1*91676d66SBernhard Stoeckner /** 2*91676d66SBernhard Stoeckner * Copyright Notice: 3*91676d66SBernhard Stoeckner * Copyright 2021-2022 DMTF. All rights reserved. 4*91676d66SBernhard Stoeckner * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md 5*91676d66SBernhard Stoeckner **/ 6*91676d66SBernhard Stoeckner 7*91676d66SBernhard Stoeckner #ifndef CRYPTLIB_EXT_H 8*91676d66SBernhard Stoeckner #define CRYPTLIB_EXT_H 9*91676d66SBernhard Stoeckner 10*91676d66SBernhard Stoeckner #include "hal/base.h" 11*91676d66SBernhard Stoeckner #include "hal/library/cryptlib.h" 12*91676d66SBernhard Stoeckner 13*91676d66SBernhard Stoeckner /** 14*91676d66SBernhard Stoeckner * Retrieve the common name (CN) string from one X.509 certificate. 15*91676d66SBernhard Stoeckner * 16*91676d66SBernhard Stoeckner * @param[in] cert Pointer to the DER-encoded X509 certificate. 17*91676d66SBernhard Stoeckner * @param[in] cert_size Size of the X509 certificate in bytes. 18*91676d66SBernhard Stoeckner * @param[out] common_name Buffer to contain the retrieved certificate common 19*91676d66SBernhard Stoeckner * name string (UTF8). At most common_name_size bytes will be 20*91676d66SBernhard Stoeckner * written and the string will be null terminated. May be 21*91676d66SBernhard Stoeckner * NULL in order to determine the size buffer needed. 22*91676d66SBernhard Stoeckner * @param[in,out] common_name_size The size in bytes of the common_name buffer on input, 23*91676d66SBernhard Stoeckner * and the size of buffer returned common_name on output. 24*91676d66SBernhard Stoeckner * If common_name is NULL then the amount of space needed 25*91676d66SBernhard Stoeckner * in buffer (including the final null) is returned. 26*91676d66SBernhard Stoeckner * 27*91676d66SBernhard Stoeckner * @retval true 28*91676d66SBernhard Stoeckner * @retval false 29*91676d66SBernhard Stoeckner **/ 30*91676d66SBernhard Stoeckner extern bool libspdm_x509_get_common_name(const uint8_t *cert, size_t cert_size, 31*91676d66SBernhard Stoeckner char *common_name, 32*91676d66SBernhard Stoeckner size_t *common_name_size); 33*91676d66SBernhard Stoeckner 34*91676d66SBernhard Stoeckner /** 35*91676d66SBernhard Stoeckner * Retrieve the organization name (O) string from one X.509 certificate. 36*91676d66SBernhard Stoeckner * 37*91676d66SBernhard Stoeckner * @param[in] cert Pointer to the DER-encoded X509 certificate. 38*91676d66SBernhard Stoeckner * @param[in] cert_size Size of the X509 certificate in bytes. 39*91676d66SBernhard Stoeckner * @param[out] name_buffer Buffer to contain the retrieved certificate organization 40*91676d66SBernhard Stoeckner * name string. At most name_buffer_size bytes will be 41*91676d66SBernhard Stoeckner * written and the string will be null terminated. May be 42*91676d66SBernhard Stoeckner * NULL in order to determine the size buffer needed. 43*91676d66SBernhard Stoeckner * @param[in,out] name_buffer_size The size in bytes of the name buffer on input, 44*91676d66SBernhard Stoeckner * and the size of buffer returned name on output. 45*91676d66SBernhard Stoeckner * If name_buffer is NULL then the amount of space needed 46*91676d66SBernhard Stoeckner * in buffer (including the final null) is returned. 47*91676d66SBernhard Stoeckner * 48*91676d66SBernhard Stoeckner * @retval true 49*91676d66SBernhard Stoeckner * @retval false 50*91676d66SBernhard Stoeckner **/ 51*91676d66SBernhard Stoeckner extern bool libspdm_x509_get_organization_name(const uint8_t *cert, size_t cert_size, 52*91676d66SBernhard Stoeckner char *name_buffer, 53*91676d66SBernhard Stoeckner size_t *name_buffer_size); 54*91676d66SBernhard Stoeckner 55*91676d66SBernhard Stoeckner /** 56*91676d66SBernhard Stoeckner * Retrieve the issuer common name (CN) string from one X.509 certificate. 57*91676d66SBernhard Stoeckner * 58*91676d66SBernhard Stoeckner * @param[in] cert Pointer to the DER-encoded X509 certificate. 59*91676d66SBernhard Stoeckner * @param[in] cert_size Size of the X509 certificate in bytes. 60*91676d66SBernhard Stoeckner * @param[out] common_name Buffer to contain the retrieved certificate issuer common 61*91676d66SBernhard Stoeckner * name string. At most common_name_size bytes will be 62*91676d66SBernhard Stoeckner * written and the string will be null terminated. May be 63*91676d66SBernhard Stoeckner * NULL in order to determine the size buffer needed. 64*91676d66SBernhard Stoeckner * @param[in,out] common_name_size The size in bytes of the common_name buffer on input, 65*91676d66SBernhard Stoeckner * and the size of buffer returned common_name on output. 66*91676d66SBernhard Stoeckner * If common_name is NULL then the amount of space needed 67*91676d66SBernhard Stoeckner * in buffer (including the final null) is returned. 68*91676d66SBernhard Stoeckner * 69*91676d66SBernhard Stoeckner * @retval true 70*91676d66SBernhard Stoeckner * @retval false 71*91676d66SBernhard Stoeckner **/ 72*91676d66SBernhard Stoeckner extern bool libspdm_x509_get_issuer_common_name(const uint8_t *cert, size_t cert_size, 73*91676d66SBernhard Stoeckner char *common_name, 74*91676d66SBernhard Stoeckner size_t *common_name_size); 75*91676d66SBernhard Stoeckner 76*91676d66SBernhard Stoeckner /** 77*91676d66SBernhard Stoeckner * Retrieve the issuer organization name (O) string from one X.509 certificate. 78*91676d66SBernhard Stoeckner * 79*91676d66SBernhard Stoeckner * @param[in] cert Pointer to the DER-encoded X509 certificate. 80*91676d66SBernhard Stoeckner * @param[in] cert_size Size of the X509 certificate in bytes. 81*91676d66SBernhard Stoeckner * @param[out] name_buffer Buffer to contain the retrieved certificate issuer organization 82*91676d66SBernhard Stoeckner * name string. At most name_buffer_size bytes will be 83*91676d66SBernhard Stoeckner * written and the string will be null terminated. May be 84*91676d66SBernhard Stoeckner * NULL in order to determine the size buffer needed. 85*91676d66SBernhard Stoeckner * @param[in,out] name_buffer_size The size in bytes of the name buffer on input, 86*91676d66SBernhard Stoeckner * and the size of buffer returned name on output. 87*91676d66SBernhard Stoeckner * If name_buffer is NULL then the amount of space needed 88*91676d66SBernhard Stoeckner * in buffer (including the final null) is returned. 89*91676d66SBernhard Stoeckner * 90*91676d66SBernhard Stoeckner * @retval true 91*91676d66SBernhard Stoeckner * @retval false 92*91676d66SBernhard Stoeckner **/ 93*91676d66SBernhard Stoeckner extern bool libspdm_x509_get_issuer_orgnization_name(const uint8_t *cert, size_t cert_size, 94*91676d66SBernhard Stoeckner char *name_buffer, 95*91676d66SBernhard Stoeckner size_t *name_buffer_size); 96*91676d66SBernhard Stoeckner 97*91676d66SBernhard Stoeckner /** 98*91676d66SBernhard Stoeckner * Retrieve the signature algorithm from one X.509 certificate. 99*91676d66SBernhard Stoeckner * 100*91676d66SBernhard Stoeckner * @param[in] cert Pointer to the DER-encoded X509 certificate. 101*91676d66SBernhard Stoeckner * @param[in] cert_size Size of the X509 certificate in bytes. 102*91676d66SBernhard Stoeckner * @param[out] oid Signature algorithm Object identifier buffer. 103*91676d66SBernhard Stoeckner * @param[in,out] oid_size Signature algorithm Object identifier buffer size. 104*91676d66SBernhard Stoeckner * 105*91676d66SBernhard Stoeckner * @retval true 106*91676d66SBernhard Stoeckner * @retval false 107*91676d66SBernhard Stoeckner **/ 108*91676d66SBernhard Stoeckner extern bool libspdm_x509_get_signature_algorithm(const uint8_t *cert, 109*91676d66SBernhard Stoeckner size_t cert_size, uint8_t *oid, 110*91676d66SBernhard Stoeckner size_t *oid_size); 111*91676d66SBernhard Stoeckner 112*91676d66SBernhard Stoeckner /** 113*91676d66SBernhard Stoeckner * Construct a X509 object from DER-encoded certificate data. 114*91676d66SBernhard Stoeckner * 115*91676d66SBernhard Stoeckner * If cert is NULL, then return false. 116*91676d66SBernhard Stoeckner * If single_x509_cert is NULL, then return false. 117*91676d66SBernhard Stoeckner * If this interface is not supported, then return false. 118*91676d66SBernhard Stoeckner * 119*91676d66SBernhard Stoeckner * @param[in] cert Pointer to the DER-encoded certificate data. 120*91676d66SBernhard Stoeckner * @param[in] cert_size The size of certificate data in bytes. 121*91676d66SBernhard Stoeckner * @param[out] single_x509_cert The generated X509 object. 122*91676d66SBernhard Stoeckner * 123*91676d66SBernhard Stoeckner * @retval true The X509 object generation succeeded. 124*91676d66SBernhard Stoeckner * @retval false The operation failed. 125*91676d66SBernhard Stoeckner * @retval false This interface is not supported. 126*91676d66SBernhard Stoeckner **/ 127*91676d66SBernhard Stoeckner extern bool libspdm_x509_construct_certificate(const uint8_t *cert, size_t cert_size, 128*91676d66SBernhard Stoeckner uint8_t **single_x509_cert); 129*91676d66SBernhard Stoeckner 130*91676d66SBernhard Stoeckner /** 131*91676d66SBernhard Stoeckner * Construct a X509 stack object from a list of DER-encoded certificate data. 132*91676d66SBernhard Stoeckner * 133*91676d66SBernhard Stoeckner * If x509_stack is NULL, then return false. 134*91676d66SBernhard Stoeckner * If this interface is not supported, then return false. 135*91676d66SBernhard Stoeckner * 136*91676d66SBernhard Stoeckner * @param[in, out] x509_stack On input, pointer to an existing or NULL X509 stack object. 137*91676d66SBernhard Stoeckner * On output, pointer to the X509 stack object with new 138*91676d66SBernhard Stoeckner * inserted X509 certificate. 139*91676d66SBernhard Stoeckner * @param ... A list of DER-encoded single certificate data followed 140*91676d66SBernhard Stoeckner * by certificate size. A NULL terminates the list. The 141*91676d66SBernhard Stoeckner * pairs are the arguments to libspdm_x509_construct_certificate(). 142*91676d66SBernhard Stoeckner * 143*91676d66SBernhard Stoeckner * @retval true The X509 stack construction succeeded. 144*91676d66SBernhard Stoeckner * @retval false The construction operation failed. 145*91676d66SBernhard Stoeckner * @retval false This interface is not supported. 146*91676d66SBernhard Stoeckner **/ 147*91676d66SBernhard Stoeckner extern bool libspdm_x509_construct_certificate_stack(uint8_t **x509_stack, ...); 148*91676d66SBernhard Stoeckner 149*91676d66SBernhard Stoeckner /** 150*91676d66SBernhard Stoeckner * Release the specified X509 object. 151*91676d66SBernhard Stoeckner * 152*91676d66SBernhard Stoeckner * If the interface is not supported, then ASSERT(). 153*91676d66SBernhard Stoeckner * 154*91676d66SBernhard Stoeckner * @param[in] x509_cert Pointer to the X509 object to be released. 155*91676d66SBernhard Stoeckner **/ 156*91676d66SBernhard Stoeckner extern void libspdm_x509_free(void *x509_cert); 157*91676d66SBernhard Stoeckner 158*91676d66SBernhard Stoeckner /** 159*91676d66SBernhard Stoeckner * Release the specified X509 stack object. 160*91676d66SBernhard Stoeckner * 161*91676d66SBernhard Stoeckner * If the interface is not supported, then ASSERT(). 162*91676d66SBernhard Stoeckner * 163*91676d66SBernhard Stoeckner * @param[in] x509_stack Pointer to the X509 stack object to be released. 164*91676d66SBernhard Stoeckner **/ 165*91676d66SBernhard Stoeckner extern void libspdm_x509_stack_free(void *x509_stack); 166*91676d66SBernhard Stoeckner 167*91676d66SBernhard Stoeckner /** 168*91676d66SBernhard Stoeckner * Retrieve the TBSCertificate from one given X.509 certificate. 169*91676d66SBernhard Stoeckner * 170*91676d66SBernhard Stoeckner * @param[in] cert Pointer to the given DER-encoded X509 certificate. 171*91676d66SBernhard Stoeckner * @param[in] cert_size size of the X509 certificate in bytes. 172*91676d66SBernhard Stoeckner * @param[out] tbs_cert DER-Encoded to-Be-Signed certificate. 173*91676d66SBernhard Stoeckner * @param[out] tbs_cert_size size of the TBS certificate in bytes. 174*91676d66SBernhard Stoeckner * 175*91676d66SBernhard Stoeckner * If cert is NULL, then return false. 176*91676d66SBernhard Stoeckner * If tbs_cert is NULL, then return false. 177*91676d66SBernhard Stoeckner * If tbs_cert_size is NULL, then return false. 178*91676d66SBernhard Stoeckner * If this interface is not supported, then return false. 179*91676d66SBernhard Stoeckner * 180*91676d66SBernhard Stoeckner * @retval true The TBSCertificate was retrieved successfully. 181*91676d66SBernhard Stoeckner * @retval false Invalid X.509 certificate. 182*91676d66SBernhard Stoeckner **/ 183*91676d66SBernhard Stoeckner extern bool libspdm_x509_get_tbs_cert(const uint8_t *cert, size_t cert_size, 184*91676d66SBernhard Stoeckner uint8_t **tbs_cert, size_t *tbs_cert_size); 185*91676d66SBernhard Stoeckner 186*91676d66SBernhard Stoeckner /** 187*91676d66SBernhard Stoeckner * Retrieve the RSA Private key from the password-protected PEM key data. 188*91676d66SBernhard Stoeckner * 189*91676d66SBernhard Stoeckner * If pem_data is NULL, then return false. 190*91676d66SBernhard Stoeckner * If rsa_context is NULL, then return false. 191*91676d66SBernhard Stoeckner * If this interface is not supported, then return false. 192*91676d66SBernhard Stoeckner * 193*91676d66SBernhard Stoeckner * @param[in] pem_data Pointer to the PEM-encoded key data to be retrieved. 194*91676d66SBernhard Stoeckner * @param[in] pem_size Size of the PEM key data in bytes. 195*91676d66SBernhard Stoeckner * @param[in] password NULL-terminated passphrase used for encrypted PEM key data. 196*91676d66SBernhard Stoeckner * @param[out] rsa_context Pointer to newly generated RSA context which contain the retrieved 197*91676d66SBernhard Stoeckner * RSA private key component. Use libspdm_rsa_free() function to free the 198*91676d66SBernhard Stoeckner * resource. 199*91676d66SBernhard Stoeckner * 200*91676d66SBernhard Stoeckner * @retval true RSA Private key was retrieved successfully. 201*91676d66SBernhard Stoeckner * @retval false Invalid PEM key data or incorrect password. 202*91676d66SBernhard Stoeckner * @retval false This interface is not supported. 203*91676d66SBernhard Stoeckner **/ 204*91676d66SBernhard Stoeckner extern bool libspdm_rsa_get_private_key_from_pem(const uint8_t *pem_data, 205*91676d66SBernhard Stoeckner size_t pem_size, 206*91676d66SBernhard Stoeckner const char *password, 207*91676d66SBernhard Stoeckner void **rsa_context); 208*91676d66SBernhard Stoeckner 209*91676d66SBernhard Stoeckner #if (LIBSPDM_RSA_SSA_SUPPORT) || (LIBSPDM_RSA_PSS_SUPPORT) 210*91676d66SBernhard Stoeckner /** 211*91676d66SBernhard Stoeckner * Gets the tag-designated RSA key component from the established RSA context. 212*91676d66SBernhard Stoeckner * 213*91676d66SBernhard Stoeckner * This function retrieves the tag-designated RSA key component from the 214*91676d66SBernhard Stoeckner * established RSA context as a non-negative integer (octet string format 215*91676d66SBernhard Stoeckner * represented in RSA PKCS#1). 216*91676d66SBernhard Stoeckner * If specified key component has not been set or has been cleared, then returned 217*91676d66SBernhard Stoeckner * bn_size is set to 0. 218*91676d66SBernhard Stoeckner * If the big_number buffer is too small to hold the contents of the key, false 219*91676d66SBernhard Stoeckner * is returned and bn_size is set to the required buffer size to obtain the key. 220*91676d66SBernhard Stoeckner * 221*91676d66SBernhard Stoeckner * If rsa_context is NULL, then return false. 222*91676d66SBernhard Stoeckner * If bn_size is NULL, then return false. 223*91676d66SBernhard Stoeckner * If bn_size is large enough but big_number is NULL, then return false. 224*91676d66SBernhard Stoeckner * If this interface is not supported, then return false. 225*91676d66SBernhard Stoeckner * 226*91676d66SBernhard Stoeckner * @param[in, out] rsa_context Pointer to RSA context being set. 227*91676d66SBernhard Stoeckner * @param[in] key_tag Tag of RSA key component being set. 228*91676d66SBernhard Stoeckner * @param[out] big_number Pointer to octet integer buffer. 229*91676d66SBernhard Stoeckner * @param[in, out] bn_size On input, the size of big number buffer in bytes. 230*91676d66SBernhard Stoeckner * On output, the size of data returned in big number buffer in bytes. 231*91676d66SBernhard Stoeckner * 232*91676d66SBernhard Stoeckner * @retval true RSA key component was retrieved successfully. 233*91676d66SBernhard Stoeckner * @retval false Invalid RSA key component tag. 234*91676d66SBernhard Stoeckner * @retval false bn_size is too small. 235*91676d66SBernhard Stoeckner * @retval false This interface is not supported. 236*91676d66SBernhard Stoeckner **/ 237*91676d66SBernhard Stoeckner extern bool libspdm_rsa_get_key(void *rsa_context, const libspdm_rsa_key_tag_t key_tag, 238*91676d66SBernhard Stoeckner uint8_t *big_number, size_t *bn_size); 239*91676d66SBernhard Stoeckner 240*91676d66SBernhard Stoeckner /** 241*91676d66SBernhard Stoeckner * Validates key components of RSA context. 242*91676d66SBernhard Stoeckner * NOTE: This function performs integrity checks on all the RSA key material, so 243*91676d66SBernhard Stoeckner * the RSA key structure must contain all the private key data. 244*91676d66SBernhard Stoeckner * 245*91676d66SBernhard Stoeckner * This function validates key components of RSA context in following aspects: 246*91676d66SBernhard Stoeckner * - Whether p is a prime 247*91676d66SBernhard Stoeckner * - Whether q is a prime 248*91676d66SBernhard Stoeckner * - Whether n = p * q 249*91676d66SBernhard Stoeckner * - Whether d*e = 1 mod lcm(p-1,q-1) 250*91676d66SBernhard Stoeckner * 251*91676d66SBernhard Stoeckner * If rsa_context is NULL, then return false. 252*91676d66SBernhard Stoeckner * If this interface is not supported, then return false. 253*91676d66SBernhard Stoeckner * 254*91676d66SBernhard Stoeckner * @param[in] rsa_context Pointer to RSA context to check. 255*91676d66SBernhard Stoeckner * 256*91676d66SBernhard Stoeckner * @retval true RSA key components are valid. 257*91676d66SBernhard Stoeckner * @retval false RSA key components are not valid. 258*91676d66SBernhard Stoeckner * @retval false This interface is not supported. 259*91676d66SBernhard Stoeckner **/ 260*91676d66SBernhard Stoeckner extern bool libspdm_rsa_check_key(void *rsa_context); 261*91676d66SBernhard Stoeckner 262*91676d66SBernhard Stoeckner /** 263*91676d66SBernhard Stoeckner * Generates RSA key components. 264*91676d66SBernhard Stoeckner * 265*91676d66SBernhard Stoeckner * This function generates RSA key components. It takes RSA public exponent E and 266*91676d66SBernhard Stoeckner * length in bits of RSA modulus N as input, and generates all key components. 267*91676d66SBernhard Stoeckner * If public_exponent is NULL, the default RSA public exponent (0x10001) will be used. 268*91676d66SBernhard Stoeckner * 269*91676d66SBernhard Stoeckner * If rsa_context is NULL, then return false. 270*91676d66SBernhard Stoeckner * If this interface is not supported, then return false. 271*91676d66SBernhard Stoeckner * 272*91676d66SBernhard Stoeckner * @param[in, out] rsa_context Pointer to RSA context being set. 273*91676d66SBernhard Stoeckner * @param[in] modulus_length Length of RSA modulus N in bits. 274*91676d66SBernhard Stoeckner * @param[in] public_exponent Pointer to RSA public exponent. 275*91676d66SBernhard Stoeckner * @param[in] public_exponent_size Size of RSA public exponent buffer in bytes. 276*91676d66SBernhard Stoeckner * 277*91676d66SBernhard Stoeckner * @retval true RSA key component was generated successfully. 278*91676d66SBernhard Stoeckner * @retval false Invalid RSA key component tag. 279*91676d66SBernhard Stoeckner * @retval false This interface is not supported. 280*91676d66SBernhard Stoeckner **/ 281*91676d66SBernhard Stoeckner extern bool libspdm_rsa_generate_key(void *rsa_context, size_t modulus_length, 282*91676d66SBernhard Stoeckner const uint8_t *public_exponent, 283*91676d66SBernhard Stoeckner size_t public_exponent_size); 284*91676d66SBernhard Stoeckner #endif /* (LIBSPDM_RSA_SSA_SUPPORT) || (LIBSPDM_RSA_PSS_SUPPORT) */ 285*91676d66SBernhard Stoeckner 286*91676d66SBernhard Stoeckner /** 287*91676d66SBernhard Stoeckner * Retrieve the EC Private key from the password-protected PEM key data. 288*91676d66SBernhard Stoeckner * 289*91676d66SBernhard Stoeckner * @param[in] pem_data Pointer to the PEM-encoded key data to be retrieved. 290*91676d66SBernhard Stoeckner * @param[in] pem_size Size of the PEM key data in bytes. 291*91676d66SBernhard Stoeckner * @param[in] password NULL-terminated passphrase used for encrypted PEM key data. 292*91676d66SBernhard Stoeckner * @param[out] ec_context Pointer to newly generated EC DSA context which contain the retrieved 293*91676d66SBernhard Stoeckner * EC private key component. Use libspdm_ec_free() function to free the 294*91676d66SBernhard Stoeckner * resource. 295*91676d66SBernhard Stoeckner * 296*91676d66SBernhard Stoeckner * If pem_data is NULL, then return false. 297*91676d66SBernhard Stoeckner * If ec_context is NULL, then return false. 298*91676d66SBernhard Stoeckner * 299*91676d66SBernhard Stoeckner * @retval true EC Private key was retrieved successfully. 300*91676d66SBernhard Stoeckner * @retval false Invalid PEM key data or incorrect password. 301*91676d66SBernhard Stoeckner * 302*91676d66SBernhard Stoeckner **/ 303*91676d66SBernhard Stoeckner extern bool libspdm_ec_get_private_key_from_pem(const uint8_t *pem_data, size_t pem_size, 304*91676d66SBernhard Stoeckner const char *password, 305*91676d66SBernhard Stoeckner void **ec_context); 306*91676d66SBernhard Stoeckner 307*91676d66SBernhard Stoeckner /** 308*91676d66SBernhard Stoeckner * Retrieve the Ed Private key from the password-protected PEM key data. 309*91676d66SBernhard Stoeckner * 310*91676d66SBernhard Stoeckner * @param[in] pem_data Pointer to the PEM-encoded key data to be retrieved. 311*91676d66SBernhard Stoeckner * @param[in] pem_size Size of the PEM key data in bytes. 312*91676d66SBernhard Stoeckner * @param[in] password NULL-terminated passphrase used for encrypted PEM key data. 313*91676d66SBernhard Stoeckner * @param[out] ecd_context Pointer to newly generated Ed DSA context which contain the retrieved 314*91676d66SBernhard Stoeckner * Ed private key component. Use libspdm_ecd_free() function to free the 315*91676d66SBernhard Stoeckner * resource. 316*91676d66SBernhard Stoeckner * 317*91676d66SBernhard Stoeckner * If pem_data is NULL, then return false. 318*91676d66SBernhard Stoeckner * If ecd_context is NULL, then return false. 319*91676d66SBernhard Stoeckner * 320*91676d66SBernhard Stoeckner * @retval true Ed Private key was retrieved successfully. 321*91676d66SBernhard Stoeckner * @retval false Invalid PEM key data or incorrect password. 322*91676d66SBernhard Stoeckner **/ 323*91676d66SBernhard Stoeckner extern bool libspdm_ecd_get_private_key_from_pem(const uint8_t *pem_data, 324*91676d66SBernhard Stoeckner size_t pem_size, 325*91676d66SBernhard Stoeckner const char *password, 326*91676d66SBernhard Stoeckner void **ecd_context); 327*91676d66SBernhard Stoeckner 328*91676d66SBernhard Stoeckner /** 329*91676d66SBernhard Stoeckner * Retrieve the sm2 Private key from the password-protected PEM key data. 330*91676d66SBernhard Stoeckner * 331*91676d66SBernhard Stoeckner * @param[in] pem_data Pointer to the PEM-encoded key data to be retrieved. 332*91676d66SBernhard Stoeckner * @param[in] pem_size Size of the PEM key data in bytes. 333*91676d66SBernhard Stoeckner * @param[in] password NULL-terminated passphrase used for encrypted PEM key data. 334*91676d66SBernhard Stoeckner * @param[out] sm2_context Pointer to newly generated sm2 context which contain the retrieved 335*91676d66SBernhard Stoeckner * sm2 private key component. Use sm2_free() function to free the 336*91676d66SBernhard Stoeckner * resource. 337*91676d66SBernhard Stoeckner * 338*91676d66SBernhard Stoeckner * If pem_data is NULL, then return false. 339*91676d66SBernhard Stoeckner * If sm2_context is NULL, then return false. 340*91676d66SBernhard Stoeckner * 341*91676d66SBernhard Stoeckner * @retval true sm2 Private key was retrieved successfully. 342*91676d66SBernhard Stoeckner * @retval false Invalid PEM key data or incorrect password. 343*91676d66SBernhard Stoeckner * 344*91676d66SBernhard Stoeckner **/ 345*91676d66SBernhard Stoeckner extern bool libspdm_sm2_get_private_key_from_pem(const uint8_t *pem_data, 346*91676d66SBernhard Stoeckner size_t pem_size, 347*91676d66SBernhard Stoeckner const char *password, 348*91676d66SBernhard Stoeckner void **sm2_context); 349*91676d66SBernhard Stoeckner 350*91676d66SBernhard Stoeckner /** 351*91676d66SBernhard Stoeckner * Derive key data using HMAC-SHA256 based KDF. 352*91676d66SBernhard Stoeckner * 353*91676d66SBernhard Stoeckner * @param[in] key Pointer to the user-supplied key. 354*91676d66SBernhard Stoeckner * @param[in] key_size Key size in bytes. 355*91676d66SBernhard Stoeckner * @param[in] salt Pointer to the salt value. 356*91676d66SBernhard Stoeckner * @param[in] salt_size Salt size in bytes. 357*91676d66SBernhard Stoeckner * @param[in] info Pointer to the application specific info. 358*91676d66SBernhard Stoeckner * @param[in] info_size Info size in bytes. 359*91676d66SBernhard Stoeckner * @param[out] out Pointer to buffer to receive hkdf value. 360*91676d66SBernhard Stoeckner * @param[in] out_size Size of hkdf bytes to generate. 361*91676d66SBernhard Stoeckner * 362*91676d66SBernhard Stoeckner * @retval true Hkdf generated successfully. 363*91676d66SBernhard Stoeckner * @retval false Hkdf generation failed. 364*91676d66SBernhard Stoeckner **/ 365*91676d66SBernhard Stoeckner extern bool libspdm_hkdf_sha256_extract_and_expand(const uint8_t *key, size_t key_size, 366*91676d66SBernhard Stoeckner const uint8_t *salt, size_t salt_size, 367*91676d66SBernhard Stoeckner const uint8_t *info, size_t info_size, 368*91676d66SBernhard Stoeckner uint8_t *out, size_t out_size); 369*91676d66SBernhard Stoeckner 370*91676d66SBernhard Stoeckner /** 371*91676d66SBernhard Stoeckner * Derive key data using HMAC-SHA384 based KDF. 372*91676d66SBernhard Stoeckner * 373*91676d66SBernhard Stoeckner * @param[in] key Pointer to the user-supplied key. 374*91676d66SBernhard Stoeckner * @param[in] key_size Key size in bytes. 375*91676d66SBernhard Stoeckner * @param[in] salt Pointer to the salt value. 376*91676d66SBernhard Stoeckner * @param[in] salt_size Salt size in bytes. 377*91676d66SBernhard Stoeckner * @param[in] info Pointer to the application specific info. 378*91676d66SBernhard Stoeckner * @param[in] info_size Info size in bytes. 379*91676d66SBernhard Stoeckner * @param[out] out Pointer to buffer to receive hkdf value. 380*91676d66SBernhard Stoeckner * @param[in] out_size Size of hkdf bytes to generate. 381*91676d66SBernhard Stoeckner * 382*91676d66SBernhard Stoeckner * @retval true Hkdf generated successfully. 383*91676d66SBernhard Stoeckner * @retval false Hkdf generation failed. 384*91676d66SBernhard Stoeckner **/ 385*91676d66SBernhard Stoeckner extern bool libspdm_hkdf_sha384_extract_and_expand(const uint8_t *key, size_t key_size, 386*91676d66SBernhard Stoeckner const uint8_t *salt, size_t salt_size, 387*91676d66SBernhard Stoeckner const uint8_t *info, size_t info_size, 388*91676d66SBernhard Stoeckner uint8_t *out, size_t out_size); 389*91676d66SBernhard Stoeckner 390*91676d66SBernhard Stoeckner /** 391*91676d66SBernhard Stoeckner * Derive key data using HMAC-SHA512 based KDF. 392*91676d66SBernhard Stoeckner * 393*91676d66SBernhard Stoeckner * @param[in] key Pointer to the user-supplied key. 394*91676d66SBernhard Stoeckner * @param[in] key_size Key size in bytes. 395*91676d66SBernhard Stoeckner * @param[in] salt Pointer to the salt value. 396*91676d66SBernhard Stoeckner * @param[in] salt_size Salt size in bytes. 397*91676d66SBernhard Stoeckner * @param[in] info Pointer to the application specific info. 398*91676d66SBernhard Stoeckner * @param[in] info_size Info size in bytes. 399*91676d66SBernhard Stoeckner * @param[out] out Pointer to buffer to receive hkdf value. 400*91676d66SBernhard Stoeckner * @param[in] out_size Size of hkdf bytes to generate. 401*91676d66SBernhard Stoeckner * 402*91676d66SBernhard Stoeckner * @retval true Hkdf generated successfully. 403*91676d66SBernhard Stoeckner * @retval false Hkdf generation failed. 404*91676d66SBernhard Stoeckner **/ 405*91676d66SBernhard Stoeckner extern bool libspdm_hkdf_sha512_extract_and_expand(const uint8_t *key, size_t key_size, 406*91676d66SBernhard Stoeckner const uint8_t *salt, size_t salt_size, 407*91676d66SBernhard Stoeckner const uint8_t *info, size_t info_size, 408*91676d66SBernhard Stoeckner uint8_t *out, size_t out_size); 409*91676d66SBernhard Stoeckner 410*91676d66SBernhard Stoeckner /** 411*91676d66SBernhard Stoeckner * Derive SHA3_256 HMAC-based Extract-and-Expand key Derivation Function (HKDF). 412*91676d66SBernhard Stoeckner * 413*91676d66SBernhard Stoeckner * @param[in] key Pointer to the user-supplied key. 414*91676d66SBernhard Stoeckner * @param[in] key_size Key size in bytes. 415*91676d66SBernhard Stoeckner * @param[in] salt Pointer to the salt value. 416*91676d66SBernhard Stoeckner * @param[in] salt_size Salt size in bytes. 417*91676d66SBernhard Stoeckner * @param[in] info Pointer to the application specific info. 418*91676d66SBernhard Stoeckner * @param[in] info_size Info size in bytes. 419*91676d66SBernhard Stoeckner * @param[out] out Pointer to buffer to receive hkdf value. 420*91676d66SBernhard Stoeckner * @param[in] out_size Size of hkdf bytes to generate. 421*91676d66SBernhard Stoeckner * 422*91676d66SBernhard Stoeckner * @retval true Hkdf generated successfully. 423*91676d66SBernhard Stoeckner * @retval false Hkdf generation failed. 424*91676d66SBernhard Stoeckner **/ 425*91676d66SBernhard Stoeckner extern bool libspdm_hkdf_sha3_256_extract_and_expand(const uint8_t *key, size_t key_size, 426*91676d66SBernhard Stoeckner const uint8_t *salt, size_t salt_size, 427*91676d66SBernhard Stoeckner const uint8_t *info, size_t info_size, 428*91676d66SBernhard Stoeckner uint8_t *out, size_t out_size); 429*91676d66SBernhard Stoeckner 430*91676d66SBernhard Stoeckner /** 431*91676d66SBernhard Stoeckner * Derive SHA3_384 HMAC-based Extract-and-Expand key Derivation Function (HKDF). 432*91676d66SBernhard Stoeckner * 433*91676d66SBernhard Stoeckner * @param[in] key Pointer to the user-supplied key. 434*91676d66SBernhard Stoeckner * @param[in] key_size Key size in bytes. 435*91676d66SBernhard Stoeckner * @param[in] salt Pointer to the salt value. 436*91676d66SBernhard Stoeckner * @param[in] salt_size Salt size in bytes. 437*91676d66SBernhard Stoeckner * @param[in] info Pointer to the application specific info. 438*91676d66SBernhard Stoeckner * @param[in] info_size Info size in bytes. 439*91676d66SBernhard Stoeckner * @param[out] out Pointer to buffer to receive hkdf value. 440*91676d66SBernhard Stoeckner * @param[in] out_size Size of hkdf bytes to generate. 441*91676d66SBernhard Stoeckner * 442*91676d66SBernhard Stoeckner * @retval true Hkdf generated successfully. 443*91676d66SBernhard Stoeckner * @retval false Hkdf generation failed. 444*91676d66SBernhard Stoeckner **/ 445*91676d66SBernhard Stoeckner extern bool libspdm_hkdf_sha3_384_extract_and_expand(const uint8_t *key, size_t key_size, 446*91676d66SBernhard Stoeckner const uint8_t *salt, size_t salt_size, 447*91676d66SBernhard Stoeckner const uint8_t *info, size_t info_size, 448*91676d66SBernhard Stoeckner uint8_t *out, size_t out_size); 449*91676d66SBernhard Stoeckner 450*91676d66SBernhard Stoeckner /** 451*91676d66SBernhard Stoeckner * Derive SHA3_512 HMAC-based Extract-and-Expand key Derivation Function (HKDF). 452*91676d66SBernhard Stoeckner * 453*91676d66SBernhard Stoeckner * @param[in] key Pointer to the user-supplied key. 454*91676d66SBernhard Stoeckner * @param[in] key_size Key size in bytes. 455*91676d66SBernhard Stoeckner * @param[in] salt Pointer to the salt value. 456*91676d66SBernhard Stoeckner * @param[in] salt_size Salt size in bytes. 457*91676d66SBernhard Stoeckner * @param[in] info Pointer to the application specific info. 458*91676d66SBernhard Stoeckner * @param[in] info_size Info size in bytes. 459*91676d66SBernhard Stoeckner * @param[out] out Pointer to buffer to receive hkdf value. 460*91676d66SBernhard Stoeckner * @param[in] out_size Size of hkdf bytes to generate. 461*91676d66SBernhard Stoeckner * 462*91676d66SBernhard Stoeckner * @retval true Hkdf generated successfully. 463*91676d66SBernhard Stoeckner * @retval false Hkdf generation failed. 464*91676d66SBernhard Stoeckner **/ 465*91676d66SBernhard Stoeckner extern bool libspdm_hkdf_sha3_512_extract_and_expand(const uint8_t *key, size_t key_size, 466*91676d66SBernhard Stoeckner const uint8_t *salt, size_t salt_size, 467*91676d66SBernhard Stoeckner const uint8_t *info, size_t info_size, 468*91676d66SBernhard Stoeckner uint8_t *out, size_t out_size); 469*91676d66SBernhard Stoeckner 470*91676d66SBernhard Stoeckner /** 471*91676d66SBernhard Stoeckner * Derive SM3_256 HMAC-based Extract-and-Expand key Derivation Function (HKDF). 472*91676d66SBernhard Stoeckner * 473*91676d66SBernhard Stoeckner * @param[in] key Pointer to the user-supplied key. 474*91676d66SBernhard Stoeckner * @param[in] key_size Key size in bytes. 475*91676d66SBernhard Stoeckner * @param[in] salt Pointer to the salt value. 476*91676d66SBernhard Stoeckner * @param[in] salt_size Salt size in bytes. 477*91676d66SBernhard Stoeckner * @param[in] info Pointer to the application specific info. 478*91676d66SBernhard Stoeckner * @param[in] info_size Info size in bytes. 479*91676d66SBernhard Stoeckner * @param[out] out Pointer to buffer to receive hkdf value. 480*91676d66SBernhard Stoeckner * @param[in] out_size Size of hkdf bytes to generate. 481*91676d66SBernhard Stoeckner * 482*91676d66SBernhard Stoeckner * @retval true Hkdf generated successfully. 483*91676d66SBernhard Stoeckner * @retval false Hkdf generation failed. 484*91676d66SBernhard Stoeckner **/ 485*91676d66SBernhard Stoeckner extern bool libspdm_hkdf_sm3_256_extract_and_expand(const uint8_t *key, size_t key_size, 486*91676d66SBernhard Stoeckner const uint8_t *salt, size_t salt_size, 487*91676d66SBernhard Stoeckner const uint8_t *info, size_t info_size, 488*91676d66SBernhard Stoeckner uint8_t *out, size_t out_size); 489*91676d66SBernhard Stoeckner 490*91676d66SBernhard Stoeckner /** 491*91676d66SBernhard Stoeckner * Sets the private key component into the established EC context. 492*91676d66SBernhard Stoeckner * 493*91676d66SBernhard Stoeckner * For P-256, the private_key_size is 32 byte. 494*91676d66SBernhard Stoeckner * For P-384, the private_key_size is 48 byte. 495*91676d66SBernhard Stoeckner * For P-521, the private_key_size is 66 byte. 496*91676d66SBernhard Stoeckner * 497*91676d66SBernhard Stoeckner * @param[in, out] ec_context Pointer to EC context being set. 498*91676d66SBernhard Stoeckner * @param[in] private_key Pointer to the private key buffer. 499*91676d66SBernhard Stoeckner * @param[in] private_key_size The size of private key buffer in bytes. 500*91676d66SBernhard Stoeckner * 501*91676d66SBernhard Stoeckner * @retval true EC private key component was set successfully. 502*91676d66SBernhard Stoeckner * @retval false Invalid EC private key component. 503*91676d66SBernhard Stoeckner * 504*91676d66SBernhard Stoeckner **/ 505*91676d66SBernhard Stoeckner extern bool libspdm_ec_set_priv_key(void *ec_context, const uint8_t *private_key, 506*91676d66SBernhard Stoeckner size_t private_key_size); 507*91676d66SBernhard Stoeckner 508*91676d66SBernhard Stoeckner /** 509*91676d66SBernhard Stoeckner * Sets the public key component into the established EC context. 510*91676d66SBernhard Stoeckner * 511*91676d66SBernhard Stoeckner * For P-256, the public_size is 64. first 32-byte is X, second 32-byte is Y. 512*91676d66SBernhard Stoeckner * For P-384, the public_size is 96. first 48-byte is X, second 48-byte is Y. 513*91676d66SBernhard Stoeckner * For P-521, the public_size is 132. first 66-byte is X, second 66-byte is Y. 514*91676d66SBernhard Stoeckner * 515*91676d66SBernhard Stoeckner * @param[in, out] ec_context Pointer to EC context being set. 516*91676d66SBernhard Stoeckner * @param[in] public Pointer to the buffer to receive generated public X,Y. 517*91676d66SBernhard Stoeckner * @param[in] public_size The size of public buffer in bytes. 518*91676d66SBernhard Stoeckner * 519*91676d66SBernhard Stoeckner * @retval true EC public key component was set successfully. 520*91676d66SBernhard Stoeckner * @retval false Invalid EC public key component. 521*91676d66SBernhard Stoeckner **/ 522*91676d66SBernhard Stoeckner extern bool libspdm_ec_set_pub_key(void *ec_context, const uint8_t *public_key, 523*91676d66SBernhard Stoeckner size_t public_key_size); 524*91676d66SBernhard Stoeckner 525*91676d66SBernhard Stoeckner /** 526*91676d66SBernhard Stoeckner * Gets the public key component from the established EC context. 527*91676d66SBernhard Stoeckner * 528*91676d66SBernhard Stoeckner * For P-256, the public_size is 64. first 32-byte is X, second 32-byte is Y. 529*91676d66SBernhard Stoeckner * For P-384, the public_size is 96. first 48-byte is X, second 48-byte is Y. 530*91676d66SBernhard Stoeckner * For P-521, the public_size is 132. first 66-byte is X, second 66-byte is Y. 531*91676d66SBernhard Stoeckner * 532*91676d66SBernhard Stoeckner * @param[in, out] ec_context Pointer to EC context being set. 533*91676d66SBernhard Stoeckner * @param[out] public Pointer to the buffer to receive generated public X,Y. 534*91676d66SBernhard Stoeckner * @param[in, out] public_size On input, the size of public buffer in bytes. 535*91676d66SBernhard Stoeckner * On output, the size of data returned in public buffer in bytes. 536*91676d66SBernhard Stoeckner * 537*91676d66SBernhard Stoeckner * @retval true EC key component was retrieved successfully. 538*91676d66SBernhard Stoeckner * @retval false Invalid EC key component. 539*91676d66SBernhard Stoeckner **/ 540*91676d66SBernhard Stoeckner extern bool libspdm_ec_get_pub_key(void *ec_context, uint8_t *public_key, size_t *public_key_size); 541*91676d66SBernhard Stoeckner 542*91676d66SBernhard Stoeckner /** 543*91676d66SBernhard Stoeckner * Validates key components of EC context. 544*91676d66SBernhard Stoeckner * NOTE: This function performs integrity checks on all the EC key material, so 545*91676d66SBernhard Stoeckner * the EC key structure must contain all the private key data. 546*91676d66SBernhard Stoeckner * 547*91676d66SBernhard Stoeckner * If ec_context is NULL, then return false. 548*91676d66SBernhard Stoeckner * 549*91676d66SBernhard Stoeckner * @param[in] ec_context Pointer to EC context to check. 550*91676d66SBernhard Stoeckner * 551*91676d66SBernhard Stoeckner * @retval true EC key components are valid. 552*91676d66SBernhard Stoeckner * @retval false EC key components are not valid. 553*91676d66SBernhard Stoeckner **/ 554*91676d66SBernhard Stoeckner extern bool libspdm_ec_check_key(const void *ec_context); 555*91676d66SBernhard Stoeckner 556*91676d66SBernhard Stoeckner /** 557*91676d66SBernhard Stoeckner * Validates key components of Ed context. 558*91676d66SBernhard Stoeckner * NOTE: This function performs integrity checks on all the Ed key material, so 559*91676d66SBernhard Stoeckner * the Ed key structure must contain all the private key data. 560*91676d66SBernhard Stoeckner * 561*91676d66SBernhard Stoeckner * If ecd_context is NULL, then return false. 562*91676d66SBernhard Stoeckner * 563*91676d66SBernhard Stoeckner * @param[in] ecd_context Pointer to Ed context to check. 564*91676d66SBernhard Stoeckner * 565*91676d66SBernhard Stoeckner * @retval true Ed key components are valid. 566*91676d66SBernhard Stoeckner * @retval false Ed key components are not valid. 567*91676d66SBernhard Stoeckner **/ 568*91676d66SBernhard Stoeckner extern bool libspdm_ecd_check_key(const void *ecd_context); 569*91676d66SBernhard Stoeckner 570*91676d66SBernhard Stoeckner /** 571*91676d66SBernhard Stoeckner * Generates Ed key and returns Ed public key. 572*91676d66SBernhard Stoeckner * 573*91676d66SBernhard Stoeckner * For ed25519, the public_size is 32. 574*91676d66SBernhard Stoeckner * For ed448, the public_size is 57. 575*91676d66SBernhard Stoeckner * 576*91676d66SBernhard Stoeckner * If ecd_context is NULL, then return false. 577*91676d66SBernhard Stoeckner * If public_size is NULL, then return false. 578*91676d66SBernhard Stoeckner * If public_size is large enough but public is NULL, then return false. 579*91676d66SBernhard Stoeckner * 580*91676d66SBernhard Stoeckner * @param[in, out] ecd_context Pointer to the Ed context. 581*91676d66SBernhard Stoeckner * @param[out] public_key Pointer to the buffer to receive generated public key. 582*91676d66SBernhard Stoeckner * @param[in, out] public_key_size On input, the size of public buffer in bytes. 583*91676d66SBernhard Stoeckner * On output, the size of data returned in public buffer in bytes. 584*91676d66SBernhard Stoeckner * 585*91676d66SBernhard Stoeckner * @retval true Ed public key generation succeeded. 586*91676d66SBernhard Stoeckner * @retval false Ed public key generation failed. 587*91676d66SBernhard Stoeckner * @retval false public_size is not large enough. 588*91676d66SBernhard Stoeckner **/ 589*91676d66SBernhard Stoeckner extern bool libspdm_ecd_generate_key(void *ecd_context, uint8_t *public_key, 590*91676d66SBernhard Stoeckner size_t *public_key_size); 591*91676d66SBernhard Stoeckner 592*91676d66SBernhard Stoeckner /** 593*91676d66SBernhard Stoeckner * Generates DH parameter. 594*91676d66SBernhard Stoeckner * 595*91676d66SBernhard Stoeckner * Given generator g, and length of prime number p in bits, this function generates p, 596*91676d66SBernhard Stoeckner * and sets DH context according to value of g and p. 597*91676d66SBernhard Stoeckner * 598*91676d66SBernhard Stoeckner * If dh_context is NULL, then return false. 599*91676d66SBernhard Stoeckner * If prime is NULL, then return false. 600*91676d66SBernhard Stoeckner * If this interface is not supported, then return false. 601*91676d66SBernhard Stoeckner * 602*91676d66SBernhard Stoeckner * @param[in, out] dh_context Pointer to the DH context. 603*91676d66SBernhard Stoeckner * @param[in] generator Value of generator. 604*91676d66SBernhard Stoeckner * @param[in] prime_length Length in bits of prime to be generated. 605*91676d66SBernhard Stoeckner * @param[out] prime Pointer to the buffer to receive the generated prime number. 606*91676d66SBernhard Stoeckner * 607*91676d66SBernhard Stoeckner * @retval true DH parameter generation succeeded. 608*91676d66SBernhard Stoeckner * @retval false Value of generator is not supported. 609*91676d66SBernhard Stoeckner * @retval false Random number generator fails to generate random prime number with prime_length. 610*91676d66SBernhard Stoeckner * @retval false This interface is not supported. 611*91676d66SBernhard Stoeckner **/ 612*91676d66SBernhard Stoeckner extern bool libspdm_dh_generate_parameter(void *dh_context, size_t generator, 613*91676d66SBernhard Stoeckner size_t prime_length, uint8_t *prime); 614*91676d66SBernhard Stoeckner 615*91676d66SBernhard Stoeckner /** 616*91676d66SBernhard Stoeckner * Sets generator and prime parameters for DH. 617*91676d66SBernhard Stoeckner * 618*91676d66SBernhard Stoeckner * Given generator g, and prime number p, this function and sets DH context accordingly. 619*91676d66SBernhard Stoeckner * 620*91676d66SBernhard Stoeckner * If dh_context is NULL, then return false. 621*91676d66SBernhard Stoeckner * If prime is NULL, then return false. 622*91676d66SBernhard Stoeckner * If this interface is not supported, then return false. 623*91676d66SBernhard Stoeckner * 624*91676d66SBernhard Stoeckner * @param[in, out] dh_context Pointer to the DH context. 625*91676d66SBernhard Stoeckner * @param[in] generator Value of generator. 626*91676d66SBernhard Stoeckner * @param[in] prime_length Length in bits of prime to be generated. 627*91676d66SBernhard Stoeckner * @param[in] prime Pointer to the prime number. 628*91676d66SBernhard Stoeckner * 629*91676d66SBernhard Stoeckner * @retval true DH parameter setting succeeded. 630*91676d66SBernhard Stoeckner * @retval false Value of generator is not supported. 631*91676d66SBernhard Stoeckner * @retval false Value of generator is not suitable for the prime. 632*91676d66SBernhard Stoeckner * @retval false Value of prime is not a prime number. 633*91676d66SBernhard Stoeckner * @retval false Value of prime is not a safe prime number. 634*91676d66SBernhard Stoeckner * @retval false This interface is not supported. 635*91676d66SBernhard Stoeckner **/ 636*91676d66SBernhard Stoeckner extern bool libspdm_dh_set_parameter(void *dh_context, size_t generator, 637*91676d66SBernhard Stoeckner size_t prime_length, const uint8_t *prime); 638*91676d66SBernhard Stoeckner 639*91676d66SBernhard Stoeckner /** 640*91676d66SBernhard Stoeckner * Sets the public key component into the established sm2 context. 641*91676d66SBernhard Stoeckner * 642*91676d66SBernhard Stoeckner * The public_size is 64. first 32-byte is X, second 32-byte is Y. 643*91676d66SBernhard Stoeckner * 644*91676d66SBernhard Stoeckner * @param[in, out] ec_context Pointer to sm2 context being set. 645*91676d66SBernhard Stoeckner * @param[in] public_key Pointer to the buffer to receive generated public X,Y. 646*91676d66SBernhard Stoeckner * @param[in] public_key_size The size of public buffer in bytes. 647*91676d66SBernhard Stoeckner * 648*91676d66SBernhard Stoeckner * @retval true sm2 public key component was set successfully. 649*91676d66SBernhard Stoeckner * @retval false Invalid sm2 public key component. 650*91676d66SBernhard Stoeckner **/ 651*91676d66SBernhard Stoeckner extern bool libspdm_sm2_dsa_set_pub_key(void *sm2_context, const uint8_t *public_key, 652*91676d66SBernhard Stoeckner size_t public_key_size); 653*91676d66SBernhard Stoeckner 654*91676d66SBernhard Stoeckner /** 655*91676d66SBernhard Stoeckner * Gets the public key component from the established sm2 context. 656*91676d66SBernhard Stoeckner * 657*91676d66SBernhard Stoeckner * The public_size is 64. first 32-byte is X, second 32-byte is Y. 658*91676d66SBernhard Stoeckner * 659*91676d66SBernhard Stoeckner * @param[in, out] sm2_context Pointer to sm2 context being set. 660*91676d66SBernhard Stoeckner * @param[out] public_key Pointer to the buffer to receive generated public X,Y. 661*91676d66SBernhard Stoeckner * @param[in, out] public_key_size On input, the size of public buffer in bytes. 662*91676d66SBernhard Stoeckner * On output, the size of data returned in public buffer in bytes. 663*91676d66SBernhard Stoeckner * 664*91676d66SBernhard Stoeckner * @retval true sm2 key component was retrieved successfully. 665*91676d66SBernhard Stoeckner * @retval false Invalid sm2 key component. 666*91676d66SBernhard Stoeckner **/ 667*91676d66SBernhard Stoeckner extern bool libspdm_sm2_dsa_get_pub_key(void *sm2_context, uint8_t *public_key, 668*91676d66SBernhard Stoeckner size_t *public_key_size); 669*91676d66SBernhard Stoeckner 670*91676d66SBernhard Stoeckner /** 671*91676d66SBernhard Stoeckner * Validates key components of sm2 context. 672*91676d66SBernhard Stoeckner * NOTE: This function performs integrity checks on all the sm2 key material, so 673*91676d66SBernhard Stoeckner * the sm2 key structure must contain all the private key data. 674*91676d66SBernhard Stoeckner * 675*91676d66SBernhard Stoeckner * If sm2_context is NULL, then return false. 676*91676d66SBernhard Stoeckner * 677*91676d66SBernhard Stoeckner * @param[in] sm2_context Pointer to sm2 context to check. 678*91676d66SBernhard Stoeckner * 679*91676d66SBernhard Stoeckner * @retval true sm2 key components are valid. 680*91676d66SBernhard Stoeckner * @retval false sm2 key components are not valid. 681*91676d66SBernhard Stoeckner **/ 682*91676d66SBernhard Stoeckner extern bool libspdm_sm2_dsa_check_key(const void *sm2_context); 683*91676d66SBernhard Stoeckner 684*91676d66SBernhard Stoeckner /** 685*91676d66SBernhard Stoeckner * Generates sm2 key and returns sm2 public key (X, Y), based upon GB/T 32918.3-2016: SM2 - Part3. 686*91676d66SBernhard Stoeckner * 687*91676d66SBernhard Stoeckner * This function generates random secret, and computes the public key (X, Y), which is 688*91676d66SBernhard Stoeckner * returned via parameter public, public_size. 689*91676d66SBernhard Stoeckner * X is the first half of public with size being public_size / 2, 690*91676d66SBernhard Stoeckner * Y is the second half of public with size being public_size / 2. 691*91676d66SBernhard Stoeckner * sm2 context is updated accordingly. 692*91676d66SBernhard Stoeckner * If the public buffer is too small to hold the public X, Y, false is returned and 693*91676d66SBernhard Stoeckner * public_size is set to the required buffer size to obtain the public X, Y. 694*91676d66SBernhard Stoeckner * 695*91676d66SBernhard Stoeckner * The public_size is 64. first 32-byte is X, second 32-byte is Y. 696*91676d66SBernhard Stoeckner * 697*91676d66SBernhard Stoeckner * If sm2_context is NULL, then return false. 698*91676d66SBernhard Stoeckner * If public_size is NULL, then return false. 699*91676d66SBernhard Stoeckner * If public_size is large enough but public is NULL, then return false. 700*91676d66SBernhard Stoeckner * 701*91676d66SBernhard Stoeckner * @param[in, out] sm2_context Pointer to the sm2 context. 702*91676d66SBernhard Stoeckner * @param[out] public_data Pointer to the buffer to receive generated public X,Y. 703*91676d66SBernhard Stoeckner * @param[in, out] public_size On input, the size of public buffer in bytes. 704*91676d66SBernhard Stoeckner * On output, the size of data returned in public buffer in bytes. 705*91676d66SBernhard Stoeckner * 706*91676d66SBernhard Stoeckner * @retval true sm2 public X,Y generation succeeded. 707*91676d66SBernhard Stoeckner * @retval false sm2 public X,Y generation failed. 708*91676d66SBernhard Stoeckner * @retval false public_size is not large enough. 709*91676d66SBernhard Stoeckner **/ 710*91676d66SBernhard Stoeckner extern bool libspdm_sm2_dsa_generate_key(void *sm2_context, uint8_t *public_data, 711*91676d66SBernhard Stoeckner size_t *public_size); 712*91676d66SBernhard Stoeckner 713*91676d66SBernhard Stoeckner #if LIBSPDM_ENABLE_CAPABILITY_CSR_CAP 714*91676d66SBernhard Stoeckner /** 715*91676d66SBernhard Stoeckner * Generate a CSR. 716*91676d66SBernhard Stoeckner * 717*91676d66SBernhard Stoeckner * @param[in] hash_nid hash algo for sign 718*91676d66SBernhard Stoeckner * @param[in] asym_nid asym algo for sign 719*91676d66SBernhard Stoeckner * 720*91676d66SBernhard Stoeckner * @param[in] requester_info requester info to gen CSR 721*91676d66SBernhard Stoeckner * @param[in] requester_info_length The len of requester info 722*91676d66SBernhard Stoeckner * 723*91676d66SBernhard Stoeckner * @param[in] is_ca if true, set basic_constraints: CA:true; Otherwise, set to false. 724*91676d66SBernhard Stoeckner * 725*91676d66SBernhard Stoeckner * @param[in] context Pointer to asymmetric context 726*91676d66SBernhard Stoeckner * @param[in] subject_name Subject name: should be break with ',' in the middle 727*91676d66SBernhard Stoeckner * example: "C=AA,CN=BB" 728*91676d66SBernhard Stoeckner * 729*91676d66SBernhard Stoeckner * Subject names should contain a comma-separated list of OID types and values: 730*91676d66SBernhard Stoeckner * The valid OID type name is in: 731*91676d66SBernhard Stoeckner * {"CN", "commonName", "C", "countryName", "O", "organizationName","L", 732*91676d66SBernhard Stoeckner * "OU", "organizationalUnitName", "ST", "stateOrProvinceName", "emailAddress", 733*91676d66SBernhard Stoeckner * "serialNumber", "postalAddress", "postalCode", "dnQualifier", "title", 734*91676d66SBernhard Stoeckner * "SN","givenName","GN", "initials", "pseudonym", "generationQualifier", "domainComponent", "DC"}. 735*91676d66SBernhard Stoeckner * Note: The object of C and countryName should be CSR Supported Country Codes 736*91676d66SBernhard Stoeckner * 737*91676d66SBernhard Stoeckner * @param[in, out] csr_len For input, csr_len is the size of store CSR buffer. 738*91676d66SBernhard Stoeckner * For output, csr_len is CSR len for DER format 739*91676d66SBernhard Stoeckner * @param[in, out] csr_pointer For input, csr_pointer is buffer address to store CSR. 740*91676d66SBernhard Stoeckner * For output, csr_pointer is address for stored CSR. 741*91676d66SBernhard Stoeckner * The csr_pointer address will be changed. 742*91676d66SBernhard Stoeckner * 743*91676d66SBernhard Stoeckner * @retval true Success. 744*91676d66SBernhard Stoeckner * @retval false Failed to gen CSR. 745*91676d66SBernhard Stoeckner **/ 746*91676d66SBernhard Stoeckner extern bool libspdm_gen_x509_csr(size_t hash_nid, size_t asym_nid, 747*91676d66SBernhard Stoeckner uint8_t *requester_info, size_t requester_info_length, 748*91676d66SBernhard Stoeckner bool is_ca, 749*91676d66SBernhard Stoeckner void *context, char *subject_name, 750*91676d66SBernhard Stoeckner size_t *csr_len, uint8_t *csr_pointer); 751*91676d66SBernhard Stoeckner #endif /* LIBSPDM_ENABLE_CAPABILITY_CSR_CAP */ 752*91676d66SBernhard Stoeckner 753*91676d66SBernhard Stoeckner #endif /* CRYPTLIB_EXT_H */ 754