CryptoPkg/BaseCryptLib: add additional RSAES-OAEP crypto functions
Expand the availability of the RSAES-OAEP crypto capability in BaseCryptLib. Applications using RSA crypto functions directly from OpensslLib can transition to BaseCryptLib to take advantage of the shared crypto feature in CryptoDxe. Pkcs1v2Decrypt(): decryption using DER-encoded private key RsaOaepEncrypt(): encryption using RSA contexts RsaOaepDecrypt(): decryption using RSA contexts Fixes: https://bugzilla.tianocore.org/show_bug.cgi?id=4732 Gihub PR: https://github.com/tianocore/edk2/pull/5473 Signed-off-by: Chris Ruffin <v-chruffin@microsoft.com> Cc: Chris Ruffin <cruffin@millcore.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Yi Li <yi1.li@intel.com> Cc: Wenxing Hou <wenxing.hou@intel.com> Reviewed-by: Yi Li <yi1.li@intel.com>
This commit is contained in:
		
				
					committed by
					
						![mergify[bot]](/avatar/e3df20cd7a67969c41a65f03bea54961?size=40) mergify[bot]
						mergify[bot]
					
				
			
			
				
	
			
			
			
						parent
						
							ee28bea4c0
						
					
				
				
					commit
					89ff5da9f9
				
			| @@ -5,6 +5,7 @@ | ||||
|   functionality enabling. | ||||
|  | ||||
| Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved.<BR> | ||||
| Copyright (c) Microsoft Corporation. All rights reserved. | ||||
| SPDX-License-Identifier: BSD-2-Clause-Patent | ||||
|  | ||||
| **/ | ||||
| @@ -2147,6 +2148,122 @@ Pkcs1v2Encrypt ( | ||||
|   OUT  UINTN        *EncryptedDataSize | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|   Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the | ||||
|   encrypted message in a newly allocated buffer. | ||||
|  | ||||
|   Things that can cause a failure include: | ||||
|   - X509 key size does not match any known key size. | ||||
|   - Fail to allocate an intermediate buffer. | ||||
|   - Null pointer provided for a non-optional parameter. | ||||
|   - Data size is too large for the provided key size (max size is a function of key size | ||||
|     and hash digest size). | ||||
|  | ||||
|   @param[in]  RsaContext          A pointer to an RSA context created by RsaNew() and | ||||
|                                   provisioned with a public key using RsaSetKey(). | ||||
|   @param[in]  InData              Data to be encrypted. | ||||
|   @param[in]  InDataSize          Size of the data buffer. | ||||
|   @param[in]  PrngSeed            [Optional] If provided, a pointer to a random seed buffer | ||||
|                                   to be used when initializing the PRNG. NULL otherwise. | ||||
|   @param[in]  PrngSeedSize        [Optional] If provided, size of the random seed buffer. | ||||
|                                   0 otherwise. | ||||
|   @param[in]  DigestLen           [Optional] If provided, size of the hash used: | ||||
|                                   SHA1_DIGEST_SIZE | ||||
|                                   SHA256_DIGEST_SIZE | ||||
|                                   SHA384_DIGEST_SIZE | ||||
|                                   SHA512_DIGEST_SIZE | ||||
|                                   0 to use default (SHA1) | ||||
|   @param[out] EncryptedData       Pointer to an allocated buffer containing the encrypted | ||||
|                                   message. | ||||
|   @param[out] EncryptedDataSize   Size of the encrypted message buffer. | ||||
|  | ||||
|   @retval     TRUE                Encryption was successful. | ||||
|   @retval     FALSE               Encryption failed. | ||||
|  | ||||
| **/ | ||||
| BOOLEAN | ||||
| EFIAPI | ||||
| RsaOaepEncrypt ( | ||||
|   IN   VOID         *RsaContext, | ||||
|   IN   UINT8        *InData, | ||||
|   IN   UINTN        InDataSize, | ||||
|   IN   CONST UINT8  *PrngSeed   OPTIONAL, | ||||
|   IN   UINTN        PrngSeedSize   OPTIONAL, | ||||
|   IN   UINT16       DigestLen   OPTIONAL, | ||||
|   OUT  UINT8        **EncryptedData, | ||||
|   OUT  UINTN        *EncryptedDataSize | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|   Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the | ||||
|   decrypted message in a newly allocated buffer. | ||||
|  | ||||
|   Things that can cause a failure include: | ||||
|   - Fail to parse private key. | ||||
|   - Fail to allocate an intermediate buffer. | ||||
|   - Null pointer provided for a non-optional parameter. | ||||
|  | ||||
|   @param[in]  PrivateKey          A pointer to the DER-encoded private key. | ||||
|   @param[in]  PrivateKeySize      Size of the private key buffer. | ||||
|   @param[in]  EncryptedData       Data to be decrypted. | ||||
|   @param[in]  EncryptedDataSize   Size of the encrypted buffer. | ||||
|   @param[out] OutData             Pointer to an allocated buffer containing the encrypted | ||||
|                                   message. | ||||
|   @param[out] OutDataSize         Size of the encrypted message buffer. | ||||
|  | ||||
|   @retval     TRUE                Encryption was successful. | ||||
|   @retval     FALSE               Encryption failed. | ||||
|  | ||||
| **/ | ||||
| BOOLEAN | ||||
| EFIAPI | ||||
| Pkcs1v2Decrypt ( | ||||
|   IN   CONST UINT8  *PrivateKey, | ||||
|   IN   UINTN        PrivateKeySize, | ||||
|   IN   UINT8        *EncryptedData, | ||||
|   IN   UINTN        EncryptedDataSize, | ||||
|   OUT  UINT8        **OutData, | ||||
|   OUT  UINTN        *OutDataSize | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|   Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the | ||||
|   decrypted message in a newly allocated buffer. | ||||
|  | ||||
|   Things that can cause a failure include: | ||||
|   - Fail to parse private key. | ||||
|   - Fail to allocate an intermediate buffer. | ||||
|   - Null pointer provided for a non-optional parameter. | ||||
|  | ||||
|   @param[in]  RsaContext          A pointer to an RSA context created by RsaNew() and | ||||
|                                   provisioned with a private key using RsaSetKey(). | ||||
|   @param[in]  EncryptedData       Data to be decrypted. | ||||
|   @param[in]  EncryptedDataSize   Size of the encrypted buffer. | ||||
|   @param[in]  DigestLen           [Optional] If provided, size of the hash used: | ||||
|                                   SHA1_DIGEST_SIZE | ||||
|                                   SHA256_DIGEST_SIZE | ||||
|                                   SHA384_DIGEST_SIZE | ||||
|                                   SHA512_DIGEST_SIZE | ||||
|                                   0 to use default (SHA1) | ||||
|   @param[out] OutData             Pointer to an allocated buffer containing the encrypted | ||||
|                                   message. | ||||
|   @param[out] OutDataSize         Size of the encrypted message buffer. | ||||
|  | ||||
|   @retval     TRUE                Encryption was successful. | ||||
|   @retval     FALSE               Encryption failed. | ||||
|  | ||||
| **/ | ||||
| BOOLEAN | ||||
| EFIAPI | ||||
| RsaOaepDecrypt ( | ||||
|   IN   VOID    *RsaContext, | ||||
|   IN   UINT8   *EncryptedData, | ||||
|   IN   UINTN   EncryptedDataSize, | ||||
|   IN   UINT16  DigestLen   OPTIONAL, | ||||
|   OUT  UINT8   **OutData, | ||||
|   OUT  UINTN   *OutDataSize | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|   The 3rd parameter of Pkcs7GetSigners will return all embedded | ||||
|   X.509 certificate in one given PKCS7 signature. The format is: | ||||
|   | ||||
		Reference in New Issue
	
	Block a user