NetworkPkg/IpSecDxe/IpSecCryptIo.h File Reference


Data Structures

struct  _ENCRYPT_ALGORITHM
struct  _AUTH_ALGORITHM
struct  _HASH_ALGORITHM

Defines

#define IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE   4
#define IPSEC_AUTH_ALGORITHM_LIST_SIZE   3
#define IPSEC_HASH_ALGORITHM_LIST_SIZE   3
#define IKE_AALG_NONE   0x00
#define IKE_AALG_SHA1HMAC   0x02
#define IKE_AALG_NULL   0xFB
#define IKE_EALG_NONE   0x00
#define IKE_EALG_3DESCBC   0x03
#define IKE_EALG_NULL   0x0B
#define IKE_EALG_AESCBC   0x0C

Typedefs

typedef UINTN(EFIAPI * CRYPTO_HMAC_GETCONTEXTSIZE )(VOID)
typedef BOOLEAN(EFIAPI * CRYPTO_HMAC_INIT )(OUT VOID *Context, IN CONST UINT8 *Key, IN UINTN KeySize)
typedef BOOLEAN(EFIAPI * CRYPTO_HMAC_UPDATE )(IN OUT VOID *Context, IN CONST VOID *Data, IN UINTN DataLength)
typedef BOOLEAN(EFIAPI * CRYPTO_HMAC_FINAL )(IN OUT VOID *Context, OUT UINT8 *HmacValue)
typedef UINTN(EFIAPI * CRYPTO_CIPHER_GETCONTEXTSIZE )(VOID)
typedef BOOLEAN(EFIAPI * CRYPTO_CIPHER_INIT )(IN OUT VOID *Context, IN CONST UINT8 *Key, IN UINTN KeyBits)
typedef BOOLEAN(EFIAPI * CRYPTO_CIPHER_ENCRYPT )(IN VOID *Context, IN CONST UINT8 *InData, IN UINTN InputSize, IN CONST UINT8 *Ivec, OUT UINT8 *OutData)
typedef BOOLEAN(EFIAPI * CRYPTO_CIPHER_DECRYPT )(IN VOID *Context, IN CONST UINT8 *InData, IN UINTN InputSize, IN CONST UINT8 *Ivec, OUT UINT8 *OutData)
typedef UINTN(EFIAPI * CRYPTO_HASH_GETCONTEXTSIZE )(VOID)
typedef BOOLEAN(EFIAPI * CRYPTO_HASH_INIT )(OUT VOID *Context)
typedef BOOLEAN(EFIAPI * CRYPTO_HASH_UPDATE )(IN OUT VOID *Context, IN CONST VOID *Data, IN UINTN DataSize)
typedef BOOLEAN(EFIAPI * CRYPTO_HASH_FINAL )(IN OUT VOID *Context, OUT UINT8 *HashValue)
typedef struct _ENCRYPT_ALGORITHM ENCRYPT_ALGORITHM
typedef struct _AUTH_ALGORITHM AUTH_ALGORITHM
typedef struct _HASH_ALGORITHM HASH_ALGORITHM

