Add CryptoPkg (from UDK2010.UP3)

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10987 6f19259b-4bc3-4df7-8a09-765794883524

2 files changed, 439 insertions, 0 deletions

diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/BaseCryptLibRuntimeCryptProtocol.inf b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/BaseCryptLibRuntimeCryptProtocol.inf
new file mode 100644
index 0000000000..0f1b0eb093
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/BaseCryptLibRuntimeCryptProtocol.inf
@@ -0,0 +1,49 @@
+## @file

+#  Cryptographic Library Instance based on Runtime Crypt Protocol.

+#  This instance will be only used by the Authenticated Variable driver for IPF.

+#

+#  Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>

+#  This program and the accompanying materials

+#  are licensed and made available under the terms and conditions of the BSD License

+#  which accompanies this distribution.  The full text of the license may be found at

+#  http://opensource.org/licenses/bsd-license.php

+#  

+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

+#  

+##

+

+[Defines]

+  INF_VERSION                    = 0x00010005

+  BASE_NAME                      = BaseCryptLibRuntimeCryptProtocol

+  FILE_GUID                      = BBB31581-855A-44D7-A550-8A585D9B2DE9

+  MODULE_TYPE                    = DXE_RUNTIME_DRIVER

+  VERSION_STRING                 = 1.0

+  LIBRARY_CLASS                  = BaseCryptLib|DXE_RUNTIME_DRIVER DXE_SAL_DRIVER

+  CONSTRUCTOR                    = RuntimeDxeIpfCryptLibConstructor

+  DESTRUCTOR                     = RuntimeDxeIpfCryptLibDestructor

+#

+# The following information is for reference only and not required by the build tools.

+#

+#  VALID_ARCHITECTURES           = IPF

+#

+

+[Sources]

+  RuntimeDxeIpfCryptLib.c

+

+[Packages]

+  MdePkg/MdePkg.dec

+  CryptoPkg/CryptoPkg.dec

+

+[LibraryClasses]

+  BaseLib

+  DebugLib

+

+[Guids]

+  gEfiEventVirtualAddressChangeGuid      ## CONSUMES ## Event

+

+[Protocols]

+  gEfiRuntimeCryptProtocolGuid           ## CONSUMES

+

+[Depex]

+  gEfiRuntimeCryptProtocolGuid

diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c
new file mode 100644
index 0000000000..7f893b91df
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c
@@ -0,0 +1,390 @@
+/** @file

+  Implementation of The runtime cryptographic library instance (for IPF).

+

+Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>

+This program and the accompanying materials

+are licensed and made available under the terms and conditions of the BSD License

+which accompanies this distribution.  The full text of the license may be found at

+http://opensource.org/licenses/bsd-license.php

+

+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

+

+**/

+

+#include <Uefi.h>

+

+#include <Library/BaseLib.h>

+#include <Library/DebugLib.h>

+#include <Library/UefiBootServicesTableLib.h>

+#include <Library/UefiRuntimeLib.h>

+

+#include <Protocol/RuntimeCrypt.h>

+

+#include <Guid/EventGroup.h>

+

+EFI_RUNTIME_CRYPT_PROTOCOL  *mCryptProtocol = NULL;

+EFI_EVENT                   mIpfCryptLibVirtualNotifyEvent;

+

+/**

+  Notification function of EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE, which converts

+  pointer to new virtual address.

+

+  @param  Event        Event whose notification function is being invoked.

+  @param  Context      Pointer to the notification function's context

+

+**/

+VOID

+EFIAPI

+IpfCryptLibAddressChangeEvent (

+  IN  EFI_EVENT        Event,

+  IN  VOID             *Context

+  )

+{

+  //

+  // Convert Address of Runtime Crypto Protocol.

+  //

+  EfiConvertPointer (0x0, (VOID **) &mCryptProtocol);

+}

+

+/**

+  Constructor of IPF Crypto Library Instance.

+  This function locates the Runtime Crypt Protocol and register notification

+  function for EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.

+

+  @param  ImageHandle   The firmware allocated handle for the EFI image.

+  @param  SystemTable   A pointer to the EFI System Table.

+

+  @retval EFI_SUCCESS   The constructor always returns EFI_SUCCESS.

+

+**/

+EFI_STATUS

+EFIAPI

+RuntimeDxeIpfCryptLibConstructor (

+  IN      EFI_HANDLE                ImageHandle,

+  IN      EFI_SYSTEM_TABLE          *SystemTable

+  )

+{

+  EFI_STATUS  Status;

+

+  //

+  // Locate Runtime Crypt Protocol Instance

+  //

+  Status = gBS->LocateProtocol (

+                  &gEfiRuntimeCryptProtocolGuid,

+                  NULL,

+                  (VOID**) &mCryptProtocol

+                  );

+  ASSERT_EFI_ERROR (Status);

+  ASSERT (mCryptProtocol != NULL);

+

+  //

+  // Register SetVirtualAddressMap () notify function

+  //

+  Status = gBS->CreateEventEx (

+                  EVT_NOTIFY_SIGNAL,

+                  TPL_NOTIFY,

+                  IpfCryptLibAddressChangeEvent,

+                  NULL,

+                  &gEfiEventVirtualAddressChangeGuid,

+                  &mIpfCryptLibVirtualNotifyEvent

+                  );

+  ASSERT_EFI_ERROR (Status);

+

+  return Status;

+}

+

+/**

+  Destructor of IPF Crypto Library Instance.

+

+  @param  ImageHandle   The firmware allocated handle for the EFI image.

+  @param  SystemTable   A pointer to the EFI System Table.

+

+  @retval EFI_SUCCESS   The destructor completed successfully.

+  @retval Other value   The destructor did not complete successfully.

+

+**/

+EFI_STATUS

+EFIAPI

+RuntimeDxeIpfCryptLibDestructor (

+  IN EFI_HANDLE        ImageHandle,

+  IN EFI_SYSTEM_TABLE  *SystemTable

+  )

+{

+  EFI_STATUS  Status;

+

+  //

+  // Close the Set Virtual Address Map event

+  //

+  Status = gBS->CloseEvent (mIpfCryptLibVirtualNotifyEvent);

+  ASSERT_EFI_ERROR (Status);

+

+  return Status;

+}

+

+/**

+  Check whether crypto service provided by Runtime Crypt protocol is ready to use.

+

+  Crypto service is available if the call is in physical mode prior to

+  SetVirtualAddressMap() or virtual mode after SetVirtualAddressMap(). If either

+  of these two conditions are met, this routine will return TRUE; if neither of

+  these conditions are met, this routine will return FALSE.

+

+  @retval TRUE   The Crypto service is ready to use.

+  @retval FALSE  The Crypto service is not available.

+

+**/

+BOOLEAN

+EFIAPI

+InternalIsCryptServiveAvailable (

+  VOID

+  )

+{

+  INT64    CpuMode;

+  BOOLEAN  GoneVirtual;

+

+  CpuMode = AsmCpuVirtual();

+  if (CpuMode < 0) {

+    //

+    // CPU is in mixed mode, return failing the operation gracefully.

+    //

+    return FALSE;

+  }

+

+  GoneVirtual = EfiGoneVirtual();

+

+  if ((CpuMode > 0) && !GoneVirtual) {

+    //

+    // CPU is in virtual mode, but SetVirtualAddressMap() has not been called,

+    // so return failing the operation gracefully.

+    //

+    return FALSE;

+  }

+

+  if ((CpuMode == 0) && GoneVirtual) {

+    //

+    // CPU is in physical mode, but SetVirtualAddressMap() has been called,

+    // so return failing the operation gracefully.

+    //

+    return FALSE;

+  }

+

+  return TRUE;

+}

+

+/**

+  Retrieves the size, in bytes, of the context buffer required for SHA-256 operations.

+

+  @return  The size, in bytes, of the context buffer required for SHA-256 operations.

+

+**/

+UINTN

+EFIAPI

+Sha256GetContextSize (

+  VOID

+  )

+{

+  if (!InternalIsCryptServiveAvailable ()) {

+    return 0;

+  }

+

+  return mCryptProtocol->Sha256GetContextSize ();

+}

+

+/**

+  Initializes user-supplied memory pointed by Sha256Context as SHA-256 hash context for

+  subsequent use.

+

+  If Sha256Context is NULL, then ASSERT().

+

+  @param[in, out]  Sha256Context  Pointer to SHA-256 Context being initialized.

+

+  @retval TRUE   SHA-256 context initialization succeeded.

+  @retval FALSE  SHA-256 context initialization failed.

+

+**/

+BOOLEAN

+EFIAPI

+Sha256Init (

+  IN OUT  VOID  *Sha256Context

+  )

+{

+  if (!InternalIsCryptServiveAvailable ()) {

+    return FALSE;

+  }

+

+  return mCryptProtocol->Sha256Init (Sha256Context);

+}

+

+

+/**

+  Performs SHA-256 digest on a data buffer of the specified length. This function can

+  be called multiple times to compute the digest of long or discontinuous data streams.

+

+  If Sha256Context is NULL, then ASSERT().

+

+  @param[in, out]  Sha256Context  Pointer to the SHA-256 context.

+  @param[in]       Data           Pointer to the buffer containing the data to be hashed.

+  @param[in]       DataLength     Length of Data buffer in bytes.

+

+  @retval TRUE   SHA-256 data digest succeeded.

+  @retval FALSE  Invalid SHA-256 context. After Sha256Final function has been called, the

+                 SHA-256 context cannot be reused.

+

+**/

+BOOLEAN

+EFIAPI

+Sha256Update (

+  IN OUT  VOID        *Sha256Context,

+  IN      CONST VOID  *Data,

+  IN      UINTN       DataLength

+  )

+{

+  if (!InternalIsCryptServiveAvailable ()) {

+    return FALSE;

+  }

+

+  return mCryptProtocol->Sha256Update (Sha256Context, Data, DataLength);

+}

+

+/**

+  Completes SHA-256 hash computation and retrieves the digest value into the specified

+  memory. After this function has been called, the SHA-256 context cannot be used again.

+

+  If Sha256Context is NULL, then ASSERT().

+  If HashValue is NULL, then ASSERT().

+

+  @param[in, out]  Sha256Context  Pointer to SHA-256 context

+  @param[out]      HashValue      Pointer to a buffer that receives the SHA-256 digest

+                                  value (32 bytes).

+

+  @retval TRUE   SHA-256 digest computation succeeded.

+  @retval FALSE  SHA-256 digest computation failed.

+

+**/

+BOOLEAN

+EFIAPI

+Sha256Final (

+  IN OUT  VOID   *Sha256Context,

+  OUT     UINT8  *HashValue

+  )

+{

+  if (!InternalIsCryptServiveAvailable ()) {

+    return FALSE;

+  }

+

+  return mCryptProtocol->Sha256Final (Sha256Context, HashValue);

+}

+

+/**

+  Allocates and Initializes one RSA Context for subsequent use.

+

+  @return  Pointer to the RSA Context that has been initialized.

+           If the allocations fails, RsaNew() returns NULL.

+

+**/

+VOID *

+EFIAPI

+RsaNew (

+  VOID

+  )

+{

+  if (!InternalIsCryptServiveAvailable ()) {

+    return FALSE;

+  }

+

+  return mCryptProtocol->RsaNew ();

+}

+

+/**

+  Release the specified RSA Context.

+

+  @param[in]  RsaContext  Pointer to the RSA context to be released.

+

+**/

+VOID

+EFIAPI

+RsaFree (

+  IN  VOID  *RsaContext

+  )

+{

+  if (!InternalIsCryptServiveAvailable ()) {

+    return;

+  }

+

+  mCryptProtocol->RsaFree (RsaContext);

+}

+

+/**

+  Sets the tag-designated RSA key component into the established RSA context from

+  the user-specified nonnegative integer (octet string format represented in RSA

+  PKCS#1).

+

+  If RsaContext is NULL, then ASSERT().

+

+  @param[in, out]  RsaContext  Pointer to RSA context being set.

+  @param[in]       KeyTag      Tag of RSA key component being set.

+  @param[in]       BigNumber   Pointer to octet integer buffer.

+  @param[in]       BnLength    Length of big number buffer in bytes.

+

+  @return  TRUE   RSA key component was set successfully.

+  @return  FALSE  Invalid RSA key component tag.

+

+**/

+BOOLEAN

+EFIAPI

+RsaSetKey (

+  IN OUT VOID         *RsaContext,

+  IN     RSA_KEY_TAG  KeyTag,

+  IN     CONST UINT8  *BigNumber,

+  IN     UINTN        BnLength

+  )

+{

+  if (!InternalIsCryptServiveAvailable ()) {

+    return FALSE;

+  }

+

+  return mCryptProtocol->RsaSetKey (RsaContext, KeyTag, BigNumber, BnLength);

+}

+

+/**

+  Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in

+  RSA PKCS#1.

+

+  If RsaContext is NULL, then ASSERT().

+  If MessageHash is NULL, then ASSERT().

+  If Signature is NULL, then ASSERT().

+  If HashLength is not equal to the size of MD5, SHA-1 or SHA-256 digest, then ASSERT().

+

+  @param[in]  RsaContext   Pointer to RSA context for signature verification.

+  @param[in]  MessageHash  Pointer to octet message hash to be checked.

+  @param[in]  HashLength   Length of the message hash in bytes.

+  @param[in]  Signature    Pointer to RSA PKCS1-v1_5 signature to be verified.

+  @param[in]  SigLength    Length of signature in bytes.

+

+  @return  TRUE   Valid signature encoded in PKCS1-v1_5.

+  @return  FALSE  Invalid signature or invalid RSA context.

+

+**/

+BOOLEAN

+EFIAPI

+RsaPkcs1Verify (

+  IN  VOID         *RsaContext,

+  IN  CONST UINT8  *MessageHash,

+  IN  UINTN        HashLength,

+  IN  UINT8        *Signature,

+  IN  UINTN        SigLength

+  )

+{

+  if (!InternalIsCryptServiveAvailable ()) {

+    return FALSE;

+  }

+

+  return mCryptProtocol->RsaPkcs1Verify (

+                           RsaContext,

+                           MessageHash,

+                           HashLength,

+                           Signature,

+                           SigLength

+                           );

+}