From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web11.7081.1618903153306059397 for ; Tue, 20 Apr 2021 00:19:13 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=Sl3Ea7HT; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: sachin.agrawal@intel.com) IronPort-SDR: qNDXMnoxvs5nelWxkX9AoHCruGvRcLEcIPCmqIyFqx9n2DnVz03fmTYBAmAWoJkJRv+NN6bskz /prvMJimM8JA== X-IronPort-AV: E=McAfee;i="6200,9189,9959"; a="174944399" X-IronPort-AV: E=Sophos;i="5.82,236,1613462400"; d="scan'208";a="174944399" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Apr 2021 00:19:12 -0700 IronPort-SDR: DWUFpvFE7IRjJ1QY1cRh7hzN3IKTNaGSC6jfBVTSiTu5FFTTHeNCDekvolhxuJvM60oUd+5Ye2 5OmyzSnO3bwg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,236,1613462400"; d="scan'208";a="400905417" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by orsmga002.jf.intel.com with ESMTP; 20 Apr 2021 00:19:12 -0700 Received: from fmsmsx605.amr.corp.intel.com (10.18.126.85) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Tue, 20 Apr 2021 00:19:11 -0700 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx605.amr.corp.intel.com (10.18.126.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2 via Frontend Transport; Tue, 20 Apr 2021 00:19:11 -0700 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.104) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2106.2; Tue, 20 Apr 2021 00:18:47 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aYo29n64DXnDULZ0HLiXd7MCuoSqnwWdthBHTkq5zJwfus+A+oLNwNlJB3mPAwVC8BO3JgKHh6xtEd+zPmgKbaqyBGZHYtmhmy1qsdOblrruytoN1v1H+zmwigYbtaHURiAeB0EVMvgKLX41ah/WrUvaiTEOjQh/WASDY0E/GZDBCeEEAbN7ogMMMzMTzs2JN1NiNG/njupc94tvIFd8MUsAXw5Q3/5TliD6aPo7uC/esklDHxcmt0oc2B/LSwzJ0RThoSfZ7F0aDpEGgRhGZWwC7CAWJXjjQKvMAB4R9m19eOzcsJ+0jYo9G2QOLdfi3VmCfZ+cMqsXsoC5O1NjeA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UjJL7ndGikar87jeJlIyacokitzGewLKeIkrkXMUPQ0=; b=g3l6Dl1vrhAsIW6rm3cXcCyOBfLUAsCp6F/2FIDK8th49G8PuSls/ccUUFnj80jLQqXDY+L6kASSF1LZc6piHJld82gcpp/WJHmOa5YuVUb28f9HKxdKMmbPn+t0FKtpnbrDvG33LNOF67DRjfyUgCfQdTqf0JQDmQ+uzcY8UcT0A08IwK5z8lwGKDsKKksaWyhQZec58BatjH+JKBRuc3NxVe0XpljbiZSxUuiU53njcxk/LD9yGckCyMnCHoWzPltLcL6qe8S46/p0Pg3dioYZQjyDocwQFETVYvSbBVO1kNvOo5nv0BuyCrKbBlh+32f9MC1R6M5ABT16d/Zypg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UjJL7ndGikar87jeJlIyacokitzGewLKeIkrkXMUPQ0=; b=Sl3Ea7HTuZYIjMQZmqjWiYkFJL1G+gEBIL13G5pyoVaq/7sFfZ6FzKoZRSz9UxgP6D/EvuFGc4/vMCho2/M6VJBQ4fQUKJbS81dQPdYKAxATy4/3NO5zZ371d3YIuTla1JiKj/Hq/V+XW983XFzqZL/Z/eN98NCnSrxt4wv9UqY= Received: from MW3PR11MB4617.namprd11.prod.outlook.com (2603:10b6:303:59::24) by MWHPR1101MB2333.namprd11.prod.outlook.com (2603:10b6:300:70::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4042.18; Tue, 20 Apr 2021 07:18:46 +0000 Received: from MW3PR11MB4617.namprd11.prod.outlook.com ([fe80::6482:bc29:8a4e:2b26]) by MW3PR11MB4617.namprd11.prod.outlook.com ([fe80::6482:bc29:8a4e:2b26%5]) with mapi id 15.20.4042.024; Tue, 20 Apr 2021 07:18:46 +0000 From: "Agrawal, Sachin" To: "Yao, Jiewen" , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Lu, XiaoyuX" , "Jiang, Guomin" Subject: Re: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Add RSA