Data Structures | |
struct | _ENCRYPT_ALGORITHM |
struct | _AUTH_ALGORITHM |
struct | _HASH_ALGORITHM |
Defines | |
#define | IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE 4 |
#define | IPSEC_AUTH_ALGORITHM_LIST_SIZE 3 |
#define | IPSEC_HASH_ALGORITHM_LIST_SIZE 3 |
#define | IKE_AALG_NONE 0x00 |
#define | IKE_AALG_SHA1HMAC 0x02 |
#define | IKE_AALG_NULL 0xFB |
#define | IKE_EALG_NONE 0x00 |
#define | IKE_EALG_3DESCBC 0x03 |
#define | IKE_EALG_NULL 0x0B |
#define | IKE_EALG_AESCBC 0x0C |
Typedefs | |
typedef UINTN(EFIAPI * | CRYPTO_HMAC_GETCONTEXTSIZE )(VOID) |
typedef BOOLEAN(EFIAPI * | CRYPTO_HMAC_INIT )(OUT VOID *Context, IN CONST UINT8 *Key, IN UINTN KeySize) |
typedef BOOLEAN(EFIAPI * | CRYPTO_HMAC_UPDATE )(IN OUT VOID *Context, IN CONST VOID *Data, IN UINTN DataLength) |
typedef BOOLEAN(EFIAPI * | CRYPTO_HMAC_FINAL )(IN OUT VOID *Context, OUT UINT8 *HmacValue) |
typedef UINTN(EFIAPI * | CRYPTO_CIPHER_GETCONTEXTSIZE )(VOID) |
typedef BOOLEAN(EFIAPI * | CRYPTO_CIPHER_INIT )(IN OUT VOID *Context, IN CONST UINT8 *Key, IN UINTN KeyBits) |
typedef BOOLEAN(EFIAPI * | CRYPTO_CIPHER_ENCRYPT )(IN VOID *Context, IN CONST UINT8 *InData, IN UINTN InputSize, IN CONST UINT8 *Ivec, OUT UINT8 *OutData) |
typedef BOOLEAN(EFIAPI * | CRYPTO_CIPHER_DECRYPT )(IN VOID *Context, IN CONST UINT8 *InData, IN UINTN InputSize, IN CONST UINT8 *Ivec, OUT UINT8 *OutData) |
typedef UINTN(EFIAPI * | CRYPTO_HASH_GETCONTEXTSIZE )(VOID) |
typedef BOOLEAN(EFIAPI * | CRYPTO_HASH_INIT )(OUT VOID *Context) |
typedef BOOLEAN(EFIAPI * | CRYPTO_HASH_UPDATE )(IN OUT VOID *Context, IN CONST VOID *Data, IN UINTN DataSize) |
typedef BOOLEAN(EFIAPI * | CRYPTO_HASH_FINAL )(IN OUT VOID *Context, OUT UINT8 *HashValue) |
typedef struct _ENCRYPT_ALGORITHM | ENCRYPT_ALGORITHM |
typedef struct _AUTH_ALGORITHM | AUTH_ALGORITHM |
typedef struct _HASH_ALGORITHM | HASH_ALGORITHM |
Functions | |
UINTN | IpSecGetEncryptIvLength (IN UINT8 AlgorithmId) |
UINTN | IpSecGetEncryptBlockSize (IN UINT8 AlgorithmId) |
UINTN | IpSecGetEncryptKeyLength (IN UINT8 AlgorithmId) |
UINTN | IpSecGetIcvLength (IN UINT8 AlgorithmId) |
UINTN | IpSecGetHmacDigestLength (IN UINT8 AlgorithmId) |
EFI_STATUS | IpSecGenerateIv (IN UINT8 *IvBuffer, IN UINTN IvSize) |
EFI_STATUS | IpSecCryptoIoEncrypt (IN CONST UINT8 AlgorithmId, IN CONST UINT8 *Key, IN CONST UINTN KeyBits, IN CONST UINT8 *Ivec, IN UINT8 *InData, IN UINTN InDataLength, OUT UINT8 *OutData) |
EFI_STATUS | IpSecCryptoIoDecrypt (IN CONST UINT8 AlgorithmId, IN CONST UINT8 *Key, IN CONST UINTN KeyBits, IN CONST UINT8 *Ivec, IN UINT8 *InData, IN UINTN InDataLength, OUT UINT8 *OutData) |
