From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga02.intel.com (mga02.intel.com [134.134.136.20])
 by mx.groups.io with SMTP id smtpd.web11.753.1578278535838862488
 for <devel@edk2.groups.io>;
 Sun, 05 Jan 2020 18:42:15 -0800
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.20, mailfrom: jian.j.wang@intel.com)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
  by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Jan 2020 18:42:15 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.69,400,1571727600"; 
   d="scan'208";a="253205555"
Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202])
  by fmsmga002.fm.intel.com with ESMTP; 05 Jan 2020 18:42:15 -0800
Received: from fmsmsx602.amr.corp.intel.com (10.18.126.82) by
 fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Sun, 5 Jan 2020 18:42:14 -0800
Received: from fmsmsx602.amr.corp.intel.com (10.18.126.82) by
 fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.1713.5; Sun, 5 Jan 2020 18:42:14 -0800
Received: from shsmsx105.ccr.corp.intel.com (10.239.4.158) by
 fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5
 via Frontend Transport; Sun, 5 Jan 2020 18:42:14 -0800
Received: from shsmsx107.ccr.corp.intel.com ([169.254.9.210]) by
 SHSMSX105.ccr.corp.intel.com ([169.254.11.28]) with mapi id 14.03.0439.000;
 Mon, 6 Jan 2020 10:42:12 +0800
From: "Wang, Jian J" <jian.j.wang@intel.com>
To: "Gao, Liming" <liming.gao@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "K, Pavana" <pavana.k@intel.com>, "Feng, Bob C" <bob.c.feng@intel.com>
Subject: Re: [PATCH 1/1] CryptoPkg: Support for SHA384 & SHA512 RSA signing schemes
Thread-Topic: [PATCH 1/1] CryptoPkg: Support for SHA384 & SHA512 RSA signing
 schemes
Thread-Index: AQHVwWhtZlJM5oyqR06aaUQ7w5lJXKfc8ufg
Date: Mon, 6 Jan 2020 02:42:12 +0000
Message-ID: <D827630B58408649ACB04F44C5100036259EA630@SHSMSX107.ccr.corp.intel.com>
References: <20200102123027.15412-1-liming.gao@intel.com>
In-Reply-To: <20200102123027.15412-1-liming.gao@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMTNkMDc5ZDAtZWEzNC00YjljLTlhMTAtZWRkYTgyODYzNWQ1IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiZWptUW00QnpZZFlGTGlLVW8xMzhJaFl5cEs5V1Z4cDZnc1JERER0Sm42czhkbE9hb0djd2M4QjhsZXdqRG1CZCJ9
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Return-Path: jian.j.wang@intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


Reviewed-by: Jian J Wang <jian.j.wang@intel.com>

Regards,
Jian

> -----Original Message-----
> From: Gao, Liming <liming.gao@intel.com>
> Sent: Thursday, January 02, 2020 8:30 PM
> To: devel@edk2.groups.io
> Cc: K, Pavana <pavana.k@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Feng, Bob C <bob.c.feng@intel.com>
> Subject: [PATCH 1/1] CryptoPkg: Support for SHA384 & SHA512 RSA signing
> schemes
>=20
> From: "Pavana.K" <pavana.k@intel.com>
>=20
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2389
>=20
> Currently RSA signing scheme support is available for MD5, SHA-1 or
> SHA-256 algorithms.The fix is to extend this support for SHA384 and
> SHA512.
>=20
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Bob Feng <bob.c.feng@intel.com>
>=20
> Signed-off-by: Pavana.K <pavana.k@intel.com>
> ---
>  CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c | 14 +++++++++++---
>  CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c   | 14 +++++++++++---
>  2 files changed, 22 insertions(+), 6 deletions(-)
>=20
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> index 454dbbd476d9..d24e1fdf6801 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
> @@ -7,7 +7,7 @@
>    3) RsaSetKey
>    4) RsaPkcs1Verify
>=20
> -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
>  SPDX-License-Identifier: BSD-2-Clause-Patent
>=20
>  **/
> @@ -250,7 +250,7 @@ RsaSetKey (
>    If RsaContext is NULL, then return FALSE.
>    If MessageHash is NULL, then return FALSE.
>    If Signature is NULL, then return FALSE.
> -  If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, =
then
> return FALSE.
> +  If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 o=
r SHA-
> 512 digest, then return FALSE.
>=20
>    @param[in]  RsaContext   Pointer to RSA context for signature verifica=
tion.
>    @param[in]  MessageHash  Pointer to octet message hash to be checked.
> @@ -288,7 +288,7 @@ RsaPkcs1Verify (
>=20
>    //
>    // Determine the message digest algorithm according to digest size.
> -  //   Only MD5, SHA-1 or SHA-256 algorithm is supported.
> +  //   Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is support=
ed.
>    //
>    switch (HashSize) {
>    case MD5_DIGEST_SIZE:
> @@ -303,6 +303,14 @@ RsaPkcs1Verify (
>      DigestType =3D NID_sha256;
>      break;
>=20
> +  case SHA384_DIGEST_SIZE:
> +    DigestType =3D NID_sha384;
> +    break;
> +
> +  case SHA512_DIGEST_SIZE:
> +    DigestType =3D NID_sha512;
> +    break;
> +
>    default:
>      return FALSE;
>    }
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> index e3dd4844c444..7cd5fecf04cb 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
> @@ -7,7 +7,7 @@
>    3) RsaCheckKey
>    4) RsaPkcs1Sign
>=20
> -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
>  SPDX-License-Identifier: BSD-2-Clause-Patent
>=20
>  **/
> @@ -276,7 +276,7 @@ RsaCheckKey (
>=20
>    If RsaContext is NULL, then return FALSE.
>    If MessageHash is NULL, then return FALSE.
> -  If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, =
then
> return FALSE.
> +  If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 o=
r SHA-
> 512 digest, then return FALSE.
>    If SigSize is large enough but Signature is NULL, then return FALSE.
>=20
>    @param[in]       RsaContext   Pointer to RSA context for signature gen=
eration.
> @@ -326,7 +326,7 @@ RsaPkcs1Sign (
>=20
>    //
>    // Determine the message digest algorithm according to digest size.
> -  //   Only MD5, SHA-1 or SHA-256 algorithm is supported.
> +  //   Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is support=
ed.
>    //
>    switch (HashSize) {
>    case MD5_DIGEST_SIZE:
> @@ -341,6 +341,14 @@ RsaPkcs1Sign (
>      DigestType =3D NID_sha256;
>      break;
>=20
> +  case SHA384_DIGEST_SIZE:
> +    DigestType =3D NID_sha384;
> +    break;
> +
> +  case SHA512_DIGEST_SIZE:
> +    DigestType =3D NID_sha512;
> +    break;
> +
>    default:
>      return FALSE;
>    }
> --
> 2.16.2.windows.1