From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id A34ADAC1B3C for ; Sat, 30 Mar 2024 22:00:09 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=vFMXXqM4i2KKFKtJSyBSqXD8JIcz15HKiRgplbNSHS4=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Feedback-ID:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1711836008; v=1; b=ozTC3Yi4ngy9DXNcsvv3ZCZIiQ79MAH1yvUcx5Ii8wV1Qx/PnlKMcemZTQal6Kifst4K0Gy5 sljExN1P+JAqbQwxYXMYvmT74kX6i93pvLkZKvQzTfJnbPzbintGPRbKnWMsa/kmdPN+2s9kZtl QCkZbyyke7qcPYBNSTcsf9XtwKUm+3hVMxuaBjp3jVKEHaUoi/VX0Ka0/EYIe9fhhxybanAKLAO EXNj4vTrSfQDRO+3M3bx260P3wiEm8ul2WJiDN4kWiTwLyukXXpRk50nDdvf0WNY1aQsCQbEFs3 1koeX7vrmshJAkSL/1xGn04tc0EW541ohVwtYkmvYv3Tg== X-Received: by 127.0.0.2 with SMTP id L8pbYY7687511xxyuRbHiAad; Sat, 30 Mar 2024 15:00:08 -0700 X-Received: from a2i971.smtp2go.com (a2i971.smtp2go.com [103.47.207.203]) by mx.groups.io with SMTP id smtpd.web11.6640.1711836007559500621 for ; Sat, 30 Mar 2024 15:00:07 -0700 X-Received: from [10.66.228.43] (helo=SmtpCorp) by smtpcorp.com with esmtpsa (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.94.2-S2G) (envelope-from ) id 1rqgkA-gL4SH0-Pb; Sat, 30 Mar 2024 22:00:06 +0000 X-Received: from [10.90.237.184] (helo=localhost.localdomain) by smtpcorp.com with esmtpsa (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96.1-S2G) (envelope-from ) id 1rqgkA-wSPEb9-11; Sat, 30 Mar 2024 22:00:06 +0000 From: "Chris Ruffin via groups.io" To: devel@edk2.groups.io Cc: Chris Ruffin , Chris Ruffin , Jiewen Yao , Yi Li , Wenxing Hou Subject: [edk2-devel] [PATCH v2 2/3] CryptoPkg/Driver: add additional RSAES-OAEP crypto functions Date: Sat, 30 Mar 2024 17:59:44 -0400 Message-ID: In-Reply-To: References: <20240318215205.1339-1-cruffin@millcore.com> MIME-Version: 1.0 X-Smtpcorp-Track: 1rqgkjwSeEP911.CEtnDpSOYF1_C Feedback-ID: 401384m:401384aZcXcRg:401384smGEhCbzQl X-Report-Abuse: Please forward a copy of this message, including all headers, to Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Sat, 30 Mar 2024 15:00:07 -0700 Reply-To: devel@edk2.groups.io,cruffin@millcore.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: B3eF2F7HeOfZyK7mAWMoos9Zx7686176AA= Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=ozTC3Yi4; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io From: Chris Ruffin Add new functions to CryptoPkg/Driver. Signed-off-by: Chris Ruffin Cc: Chris Ruffin Cc: Jiewen Yao Cc: Yi Li Cc: Wenxing Hou --- CryptoPkg/Driver/Crypto.c | 130 +++++++++++++++++- .../Pcd/PcdCryptoServiceFamilyEnable.h | 4 + .../BaseCryptLibOnProtocolPpi/CryptLib.c | 114 +++++++++++++++ CryptoPkg/Private/Protocol/Crypto.h | 109 ++++++++++++++- 4 files changed, 355 insertions(+), 2 deletions(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index bdbb4863a9..d11de00bce 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -3589,6 +3589,131 @@ CryptoServicePkcs1v2Encrypt ( return CALL_BASECRYPTLIB (Pkcs.Services.Pkcs1v2Encrypt, Pkcs1v2Encrypt, = (PublicKey, PublicKeySize, InData, InDataSize, PrngSeed, PrngSeedSize, Encr= yptedData, EncryptedDataSize), FALSE);=0D }=0D =0D +/**=0D + Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + encrypted message in a newly allocated buffer.=0D +=0D + Things that can cause a failure include:=0D + - X509 key size does not match any known key size.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D + - Data size is too large for the provided key size (max size is a functi= on of key size=0D + and hash digest size).=0D +=0D + @param[in] RsaContext A pointer to an RSA context created by R= saNew() and=0D + provisioned with a public key using RsaS= etKey().=0D + @param[in] InData Data to be encrypted.=0D + @param[in] InDataSize Size of the data buffer.=0D + @param[in] PrngSeed [Optional] If provided, a pointer to a r= andom seed buffer=0D + to be used when initializing the PRNG. N= ULL otherwise.=0D + @param[in] PrngSeedSize [Optional] If provided, size of the rand= om seed buffer.=0D + 0 otherwise.=0D + @param[in] DigestLen [Optional] If provided, size of the hash= used:=0D + SHA1_DIGEST_SIZE=0D + SHA256_DIGEST_SIZE=0D + SHA384_DIGEST_SIZE=0D + SHA512_DIGEST_SIZE=0D + 0 to use default (SHA1)=0D + @param[out] EncryptedData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] EncryptedDataSize Size of the encrypted message buffer.=0D +=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceRsaOaepEncrypt (=0D + IN VOID *RsaContext,=0D + IN UINT8 *InData,=0D + IN UINTN InDataSize,=0D + IN CONST UINT8 *PrngSeed OPTIONAL,=0D + IN UINTN PrngSeedSize OPTIONAL,=0D + IN UINT16 DigestLen OPTIONAL,=0D + OUT UINT8 **EncryptedData,=0D + OUT UINTN *EncryptedDataSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (Rsa.Services.RsaOaepEncrypt, RsaOaepEncrypt, (= RsaContext, InData, InDataSize, PrngSeed, PrngSeedSize, DigestLen, Encrypte= dData, EncryptedDataSize), FALSE);=0D +}=0D +=0D +/**=0D + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + decrypted message in a newly allocated buffer.=0D +=0D + Things that can cause a failure include:=0D + - Fail to parse private key.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D +=0D + @param[in] PrivateKey A pointer to the DER-encoded private key= .=0D + @param[in] PrivateKeySize Size of the private key buffer.=0D + @param[in] EncryptedData Data to be decrypted.=0D + @param[in] EncryptedDataSize Size of the encrypted buffer.=0D + @param[out] OutData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] OutDataSize Size of the encrypted message buffer.=0D +=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServicePkcs1v2Decrypt (=0D + IN CONST UINT8 *PrivateKey,=0D + IN UINTN PrivateKeySize,=0D + IN UINT8 *EncryptedData,=0D + IN UINTN EncryptedDataSize,=0D + OUT UINT8 **OutData,=0D + OUT UINTN *OutDataSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (Pkcs.Services.Pkcs1v2Decrypt, Pkcs1v2Decrypt, = (PrivateKey, PrivateKeySize, EncryptedData, EncryptedDataSize, OutData, Out= DataSize), FALSE);=0D +}=0D +=0D +/**=0D + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + decrypted message in a newly allocated buffer.=0D +=0D + Things that can cause a failure include:=0D + - Fail to parse private key.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D +=0D + @param[in] RsaContext A pointer to an RSA context created by R= saNew() and=0D + provisioned with a private key using Rsa= SetKey().=0D + @param[in] EncryptedData Data to be decrypted.=0D + @param[in] EncryptedDataSize Size of the encrypted buffer.=0D + @param[in] DigestLen [Optional] If provided, size of the hash= used:=0D + SHA1_DIGEST_SIZE=0D + SHA256_DIGEST_SIZE=0D + SHA384_DIGEST_SIZE=0D + SHA512_DIGEST_SIZE=0D + 0 to use default (SHA1)=0D + @param[out] OutData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] OutDataSize Size of the encrypted message buffer.=0D +=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +CryptoServiceRsaOaepDecrypt (=0D + IN VOID *RsaContext,=0D + IN UINT8 *EncryptedData,=0D + IN UINTN EncryptedDataSize,=0D + IN UINT16 DigestLen OPTIONAL,=0D + OUT UINT8 **OutData,=0D + OUT UINTN *OutDataSize=0D + )=0D +{=0D + return CALL_BASECRYPTLIB (Rsa.Services.RsaOaepDecrypt, RsaOaepDecrypt, (= RsaContext, EncryptedData, EncryptedDataSize, DigestLen, OutData, OutDataSi= ze), FALSE);=0D +}=0D +=0D /**=0D Get the signer's certificates from PKCS#7 signed data as described in "P= KCS #7:=0D Cryptographic Message Syntax Standard". The input signed data could be w= rapped=0D @@ -6987,5 +7112,8 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto =3D { CryptoServiceX509VerifyCertChain,=0D CryptoServiceX509GetCertFromCertChain,=0D CryptoServiceAsn1GetTag,=0D - CryptoServiceX509GetExtendedBasicConstraints=0D + CryptoServiceX509GetExtendedBasicConstraints,=0D + CryptoServicePkcs1v2Decrypt,=0D + CryptoServiceRsaOaepEncrypt,=0D + CryptoServiceRsaOaepDecrypt,=0D };=0D diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoP= kg/Include/Pcd/PcdCryptoServiceFamilyEnable.h index 74eaf44cca..7b3741381c 100644 --- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h +++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h @@ -23,6 +23,7 @@ * Sha1 family=0D =0D Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.
=0D + Copyright (c) Microsoft Corporation. All rights reserved.=0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D **/=0D @@ -124,6 +125,7 @@ typedef struct { UINT8 Pkcs7GetCertificatesList : 1;=0D UINT8 AuthenticodeVerify : 1;=0D UINT8 ImageTimestampVerify : 1;=0D + UINT8 Pkcs1v2Decrypt : 1;=0D } Services;=0D UINT32 Family;=0D } Pkcs;=0D @@ -158,6 +160,8 @@ typedef struct { UINT8 Pkcs1Verify : 1;=0D UINT8 GetPrivateKeyFromPem : 1;=0D UINT8 GetPublicKeyFromX509 : 1;=0D + UINT8 RsaOaepEncrypt : 1;=0D + UINT8 RsaOaepDecrypt : 1;=0D } Services;=0D UINT32 Family;=0D } Rsa;=0D diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/Crypt= oPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index 4e31bc278e..c48291b972 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -2825,6 +2825,119 @@ Pkcs1v2Encrypt ( CALL_CRYPTO_SERVICE (Pkcs1v2Encrypt, (PublicKey, PublicKeySize, InData, = InDataSize, PrngSeed, PrngSeedSize, EncryptedData, EncryptedDataSize), FALS= E);=0D }=0D =0D +/**=0D + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + decrypted message in a newly allocated buffer.=0D + Things that can cause a failure include:=0D + - Fail to parse private key.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D + @param[in] PrivateKey A pointer to the DER-encoded private key= .=0D + @param[in] PrivateKeySize Size of the private key buffer.=0D + @param[in] EncryptedData Data to be decrypted.=0D + @param[in] EncryptedDataSize Size of the encrypted buffer.=0D + @param[out] OutData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] OutDataSize Size of the encrypted message buffer.=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +Pkcs1v2Decrypt (=0D + IN CONST UINT8 *PrivateKey,=0D + IN UINTN PrivateKeySize,=0D + IN UINT8 *EncryptedData,=0D + IN UINTN EncryptedDataSize,=0D + OUT UINT8 **OutData,=0D + OUT UINTN *OutDataSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (Pkcs1v2Decrypt, (PrivateKey, PrivateKeySize, Encryp= tedData, EncryptedDataSize, OutData, OutDataSize), FALSE);=0D +}=0D +=0D +/**=0D + Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + encrypted message in a newly allocated buffer.=0D + Things that can cause a failure include:=0D + - X509 key size does not match any known key size.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D + - Data size is too large for the provided key size (max size is a functi= on of key size=0D + and hash digest size).=0D + @param[in] RsaContext A pointer to an RSA context created by R= saNew() and=0D + provisioned with a public key using RsaS= etKey().=0D + @param[in] InData Data to be encrypted.=0D + @param[in] InDataSize Size of the data buffer.=0D + @param[in] PrngSeed [Optional] If provided, a pointer to a r= andom seed buffer=0D + to be used when initializing the PRNG. N= ULL otherwise.=0D + @param[in] PrngSeedSize [Optional] If provided, size of the rand= om seed buffer.=0D + 0 otherwise.=0D + @param[in] DigestLen [Optional] If provided, size of the hash= used:=0D + SHA1_DIGEST_SIZE=0D + SHA256_DIGEST_SIZE=0D + SHA384_DIGEST_SIZE=0D + SHA512_DIGEST_SIZE=0D + 0 to use default (SHA1)=0D + @param[out] EncryptedData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] EncryptedDataSize Size of the encrypted message buffer.=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaOaepEncrypt (=0D + IN VOID *RsaContext,=0D + IN UINT8 *InData,=0D + IN UINTN InDataSize,=0D + IN CONST UINT8 *PrngSeed OPTIONAL,=0D + IN UINTN PrngSeedSize OPTIONAL,=0D + IN UINT16 DigestLen OPTIONAL,=0D + OUT UINT8 **EncryptedData,=0D + OUT UINTN *EncryptedDataSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (RsaOaepEncrypt, (RsaContext, InData, InDataSize, Pr= ngSeed, PrngSeedSize, DigestLen, EncryptedData, EncryptedDataSize), FALSE);= =0D +}=0D +=0D +/**=0D + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + decrypted message in a newly allocated buffer.=0D + Things that can cause a failure include:=0D + - Fail to parse private key.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D + @param[in] RsaContext A pointer to an RSA context created by R= saNew() and=0D + provisioned with a private key using Rsa= SetKey().=0D + @param[in] EncryptedData Data to be decrypted.=0D + @param[in] EncryptedDataSize Size of the encrypted buffer.=0D + @param[in] DigestLen [Optional] If provided, size of the hash= used:=0D + SHA1_DIGEST_SIZE=0D + SHA256_DIGEST_SIZE=0D + SHA384_DIGEST_SIZE=0D + SHA512_DIGEST_SIZE=0D + 0 to use default (SHA1)=0D + @param[out] OutData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] OutDataSize Size of the encrypted message buffer.=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +RsaOaepDecrypt (=0D + IN VOID *RsaContext,=0D + IN UINT8 *EncryptedData,=0D + IN UINTN EncryptedDataSize,=0D + IN UINT16 DigestLen OPTIONAL,=0D + OUT UINT8 **OutData,=0D + OUT UINTN *OutDataSize=0D + )=0D +{=0D + CALL_CRYPTO_SERVICE (RsaOaepDecrypt, (RsaContext, EncryptedData, Encrypt= edDataSize, DigestLen, OutData, OutDataSize), FALSE);=0D +}=0D +=0D /**=0D Get the signer's certificates from PKCS#7 signed data as described in "P= KCS #7:=0D Cryptographic Message Syntax Standard". The input signed data could be w= rapped=0D @@ -2850,6 +2963,7 @@ Pkcs1v2Encrypt ( @retval FALSE Error occurs during the operation.=0D @retval FALSE This interface is not supported.=0D =0D +=0D **/=0D BOOLEAN=0D EFIAPI=0D diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protoc= ol/Crypto.h index 0e0b1d9401..5a471631f1 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -21,7 +21,7 @@ /// the EDK II Crypto Protocol is extended, this version define must be=0D /// increased.=0D ///=0D -#define EDKII_CRYPTO_VERSION 16=0D +#define EDKII_CRYPTO_VERSION 17=0D =0D ///=0D /// EDK II Crypto Protocol forward declaration=0D @@ -688,6 +688,110 @@ BOOLEAN OUT UINTN *EncryptedDataSize=0D );=0D =0D +/**=0D + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + decrypted message in a newly allocated buffer.=0D + Things that can cause a failure include:=0D + - Fail to parse private key.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D + @param[in] PrivateKey A pointer to the DER-encoded private key= .=0D + @param[in] PrivateKeySize Size of the private key buffer.=0D + @param[in] EncryptedData Data to be decrypted.=0D + @param[in] EncryptedDataSize Size of the encrypted buffer.=0D + @param[out] OutData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] OutDataSize Size of the encrypted message buffer.=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_PKCS1V2_DECRYPT)(=0D + IN CONST UINT8 *PrivateKey,=0D + IN UINTN PrivateKeySize,=0D + IN UINT8 *EncryptedData,=0D + IN UINTN EncryptedDataSize,=0D + OUT UINT8 **OutData,=0D + OUT UINTN *OutDataSize=0D + );=0D +=0D +/**=0D + Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + encrypted message in a newly allocated buffer.=0D + Things that can cause a failure include:=0D + - X509 key size does not match any known key size.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D + - Data size is too large for the provided key size (max size is a functi= on of key size=0D + and hash digest size).=0D + @param[in] RsaContext A pointer to an RSA context created by R= saNew() and=0D + provisioned with a public key using RsaS= etKey().=0D + @param[in] InData Data to be encrypted.=0D + @param[in] InDataSize Size of the data buffer.=0D + @param[in] PrngSeed [Optional] If provided, a pointer to a r= andom seed buffer=0D + to be used when initializing the PRNG. N= ULL otherwise.=0D + @param[in] PrngSeedSize [Optional] If provided, size of the rand= om seed buffer.=0D + 0 otherwise.=0D + @param[in] DigestLen [Optional] If provided, size of the hash= used:=0D + SHA1_DIGEST_SIZE=0D + SHA256_DIGEST_SIZE=0D + SHA384_DIGEST_SIZE=0D + SHA512_DIGEST_SIZE=0D + 0 to use default (SHA1)=0D + @param[out] EncryptedData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] EncryptedDataSize Size of the encrypted message buffer.=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_RSA_OAEP_ENCRYPT)(=0D + IN VOID *RsaContext,=0D + IN UINT8 *InData,=0D + IN UINTN InDataSize,=0D + IN CONST UINT8 *PrngSeed OPTIONAL,=0D + IN UINTN PrngSeedSize OPTIONAL,=0D + IN UINT16 DigestLen OPTIONAL,=0D + OUT UINT8 **EncryptedData,=0D + OUT UINTN *EncryptedDataSize=0D + );=0D +=0D +/**=0D + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will retu= rn the=0D + decrypted message in a newly allocated buffer.=0D + Things that can cause a failure include:=0D + - Fail to parse private key.=0D + - Fail to allocate an intermediate buffer.=0D + - Null pointer provided for a non-optional parameter.=0D + @param[in] RsaContext A pointer to an RSA context created by R= saNew() and=0D + provisioned with a private key using Rsa= SetKey().=0D + @param[in] EncryptedData Data to be decrypted.=0D + @param[in] EncryptedDataSize Size of the encrypted buffer.=0D + @param[in] DigestLen [Optional] If provided, size of the hash= used:=0D + SHA1_DIGEST_SIZE=0D + SHA256_DIGEST_SIZE=0D + SHA384_DIGEST_SIZE=0D + SHA512_DIGEST_SIZE=0D + 0 to use default (SHA1)=0D + @param[out] OutData Pointer to an allocated buffer containin= g the encrypted=0D + message.=0D + @param[out] OutDataSize Size of the encrypted message buffer.=0D + @retval TRUE Encryption was successful.=0D + @retval FALSE Encryption failed.=0D +**/=0D +typedef=0D +BOOLEAN=0D +(EFIAPI *EDKII_CRYPTO_RSA_OAEP_DECRYPT)(=0D + IN VOID *RsaContext,=0D + IN UINT8 *EncryptedData,=0D + IN UINTN EncryptedDataSize,=0D + IN UINT16 DigestLen OPTIONAL,=0D + OUT UINT8 **OutData,=0D + OUT UINTN *OutDataSize=0D + );=0D +=0D // ---------------------------------------------=0D // PKCS5=0D =0D @@ -5603,6 +5707,9 @@ struct _EDKII_CRYPTO_PROTOCOL { EDKII_CRYPTO_X509_GET_CERT_FROM_CERT_CHAIN X509GetCertFromCertC= hain;=0D EDKII_CRYPTO_ASN1_GET_TAG Asn1GetTag;=0D EDKII_CRYPTO_X509_GET_EXTENDED_BASIC_CONSTRAINTS X509GetExtendedBasic= Constraints;=0D + EDKII_CRYPTO_PKCS1V2_DECRYPT Pkcs1v2Decrypt;=0D + EDKII_CRYPTO_RSA_OAEP_ENCRYPT RsaOaepEncrypt;=0D + EDKII_CRYPTO_RSA_OAEP_DECRYPT RsaOaepDecrypt;=0D };=0D =0D extern GUID gEdkiiCryptoProtocolGuid;=0D --=20 2.44.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117251): https://edk2.groups.io/g/devel/message/117251 Mute This Topic: https://groups.io/mt/105239224/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-