From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web08.88.1619104694013743294 for ; Thu, 22 Apr 2021 08:18:14 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=QgOtUdfC; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: jiewen.yao@intel.com) IronPort-SDR: rsO8fiM6o7/3AKxjP+R2XHoySsKLwEAR4zox+/cfj2WSGqkJa8jYY8epehNQCnH8LhYcqM2gKj LUWdWJRX4cig== X-IronPort-AV: E=McAfee;i="6200,9189,9962"; a="257214714" X-IronPort-AV: E=Sophos;i="5.82,242,1613462400"; d="scan'208";a="257214714" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Apr 2021 08:18:12 -0700 IronPort-SDR: xls9PAuS4URBS82MbfIT1Wt/farzgJZN2Bwt97CK3oyeSZYyXEB+/OkLeHrKAtszlqR7o06edq 7O1CYaR1RZ9Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,242,1613462400"; d="scan'208";a="421407677" Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by fmsmga008.fm.intel.com with ESMTP; 22 Apr 2021 08:18:11 -0700 Received: from fmsmsx609.amr.corp.intel.com (10.18.126.89) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Thu, 22 Apr 2021 08:18:11 -0700 Received: from fmsmsx609.amr.corp.intel.com (10.18.126.89) by fmsmsx609.amr.corp.intel.com (10.18.126.89) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Thu, 22 Apr 2021 08:18:10 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx609.amr.corp.intel.com (10.18.126.89) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2 via Frontend Transport; Thu, 22 Apr 2021 08:18:10 -0700 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.108) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2106.2; Thu, 22 Apr 2021 08:18:10 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Num1tYj86ZqtGTIOFLc+VK6e1oPBSw0T3vEW2D4LUyb4ULmkdsYQi//hienbX86blJqGQYntWXQVG4kd1g6SM464iedmjyi0LqRFuMoVY4f4TASp15lFuIkI8IMFRRnnv6pNT49jQR17KEB///8fwYsmmmmB86uV1zmQqtyGRlRH2RmZWg+4gZV4uzt9rva0QALrQ5oXpSPSwscgnqk7eZfEM3ivyomtt2gLLB6cM2qfIY044pRjlpMh5Y4ooubVpp2V5UEbtFCKnxvhm4tyTXKe8EE0+6jGGhEMQjAwssoM5ZQwQfPWK/ewrGrpx/+J/3eBmkViNVPA+q5qJlaI1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=g23PVfuoX8OtcTiFLnsDmWsP7shfJQsxjyz/7ytHCCQ=; b=RfEbAUJWVZ5vzxikfCyubMyb/FoQdzBoXa/qMm5SjUBqzdNZVWZcg2jQLEoNWEakpMjhDU+mUJtfrZUNg/U++hst1+nj5UOeA/swwQuz/yajZXeK7wiuhobH0wexEHWLN9u4GUi8CUqbRhd9a9gDp9LXQ8tBMS80ykJgaccbJsER7rsbvp9o3cNAkzhelIF17rissti/IODWSQL0OqMNHKm/aBCFaHpr0c8GAMzqiTu2p0nPMr3E3J+VFUGhcG/NpvfVs98XXEdggzhiPKHYLHXQu88PJ50IST9vLd2h0lVWhIcXAVJLu+KfF9E62fsUJ5prPlQM50oVs5p14CnaJA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=g23PVfuoX8OtcTiFLnsDmWsP7shfJQsxjyz/7ytHCCQ=; b=QgOtUdfCT86Eu8+GVG8XcIWlh7O5drCW4dzYkL/PSctBgIK3QjlL+yaPfSabp3V6e/S9kam44f3Hwptd64I5f7obYpdxiHdr8U796BXvCsfrxljlZtHY/rHLJi9r3OrCpV72CiMTHA1cAKYdrMjx05CyyKGEXk8SiVa/Od1z8mc= Received: from BY5PR11MB4166.namprd11.prod.outlook.com (2603:10b6:a03:191::25) by BY5PR11MB4196.namprd11.prod.outlook.com (2603:10b6:a03:1ce::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.21; Thu, 22 Apr 2021 15:18:08 +0000 Received: from BY5PR11MB4166.namprd11.prod.outlook.com ([fe80::c9d9:1b92:3014:6f17]) by BY5PR11MB4166.namprd11.prod.outlook.com ([fe80::c9d9:1b92:3014:6f17%3]) with mapi id 15.20.4042.024; Thu, 22 Apr 2021 15:18:08 +0000 From: "Yao, Jiewen" To: "Agrawal, Sachin" , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Lu, XiaoyuX" , "Jiang, Guomin" Subject: Re: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Add RSA PSS verify support Thread-Topic: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Add RSA PSS verify support Thread-Index: AQHXNYklz3Rjg2QaiUSFN9fpAiRHjqq8rqtAgABREACAABsoEIAAayyAgACmqYCAAmw/AIAAENDg Date: Thu, 22 Apr 2021 15:18:08 +0000 Message-ID: References: <20210420020150.29212-1-sachin.agrawal@intel.com> <20210420020150.29212-2-sachin.agrawal@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.220] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: e3867747-1bae-46a3-6fa5-08d905a1d5f5 x-ms-traffictypediagnostic: BY5PR11MB4196: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: lZyql5cqSwo5D2kMgoNAWTtHeH7IsjquAK1DNwegJ9hIM7ZM7sfD173qPn/+34QeTr9mDk7iujxRxiYRxt6KHAXeeHWRYT5r0EIf2JSXFLDKlH6btWumz4/T8wrSmhcmRoI8YZh2dJ+byCYn2B5f0ppjPhv+FKYptqdFebQsF+Hg7Idd1BxtGsrX6SuYzlNSLGxGLYPIi0CqWgWhg0+nbDIkwLwtGhV0gmZIA37whZ2yNKN7Yv6SpX6A8Cn3yWgnIcuVABoV9KD65omZw7sSe+Grj5YJHe/oes2STZf8KETfJGH5uWSnG2gkSgpkJY1gRhJgy/EvrVvLSzSvikAa6uTuC8Ll2iEDKIxuZPoBKjLhcXIY7bD2qocNvholUjSyHlXbnGmDog91DinLXHoSiqGnxjeHyiw/OALXRyhkSTy3oZTywqOxgl8d3JoRcOScoGx0PbXEDbkA4oR5xHIUlk2x7OtZLFQfJyxrQ3fnGLlKSRXBBOPVmFgUeSSzUDalxI0mXDsuvL5th3VGDxsXuspOyIa24zs1hGZ6D1FSe9EZdFZXq9NOZctYw5w7rJ5ino6eK+FQXZsWODsIvz3cnBrLrqiJQBqQ5e88m+vNYQi81c4zwPk7geWQLEiirotfoEGZDH+mR1564xcpJDqa08MW3fsJgwnYPWRC1PvHnp6pL2Q5/fDVXJ/A1rp1uMIW x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BY5PR11MB4166.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(376002)(136003)(396003)(346002)(366004)(39860400002)(4326008)(71200400001)(86362001)(110136005)(478600001)(53546011)(5660300002)(54906003)(30864003)(7696005)(64756008)(83380400001)(107886003)(15650500001)(6506007)(316002)(9686003)(186003)(33656002)(26005)(52536014)(66446008)(966005)(66556008)(66946007)(8676002)(66476007)(2906002)(76116006)(122000001)(38100700002)(8936002)(55016002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?koi8-r?Q?D2s1khRFJAjwRH+WC3c7Zl9GkpbpZ+H/6l4X0y8J1lUTPyDxB0NjsIUriD8mx5?= =?koi8-r?Q?FWI+QQh3kQO9Q4ZIEz5F78Hn8KK3s7a7HKqqcIS3s6+a80X5awSxby+xZvsVr5?= =?koi8-r?Q?olIpj7KskZ0RidhyZZKguJBnqqTvJUeb6qD+E8zV5ozhzXC8w2FBe3M+Zfkx6s?= =?koi8-r?Q?VqGJQaM0N/+HBnn4RLzyAdgaUxVNL6U8MdKlLw/bh0FcmSU58Yyh0+darHSca7?= =?koi8-r?Q?uDNiAuwDVg86WeAXIkWyfZTHcZKEfe9x7ZvbCFvMYPYk1LRCPQ11kPQXPvZs1n?= =?koi8-r?Q?6E4OvIm2rQCs9xvHyAFNDbdHIswhR7x/SOHQZ5/QgHRnPyfpgjOSmyNyTeCgrO?= =?koi8-r?Q?/tPpSgIYD47QvnE3Ur3pgLeyT+KNmNXcEdJyreV3PhDrO2DUq7RU7LjJkLyAWS?= =?koi8-r?Q?j9HvxLVPnNxs9874df8PgG9v2VplZ3uiHLIqLL7/OfX6wKK6EA+L/l+7nMNezW?= =?koi8-r?Q?CnbqciBJ3nLOQtW87emVyLOTFOTWQutjkK+0ggg1jSNQQYdI7ClM0p0N6chYYK?= =?koi8-r?Q?vSYzMWxUXnjE5dM4ajnIDNeBnWQujgv0xYQmfIZ97PBmCVZJuV58/0BC5d812/?= =?koi8-r?Q?ps8NOz2c9URMX+70dnSoG0Z1yzSHn3We2YXojAvB7dYp2Hw+N4OI03vaXChs1K?= =?koi8-r?Q?llPRe4Di3sQ+4A367ogUvVEjR11W/i2fzz48eVshTH14PIo3IFCQm07On4iRDB?= =?koi8-r?Q?b7Mm1wr+PRu3YPwr467VpXtteZaSGbF1piV7d9y20W/EC8wPA0W2XP1KwnnM1t?= =?koi8-r?Q?jnU3Gsm1mD5gXuOqkG0XXEGvpdVrw1afFzsj4EzkciXEenFV+1corCuUzmM57x?= =?koi8-r?Q?+zTYUdierhWwxDlsYhkWF9szhRNgGM3LcucwOTjaTquNeZHe5ZMAt7sKJP3dsQ?= =?koi8-r?Q?sEa7IuY6lr+OTBm9QL6B43PwBWfYirZwvAldzJutpA76PKY1zkoePlMu432+5m?= =?koi8-r?Q?dx+WaWXV71Z2aro8i2k2pn8HJHF9wBZjGinoXql+VY4d4ha/ottQ2GBuOJwSde?= =?koi8-r?Q?O25gk4TbU/I/U6Qcp8wB6gJ81ziZBbpTugdlUjuaY9w0PQDTju0GB8JUmKRbjy?= =?koi8-r?Q?Bm/AYvXDCa4jJ/FBdpC1VcVPCOnXZ1zrAQm79VTxGMdcg4KZI5dLOWWn2GLdLL?= =?koi8-r?Q?GaxXHlNcCA0gKGmnzI61D5NfISZoHTeTvwzqd7TwzGct5PTBDWb2irqtOYHVny?= =?koi8-r?Q?k7kLMb/NG63mV7MhzWhfiI/RZjjD2QMHiMktPIg8diYal3PE9KA8nClHqfTkvK?= =?koi8-r?Q?az1SThsf+d38ZMNydybXT5uj9t2fI6TC7urv0kZxt/?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4166.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: e3867747-1bae-46a3-6fa5-08d905a1d5f5 X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Apr 2021 15:18:08.5652 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: xckhwjB/iGrcMIjnSo2RFOWN7IjzA+dMBjQNNOuobl/hZmRfVZ4aLRfqJrQcgdZ3kwi3CoBwA8aAhJp5cvKh7w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR11MB4196 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable I think we have some EDKII tool will use the Signing capability, but it is = not needed during BIOS boot. That is why Signing function is in Ext.c, whil= e verify function in in Basic.c Please also add crypto unit test for both API - https://github.com/tianocor= e/edk2/tree/master/CryptoPkg/Test Thank you Yao Jiewen > -----Original Message----- > From: Agrawal, Sachin > Sent: Thursday, April 22, 2021 10:16 PM > To: Yao, Jiewen ; devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, XiaoyuX > ; Jiang, Guomin > Subject: RE: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Add RSA PSS verify > support >=20 > Hi Jiewen, >=20 > Thanks for sharing these references. >=20 > We are currently using Salt Length of digest length. > I will add the test for new API in the unit test framework in the next ve= rsion of > the patch. >=20 > In reference to adding support for RsaPssSign() API : This maybe due to m= y > ignorance, but I am unaware of usages where BIOS is involved in doing > asymmetric signing during run time. I do see that CryptoPkg also contains= TLS > interface and that would involve asymmetric signing, but that will direct= ly use > the OpenSSL's TLS interface for signing. And, therefore I was skeptical a= bout > adding RsaPssSign interface. >=20 > Thanks > Sachin >=20 > -----Original Message----- > From: Yao, Jiewen > Sent: Tuesday, April 20, 2021 6:29 PM > To: Agrawal, Sachin ; devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, XiaoyuX > ; Jiang, Guomin > Subject: RE: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Add RSA PSS verify > support >=20 > HI Sachin > Sorry, I forget to add link for the reference. >=20 > 1) TPM2 Library Specification, part 2 structure > (https://trustedcomputinggroup.org/wp- > content/uploads/TCG_TPM2_r1p64_Part2_Structures_15may2021.pdf) > describes the PSS salt length. >=20 > For the TPM_ALG_RSAPSS signing scheme, ... > .... The salt size is > always the largest salt value that will fit into the available space. >=20 >=20 > 2) NIST FIPS 186-5 draft > (https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft.pdf) and NI= ST > FIPS 186-4 (https://doi.org/10.6028/NIST.FIPS.186-4) says: >=20 > For RSASSA-PSS, > the length (in bytes) of the salt (sLen) shall satisfy 0 =98 sLen =98 hLe= n >=20 > 3) TCG FIPS 140-2 Guidance for TPM2 > (https://trustedcomputinggroup.org/resource/tcg-fips-140-2-guidance-for- > tpm-2-0/) mentions: >=20 > Language in [1] Part 1 Appendix B.7 RSASSA_PSS indicates: > "For both restricted and unrestricted signing keys, the random salt l= ength > will be the largest > size allowed by the key size and message digest size. > NOTE If the TPM implementation is required to be compliant with FIPS 186-= 4, > then the random > salt length will be the largest size allowed by that specification." >=20 > 4) TLS1.3 - RFC8446 (https://datatracker.ietf.org/doc/rfc8446/) has below= . >=20 > RSASSA-PSS PSS algorithms: > The length of the Salt MUST be equal to the length of the digest > algorithm. >=20 >=20 > My view is that, TLS 1.3 and TPM FIPS mode require salt length =3D=3D has= h length, > explicitly. >=20 > May I know that in your production, which salt length you choose in signi= ng? > If you also choose salt length =3D=3D hash length, then I would recommend= make > the default behavior to be HASH_LEN instead of AUTO. >=20 > Also, may I recommend we add RsaPssSign API as well? >=20 > Please also add the new API to the crypto test unit test. >=20 >=20 > I notice that crypto implementation (such as openssl, mbedtls) has API to= let > caller indicate what is the expected salt length. The caller may want AUT= O or > MAX in their special environment. I am OK to add another API later (such = as > RsaPssVerifyEx) to satisfy that need, if there is real use case. >=20 >=20 >=20 >=20 > > -----Original Message----- > > From: Agrawal, Sachin > > Sent: Tuesday, April 20, 2021 11:20 PM > > To: Yao, Jiewen ; devel@edk2.groups.io > > Cc: Wang, Jian J ; Lu, XiaoyuX > > ; Jiang, Guomin > > Subject: RE: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Add RSA PSS > > verify support > > > > Hi Jiewen, > > > > I reviewed RFC 8017 and I could not find any specific > > 'recommendations' on salt length to be used during signing with PSS > encoding scheme. > > However, in Section D.5.2.2.1(Notes 2) of IEEE 1363a-2004, it is > > recommended to use salt length atleast equal to the hash digest length. > > > > We can modify the current API to take a additional parameter as salt > > length and ONLY pursue verification operation if Salt length is > > atleast equal to digest length. > > This will act as a hardening mechanism for Edk2 as it will accept > > signatures only with 'appropriate' salt lengths. > > > > Let me know if this is fine and I will push a corresponding patch. > > > > Thx > > Sachin > > > > > > -----Original Message----- > > From: Yao, Jiewen > > Sent: Tuesday, April 20, 2021 2:12 AM > > To: Agrawal, Sachin ; devel@edk2.groups.io > > Cc: Wang, Jian J ; Lu, XiaoyuX > > ; Jiang, Guomin > > Subject: RE: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Add RSA PSS > > verify support > > > > Right. That has PROs and CONs. > > > > On one hand, that allows maximum compatibility, salt could be > > HASH_SIZE or MAX, or even 0 ? > > > > On the other hand, what if the consumer only wants to accept a > > specific length? E.g. TPM in FIPS mode and TLS requires > SaltLength=3D=3DHashLength. > > > > Thank you > > Yao Jiewen > > > > > > > -----Original Message----- > > > From: Agrawal, Sachin > > > Sent: Tuesday, April 20, 2021 3:19 PM > > > To: Yao, Jiewen ; devel@edk2.groups.io > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > > ; Jiang, Guomin > > > Subject: RE: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Add RSA PSS > > > verify support > > > > > > Hi Jiewen, > > > > > > From Section 9.1 in RFC 8017: > > > " Note that the verification operation follows reverse steps to recov= er > > > salt and then forward steps to recompute and compare H." > > > > > > Therefore, salt length can be inferred from the PSS block structure > > > during verification operation. > > > > > > I opted for 'RSA_PSS_SALTLEN_AUTO' as it will