From: "Wenxing Hou" <wenxing.hou@intel.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>, Yi Li <yi1.li@intel.com>,
Xiaoyu Lu <xiaoyu1.lu@intel.com>,
Guomin Jiang <guomin.jiang@intel.com>
Subject: [edk2-devel] [PATCH v2 00/10] Add HMAC/HKDF/RSA/HASH features based on Mbedtls
Date: Sat, 2 Sep 2023 22:16:17 +0800 [thread overview]
Message-ID: <20230902141627.3178-1-wenxing.hou@intel.com> (raw)
Purpose: This patch is needed to resolve the limitation from OpenSSL 3.0
that HMAC/HKDF/RSA cannot work in pre-memory phase.
There are four features based on mbedtls in the patch: HMAC/HKDF/RSA/HASH.
Test: The patch has passed the unit_test and fuzz test. And the patch
has passed testing on the Intel platform.
POC: https://github.com/tianocore/edk2-
staging/tree/OpenSSL11_EOL/CryptoPkg/Library/BaseCryptLibMbedTls
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yi Li <yi1.li@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Wenxing Hou (10):
CryptoPkg: Add mbedtls submodule for EDKII
CryptoPkg: Add mbedtls_config and MbedTlsLib.inf
CryptoPkg: Add HMAC functions based on Mbedtls
CryptoPkg: Add HKDF functions based on Mbedtls
CryptoPkg: Add RSA functions based on Mbedtls
CryptoPkg: Add all .inf files for BaseCryptLibMbedTls
CryptoPkg: Add Null functions for building pass
CryptoPkg: Add MD5/SHA1/SHA2 functions based on Mbedtls
CryptoPkg: Add Mbedtls submodule in CI
CryptoPkg: Add basic Readme for BaseCryptLibMbedTls
.gitmodules | 3 +
.pytool/CISettings.py | 2 +
CryptoPkg/CryptoPkg.ci.yaml | 66 +-
CryptoPkg/CryptoPkg.dec | 4 +
CryptoPkg/CryptoPkgMbedTls.dsc | 280 ++
.../BaseCryptLibMbedTls/BaseCryptLib.inf | 81 +
.../BaseCryptLibMbedTls/Bn/CryptBnNull.c | 520 +++
.../Cipher/CryptAeadAesGcmNull.c | 100 +
.../BaseCryptLibMbedTls/Cipher/CryptAesNull.c | 159 +
.../BaseCryptLibMbedTls/Hash/CryptMd5.c | 234 +
.../BaseCryptLibMbedTls/Hash/CryptMd5Null.c | 163 +
.../Hash/CryptParallelHashNull.c | 40 +
.../BaseCryptLibMbedTls/Hash/CryptSha1.c | 234 +
.../BaseCryptLibMbedTls/Hash/CryptSha1Null.c | 166 +
.../BaseCryptLibMbedTls/Hash/CryptSha256.c | 227 +
.../Hash/CryptSha256Null.c | 162 +
.../BaseCryptLibMbedTls/Hash/CryptSha512.c | 447 ++
.../Hash/CryptSha512Null.c | 275 ++
.../BaseCryptLibMbedTls/Hash/CryptSm3Null.c | 164 +
.../BaseCryptLibMbedTls/Hmac/CryptHmac.c | 663 +++
.../BaseCryptLibMbedTls/Hmac/CryptHmacNull.c | 359 ++
.../BaseCryptLibMbedTls/InternalCryptLib.h | 44 +
.../BaseCryptLibMbedTls/Kdf/CryptHkdf.c | 372 ++
.../BaseCryptLibMbedTls/Kdf/CryptHkdfNull.c | 192 +
.../BaseCryptLibMbedTls/PeiCryptLib.inf | 101 +
.../BaseCryptLibMbedTls/PeiCryptLib.uni | 25 +
.../BaseCryptLibMbedTls/Pem/CryptPemNull.c | 69 +
.../Pk/CryptAuthenticodeNull.c | 45 +
.../BaseCryptLibMbedTls/Pk/CryptDhNull.c | 150 +
.../BaseCryptLibMbedTls/Pk/CryptEcNull.c | 578 +++
.../Pk/CryptPkcs1OaepNull.c | 51 +
.../Pk/CryptPkcs5Pbkdf2Null.c | 48 +
.../Pk/CryptPkcs7Internal.h | 83 +
.../Pk/CryptPkcs7SignNull.c | 53 +
.../Pk/CryptPkcs7VerifyEkuNull.c | 152 +
.../Pk/CryptPkcs7VerifyEkuRuntime.c | 56 +
.../Pk/CryptPkcs7VerifyNull.c | 163 +
.../Pk/CryptPkcs7VerifyRuntime.c | 38 +
.../BaseCryptLibMbedTls/Pk/CryptRsaBasic.c | 268 ++
.../Pk/CryptRsaBasicNull.c | 121 +
.../BaseCryptLibMbedTls/Pk/CryptRsaExt.c | 333 ++
.../BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c | 117 +
.../BaseCryptLibMbedTls/Pk/CryptRsaPss.c | 164 +
.../BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c | 46 +
.../BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c | 231 +
.../Pk/CryptRsaPssSignNull.c | 60 +
.../BaseCryptLibMbedTls/Pk/CryptTsNull.c | 42 +
.../BaseCryptLibMbedTls/Pk/CryptX509Null.c | 753 ++++
.../BaseCryptLibMbedTls/Rand/CryptRandNull.c | 56 +
.../BaseCryptLibMbedTls/RuntimeCryptLib.inf | 92 +
.../BaseCryptLibMbedTls/RuntimeCryptLib.uni | 22 +
.../BaseCryptLibMbedTls/SecCryptLib.inf | 84 +
.../BaseCryptLibMbedTls/SecCryptLib.uni | 17 +
.../BaseCryptLibMbedTls/SmmCryptLib.inf | 92 +
.../BaseCryptLibMbedTls/SmmCryptLib.uni | 22 +
.../SysCall/ConstantTimeClock.c | 75 +
.../BaseCryptLibMbedTls/SysCall/CrtWrapper.c | 58 +
.../SysCall/RuntimeMemAllocation.c | 462 ++
.../SysCall/TimerWrapper.c | 198 +
.../BaseCryptLibMbedTls/TestBaseCryptLib.inf | 78 +
CryptoPkg/Library/MbedTlsLib/CrtWrapper.c | 96 +
CryptoPkg/Library/MbedTlsLib/EcSm2Null.c | 495 +++
.../Include/mbedtls/mbedtls_config.h | 3823 +++++++++++++++++
CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf | 173 +
.../Library/MbedTlsLib/MbedTlsLibFull.inf | 177 +
CryptoPkg/Library/MbedTlsLib/mbedtls | 1 +
CryptoPkg/Readme.md | 12 +-
.../UnitTest/Library/BaseCryptLib/HmacTests.c | 34 +-
.../UnitTest/Library/BaseCryptLib/RsaTests.c | 4 +
69 files changed, 14762 insertions(+), 13 deletions(-)
create mode 100644 CryptoPkg/CryptoPkgMbedTls.dsc
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Bn/CryptBnNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcmNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAesNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptMd5.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptMd5Null.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptParallelHashNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha1.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha1Null.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha256.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha256Null.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha512.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha512Null.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSm3Null.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmac.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmacNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Kdf/CryptHkdf.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Kdf/CryptHkdfNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.uni
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPemNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticodeNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptDhNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptEcNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1OaepNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2Null.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Internal.h
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7SignNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEkuNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEkuRuntime.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyRuntime.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasicNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSignNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTsNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509Null.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.uni
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.uni
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.uni
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeClock.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/CrtWrapper.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/RuntimeMemAllocation.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf
create mode 100644 CryptoPkg/Library/MbedTlsLib/CrtWrapper.c
create mode 100644 CryptoPkg/Library/MbedTlsLib/EcSm2Null.c
create mode 100644 CryptoPkg/Library/MbedTlsLib/Include/mbedtls/mbedtls_config.h
create mode 100644 CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf
create mode 100644 CryptoPkg/Library/MbedTlsLib/MbedTlsLibFull.inf
create mode 160000 CryptoPkg/Library/MbedTlsLib/mbedtls
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108235): https://edk2.groups.io/g/devel/message/108235
Mute This Topic: https://groups.io/mt/101114022/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next reply other threads:[~2023-09-02 14:16 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-02 14:16 Wenxing Hou [this message]
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 01/10] CryptoPkg: Add mbedtls submodule for EDKII Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 02/10] CryptoPkg: Add mbedtls_config and MbedTlsLib.inf Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 03/10] CryptoPkg: Add HMAC functions based on Mbedtls Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 04/10] CryptoPkg: Add HKDF " Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 05/10] CryptoPkg: Add RSA " Wenxing Hou
2023-09-04 8:43 ` Li, Yi
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 06/10] CryptoPkg: Add all .inf files for BaseCryptLibMbedTls Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 07/10] CryptoPkg: Add Null functions for building pass Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 08/10] CryptoPkg: Add MD5/SHA1/SHA2 functions based on Mbedtls Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 09/10] CryptoPkg: Add Mbedtls submodule in CI Wenxing Hou
2023-09-04 8:46 ` Li, Yi
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 10/10] CryptoPkg: Add basic Readme for BaseCryptLibMbedTls Wenxing Hou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230902141627.3178-1-wenxing.hou@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox