From 4049ca493c4ec8399ba95c06db49e45247fd5ad7 Mon Sep 17 00:00:00 2001 From: Wenxing Hou Date: Fri, 18 Aug 2023 16:32:16 +0800 Subject: CryptoPkg: Add Null functions for building pass Add Null functions to build. These feature are not supported now. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Cc: Jiewen Yao Cc: Yi Li Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Wenxing Hou Reviewed-by: Yi Li --- .../Library/BaseCryptLibMbedTls/Bn/CryptBnNull.c | 520 ++++++++++++++ .../Cipher/CryptAeadAesGcmNull.c | 100 +++ .../BaseCryptLibMbedTls/Cipher/CryptAesNull.c | 159 +++++ .../BaseCryptLibMbedTls/Hash/CryptMd5Null.c | 163 +++++ .../Hash/CryptParallelHashNull.c | 40 ++ .../BaseCryptLibMbedTls/Hash/CryptSha1Null.c | 166 +++++ .../BaseCryptLibMbedTls/Hash/CryptSha256Null.c | 162 +++++ .../BaseCryptLibMbedTls/Hash/CryptSha512Null.c | 275 ++++++++ .../BaseCryptLibMbedTls/Hash/CryptSm3Null.c | 164 +++++ .../Library/BaseCryptLibMbedTls/Pem/CryptPemNull.c | 69 ++ .../BaseCryptLibMbedTls/Pk/CryptAuthenticodeNull.c | 45 ++ .../Library/BaseCryptLibMbedTls/Pk/CryptDhNull.c | 150 ++++ .../Library/BaseCryptLibMbedTls/Pk/CryptEcNull.c | 578 ++++++++++++++++ .../BaseCryptLibMbedTls/Pk/CryptPkcs1OaepNull.c | 51 ++ .../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2Null.c | 48 ++ .../BaseCryptLibMbedTls/Pk/CryptPkcs7Internal.h | 83 +++ .../BaseCryptLibMbedTls/Pk/CryptPkcs7SignNull.c | 53 ++ .../Pk/CryptPkcs7VerifyEkuNull.c | 152 +++++ .../Pk/CryptPkcs7VerifyEkuRuntime.c | 56 ++ .../BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyNull.c | 163 +++++ .../Pk/CryptPkcs7VerifyRuntime.c | 38 ++ .../Library/BaseCryptLibMbedTls/Pk/CryptTsNull.c | 42 ++ .../Library/BaseCryptLibMbedTls/Pk/CryptX509Null.c | 753 +++++++++++++++++++++ .../BaseCryptLibMbedTls/Rand/CryptRandNull.c | 56 ++ 24 files changed, 4086 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Bn/CryptBnNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcmNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAesNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptMd5Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptParallelHashNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha1Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha256Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha512Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSm3Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPemNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticodeNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptDhNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptEcNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1OaepNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Internal.h create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7SignNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEkuNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEkuRuntime.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyRuntime.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTsNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandNull.c diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Bn/CryptBnNull.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Bn/CryptBnNull.c new file mode 100644 index 0000000000..80f36dc71f --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Bn/CryptBnNull.c @@ -0,0 +1,520 @@ +/** @file + Big number API implementation based on MbedTLS + + Copyright (c) 2023, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +/** + Allocate new Big Number. + + @retval New BigNum opaque structure or NULL on failure. +**/ +VOID * +EFIAPI +BigNumInit ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Allocate new Big Number and assign the provided value to it. + + @param[in] Buf Big endian encoded buffer. + @param[in] Len Buffer length. + + @retval New BigNum opaque structure or NULL on failure. +**/ +VOID * +EFIAPI +BigNumFromBin ( + IN CONST UINT8 *Buf, + IN UINTN Len + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Convert the absolute value of Bn into big-endian form and store it at Buf. + The Buf array should have at least BigNumBytes() in it. + + @param[in] Bn Big number to convert. + @param[out] Buf Output buffer. + + @retval The length of the big-endian number placed at Buf or -1 on error. +**/ +INTN +EFIAPI +BigNumToBin ( + IN CONST VOID *Bn, + OUT UINT8 *Buf + ) +{ + ASSERT (FALSE); + return -1; +} + +/** + Free the Big Number. + + @param[in] Bn Big number to free. + @param[in] Clear TRUE if the buffer should be cleared. +**/ +VOID +EFIAPI +BigNumFree ( + IN VOID *Bn, + IN BOOLEAN Clear + ) +{ + ASSERT (FALSE); +} + +/** + Calculate the sum of two Big Numbers. + Please note, all "out" Big number arguments should be properly initialized + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result of BnA + BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumAdd ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Subtract two Big Numbers. + Please note, all "out" Big number arguments should be properly initialized + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result of BnA - BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumSub ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Calculate remainder: BnRes = BnA % BnB. + Please note, all "out" Big number arguments should be properly initialized + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result of BnA % BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Compute BnA to the BnP-th power modulo BnM. + Please note, all "out" Big number arguments should be properly initialized + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnP Big number (power). + @param[in] BnM Big number (modulo). + @param[out] BnRes The result of (BnA ^ BnP) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumExpMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnP, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Compute BnA inverse modulo BnM. + Please note, all "out" Big number arguments should be properly initialized + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA * BnRes) % BnM == 1. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumInverseMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Divide two Big Numbers. + Please note, all "out" Big number arguments should be properly initialized + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[out] BnRes The result, such that BnA / BnB. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumDiv ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Multiply two Big Numbers modulo BnM. + Please note, all "out" Big number arguments should be properly initialized + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA * BnB) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumMulMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Compare two Big Numbers. + + @param[in] BnA Big number. + @param[in] BnB Big number. + + @retval 0 BnA == BnB. + @retval 1 BnA > BnB. + @retval -1 BnA < BnB. +**/ +INTN +EFIAPI +BigNumCmp ( + IN CONST VOID *BnA, + IN CONST VOID *BnB + ) +{ + ASSERT (FALSE); + return 0; +} + +/** + Get number of bits in Bn. + + @param[in] Bn Big number. + + @retval Number of bits. +**/ +UINTN +EFIAPI +BigNumBits ( + IN CONST VOID *Bn + ) +{ + ASSERT (FALSE); + return 0; +} + +/** + Get number of bytes in Bn. + + @param[in] Bn Big number. + + @retval Number of bytes. +**/ +UINTN +EFIAPI +BigNumBytes ( + IN CONST VOID *Bn + ) +{ + ASSERT (FALSE); + return 0; +} + +/** + Checks if Big Number equals to the given Num. + + @param[in] Bn Big number. + @param[in] Num Number. + + @retval TRUE iff Bn == Num. + @retval FALSE otherwise. +**/ +BOOLEAN +EFIAPI +BigNumIsWord ( + IN CONST VOID *Bn, + IN UINTN Num + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Checks if Big Number is odd. + + @param[in] Bn Big number. + + @retval TRUE Bn is odd (Bn % 2 == 1). + @retval FALSE otherwise. +**/ +BOOLEAN +EFIAPI +BigNumIsOdd ( + IN CONST VOID *Bn + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Copy Big number. + + @param[out] BnDst Destination. + @param[in] BnSrc Source. + + @retval BnDst on success. + @retval NULL otherwise. +**/ +VOID * +EFIAPI +BigNumCopy ( + OUT VOID *BnDst, + IN CONST VOID *BnSrc + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Get constant Big number with value of "1". + This may be used to save expensive allocations. + + @retval Big Number with value of 1. +**/ +CONST VOID * +EFIAPI +BigNumValueOne ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Shift right Big Number. + Please note, all "out" Big number arguments should be properly initialized + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] Bn Big number. + @param[in] N Number of bits to shift. + @param[out] BnRes The result. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumRShift ( + IN CONST VOID *Bn, + IN UINTN N, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Mark Big Number for constant time computations. + This function should be called before any constant time computations are + performed on the given Big number. + + @param[in] Bn Big number +**/ +VOID +EFIAPI +BigNumConstTime ( + IN VOID *Bn + ) +{ + ASSERT (FALSE); +} + +/** + Calculate square modulo. + Please note, all "out" Big number arguments should be properly initialized + by calling to BigNumInit() or BigNumFromBin() functions. + + @param[in] BnA Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA ^ 2) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumSqrMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Create new Big Number computation context. This is an opaque structure + which should be passed to any function that requires it. The BN context is + needed to optimize calculations and expensive allocations. + + @retval Big Number context struct or NULL on failure. +**/ +VOID * +EFIAPI +BigNumNewContext ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Free Big Number context that was allocated with BigNumNewContext(). + + @param[in] BnCtx Big number context to free. +**/ +VOID +EFIAPI +BigNumContextFree ( + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); +} + +/** + Set Big Number to a given value. + + @param[in] Bn Big number to set. + @param[in] Val Value to set. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumSetUint ( + IN VOID *Bn, + IN UINTN Val + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Add two Big Numbers modulo BnM. + + @param[in] BnA Big number. + @param[in] BnB Big number. + @param[in] BnM Big number (modulo). + @param[out] BnRes The result, such that (BnA + BnB) % BnM. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +BigNumAddMod ( + IN CONST VOID *BnA, + IN CONST VOID *BnB, + IN CONST VOID *BnM, + OUT VOID *BnRes + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcmNull.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcmNull.c new file mode 100644 index 0000000000..9a8f81c169 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcmNull.c @@ -0,0 +1,100 @@ +/** @file + AEAD Wrapper Implementation which does not provide real capabilities. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Performs AEAD AES-GCM authenticated encryption on a data buffer and additional authenticated data (AAD). + + IvSize must be 12, otherwise FALSE is returned. + KeySize must be 16, 24 or 32, otherwise FALSE is returned. + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned. + + @param[in] Key Pointer to the encryption key. + @param[in] KeySize Size of the encryption key in bytes. + @param[in] Iv Pointer to the IV value. + @param[in] IvSize Size of the IV value in bytes. + @param[in] AData Pointer to the additional authenticated data (AAD). + @param[in] ADataSize Size of the additional authenticated data (AAD) in bytes. + @param[in] DataIn Pointer to the input data buffer to be encrypted. + @param[in] DataInSize Size of the input data buffer in bytes. + @param[out] TagOut Pointer to a buffer that receives the authentication tag output. + @param[in] TagSize Size of the authentication tag in bytes. + @param[out] DataOut Pointer to a buffer that receives the encryption output. + @param[out] DataOutSize Size of the output data buffer in bytes. + + @retval TRUE AEAD AES-GCM authenticated encryption succeeded. + @retval FALSE AEAD AES-GCM authenticated encryption failed. + +**/ +BOOLEAN +EFIAPI +AeadAesGcmEncrypt ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Iv, + IN UINTN IvSize, + IN CONST UINT8 *AData, + IN UINTN ADataSize, + IN CONST UINT8 *DataIn, + IN UINTN DataInSize, + OUT UINT8 *TagOut, + IN UINTN TagSize, + OUT UINT8 *DataOut, + OUT UINTN *DataOutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Performs AEAD AES-GCM authenticated decryption on a data buffer and additional authenticated data (AAD). + + IvSize must be 12, otherwise FALSE is returned. + KeySize must be 16, 24 or 32, otherwise FALSE is returned. + TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned. + If additional authenticated data verification fails, FALSE is returned. + + @param[in] Key Pointer to the encryption key. + @param[in] KeySize Size of the encryption key in bytes. + @param[in] Iv Pointer to the IV value. + @param[in] IvSize Size of the IV value in bytes. + @param[in] AData Pointer to the additional authenticated data (AAD). + @param[in] ADataSize Size of the additional authenticated data (AAD) in bytes. + @param[in] DataIn Pointer to the input data buffer to be decrypted. + @param[in] DataInSize Size of the input data buffer in bytes. + @param[in] Tag Pointer to a buffer that contains the authentication tag. + @param[in] TagSize Size of the authentication tag in bytes. + @param[out] DataOut Pointer to a buffer that receives the decryption output. + @param[out] DataOutSize Size of the output data buffer in bytes. + + @retval TRUE AEAD AES-GCM authenticated decryption succeeded. + @retval FALSE AEAD AES-GCM authenticated decryption failed. + +**/ +BOOLEAN +EFIAPI +AeadAesGcmDecrypt ( + IN CONST UINT8 *Key, + IN UINTN KeySize, + IN CONST UINT8 *Iv, + IN UINTN IvSize, + IN CONST UINT8 *AData, + IN UINTN ADataSize, + IN CONST UINT8 *DataIn, + IN UINTN DataInSize, + IN CONST UINT8 *Tag, + IN UINTN TagSize, + OUT UINT8 *DataOut, + OUT UINTN *DataOutSize + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAesNull.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAesNull.c new file mode 100644 index 0000000000..ad93d56492 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAesNull.c @@ -0,0 +1,159 @@ +/** @file + AES Wrapper Implementation which does not provide real capabilities. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Retrieves the size, in bytes, of the context buffer required for AES operations. + + Return zero to indicate this interface is not supported. + + @retval 0 This interface is not supported. + +**/ +UINTN +EFIAPI +AesGetContextSize ( + VOID + ) +{ + ASSERT (FALSE); + return 0; +} + +/** + Initializes user-supplied memory as AES context for subsequent use. + + Return FALSE to indicate this interface is not supported. + + @param[out] AesContext Pointer to AES context being initialized. + @param[in] Key Pointer to the user-supplied AES key. + @param[in] KeyLength Length of AES key in bits. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +AesInit ( + OUT VOID *AesContext, + IN CONST UINT8 *Key, + IN UINTN KeyLength + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Performs AES encryption on a data buffer of the specified size in ECB mode. + + Return FALSE to indicate this interface is not supported. + + @param[in] AesContext Pointer to the AES context. + @param[in] Input Pointer to the buffer containing the data to be encrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[out] Output Pointer to a buffer that receives the AES encryption output. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +AesEcbEncrypt ( + IN VOID *AesContext, + IN CONST UINT8 *Input, + IN UINTN InputSize, + OUT UINT8 *Output + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Performs AES decryption on a data buffer of the specified size in ECB mode. + + Return FALSE to indicate this interface is not supported. + + @param[in] AesContext Pointer to the AES context. + @param[in] Input Pointer to the buffer containing the data to be decrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[out] Output Pointer to a buffer that receives the AES decryption output. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +AesEcbDecrypt ( + IN VOID *AesContext, + IN CONST UINT8 *Input, + IN UINTN InputSize, + OUT UINT8 *Output + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Performs AES encryption on a data buffer of the specified size in CBC mode. + + Return FALSE to indicate this interface is not supported. + + @param[in] AesContext Pointer to the AES context. + @param[in] Input Pointer to the buffer containing the data to be encrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[in] Ivec Pointer to initialization vector. + @param[out] Output Pointer to a buffer that receives the AES encryption output. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +AesCbcEncrypt ( + IN VOID *AesContext, + IN CONST UINT8 *Input, + IN UINTN InputSize, + IN CONST UINT8 *Ivec, + OUT UINT8 *Output + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Performs AES decryption on a data buffer of the specified size in CBC mode. + + Return FALSE to indicate this interface is not supported. + + @param[in] AesContext Pointer to the AES context. + @param[in] Input Pointer to the buffer containing the data to be encrypted. + @param[in] InputSize Size of the Input buffer in bytes. + @param[in] Ivec Pointer to initialization vector. + @param[out] Output Pointer to a buffer that receives the AES encryption output. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +AesCbcDecrypt ( + IN VOID *AesContext, + IN CONST UINT8 *Input, + IN UINTN InputSize, + IN CONST UINT8 *Ivec, + OUT UINT8 *Output + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptMd5Null.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptMd5Null.c new file mode 100644 index 0000000000..4048cc7718 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptMd5Null.c @@ -0,0 +1,163 @@ +/** @file + +MD5 Digest Wrapper Null Implementation. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Retrieves the size, in bytes, of the context buffer required for MD5 hash operations. + + @return The size, in bytes, of the context buffer required for MD5 hash operations. + +**/ +UINTN +EFIAPI +Md5GetContextSize ( + VOID + ) +{ + ASSERT (FALSE); + return 0; +} + +/** + Initializes user-supplied memory pointed by Md5Context as MD5 hash context for + subsequent use. + + If Md5Context is NULL, then return FALSE. + + @param[out] Md5Context Pointer to MD5 context being initialized. + + @retval TRUE MD5 context initialization succeeded. + @retval FALSE MD5 context initialization failed. + +**/ +BOOLEAN +EFIAPI +Md5Init ( + OUT VOID *Md5Context + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Makes a copy of an existing MD5 context. + + If Md5Context is NULL, then return FALSE. + If NewMd5Context is NULL, then return FALSE. + + @param[in] Md5Context Pointer to MD5 context being copied. + @param[out] NewMd5Context Pointer to new MD5 context. + + @retval TRUE MD5 context copy succeeded. + @retval FALSE MD5 context copy failed. + +**/ +BOOLEAN +EFIAPI +Md5Duplicate ( + IN CONST VOID *Md5Context, + OUT VOID *NewMd5Context + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Digests the input data and updates MD5 context. + + This function performs MD5 digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + MD5 context should be already correctly intialized by Md5Init(), and should not be finalized + by Md5Final(). Behavior with invalid context is undefined. + + If Md5Context is NULL, then return FALSE. + + @param[in, out] Md5Context Pointer to the MD5 context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE MD5 data digest succeeded. + @retval FALSE MD5 data digest failed. + +**/ +BOOLEAN +EFIAPI +Md5Update ( + IN OUT VOID *Md5Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Completes computation of the MD5 digest value. + + This function completes MD5 hash computation and retrieves the digest value into + the specified memory. After this function has been called, the MD5 context cannot + be used again. + MD5 context should be already correctly intialized by Md5Init(), and should not be + finalized by Md5Final(). Behavior with invalid MD5 context is undefined. + + If Md5Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. + + @param[in, out] Md5Context Pointer to the MD5 context. + @param[out] HashValue Pointer to a buffer that receives the MD5 digest + value (16 bytes). + + @retval TRUE MD5 digest computation succeeded. + @retval FALSE MD5 digest computation failed. + +**/ +BOOLEAN +EFIAPI +Md5Final ( + IN OUT VOID *Md5Context, + OUT UINT8 *HashValue + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** +Computes the MD5 message digest of a input data buffer. + +This function performs the MD5 message digest of a given data buffer, and places +the digest value into the specified memory. + +If this interface is not supported, then return FALSE. + +@param[in] Data Pointer to the buffer containing the data to be hashed. +@param[in] DataSize Size of Data buffer in bytes. +@param[out] HashValue Pointer to a buffer that receives the MD5 digest +value (16 bytes). + +@retval TRUE MD5 digest computation succeeded. +@retval FALSE MD5 digest computation failed. +@retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Md5HashAll ( + IN CONST VOID *Data, + IN UINTN DataSize, + OUT UINT8 *HashValue + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptParallelHashNull.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptParallelHashNull.c new file mode 100644 index 0000000000..334c251bda --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptParallelHashNull.c @@ -0,0 +1,40 @@ +/** @file + ParallelHash Implementation which does not provide real capabilities. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Parallel hash function ParallelHash256, as defined in NIST's Special Publication 800-185, + published December 2016. + + @param[in] Input Pointer to the input message (X). + @param[in] InputByteLen The number(>0) of input bytes provided for the input data. + @param[in] BlockSize The size of each block (B). + @param[out] Output Pointer to the output buffer. + @param[in] OutputByteLen The desired number of output bytes (L). + @param[in] Customization Pointer to the customization string (S). + @param[in] CustomByteLen The length of the customization string in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +ParallelHash256HashAll ( + IN CONST VOID *Input, + IN UINTN InputByteLen, + IN UINTN BlockSize, + OUT VOID *Output, + IN UINTN OutputByteLen, + IN CONST VOID *Customization, + IN UINTN CustomByteLen + ) +{ + // ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha1Null.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha1Null.c new file mode 100644 index 0000000000..a590261747 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha1Null.c @@ -0,0 +1,166 @@ +/** @file + SHA-1 Digest Wrapper Null Implementation. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations. + + @return The size, in bytes, of the context buffer required for SHA-1 hash operations. + +**/ +UINTN +EFIAPI +Sha1GetContextSize ( + VOID + ) +{ + // + // Retrieves SHA Context Size + // + ASSERT (FALSE); + return 0; +} + +/** + Initializes user-supplied memory pointed by Sha1Context as SHA-1 hash context for + subsequent use. + + If Sha1Context is NULL, then return FALSE. + + @param[out] Sha1Context Pointer to SHA-1 context being initialized. + + @retval TRUE SHA-1 context initialization succeeded. + @retval FALSE SHA-1 context initialization failed. + +**/ +BOOLEAN +EFIAPI +Sha1Init ( + OUT VOID *Sha1Context + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Makes a copy of an existing SHA-1 context. + + If Sha1Context is NULL, then return FALSE. + If NewSha1Context is NULL, then return FALSE. + + @param[in] Sha1Context Pointer to SHA-1 context being copied. + @param[out] NewSha1Context Pointer to new SHA-1 context. + + @retval TRUE SHA-1 context copy succeeded. + @retval FALSE SHA-1 context copy failed. + +**/ +BOOLEAN +EFIAPI +Sha1Duplicate ( + IN CONST VOID *Sha1Context, + OUT VOID *NewSha1Context + ) +{ + ASSERT (FALSE); + + return FALSE; +} + +/** + Digests the input data and updates SHA-1 context. + + This function performs SHA-1 digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + SHA-1 context should be already correctly initialized by Sha1Init(), and should not be finalized + by Sha1Final(). Behavior with invalid context is undefined. + + If Sha1Context is NULL, then return FALSE. + + @param[in, out] Sha1Context Pointer to the SHA-1 context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE SHA-1 data digest succeeded. + @retval FALSE SHA-1 data digest failed. + +**/ +BOOLEAN +EFIAPI +Sha1Update ( + IN OUT VOID *Sha1Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Completes computation of the SHA-1 digest value. + + This function completes SHA-1 hash computation and retrieves the digest value into + the specified memory. After this function has been called, the SHA-1 context cannot + be used again. + SHA-1 context should be already correctly initialized by Sha1Init(), and should not be + finalized by Sha1Final(). Behavior with invalid SHA-1 context is undefined. + + If Sha1Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. + + @param[in, out] Sha1Context Pointer to the SHA-1 context. + @param[out] HashValue Pointer to a buffer that receives the SHA-1 digest + value (20 bytes). + + @retval TRUE SHA-1 digest computation succeeded. + @retval FALSE SHA-1 digest computation failed. + +**/ +BOOLEAN +EFIAPI +Sha1Final ( + IN OUT VOID *Sha1Context, + OUT UINT8 *HashValue + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Computes the SHA-1 message digest of a input data buffer. + + This function performs the SHA-1 message digest of a given data buffer, and places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataSize Size of Data buffer in bytes. + @param[out] HashValue Pointer to a buffer that receives the SHA-1 digest + value (20 bytes). + + @retval TRUE SHA-1 digest computation succeeded. + @retval FALSE SHA-1 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Sha1HashAll ( + IN CONST VOID *Data, + IN UINTN DataSize, + OUT UINT8 *HashValue + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha256Null.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha256Null.c new file mode 100644 index 0000000000..6d284516b5 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha256Null.c @@ -0,0 +1,162 @@ +/** @file + SHA-256 Digest Wrapper Null Implementation. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Retrieves the size, in bytes, of the context buffer required for SHA-256 hash operations. + + @return The size, in bytes, of the context buffer required for SHA-256 hash operations. + +**/ +UINTN +EFIAPI +Sha256GetContextSize ( + VOID + ) +{ + ASSERT (FALSE); + return 0; +} + +/** + Initializes user-supplied memory pointed by Sha256Context as SHA-256 hash context for + subsequent use. + + If Sha256Context is NULL, then return FALSE. + + @param[out] Sha256Context Pointer to SHA-256 context being initialized. + + @retval TRUE SHA-256 context initialization succeeded. + @retval FALSE SHA-256 context initialization failed. + +**/ +BOOLEAN +EFIAPI +Sha256Init ( + OUT VOID *Sha256Context + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Makes a copy of an existing SHA-256 context. + + If Sha256Context is NULL, then return FALSE. + If NewSha256Context is NULL, then return FALSE. + + @param[in] Sha256Context Pointer to SHA-256 context being copied. + @param[out] NewSha256Context Pointer to new SHA-256 context. + + @retval TRUE SHA-256 context copy succeeded. + @retval FALSE SHA-256 context copy failed. + +**/ +BOOLEAN +EFIAPI +Sha256Duplicate ( + IN CONST VOID *Sha256Context, + OUT VOID *NewSha256Context + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Digests the input data and updates SHA-256 context. + + This function performs SHA-256 digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + SHA-256 context should be already correctly initialized by Sha256Init(), and should not be finalized + by Sha256Final(). Behavior with invalid context is undefined. + + If Sha256Context is NULL, then return FALSE. + + @param[in, out] Sha256Context Pointer to the SHA-256 context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE SHA-256 data digest succeeded. + @retval FALSE SHA-256 data digest failed. + +**/ +BOOLEAN +EFIAPI +Sha256Update ( + IN OUT VOID *Sha256Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Completes computation of the SHA-256 digest value. + + This function completes SHA-256 hash computation and retrieves the digest value into + the specified memory. After this function has been called, the SHA-256 context cannot + be used again. + SHA-256 context should be already correctly initialized by Sha256Init(), and should not be + finalized by Sha256Final(). Behavior with invalid SHA-256 context is undefined. + + If Sha256Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. + + @param[in, out] Sha256Context Pointer to the SHA-256 context. + @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest + value (32 bytes). + + @retval TRUE SHA-256 digest computation succeeded. + @retval FALSE SHA-256 digest computation failed. + +**/ +BOOLEAN +EFIAPI +Sha256Final ( + IN OUT VOID *Sha256Context, + OUT UINT8 *HashValue + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Computes the SHA-256 message digest of a input data buffer. + + This function performs the SHA-256 message digest of a given data buffer, and places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataSize Size of Data buffer in bytes. + @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest + value (32 bytes). + + @retval TRUE SHA-256 digest computation succeeded. + @retval FALSE SHA-256 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Sha256HashAll ( + IN CONST VOID *Data, + IN UINTN DataSize, + OUT UINT8 *HashValue + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha512Null.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha512Null.c new file mode 100644 index 0000000000..47e2433d11 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha512Null.c @@ -0,0 +1,275 @@ +/** @file + SHA-384 and SHA-512 Digest Wrapper Implementations which does not provide real capabilities. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Retrieves the size, in bytes, of the context buffer required for SHA-384 hash operations. + + Return zero to indicate this interface is not supported. + + @retval 0 This interface is not supported. + +**/ +UINTN +EFIAPI +Sha384GetContextSize ( + VOID + ) +{ + ASSERT (FALSE); + return 0; +} + +/** + Initializes user-supplied memory pointed by Sha384Context as SHA-384 hash context for + subsequent use. + + Return FALSE to indicate this interface is not supported. + + @param[out] Sha384Context Pointer to SHA-384 context being initialized. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Sha384Init ( + OUT VOID *Sha384Context + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Makes a copy of an existing SHA-384 context. + + Return FALSE to indicate this interface is not supported. + + @param[in] Sha384Context Pointer to SHA-384 context being copied. + @param[out] NewSha384Context Pointer to new SHA-384 context. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Sha384Duplicate ( + IN CONST VOID *Sha384Context, + OUT VOID *NewSha384Context + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Digests the input data and updates SHA-384 context. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] Sha384Context Pointer to the SHA-384 context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataSize Size of Data buffer in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Sha384Update ( + IN OUT VOID *Sha384Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Completes computation of the SHA-384 digest value. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] Sha384Context Pointer to the SHA-384 context. + @param[out] HashValue Pointer to a buffer that receives the SHA-384 digest + value (48 bytes). + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Sha384Final ( + IN OUT VOID *Sha384Context, + OUT UINT8 *HashValue + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Computes the SHA-384 message digest of a input data buffer. + + Return FALSE to indicate this interface is not supported. + + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataSize Size of Data buffer in bytes. + @param[out] HashValue Pointer to a buffer that receives the SHA-384 digest + value (48 bytes). + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Sha384HashAll ( + IN CONST VOID *Data, + IN UINTN DataSize, + OUT UINT8 *HashValue + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieves the size, in bytes, of the context buffer required for SHA-512 hash operations. + + Return zero to indicate this interface is not supported. + + @retval 0 This interface is not supported. + +**/ +UINTN +EFIAPI +Sha512GetContextSize ( + VOID + ) +{ + ASSERT (FALSE); + return 0; +} + +/** + Initializes user-supplied memory pointed by Sha512Context as SHA-512 hash context for + subsequent use. + + Return FALSE to indicate this interface is not supported. + + @param[out] Sha512Context Pointer to SHA-512 context being initialized. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Sha512Init ( + OUT VOID *Sha512Context + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Makes a copy of an existing SHA-512 context. + + Return FALSE to indicate this interface is not supported. + + @param[in] Sha512Context Pointer to SHA-512 context being copied. + @param[out] NewSha512Context Pointer to new SHA-512 context. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Sha512Duplicate ( + IN CONST VOID *Sha512Context, + OUT VOID *NewSha512Context + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Digests the input data and updates SHA-512 context. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] Sha512Context Pointer to the SHA-512 context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataSize Size of Data buffer in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Sha512Update ( + IN OUT VOID *Sha512Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Completes computation of the SHA-512 digest value. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] Sha512Context Pointer to the SHA-512 context. + @param[out] HashValue Pointer to a buffer that receives the SHA-512 digest + value (64 bytes). + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Sha512Final ( + IN OUT VOID *Sha512Context, + OUT UINT8 *HashValue + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Computes the SHA-512 message digest of a input data buffer. + + Return FALSE to indicate this interface is not supported. + + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataSize Size of Data buffer in bytes. + @param[out] HashValue Pointer to a buffer that receives the SHA-512 digest + value (64 bytes). + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Sha512HashAll ( + IN CONST VOID *Data, + IN UINTN DataSize, + OUT UINT8 *HashValue + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSm3Null.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSm3Null.c new file mode 100644 index 0000000000..de5be1a3ef --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSm3Null.c @@ -0,0 +1,164 @@ +/** @file + SM3 Digest Wrapper Null Implementation. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Retrieves the size, in bytes, of the context buffer required for SM3 hash operations. + + @return The size, in bytes, of the context buffer required for SM3 hash operations. + +**/ +UINTN +EFIAPI +Sm3GetContextSize ( + VOID + ) +{ + ASSERT (FALSE); + return 0; +} + +/** + Initializes user-supplied memory pointed by Sm3Context as SM3 hash context for + subsequent use. + + If Sm3Context is NULL, then return FALSE. + + @param[out] Sm3Context Pointer to SM3 context being initialized. + + @retval TRUE SM3 context initialization succeeded. + @retval FALSE SM3 context initialization failed. + +**/ +BOOLEAN +EFIAPI +Sm3Init ( + OUT VOID *Sm3Context + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Makes a copy of an existing SM3 context. + + If Sm3Context is NULL, then return FALSE. + If NewSm3Context is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Sm3Context Pointer to SM3 context being copied. + @param[out] NewSm3Context Pointer to new SM3 context. + + @retval TRUE SM3 context copy succeeded. + @retval FALSE SM3 context copy failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Sm3Duplicate ( + IN CONST VOID *Sm3Context, + OUT VOID *NewSm3Context + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Digests the input data and updates SM3 context. + + This function performs SM3 digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + SM3 context should be already correctly initialized by Sm3Init(), and should not be finalized + by Sm3Final(). Behavior with invalid context is undefined. + + If Sm3Context is NULL, then return FALSE. + + @param[in, out] Sm3Context Pointer to the SM3 context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE SM3 data digest succeeded. + @retval FALSE SM3 data digest failed. + +**/ +BOOLEAN +EFIAPI +Sm3Update ( + IN OUT VOID *Sm3Context, + IN CONST VOID *Data, + IN UINTN DataSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Completes computation of the SM3 digest value. + + This function completes SM3 hash computation and retrieves the digest value into + the specified memory. After this function has been called, the SM3 context cannot + be used again. + SM3 context should be already correctly initialized by Sm3Init(), and should not be + finalized by Sm3Final(). Behavior with invalid SM3 context is undefined. + + If Sm3Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. + + @param[in, out] Sm3Context Pointer to the SM3 context. + @param[out] HashValue Pointer to a buffer that receives the SM3 digest + value (32 bytes). + + @retval TRUE SM3 digest computation succeeded. + @retval FALSE SM3 digest computation failed. + +**/ +BOOLEAN +EFIAPI +Sm3Final ( + IN OUT VOID *Sm3Context, + OUT UINT8 *HashValue + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Computes the SM3 message digest of a input data buffer. + + This function performs the SM3 message digest of a given data buffer, and places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataSize Size of Data buffer in bytes. + @param[out] HashValue Pointer to a buffer that receives the SM3 digest + value (32 bytes). + + @retval TRUE SM3 digest computation succeeded. + @retval FALSE SM3 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Sm3HashAll ( + IN CONST VOID *Data, + IN UINTN DataSize, + OUT UINT8 *HashValue + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPemNull.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPemNull.c new file mode 100644 index 0000000000..b3adf2f7d1 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPemNull.c @@ -0,0 +1,69 @@ +/** @file + PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation which does + not provide real capabilities. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Retrieve the RSA Private Key from the password-protected PEM key data. + + Return FALSE to indicate this interface is not supported. + + @param[in] PemData Pointer to the PEM-encoded key data to be retrieved. + @param[in] PemSize Size of the PEM key data in bytes. + @param[in] Password NULL-terminated passphrase used for encrypted PEM key data. + @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved + RSA private key component. Use RsaFree() function to free the + resource. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +RsaGetPrivateKeyFromPem ( + IN CONST UINT8 *PemData, + IN UINTN PemSize, + IN CONST CHAR8 *Password, + OUT VOID **RsaContext + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the EC Private Key from the password-protected PEM key data. + + Return FALSE to indicate this interface is not supported. + + @param[in] PemData Pointer to the PEM-encoded key data to be retrieved. + @param[in] PemSize Size of the PEM key data in bytes. + @param[in] Password NULL-terminated passphrase used for encrypted PEM key data. + @param[out] EcContext Pointer to new-generated EC context which contain the retrieved + EC private key component. Use EcFree() function to free the + resource. + + If PemData is NULL, then return FALSE. + If EcContext is NULL, then return FALSE. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +EcGetPrivateKeyFromPem ( + IN CONST UINT8 *PemData, + IN UINTN PemSize, + IN CONST CHAR8 *Password, + OUT VOID **EcContext + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticodeNull.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticodeNull.c new file mode 100644 index 0000000000..9be5b4296e --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticodeNull.c @@ -0,0 +1,45 @@ +/** @file + Authenticode Portable Executable Signature Verification which does not provide + real capabilities. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Verifies the validity of a PE/COFF Authenticode Signature as described in "Windows + Authenticode Portable Executable Signature Format". + + Return FALSE to indicate this interface is not supported. + + @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed + PE/COFF image to be verified. + @param[in] DataSize Size of the Authenticode Signature in bytes. + @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which + is used for certificate chain verification. + @param[in] CertSize Size of the trusted certificate in bytes. + @param[in] ImageHash Pointer to the original image file hash value. The procedure + for calculating the image hash value is described in Authenticode + specification. + @param[in] HashSize Size of Image hash value in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +AuthenticodeVerify ( + IN CONST UINT8 *AuthData, + IN UINTN DataSize, + IN CONST UINT8 *TrustedCert, + IN UINTN CertSize, + IN CONST UINT8 *ImageHash, + IN UINTN HashSize + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptDhNull.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptDhNull.c new file mode 100644 index 0000000000..daaf818250 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptDhNull.c @@ -0,0 +1,150 @@ +/** @file + Diffie-Hellman Wrapper Implementation which does not provide + real capabilities. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Allocates and Initializes one Diffie-Hellman Context for subsequent use. + + @return Pointer to the Diffie-Hellman Context that has been initialized. + If the interface is not supported, DhNew() returns NULL. + +**/ +VOID * +EFIAPI +DhNew ( + VOID + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Release the specified DH context. + + If the interface is not supported, then ASSERT(). + + @param[in] DhContext Pointer to the DH context to be released. + +**/ +VOID +EFIAPI +DhFree ( + IN VOID *DhContext + ) +{ + ASSERT (FALSE); +} + +/** + Generates DH parameter. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] DhContext Pointer to the DH context. + @param[in] Generator Value of generator. + @param[in] PrimeLength Length in bits of prime to be generated. + @param[out] Prime Pointer to the buffer to receive the generated prime number. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +DhGenerateParameter ( + IN OUT VOID *DhContext, + IN UINTN Generator, + IN UINTN PrimeLength, + OUT UINT8 *Prime + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Sets generator and prime parameters for DH. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] DhContext Pointer to the DH context. + @param[in] Generator Value of generator. + @param[in] PrimeLength Length in bits of prime to be generated. + @param[in] Prime Pointer to the prime number. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +DhSetParameter ( + IN OUT VOID *DhContext, + IN UINTN Generator, + IN UINTN PrimeLength, + IN CONST UINT8 *Prime + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Generates DH public key. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] DhContext Pointer to the DH context. + @param[out] PublicKey Pointer to the buffer to receive generated public key. + @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes. + On output, the size of data returned in PublicKey buffer in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +DhGenerateKey ( + IN OUT VOID *DhContext, + OUT UINT8 *PublicKey, + IN OUT UINTN *PublicKeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Computes exchanged common key. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] DhContext Pointer to the DH context. + @param[in] PeerPublicKey Pointer to the peer's public key. + @param[in] PeerPublicKeySize Size of peer's public key in bytes. + @param[out] Key Pointer to the buffer to receive generated key. + @param[in, out] KeySize On input, the size of Key buffer in bytes. + On output, the size of data returned in Key buffer in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +DhComputeKey ( + IN OUT VOID *DhContext, + IN CONST UINT8 *PeerPublicKey, + IN UINTN PeerPublicKeySize, + OUT UINT8 *Key, + IN OUT UINTN *KeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptEcNull.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptEcNull.c new file mode 100644 index 0000000000..b9c08379c0 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptEcNull.c @@ -0,0 +1,578 @@ +/** @file + Elliptic Curve and ECDH API implementation based on MbedTLS + + Copyright (c) 2023, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +/** + Initialize new opaque EcGroup object. This object represents an EC curve and + and is used for calculation within this group. This object should be freed + using EcGroupFree() function. + + @param[in] CryptoNid Identifying number for the ECC curve (Defined in + BaseCryptLib.h). + + @retval EcGroup object On success. + @retval NULL On failure. +**/ +VOID * +EFIAPI +EcGroupInit ( + IN UINTN CryptoNid + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Get EC curve parameters. While elliptic curve equation is Y^2 mod P = (X^3 + AX + B) Mod P. + This function will set the provided Big Number objects to the corresponding + values. The caller needs to make sure all the "out" BigNumber parameters + are properly initialized. + + @param[in] EcGroup EC group object. + @param[out] BnPrime Group prime number. + @param[out] BnA A coefficient. + @param[out] BnB B coefficient.. + @param[in] BnCtx BN context. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcGroupGetCurve ( + IN CONST VOID *EcGroup, + OUT VOID *BnPrime, + OUT VOID *BnA, + OUT VOID *BnB, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Get EC group order. + This function will set the provided Big Number object to the corresponding + value. The caller needs to make sure that the "out" BigNumber parameter + is properly initialized. + + @param[in] EcGroup EC group object. + @param[out] BnOrder Group prime number. + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcGroupGetOrder ( + IN VOID *EcGroup, + OUT VOID *BnOrder + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Free previously allocated EC group object using EcGroupInit(). + + @param[in] EcGroup EC group object to free. +**/ +VOID +EFIAPI +EcGroupFree ( + IN VOID *EcGroup + ) +{ + ASSERT (FALSE); +} + +/** + Initialize new opaque EC Point object. This object represents an EC point + within the given EC group (curve). + + @param[in] EC Group, properly initialized using EcGroupInit(). + + @retval EC Point object On success. + @retval NULL On failure. +**/ +VOID * +EFIAPI +EcPointInit ( + IN CONST VOID *EcGroup + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Free previously allocated EC Point object using EcPointInit(). + + @param[in] EcPoint EC Point to free. + @param[in] Clear TRUE iff the memory should be cleared. +**/ +VOID +EFIAPI +EcPointDeInit ( + IN VOID *EcPoint, + IN BOOLEAN Clear + ) +{ + ASSERT (FALSE); +} + +/** + Get EC point affine (x,y) coordinates. + This function will set the provided Big Number objects to the corresponding + values. The caller needs to make sure all the "out" BigNumber parameters + are properly initialized. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point object. + @param[out] BnX X coordinate. + @param[out] BnY Y coordinate. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointGetAffineCoordinates ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPoint, + OUT VOID *BnX, + OUT VOID *BnY, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Set EC point affine (x,y) coordinates. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point object. + @param[in] BnX X coordinate. + @param[in] BnY Y coordinate. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointSetAffineCoordinates ( + IN CONST VOID *EcGroup, + IN VOID *EcPoint, + IN CONST VOID *BnX, + IN CONST VOID *BnY, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + EC Point addition. EcPointResult = EcPointA + EcPointB. + + @param[in] EcGroup EC group object. + @param[out] EcPointResult EC point to hold the result. The point should + be properly initialized. + @param[in] EcPointA EC Point. + @param[in] EcPointB EC Point. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointAdd ( + IN CONST VOID *EcGroup, + OUT VOID *EcPointResult, + IN CONST VOID *EcPointA, + IN CONST VOID *EcPointB, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Variable EC point multiplication. EcPointResult = EcPoint * BnPScalar. + + @param[in] EcGroup EC group object. + @param[out] EcPointResult EC point to hold the result. The point should + be properly initialized. + @param[in] EcPoint EC Point. + @param[in] BnPScalar P Scalar. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointMul ( + IN CONST VOID *EcGroup, + OUT VOID *EcPointResult, + IN CONST VOID *EcPoint, + IN CONST VOID *BnPScalar, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Calculate the inverse of the supplied EC point. + + @param[in] EcGroup EC group object. + @param[in,out] EcPoint EC point to invert. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointInvert ( + IN CONST VOID *EcGroup, + IN OUT VOID *EcPoint, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Check if the supplied point is on EC curve. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point to check. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On curve. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointIsOnCurve ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPoint, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Check if the supplied point is at infinity. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC point to check. + + @retval TRUE At infinity. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointIsAtInfinity ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPoint + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Check if EC points are equal. + + @param[in] EcGroup EC group object. + @param[in] EcPointA EC point A. + @param[in] EcPointB EC point B. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE A == B. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointEqual ( + IN CONST VOID *EcGroup, + IN CONST VOID *EcPointA, + IN CONST VOID *EcPointB, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Set EC point compressed coordinates. Points can be described in terms of + their compressed coordinates. For a point (x, y), for any given value for x + such that the point is on the curve there will only ever be two possible + values for y. Therefore, a point can be set using this function where BnX is + the x coordinate and YBit is a value 0 or 1 to identify which of the two + possible values for y should be used. + + @param[in] EcGroup EC group object. + @param[in] EcPoint EC Point. + @param[in] BnX X coordinate. + @param[in] YBit 0 or 1 to identify which Y value is used. + @param[in] BnCtx BN context, created with BigNumNewContext(). + + @retval TRUE On success. + @retval FALSE Otherwise. +**/ +BOOLEAN +EFIAPI +EcPointSetCompressedCoordinates ( + IN CONST VOID *EcGroup, + IN VOID *EcPoint, + IN CONST VOID *BnX, + IN UINT8 YBit, + IN VOID *BnCtx + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Allocates and Initializes one Elliptic Curve Context for subsequent use + with the NID. + + @param[in] Nid cipher NID + @return Pointer to the Elliptic Curve Context that has been initialized. + If the allocations fails, EcNewByNid() returns NULL. +**/ +VOID * +EFIAPI +EcNewByNid ( + IN UINTN Nid + ) +{ + ASSERT (FALSE); + return NULL; +} + +/** + Release the specified EC context. + + @param[in] EcContext Pointer to the EC context to be released. +**/ +VOID +EFIAPI +EcFree ( + IN VOID *EcContext + ) +{ + ASSERT (FALSE); +} + +/** + Generates EC key and returns EC public key (X, Y), Please note, this function uses + pseudo random number generator. The caller must make sure RandomSeed() + function was properly called before. + The Ec context should be correctly initialized by EcNewByNid. + This function generates random secret, and computes the public key (X, Y), which is + returned via parameter Public, PublicSize. + X is the first half of Public with size being PublicSize / 2, + Y is the second half of Public with size being PublicSize / 2. + EC context is updated accordingly. + If the Public buffer is too small to hold the public X, Y, FALSE is returned and + PublicSize is set to the required buffer size to obtain the public X, Y. + For P-256, the PublicSize is 64. First 32-byte is X, Second 32-byte is Y. + For P-384, the PublicSize is 96. First 48-byte is X, Second 48-byte is Y. + For P-521, the PublicSize is 132. First 66-byte is X, Second 66-byte is Y. + If EcContext is NULL, then return FALSE. + If PublicSize is NULL, then return FALSE. + If PublicSize is large enough but Public is NULL, then return FALSE. + @param[in, out] EcContext Pointer to the EC context. + @param[out] PublicKey Pointer to t buffer to receive generated public X,Y. + @param[in, out] PublicKeySize On input, the size of Public buffer in bytes. + On output, the size of data returned in Public buffer in bytes. + @retval TRUE EC public X,Y generation succeeded. + @retval FALSE EC public X,Y generation failed. + @retval FALSE PublicKeySize is not large enough. +**/ +BOOLEAN +EFIAPI +EcGenerateKey ( + IN OUT VOID *EcContext, + OUT UINT8 *PublicKey, + IN OUT UINTN *PublicKeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Gets the public key component from the established EC context. + The Ec context should be correctly initialized by EcNewByNid, and successfully + generate key pair from EcGenerateKey(). + For P-256, the PublicSize is 64. First 32-byte is X, Second 32-byte is Y. + For P-384, the PublicSize is 96. First 48-byte is X, Second 48-byte is Y. + For P-521, the PublicSize is 132. First 66-byte is X, Second 66-byte is Y. + @param[in, out] EcContext Pointer to EC context being set. + @param[out] PublicKey Pointer to t buffer to receive generated public X,Y. + @param[in, out] PublicKeySize On input, the size of Public buffer in bytes. + On output, the size of data returned in Public buffer in bytes. + @retval TRUE EC key component was retrieved successfully. + @retval FALSE Invalid EC key component. +**/ +BOOLEAN +EFIAPI +EcGetPubKey ( + IN OUT VOID *EcContext, + OUT UINT8 *PublicKey, + IN OUT UINTN *PublicKeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Computes exchanged common key. + Given peer's public key (X, Y), this function computes the exchanged common key, + based on its own context including value of curve parameter and random secret. + X is the first half of PeerPublic with size being PeerPublicSize / 2, + Y is the second half of PeerPublic with size being PeerPublicSize / 2. + If EcContext is NULL, then return FALSE. + If PeerPublic is NULL, then return FALSE. + If PeerPublicSize is 0, then return FALSE. + If Key is NULL, then return FALSE. + If KeySize is not large enough, then return FALSE. + For P-256, the PeerPublicSize is 64. First 32-byte is X, Second 32-byte is Y. + For P-384, the PeerPublicSize is 96. First 48-byte is X, Second 48-byte is Y. + For P-521, the PeerPublicSize is 132. First 66-byte is X, Second 66-byte is Y. + @param[in, out] EcContext Pointer to the EC context. + @param[in] PeerPublic Pointer to the peer's public X,Y. + @param[in] PeerPublicSize Size of peer's public X,Y in bytes. + @param[in] CompressFlag Flag of PeerPublic is compressed or not. + @param[out] Key Pointer to the buffer to receive generated key. + @param[in, out] KeySize On input, the size of Key buffer in bytes. + On output, the size of data returned in Key buffer in bytes. + @retval TRUE EC exchanged key generation succeeded. + @retval FALSE EC exchanged key generation failed. + @retval FALSE KeySize is not large enough. +**/ +BOOLEAN +EFIAPI +EcDhComputeKey ( + IN OUT VOID *EcContext, + IN CONST UINT8 *PeerPublic, + IN UINTN PeerPublicSize, + IN CONST INT32 *CompressFlag, + OUT UINT8 *Key, + IN OUT UINTN *KeySize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Carries out the EC-DSA signature. + + This function carries out the EC-DSA signature. + If the Signature buffer is too small to hold the contents of signature, FALSE + is returned and SigSize is set to the required buffer size to obtain the signature. + + If EcContext is NULL, then return FALSE. + If MessageHash is NULL, then return FALSE. + If HashSize need match the HashNid. HashNid could be SHA256, SHA384, SHA512, SHA3_256, SHA3_384, SHA3_512. + If SigSize is large enough but Signature is NULL, then return FALSE. + + For P-256, the SigSize is 64. First 32-byte is R, Second 32-byte is S. + For P-384, the SigSize is 96. First 48-byte is R, Second 48-byte is S. + For P-521, the SigSize is 132. First 66-byte is R, Second 66-byte is S. + + @param[in] EcContext Pointer to EC context for signature generation. + @param[in] HashNid hash NID + @param[in] MessageHash Pointer to octet message hash to be signed. + @param[in] HashSize Size of the message hash in bytes. + @param[out] Signature Pointer to buffer to receive EC-DSA signature. + @param[in, out] SigSize On input, the size of Signature buffer in bytes. + On output, the size of data returned in Signature buffer in bytes. + + @retval TRUE Signature successfully generated in EC-DSA. + @retval FALSE Signature generation failed. + @retval FALSE SigSize is too small. + +**/ +BOOLEAN +EFIAPI +EcDsaSign ( + IN VOID *EcContext, + IN UINTN HashNid, + IN CONST UINT8 *MessageHash, + IN UINTN HashSize, + OUT UINT8 *Signature, + IN OUT UINTN *SigSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Verifies the EC-DSA signature. + + If EcContext is NULL, then return FALSE. + If MessageHash is NULL, then return FALSE. + If Signature is NULL, then return FALSE. + If HashSize need match the HashNid. HashNid could be SHA256, SHA384, SHA512, SHA3_256, SHA3_384, SHA3_512. + + For P-256, the SigSize is 64. First 32-byte is R, Second 32-byte is S. + For P-384, the SigSize is 96. First 48-byte is R, Second 48-byte is S. + For P-521, the SigSize is 132. First 66-byte is R, Second 66-byte is S. + + @param[in] EcContext Pointer to EC context for signature verification. + @param[in] HashNid hash NID + @param[in] MessageHash Pointer to octet message hash to be checked. + @param[in] HashSize Size of the message hash in bytes. + @param[in] Signature Pointer to EC-DSA signature to be verified. + @param[in] SigSize Size of signature in bytes. + + @retval TRUE Valid signature encoded in EC-DSA. + @retval FALSE Invalid signature or invalid EC context. + +**/ +BOOLEAN +EFIAPI +EcDsaVerify ( + IN VOID *EcContext, + IN UINTN HashNid, + IN CONST UINT8 *MessageHash, + IN UINTN HashSize, + IN CONST UINT8 *Signature, + IN UINTN SigSize + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1OaepNull.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1OaepNull.c new file mode 100644 index 0000000000..a686308652 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1OaepNull.c @@ -0,0 +1,51 @@ +/** @file + This file contains UEFI wrapper functions for RSA PKCS1v2 OAEP encryption routines. + + SPDX-License-Identifier: BSD-2-Clause-Patent + + Copyright (c) 2023, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include "InternalCryptLib.h" + +/** + Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the + encrypted message in a newly allocated buffer. + + Return FALSE to indicate this interface is not supported. + + @param[in] PublicKey A pointer to the DER-encoded X509 certificate that + will be used to encrypt the data. + @param[in] PublicKeySize Size of the X509 cert buffer. + @param[in] InData Data to be encrypted. + @param[in] InDataSize Size of the data buffer. + @param[in] PrngSeed [Optional] If provided, a pointer to a random seed buffer + to be used when initializing the PRNG. NULL otherwise. + @param[in] PrngSeedSize [Optional] If provided, size of the random seed buffer. + 0 otherwise. + @param[out] EncryptedData Pointer to an allocated buffer containing the encrypted + message. + @param[out] EncryptedDataSize Size of the encrypted message buffer. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Pkcs1v2Encrypt ( + IN CONST UINT8 *PublicKey, + IN UINTN PublicKeySize, + IN UINT8 *InData, + IN UINTN InDataSize, + IN CONST UINT8 *PrngSeed, + OPTIONAL + IN UINTN PrngSeedSize, + OPTIONAL + OUT UINT8 **EncryptedData, + OUT UINTN *EncryptedDataSize + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2Null.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2Null.c new file mode 100644 index 0000000000..24c284b98c --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2Null.c @@ -0,0 +1,48 @@ +/** @file + PBKDF2 Key Derivation Function Wrapper Implementation which does not provide real + capabilities. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Derives a key from a password using a salt and iteration count, based on PKCS#5 v2.0 + password based encryption key derivation function PBKDF2, as specified in RFC 2898. + + Return FALSE to indicate this interface is not supported. + + @param[in] PasswordLength Length of input password in bytes. + @param[in] Password Pointer to the array for the password. + @param[in] SaltLength Size of the Salt in bytes. + @param[in] Salt Pointer to the Salt. + @param[in] IterationCount Number of iterations to perform. Its value should be + greater than or equal to 1. + @param[in] DigestSize Size of the message digest to be used (eg. SHA256_DIGEST_SIZE). + NOTE: DigestSize will be used to determine the hash algorithm. + Only SHA1_DIGEST_SIZE or SHA256_DIGEST_SIZE is supported. + @param[in] KeyLength Size of the derived key buffer in bytes. + @param[out] OutKey Pointer to the output derived key buffer. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Pkcs5HashPassword ( + IN UINTN PasswordLength, + IN CONST CHAR8 *Password, + IN UINTN SaltLength, + IN CONST UINT8 *Salt, + IN UINTN IterationCount, + IN UINTN DigestSize, + IN UINTN KeyLength, + OUT UINT8 *OutKey + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Internal.h b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Internal.h new file mode 100644 index 0000000000..207f493cbb --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Internal.h @@ -0,0 +1,83 @@ +/** @file + PKCS#7 SignedData Sign Wrapper and PKCS#7 SignedData Verification Wrapper + Implementation over mbedtls, Internal headers. + + RFC 2315 - PKCS #7: Cryptographic Message Syntax Version 1.5 + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef CRYPT_PKCS7_INTERNAL_H_ +#define CRYPT_PKCS7_INTERNAL_H_ + +#include "InternalCryptLib.h" + +#include "mbedtls/oid.h" +#include "mbedtls/asn1.h" +#include "mbedtls/asn1write.h" +#include "mbedtls/x509.h" +#include "mbedtls/x509_crt.h" + +/// +/// PKCS7 OID +/// +#define MBEDTLS_OID_PKCS7 MBEDTLS_OID_PKCS "\x07" +#define MBEDTLS_OID_PKCS7_DATA MBEDTLS_OID_PKCS7 "\x01" +#define MBEDTLS_OID_PKCS7_SIGNED_DATA MBEDTLS_OID_PKCS7 "\x02" +#define MBEDTLS_OID_PKCS7_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x03" +#define MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x04" +#define MBEDTLS_OID_PKCS7_DIGESTED_DATA MBEDTLS_OID_PKCS7 "\x05" +#define MBEDTLS_OID_PKCS7_ENCRYPTED_DATA MBEDTLS_OID_PKCS7 "\x06" + +typedef mbedtls_asn1_buf MBEDTLSPKCS7BUF; +typedef mbedtls_asn1_named_data MBEDTLSPKCS7NAME; +typedef mbedtls_asn1_sequence MBEDTLSPKCS7SEQUENCE; + +/// +/// PKCS7 SignerInfo type +/// https://tools.ietf.org/html/rfc2315#section-9.2 +/// +typedef struct MbedtlsPkcs7SignerInfo { + INT32 Version; + mbedtls_x509_buf Serial; + mbedtls_x509_name Issuer; + mbedtls_x509_buf IssuerRaw; + mbedtls_x509_buf AlgIdentifier; + mbedtls_x509_buf SigAlgIdentifier; + mbedtls_x509_buf AuthAttr; + mbedtls_x509_buf Sig; + struct MBEDTLSPKCS7SIGNERINFO *Next; +} MBEDTLSPKCS7SIGNERINFO; + +/// +/// PKCS7 signed data attached data format +/// +typedef struct MbedtlsPkcs7Data { + mbedtls_asn1_buf Oid; + mbedtls_asn1_buf Data; +} MBEDTLSPKCS7DATA; + +/// +/// Signed Data +/// https://tools.ietf.org/html/rfc2315#section-9.1 +/// +typedef struct MbedtlsPkcs7SignedData { + INT32 Version; + mbedtls_asn1_buf DigestAlgorithms; + struct MBEDTLSPKCS7DATA ContentInfo; + mbedtls_x509_crt Certificates; + mbedtls_x509_crl Crls; + struct MbedtlsPkcs7SignerInfo SignerInfos; +} MBEDTLSPKCS7SIGNEDDATA; + +/// +/// PKCS7 struct, only support SignedData +/// +typedef struct MbedtlsPkcs7 { + mbedtls_asn1_buf ContentTypeOid; + struct MBEDTLSPKCS7SIGNEDDATA SignedData; +} MBEDTLSPKCS7; + +#endif diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7SignNull.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7SignNull.c new file mode 100644 index 0000000000..03032592a1 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7SignNull.c @@ -0,0 +1,53 @@ +/** @file + PKCS#7 SignedData Sign Wrapper Implementation which does not provide real + capabilities. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message + Syntax Standard, version 1.5". This interface is only intended to be used for + application to perform PKCS#7 functionality validation. + + Return FALSE to indicate this interface is not supported. + + @param[in] PrivateKey Pointer to the PEM-formatted private key data for + data signing. + @param[in] PrivateKeySize Size of the PEM private key data in bytes. + @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM + key data. + @param[in] InData Pointer to the content to be signed. + @param[in] InDataSize Size of InData in bytes. + @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with. + @param[in] OtherCerts Pointer to an optional additional set of certificates to + include in the PKCS#7 signedData (e.g. any intermediate + CAs in the chain). + @param[out] SignedData Pointer to output PKCS#7 signedData. It's caller's + responsibility to free the buffer with FreePool(). + @param[out] SignedDataSize Size of SignedData in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Pkcs7Sign ( + IN CONST UINT8 *PrivateKey, + IN UINTN PrivateKeySize, + IN CONST UINT8 *KeyPassword, + IN UINT8 *InData, + IN UINTN InDataSize, + IN UINT8 *SignCert, + IN UINT8 *OtherCerts OPTIONAL, + OUT UINT8 **SignedData, + OUT UINTN *SignedDataSize + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEkuNull.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEkuNull.c new file mode 100644 index 0000000000..63d7a23af3 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEkuNull.c @@ -0,0 +1,152 @@ +/** @file + PKCS7 Verify Null implementation. + + Copyright (C) Microsoft Corporation. All Rights Reserved. + Copyright (c) 2023, Intel Corporation. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + This function will return the leaf signer certificate in a chain. This is + required because certificate chains are not guaranteed to have the + certificates in the order that they were issued. + + A typical certificate chain looks like this: + + + ---------------------------- + | Root | + ---------------------------- + ^ + | + ---------------------------- + | Policy CA | <-- Typical Trust Anchor. + ---------------------------- + ^ + | + ---------------------------- + | Issuing CA | + ---------------------------- + ^ + | + ----------------------------- + / End-Entity (leaf) signer / <-- Bottom certificate. + ----------------------------- EKU: "1.3.6.1.4.1.311.76.9.21.1" + (Firmware Signing) + + + @param[in] CertChain Certificate chain. + + @param[out] SignerCert Last certificate in the chain. For PKCS7 signatures, + this will be the end-entity (leaf) signer cert. + + @retval EFI_SUCCESS The required EKUs were found in the signature. + @retval EFI_INVALID_PARAMETER A parameter was invalid. + @retval EFI_NOT_FOUND The number of signers found was not 1. + +**/ +EFI_STATUS +GetSignerCertificate ( + IN CONST VOID *CertChain, + OUT VOID **SignerCert + ) +{ + ASSERT (FALSE); + return EFI_NOT_READY; +} + +/** + Determines if the specified EKU represented in ASN1 form is present + in a given certificate. + + @param[in] Cert The certificate to check. + + @param[in] Asn1ToFind The EKU to look for. + + @retval EFI_SUCCESS We successfully identified the signing type. + @retval EFI_INVALID_PARAMETER A parameter was invalid. + @retval EFI_NOT_FOUND One or more EKU's were not found in the signature. + +**/ +EFI_STATUS +IsEkuInCertificate ( + IN CONST VOID *Cert, + IN VOID *Asn1ToFind + ) +{ + ASSERT (FALSE); + return EFI_NOT_READY; +} + +/** + Determines if the specified EKUs are present in a signing certificate. + + @param[in] SignerCert The certificate to check. + @param[in] RequiredEKUs The EKUs to look for. + @param[in] RequiredEKUsSize The number of EKUs + @param[in] RequireAllPresent If TRUE, then all the specified EKUs + must be present in the certificate. + + @retval EFI_SUCCESS We successfully identified the signing type. + @retval EFI_INVALID_PARAMETER A parameter was invalid. + @retval EFI_NOT_FOUND One or more EKU's were not found in the signature. +**/ +EFI_STATUS +CheckEKUs ( + IN CONST VOID *SignerCert, + IN CONST CHAR8 *RequiredEKUs[], + IN CONST UINT32 RequiredEKUsSize, + IN BOOLEAN RequireAllPresent + ) +{ + ASSERT (FALSE); + return EFI_NOT_READY; +} + +/** + This function receives a PKCS#7 formatted signature blob, + looks for the EKU SEQUENCE blob, and if found then looks + for all the required EKUs. This function was created so that + the Surface team can cut down on the number of Certificate + Authorities (CA's) by checking EKU's on leaf signers for + a specific product. This prevents one product's certificate + from signing another product's firmware or unlock blobs. + + Note that this function does not validate the certificate chain. + That needs to be done before using this function. + + @param[in] Pkcs7Signature The PKCS#7 signed information content block. An array + containing the content block with both the signature, + the signer's certificate, and any necessary intermediate + certificates. + @param[in] Pkcs7SignatureSize Number of bytes in Pkcs7Signature. + @param[in] RequiredEKUs Array of null-terminated strings listing OIDs of + required EKUs that must be present in the signature. + @param[in] RequiredEKUsSize Number of elements in the RequiredEKUs string array. + @param[in] RequireAllPresent If this is TRUE, then all of the specified EKU's + must be present in the leaf signer. If it is + FALSE, then we will succeed if we find any + of the specified EKU's. + + @retval EFI_SUCCESS The required EKUs were found in the signature. + @retval EFI_INVALID_PARAMETER A parameter was invalid. + @retval EFI_NOT_FOUND One or more EKU's were not found in the signature. + +**/ +EFI_STATUS +EFIAPI +VerifyEKUsInPkcs7Signature ( + IN CONST UINT8 *Pkcs7Signature, + IN CONST UINT32 SignatureSize, + IN CONST CHAR8 *RequiredEKUs[], + IN CONST UINT32 RequiredEKUsSize, + IN BOOLEAN RequireAllPresent + ) +{ + ASSERT (FALSE); + return EFI_NOT_READY; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEkuRuntime.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEkuRuntime.c new file mode 100644 index 0000000000..91273cbdb9 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEkuRuntime.c @@ -0,0 +1,56 @@ +/** @file + This module verifies that Enhanced Key Usages (EKU's) are present within + a PKCS7 signature blob using MbedTLS. + + Copyright (C) Microsoft Corporation. All Rights Reserved. + Copyright (c) 2023, Intel Corporation. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + This function receives a PKCS#7 formatted signature blob, + looks for the EKU SEQUENCE blob, and if found then looks + for all the required EKUs. This function was created so that + the Surface team can cut down on the number of Certificate + Authorities (CA's) by checking EKU's on leaf signers for + a specific product. This prevents one product's certificate + from signing another product's firmware or unlock blobs. + + Return RETURN_UNSUPPORTED to indicate this interface is not supported. + + @param[in] Pkcs7Signature The PKCS#7 signed information content block. An array + containing the content block with both the signature, + the signer's certificate, and any necessary intermediate + certificates. + @param[in] Pkcs7SignatureSize Number of bytes in pPkcs7Signature. + @param[in] RequiredEKUs Array of null-terminated strings listing OIDs of + required EKUs that must be present in the signature. + All specified EKU's must be present in order to + succeed. + @param[in] RequiredEKUsSize Number of elements in the rgRequiredEKUs string. + This parameter has a maximum of MAX_EKU_SEARCH. + @param[in] RequireAllPresent If this is TRUE, then all of the specified EKU's + must be present in the leaf signer. If it is + FALSE, then we will succeed if we find any + of the specified EKU's. + + @retval RETURN_UNSUPPORTED The operation is not supported. + +**/ +EFI_STATUS +EFIAPI +VerifyEKUsInPkcs7Signature ( + IN CONST UINT8 *Pkcs7Signature, + IN CONST UINT32 SignatureSize, + IN CONST CHAR8 *RequiredEKUs[], + IN CONST UINT32 RequiredEKUsSize, + IN BOOLEAN RequireAllPresent + ) +{ + ASSERT (FALSE); + return RETURN_UNSUPPORTED; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyNull.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyNull.c new file mode 100644 index 0000000000..82b2b07991 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyNull.c @@ -0,0 +1,163 @@ +/** @file + PKCS#7 SignedData Verification Wrapper Implementation which does not provide + real capabilities. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7: + Cryptographic Message Syntax Standard". The input signed data could be wrapped + in a ContentInfo structure. + + Return FALSE to indicate this interface is not supported. + + @param[in] P7Data Pointer to the PKCS#7 message to verify. + @param[in] P7Length Length of the PKCS#7 message in bytes. + @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data. + It's caller's responsibility to free the buffer with + Pkcs7FreeSigners(). + This data structure is EFI_CERT_STACK type. + @param[out] StackLength Length of signer's certificates in bytes. + @param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates. + It's caller's responsibility to free the buffer with + Pkcs7FreeSigners(). + @param[out] CertLength Length of the trusted certificate in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Pkcs7GetSigners ( + IN CONST UINT8 *P7Data, + IN UINTN P7Length, + OUT UINT8 **CertStack, + OUT UINTN *StackLength, + OUT UINT8 **TrustedCert, + OUT UINTN *CertLength + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Wrap function to use free() to free allocated memory for certificates. + + If the interface is not supported, then ASSERT(). + + @param[in] Certs Pointer to the certificates to be freed. + +**/ +VOID +EFIAPI +Pkcs7FreeSigners ( + IN UINT8 *Certs + ) +{ + ASSERT (FALSE); +} + +/** + Retrieves all embedded certificates from PKCS#7 signed data as described in "PKCS #7: + Cryptographic Message Syntax Standard", and outputs two certificate lists chained and + unchained to the signer's certificates. + The input signed data could be wrapped in a ContentInfo structure. + + @param[in] P7Data Pointer to the PKCS#7 message. + @param[in] P7Length Length of the PKCS#7 message in bytes. + @param[out] SignerChainCerts Pointer to the certificates list chained to signer's + certificate. It's caller's responsibility to free the buffer + with Pkcs7FreeSigners(). + This data structure is EFI_CERT_STACK type. + @param[out] ChainLength Length of the chained certificates list buffer in bytes. + @param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's + responsibility to free the buffer with Pkcs7FreeSigners(). + This data structure is EFI_CERT_STACK type. + @param[out] UnchainLength Length of the unchained certificates list buffer in bytes. + + @retval TRUE The operation is finished successfully. + @retval FALSE Error occurs during the operation. + +**/ +BOOLEAN +EFIAPI +Pkcs7GetCertificatesList ( + IN CONST UINT8 *P7Data, + IN UINTN P7Length, + OUT UINT8 **SignerChainCerts, + OUT UINTN *ChainLength, + OUT UINT8 **UnchainCerts, + OUT UINTN *UnchainLength + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Verifies the validity of a PKCS#7 signed data as described in "PKCS #7: + Cryptographic Message Syntax Standard". The input signed data could be wrapped + in a ContentInfo structure. + + Return FALSE to indicate this interface is not supported. + + @param[in] P7Data Pointer to the PKCS#7 message to verify. + @param[in] P7Length Length of the PKCS#7 message in bytes. + @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which + is used for certificate chain verification. + @param[in] CertLength Length of the trusted certificate in bytes. + @param[in] InData Pointer to the content to be verified. + @param[in] DataLength Length of InData in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +Pkcs7Verify ( + IN CONST UINT8 *P7Data, + IN UINTN P7Length, + IN CONST UINT8 *TrustedCert, + IN UINTN CertLength, + IN CONST UINT8 *InData, + IN UINTN DataLength + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Extracts the attached content from a PKCS#7 signed data if existed. The input signed + data could be wrapped in a ContentInfo structure. + + Return FALSE to indicate this interface is not supported. + + @param[in] P7Data Pointer to the PKCS#7 signed data to process. + @param[in] P7Length Length of the PKCS#7 signed data in bytes. + @param[out] Content Pointer to the extracted content from the PKCS#7 signedData. + It's caller's responsibility to free the buffer with FreePool(). + @param[out] ContentSize The size of the extracted content in bytes. + + @retval TRUE The P7Data was correctly formatted for processing. + @retval FALSE The P7Data was not correctly formatted for processing. + +**/ +BOOLEAN +EFIAPI +Pkcs7GetAttachedContent ( + IN CONST UINT8 *P7Data, + IN UINTN P7Length, + OUT VOID **Content, + OUT UINTN *ContentSize + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyRuntime.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyRuntime.c new file mode 100644 index 0000000000..518a769ed3 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyRuntime.c @@ -0,0 +1,38 @@ +/** @file + Runtime specific implementation of PKCS#7 SignedData Verification Wrapper. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Extracts the attached content from a PKCS#7 signed data if existed. The input signed + data could be wrapped in a ContentInfo structure. + + Return FALSE to indicate this interface is not supported. + + @param[in] P7Data Pointer to the PKCS#7 signed data to process. + @param[in] P7Length Length of the PKCS#7 signed data in bytes. + @param[out] Content Pointer to the extracted content from the PKCS#7 signedData. + It's caller's responsibility to free the buffer with FreePool(). + @param[out] ContentSize The size of the extracted content in bytes. + + @retval TRUE The P7Data was correctly formatted for processing. + @retval FALSE The P7Data was not correctly formatted for processing. + +**/ +BOOLEAN +EFIAPI +Pkcs7GetAttachedContent ( + IN CONST UINT8 *P7Data, + IN UINTN P7Length, + OUT VOID **Content, + OUT UINTN *ContentSize + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTsNull.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTsNull.c new file mode 100644 index 0000000000..fcde333a6d --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTsNull.c @@ -0,0 +1,42 @@ +/** @file + RFC3161 Timestamp Countersignature Verification Wrapper Implementation which does + not provide real capabilities. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Verifies the validity of a RFC3161 Timestamp CounterSignature embedded in PE/COFF Authenticode + signature. + + Return FALSE to indicate this interface is not supported. + + @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed + PE/COFF image to be verified. + @param[in] DataSize Size of the Authenticode Signature in bytes. + @param[in] TsaCert Pointer to a trusted/root TSA certificate encoded in DER, which + is used for TSA certificate chain verification. + @param[in] CertSize Size of the trusted certificate in bytes. + @param[out] SigningTime Return the time of timestamp generation time if the timestamp + signature is valid. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +ImageTimestampVerify ( + IN CONST UINT8 *AuthData, + IN UINTN DataSize, + IN CONST UINT8 *TsaCert, + IN UINTN CertSize, + OUT EFI_TIME *SigningTime + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509Null.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509Null.c new file mode 100644 index 0000000000..8ee3d44435 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509Null.c @@ -0,0 +1,753 @@ +/** @file + X.509 Certificate Handler Wrapper Implementation which does not provide + real capabilities. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Construct a X509 object from DER-encoded certificate data. + + Return FALSE to indicate this interface is not supported. + + @param[in] Cert Pointer to the DER-encoded certificate data. + @param[in] CertSize The size of certificate data in bytes. + @param[out] SingleX509Cert The generated X509 object. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +X509ConstructCertificate ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 **SingleX509Cert + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Construct a X509 stack object from a list of DER-encoded certificate data. + + If X509Stack is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object. + On output, pointer to the X509 stack object with new + inserted X509 certificate. + @param[in] Args VA_LIST marker for the variable argument list. + A list of DER-encoded single certificate data followed + by certificate size. A NULL terminates the list. The + pairs are the arguments to X509ConstructCertificate(). + + @retval TRUE The X509 stack construction succeeded. + @retval FALSE The construction operation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +X509ConstructCertificateStackV ( + IN OUT UINT8 **X509Stack, + IN VA_LIST Args + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Construct a X509 stack object from a list of DER-encoded certificate data. + + Return FALSE to indicate this interface is not supported. + + @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object. + On output, pointer to the X509 stack object with new + inserted X509 certificate. + @param ... A list of DER-encoded single certificate data followed + by certificate size. A NULL terminates the list. The + pairs are the arguments to X509ConstructCertificate(). + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +X509ConstructCertificateStack ( + IN OUT UINT8 **X509Stack, + ... + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Release the specified X509 object. + + If the interface is not supported, then ASSERT(). + + @param[in] X509Cert Pointer to the X509 object to be released. + +**/ +VOID +EFIAPI +X509Free ( + IN VOID *X509Cert + ) +{ + ASSERT (FALSE); +} + +/** + Release the specified X509 stack object. + + If the interface is not supported, then ASSERT(). + + @param[in] X509Stack Pointer to the X509 stack object to be released. + +**/ +VOID +EFIAPI +X509StackFree ( + IN VOID *X509Stack + ) +{ + ASSERT (FALSE); +} + +/** + Retrieve the subject bytes from one X.509 certificate. + + Return FALSE to indicate this interface is not supported. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] CertSubject Pointer to the retrieved certificate subject bytes. + @param[in, out] SubjectSize The size in bytes of the CertSubject buffer on input, + and the size of buffer returned CertSubject on output. + + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +X509GetSubjectName ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *CertSubject, + IN OUT UINTN *SubjectSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the common name (CN) string from one X.509 certificate. + + Return RETURN_UNSUPPORTED to indicate this interface is not supported. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] CommonName Buffer to contain the retrieved certificate common + name string (UTF8). At most CommonNameSize bytes will be + written and the string will be null terminated. May be + NULL in order to determine the size buffer needed. + @param[in,out] CommonNameSize The size in bytes of the CommonName buffer on input, + and the size of buffer returned CommonName on output. + If CommonName is NULL then the amount of space needed + in buffer (including the final null) is returned. + + @retval RETURN_UNSUPPORTED The operation is not supported. + +**/ +RETURN_STATUS +EFIAPI +X509GetCommonName ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT CHAR8 *CommonName OPTIONAL, + IN OUT UINTN *CommonNameSize + ) +{ + ASSERT (FALSE); + return RETURN_UNSUPPORTED; +} + +/** + Retrieve the organization name (ON) string from one X.509 certificate. + + Return RETURN_UNSUPPORTED to indicate this interface is not supported. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] NameBuffer Buffer to contain the retrieved certificate organization + name string. At most NameBufferSize bytes will be + written and the string will be null terminated. May be + NULL in order to determine the size buffer needed. + @param[in,out] NameBufferSize The size in bytes of the Name buffer on input, + and the size of buffer returned Name on output. + If NameBuffer is NULL then the amount of space needed + in buffer (including the final null) is returned. + + @retval RETURN_UNSUPPORTED The operation is not supported. + +**/ +RETURN_STATUS +EFIAPI +X509GetOrganizationName ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT CHAR8 *NameBuffer OPTIONAL, + IN OUT UINTN *NameBufferSize + ) +{ + ASSERT (FALSE); + return RETURN_UNSUPPORTED; +} + +/** + Retrieve the RSA Public Key from one DER-encoded X509 certificate. + + Return FALSE to indicate this interface is not supported. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved + RSA public key component. Use RsaFree() function to free the + resource. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +RsaGetPublicKeyFromX509 ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT VOID **RsaContext + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Verify one X509 certificate was issued by the trusted CA. + + Return FALSE to indicate this interface is not supported. + + @param[in] Cert Pointer to the DER-encoded X509 certificate to be verified. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[in] CACert Pointer to the DER-encoded trusted CA certificate. + @param[in] CACertSize Size of the CA Certificate in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +X509VerifyCert ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN CONST UINT8 *CACert, + IN UINTN CACertSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the TBSCertificate from one given X.509 certificate. + + Return FALSE to indicate this interface is not supported. + + @param[in] Cert Pointer to the given DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] TBSCert DER-Encoded To-Be-Signed certificate. + @param[out] TBSCertSize Size of the TBS certificate in bytes. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +X509GetTBSCert ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 **TBSCert, + OUT UINTN *TBSCertSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the EC Public Key from one DER-encoded X509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] EcContext Pointer to new-generated EC DSA context which contain the retrieved + EC public key component. Use EcFree() function to free the + resource. + + If Cert is NULL, then return FALSE. + If EcContext is NULL, then return FALSE. + + @retval TRUE EC Public Key was retrieved successfully. + @retval FALSE Fail to retrieve EC public key from X509 certificate. + +**/ +BOOLEAN +EFIAPI +EcGetPublicKeyFromX509 ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT VOID **EcContext + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the version from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertSize is 0, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Version Pointer to the retrieved version integer. + + @retval TRUE The certificate version retrieved successfully. + @retval FALSE If Cert is NULL or CertSize is Zero. + @retval FALSE The operation is not supported. + +**/ +BOOLEAN +EFIAPI +X509GetVersion ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINTN *Version + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the serialNumber from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertSize is 0, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] SerialNumber Pointer to the retrieved certificate SerialNumber bytes. + @param[in, out] SerialNumberSize The size in bytes of the SerialNumber buffer on input, + and the size of buffer returned SerialNumber on output. + + @retval TRUE The certificate serialNumber retrieved successfully. + @retval FALSE If Cert is NULL or CertSize is Zero. + If SerialNumberSize is NULL. + If Certificate is invalid. + @retval FALSE If no SerialNumber exists. + @retval FALSE If the SerialNumber is NULL. The required buffer size + (including the final null) is returned in the + SerialNumberSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetSerialNumber ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *SerialNumber, + OPTIONAL + IN OUT UINTN *SerialNumberSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the issuer bytes from one X.509 certificate. + + If Cert is NULL, then return FALSE. + If CertIssuerSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] CertIssuer Pointer to the retrieved certificate subject bytes. + @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buffer on input, + and the size of buffer returned CertSubject on output. + + @retval TRUE The certificate issuer retrieved successfully. + @retval FALSE Invalid certificate, or the CertIssuerSize is too small for the result. + The CertIssuerSize will be updated with the required size. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +X509GetIssuerName ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *CertIssuer, + IN OUT UINTN *CertIssuerSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the Signature Algorithm from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Oid Signature Algorithm Object identifier buffer. + @param[in,out] OidSize Signature Algorithm Object identifier buffer size + + @retval TRUE The certificate Extension data retrieved successfully. + @retval FALSE If Cert is NULL. + If OidSize is NULL. + If Oid is not NULL and *OidSize is 0. + If Certificate is invalid. + @retval FALSE If no SignatureType. + @retval FALSE If the Oid is NULL. The required buffer size + is returned in the OidSize. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetSignatureAlgorithm ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *Oid, + OPTIONAL + IN OUT UINTN *OidSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve Extension data from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[in] Oid Object identifier buffer + @param[in] OidSize Object identifier buffer size + @param[out] ExtensionData Extension bytes. + @param[in, out] ExtensionDataSize Extension bytes size. + + @retval TRUE The certificate Extension data retrieved successfully. + @retval FALSE If Cert is NULL. + If ExtensionDataSize is NULL. + If ExtensionData is not NULL and *ExtensionDataSize is 0. + If Certificate is invalid. + @retval FALSE If no Extension entry match Oid. + @retval FALSE If the ExtensionData is NULL. The required buffer size + is returned in the ExtensionDataSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetExtensionData ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN CONST UINT8 *Oid, + IN UINTN OidSize, + OUT UINT8 *ExtensionData, + IN OUT UINTN *ExtensionDataSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the Extended Key Usage from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Usage Key Usage bytes. + @param[in, out] UsageSize Key Usage buffer sizs in bytes. + + @retval TRUE The Usage bytes retrieve successfully. + @retval FALSE If Cert is NULL. + If CertSize is NULL. + If Usage is not NULL and *UsageSize is 0. + If Cert is invalid. + @retval FALSE If the Usage is NULL. The required buffer size + is returned in the UsageSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509GetExtendedKeyUsage ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINT8 *Usage, + IN OUT UINTN *UsageSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the Validity from one X.509 certificate + + If Cert is NULL, then return FALSE. + If CertIssuerSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[in] From notBefore Pointer to DateTime object. + @param[in,out] FromSize notBefore DateTime object size. + @param[in] To notAfter Pointer to DateTime object. + @param[in,out] ToSize notAfter DateTime object size. + + Note: X509CompareDateTime to compare DateTime oject + x509SetDateTime to get a DateTime object from a DateTimeStr + + @retval TRUE The certificate Validity retrieved successfully. + @retval FALSE Invalid certificate, or Validity retrieve failed. + @retval FALSE This interface is not supported. +**/ +BOOLEAN +EFIAPI +X509GetValidity ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + IN UINT8 *From, + IN OUT UINTN *FromSize, + IN UINT8 *To, + IN OUT UINTN *ToSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Format a DateTimeStr to DataTime object in DataTime Buffer + + If DateTimeStr is NULL, then return FALSE. + If DateTimeSize is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ + Ref: https://www.w3.org/TR/NOTE-datetime + Z stand for UTC time + @param[out] DateTime Pointer to a DateTime object. + @param[in,out] DateTimeSize DateTime object buffer size. + + @retval TRUE The DateTime object create successfully. + @retval FALSE If DateTimeStr is NULL. + If DateTimeSize is NULL. + If DateTime is not NULL and *DateTimeSize is 0. + If Year Month Day Hour Minute Second combination is invalid datetime. + @retval FALSE If the DateTime is NULL. The required buffer size + (including the final null) is returned in the + DateTimeSize parameter. + @retval FALSE The operation is not supported. +**/ +BOOLEAN +EFIAPI +X509FormatDateTime ( + IN CONST CHAR8 *DateTimeStr, + OUT VOID *DateTime, + IN OUT UINTN *DateTimeSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Compare DateTime1 object and DateTime2 object. + + If DateTime1 is NULL, then return -2. + If DateTime2 is NULL, then return -2. + If DateTime1 == DateTime2, then return 0 + If DateTime1 > DateTime2, then return 1 + If DateTime1 < DateTime2, then return -1 + + @param[in] DateTime1 Pointer to a DateTime Ojbect + @param[in] DateTime2 Pointer to a DateTime Object + + @retval 0 If DateTime1 == DateTime2 + @retval 1 If DateTime1 > DateTime2 + @retval -1 If DateTime1 < DateTime2 +**/ +INT32 +EFIAPI +X509CompareDateTime ( + IN CONST VOID *DateTime1, + IN CONST VOID *DateTime2 + ) +{ + ASSERT (FALSE); + return -3; +} + +/** + Retrieve the Key Usage from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] Usage Key Usage (CRYPTO_X509_KU_*) + + @retval TRUE The certificate Key Usage retrieved successfully. + @retval FALSE Invalid certificate, or Usage is NULL + @retval FALSE This interface is not supported. +**/ +BOOLEAN +EFIAPI +X509GetKeyUsage ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT UINTN *Usage + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Verify one X509 certificate was issued by the trusted CA. + @param[in] RootCert Trusted Root Certificate buffer + + @param[in] RootCertLength Trusted Root Certificate buffer length + @param[in] CertChain One or more ASN.1 DER-encoded X.509 certificates + where the first certificate is signed by the Root + Certificate or is the Root Cerificate itself. and + subsequent cerificate is signed by the preceding + cerificate. + @param[in] CertChainLength Total length of the certificate chain, in bytes. + + @retval TRUE All cerificates was issued by the first certificate in X509Certchain. + @retval FALSE Invalid certificate or the certificate was not issued by the given + trusted CA. +**/ +BOOLEAN +EFIAPI +X509VerifyCertChain ( + IN CONST UINT8 *RootCert, + IN UINTN RootCertLength, + IN CONST UINT8 *CertChain, + IN UINTN CertChainLength + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Get one X509 certificate from CertChain. + + @param[in] CertChain One or more ASN.1 DER-encoded X.509 certificates + where the first certificate is signed by the Root + Certificate or is the Root Cerificate itself. and + subsequent cerificate is signed by the preceding + cerificate. + @param[in] CertChainLength Total length of the certificate chain, in bytes. + + @param[in] CertIndex Index of certificate. + + @param[out] Cert The certificate at the index of CertChain. + @param[out] CertLength The length certificate at the index of CertChain. + + @retval TRUE Success. + @retval FALSE Failed to get certificate from certificate chain. +**/ +BOOLEAN +EFIAPI +X509GetCertFromCertChain ( + IN CONST UINT8 *CertChain, + IN UINTN CertChainLength, + IN CONST INT32 CertIndex, + OUT CONST UINT8 **Cert, + OUT UINTN *CertLength + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the tag and length of the tag. + + @param Ptr The position in the ASN.1 data + @param End End of data + @param Length The variable that will receive the length + @param Tag The expected tag + + @retval TRUE Get tag successful + @retval FALSe Failed to get tag or tag not match +**/ +BOOLEAN +EFIAPI +Asn1GetTag ( + IN OUT UINT8 **Ptr, + IN CONST UINT8 *End, + OUT UINTN *Length, + IN UINT32 Tag + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Retrieve the basic constraints from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize size of the X509 certificate in bytes. + @param[out] BasicConstraints basic constraints bytes. + @param[in, out] BasicConstraintsSize basic constraints buffer sizs in bytes. + + @retval TRUE The basic constraints retrieve successfully. + @retval FALSE If cert is NULL. + If cert_size is NULL. + If basic_constraints is not NULL and *basic_constraints_size is 0. + If cert is invalid. + @retval FALSE The required buffer size is small. + The return buffer size is basic_constraints_size parameter. + @retval FALSE If no Extension entry match oid. + @retval FALSE The operation is not supported. + **/ +BOOLEAN +EFIAPI +X509GetExtendedBasicConstraints ( + CONST UINT8 *Cert, + UINTN CertSize, + UINT8 *BasicConstraints, + UINTN *BasicConstraintsSize + ) +{ + ASSERT (FALSE); + return FALSE; +} diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandNull.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandNull.c new file mode 100644 index 0000000000..d5c66291ed --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandNull.c @@ -0,0 +1,56 @@ +/** @file + Pseudorandom Number Generator Wrapper Implementation which does not provide + real capabilities. + +Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +/** + Sets up the seed value for the pseudorandom number generator. + + Return FALSE to indicate this interface is not supported. + + @param[in] Seed Pointer to seed value. + If NULL, default seed is used. + @param[in] SeedSize Size of seed value. + If Seed is NULL, this parameter is ignored. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +RandomSeed ( + IN CONST UINT8 *Seed OPTIONAL, + IN UINTN SeedSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + +/** + Generates a pseudorandom byte stream of the specified size. + + Return FALSE to indicate this interface is not supported. + + @param[out] Output Pointer to buffer to receive random value. + @param[in] Size Size of random bytes to generate. + + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +RandomBytes ( + OUT UINT8 *Output, + IN UINTN Size + ) +{ + ASSERT (FALSE); + return FALSE; +} -- cgit v1.2.3