public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [PATCH 1/1] CryptoPkg: Support for SHA384 & SHA512 RSA signing schemes
@ 2020-01-02 12:30 Liming Gao
  2020-01-06  2:42 ` Wang, Jian J
  0 siblings, 1 reply; 2+ messages in thread
From: Liming Gao @ 2020-01-02 12:30 UTC (permalink / raw)
  To: devel; +Cc: Pavana.K, Jian J Wang, Bob Feng

From: "Pavana.K" <pavana.k@intel.com>

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2389

Currently RSA signing scheme support is available for MD5, SHA-1 or
SHA-256 algorithms.The fix is to extend this support for SHA384 and
SHA512.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Bob Feng <bob.c.feng@intel.com>

Signed-off-by: Pavana.K <pavana.k@intel.com>
---
 CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c | 14 +++++++++++---
 CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c   | 14 +++++++++++---
 2 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
index 454dbbd476d9..d24e1fdf6801 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
@@ -7,7 +7,7 @@
   3) RsaSetKey
   4) RsaPkcs1Verify
 
-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -250,7 +250,7 @@ RsaSetKey (
   If RsaContext is NULL, then return FALSE.
   If MessageHash is NULL, then return FALSE.
   If Signature is NULL, then return FALSE.
-  If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
+  If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE.
 
   @param[in]  RsaContext   Pointer to RSA context for signature verification.
   @param[in]  MessageHash  Pointer to octet message hash to be checked.
@@ -288,7 +288,7 @@ RsaPkcs1Verify (
 
   //
   // Determine the message digest algorithm according to digest size.
-  //   Only MD5, SHA-1 or SHA-256 algorithm is supported.
+  //   Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.
   //
   switch (HashSize) {
   case MD5_DIGEST_SIZE:
@@ -303,6 +303,14 @@ RsaPkcs1Verify (
     DigestType = NID_sha256;
     break;
 
+  case SHA384_DIGEST_SIZE:
+    DigestType = NID_sha384;
+    break;
+
+  case SHA512_DIGEST_SIZE:
+    DigestType = NID_sha512;
+    break;
+
   default:
     return FALSE;
   }
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
index e3dd4844c444..7cd5fecf04cb 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
@@ -7,7 +7,7 @@
   3) RsaCheckKey
   4) RsaPkcs1Sign
 
-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -276,7 +276,7 @@ RsaCheckKey (
 
   If RsaContext is NULL, then return FALSE.
   If MessageHash is NULL, then return FALSE.
-  If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
+  If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE.
   If SigSize is large enough but Signature is NULL, then return FALSE.
 
   @param[in]       RsaContext   Pointer to RSA context for signature generation.
@@ -326,7 +326,7 @@ RsaPkcs1Sign (
 
   //
   // Determine the message digest algorithm according to digest size.
-  //   Only MD5, SHA-1 or SHA-256 algorithm is supported.
+  //   Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.
   //
   switch (HashSize) {
   case MD5_DIGEST_SIZE:
@@ -341,6 +341,14 @@ RsaPkcs1Sign (
     DigestType = NID_sha256;
     break;
 
+  case SHA384_DIGEST_SIZE:
+    DigestType = NID_sha384;
+    break;
+
+  case SHA512_DIGEST_SIZE:
+    DigestType = NID_sha512;
+    break;
+
   default:
     return FALSE;
   }
-- 
2.16.2.windows.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH 1/1] CryptoPkg: Support for SHA384 & SHA512 RSA signing schemes
  2020-01-02 12:30 [PATCH 1/1] CryptoPkg: Support for SHA384 & SHA512 RSA signing schemes Liming Gao
@ 2020-01-06  2:42 ` Wang, Jian J
  0 siblings, 0 replies; 2+ messages in thread
From: Wang, Jian J @ 2020-01-06  2:42 UTC (permalink / raw)
  To: Gao, Liming, devel@edk2.groups.io; +Cc: K, Pavana, Feng, Bob C


