[LibraryClasses.ARM]\r
ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf\r
\r
+[LibraryClasses.common.SEC]\r
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf\r
+\r
[LibraryClasses.common.PEIM]\r
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf\r
ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf\r
!if $(CRYPTO_SERVICES) == PACKAGE\r
[Components]\r
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf\r
+ CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf\r
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf\r
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf\r
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf\r
--- /dev/null
+/** @file\r
+\r
+MD5 Digest Wrapper Null Implementation.\r
+\r
+Copyright (c) Microsoft Corporation. All rights reserved.\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#include "InternalCryptLib.h"\r
+\r
+/**\r
+ Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.\r
+\r
+ @return The size, in bytes, of the context buffer required for MD5 hash operations.\r
+\r
+**/\r
+UINTN\r
+EFIAPI\r
+Md5GetContextSize (\r
+ VOID\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return 0;\r
+}\r
+\r
+/**\r
+ Initializes user-supplied memory pointed by Md5Context as MD5 hash context for\r
+ subsequent use.\r
+\r
+ If Md5Context is NULL, then return FALSE.\r
+\r
+ @param[out] Md5Context Pointer to MD5 context being initialized.\r
+\r
+ @retval TRUE MD5 context initialization succeeded.\r
+ @retval FALSE MD5 context initialization failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Md5Init (\r
+ OUT VOID *Md5Context\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
+\r
+/**\r
+ Makes a copy of an existing MD5 context.\r
+\r
+ If Md5Context is NULL, then return FALSE.\r
+ If NewMd5Context is NULL, then return FALSE.\r
+\r
+ @param[in] Md5Context Pointer to MD5 context being copied.\r
+ @param[out] NewMd5Context Pointer to new MD5 context.\r
+\r
+ @retval TRUE MD5 context copy succeeded.\r
+ @retval FALSE MD5 context copy failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Md5Duplicate (\r
+ IN CONST VOID *Md5Context,\r
+ OUT VOID *NewMd5Context\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
+\r
+/**\r
+ Digests the input data and updates MD5 context.\r
+\r
+ This function performs MD5 digest on a data buffer of the specified size.\r
+ It can be called multiple times to compute the digest of long or discontinuous data streams.\r
+ MD5 context should be already correctly intialized by Md5Init(), and should not be finalized\r
+ by Md5Final(). Behavior with invalid context is undefined.\r
+\r
+ If Md5Context is NULL, then return FALSE.\r
+\r
+ @param[in, out] Md5Context Pointer to the MD5 context.\r
+ @param[in] Data Pointer to the buffer containing the data to be hashed.\r
+ @param[in] DataSize Size of Data buffer in bytes.\r
+\r
+ @retval TRUE MD5 data digest succeeded.\r
+ @retval FALSE MD5 data digest failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Md5Update (\r
+ IN OUT VOID *Md5Context,\r
+ IN CONST VOID *Data,\r
+ IN UINTN DataSize\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
+\r
+/**\r
+ Completes computation of the MD5 digest value.\r
+\r
+ This function completes MD5 hash computation and retrieves the digest value into\r
+ the specified memory. After this function has been called, the MD5 context cannot\r
+ be used again.\r
+ MD5 context should be already correctly intialized by Md5Init(), and should not be\r
+ finalized by Md5Final(). Behavior with invalid MD5 context is undefined.\r
+\r
+ If Md5Context is NULL, then return FALSE.\r
+ If HashValue is NULL, then return FALSE.\r
+\r
+ @param[in, out] Md5Context Pointer to the MD5 context.\r
+ @param[out] HashValue Pointer to a buffer that receives the MD5 digest\r
+ value (16 bytes).\r
+\r
+ @retval TRUE MD5 digest computation succeeded.\r
+ @retval FALSE MD5 digest computation failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Md5Final (\r
+ IN OUT VOID *Md5Context,\r
+ OUT UINT8 *HashValue\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
+\r
+/**\r
+Computes the MD5 message digest of a input data buffer.\r
+\r
+This function performs the MD5 message digest of a given data buffer, and places\r
+the digest value into the specified memory.\r
+\r
+If this interface is not supported, then return FALSE.\r
+\r
+@param[in] Data Pointer to the buffer containing the data to be hashed.\r
+@param[in] DataSize Size of Data buffer in bytes.\r
+@param[out] HashValue Pointer to a buffer that receives the MD5 digest\r
+value (16 bytes).\r
+\r
+@retval TRUE MD5 digest computation succeeded.\r
+@retval FALSE MD5 digest computation failed.\r
+@retval FALSE This interface is not supported.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Md5HashAll (\r
+ IN CONST VOID *Data,\r
+ IN UINTN DataSize,\r
+ OUT UINT8 *HashValue\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
--- /dev/null
+/** @file\r
+ SHA-1 Digest Wrapper Null Implementation.\r
+\r
+Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#include "InternalCryptLib.h"\r
+\r
+/**\r
+ Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations.\r
+\r
+ @return The size, in bytes, of the context buffer required for SHA-1 hash operations.\r
+\r
+**/\r
+UINTN\r
+EFIAPI\r
+Sha1GetContextSize (\r
+ VOID\r
+ )\r
+{\r
+ //\r
+ // Retrieves SHA Context Size\r
+ //\r
+ ASSERT (FALSE);\r
+ return 0;\r
+}\r
+\r
+/**\r
+ Initializes user-supplied memory pointed by Sha1Context as SHA-1 hash context for\r
+ subsequent use.\r
+\r
+ If Sha1Context is NULL, then return FALSE.\r
+\r
+ @param[out] Sha1Context Pointer to SHA-1 context being initialized.\r
+\r
+ @retval TRUE SHA-1 context initialization succeeded.\r
+ @retval FALSE SHA-1 context initialization failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Sha1Init (\r
+ OUT VOID *Sha1Context\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
+\r
+/**\r
+ Makes a copy of an existing SHA-1 context.\r
+\r
+ If Sha1Context is NULL, then return FALSE.\r
+ If NewSha1Context is NULL, then return FALSE.\r
+\r
+ @param[in] Sha1Context Pointer to SHA-1 context being copied.\r
+ @param[out] NewSha1Context Pointer to new SHA-1 context.\r
+\r
+ @retval TRUE SHA-1 context copy succeeded.\r
+ @retval FALSE SHA-1 context copy failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Sha1Duplicate (\r
+ IN CONST VOID *Sha1Context,\r
+ OUT VOID *NewSha1Context\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+\r
+ return FALSE;\r
+}\r
+\r
+/**\r
+ Digests the input data and updates SHA-1 context.\r
+\r
+ This function performs SHA-1 digest on a data buffer of the specified size.\r
+ It can be called multiple times to compute the digest of long or discontinuous data streams.\r
+ SHA-1 context should be already correctly initialized by Sha1Init(), and should not be finalized\r
+ by Sha1Final(). Behavior with invalid context is undefined.\r
+\r
+ If Sha1Context is NULL, then return FALSE.\r
+\r
+ @param[in, out] Sha1Context Pointer to the SHA-1 context.\r
+ @param[in] Data Pointer to the buffer containing the data to be hashed.\r
+ @param[in] DataSize Size of Data buffer in bytes.\r
+\r
+ @retval TRUE SHA-1 data digest succeeded.\r
+ @retval FALSE SHA-1 data digest failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Sha1Update (\r
+ IN OUT VOID *Sha1Context,\r
+ IN CONST VOID *Data,\r
+ IN UINTN DataSize\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
+\r
+/**\r
+ Completes computation of the SHA-1 digest value.\r
+\r
+ This function completes SHA-1 hash computation and retrieves the digest value into\r
+ the specified memory. After this function has been called, the SHA-1 context cannot\r
+ be used again.\r
+ SHA-1 context should be already correctly initialized by Sha1Init(), and should not be\r
+ finalized by Sha1Final(). Behavior with invalid SHA-1 context is undefined.\r
+\r
+ If Sha1Context is NULL, then return FALSE.\r
+ If HashValue is NULL, then return FALSE.\r
+\r
+ @param[in, out] Sha1Context Pointer to the SHA-1 context.\r
+ @param[out] HashValue Pointer to a buffer that receives the SHA-1 digest\r
+ value (20 bytes).\r
+\r
+ @retval TRUE SHA-1 digest computation succeeded.\r
+ @retval FALSE SHA-1 digest computation failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Sha1Final (\r
+ IN OUT VOID *Sha1Context,\r
+ OUT UINT8 *HashValue\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
+\r
+/**\r
+ Computes the SHA-1 message digest of a input data buffer.\r
+\r
+ This function performs the SHA-1 message digest of a given data buffer, and places\r
+ the digest value into the specified memory.\r
+\r
+ If this interface is not supported, then return FALSE.\r
+\r
+ @param[in] Data Pointer to the buffer containing the data to be hashed.\r
+ @param[in] DataSize Size of Data buffer in bytes.\r
+ @param[out] HashValue Pointer to a buffer that receives the SHA-1 digest\r
+ value (20 bytes).\r
+\r
+ @retval TRUE SHA-1 digest computation succeeded.\r
+ @retval FALSE SHA-1 digest computation failed.\r
+ @retval FALSE This interface is not supported.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Sha1HashAll (\r
+ IN CONST VOID *Data,\r
+ IN UINTN DataSize,\r
+ OUT UINT8 *HashValue\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
--- /dev/null
+/** @file\r
+ SHA-256 Digest Wrapper Null Implementation.\r
+\r
+Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#include "InternalCryptLib.h"\r
+\r
+/**\r
+ Retrieves the size, in bytes, of the context buffer required for SHA-256 hash operations.\r
+\r
+ @return The size, in bytes, of the context buffer required for SHA-256 hash operations.\r
+\r
+**/\r
+UINTN\r
+EFIAPI\r
+Sha256GetContextSize (\r
+ VOID\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return 0;\r
+}\r
+\r
+/**\r
+ Initializes user-supplied memory pointed by Sha256Context as SHA-256 hash context for\r
+ subsequent use.\r
+\r
+ If Sha256Context is NULL, then return FALSE.\r
+\r
+ @param[out] Sha256Context Pointer to SHA-256 context being initialized.\r
+\r
+ @retval TRUE SHA-256 context initialization succeeded.\r
+ @retval FALSE SHA-256 context initialization failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Sha256Init (\r
+ OUT VOID *Sha256Context\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
+\r
+/**\r
+ Makes a copy of an existing SHA-256 context.\r
+\r
+ If Sha256Context is NULL, then return FALSE.\r
+ If NewSha256Context is NULL, then return FALSE.\r
+\r
+ @param[in] Sha256Context Pointer to SHA-256 context being copied.\r
+ @param[out] NewSha256Context Pointer to new SHA-256 context.\r
+\r
+ @retval TRUE SHA-256 context copy succeeded.\r
+ @retval FALSE SHA-256 context copy failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Sha256Duplicate (\r
+ IN CONST VOID *Sha256Context,\r
+ OUT VOID *NewSha256Context\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
+\r
+/**\r
+ Digests the input data and updates SHA-256 context.\r
+\r
+ This function performs SHA-256 digest on a data buffer of the specified size.\r
+ It can be called multiple times to compute the digest of long or discontinuous data streams.\r
+ SHA-256 context should be already correctly initialized by Sha256Init(), and should not be finalized\r
+ by Sha256Final(). Behavior with invalid context is undefined.\r
+\r
+ If Sha256Context is NULL, then return FALSE.\r
+\r
+ @param[in, out] Sha256Context Pointer to the SHA-256 context.\r
+ @param[in] Data Pointer to the buffer containing the data to be hashed.\r
+ @param[in] DataSize Size of Data buffer in bytes.\r
+\r
+ @retval TRUE SHA-256 data digest succeeded.\r
+ @retval FALSE SHA-256 data digest failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Sha256Update (\r
+ IN OUT VOID *Sha256Context,\r
+ IN CONST VOID *Data,\r
+ IN UINTN DataSize\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
+\r
+/**\r
+ Completes computation of the SHA-256 digest value.\r
+\r
+ This function completes SHA-256 hash computation and retrieves the digest value into\r
+ the specified memory. After this function has been called, the SHA-256 context cannot\r
+ be used again.\r
+ SHA-256 context should be already correctly initialized by Sha256Init(), and should not be\r
+ finalized by Sha256Final(). Behavior with invalid SHA-256 context is undefined.\r
+\r
+ If Sha256Context is NULL, then return FALSE.\r
+ If HashValue is NULL, then return FALSE.\r
+\r
+ @param[in, out] Sha256Context Pointer to the SHA-256 context.\r
+ @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest\r
+ value (32 bytes).\r
+\r
+ @retval TRUE SHA-256 digest computation succeeded.\r
+ @retval FALSE SHA-256 digest computation failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Sha256Final (\r
+ IN OUT VOID *Sha256Context,\r
+ OUT UINT8 *HashValue\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
+\r
+/**\r
+ Computes the SHA-256 message digest of a input data buffer.\r
+\r
+ This function performs the SHA-256 message digest of a given data buffer, and places\r
+ the digest value into the specified memory.\r
+\r
+ If this interface is not supported, then return FALSE.\r
+\r
+ @param[in] Data Pointer to the buffer containing the data to be hashed.\r
+ @param[in] DataSize Size of Data buffer in bytes.\r
+ @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest\r
+ value (32 bytes).\r
+\r
+ @retval TRUE SHA-256 digest computation succeeded.\r
+ @retval FALSE SHA-256 digest computation failed.\r
+ @retval FALSE This interface is not supported.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Sha256HashAll (\r
+ IN CONST VOID *Data,\r
+ IN UINTN DataSize,\r
+ OUT UINT8 *HashValue\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
--- /dev/null
+/** @file\r
+ SM3 Digest Wrapper Null Implementation.\r
+\r
+Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#include "InternalCryptLib.h"\r
+\r
+/**\r
+ Retrieves the size, in bytes, of the context buffer required for SM3 hash operations.\r
+\r
+ @return The size, in bytes, of the context buffer required for SM3 hash operations.\r
+\r
+**/\r
+UINTN\r
+EFIAPI\r
+Sm3GetContextSize (\r
+ VOID\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return 0;\r
+}\r
+\r
+/**\r
+ Initializes user-supplied memory pointed by Sm3Context as SM3 hash context for\r
+ subsequent use.\r
+\r
+ If Sm3Context is NULL, then return FALSE.\r
+\r
+ @param[out] Sm3Context Pointer to SM3 context being initialized.\r
+\r
+ @retval TRUE SM3 context initialization succeeded.\r
+ @retval FALSE SM3 context initialization failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Sm3Init (\r
+ OUT VOID *Sm3Context\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
+\r
+/**\r
+ Makes a copy of an existing SM3 context.\r
+\r
+ If Sm3Context is NULL, then return FALSE.\r
+ If NewSm3Context is NULL, then return FALSE.\r
+ If this interface is not supported, then return FALSE.\r
+\r
+ @param[in] Sm3Context Pointer to SM3 context being copied.\r
+ @param[out] NewSm3Context Pointer to new SM3 context.\r
+\r
+ @retval TRUE SM3 context copy succeeded.\r
+ @retval FALSE SM3 context copy failed.\r
+ @retval FALSE This interface is not supported.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Sm3Duplicate (\r
+ IN CONST VOID *Sm3Context,\r
+ OUT VOID *NewSm3Context\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
+\r
+/**\r
+ Digests the input data and updates SM3 context.\r
+\r
+ This function performs SM3 digest on a data buffer of the specified size.\r
+ It can be called multiple times to compute the digest of long or discontinuous data streams.\r
+ SM3 context should be already correctly initialized by Sm3Init(), and should not be finalized\r
+ by Sm3Final(). Behavior with invalid context is undefined.\r
+\r
+ If Sm3Context is NULL, then return FALSE.\r
+\r
+ @param[in, out] Sm3Context Pointer to the SM3 context.\r
+ @param[in] Data Pointer to the buffer containing the data to be hashed.\r
+ @param[in] DataSize Size of Data buffer in bytes.\r
+\r
+ @retval TRUE SM3 data digest succeeded.\r
+ @retval FALSE SM3 data digest failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Sm3Update (\r
+ IN OUT VOID *Sm3Context,\r
+ IN CONST VOID *Data,\r
+ IN UINTN DataSize\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
+\r
+/**\r
+ Completes computation of the SM3 digest value.\r
+\r
+ This function completes SM3 hash computation and retrieves the digest value into\r
+ the specified memory. After this function has been called, the SM3 context cannot\r
+ be used again.\r
+ SM3 context should be already correctly initialized by Sm3Init(), and should not be\r
+ finalized by Sm3Final(). Behavior with invalid SM3 context is undefined.\r
+\r
+ If Sm3Context is NULL, then return FALSE.\r
+ If HashValue is NULL, then return FALSE.\r
+\r
+ @param[in, out] Sm3Context Pointer to the SM3 context.\r
+ @param[out] HashValue Pointer to a buffer that receives the SM3 digest\r
+ value (32 bytes).\r
+\r
+ @retval TRUE SM3 digest computation succeeded.\r
+ @retval FALSE SM3 digest computation failed.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Sm3Final (\r
+ IN OUT VOID *Sm3Context,\r
+ OUT UINT8 *HashValue\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
+\r
+/**\r
+ Computes the SM3 message digest of a input data buffer.\r
+\r
+ This function performs the SM3 message digest of a given data buffer, and places\r
+ the digest value into the specified memory.\r
+\r
+ If this interface is not supported, then return FALSE.\r
+\r
+ @param[in] Data Pointer to the buffer containing the data to be hashed.\r
+ @param[in] DataSize Size of Data buffer in bytes.\r
+ @param[out] HashValue Pointer to a buffer that receives the SM3 digest\r
+ value (32 bytes).\r
+\r
+ @retval TRUE SM3 digest computation succeeded.\r
+ @retval FALSE SM3 digest computation failed.\r
+ @retval FALSE This interface is not supported.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+Sm3HashAll (\r
+ IN CONST VOID *Data,\r
+ IN UINTN DataSize,\r
+ OUT UINT8 *HashValue\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
--- /dev/null
+/** @file\r
+ PKCS7 Verify Null implementation.\r
+\r
+ Copyright (C) Microsoft Corporation. All Rights Reserved.\r
+ Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>\r
+\r
+ SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#include "InternalCryptLib.h"\r
+\r
+/**\r
+ This function will return the leaf signer certificate in a chain. This is\r
+ required because certificate chains are not guaranteed to have the\r
+ certificates in the order that they were issued.\r
+\r
+ A typical certificate chain looks like this:\r
+\r
+\r
+ ----------------------------\r
+ | Root |\r
+ ----------------------------\r
+ ^\r
+ |\r
+ ----------------------------\r
+ | Policy CA | <-- Typical Trust Anchor.\r
+ ----------------------------\r
+ ^\r
+ |\r
+ ----------------------------\r
+ | Issuing CA |\r
+ ----------------------------\r
+ ^\r
+ |\r
+ -----------------------------\r
+ / End-Entity (leaf) signer / <-- Bottom certificate.\r
+ ----------------------------- EKU: "1.3.6.1.4.1.311.76.9.21.1"\r
+ (Firmware Signing)\r
+\r
+\r
+ @param[in] CertChain Certificate chain.\r
+\r
+ @param[out] SignerCert Last certificate in the chain. For PKCS7 signatures,\r
+ this will be the end-entity (leaf) signer cert.\r
+\r
+ @retval EFI_SUCCESS The required EKUs were found in the signature.\r
+ @retval EFI_INVALID_PARAMETER A parameter was invalid.\r
+ @retval EFI_NOT_FOUND The number of signers found was not 1.\r
+\r
+**/\r
+EFI_STATUS\r
+GetSignerCertificate (\r
+ IN CONST VOID *CertChain,\r
+ OUT VOID **SignerCert\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return EFI_NOT_READY;\r
+}\r
+\r
+/**\r
+ Determines if the specified EKU represented in ASN1 form is present\r
+ in a given certificate.\r
+\r
+ @param[in] Cert The certificate to check.\r
+\r
+ @param[in] Asn1ToFind The EKU to look for.\r
+\r
+ @retval EFI_SUCCESS We successfully identified the signing type.\r
+ @retval EFI_INVALID_PARAMETER A parameter was invalid.\r
+ @retval EFI_NOT_FOUND One or more EKU's were not found in the signature.\r
+\r
+**/\r
+EFI_STATUS\r
+IsEkuInCertificate (\r
+ IN CONST VOID *Cert,\r
+ IN VOID *Asn1ToFind\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return EFI_NOT_READY;\r
+}\r
+\r
+/**\r
+ Determines if the specified EKUs are present in a signing certificate.\r
+\r
+ @param[in] SignerCert The certificate to check.\r
+ @param[in] RequiredEKUs The EKUs to look for.\r
+ @param[in] RequiredEKUsSize The number of EKUs\r
+ @param[in] RequireAllPresent If TRUE, then all the specified EKUs\r
+ must be present in the certificate.\r
+\r
+ @retval EFI_SUCCESS We successfully identified the signing type.\r
+ @retval EFI_INVALID_PARAMETER A parameter was invalid.\r
+ @retval EFI_NOT_FOUND One or more EKU's were not found in the signature.\r
+**/\r
+EFI_STATUS\r
+CheckEKUs (\r
+ IN CONST VOID *SignerCert,\r
+ IN CONST CHAR8 *RequiredEKUs[],\r
+ IN CONST UINT32 RequiredEKUsSize,\r
+ IN BOOLEAN RequireAllPresent\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return EFI_NOT_READY;\r
+}\r
+\r
+/**\r
+ This function receives a PKCS#7 formatted signature blob,\r
+ looks for the EKU SEQUENCE blob, and if found then looks\r
+ for all the required EKUs. This function was created so that\r
+ the Surface team can cut down on the number of Certificate\r
+ Authorities (CA's) by checking EKU's on leaf signers for\r
+ a specific product. This prevents one product's certificate\r
+ from signing another product's firmware or unlock blobs.\r
+\r
+ Note that this function does not validate the certificate chain.\r
+ That needs to be done before using this function.\r
+\r
+ @param[in] Pkcs7Signature The PKCS#7 signed information content block. An array\r
+ containing the content block with both the signature,\r
+ the signer's certificate, and any necessary intermediate\r
+ certificates.\r
+ @param[in] Pkcs7SignatureSize Number of bytes in Pkcs7Signature.\r
+ @param[in] RequiredEKUs Array of null-terminated strings listing OIDs of\r
+ required EKUs that must be present in the signature.\r
+ @param[in] RequiredEKUsSize Number of elements in the RequiredEKUs string array.\r
+ @param[in] RequireAllPresent If this is TRUE, then all of the specified EKU's\r
+ must be present in the leaf signer. If it is\r
+ FALSE, then we will succeed if we find any\r
+ of the specified EKU's.\r
+\r
+ @retval EFI_SUCCESS The required EKUs were found in the signature.\r
+ @retval EFI_INVALID_PARAMETER A parameter was invalid.\r
+ @retval EFI_NOT_FOUND One or more EKU's were not found in the signature.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+VerifyEKUsInPkcs7Signature (\r
+ IN CONST UINT8 *Pkcs7Signature,\r
+ IN CONST UINT32 SignatureSize,\r
+ IN CONST CHAR8 *RequiredEKUs[],\r
+ IN CONST UINT32 RequiredEKUsSize,\r
+ IN BOOLEAN RequireAllPresent\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return EFI_NOT_READY;\r
+}\r
--- /dev/null
+/** @file\r
+ RSA Asymmetric Cipher Wrapper Null Implementation.\r
+\r
+ This file implements following APIs which provide basic capabilities for RSA:\r
+ 1) RsaNew\r
+ 2) RsaFree\r
+ 3) RsaSetKey\r
+ 4) RsaPkcs1Verify\r
+\r
+Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#include "InternalCryptLib.h"\r
+\r
+/**\r
+ Allocates and initializes one RSA context for subsequent use.\r
+\r
+ @return Pointer to the RSA context that has been initialized.\r
+ If the allocations fails, RsaNew() returns NULL.\r
+\r
+**/\r
+VOID *\r
+EFIAPI\r
+RsaNew (\r
+ VOID\r
+ )\r
+{\r
+ //\r
+ // Allocates & Initializes RSA Context\r
+ //\r
+ ASSERT (FALSE);\r
+ return NULL;\r
+}\r
+\r
+/**\r
+ Release the specified RSA context.\r
+\r
+ @param[in] RsaContext Pointer to the RSA context to be released.\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+RsaFree (\r
+ IN VOID *RsaContext\r
+ )\r
+{\r
+ //\r
+ // Free RSA Context\r
+ //\r
+ ASSERT (FALSE);\r
+}\r
+\r
+/**\r
+ Sets the tag-designated key component into the established RSA context.\r
+\r
+ This function sets the tag-designated RSA key component into the established\r
+ RSA context from the user-specified non-negative integer (octet string format\r
+ represented in RSA PKCS#1).\r
+ If BigNumber is NULL, then the specified key component in RSA context is cleared.\r
+\r
+ If RsaContext is NULL, then return FALSE.\r
+\r
+ @param[in, out] RsaContext Pointer to RSA context being set.\r
+ @param[in] KeyTag Tag of RSA key component being set.\r
+ @param[in] BigNumber Pointer to octet integer buffer.\r
+ If NULL, then the specified key component in RSA\r
+ context is cleared.\r
+ @param[in] BnSize Size of big number buffer in bytes.\r
+ If BigNumber is NULL, then it is ignored.\r
+\r
+ @retval TRUE RSA key component was set successfully.\r
+ @retval FALSE Invalid RSA key component tag.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+RsaSetKey (\r
+ IN OUT VOID *RsaContext,\r
+ IN RSA_KEY_TAG KeyTag,\r
+ IN CONST UINT8 *BigNumber,\r
+ IN UINTN BnSize\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
+\r
+/**\r
+ Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in\r
+ RSA PKCS#1.\r
+\r
+ If RsaContext is NULL, then return FALSE.\r
+ If MessageHash is NULL, then return FALSE.\r
+ If Signature is NULL, then return FALSE.\r
+ If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.\r
+\r
+ @param[in] RsaContext Pointer to RSA context for signature verification.\r
+ @param[in] MessageHash Pointer to octet message hash to be checked.\r
+ @param[in] HashSize Size of the message hash in bytes.\r
+ @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.\r
+ @param[in] SigSize Size of signature in bytes.\r
+\r
+ @retval TRUE Valid signature encoded in PKCS1-v1_5.\r
+ @retval FALSE Invalid signature or invalid RSA context.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+RsaPkcs1Verify (\r
+ IN VOID *RsaContext,\r
+ IN CONST UINT8 *MessageHash,\r
+ IN UINTN HashSize,\r
+ IN CONST UINT8 *Signature,\r
+ IN UINTN SigSize\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return FALSE;\r
+}\r
--- /dev/null
+## @file\r
+# Cryptographic Library Instance for SEC.\r
+#\r
+# Caution: This module requires additional review when modified.\r
+# This library will have external input - signature.\r
+# This external input must be validated carefully to avoid security issues such as\r
+# buffer overflow or integer overflow.\r
+#\r
+# Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>\r
+# SPDX-License-Identifier: BSD-2-Clause-Patent\r
+#\r
+##\r
+\r
+[Defines]\r
+ INF_VERSION = 0x00010005\r
+ BASE_NAME = SecCryptLib\r
+ FILE_GUID = 3689D343-0D32-4284-8053-BF10537990E8\r
+ MODULE_TYPE = BASE\r
+ VERSION_STRING = 1.0\r
+ LIBRARY_CLASS = BaseCryptLib|SEC\r
+\r
+#\r
+# The following information is for reference only and not required by the build tools.\r
+#\r
+# VALID_ARCHITECTURES = IA32 X64\r
+#\r
+\r
+[Sources]\r
+ InternalCryptLib.h\r
+ Hash/CryptSha512.c\r
+\r
+ Hash/CryptMd5Null.c\r
+ Hash/CryptSha1Null.c\r
+ Hash/CryptSha256Null.c\r
+ Hash/CryptSm3Null.c\r
+ Hash/CryptParallelHashNull.c\r
+ Hmac/CryptHmacSha256Null.c\r
+ Kdf/CryptHkdfNull.c\r
+ Cipher/CryptAesNull.c\r
+ Pk/CryptRsaBasicNull.c\r
+ Pk/CryptRsaExtNull.c\r
+ Pk/CryptPkcs1OaepNull.c\r
+ Pk/CryptPkcs5Pbkdf2Null.c\r
+ Pk/CryptPkcs7SignNull.c\r
+ Pk/CryptPkcs7VerifyNull.c\r
+ Pk/CryptPkcs7VerifyEkuNull.c\r
+ Pk/CryptDhNull.c\r
+ Pk/CryptX509Null.c\r
+ Pk/CryptAuthenticodeNull.c\r
+ Pk/CryptTsNull.c\r
+ Pem/CryptPemNull.c\r
+ Rand/CryptRandNull.c\r
+ Pk/CryptRsaPssNull.c\r
+ Pk/CryptRsaPssSignNull.c\r
+\r
+ SysCall/CrtWrapper.c\r
+ SysCall/ConstantTimeClock.c\r
+ SysCall/BaseMemAllocation.c\r
+\r
+[Packages]\r
+ MdePkg/MdePkg.dec\r
+ CryptoPkg/CryptoPkg.dec\r
+\r
+[LibraryClasses]\r
+ BaseLib\r
+ BaseMemoryLib\r
+ MemoryAllocationLib\r
+ DebugLib\r
+ OpensslLib\r
+ IntrinsicLib\r
+\r
+#\r
+# Remove these [BuildOptions] after this library is cleaned up\r
+#\r
+[BuildOptions]\r
+ #\r
+ # suppress the following warnings so we do not break the build with warnings-as-errors:\r
+ # C4090: 'function' : different 'const' qualifiers\r
+ # C4718: 'function call' : recursive call has no side effects, deleting\r
+ #\r
+ MSFT:*_*_*_CC_FLAGS = /wd4090 /wd4718\r
+\r
+ # -JCryptoPkg/Include : To disable the use of the system includes provided by RVCT\r
+ # --diag_remark=1 : Reduce severity of "#1-D: last line of file ends without a newline"\r
+ RVCT:*_*_ARM_CC_FLAGS = -JCryptoPkg/Include --diag_remark=1\r
+\r
+ GCC:*_CLANG35_*_CC_FLAGS = -std=c99\r
+ GCC:*_CLANG38_*_CC_FLAGS = -std=c99\r
+ GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types\r
+\r
+ XCODE:*_*_*_CC_FLAGS = -std=c99\r
projects / mirror_edk2.git / commitdiff