From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 9C56CAC0F47 for ; Wed, 30 Aug 2023 07:52:59 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=j0CkTUBbp3kTSR6W7tb4VUbgq2I2lYrB9nIfu2SZlUk=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1693381978; v=1; b=ejsKwjiEjYKUdlqbRQ+FNBqHpFeLI1IZXeEWExgtzzorOGAvTP3OFGERTK8Y+8gmwVgxCRZ0 dfNuJgOgirgLqHEvD6Iqx1W0mWRtS/cr/ZS+Zu67ZDgpV6xiEMrdPq9v+91jEQwTHFGVDZGHJqB lB1TPGGWcVyefsht5gd7RGfc= X-Received: by 127.0.0.2 with SMTP id D5EmYY7687511xgdWE5o7oYy; Wed, 30 Aug 2023 00:52:58 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web10.9138.1693381972374644075 for ; Wed, 30 Aug 2023 00:52:57 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10817"; a="378289262" X-IronPort-AV: E=Sophos;i="6.02,212,1688454000"; d="scan'208";a="378289262" X-Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Aug 2023 00:52:37 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10817"; a="742139791" X-IronPort-AV: E=Sophos;i="6.02,212,1688454000"; d="scan'208";a="742139791" X-Received: from shwdejointd777.ccr.corp.intel.com ([10.239.58.116]) by fmsmga007.fm.intel.com with ESMTP; 30 Aug 2023 00:52:34 -0700 From: "Wenxing Hou" To: devel@edk2.groups.io Cc: Jiewen Yao , Yi Li , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [edk2/add_mbedtls PATCH 7/9] CryptoPkg: Add Null functions for building pass Date: Wed, 30 Aug 2023 15:52:18 +0800 Message-Id: <20230830075220.2070-8-wenxing.hou@intel.com> In-Reply-To: <20230830075220.2070-1-wenxing.hou@intel.com> References: <20230830075220.2070-1-wenxing.hou@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,wenxing.hou@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: n5zx4fGi5bEMrEGC4ofr9dnqx7686176AA= Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=ejsKwjiE; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Add Null functions to build. These feature are not supported now. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4177 Cc: Jiewen Yao cc: Yi Li Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Wenxing Hou --- .../BaseCryptLibMbedTls/Bn/CryptBnNull.c | 520 ++++++++++++ .../Cipher/CryptAeadAesGcmNull.c | 100 +++ .../BaseCryptLibMbedTls/Cipher/CryptAesNull.c | 159 ++++ .../BaseCryptLibMbedTls/Hash/CryptMd5Null.c | 163 ++++ .../Hash/CryptParallelHashNull.c | 40 + .../BaseCryptLibMbedTls/Hash/CryptSha1Null.c | 166 ++++ .../Hash/CryptSha256Null.c | 162 ++++ .../Hash/CryptSha512Null.c | 275 +++++++ .../BaseCryptLibMbedTls/Hash/CryptSm3Null.c | 164 ++++ .../BaseCryptLibMbedTls/Pem/CryptPemNull.c | 69 ++ .../Pk/CryptAuthenticodeNull.c | 45 ++ .../BaseCryptLibMbedTls/Pk/CryptDhNull.c | 150 ++++ .../BaseCryptLibMbedTls/Pk/CryptEcNull.c | 578 ++++++++++++++ .../Pk/CryptPkcs1OaepNull.c | 51 ++ .../Pk/CryptPkcs5Pbkdf2Null.c | 48 ++ .../Pk/CryptPkcs7Internal.h | 83 ++ .../Pk/CryptPkcs7SignNull.c | 53 ++ .../Pk/CryptPkcs7VerifyEkuNull.c | 152 ++++ .../Pk/CryptPkcs7VerifyEkuRuntime.c | 56 ++ .../Pk/CryptPkcs7VerifyNull.c | 163 ++++ .../Pk/CryptPkcs7VerifyRuntime.c | 38 + .../BaseCryptLibMbedTls/Pk/CryptTsNull.c | 42 + .../BaseCryptLibMbedTls/Pk/CryptX509Null.c | 753 ++++++++++++++++++ .../BaseCryptLibMbedTls/Rand/CryptRandNull.c | 56 ++ 24 files changed, 4086 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Bn/CryptBnNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadA= esGcmNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAesNu= ll.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptMd5Null= .c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptParalle= lHashNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha1Nul= l.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha256N= ull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha512N= ull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSm3Null= .c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPemNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthentic= odeNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptDhNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptEcNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep= Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkd= f2Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Inte= rnal.h create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Sign= Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Veri= fyEkuNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Veri= fyEkuRuntime.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Veri= fyNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Veri= fyRuntime.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTsNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandNul= l.c diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Bn/CryptBnNull.c b/Crypt= oPkg/Library/BaseCryptLibMbedTls/Bn/CryptBnNull.c new file mode 100644 index 0000000000..80f36dc71f --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Bn/CryptBnNull.c @@ -0,0 +1,520 @@ +/** @file=0D + Big number API implementation based on MbedTLS=0D +=0D + Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D + SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include =0D +#include =0D +=0D +/**=0D + Allocate new Big Number.=0D +=0D + @retval New BigNum opaque structure or NULL on failure.=0D +**/=0D +VOID *=0D +EFIAPI=0D +BigNumInit (=0D + VOID=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return NULL;=0D +}=0D +=0D +/**=0D + Allocate new Big Number and assign the provided value to it.=0D +=0D + @param[in] Buf Big endian encoded buffer.=0D + @param[in] Len Buffer length.=0D +=0D + @retval New BigNum opaque structure or NULL on failure.=0D +**/=0D +VOID *=0D +EFIAPI=0D +BigNumFromBin (=0D + IN CONST UINT8 *Buf,=0D + IN UINTN Len=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return NULL;=0D +}=0D +=0D +/**=0D + Convert the absolute value of Bn into big-endian form and store it at Bu= f.=0D + The Buf array should have at least BigNumBytes() in it.=0D +=0D + @param[in] Bn Big number to convert.=0D + @param[out] Buf Output buffer.=0D +=0D + @retval The length of the big-endian number placed at Buf or -1 on error= .=0D +**/=0D +INTN=0D +EFIAPI=0D +BigNumToBin (=0D + IN CONST VOID *Bn,=0D + OUT UINT8 *Buf=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return -1;=0D +}=0D +=0D +/**=0D + Free the Big Number.=0D +=0D + @param[in] Bn Big number to free.=0D + @param[in] Clear TRUE if the buffer should be cleared.=0D +**/=0D +VOID=0D +EFIAPI=0D +BigNumFree (=0D + IN VOID *Bn,=0D + IN BOOLEAN Clear=0D + )=0D +{=0D + ASSERT (FALSE);=0D +}=0D +=0D +/**=0D + Calculate the sum of two Big Numbers.=0D + Please note, all "out" Big number arguments should be properly initializ= ed=0D + by calling to BigNumInit() or BigNumFromBin() functions.=0D +=0D + @param[in] BnA Big number.=0D + @param[in] BnB Big number.=0D + @param[out] BnRes The result of BnA + BnB.=0D +=0D + @retval TRUE On success.=0D + @retval FALSE Otherwise.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +BigNumAdd (=0D + IN CONST VOID *BnA,=0D + IN CONST VOID *BnB,=0D + OUT VOID *BnRes=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Subtract two Big Numbers.=0D + Please note, all "out" Big number arguments should be properly initializ= ed=0D + by calling to BigNumInit() or BigNumFromBin() functions.=0D +=0D + @param[in] BnA Big number.=0D + @param[in] BnB Big number.=0D + @param[out] BnRes The result of BnA - BnB.=0D +=0D + @retval TRUE On success.=0D + @retval FALSE Otherwise.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +BigNumSub (=0D + IN CONST VOID *BnA,=0D + IN CONST VOID *BnB,=0D + OUT VOID *BnRes=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Calculate remainder: BnRes =3D BnA % BnB.=0D + Please note, all "out" Big number arguments should be properly initializ= ed=0D + by calling to BigNumInit() or BigNumFromBin() functions.=0D +=0D + @param[in] BnA Big number.=0D + @param[in] BnB Big number.=0D + @param[out] BnRes The result of BnA % BnB.=0D +=0D + @retval TRUE On success.=0D + @retval FALSE Otherwise.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +BigNumMod (=0D + IN CONST VOID *BnA,=0D + IN CONST VOID *BnB,=0D + OUT VOID *BnRes=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Compute BnA to the BnP-th power modulo BnM.=0D + Please note, all "out" Big number arguments should be properly initializ= ed=0D + by calling to BigNumInit() or BigNumFromBin() functions.=0D +=0D + @param[in] BnA Big number.=0D + @param[in] BnP Big number (power).=0D + @param[in] BnM Big number (modulo).=0D + @param[out] BnRes The result of (BnA ^ BnP) % BnM.=0D +=0D + @retval TRUE On success.=0D + @retval FALSE Otherwise.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +BigNumExpMod (=0D + IN CONST VOID *BnA,=0D + IN CONST VOID *BnP,=0D + IN CONST VOID *BnM,=0D + OUT VOID *BnRes=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Compute BnA inverse modulo BnM.=0D + Please note, all "out" Big number arguments should be properly initializ= ed=0D + by calling to BigNumInit() or BigNumFromBin() functions.=0D +=0D + @param[in] BnA Big number.=0D + @param[in] BnM Big number (modulo).=0D + @param[out] BnRes The result, such that (BnA * BnRes) % BnM =3D=3D 1.= =0D +=0D + @retval TRUE On success.=0D + @retval FALSE Otherwise.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +BigNumInverseMod (=0D + IN CONST VOID *BnA,=0D + IN CONST VOID *BnM,=0D + OUT VOID *BnRes=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Divide two Big Numbers.=0D + Please note, all "out" Big number arguments should be properly initializ= ed=0D + by calling to BigNumInit() or BigNumFromBin() functions.=0D +=0D + @param[in] BnA Big number.=0D + @param[in] BnB Big number.=0D + @param[out] BnRes The result, such that BnA / BnB.=0D +=0D + @retval TRUE On success.=0D + @retval FALSE Otherwise.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +BigNumDiv (=0D + IN CONST VOID *BnA,=0D + IN CONST VOID *BnB,=0D + OUT VOID *BnRes=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Multiply two Big Numbers modulo BnM.=0D + Please note, all "out" Big number arguments should be properly initializ= ed=0D + by calling to BigNumInit() or BigNumFromBin() functions.=0D +=0D + @param[in] BnA Big number.=0D + @param[in] BnB Big number.=0D + @param[in] BnM Big number (modulo).=0D + @param[out] BnRes The result, such that (BnA * BnB) % BnM.=0D +=0D + @retval TRUE On success.=0D + @retval FALSE Otherwise.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +BigNumMulMod (=0D + IN CONST VOID *BnA,=0D + IN CONST VOID *BnB,=0D + IN CONST VOID *BnM,=0D + OUT VOID *BnRes=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Compare two Big Numbers.=0D +=0D + @param[in] BnA Big number.=0D + @param[in] BnB Big number.=0D +=0D + @retval 0 BnA =3D=3D BnB.=0D + @retval 1 BnA > BnB.=0D + @retval -1 BnA < BnB.=0D +**/=0D +INTN=0D +EFIAPI=0D +BigNumCmp (=0D + IN CONST VOID *BnA,=0D + IN CONST VOID *BnB=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return 0;=0D +}=0D +=0D +/**=0D + Get number of bits in Bn.=0D +=0D + @param[in] Bn Big number.=0D +=0D + @retval Number of bits.=0D +**/=0D +UINTN=0D +EFIAPI=0D +BigNumBits (=0D + IN CONST VOID *Bn=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return 0;=0D +}=0D +=0D +/**=0D + Get number of bytes in Bn.=0D +=0D + @param[in] Bn Big number.=0D +=0D + @retval Number of bytes.=0D +**/=0D +UINTN=0D +EFIAPI=0D +BigNumBytes (=0D + IN CONST VOID *Bn=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return 0;=0D +}=0D +=0D +/**=0D + Checks if Big Number equals to the given Num.=0D +=0D + @param[in] Bn Big number.=0D + @param[in] Num Number.=0D +=0D + @retval TRUE iff Bn =3D=3D Num.=0D + @retval FALSE otherwise.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +BigNumIsWord (=0D + IN CONST VOID *Bn,=0D + IN UINTN Num=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Checks if Big Number is odd.=0D +=0D + @param[in] Bn Big number.=0D +=0D + @retval TRUE Bn is odd (Bn % 2 =3D=3D 1).=0D + @retval FALSE otherwise.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +BigNumIsOdd (=0D + IN CONST VOID *Bn=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Copy Big number.=0D +=0D + @param[out] BnDst Destination.=0D + @param[in] BnSrc Source.=0D +=0D + @retval BnDst on success.=0D + @retval NULL otherwise.=0D +**/=0D +VOID *=0D +EFIAPI=0D +BigNumCopy (=0D + OUT VOID *BnDst,=0D + IN CONST VOID *BnSrc=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return NULL;=0D +}=0D +=0D +/**=0D + Get constant Big number with value of "1".=0D + This may be used to save expensive allocations.=0D +=0D + @retval Big Number with value of 1.=0D +**/=0D +CONST VOID *=0D +EFIAPI=0D +BigNumValueOne (=0D + VOID=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return NULL;=0D +}=0D +=0D +/**=0D + Shift right Big Number.=0D + Please note, all "out" Big number arguments should be properly initializ= ed=0D + by calling to BigNumInit() or BigNumFromBin() functions.=0D +=0D + @param[in] Bn Big number.=0D + @param[in] N Number of bits to shift.=0D + @param[out] BnRes The result.=0D +=0D + @retval TRUE On success.=0D + @retval FALSE Otherwise.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +BigNumRShift (=0D + IN CONST VOID *Bn,=0D + IN UINTN N,=0D + OUT VOID *BnRes=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Mark Big Number for constant time computations.=0D + This function should be called before any constant time computations are= =0D + performed on the given Big number.=0D +=0D + @param[in] Bn Big number=0D +**/=0D +VOID=0D +EFIAPI=0D +BigNumConstTime (=0D + IN VOID *Bn=0D + )=0D +{=0D + ASSERT (FALSE);=0D +}=0D +=0D +/**=0D + Calculate square modulo.=0D + Please note, all "out" Big number arguments should be properly initializ= ed=0D + by calling to BigNumInit() or BigNumFromBin() functions.=0D +=0D + @param[in] BnA Big number.=0D + @param[in] BnM Big number (modulo).=0D + @param[out] BnRes The result, such that (BnA ^ 2) % BnM.=0D +=0D + @retval TRUE On success.=0D + @retval FALSE Otherwise.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +BigNumSqrMod (=0D + IN CONST VOID *BnA,=0D + IN CONST VOID *BnM,=0D + OUT VOID *BnRes=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Create new Big Number computation context. This is an opaque structure=0D + which should be passed to any function that requires it. The BN context = is=0D + needed to optimize calculations and expensive allocations.=0D +=0D + @retval Big Number context struct or NULL on failure.=0D +**/=0D +VOID *=0D +EFIAPI=0D +BigNumNewContext (=0D + VOID=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return NULL;=0D +}=0D +=0D +/**=0D + Free Big Number context that was allocated with BigNumNewContext().=0D +=0D + @param[in] BnCtx Big number context to free.=0D +**/=0D +VOID=0D +EFIAPI=0D +BigNumContextFree (=0D + IN VOID *BnCtx=0D + )=0D +{=0D + ASSERT (FALSE);=0D +}=0D +=0D +/**=0D + Set Big Number to a given value.=0D +=0D + @param[in] Bn Big number to set.=0D + @param[in] Val Value to set.=0D +=0D + @retval TRUE On success.=0D + @retval FALSE Otherwise.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +BigNumSetUint (=0D + IN VOID *Bn,=0D + IN UINTN Val=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Add two Big Numbers modulo BnM.=0D +=0D + @param[in] BnA Big number.=0D + @param[in] BnB Big number.=0D + @param[in] BnM Big number (modulo).=0D + @param[out] BnRes The result, such that (BnA + BnB) % BnM.=0D +=0D + @retval TRUE On success.=0D + @retval FALSE Otherwise.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +BigNumAddMod (=0D + IN CONST VOID *BnA,=0D + IN CONST VOID *BnB,=0D + IN CONST VOID *BnM,=0D + OUT VOID *BnRes=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcmNu= ll.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcmNull.c new file mode 100644 index 0000000000..9a8f81c169 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcmNull.c @@ -0,0 +1,100 @@ +/** @file=0D + AEAD Wrapper Implementation which does not provide real capabilities.=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Performs AEAD AES-GCM authenticated encryption on a data buffer and addi= tional authenticated data (AAD).=0D +=0D + IvSize must be 12, otherwise FALSE is returned.=0D + KeySize must be 16, 24 or 32, otherwise FALSE is returned.=0D + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.=0D +=0D + @param[in] Key Pointer to the encryption key.=0D + @param[in] KeySize Size of the encryption key in bytes.=0D + @param[in] Iv Pointer to the IV value.=0D + @param[in] IvSize Size of the IV value in bytes.=0D + @param[in] AData Pointer to the additional authenticated data (A= AD).=0D + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes.=0D + @param[in] DataIn Pointer to the input data buffer to be encrypte= d.=0D + @param[in] DataInSize Size of the input data buffer in bytes.=0D + @param[out] TagOut Pointer to a buffer that receives the authentic= ation tag output.=0D + @param[in] TagSize Size of the authentication tag in bytes.=0D + @param[out] DataOut Pointer to a buffer that receives the encryptio= n output.=0D + @param[out] DataOutSize Size of the output data buffer in bytes.=0D +=0D + @retval TRUE AEAD AES-GCM authenticated encryption succeeded.=0D + @retval FALSE AEAD AES-GCM authenticated encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +AeadAesGcmEncrypt (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Iv,=0D + IN UINTN IvSize,=0D + IN CONST UINT8 *AData,=0D + IN UINTN ADataSize,=0D + IN CONST UINT8 *DataIn,=0D + IN UINTN DataInSize,=0D + OUT UINT8 *TagOut,=0D + IN UINTN TagSize,=0D + OUT UINT8 *DataOut,=0D + OUT UINTN *DataOutSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Performs AEAD AES-GCM authenticated decryption on a data buffer and addi= tional authenticated data (AAD).=0D +=0D + IvSize must be 12, otherwise FALSE is returned.=0D + KeySize must be 16, 24 or 32, otherwise FALSE is returned.=0D + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.=0D + If additional authenticated data verification fails, FALSE is returned.= =0D +=0D + @param[in] Key Pointer to the encryption key.=0D + @param[in] KeySize Size of the encryption key in bytes.=0D + @param[in] Iv Pointer to the IV value.=0D + @param[in] IvSize Size of the IV value in bytes.=0D + @param[in] AData Pointer to the additional authenticated data (A= AD).=0D + @param[in] ADataSize Size of the additional authenticated data (AAD)= in bytes.=0D + @param[in] DataIn Pointer to the input data buffer to be decrypte= d.=0D + @param[in] DataInSize Size of the input data buffer in bytes.=0D + @param[in] Tag Pointer to a buffer that contains the authentic= ation tag.=0D + @param[in] TagSize Size of the authentication tag in bytes.=0D + @param[out] DataOut Pointer to a buffer that receives the decryptio= n output.=0D + @param[out] DataOutSize Size of the output data buffer in bytes.=0D +=0D + @retval TRUE AEAD AES-GCM authenticated decryption succeeded.=0D + @retval FALSE AEAD AES-GCM authenticated decryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +AeadAesGcmDecrypt (=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeySize,=0D + IN CONST UINT8 *Iv,=0D + IN UINTN IvSize,=0D + IN CONST UINT8 *AData,=0D + IN UINTN ADataSize,=0D + IN CONST UINT8 *DataIn,=0D + IN UINTN DataInSize,=0D + IN CONST UINT8 *Tag,=0D + IN UINTN TagSize,=0D + OUT UINT8 *DataOut,=0D + OUT UINTN *DataOutSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAesNull.c b/= CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAesNull.c new file mode 100644 index 0000000000..ad93d56492 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAesNull.c @@ -0,0 +1,159 @@ +/** @file=0D + AES Wrapper Implementation which does not provide real capabilities.=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Retrieves the size, in bytes, of the context buffer required for AES ope= rations.=0D +=0D + Return zero to indicate this interface is not supported.=0D +=0D + @retval 0 This interface is not supported.=0D +=0D +**/=0D +UINTN=0D +EFIAPI=0D +AesGetContextSize (=0D + VOID=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return 0;=0D +}=0D +=0D +/**=0D + Initializes user-supplied memory as AES context for subsequent use.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[out] AesContext Pointer to AES context being initialized.=0D + @param[in] Key Pointer to the user-supplied AES key.=0D + @param[in] KeyLength Length of AES key in bits.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +AesInit (=0D + OUT VOID *AesContext,=0D + IN CONST UINT8 *Key,=0D + IN UINTN KeyLength=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Performs AES encryption on a data buffer of the specified size in ECB mo= de.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] AesContext Pointer to the AES context.=0D + @param[in] Input Pointer to the buffer containing the data to be= encrypted.=0D + @param[in] InputSize Size of the Input buffer in bytes.=0D + @param[out] Output Pointer to a buffer that receives the AES encry= ption output.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +AesEcbEncrypt (=0D + IN VOID *AesContext,=0D + IN CONST UINT8 *Input,=0D + IN UINTN InputSize,=0D + OUT UINT8 *Output=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Performs AES decryption on a data buffer of the specified size in ECB mo= de.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] AesContext Pointer to the AES context.=0D + @param[in] Input Pointer to the buffer containing the data to be= decrypted.=0D + @param[in] InputSize Size of the Input buffer in bytes.=0D + @param[out] Output Pointer to a buffer that receives the AES decry= ption output.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +AesEcbDecrypt (=0D + IN VOID *AesContext,=0D + IN CONST UINT8 *Input,=0D + IN UINTN InputSize,=0D + OUT UINT8 *Output=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Performs AES encryption on a data buffer of the specified size in CBC mo= de.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] AesContext Pointer to the AES context.=0D + @param[in] Input Pointer to the buffer containing the data to be= encrypted.=0D + @param[in] InputSize Size of the Input buffer in bytes.=0D + @param[in] Ivec Pointer to initialization vector.=0D + @param[out] Output Pointer to a buffer that receives the AES encry= ption output.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +AesCbcEncrypt (=0D + IN VOID *AesContext,=0D + IN CONST UINT8 *Input,=0D + IN UINTN InputSize,=0D + IN CONST UINT8 *Ivec,=0D + OUT UINT8 *Output=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Performs AES decryption on a data buffer of the specified size in CBC mo= de.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] AesContext Pointer to the AES context.=0D + @param[in] Input Pointer to the buffer containing the data to be= encrypted.=0D + @param[in] InputSize Size of the Input buffer in bytes.=0D + @param[in] Ivec Pointer to initialization vector.=0D + @param[out] Output Pointer to a buffer that receives the AES encry= ption output.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +AesCbcDecrypt (=0D + IN VOID *AesContext,=0D + IN CONST UINT8 *Input,=0D + IN UINTN InputSize,=0D + IN CONST UINT8 *Ivec,=0D + OUT UINT8 *Output=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptMd5Null.c b/Cr= yptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptMd5Null.c new file mode 100644 index 0000000000..4048cc7718 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptMd5Null.c @@ -0,0 +1,163 @@ +/** @file=0D +=0D +MD5 Digest Wrapper Null Implementation.=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Retrieves the size, in bytes, of the context buffer required for MD5 has= h operations.=0D +=0D + @return The size, in bytes, of the context buffer required for MD5 hash= operations.=0D +=0D +**/=0D +UINTN=0D +EFIAPI=0D +Md5GetContextSize (=0D + VOID=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return 0;=0D +}=0D +=0D +/**=0D + Initializes user-supplied memory pointed by Md5Context as MD5 hash conte= xt for=0D + subsequent use.=0D +=0D + If Md5Context is NULL, then return FALSE.=0D +=0D + @param[out] Md5Context Pointer to MD5 context being initialized.=0D +=0D + @retval TRUE MD5 context initialization succeeded.=0D + @retval FALSE MD5 context initialization failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Md5Init (=0D + OUT VOID *Md5Context=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Makes a copy of an existing MD5 context.=0D +=0D + If Md5Context is NULL, then return FALSE.=0D + If NewMd5Context is NULL, then return FALSE.=0D +=0D + @param[in] Md5Context Pointer to MD5 context being copied.=0D + @param[out] NewMd5Context Pointer to new MD5 context.=0D +=0D + @retval TRUE MD5 context copy succeeded.=0D + @retval FALSE MD5 context copy failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Md5Duplicate (=0D + IN CONST VOID *Md5Context,=0D + OUT VOID *NewMd5Context=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Digests the input data and updates MD5 context.=0D +=0D + This function performs MD5 digest on a data buffer of the specified size= .=0D + It can be called multiple times to compute the digest of long or discont= inuous data streams.=0D + MD5 context should be already correctly intialized by Md5Init(), and sho= uld not be finalized=0D + by Md5Final(). Behavior with invalid context is undefined.=0D +=0D + If Md5Context is NULL, then return FALSE.=0D +=0D + @param[in, out] Md5Context Pointer to the MD5 context.=0D + @param[in] Data Pointer to the buffer containing the data t= o be hashed.=0D + @param[in] DataSize Size of Data buffer in bytes.=0D +=0D + @retval TRUE MD5 data digest succeeded.=0D + @retval FALSE MD5 data digest failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Md5Update (=0D + IN OUT VOID *Md5Context,=0D + IN CONST VOID *Data,=0D + IN UINTN DataSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Completes computation of the MD5 digest value.=0D +=0D + This function completes MD5 hash computation and retrieves the digest va= lue into=0D + the specified memory. After this function has been called, the MD5 conte= xt cannot=0D + be used again.=0D + MD5 context should be already correctly intialized by Md5Init(), and sho= uld not be=0D + finalized by Md5Final(). Behavior with invalid MD5 context is undefined.= =0D +=0D + If Md5Context is NULL, then return FALSE.=0D + If HashValue is NULL, then return FALSE.=0D +=0D + @param[in, out] Md5Context Pointer to the MD5 context.=0D + @param[out] HashValue Pointer to a buffer that receives the MD5 d= igest=0D + value (16 bytes).=0D +=0D + @retval TRUE MD5 digest computation succeeded.=0D + @retval FALSE MD5 digest computation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Md5Final (=0D + IN OUT VOID *Md5Context,=0D + OUT UINT8 *HashValue=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D +Computes the MD5 message digest of a input data buffer.=0D +=0D +This function performs the MD5 message digest of a given data buffer, and = places=0D +the digest value into the specified memory.=0D +=0D +If this interface is not supported, then return FALSE.=0D +=0D +@param[in] Data Pointer to the buffer containing the data to be h= ashed.=0D +@param[in] DataSize Size of Data buffer in bytes.=0D +@param[out] HashValue Pointer to a buffer that receives the MD5 digest= =0D +value (16 bytes).=0D +=0D +@retval TRUE MD5 digest computation succeeded.=0D +@retval FALSE MD5 digest computation failed.=0D +@retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Md5HashAll (=0D + IN CONST VOID *Data,=0D + IN UINTN DataSize,=0D + OUT UINT8 *HashValue=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptParallelHashNu= ll.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptParallelHashNull.c new file mode 100644 index 0000000000..334c251bda --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptParallelHashNull.c @@ -0,0 +1,40 @@ +/** @file=0D + ParallelHash Implementation which does not provide real capabilities.=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Parallel hash function ParallelHash256, as defined in NIST's Special Pub= lication 800-185,=0D + published December 2016.=0D +=0D + @param[in] Input Pointer to the input message (X).=0D + @param[in] InputByteLen The number(>0) of input bytes provided for= the input data.=0D + @param[in] BlockSize The size of each block (B).=0D + @param[out] Output Pointer to the output buffer.=0D + @param[in] OutputByteLen The desired number of output bytes (L).=0D + @param[in] Customization Pointer to the customization string (S).=0D + @param[in] CustomByteLen The length of the customization string in = bytes.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +ParallelHash256HashAll (=0D + IN CONST VOID *Input,=0D + IN UINTN InputByteLen,=0D + IN UINTN BlockSize,=0D + OUT VOID *Output,=0D + IN UINTN OutputByteLen,=0D + IN CONST VOID *Customization,=0D + IN UINTN CustomByteLen=0D + )=0D +{=0D + // ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha1Null.c b/C= ryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha1Null.c new file mode 100644 index 0000000000..a590261747 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha1Null.c @@ -0,0 +1,166 @@ +/** @file=0D + SHA-1 Digest Wrapper Null Implementation.=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Retrieves the size, in bytes, of the context buffer required for SHA-1 h= ash operations.=0D +=0D + @return The size, in bytes, of the context buffer required for SHA-1 ha= sh operations.=0D +=0D +**/=0D +UINTN=0D +EFIAPI=0D +Sha1GetContextSize (=0D + VOID=0D + )=0D +{=0D + //=0D + // Retrieves SHA Context Size=0D + //=0D + ASSERT (FALSE);=0D + return 0;=0D +}=0D +=0D +/**=0D + Initializes user-supplied memory pointed by Sha1Context as SHA-1 hash co= ntext for=0D + subsequent use.=0D +=0D + If Sha1Context is NULL, then return FALSE.=0D +=0D + @param[out] Sha1Context Pointer to SHA-1 context being initialized.=0D +=0D + @retval TRUE SHA-1 context initialization succeeded.=0D + @retval FALSE SHA-1 context initialization failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Sha1Init (=0D + OUT VOID *Sha1Context=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Makes a copy of an existing SHA-1 context.=0D +=0D + If Sha1Context is NULL, then return FALSE.=0D + If NewSha1Context is NULL, then return FALSE.=0D +=0D + @param[in] Sha1Context Pointer to SHA-1 context being copied.=0D + @param[out] NewSha1Context Pointer to new SHA-1 context.=0D +=0D + @retval TRUE SHA-1 context copy succeeded.=0D + @retval FALSE SHA-1 context copy failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Sha1Duplicate (=0D + IN CONST VOID *Sha1Context,=0D + OUT VOID *NewSha1Context=0D + )=0D +{=0D + ASSERT (FALSE);=0D +=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Digests the input data and updates SHA-1 context.=0D +=0D + This function performs SHA-1 digest on a data buffer of the specified si= ze.=0D + It can be called multiple times to compute the digest of long or discont= inuous data streams.=0D + SHA-1 context should be already correctly initialized by Sha1Init(), and= should not be finalized=0D + by Sha1Final(). Behavior with invalid context is undefined.=0D +=0D + If Sha1Context is NULL, then return FALSE.=0D +=0D + @param[in, out] Sha1Context Pointer to the SHA-1 context.=0D + @param[in] Data Pointer to the buffer containing the data = to be hashed.=0D + @param[in] DataSize Size of Data buffer in bytes.=0D +=0D + @retval TRUE SHA-1 data digest succeeded.=0D + @retval FALSE SHA-1 data digest failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Sha1Update (=0D + IN OUT VOID *Sha1Context,=0D + IN CONST VOID *Data,=0D + IN UINTN DataSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Completes computation of the SHA-1 digest value.=0D +=0D + This function completes SHA-1 hash computation and retrieves the digest = value into=0D + the specified memory. After this function has been called, the SHA-1 con= text cannot=0D + be used again.=0D + SHA-1 context should be already correctly initialized by Sha1Init(), and= should not be=0D + finalized by Sha1Final(). Behavior with invalid SHA-1 context is undefin= ed.=0D +=0D + If Sha1Context is NULL, then return FALSE.=0D + If HashValue is NULL, then return FALSE.=0D +=0D + @param[in, out] Sha1Context Pointer to the SHA-1 context.=0D + @param[out] HashValue Pointer to a buffer that receives the SHA-= 1 digest=0D + value (20 bytes).=0D +=0D + @retval TRUE SHA-1 digest computation succeeded.=0D + @retval FALSE SHA-1 digest computation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Sha1Final (=0D + IN OUT VOID *Sha1Context,=0D + OUT UINT8 *HashValue=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Computes the SHA-1 message digest of a input data buffer.=0D +=0D + This function performs the SHA-1 message digest of a given data buffer, = and places=0D + the digest value into the specified memory.=0D +=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Data Pointer to the buffer containing the data to be= hashed.=0D + @param[in] DataSize Size of Data buffer in bytes.=0D + @param[out] HashValue Pointer to a buffer that receives the SHA-1 dig= est=0D + value (20 bytes).=0D +=0D + @retval TRUE SHA-1 digest computation succeeded.=0D + @retval FALSE SHA-1 digest computation failed.=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Sha1HashAll (=0D + IN CONST VOID *Data,=0D + IN UINTN DataSize,=0D + OUT UINT8 *HashValue=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha256Null.c b= /CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha256Null.c new file mode 100644 index 0000000000..6d284516b5 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha256Null.c @@ -0,0 +1,162 @@ +/** @file=0D + SHA-256 Digest Wrapper Null Implementation.=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Retrieves the size, in bytes, of the context buffer required for SHA-256= hash operations.=0D +=0D + @return The size, in bytes, of the context buffer required for SHA-256 = hash operations.=0D +=0D +**/=0D +UINTN=0D +EFIAPI=0D +Sha256GetContextSize (=0D + VOID=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return 0;=0D +}=0D +=0D +/**=0D + Initializes user-supplied memory pointed by Sha256Context as SHA-256 has= h context for=0D + subsequent use.=0D +=0D + If Sha256Context is NULL, then return FALSE.=0D +=0D + @param[out] Sha256Context Pointer to SHA-256 context being initialized= .=0D +=0D + @retval TRUE SHA-256 context initialization succeeded.=0D + @retval FALSE SHA-256 context initialization failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Sha256Init (=0D + OUT VOID *Sha256Context=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Makes a copy of an existing SHA-256 context.=0D +=0D + If Sha256Context is NULL, then return FALSE.=0D + If NewSha256Context is NULL, then return FALSE.=0D +=0D + @param[in] Sha256Context Pointer to SHA-256 context being copied.=0D + @param[out] NewSha256Context Pointer to new SHA-256 context.=0D +=0D + @retval TRUE SHA-256 context copy succeeded.=0D + @retval FALSE SHA-256 context copy failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Sha256Duplicate (=0D + IN CONST VOID *Sha256Context,=0D + OUT VOID *NewSha256Context=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Digests the input data and updates SHA-256 context.=0D +=0D + This function performs SHA-256 digest on a data buffer of the specified = size.=0D + It can be called multiple times to compute the digest of long or discont= inuous data streams.=0D + SHA-256 context should be already correctly initialized by Sha256Init(),= and should not be finalized=0D + by Sha256Final(). Behavior with invalid context is undefined.=0D +=0D + If Sha256Context is NULL, then return FALSE.=0D +=0D + @param[in, out] Sha256Context Pointer to the SHA-256 context.=0D + @param[in] Data Pointer to the buffer containing the dat= a to be hashed.=0D + @param[in] DataSize Size of Data buffer in bytes.=0D +=0D + @retval TRUE SHA-256 data digest succeeded.=0D + @retval FALSE SHA-256 data digest failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Sha256Update (=0D + IN OUT VOID *Sha256Context,=0D + IN CONST VOID *Data,=0D + IN UINTN DataSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Completes computation of the SHA-256 digest value.=0D +=0D + This function completes SHA-256 hash computation and retrieves the diges= t value into=0D + the specified memory. After this function has been called, the SHA-256 c= ontext cannot=0D + be used again.=0D + SHA-256 context should be already correctly initialized by Sha256Init(),= and should not be=0D + finalized by Sha256Final(). Behavior with invalid SHA-256 context is und= efined.=0D +=0D + If Sha256Context is NULL, then return FALSE.=0D + If HashValue is NULL, then return FALSE.=0D +=0D + @param[in, out] Sha256Context Pointer to the SHA-256 context.=0D + @param[out] HashValue Pointer to a buffer that receives the SH= A-256 digest=0D + value (32 bytes).=0D +=0D + @retval TRUE SHA-256 digest computation succeeded.=0D + @retval FALSE SHA-256 digest computation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Sha256Final (=0D + IN OUT VOID *Sha256Context,=0D + OUT UINT8 *HashValue=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Computes the SHA-256 message digest of a input data buffer.=0D +=0D + This function performs the SHA-256 message digest of a given data buffer= , and places=0D + the digest value into the specified memory.=0D +=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Data Pointer to the buffer containing the data to be= hashed.=0D + @param[in] DataSize Size of Data buffer in bytes.=0D + @param[out] HashValue Pointer to a buffer that receives the SHA-256 d= igest=0D + value (32 bytes).=0D +=0D + @retval TRUE SHA-256 digest computation succeeded.=0D + @retval FALSE SHA-256 digest computation failed.=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Sha256HashAll (=0D + IN CONST VOID *Data,=0D + IN UINTN DataSize,=0D + OUT UINT8 *HashValue=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha512Null.c b= /CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha512Null.c new file mode 100644 index 0000000000..47e2433d11 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha512Null.c @@ -0,0 +1,275 @@ +/** @file=0D + SHA-384 and SHA-512 Digest Wrapper Implementations which does not provid= e real capabilities.=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Retrieves the size, in bytes, of the context buffer required for SHA-384= hash operations.=0D +=0D + Return zero to indicate this interface is not supported.=0D +=0D + @retval 0 This interface is not supported.=0D +=0D +**/=0D +UINTN=0D +EFIAPI=0D +Sha384GetContextSize (=0D + VOID=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return 0;=0D +}=0D +=0D +/**=0D + Initializes user-supplied memory pointed by Sha384Context as SHA-384 has= h context for=0D + subsequent use.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[out] Sha384Context Pointer to SHA-384 context being initialized= .=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Sha384Init (=0D + OUT VOID *Sha384Context=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Makes a copy of an existing SHA-384 context.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] Sha384Context Pointer to SHA-384 context being copied.=0D + @param[out] NewSha384Context Pointer to new SHA-384 context.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Sha384Duplicate (=0D + IN CONST VOID *Sha384Context,=0D + OUT VOID *NewSha384Context=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Digests the input data and updates SHA-384 context.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in, out] Sha384Context Pointer to the SHA-384 context.=0D + @param[in] Data Pointer to the buffer containing the dat= a to be hashed.=0D + @param[in] DataSize Size of Data buffer in bytes.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Sha384Update (=0D + IN OUT VOID *Sha384Context,=0D + IN CONST VOID *Data,=0D + IN UINTN DataSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Completes computation of the SHA-384 digest value.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in, out] Sha384Context Pointer to the SHA-384 context.=0D + @param[out] HashValue Pointer to a buffer that receives the SH= A-384 digest=0D + value (48 bytes).=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Sha384Final (=0D + IN OUT VOID *Sha384Context,=0D + OUT UINT8 *HashValue=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Computes the SHA-384 message digest of a input data buffer.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] Data Pointer to the buffer containing the data to be= hashed.=0D + @param[in] DataSize Size of Data buffer in bytes.=0D + @param[out] HashValue Pointer to a buffer that receives the SHA-384 d= igest=0D + value (48 bytes).=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Sha384HashAll (=0D + IN CONST VOID *Data,=0D + IN UINTN DataSize,=0D + OUT UINT8 *HashValue=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieves the size, in bytes, of the context buffer required for SHA-512= hash operations.=0D +=0D + Return zero to indicate this interface is not supported.=0D +=0D + @retval 0 This interface is not supported.=0D +=0D +**/=0D +UINTN=0D +EFIAPI=0D +Sha512GetContextSize (=0D + VOID=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return 0;=0D +}=0D +=0D +/**=0D + Initializes user-supplied memory pointed by Sha512Context as SHA-512 has= h context for=0D + subsequent use.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[out] Sha512Context Pointer to SHA-512 context being initialized= .=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Sha512Init (=0D + OUT VOID *Sha512Context=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Makes a copy of an existing SHA-512 context.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] Sha512Context Pointer to SHA-512 context being copied.=0D + @param[out] NewSha512Context Pointer to new SHA-512 context.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Sha512Duplicate (=0D + IN CONST VOID *Sha512Context,=0D + OUT VOID *NewSha512Context=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Digests the input data and updates SHA-512 context.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in, out] Sha512Context Pointer to the SHA-512 context.=0D + @param[in] Data Pointer to the buffer containing the dat= a to be hashed.=0D + @param[in] DataSize Size of Data buffer in bytes.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Sha512Update (=0D + IN OUT VOID *Sha512Context,=0D + IN CONST VOID *Data,=0D + IN UINTN DataSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Completes computation of the SHA-512 digest value.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in, out] Sha512Context Pointer to the SHA-512 context.=0D + @param[out] HashValue Pointer to a buffer that receives the SH= A-512 digest=0D + value (64 bytes).=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Sha512Final (=0D + IN OUT VOID *Sha512Context,=0D + OUT UINT8 *HashValue=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Computes the SHA-512 message digest of a input data buffer.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] Data Pointer to the buffer containing the data to be= hashed.=0D + @param[in] DataSize Size of Data buffer in bytes.=0D + @param[out] HashValue Pointer to a buffer that receives the SHA-512 d= igest=0D + value (64 bytes).=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Sha512HashAll (=0D + IN CONST VOID *Data,=0D + IN UINTN DataSize,=0D + OUT UINT8 *HashValue=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSm3Null.c b/Cr= yptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSm3Null.c new file mode 100644 index 0000000000..de5be1a3ef --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSm3Null.c @@ -0,0 +1,164 @@ +/** @file=0D + SM3 Digest Wrapper Null Implementation.=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Retrieves the size, in bytes, of the context buffer required for SM3 has= h operations.=0D +=0D + @return The size, in bytes, of the context buffer required for SM3 hash= operations.=0D +=0D +**/=0D +UINTN=0D +EFIAPI=0D +Sm3GetContextSize (=0D + VOID=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return 0;=0D +}=0D +=0D +/**=0D + Initializes user-supplied memory pointed by Sm3Context as SM3 hash conte= xt for=0D + subsequent use.=0D +=0D + If Sm3Context is NULL, then return FALSE.=0D +=0D + @param[out] Sm3Context Pointer to SM3 context being initialized.=0D +=0D + @retval TRUE SM3 context initialization succeeded.=0D + @retval FALSE SM3 context initialization failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Sm3Init (=0D + OUT VOID *Sm3Context=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Makes a copy of an existing SM3 context.=0D +=0D + If Sm3Context is NULL, then return FALSE.=0D + If NewSm3Context is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Sm3Context Pointer to SM3 context being copied.=0D + @param[out] NewSm3Context Pointer to new SM3 context.=0D +=0D + @retval TRUE SM3 context copy succeeded.=0D + @retval FALSE SM3 context copy failed.=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Sm3Duplicate (=0D + IN CONST VOID *Sm3Context,=0D + OUT VOID *NewSm3Context=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Digests the input data and updates SM3 context.=0D +=0D + This function performs SM3 digest on a data buffer of the specified size= .=0D + It can be called multiple times to compute the digest of long or discont= inuous data streams.=0D + SM3 context should be already correctly initialized by Sm3Init(), and sh= ould not be finalized=0D + by Sm3Final(). Behavior with invalid context is undefined.=0D +=0D + If Sm3Context is NULL, then return FALSE.=0D +=0D + @param[in, out] Sm3Context Pointer to the SM3 context.=0D + @param[in] Data Pointer to the buffer containing the dat= a to be hashed.=0D + @param[in] DataSize Size of Data buffer in bytes.=0D +=0D + @retval TRUE SM3 data digest succeeded.=0D + @retval FALSE SM3 data digest failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Sm3Update (=0D + IN OUT VOID *Sm3Context,=0D + IN CONST VOID *Data,=0D + IN UINTN DataSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Completes computation of the SM3 digest value.=0D +=0D + This function completes SM3 hash computation and retrieves the digest va= lue into=0D + the specified memory. After this function has been called, the SM3 conte= xt cannot=0D + be used again.=0D + SM3 context should be already correctly initialized by Sm3Init(), and sh= ould not be=0D + finalized by Sm3Final(). Behavior with invalid SM3 context is undefined.= =0D +=0D + If Sm3Context is NULL, then return FALSE.=0D + If HashValue is NULL, then return FALSE.=0D +=0D + @param[in, out] Sm3Context Pointer to the SM3 context.=0D + @param[out] HashValue Pointer to a buffer that receives the SM= 3 digest=0D + value (32 bytes).=0D +=0D + @retval TRUE SM3 digest computation succeeded.=0D + @retval FALSE SM3 digest computation failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Sm3Final (=0D + IN OUT VOID *Sm3Context,=0D + OUT UINT8 *HashValue=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Computes the SM3 message digest of a input data buffer.=0D +=0D + This function performs the SM3 message digest of a given data buffer, an= d places=0D + the digest value into the specified memory.=0D +=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Data Pointer to the buffer containing the data to be= hashed.=0D + @param[in] DataSize Size of Data buffer in bytes.=0D + @param[out] HashValue Pointer to a buffer that receives the SM3 diges= t=0D + value (32 bytes).=0D +=0D + @retval TRUE SM3 digest computation succeeded.=0D + @retval FALSE SM3 digest computation failed.=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Sm3HashAll (=0D + IN CONST VOID *Data,=0D + IN UINTN DataSize,=0D + OUT UINT8 *HashValue=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPemNull.c b/Cry= ptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPemNull.c new file mode 100644 index 0000000000..b3adf2f7d1 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPemNull.c @@ -0,0 +1,69 @@ +/** @file=0D + PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation which = does=0D + not provide real capabilities.=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Retrieve the RSA Private Key from the password-protected PEM key data.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] PemData Pointer to the PEM-encoded key data to be retri= eved.=0D + @param[in] PemSize Size of the PEM key data in bytes.=0D + @param[in] Password NULL-terminated passphrase used for encrypted P= EM key data.=0D + @param[out] RsaContext Pointer to new-generated RSA context which cont= ain the retrieved=0D + RSA private key component. Use RsaFree() functi= on to free the=0D + resource.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaGetPrivateKeyFromPem (=0D + IN CONST UINT8 *PemData,=0D + IN UINTN PemSize,=0D + IN CONST CHAR8 *Password,=0D + OUT VOID **RsaContext=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the EC Private Key from the password-protected PEM key data.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] PemData Pointer to the PEM-encoded key data to be retri= eved.=0D + @param[in] PemSize Size of the PEM key data in bytes.=0D + @param[in] Password NULL-terminated passphrase used for encrypted P= EM key data.=0D + @param[out] EcContext Pointer to new-generated EC context which conta= in the retrieved=0D + EC private key component. Use EcFree() function= to free the=0D + resource.=0D +=0D + If PemData is NULL, then return FALSE.=0D + If EcContext is NULL, then return FALSE.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +EcGetPrivateKeyFromPem (=0D + IN CONST UINT8 *PemData,=0D + IN UINTN PemSize,=0D + IN CONST CHAR8 *Password,=0D + OUT VOID **EcContext=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticodeNull= .c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticodeNull.c new file mode 100644 index 0000000000..9be5b4296e --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticodeNull.c @@ -0,0 +1,45 @@ +/** @file=0D + Authenticode Portable Executable Signature Verification which does not p= rovide=0D + real capabilities.=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Verifies the validity of a PE/COFF Authenticode Signature as described i= n "Windows=0D + Authenticode Portable Executable Signature Format".=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] AuthData Pointer to the Authenticode Signature retrieved= from signed=0D + PE/COFF image to be verified.=0D + @param[in] DataSize Size of the Authenticode Signature in bytes.=0D + @param[in] TrustedCert Pointer to a trusted/root certificate encoded i= n DER, which=0D + is used for certificate chain verification.=0D + @param[in] CertSize Size of the trusted certificate in bytes.=0D + @param[in] ImageHash Pointer to the original image file hash value. = The procedure=0D + for calculating the image hash value is describ= ed in Authenticode=0D + specification.=0D + @param[in] HashSize Size of Image hash value in bytes.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +AuthenticodeVerify (=0D + IN CONST UINT8 *AuthData,=0D + IN UINTN DataSize,=0D + IN CONST UINT8 *TrustedCert,=0D + IN UINTN CertSize,=0D + IN CONST UINT8 *ImageHash,=0D + IN UINTN HashSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptDhNull.c b/Crypt= oPkg/Library/BaseCryptLibMbedTls/Pk/CryptDhNull.c new file mode 100644 index 0000000000..daaf818250 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptDhNull.c @@ -0,0 +1,150 @@ +/** @file=0D + Diffie-Hellman Wrapper Implementation which does not provide=0D + real capabilities.=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Allocates and Initializes one Diffie-Hellman Context for subsequent use.= =0D +=0D + @return Pointer to the Diffie-Hellman Context that has been initialized= .=0D + If the interface is not supported, DhNew() returns NULL.=0D +=0D +**/=0D +VOID *=0D +EFIAPI=0D +DhNew (=0D + VOID=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return NULL;=0D +}=0D +=0D +/**=0D + Release the specified DH context.=0D +=0D + If the interface is not supported, then ASSERT().=0D +=0D + @param[in] DhContext Pointer to the DH context to be released.=0D +=0D +**/=0D +VOID=0D +EFIAPI=0D +DhFree (=0D + IN VOID *DhContext=0D + )=0D +{=0D + ASSERT (FALSE);=0D +}=0D +=0D +/**=0D + Generates DH parameter.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in, out] DhContext Pointer to the DH context.=0D + @param[in] Generator Value of generator.=0D + @param[in] PrimeLength Length in bits of prime to be generated.=0D + @param[out] Prime Pointer to the buffer to receive the gener= ated prime number.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +DhGenerateParameter (=0D + IN OUT VOID *DhContext,=0D + IN UINTN Generator,=0D + IN UINTN PrimeLength,=0D + OUT UINT8 *Prime=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Sets generator and prime parameters for DH.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in, out] DhContext Pointer to the DH context.=0D + @param[in] Generator Value of generator.=0D + @param[in] PrimeLength Length in bits of prime to be generated.=0D + @param[in] Prime Pointer to the prime number.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +DhSetParameter (=0D + IN OUT VOID *DhContext,=0D + IN UINTN Generator,=0D + IN UINTN PrimeLength,=0D + IN CONST UINT8 *Prime=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Generates DH public key.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in, out] DhContext Pointer to the DH context.=0D + @param[out] PublicKey Pointer to the buffer to receive generat= ed public key.=0D + @param[in, out] PublicKeySize On input, the size of PublicKey buffer i= n bytes.=0D + On output, the size of data returned in = PublicKey buffer in bytes.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +DhGenerateKey (=0D + IN OUT VOID *DhContext,=0D + OUT UINT8 *PublicKey,=0D + IN OUT UINTN *PublicKeySize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Computes exchanged common key.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in, out] DhContext Pointer to the DH context.=0D + @param[in] PeerPublicKey Pointer to the peer's public key.=0D + @param[in] PeerPublicKeySize Size of peer's public key in bytes.= =0D + @param[out] Key Pointer to the buffer to receive gen= erated key.=0D + @param[in, out] KeySize On input, the size of Key buffer in = bytes.=0D + On output, the size of data returned= in Key buffer in bytes.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +DhComputeKey (=0D + IN OUT VOID *DhContext,=0D + IN CONST UINT8 *PeerPublicKey,=0D + IN UINTN PeerPublicKeySize,=0D + OUT UINT8 *Key,=0D + IN OUT UINTN *KeySize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptEcNull.c b/Crypt= oPkg/Library/BaseCryptLibMbedTls/Pk/CryptEcNull.c new file mode 100644 index 0000000000..b9c08379c0 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptEcNull.c @@ -0,0 +1,578 @@ +/** @file=0D + Elliptic Curve and ECDH API implementation based on MbedTLS=0D +=0D + Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D + SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include =0D +#include =0D +=0D +/**=0D + Initialize new opaque EcGroup object. This object represents an EC curve= and=0D + and is used for calculation within this group. This object should be fre= ed=0D + using EcGroupFree() function.=0D +=0D + @param[in] CryptoNid Identifying number for the ECC curve (Defined in= =0D + BaseCryptLib.h).=0D +=0D + @retval EcGroup object On success.=0D + @retval NULL On failure.=0D +**/=0D +VOID *=0D +EFIAPI=0D +EcGroupInit (=0D + IN UINTN CryptoNid=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return NULL;=0D +}=0D +=0D +/**=0D + Get EC curve parameters. While elliptic curve equation is Y^2 mod P =3D = (X^3 + AX + B) Mod P.=0D + This function will set the provided Big Number objects to the correspon= ding=0D + values. The caller needs to make sure all the "out" BigNumber parameters= =0D + are properly initialized.=0D +=0D + @param[in] EcGroup EC group object.=0D + @param[out] BnPrime Group prime number.=0D + @param[out] BnA A coefficient.=0D + @param[out] BnB B coefficient..=0D + @param[in] BnCtx BN context.=0D +=0D + @retval TRUE On success.=0D + @retval FALSE Otherwise.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +EcGroupGetCurve (=0D + IN CONST VOID *EcGroup,=0D + OUT VOID *BnPrime,=0D + OUT VOID *BnA,=0D + OUT VOID *BnB,=0D + IN VOID *BnCtx=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Get EC group order.=0D + This function will set the provided Big Number object to the correspondi= ng=0D + value. The caller needs to make sure that the "out" BigNumber parameter= =0D + is properly initialized.=0D +=0D + @param[in] EcGroup EC group object.=0D + @param[out] BnOrder Group prime number.=0D +=0D + @retval TRUE On success.=0D + @retval FALSE Otherwise.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +EcGroupGetOrder (=0D + IN VOID *EcGroup,=0D + OUT VOID *BnOrder=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Free previously allocated EC group object using EcGroupInit().=0D +=0D + @param[in] EcGroup EC group object to free.=0D +**/=0D +VOID=0D +EFIAPI=0D +EcGroupFree (=0D + IN VOID *EcGroup=0D + )=0D +{=0D + ASSERT (FALSE);=0D +}=0D +=0D +/**=0D + Initialize new opaque EC Point object. This object represents an EC poin= t=0D + within the given EC group (curve).=0D +=0D + @param[in] EC Group, properly initialized using EcGroupInit().=0D +=0D + @retval EC Point object On success.=0D + @retval NULL On failure.=0D +**/=0D +VOID *=0D +EFIAPI=0D +EcPointInit (=0D + IN CONST VOID *EcGroup=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return NULL;=0D +}=0D +=0D +/**=0D + Free previously allocated EC Point object using EcPointInit().=0D +=0D + @param[in] EcPoint EC Point to free.=0D + @param[in] Clear TRUE iff the memory should be cleared.=0D +**/=0D +VOID=0D +EFIAPI=0D +EcPointDeInit (=0D + IN VOID *EcPoint,=0D + IN BOOLEAN Clear=0D + )=0D +{=0D + ASSERT (FALSE);=0D +}=0D +=0D +/**=0D + Get EC point affine (x,y) coordinates.=0D + This function will set the provided Big Number objects to the correspond= ing=0D + values. The caller needs to make sure all the "out" BigNumber parameters= =0D + are properly initialized.=0D +=0D + @param[in] EcGroup EC group object.=0D + @param[in] EcPoint EC point object.=0D + @param[out] BnX X coordinate.=0D + @param[out] BnY Y coordinate.=0D + @param[in] BnCtx BN context, created with BigNumNewContext().=0D +=0D + @retval TRUE On success.=0D + @retval FALSE Otherwise.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +EcPointGetAffineCoordinates (=0D + IN CONST VOID *EcGroup,=0D + IN CONST VOID *EcPoint,=0D + OUT VOID *BnX,=0D + OUT VOID *BnY,=0D + IN VOID *BnCtx=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Set EC point affine (x,y) coordinates.=0D +=0D + @param[in] EcGroup EC group object.=0D + @param[in] EcPoint EC point object.=0D + @param[in] BnX X coordinate.=0D + @param[in] BnY Y coordinate.=0D + @param[in] BnCtx BN context, created with BigNumNewContext().=0D +=0D + @retval TRUE On success.=0D + @retval FALSE Otherwise.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +EcPointSetAffineCoordinates (=0D + IN CONST VOID *EcGroup,=0D + IN VOID *EcPoint,=0D + IN CONST VOID *BnX,=0D + IN CONST VOID *BnY,=0D + IN VOID *BnCtx=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + EC Point addition. EcPointResult =3D EcPointA + EcPointB.=0D +=0D + @param[in] EcGroup EC group object.=0D + @param[out] EcPointResult EC point to hold the result. The point shou= ld=0D + be properly initialized.=0D + @param[in] EcPointA EC Point.=0D + @param[in] EcPointB EC Point.=0D + @param[in] BnCtx BN context, created with BigNumNewContext()= .=0D +=0D + @retval TRUE On success.=0D + @retval FALSE Otherwise.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +EcPointAdd (=0D + IN CONST VOID *EcGroup,=0D + OUT VOID *EcPointResult,=0D + IN CONST VOID *EcPointA,=0D + IN CONST VOID *EcPointB,=0D + IN VOID *BnCtx=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Variable EC point multiplication. EcPointResult =3D EcPoint * BnPScalar.= =0D +=0D + @param[in] EcGroup EC group object.=0D + @param[out] EcPointResult EC point to hold the result. The point shou= ld=0D + be properly initialized.=0D + @param[in] EcPoint EC Point.=0D + @param[in] BnPScalar P Scalar.=0D + @param[in] BnCtx BN context, created with BigNumNewContext()= .=0D +=0D + @retval TRUE On success.=0D + @retval FALSE Otherwise.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +EcPointMul (=0D + IN CONST VOID *EcGroup,=0D + OUT VOID *EcPointResult,=0D + IN CONST VOID *EcPoint,=0D + IN CONST VOID *BnPScalar,=0D + IN VOID *BnCtx=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Calculate the inverse of the supplied EC point.=0D +=0D + @param[in] EcGroup EC group object.=0D + @param[in,out] EcPoint EC point to invert.=0D + @param[in] BnCtx BN context, created with BigNumNewContext().=0D +=0D + @retval TRUE On success.=0D + @retval FALSE Otherwise.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +EcPointInvert (=0D + IN CONST VOID *EcGroup,=0D + IN OUT VOID *EcPoint,=0D + IN VOID *BnCtx=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Check if the supplied point is on EC curve.=0D +=0D + @param[in] EcGroup EC group object.=0D + @param[in] EcPoint EC point to check.=0D + @param[in] BnCtx BN context, created with BigNumNewContext().=0D +=0D + @retval TRUE On curve.=0D + @retval FALSE Otherwise.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +EcPointIsOnCurve (=0D + IN CONST VOID *EcGroup,=0D + IN CONST VOID *EcPoint,=0D + IN VOID *BnCtx=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Check if the supplied point is at infinity.=0D +=0D + @param[in] EcGroup EC group object.=0D + @param[in] EcPoint EC point to check.=0D +=0D + @retval TRUE At infinity.=0D + @retval FALSE Otherwise.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +EcPointIsAtInfinity (=0D + IN CONST VOID *EcGroup,=0D + IN CONST VOID *EcPoint=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Check if EC points are equal.=0D +=0D + @param[in] EcGroup EC group object.=0D + @param[in] EcPointA EC point A.=0D + @param[in] EcPointB EC point B.=0D + @param[in] BnCtx BN context, created with BigNumNewContext().=0D +=0D + @retval TRUE A =3D=3D B.=0D + @retval FALSE Otherwise.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +EcPointEqual (=0D + IN CONST VOID *EcGroup,=0D + IN CONST VOID *EcPointA,=0D + IN CONST VOID *EcPointB,=0D + IN VOID *BnCtx=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Set EC point compressed coordinates. Points can be described in terms of= =0D + their compressed coordinates. For a point (x, y), for any given value fo= r x=0D + such that the point is on the curve there will only ever be two possible= =0D + values for y. Therefore, a point can be set using this function where Bn= X is=0D + the x coordinate and YBit is a value 0 or 1 to identify which of the two= =0D + possible values for y should be used.=0D +=0D + @param[in] EcGroup EC group object.=0D + @param[in] EcPoint EC Point.=0D + @param[in] BnX X coordinate.=0D + @param[in] YBit 0 or 1 to identify which Y value is used.=0D + @param[in] BnCtx BN context, created with BigNumNewContext().=0D +=0D + @retval TRUE On success.=0D + @retval FALSE Otherwise.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +EcPointSetCompressedCoordinates (=0D + IN CONST VOID *EcGroup,=0D + IN VOID *EcPoint,=0D + IN CONST VOID *BnX,=0D + IN UINT8 YBit,=0D + IN VOID *BnCtx=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Allocates and Initializes one Elliptic Curve Context for subsequent use= =0D + with the NID.=0D +=0D + @param[in] Nid cipher NID=0D + @return Pointer to the Elliptic Curve Context that has been initiali= zed.=0D + If the allocations fails, EcNewByNid() returns NULL.=0D +**/=0D +VOID *=0D +EFIAPI=0D +EcNewByNid (=0D + IN UINTN Nid=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return NULL;=0D +}=0D +=0D +/**=0D + Release the specified EC context.=0D +=0D + @param[in] EcContext Pointer to the EC context to be released.=0D +**/=0D +VOID=0D +EFIAPI=0D +EcFree (=0D + IN VOID *EcContext=0D + )=0D +{=0D + ASSERT (FALSE);=0D +}=0D +=0D +/**=0D + Generates EC key and returns EC public key (X, Y), Please note, this fun= ction uses=0D + pseudo random number generator. The caller must make sure RandomSeed()=0D + function was properly called before.=0D + The Ec context should be correctly initialized by EcNewByNid.=0D + This function generates random secret, and computes the public key (X, Y= ), which is=0D + returned via parameter Public, PublicSize.=0D + X is the first half of Public with size being PublicSize / 2,=0D + Y is the second half of Public with size being PublicSize / 2.=0D + EC context is updated accordingly.=0D + If the Public buffer is too small to hold the public X, Y, FALSE is retu= rned and=0D + PublicSize is set to the required buffer size to obtain the public X, Y.= =0D + For P-256, the PublicSize is 64. First 32-byte is X, Second 32-byte is Y= .=0D + For P-384, the PublicSize is 96. First 48-byte is X, Second 48-byte is Y= .=0D + For P-521, the PublicSize is 132. First 66-byte is X, Second 66-byte is = Y.=0D + If EcContext is NULL, then return FALSE.=0D + If PublicSize is NULL, then return FALSE.=0D + If PublicSize is large enough but Public is NULL, then return FALSE.=0D + @param[in, out] EcContext Pointer to the EC context.=0D + @param[out] PublicKey Pointer to t buffer to receive generated= public X,Y.=0D + @param[in, out] PublicKeySize On input, the size of Public buffer in b= ytes.=0D + On output, the size of data returned in = Public buffer in bytes.=0D + @retval TRUE EC public X,Y generation succeeded.=0D + @retval FALSE EC public X,Y generation failed.=0D + @retval FALSE PublicKeySize is not large enough.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +EcGenerateKey (=0D + IN OUT VOID *EcContext,=0D + OUT UINT8 *PublicKey,=0D + IN OUT UINTN *PublicKeySize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Gets the public key component from the established EC context.=0D + The Ec context should be correctly initialized by EcNewByNid, and succes= sfully=0D + generate key pair from EcGenerateKey().=0D + For P-256, the PublicSize is 64. First 32-byte is X, Second 32-byte is Y= .=0D + For P-384, the PublicSize is 96. First 48-byte is X, Second 48-byte is Y= .=0D + For P-521, the PublicSize is 132. First 66-byte is X, Second 66-byte is = Y.=0D + @param[in, out] EcContext Pointer to EC context being set.=0D + @param[out] PublicKey Pointer to t buffer to receive generated= public X,Y.=0D + @param[in, out] PublicKeySize On input, the size of Public buffer in b= ytes.=0D + On output, the size of data returned in = Public buffer in bytes.=0D + @retval TRUE EC key component was retrieved successfully.=0D + @retval FALSE Invalid EC key component.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +EcGetPubKey (=0D + IN OUT VOID *EcContext,=0D + OUT UINT8 *PublicKey,=0D + IN OUT UINTN *PublicKeySize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Computes exchanged common key.=0D + Given peer's public key (X, Y), this function computes the exchanged com= mon key,=0D + based on its own context including value of curve parameter and random s= ecret.=0D + X is the first half of PeerPublic with size being PeerPublicSize / 2,=0D + Y is the second half of PeerPublic with size being PeerPublicSize / 2.=0D + If EcContext is NULL, then return FALSE.=0D + If PeerPublic is NULL, then return FALSE.=0D + If PeerPublicSize is 0, then return FALSE.=0D + If Key is NULL, then return FALSE.=0D + If KeySize is not large enough, then return FALSE.=0D + For P-256, the PeerPublicSize is 64. First 32-byte is X, Second 32-byte = is Y.=0D + For P-384, the PeerPublicSize is 96. First 48-byte is X, Second 48-byte = is Y.=0D + For P-521, the PeerPublicSize is 132. First 66-byte is X, Second 66-byte= is Y.=0D + @param[in, out] EcContext Pointer to the EC context.=0D + @param[in] PeerPublic Pointer to the peer's public X,Y.=0D + @param[in] PeerPublicSize Size of peer's public X,Y in bytes.= =0D + @param[in] CompressFlag Flag of PeerPublic is compressed or = not.=0D + @param[out] Key Pointer to the buffer to receive gen= erated key.=0D + @param[in, out] KeySize On input, the size of Key buffer in = bytes.=0D + On output, the size of data returned= in Key buffer in bytes.=0D + @retval TRUE EC exchanged key generation succeeded.=0D + @retval FALSE EC exchanged key generation failed.=0D + @retval FALSE KeySize is not large enough.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +EcDhComputeKey (=0D + IN OUT VOID *EcContext,=0D + IN CONST UINT8 *PeerPublic,=0D + IN UINTN PeerPublicSize,=0D + IN CONST INT32 *CompressFlag,=0D + OUT UINT8 *Key,=0D + IN OUT UINTN *KeySize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Carries out the EC-DSA signature.=0D +=0D + This function carries out the EC-DSA signature.=0D + If the Signature buffer is too small to hold the contents of signature, = FALSE=0D + is returned and SigSize is set to the required buffer size to obtain the= signature.=0D +=0D + If EcContext is NULL, then return FALSE.=0D + If MessageHash is NULL, then return FALSE.=0D + If HashSize need match the HashNid. HashNid could be SHA256, SHA384, SHA= 512, SHA3_256, SHA3_384, SHA3_512.=0D + If SigSize is large enough but Signature is NULL, then return FALSE.=0D +=0D + For P-256, the SigSize is 64. First 32-byte is R, Second 32-byte is S.=0D + For P-384, the SigSize is 96. First 48-byte is R, Second 48-byte is S.=0D + For P-521, the SigSize is 132. First 66-byte is R, Second 66-byte is S.= =0D +=0D + @param[in] EcContext Pointer to EC context for signature genera= tion.=0D + @param[in] HashNid hash NID=0D + @param[in] MessageHash Pointer to octet message hash to be signed= .=0D + @param[in] HashSize Size of the message hash in bytes.=0D + @param[out] Signature Pointer to buffer to receive EC-DSA signat= ure.=0D + @param[in, out] SigSize On input, the size of Signature buffer in = bytes.=0D + On output, the size of data returned in Si= gnature buffer in bytes.=0D +=0D + @retval TRUE Signature successfully generated in EC-DSA.=0D + @retval FALSE Signature generation failed.=0D + @retval FALSE SigSize is too small.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +EcDsaSign (=0D + IN VOID *EcContext,=0D + IN UINTN HashNid,=0D + IN CONST UINT8 *MessageHash,=0D + IN UINTN HashSize,=0D + OUT UINT8 *Signature,=0D + IN OUT UINTN *SigSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Verifies the EC-DSA signature.=0D +=0D + If EcContext is NULL, then return FALSE.=0D + If MessageHash is NULL, then return FALSE.=0D + If Signature is NULL, then return FALSE.=0D + If HashSize need match the HashNid. HashNid could be SHA256, SHA384, SHA= 512, SHA3_256, SHA3_384, SHA3_512.=0D +=0D + For P-256, the SigSize is 64. First 32-byte is R, Second 32-byte is S.=0D + For P-384, the SigSize is 96. First 48-byte is R, Second 48-byte is S.=0D + For P-521, the SigSize is 132. First 66-byte is R, Second 66-byte is S.= =0D +=0D + @param[in] EcContext Pointer to EC context for signature verificatio= n.=0D + @param[in] HashNid hash NID=0D + @param[in] MessageHash Pointer to octet message hash to be checked.=0D + @param[in] HashSize Size of the message hash in bytes.=0D + @param[in] Signature Pointer to EC-DSA signature to be verified.=0D + @param[in] SigSize Size of signature in bytes.=0D +=0D + @retval TRUE Valid signature encoded in EC-DSA.=0D + @retval FALSE Invalid signature or invalid EC context.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +EcDsaVerify (=0D + IN VOID *EcContext,=0D + IN UINTN HashNid,=0D + IN CONST UINT8 *MessageHash,=0D + IN UINTN HashSize,=0D + IN CONST UINT8 *Signature,=0D + IN UINTN SigSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1OaepNull.c = b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1OaepNull.c new file mode 100644 index 0000000000..a686308652 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1OaepNull.c @@ -0,0 +1,51 @@ +/** @file=0D + This file contains UEFI wrapper functions for RSA PKCS1v2 OAEP encryptio= n routines.=0D +=0D + SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D + Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D + SPDX-License-Identifier: BSD-2-Clause-Patent=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + encrypted message in a newly allocated buffer.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] PublicKey A pointer to the DER-encoded X509 certif= icate that=0D + will be used to encrypt the data.=0D + @param[in] PublicKeySize Size of the X509 cert buffer.=0D + @param[in] InData Data to be encrypted.=0D + @param[in] InDataSize Size of the data buffer.=0D + @param[in] PrngSeed [Optional] If provided, a pointer to a r= andom seed buffer=0D + to be used when initializing the PRNG. N= ULL otherwise.=0D + @param[in] PrngSeedSize [Optional] If provided, size of the rand= om seed buffer.=0D + 0 otherwise.=0D + @param[out] EncryptedData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] EncryptedDataSize Size of the encrypted message buffer.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Pkcs1v2Encrypt (=0D + IN CONST UINT8 *PublicKey,=0D + IN UINTN PublicKeySize,=0D + IN UINT8 *InData,=0D + IN UINTN InDataSize,=0D + IN CONST UINT8 *PrngSeed,=0D + OPTIONAL=0D + IN UINTN PrngSeedSize,=0D + OPTIONAL=0D + OUT UINT8 **EncryptedData,=0D + OUT UINTN *EncryptedDataSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2Null.= c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2Null.c new file mode 100644 index 0000000000..24c284b98c --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2Null.c @@ -0,0 +1,48 @@ +/** @file=0D + PBKDF2 Key Derivation Function Wrapper Implementation which does not pro= vide real=0D + capabilities.=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Derives a key from a password using a salt and iteration count, based on= PKCS#5 v2.0=0D + password based encryption key derivation function PBKDF2, as specified i= n RFC 2898.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] PasswordLength Length of input password in bytes.=0D + @param[in] Password Pointer to the array for the password.=0D + @param[in] SaltLength Size of the Salt in bytes.=0D + @param[in] Salt Pointer to the Salt.=0D + @param[in] IterationCount Number of iterations to perform. Its value s= hould be=0D + greater than or equal to 1.=0D + @param[in] DigestSize Size of the message digest to be used (eg. S= HA256_DIGEST_SIZE).=0D + NOTE: DigestSize will be used to determine t= he hash algorithm.=0D + Only SHA1_DIGEST_SIZE or SHA256_DIGEST= _SIZE is supported.=0D + @param[in] KeyLength Size of the derived key buffer in bytes.=0D + @param[out] OutKey Pointer to the output derived key buffer.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Pkcs5HashPassword (=0D + IN UINTN PasswordLength,=0D + IN CONST CHAR8 *Password,=0D + IN UINTN SaltLength,=0D + IN CONST UINT8 *Salt,=0D + IN UINTN IterationCount,=0D + IN UINTN DigestSize,=0D + IN UINTN KeyLength,=0D + OUT UINT8 *OutKey=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Internal.h = b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Internal.h new file mode 100644 index 0000000000..207f493cbb --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Internal.h @@ -0,0 +1,83 @@ +/** @file=0D + PKCS#7 SignedData Sign Wrapper and PKCS#7 SignedData Verification Wrappe= r=0D + Implementation over mbedtls, Internal headers.=0D +=0D + RFC 2315 - PKCS #7: Cryptographic Message Syntax Version 1.5=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#ifndef CRYPT_PKCS7_INTERNAL_H_=0D +#define CRYPT_PKCS7_INTERNAL_H_=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +#include "mbedtls/oid.h"=0D +#include "mbedtls/asn1.h"=0D +#include "mbedtls/asn1write.h"=0D +#include "mbedtls/x509.h"=0D +#include "mbedtls/x509_crt.h"=0D +=0D +///=0D +/// PKCS7 OID=0D +///=0D +#define MBEDTLS_OID_PKCS7 MBEDTLS_OID_PKCS "\x0= 7"=0D +#define MBEDTLS_OID_PKCS7_DATA MBEDTLS_OID_PKCS7 "\x= 01"=0D +#define MBEDTLS_OID_PKCS7_SIGNED_DATA MBEDTLS_OID_PKCS7 "\x= 02"=0D +#define MBEDTLS_OID_PKCS7_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x= 03"=0D +#define MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x= 04"=0D +#define MBEDTLS_OID_PKCS7_DIGESTED_DATA MBEDTLS_OID_PKCS7 "\x= 05"=0D +#define MBEDTLS_OID_PKCS7_ENCRYPTED_DATA MBEDTLS_OID_PKCS7 "\x= 06"=0D +=0D +typedef mbedtls_asn1_buf MBEDTLSPKCS7BUF;=0D +typedef mbedtls_asn1_named_data MBEDTLSPKCS7NAME;=0D +typedef mbedtls_asn1_sequence MBEDTLSPKCS7SEQUENCE;=0D +=0D +///=0D +/// PKCS7 SignerInfo type=0D +/// https://tools.ietf.org/html/rfc2315#section-9.2=0D +///=0D +typedef struct MbedtlsPkcs7SignerInfo {=0D + INT32 Version;=0D + mbedtls_x509_buf Serial;=0D + mbedtls_x509_name Issuer;=0D + mbedtls_x509_buf IssuerRaw;=0D + mbedtls_x509_buf AlgIdentifier;=0D + mbedtls_x509_buf SigAlgIdentifier;=0D + mbedtls_x509_buf AuthAttr;=0D + mbedtls_x509_buf Sig;=0D + struct MBEDTLSPKCS7SIGNERINFO *Next;=0D +} MBEDTLSPKCS7SIGNERINFO;=0D +=0D +///=0D +/// PKCS7 signed data attached data format=0D +///=0D +typedef struct MbedtlsPkcs7Data {=0D + mbedtls_asn1_buf Oid;=0D + mbedtls_asn1_buf Data;=0D +} MBEDTLSPKCS7DATA;=0D +=0D +///=0D +/// Signed Data=0D +/// https://tools.ietf.org/html/rfc2315#section-9.1=0D +///=0D +typedef struct MbedtlsPkcs7SignedData {=0D + INT32 Version;=0D + mbedtls_asn1_buf DigestAlgorithms;=0D + struct MBEDTLSPKCS7DATA ContentInfo;=0D + mbedtls_x509_crt Certificates;=0D + mbedtls_x509_crl Crls;=0D + struct MbedtlsPkcs7SignerInfo SignerInfos;=0D +} MBEDTLSPKCS7SIGNEDDATA;=0D +=0D +///=0D +/// PKCS7 struct, only support SignedData=0D +///=0D +typedef struct MbedtlsPkcs7 {=0D + mbedtls_asn1_buf ContentTypeOid;=0D + struct MBEDTLSPKCS7SIGNEDDATA SignedData;=0D +} MBEDTLSPKCS7;=0D +=0D +#endif=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7SignNull.c = b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7SignNull.c new file mode 100644 index 0000000000..03032592a1 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7SignNull.c @@ -0,0 +1,53 @@ +/** @file=0D + PKCS#7 SignedData Sign Wrapper Implementation which does not provide rea= l=0D + capabilities.=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Mess= age=0D + Syntax Standard, version 1.5". This interface is only intended to be use= d for=0D + application to perform PKCS#7 functionality validation.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] PrivateKey Pointer to the PEM-formatted private key da= ta for=0D + data signing.=0D + @param[in] PrivateKeySize Size of the PEM private key data in bytes.= =0D + @param[in] KeyPassword NULL-terminated passphrase used for encrypt= ed PEM=0D + key data.=0D + @param[in] InData Pointer to the content to be signed.=0D + @param[in] InDataSize Size of InData in bytes.=0D + @param[in] SignCert Pointer to signer's DER-encoded certificate= to sign with.=0D + @param[in] OtherCerts Pointer to an optional additional set of ce= rtificates to=0D + include in the PKCS#7 signedData (e.g. any = intermediate=0D + CAs in the chain).=0D + @param[out] SignedData Pointer to output PKCS#7 signedData. It's c= aller's=0D + responsibility to free the buffer with Free= Pool().=0D + @param[out] SignedDataSize Size of SignedData in bytes.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Pkcs7Sign (=0D + IN CONST UINT8 *PrivateKey,=0D + IN UINTN PrivateKeySize,=0D + IN CONST UINT8 *KeyPassword,=0D + IN UINT8 *InData,=0D + IN UINTN InDataSize,=0D + IN UINT8 *SignCert,=0D + IN UINT8 *OtherCerts OPTIONAL,=0D + OUT UINT8 **SignedData,=0D + OUT UINTN *SignedDataSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEkuNu= ll.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEkuNull.c new file mode 100644 index 0000000000..63d7a23af3 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEkuNull.c @@ -0,0 +1,152 @@ +/** @file=0D + PKCS7 Verify Null implementation.=0D +=0D + Copyright (C) Microsoft Corporation. All Rights Reserved.=0D + Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +=0D + SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + This function will return the leaf signer certificate in a chain. This = is=0D + required because certificate chains are not guaranteed to have the=0D + certificates in the order that they were issued.=0D +=0D + A typical certificate chain looks like this:=0D +=0D +=0D + ----------------------------=0D + | Root |=0D + ----------------------------=0D + ^=0D + |=0D + ----------------------------=0D + | Policy CA | <-- Typical Trust Anchor.=0D + ----------------------------=0D + ^=0D + |=0D + ----------------------------=0D + | Issuing CA |=0D + ----------------------------=0D + ^=0D + |=0D + -----------------------------=0D + / End-Entity (leaf) signer / <-- Bottom certificate.=0D + ----------------------------- EKU: "1.3.6.1.4.1.311.76.9.= 21.1"=0D + (Firmware Signing)=0D +=0D +=0D + @param[in] CertChain Certificate chain.=0D +=0D + @param[out] SignerCert Last certificate in the chain. For PK= CS7 signatures,=0D + this will be the end-entity (leaf) sig= ner cert.=0D +=0D + @retval EFI_SUCCESS The required EKUs were found in the si= gnature.=0D + @retval EFI_INVALID_PARAMETER A parameter was invalid.=0D + @retval EFI_NOT_FOUND The number of signers found was not 1.= =0D +=0D +**/=0D +EFI_STATUS=0D +GetSignerCertificate (=0D + IN CONST VOID *CertChain,=0D + OUT VOID **SignerCert=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return EFI_NOT_READY;=0D +}=0D +=0D +/**=0D + Determines if the specified EKU represented in ASN1 form is present=0D + in a given certificate.=0D +=0D + @param[in] Cert The certificate to check.=0D +=0D + @param[in] Asn1ToFind The EKU to look for.=0D +=0D + @retval EFI_SUCCESS We successfully identified the signing= type.=0D + @retval EFI_INVALID_PARAMETER A parameter was invalid.=0D + @retval EFI_NOT_FOUND One or more EKU's were not found in th= e signature.=0D +=0D +**/=0D +EFI_STATUS=0D +IsEkuInCertificate (=0D + IN CONST VOID *Cert,=0D + IN VOID *Asn1ToFind=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return EFI_NOT_READY;=0D +}=0D +=0D +/**=0D + Determines if the specified EKUs are present in a signing certificate.=0D +=0D + @param[in] SignerCert The certificate to check.=0D + @param[in] RequiredEKUs The EKUs to look for.=0D + @param[in] RequiredEKUsSize The number of EKUs=0D + @param[in] RequireAllPresent If TRUE, then all the specified EKUs=0D + must be present in the certificate.=0D +=0D + @retval EFI_SUCCESS We successfully identified the signing= type.=0D + @retval EFI_INVALID_PARAMETER A parameter was invalid.=0D + @retval EFI_NOT_FOUND One or more EKU's were not found in th= e signature.=0D +**/=0D +EFI_STATUS=0D +CheckEKUs (=0D + IN CONST VOID *SignerCert,=0D + IN CONST CHAR8 *RequiredEKUs[],=0D + IN CONST UINT32 RequiredEKUsSize,=0D + IN BOOLEAN RequireAllPresent=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return EFI_NOT_READY;=0D +}=0D +=0D +/**=0D + This function receives a PKCS#7 formatted signature blob,=0D + looks for the EKU SEQUENCE blob, and if found then looks=0D + for all the required EKUs. This function was created so that=0D + the Surface team can cut down on the number of Certificate=0D + Authorities (CA's) by checking EKU's on leaf signers for=0D + a specific product. This prevents one product's certificate=0D + from signing another product's firmware or unlock blobs.=0D +=0D + Note that this function does not validate the certificate chain.=0D + That needs to be done before using this function.=0D +=0D + @param[in] Pkcs7Signature The PKCS#7 signed information content b= lock. An array=0D + containing the content block with both = the signature,=0D + the signer's certificate, and any neces= sary intermediate=0D + certificates.=0D + @param[in] Pkcs7SignatureSize Number of bytes in Pkcs7Signature.=0D + @param[in] RequiredEKUs Array of null-terminated strings listin= g OIDs of=0D + required EKUs that must be present in t= he signature.=0D + @param[in] RequiredEKUsSize Number of elements in the RequiredEKUs = string array.=0D + @param[in] RequireAllPresent If this is TRUE, then all of the specif= ied EKU's=0D + must be present in the leaf signer. If= it is=0D + FALSE, then we will succeed if we find = any=0D + of the specified EKU's.=0D +=0D + @retval EFI_SUCCESS The required EKUs were found in the sig= nature.=0D + @retval EFI_INVALID_PARAMETER A parameter was invalid.=0D + @retval EFI_NOT_FOUND One or more EKU's were not found in the= signature.=0D +=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +VerifyEKUsInPkcs7Signature (=0D + IN CONST UINT8 *Pkcs7Signature,=0D + IN CONST UINT32 SignatureSize,=0D + IN CONST CHAR8 *RequiredEKUs[],=0D + IN CONST UINT32 RequiredEKUsSize,=0D + IN BOOLEAN RequireAllPresent=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return EFI_NOT_READY;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEkuRu= ntime.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEkuRunti= me.c new file mode 100644 index 0000000000..91273cbdb9 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEkuRuntime.c @@ -0,0 +1,56 @@ +/** @file=0D + This module verifies that Enhanced Key Usages (EKU's) are present within= =0D + a PKCS7 signature blob using MbedTLS.=0D +=0D + Copyright (C) Microsoft Corporation. All Rights Reserved.=0D + Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +=0D + SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + This function receives a PKCS#7 formatted signature blob,=0D + looks for the EKU SEQUENCE blob, and if found then looks=0D + for all the required EKUs. This function was created so that=0D + the Surface team can cut down on the number of Certificate=0D + Authorities (CA's) by checking EKU's on leaf signers for=0D + a specific product. This prevents one product's certificate=0D + from signing another product's firmware or unlock blobs.=0D +=0D + Return RETURN_UNSUPPORTED to indicate this interface is not supported.=0D +=0D + @param[in] Pkcs7Signature The PKCS#7 signed information content = block. An array=0D + containing the content block with both= the signature,=0D + the signer's certificate, and any nece= ssary intermediate=0D + certificates.=0D + @param[in] Pkcs7SignatureSize Number of bytes in pPkcs7Signature.=0D + @param[in] RequiredEKUs Array of null-terminated strings listi= ng OIDs of=0D + required EKUs that must be present in = the signature.=0D + All specified EKU's must be present in= order to=0D + succeed.=0D + @param[in] RequiredEKUsSize Number of elements in the rgRequiredEK= Us string.=0D + This parameter has a maximum of MAX_EK= U_SEARCH.=0D + @param[in] RequireAllPresent If this is TRUE, then all of the speci= fied EKU's=0D + must be present in the leaf signer. I= f it is=0D + FALSE, then we will succeed if we find= any=0D + of the specified EKU's.=0D +=0D + @retval RETURN_UNSUPPORTED The operation is not supported.=0D +=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +VerifyEKUsInPkcs7Signature (=0D + IN CONST UINT8 *Pkcs7Signature,=0D + IN CONST UINT32 SignatureSize,=0D + IN CONST CHAR8 *RequiredEKUs[],=0D + IN CONST UINT32 RequiredEKUsSize,=0D + IN BOOLEAN RequireAllPresent=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return RETURN_UNSUPPORTED;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyNull.= c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyNull.c new file mode 100644 index 0000000000..82b2b07991 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyNull.c @@ -0,0 +1,163 @@ +/** @file=0D + PKCS#7 SignedData Verification Wrapper Implementation which does not pro= vide=0D + real capabilities.=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Get the signer's certificates from PKCS#7 signed data as described in "P= KCS #7:=0D + Cryptographic Message Syntax Standard". The input signed data could be w= rapped=0D + in a ContentInfo structure.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] P7Data Pointer to the PKCS#7 message to verify.=0D + @param[in] P7Length Length of the PKCS#7 message in bytes.=0D + @param[out] CertStack Pointer to Signer's certificates retrieved from= P7Data.=0D + It's caller's responsibility to free the buffer= with=0D + Pkcs7FreeSigners().=0D + This data structure is EFI_CERT_STACK type.=0D + @param[out] StackLength Length of signer's certificates in bytes.=0D + @param[out] TrustedCert Pointer to a trusted certificate from Signer's = certificates.=0D + It's caller's responsibility to free the buffer= with=0D + Pkcs7FreeSigners().=0D + @param[out] CertLength Length of the trusted certificate in bytes.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Pkcs7GetSigners (=0D + IN CONST UINT8 *P7Data,=0D + IN UINTN P7Length,=0D + OUT UINT8 **CertStack,=0D + OUT UINTN *StackLength,=0D + OUT UINT8 **TrustedCert,=0D + OUT UINTN *CertLength=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Wrap function to use free() to free allocated memory for certificates.=0D +=0D + If the interface is not supported, then ASSERT().=0D +=0D + @param[in] Certs Pointer to the certificates to be freed.=0D +=0D +**/=0D +VOID=0D +EFIAPI=0D +Pkcs7FreeSigners (=0D + IN UINT8 *Certs=0D + )=0D +{=0D + ASSERT (FALSE);=0D +}=0D +=0D +/**=0D + Retrieves all embedded certificates from PKCS#7 signed data as described= in "PKCS #7:=0D + Cryptographic Message Syntax Standard", and outputs two certificate list= s chained and=0D + unchained to the signer's certificates.=0D + The input signed data could be wrapped in a ContentInfo structure.=0D +=0D + @param[in] P7Data Pointer to the PKCS#7 message.=0D + @param[in] P7Length Length of the PKCS#7 message in bytes.=0D + @param[out] SignerChainCerts Pointer to the certificates list chained t= o signer's=0D + certificate. It's caller's responsibility = to free the buffer=0D + with Pkcs7FreeSigners().=0D + This data structure is EFI_CERT_STACK type= .=0D + @param[out] ChainLength Length of the chained certificates list bu= ffer in bytes.=0D + @param[out] UnchainCerts Pointer to the unchained certificates list= s. It's caller's=0D + responsibility to free the buffer with Pkc= s7FreeSigners().=0D + This data structure is EFI_CERT_STACK type= .=0D + @param[out] UnchainLength Length of the unchained certificates list = buffer in bytes.=0D +=0D + @retval TRUE The operation is finished successfully.=0D + @retval FALSE Error occurs during the operation.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Pkcs7GetCertificatesList (=0D + IN CONST UINT8 *P7Data,=0D + IN UINTN P7Length,=0D + OUT UINT8 **SignerChainCerts,=0D + OUT UINTN *ChainLength,=0D + OUT UINT8 **UnchainCerts,=0D + OUT UINTN *UnchainLength=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Verifies the validity of a PKCS#7 signed data as described in "PKCS #7:= =0D + Cryptographic Message Syntax Standard". The input signed data could be w= rapped=0D + in a ContentInfo structure.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] P7Data Pointer to the PKCS#7 message to verify.=0D + @param[in] P7Length Length of the PKCS#7 message in bytes.=0D + @param[in] TrustedCert Pointer to a trusted/root certificate encoded i= n DER, which=0D + is used for certificate chain verification.=0D + @param[in] CertLength Length of the trusted certificate in bytes.=0D + @param[in] InData Pointer to the content to be verified.=0D + @param[in] DataLength Length of InData in bytes.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Pkcs7Verify (=0D + IN CONST UINT8 *P7Data,=0D + IN UINTN P7Length,=0D + IN CONST UINT8 *TrustedCert,=0D + IN UINTN CertLength,=0D + IN CONST UINT8 *InData,=0D + IN UINTN DataLength=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Extracts the attached content from a PKCS#7 signed data if existed. The = input signed=0D + data could be wrapped in a ContentInfo structure.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] P7Data Pointer to the PKCS#7 signed data to process.= =0D + @param[in] P7Length Length of the PKCS#7 signed data in bytes.=0D + @param[out] Content Pointer to the extracted content from the PKCS= #7 signedData.=0D + It's caller's responsibility to free the buffe= r with FreePool().=0D + @param[out] ContentSize The size of the extracted content in bytes.=0D +=0D + @retval TRUE The P7Data was correctly formatted for process= ing.=0D + @retval FALSE The P7Data was not correctly formatted for pro= cessing.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Pkcs7GetAttachedContent (=0D + IN CONST UINT8 *P7Data,=0D + IN UINTN P7Length,=0D + OUT VOID **Content,=0D + OUT UINTN *ContentSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyRunti= me.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyRuntime.c new file mode 100644 index 0000000000..518a769ed3 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyRuntime.c @@ -0,0 +1,38 @@ +/** @file=0D + Runtime specific implementation of PKCS#7 SignedData Verification Wrappe= r.=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Extracts the attached content from a PKCS#7 signed data if existed. The = input signed=0D + data could be wrapped in a ContentInfo structure.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] P7Data Pointer to the PKCS#7 signed data to process.= =0D + @param[in] P7Length Length of the PKCS#7 signed data in bytes.=0D + @param[out] Content Pointer to the extracted content from the PKCS= #7 signedData.=0D + It's caller's responsibility to free the buffe= r with FreePool().=0D + @param[out] ContentSize The size of the extracted content in bytes.=0D +=0D + @retval TRUE The P7Data was correctly formatted for process= ing.=0D + @retval FALSE The P7Data was not correctly formatted for pro= cessing.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Pkcs7GetAttachedContent (=0D + IN CONST UINT8 *P7Data,=0D + IN UINTN P7Length,=0D + OUT VOID **Content,=0D + OUT UINTN *ContentSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTsNull.c b/Crypt= oPkg/Library/BaseCryptLibMbedTls/Pk/CryptTsNull.c new file mode 100644 index 0000000000..fcde333a6d --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTsNull.c @@ -0,0 +1,42 @@ +/** @file=0D + RFC3161 Timestamp Countersignature Verification Wrapper Implementation w= hich does=0D + not provide real capabilities.=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Verifies the validity of a RFC3161 Timestamp CounterSignature embedded i= n PE/COFF Authenticode=0D + signature.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] AuthData Pointer to the Authenticode Signature retrieved= from signed=0D + PE/COFF image to be verified.=0D + @param[in] DataSize Size of the Authenticode Signature in bytes.=0D + @param[in] TsaCert Pointer to a trusted/root TSA certificate encod= ed in DER, which=0D + is used for TSA certificate chain verification.= =0D + @param[in] CertSize Size of the trusted certificate in bytes.=0D + @param[out] SigningTime Return the time of timestamp generation time if= the timestamp=0D + signature is valid.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +ImageTimestampVerify (=0D + IN CONST UINT8 *AuthData,=0D + IN UINTN DataSize,=0D + IN CONST UINT8 *TsaCert,=0D + IN UINTN CertSize,=0D + OUT EFI_TIME *SigningTime=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509Null.c b/Cry= ptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509Null.c new file mode 100644 index 0000000000..8ee3d44435 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509Null.c @@ -0,0 +1,753 @@ +/** @file=0D + X.509 Certificate Handler Wrapper Implementation which does not provide= =0D + real capabilities.=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Construct a X509 object from DER-encoded certificate data.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] Cert Pointer to the DER-encoded certificate data.= =0D + @param[in] CertSize The size of certificate data in bytes.=0D + @param[out] SingleX509Cert The generated X509 object.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509ConstructCertificate (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 **SingleX509Cert=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Construct a X509 stack object from a list of DER-encoded certificate dat= a.=0D +=0D + If X509Stack is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in, out] X509Stack On input, pointer to an existing or NULL X50= 9 stack object.=0D + On output, pointer to the X509 stack object = with new=0D + inserted X509 certificate.=0D + @param[in] Args VA_LIST marker for the variable argument lis= t.=0D + A list of DER-encoded single certificate dat= a followed=0D + by certificate size. A NULL terminates the l= ist. The=0D + pairs are the arguments to X509ConstructCert= ificate().=0D +=0D + @retval TRUE The X509 stack construction succeeded.=0D + @retval FALSE The construction operation failed.=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509ConstructCertificateStackV (=0D + IN OUT UINT8 **X509Stack,=0D + IN VA_LIST Args=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Construct a X509 stack object from a list of DER-encoded certificate dat= a.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in, out] X509Stack On input, pointer to an existing or NULL X50= 9 stack object.=0D + On output, pointer to the X509 stack object = with new=0D + inserted X509 certificate.=0D + @param ... A list of DER-encoded single certificate dat= a followed=0D + by certificate size. A NULL terminates the l= ist. The=0D + pairs are the arguments to X509ConstructCert= ificate().=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509ConstructCertificateStack (=0D + IN OUT UINT8 **X509Stack,=0D + ...=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Release the specified X509 object.=0D +=0D + If the interface is not supported, then ASSERT().=0D +=0D + @param[in] X509Cert Pointer to the X509 object to be released.=0D +=0D +**/=0D +VOID=0D +EFIAPI=0D +X509Free (=0D + IN VOID *X509Cert=0D + )=0D +{=0D + ASSERT (FALSE);=0D +}=0D +=0D +/**=0D + Release the specified X509 stack object.=0D +=0D + If the interface is not supported, then ASSERT().=0D +=0D + @param[in] X509Stack Pointer to the X509 stack object to be released.= =0D +=0D +**/=0D +VOID=0D +EFIAPI=0D +X509StackFree (=0D + IN VOID *X509Stack=0D + )=0D +{=0D + ASSERT (FALSE);=0D +}=0D +=0D +/**=0D + Retrieve the subject bytes from one X.509 certificate.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] CertSubject Pointer to the retrieved certificate subjec= t bytes.=0D + @param[in, out] SubjectSize The size in bytes of the CertSubject buffer= on input,=0D + and the size of buffer returned CertSubject= on output.=0D +=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetSubjectName (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *CertSubject,=0D + IN OUT UINTN *SubjectSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the common name (CN) string from one X.509 certificate.=0D +=0D + Return RETURN_UNSUPPORTED to indicate this interface is not supported.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] CommonName Buffer to contain the retrieved certifi= cate common=0D + name string (UTF8). At most CommonNameS= ize bytes will be=0D + written and the string will be null ter= minated. May be=0D + NULL in order to determine the size buf= fer needed.=0D + @param[in,out] CommonNameSize The size in bytes of the CommonName buf= fer on input,=0D + and the size of buffer returned CommonN= ame on output.=0D + If CommonName is NULL then the amount o= f space needed=0D + in buffer (including the final null) is= returned.=0D +=0D + @retval RETURN_UNSUPPORTED The operation is not supported.=0D +=0D +**/=0D +RETURN_STATUS=0D +EFIAPI=0D +X509GetCommonName (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT CHAR8 *CommonName OPTIONAL,=0D + IN OUT UINTN *CommonNameSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return RETURN_UNSUPPORTED;=0D +}=0D +=0D +/**=0D + Retrieve the organization name (ON) string from one X.509 certificate.=0D +=0D + Return RETURN_UNSUPPORTED to indicate this interface is not supported.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] NameBuffer Buffer to contain the retrieved certifi= cate organization=0D + name string. At most NameBufferSize byt= es will be=0D + written and the string will be null ter= minated. May be=0D + NULL in order to determine the size buf= fer needed.=0D + @param[in,out] NameBufferSize The size in bytes of the Name buffer on= input,=0D + and the size of buffer returned Name on= output.=0D + If NameBuffer is NULL then the amount o= f space needed=0D + in buffer (including the final null) is= returned.=0D +=0D + @retval RETURN_UNSUPPORTED The operation is not supported.=0D +=0D +**/=0D +RETURN_STATUS=0D +EFIAPI=0D +X509GetOrganizationName (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT CHAR8 *NameBuffer OPTIONAL,=0D + IN OUT UINTN *NameBufferSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return RETURN_UNSUPPORTED;=0D +}=0D +=0D +/**=0D + Retrieve the RSA Public Key from one DER-encoded X509 certificate.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] RsaContext Pointer to new-generated RSA context which cont= ain the retrieved=0D + RSA public key component. Use RsaFree() functio= n to free the=0D + resource.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaGetPublicKeyFromX509 (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT VOID **RsaContext=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Verify one X509 certificate was issued by the trusted CA.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= to be verified.=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[in] CACert Pointer to the DER-encoded trusted CA certi= ficate.=0D + @param[in] CACertSize Size of the CA Certificate in bytes.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509VerifyCert (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + IN CONST UINT8 *CACert,=0D + IN UINTN CACertSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the TBSCertificate from one given X.509 certificate.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] Cert Pointer to the given DER-encoded X509 certi= ficate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] TBSCert DER-Encoded To-Be-Signed certificate.=0D + @param[out] TBSCertSize Size of the TBS certificate in bytes.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetTBSCert (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 **TBSCert,=0D + OUT UINTN *TBSCertSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the EC Public Key from one DER-encoded X509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] EcContext Pointer to new-generated EC DSA context which c= ontain the retrieved=0D + EC public key component. Use EcFree() function = to free the=0D + resource.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If EcContext is NULL, then return FALSE.=0D +=0D + @retval TRUE EC Public Key was retrieved successfully.=0D + @retval FALSE Fail to retrieve EC public key from X509 certificate.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +EcGetPublicKeyFromX509 (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT VOID **EcContext=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the version from one X.509 certificate.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertSize is 0, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] Version Pointer to the retrieved version integer.=0D +=0D + @retval TRUE The certificate version retrieved successfully.=0D + @retval FALSE If Cert is NULL or CertSize is Zero.=0D + @retval FALSE The operation is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetVersion (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINTN *Version=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the serialNumber from one X.509 certificate.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertSize is 0, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] SerialNumber Pointer to the retrieved certificate Seria= lNumber bytes.=0D + @param[in, out] SerialNumberSize The size in bytes of the SerialNumber = buffer on input,=0D + and the size of buffer returned SerialNumbe= r on output.=0D +=0D + @retval TRUE The certificate serialNumber retrieved = successfully.=0D + @retval FALSE If Cert is NULL or CertSize is Zero.=0D + If SerialNumberSize is NULL.=0D + If Certificate is invalid.=0D + @retval FALSE If no SerialNumber exists.=0D + @retval FALSE If the SerialNumber is NULL. The requir= ed buffer size=0D + (including the final null) is returned = in the=0D + SerialNumberSize parameter.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetSerialNumber (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *SerialNumber,=0D + OPTIONAL=0D + IN OUT UINTN *SerialNumberSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the issuer bytes from one X.509 certificate.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertIssuerSize is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] CertIssuer Pointer to the retrieved certificate subject= bytes.=0D + @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buff= er on input,=0D + and the size of buffer returned CertSubject= on output.=0D +=0D + @retval TRUE The certificate issuer retrieved successfully.=0D + @retval FALSE Invalid certificate, or the CertIssuerSize is too small = for the result.=0D + The CertIssuerSize will be updated with the required siz= e.=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetIssuerName (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *CertIssuer,=0D + IN OUT UINTN *CertIssuerSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the Signature Algorithm from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] Oid Signature Algorithm Object identifier b= uffer.=0D + @param[in,out] OidSize Signature Algorithm Object identifier b= uffer size=0D +=0D + @retval TRUE The certificate Extension data retrieved successf= ully.=0D + @retval FALSE If Cert is NULL.=0D + If OidSize is NULL.=0D + If Oid is not NULL and *OidSize is 0.=0D + If Certificate is invalid.=0D + @retval FALSE If no SignatureType.=0D + @retval FALSE If the Oid is NULL. The required buffer= size=0D + is returned in the OidSize.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetSignatureAlgorithm (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *Oid,=0D + OPTIONAL=0D + IN OUT UINTN *OidSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve Extension data from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[in] Oid Object identifier buffer=0D + @param[in] OidSize Object identifier buffer size=0D + @param[out] ExtensionData Extension bytes.=0D + @param[in, out] ExtensionDataSize Extension bytes size.=0D +=0D + @retval TRUE The certificate Extension data retrieve= d successfully.=0D + @retval FALSE If Cert is NULL.=0D + If ExtensionDataSize is NULL.=0D + If ExtensionData is not NULL and *Exten= sionDataSize is 0.=0D + If Certificate is invalid.=0D + @retval FALSE If no Extension entry match Oid.=0D + @retval FALSE If the ExtensionData is NULL. The requi= red buffer size=0D + is returned in the ExtensionDataSize pa= rameter.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetExtensionData (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + IN CONST UINT8 *Oid,=0D + IN UINTN OidSize,=0D + OUT UINT8 *ExtensionData,=0D + IN OUT UINTN *ExtensionDataSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the Extended Key Usage from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] Usage Key Usage bytes.=0D + @param[in, out] UsageSize Key Usage buffer sizs in bytes.=0D +=0D + @retval TRUE The Usage bytes retrieve successfully.= =0D + @retval FALSE If Cert is NULL.=0D + If CertSize is NULL.=0D + If Usage is not NULL and *UsageSize is = 0.=0D + If Cert is invalid.=0D + @retval FALSE If the Usage is NULL. The required buff= er size=0D + is returned in the UsageSize parameter.= =0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetExtendedKeyUsage (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *Usage,=0D + IN OUT UINTN *UsageSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the Validity from one X.509 certificate=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertIssuerSize is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[in] From notBefore Pointer to DateTime object.=0D + @param[in,out] FromSize notBefore DateTime object size.=0D + @param[in] To notAfter Pointer to DateTime object.=0D + @param[in,out] ToSize notAfter DateTime object size.=0D +=0D + Note: X509CompareDateTime to compare DateTime oject=0D + x509SetDateTime to get a DateTime object from a DateTimeStr=0D +=0D + @retval TRUE The certificate Validity retrieved successfully.=0D + @retval FALSE Invalid certificate, or Validity retrieve failed.=0D + @retval FALSE This interface is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetValidity (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + IN UINT8 *From,=0D + IN OUT UINTN *FromSize,=0D + IN UINT8 *To,=0D + IN OUT UINTN *ToSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Format a DateTimeStr to DataTime object in DataTime Buffer=0D +=0D + If DateTimeStr is NULL, then return FALSE.=0D + If DateTimeSize is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ=0D + Ref: https://www.w3.org/TR/NOTE-datetim= e=0D + Z stand for UTC time=0D + @param[out] DateTime Pointer to a DateTime object.=0D + @param[in,out] DateTimeSize DateTime object buffer size.=0D +=0D + @retval TRUE The DateTime object create successfully= .=0D + @retval FALSE If DateTimeStr is NULL.=0D + If DateTimeSize is NULL.=0D + If DateTime is not NULL and *DateTimeSi= ze is 0.=0D + If Year Month Day Hour Minute Second co= mbination is invalid datetime.=0D + @retval FALSE If the DateTime is NULL. The required b= uffer size=0D + (including the final null) is returned = in the=0D + DateTimeSize parameter.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509FormatDateTime (=0D + IN CONST CHAR8 *DateTimeStr,=0D + OUT VOID *DateTime,=0D + IN OUT UINTN *DateTimeSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Compare DateTime1 object and DateTime2 object.=0D +=0D + If DateTime1 is NULL, then return -2.=0D + If DateTime2 is NULL, then return -2.=0D + If DateTime1 =3D=3D DateTime2, then return 0=0D + If DateTime1 > DateTime2, then return 1=0D + If DateTime1 < DateTime2, then return -1=0D +=0D + @param[in] DateTime1 Pointer to a DateTime Ojbect=0D + @param[in] DateTime2 Pointer to a DateTime Object=0D +=0D + @retval 0 If DateTime1 =3D=3D DateTime2=0D + @retval 1 If DateTime1 > DateTime2=0D + @retval -1 If DateTime1 < DateTime2=0D +**/=0D +INT32=0D +EFIAPI=0D +X509CompareDateTime (=0D + IN CONST VOID *DateTime1,=0D + IN CONST VOID *DateTime2=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return -3;=0D +}=0D +=0D +/**=0D + Retrieve the Key Usage from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] Usage Key Usage (CRYPTO_X509_KU_*)=0D +=0D + @retval TRUE The certificate Key Usage retrieved successfully.=0D + @retval FALSE Invalid certificate, or Usage is NULL=0D + @retval FALSE This interface is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetKeyUsage (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINTN *Usage=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Verify one X509 certificate was issued by the trusted CA.=0D + @param[in] RootCert Trusted Root Certificate buffer=0D +=0D + @param[in] RootCertLength Trusted Root Certificate buffer length= =0D + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates=0D + where the first certificate is signed = by the Root=0D + Certificate or is the Root Cerificate = itself. and=0D + subsequent cerificate is signed by the= preceding=0D + cerificate.=0D + @param[in] CertChainLength Total length of the certificate chain,= in bytes.=0D +=0D + @retval TRUE All cerificates was issued by the first certificate in X= 509Certchain.=0D + @retval FALSE Invalid certificate or the certificate was not issued by= the given=0D + trusted CA.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509VerifyCertChain (=0D + IN CONST UINT8 *RootCert,=0D + IN UINTN RootCertLength,=0D + IN CONST UINT8 *CertChain,=0D + IN UINTN CertChainLength=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Get one X509 certificate from CertChain.=0D +=0D + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates=0D + where the first certificate is signed = by the Root=0D + Certificate or is the Root Cerificate = itself. and=0D + subsequent cerificate is signed by the= preceding=0D + cerificate.=0D + @param[in] CertChainLength Total length of the certificate chain,= in bytes.=0D +=0D + @param[in] CertIndex Index of certificate.=0D +=0D + @param[out] Cert The certificate at the index of CertCh= ain.=0D + @param[out] CertLength The length certificate at the index of= CertChain.=0D +=0D + @retval TRUE Success.=0D + @retval FALSE Failed to get certificate from certificate chain.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetCertFromCertChain (=0D + IN CONST UINT8 *CertChain,=0D + IN UINTN CertChainLength,=0D + IN CONST INT32 CertIndex,=0D + OUT CONST UINT8 **Cert,=0D + OUT UINTN *CertLength=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the tag and length of the tag.=0D +=0D + @param Ptr The position in the ASN.1 data=0D + @param End End of data=0D + @param Length The variable that will receive the length=0D + @param Tag The expected tag=0D +=0D + @retval TRUE Get tag successful=0D + @retval FALSe Failed to get tag or tag not match=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Asn1GetTag (=0D + IN OUT UINT8 **Ptr,=0D + IN CONST UINT8 *End,=0D + OUT UINTN *Length,=0D + IN UINT32 Tag=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Retrieve the basic constraints from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509= certificate.=0D + @param[in] CertSize size of the X509 certificate in= bytes.=0D + @param[out] BasicConstraints basic constraints bytes.=0D + @param[in, out] BasicConstraintsSize basic constraints buffer sizs i= n bytes.=0D +=0D + @retval TRUE The basic constraints retrieve successf= ully.=0D + @retval FALSE If cert is NULL.=0D + If cert_size is NULL.=0D + If basic_constraints is not NULL and *b= asic_constraints_size is 0.=0D + If cert is invalid.=0D + @retval FALSE The required buffer size is small.=0D + The return buffer size is basic_constra= ints_size parameter.=0D + @retval FALSE If no Extension entry match oid.=0D + @retval FALSE The operation is not supported.=0D + **/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetExtendedBasicConstraints (=0D + CONST UINT8 *Cert,=0D + UINTN CertSize,=0D + UINT8 *BasicConstraints,=0D + UINTN *BasicConstraintsSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandNull.c b/C= ryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandNull.c new file mode 100644 index 0000000000..d5c66291ed --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandNull.c @@ -0,0 +1,56 @@ +/** @file=0D + Pseudorandom Number Generator Wrapper Implementation which does not prov= ide=0D + real capabilities.=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Sets up the seed value for the pseudorandom number generator.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] Seed Pointer to seed value.=0D + If NULL, default seed is used.=0D + @param[in] SeedSize Size of seed value.=0D + If Seed is NULL, this parameter is ignored.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RandomSeed (=0D + IN CONST UINT8 *Seed OPTIONAL,=0D + IN UINTN SeedSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Generates a pseudorandom byte stream of the specified size.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[out] Output Pointer to buffer to receive random value.=0D + @param[in] Size Size of random bytes to generate.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RandomBytes (=0D + OUT UINT8 *Output,=0D + IN UINTN Size=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D --=20 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108127): https://edk2.groups.io/g/devel/message/108127 Mute This Topic: https://groups.io/mt/101048105/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-