From: "Li, Yi" <yi1.li@intel.com>
To: Chris Ruffin <cruffin@millcore.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: Chris Ruffin <v-chruffin@microsoft.com>,
"Yao, Jiewen" <jiewen.yao@intel.com>,
"Hou, Wenxing" <wenxing.hou@intel.com>
Subject: Re: [edk2-devel] [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP crypto functions
Date: Tue, 19 Mar 2024 03:52:27 +0000 [thread overview]
Message-ID: <SJ1PR11MB62278211D0250FE07D7F588AC52C2@SJ1PR11MB6227.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20240318215205.1339-1-cruffin@millcore.com>
Hi Chris,
1. Please create a feature request BugZilla to introduce the background of the new API, such as purpose and application scenarios.
2. I took a quick look, the new API will make Pkcs1v2De/Encrypt support RsaContext input and the rest is same as old API right?
Regards,
Yi
-----Original Message-----
From: Chris Ruffin <cruffin@millcore.com>
Sent: Tuesday, March 19, 2024 5:52 AM
To: devel@edk2.groups.io
Cc: Chris Ruffin <v-chruffin@microsoft.com>; Yao, Jiewen <jiewen.yao@intel.com>; Li, Yi1 <yi1.li@intel.com>; Hou, Wenxing <wenxing.hou@intel.com>
Subject: [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP crypto functions
From: Chris Ruffin <v-chruffin@microsoft.com>
Expand the availability of the RSAEP-OAEP crypto capability in BaseCryptLib. Applications using RSA crypto functions directly from OpensslLib can transition to BaseCryptLib to take advantage of the shared crypto feature in CryptoDxe.
Pkcs1v2Decrypt(): decryption using DER-encoded private key
RsaOaepEncrypt(): encryption using RSA contexts
RsaOaepDecrypt(): decryption using RSA contexts
Signed-off-by: Chris Ruffin <v-chruffin@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yi Li <yi1.li@intel.com>
Cc: Wenxing Hou <wenxing.hou@intel.com>
---
CryptoPkg/Include/Library/BaseCryptLib.h | 102 ++++
.../Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c | 506 ++++++++++++++++--
.../BaseCryptLib/Pk/CryptPkcs1OaepNull.c | 114 ++++
.../BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c | 114 ++++
4 files changed, 789 insertions(+), 47 deletions(-)
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index a52bd91ad6..7ad2bf21fe 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -2147,6 +2147,108 @@ Pkcs1v2Encrypt (
OUT UINTN *EncryptedDataSize ); +/**+ Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the+ encrypted message in a newly allocated buffer.++ Things that can cause a failure include:+ - X509 key size does not match any known key size.+ - Fail to allocate an intermediate buffer.+ - Null pointer provided for a non-optional parameter.+ - Data size is too large for the provided key size (max size is a function of key size+ and hash digest size).++ @param[in] RsaContext A pointer to an RSA context created by RsaNew() and+ provisioned with a public key using RsaSetKey().+ @param[in] InData Data to be encrypted.+ @param[in] InDataSize Size of the data buffer.+ @param[in] PrngSeed [Optional] If provided, a pointer to a random seed buffer+ to be used when initializing the PRNG. NULL otherwise.+ @param[in] PrngSeedSize [Optional] If provided, size of the random seed buffer.+ 0 otherwise.+ @param[out] EncryptedData Pointer to an allocated buffer containing the encrypted+ message.+ @param[out] EncryptedDataSize Size of the encrypted message buffer.++ @retval TRUE Encryption was successful.+ @retval FALSE Encryption failed.++**/+BOOLEAN+EFIAPI+RsaOaepEncrypt (+ IN VOID *RsaContext,+ IN UINT8 *InData,+ IN UINTN InDataSize,+ IN CONST UINT8 *PrngSeed OPTIONAL,+ IN UINTN PrngSeedSize OPTIONAL,+ OUT UINT8 **EncryptedData,+ OUT UINTN *EncryptedDataSize+ );++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the+ decrypted message in a newly allocated buffer.++ Things that can cause a failure include:+ - Fail to parse private key.+ - Fail to allocate an intermediate buffer.+ - Null pointer provided for a non-optional parameter.++ @param[in] PrivateKey A pointer to the DER-encoded private key.+ @param[in] PrivateKeySize Size of the private key buffer.+ @param[in] EncryptedData Data to be decrypted.+ @param[in] EncryptedDataSize Size of the encrypted buffer.+ @param[out] OutData Pointer to an allocated buffer containing the encrypted+ message.+ @param[out] OutDataSize Size of the encrypted message buffer.++ @retval TRUE Encryption was successful.+ @retval FALSE Encryption failed.++**/+BOOLEAN+EFIAPI+Pkcs1v2Decrypt (+ IN CONST UINT8 *PrivateKey,+ IN UINTN PrivateKeySize,+ IN UINT8 *EncryptedData,+ IN UINTN EncryptedDataSize,+ OUT UINT8 **OutData,+ OUT UINTN *OutDataSize+ );++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the+ decrypted message in a newly allocated buffer.++ Things that can cause a failure include:+ - Fail to parse private key.+ - Fail to allocate an intermediate buffer.+ - Null pointer provided for a non-optional parameter.++ @param[in] RsaContext A pointer to an RSA context created by RsaNew() and+ provisioned with a private key using RsaSetKey().+ @param[in] EncryptedData Data to be decrypted.+ @param[in] EncryptedDataSize Size of the encrypted buffer.+ @param[out] OutData Pointer to an allocated buffer containing the encrypted+ message.+ @param[out] OutDataSize Size of the encrypted message buffer.++ @retval TRUE Encryption was successful.+ @retval FALSE Encryption failed.++**/+BOOLEAN+EFIAPI+RsaOaepDecrypt (+ IN VOID *RsaContext,+ IN UINT8 *EncryptedData,+ IN UINTN EncryptedDataSize,+ OUT UINT8 **OutData,+ OUT UINTN *OutDataSize+ );+ /** The 3rd parameter of Pkcs7GetSigners will return all embedded X.509 certificate in one given PKCS7 signature. The format is:diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c
index ea43c1381c..00e904dd6c 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c
@@ -26,9 +26,8 @@
- Data size is too large for the provided key size (max size is a function of key size and hash digest size). - @param[in] PublicKey A pointer to the DER-encoded X509 certificate that+ @param[in] Pkey A pointer to an EVP_PKEY struct that will be used to encrypt the data.- @param[in] PublicKeySize Size of the X509 cert buffer. @param[in] InData Data to be encrypted. @param[in] InDataSize Size of the data buffer. @param[in] PrngSeed [Optional] If provided, a pointer to a random seed buffer@@ -45,9 +44,8 @@
**/ BOOLEAN EFIAPI-Pkcs1v2Encrypt (- IN CONST UINT8 *PublicKey,- IN UINTN PublicKeySize,+InternalPkcs1v2Encrypt (+ EVP_PKEY *Pkey, IN UINT8 *InData, IN UINTN InDataSize, IN CONST UINT8 *PrngSeed OPTIONAL,@@ -57,9 +55,6 @@ Pkcs1v2Encrypt (
) { BOOLEAN Result;- CONST UINT8 *TempPointer;- X509 *CertData;- EVP_PKEY *InternalPublicKey; EVP_PKEY_CTX *PkeyCtx; UINT8 *OutData; UINTN OutDataSize;@@ -67,28 +62,15 @@ Pkcs1v2Encrypt (
// // Check input parameters. //- if ((PublicKey == NULL) || (InData == NULL) ||+ if ((Pkey == NULL) || (InData == NULL) || (EncryptedData == NULL) || (EncryptedDataSize == NULL)) { return FALSE; } - //- // Check public key size.- //- if (PublicKeySize > 0xFFFFFFFF) {- //- // Public key size is too large for implementation.- //- return FALSE;- }- *EncryptedData = NULL; *EncryptedDataSize = 0; Result = FALSE;- TempPointer = NULL;- CertData = NULL;- InternalPublicKey = NULL; PkeyCtx = NULL; OutData = NULL; OutDataSize = 0;@@ -104,6 +86,154 @@ Pkcs1v2Encrypt (
RandomSeed (NULL, 0); } + //+ // Create a context for the public key operation.+ //+ PkeyCtx = EVP_PKEY_CTX_new (Pkey, NULL);+ if (PkeyCtx == NULL) {+ //+ // Fail to create contex.+ //+ goto _Exit;+ }++ //+ // Initialize the context and set the desired padding.+ //+ if ((EVP_PKEY_encrypt_init (PkeyCtx) <= 0) ||+ (EVP_PKEY_CTX_set_rsa_padding (PkeyCtx, RSA_PKCS1_OAEP_PADDING) <= 0))+ {+ //+ // Fail to initialize the context.+ //+ goto _Exit;+ }++ //+ // Determine the required buffer length for malloc'ing.+ //+ if (EVP_PKEY_encrypt (PkeyCtx, NULL, &OutDataSize, InData, InDataSize) <= 0) {+ //+ // Fail to determine output buffer size.+ //+ goto _Exit;+ }++ //+ // Allocate a buffer for the output data.+ //+ OutData = AllocatePool (OutDataSize);+ if (OutData == NULL) {+ //+ // Fail to allocate the output buffer.+ //+ goto _Exit;+ }++ //+ // Encrypt Data.+ //+ if (EVP_PKEY_encrypt (PkeyCtx, OutData, &OutDataSize, InData, InDataSize) <= 0) {+ //+ // Fail to encrypt data, need to free the output buffer.+ //+ FreePool (OutData);+ OutData = NULL;+ OutDataSize = 0;+ goto _Exit;+ }++ //+ // Encrypt done.+ //+ *EncryptedData = OutData;+ *EncryptedDataSize = OutDataSize;+ Result = TRUE;++_Exit:+ //+ // Release Resources+ //+ if (PkeyCtx != NULL) {+ EVP_PKEY_CTX_free (PkeyCtx);+ }++ return Result;+}++/**+ Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the+ encrypted message in a newly allocated buffer.++ Things that can cause a failure include:+ - X509 key size does not match any known key size.+ - Fail to parse X509 certificate.+ - Fail to allocate an intermediate buffer.+ - Null pointer provided for a non-optional parameter.+ - Data size is too large for the provided key size (max size is a function of key size+ and hash digest size).++ @param[in] PublicKey A pointer to the DER-encoded X509 certificate that+ will be used to encrypt the data.+ @param[in] PublicKeySize Size of the X509 cert buffer.+ @param[in] InData Data to be encrypted.+ @param[in] InDataSize Size of the data buffer.+ @param[in] PrngSeed [Optional] If provided, a pointer to a random seed buffer+ to be used when initializing the PRNG. NULL otherwise.+ @param[in] PrngSeedSize [Optional] If provided, size of the random seed buffer.+ 0 otherwise.+ @param[out] EncryptedData Pointer to an allocated buffer containing the encrypted+ message.+ @param[out] EncryptedDataSize Size of the encrypted message buffer.++ @retval TRUE Encryption was successful.+ @retval FALSE Encryption failed.++**/+BOOLEAN+EFIAPI+Pkcs1v2Encrypt (+ IN CONST UINT8 *PublicKey,+ IN UINTN PublicKeySize,+ IN UINT8 *InData,+ IN UINTN InDataSize,+ IN CONST UINT8 *PrngSeed OPTIONAL,+ IN UINTN PrngSeedSize OPTIONAL,+ OUT UINT8 **EncryptedData,+ OUT UINTN *EncryptedDataSize+ )+{+ BOOLEAN Result;+ CONST UINT8 *TempPointer;+ X509 *CertData;+ EVP_PKEY *Pkey;++ //+ // Check input parameters.+ //+ if ((PublicKey == NULL) || (InData == NULL) ||+ (EncryptedData == NULL) || (EncryptedDataSize == NULL))+ {+ return FALSE;+ }++ //+ // Check public key size.+ //+ if (PublicKeySize > 0xFFFFFFFF) {+ //+ // Public key size is too large for implementation.+ //+ return FALSE;+ }++ *EncryptedData = NULL;+ *EncryptedDataSize = 0;+ Result = FALSE;+ TempPointer = NULL;+ CertData = NULL;+ Pkey = NULL;+ // // Parse the X509 cert and extract the public key. //@@ -120,52 +250,201 @@ Pkcs1v2Encrypt (
// Extract the public key from the x509 cert in a format that // OpenSSL can use. //- InternalPublicKey = X509_get_pubkey (CertData);- if (InternalPublicKey == NULL) {+ Pkey = X509_get_pubkey (CertData);+ if (Pkey == NULL) { // // Fail to extract public key. // goto _Exit; } + Result = InternalPkcs1v2Encrypt (Pkey, InData, InDataSize, PrngSeed, PrngSeedSize, EncryptedData, EncryptedDataSize);++_Exit: //- // Create a context for the public key operation.+ // Release Resources+ //+ if (CertData != NULL) {+ X509_free (CertData);+ }++ if (Pkey != NULL) {+ EVP_PKEY_free (Pkey);+ }++ return Result;+}++/**+ Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the+ encrypted message in a newly allocated buffer.++ Things that can cause a failure include:+ - X509 key size does not match any known key size.+ - Fail to allocate an intermediate buffer.+ - Null pointer provided for a non-optional parameter.+ - Data size is too large for the provided key size (max size is a function of key size+ and hash digest size).++ @param[in] RsaContext A pointer to an RSA context created by RsaNew() and+ provisioned with a public key using RsaSetKey().+ @param[in] InData Data to be encrypted.+ @param[in] InDataSize Size of the data buffer.+ @param[in] PrngSeed [Optional] If provided, a pointer to a random seed buffer+ to be used when initializing the PRNG. NULL otherwise.+ @param[in] PrngSeedSize [Optional] If provided, size of the random seed buffer.+ 0 otherwise.+ @param[out] EncryptedData Pointer to an allocated buffer containing the encrypted+ message.+ @param[out] EncryptedDataSize Size of the encrypted message buffer.++ @retval TRUE Encryption was successful.+ @retval FALSE Encryption failed.++**/+BOOLEAN+EFIAPI+RsaOaepEncrypt (+ IN VOID *RsaContext,+ IN UINT8 *InData,+ IN UINTN InDataSize,+ IN CONST UINT8 *PrngSeed OPTIONAL,+ IN UINTN PrngSeedSize OPTIONAL,+ OUT UINT8 **EncryptedData,+ OUT UINTN *EncryptedDataSize+ )+{+ BOOLEAN Result;+ EVP_PKEY *Pkey;+ //- PkeyCtx = EVP_PKEY_CTX_new (InternalPublicKey, NULL);+ // Check input parameters.+ //+ if (((RsaContext == NULL) || (InData == NULL)) ||+ (EncryptedData == NULL) || (EncryptedDataSize == NULL))+ {+ return FALSE;+ }++ *EncryptedData = NULL;+ *EncryptedDataSize = 0;+ Result = FALSE;+ Pkey = NULL;++ Pkey = EVP_PKEY_new ();+ if (Pkey == NULL) {+ goto _Exit;+ }++ if (EVP_PKEY_set1_RSA (Pkey, (RSA *)RsaContext) == 0) {+ goto _Exit;+ }++ Result = InternalPkcs1v2Encrypt (Pkey, InData, InDataSize, PrngSeed, PrngSeedSize, EncryptedData, EncryptedDataSize);++_Exit:+ //+ // Release Resources+ //+ if (Pkey != NULL) {+ EVP_PKEY_free (Pkey);+ }++ return Result;+}++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the+ decrypted message in a newly allocated buffer.++ Things that can cause a failure include:+ - Fail to parse private key.+ - Fail to allocate an intermediate buffer.+ - Null pointer provided for a non-optional parameter.++ @param[in] Pkey A pointer to an EVP_PKEY which will decrypt that data.+ @param[in] EncryptedData Data to be decrypted.+ @param[in] EncryptedDataSize Size of the encrypted buffer.+ @param[out] OutData Pointer to an allocated buffer containing the encrypted+ message.+ @param[out] OutDataSize Size of the encrypted message buffer.++ @retval TRUE Encryption was successful.+ @retval FALSE Encryption failed.++**/+BOOLEAN+EFIAPI+InternalPkcs1v2Decrypt (+ EVP_PKEY *Pkey,+ IN UINT8 *EncryptedData,+ IN UINTN EncryptedDataSize,+ OUT UINT8 **OutData,+ OUT UINTN *OutDataSize+ )+{+ BOOLEAN Result;+ EVP_PKEY_CTX *PkeyCtx;+ UINT8 *TempData;+ UINTN TempDataSize;+ INTN ReturnCode;++ //+ // Check input parameters.+ //+ if ((Pkey == NULL) || (EncryptedData == NULL) ||+ (OutData == NULL) || (OutDataSize == NULL))+ {+ return FALSE;+ }++ Result = FALSE;+ PkeyCtx = NULL;+ TempData = NULL;+ TempDataSize = 0;++ //+ // Create a context for the decryption operation.+ //+ PkeyCtx = EVP_PKEY_CTX_new (Pkey, NULL); if (PkeyCtx == NULL) { // // Fail to create contex. //+ DEBUG ((DEBUG_ERROR, "[%a] EVP_PKEY_CTK_new() failed\n", __func__)); goto _Exit; } // // Initialize the context and set the desired padding. //- if ((EVP_PKEY_encrypt_init (PkeyCtx) <= 0) ||+ if ((EVP_PKEY_decrypt_init (PkeyCtx) <= 0) || (EVP_PKEY_CTX_set_rsa_padding (PkeyCtx, RSA_PKCS1_OAEP_PADDING) <= 0)) { // // Fail to initialize the context. //+ DEBUG ((DEBUG_ERROR, "[%a] EVP_PKEY_decrypt_init() failed\n", __func__)); goto _Exit; } // // Determine the required buffer length for malloc'ing. //- if (EVP_PKEY_encrypt (PkeyCtx, NULL, &OutDataSize, InData, InDataSize) <= 0) {+ ReturnCode = EVP_PKEY_decrypt (PkeyCtx, NULL, &TempDataSize, EncryptedData, EncryptedDataSize);+ if (ReturnCode <= 0) { // // Fail to determine output buffer size. //+ DEBUG ((DEBUG_ERROR, "[%a] EVP_PKEY_decrypt() failed to determine output buffer size (rc=%d)\n", __func__, ReturnCode)); goto _Exit; } // // Allocate a buffer for the output data. //- OutData = AllocatePool (OutDataSize);- if (OutData == NULL) {+ TempData = AllocatePool (TempDataSize);+ if (TempData == NULL) { // // Fail to allocate the output buffer. //@@ -173,39 +452,172 @@ Pkcs1v2Encrypt (
} //- // Encrypt Data.+ // Decrypt Data. //- if (EVP_PKEY_encrypt (PkeyCtx, OutData, &OutDataSize, InData, InDataSize) <= 0) {+ ReturnCode = EVP_PKEY_decrypt (PkeyCtx, TempData, &TempDataSize, EncryptedData, EncryptedDataSize);+ if (ReturnCode <= 0) { //- // Fail to encrypt data, need to free the output buffer.+ // Fail to decrypt data, need to free the output buffer. //- FreePool (OutData);- OutData = NULL;- OutDataSize = 0;+ FreePool (TempData);+ TempData = NULL;+ TempDataSize = 0;++ DEBUG ((DEBUG_ERROR, "[%a] EVP_PKEY_decrypt(TempData) failed to decrypt (rc=%d)\n", __func__, ReturnCode)); goto _Exit; } //- // Encrypt done.+ // Decrypt done. //- *EncryptedData = OutData;- *EncryptedDataSize = OutDataSize;- Result = TRUE;+ *OutData = TempData;+ *OutDataSize = TempDataSize;+ Result = TRUE; _Exit:+ if (PkeyCtx != NULL) {+ EVP_PKEY_CTX_free (PkeyCtx);+ }++ return Result;+}++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the+ decrypted message in a newly allocated buffer.++ Things that can cause a failure include:+ - Fail to parse private key.+ - Fail to allocate an intermediate buffer.+ - Null pointer provided for a non-optional parameter.++ @param[in] PrivateKey A pointer to the DER-encoded private key.+ @param[in] PrivateKeySize Size of the private key buffer.+ @param[in] EncryptedData Data to be decrypted.+ @param[in] EncryptedDataSize Size of the encrypted buffer.+ @param[out] OutData Pointer to an allocated buffer containing the encrypted+ message.+ @param[out] OutDataSize Size of the encrypted message buffer.++ @retval TRUE Encryption was successful.+ @retval FALSE Encryption failed.++**/+BOOLEAN+EFIAPI+Pkcs1v2Decrypt (+ IN CONST UINT8 *PrivateKey,+ IN UINTN PrivateKeySize,+ IN UINT8 *EncryptedData,+ IN UINTN EncryptedDataSize,+ OUT UINT8 **OutData,+ OUT UINTN *OutDataSize+ )+{+ BOOLEAN Result;+ EVP_PKEY *Pkey;+ CONST UINT8 *TempPointer;+ //- // Release Resources+ // Check input parameters. //- if (CertData != NULL) {- X509_free (CertData);+ if ((PrivateKey == NULL) || (EncryptedData == NULL) ||+ (OutData == NULL) || (OutDataSize == NULL))+ {+ return FALSE;+ }++ Result = FALSE;+ Pkey = NULL;+ TempPointer = NULL;++ //+ // Parse the private key.+ //+ TempPointer = PrivateKey;+ Pkey = d2i_PrivateKey (EVP_PKEY_RSA, &Pkey, &TempPointer, (UINT32)PrivateKeySize);+ if (Pkey == NULL) {+ //+ // Fail to parse private key.+ //+ DEBUG ((DEBUG_ERROR, "[%a] d2i_PrivateKey() failed\n", __func__));+ goto _Exit; } - if (InternalPublicKey != NULL) {- EVP_PKEY_free (InternalPublicKey);+ Result = InternalPkcs1v2Decrypt (Pkey, EncryptedData, EncryptedDataSize, OutData, OutDataSize);++_Exit:+ if (Pkey != NULL) {+ EVP_PKEY_free (Pkey); } - if (PkeyCtx != NULL) {- EVP_PKEY_CTX_free (PkeyCtx);+ return Result;+}++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the+ decrypted message in a newly allocated buffer.++ Things that can cause a failure include:+ - Fail to parse private key.+ - Fail to allocate an intermediate buffer.+ - Null pointer provided for a non-optional parameter.++ @param[in] RsaContext A pointer to an RSA context created by RsaNew() and+ provisioned with a private key using RsaSetKey().+ @param[in] EncryptedData Data to be decrypted.+ @param[in] EncryptedDataSize Size of the encrypted buffer.+ @param[out] OutData Pointer to an allocated buffer containing the encrypted+ message.+ @param[out] OutDataSize Size of the encrypted message buffer.++ @retval TRUE Encryption was successful.+ @retval FALSE Encryption failed.++**/+BOOLEAN+EFIAPI+RsaOaepDecrypt (+ IN VOID *RsaContext,+ IN UINT8 *EncryptedData,+ IN UINTN EncryptedDataSize,+ OUT UINT8 **OutData,+ OUT UINTN *OutDataSize+ )+{+ BOOLEAN Result;+ EVP_PKEY *Pkey;++ //+ // Check input parameters.+ //+ if ((RsaContext == NULL) || (EncryptedData == NULL) ||+ (OutData == NULL) || (OutDataSize == NULL))+ {+ return FALSE;+ }++ Result = FALSE;+ Pkey = NULL;++ //+ // Create a context for the decryption operation.+ //++ Pkey = EVP_PKEY_new ();+ if (Pkey == NULL) {+ goto _Exit;+ }++ if (EVP_PKEY_set1_RSA (Pkey, (RSA *)RsaContext) == 0) {+ goto _Exit;+ }++ Result = InternalPkcs1v2Decrypt (Pkey, EncryptedData, EncryptedDataSize, OutData, OutDataSize);++_Exit:+ if (Pkey != NULL) {+ EVP_PKEY_free (Pkey); } return Result;diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1OaepNull.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1OaepNull.c
index 36508947c5..05e074d18e 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1OaepNull.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1OaepNull.c
@@ -48,3 +48,117 @@ Pkcs1v2Encrypt (
ASSERT (FALSE); return FALSE; }++/**+ Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the+ encrypted message in a newly allocated buffer.++ Things that can cause a failure include:+ - X509 key size does not match any known key size.+ - Fail to allocate an intermediate buffer.+ - Null pointer provided for a non-optional parameter.+ - Data size is too large for the provided key size (max size is a function of key size+ and hash digest size).++ @param[in] RsaContext A pointer to an RSA context created by RsaNew() and+ provisioned with a public key using RsaSetKey().+ @param[in] InData Data to be encrypted.+ @param[in] InDataSize Size of the data buffer.+ @param[in] PrngSeed [Optional] If provided, a pointer to a random seed buffer+ to be used when initializing the PRNG. NULL otherwise.+ @param[in] PrngSeedSize [Optional] If provided, size of the random seed buffer.+ 0 otherwise.+ @param[out] EncryptedData Pointer to an allocated buffer containing the encrypted+ message.+ @param[out] EncryptedDataSize Size of the encrypted message buffer.++ @retval TRUE Encryption was successful.+ @retval FALSE Encryption failed.++**/+BOOLEAN+EFIAPI+RsaOaepEncrypt (+ IN VOID *RsaContext,+ IN UINT8 *InData,+ IN UINTN InDataSize,+ IN CONST UINT8 *PrngSeed OPTIONAL,+ IN UINTN PrngSeedSize OPTIONAL,+ OUT UINT8 **EncryptedData,+ OUT UINTN *EncryptedDataSize+ )+{+ ASSERT (FALSE);+ return FALSE;+}++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the+ decrypted message in a newly allocated buffer.++ Things that can cause a failure include:+ - Fail to parse private key.+ - Fail to allocate an intermediate buffer.+ - Null pointer provided for a non-optional parameter.++ @param[in] PrivateKey A pointer to the DER-encoded private key.+ @param[in] PrivateKeySize Size of the private key buffer.+ @param[in] EncryptedData Data to be decrypted.+ @param[in] EncryptedDataSize Size of the encrypted buffer.+ @param[out] OutData Pointer to an allocated buffer containing the encrypted+ message.+ @param[out] OutDataSize Size of the encrypted message buffer.++ @retval TRUE Encryption was successful.+ @retval FALSE Encryption failed.++**/+BOOLEAN+EFIAPI+Pkcs1v2Decrypt (+ IN CONST UINT8 *PrivateKey,+ IN UINTN PrivateKeySize,+ IN UINT8 *EncryptedData,+ IN UINTN EncryptedDataSize,+ OUT UINT8 **OutData,+ OUT UINTN *OutDataSize+ )+{+ ASSERT (FALSE);+ return FALSE;+}++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the+ decrypted message in a newly allocated buffer.++ Things that can cause a failure include:+ - Fail to parse private key.+ - Fail to allocate an intermediate buffer.+ - Null pointer provided for a non-optional parameter.++ @param[in] RsaContext A pointer to an RSA context created by RsaNew() and+ provisioned with a private key using RsaSetKey().+ @param[in] EncryptedData Data to be decrypted.+ @param[in] EncryptedDataSize Size of the encrypted buffer.+ @param[out] OutData Pointer to an allocated buffer containing the encrypted+ message.+ @param[out] OutDataSize Size of the encrypted message buffer.++ @retval TRUE Encryption was successful.+ @retval FALSE Encryption failed.++**/+BOOLEAN+EFIAPI+RsaOaepDecrypt (+ IN VOID *RsaContext,+ IN UINT8 *EncryptedData,+ IN UINTN EncryptedDataSize,+ OUT UINT8 **OutData,+ OUT UINTN *OutDataSize+ )+{+ ASSERT (FALSE);+ return FALSE;+}diff --git a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c
index 36508947c5..05e074d18e 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c
+++ b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c
@@ -48,3 +48,117 @@ Pkcs1v2Encrypt (
ASSERT (FALSE); return FALSE; }++/**+ Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the+ encrypted message in a newly allocated buffer.++ Things that can cause a failure include:+ - X509 key size does not match any known key size.+ - Fail to allocate an intermediate buffer.+ - Null pointer provided for a non-optional parameter.+ - Data size is too large for the provided key size (max size is a function of key size+ and hash digest size).++ @param[in] RsaContext A pointer to an RSA context created by RsaNew() and+ provisioned with a public key using RsaSetKey().+ @param[in] InData Data to be encrypted.+ @param[in] InDataSize Size of the data buffer.+ @param[in] PrngSeed [Optional] If provided, a pointer to a random seed buffer+ to be used when initializing the PRNG. NULL otherwise.+ @param[in] PrngSeedSize [Optional] If provided, size of the random seed buffer.+ 0 otherwise.+ @param[out] EncryptedData Pointer to an allocated buffer containing the encrypted+ message.+ @param[out] EncryptedDataSize Size of the encrypted message buffer.++ @retval TRUE Encryption was successful.+ @retval FALSE Encryption failed.++**/+BOOLEAN+EFIAPI+RsaOaepEncrypt (+ IN VOID *RsaContext,+ IN UINT8 *InData,+ IN UINTN InDataSize,+ IN CONST UINT8 *PrngSeed OPTIONAL,+ IN UINTN PrngSeedSize OPTIONAL,+ OUT UINT8 **EncryptedData,+ OUT UINTN *EncryptedDataSize+ )+{+ ASSERT (FALSE);+ return FALSE;+}++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the+ decrypted message in a newly allocated buffer.++ Things that can cause a failure include:+ - Fail to parse private key.+ - Fail to allocate an intermediate buffer.+ - Null pointer provided for a non-optional parameter.++ @param[in] PrivateKey A pointer to the DER-encoded private key.+ @param[in] PrivateKeySize Size of the private key buffer.+ @param[in] EncryptedData Data to be decrypted.+ @param[in] EncryptedDataSize Size of the encrypted buffer.+ @param[out] OutData Pointer to an allocated buffer containing the encrypted+ message.+ @param[out] OutDataSize Size of the encrypted message buffer.++ @retval TRUE Encryption was successful.+ @retval FALSE Encryption failed.++**/+BOOLEAN+EFIAPI+Pkcs1v2Decrypt (+ IN CONST UINT8 *PrivateKey,+ IN UINTN PrivateKeySize,+ IN UINT8 *EncryptedData,+ IN UINTN EncryptedDataSize,+ OUT UINT8 **OutData,+ OUT UINTN *OutDataSize+ )+{+ ASSERT (FALSE);+ return FALSE;+}++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the+ decrypted message in a newly allocated buffer.++ Things that can cause a failure include:+ - Fail to parse private key.+ - Fail to allocate an intermediate buffer.+ - Null pointer provided for a non-optional parameter.++ @param[in] RsaContext A pointer to an RSA context created by RsaNew() and+ provisioned with a private key using RsaSetKey().+ @param[in] EncryptedData Data to be decrypted.+ @param[in] EncryptedDataSize Size of the encrypted buffer.+ @param[out] OutData Pointer to an allocated buffer containing the encrypted+ message.+ @param[out] OutDataSize Size of the encrypted message buffer.++ @retval TRUE Encryption was successful.+ @retval FALSE Encryption failed.++**/+BOOLEAN+EFIAPI+RsaOaepDecrypt (+ IN VOID *RsaContext,+ IN UINT8 *EncryptedData,+ IN UINTN EncryptedDataSize,+ OUT UINT8 **OutData,+ OUT UINTN *OutDataSize+ )+{+ ASSERT (FALSE);+ return FALSE;+}--
2.44.0.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116877): https://edk2.groups.io/g/devel/message/116877
Mute This Topic: https://groups.io/mt/105014749/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2024-03-19 3:52 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-18 21:52 [edk2-devel] [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP crypto functions Chris Ruffin via groups.io
2024-03-18 21:52 ` [edk2-devel] [PATCH 2/3] CryptoPkg/Driver: " Chris Ruffin via groups.io
2024-03-18 21:52 ` [edk2-devel] [PATCH 3/3] CryptoPkg/BaseCryptLibUnitTest: add unit test functions Chris Ruffin via groups.io
2024-03-19 3:52 ` Li, Yi [this message]
2024-03-19 14:15 ` [edk2-devel] [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP crypto functions Chris Ruffin via groups.io
2024-03-26 5:07 ` Li, Yi
2024-03-30 21:59 ` [edk2-devel] [PATCH v2 0/3] CryptoPkg/BaseCryptLib: add additional RSAES-OAEP " Chris Ruffin via groups.io
2024-03-30 21:59 ` [edk2-devel] [PATCH v2 1/3] " Chris Ruffin via groups.io
2024-03-30 21:59 ` [edk2-devel] [PATCH v2 2/3] CryptoPkg/Driver: " Chris Ruffin via groups.io
2024-03-30 21:59 ` [edk2-devel] [PATCH v2 3/3] CryptoPkg/BaseCryptLibUnitTest: add unit test functions Chris Ruffin via groups.io
2024-04-01 1:46 ` [edk2-devel] [PATCH v2 0/3] CryptoPkg/BaseCryptLib: add additional RSAES-OAEP crypto functions Li, Yi
2024-04-07 7:51 ` Li, Yi
2024-04-07 12:53 ` Chris Ruffin via groups.io
-- strict thread matches above, loose matches on Subject: below --
2024-03-15 1:16 [edk2-devel] [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP " Chris Ruffin via groups.io
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=SJ1PR11MB62278211D0250FE07D7F588AC52C2@SJ1PR11MB6227.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox