diff options
Diffstat (limited to 'CryptoPkg/Library/BaseCryptLib')
19 files changed, 2502 insertions, 174 deletions
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf index 5395da06a7..c9419424fa 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -27,11 +27,19 @@ #
[Sources]
+ InternalCryptLib.h
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c
+ Hmac/CryptHmacMd5.c
+ Hmac/CryptHmacSha1.c
+ Cipher/CryptAes.c
+ Cipher/CryptTdes.c
+ Cipher/CryptArc4.c
+ Rand/CryptRand.c
Pk/CryptRsa.c
Pk/CryptPkcs7.c
+ Pk/CryptDh.c
SysCall/CrtWrapper.c
SysCall/TimerWrapper.c
@@ -58,8 +66,6 @@ SysCall/Ia32/MathLShiftS64.S | GCC
SysCall/Ia32/MathRShiftU64.S | GCC
- SysCall/Ia32/Alloca.S | GCC
-
[Packages]
MdePkg/MdePkg.dec
CryptoPkg/CryptoPkg.dec
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c new file mode 100644 index 0000000000..e32063cd98 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c @@ -0,0 +1,309 @@ +/** @file
+ AES Wrapper Implementation over OpenSSL.
+
+Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+#include <openssl/aes.h>
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for AES operations.
+
+ @return The size, in bytes, of the context buffer required for AES operations.
+
+**/
+UINTN
+EFIAPI
+AesGetContextSize (
+ VOID
+ )
+{
+ //
+ // AES uses different key contexts for encryption and decryption, so here memory
+ // for 2 copies of AES_KEY is allocated.
+ //
+ return (UINTN) (2 * sizeof (AES_KEY));
+}
+
+/**
+ Initializes user-supplied memory as AES context for subsequent use.
+
+ This function initializes user-supplied memory pointed by AesContext as AES context.
+ In addtion, it sets up all AES key materials for subsequent encryption and decryption
+ operations.
+ There are 3 options for key length, 128 bits, 192 bits, and 256 bits.
+
+ If AesContext is NULL, then ASSERT().
+ If Key is NULL, then ASSERT().
+ If KeyLength is not valid, then ASSERT().
+
+ @param[out] AesContext Pointer to AES context being initialized.
+ @param[in] Key Pointer to the user-supplied AES key.
+ @param[in] KeyLength Length of AES key in bits.
+
+ @retval TRUE AES context initialization succeeded.
+ @retval FALSE AES context initialization failed.
+
+**/
+BOOLEAN
+EFIAPI
+AesInit (
+ OUT VOID *AesContext,
+ IN CONST UINT8 *Key,
+ IN UINTN KeyLength
+ )
+{
+ AES_KEY *AesKey;
+
+ ASSERT (AesContext != NULL);
+ //
+ // AES Key Checking
+ //
+ ASSERT (Key != NULL);
+ ASSERT ((KeyLength == 128) || (KeyLength == 192) || (KeyLength == 256));
+
+ //
+ // Initialize AES encryption & decryption key schedule.
+ //
+ AesKey = (AES_KEY *) AesContext;
+ if (AES_set_encrypt_key (Key, (UINT32) KeyLength, AesKey) != 0) {
+ return FALSE;
+ }
+ if (AES_set_decrypt_key (Key, (UINT32) KeyLength, AesKey + 1) != 0) {
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/**
+ Performs AES encryption on a data buffer of the specified size in ECB mode.
+
+ This function performs AES encryption on data buffer pointed by Input, of specified
+ size of InputSize, in ECB mode.
+ InputSize must be multiple of block size (16 bytes). This function does not perform
+ padding. Caller must perform padding, if necessary, to ensure valid input data size.
+ AesContext should be already correctly initialized by AesInit(). Behavior with
+ invalid AES context is undefined.
+
+ If AesContext is NULL, then ASSERT().
+ If Input is NULL, then ASSERT().
+ If InputSize is not multiple of block size (16 bytes), then ASSERT().
+ If Output is NULL, then ASSERT().
+
+ @param[in] AesContext Pointer to the AES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the AES encryption output.
+
+ @retval TRUE AES encryption succeeded.
+ @retval FALSE AES encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+AesEcbEncrypt (
+ IN VOID *AesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ AES_KEY *AesKey;
+
+ ASSERT (AesContext != NULL);
+ ASSERT (Input != NULL);
+ ASSERT ((InputSize % AES_BLOCK_SIZE) == 0);
+ ASSERT (Output != NULL);
+
+ AesKey = (AES_KEY *) AesContext;
+
+ //
+ // Perform AES data encryption with ECB mode (block-by-block)
+ //
+ while (InputSize > 0) {
+ AES_ecb_encrypt (Input, Output, AesKey, AES_ENCRYPT);
+ Input += AES_BLOCK_SIZE;
+ Output += AES_BLOCK_SIZE;
+ InputSize -= AES_BLOCK_SIZE;
+ }
+
+ return TRUE;
+}
+
+/**
+ Performs AES decryption on a data buffer of the specified size in ECB mode.
+
+ This function performs AES decryption on data buffer pointed by Input, of specified
+ size of InputSize, in ECB mode.
+ InputSize must be multiple of block size (16 bytes). This function does not perform
+ padding. Caller must perform padding, if necessary, to ensure valid input data size.
+ AesContext should be already correctly initialized by AesInit(). Behavior with
+ invalid AES context is undefined.
+
+ If AesContext is NULL, then ASSERT().
+ If Input is NULL, then ASSERT().
+ If InputSize is not multiple of block size (16 bytes), then ASSERT().
+ If Output is NULL, then ASSERT().
+
+ @param[in] AesContext Pointer to the AES context.
+ @param[in] Input Pointer to the buffer containing the data to be decrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the AES decryption output.
+
+ @retval TRUE AES decryption succeeded.
+ @retval FALSE AES decryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+AesEcbDecrypt (
+ IN VOID *AesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ AES_KEY *AesKey;
+
+ ASSERT (AesContext != NULL);
+ ASSERT (Input != NULL);
+ ASSERT ((InputSize % AES_BLOCK_SIZE) == 0);
+ ASSERT (Output != NULL);
+
+ AesKey = (AES_KEY *) AesContext;
+
+ //
+ // Perform AES data decryption with ECB mode (block-by-block)
+ //
+ while (InputSize > 0) {
+ AES_ecb_encrypt (Input, Output, AesKey + 1, AES_DECRYPT);
+ Input += AES_BLOCK_SIZE;
+ Output += AES_BLOCK_SIZE;
+ InputSize -= AES_BLOCK_SIZE;
+ }
+
+ return TRUE;
+}
+
+/**
+ Performs AES encryption on a data buffer of the specified size in CBC mode.
+
+ This function performs AES encryption on data buffer pointed by Input, of specified
+ size of InputSize, in CBC mode.
+ InputSize must be multiple of block size (16 bytes). This function does not perform
+ padding. Caller must perform padding, if necessary, to ensure valid input data size.
+ Initialization vector should be one block size (16 bytes).
+ AesContext should be already correctly initialized by AesInit(). Behavior with
+ invalid AES context is undefined.
+
+ If AesContext is NULL, then ASSERT().
+ If Input is NULL, then ASSERT().
+ If InputSize is not multiple of block size (16 bytes), then ASSERT().
+ If Ivec is NULL, then ASSERT().
+ If Output is NULL, then ASSERT().
+
+ @param[in] AesContext Pointer to the AES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[in] Ivec Pointer to initialization vector.
+ @param[out] Output Pointer to a buffer that receives the AES encryption output.
+
+ @retval TRUE AES encryption succeeded.
+ @retval FALSE AES encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+AesCbcEncrypt (
+ IN VOID *AesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ IN CONST UINT8 *Ivec,
+ OUT UINT8 *Output
+ )
+{
+ AES_KEY *AesKey;
+ UINT8 IvecBuffer[AES_BLOCK_SIZE];
+
+ ASSERT (AesContext != NULL);
+ ASSERT (Input != NULL);
+ ASSERT ((InputSize % AES_BLOCK_SIZE) == 0);
+ ASSERT (Ivec != NULL);
+ ASSERT (Output != NULL);
+
+ AesKey = (AES_KEY *) AesContext;
+ CopyMem (IvecBuffer, Ivec, AES_BLOCK_SIZE);
+
+ //
+ // Perform AES data encryption with CBC mode
+ //
+ AES_cbc_encrypt (Input, Output, (UINT32) InputSize, AesKey, IvecBuffer, AES_ENCRYPT);
+
+ return TRUE;
+}
+
+/**
+ Performs AES decryption on a data buffer of the specified size in CBC mode.
+
+ This function performs AES decryption on data buffer pointed by Input, of specified
+ size of InputSize, in CBC mode.
+ InputSize must be multiple of block size (16 bytes). This function does not perform
+ padding. Caller must perform padding, if necessary, to ensure valid input data size.
+ Initialization vector should be one block size (16 bytes).
+ AesContext should be already correctly initialized by AesInit(). Behavior with
+ invalid AES context is undefined.
+
+ If AesContext is NULL, then ASSERT().
+ If Input is NULL, then ASSERT().
+ If InputSize is not multiple of block size (16 bytes), then ASSERT().
+ If Ivec is NULL, then ASSERT().
+ If Output is NULL, then ASSERT().
+
+ @param[in] AesContext Pointer to the AES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[in] Ivec Pointer to initialization vector.
+ @param[out] Output Pointer to a buffer that receives the AES encryption output.
+
+ @retval TRUE AES decryption succeeded.
+ @retval FALSE AES decryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+AesCbcDecrypt (
+ IN VOID *AesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ IN CONST UINT8 *Ivec,
+ OUT UINT8 *Output
+ )
+{
+ AES_KEY *AesKey;
+ UINT8 IvecBuffer[AES_BLOCK_SIZE];
+
+ ASSERT (AesContext != NULL);
+ ASSERT (Input != NULL);
+ ASSERT ((InputSize % AES_BLOCK_SIZE) == 0);
+ ASSERT (Ivec != NULL);
+ ASSERT (Output != NULL);
+
+ AesKey = (AES_KEY *) AesContext;
+ CopyMem (IvecBuffer, Ivec, AES_BLOCK_SIZE);
+
+ //
+ // Perform AES data decryption with CBC mode
+ //
+ AES_cbc_encrypt (Input, Output, (UINT32) InputSize, AesKey + 1, IvecBuffer, AES_DECRYPT);
+
+ return TRUE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c new file mode 100644 index 0000000000..fa8fd963dd --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c @@ -0,0 +1,197 @@ +/** @file
+ ARC4 Wrapper Implementation over OpenSSL.
+
+Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+#include <openssl/rc4.h>
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
+
+ @return The size, in bytes, of the context buffer required for ARC4 operations.
+
+**/
+UINTN
+EFIAPI
+Arc4GetContextSize (
+ VOID
+ )
+{
+ //
+ // Memory for 2 copies of RC4_KEY is allocated, one for working copy, and the other
+ // for backup copy. When Arc4Reset() is called, we can use the backup copy to restore
+ // the working copy to the initial state.
+ //
+ return (UINTN) (2 * sizeof(RC4_KEY));
+}
+
+/**
+ Initializes user-supplied memory as ARC4 context for subsequent use.
+
+ This function initializes user-supplied memory pointed by Arc4Context as ARC4 context.
+ In addtion, it sets up all ARC4 key materials for subsequent encryption and decryption
+ operations.
+
+ If Arc4Context is NULL, then ASSERT().
+ If Key is NULL, then ASSERT().
+ If KeySize does not in the range of [5, 256] bytes, then ASSERT().
+
+ @param[out] Arc4Context Pointer to ARC4 context being initialized.
+ @param[in] Key Pointer to the user-supplied ARC4 key.
+ @param[in] KeySize Size of ARC4 key in bytes.
