From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 78E09AC12DA for ; Sat, 2 Sep 2023 14:16:37 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=eEmy7jdFD8ebzef93dJB4C10jimf9SsYkDyoYNVZa2Q=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1693664196; v=1; b=nTBggYOhxZ7ybuPoBUjBvTGf1T5GM8OzXcMd/onjmW2XuV1IuVrZ4Mb3PD+NK33co4y6i2C/ uVxe5hXsgIJXz0zQbGk8OYJi3XtTpO5xsnLYsW1bXWqWR/GKqWM7cWOt1thFicoz2wgsfeSDxNP iOy0S4s1RGEshxzb2y0JrfUw= X-Received: by 127.0.0.2 with SMTP id 7bDNYY7687511xCE1809u36a; Sat, 02 Sep 2023 07:16:36 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web10.8753.1693664194891574418 for ; Sat, 02 Sep 2023 07:16:35 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10821"; a="440346265" X-IronPort-AV: E=Sophos;i="6.02,222,1688454000"; d="scan'208";a="440346265" X-Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Sep 2023 07:16:32 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10821"; a="805769426" X-IronPort-AV: E=Sophos;i="6.02,222,1688454000"; d="scan'208";a="805769426" X-Received: from shwdejointd777.ccr.corp.intel.com ([10.239.58.116]) by fmsmga008.fm.intel.com with ESMTP; 02 Sep 2023 07:16:30 -0700 From: "Wenxing Hou" To: devel@edk2.groups.io Cc: Jiewen Yao , Yi Li , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH v2 00/10] Add HMAC/HKDF/RSA/HASH features based on Mbedtls Date: Sat, 2 Sep 2023 22:16:17 +0800 Message-Id: <20230902141627.3178-1-wenxing.hou@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,wenxing.hou@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: PyigwyhZlimBTfmsWxHxwvPPx7686176AA= Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=nTBggYOh; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Purpose: This patch is needed to resolve the limitation from OpenSSL 3.0 that HMAC/HKDF/RSA cannot work in pre-memory phase. There are four features based on mbedtls in the patch: HMAC/HKDF/RSA/HASH. Test: The patch has passed the unit_test and fuzz test. And the patch has passed testing on the Intel platform. POC: https://github.com/tianocore/edk2- staging/tree/OpenSSL11_EOL/CryptoPkg/Library/BaseCryptLibMbedTls REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Cc: Jiewen Yao Cc: Yi Li Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Wenxing Hou Wenxing Hou (10): CryptoPkg: Add mbedtls submodule for EDKII CryptoPkg: Add mbedtls_config and MbedTlsLib.inf CryptoPkg: Add HMAC functions based on Mbedtls CryptoPkg: Add HKDF functions based on Mbedtls CryptoPkg: Add RSA functions based on Mbedtls CryptoPkg: Add all .inf files for BaseCryptLibMbedTls CryptoPkg: Add Null functions for building pass CryptoPkg: Add MD5/SHA1/SHA2 functions based on Mbedtls CryptoPkg: Add Mbedtls submodule in CI CryptoPkg: Add basic Readme for BaseCryptLibMbedTls .gitmodules | 3 + .pytool/CISettings.py | 2 + CryptoPkg/CryptoPkg.ci.yaml | 66 +- CryptoPkg/CryptoPkg.dec | 4 + CryptoPkg/CryptoPkgMbedTls.dsc | 280 ++ .../BaseCryptLibMbedTls/BaseCryptLib.inf | 81 + .../BaseCryptLibMbedTls/Bn/CryptBnNull.c | 520 +++ .../Cipher/CryptAeadAesGcmNull.c | 100 + .../BaseCryptLibMbedTls/Cipher/CryptAesNull.c | 159 + .../BaseCryptLibMbedTls/Hash/CryptMd5.c | 234 + .../BaseCryptLibMbedTls/Hash/CryptMd5Null.c | 163 + .../Hash/CryptParallelHashNull.c | 40 + .../BaseCryptLibMbedTls/Hash/CryptSha1.c | 234 + .../BaseCryptLibMbedTls/Hash/CryptSha1Null.c | 166 + .../BaseCryptLibMbedTls/Hash/CryptSha256.c | 227 + .../Hash/CryptSha256Null.c | 162 + .../BaseCryptLibMbedTls/Hash/CryptSha512.c | 447 ++ .../Hash/CryptSha512Null.c | 275 ++ .../BaseCryptLibMbedTls/Hash/CryptSm3Null.c | 164 + .../BaseCryptLibMbedTls/Hmac/CryptHmac.c | 663 +++ .../BaseCryptLibMbedTls/Hmac/CryptHmacNull.c | 359 ++ .../BaseCryptLibMbedTls/InternalCryptLib.h | 44 + .../BaseCryptLibMbedTls/Kdf/CryptHkdf.c | 372 ++ .../BaseCryptLibMbedTls/Kdf/CryptHkdfNull.c | 192 + .../BaseCryptLibMbedTls/PeiCryptLib.inf | 101 + .../BaseCryptLibMbedTls/PeiCryptLib.uni | 25 + .../BaseCryptLibMbedTls/Pem/CryptPemNull.c | 69 + .../Pk/CryptAuthenticodeNull.c | 45 + .../BaseCryptLibMbedTls/Pk/CryptDhNull.c | 150 + .../BaseCryptLibMbedTls/Pk/CryptEcNull.c | 578 +++ .../Pk/CryptPkcs1OaepNull.c | 51 + .../Pk/CryptPkcs5Pbkdf2Null.c | 48 + .../Pk/CryptPkcs7Internal.h | 83 + .../Pk/CryptPkcs7SignNull.c | 53 + .../Pk/CryptPkcs7VerifyEkuNull.c | 152 + .../Pk/CryptPkcs7VerifyEkuRuntime.c | 56 + .../Pk/CryptPkcs7VerifyNull.c | 163 + .../Pk/CryptPkcs7VerifyRuntime.c | 38 + .../BaseCryptLibMbedTls/Pk/CryptRsaBasic.c | 268 ++ .../Pk/CryptRsaBasicNull.c | 121 + .../BaseCryptLibMbedTls/Pk/CryptRsaExt.c | 333 ++ .../BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c | 117 + .../BaseCryptLibMbedTls/Pk/CryptRsaPss.c | 164 + .../BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c | 46 + .../BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c | 231 + .../Pk/CryptRsaPssSignNull.c | 60 + .../BaseCryptLibMbedTls/Pk/CryptTsNull.c | 42 + .../BaseCryptLibMbedTls/Pk/CryptX509Null.c | 753 ++++ .../BaseCryptLibMbedTls/Rand/CryptRandNull.c | 56 + .../BaseCryptLibMbedTls/RuntimeCryptLib.inf | 92 + .../BaseCryptLibMbedTls/RuntimeCryptLib.uni | 22 + .../BaseCryptLibMbedTls/SecCryptLib.inf | 84 + .../BaseCryptLibMbedTls/SecCryptLib.uni | 17 + .../BaseCryptLibMbedTls/SmmCryptLib.inf | 92 + .../BaseCryptLibMbedTls/SmmCryptLib.uni | 22 + .../SysCall/ConstantTimeClock.c | 75 + .../BaseCryptLibMbedTls/SysCall/CrtWrapper.c | 58 + .../SysCall/RuntimeMemAllocation.c | 462 ++ .../SysCall/TimerWrapper.c | 198 + .../BaseCryptLibMbedTls/TestBaseCryptLib.inf | 78 + CryptoPkg/Library/MbedTlsLib/CrtWrapper.c | 96 + CryptoPkg/Library/MbedTlsLib/EcSm2Null.c | 495 +++ .../Include/mbedtls/mbedtls_config.h | 3823 +++++++++++++++++ CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf | 173 + .../Library/MbedTlsLib/MbedTlsLibFull.inf | 177 + CryptoPkg/Library/MbedTlsLib/mbedtls | 1 + CryptoPkg/Readme.md | 12 +- .../UnitTest/Library/BaseCryptLib/HmacTests.c | 34 +- .../UnitTest/Library/BaseCryptLib/RsaTests.c | 4 + 69 files changed, 14762 insertions(+), 13 deletions(-) create mode 100644 CryptoPkg/CryptoPkgMbedTls.dsc create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Bn/CryptBnNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcmNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAesNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptMd5.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptMd5Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptParallelHashNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha1.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha1Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha256.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha256Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha512.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha512Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSm3Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmac.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmacNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Kdf/CryptHkdf.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Kdf/CryptHkdfNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.uni create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPemNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticodeNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptDhNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptEcNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1OaepNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Internal.h create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7SignNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEkuNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEkuRuntime.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyRuntime.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasicNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSignNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTsNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509Null.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.uni create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.uni create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.uni create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeClock.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/CrtWrapper.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/RuntimeMemAllocation.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf create mode 100644 CryptoPkg/Library/MbedTlsLib/CrtWrapper.c create mode 100644 CryptoPkg/Library/MbedTlsLib/EcSm2Null.c create mode 100644 CryptoPkg/Library/MbedTlsLib/Include/mbedtls/mbedtls_config.h create mode 100644 CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf create mode 100644 CryptoPkg/Library/MbedTlsLib/MbedTlsLibFull.inf create mode 160000 CryptoPkg/Library/MbedTlsLib/mbedtls -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108235): https://edk2.groups.io/g/devel/message/108235 Mute This Topic: https://groups.io/mt/101114022/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-