From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id B5B7F78003C for ; Fri, 17 May 2024 10:26:52 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=/eCWwozPK/7KNV7d/8P6IQdkGeHB2/aYhwR+Y3IZ044=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1715941611; v=1; b=Zs3YG1RfSwsNatfYMSC5mU2+xCGJGSQICE5lI0YMbvIb2bC8yb6sRa5oF2iaygwIXZdOHCXN bJx9McvQ7qL16/n6Kwd1SzxgLvXZhi+FboY89UYF1bxPDnhTy94ue9xJ2tck6lvPn1OjpTuyEt2 +Fu5q2l56s3p8hckUVQBeSVwywcPwOIfZTe7ZjZJCUjCkuk3HtFZmNOkO553y0pnxEpZM/FqcjQ Q9wTSnhAiUFcpUDKANtCzQLnGl5fx3hRU1zIZLG2CgxH1o1N6E5Ku8TZxuwpiEDPMHFGL5pcklQ HDrQFVtZ9l9Kzt3qv+tsHEwVmJc32zebGVEzOkAbOcYCw== X-Received: by 127.0.0.2 with SMTP id F2zwYY7687511xlyOBVkSErp; Fri, 17 May 2024 03:26:51 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.7]) by mx.groups.io with SMTP id smtpd.web10.36833.1715941605520178194 for ; Fri, 17 May 2024 03:26:50 -0700 X-CSE-ConnectionGUID: gKbU8EmGRrWtFdO7mmdpGw== X-CSE-MsgGUID: JbqhqfhwTZaQnGftqQb6Dw== X-IronPort-AV: E=McAfee;i="6600,9927,11074"; a="37488616" X-IronPort-AV: E=Sophos;i="6.08,167,1712646000"; d="scan'208";a="37488616" X-Received: from orviesa006.jf.intel.com ([10.64.159.146]) by fmvoesa101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 May 2024 03:26:50 -0700 X-CSE-ConnectionGUID: xBFdsgBURguceWdfM8rCCQ== X-CSE-MsgGUID: N0j6QpBVTQu51K0f3PD/3w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.08,167,1712646000"; d="scan'208";a="32171514" X-Received: from shwdejointd777.ccr.corp.intel.com ([10.239.58.116]) by orviesa006.jf.intel.com with ESMTP; 17 May 2024 03:26:49 -0700 From: "Wenxing Hou" To: devel@edk2.groups.io Cc: Jiewen Yao , Yi Li , Jiewen Yao Subject: [edk2-devel] [PATCH v4 03/11] CryptoPkg: Add Pem APIs based on Mbedtls Date: Fri, 17 May 2024 18:26:33 +0800 Message-Id: <20240517102641.4586-4-wenxing.hou@intel.com> In-Reply-To: <20240517102641.4586-1-wenxing.hou@intel.com> References: <20240517102641.4586-1-wenxing.hou@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Fri, 17 May 2024 03:26:50 -0700 Resent-From: wenxing.hou@intel.com Reply-To: devel@edk2.groups.io,wenxing.hou@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: Zr8KuTDEha8BPQ7YLdAQIUZMx7686176AA= Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=Zs3YG1Rf; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4177 Implement Pem API based on Mbedtls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Reviewed-by: Yi Li Acked-by: Jiewen Yao --- .../BaseCryptLibMbedTls/Pem/CryptPem.c | 138 ++++++++++++++++++ 1 file changed, 138 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c b/CryptoP= kg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c new file mode 100644 index 0000000000..56411174dd --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c @@ -0,0 +1,138 @@ +/** @file=0D + PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over M= bedTLS.=0D +=0D +Copyright (c) 2024, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include "InternalCryptLib.h"=0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +=0D +/**=0D + Retrieve the RSA Private Key from the password-protected PEM key data.=0D +=0D + @param[in] PemData Pointer to the PEM-encoded key data to be retri= eved.=0D + @param[in] PemSize Size of the PEM key data in bytes.=0D + @param[in] Password NULL-terminated passphrase used for encrypted P= EM key data.=0D + @param[out] RsaContext Pointer to new-generated RSA context which cont= ain the retrieved=0D + RSA private key component. Use RsaFree() functi= on to free the=0D + resource.=0D +=0D + If PemData is NULL, then return FALSE.=0D + If RsaContext is NULL, then return FALSE.=0D +=0D + @retval TRUE RSA Private Key was retrieved successfully.=0D + @retval FALSE Invalid PEM key data or incorrect password.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaGetPrivateKeyFromPem (=0D + IN CONST UINT8 *PemData,=0D + IN UINTN PemSize,=0D + IN CONST CHAR8 *Password,=0D + OUT VOID **RsaContext=0D + )=0D +{=0D + INT32 Ret;=0D + mbedtls_pk_context Pk;=0D + mbedtls_rsa_context *Rsa;=0D + UINT8 *NewPemData;=0D + UINTN PasswordLen;=0D +=0D + if ((PemData =3D=3D NULL) || (RsaContext =3D=3D NULL) || (PemSize > INT_= MAX)) {=0D + return FALSE;=0D + }=0D +=0D + NewPemData =3D NULL;=0D + if (PemData[PemSize - 1] !=3D 0) {=0D + NewPemData =3D AllocateZeroPool (PemSize + 1);=0D + if (NewPemData =3D=3D NULL) {=0D + return FALSE;=0D + }=0D +=0D + CopyMem (NewPemData, PemData, PemSize + 1);=0D + NewPemData[PemSize] =3D 0;=0D + PemData =3D NewPemData;=0D + PemSize +=3D 1;=0D + }=0D +=0D + mbedtls_pk_init (&Pk);=0D +=0D + if (Password !=3D NULL) {=0D + PasswordLen =3D AsciiStrLen (Password);=0D + } else {=0D + PasswordLen =3D 0;=0D + }=0D +=0D + Ret =3D mbedtls_pk_parse_key (&Pk, PemData, PemSize, (CONST UINT8 *)Pass= word, PasswordLen, NULL, NULL);=0D +=0D + if (NewPemData !=3D NULL) {=0D + FreePool (NewPemData);=0D + NewPemData =3D NULL;=0D + }=0D +=0D + if (Ret !=3D 0) {=0D + mbedtls_pk_free (&Pk);=0D + return FALSE;=0D + }=0D +=0D + if (mbedtls_pk_get_type (&Pk) !=3D MBEDTLS_PK_RSA) {=0D + mbedtls_pk_free (&Pk);=0D + return FALSE;=0D + }=0D +=0D + Rsa =3D RsaNew ();=0D + if (Rsa =3D=3D NULL) {=0D + mbedtls_pk_free (&Pk);=0D + return FALSE;=0D + }=0D +=0D + Ret =3D mbedtls_rsa_copy (Rsa, mbedtls_pk_rsa (Pk));=0D + if (Ret !=3D 0) {=0D + RsaFree (Rsa);=0D + mbedtls_pk_free (&Pk);=0D + return FALSE;=0D + }=0D +=0D + mbedtls_pk_free (&Pk);=0D +=0D + *RsaContext =3D Rsa;=0D + return TRUE;=0D +}=0D +=0D +/**=0D + Retrieve the EC Private Key from the password-protected PEM key data.=0D +=0D + @param[in] PemData Pointer to the PEM-encoded key data to be retri= eved.=0D + @param[in] PemSize Size of the PEM key data in bytes.=0D + @param[in] Password NULL-terminated passphrase used for encrypted P= EM key data.=0D + @param[out] EcContext Pointer to new-generated EC DSA context which c= ontain the retrieved=0D + EC private key component. Use EcFree() function= to free the=0D + resource.=0D +=0D + If PemData is NULL, then return FALSE.=0D + If EcContext is NULL, then return FALSE.=0D +=0D + @retval TRUE EC Private Key was retrieved successfully.=0D + @retval FALSE Invalid PEM key data or incorrect password.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +EcGetPrivateKeyFromPem (=0D + IN CONST UINT8 *PemData,=0D + IN UINTN PemSize,=0D + IN CONST CHAR8 *Password,=0D + OUT VOID **EcContext=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D --=20 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119030): https://edk2.groups.io/g/devel/message/119030 Mute This Topic: https://groups.io/mt/106151217/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-