From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web10.13023.1619100968600807558 for ; Thu, 22 Apr 2021 07:16:08 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=vHkqr1hR; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: sachin.agrawal@intel.com) IronPort-SDR: ZG8vfbwGFtEyf2duqZY3tsrkXpjAUgBrVOnsssqBvrLUZIHefMFyXKm4Jekn4iaeptKvpVBmRH rkHyjlp2zxww== X-IronPort-AV: E=McAfee;i="6200,9189,9962"; a="281222535" X-IronPort-AV: E=Sophos;i="5.82,242,1613462400"; d="scan'208";a="281222535" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Apr 2021 07:16:03 -0700 IronPort-SDR: PUA8uowpcMjxiGBQGB9YHVCJl/uJ4NxmpKSml5zjEh3rsq8JEvIdJhPJVGcnm8sC0aC9du9Z8A snzatCz+95FQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,242,1613462400"; d="scan'208";a="524658212" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by fmsmga001.fm.intel.com with ESMTP; 22 Apr 2021 07:16:03 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Thu, 22 Apr 2021 07:16:02 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2 via Frontend Transport; Thu, 22 Apr 2021 07:16:02 -0700 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.103) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2106.2; Thu, 22 Apr 2021 07:16:02 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lX6SZ96mzaXLkmLCMBIhJp0QPomZVDIcFNK6tb1s3EFNuZEBYsUvNeWaRU/fFqSZTgavSfo2+JgozdDSQdrBTYQ1151gT/g2YMgJnArH8TD0hMzoLNGOjZtik0LhsyNgg9HSlGKjgkU37KufjaTyGEDCUdR+YizhwJfRUUByBEmAc1S3kyv65boRWzpL0Fn83wqfQ7UXo+5vdfxLJ9cfZVb/U6Sbx+v4RSRhDDmqQ5I55j84Lz+0TBymyrXTPxZGDmyjuPgmAt9otLIPNWzwx+SQcCFGI6WLwmqXrE3O+vE9nRByuTd7AUBXYbW5ucRsUcfLVdtomLoEbNBPQiPqGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8BIlKgMNJJ8TWDPEU7PjL9maqPiNFnUdUvyMiSYohlo=; b=XsM68mjtYe5OBCfkkXNFwVYRkzkk7SS4OVBr7IIWDQinXQnYV4z7w97IT/x2BP65ufatuHCWdyh0z7ebABc9gayotOi/0huCDafcwcHCCEfipxGP1fwYwq2vRPU9wCtZoCKaZZbUGHfScT1RTGhodwgwfwJAqHnUnNgAqbseTH4RAWNhAcUlZT8+7C4D9kJcGbT/+Qcyd3sptJOqrOGymQKXKkCpCgPyxEWOJkMAgjJ+6fw8VAcBnGRCjKKtXnEgAWCDZ3LU/GYSXhsmtFiWRDgE2s3aUpBSie7+8NIHcnoYHxlvxZKswQ6ALzV5WevK5dy4BBEpoL2MATVwxXMPxg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8BIlKgMNJJ8TWDPEU7PjL9maqPiNFnUdUvyMiSYohlo=; b=vHkqr1hRQ3bQSRlNe55XgnDSH7hBzso4Xx6MvVYY6QO9DoJTNWLpPWeInOF2tIRwF4JPEjuW8dP4IsrmWkuB0Vf64vxPfeifNox+u1TBhCmRm2ZTQKOy4sQBbbDpIQPYDBfLEnumyZxU6mYPw03lpcbPn0wRyhdLH0GvuYilllc= Received: from MW3PR11MB4617.namprd11.prod.outlook.com (2603:10b6:303:59::24) by MWHPR11MB1455.namprd11.prod.outlook.com (2603:10b6:301:9::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4042.16; Thu, 22 Apr 2021 14:16:00 +0000 Received: from MW3PR11MB4617.namprd11.prod.outlook.com ([fe80::6482:bc29:8a4e:2b26]) by MW3PR11MB4617.namprd11.prod.outlook.com ([fe80::6482:bc29:8a4e:2b26%5]) with mapi id 15.20.4065.020; Thu, 22 Apr 2021 14:16:00 +0000 From: "Agrawal, Sachin" To: "Yao, Jiewen" , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Lu, XiaoyuX" , "Jiang, Guomin" Subject: Re: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Add RSA PSS verify support Thread-Topic: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Add RSA PSS verify support Thread-Index: AQHXNYkmert4u91dZEiqg6QHTrh+y6q8rvcAgAA12YCAADqwgIAAVsXwgAC58ACAAmKdoA== Date: Thu, 22 Apr 2021 14:16:00 +0000 Message-ID: References: <20210420020150.29212-1-sachin.agrawal@intel.com> <20210420020150.29212-2-sachin.agrawal@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.5.1.3 authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [73.240.103.37] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: f6fd87ff-dfad-468b-cbb9-08d905992801 x-ms-traffictypediagnostic: MWHPR11MB1455: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Nt+yNrnEv7+MkmO9ipcRDyYJKTcbA+TpYf7bbs+OhHEbrQiF8jVFvsKV3oLL5UORWC9i08i8uznqrApvff+WHP/mGAV0JWMyoyG19AIj6DO3+EHvJCF1S1wtgi1Hch64M1ocenMSiITgKI9AwTpU/Wbuo2RyRi5IW0TueIM29hylUJKE4BQIjoFDDm0o04B8NOrCqiEygvH/d6/b4so2iPEpl1kaLszqx9SqNCkGIi7f/+y6iGoDOZ3Nvp/NCPo1gtIz09ENuQt1aX6NbNyCP3CsTKB3eLs/FeLi8DjMzvR9MxFQ973M/sPCl+MX9gM9jXc4fwhP/AGPv7Zoyt8mH89YzEEGZZt/KOG8QfYJgJAnRsc39LAEGMg2igJUPdOaPeNUxhs7HXOJDLRqBupqYtLIMbK/WD6SFSpJhyMXw4w7E5j/WG4S6dlfHOqDcYizwpYoiojBHx4ROj6uwX4l4k6bdu30JXHVwHgNXZ4XCkiMTzA31rqwGEJYn1S8M1xepyfe7vq/r6eDPwHrkWmagwjV6x1sr/RcMPFpR6HvebMd6AtvkVzq6bC/+EaFnRvWF6cMJTuNOVAYFXw6g0x4q8gsPemhSPeE0AvvSYQOqvFBBkXkp3rZ/MihzxnNxz6Bsq/KmzcHGpkKqS9i3d2mUrrsOeuvtmYpN1BlduY7nv2b+xK52ze0cUI6W03R13tpXT6/fobAjffQr5MfmfdOXD5KnEqi9z7xvjXqbAMbREs= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW3PR11MB4617.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(136003)(376002)(396003)(366004)(346002)(39860400002)(76116006)(66556008)(71200400001)(66946007)(66476007)(33656002)(66446008)(6506007)(26005)(64756008)(478600001)(5660300002)(15650500001)(7696005)(966005)(53546011)(30864003)(8676002)(86362001)(110136005)(9686003)(122000001)(52536014)(83380400001)(55016002)(4326008)(2906002)(8936002)(107886003)(54906003)(38100700002)(186003)(316002)(15398625002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?koi8-r?Q?o58eTX4GjwWi5Y9LkdqEdURFl1KnIfxTZKDgXGZ6Am+o87POjgZL3AsLHzu8sR?= =?koi8-r?Q?MghZpT0PBUAaTCH4IqdBl/L6y2T8+X3eT5zK7v2pTh9SIK0506TMvXZUFoSIRk?= =?koi8-r?Q?4scvkYAJd8tKJsqxp8HRTu07VwYvhbyxrvsHvV1/vk5hgXoc307SydouHQDMiO?= =?koi8-r?Q?GFXzvZ7F96X+E0EkDGYpQl7YkqZ3ui16hrgQOKdEtJDE0P83vOQzd4xl3IqmeK?= =?koi8-r?Q?grFuNPE16b6UmqGb971kyTg5obZsMQIXC8uUpUUF8F096Dus1dT+9xk0J6op+E?= =?koi8-r?Q?FAIXm7z5Ol6OtaM+Vb/ivJj2z9zGz4V5D/OAKWLGNMBC68fuBFx8br+E/p4abn?= =?koi8-r?Q?BDQYPK8N3jQYtkHRR21xgDH1SiL/HLt5Ay3np6V72VHZ3VF3zTvqVcL69mUBPO?= =?koi8-r?Q?WBPUgNYFwk8Ky0vrngxPkL7GZcMi4bHPOldZRiBbFPe8kc1qMOdsjQuVyOdUVt?= =?koi8-r?Q?36FaOuSmJ3HEM9y48KJbksl9QlnTUWgTi5PX9JF5WAf62qRdNXzkINvOGFIaeX?= =?koi8-r?Q?gJSQLAZ3q29xjntM44TwP/tvjL1JanpdVUW5FYruQVxM/TCJsAP61Ke8Zdw6qs?= =?koi8-r?Q?SdqZy/hnVVdN7iS3aS/76OZszAlPnHHyfuVdrgIHeenQ23gpuYGnoBPA1+g/gT?= =?koi8-r?Q?vIYCmQsPi62mg2lhldcTekEt1nNibnwRViYHZjr+iOH/nuFkAJPGt3ESr0WdS9?= =?koi8-r?Q?KzyA5Ldit2LgXSyly299hZjMg9AvP8o4dxF4RIceZ84pDALRQzAYYcyuuHjn4I?= =?koi8-r?Q?zkvyyIp0HGWNgYYTQxlAs2ElPHw+ag6vl5Yi062D/z2+0zqq87JeLdk2WNTBPV?= =?koi8-r?Q?cn0E/EmEjWCVUK2bh+1ay8KvUQ27KVlWEVerDTT8vXXoCTHWAZJ7++M0nsWcgZ?= =?koi8-r?Q?zvXBBWVyg5+rA0fGHt5ZJmDEK7ErCprm0X6Anrv2k6rxXODBpEQD0a0y+uHFv+?= =?koi8-r?Q?UKgXUIcxvyrgtOchQfVtLHCmL/Ljk9cRDQrTIHVJE/1h63lCovedwi434RD5ft?= =?koi8-r?Q?3otR44Adp5cRrjpPkWUG61kWREYINcKbYIlp+p32xiHQSJFMQe8oQGA1/drtby?= =?koi8-r?Q?pZR/cTzQZVx81ulkCIuAps8TdUdcHQjT4YN6eZ6Qe5oDXyG7VWyBvhx9HCM5j0?= =?koi8-r?Q?WpmpvQZxqce9gMUdi7bCaUXBh1ZHw7XV3mfCb4CpMHPmp5UHPl1NUUclVt2uGY?= =?koi8-r?Q?Hw2DZ1GrLM/5S+hqOem2Mq+fwKbUScbfcxbruSCk/xoU6OtBmVJC9+HvyCNNg0?= =?koi8-r?Q?PoiSNYq3HlDGWOhrARurP636okIcbau2zivG3IYhBT?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW3PR11MB4617.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: f6fd87ff-dfad-468b-cbb9-08d905992801 X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Apr 2021 14:16:00.7792 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: nSnmog3IFk94WFcV5MT3rCM/iZIFtxOxUdPKhl1UVPL9tIgjZ4FXIRQje+CS6yAegkVglLfSaG9xftxxtQERLmMFYpNIrfyBXPYAf2DPY60= X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1455 Return-Path: sachin.agrawal@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Hi Jiewen, Thanks for sharing these references. We are currently using Salt Length of digest length. I will add the test for new API in the unit test framework in the next vers= ion of the patch. In reference to adding support for RsaPssSign() API : This maybe due to my = ignorance, but I am unaware of usages where BIOS is involved in doing asymm= etric signing during run time. I do see that CryptoPkg also contains TLS in= terface and that would involve asymmetric signing, but that will directly u= se the OpenSSL's TLS interface for signing. And, therefore I was skeptical = about adding RsaPssSign interface. Thanks Sachin -----Original Message----- From: Yao, Jiewen =20 Sent: Tuesday, April 20, 2021 6:29 PM To: Agrawal, Sachin ; devel@edk2.groups.io Cc: Wang, Jian J ; Lu, XiaoyuX ; Jiang, Guomin Subject: RE: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Add RSA PSS verify sup= port HI Sachin Sorry, I forget to add link for the reference. 1) TPM2 Library Specification, part 2 structure (https://trustedcomputinggr= oup.org/wp-content/uploads/TCG_TPM2_r1p64_Part2_Structures_15may2021.pdf) d= escribes the PSS salt length. For the TPM_ALG_RSAPSS signing scheme, ... .... The salt size is always the largest salt value that will fit into the available space. 2) NIST FIPS 186-5 draft (https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.= 186-5-draft.pdf) and NIST FIPS 186-4 (https://doi.org/10.6028/NIST.FIPS.186= -4) says: For RSASSA-PSS, the length (in bytes) of the salt (sLen) shall satisfy 0 =98 sLen =98 hLen 3) TCG FIPS 140-2 Guidance for TPM2 (https://trustedcomputinggroup.org/reso= urce/tcg-fips-140-2-guidance-for-tpm-2-0/) mentions: Language in [1] Part 1 Appendix B.7 RSASSA_PSS indicates: "For both restricted and unrestricted signing keys, the random salt len= gth will be the largest size allowed by the key size and message digest size. NOTE If the TPM implementation is required to be compliant with FIPS 186-4,= then the random salt length will be the largest size allowed by that specification." 4) TLS1.3 - RFC8446 (https://datatracker.ietf.org/doc/rfc8446/) has below. RSASSA-PSS PSS algorithms:=20 The length of the Salt MUST be equal to the length of the digest algorithm. My view is that, TLS 1.3 and TPM FIPS mode require salt length =3D=3D hash = length, explicitly. May I know that in your production, which salt length you choose in signing= ? If you also choose salt length =3D=3D hash length, then I would recommend m= ake the default behavior to be HASH_LEN instead of AUTO. Also, may I recommend we add RsaPssSign API as well? Please also add the new API to the crypto test unit test. I notice that crypto implementation (such as openssl, mbedtls) has API to l= et caller indicate what is the expected salt length. The caller may want AU= TO or MAX in their special environment. I am OK to add another API later (s= uch as RsaPssVerifyEx) to satisfy that need, if there is real use case. > -----Original Message----- > From: Agrawal, Sachin > Sent: Tuesday, April 20, 2021 11:20 PM > To: Yao, Jiewen ; devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, XiaoyuX=20 > ; Jiang, Guomin > Subject: RE: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Add RSA PSS=20 > verify support >=20 > Hi Jiewen, >=20 > I reviewed RFC 8017 and I could not find any specific=20 > 'recommendations' on salt length to be used during signing with PSS encod= ing scheme. > However, in Section D.5.2.2.1(Notes 2) of IEEE 1363a-2004, it is=20 > recommended to use salt length atleast equal to the hash digest length. >=20 > We can modify the current API to take a additional parameter as salt=20 > length and ONLY pursue verification operation if Salt length is=20 > atleast equal to digest length. > This will act as a hardening mechanism for Edk2 as it will accept=20 > signatures only with 'appropriate' salt lengths. >=20 > Let me know if this is fine and I will push a corresponding patch. >=20 > Thx > Sachin >=20 >=20 > -----Original Message----- > From: Yao, Jiewen > Sent: Tuesday, April 20, 2021 2:12 AM > To: Agrawal, Sachin ; devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, XiaoyuX=20 > ; Jiang, Guomin > Subject: RE: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Add RSA PSS=20 > verify support >=20 > Right. That has PROs and CONs. >=20 > On one hand, that allows maximum compatibility, salt could be=20 > HASH_SIZE or MAX, or even 0 ? >=20 > On the other hand, what if the consumer only wants to accept a=20 > specific length? E.g. TPM in FIPS mode and TLS requires SaltLength=3D=3DH= ashLength. >=20 > Thank you > Yao Jiewen >=20 >=20 > > -----Original Message----- > > From: Agrawal, Sachin > > Sent: Tuesday, April 20, 2021 3:19 PM > > To: Yao, Jiewen ; devel@edk2.groups.io > > Cc: Wang, Jian J ; Lu, XiaoyuX=20 > > ; Jiang, Guomin > > Subject: RE: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Add RSA PSS=20 > > verify support > > > > Hi Jiewen, > > > > From Section 9.1 in RFC 8017: > > " Note that the verification operation follows reverse steps to recover > > salt and then forward steps to recompute and compare H." > > > > Therefore, salt length can be inferred from the PSS block structure=20 > > during verification operation. > > > > I opted for 'RSA_PSS_SALTLEN_AUTO' as it will allow Edk2 to verify=20 > > PSS signatures of any salt lengths. > > > > Thanks > > Sachin > > > > -----Original Message----- > > From: Yao, Jiewen > > Sent: Monday, April 19, 2021 7:30 PM > > To: Agrawal, Sachin ; devel@edk2.groups.io > > Cc: Wang, Jian J ; Lu, XiaoyuX=20 > > ; Jiang, Guomin > > Subject: RE: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Add RSA PSS=20 > > verify support > > > > Hi Sachin > > May I know why you hardcode PSS salt length to be > RSA_PSS_SALTLEN_AUTO ? > > > > Thank you > > Yao Jiewen > > > > > > > -----Original Message----- > > > From: Agrawal, Sachin > > > Sent: Tuesday, April 20, 2021 10:02 AM > > > To: devel@edk2.groups.io > > > Cc: Yao, Jiewen ; Wang, Jian J=20 > > > ; Lu, XiaoyuX ;=20 > > > Jiang, Guomin ; Agrawal, Sachin=20 > > > > > > Subject: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Add RSA PSS=20 > > > verify support > > > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3314 > > > > > > This patch uses Openssl's EVP API's to perform RSASSA-PSS=20 > > > verification of a binary blob. > > > > > > Cc: Jiewen Yao > > > Cc: Jian J Wang > > > Cc: Xiaoyu Lu > > > Cc: Guomin Jiang > > > > > > Signed-off-by: Sachin Agrawal > > > --- > > > CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c | 139 > > > ++++++++++++++++++++ > > > CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c | 43 ++++++ > > > CryptoPkg/Include/Library/BaseCryptLib.h | 27 ++++ > > > CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 + > > > CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 1 + > > > CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 + > > > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 + > > > 7 files changed, 213 insertions(+) > > > > > > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c > > > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c > > > new file mode 100644 > > > index 000000000000..acf5eb689cd8 > > > --- /dev/null > > > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c > > > @@ -0,0 +1,139 @@ > > > +/** @file > > > + RSA Asymmetric Cipher Wrapper Implementation over OpenSSL. > > > + > > > + This file implements following APIs which provide basic=20 > > > + capabilities for > RSA: > > > + 1) RsaPssVerify > > > + > > > +Copyright (c) 2021, Intel Corporation. All rights reserved.
> > > +SPDX-License-Identifier: BSD-2-Clause-Patent > > > + > > > +**/ > > > + > > > +#include "InternalCryptLib.h" > > > + > > > +#include > > > +#include > > > +#include > > > +#include > > > + > > > + > > > +/** > > > + Retrieve a pointer to EVP message digest object. > > > + > > > + @param[in] DigestLen Length of the message digest. > > > + > > > +**/ > > > +static > > > +EVP_MD* > > > +GetEvpMD ( > > > + IN UINT16 DigestLen > > > + ) > > > +{ > > > + switch (DigestLen){ > > > + case SHA256_DIGEST_SIZE: > > > + return EVP_sha256(); > > > + break; > > > + case SHA384_DIGEST_SIZE: > > > + return EVP_sha384(); > > > + break; > > > + case SHA512_DIGEST_SIZE: > > > + return EVP_sha512(); > > > + break; > > > + default: > > > + return NULL; > > > + } > > > +} > > > + > > > + > > > +/** > > > + Verifies the RSA signature with RSASSA-PSS signature scheme=20 > > > +defined in RFC > > > 8017. > > > + Implementation determines salt length automatically from the=20 > > > + signature > > > encoding. > > > + Mask generation function is the same as the message digest algorit= hm. > > > + > > > + @param[in] RsaContext Pointer to RSA context for signature > verification. > > > + @param[in] Message Pointer to octet message to be verifie= d. > > > + @param[in] MsgSize Size of the message in bytes. > > > + @param[in] Signature Pointer to RSASSA-PSS signature to be = verified. > > > + @param[in] SigSize Size of signature in bytes. > > > + @param[in] DigestLen Length of digest for RSA operation. > > > + > > > + @retval TRUE Valid signature encoded in RSASSA-PSS. > > > + @retval FALSE Invalid signature or invalid RSA context. > > > + > > > +**/ > > > +BOOLEAN > > > +EFIAPI > > > +RsaPssVerify ( > > > + IN VOID *RsaContext, > > > + IN CONST UINT8 *Message, > > > + IN UINTN MsgSize, > > > + IN CONST UINT8 *Signature, > > > + IN UINTN SigSize, > > > + IN UINT16 DigestLen > > > + ) > > > +{ > > > + BOOLEAN Result; > > > + EVP_PKEY *pEvpRsaKey =3D NULL; > > > + EVP_MD_CTX *pEvpVerifyCtx =3D NULL; > > > + EVP_PKEY_CTX *pKeyCtx =3D NULL; > > > + CONST EVP_MD *HashAlg =3D NULL; > > > + > > > + if (RsaContext =3D=3D NULL) { > > > + return FALSE; > > > + } > > > + if (Message =3D=3D NULL || MsgSize =3D=3D 0 || MsgSize > INT_MAX) = { > > > + return FALSE; > > > + } > > > + if (Signature =3D=3D NULL || SigSize =3D=3D 0 || SigSize > INT_MAX= ) { > > > + return FALSE; > > > + } > > > + > > > + HashAlg =3D GetEvpMD(DigestLen); > > > + > > > + if (HashAlg =3D=3D NULL) { > > > + return FALSE; > > > + } > > > + > > > + pEvpRsaKey =3D EVP_PKEY_new(); > > > + if (pEvpRsaKey =3D=3D NULL) { > > > + goto _Exit; > > > + } > > > + > > > + EVP_PKEY_set1_RSA(pEvpRsaKey, RsaContext); > > > + > > > + pEvpVerifyCtx =3D EVP_MD_CTX_create(); if (pEvpVerifyCtx =3D=3D N= ULL) { > > > + goto _Exit; > > > + } > > > + > > > + Result =3D EVP_DigestVerifyInit(pEvpVerifyCtx, &pKeyCtx, HashAlg,= =20 > > > + NULL, > > > pEvpRsaKey) > 0; > > > + if (pKeyCtx =3D=3D NULL) { > > > + goto _Exit; > > > + } > > > + > > > + if (Result) { > > > + Result =3D EVP_PKEY_CTX_set_rsa_padding(pKeyCtx, > > > RSA_PKCS1_PSS_PADDING) > 0; > > > + } > > > + if (Result) { > > > + Result =3D EVP_PKEY_CTX_set_rsa_pss_saltlen(pKeyCtx, > > > RSA_PSS_SALTLEN_AUTO) > 0; > > > + } > > > + if (Result) { > > > + Result =3D EVP_PKEY_CTX_set_rsa_mgf1_md(pKeyCtx, HashAlg) > 0; = =20 > > > + } if (Result) { > > > + Result =3D EVP_DigestVerifyUpdate(pEvpVerifyCtx, Message, > > > (UINT32)MsgSize) > 0; > > > + } > > > + if (Result) { > > > + Result =3D EVP_DigestVerifyFinal(pEvpVerifyCtx, Signature, > > > + (UINT32)SigSize) > 0; } > > > + > > > +_Exit : > > > + if (pEvpRsaKey) { > > > + EVP_PKEY_free(pEvpRsaKey); > > > + } > > > + if (pEvpVerifyCtx) { > > > + EVP_MD_CTX_destroy(pEvpVerifyCtx); > > > + } > > > + > > > + return Result; > > > +} > > > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c > > > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c > > > new file mode 100644 > > > index 000000000000..8d84b4c1426c > > > --- /dev/null > > > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c > > > @@ -0,0 +1,43 @@ > > > +/** @file > > > + RSA-PSS Asymmetric Cipher Wrapper Implementation over OpenSSL. > > > + > > > + This file does not provide real capabilities for following APIs=20 > > > + in RSA > handling: > > > + 1) RsaPssVerify > > > + > > > +Copyright (c) 2021, Intel Corporation. All rights reserved.
> > > +SPDX-License-Identifier: BSD-2-Clause-Patent > > > + > > > +**/ > > > + > > > +#include "InternalCryptLib.h" > > > + > > > +/** > > > + Verifies the RSA signature with RSASSA-PSS signature scheme=20 > > > +defined in RFC > > > 8017. > > > + Implementation determines salt length automatically from the=20 > > > + signature > > > encoding. > > > + Mask generation function is the same as the message digest algorit= hm. > > > + > > > + @param[in] RsaContext Pointer to RSA context for signature > verification. > > > + @param[in] Message Pointer to octet message to be verifie= d. > > > + @param[in] MsgSize Size of the message in bytes. > > > + @param[in] Signature Pointer to RSASSA-PSS signature to be = verified. > > > + @param[in] SigSize Size of signature in bytes. > > > + @param[in] DigestLen Length of digest for RSA operation. > > > + > > > + @retval TRUE Valid signature encoded in RSASSA-PSS. > > > + @retval FALSE Invalid signature or invalid RSA context. > > > + > > > +**/ > > > +BOOLEAN > > > +EFIAPI > > > +RsaPssVerify ( > > > + IN VOID *RsaContext, > > > + IN CONST UINT8 *Message, > > > + IN UINTN MsgSize, > > > + IN CONST UINT8 *Signature, > > > + IN UINTN SigSize, > > > + IN UINT16 DigestLen > > > + ) > > > +{ > > > + ASSERT (FALSE); > > > + return FALSE; > > > +} > > > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > > > b/CryptoPkg/Include/Library/BaseCryptLib.h > > > index 496121e6a4ed..36d560b8d691 100644 > > > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > > > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > > > @@ -1363,6 +1363,33 @@ RsaPkcs1Verify ( > > > IN UINTN SigSize > > > ); > > > > > > +/** > > > + Verifies the RSA signature with RSASSA-PSS signature scheme=20 > > > +defined in RFC > > > 8017. > > > + Implementation determines salt length automatically from the=20 > > > + signature > > > encoding. > > > + Mask generation function is the same as the message digest algorit= hm. > > > + > > > + @param[in] RsaContext Pointer to RSA context for signature > verification. > > > + @param[in] Message Pointer to octet message to be verifie= d. > > > + @param[in] MsgSize Size of the message in bytes. > > > + @param[in] Signature Pointer to RSASSA-PSS signature to be = verified. > > > + @param[in] SigSize Size of signature in bytes. > > > + @param[in] DigestLen Length of digest for RSA operation. > > > + > > > + @retval TRUE Valid signature encoded in RSASSA-PSS. > > > + @retval FALSE Invalid signature or invalid RSA context. > > > + > > > +**/ > > > +BOOLEAN > > > +EFIAPI > > > +RsaPssVerify ( > > > + IN VOID *RsaContext, > > > + IN CONST UINT8 *Message, > > > + IN UINTN MsgSize, > > > + IN CONST UINT8 *Signature, > > > + IN UINTN SigSize, > > > + IN UINT16 DigestLen > > > + ); > > > + > > > /** > > > Retrieve the RSA Private Key from the password-protected PEM key d= ata. > > >