X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=CryptoPkg%2FInclude%2FLibrary%2FBaseCryptLib.h;h=f4bc7c0d73d9d570f6be408bf0aaee1f27d0b5af;hp=b99401661cb98a2a89b278a32ff96e44ccaf9912;hb=7c342378317039e632d9a1a5d4cf7c21aec8cb7a;hpb=b6174e2d09bd03b71e13f8b842c92ae44b25a3ff diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index b99401661c..f4bc7c0d73 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -17,12 +17,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent /// /// MD5 digest size in bytes /// -#define MD5_DIGEST_SIZE 16 +#define MD5_DIGEST_SIZE 16 /// /// SHA-1 digest size in bytes. /// -#define SHA1_DIGEST_SIZE 20 +#define SHA1_DIGEST_SIZE 20 /// /// SHA-256 digest size in bytes @@ -42,17 +42,17 @@ SPDX-License-Identifier: BSD-2-Clause-Patent /// /// SM3 digest size in bytes /// -#define SM3_256_DIGEST_SIZE 32 +#define SM3_256_DIGEST_SIZE 32 /// /// TDES block size in bytes /// -#define TDES_BLOCK_SIZE 8 +#define TDES_BLOCK_SIZE 8 /// /// AES block size in bytes /// -#define AES_BLOCK_SIZE 16 +#define AES_BLOCK_SIZE 16 /// /// RSA Key Tags Definition used in RsaSetKey() function for key component identification. @@ -68,9 +68,11 @@ typedef enum { RsaKeyQInv ///< The CRT coefficient (== 1/q mod p) } RSA_KEY_TAG; -//===================================================================================== +// ===================================================================================== // One-Way Cryptographic Hash Primitives -//===================================================================================== +// ===================================================================================== + +#ifdef ENABLE_MD5_DEPRECATED_INTERFACES /** Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. @@ -212,6 +214,10 @@ Md5HashAll ( OUT UINT8 *HashValue ); +#endif + +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES + /** Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations. @@ -352,6 +358,8 @@ Sha1HashAll ( OUT UINT8 *HashValue ); +#endif + /** Retrieves the size, in bytes, of the context buffer required for SHA-256 hash operations. @@ -876,142 +884,9 @@ Sm3HashAll ( OUT UINT8 *HashValue ); -//===================================================================================== +// ===================================================================================== // MAC (Message Authentication Code) Primitive -//===================================================================================== - -/** - Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use. - - If this interface is not supported, then return NULL. - - @return Pointer to the HMAC_CTX context that has been initialized. - If the allocations fails, HmacSha1New() returns NULL. - @return NULL This interface is not supported. - -**/ -VOID * -EFIAPI -HmacSha1New ( - VOID - ); - -/** - Release the specified HMAC_CTX context. - - If this interface is not supported, then do nothing. - - @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. - -**/ -VOID -EFIAPI -HmacSha1Free ( - IN VOID *HmacSha1Ctx - ); - -/** - Set user-supplied key for subsequent use. It must be done before any - calling to HmacSha1Update(). - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HmacSha1Context Pointer to HMAC-SHA1 context. - @param[in] Key Pointer to the user-supplied key. - @param[in] KeySize Key size in bytes. - - @retval TRUE The Key is set successfully. - @retval FALSE The Key is set unsuccessfully. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1SetKey ( - OUT VOID *HmacSha1Context, - IN CONST UINT8 *Key, - IN UINTN KeySize - ); - -/** - Makes a copy of an existing HMAC-SHA1 context. - - If HmacSha1Context is NULL, then return FALSE. - If NewHmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied. - @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. - - @retval TRUE HMAC-SHA1 context copy succeeded. - @retval FALSE HMAC-SHA1 context copy failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Duplicate ( - IN CONST VOID *HmacSha1Context, - OUT VOID *NewHmacSha1Context - ); - -/** - Digests the input data and updates HMAC-SHA1 context. - - This function performs HMAC-SHA1 digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discontinuous data streams. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized by - HmacSha1Final(). Behavior with invalid context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[in] Data Pointer to the buffer containing the data to be digested. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE HMAC-SHA1 data digest succeeded. - @retval FALSE HMAC-SHA1 data digest failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Update ( - IN OUT VOID *HmacSha1Context, - IN CONST VOID *Data, - IN UINTN DataSize - ); - -/** - Completes computation of the HMAC-SHA1 digest value. - - This function completes HMAC-SHA1 hash computation and retrieves the digest value into - the specified memory. After this function has been called, the HMAC-SHA1 context cannot - be used again. - HMAC-SHA1 context should be initialized by HmacSha1New(), and should not be finalized - by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined. - - If HmacSha1Context is NULL, then return FALSE. - If HmacValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. - @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest - value (20 bytes). - - @retval TRUE HMAC-SHA1 digest computation succeeded. - @retval FALSE HMAC-SHA1 digest computation failed. - @retval FALSE This interface is not supported. - -**/ -BOOLEAN -EFIAPI -HmacSha1Final ( - IN OUT VOID *HmacSha1Context, - OUT UINT8 *HmacValue - ); +// ===================================================================================== /** Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use. @@ -1141,9 +1016,9 @@ HmacSha256Final ( OUT UINT8 *HmacValue ); -//===================================================================================== +// ===================================================================================== // Symmetric Cryptography Primitive -//===================================================================================== +// ===================================================================================== /** Retrieves the size, in bytes, of the context buffer required for AES operations. @@ -1268,9 +1143,9 @@ AesCbcDecrypt ( OUT UINT8 *Output ); -//===================================================================================== +// ===================================================================================== // Asymmetric Cryptography Primitive -//===================================================================================== +// ===================================================================================== /** Allocates and initializes one RSA context for subsequent use. @@ -1492,6 +1367,80 @@ RsaPkcs1Verify ( IN UINTN SigSize ); +/** + Carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme. + + This function carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme defined in + RFC 8017. + Mask generation function is the same as the message digest algorithm. + If the Signature buffer is too small to hold the contents of signature, FALSE + is returned and SigSize is set to the required buffer size to obtain the signature. + + If RsaContext is NULL, then return FALSE. + If Message is NULL, then return FALSE. + If MsgSize is zero or > INT_MAX, then return FALSE. + If DigestLen is NOT 32, 48 or 64, return FALSE. + If SaltLen is not equal to DigestLen, then return FALSE. + If SigSize is large enough but Signature is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] RsaContext Pointer to RSA context for signature generation. + @param[in] Message Pointer to octet message to be signed. + @param[in] MsgSize Size of the message in bytes. + @param[in] DigestLen Length of the digest in bytes to be used for RSA signature operation. + @param[in] SaltLen Length of the salt in bytes to be used for PSS encoding. + @param[out] Signature Pointer to buffer to receive RSA PSS signature. + @param[in, out] SigSize On input, the size of Signature buffer in bytes. + On output, the size of data returned in Signature buffer in bytes. + + @retval TRUE Signature successfully generated in RSASSA-PSS. + @retval FALSE Signature generation failed. + @retval FALSE SigSize is too small. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +RsaPssSign ( + IN VOID *RsaContext, + IN CONST UINT8 *Message, + IN UINTN MsgSize, + IN UINT16 DigestLen, + IN UINT16 SaltLen, + OUT UINT8 *Signature, + IN OUT UINTN *SigSize + ); + +/** + Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017. + Implementation determines salt length automatically from the signature encoding. + Mask generation function is the same as the message digest algorithm. + Salt length should be equal to digest length. + + @param[in] RsaContext Pointer to RSA context for signature verification. + @param[in] Message Pointer to octet message to be verified. + @param[in] MsgSize Size of the message in bytes. + @param[in] Signature Pointer to RSASSA-PSS signature to be verified. + @param[in] SigSize Size of signature in bytes. + @param[in] DigestLen Length of digest for RSA operation. + @param[in] SaltLen Salt length for PSS encoding. + + @retval TRUE Valid signature encoded in RSASSA-PSS. + @retval FALSE Invalid signature or invalid RSA context. + +**/ +BOOLEAN +EFIAPI +RsaPssVerify ( + IN VOID *RsaContext, + IN CONST UINT8 *Message, + IN UINTN MsgSize, + IN CONST UINT8 *Signature, + IN UINTN SigSize, + IN UINT16 DigestLen, + IN UINT16 SaltLen + ); + /** Retrieve the RSA Private Key from the password-protected PEM key data. @@ -1605,7 +1554,7 @@ EFIAPI X509GetCommonName ( IN CONST UINT8 *Cert, IN UINTN CertSize, - OUT CHAR8 *CommonName, OPTIONAL + OUT CHAR8 *CommonName OPTIONAL, IN OUT UINTN *CommonNameSize ); @@ -1638,10 +1587,10 @@ X509GetCommonName ( RETURN_STATUS EFIAPI X509GetOrganizationName ( - IN CONST UINT8 *Cert, - IN UINTN CertSize, - OUT CHAR8 *NameBuffer, OPTIONAL - IN OUT UINTN *NameBufferSize + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT CHAR8 *NameBuffer OPTIONAL, + IN OUT UINTN *NameBufferSize ); /** @@ -1876,8 +1825,8 @@ Pkcs1v2Encrypt ( IN UINTN PublicKeySize, IN UINT8 *InData, IN UINTN InDataSize, - IN CONST UINT8 *PrngSeed, OPTIONAL - IN UINTN PrngSeedSize, OPTIONAL + IN CONST UINT8 *PrngSeed OPTIONAL, + IN UINTN PrngSeedSize OPTIONAL, OUT UINT8 **EncryptedData, OUT UINTN *EncryptedDataSize ); @@ -1906,8 +1855,8 @@ typedef struct { } EFI_CERT_DATA; typedef struct { - UINT8 CertNumber; // Number of X.509 certificate. - //EFI_CERT_DATA CertArray[]; // An array of X.509 certificate. + UINT8 CertNumber; // Number of X.509 certificate. + // EFI_CERT_DATA CertArray[]; // An array of X.509 certificate. } EFI_CERT_STACK; #pragma pack() @@ -1960,7 +1909,7 @@ Pkcs7GetSigners ( VOID EFIAPI Pkcs7FreeSigners ( - IN UINT8 *Certs + IN UINT8 *Certs ); /** @@ -2206,9 +2155,9 @@ ImageTimestampVerify ( OUT EFI_TIME *SigningTime ); -//===================================================================================== +// ===================================================================================== // DH Key Exchange Primitive -//===================================================================================== +// ===================================================================================== /** Allocates and Initializes one Diffie-Hellman Context for subsequent use. @@ -2371,9 +2320,9 @@ DhComputeKey ( IN OUT UINTN *KeySize ); -//===================================================================================== +// ===================================================================================== // Pseudo-Random Generation Primitive -//===================================================================================== +// ===================================================================================== /** Sets up the seed value for the pseudorandom number generator. @@ -2421,9 +2370,9 @@ RandomBytes ( IN UINTN Size ); -//===================================================================================== +// ===================================================================================== // Key Derivation Function Primitive -//===================================================================================== +// ===================================================================================== /** Derive key data using HMAC-SHA256 based KDF.