PSS verify support Thread-Topic: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Add RSA PSS verify support Thread-Index: AQHXNYkmert4u91dZEiqg6QHTrh+y6q8rvcAgAA12YA= Date: Tue, 20 Apr 2021 07:18:46 +0000 Message-ID: References: <20210420020150.29212-1-sachin.agrawal@intel.com> <20210420020150.29212-2-sachin.agrawal@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.5.1.3 authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [73.240.103.37] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 7a2bbbb0-c811-4a78-3d3b-08d903cc8970 x-ms-traffictypediagnostic: MWHPR1101MB2333: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 2BpJnuUrmywu54dVJ6hDzddgCRJVBymKFFfUnw8WKdxXvnZymkeiwAWfo0btyzMduocPa5VNzhpaSaSbuwlDlxuRErSsgWgOB6qeU6tqIM9rsxjsfBzfWSEmxHGiTDHDvSatEevmAM7udB7QUdNj1DEOyG/XEcrRSzfrZxAP7QLFECqDzQV+/DaLLhPQkdB4SjDmGW2GIPUYOZcr3UaHwnhnX1RnB1/pq/KZF35HR2T4w7TZd/2+I1UCWPEBAKGmNxhObC4/mVVhKkaBgw8DQitHAESfZywI5lvzUIis7G821IsaKDQ6SDrYc8QCSwcOZ2U496FAEdEs6aSQpiWYX+bu4FqT622IAKoOuCkGs7PsnmwwAQGLkv/KluArvjffCnRkovBTuIq0edkI5ofaqH27JByHKYq+grK6dYtyj1MxsFBGECiSIQC1wKdtL8UvLOo6mrjj5KpJVe/7ffrD75YZ/MUXaqtDOCvdDAUj6W3gbqkTfo66R5RthG3s6N1T83Ass6immLmqirchH8xF8SYXEZWhoY7guAGwXa7EfyGYmhyqT/1yDIDXoTHsRSJC1EM5A7KmzGZdioaViIk7vI3iCaLP0T3YbfG4OwwICs1gtVX5oM7HDmVZkWwLdP928R+aSXHKwXD3nSbTLkXZZUpLghtDWKR1jtv24/VlXjvPXxJMLIj7jhyNgSNL+Xu1 x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW3PR11MB4617.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(396003)(366004)(136003)(39860400002)(376002)(346002)(55016002)(107886003)(66446008)(71200400001)(15650500001)(186003)(83380400001)(5660300002)(66946007)(64756008)(7696005)(66476007)(2906002)(66556008)(9686003)(38100700002)(76116006)(966005)(86362001)(8676002)(26005)(6506007)(478600001)(4326008)(122000001)(52536014)(8936002)(110136005)(33656002)(54906003)(53546011)(316002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?w+S4OLA8zoE7B25gtGtj+UTWXZItp/OPrmWvvKT90/5YJIajmKtiz4ljfcMB?= =?us-ascii?Q?5OtKDTY45ruQSh3JhNZBOJ7R2cJQcT7yDR3Rq8jYDcFXMGyL/B2hnWTUoEYN?= =?us-ascii?Q?ybU5owOVXf3aJyAlnMSu62yxP6z5+mpv/fONYH/nrnILV0t284K3/HhcmyfP?= =?us-ascii?Q?oqAT5S45xym+Rl3yxk+wtuvL6IZUEe7NQ3HOSxfNWVGS7Wg1Y4ffkr9Jy1Nr?= =?us-ascii?Q?UiMKRWXXndV9VN7uXKWhK+DFD38IVixj43pM4SykeFyAdeejGBq919rBRYJu?= =?us-ascii?Q?EsQSeo18NMGDjtAHhTU4gmFsPV/LDgdDEZS3f0HOe22u1l1cdMAaNr1vK9os?= =?us-ascii?Q?t192hCIsG+vOg3JDki+6YBJVHgGj068BFTtXV6QUFgOqpXhUFAcJUSQS3aqA?= =?us-ascii?Q?CKhEXIwbMVtYiZi1WeCoB0mVq58jv1tKANc8SRtzoga5V5gqusF0MmwXVeaT?= =?us-ascii?Q?T7YgQSaVZsCd6UNXPoKzRM8HD0cpD0EsAHjSXUSbmpORNfUb8bFbLjL/gdr9?= =?us-ascii?Q?ejTARLGFdyXqBgvjqxO7EJ/y5X26Gt1Hc6fyqsVeWvIbzzBmWwbZ91Ft7Fue?= =?us-ascii?Q?UCO0csCwUZKtmdvpFJ/iLPNylSCy6mUZNblT6e+5MGjfcTtjtcSdkOGZYr/B?= =?us-ascii?Q?gDn1FdwSum3dkAyDpRXzAcOEQAj6nESByUi+KLQHsNaiByur37Ir8mrlNJtE?= =?us-ascii?Q?wyUAlJhU+pJCZvFoj3IfYCobyTf0r48YcwcE3O6neXwAtuzHc6LcpMvrv7aX?= =?us-ascii?Q?Zi1sfTxLyPE3WsCGtaiY3knACrgtvmEuUjMghlEASoRvBaM6WSpU9kCI0At5?= =?us-ascii?Q?yiVnsEDXriwg2jhCDbX79EtvMcb1Ueb5z1SDUQhWYAEC6AFJlIEZLfPOXV3p?= =?us-ascii?Q?Qun9W3Ae6Gu5Tl80+p3v3CMfsUoFVXge5iLdG5qsuvfd5+zAco1lM/RaGTdz?= =?us-ascii?Q?2jV1+BGg4oJ+KEjm8CfMJygzbPasFjqoZcUjn0deZSpnepIzEMi9Fh2dipkW?= =?us-ascii?Q?AY3+5VHPsWxntaI8Q6PnBBUYZqZEHe9aqtH+F8Ud/rkRPDoneOrf+EyrFGP8?= =?us-ascii?Q?lceDALLd81qqTPnqPG9WmnGLb0pLoKAbgB6vtZ3ZkIQniYLJlhRzommwgkDM?= =?us-ascii?Q?LTuivQdW8VZYtqAv5dVCZf2AYU/rehosfrH9+DuKm7NX89Kge6JTOyqJ7/8Y?= =?us-ascii?Q?SNq7kUCiVlzz+8CtFOC0z1S/ubeCydCFaflOEylW1hVTIA2fDsK6Pen+hlJo?= =?us-ascii?Q?wknLB0Z2XOPv1PfBBiyg8KM9aDwlto1KaplhAMC0Yhfpwbb8orHVzi4RXQrl?= =?us-ascii?Q?Q3fI01Vn2Iolg6eosjLGM3Jh?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW3PR11MB4617.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7a2bbbb0-c811-4a78-3d3b-08d903cc8970 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Apr 2021 07:18:46.1282 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: JF04pLbmVTgfg3Qyoq5OJTm1r6WahGoSGpUf7RcIltEYiH7bWc0W5N/2utmntzZczkQAoN8N6JebZ/S1ef5oBKaWSru+aWkvJPD2UTUP/tI= X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR1101MB2333 Return-Path: sachin.agrawal@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Jiewen, >>From Section 9.1 in RFC 8017: " Note that the verification operation follows reverse steps to recover salt and then forward steps to recompute and compare H." Therefore, salt length can be inferred from the PSS block structure during = verification operation. I opted for 'RSA_PSS_SALTLEN_AUTO' as it will allow Edk2 to verify PSS sign= atures of any salt lengths. Thanks Sachin -----Original Message----- From: Yao, Jiewen =20 Sent: Monday, April 19, 2021 7:30 PM To: Agrawal, Sachin ; devel@edk2.groups.io Cc: Wang, Jian J ; Lu, XiaoyuX ; Jiang, Guomin Subject: RE: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Add RSA PSS verify sup= port Hi Sachin May I know why you hardcode PSS salt length to be RSA_PSS_SALTLEN_AUTO ? Thank you Yao Jiewen > -----Original Message----- > From: Agrawal, Sachin > Sent: Tuesday, April 20, 2021 10:02 AM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J=20 > ; Lu, XiaoyuX ; Jiang,=20 > Guomin ; Agrawal, Sachin=20 > > Subject: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Add RSA PSS verify=20 > support >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3314 >=20 > This patch uses Openssl's EVP API's to perform RSASSA-PSS verification=20 > of a binary blob. >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Xiaoyu Lu > Cc: Guomin Jiang >=20 > Signed-off-by: Sachin Agrawal > --- > CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c | 139 > ++++++++++++++++++++ > CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c | 43 ++++++ > CryptoPkg/Include/Library/BaseCryptLib.h | 27 ++++ > CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 + > CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 1 + > CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 + > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 + > 7 files changed, 213 insertions(+) >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c > new file mode 100644 > index 000000000000..acf5eb689cd8 > --- /dev/null > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c > @@ -0,0 +1,139 @@ > +/** @file > + RSA Asymmetric Cipher Wrapper Implementation over OpenSSL. > + > + This file implements following APIs which provide basic capabilities f= or RSA: > + 1) RsaPssVerify > + > +Copyright (c) 2021, Intel Corporation. All rights reserved.
> +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include "InternalCryptLib.h" > + > +#include > +#include > +#include > +#include > + > + > +/** > + Retrieve a pointer to EVP message digest object. > + > + @param[in] DigestLen Length of the message digest. > + > +**/ > +static > +EVP_MD* > +GetEvpMD ( > + IN UINT16 DigestLen > + ) > +{ > + switch (DigestLen){ > + case SHA256_DIGEST_SIZE: > + return EVP_sha256(); > + break; > + case SHA384_DIGEST_SIZE: > + return EVP_sha384(); > + break; > + case SHA512_DIGEST_SIZE: > + return EVP_sha512(); > + break; > + default: > + return NULL; > + } > +} > + > + > +/** > + Verifies the RSA signature with RSASSA-PSS signature scheme defined=20 > +in RFC > 8017. > + Implementation determines salt length automatically from the=20 > + signature > encoding. > + Mask generation function is the same as the message digest algorithm. > + > + @param[in] RsaContext Pointer to RSA context for signature verif= ication. > + @param[in] Message Pointer to octet message to be verified. > + @param[in] MsgSize Size of the message in bytes. > + @param[in] Signature Pointer to RSASSA-PSS signature to be veri= fied. > + @param[in] SigSize Size of signature in bytes. > + @param[in] DigestLen Length of digest for RSA operation. > + > + @retval TRUE Valid signature encoded in RSASSA-PSS. > + @retval FALSE Invalid signature or invalid RSA context. > + > +**/ > +BOOLEAN > +EFIAPI > +RsaPssVerify ( > + IN VOID *RsaContext, > + IN CONST UINT8 *Message, > + IN UINTN MsgSize, > + IN CONST UINT8 *Signature, > + IN UINTN SigSize, > + IN UINT16 DigestLen > + ) > +{ > + BOOLEAN Result; > + EVP_PKEY *pEvpRsaKey =3D NULL; > + EVP_MD_CTX *pEvpVerifyCtx =3D NULL; > + EVP_PKEY_CTX *pKeyCtx =3D NULL; > + CONST EVP_MD *HashAlg =3D NULL; > + > + if (RsaContext =3D=3D NULL) { > + return FALSE; > + } > + if (Message =3D=3D NULL || MsgSize =3D=3D 0 || MsgSize > INT_MAX) { > + return FALSE; > + } > + if (Signature =3D=3D NULL || SigSize =3D=3D 0 || SigSize > INT_MAX) { > + return FALSE; > + } > + > + HashAlg =3D GetEvpMD(DigestLen); > + > + if (HashAlg =3D=3D NULL) { > + return FALSE; > + } > + > + pEvpRsaKey =3D EVP_PKEY_new(); > + if (pEvpRsaKey =3D=3D NULL) { > + goto _Exit; > + } > + > + EVP_PKEY_set1_RSA(pEvpRsaKey, RsaContext); > + > + pEvpVerifyCtx =3D EVP_MD_CTX_create(); if (pEvpVerifyCtx =3D=3D NULL)= { > + goto _Exit; > + } > + > + Result =3D EVP_DigestVerifyInit(pEvpVerifyCtx, &pKeyCtx, HashAlg,=20 > + NULL, > pEvpRsaKey) > 0; > + if (pKeyCtx =3D=3D NULL) { > + goto _Exit; > + } > + > + if (Result) { > + Result =3D EVP_PKEY_CTX_set_rsa_padding(pKeyCtx, > RSA_PKCS1_PSS_PADDING) > 0; > + } > + if (Result) { > + Result =3D EVP_PKEY_CTX_set_rsa_pss_saltlen(pKeyCtx, > RSA_PSS_SALTLEN_AUTO) > 0; > + } > + if (Result) { > + Result =3D EVP_PKEY_CTX_set_rsa_mgf1_md(pKeyCtx, HashAlg) > 0; } =20 > + if (Result) { > + Result =3D EVP_DigestVerifyUpdate(pEvpVerifyCtx, Message, > (UINT32)MsgSize) > 0; > + } > + if (Result) { > + Result =3D EVP_DigestVerifyFinal(pEvpVerifyCtx, Signature,=20 > + (UINT32)SigSize) > 0; } > + > +_Exit : > + if (pEvpRsaKey) { > + EVP_PKEY_free(pEvpRsaKey); > + } > + if (pEvpVerifyCtx) { > + EVP_MD_CTX_destroy(pEvpVerifyCtx); > + } > + > + return Result; > +} > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c > new file mode 100644 > index 000000000000..8d84b4c1426c > --- /dev/null > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c > @@ -0,0 +1,43 @@ > +/** @file > + RSA-PSS Asymmetric Cipher Wrapper Implementation over OpenSSL. > + > + This file does not provide real capabilities for following APIs in RSA= handling: > + 1) RsaPssVerify > + > +Copyright (c) 2021, Intel Corporation. All rights reserved.
> +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include "InternalCryptLib.h" > + > +/** > + Verifies the RSA signature with RSASSA-PSS signature scheme defined=20 > +in RFC > 8017. > + Implementation determines salt length automatically from the=20 > + signature > encoding. > + Mask generation function is the same as the message digest algorithm. > + > + @param[in] RsaContext Pointer to RSA context for signature verif= ication. > + @param[in] Message Pointer to octet message to be verified. > + @param[in] MsgSize Size of the message in bytes. > + @param[in] Signature Pointer to RSASSA-PSS signature to be veri= fied. > + @param[in] SigSize Size of signature in bytes. > + @param[in] DigestLen Length of digest for RSA operation. > + > + @retval TRUE Valid signature encoded in RSASSA-PSS. > + @retval FALSE Invalid signature or invalid RSA context. > + > +**/ > +BOOLEAN > +EFIAPI > +RsaPssVerify ( > + IN VOID *RsaContext, > + IN CONST UINT8 *Message, > + IN UINTN MsgSize, > + IN CONST UINT8 *Signature, > + IN UINTN SigSize, > + IN UINT16 DigestLen > + ) > +{ > + ASSERT (FALSE); > + return FALSE; > +} > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > b/CryptoPkg/Include/Library/BaseCryptLib.h > index 496121e6a4ed..36d560b8d691 100644 > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > @@ -1363,6 +1363,33 @@ RsaPkcs1Verify ( > IN UINTN SigSize > ); >=20 > +/** > + Verifies the RSA signature with RSASSA-PSS signature scheme defined=20 > +in RFC > 8017. > + Implementation determines salt length automatically from the=20 > + signature > encoding. > + Mask generation function is the same as the message digest algorithm. > + > + @param[in] RsaContext Pointer to RSA context for signature verif= ication. > + @param[in] Message Pointer to octet message to be verified. > + @param[in] MsgSize Size of the message in bytes. > + @param[in] Signature Pointer to RSASSA-PSS signature to be veri= fied. > + @param[in] SigSize Size of signature in bytes. > + @param[in] DigestLen Length of digest for RSA operation. > + > + @retval TRUE Valid signature encoded in RSASSA-PSS. > + @retval FALSE Invalid signature or invalid RSA context. > + > +**/ > +BOOLEAN > +EFIAPI > +RsaPssVerify ( > + IN VOID *RsaContext, > + IN CONST UINT8 *Message, > + IN UINTN MsgSize, > + IN CONST UINT8 *Signature, > + IN UINTN SigSize, > + IN UINT16 DigestLen > + ); > + > /** > Retrieve the RSA Private Key from the password-protected PEM key data. >=20