Home | History | Annotate | Download | only in IpSecDxe
      1 /** @file
      2   Definitions related to the Cryptographic Operations in IPsec.
      3 
      4   Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
      5 
      6   This program and the accompanying materials
      7   are licensed and made available under the terms and conditions of the BSD License
      8   which accompanies this distribution.  The full text of the license may be found at
      9   http://opensource.org/licenses/bsd-license.php.
     10 
     11   THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
     12   WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
     13 
     14 **/
     15 #ifndef _EFI_IPSEC_CRYPTIO_H_
     16 #define _EFI_IPSEC_CRYPTIO_H_
     17 
     18 #include <Protocol/IpSecConfig.h>
     19 #include <Library/DebugLib.h>
     20 #include <Library/BaseCryptLib.h>
     21 #include <Library/BaseMemoryLib.h>
     22 #include <Library/MemoryAllocationLib.h>
     23 
     24 #include "IpSecImpl.h"
     25 #include "IkeCommon.h"
     26 
     27 #define IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE 4
     28 #define IPSEC_AUTH_ALGORITHM_LIST_SIZE    3
     29 #define IPSEC_HASH_ALGORITHM_LIST_SIZE    3
     30 
     31 ///
     32 /// Authentication Algorithm Definition
     33 ///   The number value definition is aligned to IANA assignment
     34 ///
     35 #define IKE_AALG_NONE                0x00
     36 #define IKE_AALG_SHA1HMAC            0x02
     37 #define IKE_AALG_NULL                0xFB
     38 
     39 ///
     40 /// Encryption Algorithm Definition
     41 ///   The number value definition is aligned to IANA assignment
     42 ///
     43 #define IKE_EALG_NONE                0x00
     44 #define IKE_EALG_3DESCBC             0x03
     45 #define IKE_EALG_NULL                0x0B
     46 #define IKE_EALG_AESCBC              0x0C
     47 
     48 /**
     49   Prototype of HMAC GetContextSize.
     50 
     51   Retrieves the size, in bytes, of the context buffer required.
     52 
     53   @return  The size, in bytes, of the context buffer required.
     54 
     55 **/
     56 typedef
     57 UINTN
     58 (EFIAPI *CRYPTO_HMAC_GETCONTEXTSIZE)(
     59   VOID
     60   );
     61 
     62 /**
     63   Prototype of HMAC Operation Initiating.
     64 
     65   Initialization with a new context.
     66 
     67   @param[out]     Context  Input Context.
     68   @param[in]      Key      Pointer to the key for HMAC.
     69   @param[in]      KeySize  The length of the Key in bytes.
     70 
     71   @retval TRUE  Initialization Successfully.
     72 
     73 **/
     74 typedef
     75 BOOLEAN
     76 (EFIAPI *CRYPTO_HMAC_INIT)(
     77   OUT           VOID     *Context,
     78   IN     CONST  UINT8    *Key,
     79   IN            UINTN    KeySize
     80   );
     81 
     82 /**
     83   Prototype of HMAC update.
     84   HMAC update operation. Continue an HMAC message digest operation, processing
     85   another message block, and updating the HMAC context.
     86 
     87   If Context is NULL, then ASSERT().
     88   If Data is NULL, then ASSERT().
     89 
     90   @param[in,out]  Context     The Specified Context.
     91   @param[in,out]  Data        The Input Data to be digested.
     92   @param[in]      DataLength  The length, in bytes, of Data.
     93 
     94   @retval TRUE   Update data successfully.
     95   @retval FALSE  The Context has been finalized.
     96 
     97 **/
     98 typedef
     99 BOOLEAN
    100 (EFIAPI *CRYPTO_HMAC_UPDATE)(
    101   IN OUT       VOID  *Context,
    102   IN     CONST VOID  *Data,
    103   IN           UINTN DataLength
    104   );
    105 
    106 /**
    107   Prototype of HMAC finalization.
    108   Terminate a HMAC message digest operation and output the message digest.
    109 
    110   If Context is NULL, then ASSERT().
    111   If HashValue is NULL, then ASSERT().
    112 
    113   @param[in,out]  Context     The specified Context.
    114   @param[out]     HmacValue   Pointer to a 16-byte message digest output buffer.
    115 
    116   @retval TRUE  Finalized successfully.
    117 
    118 **/
    119 typedef
    120 BOOLEAN
    121 (EFIAPI *CRYPTO_HMAC_FINAL)(
    122   IN OUT  VOID   *Context,
    123      OUT  UINT8  *HmacValue
    124   );
    125 
    126 /**
    127   Prototype of Block Cipher GetContextSize.
    128 
    129   Retrieves the size, in bytes, of the context buffer required.
    130 
    131   @return  The size, in bytes, of the context buffer required.
    132 
    133 **/
    134 typedef
    135 UINTN
    136 (EFIAPI *CRYPTO_CIPHER_GETCONTEXTSIZE)(
    137   VOID
    138   );
    139 
    140 /**
    141   Prototype of Block Cipher initiation.
    142   Initializes the user-supplied key as the specified context (key materials) for both
    143   encryption and decryption operations.
    144 
    145   If Context is NULL, then ASSERT().
    146   If Key is NULL, then generate random key for usage.
    147 
    148   @param[in,out]  Context      The specified Context.
    149   @param[in]      Key          User-supplied cipher key.
    150   @param[in]      KeyBits      Key length in bits.
    151 
    152   @retval TRUE  Block Cipher Initialization was successful.
    153 
    154 **/
    155 typedef
    156 BOOLEAN
    157 (EFIAPI *CRYPTO_CIPHER_INIT)(
    158   IN OUT        VOID   *Context,
    159   IN      CONST UINT8  *Key,
    160   IN            UINTN  KeyBits
    161   );
    162 
    163 /**
    164   Prototype of Cipher encryption.
    165   Encrypts plaintext message with the specified cipher.
    166 
    167   If Context is NULL, then ASSERT().
    168   If InData is NULL, then ASSERT().
    169   If Size of input data is not multiple of Cipher algorithm related block size,
    170   then ASSERT().
    171 
    172   @param[in]      Context      The specified Context.
    173   @param[in]      InData       The input plaintext data to be encrypted.
    174   @param[in]      InputSize    The size of input data.
    175   @param[in]      Ivec         Pointer to Initial Vector data for encryption.
    176   @param[out]     OutData      The resultant encrypted ciphertext.
    177 
    178   @retval TRUE  Encryption successful.
    179 
    180 **/
    181 typedef
    182 BOOLEAN
    183 (EFIAPI *CRYPTO_CIPHER_ENCRYPT)(
    184   IN            VOID   *Context,
    185   IN      CONST UINT8  *InData,
    186   IN            UINTN  InputSize,
    187   IN      CONST UINT8  *Ivec,
    188       OUT       UINT8  *OutData
    189   );
    190 
    191 /**
    192   Prototype of Cipher decryption.
    193   Decrypts cipher message with specified cipher.
    194 
    195   If Context is NULL, then ASSERT().
    196   If InData is NULL, then ASSERT().
    197   If Size of input data is not a multiple of a certaion block size , then ASSERT().
    198 
    199   @param[in]      Context      The specified Context.
    200   @param[in]      InData       The input ciphertext data to be decrypted.
    201   @param[in]      InputSize    The InData size.
    202   @param[in]      Ivec         Pointer to the Initial Vector data for decryption.
    203   @param[out]     OutData      The resultant decrypted plaintext.
    204 
    205   @retval TRUE  Decryption successful.
    206 
    207 **/
    208 typedef
    209 BOOLEAN
    210 (EFIAPI *CRYPTO_CIPHER_DECRYPT)(
    211   IN           VOID   *Context,
    212   IN     CONST UINT8  *InData,
    213   IN           UINTN  InputSize,
    214   IN     CONST UINT8  *Ivec,
    215      OUT       UINT8  *OutData
    216   );
    217 
    218 /**
    219   Prototype of Hash ContextSize.
    220 
    221   Retrieves the size, in bytes, of the context buffer required for specified hash operations.
    222 
    223   @return  The size, in bytes, of the context buffer required for certain hash operations.
    224 
    225 **/
    226 typedef
    227 UINTN
    228 (EFIAPI *CRYPTO_HASH_GETCONTEXTSIZE)(
    229   VOID
    230   );
    231 
    232 /**
    233   Prototype of Hash Initiate.
    234 
    235   Initializes user-supplied memory pointed by Context as specified hash context for
    236   subsequent use.
    237 
    238   If Context is NULL, then ASSERT().
    239 
    240   @param[out]  Context  Pointer to specified context being initialized.
    241 
    242   @retval TRUE   context initialization succeeded.
    243   @retval FALSE  context initialization failed.
    244 
    245 **/
    246 typedef
    247 BOOLEAN
    248 (EFIAPI *CRYPTO_HASH_INIT)(
    249   OUT  VOID  *Context
    250   );
    251 
    252 /**
    253   Prototype of Hash Update
    254 
    255   Digests the input data and updates hash context.
    256 
    257   This function performs digest on a data buffer of the specified size.
    258   It can be called multiple times to compute the digest of long or discontinuous data streams.
    259   Context should be already correctly initialized by HashInit(), and should not be finalized
    260   by HashFinal(). Behavior with invalid context is undefined.
    261 
    262   If Context is NULL, then ASSERT().
    263 
    264   @param[in, out]  Context      Pointer to the specified context.
    265   @param[in]       Data         Pointer to the buffer containing the data to be hashed.
    266   @param[in]       DataSize     Size of Data buffer in bytes.
    267 
    268   @retval TRUE   data digest succeeded.
    269   @retval FALSE  data digest failed.
    270 
    271 **/
    272 typedef
    273 BOOLEAN
    274 (EFIAPI *CRYPTO_HASH_UPDATE)(
    275   IN OUT  VOID        *Context,
    276   IN      CONST VOID  *Data,
    277   IN      UINTN       DataSize
    278   );
    279 
    280 /**
    281   Prototype of Hash Finalization.
    282 
    283   Completes computation of the digest value.
    284 
    285   This function completes hash computation and retrieves the digest value into
    286   the specified memory. After this function has been called, the context cannot
    287   be used again.
    288   context should be already correctly initialized by HashInit(), and should not be
    289   finalized by HashFinal(). Behavior with invalid context is undefined.
    290 
    291   If Context is NULL, then ASSERT().
    292   If HashValue is NULL, then ASSERT().
    293 
    294   @param[in, out]  Context      Pointer to the specified context.
    295   @param[out]      HashValue    Pointer to a buffer that receives the digest
    296                                 value.
    297 
    298   @retval TRUE   digest computation succeeded.
    299   @retval FALSE  digest computation failed.
    300 
    301 **/
    302 typedef
    303 BOOLEAN
    304 (EFIAPI *CRYPTO_HASH_FINAL)(
    305   IN OUT  VOID   *Context,
    306   OUT     UINT8  *HashValue
    307   );
    308 
    309 //
    310 // The struct used to store the information and operation of Block Cipher algorithm.
    311 //
    312 typedef struct _ENCRYPT_ALGORITHM {
    313   //
    314   // The ID of the Algorithm
    315   //
    316   UINT8                     AlgorithmId;
    317   //
    318   // The Key length of the Algorithm
    319   //
    320   UINTN                     KeyLength;
    321   //
    322   // Iv Size of the Algorithm
    323   //
    324   UINTN                     IvLength;
    325   //
    326   // The Block Size of the Algorithm
    327   //
    328   UINTN                     BlockSize;
    329   //
    330   // The Function pointer of GetContextSize.
    331   //
    332   CRYPTO_CIPHER_GETCONTEXTSIZE CipherGetContextSize;
    333   //
    334   // The Function pointer of Cipher initiation.
    335   //
    336   CRYPTO_CIPHER_INIT           CipherInitiate;
    337   //
    338   // The Function pointer of Cipher Encryption.
    339   //
    340   CRYPTO_CIPHER_ENCRYPT        CipherEncrypt;
    341   //
    342   // The Function pointer of Cipher Decryption.
    343   //
    344   CRYPTO_CIPHER_DECRYPT        CipherDecrypt;
    345 } ENCRYPT_ALGORITHM;
    346 
    347 //
    348 // The struct used to store the information and operation of Authentication algorithm.
    349 //
    350 typedef struct _AUTH_ALGORITHM {
    351   //
    352   // ID of the Algorithm
    353   //
    354   UINT8                    AlgorithmId;
    355   //
    356   // The Key length of the Algorithm
    357   //
    358   UINTN                    DigestLength;
    359   //
    360   // The ICV length of the Algorithm
    361   //
    362   UINTN                    IcvLength;
    363   //
    364   // The block size of the Algorithm
    365   //
    366   UINTN                    BlockSize;
    367   //
    368   // The function pointer of GetContextSize.
    369   //
    370   CRYPTO_HMAC_GETCONTEXTSIZE  HmacGetContextSize;
    371   //
    372   // The function pointer of Initiation
    373   //
    374   CRYPTO_HMAC_INIT            HmacInitiate;
    375   //
    376   // The function pointer of HMAC Update.
    377   //
    378   CRYPTO_HMAC_UPDATE          HmacUpdate;
    379   //
    380   // The fucntion pointer of HMAC Final
    381   //
    382   CRYPTO_HMAC_FINAL           HmacFinal;
    383 } AUTH_ALGORITHM;
    384 
    385 //
    386 // The struct used to store the information and operation of Hash algorithm.
    387 //
    388 typedef struct _HASH_ALGORITHM {
    389   //
    390   // ID of the Algorithm
    391   //
    392   UINT8                    AlgorithmId;
    393   //
    394   // The Key length of the Algorithm
    395   //
    396   UINTN                    DigestLength;
    397   //
    398   // The ICV length of the Algorithm
    399   //
    400   UINTN                    IcvLength;
    401   //
    402   // The block size of the Algorithm
    403   //
    404   UINTN                    BlockSize;
    405   //
    406   // The function pointer of GetContextSize
    407   //
    408   CRYPTO_HASH_GETCONTEXTSIZE  HashGetContextSize;
    409   //
    410   // The function pointer of Initiation
    411   //
    412   CRYPTO_HASH_INIT            HashInitiate;
    413   //
    414   // The function pointer of Hash Update
    415   //
    416   CRYPTO_HASH_UPDATE          HashUpdate;
    417   //
    418   // The fucntion pointer of Hash Final
    419   //
    420   CRYPTO_HASH_FINAL           HashFinal;
    421 } HASH_ALGORITHM;
    422 
    423 /**
    424   Get the IV size of specified encryption algorithm.
    425 
    426   @param[in]  AlgorithmId          The encryption algorithm ID.
    427 
    428   @return The value of IV size.
    429 
    430 **/
    431 UINTN
    432 IpSecGetEncryptIvLength (
    433   IN UINT8 AlgorithmId
    434   );
    435 
    436 /**
    437   Get the block size of specified encryption algorithm.
    438 
    439   @param[in]  AlgorithmId          The encryption algorithm ID.
    440 
    441   @return The value of block size.
    442 
    443 **/
    444 UINTN
    445 IpSecGetEncryptBlockSize (
    446   IN UINT8   AlgorithmId
    447   );
    448 
    449 /**
    450   Get the required key length of the specified encryption algorithm.
    451 
    452   @param[in]  AlgorithmId          The encryption algorithm ID.
    453 
    454   @return The value of key length.
    455 
    456 **/
    457 UINTN
    458 IpSecGetEncryptKeyLength (
    459   IN UINT8   AlgorithmId
    460   );
    461 
    462 /**
    463   Get the ICV size of the specified Authentication algorithm.
    464 
    465   @param[in]  AlgorithmId          The Authentication algorithm ID.
    466 
    467   @return The value of ICV size.
    468 
    469 **/
    470 UINTN
    471 IpSecGetIcvLength (
    472   IN UINT8  AlgorithmId
    473   );
    474 
    475 /**
    476   Get the HMAC digest length by the specified Algorithm ID.
    477 
    478   @param[in]  AlgorithmId  The specified Algorithm ID.
    479 
    480   @return The digest length of the specified Authentication Algorithm ID.
    481 
    482 **/
    483 UINTN
    484 IpSecGetHmacDigestLength (
    485   IN UINT8  AlgorithmId
    486   );
    487 
    488 /**
    489   Generate a random data for IV. If the IvSize is zero, not needed to create
    490   IV and return EFI_SUCCESS.
    491 
    492   @param[in]  IvBuffer  The pointer of the IV buffer.
    493   @param[in]  IvSize    The IV size in bytes.
    494 
    495   @retval     EFI_SUCCESS  Create random data for IV.
    496 
    497 **/
    498 EFI_STATUS
    499 IpSecGenerateIv (
    500   IN UINT8                           *IvBuffer,
    501   IN UINTN                           IvSize
    502   );
    503 
    504 /**
    505   Encrypt the buffer.
    506 
    507   This function calls relevant encryption interface from CryptoLib according to
    508   the input algorithm ID. The InData should be multiple of block size. This function
    509   doesn't perform the padding. If it has the Ivec data, the length of it should be
    510   same with the block size. The block size is different from the different algorithm.
    511 
    512   @param[in]       AlgorithmId    The Algorithm identification defined in RFC.
    513   @param[in]       Key            Pointer to the buffer containing encrypting key.
    514   @param[in]       KeyBits        The length of the key in bits.
    515   @param[in]       Ivec           Point to the buffer containing the Initialization
    516                                   Vector (IV) data.
    517   @param[in]       InData         Point to the buffer containing the data to be
    518                                   encrypted.
    519   @param[in]       InDataLength   The length of InData in Bytes.
    520   @param[out]      OutData        Point to the buffer that receives the encryption
    521                                   output.
    522 
    523   @retval EFI_UNSUPPORTED       The input Algorithm is not supported.
    524   @retval EFI_OUT_OF_RESOURCE   The required resource can't be allocated.
    525   @retval EFI_SUCCESS           The operation completed successfully.
    526 
    527 **/
    528 EFI_STATUS
    529 IpSecCryptoIoEncrypt (
    530   IN CONST UINT8      AlgorithmId,
    531   IN CONST UINT8      *Key,
    532   IN CONST UINTN      KeyBits,
    533   IN CONST UINT8      *Ivec, OPTIONAL
    534   IN       UINT8      *InData,
    535   IN       UINTN      InDataLength,
    536      OUT   UINT8      *OutData
    537   );
    538 
    539 /**
    540   Decrypts the buffer.
    541 
    542   This function calls relevant Decryption interface from CryptoLib according to
    543   the input algorithm ID. The InData should be multiple of block size. This function
    544   doesn't perform the padding. If it has the Ivec data, the length of it should be
    545   same with the block size. The block size is different from the different algorithm.
    546 
    547   @param[in]       AlgorithmId    The Algorithm identification defined in RFC.
    548   @param[in]       Key            Pointer to the buffer containing encrypting key.
    549   @param[in]       KeyBits        The length of the key in bits.
    550   @param[in]       Ivec           Point to the buffer containing the Initialization
    551                                   Vector (IV) data.
    552   @param[in]       InData         Point to the buffer containing the data to be
    553                                   decrypted.
    554   @param[in]       InDataLength   The length of InData in Bytes.
    555   @param[out]      OutData        Pointer to the buffer that receives the decryption
    556                                   output.
    557 
    558   @retval EFI_UNSUPPORTED       The input Algorithm is not supported.
    559   @retval EFI_OUT_OF_RESOURCE   The required resource can't be allocated.
    560   @retval EFI_SUCCESS           The operation completed successfully.
    561 
    562 **/
    563 EFI_STATUS
    564 IpSecCryptoIoDecrypt (
    565   IN CONST UINT8      AlgorithmId,
    566   IN CONST UINT8      *Key,
    567   IN CONST UINTN      KeyBits,
    568   IN CONST UINT8      *Ivec, OPTIONAL
    569   IN       UINT8      *InData,
    570   IN       UINTN      InDataLength,
    571      OUT   UINT8      *OutData
    572   );
    573 
    574 /**
    575   Digests the Payload with key and store the result into the OutData.
    576 
    577   This function calls relevant Hmac interface from CryptoLib according to
    578   the input algorithm ID. It computes all datas from InDataFragment and output
    579   the result into the OutData buffer. If the OutDataSize is larger than the related
    580   HMAC algorithm output size, return EFI_INVALID_PARAMETER.
    581 
    582   @param[in]      AlgorithmId     The authentication Identification.
    583   @param[in]      Key             Pointer of the authentication key.
    584   @param[in]      KeyLength       The length of the Key in bytes.
    585   @param[in]      InDataFragment  The list contains all data to be authenticated.
    586   @param[in]      FragmentCount   The size of the InDataFragment.
    587   @param[out]     OutData         For in, the buffer to receive the output data.
    588                                   For out, the buffer contains the authenticated data.
    589   @param[in]      OutDataSize     The size of the buffer of OutData.
    590 
    591   @retval EFI_UNSUPPORTED       If the AuthAlg is not in the support list.
    592   @retval EFI_INVALID_PARAMETER The OutData buffer size is larger than algorithm digest size.
    593   @retval EFI_SUCCESS           Authenticate the payload successfully.
    594   @retval otherwise             Authentication of the payload fails.
    595 
    596 **/
    597 EFI_STATUS
    598 IpSecCryptoIoHmac (
    599   IN     CONST UINT8              AlgorithmId,
    600   IN     CONST UINT8              *Key,
    601   IN           UINTN              KeyLength,
    602   IN           HASH_DATA_FRAGMENT *InDataFragment,
    603   IN           UINTN              FragmentCount,
    604      OUT       UINT8              *OutData,
    605   IN           UINTN              OutDataSize
    606   );
    607 
    608 /**
    609   Digests the Payload and store the result into the OutData.
    610 
    611   This function calls relevant Hash interface from CryptoLib according to
    612   the input algorithm ID. It computes all datas from InDataFragment and output
    613   the result into the OutData buffer. If the OutDataSize is larger than the related
    614   Hash algorithm output size, return EFI_INVALID_PARAMETER.
    615 
    616   @param[in]      AlgorithmId     The authentication Identification.
    617   @param[in]      InDataFragment  A list contains all data to be authenticated.
    618   @param[in]      FragmentCount   The size of the InDataFragment.
    619   @param[out]     OutData         For in, the buffer to receive the output data.
    620                                   For out, the buffer contains the authenticated data.
    621   @param[in]      OutDataSize     The size of the buffer of OutData.
    622 
    623   @retval EFI_UNSUPPORTED       If the AuthAlg is not in the support list.
    624   @retval EFI_SUCCESS           Authenticated the payload successfully.
    625   @retval EFI_INVALID_PARAMETER If the OutDataSize is larger than the related Hash
    626                                 algorithm could handle.
    627   @retval otherwise             Authentication of the payload failed.
    628 
    629 **/
    630 EFI_STATUS
    631 IpSecCryptoIoHash (
    632   IN     CONST UINT8              AlgorithmId,
    633   IN           HASH_DATA_FRAGMENT *InDataFragment,
    634   IN           UINTN              FragmentCount,
    635      OUT       UINT8              *OutData,
    636   IN           UINTN              OutDataSize
    637   );
    638 
    639 /**
    640   Generates the Diffie-Hellman public key.
    641 
    642   This function first initiate a DHContext, then call the DhSetParameter() to set
    643   the prime and primelength, at end call the DhGenerateKey() to generates random
    644   secret exponent, and computes the public key. The output returned via parameter
    645   PublicKey and PublicKeySize. DH context is updated accordingly. If the PublicKey
    646   buffer is too small to hold the public key, EFI_INVALID_PARAMETER is returned
    647   and PublicKeySize is set to the required buffer size to obtain the public key.
    648 
    649   @param[in, out] DhContext       Pointer to the DH context.
    650   @param[in]      Generator       Value of generator.
    651   @param[in]      PrimeLength     Length in bits of prime to be generated.
    652   @param[in]      Prime           Pointer to the buffer to receive the generated
    653                                   prime number.
    654   @param[out]     PublicKey       Pointer to the buffer to receive generated public key.
    655   @param[in, out] PublicKeySize   For in, the size of PublicKey buffer in bytes.
    656                                   For out, the size of data returned in PublicKey
    657                                   buffer in bytes.
    658 
    659   @retval EFI_SUCCESS             The operation performs successfully.
    660   @retval Otherwise               The operation is failed.
    661 
    662 **/
    663 EFI_STATUS
    664 IpSecCryptoIoDhGetPublicKey (
    665   IN OUT   UINT8  **DhContext,
    666   IN       UINTN  Generator,
    667   IN       UINTN  PrimeLength,
    668   IN CONST UINT8  *Prime,
    669      OUT   UINT8  *PublicKey,
    670   IN OUT   UINTN  *PublicKeySize
    671   );
    672 
    673 /**
    674   Generates exchanged common key.
    675 
    676   Given peer's public key, this function computes the exchanged common key, based
    677   on its own context including value of prime modulus and random secret exponent.
    678 
    679   @param[in, out] DhContext         Pointer to the DH context.
    680   @param[in]      PeerPublicKey     Pointer to the peer's Public Key.
    681   @param[in]      PeerPublicKeySize Size of peer's public key in bytes.
    682   @param[out]     Key               Pointer to the buffer to receive generated key.
    683   @param[in, out] KeySize           For in, the size of Key buffer in bytes.
    684                                     For out, the size of data returned in Key
    685                                     buffer in bytes.
    686 
    687   @retval EFI_SUCCESS              The operation performs successfully.
    688   @retval Otherwise                The operation is failed.
    689 
    690 **/
    691 EFI_STATUS
    692 IpSecCryptoIoDhComputeKey (
    693   IN   OUT   UINT8  *DhContext,
    694   IN   CONST UINT8  *PeerPublicKey,
    695   IN         UINTN  PeerPublicKeySize,
    696        OUT   UINT8  *Key,
    697   IN   OUT   UINTN  *KeySize
    698   );
    699 
    700 /**
    701   Releases the DH context. If DhContext is NULL, return EFI_INVALID_PARAMETER.
    702 
    703   @param[in, out]     DhContext         Pointer to the DH context to be freed.
    704 
    705   @retval EFI_SUCCESS              The operation performs successfully.
    706   @retval EFI_INVALID_PARAMETER    The DhContext is NULL.
    707 
    708 **/
    709 EFI_STATUS
    710 IpSecCryptoIoFreeDh (
    711   IN   OUT   UINT8  **DhContext
    712   );
    713 
    714 /**
    715   Generates random numbers of specified size.
    716 
    717   If the Random Generator wasn't initiated, initiate it first, then call RandomBytes.
    718 
    719   @param[out]  OutBuffer        Pointer to buffer to receive random value.
    720   @param[in]   Bytes            Size of random bytes to generate.
    721 
    722   @retval EFI_SUCCESS              The operation performs successfully.
    723   @retval Otherwise                The operation is failed.
    724 
    725 **/
    726 EFI_STATUS
    727 IpSecCryptoIoGenerateRandomBytes (
    728   OUT UINT8*    OutBuffer,
    729   IN  UINTN     Bytes
    730   );
    731 
    732 /**
    733   Authenticate data with the certificate.
    734 
    735   @param[in]      InData          Pointer to the Data to be signed.
    736   @param[in]      InDataSize      InData size in bytes.
    737   @param[in]      PrivateKey      Pointer to the  private key.
    738   @param[in]      PrivateKeySize  The size of Private Key in bytes.
    739   @param[in]      KeyPassWord     Pointer to the password for retrieving private key.
    740   @param[in]      KeyPwdSize      The size of Key Password in bytes.
    741   @param[out]     OutData         The pointer to the signed data.
    742   @param[in, out] OutDataSize     Pointer to contain the size of out data.
    743 
    744 **/
    745 VOID
    746 IpSecCryptoIoAuthDataWithCertificate (
    747   IN     UINT8   *InData,
    748   IN     UINTN   InDataSize,
    749   IN     UINT8   *PrivateKey,
    750   IN     UINTN   PrivateKeySize,
    751   IN     UINT8   *KeyPassWord,
    752   IN     UINTN   KeyPwdSize,
    753      OUT UINT8   **OutData,
    754   IN OUT UINTN   *OutDataSize
    755   );
    756 
    757 /**
    758   Verify the singed data with the public key which is contained in a certificate.
    759 
    760   @param[in]     InCert          Pointer to the Certificate which contains the
    761                                  public key.
    762   @param[in]     CertLen         The size of Certificate in bytes.
    763   @param[in]     InCa            Pointer to the CA certificate
    764   @param[in]     CaLen           The size of CA certificate in bytes.
    765   @param[in]     InData          Pointer to octet message hash to be checked.
    766   @param[in]     InDataSize      Size of the message hash in bytes.
    767   @param[in]     Singnature      The pointer to the RSA PKCS1-V1_5 signature to be verified.
    768   @param[in]     SigSize         Size of signature in bytes.
    769 
    770   @retval  TRUE   Valid signature encoded in PKCS1-v1_5.
    771   @retval  FALSE  Invalid signature or invalid RSA context.
    772 
    773 **/
    774 BOOLEAN
    775 IpSecCryptoIoVerifySignDataByCertificate (
    776   IN     UINT8   *InCert,
    777   IN     UINTN   CertLen,
    778   IN     UINT8   *InCa,
    779   IN     UINTN   CaLen,
    780   IN     UINT8   *InData,
    781   IN     UINTN   InDataSize,
    782   IN     UINT8   *Singnature,
    783   IN     UINTN   SigSize
    784   );
    785 
    786 /**
    787   Retrieves the RSA Public Key from one X509 certificate (DER format only).
    788 
    789   @param[in]     InCert            Pointer to the certificate.
    790   @param[in]     CertLen           The size of the certificate in bytes.
    791   @param[out]    PublicKey         Pointer to the retrieved public key.
    792   @param[out]    PublicKeyLen      Size of Public Key in bytes.
    793 
    794   @retval  EFI_SUCCESS            Successfully get the public Key.
    795   @retval  EFI_INVALID_PARAMETER  The CA certificate is malformed.
    796 
    797 **/
    798 EFI_STATUS
    799 IpSecCryptoIoGetPublicKeyFromCert (
    800   IN     UINT8   *InCert,
    801   IN     UINTN   CertLen,
    802   OUT    UINT8   **PublicKey,
    803   OUT    UINTN   *PublicKeyLen
    804   );
    805 
    806 /**
    807   Retrieves the subject name from one X509 certificate (DER format only).
    808 
    809   @param[in]     InCert            Pointer to the X509 certificate.
    810   @param[in]     CertSize          The size of the X509 certificate in bytes.
    811   @param[out]    CertSubject       Pointer to the retrieved certificate subject.
    812   @param[out]    SubjectSize       The size of Certificate Subject in bytes.
    813 
    814   @retval  EFI_SUCCESS            Retrieved the certificate subject successfully.
    815   @retval  EFI_INVALID_PARAMETER  The certificate is malformed.
    816 
    817 **/
    818 EFI_STATUS
    819 IpSecCryptoIoGetSubjectFromCert (
    820   IN     UINT8   *InCert,
    821   IN     UINTN   CertSize,
    822   OUT    UINT8   **CertSubject,
    823   OUT    UINTN   *SubjectSize
    824   );
    825 
    826 #endif
    827 
    828