From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 483CC74003D for ; Tue, 26 Mar 2024 05:07:47 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=lH4WJxvyQNbX8yedf64xxbcJIto+n65L26YPP9XFd3Q=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:msip_labels:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1711429665; v=1; b=BTyflMx363ZKsr0Hja2ItA5gYxbQh8NqcdbuLiplOq+j1UCzHvUAR0UGFIwisVr0inOcyzvK na+cPHSV7WUvr6n+ztoO+KUG5ZzmuHdWDnoRWVsOx6MqpTVh/UI6Yrt3zgouG+Ya/OiPaNiOQsb F2+GNZDnd/L8tpJvEj4gExXmOGWa54sW/iSl34FCZunegBP2VplnOsw+9o17l69tFvpNq7yS/1H FULK2WE3brZgOoO8YZeVPJ92xupHPdYgWKJIRiJMvLvYXcC3Sn1gHXjIZ+k0+7o7qHjhKHJQiX3 7lF4RyUg3BeAYmNiGV+/anMMCRVErgo2NjfBTRdBfVimA== X-Received: by 127.0.0.2 with SMTP id MsDiYY7687511xyA8yrNn8Vk; Mon, 25 Mar 2024 22:07:45 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.21]) by mx.groups.io with SMTP id smtpd.web10.1221.1711429664759861487 for ; Mon, 25 Mar 2024 22:07:44 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,11024"; a="6398723" X-IronPort-AV: E=Sophos;i="6.07,155,1708416000"; d="scan'208";a="6398723" X-Received: from fmviesa008.fm.intel.com ([10.60.135.148]) by orvoesa113.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Mar 2024 22:07:44 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,155,1708416000"; d="scan'208";a="15933431" X-Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by fmviesa008.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 25 Mar 2024 22:07:43 -0700 X-Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 25 Mar 2024 22:07:43 -0700 X-Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Mon, 25 Mar 2024 22:07:43 -0700 X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.100) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Mon, 25 Mar 2024 22:07:42 -0700 X-Received: from SJ1PR11MB6227.namprd11.prod.outlook.com (2603:10b6:a03:45a::10) by SJ0PR11MB8296.namprd11.prod.outlook.com (2603:10b6:a03:47a::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.16; Tue, 26 Mar 2024 05:07:40 +0000 X-Received: from SJ1PR11MB6227.namprd11.prod.outlook.com ([fe80::301:5dbd:207b:5578]) by SJ1PR11MB6227.namprd11.prod.outlook.com ([fe80::301:5dbd:207b:5578%4]) with mapi id 15.20.7409.028; Tue, 26 Mar 2024 05:07:40 +0000 From: "Li, Yi" To: Chris Ruffin , "devel@edk2.groups.io" CC: Chris Ruffin , "Yao, Jiewen" , "Hou, Wenxing" Subject: Re: [edk2-devel] [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP crypto functions Thread-Topic: [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP crypto functions Thread-Index: AQHaeX6gT+viUy0hk0GIjqPZ2Zh/B7E+aMVwgACx+7CAClew4A== Date: Tue, 26 Mar 2024 05:07:40 +0000 Message-ID: References: <20240318215205.1339-1-cruffin@millcore.com> In-Reply-To: Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_73aac80e-31e9-4bda-92c5-bc27b36bb502_ActionId=84f622f8-ffd5-4cbe-8237-fd7bfd7a5aea;MSIP_Label_73aac80e-31e9-4bda-92c5-bc27b36bb502_ContentBits=0;MSIP_Label_73aac80e-31e9-4bda-92c5-bc27b36bb502_Enabled=true;MSIP_Label_73aac80e-31e9-4bda-92c5-bc27b36bb502_Method=Standard;MSIP_Label_73aac80e-31e9-4bda-92c5-bc27b36bb502_Name=General;MSIP_Label_73aac80e-31e9-4bda-92c5-bc27b36bb502_SetDate=2024-03-19T14:08:09Z;MSIP_Label_73aac80e-31e9-4bda-92c5-bc27b36bb502_SiteId=5f93c592-e942-4789-9a70-e76f4ce01a80; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SJ1PR11MB6227:EE_|SJ0PR11MB8296:EE_ x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: mdhcFQHYCzWOceU6/HBsLjUxD8m2lgZslIH+sOH1OLkvquowiFTiSs3NP7oy6ezFfAJvzVJMNHTu1rqixixvgAGzIZisIolKPwN1XPZpx2QXgn/O3NWCyoKa72F/Pp5e8obgvQsJrXS1YjGtawF6euBt1LBLjB4C87HLVnqwcA/UjgLE969Oeuk8gyU3giG+tvSOyy8dfWi+D7FUMhoSRVxF3I2RGFUtBkMP15FcxDph+JT1jswvkraK9DRYftM5F/aDH3ainzys6V0iyRDn4qOh142Ca9QwQZECgNkWv7x7OcQZrxrCrxf0ZW0iZ6aTzzyl3cAvX0q5bScChZqgGloMK7kNL1nngcyEgW11OPRXsVmJ3ffgdSsVwLMPdqAeBcSXCntbRq5YwEYuBQ9MfDXtgAjDLANNpo6c8BCY5TFoJSvfZLakyMo8IwJ/nmhWMy/ZzXF7+OW1KhAHhVW1tJptJEBoYS5QbxOjZws3qQVH5zlpmaaQ12XfFZKERPlar4Pd4SEiR14gwxDG++9dfQ6l2Pjbf0RgiQ8wmlIwiCo0DCN6CdjfZesql3mlu/LBW7+P3aWda87le6w9Wx0fjCT9c5a454DoD6ZrO2yIjWYE24SbaUbOU5ADNUl+dZZQ x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?vIDX3DR0zAhWdf+Qk1Lqsfhd7bqu5rIzRlob8cy/aMBO4DwN9OMzAqEZHt/c?= =?us-ascii?Q?0rVhUuZOQgfjiHnTGcHauuBi3YbB2rsF7oaCbSHyrP6taIP2ueJ/TMut5fKW?= =?us-ascii?Q?fhpnrjrprEJRhThZyt7/stgoYO0vZDSRniBuSLq/MPn03bkoCtrYdeAqBFYA?= =?us-ascii?Q?s/sLayGS38mHp9k/kuzgxMCOL3hghJGD0ioNKMZW8fdsUN/hZ3bF0e45MSCc?= =?us-ascii?Q?G/Fnva3PM6j8X32rchtKS6KSJ4FFyELl4XbT57o2tOHgvr5oRmRVe42gQNEZ?= =?us-ascii?Q?z/ol7ArVkBoF9gEFoG1iZ+guNMZFTh19tQlr8NiTevtcFZW1PUybU03tqYIj?= =?us-ascii?Q?+38JvnFKne32CAsGF/q9Mjk5pmN8mVkoRr2AYEL5egfs4P4Wh7+v6jt5gJSG?= =?us-ascii?Q?xwe6G3YsTGaM2H5rbylmON3UIMw0jJheCkiggNNAhxRvfcDv8JqIrb5Hr3w3?= =?us-ascii?Q?o9eCMi//xDFyvlmi8B+57kodMBOFsECG/MN+UQbOyAFKqTnedJQlfCqhbun+?= =?us-ascii?Q?L1HTsTVWfpHBXaREUGmvqGQcqlQJN7PDDdZRmMMZWKBG9IQXJbXckhGGeY6T?= =?us-ascii?Q?TejwqmitbOnCPSr1Pg91cDltYY2mIZtIKNBfP9wbOH+U8bTsKYv2RQvnkPww?= =?us-ascii?Q?tjgB+uertBZUyCXETOjotSOhLS4L6FR3hPKnCo5ABM9DLc8OHERc0i/hSALh?= =?us-ascii?Q?V4oDi2vtahSvqopoq3G/VaTdPqJet9qS7zRgPMVmGycaIKcumHpO0WS8g6MR?= =?us-ascii?Q?9LYC3gWQng6tynxoPhMybpkWu1hE0Kkl4kDpWz+YWyrllDSC77TKIbEjXXfv?= =?us-ascii?Q?r4jT9Y0bYgZ5NIvSV1j2fo0AK2OY7hVjaBt/j/SSrErliOtfe5FO0/raFZfm?= =?us-ascii?Q?MHOSje6ebEgIMVMqL0zP775+9iPG8lwpo2ITLUfaz8HyM1G87Qrdtyi5x0vd?= =?us-ascii?Q?M109/aEtFkbOHNB9aHGgTP5NJ2YOVc0XJ6Ol7lSHIUcv90tyJ5T7aMIo9HFc?= =?us-ascii?Q?JLPXbRMwEAAB5pQzeCi8yPyrGaA9hGH5GLrrzCbqK3kJLCcRLgE4r21vVcfG?= =?us-ascii?Q?c3GhJkjjEt+OPTOpBGzsoUpO1aXty+Mj9+YGn22u5bJM5LMxQwFs7LtLJf9h?= =?us-ascii?Q?17uX4oMM5YWwFxBrzLmp0t9TuWCEPdF66et7I/uF5Oa8nPmNXNPOqzJwk3MB?= =?us-ascii?Q?Cs5BaRddjfszK2+Rnn/vlCxVw4FBC5Jism0Bk/KIWF3zqQ5EVu05m0FWKsHV?= =?us-ascii?Q?JH0BNaT2ERHbycT5T55fRMzqW4vGvd5wsJJizJfAuIluC+CVfBcfrnLh5HBI?= =?us-ascii?Q?fp2qyxvJwKyhW4tOdDADY8IjZpaW4ul1xz/o/GegXqF5DoZ7GcxuGmrDHWrs?= =?us-ascii?Q?UnZ/TkdDUb1ypX3iVfl7IulLlW3nsdKSkY9xAb0ELlcynKHkrqZY+XTpSheL?= =?us-ascii?Q?jlk1J4ndUJ5VV6aU0xLaBwHqIhNvwVpaaRpTob7w0svC9Gp7HFVOPoNByycJ?= =?us-ascii?Q?U14aq5g44XUtz87/C/EvDUwmEm0W//1jveo8Q2MNuDbBFa/qmV7/JRuJ4S1k?= =?us-ascii?Q?X1NLHigDhZhqFDJa53A=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SJ1PR11MB6227.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9628d251-bb3e-4b23-a480-08dc4d52a998 X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Mar 2024 05:07:40.7517 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 07IHxu5joexLTnJlv5mAjHM+rmzTerRt0nie9yeiUAu4KdQQKEhyy6oC5l8N173wOCTLUBTvWIRll99wS58mRQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB8296 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Mon, 25 Mar 2024 22:07:45 -0700 Reply-To: devel@edk2.groups.io,yi1.li@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: s0Tiwk10dPXfvnwPZJ0POyN9x7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=BTyflMx3; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Hi Chris, 1. Add BZ link to commit message, 2. Add null implementation of new APIs to BaseCryptLibMbedTls to avoid buil= d error. For other comments please check the PR: https://github.com/tianocore/edk2/p= ull/5473 Regards, Yi -----Original Message----- From: Chris Ruffin =20 Sent: Tuesday, March 19, 2024 10:16 PM To: Li, Yi1 ; devel@edk2.groups.io Cc: Chris Ruffin ; Yao, Jiewen ; Hou, Wenxing Subject: RE: [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP = crypto functions Hi Yi, thanks for your email. I created a Bugzilla ticket for this, see B= ugzilla ID #4732: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4732. T= he Pkcs1v2Encrypt() API is maintained but the implementation is refactored.= There is currently no Pkcs1v2Decrypt(), this is also a newly implemented = API but the converse of Pkcs1v2Encypt(). Pkcs1v2Encrypt() (existing) and P= kcs1v2Decrypt() (new) both take they keys from DER-encoded certificates/key= s. RsaOaepEncrypt() and RsaOaepDecrypt() both take keys from RsaContext. = The internal functions use a common ENV_PKEY. More from the Bugzilla: BasecryptLib currently only provides RSAES-OAEP encryption capability with = Pkcs1v2Encrypt() which takes as input a DER encoded x.509 certificate. A D= XE application which needs access to RSAES-OAEP encryption and decryption c= apabilities currently only has the option of statically linking OpensslLib = and using functions such as RSA_public_encrypt() and RSA_private_decrypt().= These applications would benefit from an expanded access to RSAES-OAEP en= cryption / decryption capability in BaseCryptLib so that the shared crypto = driver can be used and the applciation can be migrated away from RSA_public= _decrypt() and RSA_private_decrypt() which are deprecated in Openssl 3. There is the following challenges with migrating to BaseCryptLib interfaces= : 1) BaseCryptLib Pkcs1v2Encrypt() requires the use of an X.509 DER-encoded = certificate to pass the public key. This interface is dissimilar from the = rest of the RSA APIs in BasecryptLib. Applications that have used other RS= A APIs from BaseCryptLib for key generation and management such as RsaGener= ateKey() and RsaSetKey() will not have such a structure available. 2) BaseCryptLib currently exposes no decryption capability. This feature provides an easy migration path for drivers/applications which= need access to RSAES-OAEP encryption / decryption and that are currently u= sing an RsaContext structure to pass key components to OpensslLib. These ap= plications can be easily migrated to one of the new APIs to remove the dire= ct dependency on OpensslLib, migrate away from deprecated interfaces, take = advantage of CryptoPkg/Driver, and get BasecryptLib access to RSAES-OAEP de= cryption. Key changes proposed: InternalPkcs1v2Encrypt(): New internal-only function created from refactori= ng of Pkcs1v2Encrypt(). Takes key input from an ENV_PKEY and is used by bo= th public functions Pkcs1v2Encrypt() and RsaOaepEncrypt(). Pkcs1v2Encrypt(): has been refactored to create InternalPkcs1v2Encrypt() bu= t the public interface is maintained. RsaOaepEncrypt(): New function takes key input from an RsaContext, creates = an ENV_PKEY, and calls InternalPkcs1v2Encrypt() InternalPkcs1v2Decrypt(): New internal-only function InternalPkcs1v2Decrypt= () takes key input from an ENV_PKEY and provides the RSAES-OAEP decryption = capability to Pkcs1v2Decrypt() and RsaOaepDecrypt(). Pkcs1v2Decrypt(): New public function Pkcs1v2Decrypt() takes a DER-encoded = private key, creates an ENV_PKEY, and calls InternalPkcs1v2Decrypt() RsaOaepDecrypt(): New public function RsaOaepDecrypt() takes a pointer to R= saContext, creates an ENV_PKEY, and calls InternalPkcs1v2Decrypt() Thanks, Chris -----Original Message----- From: Li, Yi1 =20 Sent: Monday, March 18, 2024 11:52 PM To: Chris Ruffin ; devel@edk2.groups.io Cc: Chris Ruffin ; Yao, Jiewen ; Hou, Wenxing Subject: RE: [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP = crypto functions [You don't often get email from yi1.li@intel.com. Learn why this is importa= nt at https://aka.ms/LearnAboutSenderIdentification ] Hi Chris, 1. Please create a feature request BugZilla to introduce the background of = the new API, such as purpose and application scenarios. 2. I took a quick look, the new API will make Pkcs1v2De/Encrypt support Rsa= Context input and the rest is same as old API right? Regards, Yi -----Original Message----- From: Chris Ruffin Sent: Tuesday, March 19, 2024 5:52 AM To: devel@edk2.groups.io Cc: Chris Ruffin ; Yao, Jiewen ; Li, Yi1 ; Hou, Wenxing Subject: [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP cryp= to functions From: Chris Ruffin Expand the availability of the RSAEP-OAEP crypto capability in BaseCryptLib= . Applications using RSA crypto functions directly from OpensslLib can tra= nsition to BaseCryptLib to take advantage of the shared crypto feature in C= ryptoDxe. Pkcs1v2Decrypt(): decryption using DER-encoded private key RsaOaepEncrypt(): encryption using RSA contexts RsaOaepDecrypt(): decryption using RSA contexts Signed-off-by: Chris Ruffin Cc: Jiewen Yao Cc: Yi Li Cc: Wenxing Hou --- CryptoPkg/Include/Library/BaseCryptLib.h | 102 ++++ .../Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c | 506 ++++++++++++++++-- .../BaseCryptLib/Pk/CryptPkcs1OaepNull.c | 114 ++++ .../BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c | 114 ++++ 4 files changed, 789 insertions(+), 47 deletions(-) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/L= ibrary/BaseCryptLib.h index a52bd91ad6..7ad2bf21fe 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -2147,6 +2147,108 @@ Pkcs1v2Encrypt ( OUT UINTN *EncryptedDataSize ); +/**+ Encrypts a blob using P= KCS1v2 (RSAES-OAEP) schema. On success, will return the+ encrypted message= in a newly allocated buffer.++ Things that can cause a failure include:+ = - X509 key size does not match any known key size.+ - Fail to allocate an= intermediate buffer.+ - Null pointer provided for a non-optional paramete= r.+ - Data size is too large for the provided key size (max size is a func= tion of key size+ and hash digest size).++ @param[in] RsaContext = A pointer to an RSA context created by RsaNew() and+ = provisioned with a public key using RsaSetKey().+ @param[in= ] InData Data to be encrypted.+ @param[in] InDataSize = Size of the data buffer.+ @param[in] PrngSeed [Optional] I= f provided, a pointer to a random seed buffer+ = to be used when initializing the PRNG. NULL otherwise.+ @param[in] P= rngSeedSize [Optional] If provided, size of the random seed buffer.+= 0 otherwise.+ @param[out] EncryptedData = Pointer to an allocated buffer containing the encrypted+ = message.+ @param[out] EncryptedDataSize Size of the= encrypted message buffer.++ @retval TRUE Encryption wa= s successful.+ @retval FALSE Encryption failed.++**/+BOO= LEAN+EFIAPI+RsaOaepEncrypt (+ IN VOID *RsaContext,+ IN UINT8 = *InData,+ IN UINTN InDataSize,+ IN CONST UINT8 *PrngSe= ed OPTIONAL,+ IN UINTN PrngSeedSize OPTIONAL,+ OUT UINT8 = **EncryptedData,+ OUT UINTN *EncryptedDataSize+ );++/**+ De= crypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return th= e+ decrypted message in a newly allocated buffer.++ Things that can cause= a failure include:+ - Fail to parse private key.+ - Fail to allocate an = intermediate buffer.+ - Null pointer provided for a non-optional parameter= .++ @param[in] PrivateKey A pointer to the DER-encoded private k= ey.+ @param[in] PrivateKeySize Size of the private key buffer.+ @pa= ram[in] EncryptedData Data to be decrypted.+ @param[in] EncryptedD= ataSize Size of the encrypted buffer.+ @param[out] OutData P= ointer to an allocated buffer containing the encrypted+ = message.+ @param[out] OutDataSize Size of the encryp= ted message buffer.++ @retval TRUE Encryption was succe= ssful.+ @retval FALSE Encryption failed.++**/+BOOLEAN+EF= IAPI+Pkcs1v2Decrypt (+ IN CONST UINT8 *PrivateKey,+ IN UINTN = PrivateKeySize,+ IN UINT8 *EncryptedData,+ IN UINTN Enc= ryptedDataSize,+ OUT UINT8 **OutData,+ OUT UINTN *OutData= Size+ );++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On succ= ess, will return the+ decrypted message in a newly allocated buffer.++ Th= ings that can cause a failure include:+ - Fail to parse private key.+ - F= ail to allocate an intermediate buffer.+ - Null pointer provided for a non= -optional parameter.++ @param[in] RsaContext A pointer to an RSA= context created by RsaNew() and+ provisio= ned with a private key using RsaSetKey().+ @param[in] EncryptedData = Data to be decrypted.+ @param[in] EncryptedDataSize Size of the encryp= ted buffer.+ @param[out] OutData Pointer to an allocated buffe= r containing the encrypted+ message.+ @pa= ram[out] OutDataSize Size of the encrypted message buffer.++ @retv= al TRUE Encryption was successful.+ @retval FALSE = Encryption failed.++**/+BOOLEAN+EFIAPI+RsaOaepDecrypt (+ IN = VOID *RsaContext,+ IN UINT8 *EncryptedData,+ IN UINTN EncryptedD= ataSize,+ OUT UINT8 **OutData,+ OUT UINTN *OutDataSize+ );+ /** Th= e 3rd parameter of Pkcs7GetSigners will return all embedded X.509 certifi= cate in one given PKCS7 signature. The format is:diff --git a/CryptoPkg/Lib= rary/BaseCryptLib/Pk/CryptPkcs1Oaep.c b/CryptoPkg/Library/BaseCryptLib/Pk/C= ryptPkcs1Oaep.c index ea43c1381c..00e904dd6c 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c @@ -26,9 +26,8 @@ - Data size is too large for the provided key size (max size is a functi= on of key size and hash digest size). - @param[in] PublicKey = A pointer to the DER-encoded X509 certificate that+ @param[in] Pkey = A pointer to an EVP_PKEY struct that = will be used to encrypt the data.- @param[in] PublicKeySize = Size of the X509 cert buffer. @param[in] InData Data to be= encrypted. @param[in] InDataSize Size of the data buffer. @p= aram[in] PrngSeed [Optional] If provided, a pointer to a random= seed buffer@@ -45,9 +44,8 @@ **/ BOOLEAN EFIAPI-Pkcs1v2Encrypt (- IN CONST UINT8 *PublicKey,- IN = UINTN PublicKeySize,+InternalPkcs1v2Encrypt (+ EVP_PKEY *= Pkey, IN UINT8 *InData, IN UINTN InDataSize, IN C= ONST UINT8 *PrngSeed OPTIONAL,@@ -57,9 +55,6 @@ Pkcs1v2Encrypt ( ) { BOOLEAN Result;- CONST UINT8 *TempPointer;- X509 = *CertData;- EVP_PKEY *InternalPublicKey; EVP_PKEY_CTX *PkeyCtx; = UINT8 *OutData; UINTN OutDataSize;@@ -67,28 +62,15 @@ P= kcs1v2Encrypt ( // // Check input parameters. //- if ((PublicKey =3D=3D NULL) || (I= nData =3D=3D NULL) ||+ if ((Pkey =3D=3D NULL) || (InData =3D=3D NULL) || = (EncryptedData =3D=3D NULL) || (EncryptedDataSize =3D=3D NULL)) { = return FALSE; } - //- // Check public key size.- //- if (PublicKeyS= ize > 0xFFFFFFFF) {- //- // Public key size is too large for implemen= tation.- //- return FALSE;- }- *EncryptedData =3D NULL; *Enc= ryptedDataSize =3D 0; Result =3D FALSE;- TempPointer = =3D NULL;- CertData =3D NULL;- InternalPublicKey =3D NULL; P= keyCtx =3D NULL; OutData =3D NULL; OutDataSize = =3D 0;@@ -104,6 +86,154 @@ Pkcs1v2Encrypt ( RandomSeed (NULL, 0); } + //+ // Create a context for the public k= ey operation.+ //+ PkeyCtx =3D EVP_PKEY_CTX_new (Pkey, NULL);+ if (PkeyC= tx =3D=3D NULL) {+ //+ // Fail to create contex.+ //+ goto _Exi= t;+ }++ //+ // Initialize the context and set the desired padding.+ //+= if ((EVP_PKEY_encrypt_init (PkeyCtx) <=3D 0) ||+ (EVP_PKEY_CTX_set_r= sa_padding (PkeyCtx, RSA_PKCS1_OAEP_PADDING) <=3D 0))+ {+ //+ // Fai= l to initialize the context.+ //+ goto _Exit;+ }++ //+ // Determin= e the required buffer length for malloc'ing.+ //+ if (EVP_PKEY_encrypt (P= keyCtx, NULL, &OutDataSize, InData, InDataSize) <=3D 0) {+ //+ // Fai= l to determine output buffer size.+ //+ goto _Exit;+ }++ //+ // Al= locate a buffer for the output data.+ //+ OutData =3D AllocatePool (OutDa= taSize);+ if (OutData =3D=3D NULL) {+ //+ // Fail to allocate the ou= tput buffer.+ //+ goto _Exit;+ }++ //+ // Encrypt Data.+ //+ if = (EVP_PKEY_encrypt (PkeyCtx, OutData, &OutDataSize, InData, InDataSize) <=3D= 0) {+ //+ // Fail to encrypt data, need to free the output buffer.+ = //+ FreePool (OutData);+ OutData =3D NULL;+ OutDataSize =3D= 0;+ goto _Exit;+ }++ //+ // Encrypt done.+ //+ *EncryptedData = =3D OutData;+ *EncryptedDataSize =3D OutDataSize;+ Result =3D= TRUE;++_Exit:+ //+ // Release Resources+ //+ if (PkeyCtx !=3D NULL) {+= EVP_PKEY_CTX_free (PkeyCtx);+ }++ return Result;+}++/**+ Encrypts a = blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the+ encry= pted message in a newly allocated buffer.++ Things that can cause a failur= e include:+ - X509 key size does not match any known key size.+ - Fail to= parse X509 certificate.+ - Fail to allocate an intermediate buffer.+ - N= ull pointer provided for a non-optional parameter.+ - Data size is too lar= ge for the provided key size (max size is a function of key size+ and ha= sh digest size).++ @param[in] PublicKey A pointer to the DER-en= coded X509 certificate that+ will be used = to encrypt the data.+ @param[in] PublicKeySize Size of the X509 cer= t buffer.+ @param[in] InData Data to be encrypted.+ @param[= in] InDataSize Size of the data buffer.+ @param[in] PrngSeed = [Optional] If provided, a pointer to a random seed buffer+ = to be used when initializing the PRNG. NULL other= wise.+ @param[in] PrngSeedSize [Optional] If provided, size of the= random seed buffer.+ 0 otherwise.+ @para= m[out] EncryptedData Pointer to an allocated buffer containing the en= crypted+ message.+ @param[out] EncryptedD= ataSize Size of the encrypted message buffer.++ @retval TRUE = Encryption was successful.+ @retval FALSE Encryp= tion failed.++**/+BOOLEAN+EFIAPI+Pkcs1v2Encrypt (+ IN CONST UINT8 *Publ= icKey,+ IN UINTN PublicKeySize,+ IN UINT8 *InData,+ IN= UINTN InDataSize,+ IN CONST UINT8 *PrngSeed OPTIONAL,+ IN = UINTN PrngSeedSize OPTIONAL,+ OUT UINT8 **EncryptedData= ,+ OUT UINTN *EncryptedDataSize+ )+{+ BOOLEAN Result;+ CON= ST UINT8 *TempPointer;+ X509 *CertData;+ EVP_PKEY *Pkey;++ = //+ // Check input parameters.+ //+ if ((PublicKey =3D=3D NULL) || (InDa= ta =3D=3D NULL) ||+ (EncryptedData =3D=3D NULL) || (EncryptedDataSize = =3D=3D NULL))+ {+ return FALSE;+ }++ //+ // Check public key size.+ = //+ if (PublicKeySize > 0xFFFFFFFF) {+ //+ // Public key size is to= o large for implementation.+ //+ return FALSE;+ }++ *EncryptedData = =3D NULL;+ *EncryptedDataSize =3D 0;+ Result =3D FALSE;+ = TempPointer =3D NULL;+ CertData =3D NULL;+ Pkey = =3D NULL;+ // // Parse the X509 cert and extract the public key.= //@@ -120,52 +250,201 @@ Pkcs1v2Encrypt ( // Extract the public key from the x509 cert in a format that // OpenS= SL can use. //- InternalPublicKey =3D X509_get_pubkey (CertData);- if (= InternalPublicKey =3D=3D NULL) {+ Pkey =3D X509_get_pubkey (CertData);+ i= f (Pkey =3D=3D NULL) { // // Fail to extract public key. // = goto _Exit; } + Result =3D InternalPkcs1v2Encrypt (Pkey, InData, InData= Size, PrngSeed, PrngSeedSize, EncryptedData, EncryptedDataSize);++_Exit: = //- // Create a context for the public key operation.+ // Release Resourc= es+ //+ if (CertData !=3D NULL) {+ X509_free (CertData);+ }++ if (Pk= ey !=3D NULL) {+ EVP_PKEY_free (Pkey);+ }++ return Result;+}++/**+ En= crypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return th= e+ encrypted message in a newly allocated buffer.++ Things that can cause= a failure include:+ - X509 key size does not match any known key size.+ = - Fail to allocate an intermediate buffer.+ - Null pointer provided for a = non-optional parameter.+ - Data size is too large for the provided key siz= e (max size is a function of key size+ and hash digest size).++ @param[= in] RsaContext A pointer to an RSA context created by RsaNew() an= d+ provisioned with a public key using Rsa= SetKey().+ @param[in] InData Data to be encrypted.+ @param[= in] InDataSize Size of the data buffer.+ @param[in] PrngSeed = [Optional] If provided, a pointer to a random seed buffer+ = to be used when initializing the PRNG. NULL other= wise.+ @param[in] PrngSeedSize [Optional] If provided, size of the= random seed buffer.+ 0 otherwise.+ @para= m[out] EncryptedData Pointer to an allocated buffer containing the en= crypted+ message.+ @param[out] EncryptedD= ataSize Size of the encrypted message buffer.++ @retval TRUE = Encryption was successful.+ @retval FALSE Encryp= tion failed.++**/+BOOLEAN+EFIAPI+RsaOaepEncrypt (+ IN VOID *RsaC= ontext,+ IN UINT8 *InData,+ IN UINTN InDataSize,+ IN = CONST UINT8 *PrngSeed OPTIONAL,+ IN UINTN PrngSeedSize OPTI= ONAL,+ OUT UINT8 **EncryptedData,+ OUT UINTN *EncryptedDa= taSize+ )+{+ BOOLEAN Result;+ EVP_PKEY *Pkey;+ //- PkeyCtx =3D EVP= _PKEY_CTX_new (InternalPublicKey, NULL);+ // Check input parameters.+ //+= if (((RsaContext =3D=3D NULL) || (InData =3D=3D NULL)) ||+ (Encrypte= dData =3D=3D NULL) || (EncryptedDataSize =3D=3D NULL))+ {+ return FALSE= ;+ }++ *EncryptedData =3D NULL;+ *EncryptedDataSize =3D 0;+ Result = =3D FALSE;+ Pkey =3D NULL;++ Pkey =3D EVP_PKEY_= new ();+ if (Pkey =3D=3D NULL) {+ goto _Exit;+ }++ if (EVP_PKEY_set1_= RSA (Pkey, (RSA *)RsaContext) =3D=3D 0) {+ goto _Exit;+ }++ Result =3D= InternalPkcs1v2Encrypt (Pkey, InData, InDataSize, PrngSeed, PrngSeedSize, = EncryptedData, EncryptedDataSize);++_Exit:+ //+ // Release Resources+ //= + if (Pkey !=3D NULL) {+ EVP_PKEY_free (Pkey);+ }++ return Result;+}+= +/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will = return the+ decrypted message in a newly allocated buffer.++ Things that = can cause a failure include:+ - Fail to parse private key.+ - Fail to all= ocate an intermediate buffer.+ - Null pointer provided for a non-optional = parameter.++ @param[in] Pkey A pointer to an EVP_PKEY whic= h will decrypt that data.+ @param[in] EncryptedData Data to be decr= ypted.+ @param[in] EncryptedDataSize Size of the encrypted buffer.+ @p= aram[out] OutData Pointer to an allocated buffer containing the= encrypted+ message.+ @param[out] OutData= Size Size of the encrypted message buffer.++ @retval TRUE = Encryption was successful.+ @retval FALSE Enc= ryption failed.++**/+BOOLEAN+EFIAPI+InternalPkcs1v2Decrypt (+ EVP_PKEY = *Pkey,+ IN UINT8 *EncryptedData,+ IN UINTN EncryptedDataSize,+ OUT= UINT8 **OutData,+ OUT UINTN *OutDataSize+ )+{+ BOOLEAN Result= ;+ EVP_PKEY_CTX *PkeyCtx;+ UINT8 *TempData;+ UINTN Temp= DataSize;+ INTN ReturnCode;++ //+ // Check input parameters.+ = //+ if ((Pkey =3D=3D NULL) || (EncryptedData =3D=3D NULL) ||+ (OutDat= a =3D=3D NULL) || (OutDataSize =3D=3D NULL))+ {+ return FALSE;+ }++ R= esult =3D FALSE;+ PkeyCtx =3D NULL;+ TempData =3D NULL;+ = TempDataSize =3D 0;++ //+ // Create a context for the decryption operatio= n.+ //+ PkeyCtx =3D EVP_PKEY_CTX_new (Pkey, NULL); if (PkeyCtx =3D=3D N= ULL) { // // Fail to create contex. //+ DEBUG ((DEBUG_ERROR,= "[%a] EVP_PKEY_CTK_new() failed\n", __func__)); goto _Exit; } // = // Initialize the context and set the desired padding. //- if ((EVP_PK= EY_encrypt_init (PkeyCtx) <=3D 0) ||+ if ((EVP_PKEY_decrypt_init (PkeyCtx)= <=3D 0) || (EVP_PKEY_CTX_set_rsa_padding (PkeyCtx, RSA_PKCS1_OAEP_PA= DDING) <=3D 0)) { // // Fail to initialize the context. //+ = DEBUG ((DEBUG_ERROR, "[%a] EVP_PKEY_decrypt_init() failed\n", __func__));= goto _Exit; } // // Determine the required buffer length for ma= lloc'ing. //- if (EVP_PKEY_encrypt (PkeyCtx, NULL, &OutDataSize, InData,= InDataSize) <=3D 0) {+ ReturnCode =3D EVP_PKEY_decrypt (PkeyCtx, NULL, &T= empDataSize, EncryptedData, EncryptedDataSize);+ if (ReturnCode <=3D 0) { = // // Fail to determine output buffer size. //+ DEBUG ((DEBU= G_ERROR, "[%a] EVP_PKEY_decrypt() failed to determine output buffer size (r= c=3D%d)\n", __func__, ReturnCode)); goto _Exit; } // // Allocate= a buffer for the output data. //- OutData =3D AllocatePool (OutDataSize= );- if (OutData =3D=3D NULL) {+ TempData =3D AllocatePool (TempDataSize);= + if (TempData =3D=3D NULL) { // // Fail to allocate the output bu= ffer. //@@ -173,39 +452,172 @@ Pkcs1v2Encrypt ( } //- // Encrypt Data.+ // Decrypt Data. //- if (EVP_PKEY_encryp= t (PkeyCtx, OutData, &OutDataSize, InData, InDataSize) <=3D 0) {+ ReturnCo= de =3D EVP_PKEY_decrypt (PkeyCtx, TempData, &TempDataSize, EncryptedData, E= ncryptedDataSize);+ if (ReturnCode <=3D 0) { //- // Fail to encrypt= data, need to free the output buffer.+ // Fail to decrypt data, need to= free the output buffer. //- FreePool (OutData);- OutData =3D= NULL;- OutDataSize =3D 0;+ FreePool (TempData);+ TempData =3D= NULL;+ TempDataSize =3D 0;++ DEBUG ((DEBUG_ERROR, "[%a] EVP_PKEY_dec= rypt(TempData) failed to decrypt (rc=3D%d)\n", __func__, ReturnCode)); = goto _Exit; } //- // Encrypt done.+ // Decrypt done. //- *Encrypt= edData =3D OutData;- *EncryptedDataSize =3D OutDataSize;- Result = =3D TRUE;+ *OutData =3D TempData;+ *OutDataSize =3D TempDataS= ize;+ Result =3D TRUE; _Exit:+ if (PkeyCtx !=3D NULL) {+ EVP_PK= EY_CTX_free (PkeyCtx);+ }++ return Result;+}++/**+ Decrypts a blob using= PKCS1v2 (RSAES-OAEP) schema. On success, will return the+ decrypted messa= ge in a newly allocated buffer.++ Things that can cause a failure include:= + - Fail to parse private key.+ - Fail to allocate an intermediate buffer= .+ - Null pointer provided for a non-optional parameter.++ @param[in] Pr= ivateKey A pointer to the DER-encoded private key.+ @param[in] P= rivateKeySize Size of the private key buffer.+ @param[in] EncryptedD= ata Data to be decrypted.+ @param[in] EncryptedDataSize Size of t= he encrypted buffer.+ @param[out] OutData Pointer to an alloca= ted buffer containing the encrypted+ messa= ge.+ @param[out] OutDataSize Size of the encrypted message buffer.= ++ @retval TRUE Encryption was successful.+ @retval = FALSE Encryption failed.++**/+BOOLEAN+EFIAPI+Pkcs1v2Decrypt= (+ IN CONST UINT8 *PrivateKey,+ IN UINTN PrivateKeySize,+ I= N UINT8 *EncryptedData,+ IN UINTN EncryptedDataSize,+ O= UT UINT8 **OutData,+ OUT UINTN *OutDataSize+ )+{+ BOOLEA= N Result;+ EVP_PKEY *Pkey;+ CONST UINT8 *TempPointer;+ //- /= / Release Resources+ // Check input parameters. //- if (CertData !=3D N= ULL) {- X509_free (CertData);+ if ((PrivateKey =3D=3D NULL) || (Encrypt= edData =3D=3D NULL) ||+ (OutData =3D=3D NULL) || (OutDataSize =3D=3D N= ULL))+ {+ return FALSE;+ }++ Result =3D FALSE;+ Pkey =3D= NULL;+ TempPointer =3D NULL;++ //+ // Parse the private key.+ //+ Tem= pPointer =3D PrivateKey;+ Pkey =3D d2i_PrivateKey (EVP_PKEY_RSA, &P= key, &TempPointer, (UINT32)PrivateKeySize);+ if (Pkey =3D=3D NULL) {+ /= /+ // Fail to parse private key.+ //+ DEBUG ((DEBUG_ERROR, "[%a] d= 2i_PrivateKey() failed\n", __func__));+ goto _Exit; } - if (InternalP= ublicKey !=3D NULL) {- EVP_PKEY_free (InternalPublicKey);+ Result =3D I= nternalPkcs1v2Decrypt (Pkey, EncryptedData, EncryptedDataSize, OutData, Out= DataSize);++_Exit:+ if (Pkey !=3D NULL) {+ EVP_PKEY_free (Pkey); } - = if (PkeyCtx !=3D NULL) {- EVP_PKEY_CTX_free (PkeyCtx);+ return Result;= +}++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, wi= ll return the+ decrypted message in a newly allocated buffer.++ Things th= at can cause a failure include:+ - Fail to parse private key.+ - Fail to = allocate an intermediate buffer.+ - Null pointer provided for a non-option= al parameter.++ @param[in] RsaContext A pointer to an RSA contex= t created by RsaNew() and+ provisioned wit= h a private key using RsaSetKey().+ @param[in] EncryptedData Data t= o be decrypted.+ @param[in] EncryptedDataSize Size of the encrypted buf= fer.+ @param[out] OutData Pointer to an allocated buffer conta= ining the encrypted+ message.+ @param[out= ] OutDataSize Size of the encrypted message buffer.++ @retval = TRUE Encryption was successful.+ @retval FALSE = Encryption failed.++**/+BOOLEAN+EFIAPI+RsaOaepDecrypt (+ IN VOID = *RsaContext,+ IN UINT8 *EncryptedData,+ IN UINTN EncryptedDataSize= ,+ OUT UINT8 **OutData,+ OUT UINTN *OutDataSize+ )+{+ BOOLEAN Res= ult;+ EVP_PKEY *Pkey;++ //+ // Check input parameters.+ //+ if ((RsaC= ontext =3D=3D NULL) || (EncryptedData =3D=3D NULL) ||+ (OutData =3D=3D= NULL) || (OutDataSize =3D=3D NULL))+ {+ return FALSE;+ }++ Result = =3D FALSE;+ Pkey =3D NULL;++ //+ // Create a context for the decryptio= n operation.+ //++ Pkey =3D EVP_PKEY_new ();+ if (Pkey =3D=3D NULL) {+ = goto _Exit;+ }++ if (EVP_PKEY_set1_RSA (Pkey, (RSA *)RsaContext) =3D=3D= 0) {+ goto _Exit;+ }++ Result =3D InternalPkcs1v2Decrypt (Pkey, Encry= ptedData, EncryptedDataSize, OutData, OutDataSize);++_Exit:+ if (Pkey !=3D= NULL) {+ EVP_PKEY_free (Pkey); } return Result;diff --git a/Crypto= Pkg/Library/BaseCryptLib/Pk/CryptPkcs1OaepNull.c b/CryptoPkg/Library/BaseCr= yptLib/Pk/CryptPkcs1OaepNull.c index 36508947c5..05e074d18e 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1OaepNull.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1OaepNull.c @@ -48,3 +48,117 @@ Pkcs1v2Encrypt ( ASSERT (FALSE); return FALSE; }++/**+ Encrypts a blob using PKCS1v2 (= RSAES-OAEP) schema. On success, will return the+ encrypted message in a ne= wly allocated buffer.++ Things that can cause a failure include:+ - X509 = key size does not match any known key size.+ - Fail to allocate an interme= diate buffer.+ - Null pointer provided for a non-optional parameter.+ - D= ata size is too large for the provided key size (max size is a function of = key size+ and hash digest size).++ @param[in] RsaContext A po= inter to an RSA context created by RsaNew() and+ = provisioned with a public key using RsaSetKey().+ @param[in] InDat= a Data to be encrypted.+ @param[in] InDataSize Size= of the data buffer.+ @param[in] PrngSeed [Optional] If provid= ed, a pointer to a random seed buffer+ to = be used when initializing the PRNG. NULL otherwise.+ @param[in] PrngSeedS= ize [Optional] If provided, size of the random seed buffer.+ = 0 otherwise.+ @param[out] EncryptedData Po= inter to an allocated buffer containing the encrypted+ = message.+ @param[out] EncryptedDataSize Size of the encrypt= ed message buffer.++ @retval TRUE Encryption was succes= sful.+ @retval FALSE Encryption failed.++**/+BOOLEAN+EFI= API+RsaOaepEncrypt (+ IN VOID *RsaContext,+ IN UINT8 *= InData,+ IN UINTN InDataSize,+ IN CONST UINT8 *PrngSeed OPT= IONAL,+ IN UINTN PrngSeedSize OPTIONAL,+ OUT UINT8 **E= ncryptedData,+ OUT UINTN *EncryptedDataSize+ )+{+ ASSERT (FALSE)= ;+ return FALSE;+}++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schem= a. On success, will return the+ decrypted message in a newly allocated buf= fer.++ Things that can cause a failure include:+ - Fail to parse private = key.+ - Fail to allocate an intermediate buffer.+ - Null pointer provided= for a non-optional parameter.++ @param[in] PrivateKey A pointer= to the DER-encoded private key.+ @param[in] PrivateKeySize Size of = the private key buffer.+ @param[in] EncryptedData Data to be decryp= ted.+ @param[in] EncryptedDataSize Size of the encrypted buffer.+ @par= am[out] OutData Pointer to an allocated buffer containing the e= ncrypted+ message.+ @param[out] OutDataSi= ze Size of the encrypted message buffer.++ @retval TRUE = Encryption was successful.+ @retval FALSE Encry= ption failed.++**/+BOOLEAN+EFIAPI+Pkcs1v2Decrypt (+ IN CONST UINT8 *Pri= vateKey,+ IN UINTN PrivateKeySize,+ IN UINT8 *Encrypted= Data,+ IN UINTN EncryptedDataSize,+ OUT UINT8 **OutData,= + OUT UINTN *OutDataSize+ )+{+ ASSERT (FALSE);+ return FALSE;+}= ++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will= return the+ decrypted message in a newly allocated buffer.++ Things that= can cause a failure include:+ - Fail to parse private key.+ - Fail to al= locate an intermediate buffer.+ - Null pointer provided for a non-optional= parameter.++ @param[in] RsaContext A pointer to an RSA context = created by RsaNew() and+ provisioned with = a private key using RsaSetKey().+ @param[in] EncryptedData Data to = be decrypted.+ @param[in] EncryptedDataSize Size of the encrypted buffe= r.+ @param[out] OutData Pointer to an allocated buffer contain= ing the encrypted+ message.+ @param[out] = OutDataSize Size of the encrypted message buffer.++ @retval TR= UE Encryption was successful.+ @retval FALSE = Encryption failed.++**/+BOOLEAN+EFIAPI+RsaOaepDecrypt (+ IN VOID *= RsaContext,+ IN UINT8 *EncryptedData,+ IN UINTN EncryptedDataSize,+= OUT UINT8 **OutData,+ OUT UINTN *OutDataSize+ )+{+ ASSERT (FALSE);= + return FALSE;+}diff --git a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptP= kcs1OaepNull.c b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c index 36508947c5..05e074d18e 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c @@ -48,3 +48,117 @@ Pkcs1v2Encrypt ( ASSERT (FALSE); return FALSE; }++/**+ Encrypts a blob using PKCS1v2 (= RSAES-OAEP) schema. On success, will return the+ encrypted message in a ne= wly allocated buffer.++ Things that can cause a failure include:+ - X509 = key size does not match any known key size.+ - Fail to allocate an interme= diate buffer.+ - Null pointer provided for a non-optional parameter.+ - D= ata size is too large for the provided key size (max size is a function of = key size+ and hash digest size).++ @param[in] RsaContext A po= inter to an RSA context created by RsaNew() and+ = provisioned with a public key using RsaSetKey().+ @param[in] InDat= a Data to be encrypted.+ @param[in] InDataSize Size= of the data buffer.+ @param[in] PrngSeed [Optional] If provid= ed, a pointer to a random seed buffer+ to = be used when initializing the PRNG. NULL otherwise.+ @param[in] PrngSeedS= ize [Optional] If provided, size of the random seed buffer.+ = 0 otherwise.+ @param[out] EncryptedData Po= inter to an allocated buffer containing the encrypted+ = message.+ @param[out] EncryptedDataSize Size of the encrypt= ed message buffer.++ @retval TRUE Encryption was succes= sful.+ @retval FALSE Encryption failed.++**/+BOOLEAN+EFI= API+RsaOaepEncrypt (+ IN VOID *RsaContext,+ IN UINT8 *= InData,+ IN UINTN InDataSize,+ IN CONST UINT8 *PrngSeed OPT= IONAL,+ IN UINTN PrngSeedSize OPTIONAL,+ OUT UINT8 **E= ncryptedData,+ OUT UINTN *EncryptedDataSize+ )+{+ ASSERT (FALSE)= ;+ return FALSE;+}++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schem= a. On success, will return the+ decrypted message in a newly allocated buf= fer.++ Things that can cause a failure include:+ - Fail to parse private = key.+ - Fail to allocate an intermediate buffer.+ - Null pointer provided= for a non-optional parameter.++ @param[in] PrivateKey A pointer= to the DER-encoded private key.+ @param[in] PrivateKeySize Size of = the private key buffer.+ @param[in] EncryptedData Data to be decryp= ted.+ @param[in] EncryptedDataSize Size of the encrypted buffer.+ @par= am[out] OutData Pointer to an allocated buffer containing the e= ncrypted+ message.+ @param[out] OutDataSi= ze Size of the encrypted message buffer.++ @retval TRUE = Encryption was successful.+ @retval FALSE Encry= ption failed.++**/+BOOLEAN+EFIAPI+Pkcs1v2Decrypt (+ IN CONST UINT8 *Pri= vateKey,+ IN UINTN PrivateKeySize,+ IN UINT8 *Encrypted= Data,+ IN UINTN EncryptedDataSize,+ OUT UINT8 **OutData,= + OUT UINTN *OutDataSize+ )+{+ ASSERT (FALSE);+ return FALSE;+}= ++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will= return the+ decrypted message in a newly allocated buffer.++ Things that= can cause a failure include:+ - Fail to parse private key.+ - Fail to al= locate an intermediate buffer.+ - Null pointer provided for a non-optional= parameter.++ @param[in] RsaContext A pointer to an RSA context = created by RsaNew() and+ provisioned with = a private key using RsaSetKey().+ @param[in] EncryptedData Data to = be decrypted.+ @param[in] EncryptedDataSize Size of the encrypted buffe= r.+ @param[out] OutData Pointer to an allocated buffer contain= ing the encrypted+ message.+ @param[out] = OutDataSize Size of the encrypted message buffer.++ @retval TR= UE Encryption was successful.+ @retval FALSE = Encryption failed.++**/+BOOLEAN+EFIAPI+RsaOaepDecrypt (+ IN VOID *= RsaContext,+ IN UINT8 *EncryptedData,+ IN UINTN EncryptedDataSize,+= OUT UINT8 **OutData,+ OUT UINTN *OutDataSize+ )+{+ ASSERT (FALSE);= + return FALSE;+}-- 2.44.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117102): https://edk2.groups.io/g/devel/message/117102 Mute This Topic: https://groups.io/mt/105014749/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-