+
+ @retval TRUE ARC4 context initialization succeeded.
+ @retval FALSE ARC4 context initialization failed.
+
+**/
+BOOLEAN
+EFIAPI
+Arc4Init (
+ OUT VOID *Arc4Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ RC4_KEY *Rc4Key;
+
+ ASSERT (Arc4Context != NULL);
+ ASSERT (Key != NULL);
+ ASSERT ((KeySize >= 5) && (KeySize <= 256));
+
+ Rc4Key = (RC4_KEY *) Arc4Context;
+
+ RC4_set_key (Rc4Key, (UINT32) KeySize, Key);
+
+ CopyMem (Rc4Key + 1, Rc4Key, sizeof(RC4_KEY));
+
+ return TRUE;
+}
+
+/**
+ Performs ARC4 encryption on a data buffer of the specified size.
+
+ This function performs ARC4 encryption on data buffer pointed by Input, of specified
+ size of InputSize.
+ Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
+ invalid ARC4 context is undefined.
+
+ If Arc4Context is NULL, then ASSERT().
+ If Input is NULL, then ASSERT().
+ If Output is NULL, then ASSERT().
+
+ @param[in, out] Arc4Context Pointer to the ARC4 context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
+
+ @retval TRUE ARC4 encryption succeeded.
+ @retval FALSE ARC4 encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+Arc4Encrypt (
+ IN OUT VOID *Arc4Context,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ RC4_KEY *Rc4Key;
+
+ ASSERT (Arc4Context != NULL);
+ ASSERT (Input != NULL);
+ ASSERT (Output != NULL);
+
+ Rc4Key = (RC4_KEY *) Arc4Context;
+
+ RC4 (Rc4Key, (UINT32) InputSize, Input, Output);
+
+ return TRUE;
+}
+
+/**
+ Performs ARC4 decryption on a data buffer of the specified size.
+
+ This function performs ARC4 decryption on data buffer pointed by Input, of specified
+ size of InputSize.
+ Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
+ invalid ARC4 context is undefined.
+
+ If Arc4Context is NULL, then ASSERT().
+ If Input is NULL, then ASSERT().
+ If Output is NULL, then ASSERT().
+
+ @param[in, out] Arc4Context Pointer to the ARC4 context.
+ @param[in] Input Pointer to the buffer containing the data to be decrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
+
+ @retval TRUE ARC4 decryption succeeded.
+ @retval FALSE ARC4 decryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+Arc4Decrypt (
+ IN OUT VOID *Arc4Context,
+ IN UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ RC4_KEY *Rc4Key;
+
+ ASSERT (Arc4Context != NULL);
+ ASSERT (Input != NULL);
+ ASSERT (Output != NULL);
+
+ Rc4Key = (RC4_KEY *) Arc4Context;
+
+ RC4 (Rc4Key, (UINT32) InputSize, Input, Output);
+
+ return TRUE;
+}
+
+/**
+ Resets the ARC4 context to the initial state.
+
+ The function resets the ARC4 context to the state it had immediately after the
+ ARC4Init() function call.
+ Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but ARC4 context
+ should be already correctly initialized by ARC4Init().
+
+ If Arc4Context is NULL, then ASSERT().
+
+ @param[in, out] Arc4Context Pointer to the ARC4 context.
+
+ @retval TRUE ARC4 reset succeeded.
+ @retval FALSE ARC4 reset failed.
+
+**/
+BOOLEAN
+EFIAPI
+Arc4Reset (
+ IN OUT VOID *Arc4Context
+ )
+{
+ RC4_KEY *Rc4Key;
+
+ ASSERT (Arc4Context != NULL);
+
+ Rc4Key = (RC4_KEY *) Arc4Context;
+
+ CopyMem (Rc4Key, Rc4Key + 1, sizeof(RC4_KEY));
+
+ return TRUE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c new file mode 100644 index 0000000000..5535ab3686 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c @@ -0,0 +1,353 @@ +/** @file
+ TDES Wrapper Implementation over OpenSSL.
+
+Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+#include <openssl/des.h>
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for TDES operations.
+
+ @return The size, in bytes, of the context buffer required for TDES operations.
+
+**/
+UINTN
+EFIAPI
+TdesGetContextSize (
+ VOID
+ )
+{
+ //
+ // Memory for 3 copies of DES_key_schedule is allocated, for K1, K2 and K3 each.
+ //
+ return (UINTN) (3 * sizeof (DES_key_schedule));
+}
+
+/**
+ Initializes user-supplied memory as TDES context for subsequent use.
+
+ This function initializes user-supplied memory pointed by TdesContext as TDES context.
+ In addtion, it sets up all TDES key materials for subsequent encryption and decryption
+ operations.
+ There are 3 key options as follows:
+ KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES)
+ KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security)
+ KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest)
+
+ If TdesContext is NULL, then ASSERT().
+ If Key is NULL, then ASSERT().
+ If KeyLength is not valid, then ASSERT().
+
+ @param[out] TdesContext Pointer to TDES context being initialized.
+ @param[in] Key Pointer to the user-supplied TDES key.
+ @param[in] KeyLength Length of TDES key in bits.
+
+ @retval TRUE TDES context initialization succeeded.
+ @retval FALSE TDES context initialization failed.
+
+**/
+BOOLEAN
+EFIAPI
+TdesInit (
+ OUT VOID *TdesContext,
+ IN CONST UINT8 *Key,
+ IN UINTN KeyLength
+ )
+{
+ DES_key_schedule *KeySchedule;
+
+ ASSERT (TdesContext != NULL);
+ ASSERT (Key != NULL);
+ ASSERT ((KeyLength == 64) || (KeyLength == 128) || (KeyLength == 192));
+
+ KeySchedule = (DES_key_schedule *) TdesContext;
+
+ //
+ //
+ //
+ if (DES_is_weak_key ((const_DES_cblock *) Key)) {
+ return FALSE;
+ }
+
+ DES_set_key_unchecked ((const_DES_cblock *) Key, KeySchedule);
+
+ if (KeyLength == 64) {
+ CopyMem (KeySchedule + 1, KeySchedule, sizeof (DES_key_schedule));
+ CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule));
+ return TRUE;
+ }
+
+ if (DES_is_weak_key ((const_DES_cblock *) Key + 8)) {
+ return FALSE;
+ }
+
+ DES_set_key_unchecked ((const_DES_cblock *) (Key + 8), KeySchedule + 1);
+
+ if (KeyLength == 128) {
+ CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule));
+ return TRUE;
+ }
+
+ if (DES_is_weak_key ((const_DES_cblock *) Key + 16)) {
+ return FALSE;
+ }
+
+ DES_set_key_unchecked ((const_DES_cblock *) (Key + 16), KeySchedule + 2);
+
+ return TRUE;
+}
+
+/**
+ Performs TDES encryption on a data buffer of the specified size in ECB mode.
+
+ This function performs TDES encryption on data buffer pointed by Input, of specified
+ size of InputSize, in ECB mode.
+ InputSize must be multiple of block size (8 bytes). This function does not perform
+ padding. Caller must perform padding, if necessary, to ensure valid input data size.
+ TdesContext should be already correctly initialized by TdesInit(). Behavior with
+ invalid TDES context is undefined.
+
+ If TdesContext is NULL, then ASSERT().
+ If Input is NULL, then ASSERT().
+ If InputSize is not multiple of block size (8 bytes), then ASSERT().
+ If Output is NULL, then ASSERT().
+
+ @param[in] TdesContext Pointer to the TDES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the TDES encryption output.
+
+ @retval TRUE TDES encryption succeeded.
+ @retval FALSE TDES encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+TdesEcbEncrypt (
+ IN VOID *TdesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ DES_key_schedule *KeySchedule;
+
+ ASSERT (TdesContext != NULL);
+ ASSERT (Input != NULL);
+ ASSERT ((InputSize % TDES_BLOCK_SIZE) == 0);
+ ASSERT (Output != NULL);
+
+ KeySchedule = (DES_key_schedule *) TdesContext;
+
+ while (InputSize > 0) {
+ DES_ecb3_encrypt (
+ (const_DES_cblock *) Input,
+ (DES_cblock *) Output,
+ KeySchedule,
+ KeySchedule + 1,
+ KeySchedule + 2,
+ DES_ENCRYPT
+ );
+ Input += TDES_BLOCK_SIZE;
+ Output += TDES_BLOCK_SIZE;
+ InputSize -= TDES_BLOCK_SIZE;
+ }
+
+ return TRUE;
+}
+
+/**
+ Performs TDES decryption on a data buffer of the specified size in ECB mode.
+
+ This function performs TDES decryption on data buffer pointed by Input, of specified
+ size of InputSize, in ECB mode.
+ InputSize must be multiple of block size (8 bytes). This function does not perform
+ padding. Caller must perform padding, if necessary, to ensure valid input data size.
+ TdesContext should be already correctly initialized by TdesInit(). Behavior with
+ invalid TDES context is undefined.
+
+ If TdesContext is NULL, then ASSERT().
+ If Input is NULL, then ASSERT().
+ If InputSize is not multiple of block size (8 bytes), then ASSERT().
+ If Output is NULL, then ASSERT().
+
+ @param[in] TdesContext Pointer to the TDES context.
+ @param[in] Input Pointer to the buffer containing the data to be decrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[out] Output Pointer to a buffer that receives the TDES decryption output.
+
+ @retval TRUE TDES decryption succeeded.
+ @retval FALSE TDES decryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+TdesEcbDecrypt (
+ IN VOID *TdesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ OUT UINT8 *Output
+ )
+{
+ DES_key_schedule *KeySchedule;
+
+ ASSERT (TdesContext != NULL);
+ ASSERT (Input != NULL);
+ ASSERT ((InputSize % TDES_BLOCK_SIZE) == 0);
+ ASSERT (Output != NULL);
+
+ KeySchedule = (DES_key_schedule *) TdesContext;
+
+ while (InputSize > 0) {
+ DES_ecb3_encrypt (
+ (const_DES_cblock *) Input,
+ (DES_cblock *) Output,
+ KeySchedule,
+ KeySchedule + 1,
+ KeySchedule + 2,
+ DES_DECRYPT
+ );
+ Input += TDES_BLOCK_SIZE;
+ Output += TDES_BLOCK_SIZE;
+ InputSize -= TDES_BLOCK_SIZE;
+ }
+
+ return TRUE;
+}
+
+/**
+ Performs TDES encryption on a data buffer of the specified size in CBC mode.
+
+ This function performs TDES encryption on data buffer pointed by Input, of specified
+ size of InputSize, in CBC mode.
+ InputSize must be multiple of block size (8 bytes). This function does not perform
+ padding. Caller must perform padding, if necessary, to ensure valid input data size.
+ Initialization vector should be one block size (8 bytes).
+ TdesContext should be already correctly initialized by TdesInit(). Behavior with
+ invalid TDES context is undefined.
+
+ If TdesContext is NULL, then ASSERT().
+ If Input is NULL, then ASSERT().
+ If InputSize is not multiple of block size (8 bytes), then ASSERT().
+ If Ivec is NULL, then ASSERT().
+ If Output is NULL, then ASSERT().
+
+ @param[in] TdesContext Pointer to the TDES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[in] Ivec Pointer to initialization vector.
+ @param[out] Output Pointer to a buffer that receives the TDES encryption output.
+
+ @retval TRUE TDES encryption succeeded.
+ @retval FALSE TDES encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+TdesCbcEncrypt (
+ IN VOID *TdesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ IN CONST UINT8 *Ivec,
+ OUT UINT8 *Output
+ )
+{
+ DES_key_schedule *KeySchedule;
+ UINT8 IvecBuffer[TDES_BLOCK_SIZE];
+
+ ASSERT (TdesContext != NULL);
+ ASSERT (Input != NULL);
+ ASSERT ((InputSize % TDES_BLOCK_SIZE) == 0);
+ ASSERT (Ivec != NULL);
+ ASSERT (Output != NULL);
+
+ KeySchedule = (DES_key_schedule *) TdesContext;
+ CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE);
+
+ DES_ede3_cbc_encrypt (
+ Input,
+ Output,
+ (UINT32) InputSize,
+ KeySchedule,
+ KeySchedule + 1,
+ KeySchedule + 2,
+ (DES_cblock *) IvecBuffer,
+ DES_ENCRYPT
+ );
+
+ return TRUE;
+}
+
+/**
+ Performs TDES decryption on a data buffer of the specified size in CBC mode.
+
+ This function performs TDES decryption on data buffer pointed by Input, of specified
+ size of InputSize, in CBC mode.
+ InputSize must be multiple of block size (8 bytes). This function does not perform
+ padding. Caller must perform padding, if necessary, to ensure valid input data size.
+ Initialization vector should be one block size (8 bytes).
+ TdesContext should be already correctly initialized by TdesInit(). Behavior with
+ invalid TDES context is undefined.
+
+ If TdesContext is NULL, then ASSERT().
+ If Input is NULL, then ASSERT().
+ If InputSize is not multiple of block size (8 bytes), then ASSERT().
+ If Ivec is NULL, then ASSERT().
+ If Output is NULL, then ASSERT().
+
+ @param[in] TdesContext Pointer to the TDES context.
+ @param[in] Input Pointer to the buffer containing the data to be encrypted.
+ @param[in] InputSize Size of the Input buffer in bytes.
+ @param[in] Ivec Pointer to initialization vector.
+ @param[out] Output Pointer to a buffer that receives the TDES encryption output.
+
+ @retval TRUE TDES decryption succeeded.
+ @retval FALSE TDES decryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+TdesCbcDecrypt (
+ IN VOID *TdesContext,
+ IN CONST UINT8 *Input,
+ IN UINTN InputSize,
+ IN CONST UINT8 *Ivec,
+ OUT UINT8 *Output
+ )
+{
+ DES_key_schedule *KeySchedule;
+ UINT8 IvecBuffer[TDES_BLOCK_SIZE];
+
+ ASSERT (TdesContext != NULL);
+ ASSERT (Input != NULL);
+ ASSERT ((InputSize % TDES_BLOCK_SIZE) == 0);
+ ASSERT (Ivec != NULL);
+ ASSERT (Output != NULL);
+
+ KeySchedule = (DES_key_schedule *) TdesContext;
+ CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE);
+
+ DES_ede3_cbc_encrypt (
+ Input,
+ Output,
+ (UINT32) InputSize,
+ KeySchedule,
+ KeySchedule + 1,
+ KeySchedule + 2,
+ (DES_cblock *) IvecBuffer,
+ DES_DECRYPT
+ );
+
+ return TRUE;
+}
+
diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c index 99471a0176..73f3d219b0 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c @@ -12,10 +12,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/
-#include <Library/BaseLib.h>
-#include <Library/DebugLib.h>
-
-#include <Library/BaseCryptLib.h>
+#include "InternalCryptLib.h"
#include <openssl/md5.h>
@@ -44,7 +41,7 @@ Md5GetContextSize ( If Md5Context is NULL, then ASSERT().
- @param[in, out] Md5Context Pointer to MD5 Context being initialized.
+ @param[out] Md5Context Pointer to MD5 context being initialized.
@retval TRUE MD5 context initialization succeeded.
@retval FALSE MD5 context initialization failed.
@@ -53,7 +50,7 @@ Md5GetContextSize ( BOOLEAN
EFIAPI
Md5Init (
- IN OUT VOID *Md5Context
+ OUT VOID *Md5Context
)
{
//
@@ -67,20 +64,47 @@ Md5Init ( return (BOOLEAN) (MD5_Init ((MD5_CTX *)Md5Context));
}
+/**
+ Makes a copy of an existing MD5 context.
+
+ If Md5Context is NULL, then ASSERT().
+ If NewMd5Context is NULL, then ASSERT().
+
+ @param[in] Md5Context Pointer to MD5 context being copied.
+ @param[out] NewMd5Context Pointer to new MD5 context.
+
+ @retval TRUE MD5 context copy succeeded.
+ @retval FALSE MD5 context copy failed.
+
+**/
+BOOLEAN
+EFIAPI
+Md5Duplicate (
+ IN CONST VOID *Md5Context,
+ OUT VOID *NewMd5Context
+ )
+{
+ CopyMem (NewMd5Context, Md5Context, sizeof (MD5_CTX));
+
+ return TRUE;
+}
/**
- Performs MD5 digest on a data buffer of the specified length. This function can
- be called multiple times to compute the digest of long or discontinuous data streams.
+ Digests the input data and updates MD5 context.
+
+ This function performs MD5 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ MD5 context should be already correctly intialized by Md5Init(), and should not be finalized
+ by Md5Final(). Behavior with invalid context is undefined.
If Md5Context is NULL, then ASSERT().
@param[in, out] Md5Context Pointer to the MD5 context.
@param[in] Data Pointer to the buffer containing the data to be hashed.
- @param[in] DataLength Length of Data buffer in bytes.
+ @param[in] DataSize Size of Data buffer in bytes.
@retval TRUE MD5 data digest succeeded.
- @retval FALSE Invalid MD5 context. After Md5Final function has been called, the
- MD5 context cannot be reused.
+ @retval FALSE MD5 data digest failed.
**/
BOOLEAN
@@ -88,7 +112,7 @@ EFIAPI Md5Update (
IN OUT VOID *Md5Context,
IN CONST VOID *Data,
- IN UINTN DataLength
+ IN UINTN DataSize
)
{
//
@@ -100,24 +124,28 @@ Md5Update ( // ASSERT if invalid parameters, in case that only DataLength was checked in OpenSSL
//
if (Data == NULL) {
- ASSERT (DataLength == 0);
+ ASSERT (DataSize == 0);
}
//
// OpenSSL MD5 Hash Update
//
- return (BOOLEAN) (MD5_Update ((MD5_CTX *)Md5Context, Data, DataLength));
+ return (BOOLEAN) (MD5_Update ((MD5_CTX *)Md5Context, Data, DataSize));
}
-
/**
- Completes MD5 hash computation and retrieves the digest value into the specified
- memory. After this function has been called, the MD5 context cannot be used again.
+ Completes computation of the MD5 digest value.
+
+ This function completes MD5 hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the MD5 context cannot
+ be used again.
+ MD5 context should be already correctly intialized by Md5Init(), and should not be
+ finalized by Md5Final(). Behavior with invalid MD5 context is undefined.
If Md5Context is NULL, then ASSERT().
If HashValue is NULL, then ASSERT().
- @param[in, out] Md5Context Pointer to the MD5 context
+ @param[in, out] Md5Context Pointer to the MD5 context.
@param[out] HashValue Pointer to a buffer that receives the MD5 digest
value (16 bytes).
diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c index d774059300..9a317ec143 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c @@ -12,10 +12,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/
-#include <Library/BaseLib.h>
-#include <Library/DebugLib.h>
-
-#include <Library/BaseCryptLib.h>
+#include "InternalCryptLib.h"
#include <openssl/sha.h>
@@ -37,23 +34,22 @@ Sha1GetContextSize ( return (UINTN)(sizeof (SHA_CTX));
}
-
/**
- Initializes user-supplied memory pointed by Sha1Context as the SHA-1 hash context for
+ Initializes user-supplied memory pointed by Sha1Context as SHA-1 hash context for
subsequent use.
If Sha1Context is NULL, then ASSERT().
- @param[in, out] Sha1Context Pointer to the SHA-1 Context being initialized.
+ @param[out] Sha1Context Pointer to SHA-1 context being initialized.
- @retval TRUE SHA-1 initialization succeeded.
- @retval FALSE SHA-1 initialization failed.
+ @retval TRUE SHA-1 context initialization succeeded.
+ @retval FALSE SHA-1 context initialization failed.
**/
BOOLEAN
EFIAPI
Sha1Init (
- IN OUT VOID *Sha1Context
+ OUT VOID *Sha1Context
)
{
//
@@ -67,20 +63,47 @@ Sha1Init ( return (BOOLEAN) (SHA1_Init ((SHA_CTX *)Sha1Context));
}
+/**
+ Makes a copy of an existing SHA-1 context.
+
+ If Sha1Context is NULL, then ASSERT().
+ If NewSha1Context is NULL, then ASSERT().
+
+ @param[in] Sha1Context Pointer to SHA-1 context being copied.
+ @param[out] NewSha1Context Pointer to new SHA-1 context.
+
+ @retval TRUE SHA-1 context copy succeeded.
+ @retval FALSE SHA-1 context copy failed.
+
+**/
+BOOLEAN
+EFIAPI
+Sha1Duplicate (
+ IN CONST VOID *Sha1Context,
+ OUT VOID *NewSha1Context
+ )
+{
+ CopyMem (NewSha1Context, Sha1Context, sizeof (SHA_CTX));
+
+ return TRUE;
+}
/**
- Performs SHA-1 digest on a data buffer of the specified length. This function can
- be called multiple times to compute the digest of long or discontinuous data streams.
+ Digests the input data and updates SHA-1 context.
+
+ This function performs SHA-1 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ SHA-1 context should be already correctly intialized by Sha1Init(), and should not be finalized
+ by Sha1Final(). Behavior with invalid context is undefined.
If Sha1Context is NULL, then ASSERT().
@param[in, out] Sha1Context Pointer to the SHA-1 context.
@param[in] Data Pointer to the buffer containing the data to be hashed.
- @param[in] DataLength Length of Data buffer in bytes.
+ @param[in] DataSize Size of Data buffer in bytes.
@retval TRUE SHA-1 data digest succeeded.
- @retval FALSE Invalid SHA-1 context. After Sha1Final function has been called, the
- SHA-1 context cannot be reused.
+ @retval FALSE SHA-1 data digest failed.
**/
BOOLEAN
@@ -88,7 +111,7 @@ EFIAPI Sha1Update (
IN OUT VOID *Sha1Context,
IN CONST VOID *Data,
- IN UINTN DataLength
+ IN UINTN DataSize
)
{
//
@@ -100,24 +123,28 @@ Sha1Update ( // ASSERT if invalid parameters, in case that only DataLength was checked in OpenSSL
//
if (Data == NULL) {
- ASSERT (DataLength == 0);
+ ASSERT (DataSize == 0);
}
//
// OpenSSL SHA-1 Hash Update
//
- return (BOOLEAN) (SHA1_Update ((SHA_CTX *)Sha1Context, Data, DataLength));
+ return (BOOLEAN) (SHA1_Update ((SHA_CTX *)Sha1Context, Data, DataSize));
}
-
/**
- Completes SHA-1 hash computation and retrieves the digest value into the specified
- memory. After this function has been called, the SHA-1 context cannot be used again.
+ Completes computation of the SHA-1 digest value.
+
+ This function completes SHA-1 hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the SHA-1 context cannot
+ be used again.
+ SHA-1 context should be already correctly intialized by Sha1Init(), and should not be
+ finalized by Sha1Final(). Behavior with invalid SHA-1 context is undefined.
If Sha1Context is NULL, then ASSERT().
If HashValue is NULL, then ASSERT().
- @param[in, out] Sha1Context Pointer to the SHA-1 context
+ @param[in, out] Sha1Context Pointer to the SHA-1 context.
@param[out] HashValue Pointer to a buffer that receives the SHA-1 digest
value (20 bytes).
diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c index 9b566a4c59..7e6c6c691f 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c @@ -12,17 +12,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/
-#include <Library/BaseLib.h>
-#include <Library/DebugLib.h>
-
-#include <Library/BaseCryptLib.h>
+#include "InternalCryptLib.h"
#include <openssl/sha.h>
-
/**
- Retrieves the size, in bytes, of the context buffer required for SHA-256 operations.
