• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /** @file
2   Defines base cryptographic library APIs.
3   The Base Cryptographic Library provides implementations of basic cryptography
4   primitives (Hash Serials, HMAC, RSA, Diffie-Hellman, etc) for UEFI security
5   functionality enabling.
6 
7 Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
8 This program and the accompanying materials
9 are licensed and made available under the terms and conditions of the BSD License
10 which accompanies this distribution.  The full text of the license may be found at
11 http://opensource.org/licenses/bsd-license.php
12 
13 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
14 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
15 
16 **/
17 
18 #ifndef __BASE_CRYPT_LIB_H__
19 #define __BASE_CRYPT_LIB_H__
20 
21 #include <Uefi/UefiBaseType.h>
22 
23 ///
24 /// MD4 digest size in bytes
25 ///
26 #define MD4_DIGEST_SIZE     16
27 
28 ///
29 /// MD5 digest size in bytes
30 ///
31 #define MD5_DIGEST_SIZE     16
32 
33 ///
34 /// SHA-1 digest size in bytes.
35 ///
36 #define SHA1_DIGEST_SIZE    20
37 
38 ///
39 /// SHA-256 digest size in bytes
40 ///
41 #define SHA256_DIGEST_SIZE  32
42 
43 ///
44 /// SHA-384 digest size in bytes
45 ///
46 #define SHA384_DIGEST_SIZE  48
47 
48 ///
49 /// SHA-512 digest size in bytes
50 ///
51 #define SHA512_DIGEST_SIZE  64
52 
53 ///
54 /// TDES block size in bytes
55 ///
56 #define TDES_BLOCK_SIZE     8
57 
58 ///
59 /// AES block size in bytes
60 ///
61 #define AES_BLOCK_SIZE      16
62 
63 ///
64 /// RSA Key Tags Definition used in RsaSetKey() function for key component identification.
65 ///
66 typedef enum {
67   RsaKeyN,      ///< RSA public Modulus (N)
68   RsaKeyE,      ///< RSA Public exponent (e)
69   RsaKeyD,      ///< RSA Private exponent (d)
70   RsaKeyP,      ///< RSA secret prime factor of Modulus (p)
71   RsaKeyQ,      ///< RSA secret prime factor of Modules (q)
72   RsaKeyDp,     ///< p's CRT exponent (== d mod (p - 1))
73   RsaKeyDq,     ///< q's CRT exponent (== d mod (q - 1))
74   RsaKeyQInv    ///< The CRT coefficient (== 1/q mod p)
75 } RSA_KEY_TAG;
76 
77 //=====================================================================================
78 //    One-Way Cryptographic Hash Primitives
79 //=====================================================================================
80 
81 /**
82   Retrieves the size, in bytes, of the context buffer required for MD4 hash operations.
83 
84   If this interface is not supported, then return zero.
85 
86   @return  The size, in bytes, of the context buffer required for MD4 hash operations.
87   @retval  0   This interface is not supported.
88 
89 **/
90 UINTN
91 EFIAPI
92 Md4GetContextSize (
93   VOID
94   );
95 
96 /**
97   Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
98   subsequent use.
99 
100   If Md4Context is NULL, then return FALSE.
101   If this interface is not supported, then return FALSE.
102 
103   @param[out]  Md4Context  Pointer to MD4 context being initialized.
104 
105   @retval TRUE   MD4 context initialization succeeded.
106   @retval FALSE  MD4 context initialization failed.
107   @retval FALSE  This interface is not supported.
108 
109 **/
110 BOOLEAN
111 EFIAPI
112 Md4Init (
113   OUT  VOID  *Md4Context
114   );
115 
116 /**
117   Makes a copy of an existing MD4 context.
118 
119   If Md4Context is NULL, then return FALSE.
120   If NewMd4Context is NULL, then return FALSE.
121   If this interface is not supported, then return FALSE.
122 
123   @param[in]  Md4Context     Pointer to MD4 context being copied.
124   @param[out] NewMd4Context  Pointer to new MD4 context.
125 
126   @retval TRUE   MD4 context copy succeeded.
127   @retval FALSE  MD4 context copy failed.
128   @retval FALSE  This interface is not supported.
129 
130 **/
131 BOOLEAN
132 EFIAPI
133 Md4Duplicate (
134   IN   CONST VOID  *Md4Context,
135   OUT  VOID        *NewMd4Context
136   );
137 
138 /**
139   Digests the input data and updates MD4 context.
140 
141   This function performs MD4 digest on a data buffer of the specified size.
142   It can be called multiple times to compute the digest of long or discontinuous data streams.
143   MD4 context should be already correctly initialized by Md4Init(), and should not be finalized
144   by Md4Final(). Behavior with invalid context is undefined.
145 
146   If Md4Context is NULL, then return FALSE.
147   If this interface is not supported, then return FALSE.
148 
149   @param[in, out]  Md4Context  Pointer to the MD4 context.
150   @param[in]       Data        Pointer to the buffer containing the data to be hashed.
151   @param[in]       DataSize    Size of Data buffer in bytes.
152 
153   @retval TRUE   MD4 data digest succeeded.
154   @retval FALSE  MD4 data digest failed.
155   @retval FALSE  This interface is not supported.
156 
157 **/
158 BOOLEAN
159 EFIAPI
160 Md4Update (
161   IN OUT  VOID        *Md4Context,
162   IN      CONST VOID  *Data,
163   IN      UINTN       DataSize
164   );
165 
166 /**
167   Completes computation of the MD4 digest value.
168 
169   This function completes MD4 hash computation and retrieves the digest value into
170   the specified memory. After this function has been called, the MD4 context cannot
171   be used again.
172   MD4 context should be already correctly initialized by Md4Init(), and should not be
173   finalized by Md4Final(). Behavior with invalid MD4 context is undefined.
174 
175   If Md4Context is NULL, then return FALSE.
176   If HashValue is NULL, then return FALSE.
177   If this interface is not supported, then return FALSE.
178 
179   @param[in, out]  Md4Context  Pointer to the MD4 context.
180   @param[out]      HashValue   Pointer to a buffer that receives the MD4 digest
181                                value (16 bytes).
182 
183   @retval TRUE   MD4 digest computation succeeded.
184   @retval FALSE  MD4 digest computation failed.
185   @retval FALSE  This interface is not supported.
186 
187 **/
188 BOOLEAN
189 EFIAPI
190 Md4Final (
191   IN OUT  VOID   *Md4Context,
192   OUT     UINT8  *HashValue
193   );
194 
195 /**
196   Computes the MD4 message digest of a input data buffer.
197 
198   This function performs the MD4 message digest of a given data buffer, and places
199   the digest value into the specified memory.
200 
201   If this interface is not supported, then return FALSE.
202 
203   @param[in]   Data        Pointer to the buffer containing the data to be hashed.
204   @param[in]   DataSize    Size of Data buffer in bytes.
205   @param[out]  HashValue   Pointer to a buffer that receives the MD4 digest
206                            value (16 bytes).
207 
208   @retval TRUE   MD4 digest computation succeeded.
209   @retval FALSE  MD4 digest computation failed.
210   @retval FALSE  This interface is not supported.
211 
212 **/
213 BOOLEAN
214 EFIAPI
215 Md4HashAll (
216   IN   CONST VOID  *Data,
217   IN   UINTN       DataSize,
218   OUT  UINT8       *HashValue
219   );
220 
221 /**
222   Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
223 
224   If this interface is not supported, then return zero.
225 
226   @return  The size, in bytes, of the context buffer required for MD5 hash operations.
227   @retval  0   This interface is not supported.
228 
229 **/
230 UINTN
231 EFIAPI
232 Md5GetContextSize (
233   VOID
234   );
235 
236 /**
237   Initializes user-supplied memory pointed by Md5Context as MD5 hash context for
238   subsequent use.
239 
240   If Md5Context is NULL, then return FALSE.
241   If this interface is not supported, then return FALSE.
242 
243   @param[out]  Md5Context  Pointer to MD5 context being initialized.
244 
245   @retval TRUE   MD5 context initialization succeeded.
246   @retval FALSE  MD5 context initialization failed.
247   @retval FALSE  This interface is not supported.
248 
249 **/
250 BOOLEAN
251 EFIAPI
252 Md5Init (
253   OUT  VOID  *Md5Context
254   );
255 
256 /**
257   Makes a copy of an existing MD5 context.
258 
259   If Md5Context is NULL, then return FALSE.
260   If NewMd5Context is NULL, then return FALSE.
261   If this interface is not supported, then return FALSE.
262 
263   @param[in]  Md5Context     Pointer to MD5 context being copied.
264   @param[out] NewMd5Context  Pointer to new MD5 context.
265 
266   @retval TRUE   MD5 context copy succeeded.
267   @retval FALSE  MD5 context copy failed.
268   @retval FALSE  This interface is not supported.
269 
270 **/
271 BOOLEAN
272 EFIAPI
273 Md5Duplicate (
274   IN   CONST VOID  *Md5Context,
275   OUT  VOID        *NewMd5Context
276   );
277 
278 /**
279   Digests the input data and updates MD5 context.
280 
281   This function performs MD5 digest on a data buffer of the specified size.
282   It can be called multiple times to compute the digest of long or discontinuous data streams.
283   MD5 context should be already correctly initialized by Md5Init(), and should not be finalized
284   by Md5Final(). Behavior with invalid context is undefined.
285 
286   If Md5Context is NULL, then return FALSE.
287   If this interface is not supported, then return FALSE.
288 
289   @param[in, out]  Md5Context  Pointer to the MD5 context.
290   @param[in]       Data        Pointer to the buffer containing the data to be hashed.
291   @param[in]       DataSize    Size of Data buffer in bytes.
292 
293   @retval TRUE   MD5 data digest succeeded.
294   @retval FALSE  MD5 data digest failed.
295   @retval FALSE  This interface is not supported.
296 
297 **/
298 BOOLEAN
299 EFIAPI
300 Md5Update (
301   IN OUT  VOID        *Md5Context,
302   IN      CONST VOID  *Data,
303   IN      UINTN       DataSize
304   );
305 
306 /**
307   Completes computation of the MD5 digest value.
308 
309   This function completes MD5 hash computation and retrieves the digest value into
310   the specified memory. After this function has been called, the MD5 context cannot
311   be used again.
312   MD5 context should be already correctly initialized by Md5Init(), and should not be
313   finalized by Md5Final(). Behavior with invalid MD5 context is undefined.
314 
315   If Md5Context is NULL, then return FALSE.
316   If HashValue is NULL, then return FALSE.
317   If this interface is not supported, then return FALSE.
318 
319   @param[in, out]  Md5Context  Pointer to the MD5 context.
320   @param[out]      HashValue   Pointer to a buffer that receives the MD5 digest
321                                value (16 bytes).
322 
323   @retval TRUE   MD5 digest computation succeeded.
324   @retval FALSE  MD5 digest computation failed.
325   @retval FALSE  This interface is not supported.
326 
327 **/
328 BOOLEAN
329 EFIAPI
330 Md5Final (
331   IN OUT  VOID   *Md5Context,
332   OUT     UINT8  *HashValue
333   );
334 
335 /**
336   Computes the MD5 message digest of a input data buffer.
337 
338   This function performs the MD5 message digest of a given data buffer, and places
339   the digest value into the specified memory.
340 
341   If this interface is not supported, then return FALSE.
342 
343   @param[in]   Data        Pointer to the buffer containing the data to be hashed.
344   @param[in]   DataSize    Size of Data buffer in bytes.
345   @param[out]  HashValue   Pointer to a buffer that receives the MD5 digest
346                            value (16 bytes).
347 
348   @retval TRUE   MD5 digest computation succeeded.
349   @retval FALSE  MD5 digest computation failed.
350   @retval FALSE  This interface is not supported.
351 
352 **/
353 BOOLEAN
354 EFIAPI
355 Md5HashAll (
356   IN   CONST VOID  *Data,
357   IN   UINTN       DataSize,
358   OUT  UINT8       *HashValue
359   );
360 
361 /**
362   Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations.
363 
364   If this interface is not supported, then return zero.
365 
366   @return  The size, in bytes, of the context buffer required for SHA-1 hash operations.
367   @retval  0   This interface is not supported.
368 
369 **/
370 UINTN
371 EFIAPI
372 Sha1GetContextSize (
373   VOID
374   );
375 
376 /**
377   Initializes user-supplied memory pointed by Sha1Context as SHA-1 hash context for
378   subsequent use.
379 
380   If Sha1Context is NULL, then return FALSE.
381   If this interface is not supported, then return FALSE.
382 
383   @param[out]  Sha1Context  Pointer to SHA-1 context being initialized.
384 
385   @retval TRUE   SHA-1 context initialization succeeded.
386   @retval FALSE  SHA-1 context initialization failed.
387   @retval FALSE  This interface is not supported.
388 
389 **/
390 BOOLEAN
391 EFIAPI
392 Sha1Init (
393   OUT  VOID  *Sha1Context
394   );
395 
396 /**
397   Makes a copy of an existing SHA-1 context.
398 
399   If Sha1Context is NULL, then return FALSE.
400   If NewSha1Context is NULL, then return FALSE.
401   If this interface is not supported, then return FALSE.
402 
403   @param[in]  Sha1Context     Pointer to SHA-1 context being copied.
404   @param[out] NewSha1Context  Pointer to new SHA-1 context.
405 
406   @retval TRUE   SHA-1 context copy succeeded.
407   @retval FALSE  SHA-1 context copy failed.
408   @retval FALSE  This interface is not supported.
409 
410 **/
411 BOOLEAN
412 EFIAPI
413 Sha1Duplicate (
414   IN   CONST VOID  *Sha1Context,
415   OUT  VOID        *NewSha1Context
416   );
417 
418 /**
419   Digests the input data and updates SHA-1 context.
420 
421   This function performs SHA-1 digest on a data buffer of the specified size.
422   It can be called multiple times to compute the digest of long or discontinuous data streams.
423   SHA-1 context should be already correctly initialized by Sha1Init(), and should not be finalized
424   by Sha1Final(). Behavior with invalid context is undefined.
425 
426   If Sha1Context is NULL, then return FALSE.
427   If this interface is not supported, then return FALSE.
428 
429   @param[in, out]  Sha1Context  Pointer to the SHA-1 context.
430   @param[in]       Data         Pointer to the buffer containing the data to be hashed.
431   @param[in]       DataSize     Size of Data buffer in bytes.
432 
433   @retval TRUE   SHA-1 data digest succeeded.
434   @retval FALSE  SHA-1 data digest failed.
435   @retval FALSE  This interface is not supported.
436 
437 **/
438 BOOLEAN
439 EFIAPI
440 Sha1Update (
441   IN OUT  VOID        *Sha1Context,
442   IN      CONST VOID  *Data,
443   IN      UINTN       DataSize
444   );
445 
446 /**
447   Completes computation of the SHA-1 digest value.
448 
449   This function completes SHA-1 hash computation and retrieves the digest value into
450   the specified memory. After this function has been called, the SHA-1 context cannot
451   be used again.
452   SHA-1 context should be already correctly initialized by Sha1Init(), and should not be
453   finalized by Sha1Final(). Behavior with invalid SHA-1 context is undefined.
454 
455   If Sha1Context is NULL, then return FALSE.
456   If HashValue is NULL, then return FALSE.
457   If this interface is not supported, then return FALSE.
458 
459   @param[in, out]  Sha1Context  Pointer to the SHA-1 context.
460   @param[out]      HashValue    Pointer to a buffer that receives the SHA-1 digest
461                                 value (20 bytes).
462 
463   @retval TRUE   SHA-1 digest computation succeeded.
464   @retval FALSE  SHA-1 digest computation failed.
465   @retval FALSE  This interface is not supported.
466 
467 **/
468 BOOLEAN
469 EFIAPI
470 Sha1Final (
471   IN OUT  VOID   *Sha1Context,
472   OUT     UINT8  *HashValue
473   );
474 
475 /**
476   Computes the SHA-1 message digest of a input data buffer.
477 
478   This function performs the SHA-1 message digest of a given data buffer, and places
479   the digest value into the specified memory.
480 
481   If this interface is not supported, then return FALSE.
482 
483   @param[in]   Data        Pointer to the buffer containing the data to be hashed.
484   @param[in]   DataSize    Size of Data buffer in bytes.
485   @param[out]  HashValue   Pointer to a buffer that receives the SHA-1 digest
486                            value (20 bytes).
487 
488   @retval TRUE   SHA-1 digest computation succeeded.
489   @retval FALSE  SHA-1 digest computation failed.
490   @retval FALSE  This interface is not supported.
491 
492 **/
493 BOOLEAN
494 EFIAPI
495 Sha1HashAll (
496   IN   CONST VOID  *Data,
497   IN   UINTN       DataSize,
498   OUT  UINT8       *HashValue
499   );
500 
501 /**
502   Retrieves the size, in bytes, of the context buffer required for SHA-256 hash operations.
503 
504   @return  The size, in bytes, of the context buffer required for SHA-256 hash operations.
505 
506 **/
507 UINTN
508 EFIAPI
509 Sha256GetContextSize (
510   VOID
511   );
512 
513 /**
514   Initializes user-supplied memory pointed by Sha256Context as SHA-256 hash context for
515   subsequent use.
516 
517   If Sha256Context is NULL, then return FALSE.
518 
519   @param[out]  Sha256Context  Pointer to SHA-256 context being initialized.
520 
521   @retval TRUE   SHA-256 context initialization succeeded.
522   @retval FALSE  SHA-256 context initialization failed.
523 
524 **/
525 BOOLEAN
526 EFIAPI
527 Sha256Init (
528   OUT  VOID  *Sha256Context
529   );
530 
531 /**
532   Makes a copy of an existing SHA-256 context.
533 
534   If Sha256Context is NULL, then return FALSE.
535   If NewSha256Context is NULL, then return FALSE.
536   If this interface is not supported, then return FALSE.
537 
538   @param[in]  Sha256Context     Pointer to SHA-256 context being copied.
539   @param[out] NewSha256Context  Pointer to new SHA-256 context.
540 
541   @retval TRUE   SHA-256 context copy succeeded.
542   @retval FALSE  SHA-256 context copy failed.
543   @retval FALSE  This interface is not supported.
544 
545 **/
546 BOOLEAN
547 EFIAPI
548 Sha256Duplicate (
549   IN   CONST VOID  *Sha256Context,
550   OUT  VOID        *NewSha256Context
551   );
552 
553 /**
554   Digests the input data and updates SHA-256 context.
555 
556   This function performs SHA-256 digest on a data buffer of the specified size.
557   It can be called multiple times to compute the digest of long or discontinuous data streams.
558   SHA-256 context should be already correctly initialized by Sha256Init(), and should not be finalized
559   by Sha256Final(). Behavior with invalid context is undefined.
560 
561   If Sha256Context is NULL, then return FALSE.
562 
563   @param[in, out]  Sha256Context  Pointer to the SHA-256 context.
564   @param[in]       Data           Pointer to the buffer containing the data to be hashed.
565   @param[in]       DataSize       Size of Data buffer in bytes.
566 
567   @retval TRUE   SHA-256 data digest succeeded.
568   @retval FALSE  SHA-256 data digest failed.
569 
570 **/
571 BOOLEAN
572 EFIAPI
573 Sha256Update (
574   IN OUT  VOID        *Sha256Context,
575   IN      CONST VOID  *Data,
576   IN      UINTN       DataSize
577   );
578 
579 /**
580   Completes computation of the SHA-256 digest value.
581 
582   This function completes SHA-256 hash computation and retrieves the digest value into
583   the specified memory. After this function has been called, the SHA-256 context cannot
584   be used again.
585   SHA-256 context should be already correctly initialized by Sha256Init(), and should not be
586   finalized by Sha256Final(). Behavior with invalid SHA-256 context is undefined.
587 
588   If Sha256Context is NULL, then return FALSE.
589   If HashValue is NULL, then return FALSE.
590 
591   @param[in, out]  Sha256Context  Pointer to the SHA-256 context.
592   @param[out]      HashValue      Pointer to a buffer that receives the SHA-256 digest
593                                   value (32 bytes).
594 
595   @retval TRUE   SHA-256 digest computation succeeded.
596   @retval FALSE  SHA-256 digest computation failed.
597 
598 **/
599 BOOLEAN
600 EFIAPI
601 Sha256Final (
602   IN OUT  VOID   *Sha256Context,
603   OUT     UINT8  *HashValue
604   );
605 
606 /**
607   Computes the SHA-256 message digest of a input data buffer.
608 
609   This function performs the SHA-256 message digest of a given data buffer, and places
610   the digest value into the specified memory.
611 
612   If this interface is not supported, then return FALSE.
613 
614   @param[in]   Data        Pointer to the buffer containing the data to be hashed.
615   @param[in]   DataSize    Size of Data buffer in bytes.
616   @param[out]  HashValue   Pointer to a buffer that receives the SHA-256 digest
617                            value (32 bytes).
618 
619   @retval TRUE   SHA-256 digest computation succeeded.
620   @retval FALSE  SHA-256 digest computation failed.
621   @retval FALSE  This interface is not supported.
622 
623 **/
624 BOOLEAN
625 EFIAPI
626 Sha256HashAll (
627   IN   CONST VOID  *Data,
628   IN   UINTN       DataSize,
629   OUT  UINT8       *HashValue
630   );
631 
632 /**
633   Retrieves the size, in bytes, of the context buffer required for SHA-384 hash operations.
634 
635   @return  The size, in bytes, of the context buffer required for SHA-384 hash operations.
636 
637 **/
638 UINTN
639 EFIAPI
640 Sha384GetContextSize (
641   VOID
642   );
643 
644 /**
645   Initializes user-supplied memory pointed by Sha384Context as SHA-384 hash context for
646   subsequent use.
647 
648   If Sha384Context is NULL, then return FALSE.
649 
650   @param[out]  Sha384Context  Pointer to SHA-384 context being initialized.
651 
652   @retval TRUE   SHA-384 context initialization succeeded.
653   @retval FALSE  SHA-384 context initialization failed.
654 
655 **/
656 BOOLEAN
657 EFIAPI
658 Sha384Init (
659   OUT  VOID  *Sha384Context
660   );
661 
662 /**
663   Makes a copy of an existing SHA-384 context.
664 
665   If Sha384Context is NULL, then return FALSE.
666   If NewSha384Context is NULL, then return FALSE.
667   If this interface is not supported, then return FALSE.
668 
669   @param[in]  Sha384Context     Pointer to SHA-384 context being copied.
670   @param[out] NewSha384Context  Pointer to new SHA-384 context.
671 
672   @retval TRUE   SHA-384 context copy succeeded.
673   @retval FALSE  SHA-384 context copy failed.
674   @retval FALSE  This interface is not supported.
675 
676 **/
677 BOOLEAN
678 EFIAPI
679 Sha384Duplicate (
680   IN   CONST VOID  *Sha384Context,
681   OUT  VOID        *NewSha384Context
682   );
683 
684 /**
685   Digests the input data and updates SHA-384 context.
686 
687   This function performs SHA-384 digest on a data buffer of the specified size.
688   It can be called multiple times to compute the digest of long or discontinuous data streams.
689   SHA-384 context should be already correctly initialized by Sha384Init(), and should not be finalized
690   by Sha384Final(). Behavior with invalid context is undefined.
691 
692   If Sha384Context is NULL, then return FALSE.
693 
694   @param[in, out]  Sha384Context  Pointer to the SHA-384 context.
695   @param[in]       Data           Pointer to the buffer containing the data to be hashed.
696   @param[in]       DataSize       Size of Data buffer in bytes.
697 
698   @retval TRUE   SHA-384 data digest succeeded.
699   @retval FALSE  SHA-384 data digest failed.
700 
701 **/
702 BOOLEAN
703 EFIAPI
704 Sha384Update (
705   IN OUT  VOID        *Sha384Context,
706   IN      CONST VOID  *Data,
707   IN      UINTN       DataSize
708   );
709 
710 /**
711   Completes computation of the SHA-384 digest value.
712 
713   This function completes SHA-384 hash computation and retrieves the digest value into
714   the specified memory. After this function has been called, the SHA-384 context cannot
715   be used again.
716   SHA-384 context should be already correctly initialized by Sha384Init(), and should not be
717   finalized by Sha384Final(). Behavior with invalid SHA-384 context is undefined.
718 
719   If Sha384Context is NULL, then return FALSE.
720   If HashValue is NULL, then return FALSE.
721 
722   @param[in, out]  Sha384Context  Pointer to the SHA-384 context.
723   @param[out]      HashValue      Pointer to a buffer that receives the SHA-384 digest
724                                   value (48 bytes).
725 
726   @retval TRUE   SHA-384 digest computation succeeded.
727   @retval FALSE  SHA-384 digest computation failed.
728 
729 **/
730 BOOLEAN
731 EFIAPI
732 Sha384Final (
733   IN OUT  VOID   *Sha384Context,
734   OUT     UINT8  *HashValue
735   );
736 
737 /**
738   Computes the SHA-384 message digest of a input data buffer.
739 
740   This function performs the SHA-384 message digest of a given data buffer, and places
741   the digest value into the specified memory.
742 
743   If this interface is not supported, then return FALSE.
744 
745   @param[in]   Data        Pointer to the buffer containing the data to be hashed.
746   @param[in]   DataSize    Size of Data buffer in bytes.
747   @param[out]  HashValue   Pointer to a buffer that receives the SHA-384 digest
748                            value (48 bytes).
749 
750   @retval TRUE   SHA-384 digest computation succeeded.
751   @retval FALSE  SHA-384 digest computation failed.
752   @retval FALSE  This interface is not supported.
753 
754 **/
755 BOOLEAN
756 EFIAPI
757 Sha384HashAll (
758   IN   CONST VOID  *Data,
759   IN   UINTN       DataSize,
760   OUT  UINT8       *HashValue
761   );
762 
763 /**
764   Retrieves the size, in bytes, of the context buffer required for SHA-512 hash operations.
765 
766   @return  The size, in bytes, of the context buffer required for SHA-512 hash operations.
767 
768 **/
769 UINTN
770 EFIAPI
771 Sha512GetContextSize (
772   VOID
773   );
774 
775 /**
776   Initializes user-supplied memory pointed by Sha512Context as SHA-512 hash context for
777   subsequent use.
778 
779   If Sha512Context is NULL, then return FALSE.
780 
781   @param[out]  Sha512Context  Pointer to SHA-512 context being initialized.
782 
783   @retval TRUE   SHA-512 context initialization succeeded.
784   @retval FALSE  SHA-512 context initialization failed.
785 
786 **/
787 BOOLEAN
788 EFIAPI
789 Sha512Init (
790   OUT  VOID  *Sha512Context
791   );
792 
793 /**
794   Makes a copy of an existing SHA-512 context.
795 
796   If Sha512Context is NULL, then return FALSE.
797   If NewSha512Context is NULL, then return FALSE.
798   If this interface is not supported, then return FALSE.
799 
800   @param[in]  Sha512Context     Pointer to SHA-512 context being copied.
801   @param[out] NewSha512Context  Pointer to new SHA-512 context.
802 
803   @retval TRUE   SHA-512 context copy succeeded.
804   @retval FALSE  SHA-512 context copy failed.
805   @retval FALSE  This interface is not supported.
806 
807 **/
808 BOOLEAN
809 EFIAPI
810 Sha512Duplicate (
811   IN   CONST VOID  *Sha512Context,
812   OUT  VOID        *NewSha512Context
813   );
814 
815 /**
816   Digests the input data and updates SHA-512 context.
817 
818   This function performs SHA-512 digest on a data buffer of the specified size.
819   It can be called multiple times to compute the digest of long or discontinuous data streams.
820   SHA-512 context should be already correctly initialized by Sha512Init(), and should not be finalized
821   by Sha512Final(). Behavior with invalid context is undefined.
822 
823   If Sha512Context is NULL, then return FALSE.
824 
825   @param[in, out]  Sha512Context  Pointer to the SHA-512 context.
826   @param[in]       Data           Pointer to the buffer containing the data to be hashed.
827   @param[in]       DataSize       Size of Data buffer in bytes.
828 
829   @retval TRUE   SHA-512 data digest succeeded.
830   @retval FALSE  SHA-512 data digest failed.
831 
832 **/
833 BOOLEAN
834 EFIAPI
835 Sha512Update (
836   IN OUT  VOID        *Sha512Context,
837   IN      CONST VOID  *Data,
838   IN      UINTN       DataSize
839   );
840 
841 /**
842   Completes computation of the SHA-512 digest value.
843 
844   This function completes SHA-512 hash computation and retrieves the digest value into
845   the specified memory. After this function has been called, the SHA-512 context cannot
846   be used again.
847   SHA-512 context should be already correctly initialized by Sha512Init(), and should not be
848   finalized by Sha512Final(). Behavior with invalid SHA-512 context is undefined.
849 
850   If Sha512Context is NULL, then return FALSE.
851   If HashValue is NULL, then return FALSE.
852 
853   @param[in, out]  Sha512Context  Pointer to the SHA-512 context.
854   @param[out]      HashValue      Pointer to a buffer that receives the SHA-512 digest
855                                   value (64 bytes).
856 
857   @retval TRUE   SHA-512 digest computation succeeded.
858   @retval FALSE  SHA-512 digest computation failed.
859 
860 **/
861 BOOLEAN
862 EFIAPI
863 Sha512Final (
864   IN OUT  VOID   *Sha512Context,
865   OUT     UINT8  *HashValue
866   );
867 
868 /**
869   Computes the SHA-512 message digest of a input data buffer.
870 
871   This function performs the SHA-512 message digest of a given data buffer, and places
872   the digest value into the specified memory.
873 
874   If this interface is not supported, then return FALSE.
875 
876   @param[in]   Data        Pointer to the buffer containing the data to be hashed.
877   @param[in]   DataSize    Size of Data buffer in bytes.
878   @param[out]  HashValue   Pointer to a buffer that receives the SHA-512 digest
879                            value (64 bytes).
880 
881   @retval TRUE   SHA-512 digest computation succeeded.
882   @retval FALSE  SHA-512 digest computation failed.
883   @retval FALSE  This interface is not supported.
884 
885 **/
886 BOOLEAN
887 EFIAPI
888 Sha512HashAll (
889   IN   CONST VOID  *Data,
890   IN   UINTN       DataSize,
891   OUT  UINT8       *HashValue
892   );
893 
894 //=====================================================================================
895 //    MAC (Message Authentication Code) Primitive
896 //=====================================================================================
897 
898 /**
899   Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations.
900 
901   If this interface is not supported, then return zero.
902 
903   @return  The size, in bytes, of the context buffer required for HMAC-MD5 operations.
904   @retval  0   This interface is not supported.
905 
906 **/
907 UINTN
908 EFIAPI
909 HmacMd5GetContextSize (
910   VOID
911   );
912 
913 /**
914   Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for
915   subsequent use.
916 
917   If HmacMd5Context is NULL, then return FALSE.
918   If this interface is not supported, then return FALSE.
919 
920   @param[out]  HmacMd5Context  Pointer to HMAC-MD5 context being initialized.
921   @param[in]   Key             Pointer to the user-supplied key.
922   @param[in]   KeySize         Key size in bytes.
923 
924   @retval TRUE   HMAC-MD5 context initialization succeeded.
925   @retval FALSE  HMAC-MD5 context initialization failed.
926   @retval FALSE  This interface is not supported.
927 
928 **/
929 BOOLEAN
930 EFIAPI
931 HmacMd5Init (
932   OUT  VOID         *HmacMd5Context,
933   IN   CONST UINT8  *Key,
934   IN   UINTN        KeySize
935   );
936 
937 /**
938   Makes a copy of an existing HMAC-MD5 context.
939 
940   If HmacMd5Context is NULL, then return FALSE.
941   If NewHmacMd5Context is NULL, then return FALSE.
942   If this interface is not supported, then return FALSE.
943 
944   @param[in]  HmacMd5Context     Pointer to HMAC-MD5 context being copied.
945   @param[out] NewHmacMd5Context  Pointer to new HMAC-MD5 context.
946 
947   @retval TRUE   HMAC-MD5 context copy succeeded.
948   @retval FALSE  HMAC-MD5 context copy failed.
949   @retval FALSE  This interface is not supported.
950 
951 **/
952 BOOLEAN
953 EFIAPI
954 HmacMd5Duplicate (
955   IN   CONST VOID  *HmacMd5Context,
956   OUT  VOID        *NewHmacMd5Context
957   );
958 
959 /**
960   Digests the input data and updates HMAC-MD5 context.
961 
962   This function performs HMAC-MD5 digest on a data buffer of the specified size.
963   It can be called multiple times to compute the digest of long or discontinuous data streams.
964   HMAC-MD5 context should be already correctly initialized by HmacMd5Init(), and should not be
965   finalized by HmacMd5Final(). Behavior with invalid context is undefined.
966 
967   If HmacMd5Context is NULL, then return FALSE.
968   If this interface is not supported, then return FALSE.
969 
970   @param[in, out]  HmacMd5Context  Pointer to the HMAC-MD5 context.
971   @param[in]       Data            Pointer to the buffer containing the data to be digested.
972   @param[in]       DataSize        Size of Data buffer in bytes.
973 
974   @retval TRUE   HMAC-MD5 data digest succeeded.
975   @retval FALSE  HMAC-MD5 data digest failed.
976   @retval FALSE  This interface is not supported.
977 
978 **/
979 BOOLEAN
980 EFIAPI
981 HmacMd5Update (
982   IN OUT  VOID        *HmacMd5Context,
983   IN      CONST VOID  *Data,
984   IN      UINTN       DataSize
985   );
986 
987 /**
988   Completes computation of the HMAC-MD5 digest value.
989 
990   This function completes HMAC-MD5 hash computation and retrieves the digest value into
991   the specified memory. After this function has been called, the HMAC-MD5 context cannot
992   be used again.
993   HMAC-MD5 context should be already correctly initialized by HmacMd5Init(), and should not be
994   finalized by HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined.
995 
996   If HmacMd5Context is NULL, then return FALSE.
997   If HmacValue is NULL, then return FALSE.
998   If this interface is not supported, then return FALSE.
999 
1000   @param[in, out]  HmacMd5Context  Pointer to the HMAC-MD5 context.
1001   @param[out]      HmacValue       Pointer to a buffer that receives the HMAC-MD5 digest
1002                                    value (16 bytes).
1003 
1004   @retval TRUE   HMAC-MD5 digest computation succeeded.
1005   @retval FALSE  HMAC-MD5 digest computation failed.
1006   @retval FALSE  This interface is not supported.
1007 
1008 **/
1009 BOOLEAN
1010 EFIAPI
1011 HmacMd5Final (
1012   IN OUT  VOID   *HmacMd5Context,
1013   OUT     UINT8  *HmacValue
1014   );
1015 
1016 /**
1017   Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations.
1018 
1019   If this interface is not supported, then return zero.
1020 
1021   @return  The size, in bytes, of the context buffer required for HMAC-SHA1 operations.
1022   @retval  0   This interface is not supported.
1023 
1024 **/
1025 UINTN
1026 EFIAPI
1027 HmacSha1GetContextSize (
1028   VOID
1029   );
1030 
1031 /**
1032   Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for
1033   subsequent use.
1034 
1035   If HmacSha1Context is NULL, then return FALSE.
1036   If this interface is not supported, then return FALSE.
1037 
1038   @param[out]  HmacSha1Context  Pointer to HMAC-SHA1 context being initialized.
1039   @param[in]   Key              Pointer to the user-supplied key.
1040   @param[in]   KeySize          Key size in bytes.
1041 
1042   @retval TRUE   HMAC-SHA1 context initialization succeeded.
1043   @retval FALSE  HMAC-SHA1 context initialization failed.
1044   @retval FALSE  This interface is not supported.
1045 
1046 **/
1047 BOOLEAN
1048 EFIAPI
1049 HmacSha1Init (
1050   OUT  VOID         *HmacSha1Context,
1051   IN   CONST UINT8  *Key,
1052   IN   UINTN        KeySize
1053   );
1054 
1055 /**
1056   Makes a copy of an existing HMAC-SHA1 context.
1057 
1058   If HmacSha1Context is NULL, then return FALSE.
1059   If NewHmacSha1Context is NULL, then return FALSE.
1060   If this interface is not supported, then return FALSE.
1061 
1062   @param[in]  HmacSha1Context     Pointer to HMAC-SHA1 context being copied.
1063   @param[out] NewHmacSha1Context  Pointer to new HMAC-SHA1 context.
1064 
1065   @retval TRUE   HMAC-SHA1 context copy succeeded.
1066   @retval FALSE  HMAC-SHA1 context copy failed.
1067   @retval FALSE  This interface is not supported.
1068 
1069 **/
1070 BOOLEAN
1071 EFIAPI
1072 HmacSha1Duplicate (
1073   IN   CONST VOID  *HmacSha1Context,
1074   OUT  VOID        *NewHmacSha1Context
1075   );
1076 
1077 /**
1078   Digests the input data and updates HMAC-SHA1 context.
1079 
1080   This function performs HMAC-SHA1 digest on a data buffer of the specified size.
1081   It can be called multiple times to compute the digest of long or discontinuous data streams.
1082   HMAC-SHA1 context should be already correctly initialized by HmacSha1Init(), and should not
1083   be finalized by HmacSha1Final(). Behavior with invalid context is undefined.
1084 
1085   If HmacSha1Context is NULL, then return FALSE.
1086   If this interface is not supported, then return FALSE.
1087 
1088   @param[in, out]  HmacSha1Context Pointer to the HMAC-SHA1 context.
1089   @param[in]       Data            Pointer to the buffer containing the data to be digested.
1090   @param[in]       DataSize        Size of Data buffer in bytes.
1091 
1092   @retval TRUE   HMAC-SHA1 data digest succeeded.
1093   @retval FALSE  HMAC-SHA1 data digest failed.
1094   @retval FALSE  This interface is not supported.
1095 
1096 **/
1097 BOOLEAN
1098 EFIAPI
1099 HmacSha1Update (
1100   IN OUT  VOID        *HmacSha1Context,
1101   IN      CONST VOID  *Data,
1102   IN      UINTN       DataSize
1103   );
1104 
1105 /**
1106   Completes computation of the HMAC-SHA1 digest value.
1107 
1108   This function completes HMAC-SHA1 hash computation and retrieves the digest value into
1109   the specified memory. After this function has been called, the HMAC-SHA1 context cannot
1110   be used again.
1111   HMAC-SHA1 context should be already correctly initialized by HmacSha1Init(), and should
1112   not be finalized by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined.
1113 
1114   If HmacSha1Context is NULL, then return FALSE.
1115   If HmacValue is NULL, then return FALSE.
1116   If this interface is not supported, then return FALSE.
1117 
1118   @param[in, out]  HmacSha1Context  Pointer to the HMAC-SHA1 context.
1119   @param[out]      HmacValue        Pointer to a buffer that receives the HMAC-SHA1 digest
1120                                     value (20 bytes).
1121 
1122   @retval TRUE   HMAC-SHA1 digest computation succeeded.
1123   @retval FALSE  HMAC-SHA1 digest computation failed.
1124   @retval FALSE  This interface is not supported.
1125 
1126 **/
1127 BOOLEAN
1128 EFIAPI
1129 HmacSha1Final (
1130   IN OUT  VOID   *HmacSha1Context,
1131   OUT     UINT8  *HmacValue
1132   );
1133 
1134 /**
1135   Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256 operations.
1136 
1137   If this interface is not supported, then return zero.
1138 
1139   @return  The size, in bytes, of the context buffer required for HMAC-SHA256 operations.
1140   @retval  0   This interface is not supported.
1141 
1142 **/
1143 UINTN
1144 EFIAPI
1145 HmacSha256GetContextSize (
1146   VOID
1147   );
1148 
1149 /**
1150   Initializes user-supplied memory pointed by HmacSha256Context as HMAC-SHA256 context for
1151   subsequent use.
1152 
1153   If HmacSha256Context is NULL, then return FALSE.
1154   If this interface is not supported, then return FALSE.
1155 
1156   @param[out]  HmacSha256Context  Pointer to HMAC-SHA256 context being initialized.
1157   @param[in]   Key                Pointer to the user-supplied key.
1158   @param[in]   KeySize            Key size in bytes.
1159 
1160   @retval TRUE   HMAC-SHA256 context initialization succeeded.
1161   @retval FALSE  HMAC-SHA256 context initialization failed.
1162   @retval FALSE  This interface is not supported.
1163 
1164 **/
1165 BOOLEAN
1166 EFIAPI
1167 HmacSha256Init (
1168   OUT  VOID         *HmacSha256Context,
1169   IN   CONST UINT8  *Key,
1170   IN   UINTN        KeySize
1171   );
1172 
1173 /**
1174   Makes a copy of an existing HMAC-SHA256 context.
1175 
1176   If HmacSha256Context is NULL, then return FALSE.
1177   If NewHmacSha256Context is NULL, then return FALSE.
1178   If this interface is not supported, then return FALSE.
1179 
1180   @param[in]  HmacSha256Context     Pointer to HMAC-SHA256 context being copied.
1181   @param[out] NewHmacSha256Context  Pointer to new HMAC-SHA256 context.
1182 
1183   @retval TRUE   HMAC-SHA256 context copy succeeded.
1184   @retval FALSE  HMAC-SHA256 context copy failed.
1185   @retval FALSE  This interface is not supported.
1186 
1187 **/
1188 BOOLEAN
1189 EFIAPI
1190 HmacSha256Duplicate (
1191   IN   CONST VOID  *HmacSha256Context,
1192   OUT  VOID        *NewHmacSha256Context
1193   );
1194 
1195 /**
1196   Digests the input data and updates HMAC-SHA256 context.
1197 
1198   This function performs HMAC-SHA256 digest on a data buffer of the specified size.
1199   It can be called multiple times to compute the digest of long or discontinuous data streams.
1200   HMAC-SHA256 context should be already correctly initialized by HmacSha256Init(), and should not
1201   be finalized by HmacSha256Final(). Behavior with invalid context is undefined.
1202 
1203   If HmacSha256Context is NULL, then return FALSE.
1204   If this interface is not supported, then return FALSE.
1205 
1206   @param[in, out]  HmacSha256Context Pointer to the HMAC-SHA256 context.
1207   @param[in]       Data              Pointer to the buffer containing the data to be digested.
1208   @param[in]       DataSize          Size of Data buffer in bytes.
1209 
1210   @retval TRUE   HMAC-SHA256 data digest succeeded.
1211   @retval FALSE  HMAC-SHA256 data digest failed.
1212   @retval FALSE  This interface is not supported.
1213 
1214 **/
1215 BOOLEAN
1216 EFIAPI
1217 HmacSha256Update (
1218   IN OUT  VOID        *HmacSha256Context,
1219   IN      CONST VOID  *Data,
1220   IN      UINTN       DataSize
1221   );
1222 
1223 /**
1224   Completes computation of the HMAC-SHA256 digest value.
1225 
1226   This function completes HMAC-SHA256 hash computation and retrieves the digest value into
1227   the specified memory. After this function has been called, the HMAC-SHA256 context cannot
1228   be used again.
1229   HMAC-SHA256 context should be already correctly initialized by HmacSha256Init(), and should
1230   not be finalized by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined.
1231 
1232   If HmacSha256Context is NULL, then return FALSE.
1233   If HmacValue is NULL, then return FALSE.
1234   If this interface is not supported, then return FALSE.
1235 
1236   @param[in, out]  HmacSha256Context  Pointer to the HMAC-SHA256 context.
1237   @param[out]      HmacValue          Pointer to a buffer that receives the HMAC-SHA256 digest
1238                                       value (32 bytes).
1239 
1240   @retval TRUE   HMAC-SHA256 digest computation succeeded.
1241   @retval FALSE  HMAC-SHA256 digest computation failed.
1242   @retval FALSE  This interface is not supported.
1243 
1244 **/
1245 BOOLEAN
1246 EFIAPI
1247 HmacSha256Final (
1248   IN OUT  VOID   *HmacSha256Context,
1249   OUT     UINT8  *HmacValue
1250   );
1251 
1252 //=====================================================================================
1253 //    Symmetric Cryptography Primitive
1254 //=====================================================================================
1255 
1256 /**
1257   Retrieves the size, in bytes, of the context buffer required for TDES operations.
1258 
1259   If this interface is not supported, then return zero.
1260 
1261   @return  The size, in bytes, of the context buffer required for TDES operations.
1262   @retval  0   This interface is not supported.
1263 
1264 **/
1265 UINTN
1266 EFIAPI
1267 TdesGetContextSize (
1268   VOID
1269   );
1270 
1271 /**
1272   Initializes user-supplied memory as TDES context for subsequent use.
1273 
1274   This function initializes user-supplied memory pointed by TdesContext as TDES context.
1275   In addition, it sets up all TDES key materials for subsequent encryption and decryption
1276   operations.
1277   There are 3 key options as follows:
1278   KeyLength = 64,  Keying option 1: K1 == K2 == K3 (Backward compatibility with DES)
1279   KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security)
1280   KeyLength = 192  Keying option 3: K1 != K2 != K3 (Strongest)
1281 
1282   If TdesContext is NULL, then return FALSE.
1283   If Key is NULL, then return FALSE.
1284   If KeyLength is not valid, then return FALSE.
1285   If this interface is not supported, then return FALSE.
1286 
1287   @param[out]  TdesContext  Pointer to TDES context being initialized.
1288   @param[in]   Key          Pointer to the user-supplied TDES key.
1289   @param[in]   KeyLength    Length of TDES key in bits.
1290 
1291   @retval TRUE   TDES context initialization succeeded.
1292   @retval FALSE  TDES context initialization failed.
1293   @retval FALSE  This interface is not supported.
1294 
1295 **/
1296 BOOLEAN
1297 EFIAPI
1298 TdesInit (
1299   OUT  VOID         *TdesContext,
1300   IN   CONST UINT8  *Key,
1301   IN   UINTN        KeyLength
1302   );
1303 
1304 /**
1305   Performs TDES encryption on a data buffer of the specified size in ECB mode.
1306 
1307   This function performs TDES encryption on data buffer pointed by Input, of specified
1308   size of InputSize, in ECB mode.
1309   InputSize must be multiple of block size (8 bytes). This function does not perform
1310   padding. Caller must perform padding, if necessary, to ensure valid input data size.
1311   TdesContext should be already correctly initialized by TdesInit(). Behavior with
1312   invalid TDES context is undefined.
1313 
1314   If TdesContext is NULL, then return FALSE.
1315   If Input is NULL, then return FALSE.
1316   If InputSize is not multiple of block size (8 bytes), then return FALSE.
1317   If Output is NULL, then return FALSE.
1318   If this interface is not supported, then return FALSE.
1319 
1320   @param[in]   TdesContext  Pointer to the TDES context.
1321   @param[in]   Input        Pointer to the buffer containing the data to be encrypted.
1322   @param[in]   InputSize    Size of the Input buffer in bytes.
1323   @param[out]  Output       Pointer to a buffer that receives the TDES encryption output.
1324 
1325   @retval TRUE   TDES encryption succeeded.
1326   @retval FALSE  TDES encryption failed.
1327   @retval FALSE  This interface is not supported.
1328 
1329 **/
1330 BOOLEAN
1331 EFIAPI
1332 TdesEcbEncrypt (
1333   IN   VOID         *TdesContext,
1334   IN   CONST UINT8  *Input,
1335   IN   UINTN        InputSize,
1336   OUT  UINT8        *Output
1337   );
1338 
1339 /**
1340   Performs TDES decryption on a data buffer of the specified size in ECB mode.
1341 
1342   This function performs TDES decryption on data buffer pointed by Input, of specified
1343   size of InputSize, in ECB mode.
1344   InputSize must be multiple of block size (8 bytes). This function does not perform
1345   padding. Caller must perform padding, if necessary, to ensure valid input data size.
1346   TdesContext should be already correctly initialized by TdesInit(). Behavior with
1347   invalid TDES context is undefined.
1348 
1349   If TdesContext is NULL, then return FALSE.
1350   If Input is NULL, then return FALSE.
1351   If InputSize is not multiple of block size (8 bytes), then return FALSE.
1352   If Output is NULL, then return FALSE.
1353   If this interface is not supported, then return FALSE.
1354 
1355   @param[in]   TdesContext  Pointer to the TDES context.
1356   @param[in]   Input        Pointer to the buffer containing the data to be decrypted.
1357   @param[in]   InputSize    Size of the Input buffer in bytes.
1358   @param[out]  Output       Pointer to a buffer that receives the TDES decryption output.
1359 
1360   @retval TRUE   TDES decryption succeeded.
1361   @retval FALSE  TDES decryption failed.
1362   @retval FALSE  This interface is not supported.
1363 
1364 **/
1365 BOOLEAN
1366 EFIAPI
1367 TdesEcbDecrypt (
1368   IN   VOID         *TdesContext,
1369   IN   CONST UINT8  *Input,
1370   IN   UINTN        InputSize,
1371   OUT  UINT8        *Output
1372   );
1373 
1374 /**
1375   Performs TDES encryption on a data buffer of the specified size in CBC mode.
1376 
1377   This function performs TDES encryption on data buffer pointed by Input, of specified
1378   size of InputSize, in CBC mode.
1379   InputSize must be multiple of block size (8 bytes). This function does not perform
1380   padding. Caller must perform padding, if necessary, to ensure valid input data size.
1381   Initialization vector should be one block size (8 bytes).
1382   TdesContext should be already correctly initialized by TdesInit(). Behavior with
1383   invalid TDES context is undefined.
1384 
1385   If TdesContext is NULL, then return FALSE.
1386   If Input is NULL, then return FALSE.
1387   If InputSize is not multiple of block size (8 bytes), then return FALSE.
1388   If Ivec is NULL, then return FALSE.
1389   If Output is NULL, then return FALSE.
1390   If this interface is not supported, then return FALSE.
1391 
1392   @param[in]   TdesContext  Pointer to the TDES context.
1393   @param[in]   Input        Pointer to the buffer containing the data to be encrypted.
1394   @param[in]   InputSize    Size of the Input buffer in bytes.
1395   @param[in]   Ivec         Pointer to initialization vector.
1396   @param[out]  Output       Pointer to a buffer that receives the TDES encryption output.
1397 
1398   @retval TRUE   TDES encryption succeeded.
1399   @retval FALSE  TDES encryption failed.
1400   @retval FALSE  This interface is not supported.
1401 
1402 **/
1403 BOOLEAN
1404 EFIAPI
1405 TdesCbcEncrypt (
1406   IN   VOID         *TdesContext,
1407   IN   CONST UINT8  *Input,
1408   IN   UINTN        InputSize,
1409   IN   CONST UINT8  *Ivec,
1410   OUT  UINT8        *Output
1411   );
1412 
1413 /**
1414   Performs TDES decryption on a data buffer of the specified size in CBC mode.
1415 
1416   This function performs TDES decryption on data buffer pointed by Input, of specified
1417   size of InputSize, in CBC mode.
1418   InputSize must be multiple of block size (8 bytes). This function does not perform
1419   padding. Caller must perform padding, if necessary, to ensure valid input data size.
1420   Initialization vector should be one block size (8 bytes).
1421   TdesContext should be already correctly initialized by TdesInit(). Behavior with
1422   invalid TDES context is undefined.
1423 
1424   If TdesContext is NULL, then return FALSE.
1425   If Input is NULL, then return FALSE.
1426   If InputSize is not multiple of block size (8 bytes), then return FALSE.
1427   If Ivec is NULL, then return FALSE.
1428   If Output is NULL, then return FALSE.
1429   If this interface is not supported, then return FALSE.
1430 
1431   @param[in]   TdesContext  Pointer to the TDES context.
1432   @param[in]   Input        Pointer to the buffer containing the data to be encrypted.
1433   @param[in]   InputSize    Size of the Input buffer in bytes.
1434   @param[in]   Ivec         Pointer to initialization vector.
1435   @param[out]  Output       Pointer to a buffer that receives the TDES encryption output.
1436 
1437   @retval TRUE   TDES decryption succeeded.
1438   @retval FALSE  TDES decryption failed.
1439   @retval FALSE  This interface is not supported.
1440 
1441 **/
1442 BOOLEAN
1443 EFIAPI
1444 TdesCbcDecrypt (
1445   IN   VOID         *TdesContext,
1446   IN   CONST UINT8  *Input,
1447   IN   UINTN        InputSize,
1448   IN   CONST UINT8  *Ivec,
1449   OUT  UINT8        *Output
1450   );
1451 
1452 /**
1453   Retrieves the size, in bytes, of the context buffer required for AES operations.
1454 
1455   If this interface is not supported, then return zero.
1456 
1457   @return  The size, in bytes, of the context buffer required for AES operations.
1458   @retval  0   This interface is not supported.
1459 
1460 **/
1461 UINTN
1462 EFIAPI
1463 AesGetContextSize (
1464   VOID
1465   );
1466 
1467 /**
1468   Initializes user-supplied memory as AES context for subsequent use.
1469 
1470   This function initializes user-supplied memory pointed by AesContext as AES context.
1471   In addition, it sets up all AES key materials for subsequent encryption and decryption
1472   operations.
1473   There are 3 options for key length, 128 bits, 192 bits, and 256 bits.
1474 
1475   If AesContext is NULL, then return FALSE.
1476   If Key is NULL, then return FALSE.
1477   If KeyLength is not valid, then return FALSE.
1478   If this interface is not supported, then return FALSE.
1479 
1480   @param[out]  AesContext  Pointer to AES context being initialized.
1481   @param[in]   Key         Pointer to the user-supplied AES key.
1482   @param[in]   KeyLength   Length of AES key in bits.
1483 
1484   @retval TRUE   AES context initialization succeeded.
1485   @retval FALSE  AES context initialization failed.
1486   @retval FALSE  This interface is not supported.
1487 
1488 **/
1489 BOOLEAN
1490 EFIAPI
1491 AesInit (
1492   OUT  VOID         *AesContext,
1493   IN   CONST UINT8  *Key,
1494   IN   UINTN        KeyLength
1495   );
1496 
1497 /**
1498   Performs AES encryption on a data buffer of the specified size in ECB mode.
1499 
1500   This function performs AES encryption on data buffer pointed by Input, of specified
1501   size of InputSize, in ECB mode.
1502   InputSize must be multiple of block size (16 bytes). This function does not perform
1503   padding. Caller must perform padding, if necessary, to ensure valid input data size.
1504   AesContext should be already correctly initialized by AesInit(). Behavior with
1505   invalid AES context is undefined.
1506 
1507   If AesContext is NULL, then return FALSE.
1508   If Input is NULL, then return FALSE.
1509   If InputSize is not multiple of block size (16 bytes), then return FALSE.
1510   If Output is NULL, then return FALSE.
1511   If this interface is not supported, then return FALSE.
1512 
1513   @param[in]   AesContext  Pointer to the AES context.
1514   @param[in]   Input       Pointer to the buffer containing the data to be encrypted.
1515   @param[in]   InputSize   Size of the Input buffer in bytes.
1516   @param[out]  Output      Pointer to a buffer that receives the AES encryption output.
1517 
1518   @retval TRUE   AES encryption succeeded.
1519   @retval FALSE  AES encryption failed.
1520   @retval FALSE  This interface is not supported.
1521 
1522 **/
1523 BOOLEAN
1524 EFIAPI
1525 AesEcbEncrypt (
1526   IN   VOID         *AesContext,
1527   IN   CONST UINT8  *Input,
1528   IN   UINTN        InputSize,
1529   OUT  UINT8        *Output
1530   );
1531 
1532 /**
1533   Performs AES decryption on a data buffer of the specified size in ECB mode.
1534 
1535   This function performs AES decryption on data buffer pointed by Input, of specified
1536   size of InputSize, in ECB mode.
1537   InputSize must be multiple of block size (16 bytes). This function does not perform
1538   padding. Caller must perform padding, if necessary, to ensure valid input data size.
1539   AesContext should be already correctly initialized by AesInit(). Behavior with
1540   invalid AES context is undefined.
1541 
1542   If AesContext is NULL, then return FALSE.
1543   If Input is NULL, then return FALSE.
1544   If InputSize is not multiple of block size (16 bytes), then return FALSE.
1545   If Output is NULL, then return FALSE.
1546   If this interface is not supported, then return FALSE.
1547 
1548   @param[in]   AesContext  Pointer to the AES context.
1549   @param[in]   Input       Pointer to the buffer containing the data to be decrypted.
1550   @param[in]   InputSize   Size of the Input buffer in bytes.
1551   @param[out]  Output      Pointer to a buffer that receives the AES decryption output.
1552 
1553   @retval TRUE   AES decryption succeeded.
1554   @retval FALSE  AES decryption failed.
1555   @retval FALSE  This interface is not supported.
1556 
1557 **/
1558 BOOLEAN
1559 EFIAPI
1560 AesEcbDecrypt (
1561   IN   VOID         *AesContext,
1562   IN   CONST UINT8  *Input,
1563   IN   UINTN        InputSize,
1564   OUT  UINT8        *Output
1565   );
1566 
1567 /**
1568   Performs AES encryption on a data buffer of the specified size in CBC mode.
1569 
1570   This function performs AES encryption on data buffer pointed by Input, of specified
1571   size of InputSize, in CBC mode.
1572   InputSize must be multiple of block size (16 bytes). This function does not perform
1573   padding. Caller must perform padding, if necessary, to ensure valid input data size.
1574   Initialization vector should be one block size (16 bytes).
1575   AesContext should be already correctly initialized by AesInit(). Behavior with
1576   invalid AES context is undefined.
1577 
1578   If AesContext is NULL, then return FALSE.
1579   If Input is NULL, then return FALSE.
1580   If InputSize is not multiple of block size (16 bytes), then return FALSE.
1581   If Ivec is NULL, then return FALSE.
1582   If Output is NULL, then return FALSE.
1583   If this interface is not supported, then return FALSE.
1584 
1585   @param[in]   AesContext  Pointer to the AES context.
1586   @param[in]   Input       Pointer to the buffer containing the data to be encrypted.
1587   @param[in]   InputSize   Size of the Input buffer in bytes.
1588   @param[in]   Ivec        Pointer to initialization vector.
1589   @param[out]  Output      Pointer to a buffer that receives the AES encryption output.
1590 
1591   @retval TRUE   AES encryption succeeded.
1592   @retval FALSE  AES encryption failed.
1593   @retval FALSE  This interface is not supported.
1594 
1595 **/
1596 BOOLEAN
1597 EFIAPI
1598 AesCbcEncrypt (
1599   IN   VOID         *AesContext,
1600   IN   CONST UINT8  *Input,
1601   IN   UINTN        InputSize,
1602   IN   CONST UINT8  *Ivec,
1603   OUT  UINT8        *Output
1604   );
1605 
1606 /**
1607   Performs AES decryption on a data buffer of the specified size in CBC mode.
1608 
1609   This function performs AES decryption on data buffer pointed by Input, of specified
1610   size of InputSize, in CBC mode.
1611   InputSize must be multiple of block size (16 bytes). This function does not perform
1612   padding. Caller must perform padding, if necessary, to ensure valid input data size.
1613   Initialization vector should be one block size (16 bytes).
1614   AesContext should be already correctly initialized by AesInit(). Behavior with
1615   invalid AES context is undefined.
1616 
1617   If AesContext is NULL, then return FALSE.
1618   If Input is NULL, then return FALSE.
1619   If InputSize is not multiple of block size (16 bytes), then return FALSE.
1620   If Ivec is NULL, then return FALSE.
1621   If Output is NULL, then return FALSE.
1622   If this interface is not supported, then return FALSE.
1623 
1624   @param[in]   AesContext  Pointer to the AES context.
1625   @param[in]   Input       Pointer to the buffer containing the data to be encrypted.
1626   @param[in]   InputSize   Size of the Input buffer in bytes.
1627   @param[in]   Ivec        Pointer to initialization vector.
1628   @param[out]  Output      Pointer to a buffer that receives the AES encryption output.
1629 
1630   @retval TRUE   AES decryption succeeded.
1631   @retval FALSE  AES decryption failed.
1632   @retval FALSE  This interface is not supported.
1633 
1634 **/
1635 BOOLEAN
1636 EFIAPI
1637 AesCbcDecrypt (
1638   IN   VOID         *AesContext,
1639   IN   CONST UINT8  *Input,
1640   IN   UINTN        InputSize,
1641   IN   CONST UINT8  *Ivec,
1642   OUT  UINT8        *Output
1643   );
1644 
1645 /**
1646   Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
1647 
1648   If this interface is not supported, then return zero.
1649 
1650   @return  The size, in bytes, of the context buffer required for ARC4 operations.
1651   @retval  0   This interface is not supported.
1652 
1653 **/
1654 UINTN
1655 EFIAPI
1656 Arc4GetContextSize (
1657   VOID
1658   );
1659 
1660 /**
1661   Initializes user-supplied memory as ARC4 context for subsequent use.
1662 
1663   This function initializes user-supplied memory pointed by Arc4Context as ARC4 context.
1664   In addition, it sets up all ARC4 key materials for subsequent encryption and decryption
1665   operations.
1666 
1667   If Arc4Context is NULL, then return FALSE.
1668   If Key is NULL, then return FALSE.
1669   If KeySize does not in the range of [5, 256] bytes, then return FALSE.
1670   If this interface is not supported, then return FALSE.
1671 
1672   @param[out]  Arc4Context  Pointer to ARC4 context being initialized.
1673   @param[in]   Key          Pointer to the user-supplied ARC4 key.
1674   @param[in]   KeySize      Size of ARC4 key in bytes.
1675 
1676   @retval TRUE   ARC4 context initialization succeeded.
1677   @retval FALSE  ARC4 context initialization failed.
1678   @retval FALSE  This interface is not supported.
1679 
1680 **/
1681 BOOLEAN
1682 EFIAPI
1683 Arc4Init (
1684   OUT  VOID         *Arc4Context,
1685   IN   CONST UINT8  *Key,
1686   IN   UINTN        KeySize
1687   );
1688 
1689 /**
1690   Performs ARC4 encryption on a data buffer of the specified size.
1691 
1692   This function performs ARC4 encryption on data buffer pointed by Input, of specified
1693   size of InputSize.
1694   Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
1695   invalid ARC4 context is undefined.
1696 
1697   If Arc4Context is NULL, then return FALSE.
1698   If Input is NULL, then return FALSE.
1699   If Output is NULL, then return FALSE.
1700   If this interface is not supported, then return FALSE.
1701 
1702   @param[in]   Arc4Context  Pointer to the ARC4 context.
1703   @param[in]   Input        Pointer to the buffer containing the data to be encrypted.
1704   @param[in]   InputSize    Size of the Input buffer in bytes.
1705   @param[out]  Output       Pointer to a buffer that receives the ARC4 encryption output.
1706 
1707   @retval TRUE   ARC4 encryption succeeded.
1708   @retval FALSE  ARC4 encryption failed.
1709   @retval FALSE  This interface is not supported.
1710 
1711 **/
1712 BOOLEAN
1713 EFIAPI
1714 Arc4Encrypt (
1715   IN OUT  VOID         *Arc4Context,
1716   IN      CONST UINT8  *Input,
1717   IN      UINTN        InputSize,
1718   OUT     UINT8        *Output
1719   );
1720 
1721 /**
1722   Performs ARC4 decryption on a data buffer of the specified size.
1723 
1724   This function performs ARC4 decryption on data buffer pointed by Input, of specified
1725   size of InputSize.
1726   Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
1727   invalid ARC4 context is undefined.
1728 
1729   If Arc4Context is NULL, then return FALSE.
1730   If Input is NULL, then return FALSE.
1731   If Output is NULL, then return FALSE.
1732   If this interface is not supported, then return FALSE.
1733 
1734   @param[in]   Arc4Context  Pointer to the ARC4 context.
1735   @param[in]   Input        Pointer to the buffer containing the data to be decrypted.
1736   @param[in]   InputSize    Size of the Input buffer in bytes.
1737   @param[out]  Output       Pointer to a buffer that receives the ARC4 decryption output.
1738 
1739   @retval TRUE   ARC4 decryption succeeded.
1740   @retval FALSE  ARC4 decryption failed.
1741   @retval FALSE  This interface is not supported.
1742 
1743 **/
1744 BOOLEAN
1745 EFIAPI
1746 Arc4Decrypt (
1747   IN OUT  VOID   *Arc4Context,
1748   IN      UINT8  *Input,
1749   IN      UINTN  InputSize,
1750   OUT     UINT8  *Output
1751   );
1752 
1753 /**
1754   Resets the ARC4 context to the initial state.
1755 
1756   The function resets the ARC4 context to the state it had immediately after the
1757   ARC4Init() function call.
1758   Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but ARC4 context
1759   should be already correctly initialized by ARC4Init().
1760 
1761   If Arc4Context is NULL, then return FALSE.
1762   If this interface is not supported, then return FALSE.
1763 
1764   @param[in, out]  Arc4Context  Pointer to the ARC4 context.
1765 
1766   @retval TRUE   ARC4 reset succeeded.
1767   @retval FALSE  ARC4 reset failed.
1768   @retval FALSE  This interface is not supported.
1769 
1770 **/
1771 BOOLEAN
1772 EFIAPI
1773 Arc4Reset (
1774   IN OUT  VOID  *Arc4Context
1775   );
1776 
1777 //=====================================================================================
1778 //    Asymmetric Cryptography Primitive
1779 //=====================================================================================
1780 
1781 /**
1782   Allocates and initializes one RSA context for subsequent use.
1783 
1784   @return  Pointer to the RSA context that has been initialized.
1785            If the allocations fails, RsaNew() returns NULL.
1786 
1787 **/
1788 VOID *
1789 EFIAPI
1790 RsaNew (
1791   VOID
1792   );
1793 
1794 /**
1795   Release the specified RSA context.
1796 
1797   If RsaContext is NULL, then return FALSE.
1798 
1799   @param[in]  RsaContext  Pointer to the RSA context to be released.
1800 
1801 **/
1802 VOID
1803 EFIAPI
1804 RsaFree (
1805   IN  VOID  *RsaContext
1806   );
1807 
1808 /**
1809   Sets the tag-designated key component into the established RSA context.
1810 
1811   This function sets the tag-designated RSA key component into the established
1812   RSA context from the user-specified non-negative integer (octet string format
1813   represented in RSA PKCS#1).
1814   If BigNumber is NULL, then the specified key component in RSA context is cleared.
1815 
1816   If RsaContext is NULL, then return FALSE.
1817 
1818   @param[in, out]  RsaContext  Pointer to RSA context being set.
1819   @param[in]       KeyTag      Tag of RSA key component being set.
1820   @param[in]       BigNumber   Pointer to octet integer buffer.
1821                                If NULL, then the specified key component in RSA
1822                                context is cleared.
1823   @param[in]       BnSize      Size of big number buffer in bytes.
1824                                If BigNumber is NULL, then it is ignored.
1825 
1826   @retval  TRUE   RSA key component was set successfully.
1827   @retval  FALSE  Invalid RSA key component tag.
1828 
1829 **/
1830 BOOLEAN
1831 EFIAPI
1832 RsaSetKey (
1833   IN OUT  VOID         *RsaContext,
1834   IN      RSA_KEY_TAG  KeyTag,
1835   IN      CONST UINT8  *BigNumber,
1836   IN      UINTN        BnSize
1837   );
1838 
1839 /**
1840   Gets the tag-designated RSA key component from the established RSA context.
1841 
1842   This function retrieves the tag-designated RSA key component from the
1843   established RSA context as a non-negative integer (octet string format
1844   represented in RSA PKCS#1).
1845   If specified key component has not been set or has been cleared, then returned
1846   BnSize is set to 0.
1847   If the BigNumber buffer is too small to hold the contents of the key, FALSE
1848   is returned and BnSize is set to the required buffer size to obtain the key.
1849 
1850   If RsaContext is NULL, then return FALSE.
1851   If BnSize is NULL, then return FALSE.
1852   If BnSize is large enough but BigNumber is NULL, then return FALSE.
1853   If this interface is not supported, then return FALSE.
1854 
1855   @param[in, out]  RsaContext  Pointer to RSA context being set.
1856   @param[in]       KeyTag      Tag of RSA key component being set.
1857   @param[out]      BigNumber   Pointer to octet integer buffer.
1858   @param[in, out]  BnSize      On input, the size of big number buffer in bytes.
1859                                On output, the size of data returned in big number buffer in bytes.
1860 
1861   @retval  TRUE   RSA key component was retrieved successfully.
1862   @retval  FALSE  Invalid RSA key component tag.
1863   @retval  FALSE  BnSize is too small.
1864   @retval  FALSE  This interface is not supported.
1865 
1866 **/
1867 BOOLEAN
1868 EFIAPI
1869 RsaGetKey (
1870   IN OUT  VOID         *RsaContext,
1871   IN      RSA_KEY_TAG  KeyTag,
1872   OUT     UINT8        *BigNumber,
1873   IN OUT  UINTN        *BnSize
1874   );
1875 
1876 /**
1877   Generates RSA key components.
1878 
1879   This function generates RSA key components. It takes RSA public exponent E and
1880   length in bits of RSA modulus N as input, and generates all key components.
1881   If PublicExponent is NULL, the default RSA public exponent (0x10001) will be used.
1882 
1883   Before this function can be invoked, pseudorandom number generator must be correctly
1884   initialized by RandomSeed().
1885 
1886   If RsaContext is NULL, then return FALSE.
1887   If this interface is not supported, then return FALSE.
1888 
1889   @param[in, out]  RsaContext           Pointer to RSA context being set.
1890   @param[in]       ModulusLength        Length of RSA modulus N in bits.
1891   @param[in]       PublicExponent       Pointer to RSA public exponent.
1892   @param[in]       PublicExponentSize   Size of RSA public exponent buffer in bytes.
1893 
1894   @retval  TRUE   RSA key component was generated successfully.
1895   @retval  FALSE  Invalid RSA key component tag.
1896   @retval  FALSE  This interface is not supported.
1897 
1898 **/
1899 BOOLEAN
1900 EFIAPI
1901 RsaGenerateKey (
1902   IN OUT  VOID         *RsaContext,
1903   IN      UINTN        ModulusLength,
1904   IN      CONST UINT8  *PublicExponent,
1905   IN      UINTN        PublicExponentSize
1906   );
1907 
1908 /**
1909   Validates key components of RSA context.
1910   NOTE: This function performs integrity checks on all the RSA key material, so
1911         the RSA key structure must contain all the private key data.
1912 
1913   This function validates key components of RSA context in following aspects:
1914   - Whether p is a prime
1915   - Whether q is a prime
1916   - Whether n = p * q
1917   - Whether d*e = 1  mod lcm(p-1,q-1)
1918 
1919   If RsaContext is NULL, then return FALSE.
1920   If this interface is not supported, then return FALSE.
1921 
1922   @param[in]  RsaContext  Pointer to RSA context to check.
1923 
1924   @retval  TRUE   RSA key components are valid.
1925   @retval  FALSE  RSA key components are not valid.
1926   @retval  FALSE  This interface is not supported.
1927 
1928 **/
1929 BOOLEAN
1930 EFIAPI
1931 RsaCheckKey (
1932   IN  VOID  *RsaContext
1933   );
1934 
1935 /**
1936   Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.
1937 
1938   This function carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme defined in
1939   RSA PKCS#1.
1940   If the Signature buffer is too small to hold the contents of signature, FALSE
1941   is returned and SigSize is set to the required buffer size to obtain the signature.
1942 
1943   If RsaContext is NULL, then return FALSE.
1944   If MessageHash is NULL, then return FALSE.
1945   If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
1946   If SigSize is large enough but Signature is NULL, then return FALSE.
1947   If this interface is not supported, then return FALSE.
1948 
1949   @param[in]      RsaContext   Pointer to RSA context for signature generation.
1950   @param[in]      MessageHash  Pointer to octet message hash to be signed.
1951   @param[in]      HashSize     Size of the message hash in bytes.
1952   @param[out]     Signature    Pointer to buffer to receive RSA PKCS1-v1_5 signature.
1953   @param[in, out] SigSize      On input, the size of Signature buffer in bytes.
1954                                On output, the size of data returned in Signature buffer in bytes.
1955 
1956   @retval  TRUE   Signature successfully generated in PKCS1-v1_5.
1957   @retval  FALSE  Signature generation failed.
1958   @retval  FALSE  SigSize is too small.
1959   @retval  FALSE  This interface is not supported.
1960 
1961 **/
1962 BOOLEAN
1963 EFIAPI
1964 RsaPkcs1Sign (
1965   IN      VOID         *RsaContext,
1966   IN      CONST UINT8  *MessageHash,
1967   IN      UINTN        HashSize,
1968   OUT     UINT8        *Signature,
1969   IN OUT  UINTN        *SigSize
1970   );
1971 
1972 /**
1973   Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in
1974   RSA PKCS#1.
1975 
1976   If RsaContext is NULL, then return FALSE.
1977   If MessageHash is NULL, then return FALSE.
1978   If Signature is NULL, then return FALSE.
1979   If HashSize is not equal to the size of MD5, SHA-1, SHA-256 digest, then return FALSE.
1980 
1981   @param[in]  RsaContext   Pointer to RSA context for signature verification.
1982   @param[in]  MessageHash  Pointer to octet message hash to be checked.
1983   @param[in]  HashSize     Size of the message hash in bytes.
1984   @param[in]  Signature    Pointer to RSA PKCS1-v1_5 signature to be verified.
1985   @param[in]  SigSize      Size of signature in bytes.
1986 
1987   @retval  TRUE   Valid signature encoded in PKCS1-v1_5.
1988   @retval  FALSE  Invalid signature or invalid RSA context.
1989 
1990 **/
1991 BOOLEAN
1992 EFIAPI
1993 RsaPkcs1Verify (
1994   IN  VOID         *RsaContext,
1995   IN  CONST UINT8  *MessageHash,
1996   IN  UINTN        HashSize,
1997   IN  CONST UINT8  *Signature,
1998   IN  UINTN        SigSize
1999   );
2000 
2001 /**
2002   Retrieve the RSA Private Key from the password-protected PEM key data.
2003 
2004   If PemData is NULL, then return FALSE.
2005   If RsaContext is NULL, then return FALSE.
2006   If this interface is not supported, then return FALSE.
2007 
2008   @param[in]  PemData      Pointer to the PEM-encoded key data to be retrieved.
2009   @param[in]  PemSize      Size of the PEM key data in bytes.
2010   @param[in]  Password     NULL-terminated passphrase used for encrypted PEM key data.
2011   @param[out] RsaContext   Pointer to new-generated RSA context which contain the retrieved
2012                            RSA private key component. Use RsaFree() function to free the
2013                            resource.
2014 
2015   @retval  TRUE   RSA Private Key was retrieved successfully.
2016   @retval  FALSE  Invalid PEM key data or incorrect password.
2017   @retval  FALSE  This interface is not supported.
2018 
2019 **/
2020 BOOLEAN
2021 EFIAPI
2022 RsaGetPrivateKeyFromPem (
2023   IN   CONST UINT8  *PemData,
2024   IN   UINTN        PemSize,
2025   IN   CONST CHAR8  *Password,
2026   OUT  VOID         **RsaContext
2027   );
2028 
2029 /**
2030   Retrieve the RSA Public Key from one DER-encoded X509 certificate.
2031 
2032   If Cert is NULL, then return FALSE.
2033   If RsaContext is NULL, then return FALSE.
2034   If this interface is not supported, then return FALSE.
2035 
2036   @param[in]  Cert         Pointer to the DER-encoded X509 certificate.
2037   @param[in]  CertSize     Size of the X509 certificate in bytes.
2038   @param[out] RsaContext   Pointer to new-generated RSA context which contain the retrieved
2039                            RSA public key component. Use RsaFree() function to free the
2040                            resource.
2041 
2042   @retval  TRUE   RSA Public Key was retrieved successfully.
2043   @retval  FALSE  Fail to retrieve RSA public key from X509 certificate.
2044   @retval  FALSE  This interface is not supported.
2045 
2046 **/
2047 BOOLEAN
2048 EFIAPI
2049 RsaGetPublicKeyFromX509 (
2050   IN   CONST UINT8  *Cert,
2051   IN   UINTN        CertSize,
2052   OUT  VOID         **RsaContext
2053   );
2054 
2055 /**
2056   Retrieve the subject bytes from one X.509 certificate.
2057 
2058   If Cert is NULL, then return FALSE.
2059   If SubjectSize is NULL, then return FALSE.
2060   If this interface is not supported, then return FALSE.
2061 
2062   @param[in]      Cert         Pointer to the DER-encoded X509 certificate.
2063   @param[in]      CertSize     Size of the X509 certificate in bytes.
2064   @param[out]     CertSubject  Pointer to the retrieved certificate subject bytes.
2065   @param[in, out] SubjectSize  The size in bytes of the CertSubject buffer on input,
2066                                and the size of buffer returned CertSubject on output.
2067 
2068   @retval  TRUE   The certificate subject retrieved successfully.
2069   @retval  FALSE  Invalid certificate, or the SubjectSize is too small for the result.
2070                   The SubjectSize will be updated with the required size.
2071   @retval  FALSE  This interface is not supported.
2072 
2073 **/
2074 BOOLEAN
2075 EFIAPI
2076 X509GetSubjectName (
2077   IN      CONST UINT8  *Cert,
2078   IN      UINTN        CertSize,
2079   OUT     UINT8        *CertSubject,
2080   IN OUT  UINTN        *SubjectSize
2081   );
2082 
2083 /**
2084   Verify one X509 certificate was issued by the trusted CA.
2085 
2086   If Cert is NULL, then return FALSE.
2087   If CACert is NULL, then return FALSE.
2088   If this interface is not supported, then return FALSE.
2089 
2090   @param[in]      Cert         Pointer to the DER-encoded X509 certificate to be verified.
2091   @param[in]      CertSize     Size of the X509 certificate in bytes.
2092   @param[in]      CACert       Pointer to the DER-encoded trusted CA certificate.
2093   @param[in]      CACertSize   Size of the CA Certificate in bytes.
2094 
2095   @retval  TRUE   The certificate was issued by the trusted CA.
2096   @retval  FALSE  Invalid certificate or the certificate was not issued by the given
2097                   trusted CA.
2098   @retval  FALSE  This interface is not supported.
2099 
2100 **/
2101 BOOLEAN
2102 EFIAPI
2103 X509VerifyCert (
2104   IN  CONST UINT8  *Cert,
2105   IN  UINTN        CertSize,
2106   IN  CONST UINT8  *CACert,
2107   IN  UINTN        CACertSize
2108   );
2109 
2110 /**
2111   Construct a X509 object from DER-encoded certificate data.
2112 
2113   If Cert is NULL, then return FALSE.
2114   If SingleX509Cert is NULL, then return FALSE.
2115   If this interface is not supported, then return FALSE.
2116 
2117   @param[in]  Cert            Pointer to the DER-encoded certificate data.
2118   @param[in]  CertSize        The size of certificate data in bytes.
2119   @param[out] SingleX509Cert  The generated X509 object.
2120 
2121   @retval     TRUE            The X509 object generation succeeded.
2122   @retval     FALSE           The operation failed.
2123   @retval     FALSE           This interface is not supported.
2124 
2125 **/
2126 BOOLEAN
2127 EFIAPI
2128 X509ConstructCertificate (
2129   IN   CONST UINT8  *Cert,
2130   IN   UINTN        CertSize,
2131   OUT  UINT8        **SingleX509Cert
2132   );
2133 
2134 /**
2135   Construct a X509 stack object from a list of DER-encoded certificate data.
2136 
2137   If X509Stack is NULL, then return FALSE.
2138   If this interface is not supported, then return FALSE.
2139 
2140   @param[in, out]  X509Stack  On input, pointer to an existing or NULL X509 stack object.
2141                               On output, pointer to the X509 stack object with new
2142                               inserted X509 certificate.
2143   @param           ...        A list of DER-encoded single certificate data followed
2144                               by certificate size. A NULL terminates the list. The
2145                               pairs are the arguments to X509ConstructCertificate().
2146 
2147   @retval     TRUE            The X509 stack construction succeeded.
2148   @retval     FALSE           The construction operation failed.
2149   @retval     FALSE           This interface is not supported.
2150 
2151 **/
2152 BOOLEAN
2153 EFIAPI
2154 X509ConstructCertificateStack (
2155   IN OUT  UINT8  **X509Stack,
2156   ...
2157   );
2158 
2159 /**
2160   Release the specified X509 object.
2161 
2162   If the interface is not supported, then ASSERT().
2163 
2164   @param[in]  X509Cert  Pointer to the X509 object to be released.
2165 
2166 **/
2167 VOID
2168 EFIAPI
2169 X509Free (
2170   IN  VOID  *X509Cert
2171   );
2172 
2173 /**
2174   Release the specified X509 stack object.
2175 
2176   If the interface is not supported, then ASSERT().
2177 
2178   @param[in]  X509Stack  Pointer to the X509 stack object to be released.
2179 
2180 **/
2181 VOID
2182 EFIAPI
2183 X509StackFree (
2184   IN  VOID  *X509Stack
2185   );
2186 
2187 /**
2188   Retrieve the TBSCertificate from one given X.509 certificate.
2189 
2190   @param[in]      Cert         Pointer to the given DER-encoded X509 certificate.
2191   @param[in]      CertSize     Size of the X509 certificate in bytes.
2192   @param[out]     TBSCert      DER-Encoded To-Be-Signed certificate.
2193   @param[out]     TBSCertSize  Size of the TBS certificate in bytes.
2194 
2195   If Cert is NULL, then return FALSE.
2196   If TBSCert is NULL, then return FALSE.
2197   If TBSCertSize is NULL, then return FALSE.
2198   If this interface is not supported, then return FALSE.
2199 
2200   @retval  TRUE   The TBSCertificate was retrieved successfully.
2201   @retval  FALSE  Invalid X.509 certificate.
2202 
2203 **/
2204 BOOLEAN
2205 EFIAPI
2206 X509GetTBSCert (
2207   IN  CONST UINT8  *Cert,
2208   IN  UINTN        CertSize,
2209   OUT UINT8        **TBSCert,
2210   OUT UINTN        *TBSCertSize
2211   );
2212 
2213 /**
2214   Derives a key from a password using a salt and iteration count, based on PKCS#5 v2.0
2215   password based encryption key derivation function PBKDF2, as specified in RFC 2898.
2216 
2217   If Password or Salt or OutKey is NULL, then return FALSE.
2218   If the hash algorithm could not be determined, then return FALSE.
2219   If this interface is not supported, then return FALSE.
2220 
2221   @param[in]  PasswordLength  Length of input password in bytes.
2222   @param[in]  Password        Pointer to the array for the password.
2223   @param[in]  SaltLength      Size of the Salt in bytes.
2224   @param[in]  Salt            Pointer to the Salt.
2225   @param[in]  IterationCount  Number of iterations to perform. Its value should be
2226                               greater than or equal to 1.
2227   @param[in]  DigestSize      Size of the message digest to be used (eg. SHA256_DIGEST_SIZE).
2228                               NOTE: DigestSize will be used to determine the hash algorithm.
2229                                     Only SHA1_DIGEST_SIZE or SHA256_DIGEST_SIZE is supported.
2230   @param[in]  KeyLength       Size of the derived key buffer in bytes.
2231   @param[out] OutKey          Pointer to the output derived key buffer.
2232 
2233   @retval  TRUE   A key was derived successfully.
2234   @retval  FALSE  One of the pointers was NULL or one of the sizes was too large.
2235   @retval  FALSE  The hash algorithm could not be determined from the digest size.
2236   @retval  FALSE  The key derivation operation failed.
2237   @retval  FALSE  This interface is not supported.
2238 
2239 **/
2240 BOOLEAN
2241 EFIAPI
2242 Pkcs5HashPassword (
2243   IN  UINTN        PasswordLength,
2244   IN  CONST CHAR8  *Password,
2245   IN  UINTN        SaltLength,
2246   IN  CONST UINT8  *Salt,
2247   IN  UINTN        IterationCount,
2248   IN  UINTN        DigestSize,
2249   IN  UINTN        KeyLength,
2250   OUT UINT8        *OutKey
2251   );
2252 
2253 /**
2254   Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:
2255   Cryptographic Message Syntax Standard". The input signed data could be wrapped
2256   in a ContentInfo structure.
2257 
2258   If P7Data, CertStack, StackLength, TrustedCert or CertLength is NULL, then
2259   return FALSE. If P7Length overflow, then return FALSE.
2260   If this interface is not supported, then return FALSE.
2261 
2262   @param[in]  P7Data       Pointer to the PKCS#7 message to verify.
2263   @param[in]  P7Length     Length of the PKCS#7 message in bytes.
2264   @param[out] CertStack    Pointer to Signer's certificates retrieved from P7Data.
2265                            It's caller's responsibility to free the buffer.
2266   @param[out] StackLength  Length of signer's certificates in bytes.
2267   @param[out] TrustedCert  Pointer to a trusted certificate from Signer's certificates.
2268                            It's caller's responsibility to free the buffer.
2269   @param[out] CertLength   Length of the trusted certificate in bytes.
2270 
2271   @retval  TRUE            The operation is finished successfully.
2272   @retval  FALSE           Error occurs during the operation.
2273   @retval  FALSE           This interface is not supported.
2274 
2275 **/
2276 BOOLEAN
2277 EFIAPI
2278 Pkcs7GetSigners (
2279   IN  CONST UINT8  *P7Data,
2280   IN  UINTN        P7Length,
2281   OUT UINT8        **CertStack,
2282   OUT UINTN        *StackLength,
2283   OUT UINT8        **TrustedCert,
2284   OUT UINTN        *CertLength
2285   );
2286 
2287 /**
2288   Wrap function to use free() to free allocated memory for certificates.
2289 
2290   If this interface is not supported, then ASSERT().
2291 
2292   @param[in]  Certs        Pointer to the certificates to be freed.
2293 
2294 **/
2295 VOID
2296 EFIAPI
2297 Pkcs7FreeSigners (
2298   IN  UINT8        *Certs
2299   );
2300 
2301 /**
2302   Retrieves all embedded certificates from PKCS#7 signed data as described in "PKCS #7:
2303   Cryptographic Message Syntax Standard", and outputs two certificate lists chained and
2304   unchained to the signer's certificates.
2305   The input signed data could be wrapped in a ContentInfo structure.
2306 
2307   @param[in]  P7Data            Pointer to the PKCS#7 message.
2308   @param[in]  P7Length          Length of the PKCS#7 message in bytes.
2309   @param[out] SignerChainCerts  Pointer to the certificates list chained to signer's
2310                                 certificate. It's caller's responsibility to free the buffer.
2311   @param[out] ChainLength       Length of the chained certificates list buffer in bytes.
2312   @param[out] UnchainCerts      Pointer to the unchained certificates lists. It's caller's
2313                                 responsibility to free the buffer.
2314   @param[out] UnchainLength     Length of the unchained certificates list buffer in bytes.
2315 
2316   @retval  TRUE         The operation is finished successfully.
2317   @retval  FALSE        Error occurs during the operation.
2318 
2319 **/
2320 BOOLEAN
2321 EFIAPI
2322 Pkcs7GetCertificatesList (
2323   IN  CONST UINT8  *P7Data,
2324   IN  UINTN        P7Length,
2325   OUT UINT8        **SignerChainCerts,
2326   OUT UINTN        *ChainLength,
2327   OUT UINT8        **UnchainCerts,
2328   OUT UINTN        *UnchainLength
2329   );
2330 
2331 /**
2332   Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
2333   Syntax Standard, version 1.5". This interface is only intended to be used for
2334   application to perform PKCS#7 functionality validation.
2335 
2336   If this interface is not supported, then return FALSE.
2337 
2338   @param[in]  PrivateKey       Pointer to the PEM-formatted private key data for
2339                                data signing.
2340   @param[in]  PrivateKeySize   Size of the PEM private key data in bytes.
2341   @param[in]  KeyPassword      NULL-terminated passphrase used for encrypted PEM
2342                                key data.
2343   @param[in]  InData           Pointer to the content to be signed.
2344   @param[in]  InDataSize       Size of InData in bytes.
2345   @param[in]  SignCert         Pointer to signer's DER-encoded certificate to sign with.
2346   @param[in]  OtherCerts       Pointer to an optional additional set of certificates to
2347                                include in the PKCS#7 signedData (e.g. any intermediate
2348                                CAs in the chain).
2349   @param[out] SignedData       Pointer to output PKCS#7 signedData.
2350   @param[out] SignedDataSize   Size of SignedData in bytes.
2351 
2352   @retval     TRUE             PKCS#7 data signing succeeded.
2353   @retval     FALSE            PKCS#7 data signing failed.
2354   @retval     FALSE            This interface is not supported.
2355 
2356 **/
2357 BOOLEAN
2358 EFIAPI
2359 Pkcs7Sign (
2360   IN   CONST UINT8  *PrivateKey,
2361   IN   UINTN        PrivateKeySize,
2362   IN   CONST UINT8  *KeyPassword,
2363   IN   UINT8        *InData,
2364   IN   UINTN        InDataSize,
2365   IN   UINT8        *SignCert,
2366   IN   UINT8        *OtherCerts      OPTIONAL,
2367   OUT  UINT8        **SignedData,
2368   OUT  UINTN        *SignedDataSize
2369   );
2370 
2371 /**
2372   Verifies the validity of a PKCS#7 signed data as described in "PKCS #7:
2373   Cryptographic Message Syntax Standard". The input signed data could be wrapped
2374   in a ContentInfo structure.
2375 
2376   If P7Data, TrustedCert or InData is NULL, then return FALSE.
2377   If P7Length, CertLength or DataLength overflow, then return FALSE.
2378   If this interface is not supported, then return FALSE.
2379 
2380   @param[in]  P7Data       Pointer to the PKCS#7 message to verify.
2381   @param[in]  P7Length     Length of the PKCS#7 message in bytes.
2382   @param[in]  TrustedCert  Pointer to a trusted/root certificate encoded in DER, which
2383                            is used for certificate chain verification.
2384   @param[in]  CertLength   Length of the trusted certificate in bytes.
2385   @param[in]  InData       Pointer to the content to be verified.
2386   @param[in]  DataLength   Length of InData in bytes.
2387 
2388   @retval  TRUE  The specified PKCS#7 signed data is valid.
2389   @retval  FALSE Invalid PKCS#7 signed data.
2390   @retval  FALSE This interface is not supported.
2391 
2392 **/
2393 BOOLEAN
2394 EFIAPI
2395 Pkcs7Verify (
2396   IN  CONST UINT8  *P7Data,
2397   IN  UINTN        P7Length,
2398   IN  CONST UINT8  *TrustedCert,
2399   IN  UINTN        CertLength,
2400   IN  CONST UINT8  *InData,
2401   IN  UINTN        DataLength
2402   );
2403 
2404 /**
2405   Extracts the attached content from a PKCS#7 signed data if existed. The input signed
2406   data could be wrapped in a ContentInfo structure.
2407 
2408   If P7Data, Content, or ContentSize is NULL, then return FALSE. If P7Length overflow,
2409   then return FALSE. If the P7Data is not correctly formatted, then return FALSE.
2410 
2411   Caution: This function may receive untrusted input. So this function will do
2412            basic check for PKCS#7 data structure.
2413 
2414   @param[in]   P7Data       Pointer to the PKCS#7 signed data to process.
2415   @param[in]   P7Length     Length of the PKCS#7 signed data in bytes.
2416   @param[out]  Content      Pointer to the extracted content from the PKCS#7 signedData.
2417                             It's caller's responsibility to free the buffer.
2418   @param[out]  ContentSize  The size of the extracted content in bytes.
2419 
2420   @retval     TRUE          The P7Data was correctly formatted for processing.
2421   @retval     FALSE         The P7Data was not correctly formatted for processing.
2422 
2423 */
2424 BOOLEAN
2425 EFIAPI
2426 Pkcs7GetAttachedContent (
2427   IN  CONST UINT8  *P7Data,
2428   IN  UINTN        P7Length,
2429   OUT VOID         **Content,
2430   OUT UINTN        *ContentSize
2431   );
2432 
2433 /**
2434   Verifies the validity of a PE/COFF Authenticode Signature as described in "Windows
2435   Authenticode Portable Executable Signature Format".
2436 
2437   If AuthData is NULL, then return FALSE.
2438   If ImageHash is NULL, then return FALSE.
2439   If this interface is not supported, then return FALSE.
2440 
2441   @param[in]  AuthData     Pointer to the Authenticode Signature retrieved from signed
2442                            PE/COFF image to be verified.
2443   @param[in]  DataSize     Size of the Authenticode Signature in bytes.
2444   @param[in]  TrustedCert  Pointer to a trusted/root certificate encoded in DER, which
2445                            is used for certificate chain verification.
2446   @param[in]  CertSize     Size of the trusted certificate in bytes.
2447   @param[in]  ImageHash    Pointer to the original image file hash value. The procedure
2448                            for calculating the image hash value is described in Authenticode
2449                            specification.
2450   @param[in]  HashSize     Size of Image hash value in bytes.
2451 
2452   @retval  TRUE   The specified Authenticode Signature is valid.
2453   @retval  FALSE  Invalid Authenticode Signature.
2454   @retval  FALSE  This interface is not supported.
2455 
2456 **/
2457 BOOLEAN
2458 EFIAPI
2459 AuthenticodeVerify (
2460   IN  CONST UINT8  *AuthData,
2461   IN  UINTN        DataSize,
2462   IN  CONST UINT8  *TrustedCert,
2463   IN  UINTN        CertSize,
2464   IN  CONST UINT8  *ImageHash,
2465   IN  UINTN        HashSize
2466   );
2467 
2468 /**
2469   Verifies the validity of a RFC3161 Timestamp CounterSignature embedded in PE/COFF Authenticode
2470   signature.
2471 
2472   If AuthData is NULL, then return FALSE.
2473   If this interface is not supported, then return FALSE.
2474 
2475   @param[in]  AuthData     Pointer to the Authenticode Signature retrieved from signed
2476                            PE/COFF image to be verified.
2477   @param[in]  DataSize     Size of the Authenticode Signature in bytes.
2478   @param[in]  TsaCert      Pointer to a trusted/root TSA certificate encoded in DER, which
2479                            is used for TSA certificate chain verification.
2480   @param[in]  CertSize     Size of the trusted certificate in bytes.
2481   @param[out] SigningTime  Return the time of timestamp generation time if the timestamp
2482                            signature is valid.
2483 
2484   @retval  TRUE   The specified Authenticode includes a valid RFC3161 Timestamp CounterSignature.
2485   @retval  FALSE  No valid RFC3161 Timestamp CounterSignature in the specified Authenticode data.
2486 
2487 **/
2488 BOOLEAN
2489 EFIAPI
2490 ImageTimestampVerify (
2491   IN  CONST UINT8  *AuthData,
2492   IN  UINTN        DataSize,
2493   IN  CONST UINT8  *TsaCert,
2494   IN  UINTN        CertSize,
2495   OUT EFI_TIME     *SigningTime
2496   );
2497 
2498 //=====================================================================================
2499 //    DH Key Exchange Primitive
2500 //=====================================================================================
2501 
2502 /**
2503   Allocates and Initializes one Diffie-Hellman Context for subsequent use.
2504 
2505   @return  Pointer to the Diffie-Hellman Context that has been initialized.
2506            If the allocations fails, DhNew() returns NULL.
2507            If the interface is not supported, DhNew() returns NULL.
2508 
2509 **/
2510 VOID *
2511 EFIAPI
2512 DhNew (
2513   VOID
2514   );
2515 
2516 /**
2517   Release the specified DH context.
2518 
2519   If the interface is not supported, then ASSERT().
2520 
2521   @param[in]  DhContext  Pointer to the DH context to be released.
2522 
2523 **/
2524 VOID
2525 EFIAPI
2526 DhFree (
2527   IN  VOID  *DhContext
2528   );
2529 
2530 /**
2531   Generates DH parameter.
2532 
2533   Given generator g, and length of prime number p in bits, this function generates p,
2534   and sets DH context according to value of g and p.
2535 
2536   Before this function can be invoked, pseudorandom number generator must be correctly
2537   initialized by RandomSeed().
2538 
2539   If DhContext is NULL, then return FALSE.
2540   If Prime is NULL, then return FALSE.
2541   If this interface is not supported, then return FALSE.
2542 
2543   @param[in, out]  DhContext    Pointer to the DH context.
2544   @param[in]       Generator    Value of generator.
2545   @param[in]       PrimeLength  Length in bits of prime to be generated.
2546   @param[out]      Prime        Pointer to the buffer to receive the generated prime number.
2547 
2548   @retval TRUE   DH parameter generation succeeded.
2549   @retval FALSE  Value of Generator is not supported.
2550   @retval FALSE  PRNG fails to generate random prime number with PrimeLength.
2551   @retval FALSE  This interface is not supported.
2552 
2553 **/
2554 BOOLEAN
2555 EFIAPI
2556 DhGenerateParameter (
2557   IN OUT  VOID   *DhContext,
2558   IN      UINTN  Generator,
2559   IN      UINTN  PrimeLength,
2560   OUT     UINT8  *Prime
2561   );
2562 
2563 /**
2564   Sets generator and prime parameters for DH.
2565 
2566   Given generator g, and prime number p, this function and sets DH
2567   context accordingly.
2568 
2569   If DhContext is NULL, then return FALSE.
2570   If Prime is NULL, then return FALSE.
2571   If this interface is not supported, then return FALSE.
2572 
2573   @param[in, out]  DhContext    Pointer to the DH context.
2574   @param[in]       Generator    Value of generator.
2575   @param[in]       PrimeLength  Length in bits of prime to be generated.
2576   @param[in]       Prime        Pointer to the prime number.
2577 
2578   @retval TRUE   DH parameter setting succeeded.
2579   @retval FALSE  Value of Generator is not supported.
2580   @retval FALSE  Value of Generator is not suitable for the Prime.
2581   @retval FALSE  Value of Prime is not a prime number.
2582   @retval FALSE  Value of Prime is not a safe prime number.
2583   @retval FALSE  This interface is not supported.
2584 
2585 **/
2586 BOOLEAN
2587 EFIAPI
2588 DhSetParameter (
2589   IN OUT  VOID         *DhContext,
2590   IN      UINTN        Generator,
2591   IN      UINTN        PrimeLength,
2592   IN      CONST UINT8  *Prime
2593   );
2594 
2595 /**
2596   Generates DH public key.
2597 
2598   This function generates random secret exponent, and computes the public key, which is
2599   returned via parameter PublicKey and PublicKeySize. DH context is updated accordingly.
2600   If the PublicKey buffer is too small to hold the public key, FALSE is returned and
2601   PublicKeySize is set to the required buffer size to obtain the public key.
2602 
2603   If DhContext is NULL, then return FALSE.
2604   If PublicKeySize is NULL, then return FALSE.
2605   If PublicKeySize is large enough but PublicKey is NULL, then return FALSE.
2606   If this interface is not supported, then return FALSE.
2607 
2608   @param[in, out]  DhContext      Pointer to the DH context.
2609   @param[out]      PublicKey      Pointer to the buffer to receive generated public key.
2610   @param[in, out]  PublicKeySize  On input, the size of PublicKey buffer in bytes.
2611                                  On output, the size of data returned in PublicKey buffer in bytes.
2612 
2613   @retval TRUE   DH public key generation succeeded.
2614   @retval FALSE  DH public key generation failed.
2615   @retval FALSE  PublicKeySize is not large enough.
2616   @retval FALSE  This interface is not supported.
2617 
2618 **/
2619 BOOLEAN
2620 EFIAPI
2621 DhGenerateKey (
2622   IN OUT  VOID   *DhContext,
2623   OUT     UINT8  *PublicKey,
2624   IN OUT  UINTN  *PublicKeySize
2625   );
2626 
2627 /**
2628   Computes exchanged common key.
2629 
2630   Given peer's public key, this function computes the exchanged common key, based on its own
2631   context including value of prime modulus and random secret exponent.
2632 
2633   If DhContext is NULL, then return FALSE.
2634   If PeerPublicKey is NULL, then return FALSE.
2635   If KeySize is NULL, then return FALSE.
2636   If Key is NULL, then return FALSE.
2637   If KeySize is not large enough, then return FALSE.
2638   If this interface is not supported, then return FALSE.
2639 
2640   @param[in, out]  DhContext          Pointer to the DH context.
2641   @param[in]       PeerPublicKey      Pointer to the peer's public key.
2642   @param[in]       PeerPublicKeySize  Size of peer's public key in bytes.
2643   @param[out]      Key                Pointer to the buffer to receive generated key.
2644   @param[in, out]  KeySize            On input, the size of Key buffer in bytes.
2645                                      On output, the size of data returned in Key buffer in bytes.
2646 
2647   @retval TRUE   DH exchanged key generation succeeded.
2648   @retval FALSE  DH exchanged key generation failed.
2649   @retval FALSE  KeySize is not large enough.
2650   @retval FALSE  This interface is not supported.
2651 
2652 **/
2653 BOOLEAN
2654 EFIAPI
2655 DhComputeKey (
2656   IN OUT  VOID         *DhContext,
2657   IN      CONST UINT8  *PeerPublicKey,
2658   IN      UINTN        PeerPublicKeySize,
2659   OUT     UINT8        *Key,
2660   IN OUT  UINTN        *KeySize
2661   );
2662 
2663 //=====================================================================================
2664 //    Pseudo-Random Generation Primitive
2665 //=====================================================================================
2666 
2667 /**
2668   Sets up the seed value for the pseudorandom number generator.
2669 
2670   This function sets up the seed value for the pseudorandom number generator.
2671   If Seed is not NULL, then the seed passed in is used.
2672   If Seed is NULL, then default seed is used.
2673   If this interface is not supported, then return FALSE.
2674 
2675   @param[in]  Seed      Pointer to seed value.
2676                         If NULL, default seed is used.
2677   @param[in]  SeedSize  Size of seed value.
2678                         If Seed is NULL, this parameter is ignored.
2679 
2680   @retval TRUE   Pseudorandom number generator has enough entropy for random generation.
2681   @retval FALSE  Pseudorandom number generator does not have enough entropy for random generation.
2682   @retval FALSE  This interface is not supported.
2683 
2684 **/
2685 BOOLEAN
2686 EFIAPI
2687 RandomSeed (
2688   IN  CONST  UINT8  *Seed  OPTIONAL,
2689   IN  UINTN         SeedSize
2690   );
2691 
2692 /**
2693   Generates a pseudorandom byte stream of the specified size.
2694 
2695   If Output is NULL, then return FALSE.
2696   If this interface is not supported, then return FALSE.
2697 
2698   @param[out]  Output  Pointer to buffer to receive random value.
2699   @param[in]   Size    Size of random bytes to generate.
2700 
2701   @retval TRUE   Pseudorandom byte stream generated successfully.
2702   @retval FALSE  Pseudorandom number generator fails to generate due to lack of entropy.
2703   @retval FALSE  This interface is not supported.
2704 
2705 **/
2706 BOOLEAN
2707 EFIAPI
2708 RandomBytes (
2709   OUT  UINT8  *Output,
2710   IN   UINTN  Size
2711   );
2712 
2713 #endif // __BASE_CRYPT_LIB_H__
2714