Functions

UINTN IpSecGetEncryptIvLength (IN UINT8 AlgorithmId)
UINTN IpSecGetEncryptBlockSize (IN UINT8 AlgorithmId)
UINTN IpSecGetEncryptKeyLength (IN UINT8 AlgorithmId)
UINTN IpSecGetIcvLength (IN UINT8 AlgorithmId)
UINTN IpSecGetHmacDigestLength (IN UINT8 AlgorithmId)
EFI_STATUS IpSecGenerateIv (IN UINT8 *IvBuffer, IN UINTN IvSize)
EFI_STATUS IpSecCryptoIoEncrypt (IN CONST UINT8 AlgorithmId, IN CONST UINT8 *Key, IN CONST UINTN KeyBits, IN CONST UINT8 *Ivec, IN UINT8 *InData, IN UINTN InDataLength, OUT UINT8 *OutData)
EFI_STATUS IpSecCryptoIoDecrypt (IN CONST UINT8 AlgorithmId, IN CONST UINT8 *Key, IN CONST UINTN KeyBits, IN CONST UINT8 *Ivec, IN UINT8 *InData, IN UINTN InDataLength, OUT UINT8 *OutData)
EFI_STATUS IpSecCryptoIoHmac (IN CONST UINT8 AlgorithmId, IN CONST UINT8 *Key, IN UINTN KeyLength, IN HASH_DATA_FRAGMENT *InDataFragment, IN UINTN FragmentCount, OUT UINT8 *OutData, IN UINTN OutDataSize)
EFI_STATUS IpSecCryptoIoHash (IN CONST UINT8 AlgorithmId, IN HASH_DATA_FRAGMENT *InDataFragment, IN UINTN FragmentCount, OUT UINT8 *OutData, IN UINTN OutDataSize)
EFI_STATUS IpSecCryptoIoDhGetPublicKey (IN OUT UINT8 **DhContext, IN UINTN Generator, IN UINTN PrimeLength, IN CONST UINT8 *Prime, OUT UINT8 *PublicKey, IN OUT UINTN *PublicKeySize)
EFI_STATUS IpSecCryptoIoDhComputeKey (IN OUT UINT8 *DhContext, IN CONST UINT8 *PeerPublicKey, IN UINTN PeerPublicKeySize, OUT UINT8 *Key, IN OUT UINTN *KeySize)
EFI_STATUS IpSecCryptoIoFreeDh (IN OUT UINT8 **DhContext)
EFI_STATUS IpSecCryptoIoGenerateRandomBytes (OUT UINT8 *OutBuffer, IN UINTN Bytes)
VOID IpSecCryptoIoAuthDataWithCertificate (IN UINT8 *InData, IN UINTN InDataSize, IN UINT8 *PrivateKey, IN UINTN PrivateKeySize, IN UINT8 *KeyPassWord, IN UINTN KeyPwdSize, OUT UINT8 **OutData, IN OUT UINTN *OutDataSize)
BOOLEAN IpSecCryptoIoVerifySignDataByCertificate (IN UINT8 *InCert, IN UINTN CertLen, IN UINT8 *InCa, IN UINTN CaLen, IN UINT8 *InData, IN UINTN InDataSize, IN UINT8 *Singnature, IN UINTN SigSize)
EFI_STATUS IpSecCryptoIoGetPublicKeyFromCert (IN UINT8 *InCert, IN UINTN CertLen, OUT UINT8 **PublicKey, OUT UINTN *PublicKeyLen)
EFI_STATUS IpSecCryptoIoGetSubjectFromCert (IN UINT8 *InCert, IN UINTN CertSize, OUT UINT8 **CertSubject, OUT UINTN *SubjectSize)

Detailed Description

Definitions related to the Cryptographic Operations in IPsec.

Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.

This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php.

THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.


Define Documentation

#define IKE_AALG_NONE   0x00

Authentication Algorithm Definition The number value definition is aligned to IANA assignment

Referenced by IpSecCryptoIoHash(), and IpSecCryptoIoHmac().

#define IKE_AALG_NULL   0xFB

#define IKE_AALG_SHA1HMAC   0x02

#define IKE_EALG_3DESCBC   0x03

#define IKE_EALG_AESCBC   0x0C

#define IKE_EALG_NONE   0x00

Encryption Algorithm Definition The number value definition is aligned to IANA assignment

Referenced by IpSecCryptoIoDecrypt(), and IpSecCryptoIoEncrypt().

#define IKE_EALG_NULL   0x0B

#define IPSEC_AUTH_ALGORITHM_LIST_SIZE   3

#define IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE   4

#define IPSEC_HASH_ALGORITHM_LIST_SIZE   3


Typedef Documentation

typedef BOOLEAN(EFIAPI * CRYPTO_CIPHER_DECRYPT)(IN VOID *Context, IN CONST UINT8 *InData, IN UINTN InputSize, IN CONST UINT8 *Ivec, OUT UINT8 *OutData)

Prototype of Cipher decryption. Decrypts cipher message with specified cipher.

If Context is NULL, then ASSERT(). if InData is NULL, then ASSERT(). If Size of input data is not a multiple of a certaion block size , then ASSERT().

Parameters:
[in] Context The specified Context.
[in] InData The input ciphertext data to be decrypted.
[in] InputSize The InData size.
[in] Ivec Pointer to the Initial Vector data for decryption.
[out] OutData The resultant decrypted plaintext.
Return values:
TRUE Decryption successful.

typedef BOOLEAN(EFIAPI * CRYPTO_CIPHER_ENCRYPT)(IN VOID *Context, IN CONST UINT8 *InData, IN UINTN InputSize, IN CONST UINT8 *Ivec, OUT UINT8 *OutData)

Prototype of Cipher encryption. Encrypts plaintext message with the specified cipher.

If Context is NULL, then ASSERT(). if InData is NULL, then ASSERT(). If Size of input data is not multiple of Cipher algorithm related block size, then ASSERT().

Parameters:
[in] Context The specified Context.
[in] InData The input plaintext data to be encrypted.
[in] InputSize The size of input data.
[in] Ivec Pointer to Initial Vector data for encryption.
[out] OutData The resultant encrypted ciphertext.
Return values:
TRUE Encryption successful.

typedef UINTN(EFIAPI * CRYPTO_CIPHER_GETCONTEXTSIZE)(VOID)

Prototype of Block Cipher GetContextSize.

Retrieves the size, in bytes, of the context buffer required.

Returns:
The size, in bytes, of the context buffer required.

typedef BOOLEAN(EFIAPI * CRYPTO_CIPHER_INIT)(IN OUT VOID *Context, IN CONST UINT8 *Key, IN UINTN KeyBits)

Prototype of Block Cipher initiation. Intializes the user-supplied key as the specifed context (key materials) for both encryption and decryption operations.

If Context is NULL, then ASSERT(). If Key is NULL, then generate random key for usage.

Parameters:
[in,out] Context The specified Context.
[in] Key User-supplied cipher key.
[in] KeyBits Key length in bits.
Return values:
TRUE Block Cipher Initialization was successful.

typedef BOOLEAN(EFIAPI * CRYPTO_HASH_FINAL)(IN OUT VOID *Context, OUT UINT8 *HashValue)

Prototype of Hash Finalization.

Completes computation of the digest value.

This function completes hash computation and retrieves the digest value into the specified memory. After this function has been called, the context cannot be used again. context should be already correctly intialized by HashInit(), and should not be finalized by HashFinal(). Behavior with invalid context is undefined.

If Context is NULL, then ASSERT(). If HashValue is NULL, then ASSERT().

Parameters:
[in,out] Context Pointer to the specified context.
[out] HashValue Pointer to a buffer that receives the digest value.
Return values:
TRUE digest computation succeeded.
FALSE digest computation failed.

typedef UINTN(EFIAPI * CRYPTO_HASH_GETCONTEXTSIZE)(VOID)

Prototype of Hash ContextSize.

Retrieves the size, in bytes, of the context buffer required for specified hash operations.

Returns:
The size, in bytes, of the context buffer required for certain hash operations.

typedef BOOLEAN(EFIAPI * CRYPTO_HASH_INIT)(OUT VOID *Context)

Prototype of Hash Initiate.

Initializes user-supplied memory pointed by Context as specified hash context for subsequent use.

If Context is NULL, then ASSERT().

Parameters:
[out] Context Pointer to specified context being initialized.
Return values:
TRUE context initialization succeeded.
FALSE context initialization failed.

typedef BOOLEAN(EFIAPI * CRYPTO_HASH_UPDATE)(IN OUT VOID *Context, IN CONST VOID *Data, IN UINTN DataSize)

Prototype of Hash Update

Digests the input data and updates hash context.

This function performs digest on a data buffer of the specified size. It can be called multiple times to compute the digest of long or discontinuous data streams. Context should be already correctly intialized by HashInit(), and should not be finalized by HashFinal(). Behavior with invalid context is undefined.

If Context is NULL, then ASSERT().

Parameters:
[in,out] Context Pointer to the specified context.
[in] Data Pointer to the buffer containing the data to be hashed.
[in] DataSize Size of Data buffer in bytes.
Return values:
TRUE data digest succeeded.
FALSE data digest failed.

typedef BOOLEAN(EFIAPI * CRYPTO_HMAC_FINAL)(IN OUT VOID *Context, OUT UINT8 *HmacValue)

Prototype of HMAC finallization. Terminate a HMAC message digest operation and output the message digest.

If Context is NULL, then ASSERT(). If HashValue is NULL, then ASSERT().

Parameters:
[in,out] Context The specified Context.
[out] HmacValue Pointer to a 16-byte message digest output buffer.
Return values:
TRUE Finalized successfully.

typedef UINTN(EFIAPI * CRYPTO_HMAC_GETCONTEXTSIZE)(VOID)

Prototype of HMAC GetContextSize.

Retrieves the size, in bytes, of the context buffer required.

Returns:
The size, in bytes, of the context buffer required.

typedef BOOLEAN(EFIAPI * CRYPTO_HMAC_INIT)(OUT VOID *Context, IN CONST UINT8 *Key, IN UINTN KeySize)

Prototype of HMAC Operation Initiating.

Initialization with a new context.

Parameters:
[out] Context Input Context.
[in] Key Pointer to the key for HMAC.
[in] KeySize The length of the Key in bytes.
Return values:
TRUE Initialization Successfully.

typedef BOOLEAN(EFIAPI * CRYPTO_HMAC_UPDATE)(IN OUT VOID *Context, IN CONST VOID *Data, IN UINTN DataLength)

Prototype of HMAC update. HMAC update operation. Continue an HMAC message digest operation, processing another message block, and updating the HMAC context.

If Context is NULL, then ASSERT(). If Data is NULL, then ASSERT().

Parameters:
[in,out] Context The Specified Context.
[in,out] Data The Input Data to be digested.
[in] DataLength The length, in bytes, of Data.
Return values:
TRUE Update data successfully.
FALSE The Context has been finalized.


Function Documentation

VOID IpSecCryptoIoAuthDataWithCertificate ( IN UINT8 *  InData,
IN UINTN  InDataSize,
IN UINT8 *  PrivateKey,
IN UINTN  PrivateKeySize,
IN UINT8 *  KeyPassWord,
IN UINTN  KeyPwdSize,
OUT UINT8 **  OutData,
IN OUT UINTN *  OutDataSize 
)

Authenticate data with the certificate.

Parameters:
[in] InData Pointer to the Data to be signed.
[in] InDataSize InData size in bytes.
[in] PrivateKey Pointer to the private key.
[in] PrivateKeySize The size of Private Key in bytes.
[in] KeyPassWord Pointer to the password for retrieving private key.
[in] KeyPwdSize The size of Key Password in bytes.
[out] OutData The pointer to the signed data.
[in,out] OutDataSize Pointer to contain the size of out data.

Referenced by Ikev2CertGenerateAuthPayload().

EFI_STATUS IpSecCryptoIoDecrypt ( IN CONST UINT8  AlgorithmId,
IN CONST UINT8 *  Key,
IN CONST UINTN  KeyBits,
IN CONST UINT8 *  Ivec,
IN UINT8 *  InData,
IN UINTN  InDataLength,
OUT UINT8 *  OutData 
)

Decrypts the buffer.

This function calls relevant Decryption interface from CryptoLib according to the input alogrithm ID. The InData should be multiple of block size. This function doesn't perform the padding. If it has the Ivec data, the length of it should be same with the block size. The block size is different from the different algorithm.

Parameters:
[in] AlgorithmId The Alogrithem identification defined in RFC.
[in] Key Pointer to the buffer containing encrypting key.
[in] KeyBits The length of the key in bits.
[in] Ivec Point to the buffer containning the Initializeion Vector (IV) data.
[in] InData Point to the buffer containing the data to be decrypted.
[in] InDataLength The length of InData in Bytes.
[out] OutData Pointer to the buffer that receives the decryption output.
Return values:
EFI_UNSUPPORTED The input Algorithm is not supported.
EFI_OUT_OF_RESOURCE The required resource can't be allocated.
EFI_SUCCESS The operation completed successfully.

References _ENCRYPT_ALGORITHM::CipherGetContextSize, IKE_EALG_3DESCBC, IKE_EALG_AESCBC, IKE_EALG_NONE, IKE_EALG_NULL, IpSecGetIndexFromEncList(), and mIpsecEncryptAlgorithmList.

Referenced by Ikev2DecryptPacket(), and IpSecEspInboundPacket().

EFI_STATUS IpSecCryptoIoDhComputeKey ( IN OUT UINT8 *  DhContext,
IN CONST UINT8 *  PeerPublicKey,
IN UINTN  PeerPublicKeySize,
OUT UINT8 *  Key,
IN OUT UINTN *  KeySize 
)

Generates exchanged common key.

Given peer's public key, this function computes the exchanged common key, based on its own context including value of prime modulus and random secret exponent.

Parameters:
[in,out] DhContext Pointer to the DH context.
[in] PeerPublicKey Pointer to the peer's Public Key.
[in] PeerPublicKeySize Size of peer's public key in bytes.
[out] Key Pointer to the buffer to receive generated key.
[in,out] KeySize For in, the size of Key buffer in bytes. For out, the size of data returned in Key buffer in bytes.
Return values:
EFI_SUCCESS The operation perfoms successfully.
Otherwise The operation is failed.

Referenced by Ikev2GenerateSaDhComputeKey().

EFI_STATUS IpSecCryptoIoDhGetPublicKey ( IN OUT UINT8 **  DhContext,
IN UINTN  Generator,
IN UINTN  PrimeLength,
IN CONST UINT8 *  Prime,
OUT UINT8 *  PublicKey,
IN OUT UINTN *  PublicKeySize 
)

Generates the Diffie-Hellman public key.

This function first initiate a DHContext, then call the DhSetParameter() to set the prime and primelenght, at end call the DhGenerateKey() to generates random secret exponent, and computes the public key. The output returned via parameter PublicKey and PublicKeySize. DH context is updated accordingly. If the PublicKey buffer is too small to hold the public key, EFI_INVALID_PARAMETER is returned and PublicKeySize is set to the required buffer size to obtain the public key.

Parameters:
[in,out] DhContext Pointer to the DH context.
[in] Generator Vlaue of generator.
[in] PrimeLength Length in bits of prime to be generated.
[in] Prime Pointer to the buffer to receive the generated prime number.
[out] PublicKey Pointer to the buffer to receive generated public key.
[in,out] PublicKeySize For in, the size of PublicKey buffer in bytes. For out, the size of data returned in PublicKey buffer in bytes.
Return values:
EFI_SUCCESS The operation perfoms successfully.
Otherwise The operation is failed.

Referenced by Ikev2GenerateSaDhPublicKey().

EFI_STATUS IpSecCryptoIoEncrypt ( IN CONST UINT8  AlgorithmId,
IN CONST UINT8 *  Key,
IN CONST UINTN  KeyBits,
IN CONST UINT8 *  Ivec,
IN UINT8 *  InData,
IN UINTN  InDataLength,
OUT UINT8 *  OutData 
)

Encrypt the buffer.

This function calls relevant encryption interface from CryptoLib according to the input alogrithm ID. The InData should be multiple of block size. This function doesn't perform the padding. If it has the Ivec data, the length of it should be same with the block size. The block size is different from the different algorithm.

Parameters:
[in] AlgorithmId The Alogrithem identification defined in RFC.
[in] Key Pointer to the buffer containing encrypting key.
[in] KeyBits The length of the key in bits.
[in] Ivec Point to the buffer containning the Initializeion Vector (IV) data.
[in] InData Point to the buffer containing the data to be encrypted.
[in] InDataLength The length of InData in Bytes.
[out] OutData Point to the buffer that receives the encryption output.
Return values:
EFI_UNSUPPORTED The input Algorithm is not supported.
EFI_OUT_OF_RESOURCE The required resource can't be allocated.
EFI_SUCCESS The operation completed successfully.

References _ENCRYPT_ALGORITHM::CipherGetContextSize, IKE_EALG_3DESCBC, IKE_EALG_AESCBC, IKE_EALG_NONE, IKE_EALG_NULL, IpSecGetIndexFromEncList(), and mIpsecEncryptAlgorithmList.

Referenced by Ikev2EncryptPacket(), and IpSecEspOutboundPacket().

EFI_STATUS IpSecCryptoIoFreeDh ( IN OUT UINT8 **  DhContext  ) 

Releases the DH context. If DhContext is NULL, return EFI_INVALID_PARAMETER.

Parameters:
[in,out] DhContext Pointer to the DH context to be freed.
Return values:
EFI_SUCCESS The operation perfoms successfully.
EFI_INVALID_PARAMETER The DhContext is NULL.

Referenced by Ikev2DhBufferFree().

EFI_STATUS IpSecCryptoIoGenerateRandomBytes ( OUT UINT8 *  OutBuffer,
IN UINTN  Bytes 
)

Generates random numbers of specified size.

If the Random Generator wasn't initiated, initiate it first, then call RandomBytes.

Parameters:
[out] OutBuffer Pointer to buffer to receive random value.
[in] Bytes Size of randome bytes to generate.
Return values:
EFI_SUCCESS The operation perfoms successfully.
Otherwise The operation is failed.

References mInitialRandomSeed.

Referenced by IkeGenerateCookie(), IkeGenerateIv(), IkeGenerateNonce(), and IpSecGenerateIv().

EFI_STATUS IpSecCryptoIoGetPublicKeyFromCert ( IN UINT8 *  InCert,
IN UINTN  CertLen,
OUT UINT8 **  PublicKey,
OUT UINTN *  PublicKeyLen 
)

Retrieves the RSA Public Key from one X509 certificate (DER format only).

Parameters:
[in] InCert Pointer to the certificate.
[in] CertLen The size of the certificate in bytes.
[out] PublicKey Pointer to the retrieved public key.
[out] PublicKeyLen Size of Public Key in bytes.
Return values:
EFI_SUCCESS Successfully get the public Key.
EFI_INVALID_PARAMETER The CA certificate is malformed.
Retrieves the RSA Public Key from one X509 certificate (DER format only).

Parameters:
[in] InCert Pointer to the certificate.
[in] CertLen The size of the certificate in bytes.
[out] PublicKey Pointer to the retrieved public key.
[out] PublicKeyLen Size of Public Key in bytes.
Return values:
EFI_SUCCESS Successfully get the public Key.
EFI_INVALID_PARAMETER The certificate is malformed.

Referenced by Ikev2GenerateCertificatePayload().

EFI_STATUS IpSecCryptoIoGetSubjectFromCert ( IN UINT8 *  InCert,
IN UINTN  CertSize,
OUT UINT8 **  CertSubject,
OUT UINTN *  SubjectSize 
)

Retrieves the subject name from one X509 certificate (DER format only).

Parameters:
[in] InCert Pointer to the X509 certificate.
[in] CertSize The size of the X509 certificate in bytes.
[out] CertSubject Pointer to the retrieved certificate subject.
[out] SubjectSize The size of Certificate Subject in bytes.
Return values:
EFI_SUCCESS Retrieved the certificate subject successfully.
EFI_INVALID_PARAMETER The certificate is malformed.

Referenced by Ikev2GenerateCertIdPayload().

EFI_STATUS IpSecCryptoIoHash ( IN CONST UINT8  AlgorithmId,
IN HASH_DATA_FRAGMENT InDataFragment,
IN UINTN  FragmentCount,
OUT UINT8 *  OutData,
IN UINTN  OutDataSize 
)

Digests the Payload and store the result into the OutData.

This function calls relevant Hash interface from CryptoLib according to the input alogrithm ID. It computes all datas from InDataFragment and output the result into the OutData buffer. If the OutDataSize is larger than the related Hash alogrithm output size, return EFI_INVALID_PARAMETER.

Parameters:
[in] AlgorithmId The authentication Identification.
[in] InDataFragment A list contains all data to be authenticated.
[in] FragmentCount The size of the InDataFragment.
[out] OutData For in, the buffer to receive the output data. For out, the buffer contains the authenticated data.
[in] OutDataSize The size of the buffer of OutData.
Return values:
EFI_UNSUPPORTED If the AuthAlg is not in the support list.
EFI_SUCCESS Authenticated the payload successfully.
EFI_INVALID_PARAMETER If the OutDataSize is larger than the related Hash algorithm could handle.
otherwise Authentication of the payload failed.

References _HASH_ALGORITHM::HashGetContextSize, IKE_AALG_NONE, IKE_AALG_NULL, IKE_AALG_SHA1HMAC, IpSecGetHmacDigestLength(), IpSecGetIndexFromAuthList(), and mIpsecHashAlgorithmList.

Referenced by Ikev2CertGenerateAuthPayload(), and Ikev2GenerateCertificatePayload().

EFI_STATUS IpSecCryptoIoHmac ( IN CONST UINT8  AlgorithmId,
IN CONST UINT8 *  Key,
IN UINTN  KeyLength,
IN HASH_DATA_FRAGMENT InDataFragment,
IN UINTN  FragmentCount,
OUT UINT8 *  OutData,
IN UINTN  OutDataSize 
)

Digests the Payload with key and store the result into the OutData.

This function calls relevant Hmac interface from CryptoLib according to the input alogrithm ID. It computes all datas from InDataFragment and output the result into the OutData buffer. If the OutDataSize is larger than the related HMAC alogrithm output size, return EFI_INVALID_PARAMETER.

Parameters:
[in] AlgorithmId The authentication Identification.
[in] Key Pointer of the authentication key.
[in] KeyLength The length of the Key in bytes.
[in] InDataFragment The list contains all data to be authenticated.
[in] FragmentCount The size of the InDataFragment.
[out] OutData For in, the buffer to receive the output data. For out, the buffer contains the authenticated data.
[in] OutDataSize The size of the buffer of OutData.
Return values:
EFI_UNSUPPORTED If the AuthAlg is not in the support list.
EFI_INVALID_PARAMETER The OutData buffer size is larger than algorithm digest size.
EFI_SUCCESS Authenticate the payload successfully.
otherwise Authentication of the payload fails.

References _AUTH_ALGORITHM::HmacGetContextSize, IKE_AALG_NONE, IKE_AALG_NULL, IKE_AALG_SHA1HMAC, IpSecGetHmacDigestLength(), IpSecGetIndexFromAuthList(), and mIpsecAuthAlgorithmList.

Referenced by Ikev2CertGenerateAuthPayload(), Ikev2DecryptPacket(), Ikev2EncryptPacket(), Ikev2GenerateSaKeys(), Ikev2PskGenerateAuthPayload(), Ikev2SaGenerateKey(), IpSecEspAuthVerifyPayload(), and IpSecEspOutboundPacket().

BOOLEAN IpSecCryptoIoVerifySignDataByCertificate ( IN UINT8 *  InCert,
IN UINTN  CertLen,
IN UINT8 *  InCa,
IN UINTN  CaLen,
IN UINT8 *  InData,
IN UINTN  InDataSize,
IN UINT8 *  Singnature,
IN UINTN  SigSize 
)

Verify the singed data with the public key which is contained in a certificate.

Parameters:
[in] InCert Pointer to the Certificate which contains the public key.
[in] CertLen The size of Certificate in bytes.
[in] InCa Pointer to the CA certificate
[in] CaLen The size of CA certificate in bytes.
[in] InData Pointer to octect message hash to be checked.
[in] InDataSize Size of the message hash in bytes.
[in] Singnature The pointer to the RSA PKCS1-V1_5 signature to be verifed.
[in] SigSize Size of signature in bytes.
Return values:
TRUE Valid signature encoded in PKCS1-v1_5.
FALSE Invalid signature or invalid RSA context.

Referenced by Ikev2AuthCertParser().

EFI_STATUS IpSecGenerateIv ( IN UINT8 *  IvBuffer,
IN UINTN  IvSize 
)

Generate a random data for IV. If the IvSize is zero, not needed to create IV and return EFI_SUCCESS.

Parameters:
[in] IvBuffer The pointer of the IV buffer.
[in] IvSize The IV size in bytes.
Return values:
EFI_SUCCESS Create random data for IV.
Generate a random data for IV. If the IvSize is zero, not needed to create IV and return EFI_SUCCESS.

Parameters:
[in] IvBuffer The pointer of the IV buffer.
[in] IvSize The IV size in bytes.
Return values:
EFI_SUCCESS Create a random data for IV.

References IpSecCryptoIoGenerateRandomBytes().

Referenced by IpSecEspOutboundPacket().

UINTN IpSecGetEncryptBlockSize ( IN UINT8  AlgorithmId  ) 

Get the block size of specified encryption alogrithm.

Parameters:
[in] AlgorithmId The encryption algorithm ID.
Returns:
The value of block size.

References _ENCRYPT_ALGORITHM::BlockSize, IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE, and mIpsecEncryptAlgorithmList.

Referenced by Ikev2DecryptPacket(), Ikev2EncryptPacket(), IpSecEspInboundPacket(), and IpSecEspOutboundPacket().

UINTN IpSecGetEncryptIvLength ( IN UINT8  AlgorithmId  ) 

Get the IV size of specified encryption alogrithm.

Parameters:
[in] AlgorithmId The encryption algorithm ID.
Returns:
The value of IV size.
Get the IV size of the specified encryption alogrithm.

Parameters:
[in] AlgorithmId The encryption algorithm ID.
Returns:
The value of IV size.

References IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE, _ENCRYPT_ALGORITHM::IvLength, and mIpsecEncryptAlgorithmList.

Referenced by IpSecEspInboundPacket(), and IpSecEspOutboundPacket().

UINTN IpSecGetEncryptKeyLength ( IN UINT8  AlgorithmId  ) 

Get the required key length of the specified encryption alogrithm.

Parameters:
[in] AlgorithmId The encryption algorithm ID.
Returns:
The value of key length.
Get the key length of the specified encryption alogrithm.

Parameters:
[in] AlgorithmId The encryption algorithm ID.
Returns:
The value of key length.

References IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE, _ENCRYPT_ALGORITHM::KeyLength, and mIpsecEncryptAlgorithmList.

Referenced by Ikev2GenerateChildSaKeys(), Ikev2GenerateSaKeys(), Ikev2InitializeSaData(), and Ikev2ParseProposalData().

UINTN IpSecGetHmacDigestLength ( IN UINT8  AlgorithmId  ) 

Get the HMAC digest length by the specified Algorithm ID.

Parameters:
[in] AlgorithmId The specified Alogrithm ID.
Returns:
The digest length of the specified Authentication Algorithm ID.

References _AUTH_ALGORITHM::DigestLength, IPSEC_AUTH_ALGORITHM_LIST_SIZE, and mIpsecAuthAlgorithmList.

Referenced by Ikev2CertGenerateAuthPayload(), Ikev2GenerateCertificatePayload(), Ikev2GenerateChildSaKeys(), Ikev2GenerateSaKeys(), Ikev2PskGenerateAuthPayload(), Ikev2SaGenerateKey(), IpSecCryptoIoHash(), and IpSecCryptoIoHmac().

UINTN IpSecGetIcvLength ( IN UINT8  AlgorithmId  ) 

Get the ICV size of the specified Authenticaion alogrithm.

Parameters:
[in] AlgorithmId The Authentication algorithm ID.
Returns:
The value of ICV size.

References _AUTH_ALGORITHM::IcvLength, IPSEC_AUTH_ALGORITHM_LIST_SIZE, and mIpsecAuthAlgorithmList.

Referenced by Ikev2DecryptPacket(), Ikev2EncryptPacket(), IpSecEspInboundPacket(), and IpSecEspOutboundPacket().


Generated on Mon Sep 28 08:49:06 2015 for NetworkPkg[ALL] by  doxygen 1.5.7.1