]> git.proxmox.com Git - mirror_edk2.git/blame_incremental - CryptoPkg/Include/Library/BaseCryptLib.h
projects / mirror_edk2.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
MdeModulePkg/BootLogoLib: Remove invalid if judgments
[mirror_edk2.git] / CryptoPkg / Include / Library / BaseCryptLib.h
... / ...
CommitLineData
1/** @file\r
2 Defines base cryptographic library APIs.\r
3 The Base Cryptographic Library provides implementations of basic cryptography\r
4 primitives (Hash Serials, HMAC, RSA, Diffie-Hellman, etc) for UEFI security\r
5 functionality enabling.\r
6\r
7Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>\r
8This program and the accompanying materials\r
9are licensed and made available under the terms and conditions of the BSD License\r
10which accompanies this distribution. The full text of the license may be found at\r
11http://opensource.org/licenses/bsd-license.php\r
12\r
13THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
14WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
15\r
16**/\r
17\r
18#ifndef __BASE_CRYPT_LIB_H__\r
19#define __BASE_CRYPT_LIB_H__\r
20\r
21#include <Uefi/UefiBaseType.h>\r
22\r
23///\r
24/// MD4 digest size in bytes\r
25///\r
26#define MD4_DIGEST_SIZE 16\r
27\r
28///\r
29/// MD5 digest size in bytes\r
30///\r
31#define MD5_DIGEST_SIZE 16\r
32\r
33///\r
34/// SHA-1 digest size in bytes.\r
35///\r
36#define SHA1_DIGEST_SIZE 20\r
37\r
38///\r
39/// SHA-256 digest size in bytes\r
40///\r
41#define SHA256_DIGEST_SIZE 32\r
42\r
43///\r
44/// SHA-384 digest size in bytes\r
45///\r
46#define SHA384_DIGEST_SIZE 48\r
47\r
48///\r
49/// SHA-512 digest size in bytes\r
50///\r
51#define SHA512_DIGEST_SIZE 64\r
52\r
53///\r
54/// TDES block size in bytes\r
55///\r
56#define TDES_BLOCK_SIZE 8\r
57\r
58///\r
59/// AES block size in bytes\r
60///\r
61#define AES_BLOCK_SIZE 16\r
62\r
63///\r
64/// RSA Key Tags Definition used in RsaSetKey() function for key component identification.\r
65///\r
66typedef enum {\r
67 RsaKeyN, ///< RSA public Modulus (N)\r
68 RsaKeyE, ///< RSA Public exponent (e)\r
69 RsaKeyD, ///< RSA Private exponent (d)\r
70 RsaKeyP, ///< RSA secret prime factor of Modulus (p)\r
71 RsaKeyQ, ///< RSA secret prime factor of Modules (q)\r
72 RsaKeyDp, ///< p's CRT exponent (== d mod (p - 1))\r
73 RsaKeyDq, ///< q's CRT exponent (== d mod (q - 1))\r
74 RsaKeyQInv ///< The CRT coefficient (== 1/q mod p)\r
75} RSA_KEY_TAG;\r
76\r
77//=====================================================================================\r
78// One-Way Cryptographic Hash Primitives\r
79//=====================================================================================\r
80\r
81/**\r
82 Retrieves the size, in bytes, of the context buffer required for MD4 hash operations.\r
83\r
84 If this interface is not supported, then return zero.\r
85\r
86 @return The size, in bytes, of the context buffer required for MD4 hash operations.\r
87 @retval 0 This interface is not supported.\r
88\r
89**/\r
90UINTN\r
91EFIAPI\r
92Md4GetContextSize (\r
93 VOID\r
94 );\r
95\r
96/**\r
97 Initializes user-supplied memory pointed by Md4Context as MD4 hash context for\r
98 subsequent use.\r
99\r
100 If Md4Context is NULL, then return FALSE.\r
101 If this interface is not supported, then return FALSE.\r
102\r
103 @param[out] Md4Context Pointer to MD4 context being initialized.\r
104\r
105 @retval TRUE MD4 context initialization succeeded.\r
106 @retval FALSE MD4 context initialization failed.\r
107 @retval FALSE This interface is not supported.\r
108\r
109**/\r
110BOOLEAN\r
111EFIAPI\r
112Md4Init (\r
113 OUT VOID *Md4Context\r
114 );\r
115\r
116/**\r
117 Makes a copy of an existing MD4 context.\r
118\r
119 If Md4Context is NULL, then return FALSE.\r
120 If NewMd4Context is NULL, then return FALSE.\r
121 If this interface is not supported, then return FALSE.\r
122\r
123 @param[in] Md4Context Pointer to MD4 context being copied.\r
124 @param[out] NewMd4Context Pointer to new MD4 context.\r
125\r
126 @retval TRUE MD4 context copy succeeded.\r
127 @retval FALSE MD4 context copy failed.\r
128 @retval FALSE This interface is not supported.\r
129\r
130**/\r
131BOOLEAN\r
132EFIAPI\r
133Md4Duplicate (\r
134 IN CONST VOID *Md4Context,\r
135 OUT VOID *NewMd4Context\r
136 );\r
137\r
138/**\r
139 Digests the input data and updates MD4 context.\r
140\r
141 This function performs MD4 digest on a data buffer of the specified size.\r
142 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
143 MD4 context should be already correctly initialized by Md4Init(), and should not be finalized\r
144 by Md4Final(). Behavior with invalid context is undefined.\r
145\r
146 If Md4Context is NULL, then return FALSE.\r
147 If this interface is not supported, then return FALSE.\r
148\r
149 @param[in, out] Md4Context Pointer to the MD4 context.\r
150 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
151 @param[in] DataSize Size of Data buffer in bytes.\r
152\r
153 @retval TRUE MD4 data digest succeeded.\r
154 @retval FALSE MD4 data digest failed.\r
155 @retval FALSE This interface is not supported.\r
156\r
157**/\r
158BOOLEAN\r
159EFIAPI\r
160Md4Update (\r
161 IN OUT VOID *Md4Context,\r
162 IN CONST VOID *Data,\r
163 IN UINTN DataSize\r
164 );\r
165\r
166/**\r
167 Completes computation of the MD4 digest value.\r
168\r
169 This function completes MD4 hash computation and retrieves the digest value into\r
170 the specified memory. After this function has been called, the MD4 context cannot\r
171 be used again.\r
172 MD4 context should be already correctly initialized by Md4Init(), and should not be\r
173 finalized by Md4Final(). Behavior with invalid MD4 context is undefined.\r
174\r
175 If Md4Context is NULL, then return FALSE.\r
176 If HashValue is NULL, then return FALSE.\r
177 If this interface is not supported, then return FALSE.\r
178\r
179 @param[in, out] Md4Context Pointer to the MD4 context.\r
180 @param[out] HashValue Pointer to a buffer that receives the MD4 digest\r
181 value (16 bytes).\r
182\r
183 @retval TRUE MD4 digest computation succeeded.\r
184 @retval FALSE MD4 digest computation failed.\r
185 @retval FALSE This interface is not supported.\r
186\r
187**/\r
188BOOLEAN\r
189EFIAPI\r
190Md4Final (\r
191 IN OUT VOID *Md4Context,\r
192 OUT UINT8 *HashValue\r
193 );\r
194\r
195/**\r
196 Computes the MD4 message digest of a input data buffer.\r
197\r
198 This function performs the MD4 message digest of a given data buffer, and places\r
199 the digest value into the specified memory.\r
200\r
201 If this interface is not supported, then return FALSE.\r
202\r
203 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
204 @param[in] DataSize Size of Data buffer in bytes.\r
205 @param[out] HashValue Pointer to a buffer that receives the MD4 digest\r
206 value (16 bytes).\r
207\r
208 @retval TRUE MD4 digest computation succeeded.\r
209 @retval FALSE MD4 digest computation failed.\r
210 @retval FALSE This interface is not supported.\r
211\r
212**/\r
213BOOLEAN\r
214EFIAPI\r
215Md4HashAll (\r
216 IN CONST VOID *Data,\r
217 IN UINTN DataSize,\r
218 OUT UINT8 *HashValue\r
219 );\r
220\r
221/**\r
222 Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.\r
223\r
224 If this interface is not supported, then return zero.\r
225\r
226 @return The size, in bytes, of the context buffer required for MD5 hash operations.\r
227 @retval 0 This interface is not supported.\r
228\r
229**/\r
230UINTN\r
231EFIAPI\r
232Md5GetContextSize (\r
233 VOID\r
234 );\r
235\r
236/**\r
237 Initializes user-supplied memory pointed by Md5Context as MD5 hash context for\r
238 subsequent use.\r
239\r
240 If Md5Context is NULL, then return FALSE.\r
241 If this interface is not supported, then return FALSE.\r
242\r
243 @param[out] Md5Context Pointer to MD5 context being initialized.\r
244\r
245 @retval TRUE MD5 context initialization succeeded.\r
246 @retval FALSE MD5 context initialization failed.\r
247 @retval FALSE This interface is not supported.\r
248\r
249**/\r
250BOOLEAN\r
251EFIAPI\r
252Md5Init (\r
253 OUT VOID *Md5Context\r
254 );\r
255\r
256/**\r
257 Makes a copy of an existing MD5 context.\r
258\r
259 If Md5Context is NULL, then return FALSE.\r
260 If NewMd5Context is NULL, then return FALSE.\r
261 If this interface is not supported, then return FALSE.\r
262\r
263 @param[in] Md5Context Pointer to MD5 context being copied.\r
264 @param[out] NewMd5Context Pointer to new MD5 context.\r
265\r
266 @retval TRUE MD5 context copy succeeded.\r
267 @retval FALSE MD5 context copy failed.\r
268 @retval FALSE This interface is not supported.\r
269\r
270**/\r
271BOOLEAN\r
272EFIAPI\r
273Md5Duplicate (\r
274 IN CONST VOID *Md5Context,\r
275 OUT VOID *NewMd5Context\r
276 );\r
277\r
278/**\r
279 Digests the input data and updates MD5 context.\r
280\r
281 This function performs MD5 digest on a data buffer of the specified size.\r
282 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
283 MD5 context should be already correctly initialized by Md5Init(), and should not be finalized\r
284 by Md5Final(). Behavior with invalid context is undefined.\r
285\r
286 If Md5Context is NULL, then return FALSE.\r
287 If this interface is not supported, then return FALSE.\r
288\r
289 @param[in, out] Md5Context Pointer to the MD5 context.\r
290 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
291 @param[in] DataSize Size of Data buffer in bytes.\r
292\r
293 @retval TRUE MD5 data digest succeeded.\r
294 @retval FALSE MD5 data digest failed.\r
295 @retval FALSE This interface is not supported.\r
296\r
297**/\r
298BOOLEAN\r
299EFIAPI\r
300Md5Update (\r
301 IN OUT VOID *Md5Context,\r
302 IN CONST VOID *Data,\r
303 IN UINTN DataSize\r
304 );\r
305\r
306/**\r
307 Completes computation of the MD5 digest value.\r
308\r
309 This function completes MD5 hash computation and retrieves the digest value into\r
310 the specified memory. After this function has been called, the MD5 context cannot\r
311 be used again.\r
312 MD5 context should be already correctly initialized by Md5Init(), and should not be\r
313 finalized by Md5Final(). Behavior with invalid MD5 context is undefined.\r
314\r
315 If Md5Context is NULL, then return FALSE.\r
316 If HashValue is NULL, then return FALSE.\r
317 If this interface is not supported, then return FALSE.\r
318\r
319 @param[in, out] Md5Context Pointer to the MD5 context.\r
320 @param[out] HashValue Pointer to a buffer that receives the MD5 digest\r
321 value (16 bytes).\r
322\r
323 @retval TRUE MD5 digest computation succeeded.\r
324 @retval FALSE MD5 digest computation failed.\r
325 @retval FALSE This interface is not supported.\r
326\r
327**/\r
328BOOLEAN\r
329EFIAPI\r
330Md5Final (\r
331 IN OUT VOID *Md5Context,\r
332 OUT UINT8 *HashValue\r
333 );\r
334\r
335/**\r
336 Computes the MD5 message digest of a input data buffer.\r
337\r
338 This function performs the MD5 message digest of a given data buffer, and places\r
339 the digest value into the specified memory.\r
340\r
341 If this interface is not supported, then return FALSE.\r
342\r
343 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
344 @param[in] DataSize Size of Data buffer in bytes.\r
345 @param[out] HashValue Pointer to a buffer that receives the MD5 digest\r
346 value (16 bytes).\r
347\r
348 @retval TRUE MD5 digest computation succeeded.\r
349 @retval FALSE MD5 digest computation failed.\r
350 @retval FALSE This interface is not supported.\r
351\r
352**/\r
353BOOLEAN\r
354EFIAPI\r
355Md5HashAll (\r
356 IN CONST VOID *Data,\r
357 IN UINTN DataSize,\r
358 OUT UINT8 *HashValue\r
359 );\r
360\r
361/**\r
362 Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations.\r
363\r
364 If this interface is not supported, then return zero.\r
365\r
366 @return The size, in bytes, of the context buffer required for SHA-1 hash operations.\r
367 @retval 0 This interface is not supported.\r
368\r
369**/\r
370UINTN\r
371EFIAPI\r
372Sha1GetContextSize (\r
373 VOID\r
374 );\r
375\r
376/**\r
377 Initializes user-supplied memory pointed by Sha1Context as SHA-1 hash context for\r
378 subsequent use.\r
379\r
380 If Sha1Context is NULL, then return FALSE.\r
381 If this interface is not supported, then return FALSE.\r
382\r
383 @param[out] Sha1Context Pointer to SHA-1 context being initialized.\r
384\r
385 @retval TRUE SHA-1 context initialization succeeded.\r
386 @retval FALSE SHA-1 context initialization failed.\r
387 @retval FALSE This interface is not supported.\r
388\r
389**/\r
390BOOLEAN\r
391EFIAPI\r
392Sha1Init (\r
393 OUT VOID *Sha1Context\r
394 );\r
395\r
396/**\r
397 Makes a copy of an existing SHA-1 context.\r
398\r
399 If Sha1Context is NULL, then return FALSE.\r
400 If NewSha1Context is NULL, then return FALSE.\r
401 If this interface is not supported, then return FALSE.\r
402\r
403 @param[in] Sha1Context Pointer to SHA-1 context being copied.\r
404 @param[out] NewSha1Context Pointer to new SHA-1 context.\r
405\r
406 @retval TRUE SHA-1 context copy succeeded.\r
407 @retval FALSE SHA-1 context copy failed.\r
408 @retval FALSE This interface is not supported.\r
409\r
410**/\r
411BOOLEAN\r
412EFIAPI\r
413Sha1Duplicate (\r
414 IN CONST VOID *Sha1Context,\r
415 OUT VOID *NewSha1Context\r
416 );\r
417\r
418/**\r
419 Digests the input data and updates SHA-1 context.\r
420\r
421 This function performs SHA-1 digest on a data buffer of the specified size.\r
422 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
423 SHA-1 context should be already correctly initialized by Sha1Init(), and should not be finalized\r
424 by Sha1Final(). Behavior with invalid context is undefined.\r
425\r
426 If Sha1Context is NULL, then return FALSE.\r
427 If this interface is not supported, then return FALSE.\r
428\r
429 @param[in, out] Sha1Context Pointer to the SHA-1 context.\r
430 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
431 @param[in] DataSize Size of Data buffer in bytes.\r
432\r
433 @retval TRUE SHA-1 data digest succeeded.\r
434 @retval FALSE SHA-1 data digest failed.\r
435 @retval FALSE This interface is not supported.\r
436\r
437**/\r
438BOOLEAN\r
439EFIAPI\r
440Sha1Update (\r
441 IN OUT VOID *Sha1Context,\r
442 IN CONST VOID *Data,\r
443 IN UINTN DataSize\r
444 );\r
445\r
446/**\r
447 Completes computation of the SHA-1 digest value.\r
448\r
449 This function completes SHA-1 hash computation and retrieves the digest value into\r
450 the specified memory. After this function has been called, the SHA-1 context cannot\r
451 be used again.\r
452 SHA-1 context should be already correctly initialized by Sha1Init(), and should not be\r
453 finalized by Sha1Final(). Behavior with invalid SHA-1 context is undefined.\r
454\r
455 If Sha1Context is NULL, then return FALSE.\r
456 If HashValue is NULL, then return FALSE.\r
457 If this interface is not supported, then return FALSE.\r
458\r
459 @param[in, out] Sha1Context Pointer to the SHA-1 context.\r
460 @param[out] HashValue Pointer to a buffer that receives the SHA-1 digest\r
461 value (20 bytes).\r
462\r
463 @retval TRUE SHA-1 digest computation succeeded.\r
464 @retval FALSE SHA-1 digest computation failed.\r
465 @retval FALSE This interface is not supported.\r
466\r
467**/\r
468BOOLEAN\r
469EFIAPI\r
470Sha1Final (\r
471 IN OUT VOID *Sha1Context,\r
472 OUT UINT8 *HashValue\r
473 );\r
474\r
475/**\r
476 Computes the SHA-1 message digest of a input data buffer.\r
477\r
478 This function performs the SHA-1 message digest of a given data buffer, and places\r
479 the digest value into the specified memory.\r
480\r
481 If this interface is not supported, then return FALSE.\r
482\r
483 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
484 @param[in] DataSize Size of Data buffer in bytes.\r
485 @param[out] HashValue Pointer to a buffer that receives the SHA-1 digest\r
486 value (20 bytes).\r
487\r
488 @retval TRUE SHA-1 digest computation succeeded.\r
489 @retval FALSE SHA-1 digest computation failed.\r
490 @retval FALSE This interface is not supported.\r
491\r
492**/\r
493BOOLEAN\r
494EFIAPI\r
495Sha1HashAll (\r
496 IN CONST VOID *Data,\r
497 IN UINTN DataSize,\r
498 OUT UINT8 *HashValue\r
499 );\r
500\r
501/**\r
502 Retrieves the size, in bytes, of the context buffer required for SHA-256 hash operations.\r
503\r
504 @return The size, in bytes, of the context buffer required for SHA-256 hash operations.\r
505\r
506**/\r
507UINTN\r
508EFIAPI\r
509Sha256GetContextSize (\r
510 VOID\r
511 );\r
512\r
513/**\r
514 Initializes user-supplied memory pointed by Sha256Context as SHA-256 hash context for\r
515 subsequent use.\r
516\r
517 If Sha256Context is NULL, then return FALSE.\r
518\r
519 @param[out] Sha256Context Pointer to SHA-256 context being initialized.\r
520\r
521 @retval TRUE SHA-256 context initialization succeeded.\r
522 @retval FALSE SHA-256 context initialization failed.\r
523\r
524**/\r
525BOOLEAN\r
526EFIAPI\r
527Sha256Init (\r
528 OUT VOID *Sha256Context\r
529 );\r
530\r
531/**\r
532 Makes a copy of an existing SHA-256 context.\r
533\r
534 If Sha256Context is NULL, then return FALSE.\r
535 If NewSha256Context is NULL, then return FALSE.\r
536 If this interface is not supported, then return FALSE.\r
537\r
538 @param[in] Sha256Context Pointer to SHA-256 context being copied.\r
539 @param[out] NewSha256Context Pointer to new SHA-256 context.\r
540\r
541 @retval TRUE SHA-256 context copy succeeded.\r
542 @retval FALSE SHA-256 context copy failed.\r
543 @retval FALSE This interface is not supported.\r
544\r
545**/\r
546BOOLEAN\r
547EFIAPI\r
548Sha256Duplicate (\r
549 IN CONST VOID *Sha256Context,\r
550 OUT VOID *NewSha256Context\r
551 );\r
552\r
553/**\r
554 Digests the input data and updates SHA-256 context.\r
555\r
556 This function performs SHA-256 digest on a data buffer of the specified size.\r
557 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
558 SHA-256 context should be already correctly initialized by Sha256Init(), and should not be finalized\r
559 by Sha256Final(). Behavior with invalid context is undefined.\r
560\r
561 If Sha256Context is NULL, then return FALSE.\r
562\r
563 @param[in, out] Sha256Context Pointer to the SHA-256 context.\r
564 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
565 @param[in] DataSize Size of Data buffer in bytes.\r
566\r
567 @retval TRUE SHA-256 data digest succeeded.\r
568 @retval FALSE SHA-256 data digest failed.\r
569\r
570**/\r
571BOOLEAN\r
572EFIAPI\r
573Sha256Update (\r
574 IN OUT VOID *Sha256Context,\r
575 IN CONST VOID *Data,\r
576 IN UINTN DataSize\r
577 );\r
578\r
579/**\r
580 Completes computation of the SHA-256 digest value.\r
581\r
582 This function completes SHA-256 hash computation and retrieves the digest value into\r
583 the specified memory. After this function has been called, the SHA-256 context cannot\r
584 be used again.\r
585 SHA-256 context should be already correctly initialized by Sha256Init(), and should not be\r
586 finalized by Sha256Final(). Behavior with invalid SHA-256 context is undefined.\r
587\r
588 If Sha256Context is NULL, then return FALSE.\r
589 If HashValue is NULL, then return FALSE.\r
590\r
591 @param[in, out] Sha256Context Pointer to the SHA-256 context.\r
592 @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest\r
593 value (32 bytes).\r
594\r
595 @retval TRUE SHA-256 digest computation succeeded.\r
596 @retval FALSE SHA-256 digest computation failed.\r
597\r
598**/\r
599BOOLEAN\r
600EFIAPI\r
601Sha256Final (\r
602 IN OUT VOID *Sha256Context,\r
603 OUT UINT8 *HashValue\r
604 );\r
605\r
606/**\r
607 Computes the SHA-256 message digest of a input data buffer.\r
608\r
609 This function performs the SHA-256 message digest of a given data buffer, and places\r
610 the digest value into the specified memory.\r
611\r
612 If this interface is not supported, then return FALSE.\r
613\r
614 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
615 @param[in] DataSize Size of Data buffer in bytes.\r
616 @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest\r
617 value (32 bytes).\r
618\r
619 @retval TRUE SHA-256 digest computation succeeded.\r
620 @retval FALSE SHA-256 digest computation failed.\r
621 @retval FALSE This interface is not supported.\r
622\r
623**/\r
624BOOLEAN\r
625EFIAPI\r
626Sha256HashAll (\r
627 IN CONST VOID *Data,\r
628 IN UINTN DataSize,\r
629 OUT UINT8 *HashValue\r
630 );\r
631\r
632/**\r
633 Retrieves the size, in bytes, of the context buffer required for SHA-384 hash operations.\r
634\r
635 @return The size, in bytes, of the context buffer required for SHA-384 hash operations.\r
636\r
637**/\r
638UINTN\r
639EFIAPI\r
640Sha384GetContextSize (\r
641 VOID\r
642 );\r
643\r
644/**\r
645 Initializes user-supplied memory pointed by Sha384Context as SHA-384 hash context for\r
646 subsequent use.\r
647\r
648 If Sha384Context is NULL, then return FALSE.\r
649\r
650 @param[out] Sha384Context Pointer to SHA-384 context being initialized.\r
651\r
652 @retval TRUE SHA-384 context initialization succeeded.\r
653 @retval FALSE SHA-384 context initialization failed.\r
654\r
655**/\r
656BOOLEAN\r
657EFIAPI\r
658Sha384Init (\r
659 OUT VOID *Sha384Context\r
660 );\r
661\r
662/**\r
663 Makes a copy of an existing SHA-384 context.\r
664\r
665 If Sha384Context is NULL, then return FALSE.\r
666 If NewSha384Context is NULL, then return FALSE.\r
667 If this interface is not supported, then return FALSE.\r
668\r
669 @param[in] Sha384Context Pointer to SHA-384 context being copied.\r
670 @param[out] NewSha384Context Pointer to new SHA-384 context.\r
671\r
672 @retval TRUE SHA-384 context copy succeeded.\r
673 @retval FALSE SHA-384 context copy failed.\r
674 @retval FALSE This interface is not supported.\r
675\r
676**/\r
677BOOLEAN\r
678EFIAPI\r
679Sha384Duplicate (\r
680 IN CONST VOID *Sha384Context,\r
681 OUT VOID *NewSha384Context\r
682 );\r
683\r
684/**\r
685 Digests the input data and updates SHA-384 context.\r
686\r
687 This function performs SHA-384 digest on a data buffer of the specified size.\r
688 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
689 SHA-384 context should be already correctly initialized by Sha384Init(), and should not be finalized\r
690 by Sha384Final(). Behavior with invalid context is undefined.\r
691\r
692 If Sha384Context is NULL, then return FALSE.\r
693\r
694 @param[in, out] Sha384Context Pointer to the SHA-384 context.\r
695 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
696 @param[in] DataSize Size of Data buffer in bytes.\r
697\r
698 @retval TRUE SHA-384 data digest succeeded.\r
699 @retval FALSE SHA-384 data digest failed.\r
700\r
701**/\r
702BOOLEAN\r
703EFIAPI\r
704Sha384Update (\r
705 IN OUT VOID *Sha384Context,\r
706 IN CONST VOID *Data,\r
707 IN UINTN DataSize\r
708 );\r
709\r
710/**\r
711 Completes computation of the SHA-384 digest value.\r
712\r
713 This function completes SHA-384 hash computation and retrieves the digest value into\r
714 the specified memory. After this function has been called, the SHA-384 context cannot\r
715 be used again.\r
716 SHA-384 context should be already correctly initialized by Sha384Init(), and should not be\r
717 finalized by Sha384Final(). Behavior with invalid SHA-384 context is undefined.\r
718\r
719 If Sha384Context is NULL, then return FALSE.\r
720 If HashValue is NULL, then return FALSE.\r
721\r
722 @param[in, out] Sha384Context Pointer to the SHA-384 context.\r
723 @param[out] HashValue Pointer to a buffer that receives the SHA-384 digest\r
724 value (48 bytes).\r
725\r
726 @retval TRUE SHA-384 digest computation succeeded.\r
727 @retval FALSE SHA-384 digest computation failed.\r
728\r
729**/\r
730BOOLEAN\r
731EFIAPI\r
732Sha384Final (\r
733 IN OUT VOID *Sha384Context,\r
734 OUT UINT8 *HashValue\r
735 );\r
736\r
737/**\r
738 Computes the SHA-384 message digest of a input data buffer.\r
739\r
740 This function performs the SHA-384 message digest of a given data buffer, and places\r
741 the digest value into the specified memory.\r
742\r
743 If this interface is not supported, then return FALSE.\r
744\r
745 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
746 @param[in] DataSize Size of Data buffer in bytes.\r
747 @param[out] HashValue Pointer to a buffer that receives the SHA-384 digest\r
748 value (48 bytes).\r
749\r
750 @retval TRUE SHA-384 digest computation succeeded.\r
751 @retval FALSE SHA-384 digest computation failed.\r
752 @retval FALSE This interface is not supported.\r
753\r
754**/\r
755BOOLEAN\r
756EFIAPI\r
757Sha384HashAll (\r
758 IN CONST VOID *Data,\r
759 IN UINTN DataSize,\r
760 OUT UINT8 *HashValue\r
761 );\r
762\r
763/**\r
764 Retrieves the size, in bytes, of the context buffer required for SHA-512 hash operations.\r
765\r
766 @return The size, in bytes, of the context buffer required for SHA-512 hash operations.\r
767\r
768**/\r
769UINTN\r
770EFIAPI\r
771Sha512GetContextSize (\r
772 VOID\r
773 );\r
774\r
775/**\r
776 Initializes user-supplied memory pointed by Sha512Context as SHA-512 hash context for\r
777 subsequent use.\r
778\r
779 If Sha512Context is NULL, then return FALSE.\r
780\r
781 @param[out] Sha512Context Pointer to SHA-512 context being initialized.\r
782\r
783 @retval TRUE SHA-512 context initialization succeeded.\r
784 @retval FALSE SHA-512 context initialization failed.\r
785\r
786**/\r
787BOOLEAN\r
788EFIAPI\r
789Sha512Init (\r
790 OUT VOID *Sha512Context\r
791 );\r
792\r
793/**\r
794 Makes a copy of an existing SHA-512 context.\r
795\r
796 If Sha512Context is NULL, then return FALSE.\r
797 If NewSha512Context is NULL, then return FALSE.\r
798 If this interface is not supported, then return FALSE.\r
799\r
800 @param[in] Sha512Context Pointer to SHA-512 context being copied.\r
801 @param[out] NewSha512Context Pointer to new SHA-512 context.\r
802\r
803 @retval TRUE SHA-512 context copy succeeded.\r
804 @retval FALSE SHA-512 context copy failed.\r
805 @retval FALSE This interface is not supported.\r
806\r
807**/\r
808BOOLEAN\r
809EFIAPI\r
810Sha512Duplicate (\r
811 IN CONST VOID *Sha512Context,\r
812 OUT VOID *NewSha512Context\r
813 );\r
814\r
815/**\r
816 Digests the input data and updates SHA-512 context.\r
817\r
818 This function performs SHA-512 digest on a data buffer of the specified size.\r
819 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
820 SHA-512 context should be already correctly initialized by Sha512Init(), and should not be finalized\r
821 by Sha512Final(). Behavior with invalid context is undefined.\r
822\r
823 If Sha512Context is NULL, then return FALSE.\r
824\r
825 @param[in, out] Sha512Context Pointer to the SHA-512 context.\r
826 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
827 @param[in] DataSize Size of Data buffer in bytes.\r
828\r
829 @retval TRUE SHA-512 data digest succeeded.\r
830 @retval FALSE SHA-512 data digest failed.\r
831\r
832**/\r
833BOOLEAN\r
834EFIAPI\r
835Sha512Update (\r
836 IN OUT VOID *Sha512Context,\r
837 IN CONST VOID *Data,\r
838 IN UINTN DataSize\r
839 );\r
840\r
841/**\r
842 Completes computation of the SHA-512 digest value.\r
843\r
844 This function completes SHA-512 hash computation and retrieves the digest value into\r
845 the specified memory. After this function has been called, the SHA-512 context cannot\r
846 be used again.\r
847 SHA-512 context should be already correctly initialized by Sha512Init(), and should not be\r
848 finalized by Sha512Final(). Behavior with invalid SHA-512 context is undefined.\r
849\r
850 If Sha512Context is NULL, then return FALSE.\r
851 If HashValue is NULL, then return FALSE.\r
852\r
853 @param[in, out] Sha512Context Pointer to the SHA-512 context.\r
854 @param[out] HashValue Pointer to a buffer that receives the SHA-512 digest\r
855 value (64 bytes).\r
856\r
857 @retval TRUE SHA-512 digest computation succeeded.\r
858 @retval FALSE SHA-512 digest computation failed.\r
859\r
860**/\r
861BOOLEAN\r
862EFIAPI\r
863Sha512Final (\r
864 IN OUT VOID *Sha512Context,\r
865 OUT UINT8 *HashValue\r
866 );\r
867\r
868/**\r
869 Computes the SHA-512 message digest of a input data buffer.\r
870\r
871 This function performs the SHA-512 message digest of a given data buffer, and places\r
872 the digest value into the specified memory.\r
873\r
874 If this interface is not supported, then return FALSE.\r
875\r
876 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
877 @param[in] DataSize Size of Data buffer in bytes.\r
878 @param[out] HashValue Pointer to a buffer that receives the SHA-512 digest\r
879 value (64 bytes).\r
880\r
881 @retval TRUE SHA-512 digest computation succeeded.\r
882 @retval FALSE SHA-512 digest computation failed.\r
883 @retval FALSE This interface is not supported.\r
884\r
885**/\r
886BOOLEAN\r
887EFIAPI\r
888Sha512HashAll (\r
889 IN CONST VOID *Data,\r
890 IN UINTN DataSize,\r
891 OUT UINT8 *HashValue\r
892 );\r
893\r
894//=====================================================================================\r
895// MAC (Message Authentication Code) Primitive\r
896//=====================================================================================\r
897\r
898/**\r
899 Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations.\r
900\r
901 If this interface is not supported, then return zero.\r
902\r
903 @return The size, in bytes, of the context buffer required for HMAC-MD5 operations.\r
904 @retval 0 This interface is not supported.\r
905\r
906**/\r
907UINTN\r
908EFIAPI\r
909HmacMd5GetContextSize (\r
910 VOID\r
911 );\r
912\r
913/**\r
914 Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for\r
915 subsequent use.\r
916\r
917 If HmacMd5Context is NULL, then return FALSE.\r
918 If this interface is not supported, then return FALSE.\r
919\r
920 @param[out] HmacMd5Context Pointer to HMAC-MD5 context being initialized.\r
921 @param[in] Key Pointer to the user-supplied key.\r
922 @param[in] KeySize Key size in bytes.\r
923\r
924 @retval TRUE HMAC-MD5 context initialization succeeded.\r
925 @retval FALSE HMAC-MD5 context initialization failed.\r
926 @retval FALSE This interface is not supported.\r
927\r
928**/\r
929BOOLEAN\r
930EFIAPI\r
931HmacMd5Init (\r
932 OUT VOID *HmacMd5Context,\r
933 IN CONST UINT8 *Key,\r
934 IN UINTN KeySize\r
935 );\r
936\r
937/**\r
938 Makes a copy of an existing HMAC-MD5 context.\r
939\r
940 If HmacMd5Context is NULL, then return FALSE.\r
941 If NewHmacMd5Context is NULL, then return FALSE.\r
942 If this interface is not supported, then return FALSE.\r
943\r
944 @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.\r
945 @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.\r
946\r
947 @retval TRUE HMAC-MD5 context copy succeeded.\r
948 @retval FALSE HMAC-MD5 context copy failed.\r
949 @retval FALSE This interface is not supported.\r
950\r
951**/\r
952BOOLEAN\r
953EFIAPI\r
954HmacMd5Duplicate (\r
955 IN CONST VOID *HmacMd5Context,\r
956 OUT VOID *NewHmacMd5Context\r
957 );\r
958\r
959/**\r
960 Digests the input data and updates HMAC-MD5 context.\r
961\r
962 This function performs HMAC-MD5 digest on a data buffer of the specified size.\r
963 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
964 HMAC-MD5 context should be already correctly initialized by HmacMd5Init(), and should not be\r
965 finalized by HmacMd5Final(). Behavior with invalid context is undefined.\r
966\r
967 If HmacMd5Context is NULL, then return FALSE.\r
968 If this interface is not supported, then return FALSE.\r
969\r
970 @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.\r
971 @param[in] Data Pointer to the buffer containing the data to be digested.\r
972 @param[in] DataSize Size of Data buffer in bytes.\r
973\r
974 @retval TRUE HMAC-MD5 data digest succeeded.\r
975 @retval FALSE HMAC-MD5 data digest failed.\r
976 @retval FALSE This interface is not supported.\r
977\r
978**/\r
979BOOLEAN\r
980EFIAPI\r
981HmacMd5Update (\r
982 IN OUT VOID *HmacMd5Context,\r
983 IN CONST VOID *Data,\r
984 IN UINTN DataSize\r
985 );\r
986\r
987/**\r
988 Completes computation of the HMAC-MD5 digest value.\r
989\r
990 This function completes HMAC-MD5 hash computation and retrieves the digest value into\r
991 the specified memory. After this function has been called, the HMAC-MD5 context cannot\r
992 be used again.\r
993 HMAC-MD5 context should be already correctly initialized by HmacMd5Init(), and should not be\r
994 finalized by HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined.\r
995\r
996 If HmacMd5Context is NULL, then return FALSE.\r
997 If HashValue is NULL, then return FALSE.\r
998 If this interface is not supported, then return FALSE.\r
999\r
1000 @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.\r
1001 @param[out] HashValue Pointer to a buffer that receives the HMAC-MD5 digest\r
1002 value (16 bytes).\r
1003\r
1004 @retval TRUE HMAC-MD5 digest computation succeeded.\r
1005 @retval FALSE HMAC-MD5 digest computation failed.\r
1006 @retval FALSE This interface is not supported.\r
1007\r
1008**/\r
1009BOOLEAN\r
1010EFIAPI\r
1011HmacMd5Final (\r
1012 IN OUT VOID *HmacMd5Context,\r
1013 OUT UINT8 *HmacValue\r
1014 );\r
1015\r
1016/**\r
1017 Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations.\r
1018\r
1019 If this interface is not supported, then return zero.\r
1020\r
1021 @return The size, in bytes, of the context buffer required for HMAC-SHA1 operations.\r
1022 @retval 0 This interface is not supported.\r
1023\r
1024**/\r
1025UINTN\r
1026EFIAPI\r
1027HmacSha1GetContextSize (\r
1028 VOID\r
1029 );\r
1030\r
1031/**\r
1032 Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for\r
1033 subsequent use.\r
1034\r
1035 If HmacSha1Context is NULL, then return FALSE.\r
1036 If this interface is not supported, then return FALSE.\r
1037\r
1038 @param[out] HmacSha1Context Pointer to HMAC-SHA1 context being initialized.\r
1039 @param[in] Key Pointer to the user-supplied key.\r
1040 @param[in] KeySize Key size in bytes.\r
1041\r
1042 @retval TRUE HMAC-SHA1 context initialization succeeded.\r
1043 @retval FALSE HMAC-SHA1 context initialization failed.\r
1044 @retval FALSE This interface is not supported.\r
1045\r
1046**/\r
1047BOOLEAN\r
1048EFIAPI\r
1049HmacSha1Init (\r
1050 OUT VOID *HmacSha1Context,\r
1051 IN CONST UINT8 *Key,\r
1052 IN UINTN KeySize\r
1053 );\r
1054\r
1055/**\r
1056 Makes a copy of an existing HMAC-SHA1 context.\r
1057\r
1058 If HmacSha1Context is NULL, then return FALSE.\r
1059 If NewHmacSha1Context is NULL, then return FALSE.\r
1060 If this interface is not supported, then return FALSE.\r
1061\r
1062 @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied.\r
1063 @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.\r
1064\r
1065 @retval TRUE HMAC-SHA1 context copy succeeded.\r
1066 @retval FALSE HMAC-SHA1 context copy failed.\r
1067 @retval FALSE This interface is not supported.\r
1068\r
1069**/\r
1070BOOLEAN\r
1071EFIAPI\r
1072HmacSha1Duplicate (\r
1073 IN CONST VOID *HmacSha1Context,\r
1074 OUT VOID *NewHmacSha1Context\r
1075 );\r
1076\r
1077/**\r
1078 Digests the input data and updates HMAC-SHA1 context.\r
1079\r
1080 This function performs HMAC-SHA1 digest on a data buffer of the specified size.\r
1081 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
1082 HMAC-SHA1 context should be already correctly initialized by HmacSha1Init(), and should not\r
1083 be finalized by HmacSha1Final(). Behavior with invalid context is undefined.\r
1084\r
1085 If HmacSha1Context is NULL, then return FALSE.\r
1086 If this interface is not supported, then return FALSE.\r
1087\r
1088 @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.\r
1089 @param[in] Data Pointer to the buffer containing the data to be digested.\r
1090 @param[in] DataSize Size of Data buffer in bytes.\r
1091\r
1092 @retval TRUE HMAC-SHA1 data digest succeeded.\r
1093 @retval FALSE HMAC-SHA1 data digest failed.\r
1094 @retval FALSE This interface is not supported.\r
1095\r
1096**/\r
1097BOOLEAN\r
1098EFIAPI\r
1099HmacSha1Update (\r
1100 IN OUT VOID *HmacSha1Context,\r
1101 IN CONST VOID *Data,\r
1102 IN UINTN DataSize\r
1103 );\r
1104\r
1105/**\r
1106 Completes computation of the HMAC-SHA1 digest value.\r
1107\r
1108 This function completes HMAC-SHA1 hash computation and retrieves the digest value into\r
1109 the specified memory. After this function has been called, the HMAC-SHA1 context cannot\r
1110 be used again.\r
1111 HMAC-SHA1 context should be already correctly initialized by HmacSha1Init(), and should\r
1112 not be finalized by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined.\r
1113\r
1114 If HmacSha1Context is NULL, then return FALSE.\r
1115 If HashValue is NULL, then return FALSE.\r
1116 If this interface is not supported, then return FALSE.\r
1117\r
1118 @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.\r
1119 @param[out] HashValue Pointer to a buffer that receives the HMAC-SHA1 digest\r
1120 value (20 bytes).\r
1121\r
1122 @retval TRUE HMAC-SHA1 digest computation succeeded.\r
1123 @retval FALSE HMAC-SHA1 digest computation failed.\r
1124 @retval FALSE This interface is not supported.\r
1125\r
1126**/\r
1127BOOLEAN\r
1128EFIAPI\r
1129HmacSha1Final (\r
1130 IN OUT VOID *HmacSha1Context,\r
1131 OUT UINT8 *HmacValue\r
1132 );\r
1133\r
1134/**\r
1135 Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256 operations.\r
1136\r
1137 If this interface is not supported, then return zero.\r
1138\r
1139 @return The size, in bytes, of the context buffer required for HMAC-SHA256 operations.\r
1140 @retval 0 This interface is not supported.\r
1141\r
1142**/\r
1143UINTN\r
1144EFIAPI\r
1145HmacSha256GetContextSize (\r
1146 VOID\r
1147 );\r
1148\r
1149/**\r
1150 Initializes user-supplied memory pointed by HmacSha256Context as HMAC-SHA256 context for\r
1151 subsequent use.\r
1152\r
1153 If HmacSha256Context is NULL, then return FALSE.\r
1154 If this interface is not supported, then return FALSE.\r
1155\r
1156 @param[out] HmacSha256Context Pointer to HMAC-SHA256 context being initialized.\r
1157 @param[in] Key Pointer to the user-supplied key.\r
1158 @param[in] KeySize Key size in bytes.\r
1159\r
1160 @retval TRUE HMAC-SHA256 context initialization succeeded.\r
1161 @retval FALSE HMAC-SHA256 context initialization failed.\r
1162 @retval FALSE This interface is not supported.\r
1163\r
1164**/\r
1165BOOLEAN\r
1166EFIAPI\r
1167HmacSha256Init (\r
1168 OUT VOID *HmacSha256Context,\r
1169 IN CONST UINT8 *Key,\r
1170 IN UINTN KeySize\r
1171 );\r
1172\r
1173/**\r
1174 Makes a copy of an existing HMAC-SHA256 context.\r
1175\r
1176 If HmacSha256Context is NULL, then return FALSE.\r
1177 If NewHmacSha256Context is NULL, then return FALSE.\r
1178 If this interface is not supported, then return FALSE.\r
1179\r
1180 @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied.\r
1181 @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context.\r
1182\r
1183 @retval TRUE HMAC-SHA256 context copy succeeded.\r
1184 @retval FALSE HMAC-SHA256 context copy failed.\r
1185 @retval FALSE This interface is not supported.\r
1186\r
1187**/\r
1188BOOLEAN\r
1189EFIAPI\r
1190HmacSha256Duplicate (\r
1191 IN CONST VOID *HmacSha256Context,\r
1192 OUT VOID *NewHmacSha256Context\r
1193 );\r
1194\r
1195/**\r
1196 Digests the input data and updates HMAC-SHA256 context.\r
1197\r
1198 This function performs HMAC-SHA256 digest on a data buffer of the specified size.\r
1199 It can be called multiple times to compute the digest of long or discontinuous data streams.\r
1200 HMAC-SHA256 context should be already correctly initialized by HmacSha256Init(), and should not\r
1201 be finalized by HmacSha256Final(). Behavior with invalid context is undefined.\r
1202\r
1203 If HmacSha256Context is NULL, then return FALSE.\r
1204 If this interface is not supported, then return FALSE.\r
1205\r
1206 @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.\r
1207 @param[in] Data Pointer to the buffer containing the data to be digested.\r
1208 @param[in] DataSize Size of Data buffer in bytes.\r
1209\r
1210 @retval TRUE HMAC-SHA256 data digest succeeded.\r
1211 @retval FALSE HMAC-SHA256 data digest failed.\r
1212 @retval FALSE This interface is not supported.\r
1213\r
1214**/\r
1215BOOLEAN\r
1216EFIAPI\r
1217HmacSha256Update (\r
1218 IN OUT VOID *HmacSha256Context,\r
1219 IN CONST VOID *Data,\r
1220 IN UINTN DataSize\r
1221 );\r
1222\r
1223/**\r
1224 Completes computation of the HMAC-SHA256 digest value.\r
1225\r
1226 This function completes HMAC-SHA256 hash computation and retrieves the digest value into\r
1227 the specified memory. After this function has been called, the HMAC-SHA256 context cannot\r
1228 be used again.\r
1229 HMAC-SHA256 context should be already correctly initialized by HmacSha256Init(), and should\r
1230 not be finalized by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined.\r
1231\r
1232 If HmacSha256Context is NULL, then return FALSE.\r
1233 If HashValue is NULL, then return FALSE.\r
1234 If this interface is not supported, then return FALSE.\r
1235\r
1236 @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context.\r
1237 @param[out] HashValue Pointer to a buffer that receives the HMAC-SHA256 digest\r
1238 value (32 bytes).\r
1239\r
1240 @retval TRUE HMAC-SHA256 digest computation succeeded.\r
1241 @retval FALSE HMAC-SHA256 digest computation failed.\r
1242 @retval FALSE This interface is not supported.\r
1243\r
1244**/\r
1245BOOLEAN\r
1246EFIAPI\r
1247HmacSha256Final (\r
1248 IN OUT VOID *HmacSha256Context,\r
1249 OUT UINT8 *HmacValue\r
1250 );\r
1251\r
1252//=====================================================================================\r
1253// Symmetric Cryptography Primitive\r
1254//=====================================================================================\r
1255\r
1256/**\r
1257 Retrieves the size, in bytes, of the context buffer required for TDES operations.\r
1258\r
1259 If this interface is not supported, then return zero.\r
1260\r
1261 @return The size, in bytes, of the context buffer required for TDES operations.\r
1262 @retval 0 This interface is not supported.\r
1263\r
1264**/\r
1265UINTN\r
1266EFIAPI\r
1267TdesGetContextSize (\r
1268 VOID\r
1269 );\r
1270\r
1271/**\r
1272 Initializes user-supplied memory as TDES context for subsequent use.\r
1273\r
1274 This function initializes user-supplied memory pointed by TdesContext as TDES context.\r
1275 In addition, it sets up all TDES key materials for subsequent encryption and decryption\r
1276 operations.\r
1277 There are 3 key options as follows:\r
1278 KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES)\r
1279 KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security)\r
1280 KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest)\r
1281\r
1282 If TdesContext is NULL, then return FALSE.\r
1283 If Key is NULL, then return FALSE.\r
1284 If KeyLength is not valid, then return FALSE.\r
1285 If this interface is not supported, then return FALSE.\r
1286\r
1287 @param[out] TdesContext Pointer to TDES context being initialized.\r
1288 @param[in] Key Pointer to the user-supplied TDES key.\r
1289 @param[in] KeyLength Length of TDES key in bits.\r
1290\r
1291 @retval TRUE TDES context initialization succeeded.\r
1292 @retval FALSE TDES context initialization failed.\r
1293 @retval FALSE This interface is not supported.\r
1294\r
1295**/\r
1296BOOLEAN\r
1297EFIAPI\r
1298TdesInit (\r
1299 OUT VOID *TdesContext,\r
1300 IN CONST UINT8 *Key,\r
1301 IN UINTN KeyLength\r
1302 );\r
1303\r
1304/**\r
1305 Performs TDES encryption on a data buffer of the specified size in ECB mode.\r
1306\r
1307 This function performs TDES encryption on data buffer pointed by Input, of specified\r
1308 size of InputSize, in ECB mode.\r
1309 InputSize must be multiple of block size (8 bytes). This function does not perform\r
1310 padding. Caller must perform padding, if necessary, to ensure valid input data size.\r
1311 TdesContext should be already correctly initialized by TdesInit(). Behavior with\r
1312 invalid TDES context is undefined.\r
1313\r
1314 If TdesContext is NULL, then return FALSE.\r
1315 If Input is NULL, then return FALSE.\r
1316 If InputSize is not multiple of block size (8 bytes), then return FALSE.\r
1317 If Output is NULL, then return FALSE.\r
1318 If this interface is not supported, then return FALSE.\r
1319\r
1320 @param[in] TdesContext Pointer to the TDES context.\r
1321 @param[in] Input Pointer to the buffer containing the data to be encrypted.\r
1322 @param[in] InputSize Size of the Input buffer in bytes.\r
1323 @param[out] Output Pointer to a buffer that receives the TDES encryption output.\r
1324\r
1325 @retval TRUE TDES encryption succeeded.\r
1326 @retval FALSE TDES encryption failed.\r
1327 @retval FALSE This interface is not supported.\r
1328\r
1329**/\r
1330BOOLEAN\r
1331EFIAPI\r
1332TdesEcbEncrypt (\r
1333 IN VOID *TdesContext,\r
1334 IN CONST UINT8 *Input,\r
1335 IN UINTN InputSize,\r
1336 OUT UINT8 *Output\r
1337 );\r
1338\r
1339/**\r
1340 Performs TDES decryption on a data buffer of the specified size in ECB mode.\r
1341\r
1342 This function performs TDES decryption on data buffer pointed by Input, of specified\r
1343 size of InputSize, in ECB mode.\r
1344 InputSize must be multiple of block size (8 bytes). This function does not perform\r
1345 padding. Caller must perform padding, if necessary, to ensure valid input data size.\r
1346 TdesContext should be already correctly initialized by TdesInit(). Behavior with\r
1347 invalid TDES context is undefined.\r
1348\r
1349 If TdesContext is NULL, then return FALSE.\r
1350 If Input is NULL, then return FALSE.\r
1351 If InputSize is not multiple of block size (8 bytes), then return FALSE.\r
1352 If Output is NULL, then return FALSE.\r
1353 If this interface is not supported, then return FALSE.\r
1354\r
1355 @param[in] TdesContext Pointer to the TDES context.\r
1356 @param[in] Input Pointer to the buffer containing the data to be decrypted.\r
1357 @param[in] InputSize Size of the Input buffer in bytes.\r
1358 @param[out] Output Pointer to a buffer that receives the TDES decryption output.\r
1359\r
1360 @retval TRUE TDES decryption succeeded.\r
1361 @retval FALSE TDES decryption failed.\r
1362 @retval FALSE This interface is not supported.\r
1363\r
1364**/\r
1365BOOLEAN\r
1366EFIAPI\r
1367TdesEcbDecrypt (\r
1368 IN VOID *TdesContext,\r
1369 IN CONST UINT8 *Input,\r
1370 IN UINTN InputSize,\r
1371 OUT UINT8 *Output\r
1372 );\r
1373\r
1374/**\r
1375 Performs TDES encryption on a data buffer of the specified size in CBC mode.\r
1376\r
1377 This function performs TDES encryption on data buffer pointed by Input, of specified\r
1378 size of InputSize, in CBC mode.\r
1379 InputSize must be multiple of block size (8 bytes). This function does not perform\r
1380 padding. Caller must perform padding, if necessary, to ensure valid input data size.\r
1381 Initialization vector should be one block size (8 bytes).\r
1382 TdesContext should be already correctly initialized by TdesInit(). Behavior with\r
1383 invalid TDES context is undefined.\r
1384\r
1385 If TdesContext is NULL, then return FALSE.\r
1386 If Input is NULL, then return FALSE.\r
1387 If InputSize is not multiple of block size (8 bytes), then return FALSE.\r
1388 If Ivec is NULL, then return FALSE.\r
1389 If Output is NULL, then return FALSE.\r
1390 If this interface is not supported, then return FALSE.\r
1391\r
1392 @param[in] TdesContext Pointer to the TDES context.\r
1393 @param[in] Input Pointer to the buffer containing the data to be encrypted.\r
1394 @param[in] InputSize Size of the Input buffer in bytes.\r
1395 @param[in] Ivec Pointer to initialization vector.\r
1396 @param[out] Output Pointer to a buffer that receives the TDES encryption output.\r
1397\r
1398 @retval TRUE TDES encryption succeeded.\r
1399 @retval FALSE TDES encryption failed.\r
1400 @retval FALSE This interface is not supported.\r
1401\r
1402**/\r
1403BOOLEAN\r
1404EFIAPI\r
1405TdesCbcEncrypt (\r
1406 IN VOID *TdesContext,\r
1407 IN CONST UINT8 *Input,\r
1408 IN UINTN InputSize,\r
1409 IN CONST UINT8 *Ivec,\r
1410 OUT UINT8 *Output\r
1411 );\r
1412\r
1413/**\r
1414 Performs TDES decryption on a data buffer of the specified size in CBC mode.\r
1415\r
1416 This function performs TDES decryption on data buffer pointed by Input, of specified\r
1417 size of InputSize, in CBC mode.\r
1418 InputSize must be multiple of block size (8 bytes). This function does not perform\r
1419 padding. Caller must perform padding, if necessary, to ensure valid input data size.\r
1420 Initialization vector should be one block size (8 bytes).\r
1421 TdesContext should be already correctly initialized by TdesInit(). Behavior with\r
1422 invalid TDES context is undefined.\r
1423\r
1424 If TdesContext is NULL, then return FALSE.\r
1425 If Input is NULL, then return FALSE.\r
1426 If InputSize is not multiple of block size (8 bytes), then return FALSE.\r
1427 If Ivec is NULL, then return FALSE.\r
1428 If Output is NULL, then return FALSE.\r
1429 If this interface is not supported, then return FALSE.\r
1430\r
1431 @param[in] TdesContext Pointer to the TDES context.\r
1432 @param[in] Input Pointer to the buffer containing the data to be encrypted.\r
1433 @param[in] InputSize Size of the Input buffer in bytes.\r
1434 @param[in] Ivec Pointer to initialization vector.\r
1435 @param[out] Output Pointer to a buffer that receives the TDES encryption output.\r
1436\r
1437 @retval TRUE TDES decryption succeeded.\r
1438 @retval FALSE TDES decryption failed.\r
1439 @retval FALSE This interface is not supported.\r
1440\r
1441**/\r
1442BOOLEAN\r
1443EFIAPI\r
1444TdesCbcDecrypt (\r
1445 IN VOID *TdesContext,\r
1446 IN CONST UINT8 *Input,\r
1447 IN UINTN InputSize,\r
1448 IN CONST UINT8 *Ivec,\r
1449 OUT UINT8 *Output\r
1450 );\r
1451\r
1452/**\r
1453 Retrieves the size, in bytes, of the context buffer required for AES operations.\r
1454\r
1455 If this interface is not supported, then return zero.\r
1456\r
1457 @return The size, in bytes, of the context buffer required for AES operations.\r
1458 @retval 0 This interface is not supported.\r
1459\r
1460**/\r
1461UINTN\r
1462EFIAPI\r
1463AesGetContextSize (\r
1464 VOID\r
1465 );\r
1466\r
1467/**\r
1468 Initializes user-supplied memory as AES context for subsequent use.\r
1469\r
1470 This function initializes user-supplied memory pointed by AesContext as AES context.\r
1471 In addition, it sets up all AES key materials for subsequent encryption and decryption\r
1472 operations.\r
1473 There are 3 options for key length, 128 bits, 192 bits, and 256 bits.\r
1474\r
1475 If AesContext is NULL, then return FALSE.\r
1476 If Key is NULL, then return FALSE.\r
1477 If KeyLength is not valid, then return FALSE.\r
1478 If this interface is not supported, then return FALSE.\r
1479\r
1480 @param[out] AesContext Pointer to AES context being initialized.\r
1481 @param[in] Key Pointer to the user-supplied AES key.\r
1482 @param[in] KeyLength Length of AES key in bits.\r
1483\r
1484 @retval TRUE AES context initialization succeeded.\r
1485 @retval FALSE AES context initialization failed.\r
1486 @retval FALSE This interface is not supported.\r
1487\r
1488**/\r
1489BOOLEAN\r
1490EFIAPI\r
1491AesInit (\r
1492 OUT VOID *AesContext,\r
1493 IN CONST UINT8 *Key,\r
1494 IN UINTN KeyLength\r
1495 );\r
1496\r
1497/**\r
1498 Performs AES encryption on a data buffer of the specified size in ECB mode.\r
1499\r
1500 This function performs AES encryption on data buffer pointed by Input, of specified\r
1501 size of InputSize, in ECB mode.\r
1502 InputSize must be multiple of block size (16 bytes). This function does not perform\r
1503 padding. Caller must perform padding, if necessary, to ensure valid input data size.\r
1504 AesContext should be already correctly initialized by AesInit(). Behavior with\r
1505 invalid AES context is undefined.\r
1506\r
1507 If AesContext is NULL, then return FALSE.\r
1508 If Input is NULL, then return FALSE.\r
1509 If InputSize is not multiple of block size (16 bytes), then return FALSE.\r
1510 If Output is NULL, then return FALSE.\r
1511 If this interface is not supported, then return FALSE.\r
1512\r
1513 @param[in] AesContext Pointer to the AES context.\r
1514 @param[in] Input Pointer to the buffer containing the data to be encrypted.\r
1515 @param[in] InputSize Size of the Input buffer in bytes.\r
1516 @param[out] Output Pointer to a buffer that receives the AES encryption output.\r
1517\r
1518 @retval TRUE AES encryption succeeded.\r
1519 @retval FALSE AES encryption failed.\r
1520 @retval FALSE This interface is not supported.\r
1521\r
1522**/\r
1523BOOLEAN\r
1524EFIAPI\r
1525AesEcbEncrypt (\r
1526 IN VOID *AesContext,\r
1527 IN CONST UINT8 *Input,\r
1528 IN UINTN InputSize,\r
1529 OUT UINT8 *Output\r
1530 );\r
1531\r
1532/**\r
1533 Performs AES decryption on a data buffer of the specified size in ECB mode.\r
1534\r
1535 This function performs AES decryption on data buffer pointed by Input, of specified\r
1536 size of InputSize, in ECB mode.\r
1537 InputSize must be multiple of block size (16 bytes). This function does not perform\r
1538 padding. Caller must perform padding, if necessary, to ensure valid input data size.\r
1539 AesContext should be already correctly initialized by AesInit(). Behavior with\r
1540 invalid AES context is undefined.\r
1541\r
1542 If AesContext is NULL, then return FALSE.\r
1543 If Input is NULL, then return FALSE.\r
1544 If InputSize is not multiple of block size (16 bytes), then return FALSE.\r
1545 If Output is NULL, then return FALSE.\r
1546 If this interface is not supported, then return FALSE.\r
1547\r
1548 @param[in] AesContext Pointer to the AES context.\r
1549 @param[in] Input Pointer to the buffer containing the data to be decrypted.\r
1550 @param[in] InputSize Size of the Input buffer in bytes.\r
1551 @param[out] Output Pointer to a buffer that receives the AES decryption output.\r
1552\r
1553 @retval TRUE AES decryption succeeded.\r
1554 @retval FALSE AES decryption failed.\r
1555 @retval FALSE This interface is not supported.\r
1556\r
1557**/\r
1558BOOLEAN\r
1559EFIAPI\r
1560AesEcbDecrypt (\r
1561 IN VOID *AesContext,\r
1562 IN CONST UINT8 *Input,\r
1563 IN UINTN InputSize,\r
1564 OUT UINT8 *Output\r
1565 );\r
1566\r
1567/**\r
1568 Performs AES encryption on a data buffer of the specified size in CBC mode.\r
1569\r
1570 This function performs AES encryption on data buffer pointed by Input, of specified\r
1571 size of InputSize, in CBC mode.\r
1572 InputSize must be multiple of block size (16 bytes). This function does not perform\r
1573 padding. Caller must perform padding, if necessary, to ensure valid input data size.\r
1574 Initialization vector should be one block size (16 bytes).\r
1575 AesContext should be already correctly initialized by AesInit(). Behavior with\r
1576 invalid AES context is undefined.\r
1577\r
1578 If AesContext is NULL, then return FALSE.\r
1579 If Input is NULL, then return FALSE.\r
1580 If InputSize is not multiple of block size (16 bytes), then return FALSE.\r
1581 If Ivec is NULL, then return FALSE.\r
1582 If Output is NULL, then return FALSE.\r
1583 If this interface is not supported, then return FALSE.\r
1584\r
1585 @param[in] AesContext Pointer to the AES context.\r
1586 @param[in] Input Pointer to the buffer containing the data to be encrypted.\r
1587 @param[in] InputSize Size of the Input buffer in bytes.\r
1588 @param[in] Ivec Pointer to initialization vector.\r
1589 @param[out] Output Pointer to a buffer that receives the AES encryption output.\r
1590\r
1591 @retval TRUE AES encryption succeeded.\r
1592 @retval FALSE AES encryption failed.\r
1593 @retval FALSE This interface is not supported.\r
1594\r
1595**/\r
1596BOOLEAN\r
1597EFIAPI\r
1598AesCbcEncrypt (\r
1599 IN VOID *AesContext,\r
1600 IN CONST UINT8 *Input,\r
1601 IN UINTN InputSize,\r
1602 IN CONST UINT8 *Ivec,\r
1603 OUT UINT8 *Output\r
1604 );\r
1605\r
1606/**\r
1607 Performs AES decryption on a data buffer of the specified size in CBC mode.\r
1608\r
1609 This function performs AES decryption on data buffer pointed by Input, of specified\r
1610 size of InputSize, in CBC mode.\r
1611 InputSize must be multiple of block size (16 bytes). This function does not perform\r
1612 padding. Caller must perform padding, if necessary, to ensure valid input data size.\r
1613 Initialization vector should be one block size (16 bytes).\r
1614 AesContext should be already correctly initialized by AesInit(). Behavior with\r
1615 invalid AES context is undefined.\r
1616\r
1617 If AesContext is NULL, then return FALSE.\r
1618 If Input is NULL, then return FALSE.\r
1619 If InputSize is not multiple of block size (16 bytes), then return FALSE.\r
1620 If Ivec is NULL, then return FALSE.\r
1621 If Output is NULL, then return FALSE.\r
1622 If this interface is not supported, then return FALSE.\r
1623\r
1624 @param[in] AesContext Pointer to the AES context.\r
1625 @param[in] Input Pointer to the buffer containing the data to be encrypted.\r
1626 @param[in] InputSize Size of the Input buffer in bytes.\r
1627 @param[in] Ivec Pointer to initialization vector.\r
1628 @param[out] Output Pointer to a buffer that receives the AES encryption output.\r
1629\r
1630 @retval TRUE AES decryption succeeded.\r
1631 @retval FALSE AES decryption failed.\r
1632 @retval FALSE This interface is not supported.\r
1633\r
1634**/\r
1635BOOLEAN\r
1636EFIAPI\r
1637AesCbcDecrypt (\r
1638 IN VOID *AesContext,\r
1639 IN CONST UINT8 *Input,\r
1640 IN UINTN InputSize,\r
1641 IN CONST UINT8 *Ivec,\r
1642 OUT UINT8 *Output\r
1643 );\r
1644\r
1645/**\r
1646 Retrieves the size, in bytes, of the context buffer required for ARC4 operations.\r
1647\r
1648 If this interface is not supported, then return zero.\r
1649\r
1650 @return The size, in bytes, of the context buffer required for ARC4 operations.\r
1651 @retval 0 This interface is not supported.\r
1652\r
1653**/\r
1654UINTN\r
1655EFIAPI\r
1656Arc4GetContextSize (\r
1657 VOID\r
1658 );\r
1659\r
1660/**\r
1661 Initializes user-supplied memory as ARC4 context for subsequent use.\r
1662\r
1663 This function initializes user-supplied memory pointed by Arc4Context as ARC4 context.\r
1664 In addition, it sets up all ARC4 key materials for subsequent encryption and decryption\r
1665 operations.\r
1666\r
1667 If Arc4Context is NULL, then return FALSE.\r
1668 If Key is NULL, then return FALSE.\r
1669 If KeySize does not in the range of [5, 256] bytes, then return FALSE.\r
1670 If this interface is not supported, then return FALSE.\r
1671\r
1672 @param[out] Arc4Context Pointer to ARC4 context being initialized.\r
1673 @param[in] Key Pointer to the user-supplied ARC4 key.\r
1674 @param[in] KeySize Size of ARC4 key in bytes.\r
1675\r
1676 @retval TRUE ARC4 context initialization succeeded.\r
1677 @retval FALSE ARC4 context initialization failed.\r
1678 @retval FALSE This interface is not supported.\r
1679\r
1680**/\r
1681BOOLEAN\r
1682EFIAPI\r
1683Arc4Init (\r
1684 OUT VOID *Arc4Context,\r
1685 IN CONST UINT8 *Key,\r
1686 IN UINTN KeySize\r
1687 );\r
1688\r
1689/**\r
1690 Performs ARC4 encryption on a data buffer of the specified size.\r
1691\r
1692 This function performs ARC4 encryption on data buffer pointed by Input, of specified\r
1693 size of InputSize.\r
1694 Arc4Context should be already correctly initialized by Arc4Init(). Behavior with\r
1695 invalid ARC4 context is undefined.\r
1696\r
1697 If Arc4Context is NULL, then return FALSE.\r
1698 If Input is NULL, then return FALSE.\r
1699 If Output is NULL, then return FALSE.\r
1700 If this interface is not supported, then return FALSE.\r
1701\r
1702 @param[in] Arc4Context Pointer to the ARC4 context.\r
1703 @param[in] Input Pointer to the buffer containing the data to be encrypted.\r
1704 @param[in] InputSize Size of the Input buffer in bytes.\r
1705 @param[out] Output Pointer to a buffer that receives the ARC4 encryption output.\r
1706\r
1707 @retval TRUE ARC4 encryption succeeded.\r
1708 @retval FALSE ARC4 encryption failed.\r
1709 @retval FALSE This interface is not supported.\r
1710\r
1711**/\r
1712BOOLEAN\r
1713EFIAPI\r
1714Arc4Encrypt (\r
1715 IN OUT VOID *Arc4Context,\r
1716 IN CONST UINT8 *Input,\r
1717 IN UINTN InputSize,\r
1718 OUT UINT8 *Output\r
1719 );\r
1720\r
1721/**\r
1722 Performs ARC4 decryption on a data buffer of the specified size.\r
1723\r
1724 This function performs ARC4 decryption on data buffer pointed by Input, of specified\r
1725 size of InputSize.\r
1726 Arc4Context should be already correctly initialized by Arc4Init(). Behavior with\r
1727 invalid ARC4 context is undefined.\r
1728\r
1729 If Arc4Context is NULL, then return FALSE.\r
1730 If Input is NULL, then return FALSE.\r
1731 If Output is NULL, then return FALSE.\r
1732 If this interface is not supported, then return FALSE.\r
1733\r
1734 @param[in] Arc4Context Pointer to the ARC4 context.\r
1735 @param[in] Input Pointer to the buffer containing the data to be decrypted.\r
1736 @param[in] InputSize Size of the Input buffer in bytes.\r
1737 @param[out] Output Pointer to a buffer that receives the ARC4 decryption output.\r
1738\r
1739 @retval TRUE ARC4 decryption succeeded.\r
1740 @retval FALSE ARC4 decryption failed.\r
1741 @retval FALSE This interface is not supported.\r
1742\r
1743**/\r
1744BOOLEAN\r
1745EFIAPI\r
1746Arc4Decrypt (\r
1747 IN OUT VOID *Arc4Context,\r
1748 IN UINT8 *Input,\r
1749 IN UINTN InputSize,\r
1750 OUT UINT8 *Output\r
1751 );\r
1752\r
1753/**\r
1754 Resets the ARC4 context to the initial state.\r
1755\r
1756 The function resets the ARC4 context to the state it had immediately after the\r
1757 ARC4Init() function call.\r
1758 Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but ARC4 context\r
1759 should be already correctly initialized by ARC4Init().\r
1760\r
1761 If Arc4Context is NULL, then return FALSE.\r
1762 If this interface is not supported, then return FALSE.\r
1763\r
1764 @param[in, out] Arc4Context Pointer to the ARC4 context.\r
1765\r
1766 @retval TRUE ARC4 reset succeeded.\r
1767 @retval FALSE ARC4 reset failed.\r
1768 @retval FALSE This interface is not supported.\r
1769\r
1770**/\r
1771BOOLEAN\r
1772EFIAPI\r
1773Arc4Reset (\r
1774 IN OUT VOID *Arc4Context\r
1775 );\r
1776\r
1777//=====================================================================================\r
1778// Asymmetric Cryptography Primitive\r
1779//=====================================================================================\r
1780\r
1781/**\r
1782 Allocates and initializes one RSA context for subsequent use.\r
1783\r
1784 @return Pointer to the RSA context that has been initialized.\r
1785 If the allocations fails, RsaNew() returns NULL.\r
1786\r
1787**/\r
1788VOID *\r
1789EFIAPI\r
1790RsaNew (\r
1791 VOID\r
1792 );\r
1793\r
1794/**\r
1795 Release the specified RSA context.\r
1796\r
1797 If RsaContext is NULL, then return FALSE.\r
1798\r
1799 @param[in] RsaContext Pointer to the RSA context to be released.\r
1800\r
1801**/\r
1802VOID\r
1803EFIAPI\r
1804RsaFree (\r
1805 IN VOID *RsaContext\r
1806 );\r
1807\r
1808/**\r
1809 Sets the tag-designated key component into the established RSA context.\r
1810\r
1811 This function sets the tag-designated RSA key component into the established\r
1812 RSA context from the user-specified non-negative integer (octet string format\r
1813 represented in RSA PKCS#1).\r
1814 If BigNumber is NULL, then the specified key component in RSA context is cleared.\r
1815\r
1816 If RsaContext is NULL, then return FALSE.\r
1817\r
1818 @param[in, out] RsaContext Pointer to RSA context being set.\r
1819 @param[in] KeyTag Tag of RSA key component being set.\r
1820 @param[in] BigNumber Pointer to octet integer buffer.\r
1821 If NULL, then the specified key component in RSA\r
1822 context is cleared.\r
1823 @param[in] BnSize Size of big number buffer in bytes.\r
1824 If BigNumber is NULL, then it is ignored.\r
1825\r
1826 @retval TRUE RSA key component was set successfully.\r
1827 @retval FALSE Invalid RSA key component tag.\r
1828\r
1829**/\r
1830BOOLEAN\r
1831EFIAPI\r
1832RsaSetKey (\r
1833 IN OUT VOID *RsaContext,\r
1834 IN RSA_KEY_TAG KeyTag,\r
1835 IN CONST UINT8 *BigNumber,\r
1836 IN UINTN BnSize\r
1837 );\r
1838\r
1839/**\r
1840 Gets the tag-designated RSA key component from the established RSA context.\r
1841\r
1842 This function retrieves the tag-designated RSA key component from the\r
1843 established RSA context as a non-negative integer (octet string format\r
1844 represented in RSA PKCS#1).\r
1845 If specified key component has not been set or has been cleared, then returned\r
1846 BnSize is set to 0.\r
1847 If the BigNumber buffer is too small to hold the contents of the key, FALSE\r
1848 is returned and BnSize is set to the required buffer size to obtain the key.\r
1849\r
1850 If RsaContext is NULL, then return FALSE.\r
1851 If BnSize is NULL, then return FALSE.\r
1852 If BnSize is large enough but BigNumber is NULL, then return FALSE.\r
1853 If this interface is not supported, then return FALSE.\r
1854\r
1855 @param[in, out] RsaContext Pointer to RSA context being set.\r
1856 @param[in] KeyTag Tag of RSA key component being set.\r
1857 @param[out] BigNumber Pointer to octet integer buffer.\r
1858 @param[in, out] BnSize On input, the size of big number buffer in bytes.\r
1859 On output, the size of data returned in big number buffer in bytes.\r
1860\r
1861 @retval TRUE RSA key component was retrieved successfully.\r
1862 @retval FALSE Invalid RSA key component tag.\r
1863 @retval FALSE BnSize is too small.\r
1864 @retval FALSE This interface is not supported.\r
1865\r
1866**/\r
1867BOOLEAN\r
1868EFIAPI\r
1869RsaGetKey (\r
1870 IN OUT VOID *RsaContext,\r
1871 IN RSA_KEY_TAG KeyTag,\r
1872 OUT UINT8 *BigNumber,\r
1873 IN OUT UINTN *BnSize\r
1874 );\r
1875\r
1876/**\r
1877 Generates RSA key components.\r
1878\r
1879 This function generates RSA key components. It takes RSA public exponent E and\r
1880 length in bits of RSA modulus N as input, and generates all key components.\r
1881 If PublicExponent is NULL, the default RSA public exponent (0x10001) will be used.\r
1882\r
1883 Before this function can be invoked, pseudorandom number generator must be correctly\r
1884 initialized by RandomSeed().\r
1885\r
1886 If RsaContext is NULL, then return FALSE.\r
1887 If this interface is not supported, then return FALSE.\r
1888\r
1889 @param[in, out] RsaContext Pointer to RSA context being set.\r
1890 @param[in] ModulusLength Length of RSA modulus N in bits.\r
1891 @param[in] PublicExponent Pointer to RSA public exponent.\r
1892 @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.\r
1893\r
1894 @retval TRUE RSA key component was generated successfully.\r
1895 @retval FALSE Invalid RSA key component tag.\r
1896 @retval FALSE This interface is not supported.\r
1897\r
1898**/\r
1899BOOLEAN\r
1900EFIAPI\r
1901RsaGenerateKey (\r
1902 IN OUT VOID *RsaContext,\r
1903 IN UINTN ModulusLength,\r
1904 IN CONST UINT8 *PublicExponent,\r
1905 IN UINTN PublicExponentSize\r
1906 );\r
1907\r
1908/**\r
1909 Validates key components of RSA context.\r
1910 NOTE: This function performs integrity checks on all the RSA key material, so\r
1911 the RSA key structure must contain all the private key data.\r
1912\r
1913 This function validates key components of RSA context in following aspects:\r
1914 - Whether p is a prime\r
1915 - Whether q is a prime\r
1916 - Whether n = p * q\r
1917 - Whether d*e = 1 mod lcm(p-1,q-1)\r
1918\r
1919 If RsaContext is NULL, then return FALSE.\r
1920 If this interface is not supported, then return FALSE.\r
1921\r
1922 @param[in] RsaContext Pointer to RSA context to check.\r
1923\r
1924 @retval TRUE RSA key components are valid.\r
1925 @retval FALSE RSA key components are not valid.\r
1926 @retval FALSE This interface is not supported.\r
1927\r
1928**/\r
1929BOOLEAN\r
1930EFIAPI\r
1931RsaCheckKey (\r
1932 IN VOID *RsaContext\r
1933 );\r
1934\r
1935/**\r
1936 Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.\r
1937\r
1938 This function carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme defined in\r
1939 RSA PKCS#1.\r
1940 If the Signature buffer is too small to hold the contents of signature, FALSE\r
1941 is returned and SigSize is set to the required buffer size to obtain the signature.\r
1942\r
1943 If RsaContext is NULL, then return FALSE.\r
1944 If MessageHash is NULL, then return FALSE.\r
1945 If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.\r
1946 If SigSize is large enough but Signature is NULL, then return FALSE.\r
1947 If this interface is not supported, then return FALSE.\r
1948\r
1949 @param[in] RsaContext Pointer to RSA context for signature generation.\r
1950 @param[in] MessageHash Pointer to octet message hash to be signed.\r
1951 @param[in] HashSize Size of the message hash in bytes.\r
1952 @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature.\r
1953 @param[in, out] SigSize On input, the size of Signature buffer in bytes.\r
1954 On output, the size of data returned in Signature buffer in bytes.\r
1955\r
1956 @retval TRUE Signature successfully generated in PKCS1-v1_5.\r
1957 @retval FALSE Signature generation failed.\r
1958 @retval FALSE SigSize is too small.\r
1959 @retval FALSE This interface is not supported.\r
1960\r
1961**/\r
1962BOOLEAN\r
1963EFIAPI\r
1964RsaPkcs1Sign (\r
1965 IN VOID *RsaContext,\r
1966 IN CONST UINT8 *MessageHash,\r
1967 IN UINTN HashSize,\r
1968 OUT UINT8 *Signature,\r
1969 IN OUT UINTN *SigSize\r
1970 );\r
1971\r
1972/**\r
1973 Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in\r
1974 RSA PKCS#1.\r
1975\r
1976 If RsaContext is NULL, then return FALSE.\r
1977 If MessageHash is NULL, then return FALSE.\r
1978 If Signature is NULL, then return FALSE.\r
1979 If HashSize is not equal to the size of MD5, SHA-1, SHA-256 digest, then return FALSE.\r
1980\r
1981 @param[in] RsaContext Pointer to RSA context for signature verification.\r
1982 @param[in] MessageHash Pointer to octet message hash to be checked.\r
1983 @param[in] HashSize Size of the message hash in bytes.\r
1984 @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.\r
1985 @param[in] SigSize Size of signature in bytes.\r
1986\r
1987 @retval TRUE Valid signature encoded in PKCS1-v1_5.\r
1988 @retval FALSE Invalid signature or invalid RSA context.\r
1989\r
1990**/\r
1991BOOLEAN\r
1992EFIAPI\r
1993RsaPkcs1Verify (\r
1994 IN VOID *RsaContext,\r
1995 IN CONST UINT8 *MessageHash,\r
1996 IN UINTN HashSize,\r
1997 IN CONST UINT8 *Signature,\r
1998 IN UINTN SigSize\r
1999 );\r
2000\r
2001/**\r
2002 Retrieve the RSA Private Key from the password-protected PEM key data.\r
2003\r
2004 If PemData is NULL, then return FALSE.\r
2005 If RsaContext is NULL, then return FALSE.\r
2006 If this interface is not supported, then return FALSE.\r
2007\r
2008 @param[in] PemData Pointer to the PEM-encoded key data to be retrieved.\r
2009 @param[in] PemSize Size of the PEM key data in bytes.\r
2010 @param[in] Password NULL-terminated passphrase used for encrypted PEM key data.\r
2011 @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved\r
2012 RSA private key component. Use RsaFree() function to free the\r
2013 resource.\r
2014\r
2015 @retval TRUE RSA Private Key was retrieved successfully.\r
2016 @retval FALSE Invalid PEM key data or incorrect password.\r
2017 @retval FALSE This interface is not supported.\r
2018\r
2019**/\r
2020BOOLEAN\r
2021EFIAPI\r
2022RsaGetPrivateKeyFromPem (\r
2023 IN CONST UINT8 *PemData,\r
2024 IN UINTN PemSize,\r
2025 IN CONST CHAR8 *Password,\r
2026 OUT VOID **RsaContext\r
2027 );\r
2028\r
2029/**\r
2030 Retrieve the RSA Public Key from one DER-encoded X509 certificate.\r
2031\r
2032 If Cert is NULL, then return FALSE.\r
2033 If RsaContext is NULL, then return FALSE.\r
2034 If this interface is not supported, then return FALSE.\r
2035\r
2036 @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
2037 @param[in] CertSize Size of the X509 certificate in bytes.\r
2038 @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved\r
2039 RSA public key component. Use RsaFree() function to free the\r
2040 resource.\r
2041\r
2042 @retval TRUE RSA Public Key was retrieved successfully.\r
2043 @retval FALSE Fail to retrieve RSA public key from X509 certificate.\r
2044 @retval FALSE This interface is not supported.\r
2045\r
2046**/\r
2047BOOLEAN\r
2048EFIAPI\r
2049RsaGetPublicKeyFromX509 (\r
2050 IN CONST UINT8 *Cert,\r
2051 IN UINTN CertSize,\r
2052 OUT VOID **RsaContext\r
2053 );\r
2054\r
2055/**\r
2056 Retrieve the subject bytes from one X.509 certificate.\r
2057\r
2058 If Cert is NULL, then return FALSE.\r
2059 If SubjectSize is NULL, then return FALSE.\r
2060 If this interface is not supported, then return FALSE.\r
2061\r
2062 @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
2063 @param[in] CertSize Size of the X509 certificate in bytes.\r
2064 @param[out] CertSubject Pointer to the retrieved certificate subject bytes.\r
2065 @param[in, out] SubjectSize The size in bytes of the CertSubject buffer on input,\r
2066 and the size of buffer returned CertSubject on output.\r
2067\r
2068 @retval TRUE The certificate subject retrieved successfully.\r
2069 @retval FALSE Invalid certificate, or the SubjectSize is too small for the result.\r
2070 The SubjectSize will be updated with the required size.\r
2071 @retval FALSE This interface is not supported.\r
2072\r
2073**/\r
2074BOOLEAN\r
2075EFIAPI\r
2076X509GetSubjectName (\r
2077 IN CONST UINT8 *Cert,\r
2078 IN UINTN CertSize,\r
2079 OUT UINT8 *CertSubject,\r
2080 IN OUT UINTN *SubjectSize\r
2081 );\r
2082\r
2083/**\r
2084 Verify one X509 certificate was issued by the trusted CA.\r
2085\r
2086 If Cert is NULL, then return FALSE.\r
2087 If CACert is NULL, then return FALSE.\r
2088 If this interface is not supported, then return FALSE.\r
2089\r
2090 @param[in] Cert Pointer to the DER-encoded X509 certificate to be verified.\r
2091 @param[in] CertSize Size of the X509 certificate in bytes.\r
2092 @param[in] CACert Pointer to the DER-encoded trusted CA certificate.\r
2093 @param[in] CACertSize Size of the CA Certificate in bytes.\r
2094\r
2095 @retval TRUE The certificate was issued by the trusted CA.\r
2096 @retval FALSE Invalid certificate or the certificate was not issued by the given\r
2097 trusted CA.\r
2098 @retval FALSE This interface is not supported.\r
2099\r
2100**/\r
2101BOOLEAN\r
2102EFIAPI\r
2103X509VerifyCert (\r
2104 IN CONST UINT8 *Cert,\r
2105 IN UINTN CertSize,\r
2106 IN CONST UINT8 *CACert,\r
2107 IN UINTN CACertSize\r
2108 );\r
2109\r
2110/**\r
2111 Construct a X509 object from DER-encoded certificate data.\r
2112\r
2113 If Cert is NULL, then return FALSE.\r
2114 If SingleX509Cert is NULL, then return FALSE.\r
2115 If this interface is not supported, then return FALSE.\r
2116\r
2117 @param[in] Cert Pointer to the DER-encoded certificate data.\r
2118 @param[in] CertSize The size of certificate data in bytes.\r
2119 @param[out] SingleX509Cert The generated X509 object.\r
2120\r
2121 @retval TRUE The X509 object generation succeeded.\r
2122 @retval FALSE The operation failed.\r
2123 @retval FALSE This interface is not supported.\r
2124\r
2125**/\r
2126BOOLEAN\r
2127EFIAPI\r
2128X509ConstructCertificate (\r
2129 IN CONST UINT8 *Cert,\r
2130 IN UINTN CertSize,\r
2131 OUT UINT8 **SingleX509Cert\r
2132 );\r
2133\r
2134/**\r
2135 Construct a X509 stack object from a list of DER-encoded certificate data.\r
2136\r
2137 If X509Stack is NULL, then return FALSE.\r
2138 If this interface is not supported, then return FALSE.\r
2139\r
2140 @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object.\r
2141 On output, pointer to the X509 stack object with new\r
2142 inserted X509 certificate.\r
2143 @param ... A list of DER-encoded single certificate data followed\r
2144 by certificate size. A NULL terminates the list. The\r
2145 pairs are the arguments to X509ConstructCertificate().\r
2146\r
2147 @retval TRUE The X509 stack construction succeeded.\r
2148 @retval FALSE The construction operation failed.\r
2149 @retval FALSE This interface is not supported.\r
2150\r
2151**/\r
2152BOOLEAN\r
2153EFIAPI\r
2154X509ConstructCertificateStack (\r
2155 IN OUT UINT8 **X509Stack,\r
2156 ...\r
2157 );\r
2158\r
2159/**\r
2160 Release the specified X509 object.\r
2161\r
2162 If the interface is not supported, then ASSERT().\r
2163\r
2164 @param[in] X509Cert Pointer to the X509 object to be released.\r
2165\r
2166**/\r
2167VOID\r
2168EFIAPI\r
2169X509Free (\r
2170 IN VOID *X509Cert\r
2171 );\r
2172\r
2173/**\r
2174 Release the specified X509 stack object.\r
2175\r
2176 If the interface is not supported, then ASSERT().\r
2177\r
2178 @param[in] X509Stack Pointer to the X509 stack object to be released.\r
2179\r
2180**/\r
2181VOID\r
2182EFIAPI\r
2183X509StackFree (\r
2184 IN VOID *X509Stack\r
2185 );\r
2186\r
2187/**\r
2188 Retrieve the TBSCertificate from one given X.509 certificate.\r
2189\r
2190 @param[in] Cert Pointer to the given DER-encoded X509 certificate.\r
2191 @param[in] CertSize Size of the X509 certificate in bytes.\r
2192 @param[out] TBSCert DER-Encoded To-Be-Signed certificate.\r
2193 @param[out] TBSCertSize Size of the TBS certificate in bytes.\r
2194\r
2195 If Cert is NULL, then return FALSE.\r
2196 If TBSCert is NULL, then return FALSE.\r
2197 If TBSCertSize is NULL, then return FALSE.\r
2198 If this interface is not supported, then return FALSE.\r
2199\r
2200 @retval TRUE The TBSCertificate was retrieved successfully.\r
2201 @retval FALSE Invalid X.509 certificate.\r
2202\r
2203**/\r
2204BOOLEAN\r
2205EFIAPI\r
2206X509GetTBSCert (\r
2207 IN CONST UINT8 *Cert,\r
2208 IN UINTN CertSize,\r
2209 OUT UINT8 **TBSCert,\r
2210 OUT UINTN *TBSCertSize\r
2211 );\r
2212\r
2213/**\r
2214 Derives a key from a password using a salt and iteration count, based on PKCS#5 v2.0\r
2215 password based encryption key derivation function PBKDF2, as specified in RFC 2898.\r
2216\r
2217 If Password or Salt or OutKey is NULL, then return FALSE.\r
2218 If the hash algorithm could not be determined, then return FALSE.\r
2219 If this interface is not supported, then return FALSE.\r
2220\r
2221 @param[in] PasswordLength Length of input password in bytes.\r
2222 @param[in] Password Pointer to the array for the password.\r
2223 @param[in] SaltLength Size of the Salt in bytes.\r
2224 @param[in] Salt Pointer to the Salt.\r
2225 @param[in] IterationCount Number of iterations to perform. Its value should be\r
2226 greater than or equal to 1.\r
2227 @param[in] DigestSize Size of the message digest to be used (eg. SHA256_DIGEST_SIZE).\r
2228 NOTE: DigestSize will be used to determine the hash algorithm.\r
2229 Only SHA1_DIGEST_SIZE or SHA256_DIGEST_SIZE is supported.\r
2230 @param[in] KeyLength Size of the derived key buffer in bytes.\r
2231 @param[out] OutKey Pointer to the output derived key buffer.\r
2232\r
2233 @retval TRUE A key was derived successfully.\r
2234 @retval FALSE One of the pointers was NULL or one of the sizes was too large.\r
2235 @retval FALSE The hash algorithm could not be determined from the digest size.\r
2236 @retval FALSE The key derivation operation failed.\r
2237 @retval FALSE This interface is not supported.\r
2238\r
2239**/\r
2240BOOLEAN\r
2241EFIAPI\r
2242Pkcs5HashPassword (\r
2243 IN UINTN PasswordLength,\r
2244 IN CONST CHAR8 *Password,\r
2245 IN UINTN SaltLength,\r
2246 IN CONST UINT8 *Salt,\r
2247 IN UINTN IterationCount,\r
2248 IN UINTN DigestSize,\r
2249 IN UINTN KeyLength,\r
2250 OUT UINT8 *OutKey\r
2251 );\r
2252\r
2253/**\r
2254 Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:\r
2255 Cryptographic Message Syntax Standard". The input signed data could be wrapped\r
2256 in a ContentInfo structure.\r
2257\r
2258 If P7Data, CertStack, StackLength, TrustedCert or CertLength is NULL, then\r
2259 return FALSE. If P7Length overflow, then return FALSE.\r
2260 If this interface is not supported, then return FALSE.\r
2261\r
2262 @param[in] P7Data Pointer to the PKCS#7 message to verify.\r
2263 @param[in] P7Length Length of the PKCS#7 message in bytes.\r
2264 @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.\r
2265 It's caller's responsibility to free the buffer.\r
2266 @param[out] StackLength Length of signer's certificates in bytes.\r
2267 @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.\r
2268 It's caller's responsibility to free the buffer.\r
2269 @param[out] CertLength Length of the trusted certificate in bytes.\r
2270\r
2271 @retval TRUE The operation is finished successfully.\r
2272 @retval FALSE Error occurs during the operation.\r
2273 @retval FALSE This interface is not supported.\r
2274\r
2275**/\r
2276BOOLEAN\r
2277EFIAPI\r
2278Pkcs7GetSigners (\r
2279 IN CONST UINT8 *P7Data,\r
2280 IN UINTN P7Length,\r
2281 OUT UINT8 **CertStack,\r
2282 OUT UINTN *StackLength,\r
2283 OUT UINT8 **TrustedCert,\r
2284 OUT UINTN *CertLength\r
2285 );\r
2286\r
2287/**\r
2288 Wrap function to use free() to free allocated memory for certificates.\r
2289\r
2290 If this interface is not supported, then ASSERT().\r
2291\r
2292 @param[in] Certs Pointer to the certificates to be freed.\r
2293\r
2294**/\r
2295VOID\r
2296EFIAPI\r
2297Pkcs7FreeSigners (\r
2298 IN UINT8 *Certs\r
2299 );\r
2300\r
2301/**\r
2302 Retrieves all embedded certificates from PKCS#7 signed data as described in "PKCS #7:\r
2303 Cryptographic Message Syntax Standard", and outputs two certificate lists chained and\r
2304 unchained to the signer's certificates.\r
2305 The input signed data could be wrapped in a ContentInfo structure.\r
2306\r
2307 @param[in] P7Data Pointer to the PKCS#7 message.\r
2308 @param[in] P7Length Length of the PKCS#7 message in bytes.\r
2309 @param[out] SignerChainCerts Pointer to the certificates list chained to signer's\r
2310 certificate. It's caller's responsibility to free the buffer.\r
2311 @param[out] ChainLength Length of the chained certificates list buffer in bytes.\r
2312 @param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's\r
2313 responsibility to free the buffer.\r
2314 @param[out] UnchainLength Length of the unchained certificates list buffer in bytes.\r
2315\r
2316 @retval TRUE The operation is finished successfully.\r
2317 @retval FALSE Error occurs during the operation.\r
2318\r
2319**/\r
2320BOOLEAN\r
2321EFIAPI\r
2322Pkcs7GetCertificatesList (\r
2323 IN CONST UINT8 *P7Data,\r
2324 IN UINTN P7Length,\r
2325 OUT UINT8 **SignerChainCerts,\r
2326 OUT UINTN *ChainLength,\r
2327 OUT UINT8 **UnchainCerts,\r
2328 OUT UINTN *UnchainLength\r
2329 );\r
2330\r
2331/**\r
2332 Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message\r
2333 Syntax Standard, version 1.5". This interface is only intended to be used for\r
2334 application to perform PKCS#7 functionality validation.\r
2335\r
2336 If this interface is not supported, then return FALSE.\r
2337\r
2338 @param[in] PrivateKey Pointer to the PEM-formatted private key data for\r
2339 data signing.\r
2340 @param[in] PrivateKeySize Size of the PEM private key data in bytes.\r
2341 @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM\r
2342 key data.\r
2343 @param[in] InData Pointer to the content to be signed.\r
2344 @param[in] InDataSize Size of InData in bytes.\r
2345 @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with.\r
2346 @param[in] OtherCerts Pointer to an optional additional set of certificates to\r
2347 include in the PKCS#7 signedData (e.g. any intermediate\r
2348 CAs in the chain).\r
2349 @param[out] SignedData Pointer to output PKCS#7 signedData.\r
2350 @param[out] SignedDataSize Size of SignedData in bytes.\r
2351\r
2352 @retval TRUE PKCS#7 data signing succeeded.\r
2353 @retval FALSE PKCS#7 data signing failed.\r
2354 @retval FALSE This interface is not supported.\r
2355\r
2356**/\r
2357BOOLEAN\r
2358EFIAPI\r
2359Pkcs7Sign (\r
2360 IN CONST UINT8 *PrivateKey,\r
2361 IN UINTN PrivateKeySize,\r
2362 IN CONST UINT8 *KeyPassword,\r
2363 IN UINT8 *InData,\r
2364 IN UINTN InDataSize,\r
2365 IN UINT8 *SignCert,\r
2366 IN UINT8 *OtherCerts OPTIONAL,\r
2367 OUT UINT8 **SignedData,\r
2368 OUT UINTN *SignedDataSize\r
2369 );\r
2370\r
2371/**\r
2372 Verifies the validity of a PKCS#7 signed data as described in "PKCS #7:\r
2373 Cryptographic Message Syntax Standard". The input signed data could be wrapped\r
2374 in a ContentInfo structure.\r
2375\r
2376 If P7Data, TrustedCert or InData is NULL, then return FALSE.\r
2377 If P7Length, CertLength or DataLength overflow, then return FALSE.\r
2378 If this interface is not supported, then return FALSE.\r
2379\r
2380 @param[in] P7Data Pointer to the PKCS#7 message to verify.\r
2381 @param[in] P7Length Length of the PKCS#7 message in bytes.\r
2382 @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which\r
2383 is used for certificate chain verification.\r
2384 @param[in] CertLength Length of the trusted certificate in bytes.\r
2385 @param[in] InData Pointer to the content to be verified.\r
2386 @param[in] DataLength Length of InData in bytes.\r
2387\r
2388 @retval TRUE The specified PKCS#7 signed data is valid.\r
2389 @retval FALSE Invalid PKCS#7 signed data.\r
2390 @retval FALSE This interface is not supported.\r
2391\r
2392**/\r
2393BOOLEAN\r
2394EFIAPI\r
2395Pkcs7Verify (\r
2396 IN CONST UINT8 *P7Data,\r
2397 IN UINTN P7Length,\r
2398 IN CONST UINT8 *TrustedCert,\r
2399 IN UINTN CertLength,\r
2400 IN CONST UINT8 *InData,\r
2401 IN UINTN DataLength\r
2402 );\r
2403\r
2404/**\r
2405 Extracts the attached content from a PKCS#7 signed data if existed. The input signed\r
2406 data could be wrapped in a ContentInfo structure.\r
2407\r
2408 If P7Data, Content, or ContentSize is NULL, then return FALSE. If P7Length overflow,\r
2409 then return FALSE. If the P7Data is not correctly formatted, then return FALSE.\r
2410\r
2411 Caution: This function may receive untrusted input. So this function will do\r
2412 basic check for PKCS#7 data structure.\r
2413\r
2414 @param[in] P7Data Pointer to the PKCS#7 signed data to process.\r
2415 @param[in] P7Length Length of the PKCS#7 signed data in bytes.\r
2416 @param[out] Content Pointer to the extracted content from the PKCS#7 signedData.\r
2417 It's caller's responsibility to free the buffer.\r
2418 @param[out] ContentSize The size of the extracted content in bytes.\r
2419\r
2420 @retval TRUE The P7Data was correctly formatted for processing.\r
2421 @retval FALSE The P7Data was not correctly formatted for processing.\r
2422\r
2423*/\r
2424BOOLEAN\r
2425EFIAPI\r
2426Pkcs7GetAttachedContent (\r
2427 IN CONST UINT8 *P7Data,\r
2428 IN UINTN P7Length,\r
2429 OUT VOID **Content,\r
2430 OUT UINTN *ContentSize\r
2431 );\r
2432\r
2433/**\r
2434 Verifies the validity of a PE/COFF Authenticode Signature as described in "Windows\r
2435 Authenticode Portable Executable Signature Format".\r
2436\r
2437 If AuthData is NULL, then return FALSE.\r
2438 If ImageHash is NULL, then return FALSE.\r
2439 If this interface is not supported, then return FALSE.\r
2440\r
2441 @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed\r
2442 PE/COFF image to be verified.\r
2443 @param[in] DataSize Size of the Authenticode Signature in bytes.\r
2444 @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which\r
2445 is used for certificate chain verification.\r
2446 @param[in] CertSize Size of the trusted certificate in bytes.\r
2447 @param[in] ImageHash Pointer to the original image file hash value. The procedure\r
2448 for calculating the image hash value is described in Authenticode\r
2449 specification.\r
2450 @param[in] HashSize Size of Image hash value in bytes.\r
2451\r
2452 @retval TRUE The specified Authenticode Signature is valid.\r
2453 @retval FALSE Invalid Authenticode Signature.\r
2454 @retval FALSE This interface is not supported.\r
2455\r
2456**/\r
2457BOOLEAN\r
2458EFIAPI\r
2459AuthenticodeVerify (\r
2460 IN CONST UINT8 *AuthData,\r
2461 IN UINTN DataSize,\r
2462 IN CONST UINT8 *TrustedCert,\r
2463 IN UINTN CertSize,\r
2464 IN CONST UINT8 *ImageHash,\r
2465 IN UINTN HashSize\r
2466 );\r
2467\r
2468/**\r
2469 Verifies the validity of a RFC3161 Timestamp CounterSignature embedded in PE/COFF Authenticode\r
2470 signature.\r
2471\r
2472 If AuthData is NULL, then return FALSE.\r
2473 If this interface is not supported, then return FALSE.\r
2474\r
2475 @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed\r
2476 PE/COFF image to be verified.\r
2477 @param[in] DataSize Size of the Authenticode Signature in bytes.\r
2478 @param[in] TsaCert Pointer to a trusted/root TSA certificate encoded in DER, which\r
2479 is used for TSA certificate chain verification.\r
2480 @param[in] CertSize Size of the trusted certificate in bytes.\r
2481 @param[out] SigningTime Return the time of timestamp generation time if the timestamp\r
2482 signature is valid.\r
2483\r
2484 @retval TRUE The specified Authenticode includes a valid RFC3161 Timestamp CounterSignature.\r
2485 @retval FALSE No valid RFC3161 Timestamp CounterSignature in the specified Authenticode data.\r
2486\r
2487**/\r
2488BOOLEAN\r
2489EFIAPI\r
2490ImageTimestampVerify (\r
2491 IN CONST UINT8 *AuthData,\r
2492 IN UINTN DataSize,\r
2493 IN CONST UINT8 *TsaCert,\r
2494 IN UINTN CertSize,\r
2495 OUT EFI_TIME *SigningTime\r
2496 );\r
2497\r
2498//=====================================================================================\r
2499// DH Key Exchange Primitive\r
2500//=====================================================================================\r
2501\r
2502/**\r
2503 Allocates and Initializes one Diffie-Hellman Context for subsequent use.\r
2504\r
2505 @return Pointer to the Diffie-Hellman Context that has been initialized.\r
2506 If the allocations fails, DhNew() returns NULL.\r
2507 If the interface is not supported, DhNew() returns NULL.\r
2508\r
2509**/\r
2510VOID *\r
2511EFIAPI\r
2512DhNew (\r
2513 VOID\r
2514 );\r
2515\r
2516/**\r
2517 Release the specified DH context.\r
2518\r
2519 If the interface is not supported, then ASSERT().\r
2520\r
2521 @param[in] DhContext Pointer to the DH context to be released.\r
2522\r
2523**/\r
2524VOID\r
2525EFIAPI\r
2526DhFree (\r
2527 IN VOID *DhContext\r
2528 );\r
2529\r
2530/**\r
2531 Generates DH parameter.\r
2532\r
2533 Given generator g, and length of prime number p in bits, this function generates p,\r
2534 and sets DH context according to value of g and p.\r
2535\r
2536 Before this function can be invoked, pseudorandom number generator must be correctly\r
2537 initialized by RandomSeed().\r
2538\r
2539 If DhContext is NULL, then return FALSE.\r
2540 If Prime is NULL, then return FALSE.\r
2541 If this interface is not supported, then return FALSE.\r
2542\r
2543 @param[in, out] DhContext Pointer to the DH context.\r
2544 @param[in] Generator Value of generator.\r
2545 @param[in] PrimeLength Length in bits of prime to be generated.\r
2546 @param[out] Prime Pointer to the buffer to receive the generated prime number.\r
2547\r
2548 @retval TRUE DH parameter generation succeeded.\r
2549 @retval FALSE Value of Generator is not supported.\r
2550 @retval FALSE PRNG fails to generate random prime number with PrimeLength.\r
2551 @retval FALSE This interface is not supported.\r
2552\r
2553**/\r
2554BOOLEAN\r
2555EFIAPI\r
2556DhGenerateParameter (\r
2557 IN OUT VOID *DhContext,\r
2558 IN UINTN Generator,\r
2559 IN UINTN PrimeLength,\r
2560 OUT UINT8 *Prime\r
2561 );\r
2562\r
2563/**\r
2564 Sets generator and prime parameters for DH.\r
2565\r
2566 Given generator g, and prime number p, this function and sets DH\r
2567 context accordingly.\r
2568\r
2569 If DhContext is NULL, then return FALSE.\r
2570 If Prime is NULL, then return FALSE.\r
2571 If this interface is not supported, then return FALSE.\r
2572\r
2573 @param[in, out] DhContext Pointer to the DH context.\r
2574 @param[in] Generator Value of generator.\r
2575 @param[in] PrimeLength Length in bits of prime to be generated.\r
2576 @param[in] Prime Pointer to the prime number.\r
2577\r
2578 @retval TRUE DH parameter setting succeeded.\r
2579 @retval FALSE Value of Generator is not supported.\r
2580 @retval FALSE Value of Generator is not suitable for the Prime.\r
2581 @retval FALSE Value of Prime is not a prime number.\r
2582 @retval FALSE Value of Prime is not a safe prime number.\r
2583 @retval FALSE This interface is not supported.\r
2584\r
2585**/\r
2586BOOLEAN\r
2587EFIAPI\r
2588DhSetParameter (\r
2589 IN OUT VOID *DhContext,\r
2590 IN UINTN Generator,\r
2591 IN UINTN PrimeLength,\r
2592 IN CONST UINT8 *Prime\r
2593 );\r
2594\r
2595/**\r
2596 Generates DH public key.\r
2597\r
2598 This function generates random secret exponent, and computes the public key, which is\r
2599 returned via parameter PublicKey and PublicKeySize. DH context is updated accordingly.\r
2600 If the PublicKey buffer is too small to hold the public key, FALSE is returned and\r
2601 PublicKeySize is set to the required buffer size to obtain the public key.\r
2602\r
2603 If DhContext is NULL, then return FALSE.\r
2604 If PublicKeySize is NULL, then return FALSE.\r
2605 If PublicKeySize is large enough but PublicKey is NULL, then return FALSE.\r
2606 If this interface is not supported, then return FALSE.\r
2607\r
2608 @param[in, out] DhContext Pointer to the DH context.\r
2609 @param[out] PublicKey Pointer to the buffer to receive generated public key.\r
2610 @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes.\r
2611 On output, the size of data returned in PublicKey buffer in bytes.\r
2612\r
2613 @retval TRUE DH public key generation succeeded.\r
2614 @retval FALSE DH public key generation failed.\r
2615 @retval FALSE PublicKeySize is not large enough.\r
2616 @retval FALSE This interface is not supported.\r
2617\r
2618**/\r
2619BOOLEAN\r
2620EFIAPI\r
2621DhGenerateKey (\r
2622 IN OUT VOID *DhContext,\r
2623 OUT UINT8 *PublicKey,\r
2624 IN OUT UINTN *PublicKeySize\r
2625 );\r
2626\r
2627/**\r
2628 Computes exchanged common key.\r
2629\r
2630 Given peer's public key, this function computes the exchanged common key, based on its own\r
2631 context including value of prime modulus and random secret exponent.\r
2632\r
2633 If DhContext is NULL, then return FALSE.\r
2634 If PeerPublicKey is NULL, then return FALSE.\r
2635 If KeySize is NULL, then return FALSE.\r
2636 If Key is NULL, then return FALSE.\r
2637 If KeySize is not large enough, then return FALSE.\r
2638 If this interface is not supported, then return FALSE.\r
2639\r
2640 @param[in, out] DhContext Pointer to the DH context.\r
2641 @param[in] PeerPublicKey Pointer to the peer's public key.\r
2642 @param[in] PeerPublicKeySize Size of peer's public key in bytes.\r
2643 @param[out] Key Pointer to the buffer to receive generated key.\r
2644 @param[in, out] KeySize On input, the size of Key buffer in bytes.\r
2645 On output, the size of data returned in Key buffer in bytes.\r
2646\r
2647 @retval TRUE DH exchanged key generation succeeded.\r
2648 @retval FALSE DH exchanged key generation failed.\r
2649 @retval FALSE KeySize is not large enough.\r
2650 @retval FALSE This interface is not supported.\r
2651\r
2652**/\r
2653BOOLEAN\r
2654EFIAPI\r
2655DhComputeKey (\r
2656 IN OUT VOID *DhContext,\r
2657 IN CONST UINT8 *PeerPublicKey,\r
2658 IN UINTN PeerPublicKeySize,\r
2659 OUT UINT8 *Key,\r
2660 IN OUT UINTN *KeySize\r
2661 );\r
2662\r
2663//=====================================================================================\r
2664// Pseudo-Random Generation Primitive\r
2665//=====================================================================================\r
2666\r
2667/**\r
2668 Sets up the seed value for the pseudorandom number generator.\r
2669\r
2670 This function sets up the seed value for the pseudorandom number generator.\r
2671 If Seed is not NULL, then the seed passed in is used.\r
2672 If Seed is NULL, then default seed is used.\r
2673 If this interface is not supported, then return FALSE.\r
2674\r
2675 @param[in] Seed Pointer to seed value.\r
2676 If NULL, default seed is used.\r
2677 @param[in] SeedSize Size of seed value.\r
2678 If Seed is NULL, this parameter is ignored.\r
2679\r
2680 @retval TRUE Pseudorandom number generator has enough entropy for random generation.\r
2681 @retval FALSE Pseudorandom number generator does not have enough entropy for random generation.\r
2682 @retval FALSE This interface is not supported.\r
2683\r
2684**/\r
2685BOOLEAN\r
2686EFIAPI\r
2687RandomSeed (\r
2688 IN CONST UINT8 *Seed OPTIONAL,\r
2689 IN UINTN SeedSize\r
2690 );\r
2691\r
2692/**\r
2693 Generates a pseudorandom byte stream of the specified size.\r
2694\r
2695 If Output is NULL, then return FALSE.\r
2696 If this interface is not supported, then return FALSE.\r
2697\r
2698 @param[out] Output Pointer to buffer to receive random value.\r
2699 @param[in] Size Size of random bytes to generate.\r
2700\r
2701 @retval TRUE Pseudorandom byte stream generated successfully.\r
2702 @retval FALSE Pseudorandom number generator fails to generate due to lack of entropy.\r
2703 @retval FALSE This interface is not supported.\r
2704\r
2705**/\r
2706BOOLEAN\r
2707EFIAPI\r
2708RandomBytes (\r
2709 OUT UINT8 *Output,\r
2710 IN UINTN Size\r
2711 );\r
2712\r
2713#endif // __BASE_CRYPT_LIB_H__\r
EFI Development Kit II mirror for PVE