFIAPI *EDKII_CRYPTO_TLS_SET_CERT_REVOCATION_LIST)(\r
3b0e0430
MK		 3425 IN VOID *Data,\r
3426 IN UINTN DataSize\r
3427 );\r
3428\r
3429/**\r
3430 Gets the protocol version used by the specified TLS connection.\r
3431\r
3432 This function returns the protocol version used by the specified TLS\r
3433 connection.\r
3434\r
3435 If Tls is NULL, then ASSERT().\r
3436\r
3437 @param[in] Tls Pointer to the TLS object.\r
3438\r
3439 @return The protocol version of the specified TLS connection.\r
3440\r
3441**/\r
3442typedef\r
3443UINT16\r
7c342378 3444(EFIAPI *EDKII_CRYPTO_TLS_GET_VERSION)(\r
3b0e0430
MK		 3445 IN VOID *Tls\r
3446 );\r
3447\r
3448/**\r
3449 Gets the connection end of the specified TLS connection.\r
3450\r
3451 This function returns the connection end (as client or as server) used by\r
3452 the specified TLS connection.\r
3453\r
3454 If Tls is NULL, then ASSERT().\r
3455\r
3456 @param[in] Tls Pointer to the TLS object.\r
3457\r
3458 @return The connection end used by the specified TLS connection.\r
3459\r
3460**/\r
3461typedef\r
3462UINT8\r
7c342378 3463(EFIAPI *EDKII_CRYPTO_TLS_GET_CONNECTION_END)(\r
3b0e0430
MK		 3464 IN VOID *Tls\r
3465 );\r
3466\r
3467/**\r
3468 Gets the cipher suite used by the specified TLS connection.\r
3469\r
3470 This function returns current cipher suite used by the specified\r
3471 TLS connection.\r
3472\r
3473 @param[in] Tls Pointer to the TLS object.\r
3474 @param[in,out] CipherId The cipher suite used by the TLS object.\r
3475\r
3476 @retval EFI_SUCCESS The cipher suite was returned successfully.\r
3477 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
3478 @retval EFI_UNSUPPORTED Unsupported cipher suite.\r
3479\r
3480**/\r
3481typedef\r
3482EFI_STATUS\r
7c342378 3483(EFIAPI *EDKII_CRYPTO_TLS_GET_CURRENT_CIPHER)(\r
3b0e0430
MK		 3484 IN VOID *Tls,\r
3485 IN OUT UINT16 *CipherId\r
3486 );\r
3487\r
3488/**\r
3489 Gets the compression methods used by the specified TLS connection.\r
3490\r
3491 This function returns current integrated compression methods used by\r
3492 the specified TLS connection.\r
3493\r
3494 @param[in] Tls Pointer to the TLS object.\r
3495 @param[in,out] CompressionId The current compression method used by\r
3496 the TLS object.\r
3497\r
3498 @retval EFI_SUCCESS The compression method was returned successfully.\r
3499 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
3500 @retval EFI_ABORTED Invalid Compression method.\r
3501 @retval EFI_UNSUPPORTED This function is not supported.\r
3502\r
3503**/\r
3504typedef\r
3505EFI_STATUS\r
7c342378 3506(EFIAPI *EDKII_CRYPTO_TLS_GET_CURRENT_COMPRESSION_ID)(\r
3b0e0430
MK		 3507 IN VOID *Tls,\r
3508 IN OUT UINT8 *CompressionId\r
3509 );\r
3510\r
3511/**\r
3512 Gets the verification mode currently set in the TLS connection.\r
3513\r
3514 This function returns the peer verification mode currently set in the\r
3515 specified TLS connection.\r
3516\r
3517 If Tls is NULL, then ASSERT().\r
3518\r
3519 @param[in] Tls Pointer to the TLS object.\r
3520\r
3521 @return The verification mode set in the specified TLS connection.\r
3522\r
3523**/\r
3524typedef\r
3525UINT32\r
7c342378 3526(EFIAPI *EDKII_CRYPTO_TLS_GET_VERIFY)(\r
3b0e0430
MK		 3527 IN VOID *Tls\r
3528 );\r
3529\r
3530/**\r
3531 Gets the session ID used by the specified TLS connection.\r
3532\r
3533 This function returns the TLS/SSL session ID currently used by the\r
3534 specified TLS connection.\r
3535\r
3536 @param[in] Tls Pointer to the TLS object.\r
3537 @param[in,out] SessionId Buffer to contain the returned session ID.\r
3538 @param[in,out] SessionIdLen The length of Session ID in bytes.\r
3539\r
3540 @retval EFI_SUCCESS The Session ID was returned successfully.\r
3541 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
3542 @retval EFI_UNSUPPORTED Invalid TLS/SSL session.\r
3543\r
3544**/\r
3545typedef\r
3546EFI_STATUS\r
7c342378 3547(EFIAPI *EDKII_CRYPTO_TLS_GET_SESSION_ID)(\r
3b0e0430
MK		 3548 IN VOID *Tls,\r
3549 IN OUT UINT8 *SessionId,\r
3550 IN OUT UINT16 *SessionIdLen\r
3551 );\r
3552\r
3553/**\r
3554 Gets the client random data used in the specified TLS connection.\r
3555\r
3556 This function returns the TLS/SSL client random data currently used in\r
3557 the specified TLS connection.\r
3558\r
3559 @param[in] Tls Pointer to the TLS object.\r
3560 @param[in,out] ClientRandom Buffer to contain the returned client\r
3561 random data (32 bytes).\r
3562\r
3563**/\r
3564typedef\r
3565VOID\r
7c342378 3566(EFIAPI *EDKII_CRYPTO_TLS_GET_CLIENT_RANDOM)(\r
3b0e0430
MK		 3567 IN VOID *Tls,\r
3568 IN OUT UINT8 *ClientRandom\r
3569 );\r
3570\r
3571/**\r
3572 Gets the server random data used in the specified TLS connection.\r
3573\r
3574 This function returns the TLS/SSL server random data currently used in\r
3575 the specified TLS connection.\r
3576\r
3577 @param[in] Tls Pointer to the TLS object.\r
3578 @param[in,out] ServerRandom Buffer to contain the returned server\r
3579 random data (32 bytes).\r
3580\r
3581**/\r
3582typedef\r
3583VOID\r
