//********************************************************************** //********************************************************************** //** ** //** (C)Copyright 1985-2011, American Megatrends, Inc. ** //** ** //** All Rights Reserved. ** //** ** //** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 ** //** ** //** Phone: (770)-246-8600 ** //** ** //********************************************************************** //********************************************************************** //********************************************************************** // $Header: /Alaska/BIN/Modules/CryptoPkg/Lib/Include/BaseCryptLib.h 1 6/13/11 5:19p Alexp $ // // $Revision: 1 $ // // $Date: 6/13/11 5:19p $ //********************************************************************** // Revision History // ---------------- // $Log: /Alaska/BIN/Modules/CryptoPkg/Lib/Include/BaseCryptLib.h $ // // 1 6/13/11 5:19p Alexp // // 1 5/06/11 6:12p Alexp // initial module release // // 2 5/05/11 3:39p Alexp // add Help hdrs // //********************************************************************** // //---------------------------------------------------------------------------- // // Name: BaseCryptLib.h // // Description: Defines base cryptographic library APIs compatible with EDK2 BaseCryptLib. // The Base Cryptographic Library provides implementations of basic cryptography // primitives (SHA-1, SHA-256, RSA, etc) for UEFI security functionality enabling. // //---------------------------------------------------------------------------- // #ifndef __BASE_CRYPT_LIB_H__ #define __BASE_CRYPT_LIB_H__ #include //===================================================================================== // One-Way Cryptographic Hash Primitives //===================================================================================== /// /// SHA-1 digest size in bytes. /// #define SHA1_DIGEST_SIZE 20 /// /// SHA-256 digest size in bytes /// #define SHA256_DIGEST_SIZE 32 // //---------------------------------------------------------------------------- // // Procedure: Sha1GetContextSize // // Description: Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations. // // Input:none // // Output: The size, in bytes, of the context buffer required for SHA-1 hash operations. // //---------------------------------------------------------------------------- // UINTN Sha1GetContextSize ( VOID ); // //---------------------------------------------------------------------------- // // Procedure: Sha1Init // // Description: Initializes user-supplied memory pointed by Sha1Context as the SHA-1 hash context for // subsequent use. If Sha1Context is NULL, then ASSERT(). // // Input: // param[in, out] Sha1Context Pointer to the SHA-1 Context being initialized. // // Output: // retval TRUE SHA-1 initialization succeeded. // //---------------------------------------------------------------------------- // BOOLEAN Sha1Init ( IN OUT VOID *Sha1Context ); /** Performs SHA-1 digest on a data buffer of the specified length. This function can be called multiple times to compute the digest of long or discontinuous data streams. If Sha1Context is NULL, then ASSERT(). @param[in, out] Sha1Context Pointer to the SHA-1 context. @param[in] Data Pointer to the buffer containing the data to be hashed. @param[in] DataLength Length of Data buffer in bytes. @retval TRUE SHA-1 data digest succeeded. @retval FALSE Invalid SHA-1 context. After Sha1Final function has been called, the SHA-1 context cannot be reused. **/ BOOLEAN Sha1Update ( IN OUT VOID *Sha1Context, IN CONST VOID *Data, IN UINTN DataLength ); // //---------------------------------------------------------------------------- // // Procedure: Sha1Final // // Description: Completes SHA-1 hash computation and retrieves the digest value into the specified // memory. After this function has been called, the SHA-1 context cannot be used again. // If Sha1Context is NULL, then ASSERT(). // If HashValue is NULL, then ASSERT(). // // Input: // param[in, out] Sha1Context Pointer to the SHA-1 context // param[out] HashValue Pointer to a buffer that receives the SHA-1 digest // value (20 bytes). // Output: TRUE SHA-1 digest computation succeeded. // //---------------------------------------------------------------------------- // BOOLEAN Sha1Final ( IN OUT VOID *Sha1Context, OUT UINT8 *HashValue ); // //---------------------------------------------------------------------------- // // Procedure: Sha256GetContextSize // // Description: Retrieves the size, in bytes, of the context buffer required for SHA256 hash operations. // // Input:none // Output: The size, in bytes, of the context buffer required for SHA256 hash operations. // //---------------------------------------------------------------------------- // UINTN Sha256GetContextSize ( VOID ); // //---------------------------------------------------------------------------- // // Procedure: Sha256Init // // Description: Initializes user-supplied memory pointed by Sha256Context as SHA-256 hash context for // subsequent use. If Sha256Context is NULL, then ASSERT(). // // Input: // param[in, out] Sha256Context Pointer to the SHA-1 Context being initialized. // // Output: // retval TRUE SHA-256 context initialization succeeded. // //---------------------------------------------------------------------------- // BOOLEAN Sha256Init ( IN OUT VOID *Sha256Context ); /** Performs SHA-256 digest on a data buffer of the specified length. This function can be called multiple times to compute the digest of long or discontinuous data streams. If Sha256Context is NULL, then ASSERT(). @param[in, out] Sha256Context Pointer to the SHA-256 context. @param[in] Data Pointer to the buffer containing the data to be hashed. @param[in] DataLength Length of Data buffer in bytes. @retval TRUE SHA-256 data digest succeeded. @retval FALSE Invalid SHA-256 context. After Sha256Final function has been called, the SHA-256 context cannot be reused. **/ BOOLEAN Sha256Update ( IN OUT VOID *Sha256Context, IN CONST VOID *Data, IN UINTN DataLength ); // //---------------------------------------------------------------------------- // // Procedure: Sha256Final // // Description: Completes SHA-256 hash computation and retrieves the digest value into the specified // memory. After this function has been called, the SHA-256 context cannot be used again. // If Sha256Context is NULL, then ASSERT(). // If HashValue is NULL, then ASSERT(). // // Input: // param[in, out] Sha256Context Pointer to SHA-256 context // param[out] HashValue Pointer to a buffer that receives the SHA-256 digest // value (32 bytes). // Output: TRUE SHA-256 digest computation succeeded. // //---------------------------------------------------------------------------- // BOOLEAN Sha256Final ( IN OUT VOID *Sha256Context, OUT UINT8 *HashValue ); //===================================================================================== // MAC (Message Authentication Code) Primitive //===================================================================================== /// /// No MAC supports for minimum scope required by UEFI /// //===================================================================================== // Symmetric Cryptography Primitive //===================================================================================== /// /// No symmetric cryptographic supports for minimum scope required by UEFI /// //===================================================================================== // Asymmetric Cryptography Primitive //===================================================================================== #define DEFAULT_RSA_KEY_MODULUS_LEN 256 // 2048 bits #define DEFAULT_RSA_SIG_LEN DEFAULT_RSA_KEY_MODULUS_LEN // This is true as long as > data // //---------------------------------------------------------------------------- // // Procedure: RsaNew // // Description: Allocates and Initializes one RSA Context for subsequent use. // // Input: // // Output: Pointer to the RSA Context that has been initialized. // If the allocations fails, RsaNew() returns NULL. // //---------------------------------------------------------------------------- // VOID * RsaNew ( VOID ); // //---------------------------------------------------------------------------- // // Procedure: RsaFree // // Description: Release the specified RSA Context. // // Input: // param[in] RsaContext Pointer to the RSA context to be released. // // Output: // //---------------------------------------------------------------------------- // VOID EFIAPI RsaFree ( IN VOID *RsaContext ); /// /// RSA Key Tags Definition used in RsaSetKey() function for key component identification. /// typedef enum _RSA_KEY_TAG { RsaKeyN, ///< RSA public Modulus (N) RsaKeyE, ///< RSA Public exponent (e) RsaKeyD, ///< RSA Private exponent (d) RsaKeyP, ///< RSA secret prime factor of Modulus (p) RsaKeyQ, ///< RSA secret prime factor of Modules (q) RsaKeyDp, ///< p's CRT exponent (== d mod (p - 1)) RsaKeyDq, ///< q's CRT exponent (== d mod (q - 1)) RsaKeyQInv ///< The CRT coefficient (== 1/q mod p) } RSA_KEY_TAG; // //---------------------------------------------------------------------------- // // Procedure: RsaSetKey // // Description: Sets the tag-designated RSA key component into the established RSA context from // the user-specified nonnegative integer (octet string format represented in RSA // PKCS#1). If RsaContext is NULL, then ASSERT(). // // Input: // @param[in, out] RsaContext Pointer to RSA context being set. // @param[in] KeyTag Tag of RSA key component being set. // @param[in] BigNumber Pointer to octet integer buffer. // @param[in] BnLength Length of big number buffer in bytes. // // Output: // @return TRUE RSA key component was set successfully. // @return FALSE Invalid RSA key component tag. // //---------------------------------------------------------------------------- // BOOLEAN RsaSetKey ( IN OUT VOID *RsaContext, IN RSA_KEY_TAG KeyTag, IN CONST UINT8 *BigNumber, IN UINTN BnLength ); // //---------------------------------------------------------------------------- // // Procedure: RsaPkcs1Verify // // Description: Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in // RSA PKCS#1. // If RsaContext is NULL, then ASSERT(). // If MessageHash is NULL, then ASSERT(). // If Signature is NULL, then ASSERT(). // If HashLength is not equal to the size of SHA-1 or SHA-256 digest, then ASSERT(). // // Input: // @param[in] RsaContext Pointer to RSA context for signature verification. // @param[in] MessageHash Pointer to octet message hash to be checked. // @param[in] HashLength Length of the message hash in bytes. // @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified. // @param[in] SigLength Length of signature in bytes. // // Output: // @return TRUE Valid signature encoded in PKCS1-v1_5. // @return FALSE Invalid signature or invalid RSA context. // //---------------------------------------------------------------------------- // BOOLEAN RsaPkcs1Verify ( IN VOID *RsaContext, IN CONST UINT8 *MessageHash, IN UINTN HashLength, IN UINT8 *Signature, IN UINTN SigLength ); // //---------------------------------------------------------------------------- // // Procedure: Pkcs7Verify // // Description: Verifies the validility of a PKCS#7 signed data as described in // "PKCS #7: Cryptographic Message Syntax Standard". // If P7Data is NULL, then ASSERT(). // // Input: // @param[in] P7Data Pointer to the PKCS#7 message to verify. // @param[in] P7Length Length of the PKCS#7 message in bytes. // @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which // is used for certificate chain verification. // @param[in] CertLength Length of the trusted certificate in bytes. // @param[in] InData Pointer to the content to be verified. // @param[in] DataLength Length of InData in bytes. // // Output: // @return TRUE The specified PKCS#7 signed data is valid. // @return FALSE Invalid PKCS#7 signed data. // //---------------------------------------------------------------------------- // BOOLEAN Pkcs7Verify ( IN CONST UINT8 *P7Data, IN UINTN P7Length, IN CONST UINT8 *TrustedCert, IN UINTN CertLength, IN CONST UINT8 *InData, IN UINTN DataLength ); #endif // __BASE_CRYPT_LIB_H__