From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+117223+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 2BCC7740039
	for <rebecca@openfw.io>; Fri, 29 Mar 2024 02:32:50 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=FrLcqpbouvW0wMNDgin0dZbhbcZ8ts/ybFn2f3pipJg=;
 c=relaxed/simple; d=groups.io;
 h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding;
 s=20240206; t=1711679569; v=1;
 b=d1ss0ja7qx23A/a8yDzeO8mV91RjxowLM8lW5+00T6UrKPRoler/YBfF8EHXdCcSWt1KC4wa
 I3RJZTTrxvwepNlhQup16aETwFKXfqv9FroNrJa4er5HnCdfqe3oV+7aNZq7sc6hVvv0mmnQARW
 Yyn2p39KpgvD1X4JTr1oIyGZ7TLi+DeKLEO/bRJIoHjhi7N1uRxLC895CMhV4HJDiZWVmzpiQQ/
 7mtNvg526pqVt3MP/nMI3A0H8qxcRmtcF2bGWD52SWFai+DmOluMjBl3IVjVlRCQ9sya62rMuGR
 ehoJRAEJFFYauQWKgNMJLSD47l5l1qP1t+NPULIpWJdDQ==
X-Received: by 127.0.0.2 with SMTP id bNxyYY7687511xBNNXakR7us; Thu, 28 Mar 2024 19:32:49 -0700
X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.21])
 by mx.groups.io with SMTP id smtpd.web10.8843.1711679565535436757
 for <devel@edk2.groups.io>;
 Thu, 28 Mar 2024 19:32:49 -0700
X-CSE-ConnectionGUID: iG/OUyJSQh+cUDxsqPqODA==
X-CSE-MsgGUID: Fjc4i/l+T9GwgsrdsZ8TcA==
X-IronPort-AV: E=McAfee;i="6600,9927,11027"; a="6804781"
X-IronPort-AV: E=Sophos;i="6.07,162,1708416000"; 
   d="scan'208";a="6804781"
X-Received: from orviesa001.jf.intel.com ([10.64.159.141])
  by orvoesa113.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Mar 2024 19:32:49 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.07,162,1708416000"; 
   d="scan'208";a="54306233"
X-Received: from shwdejointd777.ccr.corp.intel.com ([10.239.58.116])
  by orviesa001.jf.intel.com with ESMTP; 28 Mar 2024 19:32:48 -0700
From: "Wenxing Hou" <wenxing.hou@intel.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>,
	Yi Li <yi1.li@intel.com>
Subject: [edk2-devel] [PATCH 3/3] CryptoPkg: Remove interdependence for RsaPssVerify
Date: Fri, 29 Mar 2024 10:32:42 +0800
Message-Id: <20240329023242.2443-4-wenxing.hou@intel.com>
In-Reply-To: <20240329023242.2443-1-wenxing.hou@intel.com>
References: <20240329023242.2443-1-wenxing.hou@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Thu, 28 Mar 2024 19:32:49 -0700
Reply-To: devel@edk2.groups.io,wenxing.hou@intel.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: Qnigf4hlCRMCgyz7LdjsHKPhx7686176AA=
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240206 header.b=d1ss0ja7;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4742

Remove interdependence for RsaPssVerify, only use original
mbedtls API.
Because APIs such as Sha512Init may be closed by the platform PCD.
And this patch optimize the hash flow.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yi Li <yi1.li@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
---
 .../BaseCryptLibMbedTls/Pk/CryptRsaPss.c      | 74 +++----------------
 1 file changed, 11 insertions(+), 63 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c b/Crypt=
oPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c
index 7927c34ae9..ecd1bd1a41 100644
--- a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c
@@ -11,6 +11,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 =0D
 #include "InternalCryptLib.h"=0D
 #include <mbedtls/rsa.h>=0D
+#include <mbedtls/sha256.h>=0D
+#include <mbedtls/sha512.h>=0D
 =0D
 /**=0D
   Verifies the RSA signature with RSASSA-PSS signature scheme defined in R=
FC 8017.=0D
@@ -43,11 +45,8 @@ RsaPssVerify (
   )=0D
 {=0D
   INT32                Ret;=0D
-  mbedtls_md_type_t    md_alg;=0D
+  mbedtls_md_type_t    MdAlg;=0D
   UINT8                HashValue[SHA512_DIGEST_SIZE];=0D
-  BOOLEAN              Status;=0D
-  UINTN                ShaCtxSize;=0D
-  VOID                 *ShaCtx;=0D
   mbedtls_rsa_context  *RsaKey;=0D
 =0D
   if (RsaContext =3D=3D NULL) {=0D
@@ -75,78 +74,27 @@ RsaPssVerify (
 =0D
   switch (DigestLen) {=0D
     case SHA256_DIGEST_SIZE:=0D
-      md_alg     =3D MBEDTLS_MD_SHA256;=0D
-      ShaCtxSize =3D Sha256GetContextSize ();=0D
-      ShaCtx     =3D AllocateZeroPool (ShaCtxSize);=0D
-=0D
-      Status =3D Sha256Init (ShaCtx);=0D
-      if (!Status) {=0D
-        return FALSE;=0D
-      }=0D
-=0D
-      Status =3D Sha256Update (ShaCtx, Message, MsgSize);=0D
-      if (!Status) {=0D
-        FreePool (ShaCtx);=0D
+      MdAlg =3D MBEDTLS_MD_SHA256;=0D
+      if (mbedtls_sha256 (Message, MsgSize, HashValue, FALSE) !=3D 0) {=0D
         return FALSE;=0D
       }=0D
 =0D
-      Status =3D Sha256Final (ShaCtx, HashValue);=0D
-      if (!Status) {=0D
-        FreePool (ShaCtx);=0D
-        return FALSE;=0D
-      }=0D
-=0D
-      FreePool (ShaCtx);=0D
       break;=0D
 =0D
     case SHA384_DIGEST_SIZE:=0D
-      md_alg     =3D MBEDTLS_MD_SHA384;=0D
-      ShaCtxSize =3D Sha384GetContextSize ();=0D
-      ShaCtx     =3D AllocateZeroPool (ShaCtxSize);=0D
-=0D
-      Status =3D Sha384Init (ShaCtx);=0D
-      if (!Status) {=0D
-        return FALSE;=0D
-      }=0D
-=0D
-      Status =3D Sha384Update (ShaCtx, Message, MsgSize);=0D
-      if (!Status) {=0D
-        FreePool (ShaCtx);=0D
+      MdAlg =3D MBEDTLS_MD_SHA384;=0D
+      if (mbedtls_sha512 (Message, MsgSize, HashValue, TRUE) !=3D 0) {=0D
         return FALSE;=0D
       }=0D
 =0D
-      Status =3D Sha384Final (ShaCtx, HashValue);=0D
-      if (!Status) {=0D
-        FreePool (ShaCtx);=0D
-        return FALSE;=0D
-      }=0D
-=0D
-      FreePool (ShaCtx);=0D
       break;=0D
 =0D
     case SHA512_DIGEST_SIZE:=0D
-      md_alg     =3D MBEDTLS_MD_SHA512;=0D
-      ShaCtxSize =3D Sha512GetContextSize ();=0D
-      ShaCtx     =3D AllocateZeroPool (ShaCtxSize);=0D
-=0D
-      Status =3D Sha512Init (ShaCtx);=0D
-      if (!Status) {=0D
-        return FALSE;=0D
-      }=0D
-=0D
-      Status =3D Sha512Update (ShaCtx, Message, MsgSize);=0D
-      if (!Status) {=0D
-        FreePool (ShaCtx);=0D
-        return FALSE;=0D
-      }=0D
-=0D
-      Status =3D Sha512Final (ShaCtx, HashValue);=0D
-      if (!Status) {=0D
-        FreePool (ShaCtx);=0D
+      MdAlg =3D MBEDTLS_MD_SHA512;=0D
+      if (mbedtls_sha512 (Message, MsgSize, HashValue, FALSE) !=3D 0) {=0D
         return FALSE;=0D
       }=0D
 =0D
-      FreePool (ShaCtx);=0D
       break;=0D
 =0D
     default:=0D
@@ -157,11 +105,11 @@ RsaPssVerify (
     return FALSE;=0D
   }=0D
 =0D
-  mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V21, md_alg);=0D
+  mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V21, MdAlg);=0D
 =0D
   Ret =3D mbedtls_rsa_rsassa_pss_verify (=0D
           RsaContext,=0D
-          md_alg,=0D
+          MdAlg,=0D
           (UINT32)DigestLen,=0D
           HashValue,=0D
           Signature=0D
--=20
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117223): https://edk2.groups.io/g/devel/message/117223
Mute This Topic: https://groups.io/mt/105210162/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-