From: "Wenxing Hou" <wenxing.hou@intel.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>, Yi Li <yi1.li@intel.com>
Subject: [edk2-devel] [PATCH v3 03/11] CryptoPkg: Add Pem APIs based on Mbedtls
Date: Thu, 9 May 2024 14:26:52 +0800 [thread overview]
Message-ID: <20240509062700.2062-4-wenxing.hou@intel.com> (raw)
In-Reply-To: <20240509062700.2062-1-wenxing.hou@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
Implement Pem API based on Mbedtls.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yi Li <yi1.li@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
---
.../BaseCryptLibMbedTls/Pem/CryptPem.c | 138 ++++++++++++++++++
1 file changed, 138 insertions(+)
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c
new file mode 100644
index 0000000000..56411174dd
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c
@@ -0,0 +1,138 @@
+/** @file
+ PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over MbedTLS.
+
+Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+#include <mbedtls/pem.h>
+#include <mbedtls/pk.h>
+#include <mbedtls/rsa.h>
+#include <mbedtls/ecp.h>
+#include <mbedtls/ecdh.h>
+#include <mbedtls/ecdsa.h>
+
+/**
+ Retrieve the RSA Private Key from the password-protected PEM key data.
+
+ @param[in] PemData Pointer to the PEM-encoded key data to be retrieved.
+ @param[in] PemSize Size of the PEM key data in bytes.
+ @param[in] Password NULL-terminated passphrase used for encrypted PEM key data.
+ @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved
+ RSA private key component. Use RsaFree() function to free the
+ resource.
+
+ If PemData is NULL, then return FALSE.
+ If RsaContext is NULL, then return FALSE.
+
+ @retval TRUE RSA Private Key was retrieved successfully.
+ @retval FALSE Invalid PEM key data or incorrect password.
+
+**/
+BOOLEAN
+EFIAPI
+RsaGetPrivateKeyFromPem (
+ IN CONST UINT8 *PemData,
+ IN UINTN PemSize,
+ IN CONST CHAR8 *Password,
+ OUT VOID **RsaContext
+ )
+{
+ INT32 Ret;
+ mbedtls_pk_context Pk;
+ mbedtls_rsa_context *Rsa;
+ UINT8 *NewPemData;
+ UINTN PasswordLen;
+
+ if ((PemData == NULL) || (RsaContext == NULL) || (PemSize > INT_MAX)) {
+ return FALSE;
+ }
+
+ NewPemData = NULL;
+ if (PemData[PemSize - 1] != 0) {
+ NewPemData = AllocateZeroPool (PemSize + 1);
+ if (NewPemData == NULL) {
+ return FALSE;
+ }
+
+ CopyMem (NewPemData, PemData, PemSize + 1);
+ NewPemData[PemSize] = 0;
+ PemData = NewPemData;
+ PemSize += 1;
+ }
+
+ mbedtls_pk_init (&Pk);
+
+ if (Password != NULL) {
+ PasswordLen = AsciiStrLen (Password);
+ } else {
+ PasswordLen = 0;
+ }
+
+ Ret = mbedtls_pk_parse_key (&Pk, PemData, PemSize, (CONST UINT8 *)Password, PasswordLen, NULL, NULL);
+
+ if (NewPemData != NULL) {
+ FreePool (NewPemData);
+ NewPemData = NULL;
+ }
+
+ if (Ret != 0) {
+ mbedtls_pk_free (&Pk);
+ return FALSE;
+ }
+
+ if (mbedtls_pk_get_type (&Pk) != MBEDTLS_PK_RSA) {
+ mbedtls_pk_free (&Pk);
+ return FALSE;
+ }
+
+ Rsa = RsaNew ();
+ if (Rsa == NULL) {
+ mbedtls_pk_free (&Pk);
+ return FALSE;
+ }
+
+ Ret = mbedtls_rsa_copy (Rsa, mbedtls_pk_rsa (Pk));
+ if (Ret != 0) {
+ RsaFree (Rsa);
+ mbedtls_pk_free (&Pk);
+ return FALSE;
+ }
+
+ mbedtls_pk_free (&Pk);
+
+ *RsaContext = Rsa;
+ return TRUE;
+}
+
+/**
+ Retrieve the EC Private Key from the password-protected PEM key data.
+
+ @param[in] PemData Pointer to the PEM-encoded key data to be retrieved.
+ @param[in] PemSize Size of the PEM key data in bytes.
+ @param[in] Password NULL-terminated passphrase used for encrypted PEM key data.
+ @param[out] EcContext Pointer to new-generated EC DSA context which contain the retrieved
+ EC private key component. Use EcFree() function to free the
+ resource.
+
+ If PemData is NULL, then return FALSE.
+ If EcContext is NULL, then return FALSE.
+
+ @retval TRUE EC Private Key was retrieved successfully.
+ @retval FALSE Invalid PEM key data or incorrect password.
+
+**/
+BOOLEAN
+EFIAPI
+EcGetPrivateKeyFromPem (
+ IN CONST UINT8 *PemData,
+ IN UINTN PemSize,
+ IN CONST CHAR8 *Password,
+ OUT VOID **EcContext
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118734): https://edk2.groups.io/g/devel/message/118734
Mute This Topic: https://groups.io/mt/105996829/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2024-05-09 6:27 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-09 6:26 [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on Mbedtls Wenxing Hou
2024-05-09 6:26 ` [edk2-devel] [PATCH v3 01/11] CryptoPkg: Add AeadAesGcm " Wenxing Hou
2024-05-09 6:26 ` [edk2-devel] [PATCH v3 02/11] CryptoPkg: Add rand function for BaseCryptLibMbedTls Wenxing Hou
2024-05-09 6:26 ` Wenxing Hou [this message]
2024-05-09 6:26 ` [edk2-devel] [PATCH v3 04/11] CryptoPkg: Add X509 functions based on Mbedtls Wenxing Hou
2024-05-09 6:26 ` [edk2-devel] [PATCH v3 05/11] CryptoPkg: Add Pkcs7 related " Wenxing Hou
2024-05-09 6:26 ` [edk2-devel] [PATCH v3 06/11] CryptoPkg: Add Pkcs5 " Wenxing Hou
2024-05-09 6:26 ` [edk2-devel] [PATCH v3 07/11] CryptoPkg: Add more RSA related " Wenxing Hou
2024-05-09 6:26 ` [edk2-devel] [PATCH v3 08/11] CryptoPkg: Add AuthenticodeVerify " Wenxing Hou
2024-05-09 6:26 ` [edk2-devel] [PATCH v3 09/11] CryptoPkg: Add ImageTimestampVerify " Wenxing Hou
2024-05-09 6:26 ` [edk2-devel] [PATCH v3 10/11] CryptoPkg: Update *.inf in BaseCryptLibMbedTls Wenxing Hou
2024-05-09 6:27 ` [edk2-devel] [PATCH v3 11/11] Add SHA3/SM3 functions with openssl for Mbedtls Wenxing Hou
2024-05-09 6:54 ` [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on Mbedtls Li, Yi
2024-05-09 8:29 ` Wenxing Hou
2024-05-09 8:33 ` Li, Yi
2024-05-09 8:56 ` Yao, Jiewen
2024-05-09 8:58 ` 回复: " gaoliming via groups.io
2024-05-09 9:34 ` Wenxing Hou
2024-05-09 12:35 ` 回复: [edk2-devel][edk2-stable202405] " gaoliming via groups.io
2024-05-09 22:11 ` Wenxing Hou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240509062700.2062-4-wenxing.hou@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox