From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 1618FD80A07 for ; Mon, 4 Sep 2023 08:43:09 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=yf678Dc0aLzSflNRlUfGpa4KC1NrZQEpynvJ5+fyDI0=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1693816988; v=1; b=daCHFa0tt2+hLH2PxcABAjxQ5ji2NcJa9aGUcLPiW9tXz1Rb+9Jx+Cz3bVv3E1A8VP6KcP90 oKQRPbj0tn6Wzp6tkF0JntNF1a9L8YyckNjCahfqaeXHI/6Rs24anwZ09riGLmUQo9HR+BeghIO xn8M5DqHnVmgL5Bi7xBbjBf0= X-Received: by 127.0.0.2 with SMTP id 8GaEYY7687511xoMDwSSBj6g; Mon, 04 Sep 2023 01:43:08 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web10.43770.1693816988221826684 for ; Mon, 04 Sep 2023 01:43:08 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10822"; a="376482313" X-IronPort-AV: E=Sophos;i="6.02,225,1688454000"; d="scan'208";a="376482313" X-Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Sep 2023 01:43:07 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10822"; a="830828726" X-IronPort-AV: E=Sophos;i="6.02,225,1688454000"; d="scan'208";a="830828726" X-Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by FMSMGA003.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 04 Sep 2023 01:43:07 -0700 X-Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Mon, 4 Sep 2023 01:43:06 -0700 X-Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27 via Frontend Transport; Mon, 4 Sep 2023 01:43:06 -0700 X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.107) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.27; Mon, 4 Sep 2023 01:43:06 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fQ6jtVU62q714IlX8eqADKQjOjjcVym2/dhPfwwMhy2HL/0XNwYXdwtYe72AXeORjqHk82Int/RlnwvKULXqFCYrOJH0pnfnQ/B9Qm5dIMkPLfuKw9gsXf0DAqwFKNFYbNu4Q/d4LItwY/cQN/sI6vEFb33mrlIDdw5L43s+vA/4imildRaQuJCwFoe65WouOimtWU7KckrHB2f4kbeQWJyEXJLvktIuosc5Kq+7xJf48CHFo6SFGQsGfJW3vWoFnjIIMzDpASJl9PPXrGqiEz6OMk1VZJrDCpvUP0Q+wtLE1mERFbn7L0n6GIuymhM9Z3GZbZH0G/ujJRwDtZ5fIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PLs+XBIRG48VQ4seKxyH1l7IBZ63WgYoznJgU6xetSs=; b=I8vJOFQ9hYK6fkx98YQGfrcfrz97HojP/eeLY45h3TG3+5I21INH5Nifk8f1ftfZ3Qz7hL6vQpQ4AZ402Mb1uFJVGltIZB2WOL1SKKaHtDR9TcQAX+u0/wGQtMfvKIsuJM3MM/WTuEoW+O58UiHgRb6OK2QOVontWmFyV6jcBHfUuUzpSeGb1a76xO1hg2MNAhYQgprFza5EVYCbSkhN4ulT13Vm19iRZeb9vgPus7QdQ49899DQOiJHYu+V5Ps9VGNFT1g6BTPwhtIHjmjFw+GwmTJ+mLQpolrs1J1B82out3oa6Gy59s/GPmXn5FbuFdsS5Jxq/1wrLsNcFRrKqg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from SJ1PR11MB6227.namprd11.prod.outlook.com (2603:10b6:a03:45a::10) by DM4PR11MB5503.namprd11.prod.outlook.com (2603:10b6:5:39f::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6745.32; Mon, 4 Sep 2023 08:43:03 +0000 X-Received: from SJ1PR11MB6227.namprd11.prod.outlook.com ([fe80::6a13:1ff7:9685:86]) by SJ1PR11MB6227.namprd11.prod.outlook.com ([fe80::6a13:1ff7:9685:86%7]) with mapi id 15.20.6745.030; Mon, 4 Sep 2023 08:43:03 +0000 From: "Li, Yi" To: "Hou, Wenxing" , "devel@edk2.groups.io" CC: "Yao, Jiewen" , "Lu, Xiaoyu1" , "Jiang, Guomin" Subject: Re: [edk2-devel] [PATCH v2 05/10] CryptoPkg: Add RSA functions based on Mbedtls Thread-Topic: [PATCH v2 05/10] CryptoPkg: Add RSA functions based on Mbedtls Thread-Index: AQHZ3agfZg9AmspGA0+cVu/HDGOqzLAKW7zA Date: Mon, 4 Sep 2023 08:43:02 +0000 Message-ID: References: <20230902141627.3178-1-wenxing.hou@intel.com> <20230902141627.3178-6-wenxing.hou@intel.com> In-Reply-To: <20230902141627.3178-6-wenxing.hou@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SJ1PR11MB6227:EE_|DM4PR11MB5503:EE_ x-ms-office365-filtering-correlation-id: 1fd94367-8899-4a6e-bb90-08dbad22f38d x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: Xj6IWaDmmLifeikmvYJ2WWTFBRGTpdisG/SwEjsDX94xtRtQbPlGanvPx/8XD2LokLQN8P4LcNTynCL3lo8RIw/7914Bla7HMV6ByXoOMV0iIURHxDWjtvw2fx/UxBdG3gReMsG2p7nbbxsZIJ842YMutzrk/5E8kYIXdslrKJtO8htV0R8yhX+wdZ/sds10bx6e1auWdidVndKREjbLgR/dDSK6eT1xq8+3/cmpC+tsh2faIF++4PG3LW4Od0hoVxDDL/NQQLDG85bioO8fJH5dW+PR3W0Xiy8RjNPGLYqArLd/Q1+B52HXs3NH6S3mYumnf5xyU91Or0EMhRqb4P3iYkg8oJX346MRcsIlFTnGxZCoKW2ytqc4NzdnEAe6o92nzdYcVHT06U43fH/mmQOg2XOgHhKxQyJJxhfFxrnMQiuzTsXDKLgelHtelUYg7izGRqjq0hQxt9mjAk0VfIaKkTAzrqtaXvOfvVvHTw2ITAGLEQX5v6uf0gXd1Va7Npco2dFItl2ne4B4qlKP/z62/LdgNUrYmfGpTq5Ep8eKYeLWj1AvZ+nYf+5evtUuONzVMgvtxy5RGijXn3xBDvvtm9tIYTb3lgdQVcF+uOY= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?xdBdigt3UotKaFIjuQE5FdIlZOjJILVC1OsC6JMk5qeyABDXzDwQm6p75Sxz?= =?us-ascii?Q?kMRoxlMpdqIL6V/DXKDUwaP41/rUA1EnAK/nKivJ1db6IVwBlcKSwzfHcMyT?= =?us-ascii?Q?3RRJd20LAI2LYqsajRckKBugHsaMd9p+W8PJno4e2h9vHjRc/xrv7fairYKX?= =?us-ascii?Q?bIqqLh1/Gs/ClJAQOan24ek42IVUwhR2uM+YP3FNWmvALIeFM2cmwTIDYZUF?= =?us-ascii?Q?NKwgg+WIl2c1FNHjOQMapi8RbMhS9IF21I183oITX2hIKkd+sLK1u1l4q7dS?= =?us-ascii?Q?IJF+HmEG3Iu4p/7U2HMmGG6M2b77j+4OFkix87RtOQXxjjcKb9PgoIi0ZSUg?= =?us-ascii?Q?+PBS1CkWBJMQGta3v2t22jHvE080vOhfTQ9TOqfx0wIZaT35o9RfdapPUGFW?= =?us-ascii?Q?0vFFU2KGwOk1HZtGb+GUY2oG0L+GBlmLUY/yPkrs0E9n9ImKKIaPtemgyVdd?= =?us-ascii?Q?rfj/koCfUhwcMP0pxUVfcgbzcnB3jKsOya3ccdHYBdM9YZQH9SmdISoeVxtO?= =?us-ascii?Q?lf8+bmTQ29xjAB/VkzbIvSl32twJb/iCpxJz/VIP2Vxvg3tfXSqcoGXf2neS?= =?us-ascii?Q?HDH+5jRt2VQRW4vv/fvqnK2uXwEdaaD/R9NRSVRVYE9+gqpGoEbydC43aAoy?= =?us-ascii?Q?izN2EQixcSgLh9yuS+fY5+4xYbiMw+AJJLNkpkjuAAdlsSVEJE1x+LN8TlDH?= =?us-ascii?Q?wIiASTMdcZ87Kp5g7317L+9MFNXoY+wj58Fq+aSiggR/TmIzjoZInFLL5PMJ?= =?us-ascii?Q?LIhilSqBzBvZWbN2Iahw//kDHwNj+7ui6Atsl0U801OyttIR5O/uzvSy2dUq?= =?us-ascii?Q?j7yOKYTosIOfiVWoBIKUcqoLm/4ITmmQSKnV8NH1vnBjFjJVAm96CJ/mBdSs?= =?us-ascii?Q?UTz+Z+X++EJsAghcPa6dkORfLFC2yblqE4hTS22tEgwITJYmQcC0qwmIQtVt?