+ Retrieves the size, in bytes, of the context buffer required for SHA-256 hash operations.
- @return The size, in bytes, of the context buffer required for SHA-256 operations.
+ @return The size, in bytes, of the context buffer required for SHA-256 hash operations.
**/
UINTN
@@ -37,14 +33,13 @@ Sha256GetContextSize ( return (UINTN)(sizeof (SHA256_CTX));
}
-
/**
Initializes user-supplied memory pointed by Sha256Context as SHA-256 hash context for
subsequent use.
If Sha256Context is NULL, then ASSERT().
- @param[in, out] Sha256Context Pointer to SHA-256 Context being initialized.
+ @param[out] Sha256Context Pointer to SHA-256 context being initialized.
@retval TRUE SHA-256 context initialization succeeded.
@retval FALSE SHA-256 context initialization failed.
@@ -53,7 +48,7 @@ Sha256GetContextSize ( BOOLEAN
EFIAPI
Sha256Init (
- IN OUT VOID *Sha256Context
+ OUT VOID *Sha256Context
)
{
//
@@ -67,20 +62,47 @@ Sha256Init ( return (BOOLEAN) (SHA256_Init ((SHA256_CTX *)Sha256Context));
}
+/**
+ Makes a copy of an existing SHA-256 context.
+
+ If Sha256Context is NULL, then ASSERT().
+ If NewSha256Context is NULL, then ASSERT().
+
+ @param[in] Sha256Context Pointer to SHA-256 context being copied.
+ @param[out] NewSha256Context Pointer to new SHA-256 context.
+
+ @retval TRUE SHA-256 context copy succeeded.
+ @retval FALSE SHA-256 context copy failed.
+
+**/
+BOOLEAN
+EFIAPI
+Sha256Duplicate (
+ IN CONST VOID *Sha256Context,
+ OUT VOID *NewSha256Context
+ )
+{
+ CopyMem (NewSha256Context, Sha256Context, sizeof (SHA256_CTX));
+
+ return TRUE;
+}
/**
- Performs SHA-256 digest on a data buffer of the specified length. This function can
- be called multiple times to compute the digest of long or discontinuous data streams.
+ Digests the input data and updates SHA-256 context.
+
+ This function performs SHA-256 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ SHA-256 context should be already correctly intialized by Sha256Init(), and should not be finalized
+ by Sha256Final(). Behavior with invalid context is undefined.
If Sha256Context is NULL, then ASSERT().
@param[in, out] Sha256Context Pointer to the SHA-256 context.
@param[in] Data Pointer to the buffer containing the data to be hashed.
- @param[in] DataLength Length of Data buffer in bytes.
+ @param[in] DataSize Size of Data buffer in bytes.
@retval TRUE SHA-256 data digest succeeded.
- @retval FALSE Invalid SHA-256 context. After Sha256Final function has been called, the
- SHA-256 context cannot be reused.
+ @retval FALSE SHA-256 data digest failed.
**/
BOOLEAN
@@ -88,7 +110,7 @@ EFIAPI Sha256Update (
IN OUT VOID *Sha256Context,
IN CONST VOID *Data,
- IN UINTN DataLength
+ IN UINTN DataSize
)
{
//
@@ -100,24 +122,28 @@ Sha256Update ( // ASSERT if invalid parameters, in case that only DataLength was checked in OpenSSL
//
if (Data == NULL) {
- ASSERT (DataLength == 0);
+ ASSERT (DataSize == 0);
}
//
// OpenSSL SHA-256 Hash Update
//
- return (BOOLEAN) (SHA256_Update ((SHA256_CTX *)Sha256Context, Data, DataLength));
+ return (BOOLEAN) (SHA256_Update ((SHA256_CTX *)Sha256Context, Data, DataSize));
}
-
/**
- Completes SHA-256 hash computation and retrieves the digest value into the specified
- memory. After this function has been called, the SHA-256 context cannot be used again.
+ Completes computation of the SHA-256 digest value.
+
+ This function completes SHA-256 hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the SHA-256 context cannot
+ be used again.
+ SHA-256 context should be already correctly intialized by Sha256Init(), and should not be
+ finalized by Sha256Final(). Behavior with invalid SHA-256 context is undefined.
If Sha256Context is NULL, then ASSERT().
If HashValue is NULL, then ASSERT().
- @param[in, out] Sha256Context Pointer to SHA-256 context
+ @param[in, out] Sha256Context Pointer to the SHA-256 context.
@param[out] HashValue Pointer to a buffer that receives the SHA-256 digest
value (32 bytes).
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c new file mode 100644 index 0000000000..1eff5c4978 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c @@ -0,0 +1,185 @@ +/** @file
+ HMAC-MD5 Wrapper Implementation over OpenSSL.
+
+Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+#include <openssl/hmac.h>
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations.
+
+ @return The size, in bytes, of the context buffer required for HMAC-MD5 operations.
+
+**/
+UINTN
+EFIAPI
+HmacMd5GetContextSize (
+ VOID
+ )
+{
+ //
+ // Retrieves the OpenSSL HMAC-MD5 Context Size
+ //
+ return (UINTN)(sizeof (HMAC_CTX));
+}
+
+/**
+ Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for
+ subsequent use.
+
+ If HmacMd5Context is NULL, then ASSERT().
+
+ @param[out] HmacMd5Context Pointer to HMAC-MD5 context being initialized.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval TRUE HMAC-MD5 context initialization succeeded.
+ @retval FALSE HMAC-MD5 context initialization failed.
+
+**/
+BOOLEAN
+EFIAPI
+HmacMd5Init (
+ OUT VOID *HmacMd5Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ //
+ // ASSERT if HmacMd5Context is NULL.
+ //
+ ASSERT (HmacMd5Context != NULL);
+
+ //
+ // OpenSSL HMAC-MD5 Context Initialization
+ //
+ HMAC_CTX_init (HmacMd5Context);
+ HMAC_Init_ex (HmacMd5Context, Key, (UINT32) KeySize, EVP_md5(), NULL);
+
+ return TRUE;
+}
+
+/**
+ Makes a copy of an existing HMAC-MD5 context.
+
+ If HmacMd5Context is NULL, then ASSERT().
+ If NewHmacMd5Context is NULL, then ASSERT().
+
+ @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
+ @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
+
+ @retval TRUE HMAC-MD5 context copy succeeded.
+ @retval FALSE HMAC-MD5 context copy failed.
+
+**/
+BOOLEAN
+EFIAPI
+HmacMd5Duplicate (
+ IN CONST VOID *HmacMd5Context,
+ OUT VOID *NewHmacMd5Context
+ )
+{
+ CopyMem (NewHmacMd5Context, HmacMd5Context, sizeof (HMAC_CTX));
+
+ return TRUE;
+}
+
+/**
+ Digests the input data and updates HMAC-MD5 context.
+
+ This function performs HMAC-MD5 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ HMAC-MD5 context should be already correctly intialized by HmacMd5Init(), and should not be
+ finalized by HmacMd5Final(). Behavior with invalid context is undefined.
+
+ If HmacMd5Context is NULL, then ASSERT().
+
+ @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE HMAC-MD5 data digest succeeded.
+ @retval FALSE HMAC-MD5 data digest failed.
+
+**/
+BOOLEAN
+EFIAPI
+HmacMd5Update (
+ IN OUT VOID *HmacMd5Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ //
+ // ASSERT if HmacMd5Context is NULL
+ //
+ ASSERT (HmacMd5Context != NULL);
+
+ //
+ // ASSERT if invalid parameters, in case that only DataLength was checked in OpenSSL
+ //
+ if (Data == NULL) {
+ ASSERT (DataSize == 0);
+ }
+
+ //
+ // OpenSSL HMAC-MD5 digest update
+ //
+ HMAC_Update (HmacMd5Context, Data, DataSize);
+
+ return TRUE;
+}
+
+/**
+ Completes computation of the HMAC-MD5 digest value.
+
+ This function completes HMAC-MD5 digest computation and retrieves the digest value into
+ the specified memory. After this function has been called, the HMAC-MD5 context cannot
+ be used again.
+ HMAC-MD5 context should be already correctly intialized by HmacMd5Init(), and should not be
+ finalized by HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined.
+
+ If HmacMd5Context is NULL, then ASSERT().
+ If HmacValue is NULL, then ASSERT().
+
+ @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
+ value (16 bytes).
+
+ @retval TRUE HMAC-MD5 digest computation succeeded.
+ @retval FALSE HMAC-MD5 digest computation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HmacMd5Final (
+ IN OUT VOID *HmacMd5Context,
+ OUT UINT8 *HmacValue
+ )
+{
+ UINT32 Length;
+
+ //
+ // ASSERT if HmacMd5Context is NULL or HmacValue is NULL
+ //
+ ASSERT (HmacMd5Context != NULL);
+ ASSERT (HmacValue != NULL);
+
+ //
+ // OpenSSL HMAC-MD5 digest finalization
+ //
+ HMAC_Final (HmacMd5Context, HmacValue, &Length);
+ HMAC_CTX_cleanup (HmacMd5Context);
+
+ return TRUE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c new file mode 100644 index 0000000000..0298b80cc5 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c @@ -0,0 +1,185 @@ +/** @file
+ HMAC-SHA1 Wrapper Implementation over OpenSSL.
+
+Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+#include <openssl/hmac.h>
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations.
+
+ @return The size, in bytes, of the context buffer required for HMAC-SHA1 operations.
+
+**/
+UINTN
+EFIAPI
+HmacSha1GetContextSize (
+ VOID
+ )
+{
+ //
+ // Retrieves the OpenSSL HMAC-SHA1 Context Size
+ //
+ return (UINTN)(sizeof (HMAC_CTX));
+}
+
+/**
+ Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for
+ subsequent use.
+
+ If HmacSha1Context is NULL, then ASSERT().
+
+ @param[out] HmacSha1Context Pointer to HMAC-SHA1 context being initialized.
+ @param[in] Key Pointer to the user-supplied key.
+ @param[in] KeySize Key size in bytes.
+
+ @retval TRUE HMAC-SHA1 context initialization succeeded.
+ @retval FALSE HMAC-SHA1 context initialization failed.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha1Init (
+ OUT VOID *HmacSha1Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
+ )
+{
+ //
+ // ASSERT if HmacSha1Context is NULL.
+ //
+ ASSERT (HmacSha1Context != NULL);
+
+ //
+ // OpenSSL HMAC-SHA1 Context Initialization
+ //
+ HMAC_CTX_init (HmacSha1Context);
+ HMAC_Init_ex (HmacSha1Context, Key, (UINT32) KeySize, EVP_sha1(), NULL);
+
+ return TRUE;
+}
+
+/**
+ Makes a copy of an existing HMAC-SHA1 context.
+
+ If HmacSha1Context is NULL, then ASSERT().
+ If NewHmacSha1Context is NULL, then ASSERT().
+
+ @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied.
+ @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
+
+ @retval TRUE HMAC-SHA1 context copy succeeded.
+ @retval FALSE HMAC-SHA1 context copy failed.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha1Duplicate (
+ IN CONST VOID *HmacSha1Context,
+ OUT VOID *NewHmacSha1Context
+ )
+{
+ CopyMem (NewHmacSha1Context, HmacSha1Context, sizeof (HMAC_CTX));
+
+ return TRUE;
+}
+
+/**
+ Digests the input data and updates HMAC-SHA1 context.
+
+ This function performs HMAC-SHA1 digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ HMAC-SHA1 context should be already correctly intialized by HmacSha1Init(), and should not
+ be finalized by HmacSha1Final(). Behavior with invalid context is undefined.
+
+ If HmacSha1Context is NULL, then ASSERT().
+
+ @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE HMAC-SHA1 data digest succeeded.
+ @retval FALSE HMAC-SHA1 data digest failed.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha1Update (
+ IN OUT VOID *HmacSha1Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ //
+ // ASSERT if HmacSha1Context is NULL
+ //
+ ASSERT (HmacSha1Context != NULL);
+
+ //
+ // ASSERT if invalid parameters, in case that only DataLength was checked in OpenSSL
+ //
+ if (Data == NULL) {
+ ASSERT (DataSize == 0);
+ }
+
+ //
+ // OpenSSL HMAC-SHA1 digest update
+ //
+ HMAC_Update (HmacSha1Context, Data, DataSize);
+
+ return TRUE;
+}
+
+/**
+ Completes computation of the HMAC-SHA1 digest value.
+
+ This function completes HMAC-SHA1 digest computation and retrieves the digest value into
+ the specified memory. After this function has been called, the HMAC-SHA1 context cannot
+ be used again.
+ HMAC-SHA1 context should be already correctly intialized by HmacSha1Init(), and should
+ not be finalized by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined.
+
+ If HmacSha1Context is NULL, then ASSERT().
+ If HmacValue is NULL, then ASSERT().
+
+ @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
+ @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest
+ value (20 bytes).
+
+ @retval TRUE HMAC-SHA1 digest computation succeeded.
+ @retval FALSE HMAC-SHA1 digest computation failed.
+
+**/
+BOOLEAN
+EFIAPI
+HmacSha1Final (
+ IN OUT VOID *HmacSha1Context,
+ OUT UINT8 *HmacValue
+ )
+{
+ UINT32 Length;
+
+ //
+ // ASSERT if HmacSha1Context is NULL or HmacValue is NULL
+ //
+ ASSERT (HmacSha1Context != NULL);
+ ASSERT (HmacValue != NULL);
+
+ //
+ // OpenSSL HMAC-SHA1 digest finalization
+ //
+ HMAC_Final (HmacSha1Context, HmacValue, &Length);
+ HMAC_CTX_cleanup (HmacSha1Context);
+
+ return TRUE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h b/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h new file mode 100644 index 0000000000..6a898a8953 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h @@ -0,0 +1,32 @@ +/** @file
+ Internal include file for BaseCryptLib.
+
+Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __INTERNAL_CRYPT_LIB_H__
+#define __INTERNAL_CRYPT_LIB_H__
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseCryptLib.h>
+
+//
+// Environment Setting for OpenSSL-based UEFI Crypto Library.
+//
+#ifndef OPENSSL_SYSNAME_UWIN
+#define OPENSSL_SYSNAME_UWIN
+#endif
+
+#endif
+
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf index 30061a68ff..14a2b1909f 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -55,8 +55,6 @@ SysCall/Ia32/MathLShiftS64.S | GCC
SysCall/Ia32/MathRShiftU64.S | GCC
- SysCall/Ia32/Alloca.S | GCC
-
[Packages]
MdePkg/MdePkg.dec
CryptoPkg/CryptoPkg.dec
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c new file mode 100644 index 0000000000..b7e164cf43 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c @@ -0,0 +1,238 @@ +/** @file
+ Diffie-Hellman Wrapper Implementation over OpenSSL.
+
+Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+#include <openssl/dh.h>
+
+
+/**
+ Allocates and Initializes one Diffie-Hellman Context for subsequent use.
+
+ @return Pointer to the Diffie-Hellman Context that has been initialized.
+ If the allocations fails, DhNew() returns NULL.
+
+**/
+VOID *
+EFIAPI
+DhNew (
+ VOID
+ )
+{
+ //
+ // Allocates & Initializes DH Context by OpenSSL DH_new()
+ //
+ return (VOID *)DH_new ();
+}
+
+/**
+ Release the specified DH context.
+
+ If DhContext is NULL, then ASSERT().
+
+ @param[in] DhContext Pointer to the DH context to be released.
+
+**/
+VOID
+EFIAPI
+DhFree (
+ IN VOID *DhContext
+ )
+{
+ //
+ // Free OpenSSL DH Context
+ //
+ DH_free ((DH *)DhContext);
+}
+
+/**
+ Generates DH parameter.
+
+ Given generator g, and length of prime number p in bits, this function generates p,
+ and sets DH context according to value of g and p.
+
+ Before this function can be invoked, pseudorandom number generator must be correctly
+ initialized by RandomSeed().
+
+ If DhContext is NULL, then ASSERT().
+ If Prime is NULL, then ASSERT().
+
+ @param[in, out] DhContext Pointer to the DH context.
+ @param[in] Generator Value of generator.
+ @param[in] PrimeLength Length in bits of prime to be generated.
+ @param[out] Prime Pointer to the buffer to receive the generated prime number.
+
+ @retval TRUE DH pamameter generation succeeded.
+ @retval FALSE Value of Generator is not supported.
+ @retval FALSE PRNG fails to generate random prime number with PrimeLength.
+
+**/
+BOOLEAN
+EFIAPI
+DhGenerateParameter (
+ IN OUT VOID *DhContext,
+ IN UINTN Generator,
+ IN UINTN PrimeLength,
+ OUT UINT8 *Prime
+ )
+{
+ BOOLEAN RetVal;
+
+ if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) {
+ return FALSE;
+ }
+
+ RetVal = (BOOLEAN) DH_generate_parameters_ex (DhContext, (UINT32) PrimeLength, (UINT32) Generator, NULL);
+ if (!RetVal) {
+ return FALSE;
+ }
+
+ BN_bn2bin (((DH *) DhContext)->p, Prime);
+
+ return TRUE;
+}
+
+/**
+ Sets generator and prime parameters for DH.
+
+ Given generator g, and prime number p, this function and sets DH
+ context accordingly.
+
+ If DhContext is NULL, then ASSERT().
+ If Prime is NULL, then ASSERT().
+
+ @param[in, out] DhContext Pointer to the DH context.
+ @param[in] Generator Value of generator.
+ @param[in] PrimeLength Length in bits of prime to be generated.
+ @param[in] Prime Pointer to the prime number.
+
+ @retval TRUE DH pamameter setting succeeded.
+ @retval FALSE Value of Generator is not supported.
+ @retval FALSE Value of Generator is not suitable for the Prime.
+ @retval FALSE Value of Prime is not a prime number.
+ @retval FALSE Value of Prime is not a safe prime number.
+
+**/
+BOOLEAN
+EFIAPI
+DhSetParameter (
+ IN OUT VOID *DhContext,
+ IN UINTN Generator,
+ IN UINTN PrimeLength,
+ IN CONST UINT8 *Prime
+ )
+{
+ DH *Dh;
+
+ if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) {
+ return FALSE;
+ }
+
+ Dh = (DH *) DhContext;
+ Dh->p = BN_new();
+ Dh->g = BN_new();
+
+ BN_bin2bn (Prime, (UINT32) (PrimeLength / 8), Dh->p);
+ BN_set_word (Dh->g, (UINT32) Generator);
+
+ return TRUE;
+}
+
+/**
+ Generates DH public key.
+
+ This function generates random secret exponent, and computes the public key, which is
+ returned via parameter PublicKey and PublicKeySize. DH context is updated accordingly.
+ If the PublicKey buffer is too small to hold the public key, FALSE is returned and
+ PublicKeySize is set to the required buffer size to obtain the public key.
+
+ If DhContext is NULL, then ASSERT().
+ If PublicKeySize is NULL, then ASSERT().
+ If PublicKeySize is large enough but PublicKey is NULL, then ASSERT().
+
+ @param[in, out] DhContext Pointer to the DH context.
+ @param[out] PublicKey Pointer to the buffer to receive generated public key.
+ @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes.
+ On output, the size of data returned in PublicKey buffer in bytes.
+
+ @retval TRUE DH public key generation succeeded.
+ @retval FALSE DH public key generation failed.
+ @retval FALSE PublicKeySize is not large enough.
+
+**/
+BOOLEAN
+EFIAPI
+DhGenerateKey (
+ IN OUT VOID *DhContext,
+ OUT UINT8 *PublicKey,
+ IN OUT UINTN *PublicKeySize
+ )
+{
+ BOOLEAN RetVal;
+ DH *Dh;
+
+ Dh = (DH *) DhContext;
+ *PublicKeySize = 0;
+
+ RetVal = (BOOLEAN) DH_generate_key (DhContext);
+ if (RetVal) {
+ BN_bn2bin (Dh->pub_key, PublicKey);
+ *PublicKeySize = BN_num_bytes (Dh->pub_key);
+ }
+
+ return RetVal;
+}
+
+/**
+ Computes exchanged common key.
+
+ Given peer's public key, this function computes the exchanged common key, based on its own
+ context including value of prime modulus and random secret exponent.
+
+ If DhContext is NULL, then ASSERT().
+ If PeerPublicKey is NULL, then ASSERT().
+ If KeySize is NULL, then ASSERT().
+ If KeySize is large enough but Key is NULL, then ASSERT().
+
+ @param[in, out] DhContext Pointer to the DH context.
+ @param[in] PeerPublicKey Pointer to the peer's public key.
+ @param[in] PeerPublicKeySize Size of peer's public key in bytes.
+ @param[out] Key Pointer to the buffer to receive generated key.
+ @param[in, out] KeySize On input, the size of Key buffer in bytes.
+ On output, the size of data returned in Key buffer in bytes.
+
+ @retval TRUE DH exchanged key generation succeeded.
+ @retval FALSE DH exchanged key generation failed.
+ @retval FALSE KeySize is not large enough.
+
+**/
+BOOLEAN
+EFIAPI
+DhComputeKey (
+ IN OUT VOID *DhContext,
+ IN CONST UINT8 *PeerPublicKey,
+ IN UINTN PeerPublicKeySize,
+ OUT UINT8 *Key,
+ IN OUT UINTN *KeySize
+ )
+{
+ BIGNUM *Bn;
+
+ Bn = BN_bin2bn (PeerPublicKey, (UINT32) PeerPublicKeySize, NULL);
+
+ *KeySize = (BOOLEAN) DH_compute_key (Key, Bn, DhContext);
+
+ BN_free (Bn);
+
+ return TRUE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7.c index d0a6ea544a..ca0dd4f286 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7.c @@ -12,11 +12,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/
-#include <Library/BaseLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/DebugLib.h>
+#include "InternalCryptLib.h"
-#include <Library/BaseCryptLib.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/pkcs7.h>
@@ -36,8 +33,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. @param[in] InData Pointer to the content to be verified.
@param[in] DataLength Length of InData in bytes.
- @return TRUE The specified PKCS#7 signed data is valid.
- @return FALSE Invalid PKCS#7 signed data.
+ @retval TRUE The specified PKCS#7 signed data is valid.
+ @retval FALSE Invalid PKCS#7 signed data.
**/
BOOLEAN
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsa.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsa.c index 763213ab6b..2e84a2f43f 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsa.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsa.c @@ -12,18 +12,36 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/
-#include <Library/BaseLib.h>
-#include <Library/DebugLib.h>
-#include <Library/BaseMemoryLib.h>
+#include "InternalCryptLib.h"
-#include <Library/BaseCryptLib.h>
#include <openssl/rsa.h>
+#include <openssl/err.h>
+
+//
+// ASN.1 value for Hash Algorithm ID with the Distringuished Encoding Rules (DER)
+// Refer to Section 9.2 of PKCS#1 v2.1
+//
+CONST UINT8 Asn1IdMd5[] = {
+ 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,
+ 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10
+ };
+
+CONST UINT8 Asn1IdSha1[] = {
+ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
+ 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
+ };
+
+CONST UINT8 Asn1IdSha256[] = {
+ 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+ 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
+ 0x00, 0x04, 0x20
+ };
/**
- Allocates and Initializes one RSA Context for subsequent use.
+ Allocates and initializes one RSA context for subsequent use.
- @return Pointer to the RSA Context that has been initialized.
+ @return Pointer to the RSA context that has been initialized.
If the allocations fails, RsaNew() returns NULL.
**/
@@ -39,9 +57,10 @@ RsaNew ( return (VOID *)RSA_new ();
}
-
/**
- Release the specified RSA Context.
+ Release the specified RSA context.
+
+ If RsaContext is NULL, then ASSERT().
@param[in] RsaContext Pointer to the RSA context to be released.
@@ -52,36 +71,43 @@ RsaFree ( IN VOID *RsaContext
)
{
+ ASSERT (RsaContext != NULL);
+
//
// Free OpenSSL RSA Context
//
RSA_free ((RSA *)RsaContext);
}
-
/**
- Sets the tag-designated RSA key component into the established RSA context from
- the user-specified nonnegative integer (octet string format represented in RSA
- PKCS#1).
+ Sets the tag-designated key component into the established RSA context.
+
+ This function sets the tag-designated RSA key component into the established
+ RSA context from the user-specified non-negative integer (octet string format
+ represented in RSA PKCS#1).
+ If BigNumber is NULL, then the specified key componenet in RSA context is cleared.
If RsaContext is NULL, then ASSERT().
@param[in, out] RsaContext Pointer to RSA context being set.
@param[in] KeyTag Tag of RSA key component being set.
@param[in] BigNumber Pointer to octet integer buffer.
- @param[in] BnLength Length of big number buffer in bytes.
+ If NULL, then the specified key componenet in RSA
+ context is cleared.
+ @param[in] BnSize Size of big number buffer in bytes.
+ If BigNumber is NULL, then it is ignored.
- @return TRUE RSA key component was set successfully.
- @return FALSE Invalid RSA key component tag.
+ @retval TRUE RSA key component was set successfully.
+ @retval FALSE Invalid RSA key component tag.
**/
BOOLEAN
EFIAPI
RsaSetKey (
- IN OUT VOID *RsaContext,
- IN RSA_KEY_TAG KeyTag,
- IN CONST UINT8 *BigNumber,
- IN UINTN BnLength
+ IN OUT VOID *RsaContext,
+ IN RSA_KEY_TAG KeyTag,
+ IN CONST UINT8 *BigNumber,
+ IN UINTN BnSize
)
{
RSA *RsaKey;
@@ -107,7 +133,11 @@ RsaSetKey ( if (RsaKey->n != NULL) {
BN_free (RsaKey->n);
}
- RsaKey->n = BN_bin2bn (BigNumber, (int)BnLength, RsaKey->n);
+ RsaKey->n = NULL;
+ if (BigNumber == NULL) {
+ break;
+ }
+ RsaKey->n = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->n);
break;
//
@@ -117,7 +147,11 @@ RsaSetKey ( if (RsaKey->e != NULL) {
BN_free (RsaKey->e);
}
- RsaKey->e = BN_bin2bn (BigNumber, (int)BnLength, RsaKey->e);
+ RsaKey->e = NULL;
+ if (BigNumber == NULL) {
+ break;
+ }
+ RsaKey->e = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->e);
break;
//
@@ -127,7 +161,11 @@ RsaSetKey ( if (RsaKey->d != NULL) {
BN_free (RsaKey->d);
}
- RsaKey->d = BN_bin2bn (BigNumber, (int)BnLength, RsaKey->d);
+ RsaKey->d = NULL;
+ if (BigNumber == NULL) {
+ break;
+ }
+ RsaKey->d = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->d);
break;
//
@@ -137,7 +175,11 @@ RsaSetKey ( if (RsaKey->p != NULL) {
BN_free (RsaKey->p);
}
- RsaKey->p = BN_bin2bn (BigNumber, (int)BnLength, RsaKey->p);
+ RsaKey->p = NULL;
+ if (BigNumber == NULL) {
+ break;
+ }
+ RsaKey->p = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->p);
break;
//
@@ -147,7 +189,11 @@ RsaSetKey ( if (RsaKey->q != NULL) {
BN_free (RsaKey->q);
}
- RsaKey->q = BN_bin2bn (BigNumber, (int)BnLength, RsaKey->q);
+ RsaKey->q = NULL;
+ if (BigNumber == NULL) {
+ break;
+ }
+ RsaKey->q = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->q);
break;
//
@@ -157,7 +203,11 @@ RsaSetKey ( if (RsaKey->dmp1 != NULL) {
BN_free (RsaKey->dmp1);
}
- RsaKey->dmp1 = BN_bin2bn (BigNumber, (int)BnLength, RsaKey->dmp1);
+ RsaKey->dmp1 = NULL;
+ if (BigNumber == NULL) {
+ break;
+ }
+ RsaKey->dmp1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmp1);
break;
//
@@ -167,7 +217,11 @@ RsaSetKey ( if (RsaKey->dmq1 != NULL) {
BN_free (RsaKey->dmq1);
}
- RsaKey->dmq1 = BN_bin2bn (BigNumber, (int)BnLength, RsaKey->dmq1);
+ RsaKey->dmq1 = NULL;
+ if (BigNumber == NULL) {
+ break;
+ }
+ RsaKey->dmq1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmq1);
break;
//
@@ -177,16 +231,382 @@ RsaSetKey ( if (RsaKey->iqmp != NULL) {
BN_free (RsaKey->iqmp);
}
- RsaKey->iqmp = BN_bin2bn (BigNumber, (int)BnLength, RsaKey->iqmp);
+ RsaKey->iqmp = NULL;
+ if (BigNumber == NULL) {
+ break;
+ }
+ RsaKey->iqmp = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->iqmp);
+ break;
+
+ default:
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/**
+ Gets the tag-designated RSA key component from the established RSA context.
+
+ This function retrieves the tag-designated RSA key component from the
+ established RSA context as a non-negative integer (octet string format
+ represented in RSA PKCS#1).
+ If specified key component has not been set or has been cleared, then returned
+ BnSize is set to 0.
+ If the BigNumber buffer is too small to hold the contents of the key, FALSE
+ is returned and BnSize is set to the required buffer size to obtain the key.
+
+ If RsaContext is NULL, then ASSERT().
+ If BnSize is NULL, then ASSERT().
+ If BnSize is large enough but BigNumber is NULL, then ASSERT().
+
+ @param[in, out] RsaContext Pointer to RSA context being set.
+ @param[in] KeyTag Tag of RSA key component being set.
+ @param[out] BigNumber Pointer to octet integer buffer.
+ @param[in, out] BnSize On input, the size of big number buffer in bytes.
+ On output, the size of data returned in big number buffer in bytes.
+
+ @retval TRUE RSA key component was retrieved successfully.
+ @retval FALSE Invalid RSA key component tag.
+ @retval FALSE BnSize is too small.
+
+**/
+BOOLEAN
+EFIAPI
+RsaGetKey (
+ IN OUT VOID *RsaContext,
+ IN RSA_KEY_TAG KeyTag,
+ OUT UINT8 *BigNumber,
+ IN OUT UINTN *BnSize
+ )
+{
+ RSA *RsaKey;
+ BIGNUM *BnKey;
+ UINTN Size;
+
+ ASSERT (RsaContext != NULL);
+ ASSERT (BnSize != NULL);
+
+ RsaKey = (RSA *) RsaContext;
+ Size = *BnSize;
+ *BnSize = 0;
+
+ switch (KeyTag) {
+
+ //
+ // RSA Public Modulus (N)
+ //
+ case RsaKeyN:
+ if (RsaKey->n == NULL) {
+ return TRUE;
+ }
+ BnKey = RsaKey->n;
+ break;
+
+ //
+ // RSA Public Exponent (e)
+ //
+ case RsaKeyE:
+ if (RsaKey->e == NULL) {
+ return TRUE;
+ }
+ BnKey = RsaKey->e;
+ break;
+
+ //
+ // RSA Private Exponent (d)
+ //
+ case RsaKeyD:
+ if (RsaKey->d == NULL) {
+ return TRUE;
+ }
+ BnKey = RsaKey->d;
+ break;
+
+ //
+ // RSA Secret Prime Factor of Modulus (p)
+ //
+ case RsaKeyP:
+ if (RsaKey->p == NULL) {
+ return TRUE;
+ }
+ BnKey = RsaKey->p;
+ break;
+
+ //
+ // RSA Secret Prime Factor of Modules (q)
+ //
+ case RsaKeyQ:
+ if (RsaKey->q == NULL) {
+ return TRUE;
+ }
+ BnKey = RsaKey->q;
+ break;
+
+ //
+ // p's CRT Exponent (== d mod (p - 1))
+ //
+ case RsaKeyDp:
+ if (RsaKey->dmp1 == NULL) {
+ return TRUE;
+ }
+ BnKey = RsaKey->dmp1;
+ break;
+
+ //
+ // q's CRT Exponent (== d mod (q - 1))
+ //
+ case RsaKeyDq:
+ if (RsaKey->dmq1 == NULL) {
+ return TRUE;
+ }
+ BnKey = RsaKey->dmq1;
+ break;
+
+ //
+ // The CRT Coefficient (== 1/q mod p)
+ //
+ case RsaKeyQInv:
+ if (RsaKey->iqmp == NULL) {
+ return TRUE;
+ }
+ BnKey = RsaKey->iqmp;
break;
default:
return FALSE;
}
+ *BnSize = Size;
+ Size = BN_num_bytes (BnKey);
+
+ if (*BnSize < Size) {
+ *BnSize = Size;
+ return FALSE;
+ }
+
+ ASSERT (BigNumber != NULL);
+ *BnSize = BN_bn2bin (BnKey, BigNumber) ;
+
+ return TRUE;
+}
+
+/**
+ Generates RSA key components.
+
+ This function generates RSA key components. It takes RSA public exponent E and
+ length in bits of RSA modulus N as input, and generates all key components.
+ If PublicExponent is NULL, the default RSA public exponent (0x10001) will be used.
+
+ Before this function can be invoked, pseudorandom number generator must be correctly
+ initialized by RandomSeed().
+
+ If RsaContext is NULL, then ASSERT().
+
+ @param[in, out] RsaContext Pointer to RSA context being set.
+ @param[in] ModulusLength Length of RSA modulus N in bits.
+ @param[in] PublicExponent Pointer to RSA public exponent.
+ @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.
+
+ @retval TRUE RSA key component was generated successfully.
+ @retval FALSE Invalid RSA key component tag.
+
+**/
+BOOLEAN
+EFIAPI
+RsaGenerateKey (
+ IN OUT VOID *RsaContext,
+ IN UINTN ModulusLength,
+ IN CONST UINT8 *PublicExponent,
+ IN UINTN PublicExponentSize
+ )
+{
+ BIGNUM *KeyE;
+ BOOLEAN RetVal;
+
+ ASSERT (RsaContext != NULL);
+
+ KeyE = BN_new ();
+ if (PublicExponent == NULL) {
+ BN_set_word (KeyE, 0x10001);
+ } else {
+ BN_bin2bn (PublicExponent, (UINT32) PublicExponentSize, KeyE);
+ }
+
+ RetVal = FALSE;
+ if (RSA_generate_key_ex ((RSA *) RsaContext, (UINT32) ModulusLength, KeyE, NULL) == 1) {
+ RetVal = TRUE;
+ }
+
+ BN_free (KeyE);
+ return RetVal;
+}
+
+/**
+ Validates key components of RSA context.
+
+ This function validates key compoents of RSA context in following aspects:
+ - Whether p is a prime
+ - Whether q is a prime
+ - Whether n = p * q
+ - Whether d*e = 1 mod lcm(p-1,q-1)
+
+ If RsaContext is NULL, then ASSERT().
+
+ @param[in] RsaContext Pointer to RSA context to check.
+
+ @retval TRUE RSA key components are valid.
+ @retval FALSE RSA key components are not valid.
+
+**/
+BOOLEAN
+EFIAPI
+RsaCheckKey (
+ IN VOID *RsaContext
+ )
+{
+ UINTN Reason;
+
+ ASSERT (RsaContext != NULL);
+
+ if (RSA_check_key ((RSA *) RsaContext) != 1) {
+ Reason = ERR_GET_REASON (ERR_peek_last_error ());
+ if (Reason == RSA_R_P_NOT_PRIME ||
+ Reason == RSA_R_Q_NOT_PRIME ||
+ Reason == RSA_R_N_DOES_NOT_EQUAL_P_Q ||
+ Reason == RSA_R_D_E_NOT_CONGRUENT_TO_1) {
+ return FALSE;
+ }
+ }
+
return TRUE;
}
+/**
+ Performs the PKCS1-v1_5 encoding methods defined in RSA PKCS #1.
+
+ @param Message Message buffer to be encoded.
+ @param MessageSize Size of message buffer in bytes.
+ @param DigestInfo Pointer to buffer of digest info for output.
+
+ @return Size of DigestInfo in bytes.
+
+**/
+UINTN
+DigestInfoEncoding (
+ IN CONST UINT8 *Message,
+ IN UINTN MessageSize,
+ OUT UINT8 *DigestInfo
+ )
+{
+ CONST UINT8 *HashDer;
+ UINTN DerSize;
+
+ ASSERT (Message != NULL);
+ ASSERT (DigestInfo != NULL);
+
+ //
+ // The original message length is used to determine the hash algorithm since
+ // message is digest value hashed by the specified algorithm.
+ //
+ switch (MessageSize) {
+ case MD5_DIGEST_SIZE:
+ HashDer = Asn1IdMd5;
+ DerSize = sizeof (Asn1IdMd5);
+ break;
+
+ case SHA1_DIGEST_SIZE:
+ HashDer = Asn1IdSha1;
+ DerSize = sizeof (Asn1IdSha1);
+ break;
+
+ case SHA256_DIGEST_SIZE:
+ HashDer = Asn1IdSha256;
+ DerSize = sizeof (Asn1IdSha256);
+ break;
+
+ default:
+ return FALSE;
+ }
+
+ CopyMem (DigestInfo, HashDer, DerSize);
+ CopyMem (DigestInfo + DerSize, Message, MessageSize);
+
+ return (DerSize + MessageSize);
+}
+
+/**
+ Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.
+
+ This function carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme defined in
+ RSA PKCS#1.
+ If the Signature buffer is too small to hold the contents of signature, FALSE
+ is returned and SigSize is set to the required buffer size to obtain the signature.
+
+ If RsaContext is NULL, then ASSERT().
+ If MessageHash is NULL, then ASSERT().
+ If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-224, SHA-512 or SHA-384 digest, then ASSERT().
+ If SigSize is large enough but Signature is NULL, then ASSERT().
+
+ @param[in] RsaContext Pointer to RSA context for signature generation.
+ @param[in] MessageHash Pointer to octet message hash to be signed.
+ @param[in] HashSize Size of the message hash in bytes.
+ @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature.
+ @param[in, out] SigSize On input, the size of Signature buffer in bytes.
+ On output, the size of data returned in Signature buffer in bytes.
+
+ @retval TRUE Signature successfully generated in PKCS1-v1_5.
+ @retval FALSE Signature generation failed.
+ @retval FALSE SigSize is too small.
+
+**/
+BOOLEAN
+EFIAPI
+RsaPkcs1Sign (
+ IN VOID *RsaContext,
+ IN CONST UINT8 *MessageHash,
+ IN UINTN HashSize,
+ OUT UINT8 *Signature,
+ IN OUT UINTN *SigSize
+ )
+{
+ RSA *Rsa;
+ UINTN Size;
+ INTN ReturnVal;
+
+ ASSERT (RsaContext != NULL);
+ ASSERT (MessageHash != NULL);
+ ASSERT ((HashSize == MD5_DIGEST_SIZE) ||
+ (HashSize == SHA1_DIGEST_SIZE) ||
+ (HashSize == SHA256_DIGEST_SIZE));
+
+ Rsa = (RSA *) RsaContext;
+ Size = BN_num_bytes (Rsa->n);
+
+ if (*SigSize < Size) {
+ *SigSize = Size;
+ return FALSE;
+ }
+
+ ASSERT (Signature != NULL);
+
+ Size = DigestInfoEncoding (MessageHash, HashSize, Signature);
+
+ ReturnVal = RSA_private_encrypt (
+ (UINT32) Size,
+ Signature,
+ Signature,
+ Rsa,
+ RSA_PKCS1_PADDING
+ );
+
+ if (ReturnVal < (INTN) Size) {
+ return FALSE;
+ }
+
+ *SigSize = (UINTN)ReturnVal;
+ return TRUE;
+}
/**
Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in
@@ -195,16 +615,16 @@ RsaSetKey ( If RsaContext is NULL, then ASSERT().
If MessageHash is NULL, then ASSERT().
If Signature is NULL, then ASSERT().
- If HashLength is not equal to the size of MD5, SHA-1 or SHA-256 digest, then ASSERT().
+ If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-224, SHA-512 or SHA-384 digest, then ASSERT().
@param[in] RsaContext Pointer to RSA context for signature verification.
@param[in] MessageHash Pointer to octet message hash to be checked.
- @param[in] HashLength Length of the message hash in bytes.
+ @param[in] HashSize Size of the message hash in bytes.
@param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.
- @param[in] SigLength Length of signature in bytes.
+ @param[in] SigSize Size of signature in bytes.
- @return TRUE Valid signature encoded in PKCS1-v1_5.
- @return FALSE Invalid signature or invalid RSA context.
+ @retval TRUE Valid signature encoded in PKCS1-v1_5.
+ @retval FALSE Invalid signature or invalid RSA context.
**/
BOOLEAN
@@ -212,9 +632,9 @@ EFIAPI RsaPkcs1Verify (
IN VOID *RsaContext,
IN CONST UINT8 *MessageHash,
- IN UINTN HashLength,
+ IN UINTN HashSize,
IN UINT8 *Signature,
- IN UINTN SigLength
+ IN UINTN SigSize
)
{
INTN Length;
@@ -227,17 +647,17 @@ RsaPkcs1Verify ( ASSERT (Signature != NULL);
//
- // ASSERT if unsupported hash length:
+ // ASSERT if unsupported hash size:
// Only MD5, SHA-1 or SHA-256 digest size is supported
//
- ASSERT ((HashLength == MD5_DIGEST_SIZE) || (HashLength == SHA1_DIGEST_SIZE) ||
- (HashLength == SHA256_DIGEST_SIZE));
+ ASSERT ((HashSize == MD5_DIGEST_SIZE) || (HashSize == SHA1_DIGEST_SIZE) ||
+ (HashSize == SHA256_DIGEST_SIZE));
//
// RSA PKCS#1 Signature Decoding using OpenSSL RSA Decryption with Public Key
//
Length = RSA_public_decrypt (
- (int)SigLength,
+ (UINT32) SigSize,
Signature,
Signature,
RsaContext,
@@ -246,10 +666,10 @@ RsaPkcs1Verify ( //
// Invalid RSA Key or PKCS#1 Padding Checking Failed (if Length < 0)
- // NOTE: Length should be the addition of HashLength and some DER value.
+ // NOTE: Length should be the addition of HashSize and some DER value.
// Ignore more strict length checking here.
//
- if (Length < (INTN) HashLength) {
+ if (Length < (INTN) HashSize) {
return FALSE;
}
@@ -263,7 +683,7 @@ RsaPkcs1Verify ( // Then Memory Comparing should skip the DER value of the underlying SEQUENCE
// type and AlgorithmIdentifier.
//
- if (CompareMem (MessageHash, Signature + Length - HashLength, HashLength) == 0) {
+ if (CompareMem (MessageHash, Signature + Length - HashSize, HashSize) == 0) {
//
// Valid RSA PKCS#1 Signature
//
diff --git a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c new file mode 100644 index 0000000000..3ead6d1906 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c @@ -0,0 +1,88 @@ +/** @file
+ Pseudorandom Number Generator Wrapper Implementation over OpenSSL.
+
+Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalCryptLib.h"
+#include <openssl/rand.h>
+
+//
+// Default seed for UEFI Crypto Library
+//
+CONST UINT8 DefaultSeed[] = "UEFI Crypto Library default seed";
+
+/**
+ Sets up the seed value for the pseudorandom number generator.
+
+ This function sets up the seed value for the pseudorandom number generator.
+ If Seed is not NULL, then the seed passed in is used.
+ If Seed is NULL, then default seed is used.
+
+ @param[in] Seed Pointer to seed value.
+ If NULL, default seed is used.
+ @param[in] SeedSize Size of seed value.
+ If Seed is NULL, this parameter is ignored.
+
+ @retval TRUE Pseudorandom number generator has enough entropy for random generation.
+ @retval FALSE Pseudorandom number generator does not have enough entropy for random generation.
+
+**/
+BOOLEAN
+EFIAPI
+RandomSeed (
+ IN CONST UINT8 *Seed OPTIONAL,
+ IN UINTN SeedSize
+ )
+{
+ //
+ // Seed the pseudorandom number generator with user-supplied value.
+ // NOTE: A cryptographic PRNG must be seeded with unpredictable data.
+ //
+ if (Seed != NULL) {
+ RAND_seed (Seed, (UINT32) SeedSize);
+ } else {
+ RAND_seed (DefaultSeed, sizeof (DefaultSeed));
+ }
+
+ return TRUE;
+}
+
+/**
+ Generates a pseudorandom byte stream of the specified size.
+
+ If Output is NULL, then ASSERT().
+
+ @param[out] Output Pointer to buffer to receive random value.
+ @param[in] Size Size of randome bytes to generate.
+
+ @retval TRUE Pseudorandom byte stream generated successfully.
+ @retval FALSE Pseudorandom number generator fails to generate due to lack of entropy.
+
+**/
+BOOLEAN
+EFIAPI
+RandomBytes (
+ OUT UINT8 *Output,
+ IN UINTN Size
+ )
+{
+ ASSERT (Output != NULL);
+
+ //
+ // Generate random data.
+ //
+ if (RAND_bytes (Output, (UINT32) Size) != 1) {
+ return FALSE;
+ }
+
+ return TRUE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf index d31095be20..4b5ffd1a32 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -57,8 +57,6 @@ SysCall/Ia32/MathLShiftS64.S | GCC
SysCall/Ia32/MathRShiftU64.S | GCC
- SysCall/Ia32/Alloca.S | GCC
-
[Packages]
MdePkg/MdePkg.dec
CryptoPkg/CryptoPkg.dec
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf new file mode 100644 index 0000000000..21ebd00f86 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -0,0 +1,78 @@ +## @file
+# Cryptographic Library Instance for SMM driver.
+#
+# Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = SmmCryptLib
+ FILE_GUID = 028080a3-8958-4a62-a1a8-0fa1da162007
+ MODULE_TYPE = DXE_SMM_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = BaseCryptLib|DXE_SMM_DRIVER SMM_CORE
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ Hash/CryptMd5.c
+ Hash/CryptSha1.c
+ Hash/CryptSha256.c
+ Pk/CryptRsa.c
+ Pk/CryptPkcs7.c
+
+ SysCall/CrtWrapper.c
+ SysCall/RealTimeClock.c
+ SysCall/BaseMemAllocation.c
+
+[Sources.Ia32]
+ SysCall/HelperWrapper.c
+
+ SysCall/Ia32/MathMultS64x64.c | MSFT
+ SysCall/Ia32/MathDivU64x64.c | MSFT
+ SysCall/Ia32/MathReminderU64x64.c | MSFT
+ SysCall/Ia32/MathLShiftS64.c | MSFT
+ SysCall/Ia32/MathRShiftU64.c | MSFT
+
+ SysCall/Ia32/MathMultS64x64.c | INTEL
+ SysCall/Ia32/MathDivU64x64.c | INTEL
+ SysCall/Ia32/MathReminderU64x64.c | INTEL
+ SysCall/Ia32/MathLShiftS64.c | INTEL
+ SysCall/Ia32/MathRShiftU64.c | INTEL
+
+ SysCall/Ia32/MathMultS64x64.S | GCC
+ SysCall/Ia32/MathDivU64x64.S | GCC
+ SysCall/Ia32/MathReminderU64x64.S | GCC
+ SysCall/Ia32/MathLShiftS64.S | GCC
+ SysCall/Ia32/MathRShiftU64.S | GCC
+
+[Packages]
+ MdePkg/MdePkg.dec
+ CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ IoLib
+ BaseMemoryLib
+ MemoryAllocationLib
+ OpensslLib
+ IntrinsicLib
+
+#
+# Remove these [BuildOptions] after this library is cleaned up
+#
+[BuildOptions]
+ GCC:*_GCC44_IA32_CC_FLAGS = "-D__cdecl=__attribute__((cdecl))" "-D__declspec(t)=__attribute__((t))"
+
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/Alloca.S b/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/Alloca.S deleted file mode 100644 index 8496833ac8..0000000000 --- a/CryptoPkg/Library/BaseCryptLib/SysCall/Ia32/Alloca.S +++ /dev/null @@ -1,59 +0,0 @@ -#------------------------------------------------------------------------------
-#
-# Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
-# This program and the accompanying materials
-# are licensed and made available under the terms and conditions of the BSD License
-# which accompanies this distribution. The full text of the license may be found at
-# http://opensource.org/licenses/bsd-license.php.
-#
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-#
-# Module Name:
-#
-# Alloca.S
-#
-# Abstract:
-#
-# Implementation for allocation of automatically reclaimed memory, which is
-# used to allocate space off the runtime stack.
-# (NOTE: There is a assumption in this code that the page size equal to 4K)
-#
-#------------------------------------------------------------------------------
-
-
- .686:
- .code:
-
-ASM_GLOBAL ASM_PFX(_alloca)
-
-#------------------------------------------------------------------------------
-#
-# void __cdecl _alloca (unsigned size)
-#
-#------------------------------------------------------------------------------
-ASM_PFX(_alloca):
-
- pushl %ecx
- cmpl $0x1000, %eax
- leal 8(%esp), %ecx
- jb LastPage
-
-ProbePages:
- subl $0x1000, %ecx
- subl $0x1000, %eax
- testl %eax, 0(%ecx)
- cmpl $0x1000, %eax
- jae ProbePages
-
-LastPage:
- subl %eax, %ecx
- movl %esp, %eax
- testl %eax, 0(%ecx)
-
- movl %ecx, %esp
- movl 0(%eax), %ecx
- movl 4(%eax), %eax
- pushl %eax
-
- ret
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/RealTimeClock.c b/CryptoPkg/Library/BaseCryptLib/SysCall/RealTimeClock.c new file mode 100644 index 0000000000..84617b493f --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/RealTimeClock.c @@ -0,0 +1,222 @@ +/** @file
+ C Run-Time Libraries (CRT) Time Management Routines Wrapper Implementation
+ for OpenSSL-based Cryptographic Library (used in SMM).
+
+Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/IoLib.h>
+#include <OpenSslSupport.h>
+
+#define PCAT_RTC_ADDRESS_REGISTER 0x70
+#define PCAT_RTC_DATA_REGISTER 0x71
+
+#define RTC_ADDRESS_SECONDS 0 // R/W Range 0..59
+#define RTC_ADDRESS_SECONDS_ALARM 1 // R/W Range 0..59
+#define RTC_ADDRESS_MINUTES 2 // R/W Range 0..59
+#define RTC_ADDRESS_MINUTES_ALARM 3 // R/W Range 0..59
+#define RTC_ADDRESS_HOURS 4 // R/W Range 1..12 or 0..23 Bit 7 is AM/PM
+#define RTC_ADDRESS_HOURS_ALARM 5 // R/W Range 1..12 or 0..23 Bit 7 is AM/PM
+#define RTC_ADDRESS_DAY_OF_THE_WEEK 6 // R/W Range 1..7
+#define RTC_ADDRESS_DAY_OF_THE_MONTH 7 // R/W Range 1..31
+#define RTC_ADDRESS_MONTH 8 // R/W Range 1..12
+#define RTC_ADDRESS_YEAR 9 // R/W Range 0..99
+#define RTC_ADDRESS_REGISTER_A 10 // R/W[0..6] R0[7]
+#define RTC_ADDRESS_REGISTER_B 11 // R/W
+#define RTC_ADDRESS_REGISTER_C 12 // RO
+#define RTC_ADDRESS_REGISTER_D 13 // RO
+#define RTC_ADDRESS_CENTURY 50 // R/W Range 19..20 Bit 8 is R/W
+
+//
+// Register A
+//
+typedef struct {
+ UINT8 RS : 4; // Rate Selection Bits
+ UINT8 DV : 3; // Divisor
+ UINT8 UIP : 1; // Update in progress
+} RTC_REGISTER_A_BITS;
+
+typedef union {
+ RTC_REGISTER_A_BITS Bits;
+ UINT8 Data;
+} RTC_REGISTER_A;
+
+//
+// Register B
+//
+typedef struct {
+ UINT8 DSE : 1; // 0 - Daylight saving disabled 1 - Daylight savings enabled
+ UINT8 MIL : 1; // 0 - 12 hour mode 1 - 24 hour mode
+ UINT8 DM : 1; // 0 - BCD Format 1 - Binary Format
+ UINT8 SQWE : 1; // 0 - Disable SQWE output 1 - Enable SQWE output
+ UINT8 UIE : 1; // 0 - Update INT disabled 1 - Update INT enabled
+ UINT8 AIE : 1; // 0 - Alarm INT disabled 1 - Alarm INT Enabled
+ UINT8 PIE : 1; // 0 - Periodic INT disabled 1 - Periodic INT Enabled
+ UINT8 SET : 1; // 0 - Normal operation. 1 - Updates inhibited
+} RTC_REGISTER_B_BITS;
+
+typedef union {
+ RTC_REGISTER_B_BITS Bits;
+ UINT8 Data;
+} RTC_REGISTER_B;
+
+//
+// -- Time Management Routines --
+//
+
+#define IsLeap(y) (((y) % 4) == 0 && (((y) % 100) != 0 || ((y) % 400) == 0))
+#define SECSPERHOUR (60 * 60)
+#define SECSPERDAY (24 * SECSPERHOUR)
+
+//
+// The arrays give the cumulative number of days up to the first of the
+// month number used as the index (1 -> 12) for regular and leap years.
+// The value at index 13 is for the whole year.
+//
+UINTN CumulativeDays[2][14] = {
+ {
+ 0,
+ 0,
+ 31,
+ 31 + 28,
+ 31 + 28 + 31,
+ 31 + 28 + 31 + 30,
+ 31 + 28 + 31 + 30 + 31,
+ 31 + 28 + 31 + 30 + 31 + 30,
+ 31 + 28 + 31 + 30 + 31 + 30 + 31,
+ 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31,
+ 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30,
+ 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31,
+ 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30,
+ 31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30 + 31
+ },
+ {
+ 0,
+ 0,
+ 31,
+ 31 + 29,
+ 31 + 29 + 31,
+ 31 + 29 + 31 + 30,
+ 31 + 29 + 31 + 30 + 31,
+ 31 + 29 + 31 + 30 + 31 + 30,
+ 31 + 29 + 31 + 30 + 31 + 30 + 31,
+ 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31,
+ 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30,
+ 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31,
+ 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30,
+ 31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30 + 31
+ }
+};
+
+/**
+ Read RTC content through its registers.
+
+ @param Address Address offset of RTC. It is recommended to use macros such as
+ RTC_ADDRESS_SECONDS.
+
+ @return The data of UINT8 type read from RTC.
+**/
+UINT8
+RtcRead (
+ IN UINT8 Address
+ )
+{
+ IoWrite8 (PCAT_RTC_ADDRESS_REGISTER, (UINT8) (Address | (UINT8) (IoRead8 (PCAT_RTC_ADDRESS_REGISTER) & BIT7)));
+ return IoRead8 (PCAT_RTC_DATA_REGISTER);
+}
+
+/* Get the system time as seconds elapsed since midnight, January 1, 1970. */
+//INTN time(
+// INTN *timer
+// )
+time_t time (time_t *timer)
+{
+ UINT16 Year;
+ UINT8 Month;
+ UINT8 Day;
+ UINT8 Hour;
+ UINT8 Minute;
+ UINT8 Second;
+ UINT8 Century;
+ RTC_REGISTER_A RegisterA;
+ RTC_REGISTER_B RegisterB;
+ BOOLEAN IsPM;
+ UINT16 YearIndex;
+
+ RegisterA.Data = RtcRead (RTC_ADDRESS_REGISTER_A);
+ while (RegisterA.Bits.UIP == 1) {
+ CpuPause();
+ RegisterA.Data = RtcRead (RTC_ADDRESS_REGISTER_A);
+ }
+
+ Second = RtcRead (RTC_ADDRESS_SECONDS);
+ Minute = RtcRead (RTC_ADDRESS_MINUTES);
+ Hour = RtcRead (RTC_ADDRESS_HOURS);
+ Day = RtcRead (RTC_ADDRESS_DAY_OF_THE_MONTH);
+ Month = RtcRead (RTC_ADDRESS_MONTH);
+ Year = RtcRead (RTC_ADDRESS_YEAR);
+ Century = RtcRead (RTC_ADDRESS_CENTURY);
+
+ RegisterB.Data = RtcRead (RTC_ADDRESS_REGISTER_B);
+
+ if ((Hour & BIT7) != 0) {
+ IsPM = TRUE;
+ } else {
+ IsPM = FALSE;
+ }
+ Hour = (UINT8) (Hour & 0x7f);
+
+ if (RegisterB.Bits.DM == 0) {
+ Year = BcdToDecimal8 ((UINT8) Year);
+ Month = BcdToDecimal8 (Month);
+ Day = BcdToDecimal8 (Day);
+ Hour = BcdToDecimal8 (Hour);
+ Minute = BcdToDecimal8 (Minute);
+ Second = BcdToDecimal8 (Second);
+ }
+ Century = BcdToDecimal8 (Century);
+
+ Year = (UINT16) (Century * 100 + Year);
+
+ //
+ // If time is in 12 hour format, convert it to 24 hour format
+ //
+ if (RegisterB.Bits.MIL == 0) {
+ if (IsPM && Hour < 12) {
+ Hour = (UINT8) (Hour + 12);
+ }
+ if (!IsPM && Hour == 12) {
+ Hour = 0;
+ }
+ }
+
+ //
+ // Years Handling
+ // UTime should now be set to 00:00:00 on Jan 1 of the current year.
+ //
+ for (YearIndex = 1970, *timer = 0; YearIndex != Year; YearIndex++) {
+ *timer = *timer + (time_t)(CumulativeDays[IsLeap(YearIndex)][13] * SECSPERDAY);
+ }
+
+ //
+ // Add in number of seconds for current Month, Day, Hour, Minute, Seconds, and TimeZone adjustment
+ //
+ ASSERT (Month <= 12);
+ *timer = *timer +
+ (time_t)(CumulativeDays[IsLeap(Year)][Month] * SECSPERDAY) +
+ (time_t)((Day - 1) * SECSPERDAY) +
+ (time_t)(Hour * SECSPERHOUR) +
+ (time_t)(Minute * 60) +
+ (time_t)Second;
+
+ return *timer;
+}
|