CryptoPkg: Add Null instance of the BaseCryptLib class
https://bugzilla.tianocore.org/show_bug.cgi?id=2257 Add a Null instance of the BaseCryptLib class. This lib instance can be used as a template for new implementations of the BaseCryptLib class and can also be used to reduce CI build times for build checks that depend on the BaseCryptLib class. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
This commit is contained in:
committed by
Michael D Kinney
parent
20c082e8d7
commit
d95de082da
@@ -0,0 +1,45 @@
|
||||
/** @file
|
||||
Authenticode Portable Executable Signature Verification which does not provide
|
||||
real capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Verifies the validity of a PE/COFF Authenticode Signature as described in "Windows
|
||||
Authenticode Portable Executable Signature Format".
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] AuthData Pointer to the Authenticode Signature retrieved from signed
|
||||
PE/COFF image to be verified.
|
||||
@param[in] DataSize Size of the Authenticode Signature in bytes.
|
||||
@param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
|
||||
is used for certificate chain verification.
|
||||
@param[in] CertSize Size of the trusted certificate in bytes.
|
||||
@param[in] ImageHash Pointer to the original image file hash value. The procedure
|
||||
for calculating the image hash value is described in Authenticode
|
||||
specification.
|
||||
@param[in] HashSize Size of Image hash value in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
AuthenticodeVerify (
|
||||
IN CONST UINT8 *AuthData,
|
||||
IN UINTN DataSize,
|
||||
IN CONST UINT8 *TrustedCert,
|
||||
IN UINTN CertSize,
|
||||
IN CONST UINT8 *ImageHash,
|
||||
IN UINTN HashSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
150
CryptoPkg/Library/BaseCryptLibNull/Pk/CryptDhNull.c
Normal file
150
CryptoPkg/Library/BaseCryptLibNull/Pk/CryptDhNull.c
Normal file
@@ -0,0 +1,150 @@
|
||||
/** @file
|
||||
Diffie-Hellman Wrapper Implementation which does not provide
|
||||
real capabilities.
|
||||
|
||||
Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Allocates and Initializes one Diffie-Hellman Context for subsequent use.
|
||||
|
||||
@return Pointer to the Diffie-Hellman Context that has been initialized.
|
||||
If the interface is not supported, DhNew() returns NULL.
|
||||
|
||||
**/
|
||||
VOID *
|
||||
EFIAPI
|
||||
DhNew (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/**
|
||||
Release the specified DH context.
|
||||
|
||||
If the interface is not supported, then ASSERT().
|
||||
|
||||
@param[in] DhContext Pointer to the DH context to be released.
|
||||
|
||||
**/
|
||||
VOID
|
||||
EFIAPI
|
||||
DhFree (
|
||||
IN VOID *DhContext
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
Generates DH parameter.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] DhContext Pointer to the DH context.
|
||||
@param[in] Generator Value of generator.
|
||||
@param[in] PrimeLength Length in bits of prime to be generated.
|
||||
@param[out] Prime Pointer to the buffer to receive the generated prime number.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
DhGenerateParameter (
|
||||
IN OUT VOID *DhContext,
|
||||
IN UINTN Generator,
|
||||
IN UINTN PrimeLength,
|
||||
OUT UINT8 *Prime
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Sets generator and prime parameters for DH.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] DhContext Pointer to the DH context.
|
||||
@param[in] Generator Value of generator.
|
||||
@param[in] PrimeLength Length in bits of prime to be generated.
|
||||
@param[in] Prime Pointer to the prime number.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
DhSetParameter (
|
||||
IN OUT VOID *DhContext,
|
||||
IN UINTN Generator,
|
||||
IN UINTN PrimeLength,
|
||||
IN CONST UINT8 *Prime
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Generates DH public key.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] DhContext Pointer to the DH context.
|
||||
@param[out] PublicKey Pointer to the buffer to receive generated public key.
|
||||
@param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes.
|
||||
On output, the size of data returned in PublicKey buffer in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
DhGenerateKey (
|
||||
IN OUT VOID *DhContext,
|
||||
OUT UINT8 *PublicKey,
|
||||
IN OUT UINTN *PublicKeySize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Computes exchanged common key.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] DhContext Pointer to the DH context.
|
||||
@param[in] PeerPublicKey Pointer to the peer's public key.
|
||||
@param[in] PeerPublicKeySize Size of peer's public key in bytes.
|
||||
@param[out] Key Pointer to the buffer to receive generated key.
|
||||
@param[in, out] KeySize On input, the size of Key buffer in bytes.
|
||||
On output, the size of data returned in Key buffer in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
DhComputeKey (
|
||||
IN OUT VOID *DhContext,
|
||||
IN CONST UINT8 *PeerPublicKey,
|
||||
IN UINTN PeerPublicKeySize,
|
||||
OUT UINT8 *Key,
|
||||
IN OUT UINTN *KeySize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
51
CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c
Normal file
51
CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c
Normal file
@@ -0,0 +1,51 @@
|
||||
/** @file
|
||||
This file contains UEFI wrapper functions for RSA PKCS1v2 OAEP encryption routines.
|
||||
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
Copyright (C) 2016 Microsoft Corporation. All Rights Reserved.
|
||||
Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the
|
||||
encrypted message in a newly allocated buffer.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] PublicKey A pointer to the DER-encoded X509 certificate that
|
||||
will be used to encrypt the data.
|
||||
@param[in] PublicKeySize Size of the X509 cert buffer.
|
||||
@param[in] InData Data to be encrypted.
|
||||
@param[in] InDataSize Size of the data buffer.
|
||||
@param[in] PrngSeed [Optional] If provided, a pointer to a random seed buffer
|
||||
to be used when initializing the PRNG. NULL otherwise.
|
||||
@param[in] PrngSeedSize [Optional] If provided, size of the random seed buffer.
|
||||
0 otherwise.
|
||||
@param[out] EncryptedData Pointer to an allocated buffer containing the encrypted
|
||||
message.
|
||||
@param[out] EncryptedDataSize Size of the encrypted message buffer.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Pkcs1v2Encrypt (
|
||||
IN CONST UINT8 *PublicKey,
|
||||
IN UINTN PublicKeySize,
|
||||
IN UINT8 *InData,
|
||||
IN UINTN InDataSize,
|
||||
IN CONST UINT8 *PrngSeed, OPTIONAL
|
||||
IN UINTN PrngSeedSize, OPTIONAL
|
||||
OUT UINT8 **EncryptedData,
|
||||
OUT UINTN *EncryptedDataSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
48
CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs5Pbkdf2Null.c
Normal file
48
CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs5Pbkdf2Null.c
Normal file
@@ -0,0 +1,48 @@
|
||||
/** @file
|
||||
PBKDF2 Key Derivation Function Wrapper Implementation which does not provide real
|
||||
capabilities.
|
||||
|
||||
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Derives a key from a password using a salt and iteration count, based on PKCS#5 v2.0
|
||||
password based encryption key derivation function PBKDF2, as specified in RFC 2898.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] PasswordLength Length of input password in bytes.
|
||||
@param[in] Password Pointer to the array for the password.
|
||||
@param[in] SaltLength Size of the Salt in bytes.
|
||||
@param[in] Salt Pointer to the Salt.
|
||||
@param[in] IterationCount Number of iterations to perform. Its value should be
|
||||
greater than or equal to 1.
|
||||
@param[in] DigestSize Size of the message digest to be used (eg. SHA256_DIGEST_SIZE).
|
||||
NOTE: DigestSize will be used to determine the hash algorithm.
|
||||
Only SHA1_DIGEST_SIZE or SHA256_DIGEST_SIZE is supported.
|
||||
@param[in] KeyLength Size of the derived key buffer in bytes.
|
||||
@param[out] OutKey Pointer to the output derived key buffer.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Pkcs5HashPassword (
|
||||
IN UINTN PasswordLength,
|
||||
IN CONST CHAR8 *Password,
|
||||
IN UINTN SaltLength,
|
||||
IN CONST UINT8 *Salt,
|
||||
IN UINTN IterationCount,
|
||||
IN UINTN DigestSize,
|
||||
IN UINTN KeyLength,
|
||||
OUT UINT8 *OutKey
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
54
CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs7SignNull.c
Normal file
54
CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs7SignNull.c
Normal file
@@ -0,0 +1,54 @@
|
||||
/** @file
|
||||
PKCS#7 SignedData Sign Wrapper Implementation which does not provide real
|
||||
capabilities.
|
||||
|
||||
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
|
||||
Syntax Standard, version 1.5". This interface is only intended to be used for
|
||||
application to perform PKCS#7 functionality validation.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] PrivateKey Pointer to the PEM-formatted private key data for
|
||||
data signing.
|
||||
@param[in] PrivateKeySize Size of the PEM private key data in bytes.
|
||||
@param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM
|
||||
key data.
|
||||
@param[in] InData Pointer to the content to be signed.
|
||||
@param[in] InDataSize Size of InData in bytes.
|
||||
@param[in] SignCert Pointer to signer's DER-encoded certificate to sign with.
|
||||
@param[in] OtherCerts Pointer to an optional additional set of certificates to
|
||||
include in the PKCS#7 signedData (e.g. any intermediate
|
||||
CAs in the chain).
|
||||
@param[out] SignedData Pointer to output PKCS#7 signedData. It's caller's
|
||||
responsibility to free the buffer with FreePool().
|
||||
@param[out] SignedDataSize Size of SignedData in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Pkcs7Sign (
|
||||
IN CONST UINT8 *PrivateKey,
|
||||
IN UINTN PrivateKeySize,
|
||||
IN CONST UINT8 *KeyPassword,
|
||||
IN UINT8 *InData,
|
||||
IN UINTN InDataSize,
|
||||
IN UINT8 *SignCert,
|
||||
IN UINT8 *OtherCerts OPTIONAL,
|
||||
OUT UINT8 **SignedData,
|
||||
OUT UINTN *SignedDataSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
156
CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs7VerifyEkuNull.c
Normal file
156
CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs7VerifyEkuNull.c
Normal file
@@ -0,0 +1,156 @@
|
||||
/** @file
|
||||
PKCS7 Verify Null implementation.
|
||||
|
||||
Copyright (C) Microsoft Corporation. All Rights Reserved.
|
||||
Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
|
||||
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
This function will return the leaf signer certificate in a chain. This is
|
||||
required because certificate chains are not guaranteed to have the
|
||||
certificates in the order that they were issued.
|
||||
|
||||
A typical certificate chain looks like this:
|
||||
|
||||
|
||||
----------------------------
|
||||
| Root |
|
||||
----------------------------
|
||||
^
|
||||
|
|
||||
----------------------------
|
||||
| Policy CA | <-- Typical Trust Anchor.
|
||||
----------------------------
|
||||
^
|
||||
|
|
||||
----------------------------
|
||||
| Issuing CA |
|
||||
----------------------------
|
||||
^
|
||||
|
|
||||
-----------------------------
|
||||
/ End-Entity (leaf) signer / <-- Bottom certificate.
|
||||
----------------------------- EKU: "1.3.6.1.4.1.311.76.9.21.1"
|
||||
(Firmware Signing)
|
||||
|
||||
|
||||
@param[in] CertChain Certificate chain.
|
||||
|
||||
@param[out] SignerCert Last certificate in the chain. For PKCS7 signatures,
|
||||
this will be the end-entity (leaf) signer cert.
|
||||
|
||||
@retval EFI_SUCCESS The required EKUs were found in the signature.
|
||||
@retval EFI_INVALID_PARAMETER A parameter was invalid.
|
||||
@retval EFI_NOT_FOUND The number of signers found was not 1.
|
||||
|
||||
**/
|
||||
EFI_STATUS
|
||||
GetSignerCertificate (
|
||||
IN CONST VOID *CertChain,
|
||||
OUT VOID **SignerCert
|
||||
)
|
||||
{
|
||||
ASSERT(FALSE);
|
||||
return EFI_NOT_READY;
|
||||
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Determines if the specified EKU represented in ASN1 form is present
|
||||
in a given certificate.
|
||||
|
||||
@param[in] Cert The certificate to check.
|
||||
|
||||
@param[in] Asn1ToFind The EKU to look for.
|
||||
|
||||
@retval EFI_SUCCESS We successfully identified the signing type.
|
||||
@retval EFI_INVALID_PARAMETER A parameter was invalid.
|
||||
@retval EFI_NOT_FOUND One or more EKU's were not found in the signature.
|
||||
|
||||
**/
|
||||
EFI_STATUS
|
||||
IsEkuInCertificate (
|
||||
IN CONST VOID *Cert,
|
||||
IN VOID *Asn1ToFind
|
||||
)
|
||||
{
|
||||
ASSERT(FALSE);
|
||||
return EFI_NOT_READY;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Determines if the specified EKUs are present in a signing certificate.
|
||||
|
||||
@param[in] SignerCert The certificate to check.
|
||||
@param[in] RequiredEKUs The EKUs to look for.
|
||||
@param[in] RequiredEKUsSize The number of EKUs
|
||||
@param[in] RequireAllPresent If TRUE, then all the specified EKUs
|
||||
must be present in the certificate.
|
||||
|
||||
@retval EFI_SUCCESS We successfully identified the signing type.
|
||||
@retval EFI_INVALID_PARAMETER A parameter was invalid.
|
||||
@retval EFI_NOT_FOUND One or more EKU's were not found in the signature.
|
||||
**/
|
||||
EFI_STATUS
|
||||
CheckEKUs(
|
||||
IN CONST VOID *SignerCert,
|
||||
IN CONST CHAR8 *RequiredEKUs[],
|
||||
IN CONST UINT32 RequiredEKUsSize,
|
||||
IN BOOLEAN RequireAllPresent
|
||||
)
|
||||
{
|
||||
ASSERT(FALSE);
|
||||
return EFI_NOT_READY;
|
||||
}
|
||||
|
||||
/**
|
||||
This function receives a PKCS#7 formatted signature blob,
|
||||
looks for the EKU SEQUENCE blob, and if found then looks
|
||||
for all the required EKUs. This function was created so that
|
||||
the Surface team can cut down on the number of Certificate
|
||||
Authorities (CA's) by checking EKU's on leaf signers for
|
||||
a specific product. This prevents one product's certificate
|
||||
from signing another product's firmware or unlock blobs.
|
||||
|
||||
Note that this function does not validate the certificate chain.
|
||||
That needs to be done before using this function.
|
||||
|
||||
@param[in] Pkcs7Signature The PKCS#7 signed information content block. An array
|
||||
containing the content block with both the signature,
|
||||
the signer's certificate, and any necessary intermediate
|
||||
certificates.
|
||||
@param[in] Pkcs7SignatureSize Number of bytes in Pkcs7Signature.
|
||||
@param[in] RequiredEKUs Array of null-terminated strings listing OIDs of
|
||||
required EKUs that must be present in the signature.
|
||||
@param[in] RequiredEKUsSize Number of elements in the RequiredEKUs string array.
|
||||
@param[in] RequireAllPresent If this is TRUE, then all of the specified EKU's
|
||||
must be present in the leaf signer. If it is
|
||||
FALSE, then we will succeed if we find any
|
||||
of the specified EKU's.
|
||||
|
||||
@retval EFI_SUCCESS The required EKUs were found in the signature.
|
||||
@retval EFI_INVALID_PARAMETER A parameter was invalid.
|
||||
@retval EFI_NOT_FOUND One or more EKU's were not found in the signature.
|
||||
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
VerifyEKUsInPkcs7Signature (
|
||||
IN CONST UINT8 *Pkcs7Signature,
|
||||
IN CONST UINT32 SignatureSize,
|
||||
IN CONST CHAR8 *RequiredEKUs[],
|
||||
IN CONST UINT32 RequiredEKUsSize,
|
||||
IN BOOLEAN RequireAllPresent
|
||||
)
|
||||
{
|
||||
ASSERT(FALSE);
|
||||
return EFI_NOT_READY;
|
||||
}
|
||||
|
163
CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs7VerifyNull.c
Normal file
163
CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs7VerifyNull.c
Normal file
@@ -0,0 +1,163 @@
|
||||
/** @file
|
||||
PKCS#7 SignedData Verification Wrapper Implementation which does not provide
|
||||
real capabilities.
|
||||
|
||||
Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:
|
||||
Cryptographic Message Syntax Standard". The input signed data could be wrapped
|
||||
in a ContentInfo structure.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] P7Data Pointer to the PKCS#7 message to verify.
|
||||
@param[in] P7Length Length of the PKCS#7 message in bytes.
|
||||
@param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.
|
||||
It's caller's responsibility to free the buffer with
|
||||
Pkcs7FreeSigners().
|
||||
This data structure is EFI_CERT_STACK type.
|
||||
@param[out] StackLength Length of signer's certificates in bytes.
|
||||
@param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.
|
||||
It's caller's responsibility to free the buffer with
|
||||
Pkcs7FreeSigners().
|
||||
@param[out] CertLength Length of the trusted certificate in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Pkcs7GetSigners (
|
||||
IN CONST UINT8 *P7Data,
|
||||
IN UINTN P7Length,
|
||||
OUT UINT8 **CertStack,
|
||||
OUT UINTN *StackLength,
|
||||
OUT UINT8 **TrustedCert,
|
||||
OUT UINTN *CertLength
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Wrap function to use free() to free allocated memory for certificates.
|
||||
|
||||
If the interface is not supported, then ASSERT().
|
||||
|
||||
@param[in] Certs Pointer to the certificates to be freed.
|
||||
|
||||
**/
|
||||
VOID
|
||||
EFIAPI
|
||||
Pkcs7FreeSigners (
|
||||
IN UINT8 *Certs
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
Retrieves all embedded certificates from PKCS#7 signed data as described in "PKCS #7:
|
||||
Cryptographic Message Syntax Standard", and outputs two certificate lists chained and
|
||||
unchained to the signer's certificates.
|
||||
The input signed data could be wrapped in a ContentInfo structure.
|
||||
|
||||
@param[in] P7Data Pointer to the PKCS#7 message.
|
||||
@param[in] P7Length Length of the PKCS#7 message in bytes.
|
||||
@param[out] SignerChainCerts Pointer to the certificates list chained to signer's
|
||||
certificate. It's caller's responsibility to free the buffer
|
||||
with Pkcs7FreeSigners().
|
||||
This data structure is EFI_CERT_STACK type.
|
||||
@param[out] ChainLength Length of the chained certificates list buffer in bytes.
|
||||
@param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's
|
||||
responsibility to free the buffer with Pkcs7FreeSigners().
|
||||
This data structure is EFI_CERT_STACK type.
|
||||
@param[out] UnchainLength Length of the unchained certificates list buffer in bytes.
|
||||
|
||||
@retval TRUE The operation is finished successfully.
|
||||
@retval FALSE Error occurs during the operation.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Pkcs7GetCertificatesList (
|
||||
IN CONST UINT8 *P7Data,
|
||||
IN UINTN P7Length,
|
||||
OUT UINT8 **SignerChainCerts,
|
||||
OUT UINTN *ChainLength,
|
||||
OUT UINT8 **UnchainCerts,
|
||||
OUT UINTN *UnchainLength
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Verifies the validity of a PKCS#7 signed data as described in "PKCS #7:
|
||||
Cryptographic Message Syntax Standard". The input signed data could be wrapped
|
||||
in a ContentInfo structure.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] P7Data Pointer to the PKCS#7 message to verify.
|
||||
@param[in] P7Length Length of the PKCS#7 message in bytes.
|
||||
@param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
|
||||
is used for certificate chain verification.
|
||||
@param[in] CertLength Length of the trusted certificate in bytes.
|
||||
@param[in] InData Pointer to the content to be verified.
|
||||
@param[in] DataLength Length of InData in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Pkcs7Verify (
|
||||
IN CONST UINT8 *P7Data,
|
||||
IN UINTN P7Length,
|
||||
IN CONST UINT8 *TrustedCert,
|
||||
IN UINTN CertLength,
|
||||
IN CONST UINT8 *InData,
|
||||
IN UINTN DataLength
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Extracts the attached content from a PKCS#7 signed data if existed. The input signed
|
||||
data could be wrapped in a ContentInfo structure.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] P7Data Pointer to the PKCS#7 signed data to process.
|
||||
@param[in] P7Length Length of the PKCS#7 signed data in bytes.
|
||||
@param[out] Content Pointer to the extracted content from the PKCS#7 signedData.
|
||||
It's caller's responsibility to free the buffer with FreePool().
|
||||
@param[out] ContentSize The size of the extracted content in bytes.
|
||||
|
||||
@retval TRUE The P7Data was correctly formatted for processing.
|
||||
@retval FALSE The P7Data was not correctly formatted for processing.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Pkcs7GetAttachedContent (
|
||||
IN CONST UINT8 *P7Data,
|
||||
IN UINTN P7Length,
|
||||
OUT VOID **Content,
|
||||
OUT UINTN *ContentSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
121
CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaBasicNull.c
Normal file
121
CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaBasicNull.c
Normal file
@@ -0,0 +1,121 @@
|
||||
/** @file
|
||||
RSA Asymmetric Cipher Wrapper Null Implementation.
|
||||
|
||||
This file implements following APIs which provide basic capabilities for RSA:
|
||||
1) RsaNew
|
||||
2) RsaFree
|
||||
3) RsaSetKey
|
||||
4) RsaPkcs1Verify
|
||||
|
||||
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Allocates and initializes one RSA context for subsequent use.
|
||||
|
||||
@return Pointer to the RSA context that has been initialized.
|
||||
If the allocations fails, RsaNew() returns NULL.
|
||||
|
||||
**/
|
||||
VOID *
|
||||
EFIAPI
|
||||
RsaNew (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
//
|
||||
// Allocates & Initializes RSA Context
|
||||
//
|
||||
ASSERT (FALSE);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/**
|
||||
Release the specified RSA context.
|
||||
|
||||
@param[in] RsaContext Pointer to the RSA context to be released.
|
||||
|
||||
**/
|
||||
VOID
|
||||
EFIAPI
|
||||
RsaFree (
|
||||
IN VOID *RsaContext
|
||||
)
|
||||
{
|
||||
//
|
||||
// Free RSA Context
|
||||
//
|
||||
ASSERT (FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
Sets the tag-designated key component into the established RSA context.
|
||||
|
||||
This function sets the tag-designated RSA key component into the established
|
||||
RSA context from the user-specified non-negative integer (octet string format
|
||||
represented in RSA PKCS#1).
|
||||
If BigNumber is NULL, then the specified key component in RSA context is cleared.
|
||||
|
||||
If RsaContext is NULL, then return FALSE.
|
||||
|
||||
@param[in, out] RsaContext Pointer to RSA context being set.
|
||||
@param[in] KeyTag Tag of RSA key component being set.
|
||||
@param[in] BigNumber Pointer to octet integer buffer.
|
||||
If NULL, then the specified key component in RSA
|
||||
context is cleared.
|
||||
@param[in] BnSize Size of big number buffer in bytes.
|
||||
If BigNumber is NULL, then it is ignored.
|
||||
|
||||
@retval TRUE RSA key component was set successfully.
|
||||
@retval FALSE Invalid RSA key component tag.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaSetKey (
|
||||
IN OUT VOID *RsaContext,
|
||||
IN RSA_KEY_TAG KeyTag,
|
||||
IN CONST UINT8 *BigNumber,
|
||||
IN UINTN BnSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in
|
||||
RSA PKCS#1.
|
||||
|
||||
If RsaContext is NULL, then return FALSE.
|
||||
If MessageHash is NULL, then return FALSE.
|
||||
If Signature is NULL, then return FALSE.
|
||||
If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
|
||||
|
||||
@param[in] RsaContext Pointer to RSA context for signature verification.
|
||||
@param[in] MessageHash Pointer to octet message hash to be checked.
|
||||
@param[in] HashSize Size of the message hash in bytes.
|
||||
@param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.
|
||||
@param[in] SigSize Size of signature in bytes.
|
||||
|
||||
@retval TRUE Valid signature encoded in PKCS1-v1_5.
|
||||
@retval FALSE Invalid signature or invalid RSA context.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaPkcs1Verify (
|
||||
IN VOID *RsaContext,
|
||||
IN CONST UINT8 *MessageHash,
|
||||
IN UINTN HashSize,
|
||||
IN CONST UINT8 *Signature,
|
||||
IN UINTN SigSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
119
CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaExtNull.c
Normal file
119
CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaExtNull.c
Normal file
@@ -0,0 +1,119 @@
|
||||
/** @file
|
||||
RSA Asymmetric Cipher Wrapper Null Implementation.
|
||||
|
||||
This file does not provide real capabilities for following APIs in RSA handling:
|
||||
1) RsaGetKey
|
||||
2) RsaGenerateKey
|
||||
3) RsaCheckKey
|
||||
4) RsaPkcs1Sign
|
||||
|
||||
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Gets the tag-designated RSA key component from the established RSA context.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] RsaContext Pointer to RSA context being set.
|
||||
@param[in] KeyTag Tag of RSA key component being set.
|
||||
@param[out] BigNumber Pointer to octet integer buffer.
|
||||
@param[in, out] BnSize On input, the size of big number buffer in bytes.
|
||||
On output, the size of data returned in big number buffer in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaGetKey (
|
||||
IN OUT VOID *RsaContext,
|
||||
IN RSA_KEY_TAG KeyTag,
|
||||
OUT UINT8 *BigNumber,
|
||||
IN OUT UINTN *BnSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Generates RSA key components.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] RsaContext Pointer to RSA context being set.
|
||||
@param[in] ModulusLength Length of RSA modulus N in bits.
|
||||
@param[in] PublicExponent Pointer to RSA public exponent.
|
||||
@param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaGenerateKey (
|
||||
IN OUT VOID *RsaContext,
|
||||
IN UINTN ModulusLength,
|
||||
IN CONST UINT8 *PublicExponent,
|
||||
IN UINTN PublicExponentSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Validates key components of RSA context.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] RsaContext Pointer to RSA context to check.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaCheckKey (
|
||||
IN VOID *RsaContext
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] RsaContext Pointer to RSA context for signature generation.
|
||||
@param[in] MessageHash Pointer to octet message hash to be signed.
|
||||
@param[in] HashSize Size of the message hash in bytes.
|
||||
@param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature.
|
||||
@param[in, out] SigSize On input, the size of Signature buffer in bytes.
|
||||
On output, the size of data returned in Signature buffer in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaPkcs1Sign (
|
||||
IN VOID *RsaContext,
|
||||
IN CONST UINT8 *MessageHash,
|
||||
IN UINTN HashSize,
|
||||
OUT UINT8 *Signature,
|
||||
IN OUT UINTN *SigSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
42
CryptoPkg/Library/BaseCryptLibNull/Pk/CryptTsNull.c
Normal file
42
CryptoPkg/Library/BaseCryptLibNull/Pk/CryptTsNull.c
Normal file
@@ -0,0 +1,42 @@
|
||||
/** @file
|
||||
RFC3161 Timestamp Countersignature Verification Wrapper Implementation which does
|
||||
not provide real capabilities.
|
||||
|
||||
Copyright (c) 2014, Intel Corporation. All rights reserved.<BR>
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Verifies the validity of a RFC3161 Timestamp CounterSignature embedded in PE/COFF Authenticode
|
||||
signature.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] AuthData Pointer to the Authenticode Signature retrieved from signed
|
||||
PE/COFF image to be verified.
|
||||
@param[in] DataSize Size of the Authenticode Signature in bytes.
|
||||
@param[in] TsaCert Pointer to a trusted/root TSA certificate encoded in DER, which
|
||||
is used for TSA certificate chain verification.
|
||||
@param[in] CertSize Size of the trusted certificate in bytes.
|
||||
@param[out] SigningTime Return the time of timestamp generation time if the timestamp
|
||||
signature is valid.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
ImageTimestampVerify (
|
||||
IN CONST UINT8 *AuthData,
|
||||
IN UINTN DataSize,
|
||||
IN CONST UINT8 *TsaCert,
|
||||
IN UINTN CertSize,
|
||||
OUT EFI_TIME *SigningTime
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
264
CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c
Normal file
264
CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c
Normal file
@@ -0,0 +1,264 @@
|
||||
/** @file
|
||||
X.509 Certificate Handler Wrapper Implementation which does not provide
|
||||
real capabilities.
|
||||
|
||||
Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
/**
|
||||
Construct a X509 object from DER-encoded certificate data.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] Cert Pointer to the DER-encoded certificate data.
|
||||
@param[in] CertSize The size of certificate data in bytes.
|
||||
@param[out] SingleX509Cert The generated X509 object.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
X509ConstructCertificate (
|
||||
IN CONST UINT8 *Cert,
|
||||
IN UINTN CertSize,
|
||||
OUT UINT8 **SingleX509Cert
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Construct a X509 stack object from a list of DER-encoded certificate data.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object.
|
||||
On output, pointer to the X509 stack object with new
|
||||
inserted X509 certificate.
|
||||
@param ... A list of DER-encoded single certificate data followed
|
||||
by certificate size. A NULL terminates the list. The
|
||||
pairs are the arguments to X509ConstructCertificate().
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
X509ConstructCertificateStack (
|
||||
IN OUT UINT8 **X509Stack,
|
||||
...
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Release the specified X509 object.
|
||||
|
||||
If the interface is not supported, then ASSERT().
|
||||
|
||||
@param[in] X509Cert Pointer to the X509 object to be released.
|
||||
|
||||
**/
|
||||
VOID
|
||||
EFIAPI
|
||||
X509Free (
|
||||
IN VOID *X509Cert
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
Release the specified X509 stack object.
|
||||
|
||||
If the interface is not supported, then ASSERT().
|
||||
|
||||
@param[in] X509Stack Pointer to the X509 stack object to be released.
|
||||
|
||||
**/
|
||||
VOID
|
||||
EFIAPI
|
||||
X509StackFree (
|
||||
IN VOID *X509Stack
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
Retrieve the subject bytes from one X.509 certificate.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] Cert Pointer to the DER-encoded X509 certificate.
|
||||
@param[in] CertSize Size of the X509 certificate in bytes.
|
||||
@param[out] CertSubject Pointer to the retrieved certificate subject bytes.
|
||||
@param[in, out] SubjectSize The size in bytes of the CertSubject buffer on input,
|
||||
and the size of buffer returned CertSubject on output.
|
||||
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
X509GetSubjectName (
|
||||
IN CONST UINT8 *Cert,
|
||||
IN UINTN CertSize,
|
||||
OUT UINT8 *CertSubject,
|
||||
IN OUT UINTN *SubjectSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Retrieve the common name (CN) string from one X.509 certificate.
|
||||
|
||||
Return RETURN_UNSUPPORTED to indicate this interface is not supported.
|
||||
|
||||
@param[in] Cert Pointer to the DER-encoded X509 certificate.
|
||||
@param[in] CertSize Size of the X509 certificate in bytes.
|
||||
@param[out] CommonName Buffer to contain the retrieved certificate common
|
||||
name string (UTF8). At most CommonNameSize bytes will be
|
||||
written and the string will be null terminated. May be
|
||||
NULL in order to determine the size buffer needed.
|
||||
@param[in,out] CommonNameSize The size in bytes of the CommonName buffer on input,
|
||||
and the size of buffer returned CommonName on output.
|
||||
If CommonName is NULL then the amount of space needed
|
||||
in buffer (including the final null) is returned.
|
||||
|
||||
@retval RETURN_UNSUPPORTED The operation is not supported.
|
||||
|
||||
**/
|
||||
RETURN_STATUS
|
||||
EFIAPI
|
||||
X509GetCommonName (
|
||||
IN CONST UINT8 *Cert,
|
||||
IN UINTN CertSize,
|
||||
OUT CHAR8 *CommonName, OPTIONAL
|
||||
IN OUT UINTN *CommonNameSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return RETURN_UNSUPPORTED;
|
||||
}
|
||||
|
||||
/**
|
||||
Retrieve the organization name (ON) string from one X.509 certificate.
|
||||
|
||||
Return RETURN_UNSUPPORTED to indicate this interface is not supported.
|
||||
|
||||
@param[in] Cert Pointer to the DER-encoded X509 certificate.
|
||||
@param[in] CertSize Size of the X509 certificate in bytes.
|
||||
@param[out] NameBuffer Buffer to contain the retrieved certificate organization
|
||||
name string. At most NameBufferSize bytes will be
|
||||
written and the string will be null terminated. May be
|
||||
NULL in order to determine the size buffer needed.
|
||||
@param[in,out] NameBufferSize The size in bytes of the Name buffer on input,
|
||||
and the size of buffer returned Name on output.
|
||||
If NameBuffer is NULL then the amount of space needed
|
||||
in buffer (including the final null) is returned.
|
||||
|
||||
@retval RETURN_UNSUPPORTED The operation is not supported.
|
||||
|
||||
**/
|
||||
RETURN_STATUS
|
||||
EFIAPI
|
||||
X509GetOrganizationName (
|
||||
IN CONST UINT8 *Cert,
|
||||
IN UINTN CertSize,
|
||||
OUT CHAR8 *NameBuffer, OPTIONAL
|
||||
IN OUT UINTN *NameBufferSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return RETURN_UNSUPPORTED;
|
||||
}
|
||||
|
||||
/**
|
||||
Retrieve the RSA Public Key from one DER-encoded X509 certificate.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] Cert Pointer to the DER-encoded X509 certificate.
|
||||
@param[in] CertSize Size of the X509 certificate in bytes.
|
||||
@param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved
|
||||
RSA public key component. Use RsaFree() function to free the
|
||||
resource.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
RsaGetPublicKeyFromX509 (
|
||||
IN CONST UINT8 *Cert,
|
||||
IN UINTN CertSize,
|
||||
OUT VOID **RsaContext
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Verify one X509 certificate was issued by the trusted CA.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] Cert Pointer to the DER-encoded X509 certificate to be verified.
|
||||
@param[in] CertSize Size of the X509 certificate in bytes.
|
||||
@param[in] CACert Pointer to the DER-encoded trusted CA certificate.
|
||||
@param[in] CACertSize Size of the CA Certificate in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
X509VerifyCert (
|
||||
IN CONST UINT8 *Cert,
|
||||
IN UINTN CertSize,
|
||||
IN CONST UINT8 *CACert,
|
||||
IN UINTN CACertSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Retrieve the TBSCertificate from one given X.509 certificate.
|
||||
|
||||
Return FALSE to indicate this interface is not supported.
|
||||
|
||||
@param[in] Cert Pointer to the given DER-encoded X509 certificate.
|
||||
@param[in] CertSize Size of the X509 certificate in bytes.
|
||||
@param[out] TBSCert DER-Encoded To-Be-Signed certificate.
|
||||
@param[out] TBSCertSize Size of the TBS certificate in bytes.
|
||||
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
X509GetTBSCert (
|
||||
IN CONST UINT8 *Cert,
|
||||
IN UINTN CertSize,
|
||||
OUT UINT8 **TBSCert,
|
||||
OUT UINTN *TBSCertSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
Reference in New Issue
Block a user