From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mx.groups.io with SMTP id smtpd.web11.16076.1665542891973241601 for ; Tue, 11 Oct 2022 19:48:12 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=AAXDxqX3; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: qi1.zhang@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1665542892; x=1697078892; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=9dsJV/MjodRBJrehnIrTnlJEzbYT1OIT+8tS0RwSoVs=; b=AAXDxqX3vYoIXJzZdLVftHXcVwA6OJ0ZYh3j0KAZJsDR61AEl2/5hDsy 8Df+ao0AtL41wqHdcNPwY2+iIsfOh7B36I1xsPkb8r3x5WkYBhTl+RKz/ DzsHPDlrVYVvLtObApwHvMcTNEMlL5ErI1ZcAKUsbEfr5ouRo0b9Z2bsK +3Ek/3L/IzMihmNaHDNFmkbpRtY57mLaaFoEgCCSBnd7dsP/v1fo2Hl+9 xYXgmi/5MV4P25Zu5mVDHFXUO1cgeLG7M3PxZ2b4W3L4f4BPp+u/AMwTV +G8yTYGGOLS17tMHQzp2FYNoMCa5XQl0hOSzuqFrEnGJ2WO/1hs7duRO4 Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="306308546" X-IronPort-AV: E=Sophos;i="5.95,177,1661842800"; d="scan'208";a="306308546" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Oct 2022 19:48:10 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10497"; a="801688890" X-IronPort-AV: E=Sophos;i="5.95,177,1661842800"; d="scan'208";a="801688890" Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.157.129]) by orsmga005.jf.intel.com with ESMTP; 11 Oct 2022 19:48:07 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [PATCH V2 2/3] CryptoPkg: Add EC key interface to DXE and protocol Date: Wed, 12 Oct 2022 10:47:59 +0800 Message-Id: <968385829dfaf34bf131bb82a0d9730f59bf3743.1665542309.git.qi1.zhang@intel.com> X-Mailer: git-send-email 2.26.2.windows.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable The implementation provide EC key interface for EFI driver nad EFI BaseCrypt protocol. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4102 Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Qi Zhang --- CryptoPkg/Driver/Crypto.c | 143 +++++++++++++++++- .../Pcd/PcdCryptoServiceFamilyEnable.h | 4 + .../BaseCryptLibOnProtocolPpi/CryptLib.c | 136 +++++++++++++++++ CryptoPkg/Private/Protocol/Crypto.h | 131 +++++++++++++++- 4 files changed, 412 insertions(+), 2 deletions(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index f1ff77855c..1928adbff7 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -6137,6 +6137,142 @@ CryptoServiceEcDhComputeKey ( return CALL_BASECRYPTLIB (Ec.Services.DhComputeKey, EcDhComputeKey, (EcC= ontext, PeerPublic, PeerPublicSize, CompressFlag, Key, KeySize), FALSE);=0D }=0D =0D +/**=0D + Retrieve the EC Public Key from one DER-encoded X509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] EcContext Pointer to new-generated EC DSA context which c= ontain the retrieved=0D + EC public key component. Use EcFree() function = to free the=0D + resource.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If EcContext is NULL, then return FALSE.=0D +=0D + @retval TRUE EC Public Key was retrieved successfully.=0D + @retval FALSE Fail to retrieve EC public key from X509 certificate.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceEcGetPublicKeyFromX509 (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT VOID **EcContext=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (Ec.Services.GetPublicKeyFromX509, EcGetPublicK= eyFromX509, (Cert, CertSize, EcContext), FALSE);=0D +}=0D +=0D +/**=0D + Retrieve the EC Private Key from the password-protected PEM key data.=0D +=0D + @param[in] PemData Pointer to the PEM-encoded key data to be retri= eved.=0D + @param[in] PemSize Size of the PEM key data in bytes.=0D + @param[in] Password NULL-terminated passphrase used for encrypted P= EM key data.=0D + @param[out] EcContext Pointer to new-generated EC DSA context which c= ontain the retrieved=0D + EC private key component. Use EcFree() function= to free the=0D + resource.=0D +=0D + If PemData is NULL, then return FALSE.=0D + If EcContext is NULL, then return FALSE.=0D +=0D + @retval TRUE EC Private Key was retrieved successfully.=0D + @retval FALSE Invalid PEM key data or incorrect password.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceEcGetPrivateKeyFromPem (=0D + IN CONST UINT8 *PemData,=0D + IN UINTN PemSize,=0D + IN CONST CHAR8 *Password,=0D + OUT VOID **EcContext=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (Ec.Services.GetPrivateKeyFromPem, EcGetPrivate= KeyFromPem, (PemData, PemSize, Password, EcContext), FALSE);=0D +}=0D +=0D +/**=0D + Carries out the EC-DSA signature.=0D +=0D + This function carries out the EC-DSA signature.=0D + If the Signature buffer is too small to hold the contents of signature, = FALSE=0D + is returned and SigSize is set to the required buffer size to obtain the= signature.=0D +=0D + If EcContext is NULL, then return FALSE.=0D + If MessageHash is NULL, then return FALSE.=0D + If HashSize need match the HashNid. HashNid could be SHA256, SHA384, SHA= 512, SHA3_256, SHA3_384, SHA3_512.=0D + If SigSize is large enough but Signature is NULL, then return FALSE.=0D +=0D + For P-256, the SigSize is 64. First 32-byte is R, Second 32-byte is S.=0D + For P-384, the SigSize is 96. First 48-byte is R, Second 48-byte is S.=0D + For P-521, the SigSize is 132. First 66-byte is R, Second 66-byte is S.= =0D +=0D + @param[in] EcContext Pointer to EC context for signature genera= tion.=0D + @param[in] HashNid hash NID=0D + @param[in] MessageHash Pointer to octet message hash to be signed= .=0D + @param[in] HashSize Size of the message hash in bytes.=0D + @param[out] Signature Pointer to buffer to receive EC-DSA signat= ure.=0D + @param[in, out] SigSize On input, the size of Signature buffer in = bytes.=0D + On output, the size of data returned in Si= gnature buffer in bytes.=0D +=0D + @retval TRUE Signature successfully generated in EC-DSA.=0D + @retval FALSE Signature generation failed.=0D + @retval FALSE SigSize is too small.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceEcDsaSign (=0D + IN VOID *EcContext,=0D + IN UINTN HashNid,=0D + IN CONST UINT8 *MessageHash,=0D + IN UINTN HashSize,=0D + OUT UINT8 *Signature,=0D + IN OUT UINTN *SigSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (Ec.Services.DsaSign, EcDsaSign, (EcContext, Ha= shNid, MessageHash, HashSize, Signature, SigSize), FALSE);=0D +}=0D +=0D +/**=0D + Verifies the EC-DSA signature.=0D +=0D + If EcContext is NULL, then return FALSE.=0D + If MessageHash is NULL, then return FALSE.=0D + If Signature is NULL, then return FALSE.=0D + If HashSize need match the HashNid. HashNid could be SHA256, SHA384, SHA= 512, SHA3_256, SHA3_384, SHA3_512.=0D +=0D + For P-256, the SigSize is 64. First 32-byte is R, Second 32-byte is S.=0D + For P-384, the SigSize is 96. First 48-byte is R, Second 48-byte is S.=0D + For P-521, the SigSize is 132. First 66-byte is R, Second 66-byte is S.= =0D +=0D + @param[in] EcContext Pointer to EC context for signature verificatio= n.=0D + @param[in] HashNid hash NID=0D + @param[in] MessageHash Pointer to octet message hash to be checked.=0D + @param[in] HashSize Size of the message hash in bytes.=0D + @param[in] Signature Pointer to EC-DSA signature to be verified.=0D + @param[in] SigSize Size of signature in bytes.=0D +=0D + @retval TRUE Valid signature encoded in EC-DSA.=0D + @retval FALSE Invalid signature or invalid EC context.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceEcDsaVerify (=0D + IN VOID *EcContext,=0D + IN UINTN HashNid,=0D + IN CONST UINT8 *MessageHash,=0D + IN UINTN HashSize,=0D + IN CONST UINT8 *Signature,=0D + IN UINTN SigSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (Ec.Services.DsaVerify, EcDsaVerify, (EcContext= , HashNid, MessageHash, HashSize, Signature, SigSize), FALSE);=0D +}=0D +=0D const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D {=0D /// Version=0D CryptoServiceGetCryptoVersion,=0D @@ -6416,5 +6552,10 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceTlsSetSignatureAlgoList,=0D CryptoServiceTlsSetEcCurve,=0D /// TLS Get (continued)=0D - CryptoServiceTlsGetExportKey=0D + CryptoServiceTlsGetExportKey,=0D + /// Ec (Continued)=0D + CryptoServiceEcGetPublicKeyFromX509,=0D + CryptoServiceEcGetPrivateKeyFromPem,=0D + CryptoServiceEcDsaSign,=0D + CryptoServiceEcDsaVerify=0D };=0D diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoP= kg/Include/Pcd/PcdCryptoServiceFamilyEnable.h index 4740589417..12b0c0583e 100644 --- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h +++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h @@ -383,6 +383,10 @@ typedef struct { UINT8 GenerateKey : 1;=0D UINT8 GetPubKey : 1;=0D UINT8 DhComputeKey : 1;=0D + UINT8 GetPublicKeyFromX509 : 1;=0D + UINT8 GetPrivateKeyFromPem : 1;=0D + UINT8 DsaSign : 1;=0D + UINT8 DsaVerify : 1;=0D } Services;=0D UINT32 Family;=0D } Ec;=0D diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 52b934a545..48ec6d3528 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -5164,3 +5164,139 @@ EcDhComputeKey ( {=0D CALL_CRYPTO_SERVICE (EcDhComputeKey, (EcContext, PeerPublic, PeerPublicS= ize, CompressFlag, Key, KeySize), FALSE);=0D }=0D +=0D +/**=0D + Retrieve the EC Public Key from one DER-encoded X509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] EcContext Pointer to new-generated EC DSA context which c= ontain the retrieved=0D + EC public key component. Use EcFree() function = to free the=0D + resource.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If EcContext is NULL, then return FALSE.=0D +=0D + @retval TRUE EC Public Key was retrieved successfully.=0D + @retval FALSE Fail to retrieve EC public key from X509 certificate.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +EcGetPublicKeyFromX509 (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT VOID **EcContext=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (EcGetPublicKeyFromX509, (Cert, CertSize, EcContext)= , FALSE);=0D +}=0D +=0D +/**=0D + Retrieve the EC Private Key from the password-protected PEM key data.=0D +=0D + @param[in] PemData Pointer to the PEM-encoded key data to be retri= eved.=0D + @param[in] PemSize Size of the PEM key data in bytes.=0D + @param[in] Password NULL-terminated passphrase used for encrypted P= EM key data.=0D + @param[out] EcContext Pointer to new-generated EC DSA context which c= ontain the retrieved=0D + EC private key component. Use EcFree() function= to free the=0D + resource.=0D +=0D + If PemData is NULL, then return FALSE.=0D + If EcContext is NULL, then return FALSE.=0D +=0D + @retval TRUE EC Private Key was retrieved successfully.=0D + @retval FALSE Invalid PEM key data or incorrect password.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +EcGetPrivateKeyFromPem (=0D + IN CONST UINT8 *PemData,=0D + IN UINTN PemSize,=0D + IN CONST CHAR8 *Password,=0D + OUT VOID **EcContext=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (EcGetPrivateKeyFromPem, (PemData, PemSize, Password= , EcContext), FALSE);=0D +}=0D +=0D +/**=0D + Carries out the EC-DSA signature.=0D +=0D + This function carries out the EC-DSA signature.=0D + If the Signature buffer is too small to hold the contents of signature, = FALSE=0D + is returned and SigSize is set to the required buffer size to obtain the= signature.=0D +=0D + If EcContext is NULL, then return FALSE.=0D + If MessageHash is NULL, then return FALSE.=0D + If HashSize need match the HashNid. HashNid could be SHA256, SHA384, SHA= 512, SHA3_256, SHA3_384, SHA3_512.=0D + If SigSize is large enough but Signature is NULL, then return FALSE.=0D +=0D + For P-256, the SigSize is 64. First 32-byte is R, Second 32-byte is S.=0D + For P-384, the SigSize is 96. First 48-byte is R, Second 48-byte is S.=0D + For P-521, the SigSize is 132. First 66-byte is R, Second 66-byte is S.= =0D +=0D + @param[in] EcContext Pointer to EC context for signature genera= tion.=0D + @param[in] HashNid hash NID=0D + @param[in] MessageHash Pointer to octet message hash to be signed= .=0D + @param[in] HashSize Size of the message hash in bytes.=0D + @param[out] Signature Pointer to buffer to receive EC-DSA signat= ure.=0D + @param[in, out] SigSize On input, the size of Signature buffer in = bytes.=0D + On output, the size of data returned in Si= gnature buffer in bytes.=0D +=0D + @retval TRUE Signature successfully generated in EC-DSA.=0D + @retval FALSE Signature generation failed.=0D + @retval FALSE SigSize is too small.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +EcDsaSign (=0D + IN VOID *EcContext,=0D + IN UINTN HashNid,=0D + IN CONST UINT8 *MessageHash,=0D + IN UINTN HashSize,=0D + OUT UINT8 *Signature,=0D + IN OUT UINTN *SigSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (EcDsaSign, (EcContext, HashNid, MessageHash, HashSi= ze, Signature, SigSize), FALSE);=0D +}=0D +=0D +/**=0D + Verifies the EC-DSA signature.=0D +=0D + If EcContext is NULL, then return FALSE.=0D + If MessageHash is NULL, then return FALSE.=0D + If Signature is NULL, then return FALSE.=0D + If HashSize need match the HashNid. HashNid could be SHA256, SHA384, SHA= 512, SHA3_256, SHA3_384, SHA3_512.=0D +=0D + For P-256, the SigSize is 64. First 32-byte is R, Second 32-byte is S.=0D + For P-384, the SigSize is 96. First 48-byte is R, Second 48-byte is S.=0D + For P-521, the SigSize is 132. First 66-byte is R, Second 66-byte is S.= =0D +=0D + @param[in] EcContext Pointer to EC context for signature verificatio= n.=0D + @param[in] HashNid hash NID=0D + @param[in] MessageHash Pointer to octet message hash to be checked.=0D + @param[in] HashSize Size of the message hash in bytes.=0D + @param[in] Signature Pointer to EC-DSA signature to be verified.=0D + @param[in] SigSize Size of signature in bytes.=0D +=0D + @retval TRUE Valid signature encoded in EC-DSA.=0D + @retval FALSE Invalid signature or invalid EC context.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +EcDsaVerify (=0D + IN VOID *EcContext,=0D + IN UINTN HashNid,=0D + IN CONST UINT8 *MessageHash,=0D + IN UINTN HashSize,=0D + IN CONST UINT8 *Signature,=0D + IN UINTN SigSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (EcDsaVerify, (EcContext, HashNid, MessageHash, Hash= Size, Signature, SigSize), FALSE);=0D +}=0D diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index 6293efa36b..bfb278d388 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -21,7 +21,7 @@ /// the EDK II Crypto Protocol is extended, this version define must be=0D /// increased.=0D ///=0D -#define EDKII_CRYPTO_VERSION 14=0D +#define EDKII_CRYPTO_VERSION 15=0D =0D ///=0D /// EDK II Crypto Protocol forward declaration=0D @@ -4821,6 +4821,130 @@ BOOLEAN IN OUT UINTN *KeySize=0D );=0D =0D +/**=0D + Retrieve the EC Public Key from one DER-encoded X509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] EcContext Pointer to new-generated EC DSA context which c= ontain the retrieved=0D + EC public key component. Use EcFree() function = to free the=0D + resource.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If EcContext is NULL, then return FALSE.=0D +=0D + @retval TRUE EC Public Key was retrieved successfully.=0D + @retval FALSE Fail to retrieve EC public key from X509 certificate.=0D +=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_EC_GET_PUBLIC_KEY_FROM_X509)(=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT VOID **EcContext=0D + );=0D +=0D +/**=0D + Retrieve the EC Private Key from the password-protected PEM key data.=0D +=0D + @param[in] PemData Pointer to the PEM-encoded key data to be retri= eved.=0D + @param[in] PemSize Size of the PEM key data in bytes.=0D + @param[in] Password NULL-terminated passphrase used for encrypted P= EM key data.=0D + @param[out] EcContext Pointer to new-generated EC DSA context which c= ontain the retrieved=0D + EC private key component. Use EcFree() function= to free the=0D + resource.=0D +=0D + If PemData is NULL, then return FALSE.=0D + If EcContext is NULL, then return FALSE.=0D +=0D + @retval TRUE EC Private Key was retrieved successfully.=0D + @retval FALSE Invalid PEM key data or incorrect password.=0D +=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_EC_GET_PRIVATE_KEY_FROM_PEM)(=0D + IN CONST UINT8 *PemData,=0D + IN UINTN PemSize,=0D + IN CONST CHAR8 *Password,=0D + OUT VOID **EcContext=0D + );=0D +=0D +/**=0D + Carries out the EC-DSA signature.=0D +=0D + This function carries out the EC-DSA signature.=0D + If the Signature buffer is too small to hold the contents of signature, = FALSE=0D + is returned and SigSize is set to the required buffer size to obtain the= signature.=0D +=0D + If EcContext is NULL, then return FALSE.=0D + If MessageHash is NULL, then return FALSE.=0D + If HashSize need match the HashNid. HashNid could be SHA256, SHA384, SHA= 512, SHA3_256, SHA3_384, SHA3_512.=0D + If SigSize is large enough but Signature is NULL, then return FALSE.=0D +=0D + For P-256, the SigSize is 64. First 32-byte is R, Second 32-byte is S.=0D + For P-384, the SigSize is 96. First 48-byte is R, Second 48-byte is S.=0D + For P-521, the SigSize is 132. First 66-byte is R, Second 66-byte is S.= =0D +=0D + @param[in] EcContext Pointer to EC context for signature genera= tion.=0D + @param[in] HashNid hash NID=0D + @param[in] MessageHash Pointer to octet message hash to be signed= .=0D + @param[in] HashSize Size of the message hash in bytes.=0D + @param[out] Signature Pointer to buffer to receive EC-DSA signat= ure.=0D + @param[in, out] SigSize On input, the size of Signature buffer in = bytes.=0D + On output, the size of data returned in Si= gnature buffer in bytes.=0D +=0D + @retval TRUE Signature successfully generated in EC-DSA.=0D + @retval FALSE Signature generation failed.=0D + @retval FALSE SigSize is too small.=0D +=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_EC_DSA_SIGN)(=0D + IN VOID *EcContext,=0D + IN UINTN HashNid,=0D + IN CONST UINT8 *MessageHash,=0D + IN UINTN HashSize,=0D + OUT UINT8 *Signature,=0D + IN OUT UINTN *SigSize=0D + );=0D +=0D +/**=0D + Verifies the EC-DSA signature.=0D +=0D + If EcContext is NULL, then return FALSE.=0D + If MessageHash is NULL, then return FALSE.=0D + If Signature is NULL, then return FALSE.=0D + If HashSize need match the HashNid. HashNid could be SHA256, SHA384, SHA= 512, SHA3_256, SHA3_384, SHA3_512.=0D +=0D + For P-256, the SigSize is 64. First 32-byte is R, Second 32-byte is S.=0D + For P-384, the SigSize is 96. First 48-byte is R, Second 48-byte is S.=0D + For P-521, the SigSize is 132. First 66-byte is R, Second 66-byte is S.= =0D +=0D + @param[in] EcContext Pointer to EC context for signature verificatio= n.=0D + @param[in] HashNid hash NID=0D + @param[in] MessageHash Pointer to octet message hash to be checked.=0D + @param[in] HashSize Size of the message hash in bytes.=0D + @param[in] Signature Pointer to EC-DSA signature to be verified.=0D + @param[in] SigSize Size of signature in bytes.=0D +=0D + @retval TRUE Valid signature encoded in EC-DSA.=0D + @retval FALSE Invalid signature or invalid EC context.=0D +=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_EC_DSA_VERIFY)(=0D + IN VOID *EcContext,=0D + IN UINTN HashNid,=0D + IN CONST UINT8 *MessageHash,=0D + IN UINTN HashSize,=0D + IN CONST UINT8 *Signature,=0D + IN UINTN SigSize=0D + );=0D +=0D ///=0D /// EDK II Crypto Protocol=0D ///=0D @@ -5084,6 +5208,11 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_TLS_SET_EC_CURVE TlsSetEcCurve;=0D /// TLS Get (continued)=0D EDKII_CRYPTO_TLS_GET_EXPORT_KEY TlsGetExportKey;=0D + /// Ec (Continued)=0D + EDKII_CRYPTO_EC_GET_PUBLIC_KEY_FROM_X509 EcGetPublicKeyFromX5= 09;=0D + EDKII_CRYPTO_EC_GET_PRIVATE_KEY_FROM_PEM EcGetPrivateKeyFromP= em;=0D + EDKII_CRYPTO_EC_DSA_SIGN EcDsaSign;=0D + EDKII_CRYPTO_EC_DSA_VERIFY EcDsaVerify;=0D };=0D =0D extern GUID gEdkiiCryptoProtocolGuid;=0D --=20 2.26.2.windows.1