7c342378 3584(EFIAPI *EDKII_CRYPTO_TLS_GET_SERVER_RANDOM)(\r
3b0e0430
MK		 3585 IN VOID *Tls,\r
3586 IN OUT UINT8 *ServerRandom\r
3587 );\r
3588\r
3589/**\r
3590 Gets the master key data used in the specified TLS connection.\r
3591\r
3592 This function returns the TLS/SSL master key material currently used in\r
3593 the specified TLS connection.\r
3594\r
3595 @param[in] Tls Pointer to the TLS object.\r
3596 @param[in,out] KeyMaterial Buffer to contain the returned key material.\r
3597\r
3598 @retval EFI_SUCCESS Key material was returned successfully.\r
3599 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
3600 @retval EFI_UNSUPPORTED Invalid TLS/SSL session.\r
3601\r
3602**/\r
3603typedef\r
3604EFI_STATUS\r
7c342378 3605(EFIAPI *EDKII_CRYPTO_TLS_GET_KEY_MATERIAL)(\r
3b0e0430
MK		 3606 IN VOID *Tls,\r
3607 IN OUT UINT8 *KeyMaterial\r
3608 );\r
3609\r
3610/**\r
3611 Gets the CA Certificate from the cert store.\r
3612\r
3613 This function returns the CA certificate for the chosen\r
3614 TLS connection.\r
3615\r
3616 @param[in] Tls Pointer to the TLS object.\r
3617 @param[out] Data Pointer to the data buffer to receive the CA\r
3618 certificate data sent to the client.\r
3619 @param[in,out] DataSize The size of data buffer in bytes.\r
3620\r
3621 @retval EFI_SUCCESS The operation succeeded.\r
3622 @retval EFI_UNSUPPORTED This function is not supported.\r
3623 @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r
3624\r
3625**/\r
3626typedef\r
3627EFI_STATUS\r
7c342378 3628(EFIAPI *EDKII_CRYPTO_TLS_GET_CA_CERTIFICATE)(\r
3b0e0430
MK		 3629 IN VOID *Tls,\r
3630 OUT VOID *Data,\r
3631 IN OUT UINTN *DataSize\r
3632 );\r
3633\r
3634/**\r
3635 Gets the local public Certificate set in the specified TLS object.\r
3636\r
3637 This function returns the local public certificate which was currently set\r
3638 in the specified TLS object.\r
3639\r
3640 @param[in] Tls Pointer to the TLS object.\r
3641 @param[out] Data Pointer to the data buffer to receive the local\r
3642 public certificate.\r
3643 @param[in,out] DataSize The size of data buffer in bytes.\r
3644\r
3645 @retval EFI_SUCCESS The operation succeeded.\r
3646 @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
3647 @retval EFI_NOT_FOUND The certificate is not found.\r
3648 @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r
3649\r
3650**/\r
3651typedef\r
3652EFI_STATUS\r
7c342378 3653(EFIAPI *EDKII_CRYPTO_TLS_GET_HOST_PUBLIC_CERT)(\r
3b0e0430
MK		 3654 IN VOID *Tls,\r
3655 OUT VOID *Data,\r
3656 IN OUT UINTN *DataSize\r
3657 );\r
3658\r
3659/**\r
3660 Gets the local private key set in the specified TLS object.\r
3661\r
3662 This function returns the local private key data which was currently set\r
3663 in the specified TLS object.\r
3664\r
3665 @param[in] Tls Pointer to the TLS object.\r
3666 @param[out] Data Pointer to the data buffer to receive the local\r
3667 private key data.\r
3668 @param[in,out] DataSize The size of data buffer in bytes.\r
3669\r
3670 @retval EFI_SUCCESS The operation succeeded.\r
3671 @retval EFI_UNSUPPORTED This function is not supported.\r
3672 @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r
3673\r
3674**/\r
3675typedef\r
3676EFI_STATUS\r
7c342378 3677(EFIAPI *EDKII_CRYPTO_TLS_GET_HOST_PRIVATE_KEY)(\r
3b0e0430
MK		 3678 IN VOID *Tls,\r
3679 OUT VOID *Data,\r
3680 IN OUT UINTN *DataSize\r
3681 );\r
3682\r
3683/**\r
3684 Gets the CA-supplied certificate revocation list data set in the specified\r
3685 TLS object.\r
3686\r
3687 This function returns the CA-supplied certificate revocation list data which\r
3688 was currently set in the specified TLS object.\r
3689\r
3690 @param[out] Data Pointer to the data buffer to receive the CRL data.\r
3691 @param[in,out] DataSize The size of data buffer in bytes.\r
3692\r
3693 @retval EFI_SUCCESS The operation succeeded.\r
3694 @retval EFI_UNSUPPORTED This function is not supported.\r
3695 @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r
3696\r
3697**/\r
3698typedef\r
3699EFI_STATUS\r
7c342378 3700(EFIAPI *EDKII_CRYPTO_TLS_GET_CERT_REVOCATION_LIST)(\r
3b0e0430
MK		 3701 OUT VOID *DATA,\r
3702 IN OUT UINTN *DataSize\r
3703 );\r
3704\r
22ac5cc9
SA		 3705/**\r
3706 Carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme.\r
3707\r
3708 This function carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme defined in\r
3709 RFC 8017.\r
3710 Mask generation function is the same as the message digest algorithm.\r
3711 If the Signature buffer is too small to hold the contents of signature, FALSE\r
3712 is returned and SigSize is set to the required buffer size to obtain the signature.\r
3713\r
3714 If RsaContext is NULL, then return FALSE.\r
3715 If Message is NULL, then return FALSE.\r
3716 If MsgSize is zero or > INT_MAX, then return FALSE.\r
3717 If DigestLen is NOT 32, 48 or 64, return FALSE.\r
20ca5288 3718 If SaltLen is not equal to DigestLen, then return FALSE.\r
22ac5cc9
SA		 3719 If SigSize is large enough but Signature is NULL, then return FALSE.\r
3720 If this interface is not supported, then return FALSE.\r
3721\r
3722 @param[in] RsaContext Pointer to RSA context for signature generation.\r
3723 @param[in] Message Pointer to octet message to be signed.\r
3724 @param[in] MsgSize Size of the message in bytes.\r
3725 @param[in] DigestLen Length of the digest in bytes to be used for RSA signature operation.\r
3726 @param[in] SaltLen Length of the salt in bytes to be used for PSS encoding.\r
3727 @param[out] Signature Pointer to buffer to receive RSA PSS signature.\r
3728 @param[in, out] SigSize On input, the size of Signature buffer in bytes.\r
3729 On output, the size of data returned in Signature buffer in bytes.\r
3730\r
3731 @retval TRUE Signature successfully generated in RSASSA-PSS.\r
3732 @retval FALSE Signature generation failed.\r
3733 @retval FALSE SigSize is too small.\r
3734 @retval FALSE This interface is not supported.\r
3735\r
3736**/\r
3737typedef\r
3738BOOLEAN\r
7c342378 3739(EFIAPI *EDKII_CRYPTO_RSA_PSS_SIGN)(\r
22ac5cc9
SA		 3740 IN VOID *RsaContext,\r
3741 IN CONST UINT8 *Message,\r
3742 IN UINTN MsgSize,\r
3743 IN UINT16 DigestLen,\r
3744 IN UINT16 SaltLen,\r
3745 OUT UINT8 *Signature,\r
3746 IN OUT UINTN *SigSize\r
3747 );\r
3748\r
3749/**\r
3750 Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017.\r
3751 Implementation determines salt length automatically from the signature encoding.\r
3752 Mask generation function is the same as the message digest algorithm.\r
20ca5288 3753 Salt length should be equal to digest length.\r
22ac5cc9
SA		 3754\r
3755 @param[in] RsaContext Pointer to RSA context for signature verification.\r
3756 @param[in] Message Pointer to octet message to be verified.\r
3757 @param[in] MsgSize Size of the message in bytes.\r
3758 @param[in] Signature Pointer to RSASSA-PSS signature to be verified.\r
3759 @param[in] SigSize Size of signature in bytes.\r
3760 @param[in] DigestLen Length of digest for RSA operation.\r
3761 @param[in] SaltLen Salt length for PSS encoding.\r
3762\r
3763 @retval TRUE Valid signature encoded in RSASSA-PSS.\r
3764 @retval FALSE Invalid signature or invalid RSA context.\r
3765\r
3766**/\r
3767typedef\r
3768BOOLEAN\r
7c342378 3769(EFIAPI *EDKII_CRYPTO_RSA_PSS_VERIFY)(\r
22ac5cc9
SA		 3770 IN VOID *RsaContext,\r
3771 IN CONST UINT8 *Message,\r
3772 IN UINTN MsgSize,\r
3773 IN CONST UINT8 *Signature,\r
3774 IN UINTN SigSize,\r
3775 IN UINT16 DigestLen,\r
3776 IN UINT16 SaltLen\r
3777 );\r
3778\r
c1e66210
ZL		 3779/**\r
3780 Parallel hash function ParallelHash256, as defined in NIST's Special Publication 800-185,\r
3781 published December 2016.\r
3782\r
3783 @param[in] Input Pointer to the input message (X).\r
3784 @param[in] InputByteLen The number(>0) of input bytes provided for the input data.\r
3785 @param[in] BlockSize The size of each block (B).\r
3786 @param[out] Output Pointer to the output buffer.\r
3787 @param[in] OutputByteLen The desired number of output bytes (L).\r
3788 @param[in] Customization Pointer to the customization string (S).\r
3789 @param[in] CustomByteLen The length of the customization string in bytes.\r
3790\r
3791 @retval TRUE ParallelHash256 digest computation succeeded.\r
3792 @retval FALSE ParallelHash256 digest computation failed.\r
3793 @retval FALSE This interface is not supported.\r
3794\r
3795**/\r
3796typedef\r
3797BOOLEAN\r
3798(EFIAPI *EDKII_CRYPTO_PARALLEL_HASH_ALL)(\r
3799 IN CONST VOID *Input,\r
3800 IN UINTN InputByteLen,\r
3801 IN UINTN BlockSize,\r
3802 OUT VOID *Output,\r
3803 IN UINTN OutputByteLen,\r
3804 IN CONST VOID *Customization,\r
3805 IN UINTN CustomByteLen\r
3806 );\r
3807\r
022787f8
QZ		 3808/**\r
3809 Performs AEAD AES-GCM authenticated encryption on a data buffer and additional authenticated data (AAD).\r
3810\r
3811 IvSize must be 12, otherwise FALSE is returned.\r
3812 KeySize must be 16, 24 or 32, otherwise FALSE is returned.\r
3813 TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.\r
3814\r
3815 @param[in] Key Pointer to the encryption key.\r
3816 @param[in] KeySize Size of the encryption key in bytes.\r
3817 @param[in] Iv Pointer to the IV value.\r
3818 @param[in] IvSize Size of the IV value in bytes.\r
3819 @param[in] AData Pointer to the additional authenticated data (AAD).\r
3820 @param[in] ADataSize Size of the additional authenticated data (AAD) in bytes.\r
3821 @param[in] DataIn Pointer to the input data buffer to be encrypted.\r
3822 @param[in] DataInSize Size of the input data buffer in bytes.\r
3823 @param[out] TagOut Pointer to a buffer that receives the authentication tag output.\r
3824 @param[in] TagSize Size of the authentication tag in bytes.\r
3825 @param[out] DataOut Pointer to a buffer that receives the encryption output.\r
3826 @param[out] DataOutSize Size of the output data buffer in bytes.\r
3827\r
3828 @retval TRUE AEAD AES-GCM authenticated encryption succeeded.\r
3829 @retval FALSE AEAD AES-GCM authenticated encryption failed.\r
3830\r
3831**/\r
3832typedef\r
3833BOOLEAN\r
3834(EFIAPI *EDKII_AEAD_AES_GCM_ENCRYPT)(\r
3835 IN CONST UINT8 *Key,\r
3836 IN UINTN KeySize,\r
3837 IN CONST UINT8 *Iv,\r
3838 IN UINTN IvSize,\r
3839 IN CONST UINT8 *AData,\r
3840 IN UINTN ADataSize,\r
3841 IN CONST UINT8 *DataIn,\r
3842 IN UINTN DataInSize,\r
3843 OUT UINT8 *TagOut,\r
3844 IN UINTN TagSize,\r
3845 OUT UINT8 *DataOut,\r
3846 OUT UINTN *DataOutSize\r
3847 );\r
3848\r
3849/**\r
3850 Performs AEAD AES-GCM authenticated decryption on a data buffer and additional authenticated data (AAD).\r
3851\r
3852 IvSize must be 12, otherwise FALSE is returned.\r
3853 KeySize must be 16, 24 or 32, otherwise FALSE is returned.\r
3854 TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.\r
3855 If additional authenticated data verification fails, FALSE is returned.\r
3856\r
3857 @param[in] Key Pointer to the encryption key.\r
3858 @param[in] KeySize Size of the encryption key in bytes.\r
3859 @param[in] Iv Pointer to the IV value.\r
3860 @param[in] IvSize Size of the IV value in bytes.\r
3861 @param[in] AData Pointer to the additional authenticated data (AAD).\r
3862 @param[in] ADataSize Size of the additional authenticated data (AAD) in bytes.\r
3863 @param[in] DataIn Pointer to the input data buffer to be decrypted.\r
3864 @param[in] DataInSize Size of the input data buffer in bytes.\r
3865 @param[in] Tag Pointer to a buffer that contains the authentication tag.\r
3866 @param[in] TagSize Size of the authentication tag in bytes.\r
3867 @param[out] DataOut Pointer to a buffer that receives the decryption output.\r
3868 @param[out] DataOutSize Size of the output data buffer in bytes.\r
3869\r
3870 @retval TRUE AEAD AES-GCM authenticated decryption succeeded.\r
3871 @retval FALSE AEAD AES-GCM authenticated decryption failed.\r
3872\r
3873**/\r
3874typedef\r
3875BOOLEAN\r
3876(EFIAPI *EDKII_AEAD_AES_GCM_DECRYPT)(\r
3877 IN CONST UINT8 *Key,\r
3878 IN UINTN KeySize,\r
3879 IN CONST UINT8 *Iv,\r
3880 IN UINTN IvSize,\r
3881 IN CONST UINT8 *AData,\r
3882 IN UINTN ADataSize,\r
3883 IN CONST UINT8 *DataIn,\r
3884 IN UINTN DataInSize,\r
3885 IN CONST UINT8 *Tag,\r
3886 IN UINTN TagSize,\r
3887 OUT UINT8 *DataOut,\r
3888 OUT UINTN *DataOutSize\r
3889 );\r
3890\r
42951543
YL		 3891// =====================================================================================\r
3892// Big Number Primitive\r
3893// =====================================================================================\r
3894\r
3895/**\r
3896 Allocate new Big Number.\r
3897\r
3898 @retval New BigNum opaque structure or NULL on failure.\r
3899**/\r
3900typedef\r
3901VOID *\r
3902(EFIAPI *EDKII_CRYPTO_BIGNUM_INIT)(\r
3903 VOID\r
3904 );\r
3905\r
3906/**\r
3907 Allocate new Big Number and assign the provided value to it.\r
3908\r
3909 @param[in] Buf Big endian encoded buffer.\r
3910 @param[in] Len Buffer length.\r
3911\r
3912 @retval New EDKII_CRYPTO_BIGNUM_ opaque structure or NULL on failure.\r
3913**/\r
3914typedef\r
3915VOID *\r
3916(EFIAPI *EDKII_CRYPTO_BIGNUM_FROM_BIN)(\r
3917 IN CONST UINT8 *Buf,\r
3918 IN UINTN Len\r
3919 );\r
3920\r
3921/**\r
3922 Convert the absolute value of Bn into big-endian form and store it at Buf.\r
3923 The Buf array should have at least EDKII_CRYPTO_BIGNUM_Bytes() in it.\r
3924\r
3925 @param[in] Bn Big number to convert.\r
3926 @param[out] Buf Output buffer.\r
3927\r
3928 @retval The length of the big-endian number placed at Buf or -1 on error.\r
3929**/\r
3930typedef\r
3931INTN\r
3932(EFIAPI *EDKII_CRYPTO_BIGNUM_TO_BIN)(\r
3933 IN CONST VOID *Bn,\r
3934 OUT UINT8 *Buf\r
3935 );\r
3936\r
3937/**\r
3938 Free the Big Number.\r
3939\r
3940 @param[in] Bn Big number to free.\r
3941 @param[in] Clear TRUE if the buffer should be cleared.\r
3942**/\r
3943typedef\r
3944VOID\r
3945(EFIAPI *EDKII_CRYPTO_BIGNUM_FREE)(\r
3946 IN VOID *Bn,\r
3947 IN BOOLEAN Clear\r
3948 );\r
3949\r
3950/**\r
3951 Calculate the sum of two Big Numbers.\r
3952\r
3953 @param[in] BnA Big number.\r
3954 @param[in] BnB Big number.\r
3955 @param[out] BnRes The result of BnA + BnB.\r
3956\r
3957 @retval TRUE On success.\r
3958 @retval FALSE Otherwise.\r
3959**/\r
3960typedef\r
3961BOOLEAN\r
3962(EFIAPI *EDKII_CRYPTO_BIGNUM_ADD)(\r
3963 IN CONST VOID *BnA,\r
3964 IN CONST VOID *BnB,\r
3965 OUT VOID *BnRes\r
3966 );\r
3967\r
3968/**\r
3969 Subtract two Big Numbers.\r
3970\r
3971 @param[in] BnA Big number.\r
3972 @param[in] BnB Big number.\r
3973 @param[out] BnRes The result of BnA - BnB.\r
3974\r
3975 @retval TRUE On success.\r
3976 @retval FALSE Otherwise.\r
3977**/\r
3978typedef\r
3979BOOLEAN\r
3980(EFIAPI *EDKII_CRYPTO_BIGNUM_SUB)(\r
3981 IN CONST VOID *BnA,\r
3982 IN CONST VOID *BnB,\r
3983 OUT VOID *BnRes\r
3984 );\r
3985\r
3986/**\r
3987 Calculate remainder: BnRes = BnA % BnB.\r
3988\r
3989 @param[in] BnA Big number.\r
3990 @param[in] BnB Big number.\r
3991 @param[out] BnRes The result of BnA % BnB.\r
3992\r
3993 @retval TRUE On success.\r
3994 @retval FALSE Otherwise.\r
3995**/\r
3996typedef\r
3997BOOLEAN\r
3998(EFIAPI *EDKII_CRYPTO_BIGNUM_MOD)(\r
3999 IN CONST VOID *BnA,\r
4000 IN CONST VOID *BnB,\r
4001 OUT VOID *BnRes\r
