mirror of https://github.com/acidanthera/audk.git
Add interfaces to several library instances of BaseCryptLib.
Signed-off-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Long Qin <qin.long@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13539 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
parent
c31b316c00
commit
532616bbd6
|
@ -69,7 +69,10 @@ typedef enum {
|
|||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for MD4 hash operations.
|
||||
|
||||
If this interface is not supported, then return zero.
|
||||
|
||||
@return The size, in bytes, of the context buffer required for MD4 hash operations.
|
||||
@retval 0 This interface is not supported.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
|
@ -83,11 +86,13 @@ Md4GetContextSize (
|
|||
subsequent use.
|
||||
|
||||
If Md4Context is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[out] Md4Context Pointer to MD4 context being initialized.
|
||||
|
||||
@retval TRUE MD4 context initialization succeeded.
|
||||
@retval FALSE MD4 context initialization failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -101,12 +106,14 @@ Md4Init (
|
|||
|
||||
If Md4Context is NULL, then return FALSE.
|
||||
If NewMd4Context is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] Md4Context Pointer to MD4 context being copied.
|
||||
@param[out] NewMd4Context Pointer to new MD4 context.
|
||||
|
||||
@retval TRUE MD4 context copy succeeded.
|
||||
@retval FALSE MD4 context copy failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -125,6 +132,7 @@ Md4Duplicate (
|
|||
by Md4Final(). Behavior with invalid context is undefined.
|
||||
|
||||
If Md4Context is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in, out] Md4Context Pointer to the MD4 context.
|
||||
@param[in] Data Pointer to the buffer containing the data to be hashed.
|
||||
|
@ -132,6 +140,7 @@ Md4Duplicate (
|
|||
|
||||
@retval TRUE MD4 data digest succeeded.
|
||||
@retval FALSE MD4 data digest failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -153,6 +162,7 @@ Md4Update (
|
|||
|
||||
If Md4Context is NULL, then return FALSE.
|
||||
If HashValue is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in, out] Md4Context Pointer to the MD4 context.
|
||||
@param[out] HashValue Pointer to a buffer that receives the MD4 digest
|
||||
|
@ -160,6 +170,7 @@ Md4Update (
|
|||
|
||||
@retval TRUE MD4 digest computation succeeded.
|
||||
@retval FALSE MD4 digest computation failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -172,7 +183,10 @@ Md4Final (
|
|||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
|
||||
|
||||
If this interface is not supported, then return zero.
|
||||
|
||||
@return The size, in bytes, of the context buffer required for MD5 hash operations.
|
||||
@retval 0 This interface is not supported.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
|
@ -186,11 +200,13 @@ Md5GetContextSize (
|
|||
subsequent use.
|
||||
|
||||
If Md5Context is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[out] Md5Context Pointer to MD5 context being initialized.
|
||||
|
||||
@retval TRUE MD5 context initialization succeeded.
|
||||
@retval FALSE MD5 context initialization failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -204,12 +220,14 @@ Md5Init (
|
|||
|
||||
If Md5Context is NULL, then return FALSE.
|
||||
If NewMd5Context is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] Md5Context Pointer to MD5 context being copied.
|
||||
@param[out] NewMd5Context Pointer to new MD5 context.
|
||||
|
||||
@retval TRUE MD5 context copy succeeded.
|
||||
@retval FALSE MD5 context copy failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -228,6 +246,7 @@ Md5Duplicate (
|
|||
by Md5Final(). Behavior with invalid context is undefined.
|
||||
|
||||
If Md5Context is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in, out] Md5Context Pointer to the MD5 context.
|
||||
@param[in] Data Pointer to the buffer containing the data to be hashed.
|
||||
|
@ -235,6 +254,7 @@ Md5Duplicate (
|
|||
|
||||
@retval TRUE MD5 data digest succeeded.
|
||||
@retval FALSE MD5 data digest failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -256,6 +276,7 @@ Md5Update (
|
|||
|
||||
If Md5Context is NULL, then return FALSE.
|
||||
If HashValue is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in, out] Md5Context Pointer to the MD5 context.
|
||||
@param[out] HashValue Pointer to a buffer that receives the MD5 digest
|
||||
|
@ -263,6 +284,7 @@ Md5Update (
|
|||
|
||||
@retval TRUE MD5 digest computation succeeded.
|
||||
@retval FALSE MD5 digest computation failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -275,7 +297,10 @@ Md5Final (
|
|||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations.
|
||||
|
||||
If this interface is not supported, then return zero.
|
||||
|
||||
@return The size, in bytes, of the context buffer required for SHA-1 hash operations.
|
||||
@retval 0 This interface is not supported.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
|
@ -289,11 +314,13 @@ Sha1GetContextSize (
|
|||
subsequent use.
|
||||
|
||||
If Sha1Context is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[out] Sha1Context Pointer to SHA-1 context being initialized.
|
||||
|
||||
@retval TRUE SHA-1 context initialization succeeded.
|
||||
@retval FALSE SHA-1 context initialization failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -307,12 +334,14 @@ Sha1Init (
|
|||
|
||||
If Sha1Context is NULL, then return FALSE.
|
||||
If NewSha1Context is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] Sha1Context Pointer to SHA-1 context being copied.
|
||||
@param[out] NewSha1Context Pointer to new SHA-1 context.
|
||||
|
||||
@retval TRUE SHA-1 context copy succeeded.
|
||||
@retval FALSE SHA-1 context copy failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -331,6 +360,7 @@ Sha1Duplicate (
|
|||
by Sha1Final(). Behavior with invalid context is undefined.
|
||||
|
||||
If Sha1Context is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in, out] Sha1Context Pointer to the SHA-1 context.
|
||||
@param[in] Data Pointer to the buffer containing the data to be hashed.
|
||||
|
@ -338,6 +368,7 @@ Sha1Duplicate (
|
|||
|
||||
@retval TRUE SHA-1 data digest succeeded.
|
||||
@retval FALSE SHA-1 data digest failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -359,6 +390,7 @@ Sha1Update (
|
|||
|
||||
If Sha1Context is NULL, then return FALSE.
|
||||
If HashValue is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in, out] Sha1Context Pointer to the SHA-1 context.
|
||||
@param[out] HashValue Pointer to a buffer that receives the SHA-1 digest
|
||||
|
@ -366,6 +398,7 @@ Sha1Update (
|
|||
|
||||
@retval TRUE SHA-1 digest computation succeeded.
|
||||
@retval FALSE SHA-1 digest computation failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -410,12 +443,14 @@ Sha256Init (
|
|||
|
||||
If Sha256Context is NULL, then return FALSE.
|
||||
If NewSha256Context is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] Sha256Context Pointer to SHA-256 context being copied.
|
||||
@param[out] NewSha256Context Pointer to new SHA-256 context.
|
||||
|
||||
@retval TRUE SHA-256 context copy succeeded.
|
||||
@retval FALSE SHA-256 context copy failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -486,7 +521,10 @@ Sha256Final (
|
|||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations.
|
||||
|
||||
If this interface is not supported, then return zero.
|
||||
|
||||
@return The size, in bytes, of the context buffer required for HMAC-MD5 operations.
|
||||
@retval 0 This interface is not supported.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
|
@ -500,6 +538,7 @@ HmacMd5GetContextSize (
|
|||
subsequent use.
|
||||
|
||||
If HmacMd5Context is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[out] HmacMd5Context Pointer to HMAC-MD5 context being initialized.
|
||||
@param[in] Key Pointer to the user-supplied key.
|
||||
|
@ -507,6 +546,7 @@ HmacMd5GetContextSize (
|
|||
|
||||
@retval TRUE HMAC-MD5 context initialization succeeded.
|
||||
@retval FALSE HMAC-MD5 context initialization failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -522,12 +562,14 @@ HmacMd5Init (
|
|||
|
||||
If HmacMd5Context is NULL, then return FALSE.
|
||||
If NewHmacMd5Context is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
|
||||
@param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
|
||||
|
||||
@retval TRUE HMAC-MD5 context copy succeeded.
|
||||
@retval FALSE HMAC-MD5 context copy failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -546,6 +588,7 @@ HmacMd5Duplicate (
|
|||
finalized by HmacMd5Final(). Behavior with invalid context is undefined.
|
||||
|
||||
If HmacMd5Context is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
|
||||
@param[in] Data Pointer to the buffer containing the data to be digested.
|
||||
|
@ -553,6 +596,7 @@ HmacMd5Duplicate (
|
|||
|
||||
@retval TRUE HMAC-MD5 data digest succeeded.
|
||||
@retval FALSE HMAC-MD5 data digest failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -574,6 +618,7 @@ HmacMd5Update (
|
|||
|
||||
If HmacMd5Context is NULL, then return FALSE.
|
||||
If HashValue is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
|
||||
@param[out] HashValue Pointer to a buffer that receives the HMAC-MD5 digest
|
||||
|
@ -581,6 +626,7 @@ HmacMd5Update (
|
|||
|
||||
@retval TRUE HMAC-MD5 digest computation succeeded.
|
||||
@retval FALSE HMAC-MD5 digest computation failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -593,7 +639,10 @@ HmacMd5Final (
|
|||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations.
|
||||
|
||||
If this interface is not supported, then return zero.
|
||||
|
||||
@return The size, in bytes, of the context buffer required for HMAC-SHA1 operations.
|
||||
@retval 0 This interface is not supported.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
|
@ -607,6 +656,7 @@ HmacSha1GetContextSize (
|
|||
subsequent use.
|
||||
|
||||
If HmacSha1Context is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[out] HmacSha1Context Pointer to HMAC-SHA1 context being initialized.
|
||||
@param[in] Key Pointer to the user-supplied key.
|
||||
|
@ -614,6 +664,7 @@ HmacSha1GetContextSize (
|
|||
|
||||
@retval TRUE HMAC-SHA1 context initialization succeeded.
|
||||
@retval FALSE HMAC-SHA1 context initialization failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -629,12 +680,14 @@ HmacSha1Init (
|
|||
|
||||
If HmacSha1Context is NULL, then return FALSE.
|
||||
If NewHmacSha1Context is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied.
|
||||
@param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
|
||||
|
||||
@retval TRUE HMAC-SHA1 context copy succeeded.
|
||||
@retval FALSE HMAC-SHA1 context copy failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -653,6 +706,7 @@ HmacSha1Duplicate (
|
|||
be finalized by HmacSha1Final(). Behavior with invalid context is undefined.
|
||||
|
||||
If HmacSha1Context is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
|
||||
@param[in] Data Pointer to the buffer containing the data to be digested.
|
||||
|
@ -660,6 +714,7 @@ HmacSha1Duplicate (
|
|||
|
||||
@retval TRUE HMAC-SHA1 data digest succeeded.
|
||||
@retval FALSE HMAC-SHA1 data digest failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -681,6 +736,7 @@ HmacSha1Update (
|
|||
|
||||
If HmacSha1Context is NULL, then return FALSE.
|
||||
If HashValue is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
|
||||
@param[out] HashValue Pointer to a buffer that receives the HMAC-SHA1 digest
|
||||
|
@ -688,6 +744,7 @@ HmacSha1Update (
|
|||
|
||||
@retval TRUE HMAC-SHA1 digest computation succeeded.
|
||||
@retval FALSE HMAC-SHA1 digest computation failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -705,7 +762,10 @@ HmacSha1Final (
|
|||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for TDES operations.
|
||||
|
||||
If this interface is not supported, then return zero.
|
||||
|
||||
@return The size, in bytes, of the context buffer required for TDES operations.
|
||||
@retval 0 This interface is not supported.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
|
@ -728,6 +788,7 @@ TdesGetContextSize (
|
|||
If TdesContext is NULL, then return FALSE.
|
||||
If Key is NULL, then return FALSE.
|
||||
If KeyLength is not valid, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[out] TdesContext Pointer to TDES context being initialized.
|
||||
@param[in] Key Pointer to the user-supplied TDES key.
|
||||
|
@ -735,6 +796,7 @@ TdesGetContextSize (
|
|||
|
||||
@retval TRUE TDES context initialization succeeded.
|
||||
@retval FALSE TDES context initialization failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -759,6 +821,7 @@ TdesInit (
|
|||
If Input is NULL, then return FALSE.
|
||||
If InputSize is not multiple of block size (8 bytes), then return FALSE.
|
||||
If Output is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] TdesContext Pointer to the TDES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
|
@ -767,6 +830,7 @@ TdesInit (
|
|||
|
||||
@retval TRUE TDES encryption succeeded.
|
||||
@retval FALSE TDES encryption failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -792,6 +856,7 @@ TdesEcbEncrypt (
|
|||
If Input is NULL, then return FALSE.
|
||||
If InputSize is not multiple of block size (8 bytes), then return FALSE.
|
||||
If Output is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] TdesContext Pointer to the TDES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be decrypted.
|
||||
|
@ -800,6 +865,7 @@ TdesEcbEncrypt (
|
|||
|
||||
@retval TRUE TDES decryption succeeded.
|
||||
@retval FALSE TDES decryption failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -827,6 +893,7 @@ TdesEcbDecrypt (
|
|||
If InputSize is not multiple of block size (8 bytes), then return FALSE.
|
||||
If Ivec is NULL, then return FALSE.
|
||||
If Output is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] TdesContext Pointer to the TDES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
|
@ -836,6 +903,7 @@ TdesEcbDecrypt (
|
|||
|
||||
@retval TRUE TDES encryption succeeded.
|
||||
@retval FALSE TDES encryption failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -864,6 +932,7 @@ TdesCbcEncrypt (
|
|||
If InputSize is not multiple of block size (8 bytes), then return FALSE.
|
||||
If Ivec is NULL, then return FALSE.
|
||||
If Output is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] TdesContext Pointer to the TDES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
|
@ -873,6 +942,7 @@ TdesCbcEncrypt (
|
|||
|
||||
@retval TRUE TDES decryption succeeded.
|
||||
@retval FALSE TDES decryption failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -888,7 +958,10 @@ TdesCbcDecrypt (
|
|||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for AES operations.
|
||||
|
||||
If this interface is not supported, then return zero.
|
||||
|
||||
@return The size, in bytes, of the context buffer required for AES operations.
|
||||
@retval 0 This interface is not supported.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
|
@ -908,6 +981,7 @@ AesGetContextSize (
|
|||
If AesContext is NULL, then return FALSE.
|
||||
If Key is NULL, then return FALSE.
|
||||
If KeyLength is not valid, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[out] AesContext Pointer to AES context being initialized.
|
||||
@param[in] Key Pointer to the user-supplied AES key.
|
||||
|
@ -915,6 +989,7 @@ AesGetContextSize (
|
|||
|
||||
@retval TRUE AES context initialization succeeded.
|
||||
@retval FALSE AES context initialization failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -939,6 +1014,7 @@ AesInit (
|
|||
If Input is NULL, then return FALSE.
|
||||
If InputSize is not multiple of block size (16 bytes), then return FALSE.
|
||||
If Output is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] AesContext Pointer to the AES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
|
@ -947,6 +1023,7 @@ AesInit (
|
|||
|
||||
@retval TRUE AES encryption succeeded.
|
||||
@retval FALSE AES encryption failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -972,6 +1049,7 @@ AesEcbEncrypt (
|
|||
If Input is NULL, then return FALSE.
|
||||
If InputSize is not multiple of block size (16 bytes), then return FALSE.
|
||||
If Output is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] AesContext Pointer to the AES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be decrypted.
|
||||
|
@ -980,6 +1058,7 @@ AesEcbEncrypt (
|
|||
|
||||
@retval TRUE AES decryption succeeded.
|
||||
@retval FALSE AES decryption failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1007,6 +1086,7 @@ AesEcbDecrypt (
|
|||
If InputSize is not multiple of block size (16 bytes), then return FALSE.
|
||||
If Ivec is NULL, then return FALSE.
|
||||
If Output is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] AesContext Pointer to the AES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
|
@ -1016,6 +1096,7 @@ AesEcbDecrypt (
|
|||
|
||||
@retval TRUE AES encryption succeeded.
|
||||
@retval FALSE AES encryption failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1044,6 +1125,7 @@ AesCbcEncrypt (
|
|||
If InputSize is not multiple of block size (16 bytes), then return FALSE.
|
||||
If Ivec is NULL, then return FALSE.
|
||||
If Output is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] AesContext Pointer to the AES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
|
@ -1053,6 +1135,7 @@ AesCbcEncrypt (
|
|||
|
||||
@retval TRUE AES decryption succeeded.
|
||||
@retval FALSE AES decryption failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1068,7 +1151,10 @@ AesCbcDecrypt (
|
|||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
|
||||
|
||||
If this interface is not supported, then return zero.
|
||||
|
||||
@return The size, in bytes, of the context buffer required for ARC4 operations.
|
||||
@retval 0 This interface is not supported.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
|
@ -1087,6 +1173,7 @@ Arc4GetContextSize (
|
|||
If Arc4Context is NULL, then return FALSE.
|
||||
If Key is NULL, then return FALSE.
|
||||
If KeySize does not in the range of [5, 256] bytes, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[out] Arc4Context Pointer to ARC4 context being initialized.
|
||||
@param[in] Key Pointer to the user-supplied ARC4 key.
|
||||
|
@ -1094,6 +1181,7 @@ Arc4GetContextSize (
|
|||
|
||||
@retval TRUE ARC4 context initialization succeeded.
|
||||
@retval FALSE ARC4 context initialization failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1115,6 +1203,7 @@ Arc4Init (
|
|||
If Arc4Context is NULL, then return FALSE.
|
||||
If Input is NULL, then return FALSE.
|
||||
If Output is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] Arc4Context Pointer to the ARC4 context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
|
@ -1123,6 +1212,7 @@ Arc4Init (
|
|||
|
||||
@retval TRUE ARC4 encryption succeeded.
|
||||
@retval FALSE ARC4 encryption failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1145,6 +1235,7 @@ Arc4Encrypt (
|
|||
If Arc4Context is NULL, then return FALSE.
|
||||
If Input is NULL, then return FALSE.
|
||||
If Output is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] Arc4Context Pointer to the ARC4 context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be decrypted.
|
||||
|
@ -1153,6 +1244,7 @@ Arc4Encrypt (
|
|||
|
||||
@retval TRUE ARC4 decryption succeeded.
|
||||
@retval FALSE ARC4 decryption failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1173,11 +1265,13 @@ Arc4Decrypt (
|
|||
should be already correctly initialized by ARC4Init().
|
||||
|
||||
If Arc4Context is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in, out] Arc4Context Pointer to the ARC4 context.
|
||||
|
||||
@retval TRUE ARC4 reset succeeded.
|
||||
@retval FALSE ARC4 reset failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1262,6 +1356,7 @@ RsaSetKey (
|
|||
If RsaContext is NULL, then return FALSE.
|
||||
If BnSize is NULL, then return FALSE.
|
||||
If BnSize is large enough but BigNumber is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in, out] RsaContext Pointer to RSA context being set.
|
||||
@param[in] KeyTag Tag of RSA key component being set.
|
||||
|
@ -1272,6 +1367,7 @@ RsaSetKey (
|
|||
@retval TRUE RSA key component was retrieved successfully.
|
||||
@retval FALSE Invalid RSA key component tag.
|
||||
@retval FALSE BnSize is too small.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1294,6 +1390,7 @@ RsaGetKey (
|
|||
initialized by RandomSeed().
|
||||
|
||||
If RsaContext is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in, out] RsaContext Pointer to RSA context being set.
|
||||
@param[in] ModulusLength Length of RSA modulus N in bits.
|
||||
|
@ -1302,6 +1399,7 @@ RsaGetKey (
|
|||
|
||||
@retval TRUE RSA key component was generated successfully.
|
||||
@retval FALSE Invalid RSA key component tag.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1323,11 +1421,13 @@ RsaGenerateKey (
|
|||
- Whether d*e = 1 mod lcm(p-1,q-1)
|
||||
|
||||
If RsaContext is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] RsaContext Pointer to RSA context to check.
|
||||
|
||||
@retval TRUE RSA key components are valid.
|
||||
@retval FALSE RSA key components are not valid.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1348,6 +1448,7 @@ RsaCheckKey (
|
|||
If MessageHash is NULL, then return FALSE.
|
||||
If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
|
||||
If SigSize is large enough but Signature is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] RsaContext Pointer to RSA context for signature generation.
|
||||
@param[in] MessageHash Pointer to octet message hash to be signed.
|
||||
|
@ -1359,6 +1460,7 @@ RsaCheckKey (
|
|||
@retval TRUE Signature successfully generated in PKCS1-v1_5.
|
||||
@retval FALSE Signature generation failed.
|
||||
@retval FALSE SigSize is too small.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1403,6 +1505,10 @@ RsaPkcs1Verify (
|
|||
/**
|
||||
Retrieve the RSA Private Key from the password-protected PEM key data.
|
||||
|
||||
If PemData is NULL, then return FALSE.
|
||||
If RsaContext is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] PemData Pointer to the PEM-encoded key data to be retrieved.
|
||||
@param[in] PemSize Size of the PEM key data in bytes.
|
||||
@param[in] Password NULL-terminated passphrase used for encrypted PEM key data.
|
||||
|
@ -1410,11 +1516,10 @@ RsaPkcs1Verify (
|
|||
RSA private key component. Use RsaFree() function to free the
|
||||
resource.
|
||||
|
||||
If PemData is NULL, then return FALSE.
|
||||
If RsaContext is NULL, then return FALSE.
|
||||
|
||||
@retval TRUE RSA Private Key was retrieved successfully.
|
||||
@retval FALSE Invalid PEM key data or incorrect password.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1429,17 +1534,19 @@ RsaGetPrivateKeyFromPem (
|
|||
/**
|
||||
Retrieve the RSA Public Key from one DER-encoded X509 certificate.
|
||||
|
||||
If Cert is NULL, then return FALSE.
|
||||
If RsaContext is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] Cert Pointer to the DER-encoded X509 certificate.
|
||||
@param[in] CertSize Size of the X509 certificate in bytes.
|
||||
@param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved
|
||||
RSA public key component. Use RsaFree() function to free the
|
||||
resource.
|
||||
|
||||
If Cert is NULL, then return FALSE.
|
||||
If RsaContext is NULL, then return FALSE.
|
||||
|
||||
@retval TRUE RSA Public Key was retrieved successfully.
|
||||
@retval FALSE Fail to retrieve RSA public key from X509 certificate.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1453,18 +1560,20 @@ RsaGetPublicKeyFromX509 (
|
|||
/**
|
||||
Retrieve the subject bytes from one X.509 certificate.
|
||||
|
||||
If Cert is NULL, then return FALSE.
|
||||
If SubjectSize is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] Cert Pointer to the DER-encoded X509 certificate.
|
||||
@param[in] CertSize Size of the X509 certificate in bytes.
|
||||
@param[out] CertSubject Pointer to the retrieved certificate subject bytes.
|
||||
@param[in, out] SubjectSize The size in bytes of the CertSubject buffer on input,
|
||||
and the size of buffer returned CertSubject on output.
|
||||
|
||||
If Cert is NULL, then return FALSE.
|
||||
If SubjectSize is NULL, then return FALSE.
|
||||
|
||||
@retval TRUE The certificate subject retrieved successfully.
|
||||
@retval FALSE Invalid certificate, or the SubjectSize is too small for the result.
|
||||
The SubjectSize will be updated with the required size.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1479,17 +1588,19 @@ X509GetSubjectName (
|
|||
/**
|
||||
Verify one X509 certificate was issued by the trusted CA.
|
||||
|
||||
If Cert is NULL, then return FALSE.
|
||||
If CACert is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] Cert Pointer to the DER-encoded X509 certificate to be verified.
|
||||
@param[in] CertSize Size of the X509 certificate in bytes.
|
||||
@param[in] CACert Pointer to the DER-encoded trusted CA certificate.
|
||||
@param[in] CACertSize Size of the CA Certificate in bytes.
|
||||
|
||||
If Cert is NULL, then return FALSE.
|
||||
If CACert is NULL, then return FALSE.
|
||||
|
||||
@retval TRUE The certificate was issued by the trusted CA.
|
||||
@retval FALSE Invalid certificate or the certificate was not issued by the given
|
||||
trusted CA.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1506,6 +1617,7 @@ X509VerifyCert (
|
|||
|
||||
If Cert is NULL, then return FALSE.
|
||||
If SingleX509Cert is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] Cert Pointer to the DER-encoded certificate data.
|
||||
@param[in] CertSize The size of certificate data in bytes.
|
||||
|
@ -1513,6 +1625,7 @@ X509VerifyCert (
|
|||
|
||||
@retval TRUE The X509 object generation succeeded.
|
||||
@retval FALSE The operation failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1527,6 +1640,7 @@ X509ConstructCertificate (
|
|||
Construct a X509 stack object from a list of DER-encoded certificate data.
|
||||
|
||||
If X509Stack is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in, out] X509Stack On input, pointer to an existing X509 stack object.
|
||||
On output, pointer to the X509 stack object with new
|
||||
|
@ -1537,6 +1651,7 @@ X509ConstructCertificate (
|
|||
|
||||
@retval TRUE The X509 stack construction succeeded.
|
||||
@retval FALSE The construction operation failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1549,7 +1664,7 @@ X509ConstructCertificateStack (
|
|||
/**
|
||||
Release the specified X509 object.
|
||||
|
||||
If X509Cert is NULL, then return FALSE.
|
||||
If the interface is not supported, then ASSERT().
|
||||
|
||||
@param[in] X509Cert Pointer to the X509 object to be released.
|
||||
|
||||
|
@ -1563,7 +1678,7 @@ X509Free (
|
|||
/**
|
||||
Release the specified X509 stack object.
|
||||
|
||||
If X509Stack is NULL, then return FALSE.
|
||||
If the interface is not supported, then ASSERT().
|
||||
|
||||
@param[in] X509Stack Pointer to the X509 stack object to be released.
|
||||
|
||||
|
@ -1581,6 +1696,7 @@ X509StackFree (
|
|||
|
||||
If P7Data, CertStack, StackLength, TrustedCert or CertLength is NULL, then
|
||||
return FALSE. If P7Length overflow, then return FAlSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] P7Data Pointer to the PKCS#7 message to verify.
|
||||
@param[in] P7Length Length of the PKCS#7 message in bytes.
|
||||
|
@ -1593,6 +1709,7 @@ X509StackFree (
|
|||
|
||||
@retval TRUE The operation is finished successfully.
|
||||
@retval FALSE Error occurs during the operation.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1609,6 +1726,8 @@ Pkcs7GetSigners (
|
|||
/**
|
||||
Wrap function to use free() to free allocated memory for certificates.
|
||||
|
||||
If this interface is not supported, then ASSERT().
|
||||
|
||||
@param[in] Certs Pointer to the certificates to be freed.
|
||||
|
||||
**/
|
||||
|
@ -1623,6 +1742,8 @@ Pkcs7FreeSigners (
|
|||
Syntax Standard, version 1.5". This interface is only intended to be used for
|
||||
application to perform PKCS#7 functionality validation.
|
||||
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] PrivateKey Pointer to the PEM-formatted private key data for
|
||||
data signing.
|
||||
@param[in] PrivateKeySize Size of the PEM private key data in bytes.
|
||||
|
@ -1639,6 +1760,7 @@ Pkcs7FreeSigners (
|
|||
|
||||
@retval TRUE PKCS#7 data signing succeeded.
|
||||
@retval FALSE PKCS#7 data signing failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1662,6 +1784,7 @@ Pkcs7Sign (
|
|||
|
||||
If P7Data, TrustedCert or InData is NULL, then return FALSE.
|
||||
If P7Length, CertLength or DataLength overflow, then return FAlSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] P7Data Pointer to the PKCS#7 message to verify.
|
||||
@param[in] P7Length Length of the PKCS#7 message in bytes.
|
||||
|
@ -1673,6 +1796,7 @@ Pkcs7Sign (
|
|||
|
||||
@retval TRUE The specified PKCS#7 signed data is valid.
|
||||
@retval FALSE Invalid PKCS#7 signed data.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1692,6 +1816,7 @@ Pkcs7Verify (
|
|||
|
||||
If AuthData is NULL, then return FALSE.
|
||||
If ImageHash is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] AuthData Pointer to the Authenticode Signature retrieved from signed
|
||||
PE/COFF image to be verified.
|
||||
|
@ -1706,6 +1831,7 @@ Pkcs7Verify (
|
|||
|
||||
@retval TRUE The specified Authenticode Signature is valid.
|
||||
@retval FALSE Invalid Authenticode Signature.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1728,6 +1854,7 @@ AuthenticodeVerify (
|
|||
|
||||
@return Pointer to the Diffie-Hellman Context that has been initialized.
|
||||
If the allocations fails, DhNew() returns NULL.
|
||||
If the interface is not supported, DhNew() returns NULL.
|
||||
|
||||
**/
|
||||
VOID *
|
||||
|
@ -1739,7 +1866,7 @@ DhNew (
|
|||
/**
|
||||
Release the specified DH context.
|
||||
|
||||
If DhContext is NULL, then return FALSE.
|
||||
If the interface is not supported, then ASSERT().
|
||||
|
||||
@param[in] DhContext Pointer to the DH context to be released.
|
||||
|
||||
|
@ -1761,6 +1888,7 @@ DhFree (
|
|||
|
||||
If DhContext is NULL, then return FALSE.
|
||||
If Prime is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in, out] DhContext Pointer to the DH context.
|
||||
@param[in] Generator Value of generator.
|
||||
|
@ -1770,6 +1898,7 @@ DhFree (
|
|||
@retval TRUE DH pamameter generation succeeded.
|
||||
@retval FALSE Value of Generator is not supported.
|
||||
@retval FALSE PRNG fails to generate random prime number with PrimeLength.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1789,6 +1918,7 @@ DhGenerateParameter (
|
|||
|
||||
If DhContext is NULL, then return FALSE.
|
||||
If Prime is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in, out] DhContext Pointer to the DH context.
|
||||
@param[in] Generator Value of generator.
|
||||
|
@ -1800,6 +1930,7 @@ DhGenerateParameter (
|
|||
@retval FALSE Value of Generator is not suitable for the Prime.
|
||||
@retval FALSE Value of Prime is not a prime number.
|
||||
@retval FALSE Value of Prime is not a safe prime number.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1822,6 +1953,7 @@ DhSetParameter (
|
|||
If DhContext is NULL, then return FALSE.
|
||||
If PublicKeySize is NULL, then return FALSE.
|
||||
If PublicKeySize is large enough but PublicKey is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in, out] DhContext Pointer to the DH context.
|
||||
@param[out] PublicKey Pointer to the buffer to receive generated public key.
|
||||
|
@ -1831,6 +1963,7 @@ DhSetParameter (
|
|||
@retval TRUE DH public key generation succeeded.
|
||||
@retval FALSE DH public key generation failed.
|
||||
@retval FALSE PublicKeySize is not large enough.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1851,6 +1984,7 @@ DhGenerateKey (
|
|||
If PeerPublicKey is NULL, then return FALSE.
|
||||
If KeySize is NULL, then return FALSE.
|
||||
If KeySize is large enough but Key is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in, out] DhContext Pointer to the DH context.
|
||||
@param[in] PeerPublicKey Pointer to the peer's public key.
|
||||
|
@ -1862,6 +1996,7 @@ DhGenerateKey (
|
|||
@retval TRUE DH exchanged key generation succeeded.
|
||||
@retval FALSE DH exchanged key generation failed.
|
||||
@retval FALSE KeySize is not large enough.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1884,6 +2019,7 @@ DhComputeKey (
|
|||
This function sets up the seed value for the pseudorandom number generator.
|
||||
If Seed is not NULL, then the seed passed in is used.
|
||||
If Seed is NULL, then default seed is used.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] Seed Pointer to seed value.
|
||||
If NULL, default seed is used.
|
||||
|
@ -1892,6 +2028,7 @@ DhComputeKey (
|
|||
|
||||
@retval TRUE Pseudorandom number generator has enough entropy for random generation.
|
||||
@retval FALSE Pseudorandom number generator does not have enough entropy for random generation.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -1905,12 +2042,14 @@ RandomSeed (
|
|||
Generates a pseudorandom byte stream of the specified size.
|
||||
|
||||
If Output is NULL, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[out] Output Pointer to buffer to receive random value.
|
||||
@param[in] Size Size of randome bytes to generate.
|
||||
|
||||
@retval TRUE Pseudorandom byte stream generated successfully.
|
||||
@retval FALSE Pseudorandom number generator fails to generate due to lack of entropy.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
|
|
@ -21,9 +21,9 @@
|
|||
INF_VERSION = 0x00010005
|
||||
BASE_NAME = BaseCryptLib
|
||||
FILE_GUID = be3bb803-91b6-4da0-bd91-a8b21c18ca5d
|
||||
MODULE_TYPE = BASE
|
||||
MODULE_TYPE = DXE_DRIVER
|
||||
VERSION_STRING = 1.0
|
||||
LIBRARY_CLASS = BaseCryptLib
|
||||
LIBRARY_CLASS = BaseCryptLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER
|
||||
|
||||
#
|
||||
# The following information is for reference only and not required by the build tools.
|
||||
|
@ -42,8 +42,10 @@
|
|||
Cipher/CryptAes.c
|
||||
Cipher/CryptTdes.c
|
||||
Cipher/CryptArc4.c
|
||||
Pk/CryptRsa.c
|
||||
Pk/CryptPkcs7.c
|
||||
Pk/CryptRsaBasic.c
|
||||
Pk/CryptRsaExt.c
|
||||
Pk/CryptPkcs7Sign.c
|
||||
Pk/CryptPkcs7Verify.c
|
||||
Pk/CryptDh.c
|
||||
Pk/CryptX509.c
|
||||
Pk/CryptAuthenticode.c
|
||||
|
|
|
@ -0,0 +1,165 @@
|
|||
/** @file
|
||||
AES Wrapper Implementation which does not provide real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for AES operations.
|
||||
|
||||
Return zero to indicate this interface is not supported.
|
||||
|
||||
@retval 0 This interface is not supported.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
EFIAPI
|
||||
AesGetContextSize (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
Initializes user-supplied memory as AES context for subsequent use.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[out] AesContext Pointer to AES context being initialized.
|
||||
@param[in] Key Pointer to the user-supplied AES key.
|
||||
@param[in] KeyLength Length of AES key in bits.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
AesInit (
|
||||
OUT VOID *AesContext,
|
||||
IN CONST UINT8 *Key,
|
||||
IN UINTN KeyLength
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs AES encryption on a data buffer of the specified size in ECB mode.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] AesContext Pointer to the AES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[out] Output Pointer to a buffer that receives the AES encryption output.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
AesEcbEncrypt (
|
||||
IN VOID *AesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs AES decryption on a data buffer of the specified size in ECB mode.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] AesContext Pointer to the AES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be decrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[out] Output Pointer to a buffer that receives the AES decryption output.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
AesEcbDecrypt (
|
||||
IN VOID *AesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs AES encryption on a data buffer of the specified size in CBC mode.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] AesContext Pointer to the AES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[in] Ivec Pointer to initialization vector.
|
||||
@param[out] Output Pointer to a buffer that receives the AES encryption output.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
AesCbcEncrypt (
|
||||
IN VOID *AesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
IN CONST UINT8 *Ivec,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs AES decryption on a data buffer of the specified size in CBC mode.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] AesContext Pointer to the AES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[in] Ivec Pointer to initialization vector.
|
||||
@param[out] Output Pointer to a buffer that receives the AES encryption output.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
AesCbcDecrypt (
|
||||
IN VOID *AesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
IN CONST UINT8 *Ivec,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
|
@ -0,0 +1,130 @@
|
|||
/** @file
|
||||
ARC4 Wrapper Implementation which does not provide real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
|
||||
|
||||
Return zero to indicate this interface is not supported.
|
||||
|
||||
@retval 0 This interface is not supported.
|
||||
|
||||
|
||||
**/
|
||||
UINTN
|
||||
EFIAPI
|
||||
Arc4GetContextSize (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
Initializes user-supplied memory as ARC4 context for subsequent use.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[out] Arc4Context Pointer to ARC4 context being initialized.
|
||||
@param[in] Key Pointer to the user-supplied ARC4 key.
|
||||
@param[in] KeySize Size of ARC4 key in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Arc4Init (
|
||||
OUT VOID *Arc4Context,
|
||||
IN CONST UINT8 *Key,
|
||||
IN UINTN KeySize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs ARC4 encryption on a data buffer of the specified size.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] Arc4Context Pointer to the ARC4 context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Arc4Encrypt (
|
||||
IN OUT VOID *Arc4Context,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs ARC4 decryption on a data buffer of the specified size.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] Arc4Context Pointer to the ARC4 context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be decrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Arc4Decrypt (
|
||||
IN OUT VOID *Arc4Context,
|
||||
IN UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Resets the ARC4 context to the initial state.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] Arc4Context Pointer to the ARC4 context.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Arc4Reset (
|
||||
IN OUT VOID *Arc4Context
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
|
@ -0,0 +1,166 @@
|
|||
/** @file
|
||||
TDES Wrapper Implementation which does not provide real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for TDES operations.
|
||||
|
||||
Return zero to indicate this interface is not supported.
|
||||
|
||||
@retval 0 This interface is not supported.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
EFIAPI
|
||||
TdesGetContextSize (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
Initializes user-supplied memory as TDES context for subsequent use.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[out] TdesContext Pointer to TDES context being initialized.
|
||||
@param[in] Key Pointer to the user-supplied TDES key.
|
||||
@param[in] KeyLength Length of TDES key in bits.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
TdesInit (
|
||||
OUT VOID *TdesContext,
|
||||
IN CONST UINT8 *Key,
|
||||
IN UINTN KeyLength
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs TDES encryption on a data buffer of the specified size in ECB mode.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] TdesContext Pointer to the TDES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
TdesEcbEncrypt (
|
||||
IN VOID *TdesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs TDES decryption on a data buffer of the specified size in ECB mode.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] TdesContext Pointer to the TDES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be decrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[out] Output Pointer to a buffer that receives the TDES decryption output.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
TdesEcbDecrypt (
|
||||
IN VOID *TdesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs TDES encryption on a data buffer of the specified size in CBC mode.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] TdesContext Pointer to the TDES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[in] Ivec Pointer to initialization vector.
|
||||
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
TdesCbcEncrypt (
|
||||
IN VOID *TdesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
IN CONST UINT8 *Ivec,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs TDES decryption on a data buffer of the specified size in CBC mode.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] TdesContext Pointer to the TDES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[in] Ivec Pointer to initialization vector.
|
||||
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
TdesCbcDecrypt (
|
||||
IN VOID *TdesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
IN CONST UINT8 *Ivec,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
|
@ -0,0 +1,124 @@
|
|||
/** @file
|
||||
MD4 Digest Wrapper Implementation which does not provide real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for MD4 hash
|
||||
operations.
|
||||
|
||||
Return zero to indicate this interface is not supported.
|
||||
|
||||
@retval 0 This interface is not supported.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
EFIAPI
|
||||
Md4GetContextSize (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
|
||||
subsequent use.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[out] Md4Context Pointer to MD4 context being initialized.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Md4Init (
|
||||
OUT VOID *Md4Context
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Makes a copy of an existing MD4 context.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] Md4Context Pointer to MD4 context being copied.
|
||||
@param[out] NewMd4Context Pointer to new MD4 context.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Md4Duplicate (
|
||||
IN CONST VOID *Md4Context,
|
||||
OUT VOID *NewMd4Context
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Digests the input data and updates MD4 context.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] Md4Context Pointer to the MD4 context.
|
||||
@param[in] Data Pointer to the buffer containing the data to be hashed.
|
||||
@param[in] DataSize Size of Data buffer in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Md4Update (
|
||||
IN OUT VOID *Md4Context,
|
||||
IN CONST VOID *Data,
|
||||
IN UINTN DataSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Completes computation of the MD4 digest value.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] Md4Context Pointer to the MD4 context.
|
||||
@param[out] HashValue Pointer to a buffer that receives the MD4 digest
|
||||
value (16 bytes).
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Md4Final (
|
||||
IN OUT VOID *Md4Context,
|
||||
OUT UINT8 *HashValue
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
|
@ -0,0 +1,127 @@
|
|||
/** @file
|
||||
HMAC-MD5 Wrapper Implementation which does not provide real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations.
|
||||
|
||||
Return zero to indicate this interface is not supported.
|
||||
|
||||
@retval 0 This interface is not supported.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
EFIAPI
|
||||
HmacMd5GetContextSize (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for
|
||||
subsequent use.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[out] HmacMd5Context Pointer to HMAC-MD5 context being initialized.
|
||||
@param[in] Key Pointer to the user-supplied key.
|
||||
@param[in] KeySize Key size in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
HmacMd5Init (
|
||||
OUT VOID *HmacMd5Context,
|
||||
IN CONST UINT8 *Key,
|
||||
IN UINTN KeySize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Makes a copy of an existing HMAC-MD5 context.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
|
||||
@param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
HmacMd5Duplicate (
|
||||
IN CONST VOID *HmacMd5Context,
|
||||
OUT VOID *NewHmacMd5Context
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Digests the input data and updates HMAC-MD5 context.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
|
||||
@param[in] Data Pointer to the buffer containing the data to be digested.
|
||||
@param[in] DataSize Size of Data buffer in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
HmacMd5Update (
|
||||
IN OUT VOID *HmacMd5Context,
|
||||
IN CONST VOID *Data,
|
||||
IN UINTN DataSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Completes computation of the HMAC-MD5 digest value.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
|
||||
@param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
|
||||
value (16 bytes).
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
HmacMd5Final (
|
||||
IN OUT VOID *HmacMd5Context,
|
||||
OUT UINT8 *HmacValue
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
|
@ -0,0 +1,127 @@
|
|||
/** @file
|
||||
HMAC-SHA1 Wrapper Implementation which does not provide real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations.
|
||||
|
||||
Return zero to indicate this interface is not supported.
|
||||
|
||||
@retval 0 This interface is not supported.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
EFIAPI
|
||||
HmacSha1GetContextSize (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for
|
||||
subsequent use.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[out] HmacSha1Context Pointer to HMAC-SHA1 context being initialized.
|
||||
@param[in] Key Pointer to the user-supplied key.
|
||||
@param[in] KeySize Key size in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
HmacSha1Init (
|
||||
OUT VOID *HmacSha1Context,
|
||||
IN CONST UINT8 *Key,
|
||||
IN UINTN KeySize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Makes a copy of an existing HMAC-SHA1 context.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied.
|
||||
@param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
HmacSha1Duplicate (
|
||||
IN CONST VOID *HmacSha1Context,
|
||||
OUT VOID *NewHmacSha1Context
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Digests the input data and updates HMAC-SHA1 context.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
|
||||
@param[in] Data Pointer to the buffer containing the data to be digested.
|
||||
@param[in] DataSize Size of Data buffer in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
HmacSha1Update (
|
||||
IN OUT VOID *HmacSha1Context,
|
||||
IN CONST VOID *Data,
|
||||
IN UINTN DataSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Completes computation of the HMAC-SHA1 digest value.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
|
||||
@param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest
|
||||
value (20 bytes).
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
HmacSha1Final (
|
||||
IN OUT VOID *HmacSha1Context,
|
||||
OUT UINT8 *HmacValue
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
|
@ -6,6 +6,12 @@
|
|||
# This external input must be validated carefully to avoid security issue like
|
||||
# buffer overflow, integer overflow.
|
||||
#
|
||||
# Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/
|
||||
# TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
|
||||
# Diffie-Hellman functions, X.509 certificate handler functions, authenticode
|
||||
# signature verification functions, PEM handler functions, pseudorandom number
|
||||
# generator functions are not supported in this instance.
|
||||
#
|
||||
# Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
# This program and the accompanying materials
|
||||
# are licensed and made available under the terms and conditions of the BSD License
|
||||
|
@ -23,7 +29,7 @@
|
|||
FILE_GUID = 9a2a4375-194c-4e97-9f67-547ec98d96ca
|
||||
MODULE_TYPE = PEIM
|
||||
VERSION_STRING = 1.0
|
||||
LIBRARY_CLASS = BaseCryptLib|PEIM PEI_CORE SEC
|
||||
LIBRARY_CLASS = BaseCryptLib|PEIM PEI_CORE
|
||||
|
||||
#
|
||||
# The following information is for reference only and not required by the build tools.
|
||||
|
@ -32,14 +38,32 @@
|
|||
#
|
||||
|
||||
[Sources]
|
||||
Hash/CryptMd4Null.c
|
||||
Hash/CryptMd5.c
|
||||
Hash/CryptSha1.c
|
||||
Hash/CryptSha256.c
|
||||
Pk/CryptRsa.c
|
||||
Hmac/CryptHmacMd5Null.c
|
||||
Hmac/CryptHmacSha1Null.c
|
||||
Cipher/CryptAesNull.c
|
||||
Cipher/CryptTdesNull.c
|
||||
Cipher/CryptArc4Null.c
|
||||
|
||||
Pk/CryptRsaBasic.c
|
||||
Pk/CryptRsaExtNull.c
|
||||
Pk/CryptPkcs7SignNull.c
|
||||
Pk/CryptPkcs7Verify.c
|
||||
|
||||
Pk/CryptDhNull.c
|
||||
Pk/CryptX509Null.c
|
||||
Pk/CryptAuthenticodeNull.c
|
||||
Pem/CryptPemNull.c
|
||||
|
||||
Rand/CryptRandNull.c
|
||||
|
||||
SysCall/CrtWrapper.c
|
||||
SysCall/BaseMemAllocation.c
|
||||
|
||||
|
||||
[Sources.Ia32]
|
||||
SysCall/Ia32/MathMultS64x64.c | MSFT
|
||||
SysCall/Ia32/MathDivU64x64.c | MSFT
|
||||
|
|
|
@ -0,0 +1,44 @@
|
|||
/** @file
|
||||
PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation which does
|
||||
not provide real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Retrieve the RSA Private Key from the password-protected PEM key data.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] PemData Pointer to the PEM-encoded key data to be retrieved.
|
||||
@param[in] PemSize Size of the PEM key data in bytes.
|
||||
@param[in] Password NULL-terminated passphrase used for encrypted PEM key data.
|
||||
@param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved
|
||||
RSA private key component. Use RsaFree() function to free the
|
||||
resource.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaGetPrivateKeyFromPem (
|
||||
IN CONST UINT8 *PemData,
|
||||
IN UINTN PemSize,
|
||||
IN CONST CHAR8 *Password,
|
||||
OUT VOID **RsaContext
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
|
@ -0,0 +1,51 @@
|
|||
/** @file
|
||||
Authenticode Portable Executable Signature Verification which does not provide
|
||||
real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Verifies the validility of a PE/COFF Authenticode Signature as described in "Windows
|
||||
Authenticode Portable Executable Signature Format".
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] AuthData Pointer to the Authenticode Signature retrieved from signed
|
||||
PE/COFF image to be verified.
|
||||
@param[in] DataSize Size of the Authenticode Signature in bytes.
|
||||
@param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
|
||||
is used for certificate chain verification.
|
||||
@param[in] CertSize Size of the trusted certificate in bytes.
|
||||
@param[in] ImageHash Pointer to the original image file hash value. The procudure
|
||||
for calculating the image hash value is described in Authenticode
|
||||
specification.
|
||||
@param[in] HashSize Size of Image hash value in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
AuthenticodeVerify (
|
||||
IN CONST UINT8 *AuthData,
|
||||
IN UINTN DataSize,
|
||||
IN CONST UINT8 *TrustedCert,
|
||||
IN UINTN CertSize,
|
||||
IN CONST UINT8 *ImageHash,
|
||||
IN UINTN HashSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
|
@ -0,0 +1,156 @@
|
|||
/** @file
|
||||
Diffie-Hellman Wrapper Implementation which does not provide
|
||||
real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Allocates and Initializes one Diffie-Hellman Context for subsequent use.
|
||||
|
||||
@return Pointer to the Diffie-Hellman Context that has been initialized.
|
||||
If the interface is not supported, DhNew() returns NULL.
|
||||
|
||||
**/
|
||||
VOID *
|
||||
EFIAPI
|
||||
DhNew (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/**
|
||||
Release the specified DH context.
|
||||
|
||||
If the interface is not supported, then ASSERT().
|
||||
|
||||
@param[in] DhContext Pointer to the DH context to be released.
|
||||
|
||||
**/
|
||||
VOID
|
||||
EFIAPI
|
||||
DhFree (
|
||||
IN VOID *DhContext
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
Generates DH parameter.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] DhContext Pointer to the DH context.
|
||||
@param[in] Generator Value of generator.
|
||||
@param[in] PrimeLength Length in bits of prime to be generated.
|
||||
@param[out] Prime Pointer to the buffer to receive the generated prime number.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
DhGenerateParameter (
|
||||
IN OUT VOID *DhContext,
|
||||
IN UINTN Generator,
|
||||
IN UINTN PrimeLength,
|
||||
OUT UINT8 *Prime
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Sets generator and prime parameters for DH.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] DhContext Pointer to the DH context.
|
||||
@param[in] Generator Value of generator.
|
||||
@param[in] PrimeLength Length in bits of prime to be generated.
|
||||
@param[in] Prime Pointer to the prime number.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
DhSetParameter (
|
||||
IN OUT VOID *DhContext,
|
||||
IN UINTN Generator,
|
||||
IN UINTN PrimeLength,
|
||||
IN CONST UINT8 *Prime
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Generates DH public key.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] DhContext Pointer to the DH context.
|
||||
@param[out] PublicKey Pointer to the buffer to receive generated public key.
|
||||
@param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes.
|
||||
On output, the size of data returned in PublicKey buffer in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
DhGenerateKey (
|
||||
IN OUT VOID *DhContext,
|
||||
OUT UINT8 *PublicKey,
|
||||
IN OUT UINTN *PublicKeySize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Computes exchanged common key.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] DhContext Pointer to the DH context.
|
||||
@param[in] PeerPublicKey Pointer to the peer's public key.
|
||||
@param[in] PeerPublicKeySize Size of peer's public key in bytes.
|
||||
@param[out] Key Pointer to the buffer to receive generated key.
|
||||
@param[in, out] KeySize On input, the size of Key buffer in bytes.
|
||||
On output, the size of data returned in Key buffer in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
DhComputeKey (
|
||||
IN OUT VOID *DhContext,
|
||||
IN CONST UINT8 *PeerPublicKey,
|
||||
IN UINTN PeerPublicKeySize,
|
||||
OUT UINT8 *Key,
|
||||
IN OUT UINTN *KeySize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
|
@ -0,0 +1,197 @@
|
|||
/** @file
|
||||
PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL.
|
||||
|
||||
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pkcs7.h>
|
||||
|
||||
|
||||
/**
|
||||
Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
|
||||
Syntax Standard, version 1.5". This interface is only intended to be used for
|
||||
application to perform PKCS#7 functionality validation.
|
||||
|
||||
@param[in] PrivateKey Pointer to the PEM-formatted private key data for
|
||||
data signing.
|
||||
@param[in] PrivateKeySize Size of the PEM private key data in bytes.
|
||||
@param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM
|
||||
key data.
|
||||
@param[in] InData Pointer to the content to be signed.
|
||||
@param[in] InDataSize Size of InData in bytes.
|
||||
@param[in] SignCert Pointer to signer's DER-encoded certificate to sign with.
|
||||
@param[in] OtherCerts Pointer to an optional additional set of certificates to
|
||||
include in the PKCS#7 signedData (e.g. any intermediate
|
||||
CAs in the chain).
|
||||
@param[out] SignedData Pointer to output PKCS#7 signedData.
|
||||
@param[out] SignedDataSize Size of SignedData in bytes.
|
||||
|
||||
@retval TRUE PKCS#7 data signing succeeded.
|
||||
@retval FALSE PKCS#7 data signing failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Pkcs7Sign (
|
||||
IN CONST UINT8 *PrivateKey,
|
||||
IN UINTN PrivateKeySize,
|
||||
IN CONST UINT8 *KeyPassword,
|
||||
IN UINT8 *InData,
|
||||
IN UINTN InDataSize,
|
||||
IN UINT8 *SignCert,
|
||||
IN UINT8 *OtherCerts OPTIONAL,
|
||||
OUT UINT8 **SignedData,
|
||||
OUT UINTN *SignedDataSize
|
||||
)
|
||||
{
|
||||
BOOLEAN Status;
|
||||
EVP_PKEY *Key;
|
||||
BIO *DataBio;
|
||||
PKCS7 *Pkcs7;
|
||||
UINT8 *RsaContext;
|
||||
UINT8 *P7Data;
|
||||
UINTN P7DataSize;
|
||||
UINT8 *Tmp;
|
||||
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL ||
|
||||
SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
RsaContext = NULL;
|
||||
Key = NULL;
|
||||
Pkcs7 = NULL;
|
||||
DataBio = NULL;
|
||||
Status = FALSE;
|
||||
|
||||
//
|
||||
// Retrieve RSA private key from PEM data.
|
||||
//
|
||||
Status = RsaGetPrivateKeyFromPem (
|
||||
PrivateKey,
|
||||
PrivateKeySize,
|
||||
(CONST CHAR8 *) KeyPassword,
|
||||
(VOID **) &RsaContext
|
||||
);
|
||||
if (!Status) {
|
||||
return Status;
|
||||
}
|
||||
|
||||
//
|
||||
// Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling
|
||||
//
|
||||
EVP_add_digest (EVP_md5());
|
||||
EVP_add_digest (EVP_sha1());
|
||||
EVP_add_digest (EVP_sha256());
|
||||
RandomSeed (NULL, 0);
|
||||
|
||||
//
|
||||
// Construct OpenSSL EVP_PKEY for private key.
|
||||
//
|
||||
Key = EVP_PKEY_new ();
|
||||
if (Key == NULL) {
|
||||
Status = FALSE;
|
||||
goto _Exit;
|
||||
}
|
||||
Key->save_type = EVP_PKEY_RSA;
|
||||
Key->type = EVP_PKEY_type (EVP_PKEY_RSA);
|
||||
Key->pkey.rsa = (RSA *) RsaContext;
|
||||
|
||||
//
|
||||
// Convert the data to be signed to BIO format.
|
||||
//
|
||||
DataBio = BIO_new (BIO_s_mem ());
|
||||
BIO_write (DataBio, InData, (int) InDataSize);
|
||||
|
||||
//
|
||||
// Create the PKCS#7 signedData structure.
|
||||
//
|
||||
Pkcs7 = PKCS7_sign (
|
||||
(X509 *) SignCert,
|
||||
Key,
|
||||
(STACK_OF(X509) *) OtherCerts,
|
||||
DataBio,
|
||||
PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED
|
||||
);
|
||||
if (Pkcs7 == NULL) {
|
||||
Status = FALSE;
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
//
|
||||
// Convert PKCS#7 signedData structure into DER-encoded buffer.
|
||||
//
|
||||
P7DataSize = i2d_PKCS7 (Pkcs7, NULL);
|
||||
if (P7DataSize <= 19) {
|
||||
Status = FALSE;
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
P7Data = malloc (P7DataSize);
|
||||
if (P7Data == NULL) {
|
||||
Status = FALSE;
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
Tmp = P7Data;
|
||||
P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp);
|
||||
|
||||
//
|
||||
// Strip ContentInfo to content only for signeddata. The data be trimmed off
|
||||
// is totally 19 bytes.
|
||||
//
|
||||
*SignedDataSize = P7DataSize - 19;
|
||||
*SignedData = malloc (*SignedDataSize);
|
||||
if (*SignedData == NULL) {
|
||||
Status = FALSE;
|
||||
OPENSSL_free (P7Data);
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
CopyMem (*SignedData, P7Data + 19, *SignedDataSize);
|
||||
|
||||
OPENSSL_free (P7Data);
|
||||
|
||||
Status = TRUE;
|
||||
|
||||
_Exit:
|
||||
//
|
||||
// Release Resources
|
||||
//
|
||||
if (RsaContext != NULL) {
|
||||
RsaFree (RsaContext);
|
||||
if (Key != NULL) {
|
||||
Key->pkey.rsa = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
if (Key != NULL) {
|
||||
EVP_PKEY_free (Key);
|
||||
}
|
||||
|
||||
if (DataBio != NULL) {
|
||||
BIO_free (DataBio);
|
||||
}
|
||||
|
||||
if (Pkcs7 != NULL) {
|
||||
PKCS7_free (Pkcs7);
|
||||
}
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
|
@ -0,0 +1,59 @@
|
|||
/** @file
|
||||
PKCS#7 SignedData Sign Wrapper Implementation which does not provide real
|
||||
capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
|
||||
Syntax Standard, version 1.5". This interface is only intended to be used for
|
||||
application to perform PKCS#7 functionality validation.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] PrivateKey Pointer to the PEM-formatted private key data for
|
||||
data signing.
|
||||
@param[in] PrivateKeySize Size of the PEM private key data in bytes.
|
||||
@param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM
|
||||
key data.
|
||||
@param[in] InData Pointer to the content to be signed.
|
||||
@param[in] InDataSize Size of InData in bytes.
|
||||
@param[in] SignCert Pointer to signer's DER-encoded certificate to sign with.
|
||||
@param[in] OtherCerts Pointer to an optional additional set of certificates to
|
||||
include in the PKCS#7 signedData (e.g. any intermediate
|
||||
CAs in the chain).
|
||||
@param[out] SignedData Pointer to output PKCS#7 signedData.
|
||||
@param[out] SignedDataSize Size of SignedData in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Pkcs7Sign (
|
||||
IN CONST UINT8 *PrivateKey,
|
||||
IN UINTN PrivateKeySize,
|
||||
IN CONST UINT8 *KeyPassword,
|
||||
IN UINT8 *InData,
|
||||
IN UINTN InDataSize,
|
||||
IN UINT8 *SignCert,
|
||||
IN UINT8 *OtherCerts OPTIONAL,
|
||||
OUT UINT8 **SignedData,
|
||||
OUT UINTN *SignedDataSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
|
@ -0,0 +1,577 @@
|
|||
/** @file
|
||||
PKCS#7 SignedData Verification Wrapper Implementation over OpenSSL.
|
||||
|
||||
Caution: This module requires additional review when modified.
|
||||
This library will have external input - signature (e.g. UEFI Authenticated
|
||||
Variable). It may by input in SMM mode.
|
||||
This external input must be validated carefully to avoid security issue like
|
||||
buffer overflow, integer overflow.
|
||||
|
||||
WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated
|
||||
Variable and will do basic check for data structure.
|
||||
|
||||
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pkcs7.h>
|
||||
|
||||
UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 };
|
||||
|
||||
/**
|
||||
Verification callback function to override any existing callbacks in OpenSSL
|
||||
for intermediate certificate supports.
|
||||
|
||||
@param[in] Status Original status before calling this callback.
|
||||
@param[in] Context X509 store context.
|
||||
|
||||
@retval 1 Current X509 certificate is verified successfully.
|
||||
@retval 0 Verification failed.
|
||||
|
||||
**/
|
||||
int
|
||||
X509VerifyCb (
|
||||
IN int Status,
|
||||
IN X509_STORE_CTX *Context
|
||||
)
|
||||
{
|
||||
X509_OBJECT *Obj;
|
||||
INTN Error;
|
||||
INTN Index;
|
||||
INTN Count;
|
||||
|
||||
Obj = NULL;
|
||||
Error = (INTN) X509_STORE_CTX_get_error (Context);
|
||||
|
||||
//
|
||||
// X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT and X509_V_ERR_UNABLE_TO_GET_ISSUER_
|
||||
// CERT_LOCALLY mean a X509 certificate is not self signed and its issuer
|
||||
// can not be found in X509_verify_cert of X509_vfy.c.
|
||||
// In order to support intermediate certificate node, we override the
|
||||
// errors if the certification is obtained from X509 store, i.e. it is
|
||||
// a trusted ceritifcate node that is enrolled by user.
|
||||
// Besides,X509_V_ERR_CERT_UNTRUSTED and X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
|
||||
// are also ignored to enable such feature.
|
||||
//
|
||||
if ((Error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT) ||
|
||||
(Error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)) {
|
||||
Obj = (X509_OBJECT *) malloc (sizeof (X509_OBJECT));
|
||||
if (Obj == NULL) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
Obj->type = X509_LU_X509;
|
||||
Obj->data.x509 = Context->current_cert;
|
||||
|
||||
CRYPTO_w_lock (CRYPTO_LOCK_X509_STORE);
|
||||
|
||||
if (X509_OBJECT_retrieve_match (Context->ctx->objs, Obj)) {
|
||||
Status = 1;
|
||||
} else {
|
||||
//
|
||||
// If any certificate in the chain is enrolled as trusted certificate,
|
||||
// pass the certificate verification.
|
||||
//
|
||||
if (Error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) {
|
||||
Count = (INTN) sk_X509_num (Context->chain);
|
||||
for (Index = 0; Index < Count; Index++) {
|
||||
Obj->data.x509 = sk_X509_value (Context->chain, (int) Index);
|
||||
if (X509_OBJECT_retrieve_match (Context->ctx->objs, Obj)) {
|
||||
Status = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
CRYPTO_w_unlock (CRYPTO_LOCK_X509_STORE);
|
||||
}
|
||||
|
||||
if ((Error == X509_V_ERR_CERT_UNTRUSTED) ||
|
||||
(Error == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)) {
|
||||
Status = 1;
|
||||
}
|
||||
|
||||
if (Obj != NULL) {
|
||||
OPENSSL_free (Obj);
|
||||
}
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
/**
|
||||
Check input P7Data is a wrapped ContentInfo structure or not. If not construct
|
||||
a new structure to wrap P7Data.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
UEFI Authenticated Variable is external input, so this function will do basic
|
||||
check for PKCS#7 data structure.
|
||||
|
||||
@param[in] P7Data Pointer to the PKCS#7 message to verify.
|
||||
@param[in] P7Length Length of the PKCS#7 message in bytes.
|
||||
@param[out] WrapFlag If TRUE P7Data is a ContentInfo structure, otherwise
|
||||
return FALSE.
|
||||
@param[out] WrapData If return status of this function is TRUE:
|
||||
1) when WrapFlag is TRUE, pointer to P7Data.
|
||||
2) when WrapFlag is FALSE, pointer to a new ContentInfo
|
||||
structure. It's caller's responsibility to free this
|
||||
buffer.
|
||||
@param[out] WrapDataSize Length of ContentInfo structure in bytes.
|
||||
|
||||
@retval TRUE The operation is finished successfully.
|
||||
@retval FALSE The operation is failed due to lack of resources.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
WrapPkcs7Data (
|
||||
IN CONST UINT8 *P7Data,
|
||||
IN UINTN P7Length,
|
||||
OUT BOOLEAN *WrapFlag,
|
||||
OUT UINT8 **WrapData,
|
||||
OUT UINTN *WrapDataSize
|
||||
)
|
||||
{
|
||||
BOOLEAN Wrapped;
|
||||
UINT8 *SignedData;
|
||||
|
||||
//
|
||||
// Check whether input P7Data is a wrapped ContentInfo structure or not.
|
||||
//
|
||||
Wrapped = FALSE;
|
||||
if ((P7Data[4] == 0x06) && (P7Data[5] == 0x09)) {
|
||||
if (CompareMem (P7Data + 6, mOidValue, sizeof (mOidValue)) == 0) {
|
||||
if ((P7Data[15] == 0xA0) && (P7Data[16] == 0x82)) {
|
||||
Wrapped = TRUE;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (Wrapped) {
|
||||
*WrapData = (UINT8 *) P7Data;
|
||||
*WrapDataSize = P7Length;
|
||||
} else {
|
||||
//
|
||||
// Wrap PKCS#7 signeddata to a ContentInfo structure - add a header in 19 bytes.
|
||||
//
|
||||
*WrapDataSize = P7Length + 19;
|
||||
*WrapData = malloc (*WrapDataSize);
|
||||
if (*WrapData == NULL) {
|
||||
*WrapFlag = Wrapped;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
SignedData = *WrapData;
|
||||
|
||||
//
|
||||
// Part1: 0x30, 0x82.
|
||||
//
|
||||
SignedData[0] = 0x30;
|
||||
SignedData[1] = 0x82;
|
||||
|
||||
//
|
||||
// Part2: Length1 = P7Length + 19 - 4, in big endian.
|
||||
//
|
||||
SignedData[2] = (UINT8) (((UINT16) (*WrapDataSize - 4)) >> 8);
|
||||
SignedData[3] = (UINT8) (((UINT16) (*WrapDataSize - 4)) & 0xff);
|
||||
|
||||
//
|
||||
// Part3: 0x06, 0x09.
|
||||
//
|
||||
SignedData[4] = 0x06;
|
||||
SignedData[5] = 0x09;
|
||||
|
||||
//
|
||||
// Part4: OID value -- 0x2A 0x86 0x48 0x86 0xF7 0x0D 0x01 0x07 0x02.
|
||||
//
|
||||
CopyMem (SignedData + 6, mOidValue, sizeof (mOidValue));
|
||||
|
||||
//
|
||||
// Part5: 0xA0, 0x82.
|
||||
//
|
||||
SignedData[15] = 0xA0;
|
||||
SignedData[16] = 0x82;
|
||||
|
||||
//
|
||||
// Part6: Length2 = P7Length, in big endian.
|
||||
//
|
||||
SignedData[17] = (UINT8) (((UINT16) P7Length) >> 8);
|
||||
SignedData[18] = (UINT8) (((UINT16) P7Length) & 0xff);
|
||||
|
||||
//
|
||||
// Part7: P7Data.
|
||||
//
|
||||
CopyMem (SignedData + 19, P7Data, P7Length);
|
||||
}
|
||||
|
||||
*WrapFlag = Wrapped;
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:
|
||||
Cryptographic Message Syntax Standard". The input signed data could be wrapped
|
||||
in a ContentInfo structure.
|
||||
|
||||
If P7Data, CertStack, StackLength, TrustedCert or CertLength is NULL, then
|
||||
return FALSE. If P7Length overflow, then return FAlSE.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
UEFI Authenticated Variable is external input, so this function will do basic
|
||||
check for PKCS#7 data structure.
|
||||
|
||||
@param[in] P7Data Pointer to the PKCS#7 message to verify.
|
||||
@param[in] P7Length Length of the PKCS#7 message in bytes.
|
||||
@param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.
|
||||
It's caller's responsiblity to free the buffer.
|
||||
@param[out] StackLength Length of signer's certificates in bytes.
|
||||
@param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.
|
||||
It's caller's responsiblity to free the buffer.
|
||||
@param[out] CertLength Length of the trusted certificate in bytes.
|
||||
|
||||
@retval TRUE The operation is finished successfully.
|
||||
@retval FALSE Error occurs during the operation.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Pkcs7GetSigners (
|
||||
IN CONST UINT8 *P7Data,
|
||||
IN UINTN P7Length,
|
||||
OUT UINT8 **CertStack,
|
||||
OUT UINTN *StackLength,
|
||||
OUT UINT8 **TrustedCert,
|
||||
OUT UINTN *CertLength
|
||||
)
|
||||
{
|
||||
PKCS7 *Pkcs7;
|
||||
BOOLEAN Status;
|
||||
UINT8 *SignedData;
|
||||
UINT8 *Temp;
|
||||
UINTN SignedDataSize;
|
||||
BOOLEAN Wrapped;
|
||||
STACK_OF(X509) *Stack;
|
||||
UINT8 Index;
|
||||
UINT8 *CertBuf;
|
||||
UINT8 *OldBuf;
|
||||
UINTN BufferSize;
|
||||
UINTN OldSize;
|
||||
UINT8 *SingleCert;
|
||||
UINTN SingleCertSize;
|
||||
|
||||
if ((P7Data == NULL) || (CertStack == NULL) || (StackLength == NULL) ||
|
||||
(TrustedCert == NULL) || (CertLength == NULL) || (P7Length > INT_MAX)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize);
|
||||
if (!Status) {
|
||||
return Status;
|
||||
}
|
||||
|
||||
Status = FALSE;
|
||||
Pkcs7 = NULL;
|
||||
Stack = NULL;
|
||||
CertBuf = NULL;
|
||||
OldBuf = NULL;
|
||||
SingleCert = NULL;
|
||||
|
||||
//
|
||||
// Retrieve PKCS#7 Data (DER encoding)
|
||||
//
|
||||
if (SignedDataSize > INT_MAX) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
Temp = SignedData;
|
||||
Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &Temp, (int) SignedDataSize);
|
||||
if (Pkcs7 == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
//
|
||||
// Check if it's PKCS#7 Signed Data (for Authenticode Scenario)
|
||||
//
|
||||
if (!PKCS7_type_is_signed (Pkcs7)) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
Stack = PKCS7_get0_signers(Pkcs7, NULL, PKCS7_BINARY);
|
||||
if (Stack == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
//
|
||||
// Convert CertStack to buffer in following format:
|
||||
// UINT8 CertNumber;
|
||||
// UINT32 Cert1Length;
|
||||
// UINT8 Cert1[];
|
||||
// UINT32 Cert2Length;
|
||||
// UINT8 Cert2[];
|
||||
// ...
|
||||
// UINT32 CertnLength;
|
||||
// UINT8 Certn[];
|
||||
//
|
||||
BufferSize = sizeof (UINT8);
|
||||
OldSize = BufferSize;
|
||||
|
||||
for (Index = 0; ; Index++) {
|
||||
Status = X509PopCertificate (Stack, &SingleCert, &SingleCertSize);
|
||||
if (!Status) {
|
||||
break;
|
||||
}
|
||||
|
||||
OldSize = BufferSize;
|
||||
OldBuf = CertBuf;
|
||||
BufferSize = OldSize + SingleCertSize + sizeof (UINT32);
|
||||
CertBuf = malloc (BufferSize);
|
||||
|
||||
if (CertBuf == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
if (OldBuf != NULL) {
|
||||
CopyMem (CertBuf, OldBuf, OldSize);
|
||||
free (OldBuf);
|
||||
OldBuf = NULL;
|
||||
}
|
||||
|
||||
WriteUnaligned32 ((UINT32 *) (CertBuf + OldSize), (UINT32) SingleCertSize);
|
||||
CopyMem (CertBuf + OldSize + sizeof (UINT32), SingleCert, SingleCertSize);
|
||||
|
||||
free (SingleCert);
|
||||
SingleCert = NULL;
|
||||
}
|
||||
|
||||
if (CertBuf != NULL) {
|
||||
//
|
||||
// Update CertNumber.
|
||||
//
|
||||
CertBuf[0] = Index;
|
||||
|
||||
*CertLength = BufferSize - OldSize - sizeof (UINT32);
|
||||
*TrustedCert = malloc (*CertLength);
|
||||
if (*TrustedCert == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
CopyMem (*TrustedCert, CertBuf + OldSize + sizeof (UINT32), *CertLength);
|
||||
*CertStack = CertBuf;
|
||||
*StackLength = BufferSize;
|
||||
Status = TRUE;
|
||||
}
|
||||
|
||||
_Exit:
|
||||
//
|
||||
// Release Resources
|
||||
//
|
||||
if (!Wrapped) {
|
||||
free (SignedData);
|
||||
}
|
||||
|
||||
if (Pkcs7 != NULL) {
|
||||
PKCS7_free (Pkcs7);
|
||||
}
|
||||
|
||||
if (Stack != NULL) {
|
||||
sk_X509_pop_free(Stack, X509_free);
|
||||
}
|
||||
|
||||
if (SingleCert != NULL) {
|
||||
free (SingleCert);
|
||||
}
|
||||
|
||||
if (!Status && (CertBuf != NULL)) {
|
||||
free (CertBuf);
|
||||
*CertStack = NULL;
|
||||
}
|
||||
|
||||
if (OldBuf != NULL) {
|
||||
free (OldBuf);
|
||||
}
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
/**
|
||||
Wrap function to use free() to free allocated memory for certificates.
|
||||
|
||||
@param[in] Certs Pointer to the certificates to be freed.
|
||||
|
||||
**/
|
||||
VOID
|
||||
EFIAPI
|
||||
Pkcs7FreeSigners (
|
||||
IN UINT8 *Certs
|
||||
)
|
||||
{
|
||||
if (Certs == NULL) {
|
||||
return;
|
||||
}
|
||||
|
||||
free (Certs);
|
||||
}
|
||||
|
||||
/**
|
||||
Verifies the validility of a PKCS#7 signed data as described in "PKCS #7:
|
||||
Cryptographic Message Syntax Standard". The input signed data could be wrapped
|
||||
in a ContentInfo structure.
|
||||
|
||||
If P7Data, TrustedCert or InData is NULL, then return FALSE.
|
||||
If P7Length, CertLength or DataLength overflow, then return FAlSE.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
UEFI Authenticated Variable is external input, so this function will do basic
|
||||
check for PKCS#7 data structure.
|
||||
|
||||
@param[in] P7Data Pointer to the PKCS#7 message to verify.
|
||||
@param[in] P7Length Length of the PKCS#7 message in bytes.
|
||||
@param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
|
||||
is used for certificate chain verification.
|
||||
@param[in] CertLength Length of the trusted certificate in bytes.
|
||||
@param[in] InData Pointer to the content to be verified.
|
||||
@param[in] DataLength Length of InData in bytes.
|
||||
|
||||
@retval TRUE The specified PKCS#7 signed data is valid.
|
||||
@retval FALSE Invalid PKCS#7 signed data.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Pkcs7Verify (
|
||||
IN CONST UINT8 *P7Data,
|
||||
IN UINTN P7Length,
|
||||
IN CONST UINT8 *TrustedCert,
|
||||
IN UINTN CertLength,
|
||||
IN CONST UINT8 *InData,
|
||||
IN UINTN DataLength
|
||||
)
|
||||
{
|
||||
PKCS7 *Pkcs7;
|
||||
BIO *CertBio;
|
||||
BIO *DataBio;
|
||||
BOOLEAN Status;
|
||||
X509 *Cert;
|
||||
X509_STORE *CertStore;
|
||||
UINT8 *SignedData;
|
||||
UINT8 *Temp;
|
||||
UINTN SignedDataSize;
|
||||
BOOLEAN Wrapped;
|
||||
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (P7Data == NULL || TrustedCert == NULL || InData == NULL ||
|
||||
P7Length > INT_MAX || CertLength > INT_MAX || DataLength > INT_MAX) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
Pkcs7 = NULL;
|
||||
CertBio = NULL;
|
||||
DataBio = NULL;
|
||||
Cert = NULL;
|
||||
CertStore = NULL;
|
||||
|
||||
//
|
||||
// Register & Initialize necessary digest algorithms for PKCS#7 Handling
|
||||
//
|
||||
EVP_add_digest (EVP_md5());
|
||||
EVP_add_digest (EVP_sha1());
|
||||
EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA);
|
||||
EVP_add_digest (EVP_sha256());
|
||||
|
||||
Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize);
|
||||
if (!Status) {
|
||||
return Status;
|
||||
}
|
||||
|
||||
Status = FALSE;
|
||||
|
||||
//
|
||||
// Retrieve PKCS#7 Data (DER encoding)
|
||||
//
|
||||
if (SignedDataSize > INT_MAX) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
Temp = SignedData;
|
||||
Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &Temp, (int) SignedDataSize);
|
||||
if (Pkcs7 == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
//
|
||||
// Check if it's PKCS#7 Signed Data (for Authenticode Scenario)
|
||||
//
|
||||
if (!PKCS7_type_is_signed (Pkcs7)) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
//
|
||||
// Read DER-encoded root certificate and Construct X509 Certificate
|
||||
//
|
||||
CertBio = BIO_new (BIO_s_mem ());
|
||||
BIO_write (CertBio, TrustedCert, (int)CertLength);
|
||||
if (CertBio == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
Cert = d2i_X509_bio (CertBio, NULL);
|
||||
if (Cert == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
//
|
||||
// Setup X509 Store for trusted certificate
|
||||
//
|
||||
CertStore = X509_STORE_new ();
|
||||
if (CertStore == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
if (!(X509_STORE_add_cert (CertStore, Cert))) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
//
|
||||
// Register customized X509 verification callback function to support
|
||||
// trusted intermediate certificate anchor.
|
||||
//
|
||||
CertStore->verify_cb = X509VerifyCb;
|
||||
|
||||
//
|
||||
// For generic PKCS#7 handling, InData may be NULL if the content is present
|
||||
// in PKCS#7 structure. So ignore NULL checking here.
|
||||
//
|
||||
DataBio = BIO_new (BIO_s_mem ());
|
||||
BIO_write (DataBio, InData, (int)DataLength);
|
||||
|
||||
//
|
||||
// Verifies the PKCS#7 signedData structure
|
||||
//
|
||||
Status = (BOOLEAN) PKCS7_verify (Pkcs7, NULL, CertStore, DataBio, NULL, PKCS7_BINARY);
|
||||
|
||||
_Exit:
|
||||
//
|
||||
// Release Resources
|
||||
//
|
||||
BIO_free (DataBio);
|
||||
BIO_free (CertBio);
|
||||
X509_free (Cert);
|
||||
X509_STORE_free (CertStore);
|
||||
PKCS7_free (Pkcs7);
|
||||
|
||||
if (!Wrapped) {
|
||||
OPENSSL_free (SignedData);
|
||||
}
|
||||
|
||||
return Status;
|
||||
}
|
|
@ -0,0 +1,100 @@
|
|||
/** @file
|
||||
PKCS#7 SignedData Verification Wrapper Implementation which does not provide
|
||||
real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:
|
||||
Cryptographic Message Syntax Standard". The input signed data could be wrapped
|
||||
in a ContentInfo structure.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] P7Data Pointer to the PKCS#7 message to verify.
|
||||
@param[in] P7Length Length of the PKCS#7 message in bytes.
|
||||
@param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.
|
||||
It's caller's responsiblity to free the buffer.
|
||||
@param[out] StackLength Length of signer's certificates in bytes.
|
||||
@param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.
|
||||
It's caller's responsiblity to free the buffer.
|
||||
@param[out] CertLength Length of the trusted certificate in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Pkcs7GetSigners (
|
||||
IN CONST UINT8 *P7Data,
|
||||
IN UINTN P7Length,
|
||||
OUT UINT8 **CertStack,
|
||||
OUT UINTN *StackLength,
|
||||
OUT UINT8 **TrustedCert,
|
||||
OUT UINTN *CertLength
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Wrap function to use free() to free allocated memory for certificates.
|
||||
|
||||
If the interface is not supported, then ASSERT().
|
||||
|
||||
@param[in] Certs Pointer to the certificates to be freed.
|
||||
|
||||
**/
|
||||
VOID
|
||||
EFIAPI
|
||||
Pkcs7FreeSigners (
|
||||
IN UINT8 *Certs
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
Verifies the validility of a PKCS#7 signed data as described in "PKCS #7:
|
||||
Cryptographic Message Syntax Standard". The input signed data could be wrapped
|
||||
in a ContentInfo structure.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] P7Data Pointer to the PKCS#7 message to verify.
|
||||
@param[in] P7Length Length of the PKCS#7 message in bytes.
|
||||
@param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
|
||||
is used for certificate chain verification.
|
||||
@param[in] CertLength Length of the trusted certificate in bytes.
|
||||
@param[in] InData Pointer to the content to be verified.
|
||||
@param[in] DataLength Length of InData in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Pkcs7Verify (
|
||||
IN CONST UINT8 *P7Data,
|
||||
IN UINTN P7Length,
|
||||
IN CONST UINT8 *TrustedCert,
|
||||
IN UINTN CertLength,
|
||||
IN CONST UINT8 *InData,
|
||||
IN UINTN DataLength
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
|
@ -0,0 +1,319 @@
|
|||
/** @file
|
||||
RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
|
||||
|
||||
This file implements following APIs which provide basic capabilities for RSA:
|
||||
1) RsaNew
|
||||
2) RsaFree
|
||||
3) RsaSetKey
|
||||
4) RsaPkcs1Verify
|
||||
|
||||
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
|
||||
/**
|
||||
Allocates and initializes one RSA context for subsequent use.
|
||||
|
||||
@return Pointer to the RSA context that has been initialized.
|
||||
If the allocations fails, RsaNew() returns NULL.
|
||||
|
||||
**/
|
||||
VOID *
|
||||
EFIAPI
|
||||
RsaNew (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
//
|
||||
// Allocates & Initializes RSA Context by OpenSSL RSA_new()
|
||||
//
|
||||
return (VOID *)RSA_new ();
|
||||
}
|
||||
|
||||
/**
|
||||
Release the specified RSA context.
|
||||
|
||||
@param[in] RsaContext Pointer to the RSA context to be released.
|
||||
|
||||
**/
|
||||
VOID
|
||||
EFIAPI
|
||||
RsaFree (
|
||||
IN VOID *RsaContext
|
||||
)
|
||||
{
|
||||
//
|
||||
// Free OpenSSL RSA Context
|
||||
//
|
||||
RSA_free ((RSA *)RsaContext);
|
||||
}
|
||||
|
||||
/**
|
||||
Sets the tag-designated key component into the established RSA context.
|
||||
|
||||
This function sets the tag-designated RSA key component into the established
|
||||
RSA context from the user-specified non-negative integer (octet string format
|
||||
represented in RSA PKCS#1).
|
||||
If BigNumber is NULL, then the specified key componenet in RSA context is cleared.
|
||||
|
||||
If RsaContext is NULL, then return FALSE.
|
||||
|
||||
@param[in, out] RsaContext Pointer to RSA context being set.
|
||||
@param[in] KeyTag Tag of RSA key component being set.
|
||||
@param[in] BigNumber Pointer to octet integer buffer.
|
||||
If NULL, then the specified key componenet in RSA
|
||||
context is cleared.
|
||||
@param[in] BnSize Size of big number buffer in bytes.
|
||||
If BigNumber is NULL, then it is ignored.
|
||||
|
||||
@retval TRUE RSA key component was set successfully.
|
||||
@retval FALSE Invalid RSA key component tag.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaSetKey (
|
||||
IN OUT VOID *RsaContext,
|
||||
IN RSA_KEY_TAG KeyTag,
|
||||
IN CONST UINT8 *BigNumber,
|
||||
IN UINTN BnSize
|
||||
)
|
||||
{
|
||||
RSA *RsaKey;
|
||||
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (RsaContext == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
RsaKey = (RSA *)RsaContext;
|
||||
//
|
||||
// Set RSA Key Components by converting octet string to OpenSSL BN representation.
|
||||
// NOTE: For RSA public key (used in signature verification), only public components
|
||||
// (N, e) are needed.
|
||||
//
|
||||
switch (KeyTag) {
|
||||
|
||||
//
|
||||
// RSA Public Modulus (N)
|
||||
//
|
||||
case RsaKeyN:
|
||||
if (RsaKey->n != NULL) {
|
||||
BN_free (RsaKey->n);
|
||||
}
|
||||
RsaKey->n = NULL;
|
||||
if (BigNumber == NULL) {
|
||||
break;
|
||||
}
|
||||
RsaKey->n = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->n);
|
||||
break;
|
||||
|
||||
//
|
||||
// RSA Public Exponent (e)
|
||||
//
|
||||
case RsaKeyE:
|
||||
if (RsaKey->e != NULL) {
|
||||
BN_free (RsaKey->e);
|
||||
}
|
||||
RsaKey->e = NULL;
|
||||
if (BigNumber == NULL) {
|
||||
break;
|
||||
}
|
||||
RsaKey->e = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->e);
|
||||
break;
|
||||
|
||||
//
|
||||
// RSA Private Exponent (d)
|
||||
//
|
||||
case RsaKeyD:
|
||||
if (RsaKey->d != NULL) {
|
||||
BN_free (RsaKey->d);
|
||||
}
|
||||
RsaKey->d = NULL;
|
||||
if (BigNumber == NULL) {
|
||||
break;
|
||||
}
|
||||
RsaKey->d = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->d);
|
||||
break;
|
||||
|
||||
//
|
||||
// RSA Secret Prime Factor of Modulus (p)
|
||||
//
|
||||
case RsaKeyP:
|
||||
if (RsaKey->p != NULL) {
|
||||
BN_free (RsaKey->p);
|
||||
}
|
||||
RsaKey->p = NULL;
|
||||
if (BigNumber == NULL) {
|
||||
break;
|
||||
}
|
||||
RsaKey->p = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->p);
|
||||
break;
|
||||
|
||||
//
|
||||
// RSA Secret Prime Factor of Modules (q)
|
||||
//
|
||||
case RsaKeyQ:
|
||||
if (RsaKey->q != NULL) {
|
||||
BN_free (RsaKey->q);
|
||||
}
|
||||
RsaKey->q = NULL;
|
||||
if (BigNumber == NULL) {
|
||||
break;
|
||||
}
|
||||
RsaKey->q = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->q);
|
||||
break;
|
||||
|
||||
//
|
||||
// p's CRT Exponent (== d mod (p - 1))
|
||||
//
|
||||
case RsaKeyDp:
|
||||
if (RsaKey->dmp1 != NULL) {
|
||||
BN_free (RsaKey->dmp1);
|
||||
}
|
||||
RsaKey->dmp1 = NULL;
|
||||
if (BigNumber == NULL) {
|
||||
break;
|
||||
}
|
||||
RsaKey->dmp1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmp1);
|
||||
break;
|
||||
|
||||
//
|
||||
// q's CRT Exponent (== d mod (q - 1))
|
||||
//
|
||||
case RsaKeyDq:
|
||||
if (RsaKey->dmq1 != NULL) {
|
||||
BN_free (RsaKey->dmq1);
|
||||
}
|
||||
RsaKey->dmq1 = NULL;
|
||||
if (BigNumber == NULL) {
|
||||
break;
|
||||
}
|
||||
RsaKey->dmq1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmq1);
|
||||
break;
|
||||
|
||||
//
|
||||
// The CRT Coefficient (== 1/q mod p)
|
||||
//
|
||||
case RsaKeyQInv:
|
||||
if (RsaKey->iqmp != NULL) {
|
||||
BN_free (RsaKey->iqmp);
|
||||
}
|
||||
RsaKey->iqmp = NULL;
|
||||
if (BigNumber == NULL) {
|
||||
break;
|
||||
}
|
||||
RsaKey->iqmp = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->iqmp);
|
||||
break;
|
||||
|
||||
default:
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in
|
||||
RSA PKCS#1.
|
||||
|
||||
If RsaContext is NULL, then return FALSE.
|
||||
If MessageHash is NULL, then return FALSE.
|
||||
If Signature is NULL, then return FALSE.
|
||||
If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
|
||||
|
||||
@param[in] RsaContext Pointer to RSA context for signature verification.
|
||||
@param[in] MessageHash Pointer to octet message hash to be checked.
|
||||
@param[in] HashSize Size of the message hash in bytes.
|
||||
@param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.
|
||||
@param[in] SigSize Size of signature in bytes.
|
||||
|
||||
@retval TRUE Valid signature encoded in PKCS1-v1_5.
|
||||
@retval FALSE Invalid signature or invalid RSA context.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaPkcs1Verify (
|
||||
IN VOID *RsaContext,
|
||||
IN CONST UINT8 *MessageHash,
|
||||
IN UINTN HashSize,
|
||||
IN UINT8 *Signature,
|
||||
IN UINTN SigSize
|
||||
)
|
||||
{
|
||||
INTN Length;
|
||||
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
//
|
||||
// Check for unsupported hash size:
|
||||
// Only MD5, SHA-1 or SHA-256 digest size is supported
|
||||
//
|
||||
if (HashSize != MD5_DIGEST_SIZE && HashSize != SHA1_DIGEST_SIZE && HashSize != SHA256_DIGEST_SIZE) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//
|
||||
// RSA PKCS#1 Signature Decoding using OpenSSL RSA Decryption with Public Key
|
||||
//
|
||||
Length = RSA_public_decrypt (
|
||||
(UINT32) SigSize,
|
||||
Signature,
|
||||
Signature,
|
||||
RsaContext,
|
||||
RSA_PKCS1_PADDING
|
||||
);
|
||||
|
||||
//
|
||||
// Invalid RSA Key or PKCS#1 Padding Checking Failed (if Length < 0)
|
||||
// NOTE: Length should be the addition of HashSize and some DER value.
|
||||
// Ignore more strict length checking here.
|
||||
//
|
||||
if (Length < (INTN) HashSize) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//
|
||||
// Validate the MessageHash and Decoded Signature
|
||||
// NOTE: The decoded Signature should be the DER encoding of the DigestInfo value
|
||||
// DigestInfo ::= SEQUENCE {
|
||||
// digestAlgorithm AlgorithmIdentifier
|
||||
// digest OCTET STRING
|
||||
// }
|
||||
// Then Memory Comparing should skip the DER value of the underlying SEQUENCE
|
||||
// type and AlgorithmIdentifier.
|
||||
//
|
||||
if (CompareMem (MessageHash, Signature + Length - HashSize, HashSize) == 0) {
|
||||
//
|
||||
// Valid RSA PKCS#1 Signature
|
||||
//
|
||||
return TRUE;
|
||||
} else {
|
||||
//
|
||||
// Failed to verification
|
||||
//
|
||||
return FALSE;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,432 @@
|
|||
/** @file
|
||||
RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
|
||||
|
||||
This file implements following APIs which provide more capabilities for RSA:
|
||||
1) RsaGetKey
|
||||
2) RsaGenerateKey
|
||||
3) RsaCheckKey
|
||||
4) RsaPkcs1Sign
|
||||
|
||||
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
//
|
||||
// ASN.1 value for Hash Algorithm ID with the Distringuished Encoding Rules (DER)
|
||||
// Refer to Section 9.2 of PKCS#1 v2.1
|
||||
//
|
||||
CONST UINT8 Asn1IdMd5[] = {
|
||||
0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,
|
||||
0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10
|
||||
};
|
||||
|
||||
CONST UINT8 Asn1IdSha1[] = {
|
||||
0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
|
||||
0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
|
||||
};
|
||||
|
||||
CONST UINT8 Asn1IdSha256[] = {
|
||||
0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
|
||||
0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
|
||||
0x00, 0x04, 0x20
|
||||
};
|
||||
|
||||
/**
|
||||
Gets the tag-designated RSA key component from the established RSA context.
|
||||
|
||||
This function retrieves the tag-designated RSA key component from the
|
||||
established RSA context as a non-negative integer (octet string format
|
||||
represented in RSA PKCS#1).
|
||||
If specified key component has not been set or has been cleared, then returned
|
||||
BnSize is set to 0.
|
||||
If the BigNumber buffer is too small to hold the contents of the key, FALSE
|
||||
is returned and BnSize is set to the required buffer size to obtain the key.
|
||||
|
||||
If RsaContext is NULL, then return FALSE.
|
||||
If BnSize is NULL, then return FALSE.
|
||||
If BnSize is large enough but BigNumber is NULL, then return FALSE.
|
||||
|
||||
@param[in, out] RsaContext Pointer to RSA context being set.
|
||||
@param[in] KeyTag Tag of RSA key component being set.
|
||||
@param[out] BigNumber Pointer to octet integer buffer.
|
||||
@param[in, out] BnSize On input, the size of big number buffer in bytes.
|
||||
On output, the size of data returned in big number buffer in bytes.
|
||||
|
||||
@retval TRUE RSA key component was retrieved successfully.
|
||||
@retval FALSE Invalid RSA key component tag.
|
||||
@retval FALSE BnSize is too small.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaGetKey (
|
||||
IN OUT VOID *RsaContext,
|
||||
IN RSA_KEY_TAG KeyTag,
|
||||
OUT UINT8 *BigNumber,
|
||||
IN OUT UINTN *BnSize
|
||||
)
|
||||
{
|
||||
RSA *RsaKey;
|
||||
BIGNUM *BnKey;
|
||||
UINTN Size;
|
||||
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (RsaContext == NULL || BnSize == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
RsaKey = (RSA *) RsaContext;
|
||||
Size = *BnSize;
|
||||
*BnSize = 0;
|
||||
|
||||
switch (KeyTag) {
|
||||
|
||||
//
|
||||
// RSA Public Modulus (N)
|
||||
//
|
||||
case RsaKeyN:
|
||||
if (RsaKey->n == NULL) {
|
||||
return TRUE;
|
||||
}
|
||||
BnKey = RsaKey->n;
|
||||
break;
|
||||
|
||||
//
|
||||
// RSA Public Exponent (e)
|
||||
//
|
||||
case RsaKeyE:
|
||||
if (RsaKey->e == NULL) {
|
||||
return TRUE;
|
||||
}
|
||||
BnKey = RsaKey->e;
|
||||
break;
|
||||
|
||||
//
|
||||
// RSA Private Exponent (d)
|
||||
//
|
||||
case RsaKeyD:
|
||||
if (RsaKey->d == NULL) {
|
||||
return TRUE;
|
||||
}
|
||||
BnKey = RsaKey->d;
|
||||
break;
|
||||
|
||||
//
|
||||
// RSA Secret Prime Factor of Modulus (p)
|
||||
//
|
||||
case RsaKeyP:
|
||||
if (RsaKey->p == NULL) {
|
||||
return TRUE;
|
||||
}
|
||||
BnKey = RsaKey->p;
|
||||
break;
|
||||
|
||||
//
|
||||
// RSA Secret Prime Factor of Modules (q)
|
||||
//
|
||||
case RsaKeyQ:
|
||||
if (RsaKey->q == NULL) {
|
||||
return TRUE;
|
||||
}
|
||||
BnKey = RsaKey->q;
|
||||
break;
|
||||
|
||||
//
|
||||
// p's CRT Exponent (== d mod (p - 1))
|
||||
//
|
||||
case RsaKeyDp:
|
||||
if (RsaKey->dmp1 == NULL) {
|
||||
return TRUE;
|
||||
}
|
||||
BnKey = RsaKey->dmp1;
|
||||
break;
|
||||
|
||||
//
|
||||
// q's CRT Exponent (== d mod (q - 1))
|
||||
//
|
||||
case RsaKeyDq:
|
||||
if (RsaKey->dmq1 == NULL) {
|
||||
return TRUE;
|
||||
}
|
||||
BnKey = RsaKey->dmq1;
|
||||
break;
|
||||
|
||||
//
|
||||
// The CRT Coefficient (== 1/q mod p)
|
||||
//
|
||||
case RsaKeyQInv:
|
||||
if (RsaKey->iqmp == NULL) {
|
||||
return TRUE;
|
||||
}
|
||||
BnKey = RsaKey->iqmp;
|
||||
break;
|
||||
|
||||
default:
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
*BnSize = Size;
|
||||
Size = BN_num_bytes (BnKey);
|
||||
|
||||
if (*BnSize < Size) {
|
||||
*BnSize = Size;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (BigNumber == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
*BnSize = BN_bn2bin (BnKey, BigNumber) ;
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Generates RSA key components.
|
||||
|
||||
This function generates RSA key components. It takes RSA public exponent E and
|
||||
length in bits of RSA modulus N as input, and generates all key components.
|
||||
If PublicExponent is NULL, the default RSA public exponent (0x10001) will be used.
|
||||
|
||||
Before this function can be invoked, pseudorandom number generator must be correctly
|
||||
initialized by RandomSeed().
|
||||
|
||||
If RsaContext is NULL, then return FALSE.
|
||||
|
||||
@param[in, out] RsaContext Pointer to RSA context being set.
|
||||
@param[in] ModulusLength Length of RSA modulus N in bits.
|
||||
@param[in] PublicExponent Pointer to RSA public exponent.
|
||||
@param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.
|
||||
|
||||
@retval TRUE RSA key component was generated successfully.
|
||||
@retval FALSE Invalid RSA key component tag.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaGenerateKey (
|
||||
IN OUT VOID *RsaContext,
|
||||
IN UINTN ModulusLength,
|
||||
IN CONST UINT8 *PublicExponent,
|
||||
IN UINTN PublicExponentSize
|
||||
)
|
||||
{
|
||||
BIGNUM *KeyE;
|
||||
BOOLEAN RetVal;
|
||||
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (RsaContext == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
KeyE = BN_new ();
|
||||
if (PublicExponent == NULL) {
|
||||
BN_set_word (KeyE, 0x10001);
|
||||
} else {
|
||||
BN_bin2bn (PublicExponent, (UINT32) PublicExponentSize, KeyE);
|
||||
}
|
||||
|
||||
RetVal = FALSE;
|
||||
if (RSA_generate_key_ex ((RSA *) RsaContext, (UINT32) ModulusLength, KeyE, NULL) == 1) {
|
||||
RetVal = TRUE;
|
||||
}
|
||||
|
||||
BN_free (KeyE);
|
||||
return RetVal;
|
||||
}
|
||||
|
||||
/**
|
||||
Validates key components of RSA context.
|
||||
|
||||
This function validates key compoents of RSA context in following aspects:
|
||||
- Whether p is a prime
|
||||
- Whether q is a prime
|
||||
- Whether n = p * q
|
||||
- Whether d*e = 1 mod lcm(p-1,q-1)
|
||||
|
||||
If RsaContext is NULL, then return FALSE.
|
||||
|
||||
@param[in] RsaContext Pointer to RSA context to check.
|
||||
|
||||
@retval TRUE RSA key components are valid.
|
||||
@retval FALSE RSA key components are not valid.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaCheckKey (
|
||||
IN VOID *RsaContext
|
||||
)
|
||||
{
|
||||
UINTN Reason;
|
||||
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (RsaContext == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (RSA_check_key ((RSA *) RsaContext) != 1) {
|
||||
Reason = ERR_GET_REASON (ERR_peek_last_error ());
|
||||
if (Reason == RSA_R_P_NOT_PRIME ||
|
||||
Reason == RSA_R_Q_NOT_PRIME ||
|
||||
Reason == RSA_R_N_DOES_NOT_EQUAL_P_Q ||
|
||||
Reason == RSA_R_D_E_NOT_CONGRUENT_TO_1) {
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs the PKCS1-v1_5 encoding methods defined in RSA PKCS #1.
|
||||
|
||||
@param Message Message buffer to be encoded.
|
||||
@param MessageSize Size of message buffer in bytes.
|
||||
@param DigestInfo Pointer to buffer of digest info for output.
|
||||
|
||||
@return Size of DigestInfo in bytes.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
DigestInfoEncoding (
|
||||
IN CONST UINT8 *Message,
|
||||
IN UINTN MessageSize,
|
||||
OUT UINT8 *DigestInfo
|
||||
)
|
||||
{
|
||||
CONST UINT8 *HashDer;
|
||||
UINTN DerSize;
|
||||
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (Message == NULL || DigestInfo == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//
|
||||
// The original message length is used to determine the hash algorithm since
|
||||
// message is digest value hashed by the specified algorithm.
|
||||
//
|
||||
switch (MessageSize) {
|
||||
case MD5_DIGEST_SIZE:
|
||||
HashDer = Asn1IdMd5;
|
||||
DerSize = sizeof (Asn1IdMd5);
|
||||
break;
|
||||
|
||||
case SHA1_DIGEST_SIZE:
|
||||
HashDer = Asn1IdSha1;
|
||||
DerSize = sizeof (Asn1IdSha1);
|
||||
break;
|
||||
|
||||
case SHA256_DIGEST_SIZE:
|
||||
HashDer = Asn1IdSha256;
|
||||
DerSize = sizeof (Asn1IdSha256);
|
||||
break;
|
||||
|
||||
default:
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
CopyMem (DigestInfo, HashDer, DerSize);
|
||||
CopyMem (DigestInfo + DerSize, Message, MessageSize);
|
||||
|
||||
return (DerSize + MessageSize);
|
||||
}
|
||||
|
||||
/**
|
||||
Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.
|
||||
|
||||
This function carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme defined in
|
||||
RSA PKCS#1.
|
||||
If the Signature buffer is too small to hold the contents of signature, FALSE
|
||||
is returned and SigSize is set to the required buffer size to obtain the signature.
|
||||
|
||||
If RsaContext is NULL, then return FALSE.
|
||||
If MessageHash is NULL, then return FALSE.
|
||||
If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
|
||||
If SigSize is large enough but Signature is NULL, then return FALSE.
|
||||
|
||||
@param[in] RsaContext Pointer to RSA context for signature generation.
|
||||
@param[in] MessageHash Pointer to octet message hash to be signed.
|
||||
@param[in] HashSize Size of the message hash in bytes.
|
||||
@param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature.
|
||||
@param[in, out] SigSize On input, the size of Signature buffer in bytes.
|
||||
On output, the size of data returned in Signature buffer in bytes.
|
||||
|
||||
@retval TRUE Signature successfully generated in PKCS1-v1_5.
|
||||
@retval FALSE Signature generation failed.
|
||||
@retval FALSE SigSize is too small.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaPkcs1Sign (
|
||||
IN VOID *RsaContext,
|
||||
IN CONST UINT8 *MessageHash,
|
||||
IN UINTN HashSize,
|
||||
OUT UINT8 *Signature,
|
||||
IN OUT UINTN *SigSize
|
||||
)
|
||||
{
|
||||
RSA *Rsa;
|
||||
UINTN Size;
|
||||
INTN ReturnVal;
|
||||
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (RsaContext == NULL || MessageHash == NULL ||
|
||||
(HashSize != MD5_DIGEST_SIZE && HashSize != SHA1_DIGEST_SIZE && HashSize != SHA256_DIGEST_SIZE)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
Rsa = (RSA *) RsaContext;
|
||||
Size = BN_num_bytes (Rsa->n);
|
||||
|
||||
if (*SigSize < Size) {
|
||||
*SigSize = Size;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (Signature == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
Size = DigestInfoEncoding (MessageHash, HashSize, Signature);
|
||||
|
||||
ReturnVal = RSA_private_encrypt (
|
||||
(UINT32) Size,
|
||||
Signature,
|
||||
Signature,
|
||||
Rsa,
|
||||
RSA_PKCS1_PADDING
|
||||
);
|
||||
|
||||
if (ReturnVal < (INTN) Size) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
*SigSize = (UINTN)ReturnVal;
|
||||
return TRUE;
|
||||
}
|
||||
|
|
@ -0,0 +1,125 @@
|
|||
/** @file
|
||||
RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
|
||||
|
||||
This file does not provide real capabilities for following APIs in RSA handling:
|
||||
1) RsaGetKey
|
||||
2) RsaGenerateKey
|
||||
3) RsaCheckKey
|
||||
4) RsaPkcs1Sign
|
||||
|
||||
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Gets the tag-designated RSA key component from the established RSA context.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] RsaContext Pointer to RSA context being set.
|
||||
@param[in] KeyTag Tag of RSA key component being set.
|
||||
@param[out] BigNumber Pointer to octet integer buffer.
|
||||
@param[in, out] BnSize On input, the size of big number buffer in bytes.
|
||||
On output, the size of data returned in big number buffer in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaGetKey (
|
||||
IN OUT VOID *RsaContext,
|
||||
IN RSA_KEY_TAG KeyTag,
|
||||
OUT UINT8 *BigNumber,
|
||||
IN OUT UINTN *BnSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Generates RSA key components.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] RsaContext Pointer to RSA context being set.
|
||||
@param[in] ModulusLength Length of RSA modulus N in bits.
|
||||
@param[in] PublicExponent Pointer to RSA public exponent.
|
||||
@param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaGenerateKey (
|
||||
IN OUT VOID *RsaContext,
|
||||
IN UINTN ModulusLength,
|
||||
IN CONST UINT8 *PublicExponent,
|
||||
IN UINTN PublicExponentSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Validates key components of RSA context.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] RsaContext Pointer to RSA context to check.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaCheckKey (
|
||||
IN VOID *RsaContext
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] RsaContext Pointer to RSA context for signature generation.
|
||||
@param[in] MessageHash Pointer to octet message hash to be signed.
|
||||
@param[in] HashSize Size of the message hash in bytes.
|
||||
@param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature.
|
||||
@param[in, out] SigSize On input, the size of Signature buffer in bytes.
|
||||
On output, the size of data returned in Signature buffer in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaPkcs1Sign (
|
||||
IN VOID *RsaContext,
|
||||
IN CONST UINT8 *MessageHash,
|
||||
IN UINTN HashSize,
|
||||
OUT UINT8 *Signature,
|
||||
IN OUT UINTN *SigSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
|
@ -0,0 +1,180 @@
|
|||
/** @file
|
||||
X.509 Certificate Handler Wrapper Implementation which does not provide
|
||||
real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Construct a X509 object from DER-encoded certificate data.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] Cert Pointer to the DER-encoded certificate data.
|
||||
@param[in] CertSize The size of certificate data in bytes.
|
||||
@param[out] SingleX509Cert The generated X509 object.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
X509ConstructCertificate (
|
||||
IN CONST UINT8 *Cert,
|
||||
IN UINTN CertSize,
|
||||
OUT UINT8 **SingleX509Cert
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Construct a X509 stack object from a list of DER-encoded certificate data.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] X509Stack On input, pointer to an existing X509 stack object.
|
||||
On output, pointer to the X509 stack object with new
|
||||
inserted X509 certificate.
|
||||
@param ... A list of DER-encoded single certificate data followed
|
||||
by certificate size. A NULL terminates the list. The
|
||||
pairs are the arguments to X509ConstructCertificate().
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
X509ConstructCertificateStack (
|
||||
IN OUT UINT8 **X509Stack,
|
||||
...
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Release the specified X509 object.
|
||||
|
||||
If the interface is not supported, then ASSERT().
|
||||
|
||||
@param[in] X509Cert Pointer to the X509 object to be released.
|
||||
|
||||
**/
|
||||
VOID
|
||||
EFIAPI
|
||||
X509Free (
|
||||
IN VOID *X509Cert
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
Release the specified X509 stack object.
|
||||
|
||||
If the interface is not supported, then ASSERT().
|
||||
|
||||
@param[in] X509Stack Pointer to the X509 stack object to be released.
|
||||
|
||||
**/
|
||||
VOID
|
||||
EFIAPI
|
||||
X509StackFree (
|
||||
IN VOID *X509Stack
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
Retrieve the subject bytes from one X.509 certificate.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] Cert Pointer to the DER-encoded X509 certificate.
|
||||
@param[in] CertSize Size of the X509 certificate in bytes.
|
||||
@param[out] CertSubject Pointer to the retrieved certificate subject bytes.
|
||||
@param[in, out] SubjectSize The size in bytes of the CertSubject buffer on input,
|
||||
and the size of buffer returned CertSubject on output.
|
||||
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
X509GetSubjectName (
|
||||
IN CONST UINT8 *Cert,
|
||||
IN UINTN CertSize,
|
||||
OUT UINT8 *CertSubject,
|
||||
IN OUT UINTN *SubjectSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Retrieve the RSA Public Key from one DER-encoded X509 certificate.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] Cert Pointer to the DER-encoded X509 certificate.
|
||||
@param[in] CertSize Size of the X509 certificate in bytes.
|
||||
@param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved
|
||||
RSA public key component. Use RsaFree() function to free the
|
||||
resource.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaGetPublicKeyFromX509 (
|
||||
IN CONST UINT8 *Cert,
|
||||
IN UINTN CertSize,
|
||||
OUT VOID **RsaContext
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Verify one X509 certificate was issued by the trusted CA.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] Cert Pointer to the DER-encoded X509 certificate to be verified.
|
||||
@param[in] CertSize Size of the X509 certificate in bytes.
|
||||
@param[in] CACert Pointer to the DER-encoded trusted CA certificate.
|
||||
@param[in] CACertSize Size of the CA Certificate in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
X509VerifyCert (
|
||||
IN CONST UINT8 *Cert,
|
||||
IN UINTN CertSize,
|
||||
IN CONST UINT8 *CACert,
|
||||
IN UINTN CACertSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
|
@ -0,0 +1,63 @@
|
|||
/** @file
|
||||
Pseudorandom Number Generator Wrapper Implementation which does not provide
|
||||
real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
|
||||
/**
|
||||
Sets up the seed value for the pseudorandom number generator.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] Seed Pointer to seed value.
|
||||
If NULL, default seed is used.
|
||||
@param[in] SeedSize Size of seed value.
|
||||
If Seed is NULL, this parameter is ignored.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RandomSeed (
|
||||
IN CONST UINT8 *Seed OPTIONAL,
|
||||
IN UINTN SeedSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Generates a pseudorandom byte stream of the specified size.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[out] Output Pointer to buffer to receive random value.
|
||||
@param[in] Size Size of randome bytes to generate.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RandomBytes (
|
||||
OUT UINT8 *Output,
|
||||
IN UINTN Size
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
|
@ -6,6 +6,11 @@
|
|||
# This external input must be validated carefully to avoid security issue like
|
||||
# buffer overflow, integer overflow.
|
||||
#
|
||||
# Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/
|
||||
# TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
|
||||
# Diffie-Hellman functions, authenticode signature verification functions are
|
||||
# not supported in this instance.
|
||||
#
|
||||
# Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
# This program and the accompanying materials
|
||||
# are licensed and made available under the terms and conditions of the BSD License
|
||||
|
@ -23,7 +28,7 @@
|
|||
FILE_GUID = 78189cc0-727d-46a4-84ea-f7dd860de64a
|
||||
MODULE_TYPE = DXE_RUNTIME_DRIVER
|
||||
VERSION_STRING = 1.0
|
||||
LIBRARY_CLASS = BaseCryptLib
|
||||
LIBRARY_CLASS = BaseCryptLib|DXE_RUNTIME_DRIVER
|
||||
CONSTRUCTOR = RuntimeCryptLibConstructor
|
||||
|
||||
#
|
||||
|
@ -33,12 +38,22 @@
|
|||
#
|
||||
|
||||
[Sources]
|
||||
Hash/CryptMd4Null.c
|
||||
Hash/CryptMd5.c
|
||||
Hash/CryptSha1.c
|
||||
Hash/CryptSha256.c
|
||||
Pk/CryptRsa.c
|
||||
Pk/CryptPkcs7.c
|
||||
Hmac/CryptHmacMd5Null.c
|
||||
Hmac/CryptHmacSha1Null.c
|
||||
Cipher/CryptAesNull.c
|
||||
Cipher/CryptTdesNull.c
|
||||
Cipher/CryptArc4Null.c
|
||||
Pk/CryptRsaBasic.c
|
||||
Pk/CryptRsaExtNull.c
|
||||
Pk/CryptPkcs7SignNull.c
|
||||
Pk/CryptPkcs7Verify.c
|
||||
Pk/CryptDhNull.c
|
||||
Pk/CryptX509.c
|
||||
Pk/CryptAuthenticodeNull.c
|
||||
Pem/CryptPem.c
|
||||
|
||||
SysCall/CrtWrapper.c
|
||||
|
|
|
@ -1,20 +1,16 @@
|
|||
## @file
|
||||
# Cryptographic Library Instance for SMM driver.
|
||||
#
|
||||
# This library instance uses ConstantTimeClock.c thus does not provide
|
||||
# functionality for following APIs which need system time support:
|
||||
# 1) RsaGenerateKey
|
||||
# 2) RsaCheckKey
|
||||
# 3) RsaPkcs1Sign
|
||||
# 4) Pkcs7Sign
|
||||
# 5) DhGenerateParameter
|
||||
# 6) DhGenerateKey
|
||||
#
|
||||
# Caution: This module requires additional review when modified.
|
||||
# This library will have external input - signature.
|
||||
# This external input must be validated carefully to avoid security issue like
|
||||
# buffer overflow, integer overflow.
|
||||
#
|
||||
# Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/
|
||||
# TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
|
||||
# Diffie-Hellman functions, authenticode signature verification functions are
|
||||
# not supported in this instance.
|
||||
#
|
||||
# Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
# This program and the accompanying materials
|
||||
# are licensed and made available under the terms and conditions of the BSD License
|
||||
|
@ -42,12 +38,22 @@
|
|||
#
|
||||
|
||||
[Sources]
|
||||
Hash/CryptMd4Null.c
|
||||
Hash/CryptMd5.c
|
||||
Hash/CryptSha1.c
|
||||
Hash/CryptSha256.c
|
||||
Pk/CryptRsa.c
|
||||
Pk/CryptPkcs7.c
|
||||
Hmac/CryptHmacMd5Null.c
|
||||
Hmac/CryptHmacSha1Null.c
|
||||
Cipher/CryptAesNull.c
|
||||
Cipher/CryptTdesNull.c
|
||||
Cipher/CryptArc4Null.c
|
||||
Pk/CryptRsaBasic.c
|
||||
Pk/CryptRsaExtNull.c
|
||||
Pk/CryptPkcs7SignNull.c
|
||||
Pk/CryptPkcs7Verify.c
|
||||
Pk/CryptDhNull.c
|
||||
Pk/CryptX509.c
|
||||
Pk/CryptAuthenticodeNull.c
|
||||
Pem/CryptPem.c
|
||||
|
||||
SysCall/CrtWrapper.c
|
||||
|
|
|
@ -2,7 +2,14 @@
|
|||
# Cryptographic Library Instance based on Runtime Crypt Protocol.
|
||||
# This instance will be only used by the Authenticated Variable driver for IPF.
|
||||
#
|
||||
# Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
|
||||
# Note: MD4/MD5/SHA1 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions,
|
||||
# AES/TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign/verify
|
||||
# functions, Diffie-Hellman functions, X.509 certificate handler functions,
|
||||
# authenticode signature verification functions, PEM handler functions,
|
||||
# pseudorandom number generator functions, Sha256Duplicate() are not supported
|
||||
# in this instance.
|
||||
#
|
||||
# Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
# This program and the accompanying materials
|
||||
# are licensed and made available under the terms and conditions of the BSD License
|
||||
# which accompanies this distribution. The full text of the license may be found at
|
||||
|
@ -31,6 +38,23 @@
|
|||
[Sources]
|
||||
RuntimeDxeIpfCryptLib.c
|
||||
|
||||
Hash/CryptMd4Null.c
|
||||
Hash/CryptMd5Null.c
|
||||
Hash/CryptSha1Null.c
|
||||
Hmac/CryptHmacMd5Null.c
|
||||
Hmac/CryptHmacSha1Null.c
|
||||
Cipher/CryptAesNull.c
|
||||
Cipher/CryptTdesNull.c
|
||||
Cipher/CryptArc4Null.c
|
||||
Pk/CryptRsaExtNull.c
|
||||
Pk/CryptPkcs7SignNull.c
|
||||
Pk/CryptPkcs7VerifyNull.c
|
||||
Pk/CryptDhNull.c
|
||||
Pk/CryptX509Null.c
|
||||
Pk/CryptAuthenticodeNull.c
|
||||
Pem/CryptPemNull.c
|
||||
Rand/CryptRandNull.c
|
||||
|
||||
[Packages]
|
||||
MdePkg/MdePkg.dec
|
||||
CryptoPkg/CryptoPkg.dec
|
||||
|
|
|
@ -0,0 +1,165 @@
|
|||
/** @file
|
||||
AES Wrapper Implementation which does not provide real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for AES operations.
|
||||
|
||||
Return zero to indicate this interface is not supported.
|
||||
|
||||
@retval 0 This interface is not supported.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
EFIAPI
|
||||
AesGetContextSize (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
Initializes user-supplied memory as AES context for subsequent use.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[out] AesContext Pointer to AES context being initialized.
|
||||
@param[in] Key Pointer to the user-supplied AES key.
|
||||
@param[in] KeyLength Length of AES key in bits.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
AesInit (
|
||||
OUT VOID *AesContext,
|
||||
IN CONST UINT8 *Key,
|
||||
IN UINTN KeyLength
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs AES encryption on a data buffer of the specified size in ECB mode.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] AesContext Pointer to the AES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[out] Output Pointer to a buffer that receives the AES encryption output.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
AesEcbEncrypt (
|
||||
IN VOID *AesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs AES decryption on a data buffer of the specified size in ECB mode.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] AesContext Pointer to the AES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be decrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[out] Output Pointer to a buffer that receives the AES decryption output.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
AesEcbDecrypt (
|
||||
IN VOID *AesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs AES encryption on a data buffer of the specified size in CBC mode.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] AesContext Pointer to the AES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[in] Ivec Pointer to initialization vector.
|
||||
@param[out] Output Pointer to a buffer that receives the AES encryption output.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
AesCbcEncrypt (
|
||||
IN VOID *AesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
IN CONST UINT8 *Ivec,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs AES decryption on a data buffer of the specified size in CBC mode.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] AesContext Pointer to the AES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[in] Ivec Pointer to initialization vector.
|
||||
@param[out] Output Pointer to a buffer that receives the AES encryption output.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
AesCbcDecrypt (
|
||||
IN VOID *AesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
IN CONST UINT8 *Ivec,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
|
@ -0,0 +1,130 @@
|
|||
/** @file
|
||||
ARC4 Wrapper Implementation which does not provide real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
|
||||
|
||||
Return zero to indicate this interface is not supported.
|
||||
|
||||
@retval 0 This interface is not supported.
|
||||
|
||||
|
||||
**/
|
||||
UINTN
|
||||
EFIAPI
|
||||
Arc4GetContextSize (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
Initializes user-supplied memory as ARC4 context for subsequent use.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[out] Arc4Context Pointer to ARC4 context being initialized.
|
||||
@param[in] Key Pointer to the user-supplied ARC4 key.
|
||||
@param[in] KeySize Size of ARC4 key in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Arc4Init (
|
||||
OUT VOID *Arc4Context,
|
||||
IN CONST UINT8 *Key,
|
||||
IN UINTN KeySize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs ARC4 encryption on a data buffer of the specified size.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] Arc4Context Pointer to the ARC4 context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Arc4Encrypt (
|
||||
IN OUT VOID *Arc4Context,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs ARC4 decryption on a data buffer of the specified size.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] Arc4Context Pointer to the ARC4 context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be decrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Arc4Decrypt (
|
||||
IN OUT VOID *Arc4Context,
|
||||
IN UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Resets the ARC4 context to the initial state.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] Arc4Context Pointer to the ARC4 context.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Arc4Reset (
|
||||
IN OUT VOID *Arc4Context
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
|
@ -0,0 +1,166 @@
|
|||
/** @file
|
||||
TDES Wrapper Implementation which does not provide real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for TDES operations.
|
||||
|
||||
Return zero to indicate this interface is not supported.
|
||||
|
||||
@retval 0 This interface is not supported.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
EFIAPI
|
||||
TdesGetContextSize (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
Initializes user-supplied memory as TDES context for subsequent use.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[out] TdesContext Pointer to TDES context being initialized.
|
||||
@param[in] Key Pointer to the user-supplied TDES key.
|
||||
@param[in] KeyLength Length of TDES key in bits.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
TdesInit (
|
||||
OUT VOID *TdesContext,
|
||||
IN CONST UINT8 *Key,
|
||||
IN UINTN KeyLength
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs TDES encryption on a data buffer of the specified size in ECB mode.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] TdesContext Pointer to the TDES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
TdesEcbEncrypt (
|
||||
IN VOID *TdesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs TDES decryption on a data buffer of the specified size in ECB mode.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] TdesContext Pointer to the TDES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be decrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[out] Output Pointer to a buffer that receives the TDES decryption output.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
TdesEcbDecrypt (
|
||||
IN VOID *TdesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs TDES encryption on a data buffer of the specified size in CBC mode.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] TdesContext Pointer to the TDES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[in] Ivec Pointer to initialization vector.
|
||||
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
TdesCbcEncrypt (
|
||||
IN VOID *TdesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
IN CONST UINT8 *Ivec,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs TDES decryption on a data buffer of the specified size in CBC mode.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] TdesContext Pointer to the TDES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[in] Ivec Pointer to initialization vector.
|
||||
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
TdesCbcDecrypt (
|
||||
IN VOID *TdesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
IN CONST UINT8 *Ivec,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
|
@ -0,0 +1,124 @@
|
|||
/** @file
|
||||
MD4 Digest Wrapper Implementation which does not provide real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for MD4 hash
|
||||
operations.
|
||||
|
||||
Return zero to indicate this interface is not supported.
|
||||
|
||||
@retval 0 This interface is not supported.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
EFIAPI
|
||||
Md4GetContextSize (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
|
||||
subsequent use.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[out] Md4Context Pointer to MD4 context being initialized.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Md4Init (
|
||||
OUT VOID *Md4Context
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Makes a copy of an existing MD4 context.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] Md4Context Pointer to MD4 context being copied.
|
||||
@param[out] NewMd4Context Pointer to new MD4 context.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Md4Duplicate (
|
||||
IN CONST VOID *Md4Context,
|
||||
OUT VOID *NewMd4Context
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Digests the input data and updates MD4 context.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] Md4Context Pointer to the MD4 context.
|
||||
@param[in] Data Pointer to the buffer containing the data to be hashed.
|
||||
@param[in] DataSize Size of Data buffer in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Md4Update (
|
||||
IN OUT VOID *Md4Context,
|
||||
IN CONST VOID *Data,
|
||||
IN UINTN DataSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Completes computation of the MD4 digest value.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] Md4Context Pointer to the MD4 context.
|
||||
@param[out] HashValue Pointer to a buffer that receives the MD4 digest
|
||||
value (16 bytes).
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Md4Final (
|
||||
IN OUT VOID *Md4Context,
|
||||
OUT UINT8 *HashValue
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
|
@ -0,0 +1,125 @@
|
|||
/** @file
|
||||
MD5 Digest Wrapper Implementation which does not provide real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
|
||||
|
||||
Return zero to indicate this interface is not supported.
|
||||
|
||||
@retval 0 This interface is not supported.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
EFIAPI
|
||||
Md5GetContextSize (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Initializes user-supplied memory pointed by Md5Context as MD5 hash context for
|
||||
subsequent use.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[out] Md5Context Pointer to MD5 context being initialized.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Md5Init (
|
||||
OUT VOID *Md5Context
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Makes a copy of an existing MD5 context.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] Md5Context Pointer to MD5 context being copied.
|
||||
@param[out] NewMd5Context Pointer to new MD5 context.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Md5Duplicate (
|
||||
IN CONST VOID *Md5Context,
|
||||
OUT VOID *NewMd5Context
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Digests the input data and updates MD5 context.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] Md5Context Pointer to the MD5 context.
|
||||
@param[in] Data Pointer to the buffer containing the data to be hashed.
|
||||
@param[in] DataSize Size of Data buffer in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Md5Update (
|
||||
IN OUT VOID *Md5Context,
|
||||
IN CONST VOID *Data,
|
||||
IN UINTN DataSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Completes computation of the MD5 digest value.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] Md5Context Pointer to the MD5 context.
|
||||
@param[out] HashValue Pointer to a buffer that receives the MD5 digest
|
||||
value (16 bytes).
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Md5Final (
|
||||
IN OUT VOID *Md5Context,
|
||||
OUT UINT8 *HashValue
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
|
@ -0,0 +1,125 @@
|
|||
/** @file
|
||||
SHA-1 Digest Wrapper Implementation which does not provide real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations.
|
||||
|
||||
Return zero to indicate this interface is not supported.
|
||||
|
||||
@return The size, in bytes, of the context buffer required for SHA-1 hash operations.
|
||||
@retval 0 This interface is not supported.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
EFIAPI
|
||||
Sha1GetContextSize (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
Initializes user-supplied memory pointed by Sha1Context as SHA-1 hash context for
|
||||
subsequent use.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[out] Sha1Context Pointer to SHA-1 context being initialized.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Sha1Init (
|
||||
OUT VOID *Sha1Context
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Makes a copy of an existing SHA-1 context.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] Sha1Context Pointer to SHA-1 context being copied.
|
||||
@param[out] NewSha1Context Pointer to new SHA-1 context.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Sha1Duplicate (
|
||||
IN CONST VOID *Sha1Context,
|
||||
OUT VOID *NewSha1Context
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Digests the input data and updates SHA-1 context.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] Sha1Context Pointer to the SHA-1 context.
|
||||
@param[in] Data Pointer to the buffer containing the data to be hashed.
|
||||
@param[in] DataSize Size of Data buffer in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Sha1Update (
|
||||
IN OUT VOID *Sha1Context,
|
||||
IN CONST VOID *Data,
|
||||
IN UINTN DataSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Completes computation of the SHA-1 digest value.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] Sha1Context Pointer to the SHA-1 context.
|
||||
@param[out] HashValue Pointer to a buffer that receives the SHA-1 digest
|
||||
value (20 bytes).
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Sha1Final (
|
||||
IN OUT VOID *Sha1Context,
|
||||
OUT UINT8 *HashValue
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
|
@ -0,0 +1,127 @@
|
|||
/** @file
|
||||
HMAC-MD5 Wrapper Implementation which does not provide real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations.
|
||||
|
||||
Return zero to indicate this interface is not supported.
|
||||
|
||||
@retval 0 This interface is not supported.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
EFIAPI
|
||||
HmacMd5GetContextSize (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for
|
||||
subsequent use.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[out] HmacMd5Context Pointer to HMAC-MD5 context being initialized.
|
||||
@param[in] Key Pointer to the user-supplied key.
|
||||
@param[in] KeySize Key size in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
HmacMd5Init (
|
||||
OUT VOID *HmacMd5Context,
|
||||
IN CONST UINT8 *Key,
|
||||
IN UINTN KeySize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Makes a copy of an existing HMAC-MD5 context.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
|
||||
@param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
HmacMd5Duplicate (
|
||||
IN CONST VOID *HmacMd5Context,
|
||||
OUT VOID *NewHmacMd5Context
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Digests the input data and updates HMAC-MD5 context.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
|
||||
@param[in] Data Pointer to the buffer containing the data to be digested.
|
||||
@param[in] DataSize Size of Data buffer in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
HmacMd5Update (
|
||||
IN OUT VOID *HmacMd5Context,
|
||||
IN CONST VOID *Data,
|
||||
IN UINTN DataSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Completes computation of the HMAC-MD5 digest value.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
|
||||
@param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
|
||||
value (16 bytes).
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
HmacMd5Final (
|
||||
IN OUT VOID *HmacMd5Context,
|
||||
OUT UINT8 *HmacValue
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
|
@ -0,0 +1,127 @@
|
|||
/** @file
|
||||
HMAC-SHA1 Wrapper Implementation which does not provide real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations.
|
||||
|
||||
Return zero to indicate this interface is not supported.
|
||||
|
||||
@retval 0 This interface is not supported.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
EFIAPI
|
||||
HmacSha1GetContextSize (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for
|
||||
subsequent use.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[out] HmacSha1Context Pointer to HMAC-SHA1 context being initialized.
|
||||
@param[in] Key Pointer to the user-supplied key.
|
||||
@param[in] KeySize Key size in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
HmacSha1Init (
|
||||
OUT VOID *HmacSha1Context,
|
||||
IN CONST UINT8 *Key,
|
||||
IN UINTN KeySize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Makes a copy of an existing HMAC-SHA1 context.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied.
|
||||
@param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
HmacSha1Duplicate (
|
||||
IN CONST VOID *HmacSha1Context,
|
||||
OUT VOID *NewHmacSha1Context
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Digests the input data and updates HMAC-SHA1 context.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
|
||||
@param[in] Data Pointer to the buffer containing the data to be digested.
|
||||
@param[in] DataSize Size of Data buffer in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
HmacSha1Update (
|
||||
IN OUT VOID *HmacSha1Context,
|
||||
IN CONST VOID *Data,
|
||||
IN UINTN DataSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Completes computation of the HMAC-SHA1 digest value.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
|
||||
@param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest
|
||||
value (20 bytes).
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
HmacSha1Final (
|
||||
IN OUT VOID *HmacSha1Context,
|
||||
OUT UINT8 *HmacValue
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
|
@ -0,0 +1,33 @@
|
|||
/** @file
|
||||
Internal include file for BaseCryptLibRuntimeCryptProtocol.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#ifndef __INTERNAL_CRYPT_LIB_H__
|
||||
#define __INTERNAL_CRYPT_LIB_H__
|
||||
|
||||
#include <Library/BaseLib.h>
|
||||
#include <Library/BaseMemoryLib.h>
|
||||
#include <Library/MemoryAllocationLib.h>
|
||||
#include <Library/DebugLib.h>
|
||||
#include <Library/BaseCryptLib.h>
|
||||
|
||||
//
|
||||
// Environment Setting for OpenSSL-based UEFI Crypto Library.
|
||||
//
|
||||
#ifndef OPENSSL_SYSNAME_UWIN
|
||||
#define OPENSSL_SYSNAME_UWIN
|
||||
#endif
|
||||
|
||||
|
||||
#endif
|
||||
|
|
@ -0,0 +1,44 @@
|
|||
/** @file
|
||||
PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation which does
|
||||
not provide real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Retrieve the RSA Private Key from the password-protected PEM key data.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] PemData Pointer to the PEM-encoded key data to be retrieved.
|
||||
@param[in] PemSize Size of the PEM key data in bytes.
|
||||
@param[in] Password NULL-terminated passphrase used for encrypted PEM key data.
|
||||
@param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved
|
||||
RSA private key component. Use RsaFree() function to free the
|
||||
resource.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaGetPrivateKeyFromPem (
|
||||
IN CONST UINT8 *PemData,
|
||||
IN UINTN PemSize,
|
||||
IN CONST CHAR8 *Password,
|
||||
OUT VOID **RsaContext
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
|
@ -0,0 +1,51 @@
|
|||
/** @file
|
||||
Authenticode Portable Executable Signature Verification which does not provide
|
||||
real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Verifies the validility of a PE/COFF Authenticode Signature as described in "Windows
|
||||
Authenticode Portable Executable Signature Format".
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] AuthData Pointer to the Authenticode Signature retrieved from signed
|
||||
PE/COFF image to be verified.
|
||||
@param[in] DataSize Size of the Authenticode Signature in bytes.
|
||||
@param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
|
||||
is used for certificate chain verification.
|
||||
@param[in] CertSize Size of the trusted certificate in bytes.
|
||||
@param[in] ImageHash Pointer to the original image file hash value. The procudure
|
||||
for calculating the image hash value is described in Authenticode
|
||||
specification.
|
||||
@param[in] HashSize Size of Image hash value in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
AuthenticodeVerify (
|
||||
IN CONST UINT8 *AuthData,
|
||||
IN UINTN DataSize,
|
||||
IN CONST UINT8 *TrustedCert,
|
||||
IN UINTN CertSize,
|
||||
IN CONST UINT8 *ImageHash,
|
||||
IN UINTN HashSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
|
@ -0,0 +1,156 @@
|
|||
/** @file
|
||||
Diffie-Hellman Wrapper Implementation which does not provide
|
||||
real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Allocates and Initializes one Diffie-Hellman Context for subsequent use.
|
||||
|
||||
@return Pointer to the Diffie-Hellman Context that has been initialized.
|
||||
If the interface is not supported, DhNew() returns NULL.
|
||||
|
||||
**/
|
||||
VOID *
|
||||
EFIAPI
|
||||
DhNew (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/**
|
||||
Release the specified DH context.
|
||||
|
||||
If the interface is not supported, then ASSERT().
|
||||
|
||||
@param[in] DhContext Pointer to the DH context to be released.
|
||||
|
||||
**/
|
||||
VOID
|
||||
EFIAPI
|
||||
DhFree (
|
||||
IN VOID *DhContext
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
Generates DH parameter.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] DhContext Pointer to the DH context.
|
||||
@param[in] Generator Value of generator.
|
||||
@param[in] PrimeLength Length in bits of prime to be generated.
|
||||
@param[out] Prime Pointer to the buffer to receive the generated prime number.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
DhGenerateParameter (
|
||||
IN OUT VOID *DhContext,
|
||||
IN UINTN Generator,
|
||||
IN UINTN PrimeLength,
|
||||
OUT UINT8 *Prime
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Sets generator and prime parameters for DH.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] DhContext Pointer to the DH context.
|
||||
@param[in] Generator Value of generator.
|
||||
@param[in] PrimeLength Length in bits of prime to be generated.
|
||||
@param[in] Prime Pointer to the prime number.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
DhSetParameter (
|
||||
IN OUT VOID *DhContext,
|
||||
IN UINTN Generator,
|
||||
IN UINTN PrimeLength,
|
||||
IN CONST UINT8 *Prime
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Generates DH public key.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] DhContext Pointer to the DH context.
|
||||
@param[out] PublicKey Pointer to the buffer to receive generated public key.
|
||||
@param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes.
|
||||
On output, the size of data returned in PublicKey buffer in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
DhGenerateKey (
|
||||
IN OUT VOID *DhContext,
|
||||
OUT UINT8 *PublicKey,
|
||||
IN OUT UINTN *PublicKeySize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Computes exchanged common key.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] DhContext Pointer to the DH context.
|
||||
@param[in] PeerPublicKey Pointer to the peer's public key.
|
||||
@param[in] PeerPublicKeySize Size of peer's public key in bytes.
|
||||
@param[out] Key Pointer to the buffer to receive generated key.
|
||||
@param[in, out] KeySize On input, the size of Key buffer in bytes.
|
||||
On output, the size of data returned in Key buffer in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
DhComputeKey (
|
||||
IN OUT VOID *DhContext,
|
||||
IN CONST UINT8 *PeerPublicKey,
|
||||
IN UINTN PeerPublicKeySize,
|
||||
OUT UINT8 *Key,
|
||||
IN OUT UINTN *KeySize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
|
@ -0,0 +1,59 @@
|
|||
/** @file
|
||||
PKCS#7 SignedData Sign Wrapper Implementation which does not provide real
|
||||
capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
|
||||
Syntax Standard, version 1.5". This interface is only intended to be used for
|
||||
application to perform PKCS#7 functionality validation.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] PrivateKey Pointer to the PEM-formatted private key data for
|
||||
data signing.
|
||||
@param[in] PrivateKeySize Size of the PEM private key data in bytes.
|
||||
@param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM
|
||||
key data.
|
||||
@param[in] InData Pointer to the content to be signed.
|
||||
@param[in] InDataSize Size of InData in bytes.
|
||||
@param[in] SignCert Pointer to signer's DER-encoded certificate to sign with.
|
||||
@param[in] OtherCerts Pointer to an optional additional set of certificates to
|
||||
include in the PKCS#7 signedData (e.g. any intermediate
|
||||
CAs in the chain).
|
||||
@param[out] SignedData Pointer to output PKCS#7 signedData.
|
||||
@param[out] SignedDataSize Size of SignedData in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Pkcs7Sign (
|
||||
IN CONST UINT8 *PrivateKey,
|
||||
IN UINTN PrivateKeySize,
|
||||
IN CONST UINT8 *KeyPassword,
|
||||
IN UINT8 *InData,
|
||||
IN UINTN InDataSize,
|
||||
IN UINT8 *SignCert,
|
||||
IN UINT8 *OtherCerts OPTIONAL,
|
||||
OUT UINT8 **SignedData,
|
||||
OUT UINTN *SignedDataSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
|
@ -0,0 +1,100 @@
|
|||
/** @file
|
||||
PKCS#7 SignedData Verification Wrapper Implementation which does not provide
|
||||
real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:
|
||||
Cryptographic Message Syntax Standard". The input signed data could be wrapped
|
||||
in a ContentInfo structure.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] P7Data Pointer to the PKCS#7 message to verify.
|
||||
@param[in] P7Length Length of the PKCS#7 message in bytes.
|
||||
@param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.
|
||||
It's caller's responsiblity to free the buffer.
|
||||
@param[out] StackLength Length of signer's certificates in bytes.
|
||||
@param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.
|
||||
It's caller's responsiblity to free the buffer.
|
||||
@param[out] CertLength Length of the trusted certificate in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Pkcs7GetSigners (
|
||||
IN CONST UINT8 *P7Data,
|
||||
IN UINTN P7Length,
|
||||
OUT UINT8 **CertStack,
|
||||
OUT UINTN *StackLength,
|
||||
OUT UINT8 **TrustedCert,
|
||||
OUT UINTN *CertLength
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Wrap function to use free() to free allocated memory for certificates.
|
||||
|
||||
If the interface is not supported, then ASSERT().
|
||||
|
||||
@param[in] Certs Pointer to the certificates to be freed.
|
||||
|
||||
**/
|
||||
VOID
|
||||
EFIAPI
|
||||
Pkcs7FreeSigners (
|
||||
IN UINT8 *Certs
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
Verifies the validility of a PKCS#7 signed data as described in "PKCS #7:
|
||||
Cryptographic Message Syntax Standard". The input signed data could be wrapped
|
||||
in a ContentInfo structure.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] P7Data Pointer to the PKCS#7 message to verify.
|
||||
@param[in] P7Length Length of the PKCS#7 message in bytes.
|
||||
@param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
|
||||
is used for certificate chain verification.
|
||||
@param[in] CertLength Length of the trusted certificate in bytes.
|
||||
@param[in] InData Pointer to the content to be verified.
|
||||
@param[in] DataLength Length of InData in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Pkcs7Verify (
|
||||
IN CONST UINT8 *P7Data,
|
||||
IN UINTN P7Length,
|
||||
IN CONST UINT8 *TrustedCert,
|
||||
IN UINTN CertLength,
|
||||
IN CONST UINT8 *InData,
|
||||
IN UINTN DataLength
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
|
@ -0,0 +1,125 @@
|
|||
/** @file
|
||||
RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
|
||||
|
||||
This file does not provide real capabilities for following APIs in RSA handling:
|
||||
1) RsaGetKey
|
||||
2) RsaGenerateKey
|
||||
3) RsaCheckKey
|
||||
4) RsaPkcs1Sign
|
||||
|
||||
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Gets the tag-designated RSA key component from the established RSA context.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] RsaContext Pointer to RSA context being set.
|
||||
@param[in] KeyTag Tag of RSA key component being set.
|
||||
@param[out] BigNumber Pointer to octet integer buffer.
|
||||
@param[in, out] BnSize On input, the size of big number buffer in bytes.
|
||||
On output, the size of data returned in big number buffer in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaGetKey (
|
||||
IN OUT VOID *RsaContext,
|
||||
IN RSA_KEY_TAG KeyTag,
|
||||
OUT UINT8 *BigNumber,
|
||||
IN OUT UINTN *BnSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Generates RSA key components.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] RsaContext Pointer to RSA context being set.
|
||||
@param[in] ModulusLength Length of RSA modulus N in bits.
|
||||
@param[in] PublicExponent Pointer to RSA public exponent.
|
||||
@param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaGenerateKey (
|
||||
IN OUT VOID *RsaContext,
|
||||
IN UINTN ModulusLength,
|
||||
IN CONST UINT8 *PublicExponent,
|
||||
IN UINTN PublicExponentSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Validates key components of RSA context.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] RsaContext Pointer to RSA context to check.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaCheckKey (
|
||||
IN VOID *RsaContext
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] RsaContext Pointer to RSA context for signature generation.
|
||||
@param[in] MessageHash Pointer to octet message hash to be signed.
|
||||
@param[in] HashSize Size of the message hash in bytes.
|
||||
@param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature.
|
||||
@param[in, out] SigSize On input, the size of Signature buffer in bytes.
|
||||
On output, the size of data returned in Signature buffer in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaPkcs1Sign (
|
||||
IN VOID *RsaContext,
|
||||
IN CONST UINT8 *MessageHash,
|
||||
IN UINTN HashSize,
|
||||
OUT UINT8 *Signature,
|
||||
IN OUT UINTN *SigSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
|
@ -0,0 +1,180 @@
|
|||
/** @file
|
||||
X.509 Certificate Handler Wrapper Implementation which does not provide
|
||||
real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Construct a X509 object from DER-encoded certificate data.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] Cert Pointer to the DER-encoded certificate data.
|
||||
@param[in] CertSize The size of certificate data in bytes.
|
||||
@param[out] SingleX509Cert The generated X509 object.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
X509ConstructCertificate (
|
||||
IN CONST UINT8 *Cert,
|
||||
IN UINTN CertSize,
|
||||
OUT UINT8 **SingleX509Cert
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Construct a X509 stack object from a list of DER-encoded certificate data.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] X509Stack On input, pointer to an existing X509 stack object.
|
||||
On output, pointer to the X509 stack object with new
|
||||
inserted X509 certificate.
|
||||
@param ... A list of DER-encoded single certificate data followed
|
||||
by certificate size. A NULL terminates the list. The
|
||||
pairs are the arguments to X509ConstructCertificate().
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
X509ConstructCertificateStack (
|
||||
IN OUT UINT8 **X509Stack,
|
||||
...
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Release the specified X509 object.
|
||||
|
||||
If the interface is not supported, then ASSERT().
|
||||
|
||||
@param[in] X509Cert Pointer to the X509 object to be released.
|
||||
|
||||
**/
|
||||
VOID
|
||||
EFIAPI
|
||||
X509Free (
|
||||
IN VOID *X509Cert
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
Release the specified X509 stack object.
|
||||
|
||||
If the interface is not supported, then ASSERT().
|
||||
|
||||
@param[in] X509Stack Pointer to the X509 stack object to be released.
|
||||
|
||||
**/
|
||||
VOID
|
||||
EFIAPI
|
||||
X509StackFree (
|
||||
IN VOID *X509Stack
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
Retrieve the subject bytes from one X.509 certificate.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] Cert Pointer to the DER-encoded X509 certificate.
|
||||
@param[in] CertSize Size of the X509 certificate in bytes.
|
||||
@param[out] CertSubject Pointer to the retrieved certificate subject bytes.
|
||||
@param[in, out] SubjectSize The size in bytes of the CertSubject buffer on input,
|
||||
and the size of buffer returned CertSubject on output.
|
||||
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
X509GetSubjectName (
|
||||
IN CONST UINT8 *Cert,
|
||||
IN UINTN CertSize,
|
||||
OUT UINT8 *CertSubject,
|
||||
IN OUT UINTN *SubjectSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Retrieve the RSA Public Key from one DER-encoded X509 certificate.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] Cert Pointer to the DER-encoded X509 certificate.
|
||||
@param[in] CertSize Size of the X509 certificate in bytes.
|
||||
@param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved
|
||||
RSA public key component. Use RsaFree() function to free the
|
||||
resource.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaGetPublicKeyFromX509 (
|
||||
IN CONST UINT8 *Cert,
|
||||
IN UINTN CertSize,
|
||||
OUT VOID **RsaContext
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Verify one X509 certificate was issued by the trusted CA.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] Cert Pointer to the DER-encoded X509 certificate to be verified.
|
||||
@param[in] CertSize Size of the X509 certificate in bytes.
|
||||
@param[in] CACert Pointer to the DER-encoded trusted CA certificate.
|
||||
@param[in] CACertSize Size of the CA Certificate in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
X509VerifyCert (
|
||||
IN CONST UINT8 *Cert,
|
||||
IN UINTN CertSize,
|
||||
IN CONST UINT8 *CACert,
|
||||
IN UINTN CACertSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
|
@ -0,0 +1,63 @@
|
|||
/** @file
|
||||
Pseudorandom Number Generator Wrapper Implementation which does not provide
|
||||
real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
|
||||
/**
|
||||
Sets up the seed value for the pseudorandom number generator.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] Seed Pointer to seed value.
|
||||
If NULL, default seed is used.
|
||||
@param[in] SeedSize Size of seed value.
|
||||
If Seed is NULL, this parameter is ignored.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RandomSeed (
|
||||
IN CONST UINT8 *Seed OPTIONAL,
|
||||
IN UINTN SeedSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Generates a pseudorandom byte stream of the specified size.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[out] Output Pointer to buffer to receive random value.
|
||||
@param[in] Size Size of randome bytes to generate.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RandomBytes (
|
||||
OUT UINT8 *Output,
|
||||
IN UINTN Size
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
|
@ -217,6 +217,29 @@ Sha256Init (
|
|||
}
|
||||
|
||||
|
||||
/**
|
||||
Makes a copy of an existing SHA-256 context.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] Sha256Context Pointer to SHA-256 context being copied.
|
||||
@param[out] NewSha256Context Pointer to new SHA-256 context.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Sha256Duplicate (
|
||||
IN CONST VOID *Sha256Context,
|
||||
OUT VOID *NewSha256Context
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Performs SHA-256 digest on a data buffer of the specified length. This function can
|
||||
be called multiple times to compute the digest of long or discontinuous data streams.
|
||||
|
@ -277,9 +300,9 @@ Sha256Final (
|
|||
}
|
||||
|
||||
/**
|
||||
Allocates and Initializes one RSA Context for subsequent use.
|
||||
Allocates and initializes one RSA context for subsequent use.
|
||||
|
||||
@return Pointer to the RSA Context that has been initialized.
|
||||
@return Pointer to the RSA context that has been initialized.
|
||||
If the allocations fails, RsaNew() returns NULL.
|
||||
|
||||
**/
|
||||
|
@ -297,7 +320,7 @@ RsaNew (
|
|||
}
|
||||
|
||||
/**
|
||||
Release the specified RSA Context.
|
||||
Release the specified RSA context.
|
||||
|
||||
@param[in] RsaContext Pointer to the RSA context to be released.
|
||||
|
||||
|
@ -316,35 +339,41 @@ RsaFree (
|
|||
}
|
||||
|
||||
/**
|
||||
Sets the tag-designated RSA key component into the established RSA context from
|
||||
the user-specified nonnegative integer (octet string format represented in RSA
|
||||
PKCS#1).
|
||||
Sets the tag-designated key component into the established RSA context.
|
||||
|
||||
This function sets the tag-designated RSA key component into the established
|
||||
RSA context from the user-specified non-negative integer (octet string format
|
||||
represented in RSA PKCS#1).
|
||||
If BigNumber is NULL, then the specified key componenet in RSA context is cleared.
|
||||
|
||||
If RsaContext is NULL, then return FALSE.
|
||||
|
||||
@param[in, out] RsaContext Pointer to RSA context being set.
|
||||
@param[in] KeyTag Tag of RSA key component being set.
|
||||
@param[in] BigNumber Pointer to octet integer buffer.
|
||||
@param[in] BnLength Length of big number buffer in bytes.
|
||||
If NULL, then the specified key componenet in RSA
|
||||
context is cleared.
|
||||
@param[in] BnSize Size of big number buffer in bytes.
|
||||
If BigNumber is NULL, then it is ignored.
|
||||
|
||||
@return TRUE RSA key component was set successfully.
|
||||
@return FALSE Invalid RSA key component tag.
|
||||
@retval TRUE RSA key component was set successfully.
|
||||
@retval FALSE Invalid RSA key component tag.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaSetKey (
|
||||
IN OUT VOID *RsaContext,
|
||||
IN RSA_KEY_TAG KeyTag,
|
||||
IN CONST UINT8 *BigNumber,
|
||||
IN UINTN BnLength
|
||||
IN OUT VOID *RsaContext,
|
||||
IN RSA_KEY_TAG KeyTag,
|
||||
IN CONST UINT8 *BigNumber,
|
||||
IN UINTN BnSize
|
||||
)
|
||||
{
|
||||
if (!InternalIsCryptServiveAvailable ()) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return mCryptProtocol->RsaSetKey (RsaContext, KeyTag, BigNumber, BnLength);
|
||||
return mCryptProtocol->RsaSetKey (RsaContext, KeyTag, BigNumber, BnSize);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -354,16 +383,16 @@ RsaSetKey (
|
|||
If RsaContext is NULL, then return FALSE.
|
||||
If MessageHash is NULL, then return FALSE.
|
||||
If Signature is NULL, then return FALSE.
|
||||
If HashLength is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
|
||||
If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
|
||||
|
||||
@param[in] RsaContext Pointer to RSA context for signature verification.
|
||||
@param[in] MessageHash Pointer to octet message hash to be checked.
|
||||
@param[in] HashLength Length of the message hash in bytes.
|
||||
@param[in] HashSize Size of the message hash in bytes.
|
||||
@param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.
|
||||
@param[in] SigLength Length of signature in bytes.
|
||||
@param[in] SigSize Size of signature in bytes.
|
||||
|
||||
@return TRUE Valid signature encoded in PKCS1-v1_5.
|
||||
@return FALSE Invalid signature or invalid RSA context.
|
||||
@retval TRUE Valid signature encoded in PKCS1-v1_5.
|
||||
@retval FALSE Invalid signature or invalid RSA context.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@ -371,9 +400,9 @@ EFIAPI
|
|||
RsaPkcs1Verify (
|
||||
IN VOID *RsaContext,
|
||||
IN CONST UINT8 *MessageHash,
|
||||
IN UINTN HashLength,
|
||||
IN UINTN HashSize,
|
||||
IN UINT8 *Signature,
|
||||
IN UINTN SigLength
|
||||
IN UINTN SigSize
|
||||
)
|
||||
{
|
||||
if (!InternalIsCryptServiveAvailable ()) {
|
||||
|
@ -383,8 +412,8 @@ RsaPkcs1Verify (
|
|||
return mCryptProtocol->RsaPkcs1Verify (
|
||||
RsaContext,
|
||||
MessageHash,
|
||||
HashLength,
|
||||
HashSize,
|
||||
Signature,
|
||||
SigLength
|
||||
SigSize
|
||||
);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue