From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Agrawal, Sachin" <sachin.agrawal@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Wang, Jian J" <jian.j.wang@intel.com>,
"Lu, XiaoyuX" <xiaoyux.lu@intel.com>,
"Jiang, Guomin" <guomin.jiang@intel.com>
Subject: Re: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Update Salt length requirement for RSA-PSS scheme.
Date: Tue, 15 Jun 2021 00:35:27 +0000 [thread overview]
Message-ID: <PH0PR11MB488573BFF1009D5C6296DCB88C309@PH0PR11MB4885.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20210614153043.2500-2-sachin.agrawal@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
> -----Original Message-----
> From: Agrawal, Sachin <sachin.agrawal@intel.com>
> Sent: Monday, June 14, 2021 11:31 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Lu, XiaoyuX <xiaoyux.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>
> Subject: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Update Salt length
> requirement for RSA-PSS scheme.
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3455
>
> Enforce salt length to be equal to digest length for RSA-PSS
> encoding scheme.
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
>
> Signed-off-by: Sachin Agrawal <sachin.agrawal@intel.com>
> ---
> CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c | 4 ++--
> CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c | 2 +-
> CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c | 4 ++--
> CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSignNull.c | 2 +-
> CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssNull.c | 2 +-
> CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssSignNull.c | 2 +-
> CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 10 +++++++++-
> CryptoPkg/Include/Library/BaseCryptLib.h | 4 ++--
> CryptoPkg/Private/Protocol/Crypto.h | 4 ++--
> 9 files changed, 21 insertions(+), 13 deletions(-)
>
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c
> index 0b2960f06c4c..37075ea65a0d 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c
> @@ -50,7 +50,7 @@ GetEvpMD (
> Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC
> 8017.
> Implementation determines salt length automatically from the signature
> encoding.
> Mask generation function is the same as the message digest algorithm.
> - Salt length should atleast be equal to digest length.
> + Salt length should be equal to digest length.
>
> @param[in] RsaContext Pointer to RSA context for signature verification.
> @param[in] Message Pointer to octet message to be verified.
> @@ -97,7 +97,7 @@ RsaPssVerify (
> if (Signature == NULL || SigSize == 0 || SigSize > INT_MAX) {
> return FALSE;
> }
> - if (SaltLen < DigestLen) {
> + if (SaltLen != DigestLen) {
> return FALSE;
> }
>
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c
> index 69c6889fbc4b..cc325c92911c 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c
> @@ -15,7 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC
> 8017.
> Implementation determines salt length automatically from the signature
> encoding.
> Mask generation function is the same as the message digest algorithm.
> - Salt length should atleast be equal to digest length.
> + Salt length should be equal to digest length.
>
> @param[in] RsaContext Pointer to RSA context for signature verification.
> @param[in] Message Pointer to octet message to be verified.
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c
> index ece765f9ae0a..06187ff4baa7 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c
> @@ -59,7 +59,7 @@ GetEvpMD (
> If Message is NULL, then return FALSE.
> If MsgSize is zero or > INT_MAX, then return FALSE.
> If DigestLen is NOT 32, 48 or 64, return FALSE.
> - If SaltLen is < DigestLen, then return FALSE.
> + If SaltLen is not equal to DigestLen, then return FALSE.
> If SigSize is large enough but Signature is NULL, then return FALSE.
> If this interface is not supported, then return FALSE.
>
> @@ -120,7 +120,7 @@ RsaPssSign (
> return FALSE;
> }
>
> - if (SaltLen < DigestLen) {
> + if (SaltLen != DigestLen) {
> return FALSE;
> }
>
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSignNull.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSignNull.c
> index 4ed2dfce992a..911b97252182 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSignNull.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSignNull.c
> @@ -24,7 +24,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> If Message is NULL, then return FALSE.
> If MsgSize is zero or > INT_MAX, then return FALSE.
> If DigestLen is NOT 32, 48 or 64, return FALSE.
> - If SaltLen is < DigestLen, then return FALSE.
> + If SaltLen is not equal to DigestLen, then return FALSE.
> If SigSize is large enough but Signature is NULL, then return FALSE.
> If this interface is not supported, then return FALSE.
>
> diff --git a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssNull.c
> b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssNull.c
> index 69c6889fbc4b..cc325c92911c 100644
> --- a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssNull.c
> +++ b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssNull.c
> @@ -15,7 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC
> 8017.
> Implementation determines salt length automatically from the signature
> encoding.
> Mask generation function is the same as the message digest algorithm.
> - Salt length should atleast be equal to digest length.
> + Salt length should be equal to digest length.
>
> @param[in] RsaContext Pointer to RSA context for signature verification.
> @param[in] Message Pointer to octet message to be verified.
> diff --git a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssSignNull.c
> b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssSignNull.c
> index 4ed2dfce992a..911b97252182 100644
> --- a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssSignNull.c
> +++ b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssSignNull.c
> @@ -24,7 +24,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> If Message is NULL, then return FALSE.
> If MsgSize is zero or > INT_MAX, then return FALSE.
> If DigestLen is NOT 32, 48 or 64, return FALSE.
> - If SaltLen is < DigestLen, then return FALSE.
> + If SaltLen is not equal to DigestLen, then return FALSE.
> If SigSize is large enough but Signature is NULL, then return FALSE.
> If this interface is not supported, then return FALSE.
>
> diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> index af99ed7f5b42..fcb59137805b 100644
> --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> @@ -1556,7 +1556,7 @@ RsaPkcs1Verify (
> Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC
> 8017.
> Implementation determines salt length automatically from the signature
> encoding.
> Mask generation function is the same as the message digest algorithm.
> - Salt length should atleast be equal to digest length.
> + Salt length should be equal to digest length.
>
> @param[in] RsaContext Pointer to RSA context for signature verification.
> @param[in] Message Pointer to octet message to be verified.
> @@ -1592,6 +1592,14 @@ RsaPssVerify (
> If the Signature buffer is too small to hold the contents of signature, FALSE
> is returned and SigSize is set to the required buffer size to obtain the signature.
>
> + If RsaContext is NULL, then return FALSE.
> + If Message is NULL, then return FALSE.
> + If MsgSize is zero or > INT_MAX, then return FALSE.
> + If DigestLen is NOT 32, 48 or 64, return FALSE.
> + If SaltLen is not equal to DigestLen, then return FALSE.
> + If SigSize is large enough but Signature is NULL, then return FALSE.
> + If this interface is not supported, then return FALSE.
> +
> @param[in] RsaContext Pointer to RSA context for signature generation.
> @param[in] Message Pointer to octet message to be signed.
> @param[in] MsgSize Size of the message in bytes.
> diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h
> b/CryptoPkg/Include/Library/BaseCryptLib.h
> index 8c7d5922ef96..630ccb5e7500 100644
> --- a/CryptoPkg/Include/Library/BaseCryptLib.h
> +++ b/CryptoPkg/Include/Library/BaseCryptLib.h
> @@ -1376,7 +1376,7 @@ RsaPkcs1Verify (
> If Message is NULL, then return FALSE.
> If MsgSize is zero or > INT_MAX, then return FALSE.
> If DigestLen is NOT 32, 48 or 64, return FALSE.
> - If SaltLen is < DigestLen, then return FALSE.
> + If SaltLen is not equal to DigestLen, then return FALSE.
> If SigSize is large enough but Signature is NULL, then return FALSE.
> If this interface is not supported, then return FALSE.
>
> @@ -1411,7 +1411,7 @@ RsaPssSign (
> Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC
> 8017.
> Implementation determines salt length automatically from the signature
> encoding.
> Mask generation function is the same as the message digest algorithm.
> - Salt length should atleast be equal to digest length.
> + Salt length should be equal to digest length.
>
> @param[in] RsaContext Pointer to RSA context for signature verification.
> @param[in] Message Pointer to octet message to be verified.
> diff --git a/CryptoPkg/Private/Protocol/Crypto.h
> b/CryptoPkg/Private/Protocol/Crypto.h
> index e304302c9445..498f8e387dba 100644
> --- a/CryptoPkg/Private/Protocol/Crypto.h
> +++ b/CryptoPkg/Private/Protocol/Crypto.h
> @@ -3421,7 +3421,7 @@ EFI_STATUS
> If Message is NULL, then return FALSE.
> If MsgSize is zero or > INT_MAX, then return FALSE.
> If DigestLen is NOT 32, 48 or 64, return FALSE.
> - If SaltLen is < DigestLen, then return FALSE.
> + If SaltLen is not equal to DigestLen, then return FALSE.
> If SigSize is large enough but Signature is NULL, then return FALSE.
> If this interface is not supported, then return FALSE.
>
> @@ -3456,7 +3456,7 @@ BOOLEAN
> Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC
> 8017.
> Implementation determines salt length automatically from the signature
> encoding.
> Mask generation function is the same as the message digest algorithm.
> - Salt length should atleast be equal to digest length.
> + Salt length should be equal to digest length.
>
> @param[in] RsaContext Pointer to RSA context for signature verification.
> @param[in] Message Pointer to octet message to be verified.
> --
> 2.14.3.windows.1
prev parent reply other threads:[~2021-06-15 0:35 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-14 15:30 [PATCH v1 0/1] CryptoPkg: Update Salt length requirement for RSA-PSS scheme Agrawal, Sachin
2021-06-14 15:30 ` [PATCH v1 1/1] CryptoPkg: BaseCryptLib: " Agrawal, Sachin
2021-06-15 0:35 ` Yao, Jiewen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=PH0PR11MB488573BFF1009D5C6296DCB88C309@PH0PR11MB4885.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox