From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web09.15520.1664096064489346505 for ; Sun, 25 Sep 2022 01:54:31 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=JKGfqMVj; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: qi1.zhang@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1664096071; x=1695632071; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=lEBfz0aULUiSg36LmrT5xKhDaGEDmhPXj2bgEmCGLhY=; b=JKGfqMVjCLflPwQaA4Y2DA67gsiCK7M94Rz5XZCbWdK567q86SWxEVpl 35NI+ccueDPlBBwMQBbB+OMWfz1bzil9HkZwiATS7arbzIu4hphS/P7AT yzs8diLm3wnfY7ehwKi/4q2oub3YjC+DUIue4bvfVXNFhy/ucsB/MUT5m u0UNJ1RRlsiTq1Xtian6CL1/yAHLk7bU1YCLC7LfDiBETdBYjUNAvIPlx t5MREfc0QEbqpduMKf2zNXIsz3cYRMq5XxokH1NTA4LI9ftoCvpisKaYm av06JPmuzeIEe6Gfp6gbGsqGMokHHM0aBf4mB5Ohbf4iiMoGnvylyvpa1 A==; X-IronPort-AV: E=McAfee;i="6500,9779,10480"; a="327182136" X-IronPort-AV: E=Sophos;i="5.93,344,1654585200"; d="scan'208";a="327182136" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Sep 2022 01:54:31 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,344,1654585200"; d="scan'208";a="623001794" Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.157.129]) by fmsmga007.fm.intel.com with ESMTP; 25 Sep 2022 01:54:29 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Xiaoyu Lu , Guomin Jiang Subject: [PATCH 3/4] CryptoPkg: add new X509 function to Crypto Service. Date: Sun, 25 Sep 2022 16:54:18 +0800 Message-Id: X-Mailer: git-send-email 2.26.2.windows.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4082 Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Qi Zhang --- CryptoPkg/Driver/Crypto.c | 430 ++++++++++ .../Pcd/PcdCryptoServiceFamilyEnable.h | 34 +- .../BaseCryptLibOnProtocolPpi/CryptLib.c | 415 +++++++++ CryptoPkg/Private/Protocol/Crypto.h | 790 +++++++++++++----- 4 files changed, 1459 insertions(+), 210 deletions(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index 9872b5bf70..343d73b9db 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -3086,6 +3086,421 @@ CryptoServiceX509GetTBSCert ( return CALL_BASECRYPTLIB (X509.Services.GetTBSCert, X509GetTBSCert, (Cer= t, CertSize, TBSCert, TBSCertSize), FALSE);=0D }=0D =0D +/**=0D + Retrieve the version from one X.509 certificate.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertSize is 0, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] Version Pointer to the retrieved version integer.=0D +=0D + @retval TRUE The certificate version retrieved successfully.=0D + @retval FALSE If Cert is NULL or CertSize is Zero.=0D + @retval FALSE The operation is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceX509GetVersion (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINTN *Version=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (X509.Services.GetVersion, X509GetVersion, (Cer= t, CertSize, Version), FALSE);=0D +}=0D +=0D +/**=0D + Retrieve the serialNumber from one X.509 certificate.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertSize is 0, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] SerialNumber Pointer to the retrieved certificate Seria= lNumber bytes.=0D + @param[in, out] SerialNumberSize The size in bytes of the SerialNumber = buffer on input,=0D + and the size of buffer returned SerialNumbe= r on output.=0D +=0D + @retval TRUE The certificate serialNumber retrieved = successfully.=0D + @retval FALSE If Cert is NULL or CertSize is Zero.=0D + If SerialNumberSize is NULL.=0D + If Certificate is invalid.=0D + @retval FALSE If no SerialNumber exists.=0D + @retval FALSE If the SerialNumber is NULL. The requir= ed buffer size=0D + (including the final null) is returned = in the=0D + SerialNumberSize parameter.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceX509GetSerialNumber (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *SerialNumber, OPTIONAL=0D + IN OUT UINTN *SerialNumberSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (X509.Services.GetSerialNumber, X509GetSerialNu= mber, (Cert, CertSize, SerialNumber, SerialNumberSize), FALSE);=0D +}=0D +=0D +/**=0D + Retrieve the issuer bytes from one X.509 certificate.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertIssuerSize is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] CertIssuer Pointer to the retrieved certificate subject= bytes.=0D + @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buff= er on input,=0D + and the size of buffer returned CertSubject= on output.=0D +=0D + @retval TRUE The certificate issuer retrieved successfully.=0D + @retval FALSE Invalid certificate, or the CertIssuerSize is too small = for the result.=0D + The CertIssuerSize will be updated with the required siz= e.=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceX509GetIssuerName (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *CertIssuer,=0D + IN OUT UINTN *CertIssuerSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (X509.Services.GetIssuerName, X509GetIssuerName= , (Cert, CertSize, CertIssuer, CertIssuerSize), FALSE);=0D +}=0D +=0D +/**=0D + Retrieve the Signature Algorithm from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] Oid Signature Algorithm Object identifier b= uffer.=0D + @param[in,out] OidSize Signature Algorithm Object identifier b= uffer size=0D +=0D + @retval TRUE The certificate Extension data retrieve= d successfully.=0D + @retval FALSE If Cert is NULL.=0D + If OidSize is NULL.=0D + If Oid is not NULL and *OidSize is 0.=0D + If Certificate is invalid.=0D + @retval FALSE If no SignatureType.=0D + @retval FALSE If the Oid is NULL. The required buffer= size=0D + is returned in the OidSize.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceX509GetSignatureAlgorithm (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *Oid, OPTIONAL=0D + IN OUT UINTN *OidSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (X509.Services.GetSignatureAlgorithm, X509GetSi= gnatureAlgorithm, (Cert, CertSize, Oid, OidSize), FALSE);=0D +}=0D +=0D +/**=0D + Retrieve Extension data from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[in] Oid Object identifier buffer=0D + @param[in] OidSize Object identifier buffer size=0D + @param[out] ExtensionData Extension bytes.=0D + @param[in, out] ExtensionDataSize Extension bytes size.=0D +=0D + @retval TRUE The certificate Extension data retrieve= d successfully.=0D + @retval FALSE If Cert is NULL.=0D + If ExtensionDataSize is NULL.=0D + If ExtensionData is not NULL and *Exten= sionDataSize is 0.=0D + If Certificate is invalid.=0D + @retval FALSE If no Extension entry match Oid.=0D + @retval FALSE If the ExtensionData is NULL. The requi= red buffer size=0D + is returned in the ExtensionDataSize pa= rameter.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceX509GetExtensionData (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + IN CONST UINT8 *Oid,=0D + IN UINTN OidSize,=0D + OUT UINT8 *ExtensionData,=0D + IN OUT UINTN *ExtensionDataSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (X509.Services.GetExtensionData, X509GetExtensi= onData, (Cert, CertSize, Oid, OidSize, ExtensionData, ExtensionDataSize), F= ALSE);=0D +}=0D +=0D +/**=0D + Retrieve the Extended Key Usage from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] Usage Key Usage bytes.=0D + @param[in, out] UsageSize Key Usage buffer sizs in bytes.=0D +=0D + @retval TRUE The Usage bytes retrieve successfully.= =0D + @retval FALSE If Cert is NULL.=0D + If CertSize is NULL.=0D + If Usage is not NULL and *UsageSize is = 0.=0D + If Cert is invalid.=0D + @retval FALSE If the Usage is NULL. The required buff= er size=0D + is returned in the UsageSize parameter.= =0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceX509GetExtendedKeyUsage (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *Usage,=0D + IN OUT UINTN *UsageSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (X509.Services.GetExtendedKeyUsage, X509GetExte= ndedKeyUsage, (Cert, CertSize, Usage, UsageSize), FALSE);=0D +}=0D +=0D +/**=0D + Retrieve the Validity from one X.509 certificate=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertIssuerSize is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[in] From notBefore Pointer to DateTime object.=0D + @param[in,out] FromSize notBefore DateTime object size.=0D + @param[in] To notAfter Pointer to DateTime object.=0D + @param[in,out] ToSize notAfter DateTime object size.=0D +=0D + Note: X509CompareDateTime to compare DateTime oject=0D + x509SetDateTime to get a DateTime object from a DateTimeStr=0D +=0D + @retval TRUE The certificate Validity retrieved successfully.=0D + @retval FALSE Invalid certificate, or Validity retrieve failed.=0D + @retval FALSE This interface is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceX509GetValidity (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + IN UINT8 *From,=0D + IN OUT UINTN *FromSize,=0D + IN UINT8 *To,=0D + IN OUT UINTN *ToSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (X509.Services.GetValidity, X509GetValidity, (C= ert, CertSize, From, FromSize, To, ToSize), FALSE);=0D +}=0D +=0D +/**=0D + Format a DateTime object into DataTime Buffer=0D +=0D + If DateTimeStr is NULL, then return FALSE.=0D + If DateTimeSize is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ=0D + Ref: https://www.w3.org/TR/NOTE-datetim= e=0D + Z stand for UTC time=0D + @param[out] DateTime Pointer to a DateTime object.=0D + @param[in,out] DateTimeSize DateTime object buffer size.=0D +=0D + @retval TRUE The DateTime object create successfully= .=0D + @retval FALSE If DateTimeStr is NULL.=0D + If DateTimeSize is NULL.=0D + If DateTime is not NULL and *DateTimeSi= ze is 0.=0D + If Year Month Day Hour Minute Second co= mbination is invalid datetime.=0D + @retval FALSE If the DateTime is NULL. The required b= uffer size=0D + (including the final null) is returned = in the=0D + DateTimeSize parameter.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceX509SetDateTime (=0D + IN CHAR8 *DateTimeStr,=0D + OUT VOID *DateTime,=0D + IN OUT UINTN *DateTimeSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (X509.Services.SetDateTime, X509SetDateTime, (D= ateTimeStr, DateTime, DateTimeSize), FALSE);=0D +}=0D +=0D +/**=0D + Compare DateTime1 object and DateTime2 object.=0D +=0D + If DateTime1 is NULL, then return -2.=0D + If DateTime2 is NULL, then return -2.=0D + If DateTime1 =3D=3D DateTime2, then return 0=0D + If DateTime1 > DateTime2, then return 1=0D + If DateTime1 < DateTime2, then return -1=0D +=0D + @param[in] DateTime1 Pointer to a DateTime Ojbect=0D + @param[in] DateTime2 Pointer to a DateTime Object=0D +=0D + @retval 0 If DateTime1 =3D=3D DateTime2=0D + @retval 1 If DateTime1 > DateTime2=0D + @retval -1 If DateTime1 < DateTime2=0D +**/=0D +INT32=0D +EFIAPI=0D +CryptoServiceX509CompareDateTime (=0D + IN CONST VOID *DateTime1,=0D + IN CONST VOID *DateTime2=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (X509.Services.CompareDateTime, X509CompareDate= Time, (DateTime1, DateTime2), FALSE);=0D +}=0D +=0D +/**=0D + Retrieve the Key Usage from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] Usage Key Usage (CRYPTO_X509_KU_*)=0D +=0D + @retval TRUE The certificate Key Usage retrieved successfully.=0D + @retval FALSE Invalid certificate, or Usage is NULL=0D + @retval FALSE This interface is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceX509GetKeyUsage (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINTN *Usage=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (X509.Services.GetKeyUsage, X509GetKeyUsage, (C= ert, CertSize, Usage), FALSE);=0D +}=0D +=0D +/**=0D + Verify one X509 certificate was issued by the trusted CA.=0D + @param[in] RootCert Trusted Root Certificate buffer=0D +=0D + @param[in] RootCertLength Trusted Root Certificate buffer length= =0D + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates=0D + where the first certificate is signed = by the Root=0D + Certificate or is the Root Cerificate = itself. and=0D + subsequent cerificate is signed by the= preceding=0D + cerificate.=0D + @param[in] CertChainLength Total length of the certificate chain,= in bytes.=0D +=0D + @retval TRUE All cerificates was issued by the first certificate in X= 509Certchain.=0D + @retval FALSE Invalid certificate or the certificate was not issued by= the given=0D + trusted CA.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceX509VerifyCertChain (=0D + IN CONST UINT8 *RootCert,=0D + IN UINTN RootCertLength,=0D + IN CONST UINT8 *CertChain,=0D + IN UINTN CertChainLength=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (X509.Services.VerifyCertChain, X509VerifyCertC= hain, (RootCert, RootCertLength, CertChain, CertChainLength), FALSE);=0D +}=0D +=0D +/**=0D + Get one X509 certificate from CertChain.=0D +=0D + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates=0D + where the first certificate is signed = by the Root=0D + Certificate or is the Root Cerificate = itself. and=0D + subsequent cerificate is signed by the= preceding=0D + cerificate.=0D + @param[in] CertChainLength Total length of the certificate chain,= in bytes.=0D +=0D + @param[in] CertIndex Index of certificate.=0D +=0D + @param[out] Cert The certificate at the index of CertCh= ain.=0D + @param[out] CertLength The length certificate at the index of= CertChain.=0D +=0D + @retval TRUE Success.=0D + @retval FALSE Failed to get certificate from certificate chain.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceX509GetCertFromCertChain (=0D + IN CONST UINT8 *CertChain,=0D + IN UINTN CertChainLength,=0D + IN CONST INT32 CertIndex,=0D + OUT CONST UINT8 **Cert,=0D + OUT UINTN *CertLength=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (X509.Services.GetCertFromCertChain, X509GetCer= tFromCertChain, (CertChain, CertChainLength, CertIndex, Cert, CertLength), = FALSE);=0D +}=0D +=0D +/**=0D + Retrieve the tag and length of the tag.=0D +=0D + @param Ptr The position in the ASN.1 data=0D + @param End End of data=0D + @param Length The variable that will receive the length=0D + @param Tag The expected tag=0D +=0D + @retval TRUE Get tag successful=0D + @retval FALSe Failed to get tag or tag not match=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceAsn1GetTag (=0D + IN OUT UINT8 **Ptr,=0D + IN UINT8 *End,=0D + OUT UINTN *Length,=0D + IN UINT32 Tag=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (X509.Services.Asn1GetTag, Asn1GetTag, (Ptr, En= d, Length, Tag), FALSE);=0D +}=0D +=0D +/**=0D + Retrieve the basic constraints from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509= certificate.=0D + @param[in] CertSize size of the X509 certificate in= bytes.=0D + @param[out] BasicConstraints basic constraints bytes.=0D + @param[in, out] BasicConstraintsSize basic constraints buffer sizs i= n bytes.=0D +=0D + @retval TRUE The basic constraints retrieve successf= ully.=0D + @retval FALSE If cert is NULL.=0D + If cert_size is NULL.=0D + If basic_constraints is not NULL and *b= asic_constraints_size is 0.=0D + If cert is invalid.=0D + @retval FALSE The required buffer size is small.=0D + The return buffer size is basic_constra= ints_size parameter.=0D + @retval FALSE If no Extension entry match oid.=0D + @retval FALSE The operation is not supported.=0D + **/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceX509GetExtendedBasicConstraints (=0D + CONST UINT8 *Cert,=0D + UINTN CertSize,=0D + UINT8 *BasicConstraints,=0D + UINTN *BasicConstraintsSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (X509.Services.GetExtendedBasicConstraints, X50= 9GetExtendedBasicConstraints, (Cert, CertSize, BasicConstraints, BasicConst= raintsSize), FALSE);=0D +}=0D +=0D /**=0D Derives a key from a password using a salt and iteration count, based on= PKCS#5 v2.0=0D password based encryption key derivation function PBKDF2, as specified i= n RFC 2898.=0D @@ -5770,4 +6185,19 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceBigNumContextFree,=0D CryptoServiceBigNumSetUint,=0D CryptoServiceBigNumAddMod,=0D + /// X509 (Continued)=0D + CryptoServiceX509GetVersion,=0D + CryptoServiceX509GetSerialNumber,=0D + CryptoServiceX509GetIssuerName,=0D + CryptoServiceX509GetSignatureAlgorithm,=0D + CryptoServiceX509GetExtensionData,=0D + CryptoServiceX509GetExtendedKeyUsage,=0D + CryptoServiceX509GetValidity,=0D + CryptoServiceX509SetDateTime,=0D + CryptoServiceX509CompareDateTime,=0D + CryptoServiceX509GetKeyUsage,=0D + CryptoServiceX509VerifyCertChain,=0D + CryptoServiceX509GetCertFromCertChain,=0D + CryptoServiceAsn1GetTag,=0D + CryptoServiceX509GetExtendedBasicConstraints=0D };=0D diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoP= kg/Include/Pcd/PcdCryptoServiceFamilyEnable.h index 52b44ca4f8..6338ac8f55 100644 --- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h +++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h @@ -187,16 +187,30 @@ typedef struct { } Sha512;=0D union {=0D struct {=0D - UINT8 GetSubjectName : 1;=0D - UINT8 GetCommonName : 1;=0D - UINT8 GetOrganizationName : 1;=0D - UINT8 VerifyCert : 1;=0D - UINT8 ConstructCertificate : 1;=0D - UINT8 ConstructCertificateStack : 1;=0D - UINT8 ConstructCertificateStackV : 1;=0D - UINT8 Free : 1;=0D - UINT8 StackFree : 1;=0D - UINT8 GetTBSCert : 1;=0D + UINT8 GetSubjectName : 1;=0D + UINT8 GetCommonName : 1;=0D + UINT8 GetOrganizationName : 1;=0D + UINT8 VerifyCert : 1;=0D + UINT8 ConstructCertificate : 1;=0D + UINT8 ConstructCertificateStack : 1;=0D + UINT8 ConstructCertificateStackV : 1;=0D + UINT8 Free : 1;=0D + UINT8 StackFree : 1;=0D + UINT8 GetTBSCert : 1;=0D + UINT8 GetVersion : 1;=0D + UINT8 GetSerialNumber : 1;=0D + UINT8 GetIssuerName : 1;=0D + UINT8 GetSignatureAlgorithm : 1;=0D + UINT8 GetExtensionData : 1;=0D + UINT8 GetExtendedKeyUsage : 1;=0D + UINT8 GetValidity : 1;=0D + UINT8 SetDateTime : 1;=0D + UINT8 CompareDateTime : 1;=0D + UINT8 GetKeyUsage : 1;=0D + UINT8 VerifyCertChain : 1;=0D + UINT8 GetCertFromCertChain : 1;=0D + UINT8 Asn1GetTag : 1;=0D + UINT8 GetExtendedBasicConstraints : 1;=0D } Services;=0D UINT32 Family;=0D } X509;=0D diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index ce6981f091..5c7b536c75 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -2322,6 +2322,421 @@ X509GetTBSCert ( CALL_CRYPTO_SERVICE (X509GetTBSCert, (Cert, CertSize, TBSCert, TBSCertSi= ze), FALSE);=0D }=0D =0D +/**=0D + Retrieve the version from one X.509 certificate.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertSize is 0, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] Version Pointer to the retrieved version integer.=0D +=0D + @retval TRUE The certificate version retrieved successfully.=0D + @retval FALSE If Cert is NULL or CertSize is Zero.=0D + @retval FALSE The operation is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetVersion (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINTN *Version=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (X509GetVersion, (Cert, CertSize, Version), FALSE);= =0D +}=0D +=0D +/**=0D + Retrieve the serialNumber from one X.509 certificate.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertSize is 0, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] SerialNumber Pointer to the retrieved certificate Seria= lNumber bytes.=0D + @param[in, out] SerialNumberSize The size in bytes of the SerialNumber = buffer on input,=0D + and the size of buffer returned SerialNumbe= r on output.=0D +=0D + @retval TRUE The certificate serialNumber retrieved = successfully.=0D + @retval FALSE If Cert is NULL or CertSize is Zero.=0D + If SerialNumberSize is NULL.=0D + If Certificate is invalid.=0D + @retval FALSE If no SerialNumber exists.=0D + @retval FALSE If the SerialNumber is NULL. The requir= ed buffer size=0D + (including the final null) is returned = in the=0D + SerialNumberSize parameter.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetSerialNumber (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *SerialNumber, OPTIONAL=0D + IN OUT UINTN *SerialNumberSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (X509GetSerialNumber, (Cert, CertSize, SerialNumber,= SerialNumberSize), FALSE);=0D +}=0D +=0D +/**=0D + Retrieve the issuer bytes from one X.509 certificate.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertIssuerSize is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] CertIssuer Pointer to the retrieved certificate subject= bytes.=0D + @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buff= er on input,=0D + and the size of buffer returned CertSubject= on output.=0D +=0D + @retval TRUE The certificate issuer retrieved successfully.=0D + @retval FALSE Invalid certificate, or the CertIssuerSize is too small = for the result.=0D + The CertIssuerSize will be updated with the required siz= e.=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetIssuerName (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *CertIssuer,=0D + IN OUT UINTN *CertIssuerSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (X509GetIssuerName, (Cert, CertSize, CertIssuer, Cer= tIssuerSize), FALSE);=0D +}=0D +=0D +/**=0D + Retrieve the Signature Algorithm from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] Oid Signature Algorithm Object identifier b= uffer.=0D + @param[in,out] OidSize Signature Algorithm Object identifier b= uffer size=0D +=0D + @retval TRUE The certificate Extension data retrieved successf= ully.=0D + @retval FALSE If Cert is NULL.=0D + If OidSize is NULL.=0D + If Oid is not NULL and *OidSize is 0.=0D + If Certificate is invalid.=0D + @retval FALSE If no SignatureType.=0D + @retval FALSE If the Oid is NULL. The required buffer= size=0D + is returned in the OidSize.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetSignatureAlgorithm (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *Oid, OPTIONAL=0D + IN OUT UINTN *OidSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (X509GetSignatureAlgorithm, (Cert, CertSize, Oid, Oi= dSize), FALSE);=0D +}=0D +=0D +/**=0D + Retrieve Extension data from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[in] Oid Object identifier buffer=0D + @param[in] OidSize Object identifier buffer size=0D + @param[out] ExtensionData Extension bytes.=0D + @param[in, out] ExtensionDataSize Extension bytes size.=0D +=0D + @retval TRUE The certificate Extension data retrieve= d successfully.=0D + @retval FALSE If Cert is NULL.=0D + If ExtensionDataSize is NULL.=0D + If ExtensionData is not NULL and *Exten= sionDataSize is 0.=0D + If Certificate is invalid.=0D + @retval FALSE If no Extension entry match Oid.=0D + @retval FALSE If the ExtensionData is NULL. The requi= red buffer size=0D + is returned in the ExtensionDataSize pa= rameter.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetExtensionData (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + IN CONST UINT8 *Oid,=0D + IN UINTN OidSize,=0D + OUT UINT8 *ExtensionData,=0D + IN OUT UINTN *ExtensionDataSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (X509GetExtensionData, (Cert, CertSize, Oid, OidSize= , ExtensionData, ExtensionDataSize), FALSE);=0D +}=0D +=0D +/**=0D + Retrieve the Extended Key Usage from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] Usage Key Usage bytes.=0D + @param[in, out] UsageSize Key Usage buffer sizs in bytes.=0D +=0D + @retval TRUE The Usage bytes retrieve successfully.= =0D + @retval FALSE If Cert is NULL.=0D + If CertSize is NULL.=0D + If Usage is not NULL and *UsageSize is = 0.=0D + If Cert is invalid.=0D + @retval FALSE If the Usage is NULL. The required buff= er size=0D + is returned in the UsageSize parameter.= =0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetExtendedKeyUsage (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *Usage,=0D + IN OUT UINTN *UsageSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (X509GetExtendedKeyUsage, (Cert, CertSize, Usage, Us= ageSize), FALSE);=0D +}=0D +=0D +/**=0D + Retrieve the Validity from one X.509 certificate=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertIssuerSize is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[in] From notBefore Pointer to DateTime object.=0D + @param[in,out] FromSize notBefore DateTime object size.=0D + @param[in] To notAfter Pointer to DateTime object.=0D + @param[in,out] ToSize notAfter DateTime object size.=0D +=0D + Note: X509CompareDateTime to compare DateTime oject=0D + x509SetDateTime to get a DateTime object from a DateTimeStr=0D +=0D + @retval TRUE The certificate Validity retrieved successfully.=0D + @retval FALSE Invalid certificate, or Validity retrieve failed.=0D + @retval FALSE This interface is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetValidity (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + IN UINT8 *From,=0D + IN OUT UINTN *FromSize,=0D + IN UINT8 *To,=0D + IN OUT UINTN *ToSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (X509GetValidity, (Cert, CertSize, From, FromSize, T= o, ToSize), FALSE);=0D +}=0D +=0D +/**=0D + Format a DateTime object into DataTime Buffer=0D +=0D + If DateTimeStr is NULL, then return FALSE.=0D + If DateTimeSize is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ=0D + Ref: https://www.w3.org/TR/NOTE-datetim= e=0D + Z stand for UTC time=0D + @param[out] DateTime Pointer to a DateTime object.=0D + @param[in,out] DateTimeSize DateTime object buffer size.=0D +=0D + @retval TRUE The DateTime object create successfully= .=0D + @retval FALSE If DateTimeStr is NULL.=0D + If DateTimeSize is NULL.=0D + If DateTime is not NULL and *DateTimeSi= ze is 0.=0D + If Year Month Day Hour Minute Second co= mbination is invalid datetime.=0D + @retval FALSE If the DateTime is NULL. The required b= uffer size=0D + (including the final null) is returned = in the=0D + DateTimeSize parameter.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509SetDateTime (=0D + IN CHAR8 *DateTimeStr,=0D + OUT VOID *DateTime,=0D + IN OUT UINTN *DateTimeSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (X509SetDateTime, (DateTimeStr, DateTime, DateTimeSi= ze), FALSE);=0D +}=0D +=0D +/**=0D + Compare DateTime1 object and DateTime2 object.=0D +=0D + If DateTime1 is NULL, then return -2.=0D + If DateTime2 is NULL, then return -2.=0D + If DateTime1 =3D=3D DateTime2, then return 0=0D + If DateTime1 > DateTime2, then return 1=0D + If DateTime1 < DateTime2, then return -1=0D +=0D + @param[in] DateTime1 Pointer to a DateTime Ojbect=0D + @param[in] DateTime2 Pointer to a DateTime Object=0D +=0D + @retval 0 If DateTime1 =3D=3D DateTime2=0D + @retval 1 If DateTime1 > DateTime2=0D + @retval -1 If DateTime1 < DateTime2=0D +**/=0D +INT32=0D +EFIAPI=0D +X509CompareDateTime (=0D + IN CONST VOID *DateTime1,=0D + IN CONST VOID *DateTime2=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (X509CompareDateTime, (DateTime1, DateTime2), FALSE)= ;=0D +}=0D +=0D +/**=0D + Retrieve the Key Usage from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] Usage Key Usage (CRYPTO_X509_KU_*)=0D +=0D + @retval TRUE The certificate Key Usage retrieved successfully.=0D + @retval FALSE Invalid certificate, or Usage is NULL=0D + @retval FALSE This interface is not supported.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetKeyUsage (=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINTN *Usage=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (X509GetKeyUsage, (Cert, CertSize, Usage), FALSE);=0D +}=0D +=0D +/**=0D + Verify one X509 certificate was issued by the trusted CA.=0D + @param[in] RootCert Trusted Root Certificate buffer=0D +=0D + @param[in] RootCertLength Trusted Root Certificate buffer length= =0D + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates=0D + where the first certificate is signed = by the Root=0D + Certificate or is the Root Cerificate = itself. and=0D + subsequent cerificate is signed by the= preceding=0D + cerificate.=0D + @param[in] CertChainLength Total length of the certificate chain,= in bytes.=0D +=0D + @retval TRUE All cerificates was issued by the first certificate in X= 509Certchain.=0D + @retval FALSE Invalid certificate or the certificate was not issued by= the given=0D + trusted CA.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509VerifyCertChain (=0D + IN CONST UINT8 *RootCert,=0D + IN UINTN RootCertLength,=0D + IN CONST UINT8 *CertChain,=0D + IN UINTN CertChainLength=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (X509VerifyCertChain, (RootCert, RootCertLength, Cer= tChain, CertChainLength), FALSE);=0D +}=0D +=0D +/**=0D + Get one X509 certificate from CertChain.=0D +=0D + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates=0D + where the first certificate is signed = by the Root=0D + Certificate or is the Root Cerificate = itself. and=0D + subsequent cerificate is signed by the= preceding=0D + cerificate.=0D + @param[in] CertChainLength Total length of the certificate chain,= in bytes.=0D +=0D + @param[in] CertIndex Index of certificate.=0D +=0D + @param[out] Cert The certificate at the index of CertCh= ain.=0D + @param[out] CertLength The length certificate at the index of= CertChain.=0D +=0D + @retval TRUE Success.=0D + @retval FALSE Failed to get certificate from certificate chain.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetCertFromCertChain (=0D + IN CONST UINT8 *CertChain,=0D + IN UINTN CertChainLength,=0D + IN CONST INT32 CertIndex,=0D + OUT CONST UINT8 **Cert,=0D + OUT UINTN *CertLength=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (X509GetCertFromCertChain, (CertChain, CertChainLeng= th, CertIndex, Cert, CertLength), FALSE);=0D +}=0D +=0D +/**=0D + Retrieve the tag and length of the tag.=0D +=0D + @param Ptr The position in the ASN.1 data=0D + @param End End of data=0D + @param Length The variable that will receive the length=0D + @param Tag The expected tag=0D +=0D + @retval TRUE Get tag successful=0D + @retval FALSe Failed to get tag or tag not match=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Asn1GetTag (=0D + IN OUT UINT8 **Ptr,=0D + IN UINT8 *End,=0D + OUT UINTN *Length,=0D + IN UINT32 Tag=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (Asn1GetTag, (Ptr, End, Length, Tag), FALSE);=0D +}=0D +=0D +/**=0D + Retrieve the basic constraints from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509= certificate.=0D + @param[in] CertSize size of the X509 certificate in= bytes.=0D + @param[out] BasicConstraints basic constraints bytes.=0D + @param[in, out] BasicConstraintsSize basic constraints buffer sizs i= n bytes.=0D +=0D + @retval TRUE The basic constraints retrieve successf= ully.=0D + @retval FALSE If cert is NULL.=0D + If cert_size is NULL.=0D + If basic_constraints is not NULL and *b= asic_constraints_size is 0.=0D + If cert is invalid.=0D + @retval FALSE The required buffer size is small.=0D + The return buffer size is basic_constra= ints_size parameter.=0D + @retval FALSE If no Extension entry match oid.=0D + @retval FALSE The operation is not supported.=0D + **/=0D +BOOLEAN=0D +EFIAPI=0D +X509GetExtendedBasicConstraints (=0D + CONST UINT8 *Cert,=0D + UINTN CertSize,=0D + UINT8 *BasicConstraints,=0D + UINTN *BasicConstraintsSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (X509GetExtendedBasicConstraints, (Cert, CertSize, B= asicConstraints, BasicConstraintsSize), FALSE);=0D +}=0D +=0D /**=0D Derives a key from a password using a salt and iteration count, based on= PKCS#5 v2.0=0D password based encryption key derivation function PBKDF2, as specified i= n RFC 2898.=0D diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index 3bf37575e9..ec9c074c7b 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -21,7 +21,7 @@ /// the EDK II Crypto Protocol is extended, this version define must be=0D /// increased.=0D ///=0D -#define EDKII_CRYPTO_VERSION 12=0D +#define EDKII_CRYPTO_VERSION 13=0D =0D ///=0D /// EDK II Crypto Protocol forward declaration=0D @@ -2351,6 +2351,381 @@ BOOLEAN OUT UINTN *TBSCertSize=0D );=0D =0D +/**=0D + Retrieve the version from one X.509 certificate.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertSize is 0, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] Version Pointer to the retrieved version integer.=0D +=0D + @retval TRUE The certificate version retrieved successfully.=0D + @retval FALSE If Cert is NULL or CertSize is Zero.=0D + @retval FALSE The operation is not supported.=0D +=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_X509_GET_VERSION)(=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINTN *Version=0D + );=0D +=0D +/**=0D + Retrieve the serialNumber from one X.509 certificate.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertSize is 0, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] SerialNumber Pointer to the retrieved certificate Seria= lNumber bytes.=0D + @param[in, out] SerialNumberSize The size in bytes of the SerialNumber = buffer on input,=0D + and the size of buffer returned SerialNumbe= r on output.=0D +=0D + @retval TRUE The certificate serialNumber retrieved = successfully.=0D + @retval FALSE If Cert is NULL or CertSize is Zero.=0D + If SerialNumberSize is NULL.=0D + If Certificate is invalid.=0D + @retval FALSE If no SerialNumber exists.=0D + @retval FALSE If the SerialNumber is NULL. The requir= ed buffer size=0D + (including the final null) is returned = in the=0D + SerialNumberSize parameter.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_X509_GET_SERIAL_NUMBER)(=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *SerialNumber, OPTIONAL=0D + IN OUT UINTN *SerialNumberSize=0D + );=0D +=0D +/**=0D + Retrieve the issuer bytes from one X.509 certificate.=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertIssuerSize is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] CertIssuer Pointer to the retrieved certificate subject= bytes.=0D + @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buff= er on input,=0D + and the size of buffer returned CertSubject= on output.=0D +=0D + @retval TRUE The certificate issuer retrieved successfully.=0D + @retval FALSE Invalid certificate, or the CertIssuerSize is too small = for the result.=0D + The CertIssuerSize will be updated with the required siz= e.=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_X509_GET_ISSUER_NAME)(=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *CertIssuer,=0D + IN OUT UINTN *CertIssuerSize=0D + );=0D +=0D +/**=0D + Retrieve the Signature Algorithm from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] Oid Signature Algorithm Object identifier b= uffer.=0D + @param[in,out] OidSize Signature Algorithm Object identifier b= uffer size=0D +=0D + @retval TRUE The certificate Extension data retrieved successf= ully.=0D + @retval FALSE If Cert is NULL.=0D + If OidSize is NULL.=0D + If Oid is not NULL and *OidSize is 0.=0D + If Certificate is invalid.=0D + @retval FALSE If no SignatureType.=0D + @retval FALSE If the Oid is NULL. The required buffer= size=0D + is returned in the OidSize.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_X509_GET_SIGNATURE_ALGORITHM)(=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *Oid, OPTIONAL=0D + IN OUT UINTN *OidSize=0D + );=0D +=0D +/**=0D + Retrieve Extension data from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[in] Oid Object identifier buffer=0D + @param[in] OidSize Object identifier buffer size=0D + @param[out] ExtensionData Extension bytes.=0D + @param[in, out] ExtensionDataSize Extension bytes size.=0D +=0D + @retval TRUE The certificate Extension data retrieve= d successfully.=0D + @retval FALSE If Cert is NULL.=0D + If ExtensionDataSize is NULL.=0D + If ExtensionData is not NULL and *Exten= sionDataSize is 0.=0D + If Certificate is invalid.=0D + @retval FALSE If no Extension entry match Oid.=0D + @retval FALSE If the ExtensionData is NULL. The requi= red buffer size=0D + is returned in the ExtensionDataSize pa= rameter.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_X509_GET_EXTENSION_DATA)(=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + IN CONST UINT8 *Oid,=0D + IN UINTN OidSize,=0D + OUT UINT8 *ExtensionData,=0D + IN OUT UINTN *ExtensionDataSize=0D + );=0D +=0D +/**=0D + Retrieve the Extended Key Usage from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] Usage Key Usage bytes.=0D + @param[in, out] UsageSize Key Usage buffer sizs in bytes.=0D +=0D + @retval TRUE The Usage bytes retrieve successfully.= =0D + @retval FALSE If Cert is NULL.=0D + If CertSize is NULL.=0D + If Usage is not NULL and *UsageSize is = 0.=0D + If Cert is invalid.=0D + @retval FALSE If the Usage is NULL. The required buff= er size=0D + is returned in the UsageSize parameter.= =0D + @retval FALSE The operation is not supported.=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_X509_GET_EXTENDED_KEY_USAGE)(=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINT8 *Usage,=0D + IN OUT UINTN *UsageSize=0D + );=0D +=0D +/**=0D + Retrieve the Validity from one X.509 certificate=0D +=0D + If Cert is NULL, then return FALSE.=0D + If CertIssuerSize is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certificate= .=0D + @param[in] CertSize Size of the X509 certificate in bytes.=0D + @param[out] From notBefore Pointer to DateTime object.=0D + @param[in,out] FromSize notBefore DateTime object size.=0D + @param[out] To notAfter Pointer to DateTime object.=0D + @param[in,out] ToSize notAfter DateTime object size.=0D +=0D + Note: X509CompareDateTime to compare DateTime oject=0D + x509SetDateTime to get a DateTime object from a DateTimeStr=0D +=0D + @retval TRUE The certificate Validity retrieved successfully.=0D + @retval FALSE Invalid certificate, or Validity retrieve failed.=0D + @retval FALSE This interface is not supported.=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_X509_GET_VALIDITY)(=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + IN UINT8 *From,=0D + IN OUT UINTN *FromSize,=0D + IN UINT8 *To,=0D + IN OUT UINTN *ToSize=0D + );=0D +=0D +/**=0D + Format a DateTime object into DataTime Buffer=0D +=0D + If DateTimeStr is NULL, then return FALSE.=0D + If DateTimeSize is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ=0D + Ref: https://www.w3.org/TR/NOTE-datetim= e=0D + Z stand for UTC time=0D + @param[in,out] DateTime Pointer to a DateTime object.=0D + @param[in,out] DateTimeSize DateTime object buffer size.=0D +=0D + @retval TRUE The DateTime object create successfully= .=0D + @retval FALSE If DateTimeStr is NULL.=0D + If DateTimeSize is NULL.=0D + If DateTime is not NULL and *DateTimeSi= ze is 0.=0D + If Year Month Day Hour Minute Second co= mbination is invalid datetime.=0D + @retval FALSE If the DateTime is NULL. The required b= uffer size=0D + (including the final null) is returned = in the=0D + DateTimeSize parameter.=0D + @retval FALSE The operation is not supported.=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_X509_SET_DATE_TIME)(=0D + IN CHAR8 *DateTimeStr,=0D + OUT VOID *DateTime,=0D + IN OUT UINTN *DateTimeSize=0D + );=0D +=0D +/**=0D + Compare DateTime1 object and DateTime2 object.=0D +=0D + If DateTime1 is NULL, then return -2.=0D + If DateTime2 is NULL, then return -2.=0D + If DateTime1 =3D=3D DateTime2, then return 0=0D + If DateTime1 > DateTime2, then return 1=0D + If DateTime1 < DateTime2, then return -1=0D +=0D + @param[in] DateTime1 Pointer to a DateTime Ojbect=0D + @param[in] DateTime2 Pointer to a DateTime Object=0D +=0D + @retval 0 If DateTime1 =3D=3D DateTime2=0D + @retval 1 If DateTime1 > DateTime2=0D + @retval -1 If DateTime1 < DateTime2=0D +**/=0D +typedef=0D +INT32=0D +(EFIAPI *EDKII_CRYPTO_X509_COMPARE_DATE_TIME)(=0D + IN CONST VOID *DateTime1,=0D + IN CONST VOID *DateTime2=0D + );=0D +=0D +/**=0D + Retrieve the Key Usage from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509 certifi= cate.=0D + @param[in] CertSize Size of the X509 certificate in bytes.= =0D + @param[out] Usage Key Usage (CRYPTO_X509_KU_*)=0D +=0D + @retval TRUE The certificate Key Usage retrieved successfully.=0D + @retval FALSE Invalid certificate, or Usage is NULL=0D + @retval FALSE This interface is not supported.=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_X509_GET_KEY_USAGE)(=0D + IN CONST UINT8 *Cert,=0D + IN UINTN CertSize,=0D + OUT UINTN *Usage=0D + );=0D +=0D +/**=0D + Verify one X509 certificate was issued by the trusted CA.=0D +=0D + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates=0D + where the first certificate is signed = by the Root=0D + Certificate or is the Root Cerificate = itself. and=0D + subsequent cerificate is signed by the= preceding=0D + cerificate.=0D + @param[in] CertChainLength Total length of the certificate chain,= in bytes.=0D +=0D + @param[in] RootCert Trusted Root Certificate buffer=0D +=0D + @param[in] RootCertLength Trusted Root Certificate buffer length= =0D +=0D + @retval TRUE All cerificates was issued by the first certificate in X= 509Certchain.=0D + @retval FALSE Invalid certificate or the certificate was not issued by= the given=0D + trusted CA.=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_X509_VERIFY_CERT_CHAIN)(=0D + IN CONST UINT8 *RootCert,=0D + IN UINTN RootCertLength,=0D + IN CONST UINT8 *CertChain,=0D + IN UINTN CertChainLength=0D + );=0D +=0D +/**=0D + Get one X509 certificate from CertChain.=0D +=0D + @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce= rtificates=0D + where the first certificate is signed = by the Root=0D + Certificate or is the Root Cerificate = itself. and=0D + subsequent cerificate is signed by the= preceding=0D + cerificate.=0D + @param[in] CertChainLength Total length of the certificate chain,= in bytes.=0D +=0D + @param[in] CertIndex Index of certificate.=0D +=0D + @param[out] Cert The certificate at the index of CertCh= ain.=0D + @param[out] CertLength The length certificate at the index of= CertChain.=0D +=0D + @retval TRUE Success.=0D + @retval FALSE Failed to get certificate from certificate chain.=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_X509_GET_CERT_FROM_CERT_CHAIN)(=0D + IN CONST UINT8 *CertChain,=0D + IN UINTN CertChainLength,=0D + IN CONST INT32 CertIndex,=0D + OUT CONST UINT8 **Cert,=0D + OUT UINTN *CertLength=0D + );=0D +=0D +/**=0D + Retrieve the tag and length of the tag.=0D +=0D + @param Ptr The position in the ASN.1 data=0D + @param End End of data=0D + @param Length The variable that will receive the length=0D + @param Tag The expected tag=0D +=0D + @retval TRUE Get tag successful=0D + @retval FALSe Failed to get tag or tag not match=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_ASN1_GET_TAG)(=0D + IN OUT UINT8 **Ptr,=0D + IN UINT8 *End,=0D + OUT UINTN *Length,=0D + IN UINT32 Tag=0D + );=0D +=0D +/**=0D + Retrieve the basic constraints from one X.509 certificate.=0D +=0D + @param[in] Cert Pointer to the DER-encoded X509= certificate.=0D + @param[in] CertSize size of the X509 certificate in= bytes.=0D + @param[out] BasicConstraints basic constraints bytes.=0D + @param[in, out] BasicConstraintsSize basic constraints buffer sizs i= n bytes.=0D +=0D + @retval TRUE The basic constraints retrieve successf= ully.=0D + @retval FALSE If cert is NULL.=0D + If cert_size is NULL.=0D + If basic_constraints is not NULL and *b= asic_constraints_size is 0.=0D + If cert is invalid.=0D + @retval FALSE The required buffer size is small.=0D + The return buffer size is basic_constra= ints_size parameter.=0D + @retval FALSE If no Extension entry match oid.=0D + @retval FALSE The operation is not supported.=0D + **/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_X509_GET_EXTENDED_BASIC_CONSTRAINTS)(=0D + CONST UINT8 *Cert,=0D + UINTN CertSize,=0D + UINT8 *BasicConstraints,=0D + UINTN *BasicConstraintsSize=0D + );=0D +=0D // =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0D // Symmetric Cryptography Primitive=0D // =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0D @@ -4294,235 +4669,250 @@ BOOLEAN ///=0D struct _EDKII_CRYPTO_PROTOCOL {=0D /// Version=0D - EDKII_CRYPTO_GET_VERSION GetVersion;=0D + EDKII_CRYPTO_GET_VERSION GetVersion;=0D /// HMAC MD5 - deprecated and unsupported=0D - DEPRECATED_EDKII_CRYPTO_HMAC_MD5_NEW DeprecatedHmacMd5New;= =0D - DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FREE DeprecatedHmacMd5Free= ;=0D - DEPRECATED_EDKII_CRYPTO_HMAC_MD5_SET_KEY DeprecatedHmacMd5SetK= ey;=0D - DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE DeprecatedHmacMd5Dupl= icate;=0D - DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE DeprecatedHmacMd5Upda= te;=0D - DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL DeprecatedHmacMd5Fina= l;=0D + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_NEW DeprecatedHmacMd5New= ;=0D + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FREE DeprecatedHmacMd5Fre= e;=0D + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_SET_KEY DeprecatedHmacMd5Set= Key;=0D + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_DUPLICATE DeprecatedHmacMd5Dup= licate;=0D + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_UPDATE DeprecatedHmacMd5Upd= ate;=0D + DEPRECATED_EDKII_CRYPTO_HMAC_MD5_FINAL DeprecatedHmacMd5Fin= al;=0D /// HMAC SHA1 - deprecated and unsupported=0D - DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_NEW DeprecatedHmacSha1New= ;=0D - DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FREE DeprecatedHmacSha1Fre= e;=0D - DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_SET_KEY DeprecatedHmacSha1Set= Key;=0D - DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_DUPLICATE DeprecatedHmacSha1Dup= licate;=0D - DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_UPDATE DeprecatedHmacSha1Upd= ate;=0D - DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FINAL DeprecatedHmacSha1Fin= al;=0D + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_NEW DeprecatedHmacSha1Ne= w;=0D + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FREE DeprecatedHmacSha1Fr= ee;=0D + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_SET_KEY DeprecatedHmacSha1Se= tKey;=0D + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_DUPLICATE DeprecatedHmacSha1Du= plicate;=0D + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_UPDATE DeprecatedHmacSha1Up= date;=0D + DEPRECATED_EDKII_CRYPTO_HMAC_SHA1_FINAL DeprecatedHmacSha1Fi= nal;=0D /// HMAC SHA256=0D - EDKII_CRYPTO_HMAC_SHA256_NEW HmacSha256New;=0D - EDKII_CRYPTO_HMAC_SHA256_FREE HmacSha256Free;=0D - EDKII_CRYPTO_HMAC_SHA256_SET_KEY HmacSha256SetKey;=0D - EDKII_CRYPTO_HMAC_SHA256_DUPLICATE HmacSha256Duplicate;= =0D - EDKII_CRYPTO_HMAC_SHA256_UPDATE HmacSha256Update;=0D - EDKII_CRYPTO_HMAC_SHA256_FINAL HmacSha256Final;=0D + EDKII_CRYPTO_HMAC_SHA256_NEW HmacSha256New;=0D + EDKII_CRYPTO_HMAC_SHA256_FREE HmacSha256Free;=0D + EDKII_CRYPTO_HMAC_SHA256_SET_KEY HmacSha256SetKey;=0D + EDKII_CRYPTO_HMAC_SHA256_DUPLICATE HmacSha256Duplicate;= =0D + EDKII_CRYPTO_HMAC_SHA256_UPDATE HmacSha256Update;=0D + EDKII_CRYPTO_HMAC_SHA256_FINAL HmacSha256Final;=0D /// Md4 - deprecated and unsupported=0D - DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE DeprecatedMd4GetConte= xtSize;=0D - DEPRECATED_EDKII_CRYPTO_MD4_INIT DeprecatedMd4Init;=0D - DEPRECATED_EDKII_CRYPTO_MD4_DUPLICATE DeprecatedMd4Duplicat= e;=0D - DEPRECATED_EDKII_CRYPTO_MD4_UPDATE DeprecatedMd4Update;= =0D - DEPRECATED_EDKII_CRYPTO_MD4_FINAL DeprecatedMd4Final;=0D - DEPRECATED_EDKII_CRYPTO_MD4_HASH_ALL DeprecatedMd4HashAll;= =0D + DEPRECATED_EDKII_CRYPTO_MD4_GET_CONTEXT_SIZE DeprecatedMd4GetCont= extSize;=0D + DEPRECATED_EDKII_CRYPTO_MD4_INIT DeprecatedMd4Init;=0D + DEPRECATED_EDKII_CRYPTO_MD4_DUPLICATE DeprecatedMd4Duplica= te;=0D + DEPRECATED_EDKII_CRYPTO_MD4_UPDATE DeprecatedMd4Update;= =0D + DEPRECATED_EDKII_CRYPTO_MD4_FINAL DeprecatedMd4Final;= =0D + DEPRECATED_EDKII_CRYPTO_MD4_HASH_ALL DeprecatedMd4HashAll= ;=0D /// Md5=0D - EDKII_CRYPTO_MD5_GET_CONTEXT_SIZE Md5GetContextSize;=0D - EDKII_CRYPTO_MD5_INIT Md5Init;=0D - EDKII_CRYPTO_MD5_DUPLICATE Md5Duplicate;=0D - EDKII_CRYPTO_MD5_UPDATE Md5Update;=0D - EDKII_CRYPTO_MD5_FINAL Md5Final;=0D - EDKII_CRYPTO_MD5_HASH_ALL Md5HashAll;=0D + EDKII_CRYPTO_MD5_GET_CONTEXT_SIZE Md5GetContextSize;=0D + EDKII_CRYPTO_MD5_INIT Md5Init;=0D + EDKII_CRYPTO_MD5_DUPLICATE Md5Duplicate;=0D + EDKII_CRYPTO_MD5_UPDATE Md5Update;=0D + EDKII_CRYPTO_MD5_FINAL Md5Final;=0D + EDKII_CRYPTO_MD5_HASH_ALL Md5HashAll;=0D /// Pkcs=0D - EDKII_CRYPTO_PKCS1_ENCRYPT_V2 Pkcs1v2Encrypt;=0D - EDKII_CRYPTO_PKCS5_PW_HASH Pkcs5HashPassword;=0D - EDKII_CRYPTO_PKCS7_VERIFY Pkcs7Verify;=0D - EDKII_CRYPTO_PKCS7_VERIFY_EKU VerifyEKUsInPkcs7Sign= ature;=0D - EDKII_CRYPTO_PKCS7_GET_SIGNERS Pkcs7GetSigners;=0D - EDKII_CRYPTO_PKCS7_FREE_SIGNERS Pkcs7FreeSigners;=0D - EDKII_CRYPTO_PKCS7_SIGN Pkcs7Sign;=0D - EDKII_CRYPTO_PKCS7_GET_ATTACHED_CONTENT Pkcs7GetAttachedConte= nt;=0D - EDKII_CRYPTO_PKCS7_GET_CERTIFICATES_LIST Pkcs7GetCertificatesL= ist;=0D - EDKII_CRYPTO_AUTHENTICODE_VERIFY AuthenticodeVerify;=0D - EDKII_CRYPTO_IMAGE_TIMESTAMP_VERIFY ImageTimestampVerify;= =0D + EDKII_CRYPTO_PKCS1_ENCRYPT_V2 Pkcs1v2Encrypt;=0D + EDKII_CRYPTO_PKCS5_PW_HASH Pkcs5HashPassword;=0D + EDKII_CRYPTO_PKCS7_VERIFY Pkcs7Verify;=0D + EDKII_CRYPTO_PKCS7_VERIFY_EKU VerifyEKUsInPkcs7Sig= nature;=0D + EDKII_CRYPTO_PKCS7_GET_SIGNERS Pkcs7GetSigners;=0D + EDKII_CRYPTO_PKCS7_FREE_SIGNERS Pkcs7FreeSigners;=0D + EDKII_CRYPTO_PKCS7_SIGN Pkcs7Sign;=0D + EDKII_CRYPTO_PKCS7_GET_ATTACHED_CONTENT Pkcs7GetAttachedCont= ent;=0D + EDKII_CRYPTO_PKCS7_GET_CERTIFICATES_LIST Pkcs7GetCertificates= List;=0D + EDKII_CRYPTO_AUTHENTICODE_VERIFY AuthenticodeVerify;= =0D + EDKII_CRYPTO_IMAGE_TIMESTAMP_VERIFY ImageTimestampVerify= ;=0D /// DH=0D - EDKII_CRYPTO_DH_NEW DhNew;=0D - EDKII_CRYPTO_DH_FREE DhFree;=0D - EDKII_CRYPTO_DH_GENERATE_PARAMETER DhGenerateParameter;= =0D - EDKII_CRYPTO_DH_SET_PARAMETER DhSetParameter;=0D - EDKII_CRYPTO_DH_GENERATE_KEY DhGenerateKey;=0D - EDKII_CRYPTO_DH_COMPUTE_KEY DhComputeKey;=0D + EDKII_CRYPTO_DH_NEW DhNew;=0D + EDKII_CRYPTO_DH_FREE DhFree;=0D + EDKII_CRYPTO_DH_GENERATE_PARAMETER DhGenerateParameter;= =0D + EDKII_CRYPTO_DH_SET_PARAMETER DhSetParameter;=0D + EDKII_CRYPTO_DH_GENERATE_KEY DhGenerateKey;=0D + EDKII_CRYPTO_DH_COMPUTE_KEY DhComputeKey;=0D /// Random=0D - EDKII_CRYPTO_RANDOM_SEED RandomSeed;=0D - EDKII_CRYPTO_RANDOM_BYTES RandomBytes;=0D + EDKII_CRYPTO_RANDOM_SEED RandomSeed;=0D + EDKII_CRYPTO_RANDOM_BYTES RandomBytes;=0D /// RSA=0D - EDKII_CRYPTO_RSA_VERIFY_PKCS1 RsaVerifyPkcs1;=0D - EDKII_CRYPTO_RSA_NEW RsaNew;=0D - EDKII_CRYPTO_RSA_FREE RsaFree;=0D - EDKII_CRYPTO_RSA_SET_KEY RsaSetKey;=0D - EDKII_CRYPTO_RSA_GET_KEY RsaGetKey;=0D - EDKII_CRYPTO_RSA_GENERATE_KEY RsaGenerateKey;=0D - EDKII_CRYPTO_RSA_CHECK_KEY RsaCheckKey;=0D - EDKII_CRYPTO_RSA_PKCS1_SIGN RsaPkcs1Sign;=0D - EDKII_CRYPTO_RSA_PKCS1_VERIFY RsaPkcs1Verify;=0D - EDKII_CRYPTO_RSA_GET_PRIVATE_KEY_FROM_PEM RsaGetPrivateKeyFromP= em;=0D - EDKII_CRYPTO_RSA_GET_PUBLIC_KEY_FROM_X509 RsaGetPublicKeyFromX5= 09;=0D + EDKII_CRYPTO_RSA_VERIFY_PKCS1 RsaVerifyPkcs1;=0D + EDKII_CRYPTO_RSA_NEW RsaNew;=0D + EDKII_CRYPTO_RSA_FREE RsaFree;=0D + EDKII_CRYPTO_RSA_SET_KEY RsaSetKey;=0D + EDKII_CRYPTO_RSA_GET_KEY RsaGetKey;=0D + EDKII_CRYPTO_RSA_GENERATE_KEY RsaGenerateKey;=0D + EDKII_CRYPTO_RSA_CHECK_KEY RsaCheckKey;=0D + EDKII_CRYPTO_RSA_PKCS1_SIGN RsaPkcs1Sign;=0D + EDKII_CRYPTO_RSA_PKCS1_VERIFY RsaPkcs1Verify;=0D + EDKII_CRYPTO_RSA_GET_PRIVATE_KEY_FROM_PEM RsaGetPrivateKeyFrom= Pem;=0D + EDKII_CRYPTO_RSA_GET_PUBLIC_KEY_FROM_X509 RsaGetPublicKeyFromX= 509;=0D /// Sha1=0D - EDKII_CRYPTO_SHA1_GET_CONTEXT_SIZE Sha1GetContextSize;=0D - EDKII_CRYPTO_SHA1_INIT Sha1Init;=0D - EDKII_CRYPTO_SHA1_DUPLICATE Sha1Duplicate;=0D - EDKII_CRYPTO_SHA1_UPDATE Sha1Update;=0D - EDKII_CRYPTO_SHA1_FINAL Sha1Final;=0D - EDKII_CRYPTO_SHA1_HASH_ALL Sha1HashAll;=0D + EDKII_CRYPTO_SHA1_GET_CONTEXT_SIZE Sha1GetContextSize;= =0D + EDKII_CRYPTO_SHA1_INIT Sha1Init;=0D + EDKII_CRYPTO_SHA1_DUPLICATE Sha1Duplicate;=0D + EDKII_CRYPTO_SHA1_UPDATE Sha1Update;=0D + EDKII_CRYPTO_SHA1_FINAL Sha1Final;=0D + EDKII_CRYPTO_SHA1_HASH_ALL Sha1HashAll;=0D /// Sha256=0D - EDKII_CRYPTO_SHA256_GET_CONTEXT_SIZE Sha256GetContextSize;= =0D - EDKII_CRYPTO_SHA256_INIT Sha256Init;=0D - EDKII_CRYPTO_SHA256_DUPLICATE Sha256Duplicate;=0D - EDKII_CRYPTO_SHA256_UPDATE Sha256Update;=0D - EDKII_CRYPTO_SHA256_FINAL Sha256Final;=0D - EDKII_CRYPTO_SHA256_HASH_ALL Sha256HashAll;=0D + EDKII_CRYPTO_SHA256_GET_CONTEXT_SIZE Sha256GetContextSize= ;=0D + EDKII_CRYPTO_SHA256_INIT Sha256Init;=0D + EDKII_CRYPTO_SHA256_DUPLICATE Sha256Duplicate;=0D + EDKII_CRYPTO_SHA256_UPDATE Sha256Update;=0D + EDKII_CRYPTO_SHA256_FINAL Sha256Final;=0D + EDKII_CRYPTO_SHA256_HASH_ALL Sha256HashAll;=0D /// Sha384=0D - EDKII_CRYPTO_SHA384_GET_CONTEXT_SIZE Sha384GetContextSize;= =0D - EDKII_CRYPTO_SHA384_INIT Sha384Init;=0D - EDKII_CRYPTO_SHA384_DUPLICATE Sha384Duplicate;=0D - EDKII_CRYPTO_SHA384_UPDATE Sha384Update;=0D - EDKII_CRYPTO_SHA384_FINAL Sha384Final;=0D - EDKII_CRYPTO_SHA384_HASH_ALL Sha384HashAll;=0D + EDKII_CRYPTO_SHA384_GET_CONTEXT_SIZE Sha384GetContextSize= ;=0D + EDKII_CRYPTO_SHA384_INIT Sha384Init;=0D + EDKII_CRYPTO_SHA384_DUPLICATE Sha384Duplicate;=0D + EDKII_CRYPTO_SHA384_UPDATE Sha384Update;=0D + EDKII_CRYPTO_SHA384_FINAL Sha384Final;=0D + EDKII_CRYPTO_SHA384_HASH_ALL Sha384HashAll;=0D /// Sha512=0D - EDKII_CRYPTO_SHA512_GET_CONTEXT_SIZE Sha512GetContextSize;= =0D - EDKII_CRYPTO_SHA512_INIT Sha512Init;=0D - EDKII_CRYPTO_SHA512_DUPLICATE Sha512Duplicate;=0D - EDKII_CRYPTO_SHA512_UPDATE Sha512Update;=0D - EDKII_CRYPTO_SHA512_FINAL Sha512Final;=0D - EDKII_CRYPTO_SHA512_HASH_ALL Sha512HashAll;=0D + EDKII_CRYPTO_SHA512_GET_CONTEXT_SIZE Sha512GetContextSize= ;=0D + EDKII_CRYPTO_SHA512_INIT Sha512Init;=0D + EDKII_CRYPTO_SHA512_DUPLICATE Sha512Duplicate;=0D + EDKII_CRYPTO_SHA512_UPDATE Sha512Update;=0D + EDKII_CRYPTO_SHA512_FINAL Sha512Final;=0D + EDKII_CRYPTO_SHA512_HASH_ALL Sha512HashAll;=0D /// X509=0D - EDKII_CRYPTO_X509_GET_SUBJECT_NAME X509GetSubjectName;=0D - EDKII_CRYPTO_X509_GET_COMMON_NAME X509GetCommonName;=0D - EDKII_CRYPTO_X509_GET_ORGANIZATION_NAME X509GetOrganizationNa= me;=0D - EDKII_CRYPTO_X509_VERIFY_CERT X509VerifyCert;=0D - EDKII_CRYPTO_X509_CONSTRUCT_CERTIFICATE X509ConstructCertific= ate;=0D - EDKII_CRYPTO_X509_CONSTRUCT_CERTIFICATE_STACK X509ConstructCertific= ateStack;=0D - EDKII_CRYPTO_X509_FREE X509Free;=0D - EDKII_CRYPTO_X509_STACK_FREE X509StackFree;=0D - EDKII_CRYPTO_X509_GET_TBS_CERT X509GetTBSCert;=0D + EDKII_CRYPTO_X509_GET_SUBJECT_NAME X509GetSubjectName;= =0D + EDKII_CRYPTO_X509_GET_COMMON_NAME X509GetCommonName;=0D + EDKII_CRYPTO_X509_GET_ORGANIZATION_NAME X509GetOrganizationN= ame;=0D + EDKII_CRYPTO_X509_VERIFY_CERT X509VerifyCert;=0D + EDKII_CRYPTO_X509_CONSTRUCT_CERTIFICATE X509ConstructCertifi= cate;=0D + EDKII_CRYPTO_X509_CONSTRUCT_CERTIFICATE_STACK X509ConstructCertifi= cateStack;=0D + EDKII_CRYPTO_X509_FREE X509Free;=0D + EDKII_CRYPTO_X509_STACK_FREE X509StackFree;=0D + EDKII_CRYPTO_X509_GET_TBS_CERT X509GetTBSCert;=0D /// TDES - deprecated and unsupported=0D - DEPRECATED_EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE DeprecatedTdesGetCont= extSize;=0D - DEPRECATED_EDKII_CRYPTO_TDES_INIT DeprecatedTdesInit;=0D - DEPRECATED_EDKII_CRYPTO_TDES_ECB_ENCRYPT DeprecatedTdesEcbEncr= ypt;=0D - DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT DeprecatedTdesEcbDecr= ypt;=0D - DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT DeprecatedTdesCbcEncr= ypt;=0D - DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT DeprecatedTdesCbcDecr= ypt;=0D + DEPRECATED_EDKII_CRYPTO_TDES_GET_CONTEXT_SIZE DeprecatedTdesGetCon= textSize;=0D + DEPRECATED_EDKII_CRYPTO_TDES_INIT DeprecatedTdesInit;= =0D + DEPRECATED_EDKII_CRYPTO_TDES_ECB_ENCRYPT DeprecatedTdesEcbEnc= rypt;=0D + DEPRECATED_EDKII_CRYPTO_TDES_ECB_DECRYPT DeprecatedTdesEcbDec= rypt;=0D + DEPRECATED_EDKII_CRYPTO_TDES_CBC_ENCRYPT DeprecatedTdesCbcEnc= rypt;=0D + DEPRECATED_EDKII_CRYPTO_TDES_CBC_DECRYPT DeprecatedTdesCbcDec= rypt;=0D /// AES - ECB Mode is deprecated and unsupported=0D - EDKII_CRYPTO_AES_GET_CONTEXT_SIZE AesGetContextSize;=0D - EDKII_CRYPTO_AES_INIT AesInit;=0D - DEPRECATED_EDKII_CRYPTO_AES_ECB_ENCRYPT DeprecatedAesEcbEncry= pt;=0D - DEPRECATED_EDKII_CRYPTO_AES_ECB_DECRYPT DeprecatedAesEcbDecry= pt;=0D - EDKII_CRYPTO_AES_CBC_ENCRYPT AesCbcEncrypt;=0D - EDKII_CRYPTO_AES_CBC_DECRYPT AesCbcDecrypt;=0D + EDKII_CRYPTO_AES_GET_CONTEXT_SIZE AesGetContextSize;=0D + EDKII_CRYPTO_AES_INIT AesInit;=0D + DEPRECATED_EDKII_CRYPTO_AES_ECB_ENCRYPT DeprecatedAesEcbEncr= ypt;=0D + DEPRECATED_EDKII_CRYPTO_AES_ECB_DECRYPT DeprecatedAesEcbDecr= ypt;=0D + EDKII_CRYPTO_AES_CBC_ENCRYPT AesCbcEncrypt;=0D + EDKII_CRYPTO_AES_CBC_DECRYPT AesCbcDecrypt;=0D /// Arc4 - deprecated and unsupported=0D - DEPRECATED_EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE DeprecatedArc4GetCont= extSize;=0D - DEPRECATED_EDKII_CRYPTO_ARC4_INIT DeprecatedArc4Init;=0D - DEPRECATED_EDKII_CRYPTO_ARC4_ENCRYPT DeprecatedArc4Encrypt= ;=0D - DEPRECATED_EDKII_CRYPTO_ARC4_DECRYPT DeprecatedArc4Decrypt= ;=0D - DEPRECATED_EDKII_CRYPTO_ARC4_RESET DeprecatedArc4Reset;= =0D + DEPRECATED_EDKII_CRYPTO_ARC4_GET_CONTEXT_SIZE DeprecatedArc4GetCon= textSize;=0D + DEPRECATED_EDKII_CRYPTO_ARC4_INIT DeprecatedArc4Init;= =0D + DEPRECATED_EDKII_CRYPTO_ARC4_ENCRYPT DeprecatedArc4Encryp= t;=0D + DEPRECATED_EDKII_CRYPTO_ARC4_DECRYPT DeprecatedArc4Decryp= t;=0D + DEPRECATED_EDKII_CRYPTO_ARC4_RESET DeprecatedArc4Reset;= =0D /// SM3=0D - EDKII_CRYPTO_SM3_GET_CONTEXT_SIZE Sm3GetContextSize;=0D - EDKII_CRYPTO_SM3_INIT Sm3Init;=0D - EDKII_CRYPTO_SM3_DUPLICATE Sm3Duplicate;=0D - EDKII_CRYPTO_SM3_UPDATE Sm3Update;=0D - EDKII_CRYPTO_SM3_FINAL Sm3Final;=0D - EDKII_CRYPTO_SM3_HASH_ALL Sm3HashAll;=0D + EDKII_CRYPTO_SM3_GET_CONTEXT_SIZE Sm3GetContextSize;=0D + EDKII_CRYPTO_SM3_INIT Sm3Init;=0D + EDKII_CRYPTO_SM3_DUPLICATE Sm3Duplicate;=0D + EDKII_CRYPTO_SM3_UPDATE Sm3Update;=0D + EDKII_CRYPTO_SM3_FINAL Sm3Final;=0D + EDKII_CRYPTO_SM3_HASH_ALL Sm3HashAll;=0D /// HKDF=0D - EDKII_CRYPTO_HKDF_SHA_256_EXTRACT_AND_EXPAND HkdfSha256ExtractAndE= xpand;=0D + EDKII_CRYPTO_HKDF_SHA_256_EXTRACT_AND_EXPAND HkdfSha256ExtractAnd= Expand;=0D /// X509 (Continued)=0D - EDKII_CRYPTO_X509_CONSTRUCT_CERTIFICATE_STACK_V X509ConstructCertific= ateStackV;=0D + EDKII_CRYPTO_X509_CONSTRUCT_CERTIFICATE_STACK_V X509ConstructCertifi= cateStackV;=0D /// TLS=0D - EDKII_CRYPTO_TLS_INITIALIZE TlsInitialize;=0D - EDKII_CRYPTO_TLS_CTX_FREE TlsCtxFree;=0D - EDKII_CRYPTO_TLS_CTX_NEW TlsCtxNew;=0D - EDKII_CRYPTO_TLS_FREE TlsFree;=0D - EDKII_CRYPTO_TLS_NEW TlsNew;=0D - EDKII_CRYPTO_TLS_IN_HANDSHAKE TlsInHandshake;=0D - EDKII_CRYPTO_TLS_DO_HANDSHAKE TlsDoHandshake;=0D - EDKII_CRYPTO_TLS_HANDLE_ALERT TlsHandleAlert;=0D - EDKII_CRYPTO_TLS_CLOSE_NOTIFY TlsCloseNotify;=0D - EDKII_CRYPTO_TLS_CTRL_TRAFFIC_OUT TlsCtrlTrafficOut;=0D - EDKII_CRYPTO_TLS_CTRL_TRAFFIC_IN TlsCtrlTrafficIn;=0D - EDKII_CRYPTO_TLS_READ TlsRead;=0D - EDKII_CRYPTO_TLS_WRITE TlsWrite;=0D + EDKII_CRYPTO_TLS_INITIALIZE TlsInitialize;=0D + EDKII_CRYPTO_TLS_CTX_FREE TlsCtxFree;=0D + EDKII_CRYPTO_TLS_CTX_NEW TlsCtxNew;=0D + EDKII_CRYPTO_TLS_FREE TlsFree;=0D + EDKII_CRYPTO_TLS_NEW TlsNew;=0D + EDKII_CRYPTO_TLS_IN_HANDSHAKE TlsInHandshake;=0D + EDKII_CRYPTO_TLS_DO_HANDSHAKE TlsDoHandshake;=0D + EDKII_CRYPTO_TLS_HANDLE_ALERT TlsHandleAlert;=0D + EDKII_CRYPTO_TLS_CLOSE_NOTIFY TlsCloseNotify;=0D + EDKII_CRYPTO_TLS_CTRL_TRAFFIC_OUT TlsCtrlTrafficOut;=0D + EDKII_CRYPTO_TLS_CTRL_TRAFFIC_IN TlsCtrlTrafficIn;=0D + EDKII_CRYPTO_TLS_READ TlsRead;=0D + EDKII_CRYPTO_TLS_WRITE TlsWrite;=0D /// TLS Set=0D - EDKII_CRYPTO_TLS_SET_VERSION TlsSetVersion;=0D - EDKII_CRYPTO_TLS_SET_CONNECTION_END TlsSetConnectionEnd;= =0D - EDKII_CRYPTO_TLS_SET_CIPHER_LIST TlsSetCipherList;=0D - EDKII_CRYPTO_TLS_SET_COMPRESSION_METHOD TlsSetCompressionMeth= od;=0D - EDKII_CRYPTO_TLS_SET_VERIFY TlsSetVerify;=0D - EDKII_CRYPTO_TLS_SET_VERIFY_HOST TlsSetVerifyHost;=0D - EDKII_CRYPTO_TLS_SET_SESSIONID TlsSetSessionId;=0D - EDKII_CRYPTO_TLS_SET_CA_CERTIFICATE TlsSetCaCertificate;= =0D - EDKII_CRYPTO_TLS_SET_HOST_PUBLIC_CERT TlsSetHostPublicCert;= =0D - EDKII_CRYPTO_TLS_SET_HOST_PRIVATE_KEY TlsSetHostPrivateKey;= =0D - EDKII_CRYPTO_TLS_SET_CERT_REVOCATION_LIST TlsSetCertRevocationL= ist;=0D + EDKII_CRYPTO_TLS_SET_VERSION TlsSetVersion;=0D + EDKII_CRYPTO_TLS_SET_CONNECTION_END TlsSetConnectionEnd;= =0D + EDKII_CRYPTO_TLS_SET_CIPHER_LIST TlsSetCipherList;=0D + EDKII_CRYPTO_TLS_SET_COMPRESSION_METHOD TlsSetCompressionMet= hod;=0D + EDKII_CRYPTO_TLS_SET_VERIFY TlsSetVerify;=0D + EDKII_CRYPTO_TLS_SET_VERIFY_HOST TlsSetVerifyHost;=0D + EDKII_CRYPTO_TLS_SET_SESSIONID TlsSetSessionId;=0D + EDKII_CRYPTO_TLS_SET_CA_CERTIFICATE TlsSetCaCertificate;= =0D + EDKII_CRYPTO_TLS_SET_HOST_PUBLIC_CERT TlsSetHostPublicCert= ;=0D + EDKII_CRYPTO_TLS_SET_HOST_PRIVATE_KEY TlsSetHostPrivateKey= ;=0D + EDKII_CRYPTO_TLS_SET_CERT_REVOCATION_LIST TlsSetCertRevocation= List;=0D /// TLS Get=0D - EDKII_CRYPTO_TLS_GET_VERSION TlsGetVersion;=0D - EDKII_CRYPTO_TLS_GET_CONNECTION_END TlsGetConnectionEnd;= =0D - EDKII_CRYPTO_TLS_GET_CURRENT_CIPHER TlsGetCurrentCipher;= =0D - EDKII_CRYPTO_TLS_GET_CURRENT_COMPRESSION_ID TlsGetCurrentCompress= ionId;=0D - EDKII_CRYPTO_TLS_GET_VERIFY TlsGetVerify;=0D - EDKII_CRYPTO_TLS_GET_SESSION_ID TlsGetSessionId;=0D - EDKII_CRYPTO_TLS_GET_CLIENT_RANDOM TlsGetClientRandom;=0D - EDKII_CRYPTO_TLS_GET_SERVER_RANDOM TlsGetServerRandom;=0D - EDKII_CRYPTO_TLS_GET_KEY_MATERIAL TlsGetKeyMaterial;=0D - EDKII_CRYPTO_TLS_GET_CA_CERTIFICATE TlsGetCaCertificate;= =0D - EDKII_CRYPTO_TLS_GET_HOST_PUBLIC_CERT TlsGetHostPublicCert;= =0D - EDKII_CRYPTO_TLS_GET_HOST_PRIVATE_KEY TlsGetHostPrivateKey;= =0D - EDKII_CRYPTO_TLS_GET_CERT_REVOCATION_LIST TlsGetCertRevocationL= ist;=0D + EDKII_CRYPTO_TLS_GET_VERSION TlsGetVersion;=0D + EDKII_CRYPTO_TLS_GET_CONNECTION_END TlsGetConnectionEnd;= =0D + EDKII_CRYPTO_TLS_GET_CURRENT_CIPHER TlsGetCurrentCipher;= =0D + EDKII_CRYPTO_TLS_GET_CURRENT_COMPRESSION_ID TlsGetCurrentCompres= sionId;=0D + EDKII_CRYPTO_TLS_GET_VERIFY TlsGetVerify;=0D + EDKII_CRYPTO_TLS_GET_SESSION_ID TlsGetSessionId;=0D + EDKII_CRYPTO_TLS_GET_CLIENT_RANDOM TlsGetClientRandom;= =0D + EDKII_CRYPTO_TLS_GET_SERVER_RANDOM TlsGetServerRandom;= =0D + EDKII_CRYPTO_TLS_GET_KEY_MATERIAL TlsGetKeyMaterial;=0D + EDKII_CRYPTO_TLS_GET_CA_CERTIFICATE TlsGetCaCertificate;= =0D + EDKII_CRYPTO_TLS_GET_HOST_PUBLIC_CERT TlsGetHostPublicCert= ;=0D + EDKII_CRYPTO_TLS_GET_HOST_PRIVATE_KEY TlsGetHostPrivateKey= ;=0D + EDKII_CRYPTO_TLS_GET_CERT_REVOCATION_LIST TlsGetCertRevocation= List;=0D /// RSA PSS=0D - EDKII_CRYPTO_RSA_PSS_SIGN RsaPssSign;=0D - EDKII_CRYPTO_RSA_PSS_VERIFY RsaPssVerify;=0D + EDKII_CRYPTO_RSA_PSS_SIGN RsaPssSign;=0D + EDKII_CRYPTO_RSA_PSS_VERIFY RsaPssVerify;=0D /// Parallel hash=0D - EDKII_CRYPTO_PARALLEL_HASH_ALL ParallelHash256HashAl= l;=0D + EDKII_CRYPTO_PARALLEL_HASH_ALL ParallelHash256HashA= ll;=0D /// HMAC SHA256 (continued)=0D - EDKII_CRYPTO_HMAC_SHA256_ALL HmacSha256All;=0D + EDKII_CRYPTO_HMAC_SHA256_ALL HmacSha256All;=0D /// HMAC SHA384=0D - EDKII_CRYPTO_HMAC_SHA384_NEW HmacSha384New;=0D - EDKII_CRYPTO_HMAC_SHA384_FREE HmacSha384Free;=0D - EDKII_CRYPTO_HMAC_SHA384_SET_KEY HmacSha384SetKey;=0D - EDKII_CRYPTO_HMAC_SHA384_DUPLICATE HmacSha384Duplicate;= =0D - EDKII_CRYPTO_HMAC_SHA384_UPDATE HmacSha384Update;=0D - EDKII_CRYPTO_HMAC_SHA384_FINAL HmacSha384Final;=0D - EDKII_CRYPTO_HMAC_SHA384_ALL HmacSha384All;=0D + EDKII_CRYPTO_HMAC_SHA384_NEW HmacSha384New;=0D + EDKII_CRYPTO_HMAC_SHA384_FREE HmacSha384Free;=0D + EDKII_CRYPTO_HMAC_SHA384_SET_KEY HmacSha384SetKey;=0D + EDKII_CRYPTO_HMAC_SHA384_DUPLICATE HmacSha384Duplicate;= =0D + EDKII_CRYPTO_HMAC_SHA384_UPDATE HmacSha384Update;=0D + EDKII_CRYPTO_HMAC_SHA384_FINAL HmacSha384Final;=0D + EDKII_CRYPTO_HMAC_SHA384_ALL HmacSha384All;=0D /// HKDF (continued)=0D - EDKII_CRYPTO_HKDF_SHA_256_EXTRACT HkdfSha256Extract;=0D - EDKII_CRYPTO_HKDF_SHA_256_EXPAND HkdfSha256Expand;=0D - EDKII_CRYPTO_HKDF_SHA_384_EXTRACT_AND_EXPAND HkdfSha384ExtractAndE= xpand;=0D - EDKII_CRYPTO_HKDF_SHA_384_EXTRACT HkdfSha384Extract;=0D - EDKII_CRYPTO_HKDF_SHA_384_EXPAND HkdfSha384Expand;=0D + EDKII_CRYPTO_HKDF_SHA_256_EXTRACT HkdfSha256Extract;=0D + EDKII_CRYPTO_HKDF_SHA_256_EXPAND HkdfSha256Expand;=0D + EDKII_CRYPTO_HKDF_SHA_384_EXTRACT_AND_EXPAND HkdfSha384ExtractAnd= Expand;=0D + EDKII_CRYPTO_HKDF_SHA_384_EXTRACT HkdfSha384Extract;=0D + EDKII_CRYPTO_HKDF_SHA_384_EXPAND HkdfSha384Expand;=0D /// AEAD AES-GCM=0D - EDKII_AEAD_AES_GCM_ENCRYPT AeadAesGcmEncrypt;=0D - EDKII_AEAD_AES_GCM_DECRYPT AeadAesGcmDecrypt;=0D + EDKII_AEAD_AES_GCM_ENCRYPT AeadAesGcmEncrypt;=0D + EDKII_AEAD_AES_GCM_DECRYPT AeadAesGcmDecrypt;=0D /// BIGNUM=0D - EDKII_CRYPTO_BIGNUM_INIT BigNumInit;=0D - EDKII_CRYPTO_BIGNUM_FROM_BIN BigNumFromBin;=0D - EDKII_CRYPTO_BIGNUM_TO_BIN BigNumToBin;=0D - EDKII_CRYPTO_BIGNUM_FREE BigNumFree;=0D - EDKII_CRYPTO_BIGNUM_ADD BigNumAdd;=0D - EDKII_CRYPTO_BIGNUM_SUB BigNumSub;=0D - EDKII_CRYPTO_BIGNUM_MOD BigNumMod;=0D - EDKII_CRYPTO_BIGNUM_EXP_MOD BigNumExpMod;=0D - EDKII_CRYPTO_BIGNUM_INVERSE_MOD BigNumInverseMod;=0D - EDKII_CRYPTO_BIGNUM_DIV BigNumDiv;=0D - EDKII_CRYPTO_BIGNUM_MUL_MOD BigNumMulMod;=0D - EDKII_CRYPTO_BIGNUM_CMP BigNumCmp;=0D - EDKII_CRYPTO_BIGNUM_BITS BigNumBits;=0D - EDKII_CRYPTO_BIGNUM_BYTES BigNumBytes;=0D - EDKII_CRYPTO_BIGNUM_IS_WORD BigNumIsWord;=0D - EDKII_CRYPTO_BIGNUM_IS_ODD BigNumIsOdd;=0D - EDKII_CRYPTO_BIGNUM_COPY BigNumCopy;=0D - EDKII_CRYPTO_BIGNUM_VALUE_ONE BigNumValueOne;=0D - EDKII_CRYPTO_BIGNUM_R_SHIFT BigNumRShift;=0D - EDKII_CRYPTO_BIGNUM_CONST_TIME BigNumConstTime;=0D - EDKII_CRYPTO_BIGNUM_SQR_MOD BigNumSqrMod;=0D - EDKII_CRYPTO_BIGNUM_NEW_CONTEXT BigNumNewContext;=0D - EDKII_CRYPTO_BIGNUM_CONTEXT_FREE BigNumContextFree;=0D - EDKII_CRYPTO_BIGNUM_SET_UINT BigNumSetUint;=0D - EDKII_CRYPTO_BIGNUM_ADD_MOD BigNumAddMod;=0D + EDKII_CRYPTO_BIGNUM_INIT BigNumInit;=0D + EDKII_CRYPTO_BIGNUM_FROM_BIN BigNumFromBin;=0D + EDKII_CRYPTO_BIGNUM_TO_BIN BigNumToBin;=0D + EDKII_CRYPTO_BIGNUM_FREE BigNumFree;=0D + EDKII_CRYPTO_BIGNUM_ADD BigNumAdd;=0D + EDKII_CRYPTO_BIGNUM_SUB BigNumSub;=0D + EDKII_CRYPTO_BIGNUM_MOD BigNumMod;=0D + EDKII_CRYPTO_BIGNUM_EXP_MOD BigNumExpMod;=0D + EDKII_CRYPTO_BIGNUM_INVERSE_MOD BigNumInverseMod;=0D + EDKII_CRYPTO_BIGNUM_DIV BigNumDiv;=0D + EDKII_CRYPTO_BIGNUM_MUL_MOD BigNumMulMod;=0D + EDKII_CRYPTO_BIGNUM_CMP BigNumCmp;=0D + EDKII_CRYPTO_BIGNUM_BITS BigNumBits;=0D + EDKII_CRYPTO_BIGNUM_BYTES BigNumBytes;=0D + EDKII_CRYPTO_BIGNUM_IS_WORD BigNumIsWord;=0D + EDKII_CRYPTO_BIGNUM_IS_ODD BigNumIsOdd;=0D + EDKII_CRYPTO_BIGNUM_COPY BigNumCopy;=0D + EDKII_CRYPTO_BIGNUM_VALUE_ONE BigNumValueOne;=0D + EDKII_CRYPTO_BIGNUM_R_SHIFT BigNumRShift;=0D + EDKII_CRYPTO_BIGNUM_CONST_TIME BigNumConstTime;=0D + EDKII_CRYPTO_BIGNUM_SQR_MOD BigNumSqrMod;=0D + EDKII_CRYPTO_BIGNUM_NEW_CONTEXT BigNumNewContext;=0D + EDKII_CRYPTO_BIGNUM_CONTEXT_FREE BigNumContextFree;=0D + EDKII_CRYPTO_BIGNUM_SET_UINT BigNumSetUint;=0D + EDKII_CRYPTO_BIGNUM_ADD_MOD BigNumAddMod;=0D + /// X509 (Continued)=0D + EDKII_CRYPTO_X509_GET_VERSION X509GetVersion;=0D + EDKII_CRYPTO_X509_GET_SERIAL_NUMBER X509GetSerialNumber;= =0D + EDKII_CRYPTO_X509_GET_ISSUER_NAME X509GetIssuerName;=0D + EDKII_CRYPTO_X509_GET_SIGNATURE_ALGORITHM X509GetSignatureAlgo= rithm;=0D + EDKII_CRYPTO_X509_GET_EXTENSION_DATA X509GetExtensionData= ;=0D + EDKII_CRYPTO_X509_GET_EXTENDED_KEY_USAGE X509GetExtendedKeyUs= age;=0D + EDKII_CRYPTO_X509_GET_VALIDITY X509GetValidity;=0D + EDKII_CRYPTO_X509_SET_DATE_TIME X509SetDateTime;=0D + EDKII_CRYPTO_X509_COMPARE_DATE_TIME X509CompareDateTime;= =0D + EDKII_CRYPTO_X509_GET_KEY_USAGE X509GetKeyUsage;=0D + EDKII_CRYPTO_X509_VERIFY_CERT_CHAIN X509VerifyCertChain;= =0D + EDKII_CRYPTO_X509_GET_CERT_FROM_CERT_CHAIN X509GetCertFromCertC= hain;=0D + EDKII_CRYPTO_ASN1_GET_TAG Asn1GetTag;=0D + EDKII_CRYPTO_X509_GET_EXTENDED_BASIC_CONSTRAINTS X509GetExtendedBasic= Constraints;=0D };=0D =0D extern GUID gEdkiiCryptoProtocolGuid;=0D --=20 2.26.2.windows.1