From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+118734+7686176+12367111@groups.io>
Received: from mail05.groups.io (mail05.groups.io [45.79.224.7])
	by spool.mail.gandi.net (Postfix) with ESMTPS id CAC6F7803CC
	for <rebecca@openfw.io>; Thu,  9 May 2024 06:27:10 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=O0f+Ws5bgLCVCNt+EYJkXr3UJ1U4+5krwqGolPBrlPM=;
 c=relaxed/simple; d=groups.io;
 h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding;
 s=20240206; t=1715236029; v=1;
 b=NhtkZNPFQ9V5om8z42/QQpDYENCj7X/3pbIfqPUfWkNmaH13eWhKE6/qKGOT0nFU7wSAkMPA
 3Ngmb1O8JZFKy34K6gQYhE7v1usGijmM4N/K6Px2g6g9hb+qhvLvQAeTn4+6MxNrECroLU/hVzW
 7oI1CJo1+pQGPXQj4hUzIiaSHzMG5mYD2uBhsde/qb1SN2sD36CQmEeHJAkxgH17TbHFYT6UyN6
 FOo8LSoqYEnBwCixeiXPIEcHOsxc9houjVROcmwDsfq+NUEINKm8KH/aHVqK0wfaEIGTV4pW/OG
 kHjvpusvxs/EJhq+H4Gm94WmRMaA6dR8YzrnRcKsizkxA==
X-Received: by 127.0.0.2 with SMTP id 8OQeYY7687511xxOGa4P4KT2; Wed, 08 May 2024 23:27:09 -0700
X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.12])
 by mx.groups.io with SMTP id smtpd.web10.3998.1715236024155799791
 for <devel@edk2.groups.io>;
 Wed, 08 May 2024 23:27:07 -0700
X-CSE-ConnectionGUID: 1WqZ1Za3RDWKwoEwprxQhQ==
X-CSE-MsgGUID: ssu4yFpoRSyBF4mme5Jkaw==
X-IronPort-AV: E=McAfee;i="6600,9927,11067"; a="14946400"
X-IronPort-AV: E=Sophos;i="6.08,147,1712646000"; 
   d="scan'208";a="14946400"
X-Received: from fmviesa001.fm.intel.com ([10.60.135.141])
  by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 May 2024 23:27:07 -0700
X-CSE-ConnectionGUID: oKfolYQtRoufMd6S4cqkyg==
X-CSE-MsgGUID: b1mpEbbhT7yur5eulvMDsw==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.08,147,1712646000"; 
   d="scan'208";a="60305901"
X-Received: from shwdejointd777.ccr.corp.intel.com ([10.239.58.116])
  by fmviesa001.fm.intel.com with ESMTP; 08 May 2024 23:27:06 -0700
From: "Wenxing Hou" <wenxing.hou@intel.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>,
	Yi Li <yi1.li@intel.com>
Subject: [edk2-devel] [PATCH v3 03/11] CryptoPkg: Add Pem APIs based on Mbedtls
Date: Thu,  9 May 2024 14:26:52 +0800
Message-Id: <20240509062700.2062-4-wenxing.hou@intel.com>
In-Reply-To: <20240509062700.2062-1-wenxing.hou@intel.com>
References: <20240509062700.2062-1-wenxing.hou@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Wed, 08 May 2024 23:27:07 -0700
Resent-From: wenxing.hou@intel.com
Reply-To: devel@edk2.groups.io,wenxing.hou@intel.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: u8A1qznw1KNGmvfxqLDeWk8Dx7686176AA=
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240206 header.b=NhtkZNPF;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4177

Implement Pem API based on Mbedtls.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yi Li <yi1.li@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
---
 .../BaseCryptLibMbedTls/Pem/CryptPem.c        | 138 ++++++++++++++++++
 1 file changed, 138 insertions(+)
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c

diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c b/CryptoP=
kg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c
new file mode 100644
index 0000000000..56411174dd
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c
@@ -0,0 +1,138 @@
+/** @file=0D
+  PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over M=
bedTLS.=0D
+=0D
+Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>=0D
+SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+=0D
+**/=0D
+=0D
+#include "InternalCryptLib.h"=0D
+#include <mbedtls/pem.h>=0D
+#include <mbedtls/pk.h>=0D
+#include <mbedtls/rsa.h>=0D
+#include <mbedtls/ecp.h>=0D
+#include <mbedtls/ecdh.h>=0D
+#include <mbedtls/ecdsa.h>=0D
+=0D
+/**=0D
+  Retrieve the RSA Private Key from the password-protected PEM key data.=0D
+=0D
+  @param[in]  PemData      Pointer to the PEM-encoded key data to be retri=
eved.=0D
+  @param[in]  PemSize      Size of the PEM key data in bytes.=0D
+  @param[in]  Password     NULL-terminated passphrase used for encrypted P=
EM key data.=0D
+  @param[out] RsaContext   Pointer to new-generated RSA context which cont=
ain the retrieved=0D
+                           RSA private key component. Use RsaFree() functi=
on to free the=0D
+                           resource.=0D
+=0D
+  If PemData is NULL, then return FALSE.=0D
+  If RsaContext is NULL, then return FALSE.=0D
+=0D
+  @retval  TRUE   RSA Private Key was retrieved successfully.=0D
+  @retval  FALSE  Invalid PEM key data or incorrect password.=0D
+=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+RsaGetPrivateKeyFromPem (=0D
+  IN   CONST UINT8  *PemData,=0D
+  IN   UINTN        PemSize,=0D
+  IN   CONST CHAR8  *Password,=0D
+  OUT  VOID         **RsaContext=0D
+  )=0D
+{=0D
+  INT32                Ret;=0D
+  mbedtls_pk_context   Pk;=0D
+  mbedtls_rsa_context  *Rsa;=0D
+  UINT8                *NewPemData;=0D
+  UINTN                PasswordLen;=0D
+=0D
+  if ((PemData =3D=3D NULL) || (RsaContext =3D=3D NULL) || (PemSize > INT_=
MAX)) {=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  NewPemData =3D NULL;=0D
+  if (PemData[PemSize - 1] !=3D 0) {=0D
+    NewPemData =3D AllocateZeroPool (PemSize + 1);=0D
+    if (NewPemData =3D=3D NULL) {=0D
+      return FALSE;=0D
+    }=0D
+=0D
+    CopyMem (NewPemData, PemData, PemSize + 1);=0D
+    NewPemData[PemSize] =3D 0;=0D
+    PemData             =3D NewPemData;=0D
+    PemSize            +=3D 1;=0D
+  }=0D
+=0D
+  mbedtls_pk_init (&Pk);=0D
+=0D
+  if (Password !=3D NULL) {=0D
+    PasswordLen =3D AsciiStrLen (Password);=0D
+  } else {=0D
+    PasswordLen =3D 0;=0D
+  }=0D
+=0D
+  Ret =3D mbedtls_pk_parse_key (&Pk, PemData, PemSize, (CONST UINT8 *)Pass=
word, PasswordLen, NULL, NULL);=0D
+=0D
+  if (NewPemData !=3D NULL) {=0D
+    FreePool (NewPemData);=0D
+    NewPemData =3D NULL;=0D
+  }=0D
+=0D
+  if (Ret !=3D 0) {=0D
+    mbedtls_pk_free (&Pk);=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  if (mbedtls_pk_get_type (&Pk) !=3D MBEDTLS_PK_RSA) {=0D
+    mbedtls_pk_free (&Pk);=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  Rsa =3D RsaNew ();=0D
+  if (Rsa =3D=3D NULL) {=0D
+    mbedtls_pk_free (&Pk);=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  Ret =3D mbedtls_rsa_copy (Rsa, mbedtls_pk_rsa (Pk));=0D
+  if (Ret !=3D 0) {=0D
+    RsaFree (Rsa);=0D
+    mbedtls_pk_free (&Pk);=0D
+    return FALSE;=0D
+  }=0D
+=0D
+  mbedtls_pk_free (&Pk);=0D
+=0D
+  *RsaContext =3D Rsa;=0D
+  return TRUE;=0D
+}=0D
+=0D
+/**=0D
+  Retrieve the EC Private Key from the password-protected PEM key data.=0D
+=0D
+  @param[in]  PemData      Pointer to the PEM-encoded key data to be retri=
eved.=0D
+  @param[in]  PemSize      Size of the PEM key data in bytes.=0D
+  @param[in]  Password     NULL-terminated passphrase used for encrypted P=
EM key data.=0D
+  @param[out] EcContext    Pointer to new-generated EC DSA context which c=
ontain the retrieved=0D
+                           EC private key component. Use EcFree() function=
 to free the=0D
+                           resource.=0D
+=0D
+  If PemData is NULL, then return FALSE.=0D
+  If EcContext is NULL, then return FALSE.=0D
+=0D
+  @retval  TRUE   EC Private Key was retrieved successfully.=0D
+  @retval  FALSE  Invalid PEM key data or incorrect password.=0D
+=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+EcGetPrivateKeyFromPem (=0D
+  IN   CONST UINT8  *PemData,=0D
+  IN   UINTN        PemSize,=0D
+  IN   CONST CHAR8  *Password,=0D
+  OUT  VOID         **EcContext=0D
+  )=0D
+{=0D
+  ASSERT (FALSE);=0D
+  return FALSE;=0D
+}=0D
--=20
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118734): https://edk2.groups.io/g/devel/message/118734
Mute This Topic: https://groups.io/mt/105996829/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-