Reviewed-by: Jian J Wang <jian.j.wang@intel.com>

Regards,
Jian

> -----Original Message-----
> From: Gao, Liming <liming.gao@intel.com>
> Sent: Thursday, January 02, 2020 8:30 PM
> To: devel@edk2.groups.io
> Cc: K, Pavana <pavana.k@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Feng, Bob C <bob.c.feng@intel.com>
> Subject: [PATCH 1/1] CryptoPkg: Support for SHA384 & SHA512 RSA signing
> schemes
> 
> From: "Pavana.K" <pavana.k@intel.com>
> 
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2389
> 
> Currently RSA signing scheme support is available for MD5, SHA-1 or
> SHA-256 algorithms.The fix is to extend this support for SHA384 and
> SHA512.
> 
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Bob Feng <bob.c.feng@intel.com>
> 
> Signed-off-by: Pavana.K <pavana.k@intel.com>
> ---
>  CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c | 14 +++++++++++---
>  CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c   | 14 +++++++++++---
>  2 files changed, 22 insertions(+), 6 deletions(-)
> 
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> index 454dbbd476d9..d24e1fdf6801 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> @@ -7,7 +7,7 @@
>    3) RsaSetKey
>    4) RsaPkcs1Verify
> 
> -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
>  SPDX-License-Identifier: BSD-2-Clause-Patent
> 
>  **/
> @@ -250,7 +250,7 @@ RsaSetKey (
>    If RsaContext is NULL, then return FALSE.
>    If MessageHash is NULL, then return FALSE.
>    If Signature is NULL, then return FALSE.
> -  If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then
> return FALSE.
> +  If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-
> 512 digest, then return FALSE.
> 
>    @param[in]  RsaContext   Pointer to RSA context for signature verification.
>    @param[in]  MessageHash  Pointer to octet message hash to be checked.
> @@ -288,7 +288,7 @@ RsaPkcs1Verify (
> 
>    //
>    // Determine the message digest algorithm according to digest size.
> -  //   Only MD5, SHA-1 or SHA-256 algorithm is supported.
> +  //   Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.
>    //
>    switch (HashSize) {
>    case MD5_DIGEST_SIZE:
> @@ -303,6 +303,14 @@ RsaPkcs1Verify (
>      DigestType = NID_sha256;
>      break;
> 
> +  case SHA384_DIGEST_SIZE:
> +    DigestType = NID_sha384;
> +    break;
> +
> +  case SHA512_DIGEST_SIZE:
> +    DigestType = NID_sha512;
> +    break;
> +
>    default:
>      return FALSE;
>    }
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> index e3dd4844c444..7cd5fecf04cb 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> @@ -7,7 +7,7 @@
>    3) RsaCheckKey
>    4) RsaPkcs1Sign
> 
> -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
>  SPDX-License-Identifier: BSD-2-Clause-Patent
> 
>  **/
> @@ -276,7 +276,7 @@ RsaCheckKey (
> 
>    If RsaContext is NULL, then return FALSE.
>    If MessageHash is NULL, then return FALSE.
> -  If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then
> return FALSE.
> +  If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-
> 512 digest, then return FALSE.
>    If SigSize is large enough but Signature is NULL, then return FALSE.
> 
>    @param[in]       RsaContext   Pointer to RSA context for signature generation.
> @@ -326,7 +326,7 @@ RsaPkcs1Sign (
> 
>    //
>    // Determine the message digest algorithm according to digest size.
> -  //   Only MD5, SHA-1 or SHA-256 algorithm is supported.
> +  //   Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.
>    //
>    switch (HashSize) {
>    case MD5_DIGEST_SIZE:
> @@ -341,6 +341,14 @@ RsaPkcs1Sign (
>      DigestType = NID_sha256;
>      break;
> 
> +  case SHA384_DIGEST_SIZE:
> +    DigestType = NID_sha384;
> +    break;
> +
> +  case SHA512_DIGEST_SIZE:
> +    DigestType = NID_sha512;
> +    break;
> +
>    default:
>      return FALSE;
>    }
> --
> 2.16.2.windows.1


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2020-01-06  2:42 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-01-02 12:30 [PATCH 1/1] CryptoPkg: Support for SHA384 & SHA512 RSA signing schemes Liming Gao
2020-01-06  2:42 ` Wang, Jian J

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox