+++ /dev/null
-/** @file\r
- Definitions related to the Cryptographic Operations in IPsec.\r
-\r
- Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r
-\r
- SPDX-License-Identifier: BSD-2-Clause-Patent\r
-\r
-**/\r
-#ifndef _EFI_IPSEC_CRYPTIO_H_\r
-#define _EFI_IPSEC_CRYPTIO_H_\r
-\r
-#include <Protocol/IpSecConfig.h>\r
-#include <Library/DebugLib.h>\r
-#include <Library/BaseCryptLib.h>\r
-#include <Library/BaseMemoryLib.h>\r
-#include <Library/MemoryAllocationLib.h>\r
-\r
-#include "IpSecImpl.h"\r
-#include "IkeCommon.h"\r
-\r
-#define IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE 4\r
-#define IPSEC_AUTH_ALGORITHM_LIST_SIZE 3\r
-#define IPSEC_HASH_ALGORITHM_LIST_SIZE 3\r
-\r
-///\r
-/// Authentication Algorithm Definition\r
-/// The number value definition is aligned to IANA assignment\r
-///\r
-#define IKE_AALG_NONE 0x00\r
-#define IKE_AALG_SHA1HMAC 0x02\r
-#define IKE_AALG_NULL 0xFB\r
-\r
-///\r
-/// Encryption Algorithm Definition\r
-/// The number value definition is aligned to IANA assignment\r
-///\r
-#define IKE_EALG_NONE 0x00\r
-#define IKE_EALG_3DESCBC 0x03\r
-#define IKE_EALG_NULL 0x0B\r
-#define IKE_EALG_AESCBC 0x0C\r
-\r
-/**\r
- Prototype of HMAC GetContextSize.\r
-\r
- Retrieves the size, in bytes, of the context buffer required.\r
-\r
- @return The size, in bytes, of the context buffer required.\r
-\r
-**/\r
-typedef\r
-UINTN\r
-(EFIAPI *CRYPTO_HMAC_GETCONTEXTSIZE)(\r
- VOID\r
- );\r
-\r
-/**\r
- Prototype of HMAC Operation Initiating.\r
-\r
- Initialization with a new context.\r
-\r
- @param[out] Context Input Context.\r
- @param[in] Key Pointer to the key for HMAC.\r
- @param[in] KeySize The length of the Key in bytes.\r
-\r
- @retval TRUE Initialization Successfully.\r
-\r
-**/\r
-typedef\r
-BOOLEAN\r
-(EFIAPI *CRYPTO_HMAC_INIT)(\r
- OUT VOID *Context,\r
- IN CONST UINT8 *Key,\r
- IN UINTN KeySize\r
- );\r
-\r
-/**\r
- Prototype of HMAC update.\r
- HMAC update operation. Continue an HMAC message digest operation, processing\r
- another message block, and updating the HMAC context.\r
-\r
- If Context is NULL, then ASSERT().\r
- If Data is NULL, then ASSERT().\r
-\r
- @param[in,out] Context The Specified Context.\r
- @param[in,out] Data The Input Data to be digested.\r
- @param[in] DataLength The length, in bytes, of Data.\r
-\r
- @retval TRUE Update data successfully.\r
- @retval FALSE The Context has been finalized.\r
-\r
-**/\r
-typedef\r
-BOOLEAN\r
-(EFIAPI *CRYPTO_HMAC_UPDATE)(\r
- IN OUT VOID *Context,\r
- IN CONST VOID *Data,\r
- IN UINTN DataLength\r
- );\r
-\r
-/**\r
- Prototype of HMAC finalization.\r
- Terminate a HMAC message digest operation and output the message digest.\r
-\r
- If Context is NULL, then ASSERT().\r
- If HashValue is NULL, then ASSERT().\r
-\r
- @param[in,out] Context The specified Context.\r
- @param[out] HmacValue Pointer to a 16-byte message digest output buffer.\r
-\r
- @retval TRUE Finalized successfully.\r
-\r
-**/\r
-typedef\r
-BOOLEAN\r
-(EFIAPI *CRYPTO_HMAC_FINAL)(\r
- IN OUT VOID *Context,\r
- OUT UINT8 *HmacValue\r
- );\r
-\r
-/**\r
- Prototype of Block Cipher GetContextSize.\r
-\r
- Retrieves the size, in bytes, of the context buffer required.\r
-\r
- @return The size, in bytes, of the context buffer required.\r
-\r
-**/\r
-typedef\r
-UINTN\r
-(EFIAPI *CRYPTO_CIPHER_GETCONTEXTSIZE)(\r
- VOID\r
- );\r
-\r
-/**\r
- Prototype of Block Cipher initiation.\r
- Initializes the user-supplied key as the specified context (key materials) for both\r
- encryption and decryption operations.\r
-\r
- If Context is NULL, then ASSERT().\r
- If Key is NULL, then generate random key for usage.\r
-\r
- @param[in,out] Context The specified Context.\r
- @param[in] Key User-supplied cipher key.\r
- @param[in] KeyBits Key length in bits.\r
-\r
- @retval TRUE Block Cipher Initialization was successful.\r
-\r
-**/\r
-typedef\r
-BOOLEAN\r
-(EFIAPI *CRYPTO_CIPHER_INIT)(\r
- IN OUT VOID *Context,\r
- IN CONST UINT8 *Key,\r
- IN UINTN KeyBits\r
- );\r
-\r
-/**\r
- Prototype of Cipher encryption.\r
- Encrypts plaintext message with the specified cipher.\r
-\r
- If Context is NULL, then ASSERT().\r
- If InData is NULL, then ASSERT().\r
- If Size of input data is not multiple of Cipher algorithm related block size,\r
- then ASSERT().\r
-\r
- @param[in] Context The specified Context.\r
- @param[in] InData The input plaintext data to be encrypted.\r
- @param[in] InputSize The size of input data.\r
- @param[in] Ivec Pointer to Initial Vector data for encryption.\r
- @param[out] OutData The resultant encrypted ciphertext.\r
-\r
- @retval TRUE Encryption successful.\r
-\r
-**/\r
-typedef\r
-BOOLEAN\r
-(EFIAPI *CRYPTO_CIPHER_ENCRYPT)(\r
- IN VOID *Context,\r
- IN CONST UINT8 *InData,\r
- IN UINTN InputSize,\r
- IN CONST UINT8 *Ivec,\r
- OUT UINT8 *OutData\r
- );\r
-\r
-/**\r
- Prototype of Cipher decryption.\r
- Decrypts cipher message with specified cipher.\r
-\r
- If Context is NULL, then ASSERT().\r
- If InData is NULL, then ASSERT().\r
- If Size of input data is not a multiple of a certaion block size , then ASSERT().\r
-\r
- @param[in] Context The specified Context.\r
- @param[in] InData The input ciphertext data to be decrypted.\r
- @param[in] InputSize The InData size.\r
- @param[in] Ivec Pointer to the Initial Vector data for decryption.\r
- @param[out] OutData The resultant decrypted plaintext.\r
-\r
- @retval TRUE Decryption successful.\r
-\r
-**/\r
-typedef\r
-BOOLEAN\r
-(EFIAPI *CRYPTO_CIPHER_DECRYPT)(\r
- IN VOID *Context,\r
- IN CONST UINT8 *InData,\r
- IN UINTN InputSize,\r
- IN CONST UINT8 *Ivec,\r
- OUT UINT8 *OutData\r
- );\r
-\r
-/**\r
- Prototype of Hash ContextSize.\r
-\r
- Retrieves the size, in bytes, of the context buffer required for specified hash operations.\r
-\r
- @return The size, in bytes, of the context buffer required for certain hash operations.\r
-\r
-**/\r
-typedef\r
-UINTN\r
-(EFIAPI *CRYPTO_HASH_GETCONTEXTSIZE)(\r
- VOID\r
- );\r
-\r
-/**\r
- Prototype of Hash Initiate.\r
-\r
- Initializes user-supplied memory pointed by Context as specified hash context for\r
- subsequent use.\r
-\r
- If Context is NULL, then ASSERT().\r
-\r
- @param[out] Context Pointer to specified context being initialized.\r
-\r
- @retval TRUE context initialization succeeded.\r
- @retval FALSE context initialization failed.\r
-\r
-**/\r
-typedef\r
-BOOLEAN\r
-(EFIAPI *CRYPTO_HASH_INIT)(\r
- OUT VOID *Context\r
- );\r
-\r
-/**\r
- Prototype of Hash Update\r
-\r
- Digests the input data and updates hash context.\r
-\r
- This function performs digest on a data buffer of the specified size.\r
- It can be called multiple times to compute the digest of long or discontinuous data streams.\r
- Context should be already correctly initialized by HashInit(), and should not be finalized\r
- by HashFinal(). Behavior with invalid context is undefined.\r
-\r
- If Context is NULL, then ASSERT().\r
-\r
- @param[in, out] Context Pointer to the specified context.\r
