From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 800FCAC09CA for ; Tue, 19 Mar 2024 03:52:34 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=OaFHgunc8MAYtBdT7ucpGuCLxxxVyCUV4ONHGKQ+mhw=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1710820353; v=1; b=vsEIKfa+qMH8Sbhxz4RFpW+z11FXHQRL32NUU4Ie/NH74BXb61w4Eq9lV6eYLFlD4l1GOCMM RdwdetTHPORlrM8RJku6fa8x502ni8Ir15IqgspbsO/vqqOexzPSgu+r6mW5DhgzYoMTUskmTtt 4JCjVIP/KASsuEu1vFeDbBs3SgDZnN7dB3VZUB70iN1dMhkq7L8ERc3cfkhLGZEtZANw4Wxfo9/ TGFcsptJMa/LinI1/velCAU+0L+6jgzxHRX5WZfCRZItvGa1xduCccDGurcqDcbS8qoEHLFUM0i eyg/oDNRmFVYKDrRcLRZulsg35PIUW+nSR0xnUi8kjbZA== X-Received: by 127.0.0.2 with SMTP id J67UYY7687511xCjRSojVFNR; Mon, 18 Mar 2024 20:52:33 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.17]) by mx.groups.io with SMTP id smtpd.web10.6999.1710820352134413280 for ; Mon, 18 Mar 2024 20:52:32 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,11017"; a="5786464" X-IronPort-AV: E=Sophos;i="6.07,135,1708416000"; d="scan'208";a="5786464" X-Received: from orviesa001.jf.intel.com ([10.64.159.141]) by orvoesa109.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2024 20:52:31 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,135,1708416000"; d="scan'208";a="51092401" X-Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by orviesa001.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 18 Mar 2024 20:52:32 -0700 X-Received: from orsmsx612.amr.corp.intel.com (10.22.229.25) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 18 Mar 2024 20:52:31 -0700 X-Received: from orsmsx612.amr.corp.intel.com (10.22.229.25) by ORSMSX612.amr.corp.intel.com (10.22.229.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 18 Mar 2024 20:52:30 -0700 X-Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx612.amr.corp.intel.com (10.22.229.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Mon, 18 Mar 2024 20:52:30 -0700 X-Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.168) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Mon, 18 Mar 2024 20:52:30 -0700 X-Received: from SJ1PR11MB6227.namprd11.prod.outlook.com (2603:10b6:a03:45a::10) by DM4PR11MB6406.namprd11.prod.outlook.com (2603:10b6:8:8b::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.12; Tue, 19 Mar 2024 03:52:28 +0000 X-Received: from SJ1PR11MB6227.namprd11.prod.outlook.com ([fe80::301:5dbd:207b:5578]) by SJ1PR11MB6227.namprd11.prod.outlook.com ([fe80::301:5dbd:207b:5578%4]) with mapi id 15.20.7409.010; Tue, 19 Mar 2024 03:52:27 +0000 From: "Li, Yi" To: Chris Ruffin , "devel@edk2.groups.io" CC: Chris Ruffin , "Yao, Jiewen" , "Hou, Wenxing" Subject: Re: [edk2-devel] [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP crypto functions Thread-Topic: [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP crypto functions Thread-Index: AQHaeX6gT+viUy0hk0GIjqPZ2Zh/B7E+aMVw Date: Tue, 19 Mar 2024 03:52:27 +0000 Message-ID: References: <20240318215205.1339-1-cruffin@millcore.com> In-Reply-To: <20240318215205.1339-1-cruffin@millcore.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SJ1PR11MB6227:EE_|DM4PR11MB6406:EE_ x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: sx/vcfMVvvRzVeC1bhhNFjAcv63YnGDwcf5wCPk++nZNuKwtHyeIH7ZD0wtdkeinRfXQ3diFIAOdgFhJMe4pppBuMokwkElTHXieEatiE688xdf0nH35lO4F8VTmDj5GnQCbKdI2w4/ZG4w5yCYrZtZVeuyNwTllMKu2m/qrxT1rcdXB5BigdM0IdkkRtVoHDhYU/Nq3R+EqWwXVhaCRbNx4SaTr1WOMUE2q8QekXsgfEzeXGuL+Dq0MdStBbD/RvTsu79YXvfd6mU+UreL++jKl24PDOb4NI68RVo40XKBf9m1u/T2C7R6KxtL8ILoG9K+mPO8AqX4/IGv5fM2mBWt1JkFoV7FNGvkdEBcf1R7VeWslGr5ldww6pb3HQHgiv9VL46i/REgn65716CuNzb6am55f7TV6+0tFcTREjH3ifsbZemRiAIkfwbKKb6rpIkSDi0IqeE9aGvnhZGAECCbOTfFrQfJyE5ne72mdoVNIsZsZMRwtYK0+yGe4u+6jevwYiTIQyP4OOy31YzxO42Q+D4ehy3EveajXhz4g8WLHtCGqAp34CqX2JXCfdXkLMJ9K6EFtYh4i14lHi1sG4MmHVamvS1p6yECvH5v1Ys42EsGtr4rnMI9eNZFI2ekS75i0XtNWFzB79pQlzxHeSl214OBDJZUoL6nADUJLSi8= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?B5i30L8W4IF1E8QGYy3gFFKJy37P9Q5lZEHl/In09+aoV/WBhBKSzdg6CWG3?= =?us-ascii?Q?JrOQ8/GYDRHI/o71WUyN/+dnbdTAD/KDPwLsoxJux/FW3xMNmcRDxSCKL3mN?= =?us-ascii?Q?uLmK3Zq9iZd9ZI3qvzu1ou2Y8yM9JrluH+JwSTP7N8gJSBsl+2bapOYezXwX?= =?us-ascii?Q?XrQHdYyTy0hNuLlyp/Hr/pzUA0ntXgwL0rMvNwUAj3Bu1jSvqYxMeZLTysZN?= =?us-ascii?Q?PO40J54wYowDwjuLrmLal8woFhGRdyCcV/0LhbpA2ZmwWe2TRFRd+F0Oo9ed?= =?us-ascii?Q?SVNdA4bNdO4hA+YvKchCKRN23nBK6el+NR12PBUkeGdEEagYtGoEG3F5v8Zr?= =?us-ascii?Q?nKGjbx/4smoFRKbmM/0+X1xJgBK1mgBAk5TK1F/hXQD012MXygYRVMv9CFah?= =?us-ascii?Q?yBcnlc7xVU0s793LDPQLAmnyWxLhliQDPXE4U/LUuoq8AkyR4veaMchswOX3?= =?us-ascii?Q?HblllReUPgk37TOoPebjo6FOa1K8WjJ622RbmVFKlnieDQPq0TOXpPBN0Hur?= =?us-ascii?Q?ErwMotaIaai59TeYH4qj/pHghqifTytzx32p64TFa9kQCGNpOyUR3FfrOYGQ?= =?us-ascii?Q?Yzo6dL1slePvlsqbaXoKhDu+e3fmmPgFtaujAPJxP4cKgHyUcimBYgpCF5bU?= =?us-ascii?Q?QJG626YgTMUkPEs/jJscWSvKBLFvVRW/u+yqpOZlxPTohY/d7ZB6HwMt+R/K?= =?us-ascii?Q?BUXc2/tMRnAih17zaEQ7kEOC2SAaLxl96mheu8sHpgLJuJ3Hy0qoXnwRLGCe?= =?us-ascii?Q?EfuMxYuQb4To4QI+1LCSAJbRXjQhIZ8c+v9YUaNLkRXRVrv2X3CKwtaAKyx5?= =?us-ascii?Q?tnJ6+pjjTMprb0k4FV2J5AHJ2VyMs8JaPtzZCKXtND00A71ntq6qbGOB9W1C?= =?us-ascii?Q?RvCiTaaCpROCvX+PZDWjtwwhM7ljKlBftAy7QgBnsRRVIJSjnKXykvXnkFB6?= =?us-ascii?Q?SAibjwfM3tnlZRNpgQTIvLXsVazqOFxm4fOfU7j1fJ5Ek43RyinEhkU/h/Kp?= =?us-ascii?Q?uF3ohNs4Ha9x86wUbztZHF/KMMfDkuBd9AAeJcNeyJdd18JSExhYF1vjDJtE?= =?us-ascii?Q?wmT3Z3bB3x8ZGsgVLhC9A8wLRaVtMG2324BdYuKwVa8n+UNLorF/tWZNBPgU?= =?us-ascii?Q?v7i6FS/4mp/HRVTeyNyR904LpAHI4jgzCXT9kaNzciT9ZXHNbTofLvGDR/ly?= =?us-ascii?Q?gbv+xcubVeqaQiceOD+Gj9BB9sopP0FUpuEefZl/aZrC5W7pINS8GdzDuVV0?= =?us-ascii?Q?HurHUBmDS6uLArbywbY4TnGM7RQHFuo1E9CxDR+qtq6qt+A3tkV7wIGEnsGn?= =?us-ascii?Q?9Ar4n8pNUymBIabe6snwhBOInAWWfXV3cjmdF0YeqgeGMcsW7e2Dbtj8ye5/?= =?us-ascii?Q?fwDsfOD3IBeSMqJ9GvIr+lPpbtXclRQpyoraKmDXNRKg8JSxdTdEQoNdO1F0?= =?us-ascii?Q?3V2CMYGGRfyEpC606btU40FH2fI7u9j88iCPwoZ0DZxckjNSe35amhW/iw9i?= =?us-ascii?Q?NQxUtfWxahkVy1jUesXhU/a2X6OW1TbS03djDbDJZDcJaHpB2ZhhRcRfEMn+?= =?us-ascii?Q?A05SFrtpOvDZBnPkqkI=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SJ1PR11MB6227.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b31f138d-47eb-4c1e-7675-08dc47c7fed6 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Mar 2024 03:52:27.8805 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: OeP3p7P923ieLAriHVWjvJqpp15Bf+hlhyhvwszn8SKzvYlSczwjIAp5Ox9w975uByl2rJ0F7aatnwUfFEhtpw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR11MB6406 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Mon, 18 Mar 2024 20:52:32 -0700 Reply-To: devel@edk2.groups.io,yi1.li@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: wEhyiT8dO9Vf3rSNkFl5rZcQx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=vsEIKfa+; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Hi Chris, 1. Please create a feature request BugZilla to introduce the background of = the new API, such as purpose and application scenarios. 2. I took a quick look, the new API will make Pkcs1v2De/Encrypt support Rsa= Context input and the rest is same as old API right? Regards, Yi -----Original Message----- From: Chris Ruffin =20 Sent: Tuesday, March 19, 2024 5:52 AM To: devel@edk2.groups.io Cc: Chris Ruffin ; Yao, Jiewen ; Li, Yi1 ; Hou, Wenxing Subject: [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP cryp= to functions From: Chris Ruffin Expand the availability of the RSAEP-OAEP crypto capability in BaseCryptLib= . Applications using RSA crypto functions directly from OpensslLib can tra= nsition to BaseCryptLib to take advantage of the shared crypto feature in C= ryptoDxe. Pkcs1v2Decrypt(): decryption using DER-encoded private key RsaOaepEncrypt(): encryption using RSA contexts RsaOaepDecrypt(): decryption using RSA contexts Signed-off-by: Chris Ruffin Cc: Jiewen Yao Cc: Yi Li Cc: Wenxing Hou --- CryptoPkg/Include/Library/BaseCryptLib.h | 102 ++++ .../Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c | 506 ++++++++++++++++-- .../BaseCryptLib/Pk/CryptPkcs1OaepNull.c | 114 ++++ .../BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c | 114 ++++ 4 files changed, 789 insertions(+), 47 deletions(-) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index a52bd91ad6..7ad2bf21fe 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -2147,6 +2147,108 @@ Pkcs1v2Encrypt ( OUT UINTN *EncryptedDataSize ); +/**+ Encrypts a blob using P= KCS1v2 (RSAES-OAEP) schema. On success, will return the+ encrypted message= in a newly allocated buffer.++ Things that can cause a failure include:+ = - X509 key size does not match any known key size.+ - Fail to allocate an= intermediate buffer.+ - Null pointer provided for a non-optional paramete= r.+ - Data size is too large for the provided key size (max size is a func= tion of key size+ and hash digest size).++ @param[in] RsaContext = A pointer to an RSA context created by RsaNew() and+ = provisioned with a public key using RsaSetKey().+ @param[in= ] InData Data to be encrypted.+ @param[in] InDataSize = Size of the data buffer.+ @param[in] PrngSeed [Optional] I= f provided, a pointer to a random seed buffer+ = to be used when initializing the PRNG. NULL otherwise.+ @param[in] P= rngSeedSize [Optional] If provided, size of the random seed buffer.+= 0 otherwise.+ @param[out] EncryptedData = Pointer to an allocated buffer containing the encrypted+ = message.+ @param[out] EncryptedDataSize Size of the= encrypted message buffer.++ @retval TRUE Encryption wa= s successful.+ @retval FALSE Encryption failed.++**/+BOO= LEAN+EFIAPI+RsaOaepEncrypt (+ IN VOID *RsaContext,+ IN UINT8 = *InData,+ IN UINTN InDataSize,+ IN CONST UINT8 *PrngSe= ed OPTIONAL,+ IN UINTN PrngSeedSize OPTIONAL,+ OUT UINT8 = **EncryptedData,+ OUT UINTN *EncryptedDataSize+ );++/**+ De= crypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return th= e+ decrypted message in a newly allocated buffer.++ Things that can cause= a failure include:+ - Fail to parse private key.+ - Fail to allocate an = intermediate buffer.+ - Null pointer provided for a non-optional parameter= .++ @param[in] PrivateKey A pointer to the DER-encoded private k= ey.+ @param[in] PrivateKeySize Size of the private key buffer.+ @pa= ram[in] EncryptedData Data to be decrypted.+ @param[in] EncryptedD= ataSize Size of the encrypted buffer.+ @param[out] OutData P= ointer to an allocated buffer containing the encrypted+ = message.+ @param[out] OutDataSize Size of the encryp= ted message buffer.++ @retval TRUE Encryption was succe= ssful.+ @retval FALSE Encryption failed.++**/+BOOLEAN+EF= IAPI+Pkcs1v2Decrypt (+ IN CONST UINT8 *PrivateKey,+ IN UINTN = PrivateKeySize,+ IN UINT8 *EncryptedData,+ IN UINTN Enc= ryptedDataSize,+ OUT UINT8 **OutData,+ OUT UINTN *OutData= Size+ );++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On succ= ess, will return the+ decrypted message in a newly allocated buffer.++ Th= ings that can cause a failure include:+ - Fail to parse private key.+ - F= ail to allocate an intermediate buffer.+ - Null pointer provided for a non= -optional parameter.++ @param[in] RsaContext A pointer to an RSA= context created by RsaNew() and+ provisio= ned with a private key using RsaSetKey().+ @param[in] EncryptedData = Data to be decrypted.+ @param[in] EncryptedDataSize Size of the encryp= ted buffer.+ @param[out] OutData Pointer to an allocated buffe= r containing the encrypted+ message.+ @pa= ram[out] OutDataSize Size of the encrypted message buffer.++ @retv= al TRUE Encryption was successful.+ @retval FALSE = Encryption failed.++**/+BOOLEAN+EFIAPI+RsaOaepDecrypt (+ IN = VOID *RsaContext,+ IN UINT8 *EncryptedData,+ IN UINTN EncryptedD= ataSize,+ OUT UINT8 **OutData,+ OUT UINTN *OutDataSize+ );+ /** Th= e 3rd parameter of Pkcs7GetSigners will return all embedded X.509 certifi= cate in one given PKCS7 signature. The format is:diff --git a/CryptoPkg/Lib= rary/BaseCryptLib/Pk/CryptPkcs1Oaep.c b/CryptoPkg/Library/BaseCryptLib/Pk/C= ryptPkcs1Oaep.c index ea43c1381c..00e904dd6c 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c @@ -26,9 +26,8 @@ - Data size is too large for the provided key size (max size is a functi= on of key size and hash digest size). - @param[in] PublicKey = A pointer to the DER-encoded X509 certificate that+ @param[in] Pkey = A pointer to an EVP_PKEY struct that = will be used to encrypt the data.- @param[in] PublicKeySize = Size of the X509 cert buffer. @param[in] InData Data to be= encrypted. @param[in] InDataSize Size of the data buffer. @p= aram[in] PrngSeed [Optional] If provided, a pointer to a random= seed buffer@@ -45,9 +44,8 @@ **/ BOOLEAN EFIAPI-Pkcs1v2Encrypt (- IN CONST UINT8 *PublicKey,- IN = UINTN PublicKeySize,+InternalPkcs1v2Encrypt (+ EVP_PKEY *= Pkey, IN UINT8 *InData, IN UINTN InDataSize, IN C= ONST UINT8 *PrngSeed OPTIONAL,@@ -57,9 +55,6 @@ Pkcs1v2Encrypt ( ) { BOOLEAN Result;- CONST UINT8 *TempPointer;- X509 = *CertData;- EVP_PKEY *InternalPublicKey; EVP_PKEY_CTX *PkeyCtx; = UINT8 *OutData; UINTN OutDataSize;@@ -67,28 +62,15 @@ P= kcs1v2Encrypt ( // // Check input parameters. //- if ((PublicKey =3D=3D NULL) || (I= nData =3D=3D NULL) ||+ if ((Pkey =3D=3D NULL) || (InData =3D=3D NULL) || = (EncryptedData =3D=3D NULL) || (EncryptedDataSize =3D=3D NULL)) { = return FALSE; } - //- // Check public key size.- //- if (PublicKeyS= ize > 0xFFFFFFFF) {- //- // Public key size is too large for implemen= tation.- //- return FALSE;- }- *EncryptedData =3D NULL; *Enc= ryptedDataSize =3D 0; Result =3D FALSE;- TempPointer = =3D NULL;- CertData =3D NULL;- InternalPublicKey =3D NULL; P= keyCtx =3D NULL; OutData =3D NULL; OutDataSize = =3D 0;@@ -104,6 +86,154 @@ Pkcs1v2Encrypt ( RandomSeed (NULL, 0); } + //+ // Create a context for the public k= ey operation.+ //+ PkeyCtx =3D EVP_PKEY_CTX_new (Pkey, NULL);+ if (PkeyC= tx =3D=3D NULL) {+ //+ // Fail to create contex.+ //+ goto _Exi= t;+ }++ //+ // Initialize the context and set the desired padding.+ //+= if ((EVP_PKEY_encrypt_init (PkeyCtx) <=3D 0) ||+ (EVP_PKEY_CTX_set_r= sa_padding (PkeyCtx, RSA_PKCS1_OAEP_PADDING) <=3D 0))+ {+ //+ // Fai= l to initialize the context.+ //+ goto _Exit;+ }++ //+ // Determin= e the required buffer length for malloc'ing.+ //+ if (EVP_PKEY_encrypt (P= keyCtx, NULL, &OutDataSize, InData, InDataSize) <=3D 0) {+ //+ // Fai= l to determine output buffer size.+ //+ goto _Exit;+ }++ //+ // Al= locate a buffer for the output data.+ //+ OutData =3D AllocatePool (OutDa= taSize);+ if (OutData =3D=3D NULL) {+ //+ // Fail to allocate the ou= tput buffer.+ //+ goto _Exit;+ }++ //+ // Encrypt Data.+ //+ if = (EVP_PKEY_encrypt (PkeyCtx, OutData, &OutDataSize, InData, InDataSize) <=3D= 0) {+ //+ // Fail to encrypt data, need to free the output buffer.+ = //+ FreePool (OutData);+ OutData =3D NULL;+ OutDataSize =3D= 0;+ goto _Exit;+ }++ //+ // Encrypt done.+ //+ *EncryptedData = =3D OutData;+ *EncryptedDataSize =3D OutDataSize;+ Result =3D= TRUE;++_Exit:+ //+ // Release Resources+ //+ if (PkeyCtx !=3D NULL) {+= EVP_PKEY_CTX_free (PkeyCtx);+ }++ return Result;+}++/**+ Encrypts a = blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the+ encry= pted message in a newly allocated buffer.++ Things that can cause a failur= e include:+ - X509 key size does not match any known key size.+ - Fail to= parse X509 certificate.+ - Fail to allocate an intermediate buffer.+ - N= ull pointer provided for a non-optional parameter.+ - Data size is too lar= ge for the provided key size (max size is a function of key size+ and ha= sh digest size).++ @param[in] PublicKey A pointer to the DER-en= coded X509 certificate that+ will be used = to encrypt the data.+ @param[in] PublicKeySize Size of the X509 cer= t buffer.+ @param[in] InData Data to be encrypted.+ @param[= in] InDataSize Size of the data buffer.+ @param[in] PrngSeed = [Optional] If provided, a pointer to a random seed buffer+ = to be used when initializing the PRNG. NULL other= wise.+ @param[in] PrngSeedSize [Optional] If provided, size of the= random seed buffer.+ 0 otherwise.+ @para= m[out] EncryptedData Pointer to an allocated buffer containing the en= crypted+ message.+ @param[out] EncryptedD= ataSize Size of the encrypted message buffer.++ @retval TRUE = Encryption was successful.+ @retval FALSE Encryp= tion failed.++**/+BOOLEAN+EFIAPI+Pkcs1v2Encrypt (+ IN CONST UINT8 *Publ= icKey,+ IN UINTN PublicKeySize,+ IN UINT8 *InData,+ IN= UINTN InDataSize,+ IN CONST UINT8 *PrngSeed OPTIONAL,+ IN = UINTN PrngSeedSize OPTIONAL,+ OUT UINT8 **EncryptedData= ,+ OUT UINTN *EncryptedDataSize+ )+{+ BOOLEAN Result;+ CON= ST UINT8 *TempPointer;+ X509 *CertData;+ EVP_PKEY *Pkey;++ = //+ // Check input parameters.+ //+ if ((PublicKey =3D=3D NULL) || (InDa= ta =3D=3D NULL) ||+ (EncryptedData =3D=3D NULL) || (EncryptedDataSize = =3D=3D NULL))+ {+ return FALSE;+ }++ //+ // Check public key size.+ = //+ if (PublicKeySize > 0xFFFFFFFF) {+ //+ // Public key size is to= o large for implementation.+ //+ return FALSE;+ }++ *EncryptedData = =3D NULL;+ *EncryptedDataSize =3D 0;+ Result =3D FALSE;+ = TempPointer =3D NULL;+ CertData =3D NULL;+ Pkey = =3D NULL;+ // // Parse the X509 cert and extract the public key.= //@@ -120,52 +250,201 @@ Pkcs1v2Encrypt ( // Extract the public key from the x509 cert in a format that // OpenS= SL can use. //- InternalPublicKey =3D X509_get_pubkey (CertData);- if (= InternalPublicKey =3D=3D NULL) {+ Pkey =3D X509_get_pubkey (CertData);+ i= f (Pkey =3D=3D NULL) { // // Fail to extract public key. // = goto _Exit; } + Result =3D InternalPkcs1v2Encrypt (Pkey, InData, InData= Size, PrngSeed, PrngSeedSize, EncryptedData, EncryptedDataSize);++_Exit: = //- // Create a context for the public key operation.+ // Release Resourc= es+ //+ if (CertData !=3D NULL) {+ X509_free (CertData);+ }++ if (Pk= ey !=3D NULL) {+ EVP_PKEY_free (Pkey);+ }++ return Result;+}++/**+ En= crypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return th= e+ encrypted message in a newly allocated buffer.++ Things that can cause= a failure include:+ - X509 key size does not match any known key size.+ = - Fail to allocate an intermediate buffer.+ - Null pointer provided for a = non-optional parameter.+ - Data size is too large for the provided key siz= e (max size is a function of key size+ and hash digest size).++ @param[= in] RsaContext A pointer to an RSA context created by RsaNew() an= d+ provisioned with a public key using Rsa= SetKey().+ @param[in] InData Data to be encrypted.+ @param[= in] InDataSize Size of the data buffer.+ @param[in] PrngSeed = [Optional] If provided, a pointer to a random seed buffer+ = to be used when initializing the PRNG. NULL other= wise.+ @param[in] PrngSeedSize [Optional] If provided, size of the= random seed buffer.+ 0 otherwise.+ @para= m[out] EncryptedData Pointer to an allocated buffer containing the en= crypted+ message.+ @param[out] EncryptedD= ataSize Size of the encrypted message buffer.++ @retval TRUE = Encryption was successful.+ @retval FALSE Encryp= tion failed.++**/+BOOLEAN+EFIAPI+RsaOaepEncrypt (+ IN VOID *RsaC= ontext,+ IN UINT8 *InData,+ IN UINTN InDataSize,+ IN = CONST UINT8 *PrngSeed OPTIONAL,+ IN UINTN PrngSeedSize OPTI= ONAL,+ OUT UINT8 **EncryptedData,+ OUT UINTN *EncryptedDa= taSize+ )+{+ BOOLEAN Result;+ EVP_PKEY *Pkey;+ //- PkeyCtx =3D EVP= _PKEY_CTX_new (InternalPublicKey, NULL);+ // Check input parameters.+ //+= if (((RsaContext =3D=3D NULL) || (InData =3D=3D NULL)) ||+ (Encrypte= dData =3D=3D NULL) || (EncryptedDataSize =3D=3D NULL))+ {+ return FALSE= ;+ }++ *EncryptedData =3D NULL;+ *EncryptedDataSize =3D 0;+ Result = =3D FALSE;+ Pkey =3D NULL;++ Pkey =3D EVP_PKEY_= new ();+ if (Pkey =3D=3D NULL) {+ goto _Exit;+ }++ if (EVP_PKEY_set1_= RSA (Pkey, (RSA *)RsaContext) =3D=3D 0) {+ goto _Exit;+ }++ Result =3D= InternalPkcs1v2Encrypt (Pkey, InData, InDataSize, PrngSeed, PrngSeedSize, = EncryptedData, EncryptedDataSize);++_Exit:+ //+ // Release Resources+ //= + if (Pkey !=3D NULL) {+ EVP_PKEY_free (Pkey);+ }++ return Result;+}+= +/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will = return the+ decrypted message in a newly allocated buffer.++ Things that = can cause a failure include:+ - Fail to parse private key.+ - Fail to all= ocate an intermediate buffer.+ - Null pointer provided for a non-optional = parameter.++ @param[in] Pkey A pointer to an EVP_PKEY whic= h will decrypt that data.+ @param[in] EncryptedData Data to be decr= ypted.+ @param[in] EncryptedDataSize Size of the encrypted buffer.+ @p= aram[out] OutData Pointer to an allocated buffer containing the= encrypted+ message.+ @param[out] OutData= Size Size of the encrypted message buffer.++ @retval TRUE = Encryption was successful.+ @retval FALSE Enc= ryption failed.++**/+BOOLEAN+EFIAPI+InternalPkcs1v2Decrypt (+ EVP_PKEY = *Pkey,+ IN UINT8 *EncryptedData,+ IN UINTN EncryptedDataSize,+ OUT= UINT8 **OutData,+ OUT UINTN *OutDataSize+ )+{+ BOOLEAN Result= ;+ EVP_PKEY_CTX *PkeyCtx;+ UINT8 *TempData;+ UINTN Temp= DataSize;+ INTN ReturnCode;++ //+ // Check input parameters.+ = //+ if ((Pkey =3D=3D NULL) || (EncryptedData =3D=3D NULL) ||+ (OutDat= a =3D=3D NULL) || (OutDataSize =3D=3D NULL))+ {+ return FALSE;+ }++ R= esult =3D FALSE;+ PkeyCtx =3D NULL;+ TempData =3D NULL;+ = TempDataSize =3D 0;++ //+ // Create a context for the decryption operatio= n.+ //+ PkeyCtx =3D EVP_PKEY_CTX_new (Pkey, NULL); if (PkeyCtx =3D=3D N= ULL) { // // Fail to create contex. //+ DEBUG ((DEBUG_ERROR,= "[%a] EVP_PKEY_CTK_new() failed\n", __func__)); goto _Exit; } // = // Initialize the context and set the desired padding. //- if ((EVP_PK= EY_encrypt_init (PkeyCtx) <=3D 0) ||+ if ((EVP_PKEY_decrypt_init (PkeyCtx)= <=3D 0) || (EVP_PKEY_CTX_set_rsa_padding (PkeyCtx, RSA_PKCS1_OAEP_PA= DDING) <=3D 0)) { // // Fail to initialize the context. //+ = DEBUG ((DEBUG_ERROR, "[%a] EVP_PKEY_decrypt_init() failed\n", __func__));= goto _Exit; } // // Determine the required buffer length for ma= lloc'ing. //- if (EVP_PKEY_encrypt (PkeyCtx, NULL, &OutDataSize, InData,= InDataSize) <=3D 0) {+ ReturnCode =3D EVP_PKEY_decrypt (PkeyCtx, NULL, &T= empDataSize, EncryptedData, EncryptedDataSize);+ if (ReturnCode <=3D 0) { = // // Fail to determine output buffer size. //+ DEBUG ((DEBU= G_ERROR, "[%a] EVP_PKEY_decrypt() failed to determine output buffer size (r= c=3D%d)\n", __func__, ReturnCode)); goto _Exit; } // // Allocate= a buffer for the output data. //- OutData =3D AllocatePool (OutDataSize= );- if (OutData =3D=3D NULL) {+ TempData =3D AllocatePool (TempDataSize);= + if (TempData =3D=3D NULL) { // // Fail to allocate the output bu= ffer. //@@ -173,39 +452,172 @@ Pkcs1v2Encrypt ( } //- // Encrypt Data.+ // Decrypt Data. //- if (EVP_PKEY_encryp= t (PkeyCtx, OutData, &OutDataSize, InData, InDataSize) <=3D 0) {+ ReturnCo= de =3D EVP_PKEY_decrypt (PkeyCtx, TempData, &TempDataSize, EncryptedData, E= ncryptedDataSize);+ if (ReturnCode <=3D 0) { //- // Fail to encrypt= data, need to free the output buffer.+ // Fail to decrypt data, need to= free the output buffer. //- FreePool (OutData);- OutData =3D= NULL;- OutDataSize =3D 0;+ FreePool (TempData);+ TempData =3D= NULL;+ TempDataSize =3D 0;++ DEBUG ((DEBUG_ERROR, "[%a] EVP_PKEY_dec= rypt(TempData) failed to decrypt (rc=3D%d)\n", __func__, ReturnCode)); = goto _Exit; } //- // Encrypt done.+ // Decrypt done. //- *Encrypt= edData =3D OutData;- *EncryptedDataSize =3D OutDataSize;- Result = =3D TRUE;+ *OutData =3D TempData;+ *OutDataSize =3D TempDataS= ize;+ Result =3D TRUE; _Exit:+ if (PkeyCtx !=3D NULL) {+ EVP_PK= EY_CTX_free (PkeyCtx);+ }++ return Result;+}++/**+ Decrypts a blob using= PKCS1v2 (RSAES-OAEP) schema. On success, will return the+ decrypted messa= ge in a newly allocated buffer.++ Things that can cause a failure include:= + - Fail to parse private key.+ - Fail to allocate an intermediate buffer= .+ - Null pointer provided for a non-optional parameter.++ @param[in] Pr= ivateKey A pointer to the DER-encoded private key.+ @param[in] P= rivateKeySize Size of the private key buffer.+ @param[in] EncryptedD= ata Data to be decrypted.+ @param[in] EncryptedDataSize Size of t= he encrypted buffer.+ @param[out] OutData Pointer to an alloca= ted buffer containing the encrypted+ messa= ge.+ @param[out] OutDataSize Size of the encrypted message buffer.= ++ @retval TRUE Encryption was successful.+ @retval = FALSE Encryption failed.++**/+BOOLEAN+EFIAPI+Pkcs1v2Decrypt= (+ IN CONST UINT8 *PrivateKey,+ IN UINTN PrivateKeySize,+ I= N UINT8 *EncryptedData,+ IN UINTN EncryptedDataSize,+ O= UT UINT8 **OutData,+ OUT UINTN *OutDataSize+ )+{+ BOOLEA= N Result;+ EVP_PKEY *Pkey;+ CONST UINT8 *TempPointer;+ //- /= / Release Resources+ // Check input parameters. //- if (CertData !=3D N= ULL) {- X509_free (CertData);+ if ((PrivateKey =3D=3D NULL) || (Encrypt= edData =3D=3D NULL) ||+ (OutData =3D=3D NULL) || (OutDataSize =3D=3D N= ULL))+ {+ return FALSE;+ }++ Result =3D FALSE;+ Pkey =3D= NULL;+ TempPointer =3D NULL;++ //+ // Parse the private key.+ //+ Tem= pPointer =3D PrivateKey;+ Pkey =3D d2i_PrivateKey (EVP_PKEY_RSA, &P= key, &TempPointer, (UINT32)PrivateKeySize);+ if (Pkey =3D=3D NULL) {+ /= /+ // Fail to parse private key.+ //+ DEBUG ((DEBUG_ERROR, "[%a] d= 2i_PrivateKey() failed\n", __func__));+ goto _Exit; } - if (InternalP= ublicKey !=3D NULL) {- EVP_PKEY_free (InternalPublicKey);+ Result =3D I= nternalPkcs1v2Decrypt (Pkey, EncryptedData, EncryptedDataSize, OutData, Out= DataSize);++_Exit:+ if (Pkey !=3D NULL) {+ EVP_PKEY_free (Pkey); } - = if (PkeyCtx !=3D NULL) {- EVP_PKEY_CTX_free (PkeyCtx);+ return Result;= +}++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, wi= ll return the+ decrypted message in a newly allocated buffer.++ Things th= at can cause a failure include:+ - Fail to parse private key.+ - Fail to = allocate an intermediate buffer.+ - Null pointer provided for a non-option= al parameter.++ @param[in] RsaContext A pointer to an RSA contex= t created by RsaNew() and+ provisioned wit= h a private key using RsaSetKey().+ @param[in] EncryptedData Data t= o be decrypted.+ @param[in] EncryptedDataSize Size of the encrypted buf= fer.+ @param[out] OutData Pointer to an allocated buffer conta= ining the encrypted+ message.+ @param[out= ] OutDataSize Size of the encrypted message buffer.++ @retval = TRUE Encryption was successful.+ @retval FALSE = Encryption failed.++**/+BOOLEAN+EFIAPI+RsaOaepDecrypt (+ IN VOID = *RsaContext,+ IN UINT8 *EncryptedData,+ IN UINTN EncryptedDataSize= ,+ OUT UINT8 **OutData,+ OUT UINTN *OutDataSize+ )+{+ BOOLEAN Res= ult;+ EVP_PKEY *Pkey;++ //+ // Check input parameters.+ //+ if ((RsaC= ontext =3D=3D NULL) || (EncryptedData =3D=3D NULL) ||+ (OutData =3D=3D= NULL) || (OutDataSize =3D=3D NULL))+ {+ return FALSE;+ }++ Result = =3D FALSE;+ Pkey =3D NULL;++ //+ // Create a context for the decryptio= n operation.+ //++ Pkey =3D EVP_PKEY_new ();+ if (Pkey =3D=3D NULL) {+ = goto _Exit;+ }++ if (EVP_PKEY_set1_RSA (Pkey, (RSA *)RsaContext) =3D=3D= 0) {+ goto _Exit;+ }++ Result =3D InternalPkcs1v2Decrypt (Pkey, Encry= ptedData, EncryptedDataSize, OutData, OutDataSize);++_Exit:+ if (Pkey !=3D= NULL) {+ EVP_PKEY_free (Pkey); } return Result;diff --git a/Crypto= Pkg/Library/BaseCryptLib/Pk/CryptPkcs1OaepNull.c b/CryptoPkg/Library/BaseCr= yptLib/Pk/CryptPkcs1OaepNull.c index 36508947c5..05e074d18e 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1OaepNull.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1OaepNull.c @@ -48,3 +48,117 @@ Pkcs1v2Encrypt ( ASSERT (FALSE); return FALSE; }++/**+ Encrypts a blob using PKCS1v2 (= RSAES-OAEP) schema. On success, will return the+ encrypted message in a ne= wly allocated buffer.++ Things that can cause a failure include:+ - X509 = key size does not match any known key size.+ - Fail to allocate an interme= diate buffer.+ - Null pointer provided for a non-optional parameter.+ - D= ata size is too large for the provided key size (max size is a function of = key size+ and hash digest size).++ @param[in] RsaContext A po= inter to an RSA context created by RsaNew() and+ = provisioned with a public key using RsaSetKey().+ @param[in] InDat= a Data to be encrypted.+ @param[in] InDataSize Size= of the data buffer.+ @param[in] PrngSeed [Optional] If provid= ed, a pointer to a random seed buffer+ to = be used when initializing the PRNG. NULL otherwise.+ @param[in] PrngSeedS= ize [Optional] If provided, size of the random seed buffer.+ = 0 otherwise.+ @param[out] EncryptedData Po= inter to an allocated buffer containing the encrypted+ = message.+ @param[out] EncryptedDataSize Size of the encrypt= ed message buffer.++ @retval TRUE Encryption was succes= sful.+ @retval FALSE Encryption failed.++**/+BOOLEAN+EFI= API+RsaOaepEncrypt (+ IN VOID *RsaContext,+ IN UINT8 *= InData,+ IN UINTN InDataSize,+ IN CONST UINT8 *PrngSeed OPT= IONAL,+ IN UINTN PrngSeedSize OPTIONAL,+ OUT UINT8 **E= ncryptedData,+ OUT UINTN *EncryptedDataSize+ )+{+ ASSERT (FALSE)= ;+ return FALSE;+}++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schem= a. On success, will return the+ decrypted message in a newly allocated buf= fer.++ Things that can cause a failure include:+ - Fail to parse private = key.+ - Fail to allocate an intermediate buffer.+ - Null pointer provided= for a non-optional parameter.++ @param[in] PrivateKey A pointer= to the DER-encoded private key.+ @param[in] PrivateKeySize Size of = the private key buffer.+ @param[in] EncryptedData Data to be decryp= ted.+ @param[in] EncryptedDataSize Size of the encrypted buffer.+ @par= am[out] OutData Pointer to an allocated buffer containing the e= ncrypted+ message.+ @param[out] OutDataSi= ze Size of the encrypted message buffer.++ @retval TRUE = Encryption was successful.+ @retval FALSE Encry= ption failed.++**/+BOOLEAN+EFIAPI+Pkcs1v2Decrypt (+ IN CONST UINT8 *Pri= vateKey,+ IN UINTN PrivateKeySize,+ IN UINT8 *Encrypted= Data,+ IN UINTN EncryptedDataSize,+ OUT UINT8 **OutData,= + OUT UINTN *OutDataSize+ )+{+ ASSERT (FALSE);+ return FALSE;+}= ++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will= return the+ decrypted message in a newly allocated buffer.++ Things that= can cause a failure include:+ - Fail to parse private key.+ - Fail to al= locate an intermediate buffer.+ - Null pointer provided for a non-optional= parameter.++ @param[in] RsaContext A pointer to an RSA context = created by RsaNew() and+ provisioned with = a private key using RsaSetKey().+ @param[in] EncryptedData Data to = be decrypted.+ @param[in] EncryptedDataSize Size of the encrypted buffe= r.+ @param[out] OutData Pointer to an allocated buffer contain= ing the encrypted+ message.+ @param[out] = OutDataSize Size of the encrypted message buffer.++ @retval TR= UE Encryption was successful.+ @retval FALSE = Encryption failed.++**/+BOOLEAN+EFIAPI+RsaOaepDecrypt (+ IN VOID *= RsaContext,+ IN UINT8 *EncryptedData,+ IN UINTN EncryptedDataSize,+= OUT UINT8 **OutData,+ OUT UINTN *OutDataSize+ )+{+ ASSERT (FALSE);= + return FALSE;+}diff --git a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptP= kcs1OaepNull.c b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c index 36508947c5..05e074d18e 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c @@ -48,3 +48,117 @@ Pkcs1v2Encrypt ( ASSERT (FALSE); return FALSE; }++/**+ Encrypts a blob using PKCS1v2 (= RSAES-OAEP) schema. On success, will return the+ encrypted message in a ne= wly allocated buffer.++ Things that can cause a failure include:+ - X509 = key size does not match any known key size.+ - Fail to allocate an interme= diate buffer.+ - Null pointer provided for a non-optional parameter.+ - D= ata size is too large for the provided key size (max size is a function of = key size+ and hash digest size).++ @param[in] RsaContext A po= inter to an RSA context created by RsaNew() and+ = provisioned with a public key using RsaSetKey().+ @param[in] InDat= a Data to be encrypted.+ @param[in] InDataSize Size= of the data buffer.+ @param[in] PrngSeed [Optional] If provid= ed, a pointer to a random seed buffer+ to = be used when initializing the PRNG. NULL otherwise.+ @param[in] PrngSeedS= ize [Optional] If provided, size of the random seed buffer.+ = 0 otherwise.+ @param[out] EncryptedData Po= inter to an allocated buffer containing the encrypted+ = message.+ @param[out] EncryptedDataSize Size of the encrypt= ed message buffer.++ @retval TRUE Encryption was succes= sful.+ @retval FALSE Encryption failed.++**/+BOOLEAN+EFI= API+RsaOaepEncrypt (+ IN VOID *RsaContext,+ IN UINT8 *= InData,+ IN UINTN InDataSize,+ IN CONST UINT8 *PrngSeed OPT= IONAL,+ IN UINTN PrngSeedSize OPTIONAL,+ OUT UINT8 **E= ncryptedData,+ OUT UINTN *EncryptedDataSize+ )+{+ ASSERT (FALSE)= ;+ return FALSE;+}++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schem= a. On success, will return the+ decrypted message in a newly allocated buf= fer.++ Things that can cause a failure include:+ - Fail to parse private = key.+ - Fail to allocate an intermediate buffer.+ - Null pointer provided= for a non-optional parameter.++ @param[in] PrivateKey A pointer= to the DER-encoded private key.+ @param[in] PrivateKeySize Size of = the private key buffer.+ @param[in] EncryptedData Data to be decryp= ted.+ @param[in] EncryptedDataSize Size of the encrypted buffer.+ @par= am[out] OutData Pointer to an allocated buffer containing the e= ncrypted+ message.+ @param[out] OutDataSi= ze Size of the encrypted message buffer.++ @retval TRUE = Encryption was successful.+ @retval FALSE Encry= ption failed.++**/+BOOLEAN+EFIAPI+Pkcs1v2Decrypt (+ IN CONST UINT8 *Pri= vateKey,+ IN UINTN PrivateKeySize,+ IN UINT8 *Encrypted= Data,+ IN UINTN EncryptedDataSize,+ OUT UINT8 **OutData,= + OUT UINTN *OutDataSize+ )+{+ ASSERT (FALSE);+ return FALSE;+}= ++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will= return the+ decrypted message in a newly allocated buffer.++ Things that= can cause a failure include:+ - Fail to parse private key.+ - Fail to al= locate an intermediate buffer.+ - Null pointer provided for a non-optional= parameter.++ @param[in] RsaContext A pointer to an RSA context = created by RsaNew() and+ provisioned with = a private key using RsaSetKey().+ @param[in] EncryptedData Data to = be decrypted.+ @param[in] EncryptedDataSize Size of the encrypted buffe= r.+ @param[out] OutData Pointer to an allocated buffer contain= ing the encrypted+ message.+ @param[out] = OutDataSize Size of the encrypted message buffer.++ @retval TR= UE Encryption was successful.+ @retval FALSE = Encryption failed.++**/+BOOLEAN+EFIAPI+RsaOaepDecrypt (+ IN VOID *= RsaContext,+ IN UINT8 *EncryptedData,+ IN UINTN EncryptedDataSize,+= OUT UINT8 **OutData,+ OUT UINTN *OutDataSize+ )+{+ ASSERT (FALSE);= + return FALSE;+}--=20 2.44.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116877): https://edk2.groups.io/g/devel/message/116877 Mute This Topic: https://groups.io/mt/105014749/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-