EFI_STATUS | IpSecCryptoIoHmac (IN CONST UINT8 AlgorithmId, IN CONST UINT8 *Key, IN UINTN KeyLength, IN HASH_DATA_FRAGMENT *InDataFragment, IN UINTN FragmentCount, OUT UINT8 *OutData, IN UINTN OutDataSize) |
EFI_STATUS | IpSecCryptoIoHash (IN CONST UINT8 AlgorithmId, IN HASH_DATA_FRAGMENT *InDataFragment, IN UINTN FragmentCount, OUT UINT8 *OutData, IN UINTN OutDataSize) |
EFI_STATUS | IpSecCryptoIoDhGetPublicKey (IN OUT UINT8 **DhContext, IN UINTN Generator, IN UINTN PrimeLength, IN CONST UINT8 *Prime, OUT UINT8 *PublicKey, IN OUT UINTN *PublicKeySize) |
EFI_STATUS | IpSecCryptoIoDhComputeKey (IN OUT UINT8 *DhContext, IN CONST UINT8 *PeerPublicKey, IN UINTN PeerPublicKeySize, OUT UINT8 *Key, IN OUT UINTN *KeySize) |
EFI_STATUS | IpSecCryptoIoFreeDh (IN OUT UINT8 **DhContext) |
EFI_STATUS | IpSecCryptoIoGenerateRandomBytes (OUT UINT8 *OutBuffer, IN UINTN Bytes) |
VOID | IpSecCryptoIoAuthDataWithCertificate (IN UINT8 *InData, IN UINTN InDataSize, IN UINT8 *PrivateKey, IN UINTN PrivateKeySize, IN UINT8 *KeyPassWord, IN UINTN KeyPwdSize, OUT UINT8 **OutData, IN OUT UINTN *OutDataSize) |
BOOLEAN | IpSecCryptoIoVerifySignDataByCertificate (IN UINT8 *InCert, IN UINTN CertLen, IN UINT8 *InCa, IN UINTN CaLen, IN UINT8 *InData, IN UINTN InDataSize, IN UINT8 *Singnature, IN UINTN SigSize) |
EFI_STATUS | IpSecCryptoIoGetPublicKeyFromCert (IN UINT8 *InCert, IN UINTN CertLen, OUT UINT8 **PublicKey, OUT UINTN *PublicKeyLen) |
EFI_STATUS | IpSecCryptoIoGetSubjectFromCert (IN UINT8 *InCert, IN UINTN CertSize, OUT UINT8 **CertSubject, OUT UINTN *SubjectSize) |
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define IKE_AALG_NONE 0x00 |
Authentication Algorithm Definition The number value definition is aligned to IANA assignment
Referenced by IpSecCryptoIoHash(), and IpSecCryptoIoHmac().
#define IKE_AALG_NULL 0xFB |
Referenced by IpSecCryptoIoHash(), and IpSecCryptoIoHmac().
#define IKE_AALG_SHA1HMAC 0x02 |
Referenced by Ikev2GenerateCertificatePayload(), IpSecCryptoIoHash(), and IpSecCryptoIoHmac().
#define IKE_EALG_3DESCBC 0x03 |
Referenced by IpSecCryptoIoDecrypt(), and IpSecCryptoIoEncrypt().
#define IKE_EALG_AESCBC 0x0C |
Referenced by IpSecCryptoIoDecrypt(), and IpSecCryptoIoEncrypt().
#define IKE_EALG_NONE 0x00 |
Encryption Algorithm Definition The number value definition is aligned to IANA assignment
Referenced by IpSecCryptoIoDecrypt(), and IpSecCryptoIoEncrypt().
#define IKE_EALG_NULL 0x0B |
Referenced by IpSecCryptoIoDecrypt(), and IpSecCryptoIoEncrypt().
#define IPSEC_AUTH_ALGORITHM_LIST_SIZE 3 |
Referenced by IpSecGetHmacDigestLength(), IpSecGetIcvLength(), and IpSecGetIndexFromAuthList().
#define IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE 4 |
#define IPSEC_HASH_ALGORITHM_LIST_SIZE 3 |
typedef struct _AUTH_ALGORITHM AUTH_ALGORITHM |
typedef BOOLEAN(EFIAPI * CRYPTO_CIPHER_DECRYPT)(IN VOID *Context, IN CONST UINT8 *InData, IN UINTN InputSize, IN CONST UINT8 *Ivec, OUT UINT8 *OutData) |
Prototype of Cipher decryption. Decrypts cipher message with specified cipher.
If Context is NULL, then ASSERT(). if InData is NULL, then ASSERT(). If Size of input data is not a multiple of a certaion block size , then ASSERT().
[in] | Context | The specified Context. |
[in] | InData | The input ciphertext data to be decrypted. |
[in] | InputSize | The InData size. |
[in] | Ivec | Pointer to the Initial Vector data for decryption. |
[out] | OutData | The resultant decrypted plaintext. |
TRUE | Decryption successful. |
typedef BOOLEAN(EFIAPI * CRYPTO_CIPHER_ENCRYPT)(IN VOID *Context, IN CONST UINT8 *InData, IN UINTN InputSize, IN CONST UINT8 *Ivec, OUT UINT8 *OutData) |
Prototype of Cipher encryption. Encrypts plaintext message with the specified cipher.
If Context is NULL, then ASSERT(). if InData is NULL, then ASSERT(). If Size of input data is not multiple of Cipher algorithm related block size, then ASSERT().
[in] | Context | The specified Context. |
[in] | InData | The input plaintext data to be encrypted. |
[in] | InputSize | The size of input data. |
[in] | Ivec | Pointer to Initial Vector data for encryption. |
[out] | OutData | The resultant encrypted ciphertext. |
TRUE | Encryption successful. |
typedef UINTN(EFIAPI * CRYPTO_CIPHER_GETCONTEXTSIZE)(VOID) |
Prototype of Block Cipher GetContextSize.
Retrieves the size, in bytes, of the context buffer required.
typedef BOOLEAN(EFIAPI * CRYPTO_CIPHER_INIT)(IN OUT VOID *Context, IN CONST UINT8 *Key, IN UINTN KeyBits) |
Prototype of Block Cipher initiation. Intializes the user-supplied key as the specifed context (key materials) for both encryption and decryption operations.
If Context is NULL, then ASSERT(). If Key is NULL, then generate random key for usage.
[in,out] | Context | The specified Context. |
[in] | Key | User-supplied cipher key. |
[in] | KeyBits | Key length in bits. |
TRUE | Block Cipher Initialization was successful. |
typedef BOOLEAN(EFIAPI * CRYPTO_HASH_FINAL)(IN OUT VOID *Context, OUT UINT8 *HashValue) |
Prototype of Hash Finalization.
Completes computation of the digest value.
This function completes hash computation and retrieves the digest value into the specified memory. After this function has been called, the context cannot be used again. context should be already correctly intialized by HashInit(), and should not be finalized by HashFinal(). Behavior with invalid context is undefined.
If Context is NULL, then ASSERT(). If HashValue is NULL, then ASSERT().
[in,out] | Context | Pointer to the specified context. |
[out] | HashValue | Pointer to a buffer that receives the digest value. |
TRUE | digest computation succeeded. | |
FALSE | digest computation failed. |
typedef UINTN(EFIAPI * CRYPTO_HASH_GETCONTEXTSIZE)(VOID) |
Prototype of Hash ContextSize.
Retrieves the size, in bytes, of the context buffer required for specified hash operations.
typedef BOOLEAN(EFIAPI * CRYPTO_HASH_INIT)(OUT VOID *Context) |
Prototype of Hash Initiate.
Initializes user-supplied memory pointed by Context as specified hash context for subsequent use.
If Context is NULL, then ASSERT().
[out] | Context | Pointer to specified context being initialized. |
TRUE | context initialization succeeded. | |
FALSE | context initialization failed. |
typedef BOOLEAN(EFIAPI * CRYPTO_HASH_UPDATE)(IN OUT VOID *Context, IN CONST VOID *Data, IN UINTN DataSize) |
Prototype of Hash Update
Digests the input data and updates hash context.
This function performs digest on a data buffer of the specified size. It can be called multiple times to compute the digest of long or discontinuous data streams. Context should be already correctly intialized by HashInit(), and should not be finalized by HashFinal(). Behavior with invalid context is undefined.
If Context is NULL, then ASSERT().
[in,out] | Context | Pointer to the specified context. |
[in] | Data | Pointer to the buffer containing the data to be hashed. |
[in] | DataSize | Size of Data buffer in bytes. |
TRUE | data digest succeeded. | |
FALSE | data digest failed. |
typedef BOOLEAN(EFIAPI * CRYPTO_HMAC_FINAL)(IN OUT VOID *Context, OUT UINT8 *HmacValue) |
Prototype of HMAC finallization. Terminate a HMAC message digest operation and output the message digest.
If Context is NULL, then ASSERT(). If HashValue is NULL, then ASSERT().
[in,out] | Context | The specified Context. |
[out] | HmacValue | Pointer to a 16-byte message digest output buffer. |
TRUE | Finalized successfully. |
typedef UINTN(EFIAPI * CRYPTO_HMAC_GETCONTEXTSIZE)(VOID) |
Prototype of HMAC GetContextSize.
Retrieves the size, in bytes, of the context buffer required.
typedef BOOLEAN(EFIAPI * CRYPTO_HMAC_INIT)(OUT VOID *Context, IN CONST UINT8 *Key, IN UINTN KeySize) |
Prototype of HMAC Operation Initiating.
Initialization with a new context.
[out] | Context | Input Context. |
[in] | Key | Pointer to the key for HMAC. |
[in] | KeySize | The length of the Key in bytes. |
TRUE | Initialization Successfully. |
typedef BOOLEAN(EFIAPI * CRYPTO_HMAC_UPDATE)(IN OUT VOID *Context, IN CONST VOID *Data, IN UINTN DataLength) |
Prototype of HMAC update. HMAC update operation. Continue an HMAC message digest operation, processing another message block, and updating the HMAC context.
If Context is NULL, then ASSERT(). If Data is NULL, then ASSERT().
[in,out] | Context | The Specified Context. |
[in,out] | Data | The Input Data to be digested. |
[in] | DataLength | The length, in bytes, of Data. |
TRUE | Update data successfully. | |
FALSE | The Context has been finalized. |
typedef struct _ENCRYPT_ALGORITHM ENCRYPT_ALGORITHM |
typedef struct _HASH_ALGORITHM HASH_ALGORITHM |
VOID IpSecCryptoIoAuthDataWithCertificate | ( | IN UINT8 * | InData, | |
IN UINTN | InDataSize, | |||
IN UINT8 * | PrivateKey, | |||
IN UINTN | PrivateKeySize, | |||
IN UINT8 * | KeyPassWord, | |||
IN UINTN | KeyPwdSize, | |||
OUT UINT8 ** | OutData, | |||
IN OUT UINTN * | OutDataSize | |||
) |
Authenticate data with the certificate.
[in] | InData | Pointer to the Data to be signed. |
[in] | InDataSize | InData size in bytes. |
[in] | PrivateKey | Pointer to the private key. |
[in] | PrivateKeySize | The size of Private Key in bytes. |
[in] | KeyPassWord | Pointer to the password for retrieving private key. |
[in] | KeyPwdSize | The size of Key Password in bytes. |
[out] | OutData | The pointer to the signed data. |
[in,out] | OutDataSize | Pointer to contain the size of out data. |
Referenced by Ikev2CertGenerateAuthPayload().
EFI_STATUS IpSecCryptoIoDecrypt | ( | IN CONST UINT8 | AlgorithmId, | |
IN CONST UINT8 * | Key, | |||
IN CONST UINTN | KeyBits, | |||
IN CONST UINT8 * | Ivec, | |||
IN UINT8 * | InData, | |||
IN UINTN | InDataLength, | |||
OUT UINT8 * | OutData | |||
) |
Decrypts the buffer.
This function calls relevant Decryption interface from CryptoLib according to the input alogrithm ID. The InData should be multiple of block size. This function doesn't perform the padding. If it has the Ivec data, the length of it should be same with the block size. The block size is different from the different algorithm.
