1. Add new API supports for PEM & X509 key retrieving & verification;

2. Add new MD4 hash supports;
3. Add corresponding test case in Cryptest utility;
4. Fix MACRO definition issue in OpensslLib.inf and parameter checking issues in some wrapper implementations.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11214 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/CryptoPkg/Application/Cryptest/Cryptest.c b/CryptoPkg/Application/Cryptest/Cryptest.c
index 188a36c4c3727737b5bd6adf36fda4909222d6f7..db8c89aa51d6507e97109eeb1d322161ff6010d6 100644 (file)
--- a/CryptoPkg/Application/Cryptest/Cryptest.c
+++ b/CryptoPkg/Application/Cryptest/Cryptest.c
@@ -58,6 +58,11 @@ CryptestMain (
     return Status;\r
   }\r
 \r
+  Status = ValidateCryptRsa2 ();\r
+  if (EFI_ERROR (Status)) {\r
+    return Status;\r
+  }\r
+\r
   Status = ValidateAuthenticode ();\r
   if (EFI_ERROR (Status)) {\r
     return Status;\r

diff --git a/CryptoPkg/Application/Cryptest/Cryptest.h b/CryptoPkg/Application/Cryptest/Cryptest.h
index b63128552ed5102353ec27fa58d5698469024eac..cc68cd3ce531eec392705bcd370d8b719aae2997 100644 (file)
--- a/CryptoPkg/Application/Cryptest/Cryptest.h
+++ b/CryptoPkg/Application/Cryptest/Cryptest.h
@@ -72,6 +72,18 @@ ValidateCryptRsa (
   VOID\r
   );\r
 \r
+/**\r
+  Validate UEFI-OpenSSL RSA Key Retrieving (from PEM & X509) & Signature Interfaces.\r
+\r
+  @retval  EFI_SUCCESS  Validation succeeded.\r
+  @retval  EFI_ABORTED  Validation failed.\r
+\r
+**/\r
+EFI_STATUS\r
+ValidateCryptRsa2 (\r
+  VOID\r
+  );\r
+\r
 /**\r
   Validate UEFI-OpenSSL PKCS#7 Verification Interfaces.\r
 \r

diff --git a/CryptoPkg/Application/Cryptest/Cryptest.inf b/CryptoPkg/Application/Cryptest/Cryptest.inf
index 0e617607dbc99b7b95d73626d8436c6f913af1ce..ce9f62567bcac2e3d6a484d7c1ba79f84e953024 100644 (file)
--- a/CryptoPkg/Application/Cryptest/Cryptest.inf
+++ b/CryptoPkg/Application/Cryptest/Cryptest.inf
@@ -35,6 +35,7 @@
   HmacVerify.c\r
   BlockCipherVerify.c\r
   RsaVerify.c\r
+  RsaVerify2.c\r
   AuthenticodeVerify.c\r
   DhVerify.c\r
   RandVerify.c\r

diff --git a/CryptoPkg/Application/Cryptest/HashVerify.c b/CryptoPkg/Application/Cryptest/HashVerify.c
index 1b218965ee3e74ea4321c309aaf860173d8e3881..107ff45cc8f5cc311f00976439148d9be7e4acf6 100644 (file)
--- a/CryptoPkg/Application/Cryptest/HashVerify.c
+++ b/CryptoPkg/Application/Cryptest/HashVerify.c
@@ -24,6 +24,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 //\r
 GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 *HashData = "abc";\r
 \r
+//\r
+// Result for MD4("abc"). (From "A.5 Test suite" of IETF RFC1320)\r
+//\r
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 Md4Digest[MD4_DIGEST_SIZE] = {\r
+  0xa4, 0x48, 0x01, 0x7a, 0xaf, 0x21, 0xd8, 0x52, 0x5f, 0xc1, 0x0a, 0xe8, 0x7a, 0xa6, 0x72, 0x9d\r
+  };\r
+\r
 //\r
 // Result for MD5("abc"). (From "A.5 Test suite" of IETF RFC1321)\r
 //\r
@@ -68,6 +75,46 @@ ValidateCryptDigest (
   Print (L" UEFI-OpenSSL Hash Engine Testing:\n");\r
   DataSize = AsciiStrLen (HashData);\r
 \r
+  Print (L"- MD4:    ");\r
+  \r
+  //\r
+  // MD4 Digest Validation\r
+  //\r
+  ZeroMem (Digest, MAX_DIGEST_SIZE);\r
+  CtxSize = Md4GetContextSize ();\r
+  HashCtx = AllocatePool (CtxSize);\r
+\r
+  Print (L"Init... ");\r
+  Status  = Md4Init (HashCtx);\r
+  if (!Status) {\r
+    Print (L"[Fail]");\r
+    return EFI_ABORTED;\r
+  }\r
+\r
+  Print (L"Update... ");\r
+  Status  = Md4Update (HashCtx, HashData, DataSize);\r
+  if (!Status) {\r
+    Print (L"[Fail]");\r
+    return EFI_ABORTED;\r
+  }\r
+\r
+  Print (L"Finalize... ");\r
+  Status  = Md4Final (HashCtx, Digest);\r
+  if (!Status) {\r
+    Print (L"[Fail]");\r
+    return EFI_ABORTED;\r
+  }\r
+\r
+  FreePool (HashCtx);\r
+\r
+  Print (L"Check Value... ");\r
+  if (CompareMem (Digest, Md4Digest, MD5_DIGEST_SIZE) != 0) {\r
+    Print (L"[Fail]");\r
+    return EFI_ABORTED;\r
+  }\r
+\r
+  Print (L"[Pass]\n");\r
+\r
   Print (L"- MD5:    ");\r
 \r
   //\r

diff --git a/CryptoPkg/Application/Cryptest/RsaVerify2.c b/CryptoPkg/Application/Cryptest/RsaVerify2.c
new file mode 100644 (file)
index 0000000..adac99a
--- /dev/null
+++ b/CryptoPkg/Application/Cryptest/RsaVerify2.c
@@ -0,0 +1,305 @@
+/** @file  \r
+  Application for RSA Key Retrieving (from PEM and X509) & Signature Validation.\r
+\r
+Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution.  The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include "Cryptest.h"\r
+\r
+//\r
+// X509 Cert Data for RSA Public Key Retrieving and X509 Verification (Generated by OpenSSL utility).\r
+//\r
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 TestCert[] = {\r
+  0x30, 0x82, 0x02, 0x76, 0x30, 0x82, 0x01, 0xdf, 0x02, 0x09, 0x00, 0xa9, 0xff, 0x92, 0x73, 0xf6,\r
+  0x74, 0xe0, 0xb0, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05,\r
+  0x05, 0x00, 0x30, 0x7d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43,\r
+  0x4e, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x08, 0x53, 0x68, 0x61, 0x6e,\r
+  0x67, 0x68, 0x61, 0x69, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x53,\r
+  0x68, 0x61, 0x6e, 0x67, 0x68, 0x61, 0x69, 0x31, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x04, 0x0a,\r
+  0x13, 0x05, 0x49, 0x4e, 0x54, 0x45, 0x4c, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b,\r
+  0x13, 0x03, 0x50, 0x53, 0x49, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04,\r
+  0x55, 0x45, 0x46, 0x49, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,\r
+  0x01, 0x09, 0x01, 0x16, 0x0c, 0x75, 0x65, 0x66, 0x69, 0x40, 0x70, 0x73, 0x69, 0x2e, 0x63, 0x6f,\r
+  0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x30, 0x31, 0x30, 0x30, 0x38, 0x31, 0x38, 0x32, 0x35, 0x35,\r
+  0x39, 0x5a, 0x17, 0x0d, 0x32, 0x30, 0x31, 0x30, 0x30, 0x35, 0x31, 0x38, 0x32, 0x35, 0x35, 0x39,\r
+  0x5a, 0x30, 0x81, 0x81, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43,\r
+  0x4e, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x08, 0x53, 0x68, 0x61, 0x6e,\r
+  0x67, 0x68, 0x61, 0x69, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x53,\r
+  0x68, 0x61, 0x6e, 0x67, 0x68, 0x61, 0x69, 0x31, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x04, 0x0a,\r
+  0x13, 0x05, 0x49, 0x4e, 0x54, 0x45, 0x4c, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b,\r
+  0x13, 0x03, 0x50, 0x53, 0x49, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x06,\r
+  0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,\r
+  0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x0e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x40, 0x70, 0x73,\r
+  0x69, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,\r
+  0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81,\r
+  0x81, 0x00, 0xc2, 0xfe, 0xbb, 0xbd, 0x92, 0x60, 0x6c, 0x2b, 0x75, 0x43, 0x6e, 0xd5, 0x91, 0x61,\r
+  0x2a, 0xec, 0x15, 0x84, 0xce, 0x83, 0xc2, 0x51, 0xf6, 0x81, 0x93, 0xe6, 0x38, 0xd4, 0x85, 0xb1,\r
+  0x02, 0x97, 0xb2, 0x7e, 0x74, 0x70, 0x57, 0x09, 0x72, 0xff, 0xb0, 0x7e, 0xd1, 0x9b, 0x34, 0x52,\r
+  0xbb, 0x8e, 0xaf, 0x62, 0x26, 0xad, 0xfa, 0xc5, 0x9e, 0x5c, 0xbc, 0xb9, 0x9e, 0xfe, 0xa0, 0x33,\r
+  0x30, 0x03, 0x9d, 0x3a, 0x09, 0xbb, 0xa5, 0xa9, 0x85, 0x35, 0x73, 0x52, 0xc3, 0xed, 0x10, 0x7f,\r
+  0x83, 0x06, 0xe5, 0x2b, 0x3e, 0x39, 0xd9, 0xdf, 0x34, 0x7e, 0x15, 0x53, 0xbb, 0x82, 0x98, 0xe3,\r
+  0xd8, 0x7e, 0xb3, 0x7e, 0xc0, 0x7f, 0x54, 0x67, 0x57, 0x19, 0xf0, 0xb2, 0xf6, 0x45, 0xaf, 0x43,\r
+  0x05, 0xa5, 0x81, 0xc2, 0x15, 0xd7, 0x26, 0x85, 0xf7, 0xa7, 0x42, 0x36, 0x19, 0x19, 0xba, 0x0a,\r
+  0x04, 0x9d, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,\r
+  0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x25, 0xbf, 0x8d, 0x88, 0xfc, 0xae,\r
+  0x5e, 0xbe, 0x04, 0xed, 0x4e, 0xf2, 0x2e, 0x2f, 0x55, 0x9e, 0x21, 0x77, 0x86, 0x53, 0x16, 0xc0,\r
+  0x04, 0x11, 0xa2, 0xeb, 0x1e, 0xf1, 0xbc, 0xfa, 0x96, 0xa3, 0xa2, 0x77, 0xe4, 0x61, 0x1b, 0x4a,\r
+  0x69, 0x60, 0x16, 0x6f, 0xcb, 0xc6, 0xe2, 0x72, 0x72, 0xd1, 0x42, 0x7d, 0x83, 0x3d, 0xc5, 0x61,\r
+  0x86, 0x78, 0x4b, 0x95, 0x69, 0x20, 0x88, 0xd1, 0x3c, 0x9b, 0xed, 0x2e, 0x3b, 0xeb, 0xaa, 0x99,\r
+  0x7d, 0x9f, 0x24, 0xe6, 0xa9, 0x57, 0x31, 0x66, 0xe2, 0xe3, 0x3c, 0xd8, 0xb1, 0xf4, 0x33, 0x5d,\r
+  0x8c, 0x21, 0xe0, 0x77, 0x82, 0x6b, 0x44, 0xb0, 0x04, 0x68, 0x25, 0xc8, 0xa1, 0xa2, 0x81, 0x7d,\r
+  0x2e, 0xd5, 0xbb, 0xd2, 0x1d, 0x13, 0x3c, 0x22, 0x6d, 0xc5, 0x4d, 0xec, 0x76, 0x0a, 0x1c, 0xb0,\r
+  0x1e, 0x80, 0xc1, 0xa0, 0xcc, 0x91, 0xd5, 0x7a, 0x5c, 0xf1\r
+  };\r
+\r
+//\r
+// Test CA X509 Certificate for X509 Verification Routine (Generated by OpenSSL utility).\r
+//\r
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 TestCACert[] = {\r
+  0x30, 0x82, 0x02, 0x71, 0x30, 0x82, 0x01, 0xda, 0x02, 0x09, 0x00, 0x91, 0x9b, 0x90, 0x19, 0x9c,\r
+  0x81, 0x28, 0x47, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05,\r
+  0x05, 0x00, 0x30, 0x7d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43,\r
+  0x4e, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x08, 0x53, 0x68, 0x61, 0x6e,\r
+  0x67, 0x68, 0x61, 0x69, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x53,\r
+  0x68, 0x61, 0x6e, 0x67, 0x68, 0x61, 0x69, 0x31, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x04, 0x0a,\r
+  0x13, 0x05, 0x49, 0x4e, 0x54, 0x45, 0x4c, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b,\r
+  0x13, 0x03, 0x50, 0x53, 0x49, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04,\r
+  0x55, 0x45, 0x46, 0x49, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \r
+  0x01, 0x09, 0x01, 0x16, 0x0c, 0x75, 0x65, 0x66, 0x69, 0x40, 0x70, 0x73, 0x69, 0x2e, 0x63, 0x6f,\r
+  0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x30, 0x31, 0x30, 0x30, 0x38, 0x31, 0x38, 0x31, 0x35, 0x33,\r
+  0x36, 0x5a, 0x17, 0x0d, 0x32, 0x30, 0x31, 0x30, 0x30, 0x35, 0x31, 0x38, 0x31, 0x35, 0x33, 0x36,\r
+  0x5a, 0x30, 0x7d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4e,\r
+  0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x08, 0x53, 0x68, 0x61, 0x6e, 0x67,\r
+  0x68, 0x61, 0x69, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x53, 0x68,\r
+  0x61, 0x6e, 0x67, 0x68, 0x61, 0x69, 0x31, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,\r
+  0x05, 0x49, 0x4e, 0x54, 0x45, 0x4c, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13,\r
+  0x03, 0x50, 0x53, 0x49, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, 0x55,\r
+  0x45, 0x46, 0x49, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,\r
+  0x09, 0x01, 0x16, 0x0c, 0x75, 0x65, 0x66, 0x69, 0x40, 0x70, 0x73, 0x69, 0x2e, 0x63, 0x6f, 0x6d,\r
+  0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,\r
+  0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xa3, 0x32, 0x20,\r
+  0x1d, 0x10, 0x11, 0x9c, 0x9e, 0xa2, 0x42, 0x48, 0x9b, 0x15, 0xac, 0x66, 0xa2, 0xc8, 0x25, 0x11,\r
+  0x4c, 0xc8, 0x1e, 0x2e, 0x35, 0xd6, 0xc4, 0x43, 0x2e, 0x39, 0xf3, 0xac, 0x2b, 0xd6, 0x98, 0x5c,\r
+  0xbe, 0x62, 0xfe, 0x95, 0x8c, 0xd6, 0xb5, 0x4e, 0x9e, 0x0f, 0xee, 0x0e, 0xb1, 0xcc, 0x0a, 0x72,\r
+  0xc6, 0x47, 0x66, 0xfe, 0x6a, 0x8b, 0xde, 0x34, 0x0d, 0x62, 0x81, 0xd7, 0xa4, 0x30, 0x3a, 0xe6,\r
+  0x24, 0x3b, 0xe3, 0x5a, 0xd6, 0x2b, 0xec, 0x4a, 0xb7, 0x22, 0x36, 0xed, 0x3a, 0x71, 0xfa, 0xb1,\r
+  0x3f, 0x91, 0xd3, 0x11, 0xac, 0x52, 0xee, 0xbc, 0x37, 0x0e, 0x9e, 0x45, 0xe4, 0x4d, 0x33, 0x83,\r
+  0xef, 0x0c, 0xb3, 0x5a, 0xbe, 0x9e, 0x5c, 0x64, 0xd2, 0x9f, 0x70, 0xf4, 0xaa, 0xd0, 0x15, 0x0e,\r
+  0x60, 0xe5, 0xeb, 0x34, 0xfd, 0xd6, 0x70, 0x64, 0x11, 0x20, 0x60, 0x8c, 0xad, 0x02, 0x03, 0x01,\r
+  0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,\r
+  0x00, 0x03, 0x81, 0x81, 0x00, 0x81, 0xfa, 0x8b, 0x03, 0x59, 0x30, 0xbf, 0xd2, 0x7f, 0x90, 0xd9,\r
+  0x1a, 0xd9, 0xae, 0x1f, 0x3e, 0xc5, 0x45, 0x00, 0x0e, 0x06, 0x6e, 0xbc, 0xb0, 0xac, 0x32, 0xe3,\r
+  0x2c, 0x10, 0x2d, 0x59, 0x51, 0x34, 0x7a, 0xb4, 0x22, 0x1d, 0x0f, 0x85, 0x9d, 0x80, 0x90, 0x3f,\r
+  0x8e, 0x78, 0x2f, 0xfc, 0x12, 0x9e, 0xf2, 0xaa, 0xc9, 0x5d, 0x4a, 0x82, 0xc5, 0x64, 0xc7, 0x5a,\r
+  0x29, 0xcb, 0xc2, 0x59, 0xde, 0xdf, 0xd8, 0x69, 0x51, 0x7a, 0x78, 0x4b, 0x47, 0x15, 0xcd, 0x52,\r
+  0x66, 0xff, 0xb8, 0xf5, 0x16, 0xde, 0xe4, 0x32, 0xc5, 0x40, 0x42, 0xeb, 0xeb, 0x54, 0x63, 0xf7,\r
+  0x82, 0x44, 0x4b, 0x5d, 0x8f, 0x3a, 0x29, 0xdf, 0xbc, 0xe0, 0x21, 0x3d, 0xc2, 0x4a, 0x19, 0x6e,\r
+  0x7c, 0xed, 0xd3, 0x79, 0xac, 0xb0, 0x37, 0xea, 0xfd, 0x60, 0x7f, 0xbe, 0x5b, 0x0b, 0x69, 0x4a,\r
+  0xe3, 0xac, 0xfa, 0x75, 0x0f\r
+  };\r
+\r
+//\r
+// Password-protected PEM Key data for RSA Private Key Retrieving (encryption key is "client").\r
+// (Generated by OpenSSL utility).\r
+//\r
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 TestKeyPem[] = {\r
+  0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x52, 0x53, 0x41, 0x20, 0x50,\r
+  0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a,\r
+  0x50, 0x72, 0x6f, 0x63, 0x2d, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x34, 0x2c, 0x45, 0x4e, 0x43,\r
+  0x52, 0x59, 0x50, 0x54, 0x45, 0x44, 0x0a, 0x44, 0x45, 0x4b, 0x2d, 0x49, 0x6e, 0x66, 0x6f, 0x3a,\r
+  0x20, 0x44, 0x45, 0x53, 0x2d, 0x45, 0x44, 0x45, 0x33, 0x2d, 0x43, 0x42, 0x43, 0x2c, 0x44, 0x45,\r
+  0x37, 0x32, 0x46, 0x31, 0x31, 0x30, 0x31, 0x31, 0x37, 0x42, 0x33, 0x36, 0x35, 0x36, 0x0a, 0x0a,\r
+  0x38, 0x73, 0x6e, 0x79, 0x32, 0x59, 0x54, 0x79, 0x37, 0x67, 0x52, 0x5a, 0x38, 0x69, 0x73, 0x77,\r
+  0x68, 0x37, 0x66, 0x46, 0x71, 0x49, 0x31, 0x30, 0x61, 0x39, 0x38, 0x6a, 0x2f, 0x76, 0x45, 0x66,\r
+  0x69, 0x65, 0x47, 0x32, 0x43, 0x34, 0x53, 0x2b, 0x48, 0x70, 0x68, 0x33, 0x63, 0x68, 0x7a, 0x45,\r
+  0x2f, 0x63, 0x58, 0x31, 0x2b, 0x6b, 0x6a, 0x6c, 0x46, 0x6b, 0x71, 0x6b, 0x47, 0x4e, 0x65, 0x4d,\r
+  0x0a, 0x70, 0x72, 0x4b, 0x2b, 0x66, 0x48, 0x5a, 0x50, 0x77, 0x6c, 0x30, 0x63, 0x33, 0x79, 0x76,\r
+  0x59, 0x58, 0x45, 0x7a, 0x4c, 0x45, 0x62, 0x50, 0x6f, 0x38, 0x4c, 0x6e, 0x74, 0x38, 0x36, 0x65,\r
+  0x46, 0x53, 0x6f, 0x66, 0x4d, 0x78, 0x70, 0x33, 0x33, 0x64, 0x48, 0x39, 0x5a, 0x68, 0x6f, 0x57,\r
+  0x66, 0x41, 0x43, 0x59, 0x78, 0x47, 0x44, 0x6f, 0x32, 0x30, 0x53, 0x33, 0x79, 0x42, 0x39, 0x67,\r
+  0x38, 0x0a, 0x4d, 0x75, 0x59, 0x63, 0x74, 0x32, 0x38, 0x62, 0x6f, 0x62, 0x30, 0x65, 0x7a, 0x31,\r
+  0x43, 0x38, 0x51, 0x52, 0x78, 0x58, 0x48, 0x31, 0x66, 0x4a, 0x52, 0x5a, 0x52, 0x50, 0x34, 0x38,\r
+  0x50, 0x42, 0x6f, 0x5a, 0x7a, 0x36, 0x73, 0x6a, 0x4b, 0x36, 0x57, 0x51, 0x58, 0x66, 0x67, 0x4d,\r
+  0x32, 0x70, 0x4c, 0x31, 0x42, 0x6f, 0x51, 0x70, 0x4e, 0x4e, 0x4f, 0x6d, 0x61, 0x79, 0x2b, 0x2b,\r
+  0x72, 0x74, 0x0a, 0x6c, 0x7a, 0x32, 0x4f, 0x63, 0x72, 0x6a, 0x67, 0x2f, 0x72, 0x45, 0x61, 0x79,\r
+  0x63, 0x63, 0x43, 0x55, 0x4d, 0x7a, 0x4e, 0x4f, 0x4a, 0x51, 0x74, 0x4f, 0x47, 0x74, 0x34, 0x7a,\r
+  0x4d, 0x4a, 0x53, 0x73, 0x2f, 0x7a, 0x77, 0x77, 0x77, 0x73, 0x5a, 0x43, 0x4b, 0x74, 0x39, 0x33,\r
+  0x37, 0x30, 0x62, 0x76, 0x74, 0x63, 0x36, 0x45, 0x34, 0x75, 0x42, 0x63, 0x75, 0x41, 0x51, 0x72,\r
+  0x37, 0x73, 0x30, 0x0a, 0x44, 0x76, 0x46, 0x64, 0x4d, 0x6d, 0x6f, 0x71, 0x35, 0x57, 0x6d, 0x69,\r
+  0x48, 0x6d, 0x4e, 0x70, 0x67, 0x54, 0x70, 0x65, 0x54, 0x67, 0x77, 0x62, 0x56, 0x64, 0x76, 0x71,\r
+  0x49, 0x4f, 0x71, 0x31, 0x45, 0x6c, 0x6e, 0x30, 0x35, 0x53, 0x70, 0x76, 0x44, 0x7a, 0x4d, 0x56,\r
+  0x76, 0x67, 0x39, 0x78, 0x62, 0x76, 0x64, 0x6f, 0x6e, 0x67, 0x4f, 0x35, 0x77, 0x49, 0x51, 0x70,\r
+  0x69, 0x73, 0x73, 0x47, 0x0a, 0x75, 0x32, 0x69, 0x63, 0x4e, 0x66, 0x48, 0x48, 0x6d, 0x34, 0x76,\r
+  0x48, 0x2b, 0x6d, 0x6e, 0x72, 0x58, 0x45, 0x57, 0x63, 0x69, 0x6c, 0x30, 0x64, 0x61, 0x36, 0x6b,\r
+  0x54, 0x59, 0x66, 0x71, 0x70, 0x6d, 0x46, 0x37, 0x72, 0x52, 0x4d, 0x56, 0x61, 0x6c, 0x69, 0x30,\r
+  0x43, 0x44, 0x4f, 0x59, 0x7a, 0x37, 0x6e, 0x70, 0x51, 0x64, 0x33, 0x38, 0x6a, 0x43, 0x62, 0x78,\r
+  0x65, 0x59, 0x51, 0x65, 0x6d, 0x0a, 0x33, 0x68, 0x73, 0x61, 0x6f, 0x76, 0x58, 0x72, 0x71, 0x71,\r
+  0x4e, 0x34, 0x71, 0x6b, 0x67, 0x50, 0x48, 0x57, 0x68, 0x41, 0x74, 0x39, 0x5a, 0x4d, 0x4e, 0x37,\r
+  0x58, 0x45, 0x62, 0x56, 0x36, 0x42, 0x31, 0x6c, 0x36, 0x77, 0x4a, 0x71, 0x5a, 0x68, 0x68, 0x66,\r
+  0x33, 0x68, 0x79, 0x7a, 0x6f, 0x38, 0x32, 0x38, 0x47, 0x59, 0x45, 0x37, 0x56, 0x58, 0x45, 0x4e,\r
+  0x49, 0x6d, 0x76, 0x73, 0x35, 0x56, 0x0a, 0x69, 0x52, 0x58, 0x31, 0x6d, 0x61, 0x43, 0x30, 0x56,\r
+  0x6b, 0x72, 0x31, 0x46, 0x32, 0x36, 0x55, 0x63, 0x4b, 0x51, 0x67, 0x34, 0x66, 0x53, 0x39, 0x43,\r
+  0x71, 0x48, 0x31, 0x39, 0x7a, 0x4b, 0x36, 0x6d, 0x6d, 0x71, 0x47, 0x75, 0x67, 0x76, 0x66, 0x66,\r
+  0x2f, 0x74, 0x5a, 0x50, 0x72, 0x67, 0x68, 0x61, 0x4f, 0x62, 0x52, 0x2b, 0x77, 0x76, 0x34, 0x46,\r
+  0x65, 0x4f, 0x32, 0x42, 0x45, 0x44, 0x6d, 0x0a, 0x67, 0x4d, 0x33, 0x71, 0x47, 0x51, 0x4a, 0x44,\r
+  0x35, 0x53, 0x65, 0x77, 0x4f, 0x61, 0x62, 0x41, 0x72, 0x4e, 0x37, 0x4c, 0x6f, 0x30, 0x59, 0x2b,\r
+  0x44, 0x6a, 0x79, 0x39, 0x44, 0x43, 0x4b, 0x6f, 0x47, 0x4e, 0x4a, 0x50, 0x53, 0x4f, 0x58, 0x65,\r
+  0x70, 0x57, 0x48, 0x65, 0x6d, 0x6c, 0x76, 0x72, 0x49, 0x63, 0x39, 0x66, 0x4d, 0x2f, 0x37, 0x57,\r
+  0x6a, 0x4b, 0x4d, 0x6b, 0x72, 0x57, 0x50, 0x6a, 0x0a, 0x56, 0x64, 0x73, 0x61, 0x6e, 0x4b, 0x30,\r
+  0x7a, 0x74, 0x4e, 0x2b, 0x43, 0x49, 0x64, 0x66, 0x38, 0x70, 0x33, 0x55, 0x30, 0x30, 0x57, 0x44,\r
+  0x6d, 0x30, 0x2f, 0x62, 0x4d, 0x43, 0x56, 0x6d, 0x6b, 0x36, 0x6a, 0x76, 0x47, 0x66, 0x2f, 0x63,\r
+  0x55, 0x6c, 0x47, 0x38, 0x79, 0x6d, 0x30, 0x2f, 0x49, 0x67, 0x4a, 0x70, 0x71, 0x35, 0x2b, 0x33,\r
+  0x62, 0x78, 0x38, 0x73, 0x63, 0x54, 0x64, 0x55, 0x4f, 0x0a, 0x41, 0x38, 0x30, 0x41, 0x56, 0x68,\r
+  0x61, 0x53, 0x41, 0x71, 0x44, 0x6d, 0x68, 0x49, 0x6c, 0x59, 0x34, 0x54, 0x6f, 0x78, 0x42, 0x68,\r
+  0x63, 0x46, 0x2b, 0x4b, 0x4d, 0x48, 0x57, 0x33, 0x33, 0x5a, 0x45, 0x79, 0x66, 0x4a, 0x4a, 0x54,\r
+  0x71, 0x55, 0x42, 0x71, 0x4a, 0x6a, 0x4f, 0x69, 0x75, 0x41, 0x78, 0x6a, 0x59, 0x70, 0x71, 0x4f,\r
+  0x4e, 0x45, 0x35, 0x56, 0x4b, 0x33, 0x48, 0x68, 0x6c, 0x45, 0x0a, 0x2f, 0x4a, 0x33, 0x6b, 0x57,\r
+  0x79, 0x4f, 0x39, 0x69, 0x4d, 0x62, 0x33, 0x67, 0x73, 0x44, 0x59, 0x36, 0x41, 0x76, 0x41, 0x76,\r
+  0x5a, 0x39, 0x71, 0x6c, 0x5a, 0x6b, 0x30, 0x52, 0x50, 0x67, 0x49, 0x4c, 0x4a, 0x77, 0x6e, 0x33,\r
+  0x6d, 0x77, 0x67, 0x73, 0x63, 0x55, 0x70, 0x41, 0x30, 0x5a, 0x50, 0x6a, 0x61, 0x55, 0x56, 0x6c,\r
+  0x64, 0x71, 0x70, 0x32, 0x69, 0x71, 0x47, 0x78, 0x71, 0x50, 0x36, 0x0a, 0x45, 0x72, 0x65, 0x38,\r
+  0x38, 0x59, 0x75, 0x41, 0x53, 0x55, 0x4a, 0x5a, 0x4a, 0x62, 0x34, 0x72, 0x53, 0x42, 0x4c, 0x68,\r
+  0x45, 0x55, 0x41, 0x76, 0x63, 0x67, 0x38, 0x33, 0x4d, 0x6b, 0x4d, 0x6c, 0x68, 0x74, 0x6b, 0x34,\r
+  0x62, 0x67, 0x34, 0x5a, 0x35, 0x65, 0x73, 0x44, 0x57, 0x66, 0x4d, 0x67, 0x56, 0x65, 0x6a, 0x4e,\r
+  0x4a, 0x51, 0x3d, 0x3d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x52, 0x53,\r
+  0x41, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d,\r
+  0x2d, 0x2d\r
+  };\r
+\r
+//\r
+// Password for private key retrieving from encrypted PEM ("TestKeyPem").\r
+//\r
+GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 *PemPass = "client";\r
+\r
+//\r
+// Message Hash for Signing & Verification Validation.\r
+//\r
+GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 MsgHash[] = {\r
+  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,\r
+  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09\r
+  };\r
+\r
+/**\r
+  Validate UEFI-OpenSSL RSA Key Retrieving & Signature Interfaces.\r
+\r
+  @retval  EFI_SUCCESS  Validation succeeded.\r
+  @retval  EFI_ABORTED  Validation failed.\r
+\r
+**/\r
+EFI_STATUS\r
+ValidateCryptRsa2 (\r
+  VOID\r
+  )\r
+{\r
+  BOOLEAN  Status;\r
+  VOID     *RsaPrivKey;\r
+  VOID     *RsaPubKey;\r
+  UINT8    *Signature;\r
+  UINTN    SigSize;\r
+  UINT8    *Subject;\r
+  UINTN    SubjectSize;\r
+\r
+  Print (L"\nUEFI-OpenSSL RSA Key Retrieving Testing: ");\r
+\r
+  //\r
+  // Retrieve RSA private key from encrypted PEM data.\r
+  //\r
+  Print (L"\n- Retrieve RSA Private Key for PEM ...");\r
+  Status = RsaGetPrivateKeyFromPem (TestKeyPem, sizeof (TestKeyPem), PemPass, &RsaPrivKey);\r
+  if (Status == FALSE) {\r
+    Print (L"[Fail]");\r
+    return EFI_ABORTED;\r
+  } else {\r
+    Print (L"[Pass]");\r
+  }\r
+\r
+  //\r
+  // Retrieve RSA public key from X509 Certificate.\r
+  //\r
+  Print (L"\n- Retrieve RSA Public Key from X509 ... ");\r
+  RsaPubKey = NULL;\r
+  Status    = RsaGetPublicKeyFromX509 (TestCert, sizeof (TestCert), &RsaPubKey);\r
+  if (Status == FALSE) {\r
+    Print (L"[Fail]");\r
+    return EFI_ABORTED;\r
+  } else {\r
+    Print (L"[Pass]");\r
+  }\r
+\r
+  //\r
+  // Generate RSA PKCS#1 Signature.\r
+  //\r
+  Print (L"\n- PKCS#1 Signature ... ");\r
+  SigSize = 0;\r
+  Status  = RsaPkcs1Sign (RsaPrivKey, MsgHash, SHA1_DIGEST_SIZE, NULL, &SigSize);\r
+  if (Status || SigSize == 0) {\r
+    Print (L"[Fail]");\r
+    return EFI_ABORTED;\r
+  }\r
+\r
+  Signature = AllocatePool (SigSize);\r
+  Status    = RsaPkcs1Sign (RsaPrivKey, MsgHash, SHA1_DIGEST_SIZE, Signature, &SigSize);\r
+  if (!Status) {\r
+    Print (L"[Fail]");\r
+    return EFI_ABORTED;\r
+  } else {\r
+    Print (L"[Pass]");\r
+  }\r
+\r
+  //\r
+  // Verify RSA PKCS#1-encoded Signature.\r
+  //\r
+  Print (L"\n- PKCS#1 Signature Verification ... ");\r
+  Status = RsaPkcs1Verify (RsaPubKey, MsgHash, SHA1_DIGEST_SIZE, Signature, SigSize);\r
+  if (!Status) {\r
+    Print (L"[Fail]");\r
+    return EFI_ABORTED;\r
+  } else {\r
+    Print (L"[Pass]");\r
+  }\r
+\r
+  //\r
+  // X509 Certificate Subject Retrieving.\r
+  //\r
+  Print (L"\n- X509 Certificate Subject Bytes Retrieving ... ");\r
+  SubjectSize = 0;\r
+  Status  = X509GetSubjectName (TestCert, sizeof (TestCert), NULL, &SubjectSize);\r
+  Subject = (UINT8 *)AllocatePool (SubjectSize);\r
+  Status  = X509GetSubjectName (TestCert, sizeof (TestCert), Subject, &SubjectSize);\r
+  if (!Status) {\r
+    Print (L"[Fail]");\r
+    return EFI_ABORTED;\r
+  } else {\r
+    Print (L"[Pass]");\r
+  }\r
+\r
+  //\r
+  // X509 Certificate Verification.\r
+  //\r
+  Print (L"\n- X509 Certificate Verification with Trusted CA ...");\r
+  Status = X509VerifyCert (TestCert, sizeof (TestCert), TestCACert, sizeof (TestCACert));\r
+  if (!Status) {\r
+    Print (L"[Fail]\n");\r
+    return EFI_ABORTED;\r
+  } else {\r
+    Print (L"[Pass]\n");\r
+  }\r
+\r
+  //\r
+  // Release Resources.\r
+  //\r
+  RsaFree  (RsaPubKey);\r
+  RsaFree  (RsaPrivKey);\r
+  FreePool (Signature);\r
+  FreePool (Subject);\r
+\r
+  return EFI_SUCCESS;\r
+}\r

diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index ee8c44d367efa9163bc0790545f343f85d25ef25..5fbedd943923907c01f240beeb13d21f9e9da7a1 100644 (file)
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -18,6 +18,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #ifndef __BASE_CRYPT_LIB_H__\r
 #define __BASE_CRYPT_LIB_H__\r
 \r
+///\r
+/// MD4 digest size in bytes\r
+///\r
+#define MD4_DIGEST_SIZE     16\r
+\r
 ///\r
 /// MD5 digest size in bytes\r
 ///\r
@@ -61,6 +66,109 @@ typedef enum {
 //    One-Way Cryptographic Hash Primitives\r
 //=====================================================================================\r
 \r
+/**\r
+  Retrieves the size, in bytes, of the context buffer required for MD4 hash operations.\r
+\r
+  @return  The size, in bytes, of the context buffer required for MD4 hash operations.\r
+\r
+**/\r
+UINTN\r
+EFIAPI\r
+Md4GetContextSize (\r
+  VOID\r
+  );\r
+\r
+/**\r
+  Initializes user-supplied memory pointed by Md4Context as MD4 hash context for\r
+  subsequent use.\r
+\r
+  If Md4Context is NULL, then ASSERT().\r
+\r
+  @param[out]  Md4Context  Pointer to MD4 context being initialized.\r
+\r
+  @retval TRUE   MD4 context initialization succeeded.\r
+  @retval FALSE  MD4 context initialization failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Md4Init (\r
+  OUT  VOID  *Md4Context\r
+  );\r
+\r
+/**\r
+  Makes a copy of an existing MD4 context.\r
+\r
+  If Md4Context is NULL, then ASSERT().\r
+  If NewMd4Context is NULL, then ASSERT().\r
+\r
+  @param[in]  Md4Context     Pointer to MD4 context being copied.\r
+  @param[out] NewMd4Context  Pointer to new MD4 context.\r
+\r
+  @retval TRUE   MD4 context copy succeeded.\r
+  @retval FALSE  MD4 context copy failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Md4Duplicate (\r
+  IN   CONST VOID  *Md4Context,\r
+  OUT  VOID        *NewMd4Context\r
+  );\r
+\r
+/**\r
+  Digests the input data and updates MD4 context.\r
+\r
+  This function performs MD4 digest on a data buffer of the specified size.\r
+  It can be called multiple times to compute the digest of long or discontinuous data streams.\r
+  MD4 context should be already correctly intialized by Md4Init(), and should not be finalized\r
+  by Md4Final(). Behavior with invalid context is undefined.\r
+\r
+  If Md4Context is NULL, then ASSERT().\r
+\r
+  @param[in, out]  Md4Context  Pointer to the MD4 context.\r
+  @param[in]       Data        Pointer to the buffer containing the data to be hashed.\r
+  @param[in]       DataSize    Size of Data buffer in bytes.\r
+\r
+  @retval TRUE   MD4 data digest succeeded.\r
+  @retval FALSE  MD4 data digest failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Md4Update (\r
+  IN OUT  VOID        *Md4Context,\r
+  IN      CONST VOID  *Data,\r
+  IN      UINTN       DataSize\r
+  );\r
+\r
+/**\r
+  Completes computation of the MD4 digest value.\r
+\r
+  This function completes MD4 hash computation and retrieves the digest value into\r
+  the specified memory. After this function has been called, the MD4 context cannot\r
+  be used again.\r
+  MD4 context should be already correctly intialized by Md4Init(), and should not be\r
+  finalized by Md4Final(). Behavior with invalid MD4 context is undefined.\r
+\r
+  If Md4Context is NULL, then ASSERT().\r
+  If HashValue is NULL, then ASSERT().\r
+\r
+  @param[in, out]  Md4Context  Pointer to the MD4 context.\r
+  @param[out]      HashValue   Pointer to a buffer that receives the MD4 digest\r
+                               value (16 bytes).\r
+\r
+  @retval TRUE   MD4 digest computation succeeded.\r
+  @retval FALSE  MD4 digest computation failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Md4Final (\r
+  IN OUT  VOID   *Md4Context,\r
+  OUT     UINT8  *HashValue\r
+  );\r
+\r
 /**\r
   Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.\r
 \r
@@ -1292,6 +1400,107 @@ RsaPkcs1Verify (
   IN  UINTN        SigSize\r
   );\r
 \r
+/**\r
+  Retrieve the RSA Private Key from the password-protected PEM key data.\r
+\r
+  @param[in]  PemData      Pointer to the PEM-encoded key data to be retrieved.\r
+  @param[in]  PemSize      Size of the PEM key data in bytes.\r
+  @param[in]  Password     NULL-terminated passphrase used for encrypted PEM key data.\r
+  @param[out] RsaContext   Pointer to new-generated RSA context which contain the retrieved\r
+                           RSA private key component. Use RsaFree() function to free the\r
+                           resource.\r
+\r
+  If PemData is NULL, then ASSERT().\r
+  If RsaContext is NULL, then ASSERT().\r
+\r
+  @retval  TRUE   RSA Private Key was retrieved successfully.\r
+  @retval  FALSE  Invalid PEM key data or incorrect password.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+RsaGetPrivateKeyFromPem (\r
+  IN   CONST UINT8  *PemData,\r
+  IN   UINTN        PemSize,\r
+  IN   CONST CHAR8  *Password,\r
+  OUT  VOID         **RsaContext\r
+  );\r
+\r
+/**\r
+  Retrieve the RSA Public Key from one DER-encoded X509 certificate.\r
+\r
+  @param[in]  Cert         Pointer to the DER-encoded X509 certificate.\r
+  @param[in]  CertSize     Size of the X509 certificate in bytes.\r
+  @param[out] RsaContext   Pointer to new-generated RSA context which contain the retrieved\r
+                           RSA public key component. Use RsaFree() function to free the\r
+                           resource.\r
+\r
+  If Cert is NULL, then ASSERT().\r
+  If RsaContext is NULL, then ASSERT().\r
+\r
+  @retval  TRUE   RSA Public Key was retrieved successfully.\r
+  @retval  FALSE  Fail to retrieve RSA public key from X509 certificate.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+RsaGetPublicKeyFromX509 (\r
+  IN   CONST UINT8  *Cert,\r
+  IN   UINTN        CertSize,\r
+  OUT  VOID         **RsaContext\r
+  );\r
+\r
+/**\r
+  Retrieve the subject bytes from one X.509 certificate.\r
+\r
+  @param[in]      Cert         Pointer to the DER-encoded X509 certificate.\r
+  @param[in]      CertSize     Size of the X509 certificate in bytes.\r
+  @param[out]     CertSubject  Pointer to the retrieved certificate subject bytes.\r
+  @param[in, out] SubjectSize  The size in bytes of the CertSubject buffer on input,\r
+                               and the size of buffer returned CertSubject on output.\r
+\r
+  If Cert is NULL, then ASSERT().\r
+  If SubjectSize is NULL, then ASSERT().\r
+\r
+  @retval  TRUE   The certificate subject retrieved successfully.\r
+  @retval  FALSE  Invalid certificate, or the SubjectSize is too small for the result.\r
+                  The SubjectSize will be updated with the required size.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+X509GetSubjectName (\r
+  IN      CONST UINT8  *Cert,\r
+  IN      UINTN        CertSize,\r
+  OUT     UINT8        *CertSubject,\r
+  IN OUT  UINTN        *SubjectSize\r
+  );\r
+\r
+/**\r
+  Verify one X509 certificate was issued by the trusted CA.\r
+\r
+  @param[in]      Cert         Pointer to the DER-encoded X509 certificate to be verified.\r
+  @param[in]      CertSize     Size of the X509 certificate in bytes.\r
+  @param[in]      CACert       Pointer to the DER-encoded trusted CA certificate.\r
+  @param[in]      CACertSize   Size of the CA Certificate in bytes.\r
+\r
+  If Cert is NULL, then ASSERT().\r
+  If CACert is NULL, then ASSERT().\r
+\r
+  @retval  TRUE   The certificate was issued by the trusted CA.\r
+  @retval  FALSE  Invalid certificate or the certificate was not issued by the given\r
+                  trusted CA.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+X509VerifyCert (\r
+  IN  CONST UINT8  *Cert,\r
+  IN  UINTN        CertSize,\r
+  IN  CONST UINT8  *CACert,\r
+  IN  UINTN        CACertSize\r
+  );\r
+\r
 /**\r
   Verifies the validility of a PKCS#7 signed data as described in "PKCS #7: Cryptographic\r
   Message Syntax Standard".\r

diff --git a/CryptoPkg/Include/OpenSslSupport.h b/CryptoPkg/Include/OpenSslSupport.h
index 1c51cdb3024d530f3073c311f9a3c2520a729122..571511582edd673d1f34a911d1e188722d749d42 100644 (file)
--- a/CryptoPkg/Include/OpenSslSupport.h
+++ b/CryptoPkg/Include/OpenSslSupport.h
@@ -222,6 +222,7 @@ FILE  *stdout;
 #define memset(dest,ch,count)             SetMem(dest,(UINTN)(count),(UINT8)(ch))\r
 #define memchr(buf,ch,count)              ScanMem8(buf,(UINTN)(count),(UINT8)ch)\r
 #define memcmp(buf1,buf2,count)           (int)(CompareMem(buf1,buf2,(UINTN)(count)))\r
+#define memmove(dest,source,count)        CopyMem(dest,source,(UINTN)(count))\r
 #define strcmp                            AsciiStrCmp\r
 #define strncmp(string1,string2,count)    (int)(AsciiStrnCmp(string1,string2,(UINTN)(count)))\r
 #define strcpy(strDest,strSource)         AsciiStrCpy(strDest,strSource)\r

diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index efd28ed12008a20430fb6854e0b0274e7b51989e..26ec8c1e799c74c1a6092a86773f90f6c1fa7314 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -28,6 +28,7 @@
 \r
 [Sources]\r
   InternalCryptLib.h\r
+  Hash/CryptMd4.c\r
   Hash/CryptMd5.c\r
   Hash/CryptSha1.c\r
   Hash/CryptSha256.c\r
@@ -40,6 +41,8 @@
   Pk/CryptRsa.c\r
   Pk/CryptPkcs7.c\r
   Pk/CryptDh.c\r
+  Pk/CryptX509.c\r
+  Pem/CryptPem.c\r
 \r
   SysCall/CrtWrapper.c\r
   SysCall/TimerWrapper.c\r

diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c
new file mode 100644 (file)
index 0000000..a576913
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c
@@ -0,0 +1,177 @@
+/** @file\r
+  MD4 Digest Wrapper Implementation over OpenSSL.\r
+\r
+Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution.  The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include "InternalCryptLib.h"\r
+#include <openssl/md4.h>\r
+\r
+/**\r
+  Retrieves the size, in bytes, of the context buffer required for MD4 hash operations.\r
+\r
+  @return  The size, in bytes, of the context buffer required for MD4 hash operations.\r
+\r
+**/\r
+UINTN\r
+EFIAPI\r
+Md4GetContextSize (\r
+  VOID\r
+  )\r
+{\r
+  //\r
+  // Retrieves the OpenSSL MD4 Context Size\r
+  //\r
+  return (UINTN)(sizeof (MD4_CTX));\r
+}\r
+\r
+/**\r
+  Initializes user-supplied memory pointed by Md4Context as MD4 hash context for\r
+  subsequent use.\r
+\r
+  If Md4Context is NULL, then ASSERT().\r
+\r
+  @param[out]  Md4Context  Pointer to MD4 context being initialized.\r
+\r
+  @retval TRUE   MD4 context initialization succeeded.\r
+  @retval FALSE  MD4 context initialization failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Md4Init (\r
+  OUT  VOID  *Md4Context\r
+  )\r
+{\r
+  //\r
+  // ASSERT if Md4Context is NULL.\r
+  //\r
+  ASSERT (Md4Context != NULL);\r
+\r
+  //\r
+  // OpenSSL MD4 Context Initialization\r
+  //\r
+  return (BOOLEAN) (MD4_Init ((MD4_CTX *)Md4Context));\r
+}\r
+\r
+/**\r
+  Makes a copy of an existing MD4 context.\r
+\r
+  If Md4Context is NULL, then ASSERT().\r
+  If NewMd4Context is NULL, then ASSERT().\r
+\r
+  @param[in]  Md4Context     Pointer to MD4 context being copied.\r
+  @param[out] NewMd4Context  Pointer to new MD4 context.\r
+\r
+  @retval TRUE   MD4 context copy succeeded.\r
+  @retval FALSE  MD4 context copy failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Md4Duplicate (\r
+  IN   CONST VOID  *Md4Context,\r
+  OUT  VOID        *NewMd4Context\r
+  )\r
+{\r
+  //\r
+  // ASSERT if Md4Context or NewMd4Context is NULL.\r
+  //\r
+  ASSERT (Md4Context    != NULL);\r
+  ASSERT (NewMd4Context != NULL);\r
+\r
+  CopyMem (NewMd4Context, Md4Context, sizeof (MD4_CTX));\r
+\r
+  return TRUE;\r
+}\r
+\r
+/**\r
+  Digests the input data and updates MD4 context.\r
+\r
+  This function performs MD4 digest on a data buffer of the specified size.\r
+  It can be called multiple times to compute the digest of long or discontinuous data streams.\r
+  MD4 context should be already correctly intialized by Md4Init(), and should not be finalized\r
+  by Md4Final(). Behavior with invalid context is undefined.\r
+\r
+  If Md4Context is NULL, then ASSERT().\r
+\r
+  @param[in, out]  Md4Context  Pointer to the MD4 context.\r
+  @param[in]       Data        Pointer to the buffer containing the data to be hashed.\r
+  @param[in]       DataSize    Size of Data buffer in bytes.\r
+\r
+  @retval TRUE   MD4 data digest succeeded.\r
+  @retval FALSE  MD4 data digest failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Md4Update (\r
+  IN OUT  VOID        *Md4Context,\r
+  IN      CONST VOID  *Data,\r
+  IN      UINTN       DataSize\r
+  )\r
+{\r
+  //\r
+  // ASSERT if Md4Context is NULL\r
+  //\r
+  ASSERT (Md4Context != NULL);\r
+\r
+  //\r
+  // ASSERT if invalid parameters, in case that only DataLength was checked in OpenSSL\r
+  //\r
+  if (Data == NULL) {\r
+    ASSERT (DataSize == 0);\r
+  }\r
+\r
+  //\r
+  // OpenSSL MD4 Hash Update\r
+  //\r
+  return (BOOLEAN) (MD4_Update ((MD4_CTX *)Md4Context, Data, DataSize));\r
+}\r
+\r
+/**\r
+  Completes computation of the MD4 digest value.\r
+\r
+  This function completes MD4 hash computation and retrieves the digest value into\r
+  the specified memory. After this function has been called, the MD4 context cannot\r
+  be used again.\r
+  MD4 context should be already correctly intialized by Md4Init(), and should not be\r
+  finalized by Md4Final(). Behavior with invalid MD4 context is undefined.\r
+\r
+  If Md4Context is NULL, then ASSERT().\r
+  If HashValue is NULL, then ASSERT().\r
+\r
+  @param[in, out]  Md4Context  Pointer to the MD4 context.\r
+  @param[out]      HashValue   Pointer to a buffer that receives the MD4 digest\r
+                               value (16 bytes).\r
+\r
+  @retval TRUE   MD4 digest computation succeeded.\r
+  @retval FALSE  MD4 digest computation failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Md4Final (\r
+  IN OUT  VOID   *Md4Context,\r
+  OUT     UINT8  *HashValue\r
+  )\r
+{\r
+  //\r
+  // ASSERT if Md4Context is NULL or HashValue is NULL\r
+  //\r
+  ASSERT (Md4Context != NULL);\r
+  ASSERT (HashValue  != NULL);\r
+\r
+  //\r
+  // OpenSSL MD4 Hash Finalization\r
+  //\r
+  return (BOOLEAN) (MD4_Final (HashValue, (MD4_CTX *)Md4Context));\r
+}\r

diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c
index 73f3d219b01e889856ed8eb07c362b97525649f5..8d5e6ed89d106ad0b642be5af31b118898f80b36 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c
@@ -84,6 +84,12 @@ Md5Duplicate (
   OUT  VOID        *NewMd5Context\r
   )\r
 {\r
+  //\r
+  // ASSERT if Md5Context or NewMd5Context is NULL.\r
+  //\r
+  ASSERT (Md5Context    != NULL);\r
+  ASSERT (NewMd5Context != NULL);\r
+\r
   CopyMem (NewMd5Context, Md5Context, sizeof (MD5_CTX));\r
 \r
   return TRUE;\r

diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
index 9a317ec14358f8e427ccbc4195474faf42e29227..27526bcd404a834a438818dd59cfa285935ec271 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
@@ -83,6 +83,12 @@ Sha1Duplicate (
   OUT  VOID        *NewSha1Context\r
   )\r
 {\r
+  //\r
+  // ASSERT if Sha1Context or NewSha1Context is NULL.\r
+  //\r
+  ASSERT (Sha1Context    != NULL);\r
+  ASSERT (NewSha1Context != NULL);\r
+\r
   CopyMem (NewSha1Context, Sha1Context, sizeof (SHA_CTX));\r
 \r
   return TRUE;\r

diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c
index 7e6c6c691f87eca030ead2733a44a17588c2f715..3c2f9a11552138df230f29942fc97b31a81b5c0b 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c
@@ -82,6 +82,12 @@ Sha256Duplicate (
   OUT  VOID        *NewSha256Context\r
   )\r
 {\r
+  //\r
+  // ASSERT if Sha256Context or NewSha256Context is NULL.\r
+  //\r
+  ASSERT (Sha256Context    != NULL);\r
+  ASSERT (NewSha256Context != NULL);\r
+\r
   CopyMem (NewSha256Context, Sha256Context, sizeof (SHA256_CTX));\r
 \r
   return TRUE;\r

diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
index 1eff5c4978b57caec59a2ffad15bd391dfbcc158..5386072c388eed9824fce4dee96b47239c3cdcd9 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
@@ -89,6 +89,12 @@ HmacMd5Duplicate (
   OUT  VOID        *NewHmacMd5Context\r
   )\r
 {\r
+  //\r
+  // ASSERT if HmacMd5Context or NewHmacMd5Context is NULL.\r
+  //\r
+  ASSERT (HmacMd5Context    != NULL);\r
+  ASSERT (NewHmacMd5Context != NULL);\r
+  \r
   CopyMem (NewHmacMd5Context, HmacMd5Context, sizeof (HMAC_CTX));\r
 \r
   return TRUE;\r

diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
index 0298b80cc582e33f41f8a95ac40bc11ea137bfa5..ff9377c0d2f165c0b19f29f74da5b853dda01c56 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
@@ -89,6 +89,12 @@ HmacSha1Duplicate (
   OUT  VOID        *NewHmacSha1Context\r
   )\r
 {\r
+  //\r
+  // ASSERT if HmacSha1Context or NewHmacSha1Context is NULL.\r
+  //\r
+  ASSERT (HmacSha1Context    != NULL);\r
+  ASSERT (NewHmacSha1Context != NULL);\r
+\r
   CopyMem (NewHmacSha1Context, HmacSha1Context, sizeof (HMAC_CTX));\r
 \r
   return TRUE;\r

diff --git a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
new file mode 100644 (file)
index 0000000..e9de39a
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
@@ -0,0 +1,124 @@
+/** @file\r
+  PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL.\r
+\r
+Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution.  The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include "InternalCryptLib.h"\r
+#include <openssl/pem.h>\r
+\r
+/**\r
+  Callback function for password phrase conversion used for retrieving the encrypted PEM.\r
+\r
+  @param[out]  Buf      Pointer to the buffer to write the passphrase to.\r
+  @param[in]   Size     Maximum length of the passphrase (i.e. the size of Buf).\r
+  @param[in]   Flag     A flag which is set to 0 when reading and 1 when writing.\r
+  @param[in]   Key      Key data to be passed to the callback routine.\r
+\r
+  @retval  The number of characters in the passphrase or 0 if an error occurred.\r
+\r
+**/\r
+INTN\r
+PasswordCallback (\r
+  OUT  CHAR8  *Buf, \r
+  IN   INTN   Size, \r
+  IN   INTN   Flag, \r
+  IN   VOID   *Key\r
+  )\r
+{\r
+  INTN  KeyLength;\r
+\r
+  ZeroMem ((VOID *)Buf, (UINTN)Size);\r
+  if (Key != NULL) {\r
+    //\r
+    // Duplicate key phrase directly.\r
+    //\r
+    KeyLength = AsciiStrLen ((CHAR8 *)Key);\r
+    KeyLength = (KeyLength > Size ) ? Size : KeyLength;\r
+    CopyMem (Buf, Key, KeyLength);\r
+    return KeyLength;\r
+  } else {\r
+    return 0;\r
+  }\r
+}\r
+\r
+/**\r
+  Retrieve the RSA Private Key from the password-protected PEM key data.\r
+\r
+  @param[in]  PemData      Pointer to the PEM-encoded key data to be retrieved.\r
+  @param[in]  PemSize      Size of the PEM key data in bytes.\r
+  @param[in]  Password     NULL-terminated passphrase used for encrypted PEM key data.\r
+  @param[out] RsaContext   Pointer to new-generated RSA context which contain the retrieved\r
+                           RSA private key component. Use RsaFree() function to free the\r
+                           resource.\r
+\r
+  If PemData is NULL, then ASSERT().\r
+  If RsaContext is NULL, then ASSERT().\r
+\r
+  @retval  TRUE   RSA Private Key was retrieved successfully.\r
+  @retval  FALSE  Invalid PEM key data or incorrect password.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+RsaGetPrivateKeyFromPem (\r
+  IN   CONST UINT8  *PemData,\r
+  IN   UINTN        PemSize,\r
+  IN   CONST CHAR8  *Password,\r
+  OUT  VOID         **RsaContext\r
+  )\r
+{\r
+  BOOLEAN  Status;\r
+  BIO      *PemBio;\r
+\r
+  //\r
+  // ASSERT if PemData is NULL or RsaContext is NULL.\r
+  //\r
+  ASSERT (PemData    != NULL);\r
+  ASSERT (RsaContext != NULL);\r
+\r
+  Status = FALSE;\r
+  PemBio = NULL;\r
+\r
+  //\r
+  // Add possible block-cipher descriptor for PEM data decryption.\r
+  // NOTE: Only support most popular ciphers (3DES, AES) for the encrypted PEM.\r
+  //\r
+  EVP_add_cipher (EVP_des_ede3_cbc());\r
+  EVP_add_cipher (EVP_aes_128_cbc());\r
+  EVP_add_cipher (EVP_aes_192_cbc());\r
+  EVP_add_cipher (EVP_aes_256_cbc());\r
+\r
+  //\r
+  // Read encrypted PEM Data.\r
+  //\r
+  PemBio = BIO_new (BIO_s_mem ());\r
+  BIO_write (PemBio, PemData, (int)PemSize);\r
+  if (PemBio == NULL) {\r
+    goto _Exit;\r
+  }\r
+\r
+  //\r
+  // Retrieve RSA Private Key from encrypted PEM data.\r
+  //\r
+  *RsaContext = PEM_read_bio_RSAPrivateKey (PemBio, NULL, (pem_password_cb *)&PasswordCallback, (void *)Password);\r
+  if (*RsaContext != NULL) {\r
+    Status = TRUE;\r
+  }\r
+\r
+_Exit:\r
+  //\r
+  // Release Resources.\r
+  //\r
+  BIO_free (PemBio);\r
+\r
+  return Status;\r
+}\r

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
new file mode 100644 (file)
index 0000000..6d687c6
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
@@ -0,0 +1,288 @@
+/** @file\r
+  X.509 Certificate Handler Wrapper Implementation over OpenSSL.\r
+\r
+Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution.  The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include "InternalCryptLib.h"\r
+#include <openssl/x509.h>\r
+\r
+/**\r
+  Retrieve the subject bytes from one X.509 certificate.\r
+\r
+  @param[in]      Cert         Pointer to the DER-encoded X509 certificate.\r
+  @param[in]      CertSize     Size of the X509 certificate in bytes.\r
+  @param[out]     CertSubject  Pointer to the retrieved certificate subject bytes.\r
+  @param[in, out] SubjectSize  The size in bytes of the CertSubject buffer on input,\r
+                               and the size of buffer returned CertSubject on output.\r
+\r
+  If Cert is NULL, then ASSERT().\r
+  If SubjectSize is NULL, then ASSERT().\r
+\r
+  @retval  TRUE   The certificate subject retrieved successfully.\r
+  @retval  FALSE  Invalid certificate, or the SubjectSize is too small for the result.\r
+                  The SubjectSize will be updated with the required size.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+X509GetSubjectName (\r
+  IN      CONST UINT8  *Cert,\r
+  IN      UINTN        CertSize,\r
+  OUT     UINT8        *CertSubject,\r
+  IN OUT  UINTN        *SubjectSize\r
+  )\r
+{\r
+  BOOLEAN    Status;\r
+  BIO        *CertBio;\r
+  X509       *X509Cert;\r
+  X509_NAME  *X509Name;\r
+\r
+  //\r
+  // ASSERT if Cert is NULL or SubjectSize is NULL.\r
+  //\r
+  ASSERT (Cert        != NULL);\r
+  ASSERT (SubjectSize != NULL);\r
+\r
+  Status   = FALSE;\r
+  X509Cert = NULL;\r
+\r
+  //\r
+  // Read DER-encoded X509 Certificate and Construct X509 object.\r
+  //\r
+  CertBio = BIO_new (BIO_s_mem ());\r
+  BIO_write (CertBio, Cert, (int)CertSize);\r
+  if (CertBio == NULL) {\r
+    goto _Exit;\r
+  }\r
+  X509Cert = d2i_X509_bio (CertBio, NULL);\r
+  if (Cert == NULL) {\r
+    goto _Exit;\r
+  }\r
+\r
+  //\r
+  // Retrieve subject name from certificate object.\r
+  //\r
+  X509Name = X509_get_subject_name (X509Cert);\r
+  if (*SubjectSize < (UINTN) X509Name->bytes->length) {\r
+    *SubjectSize = (UINTN) X509Name->bytes->length;\r
+    goto _Exit;\r
+  }\r
+  *SubjectSize = (UINTN) X509Name->bytes->length;\r
+  if (CertSubject != NULL) {\r
+    CopyMem (CertSubject, (UINT8 *)X509Name->bytes->data, *SubjectSize);\r
+    Status = TRUE;\r
+  }\r
+\r
+_Exit:\r
+  //\r
+  // Release Resources.\r
+  //\r
+  BIO_free (CertBio);\r
+  X509_free (X509Cert);\r
+\r
+  return Status;\r
+}\r
+\r
+/**\r
+  Retrieve the RSA Public Key from one DER-encoded X509 certificate.\r
+\r
+  @param[in]  Cert         Pointer to the DER-encoded X509 certificate.\r
+  @param[in]  CertSize     Size of the X509 certificate in bytes.\r
+  @param[out] RsaContext   Pointer to new-generated RSA context which contain the retrieved\r
+                           RSA public key component. Use RsaFree() function to free the\r
+                           resource.\r
+\r
+  If Cert is NULL, then ASSERT().\r
+  If RsaContext is NULL, then ASSERT().\r
+\r
+  @retval  TRUE   RSA Public Key was retrieved successfully.\r
+  @retval  FALSE  Fail to retrieve RSA public key from X509 certificate.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+RsaGetPublicKeyFromX509 (\r
+  IN   CONST UINT8  *Cert,\r
+  IN   UINTN        CertSize,\r
+  OUT  VOID         **RsaContext\r
+  )\r
+{\r
+  BOOLEAN   Status;\r
+  EVP_PKEY  *Pkey;\r
+  BIO       *CertBio;\r
+  X509      *X509Cert;\r
+\r
+  //\r
+  // ASSERT if Cert is NULL or RsaContext is NULL.\r
+  //\r
+  ASSERT (Cert       != NULL);\r
+  ASSERT (RsaContext != NULL);\r
+\r
+  Status   = FALSE;\r
+  Pkey     = NULL;\r
+  CertBio  = NULL;\r
+  X509Cert = NULL;\r
+\r
+  //\r
+  // Read DER-encoded X509 Certificate and Construct X509 object.\r
+  //\r
+  CertBio = BIO_new (BIO_s_mem ());\r
+  BIO_write (CertBio, Cert, (int)CertSize);\r
+  if (CertBio == NULL) {\r
+    goto _Exit;\r
+  }\r
+  X509Cert = d2i_X509_bio (CertBio, NULL);\r
+  if (X509Cert == NULL) {\r
+    goto _Exit;\r
+  }\r
+\r
+  //\r
+  // Retrieve and check EVP_PKEY data from X509 Certificate.\r
+  //\r
+  Pkey = X509_get_pubkey (X509Cert);\r
+  if ((Pkey == NULL) || (Pkey->type != EVP_PKEY_RSA)) {\r
+    goto _Exit;\r
+  }\r
+\r
+  //\r
+  // Duplicate RSA Context from the retrieved EVP_PKEY.\r
+  //\r
+  if ((*RsaContext = RSAPublicKey_dup (Pkey->pkey.rsa)) != NULL) {\r
+    Status = TRUE;\r
+  }\r
+\r
+_Exit:\r
+  //\r
+  // Release Resources.\r
+  //\r
+  BIO_free (CertBio);\r
+  X509_free (X509Cert);\r
+  EVP_PKEY_free (Pkey);\r
+\r
+  return Status;\r
+}\r
+\r
+/**\r
+  Verify one X509 certificate was issued by the trusted CA.\r
+\r
+  @param[in]      Cert         Pointer to the DER-encoded X509 certificate to be verified.\r
+  @param[in]      CertSize     Size of the X509 certificate in bytes.\r
+  @param[in]      CACert       Pointer to the DER-encoded trusted CA certificate.\r
+  @param[in]      CACertSize   Size of the CA Certificate in bytes.\r
+\r
+  If Cert is NULL, then ASSERT().\r
+  If CACert is NULL, then ASSERT().\r
+\r
+  @retval  TRUE   The certificate was issued by the trusted CA.\r
+  @retval  FALSE  Invalid certificate or the certificate was not issued by the given\r
+                  trusted CA.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+X509VerifyCert (\r
+  IN  CONST UINT8  *Cert,\r
+  IN  UINTN        CertSize,\r
+  IN  CONST UINT8  *CACert,\r
+  IN  UINTN        CACertSize\r
+  )\r
+{\r
+  BOOLEAN         Status;\r
+  BIO             *BioCert;\r
+  BIO             *BioCACert;\r
+  X509            *X509Cert;\r
+  X509            *X509CACert;\r
+  X509_STORE      *CertStore;\r
+  X509_STORE_CTX  CertCtx;\r
+\r
+  //\r
+  // ASSERT if Cert is NULL or CACert is NULL.\r
+  //\r
+  ASSERT (Cert   != NULL);\r
+  ASSERT (CACert != NULL);\r
+\r
+  Status     = FALSE;\r
+  BioCert    = NULL;\r
+  BioCACert  = NULL;\r
+  X509Cert   = NULL;\r
+  X509CACert = NULL;\r
+  CertStore  = NULL;\r
+\r
+  //\r
+  // Register & Initialize necessary digest algorithms for certificate verification.\r
+  //\r
+  EVP_add_digest (EVP_md5());\r
+  EVP_add_digest (EVP_sha1());\r
+  EVP_add_digest (EVP_sha256());\r
+\r
+  //\r
+  // Read DER-encoded certificate to be verified and Construct X509 object.\r
+  //\r
+  BioCert = BIO_new (BIO_s_mem ());\r
+  BIO_write (BioCert, Cert, (int)CertSize);\r
+  if (BioCert == NULL) {\r
+    goto _Exit;\r
+  }\r
+  X509Cert = d2i_X509_bio (BioCert, NULL);\r
+  if (X509Cert == NULL) {\r
+    goto _Exit;\r
+  }\r
+\r
+  //\r
+  // Read DER-encoded root certificate and Construct X509 object.\r
+  //\r
+  BioCACert = BIO_new (BIO_s_mem());\r
+  BIO_write (BioCACert, CACert, (int)CACertSize);\r
+  if (BioCert == NULL) {\r
+    goto _Exit;\r
+  }\r
+  X509CACert = d2i_X509_bio (BioCACert, NULL);\r
+  if (CACert == NULL) {\r
+    goto _Exit;\r
+  }\r
+\r
+  //\r
+  // Set up X509 Store for trusted certificate.\r
+  //\r
+  CertStore = X509_STORE_new ();\r
+  if (CertStore == NULL) {\r
+    goto _Exit;\r
+  }\r
+  if (!(X509_STORE_add_cert (CertStore, X509CACert))) {\r
+    goto _Exit;\r
+  }\r
+\r
+  //\r
+  // Set up X509_STORE_CTX for the subsequent verification operation.\r
+  //\r
+  if (!X509_STORE_CTX_init (&CertCtx, CertStore, X509Cert, NULL)) {\r
+    goto _Exit;\r
+  }\r
+\r
+  //\r
+  // X509 Certificate Verification.\r
+  //\r
+  Status = (BOOLEAN) X509_verify_cert (&CertCtx);\r
+\r
+_Exit:\r
+  //\r
+  // Release Resources.\r
+  //\r
+  BIO_free (BioCert);\r
+  BIO_free (BioCACert);\r
+  X509_free (X509Cert);\r
+  X509_free (X509CACert);\r
+  X509_STORE_free (CertStore);\r
+  X509_STORE_CTX_cleanup (&CertCtx);\r
+\r
+  return Status;\r
+}\r

diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
index 1da4452d88532f199736e30a246432408beeb181..b9daaee0bc0d7aa685c95a14bc262d2a3392f5f5 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
@@ -293,3 +293,8 @@ int BIO_snprintf(char *buf, size_t n, const char *format, ...)
 {\r
   return 0;\r
 }\r
+\r
+void *UI_OpenSSL(void)\r
+{\r
+  return NULL;\r
+}\r

diff --git a/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c b/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c
index 48e0c52c369ace4413b5af06da14feaa4038b1cf..afaa0b74ee26b904e556564f59b45bd706b552cd 100644 (file)
--- a/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c
+++ b/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c
@@ -23,5 +23,17 @@ int _fltused = 1;
 /* Sets buffers to a specified character */\r
 void * memset (void *dest, char ch, unsigned int count)\r
 {\r
-  return SetMem (dest, (UINTN)count, (UINT8)ch);\r
+  //\r
+  // Declare the local variables that actually move the data elements as\r
+  // volatile to prevent the optimizer from replacing this function with\r
+  // the intrinsic memset()\r
+  //\r
+  volatile UINT8  *Pointer;\r
+\r
+  Pointer = (UINT8 *)dest;\r
+  while (count-- != 0) {\r
+    *(Pointer++) = ch;\r
+  }\r
+  \r
+  return dest;\r
 }\r

diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 45aa1761be596afe89ee170f7c454836c124f5a1..27547f3a38cd2a79d2ef1e3b69dbd499444d6618 100644 (file)
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -19,9 +19,9 @@
   MODULE_TYPE                    = BASE\r
   VERSION_STRING                 = 1.0\r
   LIBRARY_CLASS                  = OpensslLib\r
-  OPENSSL_PATH                   = openssl-0.9.8l\r
-  OPENSSL_FLAGS                  = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM\r
-  OPENSSL_EXFLAGS                = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 -DOPENSSL_NO_SHA512 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED\r
+  DEFINE OPENSSL_PATH            = openssl-0.9.8l\r
+  DEFINE OPENSSL_FLAGS           = -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASM\r
+  DEFINE OPENSSL_EXFLAGS         = -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_SHA0 -DOPENSSL_NO_SHA512 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED\r
   \r
 #\r
 # OPENSSL_FLAGS is set to define the following flags to be compatible with \r