- @param[in] Data Pointer to the buffer containing the data to be hashed.\r
- @param[in] DataSize Size of Data buffer in bytes.\r
-\r
- @retval TRUE data digest succeeded.\r
- @retval FALSE data digest failed.\r
-\r
-**/\r
-typedef\r
-BOOLEAN\r
-(EFIAPI *CRYPTO_HASH_UPDATE)(\r
- IN OUT VOID *Context,\r
- IN CONST VOID *Data,\r
- IN UINTN DataSize\r
- );\r
-\r
-/**\r
- Prototype of Hash Finalization.\r
-\r
- Completes computation of the digest value.\r
-\r
- This function completes hash computation and retrieves the digest value into\r
- the specified memory. After this function has been called, the context cannot\r
- be used again.\r
- context should be already correctly initialized by HashInit(), and should not be\r
- finalized by HashFinal(). Behavior with invalid context is undefined.\r
-\r
- If Context is NULL, then ASSERT().\r
- If HashValue is NULL, then ASSERT().\r
-\r
- @param[in, out] Context Pointer to the specified context.\r
- @param[out] HashValue Pointer to a buffer that receives the digest\r
- value.\r
-\r
- @retval TRUE digest computation succeeded.\r
- @retval FALSE digest computation failed.\r
-\r
-**/\r
-typedef\r
-BOOLEAN\r
-(EFIAPI *CRYPTO_HASH_FINAL)(\r
- IN OUT VOID *Context,\r
- OUT UINT8 *HashValue\r
- );\r
-\r
-//\r
-// The struct used to store the information and operation of Block Cipher algorithm.\r
-//\r
-typedef struct _ENCRYPT_ALGORITHM {\r
- //\r
- // The ID of the Algorithm\r
- //\r
- UINT8 AlgorithmId;\r
- //\r
- // The Key length of the Algorithm\r
- //\r
- UINTN KeyLength;\r
- //\r
- // Iv Size of the Algorithm\r
- //\r
- UINTN IvLength;\r
- //\r
- // The Block Size of the Algorithm\r
- //\r
- UINTN BlockSize;\r
- //\r
- // The Function pointer of GetContextSize.\r
- //\r
- CRYPTO_CIPHER_GETCONTEXTSIZE CipherGetContextSize;\r
- //\r
- // The Function pointer of Cipher initiation.\r
- //\r
- CRYPTO_CIPHER_INIT CipherInitiate;\r
- //\r
- // The Function pointer of Cipher Encryption.\r
- //\r
- CRYPTO_CIPHER_ENCRYPT CipherEncrypt;\r
- //\r
- // The Function pointer of Cipher Decryption.\r
- //\r
- CRYPTO_CIPHER_DECRYPT CipherDecrypt;\r
-} ENCRYPT_ALGORITHM;\r
-\r
-//\r
-// The struct used to store the information and operation of Authentication algorithm.\r
-//\r
-typedef struct _AUTH_ALGORITHM {\r
- //\r
- // ID of the Algorithm\r
- //\r
- UINT8 AlgorithmId;\r
- //\r
- // The Key length of the Algorithm\r
- //\r
- UINTN DigestLength;\r
- //\r
- // The ICV length of the Algorithm\r
- //\r
- UINTN IcvLength;\r
- //\r
- // The block size of the Algorithm\r
- //\r
- UINTN BlockSize;\r
- //\r
- // The function pointer of GetContextSize.\r
- //\r
- CRYPTO_HMAC_GETCONTEXTSIZE HmacGetContextSize;\r
- //\r
- // The function pointer of Initiation\r
- //\r
- CRYPTO_HMAC_INIT HmacInitiate;\r
- //\r
- // The function pointer of HMAC Update.\r
- //\r
- CRYPTO_HMAC_UPDATE HmacUpdate;\r
- //\r
- // The fucntion pointer of HMAC Final\r
- //\r
- CRYPTO_HMAC_FINAL HmacFinal;\r
-} AUTH_ALGORITHM;\r
-\r
-//\r
-// The struct used to store the information and operation of Hash algorithm.\r
-//\r
-typedef struct _HASH_ALGORITHM {\r
- //\r
- // ID of the Algorithm\r
- //\r
- UINT8 AlgorithmId;\r
- //\r
- // The Key length of the Algorithm\r
- //\r
- UINTN DigestLength;\r
- //\r
- // The ICV length of the Algorithm\r
- //\r
- UINTN IcvLength;\r
- //\r
- // The block size of the Algorithm\r
- //\r
- UINTN BlockSize;\r
- //\r
- // The function pointer of GetContextSize\r
- //\r
- CRYPTO_HASH_GETCONTEXTSIZE HashGetContextSize;\r
- //\r
- // The function pointer of Initiation\r
- //\r
- CRYPTO_HASH_INIT HashInitiate;\r
- //\r
- // The function pointer of Hash Update\r
- //\r
- CRYPTO_HASH_UPDATE HashUpdate;\r
- //\r
- // The fucntion pointer of Hash Final\r
- //\r
- CRYPTO_HASH_FINAL HashFinal;\r
-} HASH_ALGORITHM;\r
-\r
-/**\r
- Get the IV size of specified encryption algorithm.\r
-\r
- @param[in] AlgorithmId The encryption algorithm ID.\r
-\r
- @return The value of IV size.\r
-\r
-**/\r
-UINTN\r
-IpSecGetEncryptIvLength (\r
- IN UINT8 AlgorithmId\r
- );\r
-\r
-/**\r
- Get the block size of specified encryption algorithm.\r
-\r
- @param[in] AlgorithmId The encryption algorithm ID.\r
-\r
- @return The value of block size.\r
-\r
-**/\r
-UINTN\r
-IpSecGetEncryptBlockSize (\r
- IN UINT8 AlgorithmId\r
- );\r
-\r
-/**\r
- Get the required key length of the specified encryption algorithm.\r
-\r
- @param[in] AlgorithmId The encryption algorithm ID.\r
-\r
- @return The value of key length.\r
-\r
-**/\r
-UINTN\r
-IpSecGetEncryptKeyLength (\r
- IN UINT8 AlgorithmId\r
- );\r
-\r
-/**\r
- Get the ICV size of the specified Authentication algorithm.\r
-\r
- @param[in] AlgorithmId The Authentication algorithm ID.\r
-\r
- @return The value of ICV size.\r
-\r
-**/\r
-UINTN\r
-IpSecGetIcvLength (\r
- IN UINT8 AlgorithmId\r
- );\r
-\r
-/**\r
- Get the HMAC digest length by the specified Algorithm ID.\r
-\r
- @param[in] AlgorithmId The specified Algorithm ID.\r
-\r
- @return The digest length of the specified Authentication Algorithm ID.\r
-\r
-**/\r
-UINTN\r
-IpSecGetHmacDigestLength (\r
- IN UINT8 AlgorithmId\r
- );\r
-\r
-/**\r
- Generate a random data for IV. If the IvSize is zero, not needed to create\r
- IV and return EFI_SUCCESS.\r
-\r
- @param[in] IvBuffer The pointer of the IV buffer.\r
- @param[in] IvSize The IV size in bytes.\r
-\r
- @retval EFI_SUCCESS Create random data for IV.\r
-\r
-**/\r
-EFI_STATUS\r
-IpSecGenerateIv (\r
- IN UINT8 *IvBuffer,\r
- IN UINTN IvSize\r
- );\r
-\r
-/**\r
- Encrypt the buffer.\r
-\r
- This function calls relevant encryption interface from CryptoLib according to\r
- the input algorithm ID. The InData should be multiple of block size. This function\r
- doesn't perform the padding. If it has the Ivec data, the length of it should be\r
- same with the block size. The block size is different from the different algorithm.\r
-\r
- @param[in] AlgorithmId The Algorithm identification defined in RFC.\r
- @param[in] Key Pointer to the buffer containing encrypting key.\r
- @param[in] KeyBits The length of the key in bits.\r
- @param[in] Ivec Point to the buffer containing the Initialization\r
- Vector (IV) data.\r
- @param[in] InData Point to the buffer containing the data to be\r
- encrypted.\r
- @param[in] InDataLength The length of InData in Bytes.\r
- @param[out] OutData Point to the buffer that receives the encryption\r
- output.\r
-\r
- @retval EFI_UNSUPPORTED The input Algorithm is not supported.\r
- @retval EFI_OUT_OF_RESOURCE The required resource can't be allocated.\r
- @retval EFI_SUCCESS The operation completed successfully.\r
-\r
-**/\r
-EFI_STATUS\r
-IpSecCryptoIoEncrypt (\r
- IN CONST UINT8 AlgorithmId,\r
- IN CONST UINT8 *Key,\r
- IN CONST UINTN KeyBits,\r
- IN CONST UINT8 *Ivec, OPTIONAL\r
- IN UINT8 *InData,\r
- IN UINTN InDataLength,\r
- OUT UINT8 *OutData\r
- );\r
-\r
-/**\r
- Decrypts the buffer.\r
-\r
- This function calls relevant Decryption interface from CryptoLib according to\r
- the input algorithm ID. The InData should be multiple of block size. This function\r
- doesn't perform the padding. If it has the Ivec data, the length of it should be\r
- same with the block size. The block size is different from the different algorithm.\r
-\r
- @param[in] AlgorithmId The Algorithm identification defined in RFC.\r
- @param[in] Key Pointer to the buffer containing encrypting key.\r
- @param[in] KeyBits The length of the key in bits.\r
- @param[in] Ivec Point to the buffer containing the Initialization\r
- Vector (IV) data.\r
- @param[in] InData Point to the buffer containing the data to be\r
- decrypted.\r
- @param[in] InDataLength The length of InData in Bytes.\r
- @param[out] OutData Pointer to the buffer that receives the decryption\r
- output.\r
-\r
- @retval EFI_UNSUPPORTED The input Algorithm is not supported.\r
- @retval EFI_OUT_OF_RESOURCE The required resource can't be allocated.\r
- @retval EFI_SUCCESS The operation completed successfully.\r
-\r
-**/\r
-EFI_STATUS\r
-IpSecCryptoIoDecrypt (\r
- IN CONST UINT8 AlgorithmId,\r
- IN CONST UINT8 *Key,\r
- IN CONST UINTN KeyBits,\r
- IN CONST UINT8 *Ivec, OPTIONAL\r
- IN UINT8 *InData,\r
- IN UINTN InDataLength,\r
- OUT UINT8 *OutData\r
- );\r
-\r
-/**\r
- Digests the Payload with key and store the result into the OutData.\r
-\r
- This function calls relevant Hmac interface from CryptoLib according to\r
- the input algorithm ID. It computes all datas from InDataFragment and output\r
- the result into the OutData buffer. If the OutDataSize is larger than the related\r
- HMAC algorithm output size, return EFI_INVALID_PARAMETER.\r
-\r
- @param[in] AlgorithmId The authentication Identification.\r
- @param[in] Key Pointer of the authentication key.\r
- @param[in] KeyLength The length of the Key in bytes.\r
- @param[in] InDataFragment The list contains all data to be authenticated.\r
- @param[in] FragmentCount The size of the InDataFragment.\r
- @param[out] OutData For in, the buffer to receive the output data.\r
- For out, the buffer contains the authenticated data.\r
- @param[in] OutDataSize The size of the buffer of OutData.\r
-\r
- @retval EFI_UNSUPPORTED If the AuthAlg is not in the support list.\r
- @retval EFI_INVALID_PARAMETER The OutData buffer size is larger than algorithm digest size.\r
- @retval EFI_SUCCESS Authenticate the payload successfully.\r
- @retval otherwise Authentication of the payload fails.\r
-\r
-**/\r
-EFI_STATUS\r
-IpSecCryptoIoHmac (\r
- IN CONST UINT8 AlgorithmId,\r
- IN CONST UINT8 *Key,\r
- IN UINTN KeyLength,\r
- IN HASH_DATA_FRAGMENT *InDataFragment,\r
- IN UINTN FragmentCount,\r
- OUT UINT8 *OutData,\r
- IN UINTN OutDataSize\r
- );\r
-\r
-/**\r
- Digests the Payload and store the result into the OutData.\r
-\r
- This function calls relevant Hash interface from CryptoLib according to\r
- the input algorithm ID. It computes all datas from InDataFragment and output\r
- the result into the OutData buffer. If the OutDataSize is larger than the related\r
- Hash algorithm output size, return EFI_INVALID_PARAMETER.\r
-\r
- @param[in] AlgorithmId The authentication Identification.\r
- @param[in] InDataFragment A list contains all data to be authenticated.\r
- @param[in] FragmentCount The size of the InDataFragment.\r
- @param[out] OutData For in, the buffer to receive the output data.\r
- For out, the buffer contains the authenticated data.\r
- @param[in] OutDataSize The size of the buffer of OutData.\r
-\r
- @retval EFI_UNSUPPORTED If the AuthAlg is not in the support list.\r
- @retval EFI_SUCCESS Authenticated the payload successfully.\r
- @retval EFI_INVALID_PARAMETER If the OutDataSize is larger than the related Hash\r
- algorithm could handle.\r
- @retval otherwise Authentication of the payload failed.\r
-\r
-**/\r
-EFI_STATUS\r
-IpSecCryptoIoHash (\r
- IN CONST UINT8 AlgorithmId,\r
- IN HASH_DATA_FRAGMENT *InDataFragment,\r
- IN UINTN FragmentCount,\r
- OUT UINT8 *OutData,\r
- IN UINTN OutDataSize\r
- );\r
-\r
-/**\r
- Generates the Diffie-Hellman public key.\r
-\r
- This function first initiate a DHContext, then call the DhSetParameter() to set\r
- the prime and primelength, at end call the DhGenerateKey() to generates random\r
- secret exponent, and computes the public key. The output returned via parameter\r
- PublicKey and PublicKeySize. DH context is updated accordingly. If the PublicKey\r
- buffer is too small to hold the public key, EFI_INVALID_PARAMETER is returned\r
- and PublicKeySize is set to the required buffer size to obtain the public key.\r
-\r
- @param[in, out] DhContext Pointer to the DH context.\r
- @param[in] Generator Value of generator.\r
- @param[in] PrimeLength Length in bits of prime to be generated.\r
- @param[in] Prime Pointer to the buffer to receive the generated\r
- prime number.\r
- @param[out] PublicKey Pointer to the buffer to receive generated public key.\r
- @param[in, out] PublicKeySize For in, the size of PublicKey buffer in bytes.\r
- For out, the size of data returned in PublicKey\r
- buffer in bytes.\r
-\r
- @retval EFI_SUCCESS The operation performs successfully.\r
- @retval Otherwise The operation is failed.\r
-\r
-**/\r
-EFI_STATUS\r
-IpSecCryptoIoDhGetPublicKey (\r
- IN OUT UINT8 **DhContext,\r
- IN UINTN Generator,\r
- IN UINTN PrimeLength,\r
- IN CONST UINT8 *Prime,\r
- OUT UINT8 *PublicKey,\r
- IN OUT UINTN *PublicKeySize\r
- );\r
-\r
-/**\r
- Generates exchanged common key.\r
-\r
- Given peer's public key, this function computes the exchanged common key, based\r
- on its own context including value of prime modulus and random secret exponent.\r
-\r
- @param[in, out] DhContext Pointer to the DH context.\r
- @param[in] PeerPublicKey Pointer to the peer's Public Key.\r
- @param[in] PeerPublicKeySize Size of peer's public key in bytes.\r
- @param[out] Key Pointer to the buffer to receive generated key.\r
- @param[in, out] KeySize For in, the size of Key buffer in bytes.\r
- For out, the size of data returned in Key\r
- buffer in bytes.\r
-\r
- @retval EFI_SUCCESS The operation performs successfully.\r
- @retval Otherwise The operation is failed.\r
-\r
-**/\r
-EFI_STATUS\r
-IpSecCryptoIoDhComputeKey (\r
- IN OUT UINT8 *DhContext,\r
- IN CONST UINT8 *PeerPublicKey,\r
- IN UINTN PeerPublicKeySize,\r
- OUT UINT8 *Key,\r
- IN OUT UINTN *KeySize\r
- );\r
-\r
-/**\r
- Releases the DH context. If DhContext is NULL, return EFI_INVALID_PARAMETER.\r
-\r
- @param[in, out] DhContext Pointer to the DH context to be freed.\r
-\r
- @retval EFI_SUCCESS The operation performs successfully.\r
- @retval EFI_INVALID_PARAMETER The DhContext is NULL.\r
-\r
-**/\r
-EFI_STATUS\r
-IpSecCryptoIoFreeDh (\r
- IN OUT UINT8 **DhContext\r
- );\r
-\r
-/**\r
- Generates random numbers of specified size.\r
-\r
- If the Random Generator wasn't initiated, initiate it first, then call RandomBytes.\r
-\r
