diff options
Diffstat (limited to 'NetworkPkg/IpSecDxe/IpSecCryptIo.h')
| -rw-r--r-- | NetworkPkg/IpSecDxe/IpSecCryptIo.h | 676 |
1 files changed, 582 insertions, 94 deletions
diff --git a/NetworkPkg/IpSecDxe/IpSecCryptIo.h b/NetworkPkg/IpSecDxe/IpSecCryptIo.h index ddceb12bb6..87e5a494c5 100644 --- a/NetworkPkg/IpSecDxe/IpSecCryptIo.h +++ b/NetworkPkg/IpSecDxe/IpSecCryptIo.h @@ -1,5 +1,5 @@ /** @file
- Definition related to the Security operation.
+ Definitions related to the Cryptographic Operations in IPsec.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
@@ -12,15 +12,21 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
-
#ifndef _EFI_IPSEC_CRYPTIO_H_
#define _EFI_IPSEC_CRYPTIO_H_
#include <Protocol/IpSecConfig.h>
#include <Library/DebugLib.h>
+#include <Library/BaseCryptLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+
+#include "IpSecImpl.h"
+#include "IkeCommon.h"
-#define IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE 2
+#define IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE 4
#define IPSEC_AUTH_ALGORITHM_LIST_SIZE 3
+#define IPSEC_HASH_ALGORITHM_LIST_SIZE 3
///
/// Authentication Algorithm Definition
@@ -40,46 +46,49 @@ #define IKE_EALG_AESCBC 0x0C
/**
- Prototype of Hash GetContextSize.
-
+ Prototype of HMAC GetContextSize.
+
Retrieves the size, in bytes, of the context buffer required.
-
+
@return The size, in bytes, of the context buffer required.
**/
typedef
UINTN
-(EFIAPI *CPL_HASH_GETCONTEXTSIZE) (
+(EFIAPI *CRYPTO_HMAC_GETCONTEXTSIZE) (
VOID
);
/**
- Prototype of Hash Operation Initiating.
-
+ Prototype of HMAC Operation Initiating.
+
Initialization with a new context.
-
- @param[in,out] Context Input Context.
-
+ @param[out] Context Input Context.
+ @param[in] Key Pointer to the key for HMAC.
+ @param[in] KeySize The length of the Key in bytes.
+
@retval TRUE Initialization Successfully.
**/
typedef
-EFI_STATUS
-(EFIAPI *CPL_HASH_INIT) (
- IN OUT VOID *Context
+BOOLEAN
+(EFIAPI *CRYPTO_HMAC_INIT) (
+ OUT VOID *Context,
+ IN CONST UINT8 *Key,
+ IN UINTN KeySize
);
/**
- Prototype of HASH update.
- Hash update operation. Continue an Hash message digest operation, processing
- another message block, and updating the Hash context.
+ Prototype of HMAC update.
+ HMAC update operation. Continue an HMAC message digest operation, processing
+ another message block, and updating the HMAC context.
If Context is NULL, then ASSERT().
If Data is NULL, then ASSERT().
@param[in,out] Context The Specified Context.
- @param[in,out] Data The Input Data to hash.
+ @param[in,out] Data The Input Data to be digested.
@param[in] DataLength The length, in bytes, of Data.
@retval TRUE Update data successfully.
@@ -88,34 +97,34 @@ EFI_STATUS **/
typedef
BOOLEAN
-(EFIAPI *CPL_HASH_UPDATE) (
+(EFIAPI *CRYPTO_HMAC_UPDATE) (
IN OUT VOID *Context,
IN CONST VOID *Data,
IN UINTN DataLength
);
/**
- Prototype of Hash finallization.
- Terminate a Hash message digest operation and output the message digest.
+ Prototype of HMAC finallization.
+ Terminate a HMAC message digest operation and output the message digest.
If Context is NULL, then ASSERT().
If HashValue is NULL, then ASSERT().
@param[in,out] Context The specified Context.
- @param[out] HashValue Pointer to a 16-byte message digest output buffer.
+ @param[out] HmacValue Pointer to a 16-byte message digest output buffer.
@retval TRUE Finalized successfully.
**/
typedef
BOOLEAN
-(EFIAPI *CPL_HASH_FINAL) (
+(EFIAPI *CRYPTO_HMAC_FINAL) (
IN OUT VOID *Context,
- OUT UINT8 *HashValue
+ OUT UINT8 *HmacValue
);
/**
- Prototype of Cipher GetContextSize.
+ Prototype of Block Cipher GetContextSize.
Retrieves the size, in bytes, of the context buffer required.
@@ -124,12 +133,12 @@ BOOLEAN **/
typedef
UINTN
-(EFIAPI *CPL_CIPHER_GETCONTEXTSIZE) (
+(EFIAPI *CRYPTO_CIPHER_GETCONTEXTSIZE) (
VOID
);
/**
- Prototype of Cipher initiation.
+ Prototype of Block Cipher initiation.
Intializes the user-supplied key as the specifed context (key materials) for both
encryption and decryption operations.
@@ -137,21 +146,20 @@ UINTN If Key is NULL, then generate random key for usage.
@param[in,out] Context The specified Context.
- @param[in] Key User-supplied TDES key (64/128/192 bits).
+ @param[in] Key User-supplied cipher key.
@param[in] KeyBits Key length in bits.
- @retval TRUE TDES Initialization was successful.
+ @retval TRUE Block Cipher Initialization was successful.
**/
typedef
BOOLEAN
-(EFIAPI *CPL_CIPHER_INIT) (
+(EFIAPI *CRYPTO_CIPHER_INIT) (
IN OUT VOID *Context,
IN CONST UINT8 *Key,
- IN CONST UINTN KeyBits
+ IN UINTN KeyBits
);
-
/**
Prototype of Cipher encryption.
Encrypts plaintext message with the specified cipher.
@@ -163,22 +171,23 @@ BOOLEAN @param[in] Context The specified Context.
@param[in] InData The input plaintext data to be encrypted.
+ @param[in] InputSize The size of input data.
+ @param[in] Ivec Pointer to Initial Vector data for encryption.
@param[out] OutData The resultant encrypted ciphertext.
- @param[in] DataLength Length of input data in bytes.
@retval TRUE Encryption successful.
**/
typedef
BOOLEAN
-(EFIAPI *CPL_CIPHER_ENCRYPT) (
+(EFIAPI *CRYPTO_CIPHER_ENCRYPT) (
IN VOID *Context,
IN CONST UINT8 *InData,
- OUT UINT8 *OutData,
- IN CONST UINTN DataLength
+ IN UINTN InputSize,
+ IN CONST UINT8 *Ivec,
+ OUT UINT8 *OutData
);
-
/**
Prototype of Cipher decryption.
Decrypts cipher message with specified cipher.
@@ -189,61 +198,154 @@ BOOLEAN @param[in] Context The specified Context.
@param[in] InData The input ciphertext data to be decrypted.
+ @param[in] InputSize The InData size.
+ @param[in] Ivec Pointer to the Initial Vector data for decryption.
@param[out] OutData The resultant decrypted plaintext.
- @param[in] DataLength Length of input data in bytes.
@retval TRUE Decryption successful.
**/
typedef
BOOLEAN
-(EFIAPI *CPL_CIPHER_DECRYPT) (
- IN CONST VOID *Context,
+(EFIAPI *CRYPTO_CIPHER_DECRYPT) (
+ IN VOID *Context,
IN CONST UINT8 *InData,
- OUT UINT8 *OutData,
- IN CONST UINTN DataLength
+ IN UINTN InputSize,
+ IN CONST UINT8 *Ivec,
+ OUT UINT8 *OutData
+ );
+
+/**
+ Prototype of Hash ContextSize.
+
+ Retrieves the size, in bytes, of the context buffer required for specified hash operations.
+
+ @return The size, in bytes, of the context buffer required for certain hash operations.
+
+**/
+typedef
+UINTN
+(EFIAPI *CRYPTO_HASH_GETCONTEXTSIZE) (
+ VOID
+ );
+
+/**
+ Prototype of Hash Initiate.
+
+ Initializes user-supplied memory pointed by Context as specified hash context for
+ subsequent use.
+
+ If Context is NULL, then ASSERT().
+
+ @param[out] Context Pointer to specified context being initialized.
+
+ @retval TRUE context initialization succeeded.
+ @retval FALSE context initialization failed.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *CRYPTO_HASH_INIT) (
+ OUT VOID *Context
+ );
+
+/**
+ Prototype of Hash Update
+
+ Digests the input data and updates hash context.
+
+ This function performs digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ Context should be already correctly intialized by HashInit(), and should not be finalized
+ by HashFinal(). Behavior with invalid context is undefined.
+
+ If Context is NULL, then ASSERT().
+
+ @param[in, out] Context Pointer to the specified context.
+ @param[in] Data Pointer to the buffer containing the data to be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE data digest succeeded.
+ @retval FALSE data digest failed.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *CRYPTO_HASH_UPDATE) (
+ IN OUT VOID *Context,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Prototype of Hash Finalization.
+
+ Completes computation of the digest value.
+
+ This function completes hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the context cannot
+ be used again.
+ context should be already correctly intialized by HashInit(), and should not be
+ finalized by HashFinal(). Behavior with invalid context is undefined.
+
+ If Context is NULL, then ASSERT().
+ If HashValue is NULL, then ASSERT().
+
+ @param[in, out] Context Pointer to the specified context.
+ @param[out] HashValue Pointer to a buffer that receives the digest
+ value.
+
+ @retval TRUE digest computation succeeded.
+ @retval FALSE digest computation failed.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *CRYPTO_HASH_FINAL) (
+ IN OUT VOID *Context,
+ OUT UINT8 *HashValue
);
//
-// The struct used to store the informatino and operation of Cipher algorithm.
+// The struct used to store the information and operation of Block Cipher algorithm.
//
typedef struct _ENCRYPT_ALGORITHM {
-//
-// The ID of the Algorithm
-//
-UINT8 AlgorithmId;
-//
-// The Key length of the Algorithm
-//
-UINTN KeyLength;
-//
-// Iv Size of the Algorithm
-//
-UINTN IvLength;
-//
-// The Block Size of the Algorithm
-//
-UINTN BlockSize;
-//
-// The Function pointer of GetContextSize.
-//
-CPL_CIPHER_GETCONTEXTSIZE CipherGetContextSize;
-//
-// The Function pointer of Cipher intitiaion.
-//
-CPL_CIPHER_INIT CipherInitiate;
-//
-// The Function pointer of Cipher Encryption.
-//
-CPL_CIPHER_ENCRYPT CipherEncrypt;
-//
-// The Function pointer of Cipher Decrption.
-//
-CPL_CIPHER_DECRYPT CipherDecrypt;
+ //
+ // The ID of the Algorithm
+ //
+ UINT8 AlgorithmId;
+ //
+ // The Key length of the Algorithm
+ //
+ UINTN KeyLength;
+ //
+ // Iv Size of the Algorithm
+ //
+ UINTN IvLength;
+ //
+ // The Block Size of the Algorithm
+ //
+ UINTN BlockSize;
+ //
+ // The Function pointer of GetContextSize.
+ //
+ CRYPTO_CIPHER_GETCONTEXTSIZE CipherGetContextSize;
+ //
+ // The Function pointer of Cipher initiation.
+ //
+ CRYPTO_CIPHER_INIT CipherInitiate;
+ //
+ // The Function pointer of Cipher Encryption.
+ //
+ CRYPTO_CIPHER_ENCRYPT CipherEncrypt;
+ //
+ // The Function pointer of Cipher Decrption.
+ //
+ CRYPTO_CIPHER_DECRYPT CipherDecrypt;
} ENCRYPT_ALGORITHM;
//
-// The struct used to store the informatino and operation of Autahentication algorithm.
+// The struct used to store the information and operation of Autahentication algorithm.
//
typedef struct _AUTH_ALGORITHM {
//
@@ -252,8 +354,8 @@ typedef struct _AUTH_ALGORITHM { UINT8 AlgorithmId;
//
// The Key length of the Algorithm
- //
- UINTN KeyLength;
+ //
+ UINTN DigestLength;
//
// The ICV length of the Algorithm
//
@@ -265,25 +367,63 @@ typedef struct _AUTH_ALGORITHM { //
// The function pointer of GetContextSize.
//
- CPL_HASH_GETCONTEXTSIZE HashGetContextSize;
+ CRYPTO_HMAC_GETCONTEXTSIZE HmacGetContextSize;
//
- // The function pointer of Initiatoion
+ // The function pointer of Initiation
//
- CPL_HASH_INIT HashInitiate;
+ CRYPTO_HMAC_INIT HmacInitiate;
//
- // The function pointer of Hash Update.
+ // The function pointer of HMAC Update.
//
- CPL_HASH_UPDATE HashUpdate;
+ CRYPTO_HMAC_UPDATE HmacUpdate;
//
- // The fucntion pointer of Hash Final
+ // The fucntion pointer of HMAC Final
//
- CPL_HASH_FINAL HashFinal;
+ CRYPTO_HMAC_FINAL HmacFinal;
} AUTH_ALGORITHM;
+//
+// The struct used to store the informatino and operation of Hash algorithm.
+//
+typedef struct _HASH_ALGORITHM {
+ //
+ // ID of the Algorithm
+ //
+ UINT8 AlgorithmId;
+ //
+ // The Key length of the Algorithm
+ //
+ UINTN DigestLength;
+ //
+ // The ICV length of the Algorithm
+ //
+ UINTN IcvLength;
+ //
+ // The block size of the Algorithm
+ //
+ UINTN BlockSize;
+ //
+ // The function pointer of GetContextSize
+ //
+ CRYPTO_HASH_GETCONTEXTSIZE HashGetContextSize;
+ //
+ // The function pointer of Initiation
+ //
+ CRYPTO_HASH_INIT HashInitiate;
+ //
+ // The function pointer of Hash Update
+ //
+ CRYPTO_HASH_UPDATE HashUpdate;
+ //
+ // The fucntion pointer of Hash Final
+ //
+ CRYPTO_HASH_FINAL HashFinal;
+} HASH_ALGORITHM;
+
/**
- Get the IV size of encrypt alogrithm. IV size is different from different algorithm.
+ Get the IV size of specified encryption alogrithm.
- @param[in] AlgorithmId The encrypt algorithm ID.
+ @param[in] AlgorithmId The encryption algorithm ID.
@return The value of IV size.
@@ -294,9 +434,9 @@ IpSecGetEncryptIvLength ( );
/**
- Get the block size of encrypt alogrithm. Block size is different from different algorithm.
+ Get the block size of specified encryption alogrithm.
- @param[in] AlgorithmId The encrypt algorithm ID.
+ @param[in] AlgorithmId The encryption algorithm ID.
@return The value of block size.
@@ -307,16 +447,42 @@ IpSecGetEncryptBlockSize ( );
/**
- Get the ICV size of Authenticaion alogrithm. ICV size is different from different algorithm.
+ Get the required key length of the specified encryption alogrithm.
- @param[in] AuthAlgorithmId The Authentication algorithm ID.
+ @param[in] AlgorithmId The encryption algorithm ID.
+
+ @return The value of key length.
+
+**/
+UINTN
+IpSecGetEncryptKeyLength (
+ IN UINT8 AlgorithmId
+ );
+
+/**
+ Get the ICV size of the specified Authenticaion alogrithm.
+
+ @param[in] AlgorithmId The Authentication algorithm ID.
@return The value of ICV size.
**/
UINTN
IpSecGetIcvLength (
- IN UINT8 AuthAlgorithmId
+ IN UINT8 AlgorithmId
+ );
+
+/**
+ Get the HMAC digest length by the specified Algorithm ID.
+
+ @param[in] AlgorithmId The specified Alogrithm ID.
+
+ @return The digest length of the specified Authentication Algorithm ID.
+
+**/
+UINTN
+IpSecGetHmacDigestLength (
+ IN UINT8 AlgorithmId
);
/**
@@ -324,7 +490,7 @@ IpSecGetIcvLength ( IV and return EFI_SUCCESS.
@param[in] IvBuffer The pointer of the IV buffer.
- @param[in] IvSize The IV size.
+ @param[in] IvSize The IV size in bytes.
@retval EFI_SUCCESS Create random data for IV.
@@ -335,5 +501,327 @@ IpSecGenerateIv ( IN UINTN IvSize
);
+/**
+ Encrypt the buffer.
+
+ This function calls relevant encryption interface from CryptoLib according to
+ the input alogrithm ID. The InData should be multiple of block size. This function
+ doesn't perform the padding. If it has the Ivec data, the length of it should be
+ same with the block size. The block size is different from the different algorithm.
+
+ @param[in] AlgorithmId The Alogrithem identification defined in RFC.
+ @param[in] Key Pointer to the buffer containing encrypting key.
+ @param[in} KeyBits The length of the key in bits.
+ @param[in] Ivec Point to the buffer containning the Initializeion
+ Vector (IV) data.
+ @param[in] InData Point to the buffer containing the data to be
+ encrypted.
+ @param[in] InDataLength The length of InData in Bytes.
+ @param[out] OutData Point to the buffer that receives the encryption
+ output.
+
+ @retval EFI_UNSUPPORTED The input Algorithm is not supported.
+ @retval EFI_OUT_OF_RESOURCE The required resource can't be allocated.
+ @retval EFI_SUCCESS The operation completed successfully.
+
+**/
+EFI_STATUS
+IpSecCryptoIoEncrypt (
+ IN CONST UINT8 AlgorithmId,
+ IN CONST UINT8 *Key,
+ IN CONST UINTN KeyBits,
+ IN CONST UINT8 *Ivec, OPTIONAL
+ IN UINT8 *InData,
+ IN UINTN InDataLength,
+ OUT UINT8 *OutData
+ );
+
+/**
+ Decrypts the buffer.
+
+ This function calls relevant Decryption interface from CryptoLib according to
+ the input alogrithm ID. The InData should be multiple of block size. This function
+ doesn't perform the padding. If it has the Ivec data, the length of it should be
+ same with the block size. The block size is different from the different algorithm.
+
+ @param[in] AlgorithmId The Alogrithem identification defined in RFC.
+ @param[in] Key Pointer to the buffer containing encrypting key.
+ @param[in} KeyBits The length of the key in bits.
+ @param[in] Ivec Point to the buffer containning the Initializeion
+ Vector (IV) data.
+ @param[in] InData Point to the buffer containing the data to be
+ Decrypted.
+ @param[in] InDataLength The length of InData in Bytes.
+ @param[out] OutData Pointer to the buffer that receives the decryption
+ output.
+
+ @retval EFI_UNSUPPORTED The input Algorithm is not supported.
+ @retval EFI_OUT_OF_RESOURCE The required resource can't be allocated.
+ @retval EFI_SUCCESS The operation completed successfully.
+
+**/
+EFI_STATUS
+IpSecCryptoIoDecrypt (
+ IN CONST UINT8 AlgorithmId,
+ IN CONST UINT8 *Key,
+ IN CONST UINTN KeyBits,
+ IN CONST UINT8 *Ivec, OPTIONAL
+ IN UINT8 *InData,
+ IN UINTN InDataLength,
+ OUT UINT8 *OutData
+ );
+
+/**
+ Digests the Payload with key and store the result into the OutData.
+
+ This function calls relevant Hmac interface from CryptoLib according to
+ the input alogrithm ID. It computes all datas from InDataFragment and output
+ the result into the OutData buffer. If the OutDataSize is larger than the related
+ HMAC alogrithm output size, return EFI_INVALID_PARAMETER.
+
+ @param[in] AlgorithmId The authentication Identification.
+ @param[in] Key Pointer of the authentication key.
+ @param[in] KeyLength The length of the Key in bytes.
+ @param[in] InDataFragment The list contains all data to be authenticated.
+ @param[in] FragmentCount The size of the InDataFragment.
+ @param[out] OutData For in, the buffer to receive the output data.
+ For out, the buffer contains the authenticated data.
+ @param[in] OutDataSize The size of the buffer of OutData.
+
+ @retval EFI_UNSUPPORTED If the AuthAlg is not in the support list.
+ @retval EFI_INVALID_PARAMETER The OutData buffer size is larger than algorithm digest size.
+ @retval EFI_SUCCESS Authenticate the payload successfully.
+ @retval otherwise Authentication of the payload fails.
+
+**/
+EFI_STATUS
+IpSecCryptoIoHmac (
+ IN CONST UINT8 AlgorithmId,
+ IN CONST UINT8 *Key,
+ IN UINTN KeyLength,
+ IN HASH_DATA_FRAGMENT *InDataFragment,
+ IN UINTN FragmentCount,
+ OUT UINT8 *OutData,
+ IN UINTN OutDataSize
+ );
+
+/**
+ Digests the Payload and store the result into the OutData.
+
+ This function calls relevant Hash interface from CryptoLib according to
+ the input alogrithm ID. It computes all datas from InDataFragment and output
+ the result into the OutData buffer. If the OutDataSize is larger than the related
+ Hash alogrithm output size, return EFI_INVALID_PARAMETER.
+
+ @param[in] AlgorithmId The authentication Identification.
+ @param[in] InDataFragment A list contains all data to be authenticated.
+ @param[in] FragmentCount The size of the InDataFragment.
+ @param[out] OutData For in, the buffer to receive the output data.
+ For out, the buffer contains the authenticated data.
+ @param[in] OutDataSize The size of the buffer of OutData.
+
+ @retval EFI_UNSUPPORTED If the AuthAlg is not in the support list.
+ @retval EFI_SUCCESS Authenticated the payload successfully.
+ @retval EFI_INVALID_PARAMETER If the OutDataSize is larger than the related Hash
+ algorithm could handle.
+ @retval otherwise Authentication of the payload failed.
+
+**/
+EFI_STATUS
+IpSecCryptoIoHash (
+ IN CONST UINT8 AlgorithmId,
+ IN HASH_DATA_FRAGMENT *InDataFragment,
+ IN UINTN FragmentCount,
+ OUT UINT8 *OutData,
+ IN UINTN OutDataSize
+ );
+
+/**
+ Generates the Diffie-Hellman public key.
+
+ This function first initiate a DHContext, then call the DhSetParameter() to set
+ the prime and primelenght, at end call the DhGenerateKey() to generates random
+ secret exponent, and computes the public key. The output returned via parameter
+ PublicKey and PublicKeySize. DH context is updated accordingly. If the PublicKey
+ buffer is too small to hold the public key, EFI_INVALID_PARAMETER is returned
+ and PublicKeySize is set to the required buffer size to obtain the public key.
+
+ @param[in, out] DhContext Pointer to the DH context.
+ @param[in] Generator Vlaue of generator.
+ @param[in] PrimeLength Length in bits of prime to be generated.
+ @param[in] Prime Pointer to the buffer to receive the generated
+ prime number.
+ @param[out] PublicKey Pointer to the buffer to receive generated public key.
+ @param[in, out] PublicKeySize For in, the size of PublicKey buffer in bytes.
+ For out, the size of data returned in PublicKey
+ buffer in bytes.
+
+ @retval EFI_SUCCESS The operation perfoms successfully.
+ @retval Otherwise The operation is failed.
+
+**/
+EFI_STATUS
+IpSecCryptoIoDhGetPublicKey (
+ IN OUT UINT8 **DhContext,
+ IN UINTN Generator,
+ IN UINTN PrimeLength,
+ IN CONST UINT8 *Prime,
+ OUT UINT8 *PublicKey,
+ IN OUT UINTN *PublicKeySize
+ );
+
+/**
+ Generates exchanged common key.
+
+ Given peer's public key, this function computes the exchanged common key, based
+ on its own context including value of prime modulus and random secret exponent.
+
+ @param[in, out] DhContext Pointer to the DH context.
+ @param[in] PeerPublicKey Pointer to the peer's Public Key.
+ @param[in] PeerPublicKeySize Size of peer's public key in bytes.
+ @param[out] Key Pointer to the buffer to receive generated key.
+ @param[in, out] KeySize For in, the size of Key buffer in bytes.
+ For out, the size of data returned in Key
+ buffer in bytes.
+
+ @retval EFI_SUCCESS The operation perfoms successfully.
+ @retval Otherwise The operation is failed.
+
+**/
+EFI_STATUS
+IpSecCryptoIoDhComputeKey (
+ IN OUT UINT8 *DhContext,
+ IN CONST UINT8 *PeerPublicKey,
+ IN UINTN PeerPublicKeySize,
+ OUT UINT8 *Key,
+ IN OUT UINTN *KeySize
+ );
+
+/**
+ Releases the DH context. If DhContext is NULL, return EFI_INVALID_PARAMETER.
+
+ @param[in, out] DhContext Pointer to the DH context to be freed.
+
+ @retval EFI_SUCCESS The operation perfoms successfully.
+ @retval EFI_INVALID_PARAMETER The DhContext is NULL.
+
+**/
+EFI_STATUS
+IpSecCryptoIoFreeDh (
+ IN OUT UINT8 **DhContext
+ );
+
+/**
+ Generates random numbers of specified size.
+
+ If the Random Generator wasn't initiated, initiate it first, then call RandomBytes.
+
+ @param[out] OutBuffer Pointer to buffer to receive random value.
+ @param[in] Bytes Size of randome bytes to generate.
+
+ @retval EFI_SUCCESS The operation perfoms successfully.
+ @retval Otherwise The operation is failed.
+
+**/
+EFI_STATUS
+IpSecCryptoIoGenerateRandomBytes (
+ OUT UINT8* OutBuffer,
+ IN UINTN Bytes
+ );
+
+/**
+ Authenticate data with the certificate.
+
+ @param[in] InData Pointer to the Data to be signed.
+ @param[in] InDataSize InData size in bytes.
+ @param[in] PrivateKey Pointer to the private key.
+ @param[in] PrivateKeySize The size of Private Key in bytes.
+ @param[in] KeyPassWord Pointer to the password for retrieving private key.
+ @param[in] KeyPwdSize The size of Key Password in bytes.
+ @param[out] OutData The pointer to the signed data.
+ @param[in, out] OutDataSize Pointer to contain the size of out data.
+
+**/
+VOID
+IpSecCryptoIoAuthDataWithCertificate (
+ IN UINT8 *InData,
+ IN UINTN InDataSize,
+ IN UINT8 *PrivateKey,
+ IN UINTN PrivateKeySize,
+ IN UINT8 *KeyPassWord,
+ IN UINTN KeyPwdSize,
+ OUT UINT8 **OutData,
+ IN OUT UINTN *OutDataSize
+ );
+
+/**
+ Verify the singed data with the public key which is contained in a certificate.
+
+ @param[in] InCert Pointer to the Certificate which contains the
+ public key.
+ @param[in] InCertLen The size of Certificate in bytes.
+ @param[in] InCa Pointer to the CA certificate
+ @param[in] CaLen The size of CA certificate in bytes.
+ @param[in] InData Pointer to octect message hash to be checked.
+ @param[in] InDataSize Size of the message hash in bytes.
+ @param[in] Singnature The pointer to the RSA PKCS1-V1_5 signature to be verifed.
+ @param[in] SigSize Size of signature in bytes.
+
+ @retval TRUE Valid signature encoded in PKCS1-v1_5.
+ @retval FALSE Invalid signature or invalid RSA context.
+
+**/
+BOOLEAN
+IpSecCryptoIoVerifySignDataByCertificate (
+ IN UINT8 *InCert,
+ IN UINTN CertLen,
+ IN UINT8 *InCa,
+ IN UINTN CaLen,
+ IN UINT8 *InData,
+ IN UINTN InDataSize,
+ IN UINT8 *Singnature,
+ IN UINTN SigSize
+ );
+
+/**
+ Retrieves the RSA Public Key from one X509 certificate (DER format only).
+
+ @param[in] InCert Pointer to the certificate.
+ @param[in] CertLen The size of the certificate in bytes.
+ @param[out] PublicKey Pointer to the retrieved public key.
+ @param[out] PublicKeyLen Size of Public Key in bytes.
+
+ @retval EFI_SUCCESS Successfully get the public Key.
+ @retval EFI_INVALID_PARAMETER The CA certificate is malformed.
+
+**/
+EFI_STATUS
+IpSecCryptoIoGetPublicKeyFromCert (
+ IN UINT8 *InCert,
+ IN UINTN CertLen,
+ OUT UINT8 **PublicKey,
+ OUT UINTN *PublicKeyLen
+ );
+
+/**
+ Retrieves the subject name from one X509 certificate (DER format only).
+
+ @param[in] InCert Pointer to the X509 certificate.
+ @param[in] CertSize The size of the X509 certificate in bytes.
+ @param[out] CertSubject Pointer to the retrieved certificate subject.
+ @param[out] SubjectSize The size of Certificate Subject in bytes.
+
+ @retval EFI_SUCCESS Retrieved the certificate subject successfully.
+ @retval EFI_INVALID_PARAMETER The certificate is malformed.
+
+**/
+EFI_STATUS
+IpSecCryptoIoGetSubjectFromCert (
+ IN UINT8 *InCert,
+ IN UINTN CertSize,
+ OUT UINT8 **CertSubject,
+ OUT UINTN *SubjectSize
+ );
+
#endif
|