allow Edk2 to verify > > > PSS signatures of any salt lengths. > > > > > > Thanks > > > Sachin > > > > > > -----Original Message----- > > > From: Yao, Jiewen > > > Sent: Monday, April 19, 2021 7:30 PM > > > To: Agrawal, Sachin ; devel@edk2.groups.io > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > > ; Jiang, Guomin > > > Subject: RE: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Add RSA PSS > > > verify support > > > > > > Hi Sachin > > > May I know why you hardcode PSS salt length to be > > RSA_PSS_SALTLEN_AUTO ? > > > > > > Thank you > > > Yao Jiewen > > > > > > > > > > -----Original Message----- > > > > From: Agrawal, Sachin > > > > Sent: Tuesday, April 20, 2021 10:02 AM > > > > To: devel@edk2.groups.io > > > > Cc: Yao, Jiewen ; Wang, Jian J > > > > ; Lu, XiaoyuX ; > > > > Jiang, Guomin ; Agrawal, Sachin > > > > > > > > Subject: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Add RSA PSS > > > > verify support > > > > > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3314 > > > > > > > > This patch uses Openssl's EVP API's to perform RSASSA-PSS > > > > verification of a binary blob. > > > > > > > > Cc: Jiewen Yao > > > > Cc: Jian J Wang > > > > Cc: Xiaoyu Lu > > > > Cc: Guomin Jiang > > > > > > > > Signed-off-by: Sachin Agrawal > > > > --- > > > > CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c | 139 > > > > ++++++++++++++++++++ > > > > CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c | 43 ++++++ > > > > CryptoPkg/Include/Library/BaseCryptLib.h | 27 ++++ > > > > CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 + > > > > CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 1 + > > > > CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 + > > > > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 + > > > > 7 files changed, 213 insertions(+) > > > > > > > > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c > > > > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c > > > > new file mode 100644 > > > > index 000000000000..acf5eb689cd8 > > > > --- /dev/null > > > > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c > > > > @@ -0,0 +1,139 @@ > > > > +/** @file > > > > + RSA Asymmetric Cipher Wrapper Implementation over OpenSSL. > > > > + > > > > + This file implements following APIs which provide basic > > > > + capabilities for > > RSA: > > > > + 1) RsaPssVerify > > > > + > > > > +Copyright (c) 2021, Intel Corporation. All rights reserved.
> > > > +SPDX-License-Identifier: BSD-2-Clause-Patent > > > > + > > > > +**/ > > > > + > > > > +#include "InternalCryptLib.h" > > > > + > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > + > > > > + > > > > +/** > > > > + Retrieve a pointer to EVP message digest object. > > > > + > > > > + @param[in] DigestLen Length of the message digest. > > > > + > > > > +**/ > > > > +static > > > > +EVP_MD* > > > > +GetEvpMD ( > > > > + IN UINT16 DigestLen > > > > + ) > > > > +{ > > > > + switch (DigestLen){ > > > > + case SHA256_DIGEST_SIZE: > > > > + return EVP_sha256(); > > > > + break; > > > > + case SHA384_DIGEST_SIZE: > > > > + return EVP_sha384(); > > > > + break; > > > > + case SHA512_DIGEST_SIZE: > > > > + return EVP_sha512(); > > > > + break; > > > > + default: > > > > + return NULL; > > > > + } > > > > +} > > > > + > > > > + > > > > +/** > > > > + Verifies the RSA signature with RSASSA-PSS signature scheme > > > > +defined in RFC > > > > 8017. > > > > + Implementation determines salt length automatically from the > > > > + signature > > > > encoding. > > > > + Mask generation function is the same as the message digest algor= ithm. > > > > + > > > > + @param[in] RsaContext Pointer to RSA context for signature > > verification. > > > > + @param[in] Message Pointer to octet message to be verif= ied. > > > > + @param[in] MsgSize Size of the message in bytes. > > > > + @param[in] Signature Pointer to RSASSA-PSS signature to b= e > verified. > > > > + @param[in] SigSize Size of signature in bytes. > > > > + @param[in] DigestLen Length of digest for RSA operation. > > > > + > > > > + @retval TRUE Valid signature encoded in RSASSA-PSS. > > > > + @retval FALSE Invalid signature or invalid RSA context. > > > > + > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +RsaPssVerify ( > > > > + IN VOID *RsaContext, > > > > + IN CONST UINT8 *Message, > > > > + IN UINTN MsgSize, > > > > + IN CONST UINT8 *Signature, > > > > + IN UINTN SigSize, > > > > + IN UINT16 DigestLen > > > > + ) > > > > +{ > > > > + BOOLEAN Result; > > > > + EVP_PKEY *pEvpRsaKey =3D NULL; > > > > + EVP_MD_CTX *pEvpVerifyCtx =3D NULL; > > > > + EVP_PKEY_CTX *pKeyCtx =3D NULL; > > > > + CONST EVP_MD *HashAlg =3D NULL; > > > > + > > > > + if (RsaContext =3D=3D NULL) { > > > > + return FALSE; > > > > + } > > > > + if (Message =3D=3D NULL || MsgSize =3D=3D 0 || MsgSize > INT_MAX= ) { > > > > + return FALSE; > > > > + } > > > > + if (Signature =3D=3D NULL || SigSize =3D=3D 0 || SigSize > INT_M= AX) { > > > > + return FALSE; > > > > + } > > > > + > > > > + HashAlg =3D GetEvpMD(DigestLen); > > > > + > > > > + if (HashAlg =3D=3D NULL) { > > > > + return FALSE; > > > > + } > > > > + > > > > + pEvpRsaKey =3D EVP_PKEY_new(); > > > > + if (pEvpRsaKey =3D=3D NULL) { > > > > + goto _Exit; > > > > + } > > > > + > > > > + EVP_PKEY_set1_RSA(pEvpRsaKey, RsaContext); > > > > + > > > > + pEvpVerifyCtx =3D EVP_MD_CTX_create(); if (pEvpVerifyCtx =3D=3D= NULL) { > > > > + goto _Exit; > > > > + } > > > > + > > > > + Result =3D EVP_DigestVerifyInit(pEvpVerifyCtx, &pKeyCtx, HashAlg= , > > > > + NULL, > > > > pEvpRsaKey) > 0; > > > > + if (pKeyCtx =3D=3D NULL) { > > > > + goto _Exit; > > > > + } > > > > + > > > > + if (Result) { > > > > + Result =3D EVP_PKEY_CTX_set_rsa_padding(pKeyCtx, > > > > RSA_PKCS1_PSS_PADDING) > 0; > > > > + } > > > > + if (Result) { > > > > + Result =3D EVP_PKEY_CTX_set_rsa_pss_saltlen(pKeyCtx, > > > > RSA_PSS_SALTLEN_AUTO) > 0; > > > > + } > > > > + if (Result) { > > > > + Result =3D EVP_PKEY_CTX_set_rsa_mgf1_md(pKeyCtx, HashAlg) > 0; > > > > + } if (Result) { > > > > + Result =3D EVP_DigestVerifyUpdate(pEvpVerifyCtx, Message, > > > > (UINT32)MsgSize) > 0; > > > > + } > > > > + if (Result) { > > > > + Result =3D EVP_DigestVerifyFinal(pEvpVerifyCtx, Signature, > > > > + (UINT32)SigSize) > 0; } > > > > + > > > > +_Exit : > > > > + if (pEvpRsaKey) { > > > > + EVP_PKEY_free(pEvpRsaKey); > > > > + } > > > > + if (pEvpVerifyCtx) { > > > > + EVP_MD_CTX_destroy(pEvpVerifyCtx); > > > > + } > > > > + > > > > + return Result; > > > > +} > > > > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c > > > > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c > > > > new file mode 100644 > > > > index 000000000000..8d84b4c1426c > > > > --- /dev/null > > > > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c > > > > @@ -0,0 +1,43 @@ > > > > +/** @file > > > > + RSA-PSS Asymmetric Cipher Wrapper Implementation over OpenSSL. > > > > + > > > > + This file does not provide real capabilities for following APIs > > > > + in RSA > > handling: > > > > + 1) RsaPssVerify > > > > + > > > > +Copyright (c) 2021, Intel Corporation. All rights reserved.
> > > > +SPDX-License-Identifier: BSD-2-Clause-Patent > > > > + > > > > +**/ > > > > + > > > > +#include "InternalCryptLib.h" > > > > + > > > > +/** > > > > + Verifies the RSA signature with RSASSA-PSS signature scheme > > > > +defined in RFC > > > > 8017. > > > > + Implementation determines salt length automatically from the > > > > + signature > > > > encoding. > > > > + Mask generation function is the same as the message digest algor= ithm. > > > > + > > > > + @param[in] RsaContext Pointer to RSA context for signature > > verification. > > > > + @param[in] Message Pointer to octet message to be verif= ied. > > > > + @param[in] MsgSize Size of the message in bytes. > > > > + @param[in] Signature Pointer to RSASSA-PSS signature to b= e > verified. > > > > + @param[in] SigSize Size of signature in bytes. > > > > + @param[in] DigestLen Length of digest for RSA operation. > > > > + > > > > + @retval TRUE Valid signature encoded in RSASSA-PSS. > > > > + @retval FALSE Invalid signature or invalid RSA context. > > > > + > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +RsaPssVerify ( > > > > + IN VOID *RsaContext, > > > > + IN CONST UINT8 *Message, > > > > + IN UINTN MsgSize, > > > > + IN CONST UINT8 *Signature, > > > > + IN UINTN SigSize, > > > > + IN UINT16 DigestLen > > > > + ) > > > > +{ > > > > + ASSERT (FALSE); > > > > + return FALSE; > > > > +} > > > > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > > > > b/CryptoPkg/Include/Library/BaseCryptLib.h > > > > index 496121e6a4ed..36d560b8d691 100644 > > > > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > > > > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > > > > @@ -1363,6 +1363,33 @@ RsaPkcs1Verify ( > > > > IN UINTN SigSize > > > > ); > > > > > > > > +/** > > > > + Verifies the RSA signature with RSASSA-PSS signature scheme > > > > +defined in RFC > > > > 8017. > > > > + Implementation determines salt length automatically from the > > > > + signature > > > > encoding. > > > > + Mask generation function is the same as the message digest algor= ithm. > > > > + > > > > + @param[in] RsaContext Pointer to RSA context for signature > > verification. > > > > + @param[in] Message Pointer to octet message to be verif= ied. > > > > + @param[in] MsgSize Size of the message in bytes. > > > > + @param[in] Signature Pointer to RSASSA-PSS signature to b= e > verified. > > > > + @param[in] SigSize Size of signature in bytes. > > > > + @param[in] DigestLen Length of digest for RSA operation. > > > > + > > > > + @retval TRUE Valid signature encoded in RSASSA-PSS. > > > > + @retval FALSE Invalid signature or invalid RSA context. > > > > + > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +RsaPssVerify ( > > > > + IN VOID *RsaContext, > > > > + IN CONST UINT8 *Message, > > > > + IN UINTN MsgSize, > > > > + IN CONST UINT8 *Signature, > > > > + IN UINTN SigSize, > > > > + IN UINT16 DigestLen > > > > + ); > > > > + > > > > /** > > > > Retrieve the RSA Private Key from the password-protected PEM key > data. > > > >