Update CryptoPkg for new ciphers (HMAC, Block Cipher, etc) supports.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10997 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
@@ -27,11 +27,19 @@
|
||||
#
|
||||
|
||||
[Sources]
|
||||
InternalCryptLib.h
|
||||
Hash/CryptMd5.c
|
||||
Hash/CryptSha1.c
|
||||
Hash/CryptSha256.c
|
||||
Hmac/CryptHmacMd5.c
|
||||
Hmac/CryptHmacSha1.c
|
||||
Cipher/CryptAes.c
|
||||
Cipher/CryptTdes.c
|
||||
Cipher/CryptArc4.c
|
||||
Rand/CryptRand.c
|
||||
Pk/CryptRsa.c
|
||||
Pk/CryptPkcs7.c
|
||||
Pk/CryptDh.c
|
||||
|
||||
SysCall/CrtWrapper.c
|
||||
SysCall/TimerWrapper.c
|
||||
@@ -58,8 +66,6 @@
|
||||
SysCall/Ia32/MathLShiftS64.S | GCC
|
||||
SysCall/Ia32/MathRShiftU64.S | GCC
|
||||
|
||||
SysCall/Ia32/Alloca.S | GCC
|
||||
|
||||
[Packages]
|
||||
MdePkg/MdePkg.dec
|
||||
CryptoPkg/CryptoPkg.dec
|
||||
|
309
CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c
Normal file
309
CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c
Normal file
@@ -0,0 +1,309 @@
|
||||
/** @file
|
||||
AES Wrapper Implementation over OpenSSL.
|
||||
|
||||
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
#include <openssl/aes.h>
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for AES operations.
|
||||
|
||||
@return The size, in bytes, of the context buffer required for AES operations.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
EFIAPI
|
||||
AesGetContextSize (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
//
|
||||
// AES uses different key contexts for encryption and decryption, so here memory
|
||||
// for 2 copies of AES_KEY is allocated.
|
||||
//
|
||||
return (UINTN) (2 * sizeof (AES_KEY));
|
||||
}
|
||||
|
||||
/**
|
||||
Initializes user-supplied memory as AES context for subsequent use.
|
||||
|
||||
This function initializes user-supplied memory pointed by AesContext as AES context.
|
||||
In addtion, it sets up all AES key materials for subsequent encryption and decryption
|
||||
operations.
|
||||
There are 3 options for key length, 128 bits, 192 bits, and 256 bits.
|
||||
|
||||
If AesContext is NULL, then ASSERT().
|
||||
If Key is NULL, then ASSERT().
|
||||
If KeyLength is not valid, then ASSERT().
|
||||
|
||||
@param[out] AesContext Pointer to AES context being initialized.
|
||||
@param[in] Key Pointer to the user-supplied AES key.
|
||||
@param[in] KeyLength Length of AES key in bits.
|
||||
|
||||
@retval TRUE AES context initialization succeeded.
|
||||
@retval FALSE AES context initialization failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
AesInit (
|
||||
OUT VOID *AesContext,
|
||||
IN CONST UINT8 *Key,
|
||||
IN UINTN KeyLength
|
||||
)
|
||||
{
|
||||
AES_KEY *AesKey;
|
||||
|
||||
ASSERT (AesContext != NULL);
|
||||
//
|
||||
// AES Key Checking
|
||||
//
|
||||
ASSERT (Key != NULL);
|
||||
ASSERT ((KeyLength == 128) || (KeyLength == 192) || (KeyLength == 256));
|
||||
|
||||
//
|
||||
// Initialize AES encryption & decryption key schedule.
|
||||
//
|
||||
AesKey = (AES_KEY *) AesContext;
|
||||
if (AES_set_encrypt_key (Key, (UINT32) KeyLength, AesKey) != 0) {
|
||||
return FALSE;
|
||||
}
|
||||
if (AES_set_decrypt_key (Key, (UINT32) KeyLength, AesKey + 1) != 0) {
|
||||
return FALSE;
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs AES encryption on a data buffer of the specified size in ECB mode.
|
||||
|
||||
This function performs AES encryption on data buffer pointed by Input, of specified
|
||||
size of InputSize, in ECB mode.
|
||||
InputSize must be multiple of block size (16 bytes). This function does not perform
|
||||
padding. Caller must perform padding, if necessary, to ensure valid input data size.
|
||||
AesContext should be already correctly initialized by AesInit(). Behavior with
|
||||
invalid AES context is undefined.
|
||||
|
||||
If AesContext is NULL, then ASSERT().
|
||||
If Input is NULL, then ASSERT().
|
||||
If InputSize is not multiple of block size (16 bytes), then ASSERT().
|
||||
If Output is NULL, then ASSERT().
|
||||
|
||||
@param[in] AesContext Pointer to the AES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[out] Output Pointer to a buffer that receives the AES encryption output.
|
||||
|
||||
@retval TRUE AES encryption succeeded.
|
||||
@retval FALSE AES encryption failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
AesEcbEncrypt (
|
||||
IN VOID *AesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
AES_KEY *AesKey;
|
||||
|
||||
ASSERT (AesContext != NULL);
|
||||
ASSERT (Input != NULL);
|
||||
ASSERT ((InputSize % AES_BLOCK_SIZE) == 0);
|
||||
ASSERT (Output != NULL);
|
||||
|
||||
AesKey = (AES_KEY *) AesContext;
|
||||
|
||||
//
|
||||
// Perform AES data encryption with ECB mode (block-by-block)
|
||||
//
|
||||
while (InputSize > 0) {
|
||||
AES_ecb_encrypt (Input, Output, AesKey, AES_ENCRYPT);
|
||||
Input += AES_BLOCK_SIZE;
|
||||
Output += AES_BLOCK_SIZE;
|
||||
InputSize -= AES_BLOCK_SIZE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs AES decryption on a data buffer of the specified size in ECB mode.
|
||||
|
||||
This function performs AES decryption on data buffer pointed by Input, of specified
|
||||
size of InputSize, in ECB mode.
|
||||
InputSize must be multiple of block size (16 bytes). This function does not perform
|
||||
padding. Caller must perform padding, if necessary, to ensure valid input data size.
|
||||
AesContext should be already correctly initialized by AesInit(). Behavior with
|
||||
invalid AES context is undefined.
|
||||
|
||||
If AesContext is NULL, then ASSERT().
|
||||
If Input is NULL, then ASSERT().
|
||||
If InputSize is not multiple of block size (16 bytes), then ASSERT().
|
||||
If Output is NULL, then ASSERT().
|
||||
|
||||
@param[in] AesContext Pointer to the AES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be decrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[out] Output Pointer to a buffer that receives the AES decryption output.
|
||||
|
||||
@retval TRUE AES decryption succeeded.
|
||||
@retval FALSE AES decryption failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
AesEcbDecrypt (
|
||||
IN VOID *AesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
AES_KEY *AesKey;
|
||||
|
||||
ASSERT (AesContext != NULL);
|
||||
ASSERT (Input != NULL);
|
||||
ASSERT ((InputSize % AES_BLOCK_SIZE) == 0);
|
||||
ASSERT (Output != NULL);
|
||||
|
||||
AesKey = (AES_KEY *) AesContext;
|
||||
|
||||
//
|
||||
// Perform AES data decryption with ECB mode (block-by-block)
|
||||
//
|
||||
while (InputSize > 0) {
|
||||
AES_ecb_encrypt (Input, Output, AesKey + 1, AES_DECRYPT);
|
||||
Input += AES_BLOCK_SIZE;
|
||||
Output += AES_BLOCK_SIZE;
|
||||
InputSize -= AES_BLOCK_SIZE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs AES encryption on a data buffer of the specified size in CBC mode.
|
||||
|
||||
This function performs AES encryption on data buffer pointed by Input, of specified
|
||||
size of InputSize, in CBC mode.
|
||||
InputSize must be multiple of block size (16 bytes). This function does not perform
|
||||
padding. Caller must perform padding, if necessary, to ensure valid input data size.
|
||||
Initialization vector should be one block size (16 bytes).
|
||||
AesContext should be already correctly initialized by AesInit(). Behavior with
|
||||
invalid AES context is undefined.
|
||||
|
||||
If AesContext is NULL, then ASSERT().
|
||||
If Input is NULL, then ASSERT().
|
||||
If InputSize is not multiple of block size (16 bytes), then ASSERT().
|
||||
If Ivec is NULL, then ASSERT().
|
||||
If Output is NULL, then ASSERT().
|
||||
|
||||
@param[in] AesContext Pointer to the AES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[in] Ivec Pointer to initialization vector.
|
||||
@param[out] Output Pointer to a buffer that receives the AES encryption output.
|
||||
|
||||
@retval TRUE AES encryption succeeded.
|
||||
@retval FALSE AES encryption failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
AesCbcEncrypt (
|
||||
IN VOID *AesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
IN CONST UINT8 *Ivec,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
AES_KEY *AesKey;
|
||||
UINT8 IvecBuffer[AES_BLOCK_SIZE];
|
||||
|
||||
ASSERT (AesContext != NULL);
|
||||
ASSERT (Input != NULL);
|
||||
ASSERT ((InputSize % AES_BLOCK_SIZE) == 0);
|
||||
ASSERT (Ivec != NULL);
|
||||
ASSERT (Output != NULL);
|
||||
|
||||
AesKey = (AES_KEY *) AesContext;
|
||||
CopyMem (IvecBuffer, Ivec, AES_BLOCK_SIZE);
|
||||
|
||||
//
|
||||
// Perform AES data encryption with CBC mode
|
||||
//
|
||||
AES_cbc_encrypt (Input, Output, (UINT32) InputSize, AesKey, IvecBuffer, AES_ENCRYPT);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs AES decryption on a data buffer of the specified size in CBC mode.
|
||||
|
||||
This function performs AES decryption on data buffer pointed by Input, of specified
|
||||
size of InputSize, in CBC mode.
|
||||
InputSize must be multiple of block size (16 bytes). This function does not perform
|
||||
padding. Caller must perform padding, if necessary, to ensure valid input data size.
|
||||
Initialization vector should be one block size (16 bytes).
|
||||
AesContext should be already correctly initialized by AesInit(). Behavior with
|
||||
invalid AES context is undefined.
|
||||
|
||||
If AesContext is NULL, then ASSERT().
|
||||
If Input is NULL, then ASSERT().
|
||||
If InputSize is not multiple of block size (16 bytes), then ASSERT().
|
||||
If Ivec is NULL, then ASSERT().
|
||||
If Output is NULL, then ASSERT().
|
||||
|
||||
@param[in] AesContext Pointer to the AES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[in] Ivec Pointer to initialization vector.
|
||||
@param[out] Output Pointer to a buffer that receives the AES encryption output.
|
||||
|
||||
@retval TRUE AES decryption succeeded.
|
||||
@retval FALSE AES decryption failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
AesCbcDecrypt (
|
||||
IN VOID *AesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
IN CONST UINT8 *Ivec,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
AES_KEY *AesKey;
|
||||
UINT8 IvecBuffer[AES_BLOCK_SIZE];
|
||||
|
||||
ASSERT (AesContext != NULL);
|
||||
ASSERT (Input != NULL);
|
||||
ASSERT ((InputSize % AES_BLOCK_SIZE) == 0);
|
||||
ASSERT (Ivec != NULL);
|
||||
ASSERT (Output != NULL);
|
||||
|
||||
AesKey = (AES_KEY *) AesContext;
|
||||
CopyMem (IvecBuffer, Ivec, AES_BLOCK_SIZE);
|
||||
|
||||
//
|
||||
// Perform AES data decryption with CBC mode
|
||||
//
|
||||
AES_cbc_encrypt (Input, Output, (UINT32) InputSize, AesKey + 1, IvecBuffer, AES_DECRYPT);
|
||||
|
||||
return TRUE;
|
||||
}
|
197
CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c
Normal file
197
CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c
Normal file
@@ -0,0 +1,197 @@
|
||||
/** @file
|
||||
ARC4 Wrapper Implementation over OpenSSL.
|
||||
|
||||
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
#include <openssl/rc4.h>
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
|
||||
|
||||
@return The size, in bytes, of the context buffer required for ARC4 operations.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
EFIAPI
|
||||
Arc4GetContextSize (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
//
|
||||
// Memory for 2 copies of RC4_KEY is allocated, one for working copy, and the other
|
||||
// for backup copy. When Arc4Reset() is called, we can use the backup copy to restore
|
||||
// the working copy to the initial state.
|
||||
//
|
||||
return (UINTN) (2 * sizeof(RC4_KEY));
|
||||
}
|
||||
|
||||
/**
|
||||
Initializes user-supplied memory as ARC4 context for subsequent use.
|
||||
|
||||
This function initializes user-supplied memory pointed by Arc4Context as ARC4 context.
|
||||
In addtion, it sets up all ARC4 key materials for subsequent encryption and decryption
|
||||
operations.
|
||||
|
||||
If Arc4Context is NULL, then ASSERT().
|
||||
If Key is NULL, then ASSERT().
|
||||
If KeySize does not in the range of [5, 256] bytes, then ASSERT().
|
||||
|
||||
@param[out] Arc4Context Pointer to ARC4 context being initialized.
|
||||
@param[in] Key Pointer to the user-supplied ARC4 key.
|
||||
@param[in] KeySize Size of ARC4 key in bytes.
|
||||
|
||||
@retval TRUE ARC4 context initialization succeeded.
|
||||
@retval FALSE ARC4 context initialization failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Arc4Init (
|
||||
OUT VOID *Arc4Context,
|
||||
IN CONST UINT8 *Key,
|
||||
IN UINTN KeySize
|
||||
)
|
||||
{
|
||||
RC4_KEY *Rc4Key;
|
||||
|
||||
ASSERT (Arc4Context != NULL);
|
||||
ASSERT (Key != NULL);
|
||||
ASSERT ((KeySize >= 5) && (KeySize <= 256));
|
||||
|
||||
Rc4Key = (RC4_KEY *) Arc4Context;
|
||||
|
||||
RC4_set_key (Rc4Key, (UINT32) KeySize, Key);
|
||||
|
||||
CopyMem (Rc4Key + 1, Rc4Key, sizeof(RC4_KEY));
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs ARC4 encryption on a data buffer of the specified size.
|
||||
|
||||
This function performs ARC4 encryption on data buffer pointed by Input, of specified
|
||||
size of InputSize.
|
||||
Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
|
||||
invalid ARC4 context is undefined.
|
||||
|
||||
If Arc4Context is NULL, then ASSERT().
|
||||
If Input is NULL, then ASSERT().
|
||||
If Output is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] Arc4Context Pointer to the ARC4 context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
|
||||
|
||||
@retval TRUE ARC4 encryption succeeded.
|
||||
@retval FALSE ARC4 encryption failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Arc4Encrypt (
|
||||
IN OUT VOID *Arc4Context,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
RC4_KEY *Rc4Key;
|
||||
|
||||
ASSERT (Arc4Context != NULL);
|
||||
ASSERT (Input != NULL);
|
||||
ASSERT (Output != NULL);
|
||||
|
||||
Rc4Key = (RC4_KEY *) Arc4Context;
|
||||
|
||||
RC4 (Rc4Key, (UINT32) InputSize, Input, Output);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs ARC4 decryption on a data buffer of the specified size.
|
||||
|
||||
This function performs ARC4 decryption on data buffer pointed by Input, of specified
|
||||
size of InputSize.
|
||||
Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
|
||||
invalid ARC4 context is undefined.
|
||||
|
||||
If Arc4Context is NULL, then ASSERT().
|
||||
If Input is NULL, then ASSERT().
|
||||
If Output is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] Arc4Context Pointer to the ARC4 context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be decrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
|
||||
|
||||
@retval TRUE ARC4 decryption succeeded.
|
||||
@retval FALSE ARC4 decryption failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Arc4Decrypt (
|
||||
IN OUT VOID *Arc4Context,
|
||||
IN UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
RC4_KEY *Rc4Key;
|
||||
|
||||
ASSERT (Arc4Context != NULL);
|
||||
ASSERT (Input != NULL);
|
||||
ASSERT (Output != NULL);
|
||||
|
||||
Rc4Key = (RC4_KEY *) Arc4Context;
|
||||
|
||||
RC4 (Rc4Key, (UINT32) InputSize, Input, Output);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Resets the ARC4 context to the initial state.
|
||||
|
||||
The function resets the ARC4 context to the state it had immediately after the
|
||||
ARC4Init() function call.
|
||||
Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but ARC4 context
|
||||
should be already correctly initialized by ARC4Init().
|
||||
|
||||
If Arc4Context is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] Arc4Context Pointer to the ARC4 context.
|
||||
|
||||
@retval TRUE ARC4 reset succeeded.
|
||||
@retval FALSE ARC4 reset failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Arc4Reset (
|
||||
IN OUT VOID *Arc4Context
|
||||
)
|
||||
{
|
||||
RC4_KEY *Rc4Key;
|
||||
|
||||
ASSERT (Arc4Context != NULL);
|
||||
|
||||
Rc4Key = (RC4_KEY *) Arc4Context;
|
||||
|
||||
CopyMem (Rc4Key, Rc4Key + 1, sizeof(RC4_KEY));
|
||||
|
||||
return TRUE;
|
||||
}
|
353
CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
Normal file
353
CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c
Normal file
@@ -0,0 +1,353 @@
|
||||
/** @file
|
||||
TDES Wrapper Implementation over OpenSSL.
|
||||
|
||||
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
#include <openssl/des.h>
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for TDES operations.
|
||||
|
||||
@return The size, in bytes, of the context buffer required for TDES operations.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
EFIAPI
|
||||
TdesGetContextSize (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
//
|
||||
// Memory for 3 copies of DES_key_schedule is allocated, for K1, K2 and K3 each.
|
||||
//
|
||||
return (UINTN) (3 * sizeof (DES_key_schedule));
|
||||
}
|
||||
|
||||
/**
|
||||
Initializes user-supplied memory as TDES context for subsequent use.
|
||||
|
||||
This function initializes user-supplied memory pointed by TdesContext as TDES context.
|
||||
In addtion, it sets up all TDES key materials for subsequent encryption and decryption
|
||||
operations.
|
||||
There are 3 key options as follows:
|
||||
KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES)
|
||||
KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security)
|
||||
KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest)
|
||||
|
||||
If TdesContext is NULL, then ASSERT().
|
||||
If Key is NULL, then ASSERT().
|
||||
If KeyLength is not valid, then ASSERT().
|
||||
|
||||
@param[out] TdesContext Pointer to TDES context being initialized.
|
||||
@param[in] Key Pointer to the user-supplied TDES key.
|
||||
@param[in] KeyLength Length of TDES key in bits.
|
||||
|
||||
@retval TRUE TDES context initialization succeeded.
|
||||
@retval FALSE TDES context initialization failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
TdesInit (
|
||||
OUT VOID *TdesContext,
|
||||
IN CONST UINT8 *Key,
|
||||
IN UINTN KeyLength
|
||||
)
|
||||
{
|
||||
DES_key_schedule *KeySchedule;
|
||||
|
||||
ASSERT (TdesContext != NULL);
|
||||
ASSERT (Key != NULL);
|
||||
ASSERT ((KeyLength == 64) || (KeyLength == 128) || (KeyLength == 192));
|
||||
|
||||
KeySchedule = (DES_key_schedule *) TdesContext;
|
||||
|
||||
//
|
||||
//
|
||||
//
|
||||
if (DES_is_weak_key ((const_DES_cblock *) Key)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
DES_set_key_unchecked ((const_DES_cblock *) Key, KeySchedule);
|
||||
|
||||
if (KeyLength == 64) {
|
||||
CopyMem (KeySchedule + 1, KeySchedule, sizeof (DES_key_schedule));
|
||||
CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule));
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
if (DES_is_weak_key ((const_DES_cblock *) Key + 8)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
DES_set_key_unchecked ((const_DES_cblock *) (Key + 8), KeySchedule + 1);
|
||||
|
||||
if (KeyLength == 128) {
|
||||
CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule));
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
if (DES_is_weak_key ((const_DES_cblock *) Key + 16)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
DES_set_key_unchecked ((const_DES_cblock *) (Key + 16), KeySchedule + 2);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs TDES encryption on a data buffer of the specified size in ECB mode.
|
||||
|
||||
This function performs TDES encryption on data buffer pointed by Input, of specified
|
||||
size of InputSize, in ECB mode.
|
||||
InputSize must be multiple of block size (8 bytes). This function does not perform
|
||||
padding. Caller must perform padding, if necessary, to ensure valid input data size.
|
||||
TdesContext should be already correctly initialized by TdesInit(). Behavior with
|
||||
invalid TDES context is undefined.
|
||||
|
||||
If TdesContext is NULL, then ASSERT().
|
||||
If Input is NULL, then ASSERT().
|
||||
If InputSize is not multiple of block size (8 bytes), then ASSERT().
|
||||
If Output is NULL, then ASSERT().
|
||||
|
||||
@param[in] TdesContext Pointer to the TDES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
|
||||
|
||||
@retval TRUE TDES encryption succeeded.
|
||||
@retval FALSE TDES encryption failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
TdesEcbEncrypt (
|
||||
IN VOID *TdesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
DES_key_schedule *KeySchedule;
|
||||
|
||||
ASSERT (TdesContext != NULL);
|
||||
ASSERT (Input != NULL);
|
||||
ASSERT ((InputSize % TDES_BLOCK_SIZE) == 0);
|
||||
ASSERT (Output != NULL);
|
||||
|
||||
KeySchedule = (DES_key_schedule *) TdesContext;
|
||||
|
||||
while (InputSize > 0) {
|
||||
DES_ecb3_encrypt (
|
||||
(const_DES_cblock *) Input,
|
||||
(DES_cblock *) Output,
|
||||
KeySchedule,
|
||||
KeySchedule + 1,
|
||||
KeySchedule + 2,
|
||||
DES_ENCRYPT
|
||||
);
|
||||
Input += TDES_BLOCK_SIZE;
|
||||
Output += TDES_BLOCK_SIZE;
|
||||
InputSize -= TDES_BLOCK_SIZE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs TDES decryption on a data buffer of the specified size in ECB mode.
|
||||
|
||||
This function performs TDES decryption on data buffer pointed by Input, of specified
|
||||
size of InputSize, in ECB mode.
|
||||
InputSize must be multiple of block size (8 bytes). This function does not perform
|
||||
padding. Caller must perform padding, if necessary, to ensure valid input data size.
|
||||
TdesContext should be already correctly initialized by TdesInit(). Behavior with
|
||||
invalid TDES context is undefined.
|
||||
|
||||
If TdesContext is NULL, then ASSERT().
|
||||
If Input is NULL, then ASSERT().
|
||||
If InputSize is not multiple of block size (8 bytes), then ASSERT().
|
||||
If Output is NULL, then ASSERT().
|
||||
|
||||
@param[in] TdesContext Pointer to the TDES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be decrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[out] Output Pointer to a buffer that receives the TDES decryption output.
|
||||
|
||||
@retval TRUE TDES decryption succeeded.
|
||||
@retval FALSE TDES decryption failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
TdesEcbDecrypt (
|
||||
IN VOID *TdesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
DES_key_schedule *KeySchedule;
|
||||
|
||||
ASSERT (TdesContext != NULL);
|
||||
ASSERT (Input != NULL);
|
||||
ASSERT ((InputSize % TDES_BLOCK_SIZE) == 0);
|
||||
ASSERT (Output != NULL);
|
||||
|
||||
KeySchedule = (DES_key_schedule *) TdesContext;
|
||||
|
||||
while (InputSize > 0) {
|
||||
DES_ecb3_encrypt (
|
||||
(const_DES_cblock *) Input,
|
||||
(DES_cblock *) Output,
|
||||
KeySchedule,
|
||||
KeySchedule + 1,
|
||||
KeySchedule + 2,
|
||||
DES_DECRYPT
|
||||
);
|
||||
Input += TDES_BLOCK_SIZE;
|
||||
Output += TDES_BLOCK_SIZE;
|
||||
InputSize -= TDES_BLOCK_SIZE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs TDES encryption on a data buffer of the specified size in CBC mode.
|
||||
|
||||
This function performs TDES encryption on data buffer pointed by Input, of specified
|
||||
size of InputSize, in CBC mode.
|
||||
InputSize must be multiple of block size (8 bytes). This function does not perform
|
||||
padding. Caller must perform padding, if necessary, to ensure valid input data size.
|
||||
Initialization vector should be one block size (8 bytes).
|
||||
TdesContext should be already correctly initialized by TdesInit(). Behavior with
|
||||
invalid TDES context is undefined.
|
||||
|
||||
If TdesContext is NULL, then ASSERT().
|
||||
If Input is NULL, then ASSERT().
|
||||
If InputSize is not multiple of block size (8 bytes), then ASSERT().
|
||||
If Ivec is NULL, then ASSERT().
|
||||
If Output is NULL, then ASSERT().
|
||||
|
||||
@param[in] TdesContext Pointer to the TDES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[in] Ivec Pointer to initialization vector.
|
||||
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
|
||||
|
||||
@retval TRUE TDES encryption succeeded.
|
||||
@retval FALSE TDES encryption failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
TdesCbcEncrypt (
|
||||
IN VOID *TdesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
IN CONST UINT8 *Ivec,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
DES_key_schedule *KeySchedule;
|
||||
UINT8 IvecBuffer[TDES_BLOCK_SIZE];
|
||||
|
||||
ASSERT (TdesContext != NULL);
|
||||
ASSERT (Input != NULL);
|
||||
ASSERT ((InputSize % TDES_BLOCK_SIZE) == 0);
|
||||
ASSERT (Ivec != NULL);
|
||||
ASSERT (Output != NULL);
|
||||
|
||||
KeySchedule = (DES_key_schedule *) TdesContext;
|
||||
CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE);
|
||||
|
||||
DES_ede3_cbc_encrypt (
|
||||
Input,
|
||||
Output,
|
||||
(UINT32) InputSize,
|
||||
KeySchedule,
|
||||
KeySchedule + 1,
|
||||
KeySchedule + 2,
|
||||
(DES_cblock *) IvecBuffer,
|
||||
DES_ENCRYPT
|
||||
);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs TDES decryption on a data buffer of the specified size in CBC mode.
|
||||
|
||||
This function performs TDES decryption on data buffer pointed by Input, of specified
|
||||
size of InputSize, in CBC mode.
|
||||
InputSize must be multiple of block size (8 bytes). This function does not perform
|
||||
padding. Caller must perform padding, if necessary, to ensure valid input data size.
|
||||
Initialization vector should be one block size (8 bytes).
|
||||
TdesContext should be already correctly initialized by TdesInit(). Behavior with
|
||||
invalid TDES context is undefined.
|
||||
|
||||
If TdesContext is NULL, then ASSERT().
|
||||
If Input is NULL, then ASSERT().
|
||||
If InputSize is not multiple of block size (8 bytes), then ASSERT().
|
||||
If Ivec is NULL, then ASSERT().
|
||||
If Output is NULL, then ASSERT().
|
||||
|
||||
@param[in] TdesContext Pointer to the TDES context.
|
||||
@param[in] Input Pointer to the buffer containing the data to be encrypted.
|
||||
@param[in] InputSize Size of the Input buffer in bytes.
|
||||
@param[in] Ivec Pointer to initialization vector.
|
||||
@param[out] Output Pointer to a buffer that receives the TDES encryption output.
|
||||
|
||||
@retval TRUE TDES decryption succeeded.
|
||||
@retval FALSE TDES decryption failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
TdesCbcDecrypt (
|
||||
IN VOID *TdesContext,
|
||||
IN CONST UINT8 *Input,
|
||||
IN UINTN InputSize,
|
||||
IN CONST UINT8 *Ivec,
|
||||
OUT UINT8 *Output
|
||||
)
|
||||
{
|
||||
DES_key_schedule *KeySchedule;
|
||||
UINT8 IvecBuffer[TDES_BLOCK_SIZE];
|
||||
|
||||
ASSERT (TdesContext != NULL);
|
||||
ASSERT (Input != NULL);
|
||||
ASSERT ((InputSize % TDES_BLOCK_SIZE) == 0);
|
||||
ASSERT (Ivec != NULL);
|
||||
ASSERT (Output != NULL);
|
||||
|
||||
KeySchedule = (DES_key_schedule *) TdesContext;
|
||||
CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE);
|
||||
|
||||
DES_ede3_cbc_encrypt (
|
||||
Input,
|
||||
Output,
|
||||
(UINT32) InputSize,
|
||||
KeySchedule,
|
||||
KeySchedule + 1,
|
||||
KeySchedule + 2,
|
||||
(DES_cblock *) IvecBuffer,
|
||||
DES_DECRYPT
|
||||
);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
@@ -12,10 +12,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include <Library/BaseLib.h>
|
||||
#include <Library/DebugLib.h>
|
||||
|
||||
#include <Library/BaseCryptLib.h>
|
||||
#include "InternalCryptLib.h"
|
||||
#include <openssl/md5.h>
|
||||
|
||||
|
||||
@@ -44,7 +41,7 @@ Md5GetContextSize (
|
||||
|
||||
If Md5Context is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] Md5Context Pointer to MD5 Context being initialized.
|
||||
@param[out] Md5Context Pointer to MD5 context being initialized.
|
||||
|
||||
@retval TRUE MD5 context initialization succeeded.
|
||||
@retval FALSE MD5 context initialization failed.
|
||||
@@ -53,7 +50,7 @@ Md5GetContextSize (
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Md5Init (
|
||||
IN OUT VOID *Md5Context
|
||||
OUT VOID *Md5Context
|
||||
)
|
||||
{
|
||||
//
|
||||
@@ -67,20 +64,47 @@ Md5Init (
|
||||
return (BOOLEAN) (MD5_Init ((MD5_CTX *)Md5Context));
|
||||
}
|
||||
|
||||
/**
|
||||
Makes a copy of an existing MD5 context.
|
||||
|
||||
If Md5Context is NULL, then ASSERT().
|
||||
If NewMd5Context is NULL, then ASSERT().
|
||||
|
||||
@param[in] Md5Context Pointer to MD5 context being copied.
|
||||
@param[out] NewMd5Context Pointer to new MD5 context.
|
||||
|
||||
@retval TRUE MD5 context copy succeeded.
|
||||
@retval FALSE MD5 context copy failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Md5Duplicate (
|
||||
IN CONST VOID *Md5Context,
|
||||
OUT VOID *NewMd5Context
|
||||
)
|
||||
{
|
||||
CopyMem (NewMd5Context, Md5Context, sizeof (MD5_CTX));
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs MD5 digest on a data buffer of the specified length. This function can
|
||||
be called multiple times to compute the digest of long or discontinuous data streams.
|
||||
Digests the input data and updates MD5 context.
|
||||
|
||||
This function performs MD5 digest on a data buffer of the specified size.
|
||||
It can be called multiple times to compute the digest of long or discontinuous data streams.
|
||||
MD5 context should be already correctly intialized by Md5Init(), and should not be finalized
|
||||
by Md5Final(). Behavior with invalid context is undefined.
|
||||
|
||||
If Md5Context is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] Md5Context Pointer to the MD5 context.
|
||||
@param[in] Data Pointer to the buffer containing the data to be hashed.
|
||||
@param[in] DataLength Length of Data buffer in bytes.
|
||||
@param[in] DataSize Size of Data buffer in bytes.
|
||||
|
||||
@retval TRUE MD5 data digest succeeded.
|
||||
@retval FALSE Invalid MD5 context. After Md5Final function has been called, the
|
||||
MD5 context cannot be reused.
|
||||
@retval FALSE MD5 data digest failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
@@ -88,7 +112,7 @@ EFIAPI
|
||||
Md5Update (
|
||||
IN OUT VOID *Md5Context,
|
||||
IN CONST VOID *Data,
|
||||
IN UINTN DataLength
|
||||
IN UINTN DataSize
|
||||
)
|
||||
{
|
||||
//
|
||||
@@ -100,24 +124,28 @@ Md5Update (
|
||||
// ASSERT if invalid parameters, in case that only DataLength was checked in OpenSSL
|
||||
//
|
||||
if (Data == NULL) {
|
||||
ASSERT (DataLength == 0);
|
||||
ASSERT (DataSize == 0);
|
||||
}
|
||||
|
||||
//
|
||||
// OpenSSL MD5 Hash Update
|
||||
//
|
||||
return (BOOLEAN) (MD5_Update ((MD5_CTX *)Md5Context, Data, DataLength));
|
||||
return (BOOLEAN) (MD5_Update ((MD5_CTX *)Md5Context, Data, DataSize));
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Completes MD5 hash computation and retrieves the digest value into the specified
|
||||
memory. After this function has been called, the MD5 context cannot be used again.
|
||||
Completes computation of the MD5 digest value.
|
||||
|
||||
This function completes MD5 hash computation and retrieves the digest value into
|
||||
the specified memory. After this function has been called, the MD5 context cannot
|
||||
be used again.
|
||||
MD5 context should be already correctly intialized by Md5Init(), and should not be
|
||||
finalized by Md5Final(). Behavior with invalid MD5 context is undefined.
|
||||
|
||||
If Md5Context is NULL, then ASSERT().
|
||||
If HashValue is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] Md5Context Pointer to the MD5 context
|
||||
@param[in, out] Md5Context Pointer to the MD5 context.
|
||||
@param[out] HashValue Pointer to a buffer that receives the MD5 digest
|
||||
value (16 bytes).
|
||||
|
||||
|
@@ -12,10 +12,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include <Library/BaseLib.h>
|
||||
#include <Library/DebugLib.h>
|
||||
|
||||
#include <Library/BaseCryptLib.h>
|
||||
#include "InternalCryptLib.h"
|
||||
#include <openssl/sha.h>
|
||||
|
||||
|
||||
@@ -37,23 +34,22 @@ Sha1GetContextSize (
|
||||
return (UINTN)(sizeof (SHA_CTX));
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Initializes user-supplied memory pointed by Sha1Context as the SHA-1 hash context for
|
||||
Initializes user-supplied memory pointed by Sha1Context as SHA-1 hash context for
|
||||
subsequent use.
|
||||
|
||||
If Sha1Context is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] Sha1Context Pointer to the SHA-1 Context being initialized.
|
||||
@param[out] Sha1Context Pointer to SHA-1 context being initialized.
|
||||
|
||||
@retval TRUE SHA-1 initialization succeeded.
|
||||
@retval FALSE SHA-1 initialization failed.
|
||||
@retval TRUE SHA-1 context initialization succeeded.
|
||||
@retval FALSE SHA-1 context initialization failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Sha1Init (
|
||||
IN OUT VOID *Sha1Context
|
||||
OUT VOID *Sha1Context
|
||||
)
|
||||
{
|
||||
//
|
||||
@@ -67,20 +63,47 @@ Sha1Init (
|
||||
return (BOOLEAN) (SHA1_Init ((SHA_CTX *)Sha1Context));
|
||||
}
|
||||
|
||||
/**
|
||||
Makes a copy of an existing SHA-1 context.
|
||||
|
||||
If Sha1Context is NULL, then ASSERT().
|
||||
If NewSha1Context is NULL, then ASSERT().
|
||||
|
||||
@param[in] Sha1Context Pointer to SHA-1 context being copied.
|
||||
@param[out] NewSha1Context Pointer to new SHA-1 context.
|
||||
|
||||
@retval TRUE SHA-1 context copy succeeded.
|
||||
@retval FALSE SHA-1 context copy failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Sha1Duplicate (
|
||||
IN CONST VOID *Sha1Context,
|
||||
OUT VOID *NewSha1Context
|
||||
)
|
||||
{
|
||||
CopyMem (NewSha1Context, Sha1Context, sizeof (SHA_CTX));
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs SHA-1 digest on a data buffer of the specified length. This function can
|
||||
be called multiple times to compute the digest of long or discontinuous data streams.
|
||||
Digests the input data and updates SHA-1 context.
|
||||
|
||||
This function performs SHA-1 digest on a data buffer of the specified size.
|
||||
It can be called multiple times to compute the digest of long or discontinuous data streams.
|
||||
SHA-1 context should be already correctly intialized by Sha1Init(), and should not be finalized
|
||||
by Sha1Final(). Behavior with invalid context is undefined.
|
||||
|
||||
If Sha1Context is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] Sha1Context Pointer to the SHA-1 context.
|
||||
@param[in] Data Pointer to the buffer containing the data to be hashed.
|
||||
@param[in] DataLength Length of Data buffer in bytes.
|
||||
@param[in] DataSize Size of Data buffer in bytes.
|
||||
|
||||
@retval TRUE SHA-1 data digest succeeded.
|
||||
@retval FALSE Invalid SHA-1 context. After Sha1Final function has been called, the
|
||||
SHA-1 context cannot be reused.
|
||||
@retval FALSE SHA-1 data digest failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
@@ -88,7 +111,7 @@ EFIAPI
|
||||
Sha1Update (
|
||||
IN OUT VOID *Sha1Context,
|
||||
IN CONST VOID *Data,
|
||||
IN UINTN DataLength
|
||||
IN UINTN DataSize
|
||||
)
|
||||
{
|
||||
//
|
||||
@@ -100,24 +123,28 @@ Sha1Update (
|
||||
// ASSERT if invalid parameters, in case that only DataLength was checked in OpenSSL
|
||||
//
|
||||
if (Data == NULL) {
|
||||
ASSERT (DataLength == 0);
|
||||
ASSERT (DataSize == 0);
|
||||
}
|
||||
|
||||
//
|
||||
// OpenSSL SHA-1 Hash Update
|
||||
//
|
||||
return (BOOLEAN) (SHA1_Update ((SHA_CTX *)Sha1Context, Data, DataLength));
|
||||
return (BOOLEAN) (SHA1_Update ((SHA_CTX *)Sha1Context, Data, DataSize));
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Completes SHA-1 hash computation and retrieves the digest value into the specified
|
||||
memory. After this function has been called, the SHA-1 context cannot be used again.
|
||||
Completes computation of the SHA-1 digest value.
|
||||
|
||||
This function completes SHA-1 hash computation and retrieves the digest value into
|
||||
the specified memory. After this function has been called, the SHA-1 context cannot
|
||||
be used again.
|
||||
SHA-1 context should be already correctly intialized by Sha1Init(), and should not be
|
||||
finalized by Sha1Final(). Behavior with invalid SHA-1 context is undefined.
|
||||
|
||||
If Sha1Context is NULL, then ASSERT().
|
||||
If HashValue is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] Sha1Context Pointer to the SHA-1 context
|
||||
@param[in, out] Sha1Context Pointer to the SHA-1 context.
|
||||
@param[out] HashValue Pointer to a buffer that receives the SHA-1 digest
|
||||
value (20 bytes).
|
||||
|
||||
|
@@ -12,17 +12,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include <Library/BaseLib.h>
|
||||
#include <Library/DebugLib.h>
|
||||
|
||||
#include <Library/BaseCryptLib.h>
|
||||
#include "InternalCryptLib.h"
|
||||
#include <openssl/sha.h>
|
||||
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for SHA-256 operations.
|
||||
Retrieves the size, in bytes, of the context buffer required for SHA-256 hash operations.
|
||||
|
||||
@return The size, in bytes, of the context buffer required for SHA-256 operations.
|
||||
@return The size, in bytes, of the context buffer required for SHA-256 hash operations.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
@@ -37,14 +33,13 @@ Sha256GetContextSize (
|
||||
return (UINTN)(sizeof (SHA256_CTX));
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Initializes user-supplied memory pointed by Sha256Context as SHA-256 hash context for
|
||||
subsequent use.
|
||||
|
||||
If Sha256Context is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] Sha256Context Pointer to SHA-256 Context being initialized.
|
||||
@param[out] Sha256Context Pointer to SHA-256 context being initialized.
|
||||
|
||||
@retval TRUE SHA-256 context initialization succeeded.
|
||||
@retval FALSE SHA-256 context initialization failed.
|
||||
@@ -53,7 +48,7 @@ Sha256GetContextSize (
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Sha256Init (
|
||||
IN OUT VOID *Sha256Context
|
||||
OUT VOID *Sha256Context
|
||||
)
|
||||
{
|
||||
//
|
||||
@@ -67,20 +62,47 @@ Sha256Init (
|
||||
return (BOOLEAN) (SHA256_Init ((SHA256_CTX *)Sha256Context));
|
||||
}
|
||||
|
||||
/**
|
||||
Makes a copy of an existing SHA-256 context.
|
||||
|
||||
If Sha256Context is NULL, then ASSERT().
|
||||
If NewSha256Context is NULL, then ASSERT().
|
||||
|
||||
@param[in] Sha256Context Pointer to SHA-256 context being copied.
|
||||
@param[out] NewSha256Context Pointer to new SHA-256 context.
|
||||
|
||||
@retval TRUE SHA-256 context copy succeeded.
|
||||
@retval FALSE SHA-256 context copy failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Sha256Duplicate (
|
||||
IN CONST VOID *Sha256Context,
|
||||
OUT VOID *NewSha256Context
|
||||
)
|
||||
{
|
||||
CopyMem (NewSha256Context, Sha256Context, sizeof (SHA256_CTX));
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs SHA-256 digest on a data buffer of the specified length. This function can
|
||||
be called multiple times to compute the digest of long or discontinuous data streams.
|
||||
Digests the input data and updates SHA-256 context.
|
||||
|
||||
This function performs SHA-256 digest on a data buffer of the specified size.
|
||||
It can be called multiple times to compute the digest of long or discontinuous data streams.
|
||||
SHA-256 context should be already correctly intialized by Sha256Init(), and should not be finalized
|
||||
by Sha256Final(). Behavior with invalid context is undefined.
|
||||
|
||||
If Sha256Context is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] Sha256Context Pointer to the SHA-256 context.
|
||||
@param[in] Data Pointer to the buffer containing the data to be hashed.
|
||||
@param[in] DataLength Length of Data buffer in bytes.
|
||||
@param[in] DataSize Size of Data buffer in bytes.
|
||||
|
||||
@retval TRUE SHA-256 data digest succeeded.
|
||||
@retval FALSE Invalid SHA-256 context. After Sha256Final function has been called, the
|
||||
SHA-256 context cannot be reused.
|
||||
@retval FALSE SHA-256 data digest failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
@@ -88,7 +110,7 @@ EFIAPI
|
||||
Sha256Update (
|
||||
IN OUT VOID *Sha256Context,
|
||||
IN CONST VOID *Data,
|
||||
IN UINTN DataLength
|
||||
IN UINTN DataSize
|
||||
)
|
||||
{
|
||||
//
|
||||
@@ -100,24 +122,28 @@ Sha256Update (
|
||||
// ASSERT if invalid parameters, in case that only DataLength was checked in OpenSSL
|
||||
//
|
||||
if (Data == NULL) {
|
||||
ASSERT (DataLength == 0);
|
||||
ASSERT (DataSize == 0);
|
||||
}
|
||||
|
||||
//
|
||||
// OpenSSL SHA-256 Hash Update
|
||||
//
|
||||
return (BOOLEAN) (SHA256_Update ((SHA256_CTX *)Sha256Context, Data, DataLength));
|
||||
return (BOOLEAN) (SHA256_Update ((SHA256_CTX *)Sha256Context, Data, DataSize));
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Completes SHA-256 hash computation and retrieves the digest value into the specified
|
||||
memory. After this function has been called, the SHA-256 context cannot be used again.
|
||||
Completes computation of the SHA-256 digest value.
|
||||
|
||||
This function completes SHA-256 hash computation and retrieves the digest value into
|
||||
the specified memory. After this function has been called, the SHA-256 context cannot
|
||||
be used again.
|
||||
SHA-256 context should be already correctly intialized by Sha256Init(), and should not be
|
||||
finalized by Sha256Final(). Behavior with invalid SHA-256 context is undefined.
|
||||
|
||||
If Sha256Context is NULL, then ASSERT().
|
||||
If HashValue is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] Sha256Context Pointer to SHA-256 context
|
||||
@param[in, out] Sha256Context Pointer to the SHA-256 context.
|
||||
@param[out] HashValue Pointer to a buffer that receives the SHA-256 digest
|
||||
value (32 bytes).
|
||||
|
||||
|
185
CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
Normal file
185
CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
Normal file
@@ -0,0 +1,185 @@
|
||||
/** @file
|
||||
HMAC-MD5 Wrapper Implementation over OpenSSL.
|
||||
|
||||
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
#include <openssl/hmac.h>
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations.
|
||||
|
||||
@return The size, in bytes, of the context buffer required for HMAC-MD5 operations.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
EFIAPI
|
||||
HmacMd5GetContextSize (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
//
|
||||
// Retrieves the OpenSSL HMAC-MD5 Context Size
|
||||
//
|
||||
return (UINTN)(sizeof (HMAC_CTX));
|
||||
}
|
||||
|
||||
/**
|
||||
Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for
|
||||
subsequent use.
|
||||
|
||||
If HmacMd5Context is NULL, then ASSERT().
|
||||
|
||||
@param[out] HmacMd5Context Pointer to HMAC-MD5 context being initialized.
|
||||
@param[in] Key Pointer to the user-supplied key.
|
||||
@param[in] KeySize Key size in bytes.
|
||||
|
||||
@retval TRUE HMAC-MD5 context initialization succeeded.
|
||||
@retval FALSE HMAC-MD5 context initialization failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
HmacMd5Init (
|
||||
OUT VOID *HmacMd5Context,
|
||||
IN CONST UINT8 *Key,
|
||||
IN UINTN KeySize
|
||||
)
|
||||
{
|
||||
//
|
||||
// ASSERT if HmacMd5Context is NULL.
|
||||
//
|
||||
ASSERT (HmacMd5Context != NULL);
|
||||
|
||||
//
|
||||
// OpenSSL HMAC-MD5 Context Initialization
|
||||
//
|
||||
HMAC_CTX_init (HmacMd5Context);
|
||||
HMAC_Init_ex (HmacMd5Context, Key, (UINT32) KeySize, EVP_md5(), NULL);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Makes a copy of an existing HMAC-MD5 context.
|
||||
|
||||
If HmacMd5Context is NULL, then ASSERT().
|
||||
If NewHmacMd5Context is NULL, then ASSERT().
|
||||
|
||||
@param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied.
|
||||
@param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context.
|
||||
|
||||
@retval TRUE HMAC-MD5 context copy succeeded.
|
||||
@retval FALSE HMAC-MD5 context copy failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
HmacMd5Duplicate (
|
||||
IN CONST VOID *HmacMd5Context,
|
||||
OUT VOID *NewHmacMd5Context
|
||||
)
|
||||
{
|
||||
CopyMem (NewHmacMd5Context, HmacMd5Context, sizeof (HMAC_CTX));
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Digests the input data and updates HMAC-MD5 context.
|
||||
|
||||
This function performs HMAC-MD5 digest on a data buffer of the specified size.
|
||||
It can be called multiple times to compute the digest of long or discontinuous data streams.
|
||||
HMAC-MD5 context should be already correctly intialized by HmacMd5Init(), and should not be
|
||||
finalized by HmacMd5Final(). Behavior with invalid context is undefined.
|
||||
|
||||
If HmacMd5Context is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
|
||||
@param[in] Data Pointer to the buffer containing the data to be digested.
|
||||
@param[in] DataSize Size of Data buffer in bytes.
|
||||
|
||||
@retval TRUE HMAC-MD5 data digest succeeded.
|
||||
@retval FALSE HMAC-MD5 data digest failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
HmacMd5Update (
|
||||
IN OUT VOID *HmacMd5Context,
|
||||
IN CONST VOID *Data,
|
||||
IN UINTN DataSize
|
||||
)
|
||||
{
|
||||
//
|
||||
// ASSERT if HmacMd5Context is NULL
|
||||
//
|
||||
ASSERT (HmacMd5Context != NULL);
|
||||
|
||||
//
|
||||
// ASSERT if invalid parameters, in case that only DataLength was checked in OpenSSL
|
||||
//
|
||||
if (Data == NULL) {
|
||||
ASSERT (DataSize == 0);
|
||||
}
|
||||
|
||||
//
|
||||
// OpenSSL HMAC-MD5 digest update
|
||||
//
|
||||
HMAC_Update (HmacMd5Context, Data, DataSize);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Completes computation of the HMAC-MD5 digest value.
|
||||
|
||||
This function completes HMAC-MD5 digest computation and retrieves the digest value into
|
||||
the specified memory. After this function has been called, the HMAC-MD5 context cannot
|
||||
be used again.
|
||||
HMAC-MD5 context should be already correctly intialized by HmacMd5Init(), and should not be
|
||||
finalized by HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined.
|
||||
|
||||
If HmacMd5Context is NULL, then ASSERT().
|
||||
If HmacValue is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context.
|
||||
@param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest
|
||||
value (16 bytes).
|
||||
|
||||
@retval TRUE HMAC-MD5 digest computation succeeded.
|
||||
@retval FALSE HMAC-MD5 digest computation failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
HmacMd5Final (
|
||||
IN OUT VOID *HmacMd5Context,
|
||||
OUT UINT8 *HmacValue
|
||||
)
|
||||
{
|
||||
UINT32 Length;
|
||||
|
||||
//
|
||||
// ASSERT if HmacMd5Context is NULL or HmacValue is NULL
|
||||
//
|
||||
ASSERT (HmacMd5Context != NULL);
|
||||
ASSERT (HmacValue != NULL);
|
||||
|
||||
//
|
||||
// OpenSSL HMAC-MD5 digest finalization
|
||||
//
|
||||
HMAC_Final (HmacMd5Context, HmacValue, &Length);
|
||||
HMAC_CTX_cleanup (HmacMd5Context);
|
||||
|
||||
return TRUE;
|
||||
}
|
185
CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
Normal file
185
CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
Normal file
@@ -0,0 +1,185 @@
|
||||
/** @file
|
||||
HMAC-SHA1 Wrapper Implementation over OpenSSL.
|
||||
|
||||
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
#include <openssl/hmac.h>
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations.
|
||||
|
||||
@return The size, in bytes, of the context buffer required for HMAC-SHA1 operations.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
EFIAPI
|
||||
HmacSha1GetContextSize (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
//
|
||||
// Retrieves the OpenSSL HMAC-SHA1 Context Size
|
||||
//
|
||||
return (UINTN)(sizeof (HMAC_CTX));
|
||||
}
|
||||
|
||||
/**
|
||||
Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for
|
||||
subsequent use.
|
||||
|
||||
If HmacSha1Context is NULL, then ASSERT().
|
||||
|
||||
@param[out] HmacSha1Context Pointer to HMAC-SHA1 context being initialized.
|
||||
@param[in] Key Pointer to the user-supplied key.
|
||||
@param[in] KeySize Key size in bytes.
|
||||
|
||||
@retval TRUE HMAC-SHA1 context initialization succeeded.
|
||||
@retval FALSE HMAC-SHA1 context initialization failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
HmacSha1Init (
|
||||
OUT VOID *HmacSha1Context,
|
||||
IN CONST UINT8 *Key,
|
||||
IN UINTN KeySize
|
||||
)
|
||||
{
|
||||
//
|
||||
// ASSERT if HmacSha1Context is NULL.
|
||||
//
|
||||
ASSERT (HmacSha1Context != NULL);
|
||||
|
||||
//
|
||||
// OpenSSL HMAC-SHA1 Context Initialization
|
||||
//
|
||||
HMAC_CTX_init (HmacSha1Context);
|
||||
HMAC_Init_ex (HmacSha1Context, Key, (UINT32) KeySize, EVP_sha1(), NULL);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Makes a copy of an existing HMAC-SHA1 context.
|
||||
|
||||
If HmacSha1Context is NULL, then ASSERT().
|
||||
If NewHmacSha1Context is NULL, then ASSERT().
|
||||
|
||||
@param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied.
|
||||
@param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context.
|
||||
|
||||
@retval TRUE HMAC-SHA1 context copy succeeded.
|
||||
@retval FALSE HMAC-SHA1 context copy failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
HmacSha1Duplicate (
|
||||
IN CONST VOID *HmacSha1Context,
|
||||
OUT VOID *NewHmacSha1Context
|
||||
)
|
||||
{
|
||||
CopyMem (NewHmacSha1Context, HmacSha1Context, sizeof (HMAC_CTX));
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Digests the input data and updates HMAC-SHA1 context.
|
||||
|
||||
This function performs HMAC-SHA1 digest on a data buffer of the specified size.
|
||||
It can be called multiple times to compute the digest of long or discontinuous data streams.
|
||||
HMAC-SHA1 context should be already correctly intialized by HmacSha1Init(), and should not
|
||||
be finalized by HmacSha1Final(). Behavior with invalid context is undefined.
|
||||
|
||||
If HmacSha1Context is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
|
||||
@param[in] Data Pointer to the buffer containing the data to be digested.
|
||||
@param[in] DataSize Size of Data buffer in bytes.
|
||||
|
||||
@retval TRUE HMAC-SHA1 data digest succeeded.
|
||||
@retval FALSE HMAC-SHA1 data digest failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
HmacSha1Update (
|
||||
IN OUT VOID *HmacSha1Context,
|
||||
IN CONST VOID *Data,
|
||||
IN UINTN DataSize
|
||||
)
|
||||
{
|
||||
//
|
||||
// ASSERT if HmacSha1Context is NULL
|
||||
//
|
||||
ASSERT (HmacSha1Context != NULL);
|
||||
|
||||
//
|
||||
// ASSERT if invalid parameters, in case that only DataLength was checked in OpenSSL
|
||||
//
|
||||
if (Data == NULL) {
|
||||
ASSERT (DataSize == 0);
|
||||
}
|
||||
|
||||
//
|
||||
// OpenSSL HMAC-SHA1 digest update
|
||||
//
|
||||
HMAC_Update (HmacSha1Context, Data, DataSize);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Completes computation of the HMAC-SHA1 digest value.
|
||||
|
||||
This function completes HMAC-SHA1 digest computation and retrieves the digest value into
|
||||
the specified memory. After this function has been called, the HMAC-SHA1 context cannot
|
||||
be used again.
|
||||
HMAC-SHA1 context should be already correctly intialized by HmacSha1Init(), and should
|
||||
not be finalized by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined.
|
||||
|
||||
If HmacSha1Context is NULL, then ASSERT().
|
||||
If HmacValue is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context.
|
||||
@param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest
|
||||
value (20 bytes).
|
||||
|
||||
@retval TRUE HMAC-SHA1 digest computation succeeded.
|
||||
@retval FALSE HMAC-SHA1 digest computation failed.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
HmacSha1Final (
|
||||
IN OUT VOID *HmacSha1Context,
|
||||
OUT UINT8 *HmacValue
|
||||
)
|
||||
{
|
||||
UINT32 Length;
|
||||
|
||||
//
|
||||
// ASSERT if HmacSha1Context is NULL or HmacValue is NULL
|
||||
//
|
||||
ASSERT (HmacSha1Context != NULL);
|
||||
ASSERT (HmacValue != NULL);
|
||||
|
||||
//
|
||||
// OpenSSL HMAC-SHA1 digest finalization
|
||||
//
|
||||
HMAC_Final (HmacSha1Context, HmacValue, &Length);
|
||||
HMAC_CTX_cleanup (HmacSha1Context);
|
||||
|
||||
return TRUE;
|
||||
}
|
32
CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h
Normal file
32
CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h
Normal file
@@ -0,0 +1,32 @@
|
||||
/** @file
|
||||
Internal include file for BaseCryptLib.
|
||||
|
||||
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#ifndef __INTERNAL_CRYPT_LIB_H__
|
||||
#define __INTERNAL_CRYPT_LIB_H__
|
||||
|
||||
#include <Library/BaseLib.h>
|
||||
#include <Library/BaseMemoryLib.h>
|
||||
#include <Library/MemoryAllocationLib.h>
|
||||
#include <Library/DebugLib.h>
|
||||
#include <Library/BaseCryptLib.h>
|
||||
|
||||
//
|
||||
// Environment Setting for OpenSSL-based UEFI Crypto Library.
|
||||
//
|
||||
#ifndef OPENSSL_SYSNAME_UWIN
|
||||
#define OPENSSL_SYSNAME_UWIN
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
@@ -55,8 +55,6 @@
|
||||
SysCall/Ia32/MathLShiftS64.S | GCC
|
||||
SysCall/Ia32/MathRShiftU64.S | GCC
|
||||
|
||||
SysCall/Ia32/Alloca.S | GCC
|
||||
|
||||
[Packages]
|
||||
MdePkg/MdePkg.dec
|
||||
CryptoPkg/CryptoPkg.dec
|
||||
|
238
CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
Normal file
238
CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
Normal file
@@ -0,0 +1,238 @@
|
||||
/** @file
|
||||
Diffie-Hellman Wrapper Implementation over OpenSSL.
|
||||
|
||||
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
#include <openssl/dh.h>
|
||||
|
||||
|
||||
/**
|
||||
Allocates and Initializes one Diffie-Hellman Context for subsequent use.
|
||||
|
||||
@return Pointer to the Diffie-Hellman Context that has been initialized.
|
||||
If the allocations fails, DhNew() returns NULL.
|
||||
|
||||
**/
|
||||
VOID *
|
||||
EFIAPI
|
||||
DhNew (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
//
|
||||
// Allocates & Initializes DH Context by OpenSSL DH_new()
|
||||
//
|
||||
return (VOID *)DH_new ();
|
||||
}
|
||||
|
||||
/**
|
||||
Release the specified DH context.
|
||||
|
||||
If DhContext is NULL, then ASSERT().
|
||||
|
||||
@param[in] DhContext Pointer to the DH context to be released.
|
||||
|
||||
**/
|
||||
VOID
|
||||
EFIAPI
|
||||
DhFree (
|
||||
IN VOID *DhContext
|
||||
)
|
||||
{
|
||||
//
|
||||
// Free OpenSSL DH Context
|
||||
//
|
||||
DH_free ((DH *)DhContext);
|
||||
}
|
||||
|
||||
/**
|
||||
Generates DH parameter.
|
||||
|
||||
Given generator g, and length of prime number p in bits, this function generates p,
|
||||
and sets DH context according to value of g and p.
|
||||
|
||||
Before this function can be invoked, pseudorandom number generator must be correctly
|
||||
initialized by RandomSeed().
|
||||
|
||||
If DhContext is NULL, then ASSERT().
|
||||
If Prime is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] DhContext Pointer to the DH context.
|
||||
@param[in] Generator Value of generator.
|
||||
@param[in] PrimeLength Length in bits of prime to be generated.
|
||||
@param[out] Prime Pointer to the buffer to receive the generated prime number.
|
||||
|
||||
@retval TRUE DH pamameter generation succeeded.
|
||||
@retval FALSE Value of Generator is not supported.
|
||||
@retval FALSE PRNG fails to generate random prime number with PrimeLength.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
DhGenerateParameter (
|
||||
IN OUT VOID *DhContext,
|
||||
IN UINTN Generator,
|
||||
IN UINTN PrimeLength,
|
||||
OUT UINT8 *Prime
|
||||
)
|
||||
{
|
||||
BOOLEAN RetVal;
|
||||
|
||||
if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
RetVal = (BOOLEAN) DH_generate_parameters_ex (DhContext, (UINT32) PrimeLength, (UINT32) Generator, NULL);
|
||||
if (!RetVal) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
BN_bn2bin (((DH *) DhContext)->p, Prime);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Sets generator and prime parameters for DH.
|
||||
|
||||
Given generator g, and prime number p, this function and sets DH
|
||||
context accordingly.
|
||||
|
||||
If DhContext is NULL, then ASSERT().
|
||||
If Prime is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] DhContext Pointer to the DH context.
|
||||
@param[in] Generator Value of generator.
|
||||
@param[in] PrimeLength Length in bits of prime to be generated.
|
||||
@param[in] Prime Pointer to the prime number.
|
||||
|
||||
@retval TRUE DH pamameter setting succeeded.
|
||||
@retval FALSE Value of Generator is not supported.
|
||||
@retval FALSE Value of Generator is not suitable for the Prime.
|
||||
@retval FALSE Value of Prime is not a prime number.
|
||||
@retval FALSE Value of Prime is not a safe prime number.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
DhSetParameter (
|
||||
IN OUT VOID *DhContext,
|
||||
IN UINTN Generator,
|
||||
IN UINTN PrimeLength,
|
||||
IN CONST UINT8 *Prime
|
||||
)
|
||||
{
|
||||
DH *Dh;
|
||||
|
||||
if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
Dh = (DH *) DhContext;
|
||||
Dh->p = BN_new();
|
||||
Dh->g = BN_new();
|
||||
|
||||
BN_bin2bn (Prime, (UINT32) (PrimeLength / 8), Dh->p);
|
||||
BN_set_word (Dh->g, (UINT32) Generator);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Generates DH public key.
|
||||
|
||||
This function generates random secret exponent, and computes the public key, which is
|
||||
returned via parameter PublicKey and PublicKeySize. DH context is updated accordingly.
|
||||
If the PublicKey buffer is too small to hold the public key, FALSE is returned and
|
||||
PublicKeySize is set to the required buffer size to obtain the public key.
|
||||
|
||||
If DhContext is NULL, then ASSERT().
|
||||
If PublicKeySize is NULL, then ASSERT().
|
||||
If PublicKeySize is large enough but PublicKey is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] DhContext Pointer to the DH context.
|
||||
@param[out] PublicKey Pointer to the buffer to receive generated public key.
|
||||
@param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes.
|
||||
On output, the size of data returned in PublicKey buffer in bytes.
|
||||
|
||||
@retval TRUE DH public key generation succeeded.
|
||||
@retval FALSE DH public key generation failed.
|
||||
@retval FALSE PublicKeySize is not large enough.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
DhGenerateKey (
|
||||
IN OUT VOID *DhContext,
|
||||
OUT UINT8 *PublicKey,
|
||||
IN OUT UINTN *PublicKeySize
|
||||
)
|
||||
{
|
||||
BOOLEAN RetVal;
|
||||
DH *Dh;
|
||||
|
||||
Dh = (DH *) DhContext;
|
||||
*PublicKeySize = 0;
|
||||
|
||||
RetVal = (BOOLEAN) DH_generate_key (DhContext);
|
||||
if (RetVal) {
|
||||
BN_bn2bin (Dh->pub_key, PublicKey);
|
||||
*PublicKeySize = BN_num_bytes (Dh->pub_key);
|
||||
}
|
||||
|
||||
return RetVal;
|
||||
}
|
||||
|
||||
/**
|
||||
Computes exchanged common key.
|
||||
|
||||
Given peer's public key, this function computes the exchanged common key, based on its own
|
||||
context including value of prime modulus and random secret exponent.
|
||||
|
||||
If DhContext is NULL, then ASSERT().
|
||||
If PeerPublicKey is NULL, then ASSERT().
|
||||
If KeySize is NULL, then ASSERT().
|
||||
If KeySize is large enough but Key is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] DhContext Pointer to the DH context.
|
||||
@param[in] PeerPublicKey Pointer to the peer's public key.
|
||||
@param[in] PeerPublicKeySize Size of peer's public key in bytes.
|
||||
@param[out] Key Pointer to the buffer to receive generated key.
|
||||
@param[in, out] KeySize On input, the size of Key buffer in bytes.
|
||||
On output, the size of data returned in Key buffer in bytes.
|
||||
|
||||
@retval TRUE DH exchanged key generation succeeded.
|
||||
@retval FALSE DH exchanged key generation failed.
|
||||
@retval FALSE KeySize is not large enough.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
DhComputeKey (
|
||||
IN OUT VOID *DhContext,
|
||||
IN CONST UINT8 *PeerPublicKey,
|
||||
IN UINTN PeerPublicKeySize,
|
||||
OUT UINT8 *Key,
|
||||
IN OUT UINTN *KeySize
|
||||
)
|
||||
{
|
||||
BIGNUM *Bn;
|
||||
|
||||
Bn = BN_bin2bn (PeerPublicKey, (UINT32) PeerPublicKeySize, NULL);
|
||||
|
||||
*KeySize = (BOOLEAN) DH_compute_key (Key, Bn, DhContext);
|
||||
|
||||
BN_free (Bn);
|
||||
|
||||
return TRUE;
|
||||
}
|
@@ -12,11 +12,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include <Library/BaseLib.h>
|
||||
#include <Library/BaseMemoryLib.h>
|
||||
#include <Library/DebugLib.h>
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
#include <Library/BaseCryptLib.h>
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pkcs7.h>
|
||||
@@ -36,8 +33,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
@param[in] InData Pointer to the content to be verified.
|
||||
@param[in] DataLength Length of InData in bytes.
|
||||
|
||||
@return TRUE The specified PKCS#7 signed data is valid.
|
||||
@return FALSE Invalid PKCS#7 signed data.
|
||||
@retval TRUE The specified PKCS#7 signed data is valid.
|
||||
@retval FALSE Invalid PKCS#7 signed data.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
|
@@ -12,18 +12,36 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include <Library/BaseLib.h>
|
||||
#include <Library/DebugLib.h>
|
||||
#include <Library/BaseMemoryLib.h>
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
#include <Library/BaseCryptLib.h>
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
//
|
||||
// ASN.1 value for Hash Algorithm ID with the Distringuished Encoding Rules (DER)
|
||||
// Refer to Section 9.2 of PKCS#1 v2.1
|
||||
//
|
||||
CONST UINT8 Asn1IdMd5[] = {
|
||||
0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,
|
||||
0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10
|
||||
};
|
||||
|
||||
CONST UINT8 Asn1IdSha1[] = {
|
||||
0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
|
||||
0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
|
||||
};
|
||||
|
||||
CONST UINT8 Asn1IdSha256[] = {
|
||||
0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
|
||||
0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
|
||||
0x00, 0x04, 0x20
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
Allocates and Initializes one RSA Context for subsequent use.
|
||||
Allocates and initializes one RSA context for subsequent use.
|
||||
|
||||
@return Pointer to the RSA Context that has been initialized.
|
||||
@return Pointer to the RSA context that has been initialized.
|
||||
If the allocations fails, RsaNew() returns NULL.
|
||||
|
||||
**/
|
||||
@@ -39,9 +57,10 @@ RsaNew (
|
||||
return (VOID *)RSA_new ();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Release the specified RSA Context.
|
||||
Release the specified RSA context.
|
||||
|
||||
If RsaContext is NULL, then ASSERT().
|
||||
|
||||
@param[in] RsaContext Pointer to the RSA context to be released.
|
||||
|
||||
@@ -52,36 +71,43 @@ RsaFree (
|
||||
IN VOID *RsaContext
|
||||
)
|
||||
{
|
||||
ASSERT (RsaContext != NULL);
|
||||
|
||||
//
|
||||
// Free OpenSSL RSA Context
|
||||
//
|
||||
RSA_free ((RSA *)RsaContext);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Sets the tag-designated RSA key component into the established RSA context from
|
||||
the user-specified nonnegative integer (octet string format represented in RSA
|
||||
PKCS#1).
|
||||
Sets the tag-designated key component into the established RSA context.
|
||||
|
||||
This function sets the tag-designated RSA key component into the established
|
||||
RSA context from the user-specified non-negative integer (octet string format
|
||||
represented in RSA PKCS#1).
|
||||
If BigNumber is NULL, then the specified key componenet in RSA context is cleared.
|
||||
|
||||
If RsaContext is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] RsaContext Pointer to RSA context being set.
|
||||
@param[in] KeyTag Tag of RSA key component being set.
|
||||
@param[in] BigNumber Pointer to octet integer buffer.
|
||||
@param[in] BnLength Length of big number buffer in bytes.
|
||||
If NULL, then the specified key componenet in RSA
|
||||
context is cleared.
|
||||
@param[in] BnSize Size of big number buffer in bytes.
|
||||
If BigNumber is NULL, then it is ignored.
|
||||
|
||||
@return TRUE RSA key component was set successfully.
|
||||
@return FALSE Invalid RSA key component tag.
|
||||
@retval TRUE RSA key component was set successfully.
|
||||
@retval FALSE Invalid RSA key component tag.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaSetKey (
|
||||
IN OUT VOID *RsaContext,
|
||||
IN RSA_KEY_TAG KeyTag,
|
||||
IN CONST UINT8 *BigNumber,
|
||||
IN UINTN BnLength
|
||||
IN OUT VOID *RsaContext,
|
||||
IN RSA_KEY_TAG KeyTag,
|
||||
IN CONST UINT8 *BigNumber,
|
||||
IN UINTN BnSize
|
||||
)
|
||||
{
|
||||
RSA *RsaKey;
|
||||
@@ -107,7 +133,11 @@ RsaSetKey (
|
||||
if (RsaKey->n != NULL) {
|
||||
BN_free (RsaKey->n);
|
||||
}
|
||||
RsaKey->n = BN_bin2bn (BigNumber, (int)BnLength, RsaKey->n);
|
||||
RsaKey->n = NULL;
|
||||
if (BigNumber == NULL) {
|
||||
break;
|
||||
}
|
||||
RsaKey->n = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->n);
|
||||
break;
|
||||
|
||||
//
|
||||
@@ -117,7 +147,11 @@ RsaSetKey (
|
||||
if (RsaKey->e != NULL) {
|
||||
BN_free (RsaKey->e);
|
||||
}
|
||||
RsaKey->e = BN_bin2bn (BigNumber, (int)BnLength, RsaKey->e);
|
||||
RsaKey->e = NULL;
|
||||
if (BigNumber == NULL) {
|
||||
break;
|
||||
}
|
||||
RsaKey->e = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->e);
|
||||
break;
|
||||
|
||||
//
|
||||
@@ -127,7 +161,11 @@ RsaSetKey (
|
||||
if (RsaKey->d != NULL) {
|
||||
BN_free (RsaKey->d);
|
||||
}
|
||||
RsaKey->d = BN_bin2bn (BigNumber, (int)BnLength, RsaKey->d);
|
||||
RsaKey->d = NULL;
|
||||
if (BigNumber == NULL) {
|
||||
break;
|
||||
}
|
||||
RsaKey->d = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->d);
|
||||
break;
|
||||
|
||||
//
|
||||
@@ -137,7 +175,11 @@ RsaSetKey (
|
||||
if (RsaKey->p != NULL) {
|
||||
BN_free (RsaKey->p);
|
||||
}
|
||||
RsaKey->p = BN_bin2bn (BigNumber, (int)BnLength, RsaKey->p);
|
||||
RsaKey->p = NULL;
|
||||
if (BigNumber == NULL) {
|
||||
break;
|
||||
}
|
||||
RsaKey->p = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->p);
|
||||
break;
|
||||
|
||||
//
|
||||
@@ -147,7 +189,11 @@ RsaSetKey (
|
||||
if (RsaKey->q != NULL) {
|
||||
BN_free (RsaKey->q);
|
||||
}
|
||||
RsaKey->q = BN_bin2bn (BigNumber, (int)BnLength, RsaKey->q);
|
||||
RsaKey->q = NULL;
|
||||
if (BigNumber == NULL) {
|
||||
break;
|
||||
}
|
||||
RsaKey->q = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->q);
|
||||
break;
|
||||
|
||||
//
|
||||
@@ -157,7 +203,11 @@ RsaSetKey (
|
||||
if (RsaKey->dmp1 != NULL) {
|
||||
BN_free (RsaKey->dmp1);
|
||||
}
|
||||
RsaKey->dmp1 = BN_bin2bn (BigNumber, (int)BnLength, RsaKey->dmp1);
|
||||
RsaKey->dmp1 = NULL;
|
||||
if (BigNumber == NULL) {
|
||||
break;
|
||||
}
|
||||
RsaKey->dmp1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmp1);
|
||||
break;
|
||||
|
||||
//
|
||||
@@ -167,7 +217,11 @@ RsaSetKey (
|
||||
if (RsaKey->dmq1 != NULL) {
|
||||
BN_free (RsaKey->dmq1);
|
||||
}
|
||||
RsaKey->dmq1 = BN_bin2bn (BigNumber, (int)BnLength, RsaKey->dmq1);
|
||||
RsaKey->dmq1 = NULL;
|
||||
if (BigNumber == NULL) {
|
||||
break;
|
||||
}
|
||||
RsaKey->dmq1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmq1);
|
||||
break;
|
||||
|
||||
//
|
||||
@@ -177,7 +231,11 @@ RsaSetKey (
|
||||
if (RsaKey->iqmp != NULL) {
|
||||
BN_free (RsaKey->iqmp);
|
||||
}
|
||||
RsaKey->iqmp = BN_bin2bn (BigNumber, (int)BnLength, RsaKey->iqmp);
|
||||
RsaKey->iqmp = NULL;
|
||||
if (BigNumber == NULL) {
|
||||
break;
|
||||
}
|
||||
RsaKey->iqmp = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->iqmp);
|
||||
break;
|
||||
|
||||
default:
|
||||
@@ -187,6 +245,368 @@ RsaSetKey (
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Gets the tag-designated RSA key component from the established RSA context.
|
||||
|
||||
This function retrieves the tag-designated RSA key component from the
|
||||
established RSA context as a non-negative integer (octet string format
|
||||
represented in RSA PKCS#1).
|
||||
If specified key component has not been set or has been cleared, then returned
|
||||
BnSize is set to 0.
|
||||
If the BigNumber buffer is too small to hold the contents of the key, FALSE
|
||||
is returned and BnSize is set to the required buffer size to obtain the key.
|
||||
|
||||
If RsaContext is NULL, then ASSERT().
|
||||
If BnSize is NULL, then ASSERT().
|
||||
If BnSize is large enough but BigNumber is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] RsaContext Pointer to RSA context being set.
|
||||
@param[in] KeyTag Tag of RSA key component being set.
|
||||
@param[out] BigNumber Pointer to octet integer buffer.
|
||||
@param[in, out] BnSize On input, the size of big number buffer in bytes.
|
||||
On output, the size of data returned in big number buffer in bytes.
|
||||
|
||||
@retval TRUE RSA key component was retrieved successfully.
|
||||
@retval FALSE Invalid RSA key component tag.
|
||||
@retval FALSE BnSize is too small.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaGetKey (
|
||||
IN OUT VOID *RsaContext,
|
||||
IN RSA_KEY_TAG KeyTag,
|
||||
OUT UINT8 *BigNumber,
|
||||
IN OUT UINTN *BnSize
|
||||
)
|
||||
{
|
||||
RSA *RsaKey;
|
||||
BIGNUM *BnKey;
|
||||
UINTN Size;
|
||||
|
||||
ASSERT (RsaContext != NULL);
|
||||
ASSERT (BnSize != NULL);
|
||||
|
||||
RsaKey = (RSA *) RsaContext;
|
||||
Size = *BnSize;
|
||||
*BnSize = 0;
|
||||
|
||||
switch (KeyTag) {
|
||||
|
||||
//
|
||||
// RSA Public Modulus (N)
|
||||
//
|
||||
case RsaKeyN:
|
||||
if (RsaKey->n == NULL) {
|
||||
return TRUE;
|
||||
}
|
||||
BnKey = RsaKey->n;
|
||||
break;
|
||||
|
||||
//
|
||||
// RSA Public Exponent (e)
|
||||
//
|
||||
case RsaKeyE:
|
||||
if (RsaKey->e == NULL) {
|
||||
return TRUE;
|
||||
}
|
||||
BnKey = RsaKey->e;
|
||||
break;
|
||||
|
||||
//
|
||||
// RSA Private Exponent (d)
|
||||
//
|
||||
case RsaKeyD:
|
||||
if (RsaKey->d == NULL) {
|
||||
return TRUE;
|
||||
}
|
||||
BnKey = RsaKey->d;
|
||||
break;
|
||||
|
||||
//
|
||||
// RSA Secret Prime Factor of Modulus (p)
|
||||
//
|
||||
case RsaKeyP:
|
||||
if (RsaKey->p == NULL) {
|
||||
return TRUE;
|
||||
}
|
||||
BnKey = RsaKey->p;
|
||||
break;
|
||||
|
||||
//
|
||||
// RSA Secret Prime Factor of Modules (q)
|
||||
//
|
||||
case RsaKeyQ:
|
||||
if (RsaKey->q == NULL) {
|
||||
return TRUE;
|
||||
}
|
||||
BnKey = RsaKey->q;
|
||||
break;
|
||||
|
||||
//
|
||||
// p's CRT Exponent (== d mod (p - 1))
|
||||
//
|
||||
case RsaKeyDp:
|
||||
if (RsaKey->dmp1 == NULL) {
|
||||
return TRUE;
|
||||
}
|
||||
BnKey = RsaKey->dmp1;
|
||||
break;
|
||||
|
||||
//
|
||||
// q's CRT Exponent (== d mod (q - 1))
|
||||
//
|
||||
case RsaKeyDq:
|
||||
if (RsaKey->dmq1 == NULL) {
|
||||
return TRUE;
|
||||
}
|
||||
BnKey = RsaKey->dmq1;
|
||||
break;
|
||||
|
||||
//
|
||||
// The CRT Coefficient (== 1/q mod p)
|
||||
//
|
||||
case RsaKeyQInv:
|
||||
if (RsaKey->iqmp == NULL) {
|
||||
return TRUE;
|
||||
}
|
||||
BnKey = RsaKey->iqmp;
|
||||
break;
|
||||
|
||||
default:
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
*BnSize = Size;
|
||||
Size = BN_num_bytes (BnKey);
|
||||
|
||||
if (*BnSize < Size) {
|
||||
*BnSize = Size;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
ASSERT (BigNumber != NULL);
|
||||
*BnSize = BN_bn2bin (BnKey, BigNumber) ;
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Generates RSA key components.
|
||||
|
||||
This function generates RSA key components. It takes RSA public exponent E and
|
||||
length in bits of RSA modulus N as input, and generates all key components.
|
||||
If PublicExponent is NULL, the default RSA public exponent (0x10001) will be used.
|
||||
|
||||
Before this function can be invoked, pseudorandom number generator must be correctly
|
||||
initialized by RandomSeed().
|
||||
|
||||
If RsaContext is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] RsaContext Pointer to RSA context being set.
|
||||
@param[in] ModulusLength Length of RSA modulus N in bits.
|
||||
@param[in] PublicExponent Pointer to RSA public exponent.
|
||||
@param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.
|
||||
|
||||
@retval TRUE RSA key component was generated successfully.
|
||||
@retval FALSE Invalid RSA key component tag.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaGenerateKey (
|
||||
IN OUT VOID *RsaContext,
|
||||
IN UINTN ModulusLength,
|
||||
IN CONST UINT8 *PublicExponent,
|
||||
IN UINTN PublicExponentSize
|
||||
)
|
||||
{
|
||||
BIGNUM *KeyE;
|
||||
BOOLEAN RetVal;
|
||||
|
||||
ASSERT (RsaContext != NULL);
|
||||
|
||||
KeyE = BN_new ();
|
||||
if (PublicExponent == NULL) {
|
||||
BN_set_word (KeyE, 0x10001);
|
||||
} else {
|
||||
BN_bin2bn (PublicExponent, (UINT32) PublicExponentSize, KeyE);
|
||||
}
|
||||
|
||||
RetVal = FALSE;
|
||||
if (RSA_generate_key_ex ((RSA *) RsaContext, (UINT32) ModulusLength, KeyE, NULL) == 1) {
|
||||
RetVal = TRUE;
|
||||
}
|
||||
|
||||
BN_free (KeyE);
|
||||
return RetVal;
|
||||
}
|
||||
|
||||
/**
|
||||
Validates key components of RSA context.
|
||||
|
||||
This function validates key compoents of RSA context in following aspects:
|
||||
- Whether p is a prime
|
||||
- Whether q is a prime
|
||||
- Whether n = p * q
|
||||
- Whether d*e = 1 mod lcm(p-1,q-1)
|
||||
|
||||
If RsaContext is NULL, then ASSERT().
|
||||
|
||||
@param[in] RsaContext Pointer to RSA context to check.
|
||||
|
||||
@retval TRUE RSA key components are valid.
|
||||
@retval FALSE RSA key components are not valid.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaCheckKey (
|
||||
IN VOID *RsaContext
|
||||
)
|
||||
{
|
||||
UINTN Reason;
|
||||
|
||||
ASSERT (RsaContext != NULL);
|
||||
|
||||
if (RSA_check_key ((RSA *) RsaContext) != 1) {
|
||||
Reason = ERR_GET_REASON (ERR_peek_last_error ());
|
||||
if (Reason == RSA_R_P_NOT_PRIME ||
|
||||
Reason == RSA_R_Q_NOT_PRIME ||
|
||||
Reason == RSA_R_N_DOES_NOT_EQUAL_P_Q ||
|
||||
Reason == RSA_R_D_E_NOT_CONGRUENT_TO_1) {
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Performs the PKCS1-v1_5 encoding methods defined in RSA PKCS #1.
|
||||
|
||||
@param Message Message buffer to be encoded.
|
||||
@param MessageSize Size of message buffer in bytes.
|
||||
@param DigestInfo Pointer to buffer of digest info for output.
|
||||
|
||||
@return Size of DigestInfo in bytes.
|
||||
|
||||
**/
|
||||
UINTN
|
||||
DigestInfoEncoding (
|
||||
IN CONST UINT8 *Message,
|
||||
IN UINTN MessageSize,
|
||||
OUT UINT8 *DigestInfo
|
||||
)
|
||||
{
|
||||
CONST UINT8 *HashDer;
|
||||
UINTN DerSize;
|
||||
|
||||
ASSERT (Message != NULL);
|
||||
ASSERT (DigestInfo != NULL);
|
||||
|
||||
//
|
||||
// The original message length is used to determine the hash algorithm since
|
||||
// message is digest value hashed by the specified algorithm.
|
||||
//
|
||||
switch (MessageSize) {
|
||||
case MD5_DIGEST_SIZE:
|
||||
HashDer = Asn1IdMd5;
|
||||
DerSize = sizeof (Asn1IdMd5);
|
||||
break;
|
||||
|
||||
case SHA1_DIGEST_SIZE:
|
||||
HashDer = Asn1IdSha1;
|
||||
DerSize = sizeof (Asn1IdSha1);
|
||||
break;
|
||||
|
||||
case SHA256_DIGEST_SIZE:
|
||||
HashDer = Asn1IdSha256;
|
||||
DerSize = sizeof (Asn1IdSha256);
|
||||
break;
|
||||
|
||||
default:
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
CopyMem (DigestInfo, HashDer, DerSize);
|
||||
CopyMem (DigestInfo + DerSize, Message, MessageSize);
|
||||
|
||||
return (DerSize + MessageSize);
|
||||
}
|
||||
|
||||
/**
|
||||
Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.
|
||||
|
||||
This function carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme defined in
|
||||
RSA PKCS#1.
|
||||
If the Signature buffer is too small to hold the contents of signature, FALSE
|
||||
is returned and SigSize is set to the required buffer size to obtain the signature.
|
||||
|
||||
If RsaContext is NULL, then ASSERT().
|
||||
If MessageHash is NULL, then ASSERT().
|
||||
If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-224, SHA-512 or SHA-384 digest, then ASSERT().
|
||||
If SigSize is large enough but Signature is NULL, then ASSERT().
|
||||
|
||||
@param[in] RsaContext Pointer to RSA context for signature generation.
|
||||
@param[in] MessageHash Pointer to octet message hash to be signed.
|
||||
@param[in] HashSize Size of the message hash in bytes.
|
||||
@param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature.
|
||||
@param[in, out] SigSize On input, the size of Signature buffer in bytes.
|
||||
On output, the size of data returned in Signature buffer in bytes.
|
||||
|
||||
@retval TRUE Signature successfully generated in PKCS1-v1_5.
|
||||
@retval FALSE Signature generation failed.
|
||||
@retval FALSE SigSize is too small.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaPkcs1Sign (
|
||||
IN VOID *RsaContext,
|
||||
IN CONST UINT8 *MessageHash,
|
||||
IN UINTN HashSize,
|
||||
OUT UINT8 *Signature,
|
||||
IN OUT UINTN *SigSize
|
||||
)
|
||||
{
|
||||
RSA *Rsa;
|
||||
UINTN Size;
|
||||
INTN ReturnVal;
|
||||
|
||||
ASSERT (RsaContext != NULL);
|
||||
ASSERT (MessageHash != NULL);
|
||||
ASSERT ((HashSize == MD5_DIGEST_SIZE) ||
|
||||
(HashSize == SHA1_DIGEST_SIZE) ||
|
||||
(HashSize == SHA256_DIGEST_SIZE));
|
||||
|
||||
Rsa = (RSA *) RsaContext;
|
||||
Size = BN_num_bytes (Rsa->n);
|
||||
|
||||
if (*SigSize < Size) {
|
||||
*SigSize = Size;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
ASSERT (Signature != NULL);
|
||||
|
||||
Size = DigestInfoEncoding (MessageHash, HashSize, Signature);
|
||||
|
||||
ReturnVal = RSA_private_encrypt (
|
||||
(UINT32) Size,
|
||||
Signature,
|
||||
Signature,
|
||||
Rsa,
|
||||
RSA_PKCS1_PADDING
|
||||
);
|
||||
|
||||
if (ReturnVal < (INTN) Size) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
*SigSize = (UINTN)ReturnVal;
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in
|
||||
@@ -195,16 +615,16 @@ RsaSetKey (
|
||||
If RsaContext is NULL, then ASSERT().
|
||||
If MessageHash is NULL, then ASSERT().
|
||||
If Signature is NULL, then ASSERT().
|
||||
If HashLength is not equal to the size of MD5, SHA-1 or SHA-256 digest, then ASSERT().
|
||||
If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-224, SHA-512 or SHA-384 digest, then ASSERT().
|
||||
|
||||
@param[in] RsaContext Pointer to RSA context for signature verification.
|
||||
@param[in] MessageHash Pointer to octet message hash to be checked.
|
||||
@param[in] HashLength Length of the message hash in bytes.
|
||||
@param[in] HashSize Size of the message hash in bytes.
|
||||
@param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.
|
||||
@param[in] SigLength Length of signature in bytes.
|
||||
@param[in] SigSize Size of signature in bytes.
|
||||
|
||||
@return TRUE Valid signature encoded in PKCS1-v1_5.
|
||||
@return FALSE Invalid signature or invalid RSA context.
|
||||
@retval TRUE Valid signature encoded in PKCS1-v1_5.
|
||||
@retval FALSE Invalid signature or invalid RSA context.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
@@ -212,9 +632,9 @@ EFIAPI
|
||||
RsaPkcs1Verify (
|
||||
IN VOID *RsaContext,
|
||||
IN CONST UINT8 *MessageHash,
|
||||
IN UINTN HashLength,
|
||||
IN UINTN HashSize,
|
||||
IN UINT8 *Signature,
|
||||
IN UINTN SigLength
|
||||
IN UINTN SigSize
|
||||
)
|
||||
{
|
||||
INTN Length;
|
||||
@@ -227,17 +647,17 @@ RsaPkcs1Verify (
|
||||
ASSERT (Signature != NULL);
|
||||
|
||||
//
|
||||
// ASSERT if unsupported hash length:
|
||||
// ASSERT if unsupported hash size:
|
||||
// Only MD5, SHA-1 or SHA-256 digest size is supported
|
||||
//
|
||||
ASSERT ((HashLength == MD5_DIGEST_SIZE) || (HashLength == SHA1_DIGEST_SIZE) ||
|
||||
(HashLength == SHA256_DIGEST_SIZE));
|
||||
ASSERT ((HashSize == MD5_DIGEST_SIZE) || (HashSize == SHA1_DIGEST_SIZE) ||
|
||||
(HashSize == SHA256_DIGEST_SIZE));
|
||||
|
||||
//
|
||||
// RSA PKCS#1 Signature Decoding using OpenSSL RSA Decryption with Public Key
|
||||
//
|
||||
Length = RSA_public_decrypt (
|
||||
(int)SigLength,
|
||||
(UINT32) SigSize,
|
||||
Signature,
|
||||
Signature,
|
||||
RsaContext,
|
||||
@@ -246,10 +666,10 @@ RsaPkcs1Verify (
|
||||
|
||||
//
|
||||
// Invalid RSA Key or PKCS#1 Padding Checking Failed (if Length < 0)
|
||||
// NOTE: Length should be the addition of HashLength and some DER value.
|
||||
// NOTE: Length should be the addition of HashSize and some DER value.
|
||||
// Ignore more strict length checking here.
|
||||
//
|
||||
if (Length < (INTN) HashLength) {
|
||||
if (Length < (INTN) HashSize) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -263,7 +683,7 @@ RsaPkcs1Verify (
|
||||
// Then Memory Comparing should skip the DER value of the underlying SEQUENCE
|
||||
// type and AlgorithmIdentifier.
|
||||
//
|
||||
if (CompareMem (MessageHash, Signature + Length - HashLength, HashLength) == 0) {
|
||||
if (CompareMem (MessageHash, Signature + Length - HashSize, HashSize) == 0) {
|
||||
//
|
||||
// Valid RSA PKCS#1 Signature
|
||||
//
|
||||
|
88
CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c
Normal file
88
CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c
Normal file
@@ -0,0 +1,88 @@
|
||||
/** @file
|
||||
Pseudorandom Number Generator Wrapper Implementation over OpenSSL.
|
||||
|
||||
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
#include <openssl/rand.h>
|
||||
|
||||
//
|
||||
// Default seed for UEFI Crypto Library
|
||||
//
|
||||
CONST UINT8 DefaultSeed[] = "UEFI Crypto Library default seed";
|
||||
|
||||
/**
|
||||
Sets up the seed value for the pseudorandom number generator.
|
||||
|
||||
This function sets up the seed value for the pseudorandom number generator.
|
||||
If Seed is not NULL, then the seed passed in is used.
|
||||
If Seed is NULL, then default seed is used.
|
||||
|
||||
@param[in] Seed Pointer to seed value.
|
||||
If NULL, default seed is used.
|
||||
@param[in] SeedSize Size of seed value.
|
||||
If Seed is NULL, this parameter is ignored.
|
||||
|
||||
@retval TRUE Pseudorandom number generator has enough entropy for random generation.
|
||||
@retval FALSE Pseudorandom number generator does not have enough entropy for random generation.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RandomSeed (
|
||||
IN CONST UINT8 *Seed OPTIONAL,
|
||||
IN UINTN SeedSize
|
||||
)
|
||||
{
|
||||
//
|
||||
// Seed the pseudorandom number generator with user-supplied value.
|
||||
// NOTE: A cryptographic PRNG must be seeded with unpredictable data.
|
||||
//
|
||||
if (Seed != NULL) {
|
||||
RAND_seed (Seed, (UINT32) SeedSize);
|
||||
} else {
|
||||
RAND_seed (DefaultSeed, sizeof (DefaultSeed));
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
Generates a pseudorandom byte stream of the specified size.
|
||||
|
||||
If Output is NULL, then ASSERT().
|
||||
|
||||
@param[out] Output Pointer to buffer to receive random value.
|
||||
@param[in] Size Size of randome bytes to generate.
|
||||
|
||||
@retval TRUE Pseudorandom byte stream generated successfully.
|
||||
@retval FALSE Pseudorandom number generator fails to generate due to lack of entropy.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RandomBytes (
|
||||
OUT UINT8 *Output,
|
||||
IN UINTN Size
|
||||
)
|
||||
{
|
||||
ASSERT (Output != NULL);
|
||||
|
||||
//
|
||||
// Generate random data.
|
||||
//
|
||||
if (RAND_bytes (Output, (UINT32) Size) != 1) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
@@ -57,8 +57,6 @@
|
||||
SysCall/Ia32/MathLShiftS64.S | GCC
|
||||
SysCall/Ia32/MathRShiftU64.S | GCC
|
||||
|
||||
SysCall/Ia32/Alloca.S | GCC
|
||||
|
||||
[Packages]
|
||||
MdePkg/MdePkg.dec
|
||||
CryptoPkg/CryptoPkg.dec
|
||||
|
78
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
Normal file
78
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
Normal file
@@ -0,0 +1,78 @@
|
||||
## @file
|
||||
# Cryptographic Library Instance for SMM driver.
|
||||
#
|
||||
# Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
|
||||
# This program and the accompanying materials
|
||||
# are licensed and made available under the terms and conditions of the BSD License
|
||||
# which accompanies this distribution. The full text of the license may be found at
|
||||
# http://opensource.org/licenses/bsd-license.php
|
||||
#
|
||||
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
#
|
||||
##
|
||||
|
||||
[Defines]
|
||||
INF_VERSION = 0x00010005
|
||||
BASE_NAME = SmmCryptLib
|
||||
FILE_GUID = 028080a3-8958-4a62-a1a8-0fa1da162007
|
||||
MODULE_TYPE = DXE_SMM_DRIVER
|
||||
VERSION_STRING = 1.0
|
||||
LIBRARY_CLASS = BaseCryptLib|DXE_SMM_DRIVER SMM_CORE
|
||||
|
||||
#
|
||||
# The following information is for reference only and not required by the build tools.
|
||||
#
|
||||
# VALID_ARCHITECTURES = IA32 X64
|
||||
#
|
||||
|
||||
[Sources]
|
||||
Hash/CryptMd5.c
|
||||
Hash/CryptSha1.c
|
||||
Hash/CryptSha256.c
|
||||
Pk/CryptRsa.c
|
||||
Pk/CryptPkcs7.c
|
||||
|
||||
SysCall/CrtWrapper.c
|
||||
SysCall/RealTimeClock.c
|
||||
SysCall/BaseMemAllocation.c
|
||||
|
||||
[Sources.Ia32]
|
||||
SysCall/HelperWrapper.c
|
||||
|
||||
SysCall/Ia32/MathMultS64x64.c | MSFT
|
||||
SysCall/Ia32/MathDivU64x64.c | MSFT
|
||||
SysCall/Ia32/MathReminderU64x64.c | MSFT
|
||||
SysCall/Ia32/MathLShiftS64.c | MSFT
|
||||
SysCall/Ia32/MathRShiftU64.c | MSFT
|
||||
|
||||
SysCall/Ia32/MathMultS64x64.c | INTEL
|
||||
SysCall/Ia32/MathDivU64x64.c | INTEL
|
||||
SysCall/Ia32/MathReminderU64x64.c | INTEL
|
||||
SysCall/Ia32/MathLShiftS64.c | INTEL
|
||||
SysCall/Ia32/MathRShiftU64.c | INTEL
|
||||
|
||||
SysCall/Ia32/MathMultS64x64.S | GCC
|
||||
SysCall/Ia32/MathDivU64x64.S | GCC
|
||||
SysCall/Ia32/MathReminderU64x64.S | GCC
|
||||
SysCall/Ia32/MathLShiftS64.S | GCC
|
||||
SysCall/Ia32/MathRShiftU64.S | GCC
|
||||
|
||||
[Packages]
|
||||
MdePkg/MdePkg.dec
|
||||
CryptoPkg/CryptoPkg.dec
|
||||
|
||||
[LibraryClasses]
|
||||
BaseLib
|
||||
IoLib
|
||||
BaseMemoryLib
|
||||
MemoryAllocationLib
|
||||
OpensslLib
|
||||
IntrinsicLib
|
||||
|
||||
#
|
||||
# Remove these [BuildOptions] after this library is cleaned up
|
||||
#
|
||||
[BuildOptions]
|
||||
GCC:*_GCC44_IA32_CC_FLAGS = "-D__cdecl=__attribute__((cdecl))" "-D__declspec(t)=__attribute__((t))"
|
||||
|
@@ -1,59 +0,0 @@
|
||||
#------------------------------------------------------------------------------
|
||||
#
|
||||
# Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
|
||||
# This program and the accompanying materials
|
||||
# are licensed and made available under the terms and conditions of the BSD License
|
||||
# which accompanies this distribution. The full text of the license may be found at
|
||||
# http://opensource.org/licenses/bsd-license.php.
|
||||
#
|
||||
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
#
|
||||
# Module Name:
|
||||
#
|
||||
# Alloca.S
|
||||
#
|
||||
# Abstract:
|
||||
#
|
||||
# Implementation for allocation of automatically reclaimed memory, which is
|
||||
# used to allocate space off the runtime stack.
|
||||
# (NOTE: There is a assumption in this code that the page size equal to 4K)
|
||||
#
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
|
||||
.686:
|
||||
.code:
|
||||
|
||||
ASM_GLOBAL ASM_PFX(_alloca)
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
#
|
||||
# void __cdecl _alloca (unsigned size)
|
||||
#
|
||||
#------------------------------------------------------------------------------
|
||||
ASM_PFX(_alloca):
|
||||
|
||||
pushl %ecx
|
||||
cmpl $0x1000, %eax
|
||||
leal 8(%esp), %ecx
|
||||
jb LastPage
|
||||
|
||||
ProbePages:
|
||||
subl $0x1000, %ecx
|
||||
subl $0x1000, %eax
|
||||
testl %eax, 0(%ecx)
|
||||
cmpl $0x1000, %eax
|
||||
jae ProbePages
|
||||
|
||||
LastPage:
|
||||
subl %eax, %ecx
|
||||
movl %esp, %eax
|
||||
testl %eax, 0(%ecx)
|
||||
|
||||
movl %ecx, %esp
|
||||
movl 0(%eax), %ecx
|
||||
movl 4(%eax), %eax
|
||||
pushl %eax
|
||||
|
||||
ret
|
222
CryptoPkg/Library/BaseCryptLib/SysCall/RealTimeClock.c
Normal file
222
CryptoPkg/Library/BaseCryptLib/SysCall/RealTimeClock.c
Normal file
@@ -0,0 +1,222 @@
|
||||
/** @file
|
||||
C Run-Time Libraries (CRT) Time Management Routines Wrapper Implementation
|
||||
for OpenSSL-based Cryptographic Library (used in SMM).
|
||||
|
||||
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include <Library/BaseLib.h>
|
||||
#include <Library/IoLib.h>
|
||||
#include <OpenSslSupport.h>
|
||||
|
||||
#define PCAT_RTC_ADDRESS_REGISTER 0x70
|
||||
#define PCAT_RTC_DATA_REGISTER 0x71
|
||||
|
||||
#define RTC_ADDRESS_SECONDS 0 // R/W Range 0..59
|
||||
#define RTC_ADDRESS_SECONDS_ALARM 1 // R/W Range 0..59
|
||||
#define RTC_ADDRESS_MINUTES 2 // R/W Range 0..59
|
||||
#define RTC_ADDRESS_MINUTES_ALARM 3 // R/W Range 0..59
|
||||
#define RTC_ADDRESS_HOURS 4 // R/W Range 1..12 or 0..23 Bit 7 is AM/PM
|
||||
#define RTC_ADDRESS_HOURS_ALARM 5 // R/W Range 1..12 or 0..23 Bit 7 is AM/PM
|
||||
#define RTC_ADDRESS_DAY_OF_THE_WEEK 6 // R/W Range 1..7
|
||||
#define RTC_ADDRESS_DAY_OF_THE_MONTH 7 // R/W Range 1..31
|
||||
#define RTC_ADDRESS_MONTH 8 // R/W Range 1..12
|
||||
#define RTC_ADDRESS_YEAR 9 // R/W Range 0..99
|
||||
#define RTC_ADDRESS_REGISTER_A 10 // R/W[0..6] R0[7]
|
||||
#define RTC_ADDRESS_REGISTER_B 11 // R/W
|
||||
#define RTC_ADDRESS_REGISTER_C 12 // RO
|
||||
#define RTC_ADDRESS_REGISTER_D 13 // RO
|
||||
#define RTC_ADDRESS_CENTURY 50 // R/W Range 19..20 Bit 8 is R/W
|
||||
|
||||
//
|
||||
// Register A
|
||||
//
|
||||
typedef struct {
|
||||
UINT8 RS : 4; // Rate Selection Bits
|
||||
UINT8 DV : 3; // Divisor
|
||||
UINT8 UIP : 1; // Update in progress
|
||||
} RTC_REGISTER_A_BITS;
|
||||
|
||||
typedef union {
|
||||
RTC_REGISTER_A_BITS Bits;
|
||||
UINT8 Data;
|
||||
} RTC_REGISTER_A;
|
||||
|
||||
//
|
||||
// Register B
|
||||
//
|
||||
typedef struct {
|
||||
UINT8 DSE : 1; // 0 - Daylight saving disabled 1 - Daylight savings enabled
|
||||
UINT8 MIL : 1; // 0 - 12 hour mode 1 - 24 hour mode
|
||||
UINT8 DM : 1; // 0 - BCD Format 1 - Binary Format
|
||||
UINT8 SQWE : 1; // 0 - Disable SQWE output 1 - Enable SQWE output
|
||||
UINT8 UIE : 1; // 0 - Update INT disabled 1 - Update INT enabled
|
||||
UINT8 AIE : 1; // 0 - Alarm INT disabled 1 - Alarm INT Enabled
|
||||
UINT8 PIE : 1; // 0 - Periodic INT disabled 1 - Periodic INT Enabled
|
||||
UINT8 SET : 1; // 0 - Normal operation. 1 - Updates inhibited
|
||||
} RTC_REGISTER_B_BITS;
|
||||
|
||||
typedef union {
|
||||
RTC_REGISTER_B_BITS Bits;
|
||||
UINT8 Data;
|
||||
} RTC_REGISTER_B;
|
||||
|
||||
//
|
||||
// -- Time Management Routines --
|
||||
//
|
||||
|
||||
#define IsLeap(y) (((y) % 4) == 0 && (((y) % 100) != 0 || ((y) % 400) == 0))
|
||||
#define SECSPERHOUR (60 * 60)
|
||||
#define SECSPERDAY (24 * SECSPERHOUR)
|
||||
|
||||
//
|
||||
// The arrays give the cumulative number of days up to the first of the
|
||||
// month number used as the index (1 -> 12) for regular and leap years.
|
||||
// The value at index 13 is for the whole year.
|
||||
//
|
||||
UINTN CumulativeDays[2][14] = {
|
||||
{
|
||||
0,
|
||||
0,
|
||||
31,
|
||||
31 + 28,
|
||||
31 + 28 + 31,
|
||||
31 + 28 + 31 + 30,
|
||||
31 + 28 + 31 + 30 + 31,
|
||||
31 + 28 + 31 + 30 + 31 + 30,
|
||||
31 + 28 + 31 + 30 + 31 + 30 + 31,
|
||||
31 + 28 + 31 + 30 + 31 + 30 + 31 + 31,
|
||||
31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30,
|
||||
31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31,
|
||||
31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30,
|
||||
31 + 28 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30 + 31
|
||||
},
|
||||
{
|
||||
0,
|
||||
0,
|
||||
31,
|
||||
31 + 29,
|
||||
31 + 29 + 31,
|
||||
31 + 29 + 31 + 30,
|
||||
31 + 29 + 31 + 30 + 31,
|
||||
31 + 29 + 31 + 30 + 31 + 30,
|
||||
31 + 29 + 31 + 30 + 31 + 30 + 31,
|
||||
31 + 29 + 31 + 30 + 31 + 30 + 31 + 31,
|
||||
31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30,
|
||||
31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31,
|
||||
31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30,
|
||||
31 + 29 + 31 + 30 + 31 + 30 + 31 + 31 + 30 + 31 + 30 + 31
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
Read RTC content through its registers.
|
||||
|
||||
@param Address Address offset of RTC. It is recommended to use macros such as
|
||||
RTC_ADDRESS_SECONDS.
|
||||
|
||||
@return The data of UINT8 type read from RTC.
|
||||
**/
|
||||
UINT8
|
||||
RtcRead (
|
||||
IN UINT8 Address
|
||||
)
|
||||
{
|
||||
IoWrite8 (PCAT_RTC_ADDRESS_REGISTER, (UINT8) (Address | (UINT8) (IoRead8 (PCAT_RTC_ADDRESS_REGISTER) & BIT7)));
|
||||
return IoRead8 (PCAT_RTC_DATA_REGISTER);
|
||||
}
|
||||
|
||||
/* Get the system time as seconds elapsed since midnight, January 1, 1970. */
|
||||
//INTN time(
|
||||
// INTN *timer
|
||||
// )
|
||||
time_t time (time_t *timer)
|
||||
{
|
||||
UINT16 Year;
|
||||
UINT8 Month;
|
||||
UINT8 Day;
|
||||
UINT8 Hour;
|
||||
UINT8 Minute;
|
||||
UINT8 Second;
|
||||
UINT8 Century;
|
||||
RTC_REGISTER_A RegisterA;
|
||||
RTC_REGISTER_B RegisterB;
|
||||
BOOLEAN IsPM;
|
||||
UINT16 YearIndex;
|
||||
|
||||
RegisterA.Data = RtcRead (RTC_ADDRESS_REGISTER_A);
|
||||
while (RegisterA.Bits.UIP == 1) {
|
||||
CpuPause();
|
||||
RegisterA.Data = RtcRead (RTC_ADDRESS_REGISTER_A);
|
||||
}
|
||||
|
||||
Second = RtcRead (RTC_ADDRESS_SECONDS);
|
||||
Minute = RtcRead (RTC_ADDRESS_MINUTES);
|
||||
Hour = RtcRead (RTC_ADDRESS_HOURS);
|
||||
Day = RtcRead (RTC_ADDRESS_DAY_OF_THE_MONTH);
|
||||
Month = RtcRead (RTC_ADDRESS_MONTH);
|
||||
Year = RtcRead (RTC_ADDRESS_YEAR);
|
||||
Century = RtcRead (RTC_ADDRESS_CENTURY);
|
||||
|
||||
RegisterB.Data = RtcRead (RTC_ADDRESS_REGISTER_B);
|
||||
|
||||
if ((Hour & BIT7) != 0) {
|
||||
IsPM = TRUE;
|
||||
} else {
|
||||
IsPM = FALSE;
|
||||
}
|
||||
Hour = (UINT8) (Hour & 0x7f);
|
||||
|
||||
if (RegisterB.Bits.DM == 0) {
|
||||
Year = BcdToDecimal8 ((UINT8) Year);
|
||||
Month = BcdToDecimal8 (Month);
|
||||
Day = BcdToDecimal8 (Day);
|
||||
Hour = BcdToDecimal8 (Hour);
|
||||
Minute = BcdToDecimal8 (Minute);
|
||||
Second = BcdToDecimal8 (Second);
|
||||
}
|
||||
Century = BcdToDecimal8 (Century);
|
||||
|
||||
Year = (UINT16) (Century * 100 + Year);
|
||||
|
||||
//
|
||||
// If time is in 12 hour format, convert it to 24 hour format
|
||||
//
|
||||
if (RegisterB.Bits.MIL == 0) {
|
||||
if (IsPM && Hour < 12) {
|
||||
Hour = (UINT8) (Hour + 12);
|
||||
}
|
||||
if (!IsPM && Hour == 12) {
|
||||
Hour = 0;
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// Years Handling
|
||||
// UTime should now be set to 00:00:00 on Jan 1 of the current year.
|
||||
//
|
||||
for (YearIndex = 1970, *timer = 0; YearIndex != Year; YearIndex++) {
|
||||
*timer = *timer + (time_t)(CumulativeDays[IsLeap(YearIndex)][13] * SECSPERDAY);
|
||||
}
|
||||
|
||||
//
|
||||
// Add in number of seconds for current Month, Day, Hour, Minute, Seconds, and TimeZone adjustment
|
||||
//
|
||||
ASSERT (Month <= 12);
|
||||
*timer = *timer +
|
||||
(time_t)(CumulativeDays[IsLeap(Year)][Month] * SECSPERDAY) +
|
||||
(time_t)((Day - 1) * SECSPERDAY) +
|
||||
(time_t)(Hour * SECSPERHOUR) +
|
||||
(time_t)(Minute * 60) +
|
||||
(time_t)Second;
|
||||
|
||||
return *timer;
|
||||
}
|
Reference in New Issue
Block a user