[in] | AlgorithmId | The Alogrithem identification defined in RFC. |
[in] | Key | Pointer to the buffer containing encrypting key. |
[in] | KeyBits | The length of the key in bits. |
[in] | Ivec | Point to the buffer containning the Initializeion Vector (IV) data. |
[in] | InData | Point to the buffer containing the data to be decrypted. |
[in] | InDataLength | The length of InData in Bytes. |
[out] | OutData | Pointer to the buffer that receives the decryption output. |
EFI_UNSUPPORTED | The input Algorithm is not supported. | |
EFI_OUT_OF_RESOURCE | The required resource can't be allocated. | |
EFI_SUCCESS | The operation completed successfully. |
References _ENCRYPT_ALGORITHM::CipherGetContextSize, IKE_EALG_3DESCBC, IKE_EALG_AESCBC, IKE_EALG_NONE, IKE_EALG_NULL, IpSecGetIndexFromEncList(), and mIpsecEncryptAlgorithmList.
Referenced by Ikev2DecryptPacket(), and IpSecEspInboundPacket().
EFI_STATUS IpSecCryptoIoDhComputeKey | ( | IN OUT UINT8 * | DhContext, | |
IN CONST UINT8 * | PeerPublicKey, | |||
IN UINTN | PeerPublicKeySize, | |||
OUT UINT8 * | Key, | |||
IN OUT UINTN * | KeySize | |||
) |
Generates exchanged common key.
Given peer's public key, this function computes the exchanged common key, based on its own context including value of prime modulus and random secret exponent.
[in,out] | DhContext | Pointer to the DH context. |
[in] | PeerPublicKey | Pointer to the peer's Public Key. |
[in] | PeerPublicKeySize | Size of peer's public key in bytes. |
[out] | Key | Pointer to the buffer to receive generated key. |
[in,out] | KeySize | For in, the size of Key buffer in bytes. For out, the size of data returned in Key buffer in bytes. |
EFI_SUCCESS | The operation perfoms successfully. | |
Otherwise | The operation is failed. |
Referenced by Ikev2GenerateSaDhComputeKey().
EFI_STATUS IpSecCryptoIoDhGetPublicKey | ( | IN OUT UINT8 ** | DhContext, | |
IN UINTN | Generator, | |||
IN UINTN | PrimeLength, | |||
IN CONST UINT8 * | Prime, | |||
OUT UINT8 * | PublicKey, | |||
IN OUT UINTN * | PublicKeySize | |||
) |
Generates the Diffie-Hellman public key.
This function first initiate a DHContext, then call the DhSetParameter() to set the prime and primelenght, at end call the DhGenerateKey() to generates random secret exponent, and computes the public key. The output returned via parameter PublicKey and PublicKeySize. DH context is updated accordingly. If the PublicKey buffer is too small to hold the public key, EFI_INVALID_PARAMETER is returned and PublicKeySize is set to the required buffer size to obtain the public key.
[in,out] | DhContext | Pointer to the DH context. |
[in] | Generator | Vlaue of generator. |
[in] | PrimeLength | Length in bits of prime to be generated. |
[in] | Prime | Pointer to the buffer to receive the generated prime number. |
[out] | PublicKey | Pointer to the buffer to receive generated public key. |
[in,out] | PublicKeySize | For in, the size of PublicKey buffer in bytes. For out, the size of data returned in PublicKey buffer in bytes. |
EFI_SUCCESS | The operation perfoms successfully. | |
Otherwise | The operation is failed. |
Referenced by Ikev2GenerateSaDhPublicKey().
EFI_STATUS IpSecCryptoIoEncrypt | ( | IN CONST UINT8 | AlgorithmId, | |
IN CONST UINT8 * | Key, | |||
IN CONST UINTN | KeyBits, | |||
IN CONST UINT8 * | Ivec, | |||
IN UINT8 * | InData, | |||
IN UINTN | InDataLength, | |||
OUT UINT8 * | OutData | |||
) |
Encrypt the buffer.
This function calls relevant encryption interface from CryptoLib according to the input alogrithm ID. The InData should be multiple of block size. This function doesn't perform the padding. If it has the Ivec data, the length of it should be same with the block size. The block size is different from the different algorithm.
[in] | AlgorithmId | The Alogrithem identification defined in RFC. |
[in] | Key | Pointer to the buffer containing encrypting key. |
[in] | KeyBits | The length of the key in bits. |
[in] | Ivec | Point to the buffer containning the Initializeion Vector (IV) data. |
[in] | InData | Point to the buffer containing the data to be encrypted. |
[in] | InDataLength | The length of InData in Bytes. |
[out] | OutData | Point to the buffer that receives the encryption output. |
EFI_UNSUPPORTED | The input Algorithm is not supported. | |
EFI_OUT_OF_RESOURCE | The required resource can't be allocated. | |
EFI_SUCCESS | The operation completed successfully. |
References _ENCRYPT_ALGORITHM::CipherGetContextSize, IKE_EALG_3DESCBC, IKE_EALG_AESCBC, IKE_EALG_NONE, IKE_EALG_NULL, IpSecGetIndexFromEncList(), and mIpsecEncryptAlgorithmList.
Referenced by Ikev2EncryptPacket(), and IpSecEspOutboundPacket().
EFI_STATUS IpSecCryptoIoFreeDh | ( | IN OUT UINT8 ** | DhContext | ) |
Releases the DH context. If DhContext is NULL, return EFI_INVALID_PARAMETER.
[in,out] | DhContext | Pointer to the DH context to be freed. |
EFI_SUCCESS | The operation perfoms successfully. | |
EFI_INVALID_PARAMETER | The DhContext is NULL. |
Referenced by Ikev2DhBufferFree().
EFI_STATUS IpSecCryptoIoGenerateRandomBytes | ( | OUT UINT8 * | OutBuffer, | |
IN UINTN | Bytes | |||
) |
Generates random numbers of specified size.
If the Random Generator wasn't initiated, initiate it first, then call RandomBytes.
[out] | OutBuffer | Pointer to buffer to receive random value. |
[in] | Bytes | Size of randome bytes to generate. |
EFI_SUCCESS | The operation perfoms successfully. | |
Otherwise | The operation is failed. |
References mInitialRandomSeed.
Referenced by IkeGenerateCookie(), IkeGenerateIv(), IkeGenerateNonce(), and IpSecGenerateIv().
EFI_STATUS IpSecCryptoIoGetPublicKeyFromCert | ( | IN UINT8 * | InCert, | |
IN UINTN | CertLen, | |||
OUT UINT8 ** | PublicKey, | |||
OUT UINTN * | PublicKeyLen | |||
) |
Retrieves the RSA Public Key from one X509 certificate (DER format only).
[in] | InCert | Pointer to the certificate. |
[in] | CertLen | The size of the certificate in bytes. |
[out] | PublicKey | Pointer to the retrieved public key. |
[out] | PublicKeyLen | Size of Public Key in bytes. |
EFI_SUCCESS | Successfully get the public Key. | |
EFI_INVALID_PARAMETER | The CA certificate is malformed. |
[in] | InCert | Pointer to the certificate. |
[in] | CertLen | The size of the certificate in bytes. |
[out] | PublicKey | Pointer to the retrieved public key. |
[out] | PublicKeyLen | Size of Public Key in bytes. |
EFI_SUCCESS | Successfully get the public Key. | |
EFI_INVALID_PARAMETER | The certificate is malformed. |
Referenced by Ikev2GenerateCertificatePayload().
EFI_STATUS IpSecCryptoIoGetSubjectFromCert | ( | IN UINT8 * | InCert, | |
IN UINTN | CertSize, | |||
OUT UINT8 ** | CertSubject, | |||
OUT UINTN * | SubjectSize | |||
) |
Retrieves the subject name from one X509 certificate (DER format only).
[in] | InCert | Pointer to the X509 certificate. |
[in] | CertSize | The size of the X509 certificate in bytes. |
[out] | CertSubject | Pointer to the retrieved certificate subject. |
[out] | SubjectSize | The size of Certificate Subject in bytes. |
EFI_SUCCESS | Retrieved the certificate subject successfully. | |
EFI_INVALID_PARAMETER | The certificate is malformed. |
Referenced by Ikev2GenerateCertIdPayload().
EFI_STATUS IpSecCryptoIoHash | ( | IN CONST UINT8 | AlgorithmId, | |
IN HASH_DATA_FRAGMENT * | InDataFragment, | |||
IN UINTN | FragmentCount, | |||
OUT UINT8 * | OutData, | |||
IN UINTN | OutDataSize | |||
) |
Digests the Payload and store the result into the OutData.
This function calls relevant Hash interface from CryptoLib according to the input alogrithm ID. It computes all datas from InDataFragment and output the result into the OutData buffer. If the OutDataSize is larger than the related Hash alogrithm output size, return EFI_INVALID_PARAMETER.
[in] | AlgorithmId | The authentication Identification. |
[in] | InDataFragment | A list contains all data to be authenticated. |
[in] | FragmentCount | The size of the InDataFragment. |
[out] | OutData | For in, the buffer to receive the output data. For out, the buffer contains the authenticated data. |
[in] | OutDataSize | The size of the buffer of OutData. |
EFI_UNSUPPORTED | If the AuthAlg is not in the support list. | |
EFI_SUCCESS | Authenticated the payload successfully. | |
EFI_INVALID_PARAMETER | If the OutDataSize is larger than the related Hash algorithm could handle. | |
otherwise | Authentication of the payload failed. |
References _HASH_ALGORITHM::HashGetContextSize, IKE_AALG_NONE, IKE_AALG_NULL, IKE_AALG_SHA1HMAC, IpSecGetHmacDigestLength(), IpSecGetIndexFromAuthList(), and mIpsecHashAlgorithmList.
Referenced by Ikev2CertGenerateAuthPayload(), and Ikev2GenerateCertificatePayload().
EFI_STATUS IpSecCryptoIoHmac | ( | IN CONST UINT8 | AlgorithmId, | |
IN CONST UINT8 * | Key, | |||
IN UINTN | KeyLength, | |||
IN HASH_DATA_FRAGMENT * | InDataFragment, | |||
IN UINTN | FragmentCount, | |||
OUT UINT8 * | OutData, | |||
IN UINTN | OutDataSize | |||
) |
Digests the Payload with key and store the result into the OutData.
This function calls relevant Hmac interface from CryptoLib according to the input alogrithm ID. It computes all datas from InDataFragment and output the result into the OutData buffer. If the OutDataSize is larger than the related HMAC alogrithm output size, return EFI_INVALID_PARAMETER.
[in] | AlgorithmId | The authentication Identification. |
[in] | Key | Pointer of the authentication key. |
[in] | KeyLength | The length of the Key in bytes. |
[in] | InDataFragment | The list contains all data to be authenticated. |
[in] | FragmentCount | The size of the InDataFragment. |
[out] | OutData | For in, the buffer to receive the output data. For out, the buffer contains the authenticated data. |
[in] | OutDataSize | The size of the buffer of OutData. |
EFI_UNSUPPORTED | If the AuthAlg is not in the support list. | |
EFI_INVALID_PARAMETER | The OutData buffer size is larger than algorithm digest size. | |
EFI_SUCCESS | Authenticate the payload successfully. | |
otherwise | Authentication of the payload fails. |
References _AUTH_ALGORITHM::HmacGetContextSize, IKE_AALG_NONE, IKE_AALG_NULL, IKE_AALG_SHA1HMAC, IpSecGetHmacDigestLength(), IpSecGetIndexFromAuthList(), and mIpsecAuthAlgorithmList.
Referenced by Ikev2CertGenerateAuthPayload(), Ikev2DecryptPacket(), Ikev2EncryptPacket(), Ikev2GenerateSaKeys(), Ikev2PskGenerateAuthPayload(), Ikev2SaGenerateKey(), IpSecEspAuthVerifyPayload(), and IpSecEspOutboundPacket().
BOOLEAN IpSecCryptoIoVerifySignDataByCertificate | ( | IN UINT8 * | InCert, | |
IN UINTN | CertLen, | |||
IN UINT8 * | InCa, | |||
IN UINTN | CaLen, | |||
IN UINT8 * | InData, | |||
IN UINTN | InDataSize, | |||
IN UINT8 * | Singnature, | |||
IN UINTN | SigSize | |||
) |
Verify the singed data with the public key which is contained in a certificate.
[in] | InCert | Pointer to the Certificate which contains the public key. |
[in] | CertLen | The size of Certificate in bytes. |
[in] | InCa | Pointer to the CA certificate |
[in] | CaLen | The size of CA certificate in bytes. |
[in] | InData | Pointer to octect message hash to be checked. |
[in] | InDataSize | Size of the message hash in bytes. |
[in] | Singnature | The pointer to the RSA PKCS1-V1_5 signature to be verifed. |
[in] | SigSize | Size of signature in bytes. |
TRUE | Valid signature encoded in PKCS1-v1_5. | |
FALSE | Invalid signature or invalid RSA context. |
Referenced by Ikev2AuthCertParser().
EFI_STATUS IpSecGenerateIv | ( | IN UINT8 * | IvBuffer, | |
IN UINTN | IvSize | |||
) |
Generate a random data for IV. If the IvSize is zero, not needed to create IV and return EFI_SUCCESS.
[in] | IvBuffer | The pointer of the IV buffer. |
[in] | IvSize | The IV size in bytes. |
EFI_SUCCESS | Create random data for IV. |
[in] | IvBuffer | The pointer of the IV buffer. |
[in] | IvSize | The IV size in bytes. |
EFI_SUCCESS | Create a random data for IV. |
References IpSecCryptoIoGenerateRandomBytes().
Referenced by IpSecEspOutboundPacket().
UINTN IpSecGetEncryptBlockSize | ( | IN UINT8 | AlgorithmId | ) |
Get the block size of specified encryption alogrithm.
[in] | AlgorithmId | The encryption algorithm ID. |
References _ENCRYPT_ALGORITHM::BlockSize, IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE, and mIpsecEncryptAlgorithmList.
Referenced by Ikev2DecryptPacket(), Ikev2EncryptPacket(), IpSecEspInboundPacket(), and IpSecEspOutboundPacket().
UINTN IpSecGetEncryptIvLength | ( | IN UINT8 | AlgorithmId | ) |
Get the IV size of specified encryption alogrithm.
[in] | AlgorithmId | The encryption algorithm ID. |
[in] | AlgorithmId | The encryption algorithm ID. |
References IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE, _ENCRYPT_ALGORITHM::IvLength, and mIpsecEncryptAlgorithmList.
Referenced by IpSecEspInboundPacket(), and IpSecEspOutboundPacket().
UINTN IpSecGetEncryptKeyLength | ( | IN UINT8 | AlgorithmId | ) |
Get the required key length of the specified encryption alogrithm.
[in] | AlgorithmId | The encryption algorithm ID. |
[in] | AlgorithmId | The encryption algorithm ID. |
References IPSEC_ENCRYPT_ALGORITHM_LIST_SIZE, _ENCRYPT_ALGORITHM::KeyLength, and mIpsecEncryptAlgorithmList.
Referenced by Ikev2GenerateChildSaKeys(), Ikev2GenerateSaKeys(), Ikev2InitializeSaData(), and Ikev2ParseProposalData().
UINTN IpSecGetHmacDigestLength | ( | IN UINT8 | AlgorithmId | ) |
Get the HMAC digest length by the specified Algorithm ID.
[in] | AlgorithmId | The specified Alogrithm ID. |
References _AUTH_ALGORITHM::DigestLength, IPSEC_AUTH_ALGORITHM_LIST_SIZE, and mIpsecAuthAlgorithmList.
Referenced by Ikev2CertGenerateAuthPayload(), Ikev2GenerateCertificatePayload(), Ikev2GenerateChildSaKeys(), Ikev2GenerateSaKeys(), Ikev2PskGenerateAuthPayload(), Ikev2SaGenerateKey(), IpSecCryptoIoHash(), and IpSecCryptoIoHmac().
UINTN IpSecGetIcvLength | ( | IN UINT8 | AlgorithmId | ) |
Get the ICV size of the specified Authenticaion alogrithm.
[in] | AlgorithmId | The Authentication algorithm ID. |
References _AUTH_ALGORITHM::IcvLength, IPSEC_AUTH_ALGORITHM_LIST_SIZE, and mIpsecAuthAlgorithmList.
Referenced by Ikev2DecryptPacket(), Ikev2EncryptPacket(), IpSecEspInboundPacket(), and IpSecEspOutboundPacket().