From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web11.878.1580866745573541966 for ; Tue, 04 Feb 2020 17:39:05 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.20, mailfrom: michael.d.kinney@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Feb 2020 17:39:04 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,403,1574150400"; d="scan'208";a="254609446" Received: from orsmsx103.amr.corp.intel.com ([10.22.225.130]) by fmsmga004.fm.intel.com with ESMTP; 04 Feb 2020 17:39:03 -0800 Received: from orsmsx113.amr.corp.intel.com ([169.254.9.57]) by ORSMSX103.amr.corp.intel.com ([169.254.5.147]) with mapi id 14.03.0439.000; Tue, 4 Feb 2020 17:39:03 -0800 From: "Michael D Kinney" To: "Wang, Jian J" , "devel@edk2.groups.io" , "Kinney, Michael D" CC: "Lu, XiaoyuX" Subject: Re: [Patch 4/5] CryptoPkg/Library: Add BaseCryptLibOnProtocolPpi instances Thread-Topic: [Patch 4/5] CryptoPkg/Library: Add BaseCryptLibOnProtocolPpi instances Thread-Index: AQHV2zmJnPiST5sgzEqSIRUDqiNS8qgL04sQ Date: Wed, 5 Feb 2020 01:39:03 +0000 Message-ID: References: <20200130070037.8516-1-michael.d.kinney@intel.com> <20200130070037.8516-5-michael.d.kinney@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [10.22.254.140] MIME-Version: 1.0 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Jian, I agree with your feedback. I will fix in V7. Mike > -----Original Message----- > From: Wang, Jian J > Sent: Tuesday, February 4, 2020 1:00 AM > To: Kinney, Michael D ; > devel@edk2.groups.io > Cc: Lu, XiaoyuX > Subject: RE: [Patch 4/5] CryptoPkg/Library: Add > BaseCryptLibOnProtocolPpi instances >=20 > Mike, >=20 >=20 > > -----Original Message----- > > From: Kinney, Michael D > > Sent: Thursday, January 30, 2020 3:01 PM > > To: devel@edk2.groups.io > > Cc: Wang, Jian J ; Lu, XiaoyuX > > > Subject: [Patch 4/5] CryptoPkg/Library: Add > BaseCryptLibOnProtocolPpi > > instances > > > > https://bugzilla.tianocore.org/show_bug.cgi?id=3D2420 > > > > Based on the following package with changes to merge > into > > CryptoPkg. > > > > > https://github.com/microsoft/mu_plus/tree/dev/201908/Sh > aredCryptoPkg > > > > Add the PeiCryptLib, DxeCryptLib, and SmmCryptLib > instances > > of the BaseCryptLib library classes that are > implemented using > > the services of EDK II Crypto Protocols/PPIs. > > > > These library instances all set a dependency > expression on the > > EDK II Crypto Protocols/PPIs, so any modules that use > these > > library instances are not dispatched until the > modules that > > produce the EDK II Crypto Protocols/PPIs are > dispatched. > > > > Cc: Jian J Wang > > Cc: Xiaoyu Lu > > Signed-off-by: Michael D Kinney > > > --- > > .../BaseCryptLibOnProtocolPpi/CryptLib.c | 4394 > +++++++++++++++++ > > .../BaseCryptLibOnProtocolPpi/CryptLib.uni | 12 > + > > .../BaseCryptLibOnProtocolPpi/DxeCryptLib.c | 68 > + > > .../BaseCryptLibOnProtocolPpi/DxeCryptLib.inf | 44 > + > > .../BaseCryptLibOnProtocolPpi/PeiCryptLib.c | 57 > + > > .../BaseCryptLibOnProtocolPpi/PeiCryptLib.inf | 43 > + > > .../BaseCryptLibOnProtocolPpi/SmmCryptLib.c | 79 > + > > .../BaseCryptLibOnProtocolPpi/SmmCryptLib.inf | 44 > + > > 8 files changed, 4741 insertions(+) > > create mode 100644 > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > > create mode 100644 > > > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.un > i > > create mode 100644 > > > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib > .c > > create mode 100644 > > > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib > .inf > > create mode 100644 > > > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib > .c > > create mode 100644 > > > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib > .inf > > create mode 100644 > > > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib > .c > > create mode 100644 > > > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib > .inf > > > > diff --git > a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib. > c > > > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib. > c > > new file mode 100644 > > index 0000000000..ae09af5923 > > --- /dev/null > > +++ > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib. > c > > @@ -0,0 +1,4394 @@ > > +/** @file > > + Implements the BaseCryptLib and TlsLib using the > servives of the EDK II Crypto >=20 > Typo: servives -> services >=20 > > + Protocol/PPI. > > + > > + Copyright (C) Microsoft Corporation. All rights > reserved. > > + Copyright (c) 2019 - 2020, Intel Corporation. All > rights reserved.
> > + SPDX-License-Identifier: BSD-2-Clause-Patent > > + > > +**/ > > + > > +#include > > +#include > > +#include > > +#include > > +#include > > +#include > > + > > +/** > > + A macro used to call a non-void service in an EDK > II Crypto Protocol. > > + If the protocol is NULL or the service in the > protocol is NULL, then a debug > > + message and assert is generated and an apprpriate > return value is returned. >=20 > Typo: apprpriate -> appropriate >=20 > > + > > + @param Function Name of the EDK II > Crypto Protocol service to call. > > + @param Args The argument list to > pass to Function. > > + @param ErrorReturnValue The value to return if > the protocol is NULL or the > > + service in the protocol > is NULL. > > + > > +**/ > > +#define CALL_CRYPTO_SERVICE(Function, Args, > ErrorReturnValue) \ > > + do { > \ > > + EDKII_CRYPTO_PROTOCOL *CryptoServices; > \ > > + > \ > > + CryptoServices =3D (EDKII_CRYPTO_PROTOCOL > *)GetCryptoServices (); \ > > + if (CryptoServices !=3D NULL && CryptoServices- > >Function !=3D NULL) { \ > > + return (CryptoServices->Function) Args; > \ > > + } > \ > > + CryptoServiceNotAvailable (#Function); > \ > > + return ErrorReturnValue; > \ > > + } while (FALSE); > > + > > +/** > > + A macro used to call a void service in an EDK II > Crypto Protocol. > > + If the protocol is NULL or the service in the > protocol is NULL, then a debug > > + message and assert is generated. > > + > > + @param Function Name of the EDK II > Crypto Protocol service to call. > > + @param Args The argument list to > pass to Function. > > + > > +**/ > > +#define CALL_VOID_CRYPTO_SERVICE(Function, Args) > \ > > + do { > \ > > + EDKII_CRYPTO_PROTOCOL *CryptoServices; > \ > > + > \ > > + CryptoServices =3D (EDKII_CRYPTO_PROTOCOL > *)GetCryptoServices (); \ > > + if (CryptoServices !=3D NULL && CryptoServices- > >Function !=3D NULL) { \ > > + (CryptoServices->Function) Args; > \ > > + return; > \ > > + } > \ > > + CryptoServiceNotAvailable (#Function); > \ > > + return; > \ > > + } while (FALSE); > > + > > +/** > > + Internal worker function that returns the pointer > to an EDK II Crypto > > + Protocol/PPI. The layout of the PPI, DXE > Protocol, and SMM Protocol are > > + identicaly which allows the implementation of the > BaseCryptLib functions that >=20 > Typo: identicaly -> identical >=20 > > + call through a Protocol/PPI to be shared for the > PEI, DXE, and SMM > > + implementations. > > +**/ > > +VOID * > > +GetCryptoServices ( > > + VOID > > + ); > > + > > +/** > > + Internal worker function that prints a debug > message and asserts if a crypto > > + service is not available. This should never occur > because library instances > > + have a dependency expression for the for the EDK > II Crypto Protocol/PPI so > > + a module that uses these library instances are not > dispatched until the EDK II > > + Crypto Protocol/PPI is available. The only case > that this function handles is > > + if the EDK II Crypto Protocol/PPI installed is > NULL or a function pointer in > > + the EDK II Protocol/PPI is NULL. > > + > > + @param[in] FunctionName Null-termnated ASCII > string that is the name of > > an >=20 > Typo: termnated -> terminated >=20 > > + EDK II Crypto service. > > + > > +**/ > > +static > > +VOID > > +CryptoServiceNotAvailable ( > > + IN CONST CHAR8 *FunctionName > > + ) > > +{ > > + DEBUG ((DEBUG_ERROR, "[%a] Function %a is not > available\n", > > gEfiCallerBaseName, FunctionName)); > > + ASSERT_EFI_ERROR (EFI_UNSUPPORTED); > > +} > > + > > > +//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > +// One-Way Cryptographic Hash Primitives > > > +//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > + > > +/** > > + Retrieves the size, in bytes, of the context > buffer required for MD4 hash > > operations. > > + > > + If this interface is not supported, then return > zero. > > + > > + @return The size, in bytes, of the context buffer > required for MD4 hash > > operations. > > + @retval 0 This interface is not supported. > > + > > +**/ > > +UINTN > > +EFIAPI > > +Md4GetContextSize ( > > + VOID > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Md4GetContextSize, (), 0); > > +} > > + > > +/** > > + Initializes user-supplied memory pointed by > Md4Context as MD4 hash context > > for > > + subsequent use. > > + > > + If Md4Context is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[out] Md4Context Pointer to MD4 context > being initialized. > > + > > + @retval TRUE MD4 context initialization > succeeded. > > + @retval FALSE MD4 context initialization failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Md4Init ( > > + OUT VOID *Md4Context > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Md4Init, (Md4Context), > FALSE); > > +} > > + > > +/** > > + Makes a copy of an existing MD4 context. > > + > > + If Md4Context is NULL, then return FALSE. > > + If NewMd4Context is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] Md4Context Pointer to MD4 context > being copied. > > + @param[out] NewMd4Context Pointer to new MD4 > context. > > + > > + @retval TRUE MD4 context copy succeeded. > > + @retval FALSE MD4 context copy failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Md4Duplicate ( > > + IN CONST VOID *Md4Context, > > + OUT VOID *NewMd4Context > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Md4Duplicate, (Md4Context, > NewMd4Context), > > FALSE); > > +} > > + > > +/** > > + Digests the input data and updates MD4 context. > > + > > + This function performs MD4 digest on a data buffer > of the specified size. > > + It can be called multiple times to compute the > digest of long or discontinuous > > data streams. > > + MD4 context should be already correctly > initialized by Md4Init(), and should > > not be finalized > > + by Md4Final(). Behavior with invalid context is > undefined. > > + > > + If Md4Context is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in, out] Md4Context Pointer to the MD4 > context. > > + @param[in] Data Pointer to the buffer > containing the data to be > > hashed. > > + @param[in] DataSize Size of Data buffer > in bytes. > > + > > + @retval TRUE MD4 data digest succeeded. > > + @retval FALSE MD4 data digest failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Md4Update ( > > + IN OUT VOID *Md4Context, > > + IN CONST VOID *Data, > > + IN UINTN DataSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Md4Update, (Md4Context, Data, > DataSize), FALSE); > > +} > > + > > +/** > > + Completes computation of the MD4 digest value. > > + > > + This function completes MD4 hash computation and > retrieves the digest value > > into > > + the specified memory. After this function has been > called, the MD4 context > > cannot > > + be used again. > > + MD4 context should be already correctly > initialized by Md4Init(), and should > > not be > > + finalized by Md4Final(). Behavior with invalid MD4 > context is undefined. > > + > > + If Md4Context is NULL, then return FALSE. > > + If HashValue is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in, out] Md4Context Pointer to the MD4 > context. > > + @param[out] HashValue Pointer to a buffer > that receives the MD4 digest > > + value (16 bytes). > > + > > + @retval TRUE MD4 digest computation succeeded. > > + @retval FALSE MD4 digest computation failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Md4Final ( > > + IN OUT VOID *Md4Context, > > + OUT UINT8 *HashValue > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Md4Final, (Md4Context, > HashValue), FALSE); > > +} > > + > > +/** > > + Computes the MD4 message digest of a input data > buffer. > > + > > + This function performs the MD4 message digest of a > given data buffer, and > > places > > + the digest value into the specified memory. > > + > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] Data Pointer to the buffer > containing the data to be hashed. > > + @param[in] DataSize Size of Data buffer in > bytes. > > + @param[out] HashValue Pointer to a buffer that > receives the MD4 digest > > + value (16 bytes). > > + > > + @retval TRUE MD4 digest computation succeeded. > > + @retval FALSE MD4 digest computation failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Md4HashAll ( > > + IN CONST VOID *Data, > > + IN UINTN DataSize, > > + OUT UINT8 *HashValue > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Md4HashAll, (Data, DataSize, > HashValue), FALSE); > > +} > > + > > +/** > > + Retrieves the size, in bytes, of the context > buffer required for MD5 hash > > operations. > > + > > + If this interface is not supported, then return > zero. > > + > > + @return The size, in bytes, of the context buffer > required for MD5 hash > > operations. > > + @retval 0 This interface is not supported. > > + > > +**/ > > +UINTN > > +EFIAPI > > +Md5GetContextSize ( > > + VOID > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Md5GetContextSize, (), 0); > > +} > > + > > +/** > > + Initializes user-supplied memory pointed by > Md5Context as MD5 hash context > > for > > + subsequent use. > > + > > + If Md5Context is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[out] Md5Context Pointer to MD5 context > being initialized. > > + > > + @retval TRUE MD5 context initialization > succeeded. > > + @retval FALSE MD5 context initialization failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Md5Init ( > > + OUT VOID *Md5Context > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Md5Init, (Md5Context), > FALSE); > > +} > > + > > +/** > > + Makes a copy of an existing MD5 context. > > + > > + If Md5Context is NULL, then return FALSE. > > + If NewMd5Context is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] Md5Context Pointer to MD5 context > being copied. > > + @param[out] NewMd5Context Pointer to new MD5 > context. > > + > > + @retval TRUE MD5 context copy succeeded. > > + @retval FALSE MD5 context copy failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Md5Duplicate ( > > + IN CONST VOID *Md5Context, > > + OUT VOID *NewMd5Context > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Md5Duplicate, (Md5Context, > NewMd5Context), > > FALSE); > > +} > > + > > +/** > > + Digests the input data and updates MD5 context. > > + > > + This function performs MD5 digest on a data buffer > of the specified size. > > + It can be called multiple times to compute the > digest of long or discontinuous > > data streams. > > + MD5 context should be already correctly > initialized by Md5Init(), and should > > not be finalized > > + by Md5Final(). Behavior with invalid context is > undefined. > > + > > + If Md5Context is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in, out] Md5Context Pointer to the MD5 > context. > > + @param[in] Data Pointer to the buffer > containing the data to be > > hashed. > > + @param[in] DataSize Size of Data buffer > in bytes. > > + > > + @retval TRUE MD5 data digest succeeded. > > + @retval FALSE MD5 data digest failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Md5Update ( > > + IN OUT VOID *Md5Context, > > + IN CONST VOID *Data, > > + IN UINTN DataSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Md5Update, (Md5Context, Data, > DataSize), FALSE); > > +} > > + > > +/** > > + Completes computation of the MD5 digest value. > > + > > + This function completes MD5 hash computation and > retrieves the digest value > > into > > + the specified memory. After this function has been > called, the MD5 context > > cannot > > + be used again. > > + MD5 context should be already correctly > initialized by Md5Init(), and should > > not be > > + finalized by Md5Final(). Behavior with invalid MD5 > context is undefined. > > + > > + If Md5Context is NULL, then return FALSE. > > + If HashValue is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in, out] Md5Context Pointer to the MD5 > context. > > + @param[out] HashValue Pointer to a buffer > that receives the MD5 digest > > + value (16 bytes). > > + > > + @retval TRUE MD5 digest computation succeeded. > > + @retval FALSE MD5 digest computation failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Md5Final ( > > + IN OUT VOID *Md5Context, > > + OUT UINT8 *HashValue > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Md5Final, (Md5Context, > HashValue), FALSE); > > +} > > + > > +/** > > + Computes the MD5 message digest of a input data > buffer. > > + > > + This function performs the MD5 message digest of a > given data buffer, and > > places > > + the digest value into the specified memory. > > + > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] Data Pointer to the buffer > containing the data to be hashed. > > + @param[in] DataSize Size of Data buffer in > bytes. > > + @param[out] HashValue Pointer to a buffer that > receives the MD5 digest > > + value (16 bytes). > > + > > + @retval TRUE MD5 digest computation succeeded. > > + @retval FALSE MD5 digest computation failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Md5HashAll ( > > + IN CONST VOID *Data, > > + IN UINTN DataSize, > > + OUT UINT8 *HashValue > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Md5HashAll, (Data, DataSize, > HashValue), FALSE); > > +} > > + > > +/** > > + Retrieves the size, in bytes, of the context > buffer required for SHA-1 hash > > operations. > > + > > + If this interface is not supported, then return > zero. > > + > > + @return The size, in bytes, of the context buffer > required for SHA-1 hash > > operations. > > + @retval 0 This interface is not supported. > > + > > +**/ > > +UINTN > > +EFIAPI > > +Sha1GetContextSize ( > > + VOID > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sha1GetContextSize, (), 0); > > +} > > + > > +/** > > + Initializes user-supplied memory pointed by > Sha1Context as SHA-1 hash > > context for > > + subsequent use. > > + > > + If Sha1Context is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[out] Sha1Context Pointer to SHA-1 context > being initialized. > > + > > + @retval TRUE SHA-1 context initialization > succeeded. > > + @retval FALSE SHA-1 context initialization > failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Sha1Init ( > > + OUT VOID *Sha1Context > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sha1Init, (Sha1Context), > FALSE); > > +} > > + > > +/** > > + Makes a copy of an existing SHA-1 context. > > + > > + If Sha1Context is NULL, then return FALSE. > > + If NewSha1Context is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] Sha1Context Pointer to SHA-1 > context being copied. > > + @param[out] NewSha1Context Pointer to new SHA-1 > context. > > + > > + @retval TRUE SHA-1 context copy succeeded. > > + @retval FALSE SHA-1 context copy failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Sha1Duplicate ( > > + IN CONST VOID *Sha1Context, > > + OUT VOID *NewSha1Context > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sha1Duplicate, (Sha1Context, > NewSha1Context), > > FALSE); > > +} > > + > > +/** > > + Digests the input data and updates SHA-1 context. > > + > > + This function performs SHA-1 digest on a data > buffer of the specified size. > > + It can be called multiple times to compute the > digest of long or discontinuous > > data streams. > > + SHA-1 context should be already correctly > initialized by Sha1Init(), and should > > not be finalized > > + by Sha1Final(). Behavior with invalid context is > undefined. > > + > > + If Sha1Context is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in, out] Sha1Context Pointer to the SHA-1 > context. > > + @param[in] Data Pointer to the > buffer containing the data to be > > hashed. > > + @param[in] DataSize Size of Data buffer > in bytes. > > + > > + @retval TRUE SHA-1 data digest succeeded. > > + @retval FALSE SHA-1 data digest failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Sha1Update ( > > + IN OUT VOID *Sha1Context, > > + IN CONST VOID *Data, > > + IN UINTN DataSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sha1Update, (Sha1Context, > Data, DataSize), FALSE); > > +} > > + > > +/** > > + Completes computation of the SHA-1 digest value. > > + > > + This function completes SHA-1 hash computation and > retrieves the digest > > value into > > + the specified memory. After this function has been > called, the SHA-1 context > > cannot > > + be used again. > > + SHA-1 context should be already correctly > initialized by Sha1Init(), and should > > not be > > + finalized by Sha1Final(). Behavior with invalid > SHA-1 context is undefined. > > + > > + If Sha1Context is NULL, then return FALSE. > > + If HashValue is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in, out] Sha1Context Pointer to the SHA-1 > context. > > + @param[out] HashValue Pointer to a buffer > that receives the SHA-1 > > digest > > + value (20 bytes). > > + > > + @retval TRUE SHA-1 digest computation succeeded. > > + @retval FALSE SHA-1 digest computation failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Sha1Final ( > > + IN OUT VOID *Sha1Context, > > + OUT UINT8 *HashValue > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sha1Final, (Sha1Context, > HashValue), FALSE); > > +} > > + > > +/** > > + Computes the SHA-1 message digest of a input data > buffer. > > + > > + This function performs the SHA-1 message digest of > a given data buffer, and > > places > > + the digest value into the specified memory. > > + > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] Data Pointer to the buffer > containing the data to be hashed. > > + @param[in] DataSize Size of Data buffer in > bytes. > > + @param[out] HashValue Pointer to a buffer that > receives the SHA-1 digest > > + value (20 bytes). > > + > > + @retval TRUE SHA-1 digest computation succeeded. > > + @retval FALSE SHA-1 digest computation failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Sha1HashAll ( > > + IN CONST VOID *Data, > > + IN UINTN DataSize, > > + OUT UINT8 *HashValue > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sha1HashAll, (Data, DataSize, > HashValue), FALSE); > > +} > > + > > +/** > > + Retrieves the size, in bytes, of the context > buffer required for SHA-256 hash > > operations. > > + > > + @return The size, in bytes, of the context buffer > required for SHA-256 hash > > operations. > > + > > +**/ > > +UINTN > > +EFIAPI > > +Sha256GetContextSize ( > > + VOID > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sha256GetContextSize, (), 0); > > +} > > + > > +/** > > + Initializes user-supplied memory pointed by > Sha256Context as SHA-256 hash > > context for > > + subsequent use. > > + > > + If Sha256Context is NULL, then return FALSE. > > + > > + @param[out] Sha256Context Pointer to SHA-256 > context being initialized. > > + > > + @retval TRUE SHA-256 context initialization > succeeded. > > + @retval FALSE SHA-256 context initialization > failed. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Sha256Init ( > > + OUT VOID *Sha256Context > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sha256Init, (Sha256Context), > FALSE); > > +} > > + > > +/** > > + Makes a copy of an existing SHA-256 context. > > + > > + If Sha256Context is NULL, then return FALSE. > > + If NewSha256Context is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] Sha256Context Pointer to SHA-256 > context being copied. > > + @param[out] NewSha256Context Pointer to new SHA- > 256 context. > > + > > + @retval TRUE SHA-256 context copy succeeded. > > + @retval FALSE SHA-256 context copy failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Sha256Duplicate ( > > + IN CONST VOID *Sha256Context, > > + OUT VOID *NewSha256Context > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sha256Duplicate, > (Sha256Context, > > NewSha256Context), FALSE); > > +} > > + > > +/** > > + Digests the input data and updates SHA-256 > context. > > + > > + This function performs SHA-256 digest on a data > buffer of the specified size. > > + It can be called multiple times to compute the > digest of long or discontinuous > > data streams. > > + SHA-256 context should be already correctly > initialized by Sha256Init(), and > > should not be finalized > > + by Sha256Final(). Behavior with invalid context is > undefined. > > + > > + If Sha256Context is NULL, then return FALSE. > > + > > + @param[in, out] Sha256Context Pointer to the > SHA-256 context. > > + @param[in] Data Pointer to the > buffer containing the data to be > > hashed. > > + @param[in] DataSize Size of Data > buffer in bytes. > > + > > + @retval TRUE SHA-256 data digest succeeded. > > + @retval FALSE SHA-256 data digest failed. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Sha256Update ( > > + IN OUT VOID *Sha256Context, > > + IN CONST VOID *Data, > > + IN UINTN DataSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sha256Update, (Sha256Context, > Data, DataSize), > > FALSE); > > +} > > + > > +/** > > + Completes computation of the SHA-256 digest value. > > + > > + This function completes SHA-256 hash computation > and retrieves the digest > > value into > > + the specified memory. After this function has been > called, the SHA-256 > > context cannot > > + be used again. > > + SHA-256 context should be already correctly > initialized by Sha256Init(), and > > should not be > > + finalized by Sha256Final(). Behavior with invalid > SHA-256 context is undefined. > > + > > + If Sha256Context is NULL, then return FALSE. > > + If HashValue is NULL, then return FALSE. > > + > > + @param[in, out] Sha256Context Pointer to the > SHA-256 context. > > + @param[out] HashValue Pointer to a > buffer that receives the SHA-256 > > digest > > + value (32 bytes). > > + > > + @retval TRUE SHA-256 digest computation > succeeded. > > + @retval FALSE SHA-256 digest computation failed. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Sha256Final ( > > + IN OUT VOID *Sha256Context, > > + OUT UINT8 *HashValue > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sha256Final, (Sha256Context, > HashValue), FALSE); > > +} > > + > > +/** > > + Computes the SHA-256 message digest of a input > data buffer. > > + > > + This function performs the SHA-256 message digest > of a given data buffer, > > and places > > + the digest value into the specified memory. > > + > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] Data Pointer to the buffer > containing the data to be hashed. > > + @param[in] DataSize Size of Data buffer in > bytes. > > + @param[out] HashValue Pointer to a buffer that > receives the SHA-256 > > digest > > + value (32 bytes). > > + > > + @retval TRUE SHA-256 digest computation > succeeded. > > + @retval FALSE SHA-256 digest computation failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Sha256HashAll ( > > + IN CONST VOID *Data, > > + IN UINTN DataSize, > > + OUT UINT8 *HashValue > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sha256HashAll, (Data, > DataSize, HashValue), FALSE); > > +} > > + > > +/** > > + Retrieves the size, in bytes, of the context > buffer required for SHA-384 hash > > operations. > > + > > + @return The size, in bytes, of the context buffer > required for SHA-384 hash > > operations. > > + > > +**/ > > +UINTN > > +EFIAPI > > +Sha384GetContextSize ( > > + VOID > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sha384GetContextSize, (), 0); > > +} > > + > > +/** > > + Initializes user-supplied memory pointed by > Sha384Context as SHA-384 hash > > context for > > + subsequent use. > > + > > + If Sha384Context is NULL, then return FALSE. > > + > > + @param[out] Sha384Context Pointer to SHA-384 > context being initialized. > > + > > + @retval TRUE SHA-384 context initialization > succeeded. > > + @retval FALSE SHA-384 context initialization > failed. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Sha384Init ( > > + OUT VOID *Sha384Context > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sha384Init, (Sha384Context), > FALSE); > > +} > > + > > +/** > > + Makes a copy of an existing SHA-384 context. > > + > > + If Sha384Context is NULL, then return FALSE. > > + If NewSha384Context is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] Sha384Context Pointer to SHA-384 > context being copied. > > + @param[out] NewSha384Context Pointer to new SHA- > 384 context. > > + > > + @retval TRUE SHA-384 context copy succeeded. > > + @retval FALSE SHA-384 context copy failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Sha384Duplicate ( > > + IN CONST VOID *Sha384Context, > > + OUT VOID *NewSha384Context > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sha384Duplicate, > (Sha384Context, > > NewSha384Context), FALSE); > > +} > > + > > +/** > > + Digests the input data and updates SHA-384 > context. > > + > > + This function performs SHA-384 digest on a data > buffer of the specified size. > > + It can be called multiple times to compute the > digest of long or discontinuous > > data streams. > > + SHA-384 context should be already correctly > initialized by Sha384Init(), and > > should not be finalized > > + by Sha384Final(). Behavior with invalid context is > undefined. > > + > > + If Sha384Context is NULL, then return FALSE. > > + > > + @param[in, out] Sha384Context Pointer to the > SHA-384 context. > > + @param[in] Data Pointer to the > buffer containing the data to be > > hashed. > > + @param[in] DataSize Size of Data > buffer in bytes. > > + > > + @retval TRUE SHA-384 data digest succeeded. > > + @retval FALSE SHA-384 data digest failed. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Sha384Update ( > > + IN OUT VOID *Sha384Context, > > + IN CONST VOID *Data, > > + IN UINTN DataSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sha384Update, (Sha384Context, > Data, DataSize), > > FALSE); > > +} > > + > > +/** > > + Completes computation of the SHA-384 digest value. > > + > > + This function completes SHA-384 hash computation > and retrieves the digest > > value into > > + the specified memory. After this function has been > called, the SHA-384 > > context cannot > > + be used again. > > + SHA-384 context should be already correctly > initialized by Sha384Init(), and > > should not be > > + finalized by Sha384Final(). Behavior with invalid > SHA-384 context is undefined. > > + > > + If Sha384Context is NULL, then return FALSE. > > + If HashValue is NULL, then return FALSE. > > + > > + @param[in, out] Sha384Context Pointer to the > SHA-384 context. > > + @param[out] HashValue Pointer to a > buffer that receives the SHA-384 > > digest > > + value (48 bytes). > > + > > + @retval TRUE SHA-384 digest computation > succeeded. > > + @retval FALSE SHA-384 digest computation failed. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Sha384Final ( > > + IN OUT VOID *Sha384Context, > > + OUT UINT8 *HashValue > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sha384Final, (Sha384Context, > HashValue), FALSE); > > +} > > + > > +/** > > + Computes the SHA-384 message digest of a input > data buffer. > > + > > + This function performs the SHA-384 message digest > of a given data buffer, > > and places > > + the digest value into the specified memory. > > + > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] Data Pointer to the buffer > containing the data to be hashed. > > + @param[in] DataSize Size of Data buffer in > bytes. > > + @param[out] HashValue Pointer to a buffer that > receives the SHA-384 > > digest > > + value (48 bytes). > > + > > + @retval TRUE SHA-384 digest computation > succeeded. > > + @retval FALSE SHA-384 digest computation failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Sha384HashAll ( > > + IN CONST VOID *Data, > > + IN UINTN DataSize, > > + OUT UINT8 *HashValue > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sha384HashAll, (Data, > DataSize, HashValue), FALSE); > > +} > > + > > +/** > > + Retrieves the size, in bytes, of the context > buffer required for SHA-512 hash > > operations. > > + > > + @return The size, in bytes, of the context buffer > required for SHA-512 hash > > operations. > > + > > +**/ > > +UINTN > > +EFIAPI > > +Sha512GetContextSize ( > > + VOID > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sha512GetContextSize, (), 0); > > +} > > + > > +/** > > + Initializes user-supplied memory pointed by > Sha512Context as SHA-512 hash > > context for > > + subsequent use. > > + > > + If Sha512Context is NULL, then return FALSE. > > + > > + @param[out] Sha512Context Pointer to SHA-512 > context being initialized. > > + > > + @retval TRUE SHA-512 context initialization > succeeded. > > + @retval FALSE SHA-512 context initialization > failed. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Sha512Init ( > > + OUT VOID *Sha512Context > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sha512Init, (Sha512Context), > FALSE); > > +} > > + > > +/** > > + Makes a copy of an existing SHA-512 context. > > + > > + If Sha512Context is NULL, then return FALSE. > > + If NewSha512Context is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] Sha512Context Pointer to SHA-512 > context being copied. > > + @param[out] NewSha512Context Pointer to new SHA- > 512 context. > > + > > + @retval TRUE SHA-512 context copy succeeded. > > + @retval FALSE SHA-512 context copy failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Sha512Duplicate ( > > + IN CONST VOID *Sha512Context, > > + OUT VOID *NewSha512Context > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sha512Duplicate, > (Sha512Context, > > NewSha512Context), FALSE); > > +} > > + > > +/** > > + Digests the input data and updates SHA-512 > context. > > + > > + This function performs SHA-512 digest on a data > buffer of the specified size. > > + It can be called multiple times to compute the > digest of long or discontinuous > > data streams. > > + SHA-512 context should be already correctly > initialized by Sha512Init(), and > > should not be finalized > > + by Sha512Final(). Behavior with invalid context is > undefined. > > + > > + If Sha512Context is NULL, then return FALSE. > > + > > + @param[in, out] Sha512Context Pointer to the > SHA-512 context. > > + @param[in] Data Pointer to the > buffer containing the data to be > > hashed. > > + @param[in] DataSize Size of Data > buffer in bytes. > > + > > + @retval TRUE SHA-512 data digest succeeded. > > + @retval FALSE SHA-512 data digest failed. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Sha512Update ( > > + IN OUT VOID *Sha512Context, > > + IN CONST VOID *Data, > > + IN UINTN DataSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sha512Update, (Sha512Context, > Data, DataSize), > > FALSE); > > +} > > + > > +/** > > + Completes computation of the SHA-512 digest value. > > + > > + This function completes SHA-512 hash computation > and retrieves the digest > > value into > > + the specified memory. After this function has been > called, the SHA-512 > > context cannot > > + be used again. > > + SHA-512 context should be already correctly > initialized by Sha512Init(), and > > should not be > > + finalized by Sha512Final(). Behavior with invalid > SHA-512 context is undefined. > > + > > + If Sha512Context is NULL, then return FALSE. > > + If HashValue is NULL, then return FALSE. > > + > > + @param[in, out] Sha512Context Pointer to the > SHA-512 context. > > + @param[out] HashValue Pointer to a > buffer that receives the SHA-512 > > digest > > + value (64 bytes). > > + > > + @retval TRUE SHA-512 digest computation > succeeded. > > + @retval FALSE SHA-512 digest computation failed. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Sha512Final ( > > + IN OUT VOID *Sha512Context, > > + OUT UINT8 *HashValue > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sha512Final, (Sha512Context, > HashValue), FALSE); > > +} > > + > > +/** > > + Computes the SHA-512 message digest of a input > data buffer. > > + > > + This function performs the SHA-512 message digest > of a given data buffer, > > and places > > + the digest value into the specified memory. > > + > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] Data Pointer to the buffer > containing the data to be hashed. > > + @param[in] DataSize Size of Data buffer in > bytes. > > + @param[out] HashValue Pointer to a buffer that > receives the SHA-512 > > digest > > + value (64 bytes). > > + > > + @retval TRUE SHA-512 digest computation > succeeded. > > + @retval FALSE SHA-512 digest computation failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Sha512HashAll ( > > + IN CONST VOID *Data, > > + IN UINTN DataSize, > > + OUT UINT8 *HashValue > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sha512HashAll, (Data, > DataSize, HashValue), FALSE); > > +} > > + > > +/** > > + Retrieves the size, in bytes, of the context > buffer required for SM3 hash > > operations. > > + > > + @return The size, in bytes, of the context buffer > required for SM3 hash > > operations. > > + > > +**/ > > +UINTN > > +EFIAPI > > +Sm3GetContextSize ( > > + VOID > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sm3GetContextSize, (), 0); > > +} > > + > > +/** > > + Initializes user-supplied memory pointed by > Sm3Context as SM3 hash context > > for > > + subsequent use. > > + > > + If Sm3Context is NULL, then return FALSE. > > + > > + @param[out] Sm3Context Pointer to SM3 context > being initialized. > > + > > + @retval TRUE SM3 context initialization > succeeded. > > + @retval FALSE SM3 context initialization failed. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Sm3Init ( > > + OUT VOID *Sm3Context > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sm3Init, (Sm3Context), > FALSE); > > +} > > + > > +/** > > + Makes a copy of an existing SM3 context. > > + > > + If Sm3Context is NULL, then return FALSE. > > + If NewSm3Context is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] Sm3Context Pointer to SM3 context > being copied. > > + @param[out] NewSm3Context Pointer to new SM3 > context. > > + > > + @retval TRUE SM3 context copy succeeded. > > + @retval FALSE SM3 context copy failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Sm3Duplicate ( > > + IN CONST VOID *Sm3Context, > > + OUT VOID *NewSm3Context > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sm3Duplicate, (Sm3Context, > NewSm3Context), > > FALSE); > > +} > > + > > +/** > > + Digests the input data and updates SM3 context. > > + > > + This function performs SM3 digest on a data buffer > of the specified size. > > + It can be called multiple times to compute the > digest of long or discontinuous > > data streams. > > + SM3 context should be already correctly > initialized by Sm3Init(), and should > > not be finalized > > + by Sm3Final(). Behavior with invalid context is > undefined. > > + > > + If Sm3Context is NULL, then return FALSE. > > + > > + @param[in, out] Sm3Context Pointer to the SM3 > context. > > + @param[in] Data Pointer to the > buffer containing the data to be > > hashed. > > + @param[in] DataSize Size of Data > buffer in bytes. > > + > > + @retval TRUE SM3 data digest succeeded. > > + @retval FALSE SM3 data digest failed. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Sm3Update ( > > + IN OUT VOID *Sm3Context, > > + IN CONST VOID *Data, > > + IN UINTN DataSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sm3Update, (Sm3Context, Data, > DataSize), FALSE); > > +} > > + > > +/** > > + Completes computation of the SM3 digest value. > > + > > + This function completes SM3 hash computation and > retrieves the digest value > > into > > + the specified memory. After this function has been > called, the SM3 context > > cannot > > + be used again. > > + SM3 context should be already correctly > initialized by Sm3Init(), and should > > not be > > + finalized by Sm3Final(). Behavior with invalid SM3 > context is undefined. > > + > > + If Sm3Context is NULL, then return FALSE. > > + If HashValue is NULL, then return FALSE. > > + > > + @param[in, out] Sm3Context Pointer to the SM3 > context. > > + @param[out] HashValue Pointer to a > buffer that receives the SM3 digest > > + value (32 bytes). > > + > > + @retval TRUE SM3 digest computation succeeded. > > + @retval FALSE SM3 digest computation failed. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Sm3Final ( > > + IN OUT VOID *Sm3Context, > > + OUT UINT8 *HashValue > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sm3Final, (Sm3Context, > HashValue), FALSE); > > +} > > + > > +/** > > + Computes the SM3 message digest of a input data > buffer. > > + > > + This function performs the SM3 message digest of a > given data buffer, and > > places > > + the digest value into the specified memory. > > + > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] Data Pointer to the buffer > containing the data to be hashed. > > + @param[in] DataSize Size of Data buffer in > bytes. > > + @param[out] HashValue Pointer to a buffer that > receives the SM3 digest > > + value (32 bytes). > > + > > + @retval TRUE SM3 digest computation succeeded. > > + @retval FALSE SM3 digest computation failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Sm3HashAll ( > > + IN CONST VOID *Data, > > + IN UINTN DataSize, > > + OUT UINT8 *HashValue > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Sm3HashAll, (Data, DataSize, > HashValue), FALSE); > > +} > > + > > > +//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > +// MAC (Message Authentication Code) Primitive > > > +//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > + > > +/** > > + Allocates and initializes one HMAC_CTX context for > subsequent HMAC-MD5 > > use. > > + > > + If this interface is not supported, then return > NULL. > > + > > + @return Pointer to the HMAC_CTX context that has > been initialized. > > + If the allocations fails, HmacMd5New() > returns NULL. > > + @retval NULL This interface is not supported. > > + > > +**/ > > +VOID * > > +EFIAPI > > +HmacMd5New ( > > + VOID > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (HmacMd5New, (), NULL); > > +} > > + > > +/** > > + Release the specified HMAC_CTX context. > > + > > + If this interface is not supported, then do > nothing. > > + > > + @param[in] HmacMd5Ctx Pointer to the HMAC_CTX > context to be released. > > + > > +**/ > > +VOID > > +EFIAPI > > +HmacMd5Free ( > > + IN VOID *HmacMd5Ctx > > + ) > > +{ > > + CALL_VOID_CRYPTO_SERVICE (HmacMd5Free, > (HmacMd5Ctx)); > > +} > > + > > +/** > > + Set user-supplied key for subsequent use. It must > be done before any > > + calling to HmacMd5Update(). > > + > > + If HmacMd5Context is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[out] HmacMd5Context Pointer to HMAC-MD5 > context. > > + @param[in] Key Pointer to the user- > supplied key. > > + @param[in] KeySize Key size in bytes. > > + > > + @retval TRUE Key is set successfully. > > + @retval FALSE Key is set unsuccessfully. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +HmacMd5SetKey ( > > + OUT VOID *HmacMd5Context, > > + IN CONST UINT8 *Key, > > + IN UINTN KeySize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (HmacMd5SetKey, > (HmacMd5Context, Key, KeySize), > > FALSE); > > +} > > + > > +/** > > + Makes a copy of an existing HMAC-MD5 context. > > + > > + If HmacMd5Context is NULL, then return FALSE. > > + If NewHmacMd5Context is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] HmacMd5Context Pointer to HMAC-MD5 > context being copied. > > + @param[out] NewHmacMd5Context Pointer to new > HMAC-MD5 context. > > + > > + @retval TRUE HMAC-MD5 context copy succeeded. > > + @retval FALSE HMAC-MD5 context copy failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +HmacMd5Duplicate ( > > + IN CONST VOID *HmacMd5Context, > > + OUT VOID *NewHmacMd5Context > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (HmacMd5Duplicate, > (HmacMd5Context, > > NewHmacMd5Context), FALSE); > > +} > > + > > +/** > > + Digests the input data and updates HMAC-MD5 > context. > > + > > + This function performs HMAC-MD5 digest on a data > buffer of the specified > > size. > > + It can be called multiple times to compute the > digest of long or discontinuous > > data streams. > > + HMAC-MD5 context should be initialized by > HmacMd5New(), and should not > > be finalized by > > + HmacMd5Final(). Behavior with invalid context is > undefined. > > + > > + If HmacMd5Context is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in, out] HmacMd5Context Pointer to the > HMAC-MD5 context. > > + @param[in] Data Pointer to the > buffer containing the data to be > > digested. > > + @param[in] DataSize Size of Data > buffer in bytes. > > + > > + @retval TRUE HMAC-MD5 data digest succeeded. > > + @retval FALSE HMAC-MD5 data digest failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +HmacMd5Update ( > > + IN OUT VOID *HmacMd5Context, > > + IN CONST VOID *Data, > > + IN UINTN DataSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (HmacMd5Update, > (HmacMd5Context, Data, > > DataSize), FALSE); > > +} > > + > > +/** > > + Completes computation of the HMAC-MD5 digest > value. > > + > > + This function completes HMAC-MD5 hash computation > and retrieves the > > digest value into > > + the specified memory. After this function has been > called, the HMAC-MD5 > > context cannot > > + be used again. > > + HMAC-MD5 context should be initialized by > HmacMd5New(), and should not > > be finalized by > > + HmacMd5Final(). Behavior with invalid HMAC-MD5 > context is undefined. > > + > > + If HmacMd5Context is NULL, then return FALSE. > > + If HmacValue is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in, out] HmacMd5Context Pointer to the > HMAC-MD5 context. > > + @param[out] HmacValue Pointer to a > buffer that receives the HMAC- > > MD5 digest > > + value (16 bytes). > > + > > + @retval TRUE HMAC-MD5 digest computation > succeeded. > > + @retval FALSE HMAC-MD5 digest computation failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +HmacMd5Final ( > > + IN OUT VOID *HmacMd5Context, > > + OUT UINT8 *HmacValue > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (HmacMd5Final, > (HmacMd5Context, HmacValue), > > FALSE); > > +} > > + > > +/** > > + Allocates and initializes one HMAC_CTX context for > subsequent HMAC-SHA1 > > use. > > + > > + If this interface is not supported, then return > NULL. > > + > > + @return Pointer to the HMAC_CTX context that has > been initialized. > > + If the allocations fails, HmacSha1New() > returns NULL. > > + @return NULL This interface is not supported. > > + > > +**/ > > +VOID * > > +EFIAPI > > +HmacSha1New ( > > + VOID > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (HmacSha1New, (), NULL); > > +} > > + > > +/** > > + Release the specified HMAC_CTX context. > > + > > + If this interface is not supported, then do > nothing. > > + > > + @param[in] HmacSha1Ctx Pointer to the HMAC_CTX > context to be released. > > + > > +**/ > > +VOID > > +EFIAPI > > +HmacSha1Free ( > > + IN VOID *HmacSha1Ctx > > + ) > > +{ > > + CALL_VOID_CRYPTO_SERVICE (HmacSha1Free, > (HmacSha1Ctx)); > > +} > > + > > +/** > > + Set user-supplied key for subsequent use. It must > be done before any > > + calling to HmacSha1Update(). > > + > > + If HmacSha1Context is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[out] HmacSha1Context Pointer to HMAC-SHA1 > context. > > + @param[in] Key Pointer to the user- > supplied key. > > + @param[in] KeySize Key size in bytes. > > + > > + @retval TRUE The Key is set successfully. > > + @retval FALSE The Key is set unsuccessfully. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +HmacSha1SetKey ( > > + OUT VOID *HmacSha1Context, > > + IN CONST UINT8 *Key, > > + IN UINTN KeySize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (HmacSha1SetKey, > (HmacSha1Context, Key, KeySize), > > FALSE); > > +} > > + > > +/** > > + Makes a copy of an existing HMAC-SHA1 context. > > + > > + If HmacSha1Context is NULL, then return FALSE. > > + If NewHmacSha1Context is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] HmacSha1Context Pointer to HMAC- > SHA1 context being > > copied. > > + @param[out] NewHmacSha1Context Pointer to new > HMAC-SHA1 context. > > + > > + @retval TRUE HMAC-SHA1 context copy succeeded. > > + @retval FALSE HMAC-SHA1 context copy failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +HmacSha1Duplicate ( > > + IN CONST VOID *HmacSha1Context, > > + OUT VOID *NewHmacSha1Context > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (HmacSha1Duplicate, > (HmacSha1Context, > > NewHmacSha1Context), FALSE); > > +} > > + > > +/** > > + Digests the input data and updates HMAC-SHA1 > context. > > + > > + This function performs HMAC-SHA1 digest on a data > buffer of the specified > > size. > > + It can be called multiple times to compute the > digest of long or discontinuous > > data streams. > > + HMAC-SHA1 context should be initialized by > HmacSha1New(), and should not > > be finalized by > > + HmacSha1Final(). Behavior with invalid context is > undefined. > > + > > + If HmacSha1Context is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in, out] HmacSha1Context Pointer to the > HMAC-SHA1 context. > > + @param[in] Data Pointer to the > buffer containing the data to be > > digested. > > + @param[in] DataSize Size of Data > buffer in bytes. > > + > > + @retval TRUE HMAC-SHA1 data digest succeeded. > > + @retval FALSE HMAC-SHA1 data digest failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +HmacSha1Update ( > > + IN OUT VOID *HmacSha1Context, > > + IN CONST VOID *Data, > > + IN UINTN DataSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (HmacSha1Update, > (HmacSha1Context, Data, > > DataSize), FALSE); > > +} > > + > > +/** > > + Completes computation of the HMAC-SHA1 digest > value. > > + > > + This function completes HMAC-SHA1 hash computation > and retrieves the > > digest value into > > + the specified memory. After this function has been > called, the HMAC-SHA1 > > context cannot > > + be used again. > > + HMAC-SHA1 context should be initialized by > HmacSha1New(), and should not > > be finalized > > + by HmacSha1Final(). Behavior with invalid HMAC- > SHA1 context is undefined. > > + > > + If HmacSha1Context is NULL, then return FALSE. > > + If HmacValue is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in, out] HmacSha1Context Pointer to the > HMAC-SHA1 context. > > + @param[out] HmacValue Pointer to a > buffer that receives the HMAC- > > SHA1 digest > > + value (20 > bytes). > > + > > + @retval TRUE HMAC-SHA1 digest computation > succeeded. > > + @retval FALSE HMAC-SHA1 digest computation > failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +HmacSha1Final ( > > + IN OUT VOID *HmacSha1Context, > > + OUT UINT8 *HmacValue > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (HmacSha1Final, > (HmacSha1Context, HmacValue), > > FALSE); > > +} > > + > > +/** > > + Allocates and initializes one HMAC_CTX context for > subsequent HMAC- > > SHA256 use. > > + > > + @return Pointer to the HMAC_CTX context that has > been initialized. > > + If the allocations fails, HmacSha256New() > returns NULL. > > + > > +**/ > > +VOID * > > +EFIAPI > > +HmacSha256New ( > > + VOID > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (HmacSha256New, (), NULL); > > +} > > + > > +/** > > + Release the specified HMAC_CTX context. > > + > > + @param[in] HmacSha256Ctx Pointer to the HMAC_CTX > context to be > > released. > > + > > +**/ > > +VOID > > +EFIAPI > > +HmacSha256Free ( > > + IN VOID *HmacSha256Ctx > > + ) > > +{ > > + CALL_VOID_CRYPTO_SERVICE (HmacSha256Free, > (HmacSha256Ctx)); > > +} > > + > > +/** > > + Set user-supplied key for subsequent use. It must > be done before any > > + calling to HmacSha256Update(). > > + > > + If HmacSha256Context is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[out] HmacSha256Context Pointer to HMAC- > SHA256 context. > > + @param[in] Key Pointer to the > user-supplied key. > > + @param[in] KeySize Key size in bytes. > > + > > + @retval TRUE The Key is set successfully. > > + @retval FALSE The Key is set unsuccessfully. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +HmacSha256SetKey ( > > + OUT VOID *HmacSha256Context, > > + IN CONST UINT8 *Key, > > + IN UINTN KeySize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (HmacSha256SetKey, > (HmacSha256Context, Key, > > KeySize), FALSE); > > +} > > + > > +/** > > + Makes a copy of an existing HMAC-SHA256 context. > > + > > + If HmacSha256Context is NULL, then return FALSE. > > + If NewHmacSha256Context is NULL, then return > FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] HmacSha256Context Pointer to HMAC- > SHA256 context being > > copied. > > + @param[out] NewHmacSha256Context Pointer to new > HMAC-SHA256 > > context. > > + > > + @retval TRUE HMAC-SHA256 context copy succeeded. > > + @retval FALSE HMAC-SHA256 context copy failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +HmacSha256Duplicate ( > > + IN CONST VOID *HmacSha256Context, > > + OUT VOID *NewHmacSha256Context > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (HmacSha256Duplicate, > (HmacSha256Context, > > NewHmacSha256Context), FALSE); > > +} > > + > > +/** > > + Digests the input data and updates HMAC-SHA256 > context. > > + > > + This function performs HMAC-SHA256 digest on a > data buffer of the specified > > size. > > + It can be called multiple times to compute the > digest of long or discontinuous > > data streams. > > + HMAC-SHA256 context should be initialized by > HmacSha256New(), and should > > not be finalized > > + by HmacSha256Final(). Behavior with invalid > context is undefined. > > + > > + If HmacSha256Context is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in, out] HmacSha256Context Pointer to the > HMAC-SHA256 context. > > + @param[in] Data Pointer to the > buffer containing the data to be > > digested. > > + @param[in] DataSize Size of Data > buffer in bytes. > > + > > + @retval TRUE HMAC-SHA256 data digest succeeded. > > + @retval FALSE HMAC-SHA256 data digest failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +HmacSha256Update ( > > + IN OUT VOID *HmacSha256Context, > > + IN CONST VOID *Data, > > + IN UINTN DataSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (HmacSha256Update, > (HmacSha256Context, Data, > > DataSize), FALSE); > > +} > > + > > +/** > > + Completes computation of the HMAC-SHA256 digest > value. > > + > > + This function completes HMAC-SHA256 hash > computation and retrieves the > > digest value into > > + the specified memory. After this function has been > called, the HMAC-SHA256 > > context cannot > > + be used again. > > + HMAC-SHA256 context should be initialized by > HmacSha256New(), and should > > not be finalized > > + by HmacSha256Final(). Behavior with invalid HMAC- > SHA256 context is > > undefined. > > + > > + If HmacSha256Context is NULL, then return FALSE. > > + If HmacValue is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in, out] HmacSha256Context Pointer to the > HMAC-SHA256 context. > > + @param[out] HmacValue Pointer to a > buffer that receives the HMAC- > > SHA256 digest > > + value (32 > bytes). > > + > > + @retval TRUE HMAC-SHA256 digest computation > succeeded. > > + @retval FALSE HMAC-SHA256 digest computation > failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +HmacSha256Final ( > > + IN OUT VOID *HmacSha256Context, > > + OUT UINT8 *HmacValue > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (HmacSha256Final, > (HmacSha256Context, > > HmacValue), FALSE); > > +} > > + > > > +//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > +// Symmetric Cryptography Primitive > > > +//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > + > > +/** > > + Retrieves the size, in bytes, of the context > buffer required for TDES operations. > > + > > + If this interface is not supported, then return > zero. > > + > > + @return The size, in bytes, of the context buffer > required for TDES operations. > > + @retval 0 This interface is not supported. > > + > > +**/ > > +UINTN > > +EFIAPI > > +TdesGetContextSize ( > > + VOID > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TdesGetContextSize, (), 0); > > +} > > + > > +/** > > + Initializes user-supplied memory as TDES context > for subsequent use. > > + > > + This function initializes user-supplied memory > pointed by TdesContext as TDES > > context. > > + In addition, it sets up all TDES key materials for > subsequent encryption and > > decryption > > + operations. > > + There are 3 key options as follows: > > + KeyLength =3D 64, Keying option 1: K1 =3D=3D K2 =3D=3D K3 > (Backward compatibility with > > DES) > > + KeyLength =3D 128, Keying option 2: K1 !=3D K2 and K3 > =3D K1 (Less Security) > > + KeyLength =3D 192 Keying option 3: K1 !=3D K2 !=3D K3 > (Strongest) > > + > > + If TdesContext is NULL, then return FALSE. > > + If Key is NULL, then return FALSE. > > + If KeyLength is not valid, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[out] TdesContext Pointer to TDES context > being initialized. > > + @param[in] Key Pointer to the user- > supplied TDES key. > > + @param[in] KeyLength Length of TDES key in > bits. > > + > > + @retval TRUE TDES context initialization > succeeded. > > + @retval FALSE TDES context initialization failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +TdesInit ( > > + OUT VOID *TdesContext, > > + IN CONST UINT8 *Key, > > + IN UINTN KeyLength > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TdesInit, (TdesContext, Key, > KeyLength), FALSE); > > +} > > + > > +/** > > + Performs TDES encryption on a data buffer of the > specified size in ECB mode. > > + > > + This function performs TDES encryption on data > buffer pointed by Input, of > > specified > > + size of InputSize, in ECB mode. > > + InputSize must be multiple of block size (8 > bytes). This function does not > > perform > > + padding. Caller must perform padding, if > necessary, to ensure valid input data > > size. > > + TdesContext should be already correctly > initialized by TdesInit(). Behavior with > > + invalid TDES context is undefined. > > + > > + If TdesContext is NULL, then return FALSE. > > + If Input is NULL, then return FALSE. > > + If InputSize is not multiple of block size (8 > bytes), then return FALSE. > > + If Output is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] TdesContext Pointer to the TDES > context. > > + @param[in] Input Pointer to the buffer > containing the data to be > > encrypted. > > + @param[in] InputSize Size of the Input buffer > in bytes. > > + @param[out] Output Pointer to a buffer that > receives the TDES encryption > > output. > > + > > + @retval TRUE TDES encryption succeeded. > > + @retval FALSE TDES encryption failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +TdesEcbEncrypt ( > > + IN VOID *TdesContext, > > + IN CONST UINT8 *Input, > > + IN UINTN InputSize, > > + OUT UINT8 *Output > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TdesEcbEncrypt, (TdesContext, > Input, InputSize, > > Output), FALSE); > > +} > > + > > +/** > > + Performs TDES decryption on a data buffer of the > specified size in ECB mode. > > + > > + This function performs TDES decryption on data > buffer pointed by Input, of > > specified > > + size of InputSize, in ECB mode. > > + InputSize must be multiple of block size (8 > bytes). This function does not > > perform > > + padding. Caller must perform padding, if > necessary, to ensure valid input data > > size. > > + TdesContext should be already correctly > initialized by TdesInit(). Behavior with > > + invalid TDES context is undefined. > > + > > + If TdesContext is NULL, then return FALSE. > > + If Input is NULL, then return FALSE. > > + If InputSize is not multiple of block size (8 > bytes), then return FALSE. > > + If Output is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] TdesContext Pointer to the TDES > context. > > + @param[in] Input Pointer to the buffer > containing the data to be > > decrypted. > > + @param[in] InputSize Size of the Input buffer > in bytes. > > + @param[out] Output Pointer to a buffer that > receives the TDES decryption > > output. > > + > > + @retval TRUE TDES decryption succeeded. > > + @retval FALSE TDES decryption failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +TdesEcbDecrypt ( > > + IN VOID *TdesContext, > > + IN CONST UINT8 *Input, > > + IN UINTN InputSize, > > + OUT UINT8 *Output > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TdesEcbDecrypt, (TdesContext, > Input, InputSize, > > Output), FALSE); > > +} > > + > > +/** > > + Performs TDES encryption on a data buffer of the > specified size in CBC mode. > > + > > + This function performs TDES encryption on data > buffer pointed by Input, of > > specified > > + size of InputSize, in CBC mode. > > + InputSize must be multiple of block size (8 > bytes). This function does not > > perform > > + padding. Caller must perform padding, if > necessary, to ensure valid input data > > size. > > + Initialization vector should be one block size (8 > bytes). > > + TdesContext should be already correctly > initialized by TdesInit(). Behavior with > > + invalid TDES context is undefined. > > + > > + If TdesContext is NULL, then return FALSE. > > + If Input is NULL, then return FALSE. > > + If InputSize is not multiple of block size (8 > bytes), then return FALSE. > > + If Ivec is NULL, then return FALSE. > > + If Output is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] TdesContext Pointer to the TDES > context. > > + @param[in] Input Pointer to the buffer > containing the data to be > > encrypted. > > + @param[in] InputSize Size of the Input buffer > in bytes. > > + @param[in] Ivec Pointer to > initialization vector. > > + @param[out] Output Pointer to a buffer that > receives the TDES encryption > > output. > > + > > + @retval TRUE TDES encryption succeeded. > > + @retval FALSE TDES encryption failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +TdesCbcEncrypt ( > > + IN VOID *TdesContext, > > + IN CONST UINT8 *Input, > > + IN UINTN InputSize, > > + IN CONST UINT8 *Ivec, > > + OUT UINT8 *Output > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TdesCbcEncrypt, (TdesContext, > Input, InputSize, Ivec, > > Output), FALSE); > > +} > > + > > +/** > > + Performs TDES decryption on a data buffer of the > specified size in CBC mode. > > + > > + This function performs TDES decryption on data > buffer pointed by Input, of > > specified > > + size of InputSize, in CBC mode. > > + InputSize must be multiple of block size (8 > bytes). This function does not > > perform > > + padding. Caller must perform padding, if > necessary, to ensure valid input data > > size. > > + Initialization vector should be one block size (8 > bytes). > > + TdesContext should be already correctly > initialized by TdesInit(). Behavior with > > + invalid TDES context is undefined. > > + > > + If TdesContext is NULL, then return FALSE. > > + If Input is NULL, then return FALSE. > > + If InputSize is not multiple of block size (8 > bytes), then return FALSE. > > + If Ivec is NULL, then return FALSE. > > + If Output is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] TdesContext Pointer to the TDES > context. > > + @param[in] Input Pointer to the buffer > containing the data to be > > encrypted. > > + @param[in] InputSize Size of the Input buffer > in bytes. > > + @param[in] Ivec Pointer to > initialization vector. > > + @param[out] Output Pointer to a buffer that > receives the TDES encryption > > output. > > + > > + @retval TRUE TDES decryption succeeded. > > + @retval FALSE TDES decryption failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +TdesCbcDecrypt ( > > + IN VOID *TdesContext, > > + IN CONST UINT8 *Input, > > + IN UINTN InputSize, > > + IN CONST UINT8 *Ivec, > > + OUT UINT8 *Output > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TdesCbcDecrypt, (TdesContext, > Input, InputSize, Ivec, > > Output), FALSE); > > +} > > + > > +/** > > + Retrieves the size, in bytes, of the context > buffer required for AES operations. > > + > > + If this interface is not supported, then return > zero. > > + > > + @return The size, in bytes, of the context buffer > required for AES operations. > > + @retval 0 This interface is not supported. > > + > > +**/ > > +UINTN > > +EFIAPI > > +AesGetContextSize ( > > + VOID > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (AesGetContextSize, (), 0); > > +} > > + > > +/** > > + Initializes user-supplied memory as AES context > for subsequent use. > > + > > + This function initializes user-supplied memory > pointed by AesContext as AES > > context. > > + In addition, it sets up all AES key materials for > subsequent encryption and > > decryption > > + operations. > > + There are 3 options for key length, 128 bits, 192 > bits, and 256 bits. > > + > > + If AesContext is NULL, then return FALSE. > > + If Key is NULL, then return FALSE. > > + If KeyLength is not valid, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[out] AesContext Pointer to AES context > being initialized. > > + @param[in] Key Pointer to the user- > supplied AES key. > > + @param[in] KeyLength Length of AES key in > bits. > > + > > + @retval TRUE AES context initialization > succeeded. > > + @retval FALSE AES context initialization failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +AesInit ( > > + OUT VOID *AesContext, > > + IN CONST UINT8 *Key, > > + IN UINTN KeyLength > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (AesInit, (AesContext, Key, > KeyLength), FALSE); > > +} > > + > > +/** > > + Performs AES encryption on a data buffer of the > specified size in ECB mode. > > + > > + This function performs AES encryption on data > buffer pointed by Input, of > > specified > > + size of InputSize, in ECB mode. > > + InputSize must be multiple of block size (16 > bytes). This function does not > > perform > > + padding. Caller must perform padding, if > necessary, to ensure valid input data > > size. > > + AesContext should be already correctly initialized > by AesInit(). Behavior with > > + invalid AES context is undefined. > > + > > + If AesContext is NULL, then return FALSE. > > + If Input is NULL, then return FALSE. > > + If InputSize is not multiple of block size (16 > bytes), then return FALSE. > > + If Output is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] AesContext Pointer to the AES > context. > > + @param[in] Input Pointer to the buffer > containing the data to be > > encrypted. > > + @param[in] InputSize Size of the Input buffer > in bytes. > > + @param[out] Output Pointer to a buffer that > receives the AES encryption > > output. > > + > > + @retval TRUE AES encryption succeeded. > > + @retval FALSE AES encryption failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +AesEcbEncrypt ( > > + IN VOID *AesContext, > > + IN CONST UINT8 *Input, > > + IN UINTN InputSize, > > + OUT UINT8 *Output > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (AesEcbEncrypt, (AesContext, > Input, InputSize, > > Output), FALSE); > > +} > > + > > +/** > > + Performs AES decryption on a data buffer of the > specified size in ECB mode. > > + > > + This function performs AES decryption on data > buffer pointed by Input, of > > specified > > + size of InputSize, in ECB mode. > > + InputSize must be multiple of block size (16 > bytes). This function does not > > perform > > + padding. Caller must perform padding, if > necessary, to ensure valid input data > > size. > > + AesContext should be already correctly initialized > by AesInit(). Behavior with > > + invalid AES context is undefined. > > + > > + If AesContext is NULL, then return FALSE. > > + If Input is NULL, then return FALSE. > > + If InputSize is not multiple of block size (16 > bytes), then return FALSE. > > + If Output is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] AesContext Pointer to the AES > context. > > + @param[in] Input Pointer to the buffer > containing the data to be > > decrypted. > > + @param[in] InputSize Size of the Input buffer > in bytes. > > + @param[out] Output Pointer to a buffer that > receives the AES decryption > > output. > > + > > + @retval TRUE AES decryption succeeded. > > + @retval FALSE AES decryption failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +AesEcbDecrypt ( > > + IN VOID *AesContext, > > + IN CONST UINT8 *Input, > > + IN UINTN InputSize, > > + OUT UINT8 *Output > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (AesEcbDecrypt, (AesContext, > Input, InputSize, > > Output), FALSE); > > +} > > + > > +/** > > + Performs AES encryption on a data buffer of the > specified size in CBC mode. > > + > > + This function performs AES encryption on data > buffer pointed by Input, of > > specified > > + size of InputSize, in CBC mode. > > + InputSize must be multiple of block size (16 > bytes). This function does not > > perform > > + padding. Caller must perform padding, if > necessary, to ensure valid input data > > size. > > + Initialization vector should be one block size (16 > bytes). > > + AesContext should be already correctly initialized > by AesInit(). Behavior with > > + invalid AES context is undefined. > > + > > + If AesContext is NULL, then return FALSE. > > + If Input is NULL, then return FALSE. > > + If InputSize is not multiple of block size (16 > bytes), then return FALSE. > > + If Ivec is NULL, then return FALSE. > > + If Output is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] AesContext Pointer to the AES > context. > > + @param[in] Input Pointer to the buffer > containing the data to be > > encrypted. > > + @param[in] InputSize Size of the Input buffer > in bytes. > > + @param[in] Ivec Pointer to initialization > vector. > > + @param[out] Output Pointer to a buffer that > receives the AES encryption > > output. > > + > > + @retval TRUE AES encryption succeeded. > > + @retval FALSE AES encryption failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +AesCbcEncrypt ( > > + IN VOID *AesContext, > > + IN CONST UINT8 *Input, > > + IN UINTN InputSize, > > + IN CONST UINT8 *Ivec, > > + OUT UINT8 *Output > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (AesCbcEncrypt, (AesContext, > Input, InputSize, Ivec, > > Output), FALSE); > > +} > > + > > +/** > > + Performs AES decryption on a data buffer of the > specified size in CBC mode. > > + > > + This function performs AES decryption on data > buffer pointed by Input, of > > specified > > + size of InputSize, in CBC mode. > > + InputSize must be multiple of block size (16 > bytes). This function does not > > perform > > + padding. Caller must perform padding, if > necessary, to ensure valid input data > > size. > > + Initialization vector should be one block size (16 > bytes). > > + AesContext should be already correctly initialized > by AesInit(). Behavior with > > + invalid AES context is undefined. > > + > > + If AesContext is NULL, then return FALSE. > > + If Input is NULL, then return FALSE. > > + If InputSize is not multiple of block size (16 > bytes), then return FALSE. > > + If Ivec is NULL, then return FALSE. > > + If Output is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] AesContext Pointer to the AES > context. > > + @param[in] Input Pointer to the buffer > containing the data to be > > encrypted. > > + @param[in] InputSize Size of the Input buffer > in bytes. > > + @param[in] Ivec Pointer to initialization > vector. > > + @param[out] Output Pointer to a buffer that > receives the AES encryption > > output. > > + > > + @retval TRUE AES decryption succeeded. > > + @retval FALSE AES decryption failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +AesCbcDecrypt ( > > + IN VOID *AesContext, > > + IN CONST UINT8 *Input, > > + IN UINTN InputSize, > > + IN CONST UINT8 *Ivec, > > + OUT UINT8 *Output > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (AesCbcDecrypt, (AesContext, > Input, InputSize, Ivec, > > Output), FALSE); > > +} > > + > > +/** > > + Retrieves the size, in bytes, of the context > buffer required for ARC4 operations. > > + > > + If this interface is not supported, then return > zero. > > + > > + @return The size, in bytes, of the context buffer > required for ARC4 operations. > > + @retval 0 This interface is not supported. > > + > > +**/ > > +UINTN > > +EFIAPI > > +Arc4GetContextSize ( > > + VOID > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Arc4GetContextSize, (), 0); > > +} > > + > > +/** > > + Initializes user-supplied memory as ARC4 context > for subsequent use. > > + > > + This function initializes user-supplied memory > pointed by Arc4Context as ARC4 > > context. > > + In addition, it sets up all ARC4 key materials for > subsequent encryption and > > decryption > > + operations. > > + > > + If Arc4Context is NULL, then return FALSE. > > + If Key is NULL, then return FALSE. > > + If KeySize does not in the range of [5, 256] > bytes, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[out] Arc4Context Pointer to ARC4 context > being initialized. > > + @param[in] Key Pointer to the user- > supplied ARC4 key. > > + @param[in] KeySize Size of ARC4 key in > bytes. > > + > > + @retval TRUE ARC4 context initialization > succeeded. > > + @retval FALSE ARC4 context initialization failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Arc4Init ( > > + OUT VOID *Arc4Context, > > + IN CONST UINT8 *Key, > > + IN UINTN KeySize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Arc4Init, (Arc4Context, Key, > KeySize), FALSE); > > +} > > + > > +/** > > + Performs ARC4 encryption on a data buffer of the > specified size. > > + > > + This function performs ARC4 encryption on data > buffer pointed by Input, of > > specified > > + size of InputSize. > > + Arc4Context should be already correctly > initialized by Arc4Init(). Behavior with > > + invalid ARC4 context is undefined. > > + > > + If Arc4Context is NULL, then return FALSE. > > + If Input is NULL, then return FALSE. > > + If Output is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in, out] Arc4Context Pointer to the ARC4 > context. > > + @param[in] Input Pointer to the > buffer containing the data to be > > encrypted. > > + @param[in] InputSize Size of the Input > buffer in bytes. > > + @param[out] Output Pointer to a buffer > that receives the ARC4 > > encryption output. > > + > > + @retval TRUE ARC4 encryption succeeded. > > + @retval FALSE ARC4 encryption failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Arc4Encrypt ( > > + IN OUT VOID *Arc4Context, > > + IN CONST UINT8 *Input, > > + IN UINTN InputSize, > > + OUT UINT8 *Output > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Arc4Encrypt, (Arc4Context, > Input, InputSize, Output), > > FALSE); > > +} > > + > > +/** > > + Performs ARC4 decryption on a data buffer of the > specified size. > > + > > + This function performs ARC4 decryption on data > buffer pointed by Input, of > > specified > > + size of InputSize. > > + Arc4Context should be already correctly > initialized by Arc4Init(). Behavior with > > + invalid ARC4 context is undefined. > > + > > + If Arc4Context is NULL, then return FALSE. > > + If Input is NULL, then return FALSE. > > + If Output is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in, out] Arc4Context Pointer to the ARC4 > context. > > + @param[in] Input Pointer to the > buffer containing the data to be > > decrypted. > > + @param[in] InputSize Size of the Input > buffer in bytes. > > + @param[out] Output Pointer to a buffer > that receives the ARC4 > > decryption output. > > + > > + @retval TRUE ARC4 decryption succeeded. > > + @retval FALSE ARC4 decryption failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Arc4Decrypt ( > > + IN OUT VOID *Arc4Context, > > + IN UINT8 *Input, > > + IN UINTN InputSize, > > + OUT UINT8 *Output > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Arc4Decrypt, (Arc4Context, > Input, InputSize, Output), > > FALSE); > > +} > > + > > +/** > > + Resets the ARC4 context to the initial state. > > + > > + The function resets the ARC4 context to the state > it had immediately after the > > + ARC4Init() function call. > > + Contrary to ARC4Init(), Arc4Reset() requires no > secret key as input, but ARC4 > > context > > + should be already correctly initialized by > ARC4Init(). > > + > > + If Arc4Context is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in, out] Arc4Context Pointer to the ARC4 > context. > > + > > + @retval TRUE ARC4 reset succeeded. > > + @retval FALSE ARC4 reset failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Arc4Reset ( > > + IN OUT VOID *Arc4Context > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Arc4Reset, (Arc4Context), > FALSE); > > +} > > + > > > +//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > +// Asymmetric Cryptography Primitive > > > +//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > + > > +/** > > + Allocates and initializes one RSA context for > subsequent use. > > + > > + @return Pointer to the RSA context that has been > initialized. > > + If the allocations fails, RsaNew() > returns NULL. > > + > > +**/ > > +VOID * > > +EFIAPI > > +RsaNew ( > > + VOID > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (RsaNew, (), NULL); > > +} > > + > > +/** > > + Release the specified RSA context. > > + > > + If RsaContext is NULL, then return FALSE. > > + > > + @param[in] RsaContext Pointer to the RSA context > to be released. > > + > > +**/ > > +VOID > > +EFIAPI > > +RsaFree ( > > + IN VOID *RsaContext > > + ) > > +{ > > + CALL_VOID_CRYPTO_SERVICE (RsaFree, (RsaContext)); > > +} > > + > > +/** > > + Sets the tag-designated key component into the > established RSA context. > > + > > + This function sets the tag-designated RSA key > component into the established > > + RSA context from the user-specified non-negative > integer (octet string format > > + represented in RSA PKCS#1). > > + If BigNumber is NULL, then the specified key > component in RSA context is > > cleared. > > + > > + If RsaContext is NULL, then return FALSE. > > + > > + @param[in, out] RsaContext Pointer to RSA > context being set. > > + @param[in] KeyTag Tag of RSA key > component being set. > > + @param[in] BigNumber Pointer to octet > integer buffer. > > + If NULL, then the > specified key component in RSA > > + context is cleared. > > + @param[in] BnSize Size of big number > buffer in bytes. > > + If BigNumber is NULL, > then it is ignored. > > + > > + @retval TRUE RSA key component was set > successfully. > > + @retval FALSE Invalid RSA key component tag. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +RsaSetKey ( > > + IN OUT VOID *RsaContext, > > + IN RSA_KEY_TAG KeyTag, > > + IN CONST UINT8 *BigNumber, > > + IN UINTN BnSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (RsaSetKey, (RsaContext, > KeyTag, BigNumber, BnSize), > > FALSE); > > +} > > + > > +/** > > + Gets the tag-designated RSA key component from the > established RSA context. > > + > > + This function retrieves the tag-designated RSA key > component from the > > + established RSA context as a non-negative integer > (octet string format > > + represented in RSA PKCS#1). > > + If specified key component has not been set or has > been cleared, then > > returned > > + BnSize is set to 0. > > + If the BigNumber buffer is too small to hold the > contents of the key, FALSE > > + is returned and BnSize is set to the required > buffer size to obtain the key. > > + > > + If RsaContext is NULL, then return FALSE. > > + If BnSize is NULL, then return FALSE. > > + If BnSize is large enough but BigNumber is NULL, > then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in, out] RsaContext Pointer to RSA > context being set. > > + @param[in] KeyTag Tag of RSA key > component being set. > > + @param[out] BigNumber Pointer to octet > integer buffer. > > + @param[in, out] BnSize On input, the size of > big number buffer in bytes. > > + On output, the size > of data returned in big number buffer in > > bytes. > > + > > + @retval TRUE RSA key component was retrieved > successfully. > > + @retval FALSE Invalid RSA key component tag. > > + @retval FALSE BnSize is too small. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +RsaGetKey ( > > + IN OUT VOID *RsaContext, > > + IN RSA_KEY_TAG KeyTag, > > + OUT UINT8 *BigNumber, > > + IN OUT UINTN *BnSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (RsaGetKey, (RsaContext, > KeyTag, BigNumber, > > BnSize), FALSE); > > +} > > + > > +/** > > + Generates RSA key components. > > + > > + This function generates RSA key components. It > takes RSA public exponent E > > and > > + length in bits of RSA modulus N as input, and > generates all key components. > > + If PublicExponent is NULL, the default RSA public > exponent (0x10001) will be > > used. > > + > > + Before this function can be invoked, pseudorandom > number generator must > > be correctly > > + initialized by RandomSeed(). > > + > > + If RsaContext is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in, out] RsaContext Pointer to > RSA context being set. > > + @param[in] ModulusLength Length of > RSA modulus N in bits. > > + @param[in] PublicExponent Pointer to > RSA public exponent. > > + @param[in] PublicExponentSize Size of RSA > public exponent buffer in > > bytes. > > + > > + @retval TRUE RSA key component was generated > successfully. > > + @retval FALSE Invalid RSA key component tag. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +RsaGenerateKey ( > > + IN OUT VOID *RsaContext, > > + IN UINTN ModulusLength, > > + IN CONST UINT8 *PublicExponent, > > + IN UINTN PublicExponentSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (RsaGenerateKey, (RsaContext, > ModulusLength, > > PublicExponent, PublicExponentSize), FALSE); > > +} > > + > > +/** > > + Validates key components of RSA context. > > + NOTE: This function performs integrity checks on > all the RSA key material, so > > + the RSA key structure must contain all the > private key data. > > + > > + This function validates key components of RSA > context in following aspects: > > + - Whether p is a prime > > + - Whether q is a prime > > + - Whether n =3D p * q > > + - Whether d*e =3D 1 mod lcm(p-1,q-1) > > + > > + If RsaContext is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] RsaContext Pointer to RSA context to > check. > > + > > + @retval TRUE RSA key components are valid. > > + @retval FALSE RSA key components are not valid. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +RsaCheckKey ( > > + IN VOID *RsaContext > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (RsaCheckKey, (RsaContext), > FALSE); > > +} > > + > > +/** > > + Carries out the RSA-SSA signature generation with > EMSA-PKCS1-v1_5 > > encoding scheme. > > + > > + This function carries out the RSA-SSA signature > generation with EMSA-PKCS1- > > v1_5 encoding scheme defined in > > + RSA PKCS#1. > > + If the Signature buffer is too small to hold the > contents of signature, FALSE > > + is returned and SigSize is set to the required > buffer size to obtain the signature. > > + > > + If RsaContext is NULL, then return FALSE. > > + If MessageHash is NULL, then return FALSE. > > + If HashSize is not equal to the size of MD5, SHA-1 > or SHA-256 digest, then > > return FALSE. > > + If SigSize is large enough but Signature is NULL, > then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] RsaContext Pointer to RSA > context for signature generation. > > + @param[in] MessageHash Pointer to octet > message hash to be signed. > > + @param[in] HashSize Size of the message > hash in bytes. > > + @param[out] Signature Pointer to buffer to > receive RSA PKCS1-v1_5 > > signature. > > + @param[in, out] SigSize On input, the size of > Signature buffer in bytes. > > + On output, the size > of data returned in Signature buffer in > > bytes. > > + > > + @retval TRUE Signature successfully generated > in PKCS1-v1_5. > > + @retval FALSE Signature generation failed. > > + @retval FALSE SigSize is too small. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +RsaPkcs1Sign ( > > + IN VOID *RsaContext, > > + IN CONST UINT8 *MessageHash, > > + IN UINTN HashSize, > > + OUT UINT8 *Signature, > > + IN OUT UINTN *SigSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (RsaPkcs1Sign, (RsaContext, > MessageHash, HashSize, > > Signature, SigSize), FALSE); > > +} > > + > > +/** > > + Verifies the RSA-SSA signature with EMSA-PKCS1- > v1_5 encoding scheme > > defined in > > + RSA PKCS#1. > > + > > + If RsaContext is NULL, then return FALSE. > > + If MessageHash is NULL, then return FALSE. > > + If Signature is NULL, then return FALSE. > > + If HashSize is not equal to the size of MD5, SHA- > 1, SHA-256 digest, then return > > FALSE. > > + > > + @param[in] RsaContext Pointer to RSA context > for signature verification. > > + @param[in] MessageHash Pointer to octet message > hash to be checked. > > + @param[in] HashSize Size of the message hash > in bytes. > > + @param[in] Signature Pointer to RSA PKCS1-v1_5 > signature to be verified. > > + @param[in] SigSize Size of signature in > bytes. > > + > > + @retval TRUE Valid signature encoded in PKCS1- > v1_5. > > + @retval FALSE Invalid signature or invalid RSA > context. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +RsaPkcs1Verify ( > > + IN VOID *RsaContext, > > + IN CONST UINT8 *MessageHash, > > + IN UINTN HashSize, > > + IN CONST UINT8 *Signature, > > + IN UINTN SigSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (RsaPkcs1Verify, (RsaContext, > MessageHash, > > HashSize, Signature, SigSize), FALSE); > > +} > > + > > +/** > > + Retrieve the RSA Private Key from the password- > protected PEM key data. > > + > > + If PemData is NULL, then return FALSE. > > + If RsaContext is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] PemData Pointer to the PEM- > encoded key data to be > > retrieved. > > + @param[in] PemSize Size of the PEM key data > in bytes. > > + @param[in] Password NULL-terminated > passphrase used for encrypted > > PEM key data. > > + @param[out] RsaContext Pointer to new-generated > RSA context which > > contain the retrieved > > + RSA private key > component. Use RsaFree() function to free the > > + resource. > > + > > + @retval TRUE RSA Private Key was retrieved > successfully. > > + @retval FALSE Invalid PEM key data or incorrect > password. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +RsaGetPrivateKeyFromPem ( > > + IN CONST UINT8 *PemData, > > + IN UINTN PemSize, > > + IN CONST CHAR8 *Password, > > + OUT VOID **RsaContext > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (RsaGetPrivateKeyFromPem, > (PemData, PemSize, > > Password, RsaContext), FALSE); > > +} > > + > > +/** > > + Retrieve the RSA Public Key from one DER-encoded > X509 certificate. > > + > > + If Cert is NULL, then return FALSE. > > + If RsaContext is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] Cert Pointer to the DER- > encoded X509 certificate. > > + @param[in] CertSize Size of the X509 > certificate in bytes. > > + @param[out] RsaContext Pointer to new-generated > RSA context which > > contain the retrieved > > + RSA public key component. > Use RsaFree() function to free the > > + resource. > > + > > + @retval TRUE RSA Public Key was retrieved > successfully. > > + @retval FALSE Fail to retrieve RSA public key > from X509 certificate. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +RsaGetPublicKeyFromX509 ( > > + IN CONST UINT8 *Cert, > > + IN UINTN CertSize, > > + OUT VOID **RsaContext > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (RsaGetPublicKeyFromX509, > (Cert, CertSize, > > RsaContext), FALSE); > > +} > > + > > +/** > > + Retrieve the subject bytes from one X.509 > certificate. > > + > > + If Cert is NULL, then return FALSE. > > + If SubjectSize is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] Cert Pointer to the DER- > encoded X509 certificate. > > + @param[in] CertSize Size of the X509 > certificate in bytes. > > + @param[out] CertSubject Pointer to the > retrieved certificate subject bytes. > > + @param[in, out] SubjectSize The size in bytes of > the CertSubject buffer on > > input, > > + and the size of > buffer returned CertSubject on output. > > + > > + @retval TRUE The certificate subject retrieved > successfully. > > + @retval FALSE Invalid certificate, or the > SubjectSize is too small for the result. > > + The SubjectSize will be updated > with the required size. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +X509GetSubjectName ( > > + IN CONST UINT8 *Cert, > > + IN UINTN CertSize, > > + OUT UINT8 *CertSubject, > > + IN OUT UINTN *SubjectSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (X509GetSubjectName, (Cert, > CertSize, CertSubject, > > SubjectSize), FALSE); > > +} > > + > > +/** > > + Retrieve the common name (CN) string from one > X.509 certificate. > > + > > + @param[in] Cert Pointer to the > DER-encoded X509 certificate. > > + @param[in] CertSize Size of the X509 > certificate in bytes. > > + @param[out] CommonName Buffer to contain > the retrieved certificate > > common > > + name string > (UTF8). At most CommonNameSize bytes will > > be > > + written and the > string will be null terminated. May be > > + NULL in order to > determine the size buffer needed. > > + @param[in,out] CommonNameSize The size in bytes > of the CommonName > > buffer on input, > > + and the size of > buffer returned CommonName on output. > > + If CommonName is > NULL then the amount of space needed > > + in buffer > (including the final null) is returned. > > + > > + @retval RETURN_SUCCESS The certificate > CommonName retrieved > > successfully. > > + @retval RETURN_INVALID_PARAMETER If Cert is NULL. > > + If CommonNameSize > is NULL. > > + If CommonName is > not NULL and *CommonNameSize is 0. > > + If Certificate is > invalid. > > + @retval RETURN_NOT_FOUND If no CommonName > entry exists. > > + @retval RETURN_BUFFER_TOO_SMALL If the CommonName > is NULL. The > > required buffer size > > + (including the > final null) is returned in the > > + CommonNameSize > parameter. > > + @retval RETURN_UNSUPPORTED The operation is > not supported. > > + > > +**/ > > +RETURN_STATUS > > +EFIAPI > > +X509GetCommonName ( > > + IN CONST UINT8 *Cert, > > + IN UINTN CertSize, > > + OUT CHAR8 *CommonName, OPTIONAL > > + IN OUT UINTN *CommonNameSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (X509GetCommonName, (Cert, > CertSize, > > CommonName, CommonNameSize), RETURN_UNSUPPORTED); > > +} > > + > > +/** > > + Retrieve the organization name (O) string from one > X.509 certificate. > > + > > + @param[in] Cert Pointer to the > DER-encoded X509 certificate. > > + @param[in] CertSize Size of the X509 > certificate in bytes. > > + @param[out] NameBuffer Buffer to contain > the retrieved certificate > > organization > > + name string. At > most NameBufferSize bytes will be > > + written and the > string will be null terminated. May be > > + NULL in order to > determine the size buffer needed. > > + @param[in,out] NameBufferSize The size in bytes > of the Name buffer on > > input, > > + and the size of > buffer returned Name on output. > > + If NameBuffer is > NULL then the amount of space needed > > + in buffer > (including the final null) is returned. > > + > > + @retval RETURN_SUCCESS The certificate > Organization Name retrieved > > successfully. > > + @retval RETURN_INVALID_PARAMETER If Cert is NULL. > > + If NameBufferSize > is NULL. > > + If NameBuffer is > not NULL and *CommonNameSize is 0. > > + If Certificate is > invalid. > > + @retval RETURN_NOT_FOUND If no > Organization Name entry exists. > > + @retval RETURN_BUFFER_TOO_SMALL If the NameBuffer > is NULL. The > > required buffer size > > + (including the > final null) is returned in the > > + CommonNameSize > parameter. > > + @retval RETURN_UNSUPPORTED The operation is > not supported. > > + > > +**/ > > +RETURN_STATUS > > +EFIAPI > > +X509GetOrganizationName ( > > + IN CONST UINT8 *Cert, > > + IN UINTN CertSize, > > + OUT CHAR8 *NameBuffer, OPTIONAL > > + IN OUT UINTN *NameBufferSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (X509GetOrganizationName, > (Cert, CertSize, > > NameBuffer, NameBufferSize), RETURN_UNSUPPORTED); > > +} > > + > > +/** > > + Verify one X509 certificate was issued by the > trusted CA. > > + > > + If Cert is NULL, then return FALSE. > > + If CACert is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] Cert Pointer to the DER- > encoded X509 certificate to be > > verified. > > + @param[in] CertSize Size of the X509 > certificate in bytes. > > + @param[in] CACert Pointer to the DER- > encoded trusted CA certificate. > > + @param[in] CACertSize Size of the CA > Certificate in bytes. > > + > > + @retval TRUE The certificate was issued by the > trusted CA. > > + @retval FALSE Invalid certificate or the > certificate was not issued by the > > given > > + trusted CA. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +X509VerifyCert ( > > + IN CONST UINT8 *Cert, > > + IN UINTN CertSize, > > + IN CONST UINT8 *CACert, > > + IN UINTN CACertSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (X509VerifyCert, (Cert, > CertSize, CACert, CACertSize), > > FALSE); > > +} > > + > > +/** > > + Construct a X509 object from DER-encoded > certificate data. > > + > > + If Cert is NULL, then return FALSE. > > + If SingleX509Cert is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] Cert Pointer to the DER- > encoded certificate data. > > + @param[in] CertSize The size of > certificate data in bytes. > > + @param[out] SingleX509Cert The generated X509 > object. > > + > > + @retval TRUE The X509 object > generation succeeded. > > + @retval FALSE The operation failed. > > + @retval FALSE This interface is not > supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +X509ConstructCertificate ( > > + IN CONST UINT8 *Cert, > > + IN UINTN CertSize, > > + OUT UINT8 **SingleX509Cert > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (X509ConstructCertificate, > (Cert, CertSize, > > SingleX509Cert), FALSE); > > +} > > + > > +/** > > + Construct a X509 stack object from a list of DER- > encoded certificate data. > > + > > + If X509Stack is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in, out] X509Stack On input, pointer to > an existing or NULL X509 > > stack object. > > + On output, pointer to > the X509 stack object with new > > + inserted X509 > certificate. > > + @param[in] Args VA_LIST marker for the > variable argument list. > > + ... A list of DER-encoded > single certificate data followed > > + by certificate size. A > NULL terminates the list. The > > + pairs are the > arguments to X509ConstructCertificate(). > > + > > + @retval TRUE The X509 stack > construction succeeded. > > + @retval FALSE The construction > operation failed. > > + @retval FALSE This interface is not > supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +X509ConstructCertificateStack ( > > + IN OUT UINT8 **X509Stack, > > + ... > > + ) > > +{ > > + VA_LIST Args; > > + BOOLEAN Result; > > + > > + VA_START (Args, X509Stack); > > + Result =3D X509ConstructCertificateStackV > (X509Stack, Args); > > + VA_END (Args); > > + return Result; > > +} > > + > > +/** > > + Construct a X509 stack object from a list of DER- > encoded certificate data. > > + > > + If X509Stack is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in, out] X509Stack On input, pointer to > an existing or NULL X509 > > stack object. > > + On output, pointer to > the X509 stack object with new > > + inserted X509 > certificate. > > + @param[in] Args VA_LIST marker for the > variable argument list. > > + A list of DER-encoded > single certificate data followed > > + by certificate size. A > NULL terminates the list. The > > + pairs are the > arguments to X509ConstructCertificate(). > > + > > + @retval TRUE The X509 stack > construction succeeded. > > + @retval FALSE The construction > operation failed. > > + @retval FALSE This interface is not > supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +X509ConstructCertificateStackV ( > > + IN OUT UINT8 **X509Stack, > > + IN VA_LIST Args > > + ) > > +{ > > + CALL_CRYPTO_SERVICE > (X509ConstructCertificateStackV, (X509Stack, Args), > > FALSE); > > +} > > + > > +/** > > + Release the specified X509 object. > > + > > + If the interface is not supported, then ASSERT(). > > + > > + @param[in] X509Cert Pointer to the X509 object > to be released. > > + > > +**/ > > +VOID > > +EFIAPI > > +X509Free ( > > + IN VOID *X509Cert > > + ) > > +{ > > + CALL_VOID_CRYPTO_SERVICE (X509Free, (X509Cert)); > > +} > > + > > +/** > > + Release the specified X509 stack object. > > + > > + If the interface is not supported, then ASSERT(). > > + > > + @param[in] X509Stack Pointer to the X509 stack > object to be released. > > + > > +**/ > > +VOID > > +EFIAPI > > +X509StackFree ( > > + IN VOID *X509Stack > > + ) > > +{ > > + CALL_VOID_CRYPTO_SERVICE (X509StackFree, > (X509Stack)); > > +} > > + > > +/** > > + Retrieve the TBSCertificate from one given X.509 > certificate. > > + > > + @param[in] Cert Pointer to the given > DER-encoded X509 certificate. > > + @param[in] CertSize Size of the X509 > certificate in bytes. > > + @param[out] TBSCert DER-Encoded To-Be- > Signed certificate. > > + @param[out] TBSCertSize Size of the TBS > certificate in bytes. > > + > > + If Cert is NULL, then return FALSE. > > + If TBSCert is NULL, then return FALSE. > > + If TBSCertSize is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @retval TRUE The TBSCertificate was retrieved > successfully. > > + @retval FALSE Invalid X.509 certificate. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +X509GetTBSCert ( > > + IN CONST UINT8 *Cert, > > + IN UINTN CertSize, > > + OUT UINT8 **TBSCert, > > + OUT UINTN *TBSCertSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (X509GetTBSCert, (Cert, > CertSize, TBSCert, > > TBSCertSize), FALSE); > > +} > > + > > +/** > > + Derives a key from a password using a salt and > iteration count, based on > > PKCS#5 v2.0 > > + password based encryption key derivation function > PBKDF2, as specified in > > RFC 2898. > > + > > + If Password or Salt or OutKey is NULL, then return > FALSE. > > + If the hash algorithm could not be determined, > then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] PasswordLength Length of input > password in bytes. > > + @param[in] Password Pointer to the array > for the password. > > + @param[in] SaltLength Size of the Salt in > bytes. > > + @param[in] Salt Pointer to the Salt. > > + @param[in] IterationCount Number of iterations > to perform. Its value should > > be > > + greater than or equal > to 1. > > + @param[in] DigestSize Size of the message > digest to be used (eg. > > SHA256_DIGEST_SIZE). > > + NOTE: DigestSize will > be used to determine the hash algorithm. > > + Only > SHA1_DIGEST_SIZE or SHA256_DIGEST_SIZE is > > supported. > > + @param[in] KeyLength Size of the derived > key buffer in bytes. > > + @param[out] OutKey Pointer to the output > derived key buffer. > > + > > + @retval TRUE A key was derived successfully. > > + @retval FALSE One of the pointers was NULL or > one of the sizes was too > > large. > > + @retval FALSE The hash algorithm could not be > determined from the digest > > size. > > + @retval FALSE The key derivation operation > failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Pkcs5HashPassword ( > > + IN UINTN PasswordLength, > > + IN CONST CHAR8 *Password, > > + IN UINTN SaltLength, > > + IN CONST UINT8 *Salt, > > + IN UINTN IterationCount, > > + IN UINTN DigestSize, > > + IN UINTN KeyLength, > > + OUT UINT8 *OutKey > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Pkcs5HashPassword, > (PasswordLength, Password, > > SaltLength, Salt, IterationCount, DigestSize, > KeyLength, OutKey), FALSE); > > +} > > + > > +/** > > + Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. > On success, will return > > the > > + encrypted message in a newly allocated buffer. > > + > > + Things that can cause a failure include: > > + - X509 key size does not match any known key size. > > + - Fail to parse X509 certificate. > > + - Fail to allocate an intermediate buffer. > > + - Null pointer provided for a non-optional > parameter. > > + - Data size is too large for the provided key size > (max size is a function of key > > size > > + and hash digest size). > > + > > + @param[in] PublicKey A pointer to the > DER-encoded X509 certificate > > that > > + will be used to > encrypt the data. > > + @param[in] PublicKeySize Size of the X509 > cert buffer. > > + @param[in] InData Data to be > encrypted. > > + @param[in] InDataSize Size of the data > buffer. > > + @param[in] PrngSeed [Optional] If > provided, a pointer to a random > > seed buffer > > + to be used when > initializing the PRNG. NULL otherwise. > > + @param[in] PrngSeedSize [Optional] If > provided, size of the random seed > > buffer. > > + 0 otherwise. > > + @param[out] EncryptedData Pointer to an > allocated buffer containing the > > encrypted > > + message. > > + @param[out] EncryptedDataSize Size of the > encrypted message buffer. > > + > > + @retval TRUE Encryption was > successful. > > + @retval FALSE Encryption failed. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Pkcs1v2Encrypt ( > > + IN CONST UINT8 *PublicKey, > > + IN UINTN PublicKeySize, > > + IN UINT8 *InData, > > + IN UINTN InDataSize, > > + IN CONST UINT8 *PrngSeed, OPTIONAL > > + IN UINTN PrngSeedSize, OPTIONAL > > + OUT UINT8 **EncryptedData, > > + OUT UINTN *EncryptedDataSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Pkcs1v2Encrypt, (PublicKey, > PublicKeySize, InData, > > InDataSize, PrngSeed, PrngSeedSize, EncryptedData, > EncryptedDataSize), FALSE); > > +} > > + > > +/** > > + Get the signer's certificates from PKCS#7 signed > data as described in "PKCS #7: > > + Cryptographic Message Syntax Standard". The input > signed data could be > > wrapped > > + in a ContentInfo structure. > > + > > + If P7Data, CertStack, StackLength, TrustedCert or > CertLength is NULL, then > > + return FALSE. If P7Length overflow, then return > FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] P7Data Pointer to the PKCS#7 > message to verify. > > + @param[in] P7Length Length of the PKCS#7 > message in bytes. > > + @param[out] CertStack Pointer to Signer's > certificates retrieved from > > P7Data. > > + It's caller's > responsibility to free the buffer with > > + Pkcs7FreeSigners(). > > + This data structure is > EFI_CERT_STACK type. > > + @param[out] StackLength Length of signer's > certificates in bytes. > > + @param[out] TrustedCert Pointer to a trusted > certificate from Signer's > > certificates. > > + It's caller's > responsibility to free the buffer with > > + Pkcs7FreeSigners(). > > + @param[out] CertLength Length of the trusted > certificate in bytes. > > + > > + @retval TRUE The operation is finished > successfully. > > + @retval FALSE Error occurs during the > operation. > > + @retval FALSE This interface is not > supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Pkcs7GetSigners ( > > + IN CONST UINT8 *P7Data, > > + IN UINTN P7Length, > > + OUT UINT8 **CertStack, > > + OUT UINTN *StackLength, > > + OUT UINT8 **TrustedCert, > > + OUT UINTN *CertLength > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Pkcs7GetSigners, (P7Data, > P7Length, CertStack, > > StackLength, TrustedCert, CertLength), FALSE); > > +} > > + > > +/** > > + Wrap function to use free() to free allocated > memory for certificates. > > + > > + If this interface is not supported, then ASSERT(). > > + > > + @param[in] Certs Pointer to the > certificates to be freed. > > + > > +**/ > > +VOID > > +EFIAPI > > +Pkcs7FreeSigners ( > > + IN UINT8 *Certs > > + ) > > +{ > > + CALL_VOID_CRYPTO_SERVICE (Pkcs7FreeSigners, > (Certs)); > > +} > > + > > +/** > > + Retrieves all embedded certificates from PKCS#7 > signed data as described in > > "PKCS #7: > > + Cryptographic Message Syntax Standard", and > outputs two certificate lists > > chained and > > + unchained to the signer's certificates. > > + The input signed data could be wrapped in a > ContentInfo structure. > > + > > + @param[in] P7Data Pointer to the > PKCS#7 message. > > + @param[in] P7Length Length of the PKCS#7 > message in bytes. > > + @param[out] SignerChainCerts Pointer to the > certificates list chained to > > signer's > > + certificate. It's > caller's responsibility to free the buffer > > + with > Pkcs7FreeSigners(). > > + This data structure > is EFI_CERT_STACK type. > > + @param[out] ChainLength Length of the > chained certificates list buffer in > > bytes. > > + @param[out] UnchainCerts Pointer to the > unchained certificates lists. It's > > caller's > > + responsibility to > free the buffer with Pkcs7FreeSigners(). > > + This data structure > is EFI_CERT_STACK type. > > + @param[out] UnchainLength Length of the > unchained certificates list buffer > > in bytes. > > + > > + @retval TRUE The operation is finished > successfully. > > + @retval FALSE Error occurs during the > operation. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Pkcs7GetCertificatesList ( > > + IN CONST UINT8 *P7Data, > > + IN UINTN P7Length, > > + OUT UINT8 **SignerChainCerts, > > + OUT UINTN *ChainLength, > > + OUT UINT8 **UnchainCerts, > > + OUT UINTN *UnchainLength > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Pkcs7GetCertificatesList, > (P7Data, P7Length, > > SignerChainCerts, ChainLength, UnchainCerts, > UnchainLength), FALSE); > > +} > > + > > +/** > > + Creates a PKCS#7 signedData as described in "PKCS > #7: Cryptographic > > Message > > + Syntax Standard, version 1.5". This interface is > only intended to be used for > > + application to perform PKCS#7 functionality > validation. > > + > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] PrivateKey Pointer to the PEM- > formatted private key data for > > + data signing. > > + @param[in] PrivateKeySize Size of the PEM > private key data in bytes. > > + @param[in] KeyPassword NULL-terminated > passphrase used for encrypted > > PEM > > + key data. > > + @param[in] InData Pointer to the > content to be signed. > > + @param[in] InDataSize Size of InData in > bytes. > > + @param[in] SignCert Pointer to signer's > DER-encoded certificate to sign > > with. > > + @param[in] OtherCerts Pointer to an > optional additional set of > > certificates to > > + include in the PKCS#7 > signedData (e.g. any intermediate > > + CAs in the chain). > > + @param[out] SignedData Pointer to output > PKCS#7 signedData. It's caller's > > + responsibility to > free the buffer with FreePool(). > > + @param[out] SignedDataSize Size of SignedData in > bytes. > > + > > + @retval TRUE PKCS#7 data signing > succeeded. > > + @retval FALSE PKCS#7 data signing > failed. > > + @retval FALSE This interface is not > supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Pkcs7Sign ( > > + IN CONST UINT8 *PrivateKey, > > + IN UINTN PrivateKeySize, > > + IN CONST UINT8 *KeyPassword, > > + IN UINT8 *InData, > > + IN UINTN InDataSize, > > + IN UINT8 *SignCert, > > + IN UINT8 *OtherCerts OPTIONAL, > > + OUT UINT8 **SignedData, > > + OUT UINTN *SignedDataSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Pkcs7Sign, (PrivateKey, > PrivateKeySize, KeyPassword, > > InData, InDataSize, SignCert, OtherCerts, SignedData, > SignedDataSize), FALSE); > > +} > > + > > +/** > > + Verifies the validity of a PKCS#7 signed data as > described in "PKCS #7: > > + Cryptographic Message Syntax Standard". The input > signed data could be > > wrapped > > + in a ContentInfo structure. > > + > > + If P7Data, TrustedCert or InData is NULL, then > return FALSE. > > + If P7Length, CertLength or DataLength overflow, > then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] P7Data Pointer to the PKCS#7 > message to verify. > > + @param[in] P7Length Length of the PKCS#7 > message in bytes. > > + @param[in] TrustedCert Pointer to a trusted/root > certificate encoded in DER, > > which > > + is used for certificate > chain verification. > > + @param[in] CertLength Length of the trusted > certificate in bytes. > > + @param[in] InData Pointer to the content to > be verified. > > + @param[in] DataLength Length of InData in > bytes. > > + > > + @retval TRUE The specified PKCS#7 signed data is > valid. > > + @retval FALSE Invalid PKCS#7 signed data. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Pkcs7Verify ( > > + IN CONST UINT8 *P7Data, > > + IN UINTN P7Length, > > + IN CONST UINT8 *TrustedCert, > > + IN UINTN CertLength, > > + IN CONST UINT8 *InData, > > + IN UINTN DataLength > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Pkcs7Verify, (P7Data, > P7Length, TrustedCert, > > CertLength, InData, DataLength), FALSE); > > +} > > + > > +/** > > + This function receives a PKCS7 formatted > signature, and then verifies that > > + the specified Enhanced or Extended Key Usages > (EKU's) are present in the end- > > entity > > + leaf signing certificate. > > + Note that this function does not validate the > certificate chain. > > + > > + Applications for custom EKU's are quite flexible. > For example, a policy EKU > > + may be present in an Issuing Certificate Authority > (CA), and any sub-ordinate > > + certificate issued might also contain this EKU, > thus constraining the > > + sub-ordinate certificate. Other applications > might allow a certificate > > + embedded in a device to specify that other Object > Identifiers (OIDs) are > > + present which contains binary data specifying > custom capabilities that > > + the device is able to do. > > + > > + @param[in] Pkcs7Signature The PKCS#7 signed > information content block. > > An array > > + containing the > content block with both the signature, > > + the signer's > certificate, and any necessary intermediate > > + certificates. > > + @param[in] Pkcs7SignatureSize Number of bytes > in Pkcs7Signature. > > + @param[in] RequiredEKUs Array of null- > terminated strings listing OIDs of > > + required EKUs > that must be present in the signature. > > + @param[in] RequiredEKUsSize Number of > elements in the RequiredEKUs > > string array. > > + @param[in] RequireAllPresent If this is TRUE, > then all of the specified EKU's > > + must be present > in the leaf signer. If it is > > + FALSE, then we > will succeed if we find any > > + of the specified > EKU's. > > + > > + @retval EFI_SUCCESS The required EKUs > were found in the signature. > > + @retval EFI_INVALID_PARAMETER A parameter was > invalid. > > + @retval EFI_NOT_FOUND One or more EKU's > were not found in the > > signature. > > + > > +**/ > > +RETURN_STATUS > > +EFIAPI > > +VerifyEKUsInPkcs7Signature ( > > + IN CONST UINT8 *Pkcs7Signature, > > + IN CONST UINT32 SignatureSize, > > + IN CONST CHAR8 *RequiredEKUs[], > > + IN CONST UINT32 RequiredEKUsSize, > > + IN BOOLEAN RequireAllPresent > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (VerifyEKUsInPkcs7Signature, > (Pkcs7Signature, > > SignatureSize, RequiredEKUs, RequiredEKUsSize, > RequireAllPresent), FALSE); > > +} > > + > > + > > +/** > > + Extracts the attached content from a PKCS#7 signed > data if existed. The input > > signed > > + data could be wrapped in a ContentInfo structure. > > + > > + If P7Data, Content, or ContentSize is NULL, then > return FALSE. If P7Length > > overflow, > > + then return FALSE. If the P7Data is not correctly > formatted, then return FALSE. > > + > > + Caution: This function may receive untrusted > input. So this function will do > > + basic check for PKCS#7 data structure. > > + > > + @param[in] P7Data Pointer to the PKCS#7 > signed data to process. > > + @param[in] P7Length Length of the PKCS#7 > signed data in bytes. > > + @param[out] Content Pointer to the extracted > content from the PKCS#7 > > signedData. > > + It's caller's > responsibility to free the buffer with FreePool(). > > + @param[out] ContentSize The size of the > extracted content in bytes. > > + > > + @retval TRUE The P7Data was correctly > formatted for processing. > > + @retval FALSE The P7Data was not > correctly formatted for processing. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +Pkcs7GetAttachedContent ( > > + IN CONST UINT8 *P7Data, > > + IN UINTN P7Length, > > + OUT VOID **Content, > > + OUT UINTN *ContentSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (Pkcs7GetAttachedContent, > (P7Data, P7Length, > > Content, ContentSize), FALSE); > > +} > > + > > +/** > > + Verifies the validity of a PE/COFF Authenticode > Signature as described in > > "Windows > > + Authenticode Portable Executable Signature > Format". > > + > > + If AuthData is NULL, then return FALSE. > > + If ImageHash is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] AuthData Pointer to the > Authenticode Signature retrieved from > > signed > > + PE/COFF image to be > verified. > > + @param[in] DataSize Size of the Authenticode > Signature in bytes. > > + @param[in] TrustedCert Pointer to a trusted/root > certificate encoded in DER, > > which > > + is used for certificate > chain verification. > > + @param[in] CertSize Size of the trusted > certificate in bytes. > > + @param[in] ImageHash Pointer to the original > image file hash value. The > > procedure > > + for calculating the image > hash value is described in Authenticode > > + specification. > > + @param[in] HashSize Size of Image hash value > in bytes. > > + > > + @retval TRUE The specified Authenticode > Signature is valid. > > + @retval FALSE Invalid Authenticode Signature. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +AuthenticodeVerify ( > > + IN CONST UINT8 *AuthData, > > + IN UINTN DataSize, > > + IN CONST UINT8 *TrustedCert, > > + IN UINTN CertSize, > > + IN CONST UINT8 *ImageHash, > > + IN UINTN HashSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (AuthenticodeVerify, > (AuthData, DataSize, > > TrustedCert, CertSize, ImageHash, HashSize), FALSE); > > +} > > + > > +/** > > + Verifies the validity of a RFC3161 Timestamp > CounterSignature embedded in > > PE/COFF Authenticode > > + signature. > > + > > + If AuthData is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] AuthData Pointer to the > Authenticode Signature retrieved from > > signed > > + PE/COFF image to be > verified. > > + @param[in] DataSize Size of the Authenticode > Signature in bytes. > > + @param[in] TsaCert Pointer to a trusted/root > TSA certificate encoded in > > DER, which > > + is used for TSA > certificate chain verification. > > + @param[in] CertSize Size of the trusted > certificate in bytes. > > + @param[out] SigningTime Return the time of > timestamp generation time if > > the timestamp > > + signature is valid. > > + > > + @retval TRUE The specified Authenticode > includes a valid RFC3161 > > Timestamp CounterSignature. > > + @retval FALSE No valid RFC3161 Timestamp > CounterSignature in the > > specified Authenticode data. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +ImageTimestampVerify ( > > + IN CONST UINT8 *AuthData, > > + IN UINTN DataSize, > > + IN CONST UINT8 *TsaCert, > > + IN UINTN CertSize, > > + OUT EFI_TIME *SigningTime > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (ImageTimestampVerify, > (AuthData, DataSize, > > TsaCert, CertSize, SigningTime), FALSE); > > +} > > + > > > +//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > +// DH Key Exchange Primitive > > > +//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > + > > +/** > > + Allocates and Initializes one Diffie-Hellman > Context for subsequent use. > > + > > + @return Pointer to the Diffie-Hellman Context > that has been initialized. > > + If the allocations fails, DhNew() returns > NULL. > > + If the interface is not supported, > DhNew() returns NULL. > > + > > +**/ > > +VOID * > > +EFIAPI > > +DhNew ( > > + VOID > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (DhNew, (), NULL); > > +} > > + > > +/** > > + Release the specified DH context. > > + > > + If the interface is not supported, then ASSERT(). > > + > > + @param[in] DhContext Pointer to the DH context > to be released. > > + > > +**/ > > +VOID > > +EFIAPI > > +DhFree ( > > + IN VOID *DhContext > > + ) > > +{ > > + CALL_VOID_CRYPTO_SERVICE (DhFree, (DhContext)); > > +} > > + > > +/** > > + Generates DH parameter. > > + > > + Given generator g, and length of prime number p in > bits, this function > > generates p, > > + and sets DH context according to value of g and p. > > + > > + Before this function can be invoked, pseudorandom > number generator must > > be correctly > > + initialized by RandomSeed(). > > + > > + If DhContext is NULL, then return FALSE. > > + If Prime is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in, out] DhContext Pointer to the DH > context. > > + @param[in] Generator Value of generator. > > + @param[in] PrimeLength Length in bits of > prime to be generated. > > + @param[out] Prime Pointer to the > buffer to receive the generated > > prime number. > > + > > + @retval TRUE DH parameter generation succeeded. > > + @retval FALSE Value of Generator is not > supported. > > + @retval FALSE PRNG fails to generate random prime > number with > > PrimeLength. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +DhGenerateParameter ( > > + IN OUT VOID *DhContext, > > + IN UINTN Generator, > > + IN UINTN PrimeLength, > > + OUT UINT8 *Prime > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (DhGenerateParameter, > (DhContext, Generator, > > PrimeLength, Prime), FALSE); > > +} > > + > > +/** > > + Sets generator and prime parameters for DH. > > + > > + Given generator g, and prime number p, this > function and sets DH > > + context accordingly. > > + > > + If DhContext is NULL, then return FALSE. > > + If Prime is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in, out] DhContext Pointer to the DH > context. > > + @param[in] Generator Value of generator. > > + @param[in] PrimeLength Length in bits of > prime to be generated. > > + @param[in] Prime Pointer to the prime > number. > > + > > + @retval TRUE DH parameter setting succeeded. > > + @retval FALSE Value of Generator is not > supported. > > + @retval FALSE Value of Generator is not suitable > for the Prime. > > + @retval FALSE Value of Prime is not a prime > number. > > + @retval FALSE Value of Prime is not a safe prime > number. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +DhSetParameter ( > > + IN OUT VOID *DhContext, > > + IN UINTN Generator, > > + IN UINTN PrimeLength, > > + IN CONST UINT8 *Prime > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (DhSetParameter, (DhContext, > Generator, > > PrimeLength, Prime), FALSE); > > +} > > + > > +/** > > + Generates DH public key. > > + > > + This function generates random secret exponent, > and computes the public key, > > which is > > + returned via parameter PublicKey and > PublicKeySize. DH context is updated > > accordingly. > > + If the PublicKey buffer is too small to hold the > public key, FALSE is returned > > and > > + PublicKeySize is set to the required buffer size > to obtain the public key. > > + > > + If DhContext is NULL, then return FALSE. > > + If PublicKeySize is NULL, then return FALSE. > > + If PublicKeySize is large enough but PublicKey is > NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in, out] DhContext Pointer to the DH > context. > > + @param[out] PublicKey Pointer to the > buffer to receive generated public > > key. > > + @param[in, out] PublicKeySize On input, the size > of PublicKey buffer in bytes. > > + On output, the size > of data returned in PublicKey buffer in > > bytes. > > + > > + @retval TRUE DH public key generation succeeded. > > + @retval FALSE DH public key generation failed. > > + @retval FALSE PublicKeySize is not large enough. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +DhGenerateKey ( > > + IN OUT VOID *DhContext, > > + OUT UINT8 *PublicKey, > > + IN OUT UINTN *PublicKeySize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (DhGenerateKey, (DhContext, > PublicKey, > > PublicKeySize), FALSE); > > +} > > + > > +/** > > + Computes exchanged common key. > > + > > + Given peer's public key, this function computes > the exchanged common key, > > based on its own > > + context including value of prime modulus and > random secret exponent. > > + > > + If DhContext is NULL, then return FALSE. > > + If PeerPublicKey is NULL, then return FALSE. > > + If KeySize is NULL, then return FALSE. > > + If Key is NULL, then return FALSE. > > + If KeySize is not large enough, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in, out] DhContext Pointer to the > DH context. > > + @param[in] PeerPublicKey Pointer to the > peer's public key. > > + @param[in] PeerPublicKeySize Size of peer's > public key in bytes. > > + @param[out] Key Pointer to the > buffer to receive generated key. > > + @param[in, out] KeySize On input, the > size of Key buffer in bytes. > > + On output, the > size of data returned in Key buffer in bytes. > > + > > + @retval TRUE DH exchanged key generation > succeeded. > > + @retval FALSE DH exchanged key generation failed. > > + @retval FALSE KeySize is not large enough. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +DhComputeKey ( > > + IN OUT VOID *DhContext, > > + IN CONST UINT8 *PeerPublicKey, > > + IN UINTN PeerPublicKeySize, > > + OUT UINT8 *Key, > > + IN OUT UINTN *KeySize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (DhComputeKey, (DhContext, > PeerPublicKey, > > PeerPublicKeySize, Key, KeySize), FALSE); > > +} > > + > > > +//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > +// Pseudo-Random Generation Primitive > > > +//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > + > > +/** > > + Sets up the seed value for the pseudorandom number > generator. > > + > > + This function sets up the seed value for the > pseudorandom number generator. > > + If Seed is not NULL, then the seed passed in is > used. > > + If Seed is NULL, then default seed is used. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[in] Seed Pointer to seed value. > > + If NULL, default seed is > used. > > + @param[in] SeedSize Size of seed value. > > + If Seed is NULL, this > parameter is ignored. > > + > > + @retval TRUE Pseudorandom number generator has > enough entropy for > > random generation. > > + @retval FALSE Pseudorandom number generator does > not have enough > > entropy for random generation. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +RandomSeed ( > > + IN CONST UINT8 *Seed OPTIONAL, > > + IN UINTN SeedSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (RandomSeed, (Seed, SeedSize), > FALSE); > > +} > > + > > +/** > > + Generates a pseudorandom byte stream of the > specified size. > > + > > + If Output is NULL, then return FALSE. > > + If this interface is not supported, then return > FALSE. > > + > > + @param[out] Output Pointer to buffer to receive > random value. > > + @param[in] Size Size of random bytes to > generate. > > + > > + @retval TRUE Pseudorandom byte stream generated > successfully. > > + @retval FALSE Pseudorandom number generator fails > to generate due to lack > > of entropy. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +RandomBytes ( > > + OUT UINT8 *Output, > > + IN UINTN Size > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (RandomBytes, (Output, Size), > FALSE); > > +} > > + > > > +//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > +// Key Derivation Function Primitive > > > +//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > + > > +/** > > + Derive key data using HMAC-SHA256 based KDF. > > + > > + @param[in] Key Pointer to the user- > supplied key. > > + @param[in] KeySize Key size in bytes. > > + @param[in] Salt Pointer to the > salt(non-secret) value. > > + @param[in] SaltSize Salt size in bytes. > > + @param[in] Info Pointer to the > application specific info. > > + @param[in] InfoSize Info size in bytes. > > + @param[out] Out Pointer to buffer to > receive hkdf value. > > + @param[in] OutSize Size of hkdf bytes > to generate. > > + > > + @retval TRUE Hkdf generated successfully. > > + @retval FALSE Hkdf generation failed. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +HkdfSha256ExtractAndExpand ( > > + IN CONST UINT8 *Key, > > + IN UINTN KeySize, > > + IN CONST UINT8 *Salt, > > + IN UINTN SaltSize, > > + IN CONST UINT8 *Info, > > + IN UINTN InfoSize, > > + OUT UINT8 *Out, > > + IN UINTN OutSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (HkdfSha256ExtractAndExpand, > (Key, KeySize, Salt, > > SaltSize, Info, InfoSize, Out, OutSize), FALSE); > > +} > > + > > +/** > > + Initializes the OpenSSL library. > > + > > + This function registers ciphers and digests used > directly and indirectly > > + by SSL/TLS, and initializes the readable error > messages. > > + This function must be called before any other > action takes places. > > + > > + @retval TRUE The OpenSSL library has been > initialized. > > + @retval FALSE Failed to initialize the OpenSSL > library. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +TlsInitialize ( > > + VOID > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsInitialize, (), FALSE); > > +} > > + > > +/** > > + Free an allocated SSL_CTX object. > > + > > + @param[in] TlsCtx Pointer to the SSL_CTX > object to be released. > > + > > +**/ > > +VOID > > +EFIAPI > > +TlsCtxFree ( > > + IN VOID *TlsCtx > > + ) > > +{ > > + CALL_VOID_CRYPTO_SERVICE (TlsCtxFree, (TlsCtx)); > > +} > > + > > +/** > > + Creates a new SSL_CTX object as framework to > establish TLS/SSL enabled > > + connections. > > + > > + @param[in] MajorVer Major Version of TLS/SSL > Protocol. > > + @param[in] MinorVer Minor Version of TLS/SSL > Protocol. > > + > > + @return Pointer to an allocated SSL_CTX object. > > + If the creation failed, TlsCtxNew() > returns NULL. > > + > > +**/ > > +VOID * > > +EFIAPI > > +TlsCtxNew ( > > + IN UINT8 MajorVer, > > + IN UINT8 MinorVer > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsCtxNew, (MajorVer, > MinorVer), NULL); > > +} > > + > > +/** > > + Free an allocated TLS object. > > + > > + This function removes the TLS object pointed to by > Tls and frees up the > > + allocated memory. If Tls is NULL, nothing is done. > > + > > + @param[in] Tls Pointer to the TLS object to be > freed. > > + > > +**/ > > +VOID > > +EFIAPI > > +TlsFree ( > > + IN VOID *Tls > > + ) > > +{ > > + CALL_VOID_CRYPTO_SERVICE (TlsFree, (Tls)); > > +} > > + > > +/** > > + Create a new TLS object for a connection. > > + > > + This function creates a new TLS object for a > connection. The new object > > + inherits the setting of the underlying context > TlsCtx: connection method, > > + options, verification setting. > > + > > + @param[in] TlsCtx Pointer to the SSL_CTX > object. > > + > > + @return Pointer to an allocated SSL object. > > + If the creation failed, TlsNew() returns > NULL. > > + > > +**/ > > +VOID * > > +EFIAPI > > +TlsNew ( > > + IN VOID *TlsCtx > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsNew, (TlsCtx), NULL); > > +} > > + > > +/** > > + Checks if the TLS handshake was done. > > + > > + This function will check if the specified TLS > handshake was done. > > + > > + @param[in] Tls Pointer to the TLS object for > handshake state checking. > > + > > + @retval TRUE The TLS handshake was done. > > + @retval FALSE The TLS handshake was not done. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +TlsInHandshake ( > > + IN VOID *Tls > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsInHandshake, (Tls), > FALSE); > > +} > > + > > +/** > > + Perform a TLS/SSL handshake. > > + > > + This function will perform a TLS/SSL handshake. > > + > > + @param[in] Tls Pointer to the TLS > object for handshake operation. > > + @param[in] BufferIn Pointer to the > most recently received TLS > > Handshake packet. > > + @param[in] BufferInSize Packet size in > bytes for the most recently > > received TLS > > + Handshake packet. > > + @param[out] BufferOut Pointer to the > buffer to hold the built packet. > > + @param[in, out] BufferOutSize Pointer to the > buffer size in bytes. On input, it > > is > > + the buffer size > provided by the caller. On output, it > > + is the buffer size > in fact needed to contain the > > + packet. > > + > > + @retval EFI_SUCCESS The required TLS > packet is built successfully. > > + @retval EFI_INVALID_PARAMETER One or more of the > following conditions > > is TRUE: > > + Tls is NULL. > > + BufferIn is NULL > but BufferInSize is NOT 0. > > + BufferInSize is 0 > but BufferIn is NOT NULL. > > + BufferOutSize is > NULL. > > + BufferOut is NULL > if *BufferOutSize is not zero. > > + @retval EFI_BUFFER_TOO_SMALL BufferOutSize is > too small to hold the > > response packet. > > + @retval EFI_ABORTED Something wrong > during handshake. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsDoHandshake ( > > + IN VOID *Tls, > > + IN UINT8 *BufferIn, > OPTIONAL > > + IN UINTN BufferInSize, > OPTIONAL > > + OUT UINT8 *BufferOut, > OPTIONAL > > + IN OUT UINTN *BufferOutSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsDoHandshake, (Tls, > BufferIn, BufferInSize, > > BufferOut, BufferOutSize), EFI_UNSUPPORTED); > > +} > > + > > +/** > > + Handle Alert message recorded in BufferIn. If > BufferIn is NULL and > > BufferInSize is zero, > > + TLS session has errors and the response packet > needs to be Alert message > > based on error type. > > + > > + @param[in] Tls Pointer to the TLS > object for state checking. > > + @param[in] BufferIn Pointer to the > most recently received TLS Alert > > packet. > > + @param[in] BufferInSize Packet size in > bytes for the most recently > > received TLS > > + Alert packet. > > + @param[out] BufferOut Pointer to the > buffer to hold the built packet. > > + @param[in, out] BufferOutSize Pointer to the > buffer size in bytes. On input, it > > is > > + the buffer size > provided by the caller. On output, it > > + is the buffer size > in fact needed to contain the > > + packet. > > + > > + @retval EFI_SUCCESS The required TLS > packet is built successfully. > > + @retval EFI_INVALID_PARAMETER One or more of the > following conditions > > is TRUE: > > + Tls is NULL. > > + BufferIn is NULL > but BufferInSize is NOT 0. > > + BufferInSize is 0 > but BufferIn is NOT NULL. > > + BufferOutSize is > NULL. > > + BufferOut is NULL > if *BufferOutSize is not zero. > > + @retval EFI_ABORTED An error occurred. > > + @retval EFI_BUFFER_TOO_SMALL BufferOutSize is > too small to hold the > > response packet. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsHandleAlert ( > > + IN VOID *Tls, > > + IN UINT8 *BufferIn, > OPTIONAL > > + IN UINTN BufferInSize, > OPTIONAL > > + OUT UINT8 *BufferOut, > OPTIONAL > > + IN OUT UINTN *BufferOutSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsHandleAlert, (Tls, > BufferIn, BufferInSize, BufferOut, > > BufferOutSize), EFI_UNSUPPORTED); > > +} > > + > > +/** > > + Build the CloseNotify packet. > > + > > + @param[in] Tls Pointer to the TLS > object for state checking. > > + @param[in, out] Buffer Pointer to the > buffer to hold the built packet. > > + @param[in, out] BufferSize Pointer to the > buffer size in bytes. On input, it is > > + the buffer size > provided by the caller. On output, it > > + is the buffer size > in fact needed to contain the > > + packet. > > + > > + @retval EFI_SUCCESS The required TLS > packet is built successfully. > > + @retval EFI_INVALID_PARAMETER One or more of the > following conditions > > is TRUE: > > + Tls is NULL. > > + BufferSize is > NULL. > > + Buffer is NULL if > *BufferSize is not zero. > > + @retval EFI_BUFFER_TOO_SMALL BufferSize is too > small to hold the > > response packet. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsCloseNotify ( > > + IN VOID *Tls, > > + IN OUT UINT8 *Buffer, > > + IN OUT UINTN *BufferSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsCloseNotify, (Tls, Buffer, > BufferSize), > > EFI_UNSUPPORTED); > > +} > > + > > +/** > > + Attempts to read bytes from one TLS object and > places the data in Buffer. > > + > > + This function will attempt to read BufferSize > bytes from the TLS object > > + and places the data in Buffer. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[in,out] Buffer Pointer to the > buffer to store the data. > > + @param[in] BufferSize The size of Buffer > in bytes. > > + > > + @retval >0 The amount of data successfully > read from the TLS object. > > + @retval <=3D0 No data was successfully read. > > + > > +**/ > > +INTN > > +EFIAPI > > +TlsCtrlTrafficOut ( > > + IN VOID *Tls, > > + IN OUT VOID *Buffer, > > + IN UINTN BufferSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsCtrlTrafficOut, (Tls, > Buffer, BufferSize), 0); > > +} > > + > > +/** > > + Attempts to write data from the buffer to TLS > object. > > + > > + This function will attempt to write BufferSize > bytes data from the Buffer > > + to the TLS object. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[in] Buffer Pointer to the data > buffer. > > + @param[in] BufferSize The size of Buffer in > bytes. > > + > > + @retval >0 The amount of data successfully > written to the TLS object. > > + @retval <=3D0 No data was successfully written. > > + > > +**/ > > +INTN > > +EFIAPI > > +TlsCtrlTrafficIn ( > > + IN VOID *Tls, > > + IN VOID *Buffer, > > + IN UINTN BufferSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsCtrlTrafficIn, (Tls, > Buffer, BufferSize), 0); > > +} > > + > > +/** > > + Attempts to read bytes from the specified TLS > connection into the buffer. > > + > > + This function tries to read BufferSize bytes data > from the specified TLS > > + connection into the Buffer. > > + > > + @param[in] Tls Pointer to the TLS > connection for data reading. > > + @param[in,out] Buffer Pointer to the data > buffer. > > + @param[in] BufferSize The size of Buffer > in bytes. > > + > > + @retval >0 The read operation was successful, > and return value is the > > + number of bytes actually read from > the TLS connection. > > + @retval <=3D0 The read operation was not > successful. > > + > > +**/ > > +INTN > > +EFIAPI > > +TlsRead ( > > + IN VOID *Tls, > > + IN OUT VOID *Buffer, > > + IN UINTN BufferSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsRead, (Tls, Buffer, > BufferSize), 0); > > +} > > + > > +/** > > + Attempts to write data to a TLS connection. > > + > > + This function tries to write BufferSize bytes data > from the Buffer into the > > + specified TLS connection. > > + > > + @param[in] Tls Pointer to the TLS > connection for data writing. > > + @param[in] Buffer Pointer to the data > buffer. > > + @param[in] BufferSize The size of Buffer in > bytes. > > + > > + @retval >0 The write operation was successful, > and return value is the > > + number of bytes actually written to > the TLS connection. > > + @retval <=3D0 The write operation was not > successful. > > + > > +**/ > > +INTN > > +EFIAPI > > +TlsWrite ( > > + IN VOID *Tls, > > + IN VOID *Buffer, > > + IN UINTN BufferSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsWrite, (Tls, Buffer, > BufferSize), 0); > > +} > > + > > +/** > > + Set a new TLS/SSL method for a particular TLS > object. > > + > > + This function sets a new TLS/SSL method for a > particular TLS object. > > + > > + @param[in] Tls Pointer to a TLS object. > > + @param[in] MajorVer Major Version of TLS/SSL > Protocol. > > + @param[in] MinorVer Minor Version of TLS/SSL > Protocol. > > + > > + @retval EFI_SUCCESS The TLS/SSL method > was set successfully. > > + @retval EFI_INVALID_PARAMETER The parameter is > invalid. > > + @retval EFI_UNSUPPORTED Unsupported TLS/SSL > method. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsSetVersion ( > > + IN VOID *Tls, > > + IN UINT8 MajorVer, > > + IN UINT8 MinorVer > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsSetVersion, (Tls, > MajorVer, MinorVer), > > EFI_UNSUPPORTED); > > +} > > + > > +/** > > + Set TLS object to work in client or server mode. > > + > > + This function prepares a TLS object to work in > client or server mode. > > + > > + @param[in] Tls Pointer to a TLS object. > > + @param[in] IsServer Work in server mode. > > + > > + @retval EFI_SUCCESS The TLS/SSL work > mode was set successfully. > > + @retval EFI_INVALID_PARAMETER The parameter is > invalid. > > + @retval EFI_UNSUPPORTED Unsupported TLS/SSL > work mode. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsSetConnectionEnd ( > > + IN VOID *Tls, > > + IN BOOLEAN IsServer > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsSetConnectionEnd, (Tls, > IsServer), > > EFI_UNSUPPORTED); > > +} > > + > > +/** > > + Set the ciphers list to be used by the TLS object. > > + > > + This function sets the ciphers for use by a > specified TLS object. > > + > > + @param[in] Tls Pointer to a TLS object. > > + @param[in] CipherId Array of UINT16 cipher > identifiers. Each UINT16 > > + cipher identifier comes > from the TLS Cipher Suite > > + Registry of the IANA, > interpreting Byte1 and Byte2 > > + in network (big endian) > byte order. > > + @param[in] CipherNum The number of cipher in > the list. > > + > > + @retval EFI_SUCCESS The ciphers list > was set successfully. > > + @retval EFI_INVALID_PARAMETER The parameter is > invalid. > > + @retval EFI_UNSUPPORTED No supported TLS > cipher was found in > > CipherId. > > + @retval EFI_OUT_OF_RESOURCES Memory allocation > failed. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsSetCipherList ( > > + IN VOID *Tls, > > + IN UINT16 *CipherId, > > + IN UINTN CipherNum > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsSetCipherList, (Tls, > CipherId, CipherNum), > > EFI_UNSUPPORTED); > > +} > > + > > +/** > > + Set the compression method for TLS/SSL operations. > > + > > + This function handles TLS/SSL integrated > compression methods. > > + > > + @param[in] CompMethod The compression method > ID. > > + > > + @retval EFI_SUCCESS The compression method > for the communication > > was > > + set successfully. > > + @retval EFI_UNSUPPORTED Unsupported > compression method. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsSetCompressionMethod ( > > + IN UINT8 CompMethod > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsSetCompressionMethod, > (CompMethod), > > EFI_UNSUPPORTED); > > +} > > + > > +/** > > + Set peer certificate verification mode for the TLS > connection. > > + > > + This function sets the verification mode flags for > the TLS connection. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[in] VerifyMode A set of logically or'ed > verification mode flags. > > + > > +**/ > > +VOID > > +EFIAPI > > +TlsSetVerify ( > > + IN VOID *Tls, > > + IN UINT32 VerifyMode > > + ) > > +{ > > + CALL_VOID_CRYPTO_SERVICE (TlsSetVerify, (Tls, > VerifyMode)); > > +} > > + > > +/** > > + Set the specified host name to be verified. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[in] Flags The setting flags during > the validation. > > + @param[in] HostName The specified host name > to be verified. > > + > > + @retval EFI_SUCCESS The HostName > setting was set successfully. > > + @retval EFI_INVALID_PARAMETER The parameter is > invalid. > > + @retval EFI_ABORTED Invalid HostName > setting. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsSetVerifyHost ( > > + IN VOID *Tls, > > + IN UINT32 Flags, > > + IN CHAR8 *HostName > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsSetVerifyHost, (Tls, > Flags, HostName), > > EFI_UNSUPPORTED); > > +} > > + > > +/** > > + Sets a TLS/SSL session ID to be used during > TLS/SSL connect. > > + > > + This function sets a session ID to be used when > the TLS/SSL connection is > > + to be established. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[in] SessionId Session ID data used > for session resumption. > > + @param[in] SessionIdLen Length of Session ID > in bytes. > > + > > + @retval EFI_SUCCESS Session ID was set > successfully. > > + @retval EFI_INVALID_PARAMETER The parameter is > invalid. > > + @retval EFI_UNSUPPORTED No available > session for ID setting. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsSetSessionId ( > > + IN VOID *Tls, > > + IN UINT8 *SessionId, > > + IN UINT16 SessionIdLen > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsSetSessionId, (Tls, > SessionId, SessionIdLen), > > EFI_UNSUPPORTED); > > +} > > + > > +/** > > + Adds the CA to the cert store when requesting > Server or Client authentication. > > + > > + This function adds the CA certificate to the list > of CAs when requesting > > + Server or Client authentication for the chosen TLS > connection. > > + > > + @param[in] Tls Pointer to the TLS object. > > + @param[in] Data Pointer to the data buffer > of a DER-encoded binary > > + X.509 certificate or PEM- > encoded X.509 certificate. > > + @param[in] DataSize The size of data buffer in > bytes. > > + > > + @retval EFI_SUCCESS The operation > succeeded. > > + @retval EFI_INVALID_PARAMETER The parameter is > invalid. > > + @retval EFI_OUT_OF_RESOURCES Required > resources could not be > > allocated. > > + @retval EFI_ABORTED Invalid X.509 > certificate. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsSetCaCertificate ( > > + IN VOID *Tls, > > + IN VOID *Data, > > + IN UINTN DataSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsSetCaCertificate, (Tls, > Data, DataSize), > > EFI_UNSUPPORTED); > > +} > > + > > +/** > > + Loads the local public certificate into the > specified TLS object. > > + > > + This function loads the X.509 certificate into the > specified TLS object > > + for TLS negotiation. > > + > > + @param[in] Tls Pointer to the TLS object. > > + @param[in] Data Pointer to the data buffer > of a DER-encoded binary > > + X.509 certificate or PEM- > encoded X.509 certificate. > > + @param[in] DataSize The size of data buffer in > bytes. > > + > > + @retval EFI_SUCCESS The operation > succeeded. > > + @retval EFI_INVALID_PARAMETER The parameter is > invalid. > > + @retval EFI_OUT_OF_RESOURCES Required > resources could not be > > allocated. > > + @retval EFI_ABORTED Invalid X.509 > certificate. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsSetHostPublicCert ( > > + IN VOID *Tls, > > + IN VOID *Data, > > + IN UINTN DataSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsSetHostPublicCert, (Tls, > Data, DataSize), > > EFI_UNSUPPORTED); > > +} > > + > > +/** > > + Adds the local private key to the specified TLS > object. > > + > > + This function adds the local private key (PEM- > encoded RSA or PKCS#8 private > > + key) into the specified TLS object for TLS > negotiation. > > + > > + @param[in] Tls Pointer to the TLS object. > > + @param[in] Data Pointer to the data buffer > of a PEM-encoded RSA > > + or PKCS#8 private key. > > + @param[in] DataSize The size of data buffer in > bytes. > > + > > + @retval EFI_SUCCESS The operation succeeded. > > + @retval EFI_UNSUPPORTED This function is not > supported. > > + @retval EFI_ABORTED Invalid private key data. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsSetHostPrivateKey ( > > + IN VOID *Tls, > > + IN VOID *Data, > > + IN UINTN DataSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsSetHostPrivateKey, (Tls, > Data, DataSize), > > EFI_UNSUPPORTED); > > +} > > + > > +/** > > + Adds the CA-supplied certificate revocation list > for certificate validation. > > + > > + This function adds the CA-supplied certificate > revocation list data for > > + certificate validity checking. > > + > > + @param[in] Data Pointer to the data buffer > of a DER-encoded CRL data. > > + @param[in] DataSize The size of data buffer in > bytes. > > + > > + @retval EFI_SUCCESS The operation succeeded. > > + @retval EFI_UNSUPPORTED This function is not > supported. > > + @retval EFI_ABORTED Invalid CRL data. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsSetCertRevocationList ( > > + IN VOID *Data, > > + IN UINTN DataSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsSetCertRevocationList, > (Data, DataSize), > > EFI_UNSUPPORTED); > > +} > > + > > +/** > > + Gets the protocol version used by the specified > TLS connection. > > + > > + This function returns the protocol version used by > the specified TLS > > + connection. > > + > > + If Tls is NULL, then ASSERT(). > > + > > + @param[in] Tls Pointer to the TLS object. > > + > > + @return The protocol version of the specified TLS > connection. > > + > > +**/ > > +UINT16 > > +EFIAPI > > +TlsGetVersion ( > > + IN VOID *Tls > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsGetVersion, (Tls), 0); > > +} > > + > > +/** > > + Gets the connection end of the specified TLS > connection. > > + > > + This function returns the connection end (as > client or as server) used by > > + the specified TLS connection. > > + > > + If Tls is NULL, then ASSERT(). > > + > > + @param[in] Tls Pointer to the TLS object. > > + > > + @return The connection end used by the specified > TLS connection. > > + > > +**/ > > +UINT8 > > +EFIAPI > > +TlsGetConnectionEnd ( > > + IN VOID *Tls > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsGetConnectionEnd, (Tls), > 0); > > +} > > + > > +/** > > + Gets the cipher suite used by the specified TLS > connection. > > + > > + This function returns current cipher suite used by > the specified > > + TLS connection. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[in,out] CipherId The cipher suite used > by the TLS object. > > + > > + @retval EFI_SUCCESS The cipher suite > was returned successfully. > > + @retval EFI_INVALID_PARAMETER The parameter is > invalid. > > + @retval EFI_UNSUPPORTED Unsupported cipher > suite. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsGetCurrentCipher ( > > + IN VOID *Tls, > > + IN OUT UINT16 *CipherId > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsGetCurrentCipher, (Tls, > CipherId), > > EFI_UNSUPPORTED); > > +} > > + > > +/** > > + Gets the compression methods used by the specified > TLS connection. > > + > > + This function returns current integrated > compression methods used by > > + the specified TLS connection. > > + > > + @param[in] Tls Pointer to the > TLS object. > > + @param[in,out] CompressionId The current > compression method used by > > + the TLS object. > > + > > + @retval EFI_SUCCESS The compression > method was returned > > successfully. > > + @retval EFI_INVALID_PARAMETER The parameter is > invalid. > > + @retval EFI_ABORTED Invalid Compression > method. > > + @retval EFI_UNSUPPORTED This function is > not supported. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsGetCurrentCompressionId ( > > + IN VOID *Tls, > > + IN OUT UINT8 *CompressionId > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsGetCurrentCompressionId, > (Tls, CompressionId), > > EFI_UNSUPPORTED); > > +} > > + > > +/** > > + Gets the verification mode currently set in the > TLS connection. > > + > > + This function returns the peer verification mode > currently set in the > > + specified TLS connection. > > + > > + If Tls is NULL, then ASSERT(). > > + > > + @param[in] Tls Pointer to the TLS object. > > + > > + @return The verification mode set in the > specified TLS connection. > > + > > +**/ > > +UINT32 > > +EFIAPI > > +TlsGetVerify ( > > + IN VOID *Tls > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsGetVerify, (Tls), 0); > > +} > > + > > +/** > > + Gets the session ID used by the specified TLS > connection. > > + > > + This function returns the TLS/SSL session ID > currently used by the > > + specified TLS connection. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[in,out] SessionId Buffer to contain > the returned session ID. > > + @param[in,out] SessionIdLen The length of > Session ID in bytes. > > + > > + @retval EFI_SUCCESS The Session ID was > returned successfully. > > + @retval EFI_INVALID_PARAMETER The parameter is > invalid. > > + @retval EFI_UNSUPPORTED Invalid TLS/SSL > session. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsGetSessionId ( > > + IN VOID *Tls, > > + IN OUT UINT8 *SessionId, > > + IN OUT UINT16 *SessionIdLen > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsGetSessionId, (Tls, > SessionId, SessionIdLen), > > EFI_UNSUPPORTED); > > +} > > + > > +/** > > + Gets the client random data used in the specified > TLS connection. > > + > > + This function returns the TLS/SSL client random > data currently used in > > + the specified TLS connection. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[in,out] ClientRandom Buffer to contain > the returned client > > + random data (32 > bytes). > > + > > +**/ > > +VOID > > +EFIAPI > > +TlsGetClientRandom ( > > + IN VOID *Tls, > > + IN OUT UINT8 *ClientRandom > > + ) > > +{ > > + CALL_VOID_CRYPTO_SERVICE (TlsGetClientRandom, > (Tls, ClientRandom)); > > +} > > + > > +/** > > + Gets the server random data used in the specified > TLS connection. > > + > > + This function returns the TLS/SSL server random > data currently used in > > + the specified TLS connection. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[in,out] ServerRandom Buffer to contain > the returned server > > + random data (32 > bytes). > > + > > +**/ > > +VOID > > +EFIAPI > > +TlsGetServerRandom ( > > + IN VOID *Tls, > > + IN OUT UINT8 *ServerRandom > > + ) > > +{ > > + CALL_VOID_CRYPTO_SERVICE (TlsGetServerRandom, > (Tls, ServerRandom)); > > +} > > + > > +/** > > + Gets the master key data used in the specified TLS > connection. > > + > > + This function returns the TLS/SSL master key > material currently used in > > + the specified TLS connection. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[in,out] KeyMaterial Buffer to contain > the returned key material. > > + > > + @retval EFI_SUCCESS Key material was > returned successfully. > > + @retval EFI_INVALID_PARAMETER The parameter is > invalid. > > + @retval EFI_UNSUPPORTED Invalid TLS/SSL > session. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsGetKeyMaterial ( > > + IN VOID *Tls, > > + IN OUT UINT8 *KeyMaterial > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsGetKeyMaterial, (Tls, > KeyMaterial), > > EFI_UNSUPPORTED); > > +} > > + > > +/** > > + Gets the CA Certificate from the cert store. > > + > > + This function returns the CA certificate for the > chosen > > + TLS connection. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[out] Data Pointer to the data > buffer to receive the CA > > + certificate data sent > to the client. > > + @param[in,out] DataSize The size of data > buffer in bytes. > > + > > + @retval EFI_SUCCESS The operation > succeeded. > > + @retval EFI_UNSUPPORTED This function is > not supported. > > + @retval EFI_BUFFER_TOO_SMALL The Data is too > small to hold the data. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsGetCaCertificate ( > > + IN VOID *Tls, > > + OUT VOID *Data, > > + IN OUT UINTN *DataSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsGetCaCertificate, (Tls, > Data, DataSize), > > EFI_UNSUPPORTED); > > +} > > + > > +/** > > + Gets the local public Certificate set in the > specified TLS object. > > + > > + This function returns the local public certificate > which was currently set > > + in the specified TLS object. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[out] Data Pointer to the data > buffer to receive the local > > + public certificate. > > + @param[in,out] DataSize The size of data > buffer in bytes. > > + > > + @retval EFI_SUCCESS The operation > succeeded. > > + @retval EFI_INVALID_PARAMETER The parameter is > invalid. > > + @retval EFI_NOT_FOUND The certificate > is not found. > > + @retval EFI_BUFFER_TOO_SMALL The Data is too > small to hold the data. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsGetHostPublicCert ( > > + IN VOID *Tls, > > + OUT VOID *Data, > > + IN OUT UINTN *DataSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsGetHostPublicCert, (Tls, > Data, DataSize), > > EFI_UNSUPPORTED); > > +} > > + > > +/** > > + Gets the local private key set in the specified > TLS object. > > + > > + This function returns the local private key data > which was currently set > > + in the specified TLS object. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[out] Data Pointer to the data > buffer to receive the local > > + private key data. > > + @param[in,out] DataSize The size of data > buffer in bytes. > > + > > + @retval EFI_SUCCESS The operation > succeeded. > > + @retval EFI_UNSUPPORTED This function is > not supported. > > + @retval EFI_BUFFER_TOO_SMALL The Data is too > small to hold the data. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsGetHostPrivateKey ( > > + IN VOID *Tls, > > + OUT VOID *Data, > > + IN OUT UINTN *DataSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsGetHostPrivateKey, (Tls, > Data, DataSize), > > EFI_UNSUPPORTED); > > +} > > + > > +/** > > + Gets the CA-supplied certificate revocation list > data set in the specified > > + TLS object. > > + > > + This function returns the CA-supplied certificate > revocation list data which > > + was currently set in the specified TLS object. > > + > > + @param[out] Data Pointer to the data > buffer to receive the CRL data. > > + @param[in,out] DataSize The size of data > buffer in bytes. > > + > > + @retval EFI_SUCCESS The operation > succeeded. > > + @retval EFI_UNSUPPORTED This function is > not supported. > > + @retval EFI_BUFFER_TOO_SMALL The Data is too > small to hold the data. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsGetCertRevocationList ( > > + OUT VOID *Data, > > + IN OUT UINTN *DataSize > > + ) > > +{ > > + CALL_CRYPTO_SERVICE (TlsGetCertRevocationList, > (Data, DataSize), > > EFI_UNSUPPORTED); > > +} > > diff --git > a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib. > uni > > > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib. > uni > > new file mode 100644 > > index 0000000000..8b55f6ee8b > > --- /dev/null > > +++ > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib. > uni > > @@ -0,0 +1,12 @@ > > +// /** @file > > +// BaseCryptLib and TlsLib using the servives of the > EDK II Crypto Protocol/PPI. >=20 > Typo: servives -> services >=20 > > +// > > +// Copyright (c) 2020, Intel Corporation. All rights > reserved.
> > +// > > +// SPDX-License-Identifier: BSD-2-Clause-Patent > > +// > > +// **/ > > + > > +#string STR_MODULE_ABSTRACT #language > en-US "BaseCryptLib and > > TlsLib using the servives of the EDK II Crypto > Protocol/PPI" >=20 > Typo: servives -> services >=20 > > + > > +#string STR_MODULE_DESCRIPTION #language > en-US "BaseCryptLib and > > TlsLib using the servives of the EDK II Crypto > Protocol/PPI." >=20 > Typo: servives -> services >=20 > > diff --git > a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptL > ib.c > > > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptL > ib.c > > new file mode 100644 > > index 0000000000..8a505a527e > > --- /dev/null > > +++ > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptL > ib.c > > @@ -0,0 +1,68 @@ > > +/** @file > > + Implements the GetCryptoServices() API that retuns > a pointer to the EDK II > > + Crypto Protocol. > > + > > + Copyright (C) Microsoft Corporation. All rights > reserved. > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > + > > +**/ > > +#include > > +#include > > +#include > > +#include > > +#include > > + > > +EDKII_CRYPTO_PROTOCOL *mCryptoProtocol =3D NULL; > > + > > +/** > > + Internal worker function that returns the pointer > to an EDK II Crypto > > + Protocol/PPI. The layout of the PPI, DXE > Protocol, and SMM Protocol are > > + identicaly which allows the implementation of the > BaseCryptLib functions that >=20 > Typo: identicaly -> identical >=20 > > + call through a Protocol/PPI to be shared for the > PEI, DXE, and SMM > > + implementations. > > + > > + This DXE implementation returns the pointer to the > EDK II Crypto Protocol > > + that was found in the library constructor > DxeCryptLibConstructor(). > > +**/ > > +VOID * > > +GetCryptoServices ( > > + VOID > > + ) > > +{ > > + return (VOID *)mCryptoProtocol; > > +} > > + > > +EFI_STATUS > > +EFIAPI > > +DxeCryptLibConstructor ( > > + IN EFI_HANDLE ImageHandle, > > + IN EFI_SYSTEM_TABLE *SystemTable > > + ) > > +{ > > + EFI_STATUS Status; > > + UINTN Version; > > + > > + Status =3D gBS->LocateProtocol ( > > + &gEdkiiCryptoProtocolGuid, > > + NULL, > > + (VOID **)&mCryptoProtocol > > + ); > > + > > + if (EFI_ERROR (Status) || mCryptoProtocol =3D=3D NULL) > { > > + DEBUG((DEBUG_ERROR, "[DxeCryptLib] Failed to > locate Crypto Protocol. > > Status =3D %r\n", Status)); > > + ASSERT_EFI_ERROR (Status); > > + ASSERT (mCryptoProtocol !=3D NULL); > > + mCryptoProtocol =3D NULL; > > + return EFI_NOT_FOUND; > > + } > > + > > + Version =3D mCryptoProtocol->GetVersion (); > > + if (Version < EDKII_CRYPTO_VERSION) { > > + DEBUG((DEBUG_ERROR, "[DxeCryptLib] Crypto > Protocol unsupported > > version %d\n", Version)); > > + ASSERT (Version >=3D EDKII_CRYPTO_VERSION); > > + mCryptoProtocol =3D NULL; > > + return EFI_NOT_FOUND; > > + } > > + > > + return EFI_SUCCESS; > > +} > > diff --git > a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptL > ib.inf > > > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptL > ib.inf > > new file mode 100644 > > index 0000000000..a139668289 > > --- /dev/null > > +++ > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptL > ib.inf > > @@ -0,0 +1,44 @@ > > +## @file > > +# Implements the BaseCryptLib and TlsLib using the > servives of the EDK II > > Crypto >=20 > Typo: servives -> services >=20 > > +# Protocol. > > +# > > +# Copyright (C) Microsoft Corporation. All rights > reserved. > > +# SPDX-License-Identifier: BSD-2-Clause-Patent > > +# > > +## > > + > > +[Defines] > > + INF_VERSION =3D 0x0001001B > > + BASE_NAME =3D DxeCryptLib > > + MODULE_UNI_FILE =3D CryptLib.uni > > + FILE_GUID =3D B38CBDA6-8017- > 4111-8232-9E8328DE82F6 > > + VERSION_STRING =3D 1.0 > > + MODULE_TYPE =3D DXE_DRIVER > > + LIBRARY_CLASS =3D BaseCryptLib | > DXE_DRIVER UEFI_DRIVER > > UEFI_APPLICATION > > + LIBRARY_CLASS =3D TlsLib | > DXE_DRIVER UEFI_DRIVER > > UEFI_APPLICATION > > + CONSTRUCTOR =3D > DxeCryptLibConstructor > > + > > +# > > +# The following information is for reference only > and not required by the build > > tools. > > +# > > +# VALID_ARCHITECTURES =3D IA32 X64 IPF EBC >=20 > Supported arch doesn't match the driver module (like > CryptoPkg/Driver/CryptoDxe.inf) >=20 > > +# > > + > > +[Packages] > > + MdePkg/MdePkg.dec > > + CryptoPkg/CryptoPkg.dec > > + > > +[LibraryClasses] > > + BaseLib > > + DebugLib > > + UefiBootServicesTableLib > > + > > +[Sources] > > + DxeCryptLib.c > > + CryptLib.c > > + > > +[Protocols] > > + gEdkiiCryptoProtocolGuid ## CONSUMES > > + > > +[Depex] > > + gEdkiiCryptoProtocolGuid > > diff --git > a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptL > ib.c > > > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptL > ib.c > > new file mode 100644 > > index 0000000000..2efc81c712 > > --- /dev/null > > +++ > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptL > ib.c > > @@ -0,0 +1,57 @@ > > +/** @file > > + Implements the GetCryptoServices() API that retuns > a pointer to the EDK II > > + Crypto PPI. > > + > > + Copyright (C) Microsoft Corporation. All rights > reserved. > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > + > > +**/ > > +#include > > +#include > > +#include > > +#include > > +#include > > + > > +/** > > + Internal worker function that returns the pointer > to an EDK II Crypto > > + Protocol/PPI. The layout of the PPI, DXE > Protocol, and SMM Protocol are > > + identicaly which allows the implementation of the > BaseCryptLib functions that >=20 > Typo: identicaly -> identical >=20 > > + call through a Protocol/PPI to be shared for the > PEI, DXE, and SMM > > + implementations. > > + > > + This PEI implementation looks up the EDK II Crypto > PPI and verifies the > > + version each time a crypto service is called, so > it is compatible with XIP > > + PEIMs. > > +**/ > > +VOID * > > +GetCryptoServices ( > > + VOID > > + ) > > +{ > > + EFI_STATUS Status; > > + EDKII_CRYPTO_PPI *CryptoPpi; > > + UINTN Version; > > + > > + CryptoPpi =3D NULL; > > + Status =3D PeiServicesLocatePpi ( > > + &gEdkiiCryptoPpiGuid, > > + 0, > > + NULL, > > + (VOID **)&CryptoPpi > > + ); > > + if (EFI_ERROR (Status) || CryptoPpi =3D=3D NULL) { > > + DEBUG((DEBUG_ERROR, "[PeiCryptLib] Failed to > locate Crypto PPI. Status > > =3D %r\n", Status)); > > + ASSERT_EFI_ERROR (Status); > > + ASSERT (CryptoPpi !=3D NULL); > > + return NULL; > > + } > > + > > + Version =3D CryptoPpi->GetVersion (); > > + if (Version < EDKII_CRYPTO_VERSION) { > > + DEBUG((DEBUG_ERROR, "[PeiCryptLib] Crypto PPI > unsupported > > version %d\n", Version)); > > + ASSERT (Version >=3D EDKII_CRYPTO_VERSION); > > + return NULL; > > + } > > + > > + return (VOID *)CryptoPpi; > > +} > > diff --git > a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptL > ib.inf > > > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptL > ib.inf > > new file mode 100644 > > index 0000000000..da407088fd > > --- /dev/null > > +++ > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptL > ib.inf > > @@ -0,0 +1,43 @@ > > +## @file > > +# Implements the BaseCryptLib and TlsLib using the > servives of the EDK II > > Crypto >=20 > Typo: servives -> services >=20 > > +# PPI. > > +# > > +# Copyright (C) Microsoft Corporation. All rights > reserved. > > +# SPDX-License-Identifier: BSD-2-Clause-Patent > > +# > > +## > > + > > +[Defines] > > + INF_VERSION =3D 0x0001001B > > + BASE_NAME =3D PeiCryptLib > > + MODULE_UNI_FILE =3D CryptLib.uni > > + FILE_GUID =3D 3E8B50C6-F68C- > 4212-B903-94A10FE02399 > > + VERSION_STRING =3D 1.0 > > + MODULE_TYPE =3D PEIM > > + LIBRARY_CLASS =3D BaseCryptLib | > PEIM > > + LIBRARY_CLASS =3D TlsLib | > PEIM > > + > > +# > > +# The following information is for reference only > and not required by the build > > tools. > > +# > > +# VALID_ARCHITECTURES =3D IA32 X64 IPF EBC >=20 > The supported arch doesn't match the driver module > (like > CryptoPkg/Driver/CryptoPei.inf) >=20 > > +# > > + > > +[Packages] > > + MdePkg/MdePkg.dec > > + CryptoPkg/CryptoPkg.dec > > + > > +[LibraryClasses] > > + BaseLib > > + DebugLib > > + PeiServicesLib > > + > > +[Sources] > > + PeiCryptLib.c > > + CryptLib.c > > + > > +[Ppis] > > + gEdkiiCryptoPpiGuid ## CONSUMES > > + > > +[Depex] > > + gEdkiiCryptoPpiGuid > > diff --git > a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptL > ib.c > > > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptL > ib.c > > new file mode 100644 > > index 0000000000..3c3a0ced3f > > --- /dev/null > > +++ > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptL > ib.c > > @@ -0,0 +1,79 @@ > > +/** @file > > + Implements the GetCryptoServices() API that retuns > a pointer to the EDK II > > + SMM Crypto Protocol. > > + > > + Copyright (C) Microsoft Corporation. All rights > reserved. > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > + > > +**/ > > + > > +#include > > +#include > > +#include > > +#include > > +#include > > + > > +EDKII_SMM_CRYPTO_PROTOCOL *mSmmCryptoProtocol =3D > NULL; > > + > > +/** > > + Internal worker function that returns the pointer > to an EDK II Crypto > > + Protocol/PPI. The layout of the PPI, DXE > Protocol, and SMM Protocol are > > + identicaly which allows the implementation of the > BaseCryptLib functions that >=20 > Typo: identicaly -> identical >=20 > > + call through a Protocol/PPI to be shared for the > PEI, DXE, and SMM > > + implementations. > > + > > + This SMM implementation returns the pointer to the > EDK II SMM Crypto > > Protocol > > + that was found in the library constructor > SmmCryptLibConstructor(). > > +**/ > > +VOID * > > +GetCryptoServices ( > > + VOID > > + ) > > +{ > > + return (VOID *)mSmmCryptoProtocol; > > +} > > + > > +/** > > + Constructor looks up the EDK II SMM Crypto > Protocol and verifies that it is > > + not NULL and has a high enough version value to > support all the BaseCryptLib > > + functions. > > + > > + @param ImageHandle The firmware allocated > handle for the EFI image. > > + @param SystemTable A pointer to the EFI System > Table. > > + > > + @retval EFI_SUCCESS The EDK II SMM Crypto > Protocol was found. > > + @retval EFI_NOT_FOUND The EDK II SMM Crypto > Protocol was not found. > > +**/ > > +EFI_STATUS > > +EFIAPI > > +SmmCryptLibConstructor ( > > + IN EFI_HANDLE ImageHandle, > > + IN EFI_SYSTEM_TABLE *SystemTable > > + ) > > +{ > > + EFI_STATUS Status; > > + UINTN Version; > > + > > + Status =3D gSmst->SmmLocateProtocol ( > > + &gEdkiiSmmCryptoProtocolGuid, > > + NULL, > > + (VOID **)&mSmmCryptoProtocol > > + ); > > + if (EFI_ERROR (Status) || mSmmCryptoProtocol =3D=3D > NULL) { > > + DEBUG((DEBUG_ERROR, "[SmmCryptLib] Failed to > locate Crypto SMM > > Protocol. Status =3D %r\n", Status)); > > + ASSERT_EFI_ERROR (Status); > > + ASSERT (mSmmCryptoProtocol !=3D NULL); > > + mSmmCryptoProtocol =3D NULL; > > + return EFI_NOT_FOUND; > > + } > > + > > + Version =3D mSmmCryptoProtocol->GetVersion (); > > + if (Version < EDKII_CRYPTO_VERSION) { > > + DEBUG((DEBUG_ERROR, "[SmmCryptLib] Crypto SMM > Protocol unsupported > > version %d\n", Version)); > > + ASSERT (Version >=3D EDKII_CRYPTO_VERSION); > > + mSmmCryptoProtocol =3D NULL; > > + return EFI_NOT_FOUND; > > + } > > + > > + return EFI_SUCCESS; > > +} > > diff --git > a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptL > ib.inf > > > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptL > ib.inf > > new file mode 100644 > > index 0000000000..fed04e2916 > > --- /dev/null > > +++ > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptL > ib.inf > > @@ -0,0 +1,44 @@ > > +## @file > > +# Implements the BaseCryptLib and TlsLib using the > servives of the EDK II > > Crypto >=20 > Typo: servives -> services >=20 > > +# SMM Protocol. > > +# > > +# Copyright (C) Microsoft Corporation. All rights > reserved. > > +# SPDX-License-Identifier: BSD-2-Clause-Patent > > +# > > +## > > + > > +[Defines] > > + INF_VERSION =3D 0x0001001B > > + BASE_NAME =3D SmmCryptLib > > + MODULE_UNI_FILE =3D CryptLib.uni > > + FILE_GUID =3D 5CC6ECC9-E961- > 46A9-8D5C-6581A060DC0D > > + VERSION_STRING =3D 1.0 > > + MODULE_TYPE =3D DXE_SMM_DRIVER > > + LIBRARY_CLASS =3D BaseCryptLib | > DXE_SMM_DRIVER > > + LIBRARY_CLASS =3D TlsLib | > DXE_SMM_DRIVER > > + CONSTRUCTOR =3D > SmmCryptLibConstructor > > + > > +# > > +# The following information is for reference only > and not required by the build > > tools. > > +# > > +# VALID_ARCHITECTURES =3D IA32 X64 IPF EBC >=20 > The supported arch doesn't match the driver module > (like > CryptoPkg/Driver/CryptoSmm.inf) >=20 > Regards, > Jian > > +# > > + > > +[Packages] > > + MdePkg/MdePkg.dec > > + CryptoPkg/CryptoPkg.dec > > + > > +[LibraryClasses] > > + BaseLib > > + DebugLib > > + SmmServicesTableLib > > + > > +[Sources] > > + SmmCryptLib.c > > + CryptLib.c > > + > > +[Protocols] > > + gEdkiiSmmCryptoProtocolGuid ## CONSUMES > > + > > +[Depex] > > + gEdkiiSmmCryptoProtocolGuid > > -- > > 2.21.0.windows.1