From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 21CDD740034 for ; Wed, 30 Aug 2023 08:24:12 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=q3bKivk4E2pWlwNww3sUUn3AGSmthCybSJI+ICk6Yec=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1693383851; v=1; b=ZcGLrooJNEUyTWV1uEju9Yrkn/exyXXZDyVd/kS2+02ELt0aaL6ma21mQ82XZCtvucIo5x8V yyM65ldhli4/p0ajjAug990un9Zd4wPEAXx4gfvmYHqHLTP6UmnLs3hOIFGEOO5WLxxm3DfG8/T pJZln6IItNeauZ8AmZxTO2Mg= X-Received: by 127.0.0.2 with SMTP id KyArYY7687511x8Q4TCImtq2; Wed, 30 Aug 2023 01:24:11 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web11.9325.1693383851049649440 for ; Wed, 30 Aug 2023 01:24:11 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10817"; a="461957410" X-IronPort-AV: E=Sophos;i="6.02,213,1688454000"; d="scan'208";a="461957410" X-Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Aug 2023 01:24:10 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10817"; a="829147728" X-IronPort-AV: E=Sophos;i="6.02,213,1688454000"; d="scan'208";a="829147728" X-Received: from shwdejointd777.ccr.corp.intel.com ([10.239.58.116]) by FMSMGA003.fm.intel.com with ESMTP; 30 Aug 2023 01:24:08 -0700 From: "Wenxing Hou" To: devel@edk2.groups.io Cc: Jiewen Yao , Yi Li , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH 0/9] CryptoPkg: Add HMAC/HKDF/RSA/HASH features based on Mbedtls Date: Wed, 30 Aug 2023 16:23:56 +0800 Message-Id: <20230830082405.2148-1-wenxing.hou@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,wenxing.hou@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 2xduhR34w2PUbiJm9RXcXgUWx7686176AA= Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=ZcGLrooJ; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Purpose: Add BaseCryptLibMbedTls for CryptoPkg, which can be an alternative to OpenSSL in some scenarios. There are four features based on mbedtls in the patch: HMAC/HKDF/RSA/HASH. These functions can be uesed to reduce the size. The others features such as ECC/PKCS1 is WIP because of some known issues. Test: The patch has passed the unit_test and fuzz test. And the patch has passed testing on the Intel platform. POC: https://github.com/tianocore/edk2-staging/tree/OpenSSL11_EOL/CryptoPkg/Library/BaseCryptLibMbedTls REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Cc: Jiewen Yao cc: Yi Li Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Wenxing Hou Wenxing Hou (9): CryptoPkg: Add mbedtls submodule for EDKII CryptoPkg: Add mbedtls_config and MbedTlsLib.inf CryptoPkg: Add HMAC functions based on Mbedtls CryptoPkg: Add HKDF functions based on Mbedtls CryptoPkg: Add RSA functions based on Mbedtls CryptoPkg: Add all .inf files for BaseCryptLibMbedTls CryptoPkg: Add Null functions for building pass CryptoPkg: Add MD5/SHA1/SHA2 functions based on Mbedtls CryptoPkg: Add Mbedtls submodule in CI .gitmodules | 3 + .pytool/CISettings.py | 2 + CryptoPkg/CryptoPkg.ci.yaml | 66 +- CryptoPkg/CryptoPkg.dec | 4 + CryptoPkg/CryptoPkgMbedTls.dsc | 280 ++ .../BaseCryptLibMbedTls/BaseCryptLib.inf | 81 + .../BaseCryptLibMbedTls/Bn/CryptBnNull.c | 520 +++ .../Cipher/CryptAeadAesGcmNull.c | 100 + .../BaseCryptLibMbedTls/Cipher/CryptAesNull.c | 159 + .../BaseCryptLibMbedTls/Hash/CryptMd5.c | 234 + .../BaseCryptLibMbedTls/Hash/CryptMd5Null.c | 163 + .../Hash/CryptParallelHashNull.c | 40 + .../BaseCryptLibMbedTls/Hash/CryptSha1.c | 234 + .../BaseCryptLibMbedTls/Hash/CryptSha1Null.c | 166 + .../BaseCryptLibMbedTls/Hash/CryptSha256.c | 227 + .../Hash/CryptSha256Null.c | 162 + .../BaseCryptLibMbedTls/Hash/CryptSha512.c | 447 ++ .../Hash/CryptSha512Null.c | 275 ++ .../BaseCryptLibMbedTls/Hash/CryptSm3Null.c | 164 + .../BaseCryptLibMbedTls/Hmac/CryptHmac.c | 620 +++ .../BaseCryptLibMbedTls/Hmac/CryptHmacNull.c | 359 ++ .../BaseCryptLibMbedTls/InternalCryptLib.h | 44 + .../BaseCryptLibMbedTls/Kdf/CryptHkdf.c | 372 ++ .../BaseCryptLibMbedTls/Kdf/CryptHkdfNull.c | 192 + .../BaseCryptLibMbedTls/PeiCryptLib.inf | 101 + .../BaseCryptLibMbedTls/PeiCryptLib.uni | 25 + .../BaseCryptLibMbedTls/Pem/CryptPemNull.c | 69 + .../Pk/CryptAuthenticodeNull.c | 45 + .../BaseCryptLibMbedTls/Pk/CryptDhNull.c | 150 + .../BaseCryptLibMbedTls/Pk/CryptEcNull.c | 578 +++ .../Pk/CryptPkcs1OaepNull.c | 51 + .../Pk/CryptPkcs5Pbkdf2Null.c | 48 + .../Pk/CryptPkcs7Internal.h | 83 + .../Pk/CryptPkcs7SignNull.c | 53 + .../Pk/CryptPkcs7VerifyEkuNull.c | 152 + .../Pk/CryptPkcs7VerifyEkuRuntime.c | 56 + .../Pk/CryptPkcs7VerifyNull.c | 163 + .../Pk/CryptPkcs7VerifyRuntime.c | 38 + .../BaseCryptLibMbedTls/Pk/CryptRsaBasic.c | 268 ++ .../Pk/CryptRsaBasicNull.c | 121 + .../BaseCryptLibMbedTls/Pk/CryptRsaExt.c | 337 ++ .../BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c | 117 + .../BaseCryptLibMbedTls/Pk/CryptRsaPss.c | 164 + .../BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c | 46 + .../BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c | 231 + .../Pk/CryptRsaPssSignNull.c | 60 + .../BaseCryptLibMbedTls/Pk/CryptTsNull.c | 42 + .../BaseCryptLibMbedTls/Pk/CryptX509Null.c | 753 ++++ .../BaseCryptLibMbedTls/Rand/CryptRandNull.c | 56 + .../BaseCryptLibMbedTls/RuntimeCryptLib.inf | 92 + .../BaseCryptLibMbedTls/RuntimeCryptLib.uni | 22 + .../BaseCryptLibMbedTls/SecCryptLib.inf | 84 + .../BaseCryptLibMbedTls/SecCryptLib.uni | 17 + .../BaseCryptLibMbedTls/SmmCryptLib.inf | 92 + .../BaseCryptLibMbedTls/SmmCryptLib.uni | 22 + .../SysCall/ConstantTimeClock.c | 75 + .../BaseCryptLibMbedTls/SysCall/CrtWrapper.c | 58 + .../SysCall/RuntimeMemAllocation.c | 462 ++ .../SysCall/TimerWrapper.c | 198 + .../BaseCryptLibMbedTls/TestBaseCryptLib.inf | 78 + CryptoPkg/Library/MbedTlsLib/CrtWrapper.c | 96 + CryptoPkg/Library/MbedTlsLib/EcSm2Null.c | 495 +++ .../Include/mbedtls/mbedtls_config.h | 3823 +++++++++++++++++ CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf | 173 + .../Library/MbedTlsLib/MbedTlsLibFull.inf | 177 + CryptoPkg/Library/MbedTlsLib/mbedtls | 1 + 66 files changed, 14683 insertions(+), 3 deletions(-) create mode 100644 CryptoPkg/CryptoPkgMbedTls.dsc create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Bn/CryptBnNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcmNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAesNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptMd5.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptMd5Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptParallelHashNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha1.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha1Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha256.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha256Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha512.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha512Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSm3Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmac.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmacNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Kdf/CryptHkdf.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Kdf/CryptHkdfNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.uni create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPemNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticodeNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptDhNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptEcNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1OaepNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Internal.h create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7SignNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEkuNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEkuRuntime.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyRuntime.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasicNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSignNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTsNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.uni create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.uni create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.uni create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeClock.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/CrtWrapper.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/RuntimeMemAllocation.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf create mode 100644 CryptoPkg/Library/MbedTlsLib/CrtWrapper.c create mode 100644 CryptoPkg/Library/MbedTlsLib/EcSm2Null.c create mode 100644 CryptoPkg/Library/MbedTlsLib/Include/mbedtls/mbedtls_config.h create mode 100644 CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf create mode 100644 CryptoPkg/Library/MbedTlsLib/MbedTlsLibFull.inf create mode 160000 CryptoPkg/Library/MbedTlsLib/mbedtls -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108130): https://edk2.groups.io/g/devel/message/108130 Mute This Topic: https://groups.io/mt/101048349/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-