From: "Wenxing Hou" <wenxing.hou@intel.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>, Yi Li <yi1.li@intel.com>,
Jiewen Yao <Jiewen.yao@intel.com>
Subject: [edk2-devel] [PATCH v4 00/11] Add more crypt APIs based on Mbedtls
Date: Fri, 17 May 2024 18:26:30 +0800 [thread overview]
Message-ID: <20240517102641.4586-1-wenxing.hou@intel.com> (raw)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
Add AeadAesGcm/Pem(only RSA)/X509(only RSA)/More RSA/PKCS5/pKCS7/Authenticode/Timestamp
implementation based on Mbedtls.
The patch has passed the EDKII CI check:
https://github.com/tianocore/edk2/pull/5645
And the patch has passed unit_test in EDKII and integration test for platform.
And the patch hass passed the fuzz test:
https://github.com/tianocore/edk2-staging/commit/4f19398053c92e4f7791d468a184530b6ab89128
There are three types of newly implemented APIs.
1. First type of APIs pass the platform integration test by some secure features, such as Secure Boot, RPMC, etc.These APIs are:
Sm3GetContextSize/ Sm3Init/Sm3Duplicate/ Sm3Update/Sm3Final/Sm3HashAll/RsaGetPrivateKeyFromPem/AuthenticodeVerify
Pkcs5HashPassword/Pkcs7GetSigners/Pkcs7FreeSigners/Pkcs7Sign/Pkcs7Verify/VerifyEKUsInPkcs7Signature/Pkcs7GetAttachedContent
RsaGetKey/ImageTimestampVerify/X509GetCommonName/X509GetTBSCert/RandomBytes
2. Second type of APIs pass the platform integration test by DevieSecurity. These APIs are:
AeadAesGcmEncrypt/AeadAesGcmDecrypt/RsaGenerateKey/RsaCheckKey/RsaPkcs1Sign/RsaPssSign/X509GetSubjectName
X509GetOrganizationName/X509VerifyCert/X509ConstructCertificate/X509ConstructCertificateStackV/X509ConstructCertificateStack
X509Free/X509StackFree
3. Third type of APIs don't have platform integration, but the API passed the EDKII uint_test. The API is:
Pcs1v2Encrypt
v2 changes:
- Fix format variable name/hardcode number issue;
- Fix Pkcs7 memory leak;
v3 changes:
- Fix some issues form reviewer;
- Add SHA3/SM3 implementation;
- Update *.inf files;
v4 changes:
- Delete SHA3 implementation;
- Complete Sm3 by linking OopensslLib;
- collection data for platform integration test for newly implemented APIs;
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yi Li <yi1.li@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Reviewed-by: Yi Li <yi1.li@intel.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Wenxing Hou (11):
CryptoPkg: Add AeadAesGcm based on Mbedtls
CryptoPkg: Add rand function for BaseCryptLibMbedTls
CryptoPkg: Add Pem APIs based on Mbedtls
CryptoPkg: Add X509 functions based on Mbedtls
CryptoPkg: Add Pkcs7 related functions based on Mbedtls
CryptoPkg: Add Pkcs5 functions based on Mbedtls
CryptoPkg: Add more RSA related functions based on Mbedtls
CryptoPkg: Add AuthenticodeVerify based on Mbedtls
CryptoPkg: Add ImageTimestampVerify based on Mbedtls
CryptoPkg: Update *.inf in BaseCryptLibMbedTls
Add SM3 functions with openssl for Mbedtls
CryptoPkg/CryptoPkgMbedTls.dsc | 1 +
CryptoPkg/Include/Library/BaseCryptLib.h | 4 +
.../BaseCryptLibMbedTls/BaseCryptLib.inf | 43 +-
.../Cipher/CryptAeadAesGcm.c | 227 ++
.../BaseCryptLibMbedTls/Hash/CryptSm3.c | 235 ++
.../BaseCryptLibMbedTls/InternalCryptLib.h | 49 +
.../BaseCryptLibMbedTls/PeiCryptLib.inf | 23 +-
.../BaseCryptLibMbedTls/Pem/CryptPem.c | 138 ++
.../Pk/CryptAuthenticode.c | 214 ++
.../BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c | 278 +++
.../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c | 100 +
.../Pk/CryptPkcs7Internal.h | 29 +-
.../BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c | 635 ++++++
.../Pk/CryptPkcs7VerifyBase.c | 113 +
.../Pk/CryptPkcs7VerifyCommon.c | 1354 ++++++++++++
.../Pk/CryptPkcs7VerifyEku.c | 689 ++++++
.../BaseCryptLibMbedTls/Pk/CryptRsaExt.c | 352 +++
.../BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c | 140 ++
.../Library/BaseCryptLibMbedTls/Pk/CryptTs.c | 381 ++++
.../BaseCryptLibMbedTls/Pk/CryptX509.c | 1940 +++++++++++++++++
.../BaseCryptLibMbedTls/Rand/CryptRand.c | 114 +
.../BaseCryptLibMbedTls/Rand/CryptRandTsc.c | 114 +
.../BaseCryptLibMbedTls/RuntimeCryptLib.inf | 27 +-
.../BaseCryptLibMbedTls/SecCryptLib.inf | 1 -
.../BaseCryptLibMbedTls/SmmCryptLib.inf | 32 +-
.../SysCall/BaseMemAllocation.c | 122 ++
.../SysCall/DummyOpensslSupport.c | 571 +++++
.../SysCall/UnitTestHostCrtWrapper.c | 63 +
.../BaseCryptLibMbedTls/TestBaseCryptLib.inf | 40 +-
29 files changed, 7946 insertions(+), 83 deletions(-)
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSm3.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticode.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyBase.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEku.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTs.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandTsc.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/BaseMemAllocation.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/DummyOpensslSupport.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/UnitTestHostCrtWrapper.c
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119027): https://edk2.groups.io/g/devel/message/119027
Mute This Topic: https://groups.io/mt/106151214/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next reply other threads:[~2024-05-17 10:26 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-17 10:26 Wenxing Hou [this message]
2024-05-17 10:26 ` [edk2-devel] [PATCH v4 01/11] CryptoPkg: Add AeadAesGcm based on Mbedtls Wenxing Hou
2024-05-17 10:26 ` [edk2-devel] [PATCH v4 02/11] CryptoPkg: Add rand function for BaseCryptLibMbedTls Wenxing Hou
2024-05-17 10:26 ` [edk2-devel] [PATCH v4 03/11] CryptoPkg: Add Pem APIs based on Mbedtls Wenxing Hou
2024-05-17 10:26 ` [edk2-devel] [PATCH v4 04/11] CryptoPkg: Add X509 functions " Wenxing Hou
2024-05-17 10:26 ` [edk2-devel] [PATCH v4 05/11] CryptoPkg: Add Pkcs7 related " Wenxing Hou
2024-05-17 10:26 ` [edk2-devel] [PATCH v4 06/11] CryptoPkg: Add Pkcs5 " Wenxing Hou
2024-05-17 10:26 ` [edk2-devel] [PATCH v4 07/11] CryptoPkg: Add more RSA related " Wenxing Hou
2024-05-17 10:26 ` [edk2-devel] [PATCH v4 08/11] CryptoPkg: Add AuthenticodeVerify " Wenxing Hou
2024-05-17 10:26 ` [edk2-devel] [PATCH v4 09/11] CryptoPkg: Add ImageTimestampVerify " Wenxing Hou
2024-05-17 10:26 ` [edk2-devel] [PATCH v4 10/11] CryptoPkg: Update *.inf in BaseCryptLibMbedTls Wenxing Hou
2024-05-17 10:26 ` [edk2-devel] [PATCH v4 11/11] Add SM3 functions with openssl for Mbedtls Wenxing Hou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240517102641.4586-1-wenxing.hou@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox