From: "Li, Yi" <yi1.li@intel.com>
To: "Hou, Wenxing" <wenxing.hou@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Yao, Jiewen" <jiewen.yao@intel.com>,
"Lu, Xiaoyu1" <xiaoyu1.lu@intel.com>,
"Jiang, Guomin" <guomin.jiang@intel.com>
Subject: Re: [edk2-devel] [PATCH v2 05/10] CryptoPkg: Add RSA functions based on Mbedtls
Date: Mon, 4 Sep 2023 08:43:02 +0000 [thread overview]
Message-ID: <SJ1PR11MB62279876A37E66F649C5023AC5E9A@SJ1PR11MB6227.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20230902141627.3178-6-wenxing.hou@intel.com>
TestPublicExponent[] is same as default value so this test is nonsense.
Please use a different value to generate key and use RsaGetKey to confirm PE is same as expect.
-----Original Message-----
From: Hou, Wenxing <wenxing.hou@intel.com>
Sent: Saturday, September 2, 2023 10:16 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen <jiewen.yao@intel.com>; Li, Yi1 <yi1.li@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>
Subject: [PATCH v2 05/10] CryptoPkg: Add RSA functions based on Mbedtls
Add RSA APIs.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yi Li <yi1.li@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
---
.../BaseCryptLibMbedTls/InternalCryptLib.h | 44 +++
.../BaseCryptLibMbedTls/Pk/CryptRsaBasic.c | 268 ++++++++++++++
.../Pk/CryptRsaBasicNull.c | 121 +++++++
.../BaseCryptLibMbedTls/Pk/CryptRsaExt.c | 333 ++++++++++++++++++
.../BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c | 117 ++++++
.../BaseCryptLibMbedTls/Pk/CryptRsaPss.c | 164 +++++++++
.../BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c | 46 +++ .../BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c | 231 ++++++++++++
.../Pk/CryptRsaPssSignNull.c | 60 ++++
.../UnitTest/Library/BaseCryptLib/RsaTests.c | 4 +
10 files changed, 1388 insertions(+)
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasicNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSignNull.c
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h
new file mode 100644
index 0000000000..3e56c9a75c
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h
@@ -0,0 +1,44 @@
+/** @file+ Internal include file for BaseCryptLib.++Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>+SPDX-License-Identifier: BSD-2-Clause-Patent++**/++#ifndef INTERNAL_CRYPT_LIB_H_+#define INTERNAL_CRYPT_LIB_H_++#include <Library/BaseLib.h>+#include <Library/BaseMemoryLib.h>+#include <Library/MemoryAllocationLib.h>+#include <Library/DebugLib.h>+#include <Library/BaseCryptLib.h>+#include <stdio.h>++//+// We should alwasy add mbedtls/config.h here+// to ensure the config override takes effect.+//+#include <mbedtls/mbedtls_config.h>++/**+ The MbedTLS function f_rng, which MbedRand implements, is not+ documented well.++ @param[in] RngState RngState.+ @param[in] Output Output.+ @param[in] Len Len.++ @retval 0 success.+ @retval non-zero failed.++**/+INT32+MbedRand (+ VOID *RngState,+ UINT8 *OutPut,+ UINTN Len+ );++#endifdiff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c
new file mode 100644
index 0000000000..05c2cbd25a
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c
@@ -0,0 +1,268 @@
+/** @file+ RSA Asymmetric Cipher Wrapper Implementation over MbedTLS.++ This file implements following APIs which provide basic capabilities for RSA:+ 1) RsaNew+ 2) RsaFree+ 3) RsaSetKey+ 4) RsaPkcs1Verify++ RFC 8017 - PKCS #1: RSA Cryptography Specifications Version 2.2++Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>+SPDX-License-Identifier: BSD-2-Clause-Patent++**/++#include "InternalCryptLib.h"++#include <mbedtls/rsa.h>++/**+ Allocates and initializes one RSA context for subsequent use.++ @return Pointer to the RSA context that has been initialized.+ If the allocations fails, RsaNew() returns NULL.++**/+VOID *+EFIAPI+RsaNew (+ VOID+ )+{+ VOID *RsaContext;++ RsaContext = AllocateZeroPool (sizeof (mbedtls_rsa_context));+ if (RsaContext == NULL) {+ return RsaContext;+ }++ mbedtls_rsa_init (RsaContext);+ if (mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE) != 0) {+ return NULL;+ }++ return RsaContext;+}++/**+ Release the specified RSA context.++ @param[in] RsaContext Pointer to the RSA context to be released.++**/+VOID+EFIAPI+RsaFree (+ IN VOID *RsaContext+ )+{+ mbedtls_rsa_free (RsaContext);+ if (RsaContext != NULL) {+ FreePool (RsaContext);+ }+}++/**+ Sets the tag-designated key component into the established RSA context.++ This function sets the tag-designated RSA key component into the established+ RSA context from the user-specified non-negative integer (octet string format+ represented in RSA PKCS#1).+ If BigNumber is NULL, then the specified key component in RSA context is cleared.++ If RsaContext is NULL, then return FALSE.++ @param[in, out] RsaContext Pointer to RSA context being set.+ @param[in] KeyTag Tag of RSA key component being set.+ @param[in] BigNumber Pointer to octet integer buffer.+ If NULL, then the specified key component in RSA+ context is cleared.+ @param[in] BnSize Size of big number buffer in bytes.+ If BigNumber is NULL, then it is ignored.++ @retval TRUE RSA key component was set successfully.+ @retval FALSE Invalid RSA key component tag.++**/+BOOLEAN+EFIAPI+RsaSetKey (+ IN OUT VOID *RsaContext,+ IN RSA_KEY_TAG KeyTag,+ IN CONST UINT8 *BigNumber,+ IN UINTN BnSize+ )+{+ mbedtls_rsa_context *RsaKey;+ INT32 Ret;+ mbedtls_mpi Value;++ //+ // Check input parameters.+ //+ if ((RsaContext == NULL) || (BnSize > INT_MAX)) {+ return FALSE;+ }++ mbedtls_mpi_init (&Value);++ RsaKey = (mbedtls_rsa_context *)RsaContext;++ // if BigNumber is Null clear+ if (BigNumber != NULL) {+ Ret = mbedtls_mpi_read_binary (&Value, BigNumber, BnSize);+ if (Ret != 0) {+ return FALSE;+ }+ }++ switch (KeyTag) {+ case RsaKeyN:+ Ret = mbedtls_rsa_import (+ RsaKey,+ &Value,+ NULL,+ NULL,+ NULL,+ NULL+ );+ break;+ case RsaKeyE:+ Ret = mbedtls_rsa_import (+ RsaKey,+ NULL,+ NULL,+ NULL,+ NULL,+ &Value+ );+ break;+ case RsaKeyD:+ Ret = mbedtls_rsa_import (+ RsaKey,+ NULL,+ NULL,+ NULL,+ &Value,+ NULL+ );+ break;+ case RsaKeyQ:+ Ret = mbedtls_rsa_import (+ RsaKey,+ NULL,+ NULL,+ &Value,+ NULL,+ NULL+ );+ break;+ case RsaKeyP:+ Ret = mbedtls_rsa_import (+ RsaKey,+ NULL,+ &Value,+ NULL,+ NULL,+ NULL+ );+ break;+ case RsaKeyDp:+ case RsaKeyDq:+ case RsaKeyQInv:+ default:+ Ret = -1;+ break;+ }++ mbedtls_rsa_complete (RsaKey);+ mbedtls_mpi_free (&Value);+ return Ret == 0;+}++/**+ Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in+ RSA PKCS#1.++ If RsaContext is NULL, then return FALSE.+ If MessageHash is NULL, then return FALSE.+ If Signature is NULL, then return FALSE.+ If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE.++ @param[in] RsaContext Pointer to RSA context for signature verification.+ @param[in] MessageHash Pointer to octet message hash to be checked.+ @param[in] HashSize Size of the message hash in bytes.+ @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.+ @param[in] SigSize Size of signature in bytes.++ @retval TRUE Valid signature encoded in PKCS1-v1_5.+ @retval FALSE Invalid signature or invalid RSA context.++**/+BOOLEAN+EFIAPI+RsaPkcs1Verify (+ IN VOID *RsaContext,+ IN CONST UINT8 *MessageHash,+ IN UINTN HashSize,+ IN CONST UINT8 *Signature,+ IN UINTN SigSize+ )+{+ INT32 Ret;+ mbedtls_md_type_t md_alg;++ if ((RsaContext == NULL) || (MessageHash == NULL) || (Signature == NULL)) {+ return FALSE;+ }++ if ((SigSize > INT_MAX) || (SigSize == 0)) {+ return FALSE;+ }++ switch (HashSize) {+ case MD5_DIGEST_SIZE:+ md_alg = MBEDTLS_MD_MD5;+ break;++ case SHA1_DIGEST_SIZE:+ md_alg = MBEDTLS_MD_SHA1;+ break;++ case SHA256_DIGEST_SIZE:+ md_alg = MBEDTLS_MD_SHA256;+ break;++ case SHA384_DIGEST_SIZE:+ md_alg = MBEDTLS_MD_SHA384;+ break;++ case SHA512_DIGEST_SIZE:+ md_alg = MBEDTLS_MD_SHA512;+ break;++ default:+ return FALSE;+ }++ if (mbedtls_rsa_get_len (RsaContext) != SigSize) {+ return FALSE;+ }++ mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V15, md_alg);++ Ret = mbedtls_rsa_pkcs1_verify (+ RsaContext,+ md_alg,+ (UINT32)HashSize,+ MessageHash,+ Signature+ );+ if (Ret != 0) {+ return FALSE;+ }++ return TRUE;+}diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasicNull.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasicNull.c
new file mode 100644
index 0000000000..3e643509fd
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasicNull.c
@@ -0,0 +1,121 @@
+/** @file+ RSA Asymmetric Cipher Wrapper Null Implementation.++ This file implements following APIs which provide basic capabilities for RSA:+ 1) RsaNew+ 2) RsaFree+ 3) RsaSetKey+ 4) RsaPkcs1Verify++Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>+SPDX-License-Identifier: BSD-2-Clause-Patent++**/++#include "InternalCryptLib.h"++/**+ Allocates and initializes one RSA context for subsequent use.++ @return Pointer to the RSA context that has been initialized.+ If the allocations fails, RsaNew() returns NULL.++**/+VOID *+EFIAPI+RsaNew (+ VOID+ )+{+ //+ // Allocates & Initializes RSA Context+ //+ ASSERT (FALSE);+ return NULL;+}++/**+ Release the specified RSA context.++ @param[in] RsaContext Pointer to the RSA context to be released.++**/+VOID+EFIAPI+RsaFree (+ IN VOID *RsaContext+ )+{+ //+ // Free RSA Context+ //+ ASSERT (FALSE);+}++/**+ Sets the tag-designated key component into the established RSA context.++ This function sets the tag-designated RSA key component into the established+ RSA context from the user-specified non-negative integer (octet string format+ represented in RSA PKCS#1).+ If BigNumber is NULL, then the specified key component in RSA context is cleared.++ If RsaContext is NULL, then return FALSE.++ @param[in, out] RsaContext Pointer to RSA context being set.+ @param[in] KeyTag Tag of RSA key component being set.+ @param[in] BigNumber Pointer to octet integer buffer.+ If NULL, then the specified key component in RSA+ context is cleared.+ @param[in] BnSize Size of big number buffer in bytes.+ If BigNumber is NULL, then it is ignored.++ @retval TRUE RSA key component was set successfully.+ @retval FALSE Invalid RSA key component tag.++**/+BOOLEAN+EFIAPI+RsaSetKey (+ IN OUT VOID *RsaContext,+ IN RSA_KEY_TAG KeyTag,+ IN CONST UINT8 *BigNumber,+ IN UINTN BnSize+ )+{+ ASSERT (FALSE);+ return FALSE;+}++/**+ Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in+ RSA PKCS#1.++ If RsaContext is NULL, then return FALSE.+ If MessageHash is NULL, then return FALSE.+ If Signature is NULL, then return FALSE.+ If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.++ @param[in] RsaContext Pointer to RSA context for signature verification.+ @param[in] MessageHash Pointer to octet message hash to be checked.+ @param[in] HashSize Size of the message hash in bytes.+ @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.+ @param[in] SigSize Size of signature in bytes.++ @retval TRUE Valid signature encoded in PKCS1-v1_5.+ @retval FALSE Invalid signature or invalid RSA context.++**/+BOOLEAN+EFIAPI+RsaPkcs1Verify (+ IN VOID *RsaContext,+ IN CONST UINT8 *MessageHash,+ IN UINTN HashSize,+ IN CONST UINT8 *Signature,+ IN UINTN SigSize+ )+{+ ASSERT (FALSE);+ return FALSE;+}diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c
new file mode 100644
index 0000000000..3cd0f8d8c9
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c
@@ -0,0 +1,333 @@
+/** @file+ RSA Asymmetric Cipher Wrapper Implementation over MbedTLS.++ This file implements following APIs which provide more capabilities for RSA:+ 1) RsaGetKey+ 2) RsaGenerateKey+ 3) RsaCheckKey+ 4) RsaPkcs1Sign++ RFC 8017 - PKCS #1: RSA Cryptography Specifications Version 2.2++Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>+SPDX-License-Identifier: BSD-2-Clause-Patent++**/++#include "InternalCryptLib.h"+#include <mbedtls/rsa.h>++/**+ Gets the tag-designated RSA key component from the established RSA context.++ This function retrieves the tag-designated RSA key component from the+ established RSA context as a non-negative integer (octet string format+ represented in RSA PKCS#1).+ If specified key component has not been set or has been cleared, then returned+ BnSize is set to 0.+ If the BigNumber buffer is too small to hold the contents of the key, FALSE+ is returned and BnSize is set to the required buffer size to obtain the key.++ If RsaContext is NULL, then return FALSE.+ If BnSize is NULL, then return FALSE.+ If BnSize is large enough but BigNumber is NULL, then return FALSE.++ @param[in, out] RsaContext Pointer to RSA context being set.+ @param[in] KeyTag Tag of RSA key component being set.+ @param[out] BigNumber Pointer to octet integer buffer.+ @param[in, out] BnSize On input, the size of big number buffer in bytes.+ On output, the size of data returned in big number buffer in bytes.++ @retval TRUE RSA key component was retrieved successfully.+ @retval FALSE Invalid RSA key component tag.+ @retval FALSE BnSize is too small.++**/+BOOLEAN+EFIAPI+RsaGetKey (+ IN OUT VOID *RsaContext,+ IN RSA_KEY_TAG KeyTag,+ OUT UINT8 *BigNumber,+ IN OUT UINTN *BnSize+ )+{+ mbedtls_rsa_context *RsaKey;+ INT32 Ret;+ mbedtls_mpi Value;+ UINTN Size;++ //+ // Check input parameters.+ //+ if ((RsaContext == NULL) || (*BnSize > INT_MAX)) {+ return FALSE;+ }++ //+ // Init mbedtls_mpi+ //+ mbedtls_mpi_init (&Value);+ Size = *BnSize;+ *BnSize = 0;++ RsaKey = (mbedtls_rsa_context *)RsaContext;++ switch (KeyTag) {+ case RsaKeyN:+ Ret = mbedtls_rsa_export (RsaKey, &Value, NULL, NULL, NULL, NULL);+ break;+ case RsaKeyE:+ Ret = mbedtls_rsa_export (RsaKey, NULL, NULL, NULL, NULL, &Value);+ break;+ case RsaKeyD:+ Ret = mbedtls_rsa_export (RsaKey, NULL, NULL, NULL, &Value, NULL);+ break;+ case RsaKeyQ:+ Ret = mbedtls_rsa_export (RsaKey, NULL, NULL, &Value, NULL, NULL);+ break;+ case RsaKeyP:+ Ret = mbedtls_rsa_export (RsaKey, NULL, &Value, NULL, NULL, NULL);+ break;+ case RsaKeyDp:+ case RsaKeyDq:+ case RsaKeyQInv:+ default:+ Ret = -1;+ break;+ }++ if (Ret != 0) {+ return FALSE;+ }++ if (!mbedtls_mpi_size (&Value)) {+ Ret = 0;+ goto End;+ }++ *BnSize = Size;++ if (Ret == 0) {+ Size = mbedtls_mpi_size (&Value);+ }++ if (Size == 0) {+ Ret = 1;+ goto End;+ }++ if (*BnSize < Size) {+ Ret = 1;+ *BnSize = Size;+ goto End;+ }++ if (BigNumber == NULL) {+ Ret = 0;+ *BnSize = Size;+ goto End;+ }++ if ((BigNumber != NULL) && (Ret == 0)) {+ Ret = mbedtls_mpi_write_binary (&Value, BigNumber, Size);+ *BnSize = Size;+ }++End:+ mbedtls_mpi_free (&Value);+ return Ret == 0;+}++/**+ Generates RSA key components.++ This function generates RSA key components. It takes RSA public exponent E and+ length in bits of RSA modulus N as input, and generates all key components.+ If PublicExponent is NULL, the default RSA public exponent (0x10001) will be used.++ If RsaContext is NULL, then return FALSE.++ @param[in, out] RsaContext Pointer to RSA context being set.+ @param[in] ModulusLength Length of RSA modulus N in bits.+ @param[in] PublicExponent Pointer to RSA public exponent.+ @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.++ @retval TRUE RSA key component was generated successfully.+ @retval FALSE Invalid RSA key component tag.++**/+BOOLEAN+EFIAPI+RsaGenerateKey (+ IN OUT VOID *RsaContext,+ IN UINTN ModulusLength,+ IN CONST UINT8 *PublicExponent,+ IN UINTN PublicExponentSize+ )+{+ INT32 Ret;+ mbedtls_rsa_context *Rsa;+ INT32 PE;+ INT32 *GetPE;++ //+ // Check input parameters.+ //+ if ((RsaContext == NULL) || (ModulusLength > INT_MAX) || (PublicExponentSize > INT_MAX)) {+ return FALSE;+ }++ Ret = 0;+ Rsa = (mbedtls_rsa_context *)RsaContext;++ if (PublicExponent == NULL) {+ PE = 0x10001;+ } else {+ if ((PublicExponentSize > (sizeof (INT32) / sizeof (UINT8))) || (PublicExponentSize == 0)) {+ return FALSE;+ }++ GetPE = (INT32 *)PublicExponent;+ PE = *GetPE;+ }++ Ret = mbedtls_rsa_gen_key (+ Rsa,+ myrand,+ NULL,+ (UINT32)ModulusLength,+ PE+ );++ return Ret == 0;+}++/**+ Validates key components of RSA context.+ NOTE: This function performs integrity checks on all the RSA key material, so+ the RSA key structure must contain all the private key data.++ This function validates key components of RSA context in following aspects:+ - Whether p is a prime+ - Whether q is a prime+ - Whether n = p * q+ - Whether d*e = 1 mod lcm(p-1,q-1)++ If RsaContext is NULL, then return FALSE.++ @param[in] RsaContext Pointer to RSA context to check.++ @retval TRUE RSA key components are valid.+ @retval FALSE RSA key components are not valid.++**/+BOOLEAN+EFIAPI+RsaCheckKey (+ IN VOID *RsaContext+ )+{+ if (RsaContext == NULL) {+ return FALSE;+ }++ UINT32 Ret;++ Ret = mbedtls_rsa_complete (RsaContext);+ if (Ret == 0) {+ Ret = mbedtls_rsa_check_privkey (RsaContext);+ }++ return Ret == 0;+}++/**+ Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.++ This function carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme defined in+ RSA PKCS#1.+ If the Signature buffer is too small to hold the contents of signature, FALSE+ is returned and SigSize is set to the required buffer size to obtain the signature.++ If RsaContext is NULL, then return FALSE.+ If MessageHash is NULL, then return FALSE.+ If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE.+ If SigSize is large enough but Signature is NULL, then return FALSE.++ @param[in] RsaContext Pointer to RSA context for signature generation.+ @param[in] MessageHash Pointer to octet message hash to be signed.+ @param[in] HashSize Size of the message hash in bytes.+ @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature.+ @param[in, out] SigSize On input, the size of Signature buffer in bytes.+ On output, the size of data returned in Signature buffer in bytes.++ @retval TRUE Signature successfully generated in PKCS1-v1_5.+ @retval FALSE Signature generation failed.+ @retval FALSE SigSize is too small.++**/+BOOLEAN+EFIAPI+RsaPkcs1Sign (+ IN VOID *RsaContext,+ IN CONST UINT8 *MessageHash,+ IN UINTN HashSize,+ OUT UINT8 *Signature,+ IN OUT UINTN *SigSize+ )+{+ INT32 Ret;+ mbedtls_md_type_t md_alg;++ if ((RsaContext == NULL) || (MessageHash == NULL)) {+ return FALSE;+ }++ switch (HashSize) {+ case MD5_DIGEST_SIZE:+ break;++ case SHA1_DIGEST_SIZE:+ md_alg = MBEDTLS_MD_SHA1;+ break;++ case SHA256_DIGEST_SIZE:+ md_alg = MBEDTLS_MD_SHA256;+ break;++ case SHA384_DIGEST_SIZE:+ md_alg = MBEDTLS_MD_SHA384;+ break;++ case SHA512_DIGEST_SIZE:+ md_alg = MBEDTLS_MD_SHA512;+ break;++ default:+ return FALSE;+ }++ if (mbedtls_rsa_get_len (RsaContext) > *SigSize) {+ *SigSize = mbedtls_rsa_get_len (RsaContext);+ return FALSE;+ }++ mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V15, md_alg);++ Ret = mbedtls_rsa_pkcs1_sign (+ RsaContext,+ MbedRand,+ NULL,+ md_alg,+ (UINT32)HashSize,+ MessageHash,+ Signature+ );+ if (Ret != 0) {+ return FALSE;+ }++ *SigSize = mbedtls_rsa_get_len (RsaContext);+ return TRUE;+}diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c
new file mode 100644
index 0000000000..be810fb8ca
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c
@@ -0,0 +1,117 @@
+/** @file+ RSA Asymmetric Cipher Wrapper Implementation over MbedTLS.++ This file does not provide real capabilities for following APIs in RSA handling:+ 1) RsaGetKey+ 2) RsaGenerateKey+ 3) RsaCheckKey+ 4) RsaPkcs1Sign++Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>+SPDX-License-Identifier: BSD-2-Clause-Patent++**/++#include "InternalCryptLib.h"++/**+ Gets the tag-designated RSA key component from the established RSA context.++ Return FALSE to indicate this interface is not supported.++ @param[in, out] RsaContext Pointer to RSA context being set.+ @param[in] KeyTag Tag of RSA key component being set.+ @param[out] BigNumber Pointer to octet integer buffer.+ @param[in, out] BnSize On input, the size of big number buffer in bytes.+ On output, the size of data returned in big number buffer in bytes.++ @retval FALSE This interface is not supported.++**/+BOOLEAN+EFIAPI+RsaGetKey (+ IN OUT VOID *RsaContext,+ IN RSA_KEY_TAG KeyTag,+ OUT UINT8 *BigNumber,+ IN OUT UINTN *BnSize+ )+{+ ASSERT (FALSE);+ return FALSE;+}++/**+ Generates RSA key components.++ Return FALSE to indicate this interface is not supported.++ @param[in, out] RsaContext Pointer to RSA context being set.+ @param[in] ModulusLength Length of RSA modulus N in bits.+ @param[in] PublicExponent Pointer to RSA public exponent.+ @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.++ @retval FALSE This interface is not supported.++**/+BOOLEAN+EFIAPI+RsaGenerateKey (+ IN OUT VOID *RsaContext,+ IN UINTN ModulusLength,+ IN CONST UINT8 *PublicExponent,+ IN UINTN PublicExponentSize+ )+{+ ASSERT (FALSE);+ return FALSE;+}++/**+ Validates key components of RSA context.++ Return FALSE to indicate this interface is not supported.++ @param[in] RsaContext Pointer to RSA context to check.++ @retval FALSE This interface is not supported.++**/+BOOLEAN+EFIAPI+RsaCheckKey (+ IN VOID *RsaContext+ )+{+ ASSERT (FALSE);+ return FALSE;+}++/**+ Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.++ Return FALSE to indicate this interface is not supported.++ @param[in] RsaContext Pointer to RSA context for signature generation.+ @param[in] MessageHash Pointer to octet message hash to be signed.+ @param[in] HashSize Size of the message hash in bytes.+ @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature.+ @param[in, out] SigSize On input, the size of Signature buffer in bytes.+ On output, the size of data returned in Signature buffer in bytes.++ @retval FALSE This interface is not supported.++**/+BOOLEAN+EFIAPI+RsaPkcs1Sign (+ IN VOID *RsaContext,+ IN CONST UINT8 *MessageHash,+ IN UINTN HashSize,+ OUT UINT8 *Signature,+ IN OUT UINTN *SigSize+ )+{+ ASSERT (FALSE);+ return FALSE;+}diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c
new file mode 100644
index 0000000000..370d0cf7e5
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c
@@ -0,0 +1,164 @@
+/** @file+ RSA Asymmetric Cipher Wrapper Implementation over MbedTLS.++ This file implements following APIs which provide basic capabilities for RSA:+ 1) RsaPssVerify++Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>+SPDX-License-Identifier: BSD-2-Clause-Patent++**/++#include "InternalCryptLib.h"+#include <mbedtls/rsa.h>++/**+ Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017.+ Implementation determines salt length automatically from the signature encoding.+ Mask generation function is the same as the message digest algorithm.+ Salt length should be equal to digest length.++ @param[in] RsaContext Pointer to RSA context for signature verification.+ @param[in] Message Pointer to octet message to be verified.+ @param[in] MsgSize Size of the message in bytes.+ @param[in] Signature Pointer to RSASSA-PSS signature to be verified.+ @param[in] SigSize Size of signature in bytes.+ @param[in] DigestLen Length of digest for RSA operation.+ @param[in] SaltLen Salt length for PSS encoding.++ @retval TRUE Valid signature encoded in RSASSA-PSS.+ @retval FALSE Invalid signature or invalid RSA context.++**/+BOOLEAN+EFIAPI+RsaPssVerify (+ IN VOID *RsaContext,+ IN CONST UINT8 *Message,+ IN UINTN MsgSize,+ IN CONST UINT8 *Signature,+ IN UINTN SigSize,+ IN UINT16 DigestLen,+ IN UINT16 SaltLen+ )+{+ INT32 Ret;+ mbedtls_md_type_t md_alg;+ UINT8 HashValue[SHA512_DIGEST_SIZE];+ BOOLEAN Status;+ UINTN ShaCtxSize;+ VOID *ShaCtx;++ if (RsaContext == NULL) {+ return FALSE;+ }++ if ((Message == NULL) || (MsgSize == 0) || (MsgSize > INT_MAX)) {+ return FALSE;+ }++ if (SaltLen != DigestLen) {+ return FALSE;+ }++ if ((Signature == NULL) || (SigSize == 0) || (SigSize > INT_MAX)) {+ return FALSE;+ }++ ZeroMem (HashValue, DigestLen);++ switch (DigestLen) {+ case SHA256_DIGEST_SIZE:+ md_alg = MBEDTLS_MD_SHA256;+ ShaCtxSize = Sha256GetContextSize ();+ ShaCtx = AllocatePool (ShaCtxSize);++ Status = Sha256Init (ShaCtx);+ if (!Status) {+ return FALSE;+ }++ Status = Sha256Update (ShaCtx, Message, MsgSize);+ if (!Status) {+ FreePool (ShaCtx);+ return FALSE;+ }++ Status = Sha256Final (ShaCtx, HashValue);+ if (!Status) {+ FreePool (ShaCtx);+ return FALSE;+ }++ FreePool (ShaCtx);+ break;++ case SHA384_DIGEST_SIZE:+ md_alg = MBEDTLS_MD_SHA384;+ ShaCtxSize = Sha384GetContextSize ();+ ShaCtx = AllocatePool (ShaCtxSize);++ Status = Sha384Init (ShaCtx);+ if (!Status) {+ return FALSE;+ }++ Status = Sha384Update (ShaCtx, Message, MsgSize);+ if (!Status) {+ FreePool (ShaCtx);+ return FALSE;+ }++ Status = Sha384Final (ShaCtx, HashValue);+ if (!Status) {+ FreePool (ShaCtx);+ return FALSE;+ }++ FreePool (ShaCtx);+ break;++ case SHA512_DIGEST_SIZE:+ md_alg = MBEDTLS_MD_SHA512;+ ShaCtxSize = Sha512GetContextSize ();+ ShaCtx = AllocatePool (ShaCtxSize);++ Status = Sha512Init (ShaCtx);+ if (!Status) {+ return FALSE;+ }++ Status = Sha512Update (ShaCtx, Message, MsgSize);+ if (!Status) {+ FreePool (ShaCtx);+ return FALSE;+ }++ Status = Sha512Final (ShaCtx, HashValue);+ if (!Status) {+ FreePool (ShaCtx);+ return FALSE;+ }++ FreePool (ShaCtx);+ break;++ default:+ return FALSE;+ }++ mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V21, md_alg);++ Ret = mbedtls_rsa_rsassa_pss_verify (+ RsaContext,+ md_alg,+ (UINT32)DigestLen,+ HashValue,+ Signature+ );+ if (Ret != 0) {+ return FALSE;+ }++ return TRUE;+}diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c
new file mode 100644
index 0000000000..75ad71a922
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c
@@ -0,0 +1,46 @@
+/** @file+ RSA-PSS Asymmetric Cipher Wrapper Implementation over MbedTLS.++ This file does not provide real capabilities for following APIs in RSA handling:+ 1) RsaPssVerify++Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>+SPDX-License-Identifier: BSD-2-Clause-Patent++**/++#include "InternalCryptLib.h"++/**+ Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017.+ Implementation determines salt length automatically from the signature encoding.+ Mask generation function is the same as the message digest algorithm.+ Salt length should be equal to digest length.++ @param[in] RsaContext Pointer to RSA context for signature verification.+ @param[in] Message Pointer to octet message to be verified.+ @param[in] MsgSize Size of the message in bytes.+ @param[in] Signature Pointer to RSASSA-PSS signature to be verified.+ @param[in] SigSize Size of signature in bytes.+ @param[in] DigestLen Length of digest for RSA operation.+ @param[in] SaltLen Salt length for PSS encoding.++ @retval TRUE Valid signature encoded in RSASSA-PSS.+ @retval FALSE Invalid signature or invalid RSA context.++**/+BOOLEAN+EFIAPI+RsaPssVerify (+ IN VOID *RsaContext,+ IN CONST UINT8 *Message,+ IN UINTN MsgSize,+ IN CONST UINT8 *Signature,+ IN UINTN SigSize,+ IN UINT16 DigestLen,+ IN UINT16 SaltLen+ )+{+ ASSERT (FALSE);+ return FALSE;+}diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c
new file mode 100644
index 0000000000..db7bac5676
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c
@@ -0,0 +1,231 @@
+/** @file+ RSA PSS Asymmetric Cipher Wrapper Implementation over MbedTLS.++ This file implements following APIs which provide basic capabilities for RSA:+ 1) RsaPssSign++Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>+SPDX-License-Identifier: BSD-2-Clause-Patent++**/++#include "InternalCryptLib.h"+#include <mbedtls/rsa.h>+#include <Library/RngLib.h>++/**+ The MbedTLS function f_rng, which MbedRand implements, is not+ documented well.++ @param[in] RngState RngState.+ @param[in] Output Output.+ @param[in] Len Len.++ @retval 0 success.+ @retval non-zero failed.++**/+INT32+MbedRand (+ VOID *RngState,+ UINT8 *Output,+ UINTN Len+ )+{+ BOOLEAN Ret;+ UINT64 TempRand;++ Ret = FALSE;++ while (Len > 0) {+ // Use RngLib to get random number+ Ret = GetRandomNumber64 (&TempRand);++ if (!Ret) {+ return Ret;+ }++ if (Len >= sizeof (TempRand)) {+ *((UINT64 *)Output) = TempRand;+ Output += sizeof (UINT64);+ Len -= sizeof (TempRand);+ } else {+ CopyMem (Output, &TempRand, Len);+ Len = 0;+ }+ }++ return 0;+}++/**+ Carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme.++ This function carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme defined in+ RFC 8017.+ Mask generation function is the same as the message digest algorithm.+ If the Signature buffer is too small to hold the contents of signature, FALSE+ is returned and SigSize is set to the required buffer size to obtain the signature.++ If RsaContext is NULL, then return FALSE.+ If Message is NULL, then return FALSE.+ If MsgSize is zero or > INT_MAX, then return FALSE.+ If DigestLen is NOT 32, 48 or 64, return FALSE.+ If SaltLen is not equal to DigestLen, then return FALSE.+ If SigSize is large enough but Signature is NULL, then return FALSE.+ If this interface is not supported, then return FALSE.++ @param[in] RsaContext Pointer to RSA context for signature generation.+ @param[in] Message Pointer to octet message to be signed.+ @param[in] MsgSize Size of the message in bytes.+ @param[in] DigestLen Length of the digest in bytes to be used for RSA signature operation.+ @param[in] SaltLen Length of the salt in bytes to be used for PSS encoding.+ @param[out] Signature Pointer to buffer to receive RSA PSS signature.+ @param[in, out] SigSize On input, the size of Signature buffer in bytes.+ On output, the size of data returned in Signature buffer in bytes.++ @retval TRUE Signature successfully generated in RSASSA-PSS.+ @retval FALSE Signature generation failed.+ @retval FALSE SigSize is too small.+ @retval FALSE This interface is not supported.++**/+BOOLEAN+EFIAPI+RsaPssSign (+ IN VOID *RsaContext,+ IN CONST UINT8 *Message,+ IN UINTN MsgSize,+ IN UINT16 DigestLen,+ IN UINT16 SaltLen,+ OUT UINT8 *Signature,+ IN OUT UINTN *SigSize+ )+{+ INT32 Ret;+ mbedtls_md_type_t md_alg;+ UINT8 HashValue[SHA512_DIGEST_SIZE];+ BOOLEAN Status;+ UINTN ShaCtxSize;+ VOID *ShaCtx;++ if (RsaContext == NULL) {+ return FALSE;+ }++ if ((Message == NULL) || (MsgSize == 0) || (MsgSize > INT_MAX)) {+ return FALSE;+ }++ if (SaltLen != DigestLen) {+ return FALSE;+ }++ ZeroMem (HashValue, DigestLen);++ switch (DigestLen) {+ case SHA256_DIGEST_SIZE:+ md_alg = MBEDTLS_MD_SHA256;+ ShaCtxSize = Sha256GetContextSize ();+ ShaCtx = AllocatePool (ShaCtxSize);++ Status = Sha256Init (ShaCtx);+ if (!Status) {+ return FALSE;+ }++ Status = Sha256Update (ShaCtx, Message, MsgSize);+ if (!Status) {+ FreePool (ShaCtx);+ return FALSE;+ }++ Status = Sha256Final (ShaCtx, HashValue);+ if (!Status) {+ FreePool (ShaCtx);+ return FALSE;+ }++ FreePool (ShaCtx);+ break;++ case SHA384_DIGEST_SIZE:+ md_alg = MBEDTLS_MD_SHA384;+ ShaCtxSize = Sha384GetContextSize ();+ ShaCtx = AllocatePool (ShaCtxSize);++ Status = Sha384Init (ShaCtx);+ if (!Status) {+ return FALSE;+ }++ Status = Sha384Update (ShaCtx, Message, MsgSize);+ if (!Status) {+ FreePool (ShaCtx);+ return FALSE;+ }++ Status = Sha384Final (ShaCtx, HashValue);+ if (!Status) {+ FreePool (ShaCtx);+ return FALSE;+ }++ FreePool (ShaCtx);+ break;++ case SHA512_DIGEST_SIZE:+ md_alg = MBEDTLS_MD_SHA512;+ ShaCtxSize = Sha512GetContextSize ();+ ShaCtx = AllocatePool (ShaCtxSize);++ Status = Sha512Init (ShaCtx);+ if (!Status) {+ return FALSE;+ }++ Status = Sha512Update (ShaCtx, Message, MsgSize);+ if (!Status) {+ FreePool (ShaCtx);+ return FALSE;+ }++ Status = Sha512Final (ShaCtx, HashValue);+ if (!Status) {+ FreePool (ShaCtx);+ return FALSE;+ }++ FreePool (ShaCtx);+ break;++ default:+ return FALSE;+ }++ if (Signature == NULL) {+ //+ // If Signature is NULL, return safe SignatureSize+ //+ *SigSize = MBEDTLS_MPI_MAX_SIZE;+ return FALSE;+ }++ mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V21, md_alg);++ Ret = mbedtls_rsa_rsassa_pss_sign (+ RsaContext,+ MbedRand,+ NULL,+ md_alg,+ (UINT32)DigestLen,+ HashValue,+ Signature+ );+ if (Ret != 0) {+ return FALSE;+ }++ *SigSize = ((mbedtls_rsa_context *)RsaContext)->len;+ return TRUE;+}diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSignNull.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSignNull.c
new file mode 100644
index 0000000000..10687bd38e
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSignNull.c
@@ -0,0 +1,60 @@
+/** @file+ RSA-PSS Asymmetric Cipher Wrapper Implementation over MbedTLS.++ This file does not provide real capabilities for following APIs in RSA handling:+ 1) RsaPssSign++Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>+SPDX-License-Identifier: BSD-2-Clause-Patent++**/++#include "InternalCryptLib.h"++/**+ Carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme.++ This function carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme defined in+ RFC 8017.+ Mask generation function is the same as the message digest algorithm.+ If the Signature buffer is too small to hold the contents of signature, FALSE+ is returned and SigSize is set to the required buffer size to obtain the signature.++ If RsaContext is NULL, then return FALSE.+ If Message is NULL, then return FALSE.+ If MsgSize is zero or > INT_MAX, then return FALSE.+ If DigestLen is NOT 32, 48 or 64, return FALSE.+ If SaltLen is not equal to DigestLen, then return FALSE.+ If SigSize is large enough but Signature is NULL, then return FALSE.+ If this interface is not supported, then return FALSE.++ @param[in] RsaContext Pointer to RSA context for signature generation.+ @param[in] Message Pointer to octet message to be signed.+ @param[in] MsgSize Size of the message in bytes.+ @param[in] DigestLen Length of the digest in bytes to be used for RSA signature operation.+ @param[in] SaltLen Length of the salt in bytes to be used for PSS encoding.+ @param[out] Signature Pointer to buffer to receive RSA PSS signature.+ @param[in, out] SigSize On input, the size of Signature buffer in bytes.+ On output, the size of data returned in Signature buffer in bytes.++ @retval TRUE Signature successfully generated in RSASSA-PSS.+ @retval FALSE Signature generation failed.+ @retval FALSE SigSize is too small.+ @retval FALSE This interface is not supported.++**/+BOOLEAN+EFIAPI+RsaPssSign (+ IN VOID *RsaContext,+ IN CONST UINT8 *Message,+ IN UINTN MsgSize,+ IN UINT16 DigestLen,+ IN UINT16 SaltLen,+ OUT UINT8 *Signature,+ IN OUT UINTN *SigSize+ )+{+ ASSERT (FALSE);+ return FALSE;+}diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/RsaTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/RsaTests.c
index 3f06e89b3c..70fd4aa64b 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/RsaTests.c
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/RsaTests.c
@@ -194,6 +194,7 @@ TestVerifyRsaGenerateKeyComponents (
BOOLEAN Status; UINTN KeySize; UINT8 *KeyBuffer;+ UINT8 TestPublicExponent[] = { 0x01, 0x00, 0x01 }; // // Generate RSA Key Components@@ -202,6 +203,9 @@ TestVerifyRsaGenerateKeyComponents (
Status = RsaGenerateKey (mRsa, RSA_MODULUS_LENGTH, NULL, 0); UT_ASSERT_TRUE (Status); + Status = RsaGenerateKey (mRsa, RSA_MODULUS_LENGTH, TestPublicExponent, sizeof (TestPublicExponent));+ UT_ASSERT_TRUE (Status);+ KeySize = RSA_MODULUS_LENGTH / 8; KeyBuffer = AllocatePool (KeySize); Status = RsaGetKey (mRsa, RsaKeyE, KeyBuffer, &KeySize);--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108254): https://edk2.groups.io/g/devel/message/108254
Mute This Topic: https://groups.io/mt/101114029/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2023-09-04 8:43 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-02 14:16 [edk2-devel] [PATCH v2 00/10] Add HMAC/HKDF/RSA/HASH features based on Mbedtls Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 01/10] CryptoPkg: Add mbedtls submodule for EDKII Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 02/10] CryptoPkg: Add mbedtls_config and MbedTlsLib.inf Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 03/10] CryptoPkg: Add HMAC functions based on Mbedtls Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 04/10] CryptoPkg: Add HKDF " Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 05/10] CryptoPkg: Add RSA " Wenxing Hou
2023-09-04 8:43 ` Li, Yi [this message]
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 06/10] CryptoPkg: Add all .inf files for BaseCryptLibMbedTls Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 07/10] CryptoPkg: Add Null functions for building pass Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 08/10] CryptoPkg: Add MD5/SHA1/SHA2 functions based on Mbedtls Wenxing Hou
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 09/10] CryptoPkg: Add Mbedtls submodule in CI Wenxing Hou
2023-09-04 8:46 ` Li, Yi
2023-09-02 14:16 ` [edk2-devel] [PATCH v2 10/10] CryptoPkg: Add basic Readme for BaseCryptLibMbedTls Wenxing Hou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=SJ1PR11MB62279876A37E66F649C5023AC5E9A@SJ1PR11MB6227.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox