From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 888B1AC179F for ; Tue, 19 Mar 2024 14:16:04 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=GA6jRVici4ZD7lZf08aPujxhCNIk3dDjHNqmLiLzR+8=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:msip_labels:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1710857763; v=1; b=xI8rm51CSXLTYBbUxKlcCVgMGmy7sJp5q4Xuozk/sh8nyGQHHtkuUU4eZTjlc33gj3KjS6Nv pWmvRdW7/IAVphKsaM6uW+ACeRuLEk5ugSryrN3DLokhGbRimERpN1VxgDQB/yIvQVrQGBUW3u4 9OhAKS2kZAvAj19ZPqyTaT8bblL7HMcSD+jWyqxBsGYwMH4HtOvKXCNa37l2hwSLgK7wui09X7q 5ooUYd5P8vSJzAkzajswMjxzrixgpx1YxFmrXJqYafCCxF527MDspxCbxnN2nFNjtNWuMWaqc1e D30GvQpiPm7Ge8efHtHvwfymyQKGoAU7I92PPsz8UnE9A== X-Received: by 127.0.0.2 with SMTP id BYjbYY7687511xx4NZdcTj9p; Tue, 19 Mar 2024 07:16:03 -0700 X-Received: from NAM02-BN1-obe.outbound.protection.outlook.com (NAM02-BN1-obe.outbound.protection.outlook.com [40.107.212.101]) by mx.groups.io with SMTP id smtpd.web10.16621.1710857762176368145 for ; Tue, 19 Mar 2024 07:16:02 -0700 X-Received: from IA2PR13MB6679.namprd13.prod.outlook.com (2603:10b6:208:4b6::5) by SN7PR13MB6129.namprd13.prod.outlook.com (2603:10b6:806:32d::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.30; Tue, 19 Mar 2024 14:15:58 +0000 X-Received: from IA2PR13MB6679.namprd13.prod.outlook.com ([fe80::d9fb:9a9:912:2b]) by IA2PR13MB6679.namprd13.prod.outlook.com ([fe80::d9fb:9a9:912:2b%3]) with mapi id 15.20.7386.025; Tue, 19 Mar 2024 14:15:57 +0000 From: "Chris Ruffin via groups.io" To: "Li, Yi1" , "devel@edk2.groups.io" CC: Chris Ruffin , "Yao, Jiewen" , "Hou, Wenxing" Subject: Re: [edk2-devel] [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP crypto functions Thread-Topic: [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP crypto functions Thread-Index: AQHaeX6gT+viUy0hk0GIjqPZ2Zh/B7E+aMVwgACx+7A= Date: Tue, 19 Mar 2024 14:15:57 +0000 Message-ID: References: <20240318215205.1339-1-cruffin@millcore.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_73aac80e-31e9-4bda-92c5-bc27b36bb502_ActionId=84f622f8-ffd5-4cbe-8237-fd7bfd7a5aea;MSIP_Label_73aac80e-31e9-4bda-92c5-bc27b36bb502_ContentBits=0;MSIP_Label_73aac80e-31e9-4bda-92c5-bc27b36bb502_Enabled=true;MSIP_Label_73aac80e-31e9-4bda-92c5-bc27b36bb502_Method=Standard;MSIP_Label_73aac80e-31e9-4bda-92c5-bc27b36bb502_Name=General;MSIP_Label_73aac80e-31e9-4bda-92c5-bc27b36bb502_SetDate=2024-03-19T14:08:09Z;MSIP_Label_73aac80e-31e9-4bda-92c5-bc27b36bb502_SiteId=5f93c592-e942-4789-9a70-e76f4ce01a80; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: IA2PR13MB6679:EE_|SN7PR13MB6129:EE_ x-ms-exchange-atpmessageproperties: SA x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: R6XjtLmxzVbZOzluBfooDYqdHOQVPh8cM+BGnZhFffAweo9TCyrqwm7TkCxIgKAtnlB7XrmrvspIFhXB04nckeNwSgsifwu6TUNBjH5dMOSaG+7CJZ+FwvVBkrcFCerm6pHGiT30v1qiV7VWMRpi+yhQf+1J+lBA+OSRst9R/xLqWt4mN6B7mKAMMpjBFe14maHkzs2v1j3UdR8Gupwm24CjgfTprMKkgAkIEnu5Z+v9h29+XLI0Gn9cZcVfRo0GU0f9X5MboZMiPg5HwC6kkmhzhIoAIjZUD70JBoXP5hdi4xynBJ0JDV7o/Q03+8fiI4YYdK+1Xy6UV7F3XTQioy1LDZNFyXkRmR/d5rmu5c3Wm3y3YKb6BI2HxAtozdUuBA4uV7bNdvCo7I0bYj0g5DTLucEA1bB9rAN/3zm/2H6p7UBxEacbHvnxIaKpSV0OGg5ByLkKelMk2O0YTzUSzHFA9B1UqNPOquH1FO+6vPVxkGwRHzDKRnHSfHBoOjfwL2RoETKnZHqd+d5YtzYHuiHPa4a3Jz9kxx8O303rT025cTOR5q7Jj09FNQQSACN9Qm30gehVGWgbb2j3cTsbvTHu4P9OrdSOp7z65RAW2eY= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?UmKac318Ad4jhURNVLAa6MZtJLoAsTpv/RW7rp/Q1TKW9vbYsr0FytZZm2w6?= =?us-ascii?Q?OuX+sXh8IbtrBd9NHNmIYahHiGEy0fAOb+C8jkPorrzSxWs145+DboAotU/C?= =?us-ascii?Q?oOpo/5ZfV9m9uOLNbzPr+wVaZxIHdv2mX2+SKCdVE15nCB7uJ5RUrUpz+UkO?= =?us-ascii?Q?pn1UVUoiPL0uEYwhYbQLiFSrRMO7MJgEVKz3tXkR112zWTZBN5OMBqedXe9H?= =?us-ascii?Q?VbtoJiOTITfgq8ML9KJbXtosEeuBuE/xF3LK4Y+Xc8xydmWHnnpBZy7pN4Km?= =?us-ascii?Q?chk718ufCT73xxVcu1YFG4aDT9lt2JYr1tAs/QwEPfEE/ix78Ve8zKrB3VdW?= =?us-ascii?Q?r7MDLKLqGj09rr9ttaRELD5evadhY5dvOIADDSnFoi2H2xLo+yVipx1bKp98?= =?us-ascii?Q?2/Dq5zQ/MbGLKdOCGQhgHJULkkMcQVX2HPIxIBgLLJIZAeao3kePksEoRQgn?= =?us-ascii?Q?dcZzLdygkIR5SgsFymBf8vOh2lL/l76EKzQvLdfXqAxxb21/IsOPgfQqUg0J?= =?us-ascii?Q?mXftJmojwVv6k9D58w00mwdyqe4iMuqQntvAaUoejL1HaZrCwiTcvNnPyENu?= =?us-ascii?Q?wYAsPKxXpV/pFoU7+VIsmYnNmXCcUGaqyUdbrh79YBAI7Zh1/A0C/8Vmerro?= =?us-ascii?Q?Z36A37tmKG4TKe8wke8/JZ9hjJWLlah2oUrQq46yziUOXkN59NM3Jj/YGBLq?= =?us-ascii?Q?RHn3AcXibj7MNPqBMFJZ0BpcDwzZTWH5+ixcZ26pgDknb8wA+JqQHnTn6iXo?= =?us-ascii?Q?bsDeaKkCfJTAMt0qmm6L8PxJhM5DXWxdf9XiuVSGcEvonWSjl+R5l7AHKrVq?= =?us-ascii?Q?NMGhBjlLgp9+UUmG/WNpHbJfEMwiXgLw9xa+j1O5+h/kY5H3Hfbnp5xS800Z?= =?us-ascii?Q?RYVqn1n3mRYKko3xzOgn2Ftgz9kRhmNGvZYVMLdnXe+QmrfaBF+0euF+2Zq2?= =?us-ascii?Q?JJsfvu7/6d9Tp8Mqap/Ncq+Oo7JSUejw2/FsKr/Uz3M9PMhBJkRaRJ4M7oXu?= =?us-ascii?Q?wxBEcy2efTsmrL/Yh0EjMxgdm7mRMF+8fDoPVGyZT6qNoigq6N79kn2c5oIG?= =?us-ascii?Q?yjq76Jxs5ZH+bt0FYEHjC26w/HHTOxY600B/WpRRIDHUCJDj2kcTOu/Z42cu?= =?us-ascii?Q?xiZCZtasZgJshkt1IQU4OwftW5nXr/qr5pn+J3kIsiHzWqofZSrXMOLlYtUH?= =?us-ascii?Q?G2RZkj5BwvLlevukuc4AlgnThLCEPdDZvaTbcg4MRH231NGFrNR9TokWtibq?= =?us-ascii?Q?/pWO+9tjM21Vlke84tVpBpe1BDRWZnz06mlXp2p08jF+Hfgl32txkADQzMDO?= =?us-ascii?Q?EbJLoKgylkz8g+w7lIcMvHomcX65+ap9MgE1U/d7yLpWZArNz3dokKCdW27Z?= =?us-ascii?Q?JU5BrHFBs1tyszgQO2RqNFssffA5Qylq0qafxUPNJI7aEeJ4vMaLpyNbzb/j?= =?us-ascii?Q?JWA0pORIpz7N/RcWQo8KStHGtSSTt8P0zTAEy/feYEucpEcSUWiHVdWug7X3?= =?us-ascii?Q?OmAp5gmLAjdG0CcBTpyc9ZwCqEpdB4+9nyugXXrMSwWf/vErsziSgzrTCyp1?= =?us-ascii?Q?5oJYgoWRfvZoa/RKV5ddKLd4ryCsiktImLnMhtKT?= MIME-Version: 1.0 X-OriginatorOrg: millcore.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: IA2PR13MB6679.namprd13.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6163a198-289e-4114-444a-08dc481f18da X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Mar 2024 14:15:57.7672 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5f93c592-e942-4789-9a70-e76f4ce01a80 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: jygBg+21XkNx/vToat5rgQp1/tyTA0h1g4+JK+6YAcm/B/YI4s7ggT301/7X+GOdUbg31IE16ieO8h1i/Zm00g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR13MB6129 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Tue, 19 Mar 2024 07:16:02 -0700 Reply-To: devel@edk2.groups.io,cruffin@millcore.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: Wcdu7GNMFJu4lGC2BjFE5xsux7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=xI8rm51C; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Hi Yi, thanks for your email. I created a Bugzilla ticket for this, see B= ugzilla ID #4732: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4732. T= he Pkcs1v2Encrypt() API is maintained but the implementation is refactored.= There is currently no Pkcs1v2Decrypt(), this is also a newly implemented = API but the converse of Pkcs1v2Encypt(). Pkcs1v2Encrypt() (existing) and P= kcs1v2Decrypt() (new) both take they keys from DER-encoded certificates/key= s. RsaOaepEncrypt() and RsaOaepDecrypt() both take keys from RsaContext. = The internal functions use a common ENV_PKEY. More from the Bugzilla: BasecryptLib currently only provides RSAES-OAEP encryption capability with = Pkcs1v2Encrypt() which takes as input a DER encoded x.509 certificate. A D= XE application which needs access to RSAES-OAEP encryption and decryption c= apabilities currently only has the option of statically linking OpensslLib = and using functions such as RSA_public_encrypt() and RSA_private_decrypt().= These applications would benefit from an expanded access to RSAES-OAEP en= cryption / decryption capability in BaseCryptLib so that the shared crypto = driver can be used and the applciation can be migrated away from RSA_public= _decrypt() and RSA_private_decrypt() which are deprecated in Openssl 3. There is the following challenges with migrating to BaseCryptLib interfaces= : 1) BaseCryptLib Pkcs1v2Encrypt() requires the use of an X.509 DER-encoded = certificate to pass the public key. This interface is dissimilar from the = rest of the RSA APIs in BasecryptLib. Applications that have used other RS= A APIs from BaseCryptLib for key generation and management such as RsaGener= ateKey() and RsaSetKey() will not have such a structure available. 2) BaseCryptLib currently exposes no decryption capability. This feature provides an easy migration path for drivers/applications which= need access to RSAES-OAEP encryption / decryption and that are currently u= sing an RsaContext structure to pass key components to OpensslLib. These ap= plications can be easily migrated to one of the new APIs to remove the dire= ct dependency on OpensslLib, migrate away from deprecated interfaces, take = advantage of CryptoPkg/Driver, and get BasecryptLib access to RSAES-OAEP de= cryption. Key changes proposed: InternalPkcs1v2Encrypt(): New internal-only function created from refactori= ng of Pkcs1v2Encrypt(). Takes key input from an ENV_PKEY and is used by bo= th public functions Pkcs1v2Encrypt() and RsaOaepEncrypt(). Pkcs1v2Encrypt(): has been refactored to create InternalPkcs1v2Encrypt() bu= t the public interface is maintained. RsaOaepEncrypt(): New function takes key input from an RsaContext, creates = an ENV_PKEY, and calls InternalPkcs1v2Encrypt() InternalPkcs1v2Decrypt(): New internal-only function InternalPkcs1v2Decrypt= () takes key input from an ENV_PKEY and provides the RSAES-OAEP decryption = capability to Pkcs1v2Decrypt() and RsaOaepDecrypt(). Pkcs1v2Decrypt(): New public function Pkcs1v2Decrypt() takes a DER-encoded = private key, creates an ENV_PKEY, and calls InternalPkcs1v2Decrypt() RsaOaepDecrypt(): New public function RsaOaepDecrypt() takes a pointer to R= saContext, creates an ENV_PKEY, and calls InternalPkcs1v2Decrypt() Thanks, Chris -----Original Message----- From: Li, Yi1 =20 Sent: Monday, March 18, 2024 11:52 PM To: Chris Ruffin ; devel@edk2.groups.io Cc: Chris Ruffin ; Yao, Jiewen ; Hou, Wenxing Subject: RE: [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP = crypto functions [You don't often get email from yi1.li@intel.com. Learn why this is importa= nt at https://aka.ms/LearnAboutSenderIdentification ] Hi Chris, 1. Please create a feature request BugZilla to introduce the background of = the new API, such as purpose and application scenarios. 2. I took a quick look, the new API will make Pkcs1v2De/Encrypt support Rsa= Context input and the rest is same as old API right? Regards, Yi -----Original Message----- From: Chris Ruffin Sent: Tuesday, March 19, 2024 5:52 AM To: devel@edk2.groups.io Cc: Chris Ruffin ; Yao, Jiewen ; Li, Yi1 ; Hou, Wenxing Subject: [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP cryp= to functions From: Chris Ruffin Expand the availability of the RSAEP-OAEP crypto capability in BaseCryptLib= . Applications using RSA crypto functions directly from OpensslLib can tra= nsition to BaseCryptLib to take advantage of the shared crypto feature in C= ryptoDxe. Pkcs1v2Decrypt(): decryption using DER-encoded private key RsaOaepEncrypt(): encryption using RSA contexts RsaOaepDecrypt(): decryption using RSA contexts Signed-off-by: Chris Ruffin Cc: Jiewen Yao Cc: Yi Li Cc: Wenxing Hou --- CryptoPkg/Include/Library/BaseCryptLib.h | 102 ++++ .../Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c | 506 ++++++++++++++++-- .../BaseCryptLib/Pk/CryptPkcs1OaepNull.c | 114 ++++ .../BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c | 114 ++++ 4 files changed, 789 insertions(+), 47 deletions(-) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index a52bd91ad6..7ad2bf21fe 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -2147,6 +2147,108 @@ Pkcs1v2Encrypt ( OUT UINTN *EncryptedDataSize ); +/**+ Encrypts a blob using P= KCS1v2 (RSAES-OAEP) schema. On success, will return the+ encrypted message= in a newly allocated buffer.++ Things that can cause a failure include:+ = - X509 key size does not match any known key size.+ - Fail to allocate an= intermediate buffer.+ - Null pointer provided for a non-optional paramete= r.+ - Data size is too large for the provided key size (max size is a func= tion of key size+ and hash digest size).++ @param[in] RsaContext = A pointer to an RSA context created by RsaNew() and+ = provisioned with a public key using RsaSetKey().+ @param[in= ] InData Data to be encrypted.+ @param[in] InDataSize = Size of the data buffer.+ @param[in] PrngSeed [Optional] I= f provided, a pointer to a random seed buffer+ = to be used when initializing the PRNG. NULL otherwise.+ @param[in] P= rngSeedSize [Optional] If provided, size of the random seed buffer.+= 0 otherwise.+ @param[out] EncryptedData = Pointer to an allocated buffer containing the encrypted+ = message.+ @param[out] EncryptedDataSize Size of the= encrypted message buffer.++ @retval TRUE Encryption wa= s successful.+ @retval FALSE Encryption failed.++**/+BOO= LEAN+EFIAPI+RsaOaepEncrypt (+ IN VOID *RsaContext,+ IN UINT8 = *InData,+ IN UINTN InDataSize,+ IN CONST UINT8 *PrngSe= ed OPTIONAL,+ IN UINTN PrngSeedSize OPTIONAL,+ OUT UINT8 = **EncryptedData,+ OUT UINTN *EncryptedDataSize+ );++/**+ De= crypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return th= e+ decrypted message in a newly allocated buffer.++ Things that can cause= a failure include:+ - Fail to parse private key.+ - Fail to allocate an = intermediate buffer.+ - Null pointer provided for a non-optional parameter= .++ @param[in] PrivateKey A pointer to the DER-encoded private k= ey.+ @param[in] PrivateKeySize Size of the private key buffer.+ @pa= ram[in] EncryptedData Data to be decrypted.+ @param[in] EncryptedD= ataSize Size of the encrypted buffer.+ @param[out] OutData P= ointer to an allocated buffer containing the encrypted+ = message.+ @param[out] OutDataSize Size of the encryp= ted message buffer.++ @retval TRUE Encryption was succe= ssful.+ @retval FALSE Encryption failed.++**/+BOOLEAN+EF= IAPI+Pkcs1v2Decrypt (+ IN CONST UINT8 *PrivateKey,+ IN UINTN = PrivateKeySize,+ IN UINT8 *EncryptedData,+ IN UINTN Enc= ryptedDataSize,+ OUT UINT8 **OutData,+ OUT UINTN *OutData= Size+ );++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On succ= ess, will return the+ decrypted message in a newly allocated buffer.++ Th= ings that can cause a failure include:+ - Fail to parse private key.+ - F= ail to allocate an intermediate buffer.+ - Null pointer provided for a non= -optional parameter.++ @param[in] RsaContext A pointer to an RSA= context created by RsaNew() and+ provisio= ned with a private key using RsaSetKey().+ @param[in] EncryptedData = Data to be decrypted.+ @param[in] EncryptedDataSize Size of the encryp= ted buffer.+ @param[out] OutData Pointer to an allocated buffe= r containing the encrypted+ message.+ @pa= ram[out] OutDataSize Size of the encrypted message buffer.++ @retv= al TRUE Encryption was successful.+ @retval FALSE = Encryption failed.++**/+BOOLEAN+EFIAPI+RsaOaepDecrypt (+ IN = VOID *RsaContext,+ IN UINT8 *EncryptedData,+ IN UINTN EncryptedD= ataSize,+ OUT UINT8 **OutData,+ OUT UINTN *OutDataSize+ );+ /** Th= e 3rd parameter of Pkcs7GetSigners will return all embedded X.509 certifi= cate in one given PKCS7 signature. The format is:diff --git a/CryptoPkg/Lib= rary/BaseCryptLib/Pk/CryptPkcs1Oaep.c b/CryptoPkg/Library/BaseCryptLib/Pk/C= ryptPkcs1Oaep.c index ea43c1381c..00e904dd6c 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c @@ -26,9 +26,8 @@ - Data size is too large for the provided key size (max size is a functi= on of key size and hash digest size). - @param[in] PublicKey = A pointer to the DER-encoded X509 certificate that+ @param[in] Pkey = A pointer to an EVP_PKEY struct that = will be used to encrypt the data.- @param[in] PublicKeySize = Size of the X509 cert buffer. @param[in] InData Data to be= encrypted. @param[in] InDataSize Size of the data buffer. @p= aram[in] PrngSeed [Optional] If provided, a pointer to a random= seed buffer@@ -45,9 +44,8 @@ **/ BOOLEAN EFIAPI-Pkcs1v2Encrypt (- IN CONST UINT8 *PublicKey,- IN = UINTN PublicKeySize,+InternalPkcs1v2Encrypt (+ EVP_PKEY *= Pkey, IN UINT8 *InData, IN UINTN InDataSize, IN C= ONST UINT8 *PrngSeed OPTIONAL,@@ -57,9 +55,6 @@ Pkcs1v2Encrypt ( ) { BOOLEAN Result;- CONST UINT8 *TempPointer;- X509 = *CertData;- EVP_PKEY *InternalPublicKey; EVP_PKEY_CTX *PkeyCtx; = UINT8 *OutData; UINTN OutDataSize;@@ -67,28 +62,15 @@ P= kcs1v2Encrypt ( // // Check input parameters. //- if ((PublicKey =3D=3D NULL) || (I= nData =3D=3D NULL) ||+ if ((Pkey =3D=3D NULL) || (InData =3D=3D NULL) || = (EncryptedData =3D=3D NULL) || (EncryptedDataSize =3D=3D NULL)) { = return FALSE; } - //- // Check public key size.- //- if (PublicKeyS= ize > 0xFFFFFFFF) {- //- // Public key size is too large for implemen= tation.- //- return FALSE;- }- *EncryptedData =3D NULL; *Enc= ryptedDataSize =3D 0; Result =3D FALSE;- TempPointer = =3D NULL;- CertData =3D NULL;- InternalPublicKey =3D NULL; P= keyCtx =3D NULL; OutData =3D NULL; OutDataSize = =3D 0;@@ -104,6 +86,154 @@ Pkcs1v2Encrypt ( RandomSeed (NULL, 0); } + //+ // Create a context for the public k= ey operation.+ //+ PkeyCtx =3D EVP_PKEY_CTX_new (Pkey, NULL);+ if (PkeyC= tx =3D=3D NULL) {+ //+ // Fail to create contex.+ //+ goto _Exi= t;+ }++ //+ // Initialize the context and set the desired padding.+ //+= if ((EVP_PKEY_encrypt_init (PkeyCtx) <=3D 0) ||+ (EVP_PKEY_CTX_set_r= sa_padding (PkeyCtx, RSA_PKCS1_OAEP_PADDING) <=3D 0))+ {+ //+ // Fai= l to initialize the context.+ //+ goto _Exit;+ }++ //+ // Determin= e the required buffer length for malloc'ing.+ //+ if (EVP_PKEY_encrypt (P= keyCtx, NULL, &OutDataSize, InData, InDataSize) <=3D 0) {+ //+ // Fai= l to determine output buffer size.+ //+ goto _Exit;+ }++ //+ // Al= locate a buffer for the output data.+ //+ OutData =3D AllocatePool (OutDa= taSize);+ if (OutData =3D=3D NULL) {+ //+ // Fail to allocate the ou= tput buffer.+ //+ goto _Exit;+ }++ //+ // Encrypt Data.+ //+ if = (EVP_PKEY_encrypt (PkeyCtx, OutData, &OutDataSize, InData, InDataSize) <=3D= 0) {+ //+ // Fail to encrypt data, need to free the output buffer.+ = //+ FreePool (OutData);+ OutData =3D NULL;+ OutDataSize =3D= 0;+ goto _Exit;+ }++ //+ // Encrypt done.+ //+ *EncryptedData = =3D OutData;+ *EncryptedDataSize =3D OutDataSize;+ Result =3D= TRUE;++_Exit:+ //+ // Release Resources+ //+ if (PkeyCtx !=3D NULL) {+= EVP_PKEY_CTX_free (PkeyCtx);+ }++ return Result;+}++/**+ Encrypts a = blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the+ encry= pted message in a newly allocated buffer.++ Things that can cause a failur= e include:+ - X509 key size does not match any known key size.+ - Fail to= parse X509 certificate.+ - Fail to allocate an intermediate buffer.+ - N= ull pointer provided for a non-optional parameter.+ - Data size is too lar= ge for the provided key size (max size is a function of key size+ and ha= sh digest size).++ @param[in] PublicKey A pointer to the DER-en= coded X509 certificate that+ will be used = to encrypt the data.+ @param[in] PublicKeySize Size of the X509 cer= t buffer.+ @param[in] InData Data to be encrypted.+ @param[= in] InDataSize Size of the data buffer.+ @param[in] PrngSeed = [Optional] If provided, a pointer to a random seed buffer+ = to be used when initializing the PRNG. NULL other= wise.+ @param[in] PrngSeedSize [Optional] If provided, size of the= random seed buffer.+ 0 otherwise.+ @para= m[out] EncryptedData Pointer to an allocated buffer containing the en= crypted+ message.+ @param[out] EncryptedD= ataSize Size of the encrypted message buffer.++ @retval TRUE = Encryption was successful.+ @retval FALSE Encryp= tion failed.++**/+BOOLEAN+EFIAPI+Pkcs1v2Encrypt (+ IN CONST UINT8 *Publ= icKey,+ IN UINTN PublicKeySize,+ IN UINT8 *InData,+ IN= UINTN InDataSize,+ IN CONST UINT8 *PrngSeed OPTIONAL,+ IN = UINTN PrngSeedSize OPTIONAL,+ OUT UINT8 **EncryptedData= ,+ OUT UINTN *EncryptedDataSize+ )+{+ BOOLEAN Result;+ CON= ST UINT8 *TempPointer;+ X509 *CertData;+ EVP_PKEY *Pkey;++ = //+ // Check input parameters.+ //+ if ((PublicKey =3D=3D NULL) || (InDa= ta =3D=3D NULL) ||+ (EncryptedData =3D=3D NULL) || (EncryptedDataSize = =3D=3D NULL))+ {+ return FALSE;+ }++ //+ // Check public key size.+ = //+ if (PublicKeySize > 0xFFFFFFFF) {+ //+ // Public key size is to= o large for implementation.+ //+ return FALSE;+ }++ *EncryptedData = =3D NULL;+ *EncryptedDataSize =3D 0;+ Result =3D FALSE;+ = TempPointer =3D NULL;+ CertData =3D NULL;+ Pkey = =3D NULL;+ // // Parse the X509 cert and extract the public key.= //@@ -120,52 +250,201 @@ Pkcs1v2Encrypt ( // Extract the public key from the x509 cert in a format that // OpenS= SL can use. //- InternalPublicKey =3D X509_get_pubkey (CertData);- if (= InternalPublicKey =3D=3D NULL) {+ Pkey =3D X509_get_pubkey (CertData);+ i= f (Pkey =3D=3D NULL) { // // Fail to extract public key. // = goto _Exit; } + Result =3D InternalPkcs1v2Encrypt (Pkey, InData, InData= Size, PrngSeed, PrngSeedSize, EncryptedData, EncryptedDataSize);++_Exit: = //- // Create a context for the public key operation.+ // Release Resourc= es+ //+ if (CertData !=3D NULL) {+ X509_free (CertData);+ }++ if (Pk= ey !=3D NULL) {+ EVP_PKEY_free (Pkey);+ }++ return Result;+}++/**+ En= crypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return th= e+ encrypted message in a newly allocated buffer.++ Things that can cause= a failure include:+ - X509 key size does not match any known key size.+ = - Fail to allocate an intermediate buffer.+ - Null pointer provided for a = non-optional parameter.+ - Data size is too large for the provided key siz= e (max size is a function of key size+ and hash digest size).++ @param[= in] RsaContext A pointer to an RSA context created by RsaNew() an= d+ provisioned with a public key using Rsa= SetKey().+ @param[in] InData Data to be encrypted.+ @param[= in] InDataSize Size of the data buffer.+ @param[in] PrngSeed = [Optional] If provided, a pointer to a random seed buffer+ = to be used when initializing the PRNG. NULL other= wise.+ @param[in] PrngSeedSize [Optional] If provided, size of the= random seed buffer.+ 0 otherwise.+ @para= m[out] EncryptedData Pointer to an allocated buffer containing the en= crypted+ message.+ @param[out] EncryptedD= ataSize Size of the encrypted message buffer.++ @retval TRUE = Encryption was successful.+ @retval FALSE Encryp= tion failed.++**/+BOOLEAN+EFIAPI+RsaOaepEncrypt (+ IN VOID *RsaC= ontext,+ IN UINT8 *InData,+ IN UINTN InDataSize,+ IN = CONST UINT8 *PrngSeed OPTIONAL,+ IN UINTN PrngSeedSize OPTI= ONAL,+ OUT UINT8 **EncryptedData,+ OUT UINTN *EncryptedDa= taSize+ )+{+ BOOLEAN Result;+ EVP_PKEY *Pkey;+ //- PkeyCtx =3D EVP= _PKEY_CTX_new (InternalPublicKey, NULL);+ // Check input parameters.+ //+= if (((RsaContext =3D=3D NULL) || (InData =3D=3D NULL)) ||+ (Encrypte= dData =3D=3D NULL) || (EncryptedDataSize =3D=3D NULL))+ {+ return FALSE= ;+ }++ *EncryptedData =3D NULL;+ *EncryptedDataSize =3D 0;+ Result = =3D FALSE;+ Pkey =3D NULL;++ Pkey =3D EVP_PKEY_= new ();+ if (Pkey =3D=3D NULL) {+ goto _Exit;+ }++ if (EVP_PKEY_set1_= RSA (Pkey, (RSA *)RsaContext) =3D=3D 0) {+ goto _Exit;+ }++ Result =3D= InternalPkcs1v2Encrypt (Pkey, InData, InDataSize, PrngSeed, PrngSeedSize, = EncryptedData, EncryptedDataSize);++_Exit:+ //+ // Release Resources+ //= + if (Pkey !=3D NULL) {+ EVP_PKEY_free (Pkey);+ }++ return Result;+}+= +/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will = return the+ decrypted message in a newly allocated buffer.++ Things that = can cause a failure include:+ - Fail to parse private key.+ - Fail to all= ocate an intermediate buffer.+ - Null pointer provided for a non-optional = parameter.++ @param[in] Pkey A pointer to an EVP_PKEY whic= h will decrypt that data.+ @param[in] EncryptedData Data to be decr= ypted.+ @param[in] EncryptedDataSize Size of the encrypted buffer.+ @p= aram[out] OutData Pointer to an allocated buffer containing the= encrypted+ message.+ @param[out] OutData= Size Size of the encrypted message buffer.++ @retval TRUE = Encryption was successful.+ @retval FALSE Enc= ryption failed.++**/+BOOLEAN+EFIAPI+InternalPkcs1v2Decrypt (+ EVP_PKEY = *Pkey,+ IN UINT8 *EncryptedData,+ IN UINTN EncryptedDataSize,+ OUT= UINT8 **OutData,+ OUT UINTN *OutDataSize+ )+{+ BOOLEAN Result= ;+ EVP_PKEY_CTX *PkeyCtx;+ UINT8 *TempData;+ UINTN Temp= DataSize;+ INTN ReturnCode;++ //+ // Check input parameters.+ = //+ if ((Pkey =3D=3D NULL) || (EncryptedData =3D=3D NULL) ||+ (OutDat= a =3D=3D NULL) || (OutDataSize =3D=3D NULL))+ {+ return FALSE;+ }++ R= esult =3D FALSE;+ PkeyCtx =3D NULL;+ TempData =3D NULL;+ = TempDataSize =3D 0;++ //+ // Create a context for the decryption operatio= n.+ //+ PkeyCtx =3D EVP_PKEY_CTX_new (Pkey, NULL); if (PkeyCtx =3D=3D N= ULL) { // // Fail to create contex. //+ DEBUG ((DEBUG_ERROR,= "[%a] EVP_PKEY_CTK_new() failed\n", __func__)); goto _Exit; } // = // Initialize the context and set the desired padding. //- if ((EVP_PK= EY_encrypt_init (PkeyCtx) <=3D 0) ||+ if ((EVP_PKEY_decrypt_init (PkeyCtx)= <=3D 0) || (EVP_PKEY_CTX_set_rsa_padding (PkeyCtx, RSA_PKCS1_OAEP_PA= DDING) <=3D 0)) { // // Fail to initialize the context. //+ = DEBUG ((DEBUG_ERROR, "[%a] EVP_PKEY_decrypt_init() failed\n", __func__));= goto _Exit; } // // Determine the required buffer length for ma= lloc'ing. //- if (EVP_PKEY_encrypt (PkeyCtx, NULL, &OutDataSize, InData,= InDataSize) <=3D 0) {+ ReturnCode =3D EVP_PKEY_decrypt (PkeyCtx, NULL, &T= empDataSize, EncryptedData, EncryptedDataSize);+ if (ReturnCode <=3D 0) { = // // Fail to determine output buffer size. //+ DEBUG ((DEBU= G_ERROR, "[%a] EVP_PKEY_decrypt() failed to determine output buffer size (r= c=3D%d)\n", __func__, ReturnCode)); goto _Exit; } // // Allocate= a buffer for the output data. //- OutData =3D AllocatePool (OutDataSize= );- if (OutData =3D=3D NULL) {+ TempData =3D AllocatePool (TempDataSize);= + if (TempData =3D=3D NULL) { // // Fail to allocate the output bu= ffer. //@@ -173,39 +452,172 @@ Pkcs1v2Encrypt ( } //- // Encrypt Data.+ // Decrypt Data. //- if (EVP_PKEY_encryp= t (PkeyCtx, OutData, &OutDataSize, InData, InDataSize) <=3D 0) {+ ReturnCo= de =3D EVP_PKEY_decrypt (PkeyCtx, TempData, &TempDataSize, EncryptedData, E= ncryptedDataSize);+ if (ReturnCode <=3D 0) { //- // Fail to encrypt= data, need to free the output buffer.+ // Fail to decrypt data, need to= free the output buffer. //- FreePool (OutData);- OutData =3D= NULL;- OutDataSize =3D 0;+ FreePool (TempData);+ TempData =3D= NULL;+ TempDataSize =3D 0;++ DEBUG ((DEBUG_ERROR, "[%a] EVP_PKEY_dec= rypt(TempData) failed to decrypt (rc=3D%d)\n", __func__, ReturnCode)); = goto _Exit; } //- // Encrypt done.+ // Decrypt done. //- *Encrypt= edData =3D OutData;- *EncryptedDataSize =3D OutDataSize;- Result = =3D TRUE;+ *OutData =3D TempData;+ *OutDataSize =3D TempDataS= ize;+ Result =3D TRUE; _Exit:+ if (PkeyCtx !=3D NULL) {+ EVP_PK= EY_CTX_free (PkeyCtx);+ }++ return Result;+}++/**+ Decrypts a blob using= PKCS1v2 (RSAES-OAEP) schema. On success, will return the+ decrypted messa= ge in a newly allocated buffer.++ Things that can cause a failure include:= + - Fail to parse private key.+ - Fail to allocate an intermediate buffer= .+ - Null pointer provided for a non-optional parameter.++ @param[in] Pr= ivateKey A pointer to the DER-encoded private key.+ @param[in] P= rivateKeySize Size of the private key buffer.+ @param[in] EncryptedD= ata Data to be decrypted.+ @param[in] EncryptedDataSize Size of t= he encrypted buffer.+ @param[out] OutData Pointer to an alloca= ted buffer containing the encrypted+ messa= ge.+ @param[out] OutDataSize Size of the encrypted message buffer.= ++ @retval TRUE Encryption was successful.+ @retval = FALSE Encryption failed.++**/+BOOLEAN+EFIAPI+Pkcs1v2Decrypt= (+ IN CONST UINT8 *PrivateKey,+ IN UINTN PrivateKeySize,+ I= N UINT8 *EncryptedData,+ IN UINTN EncryptedDataSize,+ O= UT UINT8 **OutData,+ OUT UINTN *OutDataSize+ )+{+ BOOLEA= N Result;+ EVP_PKEY *Pkey;+ CONST UINT8 *TempPointer;+ //- /= / Release Resources+ // Check input parameters. //- if (CertData !=3D N= ULL) {- X509_free (CertData);+ if ((PrivateKey =3D=3D NULL) || (Encrypt= edData =3D=3D NULL) ||+ (OutData =3D=3D NULL) || (OutDataSize =3D=3D N= ULL))+ {+ return FALSE;+ }++ Result =3D FALSE;+ Pkey =3D= NULL;+ TempPointer =3D NULL;++ //+ // Parse the private key.+ //+ Tem= pPointer =3D PrivateKey;+ Pkey =3D d2i_PrivateKey (EVP_PKEY_RSA, &P= key, &TempPointer, (UINT32)PrivateKeySize);+ if (Pkey =3D=3D NULL) {+ /= /+ // Fail to parse private key.+ //+ DEBUG ((DEBUG_ERROR, "[%a] d= 2i_PrivateKey() failed\n", __func__));+ goto _Exit; } - if (InternalP= ublicKey !=3D NULL) {- EVP_PKEY_free (InternalPublicKey);+ Result =3D I= nternalPkcs1v2Decrypt (Pkey, EncryptedData, EncryptedDataSize, OutData, Out= DataSize);++_Exit:+ if (Pkey !=3D NULL) {+ EVP_PKEY_free (Pkey); } - = if (PkeyCtx !=3D NULL) {- EVP_PKEY_CTX_free (PkeyCtx);+ return Result;= +}++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, wi= ll return the+ decrypted message in a newly allocated buffer.++ Things th= at can cause a failure include:+ - Fail to parse private key.+ - Fail to = allocate an intermediate buffer.+ - Null pointer provided for a non-option= al parameter.++ @param[in] RsaContext A pointer to an RSA contex= t created by RsaNew() and+ provisioned wit= h a private key using RsaSetKey().+ @param[in] EncryptedData Data t= o be decrypted.+ @param[in] EncryptedDataSize Size of the encrypted buf= fer.+ @param[out] OutData Pointer to an allocated buffer conta= ining the encrypted+ message.+ @param[out= ] OutDataSize Size of the encrypted message buffer.++ @retval = TRUE Encryption was successful.+ @retval FALSE = Encryption failed.++**/+BOOLEAN+EFIAPI+RsaOaepDecrypt (+ IN VOID = *RsaContext,+ IN UINT8 *EncryptedData,+ IN UINTN EncryptedDataSize= ,+ OUT UINT8 **OutData,+ OUT UINTN *OutDataSize+ )+{+ BOOLEAN Res= ult;+ EVP_PKEY *Pkey;++ //+ // Check input parameters.+ //+ if ((RsaC= ontext =3D=3D NULL) || (EncryptedData =3D=3D NULL) ||+ (OutData =3D=3D= NULL) || (OutDataSize =3D=3D NULL))+ {+ return FALSE;+ }++ Result = =3D FALSE;+ Pkey =3D NULL;++ //+ // Create a context for the decryptio= n operation.+ //++ Pkey =3D EVP_PKEY_new ();+ if (Pkey =3D=3D NULL) {+ = goto _Exit;+ }++ if (EVP_PKEY_set1_RSA (Pkey, (RSA *)RsaContext) =3D=3D= 0) {+ goto _Exit;+ }++ Result =3D InternalPkcs1v2Decrypt (Pkey, Encry= ptedData, EncryptedDataSize, OutData, OutDataSize);++_Exit:+ if (Pkey !=3D= NULL) {+ EVP_PKEY_free (Pkey); } return Result;diff --git a/Crypto= Pkg/Library/BaseCryptLib/Pk/CryptPkcs1OaepNull.c b/CryptoPkg/Library/BaseCr= yptLib/Pk/CryptPkcs1OaepNull.c index 36508947c5..05e074d18e 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1OaepNull.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1OaepNull.c @@ -48,3 +48,117 @@ Pkcs1v2Encrypt ( ASSERT (FALSE); return FALSE; }++/**+ Encrypts a blob using PKCS1v2 (= RSAES-OAEP) schema. On success, will return the+ encrypted message in a ne= wly allocated buffer.++ Things that can cause a failure include:+ - X509 = key size does not match any known key size.+ - Fail to allocate an interme= diate buffer.+ - Null pointer provided for a non-optional parameter.+ - D= ata size is too large for the provided key size (max size is a function of = key size+ and hash digest size).++ @param[in] RsaContext A po= inter to an RSA context created by RsaNew() and+ = provisioned with a public key using RsaSetKey().+ @param[in] InDat= a Data to be encrypted.+ @param[in] InDataSize Size= of the data buffer.+ @param[in] PrngSeed [Optional] If provid= ed, a pointer to a random seed buffer+ to = be used when initializing the PRNG. NULL otherwise.+ @param[in] PrngSeedS= ize [Optional] If provided, size of the random seed buffer.+ = 0 otherwise.+ @param[out] EncryptedData Po= inter to an allocated buffer containing the encrypted+ = message.+ @param[out] EncryptedDataSize Size of the encrypt= ed message buffer.++ @retval TRUE Encryption was succes= sful.+ @retval FALSE Encryption failed.++**/+BOOLEAN+EFI= API+RsaOaepEncrypt (+ IN VOID *RsaContext,+ IN UINT8 *= InData,+ IN UINTN InDataSize,+ IN CONST UINT8 *PrngSeed OPT= IONAL,+ IN UINTN PrngSeedSize OPTIONAL,+ OUT UINT8 **E= ncryptedData,+ OUT UINTN *EncryptedDataSize+ )+{+ ASSERT (FALSE)= ;+ return FALSE;+}++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schem= a. On success, will return the+ decrypted message in a newly allocated buf= fer.++ Things that can cause a failure include:+ - Fail to parse private = key.+ - Fail to allocate an intermediate buffer.+ - Null pointer provided= for a non-optional parameter.++ @param[in] PrivateKey A pointer= to the DER-encoded private key.+ @param[in] PrivateKeySize Size of = the private key buffer.+ @param[in] EncryptedData Data to be decryp= ted.+ @param[in] EncryptedDataSize Size of the encrypted buffer.+ @par= am[out] OutData Pointer to an allocated buffer containing the e= ncrypted+ message.+ @param[out] OutDataSi= ze Size of the encrypted message buffer.++ @retval TRUE = Encryption was successful.+ @retval FALSE Encry= ption failed.++**/+BOOLEAN+EFIAPI+Pkcs1v2Decrypt (+ IN CONST UINT8 *Pri= vateKey,+ IN UINTN PrivateKeySize,+ IN UINT8 *Encrypted= Data,+ IN UINTN EncryptedDataSize,+ OUT UINT8 **OutData,= + OUT UINTN *OutDataSize+ )+{+ ASSERT (FALSE);+ return FALSE;+}= ++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will= return the+ decrypted message in a newly allocated buffer.++ Things that= can cause a failure include:+ - Fail to parse private key.+ - Fail to al= locate an intermediate buffer.+ - Null pointer provided for a non-optional= parameter.++ @param[in] RsaContext A pointer to an RSA context = created by RsaNew() and+ provisioned with = a private key using RsaSetKey().+ @param[in] EncryptedData Data to = be decrypted.+ @param[in] EncryptedDataSize Size of the encrypted buffe= r.+ @param[out] OutData Pointer to an allocated buffer contain= ing the encrypted+ message.+ @param[out] = OutDataSize Size of the encrypted message buffer.++ @retval TR= UE Encryption was successful.+ @retval FALSE = Encryption failed.++**/+BOOLEAN+EFIAPI+RsaOaepDecrypt (+ IN VOID *= RsaContext,+ IN UINT8 *EncryptedData,+ IN UINTN EncryptedDataSize,+= OUT UINT8 **OutData,+ OUT UINTN *OutDataSize+ )+{+ ASSERT (FALSE);= + return FALSE;+}diff --git a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptP= kcs1OaepNull.c b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c index 36508947c5..05e074d18e 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c @@ -48,3 +48,117 @@ Pkcs1v2Encrypt ( ASSERT (FALSE); return FALSE; }++/**+ Encrypts a blob using PKCS1v2 (= RSAES-OAEP) schema. On success, will return the+ encrypted message in a ne= wly allocated buffer.++ Things that can cause a failure include:+ - X509 = key size does not match any known key size.+ - Fail to allocate an interme= diate buffer.+ - Null pointer provided for a non-optional parameter.+ - D= ata size is too large for the provided key size (max size is a function of = key size+ and hash digest size).++ @param[in] RsaContext A po= inter to an RSA context created by RsaNew() and+ = provisioned with a public key using RsaSetKey().+ @param[in] InDat= a Data to be encrypted.+ @param[in] InDataSize Size= of the data buffer.+ @param[in] PrngSeed [Optional] If provid= ed, a pointer to a random seed buffer+ to = be used when initializing the PRNG. NULL otherwise.+ @param[in] PrngSeedS= ize [Optional] If provided, size of the random seed buffer.+ = 0 otherwise.+ @param[out] EncryptedData Po= inter to an allocated buffer containing the encrypted+ = message.+ @param[out] EncryptedDataSize Size of the encrypt= ed message buffer.++ @retval TRUE Encryption was succes= sful.+ @retval FALSE Encryption failed.++**/+BOOLEAN+EFI= API+RsaOaepEncrypt (+ IN VOID *RsaContext,+ IN UINT8 *= InData,+ IN UINTN InDataSize,+ IN CONST UINT8 *PrngSeed OPT= IONAL,+ IN UINTN PrngSeedSize OPTIONAL,+ OUT UINT8 **E= ncryptedData,+ OUT UINTN *EncryptedDataSize+ )+{+ ASSERT (FALSE)= ;+ return FALSE;+}++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schem= a. On success, will return the+ decrypted message in a newly allocated buf= fer.++ Things that can cause a failure include:+ - Fail to parse private = key.+ - Fail to allocate an intermediate buffer.+ - Null pointer provided= for a non-optional parameter.++ @param[in] PrivateKey A pointer= to the DER-encoded private key.+ @param[in] PrivateKeySize Size of = the private key buffer.+ @param[in] EncryptedData Data to be decryp= ted.+ @param[in] EncryptedDataSize Size of the encrypted buffer.+ @par= am[out] OutData Pointer to an allocated buffer containing the e= ncrypted+ message.+ @param[out] OutDataSi= ze Size of the encrypted message buffer.++ @retval TRUE = Encryption was successful.+ @retval FALSE Encry= ption failed.++**/+BOOLEAN+EFIAPI+Pkcs1v2Decrypt (+ IN CONST UINT8 *Pri= vateKey,+ IN UINTN PrivateKeySize,+ IN UINT8 *Encrypted= Data,+ IN UINTN EncryptedDataSize,+ OUT UINT8 **OutData,= + OUT UINTN *OutDataSize+ )+{+ ASSERT (FALSE);+ return FALSE;+}= ++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will= return the+ decrypted message in a newly allocated buffer.++ Things that= can cause a failure include:+ - Fail to parse private key.+ - Fail to al= locate an intermediate buffer.+ - Null pointer provided for a non-optional= parameter.++ @param[in] RsaContext A pointer to an RSA context = created by RsaNew() and+ provisioned with = a private key using RsaSetKey().+ @param[in] EncryptedData Data to = be decrypted.+ @param[in] EncryptedDataSize Size of the encrypted buffe= r.+ @param[out] OutData Pointer to an allocated buffer contain= ing the encrypted+ message.+ @param[out] = OutDataSize Size of the encrypted message buffer.++ @retval TR= UE Encryption was successful.+ @retval FALSE = Encryption failed.++**/+BOOLEAN+EFIAPI+RsaOaepDecrypt (+ IN VOID *= RsaContext,+ IN UINT8 *EncryptedData,+ IN UINTN EncryptedDataSize,+= OUT UINT8 **OutData,+ OUT UINTN *OutDataSize+ )+{+ ASSERT (FALSE);= + return FALSE;+}-- 2.44.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116900): https://edk2.groups.io/g/devel/message/116900 Mute This Topic: https://groups.io/mt/105014749/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-