* [PATCH 1/1] CryptoPkg: Support for SHA384 & SHA512 RSA signing schemes
@ 2020-01-02 12:30 Liming Gao
2020-01-06 2:42 ` Wang, Jian J
0 siblings, 1 reply; 2+ messages in thread
From: Liming Gao @ 2020-01-02 12:30 UTC (permalink / raw)
To: devel; +Cc: Pavana.K, Jian J Wang, Bob Feng
From: "Pavana.K" <pavana.k@intel.com>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2389
Currently RSA signing scheme support is available for MD5, SHA-1 or
SHA-256 algorithms.The fix is to extend this support for SHA384 and
SHA512.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Bob Feng <bob.c.feng@intel.com>
Signed-off-by: Pavana.K <pavana.k@intel.com>
---
CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c | 14 +++++++++++---
CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c | 14 +++++++++++---
2 files changed, 22 insertions(+), 6 deletions(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
index 454dbbd476d9..d24e1fdf6801 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
@@ -7,7 +7,7 @@
3) RsaSetKey
4) RsaPkcs1Verify
-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -250,7 +250,7 @@ RsaSetKey (
If RsaContext is NULL, then return FALSE.
If MessageHash is NULL, then return FALSE.
If Signature is NULL, then return FALSE.
- If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
+ If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE.
@param[in] RsaContext Pointer to RSA context for signature verification.
@param[in] MessageHash Pointer to octet message hash to be checked.
@@ -288,7 +288,7 @@ RsaPkcs1Verify (
//
// Determine the message digest algorithm according to digest size.
- // Only MD5, SHA-1 or SHA-256 algorithm is supported.
+ // Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.
//
switch (HashSize) {
case MD5_DIGEST_SIZE:
@@ -303,6 +303,14 @@ RsaPkcs1Verify (
DigestType = NID_sha256;
break;
+ case SHA384_DIGEST_SIZE:
+ DigestType = NID_sha384;
+ break;
+
+ case SHA512_DIGEST_SIZE:
+ DigestType = NID_sha512;
+ break;
+
default:
return FALSE;
}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
index e3dd4844c444..7cd5fecf04cb 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
@@ -7,7 +7,7 @@
3) RsaCheckKey
4) RsaPkcs1Sign
-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -276,7 +276,7 @@ RsaCheckKey (
If RsaContext is NULL, then return FALSE.
If MessageHash is NULL, then return FALSE.
- If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
+ If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE.
If SigSize is large enough but Signature is NULL, then return FALSE.
@param[in] RsaContext Pointer to RSA context for signature generation.
@@ -326,7 +326,7 @@ RsaPkcs1Sign (
//
// Determine the message digest algorithm according to digest size.
- // Only MD5, SHA-1 or SHA-256 algorithm is supported.
+ // Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.
//
switch (HashSize) {
case MD5_DIGEST_SIZE:
@@ -341,6 +341,14 @@ RsaPkcs1Sign (
DigestType = NID_sha256;
break;
+ case SHA384_DIGEST_SIZE:
+ DigestType = NID_sha384;
+ break;
+
+ case SHA512_DIGEST_SIZE:
+ DigestType = NID_sha512;
+ break;
+
default:
return FALSE;
}
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH 1/1] CryptoPkg: Support for SHA384 & SHA512 RSA signing schemes
2020-01-02 12:30 [PATCH 1/1] CryptoPkg: Support for SHA384 & SHA512 RSA signing schemes Liming Gao
@ 2020-01-06 2:42 ` Wang, Jian J
0 siblings, 0 replies; 2+ messages in thread
From: Wang, Jian J @ 2020-01-06 2:42 UTC (permalink / raw)
To: Gao, Liming, devel@edk2.groups.io; +Cc: K, Pavana, Feng, Bob C
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Regards,
Jian
> -----Original Message-----
> From: Gao, Liming <liming.gao@intel.com>
> Sent: Thursday, January 02, 2020 8:30 PM
> To: devel@edk2.groups.io
> Cc: K, Pavana <pavana.k@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Feng, Bob C <bob.c.feng@intel.com>
> Subject: [PATCH 1/1] CryptoPkg: Support for SHA384 & SHA512 RSA signing
> schemes
>
> From: "Pavana.K" <pavana.k@intel.com>
>
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2389
>
> Currently RSA signing scheme support is available for MD5, SHA-1 or
> SHA-256 algorithms.The fix is to extend this support for SHA384 and
> SHA512.
>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Bob Feng <bob.c.feng@intel.com>
>
> Signed-off-by: Pavana.K <pavana.k@intel.com>
> ---
> CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c | 14 +++++++++++---
> CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c | 14 +++++++++++---
> 2 files changed, 22 insertions(+), 6 deletions(-)
>
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> index 454dbbd476d9..d24e1fdf6801 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> @@ -7,7 +7,7 @@
> 3) RsaSetKey
> 4) RsaPkcs1Verify
>
> -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -250,7 +250,7 @@ RsaSetKey (
> If RsaContext is NULL, then return FALSE.
> If MessageHash is NULL, then return FALSE.
> If Signature is NULL, then return FALSE.
> - If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then
> return FALSE.
> + If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-
> 512 digest, then return FALSE.
>
> @param[in] RsaContext Pointer to RSA context for signature verification.
> @param[in] MessageHash Pointer to octet message hash to be checked.
> @@ -288,7 +288,7 @@ RsaPkcs1Verify (
>
> //
> // Determine the message digest algorithm according to digest size.
> - // Only MD5, SHA-1 or SHA-256 algorithm is supported.
> + // Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.
> //
> switch (HashSize) {
> case MD5_DIGEST_SIZE:
> @@ -303,6 +303,14 @@ RsaPkcs1Verify (
> DigestType = NID_sha256;
> break;
>
> + case SHA384_DIGEST_SIZE:
> + DigestType = NID_sha384;
> + break;
> +
> + case SHA512_DIGEST_SIZE:
> + DigestType = NID_sha512;
> + break;
> +
> default:
> return FALSE;
> }
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> index e3dd4844c444..7cd5fecf04cb 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> @@ -7,7 +7,7 @@
> 3) RsaCheckKey
> 4) RsaPkcs1Sign
>
> -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -276,7 +276,7 @@ RsaCheckKey (
>
> If RsaContext is NULL, then return FALSE.
> If MessageHash is NULL, then return FALSE.
> - If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then
> return FALSE.
> + If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-
> 512 digest, then return FALSE.
> If SigSize is large enough but Signature is NULL, then return FALSE.
>
> @param[in] RsaContext Pointer to RSA context for signature generation.
> @@ -326,7 +326,7 @@ RsaPkcs1Sign (
>
> //
> // Determine the message digest algorithm according to digest size.
> - // Only MD5, SHA-1 or SHA-256 algorithm is supported.
> + // Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.
> //
> switch (HashSize) {
> case MD5_DIGEST_SIZE:
> @@ -341,6 +341,14 @@ RsaPkcs1Sign (
> DigestType = NID_sha256;
> break;
>
> + case SHA384_DIGEST_SIZE:
> + DigestType = NID_sha384;
> + break;
> +
> + case SHA512_DIGEST_SIZE:
> + DigestType = NID_sha512;
> + break;
> +
> default:
> return FALSE;
> }
> --
> 2.16.2.windows.1
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-01-06 2:42 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-01-02 12:30 [PATCH 1/1] CryptoPkg: Support for SHA384 & SHA512 RSA signing schemes Liming Gao
2020-01-06 2:42 ` Wang, Jian J
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox