1. Add new API supports for PEM & X509 key retrieving & verification;

2. Add new MD4 hash supports; 3. Add corresponding test case in Cryptest utility; 4. Fix MACRO definition issue in OpensslLib.inf and parameter checking issues in some wrapper implementations. git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11214 6f19259b-4bc3-4df7-8a09-765794883524
author: qlong <qlong@6f19259b-4bc3-4df7-8a09-765794883524> 2010-12-31 07:22:48 +0000
committer: qlong <qlong@6f19259b-4bc3-4df7-8a09-765794883524> 2010-12-31 07:22:48 +0000
commit: 4a567c9690db97ecbf982e9428727f073bada504 (patch)
tree: 92682c435813f60c29afd83ad98d04ebc24903ac /CryptoPkg/Include
parent: 2a6433fef2413df583db6399008c7e6716a8e243 (diff)
download: edk2-platforms-4a567c9690db97ecbf982e9428727f073bada504.tar.xz
2 files changed, 210 insertions, 0 deletions
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index ee8c44d367..5fbedd9439 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -19,6 +19,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #define __BASE_CRYPT_LIB_H__
 
 ///
+/// MD4 digest size in bytes
+///
+#define MD4_DIGEST_SIZE     16
+
+///
 /// MD5 digest size in bytes
 ///
 #define MD5_DIGEST_SIZE     16
@@ -62,6 +67,109 @@ typedef enum {
 //=====================================================================================
 
 /**
+  Retrieves the size, in bytes, of the context buffer required for MD4 hash operations.
+
+  @return  The size, in bytes, of the context buffer required for MD4 hash operations.
+
+**/
+UINTN
+EFIAPI
+Md4GetContextSize (
+  VOID
+  );
+
+/**
+  Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
+  subsequent use.
+
+  If Md4Context is NULL, then ASSERT().
+
+  @param[out]  Md4Context  Pointer to MD4 context being initialized.
+
+  @retval TRUE   MD4 context initialization succeeded.
+  @retval FALSE  MD4 context initialization failed.
+
+**/
+BOOLEAN
+EFIAPI
+Md4Init (
+  OUT  VOID  *Md4Context
+  );
+
+/**
+  Makes a copy of an existing MD4 context.
+
+  If Md4Context is NULL, then ASSERT().
+  If NewMd4Context is NULL, then ASSERT().
+
+  @param[in]  Md4Context     Pointer to MD4 context being copied.
+  @param[out] NewMd4Context  Pointer to new MD4 context.
+
+  @retval TRUE   MD4 context copy succeeded.
+  @retval FALSE  MD4 context copy failed.
+
+**/
+BOOLEAN
+EFIAPI
+Md4Duplicate (
+  IN   CONST VOID  *Md4Context,
+  OUT  VOID        *NewMd4Context
+  );
+
+/**
+  Digests the input data and updates MD4 context.
+
+  This function performs MD4 digest on a data buffer of the specified size.
+  It can be called multiple times to compute the digest of long or discontinuous data streams.
+  MD4 context should be already correctly intialized by Md4Init(), and should not be finalized
+  by Md4Final(). Behavior with invalid context is undefined.
+
+  If Md4Context is NULL, then ASSERT().
+
+  @param[in, out]  Md4Context  Pointer to the MD4 context.
+  @param[in]       Data        Pointer to the buffer containing the data to be hashed.
+  @param[in]       DataSize    Size of Data buffer in bytes.
+
+  @retval TRUE   MD4 data digest succeeded.
+  @retval FALSE  MD4 data digest failed.
+
+**/
+BOOLEAN
+EFIAPI
+Md4Update (
+  IN OUT  VOID        *Md4Context,
+  IN      CONST VOID  *Data,
+  IN      UINTN       DataSize
+  );
+
+/**
+  Completes computation of the MD4 digest value.
+
+  This function completes MD4 hash computation and retrieves the digest value into
+  the specified memory. After this function has been called, the MD4 context cannot
+  be used again.
+  MD4 context should be already correctly intialized by Md4Init(), and should not be
+  finalized by Md4Final(). Behavior with invalid MD4 context is undefined.
+
+  If Md4Context is NULL, then ASSERT().
+  If HashValue is NULL, then ASSERT().
+
+  @param[in, out]  Md4Context  Pointer to the MD4 context.
+  @param[out]      HashValue   Pointer to a buffer that receives the MD4 digest
+                               value (16 bytes).
+
+  @retval TRUE   MD4 digest computation succeeded.
+  @retval FALSE  MD4 digest computation failed.
+
+**/
+BOOLEAN
+EFIAPI
+Md4Final (
+  IN OUT  VOID   *Md4Context,
+  OUT     UINT8  *HashValue
+  );
+
+/**
   Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
 
   @return  The size, in bytes, of the context buffer required for MD5 hash operations.
@@ -1293,6 +1401,107 @@ RsaPkcs1Verify (
   );
 
 /**
+  Retrieve the RSA Private Key from the password-protected PEM key data.
+
+  @param[in]  PemData      Pointer to the PEM-encoded key data to be retrieved.
+  @param[in]  PemSize      Size of the PEM key data in bytes.
+  @param[in]  Password     NULL-terminated passphrase used for encrypted PEM key data.
+  @param[out] RsaContext   Pointer to new-generated RSA context which contain the retrieved
+                           RSA private key component. Use RsaFree() function to free the
+                           resource.
+
+  If PemData is NULL, then ASSERT().
+  If RsaContext is NULL, then ASSERT().
+
+  @retval  TRUE   RSA Private Key was retrieved successfully.
+  @retval  FALSE  Invalid PEM key data or incorrect password.
+
+**/
+BOOLEAN
+EFIAPI
+RsaGetPrivateKeyFromPem (
+  IN   CONST UINT8  *PemData,
+  IN   UINTN        PemSize,
+  IN   CONST CHAR8  *Password,
+  OUT  VOID         **RsaContext
+  );
+
+/**
+  Retrieve the RSA Public Key from one DER-encoded X509 certificate.
+
+  @param[in]  Cert         Pointer to the DER-encoded X509 certificate.
+  @param[in]  CertSize     Size of the X509 certificate in bytes.
+  @param[out] RsaContext   Pointer to new-generated RSA context which contain the retrieved
+                           RSA public key component. Use RsaFree() function to free the
+                           resource.
+
+  If Cert is NULL, then ASSERT().
+  If RsaContext is NULL, then ASSERT().
+
+  @retval  TRUE   RSA Public Key was retrieved successfully.
+  @retval  FALSE  Fail to retrieve RSA public key from X509 certificate.
+
+**/
+BOOLEAN
+EFIAPI
+RsaGetPublicKeyFromX509 (
+  IN   CONST UINT8  *Cert,
+  IN   UINTN        CertSize,
+  OUT  VOID         **RsaContext
+  );
+
+/**
+  Retrieve the subject bytes from one X.509 certificate.
+
+  @param[in]      Cert         Pointer to the DER-encoded X509 certificate.
+  @param[in]      CertSize     Size of the X509 certificate in bytes.
+  @param[out]     CertSubject  Pointer to the retrieved certificate subject bytes.
+  @param[in, out] SubjectSize  The size in bytes of the CertSubject buffer on input,
+                               and the size of buffer returned CertSubject on output.
+
+  If Cert is NULL, then ASSERT().
+  If SubjectSize is NULL, then ASSERT().
+
+  @retval  TRUE   The certificate subject retrieved successfully.
+  @retval  FALSE  Invalid certificate, or the SubjectSize is too small for the result.
+                  The SubjectSize will be updated with the required size.
+
+**/
+BOOLEAN
+EFIAPI
+X509GetSubjectName (
+  IN      CONST UINT8  *Cert,
+  IN      UINTN        CertSize,
+  OUT     UINT8        *CertSubject,
+  IN OUT  UINTN        *SubjectSize
+  );
+
+/**
+  Verify one X509 certificate was issued by the trusted CA.
+
+  @param[in]      Cert         Pointer to the DER-encoded X509 certificate to be verified.
+  @param[in]      CertSize     Size of the X509 certificate in bytes.
+  @param[in]      CACert       Pointer to the DER-encoded trusted CA certificate.
+  @param[in]      CACertSize   Size of the CA Certificate in bytes.
+
+  If Cert is NULL, then ASSERT().
+  If CACert is NULL, then ASSERT().
+
+  @retval  TRUE   The certificate was issued by the trusted CA.
+  @retval  FALSE  Invalid certificate or the certificate was not issued by the given
+                  trusted CA.
+
+**/
+BOOLEAN
+EFIAPI
+X509VerifyCert (
+  IN  CONST UINT8  *Cert,
+  IN  UINTN        CertSize,
+  IN  CONST UINT8  *CACert,
+  IN  UINTN        CACertSize
+  );
+
+/**
   Verifies the validility of a PKCS#7 signed data as described in "PKCS #7: Cryptographic
   Message Syntax Standard".
 
diff --git a/CryptoPkg/Include/OpenSslSupport.h b/CryptoPkg/Include/OpenSslSupport.h
index 1c51cdb302..571511582e 100644
--- a/CryptoPkg/Include/OpenSslSupport.h
+++ b/CryptoPkg/Include/OpenSslSupport.h
@@ -222,6 +222,7 @@ FILE  *stdout;
 #define memset(dest,ch,count)             SetMem(dest,(UINTN)(count),(UINT8)(ch))
 #define memchr(buf,ch,count)              ScanMem8(buf,(UINTN)(count),(UINT8)ch)
 #define memcmp(buf1,buf2,count)           (int)(CompareMem(buf1,buf2,(UINTN)(count)))
+#define memmove(dest,source,count)        CopyMem(dest,source,(UINTN)(count))
 #define strcmp                            AsciiStrCmp
 #define strncmp(string1,string2,count)    (int)(AsciiStrnCmp(string1,string2,(UINTN)(count)))
 #define strcpy(strDest,strSource)         AsciiStrCpy(strDest,strSource)
author	qlong <qlong@6f19259b-4bc3-4df7-8a09-765794883524>	2010-12-31 07:22:48 +0000
committer	qlong <qlong@6f19259b-4bc3-4df7-8a09-765794883524>	2010-12-31 07:22:48 +0000
commit	4a567c9690db97ecbf982e9428727f073bada504 (patch)
tree	92682c435813f60c29afd83ad98d04ebc24903ac /CryptoPkg/Include
parent	2a6433fef2413df583db6399008c7e6716a8e243 (diff)
download	edk2-platforms-4a567c9690db97ecbf982e9428727f073bada504.tar.xz