]> git.proxmox.com Git - mirror_edk2.git/blame - NetworkPkg/IpSecDxe/IpSecCryptIo.h
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
BaseTools/Capsule: Do not support -o with --dump-info
[mirror_edk2.git] / NetworkPkg / IpSecDxe / IpSecCryptIo.h
CommitLineData
a3bcde70 1/** @file\r
9166f840 2 Definitions related to the Cryptographic Operations in IPsec.\r
a3bcde70 3\r
f75a7f56 4 Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r
a3bcde70
HT		 5\r
6 This program and the accompanying materials\r
7 are licensed and made available under the terms and conditions of the BSD License\r
8 which accompanies this distribution. The full text of the license may be found at\r
9 http://opensource.org/licenses/bsd-license.php.\r
10\r
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
13\r
14**/\r
a3bcde70
HT		 15#ifndef _EFI_IPSEC_CRYPTIO_H_\r
16#define _EFI_IPSEC_CRYPTIO_H_\r
17\r
18#include <Protocol/IpSecConfig.h>\r
19#include <Library/DebugLib.h>\r
9166f840 20#include <Library/BaseCryptLib.h>\r
21#include <Library/BaseMemoryLib.h>\r
22#include <Library/MemoryAllocationLib.h>\r
23\r
24#include "IpSecImpl.h"\r
25#include "IkeCommon.h"\r
a3bcde70 26\r
9166f840 27#define IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE 4\r
a3bcde70 28#define IPSEC_AUTH_ALGORITHM_LIST_SIZE 3\r
9166f840 29#define IPSEC_HASH_ALGORITHM_LIST_SIZE 3\r
a3bcde70 30\r
68d3f2fb 31///\r
32/// Authentication Algorithm Definition\r
33/// The number value definition is aligned to IANA assignment\r
34///\r
35#define IKE_AALG_NONE 0x00\r
36#define IKE_AALG_SHA1HMAC 0x02\r
37#define IKE_AALG_NULL 0xFB\r
38\r
39///\r
40/// Encryption Algorithm Definition\r
41/// The number value definition is aligned to IANA assignment\r
42///\r
43#define IKE_EALG_NONE 0x00\r
44#define IKE_EALG_3DESCBC 0x03\r
45#define IKE_EALG_NULL 0x0B\r
46#define IKE_EALG_AESCBC 0x0C\r
47\r
a3bcde70 48/**\r
9166f840 49 Prototype of HMAC GetContextSize.\r
f75a7f56 50\r
a3bcde70 51 Retrieves the size, in bytes, of the context buffer required.\r
f75a7f56 52\r
a3bcde70
HT		 53 @return The size, in bytes, of the context buffer required.\r
54\r
55**/\r
56typedef\r
57UINTN\r
2e7120cd 58(EFIAPI *CRYPTO_HMAC_GETCONTEXTSIZE)(\r
a3bcde70
HT		 59 VOID\r
60 );\r
61\r
62/**\r
9166f840 63 Prototype of HMAC Operation Initiating.\r
f75a7f56 64\r
a3bcde70
HT		 65 Initialization with a new context.\r
66\r
9166f840 67 @param[out] Context Input Context.\r
68 @param[in] Key Pointer to the key for HMAC.\r
69 @param[in] KeySize The length of the Key in bytes.\r
f75a7f56 70\r
a3bcde70
HT		 71 @retval TRUE Initialization Successfully.\r
72\r
73**/\r
74typedef\r
9166f840 75BOOLEAN\r
2e7120cd 76(EFIAPI *CRYPTO_HMAC_INIT)(\r
9166f840 77 OUT VOID *Context,\r
78 IN CONST UINT8 *Key,\r
79 IN UINTN KeySize\r
a3bcde70
HT		 80 );\r
81\r
82/**\r
9166f840 83 Prototype of HMAC update.\r
84 HMAC update operation. Continue an HMAC message digest operation, processing\r
85 another message block, and updating the HMAC context.\r
a3bcde70
HT		 86\r
87 If Context is NULL, then ASSERT().\r
88 If Data is NULL, then ASSERT().\r
89\r
90 @param[in,out] Context The Specified Context.\r
9166f840 91 @param[in,out] Data The Input Data to be digested.\r
a3bcde70
HT		 92 @param[in] DataLength The length, in bytes, of Data.\r
93\r
94 @retval TRUE Update data successfully.\r
95 @retval FALSE The Context has been finalized.\r
96\r
97**/\r
98typedef\r
99BOOLEAN\r
2e7120cd 100(EFIAPI *CRYPTO_HMAC_UPDATE)(\r
a3bcde70
HT		 101 IN OUT VOID *Context,\r
102 IN CONST VOID *Data,\r
103 IN UINTN DataLength\r
104 );\r
105\r
106/**\r
d1c85a17 107 Prototype of HMAC finalization.\r
9166f840 108 Terminate a HMAC message digest operation and output the message digest.\r
a3bcde70
HT		 109\r
110 If Context is NULL, then ASSERT().\r
111 If HashValue is NULL, then ASSERT().\r
112\r
113 @param[in,out] Context The specified Context.\r
9166f840 114 @param[out] HmacValue Pointer to a 16-byte message digest output buffer.\r
a3bcde70
HT		 115\r
116 @retval TRUE Finalized successfully.\r
117\r
118**/\r
119typedef\r
120BOOLEAN\r
2e7120cd 121(EFIAPI *CRYPTO_HMAC_FINAL)(\r
a3bcde70 122 IN OUT VOID *Context,\r
9166f840 123 OUT UINT8 *HmacValue\r
a3bcde70
HT		 124 );\r
125\r
126/**\r
9166f840 127 Prototype of Block Cipher GetContextSize.\r
a3bcde70
HT		 128\r
129 Retrieves the size, in bytes, of the context buffer required.\r
130\r
131 @return The size, in bytes, of the context buffer required.\r
132\r
133**/\r
134typedef\r
135UINTN\r
2e7120cd 136(EFIAPI *CRYPTO_CIPHER_GETCONTEXTSIZE)(\r
a3bcde70
HT		 137 VOID\r
138 );\r
139\r
140/**\r
9166f840 141 Prototype of Block Cipher initiation.\r
d1c85a17 142 Initializes the user-supplied key as the specified context (key materials) for both\r
a3bcde70
HT		 143 encryption and decryption operations.\r
144\r
145 If Context is NULL, then ASSERT().\r
146 If Key is NULL, then generate random key for usage.\r
147\r
148 @param[in,out] Context The specified Context.\r
9166f840 149 @param[in] Key User-supplied cipher key.\r
a3bcde70
HT		 150 @param[in] KeyBits Key length in bits.\r
151\r
9166f840 152 @retval TRUE Block Cipher Initialization was successful.\r
a3bcde70
HT		 153\r
154**/\r
155typedef\r
156BOOLEAN\r
2e7120cd 157(EFIAPI *CRYPTO_CIPHER_INIT)(\r
a3bcde70
HT		 158 IN OUT VOID *Context,\r
159 IN CONST UINT8 *Key,\r
9166f840 160 IN UINTN KeyBits\r
a3bcde70
HT		 161 );\r
162\r
a3bcde70
HT		 163/**\r
164 Prototype of Cipher encryption.\r
165 Encrypts plaintext message with the specified cipher.\r
166\r
167 If Context is NULL, then ASSERT().\r
d1c85a17 168 If InData is NULL, then ASSERT().\r
a3bcde70
HT		 169 If Size of input data is not multiple of Cipher algorithm related block size,\r
170 then ASSERT().\r
171\r
172 @param[in] Context The specified Context.\r
173 @param[in] InData The input plaintext data to be encrypted.\r
9166f840 174 @param[in] InputSize The size of input data.\r
175 @param[in] Ivec Pointer to Initial Vector data for encryption.\r
a3bcde70 176 @param[out] OutData The resultant encrypted ciphertext.\r
a3bcde70
HT		 177\r
178 @retval TRUE Encryption successful.\r
179\r
180**/\r
181typedef\r
182BOOLEAN\r
2e7120cd 183(EFIAPI *CRYPTO_CIPHER_ENCRYPT)(\r
a3bcde70
HT		 184 IN VOID *Context,\r
185 IN CONST UINT8 *InData,\r
9166f840 186 IN UINTN InputSize,\r
187 IN CONST UINT8 *Ivec,\r
188 OUT UINT8 *OutData\r
a3bcde70
HT		 189 );\r
190\r
a3bcde70
HT		 191/**\r
192 Prototype of Cipher decryption.\r
193 Decrypts cipher message with specified cipher.\r
194\r
195 If Context is NULL, then ASSERT().\r
d1c85a17 196 If InData is NULL, then ASSERT().\r
a3bcde70
HT		 197 If Size of input data is not a multiple of a certaion block size , then ASSERT().\r
198\r
199 @param[in] Context The specified Context.\r
200 @param[in] InData The input ciphertext data to be decrypted.\r
9166f840 201 @param[in] InputSize The InData size.\r
202 @param[in] Ivec Pointer to the Initial Vector data for decryption.\r
a3bcde70 203 @param[out] OutData The resultant decrypted plaintext.\r
a3bcde70
HT		 204\r
205 @retval TRUE Decryption successful.\r
206\r
207**/\r
208typedef\r
209BOOLEAN\r
2e7120cd 210(EFIAPI *CRYPTO_CIPHER_DECRYPT)(\r
9166f840 211 IN VOID *Context,\r
a3bcde70 212 IN CONST UINT8 *InData,\r
9166f840 213 IN UINTN InputSize,\r
214 IN CONST UINT8 *Ivec,\r
215 OUT UINT8 *OutData\r
216 );\r
217\r
218/**\r
219 Prototype of Hash ContextSize.\r
220\r
221 Retrieves the size, in bytes, of the context buffer required for specified hash operations.\r
222\r
223 @return The size, in bytes, of the context buffer required for certain hash operations.\r
224\r
225**/\r
226typedef\r
227UINTN\r
2e7120cd 228(EFIAPI *CRYPTO_HASH_GETCONTEXTSIZE)(\r
9166f840 229 VOID\r
230 );\r
231\r
232/**\r
233 Prototype of Hash Initiate.\r
234\r
235 Initializes user-supplied memory pointed by Context as specified hash context for\r
236 subsequent use.\r
237\r
238 If Context is NULL, then ASSERT().\r
239\r
240 @param[out] Context Pointer to specified context being initialized.\r
241\r
242 @retval TRUE context initialization succeeded.\r
243 @retval FALSE context initialization failed.\r
244\r
245**/\r
246typedef\r
247BOOLEAN\r
2e7120cd 248(EFIAPI *CRYPTO_HASH_INIT)(\r
9166f840 249 OUT VOID *Context\r
250 );\r
251\r
252/**\r
253 Prototype of Hash Update\r
f75a7f56 254\r
9166f840 255 Digests the input data and updates hash context.\r
256\r
257 This function performs digest on a data buffer of the specified size.\r
258 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
d1c85a17 259 Context should be already correctly initialized by HashInit(), and should not be finalized\r
9166f840 260 by HashFinal(). Behavior with invalid context is undefined.\r
261\r
262 If Context is NULL, then ASSERT().\r
263\r
264 @param[in, out] Context Pointer to the specified context.\r
265 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
266 @param[in] DataSize Size of Data buffer in bytes.\r
267\r
268 @retval TRUE data digest succeeded.\r
269 @retval FALSE data digest failed.\r
270\r
271**/\r
272typedef\r
273BOOLEAN\r
2e7120cd 274(EFIAPI *CRYPTO_HASH_UPDATE)(\r
9166f840 275 IN OUT VOID *Context,\r
276 IN CONST VOID *Data,\r
277 IN UINTN DataSize\r
278 );\r
279\r
280/**\r
281 Prototype of Hash Finalization.\r
282\r
283 Completes computation of the digest value.\r
284\r
285 This function completes hash computation and retrieves the digest value into\r
286 the specified memory. After this function has been called, the context cannot\r
287 be used again.\r
d1c85a17 288 context should be already correctly initialized by HashInit(), and should not be\r
9166f840 289 finalized by HashFinal(). Behavior with invalid context is undefined.\r
290\r
291 If Context is NULL, then ASSERT().\r
292 If HashValue is NULL, then ASSERT().\r
293\r
294 @param[in, out] Context Pointer to the specified context.\r
295 @param[out] HashValue Pointer to a buffer that receives the digest\r
296 value.\r
297\r
298 @retval TRUE digest computation succeeded.\r
299 @retval FALSE digest computation failed.\r
300\r
301**/\r
302typedef\r
303BOOLEAN\r
2e7120cd 304(EFIAPI *CRYPTO_HASH_FINAL)(\r
9166f840 305 IN OUT VOID *Context,\r
306 OUT UINT8 *HashValue\r
a3bcde70
HT		 307 );\r
308\r
309//\r
9166f840 310// The struct used to store the information and operation of Block Cipher algorithm.\r
a3bcde70
HT		 311//\r
312typedef struct _ENCRYPT_ALGORITHM {\r
9166f840 313 //\r
314 // The ID of the Algorithm\r
315 //\r
316 UINT8 AlgorithmId;\r
317 //\r
318 // The Key length of the Algorithm\r
319 //\r
320 UINTN KeyLength;\r
321 //\r
322 // Iv Size of the Algorithm\r
323 //\r
324 UINTN IvLength;\r
325 //\r
326 // The Block Size of the Algorithm\r
327 //\r
328 UINTN BlockSize;\r
329 //\r
330 // The Function pointer of GetContextSize.\r
331 //\r
332 CRYPTO_CIPHER_GETCONTEXTSIZE CipherGetContextSize;\r
333 //\r
334 // The Function pointer of Cipher initiation.\r
335 //\r
336 CRYPTO_CIPHER_INIT CipherInitiate;\r
337 //\r
338 // The Function pointer of Cipher Encryption.\r
339 //\r
340 CRYPTO_CIPHER_ENCRYPT CipherEncrypt;\r
341 //\r
d1c85a17 342 // The Function pointer of Cipher Decryption.\r
9166f840 343 //\r
344 CRYPTO_CIPHER_DECRYPT CipherDecrypt;\r
a3bcde70
HT		 345} ENCRYPT_ALGORITHM;\r
346\r
347//\r
d1c85a17 348// The struct used to store the information and operation of Authentication algorithm.\r
a3bcde70
HT		 349//\r
350typedef struct _AUTH_ALGORITHM {\r
351 //\r
352 // ID of the Algorithm\r
353 //\r
354 UINT8 AlgorithmId;\r
355 //\r
356 // The Key length of the Algorithm\r
f75a7f56 357 //\r
9166f840 358 UINTN DigestLength;\r
a3bcde70
HT		 359 //\r
360 // The ICV length of the Algorithm\r
361 //\r
362 UINTN IcvLength;\r
363 //\r
364 // The block size of the Algorithm\r
365 //\r
366 UINTN BlockSize;\r
367 //\r
368 // The function pointer of GetContextSize.\r
369 //\r
9166f840 370 CRYPTO_HMAC_GETCONTEXTSIZE HmacGetContextSize;\r
a3bcde70 371 //\r
9166f840 372 // The function pointer of Initiation\r
a3bcde70 373 //\r
9166f840 374 CRYPTO_HMAC_INIT HmacInitiate;\r
a3bcde70 375 //\r
9166f840 376 // The function pointer of HMAC Update.\r
a3bcde70 377 //\r
9166f840 378 CRYPTO_HMAC_UPDATE HmacUpdate;\r
a3bcde70 379 //\r
9166f840 380 // The fucntion pointer of HMAC Final\r
a3bcde70 381 //\r
9166f840 382 CRYPTO_HMAC_FINAL HmacFinal;\r
a3bcde70
HT		 383} AUTH_ALGORITHM;\r
384\r
9166f840 385//\r
d1c85a17 386// The struct used to store the information and operation of Hash algorithm.\r
9166f840 387//\r
388typedef struct _HASH_ALGORITHM {\r
389 //\r
390 // ID of the Algorithm\r
391 //\r
392 UINT8 AlgorithmId;\r
393 //\r
394 // The Key length of the Algorithm\r
395 //\r
396 UINTN DigestLength;\r
397 //\r
398 // The ICV length of the Algorithm\r
399 //\r
400 UINTN IcvLength;\r
401 //\r
402 // The block size of the Algorithm\r
403 //\r
404 UINTN BlockSize;\r
405 //\r
406 // The function pointer of GetContextSize\r
407 //\r
408 CRYPTO_HASH_GETCONTEXTSIZE HashGetContextSize;\r
409 //\r
410 // The function pointer of Initiation\r
411 //\r
412 CRYPTO_HASH_INIT HashInitiate;\r
413 //\r
414 // The function pointer of Hash Update\r
415 //\r
416 CRYPTO_HASH_UPDATE HashUpdate;\r
417 //\r
418 // The fucntion pointer of Hash Final\r
419 //\r
420 CRYPTO_HASH_FINAL HashFinal;\r
421} HASH_ALGORITHM;\r
422\r
a3bcde70 423/**\r
d1c85a17 424 Get the IV size of specified encryption algorithm.\r
a3bcde70 425\r
9166f840 426 @param[in] AlgorithmId The encryption algorithm ID.\r
a3bcde70
HT		 427\r
428 @return The value of IV size.\r
429\r
430**/\r
431UINTN\r
432IpSecGetEncryptIvLength (\r
433 IN UINT8 AlgorithmId\r
434 );\r
435\r
436/**\r
d1c85a17 437 Get the block size of specified encryption algorithm.\r
a3bcde70 438\r
9166f840 439 @param[in] AlgorithmId The encryption algorithm ID.\r
a3bcde70
HT		 440\r
441 @return The value of block size.\r
442\r
443**/\r
444UINTN\r
445IpSecGetEncryptBlockSize (\r
446 IN UINT8 AlgorithmId\r
447 );\r
448\r
449/**\r
d1c85a17 450 Get the required key length of the specified encryption algorithm.\r
a3bcde70 451\r
9166f840 452 @param[in] AlgorithmId The encryption algorithm ID.\r
453\r
454 @return The value of key length.\r
455\r
456**/\r
457UINTN\r
458IpSecGetEncryptKeyLength (\r
459 IN UINT8 AlgorithmId\r
460 );\r
461\r
462/**\r
d1c85a17 463 Get the ICV size of the specified Authentication algorithm.\r
9166f840 464\r
465 @param[in] AlgorithmId The Authentication algorithm ID.\r
a3bcde70
HT		 466\r
467 @return The value of ICV size.\r
468\r
469**/\r
470UINTN\r
471IpSecGetIcvLength (\r
9166f840 472 IN UINT8 AlgorithmId\r
473 );\r
474\r
475/**\r
476 Get the HMAC digest length by the specified Algorithm ID.\r
477\r
d1c85a17 478 @param[in] AlgorithmId The specified Algorithm ID.\r
9166f840 479\r
480 @return The digest length of the specified Authentication Algorithm ID.\r
481\r
482**/\r
483UINTN\r
484IpSecGetHmacDigestLength (\r
485 IN UINT8 AlgorithmId\r
a3bcde70
HT		 486 );\r
487\r
488/**\r
489 Generate a random data for IV. If the IvSize is zero, not needed to create\r
490 IV and return EFI_SUCCESS.\r
491\r
492 @param[in] IvBuffer The pointer of the IV buffer.\r
9166f840 493 @param[in] IvSize The IV size in bytes.\r
a3bcde70
HT		 494\r
495 @retval EFI_SUCCESS Create random data for IV.\r
496\r
497**/\r
498EFI_STATUS\r
499IpSecGenerateIv (\r
500 IN UINT8 *IvBuffer,\r
501 IN UINTN IvSize\r
502 );\r
503\r
9166f840 504/**\r
505 Encrypt the buffer.\r
506\r
507 This function calls relevant encryption interface from CryptoLib according to\r
d1c85a17 508 the input algorithm ID. The InData should be multiple of block size. This function\r
9166f840 509 doesn't perform the padding. If it has the Ivec data, the length of it should be\r
510 same with the block size. The block size is different from the different algorithm.\r
511\r
d1c85a17 512 @param[in] AlgorithmId The Algorithm identification defined in RFC.\r
9166f840 513 @param[in] Key Pointer to the buffer containing encrypting key.\r
76389e18 514 @param[in] KeyBits The length of the key in bits.\r
d1c85a17 515 @param[in] Ivec Point to the buffer containing the Initialization\r
9166f840 516 Vector (IV) data.\r
517 @param[in] InData Point to the buffer containing the data to be\r
518 encrypted.\r
519 @param[in] InDataLength The length of InData in Bytes.\r
520 @param[out] OutData Point to the buffer that receives the encryption\r
521 output.\r
522\r
523 @retval EFI_UNSUPPORTED The input Algorithm is not supported.\r
524 @retval EFI_OUT_OF_RESOURCE The required resource can't be allocated.\r
525 @retval EFI_SUCCESS The operation completed successfully.\r
526\r
527**/\r
528EFI_STATUS\r
529IpSecCryptoIoEncrypt (\r
530 IN CONST UINT8 AlgorithmId,\r
531 IN CONST UINT8 *Key,\r
532 IN CONST UINTN KeyBits,\r
533 IN CONST UINT8 *Ivec, OPTIONAL\r
534 IN UINT8 *InData,\r
535 IN UINTN InDataLength,\r
536 OUT UINT8 *OutData\r
537 );\r
538\r
539/**\r
540 Decrypts the buffer.\r
541\r
542 This function calls relevant Decryption interface from CryptoLib according to\r
d1c85a17 543 the input algorithm ID. The InData should be multiple of block size. This function\r
9166f840 544 doesn't perform the padding. If it has the Ivec data, the length of it should be\r
545 same with the block size. The block size is different from the different algorithm.\r
546\r
d1c85a17 547 @param[in] AlgorithmId The Algorithm identification defined in RFC.\r
9166f840 548 @param[in] Key Pointer to the buffer containing encrypting key.\r
76389e18 549 @param[in] KeyBits The length of the key in bits.\r
d1c85a17 550 @param[in] Ivec Point to the buffer containing the Initialization\r
9166f840 551 Vector (IV) data.\r
552 @param[in] InData Point to the buffer containing the data to be\r
76389e18 553 decrypted.\r
9166f840 554 @param[in] InDataLength The length of InData in Bytes.\r
555 @param[out] OutData Pointer to the buffer that receives the decryption\r
556 output.\r
557\r
558 @retval EFI_UNSUPPORTED The input Algorithm is not supported.\r
559 @retval EFI_OUT_OF_RESOURCE The required resource can't be allocated.\r
560 @retval EFI_SUCCESS The operation completed successfully.\r
561\r
562**/\r
563EFI_STATUS\r
564IpSecCryptoIoDecrypt (\r
565 IN CONST UINT8 AlgorithmId,\r
566 IN CONST UINT8 *Key,\r
567 IN CONST UINTN KeyBits,\r
568 IN CONST UINT8 *Ivec, OPTIONAL\r
569 IN UINT8 *InData,\r
570 IN UINTN InDataLength,\r
571 OUT UINT8 *OutData\r
572 );\r
573\r
574/**\r
575 Digests the Payload with key and store the result into the OutData.\r
576\r
577 This function calls relevant Hmac interface from CryptoLib according to\r
d1c85a17 578 the input algorithm ID. It computes all datas from InDataFragment and output\r
9166f840 579 the result into the OutData buffer. If the OutDataSize is larger than the related\r
d1c85a17 580 HMAC algorithm output size, return EFI_INVALID_PARAMETER.\r
f75a7f56 581\r
9166f840 582 @param[in] AlgorithmId The authentication Identification.\r
583 @param[in] Key Pointer of the authentication key.\r
584 @param[in] KeyLength The length of the Key in bytes.\r
585 @param[in] InDataFragment The list contains all data to be authenticated.\r
586 @param[in] FragmentCount The size of the InDataFragment.\r
587 @param[out] OutData For in, the buffer to receive the output data.\r
588 For out, the buffer contains the authenticated data.\r
589 @param[in] OutDataSize The size of the buffer of OutData.\r
590\r
591 @retval EFI_UNSUPPORTED If the AuthAlg is not in the support list.\r
592 @retval EFI_INVALID_PARAMETER The OutData buffer size is larger than algorithm digest size.\r
593 @retval EFI_SUCCESS Authenticate the payload successfully.\r
594 @retval otherwise Authentication of the payload fails.\r
595\r
596**/\r
597EFI_STATUS\r
598IpSecCryptoIoHmac (\r
599 IN CONST UINT8 AlgorithmId,\r
600 IN CONST UINT8 *Key,\r
601 IN UINTN KeyLength,\r
602 IN HASH_DATA_FRAGMENT *InDataFragment,\r
603 IN UINTN FragmentCount,\r
604 OUT UINT8 *OutData,\r
605 IN UINTN OutDataSize\r
606 );\r
607\r
608/**\r
609 Digests the Payload and store the result into the OutData.\r
610\r
611 This function calls relevant Hash interface from CryptoLib according to\r
d1c85a17 612 the input algorithm ID. It computes all datas from InDataFragment and output\r
9166f840 613 the result into the OutData buffer. If the OutDataSize is larger than the related\r
d1c85a17 614 Hash algorithm output size, return EFI_INVALID_PARAMETER.\r
9166f840 615\r
616 @param[in] AlgorithmId The authentication Identification.\r
617 @param[in] InDataFragment A list contains all data to be authenticated.\r
618 @param[in] FragmentCount The size of the InDataFragment.\r
619 @param[out] OutData For in, the buffer to receive the output data.\r
620 For out, the buffer contains the authenticated data.\r
621 @param[in] OutDataSize The size of the buffer of OutData.\r
622\r
623 @retval EFI_UNSUPPORTED If the AuthAlg is not in the support list.\r
624 @retval EFI_SUCCESS Authenticated the payload successfully.\r
625 @retval EFI_INVALID_PARAMETER If the OutDataSize is larger than the related Hash\r
626 algorithm could handle.\r
627 @retval otherwise Authentication of the payload failed.\r
628\r
629**/\r
630EFI_STATUS\r
631IpSecCryptoIoHash (\r
632 IN CONST UINT8 AlgorithmId,\r
633 IN HASH_DATA_FRAGMENT *InDataFragment,\r
634 IN UINTN FragmentCount,\r
635 OUT UINT8 *OutData,\r
636 IN UINTN OutDataSize\r
637 );\r
638\r
639/**\r
640 Generates the Diffie-Hellman public key.\r
641\r
642 This function first initiate a DHContext, then call the DhSetParameter() to set\r
d1c85a17 643 the prime and primelength, at end call the DhGenerateKey() to generates random\r
9166f840 644 secret exponent, and computes the public key. The output returned via parameter\r
645 PublicKey and PublicKeySize. DH context is updated accordingly. If the PublicKey\r
646 buffer is too small to hold the public key, EFI_INVALID_PARAMETER is returned\r
647 and PublicKeySize is set to the required buffer size to obtain the public key.\r
648\r
649 @param[in, out] DhContext Pointer to the DH context.\r
d1c85a17 650 @param[in] Generator Value of generator.\r
9166f840 651 @param[in] PrimeLength Length in bits of prime to be generated.\r
652 @param[in] Prime Pointer to the buffer to receive the generated\r
653 prime number.\r
654 @param[out] PublicKey Pointer to the buffer to receive generated public key.\r
655 @param[in, out] PublicKeySize For in, the size of PublicKey buffer in bytes.\r
656 For out, the size of data returned in PublicKey\r
657 buffer in bytes.\r
658\r
d1c85a17 659 @retval EFI_SUCCESS The operation performs successfully.\r
9166f840 660 @retval Otherwise The operation is failed.\r
661\r
662**/\r
663EFI_STATUS\r
664IpSecCryptoIoDhGetPublicKey (\r
665 IN OUT UINT8 **DhContext,\r
666 IN UINTN Generator,\r
667 IN UINTN PrimeLength,\r
668 IN CONST UINT8 *Prime,\r
669 OUT UINT8 *PublicKey,\r
670 IN OUT UINTN *PublicKeySize\r
671 );\r
672\r
673/**\r
674 Generates exchanged common key.\r
675\r
676 Given peer's public key, this function computes the exchanged common key, based\r
677 on its own context including value of prime modulus and random secret exponent.\r
678\r
679 @param[in, out] DhContext Pointer to the DH context.\r
680 @param[in] PeerPublicKey Pointer to the peer's Public Key.\r
681 @param[in] PeerPublicKeySize Size of peer's public key in bytes.\r
682 @param[out] Key Pointer to the buffer to receive generated key.\r
683 @param[in, out] KeySize For in, the size of Key buffer in bytes.\r
684 For out, the size of data returned in Key\r
685 buffer in bytes.\r
686\r
d1c85a17 687 @retval EFI_SUCCESS The operation performs successfully.\r
9166f840 688 @retval Otherwise The operation is failed.\r
689\r
690**/\r
691EFI_STATUS\r
692IpSecCryptoIoDhComputeKey (\r
693 IN OUT UINT8 *DhContext,\r
694 IN CONST UINT8 *PeerPublicKey,\r
695 IN UINTN PeerPublicKeySize,\r
696 OUT UINT8 *Key,\r
697 IN OUT UINTN *KeySize\r
698 );\r
699\r
700/**\r
701 Releases the DH context. If DhContext is NULL, return EFI_INVALID_PARAMETER.\r
702\r
703 @param[in, out] DhContext Pointer to the DH context to be freed.\r
704\r
d1c85a17 705 @retval EFI_SUCCESS The operation performs successfully.\r
9166f840 706 @retval EFI_INVALID_PARAMETER The DhContext is NULL.\r
f75a7f56 707\r
9166f840 708**/\r
709EFI_STATUS\r
710IpSecCryptoIoFreeDh (\r
711 IN OUT UINT8 **DhContext\r
712 );\r
713\r
714/**\r
715 Generates random numbers of specified size.\r
716\r
717 If the Random Generator wasn't initiated, initiate it first, then call RandomBytes.\r
718\r
719 @param[out] OutBuffer Pointer to buffer to receive random value.\r
d1c85a17 720 @param[in] Bytes Size of random bytes to generate.\r
9166f840 721\r
d1c85a17 722 @retval EFI_SUCCESS The operation performs successfully.\r
9166f840 723 @retval Otherwise The operation is failed.\r
724\r
725**/\r
726EFI_STATUS\r
727IpSecCryptoIoGenerateRandomBytes (\r
728 OUT UINT8* OutBuffer,\r
729 IN UINTN Bytes\r
730 );\r
731\r
732/**\r
733 Authenticate data with the certificate.\r
734\r
735 @param[in] InData Pointer to the Data to be signed.\r
736 @param[in] InDataSize InData size in bytes.\r
737 @param[in] PrivateKey Pointer to the private key.\r
738 @param[in] PrivateKeySize The size of Private Key in bytes.\r
739 @param[in] KeyPassWord Pointer to the password for retrieving private key.\r
740 @param[in] KeyPwdSize The size of Key Password in bytes.\r
741 @param[out] OutData The pointer to the signed data.\r
742 @param[in, out] OutDataSize Pointer to contain the size of out data.\r
f75a7f56 743\r
9166f840 744**/\r
745VOID\r
746IpSecCryptoIoAuthDataWithCertificate (\r
747 IN UINT8 *InData,\r
748 IN UINTN InDataSize,\r
749 IN UINT8 *PrivateKey,\r
750 IN UINTN PrivateKeySize,\r
751 IN UINT8 *KeyPassWord,\r
752 IN UINTN KeyPwdSize,\r
753 OUT UINT8 **OutData,\r
754 IN OUT UINTN *OutDataSize\r
755 );\r
756\r
757/**\r
758 Verify the singed data with the public key which is contained in a certificate.\r
759\r
760 @param[in] InCert Pointer to the Certificate which contains the\r
761 public key.\r
76389e18 762 @param[in] CertLen The size of Certificate in bytes.\r
9166f840 763 @param[in] InCa Pointer to the CA certificate\r
764 @param[in] CaLen The size of CA certificate in bytes.\r
d1c85a17 765 @param[in] InData Pointer to octet message hash to be checked.\r
9166f840 766 @param[in] InDataSize Size of the message hash in bytes.\r
d1c85a17 767 @param[in] Singnature The pointer to the RSA PKCS1-V1_5 signature to be verified.\r
9166f840 768 @param[in] SigSize Size of signature in bytes.\r
769\r
770 @retval TRUE Valid signature encoded in PKCS1-v1_5.\r
771 @retval FALSE Invalid signature or invalid RSA context.\r
f75a7f56 772\r
9166f840 773**/\r
774BOOLEAN\r
775IpSecCryptoIoVerifySignDataByCertificate (\r
776 IN UINT8 *InCert,\r
777 IN UINTN CertLen,\r
778 IN UINT8 *InCa,\r
779 IN UINTN CaLen,\r
780 IN UINT8 *InData,\r
781 IN UINTN InDataSize,\r
782 IN UINT8 *Singnature,\r
783 IN UINTN SigSize\r
784 );\r
785\r
786/**\r
787 Retrieves the RSA Public Key from one X509 certificate (DER format only).\r
788\r
789 @param[in] InCert Pointer to the certificate.\r
790 @param[in] CertLen The size of the certificate in bytes.\r
791 @param[out] PublicKey Pointer to the retrieved public key.\r
792 @param[out] PublicKeyLen Size of Public Key in bytes.\r
793\r
794 @retval EFI_SUCCESS Successfully get the public Key.\r
795 @retval EFI_INVALID_PARAMETER The CA certificate is malformed.\r
796\r
797**/\r
798EFI_STATUS\r
799IpSecCryptoIoGetPublicKeyFromCert (\r
800 IN UINT8 *InCert,\r
801 IN UINTN CertLen,\r
802 OUT UINT8 **PublicKey,\r
803 OUT UINTN *PublicKeyLen\r
804 );\r
805\r
806/**\r
807 Retrieves the subject name from one X509 certificate (DER format only).\r
808\r
809 @param[in] InCert Pointer to the X509 certificate.\r
810 @param[in] CertSize The size of the X509 certificate in bytes.\r
811 @param[out] CertSubject Pointer to the retrieved certificate subject.\r
812 @param[out] SubjectSize The size of Certificate Subject in bytes.\r
f75a7f56 813\r
9166f840 814 @retval EFI_SUCCESS Retrieved the certificate subject successfully.\r
815 @retval EFI_INVALID_PARAMETER The certificate is malformed.\r
f75a7f56 816\r
9166f840 817**/\r
818EFI_STATUS\r
819IpSecCryptoIoGetSubjectFromCert (\r
820 IN UINT8 *InCert,\r
821 IN UINTN CertSize,\r
822 OUT UINT8 **CertSubject,\r
823 OUT UINTN *SubjectSize\r
824 );\r
825\r
a3bcde70
HT		 826#endif\r
827\r
EFI Development Kit II mirror for PVE