diff options
| author | tye1 <tye1@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-07-18 09:32:05 +0000 |
|---|---|---|
| committer | tye1 <tye1@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-07-18 09:32:05 +0000 |
| commit | 532616bbd62bea0fe4873f2e7a57de7be9ba3976 (patch) | |
| tree | 444472397c2dd4686a71d26e8202e4462e7948fd /CryptoPkg/Library | |
| parent | c31b316c009096acfaaa60c60813f641c63d2b97 (diff) | |
| download | edk2-platforms-532616bbd62bea0fe4873f2e7a57de7be9ba3976.tar.xz | |
Add interfaces to several library instances of BaseCryptLib.
Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13539 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'CryptoPkg/Library')
41 files changed, 5186 insertions, 44 deletions
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf index 3b4e696328..5bb7829278 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -21,9 +21,9 @@ INF_VERSION = 0x00010005
BASE_NAME = BaseCryptLib
FILE_GUID = be3bb803-91b6-4da0-bd91-a8b21c18ca5d
- MODULE_TYPE = BASE
+ MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
- LIBRARY_CLASS = BaseCryptLib
+ LIBRARY_CLASS = BaseCryptLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER
#
# The following information is for reference only and not required by the build tools.
@@ -42,8 +42,10 @@ Cipher/CryptAes.c
Cipher/CryptTdes.c
Cipher/CryptArc4.c
- Pk/CryptRsa.c
- Pk/CryptPkcs7.c
+ Pk/CryptRsaBasic.c
+ Pk/CryptRsaExt.c
+ Pk/CryptPkcs7Sign.c
+ Pk/CryptPkcs7Verify.c
Pk/CryptDh.c
Pk/CryptX509.c
Pk/CryptAuthenticode.c
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c new file mode 100644 index 0000000000..074b07247b --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c @@ -0,0 +1,165 @@ +/** @file
+ AES Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for AES operations.
+
+ Return zero to indicate this interface is not supported.
+
+ @retval 0 This interface is not supported.
+
+**/
+UINTN
+EFIAPI
+AesGetContextSize (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+/**
+ Initializes user-supplied memory as AES context for subsequent use.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[out] AesContext Pointer to AES context being initialized.
+ @param[in] Key Pointer to the user-supplied AES key.
+ @param[in] KeyLength Length of AES key in bits.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+AesInit (
+ OUT VOID *AesContext,
+ IN CONST UINT8 *Key,
+ IN UINTN KeyLength
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs AES encryption on a data buffer of the specified size in ECB mode.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] AesContext Pointer to the AES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the AES encryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+AesEcbEncrypt (
+ IN VOID *AesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs AES decryption on a data buffer of the specified size in ECB mode.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] AesContext Pointer to the AES context.
+ @param[in] Input Pointer to the buffer containing the data to be decrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the AES decryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+AesEcbDecrypt (
+ IN VOID *AesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs AES encryption on a data buffer of the specified size in CBC mode.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] AesContext Pointer to the AES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[in] Ivec Pointer to initialization vector.
+ @param[out] Output Pointer to a buffer that receives the AES encryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+AesCbcEncrypt (
+ IN VOID *AesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ IN CONST UINT8 *Ivec,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs AES decryption on a data buffer of the specified size in CBC mode.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] AesContext Pointer to the AES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[in] Ivec Pointer to initialization vector.
+ @param[out] Output Pointer to a buffer that receives the AES encryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+AesCbcDecrypt (
+ IN VOID *AesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ IN CONST UINT8 *Ivec,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c new file mode 100644 index 0000000000..1275e20f89 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c @@ -0,0 +1,130 @@ +/** @file
+ ARC4 Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
+
+ Return zero to indicate this interface is not supported.
+
+ @retval 0 This interface is not supported.
+
+
+**/
+UINTN
+EFIAPI
+Arc4GetContextSize (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+/**
+ Initializes user-supplied memory as ARC4 context for subsequent use.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[out] Arc4Context Pointer to ARC4 context being initialized.
+ @param[in] Key Pointer to the user-supplied ARC4 key.
+ @param[in] KeySize Size of ARC4 key in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Arc4Init (
+ OUT VOID *Arc4Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs ARC4 encryption on a data buffer of the specified size.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] Arc4Context Pointer to the ARC4 context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Arc4Encrypt (
+ IN OUT VOID *Arc4Context,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs ARC4 decryption on a data buffer of the specified size.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] Arc4Context Pointer to the ARC4 context.
+ @param[in] Input Pointer to the buffer containing the data to be decrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Arc4Decrypt (
+ IN OUT VOID *Arc4Context,
+ IN UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Resets the ARC4 context to the initial state.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] Arc4Context Pointer to the ARC4 context.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Arc4Reset (
+ IN OUT VOID *Arc4Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c new file mode 100644 index 0000000000..cec33b6275 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c @@ -0,0 +1,166 @@ +/** @file
+ TDES Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for TDES operations.
+
+ Return zero to indicate this interface is not supported.
+
+ @retval 0 This interface is not supported.
+
+**/
+UINTN
+EFIAPI
+TdesGetContextSize (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+/**
+ Initializes user-supplied memory as TDES context for subsequent use.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[out] TdesContext Pointer to TDES context being initialized.
+ @param[in] Key Pointer to the user-supplied TDES key.
+ @param[in] KeyLength Length of TDES key in bits.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+TdesInit (
+ OUT VOID *TdesContext,
+ IN CONST UINT8 *Key,
+ IN UINTN KeyLength
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs TDES encryption on a data buffer of the specified size in ECB mode.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] TdesContext Pointer to the TDES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the TDES encryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+TdesEcbEncrypt (
+ IN VOID *TdesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs TDES decryption on a data buffer of the specified size in ECB mode.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] TdesContext Pointer to the TDES context.
+ @param[in] Input Pointer to the buffer containing the data to be decrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the TDES decryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+TdesEcbDecrypt (
+ IN VOID *TdesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs TDES encryption on a data buffer of the specified size in CBC mode.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] TdesContext Pointer to the TDES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[in] Ivec Pointer to initialization vector.
+ @param[out] Output Pointer to a buffer that receives the TDES encryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+TdesCbcEncrypt (
+ IN VOID *TdesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ IN CONST UINT8 *Ivec,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs TDES decryption on a data buffer of the specified size in CBC mode.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] TdesContext Pointer to the TDES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[in] Ivec Pointer to initialization vector.
+ @param[out] Output Pointer to a buffer that receives the TDES encryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+TdesCbcDecrypt (
+ IN VOID *TdesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ IN CONST UINT8 *Ivec,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c new file mode 100644 index 0000000000..fc634fd163 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c @@ -0,0 +1,124 @@ +/** @file
+ MD4 Digest Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for MD4 hash
+ operations.
+
+ Return zero to indicate this interface is not supported.
+
+ @retval 0 This interface is not supported.
+
+**/
+UINTN
+EFIAPI
+Md4GetContextSize (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+/**
+ Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
+ subsequent use.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[out] Md4Context Pointer to MD4 context being initialized.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Md4Init (
+ OUT VOID *Md4Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Makes a copy of an existing MD4 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] Md4Context Pointer to MD4 context being copied.
+ @param[out] NewMd4Context Pointer to new MD4 context.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Md4Duplicate (
+ IN CONST VOID *Md4Context,
+ OUT VOID *NewMd4Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Digests the input data and updates MD4 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] Md4Context Pointer to the MD4 context.
+ @param[in] Data Pointer to the buffer containing the data to be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Md4Update (
+ IN OUT VOID *Md4Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Completes computation of the MD4 digest value.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] Md4Context Pointer to the MD4 context.
+ @param[out] HashValue Pointer to a buffer that receives the MD4 digest
+ value (16 bytes).
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Md4Final (
+ IN OUT VOID *Md4Context,
+ OUT UINT8 *HashValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c new file mode 100644 index 0000000000..b4bdde0433 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c @@ -0,0 +1,127 @@ +/** @file
+ HMAC-MD5 Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations.
+
+ Return zero to indicate this interface is not supported.
+
+ @retval 0 This interface is not supported.
+
+**/
+UINTN
+EFIAPI
+HmacMd5GetContextSize (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+/**
+ Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for
+ subsequent use.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[out] HmacMd5Context Pointer to HMAC-MD5 context being initialized.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacMd5Init (
+ OUT VOID *HmacMd5Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Makes a copy of an existing HMAC-MD5 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
+ @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacMd5Duplicate (
+ IN CONST VOID *HmacMd5Context,
+ OUT VOID *NewHmacMd5Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Digests the input data and updates HMAC-MD5 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacMd5Update (
+ IN OUT VOID *HmacMd5Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Completes computation of the HMAC-MD5 digest value.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
+ value (16 bytes).
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacMd5Final (
+ IN OUT VOID *HmacMd5Context,
+ OUT UINT8 *HmacValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c new file mode 100644 index 0000000000..b31d0d1402 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c @@ -0,0 +1,127 @@ +/** @file
+ HMAC-SHA1 Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations.
+
+ Return zero to indicate this interface is not supported.
+
+ @retval 0 This interface is not supported.
+
+**/
+UINTN
+EFIAPI
+HmacSha1GetContextSize (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+/**
+ Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for
+ subsequent use.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[out] HmacSha1Context Pointer to HMAC-SHA1 context being initialized.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha1Init (
+ OUT VOID *HmacSha1Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Makes a copy of an existing HMAC-SHA1 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied.
+ @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha1Duplicate (
+ IN CONST VOID *HmacSha1Context,
+ OUT VOID *NewHmacSha1Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Digests the input data and updates HMAC-SHA1 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha1Update (
+ IN OUT VOID *HmacSha1Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Completes computation of the HMAC-SHA1 digest value.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest
+ value (20 bytes).
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha1Final (
+ IN OUT VOID *HmacSha1Context,
+ OUT UINT8 *HmacValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf index e60c17ece0..fae54e650e 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -6,6 +6,12 @@ # This external input must be validated carefully to avoid security issue like
# buffer overflow, integer overflow.
#
+# Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/
+# TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
+# Diffie-Hellman functions, X.509 certificate handler functions, authenticode
+# signature verification functions, PEM handler functions, pseudorandom number
+# generator functions are not supported in this instance.
+#
# Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -23,7 +29,7 @@ FILE_GUID = 9a2a4375-194c-4e97-9f67-547ec98d96ca
MODULE_TYPE = PEIM
VERSION_STRING = 1.0
- LIBRARY_CLASS = BaseCryptLib|PEIM PEI_CORE SEC
+ LIBRARY_CLASS = BaseCryptLib|PEIM PEI_CORE
#
# The following information is for reference only and not required by the build tools.
@@ -32,14 +38,32 @@ #
[Sources]
+ Hash/CryptMd4Null.c
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c
- Pk/CryptRsa.c
+ Hmac/CryptHmacMd5Null.c
+ Hmac/CryptHmacSha1Null.c
+ Cipher/CryptAesNull.c
+ Cipher/CryptTdesNull.c
+ Cipher/CryptArc4Null.c
+
+ Pk/CryptRsaBasic.c
+ Pk/CryptRsaExtNull.c
+ Pk/CryptPkcs7SignNull.c
+ Pk/CryptPkcs7Verify.c
+
+ Pk/CryptDhNull.c
+ Pk/CryptX509Null.c
+ Pk/CryptAuthenticodeNull.c
+ Pem/CryptPemNull.c
+
+ Rand/CryptRandNull.c
SysCall/CrtWrapper.c
SysCall/BaseMemAllocation.c
+
[Sources.Ia32]
SysCall/Ia32/MathMultS64x64.c | MSFT
SysCall/Ia32/MathDivU64x64.c | MSFT
diff --git a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPemNull.c b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPemNull.c new file mode 100644 index 0000000000..8c9e4f0bb5 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPemNull.c @@ -0,0 +1,44 @@ +/** @file
+ PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation which does
+ not provide real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Retrieve the RSA Private Key from the password-protected PEM key data.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] PemData Pointer to the PEM-encoded key data to be retrieved.
+ @param[in] PemSize Size of the PEM key data in bytes.
+ @param[in] Password NULL-terminated passphrase used for encrypted PEM key data.
+ @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved
+ RSA private key component. Use RsaFree() function to free the
+ resource.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+RsaGetPrivateKeyFromPem (
+ IN CONST UINT8 *PemData,
+ IN UINTN PemSize,
+ IN CONST CHAR8 *Password,
+ OUT VOID **RsaContext
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticodeNull.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticodeNull.c new file mode 100644 index 0000000000..5554486503 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticodeNull.c @@ -0,0 +1,51 @@ +/** @file
+ Authenticode Portable Executable Signature Verification which does not provide
+ real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Verifies the validility of a PE/COFF Authenticode Signature as described in "Windows
+ Authenticode Portable Executable Signature Format".
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed
+ PE/COFF image to be verified.
+ @param[in] DataSize Size of the Authenticode Signature in bytes.
+ @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
+ is used for certificate chain verification.
+ @param[in] CertSize Size of the trusted certificate in bytes.
+ @param[in] ImageHash Pointer to the original image file hash value. The procudure
+ for calculating the image hash value is described in Authenticode
+ specification.
+ @param[in] HashSize Size of Image hash value in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+AuthenticodeVerify (
+ IN CONST UINT8 *AuthData,
+ IN UINTN DataSize,
+ IN CONST UINT8 *TrustedCert,
+ IN UINTN CertSize,
+ IN CONST UINT8 *ImageHash,
+ IN UINTN HashSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptDhNull.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptDhNull.c new file mode 100644 index 0000000000..35045db3c8 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptDhNull.c @@ -0,0 +1,156 @@ +/** @file
+ Diffie-Hellman Wrapper Implementation which does not provide
+ real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Allocates and Initializes one Diffie-Hellman Context for subsequent use.
+
+ @return Pointer to the Diffie-Hellman Context that has been initialized.
+ If the interface is not supported, DhNew() returns NULL.
+
+**/
+VOID *
+EFIAPI
+DhNew (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+/**
+ Release the specified DH context.
+
+ If the interface is not supported, then ASSERT().
+
+ @param[in] DhContext Pointer to the DH context to be released.
+
+**/
+VOID
+EFIAPI
+DhFree (
+ IN VOID *DhContext
+ )
+{
+ ASSERT (FALSE);
+}
+
+/**
+ Generates DH parameter.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] DhContext Pointer to the DH context.
+ @param[in] Generator Value of generator.
+ @param[in] PrimeLength Length in bits of prime to be generated.
+ @param[out] Prime Pointer to the buffer to receive the generated prime number.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+DhGenerateParameter (
+ IN OUT VOID *DhContext,
+ IN UINTN Generator,
+ IN UINTN PrimeLength,
+ OUT UINT8 *Prime
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Sets generator and prime parameters for DH.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] DhContext Pointer to the DH context.
+ @param[in] Generator Value of generator.
+ @param[in] PrimeLength Length in bits of prime to be generated.
+ @param[in] Prime Pointer to the prime number.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+DhSetParameter (
+ IN OUT VOID *DhContext,
+ IN UINTN Generator,
+ IN UINTN PrimeLength,
+ IN CONST UINT8 *Prime
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Generates DH public key.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] DhContext Pointer to the DH context.
+ @param[out] PublicKey Pointer to the buffer to receive generated public key.
+ @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes.
+ On output, the size of data returned in PublicKey buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+DhGenerateKey (
+ IN OUT VOID *DhContext,
+ OUT UINT8 *PublicKey,
+ IN OUT UINTN *PublicKeySize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Computes exchanged common key.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] DhContext Pointer to the DH context.
+ @param[in] PeerPublicKey Pointer to the peer's public key.
+ @param[in] PeerPublicKeySize Size of peer's public key in bytes.
+ @param[out] Key Pointer to the buffer to receive generated key.
+ @param[in, out] KeySize On input, the size of Key buffer in bytes.
+ On output, the size of data returned in Key buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+DhComputeKey (
+ IN OUT VOID *DhContext,
+ IN CONST UINT8 *PeerPublicKey,
+ IN UINTN PeerPublicKeySize,
+ OUT UINT8 *Key,
+ IN OUT UINTN *KeySize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c new file mode 100644 index 0000000000..b275ab851e --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c @@ -0,0 +1,197 @@ +/** @file
+ PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL.
+
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+
+
+/**
+ Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
+ Syntax Standard, version 1.5". This interface is only intended to be used for
+ application to perform PKCS#7 functionality validation.
+
+ @param[in] PrivateKey Pointer to the PEM-formatted private key data for
+ data signing.
+ @param[in] PrivateKeySize Size of the PEM private key data in bytes.
+ @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM
+ key data.
+ @param[in] InData Pointer to the content to be signed.
+ @param[in] InDataSize Size of InData in bytes.
+ @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with.
+ @param[in] OtherCerts Pointer to an optional additional set of certificates to
+ include in the PKCS#7 signedData (e.g. any intermediate
+ CAs in the chain).
+ @param[out] SignedData Pointer to output PKCS#7 signedData.
+ @param[out] SignedDataSize Size of SignedData in bytes.
+
+ @retval TRUE PKCS#7 data signing succeeded.
+ @retval FALSE PKCS#7 data signing failed.
+
+**/
+BOOLEAN
+EFIAPI
+Pkcs7Sign (
+ IN CONST UINT8 *PrivateKey,
+ IN UINTN PrivateKeySize,
+ IN CONST UINT8 *KeyPassword,
+ IN UINT8 *InData,
+ IN UINTN InDataSize,
+ IN UINT8 *SignCert,
+ IN UINT8 *OtherCerts OPTIONAL,
+ OUT UINT8 **SignedData,
+ OUT UINTN *SignedDataSize
+ )
+{
+ BOOLEAN Status;
+ EVP_PKEY *Key;
+ BIO *DataBio;
+ PKCS7 *Pkcs7;
+ UINT8 *RsaContext;
+ UINT8 *P7Data;
+ UINTN P7DataSize;
+ UINT8 *Tmp;
+
+ //
+ // Check input parameters.
+ //
+ if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL ||
+ SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) {
+ return FALSE;
+ }
+
+ RsaContext = NULL;
+ Key = NULL;
+ Pkcs7 = NULL;
+ DataBio = NULL;
+ Status = FALSE;
+
+ //
+ // Retrieve RSA private key from PEM data.
+ //
+ Status = RsaGetPrivateKeyFromPem (
+ PrivateKey,
+ PrivateKeySize,
+ (CONST CHAR8 *) KeyPassword,
+ (VOID **) &RsaContext
+ );
+ if (!Status) {
+ return Status;
+ }
+
+ //
+ // Register & Initialize necessary digest algorithms and PRNG for PKCS#7 Handling
+ //
+ EVP_add_digest (EVP_md5());
+ EVP_add_digest (EVP_sha1());
+ EVP_add_digest (EVP_sha256());
+ RandomSeed (NULL, 0);
+
+ //
+ // Construct OpenSSL EVP_PKEY for private key.
+ //
+ Key = EVP_PKEY_new ();
+ if (Key == NULL) {
+ Status = FALSE;
+ goto _Exit;
+ }
+ Key->save_type = EVP_PKEY_RSA;
+ Key->type = EVP_PKEY_type (EVP_PKEY_RSA);
+ Key->pkey.rsa = (RSA *) RsaContext;
+
+ //
+ // Convert the data to be signed to BIO format.
+ //
+ DataBio = BIO_new (BIO_s_mem ());
+ BIO_write (DataBio, InData, (int) InDataSize);
+
+ //
+ // Create the PKCS#7 signedData structure.
+ //
+ Pkcs7 = PKCS7_sign (
+ (X509 *) SignCert,
+ Key,
+ (STACK_OF(X509) *) OtherCerts,
+ DataBio,
+ PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED
+ );
+ if (Pkcs7 == NULL) {
+ Status = FALSE;
+ goto _Exit;
+ }
+
+ //
+ // Convert PKCS#7 signedData structure into DER-encoded buffer.
+ //
+ P7DataSize = i2d_PKCS7 (Pkcs7, NULL);
+ if (P7DataSize <= 19) {
+ Status = FALSE;
+ goto _Exit;
+ }
+
+ P7Data = malloc (P7DataSize);
+ if (P7Data == NULL) {
+ Status = FALSE;
+ goto _Exit;
+ }
+
+ Tmp = P7Data;
+ P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp);
+
+ //
+ // Strip ContentInfo to content only for signeddata. The data be trimmed off
+ // is totally 19 bytes.
+ //
+ *SignedDataSize = P7DataSize - 19;
+ *SignedData = malloc (*SignedDataSize);
+ if (*SignedData == NULL) {
+ Status = FALSE;
+ OPENSSL_free (P7Data);
+ goto _Exit;
+ }
+
+ CopyMem (*SignedData, P7Data + 19, *SignedDataSize);
+
+ OPENSSL_free (P7Data);
+
+ Status = TRUE;
+
+_Exit:
+ //
+ // Release Resources
+ //
+ if (RsaContext != NULL) {
+ RsaFree (RsaContext);
+ if (Key != NULL) {
+ Key->pkey.rsa = NULL;
+ }
+ }
+
+ if (Key != NULL) {
+ EVP_PKEY_free (Key);
+ }
+
+ if (DataBio != NULL) {
+ BIO_free (DataBio);
+ }
+
+ if (Pkcs7 != NULL) {
+ PKCS7_free (Pkcs7);
+ }
+
+ return Status;
+}
+
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7SignNull.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7SignNull.c new file mode 100644 index 0000000000..539bb6b7d5 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7SignNull.c @@ -0,0 +1,59 @@ +/** @file
+ PKCS#7 SignedData Sign Wrapper Implementation which does not provide real
+ capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
+ Syntax Standard, version 1.5". This interface is only intended to be used for
+ application to perform PKCS#7 functionality validation.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] PrivateKey Pointer to the PEM-formatted private key data for
+ data signing.
+ @param[in] PrivateKeySize Size of the PEM private key data in bytes.
+ @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM
+ key data.
+ @param[in] InData Pointer to the content to be signed.
+ @param[in] InDataSize Size of InData in bytes.
+ @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with.
+ @param[in] OtherCerts Pointer to an optional additional set of certificates to
+ include in the PKCS#7 signedData (e.g. any intermediate
+ CAs in the chain).
+ @param[out] SignedData Pointer to output PKCS#7 signedData.
+ @param[out] SignedDataSize Size of SignedData in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Pkcs7Sign (
+ IN CONST UINT8 *PrivateKey,
+ IN UINTN PrivateKeySize,
+ IN CONST UINT8 *KeyPassword,
+ IN UINT8 *InData,
+ IN UINTN InDataSize,
+ IN UINT8 *SignCert,
+ IN UINT8 *OtherCerts OPTIONAL,
+ OUT UINT8 **SignedData,
+ OUT UINTN *SignedDataSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c new file mode 100644 index 0000000000..24f4c031d5 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c @@ -0,0 +1,577 @@ +/** @file
+ PKCS#7 SignedData Verification Wrapper Implementation over OpenSSL.
+
+ Caution: This module requires additional review when modified.
+ This library will have external input - signature (e.g. UEFI Authenticated
+ Variable). It may by input in SMM mode.
+ This external input must be validated carefully to avoid security issue like
+ buffer overflow, integer overflow.
+
+ WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated
+ Variable and will do basic check for data structure.
+
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+
+UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 };
+
+/**
+ Verification callback function to override any existing callbacks in OpenSSL
+ for intermediate certificate supports.
+
+ @param[in] Status Original status before calling this callback.
+ @param[in] Context X509 store context.
+
+ @retval 1 Current X509 certificate is verified successfully.
+ @retval 0 Verification failed.
+
+**/
+int
+X509VerifyCb (
+ IN int Status,
+ IN X509_STORE_CTX *Context
+ )
+{
+ X509_OBJECT *Obj;
+ INTN Error;
+ INTN Index;
+ INTN Count;
+
+ Obj = NULL;
+ Error = (INTN) X509_STORE_CTX_get_error (Context);
+
+ //
+ // X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT and X509_V_ERR_UNABLE_TO_GET_ISSUER_
+ // CERT_LOCALLY mean a X509 certificate is not self signed and its issuer
+ // can not be found in X509_verify_cert of X509_vfy.c.
+ // In order to support intermediate certificate node, we override the
+ // errors if the certification is obtained from X509 store, i.e. it is
+ // a trusted ceritifcate node that is enrolled by user.
+ // Besides,X509_V_ERR_CERT_UNTRUSTED and X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
+ // are also ignored to enable such feature.
+ //
+ if ((Error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT) ||
+ (Error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)) {
+ Obj = (X509_OBJECT *) malloc (sizeof (X509_OBJECT));
+ if (Obj == NULL) {
+ return 0;
+ }
+
+ Obj->type = X509_LU_X509;
+ Obj->data.x509 = Context->current_cert;
+
+ CRYPTO_w_lock (CRYPTO_LOCK_X509_STORE);
+
+ if (X509_OBJECT_retrieve_match (Context->ctx->objs, Obj)) {
+ Status = 1;
+ } else {
+ //
+ // If any certificate in the chain is enrolled as trusted certificate,
+ // pass the certificate verification.
+ //
+ if (Error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) {
+ Count = (INTN) sk_X509_num (Context->chain);
+ for (Index = 0; Index < Count; Index++) {
+ Obj->data.x509 = sk_X509_value (Context->chain, (int) Index);
+ if (X509_OBJECT_retrieve_match (Context->ctx->objs, Obj)) {
+ Status = 1;
+ break;
+ }
+ }
+ }
+ }
+
+ CRYPTO_w_unlock (CRYPTO_LOCK_X509_STORE);
+ }
+
+ if ((Error == X509_V_ERR_CERT_UNTRUSTED) ||
+ (Error == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)) {
+ Status = 1;
+ }
+
+ if (Obj != NULL) {
+ OPENSSL_free (Obj);
+ }
+
+ return Status;
+}
+
+/**
+ Check input P7Data is a wrapped ContentInfo structure or not. If not construct
+ a new structure to wrap P7Data.
+
+ Caution: This function may receive untrusted input.
+ UEFI Authenticated Variable is external input, so this function will do basic
+ check for PKCS#7 data structure.
+
+ @param[in] P7Data Pointer to the PKCS#7 message to verify.
+ @param[in] P7Length Length of the PKCS#7 message in bytes.
+ @param[out] WrapFlag If TRUE P7Data is a ContentInfo structure, otherwise
+ return FALSE.
+ @param[out] WrapData If return status of this function is TRUE:
+ 1) when WrapFlag is TRUE, pointer to P7Data.
+ 2) when WrapFlag is FALSE, pointer to a new ContentInfo
+ structure. It's caller's responsibility to free this
+ buffer.
+ @param[out] WrapDataSize Length of ContentInfo structure in bytes.
+
+ @retval TRUE The operation is finished successfully.
+ @retval FALSE The operation is failed due to lack of resources.
+
+**/
+BOOLEAN
+WrapPkcs7Data (
+ IN CONST UINT8 *P7Data,
+ IN UINTN P7Length,
+ OUT BOOLEAN *WrapFlag,
+ OUT UINT8 **WrapData,
+ OUT UINTN *WrapDataSize
+ )
+{
+ BOOLEAN Wrapped;
+ UINT8 *SignedData;
+
+ //
+ // Check whether input P7Data is a wrapped ContentInfo structure or not.
+ //
+ Wrapped = FALSE;
+ if ((P7Data[4] == 0x06) && (P7Data[5] == 0x09)) {
+ if (CompareMem (P7Data + 6, mOidValue, sizeof (mOidValue)) == 0) {
+ if ((P7Data[15] == 0xA0) && (P7Data[16] == 0x82)) {
+ Wrapped = TRUE;
+ }
+ }
+ }
+
+ if (Wrapped) {
+ *WrapData = (UINT8 *) P7Data;
+ *WrapDataSize = P7Length;
+ } else {
+ //
+ // Wrap PKCS#7 signeddata to a ContentInfo structure - add a header in 19 bytes.
+ //
+ *WrapDataSize = P7Length + 19;
+ *WrapData = malloc (*WrapDataSize);
+ if (*WrapData == NULL) {
+ *WrapFlag = Wrapped;
+ return FALSE;
+ }
+
+ SignedData = *WrapData;
+
+ //
+ // Part1: 0x30, 0x82.
+ //
+ SignedData[0] = 0x30;
+ SignedData[1] = 0x82;
+
+ //
+ // Part2: Length1 = P7Length + 19 - 4, in big endian.
+ //
+ SignedData[2] = (UINT8) (((UINT16) (*WrapDataSize - 4)) >> 8);
+ SignedData[3] = (UINT8) (((UINT16) (*WrapDataSize - 4)) & 0xff);
+
+ //
+ // Part3: 0x06, 0x09.
+ //
+ SignedData[4] = 0x06;
+ SignedData[5] = 0x09;
+
+ //
+ // Part4: OID value -- 0x2A 0x86 0x48 0x86 0xF7 0x0D 0x01 0x07 0x02.
+ //
+ CopyMem (SignedData + 6, mOidValue, sizeof (mOidValue));
+
+ //
+ // Part5: 0xA0, 0x82.
+ //
+ SignedData[15] = 0xA0;
+ SignedData[16] = 0x82;
+
+ //
+ // Part6: Length2 = P7Length, in big endian.
+ //
+ SignedData[17] = (UINT8) (((UINT16) P7Length) >> 8);
+ SignedData[18] = (UINT8) (((UINT16) P7Length) & 0xff);
+
+ //
+ // Part7: P7Data.
+ //
+ CopyMem (SignedData + 19, P7Data, P7Length);
+ }
+
+ *WrapFlag = Wrapped;
+ return TRUE;
+}
+
+/**
+ Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:
+ Cryptographic Message Syntax Standard". The input signed data could be wrapped
+ in a ContentInfo structure.
+
+ If P7Data, CertStack, StackLength, TrustedCert or CertLength is NULL, then
+ return FALSE. If P7Length overflow, then return FAlSE.
+
+ Caution: This function may receive untrusted input.
+ UEFI Authenticated Variable is external input, so this function will do basic
+ check for PKCS#7 data structure.
+
+ @param[in] P7Data Pointer to the PKCS#7 message to verify.
+ @param[in] P7Length Length of the PKCS#7 message in bytes.
+ @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.
+ It's caller's responsiblity to free the buffer.
+ @param[out] StackLength Length of signer's certificates in bytes.
+ @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.
+ It's caller's responsiblity to free the buffer.
+ @param[out] CertLength Length of the trusted certificate in bytes.
+
+ @retval TRUE The operation is finished successfully.
+ @retval FALSE Error occurs during the operation.
+
+**/
+BOOLEAN
+EFIAPI
+Pkcs7GetSigners (
+ IN CONST UINT8 *P7Data,
+ IN UINTN P7Length,
+ OUT UINT8 **CertStack,
+ OUT UINTN *StackLength,
+ OUT UINT8 **TrustedCert,
+ OUT UINTN *CertLength
+ )
+{
+ PKCS7 *Pkcs7;
+ BOOLEAN Status;
+ UINT8 *SignedData;
+ UINT8 *Temp;
+ UINTN SignedDataSize;
+ BOOLEAN Wrapped;
+ STACK_OF(X509) *Stack;
+ UINT8 Index;
+ UINT8 *CertBuf;
+ UINT8 *OldBuf;
+ UINTN BufferSize;
+ UINTN OldSize;
+ UINT8 *SingleCert;
+ UINTN SingleCertSize;
+
+ if ((P7Data == NULL) || (CertStack == NULL) || (StackLength == NULL) ||
+ (TrustedCert == NULL) || (CertLength == NULL) || (P7Length > INT_MAX)) {
+ return FALSE;
+ }
+
+ Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize);
+ if (!Status) {
+ return Status;
+ }
+
+ Status = FALSE;
+ Pkcs7 = NULL;
+ Stack = NULL;
+ CertBuf = NULL;
+ OldBuf = NULL;
+ SingleCert = NULL;
+
+ //
+ // Retrieve PKCS#7 Data (DER encoding)
+ //
+ if (SignedDataSize > INT_MAX) {
+ goto _Exit;
+ }
+
+ Temp = SignedData;
+ Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &Temp, (int) SignedDataSize);
+ if (Pkcs7 == NULL) {
+ goto _Exit;
+ }
+
+ //
+ // Check if it's PKCS#7 Signed Data (for Authenticode Scenario)
+ //
+ if (!PKCS7_type_is_signed (Pkcs7)) {
+ goto _Exit;
+ }
+
+ Stack = PKCS7_get0_signers(Pkcs7, NULL, PKCS7_BINARY);
+ if (Stack == NULL) {
+ goto _Exit;
+ }
+
+ //
+ // Convert CertStack to buffer in following format:
+ // UINT8 CertNumber;
+ // UINT32 Cert1Length;
+ // UINT8 Cert1[];
+ // UINT32 Cert2Length;
+ // UINT8 Cert2[];
+ // ...
+ // UINT32 CertnLength;
+ // UINT8 Certn[];
+ //
+ BufferSize = sizeof (UINT8);
+ OldSize = BufferSize;
+
+ for (Index = 0; ; Index++) {
+ Status = X509PopCertificate (Stack, &SingleCert, &SingleCertSize);
+ if (!Status) {
+ break;
+ }
+
+ OldSize = BufferSize;
+ OldBuf = CertBuf;
+ BufferSize = OldSize + SingleCertSize + sizeof (UINT32);
+ CertBuf = malloc (BufferSize);
+
+ if (CertBuf == NULL) {
+ goto _Exit;
+ }
+
+ if (OldBuf != NULL) {
+ CopyMem (CertBuf, OldBuf, OldSize);
+ free (OldBuf);
+ OldBuf = NULL;
+ }
+
+ WriteUnaligned32 ((UINT32 *) (CertBuf + OldSize), (UINT32) SingleCertSize);
+ CopyMem (CertBuf + OldSize + sizeof (UINT32), SingleCert, SingleCertSize);
+
+ free (SingleCert);
+ SingleCert = NULL;
+ }
+
+ if (CertBuf != NULL) {
+ //
+ // Update CertNumber.
+ //
+ CertBuf[0] = Index;
+
+ *CertLength = BufferSize - OldSize - sizeof (UINT32);
+ *TrustedCert = malloc (*CertLength);
+ if (*TrustedCert == NULL) {
+ goto _Exit;
+ }
+
+ CopyMem (*TrustedCert, CertBuf + OldSize + sizeof (UINT32), *CertLength);
+ *CertStack = CertBuf;
+ *StackLength = BufferSize;
+ Status = TRUE;
+ }
+
+_Exit:
+ //
+ // Release Resources
+ //
+ if (!Wrapped) {
+ free (SignedData);
+ }
+
+ if (Pkcs7 != NULL) {
+ PKCS7_free (Pkcs7);
+ }
+
+ if (Stack != NULL) {
+ sk_X509_pop_free(Stack, X509_free);
+ }
+
+ if (SingleCert != NULL) {
+ free (SingleCert);
+ }
+
+ if (!Status && (CertBuf != NULL)) {
+ free (CertBuf);
+ *CertStack = NULL;
+ }
+
+ if (OldBuf != NULL) {
+ free (OldBuf);
+ }
+
+ return Status;
+}
+
+/**
+ Wrap function to use free() to free allocated memory for certificates.
+
+ @param[in] Certs Pointer to the certificates to be freed.
+
+**/
+VOID
+EFIAPI
+Pkcs7FreeSigners (
+ IN UINT8 *Certs
+ )
+{
+ if (Certs == NULL) {
+ return;
+ }
+
+ free (Certs);
+}
+
+/**
+ Verifies the validility of a PKCS#7 signed data as described in "PKCS #7:
+ Cryptographic Message Syntax Standard". The input signed data could be wrapped
+ in a ContentInfo structure.
+
+ If P7Data, TrustedCert or InData is NULL, then return FALSE.
+ If P7Length, CertLength or DataLength overflow, then return FAlSE.
+
+ Caution: This function may receive untrusted input.
+ UEFI Authenticated Variable is external input, so this function will do basic
+ check for PKCS#7 data structure.
+
+ @param[in] P7Data Pointer to the PKCS#7 message to verify.
+ @param[in] P7Length Length of the PKCS#7 message in bytes.
+ @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
+ is used for certificate chain verification.
+ @param[in] CertLength Length of the trusted certificate in bytes.
+ @param[in] InData Pointer to the content to be verified.
+ @param[in] DataLength Length of InData in bytes.
+
+ @retval TRUE The specified PKCS#7 signed data is valid.
+ @retval FALSE Invalid PKCS#7 signed data.
+
+**/
+BOOLEAN
+EFIAPI
+Pkcs7Verify (
+ IN CONST UINT8 *P7Data,
+ IN UINTN P7Length,
+ IN CONST UINT8 *TrustedCert,
+ IN UINTN CertLength,
+ IN CONST UINT8 *InData,
+ IN UINTN DataLength
+ )
+{
+ PKCS7 *Pkcs7;
+ BIO *CertBio;
+ BIO *DataBio;
+ BOOLEAN Status;
+ X509 *Cert;
+ X509_STORE *CertStore;
+ UINT8 *SignedData;
+ UINT8 *Temp;
+ UINTN SignedDataSize;
+ BOOLEAN Wrapped;
+
+ //
+ // Check input parameters.
+ //
+ if (P7Data == NULL || TrustedCert == NULL || InData == NULL ||
+ P7Length > INT_MAX || CertLength > INT_MAX || DataLength > INT_MAX) {
+ return FALSE;
+ }
+
+ Pkcs7 = NULL;
+ CertBio = NULL;
+ DataBio = NULL;
+ Cert = NULL;
+ CertStore = NULL;
+
+ //
+ // Register & Initialize necessary digest algorithms for PKCS#7 Handling
+ //
+ EVP_add_digest (EVP_md5());
+ EVP_add_digest (EVP_sha1());
+ EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA);
+ EVP_add_digest (EVP_sha256());
+
+ Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize);
+ if (!Status) {
+ return Status;
+ }
+
+ Status = FALSE;
+
+ //
+ // Retrieve PKCS#7 Data (DER encoding)
+ //
+ if (SignedDataSize > INT_MAX) {
+ goto _Exit;
+ }
+
+ Temp = SignedData;
+ Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &Temp, (int) SignedDataSize);
+ if (Pkcs7 == NULL) {
+ goto _Exit;
+ }
+
+ //
+ // Check if it's PKCS#7 Signed Data (for Authenticode Scenario)
+ //
+ if (!PKCS7_type_is_signed (Pkcs7)) {
+ goto _Exit;
+ }
+
+ //
+ // Read DER-encoded root certificate and Construct X509 Certificate
+ //
+ CertBio = BIO_new (BIO_s_mem ());
+ BIO_write (CertBio, TrustedCert, (int)CertLength);
+ if (CertBio == NULL) {
+ goto _Exit;
+ }
+ Cert = d2i_X509_bio (CertBio, NULL);
+ if (Cert == NULL) {
+ goto _Exit;
+ }
+
+ //
+ // Setup X509 Store for trusted certificate
+ //
+ CertStore = X509_STORE_new ();
+ if (CertStore == NULL) {
+ goto _Exit;
+ }
+ if (!(X509_STORE_add_cert (CertStore, Cert))) {
+ goto _Exit;
+ }
+
+ //
+ // Register customized X509 verification callback function to support
+ // trusted intermediate certificate anchor.
+ //
+ CertStore->verify_cb = X509VerifyCb;
+
+ //
+ // For generic PKCS#7 handling, InData may be NULL if the content is present
+ // in PKCS#7 structure. So ignore NULL checking here.
+ //
+ DataBio = BIO_new (BIO_s_mem ());
+ BIO_write (DataBio, InData, (int)DataLength);
+
+ //
+ // Verifies the PKCS#7 signedData structure
+ //
+ Status = (BOOLEAN) PKCS7_verify (Pkcs7, NULL, CertStore, DataBio, NULL, PKCS7_BINARY);
+
+_Exit:
+ //
+ // Release Resources
+ //
+ BIO_free (DataBio);
+ BIO_free (CertBio);
+ X509_free (Cert);
+ X509_STORE_free (CertStore);
+ PKCS7_free (Pkcs7);
+
+ if (!Wrapped) {
+ OPENSSL_free (SignedData);
+ }
+
+ return Status;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c new file mode 100644 index 0000000000..9a4c77a2fe --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c @@ -0,0 +1,100 @@ +/** @file
+ PKCS#7 SignedData Verification Wrapper Implementation which does not provide
+ real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:
+ Cryptographic Message Syntax Standard". The input signed data could be wrapped
+ in a ContentInfo structure.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] P7Data Pointer to the PKCS#7 message to verify.
+ @param[in] P7Length Length of the PKCS#7 message in bytes.
+ @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.
+ It's caller's responsiblity to free the buffer.
+ @param[out] StackLength Length of signer's certificates in bytes.
+ @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.
+ It's caller's responsiblity to free the buffer.
+ @param[out] CertLength Length of the trusted certificate in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Pkcs7GetSigners (
+ IN CONST UINT8 *P7Data,
+ IN UINTN P7Length,
+ OUT UINT8 **CertStack,
+ OUT UINTN *StackLength,
+ OUT UINT8 **TrustedCert,
+ OUT UINTN *CertLength
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Wrap function to use free() to free allocated memory for certificates.
+
+ If the interface is not supported, then ASSERT().
+
+ @param[in] Certs Pointer to the certificates to be freed.
+
+**/
+VOID
+EFIAPI
+Pkcs7FreeSigners (
+ IN UINT8 *Certs
+ )
+{
+ ASSERT (FALSE);
+}
+
+/**
+ Verifies the validility of a PKCS#7 signed data as described in "PKCS #7:
+ Cryptographic Message Syntax Standard". The input signed data could be wrapped
+ in a ContentInfo structure.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] P7Data Pointer to the PKCS#7 message to verify.
+ @param[in] P7Length Length of the PKCS#7 message in bytes.
+ @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
+ is used for certificate chain verification.
+ @param[in] CertLength Length of the trusted certificate in bytes.
+ @param[in] InData Pointer to the content to be verified.
+ @param[in] DataLength Length of InData in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Pkcs7Verify (
+ IN CONST UINT8 *P7Data,
+ IN UINTN P7Length,
+ IN CONST UINT8 *TrustedCert,
+ IN UINTN CertLength,
+ IN CONST UINT8 *InData,
+ IN UINTN DataLength
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c new file mode 100644 index 0000000000..6bf95deb58 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c @@ -0,0 +1,319 @@ +/** @file
+ RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
+
+ This file implements following APIs which provide basic capabilities for RSA:
+ 1) RsaNew
+ 2) RsaFree
+ 3) RsaSetKey
+ 4) RsaPkcs1Verify
+
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+#include <openssl/rsa.h>
+#include <openssl/err.h>
+
+
+/**
+ Allocates and initializes one RSA context for subsequent use.
+
+ @return Pointer to the RSA context that has been initialized.
+ If the allocations fails, RsaNew() returns NULL.
+
+**/
+VOID *
+EFIAPI
+RsaNew (
+ VOID
+ )
+{
+ //
+ // Allocates & Initializes RSA Context by OpenSSL RSA_new()
+ //
+ return (VOID *)RSA_new ();
+}
+
+/**
+ Release the specified RSA context.
+
+ @param[in] RsaContext Pointer to the RSA context to be released.
+
+**/
+VOID
+EFIAPI
+RsaFree (
+ IN VOID *RsaContext
+ )
+{
+ //
+ // Free OpenSSL RSA Context
+ //
+ RSA_free ((RSA *)RsaContext);
+}
+
+/**
+ Sets the tag-designated key component into the established RSA context.
+
+ This function sets the tag-designated RSA key component into the established
+ RSA context from the user-specified non-negative integer (octet string format
+ represented in RSA PKCS#1).
+ If BigNumber is NULL, then the specified key componenet in RSA context is cleared.
+
+ If RsaContext is NULL, then return FALSE.
+
+ @param[in, out] RsaContext Pointer to RSA context being set.
+ @param[in] KeyTag Tag of RSA key component being set.
+ @param[in] BigNumber Pointer to octet integer buffer.
+ If NULL, then the specified key componenet in RSA
+ context is cleared.
+ @param[in] BnSize Size of big number buffer in bytes.
+ If BigNumber is NULL, then it is ignored.
+
+ @retval TRUE RSA key component was set successfully.
+ @retval FALSE Invalid RSA key component tag.
+
+**/
+BOOLEAN
+EFIAPI
+RsaSetKey (
+ IN OUT VOID *RsaContext,
+ IN RSA_KEY_TAG KeyTag,
+ IN CONST UINT8 *BigNumber,
+ IN UINTN BnSize
+ )
+{
+ RSA *RsaKey;
+
+ //
+ // Check input parameters.
+ //
+ if (RsaContext == NULL) {
+ return FALSE;
+ }
+
+ RsaKey = (RSA *)RsaContext;
+ //
+ // Set RSA Key Components by converting octet string to OpenSSL BN representation.
+ // NOTE: For RSA public key (used in signature verification), only public components
+ // (N, e) are needed.
+ //
+ switch (KeyTag) {
+
+ //
+ // RSA Public Modulus (N)
+ //
+ case RsaKeyN:
+ if (RsaKey->n != NULL) {
+ BN_free (RsaKey->n);
+ }
+ RsaKey->n = NULL;
+ if (BigNumber == NULL) {
+ break;
+ }
+ RsaKey->n = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->n);
+ break;
+
+ //
+ // RSA Public Exponent (e)
+ //
+ case RsaKeyE:
+ if (RsaKey->e != NULL) {
+ BN_free (RsaKey->e);
+ }
+ RsaKey->e = NULL;
+ if (BigNumber == NULL) {
+ break;
+ }
+ RsaKey->e = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->e);
+ break;
+
+ //
+ // RSA Private Exponent (d)
+ //
+ case RsaKeyD:
+ if (RsaKey->d != NULL) {
+ BN_free (RsaKey->d);
+ }
+ RsaKey->d = NULL;
+ if (BigNumber == NULL) {
+ break;
+ }
+ RsaKey->d = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->d);
+ break;
+
+ //
+ // RSA Secret Prime Factor of Modulus (p)
+ //
+ case RsaKeyP:
+ if (RsaKey->p != NULL) {
+ BN_free (RsaKey->p);
+ }
+ RsaKey->p = NULL;
+ if (BigNumber == NULL) {
+ break;
+ }
+ RsaKey->p = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->p);
+ break;
+
+ //
+ // RSA Secret Prime Factor of Modules (q)
+ //
+ case RsaKeyQ:
+ if (RsaKey->q != NULL) {
+ BN_free (RsaKey->q);
+ }
+ RsaKey->q = NULL;
+ if (BigNumber == NULL) {
+ break;
+ }
+ RsaKey->q = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->q);
+ break;
+
+ //
+ // p's CRT Exponent (== d mod (p - 1))
+ //
+ case RsaKeyDp:
+ if (RsaKey->dmp1 != NULL) {
+ BN_free (RsaKey->dmp1);
+ }
+ RsaKey->dmp1 = NULL;
+ if (BigNumber == NULL) {
+ break;
+ }
+ RsaKey->dmp1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmp1);
+ break;
+
+ //
+ // q's CRT Exponent (== d mod (q - 1))
+ //
+ case RsaKeyDq:
+ if (RsaKey->dmq1 != NULL) {
+ BN_free (RsaKey->dmq1);
+ }
+ RsaKey->dmq1 = NULL;
+ if (BigNumber == NULL) {
+ break;
+ }
+ RsaKey->dmq1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmq1);
+ break;
+
+ //
+ // The CRT Coefficient (== 1/q mod p)
+ //
+ case RsaKeyQInv:
+ if (RsaKey->iqmp != NULL) {
+ BN_free (RsaKey->iqmp);
+ }
+ RsaKey->iqmp = NULL;
+ if (BigNumber == NULL) {
+ break;
+ }
+ RsaKey->iqmp = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->iqmp);
+ break;
+
+ default:
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/**
+ Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in
+ RSA PKCS#1.
+
+ If RsaContext is NULL, then return FALSE.
+ If MessageHash is NULL, then return FALSE.
+ If Signature is NULL, then return FALSE.
+ If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
+
+ @param[in] RsaContext Pointer to RSA context for signature verification.
+ @param[in] MessageHash Pointer to octet message hash to be checked.
+ @param[in] HashSize Size of the message hash in bytes.
+ @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.
+ @param[in] SigSize Size of signature in bytes.
+
+ @retval TRUE Valid signature encoded in PKCS1-v1_5.
+ @retval FALSE Invalid signature or invalid RSA context.
+
+**/
+BOOLEAN
+EFIAPI
+RsaPkcs1Verify (
+ IN VOID *RsaContext,
+ IN CONST UINT8 *MessageHash,
+ IN UINTN HashSize,
+ IN UINT8 *Signature,
+ IN UINTN SigSize
+ )
+{
+ INTN Length;
+
+ //
+ // Check input parameters.
+ //
+ if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) {
+ return FALSE;
+ }
+
+
+ //
+ // Check for unsupported hash size:
+ // Only MD5, SHA-1 or SHA-256 digest size is supported
+ //
+ if (HashSize != MD5_DIGEST_SIZE && HashSize != SHA1_DIGEST_SIZE && HashSize != SHA256_DIGEST_SIZE) {
+ return FALSE;
+ }
+
+ //
+ // RSA PKCS#1 Signature Decoding using OpenSSL RSA Decryption with Public Key
+ //
+ Length = RSA_public_decrypt (
+ (UINT32) SigSize,
+ Signature,
+ Signature,
+ RsaContext,
+ RSA_PKCS1_PADDING
+ );
+
+ //
+ // Invalid RSA Key or PKCS#1 Padding Checking Failed (if Length < 0)
+ // NOTE: Length should be the addition of HashSize and some DER value.
+ // Ignore more strict length checking here.
+ //
+ if (Length < (INTN) HashSize) {
+ return FALSE;
+ }
+
+ //
+ // Validate the MessageHash and Decoded Signature
+ // NOTE: The decoded Signature should be the DER encoding of the DigestInfo value
+ // DigestInfo ::= SEQUENCE {
+ // digestAlgorithm AlgorithmIdentifier
+ // digest OCTET STRING
+ // }
+ // Then Memory Comparing should skip the DER value of the underlying SEQUENCE
+ // type and AlgorithmIdentifier.
+ //
+ if (CompareMem (MessageHash, Signature + Length - HashSize, HashSize) == 0) {
+ //
+ // Valid RSA PKCS#1 Signature
+ //
+ return TRUE;
+ } else {
+ //
+ // Failed to verification
+ //
+ return FALSE;
+ }
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c new file mode 100644 index 0000000000..67d8826e6c --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c @@ -0,0 +1,432 @@ +/** @file
+ RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
+
+ This file implements following APIs which provide more capabilities for RSA:
+ 1) RsaGetKey
+ 2) RsaGenerateKey
+ 3) RsaCheckKey
+ 4) RsaPkcs1Sign
+
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+#include <openssl/rsa.h>
+#include <openssl/err.h>
+
+//
+// ASN.1 value for Hash Algorithm ID with the Distringuished Encoding Rules (DER)
+// Refer to Section 9.2 of PKCS#1 v2.1
+//
+CONST UINT8 Asn1IdMd5[] = {
+ 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,
+ 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10
+ };
+
+CONST UINT8 Asn1IdSha1[] = {
+ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
+ 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
+ };
+
+CONST UINT8 Asn1IdSha256[] = {
+ 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+ 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
+ 0x00, 0x04, 0x20
+ };
+
+/**
+ Gets the tag-designated RSA key component from the established RSA context.
+
+ This function retrieves the tag-designated RSA key component from the
+ established RSA context as a non-negative integer (octet string format
+ represented in RSA PKCS#1).
+ If specified key component has not been set or has been cleared, then returned
+ BnSize is set to 0.
+ If the BigNumber buffer is too small to hold the contents of the key, FALSE
+ is returned and BnSize is set to the required buffer size to obtain the key.
+
+ If RsaContext is NULL, then return FALSE.
+ If BnSize is NULL, then return FALSE.
+ If BnSize is large enough but BigNumber is NULL, then return FALSE.
+
+ @param[in, out] RsaContext Pointer to RSA context being set.
+ @param[in] KeyTag Tag of RSA key component being set.
+ @param[out] BigNumber Pointer to octet integer buffer.
+ @param[in, out] BnSize On input, the size of big number buffer in bytes.
+ On output, the size of data returned in big number buffer in bytes.
+
+ @retval TRUE RSA key component was retrieved successfully.
+ @retval FALSE Invalid RSA key component tag.
+ @retval FALSE BnSize is too small.
+
+**/
+BOOLEAN
+EFIAPI
+RsaGetKey (
+ IN OUT VOID *RsaContext,
+ IN RSA_KEY_TAG KeyTag,
+ OUT UINT8 *BigNumber,
+ IN OUT UINTN *BnSize
+ )
+{
+ RSA *RsaKey;
+ BIGNUM *BnKey;
+ UINTN Size;
+
+ //
+ // Check input parameters.
+ //
+ if (RsaContext == NULL || BnSize == NULL) {
+ return FALSE;
+ }
+
+ RsaKey = (RSA *) RsaContext;
+ Size = *BnSize;
+ *BnSize = 0;
+
+ switch (KeyTag) {
+
+ //
+ // RSA Public Modulus (N)
+ //
+ case RsaKeyN:
+ if (RsaKey->n == NULL) {
+ return TRUE;
+ }
+ BnKey = RsaKey->n;
+ break;
+
+ //
+ // RSA Public Exponent (e)
+ //
+ case RsaKeyE:
+ if (RsaKey->e == NULL) {
+ return TRUE;
+ }
+ BnKey = RsaKey->e;
+ break;
+
+ //
+ // RSA Private Exponent (d)
+ //
+ case RsaKeyD:
+ if (RsaKey->d == NULL) {
+ return TRUE;
+ }
+ BnKey = RsaKey->d;
+ break;
+
+ //
+ // RSA Secret Prime Factor of Modulus (p)
+ //
+ case RsaKeyP:
+ if (RsaKey->p == NULL) {
+ return TRUE;
+ }
+ BnKey = RsaKey->p;
+ break;
+
+ //
+ // RSA Secret Prime Factor of Modules (q)
+ //
+ case RsaKeyQ:
+ if (RsaKey->q == NULL) {
+ return TRUE;
+ }
+ BnKey = RsaKey->q;
+ break;
+
+ //
+ // p's CRT Exponent (== d mod (p - 1))
+ //
+ case RsaKeyDp:
+ if (RsaKey->dmp1 == NULL) {
+ return TRUE;
+ }
+ BnKey = RsaKey->dmp1;
+ break;
+
+ //
+ // q's CRT Exponent (== d mod (q - 1))
+ //
+ case RsaKeyDq:
+ if (RsaKey->dmq1 == NULL) {
+ return TRUE;
+ }
+ BnKey = RsaKey->dmq1;
+ break;
+
+ //
+ // The CRT Coefficient (== 1/q mod p)
+ //
+ case RsaKeyQInv:
+ if (RsaKey->iqmp == NULL) {
+ return TRUE;
+ }
+ BnKey = RsaKey->iqmp;
+ break;
+
+ default:
+ return FALSE;
+ }
+
+ *BnSize = Size;
+ Size = BN_num_bytes (BnKey);
+
+ if (*BnSize < Size) {
+ *BnSize = Size;
+ return FALSE;
+ }
+
+ if (BigNumber == NULL) {
+ return FALSE;
+ }
+ *BnSize = BN_bn2bin (BnKey, BigNumber) ;
+
+ return TRUE;
+}
+
+/**
+ Generates RSA key components.
+
+ This function generates RSA key components. It takes RSA public exponent E and
+ length in bits of RSA modulus N as input, and generates all key components.
+ If PublicExponent is NULL, the default RSA public exponent (0x10001) will be used.
+
+ Before this function can be invoked, pseudorandom number generator must be correctly
+ initialized by RandomSeed().
+
+ If RsaContext is NULL, then return FALSE.
+
+ @param[in, out] RsaContext Pointer to RSA context being set.
+ @param[in] ModulusLength Length of RSA modulus N in bits.
+ @param[in] PublicExponent Pointer to RSA public exponent.
+ @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.
+
+ @retval TRUE RSA key component was generated successfully.
+ @retval FALSE Invalid RSA key component tag.
+
+**/
+BOOLEAN
+EFIAPI
+RsaGenerateKey (
+ IN OUT VOID *RsaContext,
+ IN UINTN ModulusLength,
+ IN CONST UINT8 *PublicExponent,
+ IN UINTN PublicExponentSize
+ )
+{
+ BIGNUM *KeyE;
+ BOOLEAN RetVal;
+
+ //
+ // Check input parameters.
+ //
+ if (RsaContext == NULL) {
+ return FALSE;
+ }
+
+ KeyE = BN_new ();
+ if (PublicExponent == NULL) {
+ BN_set_word (KeyE, 0x10001);
+ } else {
+ BN_bin2bn (PublicExponent, (UINT32) PublicExponentSize, KeyE);
+ }
+
+ RetVal = FALSE;
+ if (RSA_generate_key_ex ((RSA *) RsaContext, (UINT32) ModulusLength, KeyE, NULL) == 1) {
+ RetVal = TRUE;
+ }
+
+ BN_free (KeyE);
+ return RetVal;
+}
+
+/**
+ Validates key components of RSA context.
+
+ This function validates key compoents of RSA context in following aspects:
+ - Whether p is a prime
+ - Whether q is a prime
+ - Whether n = p * q
+ - Whether d*e = 1 mod lcm(p-1,q-1)
+
+ If RsaContext is NULL, then return FALSE.
+
+ @param[in] RsaContext Pointer to RSA context to check.
+
+ @retval TRUE RSA key components are valid.
+ @retval FALSE RSA key components are not valid.
+
+**/
+BOOLEAN
+EFIAPI
+RsaCheckKey (
+ IN VOID *RsaContext
+ )
+{
+ UINTN Reason;
+
+ //
+ // Check input parameters.
+ //
+ if (RsaContext == NULL) {
+ return FALSE;
+ }
+
+ if (RSA_check_key ((RSA *) RsaContext) != 1) {
+ Reason = ERR_GET_REASON (ERR_peek_last_error ());
+ if (Reason == RSA_R_P_NOT_PRIME ||
+ Reason == RSA_R_Q_NOT_PRIME ||
+ Reason == RSA_R_N_DOES_NOT_EQUAL_P_Q ||
+ Reason == RSA_R_D_E_NOT_CONGRUENT_TO_1) {
+ return FALSE;
+ }
+ }
+
+ return TRUE;
+}
+
+/**
+ Performs the PKCS1-v1_5 encoding methods defined in RSA PKCS #1.
+
+ @param Message Message buffer to be encoded.
+ @param MessageSize Size of message buffer in bytes.
+ @param DigestInfo Pointer to buffer of digest info for output.
+
+ @return Size of DigestInfo in bytes.
+
+**/
+UINTN
+DigestInfoEncoding (
+ IN CONST UINT8 *Message,
+ IN UINTN MessageSize,
+ OUT UINT8 *DigestInfo
+ )
+{
+ CONST UINT8 *HashDer;
+ UINTN DerSize;
+
+ //
+ // Check input parameters.
+ //
+ if (Message == NULL || DigestInfo == NULL) {
+ return FALSE;
+ }
+
+ //
+ // The original message length is used to determine the hash algorithm since
+ // message is digest value hashed by the specified algorithm.
+ //
+ switch (MessageSize) {
+ case MD5_DIGEST_SIZE:
+ HashDer = Asn1IdMd5;
+ DerSize = sizeof (Asn1IdMd5);
+ break;
+
+ case SHA1_DIGEST_SIZE:
+ HashDer = Asn1IdSha1;
+ DerSize = sizeof (Asn1IdSha1);
+ break;
+
+ case SHA256_DIGEST_SIZE:
+ HashDer = Asn1IdSha256;
+ DerSize = sizeof (Asn1IdSha256);
+ break;
+
+ default:
+ return FALSE;
+ }
+
+ CopyMem (DigestInfo, HashDer, DerSize);
+ CopyMem (DigestInfo + DerSize, Message, MessageSize);
+
+ return (DerSize + MessageSize);
+}
+
+/**
+ Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.
+
+ This function carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme defined in
+ RSA PKCS#1.
+ If the Signature buffer is too small to hold the contents of signature, FALSE
+ is returned and SigSize is set to the required buffer size to obtain the signature.
+
+ If RsaContext is NULL, then return FALSE.
+ If MessageHash is NULL, then return FALSE.
+ If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
+ If SigSize is large enough but Signature is NULL, then return FALSE.
+
+ @param[in] RsaContext Pointer to RSA context for signature generation.
+ @param[in] MessageHash Pointer to octet message hash to be signed.
+ @param[in] HashSize Size of the message hash in bytes.
+ @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature.
+ @param[in, out] SigSize On input, the size of Signature buffer in bytes.
+ On output, the size of data returned in Signature buffer in bytes.
+
+ @retval TRUE Signature successfully generated in PKCS1-v1_5.
+ @retval FALSE Signature generation failed.
+ @retval FALSE SigSize is too small.
+
+**/
+BOOLEAN
+EFIAPI
+RsaPkcs1Sign (
+ IN VOID *RsaContext,
+ IN CONST UINT8 *MessageHash,
+ IN UINTN HashSize,
+ OUT UINT8 *Signature,
+ IN OUT UINTN *SigSize
+ )
+{
+ RSA *Rsa;
+ UINTN Size;
+ INTN ReturnVal;
+
+ //
+ // Check input parameters.
+ //
+ if (RsaContext == NULL || MessageHash == NULL ||
+ (HashSize != MD5_DIGEST_SIZE && HashSize != SHA1_DIGEST_SIZE && HashSize != SHA256_DIGEST_SIZE)) {
+ return FALSE;
+ }
+
+ Rsa = (RSA *) RsaContext;
+ Size = BN_num_bytes (Rsa->n);
+
+ if (*SigSize < Size) {
+ *SigSize = Size;
+ return FALSE;
+ }
+
+ if (Signature == NULL) {
+ return FALSE;
+ }
+
+ Size = DigestInfoEncoding (MessageHash, HashSize, Signature);
+
+ ReturnVal = RSA_private_encrypt (
+ (UINT32) Size,
+ Signature,
+ Signature,
+ Rsa,
+ RSA_PKCS1_PADDING
+ );
+
+ if (ReturnVal < (INTN) Size) {
+ return FALSE;
+ }
+
+ *SigSize = (UINTN)ReturnVal;
+ return TRUE;
+}
+
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExtNull.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExtNull.c new file mode 100644 index 0000000000..e44cdde44f --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExtNull.c @@ -0,0 +1,125 @@ +/** @file
+ RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
+
+ This file does not provide real capabilities for following APIs in RSA handling:
+ 1) RsaGetKey
+ 2) RsaGenerateKey
+ 3) RsaCheckKey
+ 4) RsaPkcs1Sign
+
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Gets the tag-designated RSA key component from the established RSA context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] RsaContext Pointer to RSA context being set.
+ @param[in] KeyTag Tag of RSA key component being set.
+ @param[out] BigNumber Pointer to octet integer buffer.
+ @param[in, out] BnSize On input, the size of big number buffer in bytes.
+ On output, the size of data returned in big number buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+RsaGetKey (
+ IN OUT VOID *RsaContext,
+ IN RSA_KEY_TAG KeyTag,
+ OUT UINT8 *BigNumber,
+ IN OUT UINTN *BnSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Generates RSA key components.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] RsaContext Pointer to RSA context being set.
+ @param[in] ModulusLength Length of RSA modulus N in bits.
+ @param[in] PublicExponent Pointer to RSA public exponent.
+ @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+RsaGenerateKey (
+ IN OUT VOID *RsaContext,
+ IN UINTN ModulusLength,
+ IN CONST UINT8 *PublicExponent,
+ IN UINTN PublicExponentSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Validates key components of RSA context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] RsaContext Pointer to RSA context to check.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+RsaCheckKey (
+ IN VOID *RsaContext
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] RsaContext Pointer to RSA context for signature generation.
+ @param[in] MessageHash Pointer to octet message hash to be signed.
+ @param[in] HashSize Size of the message hash in bytes.
+ @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature.
+ @param[in, out] SigSize On input, the size of Signature buffer in bytes.
+ On output, the size of data returned in Signature buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+RsaPkcs1Sign (
+ IN VOID *RsaContext,
+ IN CONST UINT8 *MessageHash,
+ IN UINTN HashSize,
+ OUT UINT8 *Signature,
+ IN OUT UINTN *SigSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c new file mode 100644 index 0000000000..5dbddca423 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c @@ -0,0 +1,180 @@ +/** @file
+ X.509 Certificate Handler Wrapper Implementation which does not provide
+ real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Construct a X509 object from DER-encoded certificate data.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] Cert Pointer to the DER-encoded certificate data.
+ @param[in] CertSize The size of certificate data in bytes.
+ @param[out] SingleX509Cert The generated X509 object.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+X509ConstructCertificate (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ OUT UINT8 **SingleX509Cert
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Construct a X509 stack object from a list of DER-encoded certificate data.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] X509Stack On input, pointer to an existing X509 stack object.
+ On output, pointer to the X509 stack object with new
+ inserted X509 certificate.
+ @param ... A list of DER-encoded single certificate data followed
+ by certificate size. A NULL terminates the list. The
+ pairs are the arguments to X509ConstructCertificate().
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+X509ConstructCertificateStack (
+ IN OUT UINT8 **X509Stack,
+ ...
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Release the specified X509 object.
+
+ If the interface is not supported, then ASSERT().
+
+ @param[in] X509Cert Pointer to the X509 object to be released.
+
+**/
+VOID
+EFIAPI
+X509Free (
+ IN VOID *X509Cert
+ )
+{
+ ASSERT (FALSE);
+}
+
+/**
+ Release the specified X509 stack object.
+
+ If the interface is not supported, then ASSERT().
+
+ @param[in] X509Stack Pointer to the X509 stack object to be released.
+
+**/
+VOID
+EFIAPI
+X509StackFree (
+ IN VOID *X509Stack
+ )
+{
+ ASSERT (FALSE);
+}
+
+/**
+ Retrieve the subject bytes from one X.509 certificate.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[out] CertSubject Pointer to the retrieved certificate subject bytes.
+ @param[in, out] SubjectSize The size in bytes of the CertSubject buffer on input,
+ and the size of buffer returned CertSubject on output.
+
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+X509GetSubjectName (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ OUT UINT8 *CertSubject,
+ IN OUT UINTN *SubjectSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Retrieve the RSA Public Key from one DER-encoded X509 certificate.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved
+ RSA public key component. Use RsaFree() function to free the
+ resource.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+RsaGetPublicKeyFromX509 (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ OUT VOID **RsaContext
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Verify one X509 certificate was issued by the trusted CA.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate to be verified.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[in] CACert Pointer to the DER-encoded trusted CA certificate.
+ @param[in] CACertSize Size of the CA Certificate in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+X509VerifyCert (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ IN CONST UINT8 *CACert,
+ IN UINTN CACertSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandNull.c b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandNull.c new file mode 100644 index 0000000000..8838e224a0 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandNull.c @@ -0,0 +1,63 @@ +/** @file
+ Pseudorandom Number Generator Wrapper Implementation which does not provide
+ real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+
+/**
+ Sets up the seed value for the pseudorandom number generator.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] Seed Pointer to seed value.
+ If NULL, default seed is used.
+ @param[in] SeedSize Size of seed value.
+ If Seed is NULL, this parameter is ignored.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+RandomSeed (
+ IN CONST UINT8 *Seed OPTIONAL,
+ IN UINTN SeedSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Generates a pseudorandom byte stream of the specified size.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[out] Output Pointer to buffer to receive random value.
+ @param[in] Size Size of randome bytes to generate.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+RandomBytes (
+ OUT UINT8 *Output,
+ IN UINTN Size
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf index f864efcd56..535ad514c6 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -6,6 +6,11 @@ # This external input must be validated carefully to avoid security issue like
# buffer overflow, integer overflow.
#
+# Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/
+# TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
+# Diffie-Hellman functions, authenticode signature verification functions are
+# not supported in this instance.
+#
# Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -23,7 +28,7 @@ FILE_GUID = 78189cc0-727d-46a4-84ea-f7dd860de64a
MODULE_TYPE = DXE_RUNTIME_DRIVER
VERSION_STRING = 1.0
- LIBRARY_CLASS = BaseCryptLib
+ LIBRARY_CLASS = BaseCryptLib|DXE_RUNTIME_DRIVER
CONSTRUCTOR = RuntimeCryptLibConstructor
#
@@ -33,12 +38,22 @@ #
[Sources]
+ Hash/CryptMd4Null.c
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c
- Pk/CryptRsa.c
- Pk/CryptPkcs7.c
+ Hmac/CryptHmacMd5Null.c
+ Hmac/CryptHmacSha1Null.c
+ Cipher/CryptAesNull.c
+ Cipher/CryptTdesNull.c
+ Cipher/CryptArc4Null.c
+ Pk/CryptRsaBasic.c
+ Pk/CryptRsaExtNull.c
+ Pk/CryptPkcs7SignNull.c
+ Pk/CryptPkcs7Verify.c
+ Pk/CryptDhNull.c
Pk/CryptX509.c
+ Pk/CryptAuthenticodeNull.c
Pem/CryptPem.c
SysCall/CrtWrapper.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf index ac3494a20c..cdbe3ac8b2 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -1,20 +1,16 @@ ## @file
# Cryptographic Library Instance for SMM driver.
#
-# This library instance uses ConstantTimeClock.c thus does not provide
-# functionality for following APIs which need system time support:
-# 1) RsaGenerateKey
-# 2) RsaCheckKey
-# 3) RsaPkcs1Sign
-# 4) Pkcs7Sign
-# 5) DhGenerateParameter
-# 6) DhGenerateKey
-#
# Caution: This module requires additional review when modified.
# This library will have external input - signature.
# This external input must be validated carefully to avoid security issue like
# buffer overflow, integer overflow.
#
+# Note: MD4 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions, AES/
+# TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign functions,
+# Diffie-Hellman functions, authenticode signature verification functions are
+# not supported in this instance.
+#
# Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -42,12 +38,22 @@ #
[Sources]
+ Hash/CryptMd4Null.c
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c
- Pk/CryptRsa.c
- Pk/CryptPkcs7.c
+ Hmac/CryptHmacMd5Null.c
+ Hmac/CryptHmacSha1Null.c
+ Cipher/CryptAesNull.c
+ Cipher/CryptTdesNull.c
+ Cipher/CryptArc4Null.c
+ Pk/CryptRsaBasic.c
+ Pk/CryptRsaExtNull.c
+ Pk/CryptPkcs7SignNull.c
+ Pk/CryptPkcs7Verify.c
+ Pk/CryptDhNull.c
Pk/CryptX509.c
+ Pk/CryptAuthenticodeNull.c
Pem/CryptPem.c
SysCall/CrtWrapper.c
diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/BaseCryptLibRuntimeCryptProtocol.inf b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/BaseCryptLibRuntimeCryptProtocol.inf index 0f1b0eb093..8ef2d4182a 100644 --- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/BaseCryptLibRuntimeCryptProtocol.inf +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/BaseCryptLibRuntimeCryptProtocol.inf @@ -2,7 +2,14 @@ # Cryptographic Library Instance based on Runtime Crypt Protocol.
# This instance will be only used by the Authenticated Variable driver for IPF.
#
-# Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+# Note: MD4/MD5/SHA1 Digest functions, HMAC-MD5 functions, HMAC-SHA1 functions,
+# AES/TDES/ARC4 functions, RSA external functions, PKCS#7 SignedData sign/verify
+# functions, Diffie-Hellman functions, X.509 certificate handler functions,
+# authenticode signature verification functions, PEM handler functions,
+# pseudorandom number generator functions, Sha256Duplicate() are not supported
+# in this instance.
+#
+# Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -31,6 +38,23 @@ [Sources]
RuntimeDxeIpfCryptLib.c
+ Hash/CryptMd4Null.c
+ Hash/CryptMd5Null.c
+ Hash/CryptSha1Null.c
+ Hmac/CryptHmacMd5Null.c
+ Hmac/CryptHmacSha1Null.c
+ Cipher/CryptAesNull.c
+ Cipher/CryptTdesNull.c
+ Cipher/CryptArc4Null.c
+ Pk/CryptRsaExtNull.c
+ Pk/CryptPkcs7SignNull.c
+ Pk/CryptPkcs7VerifyNull.c
+ Pk/CryptDhNull.c
+ Pk/CryptX509Null.c
+ Pk/CryptAuthenticodeNull.c
+ Pem/CryptPemNull.c
+ Rand/CryptRandNull.c
+
[Packages]
MdePkg/MdePkg.dec
CryptoPkg/CryptoPkg.dec
diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Cipher/CryptAesNull.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Cipher/CryptAesNull.c new file mode 100644 index 0000000000..074b07247b --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Cipher/CryptAesNull.c @@ -0,0 +1,165 @@ +/** @file
+ AES Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for AES operations.
+
+ Return zero to indicate this interface is not supported.
+
+ @retval 0 This interface is not supported.
+
+**/
+UINTN
+EFIAPI
+AesGetContextSize (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+/**
+ Initializes user-supplied memory as AES context for subsequent use.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[out] AesContext Pointer to AES context being initialized.
+ @param[in] Key Pointer to the user-supplied AES key.
+ @param[in] KeyLength Length of AES key in bits.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+AesInit (
+ OUT VOID *AesContext,
+ IN CONST UINT8 *Key,
+ IN UINTN KeyLength
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs AES encryption on a data buffer of the specified size in ECB mode.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] AesContext Pointer to the AES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the AES encryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+AesEcbEncrypt (
+ IN VOID *AesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs AES decryption on a data buffer of the specified size in ECB mode.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] AesContext Pointer to the AES context.
+ @param[in] Input Pointer to the buffer containing the data to be decrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the AES decryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+AesEcbDecrypt (
+ IN VOID *AesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs AES encryption on a data buffer of the specified size in CBC mode.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] AesContext Pointer to the AES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[in] Ivec Pointer to initialization vector.
+ @param[out] Output Pointer to a buffer that receives the AES encryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+AesCbcEncrypt (
+ IN VOID *AesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ IN CONST UINT8 *Ivec,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs AES decryption on a data buffer of the specified size in CBC mode.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] AesContext Pointer to the AES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[in] Ivec Pointer to initialization vector.
+ @param[out] Output Pointer to a buffer that receives the AES encryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+AesCbcDecrypt (
+ IN VOID *AesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ IN CONST UINT8 *Ivec,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Cipher/CryptArc4Null.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Cipher/CryptArc4Null.c new file mode 100644 index 0000000000..1275e20f89 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Cipher/CryptArc4Null.c @@ -0,0 +1,130 @@ +/** @file
+ ARC4 Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
+
+ Return zero to indicate this interface is not supported.
+
+ @retval 0 This interface is not supported.
+
+
+**/
+UINTN
+EFIAPI
+Arc4GetContextSize (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+/**
+ Initializes user-supplied memory as ARC4 context for subsequent use.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[out] Arc4Context Pointer to ARC4 context being initialized.
+ @param[in] Key Pointer to the user-supplied ARC4 key.
+ @param[in] KeySize Size of ARC4 key in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Arc4Init (
+ OUT VOID *Arc4Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs ARC4 encryption on a data buffer of the specified size.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] Arc4Context Pointer to the ARC4 context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Arc4Encrypt (
+ IN OUT VOID *Arc4Context,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs ARC4 decryption on a data buffer of the specified size.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] Arc4Context Pointer to the ARC4 context.
+ @param[in] Input Pointer to the buffer containing the data to be decrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Arc4Decrypt (
+ IN OUT VOID *Arc4Context,
+ IN UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Resets the ARC4 context to the initial state.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] Arc4Context Pointer to the ARC4 context.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Arc4Reset (
+ IN OUT VOID *Arc4Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Cipher/CryptTdesNull.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Cipher/CryptTdesNull.c new file mode 100644 index 0000000000..cec33b6275 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Cipher/CryptTdesNull.c @@ -0,0 +1,166 @@ +/** @file
+ TDES Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for TDES operations.
+
+ Return zero to indicate this interface is not supported.
+
+ @retval 0 This interface is not supported.
+
+**/
+UINTN
+EFIAPI
+TdesGetContextSize (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+/**
+ Initializes user-supplied memory as TDES context for subsequent use.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[out] TdesContext Pointer to TDES context being initialized.
+ @param[in] Key Pointer to the user-supplied TDES key.
+ @param[in] KeyLength Length of TDES key in bits.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+TdesInit (
+ OUT VOID *TdesContext,
+ IN CONST UINT8 *Key,
+ IN UINTN KeyLength
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs TDES encryption on a data buffer of the specified size in ECB mode.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] TdesContext Pointer to the TDES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the TDES encryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+TdesEcbEncrypt (
+ IN VOID *TdesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs TDES decryption on a data buffer of the specified size in ECB mode.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] TdesContext Pointer to the TDES context.
+ @param[in] Input Pointer to the buffer containing the data to be decrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the TDES decryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+TdesEcbDecrypt (
+ IN VOID *TdesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs TDES encryption on a data buffer of the specified size in CBC mode.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] TdesContext Pointer to the TDES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[in] Ivec Pointer to initialization vector.
+ @param[out] Output Pointer to a buffer that receives the TDES encryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+TdesCbcEncrypt (
+ IN VOID *TdesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ IN CONST UINT8 *Ivec,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Performs TDES decryption on a data buffer of the specified size in CBC mode.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] TdesContext Pointer to the TDES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[in] Ivec Pointer to initialization vector.
+ @param[out] Output Pointer to a buffer that receives the TDES encryption output.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+TdesCbcDecrypt (
+ IN VOID *TdesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ IN CONST UINT8 *Ivec,
+ OUT UINT8 *Output
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hash/CryptMd4Null.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hash/CryptMd4Null.c new file mode 100644 index 0000000000..fc634fd163 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hash/CryptMd4Null.c @@ -0,0 +1,124 @@ +/** @file
+ MD4 Digest Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for MD4 hash
+ operations.
+
+ Return zero to indicate this interface is not supported.
+
+ @retval 0 This interface is not supported.
+
+**/
+UINTN
+EFIAPI
+Md4GetContextSize (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+/**
+ Initializes user-supplied memory pointed by Md4Context as MD4 hash context for
+ subsequent use.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[out] Md4Context Pointer to MD4 context being initialized.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Md4Init (
+ OUT VOID *Md4Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Makes a copy of an existing MD4 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] Md4Context Pointer to MD4 context being copied.
+ @param[out] NewMd4Context Pointer to new MD4 context.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Md4Duplicate (
+ IN CONST VOID *Md4Context,
+ OUT VOID *NewMd4Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Digests the input data and updates MD4 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] Md4Context Pointer to the MD4 context.
+ @param[in] Data Pointer to the buffer containing the data to be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Md4Update (
+ IN OUT VOID *Md4Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Completes computation of the MD4 digest value.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] Md4Context Pointer to the MD4 context.
+ @param[out] HashValue Pointer to a buffer that receives the MD4 digest
+ value (16 bytes).
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Md4Final (
+ IN OUT VOID *Md4Context,
+ OUT UINT8 *HashValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hash/CryptMd5Null.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hash/CryptMd5Null.c new file mode 100644 index 0000000000..b9283d1746 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hash/CryptMd5Null.c @@ -0,0 +1,125 @@ +/** @file
+ MD5 Digest Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
+
+ Return zero to indicate this interface is not supported.
+
+ @retval 0 This interface is not supported.
+
+**/
+UINTN
+EFIAPI
+Md5GetContextSize (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+
+/**
+ Initializes user-supplied memory pointed by Md5Context as MD5 hash context for
+ subsequent use.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[out] Md5Context Pointer to MD5 context being initialized.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Md5Init (
+ OUT VOID *Md5Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Makes a copy of an existing MD5 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] Md5Context Pointer to MD5 context being copied.
+ @param[out] NewMd5Context Pointer to new MD5 context.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Md5Duplicate (
+ IN CONST VOID *Md5Context,
+ OUT VOID *NewMd5Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Digests the input data and updates MD5 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] Md5Context Pointer to the MD5 context.
+ @param[in] Data Pointer to the buffer containing the data to be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Md5Update (
+ IN OUT VOID *Md5Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Completes computation of the MD5 digest value.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] Md5Context Pointer to the MD5 context.
+ @param[out] HashValue Pointer to a buffer that receives the MD5 digest
+ value (16 bytes).
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Md5Final (
+ IN OUT VOID *Md5Context,
+ OUT UINT8 *HashValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hash/CryptSha1Null.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hash/CryptSha1Null.c new file mode 100644 index 0000000000..7054365e80 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hash/CryptSha1Null.c @@ -0,0 +1,125 @@ +/** @file
+ SHA-1 Digest Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations.
+
+ Return zero to indicate this interface is not supported.
+
+ @return The size, in bytes, of the context buffer required for SHA-1 hash operations.
+ @retval 0 This interface is not supported.
+
+**/
+UINTN
+EFIAPI
+Sha1GetContextSize (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+/**
+ Initializes user-supplied memory pointed by Sha1Context as SHA-1 hash context for
+ subsequent use.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[out] Sha1Context Pointer to SHA-1 context being initialized.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Sha1Init (
+ OUT VOID *Sha1Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Makes a copy of an existing SHA-1 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] Sha1Context Pointer to SHA-1 context being copied.
+ @param[out] NewSha1Context Pointer to new SHA-1 context.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Sha1Duplicate (
+ IN CONST VOID *Sha1Context,
+ OUT VOID *NewSha1Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Digests the input data and updates SHA-1 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] Sha1Context Pointer to the SHA-1 context.
+ @param[in] Data Pointer to the buffer containing the data to be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Sha1Update (
+ IN OUT VOID *Sha1Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Completes computation of the SHA-1 digest value.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] Sha1Context Pointer to the SHA-1 context.
+ @param[out] HashValue Pointer to a buffer that receives the SHA-1 digest
+ value (20 bytes).
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Sha1Final (
+ IN OUT VOID *Sha1Context,
+ OUT UINT8 *HashValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hmac/CryptHmacMd5Null.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hmac/CryptHmacMd5Null.c new file mode 100644 index 0000000000..b4bdde0433 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hmac/CryptHmacMd5Null.c @@ -0,0 +1,127 @@ +/** @file
+ HMAC-MD5 Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations.
+
+ Return zero to indicate this interface is not supported.
+
+ @retval 0 This interface is not supported.
+
+**/
+UINTN
+EFIAPI
+HmacMd5GetContextSize (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+/**
+ Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for
+ subsequent use.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[out] HmacMd5Context Pointer to HMAC-MD5 context being initialized.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacMd5Init (
+ OUT VOID *HmacMd5Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Makes a copy of an existing HMAC-MD5 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
+ @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacMd5Duplicate (
+ IN CONST VOID *HmacMd5Context,
+ OUT VOID *NewHmacMd5Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Digests the input data and updates HMAC-MD5 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacMd5Update (
+ IN OUT VOID *HmacMd5Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Completes computation of the HMAC-MD5 digest value.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
+ value (16 bytes).
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacMd5Final (
+ IN OUT VOID *HmacMd5Context,
+ OUT UINT8 *HmacValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hmac/CryptHmacSha1Null.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hmac/CryptHmacSha1Null.c new file mode 100644 index 0000000000..b31d0d1402 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Hmac/CryptHmacSha1Null.c @@ -0,0 +1,127 @@ +/** @file
+ HMAC-SHA1 Wrapper Implementation which does not provide real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations.
+
+ Return zero to indicate this interface is not supported.
+
+ @retval 0 This interface is not supported.
+
+**/
+UINTN
+EFIAPI
+HmacSha1GetContextSize (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+/**
+ Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for
+ subsequent use.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[out] HmacSha1Context Pointer to HMAC-SHA1 context being initialized.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha1Init (
+ OUT VOID *HmacSha1Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Makes a copy of an existing HMAC-SHA1 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied.
+ @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha1Duplicate (
+ IN CONST VOID *HmacSha1Context,
+ OUT VOID *NewHmacSha1Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Digests the input data and updates HMAC-SHA1 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha1Update (
+ IN OUT VOID *HmacSha1Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Completes computation of the HMAC-SHA1 digest value.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest
+ value (20 bytes).
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha1Final (
+ IN OUT VOID *HmacSha1Context,
+ OUT UINT8 *HmacValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/InternalCryptLib.h b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/InternalCryptLib.h new file mode 100644 index 0000000000..998100dce8 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/InternalCryptLib.h @@ -0,0 +1,33 @@ +/** @file
+ Internal include file for BaseCryptLibRuntimeCryptProtocol.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __INTERNAL_CRYPT_LIB_H__
+#define __INTERNAL_CRYPT_LIB_H__
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseCryptLib.h>
+
+//
+// Environment Setting for OpenSSL-based UEFI Crypto Library.
+//
+#ifndef OPENSSL_SYSNAME_UWIN
+#define OPENSSL_SYSNAME_UWIN
+#endif
+
+
+#endif
+
diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pem/CryptPemNull.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pem/CryptPemNull.c new file mode 100644 index 0000000000..8c9e4f0bb5 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pem/CryptPemNull.c @@ -0,0 +1,44 @@ +/** @file
+ PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation which does
+ not provide real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Retrieve the RSA Private Key from the password-protected PEM key data.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] PemData Pointer to the PEM-encoded key data to be retrieved.
+ @param[in] PemSize Size of the PEM key data in bytes.
+ @param[in] Password NULL-terminated passphrase used for encrypted PEM key data.
+ @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved
+ RSA private key component. Use RsaFree() function to free the
+ resource.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+RsaGetPrivateKeyFromPem (
+ IN CONST UINT8 *PemData,
+ IN UINTN PemSize,
+ IN CONST CHAR8 *Password,
+ OUT VOID **RsaContext
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptAuthenticodeNull.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptAuthenticodeNull.c new file mode 100644 index 0000000000..5554486503 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptAuthenticodeNull.c @@ -0,0 +1,51 @@ +/** @file
+ Authenticode Portable Executable Signature Verification which does not provide
+ real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Verifies the validility of a PE/COFF Authenticode Signature as described in "Windows
+ Authenticode Portable Executable Signature Format".
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed
+ PE/COFF image to be verified.
+ @param[in] DataSize Size of the Authenticode Signature in bytes.
+ @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
+ is used for certificate chain verification.
+ @param[in] CertSize Size of the trusted certificate in bytes.
+ @param[in] ImageHash Pointer to the original image file hash value. The procudure
+ for calculating the image hash value is described in Authenticode
+ specification.
+ @param[in] HashSize Size of Image hash value in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+AuthenticodeVerify (
+ IN CONST UINT8 *AuthData,
+ IN UINTN DataSize,
+ IN CONST UINT8 *TrustedCert,
+ IN UINTN CertSize,
+ IN CONST UINT8 *ImageHash,
+ IN UINTN HashSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptDhNull.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptDhNull.c new file mode 100644 index 0000000000..35045db3c8 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptDhNull.c @@ -0,0 +1,156 @@ +/** @file
+ Diffie-Hellman Wrapper Implementation which does not provide
+ real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Allocates and Initializes one Diffie-Hellman Context for subsequent use.
+
+ @return Pointer to the Diffie-Hellman Context that has been initialized.
+ If the interface is not supported, DhNew() returns NULL.
+
+**/
+VOID *
+EFIAPI
+DhNew (
+ VOID
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+/**
+ Release the specified DH context.
+
+ If the interface is not supported, then ASSERT().
+
+ @param[in] DhContext Pointer to the DH context to be released.
+
+**/
+VOID
+EFIAPI
+DhFree (
+ IN VOID *DhContext
+ )
+{
+ ASSERT (FALSE);
+}
+
+/**
+ Generates DH parameter.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] DhContext Pointer to the DH context.
+ @param[in] Generator Value of generator.
+ @param[in] PrimeLength Length in bits of prime to be generated.
+ @param[out] Prime Pointer to the buffer to receive the generated prime number.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+DhGenerateParameter (
+ IN OUT VOID *DhContext,
+ IN UINTN Generator,
+ IN UINTN PrimeLength,
+ OUT UINT8 *Prime
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Sets generator and prime parameters for DH.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] DhContext Pointer to the DH context.
+ @param[in] Generator Value of generator.
+ @param[in] PrimeLength Length in bits of prime to be generated.
+ @param[in] Prime Pointer to the prime number.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+DhSetParameter (
+ IN OUT VOID *DhContext,
+ IN UINTN Generator,
+ IN UINTN PrimeLength,
+ IN CONST UINT8 *Prime
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Generates DH public key.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] DhContext Pointer to the DH context.
+ @param[out] PublicKey Pointer to the buffer to receive generated public key.
+ @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes.
+ On output, the size of data returned in PublicKey buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+DhGenerateKey (
+ IN OUT VOID *DhContext,
+ OUT UINT8 *PublicKey,
+ IN OUT UINTN *PublicKeySize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Computes exchanged common key.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] DhContext Pointer to the DH context.
+ @param[in] PeerPublicKey Pointer to the peer's public key.
+ @param[in] PeerPublicKeySize Size of peer's public key in bytes.
+ @param[out] Key Pointer to the buffer to receive generated key.
+ @param[in, out] KeySize On input, the size of Key buffer in bytes.
+ On output, the size of data returned in Key buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+DhComputeKey (
+ IN OUT VOID *DhContext,
+ IN CONST UINT8 *PeerPublicKey,
+ IN UINTN PeerPublicKeySize,
+ OUT UINT8 *Key,
+ IN OUT UINTN *KeySize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptPkcs7SignNull.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptPkcs7SignNull.c new file mode 100644 index 0000000000..539bb6b7d5 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptPkcs7SignNull.c @@ -0,0 +1,59 @@ +/** @file
+ PKCS#7 SignedData Sign Wrapper Implementation which does not provide real
+ capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
+ Syntax Standard, version 1.5". This interface is only intended to be used for
+ application to perform PKCS#7 functionality validation.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] PrivateKey Pointer to the PEM-formatted private key data for
+ data signing.
+ @param[in] PrivateKeySize Size of the PEM private key data in bytes.
+ @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM
+ key data.
+ @param[in] InData Pointer to the content to be signed.
+ @param[in] InDataSize Size of InData in bytes.
+ @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with.
+ @param[in] OtherCerts Pointer to an optional additional set of certificates to
+ include in the PKCS#7 signedData (e.g. any intermediate
+ CAs in the chain).
+ @param[out] SignedData Pointer to output PKCS#7 signedData.
+ @param[out] SignedDataSize Size of SignedData in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Pkcs7Sign (
+ IN CONST UINT8 *PrivateKey,
+ IN UINTN PrivateKeySize,
+ IN CONST UINT8 *KeyPassword,
+ IN UINT8 *InData,
+ IN UINTN InDataSize,
+ IN UINT8 *SignCert,
+ IN UINT8 *OtherCerts OPTIONAL,
+ OUT UINT8 **SignedData,
+ OUT UINTN *SignedDataSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptPkcs7VerifyNull.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptPkcs7VerifyNull.c new file mode 100644 index 0000000000..9a4c77a2fe --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptPkcs7VerifyNull.c @@ -0,0 +1,100 @@ +/** @file
+ PKCS#7 SignedData Verification Wrapper Implementation which does not provide
+ real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:
+ Cryptographic Message Syntax Standard". The input signed data could be wrapped
+ in a ContentInfo structure.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] P7Data Pointer to the PKCS#7 message to verify.
+ @param[in] P7Length Length of the PKCS#7 message in bytes.
+ @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.
+ It's caller's responsiblity to free the buffer.
+ @param[out] StackLength Length of signer's certificates in bytes.
+ @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.
+ It's caller's responsiblity to free the buffer.
+ @param[out] CertLength Length of the trusted certificate in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Pkcs7GetSigners (
+ IN CONST UINT8 *P7Data,
+ IN UINTN P7Length,
+ OUT UINT8 **CertStack,
+ OUT UINTN *StackLength,
+ OUT UINT8 **TrustedCert,
+ OUT UINTN *CertLength
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Wrap function to use free() to free allocated memory for certificates.
+
+ If the interface is not supported, then ASSERT().
+
+ @param[in] Certs Pointer to the certificates to be freed.
+
+**/
+VOID
+EFIAPI
+Pkcs7FreeSigners (
+ IN UINT8 *Certs
+ )
+{
+ ASSERT (FALSE);
+}
+
+/**
+ Verifies the validility of a PKCS#7 signed data as described in "PKCS #7:
+ Cryptographic Message Syntax Standard". The input signed data could be wrapped
+ in a ContentInfo structure.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] P7Data Pointer to the PKCS#7 message to verify.
+ @param[in] P7Length Length of the PKCS#7 message in bytes.
+ @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
+ is used for certificate chain verification.
+ @param[in] CertLength Length of the trusted certificate in bytes.
+ @param[in] InData Pointer to the content to be verified.
+ @param[in] DataLength Length of InData in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Pkcs7Verify (
+ IN CONST UINT8 *P7Data,
+ IN UINTN P7Length,
+ IN CONST UINT8 *TrustedCert,
+ IN UINTN CertLength,
+ IN CONST UINT8 *InData,
+ IN UINTN DataLength
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptRsaExtNull.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptRsaExtNull.c new file mode 100644 index 0000000000..e44cdde44f --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptRsaExtNull.c @@ -0,0 +1,125 @@ +/** @file
+ RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
+
+ This file does not provide real capabilities for following APIs in RSA handling:
+ 1) RsaGetKey
+ 2) RsaGenerateKey
+ 3) RsaCheckKey
+ 4) RsaPkcs1Sign
+
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Gets the tag-designated RSA key component from the established RSA context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] RsaContext Pointer to RSA context being set.
+ @param[in] KeyTag Tag of RSA key component being set.
+ @param[out] BigNumber Pointer to octet integer buffer.
+ @param[in, out] BnSize On input, the size of big number buffer in bytes.
+ On output, the size of data returned in big number buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+RsaGetKey (
+ IN OUT VOID *RsaContext,
+ IN RSA_KEY_TAG KeyTag,
+ OUT UINT8 *BigNumber,
+ IN OUT UINTN *BnSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Generates RSA key components.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] RsaContext Pointer to RSA context being set.
+ @param[in] ModulusLength Length of RSA modulus N in bits.
+ @param[in] PublicExponent Pointer to RSA public exponent.
+ @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+RsaGenerateKey (
+ IN OUT VOID *RsaContext,
+ IN UINTN ModulusLength,
+ IN CONST UINT8 *PublicExponent,
+ IN UINTN PublicExponentSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Validates key components of RSA context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] RsaContext Pointer to RSA context to check.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+RsaCheckKey (
+ IN VOID *RsaContext
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] RsaContext Pointer to RSA context for signature generation.
+ @param[in] MessageHash Pointer to octet message hash to be signed.
+ @param[in] HashSize Size of the message hash in bytes.
+ @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature.
+ @param[in, out] SigSize On input, the size of Signature buffer in bytes.
+ On output, the size of data returned in Signature buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+RsaPkcs1Sign (
+ IN VOID *RsaContext,
+ IN CONST UINT8 *MessageHash,
+ IN UINTN HashSize,
+ OUT UINT8 *Signature,
+ IN OUT UINTN *SigSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+
diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptX509Null.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptX509Null.c new file mode 100644 index 0000000000..5dbddca423 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptX509Null.c @@ -0,0 +1,180 @@ +/** @file
+ X.509 Certificate Handler Wrapper Implementation which does not provide
+ real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Construct a X509 object from DER-encoded certificate data.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] Cert Pointer to the DER-encoded certificate data.
+ @param[in] CertSize The size of certificate data in bytes.
+ @param[out] SingleX509Cert The generated X509 object.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+X509ConstructCertificate (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ OUT UINT8 **SingleX509Cert
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Construct a X509 stack object from a list of DER-encoded certificate data.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] X509Stack On input, pointer to an existing X509 stack object.
+ On output, pointer to the X509 stack object with new
+ inserted X509 certificate.
+ @param ... A list of DER-encoded single certificate data followed
+ by certificate size. A NULL terminates the list. The
+ pairs are the arguments to X509ConstructCertificate().
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+X509ConstructCertificateStack (
+ IN OUT UINT8 **X509Stack,
+ ...
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Release the specified X509 object.
+
+ If the interface is not supported, then ASSERT().
+
+ @param[in] X509Cert Pointer to the X509 object to be released.
+
+**/
+VOID
+EFIAPI
+X509Free (
+ IN VOID *X509Cert
+ )
+{
+ ASSERT (FALSE);
+}
+
+/**
+ Release the specified X509 stack object.
+
+ If the interface is not supported, then ASSERT().
+
+ @param[in] X509Stack Pointer to the X509 stack object to be released.
+
+**/
+VOID
+EFIAPI
+X509StackFree (
+ IN VOID *X509Stack
+ )
+{
+ ASSERT (FALSE);
+}
+
+/**
+ Retrieve the subject bytes from one X.509 certificate.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[out] CertSubject Pointer to the retrieved certificate subject bytes.
+ @param[in, out] SubjectSize The size in bytes of the CertSubject buffer on input,
+ and the size of buffer returned CertSubject on output.
+
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+X509GetSubjectName (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ OUT UINT8 *CertSubject,
+ IN OUT UINTN *SubjectSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Retrieve the RSA Public Key from one DER-encoded X509 certificate.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved
+ RSA public key component. Use RsaFree() function to free the
+ resource.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+RsaGetPublicKeyFromX509 (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ OUT VOID **RsaContext
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Verify one X509 certificate was issued by the trusted CA.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate to be verified.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[in] CACert Pointer to the DER-encoded trusted CA certificate.
+ @param[in] CACertSize Size of the CA Certificate in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+X509VerifyCert (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ IN CONST UINT8 *CACert,
+ IN UINTN CACertSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Rand/CryptRandNull.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Rand/CryptRandNull.c new file mode 100644 index 0000000000..8838e224a0 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Rand/CryptRandNull.c @@ -0,0 +1,63 @@ +/** @file
+ Pseudorandom Number Generator Wrapper Implementation which does not provide
+ real capabilities.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+
+
+/**
+ Sets up the seed value for the pseudorandom number generator.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] Seed Pointer to seed value.
+ If NULL, default seed is used.
+ @param[in] SeedSize Size of seed value.
+ If Seed is NULL, this parameter is ignored.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+RandomSeed (
+ IN CONST UINT8 *Seed OPTIONAL,
+ IN UINTN SeedSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Generates a pseudorandom byte stream of the specified size.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[out] Output Pointer to buffer to receive random value.
+ @param[in] Size Size of randome bytes to generate.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+RandomBytes (
+ OUT UINT8 *Output,
+ IN UINTN Size
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c index 2a1da855c6..68abc893fd 100644 --- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c @@ -218,6 +218,29 @@ Sha256Init ( /**
+ Makes a copy of an existing SHA-256 context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] Sha256Context Pointer to SHA-256 context being copied.
+ @param[out] NewSha256Context Pointer to new SHA-256 context.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+Sha256Duplicate (
+ IN CONST VOID *Sha256Context,
+ OUT VOID *NewSha256Context
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+
+/**
Performs SHA-256 digest on a data buffer of the specified length. This function can
be called multiple times to compute the digest of long or discontinuous data streams.
@@ -277,9 +300,9 @@ Sha256Final ( }
/**
- Allocates and Initializes one RSA Context for subsequent use.
+ Allocates and initializes one RSA context for subsequent use.
- @return Pointer to the RSA Context that has been initialized.
+ @return Pointer to the RSA context that has been initialized.
If the allocations fails, RsaNew() returns NULL.
**/
@@ -297,7 +320,7 @@ RsaNew ( }
/**
- Release the specified RSA Context.
+ Release the specified RSA context.
@param[in] RsaContext Pointer to the RSA context to be released.
@@ -316,35 +339,41 @@ RsaFree ( }
/**
- Sets the tag-designated RSA key component into the established RSA context from
- the user-specified nonnegative integer (octet string format represented in RSA
- PKCS#1).
+ Sets the tag-designated key component into the established RSA context.
+
+ This function sets the tag-designated RSA key component into the established
+ RSA context from the user-specified non-negative integer (octet string format
+ represented in RSA PKCS#1).
+ If BigNumber is NULL, then the specified key componenet in RSA context is cleared.
If RsaContext is NULL, then return FALSE.
@param[in, out] RsaContext Pointer to RSA context being set.
@param[in] KeyTag Tag of RSA key component being set.
@param[in] BigNumber Pointer to octet integer buffer.
- @param[in] BnLength Length of big number buffer in bytes.
+ If NULL, then the specified key componenet in RSA
+ context is cleared.
+ @param[in] BnSize Size of big number buffer in bytes.
+ If BigNumber is NULL, then it is ignored.
- @return TRUE RSA key component was set successfully.
- @return FALSE Invalid RSA key component tag.
+ @retval TRUE RSA key component was set successfully.
+ @retval FALSE Invalid RSA key component tag.
**/
BOOLEAN
EFIAPI
RsaSetKey (
- IN OUT VOID *RsaContext,
- IN RSA_KEY_TAG KeyTag,
- IN CONST UINT8 *BigNumber,
- IN UINTN BnLength
+ IN OUT VOID *RsaContext,
+ IN RSA_KEY_TAG KeyTag,
+ IN CONST UINT8 *BigNumber,
+ IN UINTN BnSize
)
{
if (!InternalIsCryptServiveAvailable ()) {
return FALSE;
}
- return mCryptProtocol->RsaSetKey (RsaContext, KeyTag, BigNumber, BnLength);
+ return mCryptProtocol->RsaSetKey (RsaContext, KeyTag, BigNumber, BnSize);
}
/**
@@ -354,16 +383,16 @@ RsaSetKey ( If RsaContext is NULL, then return FALSE.
If MessageHash is NULL, then return FALSE.
If Signature is NULL, then return FALSE.
- If HashLength is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
+ If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
@param[in] RsaContext Pointer to RSA context for signature verification.
@param[in] MessageHash Pointer to octet message hash to be checked.
- @param[in] HashLength Length of the message hash in bytes.
+ @param[in] HashSize Size of the message hash in bytes.
@param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.
- @param[in] SigLength Length of signature in bytes.
+ @param[in] SigSize Size of signature in bytes.
- @return TRUE Valid signature encoded in PKCS1-v1_5.
- @return FALSE Invalid signature or invalid RSA context.
+ @retval TRUE Valid signature encoded in PKCS1-v1_5.
+ @retval FALSE Invalid signature or invalid RSA context.
**/
BOOLEAN
@@ -371,9 +400,9 @@ EFIAPI RsaPkcs1Verify (
IN VOID *RsaContext,
IN CONST UINT8 *MessageHash,
- IN UINTN HashLength,
+ IN UINTN HashSize,
IN UINT8 *Signature,
- IN UINTN SigLength
+ IN UINTN SigSize
)
{
if (!InternalIsCryptServiveAvailable ()) {
@@ -383,8 +412,8 @@ RsaPkcs1Verify ( return mCryptProtocol->RsaPkcs1Verify (
RsaContext,
MessageHash,
- HashLength,
+ HashSize,
Signature,
- SigLength
+ SigSize
);
}
|