From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id B2D767803D1 for ; Thu, 9 May 2024 06:27:12 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=PSWSo0pl9D/NkS4ZA6QA4mCnDqwwDYOT6lQLQhE2ovs=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1715236031; v=1; b=vTj0PbtRhr6RjJalxQNEpWCkTkb64CExhOGpmfS/bJSsepvM/C14VTWOyvpQX8pwqNsHHXoC gY9Bi/Ej3wRoCbqXyuivz4VLPePrwP7ZLMPf5raRQu225WzczvKC4J43EQAL+U3Ey1MiE/EUvhW cnOViqJy6z45F6Gu7ivSHLVPMuuaOEuRybdJx/D5Mb9uRWgnB6kTE1nAFpwb0tt1JVKWiceOZF0 cBnhxGg/VDdhmnNR3U+N/y6qfXnKPXIx6DqACTtPv8gN7QKpXsyVOHouc3sHkHwPNN0hXZwDOfs SwkoOv7YHA5qGzxlXi9xeGhihxS95o1WYAMmo6duQzmOA== X-Received: by 127.0.0.2 with SMTP id tBhfYY7687511x2WZI0pdA8Y; Wed, 08 May 2024 23:27:11 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.12]) by mx.groups.io with SMTP id smtpd.web10.3998.1715236024155799791 for ; Wed, 08 May 2024 23:27:04 -0700 X-CSE-ConnectionGUID: i/0415VKSZCless/4e9yyw== X-CSE-MsgGUID: +kvmgitYRsWL5ZY8ZzscCg== X-IronPort-AV: E=McAfee;i="6600,9927,11067"; a="14946389" X-IronPort-AV: E=Sophos;i="6.08,147,1712646000"; d="scan'208";a="14946389" X-Received: from fmviesa001.fm.intel.com ([10.60.135.141]) by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 May 2024 23:27:04 -0700 X-CSE-ConnectionGUID: SaH2km9QRt2M3BKkvtXlEw== X-CSE-MsgGUID: zf9CnvE4RlmFh2f03i4n1A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.08,147,1712646000"; d="scan'208";a="60305886" X-Received: from shwdejointd777.ccr.corp.intel.com ([10.239.58.116]) by fmviesa001.fm.intel.com with ESMTP; 08 May 2024 23:27:02 -0700 From: "Wenxing Hou" To: devel@edk2.groups.io Cc: Jiewen Yao , Yi Li Subject: [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on Mbedtls Date: Thu, 9 May 2024 14:26:49 +0800 Message-Id: <20240509062700.2062-1-wenxing.hou@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Wed, 08 May 2024 23:27:04 -0700 Resent-From: wenxing.hou@intel.com Reply-To: devel@edk2.groups.io,wenxing.hou@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: RMVjK6YCocvdzpP1xF5tycXBx7686176AA= Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=vTj0PbtR; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Add AeadAesGcm/Pem(only RSA)/X509(only RSA)/More RSA/PKCS5/pKCS7/Authenticode/Timestamp implementation based on Mbedtls. The patch has passed the EDKII CI check: https://github.com/tianocore/edk2/pull/5552 And the patch has passed unit_test in EDKII and integration test for platform. And the patch hass passed the fuzz test: https://github.com/tianocore/edk2-staging/commit/4f19398053c92e4f7791d468a184530b6ab89128 v2 changes: - Fix format variable name/hardcode number issue; - Fix Pkcs7 memory leak; v3 changes: - Fix some issues form reviewer; - Add SHA3/SM3 implementation; - Update *.inf files; Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Wenxing Hou (11): CryptoPkg: Add AeadAesGcm based on Mbedtls CryptoPkg: Add rand function for BaseCryptLibMbedTls CryptoPkg: Add Pem APIs based on Mbedtls CryptoPkg: Add X509 functions based on Mbedtls CryptoPkg: Add Pkcs7 related functions based on Mbedtls CryptoPkg: Add Pkcs5 functions based on Mbedtls CryptoPkg: Add more RSA related functions based on Mbedtls CryptoPkg: Add AuthenticodeVerify based on Mbedtls CryptoPkg: Add ImageTimestampVerify based on Mbedtls CryptoPkg: Update *.inf in BaseCryptLibMbedTls Add SHA3/SM3 functions with openssl for Mbedtls CryptoPkg/Include/Library/BaseCryptLib.h | 4 + .../BaseCryptLibMbedTls/BaseCryptLib.inf | 47 +- .../Cipher/CryptAeadAesGcm.c | 227 ++ .../BaseCryptLibMbedTls/InternalCryptLib.h | 49 + .../BaseCryptLibMbedTls/PeiCryptLib.inf | 27 +- .../BaseCryptLibMbedTls/Pem/CryptPem.c | 138 ++ .../Pk/CryptAuthenticode.c | 214 ++ .../BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c | 278 +++ .../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c | 100 + .../Pk/CryptPkcs7Internal.h | 29 +- .../BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c | 635 ++++++ .../Pk/CryptPkcs7VerifyBase.c | 113 + .../Pk/CryptPkcs7VerifyCommon.c | 1354 ++++++++++++ .../Pk/CryptPkcs7VerifyEku.c | 689 ++++++ .../BaseCryptLibMbedTls/Pk/CryptRsaExt.c | 352 +++ .../BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c | 140 ++ .../Library/BaseCryptLibMbedTls/Pk/CryptTs.c | 381 ++++ .../BaseCryptLibMbedTls/Pk/CryptX509.c | 1940 +++++++++++++++++ .../BaseCryptLibMbedTls/Rand/CryptRand.c | 114 + .../BaseCryptLibMbedTls/Rand/CryptRandTsc.c | 114 + .../BaseCryptLibMbedTls/RuntimeCryptLib.inf | 26 +- .../BaseCryptLibMbedTls/SmmCryptLib.inf | 36 +- .../BaseCryptLibMbedTls/TestBaseCryptLib.inf | 39 +- CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf | 6 + .../Library/MbedTlsLib/MbedTlsLibFull.inf | 6 + 25 files changed, 6973 insertions(+), 85 deletions(-) create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticode.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyBase.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEku.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTs.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandTsc.c -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118731): https://edk2.groups.io/g/devel/message/118731 Mute This Topic: https://groups.io/mt/105996826/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-