From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id BF1ACD801DB for ; Mon, 18 Mar 2024 23:19:15 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=Gcdwgfey4Im3g2tpj1n9+z1mBjggodhM0aiorVAQoiU=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Feedback-ID:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1710803954; v=1; b=ZtUfD0wvAC84wCK4gsHq8SKoMsSAiMwCOzRle8CF0SHTJRwswCLJTpK9Ms0SrHZOwdBI8fwx N035xbsfaS6RXWgpNkxntKL980wT7Mp6oSA209nEHJhI6DM1c0RQrgNB5volOfBu2ZAjzW70knK YEEONsSRkBj3S7OCjS7/2lj7u3tFN3kI9fFHfT44V+uxVTxXPy1bSk8eVep+2Rj9LEnr10XzM1C G4eGZd7SfiM5Jq1U8OOUX5a6WwklIqFBglu6StVD1CA9ezlxoDK0GgWdx1Gu6/rU+BRceNBTg0a AQGV3pkl7DWF6DxF1ORMZxGewpOIjlAK1owkIRBvedVCw== X-Received: by 127.0.0.2 with SMTP id f3nuYY7687511x9s6LJNAkJy; Mon, 18 Mar 2024 16:19:14 -0700 X-Received: from a2i971.smtp2go.com (a2i971.smtp2go.com [103.47.207.203]) by mx.groups.io with SMTP id smtpd.web10.180.1710798756503535425 for ; Mon, 18 Mar 2024 14:52:36 -0700 X-Received: from [10.45.79.71] (helo=SmtpCorp) by smtpcorp.com with esmtpsa (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.94.2-S2G) (envelope-from ) id 1rmKuJ-gL4QSM-Gb; Mon, 18 Mar 2024 21:52:35 +0000 X-Received: from [10.90.237.184] (helo=localhost.localdomain) by smtpcorp.com with esmtpsa (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96.1-S2G) (envelope-from ) id 1rmKuI-Dv5ZTA-2P; Mon, 18 Mar 2024 21:52:34 +0000 From: "Chris Ruffin via groups.io" To: devel@edk2.groups.io Cc: Chris Ruffin , Jiewen Yao , Yi Li , Wenxing Hou Subject: [edk2-devel] [PATCH 2/3] CryptoPkg/Driver: add additional RSAEP-OAEP crypto functions Date: Mon, 18 Mar 2024 17:52:04 -0400 Message-ID: <20240318215205.1339-2-cruffin@millcore.com> In-Reply-To: <20240318215205.1339-1-cruffin@millcore.com> References: <20240318215205.1339-1-cruffin@millcore.com> MIME-Version: 1.0 X-Smtpcorp-Track: 1rXKImDv5ZTj2e.AH-MBqhK92n6D Feedback-ID: 401384m:401384aZcXcRg:401384s7nS7rz66T X-Report-Abuse: Please forward a copy of this message, including all headers, to Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Mon, 18 Mar 2024 16:19:13 -0700 Reply-To: devel@edk2.groups.io,cruffin@millcore.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: tRYgOmge8hHG88BXHjzlupZkx7686176AA= Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=ZtUfD0wv; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=pass (policy=none) header.from=groups.io From: Chris Ruffin Add new library members to CryptoPkg/Driver. Signed-off-by: Chris Ruffin Cc: Jiewen Yao Cc: Yi Li Cc: Wenxing Hou --- CryptoPkg/Driver/Crypto.c | 116 +++++++++++++++++- .../Pcd/PcdCryptoServiceFamilyEnable.h | 3 + .../BaseCryptLibOnProtocolPpi/CryptLib.c | 100 +++++++++++++++ CryptoPkg/Private/Protocol/Crypto.h | 97 ++++++++++++++- 4 files changed, 314 insertions(+), 2 deletions(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index bdbb4863a9..3bfce16fa6 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -3589,6 +3589,117 @@ CryptoServicePkcs1v2Encrypt ( return CALL_BASECRYPTLIB (Pkcs.Services.Pkcs1v2Encrypt, Pkcs1v2Encrypt, = (PublicKey, PublicKeySize, InData, InDataSize, PrngSeed, PrngSeedSize, Encr= yptedData, EncryptedDataSize), FALSE);=0D }=0D =0D +/**=0D + Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + encrypted message in a newly allocated buffer.=0D +=0D + Things that can cause a failure include:=0D + - X509 key size does not match any known key size.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D + - Data size is too large for the provided key size (max size is a functi= on of key size=0D + and hash digest size).=0D +=0D + @param[in] RsaContext A pointer to an RSA context created by R= saNew() and=0D + provisioned with a public key using RsaS= etKey().=0D + @param[in] InData Data to be encrypted.=0D + @param[in] InDataSize Size of the data buffer.=0D + @param[in] PrngSeed [Optional] If provided, a pointer to a r= andom seed buffer=0D + to be used when initializing the PRNG. N= ULL otherwise.=0D + @param[in] PrngSeedSize [Optional] If provided, size of the rand= om seed buffer.=0D + 0 otherwise.=0D + @param[out] EncryptedData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] EncryptedDataSize Size of the encrypted message buffer.=0D +=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceRsaOaepEncrypt (=0D + IN VOID *RsaContext,=0D + IN UINT8 *InData,=0D + IN UINTN InDataSize,=0D + IN CONST UINT8 *PrngSeed OPTIONAL,=0D + IN UINTN PrngSeedSize OPTIONAL,=0D + OUT UINT8 **EncryptedData,=0D + OUT UINTN *EncryptedDataSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (Rsa.Services.RsaOaepEncrypt, RsaOaepEncrypt, (= RsaContext, InData, InDataSize, PrngSeed, PrngSeedSize, EncryptedData, Encr= yptedDataSize), FALSE);=0D +}=0D +=0D +/**=0D + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + decrypted message in a newly allocated buffer.=0D +=0D + Things that can cause a failure include:=0D + - Fail to parse private key.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D +=0D + @param[in] PrivateKey A pointer to the DER-encoded private key= .=0D + @param[in] PrivateKeySize Size of the private key buffer.=0D + @param[in] EncryptedData Data to be decrypted.=0D + @param[in] EncryptedDataSize Size of the encrypted buffer.=0D + @param[out] OutData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] OutDataSize Size of the encrypted message buffer.=0D +=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServicePkcs1v2Decrypt (=0D + IN CONST UINT8 *PrivateKey,=0D + IN UINTN PrivateKeySize,=0D + IN UINT8 *EncryptedData,=0D + IN UINTN EncryptedDataSize,=0D + OUT UINT8 **OutData,=0D + OUT UINTN *OutDataSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (Pkcs.Services.Pkcs1v2Decrypt, Pkcs1v2Decrypt, = (PrivateKey, PrivateKeySize, EncryptedData, EncryptedDataSize, OutData, Out= DataSize), FALSE);=0D +}=0D +=0D +/**=0D + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + decrypted message in a newly allocated buffer.=0D +=0D + Things that can cause a failure include:=0D + - Fail to parse private key.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D +=0D + @param[in] RsaContext A pointer to an RSA context created by R= saNew() and=0D + provisioned with a private key using Rsa= SetKey().=0D + @param[in] EncryptedData Data to be decrypted.=0D + @param[in] EncryptedDataSize Size of the encrypted buffer.=0D + @param[out] OutData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] OutDataSize Size of the encrypted message buffer.=0D +=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceRsaOaepDecrypt (=0D + IN VOID *RsaContext,=0D + IN UINT8 *EncryptedData,=0D + IN UINTN EncryptedDataSize,=0D + OUT UINT8 **OutData,=0D + OUT UINTN *OutDataSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (Rsa.Services.RsaOaepDecrypt, RsaOaepDecrypt, (= RsaContext, EncryptedData, EncryptedDataSize, OutData, OutDataSize), FALSE)= ;=0D +}=0D +=0D /**=0D Get the signer's certificates from PKCS#7 signed data as described in "P= KCS #7:=0D Cryptographic Message Syntax Standard". The input signed data could be w= rapped=0D @@ -6987,5 +7098,8 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceX509VerifyCertChain,=0D CryptoServiceX509GetCertFromCertChain,=0D CryptoServiceAsn1GetTag,=0D - CryptoServiceX509GetExtendedBasicConstraints=0D + CryptoServiceX509GetExtendedBasicConstraints,=0D + CryptoServicePkcs1v2Decrypt,=0D + CryptoServiceRsaOaepEncrypt,=0D + CryptoServiceRsaOaepDecrypt,=0D };=0D diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoP= kg/Include/Pcd/PcdCryptoServiceFamilyEnable.h index 74eaf44cca..6aee28afe5 100644 --- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h +++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h @@ -124,6 +124,7 @@ typedef struct { UINT8 Pkcs7GetCertificatesList : 1;=0D UINT8 AuthenticodeVerify : 1;=0D UINT8 ImageTimestampVerify : 1;=0D + UINT8 Pkcs1v2Decrypt : 1;=0D } Services;=0D UINT32 Family;=0D } Pkcs;=0D @@ -158,6 +159,8 @@ typedef struct { UINT8 Pkcs1Verify : 1;=0D UINT8 GetPrivateKeyFromPem : 1;=0D UINT8 GetPublicKeyFromX509 : 1;=0D + UINT8 RsaOaepEncrypt : 1;=0D + UINT8 RsaOaepDecrypt : 1;=0D } Services;=0D UINT32 Family;=0D } Rsa;=0D diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 4e31bc278e..8bf3bf00ed 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -2825,6 +2825,105 @@ Pkcs1v2Encrypt ( CALL_CRYPTO_SERVICE (Pkcs1v2Encrypt, (PublicKey, PublicKeySize, InData, = InDataSize, PrngSeed, PrngSeedSize, EncryptedData, EncryptedDataSize), FALS= E);=0D }=0D =0D +/**=0D + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + decrypted message in a newly allocated buffer.=0D + Things that can cause a failure include:=0D + - Fail to parse private key.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D + @param[in] PrivateKey A pointer to the DER-encoded private key= .=0D + @param[in] PrivateKeySize Size of the private key buffer.=0D + @param[in] EncryptedData Data to be decrypted.=0D + @param[in] EncryptedDataSize Size of the encrypted buffer.=0D + @param[out] OutData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] OutDataSize Size of the encrypted message buffer.=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Pkcs1v2Decrypt (=0D + IN CONST UINT8 *PrivateKey,=0D + IN UINTN PrivateKeySize,=0D + IN UINT8 *EncryptedData,=0D + IN UINTN EncryptedDataSize,=0D + OUT UINT8 **OutData,=0D + OUT UINTN *OutDataSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (Pkcs1v2Decrypt, (PrivateKey, PrivateKeySize, Encryp= tedData, EncryptedDataSize, OutData, OutDataSize), FALSE);=0D +}=0D +=0D +/**=0D + Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + encrypted message in a newly allocated buffer.=0D + Things that can cause a failure include:=0D + - X509 key size does not match any known key size.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D + - Data size is too large for the provided key size (max size is a functi= on of key size=0D + and hash digest size).=0D + @param[in] RsaContext A pointer to an RSA context created by R= saNew() and=0D + provisioned with a public key using RsaS= etKey().=0D + @param[in] InData Data to be encrypted.=0D + @param[in] InDataSize Size of the data buffer.=0D + @param[in] PrngSeed [Optional] If provided, a pointer to a r= andom seed buffer=0D + to be used when initializing the PRNG. N= ULL otherwise.=0D + @param[in] PrngSeedSize [Optional] If provided, size of the rand= om seed buffer.=0D + 0 otherwise.=0D + @param[out] EncryptedData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] EncryptedDataSize Size of the encrypted message buffer.=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaOaepEncrypt (=0D + IN VOID *RsaContext,=0D + IN UINT8 *InData,=0D + IN UINTN InDataSize,=0D + IN CONST UINT8 *PrngSeed OPTIONAL,=0D + IN UINTN PrngSeedSize OPTIONAL,=0D + OUT UINT8 **EncryptedData,=0D + OUT UINTN *EncryptedDataSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (RsaOaepEncrypt, (RsaContext, InData, InDataSize, Pr= ngSeed, PrngSeedSize, EncryptedData, EncryptedDataSize), FALSE);=0D +}=0D +=0D +/**=0D + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + decrypted message in a newly allocated buffer.=0D + Things that can cause a failure include:=0D + - Fail to parse private key.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D + @param[in] RsaContext A pointer to an RSA context created by R= saNew() and=0D + provisioned with a private key using Rsa= SetKey().=0D + @param[in] EncryptedData Data to be decrypted.=0D + @param[in] EncryptedDataSize Size of the encrypted buffer.=0D + @param[out] OutData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] OutDataSize Size of the encrypted message buffer.=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaOaepDecrypt (=0D + IN VOID *RsaContext,=0D + IN UINT8 *EncryptedData,=0D + IN UINTN EncryptedDataSize,=0D + OUT UINT8 **OutData,=0D + OUT UINTN *OutDataSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (RsaOaepDecrypt, (RsaContext, EncryptedData, Encrypt= edDataSize, OutData, OutDataSize), FALSE);=0D +}=0D +=0D /**=0D Get the signer's certificates from PKCS#7 signed data as described in "P= KCS #7:=0D Cryptographic Message Syntax Standard". The input signed data could be w= rapped=0D @@ -2850,6 +2949,7 @@ Pkcs1v2Encrypt ( @retval FALSE Error occurs during the operation.=0D @retval FALSE This interface is not supported.=0D =0D +=0D **/=0D BOOLEAN=0D EFIAPI=0D diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index 0e0b1d9401..2466d47dd9 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -21,7 +21,7 @@ /// the EDK II Crypto Protocol is extended, this version define must be=0D /// increased.=0D ///=0D -#define EDKII_CRYPTO_VERSION 16=0D +#define EDKII_CRYPTO_VERSION 17=0D =0D ///=0D /// EDK II Crypto Protocol forward declaration=0D @@ -688,6 +688,98 @@ BOOLEAN OUT UINTN *EncryptedDataSize=0D );=0D =0D +/**=0D + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + decrypted message in a newly allocated buffer.=0D + Things that can cause a failure include:=0D + - Fail to parse private key.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D + @param[in] PrivateKey A pointer to the DER-encoded private key= .=0D + @param[in] PrivateKeySize Size of the private key buffer.=0D + @param[in] EncryptedData Data to be decrypted.=0D + @param[in] EncryptedDataSize Size of the encrypted buffer.=0D + @param[out] OutData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] OutDataSize Size of the encrypted message buffer.=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_PKCS1V2_DECRYPT)(=0D + IN CONST UINT8 *PrivateKey,=0D + IN UINTN PrivateKeySize,=0D + IN UINT8 *EncryptedData,=0D + IN UINTN EncryptedDataSize,=0D + OUT UINT8 **OutData,=0D + OUT UINTN *OutDataSize=0D + );=0D +=0D +/**=0D + Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + encrypted message in a newly allocated buffer.=0D + Things that can cause a failure include:=0D + - X509 key size does not match any known key size.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D + - Data size is too large for the provided key size (max size is a functi= on of key size=0D + and hash digest size).=0D + @param[in] RsaContext A pointer to an RSA context created by R= saNew() and=0D + provisioned with a public key using RsaS= etKey().=0D + @param[in] InData Data to be encrypted.=0D + @param[in] InDataSize Size of the data buffer.=0D + @param[in] PrngSeed [Optional] If provided, a pointer to a r= andom seed buffer=0D + to be used when initializing the PRNG. N= ULL otherwise.=0D + @param[in] PrngSeedSize [Optional] If provided, size of the rand= om seed buffer.=0D + 0 otherwise.=0D + @param[out] EncryptedData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] EncryptedDataSize Size of the encrypted message buffer.=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +**/=0D +// FROM BaseCryptLib.h:2178=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_RSA_OAEP_ENCRYPT)(=0D + IN VOID *RsaContext,=0D + IN UINT8 *InData,=0D + IN UINTN InDataSize,=0D + IN CONST UINT8 *PrngSeed OPTIONAL,=0D + IN UINTN PrngSeedSize OPTIONAL,=0D + OUT UINT8 **EncryptedData,=0D + OUT UINTN *EncryptedDataSize=0D + );=0D +=0D +/**=0D + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + decrypted message in a newly allocated buffer.=0D + Things that can cause a failure include:=0D + - Fail to parse private key.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D + @param[in] RsaContext A pointer to an RSA context created by R= saNew() and=0D + provisioned with a private key using Rsa= SetKey().=0D + @param[in] EncryptedData Data to be decrypted.=0D + @param[in] EncryptedDataSize Size of the encrypted buffer.=0D + @param[out] OutData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] OutDataSize Size of the encrypted message buffer.=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +**/=0D +// FROM BaseCryptLib.h:2243=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_RSA_OAEP_DECRYPT)(=0D + IN VOID *RsaContext,=0D + IN UINT8 *EncryptedData,=0D + IN UINTN EncryptedDataSize,=0D + OUT UINT8 **OutData,=0D + OUT UINTN *OutDataSize=0D + );=0D +=0D // ---------------------------------------------=0D // PKCS5=0D =0D @@ -5603,6 +5695,9 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_X509_GET_CERT_FROM_CERT_CHAIN X509GetCertFromCertC= hain;=0D EDKII_CRYPTO_ASN1_GET_TAG Asn1GetTag;=0D EDKII_CRYPTO_X509_GET_EXTENDED_BASIC_CONSTRAINTS X509GetExtendedBasic= Constraints;=0D + EDKII_CRYPTO_PKCS1V2_DECRYPT Pkcs1v2Decrypt;=0D + EDKII_CRYPTO_RSA_OAEP_ENCRYPT RsaOaepEncrypt;=0D + EDKII_CRYPTO_RSA_OAEP_DECRYPT RsaOaepDecrypt;=0D };=0D =0D extern GUID gEdkiiCryptoProtocolGuid;=0D --=20 2.44.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116871): https://edk2.groups.io/g/devel/message/116871 Mute This Topic: https://groups.io/mt/105014811/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-