4002 );\r
4003\r
4004/**\r
4005 Compute BnA to the BnP-th power modulo BnM.\r
4006\r
4007 @param[in] BnA Big number.\r
4008 @param[in] BnP Big number (power).\r
4009 @param[in] BnM Big number (modulo).\r
4010 @param[out] BnRes The result of BnA ^ BnP % BnM.\r
4011\r
4012 @retval TRUE On success.\r
4013 @retval FALSE Otherwise.\r
4014**/\r
4015typedef\r
4016BOOLEAN\r
4017(EFIAPI *EDKII_CRYPTO_BIGNUM_EXP_MOD)(\r
4018 IN CONST VOID *BnA,\r
4019 IN CONST VOID *BnP,\r
4020 IN CONST VOID *BnM,\r
4021 OUT VOID *BnRes\r
4022 );\r
4023\r
4024/**\r
4025 Compute BnA inverse modulo BnM.\r
4026\r
4027 @param[in] BnA Big number.\r
4028 @param[in] BnM Big number (modulo).\r
4029 @param[out] BnRes The result, such that (BnA * BnRes) % BnM == 1.\r
4030\r
4031 @retval TRUE On success.\r
4032 @retval FALSE Otherwise.\r
4033**/\r
4034typedef\r
4035BOOLEAN\r
4036(EFIAPI *EDKII_CRYPTO_BIGNUM_INVERSE_MOD)(\r
4037 IN CONST VOID *BnA,\r
4038 IN CONST VOID *BnM,\r
4039 OUT VOID *BnRes\r
4040 );\r
4041\r
4042/**\r
4043 Divide two Big Numbers.\r
4044\r
4045 @param[in] BnA Big number.\r
4046 @param[in] BnB Big number.\r
4047 @param[out] BnRes The result, such that BnA / BnB.\r
4048\r
4049 @retval TRUE On success.\r
4050 @retval FALSE Otherwise.\r
4051**/\r
4052typedef\r
4053BOOLEAN\r
4054(EFIAPI *EDKII_CRYPTO_BIGNUM_DIV)(\r
4055 IN CONST VOID *BnA,\r
4056 IN CONST VOID *BnB,\r
4057 OUT VOID *BnRes\r
4058 );\r
4059\r
4060/**\r
4061 Multiply two Big Numbers modulo BnM.\r
4062\r
4063 @param[in] BnA Big number.\r
4064 @param[in] BnB Big number.\r
4065 @param[in] BnM Big number (modulo).\r
4066 @param[out] BnRes The result, such that (BnA * BnB) % BnM.\r
4067\r
4068 @retval TRUE On success.\r
4069 @retval FALSE Otherwise.\r
4070**/\r
4071typedef\r
4072BOOLEAN\r
4073(EFIAPI *EDKII_CRYPTO_BIGNUM_MUL_MOD)(\r
4074 IN CONST VOID *BnA,\r
4075 IN CONST VOID *BnB,\r
4076 IN CONST VOID *BnM,\r
4077 OUT VOID *BnRes\r
4078 );\r
4079\r
4080/**\r
4081 Compare two Big Numbers.\r
4082\r
4083 @param[in] BnA Big number.\r
4084 @param[in] BnB Big number.\r
4085\r
4086 @retval 0 BnA == BnB.\r
4087 @retval 1 BnA > BnB.\r
4088 @retval -1 BnA < BnB.\r
4089**/\r
4090typedef\r
4091INTN\r
4092(EFIAPI *EDKII_CRYPTO_BIGNUM_CMP)(\r
4093 IN CONST VOID *BnA,\r
4094 IN CONST VOID *BnB\r
4095 );\r
4096\r
4097/**\r
4098 Get number of bits in Bn.\r
4099\r
4100 @param[in] Bn Big number.\r
4101\r
4102 @retval Number of bits.\r
4103**/\r
4104typedef\r
4105UINTN\r
4106(EFIAPI *EDKII_CRYPTO_BIGNUM_BITS)(\r
4107 IN CONST VOID *Bn\r
4108 );\r
4109\r
4110/**\r
4111 Get number of bytes in Bn.\r
4112\r
4113 @param[in] Bn Big number.\r
4114\r
4115 @retval Number of bytes.\r
4116**/\r
4117typedef\r
4118UINTN\r
4119(EFIAPI *EDKII_CRYPTO_BIGNUM_BYTES)(\r
4120 IN CONST VOID *Bn\r
4121 );\r
4122\r
4123/**\r
4124 Checks if Big Number equals to the given Num.\r
4125\r
4126 @param[in] Bn Big number.\r
4127 @param[in] Num Number.\r
4128\r
4129 @retval TRUE iff Bn == Num.\r
4130 @retval FALSE otherwise.\r
4131**/\r
4132typedef\r
4133BOOLEAN\r
4134(EFIAPI *EDKII_CRYPTO_BIGNUM_IS_WORD)(\r
4135 IN CONST VOID *Bn,\r
4136 IN UINTN Num\r
4137 );\r
4138\r
4139/**\r
4140 Checks if Big Number is odd.\r
4141\r
4142 @param[in] Bn Big number.\r
4143\r
4144 @retval TRUE Bn is odd (Bn % 2 == 1).\r
4145 @retval FALSE otherwise.\r
4146**/\r
4147typedef\r
4148BOOLEAN\r
4149(EFIAPI *EDKII_CRYPTO_BIGNUM_IS_ODD)(\r
4150 IN CONST VOID *Bn\r
4151 );\r
4152\r
4153/**\r
4154 Copy Big number.\r
4155\r
4156 @param[out] BnDst Destination.\r
4157 @param[in] BnSrc Source.\r
4158\r
4159 @retval BnDst on success.\r
4160 @retval NULL otherwise.\r
4161**/\r
4162typedef\r
4163VOID *\r
4164(EFIAPI *EDKII_CRYPTO_BIGNUM_COPY)(\r
4165 OUT VOID *BnDst,\r
4166 IN CONST VOID *BnSrc\r
4167 );\r
4168\r
4169/**\r
4170 Get constant Big number with value of "1".\r
4171 This may be used to save expensive allocations.\r
4172\r
4173 @retval Big Number with value of 1.\r
4174**/\r
4175typedef\r
4176CONST VOID *\r
4177(EFIAPI *EDKII_CRYPTO_BIGNUM_VALUE_ONE)(\r
4178 VOID\r
4179 );\r
4180\r
4181/**\r
4182 Shift right Big Number.\r
4183 Please note, all "out" Big number arguments should be properly initialized\r
4184 by calling to BigNumInit() or BigNumFromBin() functions.\r
4185\r
4186 @param[in] Bn Big number.\r
4187 @param[in] N Number of bits to shift.\r
4188 @param[out] BnRes The result.\r
4189\r
4190 @retval TRUE On success.\r
4191 @retval FALSE Otherwise.\r
4192**/\r
4193typedef\r
4194BOOLEAN\r
4195(EFIAPI *EDKII_CRYPTO_BIGNUM_R_SHIFT)(\r
4196 IN CONST VOID *Bn,\r
4197 IN UINTN N,\r
4198 OUT VOID *BnRes\r
4199 );\r
4200\r
4201/**\r
4202 Mark Big Number for constant time computations.\r
4203 This function should be called before any constant time computations are\r
4204 performed on the given Big number.\r
4205\r
4206 @param[in] Bn Big number.\r
4207**/\r
4208typedef\r
4209VOID\r
4210(EFIAPI *EDKII_CRYPTO_BIGNUM_CONST_TIME)(\r
4211 IN VOID *Bn\r
4212 );\r
4213\r
4214/**\r
4215 Calculate square modulo.\r
4216\r
4217 @param[in] BnA Big number.\r
4218 @param[in] BnM Big number (modulo).\r
4219 @param[out] BnRes The result, such that (BnA ^ 2) % BnM.\r
4220\r
4221 @retval TRUE On success.\r
4222 @retval FALSE Otherwise.\r
4223**/\r
4224typedef\r
4225BOOLEAN\r
4226(EFIAPI *EDKII_CRYPTO_BIGNUM_SQR_MOD)(\r
4227 IN CONST VOID *BnA,\r
4228 IN CONST VOID *BnM,\r
4229 OUT VOID *BnRes\r
4230 );\r
4231\r
4232/**\r
4233 Create new Big Number computation context. This is an opaque structure.\r
4234 which should be passed to any function that requires it. The BN context is\r
4235 needed to optimize calculations and expensive allocations.\r
4236\r
4237 @retval Big Number context struct or NULL on failure.\r
4238**/\r
4239typedef\r
4240VOID *\r
4241(EFIAPI *EDKII_CRYPTO_BIGNUM_NEW_CONTEXT)(\r
4242 VOID\r
4243 );\r
4244\r
4245/**\r
4246 Free Big Number context that was allocated with EDKII_CRYPTO_BIGNUM_NewContext().\r
4247\r
4248 @param[in] BnCtx Big number context to free.\r
4249**/\r
4250typedef\r
4251VOID\r
4252(EFIAPI *EDKII_CRYPTO_BIGNUM_CONTEXT_FREE)(\r
4253 IN VOID *BnCtx\r
4254 );\r
4255\r
4256/**\r
4257 Set Big Number to a given value.\r
4258\r
4259 @param[in] Bn Big number to set.\r
4260 @param[in] Val Value to set.\r
4261\r
4262 @retval TRUE On success.\r
4263 @retval FALSE Otherwise.\r
4264**/\r
4265typedef\r
4266BOOLEAN\r
4267(EFIAPI *EDKII_CRYPTO_BIGNUM_SET_UINT)(\r
4268 IN VOID *Bn,\r
4269 IN UINTN Val\r
4270 );\r
4271\r
4272/**\r
4273 Add two Big Numbers modulo BnM.\r
4274\r
4275 @param[in] BnA Big number.\r
4276 @param[in] BnB Big number.\r
4277 @param[in] BnM Big number (modulo).\r
4278 @param[out] BnRes The result, such that (BnA + BnB) % BnM.\r
4279\r
4280 @retval TRUE On success.\r
4281 @retval FALSE Otherwise.\r
4282**/\r
4283typedef\r
4284BOOLEAN\r
4285(EFIAPI *EDKII_CRYPTO_BIGNUM_ADD_MOD)(\r
4286 IN CONST VOID *BnA,\r
4287 IN CONST VOID *BnB,\r
4288 IN CONST VOID *BnM,\r
4289 OUT VOID *BnRes\r
4290 );\r
4291\r
3b0e0430
MK		 4292///\r
4293/// EDK II Crypto Protocol\r
4294///\r
4295struct _EDKII_CRYPTO_PROTOCOL {\r
4296 /// Version\r
7c342378 4297 EDKII_CRYPTO_GET_VERSION GetVersion;\r
b6174e2d 4298 /// HMAC MD5 - deprecated and unsupported\r
7c342378
MK		 4299 DEPRECATED_EDKII_CRYPTO_HMAC_MD5_NEW DeprecatedHmacMd5New;\r
4300 DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FREE DeprecatedHmacMd5Free;\r
4301 DEPRECATED_EDKII_CRYPTO_HMAC_MD5_SET_KEY DeprecatedHmacMd5SetKey;\r
4302 DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE DeprecatedHmacMd5Duplicate;\r
4303 DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE DeprecatedHmacMd5Update;\r
4304 DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL DeprecatedHmacMd5Final;\r
c812d320 4305 /// HMAC SHA1 - deprecated and unsupported\r
7c342378
MK		 4306 DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_NEW DeprecatedHmacSha1New;\r
4307 DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FREE DeprecatedHmacSha1Free;\r
4308 DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_SET_KEY DeprecatedHmacSha1SetKey;\r
4309 DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_DUPLICATE DeprecatedHmacSha1Duplicate;\r
4310 DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_UPDATE DeprecatedHmacSha1Update;\r
4311 DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FINAL DeprecatedHmacSha1Final;\r
3b0e0430 4312 /// HMAC SHA256\r
7c342378
MK		 4313 EDKII_CRYPTO_HMAC_SHA256_NEW HmacSha256New;\r
4314 EDKII_CRYPTO_HMAC_SHA256_FREE HmacSha256Free;\r
4315 EDKII_CRYPTO_HMAC_SHA256_SET_KEY HmacSha256SetKey;\r
4316 EDKII_CRYPTO_HMAC_SHA256_DUPLICATE HmacSha256Duplicate;\r
4317 EDKII_CRYPTO_HMAC_SHA256_UPDATE HmacSha256Update;\r
4318 EDKII_CRYPTO_HMAC_SHA256_FINAL HmacSha256Final;\r
0a6fc3d0 4319 /// Md4 - deprecated and unsupported\r
7c342378
MK		 4320 DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE DeprecatedMd4GetContextSize;\r
4321 DEPRECATED_EDKII_CRYPTO_MD4_INIT DeprecatedMd4Init;\r
4322 DEPRECATED_EDKII_CRYPTO_MD4_DUPLICATE DeprecatedMd4Duplicate;\r
4323 DEPRECATED_EDKII_CRYPTO_MD4_UPDATE DeprecatedMd4Update;\r
4324 DEPRECATED_EDKII_CRYPTO_MD4_FINAL DeprecatedMd4Final;\r
4325 DEPRECATED_EDKII_CRYPTO_MD4_HASH_ALL DeprecatedMd4HashAll;\r
3b0e0430 4326 /// Md5\r
7c342378
MK		 4327 EDKII_CRYPTO_MD5_GET_CONTEXT_SIZE Md5GetContextSize;\r
4328 EDKII_CRYPTO_MD5_INIT Md5Init;\r
4329 EDKII_CRYPTO_MD5_DUPLICATE Md5Duplicate;\r
4330 EDKII_CRYPTO_MD5_UPDATE Md5Update;\r
4331 EDKII_CRYPTO_MD5_FINAL Md5Final;\r
4332 EDKII_CRYPTO_MD5_HASH_ALL Md5HashAll;\r
3b0e0430 4333 /// Pkcs\r
7c342378
MK		 4334 EDKII_CRYPTO_PKCS1_ENCRYPT_V2 Pkcs1v2Encrypt;\r
4335 EDKII_CRYPTO_PKCS5_PW_HASH Pkcs5HashPassword;\r
4336 EDKII_CRYPTO_PKCS7_VERIFY Pkcs7Verify;\r
4337 EDKII_CRYPTO_PKCS7_VERIFY_EKU VerifyEKUsInPkcs7Signature;\r
4338 EDKII_CRYPTO_PKCS7_GET_SIGNERS Pkcs7GetSigners;\r
4339 EDKII_CRYPTO_PKCS7_FREE_SIGNERS Pkcs7FreeSigners;\r
4340 EDKII_CRYPTO_PKCS7_SIGN Pkcs7Sign;\r
4341 EDKII_CRYPTO_PKCS7_GET_ATTACHED_CONTENT Pkcs7GetAttachedContent;\r
4342 EDKII_CRYPTO_PKCS7_GET_CERTIFICATES_LIST Pkcs7GetCertificatesList;\r
4343 EDKII_CRYPTO_AUTHENTICODE_VERIFY AuthenticodeVerify;\r
4344 EDKII_CRYPTO_IMAGE_TIMESTAMP_VERIFY ImageTimestampVerify;\r
3b0e0430 4345 /// DH\r
7c342378
MK		 4346 EDKII_CRYPTO_DH_NEW DhNew;\r
4347 EDKII_CRYPTO_DH_FREE DhFree;\r
4348 EDKII_CRYPTO_DH_GENERATE_PARAMETER DhGenerateParameter;\r
4349 EDKII_CRYPTO_DH_SET_PARAMETER DhSetParameter;\r
4350 EDKII_CRYPTO_DH_GENERATE_KEY DhGenerateKey;\r
4351 EDKII_CRYPTO_DH_COMPUTE_KEY DhComputeKey;\r
3b0e0430 4352 /// Random\r
7c342378
MK		 4353 EDKII_CRYPTO_RANDOM_SEED RandomSeed;\r
4354 EDKII_CRYPTO_RANDOM_BYTES RandomBytes;\r
3b0e0430 4355 /// RSA\r
7c342378
MK		 4356 EDKII_CRYPTO_RSA_VERIFY_PKCS1 RsaVerifyPkcs1;\r
4357 EDKII_CRYPTO_RSA_NEW RsaNew;\r
4358 EDKII_CRYPTO_RSA_FREE RsaFree;\r
4359 EDKII_CRYPTO_RSA_SET_KEY RsaSetKey;\r
4360 EDKII_CRYPTO_RSA_GET_KEY RsaGetKey;\r
4361 EDKII_CRYPTO_RSA_GENERATE_KEY RsaGenerateKey;\r
4362 EDKII_CRYPTO_RSA_CHECK_KEY RsaCheckKey;\r
4363 EDKII_CRYPTO_RSA_PKCS1_SIGN RsaPkcs1Sign;\r
4364 EDKII_CRYPTO_RSA_PKCS1_VERIFY RsaPkcs1Verify;\r
4365 EDKII_CRYPTO_RSA_GET_PRIVATE_KEY_FROM_PEM RsaGetPrivateKeyFromPem;\r
4366 EDKII_CRYPTO_RSA_GET_PUBLIC_KEY_FROM_X509 RsaGetPublicKeyFromX509;\r
3b0e0430 4367 /// Sha1\r
7c342378
MK		 4368 EDKII_CRYPTO_SHA1_GET_CONTEXT_SIZE Sha1GetContextSize;\r
4369 EDKII_CRYPTO_SHA1_INIT Sha1Init;\r
4370 EDKII_CRYPTO_SHA1_DUPLICATE Sha1Duplicate;\r
4371 EDKII_CRYPTO_SHA1_UPDATE Sha1Update;\r
4372 EDKII_CRYPTO_SHA1_FINAL Sha1Final;\r
4373 EDKII_CRYPTO_SHA1_HASH_ALL Sha1HashAll;\r
3b0e0430 4374 /// Sha256\r
7c342378
MK		 4375 EDKII_CRYPTO_SHA256_GET_CONTEXT_SIZE Sha256GetContextSize;\r
4376 EDKII_CRYPTO_SHA256_INIT Sha256Init;\r
4377 EDKII_CRYPTO_SHA256_DUPLICATE Sha256Duplicate;\r
4378 EDKII_CRYPTO_SHA256_UPDATE Sha256Update;\r
4379 EDKII_CRYPTO_SHA256_FINAL Sha256Final;\r
4380 EDKII_CRYPTO_SHA256_HASH_ALL Sha256HashAll;\r
3b0e0430 4381 /// Sha384\r
7c342378
MK		 4382 EDKII_CRYPTO_SHA384_GET_CONTEXT_SIZE Sha384GetContextSize;\r
4383 EDKII_CRYPTO_SHA384_INIT Sha384Init;\r
4384 EDKII_CRYPTO_SHA384_DUPLICATE Sha384Duplicate;\r
4385 EDKII_CRYPTO_SHA384_UPDATE Sha384Update;\r
4386 EDKII_CRYPTO_SHA384_FINAL Sha384Final;\r
4387 EDKII_CRYPTO_SHA384_HASH_ALL Sha384HashAll;\r
3b0e0430 4388 /// Sha512\r
7c342378
MK		 4389 EDKII_CRYPTO_SHA512_GET_CONTEXT_SIZE Sha512GetContextSize;\r
4390 EDKII_CRYPTO_SHA512_INIT Sha512Init;\r
4391 EDKII_CRYPTO_SHA512_DUPLICATE Sha512Duplicate;\r
4392 EDKII_CRYPTO_SHA512_UPDATE Sha512Update;\r
4393 EDKII_CRYPTO_SHA512_FINAL Sha512Final;\r
4394 EDKII_CRYPTO_SHA512_HASH_ALL Sha512HashAll;\r
3b0e0430 4395 /// X509\r
7c342378
MK		 4396 EDKII_CRYPTO_X509_GET_SUBJECT_NAME X509GetSubjectName;\r
4397 EDKII_CRYPTO_X509_GET_COMMON_NAME X509GetCommonName;\r
4398 EDKII_CRYPTO_X509_GET_ORGANIZATION_NAME X509GetOrganizationName;\r
4399 EDKII_CRYPTO_X509_VERIFY_CERT X509VerifyCert;\r
4400 EDKII_CRYPTO_X509_CONSTRUCT_CERTIFICATE X509ConstructCertificate;\r
4401 EDKII_CRYPTO_X509_CONSTRUCT_CERTIFICATE_STACK X509ConstructCertificateStack;\r
4402 EDKII_CRYPTO_X509_FREE X509Free;\r
4403 EDKII_CRYPTO_X509_STACK_FREE X509StackFree;\r
4404 EDKII_CRYPTO_X509_GET_TBS_CERT X509GetTBSCert;\r
b8af2c9e 4405 /// TDES - deprecated and unsupported\r
7c342378
MK		 4406 DEPRECATED_EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE DeprecatedTdesGetContextSize;\r
4407 DEPRECATED_EDKII_CRYPTO_TDES_INIT DeprecatedTdesInit;\r
4408 DEPRECATED_EDKII_CRYPTO_TDES_ECB_ENCRYPT DeprecatedTdesEcbEncrypt;\r
4409 DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT DeprecatedTdesEcbDecrypt;\r
4410 DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT DeprecatedTdesCbcEncrypt;\r
4411 DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT DeprecatedTdesCbcDecrypt;\r
80e28dce 4412 /// AES - ECB Mode is deprecated and unsupported\r
7c342378
MK		 4413 EDKII_CRYPTO_AES_GET_CONTEXT_SIZE AesGetContextSize;\r
4414 EDKII_CRYPTO_AES_INIT AesInit;\r
4415 DEPRECATED_EDKII_CRYPTO_AES_ECB_ENCRYPT DeprecatedAesEcbEncrypt;\r
4416 DEPRECATED_EDKII_CRYPTO_AES_ECB_DECRYPT DeprecatedAesEcbDecrypt;\r
4417 EDKII_CRYPTO_AES_CBC_ENCRYPT AesCbcEncrypt;\r
4418 EDKII_CRYPTO_AES_CBC_DECRYPT AesCbcDecrypt;\r
c22a32e1 4419 /// Arc4 - deprecated and unsupported\r
7c342378
MK		 4420 DEPRECATED_EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE DeprecatedArc4GetContextSize;\r
4421 DEPRECATED_EDKII_CRYPTO_ARC4_INIT DeprecatedArc4Init;\r
4422 DEPRECATED_EDKII_CRYPTO_ARC4_ENCRYPT DeprecatedArc4Encrypt;\r
4423 DEPRECATED_EDKII_CRYPTO_ARC4_DECRYPT DeprecatedArc4Decrypt;\r
4424 DEPRECATED_EDKII_CRYPTO_ARC4_RESET DeprecatedArc4Reset;\r
3b0e0430 4425 /// SM3\r
7c342378
MK		 4426 EDKII_CRYPTO_SM3_GET_CONTEXT_SIZE Sm3GetContextSize;\r
4427 EDKII_CRYPTO_SM3_INIT Sm3Init;\r
4428 EDKII_CRYPTO_SM3_DUPLICATE Sm3Duplicate;\r
4429 EDKII_CRYPTO_SM3_UPDATE Sm3Update;\r
4430 EDKII_CRYPTO_SM3_FINAL Sm3Final;\r
4431 EDKII_CRYPTO_SM3_HASH_ALL Sm3HashAll;\r
3b0e0430 4432 /// HKDF\r
7c342378 4433 EDKII_CRYPTO_HKDF_SHA_256_EXTRACT_AND_EXPAND HkdfSha256ExtractAndExpand;\r
3b0e0430 4434 /// X509 (Continued)\r
7c342378 4435 EDKII_CRYPTO_X509_CONSTRUCT_CERTIFICATE_STACK_V X509ConstructCertificateStackV;\r
3b0e0430 4436 /// TLS\r
7c342378
MK		 4437 EDKII_CRYPTO_TLS_INITIALIZE TlsInitialize;\r
4438 EDKII_CRYPTO_TLS_CTX_FREE TlsCtxFree;\r
4439 EDKII_CRYPTO_TLS_CTX_NEW TlsCtxNew;\r
4440 EDKII_CRYPTO_TLS_FREE TlsFree;\r
4441 EDKII_CRYPTO_TLS_NEW TlsNew;\r
4442 EDKII_CRYPTO_TLS_IN_HANDSHAKE TlsInHandshake;\r
4443 EDKII_CRYPTO_TLS_DO_HANDSHAKE TlsDoHandshake;\r
4444 EDKII_CRYPTO_TLS_HANDLE_ALERT TlsHandleAlert;\r
4445 EDKII_CRYPTO_TLS_CLOSE_NOTIFY TlsCloseNotify;\r
4446 EDKII_CRYPTO_TLS_CTRL_TRAFFIC_OUT TlsCtrlTrafficOut;\r
4447 EDKII_CRYPTO_TLS_CTRL_TRAFFIC_IN TlsCtrlTrafficIn;\r
4448 EDKII_CRYPTO_TLS_READ TlsRead;\r
4449 EDKII_CRYPTO_TLS_WRITE TlsWrite;\r
3b0e0430 4450 /// TLS Set\r
7c342378
MK		 4451 EDKII_CRYPTO_TLS_SET_VERSION TlsSetVersion;\r
4452 EDKII_CRYPTO_TLS_SET_CONNECTION_END TlsSetConnectionEnd;\r
4453 EDKII_CRYPTO_TLS_SET_CIPHER_LIST TlsSetCipherList;\r
4454 EDKII_CRYPTO_TLS_SET_COMPRESSION_METHOD TlsSetCompressionMethod;\r
4455 EDKII_CRYPTO_TLS_SET_VERIFY TlsSetVerify;\r
4456 EDKII_CRYPTO_TLS_SET_VERIFY_HOST TlsSetVerifyHost;\r
4457 EDKII_CRYPTO_TLS_SET_SESSIONID TlsSetSessionId;\r
4458 EDKII_CRYPTO_TLS_SET_CA_CERTIFICATE TlsSetCaCertificate;\r
4459 EDKII_CRYPTO_TLS_SET_HOST_PUBLIC_CERT TlsSetHostPublicCert;\r
4460 EDKII_CRYPTO_TLS_SET_HOST_PRIVATE_KEY TlsSetHostPrivateKey;\r
4461 EDKII_CRYPTO_TLS_SET_CERT_REVOCATION_LIST TlsSetCertRevocationList;\r
3b0e0430 4462 /// TLS Get\r
7c342378
MK		 4463 EDKII_CRYPTO_TLS_GET_VERSION TlsGetVersion;\r
4464 EDKII_CRYPTO_TLS_GET_CONNECTION_END TlsGetConnectionEnd;\r
4465 EDKII_CRYPTO_TLS_GET_CURRENT_CIPHER TlsGetCurrentCipher;\r
4466 EDKII_CRYPTO_TLS_GET_CURRENT_COMPRESSION_ID TlsGetCurrentCompressionId;\r
4467 EDKII_CRYPTO_TLS_GET_VERIFY TlsGetVerify;\r
4468 EDKII_CRYPTO_TLS_GET_SESSION_ID TlsGetSessionId;\r
4469 EDKII_CRYPTO_TLS_GET_CLIENT_RANDOM TlsGetClientRandom;\r
4470 EDKII_CRYPTO_TLS_GET_SERVER_RANDOM TlsGetServerRandom;\r
4471 EDKII_CRYPTO_TLS_GET_KEY_MATERIAL TlsGetKeyMaterial;\r
4472 EDKII_CRYPTO_TLS_GET_CA_CERTIFICATE TlsGetCaCertificate;\r
4473 EDKII_CRYPTO_TLS_GET_HOST_PUBLIC_CERT TlsGetHostPublicCert;\r
4474 EDKII_CRYPTO_TLS_GET_HOST_PRIVATE_KEY TlsGetHostPrivateKey;\r
4475 EDKII_CRYPTO_TLS_GET_CERT_REVOCATION_LIST TlsGetCertRevocationList;\r
22ac5cc9 4476 /// RSA PSS\r
7c342378
MK		 4477 EDKII_CRYPTO_RSA_PSS_SIGN RsaPssSign;\r
4478 EDKII_CRYPTO_RSA_PSS_VERIFY RsaPssVerify;\r
c1e66210
ZL		 4479 /// Parallel hash\r
4480 EDKII_CRYPTO_PARALLEL_HASH_ALL ParallelHash256HashAll;\r
7bb42e32
QZ		 4481 /// HMAC SHA256 (continued)\r
4482 EDKII_CRYPTO_HMAC_SHA256_ALL HmacSha256All;\r
4483 /// HMAC SHA384\r
4484 EDKII_CRYPTO_HMAC_SHA384_NEW HmacSha384New;\r
4485 EDKII_CRYPTO_HMAC_SHA384_FREE HmacSha384Free;\r
4486 EDKII_CRYPTO_HMAC_SHA384_SET_KEY HmacSha384SetKey;\r
4487 EDKII_CRYPTO_HMAC_SHA384_DUPLICATE HmacSha384Duplicate;\r
4488 EDKII_CRYPTO_HMAC_SHA384_UPDATE HmacSha384Update;\r
4489 EDKII_CRYPTO_HMAC_SHA384_FINAL HmacSha384Final;\r
4490 EDKII_CRYPTO_HMAC_SHA384_ALL HmacSha384All;\r
13364762
QZ		 4491 /// HKDF (continued)\r
4492 EDKII_CRYPTO_HKDF_SHA_256_EXTRACT HkdfSha256Extract;\r
4493 EDKII_CRYPTO_HKDF_SHA_256_EXPAND HkdfSha256Expand;\r
4494 EDKII_CRYPTO_HKDF_SHA_384_EXTRACT_AND_EXPAND HkdfSha384ExtractAndExpand;\r
4495 EDKII_CRYPTO_HKDF_SHA_384_EXTRACT HkdfSha384Extract;\r
4496 EDKII_CRYPTO_HKDF_SHA_384_EXPAND HkdfSha384Expand;\r
022787f8
QZ		 4497 /// AEAD AES-GCM\r
4498 EDKII_AEAD_AES_GCM_ENCRYPT AeadAesGcmEncrypt;\r
4499 EDKII_AEAD_AES_GCM_DECRYPT AeadAesGcmDecrypt;\r
42951543
YL		 4500 /// BIGNUM\r
4501 EDKII_CRYPTO_BIGNUM_INIT BigNumInit;\r
4502 EDKII_CRYPTO_BIGNUM_FROM_BIN BigNumFromBin;\r
4503 EDKII_CRYPTO_BIGNUM_TO_BIN BigNumToBin;\r
4504 EDKII_CRYPTO_BIGNUM_FREE BigNumFree;\r
4505 EDKII_CRYPTO_BIGNUM_ADD BigNumAdd;\r
4506 EDKII_CRYPTO_BIGNUM_SUB BigNumSub;\r
4507 EDKII_CRYPTO_BIGNUM_MOD BigNumMod;\r
4508 EDKII_CRYPTO_BIGNUM_EXP_MOD BigNumExpMod;\r
4509 EDKII_CRYPTO_BIGNUM_INVERSE_MOD BigNumInverseMod;\r
4510 EDKII_CRYPTO_BIGNUM_DIV BigNumDiv;\r
4511 EDKII_CRYPTO_BIGNUM_MUL_MOD BigNumMulMod;\r
4512 EDKII_CRYPTO_BIGNUM_CMP BigNumCmp;\r
4513 EDKII_CRYPTO_BIGNUM_BITS BigNumBits;\r
4514 EDKII_CRYPTO_BIGNUM_BYTES BigNumBytes;\r
4515 EDKII_CRYPTO_BIGNUM_IS_WORD BigNumIsWord;\r
4516 EDKII_CRYPTO_BIGNUM_IS_ODD BigNumIsOdd;\r
4517 EDKII_CRYPTO_BIGNUM_COPY BigNumCopy;\r
4518 EDKII_CRYPTO_BIGNUM_VALUE_ONE BigNumValueOne;\r
4519 EDKII_CRYPTO_BIGNUM_R_SHIFT BigNumRShift;\r
4520 EDKII_CRYPTO_BIGNUM_CONST_TIME BigNumConstTime;\r
4521 EDKII_CRYPTO_BIGNUM_SQR_MOD BigNumSqrMod;\r
4522 EDKII_CRYPTO_BIGNUM_NEW_CONTEXT BigNumNewContext;\r
4523 EDKII_CRYPTO_BIGNUM_CONTEXT_FREE BigNumContextFree;\r
4524 EDKII_CRYPTO_BIGNUM_SET_UINT BigNumSetUint;\r
4525 EDKII_CRYPTO_BIGNUM_ADD_MOD BigNumAddMod;\r
3b0e0430
MK		 4526};\r
4527\r
7c342378 4528extern GUID gEdkiiCryptoProtocolGuid;\r
3b0e0430
MK		 4529\r
4530#endif\r
EFI Development Kit II mirror for PVE