From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <bounce+27952+117223+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
by spool.mail.gandi.net (Postfix) with ESMTPS id 2BCC7740039
for <rebecca@openfw.io>; Fri, 29 Mar 2024 02:32:50 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=FrLcqpbouvW0wMNDgin0dZbhbcZ8ts/ybFn2f3pipJg=;
c=relaxed/simple; d=groups.io;
h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding;
s=20240206; t=1711679569; v=1;
b=d1ss0ja7qx23A/a8yDzeO8mV91RjxowLM8lW5+00T6UrKPRoler/YBfF8EHXdCcSWt1KC4wa
I3RJZTTrxvwepNlhQup16aETwFKXfqv9FroNrJa4er5HnCdfqe3oV+7aNZq7sc6hVvv0mmnQARW
Yyn2p39KpgvD1X4JTr1oIyGZ7TLi+DeKLEO/bRJIoHjhi7N1uRxLC895CMhV4HJDiZWVmzpiQQ/
7mtNvg526pqVt3MP/nMI3A0H8qxcRmtcF2bGWD52SWFai+DmOluMjBl3IVjVlRCQ9sya62rMuGR
ehoJRAEJFFYauQWKgNMJLSD47l5l1qP1t+NPULIpWJdDQ==
X-Received: by 127.0.0.2 with SMTP id bNxyYY7687511xBNNXakR7us; Thu, 28 Mar 2024 19:32:49 -0700
X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.21])
by mx.groups.io with SMTP id smtpd.web10.8843.1711679565535436757
for <devel@edk2.groups.io>;
Thu, 28 Mar 2024 19:32:49 -0700
X-CSE-ConnectionGUID: iG/OUyJSQh+cUDxsqPqODA==
X-CSE-MsgGUID: Fjc4i/l+T9GwgsrdsZ8TcA==
X-IronPort-AV: E=McAfee;i="6600,9927,11027"; a="6804781"
X-IronPort-AV: E=Sophos;i="6.07,162,1708416000";
d="scan'208";a="6804781"
X-Received: from orviesa001.jf.intel.com ([10.64.159.141])
by orvoesa113.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Mar 2024 19:32:49 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.07,162,1708416000";
d="scan'208";a="54306233"
X-Received: from shwdejointd777.ccr.corp.intel.com ([10.239.58.116])
by orviesa001.jf.intel.com with ESMTP; 28 Mar 2024 19:32:48 -0700
From: "Wenxing Hou" <wenxing.hou@intel.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>,
Yi Li <yi1.li@intel.com>
Subject: [edk2-devel] [PATCH 3/3] CryptoPkg: Remove interdependence for RsaPssVerify
Date: Fri, 29 Mar 2024 10:32:42 +0800
Message-Id: <20240329023242.2443-4-wenxing.hou@intel.com>
In-Reply-To: <20240329023242.2443-1-wenxing.hou@intel.com>
References: <20240329023242.2443-1-wenxing.hou@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Thu, 28 Mar 2024 19:32:49 -0700
Reply-To: devel@edk2.groups.io,wenxing.hou@intel.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: Qnigf4hlCRMCgyz7LdjsHKPhx7686176AA=
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
dkim=pass header.d=groups.io header.s=20240206 header.b=d1ss0ja7;
dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none);
spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4742
Remove interdependence for RsaPssVerify, only use original
mbedtls API.
Because APIs such as Sha512Init may be closed by the platform PCD.
And this patch optimize the hash flow.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yi Li <yi1.li@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
---
.../BaseCryptLibMbedTls/Pk/CryptRsaPss.c | 74 +++----------------
1 file changed, 11 insertions(+), 63 deletions(-)
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c b/Crypt=
oPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c
index 7927c34ae9..ecd1bd1a41 100644
--- a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c
@@ -11,6 +11,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
=0D
#include "InternalCryptLib.h"=0D
#include <mbedtls/rsa.h>=0D
+#include <mbedtls/sha256.h>=0D
+#include <mbedtls/sha512.h>=0D
=0D
/**=0D
Verifies the RSA signature with RSASSA-PSS signature scheme defined in R=
FC 8017.=0D
@@ -43,11 +45,8 @@ RsaPssVerify (
)=0D
{=0D
INT32 Ret;=0D
- mbedtls_md_type_t md_alg;=0D
+ mbedtls_md_type_t MdAlg;=0D
UINT8 HashValue[SHA512_DIGEST_SIZE];=0D
- BOOLEAN Status;=0D
- UINTN ShaCtxSize;=0D
- VOID *ShaCtx;=0D
mbedtls_rsa_context *RsaKey;=0D
=0D
if (RsaContext =3D=3D NULL) {=0D
@@ -75,78 +74,27 @@ RsaPssVerify (
=0D
switch (DigestLen) {=0D
case SHA256_DIGEST_SIZE:=0D
- md_alg =3D MBEDTLS_MD_SHA256;=0D
- ShaCtxSize =3D Sha256GetContextSize ();=0D
- ShaCtx =3D AllocateZeroPool (ShaCtxSize);=0D
-=0D
- Status =3D Sha256Init (ShaCtx);=0D
- if (!Status) {=0D
- return FALSE;=0D
- }=0D
-=0D
- Status =3D Sha256Update (ShaCtx, Message, MsgSize);=0D
- if (!Status) {=0D
- FreePool (ShaCtx);=0D
+ MdAlg =3D MBEDTLS_MD_SHA256;=0D
+ if (mbedtls_sha256 (Message, MsgSize, HashValue, FALSE) !=3D 0) {=0D
return FALSE;=0D
}=0D
=0D
- Status =3D Sha256Final (ShaCtx, HashValue);=0D
- if (!Status) {=0D
- FreePool (ShaCtx);=0D
- return FALSE;=0D
- }=0D
-=0D
- FreePool (ShaCtx);=0D
break;=0D
=0D
case SHA384_DIGEST_SIZE:=0D
- md_alg =3D MBEDTLS_MD_SHA384;=0D
- ShaCtxSize =3D Sha384GetContextSize ();=0D
- ShaCtx =3D AllocateZeroPool (ShaCtxSize);=0D
-=0D
- Status =3D Sha384Init (ShaCtx);=0D
- if (!Status) {=0D
- return FALSE;=0D
- }=0D
-=0D
- Status =3D Sha384Update (ShaCtx, Message, MsgSize);=0D
- if (!Status) {=0D
- FreePool (ShaCtx);=0D
+ MdAlg =3D MBEDTLS_MD_SHA384;=0D
+ if (mbedtls_sha512 (Message, MsgSize, HashValue, TRUE) !=3D 0) {=0D
return FALSE;=0D
}=0D
=0D
- Status =3D Sha384Final (ShaCtx, HashValue);=0D
- if (!Status) {=0D
- FreePool (ShaCtx);=0D
- return FALSE;=0D
- }=0D
-=0D
- FreePool (ShaCtx);=0D
break;=0D
=0D
case SHA512_DIGEST_SIZE:=0D
- md_alg =3D MBEDTLS_MD_SHA512;=0D
- ShaCtxSize =3D Sha512GetContextSize ();=0D
- ShaCtx =3D AllocateZeroPool (ShaCtxSize);=0D
-=0D
- Status =3D Sha512Init (ShaCtx);=0D
- if (!Status) {=0D
- return FALSE;=0D
- }=0D
-=0D
- Status =3D Sha512Update (ShaCtx, Message, MsgSize);=0D
- if (!Status) {=0D
- FreePool (ShaCtx);=0D
- return FALSE;=0D
- }=0D
-=0D
- Status =3D Sha512Final (ShaCtx, HashValue);=0D
- if (!Status) {=0D
- FreePool (ShaCtx);=0D
+ MdAlg =3D MBEDTLS_MD_SHA512;=0D
+ if (mbedtls_sha512 (Message, MsgSize, HashValue, FALSE) !=3D 0) {=0D
return FALSE;=0D
}=0D
=0D
- FreePool (ShaCtx);=0D
break;=0D
=0D
default:=0D
@@ -157,11 +105,11 @@ RsaPssVerify (
return FALSE;=0D
}=0D
=0D
- mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V21, md_alg);=0D
+ mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V21, MdAlg);=0D
=0D
Ret =3D mbedtls_rsa_rsassa_pss_verify (=0D
RsaContext,=0D
- md_alg,=0D
+ MdAlg,=0D
(UINT32)DigestLen,=0D
HashValue,=0D
Signature=0D
--=20
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117223): https://edk2.groups.io/g/devel/message/117223
Mute This Topic: https://groups.io/mt/105210162/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-