From: "Wang, Jian J" <jian.j.wang@intel.com>
To: "Gao, Liming" <liming.gao@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "K, Pavana" <pavana.k@intel.com>, "Feng, Bob C" <bob.c.feng@intel.com>
Subject: Re: [PATCH 1/1] CryptoPkg: Support for SHA384 & SHA512 RSA signing schemes
Date: Mon, 6 Jan 2020 02:42:12 +0000 [thread overview]
Message-ID: <D827630B58408649ACB04F44C5100036259EA630@SHSMSX107.ccr.corp.intel.com> (raw)
In-Reply-To: <20200102123027.15412-1-liming.gao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Regards,
Jian
> -----Original Message-----
> From: Gao, Liming <liming.gao@intel.com>
> Sent: Thursday, January 02, 2020 8:30 PM
> To: devel@edk2.groups.io
> Cc: K, Pavana <pavana.k@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Feng, Bob C <bob.c.feng@intel.com>
> Subject: [PATCH 1/1] CryptoPkg: Support for SHA384 & SHA512 RSA signing
> schemes
>
> From: "Pavana.K" <pavana.k@intel.com>
>
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2389
>
> Currently RSA signing scheme support is available for MD5, SHA-1 or
> SHA-256 algorithms.The fix is to extend this support for SHA384 and
> SHA512.
>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Bob Feng <bob.c.feng@intel.com>
>
> Signed-off-by: Pavana.K <pavana.k@intel.com>
> ---
> CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c | 14 +++++++++++---
> CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c | 14 +++++++++++---
> 2 files changed, 22 insertions(+), 6 deletions(-)
>
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> index 454dbbd476d9..d24e1fdf6801 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> @@ -7,7 +7,7 @@
> 3) RsaSetKey
> 4) RsaPkcs1Verify
>
> -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -250,7 +250,7 @@ RsaSetKey (
> If RsaContext is NULL, then return FALSE.
> If MessageHash is NULL, then return FALSE.
> If Signature is NULL, then return FALSE.
> - If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then
> return FALSE.
> + If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-
> 512 digest, then return FALSE.
>
> @param[in] RsaContext Pointer to RSA context for signature verification.
> @param[in] MessageHash Pointer to octet message hash to be checked.
> @@ -288,7 +288,7 @@ RsaPkcs1Verify (
>
> //
> // Determine the message digest algorithm according to digest size.
> - // Only MD5, SHA-1 or SHA-256 algorithm is supported.
> + // Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.
> //
> switch (HashSize) {
> case MD5_DIGEST_SIZE:
> @@ -303,6 +303,14 @@ RsaPkcs1Verify (
> DigestType = NID_sha256;
> break;
>
> + case SHA384_DIGEST_SIZE:
> + DigestType = NID_sha384;
> + break;
> +
> + case SHA512_DIGEST_SIZE:
> + DigestType = NID_sha512;
> + break;
> +
> default:
> return FALSE;
> }
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> index e3dd4844c444..7cd5fecf04cb 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> @@ -7,7 +7,7 @@
> 3) RsaCheckKey
> 4) RsaPkcs1Sign
>
> -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -276,7 +276,7 @@ RsaCheckKey (
>
> If RsaContext is NULL, then return FALSE.
> If MessageHash is NULL, then return FALSE.
> - If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then
> return FALSE.
> + If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-
> 512 digest, then return FALSE.
> If SigSize is large enough but Signature is NULL, then return FALSE.
>
> @param[in] RsaContext Pointer to RSA context for signature generation.
> @@ -326,7 +326,7 @@ RsaPkcs1Sign (
>
> //
> // Determine the message digest algorithm according to digest size.
> - // Only MD5, SHA-1 or SHA-256 algorithm is supported.
> + // Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.
> //
> switch (HashSize) {
> case MD5_DIGEST_SIZE:
> @@ -341,6 +341,14 @@ RsaPkcs1Sign (
> DigestType = NID_sha256;
> break;
>
> + case SHA384_DIGEST_SIZE:
> + DigestType = NID_sha384;
> + break;
> +
> + case SHA512_DIGEST_SIZE:
> + DigestType = NID_sha512;
> + break;
> +
> default:
> return FALSE;
> }
> --
> 2.16.2.windows.1
prev parent reply other threads:[~2020-01-06 2:42 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-02 12:30 [PATCH 1/1] CryptoPkg: Support for SHA384 & SHA512 RSA signing schemes Liming Gao
2020-01-06 2:42 ` Wang, Jian J [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D827630B58408649ACB04F44C5100036259EA630@SHSMSX107.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox