From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+119027+7686176+12367111@groups.io>
Received: from mail05.groups.io (mail05.groups.io [45.79.224.7])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 2D96074003D
	for <rebecca@openfw.io>; Fri, 17 May 2024 10:26:47 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=B1Sooc0iUAZ4c+1uP7CrDrFskW4KOLGdb5emmTXl+Mo=;
 c=relaxed/simple; d=groups.io;
 h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding;
 s=20240206; t=1715941606; v=1;
 b=1+dcrADm7ONVaaixnoUfWNx+0IVt/HPxo7hveyFSpAqu7MQ609yPiVnWBfSlEOTIz9Ci69zX
 kuSurvx7pL4ApI7Lud3uAsc8gxXiQdHCiA4X3n6dqRgX/271VNDf8xmrVOCkZ7w0CVgPxhNqpqm
 uEgjhtWxLKVWqsVZEwzi4m3KTF+Y3S+fSpvBPifXFmxdX/oNaWNQcw9B5DmwifLgLY31Jlen4yV
 yZd3nGeuhaIDkjkpR6CFNGGwmDSuvSVRnskbwdWnX/GUaWcWatvEaXIGiIZvajxBZWNOYJAmnTf
 pmNgxH4DLQKURojO0ke4r4m+VURgR2TlUA9Gm6elDPyjw==
X-Received: by 127.0.0.2 with SMTP id 2VpzYY7687511xS3sqU4CvWr; Fri, 17 May 2024 03:26:46 -0700
X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.7])
 by mx.groups.io with SMTP id smtpd.web10.36833.1715941605520178194
 for <devel@edk2.groups.io>;
 Fri, 17 May 2024 03:26:45 -0700
X-CSE-ConnectionGUID: 8QoNGBHBSGqgCKpfOn4LHg==
X-CSE-MsgGUID: T2A6tLCaTiOq7Znb/GTNtA==
X-IronPort-AV: E=McAfee;i="6600,9927,11074"; a="37488608"
X-IronPort-AV: E=Sophos;i="6.08,167,1712646000"; 
   d="scan'208";a="37488608"
X-Received: from orviesa006.jf.intel.com ([10.64.159.146])
  by fmvoesa101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 May 2024 03:26:45 -0700
X-CSE-ConnectionGUID: kL+URRu1QD+p0fxGF7WXlg==
X-CSE-MsgGUID: BKMT41NrRs2xwDByG4yoeA==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.08,167,1712646000"; 
   d="scan'208";a="32171503"
X-Received: from shwdejointd777.ccr.corp.intel.com ([10.239.58.116])
  by orviesa006.jf.intel.com with ESMTP; 17 May 2024 03:26:44 -0700
From: "Wenxing Hou" <wenxing.hou@intel.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>,
	Yi Li <yi1.li@intel.com>,
	Jiewen Yao <Jiewen.yao@intel.com>
Subject: [edk2-devel] [PATCH v4 00/11] Add more crypt APIs based on Mbedtls
Date: Fri, 17 May 2024 18:26:30 +0800
Message-Id: <20240517102641.4586-1-wenxing.hou@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Fri, 17 May 2024 03:26:45 -0700
Resent-From: wenxing.hou@intel.com
Reply-To: devel@edk2.groups.io,wenxing.hou@intel.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: b93IiPR37PA77QbdvgzsMVyex7686176AA=
Content-Transfer-Encoding: 8bit
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240206 header.b=1+dcrADm;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Add AeadAesGcm/Pem(only RSA)/X509(only RSA)/More RSA/PKCS5/pKCS7/Authenticode/Timestamp
implementation based on Mbedtls.

The patch has passed the EDKII CI check:
https://github.com/tianocore/edk2/pull/5645

And the patch has passed unit_test in EDKII and integration test for platform.
And the patch hass passed the fuzz test:
https://github.com/tianocore/edk2-staging/commit/4f19398053c92e4f7791d468a184530b6ab89128


There are three types of newly implemented APIs.
1.	First type of APIs pass the platform integration test by some secure features, such as Secure Boot, RPMC, etc.These APIs are: 
Sm3GetContextSize/ Sm3Init/Sm3Duplicate/ Sm3Update/Sm3Final/Sm3HashAll/RsaGetPrivateKeyFromPem/AuthenticodeVerify
Pkcs5HashPassword/Pkcs7GetSigners/Pkcs7FreeSigners/Pkcs7Sign/Pkcs7Verify/VerifyEKUsInPkcs7Signature/Pkcs7GetAttachedContent
RsaGetKey/ImageTimestampVerify/X509GetCommonName/X509GetTBSCert/RandomBytes