= =?us-ascii?Q?32we9sZQAF9vGzYjUqslm6rDZZ3tvrkxCs03536xAfhkm0foDRaE33ouDoa2?= =?us-ascii?Q?S/ob/mH1poWZSJoJidGM97HjpOFglYzTa1wc6pLnHEnMgkRaLQ85FeTi6PXA?= =?us-ascii?Q?eQ9Saa8qZ5DwEcG44mevOGM8aJw7HZA4PupoyBFVJJdrPzlN1dxzbDycnUgY?= =?us-ascii?Q?LDaP+paPUrB8zg7L+xQ5fmS7waWrbj3GP/Qw9z8IrQcifxVgJL3I+sT2Jczw?= =?us-ascii?Q?TWL9W8JscF5EJZFa3+RhGHIjv+0kD0Yoi/W6x9kpE+EN8c6BKZyt3UmBsaXz?= =?us-ascii?Q?6SaQUs2Lm6TglEo2Ps30tB0klhVB0MS22TyfdgBUvfmtT4XXfGDmlj8lIwOT?= =?us-ascii?Q?s3NsHXATvfOXfwoQa2IuNK+3UWB171zLOpSCXy5W01yByzj0XfNnRM7G2i1c?= =?us-ascii?Q?rxliFUxgDuUhHxzhkcSISfjRtKBaZ9jEH58+eB1KtcTdmGB099SG6YP+FFnV?= =?us-ascii?Q?7+ESBirx3QTkGSP1BojxcUPNR5ljiKHBEvJfXkvLAaw5eF9RkQDFw07h1suz?= =?us-ascii?Q?UKWAV10LPBFA522B5nfCVLWq08inYC7eARVqqU6AG1V8VfpoxTAV6YsBA1YM?= =?us-ascii?Q?qCzAaphfwpazp/usQW0=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SJ1PR11MB6227.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1fd94367-8899-4a6e-bb90-08dbad22f38d X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Sep 2023 08:43:02.9648 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: uJGdz6AJCHgGwKkh12V20xf1ZFQ9MDxGRul294C7rbKG/BkkLdXX4/qEThnjgEgc81rpeUhZ+EvcQnsGauvXsg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR11MB5503 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,yi1.li@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 85levX5QlLelsWUbim6RRHKAx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=daCHFa0t; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}") TestPublicExponent[] is same as default value so this test is nonsense. Please use a different value to generate key and use RsaGetKey to confirm P= E is same as expect. -----Original Message----- From: Hou, Wenxing =20 Sent: Saturday, September 2, 2023 10:16 PM To: devel@edk2.groups.io Cc: Yao, Jiewen ; Li, Yi1 ; Lu, Xia= oyu1 ; Jiang, Guomin Subject: [PATCH v2 05/10] CryptoPkg: Add RSA functions based on Mbedtls Add RSA APIs. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4177 Cc: Jiewen Yao Cc: Yi Li Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Wenxing Hou --- .../BaseCryptLibMbedTls/InternalCryptLib.h | 44 +++ .../BaseCryptLibMbedTls/Pk/CryptRsaBasic.c | 268 ++++++++++++++ .../Pk/CryptRsaBasicNull.c | 121 +++++++ .../BaseCryptLibMbedTls/Pk/CryptRsaExt.c | 333 ++++++++++++++++++ .../BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c | 117 ++++++ .../BaseCryptLibMbedTls/Pk/CryptRsaPss.c | 164 +++++++++ .../BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c | 46 +++ .../BaseCryptLibM= bedTls/Pk/CryptRsaPssSign.c | 231 ++++++++++++ .../Pk/CryptRsaPssSignNull.c | 60 ++++ .../UnitTest/Library/BaseCryptLib/RsaTests.c | 4 + 10 files changed, 1388 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.= h create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.= c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasicN= ull.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExtNul= l.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNul= l.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSig= n.c create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSig= nNull.c diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h b/Cry= ptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h new file mode 100644 index 0000000000..3e56c9a75c --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h @@ -0,0 +1,44 @@ +/** @file+ Internal include file for BaseCryptLib.++Copyright (c) 2023, I= ntel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-C= lause-Patent++**/++#ifndef INTERNAL_CRYPT_LIB_H_+#define INTERNAL_CRYPT_LIB= _H_++#include +#include +#inclu= de +#include +#include <= Library/BaseCryptLib.h>+#include ++//+// We should alwasy add mbed= tls/config.h here+// to ensure the config override takes effect.+//+#includ= e ++/**+ The MbedTLS function f_rng, which MbedR= and implements, is not+ documented well.++ @param[in] RngState Rng= State.+ @param[in] Output Output.+ @param[in] Len Le= n.++ @retval 0 success.+ @retval non-zero fail= ed.++**/+INT32+MbedRand (+ VOID *RngState,+ UINT8 *OutPut,+ UINTN Le= n+ );++#endifdiff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRs= aBasic.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c new file mode 100644 index 0000000000..05c2cbd25a --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c @@ -0,0 +1,268 @@ +/** @file+ RSA Asymmetric Cipher Wrapper Implementation over MbedTLS.++ = This file implements following APIs which provide basic capabilities for RS= A:+ 1) RsaNew+ 2) RsaFree+ 3) RsaSetKey+ 4) RsaPkcs1Verify++ RFC 8017 = - PKCS #1: RSA Cryptography Specifications Version 2.2++Copyright (c) 2023,= Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2= -Clause-Patent++**/++#include "InternalCryptLib.h"++#include ++/**+ Allocates and initializes one RSA context for subsequent use.++ @= return Pointer to the RSA context that has been initialized.+ If= the allocations fails, RsaNew() returns NULL.++**/+VOID *+EFIAPI+RsaNew (+= VOID+ )+{+ VOID *RsaContext;++ RsaContext =3D AllocateZeroPool (sizeo= f (mbedtls_rsa_context));+ if (RsaContext =3D=3D NULL) {+ return RsaCon= text;+ }++ mbedtls_rsa_init (RsaContext);+ if (mbedtls_rsa_set_padding (= RsaContext, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE) !=3D 0) {+ return NUL= L;+ }++ return RsaContext;+}++/**+ Release the specified RSA context.++ = @param[in] RsaContext Pointer to the RSA context to be released.++**/+VO= ID+EFIAPI+RsaFree (+ IN VOID *RsaContext+ )+{+ mbedtls_rsa_free (RsaCo= ntext);+ if (RsaContext !=3D NULL) {+ FreePool (RsaContext);+ }+}++/**= + Sets the tag-designated key component into the established RSA context.+= + This function sets the tag-designated RSA key component into the establi= shed+ RSA context from the user-specified non-negative integer (octet stri= ng format+ represented in RSA PKCS#1).+ If BigNumber is NULL, then the sp= ecified key component in RSA context is cleared.++ If RsaContext is NULL, = then return FALSE.++ @param[in, out] RsaContext Pointer to RSA context b= eing set.+ @param[in] KeyTag Tag of RSA key component being set= .+ @param[in] BigNumber Pointer to octet integer buffer.+ = If NULL, then the specified key component in RSA+ = context is cleared.+ @param[in] BnSize = Size of big number buffer in bytes.+ If Bi= gNumber is NULL, then it is ignored.++ @retval TRUE RSA key component w= as set successfully.+ @retval FALSE Invalid RSA key component tag.++**/+= BOOLEAN+EFIAPI+RsaSetKey (+ IN OUT VOID *RsaContext,+ IN RS= A_KEY_TAG KeyTag,+ IN CONST UINT8 *BigNumber,+ IN UINTN = BnSize+ )+{+ mbedtls_rsa_context *RsaKey;+ INT32 Ret;+= mbedtls_mpi Value;++ //+ // Check input parameters.+ //+ if = ((RsaContext =3D=3D NULL) || (BnSize > INT_MAX)) {+ return FALSE;+ }++ = mbedtls_mpi_init (&Value);++ RsaKey =3D (mbedtls_rsa_context *)RsaContext= ;++ // if BigNumber is Null clear+ if (BigNumber !=3D NULL) {+ Ret =3D= mbedtls_mpi_read_binary (&Value, BigNumber, BnSize);+ if (Ret !=3D 0) {= + return FALSE;+ }+ }++ switch (KeyTag) {+ case RsaKeyN:+ = Ret =3D mbedtls_rsa_import (+ RsaKey,+ &Value,+ = NULL,+ NULL,+ NULL,+ NU= LL+ );+ break;+ case RsaKeyE:+ Ret =3D mbedtls_rs= a_import (+ RsaKey,+ NULL,+ NULL,+ = NULL,+ NULL,+ &Value+ );= + break;+ case RsaKeyD:+ Ret =3D mbedtls_rsa_import (+ = RsaKey,+ NULL,+ NULL,+ NULL,+ = &Value,+ NULL+ );+ break;+ c= ase RsaKeyQ:+ Ret =3D mbedtls_rsa_import (+ RsaKey,+ = NULL,+ NULL,+ &Value,+ NULL= ,+ NULL+ );+ break;+ case RsaKeyP:+ = Ret =3D mbedtls_rsa_import (+ RsaKey,+ NULL,+ = &Value,+ NULL,+ NULL,+ NUL= L+ );+ break;+ case RsaKeyDp:+ case RsaKeyDq:+ c= ase RsaKeyQInv:+ default:+ Ret =3D -1;+ break;+ }++ mbedtls_= rsa_complete (RsaKey);+ mbedtls_mpi_free (&Value);+ return Ret =3D=3D 0;+= }++/**+ Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding schem= e defined in+ RSA PKCS#1.++ If RsaContext is NULL, then return FALSE.+ I= f MessageHash is NULL, then return FALSE.+ If Signature is NULL, then retu= rn FALSE.+ If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SH= A-384 or SHA-512 digest, then return FALSE.++ @param[in] RsaContext Poi= nter to RSA context for signature verification.+ @param[in] MessageHash = Pointer to octet message hash to be checked.+ @param[in] HashSize Siz= e of the message hash in bytes.+ @param[in] Signature Pointer to RSA P= KCS1-v1_5 signature to be verified.+ @param[in] SigSize Size of sign= ature in bytes.++ @retval TRUE Valid signature encoded in PKCS1-v1_5.+ = @retval FALSE Invalid signature or invalid RSA context.++**/+BOOLEAN+EFI= API+RsaPkcs1Verify (+ IN VOID *RsaContext,+ IN CONST UINT8 *Me= ssageHash,+ IN UINTN HashSize,+ IN CONST UINT8 *Signature,+ IN= UINTN SigSize+ )+{+ INT32 Ret;+ mbedtls_md_type_t = md_alg;++ if ((RsaContext =3D=3D NULL) || (MessageHash =3D=3D NULL) || (S= ignature =3D=3D NULL)) {+ return FALSE;+ }++ if ((SigSize > INT_MAX) |= | (SigSize =3D=3D 0)) {+ return FALSE;+ }++ switch (HashSize) {+ ca= se MD5_DIGEST_SIZE:+ md_alg =3D MBEDTLS_MD_MD5;+ break;++ case= SHA1_DIGEST_SIZE:+ md_alg =3D MBEDTLS_MD_SHA1;+ break;++ case= SHA256_DIGEST_SIZE:+ md_alg =3D MBEDTLS_MD_SHA256;+ break;++ = case SHA384_DIGEST_SIZE:+ md_alg =3D MBEDTLS_MD_SHA384;+ break;++= case SHA512_DIGEST_SIZE:+ md_alg =3D MBEDTLS_MD_SHA512;+ brea= k;++ default:+ return FALSE;+ }++ if (mbedtls_rsa_get_len (RsaCon= text) !=3D SigSize) {+ return FALSE;+ }++ mbedtls_rsa_set_padding (Rsa= Context, MBEDTLS_RSA_PKCS_V15, md_alg);++ Ret =3D mbedtls_rsa_pkcs1_verify= (+ RsaContext,+ md_alg,+ (UINT32)HashSize,+ = MessageHash,+ Signature+ );+ if (Ret !=3D 0) {+ = return FALSE;+ }++ return TRUE;+}diff --git a/CryptoPkg/Library/BaseCryp= tLibMbedTls/Pk/CryptRsaBasicNull.c b/CryptoPkg/Library/BaseCryptLibMbedTls/= Pk/CryptRsaBasicNull.c new file mode 100644 index 0000000000..3e643509fd --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasicNull.c @@ -0,0 +1,121 @@ +/** @file+ RSA Asymmetric Cipher Wrapper Null Implementation.++ This fil= e implements following APIs which provide basic capabilities for RSA:+ 1) = RsaNew+ 2) RsaFree+ 3) RsaSetKey+ 4) RsaPkcs1Verify++Copyright (c) 2023,= Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2= -Clause-Patent++**/++#include "InternalCryptLib.h"++/**+ Allocates and ini= tializes one RSA context for subsequent use.++ @return Pointer to the RSA= context that has been initialized.+ If the allocations fails, Rs= aNew() returns NULL.++**/+VOID *+EFIAPI+RsaNew (+ VOID+ )+{+ //+ // All= ocates & Initializes RSA Context+ //+ ASSERT (FALSE);+ return NULL;+}++/= **+ Release the specified RSA context.++ @param[in] RsaContext Pointer = to the RSA context to be released.++**/+VOID+EFIAPI+RsaFree (+ IN VOID *= RsaContext+ )+{+ //+ // Free RSA Context+ //+ ASSERT (FALSE);+}++/**+ = Sets the tag-designated key component into the established RSA context.++ = This function sets the tag-designated RSA key component into the establish= ed+ RSA context from the user-specified non-negative integer (octet string= format+ represented in RSA PKCS#1).+ If BigNumber is NULL, then the spec= ified key component in RSA context is cleared.++ If RsaContext is NULL, th= en return FALSE.++ @param[in, out] RsaContext Pointer to RSA context bei= ng set.+ @param[in] KeyTag Tag of RSA key component being set.+= @param[in] BigNumber Pointer to octet integer buffer.+ = If NULL, then the specified key component in RSA+ = context is cleared.+ @param[in] BnSize = Size of big number buffer in bytes.+ If BigN= umber is NULL, then it is ignored.++ @retval TRUE RSA key component was= set successfully.+ @retval FALSE Invalid RSA key component tag.++**/+BO= OLEAN+EFIAPI+RsaSetKey (+ IN OUT VOID *RsaContext,+ IN RSA_= KEY_TAG KeyTag,+ IN CONST UINT8 *BigNumber,+ IN UINTN = BnSize+ )+{+ ASSERT (FALSE);+ return FALSE;+}++/**+ Verifies the RSA-SS= A signature with EMSA-PKCS1-v1_5 encoding scheme defined in+ RSA PKCS#1.++= If RsaContext is NULL, then return FALSE.+ If MessageHash is NULL, then = return FALSE.+ If Signature is NULL, then return FALSE.+ If HashSize is n= ot equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.++ = @param[in] RsaContext Pointer to RSA context for signature verification= .+ @param[in] MessageHash Pointer to octet message hash to be checked.+ = @param[in] HashSize Size of the message hash in bytes.+ @param[in] = Signature Pointer to RSA PKCS1-v1_5 signature to be verified.+ @param[i= n] SigSize Size of signature in bytes.++ @retval TRUE Valid signa= ture encoded in PKCS1-v1_5.+ @retval FALSE Invalid signature or invalid = RSA context.++**/+BOOLEAN+EFIAPI+RsaPkcs1Verify (+ IN VOID *RsaCo= ntext,+ IN CONST UINT8 *MessageHash,+ IN UINTN HashSize,+ IN = CONST UINT8 *Signature,+ IN UINTN SigSize+ )+{+ ASSERT (FALSE);= + return FALSE;+}diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/Cry= ptRsaExt.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c new file mode 100644 index 0000000000..3cd0f8d8c9 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c @@ -0,0 +1,333 @@ +/** @file+ RSA Asymmetric Cipher Wrapper Implementation over MbedTLS.++ = This file implements following APIs which provide more capabilities for RSA= :+ 1) RsaGetKey+ 2) RsaGenerateKey+ 3) RsaCheckKey+ 4) RsaPkcs1Sign++ = RFC 8017 - PKCS #1: RSA Cryptography Specifications Version 2.2++Copyright = (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifi= er: BSD-2-Clause-Patent++**/++#include "InternalCryptLib.h"+#include ++/**+ Gets the tag-designated RSA key component from the establi= shed RSA context.++ This function retrieves the tag-designated RSA key com= ponent from the+ established RSA context as a non-negative integer (octet = string format+ represented in RSA PKCS#1).+ If specified key component ha= s not been set or has been cleared, then returned+ BnSize is set to 0.+ I= f the BigNumber buffer is too small to hold the contents of the key, FALSE+= is returned and BnSize is set to the required buffer size to obtain the k= ey.++ If RsaContext is NULL, then return FALSE.+ If BnSize is NULL, then = return FALSE.+ If BnSize is large enough but BigNumber is NULL, then retur= n FALSE.++ @param[in, out] RsaContext Pointer to RSA context being set.+= @param[in] KeyTag Tag of RSA key component being set.+ @param= [out] BigNumber Pointer to octet integer buffer.+ @param[in, out] = BnSize On input, the size of big number buffer in bytes.+ = On output, the size of data returned in big number buffer= in bytes.++ @retval TRUE RSA key component was retrieved successfully.= + @retval FALSE Invalid RSA key component tag.+ @retval FALSE BnSize = is too small.++**/+BOOLEAN+EFIAPI+RsaGetKey (+ IN OUT VOID *RsaCo= ntext,+ IN RSA_KEY_TAG KeyTag,+ OUT UINT8 *BigNumber,+ = IN OUT UINTN *BnSize+ )+{+ mbedtls_rsa_context *RsaKey;+ INT32 = Ret;+ mbedtls_mpi Value;+ UINTN Si= ze;++ //+ // Check input parameters.+ //+ if ((RsaContext =3D=3D NULL) = || (*BnSize > INT_MAX)) {+ return FALSE;+ }++ //+ // Init mbedtls_mpi= + //+ mbedtls_mpi_init (&Value);+ Size =3D *BnSize;+ *BnSize =3D 0;+= + RsaKey =3D (mbedtls_rsa_context *)RsaContext;++ switch (KeyTag) {+ c= ase RsaKeyN:+ Ret =3D mbedtls_rsa_export (RsaKey, &Value, NULL, NULL, = NULL, NULL);+ break;+ case RsaKeyE:+ Ret =3D mbedtls_rsa_expor= t (RsaKey, NULL, NULL, NULL, NULL, &Value);+ break;+ case RsaKeyD:+= Ret =3D mbedtls_rsa_export (RsaKey, NULL, NULL, NULL, &Value, NULL);+= break;+ case RsaKeyQ:+ Ret =3D mbedtls_rsa_export (RsaKey, NU= LL, NULL, &Value, NULL, NULL);+ break;+ case RsaKeyP:+ Ret =3D= mbedtls_rsa_export (RsaKey, NULL, &Value, NULL, NULL, NULL);+ break;+= case RsaKeyDp:+ case RsaKeyDq:+ case RsaKeyQInv:+ default:+ = Ret =3D -1;+ break;+ }++ if (Ret !=3D 0) {+ return FALSE;+ }+= + if (!mbedtls_mpi_size (&Value)) {+ Ret =3D 0;+ goto End;+ }++ *B= nSize =3D Size;++ if (Ret =3D=3D 0) {+ Size =3D mbedtls_mpi_size (&Valu= e);+ }++ if (Size =3D=3D 0) {+ Ret =3D 1;+ goto End;+ }++ if (*Bn= Size < Size) {+ Ret =3D 1;+ *BnSize =3D Size;+ goto End;+ }++= if (BigNumber =3D=3D NULL) {+ Ret =3D 0;+ *BnSize =3D Size;+ = goto End;+ }++ if ((BigNumber !=3D NULL) && (Ret =3D=3D 0)) {+ Ret = =3D mbedtls_mpi_write_binary (&Value, BigNumber, Size);+ *BnSize =3D S= ize;+ }++End:+ mbedtls_mpi_free (&Value);+ return Ret =3D=3D 0;+}++/**+ = Generates RSA key components.++ This function generates RSA key component= s. It takes RSA public exponent E and+ length in bits of RSA modulus N as = input, and generates all key components.+ If PublicExponent is NULL, the d= efault RSA public exponent (0x10001) will be used.++ If RsaContext is NULL= , then return FALSE.++ @param[in, out] RsaContext Pointer to RS= A context being set.+ @param[in] ModulusLength Length of RSA = modulus N in bits.+ @param[in] PublicExponent Pointer to RSA p= ublic exponent.+ @param[in] PublicExponentSize Size of RSA public = exponent buffer in bytes.++ @retval TRUE RSA key component was generate= d successfully.+ @retval FALSE Invalid RSA key component tag.++**/+BOOLE= AN+EFIAPI+RsaGenerateKey (+ IN OUT VOID *RsaContext,+ IN UI= NTN ModulusLength,+ IN CONST UINT8 *PublicExponent,+ IN = UINTN PublicExponentSize+ )+{+ INT32 Ret;+ mbedtl= s_rsa_context *Rsa;+ INT32 PE;+ INT32 *Get= PE;++ //+ // Check input parameters.+ //+ if ((RsaContext =3D=3D NULL) = || (ModulusLength > INT_MAX) || (PublicExponentSize > INT_MAX)) {+ retur= n FALSE;+ }++ Ret =3D 0;+ Rsa =3D (mbedtls_rsa_context *)RsaContext;++ = if (PublicExponent =3D=3D NULL) {+ PE =3D 0x10001;+ } else {+ if ((P= ublicExponentSize > (sizeof (INT32) / sizeof (UINT8))) || (PublicExponentSi= ze =3D=3D 0)) {+ return FALSE;+ }++ GetPE =3D (INT32 *)PublicExp= onent;+ PE =3D *GetPE;+ }++ Ret =3D mbedtls_rsa_gen_key (+ = Rsa,+ myrand,+ NULL,+ (UINT32)ModulusLength,+ = PE+ );++ return Ret =3D=3D 0;+}++/**+ Validates key comp= onents of RSA context.+ NOTE: This function performs integrity checks on a= ll the RSA key material, so+ the RSA key structure must contain all = the private key data.++ This function validates key components of RSA cont= ext in following aspects:+ - Whether p is a prime+ - Whether q is a prime= + - Whether n =3D p * q+ - Whether d*e =3D 1 mod lcm(p-1,q-1)++ If RsaC= ontext is NULL, then return FALSE.++ @param[in] RsaContext Pointer to RS= A context to check.++ @retval TRUE RSA key components are valid.+ @ret= val FALSE RSA key components are not valid.++**/+BOOLEAN+EFIAPI+RsaCheckK= ey (+ IN VOID *RsaContext+ )+{+ if (RsaContext =3D=3D NULL) {+ retu= rn FALSE;+ }++ UINT32 Ret;++ Ret =3D mbedtls_rsa_complete (RsaContext);= + if (Ret =3D=3D 0) {+ Ret =3D mbedtls_rsa_check_privkey (RsaContext);+= }++ return Ret =3D=3D 0;+}++/**+ Carries out the RSA-SSA signature gene= ration with EMSA-PKCS1-v1_5 encoding scheme.++ This function carries out t= he RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme define= d in+ RSA PKCS#1.+ If the Signature buffer is too small to hold the conte= nts of signature, FALSE+ is returned and SigSize is set to the required bu= ffer size to obtain the signature.++ If RsaContext is NULL, then return FA= LSE.+ If MessageHash is NULL, then return FALSE.+ If HashSize is not equa= l to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then retur= n FALSE.+ If SigSize is large enough but Signature is NULL, then return FA= LSE.++ @param[in] RsaContext Pointer to RSA context for signature = generation.+ @param[in] MessageHash Pointer to octet message hash t= o be signed.+ @param[in] HashSize Size of the message hash in by= tes.+ @param[out] Signature Pointer to buffer to receive RSA PKCS1= -v1_5 signature.+ @param[in, out] SigSize On input, the size of Sign= ature buffer in bytes.+ On output, the size = of data returned in Signature buffer in bytes.++ @retval TRUE Signature= successfully generated in PKCS1-v1_5.+ @retval FALSE Signature generati= on failed.+ @retval FALSE SigSize is too small.++**/+BOOLEAN+EFIAPI+RsaP= kcs1Sign (+ IN VOID *RsaContext,+ IN CONST UINT8 *Mess= ageHash,+ IN UINTN HashSize,+ OUT UINT8 *Signature= ,+ IN OUT UINTN *SigSize+ )+{+ INT32 Ret;+ mbedtls= _md_type_t md_alg;++ if ((RsaContext =3D=3D NULL) || (MessageHash =3D=3D = NULL)) {+ return FALSE;+ }++ switch (HashSize) {+ case MD5_DIGEST_S= IZE:+ break;++ case SHA1_DIGEST_SIZE:+ md_alg =3D MBEDTLS_MD_S= HA1;+ break;++ case SHA256_DIGEST_SIZE:+ md_alg =3D MBEDTLS_MD= _SHA256;+ break;++ case SHA384_DIGEST_SIZE:+ md_alg =3D MBEDTL= S_MD_SHA384;+ break;++ case SHA512_DIGEST_SIZE:+ md_alg =3D MB= EDTLS_MD_SHA512;+ break;++ default:+ return FALSE;+ }++ if (= mbedtls_rsa_get_len (RsaContext) > *SigSize) {+ *SigSize =3D mbedtls_rsa= _get_len (RsaContext);+ return FALSE;+ }++ mbedtls_rsa_set_padding (Rs= aContext, MBEDTLS_RSA_PKCS_V15, md_alg);++ Ret =3D mbedtls_rsa_pkcs1_sign = (+ RsaContext,+ MbedRand,+ NULL,+ md_al= g,+ (UINT32)HashSize,+ MessageHash,+ Signature+ = );+ if (Ret !=3D 0) {+ return FALSE;+ }++ *SigSize =3D mbedt= ls_rsa_get_len (RsaContext);+ return TRUE;+}diff --git a/CryptoPkg/Library= /BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c b/CryptoPkg/Library/BaseCryptLibM= bedTls/Pk/CryptRsaExtNull.c new file mode 100644 index 0000000000..be810fb8ca --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c @@ -0,0 +1,117 @@ +/** @file+ RSA Asymmetric Cipher Wrapper Implementation over MbedTLS.++ = This file does not provide real capabilities for following APIs in RSA hand= ling:+ 1) RsaGetKey+ 2) RsaGenerateKey+ 3) RsaCheckKey+ 4) RsaPkcs1Sign= ++Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-Lice= nse-Identifier: BSD-2-Clause-Patent++**/++#include "InternalCryptLib.h"++/*= *+ Gets the tag-designated RSA key component from the established RSA cont= ext.++ Return FALSE to indicate this interface is not supported.++ @param= [in, out] RsaContext Pointer to RSA context being set.+ @param[in] = KeyTag Tag of RSA key component being set.+ @param[out] BigNumb= er Pointer to octet integer buffer.+ @param[in, out] BnSize On inp= ut, the size of big number buffer in bytes.+ = On output, the size of data returned in big number buffer in bytes.++ @ret= val FALSE This interface is not supported.++**/+BOOLEAN+EFIAPI+RsaGetKey (= + IN OUT VOID *RsaContext,+ IN RSA_KEY_TAG KeyTag,+ OUT = UINT8 *BigNumber,+ IN OUT UINTN *BnSize+ )+{+ ASSERT (= FALSE);+ return FALSE;+}++/**+ Generates RSA key components.++ Return FA= LSE to indicate this interface is not supported.++ @param[in, out] RsaCon= text Pointer to RSA context being set.+ @param[in] Modulus= Length Length of RSA modulus N in bits.+ @param[in] PublicExp= onent Pointer to RSA public exponent.+ @param[in] PublicExpone= ntSize Size of RSA public exponent buffer in bytes.++ @retval FALSE Thi= s interface is not supported.++**/+BOOLEAN+EFIAPI+RsaGenerateKey (+ IN OUT= VOID *RsaContext,+ IN UINTN ModulusLength,+ IN = CONST UINT8 *PublicExponent,+ IN UINTN PublicExponentSize+ = )+{+ ASSERT (FALSE);+ return FALSE;+}++/**+ Validates key components of = RSA context.++ Return FALSE to indicate this interface is not supported.++= @param[in] RsaContext Pointer to RSA context to check.++ @retval FALSE= This interface is not supported.++**/+BOOLEAN+EFIAPI+RsaCheckKey (+ IN = VOID *RsaContext+ )+{+ ASSERT (FALSE);+ return FALSE;+}++/**+ Carries = out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.+= + Return FALSE to indicate this interface is not supported.++ @param[in] = RsaContext Pointer to RSA context for signature generation.+ @para= m[in] MessageHash Pointer to octet message hash to be signed.+ @par= am[in] HashSize Size of the message hash in bytes.+ @param[out] = Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature.+ = @param[in, out] SigSize On input, the size of Signature buffer in byt= es.+ On output, the size of data returned in= Signature buffer in bytes.++ @retval FALSE This interface is not support= ed.++**/+BOOLEAN+EFIAPI+RsaPkcs1Sign (+ IN VOID *RsaContext,+= IN CONST UINT8 *MessageHash,+ IN UINTN HashSize,+ OUT= UINT8 *Signature,+ IN OUT UINTN *SigSize+ )+{+ ASSER= T (FALSE);+ return FALSE;+}diff --git a/CryptoPkg/Library/BaseCryptLibMbed= Tls/Pk/CryptRsaPss.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss= .c new file mode 100644 index 0000000000..370d0cf7e5 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c @@ -0,0 +1,164 @@ +/** @file+ RSA Asymmetric Cipher Wrapper Implementation over MbedTLS.++ = This file implements following APIs which provide basic capabilities for RS= A:+ 1) RsaPssVerify++Copyright (c) 2023, Intel Corporation. All rights res= erved.
+SPDX-License-Identifier: BSD-2-Clause-Patent++**/++#include "Int= ernalCryptLib.h"+#include ++/**+ Verifies the RSA signature= with RSASSA-PSS signature scheme defined in RFC 8017.+ Implementation det= ermines salt length automatically from the signature encoding.+ Mask gener= ation function is the same as the message digest algorithm.+ Salt length s= hould be equal to digest length.++ @param[in] RsaContext Pointer to = RSA context for signature verification.+ @param[in] Message Point= er to octet message to be verified.+ @param[in] MsgSize Size of t= he message in bytes.+ @param[in] Signature Pointer to RSASSA-PSS si= gnature to be verified.+ @param[in] SigSize Size of signature in = bytes.+ @param[in] DigestLen Length of digest for RSA operation.+ = @param[in] SaltLen Salt length for PSS encoding.++ @retval TRUE = Valid signature encoded in RSASSA-PSS.+ @retval FALSE Invalid signatur= e or invalid RSA context.++**/+BOOLEAN+EFIAPI+RsaPssVerify (+ IN VOID = *RsaContext,+ IN CONST UINT8 *Message,+ IN UINTN MsgSize,+= IN CONST UINT8 *Signature,+ IN UINTN SigSize,+ IN UINT16 = DigestLen,+ IN UINT16 SaltLen+ )+{+ INT32 Ret;+ = mbedtls_md_type_t md_alg;+ UINT8 HashValue[SHA512_DIGEST_SIZ= E];+ BOOLEAN Status;+ UINTN ShaCtxSize;+ VOID = *ShaCtx;++ if (RsaContext =3D=3D NULL) {+ return FALSE;+ }= ++ if ((Message =3D=3D NULL) || (MsgSize =3D=3D 0) || (MsgSize > INT_MAX))= {+ return FALSE;+ }++ if (SaltLen !=3D DigestLen) {+ return FALSE;= + }++ if ((Signature =3D=3D NULL) || (SigSize =3D=3D 0) || (SigSize > INT= _MAX)) {+ return FALSE;+ }++ ZeroMem (HashValue, DigestLen);++ switch= (DigestLen) {+ case SHA256_DIGEST_SIZE:+ md_alg =3D MBEDTLS_MD= _SHA256;+ ShaCtxSize =3D Sha256GetContextSize ();+ ShaCtx =3D= AllocatePool (ShaCtxSize);++ Status =3D Sha256Init (ShaCtx);+ if= (!Status) {+ return FALSE;+ }++ Status =3D Sha256Update (= ShaCtx, Message, MsgSize);+ if (!Status) {+ FreePool (ShaCtx);+= return FALSE;+ }++ Status =3D Sha256Final (ShaCtx, HashVa= lue);+ if (!Status) {+ FreePool (ShaCtx);+ return FALSE;= + }++ FreePool (ShaCtx);+ break;++ case SHA384_DIGEST_SIZ= E:+ md_alg =3D MBEDTLS_MD_SHA384;+ ShaCtxSize =3D Sha384GetCo= ntextSize ();+ ShaCtx =3D AllocatePool (ShaCtxSize);++ Status= =3D Sha384Init (ShaCtx);+ if (!Status) {+ return FALSE;+ = }++ Status =3D Sha384Update (ShaCtx, Message, MsgSize);+ if (!Sta= tus) {+ FreePool (ShaCtx);+ return FALSE;+ }++ Stat= us =3D Sha384Final (ShaCtx, HashValue);+ if (!Status) {+ FreePo= ol (ShaCtx);+ return FALSE;+ }++ FreePool (ShaCtx);+ = break;++ case SHA512_DIGEST_SIZE:+ md_alg =3D MBEDTLS_MD_SHA512= ;+ ShaCtxSize =3D Sha512GetContextSize ();+ ShaCtx =3D Alloca= tePool (ShaCtxSize);++ Status =3D Sha512Init (ShaCtx);+ if (!Stat= us) {+ return FALSE;+ }++ Status =3D Sha512Update (ShaCtx,= Message, MsgSize);+ if (!Status) {+ FreePool (ShaCtx);+ = return FALSE;+ }++ Status =3D Sha512Final (ShaCtx, HashValue);+ = if (!Status) {+ FreePool (ShaCtx);+ return FALSE;+ = }++ FreePool (ShaCtx);+ break;++ default:+ return FALSE;+= }++ mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V21, md_alg);+= + Ret =3D mbedtls_rsa_rsassa_pss_verify (+ RsaContext,+ = md_alg,+ (UINT32)DigestLen,+ HashValue,+ Signatu= re+ );+ if (Ret !=3D 0) {+ return FALSE;+ }++ return TRUE;+}= diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c b/C= ryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c new file mode 100644 index 0000000000..75ad71a922 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c @@ -0,0 +1,46 @@ +/** @file+ RSA-PSS Asymmetric Cipher Wrapper Implementation over MbedTLS.= ++ This file does not provide real capabilities for following APIs in RSA = handling:+ 1) RsaPssVerify++Copyright (c) 2023, Intel Corporation. All rig= hts reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent++**/++#inclu= de "InternalCryptLib.h"++/**+ Verifies the RSA signature with RSASSA-PSS s= ignature scheme defined in RFC 8017.+ Implementation determines salt lengt= h automatically from the signature encoding.+ Mask generation function is = the same as the message digest algorithm.+ Salt length should be equal to = digest length.++ @param[in] RsaContext Pointer to RSA context for si= gnature verification.+ @param[in] Message Pointer to octet messag= e to be verified.+ @param[in] MsgSize Size of the message in byte= s.+ @param[in] Signature Pointer to RSASSA-PSS signature to be veri= fied.+ @param[in] SigSize Size of signature in bytes.+ @param[in= ] DigestLen Length of digest for RSA operation.+ @param[in] SaltLe= n Salt length for PSS encoding.++ @retval TRUE Valid signature = encoded in RSASSA-PSS.+ @retval FALSE Invalid signature or invalid RSA c= ontext.++**/+BOOLEAN+EFIAPI+RsaPssVerify (+ IN VOID *RsaContext,+= IN CONST UINT8 *Message,+ IN UINTN MsgSize,+ IN CONST UINT8 = *Signature,+ IN UINTN SigSize,+ IN UINT16 DigestLen,+ IN= UINT16 SaltLen+ )+{+ ASSERT (FALSE);+ return FALSE;+}diff --git = a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c b/CryptoPkg/Li= brary/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c new file mode 100644 index 0000000000..db7bac5676 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c @@ -0,0 +1,231 @@ +/** @file+ RSA PSS Asymmetric Cipher Wrapper Implementation over MbedTLS.= ++ This file implements following APIs which provide basic capabilities fo= r RSA:+ 1) RsaPssSign++Copyright (c) 2023, Intel Corporation. All rights r= eserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent++**/++#include "I= nternalCryptLib.h"+#include +#include ++/*= *+ The MbedTLS function f_rng, which MbedRand implements, is not+ documen= ted well.++ @param[in] RngState RngState.+ @param[in] Output= Output.+ @param[in] Len Len.++ @retval 0 = success.+ @retval non-zero failed.++**/+INT32+MbedRand (+ VOID= *RngState,+ UINT8 *Output,+ UINTN Len+ )+{+ BOOLEAN Ret;+ UINT64= TempRand;++ Ret =3D FALSE;++ while (Len > 0) {+ // Use RngLib to ge= t random number+ Ret =3D GetRandomNumber64 (&TempRand);++ if (!Ret) {= + return Ret;+ }++ if (Len >=3D sizeof (TempRand)) {+ *((UI= NT64 *)Output) =3D TempRand;+ Output +=3D sizeof (UINT64);= + Len -=3D sizeof (TempRand);+ } else {+ CopyMe= m (Output, &TempRand, Len);+ Len =3D 0;+ }+ }++ return 0;+}++/**+= Carries out the RSA-SSA signature generation with EMSA-PSS encoding schem= e.++ This function carries out the RSA-SSA signature generation with EMSA-= PSS encoding scheme defined in+ RFC 8017.+ Mask generation function is th= e same as the message digest algorithm.+ If the Signature buffer is too sm= all to hold the contents of signature, FALSE+ is returned and SigSize is s= et to the required buffer size to obtain the signature.++ If RsaContext is= NULL, then return FALSE.+ If Message is NULL, then return FALSE.+ If Msg= Size is zero or > INT_MAX, then return FALSE.+ If DigestLen is NOT 32, 48 = or 64, return FALSE.+ If SaltLen is not equal to DigestLen, then return FA= LSE.+ If SigSize is large enough but Signature is NULL, then return FALSE.= + If this interface is not supported, then return FALSE.++ @param[in] = RsaContext Pointer to RSA context for signature generation.+ @param[in= ] Message Pointer to octet message to be signed.+ @param[in] = MsgSize Size of the message in bytes.+ @param[in] DigestLen = Length of the digest in bytes to be used for RSA signature operation.+ @p= aram[in] SaltLen Length of the salt in bytes to be used for PSS e= ncoding.+ @param[out] Signature Pointer to buffer to receive RSA PS= S signature.+ @param[in, out] SigSize On input, the size of Signature= buffer in bytes.+ On output, the size of dat= a returned in Signature buffer in bytes.++ @retval TRUE Signature succe= ssfully generated in RSASSA-PSS.+ @retval FALSE Signature generation fai= led.+ @retval FALSE SigSize is too small.+ @retval FALSE This interfa= ce is not supported.++**/+BOOLEAN+EFIAPI+RsaPssSign (+ IN VOID = *RsaContext,+ IN CONST UINT8 *Message,+ IN UINTN MsgS= ize,+ IN UINT16 DigestLen,+ IN UINT16 SaltLen,+ OU= T UINT8 *Signature,+ IN OUT UINTN *SigSize+ )+{+ INT3= 2 Ret;+ mbedtls_md_type_t md_alg;+ UINT8 HashV= alue[SHA512_DIGEST_SIZE];+ BOOLEAN Status;+ UINTN = ShaCtxSize;+ VOID *ShaCtx;++ if (RsaContext =3D=3D NULL) {= + return FALSE;+ }++ if ((Message =3D=3D NULL) || (MsgSize =3D=3D 0) |= | (MsgSize > INT_MAX)) {+ return FALSE;+ }++ if (SaltLen !=3D DigestLe= n) {+ return FALSE;+ }++ ZeroMem (HashValue, DigestLen);++ switch (Di= gestLen) {+ case SHA256_DIGEST_SIZE:+ md_alg =3D MBEDTLS_MD_SHA= 256;+ ShaCtxSize =3D Sha256GetContextSize ();+ ShaCtx =3D All= ocatePool (ShaCtxSize);++ Status =3D Sha256Init (ShaCtx);+ if (!S= tatus) {+ return FALSE;+ }++ Status =3D Sha256Update (ShaC= tx, Message, MsgSize);+ if (!Status) {+ FreePool (ShaCtx);+ = return FALSE;+ }++ Status =3D Sha256Final (ShaCtx, HashValue)= ;+ if (!Status) {+ FreePool (ShaCtx);+ return FALSE;+ = }++ FreePool (ShaCtx);+ break;++ case SHA384_DIGEST_SIZE:+ = md_alg =3D MBEDTLS_MD_SHA384;+ ShaCtxSize =3D Sha384GetContex= tSize ();+ ShaCtx =3D AllocatePool (ShaCtxSize);++ Status =3D= Sha384Init (ShaCtx);+ if (!Status) {+ return FALSE;+ }++ = Status =3D Sha384Update (ShaCtx, Message, MsgSize);+ if (!Status)= {+ FreePool (ShaCtx);+ return FALSE;+ }++ Status = =3D Sha384Final (ShaCtx, HashValue);+ if (!Status) {+ FreePool = (ShaCtx);+ return FALSE;+ }++ FreePool (ShaCtx);+ bre= ak;++ case SHA512_DIGEST_SIZE:+ md_alg =3D MBEDTLS_MD_SHA512;+ = ShaCtxSize =3D Sha512GetContextSize ();+ ShaCtx =3D AllocateP= ool (ShaCtxSize);++ Status =3D Sha512Init (ShaCtx);+ if (!Status)= {+ return FALSE;+ }++ Status =3D Sha512Update (ShaCtx, Me= ssage, MsgSize);+ if (!Status) {+ FreePool (ShaCtx);+ re= turn FALSE;+ }++ Status =3D Sha512Final (ShaCtx, HashValue);+ = if (!Status) {+ FreePool (ShaCtx);+ return FALSE;+ }++= FreePool (ShaCtx);+ break;++ default:+ return FALSE;+ }= ++ if (Signature =3D=3D NULL) {+ //+ // If Signature is NULL, return= safe SignatureSize+ //+ *SigSize =3D MBEDTLS_MPI_MAX_SIZE;+ retur= n FALSE;+ }++ mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V21, = md_alg);++ Ret =3D mbedtls_rsa_rsassa_pss_sign (+ RsaContext,+ = MbedRand,+ NULL,+ md_alg,+ (UINT32)Digest= Len,+ HashValue,+ Signature+ );+ if (Ret !=3D 0= ) {+ return FALSE;+ }++ *SigSize =3D ((mbedtls_rsa_context *)RsaContex= t)->len;+ return TRUE;+}diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls= /Pk/CryptRsaPssSignNull.c b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptR= saPssSignNull.c new file mode 100644 index 0000000000..10687bd38e --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSignNull.c @@ -0,0 +1,60 @@ +/** @file+ RSA-PSS Asymmetric Cipher Wrapper Implementation over MbedTLS.= ++ This file does not provide real capabilities for following APIs in RSA = handling:+ 1) RsaPssSign++Copyright (c) 2023, Intel Corporation. All right= s reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent++**/++#include= "InternalCryptLib.h"++/**+ Carries out the RSA-SSA signature generation w= ith EMSA-PSS encoding scheme.++ This function carries out the RSA-SSA sign= ature generation with EMSA-PSS encoding scheme defined in+ RFC 8017.+ Mas= k generation function is the same as the message digest algorithm.+ If the= Signature buffer is too small to hold the contents of signature, FALSE+ i= s returned and SigSize is set to the required buffer size to obtain the sig= nature.++ If RsaContext is NULL, then return FALSE.+ If Message is NULL, = then return FALSE.+ If MsgSize is zero or > INT_MAX, then return FALSE.+ = If DigestLen is NOT 32, 48 or 64, return FALSE.+ If SaltLen is not equal t= o DigestLen, then return FALSE.+ If SigSize is large enough but Signature = is NULL, then return FALSE.+ If this interface is not supported, then retu= rn FALSE.++ @param[in] RsaContext Pointer to RSA context for signat= ure generation.+ @param[in] Message Pointer to octet message to = be signed.+ @param[in] MsgSize Size of the message in bytes.+ @= param[in] DigestLen Length of the digest in bytes to be used for RS= A signature operation.+ @param[in] SaltLen Length of the salt in= bytes to be used for PSS encoding.+ @param[out] Signature Pointer = to buffer to receive RSA PSS signature.+ @param[in, out] SigSize On i= nput, the size of Signature buffer in bytes.+ = On output, the size of data returned in Signature buffer in bytes.++ @ret= val TRUE Signature successfully generated in RSASSA-PSS.+ @retval FALS= E Signature generation failed.+ @retval FALSE SigSize is too small.+ @= retval FALSE This interface is not supported.++**/+BOOLEAN+EFIAPI+RsaPssS= ign (+ IN VOID *RsaContext,+ IN CONST UINT8 *Message,+= IN UINTN MsgSize,+ IN UINT16 DigestLen,+ IN = UINT16 SaltLen,+ OUT UINT8 *Signature,+ IN OUT UINTN = *SigSize+ )+{+ ASSERT (FALSE);+ return FALSE;+}diff --git a/Crypto= Pkg/Test/UnitTest/Library/BaseCryptLib/RsaTests.c b/CryptoPkg/Test/UnitTest= /Library/BaseCryptLib/RsaTests.c index 3f06e89b3c..70fd4aa64b 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/RsaTests.c +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/RsaTests.c @@ -194,6 +194,7 @@ TestVerifyRsaGenerateKeyComponents ( BOOLEAN Status; UINTN KeySize; UINT8 *KeyBuffer;+ UINT8 T= estPublicExponent[] =3D { 0x01, 0x00, 0x01 }; // // Generate RSA Key C= omponents@@ -202,6 +203,9 @@ TestVerifyRsaGenerateKeyComponents ( Status =3D RsaGenerateKey (mRsa, RSA_MODULUS_LENGTH, NULL, 0); UT_ASSE= RT_TRUE (Status); + Status =3D RsaGenerateKey (mRsa, RSA_MODULUS_LENGTH, T= estPublicExponent, sizeof (TestPublicExponent));+ UT_ASSERT_TRUE (Status);= + KeySize =3D RSA_MODULUS_LENGTH / 8; KeyBuffer =3D AllocatePool (Key= Size); Status =3D RsaGetKey (mRsa, RsaKeyE, KeyBuffer, &KeySize);--=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108254): https://edk2.groups.io/g/devel/message/108254 Mute This Topic: https://groups.io/mt/101114029/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-