- @param[out] OutBuffer Pointer to buffer to receive random value.\r
- @param[in] Bytes Size of random bytes to generate.\r
-\r
- @retval EFI_SUCCESS The operation performs successfully.\r
- @retval Otherwise The operation is failed.\r
-\r
-**/\r
-EFI_STATUS\r
-IpSecCryptoIoGenerateRandomBytes (\r
- OUT UINT8* OutBuffer,\r
- IN UINTN Bytes\r
- );\r
-\r
-/**\r
- Authenticate data with the certificate.\r
-\r
- @param[in] InData Pointer to the Data to be signed.\r
- @param[in] InDataSize InData size in bytes.\r
- @param[in] PrivateKey Pointer to the private key.\r
- @param[in] PrivateKeySize The size of Private Key in bytes.\r
- @param[in] KeyPassWord Pointer to the password for retrieving private key.\r
- @param[in] KeyPwdSize The size of Key Password in bytes.\r
- @param[out] OutData The pointer to the signed data.\r
- @param[in, out] OutDataSize Pointer to contain the size of out data.\r
-\r
-**/\r
-VOID\r
-IpSecCryptoIoAuthDataWithCertificate (\r
- IN UINT8 *InData,\r
- IN UINTN InDataSize,\r
- IN UINT8 *PrivateKey,\r
- IN UINTN PrivateKeySize,\r
- IN UINT8 *KeyPassWord,\r
- IN UINTN KeyPwdSize,\r
- OUT UINT8 **OutData,\r
- IN OUT UINTN *OutDataSize\r
- );\r
-\r
-/**\r
- Verify the singed data with the public key which is contained in a certificate.\r
-\r
- @param[in] InCert Pointer to the Certificate which contains the\r
- public key.\r
- @param[in] CertLen The size of Certificate in bytes.\r
- @param[in] InCa Pointer to the CA certificate\r
- @param[in] CaLen The size of CA certificate in bytes.\r
- @param[in] InData Pointer to octet message hash to be checked.\r
- @param[in] InDataSize Size of the message hash in bytes.\r
- @param[in] Singnature The pointer to the RSA PKCS1-V1_5 signature to be verified.\r
- @param[in] SigSize Size of signature in bytes.\r
-\r
- @retval TRUE Valid signature encoded in PKCS1-v1_5.\r
- @retval FALSE Invalid signature or invalid RSA context.\r
-\r
-**/\r
-BOOLEAN\r
-IpSecCryptoIoVerifySignDataByCertificate (\r
- IN UINT8 *InCert,\r
- IN UINTN CertLen,\r
- IN UINT8 *InCa,\r
- IN UINTN CaLen,\r
- IN UINT8 *InData,\r
- IN UINTN InDataSize,\r
- IN UINT8 *Singnature,\r
- IN UINTN SigSize\r
- );\r
-\r
-/**\r
- Retrieves the RSA Public Key from one X509 certificate (DER format only).\r
-\r
- @param[in] InCert Pointer to the certificate.\r
- @param[in] CertLen The size of the certificate in bytes.\r
- @param[out] PublicKey Pointer to the retrieved public key.\r
- @param[out] PublicKeyLen Size of Public Key in bytes.\r
-\r
- @retval EFI_SUCCESS Successfully get the public Key.\r
- @retval EFI_INVALID_PARAMETER The CA certificate is malformed.\r
-\r
-**/\r
-EFI_STATUS\r
-IpSecCryptoIoGetPublicKeyFromCert (\r
- IN UINT8 *InCert,\r
- IN UINTN CertLen,\r
- OUT UINT8 **PublicKey,\r
- OUT UINTN *PublicKeyLen\r
- );\r
-\r
-/**\r
- Retrieves the subject name from one X509 certificate (DER format only).\r
-\r
- @param[in] InCert Pointer to the X509 certificate.\r
- @param[in] CertSize The size of the X509 certificate in bytes.\r
- @param[out] CertSubject Pointer to the retrieved certificate subject.\r
- @param[out] SubjectSize The size of Certificate Subject in bytes.\r
-\r
- @retval EFI_SUCCESS Retrieved the certificate subject successfully.\r
- @retval EFI_INVALID_PARAMETER The certificate is malformed.\r
-\r
-**/\r
-EFI_STATUS\r
-IpSecCryptoIoGetSubjectFromCert (\r
- IN UINT8 *InCert,\r
- IN UINTN CertSize,\r
- OUT UINT8 **CertSubject,\r
- OUT UINTN *SubjectSize\r
- );\r
-\r
-#endif\r
-\r