From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 1129A740032 for ; Sat, 2 Sep 2023 14:16:42 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=nE3Xdi3kfJEAse7elBdJjlQ/2L5hx1HbW7aYG/VFq1c=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1693664201; v=1; b=Rz46hVCSkPtmiKvGvtbGz5dnmv+YOnIoaK+glGQvs3bzzBkbzkDPnNJpYUJMQER7lA76MpN5 G5j7kqVzMv8yOuFTN3Jw1fEsEIdHuiUO01OCPyhfc4FUPvCgPxEhzEWpJfDcOkUwCMN+l7+rUj0 VKdaQbs25M6zuorOYfS0omos= X-Received: by 127.0.0.2 with SMTP id iG95YY7687511xtro32KjaFG; Sat, 02 Sep 2023 07:16:41 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.8769.1693664196705429436 for ; Sat, 02 Sep 2023 07:16:41 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10821"; a="440346271" X-IronPort-AV: E=Sophos;i="6.02,222,1688454000"; d="scan'208";a="440346271" X-Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Sep 2023 07:16:40 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10821"; a="805769451" X-IronPort-AV: E=Sophos;i="6.02,222,1688454000"; d="scan'208";a="805769451" X-Received: from shwdejointd777.ccr.corp.intel.com ([10.239.58.116]) by fmsmga008.fm.intel.com with ESMTP; 02 Sep 2023 07:16:38 -0700 From: "Wenxing Hou" To: devel@edk2.groups.io Cc: Jiewen Yao , Yi Li , Xiaoyu Lu , Guomin Jiang Subject: [edk2-devel] [PATCH v2 05/10] CryptoPkg: Add RSA functions based on Mbedtls Date: Sat, 2 Sep 2023 22:16:22 +0800 Message-Id: <20230902141627.3178-6-wenxing.hou@intel.com> In-Reply-To: <20230902141627.3178-1-wenxing.hou@intel.com> References: <20230902141627.3178-1-wenxing.hou@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,wenxing.hou@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: SDGxdyQLPlzzhC5Xrl3qtuFpx7686176AA= Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=Rz46hVCS; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Add RSA APIs. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4177 Cc: Jiewen Yao Cc: Yi Li Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Wenxing Hou --- .../BaseCryptLibMbedTls/InternalCryptLib.h | 44 +++ .../BaseCryptLibMbedTls/Pk/CryptRsaBasic.c | 268 ++++++++++++++ .../Pk/CryptRsaBasicNull.c | 121 +++++++ .../BaseCryptLibMbedTls/Pk/CryptRsaExt.c | 333 ++++++++++++++++++ .../BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c | 117 ++++++ .../BaseCryptLibMbedTls/Pk/CryptRsaPss.c | 164 +++++++++ .../BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c | 46 +++ .../BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c | 231 ++++++++++++ .../Pk/CryptRsaPssSignNull.c | 60 ++++ .../UnitTest/Library/BaseCryptLib/RsaTests.c | 4 + 10 files changed, 1388 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasicN= ull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExtNul= l.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNul= l.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSig= n.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSig= nNull.c diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h b/Cry= ptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h new file mode 100644 index 0000000000..3e56c9a75c --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h @@ -0,0 +1,44 @@ +/** @file=0D + Internal include file for BaseCryptLib.=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#ifndef INTERNAL_CRYPT_LIB_H_=0D +#define INTERNAL_CRYPT_LIB_H_=0D +=0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +=0D +//=0D +// We should alwasy add mbedtls/config.h here=0D +// to ensure the config override takes effect.=0D +//=0D +#include =0D +=0D +/**=0D + The MbedTLS function f_rng, which MbedRand implements, is not=0D + documented well.=0D +=0D + @param[in] RngState RngState.=0D + @param[in] Output Output.=0D + @param[in] Len Len.=0D +=0D + @retval 0 success.=0D + @retval non-zero failed.=0D +=0D +**/=0D +INT32=0D +MbedRand (=0D + VOID *RngState,=0D + UINT8 *OutPut,=0D + UINTN Len=0D + );=0D +=0D +#endif=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c b/Cry= ptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c new file mode 100644 index 0000000000..05c2cbd25a --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c @@ -0,0 +1,268 @@ +/** @file=0D + RSA Asymmetric Cipher Wrapper Implementation over MbedTLS.=0D +=0D + This file implements following APIs which provide basic capabilities for= RSA:=0D + 1) RsaNew=0D + 2) RsaFree=0D + 3) RsaSetKey=0D + 4) RsaPkcs1Verify=0D +=0D + RFC 8017 - PKCS #1: RSA Cryptography Specifications Version 2.2=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +#include =0D +=0D +/**=0D + Allocates and initializes one RSA context for subsequent use.=0D +=0D + @return Pointer to the RSA context that has been initialized.=0D + If the allocations fails, RsaNew() returns NULL.=0D +=0D +**/=0D +VOID *=0D +EFIAPI=0D +RsaNew (=0D + VOID=0D + )=0D +{=0D + VOID *RsaContext;=0D +=0D + RsaContext =3D AllocateZeroPool (sizeof (mbedtls_rsa_context));=0D + if (RsaContext =3D=3D NULL) {=0D + return RsaContext;=0D + }=0D +=0D + mbedtls_rsa_init (RsaContext);=0D + if (mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V15, MBEDTLS_M= D_NONE) !=3D 0) {=0D + return NULL;=0D + }=0D +=0D + return RsaContext;=0D +}=0D +=0D +/**=0D + Release the specified RSA context.=0D +=0D + @param[in] RsaContext Pointer to the RSA context to be released.=0D +=0D +**/=0D +VOID=0D +EFIAPI=0D +RsaFree (=0D + IN VOID *RsaContext=0D + )=0D +{=0D + mbedtls_rsa_free (RsaContext);=0D + if (RsaContext !=3D NULL) {=0D + FreePool (RsaContext);=0D + }=0D +}=0D +=0D +/**=0D + Sets the tag-designated key component into the established RSA context.= =0D +=0D + This function sets the tag-designated RSA key component into the establi= shed=0D + RSA context from the user-specified non-negative integer (octet string f= ormat=0D + represented in RSA PKCS#1).=0D + If BigNumber is NULL, then the specified key component in RSA context is= cleared.=0D +=0D + If RsaContext is NULL, then return FALSE.=0D +=0D + @param[in, out] RsaContext Pointer to RSA context being set.=0D + @param[in] KeyTag Tag of RSA key component being set.=0D + @param[in] BigNumber Pointer to octet integer buffer.=0D + If NULL, then the specified key component i= n RSA=0D + context is cleared.=0D + @param[in] BnSize Size of big number buffer in bytes.=0D + If BigNumber is NULL, then it is ignored.=0D +=0D + @retval TRUE RSA key component was set successfully.=0D + @retval FALSE Invalid RSA key component tag.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaSetKey (=0D + IN OUT VOID *RsaContext,=0D + IN RSA_KEY_TAG KeyTag,=0D + IN CONST UINT8 *BigNumber,=0D + IN UINTN BnSize=0D + )=0D +{=0D + mbedtls_rsa_context *RsaKey;=0D + INT32 Ret;=0D + mbedtls_mpi Value;=0D +=0D + //=0D + // Check input parameters.=0D + //=0D + if ((RsaContext =3D=3D NULL) || (BnSize > INT_MAX)) {=0D + return FALSE;=0D + }=0D +=0D + mbedtls_mpi_init (&Value);=0D +=0D + RsaKey =3D (mbedtls_rsa_context *)RsaContext;=0D +=0D + // if BigNumber is Null clear=0D + if (BigNumber !=3D NULL) {=0D + Ret =3D mbedtls_mpi_read_binary (&Value, BigNumber, BnSize);=0D + if (Ret !=3D 0) {=0D + return FALSE;=0D + }=0D + }=0D +=0D + switch (KeyTag) {=0D + case RsaKeyN:=0D + Ret =3D mbedtls_rsa_import (=0D + RsaKey,=0D + &Value,=0D + NULL,=0D + NULL,=0D + NULL,=0D + NULL=0D + );=0D + break;=0D + case RsaKeyE:=0D + Ret =3D mbedtls_rsa_import (=0D + RsaKey,=0D + NULL,=0D + NULL,=0D + NULL,=0D + NULL,=0D + &Value=0D + );=0D + break;=0D + case RsaKeyD:=0D + Ret =3D mbedtls_rsa_import (=0D + RsaKey,=0D + NULL,=0D + NULL,=0D + NULL,=0D + &Value,=0D + NULL=0D + );=0D + break;=0D + case RsaKeyQ:=0D + Ret =3D mbedtls_rsa_import (=0D + RsaKey,=0D + NULL,=0D + NULL,=0D + &Value,=0D + NULL,=0D + NULL=0D + );=0D + break;=0D + case RsaKeyP:=0D + Ret =3D mbedtls_rsa_import (=0D + RsaKey,=0D + NULL,=0D + &Value,=0D + NULL,=0D + NULL,=0D + NULL=0D + );=0D + break;=0D + case RsaKeyDp:=0D + case RsaKeyDq:=0D + case RsaKeyQInv:=0D + default:=0D + Ret =3D -1;=0D + break;=0D + }=0D +=0D + mbedtls_rsa_complete (RsaKey);=0D + mbedtls_mpi_free (&Value);=0D + return Ret =3D=3D 0;=0D +}=0D +=0D +/**=0D + Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defi= ned in=0D + RSA PKCS#1.=0D +=0D + If RsaContext is NULL, then return FALSE.=0D + If MessageHash is NULL, then return FALSE.=0D + If Signature is NULL, then return FALSE.=0D + If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or = SHA-512 digest, then return FALSE.=0D +=0D + @param[in] RsaContext Pointer to RSA context for signature verificati= on.=0D + @param[in] MessageHash Pointer to octet message hash to be checked.=0D + @param[in] HashSize Size of the message hash in bytes.=0D + @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verif= ied.=0D + @param[in] SigSize Size of signature in bytes.=0D +=0D + @retval TRUE Valid signature encoded in PKCS1-v1_5.=0D + @retval FALSE Invalid signature or invalid RSA context.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaPkcs1Verify (=0D + IN VOID *RsaContext,=0D + IN CONST UINT8 *MessageHash,=0D + IN UINTN HashSize,=0D + IN CONST UINT8 *Signature,=0D + IN UINTN SigSize=0D + )=0D +{=0D + INT32 Ret;=0D + mbedtls_md_type_t md_alg;=0D +=0D + if ((RsaContext =3D=3D NULL) || (MessageHash =3D=3D NULL) || (Signature = =3D=3D NULL)) {=0D + return FALSE;=0D + }=0D +=0D + if ((SigSize > INT_MAX) || (SigSize =3D=3D 0)) {=0D + return FALSE;=0D + }=0D +=0D + switch (HashSize) {=0D + case MD5_DIGEST_SIZE:=0D + md_alg =3D MBEDTLS_MD_MD5;=0D + break;=0D +=0D + case SHA1_DIGEST_SIZE:=0D + md_alg =3D MBEDTLS_MD_SHA1;=0D + break;=0D +=0D + case SHA256_DIGEST_SIZE:=0D + md_alg =3D MBEDTLS_MD_SHA256;=0D + break;=0D +=0D + case SHA384_DIGEST_SIZE:=0D + md_alg =3D MBEDTLS_MD_SHA384;=0D + break;=0D +=0D + case SHA512_DIGEST_SIZE:=0D + md_alg =3D MBEDTLS_MD_SHA512;=0D + break;=0D +=0D + default:=0D + return FALSE;=0D + }=0D +=0D + if (mbedtls_rsa_get_len (RsaContext) !=3D SigSize) {=0D + return FALSE;=0D + }=0D +=0D + mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V15, md_alg);=0D +=0D + Ret =3D mbedtls_rsa_pkcs1_verify (=0D + RsaContext,=0D + md_alg,=0D + (UINT32)HashSize,=0D + MessageHash,=0D + Signature=0D + );=0D + if (Ret !=3D 0) {=0D + return FALSE;=0D + }=0D +=0D + return TRUE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasicNull.c b= /CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasicNull.c new file mode 100644 index 0000000000..3e643509fd --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasicNull.c @@ -0,0 +1,121 @@ +/** @file=0D + RSA Asymmetric Cipher Wrapper Null Implementation.=0D +=0D + This file implements following APIs which provide basic capabilities for= RSA:=0D + 1) RsaNew=0D + 2) RsaFree=0D + 3) RsaSetKey=0D + 4) RsaPkcs1Verify=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Allocates and initializes one RSA context for subsequent use.=0D +=0D + @return Pointer to the RSA context that has been initialized.=0D + If the allocations fails, RsaNew() returns NULL.=0D +=0D +**/=0D +VOID *=0D +EFIAPI=0D +RsaNew (=0D + VOID=0D + )=0D +{=0D + //=0D + // Allocates & Initializes RSA Context=0D + //=0D + ASSERT (FALSE);=0D + return NULL;=0D +}=0D +=0D +/**=0D + Release the specified RSA context.=0D +=0D + @param[in] RsaContext Pointer to the RSA context to be released.=0D +=0D +**/=0D +VOID=0D +EFIAPI=0D +RsaFree (=0D + IN VOID *RsaContext=0D + )=0D +{=0D + //=0D + // Free RSA Context=0D + //=0D + ASSERT (FALSE);=0D +}=0D +=0D +/**=0D + Sets the tag-designated key component into the established RSA context.= =0D +=0D + This function sets the tag-designated RSA key component into the establi= shed=0D + RSA context from the user-specified non-negative integer (octet string f= ormat=0D + represented in RSA PKCS#1).=0D + If BigNumber is NULL, then the specified key component in RSA context is= cleared.=0D +=0D + If RsaContext is NULL, then return FALSE.=0D +=0D + @param[in, out] RsaContext Pointer to RSA context being set.=0D + @param[in] KeyTag Tag of RSA key component being set.=0D + @param[in] BigNumber Pointer to octet integer buffer.=0D + If NULL, then the specified key component i= n RSA=0D + context is cleared.=0D + @param[in] BnSize Size of big number buffer in bytes.=0D + If BigNumber is NULL, then it is ignored.=0D +=0D + @retval TRUE RSA key component was set successfully.=0D + @retval FALSE Invalid RSA key component tag.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaSetKey (=0D + IN OUT VOID *RsaContext,=0D + IN RSA_KEY_TAG KeyTag,=0D + IN CONST UINT8 *BigNumber,=0D + IN UINTN BnSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defi= ned in=0D + RSA PKCS#1.=0D +=0D + If RsaContext is NULL, then return FALSE.=0D + If MessageHash is NULL, then return FALSE.=0D + If Signature is NULL, then return FALSE.=0D + If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, th= en return FALSE.=0D +=0D + @param[in] RsaContext Pointer to RSA context for signature verificati= on.=0D + @param[in] MessageHash Pointer to octet message hash to be checked.=0D + @param[in] HashSize Size of the message hash in bytes.=0D + @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verif= ied.=0D + @param[in] SigSize Size of signature in bytes.=0D +=0D + @retval TRUE Valid signature encoded in PKCS1-v1_5.=0D + @retval FALSE Invalid signature or invalid RSA context.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaPkcs1Verify (=0D + IN VOID *RsaContext,=0D + IN CONST UINT8 *MessageHash,=0D + IN UINTN HashSize,=0D + IN CONST UINT8 *Signature,=0D + IN UINTN SigSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c b/Crypt= oPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c new file mode 100644 index 0000000000..3cd0f8d8c9 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c @@ -0,0 +1,333 @@ +/** @file=0D + RSA Asymmetric Cipher Wrapper Implementation over MbedTLS.=0D +=0D + This file implements following APIs which provide more capabilities for = RSA:=0D + 1) RsaGetKey=0D + 2) RsaGenerateKey=0D + 3) RsaCheckKey=0D + 4) RsaPkcs1Sign=0D +=0D + RFC 8017 - PKCS #1: RSA Cryptography Specifications Version 2.2=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +#include =0D +=0D +/**=0D + Gets the tag-designated RSA key component from the established RSA conte= xt.=0D +=0D + This function retrieves the tag-designated RSA key component from the=0D + established RSA context as a non-negative integer (octet string format=0D + represented in RSA PKCS#1).=0D + If specified key component has not been set or has been cleared, then re= turned=0D + BnSize is set to 0.=0D + If the BigNumber buffer is too small to hold the contents of the key, FA= LSE=0D + is returned and BnSize is set to the required buffer size to obtain the = key.=0D +=0D + If RsaContext is NULL, then return FALSE.=0D + If BnSize is NULL, then return FALSE.=0D + If BnSize is large enough but BigNumber is NULL, then return FALSE.=0D +=0D + @param[in, out] RsaContext Pointer to RSA context being set.=0D + @param[in] KeyTag Tag of RSA key component being set.=0D + @param[out] BigNumber Pointer to octet integer buffer.=0D + @param[in, out] BnSize On input, the size of big number buffer in = bytes.=0D + On output, the size of data returned in big= number buffer in bytes.=0D +=0D + @retval TRUE RSA key component was retrieved successfully.=0D + @retval FALSE Invalid RSA key component tag.=0D + @retval FALSE BnSize is too small.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaGetKey (=0D + IN OUT VOID *RsaContext,=0D + IN RSA_KEY_TAG KeyTag,=0D + OUT UINT8 *BigNumber,=0D + IN OUT UINTN *BnSize=0D + )=0D +{=0D + mbedtls_rsa_context *RsaKey;=0D + INT32 Ret;=0D + mbedtls_mpi Value;=0D + UINTN Size;=0D +=0D + //=0D + // Check input parameters.=0D + //=0D + if ((RsaContext =3D=3D NULL) || (*BnSize > INT_MAX)) {=0D + return FALSE;=0D + }=0D +=0D + //=0D + // Init mbedtls_mpi=0D + //=0D + mbedtls_mpi_init (&Value);=0D + Size =3D *BnSize;=0D + *BnSize =3D 0;=0D +=0D + RsaKey =3D (mbedtls_rsa_context *)RsaContext;=0D +=0D + switch (KeyTag) {=0D + case RsaKeyN:=0D + Ret =3D mbedtls_rsa_export (RsaKey, &Value, NULL, NULL, NULL, NULL);= =0D + break;=0D + case RsaKeyE:=0D + Ret =3D mbedtls_rsa_export (RsaKey, NULL, NULL, NULL, NULL, &Value);= =0D + break;=0D + case RsaKeyD:=0D + Ret =3D mbedtls_rsa_export (RsaKey, NULL, NULL, NULL, &Value, NULL);= =0D + break;=0D + case RsaKeyQ:=0D + Ret =3D mbedtls_rsa_export (RsaKey, NULL, NULL, &Value, NULL, NULL);= =0D + break;=0D + case RsaKeyP:=0D + Ret =3D mbedtls_rsa_export (RsaKey, NULL, &Value, NULL, NULL, NULL);= =0D + break;=0D + case RsaKeyDp:=0D + case RsaKeyDq:=0D + case RsaKeyQInv:=0D + default:=0D + Ret =3D -1;=0D + break;=0D + }=0D +=0D + if (Ret !=3D 0) {=0D + return FALSE;=0D + }=0D +=0D + if (!mbedtls_mpi_size (&Value)) {=0D + Ret =3D 0;=0D + goto End;=0D + }=0D +=0D + *BnSize =3D Size;=0D +=0D + if (Ret =3D=3D 0) {=0D + Size =3D mbedtls_mpi_size (&Value);=0D + }=0D +=0D + if (Size =3D=3D 0) {=0D + Ret =3D 1;=0D + goto End;=0D + }=0D +=0D + if (*BnSize < Size) {=0D + Ret =3D 1;=0D + *BnSize =3D Size;=0D + goto End;=0D + }=0D +=0D + if (BigNumber =3D=3D NULL) {=0D + Ret =3D 0;=0D + *BnSize =3D Size;=0D + goto End;=0D + }=0D +=0D + if ((BigNumber !=3D NULL) && (Ret =3D=3D 0)) {=0D + Ret =3D mbedtls_mpi_write_binary (&Value, BigNumber, Size);=0D + *BnSize =3D Size;=0D + }=0D +=0D +End:=0D + mbedtls_mpi_free (&Value);=0D + return Ret =3D=3D 0;=0D +}=0D +=0D +/**=0D + Generates RSA key components.=0D +=0D + This function generates RSA key components. It takes RSA public exponent= E and=0D + length in bits of RSA modulus N as input, and generates all key componen= ts.=0D + If PublicExponent is NULL, the default RSA public exponent (0x10001) wil= l be used.=0D +=0D + If RsaContext is NULL, then return FALSE.=0D +=0D + @param[in, out] RsaContext Pointer to RSA context being set.= =0D + @param[in] ModulusLength Length of RSA modulus N in bits.=0D + @param[in] PublicExponent Pointer to RSA public exponent.=0D + @param[in] PublicExponentSize Size of RSA public exponent buffer= in bytes.=0D +=0D + @retval TRUE RSA key component was generated successfully.=0D + @retval FALSE Invalid RSA key component tag.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaGenerateKey (=0D + IN OUT VOID *RsaContext,=0D + IN UINTN ModulusLength,=0D + IN CONST UINT8 *PublicExponent,=0D + IN UINTN PublicExponentSize=0D + )=0D +{=0D + INT32 Ret;=0D + mbedtls_rsa_context *Rsa;=0D + INT32 PE;=0D + INT32 *GetPE;=0D +=0D + //=0D + // Check input parameters.=0D + //=0D + if ((RsaContext =3D=3D NULL) || (ModulusLength > INT_MAX) || (PublicExpo= nentSize > INT_MAX)) {=0D + return FALSE;=0D + }=0D +=0D + Ret =3D 0;=0D + Rsa =3D (mbedtls_rsa_context *)RsaContext;=0D +=0D + if (PublicExponent =3D=3D NULL) {=0D + PE =3D 0x10001;=0D + } else {=0D + if ((PublicExponentSize > (sizeof (INT32) / sizeof (UINT8))) || (Publi= cExponentSize =3D=3D 0)) {=0D + return FALSE;=0D + }=0D +=0D + GetPE =3D (INT32 *)PublicExponent;=0D + PE =3D *GetPE;=0D + }=0D +=0D + Ret =3D mbedtls_rsa_gen_key (=0D + Rsa,=0D + myrand,=0D + NULL,=0D + (UINT32)ModulusLength,=0D + PE=0D + );=0D +=0D + return Ret =3D=3D 0;=0D +}=0D +=0D +/**=0D + Validates key components of RSA context.=0D + NOTE: This function performs integrity checks on all the RSA key materia= l, so=0D + the RSA key structure must contain all the private key data.=0D +=0D + This function validates key components of RSA context in following aspec= ts:=0D + - Whether p is a prime=0D + - Whether q is a prime=0D + - Whether n =3D p * q=0D + - Whether d*e =3D 1 mod lcm(p-1,q-1)=0D +=0D + If RsaContext is NULL, then return FALSE.=0D +=0D + @param[in] RsaContext Pointer to RSA context to check.=0D +=0D + @retval TRUE RSA key components are valid.=0D + @retval FALSE RSA key components are not valid.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaCheckKey (=0D + IN VOID *RsaContext=0D + )=0D +{=0D + if (RsaContext =3D=3D NULL) {=0D + return FALSE;=0D + }=0D +=0D + UINT32 Ret;=0D +=0D + Ret =3D mbedtls_rsa_complete (RsaContext);=0D + if (Ret =3D=3D 0) {=0D + Ret =3D mbedtls_rsa_check_privkey (RsaContext);=0D + }=0D +=0D + return Ret =3D=3D 0;=0D +}=0D +=0D +/**=0D + Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encodi= ng scheme.=0D +=0D + This function carries out the RSA-SSA signature generation with EMSA-PKC= S1-v1_5 encoding scheme defined in=0D + RSA PKCS#1.=0D + If the Signature buffer is too small to hold the contents of signature, = FALSE=0D + is returned and SigSize is set to the required buffer size to obtain the= signature.=0D +=0D + If RsaContext is NULL, then return FALSE.=0D + If MessageHash is NULL, then return FALSE.=0D + If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or = SHA-512 digest, then return FALSE.=0D + If SigSize is large enough but Signature is NULL, then return FALSE.=0D +=0D + @param[in] RsaContext Pointer to RSA context for signature gener= ation.=0D + @param[in] MessageHash Pointer to octet message hash to be signed= .=0D + @param[in] HashSize Size of the message hash in bytes.=0D + @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_= 5 signature.=0D + @param[in, out] SigSize On input, the size of Signature buffer in = bytes.=0D + On output, the size of data returned in Si= gnature buffer in bytes.=0D +=0D + @retval TRUE Signature successfully generated in PKCS1-v1_5.=0D + @retval FALSE Signature generation failed.=0D + @retval FALSE SigSize is too small.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaPkcs1Sign (=0D + IN VOID *RsaContext,=0D + IN CONST UINT8 *MessageHash,=0D + IN UINTN HashSize,=0D + OUT UINT8 *Signature,=0D + IN OUT UINTN *SigSize=0D + )=0D +{=0D + INT32 Ret;=0D + mbedtls_md_type_t md_alg;=0D +=0D + if ((RsaContext =3D=3D NULL) || (MessageHash =3D=3D NULL)) {=0D + return FALSE;=0D + }=0D +=0D + switch (HashSize) {=0D + case MD5_DIGEST_SIZE:=0D + break;=0D +=0D + case SHA1_DIGEST_SIZE:=0D + md_alg =3D MBEDTLS_MD_SHA1;=0D + break;=0D +=0D + case SHA256_DIGEST_SIZE:=0D + md_alg =3D MBEDTLS_MD_SHA256;=0D + break;=0D +=0D + case SHA384_DIGEST_SIZE:=0D + md_alg =3D MBEDTLS_MD_SHA384;=0D + break;=0D +=0D + case SHA512_DIGEST_SIZE:=0D + md_alg =3D MBEDTLS_MD_SHA512;=0D + break;=0D +=0D + default:=0D + return FALSE;=0D + }=0D +=0D + if (mbedtls_rsa_get_len (RsaContext) > *SigSize) {=0D + *SigSize =3D mbedtls_rsa_get_len (RsaContext);=0D + return FALSE;=0D + }=0D +=0D + mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V15, md_alg);=0D +=0D + Ret =3D mbedtls_rsa_pkcs1_sign (=0D + RsaContext,=0D + MbedRand,=0D + NULL,=0D + md_alg,=0D + (UINT32)HashSize,=0D + MessageHash,=0D + Signature=0D + );=0D + if (Ret !=3D 0) {=0D + return FALSE;=0D + }=0D +=0D + *SigSize =3D mbedtls_rsa_get_len (RsaContext);=0D + return TRUE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c b/C= ryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c new file mode 100644 index 0000000000..be810fb8ca --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c @@ -0,0 +1,117 @@ +/** @file=0D + RSA Asymmetric Cipher Wrapper Implementation over MbedTLS.=0D +=0D + This file does not provide real capabilities for following APIs in RSA h= andling:=0D + 1) RsaGetKey=0D + 2) RsaGenerateKey=0D + 3) RsaCheckKey=0D + 4) RsaPkcs1Sign=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Gets the tag-designated RSA key component from the established RSA conte= xt.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in, out] RsaContext Pointer to RSA context being set.=0D + @param[in] KeyTag Tag of RSA key component being set.=0D + @param[out] BigNumber Pointer to octet integer buffer.=0D + @param[in, out] BnSize On input, the size of big number buffer in = bytes.=0D + On output, the size of data returned in big= number buffer in bytes.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaGetKey (=0D + IN OUT VOID *RsaContext,=0D + IN RSA_KEY_TAG KeyTag,=0D + OUT UINT8 *BigNumber,=0D + IN OUT UINTN *BnSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Generates RSA key components.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in, out] RsaContext Pointer to RSA context being set.= =0D + @param[in] ModulusLength Length of RSA modulus N in bits.=0D + @param[in] PublicExponent Pointer to RSA public exponent.=0D + @param[in] PublicExponentSize Size of RSA public exponent buffer= in bytes.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaGenerateKey (=0D + IN OUT VOID *RsaContext,=0D + IN UINTN ModulusLength,=0D + IN CONST UINT8 *PublicExponent,=0D + IN UINTN PublicExponentSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Validates key components of RSA context.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] RsaContext Pointer to RSA context to check.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaCheckKey (=0D + IN VOID *RsaContext=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encodi= ng scheme.=0D +=0D + Return FALSE to indicate this interface is not supported.=0D +=0D + @param[in] RsaContext Pointer to RSA context for signature gener= ation.=0D + @param[in] MessageHash Pointer to octet message hash to be signed= .=0D + @param[in] HashSize Size of the message hash in bytes.=0D + @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_= 5 signature.=0D + @param[in, out] SigSize On input, the size of Signature buffer in = bytes.=0D + On output, the size of data returned in Si= gnature buffer in bytes.=0D +=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaPkcs1Sign (=0D + IN VOID *RsaContext,=0D + IN CONST UINT8 *MessageHash,=0D + IN UINTN HashSize,=0D + OUT UINT8 *Signature,=0D + IN OUT UINTN *SigSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c b/Crypt= oPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c new file mode 100644 index 0000000000..370d0cf7e5 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c @@ -0,0 +1,164 @@ +/** @file=0D + RSA Asymmetric Cipher Wrapper Implementation over MbedTLS.=0D +=0D + This file implements following APIs which provide basic capabilities for= RSA:=0D + 1) RsaPssVerify=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +#include =0D +=0D +/**=0D + Verifies the RSA signature with RSASSA-PSS signature scheme defined in R= FC 8017.=0D + Implementation determines salt length automatically from the signature e= ncoding.=0D + Mask generation function is the same as the message digest algorithm.=0D + Salt length should be equal to digest length.=0D +=0D + @param[in] RsaContext Pointer to RSA context for signature verific= ation.=0D + @param[in] Message Pointer to octet message to be verified.=0D + @param[in] MsgSize Size of the message in bytes.=0D + @param[in] Signature Pointer to RSASSA-PSS signature to be verifi= ed.=0D + @param[in] SigSize Size of signature in bytes.=0D + @param[in] DigestLen Length of digest for RSA operation.=0D + @param[in] SaltLen Salt length for PSS encoding.=0D +=0D + @retval TRUE Valid signature encoded in RSASSA-PSS.=0D + @retval FALSE Invalid signature or invalid RSA context.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaPssVerify (=0D + IN VOID *RsaContext,=0D + IN CONST UINT8 *Message,=0D + IN UINTN MsgSize,=0D + IN CONST UINT8 *Signature,=0D + IN UINTN SigSize,=0D + IN UINT16 DigestLen,=0D + IN UINT16 SaltLen=0D + )=0D +{=0D + INT32 Ret;=0D + mbedtls_md_type_t md_alg;=0D + UINT8 HashValue[SHA512_DIGEST_SIZE];=0D + BOOLEAN Status;=0D + UINTN ShaCtxSize;=0D + VOID *ShaCtx;=0D +=0D + if (RsaContext =3D=3D NULL) {=0D + return FALSE;=0D + }=0D +=0D + if ((Message =3D=3D NULL) || (MsgSize =3D=3D 0) || (MsgSize > INT_MAX)) = {=0D + return FALSE;=0D + }=0D +=0D + if (SaltLen !=3D DigestLen) {=0D + return FALSE;=0D + }=0D +=0D + if ((Signature =3D=3D NULL) || (SigSize =3D=3D 0) || (SigSize > INT_MAX)= ) {=0D + return FALSE;=0D + }=0D +=0D + ZeroMem (HashValue, DigestLen);=0D +=0D + switch (DigestLen) {=0D + case SHA256_DIGEST_SIZE:=0D + md_alg =3D MBEDTLS_MD_SHA256;=0D + ShaCtxSize =3D Sha256GetContextSize ();=0D + ShaCtx =3D AllocatePool (ShaCtxSize);=0D +=0D + Status =3D Sha256Init (ShaCtx);=0D + if (!Status) {=0D + return FALSE;=0D + }=0D +=0D + Status =3D Sha256Update (ShaCtx, Message, MsgSize);=0D + if (!Status) {=0D + FreePool (ShaCtx);=0D + return FALSE;=0D + }=0D +=0D + Status =3D Sha256Final (ShaCtx, HashValue);=0D + if (!Status) {=0D + FreePool (ShaCtx);=0D + return FALSE;=0D + }=0D +=0D + FreePool (ShaCtx);=0D + break;=0D +=0D + case SHA384_DIGEST_SIZE:=0D + md_alg =3D MBEDTLS_MD_SHA384;=0D + ShaCtxSize =3D Sha384GetContextSize ();=0D + ShaCtx =3D AllocatePool (ShaCtxSize);=0D +=0D + Status =3D Sha384Init (ShaCtx);=0D + if (!Status) {=0D + return FALSE;=0D + }=0D +=0D + Status =3D Sha384Update (ShaCtx, Message, MsgSize);=0D + if (!Status) {=0D + FreePool (ShaCtx);=0D + return FALSE;=0D + }=0D +=0D + Status =3D Sha384Final (ShaCtx, HashValue);=0D + if (!Status) {=0D + FreePool (ShaCtx);=0D + return FALSE;=0D + }=0D +=0D + FreePool (ShaCtx);=0D + break;=0D +=0D + case SHA512_DIGEST_SIZE:=0D + md_alg =3D MBEDTLS_MD_SHA512;=0D + ShaCtxSize =3D Sha512GetContextSize ();=0D + ShaCtx =3D AllocatePool (ShaCtxSize);=0D +=0D + Status =3D Sha512Init (ShaCtx);=0D + if (!Status) {=0D + return FALSE;=0D + }=0D +=0D + Status =3D Sha512Update (ShaCtx, Message, MsgSize);=0D + if (!Status) {=0D + FreePool (ShaCtx);=0D + return FALSE;=0D + }=0D +=0D + Status =3D Sha512Final (ShaCtx, HashValue);=0D + if (!Status) {=0D + FreePool (ShaCtx);=0D + return FALSE;=0D + }=0D +=0D + FreePool (ShaCtx);=0D + break;=0D +=0D + default:=0D + return FALSE;=0D + }=0D +=0D + mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V21, md_alg);=0D +=0D + Ret =3D mbedtls_rsa_rsassa_pss_verify (=0D + RsaContext,=0D + md_alg,=0D + (UINT32)DigestLen,=0D + HashValue,=0D + Signature=0D + );=0D + if (Ret !=3D 0) {=0D + return FALSE;=0D + }=0D +=0D + return TRUE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c b/C= ryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c new file mode 100644 index 0000000000..75ad71a922 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c @@ -0,0 +1,46 @@ +/** @file=0D + RSA-PSS Asymmetric Cipher Wrapper Implementation over MbedTLS.=0D +=0D + This file does not provide real capabilities for following APIs in RSA h= andling:=0D + 1) RsaPssVerify=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Verifies the RSA signature with RSASSA-PSS signature scheme defined in R= FC 8017.=0D + Implementation determines salt length automatically from the signature e= ncoding.=0D + Mask generation function is the same as the message digest algorithm.=0D + Salt length should be equal to digest length.=0D +=0D + @param[in] RsaContext Pointer to RSA context for signature verific= ation.=0D + @param[in] Message Pointer to octet message to be verified.=0D + @param[in] MsgSize Size of the message in bytes.=0D + @param[in] Signature Pointer to RSASSA-PSS signature to be verifi= ed.=0D + @param[in] SigSize Size of signature in bytes.=0D + @param[in] DigestLen Length of digest for RSA operation.=0D + @param[in] SaltLen Salt length for PSS encoding.=0D +=0D + @retval TRUE Valid signature encoded in RSASSA-PSS.=0D + @retval FALSE Invalid signature or invalid RSA context.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaPssVerify (=0D + IN VOID *RsaContext,=0D + IN CONST UINT8 *Message,=0D + IN UINTN MsgSize,=0D + IN CONST UINT8 *Signature,=0D + IN UINTN SigSize,=0D + IN UINT16 DigestLen,=0D + IN UINT16 SaltLen=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c b/C= ryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c new file mode 100644 index 0000000000..db7bac5676 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c @@ -0,0 +1,231 @@ +/** @file=0D + RSA PSS Asymmetric Cipher Wrapper Implementation over MbedTLS.=0D +=0D + This file implements following APIs which provide basic capabilities for= RSA:=0D + 1) RsaPssSign=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +#include =0D +#include =0D +=0D +/**=0D + The MbedTLS function f_rng, which MbedRand implements, is not=0D + documented well.=0D +=0D + @param[in] RngState RngState.=0D + @param[in] Output Output.=0D + @param[in] Len Len.=0D +=0D + @retval 0 success.=0D + @retval non-zero failed.=0D +=0D +**/=0D +INT32=0D +MbedRand (=0D + VOID *RngState,=0D + UINT8 *Output,=0D + UINTN Len=0D + )=0D +{=0D + BOOLEAN Ret;=0D + UINT64 TempRand;=0D +=0D + Ret =3D FALSE;=0D +=0D + while (Len > 0) {=0D + // Use RngLib to get random number=0D + Ret =3D GetRandomNumber64 (&TempRand);=0D +=0D + if (!Ret) {=0D + return Ret;=0D + }=0D +=0D + if (Len >=3D sizeof (TempRand)) {=0D + *((UINT64 *)Output) =3D TempRand;=0D + Output +=3D sizeof (UINT64);=0D + Len -=3D sizeof (TempRand);=0D + } else {=0D + CopyMem (Output, &TempRand, Len);=0D + Len =3D 0;=0D + }=0D + }=0D +=0D + return 0;=0D +}=0D +=0D +/**=0D + Carries out the RSA-SSA signature generation with EMSA-PSS encoding sche= me.=0D +=0D + This function carries out the RSA-SSA signature generation with EMSA-PSS= encoding scheme defined in=0D + RFC 8017.=0D + Mask generation function is the same as the message digest algorithm.=0D + If the Signature buffer is too small to hold the contents of signature, = FALSE=0D + is returned and SigSize is set to the required buffer size to obtain the= signature.=0D +=0D + If RsaContext is NULL, then return FALSE.=0D + If Message is NULL, then return FALSE.=0D + If MsgSize is zero or > INT_MAX, then return FALSE.=0D + If DigestLen is NOT 32, 48 or 64, return FALSE.=0D + If SaltLen is not equal to DigestLen, then return FALSE.=0D + If SigSize is large enough but Signature is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] RsaContext Pointer to RSA context for signature genera= tion.=0D + @param[in] Message Pointer to octet message to be signed.=0D + @param[in] MsgSize Size of the message in bytes.=0D + @param[in] DigestLen Length of the digest in bytes to be used fo= r RSA signature operation.=0D + @param[in] SaltLen Length of the salt in bytes to be used for = PSS encoding.=0D + @param[out] Signature Pointer to buffer to receive RSA PSS signat= ure.=0D + @param[in, out] SigSize On input, the size of Signature buffer in b= ytes.=0D + On output, the size of data returned in Sig= nature buffer in bytes.=0D +=0D + @retval TRUE Signature successfully generated in RSASSA-PSS.=0D + @retval FALSE Signature generation failed.=0D + @retval FALSE SigSize is too small.=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaPssSign (=0D + IN VOID *RsaContext,=0D + IN CONST UINT8 *Message,=0D + IN UINTN MsgSize,=0D + IN UINT16 DigestLen,=0D + IN UINT16 SaltLen,=0D + OUT UINT8 *Signature,=0D + IN OUT UINTN *SigSize=0D + )=0D +{=0D + INT32 Ret;=0D + mbedtls_md_type_t md_alg;=0D + UINT8 HashValue[SHA512_DIGEST_SIZE];=0D + BOOLEAN Status;=0D + UINTN ShaCtxSize;=0D + VOID *ShaCtx;=0D +=0D + if (RsaContext =3D=3D NULL) {=0D + return FALSE;=0D + }=0D +=0D + if ((Message =3D=3D NULL) || (MsgSize =3D=3D 0) || (MsgSize > INT_MAX)) = {=0D + return FALSE;=0D + }=0D +=0D + if (SaltLen !=3D DigestLen) {=0D + return FALSE;=0D + }=0D +=0D + ZeroMem (HashValue, DigestLen);=0D +=0D + switch (DigestLen) {=0D + case SHA256_DIGEST_SIZE:=0D + md_alg =3D MBEDTLS_MD_SHA256;=0D + ShaCtxSize =3D Sha256GetContextSize ();=0D + ShaCtx =3D AllocatePool (ShaCtxSize);=0D +=0D + Status =3D Sha256Init (ShaCtx);=0D + if (!Status) {=0D + return FALSE;=0D + }=0D +=0D + Status =3D Sha256Update (ShaCtx, Message, MsgSize);=0D + if (!Status) {=0D + FreePool (ShaCtx);=0D + return FALSE;=0D + }=0D +=0D + Status =3D Sha256Final (ShaCtx, HashValue);=0D + if (!Status) {=0D + FreePool (ShaCtx);=0D + return FALSE;=0D + }=0D +=0D + FreePool (ShaCtx);=0D + break;=0D +=0D + case SHA384_DIGEST_SIZE:=0D + md_alg =3D MBEDTLS_MD_SHA384;=0D + ShaCtxSize =3D Sha384GetContextSize ();=0D + ShaCtx =3D AllocatePool (ShaCtxSize);=0D +=0D + Status =3D Sha384Init (ShaCtx);=0D + if (!Status) {=0D + return FALSE;=0D + }=0D +=0D + Status =3D Sha384Update (ShaCtx, Message, MsgSize);=0D + if (!Status) {=0D + FreePool (ShaCtx);=0D + return FALSE;=0D + }=0D +=0D + Status =3D Sha384Final (ShaCtx, HashValue);=0D + if (!Status) {=0D + FreePool (ShaCtx);=0D + return FALSE;=0D + }=0D +=0D + FreePool (ShaCtx);=0D + break;=0D +=0D + case SHA512_DIGEST_SIZE:=0D + md_alg =3D MBEDTLS_MD_SHA512;=0D + ShaCtxSize =3D Sha512GetContextSize ();=0D + ShaCtx =3D AllocatePool (ShaCtxSize);=0D +=0D + Status =3D Sha512Init (ShaCtx);=0D + if (!Status) {=0D + return FALSE;=0D + }=0D +=0D + Status =3D Sha512Update (ShaCtx, Message, MsgSize);=0D + if (!Status) {=0D + FreePool (ShaCtx);=0D + return FALSE;=0D + }=0D +=0D + Status =3D Sha512Final (ShaCtx, HashValue);=0D + if (!Status) {=0D + FreePool (ShaCtx);=0D + return FALSE;=0D + }=0D +=0D + FreePool (ShaCtx);=0D + break;=0D +=0D + default:=0D + return FALSE;=0D + }=0D +=0D + if (Signature =3D=3D NULL) {=0D + //=0D + // If Signature is NULL, return safe SignatureSize=0D + //=0D + *SigSize =3D MBEDTLS_MPI_MAX_SIZE;=0D + return FALSE;=0D + }=0D +=0D + mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V21, md_alg);=0D +=0D + Ret =3D mbedtls_rsa_rsassa_pss_sign (=0D + RsaContext,=0D + MbedRand,=0D + NULL,=0D + md_alg,=0D + (UINT32)DigestLen,=0D + HashValue,=0D + Signature=0D + );=0D + if (Ret !=3D 0) {=0D + return FALSE;=0D + }=0D +=0D + *SigSize =3D ((mbedtls_rsa_context *)RsaContext)->len;=0D + return TRUE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSignNull.c= b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSignNull.c new file mode 100644 index 0000000000..10687bd38e --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSignNull.c @@ -0,0 +1,60 @@ +/** @file=0D + RSA-PSS Asymmetric Cipher Wrapper Implementation over MbedTLS.=0D +=0D + This file does not provide real capabilities for following APIs in RSA h= andling:=0D + 1) RsaPssSign=0D +=0D +Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +=0D +/**=0D + Carries out the RSA-SSA signature generation with EMSA-PSS encoding sche= me.=0D +=0D + This function carries out the RSA-SSA signature generation with EMSA-PSS= encoding scheme defined in=0D + RFC 8017.=0D + Mask generation function is the same as the message digest algorithm.=0D + If the Signature buffer is too small to hold the contents of signature, = FALSE=0D + is returned and SigSize is set to the required buffer size to obtain the= signature.=0D +=0D + If RsaContext is NULL, then return FALSE.=0D + If Message is NULL, then return FALSE.=0D + If MsgSize is zero or > INT_MAX, then return FALSE.=0D + If DigestLen is NOT 32, 48 or 64, return FALSE.=0D + If SaltLen is not equal to DigestLen, then return FALSE.=0D + If SigSize is large enough but Signature is NULL, then return FALSE.=0D + If this interface is not supported, then return FALSE.=0D +=0D + @param[in] RsaContext Pointer to RSA context for signature genera= tion.=0D + @param[in] Message Pointer to octet message to be signed.=0D + @param[in] MsgSize Size of the message in bytes.=0D + @param[in] DigestLen Length of the digest in bytes to be used fo= r RSA signature operation.=0D + @param[in] SaltLen Length of the salt in bytes to be used for = PSS encoding.=0D + @param[out] Signature Pointer to buffer to receive RSA PSS signat= ure.=0D + @param[in, out] SigSize On input, the size of Signature buffer in b= ytes.=0D + On output, the size of data returned in Sig= nature buffer in bytes.=0D +=0D + @retval TRUE Signature successfully generated in RSASSA-PSS.=0D + @retval FALSE Signature generation failed.=0D + @retval FALSE SigSize is too small.=0D + @retval FALSE This interface is not supported.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaPssSign (=0D + IN VOID *RsaContext,=0D + IN CONST UINT8 *Message,=0D + IN UINTN MsgSize,=0D + IN UINT16 DigestLen,=0D + IN UINT16 SaltLen,=0D + OUT UINT8 *Signature,=0D + IN OUT UINTN *SigSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/RsaTests.c b/Cryp= toPkg/Test/UnitTest/Library/BaseCryptLib/RsaTests.c index 3f06e89b3c..70fd4aa64b 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/RsaTests.c +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/RsaTests.c @@ -194,6 +194,7 @@ TestVerifyRsaGenerateKeyComponents ( BOOLEAN Status;=0D UINTN KeySize;=0D UINT8 *KeyBuffer;=0D + UINT8 TestPublicExponent[] =3D { 0x01, 0x00, 0x01 };=0D =0D //=0D // Generate RSA Key Components=0D @@ -202,6 +203,9 @@ TestVerifyRsaGenerateKeyComponents ( Status =3D RsaGenerateKey (mRsa, RSA_MODULUS_LENGTH, NULL, 0);=0D UT_ASSERT_TRUE (Status);=0D =0D + Status =3D RsaGenerateKey (mRsa, RSA_MODULUS_LENGTH, TestPublicExponent,= sizeof (TestPublicExponent));=0D + UT_ASSERT_TRUE (Status);=0D +=0D KeySize =3D RSA_MODULUS_LENGTH / 8;=0D KeyBuffer =3D AllocatePool (KeySize);=0D Status =3D RsaGetKey (mRsa, RsaKeyE, KeyBuffer, &KeySize);=0D --=20 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108240): https://edk2.groups.io/g/devel/message/108240 Mute This Topic: https://groups.io/mt/101114029/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-