From: "Heng Luo" <heng.luo@intel.com>
To: "Tan, Ming" <ming.tan@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>,
"Li, Yi1" <yi1.li@intel.com>
Subject: Re: [edk2-devel] [staging/crypto-new-api PATCH] CryptoPkg: Fixed possible security implications in ECDH and BN.
Date: Fri, 15 Jul 2022 05:35:43 +0000 [thread overview]
Message-ID: <SN6PR11MB2752CB3053117114F1241167938B9@SN6PR11MB2752.namprd11.prod.outlook.com> (raw)
In-Reply-To: <BN8PR11MB3713D3C9D1E3047DAE960614978B9@BN8PR11MB3713.namprd11.prod.outlook.com>
Reviewed-by: Heng Luo <heng.luo@intel.com>
> -----Original Message-----
> From: Tan, Ming <ming.tan@intel.com>
> Sent: Friday, July 15, 2022 1:35 PM
> To: devel@edk2.groups.io; Li, Yi1 <yi1.li@intel.com>
> Cc: Luo, Heng <heng.luo@intel.com>
> Subject: RE: [edk2-devel] [staging/crypto-new-api PATCH] CryptoPkg: Fixed
> possible security implications in ECDH and BN.
>
> Reviewed-by: Ming Tan <ming.tan@intel.com>
>
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of yi1 li
> Sent: Friday, July 15, 2022 1:30 PM
> To: devel@edk2.groups.io
> Cc: Li, Yi1 <yi1.li@intel.com>; Tan, Ming <ming.tan@intel.com>; Luo, Heng
> <heng.luo@intel.com>
> Subject: [edk2-devel] [staging/crypto-new-api PATCH] CryptoPkg: Fixed possible
> security implications in ECDH and BN.
>
> 1. Origenal code mixes up the input/output parameters for the BN_rshift()
> function - the output is actually the first parameter and not the second one.
> Now we correct BnRShift() param order.
>
> 2. NID_X9_62_prime192v1() and NID_secp224r1 prohibited by Intel Crypto/TLS
> Guidelines (due to being insufficiently secure). Now we remove those curve.
>
> 3. ECDH pubilc key check is insufficient and therefore opens the implementation
> up to invalid curve attacks (see e.g.Dragonblood attack report). Need to
> perform the checks described by Appendix D of the NIST SP800-186, or Section
> 5.6.2.3 of NIST SP800-56Ar3. Now we add full public key validating procedures
> to EcDhDeriveSecret().
>
> 4. Some APIs need more detail comment. Fix some typos and add more detail
> discription for return value.
>
> Cc: Ming Tan <ming.tan@intel.com>
> Cc: Heng Luo <heng.luo@intel.com>
> Signed-off-by: Yi Li <yi1.li@intel.com>
>
> ---
> CryptoPkg/Driver/Crypto.c | 31 ++++++++++++++++++++---------
> --
> CryptoPkg/Include/Library/BaseCryptLib.h | 31
> ++++++++++++++++++++-----------
> CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c | 7 ++++---
> CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c | 4 +++-
> CryptoPkg/Library/BaseCryptLib/Ec/CryptEc.c | 61
> ++++++++++++++++++++++++++++++++++---------------------------
> CryptoPkg/Library/BaseCryptLib/Ec/CryptEcNull.c | 27
> +++++++++++++++++----------
> CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c | 4 +++-
> CryptoPkg/Library/BaseCryptLibNull/Ec/CryptEcNull.c | 27
> +++++++++++++++++----------
> CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 31
> ++++++++++++++++++++-----------
> CryptoPkg/Private/Protocol/Crypto.h | 31 ++++++++++++++++++++--
> ---------
> 10 files changed, 158 insertions(+), 96 deletions(-)
>
> diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index
> de422b7f53..10a0ce8800 100644
> --- a/CryptoPkg/Driver/Crypto.c
> +++ b/CryptoPkg/Driver/Crypto.c
> @@ -4962,7 +4962,6 @@ CryptoServiceBigNumValueOne (
> @param[out] BnRes The result.
>
> @retval EFI_SUCCESS On success.
> - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures.
> @retval EFI_PROTOCOL_ERROR Otherwise.
> **/
> EFI_STATUS
> @@ -5051,6 +5050,9 @@ CryptoServiceBigNumContextFree (
>
> @param[in] Bn Big number to set.
> @param[in] Val Value to set.
> +
> + @retval EFI_SUCCESS On success.
> + @retval EFI_PROTOCOL_ERROR Otherwise.
> **/
> EFI_STATUS
> EFIAPI
> @@ -5092,7 +5094,7 @@ CryptoServiceBigNumAddMod (
> using EcGroupFree() function.
>
> @param[in] Group Identifying number for the ECC group (IANA "Group
> - Description" attribute registrty for RFC 2409).
> + Description" attribute registry for RFC 2409).
>
> @retval EcGroup object On success.
> @retval NULL On failure.
> @@ -5114,8 +5116,8 @@ CryptoServiceEcGroupInit (
>
> @param[in] EcGroup EC group object.
> @param[out] BnPrime Group prime number.
> - @param[out] BnA A coofecient.
> - @param[out] BnB B coofecient.
> + @param[out] BnA A coefficient.
> + @param[out] BnB B coefficient.
> @param[in] BnCtx BN context.
>
> @retval EFI_SUCCESS On success.
> @@ -5426,13 +5428,14 @@ CryptoServiceEcPointSetCompressedCoordinates (
> /**
> Generate a key using ECDH algorithm. Please note, this function uses
> pseudo random number generator. The caller must make sure RandomSeed()
> - funtion was properly called before.
> + function was properly called before.
>
> @param[in] Group Identifying number for the ECC group (IANA "Group
> - Description" attribute registrty for RFC 2409).
> + Description" attribute registry for RFC 2409).
> @param[out] PKey Pointer to an object that will hold the ECDH key.
>
> @retval EFI_SUCCESS On success.
> + @retval EFI_UNSUPPORTED ECC group not supported.
> @retval EFI_PROTOCOL_ERROR On failure.
> **/
> EFI_STATUS
> @@ -5466,8 +5469,9 @@ CryptoServiceEcDhKeyFree (
> @param[in] PKey ECDH Key object.
> @param[out] EcPoint Properly initialized EC Point to hold the public key.
>
> - @retval EFI_SUCCESS On success.
> - @retval EFI_PROTOCOL_ERROR On failure.
> + @retval EFI_SUCCESS On success.
> + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly.
> + @retval EFI_PROTOCOL_ERROR On failure.
> **/
> EFI_STATUS
> EFIAPI
> @@ -5484,15 +5488,20 @@ CryptoServiceEcDhGetPubKey (
>
> @param[in] PKey ECDH Key object.
> @param[in] Group Identifying number for the ECC group (IANA "Group
> - Description" attribute registrty for RFC 2409).
> + Description" attribute registry for RFC 2409).
> @param[in] EcPointPublic Peer public key.
> @param[out] SecretSize On success, holds secret size.
> @param[out] Secret On success, holds the derived secret.
> Should be freed by caller using FreePool()
> function.
>
> - @retval EFI_SUCCESS On success.
> - @retval EFI_PROTOCOL_ERROR On failure.
> + @retval EFI_SUCCESS On success.
> + @retval EFI_UNSUPPORTED ECC group not supported.
> + @retval EFI_INVALID_PARAMETER One or more of the following conditions is
> TRUE:
> + Secret is NULL.
> + SecretSize is NULL.
> + Public key in EcPointPublic is invalid.
> + @retval EFI_PROTOCOL_ERROR On failure.
> **/
> EFI_STATUS
> EFIAPI
> diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h
> b/CryptoPkg/Include/Library/BaseCryptLib.h
> index 8fcb496c40..0de9f0739e 100644
> --- a/CryptoPkg/Include/Library/BaseCryptLib.h
> +++ b/CryptoPkg/Include/Library/BaseCryptLib.h
> @@ -2723,7 +2723,6 @@ BigNumValueOne (
> @param[out] BnRes The result.
>
> @retval EFI_SUCCESS On success.
> - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures.
> @retval EFI_PROTOCOL_ERROR Otherwise.
> **/
> EFI_STATUS
> @@ -2797,6 +2796,9 @@ BigNumContextFree (
>
> @param[in] Bn Big number to set.
> @param[in] Val Value to set.
> +
> + @retval EFI_SUCCESS On success.
> + @retval EFI_PROTOCOL_ERROR Otherwise.
> **/
> EFI_STATUS
> EFIAPI
> @@ -2832,7 +2834,7 @@ BigNumAddMod (
> using EcGroupFree() function.
>
> @param[in] Group Identifying number for the ECC group (IANA "Group
> - Description" attribute registrty for RFC 2409).
> + Description" attribute registry for RFC 2409).
>
> @retval EcGroup object On success.
> @retval NULL On failure.
> @@ -2851,8 +2853,8 @@ EcGroupInit (
>
> @param[in] EcGroup EC group object.
> @param[out] BnPrime Group prime number.
> - @param[out] BnA A coofecient.
> - @param[out] BnB B coofecient.
> + @param[out] BnA A coefficient.
> + @param[out] BnB B coefficient.
> @param[in] BnCtx BN context.
>
> @retval EFI_SUCCESS On success.
> @@ -3121,13 +3123,14 @@ EcPointSetCompressedCoordinates (
> /**
> Generate a key using ECDH algorithm. Please note, this function uses
> pseudo random number generator. The caller must make sure RandomSeed()
> - funtion was properly called before.
> + function was properly called before.
>
> @param[in] Group Identifying number for the ECC group (IANA "Group
> - Description" attribute registrty for RFC 2409).
> + Description" attribute registry for RFC 2409).
> @param[out] PKey Pointer to an object that will hold the ECDH key.
>
> @retval EFI_SUCCESS On success.
> + @retval EFI_UNSUPPORTED ECC group not supported.
> @retval EFI_PROTOCOL_ERROR On failure.
> **/
> EFI_STATUS
> @@ -3155,8 +3158,9 @@ EcDhKeyFree (
> @param[in] PKey ECDH Key object.
> @param[out] EcPoint Properly initialized EC Point to hold the public key.
>
> - @retval EFI_SUCCESS On success.
> - @retval EFI_PROTOCOL_ERROR On failure.
> + @retval EFI_SUCCESS On success.
> + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly.
> + @retval EFI_PROTOCOL_ERROR On failure.
> **/
> EFI_STATUS
> EFIAPI
> @@ -3170,15 +3174,20 @@ EcDhGetPubKey (
>
> @param[in] PKey ECDH Key object.
> @param[in] Group Identifying number for the ECC group (IANA "Group
> - Description" attribute registrty for RFC 2409).
> + Description" attribute registry for RFC 2409).
> @param[in] EcPointPublic Peer public key.
> @param[out] SecretSize On success, holds secret size.
> @param[out] Secret On success, holds the derived secret.
> Should be freed by caller using FreePool()
> function.
>
> - @retval EFI_SUCCESS On success.
> - @retval EFI_PROTOCOL_ERROR On failure.
> + @retval EFI_SUCCESS On success.
> + @retval EFI_UNSUPPORTED ECC group not supported.
> + @retval EFI_INVALID_PARAMETER One or more of the following conditions is
> TRUE:
> + Secret is NULL.
> + SecretSize is NULL.
> + Public key in EcPointPublic is invalid.
> + @retval EFI_PROTOCOL_ERROR On failure.
> **/
> EFI_STATUS
> EFIAPI
> diff --git a/CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c
> b/CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c
> index 3e43492a56..b6411cd541 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Bn/CryptBn.c
> @@ -442,7 +442,6 @@ BigNumValueOne (
> @param[out] BnRes The result.
>
> @retval EFI_SUCCESS On success.
> - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures.
> @retval EFI_PROTOCOL_ERROR Otherwise.
> **/
> EFI_STATUS
> @@ -453,8 +452,7 @@ BigNumRShift (
> OUT VOID *BnRes
> )
> {
> - // BN_rshift() does not modify the first argument, so we remove const.
> - if (BN_rshift ((BIGNUM *)Bn, BnRes, (int)n) == 1) {
> + if (BN_rshift (BnRes, Bn, (int)n) == 1) {
> return EFI_SUCCESS;
> } else {
> return EFI_PROTOCOL_ERROR;
> @@ -547,6 +545,9 @@ BigNumContextFree (
>
> @param[in] Bn Big number to set.
> @param[in] Val Value to set.
> +
> + @retval EFI_SUCCESS On success.
> + @retval EFI_PROTOCOL_ERROR Otherwise.
> **/
> EFI_STATUS
> EFIAPI
> diff --git a/CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c
> b/CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c
> index 4a27433a0e..4d2fa039df 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Bn/CryptBnNull.c
> @@ -395,7 +395,6 @@ BigNumValueOne (
> @param[out] BnRes The result.
>
> @retval EFI_SUCCESS On success.
> - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures.
> @retval EFI_PROTOCOL_ERROR Otherwise.
> **/
> EFI_STATUS
> @@ -487,6 +486,9 @@ BigNumContextFree (
>
> @param[in] Bn Big number to set.
> @param[in] Val Value to set.
> +
> + @retval EFI_SUCCESS On success.
> + @retval EFI_PROTOCOL_ERROR Otherwise.
> **/
> EFI_STATUS
> EFIAPI
> diff --git a/CryptoPkg/Library/BaseCryptLib/Ec/CryptEc.c
> b/CryptoPkg/Library/BaseCryptLib/Ec/CryptEc.c
> index 4d1aab8d32..90d1b8bce7 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Ec/CryptEc.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Ec/CryptEc.c
> @@ -21,13 +21,13 @@
> #include <openssl/ec.h>
>
> /**
> - Temp comment.
> + Return the Nid of certain ECC group.
>
> @param[in] Group Identifying number for the ECC group (IANA "Group
> - Description" attribute registrty for RFC 2409).
> + Description" attribute registry for RFC 2409).
>
> - @retval EcGroup object On success.
> - @retval NULL On failure.
> + @retval !=-1 On success.
> + @retval -1 ECC group not supported.
> **/
> STATIC
> INT32
> @@ -47,12 +47,6 @@ GroupToNid (
> case 21:
> Nid = NID_secp521r1;
> break;
> - case 25:
> - Nid = NID_X9_62_prime192v1;
> - break;
> - case 26:
> - Nid = NID_secp224r1;
> - break;
> default:
> return -1;
> }
> @@ -66,7 +60,7 @@ GroupToNid (
> using EcGroupFree() function.
>
> @param[in] Group Identifying number for the ECC group (IANA "Group
> - Description" attribute registrty for RFC 2409).
> + Description" attribute registry for RFC 2409).
>
> @retval EcGroup object On success.
> @retval NULL On failure.
> @@ -96,8 +90,8 @@ EcGroupInit (
>
> @param[in] EcGroup EC group object.
> @param[out] BnPrime Group prime number.
> - @param[out] BnA A coofecient.
> - @param[out] BnB B coofecient.
> + @param[out] BnA A coefficient.
> + @param[out] BnB B coefficient.
> @param[in] BnCtx BN context.
>
> @retval EFI_SUCCESS On success.
> @@ -218,7 +212,7 @@ EcPointGetAffineCoordinates (
> )
> {
> return EC_POINT_get_affine_coordinates (EcGroup, EcPoint, BnX, BnY, BnCtx) ?
> - EFI_SUCCESS : EFI_INVALID_PARAMETER;
> + EFI_SUCCESS : EFI_PROTOCOL_ERROR;
> }
>
> /**
> @@ -244,7 +238,7 @@ EcPointSetAffineCoordinates (
> )
> {
> return EC_POINT_set_affine_coordinates (EcGroup, EcPoint, BnX, BnY, BnCtx) ?
> - EFI_SUCCESS : EFI_INVALID_PARAMETER;
> + EFI_SUCCESS : EFI_PROTOCOL_ERROR;
> }
>
> /**
> @@ -271,7 +265,7 @@ EcPointAdd (
> )
> {
> return EC_POINT_add (EcGroup, EcPointResult, EcPointA, EcPointB, BnCtx) ?
> - EFI_SUCCESS : EFI_INVALID_PARAMETER;
> + EFI_SUCCESS : EFI_PROTOCOL_ERROR;
> }
>
> /**
> @@ -298,7 +292,7 @@ EcPointMul (
> )
> {
> return EC_POINT_mul (EcGroup, EcPointResult, NULL, EcPoint, BnPScalar,
> BnCtx) ?
> - EFI_SUCCESS : EFI_INVALID_PARAMETER;
> + EFI_SUCCESS : EFI_PROTOCOL_ERROR;
> }
>
> /**
> @@ -320,7 +314,7 @@ EcPointInvert (
> )
> {
> return EC_POINT_invert (EcGroup, EcPoint, BnCtx) ?
> - EFI_SUCCESS : EFI_INVALID_PARAMETER;
> + EFI_SUCCESS : EFI_PROTOCOL_ERROR;
> }
>
> /**
> @@ -414,19 +408,20 @@ EcPointSetCompressedCoordinates (
> )
> {
> return EC_POINT_set_compressed_coordinates (EcGroup, EcPoint, BnX, YBit,
> BnCtx) ?
> - EFI_SUCCESS : EFI_INVALID_PARAMETER;
> + EFI_SUCCESS : EFI_PROTOCOL_ERROR;
> }
>
> /**
> Generate a key using ECDH algorithm. Please note, this function uses
> pseudo random number generator. The caller must make sure RandomSeed()
> - funtion was properly called before.
> + function was properly called before.
>
> @param[in] Group Identifying number for the ECC group (IANA "Group
> - Description" attribute registrty for RFC 2409).
> + Description" attribute registry for RFC 2409).
> @param[out] PKey Pointer to an object that will hold the ECDH key.
>
> @retval EFI_SUCCESS On success.
> + @retval EFI_UNSUPPORTED ECC group not supported.
> @retval EFI_PROTOCOL_ERROR On failure.
> **/
> EFI_STATUS
> @@ -508,8 +503,9 @@ EcDhKeyFree (
> @param[in] PKey ECDH Key object.
> @param[out] EcPoint Properly initialized EC Point to hold the public key.
>
> - @retval EFI_SUCCESS On success.
> - @retval EFI_PROTOCOL_ERROR On failure.
> + @retval EFI_SUCCESS On success.
> + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly.
> + @retval EFI_PROTOCOL_ERROR On failure.
> **/
> EFI_STATUS
> EFIAPI
> @@ -553,15 +549,21 @@ out:
>
> @param[in] PKey ECDH Key object.
> @param[in] Group Identifying number for the ECC group (IANA "Group
> - Description" attribute registrty for RFC 2409).
> - @param[in] EcPointPublic Peer public key.
> + Description" attribute registry for RFC 2409).
> + @param[in] EcPointPublic Peer public key. Certain sanity checks on the key
> + will be performed to confirm that it is valid.
> @param[out] SecretSize On success, holds secret size.
> @param[out] Secret On success, holds the derived secret.
> Should be freed by caller using FreePool()
> function.
>
> - @retval EFI_SUCCESS On success.
> - @retval EFI_PROTOCOL_ERROR On failure.
> + @retval EFI_SUCCESS On success.
> + @retval EFI_UNSUPPORTED ECC group not supported.
> + @retval EFI_INVALID_PARAMETER One or more of the following conditions is
> TRUE:
> + Secret is NULL.
> + SecretSize is NULL.
> + Public key in EcPointPublic is invalid.
> + @retval EFI_PROTOCOL_ERROR On failure.
> **/
> EFI_STATUS
> EFIAPI
> @@ -605,6 +607,11 @@ EcDhDeriveSecret (
> goto fail;
> }
>
> + if (!EC_KEY_check_key (EcKey)) {
> + Status = EFI_INVALID_PARAMETER;
> + goto fail;
> + }
> +
> Ctx = EVP_PKEY_CTX_new (PKey, NULL);
> if ((Ctx == NULL) || (EVP_PKEY_derive_init (Ctx) != 1) ||
> (EVP_PKEY_derive_set_peer (Ctx, PeerKey) != 1) || diff --git
> a/CryptoPkg/Library/BaseCryptLib/Ec/CryptEcNull.c
> b/CryptoPkg/Library/BaseCryptLib/Ec/CryptEcNull.c
> index 2d7e5db464..e7fe378095 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Ec/CryptEcNull.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Ec/CryptEcNull.c
> @@ -15,7 +15,7 @@
> using EcGroupFree() function.
>
> @param[in] Group Identifying number for the ECC group (IANA "Group
> - Description" attribute registrty for RFC 2409).
> + Description" attribute registry for RFC 2409).
>
> @retval EcGroup object On success.
> @retval NULL On failure.
> @@ -38,8 +38,8 @@ EcGroupInit (
>
> @param[in] EcGroup EC group object.
> @param[out] BnPrime Group prime number.
> - @param[out] BnA A coofecient.
> - @param[out] BnB B coofecient.
> + @param[out] BnA A coefficient.
> + @param[out] BnB B coefficient.
> @param[in] BnCtx BN context.
>
> @retval EFI_SUCCESS On success.
> @@ -362,13 +362,14 @@ EcPointSetCompressedCoordinates (
> /**
> Generate a key using ECDH algorithm. Please note, this function uses
> pseudo random number generator. The caller must make sure RandomSeed()
> - funtion was properly called before.
> + function was properly called before.
>
> @param[in] Group Identifying number for the ECC group (IANA "Group
> - Description" attribute registrty for RFC 2409).
> + Description" attribute registry for RFC 2409).
> @param[out] PKey Pointer to an object that will hold the ECDH key.
>
> @retval EFI_SUCCESS On success.
> + @retval EFI_UNSUPPORTED ECC group not supported.
> @retval EFI_PROTOCOL_ERROR On failure.
> **/
> EFI_STATUS
> @@ -403,8 +404,9 @@ EcDhKeyFree (
> @param[in] PKey ECDH Key object.
> @param[out] EcPoint Properly initialized EC Point to hold the public key.
>
> - @retval EFI_SUCCESS On success.
> - @retval EFI_PROTOCOL_ERROR On failure.
> + @retval EFI_SUCCESS On success.
> + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly.
> + @retval EFI_PROTOCOL_ERROR On failure.
> **/
> EFI_STATUS
> EFIAPI
> @@ -422,15 +424,20 @@ EcDhGetPubKey (
>
> @param[in] PKey ECDH Key object.
> @param[in] Group Identifying number for the ECC group (IANA "Group
> - Description" attribute registrty for RFC 2409).
> + Description" attribute registry for RFC 2409).
> @param[in] EcPointPublic Peer public key.
> @param[out] SecretSize On success, holds secret size.
> @param[out] Secret On success, holds the derived secret.
> Should be freed by caller using FreePool()
> function.
>
> - @retval EFI_SUCCESS On success.
> - @retval EFI_PROTOCOL_ERROR On failure.
> + @retval EFI_SUCCESS On success.
> + @retval EFI_UNSUPPORTED ECC group not supported.
> + @retval EFI_INVALID_PARAMETER One or more of the following conditions is
> TRUE:
> + Secret is NULL.
> + SecretSize is NULL.
> + Public key in EcPointPublic is invalid.
> + @retval EFI_PROTOCOL_ERROR On failure.
> **/
> EFI_STATUS
> EFIAPI
> diff --git a/CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c
> b/CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c
> index 4a27433a0e..4d2fa039df 100644
> --- a/CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c
> +++ b/CryptoPkg/Library/BaseCryptLibNull/Bn/CryptBnNull.c
> @@ -395,7 +395,6 @@ BigNumValueOne (
> @param[out] BnRes The result.
>
> @retval EFI_SUCCESS On success.
> - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures.
> @retval EFI_PROTOCOL_ERROR Otherwise.
> **/
> EFI_STATUS
> @@ -487,6 +486,9 @@ BigNumContextFree (
>
> @param[in] Bn Big number to set.
> @param[in] Val Value to set.
> +
> + @retval EFI_SUCCESS On success.
> + @retval EFI_PROTOCOL_ERROR Otherwise.
> **/
> EFI_STATUS
> EFIAPI
> diff --git a/CryptoPkg/Library/BaseCryptLibNull/Ec/CryptEcNull.c
> b/CryptoPkg/Library/BaseCryptLibNull/Ec/CryptEcNull.c
> index 2d7e5db464..e7fe378095 100644
> --- a/CryptoPkg/Library/BaseCryptLibNull/Ec/CryptEcNull.c
> +++ b/CryptoPkg/Library/BaseCryptLibNull/Ec/CryptEcNull.c
> @@ -15,7 +15,7 @@
> using EcGroupFree() function.
>
> @param[in] Group Identifying number for the ECC group (IANA "Group
> - Description" attribute registrty for RFC 2409).
> + Description" attribute registry for RFC 2409).
>
> @retval EcGroup object On success.
> @retval NULL On failure.
> @@ -38,8 +38,8 @@ EcGroupInit (
>
> @param[in] EcGroup EC group object.
> @param[out] BnPrime Group prime number.
> - @param[out] BnA A coofecient.
> - @param[out] BnB B coofecient.
> + @param[out] BnA A coefficient.
> + @param[out] BnB B coefficient.
> @param[in] BnCtx BN context.
>
> @retval EFI_SUCCESS On success.
> @@ -362,13 +362,14 @@ EcPointSetCompressedCoordinates (
> /**
> Generate a key using ECDH algorithm. Please note, this function uses
> pseudo random number generator. The caller must make sure RandomSeed()
> - funtion was properly called before.
> + function was properly called before.
>
> @param[in] Group Identifying number for the ECC group (IANA "Group
> - Description" attribute registrty for RFC 2409).
> + Description" attribute registry for RFC 2409).
> @param[out] PKey Pointer to an object that will hold the ECDH key.
>
> @retval EFI_SUCCESS On success.
> + @retval EFI_UNSUPPORTED ECC group not supported.
> @retval EFI_PROTOCOL_ERROR On failure.
> **/
> EFI_STATUS
> @@ -403,8 +404,9 @@ EcDhKeyFree (
> @param[in] PKey ECDH Key object.
> @param[out] EcPoint Properly initialized EC Point to hold the public key.
>
> - @retval EFI_SUCCESS On success.
> - @retval EFI_PROTOCOL_ERROR On failure.
> + @retval EFI_SUCCESS On success.
> + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly.
> + @retval EFI_PROTOCOL_ERROR On failure.
> **/
> EFI_STATUS
> EFIAPI
> @@ -422,15 +424,20 @@ EcDhGetPubKey (
>
> @param[in] PKey ECDH Key object.
> @param[in] Group Identifying number for the ECC group (IANA "Group
> - Description" attribute registrty for RFC 2409).
> + Description" attribute registry for RFC 2409).
> @param[in] EcPointPublic Peer public key.
> @param[out] SecretSize On success, holds secret size.
> @param[out] Secret On success, holds the derived secret.
> Should be freed by caller using FreePool()
> function.
>
> - @retval EFI_SUCCESS On success.
> - @retval EFI_PROTOCOL_ERROR On failure.
> + @retval EFI_SUCCESS On success.
> + @retval EFI_UNSUPPORTED ECC group not supported.
> + @retval EFI_INVALID_PARAMETER One or more of the following conditions is
> TRUE:
> + Secret is NULL.
> + SecretSize is NULL.
> + Public key in EcPointPublic is invalid.
> + @retval EFI_PROTOCOL_ERROR On failure.
> **/
> EFI_STATUS
> EFIAPI
> diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> index 548116abb4..0410067c9d 100644
> --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
> @@ -4069,7 +4069,6 @@ BigNumValueOne (
> @param[out] BnRes The result.
>
> @retval EFI_SUCCESS On success.
> - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures.
> @retval EFI_PROTOCOL_ERROR Otherwise.
> **/
> EFI_STATUS
> @@ -4158,6 +4157,9 @@ BigNumContextFree (
>
> @param[in] Bn Big number to set.
> @param[in] Val Value to set.
> +
> + @retval EFI_SUCCESS On success.
> + @retval EFI_PROTOCOL_ERROR Otherwise.
> **/
> EFI_STATUS
> EFIAPI
> @@ -4199,7 +4201,7 @@ BigNumAddMod (
> using EcGroupFree() function.
>
> @param[in] Group Identifying number for the ECC group (IANA "Group
> - Description" attribute registrty for RFC 2409).
> + Description" attribute registry for RFC 2409).
>
> @retval EcGroup object On success.
> @retval NULL On failure.
> @@ -4221,8 +4223,8 @@ EcGroupInit (
>
> @param[in] EcGroup EC group object.
> @param[out] BnPrime Group prime number.
> - @param[out] BnA A coofecient.
> - @param[out] BnB B coofecient.
> + @param[out] BnA A coefficient.
> + @param[out] BnB B coefficient.
> @param[in] BnCtx BN context.
>
> @retval EFI_SUCCESS On success.
> @@ -4533,13 +4535,14 @@ EcPointSetCompressedCoordinates (
> /**
> Generate a key using ECDH algorithm. Please note, this function uses
> pseudo random number generator. The caller must make sure RandomSeed()
> - funtion was properly called before.
> + function was properly called before.
>
> @param[in] Group Identifying number for the ECC group (IANA "Group
> - Description" attribute registrty for RFC 2409).
> + Description" attribute registry for RFC 2409).
> @param[out] PKey Pointer to an object that will hold the ECDH key.
>
> @retval EFI_SUCCESS On success.
> + @retval EFI_UNSUPPORTED ECC group not supported.
> @retval EFI_PROTOCOL_ERROR On failure.
> **/
> EFI_STATUS
> @@ -4573,8 +4576,9 @@ EcDhKeyFree (
> @param[in] PKey ECDH Key object.
> @param[out] EcPoint Properly initialized EC Point to hold the public key.
>
> - @retval EFI_SUCCESS On success.
> - @retval EFI_PROTOCOL_ERROR On failure.
> + @retval EFI_SUCCESS On success.
> + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly.
> + @retval EFI_PROTOCOL_ERROR On failure.
> **/
> EFI_STATUS
> EFIAPI
> @@ -4591,15 +4595,20 @@ EcDhGetPubKey (
>
> @param[in] PKey ECDH Key object.
> @param[in] Group Identifying number for the ECC group (IANA "Group
> - Description" attribute registrty for RFC 2409).
> + Description" attribute registry for RFC 2409).
> @param[in] EcPointPublic Peer public key.
> @param[out] SecretSize On success, holds secret size.
> @param[out] Secret On success, holds the derived secret.
> Should be freed by caller using FreePool()
> function.
>
> - @retval EFI_SUCCESS On success.
> - @retval EFI_PROTOCOL_ERROR On failure.
> + @retval EFI_SUCCESS On success.
> + @retval EFI_UNSUPPORTED ECC group not supported.
> + @retval EFI_INVALID_PARAMETER One or more of the following conditions is
> TRUE:
> + Secret is NULL.
> + SecretSize is NULL.
> + Public key in EcPointPublic is invalid.
> + @retval EFI_PROTOCOL_ERROR On failure.
> **/
> EFI_STATUS
> EFIAPI
> diff --git a/CryptoPkg/Private/Protocol/Crypto.h
> b/CryptoPkg/Private/Protocol/Crypto.h
> index 1b31714d77..1cf5d18cc3 100644
> --- a/CryptoPkg/Private/Protocol/Crypto.h
> +++ b/CryptoPkg/Private/Protocol/Crypto.h
> @@ -3863,7 +3863,6 @@ CONST VOID *
> @param[out] BnRes The result, such that (BnA * BnB) % BnM.
>
> @retval EFI_SUCCESS On success.
> - @retval EFI_OUT_OF_RESOURCES In case of internal allocation failures.
> @retval EFI_PROTOCOL_ERROR Otherwise.
> **/
> typedef
> @@ -3935,6 +3934,9 @@ VOID
>
> @param[in] Bn Big number to set.
> @param[in] Val Value to set.
> +
> + @retval EFI_SUCCESS On success.
> + @retval EFI_PROTOCOL_ERROR Otherwise.
> **/
> typedef
> EFI_STATUS
> @@ -3970,7 +3972,7 @@ EFI_STATUS
> using EcGroupFree() function.
>
> @param[in] Group Identifying number for the ECC group (IANA "Group
> - Description" attribute registrty for RFC 2409)
> + Description" attribute registry for RFC 2409)
>
> @retval EcGroup object On success
> @retval NULL On failure
> @@ -3989,8 +3991,8 @@ VOID *
>
> @param[in] EcGroup EC group object
> @param[out] BnPrime Group prime number
> - @param[out] BnA A coofecient
> - @param[out] BnB B coofecient
> + @param[out] BnA A coefficient
> + @param[out] BnB B coefficient
> @param[in] BnCtx BN context
>
> @retval EFI_SUCCESS On success
> @@ -4260,13 +4262,14 @@ EFI_STATUS
> /**
> Generate a key using ECDH algorithm. Please note, this function uses
> pseudo random number generator. The caller must make sure RandomSeed()
> - funtion was properly called before.
> + function was properly called before.
>
> @param[in] Group Identifying number for the ECC group (IANA "Group
> - Description" attribute registrty for RFC 2409)
> + Description" attribute registry for RFC 2409)
> @param[out] PKey Pointer to an object that will hold the ECDH key
>
> @retval EFI_SUCCESS On success
> + @retval EFI_UNSUPPORTED ECC group not supported.
> @retval EFI_PROTOCOL_ERROR On failure **/ typedef @@ -4294,8 +4297,9
> @@ VOID
> @param[in] PKey ECDH Key object
> @param[out] EcPoint Properly initialized EC Point to hold the public key
>
> - @retval EFI_SUCCESS On success
> - @retval EFI_PROTOCOL_ERROR On failure
> + @retval EFI_SUCCESS On success
> + @retval EFI_INVALID_PARAMETER EcPoint should be initialized properly.
> + @retval EFI_PROTOCOL_ERROR On failure
> **/
> typedef
> EFI_STATUS
> @@ -4309,15 +4313,20 @@ EFI_STATUS
>
> @param[in] PKey ECDH Key object
> @param[in] Group Identifying number for the ECC group (IANA "Group
> - Description" attribute registrty for RFC 2409)
> + Description" attribute registry for RFC
> + 2409)
> @param[in] EcPointPublic Peer public key
> @param[out] SecretSize On success, holds secret size
> @param[out] Secret On success, holds the derived secret
> Should be freed by caller using FreePool()
> function.
>
> - @retval EFI_SUCCESS On success
> - @retval EFI_PROTOCOL_ERROR On failure
> + @retval EFI_SUCCESS On success.
> + @retval EFI_UNSUPPORTED ECC group not supported.
> + @retval EFI_INVALID_PARAMETER One or more of the following conditions is
> TRUE:
> + Secret is NULL.
> + SecretSize is NULL.
> + Public key in EcPointPublic is invalid.
> + @retval EFI_PROTOCOL_ERROR On failure.
> **/
> typedef
> EFI_STATUS
> --
> 2.31.1.windows.1
>
>
>
>
>
prev parent reply other threads:[~2022-07-15 5:36 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-15 5:29 [staging/crypto-new-api PATCH] CryptoPkg: Fixed possible security implications in ECDH and BN yi1 li
2022-07-15 5:34 ` [edk2-devel] " Tan, Ming
2022-07-15 5:35 ` Heng Luo [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=SN6PR11MB2752CB3053117114F1241167938B9@SN6PR11MB2752.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox