This Protocol provides Crypto services to DXE modules\r
\r
Copyright (C) Microsoft Corporation. All rights reserved.\r
+ Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
/// the EDK II Crypto Protocol is extended, this version define must be\r
/// increased.\r
///\r
-#define EDKII_CRYPTO_VERSION 6\r
+#define EDKII_CRYPTO_VERSION 7\r
\r
///\r
/// EDK II Crypto Protocol forward declaration\r
IN UINTN SigSize\r
);\r
\r
-/**\r
- Retrieve the RSA Public Key from one DER-encoded X509 certificate.\r
-\r
- If Cert is NULL, then return FALSE.\r
- If RsaContext is NULL, then return FALSE.\r
- If this interface is not supported, then return FALSE.\r
-\r
- @param[in] Cert Pointer to the DER-encoded X509 certificate.\r
- @param[in] CertSize Size of the X509 certificate in bytes.\r
- @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved\r
- RSA public key component. Use RsaFree() function to free the\r
- resource.\r
-\r
- @retval TRUE RSA Public Key was retrieved successfully.\r
- @retval FALSE Fail to retrieve RSA public key from X509 certificate.\r
- @retval FALSE This interface is not supported.\r
-\r
-**/\r
-typedef\r
-BOOLEAN\r
-(EFIAPI *EDKII_CRYPTO_RSA_GET_PUBLIC_KEY_FROM_X509) (\r
- IN CONST UINT8 *Cert,\r
- IN UINTN CertSize,\r
- OUT VOID **RsaContext\r
- );\r
-\r
/**\r
Allocates and initializes one RSA context for subsequent use.\r
\r
(EFIAPI *EDKII_CRYPTO_X509_GET_COMMON_NAME) (\r
IN CONST UINT8 *Cert,\r
IN UINTN CertSize,\r
- OUT CHAR8 *CommonName, OPTIONAL\r
+ OUT CHAR8 *CommonName OPTIONAL,\r
IN OUT UINTN *CommonNameSize\r
);\r
\r
(EFIAPI *EDKII_CRYPTO_X509_GET_ORGANIZATION_NAME) (\r
IN CONST UINT8 *Cert,\r
IN UINTN CertSize,\r
- OUT CHAR8 *NameBuffer, OPTIONAL\r
+ OUT CHAR8 *NameBuffer OPTIONAL,\r
IN OUT UINTN *NameBufferSize\r
);\r
\r
EFI_STATUS\r
(EFIAPI* EDKII_CRYPTO_TLS_DO_HANDSHAKE)(\r
IN VOID *Tls,\r
- IN UINT8 *BufferIn, OPTIONAL\r
- IN UINTN BufferInSize, OPTIONAL\r
- OUT UINT8 *BufferOut, OPTIONAL\r
+ IN UINT8 *BufferIn OPTIONAL,\r
+ IN UINTN BufferInSize OPTIONAL,\r
+ OUT UINT8 *BufferOut OPTIONAL,\r
IN OUT UINTN *BufferOutSize\r
);\r
\r
EFI_STATUS\r
(EFIAPI* EDKII_CRYPTO_TLS_HANDLE_ALERT)(\r
IN VOID *Tls,\r
- IN UINT8 *BufferIn, OPTIONAL\r
- IN UINTN BufferInSize, OPTIONAL\r
- OUT UINT8 *BufferOut, OPTIONAL\r
+ IN UINT8 *BufferIn OPTIONAL,\r
+ IN UINTN BufferInSize OPTIONAL,\r
+ OUT UINT8 *BufferOut OPTIONAL,\r
IN OUT UINTN *BufferOutSize\r
);\r
\r
IN OUT UINTN *DataSize\r
);\r
\r
+/**\r
+ Carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme.\r
+\r
+ This function carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme defined in\r
+ RFC 8017.\r
+ Mask generation function is the same as the message digest algorithm.\r
+ If the Signature buffer is too small to hold the contents of signature, FALSE\r
+ is returned and SigSize is set to the required buffer size to obtain the signature.\r
+\r
+ If RsaContext is NULL, then return FALSE.\r
+ If Message is NULL, then return FALSE.\r
+ If MsgSize is zero or > INT_MAX, then return FALSE.\r
+ If DigestLen is NOT 32, 48 or 64, return FALSE.\r
+ If SaltLen is not equal to DigestLen, then return FALSE.\r
+ If SigSize is large enough but Signature is NULL, then return FALSE.\r
+ If this interface is not supported, then return FALSE.\r
+\r
+ @param[in] RsaContext Pointer to RSA context for signature generation.\r
+ @param[in] Message Pointer to octet message to be signed.\r
+ @param[in] MsgSize Size of the message in bytes.\r
+ @param[in] DigestLen Length of the digest in bytes to be used for RSA signature operation.\r
+ @param[in] SaltLen Length of the salt in bytes to be used for PSS encoding.\r
+ @param[out] Signature Pointer to buffer to receive RSA PSS signature.\r
+ @param[in, out] SigSize On input, the size of Signature buffer in bytes.\r
+ On output, the size of data returned in Signature buffer in bytes.\r
+\r
+ @retval TRUE Signature successfully generated in RSASSA-PSS.\r
+ @retval FALSE Signature generation failed.\r
+ @retval FALSE SigSize is too small.\r
+ @retval FALSE This interface is not supported.\r
+\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI* EDKII_CRYPTO_RSA_PSS_SIGN)(\r
+ IN VOID *RsaContext,\r
+ IN CONST UINT8 *Message,\r
+ IN UINTN MsgSize,\r
+ IN UINT16 DigestLen,\r
+ IN UINT16 SaltLen,\r
+ OUT UINT8 *Signature,\r
+ IN OUT UINTN *SigSize\r
+ );\r
+\r
+/**\r
+ Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017.\r
+ Implementation determines salt length automatically from the signature encoding.\r
+ Mask generation function is the same as the message digest algorithm.\r
+ Salt length should be equal to digest length.\r
+\r
+ @param[in] RsaContext Pointer to RSA context for signature verification.\r
+ @param[in] Message Pointer to octet message to be verified.\r
+ @param[in] MsgSize Size of the message in bytes.\r
+ @param[in] Signature Pointer to RSASSA-PSS signature to be verified.\r
+ @param[in] SigSize Size of signature in bytes.\r
+ @param[in] DigestLen Length of digest for RSA operation.\r
+ @param[in] SaltLen Salt length for PSS encoding.\r
+\r
+ @retval TRUE Valid signature encoded in RSASSA-PSS.\r
+ @retval FALSE Invalid signature or invalid RSA context.\r
+\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI* EDKII_CRYPTO_RSA_PSS_VERIFY)(\r
+ IN VOID *RsaContext,\r
+ IN CONST UINT8 *Message,\r
+ IN UINTN MsgSize,\r
+ IN CONST UINT8 *Signature,\r
+ IN UINTN SigSize,\r
+ IN UINT16 DigestLen,\r
+ IN UINT16 SaltLen\r
+ );\r
+\r
+\r
\r
///\r
/// EDK II Crypto Protocol\r
EDKII_CRYPTO_TLS_GET_HOST_PUBLIC_CERT TlsGetHostPublicCert;\r
EDKII_CRYPTO_TLS_GET_HOST_PRIVATE_KEY TlsGetHostPrivateKey;\r
EDKII_CRYPTO_TLS_GET_CERT_REVOCATION_LIST TlsGetCertRevocationList;\r
+ /// RSA PSS\r
+ EDKII_CRYPTO_RSA_PSS_SIGN RsaPssSign;\r
+ EDKII_CRYPTO_RSA_PSS_VERIFY RsaPssVerify;\r
};\r
\r
extern GUID gEdkiiCryptoProtocolGuid;\r