1 /** @file 2 Defines base cryptographic library APIs. 3 The Base Cryptographic Library provides implementations of basic cryptography 4 primitives (Hash Serials, HMAC, RSA, Diffie-Hellman, etc) for UEFI security 5 functionality enabling. 6 7 Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR> 8 This program and the accompanying materials 9 are licensed and made available under the terms and conditions of the BSD License 10 which accompanies this distribution. The full text of the license may be found at 11 http://opensource.org/licenses/bsd-license.php 12 13 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 14 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 15 16 **/ 17 18 #ifndef __BASE_CRYPT_LIB_H__ 19 #define __BASE_CRYPT_LIB_H__ 20 21 #include <Uefi/UefiBaseType.h> 22 23 /// 24 /// MD4 digest size in bytes 25 /// 26 #define MD4_DIGEST_SIZE 16 27 28 /// 29 /// MD5 digest size in bytes 30 /// 31 #define MD5_DIGEST_SIZE 16 32 33 /// 34 /// SHA-1 digest size in bytes. 35 /// 36 #define SHA1_DIGEST_SIZE 20 37 38 /// 39 /// SHA-256 digest size in bytes 40 /// 41 #define SHA256_DIGEST_SIZE 32 42 43 /// 44 /// SHA-384 digest size in bytes 45 /// 46 #define SHA384_DIGEST_SIZE 48 47 48 /// 49 /// SHA-512 digest size in bytes 50 /// 51 #define SHA512_DIGEST_SIZE 64 52 53 /// 54 /// TDES block size in bytes 55 /// 56 #define TDES_BLOCK_SIZE 8 57 58 /// 59 /// AES block size in bytes 60 /// 61 #define AES_BLOCK_SIZE 16 62 63 /// 64 /// RSA Key Tags Definition used in RsaSetKey() function for key component identification. 65 /// 66 typedef enum { 67 RsaKeyN, ///< RSA public Modulus (N) 68 RsaKeyE, ///< RSA Public exponent (e) 69 RsaKeyD, ///< RSA Private exponent (d) 70 RsaKeyP, ///< RSA secret prime factor of Modulus (p) 71 RsaKeyQ, ///< RSA secret prime factor of Modules (q) 72 RsaKeyDp, ///< p's CRT exponent (== d mod (p - 1)) 73 RsaKeyDq, ///< q's CRT exponent (== d mod (q - 1)) 74 RsaKeyQInv ///< The CRT coefficient (== 1/q mod p) 75 } RSA_KEY_TAG; 76 77 //===================================================================================== 78 // One-Way Cryptographic Hash Primitives 79 //===================================================================================== 80 81 /** 82 Retrieves the size, in bytes, of the context buffer required for MD4 hash operations. 83 84 If this interface is not supported, then return zero. 85 86 @return The size, in bytes, of the context buffer required for MD4 hash operations. 87 @retval 0 This interface is not supported. 88 89 **/ 90 UINTN 91 EFIAPI 92 Md4GetContextSize ( 93 VOID 94 ); 95 96 /** 97 Initializes user-supplied memory pointed by Md4Context as MD4 hash context for 98 subsequent use. 99 100 If Md4Context is NULL, then return FALSE. 101 If this interface is not supported, then return FALSE. 102 103 @param[out] Md4Context Pointer to MD4 context being initialized. 104 105 @retval TRUE MD4 context initialization succeeded. 106 @retval FALSE MD4 context initialization failed. 107 @retval FALSE This interface is not supported. 108 109 **/ 110 BOOLEAN 111 EFIAPI 112 Md4Init ( 113 OUT VOID *Md4Context 114 ); 115 116 /** 117 Makes a copy of an existing MD4 context. 118 119 If Md4Context is NULL, then return FALSE. 120 If NewMd4Context is NULL, then return FALSE. 121 If this interface is not supported, then return FALSE. 122 123 @param[in] Md4Context Pointer to MD4 context being copied. 124 @param[out] NewMd4Context Pointer to new MD4 context. 125 126 @retval TRUE MD4 context copy succeeded. 127 @retval FALSE MD4 context copy failed. 128 @retval FALSE This interface is not supported. 129 130 **/ 131 BOOLEAN 132 EFIAPI 133 Md4Duplicate ( 134 IN CONST VOID *Md4Context, 135 OUT VOID *NewMd4Context 136 ); 137 138 /** 139 Digests the input data and updates MD4 context. 140 141 This function performs MD4 digest on a data buffer of the specified size. 142 It can be called multiple times to compute the digest of long or discontinuous data streams. 143 MD4 context should be already correctly initialized by Md4Init(), and should not be finalized 144 by Md4Final(). Behavior with invalid context is undefined. 145 146 If Md4Context is NULL, then return FALSE. 147 If this interface is not supported, then return FALSE. 148 149 @param[in, out] Md4Context Pointer to the MD4 context. 150 @param[in] Data Pointer to the buffer containing the data to be hashed. 151 @param[in] DataSize Size of Data buffer in bytes. 152 153 @retval TRUE MD4 data digest succeeded. 154 @retval FALSE MD4 data digest failed. 155 @retval FALSE This interface is not supported. 156 157 **/ 158 BOOLEAN 159 EFIAPI 160 Md4Update ( 161 IN OUT VOID *Md4Context, 162 IN CONST VOID *Data, 163 IN UINTN DataSize 164 ); 165 166 /** 167 Completes computation of the MD4 digest value. 168 169 This function completes MD4 hash computation and retrieves the digest value into 170 the specified memory. After this function has been called, the MD4 context cannot 171 be used again. 172 MD4 context should be already correctly initialized by Md4Init(), and should not be 173 finalized by Md4Final(). Behavior with invalid MD4 context is undefined. 174 175 If Md4Context is NULL, then return FALSE. 176 If HashValue is NULL, then return FALSE. 177 If this interface is not supported, then return FALSE. 178 179 @param[in, out] Md4Context Pointer to the MD4 context. 180 @param[out] HashValue Pointer to a buffer that receives the MD4 digest 181 value (16 bytes). 182 183 @retval TRUE MD4 digest computation succeeded. 184 @retval FALSE MD4 digest computation failed. 185 @retval FALSE This interface is not supported. 186 187 **/ 188 BOOLEAN 189 EFIAPI 190 Md4Final ( 191 IN OUT VOID *Md4Context, 192 OUT UINT8 *HashValue 193 ); 194 195 /** 196 Computes the MD4 message digest of a input data buffer. 197 198 This function performs the MD4 message digest of a given data buffer, and places 199 the digest value into the specified memory. 200 201 If this interface is not supported, then return FALSE. 202 203 @param[in] Data Pointer to the buffer containing the data to be hashed. 204 @param[in] DataSize Size of Data buffer in bytes. 205 @param[out] HashValue Pointer to a buffer that receives the MD4 digest 206 value (16 bytes). 207 208 @retval TRUE MD4 digest computation succeeded. 209 @retval FALSE MD4 digest computation failed. 210 @retval FALSE This interface is not supported. 211 212 **/ 213 BOOLEAN 214 EFIAPI 215 Md4HashAll ( 216 IN CONST VOID *Data, 217 IN UINTN DataSize, 218 OUT UINT8 *HashValue 219 ); 220 221 /** 222 Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. 223 224 If this interface is not supported, then return zero. 225 226 @return The size, in bytes, of the context buffer required for MD5 hash operations. 227 @retval 0 This interface is not supported. 228 229 **/ 230 UINTN 231 EFIAPI 232 Md5GetContextSize ( 233 VOID 234 ); 235 236 /** 237 Initializes user-supplied memory pointed by Md5Context as MD5 hash context for 238 subsequent use. 239 240 If Md5Context is NULL, then return FALSE. 241 If this interface is not supported, then return FALSE. 242 243 @param[out] Md5Context Pointer to MD5 context being initialized. 244 245 @retval TRUE MD5 context initialization succeeded. 246 @retval FALSE MD5 context initialization failed. 247 @retval FALSE This interface is not supported. 248 249 **/ 250 BOOLEAN 251 EFIAPI 252 Md5Init ( 253 OUT VOID *Md5Context 254 ); 255 256 /** 257 Makes a copy of an existing MD5 context. 258 259 If Md5Context is NULL, then return FALSE. 260 If NewMd5Context is NULL, then return FALSE. 261 If this interface is not supported, then return FALSE. 262 263 @param[in] Md5Context Pointer to MD5 context being copied. 264 @param[out] NewMd5Context Pointer to new MD5 context. 265 266 @retval TRUE MD5 context copy succeeded. 267 @retval FALSE MD5 context copy failed. 268 @retval FALSE This interface is not supported. 269 270 **/ 271 BOOLEAN 272 EFIAPI 273 Md5Duplicate ( 274 IN CONST VOID *Md5Context, 275 OUT VOID *NewMd5Context 276 ); 277 278 /** 279 Digests the input data and updates MD5 context. 280 281 This function performs MD5 digest on a data buffer of the specified size. 282 It can be called multiple times to compute the digest of long or discontinuous data streams. 283 MD5 context should be already correctly initialized by Md5Init(), and should not be finalized 284 by Md5Final(). Behavior with invalid context is undefined. 285 286 If Md5Context is NULL, then return FALSE. 287 If this interface is not supported, then return FALSE. 288 289 @param[in, out] Md5Context Pointer to the MD5 context. 290 @param[in] Data Pointer to the buffer containing the data to be hashed. 291 @param[in] DataSize Size of Data buffer in bytes. 292 293 @retval TRUE MD5 data digest succeeded. 294 @retval FALSE MD5 data digest failed. 295 @retval FALSE This interface is not supported. 296 297 **/ 298 BOOLEAN 299 EFIAPI 300 Md5Update ( 301 IN OUT VOID *Md5Context, 302 IN CONST VOID *Data, 303 IN UINTN DataSize 304 ); 305 306 /** 307 Completes computation of the MD5 digest value. 308 309 This function completes MD5 hash computation and retrieves the digest value into 310 the specified memory. After this function has been called, the MD5 context cannot 311 be used again. 312 MD5 context should be already correctly initialized by Md5Init(), and should not be 313 finalized by Md5Final(). Behavior with invalid MD5 context is undefined. 314 315 If Md5Context is NULL, then return FALSE. 316 If HashValue is NULL, then return FALSE. 317 If this interface is not supported, then return FALSE. 318 319 @param[in, out] Md5Context Pointer to the MD5 context. 320 @param[out] HashValue Pointer to a buffer that receives the MD5 digest 321 value (16 bytes). 322 323 @retval TRUE MD5 digest computation succeeded. 324 @retval FALSE MD5 digest computation failed. 325 @retval FALSE This interface is not supported. 326 327 **/ 328 BOOLEAN 329 EFIAPI 330 Md5Final ( 331 IN OUT VOID *Md5Context, 332 OUT UINT8 *HashValue 333 ); 334 335 /** 336 Computes the MD5 message digest of a input data buffer. 337 338 This function performs the MD5 message digest of a given data buffer, and places 339 the digest value into the specified memory. 340 341 If this interface is not supported, then return FALSE. 342 343 @param[in] Data Pointer to the buffer containing the data to be hashed. 344 @param[in] DataSize Size of Data buffer in bytes. 345 @param[out] HashValue Pointer to a buffer that receives the MD5 digest 346 value (16 bytes). 347 348 @retval TRUE MD5 digest computation succeeded. 349 @retval FALSE MD5 digest computation failed. 350 @retval FALSE This interface is not supported. 351 352 **/ 353 BOOLEAN 354 EFIAPI 355 Md5HashAll ( 356 IN CONST VOID *Data, 357 IN UINTN DataSize, 358 OUT UINT8 *HashValue 359 ); 360 361 /** 362 Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations. 363 364 If this interface is not supported, then return zero. 365 366 @return The size, in bytes, of the context buffer required for SHA-1 hash operations. 367 @retval 0 This interface is not supported. 368 369 **/ 370 UINTN 371 EFIAPI 372 Sha1GetContextSize ( 373 VOID 374 ); 375 376 /** 377 Initializes user-supplied memory pointed by Sha1Context as SHA-1 hash context for 378 subsequent use. 379 380 If Sha1Context is NULL, then return FALSE. 381 If this interface is not supported, then return FALSE. 382 383 @param[out] Sha1Context Pointer to SHA-1 context being initialized. 384 385 @retval TRUE SHA-1 context initialization succeeded. 386 @retval FALSE SHA-1 context initialization failed. 387 @retval FALSE This interface is not supported. 388 389 **/ 390 BOOLEAN 391 EFIAPI 392 Sha1Init ( 393 OUT VOID *Sha1Context 394 ); 395 396 /** 397 Makes a copy of an existing SHA-1 context. 398 399 If Sha1Context is NULL, then return FALSE. 400 If NewSha1Context is NULL, then return FALSE. 401 If this interface is not supported, then return FALSE. 402 403 @param[in] Sha1Context Pointer to SHA-1 context being copied. 404 @param[out] NewSha1Context Pointer to new SHA-1 context. 405 406 @retval TRUE SHA-1 context copy succeeded. 407 @retval FALSE SHA-1 context copy failed. 408 @retval FALSE This interface is not supported. 409 410 **/ 411 BOOLEAN 412 EFIAPI 413 Sha1Duplicate ( 414 IN CONST VOID *Sha1Context, 415 OUT VOID *NewSha1Context 416 ); 417 418 /** 419 Digests the input data and updates SHA-1 context. 420 421 This function performs SHA-1 digest on a data buffer of the specified size. 422 It can be called multiple times to compute the digest of long or discontinuous data streams. 423 SHA-1 context should be already correctly initialized by Sha1Init(), and should not be finalized 424 by Sha1Final(). Behavior with invalid context is undefined. 425 426 If Sha1Context is NULL, then return FALSE. 427 If this interface is not supported, then return FALSE. 428 429 @param[in, out] Sha1Context Pointer to the SHA-1 context. 430 @param[in] Data Pointer to the buffer containing the data to be hashed. 431 @param[in] DataSize Size of Data buffer in bytes. 432 433 @retval TRUE SHA-1 data digest succeeded. 434 @retval FALSE SHA-1 data digest failed. 435 @retval FALSE This interface is not supported. 436 437 **/ 438 BOOLEAN 439 EFIAPI 440 Sha1Update ( 441 IN OUT VOID *Sha1Context, 442 IN CONST VOID *Data, 443 IN UINTN DataSize 444 ); 445 446 /** 447 Completes computation of the SHA-1 digest value. 448 449 This function completes SHA-1 hash computation and retrieves the digest value into 450 the specified memory. After this function has been called, the SHA-1 context cannot 451 be used again. 452 SHA-1 context should be already correctly initialized by Sha1Init(), and should not be 453 finalized by Sha1Final(). Behavior with invalid SHA-1 context is undefined. 454 455 If Sha1Context is NULL, then return FALSE. 456 If HashValue is NULL, then return FALSE. 457 If this interface is not supported, then return FALSE. 458 459 @param[in, out] Sha1Context Pointer to the SHA-1 context. 460 @param[out] HashValue Pointer to a buffer that receives the SHA-1 digest 461 value (20 bytes). 462 463 @retval TRUE SHA-1 digest computation succeeded. 464 @retval FALSE SHA-1 digest computation failed. 465 @retval FALSE This interface is not supported. 466 467 **/ 468 BOOLEAN 469 EFIAPI 470 Sha1Final ( 471 IN OUT VOID *Sha1Context, 472 OUT UINT8 *HashValue 473 ); 474 475 /** 476 Computes the SHA-1 message digest of a input data buffer. 477 478 This function performs the SHA-1 message digest of a given data buffer, and places 479 the digest value into the specified memory. 480 481 If this interface is not supported, then return FALSE. 482 483 @param[in] Data Pointer to the buffer containing the data to be hashed. 484 @param[in] DataSize Size of Data buffer in bytes. 485 @param[out] HashValue Pointer to a buffer that receives the SHA-1 digest 486 value (20 bytes). 487 488 @retval TRUE SHA-1 digest computation succeeded. 489 @retval FALSE SHA-1 digest computation failed. 490 @retval FALSE This interface is not supported. 491 492 **/ 493 BOOLEAN 494 EFIAPI 495 Sha1HashAll ( 496 IN CONST VOID *Data, 497 IN UINTN DataSize, 498 OUT UINT8 *HashValue 499 ); 500 501 /** 502 Retrieves the size, in bytes, of the context buffer required for SHA-256 hash operations. 503 504 @return The size, in bytes, of the context buffer required for SHA-256 hash operations. 505 506 **/ 507 UINTN 508 EFIAPI 509 Sha256GetContextSize ( 510 VOID 511 ); 512 513 /** 514 Initializes user-supplied memory pointed by Sha256Context as SHA-256 hash context for 515 subsequent use. 516 517 If Sha256Context is NULL, then return FALSE. 518 519 @param[out] Sha256Context Pointer to SHA-256 context being initialized. 520 521 @retval TRUE SHA-256 context initialization succeeded. 522 @retval FALSE SHA-256 context initialization failed. 523 524 **/ 525 BOOLEAN 526 EFIAPI 527 Sha256Init ( 528 OUT VOID *Sha256Context 529 ); 530 531 /** 532 Makes a copy of an existing SHA-256 context. 533 534 If Sha256Context is NULL, then return FALSE. 535 If NewSha256Context is NULL, then return FALSE. 536 If this interface is not supported, then return FALSE. 537 538 @param[in] Sha256Context Pointer to SHA-256 context being copied. 539 @param[out] NewSha256Context Pointer to new SHA-256 context. 540 541 @retval TRUE SHA-256 context copy succeeded. 542 @retval FALSE SHA-256 context copy failed. 543 @retval FALSE This interface is not supported. 544 545 **/ 546 BOOLEAN 547 EFIAPI 548 Sha256Duplicate ( 549 IN CONST VOID *Sha256Context, 550 OUT VOID *NewSha256Context 551 ); 552 553 /** 554 Digests the input data and updates SHA-256 context. 555 556 This function performs SHA-256 digest on a data buffer of the specified size. 557 It can be called multiple times to compute the digest of long or discontinuous data streams. 558 SHA-256 context should be already correctly initialized by Sha256Init(), and should not be finalized 559 by Sha256Final(). Behavior with invalid context is undefined. 560 561 If Sha256Context is NULL, then return FALSE. 562 563 @param[in, out] Sha256Context Pointer to the SHA-256 context. 564 @param[in] Data Pointer to the buffer containing the data to be hashed. 565 @param[in] DataSize Size of Data buffer in bytes. 566 567 @retval TRUE SHA-256 data digest succeeded. 568 @retval FALSE SHA-256 data digest failed. 569 570 **/ 571 BOOLEAN 572 EFIAPI 573 Sha256Update ( 574 IN OUT VOID *Sha256Context, 575 IN CONST VOID *Data, 576 IN UINTN DataSize 577 ); 578 579 /** 580 Completes computation of the SHA-256 digest value. 581 582 This function completes SHA-256 hash computation and retrieves the digest value into 583 the specified memory. After this function has been called, the SHA-256 context cannot 584 be used again. 585 SHA-256 context should be already correctly initialized by Sha256Init(), and should not be 586 finalized by Sha256Final(). Behavior with invalid SHA-256 context is undefined. 587 588 If Sha256Context is NULL, then return FALSE. 589 If HashValue is NULL, then return FALSE. 590 591 @param[in, out] Sha256Context Pointer to the SHA-256 context. 592 @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest 593 value (32 bytes). 594 595 @retval TRUE SHA-256 digest computation succeeded. 596 @retval FALSE SHA-256 digest computation failed. 597 598 **/ 599 BOOLEAN 600 EFIAPI 601 Sha256Final ( 602 IN OUT VOID *Sha256Context, 603 OUT UINT8 *HashValue 604 ); 605 606 /** 607 Computes the SHA-256 message digest of a input data buffer. 608 609 This function performs the SHA-256 message digest of a given data buffer, and places 610 the digest value into the specified memory. 611 612 If this interface is not supported, then return FALSE. 613 614 @param[in] Data Pointer to the buffer containing the data to be hashed. 615 @param[in] DataSize Size of Data buffer in bytes. 616 @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest 617 value (32 bytes). 618 619 @retval TRUE SHA-256 digest computation succeeded. 620 @retval FALSE SHA-256 digest computation failed. 621 @retval FALSE This interface is not supported. 622 623 **/ 624 BOOLEAN 625 EFIAPI 626 Sha256HashAll ( 627 IN CONST VOID *Data, 628 IN UINTN DataSize, 629 OUT UINT8 *HashValue 630 ); 631 632 /** 633 Retrieves the size, in bytes, of the context buffer required for SHA-384 hash operations. 634 635 @return The size, in bytes, of the context buffer required for SHA-384 hash operations. 636 637 **/ 638 UINTN 639 EFIAPI 640 Sha384GetContextSize ( 641 VOID 642 ); 643 644 /** 645 Initializes user-supplied memory pointed by Sha384Context as SHA-384 hash context for 646 subsequent use. 647 648 If Sha384Context is NULL, then return FALSE. 649 650 @param[out] Sha384Context Pointer to SHA-384 context being initialized. 651 652 @retval TRUE SHA-384 context initialization succeeded. 653 @retval FALSE SHA-384 context initialization failed. 654 655 **/ 656 BOOLEAN 657 EFIAPI 658 Sha384Init ( 659 OUT VOID *Sha384Context 660 ); 661 662 /** 663 Makes a copy of an existing SHA-384 context. 664 665 If Sha384Context is NULL, then return FALSE. 666 If NewSha384Context is NULL, then return FALSE. 667 If this interface is not supported, then return FALSE. 668 669 @param[in] Sha384Context Pointer to SHA-384 context being copied. 670 @param[out] NewSha384Context Pointer to new SHA-384 context. 671 672 @retval TRUE SHA-384 context copy succeeded. 673 @retval FALSE SHA-384 context copy failed. 674 @retval FALSE This interface is not supported. 675 676 **/ 677 BOOLEAN 678 EFIAPI 679 Sha384Duplicate ( 680 IN CONST VOID *Sha384Context, 681 OUT VOID *NewSha384Context 682 ); 683 684 /** 685 Digests the input data and updates SHA-384 context. 686 687 This function performs SHA-384 digest on a data buffer of the specified size. 688 It can be called multiple times to compute the digest of long or discontinuous data streams. 689 SHA-384 context should be already correctly initialized by Sha384Init(), and should not be finalized 690 by Sha384Final(). Behavior with invalid context is undefined. 691 692 If Sha384Context is NULL, then return FALSE. 693 694 @param[in, out] Sha384Context Pointer to the SHA-384 context. 695 @param[in] Data Pointer to the buffer containing the data to be hashed. 696 @param[in] DataSize Size of Data buffer in bytes. 697 698 @retval TRUE SHA-384 data digest succeeded. 699 @retval FALSE SHA-384 data digest failed. 700 701 **/ 702 BOOLEAN 703 EFIAPI 704 Sha384Update ( 705 IN OUT VOID *Sha384Context, 706 IN CONST VOID *Data, 707 IN UINTN DataSize 708 ); 709 710 /** 711 Completes computation of the SHA-384 digest value. 712 713 This function completes SHA-384 hash computation and retrieves the digest value into 714 the specified memory. After this function has been called, the SHA-384 context cannot 715 be used again. 716 SHA-384 context should be already correctly initialized by Sha384Init(), and should not be 717 finalized by Sha384Final(). Behavior with invalid SHA-384 context is undefined. 718 719 If Sha384Context is NULL, then return FALSE. 720 If HashValue is NULL, then return FALSE. 721 722 @param[in, out] Sha384Context Pointer to the SHA-384 context. 723 @param[out] HashValue Pointer to a buffer that receives the SHA-384 digest 724 value (48 bytes). 725 726 @retval TRUE SHA-384 digest computation succeeded. 727 @retval FALSE SHA-384 digest computation failed. 728 729 **/ 730 BOOLEAN 731 EFIAPI 732 Sha384Final ( 733 IN OUT VOID *Sha384Context, 734 OUT UINT8 *HashValue 735 ); 736 737 /** 738 Computes the SHA-384 message digest of a input data buffer. 739 740 This function performs the SHA-384 message digest of a given data buffer, and places 741 the digest value into the specified memory. 742 743 If this interface is not supported, then return FALSE. 744 745 @param[in] Data Pointer to the buffer containing the data to be hashed. 746 @param[in] DataSize Size of Data buffer in bytes. 747 @param[out] HashValue Pointer to a buffer that receives the SHA-384 digest 748 value (48 bytes). 749 750 @retval TRUE SHA-384 digest computation succeeded. 751 @retval FALSE SHA-384 digest computation failed. 752 @retval FALSE This interface is not supported. 753 754 **/ 755 BOOLEAN 756 EFIAPI 757 Sha384HashAll ( 758 IN CONST VOID *Data, 759 IN UINTN DataSize, 760 OUT UINT8 *HashValue 761 ); 762 763 /** 764 Retrieves the size, in bytes, of the context buffer required for SHA-512 hash operations. 765 766 @return The size, in bytes, of the context buffer required for SHA-512 hash operations. 767 768 **/ 769 UINTN 770 EFIAPI 771 Sha512GetContextSize ( 772 VOID 773 ); 774 775 /** 776 Initializes user-supplied memory pointed by Sha512Context as SHA-512 hash context for 777 subsequent use. 778 779 If Sha512Context is NULL, then return FALSE. 780 781 @param[out] Sha512Context Pointer to SHA-512 context being initialized. 782 783 @retval TRUE SHA-512 context initialization succeeded. 784 @retval FALSE SHA-512 context initialization failed. 785 786 **/ 787 BOOLEAN 788 EFIAPI 789 Sha512Init ( 790 OUT VOID *Sha512Context 791 ); 792 793 /** 794 Makes a copy of an existing SHA-512 context. 795 796 If Sha512Context is NULL, then return FALSE. 797 If NewSha512Context is NULL, then return FALSE. 798 If this interface is not supported, then return FALSE. 799 800 @param[in] Sha512Context Pointer to SHA-512 context being copied. 801 @param[out] NewSha512Context Pointer to new SHA-512 context. 802 803 @retval TRUE SHA-512 context copy succeeded. 804 @retval FALSE SHA-512 context copy failed. 805 @retval FALSE This interface is not supported. 806 807 **/ 808 BOOLEAN 809 EFIAPI 810 Sha512Duplicate ( 811 IN CONST VOID *Sha512Context, 812 OUT VOID *NewSha512Context 813 ); 814 815 /** 816 Digests the input data and updates SHA-512 context. 817 818 This function performs SHA-512 digest on a data buffer of the specified size. 819 It can be called multiple times to compute the digest of long or discontinuous data streams. 820 SHA-512 context should be already correctly initialized by Sha512Init(), and should not be finalized 821 by Sha512Final(). Behavior with invalid context is undefined. 822 823 If Sha512Context is NULL, then return FALSE. 824 825 @param[in, out] Sha512Context Pointer to the SHA-512 context. 826 @param[in] Data Pointer to the buffer containing the data to be hashed. 827 @param[in] DataSize Size of Data buffer in bytes. 828 829 @retval TRUE SHA-512 data digest succeeded. 830 @retval FALSE SHA-512 data digest failed. 831 832 **/ 833 BOOLEAN 834 EFIAPI 835 Sha512Update ( 836 IN OUT VOID *Sha512Context, 837 IN CONST VOID *Data, 838 IN UINTN DataSize 839 ); 840 841 /** 842 Completes computation of the SHA-512 digest value. 843 844 This function completes SHA-512 hash computation and retrieves the digest value into 845 the specified memory. After this function has been called, the SHA-512 context cannot 846 be used again. 847 SHA-512 context should be already correctly initialized by Sha512Init(), and should not be 848 finalized by Sha512Final(). Behavior with invalid SHA-512 context is undefined. 849 850 If Sha512Context is NULL, then return FALSE. 851 If HashValue is NULL, then return FALSE. 852 853 @param[in, out] Sha512Context Pointer to the SHA-512 context. 854 @param[out] HashValue Pointer to a buffer that receives the SHA-512 digest 855 value (64 bytes). 856 857 @retval TRUE SHA-512 digest computation succeeded. 858 @retval FALSE SHA-512 digest computation failed. 859 860 **/ 861 BOOLEAN 862 EFIAPI 863 Sha512Final ( 864 IN OUT VOID *Sha512Context, 865 OUT UINT8 *HashValue 866 ); 867 868 /** 869 Computes the SHA-512 message digest of a input data buffer. 870 871 This function performs the SHA-512 message digest of a given data buffer, and places 872 the digest value into the specified memory. 873 874 If this interface is not supported, then return FALSE. 875 876 @param[in] Data Pointer to the buffer containing the data to be hashed. 877 @param[in] DataSize Size of Data buffer in bytes. 878 @param[out] HashValue Pointer to a buffer that receives the SHA-512 digest 879 value (64 bytes). 880 881 @retval TRUE SHA-512 digest computation succeeded. 882 @retval FALSE SHA-512 digest computation failed. 883 @retval FALSE This interface is not supported. 884 885 **/ 886 BOOLEAN 887 EFIAPI 888 Sha512HashAll ( 889 IN CONST VOID *Data, 890 IN UINTN DataSize, 891 OUT UINT8 *HashValue 892 ); 893 894 //===================================================================================== 895 // MAC (Message Authentication Code) Primitive 896 //===================================================================================== 897 898 /** 899 Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations. 900 901 If this interface is not supported, then return zero. 902 903 @return The size, in bytes, of the context buffer required for HMAC-MD5 operations. 904 @retval 0 This interface is not supported. 905 906 **/ 907 UINTN 908 EFIAPI 909 HmacMd5GetContextSize ( 910 VOID 911 ); 912 913 /** 914 Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for 915 subsequent use. 916 917 If HmacMd5Context is NULL, then return FALSE. 918 If this interface is not supported, then return FALSE. 919 920 @param[out] HmacMd5Context Pointer to HMAC-MD5 context being initialized. 921 @param[in] Key Pointer to the user-supplied key. 922 @param[in] KeySize Key size in bytes. 923 924 @retval TRUE HMAC-MD5 context initialization succeeded. 925 @retval FALSE HMAC-MD5 context initialization failed. 926 @retval FALSE This interface is not supported. 927 928 **/ 929 BOOLEAN 930 EFIAPI 931 HmacMd5Init ( 932 OUT VOID *HmacMd5Context, 933 IN CONST UINT8 *Key, 934 IN UINTN KeySize 935 ); 936 937 /** 938 Makes a copy of an existing HMAC-MD5 context. 939 940 If HmacMd5Context is NULL, then return FALSE. 941 If NewHmacMd5Context is NULL, then return FALSE. 942 If this interface is not supported, then return FALSE. 943 944 @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. 945 @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. 946 947 @retval TRUE HMAC-MD5 context copy succeeded. 948 @retval FALSE HMAC-MD5 context copy failed. 949 @retval FALSE This interface is not supported. 950 951 **/ 952 BOOLEAN 953 EFIAPI 954 HmacMd5Duplicate ( 955 IN CONST VOID *HmacMd5Context, 956 OUT VOID *NewHmacMd5Context 957 ); 958 959 /** 960 Digests the input data and updates HMAC-MD5 context. 961 962 This function performs HMAC-MD5 digest on a data buffer of the specified size. 963 It can be called multiple times to compute the digest of long or discontinuous data streams. 964 HMAC-MD5 context should be already correctly initialized by HmacMd5Init(), and should not be 965 finalized by HmacMd5Final(). Behavior with invalid context is undefined. 966 967 If HmacMd5Context is NULL, then return FALSE. 968 If this interface is not supported, then return FALSE. 969 970 @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. 971 @param[in] Data Pointer to the buffer containing the data to be digested. 972 @param[in] DataSize Size of Data buffer in bytes. 973 974 @retval TRUE HMAC-MD5 data digest succeeded. 975 @retval FALSE HMAC-MD5 data digest failed. 976 @retval FALSE This interface is not supported. 977 978 **/ 979 BOOLEAN 980 EFIAPI 981 HmacMd5Update ( 982 IN OUT VOID *HmacMd5Context, 983 IN CONST VOID *Data, 984 IN UINTN DataSize 985 ); 986 987 /** 988 Completes computation of the HMAC-MD5 digest value. 989 990 This function completes HMAC-MD5 hash computation and retrieves the digest value into 991 the specified memory. After this function has been called, the HMAC-MD5 context cannot 992 be used again. 993 HMAC-MD5 context should be already correctly initialized by HmacMd5Init(), and should not be 994 finalized by HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. 995 996 If HmacMd5Context is NULL, then return FALSE. 997 If HmacValue is NULL, then return FALSE. 998 If this interface is not supported, then return FALSE. 999 1000 @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. 1001 @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest 1002 value (16 bytes). 1003 1004 @retval TRUE HMAC-MD5 digest computation succeeded. 1005 @retval FALSE HMAC-MD5 digest computation failed. 1006 @retval FALSE This interface is not supported. 1007 1008 **/ 1009 BOOLEAN 1010 EFIAPI 1011 HmacMd5Final ( 1012 IN OUT VOID *HmacMd5Context, 1013 OUT UINT8 *HmacValue 1014 ); 1015 1016 /** 1017 Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations. 1018 1019 If this interface is not supported, then return zero. 1020 1021 @return The size, in bytes, of the context buffer required for HMAC-SHA1 operations. 1022 @retval 0 This interface is not supported. 1023 1024 **/ 1025 UINTN 1026 EFIAPI 1027 HmacSha1GetContextSize ( 1028 VOID 1029 ); 1030 1031 /** 1032 Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for 1033 subsequent use. 1034 1035 If HmacSha1Context is NULL, then return FALSE. 1036 If this interface is not supported, then return FALSE. 1037 1038 @param[out] HmacSha1Context Pointer to HMAC-SHA1 context being initialized. 1039 @param[in] Key Pointer to the user-supplied key. 1040 @param[in] KeySize Key size in bytes. 1041 1042 @retval TRUE HMAC-SHA1 context initialization succeeded. 1043 @retval FALSE HMAC-SHA1 context initialization failed. 1044 @retval FALSE This interface is not supported. 1045 1046 **/ 1047 BOOLEAN 1048 EFIAPI 1049 HmacSha1Init ( 1050 OUT VOID *HmacSha1Context, 1051 IN CONST UINT8 *Key, 1052 IN UINTN KeySize 1053 ); 1054 1055 /** 1056 Makes a copy of an existing HMAC-SHA1 context. 1057 1058 If HmacSha1Context is NULL, then return FALSE. 1059 If NewHmacSha1Context is NULL, then return FALSE. 1060 If this interface is not supported, then return FALSE. 1061 1062 @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied. 1063 @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. 1064 1065 @retval TRUE HMAC-SHA1 context copy succeeded. 1066 @retval FALSE HMAC-SHA1 context copy failed. 1067 @retval FALSE This interface is not supported. 1068 1069 **/ 1070 BOOLEAN 1071 EFIAPI 1072 HmacSha1Duplicate ( 1073 IN CONST VOID *HmacSha1Context, 1074 OUT VOID *NewHmacSha1Context 1075 ); 1076 1077 /** 1078 Digests the input data and updates HMAC-SHA1 context. 1079 1080 This function performs HMAC-SHA1 digest on a data buffer of the specified size. 1081 It can be called multiple times to compute the digest of long or discontinuous data streams. 1082 HMAC-SHA1 context should be already correctly initialized by HmacSha1Init(), and should not 1083 be finalized by HmacSha1Final(). Behavior with invalid context is undefined. 1084 1085 If HmacSha1Context is NULL, then return FALSE. 1086 If this interface is not supported, then return FALSE. 1087 1088 @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. 1089 @param[in] Data Pointer to the buffer containing the data to be digested. 1090 @param[in] DataSize Size of Data buffer in bytes. 1091 1092 @retval TRUE HMAC-SHA1 data digest succeeded. 1093 @retval FALSE HMAC-SHA1 data digest failed. 1094 @retval FALSE This interface is not supported. 1095 1096 **/ 1097 BOOLEAN 1098 EFIAPI 1099 HmacSha1Update ( 1100 IN OUT VOID *HmacSha1Context, 1101 IN CONST VOID *Data, 1102 IN UINTN DataSize 1103 ); 1104 1105 /** 1106 Completes computation of the HMAC-SHA1 digest value. 1107 1108 This function completes HMAC-SHA1 hash computation and retrieves the digest value into 1109 the specified memory. After this function has been called, the HMAC-SHA1 context cannot 1110 be used again. 1111 HMAC-SHA1 context should be already correctly initialized by HmacSha1Init(), and should 1112 not be finalized by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined. 1113 1114 If HmacSha1Context is NULL, then return FALSE. 1115 If HmacValue is NULL, then return FALSE. 1116 If this interface is not supported, then return FALSE. 1117 1118 @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. 1119 @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest 1120 value (20 bytes). 1121 1122 @retval TRUE HMAC-SHA1 digest computation succeeded. 1123 @retval FALSE HMAC-SHA1 digest computation failed. 1124 @retval FALSE This interface is not supported. 1125 1126 **/ 1127 BOOLEAN 1128 EFIAPI 1129 HmacSha1Final ( 1130 IN OUT VOID *HmacSha1Context, 1131 OUT UINT8 *HmacValue 1132 ); 1133 1134 /** 1135 Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256 operations. 1136 1137 If this interface is not supported, then return zero. 1138 1139 @return The size, in bytes, of the context buffer required for HMAC-SHA256 operations. 1140 @retval 0 This interface is not supported. 1141 1142 **/ 1143 UINTN 1144 EFIAPI 1145 HmacSha256GetContextSize ( 1146 VOID 1147 ); 1148 1149 /** 1150 Initializes user-supplied memory pointed by HmacSha256Context as HMAC-SHA256 context for 1151 subsequent use. 1152 1153 If HmacSha256Context is NULL, then return FALSE. 1154 If this interface is not supported, then return FALSE. 1155 1156 @param[out] HmacSha256Context Pointer to HMAC-SHA256 context being initialized. 1157 @param[in] Key Pointer to the user-supplied key. 1158 @param[in] KeySize Key size in bytes. 1159 1160 @retval TRUE HMAC-SHA256 context initialization succeeded. 1161 @retval FALSE HMAC-SHA256 context initialization failed. 1162 @retval FALSE This interface is not supported. 1163 1164 **/ 1165 BOOLEAN 1166 EFIAPI 1167 HmacSha256Init ( 1168 OUT VOID *HmacSha256Context, 1169 IN CONST UINT8 *Key, 1170 IN UINTN KeySize 1171 ); 1172 1173 /** 1174 Makes a copy of an existing HMAC-SHA256 context. 1175 1176 If HmacSha256Context is NULL, then return FALSE. 1177 If NewHmacSha256Context is NULL, then return FALSE. 1178 If this interface is not supported, then return FALSE. 1179 1180 @param[in] HmacSha256Context Pointer to HMAC-SHA256 context being copied. 1181 @param[out] NewHmacSha256Context Pointer to new HMAC-SHA256 context. 1182 1183 @retval TRUE HMAC-SHA256 context copy succeeded. 1184 @retval FALSE HMAC-SHA256 context copy failed. 1185 @retval FALSE This interface is not supported. 1186 1187 **/ 1188 BOOLEAN 1189 EFIAPI 1190 HmacSha256Duplicate ( 1191 IN CONST VOID *HmacSha256Context, 1192 OUT VOID *NewHmacSha256Context 1193 ); 1194 1195 /** 1196 Digests the input data and updates HMAC-SHA256 context. 1197 1198 This function performs HMAC-SHA256 digest on a data buffer of the specified size. 1199 It can be called multiple times to compute the digest of long or discontinuous data streams. 1200 HMAC-SHA256 context should be already correctly initialized by HmacSha256Init(), and should not 1201 be finalized by HmacSha256Final(). Behavior with invalid context is undefined. 1202 1203 If HmacSha256Context is NULL, then return FALSE. 1204 If this interface is not supported, then return FALSE. 1205 1206 @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. 1207 @param[in] Data Pointer to the buffer containing the data to be digested. 1208 @param[in] DataSize Size of Data buffer in bytes. 1209 1210 @retval TRUE HMAC-SHA256 data digest succeeded. 1211 @retval FALSE HMAC-SHA256 data digest failed. 1212 @retval FALSE This interface is not supported. 1213 1214 **/ 1215 BOOLEAN 1216 EFIAPI 1217 HmacSha256Update ( 1218 IN OUT VOID *HmacSha256Context, 1219 IN CONST VOID *Data, 1220 IN UINTN DataSize 1221 ); 1222 1223 /** 1224 Completes computation of the HMAC-SHA256 digest value. 1225 1226 This function completes HMAC-SHA256 hash computation and retrieves the digest value into 1227 the specified memory. After this function has been called, the HMAC-SHA256 context cannot 1228 be used again. 1229 HMAC-SHA256 context should be already correctly initialized by HmacSha256Init(), and should 1230 not be finalized by HmacSha256Final(). Behavior with invalid HMAC-SHA256 context is undefined. 1231 1232 If HmacSha256Context is NULL, then return FALSE. 1233 If HmacValue is NULL, then return FALSE. 1234 If this interface is not supported, then return FALSE. 1235 1236 @param[in, out] HmacSha256Context Pointer to the HMAC-SHA256 context. 1237 @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA256 digest 1238 value (32 bytes). 1239 1240 @retval TRUE HMAC-SHA256 digest computation succeeded. 1241 @retval FALSE HMAC-SHA256 digest computation failed. 1242 @retval FALSE This interface is not supported. 1243 1244 **/ 1245 BOOLEAN 1246 EFIAPI 1247 HmacSha256Final ( 1248 IN OUT VOID *HmacSha256Context, 1249 OUT UINT8 *HmacValue 1250 ); 1251 1252 //===================================================================================== 1253 // Symmetric Cryptography Primitive 1254 //===================================================================================== 1255 1256 /** 1257 Retrieves the size, in bytes, of the context buffer required for TDES operations. 1258 1259 If this interface is not supported, then return zero. 1260 1261 @return The size, in bytes, of the context buffer required for TDES operations. 1262 @retval 0 This interface is not supported. 1263 1264 **/ 1265 UINTN 1266 EFIAPI 1267 TdesGetContextSize ( 1268 VOID 1269 ); 1270 1271 /** 1272 Initializes user-supplied memory as TDES context for subsequent use. 1273 1274 This function initializes user-supplied memory pointed by TdesContext as TDES context. 1275 In addition, it sets up all TDES key materials for subsequent encryption and decryption 1276 operations. 1277 There are 3 key options as follows: 1278 KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES) 1279 KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security) 1280 KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest) 1281 1282 If TdesContext is NULL, then return FALSE. 1283 If Key is NULL, then return FALSE. 1284 If KeyLength is not valid, then return FALSE. 1285 If this interface is not supported, then return FALSE. 1286 1287 @param[out] TdesContext Pointer to TDES context being initialized. 1288 @param[in] Key Pointer to the user-supplied TDES key. 1289 @param[in] KeyLength Length of TDES key in bits. 1290 1291 @retval TRUE TDES context initialization succeeded. 1292 @retval FALSE TDES context initialization failed. 1293 @retval FALSE This interface is not supported. 1294 1295 **/ 1296 BOOLEAN 1297 EFIAPI 1298 TdesInit ( 1299 OUT VOID *TdesContext, 1300 IN CONST UINT8 *Key, 1301 IN UINTN KeyLength 1302 ); 1303 1304 /** 1305 Performs TDES encryption on a data buffer of the specified size in ECB mode. 1306 1307 This function performs TDES encryption on data buffer pointed by Input, of specified 1308 size of InputSize, in ECB mode. 1309 InputSize must be multiple of block size (8 bytes). This function does not perform 1310 padding. Caller must perform padding, if necessary, to ensure valid input data size. 1311 TdesContext should be already correctly initialized by TdesInit(). Behavior with 1312 invalid TDES context is undefined. 1313 1314 If TdesContext is NULL, then return FALSE. 1315 If Input is NULL, then return FALSE. 1316 If InputSize is not multiple of block size (8 bytes), then return FALSE. 1317 If Output is NULL, then return FALSE. 1318 If this interface is not supported, then return FALSE. 1319 1320 @param[in] TdesContext Pointer to the TDES context. 1321 @param[in] Input Pointer to the buffer containing the data to be encrypted. 1322 @param[in] InputSize Size of the Input buffer in bytes. 1323 @param[out] Output Pointer to a buffer that receives the TDES encryption output. 1324 1325 @retval TRUE TDES encryption succeeded. 1326 @retval FALSE TDES encryption failed. 1327 @retval FALSE This interface is not supported. 1328 1329 **/ 1330 BOOLEAN 1331 EFIAPI 1332 TdesEcbEncrypt ( 1333 IN VOID *TdesContext, 1334 IN CONST UINT8 *Input, 1335 IN UINTN InputSize, 1336 OUT UINT8 *Output 1337 ); 1338 1339 /** 1340 Performs TDES decryption on a data buffer of the specified size in ECB mode. 1341 1342 This function performs TDES decryption on data buffer pointed by Input, of specified 1343 size of InputSize, in ECB mode. 1344 InputSize must be multiple of block size (8 bytes). This function does not perform 1345 padding. Caller must perform padding, if necessary, to ensure valid input data size. 1346 TdesContext should be already correctly initialized by TdesInit(). Behavior with 1347 invalid TDES context is undefined. 1348 1349 If TdesContext is NULL, then return FALSE. 1350 If Input is NULL, then return FALSE. 1351 If InputSize is not multiple of block size (8 bytes), then return FALSE. 1352 If Output is NULL, then return FALSE. 1353 If this interface is not supported, then return FALSE. 1354 1355 @param[in] TdesContext Pointer to the TDES context. 1356 @param[in] Input Pointer to the buffer containing the data to be decrypted. 1357 @param[in] InputSize Size of the Input buffer in bytes. 1358 @param[out] Output Pointer to a buffer that receives the TDES decryption output. 1359 1360 @retval TRUE TDES decryption succeeded. 1361 @retval FALSE TDES decryption failed. 1362 @retval FALSE This interface is not supported. 1363 1364 **/ 1365 BOOLEAN 1366 EFIAPI 1367 TdesEcbDecrypt ( 1368 IN VOID *TdesContext, 1369 IN CONST UINT8 *Input, 1370 IN UINTN InputSize, 1371 OUT UINT8 *Output 1372 ); 1373 1374 /** 1375 Performs TDES encryption on a data buffer of the specified size in CBC mode. 1376 1377 This function performs TDES encryption on data buffer pointed by Input, of specified 1378 size of InputSize, in CBC mode. 1379 InputSize must be multiple of block size (8 bytes). This function does not perform 1380 padding. Caller must perform padding, if necessary, to ensure valid input data size. 1381 Initialization vector should be one block size (8 bytes). 1382 TdesContext should be already correctly initialized by TdesInit(). Behavior with 1383 invalid TDES context is undefined. 1384 1385 If TdesContext is NULL, then return FALSE. 1386 If Input is NULL, then return FALSE. 1387 If InputSize is not multiple of block size (8 bytes), then return FALSE. 1388 If Ivec is NULL, then return FALSE. 1389 If Output is NULL, then return FALSE. 1390 If this interface is not supported, then return FALSE. 1391 1392 @param[in] TdesContext Pointer to the TDES context. 1393 @param[in] Input Pointer to the buffer containing the data to be encrypted. 1394 @param[in] InputSize Size of the Input buffer in bytes. 1395 @param[in] Ivec Pointer to initialization vector. 1396 @param[out] Output Pointer to a buffer that receives the TDES encryption output. 1397 1398 @retval TRUE TDES encryption succeeded. 1399 @retval FALSE TDES encryption failed. 1400 @retval FALSE This interface is not supported. 1401 1402 **/ 1403 BOOLEAN 1404 EFIAPI 1405 TdesCbcEncrypt ( 1406 IN VOID *TdesContext, 1407 IN CONST UINT8 *Input, 1408 IN UINTN InputSize, 1409 IN CONST UINT8 *Ivec, 1410 OUT UINT8 *Output 1411 ); 1412 1413 /** 1414 Performs TDES decryption on a data buffer of the specified size in CBC mode. 1415 1416 This function performs TDES decryption on data buffer pointed by Input, of specified 1417 size of InputSize, in CBC mode. 1418 InputSize must be multiple of block size (8 bytes). This function does not perform 1419 padding. Caller must perform padding, if necessary, to ensure valid input data size. 1420 Initialization vector should be one block size (8 bytes). 1421 TdesContext should be already correctly initialized by TdesInit(). Behavior with 1422 invalid TDES context is undefined. 1423 1424 If TdesContext is NULL, then return FALSE. 1425 If Input is NULL, then return FALSE. 1426 If InputSize is not multiple of block size (8 bytes), then return FALSE. 1427 If Ivec is NULL, then return FALSE. 1428 If Output is NULL, then return FALSE. 1429 If this interface is not supported, then return FALSE. 1430 1431 @param[in] TdesContext Pointer to the TDES context. 1432 @param[in] Input Pointer to the buffer containing the data to be encrypted. 1433 @param[in] InputSize Size of the Input buffer in bytes. 1434 @param[in] Ivec Pointer to initialization vector. 1435 @param[out] Output Pointer to a buffer that receives the TDES encryption output. 1436 1437 @retval TRUE TDES decryption succeeded. 1438 @retval FALSE TDES decryption failed. 1439 @retval FALSE This interface is not supported. 1440 1441 **/ 1442 BOOLEAN 1443 EFIAPI 1444 TdesCbcDecrypt ( 1445 IN VOID *TdesContext, 1446 IN CONST UINT8 *Input, 1447 IN UINTN InputSize, 1448 IN CONST UINT8 *Ivec, 1449 OUT UINT8 *Output 1450 ); 1451 1452 /** 1453 Retrieves the size, in bytes, of the context buffer required for AES operations. 1454 1455 If this interface is not supported, then return zero. 1456 1457 @return The size, in bytes, of the context buffer required for AES operations. 1458 @retval 0 This interface is not supported. 1459 1460 **/ 1461 UINTN 1462 EFIAPI 1463 AesGetContextSize ( 1464 VOID 1465 ); 1466 1467 /** 1468 Initializes user-supplied memory as AES context for subsequent use. 1469 1470 This function initializes user-supplied memory pointed by AesContext as AES context. 1471 In addition, it sets up all AES key materials for subsequent encryption and decryption 1472 operations. 1473 There are 3 options for key length, 128 bits, 192 bits, and 256 bits. 1474 1475 If AesContext is NULL, then return FALSE. 1476 If Key is NULL, then return FALSE. 1477 If KeyLength is not valid, then return FALSE. 1478 If this interface is not supported, then return FALSE. 1479 1480 @param[out] AesContext Pointer to AES context being initialized. 1481 @param[in] Key Pointer to the user-supplied AES key. 1482 @param[in] KeyLength Length of AES key in bits. 1483 1484 @retval TRUE AES context initialization succeeded. 1485 @retval FALSE AES context initialization failed. 1486 @retval FALSE This interface is not supported. 1487 1488 **/ 1489 BOOLEAN 1490 EFIAPI 1491 AesInit ( 1492 OUT VOID *AesContext, 1493 IN CONST UINT8 *Key, 1494 IN UINTN KeyLength 1495 ); 1496 1497 /** 1498 Performs AES encryption on a data buffer of the specified size in ECB mode. 1499 1500 This function performs AES encryption on data buffer pointed by Input, of specified 1501 size of InputSize, in ECB mode. 1502 InputSize must be multiple of block size (16 bytes). This function does not perform 1503 padding. Caller must perform padding, if necessary, to ensure valid input data size. 1504 AesContext should be already correctly initialized by AesInit(). Behavior with 1505 invalid AES context is undefined. 1506 1507 If AesContext is NULL, then return FALSE. 1508 If Input is NULL, then return FALSE. 1509 If InputSize is not multiple of block size (16 bytes), then return FALSE. 1510 If Output is NULL, then return FALSE. 1511 If this interface is not supported, then return FALSE. 1512 1513 @param[in] AesContext Pointer to the AES context. 1514 @param[in] Input Pointer to the buffer containing the data to be encrypted. 1515 @param[in] InputSize Size of the Input buffer in bytes. 1516 @param[out] Output Pointer to a buffer that receives the AES encryption output. 1517 1518 @retval TRUE AES encryption succeeded. 1519 @retval FALSE AES encryption failed. 1520 @retval FALSE This interface is not supported. 1521 1522 **/ 1523 BOOLEAN 1524 EFIAPI 1525 AesEcbEncrypt ( 1526 IN VOID *AesContext, 1527 IN CONST UINT8 *Input, 1528 IN UINTN InputSize, 1529 OUT UINT8 *Output 1530 ); 1531 1532 /** 1533 Performs AES decryption on a data buffer of the specified size in ECB mode. 1534 1535 This function performs AES decryption on data buffer pointed by Input, of specified 1536 size of InputSize, in ECB mode. 1537 InputSize must be multiple of block size (16 bytes). This function does not perform 1538 padding. Caller must perform padding, if necessary, to ensure valid input data size. 1539 AesContext should be already correctly initialized by AesInit(). Behavior with 1540 invalid AES context is undefined. 1541 1542 If AesContext is NULL, then return FALSE. 1543 If Input is NULL, then return FALSE. 1544 If InputSize is not multiple of block size (16 bytes), then return FALSE. 1545 If Output is NULL, then return FALSE. 1546 If this interface is not supported, then return FALSE. 1547 1548 @param[in] AesContext Pointer to the AES context. 1549 @param[in] Input Pointer to the buffer containing the data to be decrypted. 1550 @param[in] InputSize Size of the Input buffer in bytes. 1551 @param[out] Output Pointer to a buffer that receives the AES decryption output. 1552 1553 @retval TRUE AES decryption succeeded. 1554 @retval FALSE AES decryption failed. 1555 @retval FALSE This interface is not supported. 1556 1557 **/ 1558 BOOLEAN 1559 EFIAPI 1560 AesEcbDecrypt ( 1561 IN VOID *AesContext, 1562 IN CONST UINT8 *Input, 1563 IN UINTN InputSize, 1564 OUT UINT8 *Output 1565 ); 1566 1567 /** 1568 Performs AES encryption on a data buffer of the specified size in CBC mode. 1569 1570 This function performs AES encryption on data buffer pointed by Input, of specified 1571 size of InputSize, in CBC mode. 1572 InputSize must be multiple of block size (16 bytes). This function does not perform 1573 padding. Caller must perform padding, if necessary, to ensure valid input data size. 1574 Initialization vector should be one block size (16 bytes). 1575 AesContext should be already correctly initialized by AesInit(). Behavior with 1576 invalid AES context is undefined. 1577 1578 If AesContext is NULL, then return FALSE. 1579 If Input is NULL, then return FALSE. 1580 If InputSize is not multiple of block size (16 bytes), then return FALSE. 1581 If Ivec is NULL, then return FALSE. 1582 If Output is NULL, then return FALSE. 1583 If this interface is not supported, then return FALSE. 1584 1585 @param[in] AesContext Pointer to the AES context. 1586 @param[in] Input Pointer to the buffer containing the data to be encrypted. 1587 @param[in] InputSize Size of the Input buffer in bytes. 1588 @param[in] Ivec Pointer to initialization vector. 1589 @param[out] Output Pointer to a buffer that receives the AES encryption output. 1590 1591 @retval TRUE AES encryption succeeded. 1592 @retval FALSE AES encryption failed. 1593 @retval FALSE This interface is not supported. 1594 1595 **/ 1596 BOOLEAN 1597 EFIAPI 1598 AesCbcEncrypt ( 1599 IN VOID *AesContext, 1600 IN CONST UINT8 *Input, 1601 IN UINTN InputSize, 1602 IN CONST UINT8 *Ivec, 1603 OUT UINT8 *Output 1604 ); 1605 1606 /** 1607 Performs AES decryption on a data buffer of the specified size in CBC mode. 1608 1609 This function performs AES decryption on data buffer pointed by Input, of specified 1610 size of InputSize, in CBC mode. 1611 InputSize must be multiple of block size (16 bytes). This function does not perform 1612 padding. Caller must perform padding, if necessary, to ensure valid input data size. 1613 Initialization vector should be one block size (16 bytes). 1614 AesContext should be already correctly initialized by AesInit(). Behavior with 1615 invalid AES context is undefined. 1616 1617 If AesContext is NULL, then return FALSE. 1618 If Input is NULL, then return FALSE. 1619 If InputSize is not multiple of block size (16 bytes), then return FALSE. 1620 If Ivec is NULL, then return FALSE. 1621 If Output is NULL, then return FALSE. 1622 If this interface is not supported, then return FALSE. 1623 1624 @param[in] AesContext Pointer to the AES context. 1625 @param[in] Input Pointer to the buffer containing the data to be encrypted. 1626 @param[in] InputSize Size of the Input buffer in bytes. 1627 @param[in] Ivec Pointer to initialization vector. 1628 @param[out] Output Pointer to a buffer that receives the AES encryption output. 1629 1630 @retval TRUE AES decryption succeeded. 1631 @retval FALSE AES decryption failed. 1632 @retval FALSE This interface is not supported. 1633 1634 **/ 1635 BOOLEAN 1636 EFIAPI 1637 AesCbcDecrypt ( 1638 IN VOID *AesContext, 1639 IN CONST UINT8 *Input, 1640 IN UINTN InputSize, 1641 IN CONST UINT8 *Ivec, 1642 OUT UINT8 *Output 1643 ); 1644 1645 /** 1646 Retrieves the size, in bytes, of the context buffer required for ARC4 operations. 1647 1648 If this interface is not supported, then return zero. 1649 1650 @return The size, in bytes, of the context buffer required for ARC4 operations. 1651 @retval 0 This interface is not supported. 1652 1653 **/ 1654 UINTN 1655 EFIAPI 1656 Arc4GetContextSize ( 1657 VOID 1658 ); 1659 1660 /** 1661 Initializes user-supplied memory as ARC4 context for subsequent use. 1662 1663 This function initializes user-supplied memory pointed by Arc4Context as ARC4 context. 1664 In addition, it sets up all ARC4 key materials for subsequent encryption and decryption 1665 operations. 1666 1667 If Arc4Context is NULL, then return FALSE. 1668 If Key is NULL, then return FALSE. 1669 If KeySize does not in the range of [5, 256] bytes, then return FALSE. 1670 If this interface is not supported, then return FALSE. 1671 1672 @param[out] Arc4Context Pointer to ARC4 context being initialized. 1673 @param[in] Key Pointer to the user-supplied ARC4 key. 1674 @param[in] KeySize Size of ARC4 key in bytes. 1675 1676 @retval TRUE ARC4 context initialization succeeded. 1677 @retval FALSE ARC4 context initialization failed. 1678 @retval FALSE This interface is not supported. 1679 1680 **/ 1681 BOOLEAN 1682 EFIAPI 1683 Arc4Init ( 1684 OUT VOID *Arc4Context, 1685 IN CONST UINT8 *Key, 1686 IN UINTN KeySize 1687 ); 1688 1689 /** 1690 Performs ARC4 encryption on a data buffer of the specified size. 1691 1692 This function performs ARC4 encryption on data buffer pointed by Input, of specified 1693 size of InputSize. 1694 Arc4Context should be already correctly initialized by Arc4Init(). Behavior with 1695 invalid ARC4 context is undefined. 1696 1697 If Arc4Context is NULL, then return FALSE. 1698 If Input is NULL, then return FALSE. 1699 If Output is NULL, then return FALSE. 1700 If this interface is not supported, then return FALSE. 1701 1702 @param[in] Arc4Context Pointer to the ARC4 context. 1703 @param[in] Input Pointer to the buffer containing the data to be encrypted. 1704 @param[in] InputSize Size of the Input buffer in bytes. 1705 @param[out] Output Pointer to a buffer that receives the ARC4 encryption output. 1706 1707 @retval TRUE ARC4 encryption succeeded. 1708 @retval FALSE ARC4 encryption failed. 1709 @retval FALSE This interface is not supported. 1710 1711 **/ 1712 BOOLEAN 1713 EFIAPI 1714 Arc4Encrypt ( 1715 IN OUT VOID *Arc4Context, 1716 IN CONST UINT8 *Input, 1717 IN UINTN InputSize, 1718 OUT UINT8 *Output 1719 ); 1720 1721 /** 1722 Performs ARC4 decryption on a data buffer of the specified size. 1723 1724 This function performs ARC4 decryption on data buffer pointed by Input, of specified 1725 size of InputSize. 1726 Arc4Context should be already correctly initialized by Arc4Init(). Behavior with 1727 invalid ARC4 context is undefined. 1728 1729 If Arc4Context is NULL, then return FALSE. 1730 If Input is NULL, then return FALSE. 1731 If Output is NULL, then return FALSE. 1732 If this interface is not supported, then return FALSE. 1733 1734 @param[in] Arc4Context Pointer to the ARC4 context. 1735 @param[in] Input Pointer to the buffer containing the data to be decrypted. 1736 @param[in] InputSize Size of the Input buffer in bytes. 1737 @param[out] Output Pointer to a buffer that receives the ARC4 decryption output. 1738 1739 @retval TRUE ARC4 decryption succeeded. 1740 @retval FALSE ARC4 decryption failed. 1741 @retval FALSE This interface is not supported. 1742 1743 **/ 1744 BOOLEAN 1745 EFIAPI 1746 Arc4Decrypt ( 1747 IN OUT VOID *Arc4Context, 1748 IN UINT8 *Input, 1749 IN UINTN InputSize, 1750 OUT UINT8 *Output 1751 ); 1752 1753 /** 1754 Resets the ARC4 context to the initial state. 1755 1756 The function resets the ARC4 context to the state it had immediately after the 1757 ARC4Init() function call. 1758 Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but ARC4 context 1759 should be already correctly initialized by ARC4Init(). 1760 1761 If Arc4Context is NULL, then return FALSE. 1762 If this interface is not supported, then return FALSE. 1763 1764 @param[in, out] Arc4Context Pointer to the ARC4 context. 1765 1766 @retval TRUE ARC4 reset succeeded. 1767 @retval FALSE ARC4 reset failed. 1768 @retval FALSE This interface is not supported. 1769 1770 **/ 1771 BOOLEAN 1772 EFIAPI 1773 Arc4Reset ( 1774 IN OUT VOID *Arc4Context 1775 ); 1776 1777 //===================================================================================== 1778 // Asymmetric Cryptography Primitive 1779 //===================================================================================== 1780 1781 /** 1782 Allocates and initializes one RSA context for subsequent use. 1783 1784 @return Pointer to the RSA context that has been initialized. 1785 If the allocations fails, RsaNew() returns NULL. 1786 1787 **/ 1788 VOID * 1789 EFIAPI 1790 RsaNew ( 1791 VOID 1792 ); 1793 1794 /** 1795 Release the specified RSA context. 1796 1797 If RsaContext is NULL, then return FALSE. 1798 1799 @param[in] RsaContext Pointer to the RSA context to be released. 1800 1801 **/ 1802 VOID 1803 EFIAPI 1804 RsaFree ( 1805 IN VOID *RsaContext 1806 ); 1807 1808 /** 1809 Sets the tag-designated key component into the established RSA context. 1810 1811 This function sets the tag-designated RSA key component into the established 1812 RSA context from the user-specified non-negative integer (octet string format 1813 represented in RSA PKCS#1). 1814 If BigNumber is NULL, then the specified key component in RSA context is cleared. 1815 1816 If RsaContext is NULL, then return FALSE. 1817 1818 @param[in, out] RsaContext Pointer to RSA context being set. 1819 @param[in] KeyTag Tag of RSA key component being set. 1820 @param[in] BigNumber Pointer to octet integer buffer. 1821 If NULL, then the specified key component in RSA 1822 context is cleared. 1823 @param[in] BnSize Size of big number buffer in bytes. 1824 If BigNumber is NULL, then it is ignored. 1825 1826 @retval TRUE RSA key component was set successfully. 1827 @retval FALSE Invalid RSA key component tag. 1828 1829 **/ 1830 BOOLEAN 1831 EFIAPI 1832 RsaSetKey ( 1833 IN OUT VOID *RsaContext, 1834 IN RSA_KEY_TAG KeyTag, 1835 IN CONST UINT8 *BigNumber, 1836 IN UINTN BnSize 1837 ); 1838 1839 /** 1840 Gets the tag-designated RSA key component from the established RSA context. 1841 1842 This function retrieves the tag-designated RSA key component from the 1843 established RSA context as a non-negative integer (octet string format 1844 represented in RSA PKCS#1). 1845 If specified key component has not been set or has been cleared, then returned 1846 BnSize is set to 0. 1847 If the BigNumber buffer is too small to hold the contents of the key, FALSE 1848 is returned and BnSize is set to the required buffer size to obtain the key. 1849 1850 If RsaContext is NULL, then return FALSE. 1851 If BnSize is NULL, then return FALSE. 1852 If BnSize is large enough but BigNumber is NULL, then return FALSE. 1853 If this interface is not supported, then return FALSE. 1854 1855 @param[in, out] RsaContext Pointer to RSA context being set. 1856 @param[in] KeyTag Tag of RSA key component being set. 1857 @param[out] BigNumber Pointer to octet integer buffer. 1858 @param[in, out] BnSize On input, the size of big number buffer in bytes. 1859 On output, the size of data returned in big number buffer in bytes. 1860 1861 @retval TRUE RSA key component was retrieved successfully. 1862 @retval FALSE Invalid RSA key component tag. 1863 @retval FALSE BnSize is too small. 1864 @retval FALSE This interface is not supported. 1865 1866 **/ 1867 BOOLEAN 1868 EFIAPI 1869 RsaGetKey ( 1870 IN OUT VOID *RsaContext, 1871 IN RSA_KEY_TAG KeyTag, 1872 OUT UINT8 *BigNumber, 1873 IN OUT UINTN *BnSize 1874 ); 1875 1876 /** 1877 Generates RSA key components. 1878 1879 This function generates RSA key components. It takes RSA public exponent E and 1880 length in bits of RSA modulus N as input, and generates all key components. 1881 If PublicExponent is NULL, the default RSA public exponent (0x10001) will be used. 1882 1883 Before this function can be invoked, pseudorandom number generator must be correctly 1884 initialized by RandomSeed(). 1885 1886 If RsaContext is NULL, then return FALSE. 1887 If this interface is not supported, then return FALSE. 1888 1889 @param[in, out] RsaContext Pointer to RSA context being set. 1890 @param[in] ModulusLength Length of RSA modulus N in bits. 1891 @param[in] PublicExponent Pointer to RSA public exponent. 1892 @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes. 1893 1894 @retval TRUE RSA key component was generated successfully. 1895 @retval FALSE Invalid RSA key component tag. 1896 @retval FALSE This interface is not supported. 1897 1898 **/ 1899 BOOLEAN 1900 EFIAPI 1901 RsaGenerateKey ( 1902 IN OUT VOID *RsaContext, 1903 IN UINTN ModulusLength, 1904 IN CONST UINT8 *PublicExponent, 1905 IN UINTN PublicExponentSize 1906 ); 1907 1908 /** 1909 Validates key components of RSA context. 1910 NOTE: This function performs integrity checks on all the RSA key material, so 1911 the RSA key structure must contain all the private key data. 1912 1913 This function validates key components of RSA context in following aspects: 1914 - Whether p is a prime 1915 - Whether q is a prime 1916 - Whether n = p * q 1917 - Whether d*e = 1 mod lcm(p-1,q-1) 1918 1919 If RsaContext is NULL, then return FALSE. 1920 If this interface is not supported, then return FALSE. 1921 1922 @param[in] RsaContext Pointer to RSA context to check. 1923 1924 @retval TRUE RSA key components are valid. 1925 @retval FALSE RSA key components are not valid. 1926 @retval FALSE This interface is not supported. 1927 1928 **/ 1929 BOOLEAN 1930 EFIAPI 1931 RsaCheckKey ( 1932 IN VOID *RsaContext 1933 ); 1934 1935 /** 1936 Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme. 1937 1938 This function carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme defined in 1939 RSA PKCS#1. 1940 If the Signature buffer is too small to hold the contents of signature, FALSE 1941 is returned and SigSize is set to the required buffer size to obtain the signature. 1942 1943 If RsaContext is NULL, then return FALSE. 1944 If MessageHash is NULL, then return FALSE. 1945 If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE. 1946 If SigSize is large enough but Signature is NULL, then return FALSE. 1947 If this interface is not supported, then return FALSE. 1948 1949 @param[in] RsaContext Pointer to RSA context for signature generation. 1950 @param[in] MessageHash Pointer to octet message hash to be signed. 1951 @param[in] HashSize Size of the message hash in bytes. 1952 @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature. 1953 @param[in, out] SigSize On input, the size of Signature buffer in bytes. 1954 On output, the size of data returned in Signature buffer in bytes. 1955 1956 @retval TRUE Signature successfully generated in PKCS1-v1_5. 1957 @retval FALSE Signature generation failed. 1958 @retval FALSE SigSize is too small. 1959 @retval FALSE This interface is not supported. 1960 1961 **/ 1962 BOOLEAN 1963 EFIAPI 1964 RsaPkcs1Sign ( 1965 IN VOID *RsaContext, 1966 IN CONST UINT8 *MessageHash, 1967 IN UINTN HashSize, 1968 OUT UINT8 *Signature, 1969 IN OUT UINTN *SigSize 1970 ); 1971 1972 /** 1973 Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in 1974 RSA PKCS#1. 1975 1976 If RsaContext is NULL, then return FALSE. 1977 If MessageHash is NULL, then return FALSE. 1978 If Signature is NULL, then return FALSE. 1979 If HashSize is not equal to the size of MD5, SHA-1, SHA-256 digest, then return FALSE. 1980 1981 @param[in] RsaContext Pointer to RSA context for signature verification. 1982 @param[in] MessageHash Pointer to octet message hash to be checked. 1983 @param[in] HashSize Size of the message hash in bytes. 1984 @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified. 1985 @param[in] SigSize Size of signature in bytes. 1986 1987 @retval TRUE Valid signature encoded in PKCS1-v1_5. 1988 @retval FALSE Invalid signature or invalid RSA context. 1989 1990 **/ 1991 BOOLEAN 1992 EFIAPI 1993 RsaPkcs1Verify ( 1994 IN VOID *RsaContext, 1995 IN CONST UINT8 *MessageHash, 1996 IN UINTN HashSize, 1997 IN CONST UINT8 *Signature, 1998 IN UINTN SigSize 1999 ); 2000 2001 /** 2002 Retrieve the RSA Private Key from the password-protected PEM key data. 2003 2004 If PemData is NULL, then return FALSE. 2005 If RsaContext is NULL, then return FALSE. 2006 If this interface is not supported, then return FALSE. 2007 2008 @param[in] PemData Pointer to the PEM-encoded key data to be retrieved. 2009 @param[in] PemSize Size of the PEM key data in bytes. 2010 @param[in] Password NULL-terminated passphrase used for encrypted PEM key data. 2011 @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved 2012 RSA private key component. Use RsaFree() function to free the 2013 resource. 2014 2015 @retval TRUE RSA Private Key was retrieved successfully. 2016 @retval FALSE Invalid PEM key data or incorrect password. 2017 @retval FALSE This interface is not supported. 2018 2019 **/ 2020 BOOLEAN 2021 EFIAPI 2022 RsaGetPrivateKeyFromPem ( 2023 IN CONST UINT8 *PemData, 2024 IN UINTN PemSize, 2025 IN CONST CHAR8 *Password, 2026 OUT VOID **RsaContext 2027 ); 2028 2029 /** 2030 Retrieve the RSA Public Key from one DER-encoded X509 certificate. 2031 2032 If Cert is NULL, then return FALSE. 2033 If RsaContext is NULL, then return FALSE. 2034 If this interface is not supported, then return FALSE. 2035 2036 @param[in] Cert Pointer to the DER-encoded X509 certificate. 2037 @param[in] CertSize Size of the X509 certificate in bytes. 2038 @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved 2039 RSA public key component. Use RsaFree() function to free the 2040 resource. 2041 2042 @retval TRUE RSA Public Key was retrieved successfully. 2043 @retval FALSE Fail to retrieve RSA public key from X509 certificate. 2044 @retval FALSE This interface is not supported. 2045 2046 **/ 2047 BOOLEAN 2048 EFIAPI 2049 RsaGetPublicKeyFromX509 ( 2050 IN CONST UINT8 *Cert, 2051 IN UINTN CertSize, 2052 OUT VOID **RsaContext 2053 ); 2054 2055 /** 2056 Retrieve the subject bytes from one X.509 certificate. 2057 2058 If Cert is NULL, then return FALSE. 2059 If SubjectSize is NULL, then return FALSE. 2060 If this interface is not supported, then return FALSE. 2061 2062 @param[in] Cert Pointer to the DER-encoded X509 certificate. 2063 @param[in] CertSize Size of the X509 certificate in bytes. 2064 @param[out] CertSubject Pointer to the retrieved certificate subject bytes. 2065 @param[in, out] SubjectSize The size in bytes of the CertSubject buffer on input, 2066 and the size of buffer returned CertSubject on output. 2067 2068 @retval TRUE The certificate subject retrieved successfully. 2069 @retval FALSE Invalid certificate, or the SubjectSize is too small for the result. 2070 The SubjectSize will be updated with the required size. 2071 @retval FALSE This interface is not supported. 2072 2073 **/ 2074 BOOLEAN 2075 EFIAPI 2076 X509GetSubjectName ( 2077 IN CONST UINT8 *Cert, 2078 IN UINTN CertSize, 2079 OUT UINT8 *CertSubject, 2080 IN OUT UINTN *SubjectSize 2081 ); 2082 2083 /** 2084 Verify one X509 certificate was issued by the trusted CA. 2085 2086 If Cert is NULL, then return FALSE. 2087 If CACert is NULL, then return FALSE. 2088 If this interface is not supported, then return FALSE. 2089 2090 @param[in] Cert Pointer to the DER-encoded X509 certificate to be verified. 2091 @param[in] CertSize Size of the X509 certificate in bytes. 2092 @param[in] CACert Pointer to the DER-encoded trusted CA certificate. 2093 @param[in] CACertSize Size of the CA Certificate in bytes. 2094 2095 @retval TRUE The certificate was issued by the trusted CA. 2096 @retval FALSE Invalid certificate or the certificate was not issued by the given 2097 trusted CA. 2098 @retval FALSE This interface is not supported. 2099 2100 **/ 2101 BOOLEAN 2102 EFIAPI 2103 X509VerifyCert ( 2104 IN CONST UINT8 *Cert, 2105 IN UINTN CertSize, 2106 IN CONST UINT8 *CACert, 2107 IN UINTN CACertSize 2108 ); 2109 2110 /** 2111 Construct a X509 object from DER-encoded certificate data. 2112 2113 If Cert is NULL, then return FALSE. 2114 If SingleX509Cert is NULL, then return FALSE. 2115 If this interface is not supported, then return FALSE. 2116 2117 @param[in] Cert Pointer to the DER-encoded certificate data. 2118 @param[in] CertSize The size of certificate data in bytes. 2119 @param[out] SingleX509Cert The generated X509 object. 2120 2121 @retval TRUE The X509 object generation succeeded. 2122 @retval FALSE The operation failed. 2123 @retval FALSE This interface is not supported. 2124 2125 **/ 2126 BOOLEAN 2127 EFIAPI 2128 X509ConstructCertificate ( 2129 IN CONST UINT8 *Cert, 2130 IN UINTN CertSize, 2131 OUT UINT8 **SingleX509Cert 2132 ); 2133 2134 /** 2135 Construct a X509 stack object from a list of DER-encoded certificate data. 2136 2137 If X509Stack is NULL, then return FALSE. 2138 If this interface is not supported, then return FALSE. 2139 2140 @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object. 2141 On output, pointer to the X509 stack object with new 2142 inserted X509 certificate. 2143 @param ... A list of DER-encoded single certificate data followed 2144 by certificate size. A NULL terminates the list. The 2145 pairs are the arguments to X509ConstructCertificate(). 2146 2147 @retval TRUE The X509 stack construction succeeded. 2148 @retval FALSE The construction operation failed. 2149 @retval FALSE This interface is not supported. 2150 2151 **/ 2152 BOOLEAN 2153 EFIAPI 2154 X509ConstructCertificateStack ( 2155 IN OUT UINT8 **X509Stack, 2156 ... 2157 ); 2158 2159 /** 2160 Release the specified X509 object. 2161 2162 If the interface is not supported, then ASSERT(). 2163 2164 @param[in] X509Cert Pointer to the X509 object to be released. 2165 2166 **/ 2167 VOID 2168 EFIAPI 2169 X509Free ( 2170 IN VOID *X509Cert 2171 ); 2172 2173 /** 2174 Release the specified X509 stack object. 2175 2176 If the interface is not supported, then ASSERT(). 2177 2178 @param[in] X509Stack Pointer to the X509 stack object to be released. 2179 2180 **/ 2181 VOID 2182 EFIAPI 2183 X509StackFree ( 2184 IN VOID *X509Stack 2185 ); 2186 2187 /** 2188 Retrieve the TBSCertificate from one given X.509 certificate. 2189 2190 @param[in] Cert Pointer to the given DER-encoded X509 certificate. 2191 @param[in] CertSize Size of the X509 certificate in bytes. 2192 @param[out] TBSCert DER-Encoded To-Be-Signed certificate. 2193 @param[out] TBSCertSize Size of the TBS certificate in bytes. 2194 2195 If Cert is NULL, then return FALSE. 2196 If TBSCert is NULL, then return FALSE. 2197 If TBSCertSize is NULL, then return FALSE. 2198 If this interface is not supported, then return FALSE. 2199 2200 @retval TRUE The TBSCertificate was retrieved successfully. 2201 @retval FALSE Invalid X.509 certificate. 2202 2203 **/ 2204 BOOLEAN 2205 EFIAPI 2206 X509GetTBSCert ( 2207 IN CONST UINT8 *Cert, 2208 IN UINTN CertSize, 2209 OUT UINT8 **TBSCert, 2210 OUT UINTN *TBSCertSize 2211 ); 2212 2213 /** 2214 Derives a key from a password using a salt and iteration count, based on PKCS#5 v2.0 2215 password based encryption key derivation function PBKDF2, as specified in RFC 2898. 2216 2217 If Password or Salt or OutKey is NULL, then return FALSE. 2218 If the hash algorithm could not be determined, then return FALSE. 2219 If this interface is not supported, then return FALSE. 2220 2221 @param[in] PasswordLength Length of input password in bytes. 2222 @param[in] Password Pointer to the array for the password. 2223 @param[in] SaltLength Size of the Salt in bytes. 2224 @param[in] Salt Pointer to the Salt. 2225 @param[in] IterationCount Number of iterations to perform. Its value should be 2226 greater than or equal to 1. 2227 @param[in] DigestSize Size of the message digest to be used (eg. SHA256_DIGEST_SIZE). 2228 NOTE: DigestSize will be used to determine the hash algorithm. 2229 Only SHA1_DIGEST_SIZE or SHA256_DIGEST_SIZE is supported. 2230 @param[in] KeyLength Size of the derived key buffer in bytes. 2231 @param[out] OutKey Pointer to the output derived key buffer. 2232 2233 @retval TRUE A key was derived successfully. 2234 @retval FALSE One of the pointers was NULL or one of the sizes was too large. 2235 @retval FALSE The hash algorithm could not be determined from the digest size. 2236 @retval FALSE The key derivation operation failed. 2237 @retval FALSE This interface is not supported. 2238 2239 **/ 2240 BOOLEAN 2241 EFIAPI 2242 Pkcs5HashPassword ( 2243 IN UINTN PasswordLength, 2244 IN CONST CHAR8 *Password, 2245 IN UINTN SaltLength, 2246 IN CONST UINT8 *Salt, 2247 IN UINTN IterationCount, 2248 IN UINTN DigestSize, 2249 IN UINTN KeyLength, 2250 OUT UINT8 *OutKey 2251 ); 2252 2253 /** 2254 Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7: 2255 Cryptographic Message Syntax Standard". The input signed data could be wrapped 2256 in a ContentInfo structure. 2257 2258 If P7Data, CertStack, StackLength, TrustedCert or CertLength is NULL, then 2259 return FALSE. If P7Length overflow, then return FALSE. 2260 If this interface is not supported, then return FALSE. 2261 2262 @param[in] P7Data Pointer to the PKCS#7 message to verify. 2263 @param[in] P7Length Length of the PKCS#7 message in bytes. 2264 @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data. 2265 It's caller's responsibility to free the buffer. 2266 @param[out] StackLength Length of signer's certificates in bytes. 2267 @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates. 2268 It's caller's responsibility to free the buffer. 2269 @param[out] CertLength Length of the trusted certificate in bytes. 2270 2271 @retval TRUE The operation is finished successfully. 2272 @retval FALSE Error occurs during the operation. 2273 @retval FALSE This interface is not supported. 2274 2275 **/ 2276 BOOLEAN 2277 EFIAPI 2278 Pkcs7GetSigners ( 2279 IN CONST UINT8 *P7Data, 2280 IN UINTN P7Length, 2281 OUT UINT8 **CertStack, 2282 OUT UINTN *StackLength, 2283 OUT UINT8 **TrustedCert, 2284 OUT UINTN *CertLength 2285 ); 2286 2287 /** 2288 Wrap function to use free() to free allocated memory for certificates. 2289 2290 If this interface is not supported, then ASSERT(). 2291 2292 @param[in] Certs Pointer to the certificates to be freed. 2293 2294 **/ 2295 VOID 2296 EFIAPI 2297 Pkcs7FreeSigners ( 2298 IN UINT8 *Certs 2299 ); 2300 2301 /** 2302 Retrieves all embedded certificates from PKCS#7 signed data as described in "PKCS #7: 2303 Cryptographic Message Syntax Standard", and outputs two certificate lists chained and 2304 unchained to the signer's certificates. 2305 The input signed data could be wrapped in a ContentInfo structure. 2306 2307 @param[in] P7Data Pointer to the PKCS#7 message. 2308 @param[in] P7Length Length of the PKCS#7 message in bytes. 2309 @param[out] SignerChainCerts Pointer to the certificates list chained to signer's 2310 certificate. It's caller's responsibility to free the buffer. 2311 @param[out] ChainLength Length of the chained certificates list buffer in bytes. 2312 @param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's 2313 responsibility to free the buffer. 2314 @param[out] UnchainLength Length of the unchained certificates list buffer in bytes. 2315 2316 @retval TRUE The operation is finished successfully. 2317 @retval FALSE Error occurs during the operation. 2318 2319 **/ 2320 BOOLEAN 2321 EFIAPI 2322 Pkcs7GetCertificatesList ( 2323 IN CONST UINT8 *P7Data, 2324 IN UINTN P7Length, 2325 OUT UINT8 **SignerChainCerts, 2326 OUT UINTN *ChainLength, 2327 OUT UINT8 **UnchainCerts, 2328 OUT UINTN *UnchainLength 2329 ); 2330 2331 /** 2332 Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message 2333 Syntax Standard, version 1.5". This interface is only intended to be used for 2334 application to perform PKCS#7 functionality validation. 2335 2336 If this interface is not supported, then return FALSE. 2337 2338 @param[in] PrivateKey Pointer to the PEM-formatted private key data for 2339 data signing. 2340 @param[in] PrivateKeySize Size of the PEM private key data in bytes. 2341 @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM 2342 key data. 2343 @param[in] InData Pointer to the content to be signed. 2344 @param[in] InDataSize Size of InData in bytes. 2345 @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with. 2346 @param[in] OtherCerts Pointer to an optional additional set of certificates to 2347 include in the PKCS#7 signedData (e.g. any intermediate 2348 CAs in the chain). 2349 @param[out] SignedData Pointer to output PKCS#7 signedData. 2350 @param[out] SignedDataSize Size of SignedData in bytes. 2351 2352 @retval TRUE PKCS#7 data signing succeeded. 2353 @retval FALSE PKCS#7 data signing failed. 2354 @retval FALSE This interface is not supported. 2355 2356 **/ 2357 BOOLEAN 2358 EFIAPI 2359 Pkcs7Sign ( 2360 IN CONST UINT8 *PrivateKey, 2361 IN UINTN PrivateKeySize, 2362 IN CONST UINT8 *KeyPassword, 2363 IN UINT8 *InData, 2364 IN UINTN InDataSize, 2365 IN UINT8 *SignCert, 2366 IN UINT8 *OtherCerts OPTIONAL, 2367 OUT UINT8 **SignedData, 2368 OUT UINTN *SignedDataSize 2369 ); 2370 2371 /** 2372 Verifies the validity of a PKCS#7 signed data as described in "PKCS #7: 2373 Cryptographic Message Syntax Standard". The input signed data could be wrapped 2374 in a ContentInfo structure. 2375 2376 If P7Data, TrustedCert or InData is NULL, then return FALSE. 2377 If P7Length, CertLength or DataLength overflow, then return FALSE. 2378 If this interface is not supported, then return FALSE. 2379 2380 @param[in] P7Data Pointer to the PKCS#7 message to verify. 2381 @param[in] P7Length Length of the PKCS#7 message in bytes. 2382 @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which 2383 is used for certificate chain verification. 2384 @param[in] CertLength Length of the trusted certificate in bytes. 2385 @param[in] InData Pointer to the content to be verified. 2386 @param[in] DataLength Length of InData in bytes. 2387 2388 @retval TRUE The specified PKCS#7 signed data is valid. 2389 @retval FALSE Invalid PKCS#7 signed data. 2390 @retval FALSE This interface is not supported. 2391 2392 **/ 2393 BOOLEAN 2394 EFIAPI 2395 Pkcs7Verify ( 2396 IN CONST UINT8 *P7Data, 2397 IN UINTN P7Length, 2398 IN CONST UINT8 *TrustedCert, 2399 IN UINTN CertLength, 2400 IN CONST UINT8 *InData, 2401 IN UINTN DataLength 2402 ); 2403 2404 /** 2405 Extracts the attached content from a PKCS#7 signed data if existed. The input signed 2406 data could be wrapped in a ContentInfo structure. 2407 2408 If P7Data, Content, or ContentSize is NULL, then return FALSE. If P7Length overflow, 2409 then return FALSE. If the P7Data is not correctly formatted, then return FALSE. 2410 2411 Caution: This function may receive untrusted input. So this function will do 2412 basic check for PKCS#7 data structure. 2413 2414 @param[in] P7Data Pointer to the PKCS#7 signed data to process. 2415 @param[in] P7Length Length of the PKCS#7 signed data in bytes. 2416 @param[out] Content Pointer to the extracted content from the PKCS#7 signedData. 2417 It's caller's responsibility to free the buffer. 2418 @param[out] ContentSize The size of the extracted content in bytes. 2419 2420 @retval TRUE The P7Data was correctly formatted for processing. 2421 @retval FALSE The P7Data was not correctly formatted for processing. 2422 2423 */ 2424 BOOLEAN 2425 EFIAPI 2426 Pkcs7GetAttachedContent ( 2427 IN CONST UINT8 *P7Data, 2428 IN UINTN P7Length, 2429 OUT VOID **Content, 2430 OUT UINTN *ContentSize 2431 ); 2432 2433 /** 2434 Verifies the validity of a PE/COFF Authenticode Signature as described in "Windows 2435 Authenticode Portable Executable Signature Format". 2436 2437 If AuthData is NULL, then return FALSE. 2438 If ImageHash is NULL, then return FALSE. 2439 If this interface is not supported, then return FALSE. 2440 2441 @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed 2442 PE/COFF image to be verified. 2443 @param[in] DataSize Size of the Authenticode Signature in bytes. 2444 @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which 2445 is used for certificate chain verification. 2446 @param[in] CertSize Size of the trusted certificate in bytes. 2447 @param[in] ImageHash Pointer to the original image file hash value. The procedure 2448 for calculating the image hash value is described in Authenticode 2449 specification. 2450 @param[in] HashSize Size of Image hash value in bytes. 2451 2452 @retval TRUE The specified Authenticode Signature is valid. 2453 @retval FALSE Invalid Authenticode Signature. 2454 @retval FALSE This interface is not supported. 2455 2456 **/ 2457 BOOLEAN 2458 EFIAPI 2459 AuthenticodeVerify ( 2460 IN CONST UINT8 *AuthData, 2461 IN UINTN DataSize, 2462 IN CONST UINT8 *TrustedCert, 2463 IN UINTN CertSize, 2464 IN CONST UINT8 *ImageHash, 2465 IN UINTN HashSize 2466 ); 2467 2468 /** 2469 Verifies the validity of a RFC3161 Timestamp CounterSignature embedded in PE/COFF Authenticode 2470 signature. 2471 2472 If AuthData is NULL, then return FALSE. 2473 If this interface is not supported, then return FALSE. 2474 2475 @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed 2476 PE/COFF image to be verified. 2477 @param[in] DataSize Size of the Authenticode Signature in bytes. 2478 @param[in] TsaCert Pointer to a trusted/root TSA certificate encoded in DER, which 2479 is used for TSA certificate chain verification. 2480 @param[in] CertSize Size of the trusted certificate in bytes. 2481 @param[out] SigningTime Return the time of timestamp generation time if the timestamp 2482 signature is valid. 2483 2484 @retval TRUE The specified Authenticode includes a valid RFC3161 Timestamp CounterSignature. 2485 @retval FALSE No valid RFC3161 Timestamp CounterSignature in the specified Authenticode data. 2486 2487 **/ 2488 BOOLEAN 2489 EFIAPI 2490 ImageTimestampVerify ( 2491 IN CONST UINT8 *AuthData, 2492 IN UINTN DataSize, 2493 IN CONST UINT8 *TsaCert, 2494 IN UINTN CertSize, 2495 OUT EFI_TIME *SigningTime 2496 ); 2497 2498 //===================================================================================== 2499 // DH Key Exchange Primitive 2500 //===================================================================================== 2501 2502 /** 2503 Allocates and Initializes one Diffie-Hellman Context for subsequent use. 2504 2505 @return Pointer to the Diffie-Hellman Context that has been initialized. 2506 If the allocations fails, DhNew() returns NULL. 2507 If the interface is not supported, DhNew() returns NULL. 2508 2509 **/ 2510 VOID * 2511 EFIAPI 2512 DhNew ( 2513 VOID 2514 ); 2515 2516 /** 2517 Release the specified DH context. 2518 2519 If the interface is not supported, then ASSERT(). 2520 2521 @param[in] DhContext Pointer to the DH context to be released. 2522 2523 **/ 2524 VOID 2525 EFIAPI 2526 DhFree ( 2527 IN VOID *DhContext 2528 ); 2529 2530 /** 2531 Generates DH parameter. 2532 2533 Given generator g, and length of prime number p in bits, this function generates p, 2534 and sets DH context according to value of g and p. 2535 2536 Before this function can be invoked, pseudorandom number generator must be correctly 2537 initialized by RandomSeed(). 2538 2539 If DhContext is NULL, then return FALSE. 2540 If Prime is NULL, then return FALSE. 2541 If this interface is not supported, then return FALSE. 2542 2543 @param[in, out] DhContext Pointer to the DH context. 2544 @param[in] Generator Value of generator. 2545 @param[in] PrimeLength Length in bits of prime to be generated. 2546 @param[out] Prime Pointer to the buffer to receive the generated prime number. 2547 2548 @retval TRUE DH parameter generation succeeded. 2549 @retval FALSE Value of Generator is not supported. 2550 @retval FALSE PRNG fails to generate random prime number with PrimeLength. 2551 @retval FALSE This interface is not supported. 2552 2553 **/ 2554 BOOLEAN 2555 EFIAPI 2556 DhGenerateParameter ( 2557 IN OUT VOID *DhContext, 2558 IN UINTN Generator, 2559 IN UINTN PrimeLength, 2560 OUT UINT8 *Prime 2561 ); 2562 2563 /** 2564 Sets generator and prime parameters for DH. 2565 2566 Given generator g, and prime number p, this function and sets DH 2567 context accordingly. 2568 2569 If DhContext is NULL, then return FALSE. 2570 If Prime is NULL, then return FALSE. 2571 If this interface is not supported, then return FALSE. 2572 2573 @param[in, out] DhContext Pointer to the DH context. 2574 @param[in] Generator Value of generator. 2575 @param[in] PrimeLength Length in bits of prime to be generated. 2576 @param[in] Prime Pointer to the prime number. 2577 2578 @retval TRUE DH parameter setting succeeded. 2579 @retval FALSE Value of Generator is not supported. 2580 @retval FALSE Value of Generator is not suitable for the Prime. 2581 @retval FALSE Value of Prime is not a prime number. 2582 @retval FALSE Value of Prime is not a safe prime number. 2583 @retval FALSE This interface is not supported. 2584 2585 **/ 2586 BOOLEAN 2587 EFIAPI 2588 DhSetParameter ( 2589 IN OUT VOID *DhContext, 2590 IN UINTN Generator, 2591 IN UINTN PrimeLength, 2592 IN CONST UINT8 *Prime 2593 ); 2594 2595 /** 2596 Generates DH public key. 2597 2598 This function generates random secret exponent, and computes the public key, which is 2599 returned via parameter PublicKey and PublicKeySize. DH context is updated accordingly. 2600 If the PublicKey buffer is too small to hold the public key, FALSE is returned and 2601 PublicKeySize is set to the required buffer size to obtain the public key. 2602 2603 If DhContext is NULL, then return FALSE. 2604 If PublicKeySize is NULL, then return FALSE. 2605 If PublicKeySize is large enough but PublicKey is NULL, then return FALSE. 2606 If this interface is not supported, then return FALSE. 2607 2608 @param[in, out] DhContext Pointer to the DH context. 2609 @param[out] PublicKey Pointer to the buffer to receive generated public key. 2610 @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes. 2611 On output, the size of data returned in PublicKey buffer in bytes. 2612 2613 @retval TRUE DH public key generation succeeded. 2614 @retval FALSE DH public key generation failed. 2615 @retval FALSE PublicKeySize is not large enough. 2616 @retval FALSE This interface is not supported. 2617 2618 **/ 2619 BOOLEAN 2620 EFIAPI 2621 DhGenerateKey ( 2622 IN OUT VOID *DhContext, 2623 OUT UINT8 *PublicKey, 2624 IN OUT UINTN *PublicKeySize 2625 ); 2626 2627 /** 2628 Computes exchanged common key. 2629 2630 Given peer's public key, this function computes the exchanged common key, based on its own 2631 context including value of prime modulus and random secret exponent. 2632 2633 If DhContext is NULL, then return FALSE. 2634 If PeerPublicKey is NULL, then return FALSE. 2635 If KeySize is NULL, then return FALSE. 2636 If Key is NULL, then return FALSE. 2637 If KeySize is not large enough, then return FALSE. 2638 If this interface is not supported, then return FALSE. 2639 2640 @param[in, out] DhContext Pointer to the DH context. 2641 @param[in] PeerPublicKey Pointer to the peer's public key. 2642 @param[in] PeerPublicKeySize Size of peer's public key in bytes. 2643 @param[out] Key Pointer to the buffer to receive generated key. 2644 @param[in, out] KeySize On input, the size of Key buffer in bytes. 2645 On output, the size of data returned in Key buffer in bytes. 2646 2647 @retval TRUE DH exchanged key generation succeeded. 2648 @retval FALSE DH exchanged key generation failed. 2649 @retval FALSE KeySize is not large enough. 2650 @retval FALSE This interface is not supported. 2651 2652 **/ 2653 BOOLEAN 2654 EFIAPI 2655 DhComputeKey ( 2656 IN OUT VOID *DhContext, 2657 IN CONST UINT8 *PeerPublicKey, 2658 IN UINTN PeerPublicKeySize, 2659 OUT UINT8 *Key, 2660 IN OUT UINTN *KeySize 2661 ); 2662 2663 //===================================================================================== 2664 // Pseudo-Random Generation Primitive 2665 //===================================================================================== 2666 2667 /** 2668 Sets up the seed value for the pseudorandom number generator. 2669 2670 This function sets up the seed value for the pseudorandom number generator. 2671 If Seed is not NULL, then the seed passed in is used. 2672 If Seed is NULL, then default seed is used. 2673 If this interface is not supported, then return FALSE. 2674 2675 @param[in] Seed Pointer to seed value. 2676 If NULL, default seed is used. 2677 @param[in] SeedSize Size of seed value. 2678 If Seed is NULL, this parameter is ignored. 2679 2680 @retval TRUE Pseudorandom number generator has enough entropy for random generation. 2681 @retval FALSE Pseudorandom number generator does not have enough entropy for random generation. 2682 @retval FALSE This interface is not supported. 2683 2684 **/ 2685 BOOLEAN 2686 EFIAPI 2687 RandomSeed ( 2688 IN CONST UINT8 *Seed OPTIONAL, 2689 IN UINTN SeedSize 2690 ); 2691 2692 /** 2693 Generates a pseudorandom byte stream of the specified size. 2694 2695 If Output is NULL, then return FALSE. 2696 If this interface is not supported, then return FALSE. 2697 2698 @param[out] Output Pointer to buffer to receive random value. 2699 @param[in] Size Size of random bytes to generate. 2700 2701 @retval TRUE Pseudorandom byte stream generated successfully. 2702 @retval FALSE Pseudorandom number generator fails to generate due to lack of entropy. 2703 @retval FALSE This interface is not supported. 2704 2705 **/ 2706 BOOLEAN 2707 EFIAPI 2708 RandomBytes ( 2709 OUT UINT8 *Output, 2710 IN UINTN Size 2711 ); 2712 2713 #endif // __BASE_CRYPT_LIB_H__ 2714