2.	Second type of APIs pass the platform integration test by DevieSecurity. These APIs are: 
AeadAesGcmEncrypt/AeadAesGcmDecrypt/RsaGenerateKey/RsaCheckKey/RsaPkcs1Sign/RsaPssSign/X509GetSubjectName
X509GetOrganizationName/X509VerifyCert/X509ConstructCertificate/X509ConstructCertificateStackV/X509ConstructCertificateStack
X509Free/X509StackFree

3.	Third type of APIs don't have platform integration, but the API passed the EDKII uint_test. The API is:
Pcs1v2Encrypt

v2 changes:
 - Fix format variable name/hardcode number issue;
 - Fix Pkcs7 memory leak;

v3 changes:
 - Fix some issues form reviewer;
 - Add SHA3/SM3 implementation;
 - Update *.inf files;

v4 changes:
 - Delete SHA3 implementation;
 - Complete Sm3 by linking OopensslLib;
 - collection data for platform integration test for newly implemented APIs;

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yi Li <yi1.li@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Reviewed-by: Yi Li <yi1.li@intel.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>

Wenxing Hou (11):
  CryptoPkg: Add AeadAesGcm based on Mbedtls
  CryptoPkg: Add rand function for BaseCryptLibMbedTls
  CryptoPkg: Add Pem APIs based on Mbedtls
  CryptoPkg: Add X509 functions based on Mbedtls
  CryptoPkg: Add Pkcs7 related functions based on Mbedtls
  CryptoPkg: Add Pkcs5 functions based on Mbedtls
  CryptoPkg: Add more RSA related functions based on Mbedtls
  CryptoPkg: Add AuthenticodeVerify based on Mbedtls
  CryptoPkg: Add ImageTimestampVerify based on Mbedtls
  CryptoPkg: Update *.inf in BaseCryptLibMbedTls
  Add SM3 functions with openssl for Mbedtls

 CryptoPkg/CryptoPkgMbedTls.dsc                |    1 +
 CryptoPkg/Include/Library/BaseCryptLib.h      |    4 +
 .../BaseCryptLibMbedTls/BaseCryptLib.inf      |   43 +-
 .../Cipher/CryptAeadAesGcm.c                  |  227 ++
 .../BaseCryptLibMbedTls/Hash/CryptSm3.c       |  235 ++
 .../BaseCryptLibMbedTls/InternalCryptLib.h    |   49 +
 .../BaseCryptLibMbedTls/PeiCryptLib.inf       |   23 +-
 .../BaseCryptLibMbedTls/Pem/CryptPem.c        |  138 ++
 .../Pk/CryptAuthenticode.c                    |  214 ++
 .../BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c   |  278 +++
 .../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c |  100 +
 .../Pk/CryptPkcs7Internal.h                   |   29 +-
 .../BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c   |  635 ++++++
 .../Pk/CryptPkcs7VerifyBase.c                 |  113 +
 .../Pk/CryptPkcs7VerifyCommon.c               | 1354 ++++++++++++
 .../Pk/CryptPkcs7VerifyEku.c                  |  689 ++++++
 .../BaseCryptLibMbedTls/Pk/CryptRsaExt.c      |  352 +++
 .../BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c  |  140 ++
 .../Library/BaseCryptLibMbedTls/Pk/CryptTs.c  |  381 ++++
 .../BaseCryptLibMbedTls/Pk/CryptX509.c        | 1940 +++++++++++++++++
 .../BaseCryptLibMbedTls/Rand/CryptRand.c      |  114 +
 .../BaseCryptLibMbedTls/Rand/CryptRandTsc.c   |  114 +
 .../BaseCryptLibMbedTls/RuntimeCryptLib.inf   |   27 +-
 .../BaseCryptLibMbedTls/SecCryptLib.inf       |    1 -
 .../BaseCryptLibMbedTls/SmmCryptLib.inf       |   32 +-
 .../SysCall/BaseMemAllocation.c               |  122 ++
 .../SysCall/DummyOpensslSupport.c             |  571 +++++
 .../SysCall/UnitTestHostCrtWrapper.c          |   63 +
 .../BaseCryptLibMbedTls/TestBaseCryptLib.inf  |   40 +-
 29 files changed, 7946 insertions(+), 83 deletions(-)
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSm3.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticode.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyBase.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEku.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTs.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandTsc.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/BaseMemAllocation.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/DummyOpensslSupport.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/UnitTestHostCrtWrapper.c

-- 
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119027): https://edk2.groups.io/g/devel/message/119027
Mute This Topic: https://groups.io/mt/106151214/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-