From 4a567c9690db97ecbf982e9428727f073bada504 Mon Sep 17 00:00:00 2001 From: qlong Date: Fri, 31 Dec 2010 07:22:48 +0000 Subject: 1. Add new API supports for PEM & X509 key retrieving & verification; 2. Add new MD4 hash supports; 3. Add corresponding test case in Cryptest utility; 4. Fix MACRO definition issue in OpensslLib.inf and parameter checking issues in some wrapper implementations. git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11214 6f19259b-4bc3-4df7-8a09-765794883524 --- CryptoPkg/Include/Library/BaseCryptLib.h | 209 +++++++++++++++++++++++++++++++ CryptoPkg/Include/OpenSslSupport.h | 1 + 2 files changed, 210 insertions(+) (limited to 'CryptoPkg/Include') diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index ee8c44d367..5fbedd9439 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -18,6 +18,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #ifndef __BASE_CRYPT_LIB_H__ #define __BASE_CRYPT_LIB_H__ +/// +/// MD4 digest size in bytes +/// +#define MD4_DIGEST_SIZE 16 + /// /// MD5 digest size in bytes /// @@ -61,6 +66,109 @@ typedef enum { // One-Way Cryptographic Hash Primitives //===================================================================================== +/** + Retrieves the size, in bytes, of the context buffer required for MD4 hash operations. + + @return The size, in bytes, of the context buffer required for MD4 hash operations. + +**/ +UINTN +EFIAPI +Md4GetContextSize ( + VOID + ); + +/** + Initializes user-supplied memory pointed by Md4Context as MD4 hash context for + subsequent use. + + If Md4Context is NULL, then ASSERT(). + + @param[out] Md4Context Pointer to MD4 context being initialized. + + @retval TRUE MD4 context initialization succeeded. + @retval FALSE MD4 context initialization failed. + +**/ +BOOLEAN +EFIAPI +Md4Init ( + OUT VOID *Md4Context + ); + +/** + Makes a copy of an existing MD4 context. + + If Md4Context is NULL, then ASSERT(). + If NewMd4Context is NULL, then ASSERT(). + + @param[in] Md4Context Pointer to MD4 context being copied. + @param[out] NewMd4Context Pointer to new MD4 context. + + @retval TRUE MD4 context copy succeeded. + @retval FALSE MD4 context copy failed. + +**/ +BOOLEAN +EFIAPI +Md4Duplicate ( + IN CONST VOID *Md4Context, + OUT VOID *NewMd4Context + ); + +/** + Digests the input data and updates MD4 context. + + This function performs MD4 digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + MD4 context should be already correctly intialized by Md4Init(), and should not be finalized + by Md4Final(). Behavior with invalid context is undefined. + + If Md4Context is NULL, then ASSERT(). + + @param[in, out] Md4Context Pointer to the MD4 context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE MD4 data digest succeeded. + @retval FALSE MD4 data digest failed. + +**/ +BOOLEAN +EFIAPI +Md4Update ( + IN OUT VOID *Md4Context, + IN CONST VOID *Data, + IN UINTN DataSize + ); + +/** + Completes computation of the MD4 digest value. + + This function completes MD4 hash computation and retrieves the digest value into + the specified memory. After this function has been called, the MD4 context cannot + be used again. + MD4 context should be already correctly intialized by Md4Init(), and should not be + finalized by Md4Final(). Behavior with invalid MD4 context is undefined. + + If Md4Context is NULL, then ASSERT(). + If HashValue is NULL, then ASSERT(). + + @param[in, out] Md4Context Pointer to the MD4 context. + @param[out] HashValue Pointer to a buffer that receives the MD4 digest + value (16 bytes). + + @retval TRUE MD4 digest computation succeeded. + @retval FALSE MD4 digest computation failed. + +**/ +BOOLEAN +EFIAPI +Md4Final ( + IN OUT VOID *Md4Context, + OUT UINT8 *HashValue + ); + /** Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. @@ -1292,6 +1400,107 @@ RsaPkcs1Verify ( IN UINTN SigSize ); +/** + Retrieve the RSA Private Key from the password-protected PEM key data. + + @param[in] PemData Pointer to the PEM-encoded key data to be retrieved. + @param[in] PemSize Size of the PEM key data in bytes. + @param[in] Password NULL-terminated passphrase used for encrypted PEM key data. + @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved + RSA private key component. Use RsaFree() function to free the + resource. + + If PemData is NULL, then ASSERT(). + If RsaContext is NULL, then ASSERT(). + + @retval TRUE RSA Private Key was retrieved successfully. + @retval FALSE Invalid PEM key data or incorrect password. + +**/ +BOOLEAN +EFIAPI +RsaGetPrivateKeyFromPem ( + IN CONST UINT8 *PemData, + IN UINTN PemSize, + IN CONST CHAR8 *Password, + OUT VOID **RsaContext + ); + +/** + Retrieve the RSA Public Key from one DER-encoded X509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved + RSA public key component. Use RsaFree() function to free the + resource. + + If Cert is NULL, then ASSERT(). + If RsaContext is NULL, then ASSERT(). + + @retval TRUE RSA Public Key was retrieved successfully. + @retval FALSE Fail to retrieve RSA public key from X509 certificate. + +**/ +BOOLEAN +EFIAPI +RsaGetPublicKeyFromX509 ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT VOID **RsaContext + ); + +/** + Retrieve the subject bytes from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] CertSubject Pointer to the retrieved certificate subject bytes. + @param[in, out] SubjectSize The size in bytes of the CertSubject buffer on input, + and the size of buffer returned CertSubject on output. + + If Cert is NULL, then ASSERT(). + If SubjectSize is NULL, then ASSERT(). + + @retval TRUE The certificate subject retrieved successfully. + @retval FALSE Invalid certificate, or the SubjectSize is too small for the result. + The SubjectSize will be updated with the required size. + +**/ +BOOLEAN +EFIAPI +X509GetSubjectName ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *CertSubject, + IN OUT UINTN *SubjectSize + ); + +/** + Verify one X509 certificate was issued by the trusted CA. + + @param[in] Cert Pointer to the DER-encoded X509 certificate to be verified. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[in] CACert Pointer to the DER-encoded trusted CA certificate. + @param[in] CACertSize Size of the CA Certificate in bytes. + + If Cert is NULL, then ASSERT(). + If CACert is NULL, then ASSERT(). + + @retval TRUE The certificate was issued by the trusted CA. + @retval FALSE Invalid certificate or the certificate was not issued by the given + trusted CA. + +**/ +BOOLEAN +EFIAPI +X509VerifyCert ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN CONST UINT8 *CACert, + IN UINTN CACertSize + ); + /** Verifies the validility of a PKCS#7 signed data as described in "PKCS #7: Cryptographic Message Syntax Standard". diff --git a/CryptoPkg/Include/OpenSslSupport.h b/CryptoPkg/Include/OpenSslSupport.h index 1c51cdb302..571511582e 100644 --- a/CryptoPkg/Include/OpenSslSupport.h +++ b/CryptoPkg/Include/OpenSslSupport.h @@ -222,6 +222,7 @@ FILE *stdout; #define memset(dest,ch,count) SetMem(dest,(UINTN)(count),(UINT8)(ch)) #define memchr(buf,ch,count) ScanMem8(buf,(UINTN)(count),(UINT8)ch) #define memcmp(buf1,buf2,count) (int)(CompareMem(buf1,buf2,(UINTN)(count))) +#define memmove(dest,source,count) CopyMem(dest,source,(UINTN)(count)) #define strcmp AsciiStrCmp #define strncmp(string1,string2,count) (int)(AsciiStrnCmp(string1,string2,(UINTN)(count))) #define strcpy(strDest,strSource) AsciiStrCpy(strDest,strSource) -- cgit v1.2.3