From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id D6D99740035 for ; Sat, 30 Mar 2024 22:00:09 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=oNrYkBjZ/ehiVCbfnfeH63F4rW5h0plt119SuiGpHB4=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Feedback-ID:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1711836008; v=1; b=aJ6Evw8KVe2AFVEGVAUnBECTVhYjz7nVtKDEVSSWe+f9UD3/iZnyF+WSb0cifhJ8NR5s5pBG p2PihFjJDA7fbRTwA4TjxjeeMnh6Kk7UjUTu6Eh246U6wrcBCeUv8qKwk2loXYl9sO/uLaX5ubl 6oZ23jd0L7UrBEWk1rldsM50zzO2Fjo4DLoRHEzOdbOBq8Nj/5H234COL1NeqwBiSJNhmW6SasJ GSxs1pJpWFqpjLk6Gmm4rfmzfQbPtq7JjcFEbLvSDF8zpnyUWehzo2Aa7dSwGW3A6n6cO/F0WcP 9nExrzPw4VUghkyIQos8CXf1j/t9mI3d6hjeAgrCZzm5g== X-Received: by 127.0.0.2 with SMTP id B9HQYY7687511xVxe8tFygvT; Sat, 30 Mar 2024 15:00:08 -0700 X-Received: from a2i971.smtp2go.com (a2i971.smtp2go.com [103.47.207.203]) by mx.groups.io with SMTP id smtpd.web11.6639.1711836007468383178 for ; Sat, 30 Mar 2024 15:00:07 -0700 X-Received: from [10.66.228.43] (helo=SmtpCorp) by smtpcorp.com with esmtpsa (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.94.2-S2G) (envelope-from ) id 1rqgkA-gL4SG2-AG; Sat, 30 Mar 2024 22:00:06 +0000 X-Received: from [10.90.237.184] (helo=localhost.localdomain) by smtpcorp.com with esmtpsa (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96.1-S2G) (envelope-from ) id 1rqgk9-wSPEb9-2B; Sat, 30 Mar 2024 22:00:05 +0000 From: "Chris Ruffin via groups.io" To: devel@edk2.groups.io Cc: Chris Ruffin , Chris Ruffin , Jiewen Yao , Yi Li , Wenxing Hou Subject: [edk2-devel] [PATCH v2 1/3] CryptoPkg/BaseCryptLib: add additional RSAES-OAEP crypto functions Date: Sat, 30 Mar 2024 17:59:43 -0400 Message-ID: <7d29c9de7fcdc2475aa6f218e364b0260a71ae46.1711833672.git.v-chruffin@microsoft.com> In-Reply-To: References: <20240318215205.1339-1-cruffin@millcore.com> MIME-Version: 1.0 X-Smtpcorp-Track: 1rqgk9wSeEP92U.CEtkDpSNm2axE Feedback-ID: 401384m:401384aZcXcRg:401384sFVDFoI2cY X-Report-Abuse: Please forward a copy of this message, including all headers, to Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Sat, 30 Mar 2024 15:00:07 -0700 Reply-To: devel@edk2.groups.io,cruffin@millcore.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: nP0Qto5b9U6HT5lTBNdBqy05x7686176AA= Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=aJ6Evw8K; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io From: Chris Ruffin Expand the availability of the RSAES-OAEP crypto capability in BaseCryptLib. Applications using RSA crypto functions directly from OpensslLib can transition to BaseCryptLib to take advantage of the shared crypto feature in CryptoDxe. Pkcs1v2Decrypt(): decryption using DER-encoded private key RsaOaepEncrypt(): encryption using RSA contexts RsaOaepDecrypt(): decryption using RSA contexts Fixes: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4732 Gihub PR: https://github.com/tianocore/edk2/pull/5473 Signed-off-by: Chris Ruffin Cc: Chris Ruffin Cc: Jiewen Yao Cc: Yi Li Cc: Wenxing Hou --- CryptoPkg/Include/Library/BaseCryptLib.h | 117 ++++ .../Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c | 598 ++++++++++++++++-- .../BaseCryptLib/Pk/CryptPkcs1OaepNull.c | 130 +++- .../Pk/CryptPkcs1OaepNull.c | 135 +++- .../BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c | 130 +++- 5 files changed, 1056 insertions(+), 54 deletions(-) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index a52bd91ad6..86f784a1d2 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -5,6 +5,7 @@ functionality enabling.=0D =0D Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved.
=0D +Copyright (c) Microsoft Corporation. All rights reserved.=0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D **/=0D @@ -2147,6 +2148,122 @@ Pkcs1v2Encrypt ( OUT UINTN *EncryptedDataSize=0D );=0D =0D +/**=0D + Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + encrypted message in a newly allocated buffer.=0D +=0D + Things that can cause a failure include:=0D + - X509 key size does not match any known key size.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D + - Data size is too large for the provided key size (max size is a functi= on of key size=0D + and hash digest size).=0D +=0D + @param[in] RsaContext A pointer to an RSA context created by R= saNew() and=0D + provisioned with a public key using RsaS= etKey().=0D + @param[in] InData Data to be encrypted.=0D + @param[in] InDataSize Size of the data buffer.=0D + @param[in] PrngSeed [Optional] If provided, a pointer to a r= andom seed buffer=0D + to be used when initializing the PRNG. N= ULL otherwise.=0D + @param[in] PrngSeedSize [Optional] If provided, size of the rand= om seed buffer.=0D + 0 otherwise.=0D + @param[in] DigestLen [Optional] If provided, size of the hash= used:=0D + SHA1_DIGEST_SIZE=0D + SHA256_DIGEST_SIZE=0D + SHA384_DIGEST_SIZE=0D + SHA512_DIGEST_SIZE=0D + 0 to use default (SHA1)=0D + @param[out] EncryptedData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] EncryptedDataSize Size of the encrypted message buffer.=0D +=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaOaepEncrypt (=0D + IN VOID *RsaContext,=0D + IN UINT8 *InData,=0D + IN UINTN InDataSize,=0D + IN CONST UINT8 *PrngSeed OPTIONAL,=0D + IN UINTN PrngSeedSize OPTIONAL,=0D + IN UINT16 DigestLen OPTIONAL,=0D + OUT UINT8 **EncryptedData,=0D + OUT UINTN *EncryptedDataSize=0D + );=0D +=0D +/**=0D + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + decrypted message in a newly allocated buffer.=0D +=0D + Things that can cause a failure include:=0D + - Fail to parse private key.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D +=0D + @param[in] PrivateKey A pointer to the DER-encoded private key= .=0D + @param[in] PrivateKeySize Size of the private key buffer.=0D + @param[in] EncryptedData Data to be decrypted.=0D + @param[in] EncryptedDataSize Size of the encrypted buffer.=0D + @param[out] OutData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] OutDataSize Size of the encrypted message buffer.=0D +=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Pkcs1v2Decrypt (=0D + IN CONST UINT8 *PrivateKey,=0D + IN UINTN PrivateKeySize,=0D + IN UINT8 *EncryptedData,=0D + IN UINTN EncryptedDataSize,=0D + OUT UINT8 **OutData,=0D + OUT UINTN *OutDataSize=0D + );=0D +=0D +/**=0D + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + decrypted message in a newly allocated buffer.=0D +=0D + Things that can cause a failure include:=0D + - Fail to parse private key.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D +=0D + @param[in] RsaContext A pointer to an RSA context created by R= saNew() and=0D + provisioned with a private key using Rsa= SetKey().=0D + @param[in] EncryptedData Data to be decrypted.=0D + @param[in] EncryptedDataSize Size of the encrypted buffer.=0D + @param[in] DigestLen [Optional] If provided, size of the hash= used:=0D + SHA1_DIGEST_SIZE=0D + SHA256_DIGEST_SIZE=0D + SHA384_DIGEST_SIZE=0D + SHA512_DIGEST_SIZE=0D + 0 to use default (SHA1)=0D + @param[out] OutData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] OutDataSize Size of the encrypted message buffer.=0D +=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaOaepDecrypt (=0D + IN VOID *RsaContext,=0D + IN UINT8 *EncryptedData,=0D + IN UINTN EncryptedDataSize,=0D + IN UINT16 DigestLen OPTIONAL,=0D + OUT UINT8 **OutData,=0D + OUT UINTN *OutDataSize=0D + );=0D +=0D /**=0D The 3rd parameter of Pkcs7GetSigners will return all embedded=0D X.509 certificate in one given PKCS7 signature. The format is:=0D diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c b/CryptoPkg= /Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c index ea43c1381c..7634ab1f6f 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c @@ -3,7 +3,7 @@ =0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D - Copyright (C) 2016 Microsoft Corporation. All Rights Reserved.=0D + Copyright (C) Microsoft Corporation. All Rights Reserved.=0D Copyright (c) 2019, Intel Corporation. All rights reserved.
=0D =0D **/=0D @@ -14,6 +14,37 @@ #include =0D #include =0D =0D +/**=0D + Retrieve a pointer to EVP message digest object.=0D +=0D + @param[in] DigestLen Length of the message digest.=0D +=0D +**/=0D +STATIC=0D +const=0D +EVP_MD *=0D +GetEvpMD (=0D + IN UINT16 DigestLen=0D + )=0D +{=0D + switch (DigestLen) {=0D + case SHA1_DIGEST_SIZE:=0D + return EVP_sha1 ();=0D + break;=0D + case SHA256_DIGEST_SIZE:=0D + return EVP_sha256 ();=0D + break;=0D + case SHA384_DIGEST_SIZE:=0D + return EVP_sha384 ();=0D + break;=0D + case SHA512_DIGEST_SIZE:=0D + return EVP_sha512 ();=0D + break;=0D + default:=0D + return NULL;=0D + }=0D +}=0D +=0D /**=0D Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D encrypted message in a newly allocated buffer.=0D @@ -26,15 +57,20 @@ - Data size is too large for the provided key size (max size is a functi= on of key size=0D and hash digest size).=0D =0D - @param[in] PublicKey A pointer to the DER-encoded X509 certif= icate that=0D + @param[in] Pkey A pointer to an EVP_PKEY struct that=0D will be used to encrypt the data.=0D - @param[in] PublicKeySize Size of the X509 cert buffer.=0D @param[in] InData Data to be encrypted.=0D @param[in] InDataSize Size of the data buffer.=0D @param[in] PrngSeed [Optional] If provided, a pointer to a r= andom seed buffer=0D to be used when initializing the PRNG. N= ULL otherwise.=0D @param[in] PrngSeedSize [Optional] If provided, size of the rand= om seed buffer.=0D 0 otherwise.=0D + @param[in] DigestLen [Optional] If provided, size of the hash= used:=0D + SHA1_DIGEST_SIZE=0D + SHA256_DIGEST_SIZE=0D + SHA384_DIGEST_SIZE=0D + SHA512_DIGEST_SIZE=0D + 0 to use default (SHA1)=0D @param[out] EncryptedData Pointer to an allocated buffer containin= g the encrypted=0D message.=0D @param[out] EncryptedDataSize Size of the encrypted message buffer.=0D @@ -45,50 +81,35 @@ **/=0D BOOLEAN=0D EFIAPI=0D -Pkcs1v2Encrypt (=0D - IN CONST UINT8 *PublicKey,=0D - IN UINTN PublicKeySize,=0D +InternalPkcs1v2Encrypt (=0D + EVP_PKEY *Pkey,=0D IN UINT8 *InData,=0D IN UINTN InDataSize,=0D IN CONST UINT8 *PrngSeed OPTIONAL,=0D IN UINTN PrngSeedSize OPTIONAL,=0D + IN UINT16 DigestLen OPTIONAL,=0D OUT UINT8 **EncryptedData,=0D OUT UINTN *EncryptedDataSize=0D )=0D {=0D BOOLEAN Result;=0D - CONST UINT8 *TempPointer;=0D - X509 *CertData;=0D - EVP_PKEY *InternalPublicKey;=0D EVP_PKEY_CTX *PkeyCtx;=0D UINT8 *OutData;=0D UINTN OutDataSize;=0D + CONST EVP_MD *HashAlg;=0D =0D //=0D // Check input parameters.=0D //=0D - if ((PublicKey =3D=3D NULL) || (InData =3D=3D NULL) ||=0D + if ((Pkey =3D=3D NULL) || (InData =3D=3D NULL) ||=0D (EncryptedData =3D=3D NULL) || (EncryptedDataSize =3D=3D NULL))=0D {=0D return FALSE;=0D }=0D =0D - //=0D - // Check public key size.=0D - //=0D - if (PublicKeySize > 0xFFFFFFFF) {=0D - //=0D - // Public key size is too large for implementation.=0D - //=0D - return FALSE;=0D - }=0D -=0D *EncryptedData =3D NULL;=0D *EncryptedDataSize =3D 0;=0D Result =3D FALSE;=0D - TempPointer =3D NULL;=0D - CertData =3D NULL;=0D - InternalPublicKey =3D NULL;=0D PkeyCtx =3D NULL;=0D OutData =3D NULL;=0D OutDataSize =3D 0;=0D @@ -104,6 +125,169 @@ Pkcs1v2Encrypt ( RandomSeed (NULL, 0);=0D }=0D =0D + //=0D + // Create a context for the public key operation.=0D + //=0D + PkeyCtx =3D EVP_PKEY_CTX_new (Pkey, NULL);=0D + if (PkeyCtx =3D=3D NULL) {=0D + //=0D + // Fail to create contex.=0D + //=0D + goto _Exit;=0D + }=0D +=0D + //=0D + // Initialize the context and set the desired padding.=0D + //=0D + if ((EVP_PKEY_encrypt_init (PkeyCtx) <=3D 0) ||=0D + (EVP_PKEY_CTX_set_rsa_padding (PkeyCtx, RSA_PKCS1_OAEP_PADDING) <=3D= 0))=0D + {=0D + //=0D + // Fail to initialize the context.=0D + //=0D + goto _Exit;=0D + }=0D +=0D + if (DigestLen !=3D 0) {=0D + HashAlg =3D GetEvpMD (DigestLen);=0D + if (HashAlg =3D=3D NULL) {=0D + goto _Exit;=0D + }=0D +=0D + if (EVP_PKEY_CTX_set_rsa_oaep_md (PkeyCtx, HashAlg) <=3D 0) {=0D + goto _Exit;=0D + }=0D +=0D + if (EVP_PKEY_CTX_set_rsa_mgf1_md (PkeyCtx, HashAlg) <=3D 0) {=0D + goto _Exit;=0D + }=0D + }=0D +=0D + //=0D + // Determine the required buffer length for malloc'ing.=0D + //=0D + if (EVP_PKEY_encrypt (PkeyCtx, NULL, &OutDataSize, InData, InDataSize) <= =3D 0) {=0D + //=0D + // Fail to determine output buffer size.=0D + //=0D + goto _Exit;=0D + }=0D +=0D + //=0D + // Allocate a buffer for the output data.=0D + //=0D + OutData =3D AllocatePool (OutDataSize);=0D + if (OutData =3D=3D NULL) {=0D + //=0D + // Fail to allocate the output buffer.=0D + //=0D + goto _Exit;=0D + }=0D +=0D + //=0D + // Encrypt Data.=0D + //=0D + if (EVP_PKEY_encrypt (PkeyCtx, OutData, &OutDataSize, InData, InDataSize= ) <=3D 0) {=0D + //=0D + // Fail to encrypt data, need to free the output buffer.=0D + //=0D + FreePool (OutData);=0D + OutData =3D NULL;=0D + OutDataSize =3D 0;=0D + goto _Exit;=0D + }=0D +=0D + //=0D + // Encrypt done.=0D + //=0D + *EncryptedData =3D OutData;=0D + *EncryptedDataSize =3D OutDataSize;=0D + Result =3D TRUE;=0D +=0D +_Exit:=0D + //=0D + // Release Resources=0D + //=0D + if (PkeyCtx !=3D NULL) {=0D + EVP_PKEY_CTX_free (PkeyCtx);=0D + }=0D +=0D + return Result;=0D +}=0D +=0D +/**=0D + Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + encrypted message in a newly allocated buffer.=0D +=0D + Things that can cause a failure include:=0D + - X509 key size does not match any known key size.=0D + - Fail to parse X509 certificate.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D + - Data size is too large for the provided key size (max size is a functi= on of key size=0D + and hash digest size).=0D +=0D + @param[in] PublicKey A pointer to the DER-encoded X509 certif= icate that=0D + will be used to encrypt the data.=0D + @param[in] PublicKeySize Size of the X509 cert buffer.=0D + @param[in] InData Data to be encrypted.=0D + @param[in] InDataSize Size of the data buffer.=0D + @param[in] PrngSeed [Optional] If provided, a pointer to a r= andom seed buffer=0D + to be used when initializing the PRNG. N= ULL otherwise.=0D + @param[in] PrngSeedSize [Optional] If provided, size of the rand= om seed buffer.=0D + 0 otherwise.=0D + @param[out] EncryptedData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] EncryptedDataSize Size of the encrypted message buffer.=0D +=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Pkcs1v2Encrypt (=0D + IN CONST UINT8 *PublicKey,=0D + IN UINTN PublicKeySize,=0D + IN UINT8 *InData,=0D + IN UINTN InDataSize,=0D + IN CONST UINT8 *PrngSeed OPTIONAL,=0D + IN UINTN PrngSeedSize OPTIONAL,=0D + OUT UINT8 **EncryptedData,=0D + OUT UINTN *EncryptedDataSize=0D + )=0D +{=0D + BOOLEAN Result;=0D + CONST UINT8 *TempPointer;=0D + X509 *CertData;=0D + EVP_PKEY *Pkey;=0D +=0D + //=0D + // Check input parameters.=0D + //=0D + if ((PublicKey =3D=3D NULL) || (InData =3D=3D NULL) ||=0D + (EncryptedData =3D=3D NULL) || (EncryptedDataSize =3D=3D NULL))=0D + {=0D + return FALSE;=0D + }=0D +=0D + //=0D + // Check public key size.=0D + //=0D + if (PublicKeySize > 0xFFFFFFFF) {=0D + //=0D + // Public key size is too large for implementation.=0D + //=0D + return FALSE;=0D + }=0D +=0D + *EncryptedData =3D NULL;=0D + *EncryptedDataSize =3D 0;=0D + Result =3D FALSE;=0D + TempPointer =3D NULL;=0D + CertData =3D NULL;=0D + Pkey =3D NULL;=0D +=0D //=0D // Parse the X509 cert and extract the public key.=0D //=0D @@ -120,52 +304,230 @@ Pkcs1v2Encrypt ( // Extract the public key from the x509 cert in a format that=0D // OpenSSL can use.=0D //=0D - InternalPublicKey =3D X509_get_pubkey (CertData);=0D - if (InternalPublicKey =3D=3D NULL) {=0D + Pkey =3D X509_get_pubkey (CertData);=0D + if (Pkey =3D=3D NULL) {=0D //=0D // Fail to extract public key.=0D //=0D goto _Exit;=0D }=0D =0D + Result =3D InternalPkcs1v2Encrypt (Pkey, InData, InDataSize, PrngSeed, P= rngSeedSize, 0, EncryptedData, EncryptedDataSize);=0D +=0D +_Exit:=0D //=0D - // Create a context for the public key operation.=0D + // Release Resources=0D + //=0D + if (CertData !=3D NULL) {=0D + X509_free (CertData);=0D + }=0D +=0D + if (Pkey !=3D NULL) {=0D + EVP_PKEY_free (Pkey);=0D + }=0D +=0D + return Result;=0D +}=0D +=0D +/**=0D + Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + encrypted message in a newly allocated buffer.=0D +=0D + Things that can cause a failure include:=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D + - Data size is too large for the provided key size (max size is a functi= on of key size=0D + and hash digest size).=0D +=0D + @param[in] RsaContext A pointer to an RSA context created by R= saNew() and=0D + provisioned with a public key using RsaS= etKey().=0D + @param[in] InData Data to be encrypted.=0D + @param[in] InDataSize Size of the data buffer.=0D + @param[in] PrngSeed [Optional] If provided, a pointer to a r= andom seed buffer=0D + to be used when initializing the PRNG. N= ULL otherwise.=0D + @param[in] PrngSeedSize [Optional] If provided, size of the rand= om seed buffer.=0D + 0 otherwise.=0D + @param[in] DigestLen [Optional] If provided, size of the hash= used:=0D + SHA1_DIGEST_SIZE=0D + SHA256_DIGEST_SIZE=0D + SHA384_DIGEST_SIZE=0D + SHA512_DIGEST_SIZE=0D + 0 to use default (SHA1)=0D + @param[out] EncryptedData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] EncryptedDataSize Size of the encrypted message buffer.=0D +=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaOaepEncrypt (=0D + IN VOID *RsaContext,=0D + IN UINT8 *InData,=0D + IN UINTN InDataSize,=0D + IN CONST UINT8 *PrngSeed OPTIONAL,=0D + IN UINTN PrngSeedSize OPTIONAL,=0D + IN UINT16 DigestLen OPTIONAL,=0D + OUT UINT8 **EncryptedData,=0D + OUT UINTN *EncryptedDataSize=0D + )=0D +{=0D + BOOLEAN Result;=0D + EVP_PKEY *Pkey;=0D +=0D //=0D - PkeyCtx =3D EVP_PKEY_CTX_new (InternalPublicKey, NULL);=0D + // Check input parameters.=0D + //=0D + if (((RsaContext =3D=3D NULL) || (InData =3D=3D NULL)) ||=0D + (EncryptedData =3D=3D NULL) || (EncryptedDataSize =3D=3D NULL))=0D + {=0D + return FALSE;=0D + }=0D +=0D + *EncryptedData =3D NULL;=0D + *EncryptedDataSize =3D 0;=0D + Result =3D FALSE;=0D + Pkey =3D NULL;=0D +=0D + Pkey =3D EVP_PKEY_new ();=0D + if (Pkey =3D=3D NULL) {=0D + goto _Exit;=0D + }=0D +=0D + if (EVP_PKEY_set1_RSA (Pkey, (RSA *)RsaContext) =3D=3D 0) {=0D + goto _Exit;=0D + }=0D +=0D + Result =3D InternalPkcs1v2Encrypt (Pkey, InData, InDataSize, PrngSeed, P= rngSeedSize, DigestLen, EncryptedData, EncryptedDataSize);=0D +=0D +_Exit:=0D + //=0D + // Release Resources=0D + //=0D + if (Pkey !=3D NULL) {=0D + EVP_PKEY_free (Pkey);=0D + }=0D +=0D + return Result;=0D +}=0D +=0D +/**=0D + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + decrypted message in a newly allocated buffer.=0D +=0D + Things that can cause a failure include:=0D + - Fail to parse private key.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D +=0D + @param[in] Pkey A pointer to an EVP_PKEY which will decr= ypt that data.=0D + @param[in] EncryptedData Data to be decrypted.=0D + @param[in] EncryptedDataSize Size of the encrypted buffer.=0D + @param[in] DigestLen [Optional] If provided, size of the hash= used:=0D + SHA1_DIGEST_SIZE=0D + SHA256_DIGEST_SIZE=0D + SHA384_DIGEST_SIZE=0D + SHA512_DIGEST_SIZE=0D + 0 to use default (SHA1)=0D + @param[out] OutData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] OutDataSize Size of the encrypted message buffer.=0D +=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +InternalPkcs1v2Decrypt (=0D + EVP_PKEY *Pkey,=0D + IN UINT8 *EncryptedData,=0D + IN UINTN EncryptedDataSize,=0D + IN UINT16 DigestLen OPTIONAL,=0D + OUT UINT8 **OutData,=0D + OUT UINTN *OutDataSize=0D + )=0D +{=0D + BOOLEAN Result;=0D + EVP_PKEY_CTX *PkeyCtx;=0D + UINT8 *TempData;=0D + UINTN TempDataSize;=0D + INTN ReturnCode;=0D + CONST EVP_MD *HashAlg;=0D +=0D + //=0D + // Check input parameters.=0D + //=0D + if ((Pkey =3D=3D NULL) || (EncryptedData =3D=3D NULL) ||=0D + (OutData =3D=3D NULL) || (OutDataSize =3D=3D NULL))=0D + {=0D + return FALSE;=0D + }=0D +=0D + Result =3D FALSE;=0D + PkeyCtx =3D NULL;=0D + TempData =3D NULL;=0D + TempDataSize =3D 0;=0D +=0D + //=0D + // Create a context for the decryption operation.=0D + //=0D + PkeyCtx =3D EVP_PKEY_CTX_new (Pkey, NULL);=0D if (PkeyCtx =3D=3D NULL) {=0D //=0D // Fail to create contex.=0D //=0D + DEBUG ((DEBUG_ERROR, "[%a] EVP_PKEY_CTK_new() failed\n", __func__));=0D goto _Exit;=0D }=0D =0D //=0D // Initialize the context and set the desired padding.=0D //=0D - if ((EVP_PKEY_encrypt_init (PkeyCtx) <=3D 0) ||=0D + if ((EVP_PKEY_decrypt_init (PkeyCtx) <=3D 0) ||=0D (EVP_PKEY_CTX_set_rsa_padding (PkeyCtx, RSA_PKCS1_OAEP_PADDING) <=3D= 0))=0D {=0D //=0D // Fail to initialize the context.=0D //=0D + DEBUG ((DEBUG_ERROR, "[%a] EVP_PKEY_decrypt_init() failed\n", __func__= ));=0D goto _Exit;=0D }=0D =0D + if (DigestLen !=3D 0) {=0D + HashAlg =3D GetEvpMD (DigestLen);=0D + if (HashAlg =3D=3D NULL) {=0D + goto _Exit;=0D + }=0D +=0D + if (EVP_PKEY_CTX_set_rsa_oaep_md (PkeyCtx, HashAlg) <=3D 0) {=0D + goto _Exit;=0D + }=0D +=0D + if (EVP_PKEY_CTX_set_rsa_mgf1_md (PkeyCtx, HashAlg) <=3D 0) {=0D + goto _Exit;=0D + }=0D + }=0D +=0D //=0D // Determine the required buffer length for malloc'ing.=0D //=0D - if (EVP_PKEY_encrypt (PkeyCtx, NULL, &OutDataSize, InData, InDataSize) <= =3D 0) {=0D + ReturnCode =3D EVP_PKEY_decrypt (PkeyCtx, NULL, &TempDataSize, Encrypted= Data, EncryptedDataSize);=0D + if (ReturnCode <=3D 0) {=0D //=0D // Fail to determine output buffer size.=0D //=0D + DEBUG ((DEBUG_ERROR, "[%a] EVP_PKEY_decrypt() failed to determine outp= ut buffer size (rc=3D%d)\n", __func__, ReturnCode));=0D goto _Exit;=0D }=0D =0D //=0D // Allocate a buffer for the output data.=0D //=0D - OutData =3D AllocatePool (OutDataSize);=0D - if (OutData =3D=3D NULL) {=0D + TempData =3D AllocatePool (TempDataSize);=0D + if (TempData =3D=3D NULL) {=0D //=0D // Fail to allocate the output buffer.=0D //=0D @@ -173,39 +535,179 @@ Pkcs1v2Encrypt ( }=0D =0D //=0D - // Encrypt Data.=0D + // Decrypt Data.=0D //=0D - if (EVP_PKEY_encrypt (PkeyCtx, OutData, &OutDataSize, InData, InDataSize= ) <=3D 0) {=0D + ReturnCode =3D EVP_PKEY_decrypt (PkeyCtx, TempData, &TempDataSize, Encry= ptedData, EncryptedDataSize);=0D + if (ReturnCode <=3D 0) {=0D //=0D - // Fail to encrypt data, need to free the output buffer.=0D + // Fail to decrypt data, need to free the output buffer.=0D //=0D - FreePool (OutData);=0D - OutData =3D NULL;=0D - OutDataSize =3D 0;=0D + FreePool (TempData);=0D + TempData =3D NULL;=0D + TempDataSize =3D 0;=0D +=0D + DEBUG ((DEBUG_ERROR, "[%a] EVP_PKEY_decrypt(TempData) failed to decryp= t (rc=3D%d)\n", __func__, ReturnCode));=0D goto _Exit;=0D }=0D =0D //=0D - // Encrypt done.=0D + // Decrypt done.=0D //=0D - *EncryptedData =3D OutData;=0D - *EncryptedDataSize =3D OutDataSize;=0D - Result =3D TRUE;=0D + *OutData =3D TempData;=0D + *OutDataSize =3D TempDataSize;=0D + Result =3D TRUE;=0D =0D _Exit:=0D + if (PkeyCtx !=3D NULL) {=0D + EVP_PKEY_CTX_free (PkeyCtx);=0D + }=0D +=0D + return Result;=0D +}=0D +=0D +/**=0D + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + decrypted message in a newly allocated buffer.=0D +=0D + Things that can cause a failure include:=0D + - Fail to parse private key.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D +=0D + @param[in] PrivateKey A pointer to the DER-encoded private key= .=0D + @param[in] PrivateKeySize Size of the private key buffer.=0D + @param[in] EncryptedData Data to be decrypted.=0D + @param[in] EncryptedDataSize Size of the encrypted buffer.=0D + @param[out] OutData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] OutDataSize Size of the encrypted message buffer.=0D +=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Pkcs1v2Decrypt (=0D + IN CONST UINT8 *PrivateKey,=0D + IN UINTN PrivateKeySize,=0D + IN UINT8 *EncryptedData,=0D + IN UINTN EncryptedDataSize,=0D + OUT UINT8 **OutData,=0D + OUT UINTN *OutDataSize=0D + )=0D +{=0D + BOOLEAN Result;=0D + EVP_PKEY *Pkey;=0D + CONST UINT8 *TempPointer;=0D +=0D //=0D - // Release Resources=0D + // Check input parameters.=0D //=0D - if (CertData !=3D NULL) {=0D - X509_free (CertData);=0D + if ((PrivateKey =3D=3D NULL) || (EncryptedData =3D=3D NULL) ||=0D + (OutData =3D=3D NULL) || (OutDataSize =3D=3D NULL))=0D + {=0D + return FALSE;=0D + }=0D +=0D + Result =3D FALSE;=0D + Pkey =3D NULL;=0D + TempPointer =3D NULL;=0D +=0D + //=0D + // Parse the private key.=0D + //=0D + TempPointer =3D PrivateKey;=0D + Pkey =3D d2i_PrivateKey (EVP_PKEY_RSA, &Pkey, &TempPointer, (UINT= 32)PrivateKeySize);=0D + if (Pkey =3D=3D NULL) {=0D + //=0D + // Fail to parse private key.=0D + //=0D + DEBUG ((DEBUG_ERROR, "[%a] d2i_PrivateKey() failed\n", __func__));=0D + goto _Exit;=0D }=0D =0D - if (InternalPublicKey !=3D NULL) {=0D - EVP_PKEY_free (InternalPublicKey);=0D + Result =3D InternalPkcs1v2Decrypt (Pkey, EncryptedData, EncryptedDataSiz= e, 0, OutData, OutDataSize);=0D +=0D +_Exit:=0D + if (Pkey !=3D NULL) {=0D + EVP_PKEY_free (Pkey);=0D }=0D =0D - if (PkeyCtx !=3D NULL) {=0D - EVP_PKEY_CTX_free (PkeyCtx);=0D + return Result;=0D +}=0D +=0D +/**=0D + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + decrypted message in a newly allocated buffer.=0D +=0D + Things that can cause a failure include:=0D + - Fail to parse private key.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D +=0D + @param[in] RsaContext A pointer to an RSA context created by R= saNew() and=0D + provisioned with a private key using Rsa= SetKey().=0D + @param[in] EncryptedData Data to be decrypted.=0D + @param[in] EncryptedDataSize Size of the encrypted buffer.=0D + @param[in] DigestLen [Optional] If provided, size of the hash= used:=0D + SHA1_DIGEST_SIZE=0D + SHA256_DIGEST_SIZE=0D + SHA384_DIGEST_SIZE=0D + SHA512_DIGEST_SIZE=0D + 0 to use default (SHA1)=0D + @param[out] OutData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] OutDataSize Size of the encrypted message buffer.=0D +=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaOaepDecrypt (=0D + IN VOID *RsaContext,=0D + IN UINT8 *EncryptedData,=0D + IN UINTN EncryptedDataSize,=0D + IN UINT16 DigestLen OPTIONAL,=0D + OUT UINT8 **OutData,=0D + OUT UINTN *OutDataSize=0D + )=0D +{=0D + BOOLEAN Result;=0D + EVP_PKEY *Pkey;=0D +=0D + //=0D + // Check input parameters.=0D + //=0D + if ((RsaContext =3D=3D NULL) || (EncryptedData =3D=3D NULL) ||=0D + (OutData =3D=3D NULL) || (OutDataSize =3D=3D NULL))=0D + {=0D + return FALSE;=0D + }=0D +=0D + Result =3D FALSE;=0D + Pkey =3D NULL;=0D +=0D + //=0D + // Create a context for the decryption operation.=0D + //=0D +=0D + Pkey =3D EVP_PKEY_new ();=0D + if (Pkey =3D=3D NULL) {=0D + goto _Exit;=0D + }=0D +=0D + if (EVP_PKEY_set1_RSA (Pkey, (RSA *)RsaContext) =3D=3D 0) {=0D + goto _Exit;=0D + }=0D +=0D + Result =3D InternalPkcs1v2Decrypt (Pkey, EncryptedData, EncryptedDataSiz= e, DigestLen, OutData, OutDataSize);=0D +=0D +_Exit:=0D + if (Pkey !=3D NULL) {=0D + EVP_PKEY_free (Pkey);=0D }=0D =0D return Result;=0D diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1OaepNull.c b/Crypt= oPkg/Library/BaseCryptLib/Pk/CryptPkcs1OaepNull.c index 36508947c5..01d3c5a77f 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1OaepNull.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1OaepNull.c @@ -3,7 +3,7 @@ =0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D - Copyright (C) 2016 Microsoft Corporation. All Rights Reserved.=0D + Copyright (C) Microsoft Corporation. All Rights Reserved.=0D Copyright (c) 2019, Intel Corporation. All rights reserved.
=0D =0D **/=0D @@ -48,3 +48,131 @@ Pkcs1v2Encrypt ( ASSERT (FALSE);=0D return FALSE;=0D }=0D +=0D +/**=0D + Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + encrypted message in a newly allocated buffer.=0D +=0D + Things that can cause a failure include:=0D + - X509 key size does not match any known key size.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D + - Data size is too large for the provided key size (max size is a functi= on of key size=0D + and hash digest size).=0D +=0D + @param[in] RsaContext A pointer to an RSA context created by R= saNew() and=0D + provisioned with a public key using RsaS= etKey().=0D + @param[in] InData Data to be encrypted.=0D + @param[in] InDataSize Size of the data buffer.=0D + @param[in] PrngSeed [Optional] If provided, a pointer to a r= andom seed buffer=0D + to be used when initializing the PRNG. N= ULL otherwise.=0D + @param[in] PrngSeedSize [Optional] If provided, size of the rand= om seed buffer.=0D + 0 otherwise.=0D + @param[in] DigestLen [Optional] If provided, size of the hash= used:=0D + SHA1_DIGEST_SIZE=0D + SHA256_DIGEST_SIZE=0D + SHA384_DIGEST_SIZE=0D + SHA512_DIGEST_SIZE=0D + 0 to use default (SHA1)=0D + @param[out] EncryptedData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] EncryptedDataSize Size of the encrypted message buffer.=0D +=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaOaepEncrypt (=0D + IN VOID *RsaContext,=0D + IN UINT8 *InData,=0D + IN UINTN InDataSize,=0D + IN CONST UINT8 *PrngSeed OPTIONAL,=0D + IN UINTN PrngSeedSize OPTIONAL,=0D + IN UINT16 DigestLen OPTIONAL,=0D + OUT UINT8 **EncryptedData,=0D + OUT UINTN *EncryptedDataSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + decrypted message in a newly allocated buffer.=0D +=0D + Things that can cause a failure include:=0D + - Fail to parse private key.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D +=0D + @param[in] PrivateKey A pointer to the DER-encoded private key= .=0D + @param[in] PrivateKeySize Size of the private key buffer.=0D + @param[in] EncryptedData Data to be decrypted.=0D + @param[in] EncryptedDataSize Size of the encrypted buffer.=0D + @param[out] OutData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] OutDataSize Size of the encrypted message buffer.=0D +=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Pkcs1v2Decrypt (=0D + IN CONST UINT8 *PrivateKey,=0D + IN UINTN PrivateKeySize,=0D + IN UINT8 *EncryptedData,=0D + IN UINTN EncryptedDataSize,=0D + OUT UINT8 **OutData,=0D + OUT UINTN *OutDataSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + decrypted message in a newly allocated buffer.=0D +=0D + Things that can cause a failure include:=0D + - Fail to parse private key.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D +=0D + @param[in] RsaContext A pointer to an RSA context created by R= saNew() and=0D + provisioned with a private key using Rsa= SetKey().=0D + @param[in] EncryptedData Data to be decrypted.=0D + @param[in] EncryptedDataSize Size of the encrypted buffer.=0D + @param[in] DigestLen [Optional] If provided, size of the hash= used:=0D + SHA1_DIGEST_SIZE=0D + SHA256_DIGEST_SIZE=0D + SHA384_DIGEST_SIZE=0D + SHA512_DIGEST_SIZE=0D + 0 to use default (SHA1)=0D + @param[out] OutData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] OutDataSize Size of the encrypted message buffer.=0D +=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaOaepDecrypt (=0D + IN VOID *RsaContext,=0D + IN UINT8 *EncryptedData,=0D + IN UINTN EncryptedDataSize,=0D + IN UINT16 DigestLen OPTIONAL,=0D + OUT UINT8 **OutData,=0D + OUT UINTN *OutDataSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1OaepNull.c = b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1OaepNull.c index a686308652..22ac4aefd5 100644 --- a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1OaepNull.c +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1OaepNull.c @@ -4,6 +4,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D Copyright (c) 2023, Intel Corporation. All rights reserved.
=0D + Copyright (c) Microsoft Corporation. All rights reserved.=0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D **/=0D =0D @@ -38,10 +39,8 @@ Pkcs1v2Encrypt ( IN UINTN PublicKeySize,=0D IN UINT8 *InData,=0D IN UINTN InDataSize,=0D - IN CONST UINT8 *PrngSeed,=0D - OPTIONAL=0D - IN UINTN PrngSeedSize,=0D - OPTIONAL=0D + IN CONST UINT8 *PrngSeed OPTIONAL,=0D + IN UINTN PrngSeedSize OPTIONAL,=0D OUT UINT8 **EncryptedData,=0D OUT UINTN *EncryptedDataSize=0D )=0D @@ -49,3 +48,131 @@ Pkcs1v2Encrypt ( ASSERT (FALSE);=0D return FALSE;=0D }=0D +=0D +/**=0D + Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + encrypted message in a newly allocated buffer.=0D +=0D + Things that can cause a failure include:=0D + - X509 key size does not match any known key size.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D + - Data size is too large for the provided key size (max size is a functi= on of key size=0D + and hash digest size).=0D +=0D + @param[in] RsaContext A pointer to an RSA context created by R= saNew() and=0D + provisioned with a public key using RsaS= etKey().=0D + @param[in] InData Data to be encrypted.=0D + @param[in] InDataSize Size of the data buffer.=0D + @param[in] PrngSeed [Optional] If provided, a pointer to a r= andom seed buffer=0D + to be used when initializing the PRNG. N= ULL otherwise.=0D + @param[in] PrngSeedSize [Optional] If provided, size of the rand= om seed buffer.=0D + 0 otherwise.=0D + @param[in] DigestLen [Optional] If provided, size of the hash= used:=0D + SHA1_DIGEST_SIZE=0D + SHA256_DIGEST_SIZE=0D + SHA384_DIGEST_SIZE=0D + SHA512_DIGEST_SIZE=0D + 0 to use default (SHA1)=0D + @param[out] EncryptedData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] EncryptedDataSize Size of the encrypted message buffer.=0D +=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaOaepEncrypt (=0D + IN VOID *RsaContext,=0D + IN UINT8 *InData,=0D + IN UINTN InDataSize,=0D + IN CONST UINT8 *PrngSeed OPTIONAL,=0D + IN UINTN PrngSeedSize OPTIONAL,=0D + IN UINT16 DigestLen OPTIONAL,=0D + OUT UINT8 **EncryptedData,=0D + OUT UINTN *EncryptedDataSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + decrypted message in a newly allocated buffer.=0D +=0D + Things that can cause a failure include:=0D + - Fail to parse private key.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D +=0D + @param[in] PrivateKey A pointer to the DER-encoded private key= .=0D + @param[in] PrivateKeySize Size of the private key buffer.=0D + @param[in] EncryptedData Data to be decrypted.=0D + @param[in] EncryptedDataSize Size of the encrypted buffer.=0D + @param[out] OutData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] OutDataSize Size of the encrypted message buffer.=0D +=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Pkcs1v2Decrypt (=0D + IN CONST UINT8 *PrivateKey,=0D + IN UINTN PrivateKeySize,=0D + IN UINT8 *EncryptedData,=0D + IN UINTN EncryptedDataSize,=0D + OUT UINT8 **OutData,=0D + OUT UINTN *OutDataSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + decrypted message in a newly allocated buffer.=0D +=0D + Things that can cause a failure include:=0D + - Fail to parse private key.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D +=0D + @param[in] RsaContext A pointer to an RSA context created by R= saNew() and=0D + provisioned with a private key using Rsa= SetKey().=0D + @param[in] EncryptedData Data to be decrypted.=0D + @param[in] EncryptedDataSize Size of the encrypted buffer.=0D + @param[in] DigestLen [Optional] If provided, size of the hash= used:=0D + SHA1_DIGEST_SIZE=0D + SHA256_DIGEST_SIZE=0D + SHA384_DIGEST_SIZE=0D + SHA512_DIGEST_SIZE=0D + 0 to use default (SHA1)=0D + @param[out] OutData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] OutDataSize Size of the encrypted message buffer.=0D +=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaOaepDecrypt (=0D + IN VOID *RsaContext,=0D + IN UINT8 *EncryptedData,=0D + IN UINTN EncryptedDataSize,=0D + IN UINT16 DigestLen OPTIONAL,=0D + OUT UINT8 **OutData,=0D + OUT UINTN *OutDataSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D diff --git a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c b/C= ryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c index 36508947c5..01d3c5a77f 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c @@ -3,7 +3,7 @@ =0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D - Copyright (C) 2016 Microsoft Corporation. All Rights Reserved.=0D + Copyright (C) Microsoft Corporation. All Rights Reserved.=0D Copyright (c) 2019, Intel Corporation. All rights reserved.
=0D =0D **/=0D @@ -48,3 +48,131 @@ Pkcs1v2Encrypt ( ASSERT (FALSE);=0D return FALSE;=0D }=0D +=0D +/**=0D + Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + encrypted message in a newly allocated buffer.=0D +=0D + Things that can cause a failure include:=0D + - X509 key size does not match any known key size.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D + - Data size is too large for the provided key size (max size is a functi= on of key size=0D + and hash digest size).=0D +=0D + @param[in] RsaContext A pointer to an RSA context created by R= saNew() and=0D + provisioned with a public key using RsaS= etKey().=0D + @param[in] InData Data to be encrypted.=0D + @param[in] InDataSize Size of the data buffer.=0D + @param[in] PrngSeed [Optional] If provided, a pointer to a r= andom seed buffer=0D + to be used when initializing the PRNG. N= ULL otherwise.=0D + @param[in] PrngSeedSize [Optional] If provided, size of the rand= om seed buffer.=0D + 0 otherwise.=0D + @param[in] DigestLen [Optional] If provided, size of the hash= used:=0D + SHA1_DIGEST_SIZE=0D + SHA256_DIGEST_SIZE=0D + SHA384_DIGEST_SIZE=0D + SHA512_DIGEST_SIZE=0D + 0 to use default (SHA1)=0D + @param[out] EncryptedData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] EncryptedDataSize Size of the encrypted message buffer.=0D +=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaOaepEncrypt (=0D + IN VOID *RsaContext,=0D + IN UINT8 *InData,=0D + IN UINTN InDataSize,=0D + IN CONST UINT8 *PrngSeed OPTIONAL,=0D + IN UINTN PrngSeedSize OPTIONAL,=0D + IN UINT16 DigestLen OPTIONAL,=0D + OUT UINT8 **EncryptedData,=0D + OUT UINTN *EncryptedDataSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + decrypted message in a newly allocated buffer.=0D +=0D + Things that can cause a failure include:=0D + - Fail to parse private key.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D +=0D + @param[in] PrivateKey A pointer to the DER-encoded private key= .=0D + @param[in] PrivateKeySize Size of the private key buffer.=0D + @param[in] EncryptedData Data to be decrypted.=0D + @param[in] EncryptedDataSize Size of the encrypted buffer.=0D + @param[out] OutData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] OutDataSize Size of the encrypted message buffer.=0D +=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Pkcs1v2Decrypt (=0D + IN CONST UINT8 *PrivateKey,=0D + IN UINTN PrivateKeySize,=0D + IN UINT8 *EncryptedData,=0D + IN UINTN EncryptedDataSize,=0D + OUT UINT8 **OutData,=0D + OUT UINTN *OutDataSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D +=0D +/**=0D + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + decrypted message in a newly allocated buffer.=0D +=0D + Things that can cause a failure include:=0D + - Fail to parse private key.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D +=0D + @param[in] RsaContext A pointer to an RSA context created by R= saNew() and=0D + provisioned with a private key using Rsa= SetKey().=0D + @param[in] EncryptedData Data to be decrypted.=0D + @param[in] EncryptedDataSize Size of the encrypted buffer.=0D + @param[in] DigestLen [Optional] If provided, size of the hash= used:=0D + SHA1_DIGEST_SIZE=0D + SHA256_DIGEST_SIZE=0D + SHA384_DIGEST_SIZE=0D + SHA512_DIGEST_SIZE=0D + 0 to use default (SHA1)=0D + @param[out] OutData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] OutDataSize Size of the encrypted message buffer.=0D +=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaOaepDecrypt (=0D + IN VOID *RsaContext,=0D + IN UINT8 *EncryptedData,=0D + IN UINTN EncryptedDataSize,=0D + IN UINT16 DigestLen OPTIONAL,=0D + OUT UINT8 **OutData,=0D + OUT UINTN *OutDataSize=0D + )=0D +{=0D + ASSERT (FALSE);=0D + return FALSE;=0D +}=0D --=20 2.44.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117250): https://edk2.groups.io/g/devel/message/117250 Mute This Topic: https://groups.io/mt/105239223/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-