From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web10.10747.1577968232533973007 for ; Thu, 02 Jan 2020 04:30:32 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: liming.gao@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Jan 2020 04:30:32 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.69,386,1571727600"; d="scan'208";a="369315533" Received: from lgao4-mobl1.ccr.corp.intel.com ([10.255.28.216]) by orsmga004.jf.intel.com with ESMTP; 02 Jan 2020 04:30:30 -0800 From: "Liming Gao" To: devel@edk2.groups.io Cc: "Pavana.K" , Jian J Wang , Bob Feng Subject: [PATCH 1/1] CryptoPkg: Support for SHA384 & SHA512 RSA signing schemes Date: Thu, 2 Jan 2020 20:30:27 +0800 Message-Id: <20200102123027.15412-1-liming.gao@intel.com> X-Mailer: git-send-email 2.16.2.windows.1 From: "Pavana.K" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2389 Currently RSA signing scheme support is available for MD5, SHA-1 or SHA-256 algorithms.The fix is to extend this support for SHA384 and SHA512. Cc: Liming Gao Cc: Jian J Wang Cc: Bob Feng Signed-off-by: Pavana.K --- CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c | 14 +++++++++++--- CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c | 14 +++++++++++--- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c index 454dbbd476d9..d24e1fdf6801 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c @@ -7,7 +7,7 @@ 3) RsaSetKey 4) RsaPkcs1Verify -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -250,7 +250,7 @@ RsaSetKey ( If RsaContext is NULL, then return FALSE. If MessageHash is NULL, then return FALSE. If Signature is NULL, then return FALSE. - If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE. + If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE. @param[in] RsaContext Pointer to RSA context for signature verification. @param[in] MessageHash Pointer to octet message hash to be checked. @@ -288,7 +288,7 @@ RsaPkcs1Verify ( // // Determine the message digest algorithm according to digest size. - // Only MD5, SHA-1 or SHA-256 algorithm is supported. + // Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported. // switch (HashSize) { case MD5_DIGEST_SIZE: @@ -303,6 +303,14 @@ RsaPkcs1Verify ( DigestType = NID_sha256; break; + case SHA384_DIGEST_SIZE: + DigestType = NID_sha384; + break; + + case SHA512_DIGEST_SIZE: + DigestType = NID_sha512; + break; + default: return FALSE; } diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c index e3dd4844c444..7cd5fecf04cb 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c @@ -7,7 +7,7 @@ 3) RsaCheckKey 4) RsaPkcs1Sign -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -276,7 +276,7 @@ RsaCheckKey ( If RsaContext is NULL, then return FALSE. If MessageHash is NULL, then return FALSE. - If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE. + If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE. If SigSize is large enough but Signature is NULL, then return FALSE. @param[in] RsaContext Pointer to RSA context for signature generation. @@ -326,7 +326,7 @@ RsaPkcs1Sign ( // // Determine the message digest algorithm according to digest size. - // Only MD5, SHA-1 or SHA-256 algorithm is supported. + // Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported. // switch (HashSize) { case MD5_DIGEST_SIZE: @@ -341,6 +341,14 @@ RsaPkcs1Sign ( DigestType = NID_sha256; break; + case SHA384_DIGEST_SIZE: + DigestType = NID_sha384; + break; + + case SHA512_DIGEST_SIZE: + DigestType = NID_sha512; + break; + default: return FALSE; } -- 2.16.2.windows.1